From c842b7e1cdc59fa8f6f95e1978d8115e392d1e59 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 2 Aug 2024 16:49:15 +0000
Subject: [PATCH 01/12] vectorscan: Fix check for CPU support

According to the documentation, Vectorscan checks whether the CPU is
supporting the minimum requirement of SSE4.2. However the check is still
checking for SSSE3 which makes the library fail on systems without
SSE4.2.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 lfs/vectorscan                             |  1 +
 src/patches/vectorscan-5.4.11-sse4.2.patch | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 src/patches/vectorscan-5.4.11-sse4.2.patch

diff --git a/lfs/vectorscan b/lfs/vectorscan
index 585fc2894..b56243c42 100644
--- a/lfs/vectorscan
+++ b/lfs/vectorscan
@@ -92,6 +92,7 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/vectorscan-5.4.11-sse4.2.patch
 	cd $(DIR_APP) && cmake . \
 		-DCMAKE_INSTALL_PREFIX:PATH=/usr \
 		-DBUILD_SHARED_LIBS=ON \
diff --git a/src/patches/vectorscan-5.4.11-sse4.2.patch b/src/patches/vectorscan-5.4.11-sse4.2.patch
new file mode 100644
index 000000000..feb867aeb
--- /dev/null
+++ b/src/patches/vectorscan-5.4.11-sse4.2.patch
@@ -0,0 +1,16 @@
+diff --git a/src/hs_valid_platform.c b/src/hs_valid_platform.c
+index 0af36b6c..12ae5d9a 100644
+--- a/src/hs_valid_platform.c
++++ b/src/hs_valid_platform.c
+@@ -37,9 +37,9 @@
+ 
+ HS_PUBLIC_API
+ hs_error_t HS_CDECL hs_valid_platform(void) {
+-    /* Hyperscan requires SSSE3, anything else is a bonus */
++    /* Vectorscan requires SSE4.2, anything else is a bonus */
+ #if defined(ARCH_IA32) || defined(ARCH_X86_64)
+-    if (check_ssse3()) {
++    if (check_sse42()) {
+         return HS_SUCCESS;
+     } else {
+         return HS_ARCH_ERROR;

From 6fc9957e62b4f5fe9b47e9d340480b9bc33788cd Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 23 Aug 2024 15:29:36 +0000
Subject: [PATCH 02/12] core-update: Append the release number to the meta file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 lfs/core-updates | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lfs/core-updates b/lfs/core-updates
index a6478b5e0..81ea9a5f0 100644
--- a/lfs/core-updates
+++ b/lfs/core-updates
@@ -33,6 +33,8 @@ PAK_VER	    = $(CORE)
 
 SUMMARY     = IPFire Core Update $(CORE)
 
+META_FILENAME = meta-$(PROG)-$(CORE)
+
 ###############################################################################
 # Top-level Rules
 ###############################################################################

From 974d274ea70e6a1500536cdeace80fee0fe34c90 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 23 Aug 2024 09:33:31 +0000
Subject: [PATCH 03/12] make.sh: Refactor the broken rootfile check

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 make.sh              | 19 +++++++++++++++++-
 tools/checknewlog.pl | 48 --------------------------------------------
 2 files changed, 18 insertions(+), 49 deletions(-)
 delete mode 100755 tools/checknewlog.pl

diff --git a/make.sh b/make.sh
index cf12e4237..3faba3d76 100755
--- a/make.sh
+++ b/make.sh
@@ -2159,6 +2159,21 @@ exec_in_namespace() {
 		"${0}" "${args[@]}" "$@"
 }
 
+check_logfiles() {
+	print_headline "Checking Log Files..."
+
+	local file
+	for file in ${LOG_DIR}/*_missing_rootfile; do
+		file="${file##*/}"
+		file="${file/_missing_rootfile/}";
+
+		print_line "${file} is missing a rootfile"
+		print_status FAIL
+	done
+
+	return 0
+}
+
 # Set BASEDIR
 readonly BASEDIR="$(find_base)"
 
@@ -2354,10 +2369,12 @@ build)
 	# Build all packages
 	build_packages
 
+	# Check log files
+	check_logfiles
+
 	print_headline "Checking Logfiles for new Files"
 
 	pushd "${BASEDIR}" &>/dev/null
-	tools/checknewlog.pl
 	tools/checkrootfiles
 	popd &>/dev/null
 
diff --git a/tools/checknewlog.pl b/tools/checknewlog.pl
deleted file mode 100755
index e21fd6577..000000000
--- a/tools/checknewlog.pl
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/usr/bin/perl
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2017  IPFire Team  <info@ipfire.org>                     #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
-
-
-opendir(DIR, "./log") || die;
-my @FILES = readdir(DIR);
-closedir(DIR);
-
-foreach(@FILES) {
-#	print $_."\n";
-	my $Found = 0;
-
-	if ( $_ =~ /$\.log/ || $_ =~ /^\.+/  || $_=~ /-install/ || $_=~ /-tools/ || $_=~ /-config/ || $_=~ /-kmod-/|| $_=~ /u-boot-.*-1/|| $_=~ /coreutils/ || $_=~ /cmake/ || $_=~ /gcc-.*-libatomic/ || $_=~ /gdb/ || $_=~ /libsigc/ || $_ eq 'FILES' ){
-		next;
-	} elsif ( $_=~ /missing_rootfile/ ){
-		print "Rootfile for $_ missing!\n";
-	} else {
-		open(DATEI, "<./log/$_") || die "File not found";
-		my @Lines = <DATEI>;
-		close(DATEI);
-
-		foreach (@Lines){
-			if ( $_ =~ /^\+/ ){$Found=1;}
-		}
-
-		if ($Found){
-			print "Changes in $_ check rootfile!\n";
-		}
-	}
-}

From d7ee801712705c97fda658bb71209d814d1db841 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 23 Aug 2024 09:50:39 +0000
Subject: [PATCH 04/12] make.sh: Integrate the rootfile consistency check

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 make.sh              | 120 +++++++++++++++++++++++++++++++++++++++----
 tools/checkrootfiles | 114 ----------------------------------------
 2 files changed, 111 insertions(+), 123 deletions(-)
 delete mode 100755 tools/checkrootfiles

diff --git a/make.sh b/make.sh
index 3faba3d76..f474ee7ae 100755
--- a/make.sh
+++ b/make.sh
@@ -46,6 +46,13 @@ KVER="${KVER/-rc/.0-rc}${KVER_SUFFIX}"
 #
 ###############################################################################
 
+# All supported architectures
+ARCHES=(
+	aarch64
+	riscv64
+	x86_64
+)
+
 HOST_ARCH="${HOSTTYPE}"
 LC_ALL=POSIX
 PS1='\u:\w$ '
@@ -2159,8 +2166,8 @@ exec_in_namespace() {
 		"${0}" "${args[@]}" "$@"
 }
 
-check_logfiles() {
-	print_headline "Checking Log Files..."
+check_for_missing_rootfiles() {
+	print_headline "Checking for missing rootfiles..."
 
 	local file
 	for file in ${LOG_DIR}/*_missing_rootfile; do
@@ -2174,6 +2181,102 @@ check_logfiles() {
 	return 0
 }
 
+check_rootfiles_for_arch() {
+	local arch="${1}"
+
+	local args=(
+		# Search path
+		"${BASEDIR}/config/rootfiles"
+
+		# Exclude old core updates
+		"--exclude-dir" "oldcore"
+
+		# Ignore the update scripts
+		"--exclude" "update.sh"
+	)
+
+	# A list of files that are not scanned
+	# because they probably cause some false positives.
+	local excluded_files=(
+		qemu
+	)
+
+	# Exclude any architecture-specific directories
+	local a
+	for a in ${ARCHES[@]}; do
+		args+=( "--exclude-dir" "${a}" )
+	done
+
+	# Exclude all excluded files
+	local x
+	for x in ${excluded_files[@]}; do
+		args+=( "--exclude" "${x}" )
+	done
+
+	# Search for all lines that contain the architecture, but exclude commented lines
+	if grep -r "^[^#].*${arch}" "${args[@]}"; then
+		return 1
+	fi
+
+	return 0
+}
+
+check_rootfiles_for_pattern() {
+	local pattern="${1}"
+	local message="${2}"
+
+	local args=(
+		# Search path
+		"${BASEDIR}/config/rootfiles"
+
+		# Exclude old core updates
+		"--exclude-dir" "oldcore"
+
+		# Ignore the update scripts
+		"--exclude" "update.sh"
+	)
+
+	if grep -r "${pattern}" "${args[@]}"; then
+		if [ -n "${message}" ]; then
+			print_line "${message}"
+			print_status FAIL
+		else
+			print_file "Files matching '${pattern}' have been found in the rootfiles"
+			print_status FAIL
+		fi
+		return 1
+	fi
+
+	return 0
+}
+
+check_rootfiles() {
+	local failed=0
+
+	print_headline "Checking for rootfile consistency..."
+
+	# Check for /etc/init.d
+	if ! check_rootfiles_for_pattern "^etc/init\.d/" \
+			"/etc/init.d/* has been found. Please replace by /etc/rc.d/init.d"; then
+		failed=1
+	fi
+
+	# Check for /var/run
+	if ! check_rootfiles_for_pattern "^var/run/.*" \
+			"You cannot ship files in /var/run as it is a ramdisk"; then
+		failed=1
+	fi
+
+	# Check architectures
+	local arch
+	for arch in ${ARCHES[@]}; do
+		check_rootfiles_for_arch "${arch}" || failed=$?
+	done
+
+	# Return the error
+	return ${failed}
+}
+
 # Set BASEDIR
 readonly BASEDIR="$(find_base)"
 
