Update to 7.5

Doxyfile

@@ -1,13 +1,14 @@
-# Doxyfile 1.9.8
+# Doxyfile 1.10.0
 
 #---------------------------------------------------------------------------
 # Project related configuration options
 #---------------------------------------------------------------------------
 DOXYFILE_ENCODING      = UTF-8
 PROJECT_NAME           = "PF Rule Editor"
-PROJECT_NUMBER         = 7.4
+PROJECT_NUMBER         = 7.5
 PROJECT_BRIEF          =
 PROJECT_LOGO           =
+PROJECT_ICON           =
 OUTPUT_DIRECTORY       = ./docs
 CREATE_SUBDIRS         = NO
 CREATE_SUBDIRS_LEVEL   = 8
@@ -182,6 +183,8 @@ HTML_COLORSTYLE_GAMMA  = 80
 HTML_DYNAMIC_MENUS     = YES
 HTML_DYNAMIC_SECTIONS  = NO
 HTML_CODE_FOLDING      = YES
+HTML_COPY_CLIPBOARD    = YES
+HTML_PROJECT_COOKIE    =
 HTML_INDEX_NUM_ENTRIES = 100
 GENERATE_DOCSET        = NO
 DOCSET_FEEDNAME        = "Doxygen generated docs"
@@ -356,3 +359,5 @@ MAX_DOT_GRAPH_DEPTH    = 0
 DOT_MULTI_TARGETS      = NO
 GENERATE_LEGEND        = YES
 DOT_CLEANUP            = YES
+MSCGEN_TOOL            =
+MSCFILE_DIRS           =

README.md

@@ -58,8 +58,8 @@ You can find a couple of screenshots on the [wiki](https://github.com/sonertari/
 
 Here are the basic steps to obtain a working PFRE installation:
 
-- Install OpenBSD 7.4, perhaps on a VM.
-- Install PHP 8.2.3, php-pcntl, and php-cgi.
+- Install OpenBSD 7.5, perhaps on a VM.
+- Install PHP 8.3.3, php-pcntl, and php-cgi.
 - Copy the files in PFRE src folder to /var/www/htdocs/pfre/.
 - Configure httpd.conf for PFRE.
 - Create admin and user users, and set their passwords.
@@ -98,21 +98,21 @@ Set the $PKG\_PATH env variable to the cache folder you have just created:
 
 Download the required packages from an OpenBSD mirror and copy them to $PKG\_PATH. The following is the list of files you should have under $PKG\_PATH:
 
-	argon2-20190702.tgz
+	argon2-20190702p0.tgz
 	bzip2-1.0.8p0.tgz
-	capstone-4.0.2.tgz
+	capstone-5.0.tgz
 	femail-1.0p1.tgz
 	femail-chroot-1.0p3.tgz
-	gettext-runtime-0.22.2.tgz
+	gettext-runtime-0.22.5.tgz
 	libiconv-1.17.tgz
 	libsodium-1.0.19.tgz
-	libxml-2.11.5.tgz
-	oniguruma-6.9.8.tgz
-	pcre2-10.37p1.tgz
-	php-8.2.11.tgz
-	php-cgi-8.2.11.tgz
-	php-pcntl-8.2.11.tgz
-	xz-5.4.4.tgz
+	libxml-2.12.5.tgz
+	oniguruma-6.9.9.tgz
+	pcre2-10.37p2.tgz
+	php-8.3.3.tgz
+	php-cgi-8.3.3.tgz
+	php-pcntl-8.3.3.tgz
+	xz-5.4.5.tgz
 
 Install PHP, php-pcntl, and php-cgi by running the following commands, which should install their dependencies as well:
 
@@ -126,21 +126,21 @@ If you want to see if all required packages are installed successfully, run the
 
 Here is the expected output of that command:
 
-	argon2-20190702     C implementation of Argon2 - password hashing function
+	argon2-20190702p0   C implementation of Argon2 - password hashing function
 	bzip2-1.0.8p0       block-sorting file compressor, unencumbered
-	capstone-4.0.2      multi-platform, multi-architecture disassembly framework
+	capstone-5.0        multi-platform, multi-architecture disassembly framework
 	femail-1.0p1        simple SMTP client
 	femail-chroot-1.0p3 simple SMTP client for chrooted web servers
-	gettext-runtime-0.22.2 GNU gettext runtime libraries and programs
+	gettext-runtime-0.22.5 GNU gettext runtime libraries and programs
 	libiconv-1.17       character set conversion library
 	libsodium-1.0.19    library for network communications and cryptography
-	libxml-2.11.5       XML parsing library
-	oniguruma-6.9.8     regular expressions library
-	pcre2-10.37p1       perl-compatible regular expression library, version 2
-	php-8.2.11          server-side HTML-embedded scripting language
-	php-cgi-8.2.11      php CGI binary
-	php-pcntl-8.2.11    PCNTL extensions for php
-	xz-5.4.4            library and tools for XZ and LZMA compressed files
+	libxml-2.12.5       XML parsing library
+	oniguruma-6.9.9     regular expressions library
+	pcre2-10.37p2       perl-compatible regular expression library, version 2
+	php-8.3.3           server-side HTML-embedded scripting language
+	php-cgi-8.3.3       php CGI binary
+	php-pcntl-8.3.3     PCNTL extensions for php
+	xz-5.4.5            library and tools for XZ and LZMA compressed files
 
