This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 9682fa9fe769ea84a032400b2855e7ef4a975696 (commit) via a577bfec6484dda2769d164b3796bb61fdf35645 (commit) via 2bd2b80189ad401e86f3d50603a3a1420cc124e2 (commit) via 3b54d0377b75b0afda27904b66040ec38a7b3416 (commit) via bc0fdeae6f926f9924018d32fa67cd4795a2acaf (commit) via f7d6648e762554df73742a51bfcbb04ad6689f61 (commit) via fd834f60b6f9436d7f198fd030c7da8b21e96309 (commit) via 68545eb2d1032e6b12b703b64fb7afe8329bdb5f (commit) via 9e4af5616a405ba752eea9f6fbf2cf6618ef1c6b (commit) via f5114d29f2bd1ed3ec154407de709d119cedd3bc (commit) via ea4ac5f61947ba7aa01c3d78052536aa6779594d (commit) via 57a9ed67b4cfa4ef03aeb7b5dcfd6f5291fc7a25 (commit) via 578b22e4d7014736a2a351262ae9f619e5382e96 (commit) via c55ce64de5dfbb6944ad93556c1f0f581ca9c140 (commit) via 409a4b7a623fd71b38ed807b7b82b0bd92daa805 (commit) via 9c07eb06026432166db268b47eada6ed897bbe59 (commit) via e627de73d14e7c562ec547d5859a2e66883f70c0 (commit) via 9d8d74e8e7bf0dfc84754f71d8971598a8d6ddc5 (commit) via c110071fa994fa9902871c70a4037ce104640afd (commit) via 5b75ddfff2531addadecdfe40e31438ecf2c2945 (commit) via befebc44b4ec1726900bad202a88e4e6a715ebfc (commit) via 0953f7f0ea39ef5f1e1531dca3e6aea3c41df142 (commit) via 90227a65b4acfcb8877ad6ff519a85c3b768ff84 (commit) from bbfa373e84793f95eb4a0a79daa65de120daf95e (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 9682fa9fe769ea84a032400b2855e7ef4a975696 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Sep 22 14:44:40 2024 +0000
core190: Ship Apache configuration and updated initscript
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a577bfec6484dda2769d164b3796bb61fdf35645 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 20 14:20:22 2024 +0000
backup: No longer save RSA keys
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2bd2b80189ad401e86f3d50603a3a1420cc124e2 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 20 14:20:21 2024 +0000
Drop RSA key and certificate from HTTPS configuration
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3b54d0377b75b0afda27904b66040ec38a7b3416 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 20 14:20:19 2024 +0000
apache: Drop RSA key and certificate generation
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit bc0fdeae6f926f9924018d32fa67cd4795a2acaf Author: Peter Müller peter.mueller@ipfire.org Date: Fri Sep 20 14:20:18 2024 +0000
sshd: Do not generate new RSA host key on first boot
This patch will also ensure the maximum supported key length is used for ECDSA. Existing installations will remain unaffected.
Note that the key size for ED25519 is fixed, and explicitly setting it to 521 bytes will not have any impact.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f7d6648e762554df73742a51bfcbb04ad6689f61 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Sep 21 13:06:46 2024 +0200
samba: Update to version 4.21.0
- Update from 4.20.4 to 4.21.0 - Update of rootfile for x86_64, aarch64 & riscv64 - Changelog 4.21.0 Hardening of "valid users", "invalid users", "read list" and "write list" In previous versions of Samba, if a user or group name in either of the mentioned options could not be resolved to a valid SID, the user (or group) would be skipped without any notification. This could result in unexpected and insecure behaviour. Starting with this version of Samba, if any user or group name in any of the options cannot be resolved due to a communication error with a domain controller, Samba will log an error and the tree connect will fail. Non existing users (or groups) are ignored. LDAP TLS/SASL channel binding support The ldap server supports SASL binds with kerberos or NTLMSSP over TLS connections now (either ldaps or starttls). Setups where 'ldap server require strong auth = allow_sasl_over_tls' was required before, can now most likely move to the default of 'ldap server require strong auth = yes'. If SASL binds without correct tls channel bindings are required 'ldap server require strong auth = allow_sasl_without_tls_channel_bindings' should be used now, as 'allow_sasl_over_tls' will generate a warning in every start of 'samba', as well as '[samba-tool ]testparm'. This is similar to LdapEnforceChannelBinding under HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters on Windows. All client tools using ldaps also include the correct channel bindings now. NEW FEATURES/CHANGES LDB no longer a standalone tarball LDB, Samba's LDAP-like local database and the power behind the Samba AD DC, is no longer available to build as a distinct tarball, but is instead provided as an optional public library. If you need ldb as a public library, say to build sssd, then use ./configure --private-libraries='!ldb' This re-integration allows LDB tests to use the Samba's full selftest system, including our knownfail infrastructure, and decreases the work required during security releases as a coordinated release of the ldb tarball is not also required. This approach has been demonstrated already in Debian, which is already building Samba and LDB is this way. As part of this work, the pyldb-util public library, not known to be used by any other software, is made private to Samba. LDB Module API Python bindings removed The LDB Modules API, which we do not promise a stable ABI or API for, was wrapped in python in early LDB development. However that wrapping never took into account later changes, and so has not worked for a number of years. Samba 4.21 and LDB 2.10 removes this unused and broken feature. Changes in LDB handling of Unicode Developers using LDB up to version 2.9 could call ldb_set_utf8_fns() to determine how LDB handled casefolding. This is used internally by string comparison functions. In LDB 2.10 this function is deprecated, and ldb_set_utf8_functions() is preferred. The new function allows a direct comparison function to be set as well as a casefold function. This improves performance and allows for more robust handling of degenerate cases. The function should be called just after ldb_init(), with the following arguments: ldb_set_utf8_functions(ldb, /* the struct ldb_ctx LDB object */ context_variable /* possibly NULL */ casefold_function, case_insensitive_comparison_function); The default behaviour of LDB remains to perform ASCII casefolding only, as if in the "C" locale. Recent versions have become increasingly consistent in this. Some Samba public libraries made private by default The following Samba C libraries are currently made public due to their use by OpenChange or for historical reasons that are no longer clear. dcerpc-samr, samba-policy, tevent-util, dcerpc, samba-hostconfig, samba-credentials, dcerpc_server, samdb The libraries used by the OpenChange client now private, but can be made public (like ldb above) with: ./configure --private-libraries='!dcerpc,!samba-hostconfig,!samba-credentials,!ldb' The C libraries without any known user or used only for the OpenChange server (a dead project) may be made private entirely in a future Samba version. If you use a Samba library in this list, please be in touch with the samba-technical mailing list. Using ldaps from 'winbindd' and 'net ads' Beginning with Samba 3.0.22 the 'ldap ssl = start tls' option also impacted LDAP connections to active directory domain controllers. Using the STARTTLS operation on LDAP port 389 connections. Starting with Samba 3.5.0 'ldap ssl ads = yes' was required in addition in order let to 'ldap ssl = start tls' have any effect on those connections. 'ldap ssl ads' was deprecated with Samba 4.8.0 and removed together with the whole functionality in Samba 4.14.0, because it didn't support tls channel bindings required for the sasl authentication. The functionality is now re-added using the correct channel bindings based on the gnutls based tls implementation we already have, instead of using the tls layer provided by openldap. This makes it available and consistent with all LDAP client libraries we use and implement on our own. The 'client ldap sasl wrapping' option gained the two new possible values: 'starttls' (using STARTTLS on tcp port 389) and 'ldaps' (using TLS directly on tcp port 636). If you had 'ldap ssl = start tls' and 'ldap ssl ads = yes' before, you can now use 'client ldap sasl wrapping = starttls' in order to get STARTTLS on tcp port 389. As we no longer use the openldap tls layer it is required to configure the correct certificate trusts with at least one of the following options: 'tls trust system cas', 'tls ca directories' or 'tls cafile'. While 'tls verify peer' and 'tls crlfile' are also relevant, see 'man smb.conf' for further details. New DNS hostname config option To get `net ads dns register` working correctly running manually or during a domain join a special entry in /etc/hosts was required. This not really documented and thus the DNS registration mostly didn't work. With the new option the default is [netbios name].[realm] which should be correct in the majority of use cases. We will also use the value to create service principal names during a Kerberos authentication and DNS functions. This is not supported in samba-tool yet. Samba AD will rotate expired passwords on smartcard-required accounts Traditionally in AD, accounts set to be "smart card require for logon" will have a password for NTLM fallback and local profile encryption (Windows DPAPI). This password previously would not expire. Matching Windows behaviour, when the DC in a FL 2016 domain and the msDS-ExpirePasswordsOnSmartCardOnlyAccounts attribute on the domain root is set to TRUE, Samba will now expire these passwords and rotate them shortly before they expire. Note that the password expiry time must be set to twice the TGT lifetime for smooth operation, e.g. daily expiry given a default 10 hour TGT lifetime, as the password is only rotated in the second half of its life. Again, this matches the Windows behaviour. Provided the default 2016 schema is used, new Samba domains provisioned with Samba 4.21 will have this enabled once the domain functional level is set to 2016. NOTE: Domains upgraded from older Samba versions will not have this set, even after the functional level preparation, matching the behaviour of upgraded Windows AD domains. Per-user and group "veto files" and "hide files" "veto files" and "hide files" can optionally be restricted to certain users and groups. To apply a veto or hide directive to a filename for a specific user or group, a parametric option like this can be used: hide files : USERNAME = /somefile.txt/ veto files : GROUPNAME = /otherfile.txt/ For details consult the updated smb.conf manpage. Automatic keytab update after machine password change When machine account password is updated, either by winbind doing regular updates or manually (e.g. net ads changetrustpw), now winbind will also support update of keytab entries in case you use newly added option 'sync machine password to keytab'. The new parameter allows you to describe what keytabs and how should be updated. From smb.conf(5) manpage - each keytab can have exactly one of these four forms: account_name sync_spns spn_prefixes=value1[,value2[...]] spns=value1[,value2[...]] The functionaity provided by the removed commands "net ads keytab add/delete/add_update_ads" can be achieved via the 'sync machine password to keytab' as in these examples: "net ads keytab add wurst/brot@REALM" - this command is not adding <principal> to AD, so the best fit can be specifier "spns" - add to smb.conf: sync machine password to keytab = /path/to/keytab1:spns=wurst/brot@REALM:machine_password - run: "net ads keytab create" "net ads keytab delete wurst/brot@REALM" - remove the principal (or the whole keytab line if there was just one) - run: "net ads keytab create" "net ads keytab add_update_ads wurst/brot@REALM" - this command was adding the principal to AD, so for this case use a keytab with specifier sync_spns - add to smb.conf: sync machine password to keytab = /path/to/keytab2:sync_spns:machine_password - run: "net ads setspn add wurst/brot@REALM" # this adds the principal to AD "net ads keytab create" # this sync it from AD to local keytab A new parameter 'sync machine password script' allows to specify external script that will be triggered after the automatic keytab update. If keytabs should be generated in clustered environments it is recommended to update them on all nodes. Check in smb.conf(5) the scripts winbind_ctdb_updatekeytab.sh and 46.update-keytabs.script in section 'sync machine password script' for details. For detailed information check the smb.conf(5) and net(8) manpages. New cephfs VFS module Introduce new vfs-to-cephfs bridge which uses libcephfs low-level APIs (instead of path-based operations in the existing module). It allows users to pass explicit user-credentials per call (including supplementary groups), as well as faster operations using inode and file-handle caching on the Samba side. Configuration is identical to existing module, but using 'ceph_new' instead of 'ceph' for the relevant smb.conf entries. This new module is expected to deprecate and replace the old one in next major release. Group Managed Service Accounts Samba 4.21 adds support for gMSAs (Group Managed Service Accounts), completing support for Functional Level 2012. The purpose of a gMSA is to allow a single host, or a cluster of hosts, to share access to an automatically rotating password, avoiding the weak static service passwords that are often the entrypoint of attackers to AD domains. Each server has a strong and regularly rotated password, which is used to access the gMSA account of (e.g.) the database server. Samba provides management and client tools, allowing services on Unix hosts to access the current and next gMSA passwords, as well as obtain a credentials cache. Samba 4.20 announced the client-side tools for this feature. To avoid duplication and provide consistency, the existing commands for password viewing have been extended, so these commands operate both on a gMSA (with credentials, over LDAP, specify -H) and locally for accounts that have a compatible password (e.g. plaintext via GPG, compatible hash) samba-tool user getpassword samba-tool user get-kerberos-ticket samba-tool domain exportkeytab An example command, which gets the NT hash for use with NTLM, is samba-tool user getpassword -H ldap://server --machine-pass \ TestUser1 --attributes=unicodePwd Kerberos is a better choice (gMSA accounts should not use LDAP simple binds, for reasons of both security and compatibility). Use samba-tool user get-kerberos-ticket -H ldap://server --machine-pass \ TestUser1 --output-krb5-ccache=/srv/service/krb5_ccache gMSAs disclose a current and previous password. To access the previous NT hash, use: samba-tool user getpassword -H