[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 745db366f92f55e0968cfbc12e25153a01078035

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 745db366f92f55e0968cfbc12e25153a01078035
@ 2025-12-16 10:04 Michael Tremer
  0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-12-16 10:04 UTC (permalink / raw)
  To: ipfire-scm

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  745db366f92f55e0968cfbc12e25153a01078035 (commit)
       via  8fc45892adac49f478803037d7235f36d627751e (commit)
       via  3484ca7289adf920ba4beb16e08c92bf7545ec55 (commit)
      from  ccc95f5e34c31df6dcd3e68484ef9b9c6af3c38d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 745db366f92f55e0968cfbc12e25153a01078035
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Tue Dec 16 10:03:47 2025 +0000

    core200: Restart IPsec during the update
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 8fc45892adac49f478803037d7235f36d627751e
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Mon Dec 15 22:46:49 2025 +0100

    core200: Ship Strongswan
    
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 3484ca7289adf920ba4beb16e08c92bf7545ec55
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Mon Dec 15 22:46:50 2025 +0100

    strongswan: Update to version 6.0.4
    
    - Update from version 6.0.3 to 6.0.4
    - No change to the rootfile
    - Changelog
        6.0.4
    	Vulnerabilities
    	    Fixed a vulnerability in the NetworkManager plugin that potentially allows
    		using credentials of other local users. This vulnerability has been
    		registered as CVE-2025-9615. Please refer to our blog for details.
    	Enhancements and Optimizations
    	    Concurrent requests to fetch the same CRL URI by multiple threads are now
    		combined by the revocation plugin (#2918). Only the first thread
    		actually fetches it, the others wait for that result. This is
    		particularly helpful if the CRL can currently not be fetched due to DNS
    		or HTTP/LDAP timeouts as it avoids that each thread has to wait
    		individually, reducing the number of SAs that can concurrently be
    		established as threads are blocked longer. A negative result is cached
    		for a while (currently 30 seconds) so requests can fail quickly and
    		threads can continue establishing SAs if they use a relaxed revocation
    		policy.
    	    The maximum supported length for section names in swanctl.conf has been
    		increased to the upper limit of 256 characters that's enforced by VICI
    		(#2936).
    	Fixes
    	    Prevent a crash if a confused peer rekeys a Child SA twice before sending a
    		delete (#2945).
    	    Fixed a memory leak if a peer's self-signed certificate is untrusted (#2954).
    
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/{oldcore/106 => core/200}/filelists/strongswan | 0
 config/rootfiles/core/200/update.sh                             | 1 +
 lfs/strongswan                                                  | 4 ++--
 3 files changed, 3 insertions(+), 2 deletions(-)
 copy config/rootfiles/{oldcore/106 => core/200}/filelists/strongswan (100%)

Difference in files:
diff --git a/config/rootfiles/core/200/filelists/strongswan b/config/rootfiles/core/200/filelists/strongswan
new file mode 120000
index 000000000..90c727e26
--- /dev/null
+++ b/config/rootfiles/core/200/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file
diff --git a/config/rootfiles/core/200/update.sh b/config/rootfiles/core/200/update.sh
index 3005baa43..b2b078811 100644
--- a/config/rootfiles/core/200/update.sh
+++ b/config/rootfiles/core/200/update.sh
@@ -76,6 +76,7 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
 /etc/init.d/apache restart
 /etc/init.d/unbound restart
 /etc/init.d/openvpn-rw restart
+/etc/init.d/ipsec restart
 
 # Build initial ramdisks (for intel-microcode & dracut-ng)
 dracut --regenerate-all --force
diff --git a/lfs/strongswan b/lfs/strongswan
index 728e01636..a993dd39e 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.0.3
+VER        = 6.0.4
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 355dff5de259e545b1bb5e24853dc91148c3d400b1977a2de35271e019dfc236c838ccac4552974a4999e2768900150c432753fc0d422444d4cc34486566e192
+$(DL_FILE)_BLAKE2 = 2291900bda3e679cb68f35e44fe20011d82b44e7a9ed3fd0ae7c40ed57154c5ecded1ab5bffc9ab30c93de667ef9b103a7da1a2b31d8e2eae97b268f0be11f01
 
 install : $(TARGET)
 


hooks/post-receive
--
IPFire 2.x development tree


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2025-12-16 10:04 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-12-16 10:04 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 745db366f92f55e0968cfbc12e25153a01078035 Michael Tremer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox