From 53929f5ae8a2edc8dff4484b4d293fcba5dd50af Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 21 Feb 2018 12:39:55 +0000 Subject: [PATCH] core120: Ship updated OpenSSL 1.1.0 Signed-off-by: Michael Tremer --- config/rootfiles/core/120/filelists/Net_SSLeay | 1 + config/rootfiles/core/120/filelists/cyrus-sasl | 1 + config/rootfiles/core/120/filelists/files | 2 ++ .../core/120/filelists/i586/openssl-sse2 | 1 + config/rootfiles/core/120/filelists/openssh | 1 + config/rootfiles/core/120/filelists/openssl | 1 + .../core/120/filelists/openssl-compat | 1 + config/rootfiles/core/120/filelists/openvpn | 1 + .../rootfiles/core/120/filelists/python-typing | 1 + config/rootfiles/core/120/filelists/wget | 1 + config/rootfiles/core/120/update.sh | 18 ++++++++++++++++++ 11 files changed, 29 insertions(+) create mode 120000 config/rootfiles/core/120/filelists/Net_SSLeay create mode 120000 config/rootfiles/core/120/filelists/cyrus-sasl create mode 120000 config/rootfiles/core/120/filelists/i586/openssl-sse2 create mode 120000 config/rootfiles/core/120/filelists/openssh create mode 120000 config/rootfiles/core/120/filelists/openssl create mode 120000 config/rootfiles/core/120/filelists/openssl-compat create mode 120000 config/rootfiles/core/120/filelists/openvpn create mode 120000 config/rootfiles/core/120/filelists/python-typing create mode 120000 config/rootfiles/core/120/filelists/wget diff --git a/config/rootfiles/core/120/filelists/Net_SSLeay b/config/rootfiles/core/120/filelists/Net_SSLeay new file mode 120000 index 0000000000..13fe0560cf --- /dev/null +++ b/config/rootfiles/core/120/filelists/Net_SSLeay @@ -0,0 +1 @@ +../../../common/Net_SSLeay \ No newline at end of file diff --git a/config/rootfiles/core/120/filelists/cyrus-sasl b/config/rootfiles/core/120/filelists/cyrus-sasl new file mode 120000 index 0000000000..bb51b4c92c --- /dev/null +++ b/config/rootfiles/core/120/filelists/cyrus-sasl @@ -0,0 +1 @@ +../../../common/cyrus-sasl \ No newline at end of file diff --git a/config/rootfiles/core/120/filelists/files b/config/rootfiles/core/120/filelists/files index 168c7d188b..4baf08ebf5 100644 --- a/config/rootfiles/core/120/filelists/files +++ b/config/rootfiles/core/120/filelists/files @@ -1,3 +1,5 @@ etc/system-release etc/issue +etc/fcron.daily/openvpn-crl-updater +srv/web/ipfire/cgi-bin/ovpnmain.cgi var/ipfire/langs diff --git a/config/rootfiles/core/120/filelists/i586/openssl-sse2 b/config/rootfiles/core/120/filelists/i586/openssl-sse2 new file mode 120000 index 0000000000..f424713d6c --- /dev/null +++ b/config/rootfiles/core/120/filelists/i586/openssl-sse2 @@ -0,0 +1 @@ +../../../../common/i586/openssl-sse2 \ No newline at end of file diff --git a/config/rootfiles/core/120/filelists/openssh b/config/rootfiles/core/120/filelists/openssh new file mode 120000 index 0000000000..d8c77fd8e7 --- /dev/null +++ b/config/rootfiles/core/120/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/120/filelists/openssl b/config/rootfiles/core/120/filelists/openssl new file mode 120000 index 0000000000..e011a9266c --- /dev/null +++ b/config/rootfiles/core/120/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/120/filelists/openssl-compat b/config/rootfiles/core/120/filelists/openssl-compat new file mode 120000 index 0000000000..c9fa421324 --- /dev/null +++ b/config/rootfiles/core/120/filelists/openssl-compat @@ -0,0 +1 @@ +../../../common/openssl-compat \ No newline at end of file diff --git a/config/rootfiles/core/120/filelists/openvpn b/config/rootfiles/core/120/filelists/openvpn new file mode 120000 index 0000000000..493f3f7a42 --- /dev/null +++ b/config/rootfiles/core/120/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/120/filelists/python-typing b/config/rootfiles/core/120/filelists/python-typing new file mode 120000 index 0000000000..fc7f075a0f --- /dev/null +++ b/config/rootfiles/core/120/filelists/python-typing @@ -0,0 +1 @@ +../../../common/python-typing \ No newline at end of file diff --git a/config/rootfiles/core/120/filelists/wget b/config/rootfiles/core/120/filelists/wget new file mode 120000 index 0000000000..fcb57dfec8 --- /dev/null +++ b/config/rootfiles/core/120/filelists/wget @@ -0,0 +1 @@ +../../../common/wget \ No newline at end of file diff --git a/config/rootfiles/core/120/update.sh b/config/rootfiles/core/120/update.sh index 9986316e9f..c9bbd47232 100644 --- a/config/rootfiles/core/120/update.sh +++ b/config/rootfiles/core/120/update.sh @@ -42,7 +42,25 @@ ldconfig # Update Language cache /usr/local/bin/update-lang-cache +# Changed and new OpenVPN-2.4 directives will wrote to server.conf and renew CRL while update an core update +if [ -e /var/ipfire/ovpn/server.conf ]; then + openvpnctrl -k + + # Update configuration directives + sed -i -e 's/script-security 3 system/script-security 3/' \ + -e '/status .*/ a ncp-disable' /var/ipfire/ovpn/server.conf + + # Update the OpenVPN CRL + openssl ca -gencrl -keyfile /var/ipfire/ovpn/ca/cakey.pem \ + -cert /var/ipfire/ovpn/ca/cacert.pem \ + -out /var/ipfire/ovpn/crls/cacrl.pem \ + -config /var/ipfire/ovpn/openssl/ovpn.cnf + + openvpnctrl -s +fi + # Start services +/etc/init.d/apache restart # This update needs a reboot... touch /var/run/need_reboot -- 2.39.2