ldap://server --machine-pass TestUser1 \ --attrs=unicodePwd;previous=1 To access the previous password as UTF8, use: samba-tool user getpassword -H ldap://server --machine-pass TestUser1 \ --attributes=pwdLastSet,virtualClearTextUTF8;previous=1 However, Windows tools for dealing with gMSAs tend to use Active Directory Web Services (ADWS) from Powershell for setting up the accounts, and this separate protocol is not supported by Samba 4.21. Samba-tool commands for handling gMSA (KDS) root keys Group managed service accounts rotate passwords based on root keys, which can be managed using samba-tool, with commands such as samba-tool domain kds root_key create samba-tool domain kds root_key list Samba will create a new root key for new domains at provision time, but users of gMSA accounts on upgraded domains will need to first create a root key. RFC 8070 PKINIT "Freshness extension" supported in the Heimdal KDC The Heimdal KDC will recognise when a client provides proof that they hold the hardware token used for smart-card authentication 'now' and has not used a saved future-dated reply. Samba 4.21 now matches Windows and will assign an extra SID to the user in this case, allowing sensitive resources to be additionally protected. Only Windows clients are known to support the client side of this feature at this time. New samba-tool Authentication Policy management command structure As foreshadowed in the Samba 4.20 release notes, the "samba-tool domain auth policy" commands have been reworked to be more intuitive based on user feedback and reflection. Support for key features of AD Domain/Forest Functional Level 2012R2 Combined with other changes in recent versions (such as claims support in 4.20), Samba can now claim Functional Level 2012R2 support. Build system In previous versions of Samba, packagers of Samba would set their package-specific version strings using a patch to the SAMBA_VERSION_VENDOR_SUFFIX line in the ./VERSION file. Now that is achieved by using --vendor-suffix (at configure time), allowing this to be more easily scripted. Vendors are encouraged to include their name and full package version to assist with upstream debugging. More deterministic builds Samba builds are now more reproducible, providing better assurance that the Samba binaries you run are the same as what is expected from the source code. If locale settings are not changed, the same objects will be produced from each compilation run. If Samba is built in a different path, the object code will remain the same, but DWARF debugging sections will change (while remaining functionally equivalent). Improved command-line redaction There are several options that can be used with Samba tools for specifying secrets. Although this is best avoided, when these options are used, Samba will redact the secrets in /proc, so that they won't be seen in ps or top. This is now carried out more thoroughly, redacting more options. There is a race inherent in this, and the passwords will be visible for a short time. The secrets are also not removed from .bash_history and similar files. REMOVED FEATURES Following commands are removed: net ads keytab add <principal> net ads keytab delete <principal> net ads keytab add_update_ads Changes smb.conf changes Parameter Name Description Default -------------- ----------- ------- client ldap sasl wrapping new values client use spnego principal removed ldap server require strong auth new values tls trust system cas new tls ca directories new dns hostname client dns name [netbios name].[realm] valid users Hardening invalid users Hardening read list Hardening write list Hardening veto files Added per-user and per-group vetos hide files Added per-user and per-group hides sync machine password to keytab keytabs sync machine password script script CHANGES SINCE 4.21.0rc4 * BUG 15699: Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated. * BUG 15702: Bad variable definition for ParseTuple causing test failure for Smb3UnixTests.test_create_context_reparse. * BUG 15686: Add new vfs_ceph module (based on low level API). CHANGES SINCE 4.21.0rc3 * BUG 15698: samba-tool can not load the default configuration file. * BUG 15700: Crash when readlinkat fails. CHANGES SINCE 4.21.0rc2 * BUG 15689: Can't add/delete special keys to keytab for nfs, cifs, http etc. * BUG 15696: Compound SMB2 requests don't return NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses MacOSX clients. * BUG 15689: Can't add/delete special keys to keytab for nfs, cifs, http etc. CHANGES SINCE 4.21.0rc1 * BUG 15673: --version-* options are still not ergonomic, and they reject tilde characters. * BUG 15686: Add new vfs_ceph module (based on low level API) * BUG 15673: --version-* options are still not ergonomic, and they reject tilde characters. * BUG 15690: ldb_version.h is missing from ldb public library * BUG 15689: Can not add/delete special keys to keytab for nfs, cifs, http etc * BUG 15686: Add new vfs_ceph module (based on low level API) * BUG 15673: --version-* options are still not ergonomic, and they reject tilde characters. * BUG 15687: undefined reference to winbind_lookup_name_ex * BUG 15688: per user veto and hide file syntax is to complex * BUG 15689: Can not add/delete special keys to keytab for nfs, cifs, http etc * BUG 15688: per user veto and hide file syntax is to complex
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit fd834f60b6f9436d7f198fd030c7da8b21e96309 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Sep 22 14:40:39 2024 +0000
core190: Ship OpenSSH
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 68545eb2d1032e6b12b703b64fb7afe8329bdb5f Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 21 15:30:00 2024 +0000
OpenSSH: Order symmetric ciphers by strength
We also wish to prefer AES over Chacha/Poly, given the prevalence of hardware accelaration for the former.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9e4af5616a405ba752eea9f6fbf2cf6618ef1c6b Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 21 15:29:59 2024 +0000
OpenSSH: Add alias name for sntrup761x25519-sha512 key exchange
This makes sure OpenSSH connections make use of this post-quantum key exchange whenever possible, even if one peer still running OpenSSH 9.8 or older.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f5114d29f2bd1ed3ec154407de709d119cedd3bc Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 21 15:29:58 2024 +0000
OpenSSH: Add ML-KEM x X25519 hybrid key exchange
This was newly introduced in OpenSSH 9.9, hence our custom configurations for both SSH server and client need to be updated.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ea4ac5f61947ba7aa01c3d78052536aa6779594d Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 21 15:29:57 2024 +0000
OpenSSH :Update to 9.9p1
Please refer to https://www.openssh.com/releasenotes.html#9.9p1 for the release announcement of this version.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 57a9ed67b4cfa4ef03aeb7b5dcfd6f5291fc7a25 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Sep 22 14:38:42 2024 +0000
core190: Ship apr
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 578b22e4d7014736a2a351262ae9f619e5382e96 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Sep 21 12:29:30 2024 +0000
apr: Update to 1.7.5
Full changelog of this release:
*) SECURITY: CVE-2023-49582: Apache Portable Runtime (APR): Unexpected lax shared memory permissions (cve.mitre.org) Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue. Credits: Thomas Stangner
*) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()" and "classic mmap" shared memory implementations. [Joe Orton, Ruediger Pluem]
*) Fix missing ';' for XML/HTML hex entities from apr_escape_entity(). [Yann Ylavic]
*) Fix crash in apr_pool_create() with --enable-pool-debug=all|owner. [Yann Ylavic]
*) Improve platform detection by updating config.guess and config.sub. [Rainer Jung]
*) CMake: Add support for CMAKE_WARNING_AS_ERROR. [Ivan Zhakov]
*) CMake: Enable support for MSVC runtime library selection by abstraction. [Ivan Zhakov]
*) CMake: Export installed targets (libapr-1, apr-1, libaprapp-1, aprapp-1) to apr:: namespace. [Ivan Zhakov]
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c55ce64de5dfbb6944ad93556c1f0f581ca9c140 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Sep 22 14:33:03 2024 +0000
ovpnmain.cgi: Fix IP address calculation with static pools
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 409a4b7a623fd71b38ed807b7b82b0bd92daa805 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Sep 22 14:25:12 2024 +0000
core190: Ship vpnmain.cgi
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9c07eb06026432166db268b47eada6ed897bbe59 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Jul 5 19:18:56 2024 +0200
vpnmain.cgi: Add coding to differentiate old and base64 encoded PSK's
- An additional key was defined for a PSK being base64 encoded. All existing PSK's that are not base64 encoded will have that key empty. This enables base64 encoded PSK's and non base64 encoded PSK'sd to be differentiated. - If the PSK connection is disabled and then enabled with a non base64 encoded PSK the PSK will be left as it is. If the edit page is selected and Save pressed, even if nothing has been modified, then the PSK will be converted to a base64 encoded PSK. - The old style and new style PSK was tested out on my vm system and worked without any issue. - Using an old non base64 encoded PSK the IPSec connection worked without any problems. If the PSK was tehn converted to basse64 encoding by saving from the Edit page without changing anything, then the client IPSec connection was successfully made without any indication of a change. The conversion from non base64 to base64 encoded PSK occurred seamlessly without any hiccup.
Fixes: Bug13029 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e627de73d14e7c562ec547d5859a2e66883f70c0 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Jul 5 19:18:55 2024 +0200
en.pl: Update to explicitly mention single quotation mark being invalid
- As all characters, except for the single quotation mark, are now allowed in the PSK with the base64 encoding implemented then the error message in the English Lang file has been changed to explicitly mention the single quotation mark rather than characters as a generic message.
Fixes: Bug13029 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9d8d74e8e7bf0dfc84754f71d8971598a8d6ddc5 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Jul 5 19:18:54 2024 +0200
vpnmain.cgi: Fix for bug13029 - add base64 encoding to IPSec cgi page
- This adds the base64 encoded PSK into the config file and when the ipsec.secrets file is created the PSK is base64 decoded to write it to the file. The ipsec.secrets file surrounds the PSK with single quotation marks so that character is not allowed to be used in the PSK but anything else can be. - Tested out on my vm system and shown to be working. New PSK with various characters characters including commas was base64 encoded before putting into the config file and therefore was accepted by the code. If a single quotation mark was used in the PSK then the error message about invalid characters was shown.
Fixes: Bug13029 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c110071fa994fa9902871c70a4037ce104640afd Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Sep 22 14:20:28 2024 +0000
core190: Ship collectd changed
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5b75ddfff2531addadecdfe40e31438ecf2c2945 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 7 14:16:45 2024 +0200
collectd: Fixes bug-13074, create collectd.d directory
- As requested in bug 13074, create a collectd.d directory to enable any addon definitions to be created. - Added include statement in conf file to load everything that is stored in the collectd.d directory. - collectd.precache and collectd.thermal have been left in their original locations - Removed the arm section in the initscript as only aarch64 is now used. - Modified the lfs to create the collectd.d directory - Removal of collectd.custom file as this was the previous way to define custom collectd profiles but would have been overwritten by any update of collectd. - Update of rootfile to take account of new path and removal of collectd.custom - Tested out in vm testbed with Core Update 188 and all existing graphs were still created and updated. From my evaluation the changes have not affected anything. - The creation of the collectd.d directory now allows users to add their own desired profiles but also if it is decided that an addon should be included in the processes graph, or if a new graph for addons is created then profiles for that addon can be placed in the collectd.d directory and will be automatically included by collectd.
Fixes: Bug13074 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit befebc44b4ec1726900bad202a88e4e6a715ebfc Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Sep 22 14:17:35 2024 +0000
core190: Ship logwatch and log.dat
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0953f7f0ea39ef5f1e1531dca3e6aea3c41df142 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 28 12:04:46 2024 +0200
logwatch: Fixes bug13762 - ssh logins not shown on Log Summary page
- Due to the update of openssh to version 9.8 in CU187, logwatch no longer found the sshd login data from the messages log as the daemon was changed to sshd-session. - Therefore the daily logwatch files were missing the sshd information in them. - A patch to add support for openssh-9.8 sshd-session and port info has been merged into the logwatch git system and will be included into the next released version of logwatch - Update logwatch from version 7.8 to 7.11 and add patch for openssh-9.8 support. - Update the previous three logwatch patches for version 7.11 - Tested on my vm testbed. Confirmed that logwatch now includes back the sshd information into the Log Summary page. - When logwatch is updated to version 7.12 then the openssh-9.8 support patch will be able to be removed.
Fixes: bug13762 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 90227a65b4acfcb8877ad6ff519a85c3b768ff84 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Aug 28 12:04:45 2024 +0200
log.dat: Fix bug13762 - ssh logins not shown in system logs
- With the update of openssh to version 9.8 in CU187 the daemon was changed from sshd to sshd-session. Therefore the log.dat no longer finds any info related to the logins. - This updates the section regex to look for both sshd and sshd-session. - Tested out on my vm system and confirmed to work. - This fix will make available all previous log info for sshd-session in the messages log as it continued to be stored, just could not be read by the WUI system log.
