* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 9682fa9fe769ea84a032400b2855e7ef4a975696
@ 2024-09-22 14:51 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2024-09-22 14:51 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 128985 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 9682fa9fe769ea84a032400b2855e7ef4a975696 (commit)
via a577bfec6484dda2769d164b3796bb61fdf35645 (commit)
via 2bd2b80189ad401e86f3d50603a3a1420cc124e2 (commit)
via 3b54d0377b75b0afda27904b66040ec38a7b3416 (commit)
via bc0fdeae6f926f9924018d32fa67cd4795a2acaf (commit)
via f7d6648e762554df73742a51bfcbb04ad6689f61 (commit)
via fd834f60b6f9436d7f198fd030c7da8b21e96309 (commit)
via 68545eb2d1032e6b12b703b64fb7afe8329bdb5f (commit)
via 9e4af5616a405ba752eea9f6fbf2cf6618ef1c6b (commit)
via f5114d29f2bd1ed3ec154407de709d119cedd3bc (commit)
via ea4ac5f61947ba7aa01c3d78052536aa6779594d (commit)
via 57a9ed67b4cfa4ef03aeb7b5dcfd6f5291fc7a25 (commit)
via 578b22e4d7014736a2a351262ae9f619e5382e96 (commit)
via c55ce64de5dfbb6944ad93556c1f0f581ca9c140 (commit)
via 409a4b7a623fd71b38ed807b7b82b0bd92daa805 (commit)
via 9c07eb06026432166db268b47eada6ed897bbe59 (commit)
via e627de73d14e7c562ec547d5859a2e66883f70c0 (commit)
via 9d8d74e8e7bf0dfc84754f71d8971598a8d6ddc5 (commit)
via c110071fa994fa9902871c70a4037ce104640afd (commit)
via 5b75ddfff2531addadecdfe40e31438ecf2c2945 (commit)
via befebc44b4ec1726900bad202a88e4e6a715ebfc (commit)
via 0953f7f0ea39ef5f1e1531dca3e6aea3c41df142 (commit)
via 90227a65b4acfcb8877ad6ff519a85c3b768ff84 (commit)
from bbfa373e84793f95eb4a0a79daa65de120daf95e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9682fa9fe769ea84a032400b2855e7ef4a975696
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Sep 22 14:44:40 2024 +0000
core190: Ship Apache configuration and updated initscript
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a577bfec6484dda2769d164b3796bb61fdf35645
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Sep 20 14:20:22 2024 +0000
backup: No longer save RSA keys
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2bd2b80189ad401e86f3d50603a3a1420cc124e2
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Sep 20 14:20:21 2024 +0000
Drop RSA key and certificate from HTTPS configuration
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 3b54d0377b75b0afda27904b66040ec38a7b3416
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Sep 20 14:20:19 2024 +0000
apache: Drop RSA key and certificate generation
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit bc0fdeae6f926f9924018d32fa67cd4795a2acaf
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Sep 20 14:20:18 2024 +0000
sshd: Do not generate new RSA host key on first boot
This patch will also ensure the maximum supported key length
is used for ECDSA. Existing installations will remain unaffected.
Note that the key size for ED25519 is fixed, and explicitly
setting it to 521 bytes will not have any impact.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f7d6648e762554df73742a51bfcbb04ad6689f61
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Sep 21 13:06:46 2024 +0200
samba: Update to version 4.21.0
- Update from 4.20.4 to 4.21.0
- Update of rootfile for x86_64, aarch64 & riscv64
- Changelog
4.21.0
Hardening of "valid users", "invalid users", "read list" and "write list"
In previous versions of Samba, if a user or group name in either of the
mentioned options could not be resolved to a valid SID, the user (or group)
would be skipped without any notification. This could result in unexpected and
insecure behaviour. Starting with this version of Samba, if any user or group
name in any of the options cannot be resolved due to a communication error with
a domain controller, Samba will log an error and the tree connect will fail.
Non existing users (or groups) are ignored.
LDAP TLS/SASL channel binding support
The ldap server supports SASL binds with
kerberos or NTLMSSP over TLS connections
now (either ldaps or starttls).
Setups where 'ldap server require strong auth = allow_sasl_over_tls'
was required before, can now most likely move to the
default of 'ldap server require strong auth = yes'.
If SASL binds without correct tls channel bindings are required
'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
should be used now, as 'allow_sasl_over_tls' will generate a
warning in every start of 'samba', as well as '[samba-tool ]testparm'.
This is similar to LdapEnforceChannelBinding under
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
on Windows.
All client tools using ldaps also include the correct
channel bindings now.
NEW FEATURES/CHANGES
LDB no longer a standalone tarball
LDB, Samba's LDAP-like local database and the power behind the Samba
AD DC, is no longer available to build as a distinct tarball, but is
instead provided as an optional public library.
If you need ldb as a public library, say to build sssd, then use
./configure --private-libraries='!ldb'
This re-integration allows LDB tests to use the Samba's full selftest
system, including our knownfail infrastructure, and decreases the work
required during security releases as a coordinated release of the ldb
tarball is not also required.
This approach has been demonstrated already in Debian, which is already
building Samba and LDB is this way.
As part of this work, the pyldb-util public library, not known to be
used by any other software, is made private to Samba.
LDB Module API Python bindings removed
The LDB Modules API, which we do not promise a stable ABI or API for,
was wrapped in python in early LDB development. However that wrapping
never took into account later changes, and so has not worked for a
number of years. Samba 4.21 and LDB 2.10 removes this unused and
broken feature.
Changes in LDB handling of Unicode
Developers using LDB up to version 2.9 could call ldb_set_utf8_fns()
to determine how LDB handled casefolding. This is used internally by
string comparison functions. In LDB 2.10 this function is deprecated,
and ldb_set_utf8_functions() is preferred. The new function allows a
direct comparison function to be set as well as a casefold function.
This improves performance and allows for more robust handling of
degenerate cases. The function should be called just after ldb_init(),
with the following arguments:
ldb_set_utf8_functions(ldb, /* the struct ldb_ctx LDB object */
context_variable /* possibly NULL */
casefold_function,
case_insensitive_comparison_function);
The default behaviour of LDB remains to perform ASCII casefolding
only, as if in the "C" locale. Recent versions have become
increasingly consistent in this.
Some Samba public libraries made private by default
The following Samba C libraries are currently made public due to their
use by OpenChange or for historical reasons that are no longer clear.
dcerpc-samr, samba-policy, tevent-util, dcerpc, samba-hostconfig,
samba-credentials, dcerpc_server, samdb
The libraries used by the OpenChange client now private, but can be
made public (like ldb above) with:
./configure --private-libraries='!dcerpc,!samba-hostconfig,!samba-credentials,!ldb'
The C libraries without any known user or used only for the OpenChange
server (a dead project) may be made private entirely in a future Samba
version.
If you use a Samba library in this list, please be in touch with the
samba-technical mailing list.
Using ldaps from 'winbindd' and 'net ads'
Beginning with Samba 3.0.22 the 'ldap ssl = start tls' option also
impacted LDAP connections to active directory domain controllers.
Using the STARTTLS operation on LDAP port 389 connections. Starting
with Samba 3.5.0 'ldap ssl ads = yes' was required in addition in
order let to 'ldap ssl = start tls' have any effect on those
connections.
'ldap ssl ads' was deprecated with Samba 4.8.0 and removed together
with the whole functionality in Samba 4.14.0, because it didn't support
tls channel bindings required for the sasl authentication.
The functionality is now re-added using the correct channel bindings
based on the gnutls based tls implementation we already have, instead
of using the tls layer provided by openldap. This makes it available
and consistent with all LDAP client libraries we use and implement on
our own.
The 'client ldap sasl wrapping' option gained the two new possible values:
'starttls' (using STARTTLS on tcp port 389)
and
'ldaps' (using TLS directly on tcp port 636).
If you had 'ldap ssl = start tls' and 'ldap ssl ads = yes'
before, you can now use 'client ldap sasl wrapping = starttls'
in order to get STARTTLS on tcp port 389.
As we no longer use the openldap tls layer it is required to configure the
correct certificate trusts with at least one of the following options:
'tls trust system cas', 'tls ca directories' or 'tls cafile'.
While 'tls verify peer' and 'tls crlfile' are also relevant,
see 'man smb.conf' for further details.
New DNS hostname config option
To get `net ads dns register` working correctly running manually or during a
domain join a special entry in /etc/hosts was required. This not really
documented and thus the DNS registration mostly didn't work. With the new option
the default is [netbios name].[realm] which should be correct in the majority of
use cases.
We will also use the value to create service principal names during a Kerberos
authentication and DNS functions.
This is not supported in samba-tool yet.
Samba AD will rotate expired passwords on smartcard-required accounts
Traditionally in AD, accounts set to be "smart card require for logon"
will have a password for NTLM fallback and local profile encryption
(Windows DPAPI). This password previously would not expire.
Matching Windows behaviour, when the DC in a FL 2016 domain and the
msDS-ExpirePasswordsOnSmartCardOnlyAccounts attribute on the domain
root is set to TRUE, Samba will now expire these passwords and rotate
them shortly before they expire.
Note that the password expiry time must be set to twice the TGT lifetime for
smooth operation, e.g. daily expiry given a default 10 hour TGT
lifetime, as the password is only rotated in the second half of its
life. Again, this matches the Windows behaviour.
Provided the default 2016 schema is used, new Samba domains
provisioned with Samba 4.21 will have this enabled once the domain
functional level is set to 2016.
NOTE: Domains upgraded from older Samba versions will not have this
set, even after the functional level preparation, matching the
behaviour of upgraded Windows AD domains.
Per-user and group "veto files" and "hide files"
"veto files" and "hide files" can optionally be restricted to certain users and
groups. To apply a veto or hide directive to a filename for a specific user or
group, a parametric option like this can be used:
hide files : USERNAME = /somefile.txt/
veto files : GROUPNAME = /otherfile.txt/
For details consult the updated smb.conf manpage.
Automatic keytab update after machine password change
When machine account password is updated, either by winbind doing regular
updates or manually (e.g. net ads changetrustpw), now winbind will also support
update of keytab entries in case you use newly added option
'sync machine password to keytab'.
The new parameter allows you to describe what keytabs and how should be updated.
From smb.conf(5) manpage - each keytab can have exactly one of these four forms:
account_name
sync_spns
spn_prefixes=value1[,value2[...]]
spns=value1[,value2[...]]
The functionaity provided by the removed commands "net ads keytab
add/delete/add_update_ads" can be achieved via the 'sync machine password to
keytab' as in these examples:
"net ads keytab add wurst/brot(a)REALM"
- this command is not adding <principal> to AD, so the best fit can be specifier
"spns"
- add to smb.conf:
sync machine password to keytab = /path/to/keytab1:spns=wurst/brot(a)REALM:machine_password
- run:
"net ads keytab create"
"net ads keytab delete wurst/brot(a)REALM"
- remove the principal (or the whole keytab line if there was just one)
- run:
"net ads keytab create"
"net ads keytab add_update_ads wurst/brot(a)REALM"
- this command was adding the principal to AD, so for this case use a keytab
with specifier sync_spns
- add to smb.conf:
sync machine password to keytab = /path/to/keytab2:sync_spns:machine_password
- run:
"net ads setspn add wurst/brot(a)REALM" # this adds the principal to AD
"net ads keytab create" # this sync it from AD to local keytab
A new parameter 'sync machine password script' allows to specify external script
that will be triggered after the automatic keytab update. If keytabs should be
generated in clustered environments it is recommended to update them on all
nodes. Check in smb.conf(5) the scripts winbind_ctdb_updatekeytab.sh and
46.update-keytabs.script in section 'sync machine password script' for details.
For detailed information check the smb.conf(5) and net(8) manpages.
New cephfs VFS module
Introduce new vfs-to-cephfs bridge which uses libcephfs low-level APIs (instead
of path-based operations in the existing module). It allows users to pass
explicit user-credentials per call (including supplementary groups), as well as
faster operations using inode and file-handle caching on the Samba side.
Configuration is identical to existing module, but using 'ceph_new' instead of
'ceph' for the relevant smb.conf entries. This new module is expected to
deprecate and replace the old one in next major release.
Group Managed Service Accounts
Samba 4.21 adds support for gMSAs (Group Managed Service Accounts),
completing support for Functional Level 2012.
The purpose of a gMSA is to allow a single host, or a cluster of
hosts, to share access to an automatically rotating password, avoiding
the weak static service passwords that are often the entrypoint of
attackers to AD domains. Each server has a strong and regularly
rotated password, which is used to access the gMSA account of (e.g.)
the database server.
Samba provides management and client tools, allowing services on Unix
hosts to access the current and next gMSA passwords, as well as obtain
a credentials cache.
Samba 4.20 announced the client-side tools for this feature. To avoid
duplication and provide consistency, the existing commands for
password viewing have been extended, so these commands operate both on
a gMSA (with credentials, over LDAP, specify -H) and locally for
accounts that have a compatible password (e.g. plaintext via GPG,
compatible hash)
samba-tool user getpassword
samba-tool user get-kerberos-ticket
samba-tool domain exportkeytab
An example command, which gets the NT hash for use with NTLM, is
samba-tool user getpassword -H ldap://server --machine-pass \
TestUser1 --attributes=unicodePwd
Kerberos is a better choice (gMSA accounts should not use LDAP simple
binds, for reasons of both security and compatibility). Use
samba-tool user get-kerberos-ticket -H ldap://server --machine-pass \
TestUser1 --output-krb5-ccache=/srv/service/krb5_ccache
gMSAs disclose a current and previous password. To access the previous
NT hash, use:
samba-tool user getpassword -H ldap://server --machine-pass TestUser1 \
--attrs=unicodePwd;previous=1
To access the previous password as UTF8, use:
samba-tool user getpassword -H ldap://server --machine-pass TestUser1 \
--attributes=pwdLastSet,virtualClearTextUTF8;previous=1
However, Windows tools for dealing with gMSAs tend to use Active
Directory Web Services (ADWS) from Powershell for setting up the
accounts, and this separate protocol is not supported by Samba 4.21.
