* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. a9385007604ea2c7e9c91d0779150a1823aa3341
@ 2026-04-28 12:57 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-04-28 12:57 UTC (permalink / raw)
To: ipfire-scm
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 76426 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via a9385007604ea2c7e9c91d0779150a1823aa3341 (commit)
via cfd3022710f9405781b02550e696bc7274863236 (commit)
via bffaf22289618289f2707bd645640d8c48eb71d5 (commit)
via c77ed68674cdd173d4e33108c97f4bbdf4497194 (commit)
via f3501588cf81d036df62c9e142d06c79e14f050e (commit)
via 92801a0959320e15f3567c362b94831f1afd0dd5 (commit)
via 15bb3763a2d30d36124f0b39029e256348949bdd (commit)
via ac92aa83e8975a21622baf8a35a706ca95fabe42 (commit)
via 33ac6910d2fd13cd11d615848cb5038a266262d6 (commit)
via d4e45f3e7e87f6d53880d2933dcbda562a6ef8df (commit)
via 77a9930b85960b1cc0469de7830391ec7aa0d5a0 (commit)
from acdf1075ca9646af2162ffd1fe4af85de4a2c59c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a9385007604ea2c7e9c91d0779150a1823aa3341
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Apr 28 14:11:03 2026 +0200
core202: Ship knot
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit cfd3022710f9405781b02550e696bc7274863236
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Apr 28 14:11:07 2026 +0200
knot: Update to version 3.5.4
- Update from 3.4.2 to 3.5.4
- Update of rootfile
- find-dependencies run due to sobump. No issues identified.
- Changelog
3.5.4
Features:
- knotd: configurable ZERO-COPY XDP mode (see 'xdp.zero-copy')
- mod-dnserr: module for DNS error reporting
Improvements:
- knotd: 'zone-update-error' statistic counter covers more situations
- knotd: 'zone.catalog-zone' configuration option is ignored if not needed
- knotd: dynamic reconfiguration logs item value in debug mode
- knotd: memory optimizations when reloading a zone file
- knotd: improved interoperability with Bind9 Offline KSK operations
- knotd: improved performance of updated zone check
- knotd: increased maximum configuration database reader limit by 3
- knotd: new warning logs if primaries are outdated during zone refresh
- kxdpgun: JSON output is stream of newline-delimited objects instead of a list
- kxdpgun: extended throughput statistics
- libs: support for loading private ALIAS record type
- libs: upgraded embedded libngtcp2 to 1.22.0
- debian: switched to sysusers.d and tmpfiles.d configurations (Thanks to Luca Boccassi)
- doc: various improvements
Bugfixes:
- mod-onlinesign: incorrect next NSEC owner name leading to a DoS (Thanks to Shang Kunjie)
- knotd: server crash upon receiving a malformed resource record over XFR (Thanks to Haruto Kimura)
- knotd: generated catalog not updated if reconfigured without server restart
- knotd: some cross-zone reconfigurations not handled correctly
- knotd: configuration control transaction not recoverable after a semantic error
- knotd: zone loaded from Redis backend incrementally for non-continuous changes
- knotd: server crash when accessing an HSM in parallel by multiple background workers
- knotd: insufficient module unloading if error
- modules: some module hook registrations not checked for errors
- mod-geoip: server crash if record owner missing in configuration file
- libs: insufficient checks for malformed resource records (Thanks to Haruto Kimura)
- redis: incorrect arity check and use-after-free in AOF (Thanks to Haruto Kimura)
- redis: various issues when processing empty data
3.5.3
Features:
- knotd: added statistics counter for failed zone update (see 'zone-update-error')
- knotd: new D-Bus signal for zones not updated (see 'server.dbus-event')
- knotc: optional parameter for delayed old KSK removal upon submission (see 'zone-ksk-submitted')
- libs: added support for the RESINFO record type
Improvements:
- knotd: zone inclusion deletes the whole subtree of glues and junk from the parent
- knotd: supported unsigned input ZONEMD validation if enabled DNSSEC signing and ZONEMD generate
- knotd: DNSSEC signing not required for key restore
- knotd: increased defaults for 'database.timer-db-max-size' and 'database.kasp-db-max-size'
- knotd: database connection pool is purged if reconfigured
- knotd: removed shutdown delay if connected to a database
- knotd: optimized memory trimming frequency for many zones
- knotd: primary server sends NOTIFY after answering started, not sooner
- redis: GnuTLS is not required to build the module alone !1809
- libs: improved detection of PKCS #11 support !1830
- libs: upgraded embedded libngtcp2 to 1.19.0
- samples: added JSON support to probe_dump (Thanks to Benedikt Heine)
- doc: extended and updated table of compatible PKCS #11 devices
Bugfixes:
- knotd: DS push not replanned if reconfigured during DS submission
- knotd: missing check for empty zone when flushing
- knotd: missing catalog update clear if error
- knotd: failed to parse database address without port specification
- knotd: incorrect thread synchronization when dumping timers
- knotd: server crashes when outbound QUIC connection is closed unexpectedly
- knotd: zone not reloaded from database if not updated incrementally
- knotd: UNIX socket path containing a single colon considered an IPv6 address
- keymgr: program crashes when importing a malformed key
- kdig: missing address context deinitialization when iterating over addresses
- kdig: missing AA flag on NOTIFY query
3.5.2
Features:
- knotd: configurable zone timer storage mode (see 'database.timer-db-sync')
- libknot: added support for the DSYNC record type
- redis: new module command for printing zone information (see 'KNOT.ZONE.INFO')
Improvements:
- knotd: queries to a catalog zone are now allowed also for ACL rules with action 'query'
- knotd: denied query to a catalog zone is responded to with NOTAUTH instead of REFUSED
- knotd: existing PID file is reused if it matches current PID !1819
- knotd: zone purge has its own zone event
- knotd: optimized zone timer storage
- knotd: optimized ACL evaluation
- keymgr: added more algorithms to keystore-test and keystore-bench
- mod-dnstap: added detection for protoc
- libs: upgraded embedded libngtcp2 to 1.18.0
- redis: added support for zone data replication
- redis: extended logging
- doc: various improvements
Bugfixes:
- knotd: failed to receive zone with ZONEMD if enabled DNSSEC signing and ZONEMD generate
- knotd: refresh with pinned master not rescheduled when tolerance period expired
- knotd: failed to build with older libhiredis without TLS support
- knotd: misleading error message when attempting to sign empty zone
- mod-rrl: failed to compile if target architecture was specified
- libknot: failed to dump RRSet if the initial output buffer was too small
- libdnssec: missing digest.h in dnssec.h
- redis: defective communication with sentinel
- redis: failed zone load was not rescheduled
- redis: several memory leaks
3.5.1
Features:
- knotc: new command for setting zone SOA serial (see 'zone-serial-set')
Improvements:
- knotd: zone database listen configuration now accepts a hostname value
- knotd: support for specifying multiple zone databases (see 'zone-db-listen')
- knotd: added serial parameter to D-Bus event 'external_verify'
- libs: upgraded embedded libngtcp2 to 1.16.0
- configure: new option for specifying Redis module destination (see '--with-redisdir')
- configure: Redis support is fully optional (see '--enable-redis') (Thanks to Nicolas Parlant)
- deb,rpm: renamed inappropriate package 'redis-knot' to 'redis-module-knot'
Bugfixes:
- knotd: failed to build on PowerPC and MIPS
- knotd: missing some checks for file operations
- knotd: zones added via knotc conf-set include not loaded until restart
- knotd: zone-diff after zone-begin prints misleading SOA removal
- knotd: failed to load from other PEM keystores if PKCS #11 keystore is configured
- knotd: failed to restore PKCS #11 keystore #960
- knotc: failed to compile on GNU Hurd
- keymgr: missing deprecation warning for 'local-serial' command
- configure: linked with libhiredis even when configured with --disable-redis
- deb,rpm: incorrect destination for Redis module (see 'Database zone backend')
3.5.0
Features:
- knotd: database zone backend using Redis/Valkey (see 'Database zone backend')
- knotd: support for multiple control sockets (see 'control.listen')