Fixes: bug13762 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Tested-by: Bernhard Bitsch bbitsch@ipfire.org Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/backup/include | 3 - config/collectd/collectd.conf | 2 +- config/collectd/collectd.custom | 1 - config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 - config/rootfiles/common/apr | 2 +- config/rootfiles/common/collectd | 2 +- config/rootfiles/common/logwatch | 3 + .../{oldcore/114 => core/190}/filelists/apr | 0 config/rootfiles/core/190/filelists/files | 9 ++ .../{oldcore/111 => core/190}/filelists/logwatch | 0 .../{oldcore/100 => core/190}/filelists/openssh | 0 config/rootfiles/core/190/update.sh | 8 ++ config/rootfiles/packages/aarch64/samba | 131 ++++++++++---------- config/rootfiles/packages/riscv64/samba | 127 ++++++++++---------- config/rootfiles/packages/x86_64/samba | 133 +++++++++++---------- config/ssh/ssh_config | 4 +- config/ssh/sshd_config | 4 +- doc/language_issues.en | 2 +- html/cgi-bin/logs.cgi/log.dat | 2 +- html/cgi-bin/ovpnmain.cgi | 2 +- html/cgi-bin/vpnmain.cgi | 18 ++- langs/en/cgi-bin/en.pl | 2 +- lfs/apr | 6 +- lfs/collectd | 3 +- lfs/logwatch | 13 +- lfs/openssh | 4 +- lfs/samba | 6 +- src/initscripts/system/apache | 26 +--- src/initscripts/system/collectd | 5 +- src/initscripts/system/sshd | 6 +- ...-OpenSSH-9.8-sshd-session-and-port-number.patch | 39 ++++++ ...anip6.patch => logwatch-7.11-date_manip6.patch} | 8 +- .../logwatch/logwatch-7.11-disable_iptables.patch | 14 +++ ...patch => logwatch-7.11-enable-mdadm-sudo.patch} | 14 +-- .../logwatch/logwatch-7.6-disable_iptables.patch | 14 --- 35 files changed, 336 insertions(+), 279 deletions(-) delete mode 100644 config/collectd/collectd.custom copy config/rootfiles/{oldcore/114 => core/190}/filelists/apr (100%) copy config/rootfiles/{oldcore/111 => core/190}/filelists/logwatch (100%) copy config/rootfiles/{oldcore/100 => core/190}/filelists/openssh (100%) mode change 100644 => 100755 html/cgi-bin/vpnmain.cgi create mode 100644 src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch rename src/patches/logwatch/{logwatch-7.3.6-date_manip6.patch => logwatch-7.11-date_manip6.patch} (61%) create mode 100644 src/patches/logwatch/logwatch-7.11-disable_iptables.patch rename src/patches/logwatch/{logwatch-7.6-enable-mdadm-sudo.patch => logwatch-7.11-enable-mdadm-sudo.patch} (71%) delete mode 100644 src/patches/logwatch/logwatch-7.6-disable_iptables.patch
Difference in files: diff --git a/config/backup/include b/config/backup/include index aacfaf64a0..f0708c87fd 100644 --- a/config/backup/include +++ b/config/backup/include @@ -1,12 +1,9 @@ etc/conntrackd/conntrackd.conf etc/group etc/hosts* -etc/httpd/server.crt -etc/httpd/server.csr etc/httpd/server-ecdsa.crt etc/httpd/server-ecdsa.csr etc/httpd/server-ecdsa.key -etc/httpd/server.key etc/ipsec.user.* etc/ipsec.user-post.conf etc/logrotate.d diff --git a/config/collectd/collectd.conf b/config/collectd/collectd.conf index 27e1fe984a..e51d9108bf 100644 --- a/config/collectd/collectd.conf +++ b/config/collectd/collectd.conf @@ -74,5 +74,5 @@ include "/etc/collectd.precache" </Plugin>
#include "/etc/collectd.thermal" -include "/etc/collectd.custom" include "/etc/collectd.vpn" +include "/etc/collectd.d/*" diff --git a/config/collectd/collectd.custom b/config/collectd/collectd.custom deleted file mode 100644 index 7443bf3e6a..0000000000 --- a/config/collectd/collectd.custom +++ /dev/null @@ -1 +0,0 @@ -# Use this file to add custom configs and rules for collectd diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf index 639f1d4796..278283d083 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -15,8 +15,6 @@ SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off - SSLCertificateFile /etc/httpd/server.crt - SSLCertificateKeyFile /etc/httpd/server.key SSLCertificateFile /etc/httpd/server-ecdsa.crt SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
diff --git a/config/rootfiles/common/apr b/config/rootfiles/common/apr index c49b93a584..3de0b28e52 100644 --- a/config/rootfiles/common/apr +++ b/config/rootfiles/common/apr @@ -45,7 +45,7 @@ usr/bin/apr-1-config #usr/lib/libapr-1.la #usr/lib/libapr-1.so usr/lib/libapr-1.so.0 -usr/lib/libapr-1.so.0.7.4 +usr/lib/libapr-1.so.0.7.5 #usr/lib/pkgconfig/apr-1.pc #usr/share/apr-1 #usr/share/apr-1/build diff --git a/config/rootfiles/common/collectd b/config/rootfiles/common/collectd index 65408dc7fd..c8a3ad607a 100644 --- a/config/rootfiles/common/collectd +++ b/config/rootfiles/common/collectd @@ -1,8 +1,8 @@ etc/collectd.conf -etc/collectd.custom etc/collectd.precache etc/collectd.thermal etc/collectd.vpn +etc/collectd.d etc/rc.d/rc0.d/K50collectd etc/rc.d/rc3.d/S29collectd etc/rc.d/rc6.d/K50collectd diff --git a/config/rootfiles/common/logwatch b/config/rootfiles/common/logwatch index 2732215d5f..026757b52b 100644 --- a/config/rootfiles/common/logwatch +++ b/config/rootfiles/common/logwatch @@ -59,6 +59,7 @@ usr/share/logwatch/default.conf/logfiles/resolver.conf #usr/share/logwatch/default.conf/logfiles/rt314.conf usr/share/logwatch/default.conf/logfiles/samba.conf #usr/share/logwatch/default.conf/logfiles/secure.conf +#usr/share/logwatch/default.conf/logfiles/snort.conf #usr/share/logwatch/default.conf/logfiles/sonicwall.conf #usr/share/logwatch/default.conf/logfiles/spamassassin.conf usr/share/logwatch/default.conf/logfiles/syslog.conf @@ -167,6 +168,7 @@ usr/share/logwatch/default.conf/services/scsi.conf #usr/share/logwatch/default.conf/services/shaperd.conf #usr/share/logwatch/default.conf/services/slon.conf #usr/share/logwatch/default.conf/services/smartd.conf +#usr/share/logwatch/default.conf/services/snort.conf #usr/share/logwatch/default.conf/services/sonicwall.conf #usr/share/logwatch/default.conf/services/spamassassin.conf usr/share/logwatch/default.conf/services/sshd.conf @@ -317,6 +319,7 @@ usr/share/logwatch/scripts/services/scsi #usr/share/logwatch/scripts/services/shaperd #usr/share/logwatch/scripts/services/slon #usr/share/logwatch/scripts/services/smartd +#usr/share/logwatch/scripts/services/snort #usr/share/logwatch/scripts/services/sonicwall #usr/share/logwatch/scripts/services/spamassassin usr/share/logwatch/scripts/services/sshd diff --git a/config/rootfiles/core/190/filelists/apr b/config/rootfiles/core/190/filelists/apr new file mode 120000 index 0000000000..87dd1974f2 --- /dev/null +++ b/config/rootfiles/core/190/filelists/apr @@ -0,0 +1 @@ +../../../common/apr \ No newline at end of file diff --git a/config/rootfiles/core/190/filelists/files b/config/rootfiles/core/190/filelists/files index 1ef1b85d80..c2f0a122c3 100644 --- a/config/rootfiles/core/190/filelists/files +++ b/config/rootfiles/core/190/filelists/files @@ -1,2 +1,11 @@ +etc/collectd.conf +etc/collectd.d +etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf +etc/rc.d/init.d/apache +etc/rc.d/init.d/collectd srv/web/ipfire/cgi-bin/index.cgi +srv/web/ipfire/cgi-bin/logs.cgi/log.dat +srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi +var/ipfire/backup/include var/ipfire/network-functions.pl diff --git a/config/rootfiles/core/190/filelists/logwatch b/config/rootfiles/core/190/filelists/logwatch new file mode 120000 index 0000000000..f14eabda99 --- /dev/null +++ b/config/rootfiles/core/190/filelists/logwatch @@ -0,0 +1 @@ +../../../common/logwatch \ No newline at end of file diff --git a/config/rootfiles/core/190/filelists/openssh b/config/rootfiles/core/190/filelists/openssh new file mode 120000 index 0000000000..d8c77fd8e7 --- /dev/null +++ b/config/rootfiles/core/190/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/190/update.sh b/config/rootfiles/core/190/update.sh index 5abd6d6b7e..23ed84e2db 100644 --- a/config/rootfiles/core/190/update.sh +++ b/config/rootfiles/core/190/update.sh @@ -50,7 +50,15 @@ ldconfig # Apply local configuration to sshd_config /usr/local/bin/sshctrl
+# collectd +if [ -e "/etc/collectd.custom" ]; then + mv -v /etc/collectd.custom /etc/collectd.d/ +fi + # Start services +/etc/rc.d/init.d/apache restart +/etc/init.d/collectd restart +/etc/init.d/sshd restart
# This update needs a reboot... touch /var/run/need_reboot diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba index 82ad93a904..cb7407504d 100644 --- a/config/rootfiles/packages/aarch64/samba +++ b/config/rootfiles/packages/aarch64/samba @@ -57,8 +57,6 @@ usr/bin/wspsearch #usr/include/samba-4.0/core/ntstatus_gen.h #usr/include/samba-4.0/core/werror.h #usr/include/samba-4.0/core/werror_gen.h -#usr/include/samba-4.0/credentials.h -#usr/include/samba-4.0/dcerpc.h #usr/include/samba-4.0/dcesrv_core.h #usr/include/samba-4.0/domain_credentials.h #usr/include/samba-4.0/gen_ndr @@ -80,7 +78,6 @@ usr/bin/wspsearch #usr/include/samba-4.0/gen_ndr/ndr_misc.h #usr/include/samba-4.0/gen_ndr/ndr_nbt.h #usr/include/samba-4.0/gen_ndr/ndr_samr.h -#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h #usr/include/samba-4.0/gen_ndr/ndr_svcctl.h #usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h #usr/include/samba-4.0/gen_ndr/netlogon.h @@ -101,9 +98,7 @@ usr/bin/wspsearch #usr/include/samba-4.0/ndr/ndr_nbt.h #usr/include/samba-4.0/ndr/ndr_svcctl.h #usr/include/samba-4.0/netapi.h -#usr/include/samba-4.0/param.h #usr/include/samba-4.0/passdb.h -#usr/include/samba-4.0/policy.h #usr/include/samba-4.0/rpc_common.h #usr/include/samba-4.0/samba #usr/include/samba-4.0/samba/session.h @@ -129,9 +124,6 @@ usr/bin/wspsearch #usr/include/samba-4.0/util/idtree_random.h #usr/include/samba-4.0/util/signal.h #usr/include/samba-4.0/util/substitute.h -#usr/include/samba-4.0/util/tevent_ntstatus.h -#usr/include/samba-4.0/util/tevent_unix.h -#usr/include/samba-4.0/util/tevent_werror.h #usr/include/samba-4.0/util/tfork.h #usr/include/samba-4.0/util/time.h #usr/include/samba-4.0/util_ldb.h @@ -139,15 +131,9 @@ usr/bin/wspsearch usr/lib/libdcerpc-binding.so usr/lib/libdcerpc-binding.so.0 usr/lib/libdcerpc-binding.so.0.0.1 -usr/lib/libdcerpc-samr.so -usr/lib/libdcerpc-samr.so.0 -usr/lib/libdcerpc-samr.so.0.0.1 usr/lib/libdcerpc-server-core.so usr/lib/libdcerpc-server-core.so.0 usr/lib/libdcerpc-server-core.so.0.0.1 -usr/lib/libdcerpc.so -usr/lib/libdcerpc.so.0 -usr/lib/libdcerpc.so.0.0.1 usr/lib/libndr-krb5pac.so usr/lib/libndr-krb5pac.so.0 usr/lib/libndr-krb5pac.so.0.0.1 @@ -158,34 +144,22 @@ usr/lib/libndr-standard.so usr/lib/libndr-standard.so.0 usr/lib/libndr-standard.so.0.0.1 usr/lib/libndr.so -usr/lib/libndr.so.4 -usr/lib/libndr.so.4.0.0 +usr/lib/libndr.so.5 +usr/lib/libndr.so.5.0.0 usr/lib/libnetapi.so usr/lib/libnetapi.so.1 usr/lib/libnetapi.so.1.0.0 usr/lib/libnss_winbind.so.2 usr/lib/libnss_wins.so.2 -usr/lib/libsamba-credentials.so -usr/lib/libsamba-credentials.so.1 -usr/lib/libsamba-credentials.so.1.0.0 usr/lib/libsamba-errors.so usr/lib/libsamba-errors.so.1 usr/lib/libsamba-errors.so.1.0.0 -usr/lib/libsamba-hostconfig.so -usr/lib/libsamba-hostconfig.so.0 -usr/lib/libsamba-hostconfig.so.0.0.1 usr/lib/libsamba-passdb.so usr/lib/libsamba-passdb.so.0 -usr/lib/libsamba-passdb.so.0.28.0 -usr/lib/libsamba-policy.cpython-310-aarch64-linux-gnu.so -usr/lib/libsamba-policy.cpython-310-aarch64-linux-gnu.so.0 -usr/lib/libsamba-policy.cpython-310-aarch64-linux-gnu.so.0.0.1 +usr/lib/libsamba-passdb.so.0.29.0 usr/lib/libsamba-util.so usr/lib/libsamba-util.so.0 usr/lib/libsamba-util.so.0.0.1 -usr/lib/libsamdb.so -usr/lib/libsamdb.so.0 -usr/lib/libsamdb.so.0.0.1 usr/lib/libsmbclient.so usr/lib/libsmbclient.so.0 usr/lib/libsmbclient.so.0.8.0 @@ -195,24 +169,15 @@ usr/lib/libsmbconf.so.0.0.1 usr/lib/libsmbldap.so usr/lib/libsmbldap.so.2 usr/lib/libsmbldap.so.2.1.0 -usr/lib/libtevent-util.so -usr/lib/libtevent-util.so.0 -usr/lib/libtevent-util.so.0.0.1 usr/lib/libwbclient.so usr/lib/libwbclient.so.0 usr/lib/libwbclient.so.0.16 -#usr/lib/pkgconfig/dcerpc.pc -#usr/lib/pkgconfig/dcerpc_samr.pc #usr/lib/pkgconfig/ndr.pc #usr/lib/pkgconfig/ndr_krb5pac.pc #usr/lib/pkgconfig/ndr_nbt.pc #usr/lib/pkgconfig/ndr_standard.pc #usr/lib/pkgconfig/netapi.pc -#usr/lib/pkgconfig/samba-credentials.pc -#usr/lib/pkgconfig/samba-hostconfig.pc -#usr/lib/pkgconfig/samba-policy.cpython-310-aarch64-linux-gnu.pc #usr/lib/pkgconfig/samba-util.pc -#usr/lib/pkgconfig/samdb.pc #usr/lib/pkgconfig/smbclient.pc #usr/lib/pkgconfig/wbclient.pc usr/lib/python3.10/site-packages/_ldb_text.py @@ -283,6 +248,31 @@ usr/lib/python3.10/site-packages/samba/dcerpc/xattr.cpython-310-aarch64-linux-gn usr/lib/python3.10/site-packages/samba/descriptor.py usr/lib/python3.10/site-packages/samba/dnsresolver.py usr/lib/python3.10/site-packages/samba/dnsserver.py +#usr/lib/python3.10/site-packages/samba/domain +usr/lib/python3.10/site-packages/samba/domain/__init__.py +#usr/lib/python3.10/site-packages/samba/domain/models +usr/lib/python3.10/site-packages/samba/domain/models/__init__.py +usr/lib/python3.10/site-packages/samba/domain/models/auth_policy.py +usr/lib/python3.10/site-packages/samba/domain/models/auth_silo.py +usr/lib/python3.10/site-packages/samba/domain/models/claim_type.py +usr/lib/python3.10/site-packages/samba/domain/models/computer.py +usr/lib/python3.10/site-packages/samba/domain/models/constants.py +usr/lib/python3.10/site-packages/samba/domain/models/container.py +usr/lib/python3.10/site-packages/samba/domain/models/exceptions.py +usr/lib/python3.10/site-packages/samba/domain/models/fields.py +usr/lib/python3.10/site-packages/samba/domain/models/gmsa.py +usr/lib/python3.10/site-packages/samba/domain/models/group.py +usr/lib/python3.10/site-packages/samba/domain/models/model.py +usr/lib/python3.10/site-packages/samba/domain/models/org.py +usr/lib/python3.10/site-packages/samba/domain/models/person.py +usr/lib/python3.10/site-packages/samba/domain/models/query.py +usr/lib/python3.10/site-packages/samba/domain/models/registry.py +usr/lib/python3.10/site-packages/samba/domain/models/schema.py +usr/lib/python3.10/site-packages/samba/domain/models/site.py +usr/lib/python3.10/site-packages/samba/domain/models/subnet.py +usr/lib/python3.10/site-packages/samba/domain/models/types.py +usr/lib/python3.10/site-packages/samba/domain/models/user.py +usr/lib/python3.10/site-packages/samba/domain/models/value_type.py usr/lib/python3.10/site-packages/samba/domain_update.py usr/lib/python3.10/site-packages/samba/drs_utils.py usr/lib/python3.10/site-packages/samba/dsdb.cpython-310-aarch64-linux-gnu.so @@ -344,6 +334,7 @@ usr/lib/python3.10/site-packages/samba/kcc/graph_utils.py usr/lib/python3.10/site-packages/samba/kcc/kcc_utils.py usr/lib/python3.10/site-packages/samba/kcc/ldif_import_export.py usr/lib/python3.10/site-packages/samba/logger.py +usr/lib/python3.10/site-packages/samba/lsa_utils.py usr/lib/python3.10/site-packages/samba/mdb_util.py usr/lib/python3.10/site-packages/samba/messaging.cpython-310-aarch64-linux-gnu.so usr/lib/python3.10/site-packages/samba/ms_display_specifiers.py @@ -366,9 +357,18 @@ usr/lib/python3.10/site-packages/samba/netcmd/domain usr/lib/python3.10/site-packages/samba/netcmd/domain/__init__.py usr/lib/python3.10/site-packages/samba/netcmd/domain/auth usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/__init__.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo_member.py +#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/__init__.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/computer_allowed_to_authenticate_to.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/policy.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_from.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_to.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_from.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_to.py +#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/__init__.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/member.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/silo.py usr/lib/python3.10/site-packages/samba/netcmd/domain/backup.py usr/lib/python3.10/site-packages/samba/netcmd/domain/claim usr/lib/python3.10/site-packages/samba/netcmd/domain/claim/__init__.py @@ -381,24 +381,12 @@ usr/lib/python3.10/site-packages/samba/netcmd/domain/demote.py usr/lib/python3.10/site-packages/samba/netcmd/domain/functional_prep.py usr/lib/python3.10/site-packages/samba/netcmd/domain/info.py usr/lib/python3.10/site-packages/samba/netcmd/domain/join.py +#usr/lib/python3.10/site-packages/samba/netcmd/domain/kds +usr/lib/python3.10/site-packages/samba/netcmd/domain/kds/__init__.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/kds/root_key.py usr/lib/python3.10/site-packages/samba/netcmd/domain/keytab.py usr/lib/python3.10/site-packages/samba/netcmd/domain/leave.py usr/lib/python3.10/site-packages/samba/netcmd/domain/level.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/__init__.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/auth_policy.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/auth_silo.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/claim_type.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/exceptions.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/fields.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/group.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/model.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/query.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/schema.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/site.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/subnet.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/user.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/value_type.py usr/lib/python3.10/site-packages/samba/netcmd/domain/passwordsettings.py usr/lib/python3.10/site-packages/samba/netcmd/domain/provision.py usr/lib/python3.10/site-packages/samba/netcmd/domain/samba3upgrade.py @@ -422,6 +410,10 @@ usr/lib/python3.10/site-packages/samba/netcmd/processes.py usr/lib/python3.10/site-packages/samba/netcmd/pso.py usr/lib/python3.10/site-packages/samba/netcmd/rodc.py usr/lib/python3.10/site-packages/samba/netcmd/schema.py +#usr/lib/python3.10/site-packages/samba/netcmd/service_account +usr/lib/python3.10/site-packages/samba/netcmd/service_account/__init__.py +usr/lib/python3.10/site-packages/samba/netcmd/service_account/group_msa_membership.py +usr/lib/python3.10/site-packages/samba/netcmd/service_account/service_account.py usr/lib/python3.10/site-packages/samba/netcmd/shell.py usr/lib/python3.10/site-packages/samba/netcmd/sites.py usr/lib/python3.10/site-packages/samba/netcmd/spn.py @@ -513,10 +505,11 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/__init__.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/bug13653.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/check_output.py -usr/lib/python3.10/site-packages/samba/tests/blackbox/claims.py +#usr/lib/python3.10/site-packages/samba/tests/blackbox/claims.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/downgradedatabase.py -usr/lib/python3.10/site-packages/samba/tests/blackbox/http_chunk.py -usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py +#usr/lib/python3.10/site-packages/samba/tests/blackbox/gmsa.py +#usr/lib/python3.10/site-packages/samba/tests/blackbox/http_chunk.py +#usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/mdsearch.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/misc_dfs_widelink.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/ndrdump.py @@ -548,10 +541,10 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/array.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/bare.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/binding.py -#usr/lib/python3.10/site-packages/samba/tests/dcerpc/createtrustrelax.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/dnsserver.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/integer.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/lsa.py +#usr/lib/python3.10/site-packages/samba/tests/dcerpc/lsa_utils.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/mdssvc.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/misc.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/raw_protocol.py @@ -583,6 +576,8 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py #usr/lib/python3.10/site-packages/samba/tests/dsdb_api.py #usr/lib/python3.10/site-packages/samba/tests/dsdb_dns.py #usr/lib/python3.10/site-packages/samba/tests/dsdb_lock.py +#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_env_tests.py +#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_provision_tests.py #usr/lib/python3.10/site-packages/samba/tests/dsdb_schema_attributes.py #usr/lib/python3.10/site-packages/samba/tests/emulate #usr/lib/python3.10/site-packages/samba/tests/emulate/__init__.py @@ -620,6 +615,7 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py #usr/lib/python3.10/site-packages/samba/tests/krb5/etype_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/fast_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/gkdi_tests.py +#usr/lib/python3.10/site-packages/samba/tests/krb5/gmsa_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/group_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kcrypto.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_base_test.py @@ -716,6 +712,7 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_auth_policy.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_auth_silo.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_claim.py +#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_kds_root_key.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_models.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/dsacl.py @@ -738,6 +735,7 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/provision_userPassword_crypt.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/rodc.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/schema.py +#usr/lib/python3.10/site-packages/samba/tests/samba_tool/service_account.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/silo_base.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/sites.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/timecmd.py @@ -782,7 +780,6 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py #usr/lib/python3.10/site-packages/samba/tests/upgradeprovisionneeddc.py #usr/lib/python3.10/site-packages/samba/tests/usage.py #usr/lib/python3.10/site-packages/samba/tests/xattr.py -usr/lib/python3.10/site-packages/samba/trust_utils.py usr/lib/python3.10/site-packages/samba/upgrade.py usr/lib/python3.10/site-packages/samba/upgradehelpers.py usr/lib/python3.10/site-packages/samba/uptodateness.py @@ -808,6 +805,7 @@ usr/lib/samba/krb5/winbind_krb5_locator.so #usr/lib/samba/ldb usr/lib/samba/ldb/asq.so usr/lib/samba/ldb/ildap.so +usr/lib/samba/ldb/ldap.so usr/lib/samba/ldb/ldb.so usr/lib/samba/ldb/ldbsamba_extensions.so usr/lib/samba/ldb/paged_searches.so @@ -847,8 +845,10 @@ usr/lib/samba/libcom-err-private-samba.so usr/lib/samba/libcommon-auth-private-samba.so usr/lib/samba/libdbwrap-private-samba.so usr/lib/samba/libdcerpc-pkt-auth-private-samba.so +usr/lib/samba/libdcerpc-private-samba.so usr/lib/samba/libdcerpc-samba-private-samba.so usr/lib/samba/libdcerpc-samba4-private-samba.so +usr/lib/samba/libdcerpc-samr-private-samba.so usr/lib/samba/libdnsserver-common-private-samba.so usr/lib/samba/libdsdb-module-private-samba.so usr/lib/samba/libevents-private-samba.so @@ -901,14 +901,19 @@ usr/lib/samba/libregistry-private-samba.so usr/lib/samba/libreplace-private-samba.so usr/lib/samba/libroken-private-samba.so usr/lib/samba/libsamba-cluster-support-private-samba.so +usr/lib/samba/libsamba-credentials-private-samba.so usr/lib/samba/libsamba-debug-private-samba.so +usr/lib/samba/libsamba-hostconfig-private-samba.so usr/lib/samba/libsamba-modules-private-samba.so -usr/lib/samba/libsamba-net.cpython-310-aarch64-linux-gnu-private-samba.so +usr/lib/samba/libsamba-net-join.cpython-310-aarch64-linux-gnu-private-samba.so +usr/lib/samba/libsamba-net-private-samba.so +usr/lib/samba/libsamba-policy-private-samba.so usr/lib/samba/libsamba-python.cpython-310-aarch64-linux-gnu-private-samba.so usr/lib/samba/libsamba-security-private-samba.so usr/lib/samba/libsamba-sockets-private-samba.so usr/lib/samba/libsamba3-util-private-samba.so usr/lib/samba/libsamdb-common-private-samba.so +usr/lib/samba/libsamdb-private-samba.so usr/lib/samba/libsecrets3-private-samba.so usr/lib/samba/libserver-id-db-private-samba.so usr/lib/samba/libserver-role-private-samba.so @@ -928,9 +933,9 @@ usr/lib/samba/libtalloc-report-private-samba.so usr/lib/samba/libtdb-private-samba.so usr/lib/samba/libtdb-wrap-private-samba.so usr/lib/samba/libtevent-private-samba.so +usr/lib/samba/libtevent-util-private-samba.so usr/lib/samba/libtime-basic-private-samba.so usr/lib/samba/libtorture-private-samba.so -usr/lib/samba/libtrusts-util-private-samba.so usr/lib/samba/libutil-reg-private-samba.so usr/lib/samba/libutil-setid-private-samba.so usr/lib/samba/libutil-tdb-private-samba.so diff --git a/config/rootfiles/packages/riscv64/samba b/config/rootfiles/packages/riscv64/samba index 93e39e0e7a..b530ea2b25 100644 --- a/config/rootfiles/packages/riscv64/samba +++ b/config/rootfiles/packages/riscv64/samba @@ -57,8 +57,6 @@ usr/bin/wspsearch #usr/include/samba-4.0/core/ntstatus_gen.h #usr/include/samba-4.0/core/werror.h #usr/include/samba-4.0/core/werror_gen.h -#usr/include/samba-4.0/credentials.h -#usr/include/samba-4.0/dcerpc.h #usr/include/samba-4.0/dcesrv_core.h #usr/include/samba-4.0/domain_credentials.h #usr/include/samba-4.0/gen_ndr @@ -80,7 +78,6 @@ usr/bin/wspsearch #usr/include/samba-4.0/gen_ndr/ndr_misc.h #usr/include/samba-4.0/gen_ndr/ndr_nbt.h #usr/include/samba-4.0/gen_ndr/ndr_samr.h -#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h #usr/include/samba-4.0/gen_ndr/ndr_svcctl.h #usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h #usr/include/samba-4.0/gen_ndr/netlogon.h @@ -101,9 +98,7 @@ usr/bin/wspsearch #usr/include/samba-4.0/ndr/ndr_nbt.h #usr/include/samba-4.0/ndr/ndr_svcctl.h #usr/include/samba-4.0/netapi.h -#usr/include/samba-4.0/param.h #usr/include/samba-4.0/passdb.h -#usr/include/samba-4.0/policy.h #usr/include/samba-4.0/rpc_common.h #usr/include/samba-4.0/samba #usr/include/samba-4.0/samba/session.h @@ -129,9 +124,6 @@ usr/bin/wspsearch #usr/include/samba-4.0/util/idtree_random.h #usr/include/samba-4.0/util/signal.h #usr/include/samba-4.0/util/substitute.h -#usr/include/samba-4.0/util/tevent_ntstatus.h -#usr/include/samba-4.0/util/tevent_unix.h -#usr/include/samba-4.0/util/tevent_werror.h #usr/include/samba-4.0/util/tfork.h #usr/include/samba-4.0/util/time.h #usr/include/samba-4.0/util_ldb.h @@ -139,15 +131,9 @@ usr/bin/wspsearch usr/lib/libdcerpc-binding.so usr/lib/libdcerpc-binding.so.0 usr/lib/libdcerpc-binding.so.0.0.1 -usr/lib/libdcerpc-samr.so -usr/lib/libdcerpc-samr.so.0 -usr/lib/libdcerpc-samr.so.0.0.1 usr/lib/libdcerpc-server-core.so usr/lib/libdcerpc-server-core.so.0 usr/lib/libdcerpc-server-core.so.0.0.1 -usr/lib/libdcerpc.so -usr/lib/libdcerpc.so.0 -usr/lib/libdcerpc.so.0.0.1 usr/lib/libndr-krb5pac.so usr/lib/libndr-krb5pac.so.0 usr/lib/libndr-krb5pac.so.0.0.1 @@ -158,34 +144,22 @@ usr/lib/libndr-standard.so usr/lib/libndr-standard.so.0 usr/lib/libndr-standard.so.0.0.1 usr/lib/libndr.so -usr/lib/libndr.so.4 -usr/lib/libndr.so.4.0.0 +usr/lib/libndr.so.5 +usr/lib/libndr.so.5.0.0 usr/lib/libnetapi.so usr/lib/libnetapi.so.1 usr/lib/libnetapi.so.1.0.0 usr/lib/libnss_winbind.so.2 usr/lib/libnss_wins.so.2 -usr/lib/libsamba-credentials.so -usr/lib/libsamba-credentials.so.1 -usr/lib/libsamba-credentials.so.1.0.0 usr/lib/libsamba-errors.so usr/lib/libsamba-errors.so.1 usr/lib/libsamba-errors.so.1.0.0 -usr/lib/libsamba-hostconfig.so -usr/lib/libsamba-hostconfig.so.0 -usr/lib/libsamba-hostconfig.so.0.0.1 usr/lib/libsamba-passdb.so usr/lib/libsamba-passdb.so.0 -usr/lib/libsamba-passdb.so.0.28.0 -usr/lib/libsamba-policy.cpython-310-riscv64-linux-gnu.so -usr/lib/libsamba-policy.cpython-310-riscv64-linux-gnu.so.0 -usr/lib/libsamba-policy.cpython-310-riscv64-linux-gnu.so.0.0.1 +usr/lib/libsamba-passdb.so.0.29.0 usr/lib/libsamba-util.so usr/lib/libsamba-util.so.0 usr/lib/libsamba-util.so.0.0.1 -usr/lib/libsamdb.so -usr/lib/libsamdb.so.0 -usr/lib/libsamdb.so.0.0.1 usr/lib/libsmbclient.so usr/lib/libsmbclient.so.0 usr/lib/libsmbclient.so.0.8.0 @@ -195,24 +169,15 @@ usr/lib/libsmbconf.so.0.0.1 usr/lib/libsmbldap.so usr/lib/libsmbldap.so.2 usr/lib/libsmbldap.so.2.1.0 -usr/lib/libtevent-util.so -usr/lib/libtevent-util.so.0 -usr/lib/libtevent-util.so.0.0.1 usr/lib/libwbclient.so usr/lib/libwbclient.so.0 usr/lib/libwbclient.so.0.16 -#usr/lib/pkgconfig/dcerpc.pc -#usr/lib/pkgconfig/dcerpc_samr.pc #usr/lib/pkgconfig/ndr.pc #usr/lib/pkgconfig/ndr_krb5pac.pc #usr/lib/pkgconfig/ndr_nbt.pc #usr/lib/pkgconfig/ndr_standard.pc #usr/lib/pkgconfig/netapi.pc -#usr/lib/pkgconfig/samba-credentials.pc -#usr/lib/pkgconfig/samba-hostconfig.pc -#usr/lib/pkgconfig/samba-policy.cpython-310-riscv64-linux-gnu.pc #usr/lib/pkgconfig/samba-util.pc -#usr/lib/pkgconfig/samdb.pc #usr/lib/pkgconfig/smbclient.pc #usr/lib/pkgconfig/wbclient.pc usr/lib/python3.10/site-packages/_ldb_text.py @@ -283,6 +248,31 @@ usr/lib/python3.10/site-packages/samba/dcerpc/xattr.cpython-310-riscv64-linux-gn usr/lib/python3.10/site-packages/samba/descriptor.py usr/lib/python3.10/site-packages/samba/dnsresolver.py usr/lib/python3.10/site-packages/samba/dnsserver.py +#usr/lib/python3.10/site-packages/samba/domain +usr/lib/python3.10/site-packages/samba/domain/__init__.py +#usr/lib/python3.10/site-packages/samba/domain/models +usr/lib/python3.10/site-packages/samba/domain/models/__init__.py +usr/lib/python3.10/site-packages/samba/domain/models/auth_policy.py +usr/lib/python3.10/site-packages/samba/domain/models/auth_silo.py +usr/lib/python3.10/site-packages/samba/domain/models/claim_type.py +usr/lib/python3.10/site-packages/samba/domain/models/computer.py +usr/lib/python3.10/site-packages/samba/domain/models/constants.py +usr/lib/python3.10/site-packages/samba/domain/models/container.py +usr/lib/python3.10/site-packages/samba/domain/models/exceptions.py +usr/lib/python3.10/site-packages/samba/domain/models/fields.py +usr/lib/python3.10/site-packages/samba/domain/models/gmsa.py +usr/lib/python3.10/site-packages/samba/domain/models/group.py +usr/lib/python3.10/site-packages/samba/domain/models/model.py +usr/lib/python3.10/site-packages/samba/domain/models/org.py +usr/lib/python3.10/site-packages/samba/domain/models/person.py +usr/lib/python3.10/site-packages/samba/domain/models/query.py +usr/lib/python3.10/site-packages/samba/domain/models/registry.py +usr/lib/python3.10/site-packages/samba/domain/models/schema.py +usr/lib/python3.10/site-packages/samba/domain/models/site.py +usr/lib/python3.10/site-packages/samba/domain/models/subnet.py +usr/lib/python3.10/site-packages/samba/domain/models/types.py +usr/lib/python3.10/site-packages/samba/domain/models/user.py +usr/lib/python3.10/site-packages/samba/domain/models/value_type.py usr/lib/python3.10/site-packages/samba/domain_update.py usr/lib/python3.10/site-packages/samba/drs_utils.py usr/lib/python3.10/site-packages/samba/dsdb.cpython-310-riscv64-linux-gnu.so @@ -344,6 +334,7 @@ usr/lib/python3.10/site-packages/samba/kcc/graph_utils.py usr/lib/python3.10/site-packages/samba/kcc/kcc_utils.py usr/lib/python3.10/site-packages/samba/kcc/ldif_import_export.py usr/lib/python3.10/site-packages/samba/logger.py +usr/lib/python3.10/site-packages/samba/lsa_utils.py usr/lib/python3.10/site-packages/samba/mdb_util.py usr/lib/python3.10/site-packages/samba/messaging.cpython-310-riscv64-linux-gnu.so usr/lib/python3.10/site-packages/samba/ms_display_specifiers.py @@ -366,9 +357,18 @@ usr/lib/python3.10/site-packages/samba/netcmd/dns.py usr/lib/python3.10/site-packages/samba/netcmd/domain/__init__.py #usr/lib/python3.10/site-packages/samba/netcmd/domain/auth usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/__init__.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo_member.py +#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/__init__.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/computer_allowed_to_authenticate_to.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/policy.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_from.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_to.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_from.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_to.py +#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/__init__.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/member.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/silo.py usr/lib/python3.10/site-packages/samba/netcmd/domain/backup.py #usr/lib/python3.10/site-packages/samba/netcmd/domain/claim usr/lib/python3.10/site-packages/samba/netcmd/domain/claim/__init__.py @@ -381,24 +381,12 @@ usr/lib/python3.10/site-packages/samba/netcmd/domain/demote.py usr/lib/python3.10/site-packages/samba/netcmd/domain/functional_prep.py usr/lib/python3.10/site-packages/samba/netcmd/domain/info.py usr/lib/python3.10/site-packages/samba/netcmd/domain/join.py +#usr/lib/python3.10/site-packages/samba/netcmd/domain/kds +usr/lib/python3.10/site-packages/samba/netcmd/domain/kds/__init__.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/kds/root_key.py usr/lib/python3.10/site-packages/samba/netcmd/domain/keytab.py usr/lib/python3.10/site-packages/samba/netcmd/domain/leave.py usr/lib/python3.10/site-packages/samba/netcmd/domain/level.py -#usr/lib/python3.10/site-packages/samba/netcmd/domain/models -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/__init__.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/auth_policy.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/auth_silo.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/claim_type.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/exceptions.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/fields.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/group.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/model.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/query.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/schema.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/site.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/subnet.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/user.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/value_type.py usr/lib/python3.10/site-packages/samba/netcmd/domain/passwordsettings.py usr/lib/python3.10/site-packages/samba/netcmd/domain/provision.py usr/lib/python3.10/site-packages/samba/netcmd/domain/samba3upgrade.py @@ -422,6 +410,10 @@ usr/lib/python3.10/site-packages/samba/netcmd/processes.py usr/lib/python3.10/site-packages/samba/netcmd/pso.py usr/lib/python3.10/site-packages/samba/netcmd/rodc.py usr/lib/python3.10/site-packages/samba/netcmd/schema.py +#usr/lib/python3.10/site-packages/samba/netcmd/service_account +usr/lib/python3.10/site-packages/samba/netcmd/service_account/__init__.py +usr/lib/python3.10/site-packages/samba/netcmd/service_account/group_msa_membership.py +usr/lib/python3.10/site-packages/samba/netcmd/service_account/service_account.py usr/lib/python3.10/site-packages/samba/netcmd/shell.py usr/lib/python3.10/site-packages/samba/netcmd/sites.py usr/lib/python3.10/site-packages/samba/netcmd/spn.py @@ -515,6 +507,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/check_output.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/claims.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/downgradedatabase.py +#usr/lib/python3.10/site-packages/samba/tests/blackbox/gmsa.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/http_chunk.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/mdsearch.py @@ -548,10 +541,10 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/array.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/bare.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/binding.py -#usr/lib/python3.10/site-packages/samba/tests/dcerpc/createtrustrelax.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/dnsserver.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/integer.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/lsa.py +#usr/lib/python3.10/site-packages/samba/tests/dcerpc/lsa_utils.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/mdssvc.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/misc.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/raw_protocol.py @@ -583,6 +576,8 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/dsdb_api.py #usr/lib/python3.10/site-packages/samba/tests/dsdb_dns.py #usr/lib/python3.10/site-packages/samba/tests/dsdb_lock.py +#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_env_tests.py +#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_provision_tests.py #usr/lib/python3.10/site-packages/samba/tests/dsdb_schema_attributes.py #usr/lib/python3.10/site-packages/samba/tests/emulate #usr/lib/python3.10/site-packages/samba/tests/emulate/__init__.py @@ -620,6 +615,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/krb5/etype_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/fast_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/gkdi_tests.py +#usr/lib/python3.10/site-packages/samba/tests/krb5/gmsa_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/group_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kcrypto.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_base_test.py @@ -716,6 +712,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_auth_policy.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_auth_silo.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_claim.py +#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_kds_root_key.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_models.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/dsacl.py @@ -738,6 +735,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/provision_userPassword_crypt.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/rodc.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/schema.py +#usr/lib/python3.10/site-packages/samba/tests/samba_tool/service_account.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/silo_base.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/sites.