diff --git a/Doxyfile b/Doxyfile index f97546d..d48ae7c 100644 --- a/Doxyfile +++ b/Doxyfile @@ -1,13 +1,14 @@ -# Doxyfile 1.9.8 +# Doxyfile 1.10.0 #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- DOXYFILE_ENCODING = UTF-8 PROJECT_NAME = "PF Rule Editor" -PROJECT_NUMBER = 7.4 +PROJECT_NUMBER = 7.5 PROJECT_BRIEF = PROJECT_LOGO = +PROJECT_ICON = OUTPUT_DIRECTORY = ./docs CREATE_SUBDIRS = NO CREATE_SUBDIRS_LEVEL = 8 @@ -182,6 +183,8 @@ HTML_COLORSTYLE_GAMMA = 80 HTML_DYNAMIC_MENUS = YES HTML_DYNAMIC_SECTIONS = NO HTML_CODE_FOLDING = YES +HTML_COPY_CLIPBOARD = YES +HTML_PROJECT_COOKIE = HTML_INDEX_NUM_ENTRIES = 100 GENERATE_DOCSET = NO DOCSET_FEEDNAME = "Doxygen generated docs" @@ -356,3 +359,5 @@ MAX_DOT_GRAPH_DEPTH = 0 DOT_MULTI_TARGETS = NO GENERATE_LEGEND = YES DOT_CLEANUP = YES +MSCGEN_TOOL = +MSCFILE_DIRS = diff --git a/README.md b/README.md index 42e8b70..a03b3e4 100644 --- a/README.md +++ b/README.md @@ -58,8 +58,8 @@ You can find a couple of screenshots on the [wiki](https://github.com/sonertari/ Here are the basic steps to obtain a working PFRE installation: -- Install OpenBSD 7.4, perhaps on a VM. -- Install PHP 8.2.3, php-pcntl, and php-cgi. +- Install OpenBSD 7.5, perhaps on a VM. +- Install PHP 8.3.3, php-pcntl, and php-cgi. - Copy the files in PFRE src folder to /var/www/htdocs/pfre/. - Configure httpd.conf for PFRE. - Create admin and user users, and set their passwords. @@ -98,21 +98,21 @@ Set the $PKG\_PATH env variable to the cache folder you have just created: Download the required packages from an OpenBSD mirror and copy them to $PKG\_PATH. The following is the list of files you should have under $PKG\_PATH: - argon2-20190702.tgz + argon2-20190702p0.tgz bzip2-1.0.8p0.tgz - capstone-4.0.2.tgz + capstone-5.0.tgz femail-1.0p1.tgz femail-chroot-1.0p3.tgz - gettext-runtime-0.22.2.tgz + gettext-runtime-0.22.5.tgz libiconv-1.17.tgz libsodium-1.0.19.tgz - libxml-2.11.5.tgz - oniguruma-6.9.8.tgz - pcre2-10.37p1.tgz - php-8.2.11.tgz - php-cgi-8.2.11.tgz - php-pcntl-8.2.11.tgz - xz-5.4.4.tgz + libxml-2.12.5.tgz + oniguruma-6.9.9.tgz + pcre2-10.37p2.tgz + php-8.3.3.tgz + php-cgi-8.3.3.tgz + php-pcntl-8.3.3.tgz + xz-5.4.5.tgz Install PHP, php-pcntl, and php-cgi by running the following commands, which should install their dependencies as well: @@ -126,21 +126,21 @@ If you want to see if all required packages are installed successfully, run the Here is the expected output of that command: - argon2-20190702 C implementation of Argon2 - password hashing function + argon2-20190702p0 C implementation of Argon2 - password hashing function bzip2-1.0.8p0 block-sorting file compressor, unencumbered - capstone-4.0.2 multi-platform, multi-architecture disassembly framework + capstone-5.0 multi-platform, multi-architecture disassembly framework femail-1.0p1 simple SMTP client femail-chroot-1.0p3 simple SMTP client for chrooted web servers - gettext-runtime-0.22.2 GNU gettext runtime libraries and programs + gettext-runtime-0.22.5 GNU gettext runtime libraries and programs libiconv-1.17 character set conversion library libsodium-1.0.19 library for network communications and cryptography - libxml-2.11.5 XML parsing library - oniguruma-6.9.8 regular expressions library - pcre2-10.37p1 perl-compatible regular expression library, version 2 - php-8.2.11 server-side HTML-embedded scripting language - php-cgi-8.2.11 php CGI binary - php-pcntl-8.2.11 PCNTL extensions for php - xz-5.4.4 library and tools for XZ and LZMA compressed files + libxml-2.12.5 XML parsing library + oniguruma-6.9.9 regular expressions library + pcre2-10.37p2 perl-compatible regular expression library, version 2 + php-8.3.3 server-side HTML-embedded scripting language + php-cgi-8.3.3 php CGI binary + php-pcntl-8.3.3 PCNTL extensions for php + xz-5.4.5 library and tools for XZ and LZMA compressed files ### Install PFRE @@ -218,9 +218,9 @@ However, you are advised to pick a better password than soner123. Go to /usr/local/bin/ and create a link to php executable: # cd /usr/local/bin - # ln -s php-8.2 php + # ln -s php-8.3 php -Edit the /etc/php-8.2.ini file to write error messages to syslog, otherwise they may disturb pfctl test reports: +Edit the /etc/php-8.3.ini file to write error messages to syslog, otherwise they may disturb pfctl test reports: error_log = syslog @@ -228,9 +228,9 @@ Also, edit the /etc/php-fpm.conf file to write error messages to syslog: error_log = syslog -To enable pcntl, go to /etc/php-8.2/ and create the pcntl.ini file: +To enable pcntl, go to /etc/php-8.3/ and create the pcntl.ini file: - # cd /etc/php-8.2/ + # cd /etc/php-8.3/ # touch pcntl.ini And add the following line to pcntl.ini: @@ -269,9 +269,9 @@ If you want the web server to be started automatically after a reboot, first cop Then add the following lines to it: - if [ -x /usr/local/sbin/php-fpm-8.2 ]; then + if [ -x /usr/local/sbin/php-fpm-8.3 ]; then echo 'PHP CGI server' - /usr/local/sbin/php-fpm-8.2 + /usr/local/sbin/php-fpm-8.3 fi Create the rc.conf.local file under /etc/ @@ -296,7 +296,7 @@ And uncomment the line which enables forwarding of IPv4 packets: Now you can either reboot the system or start the php cgi server and the web server manually using the following commands: - # /usr/local/sbin/php-fpm-8.2 + # /usr/local/sbin/php-fpm-8.3 # /usr/sbin/httpd Finally, if you point your web browser to the IP address of PFRE, you should see the login page. And you should be able to log in by entering admin:soner123 as user and password. diff --git a/src/Controller/sh.php b/src/Controller/sh.php index bcf23ec..c85cd5b 100755 --- a/src/Controller/sh.php +++ b/src/Controller/sh.php @@ -90,7 +90,8 @@ $cwd= dirname(__FILE__); // Run the ctlr using doas and passing -n for no arg validation, as we have already done that above -exec("/usr/bin/doas $cwd/ctlr.php -n ".escapeshellarg($args)." 2>&1", $encoded, $retval); +// Remove errout (redirect to /dev/null), otherwise breaks json encoded output +exec("/usr/bin/doas $cwd/ctlr.php -n ".escapeshellarg($args)." 2>/dev/null", $encoded, $retval); // There must be only one element in $encoded array, but do not miss the others if any $encoded= implode(' ', $encoded); echo $encoded; diff --git a/src/Model/model.php b/src/Model/model.php index 9bfa490..730c949 100644 --- a/src/Model/model.php +++ b/src/Model/model.php @@ -927,6 +927,16 @@ function RunCmd($cmd, &$output, &$retval) ctlr_syslog(LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, 'Running command'); exec($cmd, $output, $retval); + define('MAX_OUTPUT_SIZE', 20); + $count= count($output); + if ($count > MAX_OUTPUT_SIZE) { + $head= array_slice($output, 0, MAX_OUTPUT_SIZE / 2); + $tail= array_slice($output, $count - MAX_OUTPUT_SIZE / 2, MAX_OUTPUT_SIZE / 2); + $not_shown_count= $count - MAX_OUTPUT_SIZE; + $output= array_merge($head, array("... And $not_shown_count output lines not shown ..."), $tail); + ctlr_syslog(LOG_WARNING, __FILE__, __FUNCTION__, __LINE__, 'Output truncated: ' . print_r($output, TRUE)); + } + $msg= array( 'retval' => $retval, 'output' => $output diff --git a/src/View/lib/phpseclib/File/ASN1.php b/src/View/lib/phpseclib/File/ASN1.php index 650e633..e6e98c5 100644 --- a/src/View/lib/phpseclib/File/ASN1.php +++ b/src/View/lib/phpseclib/File/ASN1.php @@ -1279,6 +1279,11 @@ function _decodeOID($content) $oid = array(); $pos = 0; $len = strlen($content); + // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55 + if ($len > 4096) { + //user_error('Object Identifier size is limited to 4096 bytes'); + return false; + } if (ord($content[$len - 1]) & 0x80) { return false; diff --git a/src/View/lib/phpseclib/Math/BigInteger.php b/src/View/lib/phpseclib/Math/BigInteger.php index 38e86d5..a415f19 100644 --- a/src/View/lib/phpseclib/Math/BigInteger.php +++ b/src/View/lib/phpseclib/Math/BigInteger.php @@ -749,6 +749,33 @@ function toString() return $result; } + /** + * Return the size of a BigInteger in bits + * + * @return int + */ + function getLength() + { + if (MATH_BIGINTEGER_MODE != MATH_BIGINTEGER_MODE_INTERNAL) { + return strlen($this->toBits()); + } + + $max = count($this->value) - 1; + return $max != -1 ? + $max * MATH_BIGINTEGER_BASE + intval(ceil(log($this->value[$max] + 1, 2))) : + 0; + } + + /** + * Return the size of a BigInteger in bytes + * + * @return int + */ + function getLengthInBytes() + { + return (int) ceil($this->getLength() / 8); + } + /** * Copy an object * @@ -3286,6 +3313,11 @@ function randomPrime($arg1, $arg2 = false, $timeout = false) $min = $temp; } + $length = $max->getLength(); + if ($length > 8196) { + user_error('Generation of random prime numbers larger than 8196 has been disabled'); + } + static $one, $two; if (!isset($one)) { $one = new Math_BigInteger(1); @@ -3393,7 +3425,14 @@ function _make_odd() */ function isPrime($t = false) { - $length = strlen($this->toBytes()); + $length = $this->getLength(); + // OpenSSL limits RSA keys to 16384 bits. The length of an RSA key is equal to the length of the modulo, which is + // produced by multiplying the primes p and q by one another. The largest number two 8196 bit primes can produce is + // a 16384 bit number so, basically, 8196 bit primes are the largest OpenSSL will generate and if that's the largest + // that it'll generate it also stands to reason that that's the largest you'll be able to test primality on + if ($length > 8196) { + user_error('Primality testing is not supported for numbers larger than 8196 bits'); + } if (!$t) { // see HAC 4.49 "Note (controlling the error probability)" diff --git a/src/View/lib/phpseclib/Net/SSH2.php b/src/View/lib/phpseclib/Net/SSH2.php index baa606d..51afc4e 100644 --- a/src/View/lib/phpseclib/Net/SSH2.php +++ b/src/View/lib/phpseclib/Net/SSH2.php @@ -4718,7 +4718,9 @@ function _array_intersect_first($array1, $array2) } /** - * Returns all errors + * Returns all errors / debug messages on the SSH layer + * + * If you are looking for messages from the SFTP layer, please see SFTP::getSFTPErrors() * * @return string[] * @access public @@ -4729,7 +4731,9 @@ function getErrors() } /** - * Returns the last error + * Returns the last error received on the SSH layer + * + * If you are looking for messages from the SFTP layer, please see SFTP::getLastSFTPError() * * @return string * @access public diff --git a/src/View/locale/tr_TR/LC_MESSAGES/pfre.po b/src/View/locale/tr_TR/LC_MESSAGES/pfre.po index ec67dd1..e3bd3d5 100644 --- a/src/View/locale/tr_TR/LC_MESSAGES/pfre.po +++ b/src/View/locale/tr_TR/LC_MESSAGES/pfre.po @@ -4,7 +4,7 @@ # msgid "" msgstr "" -"Project-Id-Version: PFRE 7.4\n" +"Project-Id-Version: PFRE 7.5\n" "Last-Translator: Soner Tari \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" diff --git a/src/View/locale/tr_TR/LC_MESSAGES/pfre_CONTROL.po b/src/View/locale/tr_TR/LC_MESSAGES/pfre_CONTROL.po