- knotd: external zone validation (see 'External validation')
- knotd: authorization based on certificate hostname validation (see 'DNS over QUIC')
- knotd: multiple keystores can be specified per policy (see 'DNSSEC multiple keystores')
- knotd: specified resource record types can be omitted when loading (see 'zone.zonefile-skip')
- knotd: configurable delay before zone change processing (see 'zone.update-delay')
- knotd: subzone flattening (see 'zone.include-from')
Improvements:
- knotd: optimized dynamic zone addition/removal for many zones
- knotd: optimized catalog updates for many zones
- knotd: replaced a poor atomic fallback with a spin-lock-protected version
- knotd: support for independent SOA serial series on the secondary side
- knotd: self-signed certificate contains SAN instead of CN
- knotd: removed RCU synchronization lock between unrelated zones' updates
- knotd: zone-reload/reload fails if there is a module configuration error
- knotd: control interfaces are started before zones loading
- knotd: session ticket pool is purged on server reload if changed credentials
- knotc: status returns 'Loading' if the server is not yet answering
- knotc: extended tab completion for details, filters, and paths
- kzonecheck: zone origin auto-detection uses SOA owner from the checked zone file
- libknot: XDP drops packets with too many or inappropriate extended IPv6 headers
- libknot: extended XDP checks for correct packets
- libknot: semantically malformed resource records are dumped in generic format
- libs: upgraded embedded libngtcp2 to 1.15.0
- knot-exporter: less confusing option parsing and documentation
- doc: various improvements
Bugfixes:
- knotd: if multiple primaries send NOTIFY concurrently, only the last remote is queried
- knotd: failed to build on macOS with POSIX semaphores
- knotd: early zone free due to RCU-delayed update cleanup
- knotd: server crashes if "" value overrides template master value
- knot-exporter: label collisions caused by duplicate metrics (Thanks to Guillaume Cornet)
Packaging:
- deb,rpm: keymgr extracted to a separate package knot-keymgr
- deb,rpm: new package redis-knot with a Knot module for Redis/Valkey
- docker: upgraded to Debian trixie-slim
Compatibility:
- license: project relicensed to GPL-2.0-or-later
- knotd: new default value of 'policy.nsec3-salt-length' is 0
- knot-exporter: renamed some metrics, labes, or units (see 'Migration')
3.4.8
Features:
- keymgr: implemented key pregeneration for later use (see 'for-later')
Improvements:
- knotd: decreased remote session ticket lifetime to 1200 seconds
- knotd: TCP connection is not shared between SOA and XFR if 'remote.no-edns' is set
- knotd: 'zone.notify-delay' now applies to every outgoing NOTIFY
- knotd: reduced timers database size by omitting zero timer values
- knotd: zone-reload can be called on an expired zone
- knotd: improved configuration commit performance when many zones are present
- keymgr: allowed boolen key flags without an explicit 'on' value
- keymgr: support for colon separators in keyid specification
- utils: added INTERNET and CHAOS aliases for IN and CH class names
- libs: upgraded embedded libngtcp2 to 1.14.0
- doc: various improvements
Bugfixes:
- knotd: possible use after free if member zone is reused when full reload
- knotd: incorrect zone update revert adjustments
3.4.7
Features:
- knotd: implemented optional NOTIFY delay upon zone loading (see 'zone.notify-delay')
- knotd: failed ZONEMD validation emits 'dnssec-invalid' D-Bus event
- kdig: added option for delayed reading of next transfer message (see '+msgdelay')
- kzonecheck: new parameter for job count (see '-j')
Improvements:
- knotd: semantic checks support DS algorithms 5 and 6
- knotd: pending generation of reverse records is logged as warning
- knotd: DNSKEY synchronization considers keytag modulo for better reliability
- knotd: zone-(un)set parser errors no longer logged by the server
- knotd: more verbose zone-(un)set parser errors are returned to the client
- knotc: configuration warnings are printed only with the conf-check command
- kdig: enabled TLS 1.2 support (with warning)
- kdig: more verbose TLS/QUIC certificate information - SAN (see '-dd')
- mod-rrl: disabled optimized KRU version on macOS to fix CPU issues
- libknot: added two specific variants of KNOT_EAGAIN error (KNOT_NET_EAGAIN, KNOT_ETRYAGAIN)
- libs: upgraded embedded libngtcp2 to 1.13.0
- knot-exporter: added maximum libknot version dependency #956
- knot-exporter: removed return statement from a finally block #957
- packaging: new knot-exporter and python3-libknot RPM subpackages
- doc: simplified highlighting of options enabled by default
- doc: various improvements
Bugfixes:
- knotd: false warning for missing glue if NS is at other delegation
- knotd: missing rdata canonicalization in zone-(un)set operations
- knotd: missing check for member zone configured with a non-generated catalog
- knotd: benevolent IXFR skips whole rrset when ignoring a record
- knotd: missing next remove key action log during KSK/algorithm rollover
- knotd: missing catalog template configuration checks
- knotd: missing check for empty QUIC connection in XDP mode
- libknot: incorrect trailing rdata check in packet parser
- kdig: ignored DoQ response from dnsdist #954
- packaging: uninstalling lib*t64 packages removes files from upstream packages
3.4.6
Improvements:
- knotd: default TSIG algorithm is now 'hmac-sha256'
- knotd: added zone expiration info to the failed zone refresh log
- knotd: reverse record generation now accepts multiple forward zones to be reversed
- keymgr: underscores are now tolerated instead of dashes in command names
- keymgr: correct mnemonic 'rsasha1-nsec3-sha1' is used instead of 'rsasha1nsec3sha1'
- kdig: new '+[no]doflag' alias for '+[no]dnssec' #952
- kdig: documented default option values #951
- kxdpgun: extended JSON output with some packet statistics
- doc: various updates and improvements
Bugfixes:
- knotd: failed to stop the server if 'dbus-event: running` is set
- knotd: TLS 0-RTT not working if compiled with the QUIC support
- knotd: TLS handshake fails on FreeBSD
- knotd: outbound QUIC communication fails on FreeBSD
- knotd: KSK submission not ignored in the manual key management mode
- knotd: failed to bind to a UNIX socket on recent Linux kernels
- kzonecheck: failed to check non-trivial zones through standard input
3.4.5
Features:
- knotd: support for SOA serial shift (see 'serial-modulo')
- knotd: new server statistics (see 'tcp-io-timeout"' and 'tcp-idle-timeout')
Improvements:
- knotd: better signing performance of many zones in parallel by
moving 'last_signed_serial' from KASP database to timer database
- knotd: the 'terminated inactive client' TCP log moved to debug level
- knotd: allowed initial DDNS to an empty zone
- knotd: extended backup and flush argument checks
- knotd: new debug logs for zone events suspension
- libs: upgraded embedded libngtcp2 to 1.11.0
- doc: new section Multi-primary, updates
Bugfixes:
- libdnssec: inappropriate DNSKEY flags evaluation
- libknot: incorrect VLAN map size calculation for XDP
3.4.4
Features:
- knotd: added support for EDNS ZONEVERSION
- kdig: added support for EDNS ZONEVERSION (see '+zoneversion')
Improvements:
- knotd: improved control error detection and reporting
- kdig: proper section names for exported DDNS messages
- libs: upgraded embedded libngtcp2 to 1.10.0
- python: expanded documentation for the libknot control API
- doc: updated XDP prerequisites
Bugfixes:
- knotd: a DNAME record at the zone apex with active NSEC3 not accepted via XFR
- knotd: configuration abort times out if no active transaction
- knotd: defective serial modulo result if it overflows
- knotd: TLS connections not properly terminated
- knotd: maximum zone TTL not correctly recomputed after RRSIG TTL change
- knotd: zone hangs if zone reload fails (Thanks to solidcc2)
- knotd: statistics dump generates invalid YAML output if XDP is enabled #947
- knotd: insufficient check for incomplete control message
- mod-dnstap: used incorrect type for DDNS messages
- knot-exporter: failed to run with Python 3.11 or older
- tests: test_atomic and test_spinlock require building with the daemon enabled #946
3.4.3
Improvements:
- knotd: improved processing of QNAMEs containing zero bytes
- knotd: zone expiration now aborts possible zone control transaction #929
- knotd: generated catalog memeber metadata is stored when the zone is loaded
- knotd: new configuration check for using default NSEC3 salt length, which will change
- mod-rrl: added QNAME (if possible) and transport protocol to log messages
- mod-rrl: increased defaults for 'log-period' to 30 secs, 'rate-limit' to 50,
'instant-rate-limit' to 125, and 'time-rate-limit' to 5 ms
- kxdpgun: added space separators to some printed values for better readability
- libs: upgraded embedded libngtcp2 to 1.9.1
- knot-exporter: zone timers metric is now disabled by default (see '--zone-timers')
- packaging: added build dependency softhsm for PKCS #11 testing on RPM distributions
- doc: updated description of DNSSEC key management and module RRL
Bugfixes:
- knotd: more active ZSKs cause cumulative ZSK rollovers
- knotd: zone purge clears active generated catalog member metadata
- mod-rrl: authorized requests are rate limited #943
- kdig: misleading warning about timeout during QUIC connection
- keymgr: public-only keys are marked as missing in the list output
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit bffaf22289618289f2707bd645640d8c48eb71d5
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Apr 28 14:11:11 2026 +0200
samba: Update to version 4.24.1
- Update from version 4.23.6 to 4.24.1
- Update of rootfiles for all three architectures
- Changelog
4.24.1
* BUG 16057: autobuild fails if /proc/version contains trailing space
* BUG 16035: use after free in streams_xattr_connect()
* BUG 16042: rpc workers with long living clients grow server memory keytab
* BUG 16058: vfs_snapper failing to access or enumerate files in subfolders
* BUG 16040: Samba is not build with FORTIFY_SOURCE
* BUG 16055: Fix tests with MIT Kerberos 1.22.x
4.24.0
NEW FEATURES/CHANGES
Authentication information audit support
There are some Active Directory attributes that are not secret, but
are relied on in some forms of authentication. Changes to these
attributes could indicate surreptitious activity. The
"dsdb_password_audit" and "dsdb_password_json_audit" debug classes now
log changes to the following attributes:
* altSecurityIdentities
* dNSHostName
* msDS-AdditionalDnsHostName
* msDS-KeyCredentialLink
* servicePrincipalName
For the JSON logs, changes to these will be logged with the "action"
field set to "Auth info change".
vfs_streams_xattr can hold larger streams
On Linux the size of a single extended attribute is limited to 65536
bytes of size. For some file systems, this is also the overall limit
of space for xattrs, but for example xfs can hold more than that 64k
of extended xattrs, although the individual xattr is still limited to
64k. Setting
streams_xattr:max xattrs per stream = 1
to a higher value than 1 will allow Samba to shard the stream to more
than one xattr. It has an artificial limit of 16 for a maximum stream
length of 1MB.
Support for remote password management (Entra ID SSPR, Keycloak)
When a system such as Entra ID or Keycloak wants to change a user's
password in its own database as well as in AD, it will use a password
reset, meaning it does not transmit the old password to the domain
controller. Normally a password reset avoids password history and age
checks, which would allow a cloud password change to bypass
on-premises password policies. To address this, a password reset using
the "policy hints" control should respect password policies, as if it
were an ordinary password change. Both Entra ID and Keycloak use this,
but until now Samba did not understand this control, and would reject
these reset requests.
Now Samba AD will recognise the policy hints control and enforce local
policy. This allows Microsoft Entra self-service password reset (SSPR)
to work, and for Keycloak to work with the "password policy hints
enabled" option.
Kerberos PKINIT KeyTrust logon support
Samba servers configured with the embedded heimdal KDC and running as an ADDC,
now support "Windows Hello for Business Key-Trust logons". This allows the
PKINIT authentication mechanism to be used with self-signed keys.
The samba-tool computer and user commands have a new "keytrust"
sub-command which allows for the setting and viewing of the public key
details for computer and user accounts. This stores the public key
details in msDS-KeyCredentialLink attribute of the account.
msDS-KeyCredentialLink validation
Updates to the msDS-KeyCredentialLink attribute are validated against the
rules specified by MS-ADTS 3.1.1.5.3.1.1.6.
Kerberos PKINIT strong/flexible key mappings
Samba servers configured with the embedded heimdal KDC and running as an ADDC
now support "Windows Strong and Flexible key mappings" as outlined in
Microsoft KB5014754: Certificate-based authentication changes on Windows domain
controllers.
The default enforcement mode ("full") allows only strong certificate
mappings. The smb.conf option
strong certificate binding enforcement = compatibility
will allow weak mappings where the certificate is newer than the user
account. The option "none" will allow any mappings.
The mappings for an account should be placed in the altSecurityIdentities
attribute and follow the syntax documented in KB5014754.
Kerberos PKINIT SID extension
PKINIT authentication now supports certificates containing an Object SID
extension (extension 1.3.6.1.4.1.311.25.2), this is considered to be a STRONG
mapping for KB5014754.
The computer and user samba-tool commands have a new sub-command
"generate-csr" to generate certificate signing requests.
KDC includes PAC by default
Samba will ignore the value provided by the client in "PA-PAC-REQUEST"
and always include a PAC in responses, unless "kdc always generate
pac" is set to "no".
KDC can insist clients request canonicalization
Canonicalization of principal client names is not mandatory in
Kerberos (per RFC4120), but must be requested by the client. In some
circumstances allows a client to deceive Active Directory member
servers (known as the "dollar ticket" attack).
The new configuration option "kdc require canonicalization" can be
used to require that clients request canonicalization; if they do not,
their AS_REQ requests will be rejected as if the account was unknown.
The default value is "no", for backward compatibility. Windows clients
will ask for canonicalization by default, so in Windows-heavy
environments it is safe and recommended to set this to "yes".
KDC can avoid potentially confusing canonicalization
Currently when the client does not request canonicalization, when the
KDC looks up a name and there is no match it will append a "$" to the
name and try again. An attacker who can create arbitrary machine
accounts can sometimes get tickets for Unix users by mimicking their
names (the "dollar ticket" attack).
The configuration option
kdc name match implicit dollar without canonicalization = no
can be used to disable this behaviour for clients that do not request
canonicalization. Probably this only affects traditional Unix clients,
as Windows clients use canonicalization. If affected clients want a
ticket for a machine account, they will have to use the full name
including the dollar (e.g. "server$", not "server").
If the "kdc require canonicalization" option cannot be set to "yes"
(because some clients do not request canonicalization) setting this
option to "no" is a good alternative.
KDC provides Kerberos acceptors with canonical client names
By default the KDC will now send Kerberos services the canonicalized
name (the sAMAccountName from the PAC) rather than trusting the cname.
To return to the old behaviour, use
krb5 acceptor report canonical client name = no
in the smb.conf.
This currently affects Heimdal KDC only, not MIT.
KDC recommended configuration:
strong certificate binding enforcement full
kdc always include pac yes
kdc require canonicalization yes
If unable to use "kdc require canonicalization" = "yes", then
"kdc name match implicit dollar without implicit canonicalization" should be
set to "no" if possible.
samba tool
Two new sub-commands have been added to the user and computer commands:
user|computer generate-csr
Generate a Certificate signing request for an account containing the
Object SID extension (extension 1.3.6.1.4.1.311.25.2)
user|computer keytrust
Add the public key details of a self signed certificate to an account.
The command supports PEM and DER encoded public keys.