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/timecmd.py @@ -782,7 +780,6 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/upgradeprovisionneeddc.py #usr/lib/python3.10/site-packages/samba/tests/usage.py #usr/lib/python3.10/site-packages/samba/tests/xattr.py -#usr/lib/python3.10/site-packages/samba/trust_utils.py usr/lib/python3.10/site-packages/samba/upgrade.py usr/lib/python3.10/site-packages/samba/upgradehelpers.py usr/lib/python3.10/site-packages/samba/uptodateness.py @@ -808,6 +805,7 @@ usr/lib/samba/krb5/winbind_krb5_locator.so #usr/lib/samba/ldb usr/lib/samba/ldb/asq.so usr/lib/samba/ldb/ildap.so +usr/lib/samba/ldb/ldap.so usr/lib/samba/ldb/ldb.so usr/lib/samba/ldb/ldbsamba_extensions.so usr/lib/samba/ldb/paged_searches.so @@ -847,8 +845,10 @@ usr/lib/samba/libcom-err-private-samba.so usr/lib/samba/libcommon-auth-private-samba.so usr/lib/samba/libdbwrap-private-samba.so usr/lib/samba/libdcerpc-pkt-auth-private-samba.so +usr/lib/samba/libdcerpc-private-samba.so usr/lib/samba/libdcerpc-samba-private-samba.so usr/lib/samba/libdcerpc-samba4-private-samba.so +usr/lib/samba/libdcerpc-samr-private-samba.so usr/lib/samba/libdnsserver-common-private-samba.so usr/lib/samba/libdsdb-module-private-samba.so usr/lib/samba/libevents-private-samba.so @@ -901,14 +901,19 @@ usr/lib/samba/libregistry-private-samba.so usr/lib/samba/libreplace-private-samba.so usr/lib/samba/libroken-private-samba.so usr/lib/samba/libsamba-cluster-support-private-samba.so +usr/lib/samba/libsamba-credentials-private-samba.so usr/lib/samba/libsamba-debug-private-samba.so +usr/lib/samba/libsamba-hostconfig-private-samba.so usr/lib/samba/libsamba-modules-private-samba.so -usr/lib/samba/libsamba-net.cpython-310-riscv64-linux-gnu-private-samba.so +usr/lib/samba/libsamba-net-join.cpython-310-riscv64-linux-gnu-private-samba.so +usr/lib/samba/libsamba-net-private-samba.so +usr/lib/samba/libsamba-policy-private-samba.so usr/lib/samba/libsamba-python.cpython-310-riscv64-linux-gnu-private-samba.so usr/lib/samba/libsamba-security-private-samba.so usr/lib/samba/libsamba-sockets-private-samba.so usr/lib/samba/libsamba3-util-private-samba.so usr/lib/samba/libsamdb-common-private-samba.so +usr/lib/samba/libsamdb-private-samba.so usr/lib/samba/libsecrets3-private-samba.so usr/lib/samba/libserver-id-db-private-samba.so usr/lib/samba/libserver-role-private-samba.so @@ -928,9 +933,9 @@ usr/lib/samba/libtalloc-report-private-samba.so usr/lib/samba/libtdb-private-samba.so usr/lib/samba/libtdb-wrap-private-samba.so usr/lib/samba/libtevent-private-samba.so +usr/lib/samba/libtevent-util-private-samba.so usr/lib/samba/libtime-basic-private-samba.so usr/lib/samba/libtorture-private-samba.so -usr/lib/samba/libtrusts-util-private-samba.so usr/lib/samba/libutil-reg-private-samba.so usr/lib/samba/libutil-setid-private-samba.so usr/lib/samba/libutil-tdb-private-samba.so @@ -1019,4 +1024,4 @@ var/log/samba var/spool/samba srv/web/ipfire/cgi-bin/samba.cgi var/ipfire/menu.d/EX-samba.menu -usr/local/bin/sambactrl +usr/local/bin/sambactrl \ No newline at end of file diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba index 92862313d1..e720457a3d 100644 --- a/config/rootfiles/packages/x86_64/samba +++ b/config/rootfiles/packages/x86_64/samba @@ -57,8 +57,6 @@ usr/bin/wspsearch #usr/include/samba-4.0/core/ntstatus_gen.h #usr/include/samba-4.0/core/werror.h #usr/include/samba-4.0/core/werror_gen.h -#usr/include/samba-4.0/credentials.h -#usr/include/samba-4.0/dcerpc.h #usr/include/samba-4.0/dcesrv_core.h #usr/include/samba-4.0/domain_credentials.h #usr/include/samba-4.0/gen_ndr @@ -80,7 +78,6 @@ usr/bin/wspsearch #usr/include/samba-4.0/gen_ndr/ndr_misc.h #usr/include/samba-4.0/gen_ndr/ndr_nbt.h #usr/include/samba-4.0/gen_ndr/ndr_samr.h -#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h #usr/include/samba-4.0/gen_ndr/ndr_svcctl.h #usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h #usr/include/samba-4.0/gen_ndr/netlogon.h @@ -101,9 +98,7 @@ usr/bin/wspsearch #usr/include/samba-4.0/ndr/ndr_nbt.h #usr/include/samba-4.0/ndr/ndr_svcctl.h #usr/include/samba-4.0/netapi.h -#usr/include/samba-4.0/param.h #usr/include/samba-4.0/passdb.h -#usr/include/samba-4.0/policy.h #usr/include/samba-4.0/rpc_common.h #usr/include/samba-4.0/samba #usr/include/samba-4.0/samba/session.h @@ -129,9 +124,6 @@ usr/bin/wspsearch #usr/include/samba-4.0/util/idtree_random.h #usr/include/samba-4.0/util/signal.h #usr/include/samba-4.0/util/substitute.h -#usr/include/samba-4.0/util/tevent_ntstatus.h -#usr/include/samba-4.0/util/tevent_unix.h -#usr/include/samba-4.0/util/tevent_werror.h #usr/include/samba-4.0/util/tfork.h #usr/include/samba-4.0/util/time.h #usr/include/samba-4.0/util_ldb.h @@ -139,15 +131,9 @@ usr/bin/wspsearch usr/lib/libdcerpc-binding.so usr/lib/libdcerpc-binding.so.0 usr/lib/libdcerpc-binding.so.0.0.1 -usr/lib/libdcerpc-samr.so -usr/lib/libdcerpc-samr.so.0 -usr/lib/libdcerpc-samr.so.0.0.1 usr/lib/libdcerpc-server-core.so usr/lib/libdcerpc-server-core.so.0 usr/lib/libdcerpc-server-core.so.0.0.1 -usr/lib/libdcerpc.so -usr/lib/libdcerpc.so.0 -usr/lib/libdcerpc.so.0.0.1 usr/lib/libndr-krb5pac.so usr/lib/libndr-krb5pac.so.0 usr/lib/libndr-krb5pac.so.0.0.1 @@ -158,34 +144,22 @@ usr/lib/libndr-standard.so usr/lib/libndr-standard.so.0 usr/lib/libndr-standard.so.0.0.1 usr/lib/libndr.so -usr/lib/libndr.so.4 -usr/lib/libndr.so.4.0.0 +usr/lib/libndr.so.5 +usr/lib/libndr.so.5.0.0 usr/lib/libnetapi.so usr/lib/libnetapi.so.1 usr/lib/libnetapi.so.1.0.0 usr/lib/libnss_winbind.so.2 usr/lib/libnss_wins.so.2 -usr/lib/libsamba-credentials.so -usr/lib/libsamba-credentials.so.1 -usr/lib/libsamba-credentials.so.1.0.0 usr/lib/libsamba-errors.so usr/lib/libsamba-errors.so.1 usr/lib/libsamba-errors.so.1.0.0 -usr/lib/libsamba-hostconfig.so -usr/lib/libsamba-hostconfig.so.0 -usr/lib/libsamba-hostconfig.so.0.0.1 usr/lib/libsamba-passdb.so usr/lib/libsamba-passdb.so.0 -usr/lib/libsamba-passdb.so.0.28.0 -usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so -usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0 -usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0.0.1 +usr/lib/libsamba-passdb.so.0.29.0 usr/lib/libsamba-util.so usr/lib/libsamba-util.so.0 usr/lib/libsamba-util.so.0.0.1 -usr/lib/libsamdb.so -usr/lib/libsamdb.so.0 -usr/lib/libsamdb.so.0.0.1 usr/lib/libsmbclient.so usr/lib/libsmbclient.so.0 usr/lib/libsmbclient.so.0.8.0 @@ -195,24 +169,15 @@ usr/lib/libsmbconf.so.0.0.1 usr/lib/libsmbldap.so usr/lib/libsmbldap.so.2 usr/lib/libsmbldap.so.2.1.0 -usr/lib/libtevent-util.so -usr/lib/libtevent-util.so.0 -usr/lib/libtevent-util.so.0.0.1 usr/lib/libwbclient.so usr/lib/libwbclient.so.0 usr/lib/libwbclient.so.0.16 -#usr/lib/pkgconfig/dcerpc.pc -#usr/lib/pkgconfig/dcerpc_samr.pc #usr/lib/pkgconfig/ndr.pc #usr/lib/pkgconfig/ndr_krb5pac.pc #usr/lib/pkgconfig/ndr_nbt.pc #usr/lib/pkgconfig/ndr_standard.pc #usr/lib/pkgconfig/netapi.pc -#usr/lib/pkgconfig/samba-credentials.pc -#usr/lib/pkgconfig/samba-hostconfig.pc -#usr/lib/pkgconfig/samba-policy.cpython-310-x86_64-linux-gnu.pc #usr/lib/pkgconfig/samba-util.pc -#usr/lib/pkgconfig/samdb.pc #usr/lib/pkgconfig/smbclient.pc #usr/lib/pkgconfig/wbclient.pc usr/lib/python3.10/site-packages/_ldb_text.py @@ -283,6 +248,31 @@ usr/lib/python3.10/site-packages/samba/dcerpc/xattr.cpython-310-x86_64-linux-gnu usr/lib/python3.10/site-packages/samba/descriptor.py usr/lib/python3.10/site-packages/samba/dnsresolver.py usr/lib/python3.10/site-packages/samba/dnsserver.py +#usr/lib/python3.10/site-packages/samba/domain +usr/lib/python3.10/site-packages/samba/domain/__init__.py +#usr/lib/python3.10/site-packages/samba/domain/models +usr/lib/python3.10/site-packages/samba/domain/models/__init__.py +usr/lib/python3.10/site-packages/samba/domain/models/auth_policy.py +usr/lib/python3.10/site-packages/samba/domain/models/auth_silo.py +usr/lib/python3.10/site-packages/samba/domain/models/claim_type.py +usr/lib/python3.10/site-packages/samba/domain/models/computer.py +usr/lib/python3.10/site-packages/samba/domain/models/constants.py +usr/lib/python3.10/site-packages/samba/domain/models/container.py +usr/lib/python3.10/site-packages/samba/domain/models/exceptions.py +usr/lib/python3.10/site-packages/samba/domain/models/fields.py +usr/lib/python3.10/site-packages/samba/domain/models/gmsa.py +usr/lib/python3.10/site-packages/samba/domain/models/group.py +usr/lib/python3.10/site-packages/samba/domain/models/model.py +usr/lib/python3.10/site-packages/samba/domain/models/org.py +usr/lib/python3.10/site-packages/samba/domain/models/person.py +usr/lib/python3.10/site-packages/samba/domain/models/query.py +usr/lib/python3.10/site-packages/samba/domain/models/registry.py +usr/lib/python3.10/site-packages/samba/domain/models/schema.py +usr/lib/python3.10/site-packages/samba/domain/models/site.py +usr/lib/python3.10/site-packages/samba/domain/models/subnet.py +usr/lib/python3.10/site-packages/samba/domain/models/types.py +usr/lib/python3.10/site-packages/samba/domain/models/user.py +usr/lib/python3.10/site-packages/samba/domain/models/value_type.py usr/lib/python3.10/site-packages/samba/domain_update.py usr/lib/python3.10/site-packages/samba/drs_utils.py usr/lib/python3.10/site-packages/samba/dsdb.cpython-310-x86_64-linux-gnu.so @@ -344,6 +334,7 @@ usr/lib/python3.10/site-packages/samba/kcc/graph_utils.py usr/lib/python3.10/site-packages/samba/kcc/kcc_utils.py usr/lib/python3.10/site-packages/samba/kcc/ldif_import_export.py usr/lib/python3.10/site-packages/samba/logger.py +usr/lib/python3.10/site-packages/samba/lsa_utils.py usr/lib/python3.10/site-packages/samba/mdb_util.py usr/lib/python3.10/site-packages/samba/messaging.cpython-310-x86_64-linux-gnu.so usr/lib/python3.10/site-packages/samba/ms_display_specifiers.py @@ -366,9 +357,18 @@ usr/lib/python3.10/site-packages/samba/netcmd/domain usr/lib/python3.10/site-packages/samba/netcmd/domain/__init__.py usr/lib/python3.10/site-packages/samba/netcmd/domain/auth usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/__init__.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo_member.py +#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/__init__.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/computer_allowed_to_authenticate_to.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/policy.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_from.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_to.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_from.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_to.py +#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/__init__.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/member.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/silo.py usr/lib/python3.10/site-packages/samba/netcmd/domain/backup.py usr/lib/python3.10/site-packages/samba/netcmd/domain/claim usr/lib/python3.10/site-packages/samba/netcmd/domain/claim/__init__.py @@ -381,24 +381,12 @@ usr/lib/python3.10/site-packages/samba/netcmd/domain/demote.py usr/lib/python3.10/site-packages/samba/netcmd/domain/functional_prep.py usr/lib/python3.10/site-packages/samba/netcmd/domain/info.py usr/lib/python3.10/site-packages/samba/netcmd/domain/join.py +#usr/lib/python3.10/site-packages/samba/netcmd/domain/kds +usr/lib/python3.10/site-packages/samba/netcmd/domain/kds/__init__.py +usr/lib/python3.10/site-packages/samba/netcmd/domain/kds/root_key.py usr/lib/python3.10/site-packages/samba/netcmd/domain/keytab.py usr/lib/python3.10/site-packages/samba/netcmd/domain/leave.py usr/lib/python3.10/site-packages/samba/netcmd/domain/level.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/__init__.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/auth_policy.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/auth_silo.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/claim_type.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/exceptions.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/fields.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/group.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/model.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/query.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/schema.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/site.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/subnet.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/user.py -usr/lib/python3.10/site-packages/samba/netcmd/domain/models/value_type.py usr/lib/python3.10/site-packages/samba/netcmd/domain/passwordsettings.py usr/lib/python3.10/site-packages/samba/netcmd/domain/provision.py usr/lib/python3.10/site-packages/samba/netcmd/domain/samba3upgrade.py @@ -422,6 +410,10 @@ usr/lib/python3.10/site-packages/samba/netcmd/processes.py usr/lib/python3.10/site-packages/samba/netcmd/pso.py usr/lib/python3.10/site-packages/samba/netcmd/rodc.py usr/lib/python3.10/site-packages/samba/netcmd/schema.py +#usr/lib/python3.10/site-packages/samba/netcmd/service_account +usr/lib/python3.10/site-packages/samba/netcmd/service_account/__init__.py +usr/lib/python3.10/site-packages/samba/netcmd/service_account/group_msa_membership.py +usr/lib/python3.10/site-packages/samba/netcmd/service_account/service_account.py usr/lib/python3.10/site-packages/samba/netcmd/shell.py usr/lib/python3.10/site-packages/samba/netcmd/sites.py usr/lib/python3.10/site-packages/samba/netcmd/spn.py @@ -513,16 +505,17 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/__init__.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/bug13653.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/check_output.py -usr/lib/python3.10/site-packages/samba/tests/blackbox/claims.py +#usr/lib/python3.10/site-packages/samba/tests/blackbox/claims.