Samba-tool commands for handling gMSA (KDS) root keys
Group managed service accounts rotate passwords based on root keys,
which can be managed using samba-tool, with commands such as
samba-tool domain kds root_key create
samba-tool domain kds root_key list
Samba will create a new root key for new domains at provision time,
but users of gMSA accounts on upgraded domains will need to first
create a root key.
RFC 8070 PKINIT "Freshness extension" supported in the Heimdal KDC
The Heimdal KDC will recognise when a client provides proof that they
hold the hardware token used for smart-card authentication 'now' and
has not used a saved future-dated reply. Samba 4.21 now matches
Windows and will assign an extra SID to the user in this case,
allowing sensitive resources to be additionally protected.
Only Windows clients are known to support the client side of this
feature at this time.
New samba-tool Authentication Policy management command structure
As foreshadowed in the Samba 4.20 release notes, the "samba-tool
domain auth policy" commands have been reworked to be more intuitive
based on user feedback and reflection.
Support for key features of AD Domain/Forest Functional Level 2012R2
Combined with other changes in recent versions (such as claims support
in 4.20), Samba can now claim Functional Level 2012R2 support.
Build system
In previous versions of Samba, packagers of Samba would set their
package-specific version strings using a patch to the
SAMBA_VERSION_VENDOR_SUFFIX line in the ./VERSION file. Now that is
achieved by using --vendor-suffix (at configure time), allowing this
to be more easily scripted. Vendors are encouraged to include their
name and full package version to assist with upstream debugging.
More deterministic builds
Samba builds are now more reproducible, providing better assurance
that the Samba binaries you run are the same as what is expected from
the source code. If locale settings are not changed, the same objects
will be produced from each compilation run. If Samba is built in a
different path, the object code will remain the same, but DWARF
debugging sections will change (while remaining functionally
equivalent).
Improved command-line redaction
There are several options that can be used with Samba tools for
specifying secrets. Although this is best avoided, when these options
are used, Samba will redact the secrets in /proc, so that they won't
be seen in ps or top. This is now carried out more thoroughly,
redacting more options. There is a race inherent in this, and the
passwords will be visible for a short time. The secrets are also not
removed from .bash_history and similar files.
REMOVED FEATURES
Following commands are removed:
net ads keytab add <principal>
net ads keytab delete <principal>
net ads keytab add_update_ads
Changes
smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
client ldap sasl wrapping new values
client use spnego principal removed
ldap server require strong auth new values
tls trust system cas new
tls ca directories new
dns hostname client dns name [netbios name].[realm]
valid users Hardening
invalid users Hardening
read list Hardening
write list Hardening
veto files Added per-user and per-group vetos
hide files Added per-user and per-group hides
sync machine password to keytab keytabs
sync machine password script script
CHANGES SINCE 4.21.0rc4
* BUG 15699: Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated.
* BUG 15702: Bad variable definition for ParseTuple causing test failure for
Smb3UnixTests.test_create_context_reparse.
* BUG 15686: Add new vfs_ceph module (based on low level API).
CHANGES SINCE 4.21.0rc3
* BUG 15698: samba-tool can not load the default configuration file.
* BUG 15700: Crash when readlinkat fails.
CHANGES SINCE 4.21.0rc2
* BUG 15689: Can't add/delete special keys to keytab for nfs, cifs, http etc.
* BUG 15696: Compound SMB2 requests don't return
NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses
MacOSX clients.
* BUG 15689: Can't add/delete special keys to keytab for nfs, cifs, http etc.
CHANGES SINCE 4.21.0rc1
* BUG 15673: --version-* options are still not ergonomic, and they reject
tilde characters.
* BUG 15686: Add new vfs_ceph module (based on low level API)
* BUG 15673: --version-* options are still not ergonomic, and they reject
tilde characters.
* BUG 15690: ldb_version.h is missing from ldb public library
* BUG 15689: Can not add/delete special keys to keytab for nfs, cifs, http etc
* BUG 15686: Add new vfs_ceph module (based on low level API)
* BUG 15673: --version-* options are still not ergonomic, and they reject
tilde characters.
* BUG 15687: undefined reference to winbind_lookup_name_ex
* BUG 15688: per user veto and hide file syntax is to complex
* BUG 15689: Can not add/delete special keys to keytab for nfs, cifs, http etc
* BUG 15688: per user veto and hide file syntax is to complex
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit fd834f60b6f9436d7f198fd030c7da8b21e96309
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Sep 22 14:40:39 2024 +0000
core190: Ship OpenSSH
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 68545eb2d1032e6b12b703b64fb7afe8329bdb5f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Sep 21 15:30:00 2024 +0000
OpenSSH: Order symmetric ciphers by strength
We also wish to prefer AES over Chacha/Poly, given the
prevalence of hardware accelaration for the former.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9e4af5616a405ba752eea9f6fbf2cf6618ef1c6b
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Sep 21 15:29:59 2024 +0000
OpenSSH: Add alias name for sntrup761x25519-sha512 key exchange
This makes sure OpenSSH connections make use of this post-quantum
key exchange whenever possible, even if one peer still running
OpenSSH 9.8 or older.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f5114d29f2bd1ed3ec154407de709d119cedd3bc
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Sep 21 15:29:58 2024 +0000
OpenSSH: Add ML-KEM x X25519 hybrid key exchange
This was newly introduced in OpenSSH 9.9, hence our custom
configurations for both SSH server and client need to be updated.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ea4ac5f61947ba7aa01c3d78052536aa6779594d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Sep 21 15:29:57 2024 +0000
OpenSSH :Update to 9.9p1
Please refer to https://www.openssh.com/releasenotes.html#9.9p1
for the release announcement of this version.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 57a9ed67b4cfa4ef03aeb7b5dcfd6f5291fc7a25
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Sep 22 14:38:42 2024 +0000
core190: Ship apr
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 578b22e4d7014736a2a351262ae9f619e5382e96
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Sep 21 12:29:30 2024 +0000
apr: Update to 1.7.5
Full changelog of this release:
*) SECURITY: CVE-2023-49582: Apache Portable Runtime (APR):
Unexpected lax shared memory permissions (cve.mitre.org)
Lax permissions set by the Apache Portable Runtime library on
Unix platforms would allow local users read access to named
shared memory segments, potentially revealing sensitive
application data.
This issue does not affect non-Unix platforms, or builds with
APR_USE_SHMEM_SHMGET=1 (apr.h)
Users are recommended to upgrade to APR version 1.7.5, which
fixes this issue.
Credits: Thomas Stangner
*) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()"
and "classic mmap" shared memory implementations. [Joe Orton,
Ruediger Pluem]
*) Fix missing ';' for XML/HTML hex entities from apr_escape_entity().
[Yann Ylavic]
*) Fix crash in apr_pool_create() with --enable-pool-debug=all|owner.
[Yann Ylavic]
*) Improve platform detection by updating config.guess and config.sub.
[Rainer Jung]
*) CMake: Add support for CMAKE_WARNING_AS_ERROR. [Ivan Zhakov]
*) CMake: Enable support for MSVC runtime library selection by abstraction.
[Ivan Zhakov]
*) CMake: Export installed targets (libapr-1, apr-1, libaprapp-1, aprapp-1)
to apr:: namespace. [Ivan Zhakov]
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c55ce64de5dfbb6944ad93556c1f0f581ca9c140
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Sep 22 14:33:03 2024 +0000
ovpnmain.cgi: Fix IP address calculation with static pools
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 409a4b7a623fd71b38ed807b7b82b0bd92daa805
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Sep 22 14:25:12 2024 +0000
core190: Ship vpnmain.cgi
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9c07eb06026432166db268b47eada6ed897bbe59
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Jul 5 19:18:56 2024 +0200
vpnmain.cgi: Add coding to differentiate old and base64 encoded PSK's
- An additional key was defined for a PSK being base64 encoded. All existing PSK's that
are not base64 encoded will have that key empty. This enables base64 encoded PSK's and
non base64 encoded PSK'sd to be differentiated.
- If the PSK connection is disabled and then enabled with a non base64 encoded PSK the PSK
will be left as it is. If the edit page is selected and Save pressed, even if nothing
has been modified, then the PSK will be converted to a base64 encoded PSK.
- The old style and new style PSK was tested out on my vm system and worked without any
issue.
- Using an old non base64 encoded PSK the IPSec connection worked without any problems.
If the PSK was tehn converted to basse64 encoding by saving from the Edit page without
changing anything, then the client IPSec connection was successfully made without any
indication of a change. The conversion from non base64 to base64 encoded PSK occurred
seamlessly without any hiccup.
Fixes: Bug13029
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e627de73d14e7c562ec547d5859a2e66883f70c0
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Jul 5 19:18:55 2024 +0200
en.pl: Update to explicitly mention single quotation mark being invalid
- As all characters, except for the single quotation mark, are now allowed in the PSK
with the base64 encoding implemented then the error message in the English Lang file
has been changed to explicitly mention the single quotation mark rather than characters
as a generic message.
Fixes: Bug13029
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9d8d74e8e7bf0dfc84754f71d8971598a8d6ddc5
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Jul 5 19:18:54 2024 +0200
vpnmain.cgi: Fix for bug13029 - add base64 encoding to IPSec cgi page
- This adds the base64 encoded PSK into the config file and when the ipsec.secrets file
is created the PSK is base64 decoded to write it to the file. The ipsec.secrets file
surrounds the PSK with single quotation marks so that character is not allowed to be
used in the PSK but anything else can be.
- Tested out on my vm system and shown to be working. New PSK with various characters
characters including commas was base64 encoded before putting into the config file
and therefore was accepted by the code. If a single quotation mark was used in the
PSK then the error message about invalid characters was shown.
Fixes: Bug13029
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c110071fa994fa9902871c70a4037ce104640afd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Sep 22 14:20:28 2024 +0000
core190: Ship collectd changed
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5b75ddfff2531addadecdfe40e31438ecf2c2945
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Aug 7 14:16:45 2024 +0200
collectd: Fixes bug-13074, create collectd.d directory
- As requested in bug 13074, create a collectd.d directory to enable any addon definitions
to be created.
- Added include statement in conf file to load everything that is stored in the collectd.d
directory.
- collectd.precache and collectd.thermal have been left in their original locations
- Removed the arm section in the initscript as only aarch64 is now used.
- Modified the lfs to create the collectd.d directory
- Removal of collectd.custom file as this was the previous way to define custom collectd
profiles but would have been overwritten by any update of collectd.
- Update of rootfile to take account of new path and removal of collectd.custom
- Tested out in vm testbed with Core Update 188 and all existing graphs were still created
and updated. From my evaluation the changes have not affected anything.
- The creation of the collectd.d directory now allows users to add their own desired
profiles but also if it is decided that an addon should be included in the processes
graph, or if a new graph for addons is created then profiles for that addon can be
placed in the collectd.d directory and will be automatically included by collectd.
Fixes: Bug13074
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit befebc44b4ec1726900bad202a88e4e6a715ebfc
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Sep 22 14:17:35 2024 +0000
core190: Ship logwatch and log.dat
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0953f7f0ea39ef5f1e1531dca3e6aea3c41df142
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Aug 28 12:04:46 2024 +0200
logwatch: Fixes bug13762 - ssh logins not shown on Log Summary page
- Due to the update of openssh to version 9.8 in CU187, logwatch no longer found the sshd
login data from the messages log as the daemon was changed to sshd-session.
- Therefore the daily logwatch files were missing the sshd information in them.
- A patch to add support for openssh-9.8 sshd-session and port info has been merged into
the logwatch git system and will be included into the next released version of logwatch
- Update logwatch from version 7.8 to 7.11 and add patch for openssh-9.8 support.
- Update the previous three logwatch patches for version 7.11
- Tested on my vm testbed. Confirmed that logwatch now includes back the sshd information
into the Log Summary page.
- When logwatch is updated to version 7.12 then the openssh-9.8 support patch will be able
to be removed.
Fixes: bug13762
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 90227a65b4acfcb8877ad6ff519a85c3b768ff84
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Aug 28 12:04:45 2024 +0200
log.dat: Fix bug13762 - ssh logins not shown in system logs
- With the update of openssh to version 9.8 in CU187 the daemon was changed from sshd to
sshd-session. Therefore the log.dat no longer finds any info related to the logins.
- This updates the section regex to look for both sshd and sshd-session.
- Tested out on my vm system and confirmed to work.
- This fix will make available all previous log info for sshd-session in the messages log
as it continued to be stored, just could not be read by the WUI system log.