New AIO rate-limiting VFS module
A new VFS stackable module has been introduced to implement rate-limiting for
asynchronous I/O operations. Administrators can now enforce throughput ceilings
by defining limits in either operations per second or bytes per second. The
module utilizes a token-based algorithm to calculate real-time I/O load; when
limits are exceeded, it dynamically injects millisecond delays into async
operations to maintain the defined threshold.
CephFS FSCrypt support for the VFS ceph_new module
The ceph_new VFS module can now make use of the FSCrypt feature recently added
to CephFS. This enhancement enables data and file name encryption on a per
share basis. A single CephFS file system may host a mix of encrypted and
unencrypted directories.
To obtain the encryption keys needed for FSCrypt the ceph_new module includes
support for the Keybridge protocol. Keybridge is an RPC protocol based on
Varlink that can retrieve keys from a local service via a UNIX socket. Users
can choose to develop a custom Keybridge implementation or use the existing
KMIP-compatible Keybridge server available as part of the sambacc project
(https://github.com/samba-in-kubernetes/sambacc).
Domain encryption types changed to AES by default
The default value of the smb.conf option ‘kdc default domain supported enctypes’
now corresponds to ‘aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96’ (both AES
encryption types) if the domain functional level is 2008 or higher. This
addresses CVE-2026-20833.
smb.conf changes
Parameter Name Description Default
strong certificate binding enforcement New full
certificate backdating compensation New 0
kdc always include pac New yes
kdc require canonicalization New no
kdc name match implicit dollar without canonicalization
New yes
kdc default domain supported enctypes New default AES encryption types (if supported by domain)
bugfixes
* BUG 16019: incorrect behavior on rpcclient enumport with rpcd_spoolss
* BUG 16001: altSecurityIdentities X509 issuer DN order is reversed
* BUG 16000: vfs_aio_ratelimit: introduce burst-aware and persistent state
model
4.24.0rc3
* BUG 15990: No function _python_sysroot defined
* BUG 15978: leases torture test flappy
* BUG 15984: smbd: in contend_dirleases() don't bother checking when not
enabled
* BUG 15993: 'net ads kerberos kinit' should use also default ccache name
from krb5.conf
* BUG 15789: "use-kerberos=desired" broken
* BUG 15975: source3/libads/kerberos.c sets wrong failure for negative
connection cache
* BUG 15938: CTDB's statd_callout fails on sm-notify
* BUG 15939: CTDB statd_callout_notify notifies unnecessary clients and loses
their state
* BUG 15939: CTDB statd_callout_notify notifies unnecessary clients and loses
their state
* BUG 15998: Backport domain default AES encryption types to 4.24
4.24.0rc2
* BUG 15979: possible memory leak on rpc_spoolss
* BUG 15972: Winbind group resolution failure
* BUG 15979: possible memory leak on rpc_spoolss
* BUG 15977: ctdbd socket documentation is wrong
* BUG 15976: time_t related build failure on 32bit arch in 4.24.0rc1
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c77ed68674cdd173d4e33108c97f4bbdf4497194
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Apr 28 14:11:05 2026 +0200
core202: Ship oath-toolkit
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit f3501588cf81d036df62c9e142d06c79e14f050e
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Apr 28 14:11:10 2026 +0200
oath-toolkit: Update to version 2.6.14
- Update from version 2.6.13 to 2.6.14
- No change to rootfile
- Changelog
2.6.14
** pam_oath: Support null_usersfile_okay parameter.
The argument no_usersfile_okay forces the module to act as if the user
is not present in the config, if the config file does not exist. This
has security implications only use if you know what you are
doing. E.g. if the file is in a mount like home and that fails to be
mounted, then this will succeed even if the OTP if configured for that
user. Patch by Luna, Jan Zerebecki, and Miika Alikirri; see
<https://codeberg.org/oath-toolkit/oath-toolkit/pulls/94>.
** pam_oath README: Suggest `KbdInteractiveAuthentication`.
Instead of deprecated `ChallengeResponseAuthentication`. Patch by
lvgenggeng, see
<https://codeberg.org/oath-toolkit/oath-toolkit/pulls/112>.
** Various build fixes including updated gnulib files.
Fixes building with glibc 2.43, see
<https://codeberg.org/oath-toolkit/oath-toolkit/issues/113>.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 92801a0959320e15f3567c362b94831f1afd0dd5
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Apr 28 14:11:09 2026 +0200
mympd: Update to version 25.0.1
- Update from version 22.1.1 to 25.0.1
- No chanjge to rootfile
- Changelog
25.0.1
- Upd: Translation #1527 #1529
- Fix: Compile error with libmpdclient 2.24 #1528
25.0.0
This is the first release that supports only MPD 0.23.5 and higher and
Lua 5.4.x and higher.
- Feat: Use myGPIOd REST-API #1510
- Feat: Implement merge sort for linked lists
- Feat: Use a faster algorithm for shuffling linked lists
- Feat: Regularly save the myMPD state if myMPD is active
- Feat: Scripting - Add custom Lua function `mympd.firstTableValue`
- Upd: Bump requirement for MPD and Lua versions
- Upd: Search and utf8 handling improvements
- Upd: Add connection header to responses
- Upd: Improve HTTP session handling
- Fix: Check for minimum string length in json payload
- Fix: libutf8proc is an unused shared library in mympd-script #1520
24.0.3
- Upd: Split sds_extras compile unit
- Fix: test_utf8wrap still fails #1519
- Fix: Reset scrolling position on search
24.0.2
- Fix: Define NDEBUG for all release types but Debug #1515
- Fix: utf8 test failures #1514
24.0.1
- Fix: Handle invalid unicode strings #1511
24.0.0
This release improves the integrated search by using string normalization and
adding a fuzzy search option. Furthermore the mpd connection handling was
improved.
The documentation site was migrated from Mkdocs to Sphinx, because of the
deprecation of Material for Mkdocs.
- Feat: Fuzzy substring matching using the levenshtein distance
- Feat: String normalization for album, webradio, playlists and filesystem search
- Feat: Replace utf8 implementation with utf8proc library
- Feat: Add setting for default search operator
- Upd: Migrate documentation to Sphinx with Sphinx Book Theme #1495
- Upd: Move lyrics handling from mympd_api to webserver thread
- Upd: Performance improvements for mympd_api polling
- Upd: Stability improvements in MPD connection handling
- Upd: Limit length of smart playlists #1505
- Fix: Handling of HTTP connections #1503
- Fix: Endless scrolling in mobile view #1504
23.0.1
- Upd: Translations
- Upd: Mongoose 7.20
- Upd: Optimize build for openSUSE Build Service
- Fix: Segvault in album view if song title tag not exists
- Fix: Segvault in playlist view if song title tag not exists
23.0.0
This versions enhances the jukebox implementation and the album handling.