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/downgradedatabase.py -usr/lib/python3.10/site-packages/samba/tests/blackbox/http_chunk.py -usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py +#usr/lib/python3.10/site-packages/samba/tests/blackbox/gmsa.py +#usr/lib/python3.10/site-packages/samba/tests/blackbox/http_chunk.py +#usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/mdsearch.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/misc_dfs_widelink.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/ndrdump.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/netads_dns.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/netads_json.py -usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py +#usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/samba_dnsupdate.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/smbcacls.py #usr/lib/python3.10/site-packages/samba/tests/blackbox/smbcacls_basic.py @@ -548,10 +541,10 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/array.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/bare.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/binding.py -#usr/lib/python3.10/site-packages/samba/tests/dcerpc/createtrustrelax.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/dnsserver.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/integer.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/lsa.py +#usr/lib/python3.10/site-packages/samba/tests/dcerpc/lsa_utils.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/mdssvc.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/misc.py #usr/lib/python3.10/site-packages/samba/tests/dcerpc/raw_protocol.py @@ -583,6 +576,8 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py #usr/lib/python3.10/site-packages/samba/tests/dsdb_api.py #usr/lib/python3.10/site-packages/samba/tests/dsdb_dns.py #usr/lib/python3.10/site-packages/samba/tests/dsdb_lock.py +#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_env_tests.py +#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_provision_tests.py #usr/lib/python3.10/site-packages/samba/tests/dsdb_schema_attributes.py #usr/lib/python3.10/site-packages/samba/tests/emulate #usr/lib/python3.10/site-packages/samba/tests/emulate/__init__.py @@ -620,6 +615,7 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py #usr/lib/python3.10/site-packages/samba/tests/krb5/etype_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/fast_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/gkdi_tests.py +#usr/lib/python3.10/site-packages/samba/tests/krb5/gmsa_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/group_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kcrypto.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_base_test.py @@ -716,6 +712,7 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_auth_policy.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_auth_silo.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_claim.py +#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_kds_root_key.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_models.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/dsacl.py @@ -738,6 +735,7 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/provision_userPassword_crypt.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/rodc.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/schema.py +#usr/lib/python3.10/site-packages/samba/tests/samba_tool/service_account.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/silo_base.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/sites.py #usr/lib/python3.10/site-packages/samba/tests/samba_tool/timecmd.py @@ -782,7 +780,6 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py #usr/lib/python3.10/site-packages/samba/tests/upgradeprovisionneeddc.py #usr/lib/python3.10/site-packages/samba/tests/usage.py #usr/lib/python3.10/site-packages/samba/tests/xattr.py -usr/lib/python3.10/site-packages/samba/trust_utils.py usr/lib/python3.10/site-packages/samba/upgrade.py usr/lib/python3.10/site-packages/samba/upgradehelpers.py usr/lib/python3.10/site-packages/samba/uptodateness.py @@ -808,6 +805,7 @@ usr/lib/samba/krb5/winbind_krb5_locator.so #usr/lib/samba/ldb usr/lib/samba/ldb/asq.so usr/lib/samba/ldb/ildap.so +usr/lib/samba/ldb/ldap.so usr/lib/samba/ldb/ldb.so usr/lib/samba/ldb/ldbsamba_extensions.so usr/lib/samba/ldb/paged_searches.so @@ -847,8 +845,10 @@ usr/lib/samba/libcom-err-private-samba.so usr/lib/samba/libcommon-auth-private-samba.so usr/lib/samba/libdbwrap-private-samba.so usr/lib/samba/libdcerpc-pkt-auth-private-samba.so +usr/lib/samba/libdcerpc-private-samba.so usr/lib/samba/libdcerpc-samba-private-samba.so usr/lib/samba/libdcerpc-samba4-private-samba.so +usr/lib/samba/libdcerpc-samr-private-samba.so usr/lib/samba/libdnsserver-common-private-samba.so usr/lib/samba/libdsdb-module-private-samba.so usr/lib/samba/libevents-private-samba.so @@ -901,14 +901,19 @@ usr/lib/samba/libregistry-private-samba.so usr/lib/samba/libreplace-private-samba.so usr/lib/samba/libroken-private-samba.so usr/lib/samba/libsamba-cluster-support-private-samba.so +usr/lib/samba/libsamba-credentials-private-samba.so usr/lib/samba/libsamba-debug-private-samba.so +usr/lib/samba/libsamba-hostconfig-private-samba.so usr/lib/samba/libsamba-modules-private-samba.so -usr/lib/samba/libsamba-net.cpython-310-x86-64-linux-gnu-private-samba.so +usr/lib/samba/libsamba-net-join.cpython-310-x86-64-linux-gnu-private-samba.so +usr/lib/samba/libsamba-net-private-samba.so +usr/lib/samba/libsamba-policy-private-samba.so usr/lib/samba/libsamba-python.cpython-310-x86-64-linux-gnu-private-samba.so usr/lib/samba/libsamba-security-private-samba.so usr/lib/samba/libsamba-sockets-private-samba.so usr/lib/samba/libsamba3-util-private-samba.so usr/lib/samba/libsamdb-common-private-samba.so +usr/lib/samba/libsamdb-private-samba.so usr/lib/samba/libsecrets3-private-samba.so usr/lib/samba/libserver-id-db-private-samba.so usr/lib/samba/libserver-role-private-samba.so @@ -928,9 +933,9 @@ usr/lib/samba/libtalloc-report-private-samba.so usr/lib/samba/libtdb-private-samba.so usr/lib/samba/libtdb-wrap-private-samba.so usr/lib/samba/libtevent-private-samba.so +usr/lib/samba/libtevent-util-private-samba.so usr/lib/samba/libtime-basic-private-samba.so usr/lib/samba/libtorture-private-samba.so -usr/lib/samba/libtrusts-util-private-samba.so usr/lib/samba/libutil-reg-private-samba.so usr/lib/samba/libutil-setid-private-samba.so usr/lib/samba/libutil-tdb-private-samba.so diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config index 85c069ddae..d5f63f315c 100644 --- a/config/ssh/ssh_config +++ b/config/ssh/ssh_config @@ -9,8 +9,8 @@ Host * UseRoaming no
# Only use secure crypto algorithms - KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 - Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 + Ciphers aes256-gcm@openssh.com,aes256-ctr,chacha20-poly1305@openssh.com,aes192-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
# Always visualise server host keys (helps to identify key based MITM attacks) diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config index 76c9b3eb1c..e338f8cef5 100644 --- a/config/ssh/sshd_config +++ b/config/ssh/sshd_config @@ -20,8 +20,8 @@ LoginGraceTime 30s MaxStartups 5
# Only allow safe crypto algorithms -KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 -Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr +KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 +Ciphers aes256-gcm@openssh.com,aes256-ctr,chacha20-poly1305@openssh.com,aes192-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
# Only allow cryptographically safe SSH host keys (adjust paths if needed) diff --git a/doc/language_issues.en b/doc/language_issues.en index f7b5e2f91f..373603acad 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1101,7 +1101,7 @@ WARNING: untranslated string: intrusion detection system = Intrusion Prevention WARNING: untranslated string: intrusion detection system rules = Ruleset WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System WARNING: untranslated string: invalid broadcast ip = Invalid broadcast IP -WARNING: untranslated string: invalid characters found in pre-shared key = Invalid characters found in pre-shared key. +WARNING: untranslated string: invalid characters found in pre-shared key = Invalid single quotation mark found in pre-shared key. WARNING: untranslated string: invalid default lease time = Invalid default lease time. WARNING: untranslated string: invalid domain name = Invalid domain name. WARNING: untranslated string: invalid end address = Invalid end address. diff --git a/html/cgi-bin/logs.cgi/log.dat b/html/cgi-bin/logs.cgi/log.dat index 01c382a0df..41f81e99d9 100644 --- a/html/cgi-bin/logs.cgi/log.dat +++ b/html/cgi-bin/logs.cgi/log.dat @@ -75,7 +75,7 @@ my %sections = ( 'samba' => '(nmbd|smbd|winbind)[\d+]:', 'suricata' => '(suricata: )', 'squid' => '(squid[.*]: |squid: )', - 'ssh' => '(sshd(?:(.*))?[.*]: )', + 'ssh' => '(sshd(?:(.*))?[.*]: |sshd-session(?:(.*))?[.*]:)', 'unbound' => '(unbound: [.*?])(.*:.*$)', 'urlfilter bl' => '(installpackage[urlfilter]: )', 'wireless' => '(hostapd:|kernel: ath.*:|kernel: wifi[0-9]:)', diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 72695f892f..daaa059a49 100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -569,7 +569,7 @@ sub getccdadresses for (my $i=1;$i<=$count;$i++) { my $tmpip=$iprange[$i-1]; my $stepper=$i*4; - $iprange[$i]= &General::getnextip($tmpip,4); + $iprange[$i]= &Network::bin2ip(&Network::ip2bin($tmpip) + 4); } my $r=0; foreach my $key (keys %ccdhash) { diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi old mode 100644 new mode 100755 index 55a7eff05d..3541aaa293 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -94,6 +94,7 @@ $cgiparams{'LOCAL_ID'} = ''; $cgiparams{'REMOTE_ID'} = ''; $cgiparams{'REMARK'} = ''; $cgiparams{'PSK'} = ''; +$cgiparams{'BASE_64'} = ''; $cgiparams{'CERT_NAME'} = ''; $cgiparams{'CERT_EMAIL'} = ''; $cgiparams{'CERT_OU'} = ''; @@ -481,7 +482,12 @@ sub writeipsecfiles { if ($lconfighash{$key}[4] eq 'psk') { $psk_line = ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside) . " " ; $psk_line .= $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfighash{$key}[10]; #remoteid or remote address? - $psk_line .= " : PSK '$lconfighash{$key}[5]'\n"; + if ($lconfighash{$key}[40] eq 'YES') { + my $decoded_psk = MIME::Base64::decode_base64($lconfighash{$key}[5]); + $psk_line .= " : PSK '$decoded_psk'\n"; + } else { + $psk_line .= " : PSK '$lconfighash{$key}[5]'\n"; + } # if the line contains %any, it is less specific than two IP or ID, so move it at end of file. if ($psk_line =~ /%any/) { $last_secrets .= $psk_line; @@ -1702,6 +1708,7 @@ END $cgiparams{'INTERFACE_ADDRESS'} = $confighash{$cgiparams{'KEY'}}[37]; $cgiparams{'INTERFACE_MTU'} = $confighash{$cgiparams{'KEY'}}[38]; $cgiparams{'DNS_SERVERS'} = $confighash{$cgiparams{'KEY'}}[39]; + $cgiparams{'BASE_64'} = $confighash{$cgiparams{'KEY'}}[40];
if (!$cgiparams{'DPD_DELAY'}) { $cgiparams{'DPD_DELAY'} = 30; @@ -1883,6 +1890,7 @@ END }
if ($cgiparams{'AUTH'} eq 'psk') { + $cgiparams{'BASE_64'} = 'YES'; if (! length($cgiparams{'PSK'}) ) { $errormessage = $Lang::tr{'pre-shared key is too short'}; goto VPNCONF_ERROR; @@ -2260,7 +2268,13 @@ END $confighash{$key}[3] = $cgiparams{'TYPE'}; if ($cgiparams{'AUTH'} eq 'psk') { $confighash{$key}[4] = 'psk'; - $confighash{$key}[5] = $cgiparams{'PSK'}; + if ($cgiparams{'BASE_64'} eq 'YES') { + $confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, ""); + $confighash{$key}[40] = 'YES'; + } else { + $confighash{$key}[5] = $cgiparams{'PSK'}; + $confighash{$key}[40] = ''; + } } else { $confighash{$key}[4] = 'cert'; } diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 581e33a712..79b493cd0c 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1516,7 +1516,7 @@ 'intrusion prevention system' => 'Intrusion Prevention System', 'invalid broadcast ip' => 'Invalid broadcast IP', 'invalid cache size' => 'Invalid cache size.', -'invalid characters found in pre-shared key' => 'Invalid characters found in pre-shared key.', +'invalid characters found in pre-shared key' => 'Invalid single quotation mark found in pre-shared key.', 'invalid date entered' => 'Invalid date entered.', 'invalid default lease time' => 'Invalid default lease time.', 'invalid domain name' => 'Invalid domain name.', diff --git a/lfs/apr b/lfs/apr index 1375448ff1..5df4e9925d 100644 --- a/lfs/apr +++ b/lfs/apr @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,7 +25,7 @@
include Config
-VER = 1.7.4 +VER = 1.7.5
THISAPP = apr-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = a93b9d3f2c46fe0a34ce1d544e7a43ba40720e2fae8b8a7d0957413ac695057902378dbf96f067ced7486da86c8e513b7fbd48fa79839efeeb40a3295fe2d3df +$(DL_FILE)_BLAKE2 = 1feacb24e213843c4d3312806abf698e332c45557b7cfd74c9c654d4f9d835dd3a8bf4f9a3bb8328483dcc244948ca118ed6fab9655e482ac6fb53cc7fd92908
install : $(TARGET)