Fixes: bug13762
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/backup/include | 3 -
config/collectd/collectd.conf | 2 +-
config/collectd/collectd.custom | 1 -
config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 -
config/rootfiles/common/apr | 2 +-
config/rootfiles/common/collectd | 2 +-
config/rootfiles/common/logwatch | 3 +
.../{oldcore/114 => core/190}/filelists/apr | 0
config/rootfiles/core/190/filelists/files | 9 ++
.../{oldcore/111 => core/190}/filelists/logwatch | 0
.../{oldcore/100 => core/190}/filelists/openssh | 0
config/rootfiles/core/190/update.sh | 8 ++
config/rootfiles/packages/aarch64/samba | 131 ++++++++++----------
config/rootfiles/packages/riscv64/samba | 127 ++++++++++----------
config/rootfiles/packages/x86_64/samba | 133 +++++++++++----------
config/ssh/ssh_config | 4 +-
config/ssh/sshd_config | 4 +-
doc/language_issues.en | 2 +-
html/cgi-bin/logs.cgi/log.dat | 2 +-
html/cgi-bin/ovpnmain.cgi | 2 +-
html/cgi-bin/vpnmain.cgi | 18 ++-
langs/en/cgi-bin/en.pl | 2 +-
lfs/apr | 6 +-
lfs/collectd | 3 +-
lfs/logwatch | 13 +-
lfs/openssh | 4 +-
lfs/samba | 6 +-
src/initscripts/system/apache | 26 +---
src/initscripts/system/collectd | 5 +-
src/initscripts/system/sshd | 6 +-
...-OpenSSH-9.8-sshd-session-and-port-number.patch | 39 ++++++
...anip6.patch => logwatch-7.11-date_manip6.patch} | 8 +-
.../logwatch/logwatch-7.11-disable_iptables.patch | 14 +++
...patch => logwatch-7.11-enable-mdadm-sudo.patch} | 14 +--
.../logwatch/logwatch-7.6-disable_iptables.patch | 14 ---
35 files changed, 336 insertions(+), 279 deletions(-)
delete mode 100644 config/collectd/collectd.custom
copy config/rootfiles/{oldcore/114 => core/190}/filelists/apr (100%)
copy config/rootfiles/{oldcore/111 => core/190}/filelists/logwatch (100%)
copy config/rootfiles/{oldcore/100 => core/190}/filelists/openssh (100%)
mode change 100644 => 100755 html/cgi-bin/vpnmain.cgi
create mode 100644 src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch
rename src/patches/logwatch/{logwatch-7.3.6-date_manip6.patch => logwatch-7.11-date_manip6.patch} (61%)
create mode 100644 src/patches/logwatch/logwatch-7.11-disable_iptables.patch
rename src/patches/logwatch/{logwatch-7.6-enable-mdadm-sudo.patch => logwatch-7.11-enable-mdadm-sudo.patch} (71%)
delete mode 100644 src/patches/logwatch/logwatch-7.6-disable_iptables.patch
Difference in files:
diff --git a/config/backup/include b/config/backup/include
index aacfaf64a0..f0708c87fd 100644
--- a/config/backup/include
+++ b/config/backup/include
@@ -1,12 +1,9 @@
etc/conntrackd/conntrackd.conf
etc/group
etc/hosts*
-etc/httpd/server.crt
-etc/httpd/server.csr
etc/httpd/server-ecdsa.crt
etc/httpd/server-ecdsa.csr
etc/httpd/server-ecdsa.key
-etc/httpd/server.key
etc/ipsec.user.*
etc/ipsec.user-post.conf
etc/logrotate.d
diff --git a/config/collectd/collectd.conf b/config/collectd/collectd.conf
index 27e1fe984a..e51d9108bf 100644
--- a/config/collectd/collectd.conf
+++ b/config/collectd/collectd.conf
@@ -74,5 +74,5 @@ include "/etc/collectd.precache"
</Plugin>
#include "/etc/collectd.thermal"
-include "/etc/collectd.custom"
include "/etc/collectd.vpn"
+include "/etc/collectd.d/*"
diff --git a/config/collectd/collectd.custom b/config/collectd/collectd.custom
deleted file mode 100644
index 7443bf3e6a..0000000000
--- a/config/collectd/collectd.custom
+++ /dev/null
@@ -1 +0,0 @@
-# Use this file to add custom configs and rules for collectd
diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
index 639f1d4796..278283d083 100644
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -15,8 +15,6 @@
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
- SSLCertificateFile /etc/httpd/server.crt
- SSLCertificateKeyFile /etc/httpd/server.key
SSLCertificateFile /etc/httpd/server-ecdsa.crt
SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
diff --git a/config/rootfiles/common/apr b/config/rootfiles/common/apr
index c49b93a584..3de0b28e52 100644
--- a/config/rootfiles/common/apr
+++ b/config/rootfiles/common/apr
@@ -45,7 +45,7 @@ usr/bin/apr-1-config
#usr/lib/libapr-1.la
#usr/lib/libapr-1.so
usr/lib/libapr-1.so.0
-usr/lib/libapr-1.so.0.7.4
+usr/lib/libapr-1.so.0.7.5
#usr/lib/pkgconfig/apr-1.pc
#usr/share/apr-1
#usr/share/apr-1/build
diff --git a/config/rootfiles/common/collectd b/config/rootfiles/common/collectd
index 65408dc7fd..c8a3ad607a 100644
--- a/config/rootfiles/common/collectd
+++ b/config/rootfiles/common/collectd
@@ -1,8 +1,8 @@
etc/collectd.conf
-etc/collectd.custom
etc/collectd.precache
etc/collectd.thermal
etc/collectd.vpn
+etc/collectd.d
etc/rc.d/rc0.d/K50collectd
etc/rc.d/rc3.d/S29collectd
etc/rc.d/rc6.d/K50collectd
diff --git a/config/rootfiles/common/logwatch b/config/rootfiles/common/logwatch
index 2732215d5f..026757b52b 100644
--- a/config/rootfiles/common/logwatch
+++ b/config/rootfiles/common/logwatch
@@ -59,6 +59,7 @@ usr/share/logwatch/default.conf/logfiles/resolver.conf
#usr/share/logwatch/default.conf/logfiles/rt314.conf
usr/share/logwatch/default.conf/logfiles/samba.conf
#usr/share/logwatch/default.conf/logfiles/secure.conf
+#usr/share/logwatch/default.conf/logfiles/snort.conf
#usr/share/logwatch/default.conf/logfiles/sonicwall.conf
#usr/share/logwatch/default.conf/logfiles/spamassassin.conf
usr/share/logwatch/default.conf/logfiles/syslog.conf
@@ -167,6 +168,7 @@ usr/share/logwatch/default.conf/services/scsi.conf
#usr/share/logwatch/default.conf/services/shaperd.conf
#usr/share/logwatch/default.conf/services/slon.conf
#usr/share/logwatch/default.conf/services/smartd.conf
+#usr/share/logwatch/default.conf/services/snort.conf
#usr/share/logwatch/default.conf/services/sonicwall.conf
#usr/share/logwatch/default.conf/services/spamassassin.conf
usr/share/logwatch/default.conf/services/sshd.conf
@@ -317,6 +319,7 @@ usr/share/logwatch/scripts/services/scsi
#usr/share/logwatch/scripts/services/shaperd
#usr/share/logwatch/scripts/services/slon
#usr/share/logwatch/scripts/services/smartd
+#usr/share/logwatch/scripts/services/snort
#usr/share/logwatch/scripts/services/sonicwall
#usr/share/logwatch/scripts/services/spamassassin
usr/share/logwatch/scripts/services/sshd
diff --git a/config/rootfiles/core/190/filelists/apr b/config/rootfiles/core/190/filelists/apr
new file mode 120000
index 0000000000..87dd1974f2
--- /dev/null
+++ b/config/rootfiles/core/190/filelists/apr
@@ -0,0 +1 @@
+../../../common/apr
\ No newline at end of file
diff --git a/config/rootfiles/core/190/filelists/files b/config/rootfiles/core/190/filelists/files
index 1ef1b85d80..c2f0a122c3 100644
--- a/config/rootfiles/core/190/filelists/files
+++ b/config/rootfiles/core/190/filelists/files
@@ -1,2 +1,11 @@
+etc/collectd.conf
+etc/collectd.d
+etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
+etc/rc.d/init.d/apache
+etc/rc.d/init.d/collectd
srv/web/ipfire/cgi-bin/index.cgi
+srv/web/ipfire/cgi-bin/logs.cgi/log.dat
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+var/ipfire/backup/include
var/ipfire/network-functions.pl
diff --git a/config/rootfiles/core/190/filelists/logwatch b/config/rootfiles/core/190/filelists/logwatch
new file mode 120000
index 0000000000..f14eabda99
--- /dev/null
+++ b/config/rootfiles/core/190/filelists/logwatch
@@ -0,0 +1 @@
+../../../common/logwatch
\ No newline at end of file
diff --git a/config/rootfiles/core/190/filelists/openssh b/config/rootfiles/core/190/filelists/openssh
new file mode 120000
index 0000000000..d8c77fd8e7
--- /dev/null
+++ b/config/rootfiles/core/190/filelists/openssh
@@ -0,0 +1 @@
+../../../common/openssh
\ No newline at end of file
diff --git a/config/rootfiles/core/190/update.sh b/config/rootfiles/core/190/update.sh
index 5abd6d6b7e..23ed84e2db 100644
--- a/config/rootfiles/core/190/update.sh
+++ b/config/rootfiles/core/190/update.sh
@@ -50,7 +50,15 @@ ldconfig
# Apply local configuration to sshd_config
/usr/local/bin/sshctrl
+# collectd
+if [ -e "/etc/collectd.custom" ]; then
+ mv -v /etc/collectd.custom /etc/collectd.d/
+fi
+
# Start services
+/etc/rc.d/init.d/apache restart
+/etc/init.d/collectd restart
+/etc/init.d/sshd restart
# This update needs a reboot...
touch /var/run/need_reboot
diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba
index 82ad93a904..cb7407504d 100644
--- a/config/rootfiles/packages/aarch64/samba
+++ b/config/rootfiles/packages/aarch64/samba
@@ -57,8 +57,6 @@ usr/bin/wspsearch
#usr/include/samba-4.0/core/ntstatus_gen.h
#usr/include/samba-4.0/core/werror.h
#usr/include/samba-4.0/core/werror_gen.h
-#usr/include/samba-4.0/credentials.h
-#usr/include/samba-4.0/dcerpc.h
#usr/include/samba-4.0/dcesrv_core.h
#usr/include/samba-4.0/domain_credentials.h
#usr/include/samba-4.0/gen_ndr
@@ -80,7 +78,6 @@ usr/bin/wspsearch
#usr/include/samba-4.0/gen_ndr/ndr_misc.h
#usr/include/samba-4.0/gen_ndr/ndr_nbt.h
#usr/include/samba-4.0/gen_ndr/ndr_samr.h
-#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h
#usr/include/samba-4.0/gen_ndr/ndr_svcctl.h
#usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h
#usr/include/samba-4.0/gen_ndr/netlogon.h
@@ -101,9 +98,7 @@ usr/bin/wspsearch
#usr/include/samba-4.0/ndr/ndr_nbt.h
#usr/include/samba-4.0/ndr/ndr_svcctl.h
#usr/include/samba-4.0/netapi.h
-#usr/include/samba-4.0/param.h
#usr/include/samba-4.0/passdb.h
-#usr/include/samba-4.0/policy.h
#usr/include/samba-4.0/rpc_common.h
#usr/include/samba-4.0/samba
#usr/include/samba-4.0/samba/session.h
@@ -129,9 +124,6 @@ usr/bin/wspsearch
#usr/include/samba-4.0/util/idtree_random.h
#usr/include/samba-4.0/util/signal.h
#usr/include/samba-4.0/util/substitute.h
-#usr/include/samba-4.0/util/tevent_ntstatus.h
-#usr/include/samba-4.0/util/tevent_unix.h
-#usr/include/samba-4.0/util/tevent_werror.h
#usr/include/samba-4.0/util/tfork.h
#usr/include/samba-4.0/util/time.h
#usr/include/samba-4.0/util_ldb.h
@@ -139,15 +131,9 @@ usr/bin/wspsearch
usr/lib/libdcerpc-binding.so
usr/lib/libdcerpc-binding.so.0
usr/lib/libdcerpc-binding.so.0.0.1
-usr/lib/libdcerpc-samr.so
-usr/lib/libdcerpc-samr.so.0
-usr/lib/libdcerpc-samr.so.0.0.1
usr/lib/libdcerpc-server-core.so
usr/lib/libdcerpc-server-core.so.0
usr/lib/libdcerpc-server-core.so.0.0.1
-usr/lib/libdcerpc.so
-usr/lib/libdcerpc.so.0
-usr/lib/libdcerpc.so.0.0.1
usr/lib/libndr-krb5pac.so
usr/lib/libndr-krb5pac.so.0
usr/lib/libndr-krb5pac.so.0.0.1
@@ -158,34 +144,22 @@ usr/lib/libndr-standard.so
usr/lib/libndr-standard.so.0
usr/lib/libndr-standard.so.0.0.1
usr/lib/libndr.so
-usr/lib/libndr.so.4
-usr/lib/libndr.so.4.0.0
+usr/lib/libndr.so.5
+usr/lib/libndr.so.5.0.0
usr/lib/libnetapi.so
usr/lib/libnetapi.so.1
usr/lib/libnetapi.so.1.0.0
usr/lib/libnss_winbind.so.2
usr/lib/libnss_wins.so.2
-usr/lib/libsamba-credentials.so
-usr/lib/libsamba-credentials.so.1
-usr/lib/libsamba-credentials.so.1.0.0
usr/lib/libsamba-errors.so
usr/lib/libsamba-errors.so.1
usr/lib/libsamba-errors.so.1.0.0
-usr/lib/libsamba-hostconfig.so
-usr/lib/libsamba-hostconfig.so.0
-usr/lib/libsamba-hostconfig.so.0.0.1
usr/lib/libsamba-passdb.so
usr/lib/libsamba-passdb.so.0
-usr/lib/libsamba-passdb.so.0.28.0
-usr/lib/libsamba-policy.cpython-310-aarch64-linux-gnu.so
-usr/lib/libsamba-policy.cpython-310-aarch64-linux-gnu.so.0
-usr/lib/libsamba-policy.cpython-310-aarch64-linux-gnu.so.0.0.1
+usr/lib/libsamba-passdb.so.0.29.0
usr/lib/libsamba-util.so
usr/lib/libsamba-util.so.0
usr/lib/libsamba-util.so.0.0.1
-usr/lib/libsamdb.so
-usr/lib/libsamdb.so.0
-usr/lib/libsamdb.so.0.0.1
usr/lib/libsmbclient.so
usr/lib/libsmbclient.so.0
usr/lib/libsmbclient.so.0.8.0
@@ -195,24 +169,15 @@ usr/lib/libsmbconf.so.0.0.1
usr/lib/libsmbldap.so
usr/lib/libsmbldap.so.2
usr/lib/libsmbldap.so.2.1.0
-usr/lib/libtevent-util.so
-usr/lib/libtevent-util.so.0
-usr/lib/libtevent-util.so.0.0.1
usr/lib/libwbclient.so
usr/lib/libwbclient.so.0
usr/lib/libwbclient.so.0.16
-#usr/lib/pkgconfig/dcerpc.pc
-#usr/lib/pkgconfig/dcerpc_samr.pc
#usr/lib/pkgconfig/ndr.pc
#usr/lib/pkgconfig/ndr_krb5pac.pc
#usr/lib/pkgconfig/ndr_nbt.pc
#usr/lib/pkgconfig/ndr_standard.pc
#usr/lib/pkgconfig/netapi.pc
-#usr/lib/pkgconfig/samba-credentials.pc
-#usr/lib/pkgconfig/samba-hostconfig.pc
-#usr/lib/pkgconfig/samba-policy.cpython-310-aarch64-linux-gnu.pc
#usr/lib/pkgconfig/samba-util.pc
-#usr/lib/pkgconfig/samdb.pc
#usr/lib/pkgconfig/smbclient.pc
#usr/lib/pkgconfig/wbclient.pc
usr/lib/python3.10/site-packages/_ldb_text.py
@@ -283,6 +248,31 @@ usr/lib/python3.10/site-packages/samba/dcerpc/xattr.cpython-310-aarch64-linux-gn
usr/lib/python3.10/site-packages/samba/descriptor.py
usr/lib/python3.10/site-packages/samba/dnsresolver.py
usr/lib/python3.10/site-packages/samba/dnsserver.py
+#usr/lib/python3.10/site-packages/samba/domain
+usr/lib/python3.10/site-packages/samba/domain/__init__.py
+#usr/lib/python3.10/site-packages/samba/domain/models
+usr/lib/python3.10/site-packages/samba/domain/models/__init__.py
+usr/lib/python3.10/site-packages/samba/domain/models/auth_policy.py
+usr/lib/python3.10/site-packages/samba/domain/models/auth_silo.py
+usr/lib/python3.10/site-packages/samba/domain/models/claim_type.py
+usr/lib/python3.10/site-packages/samba/domain/models/computer.py
+usr/lib/python3.10/site-packages/samba/domain/models/constants.py
+usr/lib/python3.10/site-packages/samba/domain/models/container.py
+usr/lib/python3.10/site-packages/samba/domain/models/exceptions.py
+usr/lib/python3.10/site-packages/samba/domain/models/fields.py
+usr/lib/python3.10/site-packages/samba/domain/models/gmsa.py
+usr/lib/python3.10/site-packages/samba/domain/models/group.py
+usr/lib/python3.10/site-packages/samba/domain/models/model.py
+usr/lib/python3.10/site-packages/samba/domain/models/org.py
+usr/lib/python3.10/site-packages/samba/domain/models/person.py
+usr/lib/python3.10/site-packages/samba/domain/models/query.py
+usr/lib/python3.10/site-packages/samba/domain/models/registry.py
+usr/lib/python3.10/site-packages/samba/domain/models/schema.py