@@ -2369,14 +2472,13 @@ build)
 	# Build all packages
 	build_packages
 
-	# Check log files
-	check_logfiles
+	# Check for missing rootfiles
+	check_for_missing_rootfiles
 
-	print_headline "Checking Logfiles for new Files"
-
-	pushd "${BASEDIR}" &>/dev/null
-	tools/checkrootfiles
-	popd &>/dev/null
+	# Check for rootfile consistency
+	if ! check_rootfiles; then
+		exiterror "Rootfiles are inconsistent"
+	fi
 
 	print_build_summary $(( SECONDS - START_TIME ))
 	;;
diff --git a/tools/checkrootfiles b/tools/checkrootfiles
deleted file mode 100755
index 9437de6f1..000000000
--- a/tools/checkrootfiles
+++ /dev/null
@@ -1,114 +0,0 @@
-#!/bin/bash
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  info@ipfire.org                       #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
-
-# All supported architectures
-ARCHES=(
-	aarch64
-	riscv64
-	x86_64
-)
-
-# A list of files that are not scanned
-# because they probably cause some false positives.
-EXCLUDED_FILES=(
-	qemu
-)
-
-ARGS=(
-	# Search path
-	"config/rootfiles"
-
-	# Exclude old core updates
-	"--exclude-dir" "oldcore"
-
-	# Ignore the update scripts
-	"--exclude" "update.sh"
-)
-
-check_for_arch() {
-	local arch="${1}"
-
-	local args=(
-		"${ARGS[@]}"
-	)
-
-	# Exclude any architecture-specific directories
-	local a
-	for a in ${ARCHES[@]}; do
-		args+=( "--exclude-dir" "${a}" )
-	done
-
-	# Exclude all excluded files
-	local x
-	for x in ${EXCLUDED_FILES[@]}; do
-		args+=( "--exclude" "${x}" )
-	done
-
-	# Search for all lines that contain the architecture, but exclude commented lines
-	grep -r "^[^#].*${arch}" "${args[@]}"
-}
-
-check_for_pattern() {
-	local pattern="${1}"
-	local message="${2}"
-
-	local args=(
-		"${ARGS[@]}"
-	)
-
-	if grep -r "${pattern}" "${args[@]}"; then
-		if [ -n "${message}" ]; then
-			echo "ERROR: ${message}"
-		else
-			echo "ERROR: Files matching '${pattern}' have been found in the rootfiles"
-		fi
-		return 1
-	fi
-
-	return 0
-}
-
-main() {
-	local failed=0
-
-	# Check for /etc/init.d
-	if ! check_for_pattern "^etc/init\.d/" \
-			"/etc/init.d/* has been found. Please replace by /etc/rc.d/init.d"; then
-		failed=1
-	fi
-
-	# Check for /var/run
-	if ! check_for_pattern "^var/run/.*" \
-			"You cannot ship files in /var/run as it is a ramdisk"; then
-		failed=1
-	fi
-
-	# Check architectures
-	local arch
-	for arch in ${ARCHES[@]}; do
-		check_for_arch "${arch}" || failed=$?
-	done
-
-	# Return the error
-	return ${failed}
-}
-
-main "$@" || exit $?

From 8e6bb176b126579f970452ee54effe3e84422e6b Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 27 Aug 2024 09:39:27 +0000
Subject: [PATCH 05/12] core-updates: Honour the excluded file list

This was not implement when refactoring the code to compress the
updater's tarball.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 lfs/Config       | 5 ++++-
 lfs/cdrom        | 2 +-
 lfs/core-updates | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/lfs/Config b/lfs/Config
index fe4e9605c..9fabe790c 100644
--- a/lfs/Config
+++ b/lfs/Config
@@ -358,6 +358,7 @@ __FILES_IN = \
 		--exclude="proc/*" \
 		--exclude="tmp/*" \
 		--exclude="__pycache__" \
+		$(if $(1),--exclude-from=$(1)) \
 		--files-from=-
 
 # Takes a tarball and extracts it in the target directory
@@ -370,8 +371,10 @@ __FILES_OUT = \
 # Copies all files on a rootfile into the given directory
 define COPY_FILES
 	# Copy all files from $(1) to $(2) ($(3))
+	# $4 = rootfile to write out
+	# $5 = exclude
 	$(call COLLECT_FILES,$(1),$(3),$(4)) | \
-		$(call __FILES_IN) | \
+		$(call __FILES_IN,$(5)) | \
 		$(call __FILES_OUT,$(2))
 
 	# Strip everything, except a few things
diff --git a/lfs/cdrom b/lfs/cdrom
index aef95208d..a25141fc2 100644
--- a/lfs/cdrom
+++ b/lfs/cdrom
@@ -148,7 +148,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	rm -rf $(DIR_TMP)/root && mkdir -p $(DIR_TMP)/root
 
 	# Copy all files that we want
-	$(call COPY_FILES,$(DIR_SRC)/config/rootfiles/common,$(DIR_TMP)/root,)
+	$(call COPY_FILES,$(DIR_SRC)/config/rootfiles/common,$(DIR_TMP)/root,,,)
 
 	# Create mount points
 	$(call CREATE_MOUNTPOINTS,$(DIR_TMP)/root)
diff --git a/lfs/core-updates b/lfs/core-updates
index 81ea9a5f0..ca72e2381 100644
--- a/lfs/core-updates
+++ b/lfs/core-updates
@@ -54,7 +54,7 @@ install:
 	@rm -rf $(ARCHIVE_DIR) && mkdir -pv $(ARCHIVE_DIR) $(ARCHIVE_TMP)
 
 	# Generate the archive and write out the rootfile
-	$(call COPY_FILES,$(DIR_SRC)/config/rootfiles/core/$(CORE)/filelists,$(ARCHIVE_TMP),,$(ARCHIVE_DIR)/ROOTFILES)
+	$(call COPY_FILES,$(DIR_SRC)/config/rootfiles/core/$(CORE)/filelists,$(ARCHIVE_TMP),,$(ARCHIVE_DIR)/ROOTFILES,$(DIR_SRC)/config/rootfiles/core/$(CORE)/exclude)
 
 	# Create the archive
 	$(call COMPRESS_XZ,$(ARCHIVE_TMP),$(ARCHIVE_DIR)/files.tar.xz)

From 3d971965256c3bd9d6c233675b6b20fc5e51f810 Mon Sep 17 00:00:00 2001
From: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon, 26 Aug 2024 14:24:19 +0200
Subject: [PATCH 06/12] openssl: Update to version 3.3.1

- Update from 3.3.0 to 3.3.1
- Update of rootfile not required
- This version has 2 CVE fixes both of which are classified as Low Severity so looks like
   they can wait for CU189
- Changelog
    3.3.1
	 * Fixed potential use after free after SSL_free_buffers() is called.
	   The SSL_free_buffers function is used to free the internal OpenSSL
	   buffer used when processing an incoming record from the network.
	   The call is only expected to succeed if the buffer is not currently
	   in use. However, two scenarios have been identified where the buffer
	   is freed even when still in use.
	   The first scenario occurs where a record header has been received
	   from the network and processed by OpenSSL, but the full record body
	   has not yet arrived. In this case calling SSL_free_buffers will succeed
	   even though a record has only been partially processed and the buffer
	   is still in use.
	   The second scenario occurs where a full record containing application
	   data has been received and processed by OpenSSL but the application has
	   only read part of this data. Again a call to SSL_free_buffers will
	   succeed even though the buffer is still in use.
	   ([CVE-2024-4741])
	 * Fixed an issue where checking excessively long DSA keys or parameters may
	   be very slow.
	   Applications that use the functions EVP_PKEY_param_check() or
	   EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
	   experience long delays. Where the key or parameters that are being checked
	   have been obtained from an untrusted source this may lead to a Denial of
	   Service.
	   To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS
	   will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
	   reason.
	   ([CVE-2024-4603])
	 * Improved EC/DSA nonce generation routines to avoid bias and timing
	   side channel leaks.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 lfs/openssl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/openssl b/lfs/openssl
index 00b19b41a..d6333f7a4 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.3.0
+VER        = 3.3.1
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -72,7 +72,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = c68efaf8aca87961f396e305acc767b56d651b9adf4fd2c9d9b5a3266e35da4b856c6ed34be47d656c782aade975f20317a6759913b33d29d7eb088e638fa501
+$(DL_FILE)_BLAKE2 = b09bbe94f49c33015fbcee5f578a20c0da33c289791bf33292170d5d3de44ea2e22144ee11067947aef2733e979c0fded875a4ec92d81468285837053447e68e
 
 install : $(TARGET)
 

From 1c1838509c0180c331cd267a8e728497939f60ee Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 28 Aug 2024 15:28:42 +0000
Subject: [PATCH 07/12] make.sh: Bind-mount /proc as a workaround for unshare

unshare seems to want to change the mount propagation for /proc
before it has been mounted. In order to workaround that problem,
we bind-mount /proc to itself before.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 make.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/make.sh b/make.sh
index f474ee7ae..f41477a5f 100755
--- a/make.sh
+++ b/make.sh
@@ -461,6 +461,10 @@ prepareenv() {
 	mount build_tmp "${BUILD_DIR}/tmp" \
 		-t tmpfs -o "nosuid,nodev,strictatime,size=4G,nr_inodes=1M,mode=1777"
 
+	# Create an empty /proc directory and make it a mountpoint
+	mkdir -p "${BUILD_DIR}/proc"
+	mount --bind "${BUILD_DIR}/proc" "${BUILD_DIR}/proc"
+
 	# Make all sources and proc available under lfs build
 	mount --bind     	/sys					"${BUILD_DIR}/sys"
 	mount --bind -o ro	"${BASEDIR}/cache"		"${BUILD_DIR}/usr/src/cache"

From b95199a3824170778acafbc4de86a9dccde807d2 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 28 Aug 2024 15:41:55 +0000
Subject: [PATCH 08/12] make.sh: Don't try to create a time NS on older kernels

This is not supported on kernels < 5.6.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 make.sh | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/make.sh b/make.sh
index f41477a5f..3442709b0 100755
--- a/make.sh
+++ b/make.sh
@@ -54,9 +54,19 @@ ARCHES=(
 )
 
 HOST_ARCH="${HOSTTYPE}"
+HOST_KERNEL="$(uname -r)"
 LC_ALL=POSIX
 PS1='\u:\w$ '
 
+HAS_TIME_NAMESPACE="true"
+
+# Disable time namespaces for older kernels
+case "${HOST_KERNEL}" in
+	4.*|5.[12345].*)
+		HAS_TIME_NAMESPACE="false"
+		;;
+esac
+
 # Are we reading from/writing to a terminal?
 is_terminal() {
 	[ -t 0 ] && [ -t 1 ] && [ -t 2 ]
@@ -674,9 +684,6 @@ execute() {
 			"--pid"
 			"--fork"
 
-			# Create a new time namespace
-			"--time"
-
 			# Create a new UTS namespace
 			"--uts"
 
@@ -687,6 +694,11 @@ execute() {
 			# If unshare is asked to terminate, terminate all child processes
 			"--kill-child"
 		)
+
+		# Optionally set up a new time namespace
+		if [ "${HAS_TIME_NAMESPACE}" = "true" ]; then
+			unshare+=( "--time" )
+		fi
 	fi
 
 	while [ $# -gt 0 ]; do

From 3ce4d238d255477a240c3b1479cb34828c87fb59 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 29 Aug 2024 07:58:00 +0000
Subject: [PATCH 09/12] .gitignore: Keep ignoring the deleted doc files

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 .gitignore | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.gitignore b/.gitignore
index 62cc3f314..ac74788b3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,7 @@
 *.tar.bz2
 /*.md5
 /*.b2
+
+# These files have been removed but could still be around in older environments
+/doc/ChangeLog
+/doc/packages-list.txt

From 74a02d3372fe99bfa5dee8bfed6b64670d99775f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 3 Sep 2024 18:00:17 +0000
Subject: [PATCH 10/12] openssl: Update to 3.3.2

Possible denial of service in X.509 name checks (CVE-2024-6119)
===============================================================

Severity: Moderate

Issue summary: Applications performing certificate name checks (e.g., TLS
clients checking server certificates) may attempt to read an invalid memory
address resulting in abnormal termination of the application process.

Impact summary: Abnormal termination of an application can a cause a denial of
service.

Applications performing certificate name checks (e.g., TLS clients checking
server certificates) may attempt to read an invalid memory address when
comparing the expected name with an `otherName` subject alternative name of an
X.509 certificate. This may result in an exception that terminates the
application program.

Note that basic certificate chain validation (signatures, dates, ...) is not
affected, the denial of service can occur only when the application also
specifies an expected DNS name, Email address or IP address.

TLS servers rarely solicit client certificates, and even when they do, they
generally don't perform a name check against a "reference identifier" (expected
identity), but rather extract the presented identity after checking the
certificate chain.  So TLS servers are generally not affected and the severity
of the issue is Moderate.

The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
OpenSSL 1.1.1 and 1.0.2 are also not affected by this issue.

OpenSSL 3.3, 3.2, 3.1 and 3.0 are vulnerable to this issue.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 lfs/openssl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/openssl b/lfs/openssl
index d6333f7a4..22a670118 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.3.1
+VER        = 3.3.2
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -72,7 +72,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = b09bbe94f49c33015fbcee5f578a20c0da33c289791bf33292170d5d3de44ea2e22144ee11067947aef2733e979c0fded875a4ec92d81468285837053447e68e
+$(DL_FILE)_BLAKE2 = cc53d45418673bc2a406d6697b8bd17ff6c726463c4ccc87bb2fa5a6592d0d178dc8cfeb2fbb980ea354a5dc2c86f31c48453427c6937896c7221273e623c9b5
 
 install : $(TARGET)
 

From a80d817716406d88b8c7e82397f4618d64e499a9 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 3 Sep 2024 18:02:34 +0000
Subject: [PATCH 11/12] core188: Ship OpenSSL

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/core/188/filelists/openssl | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 config/rootfiles/core/188/filelists/openssl

diff --git a/config/rootfiles/core/188/filelists/openssl b/config/rootfiles/core/188/filelists/openssl
new file mode 120000
index 000000000..e011a9266
--- /dev/null
+++ b/config/rootfiles/core/188/filelists/openssl
@@ -0,0 +1 @@
+../../../common/openssl
\ No newline at end of file

From 0694e7e45fa1a8d44df63b7c4c984b8b7cca2aec Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 18 Sep 2024 10:06:24 +0000
Subject: [PATCH 12/12] ncat: Fix rootfile and bump release

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/packages/ncat | 846 +--------------------------------
 lfs/ncat                       |   2 +-
 2 files changed, 6 insertions(+), 842 deletions(-)

diff --git a/config/rootfiles/packages/ncat b/config/rootfiles/packages/ncat
index 5f660dd9f..f1cf714b7 100644
--- a/config/rootfiles/packages/ncat
+++ b/config/rootfiles/packages/ncat
@@ -1,841 +1,5 @@
-usr/bin/nmap
-usr/bin/nping
-#usr/share/man/de/man1/nmap.1
-#usr/share/man/es/man1
-#usr/share/man/es/man1/nmap.1
-#usr/share/man/fr/man1/nmap.1
-#usr/share/man/hr/man1/nmap.1
-#usr/share/man/hu
-#usr/share/man/hu/man1
-#usr/share/man/hu/man1/nmap.1
-#usr/share/man/it/man1/nmap.1
-#usr/share/man/ja
-#usr/share/man/ja/man1
-#usr/share/man/ja/man1/nmap.1
-#usr/share/man/man1/nmap.1
-#usr/share/man/man1/nping.1
-#usr/share/man/pl/man1
-#usr/share/man/pl/man1/nmap.1
-#usr/share/man/pt_BR/man1/nmap.1
-#usr/share/man/pt_PT
-#usr/share/man/pt_PT/man1
-#usr/share/man/pt_PT/man1/nmap.1
-#usr/share/man/ro/man1/nmap.1
-#usr/share/man/ru/man1/nmap.1
-#usr/share/man/sk
-#usr/share/man/sk/man1
-#usr/share/man/sk/man1/nmap.1
-#usr/share/man/zh
-#usr/share/man/zh/man1
-#usr/share/man/zh/man1/nmap.1
-#usr/share/nmap
-usr/share/nmap/nmap-mac-prefixes
-usr/share/nmap/nmap-os-db
-usr/share/nmap/nmap-protocols
-usr/share/nmap/nmap-rpc
-usr/share/nmap/nmap-service-probes
-usr/share/nmap/nmap-services
-usr/share/nmap/nmap.dtd
-usr/share/nmap/nmap.xsl
-usr/share/nmap/nse_main.lua
-#usr/share/nmap/nselib
-usr/share/nmap/nselib/afp.lua
-usr/share/nmap/nselib/ajp.lua
-usr/share/nmap/nselib/amqp.lua
-usr/share/nmap/nselib/anyconnect.lua
-usr/share/nmap/nselib/asn1.lua
-usr/share/nmap/nselib/base32.lua
-usr/share/nmap/nselib/base64.lua
-usr/share/nmap/nselib/bin.lua
-usr/share/nmap/nselib/bitcoin.lua
-usr/share/nmap/nselib/bits.lua
-usr/share/nmap/nselib/bittorrent.lua
-usr/share/nmap/nselib/bjnp.lua
-usr/share/nmap/nselib/brute.lua
-usr/share/nmap/nselib/cassandra.lua
-usr/share/nmap/nselib/citrixxml.lua
-usr/share/nmap/nselib/coap.lua
-usr/share/nmap/nselib/comm.lua
-usr/share/nmap/nselib/creds.lua
-usr/share/nmap/nselib/cvs.lua
-#usr/share/nmap/nselib/data
-usr/share/nmap/nselib/data/dns-srv-names
-usr/share/nmap/nselib/data/drupal-modules.lst
-usr/share/nmap/nselib/data/drupal-themes.lst
-usr/share/nmap/nselib/data/enterprise_numbers.txt
-usr/share/nmap/nselib/data/favicon-db
-usr/share/nmap/nselib/data/http-default-accounts-fingerprints.lua
-usr/share/nmap/nselib/data/http-devframework-fingerprints.lua
-usr/share/nmap/nselib/data/http-fingerprints.lua
-usr/share/nmap/nselib/data/http-folders.txt
-usr/share/nmap/nselib/data/http-sql-errors.lst
-usr/share/nmap/nselib/data/http-web-files-extensions.lst
-usr/share/nmap/nselib/data/idnaMappings.lua
-usr/share/nmap/nselib/data/ike-fingerprints.lua
-#usr/share/nmap/nselib/data/jdwp-class
-#usr/share/nmap/nselib/data/jdwp-class/JDWPExecCmd.class
-#usr/share/nmap/nselib/data/jdwp-class/JDWPExecCmd.java
-#usr/share/nmap/nselib/data/jdwp-class/JDWPSystemInfo.class
-#usr/share/nmap/nselib/data/jdwp-class/JDWPSystemInfo.java
-#usr/share/nmap/nselib/data/jdwp-class/README.txt
-usr/share/nmap/nselib/data/mgroupnames.db
-usr/share/nmap/nselib/data/mysql-cis.audit
-usr/share/nmap/nselib/data/oracle-default-accounts.lst
-usr/share/nmap/nselib/data/oracle-sids
-usr/share/nmap/nselib/data/packetdecoders.lua
-usr/share/nmap/nselib/data/passwords.lst
-#usr/share/nmap/nselib/data/pixel.gif
-#usr/share/nmap/nselib/data/psexec
-#usr/share/nmap/nselib/data/psexec/README
-usr/share/nmap/nselib/data/psexec/backdoor.lua
-usr/share/nmap/nselib/data/psexec/default.lua
-usr/share/nmap/nselib/data/psexec/drives.lua
-usr/share/nmap/nselib/data/psexec/examples.lua
-usr/share/nmap/nselib/data/psexec/experimental.lua
-usr/share/nmap/nselib/data/psexec/network.lua
-usr/share/nmap/nselib/data/psexec/nmap_service.c
-usr/share/nmap/nselib/data/psexec/nmap_service.vcproj
-usr/share/nmap/nselib/data/psexec/pwdump.lua
-usr/share/nmap/nselib/data/publickeydb
-usr/share/nmap/nselib/data/rtsp-urls.txt
-usr/share/nmap/nselib/data/snmpcommunities.lst
-usr/share/nmap/nselib/data/ssl-fingerprints
-usr/share/nmap/nselib/data/targets-ipv6-wordlist
-usr/share/nmap/nselib/data/tftp-fingerprints.lua
-usr/share/nmap/nselib/data/tftplist.txt
-usr/share/nmap/nselib/data/usernames.lst
-usr/share/nmap/nselib/data/vhosts-default.lst
-usr/share/nmap/nselib/data/vhosts-full.lst
-usr/share/nmap/nselib/data/wp-plugins.lst
-usr/share/nmap/nselib/data/wp-themes.lst
-usr/share/nmap/nselib/datafiles.lua
-usr/share/nmap/nselib/datetime.lua
-usr/share/nmap/nselib/dhcp.lua
-usr/share/nmap/nselib/dhcp6.lua
-usr/share/nmap/nselib/dicom.lua
-usr/share/nmap/nselib/dns.lua
-usr/share/nmap/nselib/dnsbl.lua
-usr/share/nmap/nselib/dnssd.lua
-usr/share/nmap/nselib/drda.lua
-usr/share/nmap/nselib/eap.lua
-usr/share/nmap/nselib/eigrp.lua
-usr/share/nmap/nselib/formulas.lua
-usr/share/nmap/nselib/ftp.lua
-usr/share/nmap/nselib/geoip.lua
-usr/share/nmap/nselib/giop.lua
-usr/share/nmap/nselib/gps.lua
-usr/share/nmap/nselib/http.lua
-usr/share/nmap/nselib/httpspider.lua
-usr/share/nmap/nselib/iax2.lua
-usr/share/nmap/nselib/idna.lua
-usr/share/nmap/nselib/iec61850mms.lua
-usr/share/nmap/nselib/ike.lua
-usr/share/nmap/nselib/imap.lua
-usr/share/nmap/nselib/informix.lua
-usr/share/nmap/nselib/ipOps.lua
-usr/share/nmap/nselib/ipmi.lua
-usr/share/nmap/nselib/ipp.lua
-usr/share/nmap/nselib/irc.lua
-usr/share/nmap/nselib/iscsi.lua
-usr/share/nmap/nselib/isns.lua
-usr/share/nmap/nselib/jdwp.lua
-usr/share/nmap/nselib/json.lua
-usr/share/nmap/nselib/knx.lua
-usr/share/nmap/nselib/ldap.lua
-usr/share/nmap/nselib/lfs.luadoc
-usr/share/nmap/nselib/libssh2-utility.lua
-usr/share/nmap/nselib/libssh2.luadoc
-usr/share/nmap/nselib/listop.lua
-usr/share/nmap/nselib/lpeg-utility.lua
-usr/share/nmap/nselib/lpeg.luadoc
-usr/share/nmap/nselib/ls.lua
-usr/share/nmap/nselib/match.lua
-usr/share/nmap/nselib/membase.lua
-usr/share/nmap/nselib/mobileme.lua
-usr/share/nmap/nselib/mongodb.lua
-usr/share/nmap/nselib/mqtt.lua
-usr/share/nmap/nselib/msrpc.lua
-usr/share/nmap/nselib/msrpcperformance.lua
-usr/share/nmap/nselib/msrpctypes.lua
-usr/share/nmap/nselib/mssql.lua
-usr/share/nmap/nselib/multicast.lua
-usr/share/nmap/nselib/mysql.lua
-usr/share/nmap/nselib/natpmp.lua
-usr/share/nmap/nselib/nbd.lua
-usr/share/nmap/nselib/ncp.lua
-usr/share/nmap/nselib/ndmp.lua
-usr/share/nmap/nselib/netbios.lua
-usr/share/nmap/nselib/nmap.luadoc
-usr/share/nmap/nselib/nrpc.lua
-usr/share/nmap/nselib/nsedebug.lua
-usr/share/nmap/nselib/omp2.lua
-usr/share/nmap/nselib/oops.lua
-usr/share/nmap/nselib/openssl.luadoc
-usr/share/nmap/nselib/ospf.lua
-usr/share/nmap/nselib/outlib.lua
-usr/share/nmap/nselib/packet.lua
-usr/share/nmap/nselib/pgsql.lua
-usr/share/nmap/nselib/pop3.lua
-usr/share/nmap/nselib/pppoe.lua
-usr/share/nmap/nselib/proxy.lua
-usr/share/nmap/nselib/punycode.lua
-usr/share/nmap/nselib/rand.lua
-usr/share/nmap/nselib/rdp.lua
-usr/share/nmap/nselib/re.lua
-usr/share/nmap/nselib/redis.lua
-usr/share/nmap/nselib/rmi.lua
-usr/share/nmap/nselib/rpc.lua
-usr/share/nmap/nselib/rpcap.lua
-usr/share/nmap/nselib/rsync.lua
-usr/share/nmap/nselib/rtsp.lua
-usr/share/nmap/nselib/sasl.lua
-usr/share/nmap/nselib/shortport.lua
-usr/share/nmap/nselib/sip.lua
-usr/share/nmap/nselib/slaxml.lua
-usr/share/nmap/nselib/smb.lua
