From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. e044bc2422216610680bf3656d732dcc840de9d1 Date: Fri, 18 Nov 2022 14:40:12 +0000 Message-ID: <4NDKFT29LPz2y7l@people01.haj.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8830008632883939056==" List-Id: --===============8830008632883939056== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via e044bc2422216610680bf3656d732dcc840de9d1 (commit) via bc6227963efe10575cdb7aadfc807bd3bd968e9d (commit) via 35494eac83dda575ec4e9998f8295809bf9a280d (commit) via c899c04b11709fee4f38e9d13449b0e53527d907 (commit) via e87bc0b45638767d301ad706f5164ee2b64f5103 (commit) via 8a0be2033f8d932b1687df1b6515bfb72230acf2 (commit) via ad7300839381a67872a1ce15f2e7d72540aa6c9c (commit) via 39d6705063c1e00d946bfd1c9949666b3393527e (commit) via c8274d4cfa2a23ba1a4e856edd313c1215b9065b (commit) via eae0cb549aaafbf34f61c3b1778c99ca0dd4ad77 (commit) via 362c5537afd468e479275dc4ced9363c50d25be2 (commit) via 3135e76ea193eb75c4b9b4315634ec418a23238f (commit) from a26967c4b7c659a2fb134d4ddb9d120d3fcd3f16 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e044bc2422216610680bf3656d732dcc840de9d1 Author: Peter M=C3=BCller Date: Fri Nov 11 12:15:37 2022 +0000 Core Update 172: Ship and apply OpenVPN Diffie-Hellman changes =20 Inspired by https://git.ipfire.org/?p=3Dpeople/ummeegge/ipfire-2.x.git;a= =3Dcommit;h=3D2ccc799f8bd6a12c3edab5f1a89fab4d2cd05ea8. =20 Cc: Erik Kapfer Signed-off-by: Peter M=C3=BCller commit bc6227963efe10575cdb7aadfc807bd3bd968e9d Author: Peter M=C3=BCller Date: Fri Nov 11 12:15:03 2022 +0000 OpenSSL: Add ffdhe4096 Diffie-Hellman parameter =20 Signed-off-by: Peter M=C3=BCller commit 35494eac83dda575ec4e9998f8295809bf9a280d Author: Peter M=C3=BCller Date: Fri Nov 11 12:14:37 2022 +0000 OpenVPN: Replace existing Diffie-Hellman parameter with ffdhe4096 =20 Initial patch: https://git.ipfire.org/?p=3Dpeople/ummeegge/ipfire-2.x.git= ;a=3Dcommit;h=3D2ccc799f8bd6a12c3edab5f1a89fab4d2cd05ea8 =20 Minor adjustments to make it apply to the current state of "next", and removal of chown operation in OpenSSL's LFS file, which would have lead to the Diffie-Hellman group file being writable by nobody, for which there is no necessity. =20 Fixes: #12632 From: Erik Kapfer Signed-off-by: Peter M=C3=BCller commit c899c04b11709fee4f38e9d13449b0e53527d907 Author: Matthias Fischer Date: Mon Nov 7 18:54:14 2022 +0100 clamav 0.105.1: New package to resolve several CVEs =20 For details see: https://blog.clamav.net/2022/10/new-packages-for-clamav-01037-01044.html =20 Fixes: =20 "CVE-2022-37434 - A critical severity vulnerability in the zlib libra= ry. =20 CVE-2022-40303 - A high severity vulnerability in the libxml2 library. Note: As of writing, the details of this CVE are not published. However, you can find additional details on other sites. =20 CVE-2022-40304 - A high severity vulnerability in the libxml2 library. Note: As of writing, the details of this CVE are not published. However, you can find additional details on other sites." =20 Signed-off-by: Matthias Fischer commit e87bc0b45638767d301ad706f5164ee2b64f5103 Author: Peter M=C3=BCller Date: Tue Nov 8 14:42:46 2022 +0000 Postfix: Update to 3.7.3 =20 This is an urgent bugfix release, see https://www.postfix.org/announcements/postfix-3.7.3.html for its announcement. =20 Signed-off-by: Peter M=C3=BCller commit 8a0be2033f8d932b1687df1b6515bfb72230acf2 Author: Peter M=C3=BCller Date: Thu Nov 10 19:31:33 2022 +0000 Tor: Disable SOCKS port if unused =20 Fixes: #11780 Signed-off-by: Peter M=C3=BCller commit ad7300839381a67872a1ce15f2e7d72540aa6c9c Author: Arne Fitzenreiter Date: Thu Oct 27 10:26:39 2022 +0200 memtest: update to memtest86+ v6.00 =20 This is now a version 64bit version that can also boot via efi. =20 Signed-off-by: Arne Fitzenreiter commit 39d6705063c1e00d946bfd1c9949666b3393527e Author: Peter M=C3=BCller Date: Fri Nov 18 13:38:29 2022 +0000 Core Update 172: Fix menu.d file permissions =20 Signed-off-by: Peter M=C3=BCller commit c8274d4cfa2a23ba1a4e856edd313c1215b9065b Author: Peter M=C3=BCller Date: Fri Nov 18 13:37:51 2022 +0000 configroot: menu.d files do not have to be writable by "nobody" =20 Signed-off-by: Peter M=C3=BCller commit eae0cb549aaafbf34f61c3b1778c99ca0dd4ad77 Author: Peter M=C3=BCller Date: Fri Nov 18 13:35:17 2022 +0000 Core Update 172: Fix permissions of some library files =20 Signed-off-by: Peter M=C3=BCller commit 362c5537afd468e479275dc4ced9363c50d25be2 Author: Peter M=C3=BCller Date: Fri Nov 18 13:33:45 2022 +0000 Ensure /var/ipfire/updatexlrator/updxlrator-lib.pl is not writable by "no= body" =20 Signed-off-by: Peter M=C3=BCller commit 3135e76ea193eb75c4b9b4315634ec418a23238f Author: Peter M=C3=BCller Date: Fri Nov 18 13:29:10 2022 +0000 configroot: Ensure connscheduler/lib.pl is not writable by "nobody" =20 Signed-off-by: Peter M=C3=BCller ----------------------------------------------------------------------- Summary of changes: config/cdrom/grub.cfg | 6 + config/cfgroot/connscheduler-lib.pl | 24 +++- config/rootfiles/common/memtest | 2 +- config/rootfiles/common/openssl | 1 + config/rootfiles/core/172/filelists/files | 3 + config/rootfiles/core/172/update.sh | 21 +++- config/ssl/ffdhe4096.pem | 13 +++ config/updxlrator/updxlrator-lib.pl | 31 +++-- html/cgi-bin/ovpnmain.cgi | 185 ++--------------------------= -- html/cgi-bin/tor.cgi | 6 +- langs/de/cgi-bin/de.pl | 16 --- langs/en/cgi-bin/en.pl | 17 --- langs/fr/cgi-bin/fr.pl | 17 --- langs/it/cgi-bin/it.pl | 16 --- langs/tr/cgi-bin/tr.pl | 16 --- lfs/cdrom | 2 +- lfs/clamav | 7 +- lfs/configroot | 2 +- lfs/memtest | 14 +-- lfs/openssl | 3 + lfs/postfix | 6 +- lfs/squid | 1 + 22 files changed, 112 insertions(+), 297 deletions(-) create mode 100644 config/ssl/ffdhe4096.pem Difference in files: diff --git a/config/cdrom/grub.cfg b/config/cdrom/grub.cfg index 421c0e662..50a7c2488 100644 --- a/config/cdrom/grub.cfg +++ b/config/cdrom/grub.cfg @@ -32,3 +32,9 @@ submenu 'Other Installation Options -->' { initrd /boot/isolinux/instroot } } + +submenu 'Tools -->' { + menuentry 'memtest86+' { + linux /boot/isolinux/memtest + } +} diff --git a/config/cfgroot/connscheduler-lib.pl b/config/cfgroot/connschedul= er-lib.pl index f9e4e5466..0ff8e8b84 100644 --- a/config/cfgroot/connscheduler-lib.pl +++ b/config/cfgroot/connscheduler-lib.pl @@ -1,9 +1,23 @@ #!