From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZnWcZ2v4vz30sN for ; Wed, 30 Apr 2025 09:10:38 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZnWcZ2ccXz2xRF for ; Wed, 30 Apr 2025 09:10:38 +0000 (UTC) Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "people01.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZnWcY5ggRzGc for ; Wed, 30 Apr 2025 09:10:37 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1746004237; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=bK8OCchnRaXCEJOndq0xvwqRZeL2C+U2k1VI7mtjh3A=; b=GgpM1enMWM35IWw67ALoBpNPeGPkccrKgMmb/g3LPOwOTh7664fQd3Sn4gZV0dEi3YkQql W1Z6SIpGqbQNaiCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1746004237; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=bK8OCchnRaXCEJOndq0xvwqRZeL2C+U2k1VI7mtjh3A=; b=RvJ7FSKw7n0elkqPuEIiaX56gwg0XPWNHVlzIXhM0GxremcZk9jK7mvS8HxWzWbM90sQeE 7ViZefnGtV7MPVEjhHeD/oYYw4Lx2/BSXzQmQ9X6Jdfwb04ABhiSKS0OYfwKFDfiKjdJGk iS+0L0OeOV+ybSWmvO90k9Vy/RoQ/DuuJG+tIOzsZL88ZO48VNj9PYKptBnd+VC9tTv+l4 /tPGNS70mWT8931sjcSn5MQpFjAlce6Xz/2ESDaRYHDvW9AKqWFKVm1d75KgVwdhq2KABv ykTfTbzy1eeGgaB5bpCuQN/OWgSpo/SxpkstXg4Nlh2dZLH5ZZ/0eGl/Fi2Z2A== Received: by people01.haj.ipfire.org (Postfix, from userid 1000) id 4ZnWcY3cvxz2xfL; Wed, 30 Apr 2025 09:10:37 +0000 (UTC) To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. a1ea68d434cfe4587456d34b91cc742dd99baca1 X-Git-Refname: refs/heads/next X-Git-Reftype: branch X-Git-Oldrev: 057b3e49c5e8aadb2c35ee2c65641ad7b073dacb X-Git-Newrev: a1ea68d434cfe4587456d34b91cc742dd99baca1 Message-Id: <4ZnWcY3cvxz2xfL@people01.haj.ipfire.org> Date: Wed, 30 Apr 2025 09:10:37 +0000 (UTC) From: Michael Tremer Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via a1ea68d434cfe4587456d34b91cc742dd99baca1 (commit) via f0acc9e4a3a446307684dfe9ee9031313407546a (commit) via 5f0a9eb10ee55181179dbb54985c9559e5390ba9 (commit) via cc6e5188fa3f8ffaeb52f644e411195a7cfa12b8 (commit) via 73a2afbcf5b923c4b56637227d5621f7800d4d62 (commit) from 057b3e49c5e8aadb2c35ee2c65641ad7b073dacb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a1ea68d434cfe4587456d34b91cc742dd99baca1 Merge: 057b3e49c5 f0acc9e4a3 Author: Michael Tremer Date: Tue Apr 29 15:23:11 2025 +0000 Merge branch 'master' into next ----------------------------------------------------------------------- Summary of changes: config/backup/backup.pl | 12 ++++++++++++ config/rootfiles/oldcore/194/update.sh | 5 +++++ lfs/dnsdist | 6 +++--- 3 files changed, 20 insertions(+), 3 deletions(-) Difference in files: diff --git a/config/backup/backup.pl b/config/backup/backup.pl index b36296ee8..a830e8c07 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -319,6 +319,18 @@ restore_backup() { # start collectd after restore /etc/rc.d/init.d/collectd start + # Check if ipsec hosctcert.pem serial number is 1 and if the serial file does not contain 02 + # In this case set the serial file to 02 and empty the index.txt file + ARR=() + while IFS= read -r line; do + ARR+=("$line") + done <<< "$(openssl x509 -in /var/ipfire/certs/hostcert.pem -noout -text)" + if [ $(echo ${ARR[3]} | sed -E 's,^[^0-9]*([0-9]+).*$,\1,') = 1 ] && \ + [ $(expr $(cat "/var/ipfire/certs/serial") + 0) != 2 ]; then + sed -i "s/.*/02/" /var/ipfire/certs/serial + sed -i 'd' /var/ipfire/certs/index.txt + fi + # Restart ipsec if enabled # This will ensure that the restored certs and secrets etc are loaded and used if [ $(grep -c "ENABLED=on" /var/ipfire/vpn/settings) -eq 1 ] ; then diff --git a/config/rootfiles/oldcore/194/update.sh b/config/rootfiles/oldcore/194/update.sh index e1e9dde9b..b758c7bf6 100644 --- a/config/rootfiles/oldcore/194/update.sh +++ b/config/rootfiles/oldcore/194/update.sh @@ -103,6 +103,11 @@ ldconfig # Filesytem cleanup /usr/local/bin/filesystem-cleanup +# Increment ipsec serial file if x509 certificates present and no content in index.txt +if [ -e "/var/ipfire/certs/hostcert.pm" ] && [ -z "/var/ipfire/certs/index.txt" ]; then + sed -i "s/01/02/" /var/ipfire/certs/serial +fi + # Start services /etc/init.d/ipsec restart /etc/init.d/suricata restart diff --git a/lfs/dnsdist b/lfs/dnsdist index 656f62135..6ce6359fa 100644 --- a/lfs/dnsdist +++ b/lfs/dnsdist @@ -26,7 +26,7 @@ include Config SUMMARY = A highly DNS-, DoS- and abuse-aware loadbalancer -VER = 1.9.8 +VER = 1.9.9 THISAPP = dnsdist-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dnsdist -PAK_VER = 26 +PAK_VER = 27 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 854344eb6b82f98001171830715fe5cf564628405b4c79c07b43fccdbca0a4c9da7e527a748bc2972261a32ed9c51582eac2e6fdbef5c25bd71b161318a62155 +$(DL_FILE)_BLAKE2 = 54517c396d8b5b546e9bcc5890f6df0cfa8470b65d9c7dcece0c7d503fff3fc0d4e2898a7bda8e16f9935279849128293967b38865345fa4c963705b9c9b8cad install : $(TARGET) hooks/post-receive -- IPFire 2.x development tree