diff --git a/lfs/collectd b/lfs/collectd index d1d4ea7213..2438d2eaf6 100644 --- a/lfs/collectd +++ b/lfs/collectd @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -129,6 +129,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --with-librrd=/usr/share/rrdtool-1.2.30 \ --with-fp-layout=nothing cd $(DIR_APP) && make install #collectd-4 does not support parallel build + mkdir /etc/collectd.d cp -vf $(DIR_SRC)/config/collectd/collectd.* /etc/ mv /etc/collectd.vpn /var/ipfire/ovpn/collectd.vpn chown nobody.nobody /var/ipfire/ovpn/collectd.vpn diff --git a/lfs/logwatch b/lfs/logwatch index 391315de48..b2452e21e3 100644 --- a/lfs/logwatch +++ b/lfs/logwatch @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 7.8 +VER = 7.11
THISAPP = logwatch-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 35480a22077e43b70d15a00cc0a3a8297c1e57c465d6fffe7a9a68a9b4fb14ef62c1d2bcae8a4ab2d70af16451b8f0b5dba8aec29beae1012501a118915edd92 +$(DL_FILE)_BLAKE2 = 074b9b1d58bd199c82edc6fb40703b71f9488966e2acb8afc015fde93806740d11a3c8705303139716bbc50c353f3e8c3f4c0e9cf1d5f870cbb8599fbdd526d1
install : $(TARGET)
@@ -72,9 +72,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && sed -e "s/^TEMPDIR=.*/TEMPDIR="/tmp"/g" -i install_logwatch.sh
- cd $(DIR_APP)/lib && patch < $(DIR_SRC)/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.6-disable_iptables.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch + cd $(DIR_APP)/lib && patch -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-date_manip6.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-disable_iptables.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch
@cd $(DIR_APP) && chmod 755 install_logwatch.sh cd $(DIR_APP) && yes "" | ./install_logwatch.sh diff --git a/lfs/openssh b/lfs/openssh index 036d0bb8ec..c14c8267cf 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -24,7 +24,7 @@
include Config
-VER = 9.8p1 +VER = 9.9p1
THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3bf983c4ef5358054ed0104cd51d3e0069fbc2b80d8522d0df644d5508ec1d26a67bf061b1b5698d1cdf0d2cbba16b4cdca12a4ce30da24429094576a075e192 +$(DL_FILE)_BLAKE2 = 817d267e42b8be74a13e0cfd7999bdb4dab6355c7f62c1a4dd89adad310c5fb7fe3f17109ce1a36cd269a3639c1b8f1d18330c615ab3b419253ec027cfa20997
install : $(TARGET)
diff --git a/lfs/samba b/lfs/samba index 8d2c6a3a3b..8358264a3f 100644 --- a/lfs/samba +++ b/lfs/samba @@ -24,7 +24,7 @@
include Config
-VER = 4.20.4 +VER = 4.21.0 SUMMARY = A SMB/CIFS File, Print, and Authentication Server
THISAPP = samba-$(VER) @@ -35,7 +35,7 @@ TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba PAK_VER = 105
-DEPS = avahi cups perl-Parse-Yapp wsdd +DEPS = avahi cups perl-Parse-Yapp perl-JSON wsdd
SERVICES = samba
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1e5d99ed249f7a2bc21d0efec1d795262c556276984d48a774aef133bc1a9e182b7f20ce85aef2fc2b7d7e0b8b3a4edf1a6a855f679ed4d2408bd69b059463ee +$(DL_FILE)_BLAKE2 = 0889f2be3b78affee88250114397de87a77da77d9674815ec5605780a6bb3e2e28dbbae53b66695196408f4aef550acce793e6397045fbea4bb236fdd095ce1a
install : $(TARGET)
diff --git a/src/initscripts/system/apache b/src/initscripts/system/apache index e7a62097e1..ba7ede6702 100644 --- a/src/initscripts/system/apache +++ b/src/initscripts/system/apache @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,13 +25,6 @@ PIDFILE="/var/run/httpd.pid"
generate_certificates() { - if [ ! -f "/etc/httpd/server.key" ]; then - boot_mesg "Generating HTTPS RSA server key (this will take a moment)..." - openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null - chmod 600 /etc/httpd/server.key - evaluate_retval - fi - if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then boot_mesg "Generating HTTPS ECDSA server key..." openssl ecparam -genkey -name secp384r1 -noout \ @@ -40,29 +33,12 @@ generate_certificates() { evaluate_retval fi
- # Generate RSA CSR - if [ ! -f "/etc/httpd/server.csr" ]; then - sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \ - openssl req -new -key /etc/httpd/server.key \ - -out /etc/httpd/server.csr &>/dev/null - fi - - # Generate ECDSA CSR if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \ openssl req -new -key /etc/httpd/server-ecdsa.key \ -out /etc/httpd/server-ecdsa.csr &>/dev/null fi
- if [ ! -f "/etc/httpd/server.crt" ]; then - boot_mesg "Signing RSA certificate..." - openssl x509 -req -days 999999 -sha256 \ - -in /etc/httpd/server.csr \ - -signkey /etc/httpd/server.key \ - -out /etc/httpd/server.crt &>/dev/null - evaluate_retval - fi - if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then boot_mesg "Signing ECDSA certificate..." openssl x509 -req -days 999999 -sha256 \ diff --git a/src/initscripts/system/collectd b/src/initscripts/system/collectd index 56b799d56d..263511fc7c 100644 --- a/src/initscripts/system/collectd +++ b/src/initscripts/system/collectd @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -68,9 +68,6 @@ case "$1" in # ARM does not support to scan for sensors. In that case, # we create an empty configuration file. machine=$(uname -m) - if [ "${machine:0:3}" = "arm" ]; then - touch /etc/sysconfig/lm_sensors - fi if [ "${machine:0:7}" = "aarch64" ]; then touch /etc/sysconfig/lm_sensors fi diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd index fa40bc11d5..e5a9931afa 100644 --- a/src/initscripts/system/sshd +++ b/src/initscripts/system/sshd @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,14 +24,14 @@
case "$1" in start) - for algo in rsa ecdsa ed25519; do + for algo in ecdsa ed25519; do keyfile="/etc/ssh/ssh_host_${algo}_key"
# If the key already exists, there is nothing to do. [ -e "${keyfile}" ] && continue
boot_mesg "Generating SSH key (${algo})..." - ssh-keygen -qf "${keyfile}" -N '' -t ${algo} + ssh-keygen -qf "${keyfile}" -N '' -b 521 -t ${algo} evaluate_retval done
diff --git a/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch b/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch new file mode 100644 index 0000000000..816f6b4e80 --- /dev/null +++ b/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch @@ -0,0 +1,39 @@ +diff -Naur logwatch-7.11.orig/conf/services/secure.conf logwatch-7.11/conf/services/secure.conf +--- logwatch-7.11.orig/conf/services/secure.conf 2016-03-09 21:14:35.000000000 +0100 ++++ logwatch-7.11/conf/services/secure.conf 2024-08-27 14:48:48.453853293 +0200 +@@ -24,7 +24,7 @@ + # Use this to ignore certain services in the secure log. + # You can ignore as many services as you would like. + # (we ignore sshd because its entries are processed by the sshd script) +-$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd ++$ignore_services = sshd sshd-session Pluto stunnel proftpd saslauthd imapd postfix/smtpd + + # For these services, summarize only (i.e. don't least each IP, just + # list the number of connections total) +diff -Naur logwatch-7.11.orig/conf/services/sshd.conf logwatch-7.11/conf/services/sshd.conf +--- logwatch-7.11.orig/conf/services/sshd.conf 2020-09-20 23:38:32.000000000 +0200 ++++ logwatch-7.11/conf/services/sshd.conf 2024-08-27 14:49:08.077782387 +0200 +@@ -19,7 +19,7 @@ + LogFile = messages + + # Only give lines pertaining to the sshd service... +-*OnlyService = sshd ++*OnlyService = (sshd|sshd-session) + *RemoveHeaders + + # Variable $sshd_ignore_host is used to filter out hosts that login +diff -Naur logwatch-7.11.orig/scripts/services/sshd logwatch-7.11/scripts/services/sshd +--- logwatch-7.11.orig/scripts/services/sshd 2022-12-29 01:34:28.000000000 +0100 ++++ logwatch-7.11/scripts/services/sshd 2024-08-27 14:49:21.908202288 +0200 +@@ -246,9 +246,9 @@ + $NoIdent{$name}++; + } elsif ( + ($ThisLine =~ m/^(?:error:.*|fatal:) Connection closed by remote host/ ) or +- ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+): Connection reset by peer/ ) or ++ ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+)(| port \d+): Connection reset by peer/ ) or + ($ThisLine =~ m/^error: .*: read: Connection reset by peer/ ) or +- ($ThisLine =~ m/^Read error from remote host [^ ]+: (Connection timed out|No route to host)/ ) or ++ ($ThisLine =~ m/^Read error from remote host [^ ]+(| port \d+): (Connection timed out|No route to host)/ ) or + ($ThisLine =~ m/^fatal: Read from socket failed: No route to host/) or + ($ThisLine =~ m/^fatal: Write failed: Network is unreachable/ ) or + ($ThisLine =~ m/^fatal: Write failed: Broken pipe/) or diff --git a/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch b/src/patches/logwatch/logwatch-7.11-date_manip6.patch similarity index 61% rename from src/patches/logwatch/logwatch-7.3.6-date_manip6.patch rename to src/patches/logwatch/logwatch-7.11-date_manip6.patch index 015e7d6bed..7f9ebd1c63 100644 --- a/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch +++ b/src/patches/logwatch/logwatch-7.11-date_manip6.patch @@ -1,9 +1,9 @@ ---- Logwatch.pm.orig 2012-06-20 09:58:12.786294471 +0200 -+++ Logwatch.pm 2012-06-20 09:41:59.443055298 +0200 +--- Logwatch.pm.orig 2022-02-07 01:59:10.000000000 +0100 ++++ Logwatch.pm 2024-08-27 15:16:30.023491645 +0200 @@ -4,6 +4,10 @@ - + package Logwatch; - + +# Define interace version 5 for Date::Manip +BEGIN { + $Date::Manip::Backend = 'DM5'; diff --git a/src/patches/logwatch/logwatch-7.11-disable_iptables.patch b/src/patches/logwatch/logwatch-7.11-disable_iptables.patch new file mode 100644 index 0000000000..9876c2ecb8 --- /dev/null +++ b/src/patches/logwatch/logwatch-7.11-disable_iptables.patch @@ -0,0 +1,14 @@ +--- logwatch-7.11/conf/logwatch.conf.orig 2024-01-22 20:31:51.000000000 +0100 ++++ logwatch-7.11/conf/logwatch.conf 2024-08-27 15:17:43.685786586 +0200 +@@ -126,6 +126,11 @@ + # prints useful system configuration info. + Service = "-eximstats" # Prevents execution of eximstats service, which + # is a wrapper for the eximstats program. ++ ++# Disabled: 'iptables' ++Service = "-iptables" ++ ++ + # Because the above sets "All" as the default, and disables certain + # services, you can also set the Service variable to an empty string + # in your local logwatch.conf (by default, under /etc/logwatch/conf). diff --git a/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch b/src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch similarity index 71% rename from src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch rename to src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch index af792250f1..dc39ee4018 100644 --- a/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch +++ b/src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch @@ -1,6 +1,6 @@ -diff -U 3 a/conf/services/mdadm.conf b/conf/services/mdadm.conf ---- a/conf/services/mdadm.conf Sat Jan 22 01:00:00 2022 -+++ b/conf/services/mdadm.conf Sun Apr 10 10:48:21 2022 +diff -Naur logwatch-7.11.orig/conf/services/mdadm.conf logwatch-7.11/conf/services/mdadm.conf +--- logwatch-7.11.orig/conf/services/mdadm.conf 2018-12-17 02:47:45.000000000 +0100 ++++ logwatch-7.11/conf/services/mdadm.conf 2024-08-27 15:18:31.430605943 +0200 @@ -13,7 +13,7 @@ # Logwatch will try to find md devices in /etc/mdadm.conf or # /etc/mdadm/mdadm.conf. If none of these files exist it can scan actively @@ -10,14 +10,14 @@ diff -U 3 a/conf/services/mdadm.conf b/conf/services/mdadm.conf
# Logwatch will emit an error for md devices listed in /etc/mdadm.conf # that are not present. If you do not want this (e.g. raid devices may come -diff -U 3 a/scripts/services/mdadm b/scripts/services/mdadm ---- a/scripts/services/mdadm Sat Jan 22 01:00:00 2022 -+++ b/scripts/services/mdadm Sun Apr 10 10:38:19 2022 +diff -Naur logwatch-7.11.orig/scripts/services/mdadm logwatch-7.11/scripts/services/mdadm +--- logwatch-7.11.orig/scripts/services/mdadm 2023-05-21 02:25:35.000000000 +0200 ++++ logwatch-7.11/scripts/services/mdadm 2024-08-27 15:21:08.495487732 +0200 @@ -36,7 +36,7 @@ if ( open($mdadm, "<", "/etc/mdadm.conf") or open($mdadm, "<", "/etc/mdadm/mdadm.conf") or -- open($mdadm, "<", "mdadm --detail --scan 2>/dev/null|")) { +- open($mdadm, "-|", "mdadm --detail --scan")) { + open($mdadm, "<", "sudo mdadm --detail --scan 2>/dev/null|")) { while (<$mdadm>) { if (/^ARRAY/) { diff --git a/src/patches/logwatch/logwatch-7.6-disable_iptables.patch b/src/patches/logwatch/logwatch-7.6-disable_iptables.patch deleted file mode 100644 index 99c5b493b0..0000000000 --- a/src/patches/logwatch/logwatch-7.6-disable_iptables.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -U 3 a/conf/logwatch.conf b/conf/logwatch.conf ---- a/conf/logwatch.conf Sat Jan 22 01:00:00 2022 -+++ b/conf/logwatch.conf Sun Apr 10 10:33:20 2022 -@@ -96,6 +96,10 @@ - # prints useful system configuration info. - Service = "-eximstats" # Prevents execution of eximstats service, which - # is a wrapper for the eximstats program. -+ -+# Disabled: 'iptables' -+Service = "-iptables" -+ - # If you only cared about FTP messages, you could use these 2 lines - # instead of the above: - #Service = ftpd-messages # Processes ftpd messages in /var/log/messages
hooks/post-receive -- IPFire 2.x development tree