This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, next has been updated via 71cea32cd8ab84d174f1913a04b4751c8eacd69e (commit) via 388802662fea877c22fc57c95084c60bc40c402e (commit) via d867ea26850725c9c230973eb12fdda44f8ffe23 (commit) via d455578342ce1b54eeac30c6adf9f8531406e5d3 (commit) via 74f5f41372571c29b80db217a3d852ef0e613c6f (commit) via b38609d64d0ea20f510d6a692d7114d9d331bd77 (commit) from 0e49a87ff0218385d2998664367c861dbc52638b (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit 71cea32cd8ab84d174f1913a04b4751c8eacd69e Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 7 09:15:40 2024 +0000

core190: Ship Unbound again

This was a late addition to c189

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 388802662fea877c22fc57c95084c60bc40c402e Merge: d867ea2685 74f5f41372 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 7 09:15:04 2024 +0000

Merge branch 'master' into next

commit d867ea26850725c9c230973eb12fdda44f8ffe23 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 7 09:14:37 2024 +0000

core190: Ship rules.pl

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit d455578342ce1b54eeac30c6adf9f8531406e5d3 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 7 09:13:12 2024 +0000

firewall: Flush SYN_FLOOD_PROTECTION

This chain was not flushed when the firewall was being reloaded which made any ports appear as open when rules have been disabled or deleted.

This has no security implications, but nevertheless isn't right.

Reported-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org

-----------------------------------------------------------------------

Summary of changes: config/firewall/rules.pl | 1 + config/rootfiles/common/unbound | 2 +- config/rootfiles/core/190/filelists/files | 1 + config/rootfiles/{oldcore/106 => core/190}/filelists/unbound | 0 config/rootfiles/core/190/update.sh | 1 + config/rootfiles/oldcore/{106 => 189}/filelists/unbound | 0 config/rootfiles/oldcore/189/update.sh | 1 + lfs/unbound | 4 ++-- 8 files changed, 7 insertions(+), 3 deletions(-) copy config/rootfiles/{oldcore/106 => core/190}/filelists/unbound (100%) copy config/rootfiles/oldcore/{106 => 189}/filelists/unbound (100%)

Difference in files: diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index e38f77242..c414f172c 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -221,6 +221,7 @@ sub flush { run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE"); run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION"); run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX"); + run("$IPTABLES -t raw -F SYN_FLOOD_PROTECT"); }

sub buildrules { diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 03e382d2e..1da88aa9d 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.1.28 +usr/lib/libunbound.so.8.1.29 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/config/rootfiles/core/190/filelists/files b/config/rootfiles/core/190/filelists/files index 0d9f889c1..2ee32fa74 100644 --- a/config/rootfiles/core/190/filelists/files +++ b/config/rootfiles/core/190/filelists/files @@ -13,6 +13,7 @@ srv/web/ipfire/cgi-bin/logs.cgi/log.dat srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi usr/bin/suricata-watcher +usr/lib/firewall/rules.pl usr/lib/perl5/5.36.0/xxxMACHINExxx-linux-thread-multi/Compress/Raw/Zlib.pm var/ipfire/backup/include var/ipfire/graphs.pl diff --git a/config/rootfiles/core/190/filelists/unbound b/config/rootfiles/core/190/filelists/unbound new file mode 120000 index 000000000..66adf0924 --- /dev/null +++ b/config/rootfiles/core/190/filelists/unbound @@ -0,0 +1 @@ +../../../common/unbound \ No newline at end of file diff --git a/config/rootfiles/core/190/update.sh b/config/rootfiles/core/190/update.sh index ba7816216..ba24bc41e 100644 --- a/config/rootfiles/core/190/update.sh +++ b/config/rootfiles/core/190/update.sh @@ -62,6 +62,7 @@ fi /etc/init.d/sshd restart /etc/init.d/squid restart /etc/init.d/suricata start +/etc/init.d/unbound restart

# This update needs a reboot... touch /var/run/need_reboot diff --git a/config/rootfiles/oldcore/189/filelists/unbound b/config/rootfiles/oldcore/189/filelists/unbound new file mode 120000 index 000000000..66adf0924 --- /dev/null +++ b/config/rootfiles/oldcore/189/filelists/unbound @@ -0,0 +1 @@ +../../../common/unbound \ No newline at end of file diff --git a/config/rootfiles/oldcore/189/update.sh b/config/rootfiles/oldcore/189/update.sh index 43323f38a..cae569b80 100644 --- a/config/rootfiles/oldcore/189/update.sh +++ b/config/rootfiles/oldcore/189/update.sh @@ -349,6 +349,7 @@ ldconfig telinit u

# Start services +/etc/init.d/unbound restart /etc/init.d/collectd restart /usr/local/bin/openvpnctrl -s /usr/local/bin/openvpnctrl -sn2n diff --git a/lfs/unbound b/lfs/unbound index f10fed82d..d8efaf872 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -24,7 +24,7 @@

include Config

-VER = 1.21.0 +VER = 1.21.1

THISAPP = unbound-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = f6dc7b60e0071d3a7e7e687eb76fd086590ac69da954775c85bd09d8caa5e0cc4181c97fc14a75d2235f3b182d2d5b0b9120e453beb4e112af67ac80216cfca9 +$(DL_FILE)_BLAKE2 = 4a14019a52c7f0641a6cfcb946be3016d9fd722acff7eeb5ea243808621af9fc05d2bb4dcba1024f134eb6ec609994e5a07b6c4b6bc0b8cc639b35db1546acd1

install : $(TARGET)

hooks/post-receive -- IPFire 2.x development tree