+usr/lib/python3.10/site-packages/samba/domain/models/site.py
+usr/lib/python3.10/site-packages/samba/domain/models/subnet.py
+usr/lib/python3.10/site-packages/samba/domain/models/types.py
+usr/lib/python3.10/site-packages/samba/domain/models/user.py
+usr/lib/python3.10/site-packages/samba/domain/models/value_type.py
usr/lib/python3.10/site-packages/samba/domain_update.py
usr/lib/python3.10/site-packages/samba/drs_utils.py
usr/lib/python3.10/site-packages/samba/dsdb.cpython-310-aarch64-linux-gnu.so
@@ -344,6 +334,7 @@ usr/lib/python3.10/site-packages/samba/kcc/graph_utils.py
usr/lib/python3.10/site-packages/samba/kcc/kcc_utils.py
usr/lib/python3.10/site-packages/samba/kcc/ldif_import_export.py
usr/lib/python3.10/site-packages/samba/logger.py
+usr/lib/python3.10/site-packages/samba/lsa_utils.py
usr/lib/python3.10/site-packages/samba/mdb_util.py
usr/lib/python3.10/site-packages/samba/messaging.cpython-310-aarch64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/ms_display_specifiers.py
@@ -366,9 +357,18 @@ usr/lib/python3.10/site-packages/samba/netcmd/domain
usr/lib/python3.10/site-packages/samba/netcmd/domain/__init__.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/auth
usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/__init__.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo_member.py
+#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/__init__.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/computer_allowed_to_authenticate_to.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/policy.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_from.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_to.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_from.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_to.py
+#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/__init__.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/member.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/silo.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/backup.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/claim
usr/lib/python3.10/site-packages/samba/netcmd/domain/claim/__init__.py
@@ -381,24 +381,12 @@ usr/lib/python3.10/site-packages/samba/netcmd/domain/demote.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/functional_prep.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/info.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/join.py
+#usr/lib/python3.10/site-packages/samba/netcmd/domain/kds
+usr/lib/python3.10/site-packages/samba/netcmd/domain/kds/__init__.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/kds/root_key.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/keytab.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/leave.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/level.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/__init__.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/auth_policy.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/auth_silo.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/claim_type.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/exceptions.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/fields.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/group.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/model.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/query.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/schema.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/site.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/subnet.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/user.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/value_type.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/passwordsettings.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/provision.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/samba3upgrade.py
@@ -422,6 +410,10 @@ usr/lib/python3.10/site-packages/samba/netcmd/processes.py
usr/lib/python3.10/site-packages/samba/netcmd/pso.py
usr/lib/python3.10/site-packages/samba/netcmd/rodc.py
usr/lib/python3.10/site-packages/samba/netcmd/schema.py
+#usr/lib/python3.10/site-packages/samba/netcmd/service_account
+usr/lib/python3.10/site-packages/samba/netcmd/service_account/__init__.py
+usr/lib/python3.10/site-packages/samba/netcmd/service_account/group_msa_membership.py
+usr/lib/python3.10/site-packages/samba/netcmd/service_account/service_account.py
usr/lib/python3.10/site-packages/samba/netcmd/shell.py
usr/lib/python3.10/site-packages/samba/netcmd/sites.py
usr/lib/python3.10/site-packages/samba/netcmd/spn.py
@@ -513,10 +505,11 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/__init__.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/bug13653.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/check_output.py
-usr/lib/python3.10/site-packages/samba/tests/blackbox/claims.py
+#usr/lib/python3.10/site-packages/samba/tests/blackbox/claims.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/downgradedatabase.py
-usr/lib/python3.10/site-packages/samba/tests/blackbox/http_chunk.py
-usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py
+#usr/lib/python3.10/site-packages/samba/tests/blackbox/gmsa.py
+#usr/lib/python3.10/site-packages/samba/tests/blackbox/http_chunk.py
+#usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/mdsearch.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/misc_dfs_widelink.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/ndrdump.py
@@ -548,10 +541,10 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/array.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/bare.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/binding.py
-#usr/lib/python3.10/site-packages/samba/tests/dcerpc/createtrustrelax.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/dnsserver.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/integer.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/lsa.py
+#usr/lib/python3.10/site-packages/samba/tests/dcerpc/lsa_utils.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/mdssvc.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/misc.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/raw_protocol.py
@@ -583,6 +576,8 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_api.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_dns.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_lock.py
+#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_env_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_provision_tests.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_schema_attributes.py
#usr/lib/python3.10/site-packages/samba/tests/emulate
#usr/lib/python3.10/site-packages/samba/tests/emulate/__init__.py
@@ -620,6 +615,7 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/etype_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/fast_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/gkdi_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/krb5/gmsa_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/group_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kcrypto.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_base_test.py
@@ -716,6 +712,7 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_auth_policy.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_auth_silo.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_claim.py
+#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_kds_root_key.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_models.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/dsacl.py
@@ -738,6 +735,7 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/provision_userPassword_crypt.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/rodc.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/schema.py
+#usr/lib/python3.10/site-packages/samba/tests/samba_tool/service_account.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/silo_base.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/sites.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/timecmd.py
@@ -782,7 +780,6 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py
#usr/lib/python3.10/site-packages/samba/tests/upgradeprovisionneeddc.py
#usr/lib/python3.10/site-packages/samba/tests/usage.py
#usr/lib/python3.10/site-packages/samba/tests/xattr.py
-usr/lib/python3.10/site-packages/samba/trust_utils.py
usr/lib/python3.10/site-packages/samba/upgrade.py
usr/lib/python3.10/site-packages/samba/upgradehelpers.py
usr/lib/python3.10/site-packages/samba/uptodateness.py
@@ -808,6 +805,7 @@ usr/lib/samba/krb5/winbind_krb5_locator.so
#usr/lib/samba/ldb
usr/lib/samba/ldb/asq.so
usr/lib/samba/ldb/ildap.so
+usr/lib/samba/ldb/ldap.so
usr/lib/samba/ldb/ldb.so
usr/lib/samba/ldb/ldbsamba_extensions.so
usr/lib/samba/ldb/paged_searches.so
@@ -847,8 +845,10 @@ usr/lib/samba/libcom-err-private-samba.so
usr/lib/samba/libcommon-auth-private-samba.so
usr/lib/samba/libdbwrap-private-samba.so
usr/lib/samba/libdcerpc-pkt-auth-private-samba.so
+usr/lib/samba/libdcerpc-private-samba.so
usr/lib/samba/libdcerpc-samba-private-samba.so
usr/lib/samba/libdcerpc-samba4-private-samba.so
+usr/lib/samba/libdcerpc-samr-private-samba.so
usr/lib/samba/libdnsserver-common-private-samba.so
usr/lib/samba/libdsdb-module-private-samba.so
usr/lib/samba/libevents-private-samba.so
@@ -901,14 +901,19 @@ usr/lib/samba/libregistry-private-samba.so
usr/lib/samba/libreplace-private-samba.so
usr/lib/samba/libroken-private-samba.so
usr/lib/samba/libsamba-cluster-support-private-samba.so
+usr/lib/samba/libsamba-credentials-private-samba.so
usr/lib/samba/libsamba-debug-private-samba.so
+usr/lib/samba/libsamba-hostconfig-private-samba.so
usr/lib/samba/libsamba-modules-private-samba.so
-usr/lib/samba/libsamba-net.cpython-310-aarch64-linux-gnu-private-samba.so
+usr/lib/samba/libsamba-net-join.cpython-310-aarch64-linux-gnu-private-samba.so
+usr/lib/samba/libsamba-net-private-samba.so
+usr/lib/samba/libsamba-policy-private-samba.so
usr/lib/samba/libsamba-python.cpython-310-aarch64-linux-gnu-private-samba.so
usr/lib/samba/libsamba-security-private-samba.so
usr/lib/samba/libsamba-sockets-private-samba.so
usr/lib/samba/libsamba3-util-private-samba.so
usr/lib/samba/libsamdb-common-private-samba.so
+usr/lib/samba/libsamdb-private-samba.so
usr/lib/samba/libsecrets3-private-samba.so
usr/lib/samba/libserver-id-db-private-samba.so
usr/lib/samba/libserver-role-private-samba.so
@@ -928,9 +933,9 @@ usr/lib/samba/libtalloc-report-private-samba.so
usr/lib/samba/libtdb-private-samba.so
usr/lib/samba/libtdb-wrap-private-samba.so
usr/lib/samba/libtevent-private-samba.so
+usr/lib/samba/libtevent-util-private-samba.so
usr/lib/samba/libtime-basic-private-samba.so
usr/lib/samba/libtorture-private-samba.so
-usr/lib/samba/libtrusts-util-private-samba.so
usr/lib/samba/libutil-reg-private-samba.so
usr/lib/samba/libutil-setid-private-samba.so
usr/lib/samba/libutil-tdb-private-samba.so
diff --git a/config/rootfiles/packages/riscv64/samba b/config/rootfiles/packages/riscv64/samba
index 93e39e0e7a..b530ea2b25 100644
--- a/config/rootfiles/packages/riscv64/samba
+++ b/config/rootfiles/packages/riscv64/samba
@@ -57,8 +57,6 @@ usr/bin/wspsearch
#usr/include/samba-4.0/core/ntstatus_gen.h
#usr/include/samba-4.0/core/werror.h
#usr/include/samba-4.0/core/werror_gen.h
-#usr/include/samba-4.0/credentials.h
-#usr/include/samba-4.0/dcerpc.h
#usr/include/samba-4.0/dcesrv_core.h
#usr/include/samba-4.0/domain_credentials.h
#usr/include/samba-4.0/gen_ndr
@@ -80,7 +78,6 @@ usr/bin/wspsearch
#usr/include/samba-4.0/gen_ndr/ndr_misc.h
#usr/include/samba-4.0/gen_ndr/ndr_nbt.h
#usr/include/samba-4.0/gen_ndr/ndr_samr.h
-#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h
#usr/include/samba-4.0/gen_ndr/ndr_svcctl.h
#usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h
#usr/include/samba-4.0/gen_ndr/netlogon.h
@@ -101,9 +98,7 @@ usr/bin/wspsearch
#usr/include/samba-4.0/ndr/ndr_nbt.h
#usr/include/samba-4.0/ndr/ndr_svcctl.h
#usr/include/samba-4.0/netapi.h
-#usr/include/samba-4.0/param.h
#usr/include/samba-4.0/passdb.h
-#usr/include/samba-4.0/policy.h
#usr/include/samba-4.0/rpc_common.h
#usr/include/samba-4.0/samba
#usr/include/samba-4.0/samba/session.h
@@ -129,9 +124,6 @@ usr/bin/wspsearch
#usr/include/samba-4.0/util/idtree_random.h
#usr/include/samba-4.0/util/signal.h
#usr/include/samba-4.0/util/substitute.h
-#usr/include/samba-4.0/util/tevent_ntstatus.h
-#usr/include/samba-4.0/util/tevent_unix.h
-#usr/include/samba-4.0/util/tevent_werror.h
#usr/include/samba-4.0/util/tfork.h
#usr/include/samba-4.0/util/time.h
#usr/include/samba-4.0/util_ldb.h
@@ -139,15 +131,9 @@ usr/bin/wspsearch
usr/lib/libdcerpc-binding.so
usr/lib/libdcerpc-binding.so.0
usr/lib/libdcerpc-binding.so.0.0.1
-usr/lib/libdcerpc-samr.so
-usr/lib/libdcerpc-samr.so.0
-usr/lib/libdcerpc-samr.so.0.0.1
usr/lib/libdcerpc-server-core.so
usr/lib/libdcerpc-server-core.so.0
usr/lib/libdcerpc-server-core.so.0.0.1
-usr/lib/libdcerpc.so
-usr/lib/libdcerpc.so.0
-usr/lib/libdcerpc.so.0.0.1
usr/lib/libndr-krb5pac.so
usr/lib/libndr-krb5pac.so.0
usr/lib/libndr-krb5pac.so.0.0.1
@@ -158,34 +144,22 @@ usr/lib/libndr-standard.so
usr/lib/libndr-standard.so.0
usr/lib/libndr-standard.so.0.0.1
usr/lib/libndr.so
-usr/lib/libndr.so.4
-usr/lib/libndr.so.4.0.0
+usr/lib/libndr.so.5
+usr/lib/libndr.so.5.0.0
usr/lib/libnetapi.so
usr/lib/libnetapi.so.1
usr/lib/libnetapi.so.1.0.0
usr/lib/libnss_winbind.so.2
usr/lib/libnss_wins.so.2
-usr/lib/libsamba-credentials.so
-usr/lib/libsamba-credentials.so.1
-usr/lib/libsamba-credentials.so.1.0.0
usr/lib/libsamba-errors.so
usr/lib/libsamba-errors.so.1
usr/lib/libsamba-errors.so.1.0.0
-usr/lib/libsamba-hostconfig.so
-usr/lib/libsamba-hostconfig.so.0
-usr/lib/libsamba-hostconfig.so.0.0.1
usr/lib/libsamba-passdb.so
usr/lib/libsamba-passdb.so.0
