From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated.
 71cea32cd8ab84d174f1913a04b4751c8eacd69e
Date: Mon, 07 Oct 2024 09:16:04 +0000
Message-ID: <4XMYRS4TzZz2xft@people01.haj.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4050364875078699696=="
List-Id: <ipfire-scm.lists.ipfire.org>

--===============4050364875078699696==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  71cea32cd8ab84d174f1913a04b4751c8eacd69e (commit)
       via  388802662fea877c22fc57c95084c60bc40c402e (commit)
       via  d867ea26850725c9c230973eb12fdda44f8ffe23 (commit)
       via  d455578342ce1b54eeac30c6adf9f8531406e5d3 (commit)
       via  74f5f41372571c29b80db217a3d852ef0e613c6f (commit)
       via  b38609d64d0ea20f510d6a692d7114d9d331bd77 (commit)
      from  0e49a87ff0218385d2998664367c861dbc52638b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 71cea32cd8ab84d174f1913a04b4751c8eacd69e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Oct 7 09:15:40 2024 +0000

    core190: Ship Unbound again
   =20
    This was a late addition to c189
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 388802662fea877c22fc57c95084c60bc40c402e
Merge: d867ea2685 74f5f41372
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Oct 7 09:15:04 2024 +0000

    Merge branch 'master' into next

commit d867ea26850725c9c230973eb12fdda44f8ffe23
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Oct 7 09:14:37 2024 +0000

    core190: Ship rules.pl
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit d455578342ce1b54eeac30c6adf9f8531406e5d3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Oct 7 09:13:12 2024 +0000

    firewall: Flush SYN_FLOOD_PROTECTION
   =20
    This chain was not flushed when the firewall was being reloaded which
    made any ports appear as open when rules have been disabled or deleted.
   =20
    This has no security implications, but nevertheless isn't right.
   =20
    Reported-by: Adolf Belka <adolf.belka(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/firewall/rules.pl                                     | 1 +
 config/rootfiles/common/unbound                              | 2 +-
 config/rootfiles/core/190/filelists/files                    | 1 +
 config/rootfiles/{oldcore/106 =3D> core/190}/filelists/unbound | 0
 config/rootfiles/core/190/update.sh                          | 1 +
 config/rootfiles/oldcore/{106 =3D> 189}/filelists/unbound      | 0
 config/rootfiles/oldcore/189/update.sh                       | 1 +
 lfs/unbound                                                  | 4 ++--
 8 files changed, 7 insertions(+), 3 deletions(-)
 copy config/rootfiles/{oldcore/106 =3D> core/190}/filelists/unbound (100%)
 copy config/rootfiles/oldcore/{106 =3D> 189}/filelists/unbound (100%)

Difference in files:
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index e38f77242..c414f172c 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -221,6 +221,7 @@ sub flush {
 	run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE");
 	run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION");
 	run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX");
+	run("$IPTABLES -t raw -F SYN_FLOOD_PROTECT");
 }
=20
 sub buildrules {
diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound
index 03e382d2e..1da88aa9d 100644
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
 #usr/lib/libunbound.la
 #usr/lib/libunbound.so
 usr/lib/libunbound.so.8
-usr/lib/libunbound.so.8.1.28
+usr/lib/libunbound.so.8.1.29
 #usr/lib/pkgconfig/libunbound.pc
 usr/sbin/unbound
 usr/sbin/unbound-anchor
diff --git a/config/rootfiles/core/190/filelists/files b/config/rootfiles/cor=
e/190/filelists/files
index 0d9f889c1..2ee32fa74 100644
--- a/config/rootfiles/core/190/filelists/files
+++ b/config/rootfiles/core/190/filelists/files
@@ -13,6 +13,7 @@ srv/web/ipfire/cgi-bin/logs.cgi/log.dat
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
 usr/bin/suricata-watcher
+usr/lib/firewall/rules.pl
 usr/lib/perl5/5.36.0/xxxMACHINExxx-linux-thread-multi/Compress/Raw/Zlib.pm
 var/ipfire/backup/include
 var/ipfire/graphs.pl
diff --git a/config/rootfiles/core/190/filelists/unbound b/config/rootfiles/c=
ore/190/filelists/unbound
new file mode 120000
index 000000000..66adf0924
--- /dev/null
+++ b/config/rootfiles/core/190/filelists/unbound
@@ -0,0 +1 @@
+../../../common/unbound
\ No newline at end of file
diff --git a/config/rootfiles/core/190/update.sh b/config/rootfiles/core/190/=
update.sh
index ba7816216..ba24bc41e 100644
--- a/config/rootfiles/core/190/update.sh
+++ b/config/rootfiles/core/190/update.sh
@@ -62,6 +62,7 @@ fi
 /etc/init.d/sshd restart
 /etc/init.d/squid restart
 /etc/init.d/suricata start
+/etc/init.d/unbound restart
=20
 # This update needs a reboot...
 touch /var/run/need_reboot
diff --git a/config/rootfiles/oldcore/189/filelists/unbound b/config/rootfile=
s/oldcore/189/filelists/unbound
new file mode 120000
index 000000000..66adf0924
--- /dev/null
+++ b/config/rootfiles/oldcore/189/filelists/unbound
@@ -0,0 +1 @@
+../../../common/unbound
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/189/update.sh b/config/rootfiles/oldcor=
e/189/update.sh
index 43323f38a..cae569b80 100644
--- a/config/rootfiles/oldcore/189/update.sh
+++ b/config/rootfiles/oldcore/189/update.sh
@@ -349,6 +349,7 @@ ldconfig
 telinit u
=20
 # Start services
+/etc/init.d/unbound restart
 /etc/init.d/collectd restart
 /usr/local/bin/openvpnctrl -s
 /usr/local/bin/openvpnctrl -sn2n
diff --git a/lfs/unbound b/lfs/unbound
index f10fed82d..d8efaf872 100644
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 1.21.0
+VER        =3D 1.21.1
=20
 THISAPP    =3D unbound-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D f6dc7b60e0071d3a7e7e687eb76fd086590ac69da954775c85bd09=
d8caa5e0cc4181c97fc14a75d2235f3b182d2d5b0b9120e453beb4e112af67ac80216cfca9
+$(DL_FILE)_BLAKE2 =3D 4a14019a52c7f0641a6cfcb946be3016d9fd722acff7eeb5ea2438=
08621af9fc05d2bb4dcba1024f134eb6ec609994e5a07b6c4b6bc0b8cc639b35db1546acd1
=20
 install : $(TARGET)
=20


hooks/post-receive
--
IPFire 2.x development tree

--===============4050364875078699696==--