- Feat: Keep jukebox queue between myMPD restarts #1485
- Feat: Add option for Jukebox Autostart #1482
- Feat: Manually trigger refill of the jukebox queue #1483
- Feat: Configurable jukebox queue lengths #1484
- Feat: Add option for default behavior on click on tag in browse view #1472
- Feat: Optionally group songs with empty album tag in a special
`Unknown Album` album #1472
- Feat: Support large images
- Feat: Add implicit secondary sort tag to album view
- Feat: Add option to increase the size of action icons in lists #1489
- Upd: Remove obsolete config variable save_caches
- Fix: Do not reset scrolling position on update of lists #1478
- Fix: Try to keep select if list is refreshed because of an event #1479
- Fix: Song count and limit calculation for last played list #1487
- Fix: Display Disc 1 for multidisc albums #1490
22.1.2
- Upd: Translations
- Fix: Initialize mg_user_data in debug build
- Fix: Listing songs from Artists List view fails #1474
- Fix: Random select if only one entry must be added #1480
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 15bb3763a2d30d36124f0b39029e256348949bdd
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Apr 28 14:11:04 2026 +0200
core202: Ship lldpd
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ac92aa83e8975a21622baf8a35a706ca95fabe42
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Apr 28 14:11:08 2026 +0200
lldpd: Update to version 1.0.21
- Update from version 1.0.20 to 1.0.21
- No change to rootfile
- Changelog
1.0.21
* Changes:
+ Add "configure lldp portdescription-source" to choose how to populate port
description (#763)
* Fix:
+ Fix path traversal vulnerabilities in the privileged process (#773, #774)
+ Fix arbitrary file deletion in the privileged process (#772)
+ Fix accuracy of Dot3 MAU types advertised and add support for 200G and 400G (#771)
+ Fix detection of wireless interfaces (#738)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 33ac6910d2fd13cd11d615848cb5038a266262d6
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Apr 28 14:11:02 2026 +0200
core202: Ship inotify-tools
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d4e45f3e7e87f6d53880d2933dcbda562a6ef8df
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Apr 28 14:11:06 2026 +0200
inotify-tools: Update to version 4.25.9.0
- Update from version 4.23.9.0 to 4.25.9.0
- No change to rootfile
- Changelog
4.25.9.0
Reject fanotify-only options if fanotify is disabled by @defanor in #196
Fix formatting of man page references by @jwilk in #213
Disable SonarCloud by @ericcurtin in #214
Remove dead builds from README.md by @ericcurtin in #215
Add Fedora 39 build to github actions by @ericcurtin in #216
Add flag for forcing static compilation by @nirhaike in #220
Allow recursive watch with --include by @arnib in #229
Fix a crash on >=1024 watched files by @jankratochvil in #230
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 77a9930b85960b1cc0469de7830391ec7aa0d5a0
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Apr 28 14:11:01 2026 +0200
arpwatch: Update to version 3.9
- Update from version 3.8 to 3.9
- No change to rootfile
- Changelog
3.9
- Use mktemp(1) to obtain a temporary file for update-ethercodes
and avoid potiential security issues. Reported by Johannes Segitz
(jsegitz@suse.de)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/knot | 8 ++++----
.../186 => core/202}/filelists/inotify-tools | 0
.../{oldcore/128 => core/202}/filelists/knot | 0
.../{oldcore/199 => core/202}/filelists/lldpd | 0
.../{oldcore/169 => core/202}/filelists/oath-toolkit | 0
config/rootfiles/packages/aarch64/samba | 17 +++++++++++++++++
config/rootfiles/packages/riscv64/samba | 17 +++++++++++++++++
config/rootfiles/packages/x86_64/samba | 17 +++++++++++++++++
lfs/arpwatch | 12 ++++++------
lfs/inotify-tools | 8 ++++----
lfs/knot | 20 ++++++++++----------
lfs/lldpd | 20 ++++++++++----------
lfs/mympd | 8 ++++----
lfs/oath-toolkit | 9 +++++----
lfs/samba | 6 +++---
15 files changed, 97 insertions(+), 45 deletions(-)
copy config/rootfiles/{oldcore/186 => core/202}/filelists/inotify-tools (100%)
copy config/rootfiles/{oldcore/128 => core/202}/filelists/knot (100%)
copy config/rootfiles/{oldcore/199 => core/202}/filelists/lldpd (100%)
copy config/rootfiles/{oldcore/169 => core/202}/filelists/oath-toolkit (100%)
Difference in files:
diff --git a/config/rootfiles/common/knot b/config/rootfiles/common/knot
index 5d0ab19d3..fdca132f8 100644
--- a/config/rootfiles/common/knot
+++ b/config/rootfiles/common/knot
@@ -4,12 +4,12 @@ usr/bin/kdig
#usr/lib/libdnssec.la
#usr/lib/libdnssec.lai
#usr/lib/libdnssec.so
-usr/lib/libdnssec.so.9
-usr/lib/libdnssec.so.9.0.0
+usr/lib/libdnssec.so.10
+usr/lib/libdnssec.so.10.0.0
#usr/lib/libknot.la
#usr/lib/libknot.lai
#usr/lib/libknot.so
-usr/lib/libknot.so.15
-usr/lib/libknot.so.15.0.0
+usr/lib/libknot.so.16
+usr/lib/libknot.so.16.0.0
#usr/lib/libknotus.a
#usr/lib/libknotus.la
diff --git a/config/rootfiles/core/202/filelists/inotify-tools b/config/rootfiles/core/202/filelists/inotify-tools
new file mode 120000
index 000000000..b316c2e73
--- /dev/null
+++ b/config/rootfiles/core/202/filelists/inotify-tools
@@ -0,0 +1 @@
+../../../common/inotify-tools
\ No newline at end of file
diff --git a/config/rootfiles/core/202/filelists/knot b/config/rootfiles/core/202/filelists/knot
new file mode 120000
index 000000000..28e96f878
--- /dev/null
+++ b/config/rootfiles/core/202/filelists/knot
@@ -0,0 +1 @@
+../../../common/knot
\ No newline at end of file
diff --git a/config/rootfiles/core/202/filelists/lldpd b/config/rootfiles/core/202/filelists/lldpd
new file mode 120000
index 000000000..35e3b1d01
--- /dev/null
+++ b/config/rootfiles/core/202/filelists/lldpd
@@ -0,0 +1 @@
+../../../common/lldpd
\ No newline at end of file
diff --git a/config/rootfiles/core/202/filelists/oath-toolkit b/config/rootfiles/core/202/filelists/oath-toolkit
new file mode 120000
index 000000000..589cc0d9f
--- /dev/null
+++ b/config/rootfiles/core/202/filelists/oath-toolkit
@@ -0,0 +1 @@
+../../../common/oath-toolkit
\ No newline at end of file
diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba
index d1e56440a..f1b997a87 100644
--- a/config/rootfiles/packages/aarch64/samba
+++ b/config/rootfiles/packages/aarch64/samba
@@ -124,6 +124,7 @@ usr/bin/wspsearch
#usr/include/samba-4.0/util/idtree_random.h
#usr/include/samba-4.0/util/signal.h
#usr/include/samba-4.0/util/substitute.h
+#usr/include/samba-4.0/util/talloc_keep_secret.h
#usr/include/samba-4.0/util/tfork.h
#usr/include/samba-4.0/util/time.h
#usr/include/samba-4.0/util_ldb.h
@@ -188,6 +189,7 @@ usr/lib/python3.10/site-packages/ldb.cpython-310-aarch64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/__init__.py
usr/lib/python3.10/site-packages/samba/_glue.cpython-310-aarch64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/_ldb.cpython-310-aarch64-linux-gnu.so
+usr/lib/python3.10/site-packages/samba/asn1.py
usr/lib/python3.10/site-packages/samba/auth.cpython-310-aarch64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/auth_util.py
usr/lib/python3.10/site-packages/samba/colour.py
@@ -287,6 +289,7 @@ usr/lib/python3.10/site-packages/samba/emulate/traffic.py
usr/lib/python3.10/site-packages/samba/emulate/traffic_packets.py
usr/lib/python3.10/site-packages/samba/forest_update.py
usr/lib/python3.10/site-packages/samba/functional_level.py
+usr/lib/python3.10/site-packages/samba/generate_csr.py
usr/lib/python3.10/site-packages/samba/gensec.cpython-310-aarch64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/getopt.py
usr/lib/python3.10/site-packages/samba/gkdi.py
@@ -337,6 +340,7 @@ usr/lib/python3.10/site-packages/samba/kcc/graph.py
usr/lib/python3.10/site-packages/samba/kcc/graph_utils.py
usr/lib/python3.10/site-packages/samba/kcc/kcc_utils.py
usr/lib/python3.10/site-packages/samba/kcc/ldif_import_export.py
+usr/lib/python3.10/site-packages/samba/key_credential_link.py
usr/lib/python3.10/site-packages/samba/logger.py
usr/lib/python3.10/site-packages/samba/lsa_utils.py
usr/lib/python3.10/site-packages/samba/mdb_util.py
@@ -353,6 +357,8 @@ usr/lib/python3.10/site-packages/samba/netbios.cpython-310-aarch64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/netcmd/__init__.py
usr/lib/python3.10/site-packages/samba/netcmd/common.py
usr/lib/python3.10/site-packages/samba/netcmd/computer.py
+usr/lib/python3.10/site-packages/samba/netcmd/computer_generate_csr.py