-usr/lib/libsamba-passdb.so.0.28.0
-usr/lib/libsamba-policy.cpython-310-riscv64-linux-gnu.so
-usr/lib/libsamba-policy.cpython-310-riscv64-linux-gnu.so.0
-usr/lib/libsamba-policy.cpython-310-riscv64-linux-gnu.so.0.0.1
+usr/lib/libsamba-passdb.so.0.29.0
usr/lib/libsamba-util.so
usr/lib/libsamba-util.so.0
usr/lib/libsamba-util.so.0.0.1
-usr/lib/libsamdb.so
-usr/lib/libsamdb.so.0
-usr/lib/libsamdb.so.0.0.1
usr/lib/libsmbclient.so
usr/lib/libsmbclient.so.0
usr/lib/libsmbclient.so.0.8.0
@@ -195,24 +169,15 @@ usr/lib/libsmbconf.so.0.0.1
usr/lib/libsmbldap.so
usr/lib/libsmbldap.so.2
usr/lib/libsmbldap.so.2.1.0
-usr/lib/libtevent-util.so
-usr/lib/libtevent-util.so.0
-usr/lib/libtevent-util.so.0.0.1
usr/lib/libwbclient.so
usr/lib/libwbclient.so.0
usr/lib/libwbclient.so.0.16
-#usr/lib/pkgconfig/dcerpc.pc
-#usr/lib/pkgconfig/dcerpc_samr.pc
#usr/lib/pkgconfig/ndr.pc
#usr/lib/pkgconfig/ndr_krb5pac.pc
#usr/lib/pkgconfig/ndr_nbt.pc
#usr/lib/pkgconfig/ndr_standard.pc
#usr/lib/pkgconfig/netapi.pc
-#usr/lib/pkgconfig/samba-credentials.pc
-#usr/lib/pkgconfig/samba-hostconfig.pc
-#usr/lib/pkgconfig/samba-policy.cpython-310-riscv64-linux-gnu.pc
#usr/lib/pkgconfig/samba-util.pc
-#usr/lib/pkgconfig/samdb.pc
#usr/lib/pkgconfig/smbclient.pc
#usr/lib/pkgconfig/wbclient.pc
usr/lib/python3.10/site-packages/_ldb_text.py
@@ -283,6 +248,31 @@ usr/lib/python3.10/site-packages/samba/dcerpc/xattr.cpython-310-riscv64-linux-gn
usr/lib/python3.10/site-packages/samba/descriptor.py
usr/lib/python3.10/site-packages/samba/dnsresolver.py
usr/lib/python3.10/site-packages/samba/dnsserver.py
+#usr/lib/python3.10/site-packages/samba/domain
+usr/lib/python3.10/site-packages/samba/domain/__init__.py
+#usr/lib/python3.10/site-packages/samba/domain/models
+usr/lib/python3.10/site-packages/samba/domain/models/__init__.py
+usr/lib/python3.10/site-packages/samba/domain/models/auth_policy.py
+usr/lib/python3.10/site-packages/samba/domain/models/auth_silo.py
+usr/lib/python3.10/site-packages/samba/domain/models/claim_type.py
+usr/lib/python3.10/site-packages/samba/domain/models/computer.py
+usr/lib/python3.10/site-packages/samba/domain/models/constants.py
+usr/lib/python3.10/site-packages/samba/domain/models/container.py
+usr/lib/python3.10/site-packages/samba/domain/models/exceptions.py
+usr/lib/python3.10/site-packages/samba/domain/models/fields.py
+usr/lib/python3.10/site-packages/samba/domain/models/gmsa.py
+usr/lib/python3.10/site-packages/samba/domain/models/group.py
+usr/lib/python3.10/site-packages/samba/domain/models/model.py
+usr/lib/python3.10/site-packages/samba/domain/models/org.py
+usr/lib/python3.10/site-packages/samba/domain/models/person.py
+usr/lib/python3.10/site-packages/samba/domain/models/query.py
+usr/lib/python3.10/site-packages/samba/domain/models/registry.py
+usr/lib/python3.10/site-packages/samba/domain/models/schema.py
+usr/lib/python3.10/site-packages/samba/domain/models/site.py
+usr/lib/python3.10/site-packages/samba/domain/models/subnet.py
+usr/lib/python3.10/site-packages/samba/domain/models/types.py
+usr/lib/python3.10/site-packages/samba/domain/models/user.py
+usr/lib/python3.10/site-packages/samba/domain/models/value_type.py
usr/lib/python3.10/site-packages/samba/domain_update.py
usr/lib/python3.10/site-packages/samba/drs_utils.py
usr/lib/python3.10/site-packages/samba/dsdb.cpython-310-riscv64-linux-gnu.so
@@ -344,6 +334,7 @@ usr/lib/python3.10/site-packages/samba/kcc/graph_utils.py
usr/lib/python3.10/site-packages/samba/kcc/kcc_utils.py
usr/lib/python3.10/site-packages/samba/kcc/ldif_import_export.py
usr/lib/python3.10/site-packages/samba/logger.py
+usr/lib/python3.10/site-packages/samba/lsa_utils.py
usr/lib/python3.10/site-packages/samba/mdb_util.py
usr/lib/python3.10/site-packages/samba/messaging.cpython-310-riscv64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/ms_display_specifiers.py
@@ -366,9 +357,18 @@ usr/lib/python3.10/site-packages/samba/netcmd/dns.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/__init__.py
#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth
usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/__init__.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo_member.py
+#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/__init__.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/computer_allowed_to_authenticate_to.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/policy.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_from.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_to.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_from.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_to.py
+#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/__init__.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/member.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/silo.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/backup.py
#usr/lib/python3.10/site-packages/samba/netcmd/domain/claim
usr/lib/python3.10/site-packages/samba/netcmd/domain/claim/__init__.py
@@ -381,24 +381,12 @@ usr/lib/python3.10/site-packages/samba/netcmd/domain/demote.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/functional_prep.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/info.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/join.py
+#usr/lib/python3.10/site-packages/samba/netcmd/domain/kds
+usr/lib/python3.10/site-packages/samba/netcmd/domain/kds/__init__.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/kds/root_key.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/keytab.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/leave.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/level.py
-#usr/lib/python3.10/site-packages/samba/netcmd/domain/models
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/__init__.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/auth_policy.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/auth_silo.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/claim_type.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/exceptions.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/fields.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/group.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/model.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/query.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/schema.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/site.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/subnet.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/user.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/value_type.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/passwordsettings.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/provision.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/samba3upgrade.py
@@ -422,6 +410,10 @@ usr/lib/python3.10/site-packages/samba/netcmd/processes.py
usr/lib/python3.10/site-packages/samba/netcmd/pso.py
usr/lib/python3.10/site-packages/samba/netcmd/rodc.py
usr/lib/python3.10/site-packages/samba/netcmd/schema.py
+#usr/lib/python3.10/site-packages/samba/netcmd/service_account
+usr/lib/python3.10/site-packages/samba/netcmd/service_account/__init__.py
+usr/lib/python3.10/site-packages/samba/netcmd/service_account/group_msa_membership.py
+usr/lib/python3.10/site-packages/samba/netcmd/service_account/service_account.py
usr/lib/python3.10/site-packages/samba/netcmd/shell.py
usr/lib/python3.10/site-packages/samba/netcmd/sites.py
usr/lib/python3.10/site-packages/samba/netcmd/spn.py
@@ -515,6 +507,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/check_output.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/claims.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/downgradedatabase.py
+#usr/lib/python3.10/site-packages/samba/tests/blackbox/gmsa.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/http_chunk.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/mdsearch.py
@@ -548,10 +541,10 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/array.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/bare.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/binding.py
-#usr/lib/python3.10/site-packages/samba/tests/dcerpc/createtrustrelax.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/dnsserver.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/integer.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/lsa.py
+#usr/lib/python3.10/site-packages/samba/tests/dcerpc/lsa_utils.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/mdssvc.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/misc.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/raw_protocol.py
@@ -583,6 +576,8 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_api.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_dns.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_lock.py
+#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_env_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_provision_tests.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_schema_attributes.py
#usr/lib/python3.10/site-packages/samba/tests/emulate
#usr/lib/python3.10/site-packages/samba/tests/emulate/__init__.py
@@ -620,6 +615,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/etype_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/fast_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/gkdi_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/krb5/gmsa_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/group_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kcrypto.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_base_test.py
@@ -716,6 +712,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_auth_policy.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_auth_silo.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_claim.py
+#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_kds_root_key.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_models.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/dsacl.py
@@ -738,6 +735,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/provision_userPassword_crypt.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/rodc.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/schema.py
+#usr/lib/python3.10/site-packages/samba/tests/samba_tool/service_account.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/silo_base.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/sites.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/timecmd.py
@@ -782,7 +780,6 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/upgradeprovisionneeddc.py
#usr/lib/python3.10/site-packages/samba/tests/usage.py
#usr/lib/python3.10/site-packages/samba/tests/xattr.py
-#usr/lib/python3.10/site-packages/samba/trust_utils.py
usr/lib/python3.10/site-packages/samba/upgrade.py
usr/lib/python3.10/site-packages/samba/upgradehelpers.py
usr/lib/python3.10/site-packages/samba/uptodateness.py
@@ -808,6 +805,7 @@ usr/lib/samba/krb5/winbind_krb5_locator.so
#usr/lib/samba/ldb
usr/lib/samba/ldb/asq.so
usr/lib/samba/ldb/ildap.so
+usr/lib/samba/ldb/ldap.so
usr/lib/samba/ldb/ldb.so
usr/lib/samba/ldb/ldbsamba_extensions.so
usr/lib/samba/ldb/paged_searches.so
@@ -847,8 +845,10 @@ usr/lib/samba/libcom-err-private-samba.so
usr/lib/samba/libcommon-auth-private-samba.so
usr/lib/samba/libdbwrap-private-samba.so
usr/lib/samba/libdcerpc-pkt-auth-private-samba.so
+usr/lib/samba/libdcerpc-private-samba.so
usr/lib/samba/libdcerpc-samba-private-samba.so
usr/lib/samba/libdcerpc-samba4-private-samba.so
+usr/lib/samba/libdcerpc-samr-private-samba.so
usr/lib/samba/libdnsserver-common-private-samba.so
usr/lib/samba/libdsdb-module-private-samba.so
usr/lib/samba/libevents-private-samba.so
@@ -901,14 +901,19 @@ usr/lib/samba/libregistry-private-samba.so
usr/lib/samba/libreplace-private-samba.so
usr/lib/samba/libroken-private-samba.so
usr/lib/samba/libsamba-cluster-support-private-samba.so
+usr/lib/samba/libsamba-credentials-private-samba.so
usr/lib/samba/libsamba-debug-private-samba.so
+usr/lib/samba/libsamba-hostconfig-private-samba.so
usr/lib/samba/libsamba-modules-private-samba.so
-usr/lib/samba/libsamba-net.cpython-310-riscv64-linux-gnu-private-samba.so
+usr/lib/samba/libsamba-net-join.cpython-310-riscv64-linux-gnu-private-samba.so
+usr/lib/samba/libsamba-net-private-samba.so
+usr/lib/samba/libsamba-policy-private-samba.so
usr/lib/samba/libsamba-python.cpython-310-riscv64-linux-gnu-private-samba.so
usr/lib/samba/libsamba-security-private-samba.so
usr/lib/samba/libsamba-sockets-private-samba.so
usr/lib/samba/libsamba3-util-private-samba.so
usr/lib/samba/libsamdb-common-private-samba.so
+usr/lib/samba/libsamdb-private-samba.so
usr/lib/samba/libsecrets3-private-samba.so
usr/lib/samba/libserver-id-db-private-samba.so
usr/lib/samba/libserver-role-private-samba.so
@@ -928,9 +933,9 @@ usr/lib/samba/libtalloc-report-private-samba.so
usr/lib/samba/libtdb-private-samba.so
usr/lib/samba/libtdb-wrap-private-samba.so
usr/lib/samba/libtevent-private-samba.so
+usr/lib/samba/libtevent-util-private-samba.so
usr/lib/samba/libtime-basic-private-samba.so
usr/lib/samba/libtorture-private-samba.so
-usr/lib/samba/libtrusts-util-private-samba.so
usr/lib/samba/libutil-reg-private-samba.so
usr/lib/samba/libutil-setid-private-samba.so
usr/lib/samba/libutil-tdb-private-samba.so
@@ -1019,4 +1024,4 @@ var/log/samba
var/spool/samba
srv/web/ipfire/cgi-bin/samba.cgi
var/ipfire/menu.d/EX-samba.menu
-usr/local/bin/sambactrl
+usr/local/bin/sambactrl
\ No newline at end of file
diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba
index 92862313d1..e720457a3d 100644
--- a/config/rootfiles/packages/x86_64/samba
+++ b/config/rootfiles/packages/x86_64/samba
@@ -57,8 +57,6 @@ usr/bin/wspsearch
#usr/include/samba-4.0/core/ntstatus_gen.h