 ### Install PFRE
 
@@ -218,19 +218,19 @@ However, you are advised to pick a better password than soner123.
 Go to /usr/local/bin/ and create a link to php executable:
 
 	# cd /usr/local/bin
-	# ln -s php-8.2 php
+	# ln -s php-8.3 php
 
-Edit the /etc/php-8.2.ini file to write error messages to syslog, otherwise they may disturb pfctl test reports:
+Edit the /etc/php-8.3.ini file to write error messages to syslog, otherwise they may disturb pfctl test reports:
 
 	error_log = syslog
 
 Also, edit the /etc/php-fpm.conf file to write error messages to syslog:
 
 	error_log = syslog
 
-To enable pcntl, go to /etc/php-8.2/ and create the pcntl.ini file:
+To enable pcntl, go to /etc/php-8.3/ and create the pcntl.ini file:
 
-	# cd /etc/php-8.2/
+	# cd /etc/php-8.3/
 	# touch pcntl.ini
 
 And add the following line to pcntl.ini:
@@ -269,9 +269,9 @@ If you want the web server to be started automatically after a reboot, first cop
 
 Then add the following lines to it:
 
-	if [ -x /usr/local/sbin/php-fpm-8.2 ]; then
+	if [ -x /usr/local/sbin/php-fpm-8.3 ]; then
 		echo 'PHP CGI server'
-		/usr/local/sbin/php-fpm-8.2
+		/usr/local/sbin/php-fpm-8.3
 	fi
 
 Create the rc.conf.local file under /etc/
@@ -296,7 +296,7 @@ And uncomment the line which enables forwarding of IPv4 packets:
 
 Now you can either reboot the system or start the php cgi server and the web server manually using the following commands:
 
-	# /usr/local/sbin/php-fpm-8.2
+	# /usr/local/sbin/php-fpm-8.3
 	# /usr/sbin/httpd
 
 Finally, if you point your web browser to the IP address of PFRE, you should see the login page. And you should be able to log in by entering admin:soner123 as user and password.

src/Controller/sh.php

@@ -90,7 +90,8 @@
 $cwd= dirname(__FILE__);
 
 // Run the ctlr using doas and passing -n for no arg validation, as we have already done that above
-exec("/usr/bin/doas $cwd/ctlr.php -n ".escapeshellarg($args)." 2>&1", $encoded, $retval);
+// Remove errout (redirect to /dev/null), otherwise breaks json encoded output
+exec("/usr/bin/doas $cwd/ctlr.php -n ".escapeshellarg($args)." 2>/dev/null", $encoded, $retval);
 // There must be only one element in $encoded array, but do not miss the others if any
 $encoded= implode(' ', $encoded);
 echo $encoded;

src/Model/model.php

@@ -927,6 +927,16 @@ function RunCmd($cmd, &$output, &$retval)
 			ctlr_syslog(LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, 'Running command');
 			exec($cmd, $output, $retval);
 
+			define('MAX_OUTPUT_SIZE', 20);
+			$count= count($output);
+			if ($count > MAX_OUTPUT_SIZE) {
+				$head= array_slice($output, 0, MAX_OUTPUT_SIZE / 2);
+				$tail= array_slice($output, $count - MAX_OUTPUT_SIZE / 2, MAX_OUTPUT_SIZE / 2);
+				$not_shown_count= $count - MAX_OUTPUT_SIZE;
+				$output= array_merge($head, array("... And $not_shown_count output lines not shown ..."), $tail);
+				ctlr_syslog(LOG_WARNING, __FILE__, __FUNCTION__, __LINE__, 'Output truncated: ' . print_r($output, TRUE));
+			}
+
 			$msg= array(
 				'retval' => $retval,
 				'output' => $output

src/View/lib/phpseclib/File/ASN1.php

@@ -1279,6 +1279,11 @@ function _decodeOID($content)
         $oid = array();
         $pos = 0;
         $len = strlen($content);
+        // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55
+        if ($len > 4096) {
+            //user_error('Object Identifier size is limited to 4096 bytes');
+            return false;
+        }
 
         if (ord($content[$len - 1]) & 0x80) {
             return false;

src/View/lib/phpseclib/Math/BigInteger.php

@@ -749,6 +749,33 @@ function toString()
         return $result;
     }
 
+    /**
+     * Return the size of a BigInteger in bits
+     *
+     * @return int
+     */
+    function getLength()
+    {
+        if (MATH_BIGINTEGER_MODE != MATH_BIGINTEGER_MODE_INTERNAL) {
+            return strlen($this->toBits());
+        }
+
+        $max = count($this->value) - 1;
+        return $max != -1 ?
+            $max * MATH_BIGINTEGER_BASE + intval(ceil(log($this->value[$max] + 1, 2))) :
+            0;
+    }
+
+    /**
+     * Return the size of a BigInteger in bytes
+     *
+     * @return int
+     */
+    function getLengthInBytes()
+    {
+        return (int) ceil($this->getLength() / 8);
+    }
+
     /**
      * Copy an object
      *
@@ -3286,6 +3313,11 @@ function randomPrime($arg1, $arg2 = false, $timeout = false)
             $min = $temp;
         }
 
+        $length = $max->getLength();
+        if ($length > 8196) {
+            user_error('Generation of random prime numbers larger than 8196 has been disabled');
+        }
+
         static $one, $two;
         if (!isset($one)) {
             $one = new Math_BigInteger(1);
@@ -3393,7 +3425,14 @@ function _make_odd()
      */
     function isPrime($t = false)
     {
-        $length = strlen($this->toBytes());
+        $length = $this->getLength();
+        // OpenSSL limits RSA keys to 16384 bits. The length of an RSA key is equal to the length of the modulo, which is
+        // produced by multiplying the primes p and q by one another. The largest number two 8196 bit primes can produce is
+        // a 16384 bit number so, basically, 8196 bit primes are the largest OpenSSL will generate and if that's the largest
+        // that it'll generate it also stands to reason that that's the largest you'll be able to test primality on
+        if ($length > 8196) {
+            user_error('Primality testing is not supported for numbers larger than 8196 bits');
+        }
 
         if (!$t) {
             // see HAC 4.49 "Note (controlling the error probability)"

src/View/lib/phpseclib/Net/SSH2.php

@@ -4718,7 +4718,9 @@ function _array_intersect_first($array1, $array2)
     }
 
     /**
-     * Returns all errors
+     * Returns all errors / debug messages on the SSH layer
+     *
+     * If you are looking for messages from the SFTP layer, please see SFTP::getSFTPErrors()
      *
      * @return string[]
      * @access public
@@ -4729,7 +4731,9 @@ function getErrors()
     }
 
     /**
-     * Returns the last error
+     * Returns the last error received on the SSH layer
+     *
+     * If you are looking for messages from the SFTP layer, please see SFTP::getLastSFTPError()
      *
      * @return string
      * @access public

src/View/locale/tr_TR/LC_MESSAGES/pfre.po

@@ -4,7 +4,7 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: PFRE 7.4\n"
+"Project-Id-Version: PFRE 7.5\n"
 "Last-Translator: Soner Tari <[email protected]>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"

src/View/locale/tr_TR/LC_MESSAGES/pfre_CONTROL.po

@@ -4,7 +4,7 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: PFRE 7.4\n"
+"Project-Id-Version: PFRE 7.5\n"
 "Last-Translator: Soner Tari <[email protected]>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"

src/View/locale/tr_TR/LC_MESSAGES/pfre_HELPBOX.po

@@ -4,7 +4,7 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: PFRE 7.4\n"
+"Project-Id-Version: PFRE 7.5\n"
 "Last-Translator: Soner Tari <[email protected]>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"

src/View/locale/tr_TR/LC_MESSAGES/pfre_MENU.po

@@ -4,7 +4,7 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: PFRE 7.4\n"
+"Project-Id-Version: PFRE 7.5\n"
 "Last-Translator: Soner Tari <[email protected]>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"

src/View/locale/tr_TR/LC_MESSAGES/pfre_NOTICE.po

@@ -4,7 +4,7 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: PFRE 7.4\n"
+"Project-Id-Version: PFRE 7.5\n"
 "Last-Translator: Soner Tari <[email protected]>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"

src/View/locale/tr_TR/LC_MESSAGES/pfre_TITLE.po

@@ -4,7 +4,7 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: PFRE 7.4\n"
+"Project-Id-Version: PFRE 7.5\n"
 "Last-Translator: Soner Tari <[email protected]>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"

src/View/locale/tr_TR/LC_MESSAGES/pfre__.po

@@ -4,7 +4,7 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: PFRE 7.4\n"
+"Project-Id-Version: PFRE 7.5\n"
 "Last-Translator: Soner Tari <[email protected]>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"

src/View/pf/pf.conf.html

@@ -2291,7 +2291,7 @@
 <span class="bold">HISTORY</span>
      The <span class="bold">pf.conf</span> file format first appeared in OpenBSD 3.0.
 
-OpenBSD 7.4                    November 18, 2022                   OpenBSD 7.4
+OpenBSD 7.5                    November 18, 2022                   OpenBSD 7.5
 </pre>
 </body>
 </html>

src/create_po.sh

@@ -81,7 +81,7 @@ if ! xgettext -L "PHP" -s \
 		--copyright-holder="Soner Tari, The PFRE project" \
 		--msgid-bugs-address="[email protected]" \
 		--package-name="PFRE" \
-		--package-version="7.4" \
+		--package-version="7.5" \
 		-j -o $LOCALE_FILE \
 		-f files.txt; then
 	echo "FAILED generating $LOCALE_FILE"

src/lib/defs.php

@@ -23,7 +23,7 @@
  */
 
 /// Project version.
-define('VERSION', '7.4');
+define('VERSION', '7.5');
 
 $ROOT= dirname(dirname(dirname(__FILE__)));
 $SRC_ROOT= dirname(dirname(__FILE__));