index fe61919..3751502 100644 --- a/src/View/locale/tr_TR/LC_MESSAGES/pfre_CONTROL.po +++ b/src/View/locale/tr_TR/LC_MESSAGES/pfre_CONTROL.po @@ -4,7 +4,7 @@ # msgid "" msgstr "" -"Project-Id-Version: PFRE 7.4\n" +"Project-Id-Version: PFRE 7.5\n" "Last-Translator: Soner Tari \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" diff --git a/src/View/locale/tr_TR/LC_MESSAGES/pfre_HELPBOX.po b/src/View/locale/tr_TR/LC_MESSAGES/pfre_HELPBOX.po index b3480b5..d325603 100644 --- a/src/View/locale/tr_TR/LC_MESSAGES/pfre_HELPBOX.po +++ b/src/View/locale/tr_TR/LC_MESSAGES/pfre_HELPBOX.po @@ -4,7 +4,7 @@ # msgid "" msgstr "" -"Project-Id-Version: PFRE 7.4\n" +"Project-Id-Version: PFRE 7.5\n" "Last-Translator: Soner Tari \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" diff --git a/src/View/locale/tr_TR/LC_MESSAGES/pfre_MENU.po b/src/View/locale/tr_TR/LC_MESSAGES/pfre_MENU.po index f3f6578..c485c21 100644 --- a/src/View/locale/tr_TR/LC_MESSAGES/pfre_MENU.po +++ b/src/View/locale/tr_TR/LC_MESSAGES/pfre_MENU.po @@ -4,7 +4,7 @@ # msgid "" msgstr "" -"Project-Id-Version: PFRE 7.4\n" +"Project-Id-Version: PFRE 7.5\n" "Last-Translator: Soner Tari \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" diff --git a/src/View/locale/tr_TR/LC_MESSAGES/pfre_NOTICE.po b/src/View/locale/tr_TR/LC_MESSAGES/pfre_NOTICE.po index b1241ac..3f35d9c 100644 --- a/src/View/locale/tr_TR/LC_MESSAGES/pfre_NOTICE.po +++ b/src/View/locale/tr_TR/LC_MESSAGES/pfre_NOTICE.po @@ -4,7 +4,7 @@ # msgid "" msgstr "" -"Project-Id-Version: PFRE 7.4\n" +"Project-Id-Version: PFRE 7.5\n" "Last-Translator: Soner Tari \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" diff --git a/src/View/locale/tr_TR/LC_MESSAGES/pfre_TITLE.po b/src/View/locale/tr_TR/LC_MESSAGES/pfre_TITLE.po index b91d30d..76326f5 100644 --- a/src/View/locale/tr_TR/LC_MESSAGES/pfre_TITLE.po +++ b/src/View/locale/tr_TR/LC_MESSAGES/pfre_TITLE.po @@ -4,7 +4,7 @@ # msgid "" msgstr "" -"Project-Id-Version: PFRE 7.4\n" +"Project-Id-Version: PFRE 7.5\n" "Last-Translator: Soner Tari \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" diff --git a/src/View/locale/tr_TR/LC_MESSAGES/pfre__.po b/src/View/locale/tr_TR/LC_MESSAGES/pfre__.po index eaf4e10..cb77bb7 100644 --- a/src/View/locale/tr_TR/LC_MESSAGES/pfre__.po +++ b/src/View/locale/tr_TR/LC_MESSAGES/pfre__.po @@ -4,7 +4,7 @@ # msgid "" msgstr "" -"Project-Id-Version: PFRE 7.4\n" +"Project-Id-Version: PFRE 7.5\n" "Last-Translator: Soner Tari \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" diff --git a/src/View/pf/pf.conf.html b/src/View/pf/pf.conf.html index 502af00..5373c48 100644 --- a/src/View/pf/pf.conf.html +++ b/src/View/pf/pf.conf.html @@ -2291,7 +2291,7 @@ HISTORY The pf.conf file format first appeared in OpenBSD 3.0. -OpenBSD 7.4 November 18, 2022 OpenBSD 7.4 +OpenBSD 7.5 November 18, 2022 OpenBSD 7.5 diff --git a/src/create_po.sh b/src/create_po.sh index 8ca02e4..b3d6208 100755 --- a/src/create_po.sh +++ b/src/create_po.sh @@ -81,7 +81,7 @@ if ! xgettext -L "PHP" -s \ --copyright-holder="Soner Tari, The PFRE project" \ --msgid-bugs-address="sonertari@gmail.com" \ --package-name="PFRE" \ - --package-version="7.4" \ + --package-version="7.5" \ -j -o $LOCALE_FILE \ -f files.txt; then echo "FAILED generating $LOCALE_FILE" diff --git a/src/lib/defs.php b/src/lib/defs.php index c286b00..9cf0f61 100644 --- a/src/lib/defs.php +++ b/src/lib/defs.php @@ -23,7 +23,7 @@ */ /// Project version. -define('VERSION', '7.4'); +define('VERSION', '7.5'); $ROOT= dirname(dirname(dirname(__FILE__))); $SRC_ROOT= dirname(dirname(__FILE__));