#usr/include/samba-4.0/core/werror.h
#usr/include/samba-4.0/core/werror_gen.h
-#usr/include/samba-4.0/credentials.h
-#usr/include/samba-4.0/dcerpc.h
#usr/include/samba-4.0/dcesrv_core.h
#usr/include/samba-4.0/domain_credentials.h
#usr/include/samba-4.0/gen_ndr
@@ -80,7 +78,6 @@ usr/bin/wspsearch
#usr/include/samba-4.0/gen_ndr/ndr_misc.h
#usr/include/samba-4.0/gen_ndr/ndr_nbt.h
#usr/include/samba-4.0/gen_ndr/ndr_samr.h
-#usr/include/samba-4.0/gen_ndr/ndr_samr_c.h
#usr/include/samba-4.0/gen_ndr/ndr_svcctl.h
#usr/include/samba-4.0/gen_ndr/ndr_svcctl_c.h
#usr/include/samba-4.0/gen_ndr/netlogon.h
@@ -101,9 +98,7 @@ usr/bin/wspsearch
#usr/include/samba-4.0/ndr/ndr_nbt.h
#usr/include/samba-4.0/ndr/ndr_svcctl.h
#usr/include/samba-4.0/netapi.h
-#usr/include/samba-4.0/param.h
#usr/include/samba-4.0/passdb.h
-#usr/include/samba-4.0/policy.h
#usr/include/samba-4.0/rpc_common.h
#usr/include/samba-4.0/samba
#usr/include/samba-4.0/samba/session.h
@@ -129,9 +124,6 @@ usr/bin/wspsearch
#usr/include/samba-4.0/util/idtree_random.h
#usr/include/samba-4.0/util/signal.h
#usr/include/samba-4.0/util/substitute.h
-#usr/include/samba-4.0/util/tevent_ntstatus.h
-#usr/include/samba-4.0/util/tevent_unix.h
-#usr/include/samba-4.0/util/tevent_werror.h
#usr/include/samba-4.0/util/tfork.h
#usr/include/samba-4.0/util/time.h
#usr/include/samba-4.0/util_ldb.h
@@ -139,15 +131,9 @@ usr/bin/wspsearch
usr/lib/libdcerpc-binding.so
usr/lib/libdcerpc-binding.so.0
usr/lib/libdcerpc-binding.so.0.0.1
-usr/lib/libdcerpc-samr.so
-usr/lib/libdcerpc-samr.so.0
-usr/lib/libdcerpc-samr.so.0.0.1
usr/lib/libdcerpc-server-core.so
usr/lib/libdcerpc-server-core.so.0
usr/lib/libdcerpc-server-core.so.0.0.1
-usr/lib/libdcerpc.so
-usr/lib/libdcerpc.so.0
-usr/lib/libdcerpc.so.0.0.1
usr/lib/libndr-krb5pac.so
usr/lib/libndr-krb5pac.so.0
usr/lib/libndr-krb5pac.so.0.0.1
@@ -158,34 +144,22 @@ usr/lib/libndr-standard.so
usr/lib/libndr-standard.so.0
usr/lib/libndr-standard.so.0.0.1
usr/lib/libndr.so
-usr/lib/libndr.so.4
-usr/lib/libndr.so.4.0.0
+usr/lib/libndr.so.5
+usr/lib/libndr.so.5.0.0
usr/lib/libnetapi.so
usr/lib/libnetapi.so.1
usr/lib/libnetapi.so.1.0.0
usr/lib/libnss_winbind.so.2
usr/lib/libnss_wins.so.2
-usr/lib/libsamba-credentials.so
-usr/lib/libsamba-credentials.so.1
-usr/lib/libsamba-credentials.so.1.0.0
usr/lib/libsamba-errors.so
usr/lib/libsamba-errors.so.1
usr/lib/libsamba-errors.so.1.0.0
-usr/lib/libsamba-hostconfig.so
-usr/lib/libsamba-hostconfig.so.0
-usr/lib/libsamba-hostconfig.so.0.0.1
usr/lib/libsamba-passdb.so
usr/lib/libsamba-passdb.so.0
-usr/lib/libsamba-passdb.so.0.28.0
-usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so
-usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0
-usr/lib/libsamba-policy.cpython-310-x86-64-linux-gnu.so.0.0.1
+usr/lib/libsamba-passdb.so.0.29.0
usr/lib/libsamba-util.so
usr/lib/libsamba-util.so.0
usr/lib/libsamba-util.so.0.0.1
-usr/lib/libsamdb.so
-usr/lib/libsamdb.so.0
-usr/lib/libsamdb.so.0.0.1
usr/lib/libsmbclient.so
usr/lib/libsmbclient.so.0
usr/lib/libsmbclient.so.0.8.0
@@ -195,24 +169,15 @@ usr/lib/libsmbconf.so.0.0.1
usr/lib/libsmbldap.so
usr/lib/libsmbldap.so.2
usr/lib/libsmbldap.so.2.1.0
-usr/lib/libtevent-util.so
-usr/lib/libtevent-util.so.0
-usr/lib/libtevent-util.so.0.0.1
usr/lib/libwbclient.so
usr/lib/libwbclient.so.0
usr/lib/libwbclient.so.0.16
-#usr/lib/pkgconfig/dcerpc.pc
-#usr/lib/pkgconfig/dcerpc_samr.pc
#usr/lib/pkgconfig/ndr.pc
#usr/lib/pkgconfig/ndr_krb5pac.pc
#usr/lib/pkgconfig/ndr_nbt.pc
#usr/lib/pkgconfig/ndr_standard.pc
#usr/lib/pkgconfig/netapi.pc
-#usr/lib/pkgconfig/samba-credentials.pc
-#usr/lib/pkgconfig/samba-hostconfig.pc
-#usr/lib/pkgconfig/samba-policy.cpython-310-x86_64-linux-gnu.pc
#usr/lib/pkgconfig/samba-util.pc
-#usr/lib/pkgconfig/samdb.pc
#usr/lib/pkgconfig/smbclient.pc
#usr/lib/pkgconfig/wbclient.pc
usr/lib/python3.10/site-packages/_ldb_text.py
@@ -283,6 +248,31 @@ usr/lib/python3.10/site-packages/samba/dcerpc/xattr.cpython-310-x86_64-linux-gnu
usr/lib/python3.10/site-packages/samba/descriptor.py
usr/lib/python3.10/site-packages/samba/dnsresolver.py
usr/lib/python3.10/site-packages/samba/dnsserver.py
+#usr/lib/python3.10/site-packages/samba/domain
+usr/lib/python3.10/site-packages/samba/domain/__init__.py
+#usr/lib/python3.10/site-packages/samba/domain/models
+usr/lib/python3.10/site-packages/samba/domain/models/__init__.py
+usr/lib/python3.10/site-packages/samba/domain/models/auth_policy.py
+usr/lib/python3.10/site-packages/samba/domain/models/auth_silo.py
+usr/lib/python3.10/site-packages/samba/domain/models/claim_type.py
+usr/lib/python3.10/site-packages/samba/domain/models/computer.py
+usr/lib/python3.10/site-packages/samba/domain/models/constants.py
+usr/lib/python3.10/site-packages/samba/domain/models/container.py
+usr/lib/python3.10/site-packages/samba/domain/models/exceptions.py
+usr/lib/python3.10/site-packages/samba/domain/models/fields.py
+usr/lib/python3.10/site-packages/samba/domain/models/gmsa.py
+usr/lib/python3.10/site-packages/samba/domain/models/group.py
+usr/lib/python3.10/site-packages/samba/domain/models/model.py
+usr/lib/python3.10/site-packages/samba/domain/models/org.py
+usr/lib/python3.10/site-packages/samba/domain/models/person.py
+usr/lib/python3.10/site-packages/samba/domain/models/query.py
+usr/lib/python3.10/site-packages/samba/domain/models/registry.py
+usr/lib/python3.10/site-packages/samba/domain/models/schema.py
+usr/lib/python3.10/site-packages/samba/domain/models/site.py
+usr/lib/python3.10/site-packages/samba/domain/models/subnet.py
+usr/lib/python3.10/site-packages/samba/domain/models/types.py
+usr/lib/python3.10/site-packages/samba/domain/models/user.py
+usr/lib/python3.10/site-packages/samba/domain/models/value_type.py
usr/lib/python3.10/site-packages/samba/domain_update.py
usr/lib/python3.10/site-packages/samba/drs_utils.py
usr/lib/python3.10/site-packages/samba/dsdb.cpython-310-x86_64-linux-gnu.so
@@ -344,6 +334,7 @@ usr/lib/python3.10/site-packages/samba/kcc/graph_utils.py
usr/lib/python3.10/site-packages/samba/kcc/kcc_utils.py
usr/lib/python3.10/site-packages/samba/kcc/ldif_import_export.py
usr/lib/python3.10/site-packages/samba/logger.py
+usr/lib/python3.10/site-packages/samba/lsa_utils.py
usr/lib/python3.10/site-packages/samba/mdb_util.py
usr/lib/python3.10/site-packages/samba/messaging.cpython-310-x86_64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/ms_display_specifiers.py
@@ -366,9 +357,18 @@ usr/lib/python3.10/site-packages/samba/netcmd/domain
usr/lib/python3.10/site-packages/samba/netcmd/domain/__init__.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/auth
usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/__init__.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo_member.py
+#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/__init__.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/computer_allowed_to_authenticate_to.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/policy.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_from.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_to.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_from.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_to.py
+#usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/__init__.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/member.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/auth/silo/silo.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/backup.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/claim
usr/lib/python3.10/site-packages/samba/netcmd/domain/claim/__init__.py
@@ -381,24 +381,12 @@ usr/lib/python3.10/site-packages/samba/netcmd/domain/demote.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/functional_prep.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/info.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/join.py
+#usr/lib/python3.10/site-packages/samba/netcmd/domain/kds
+usr/lib/python3.10/site-packages/samba/netcmd/domain/kds/__init__.py
+usr/lib/python3.10/site-packages/samba/netcmd/domain/kds/root_key.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/keytab.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/leave.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/level.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/__init__.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/auth_policy.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/auth_silo.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/claim_type.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/exceptions.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/fields.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/group.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/model.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/query.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/schema.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/site.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/subnet.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/user.py
-usr/lib/python3.10/site-packages/samba/netcmd/domain/models/value_type.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/passwordsettings.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/provision.py
usr/lib/python3.10/site-packages/samba/netcmd/domain/samba3upgrade.py
@@ -422,6 +410,10 @@ usr/lib/python3.10/site-packages/samba/netcmd/processes.py
usr/lib/python3.10/site-packages/samba/netcmd/pso.py
usr/lib/python3.10/site-packages/samba/netcmd/rodc.py
usr/lib/python3.10/site-packages/samba/netcmd/schema.py
+#usr/lib/python3.10/site-packages/samba/netcmd/service_account
+usr/lib/python3.10/site-packages/samba/netcmd/service_account/__init__.py
+usr/lib/python3.10/site-packages/samba/netcmd/service_account/group_msa_membership.py
+usr/lib/python3.10/site-packages/samba/netcmd/service_account/service_account.py
usr/lib/python3.10/site-packages/samba/netcmd/shell.py
usr/lib/python3.10/site-packages/samba/netcmd/sites.py
usr/lib/python3.10/site-packages/samba/netcmd/spn.py
@@ -513,16 +505,17 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/__init__.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/bug13653.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/check_output.py
-usr/lib/python3.10/site-packages/samba/tests/blackbox/claims.py
+#usr/lib/python3.10/site-packages/samba/tests/blackbox/claims.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/downgradedatabase.py
-usr/lib/python3.10/site-packages/samba/tests/blackbox/http_chunk.py
-usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py
+#usr/lib/python3.10/site-packages/samba/tests/blackbox/gmsa.py
+#usr/lib/python3.10/site-packages/samba/tests/blackbox/http_chunk.py
+#usr/lib/python3.10/site-packages/samba/tests/blackbox/http_content.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/mdsearch.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/misc_dfs_widelink.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/ndrdump.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/netads_dns.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/netads_json.py
-usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py
+#usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/samba_dnsupdate.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/smbcacls.py
#usr/lib/python3.10/site-packages/samba/tests/blackbox/smbcacls_basic.py
@@ -548,10 +541,10 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/array.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/bare.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/binding.py
-#usr/lib/python3.10/site-packages/samba/tests/dcerpc/createtrustrelax.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/dnsserver.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/integer.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/lsa.py
+#usr/lib/python3.10/site-packages/samba/tests/dcerpc/lsa_utils.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/mdssvc.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/misc.py
#usr/lib/python3.10/site-packages/samba/tests/dcerpc/raw_protocol.py
@@ -583,6 +576,8 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_api.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_dns.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_lock.py
+#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_env_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_provision_tests.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_schema_attributes.py
#usr/lib/python3.10/site-packages/samba/tests/emulate
#usr/lib/python3.10/site-packages/samba/tests/emulate/__init__.py
@@ -620,6 +615,7 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/etype_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/fast_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/gkdi_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/krb5/gmsa_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/group_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kcrypto.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_base_test.py
@@ -716,6 +712,7 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_auth_policy.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_auth_silo.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_claim.py
+#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_kds_root_key.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/domain_models.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/dsacl.py
@@ -738,6 +735,7 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/provision_userPassword_crypt.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/rodc.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/schema.py
+#usr/lib/python3.10/site-packages/samba/tests/samba_tool/service_account.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/silo_base.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/sites.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/timecmd.py
@@ -782,7 +780,6 @@ usr/lib/python3.10/site-packages/samba/tests/blackbox/rpcd_witness_samba_only.py
#usr/lib/python3.10/site-packages/samba/tests/upgradeprovisionneeddc.py
#usr/lib/python3.10/site-packages/samba/tests/usage.py
#usr/lib/python3.10/site-packages/samba/tests/xattr.py
-usr/lib/python3.10/site-packages/samba/trust_utils.py
usr/lib/python3.10/site-packages/samba/upgrade.py
usr/lib/python3.10/site-packages/samba/upgradehelpers.py
usr/lib/python3.10/site-packages/samba/uptodateness.py
@@ -808,6 +805,7 @@ usr/lib/samba/krb5/winbind_krb5_locator.so
#usr/lib/samba/ldb
usr/lib/samba/ldb/asq.so
usr/lib/samba/ldb/ildap.so
+usr/lib/samba/ldb/ldap.so
usr/lib/samba/ldb/ldb.so
usr/lib/samba/ldb/ldbsamba_extensions.so
usr/lib/samba/ldb/paged_searches.so
@@ -847,8 +845,10 @@ usr/lib/samba/libcom-err-private-samba.so
usr/lib/samba/libcommon-auth-private-samba.so
usr/lib/samba/libdbwrap-private-samba.so
usr/lib/samba/libdcerpc-pkt-auth-private-samba.so
+usr/lib/samba/libdcerpc-private-samba.so
usr/lib/samba/libdcerpc-samba-private-samba.so
usr/lib/samba/libdcerpc-samba4-private-samba.so
+usr/lib/samba/libdcerpc-samr-private-samba.so
usr/lib/samba/libdnsserver-common-private-samba.so
usr/lib/samba/libdsdb-module-private-samba.so
usr/lib/samba/libevents-private-samba.so
@@ -901,14 +901,19 @@ usr/lib/samba/libregistry-private-samba.so
usr/lib/samba/libreplace-private-samba.so
usr/lib/samba/libroken-private-samba.so
usr/lib/samba/libsamba-cluster-support-private-samba.so
+usr/lib/samba/libsamba-credentials-private-samba.so
usr/lib/samba/libsamba-debug-private-samba.so
+usr/lib/samba/libsamba-hostconfig-private-samba.so
usr/lib/samba/libsamba-modules-private-samba.so
-usr/lib/samba/libsamba-net.cpython-310-x86-64-linux-gnu-private-samba.so
+usr/lib/samba/libsamba-net-join.cpython-310-x86-64-linux-gnu-private-samba.so
+usr/lib/samba/libsamba-net-private-samba.so
+usr/lib/samba/libsamba-policy-private-samba.so
usr/lib/samba/libsamba-python.cpython-310-x86-64-linux-gnu-private-samba.so
usr/lib/samba/libsamba-security-private-samba.so
usr/lib/samba/libsamba-sockets-private-samba.so
usr/lib/samba/libsamba3-util-private-samba.so
usr/lib/samba/libsamdb-common-private-samba.so
+usr/lib/samba/libsamdb-private-samba.so
usr/lib/samba/libsecrets3-private-samba.so
usr/lib/samba/libserver-id-db-private-samba.so
usr/lib/samba/libserver-role-private-samba.so
@@ -928,9 +933,9 @@ usr/lib/samba/libtalloc-report-private-samba.so
usr/lib/samba/libtdb-private-samba.so
usr/lib/samba/libtdb-wrap-private-samba.so
usr/lib/samba/libtevent-private-samba.so
+usr/lib/samba/libtevent-util-private-samba.so
usr/lib/samba/libtime-basic-private-samba.so
usr/lib/samba/libtorture-private-samba.so
-usr/lib/samba/libtrusts-util-private-samba.so
usr/lib/samba/libutil-reg-private-samba.so
usr/lib/samba/libutil-setid-private-samba.so
usr/lib/samba/libutil-tdb-private-samba.so
diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config
index 85c069ddae..d5f63f315c 100644
--- a/config/ssh/ssh_config
+++ b/config/ssh/ssh_config
@@ -9,8 +9,8 @@ Host *
UseRoaming no
# Only use secure crypto algorithms
- KexAlgorithms sntrup761x25519-sha512(a)openssh.com,curve25519-sha256,curve25519-sha256(a)libssh.org,diffie-hellman-group-exchange-sha256
- Ciphers chacha20-poly1305(a)openssh.com,aes256-gcm(a)openssh.com,aes128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+ KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512(a)openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256(a)libssh.org,diffie-hellman-group-exchange-sha256
+ Ciphers aes256-gcm(a)openssh.com,aes256-ctr,chacha20-poly1305(a)openssh.com,aes192-ctr,aes128-gcm(a)openssh.com,aes128-ctr
MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.com,umac-128-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.com
# Always visualise server host keys (helps to identify key based MITM attacks)
diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config
index 76c9b3eb1c..e338f8cef5 100644
--- a/config/ssh/sshd_config
+++ b/config/ssh/sshd_config
@@ -20,8 +20,8 @@ LoginGraceTime 30s
MaxStartups 5
# Only allow safe crypto algorithms
-KexAlgorithms sntrup761x25519-sha512(a)openssh.com,curve25519-sha256,curve25519-sha256(a)libssh.org,diffie-hellman-group-exchange-sha256
-Ciphers chacha20-poly1305(a)openssh.com,aes256-gcm(a)openssh.com,aes128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512(a)openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256(a)libssh.org,diffie-hellman-group-exchange-sha256
+Ciphers aes256-gcm(a)openssh.com,aes256-ctr,chacha20-poly1305(a)openssh.com,aes192-ctr,aes128-gcm(a)openssh.com,aes128-ctr
MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.com,umac-128-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.com
# Only allow cryptographically safe SSH host keys (adjust paths if needed)
diff --git a/doc/language_issues.en b/doc/language_issues.en
index f7b5e2f91f..373603acad 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1101,7 +1101,7 @@ WARNING: untranslated string: intrusion detection system = Intrusion Prevention
WARNING: untranslated string: intrusion detection system rules = Ruleset
WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System
WARNING: untranslated string: invalid broadcast ip = Invalid broadcast IP
-WARNING: untranslated string: invalid characters found in pre-shared key = Invalid characters found in pre-shared key.
+WARNING: untranslated string: invalid characters found in pre-shared key = Invalid single quotation mark found in pre-shared key.
WARNING: untranslated string: invalid default lease time = Invalid default lease time.
WARNING: untranslated string: invalid domain name = Invalid domain name.
WARNING: untranslated string: invalid end address = Invalid end address.
diff --git a/html/cgi-bin/logs.cgi/log.dat b/html/cgi-bin/logs.cgi/log.dat
index 01c382a0df..41f81e99d9 100644
--- a/html/cgi-bin/logs.cgi/log.dat
+++ b/html/cgi-bin/logs.cgi/log.dat
@@ -75,7 +75,7 @@ my %sections = (
'samba' => '(nmbd|smbd|winbind)\[\d+\]:',
'suricata' => '(suricata: )',
'squid' => '(squid\[.*\]: |squid: )',
- 'ssh' => '(sshd(?:\(.*\))?\[.*\]: )',
+ 'ssh' => '(sshd(?:\(.*\))?\[.*\]: |sshd-session(?:\(.*\))?\[.*\]:)',
'unbound' => '(unbound: \[.*?\])(.*:.*$)',
'urlfilter bl' => '(installpackage\[urlfilter\]: )',
'wireless' => '(hostapd:|kernel: ath.*:|kernel: wifi[0-9]:)',
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 72695f892f..daaa059a49 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -569,7 +569,7 @@ sub getccdadresses
for (my $i=1;$i<=$count;$i++) {
my $tmpip=$iprange[$i-1];
my $stepper=$i*4;
- $iprange[$i]= &General::getnextip($tmpip,4);
+ $iprange[$i]= &Network::bin2ip(&Network::ip2bin($tmpip) + 4);
}
my $r=0;
foreach my $key (keys %ccdhash) {
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
old mode 100644
new mode 100755
index 55a7eff05d..3541aaa293
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -94,6 +94,7 @@ $cgiparams{'LOCAL_ID'} = '';
$cgiparams{'REMOTE_ID'} = '';
$cgiparams{'REMARK'} = '';
$cgiparams{'PSK'} = '';
+$cgiparams{'BASE_64'} = '';
$cgiparams{'CERT_NAME'} = '';
$cgiparams{'CERT_EMAIL'} = '';
$cgiparams{'CERT_OU'} = '';
@@ -481,7 +482,12 @@ sub writeipsecfiles {
if ($lconfighash{$key}[4] eq 'psk') {
$psk_line = ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside) . " " ;
$psk_line .= $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfighash{$key}[10]; #remoteid or remote address?
- $psk_line .= " : PSK '$lconfighash{$key}[5]'\n";
+ if ($lconfighash{$key}[40] eq 'YES') {
+ my $decoded_psk = MIME::Base64::decode_base64($lconfighash{$key}[5]);
+ $psk_line .= " : PSK '$decoded_psk'\n";
+ } else {
+ $psk_line .= " : PSK '$lconfighash{$key}[5]'\n";
+ }
# if the line contains %any, it is less specific than two IP or ID, so move it at end of file.
if ($psk_line =~ /%any/) {
$last_secrets .= $psk_line;
@@ -1702,6 +1708,7 @@ END
$cgiparams{'INTERFACE_ADDRESS'} = $confighash{$cgiparams{'KEY'}}[37];
$cgiparams{'INTERFACE_MTU'} = $confighash{$cgiparams{'KEY'}}[38];
$cgiparams{'DNS_SERVERS'} = $confighash{$cgiparams{'KEY'}}[39];
+ $cgiparams{'BASE_64'} = $confighash{$cgiparams{'KEY'}}[40];
if (!$cgiparams{'DPD_DELAY'}) {
$cgiparams{'DPD_DELAY'} = 30;
@@ -1883,6 +1890,7 @@ END
}
if ($cgiparams{'AUTH'} eq 'psk') {
+ $cgiparams{'BASE_64'} = 'YES';
if (! length($cgiparams{'PSK'}) ) {
$errormessage = $Lang::tr{'pre-shared key is too short'};
goto VPNCONF_ERROR;
@@ -2260,7 +2268,13 @@ END
$confighash{$key}[3] = $cgiparams{'TYPE'};
if ($cgiparams{'AUTH'} eq 'psk') {
$confighash{$key}[4] = 'psk';
- $confighash{$key}[5] = $cgiparams{'PSK'};
+ if ($cgiparams{'BASE_64'} eq 'YES') {
+ $confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, "");
+ $confighash{$key}[40] = 'YES';
+ } else {
+ $confighash{$key}[5] = $cgiparams{'PSK'};
+ $confighash{$key}[40] = '';
+ }
} else {
$confighash{$key}[4] = 'cert';
}
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 581e33a712..79b493cd0c 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1516,7 +1516,7 @@
'intrusion prevention system' => 'Intrusion Prevention System',
'invalid broadcast ip' => 'Invalid broadcast IP',
'invalid cache size' => 'Invalid cache size.',
-'invalid characters found in pre-shared key' => 'Invalid characters found in pre-shared key.',
+'invalid characters found in pre-shared key' => 'Invalid single quotation mark found in pre-shared key.',
'invalid date entered' => 'Invalid date entered.',
'invalid default lease time' => 'Invalid default lease time.',
'invalid domain name' => 'Invalid domain name.',
diff --git a/lfs/apr b/lfs/apr
index 1375448ff1..5df4e9925d 100644
--- a/lfs/apr
+++ b/lfs/apr
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -25,7 +25,7 @@
include Config
-VER = 1.7.4
+VER = 1.7.5
THISAPP = apr-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = a93b9d3f2c46fe0a34ce1d544e7a43ba40720e2fae8b8a7d0957413ac695057902378dbf96f067ced7486da86c8e513b7fbd48fa79839efeeb40a3295fe2d3df
+$(DL_FILE)_BLAKE2 = 1feacb24e213843c4d3312806abf698e332c45557b7cfd74c9c654d4f9d835dd3a8bf4f9a3bb8328483dcc244948ca118ed6fab9655e482ac6fb53cc7fd92908
install : $(TARGET)
diff --git a/lfs/collectd b/lfs/collectd
index d1d4ea7213..2438d2eaf6 100644
--- a/lfs/collectd
+++ b/lfs/collectd
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -129,6 +129,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--with-librrd=/usr/share/rrdtool-1.2.30 \
--with-fp-layout=nothing
cd $(DIR_APP) && make install #collectd-4 does not support parallel build
+ mkdir /etc/collectd.d
cp -vf $(DIR_SRC)/config/collectd/collectd.* /etc/
mv /etc/collectd.vpn /var/ipfire/ovpn/collectd.vpn
chown nobody.nobody /var/ipfire/ovpn/collectd.vpn
diff --git a/lfs/logwatch b/lfs/logwatch
index 391315de48..b2452e21e3 100644
--- a/lfs/logwatch
+++ b/lfs/logwatch
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 7.8
+VER = 7.11
THISAPP = logwatch-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 35480a22077e43b70d15a00cc0a3a8297c1e57c465d6fffe7a9a68a9b4fb14ef62c1d2bcae8a4ab2d70af16451b8f0b5dba8aec29beae1012501a118915edd92
+$(DL_FILE)_BLAKE2 = 074b9b1d58bd199c82edc6fb40703b71f9488966e2acb8afc015fde93806740d11a3c8705303139716bbc50c353f3e8c3f4c0e9cf1d5f870cbb8599fbdd526d1
install : $(TARGET)
@@ -72,9 +72,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && sed -e "s/^TEMPDIR=.*/TEMPDIR=\"\/tmp\"/g" -i install_logwatch.sh
- cd $(DIR_APP)/lib && patch < $(DIR_SRC)/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.6-disable_iptables.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch
+ cd $(DIR_APP)/lib && patch -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-date_manip6.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-disable_iptables.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch
@cd $(DIR_APP) && chmod 755 install_logwatch.sh
cd $(DIR_APP) && yes "" | ./install_logwatch.sh
diff --git a/lfs/openssh b/lfs/openssh
index 036d0bb8ec..c14c8267cf 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -24,7 +24,7 @@
include Config
-VER = 9.8p1
+VER = 9.9p1
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3bf983c4ef5358054ed0104cd51d3e0069fbc2b80d8522d0df644d5508ec1d26a67bf061b1b5698d1cdf0d2cbba16b4cdca12a4ce30da24429094576a075e192
+$(DL_FILE)_BLAKE2 = 817d267e42b8be74a13e0cfd7999bdb4dab6355c7f62c1a4dd89adad310c5fb7fe3f17109ce1a36cd269a3639c1b8f1d18330c615ab3b419253ec027cfa20997
install : $(TARGET)
diff --git a/lfs/samba b/lfs/samba
index 8d2c6a3a3b..8358264a3f 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -24,7 +24,7 @@
include Config
-VER = 4.20.4
+VER = 4.21.0
SUMMARY = A SMB/CIFS File, Print, and Authentication Server
THISAPP = samba-$(VER)
@@ -35,7 +35,7 @@ TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba
PAK_VER = 105
-DEPS = avahi cups perl-Parse-Yapp wsdd
+DEPS = avahi cups perl-Parse-Yapp perl-JSON wsdd
SERVICES = samba
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1e5d99ed249f7a2bc21d0efec1d795262c556276984d48a774aef133bc1a9e182b7f20ce85aef2fc2b7d7e0b8b3a4edf1a6a855f679ed4d2408bd69b059463ee
+$(DL_FILE)_BLAKE2 = 0889f2be3b78affee88250114397de87a77da77d9674815ec5605780a6bb3e2e28dbbae53b66695196408f4aef550acce793e6397045fbea4bb236fdd095ce1a
install : $(TARGET)
diff --git a/src/initscripts/system/apache b/src/initscripts/system/apache
index e7a62097e1..ba7ede6702 100644
--- a/src/initscripts/system/apache
+++ b/src/initscripts/system/apache
@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -25,13 +25,6 @@
PIDFILE="/var/run/httpd.pid"
generate_certificates() {
- if [ ! -f "/etc/httpd/server.key" ]; then
- boot_mesg "Generating HTTPS RSA server key (this will take a moment)..."
- openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
- chmod 600 /etc/httpd/server.key
- evaluate_retval
- fi
-
if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then
boot_mesg "Generating HTTPS ECDSA server key..."
openssl ecparam -genkey -name secp384r1 -noout \
@@ -40,29 +33,12 @@ generate_certificates() {
evaluate_retval
fi
- # Generate RSA CSR
- if [ ! -f "/etc/httpd/server.csr" ]; then
- sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
- openssl req -new -key /etc/httpd/server.key \
- -out /etc/httpd/server.csr &>/dev/null
- fi
-
- # Generate ECDSA CSR
if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then
sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
openssl req -new -key /etc/httpd/server-ecdsa.key \
-out /etc/httpd/server-ecdsa.csr &>/dev/null
fi
- if [ ! -f "/etc/httpd/server.crt" ]; then
- boot_mesg "Signing RSA certificate..."
- openssl x509 -req -days 999999 -sha256 \
- -in /etc/httpd/server.csr \
- -signkey /etc/httpd/server.key \
- -out /etc/httpd/server.crt &>/dev/null
- evaluate_retval
- fi
-
if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then
boot_mesg "Signing ECDSA certificate..."
openssl x509 -req -days 999999 -sha256 \
diff --git a/src/initscripts/system/collectd b/src/initscripts/system/collectd
index 56b799d56d..263511fc7c 100644
--- a/src/initscripts/system/collectd
+++ b/src/initscripts/system/collectd
@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -68,9 +68,6 @@ case "$1" in
# ARM does not support to scan for sensors. In that case,
# we create an empty configuration file.
machine=$(uname -m)
- if [ "${machine:0:3}" = "arm" ]; then
- touch /etc/sysconfig/lm_sensors
- fi
if [ "${machine:0:7}" = "aarch64" ]; then
touch /etc/sysconfig/lm_sensors
fi
diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd
index fa40bc11d5..e5a9931afa 100644
--- a/src/initscripts/system/sshd
+++ b/src/initscripts/system/sshd
@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,14 +24,14 @@
case "$1" in
start)
- for algo in rsa ecdsa ed25519; do
+ for algo in ecdsa ed25519; do
keyfile="/etc/ssh/ssh_host_${algo}_key"
# If the key already exists, there is nothing to do.
[ -e "${keyfile}" ] && continue
boot_mesg "Generating SSH key (${algo})..."
- ssh-keygen -qf "${keyfile}" -N '' -t ${algo}
+ ssh-keygen -qf "${keyfile}" -N '' -b 521 -t ${algo}
evaluate_retval
done
diff --git a/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch b/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch
new file mode 100644
index 0000000000..816f6b4e80
--- /dev/null
+++ b/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch
@@ -0,0 +1,39 @@
+diff -Naur logwatch-7.11.orig/conf/services/secure.conf logwatch-7.11/conf/services/secure.conf
+--- logwatch-7.11.orig/conf/services/secure.conf 2016-03-09 21:14:35.000000000 +0100
++++ logwatch-7.11/conf/services/secure.conf 2024-08-27 14:48:48.453853293 +0200
+@@ -24,7 +24,7 @@
+ # Use this to ignore certain services in the secure log.
+ # You can ignore as many services as you would like.
+ # (we ignore sshd because its entries are processed by the sshd script)
+-$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd
++$ignore_services = sshd sshd-session Pluto stunnel proftpd saslauthd imapd postfix/smtpd
+
+ # For these services, summarize only (i.e. don't least each IP, just
+ # list the number of connections total)
+diff -Naur logwatch-7.11.orig/conf/services/sshd.conf logwatch-7.11/conf/services/sshd.conf
+--- logwatch-7.11.orig/conf/services/sshd.conf 2020-09-20 23:38:32.000000000 +0200
++++ logwatch-7.11/conf/services/sshd.conf 2024-08-27 14:49:08.077782387 +0200
+@@ -19,7 +19,7 @@
+ LogFile = messages
+
+ # Only give lines pertaining to the sshd service...
+-*OnlyService = sshd
++*OnlyService = (sshd|sshd-session)
+ *RemoveHeaders
+
+ # Variable $sshd_ignore_host is used to filter out hosts that login
+diff -Naur logwatch-7.11.orig/scripts/services/sshd logwatch-7.11/scripts/services/sshd
+--- logwatch-7.11.orig/scripts/services/sshd 2022-12-29 01:34:28.000000000 +0100
++++ logwatch-7.11/scripts/services/sshd 2024-08-27 14:49:21.908202288 +0200
+@@ -246,9 +246,9 @@
+ $NoIdent{$name}++;
+ } elsif (
+ ($ThisLine =~ m/^(?:error:.*|fatal:) Connection closed by remote host/ ) or
+- ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+): Connection reset by peer/ ) or
++ ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+)(| port \d+): Connection reset by peer/ ) or
+ ($ThisLine =~ m/^error: .*: read: Connection reset by peer/ ) or
+- ($ThisLine =~ m/^Read error from remote host [^ ]+: (Connection timed out|No route to host)/ ) or
++ ($ThisLine =~ m/^Read error from remote host [^ ]+(| port \d+): (Connection timed out|No route to host)/ ) or
+ ($ThisLine =~ m/^fatal: Read from socket failed: No route to host/) or
+ ($ThisLine =~ m/^fatal: Write failed: Network is unreachable/ ) or
+ ($ThisLine =~ m/^fatal: Write failed: Broken pipe/) or
diff --git a/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch b/src/patches/logwatch/logwatch-7.11-date_manip6.patch
similarity index 61%
rename from src/patches/logwatch/logwatch-7.3.6-date_manip6.patch
rename to src/patches/logwatch/logwatch-7.11-date_manip6.patch
index 015e7d6bed..7f9ebd1c63 100644
--- a/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch
+++ b/src/patches/logwatch/logwatch-7.11-date_manip6.patch
@@ -1,9 +1,9 @@
---- Logwatch.pm.orig 2012-06-20 09:58:12.786294471 +0200
-+++ Logwatch.pm 2012-06-20 09:41:59.443055298 +0200
+--- Logwatch.pm.orig 2022-02-07 01:59:10.000000000 +0100
++++ Logwatch.pm 2024-08-27 15:16:30.023491645 +0200
@@ -4,6 +4,10 @@
-
+
package Logwatch;
-
+
+# Define interace version 5 for Date::Manip
+BEGIN {
+ $Date::Manip::Backend = 'DM5';
diff --git a/src/patches/logwatch/logwatch-7.11-disable_iptables.patch b/src/patches/logwatch/logwatch-7.11-disable_iptables.patch
new file mode 100644
index 0000000000..9876c2ecb8
--- /dev/null
+++ b/src/patches/logwatch/logwatch-7.11-disable_iptables.patch
@@ -0,0 +1,14 @@
+--- logwatch-7.11/conf/logwatch.conf.orig 2024-01-22 20:31:51.000000000 +0100
++++ logwatch-7.11/conf/logwatch.conf 2024-08-27 15:17:43.685786586 +0200
+@@ -126,6 +126,11 @@
+ # prints useful system configuration info.
+ Service = "-eximstats" # Prevents execution of eximstats service, which
+ # is a wrapper for the eximstats program.
++
++# Disabled: 'iptables'
++Service = "-iptables"
++
++
+ # Because the above sets "All" as the default, and disables certain
+ # services, you can also set the Service variable to an empty string
+ # in your local logwatch.conf (by default, under /etc/logwatch/conf).
diff --git a/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch b/src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch
similarity index 71%
rename from src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch
rename to src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch
index af792250f1..dc39ee4018 100644
--- a/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch
+++ b/src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch
@@ -1,6 +1,6 @@
-diff -U 3 a/conf/services/mdadm.conf b/conf/services/mdadm.conf
---- a/conf/services/mdadm.conf Sat Jan 22 01:00:00 2022
-+++ b/conf/services/mdadm.conf Sun Apr 10 10:48:21 2022
+diff -Naur logwatch-7.11.orig/conf/services/mdadm.conf logwatch-7.11/conf/services/mdadm.conf
+--- logwatch-7.11.orig/conf/services/mdadm.conf 2018-12-17 02:47:45.000000000 +0100
++++ logwatch-7.11/conf/services/mdadm.conf 2024-08-27 15:18:31.430605943 +0200
@@ -13,7 +13,7 @@
# Logwatch will try to find md devices in /etc/mdadm.conf or
# /etc/mdadm/mdadm.conf. If none of these files exist it can scan actively
@@ -10,14 +10,14 @@ diff -U 3 a/conf/services/mdadm.conf b/conf/services/mdadm.conf
# Logwatch will emit an error for md devices listed in /etc/mdadm.conf
# that are not present. If you do not want this (e.g. raid devices may come
-diff -U 3 a/scripts/services/mdadm b/scripts/services/mdadm
---- a/scripts/services/mdadm Sat Jan 22 01:00:00 2022
-+++ b/scripts/services/mdadm Sun Apr 10 10:38:19 2022
+diff -Naur logwatch-7.11.orig/scripts/services/mdadm logwatch-7.11/scripts/services/mdadm
+--- logwatch-7.11.orig/scripts/services/mdadm 2023-05-21 02:25:35.000000000 +0200
++++ logwatch-7.11/scripts/services/mdadm 2024-08-27 15:21:08.495487732 +0200
@@ -36,7 +36,7 @@
if (
open($mdadm, "<", "/etc/mdadm.conf") or
open($mdadm, "<", "/etc/mdadm/mdadm.conf") or
-- open($mdadm, "<", "mdadm --detail --scan 2>/dev/null|")) {
+- open($mdadm, "-|", "mdadm --detail --scan")) {
+ open($mdadm, "<", "sudo mdadm --detail --scan 2>/dev/null|")) {
while (<$mdadm>) {
if (/^ARRAY/) {
diff --git a/src/patches/logwatch/logwatch-7.6-disable_iptables.patch b/src/patches/logwatch/logwatch-7.6-disable_iptables.patch
deleted file mode 100644
index 99c5b493b0..0000000000
--- a/src/patches/logwatch/logwatch-7.6-disable_iptables.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -U 3 a/conf/logwatch.conf b/conf/logwatch.conf
---- a/conf/logwatch.conf Sat Jan 22 01:00:00 2022
-+++ b/conf/logwatch.conf Sun Apr 10 10:33:20 2022
-@@ -96,6 +96,10 @@
- # prints useful system configuration info.
- Service = "-eximstats" # Prevents execution of eximstats service, which
- # is a wrapper for the eximstats program.
-+
-+# Disabled: 'iptables'
-+Service = "-iptables"
-+
- # If you only cared about FTP messages, you could use these 2 lines
- # instead of the above:
- #Service = ftpd-messages # Processes ftpd messages in /var/log/messages
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-09-22 14:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-22 14:51 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 9682fa9fe769ea84a032400b2855e7ef4a975696 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox