openvpn-2.6.0 - Setup for openssl-3.x and with some older deprecated options now removed. Breakage point for IPFire?
strongSwan 6.x drops the "stroke" interface, how do we deal with that?
IPFire Event - Narrow down any dates
Infrastructure Update
Better packed Git repositories
New Server: Parts are ordered, waiting for assembly
Feedback on Core Update 173 Testing
How to deal with multiple sources for IPFire package tarballs
Attendees
Adolf
Arne
Daniel
Michael
Peter
Log
Core Update 173 testing feedback
Peter has to double-check that all CGI files are properly shipped
Also, OpenVPN needs to be shipped en block to apply the authenticator changes
libtirpc is still a dependency to another add-on, which must be updated as well
Note to Peter: Take care of rootfile changes on some architectures
Also, there are some quirks in the testing announcement :-)
Michael updates the documentation for QMI changes
OpenSSL security release scheduled for tomorrow, Peter takes care
OpenVPN 2.6.0 introducing breaking changes
Support for 64-bit ciphers has been removed
Some other things we currently rely on (subnet config, etc.) are no longer in there as well
We can smooth this transition somewhat, but there is no way of getting around touch the clients' configuration
How do we plan to (no, sorry, "potentially") move forward:
1. We have to stay on OpenVPN 2.5.x and OpenSSL 1.1.1x for the time being
2. Erik submitted a patchset in 2021 which is a good starting point
3. Adolf will have a look at it and compile an applicable patchset from it, if possible
4. The cipher changes will have to go out first, the subnet changes are still a bit away
strongSwan 6.x
This needs quite some work, but at least we can do all that without breaking existing connections
How to deal with multiple sources for IPFire package tarballs
Given occasion: colm and ragel
"If I'm looking for something, how am I supposed to know where I should get it from?"
What is the first preference if there are multiple? GitHub? Website? ???
Answer: Try to go for the maintainers' tarball, if possible. If GitHub is required, try to avoid the auto generated tarballs.
Michael has taken care of the orphaned colm and ragel tarballs, so Adolf can upload the proper tarballs now
Adolf gets in touch with Stefan regarding some Suricata bugs (we wish Stefan all the best)