From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ipfire-scm+bounces-171-archive=lists.ipfire.org@lists.ipfire.org>
Received: from mail02.haj.ipfire.org (localhost [IPv6:::1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cB8dp44yGz2xSN
	for <archive@lists.ipfire.org>; Tue, 26 Aug 2025 14:08:30 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cB8dp3rRvz2xQT
	for <ipfire-scm@lists.ipfire.org>; Tue, 26 Aug 2025 14:08:30 +0000 (UTC)
Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "people01.haj.ipfire.org", Issuer "E5" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4cB8dn4HWlz2Q
	for <ipfire-scm@lists.ipfire.org>; Tue, 26 Aug 2025 14:08:29 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1756217309;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc; bh=zsLT1GEtq2JRvox2DWeg8PmU45j/QxeOJWrFRN6Ar9Q=;
	b=KFcN+2EkZebtjxsKmUVgMtcFFUo4kHlE+nT1wNHE2VQXWVSNvUy4GPBYCvBV+xPYo48OZO
	hfCZBwn1b8xeQiCg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa;
	t=1756217309;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc; bh=zsLT1GEtq2JRvox2DWeg8PmU45j/QxeOJWrFRN6Ar9Q=;
	b=Bnz3dx6Wk+ew3g25GpFxzTKZCLdzwgtiLac0y/VyZ3rZbYUBAWVGfECiLgunDDKVfsv9Dr
	bGZeczcL7VZdsDDfuNCVd48gqDqze1a0TmT9GFossnIuametlshieVnH41tw6QPE1o/zEI
	xKD44BRrfeQiVlMFBv85Kb9D0aOfMrE5tZuKOBnlljXa6UcV3MWr2LSaKWiLgQFP5wWvuV
	j+byBWYeY35NgIaVJzE3IMPW2wr+fSuod8qUkQ5422dp8ncVb67tLJEMxgbFFwHBXeEYB3
	gXlmK7Xm+84XZyRnCV48ro+LeUq+d0RF6WKZXp7IeT8ToFr+wYqXoQ+rPLxDpQ==
Received: by people01.haj.ipfire.org (Postfix, from userid 1000)
	id 4cB8dn2MSKz2y1V; Tue, 26 Aug 2025 14:08:29 +0000 (UTC)
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 198025111e37a80944dbab9ddd57967945e27949
X-Git-Refname: refs/heads/master
X-Git-Reftype: branch
X-Git-Oldrev: 97469fbdd20c7c47b9d1f2df6b57f60ccda16560
X-Git-Newrev: 198025111e37a80944dbab9ddd57967945e27949
Message-Id: <4cB8dn2MSKz2y1V@people01.haj.ipfire.org>
Date: Tue, 26 Aug 2025 14:08:29 +0000 (UTC)
From: Michael Tremer <git@ipfire.org>
Precedence: list
List-Id: <ipfire-scm.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:ipfire-scm+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:ipfire-scm+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:ipfire-scm@lists.ipfire.org>
List-Help: <mailto:ipfire-scm+help@lists.ipfire.org?subject=help>
Sender: <ipfire-scm@lists.ipfire.org>
Mail-Followup-To: <ipfire-scm@lists.ipfire.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  198025111e37a80944dbab9ddd57967945e27949 (commit)
       via  7245ddf773b78be5fd0675d2e260b3da7855ac2c (commit)
      from  97469fbdd20c7c47b9d1f2df6b57f60ccda16560 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 198025111e37a80944dbab9ddd57967945e27949
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Mon Aug 25 11:19:14 2025 +0200

    update.sh: Ensure ncp-disable is removed from config and DATACIPHERS added
    
    - This is doing the same thing as the other patch of this series dealing with backup.pl
    
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 7245ddf773b78be5fd0675d2e260b3da7855ac2c
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Mon Aug 25 11:19:13 2025 +0200

    backup.pl: Ensure ncp-disable is removed from old backups and DATACIPHERS added
    
    - With commit https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=e04f5376ba18767a6a9eccf104c472295a75340b
       then the settings file which is hashed into %vpnsettings already exists and so none
       of the defaults are set. Running the ovpnmain.cgi code resolves this for most of the
       settings but not for ncp-disable being present in server.conf and no DATACIPHERS entry
       in the settings file. ncp-disable then causes the openvpn server to fail to start as
       it is no longer recognised in OpenVPN-2.6
    - This patch checks if ncp-disable is in the server.conf file from the restored backup
       and if it is it is then removed and the default values for DATACIPHERS is added into
       the settings file.
    - Tested out in my vm testbed and successfully worked. The previously found issue after
       the above patch was added in has been resolved.
    - Associated patch in this set is to do a similar thing for the update.sh file for CU197
    
    Tested-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/backup/backup.pl             | 5 +++++
 config/rootfiles/core/197/update.sh | 4 ++++
 2 files changed, 9 insertions(+)

Difference in files:
diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index e79f510c6..42d24aa3c 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -350,6 +350,11 @@ restore_backup() {
 	fi
 
 	# Update the OpenVPN configuration and restart the openvpn daemons
+	if grep -q "ncp-disable" /var/ipfire/ovpn/server.conf; then
+		sed -r -e "/ncp-disable/d" -i /var/ipfire/ovpn/server.conf
+		echo "DATACIPHERS=AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305" >> \
+			/var/ipfire/ovpn/settings
+	fi
 	sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
 	/etc/init.d/openvpn-n2n restart
 	/etc/init.d/openvpn-rw restart
diff --git a/config/rootfiles/core/197/update.sh b/config/rootfiles/core/197/update.sh
index 0fd5cc6f0..f1800b2c0 100644
--- a/config/rootfiles/core/197/update.sh
+++ b/config/rootfiles/core/197/update.sh
@@ -123,6 +123,10 @@ ldconfig
 /usr/local/bin/filesystem-cleanup
 
 # Update the OpenVPN configuration
+if grep -q "ncp-disable" /var/ipfire/ovpn/server.conf; then
+	sed -r -e "/ncp-disable/d" -i /var/ipfire/ovpn/server.conf
+	echo "DATACIPHERS=AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305" >> /var/ipfire/ovpn/settings
+fi
 sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
 
 # Apply SSH configuration


hooks/post-receive
--
IPFire 2.x development tree