This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 27d1dc083ecc49cd11f57b975f8daf599eb436f4 (commit) via b074ebd6ad688124d5dfdcc2ed614040553afd7e (commit) from 1ad192722a9ecd0b0f0afc008da020b9534e57d6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 27d1dc083ecc49cd11f57b975f8daf599eb436f4 Author: Peter Müller Date: Thu May 12 18:06:59 2022 +0000 Core Update 168: Ship and restart strongSwan Signed-off-by: Peter Müller commit b074ebd6ad688124d5dfdcc2ed614040553afd7e Author: Peter Müller Date: Thu May 12 18:04:52 2022 +0000 strongSwan: Update to 5.9.6 See: https://github.com/strongswan/strongswan/releases/tag/5.9.6 Since this addresses security issues, and also with regards to reports such as https://community.ipfire.org/t/core-update-167-ipsec-issue/7893, I take the liberty to push this straight into Core Update 168. Signed-off-by: Peter Müller ----------------------------------------------------------------------- Summary of changes: config/rootfiles/{oldcore/106 => core/168}/filelists/strongswan | 0 config/rootfiles/core/168/update.sh | 4 ++++ lfs/strongswan | 4 ++-- 3 files changed, 6 insertions(+), 2 deletions(-) copy config/rootfiles/{oldcore/106 => core/168}/filelists/strongswan (100%) Difference in files: diff --git a/config/rootfiles/core/168/filelists/strongswan b/config/rootfiles/core/168/filelists/strongswan new file mode 120000 index 000000000..90c727e26 --- /dev/null +++ b/config/rootfiles/core/168/filelists/strongswan @@ -0,0 +1 @@ +../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/168/update.sh b/config/rootfiles/core/168/update.sh index d21f648dd..e11e08b7f 100644 --- a/config/rootfiles/core/168/update.sh +++ b/config/rootfiles/core/168/update.sh @@ -32,6 +32,7 @@ for (( i=1; i<=$core; i++ )); do done # Stop services +/etc/init.d/ipsec stop /etc/init.d/squid stop /usr/local/bin/openvpnctrl -k /usr/local/bin/openvpnctrl -kn2n @@ -128,6 +129,9 @@ esac /usr/local/bin/openvpnctrl -s /usr/local/bin/openvpnctrl -sn2n /etc/init.d/suricata start +if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then + /etc/init.d/ipsec start +fi # This update needs a reboot... touch /var/run/need_reboot diff --git a/lfs/strongswan b/lfs/strongswan index ae1be29f4..a32c103d7 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@ include Config -VER = 5.9.5 +VER = 5.9.6 THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 8b3adc44d5f5eb3824845ce9eda75e7b75f0f7394fbe84f827f4a8177e5299ca7170103ee6cd76e1e18aef85d7f124a43a505ceaf41ec4ed575eb214ebb6af21 +$(DL_FILE)_BLAKE2 = 4021a10611e66f9e2e4e432bdfb9de0f94d27ba1be1b7d4e4b8bf3cd797c123658993e60eb3d49c424b479558e9581bb069a345a70f55850d1faf5abaa401246 install : $(TARGET) hooks/post-receive -- IPFire 2.x development tree