-usr/share/nmap/nselib/smb2.lua
-usr/share/nmap/nselib/smbauth.lua
-usr/share/nmap/nselib/smtp.lua
-usr/share/nmap/nselib/snmp.lua
-usr/share/nmap/nselib/socks.lua
-usr/share/nmap/nselib/srvloc.lua
-usr/share/nmap/nselib/ssh1.lua
-usr/share/nmap/nselib/ssh2.lua
-usr/share/nmap/nselib/sslcert.lua
-usr/share/nmap/nselib/sslv2.lua
-usr/share/nmap/nselib/stdnse.lua
-usr/share/nmap/nselib/strbuf.lua
-usr/share/nmap/nselib/strict.lua
-usr/share/nmap/nselib/stringaux.lua
-usr/share/nmap/nselib/stun.lua
-usr/share/nmap/nselib/tab.lua
-usr/share/nmap/nselib/tableaux.lua
-usr/share/nmap/nselib/target.lua
-usr/share/nmap/nselib/tftp.lua
-usr/share/nmap/nselib/tls.lua
-usr/share/nmap/nselib/tn3270.lua
-usr/share/nmap/nselib/tns.lua
-usr/share/nmap/nselib/unicode.lua
-usr/share/nmap/nselib/unittest.lua
-usr/share/nmap/nselib/unpwdb.lua
-usr/share/nmap/nselib/upnp.lua
-usr/share/nmap/nselib/url.lua
-usr/share/nmap/nselib/versant.lua
-usr/share/nmap/nselib/vnc.lua
-usr/share/nmap/nselib/vulns.lua
-usr/share/nmap/nselib/vuzedht.lua
-usr/share/nmap/nselib/wsdd.lua
-usr/share/nmap/nselib/xdmcp.lua
-usr/share/nmap/nselib/xmpp.lua
-usr/share/nmap/nselib/zlib.luadoc
-#usr/share/nmap/scripts
-usr/share/nmap/scripts/acarsd-info.nse
-usr/share/nmap/scripts/address-info.nse
-usr/share/nmap/scripts/afp-brute.nse
-usr/share/nmap/scripts/afp-ls.nse
-usr/share/nmap/scripts/afp-path-vuln.nse
-usr/share/nmap/scripts/afp-serverinfo.nse
-usr/share/nmap/scripts/afp-showmount.nse
-usr/share/nmap/scripts/ajp-auth.nse
-usr/share/nmap/scripts/ajp-brute.nse
-usr/share/nmap/scripts/ajp-headers.nse
-usr/share/nmap/scripts/ajp-methods.nse
-usr/share/nmap/scripts/ajp-request.nse
-usr/share/nmap/scripts/allseeingeye-info.nse
-usr/share/nmap/scripts/amqp-info.nse
-usr/share/nmap/scripts/asn-query.nse
-usr/share/nmap/scripts/auth-owners.nse
-usr/share/nmap/scripts/auth-spoof.nse
-usr/share/nmap/scripts/backorifice-brute.nse
-usr/share/nmap/scripts/backorifice-info.nse
-usr/share/nmap/scripts/bacnet-info.nse
-usr/share/nmap/scripts/banner.nse
-usr/share/nmap/scripts/bitcoin-getaddr.nse
-usr/share/nmap/scripts/bitcoin-info.nse
-usr/share/nmap/scripts/bitcoinrpc-info.nse
-usr/share/nmap/scripts/bittorrent-discovery.nse
-usr/share/nmap/scripts/bjnp-discover.nse
-usr/share/nmap/scripts/broadcast-ataoe-discover.nse
-usr/share/nmap/scripts/broadcast-avahi-dos.nse
-usr/share/nmap/scripts/broadcast-bjnp-discover.nse
-usr/share/nmap/scripts/broadcast-db2-discover.nse
-usr/share/nmap/scripts/broadcast-dhcp-discover.nse
-usr/share/nmap/scripts/broadcast-dhcp6-discover.nse
-usr/share/nmap/scripts/broadcast-dns-service-discovery.nse
-usr/share/nmap/scripts/broadcast-dropbox-listener.nse
-usr/share/nmap/scripts/broadcast-eigrp-discovery.nse
-usr/share/nmap/scripts/broadcast-hid-discoveryd.nse
-usr/share/nmap/scripts/broadcast-igmp-discovery.nse
-usr/share/nmap/scripts/broadcast-jenkins-discover.nse
-usr/share/nmap/scripts/broadcast-listener.nse
-usr/share/nmap/scripts/broadcast-ms-sql-discover.nse
-usr/share/nmap/scripts/broadcast-netbios-master-browser.nse
-usr/share/nmap/scripts/broadcast-networker-discover.nse
-usr/share/nmap/scripts/broadcast-novell-locate.nse
-usr/share/nmap/scripts/broadcast-ospf2-discover.nse
-usr/share/nmap/scripts/broadcast-pc-anywhere.nse
-usr/share/nmap/scripts/broadcast-pc-duo.nse
-usr/share/nmap/scripts/broadcast-pim-discovery.nse
-usr/share/nmap/scripts/broadcast-ping.nse
-usr/share/nmap/scripts/broadcast-pppoe-discover.nse
-usr/share/nmap/scripts/broadcast-rip-discover.nse
-usr/share/nmap/scripts/broadcast-ripng-discover.nse
-usr/share/nmap/scripts/broadcast-sonicwall-discover.nse
-usr/share/nmap/scripts/broadcast-sybase-asa-discover.nse
-usr/share/nmap/scripts/broadcast-tellstick-discover.nse
-usr/share/nmap/scripts/broadcast-upnp-info.nse
-usr/share/nmap/scripts/broadcast-versant-locate.nse
-usr/share/nmap/scripts/broadcast-wake-on-lan.nse
-usr/share/nmap/scripts/broadcast-wpad-discover.nse
-usr/share/nmap/scripts/broadcast-wsdd-discover.nse
-usr/share/nmap/scripts/broadcast-xdmcp-discover.nse
-usr/share/nmap/scripts/cassandra-brute.nse
-usr/share/nmap/scripts/cassandra-info.nse
-usr/share/nmap/scripts/cccam-version.nse
-usr/share/nmap/scripts/cics-enum.nse
-usr/share/nmap/scripts/cics-info.nse
-usr/share/nmap/scripts/cics-user-brute.nse
-usr/share/nmap/scripts/cics-user-enum.nse
-usr/share/nmap/scripts/citrix-brute-xml.nse
-usr/share/nmap/scripts/citrix-enum-apps-xml.nse
-usr/share/nmap/scripts/citrix-enum-apps.nse
-usr/share/nmap/scripts/citrix-enum-servers-xml.nse
-usr/share/nmap/scripts/citrix-enum-servers.nse
-usr/share/nmap/scripts/clamav-exec.nse
-usr/share/nmap/scripts/clock-skew.nse
-usr/share/nmap/scripts/coap-resources.nse
-usr/share/nmap/scripts/couchdb-databases.nse
-usr/share/nmap/scripts/couchdb-stats.nse
-usr/share/nmap/scripts/creds-summary.nse
-usr/share/nmap/scripts/cups-info.nse
-usr/share/nmap/scripts/cups-queue-info.nse
-usr/share/nmap/scripts/cvs-brute-repository.nse
-usr/share/nmap/scripts/cvs-brute.nse
-usr/share/nmap/scripts/daap-get-library.nse
-usr/share/nmap/scripts/daytime.nse
-usr/share/nmap/scripts/db2-das-info.nse
-usr/share/nmap/scripts/deluge-rpc-brute.nse
-usr/share/nmap/scripts/dhcp-discover.nse
-usr/share/nmap/scripts/dicom-brute.nse
-usr/share/nmap/scripts/dicom-ping.nse
-usr/share/nmap/scripts/dict-info.nse
-usr/share/nmap/scripts/distcc-cve2004-2687.nse
-usr/share/nmap/scripts/dns-blacklist.nse
-usr/share/nmap/scripts/dns-brute.nse
-usr/share/nmap/scripts/dns-cache-snoop.nse
-usr/share/nmap/scripts/dns-check-zone.nse
-usr/share/nmap/scripts/dns-client-subnet-scan.nse
-usr/share/nmap/scripts/dns-fuzz.nse
-usr/share/nmap/scripts/dns-ip6-arpa-scan.nse
-usr/share/nmap/scripts/dns-nsec-enum.nse
-usr/share/nmap/scripts/dns-nsec3-enum.nse
-usr/share/nmap/scripts/dns-nsid.nse
-usr/share/nmap/scripts/dns-random-srcport.nse
-usr/share/nmap/scripts/dns-random-txid.nse
-usr/share/nmap/scripts/dns-recursion.nse
-usr/share/nmap/scripts/dns-service-discovery.nse
-usr/share/nmap/scripts/dns-srv-enum.nse
-usr/share/nmap/scripts/dns-update.nse
-usr/share/nmap/scripts/dns-zeustracker.nse
-usr/share/nmap/scripts/dns-zone-transfer.nse
-usr/share/nmap/scripts/docker-version.nse
-usr/share/nmap/scripts/domcon-brute.nse
-usr/share/nmap/scripts/domcon-cmd.nse
-usr/share/nmap/scripts/domino-enum-users.nse
-usr/share/nmap/scripts/dpap-brute.nse
-usr/share/nmap/scripts/drda-brute.nse
-usr/share/nmap/scripts/drda-info.nse
-usr/share/nmap/scripts/duplicates.nse
-usr/share/nmap/scripts/eap-info.nse
-usr/share/nmap/scripts/enip-info.nse
-usr/share/nmap/scripts/epmd-info.nse
-usr/share/nmap/scripts/eppc-enum-processes.nse
-usr/share/nmap/scripts/fcrdns.nse
-usr/share/nmap/scripts/finger.nse
-usr/share/nmap/scripts/fingerprint-strings.nse
-usr/share/nmap/scripts/firewalk.nse
-usr/share/nmap/scripts/firewall-bypass.nse
-usr/share/nmap/scripts/flume-master-info.nse
-usr/share/nmap/scripts/fox-info.nse
-usr/share/nmap/scripts/freelancer-info.nse
-usr/share/nmap/scripts/ftp-anon.nse
-usr/share/nmap/scripts/ftp-bounce.nse
-usr/share/nmap/scripts/ftp-brute.nse
-usr/share/nmap/scripts/ftp-libopie.nse
-usr/share/nmap/scripts/ftp-proftpd-backdoor.nse
-usr/share/nmap/scripts/ftp-syst.nse
-usr/share/nmap/scripts/ftp-vsftpd-backdoor.nse
-usr/share/nmap/scripts/ftp-vuln-cve2010-4221.nse
-usr/share/nmap/scripts/ganglia-info.nse
-usr/share/nmap/scripts/giop-info.nse
-usr/share/nmap/scripts/gkrellm-info.nse
-usr/share/nmap/scripts/gopher-ls.nse
-usr/share/nmap/scripts/gpsd-info.nse
-usr/share/nmap/scripts/hadoop-datanode-info.nse
-usr/share/nmap/scripts/hadoop-jobtracker-info.nse
-usr/share/nmap/scripts/hadoop-namenode-info.nse
-usr/share/nmap/scripts/hadoop-secondary-namenode-info.nse
-usr/share/nmap/scripts/hadoop-tasktracker-info.nse
-usr/share/nmap/scripts/hartip-info.nse
-usr/share/nmap/scripts/hbase-master-info.nse
-usr/share/nmap/scripts/hbase-region-info.nse
-usr/share/nmap/scripts/hddtemp-info.nse
-usr/share/nmap/scripts/hnap-info.nse
-usr/share/nmap/scripts/hostmap-bfk.nse
-usr/share/nmap/scripts/hostmap-crtsh.nse
-usr/share/nmap/scripts/hostmap-robtex.nse
-usr/share/nmap/scripts/http-adobe-coldfusion-apsa1301.nse
-usr/share/nmap/scripts/http-affiliate-id.nse
-usr/share/nmap/scripts/http-apache-negotiation.nse
-usr/share/nmap/scripts/http-apache-server-status.nse
-usr/share/nmap/scripts/http-aspnet-debug.nse
-usr/share/nmap/scripts/http-auth-finder.nse
-usr/share/nmap/scripts/http-auth.nse
-usr/share/nmap/scripts/http-avaya-ipoffice-users.nse
-usr/share/nmap/scripts/http-awstatstotals-exec.nse
-usr/share/nmap/scripts/http-axis2-dir-traversal.nse
-usr/share/nmap/scripts/http-backup-finder.nse
-usr/share/nmap/scripts/http-barracuda-dir-traversal.nse
-usr/share/nmap/scripts/http-bigip-cookie.nse
-usr/share/nmap/scripts/http-brute.nse
-usr/share/nmap/scripts/http-cakephp-version.nse
-usr/share/nmap/scripts/http-chrono.nse
-usr/share/nmap/scripts/http-cisco-anyconnect.nse
-usr/share/nmap/scripts/http-coldfusion-subzero.nse
-usr/share/nmap/scripts/http-comments-displayer.nse
-usr/share/nmap/scripts/http-config-backup.nse
-usr/share/nmap/scripts/http-cookie-flags.nse
-usr/share/nmap/scripts/http-cors.nse
-usr/share/nmap/scripts/http-cross-domain-policy.nse
-usr/share/nmap/scripts/http-csrf.nse
-usr/share/nmap/scripts/http-date.nse
-usr/share/nmap/scripts/http-default-accounts.nse
-usr/share/nmap/scripts/http-devframework.nse
-usr/share/nmap/scripts/http-dlink-backdoor.nse
-usr/share/nmap/scripts/http-dombased-xss.nse
-usr/share/nmap/scripts/http-domino-enum-passwords.nse
-usr/share/nmap/scripts/http-drupal-enum-users.nse
-usr/share/nmap/scripts/http-drupal-enum.nse
-usr/share/nmap/scripts/http-enum.nse
-usr/share/nmap/scripts/http-errors.nse
-usr/share/nmap/scripts/http-exif-spider.nse
-usr/share/nmap/scripts/http-favicon.nse
-usr/share/nmap/scripts/http-feed.nse
-usr/share/nmap/scripts/http-fetch.nse
-usr/share/nmap/scripts/http-fileupload-exploiter.nse
-usr/share/nmap/scripts/http-form-brute.nse
-usr/share/nmap/scripts/http-form-fuzzer.nse
-usr/share/nmap/scripts/http-frontpage-login.nse
-usr/share/nmap/scripts/http-generator.nse
-usr/share/nmap/scripts/http-git.nse
-usr/share/nmap/scripts/http-gitweb-projects-enum.nse
-usr/share/nmap/scripts/http-google-malware.nse
-usr/share/nmap/scripts/http-grep.nse
-usr/share/nmap/scripts/http-headers.nse
-usr/share/nmap/scripts/http-hp-ilo-info.nse
-usr/share/nmap/scripts/http-huawei-hg5xx-vuln.nse
-usr/share/nmap/scripts/http-icloud-findmyiphone.nse
-usr/share/nmap/scripts/http-icloud-sendmsg.nse
-usr/share/nmap/scripts/http-iis-short-name-brute.nse
-usr/share/nmap/scripts/http-iis-webdav-vuln.nse
-usr/share/nmap/scripts/http-internal-ip-disclosure.nse
-usr/share/nmap/scripts/http-joomla-brute.nse
-usr/share/nmap/scripts/http-jsonp-detection.nse
-usr/share/nmap/scripts/http-litespeed-sourcecode-download.nse
-usr/share/nmap/scripts/http-ls.nse
-usr/share/nmap/scripts/http-majordomo2-dir-traversal.nse
-usr/share/nmap/scripts/http-malware-host.nse
-usr/share/nmap/scripts/http-mcmp.nse
-usr/share/nmap/scripts/http-method-tamper.nse
-usr/share/nmap/scripts/http-methods.nse
-usr/share/nmap/scripts/http-mobileversion-checker.nse
-usr/share/nmap/scripts/http-ntlm-info.nse
-usr/share/nmap/scripts/http-open-proxy.nse
-usr/share/nmap/scripts/http-open-redirect.nse
-usr/share/nmap/scripts/http-passwd.nse
-usr/share/nmap/scripts/http-php-version.nse
-usr/share/nmap/scripts/http-phpmyadmin-dir-traversal.nse
-usr/share/nmap/scripts/http-phpself-xss.nse
-usr/share/nmap/scripts/http-proxy-brute.nse
-usr/share/nmap/scripts/http-put.nse
-usr/share/nmap/scripts/http-qnap-nas-info.nse
-usr/share/nmap/scripts/http-referer-checker.nse
-usr/share/nmap/scripts/http-rfi-spider.nse
-usr/share/nmap/scripts/http-robots.txt.nse
-usr/share/nmap/scripts/http-robtex-reverse-ip.nse
-usr/share/nmap/scripts/http-robtex-shared-ns.nse
-usr/share/nmap/scripts/http-sap-netweaver-leak.nse
-usr/share/nmap/scripts/http-security-headers.nse
-usr/share/nmap/scripts/http-server-header.nse
-usr/share/nmap/scripts/http-shellshock.nse
-usr/share/nmap/scripts/http-sitemap-generator.nse
-usr/share/nmap/scripts/http-slowloris-check.nse
-usr/share/nmap/scripts/http-slowloris.nse
-usr/share/nmap/scripts/http-sql-injection.nse
-usr/share/nmap/scripts/http-stored-xss.nse
-usr/share/nmap/scripts/http-svn-enum.nse
-usr/share/nmap/scripts/http-svn-info.nse
-usr/share/nmap/scripts/http-title.nse
-usr/share/nmap/scripts/http-tplink-dir-traversal.nse
-usr/share/nmap/scripts/http-trace.nse
-usr/share/nmap/scripts/http-traceroute.nse
-usr/share/nmap/scripts/http-trane-info.nse
-usr/share/nmap/scripts/http-unsafe-output-escaping.nse
-usr/share/nmap/scripts/http-useragent-tester.nse
-usr/share/nmap/scripts/http-userdir-enum.nse
-usr/share/nmap/scripts/http-vhosts.nse
-usr/share/nmap/scripts/http-virustotal.nse
-usr/share/nmap/scripts/http-vlcstreamer-ls.nse
-usr/share/nmap/scripts/http-vmware-path-vuln.nse
-usr/share/nmap/scripts/http-vuln-cve2006-3392.nse
-usr/share/nmap/scripts/http-vuln-cve2009-3960.nse
-usr/share/nmap/scripts/http-vuln-cve2010-0738.nse
-usr/share/nmap/scripts/http-vuln-cve2010-2861.nse
-usr/share/nmap/scripts/http-vuln-cve2011-3192.nse
-usr/share/nmap/scripts/http-vuln-cve2011-3368.nse
-usr/share/nmap/scripts/http-vuln-cve2012-1823.nse
-usr/share/nmap/scripts/http-vuln-cve2013-0156.nse
-usr/share/nmap/scripts/http-vuln-cve2013-6786.nse
-usr/share/nmap/scripts/http-vuln-cve2013-7091.nse
-usr/share/nmap/scripts/http-vuln-cve2014-2126.nse
-usr/share/nmap/scripts/http-vuln-cve2014-2127.nse
-usr/share/nmap/scripts/http-vuln-cve2014-2128.nse
-usr/share/nmap/scripts/http-vuln-cve2014-2129.nse
-usr/share/nmap/scripts/http-vuln-cve2014-3704.nse
-usr/share/nmap/scripts/http-vuln-cve2014-8877.nse
-usr/share/nmap/scripts/http-vuln-cve2015-1427.nse
-usr/share/nmap/scripts/http-vuln-cve2015-1635.nse
-usr/share/nmap/scripts/http-vuln-cve2017-1001000.nse
-usr/share/nmap/scripts/http-vuln-cve2017-5638.nse
-usr/share/nmap/scripts/http-vuln-cve2017-5689.nse
-usr/share/nmap/scripts/http-vuln-cve2017-8917.nse
-usr/share/nmap/scripts/http-vuln-misfortune-cookie.nse
-usr/share/nmap/scripts/http-vuln-wnr1000-creds.nse
-usr/share/nmap/scripts/http-waf-detect.nse
-usr/share/nmap/scripts/http-waf-fingerprint.nse
-usr/share/nmap/scripts/http-webdav-scan.nse
-usr/share/nmap/scripts/http-wordpress-brute.nse
-usr/share/nmap/scripts/http-wordpress-enum.nse
-usr/share/nmap/scripts/http-wordpress-users.nse
-usr/share/nmap/scripts/http-xssed.nse
-usr/share/nmap/scripts/https-redirect.nse
-usr/share/nmap/scripts/iax2-brute.nse
-usr/share/nmap/scripts/iax2-version.nse
-usr/share/nmap/scripts/icap-info.nse
-usr/share/nmap/scripts/iec-identify.nse
-usr/share/nmap/scripts/iec61850-mms.nse
-usr/share/nmap/scripts/ike-version.nse
-usr/share/nmap/scripts/imap-brute.nse
-usr/share/nmap/scripts/imap-capabilities.nse
-usr/share/nmap/scripts/imap-ntlm-info.nse
-usr/share/nmap/scripts/impress-remote-discover.nse
-usr/share/nmap/scripts/informix-brute.nse
-usr/share/nmap/scripts/informix-query.nse
-usr/share/nmap/scripts/informix-tables.nse
-usr/share/nmap/scripts/ip-forwarding.nse
-usr/share/nmap/scripts/ip-geolocation-geoplugin.nse
-usr/share/nmap/scripts/ip-geolocation-ipinfodb.nse
-usr/share/nmap/scripts/ip-geolocation-map-bing.nse
-usr/share/nmap/scripts/ip-geolocation-map-google.nse
-usr/share/nmap/scripts/ip-geolocation-map-kml.nse
-usr/share/nmap/scripts/ip-geolocation-maxmind.nse
-usr/share/nmap/scripts/ip-https-discover.nse
-usr/share/nmap/scripts/ipidseq.nse
-usr/share/nmap/scripts/ipmi-brute.nse
-usr/share/nmap/scripts/ipmi-cipher-zero.nse
-usr/share/nmap/scripts/ipmi-version.nse
-usr/share/nmap/scripts/ipv6-multicast-mld-list.nse
-usr/share/nmap/scripts/ipv6-node-info.nse
-usr/share/nmap/scripts/ipv6-ra-flood.nse
-usr/share/nmap/scripts/irc-botnet-channels.nse
-usr/share/nmap/scripts/irc-brute.nse
-usr/share/nmap/scripts/irc-info.nse
-usr/share/nmap/scripts/irc-sasl-brute.nse
-usr/share/nmap/scripts/irc-unrealircd-backdoor.nse
-usr/share/nmap/scripts/iscsi-brute.nse
-usr/share/nmap/scripts/iscsi-info.nse
-usr/share/nmap/scripts/isns-info.nse
-usr/share/nmap/scripts/jdwp-exec.nse
-usr/share/nmap/scripts/jdwp-info.nse
-usr/share/nmap/scripts/jdwp-inject.nse
-usr/share/nmap/scripts/jdwp-version.nse
-usr/share/nmap/scripts/knx-gateway-discover.nse
-usr/share/nmap/scripts/knx-gateway-info.nse
-usr/share/nmap/scripts/krb5-enum-users.nse
-usr/share/nmap/scripts/ldap-brute.nse
-usr/share/nmap/scripts/ldap-novell-getpass.nse
-usr/share/nmap/scripts/ldap-rootdse.nse
-usr/share/nmap/scripts/ldap-search.nse
-usr/share/nmap/scripts/lexmark-config.nse
-usr/share/nmap/scripts/llmnr-resolve.nse
-usr/share/nmap/scripts/lltd-discovery.nse
-usr/share/nmap/scripts/lu-enum.nse
-usr/share/nmap/scripts/maxdb-info.nse
-usr/share/nmap/scripts/mcafee-epo-agent.nse
-usr/share/nmap/scripts/membase-brute.nse
-usr/share/nmap/scripts/membase-http-info.nse
-usr/share/nmap/scripts/memcached-info.nse
-usr/share/nmap/scripts/metasploit-info.nse
-usr/share/nmap/scripts/metasploit-msgrpc-brute.nse
-usr/share/nmap/scripts/metasploit-xmlrpc-brute.nse
-usr/share/nmap/scripts/mikrotik-routeros-brute.nse
-usr/share/nmap/scripts/mmouse-brute.nse
-usr/share/nmap/scripts/mmouse-exec.nse
-usr/share/nmap/scripts/modbus-discover.nse
-usr/share/nmap/scripts/mongodb-brute.nse
-usr/share/nmap/scripts/mongodb-databases.nse
-usr/share/nmap/scripts/mongodb-info.nse
-usr/share/nmap/scripts/mqtt-subscribe.nse
-usr/share/nmap/scripts/mrinfo.nse
-usr/share/nmap/scripts/ms-sql-brute.nse
-usr/share/nmap/scripts/ms-sql-config.nse
-usr/share/nmap/scripts/ms-sql-dac.nse
-usr/share/nmap/scripts/ms-sql-dump-hashes.nse
-usr/share/nmap/scripts/ms-sql-empty-password.nse
-usr/share/nmap/scripts/ms-sql-hasdbaccess.nse
-usr/share/nmap/scripts/ms-sql-info.nse
-usr/share/nmap/scripts/ms-sql-ntlm-info.nse
-usr/share/nmap/scripts/ms-sql-query.nse
-usr/share/nmap/scripts/ms-sql-tables.nse
-usr/share/nmap/scripts/ms-sql-xp-cmdshell.nse
-usr/share/nmap/scripts/msrpc-enum.nse
-usr/share/nmap/scripts/mtrace.nse
-usr/share/nmap/scripts/multicast-profinet-discovery.nse
-usr/share/nmap/scripts/murmur-version.nse
-usr/share/nmap/scripts/mysql-audit.nse
-usr/share/nmap/scripts/mysql-brute.nse
-usr/share/nmap/scripts/mysql-databases.nse
-usr/share/nmap/scripts/mysql-dump-hashes.nse
-usr/share/nmap/scripts/mysql-empty-password.nse
-usr/share/nmap/scripts/mysql-enum.nse
-usr/share/nmap/scripts/mysql-info.nse
-usr/share/nmap/scripts/mysql-query.nse
-usr/share/nmap/scripts/mysql-users.nse
-usr/share/nmap/scripts/mysql-variables.nse
-usr/share/nmap/scripts/mysql-vuln-cve2012-2122.nse
-usr/share/nmap/scripts/nat-pmp-info.nse
-usr/share/nmap/scripts/nat-pmp-mapport.nse
-usr/share/nmap/scripts/nbd-info.nse
-usr/share/nmap/scripts/nbns-interfaces.nse
-usr/share/nmap/scripts/nbstat.nse
-usr/share/nmap/scripts/ncp-enum-users.nse
-usr/share/nmap/scripts/ncp-serverinfo.nse
-usr/share/nmap/scripts/ndmp-fs-info.nse
-usr/share/nmap/scripts/ndmp-version.nse
-usr/share/nmap/scripts/nessus-brute.nse
-usr/share/nmap/scripts/nessus-xmlrpc-brute.nse
-usr/share/nmap/scripts/netbus-auth-bypass.nse
-usr/share/nmap/scripts/netbus-brute.nse
-usr/share/nmap/scripts/netbus-info.nse
-usr/share/nmap/scripts/netbus-version.nse
-usr/share/nmap/scripts/nexpose-brute.nse
-usr/share/nmap/scripts/nfs-ls.nse
-usr/share/nmap/scripts/nfs-showmount.nse
-usr/share/nmap/scripts/nfs-statfs.nse
-usr/share/nmap/scripts/nje-node-brute.nse
-usr/share/nmap/scripts/nje-pass-brute.nse
-usr/share/nmap/scripts/nntp-ntlm-info.nse
-usr/share/nmap/scripts/nping-brute.nse
-usr/share/nmap/scripts/nrpe-enum.nse
-usr/share/nmap/scripts/ntp-info.nse
-usr/share/nmap/scripts/ntp-monlist.nse
-usr/share/nmap/scripts/omp2-brute.nse
-usr/share/nmap/scripts/omp2-enum-targets.nse
-usr/share/nmap/scripts/omron-info.nse
-usr/share/nmap/scripts/openflow-info.nse
-usr/share/nmap/scripts/openlookup-info.nse
-usr/share/nmap/scripts/openvas-otp-brute.nse
-usr/share/nmap/scripts/openwebnet-discovery.nse
-usr/share/nmap/scripts/oracle-brute-stealth.nse
-usr/share/nmap/scripts/oracle-brute.nse
-usr/share/nmap/scripts/oracle-enum-users.nse
-usr/share/nmap/scripts/oracle-sid-brute.nse
-usr/share/nmap/scripts/oracle-tns-version.nse
-usr/share/nmap/scripts/ovs-agent-version.nse
-usr/share/nmap/scripts/p2p-conficker.nse
-usr/share/nmap/scripts/path-mtu.nse
-usr/share/nmap/scripts/pcanywhere-brute.nse
-usr/share/nmap/scripts/pcworx-info.nse
-usr/share/nmap/scripts/pgsql-brute.nse
-usr/share/nmap/scripts/pjl-ready-message.nse
-usr/share/nmap/scripts/pop3-brute.nse
-usr/share/nmap/scripts/pop3-capabilities.nse
-usr/share/nmap/scripts/pop3-ntlm-info.nse
-usr/share/nmap/scripts/port-states.nse
-usr/share/nmap/scripts/pptp-version.nse
-usr/share/nmap/scripts/profinet-cm-lookup.nse
-usr/share/nmap/scripts/puppet-naivesigning.nse
-usr/share/nmap/scripts/qconn-exec.nse
-usr/share/nmap/scripts/qscan.nse
-usr/share/nmap/scripts/quake1-info.nse
-usr/share/nmap/scripts/quake3-info.nse
-usr/share/nmap/scripts/quake3-master-getservers.nse
-usr/share/nmap/scripts/rdp-enum-encryption.nse
-usr/share/nmap/scripts/rdp-ntlm-info.nse
-usr/share/nmap/scripts/rdp-vuln-ms12-020.nse
-usr/share/nmap/scripts/realvnc-auth-bypass.nse
-usr/share/nmap/scripts/redis-brute.nse
-usr/share/nmap/scripts/redis-info.nse
-usr/share/nmap/scripts/resolveall.nse
-usr/share/nmap/scripts/reverse-index.nse
-usr/share/nmap/scripts/rexec-brute.nse
-usr/share/nmap/scripts/rfc868-time.nse
-usr/share/nmap/scripts/riak-http-info.nse
-usr/share/nmap/scripts/rlogin-brute.nse
-usr/share/nmap/scripts/rmi-dumpregistry.nse
-usr/share/nmap/scripts/rmi-vuln-classloader.nse
-usr/share/nmap/scripts/rpc-grind.nse
-usr/share/nmap/scripts/rpcap-brute.nse
-usr/share/nmap/scripts/rpcap-info.nse
-usr/share/nmap/scripts/rpcinfo.nse
-usr/share/nmap/scripts/rsa-vuln-roca.nse
-usr/share/nmap/scripts/rsync-brute.nse
-usr/share/nmap/scripts/rsync-list-modules.nse
-usr/share/nmap/scripts/rtsp-methods.nse
-usr/share/nmap/scripts/rtsp-url-brute.nse
-usr/share/nmap/scripts/rusers.nse
-usr/share/nmap/scripts/s7-info.nse
-usr/share/nmap/scripts/samba-vuln-cve-2012-1182.nse
-usr/share/nmap/scripts/script.db
-usr/share/nmap/scripts/servicetags.nse
-usr/share/nmap/scripts/shodan-api.nse
-usr/share/nmap/scripts/sip-brute.nse
-usr/share/nmap/scripts/sip-call-spoof.nse
-usr/share/nmap/scripts/sip-enum-users.nse
-usr/share/nmap/scripts/sip-methods.nse
-usr/share/nmap/scripts/skypev2-version.nse
-usr/share/nmap/scripts/smb-brute.nse
-usr/share/nmap/scripts/smb-double-pulsar-backdoor.nse
-usr/share/nmap/scripts/smb-enum-domains.nse
-usr/share/nmap/scripts/smb-enum-groups.nse
-usr/share/nmap/scripts/smb-enum-processes.nse
-usr/share/nmap/scripts/smb-enum-services.nse
-usr/share/nmap/scripts/smb-enum-sessions.nse
-usr/share/nmap/scripts/smb-enum-shares.nse
-usr/share/nmap/scripts/smb-enum-users.nse
-usr/share/nmap/scripts/smb-flood.nse
-usr/share/nmap/scripts/smb-ls.nse
-usr/share/nmap/scripts/smb-mbenum.nse
-usr/share/nmap/scripts/smb-os-discovery.nse
-usr/share/nmap/scripts/smb-print-text.nse
-usr/share/nmap/scripts/smb-protocols.nse
-usr/share/nmap/scripts/smb-psexec.nse
-usr/share/nmap/scripts/smb-security-mode.nse
-usr/share/nmap/scripts/smb-server-stats.nse
-usr/share/nmap/scripts/smb-system-info.nse
-usr/share/nmap/scripts/smb-vuln-conficker.nse
-usr/share/nmap/scripts/smb-vuln-cve-2017-7494.nse
-usr/share/nmap/scripts/smb-vuln-cve2009-3103.nse
-usr/share/nmap/scripts/smb-vuln-ms06-025.nse
-usr/share/nmap/scripts/smb-vuln-ms07-029.nse
-usr/share/nmap/scripts/smb-vuln-ms08-067.nse
-usr/share/nmap/scripts/smb-vuln-ms10-054.nse
-usr/share/nmap/scripts/smb-vuln-ms10-061.nse
-usr/share/nmap/scripts/smb-vuln-ms17-010.nse
-usr/share/nmap/scripts/smb-vuln-regsvc-dos.nse
-usr/share/nmap/scripts/smb-vuln-webexec.nse
-usr/share/nmap/scripts/smb-webexec-exploit.nse
-usr/share/nmap/scripts/smb2-capabilities.nse
-usr/share/nmap/scripts/smb2-security-mode.nse
-usr/share/nmap/scripts/smb2-time.nse
-usr/share/nmap/scripts/smb2-vuln-uptime.nse
-usr/share/nmap/scripts/smtp-brute.nse
-usr/share/nmap/scripts/smtp-commands.nse
-usr/share/nmap/scripts/smtp-enum-users.nse
-usr/share/nmap/scripts/smtp-ntlm-info.nse
-usr/share/nmap/scripts/smtp-open-relay.nse
-usr/share/nmap/scripts/smtp-strangeport.nse
-usr/share/nmap/scripts/smtp-vuln-cve2010-4344.nse
-usr/share/nmap/scripts/smtp-vuln-cve2011-1720.nse
-usr/share/nmap/scripts/smtp-vuln-cve2011-1764.nse
-usr/share/nmap/scripts/sniffer-detect.nse
-usr/share/nmap/scripts/snmp-brute.nse
-usr/share/nmap/scripts/snmp-hh3c-logins.nse
-usr/share/nmap/scripts/snmp-info.nse
-usr/share/nmap/scripts/snmp-interfaces.nse
-usr/share/nmap/scripts/snmp-ios-config.nse
-usr/share/nmap/scripts/snmp-netstat.nse
-usr/share/nmap/scripts/snmp-processes.nse
-usr/share/nmap/scripts/snmp-sysdescr.nse
-usr/share/nmap/scripts/snmp-win32-services.nse
-usr/share/nmap/scripts/snmp-win32-shares.nse
-usr/share/nmap/scripts/snmp-win32-software.nse
-usr/share/nmap/scripts/snmp-win32-users.nse
-usr/share/nmap/scripts/socks-auth-info.nse
-usr/share/nmap/scripts/socks-brute.nse
-usr/share/nmap/scripts/socks-open-proxy.nse
-usr/share/nmap/scripts/ssh-auth-methods.nse
-usr/share/nmap/scripts/ssh-brute.nse
-usr/share/nmap/scripts/ssh-hostkey.nse
-usr/share/nmap/scripts/ssh-publickey-acceptance.nse
-usr/share/nmap/scripts/ssh-run.nse
-usr/share/nmap/scripts/ssh2-enum-algos.nse
-usr/share/nmap/scripts/sshv1.nse
-usr/share/nmap/scripts/ssl-ccs-injection.nse
-usr/share/nmap/scripts/ssl-cert-intaddr.nse
-usr/share/nmap/scripts/ssl-cert.nse
-usr/share/nmap/scripts/ssl-date.nse
-usr/share/nmap/scripts/ssl-dh-params.nse
-usr/share/nmap/scripts/ssl-enum-ciphers.nse
-usr/share/nmap/scripts/ssl-heartbleed.nse
-usr/share/nmap/scripts/ssl-known-key.nse
-usr/share/nmap/scripts/ssl-poodle.nse
-usr/share/nmap/scripts/sslv2-drown.nse
-usr/share/nmap/scripts/sslv2.nse
-usr/share/nmap/scripts/sstp-discover.nse
-usr/share/nmap/scripts/stun-info.nse
-usr/share/nmap/scripts/stun-version.nse
-usr/share/nmap/scripts/stuxnet-detect.nse
-usr/share/nmap/scripts/supermicro-ipmi-conf.nse
-usr/share/nmap/scripts/svn-brute.nse
-usr/share/nmap/scripts/targets-asn.nse
-usr/share/nmap/scripts/targets-ipv6-map4to6.nse
-usr/share/nmap/scripts/targets-ipv6-multicast-echo.nse
-usr/share/nmap/scripts/targets-ipv6-multicast-invalid-dst.nse
-usr/share/nmap/scripts/targets-ipv6-multicast-mld.nse
-usr/share/nmap/scripts/targets-ipv6-multicast-slaac.nse
-usr/share/nmap/scripts/targets-ipv6-wordlist.nse
-usr/share/nmap/scripts/targets-sniffer.nse
-usr/share/nmap/scripts/targets-traceroute.nse
-usr/share/nmap/scripts/targets-xml.nse
-usr/share/nmap/scripts/teamspeak2-version.nse
-usr/share/nmap/scripts/telnet-brute.nse
-usr/share/nmap/scripts/telnet-encryption.nse
-usr/share/nmap/scripts/telnet-ntlm-info.nse
-usr/share/nmap/scripts/tftp-enum.nse
-usr/share/nmap/scripts/tftp-version.nse
-usr/share/nmap/scripts/tls-alpn.nse
-usr/share/nmap/scripts/tls-nextprotoneg.nse
-usr/share/nmap/scripts/tls-ticketbleed.nse
-usr/share/nmap/scripts/tn3270-screen.nse
-usr/share/nmap/scripts/tor-consensus-checker.nse
-usr/share/nmap/scripts/traceroute-geolocation.nse
-usr/share/nmap/scripts/tso-brute.nse
-usr/share/nmap/scripts/tso-enum.nse
-usr/share/nmap/scripts/ubiquiti-discovery.nse
-usr/share/nmap/scripts/unittest.nse
-usr/share/nmap/scripts/unusual-port.nse
-usr/share/nmap/scripts/upnp-info.nse
-usr/share/nmap/scripts/uptime-agent-info.nse
-usr/share/nmap/scripts/url-snarf.nse
-usr/share/nmap/scripts/ventrilo-info.nse
-usr/share/nmap/scripts/versant-info.nse
-usr/share/nmap/scripts/vmauthd-brute.nse
-usr/share/nmap/scripts/vmware-version.nse
-usr/share/nmap/scripts/vnc-brute.nse
-usr/share/nmap/scripts/vnc-info.nse
-usr/share/nmap/scripts/vnc-title.nse
-usr/share/nmap/scripts/voldemort-info.nse
-usr/share/nmap/scripts/vtam-enum.nse
-usr/share/nmap/scripts/vulners.nse
-usr/share/nmap/scripts/vuze-dht-info.nse
-usr/share/nmap/scripts/wdb-version.nse
-usr/share/nmap/scripts/weblogic-t3-info.nse
-usr/share/nmap/scripts/whois-domain.nse
-usr/share/nmap/scripts/whois-ip.nse
-usr/share/nmap/scripts/wsdd-discover.nse
-usr/share/nmap/scripts/x11-access.nse
-usr/share/nmap/scripts/xdmcp-discover.nse
-usr/share/nmap/scripts/xmlrpc-methods.nse
-usr/share/nmap/scripts/xmpp-brute.nse
-usr/share/nmap/scripts/xmpp-info.nse
+usr/bin/nc
+usr/bin/ncat
+#usr/share/man/man1/ncat.1
+#usr/share/ncat
+#usr/share/ncat/ca-bundle.crt
diff --git a/lfs/ncat b/lfs/ncat
index 4e5b05180..e135b16ca 100644
--- a/lfs/ncat
+++ b/lfs/ncat
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/nmap-$(VER)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = ncat
-PAK_VER    = 11
+PAK_VER    = 12
 
 DEPS       =