+usr/lib/python3.10/site-packages/samba/netcmd/computer_keytrust.py
usr/lib/python3.10/site-packages/samba/netcmd/contact.py
usr/lib/python3.10/site-packages/samba/netcmd/dbcheck.py
usr/lib/python3.10/site-packages/samba/netcmd/delegation.py
@@ -434,7 +440,9 @@ usr/lib/python3.10/site-packages/samba/netcmd/user/delete.py
usr/lib/python3.10/site-packages/samba/netcmd/user/disable.py
usr/lib/python3.10/site-packages/samba/netcmd/user/edit.py
usr/lib/python3.10/site-packages/samba/netcmd/user/enable.py
+usr/lib/python3.10/site-packages/samba/netcmd/user/generate_csr.py
usr/lib/python3.10/site-packages/samba/netcmd/user/getgroups.py
+usr/lib/python3.10/site-packages/samba/netcmd/user/keytrust.py
usr/lib/python3.10/site-packages/samba/netcmd/user/list.py
usr/lib/python3.10/site-packages/samba/netcmd/user/move.py
usr/lib/python3.10/site-packages/samba/netcmd/user/password.py
@@ -580,6 +588,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/domain_backup_offline.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_api.py
+#usr/lib/python3.10/site-packages/samba/tests/dsdb_dn.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_dns.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_lock.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_env_tests.py
@@ -609,6 +618,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/kcc/kcc_utils.py
#usr/lib/python3.10/site-packages/samba/tests/kcc/ldif_import_export.py
#usr/lib/python3.10/site-packages/samba/tests/key_credential_link.py
+#usr/lib/python3.10/site-packages/samba/tests/key_credential_link_samdb.py
#usr/lib/python3.10/site-packages/samba/tests/krb5
#usr/lib/python3.10/site-packages/samba/tests/krb5/alias_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/as_canonicalization_tests.py
@@ -629,12 +639,14 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tgs_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tgt_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/krb5/key_trust_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_certificate_mapping_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/protected_users_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/raw_testcase.py
@@ -756,8 +768,10 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_auth_policy.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_auth_silo.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_check_password_script.py
+#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_generate_csr.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_get_kerberos_ticket.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_getpassword_gmsa.py
+#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_keytrust.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_virtualCryptSHA.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_base.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
@@ -975,6 +989,7 @@ usr/lib/samba/vfs/acl_tdb.so
usr/lib/samba/vfs/acl_xattr.so
usr/lib/samba/vfs/aio_fork.so
usr/lib/samba/vfs/aio_pthread.so
+usr/lib/samba/vfs/aio_ratelimit.so
usr/lib/samba/vfs/audit.so
usr/lib/samba/vfs/btrfs.so
usr/lib/samba/vfs/cap.so
@@ -1039,6 +1054,8 @@ usr/sbin/winbindd
#usr/share/locale/hu/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/it/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/ja/LC_MESSAGES/pam_winbind.mo
+#usr/share/locale/ka/LC_MESSAGES/net.mo
+#usr/share/locale/ka/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/ko/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/nb/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/nl/LC_MESSAGES/pam_winbind.mo
diff --git a/config/rootfiles/packages/riscv64/samba b/config/rootfiles/packages/riscv64/samba
index 2cff83ea1..17d234343 100644
--- a/config/rootfiles/packages/riscv64/samba
+++ b/config/rootfiles/packages/riscv64/samba
@@ -124,6 +124,7 @@ usr/bin/wspsearch
#usr/include/samba-4.0/util/idtree_random.h
#usr/include/samba-4.0/util/signal.h
#usr/include/samba-4.0/util/substitute.h
+#usr/include/samba-4.0/util/talloc_keep_secret.h
#usr/include/samba-4.0/util/tfork.h
#usr/include/samba-4.0/util/time.h
#usr/include/samba-4.0/util_ldb.h
@@ -188,6 +189,7 @@ usr/lib/python3.10/site-packages/ldb.cpython-310-riscv64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/__init__.py
usr/lib/python3.10/site-packages/samba/_glue.cpython-310-riscv64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/_ldb.cpython-310-riscv64-linux-gnu.so
+usr/lib/python3.10/site-packages/samba/asn1.py
usr/lib/python3.10/site-packages/samba/auth.cpython-310-riscv64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/auth_util.py
usr/lib/python3.10/site-packages/samba/colour.py
@@ -287,6 +289,7 @@ usr/lib/python3.10/site-packages/samba/emulate/traffic.py
usr/lib/python3.10/site-packages/samba/emulate/traffic_packets.py
usr/lib/python3.10/site-packages/samba/forest_update.py
usr/lib/python3.10/site-packages/samba/functional_level.py
+usr/lib/python3.10/site-packages/samba/generate_csr.py
usr/lib/python3.10/site-packages/samba/gensec.cpython-310-riscv64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/getopt.py
usr/lib/python3.10/site-packages/samba/gkdi.py
@@ -337,6 +340,7 @@ usr/lib/python3.10/site-packages/samba/kcc/graph.py
usr/lib/python3.10/site-packages/samba/kcc/graph_utils.py
usr/lib/python3.10/site-packages/samba/kcc/kcc_utils.py
usr/lib/python3.10/site-packages/samba/kcc/ldif_import_export.py
+usr/lib/python3.10/site-packages/samba/key_credential_link.py
usr/lib/python3.10/site-packages/samba/logger.py
usr/lib/python3.10/site-packages/samba/lsa_utils.py
usr/lib/python3.10/site-packages/samba/mdb_util.py
@@ -353,6 +357,8 @@ usr/lib/python3.10/site-packages/samba/netbios.cpython-310-riscv64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/netcmd/__init__.py
usr/lib/python3.10/site-packages/samba/netcmd/common.py
usr/lib/python3.10/site-packages/samba/netcmd/computer.py
+usr/lib/python3.10/site-packages/samba/netcmd/computer_generate_csr.py
+usr/lib/python3.10/site-packages/samba/netcmd/computer_keytrust.py
usr/lib/python3.10/site-packages/samba/netcmd/contact.py
usr/lib/python3.10/site-packages/samba/netcmd/dbcheck.py
usr/lib/python3.10/site-packages/samba/netcmd/delegation.py
@@ -434,7 +440,9 @@ usr/lib/python3.10/site-packages/samba/netcmd/user/delete.py
usr/lib/python3.10/site-packages/samba/netcmd/user/disable.py
usr/lib/python3.10/site-packages/samba/netcmd/user/edit.py
usr/lib/python3.10/site-packages/samba/netcmd/user/enable.py
+usr/lib/python3.10/site-packages/samba/netcmd/user/generate_csr.py
usr/lib/python3.10/site-packages/samba/netcmd/user/getgroups.py
+usr/lib/python3.10/site-packages/samba/netcmd/user/keytrust.py
usr/lib/python3.10/site-packages/samba/netcmd/user/list.py
usr/lib/python3.10/site-packages/samba/netcmd/user/move.py
usr/lib/python3.10/site-packages/samba/netcmd/user/password.py
@@ -580,6 +588,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/domain_backup_offline.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_api.py
+#usr/lib/python3.10/site-packages/samba/tests/dsdb_dn.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_dns.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_lock.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_env_tests.py
@@ -609,6 +618,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/kcc/kcc_utils.py
#usr/lib/python3.10/site-packages/samba/tests/kcc/ldif_import_export.py
#usr/lib/python3.10/site-packages/samba/tests/key_credential_link.py
+#usr/lib/python3.10/site-packages/samba/tests/key_credential_link_samdb.py
#usr/lib/python3.10/site-packages/samba/tests/krb5
#usr/lib/python3.10/site-packages/samba/tests/krb5/alias_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/as_canonicalization_tests.py
@@ -629,12 +639,14 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tgs_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tgt_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/krb5/key_trust_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_certificate_mapping_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/protected_users_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/raw_testcase.py
@@ -756,8 +768,10 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_auth_policy.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_auth_silo.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_check_password_script.py
+#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_generate_csr.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_get_kerberos_ticket.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_getpassword_gmsa.py
+#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_keytrust.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_virtualCryptSHA.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_base.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
@@ -975,6 +989,7 @@ usr/lib/samba/vfs/acl_tdb.so
usr/lib/samba/vfs/acl_xattr.so
usr/lib/samba/vfs/aio_fork.so
usr/lib/samba/vfs/aio_pthread.so
+usr/lib/samba/vfs/aio_ratelimit.so
usr/lib/samba/vfs/audit.so
usr/lib/samba/vfs/btrfs.so
usr/lib/samba/vfs/cap.so
@@ -1039,6 +1054,8 @@ usr/sbin/winbindd
#usr/share/locale/hu/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/it/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/ja/LC_MESSAGES/pam_winbind.mo
+#usr/share/locale/ka/LC_MESSAGES/net.mo
+#usr/share/locale/ka/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/ko/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/nb/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/nl/LC_MESSAGES/pam_winbind.mo
diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba
index d800fca99..582ed8ebe 100644
--- a/config/rootfiles/packages/x86_64/samba
+++ b/config/rootfiles/packages/x86_64/samba
@@ -124,6 +124,7 @@ usr/bin/wspsearch
#usr/include/samba-4.0/util/idtree_random.h
#usr/include/samba-4.0/util/signal.h
#usr/include/samba-4.0/util/substitute.h
+#usr/include/samba-4.0/util/talloc_keep_secret.h
#usr/include/samba-4.0/util/tfork.h
#usr/include/samba-4.0/util/time.h
#usr/include/samba-4.0/util_ldb.h
@@ -188,6 +189,7 @@ usr/lib/python3.10/site-packages/ldb.cpython-310-x86_64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/__init__.py
usr/lib/python3.10/site-packages/samba/_glue.cpython-310-x86_64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/_ldb.cpython-310-x86_64-linux-gnu.so
+usr/lib/python3.10/site-packages/samba/asn1.py
usr/lib/python3.10/site-packages/samba/auth.cpython-310-x86_64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/auth_util.py
usr/lib/python3.10/site-packages/samba/colour.py
@@ -287,6 +289,7 @@ usr/lib/python3.10/site-packages/samba/emulate/traffic.py
usr/lib/python3.10/site-packages/samba/emulate/traffic_packets.py
usr/lib/python3.10/site-packages/samba/forest_update.py
usr/lib/python3.10/site-packages/samba/functional_level.py
+usr/lib/python3.10/site-packages/samba/generate_csr.py
usr/lib/python3.10/site-packages/samba/gensec.cpython-310-x86_64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/getopt.py
usr/lib/python3.10/site-packages/samba/gkdi.py
@@ -337,6 +340,7 @@ usr/lib/python3.10/site-packages/samba/kcc/graph.py
usr/lib/python3.10/site-packages/samba/kcc/graph_utils.py
usr/lib/python3.10/site-packages/samba/kcc/kcc_utils.py
usr/lib/python3.10/site-packages/samba/kcc/ldif_import_export.py
+usr/lib/python3.10/site-packages/samba/key_credential_link.py
usr/lib/python3.10/site-packages/samba/logger.py
usr/lib/python3.10/site-packages/samba/lsa_utils.py
usr/lib/python3.10/site-packages/samba/mdb_util.py
@@ -353,6 +357,8 @@ usr/lib/python3.10/site-packages/samba/netbios.cpython-310-x86_64-linux-gnu.so
usr/lib/python3.10/site-packages/samba/netcmd/__init__.py
usr/lib/python3.10/site-packages/samba/netcmd/common.py
usr/lib/python3.10/site-packages/samba/netcmd/computer.py
+usr/lib/python3.10/site-packages/samba/netcmd/computer_generate_csr.py
+usr/lib/python3.10/site-packages/samba/netcmd/computer_keytrust.py
usr/lib/python3.10/site-packages/samba/netcmd/contact.py
usr/lib/python3.10/site-packages/samba/netcmd/dbcheck.py
usr/lib/python3.10/site-packages/samba/netcmd/delegation.py
@@ -434,7 +440,9 @@ usr/lib/python3.10/site-packages/samba/netcmd/user/delete.py
usr/lib/python3.10/site-packages/samba/netcmd/user/disable.py
usr/lib/python3.10/site-packages/samba/netcmd/user/edit.py
usr/lib/python3.10/site-packages/samba/netcmd/user/enable.py
+usr/lib/python3.10/site-packages/samba/netcmd/user/generate_csr.py
usr/lib/python3.10/site-packages/samba/netcmd/user/getgroups.py
+usr/lib/python3.10/site-packages/samba/netcmd/user/keytrust.py
usr/lib/python3.10/site-packages/samba/netcmd/user/list.py
usr/lib/python3.10/site-packages/samba/netcmd/user/move.py
usr/lib/python3.10/site-packages/samba/netcmd/user/password.py
@@ -580,6 +588,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/domain_backup_offline.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_api.py
+#usr/lib/python3.10/site-packages/samba/tests/dsdb_dn.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_dns.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_lock.py
#usr/lib/python3.10/site-packages/samba/tests/dsdb_quiet_env_tests.py
@@ -609,6 +618,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/kcc/kcc_utils.py
#usr/lib/python3.10/site-packages/samba/tests/kcc/ldif_import_export.py
#usr/lib/python3.10/site-packages/samba/tests/key_credential_link.py
+#usr/lib/python3.10/site-packages/samba/tests/key_credential_link_samdb.py
#usr/lib/python3.10/site-packages/samba/tests/krb5
#usr/lib/python3.10/site-packages/samba/tests/krb5/alias_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/as_canonicalization_tests.py
@@ -629,12 +639,14 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tgs_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tgt_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/krb5/key_trust_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_certificate_mapping_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/protected_users_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/raw_testcase.py
@@ -756,8 +768,10 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_auth_policy.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_auth_silo.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_check_password_script.py
+#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_generate_csr.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_get_kerberos_ticket.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_getpassword_gmsa.py
+#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_keytrust.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_virtualCryptSHA.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_base.py
#usr/lib/python3.10/site-packages/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
@@ -975,6 +989,7 @@ usr/lib/samba/vfs/acl_tdb.so
usr/lib/samba/vfs/acl_xattr.so
usr/lib/samba/vfs/aio_fork.so
usr/lib/samba/vfs/aio_pthread.so
+usr/lib/samba/vfs/aio_ratelimit.so
usr/lib/samba/vfs/audit.so
usr/lib/samba/vfs/btrfs.so
usr/lib/samba/vfs/cap.so
@@ -1039,6 +1054,8 @@ usr/sbin/winbindd
#usr/share/locale/hu/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/it/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/ja/LC_MESSAGES/pam_winbind.mo
+#usr/share/locale/ka/LC_MESSAGES/net.mo
+#usr/share/locale/ka/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/ko/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/nb/LC_MESSAGES/pam_winbind.mo
#usr/share/locale/nl/LC_MESSAGES/pam_winbind.mo
diff --git a/lfs/arpwatch b/lfs/arpwatch
index 46eac6502..774b4f109 100644
--- a/lfs/arpwatch
+++ b/lfs/arpwatch
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Monitoring tool for ARP traffic on a network
-VER = 3.8
+VER = 3.9
ETHERCODES_DATE = 20200628
# From: https://ee.lbl.gov/downloads/arpwatch/
@@ -37,7 +37,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = arpwatch
-PAK_VER = 3
+PAK_VER = 4
DEPS =
@@ -55,7 +55,7 @@ objects = $(DL_FILE) ethercodes.dat-$(ETHERCODES_DATE).xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
ethercodes.dat-$(ETHERCODES_DATE).xz = $(DL_FROM)/ethercodes.dat-$(ETHERCODES_DATE).xz
-$(DL_FILE)_BLAKE2 = 2ec0360ed12722e09cfccd06a1ab48ed77ea017d9ebf182cf2792dac53b61b1f0d6b5895fe30ec4d6b9e05d78aa75762775e548573f7bd5b2918ce8ca775eed3
+$(DL_FILE)_BLAKE2 = 12f24db33e4f068ffa4424b7b62a8a99666c33b14192e4251a71d16a8f0e539c7ec7ca0028d843aead74fedc57c636027895c1db447cadc65d58d0a3df7f4fb3
ethercodes.dat-$(ETHERCODES_DATE).xz_BLAKE2 = e702b9109ef3ccce73e2637f96126bf19e7dfa533774c0bd623042b3609f147981263b84397ec155a65ae12fa57247c32644e1e7e57c2c749ef768156d853027
install : $(TARGET)
@@ -102,8 +102,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Build!
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --enable-zeropad
+ --prefix=/usr \
+ --enable-zeropad
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
diff --git a/lfs/inotify-tools b/lfs/inotify-tools
index bb70fbfc6..7df35e7c5 100644
--- a/lfs/inotify-tools
+++ b/lfs/inotify-tools
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 4.23.9.0
+VER = 4.25.9.0
THISAPP = inotify-tools-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = eddb0e44721cd8674f2309046998de16a030ed9ad84c49bc5950b9362055db9242dc0de1c615c3bd6c1f2835c83fc55446c9f8e6da52a98870c53f4e6cfa31f9
+$(DL_FILE)_BLAKE2 = f32a7cfaf76e8896a6f581bbffe443109c017c59b44d5f9d15ca019029da4895b04880d404765921b201a9eaf1864d0085aa47366112bec0c3afd5c0fcfe5c47
install : $(TARGET)
@@ -76,7 +76,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
$(UPDATE_AUTOMAKE)
cd $(DIR_APP) && ./autogen.sh
cd $(DIR_APP) && ./configure \
- --prefix=/usr
+ --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/knot b/lfs/knot
index 6645c7be5..63bb5d264 100644
--- a/lfs/knot
+++ b/lfs/knot
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 3.4.2
+VER = 3.5.4
THISAPP = knot-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 0b633b27b22665db243bc4222f05028a17ee7ec6ba5960ff1cfe503d27bf3d26218f771cb15b70bbf8782898bcc7748bd5c27d55747607a1d93f784cdadddad7
+$(DL_FILE)_BLAKE2 = ddd7b2fdcc2fbd23c3ff3173026883bae4b068eac7b076a641353a0c2f13b525914c6d8df3ea41b339667c28f4f5e70486b51fc7b6eee2de7bdf648b3ec2d3c8
install : $(TARGET)
@@ -74,13 +74,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --enable-static=no \
- --disable-fastparser \
- --disable-daemon \
- --disable-modules \
- --enable-maxminddb=no \
- --disable-documentation
+ --prefix=/usr \
+ --enable-static=no \
+ --disable-fastparser \
+ --disable-daemon \
+ --disable-modules \
+ --enable-maxminddb=no \
+ --disable-documentation
cd $(DIR_APP)/src && make $(MAKETUNING) kdig
cd $(DIR_APP)/src/.libs && cp -av kdig /usr/bin
cd $(DIR_APP)/src/.libs && cp -av lib* /usr/lib
diff --git a/lfs/lldpd b/lfs/lldpd
index 72954fb0d..012ebc640 100644
--- a/lfs/lldpd
+++ b/lfs/lldpd
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.0.20
+VER = 1.0.21
THISAPP = lldpd-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 95743f28d9b3c8ad6f354f7def5f835d9b0668c151ad429dccfc7a249e29234a9ca1fda6b3bcc2890c424053b5adf2d4d9d7c0cb2887e97cc32b42577b91c63a
+$(DL_FILE)_BLAKE2 = 4420fa88b934a368741e3d2cf26fe8dc9b84eb45a604f31b6b9588e992eda3e5be0767187bebc9137d90b632fe17af647f3134dc05e3251b73b113338cb2a44c
install : $(TARGET)
@@ -81,13 +81,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --disable-static \
- --with-privsep-user=nobody \
- --with-privsep-group=nobody \
- --without-embedded-libevent \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --disable-static \
+ --with-privsep-user=nobody \
+ --with-privsep-group=nobody \
+ --without-embedded-libevent \
$(EXTRA_ARGS)
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
diff --git a/lfs/mympd b/lfs/mympd
index 17ab9be3a..cd591fca4 100644
--- a/lfs/mympd
+++ b/lfs/mympd
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Webfrontend for Music Player Daemon
-VER = 22.1.1
+VER = 25.0.1
THISAPP = myMPD-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = mympd
-PAK_VER = 16
+PAK_VER = 17
DEPS = mpd libmpdclient
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = a64c9691e552c63fcdaf7cbca71a33d812293477f5676ffeb63fb1b7d230d69f3c4f6efdd188afa2a596543644bb3920d12e00f59fd3f5ebce1f04a6a4d01dda
+$(DL_FILE)_BLAKE2 = 9a4c726f5d38769198a0f1b363270002664880cffe61c007b58b9dbabeadd2f929bd70e9780039eb1230ebe19edc675b9b5a99f375f7c9fd52220cd6a4a4c20b
install : $(TARGET)
diff --git a/lfs/oath-toolkit b/lfs/oath-toolkit
index 70aa20256..3834d010d 100644
--- a/lfs/oath-toolkit
+++ b/lfs/oath-toolkit
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2022-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2022-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.6.13
+VER = 2.6.14
THISAPP = oath-toolkit-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 055014039c611c382ba1cf902482c22df765636e7393e0a3f5acb0811a6be55b6b9dc7fc269d31705081bf02c240589d4fecdeb79fd151082a902e09597e7303
+$(DL_FILE)_BLAKE2 = 0d20e9d60350268080abd245b47bd84ae426a0007cba8af049994a1f6a5f9153220a570f3ff93432a8c369e8becc342011cea46cf3c75cad2e3f8a70107af2e3
install : $(TARGET)
@@ -72,7 +72,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && find . -name wchar.in.h | xargs sed -i 's/^\(_GL_EXTERN_C wchar_t \*\)wmemchr (/\1(wmemchr) (/'
cd $(DIR_APP) && find . -name stdlib.in.h | xargs sed -i 's/^\(_GL_EXTERN_C void \*\)bsearch (/\1(bsearch) (/'
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/samba b/lfs/samba
index 7b38018cc..a4a24a3f3 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -24,7 +24,7 @@
include Config
-VER = 4.23.6
+VER = 4.24.1
SUMMARY = A SMB/CIFS File, Print, and Authentication Server
THISAPP = samba-$(VER)
@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba
-PAK_VER = 120
+PAK_VER = 121
DEPS = avahi libtalloc perl-Parse-Yapp wsdd
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = c5c567bfc4734429790ec7362150eda231ce7e3e7dbdfaa2ca2dc81bd178c9c15cc9360b21f4c5dd1f1423d46337bc5a7b581efcff8ed647adb69a9b47922320
+$(DL_FILE)_BLAKE2 = 51459d4db739e47bc05692046ce0a8b3044de923b3d1e7a51589bb838a7ef9865b6d6034656ade87e099374157a92dac0cba70a5f293a4d1e2b623341b3e75ca
install : $(TARGET)
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-04-28 12:57 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-28 12:57 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. a9385007604ea2c7e9c91d0779150a1823aa3341 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox