From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZK09K34Pmz331h for ; Fri, 21 Mar 2025 11:10:29 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZK09K2qv5z32vw for ; Fri, 21 Mar 2025 11:10:29 +0000 (UTC) Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "people01.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZK09J5NZ4z5m7 for ; Fri, 21 Mar 2025 11:10:28 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1742555428; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=z793xOCf574U9baiJq2ITmhlxtNloKBbmlqMD2/1ta0=; b=55CGJwGssnAmBBlPXGaZu7E+SDxGQaKEWBOGotP+QMCnfY/fYfce2iSCXS4zaVD5HNrD7j V9BDI+zsBLkfnCDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1742555428; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=z793xOCf574U9baiJq2ITmhlxtNloKBbmlqMD2/1ta0=; b=VY/dJOqYbIKWzFQI8fJekkkf06vUDIBpWoH6eWyIAXCmFIP+9Aswk1hl0rwtbyo7vF1TN8 B59G+Uy63c6ywfv3kIL2y+7N6fbVHHVaJiVPTEmIorhcIrO0alS/3a7MnzeX3QFdpV+tV8 scx/E+hYT3JWL0DdIYe2DjgOAEkEqBTMsdDI3+ifiH96Mebkaa7DwzvkfLOv1YtbMAz1Vk XbwYUm/U4vu/kYSs4IxJWiEvMP/+nT/S1XtJiYHFu0tQHxm7z7YgwaXJwVGVKnT619qHEr 6ygtN2b1nNm39FXmFkId4iGVc2vb2jUbyMAS+Wbbs6CVHq9vn2BacLEV9SwvmQ== Received: by people01.haj.ipfire.org (Postfix, from userid 1000) id 4ZK09J3f9dz2xsr; Fri, 21 Mar 2025 11:10:28 +0000 (UTC) To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 2c6dbe05755d81aa0a56969df825915c9df8c739 X-Git-Refname: refs/heads/next X-Git-Reftype: branch X-Git-Oldrev: bae5b30b5217d48851bd41a2f784a68f67573b35 X-Git-Newrev: 2c6dbe05755d81aa0a56969df825915c9df8c739 Message-Id: <4ZK09J3f9dz2xsr@people01.haj.ipfire.org> Date: Fri, 21 Mar 2025 11:10:28 +0000 (UTC) From: Michael Tremer Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 2c6dbe05755d81aa0a56969df825915c9df8c739 (commit) via 75a5b33f2b929b1bc75501b3e4a40b3a84d856a6 (commit) via 19c13b8e997058db1a0ffac90093bfdc2a6eee8a (commit) via 868b52c2a7b72aca170b5e6228d9108b71716eaf (commit) from bae5b30b5217d48851bd41a2f784a68f67573b35 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2c6dbe05755d81aa0a56969df825915c9df8c739 Author: Michael Tremer Date: Fri Mar 21 11:10:12 2025 +0000 samba: Fix riscv64 rootfile Signed-off-by: Michael Tremer commit 75a5b33f2b929b1bc75501b3e4a40b3a84d856a6 Author: Adolf Belka Date: Fri Mar 21 11:24:56 2025 +0100 samba: Update to version 4.22.0 - Update from version 4.21.4 - Update of rootfile for all three architectures - Changelog 4.22.0 NEW FEATURES/CHANGES SMB3 Directory Leases Starting with Samba 4.22 SMB3 Directory Leases are supported. The new global option "smb3 directory leases" controls whether the feature is enabled or not. By default, SMB3 Directory Leases are enabled on non-clustered Samba and disabled on clustered Samba, based on the "clustering" option. See man smb.conf for more details. SMB3 Directory Leases allow clients to cache directory listings and, depending on the workload, result in a decent reduction in SMB requests from clients. Netlogon Ping over LDAP and LDAPS Samba must query domain controller information via simple queries on the AD rootdse's netlogon attribute. Typically this is done via connectionless LDAP, using UDP on port 389. The same information is also available via classic LDAP rootdse queries over TCP. Samba can now be configured to use TCP via the new "client netlogon ping protocol" parameter to enable running in environments where firewalls completely block port 389 or UDP traffic to domain controllers. Experimental Himmelblaud Authentication in Samba Samba now includes experimental support for Azure Entra ID authentication via `himmelblaud`, located in the `rust/` directory. This implementation provides basic authentication and is configured through `smb.conf`, utilizing options such as `realm`, `winbindd_socket_directory`, and `template_homedir`. New global parameters include `himmelblaud_sfa_fallback`, `himmelblaud_hello_enabled`, and `himmelblaud_hsm_pin_path`. To enable, configure Samba with `--enable-rust --with-himmelblau`. AD DC schema upgrade and provision performance improvements By increasing the LDB index cache size for certain offline operations that are likely to require large transactions, these are now several times faster. REMOVED FEATURES The "nmbd proxy logon" feature was removed. This was used before Samba4 acquired a NBT server. The parameter "cldap port" has been removed. CLDAP runs over UDP port 389, we don't see a reason why this should ever be changed to a different port. Moreover, we had several places in the code where Samba did not respect this parameter, so the behaviour was at least inconsistent. fruit:posix_rename This option of the vfs_fruit VFS module that could be used to enable POSIX directory rename behaviour for OS X clients has been removed as it could result in severe problems for Windows clients. As a possible workaround it is possible to prevent creation of .DS_Store files (a Finder thingy to store directory view settings) on network mounts by running $ defaults write com.apple.desktopservices DSDontWriteNetworkStores true on the Mac. smb.conf changes Parameter Name Description Default -------------- ----------- ------- smb3 directory leases New Auto vfs mkdir use tmp name New Auto client netlogon ping protocol New cldap himmelblaud hello enabled New no himmelblaud hsm pin path New default hsm pin path himmelblaud sfa fallback New no client use krb5 netlogon Experimental no reject aes netlogon servers Experimental no server reject aes schannel Experimental no server support krb5 netlogon Experimental no fruit:posix_rename Removed cldap port Removed CHANGES SINCE 4.22.0rc4 * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on OpenBSD. * BUG 15797: Unable to connect to CephFS subvolume shares with vfs_shadow_copy2. * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on OpenBSD. * BUG 15820: Incorrect FSF address in ctdb pcp scripts. * BUG 15804: "samba-tool domain backup offline" hangs. CHANGES SINCE 4.22.0rc3 * BUG 15815: client use krb5 netlogon is experimental and should not be used in production. CHANGES SINCE 4.22.0rc2 * BUG 15738: Creation of GPOs applicable to more than one group is impossible with Samba 4.20.0 and later. * BUG 15806: samba-tool acl commands broken for relative path names * BUG 15807: pysmbd seg faults when file is not found. * BUG 15796: Spotlight search results don't show file size and creation date. * BUG 15759: net ads create/join/winbind producing unix dysfunctional keytabs. * BUG 15806: samba-tool acl commands broken for relative path names. * BUG 15807: pysmbd seg faults when file is not found. * BUG 15680: Trust domains are not created. * BUG 15680: Trust domains are not created. * BUG 15703: General improvements for vfs_ceph_new module. CHANGES SINCE 4.22.0rc1 * BUG 15798: libnet4: seg fault after dc lookup failure Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 19c13b8e997058db1a0ffac90093bfdc2a6eee8a Author: Michael Tremer Date: Fri Mar 21 11:08:14 2025 +0000 core194: Ship bind Signed-off-by: Michael Tremer commit 868b52c2a7b72aca170b5e6228d9108b71716eaf Author: Matthias Fischer Date: Thu Mar 20 23:58:22 2025 +0100 bind: Update to 9.20.7 For details see: https://downloads.isc.org/isc/bind9/9.20.5/doc/arm/html/notes.html#notes-for-bind-9-20-7 Excerpt: "Notes for BIND 9.20.7 New Features Implement the min-transfer-rate-in configuration option. ... Add HTTPS record query to host command line tool. ... Implement sig0key-checks-limit and sig0message-checks-limit. ... Bug Fixes Fix dual-stack-servers configuration option. ... Fix a data race causing a permanent active client increase. ... Fix deferred validation of unsigned DS and DNSKEY records. ... Fix RPZ race condition during a reconfiguration. ... “CNAME and other data check” not applied to all types. ... Relax private DNSKEY and RRSIG constraints. ... Remove NSEC/DS/NSEC3 RRSIG check from dns_message_parse(). ... Fix TTL issue with ANY queries processed through RPZ “passthru”. ... dnssec-signzone needs to check for a NULL key when setting offline. ... Fix a bug in the statistics channel when querying zone transfer information. ... Fix assertion failure when dumping recursing clients. ... Dump the active resolver fetches from dns_resolver_dumpfetches()" Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/rootfiles/common/bind | 10 +++++----- config/rootfiles/{oldcore/100 => core/194}/filelists/bind | 0 config/rootfiles/packages/aarch64/samba | 7 +++++-- config/rootfiles/packages/riscv64/samba | 7 +++++-- config/rootfiles/packages/x86_64/samba | 7 +++++-- lfs/bind | 4 ++-- lfs/samba | 6 +++--- 7 files changed, 25 insertions(+), 16 deletions(-) copy config/rootfiles/{oldcore/100 => core/194}/filelists/bind (100%) Difference in files: diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index 8c50f830a..0467b7b04 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -240,18 +240,18 @@ usr/bin/nsupdate #usr/include/ns/types.h #usr/include/ns/update.h #usr/include/ns/xfrout.h -usr/lib/libdns-9.20.6.so +usr/lib/libdns-9.20.7.so #usr/lib/libdns.la #usr/lib/libdns.so -usr/lib/libisc-9.20.6.so +usr/lib/libisc-9.20.7.so #usr/lib/libisc.la #usr/lib/libisc.so -usr/lib/libisccc-9.20.6.so +usr/lib/libisccc-9.20.7.so #usr/lib/libisccc.la #usr/lib/libisccc.so -usr/lib/libisccfg-9.20.6.so +usr/lib/libisccfg-9.20.7.so #usr/lib/libisccfg.la #usr/lib/libisccfg.so -usr/lib/libns-9.20.6.so +usr/lib/libns-9.20.7.so #usr/lib/libns.la #usr/lib/libns.so diff --git a/config/rootfiles/core/194/filelists/bind b/config/rootfiles/core/194/filelists/bind new file mode 120000 index 000000000..48a0ebaef --- /dev/null +++ b/config/rootfiles/core/194/filelists/bind @@ -0,0 +1 @@ +../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba index 7d261bc58..045459b57 100644 --- a/config/rootfiles/packages/aarch64/samba +++ b/config/rootfiles/packages/aarch64/samba @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so usr/lib/libndr-standard.so.0 usr/lib/libndr-standard.so.0.0.1 usr/lib/libndr.so -usr/lib/libndr.so.5 -usr/lib/libndr.so.5.0.0 +usr/lib/libndr.so.6 +usr/lib/libndr.so.6.0.0 usr/lib/libnetapi.so usr/lib/libnetapi.so.1 usr/lib/libnetapi.so.1.0.0 @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py #usr/lib/python3.10/site-packages/samba/tests/registry.py #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py +#usr/lib/python3.10/site-packages/samba/tests/rust.py #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py #usr/lib/python3.10/site-packages/samba/tests/s3param.py @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so usr/lib/samba/libsocket-blocking-private-samba.so usr/lib/samba/libstable-sort-private-samba.so usr/lib/samba/libsys-rw-private-samba.so +usr/lib/samba/libtalloc-private-samba.so usr/lib/samba/libtalloc-report-printf-private-samba.so usr/lib/samba/libtalloc-report-private-samba.so usr/lib/samba/libtdb-private-samba.so diff --git a/config/rootfiles/packages/riscv64/samba b/config/rootfiles/packages/riscv64/samba index bf7d3f069..04ff9e551 100644 --- a/config/rootfiles/packages/riscv64/samba +++ b/config/rootfiles/packages/riscv64/samba @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so usr/lib/libndr-standard.so.0 usr/lib/libndr-standard.so.0.0.1 usr/lib/libndr.so -usr/lib/libndr.so.5 -usr/lib/libndr.so.5.0.0 +usr/lib/libndr.so.6 +usr/lib/libndr.so.6.0.0 usr/lib/libnetapi.so usr/lib/libnetapi.so.1 usr/lib/libnetapi.so.1.0.0 @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py #usr/lib/python3.10/site-packages/samba/tests/registry.py #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py ++usr/lib/python3.10/site-packages/samba/tests/rust.py #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py #usr/lib/python3.10/site-packages/samba/tests/s3param.py @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so usr/lib/samba/libsocket-blocking-private-samba.so usr/lib/samba/libstable-sort-private-samba.so usr/lib/samba/libsys-rw-private-samba.so ++usr/lib/samba/libtalloc-private-samba.so usr/lib/samba/libtalloc-report-printf-private-samba.so usr/lib/samba/libtalloc-report-private-samba.so usr/lib/samba/libtdb-private-samba.so diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba index 988370a16..c545835eb 100644 --- a/config/rootfiles/packages/x86_64/samba +++ b/config/rootfiles/packages/x86_64/samba @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so usr/lib/libndr-standard.so.0 usr/lib/libndr-standard.so.0.0.1 usr/lib/libndr.so -usr/lib/libndr.so.5 -usr/lib/libndr.so.5.0.0 +usr/lib/libndr.so.6 +usr/lib/libndr.so.6.0.0 usr/lib/libnetapi.so usr/lib/libnetapi.so.1 usr/lib/libnetapi.so.1.0.0 @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py #usr/lib/python3.10/site-packages/samba/tests/registry.py #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py +#usr/lib/python3.10/site-packages/samba/tests/rust.py #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py #usr/lib/python3.10/site-packages/samba/tests/s3param.py @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so usr/lib/samba/libsocket-blocking-private-samba.so usr/lib/samba/libstable-sort-private-samba.so usr/lib/samba/libsys-rw-private-samba.so +usr/lib/samba/libtalloc-private-samba.so usr/lib/samba/libtalloc-report-printf-private-samba.so usr/lib/samba/libtalloc-report-private-samba.so usr/lib/samba/libtdb-private-samba.so diff --git a/lfs/bind b/lfs/bind index c23fb1a9d..a35d82975 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@ include Config -VER = 9.20.6 +VER = 9.20.7 THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 2ee3770517a811f64899993ead37d919e746960a72e754546d6cfcab4e57b034392254eda7341efd1b7fdd976225b951c42cf52ed462a7a136829dbdad43312d +$(DL_FILE)_BLAKE2 = c5198939382e7295b4dfcb2ddbd86e5bccc10047d5e963dab2381404eb7a14543218e3caa438b395a2982cb607da84012f3a76a41c790a48ed615238bc080b5c install : $(TARGET) diff --git a/lfs/samba b/lfs/samba index e9529a176..5101244b3 100644 --- a/lfs/samba +++ b/lfs/samba @@ -24,7 +24,7 @@ include Config -VER = 4.21.4 +VER = 4.22.0 SUMMARY = A SMB/CIFS File, Print, and Authentication Server THISAPP = samba-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 111 +PAK_VER = 112 DEPS = avahi libtalloc perl-Parse-Yapp wsdd @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 37c3b924799369dfe7a9ac208d3e470d4c41c45eb725f973e6948c3581523abe5fe768ea0a82e38c5a1cf5ad238896ddfd1783a1adebc9fa6d42fbb6769e9bdb +$(DL_FILE)_BLAKE2 = 27997ad025cbdc246c906bb05bf1c67749decc8e760c68cd4837b5121295613824b11f0eea91de6e7cb551ccc5193d189d5742dc7096305565ca8794baa7b585 install : $(TARGET) hooks/post-receive -- IPFire 2.x development tree