/usr/bin/perl -# -# Library file for Connection Scheduler AddOn -# -# This code is distributed under the terms of the GPL -# +############################################################################= ### +# = # +# IPFire.org - A linux based firewall = # +# Copyright (C) 2007-2022 IPFire Team = # +# = # +# This program is free software: you can redistribute it and/or modify = # +# it under the terms of the GNU General Public License as published by = # +# the Free Software Foundation, either version 3 of the License, or = # +# (at your option) any later version. = # +# = # +# This program is distributed in the hope that it will be useful, = # +# but WITHOUT ANY WARRANTY; without even the implied warranty of = # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the = # +# GNU General Public License for more details. = # +# = # +# You should have received a copy of the GNU General Public License = # +# along with this program. If not, see . = # +# = # +############################################################################= ### =20 package CONNSCHED; =20 diff --git a/config/rootfiles/common/memtest b/config/rootfiles/common/memtest index 1804dfa94..7978436fd 100644 --- a/config/rootfiles/common/memtest +++ b/config/rootfiles/common/memtest @@ -1,2 +1,2 @@ #usr/lib/memtest86+ -#usr/lib/memtest86+/memtest.bin +#usr/lib/memtest86+/memtest.efi diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl index bb7e6f65c..ae9716eea 100644 --- a/config/rootfiles/common/openssl +++ b/config/rootfiles/common/openssl @@ -2,6 +2,7 @@ #etc/ssl/certs #etc/ssl/ct_log_list.cnf #etc/ssl/ct_log_list.cnf.dist +etc/ssl/ffdhe4096.pem #etc/ssl/misc #etc/ssl/misc/CA.pl #etc/ssl/misc/tsget diff --git a/config/rootfiles/core/172/filelists/files b/config/rootfiles/cor= e/172/filelists/files index d73430dae..d3f270c79 100644 --- a/config/rootfiles/core/172/filelists/files +++ b/config/rootfiles/core/172/filelists/files @@ -1,3 +1,4 @@ +etc/ssl/ffdhe4096.pem usr/lib/firewall/rules.pl usr/local/bin/addonctrl usr/local/bin/openvpnctrl @@ -6,3 +7,5 @@ srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/services.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi var/ipfire/backup/bin/backup.pl +var/ipfire/connscheduler/lib.pl +var/ipfire/updatexlrator/updxlrator-lib.pl diff --git a/config/rootfiles/core/172/update.sh b/config/rootfiles/core/172/= update.sh index f3c77fbfb..d1137b81c 100644 --- a/config/rootfiles/core/172/update.sh +++ b/config/rootfiles/core/172/update.sh @@ -33,6 +33,8 @@ done =20 # Stop services /etc/rc.d/init.d/ipsec stop +/usr/local/bin/openvpnctrl -k +/usr/local/bin/openvpnctrl -kn2n /etc/rc.d/init.d/sshd stop /etc/rc.d/init.d/unbound stop =20 @@ -70,7 +72,8 @@ rm -rvf \ /usr/lib/python3.10/site-packages/setuptools/_vendor/pyparsing.py \ /usr/lib/python3.10/site-packages/setuptools/config.py \ /usr/lib/python3.10/site-packages/setuptools_rust/utils.py \ - /usr/libexec/ipsec/scepclient + /usr/libexec/ipsec/scepclient \ + /var/ipfire/ca/dh1024.pem =20 # Remove powertop add-on, if installed if [ -e "/opt/pakfire/db/installed/meta-powertop" ]; then @@ -98,11 +101,27 @@ ldconfig # Apply local configuration to sshd_config /usr/local/bin/sshctrl =20 +# Correct permissions of some library files +chown -Rv root:root /var/ipfire/connscheduler/lib.pl /var/ipfire/updatexlrat= or/updxlrator-lib.pl /var/ipfire/menu.d/* + +# Replace existing OpenVPN Diffie-Hellman parameter by ffdhe4096, as specifi= ed in RFC 7919 +if [ -f /var/ipfire/ovpn/server.conf ]; then + sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfi= re/ovpn/server.conf +fi + +if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then + sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfi= re/ovpn/n2nconf/*/*.conf +fi + # Start services /etc/init.d/unbound start if grep -q "ENABLE_SSH=3Don" /var/ipfire/remote/settings; then /etc/init.d/sshd start fi +if grep -q "ENABLED=3Don" /var/ipfire/ovpn/settings; then + /usr/local/bin/openvpnctrl -s + /usr/local/bin/openvpnctrl -sn2n +fi if grep -q "ENABLED=3Don" /var/ipfire/vpn/settings; then /etc/init.d/ipsec start fi diff --git a/config/ssl/ffdhe4096.pem b/config/ssl/ffdhe4096.pem new file mode 100644 index 000000000..3cf0fcbc0 --- /dev/null +++ b/config/ssl/ffdhe4096.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 +7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 +nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e +8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx +iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K +zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=3D +-----END DH PARAMETERS----- diff --git a/config/updxlrator/updxlrator-lib.pl b/config/updxlrator/updxlrat= or-lib.pl index f66d998d6..9fbf462cc 100644 --- a/config/updxlrator/updxlrator-lib.pl +++ b/config/updxlrator/updxlrator-lib.pl @@ -1,16 +1,23 @@ #!/usr/bin/perl -# -# This code is distributed under the terms of the GPL -# -# (c) 2006-2008 marco.s - http://update-accelerator.advproxy.net -# -# Portions (c) 2008 by dotzball - http://www.blockouttraffic.de -# -# dotzball 2008-05-27: -# move functions from all local files to one library file -# -# $Id: updxlrator-lib.pl,v 1.1 2008/11/29 00:00:00 marco.s Exp $ -# +############################################################################= ### +# = # +# IPFire.org - A linux based firewall = # +# Copyright (C) 2007-2022 IPFire Team = # +# = # +# This program is free software: you can redistribute it and/or modify = # +# it under the terms of the GNU General Public License as published by = # +# the Free Software Foundation, either version 3 of the License, or = # +# (at your option) any later version. = # +# = # +# This program is distributed in the hope that it will be useful, = # +# but WITHOUT ANY WARRANTY; without even the implied warranty of = # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the = # +# GNU General Public License for more details. = # +# = # +# You should have received a copy of the GNU General Public License = # +# along with this program. If not, see . = # +# = # +############################################################################= ### =20 package UPDXLT; =20 diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index f85d610d8..dc429d90c 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -78,6 +78,7 @@ my $name; my $col=3D""; my $local_serverconf =3D "${General::swroot}/ovpn/scripts/server.conf.local"; my $local_clientconf =3D "${General::swroot}/ovpn/scripts/client.conf.local"; +my $dhparameter =3D "/etc/ssl/ffdhe4096.pem"; =20 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); $cgiparams{'ENABLED'} =3D 'off'; @@ -89,8 +90,6 @@ $cgiparams{'COMPRESSION'} =3D 'off'; $cgiparams{'ONLY_PROPOSED'} =3D 'off'; $cgiparams{'ACTION'} =3D ''; $cgiparams{'CA_NAME'} =3D ''; -$cgiparams{'DH_NAME'} =3D 'dh1024.pem'; -$cgiparams{'DHLENGHT'} =3D ''; $cgiparams{'DHCP_DOMAIN'} =3D ''; $cgiparams{'DHCP_DNS'} =3D ''; $cgiparams{'DHCP_WINS'} =3D ''; @@ -221,28 +220,6 @@ sub deletebackupcert =20 sub pkiconfigcheck { - # Warning if DH parameter is 1024 bit - if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") { - my @dhparameter =3D &General::system_output("/usr/bin/openssl", "dhparam",= "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}"); - my $dhbit; - - # Loop through the output and search for the DH bit lenght. - foreach my $line (@dhparameter) { - if ($line =3D~ (/(\d+)/)) { - # Assign match to dhbit value. - $dhbit =3D $1; - - last; - } - } - - # Check if the used key lenght is at least 2048 bit. - if ($dhbit < 2048) { - $cryptoerror =3D "$Lang::tr{'ovpn error dh'}"; - goto CRYPTO_ERROR; - } - } - # Warning if md5 is in usage if (-f "${General::swroot}/ovpn/certs/servercert.pem") { my @signature =3D &General::system_output("/usr/bin/openssl", "x509", "-no= out", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem"); @@ -290,7 +267,7 @@ sub writeserverconf { print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; - print CONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n"; + print CONF "dh $dhparameter\n"; my @tempovpnsubnet =3D split("\/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{= 'GREEN_NETMASK'}\"\n"; @@ -1358,102 +1335,6 @@ END exit (0); =20 ### -### Generate DH key step 2 -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{= 'AREUSURE'} eq 'yes') { - # Delete if old key exists - if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") { - unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}"; - } - # Create Diffie Hellmann Parameter - # The system call is safe, because all arguments are passed as an array. - system("/usr/bin/openssl", "dhparam", "-out", "${General::swroot}/ovpn/ca/d= h1024.pem", "$cgiparams{'DHLENGHT'}"); - if ($?) { - $errormessage =3D "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}/ovpn/ca/dh1024.pem"); - } - -### -### Generate DH key step 1 -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'}) { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'ovpn'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'gen dh'}:"); - print < - - - - - $Lang::tr{'ovpn dh'}: - -
- - - - -
- - - - $Lang::tr{'capswarning'}: <= /b>$Lang::tr{'dh key warn'} - - - - - - - - - -
$Lang::tr{'dh key warn1'}

- -END - ; - &Header::closebox(); - print ""; - &Header::closebigbox(); - &Header::closepage(); - exit (0); - -### -### Upload DH key -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) { - unless (ref ($cgiparams{'FH'})) { - $errormessage =3D $Lang::tr{'there was no file upload'}; - goto UPLOADCA_ERROR; - } - # Move uploaded dh key to a temporary file - (my $fh, my $filename) =3D tempfile( ); - if (copy ($cgiparams{'FH'}, $fh) !=3D 1) { - $errormessage =3D $!; - goto UPLOADCA_ERROR; - } - my @temp =3D &General::system_output("/usr/bin/openssl", "dhparam", "-te= xt", "-in", "$filename"); - if ( ! grep(/DH Parameters: \((2048|3072|4096) bit\)/, @temp)) { - $errormessage =3D $Lang::tr{'not a valid dh key'}; - unlink ($filename); - goto UPLOADCA_ERROR; - } else { - # Delete if old key exists - if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") { - unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}"; - } - - unless(move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}")= ) { - $errormessage =3D "$Lang::tr{'dh key move failed'}: $!"; - unlink ($filename); - goto UPLOADCA_ERROR; - } - } -### ### Upload CA Certificate ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) { @@ -2028,21 +1909,6 @@ END &cleanssldatabase(); goto ROOTCERT_ERROR; } - # Create Diffie Hellmann Parameter - # The system call is safe, because all arguments are passed as an array. - system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/d= h1024.pem", "$cgiparams{'DHLENGHT'}"); - if ($?) { - $errormessage =3D "$Lang::tr{'openssl produced an error'}: $?"; - unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); - unlink ("${General::swroot}/ovpn/certs/servercert.pem"); - unlink ("${General::swroot}/ovpn/ca/cacert.pem"); - unlink ("${General::swroot}/ovpn/crls/cacrl.pem"); - unlink ("${General::swroot}/ovpn/ca/dh1024.pem"); - &cleanssldatabase(); - goto ROOTCERT_ERROR; -# } else { -# &cleanssldatabase(); - } goto ROOTCERT_SUCCESS; } ROOTCERT_ERROR: @@ -2092,14 +1958,6 @@ END } print < - $Lang::tr{'ovpn dh'}: - - - =20   @@ -2107,16 +1965,6 @@ END 3D'*' $Lang::tr{'requ= ired field'}
- - - $Lang::tr{'capswarning'}: <= /b>$Lang::tr{'ovpn generating the root and host certificates'} - - - - - - -
$Lang::tr{'dh key warn'}
$Lang::tr{'dh key warn1'}

=20 @@ -2681,14 +2529,14 @@ END ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) { =20 - if (! -e "${General::swroot}/ovpn/ca/dh1024.pem") { + if (! -e "$dhparameter") { $errormessage =3D $Lang::tr{'not present'}; } else { &Header::showhttpheaders(); &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:"); - my @output =3D &General::system_output("/usr/bin/openssl", "dhparam", "-te= xt", "-in", "${General::swroot}/ovpn/ca/dh1024.pem"); + my @output =3D &General::system_output("/usr/bin/openssl", "dhparam", "-te= xt", "-in", "$dhparameter"); my $output =3D &Header::cleanhtml(join("", @output) ,"y"); print "
$output
\n"; &Header::closebox(); @@ -5447,7 +5295,7 @@ END print ""; if (( -e "${General::swroot}/ovpn/ca/cacert.pem" && - -e "${General::swroot}/ovpn/ca/dh1024.pem" && + -e "$dhparameter" && -e "${General::swroot}/ovpn/certs/servercert.pem" && -e "${General::swroot}/ovpn/certs/serverkey.pem") && (( $cgiparams{'ENABLED'} eq 'on') || @@ -5838,8 +5686,8 @@ END } =20 # Adding DH parameter to chart - if (-f "${General::swroot}/ovpn/ca/dh1024.pem") { - my @dhsubject =3D &General::system_output("/usr/bin/openssl", "dhparam", "= -text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem"); + if (-f "$dhparameter") { + my @dhsubject =3D &General::system_output("/usr/bin/openssl", "dhparam", "= -text", "-in", "$dhparameter"); my $dhsubject; =20 foreach my $line (@dhsubject) { @@ -5996,25 +5844,6 @@ END
- -
- - - - - - - - - - - - - - - -
$Lang::tr{'ovpn dh parameters'}
$Lang::tr{'ovpn dh upload'}: -
$Lang::tr{'ovpn dh new key'}:
=20
diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi index 539a74343..96be35102 100644 --- a/html/cgi-bin/tor.cgi +++ b/html/cgi-bin/tor.cgi @@ -2,7 +2,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2021 IPFire Team = # +# Copyright (C) 2007-2022 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -796,7 +796,9 @@ sub BuildConfiguration() { if ($strict_nodes > 0) { print FILE "StrictNodes 1\n"; } - } + } else { + print FILE "SocksPort 0\n"; + } =20 if ($settings{'TOR_RELAY_ENABLED'} eq 'on') { # Reject access to private networks. diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 110e4ccba..abfba5d5e 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -760,11 +760,6 @@ 'details' =3D> 'Mehr', 'device' =3D> 'Ger=C3=A4t', 'devices on blue' =3D> 'Ger=C3=A4te auf BLAU', -'dh' =3D> 'Diffie-Hellman-Parameter', -'dh key move failed' =3D> 'Verschieben der Diffie-Hellman-Parameter fehlgesc= hlagen.', -'dh key warn' =3D> 'Das Erzeugen eines Diffie-Hellman-Parameters mit 2048 Bi= t dauert =C3=BCblicherweise einige Minuten. Parameter von 3072 oder 4096 Bit = L=C3=A4nge beanspruchen gegebenenfalls mehrere Stunden. Bitte haben Sie etwas= Geduld.', -'dh key warn1' =3D> 'Bei schwachen Systemen oder Systeme mit wenig Entropie = wird empfohlen, lange Diffie-Hellman-Parameter =C3=BCber die Upload-Funktion = hochzuladen.', -'dh parameter' =3D> 'Diffie-Hellman-Parameter', 'dhcp advopt add' =3D> 'DHCP Option hinzuf=C3=BCgen', 'dhcp advopt added' =3D> 'DHCP Option hinzugef=C3=BCgt', 'dhcp advopt blank value' =3D> 'Wert f=C3=BCr DHCP Option darf nicht leer se= in', @@ -898,7 +893,6 @@ 'download' =3D> 'herunterladen', 'download ca certificate' =3D> 'CA-Zertifikat herunterladen', 'download certificate' =3D> 'Datei herunterladen', -'download dh parameter' =3D> 'Diffie-Hellman-Parameter herunterladen', 'download host certificate' =3D> 'Host-Zertifikat herunterladen', 'download new ruleset' =3D> 'Neuen Regelsatz herunterladen', 'download pkcs12 file' =3D> 'PKCS12-Datei herunterladen', @@ -1313,11 +1307,9 @@ 'fwhost wo subnet' =3D> '(Ohne Subnetz)', 'gateway' =3D> 'Gateway', 'gateway ip' =3D> 'Gateway-IP', -'gen dh' =3D> 'Neuen Diffie-Hellman-Parameter erzeugen', 'gen static key' =3D> 'Statischen Schl=C3=BCssel erzeugen', 'generate' =3D> 'Root/Host-Zertifikate generieren', 'generate a certificate' =3D> 'Erzeuge ein Zertifikat:', -'generate dh key' =3D> 'Diffie-Hellman Key generieren', 'generate iso' =3D> 'ISO erstellen', 'generate ptr' =3D> 'PTR erzeugen', 'generate root/host certificates' =3D> 'Erzeuge Root/Host-Zertifikate', @@ -1860,7 +1852,6 @@ 'nonetworkname' =3D> 'Kein Netzwerkname wurde eingegeben', 'noservicename' =3D> 'Kein Dienstname wurde eingegeben', 'not a valid ca certificate' =3D> 'Kein g=C3=BCltiges CA Zertifikat.', -'not a valid dh key' =3D> 'Kein g=C3=BCltiger Diffie-Hellman-Parameter. Es s= ind nur Parameter mit einer L=C3=A4nge von 2048, 3072 oder 4096 Bit im PKCS#3= -Format erlaubt.', 'not affected' =3D> 'Nicht betroffen', 'not enough disk space' =3D> 'Nicht gen=C3=BCgend Plattenplatz vorhanden', 'not present' =3D> 'Nicht vorhanden', @@ -1961,15 +1952,10 @@ 'ovpn connection name' =3D> 'Verbindungs-Name', 'ovpn crypt options' =3D> 'Kryptografieoptionen', 'ovpn device' =3D> 'OpenVPN-Ger=C3=A4t', -'ovpn dh' =3D> 'Diffie-Hellman-Parameter-L=C3=A4nge', -'ovpn dh new key' =3D> 'Neuen Diffie-Hellman Parameter erstellen', -'ovpn dh parameters' =3D> 'Diffie-Hellman-Parameter Optionen', -'ovpn dh upload' =3D> 'Neuen Diffie-Hellman-Parameter hochladen', 'ovpn dl' =3D> 'OVPN-Konfiguration downloaden', 'ovpn engines' =3D> 'Krypto Engine', 'ovpn errmsg green already pushed' =3D> 'Route f=C3=BCr gr=C3=BCnes Netzwerk= wird immer gesetzt', 'ovpn errmsg invalid ip or mask' =3D> 'Ung=C3=BCltige Netzwerk-Adresse oder = Subnetzmaske', -'ovpn error dh' =3D> 'Der Diffie-Hellman Parameter muss mindestens 2048 bit = lang sein!
Bitte einen neuen Diffie-Hellman Parameter erzeugen oder hochl= aden, dies kann unten =C3=BCber den Bereich "Diffie-Hellman-Parameter Optione= n" gemacht werden.
', 'ovpn error md5' =3D> 'Das Host Zertifikat nutzt einen MD5 Algorithmus welch= er nicht mehr akzeptiert wird.
Bitte IPFire auf die neueste Version updat= en und generieren sie ein neues Root und Host Zertifikate.

Es m=C3=BC= ssen dann alle OpenVPN clients erneuert werden!
', 'ovpn generating the root and host certificates' =3D> 'Die Erzeugung der Roo= t- und Host-Zertifikate kann lange Zeit dauern.', 'ovpn ha' =3D> 'Hash-Algorithmus', @@ -2270,7 +2256,6 @@ 'show ca certificate' =3D> 'CA Zertifikat anzeigen', 'show certificate' =3D> 'Datei anzeigen', 'show crl' =3D> 'Certificate Revocation List anzeigen', -'show dh' =3D> 'Diffie-Hellman-Parameter anzeigen', 'show host certificate' =3D> 'Host-Zertifikat anzeigen', 'show last x lines' =3D> 'die letzten x Zeilen anzeigen', 'show otp qrcode' =3D> 'Zeige OTP QRCode', @@ -2645,7 +2630,6 @@ 'upload a certificate' =3D> 'Ein Zertifikat hochladen:', 'upload a certificate request' =3D> 'Eine Zertifikatsanfrage hochladen:', 'upload ca certificate' =3D> 'CA-Zertifikat hochladen', -'upload dh key' =3D> 'Diffie-Hellman-Parameter hochladen', 'upload file' =3D> 'Datei zum Hochladen', 'upload new ruleset' =3D> 'Neuen Regelsatz hochladen', 'upload p12 file' =3D> 'PKCS12-Datei hochladen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 004c64b6a..bf18b22a2 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -794,12 +794,6 @@ 'details' =3D> 'Details', 'device' =3D> 'Device', 'devices on blue' =3D> 'Devices on BLUE', -'dh' =3D> 'Diffie-Hellman parameters', -'dh key move failed' =3D> 'Diffie-Hellman parameters move failed.', -'dh key warn' =3D> 'Creating DH-parameters with a length of 2048 bits takes = up to several minutes. Lengths of 3072 or 4096 bits might needs several hours= . Please be patient.', -'dh key warn1' =3D> 'For weak systems or systems with little entropy, it is = recommended to upload long Diffie-Hellman parameters by usage of the upload f= unction.', -'dh name is invalid' =3D> 'Name is invalid, please use "dh1024.pem".', -'dh parameter' =3D> 'Diffie-Hellman parameters', 'dhcp advopt add' =3D> 'Add a DHCP option', 'dhcp advopt added' =3D> 'DHCP option added', 'dhcp advopt blank value' =3D> 'DHCP Option value cannot be empty.', @@ -939,7 +933,6 @@ 'download apple profile' =3D> 'Download Apple Configuration Profile', 'download ca certificate' =3D> 'Download CA certificate', 'download certificate' =3D> 'Download file', -'download dh parameter' =3D> 'Download Diffie-Hellman parameters', 'download host certificate' =3D> 'Download host certificate', 'download new ruleset' =3D> 'Download new ruleset', 'download pkcs12 file' =3D> 'Download PKCS12 file', @@ -1358,11 +1351,9 @@ 'g.lite' =3D> 'TO BE REMOVED', 'gateway' =3D> 'Gateway', 'gateway ip' =3D> 'Gateway IP', -'gen dh' =3D> 'Generate new Diffie-Hellman parameters', 'gen static key' =3D> 'Generate a static key', 'generate' =3D> 'Generate root/host zertifikate', 'generate a certificate' =3D> 'Generate a certificate:', -'generate dh key' =3D> 'Generate Diffie-Hellman parameters', 'generate iso' =3D> 'Generate ISO', 'generate ptr' =3D> 'Generate PTR', 'generate root/host certificates' =3D> 'Generate root/host certificates', @@ -1911,7 +1902,6 @@ 'nonetworkname' =3D> 'No Network Name entered', 'noservicename' =3D> 'No Service Name entered', 'not a valid ca certificate' =3D> 'Not a valid CA certificate.', -'not a valid dh key' =3D> 'Not a valid Diffie-Hellman parameters file. Pleas= e use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.', 'not affected' =3D> 'Not Affected', 'not enough disk space' =3D> 'Not enough disk space', 'not present' =3D> 'Not present', @@ -2015,15 +2005,10 @@ 'ovpn connection name' =3D> 'Connection Name', 'ovpn crypt options' =3D> 'Cryptographic options', 'ovpn device' =3D> 'OpenVPN device:', -'ovpn dh' =3D> 'Diffie-Hellman parameters length', -'ovpn dh new key' =3D> 'Generate new Diffie-Hellman parameters', -'ovpn dh parameters' =3D> 'Diffie-Hellman parameters options', -'ovpn dh upload' =3D> 'Upload new Diffie-Hellman parameters', 'ovpn dl' =3D> 'OVPN-Config Download', 'ovpn engines' =3D> 'Crypto engine', 'ovpn errmsg green already pushed' =3D> 'Route for green network is always s= et', 'ovpn errmsg invalid ip or mask' =3D> 'Invalid network-address or subnetmask= ', -'ovpn error dh' =3D> 'The Diffie-Hellman parameter needs to be in minimum 20= 48 bit!
Please generate or upload a new Diffie-Hellman parameter, this ca= n be made below in the section "Diffie-Hellman parameters options".
', 'ovpn error md5' =3D> 'You host certificate uses MD5 for the signature which= is not accepted anymore.
Please update to the latest IPFire version and = generate a new root and host certificate.

All OpenVPN clients needs t= hen to be renewed!
', 'ovpn generating the root and host certificates' =3D> 'Generating the root a= nd host certificate can take a long time.', 'ovpn ha' =3D> 'Hash algorithm', @@ -2327,7 +2312,6 @@ 'show ca certificate' =3D> 'Show CA certificate', 'show certificate' =3D> 'Show file', 'show crl' =3D> 'Show certificate revocation list', -'show dh' =3D> 'Show Diffie-Hellman parameters', 'show host certificate' =3D> 'Show host certificate', 'show last x lines' =3D> 'Show last x lines', 'show lines' =3D> 'Show lines', @@ -2710,7 +2694,6 @@ 'upload a certificate' =3D> 'Upload a certificate:', 'upload a certificate request' =3D> 'Upload a certificate request:', 'upload ca certificate' =3D> 'Upload CA certificate', -'upload dh key' =3D> 'Upload Diffie-Hellman parameters', 'upload fcdsl.o' =3D> 'TO BE REMOVED', 'upload file' =3D> 'Upload file', 'upload new ruleset' =3D> 'Upload new ruleset', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index e46c4fa46..bfd3f9b5e 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -799,12 +799,6 @@ 'details' =3D> 'D=C3=A9tails', 'device' =3D> 'P=C3=A9riph=C3=A9rique', 'devices on blue' =3D> 'P=C3=A9riph=C3=A9riques sur BLEU', -'dh' =3D> 'Param=C3=A8tres Diffie-Hellman', -'dh key move failed' =3D> 'Le d=C3=A9placement des param=C3=A8tres Diffie-He= llman a =C3=A9chou=C3=A9.', -'dh key warn' =3D> 'La cr=C3=A9ation de param=C3=A8tres DH avec des longueur= s de 1024 ou 2048 bits prend plusieurs minutes. Des longueurs de 3072 ou 4096= bits peuvent n=C3=A9cessiter plusieurs heures. Soyez patient.', -'dh key warn1' =3D> 'Pour des syst=C3=A8mes faibles ou avec peu d\'entropie,= il est recommand=C3=A9 de t=C3=A9l=C3=A9charger les param=C3=A8tres Diffie-H= ellman longs en utilisant la fonction de t=C3=A9l=C3=A9chargement.', -'dh name is invalid' =3D> 'Le nom est invalide, veuillez utiliser "dh1024.pe= m".', -'dh parameter' =3D> 'Param=C3=A8tres Diffie-Hellman', 'dhcp advopt add' =3D> 'Ajouter une option DHCP', 'dhcp advopt added' =3D> 'Option DHCP ajout=C3=A9e', 'dhcp advopt blank value' =3D> 'La valeur de l\'option DHCP ne peut pas =C3= =AAtre vide.', @@ -944,7 +938,6 @@ 'download apple profile' =3D> 'T=C3=A9l=C3=A9charger le profil de configurat= ion Apple', 'download ca certificate' =3D> 'T=C3=A9l=C3=A9charger le certificat CA', 'download certificate' =3D> 'T=C3=A9l=C3=A9charger le certificat', -'download dh parameter' =3D> 'T=C3=A9l=C3=A9charger param=C3=A8tres Diffie-H= ellman', 'download host certificate' =3D> 'T=C3=A9l=C3=A9charger le certificat de l\'= h=C3=B4te', 'download new ruleset' =3D> 'T=C3=A9l=C3=A9charger de nouvelles r=C3=A8gles', 'download pkcs12 file' =3D> 'T=C3=A9l=C3=A9charger le fichier PKCS12', @@ -1360,11 +1353,9 @@ 'fwhost wo subnet' =3D> '(sans sous-r=C3=A9seau)', 'gateway' =3D> 'Passerelle ', 'gateway ip' =3D> 'IP passerelle', -'gen dh' =3D> 'G=C3=A9n=C3=A9rer nouveaux param=C3=A8tres Diffie-Hellman ', 'gen static key' =3D> 'G=C3=A9n=C3=A9rer une clef statique', 'generate' =3D> 'G=C3=A9n=C3=A9rer un certificat racine / h=C3=B4te', 'generate a certificate' =3D> 'G=C3=A9n=C3=A9rer un certificat :', -'generate dh key' =3D> 'G=C3=A9n=C3=A9rer param=C3=A8tres Diffie-Hellman', 'generate iso' =3D> 'G=C3=A9n=C3=A9rer ISO', 'generate ptr' =3D> 'G=C3=A9n=C3=A9rer PTR ', 'generate root/host certificates' =3D> 'G=C3=A9n=C3=A9rer des certificats ro= ot / h=C3=B4te', @@ -1917,7 +1908,6 @@ 'nonetworkname' =3D> 'Aucun nom de r=C3=A9seau saisi', 'noservicename' =3D> 'Aucun nom de service saisi', 'not a valid ca certificate' =3D> 'Le certificat CA n\'est pas valide.', -'not a valid dh key' =3D> 'Ce n\'est pas un fichier de param=C3=A8tres Diffi= e-Hellman valide. Veuillez choisir une longueur de 1024, 2048, 3072 ou 4096 b= its et le format PKCS#3.', 'not affected' =3D> 'Non affect=C3=A9', 'not enough disk space' =3D> 'Pas assez d\'espace sur le disque', 'not present' =3D> 'Absent', @@ -2021,15 +2011,10 @@ 'ovpn connection name' =3D> 'Nom de la connexion ', 'ovpn crypt options' =3D> 'Options cryptographiques', 'ovpn device' =3D> 'P=C3=A9riph=C3=A9rique OpenVPN :', -'ovpn dh' =3D> 'Longueur de param=C3=A8tres Diffie-Hellman ', -'ovpn dh new key' =3D> 'G=C3=A9n=C3=A9rer de nouveaux param=C3=A8tres Diffie= -Hellman ', -'ovpn dh parameters' =3D> 'Options de param=C3=A8tres Diffie-Hellman', -'ovpn dh upload' =3D> 'Mettre =C3=A0 jour nouveaux param=C3=A8tres Diffie-He= llman ', 'ovpn dl' =3D> 'T=C3=A9l=C3=A9charger Config OVPN', 'ovpn engines' =3D> 'Moteur Crypto', 'ovpn errmsg green already pushed' =3D> 'La route pour le r=C3=A9seau VERT e= st toujours activ=C3=A9e', 'ovpn errmsg invalid ip or mask' =3D> 'Adresse ou masque de sous-r=C3=A9seau= invalide', -'ovpn error dh' =3D> 'Le param=C3=A8tre Diffie-Hellman doit =C3=AAtre au min= imum =C3=A0 2048 bits !
Veuillez g=C3=A9n=C3=A9rer ou t=C3=A9l=C3=A9charg= er un nouveau param=C3=A8tre Diffie-Hellman, cela peut =C3=AAtre fait ci-dess= ous dans la section "Options de param=C3=A8tres Diffie-Hellman".
', 'ovpn error md5' =3D> 'Votre certificat h=C3=B4te utilise MD5 pour la signat= ure qui n\'est plus accept=C3=A9e.
Veuillez mettre =C3=A0 jour la derni= =C3=A8re version d\'IPFire et g=C3=A9n=C3=A9rez un nouveau certificat racine = et h=C3=B4te..

Tous les clients OpenVPN doivent ensuite =C3=AAtre ren= ouvel=C3=A9s!
', 'ovpn generating the root and host certificates' =3D> 'La g=C3=A9n=C3=A9rati= on du certificat racine et h=C3=B4te peut prendre du temps.', 'ovpn ha' =3D> 'Algorithme de hashage', @@ -2335,7 +2320,6 @@ 'show ca certificate' =3D> 'Afficher le certificat CA', 'show certificate' =3D> 'Afficher le certificat', 'show crl' =3D> 'Montrer la liste de r=C3=A9vocation des certificats', -'show dh' =3D> 'Afficher les param=C3=A8tres Diffie-Hellman', 'show host certificate' =3D> 'Afficher le certificat h=C3=B4te', 'show last x lines' =3D> 'Montrer les derni=C3=A8res x lignes', 'show lines' =3D> 'Montrer les lignes', @@ -2718,7 +2702,6 @@ 'upload a certificate' =3D> 'Envoyer un certificat :', 'upload a certificate request' =3D> 'Envoyer une demande de certificat :', 'upload ca certificate' =3D> 'Envoyer un certificat CA', -'upload dh key' =3D> 'T=C3=A9l=C3=A9charger param=C3=A8tres Diffie-Hellman', 'upload file' =3D> 'Envoyer un fichier', 'upload new ruleset' =3D> 'T=C3=A9l=C3=A9charger un nouveau r=C3=A9glement', 'upload p12 file' =3D> 'Envoyer fichier PKCS12', diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl index cf58bea90..87a86946f 100644 --- a/langs/it/cgi-bin/it.pl +++ b/langs/it/cgi-bin/it.pl @@ -681,12 +681,6 @@ 'details' =3D> 'Dettagli', 'device' =3D> 'Device', 'devices on blue' =3D> 'Devices on Blu', -'dh' =3D> 'Diffie-Hellman parameters', -'dh key move failed' =3D> 'Diffie-Hellman parameters move failed.', -'dh key warn' =3D> 'Creating DH-parameters with lengths of 1024 or 2048 bits= takes up to several minutes. Lengths of 3072 or 4096 bits might needs severa= l hours. Please be patient.', -'dh key warn1' =3D> 'For weak systems or systems with little entropy, it is = recommended to upload long Diffie-Hellman parameters by usage of the upload f= unction.', -'dh name is invalid' =3D> 'Name is invalid, please use "dh1024.pem".', -'dh parameter' =3D> 'Diffie-Hellman parameters', 'dhcp advopt add' =3D> 'Aggiungere un opzione DHCP', 'dhcp advopt added' =3D> 'Opzione DHCP aggiunto', 'dhcp advopt blank value' =3D> 'DHCP opzione non pu=C3=B2 essere vuoto.', @@ -796,7 +790,6 @@ 'download' =3D> 'download', 'download ca certificate' =3D> 'Download CA certificate', 'download certificate' =3D> 'Download certificate', -'download dh parameter' =3D> 'Download Diffie-Hellman parameters', 'download host certificate' =3D> 'Download host certificate', 'download new ruleset' =3D> 'Scarica il nuovo set di regole', 'download pkcs12 file' =3D> 'Download PKCS12 file', @@ -1158,11 +1151,9 @@ 'g.lite' =3D> 'TO BE REMOVED', 'gateway' =3D> 'Gateway', 'gateway ip' =3D> 'Gateway IP', -'gen dh' =3D> 'Generate new Diffie-Hellman parameters', 'gen static key' =3D> 'Generate a static key', 'generate' =3D> 'Generate root/host zertifikate', 'generate a certificate' =3D> 'Generate a certificate:', -'generate dh key' =3D> 'Generate Diffie-Hellman parameters', 'generate iso' =3D> 'Genera file ISO', 'generate root/host certificates' =3D> 'Generate root/host certificates', 'generate tripwire keys and init' =3D> 'generate tripwire keys and init', @@ -1594,7 +1585,6 @@ 'nonetworkname' =3D> 'No Network Name entered', 'noservicename' =3D> 'No Service Name entered', 'not a valid ca certificate' =3D> 'Not a valid CA certificate.', -'not a valid dh key' =3D> 'Not a valid Diffie-Hellman parameters file. Pleas= e use a length of 1024, 2048, 3072 or 4096 bits and the PKCS#3 format.', 'not enough disk space' =3D> 'Spazio su disco insufficiente', 'not present' =3D> 'Non presente', 'not running' =3D> 'not running', @@ -1684,10 +1674,6 @@ 'ovpn config' =3D> 'OVPN-Config', 'ovpn crypt options' =3D> 'Cryptographic options', 'ovpn device' =3D> 'OpenVPN device:', -'ovpn dh' =3D> 'Diffie-Hellman parameters length', -'ovpn dh new key' =3D> 'Generate new Diffie-Hellman parameters', -'ovpn dh parameters' =3D> 'Diffie-Hellman parameters options', -'ovpn dh upload' =3D> 'Upload new Diffie-Hellman parameters', 'ovpn dl' =3D> 'OVPN-Config Download', 'ovpn engines' =3D> 'Crypto engine', 'ovpn errmsg green already pushed' =3D> 'Route for Verde network is always s= et', @@ -1958,7 +1944,6 @@ 'show ca certificate' =3D> 'Show CA certificate', 'show certificate' =3D> 'Show file', 'show crl' =3D> 'Show certificate revocation list', -'show dh' =3D> 'Show Diffie-Hellman parameters', 'show host certificate' =3D> 'Show host certificate', 'show last x lines' =3D> 'Show last x lines', 'show lines' =3D> 'Show lines', @@ -2298,7 +2283,6 @@ 'upload a certificate' =3D> 'Upload a certificate:', 'upload a certificate request' =3D> 'Upload a certificate request:', 'upload ca certificate' =3D> 'Upload CA certificate', -'upload dh key' =3D> 'Upload Diffie-Hellman parameters', 'upload fcdsl.o' =3D> 'TO BE REMOVED', 'upload file' =3D> 'Upload file', 'upload new ruleset' =3D> 'Upload new ruleset', diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl index bc2eead9a..ad5567ce1 100644 --- a/langs/tr/cgi-bin/tr.pl +++ b/langs/tr/cgi-bin/tr.pl @@ -746,12 +746,6 @@ 'details' =3D> 'Detaylar', 'device' =3D> 'Ayg=C4=B1t', 'devices on blue' =3D> 'Mavi =C3=BCzerindeki ayg=C4=B1tlar', -'dh' =3D> 'Diffie-Hellman parametreleri', -'dh key move failed' =3D> 'Diffie-Hellman parametreleri ta=C5=9F=C4=B1namad= =C4=B1.', -'dh key warn' =3D> '1024 veya 2048 bit uzunlu=C4=9Fundaki Diffie-Hellman par= ametrelerini olu=C5=9Fturma birka=C3=A7 dakika s=C3=BCrebilir. 3072 veya 4096= bit uzunlu=C4=9Fundaki parametreleri olu=C5=9Fturmak ise birka=C3=A7 saate i= htiya=C3=A7 olabilir. L=C3=BCtfen sab=C4=B1rl=C4=B1 olun.', -'dh key warn1' =3D> 'Zay=C4=B1f veya entropileri k=C3=BC=C3=A7=C3=BCk olan s= istemler i=C3=A7in bu y=C3=BCkleme fonksiyonun kullan=C4=B1m=C4=B1 ile uzun D= iffie-Hellman parametrelerini y=C3=BCkleme tavsiye edilir.', -'dh name is invalid' =3D> 'Ge=C3=A7ersiz ad, l=C3=BCtfen "dh1024.pem" =C5=9F= eklinde kullan=C4=B1n.', -'dh parameter' =3D> 'Diffie-Hellman parametreleri', 'dhcp advopt add' =3D> 'DHCP se=C3=A7ene=C4=9Fi ekle', 'dhcp advopt added' =3D> 'DHCP se=C3=A7ene=C4=9Fi eklendi', 'dhcp advopt blank value' =3D> 'DHCP se=C3=A7ene=C4=9Fi de=C4=9Feri bo=C5=9F= olamaz.', @@ -868,7 +862,6 @@ 'download' =3D> '=C4=B0ndir', 'download ca certificate' =3D> 'CA sertifikas=C4=B1 indir', 'download certificate' =3D> 'Sertifika indir', -'download dh parameter' =3D> 'Diffie-Hellman parametrelerini indir', 'download host certificate' =3D> 'Ana bilgisayar belgesi indir', 'download new ruleset' =3D> 'Yeni Kural K=C3=BCmesi =C4=B0ndir', 'download pkcs12 file' =3D> 'PKCS12 dosyas=C4=B1n=C4=B1 indir', @@ -1269,11 +1262,9 @@ 'g.lite' =3D> 'KALDIRILACAK', 'gateway' =3D> 'A=C4=9F ge=C3=A7idi', 'gateway ip' =3D> 'A=C4=9F Ge=C3=A7idi IP Adresi', -'gen dh' =3D> 'Yeni Diffie-Hellman parametrelerini olu=C5=9Fturun', 'gen static key' =3D> 'Statik bir anahtar olu=C5=9Ftur', 'generate' =3D> 'Y=C3=B6netici/Sunucu Sertifikas=C4=B1 Olu=C5=9Ftur', 'generate a certificate' =3D> 'Sertifika olu=C5=9Ftur:', -'generate dh key' =3D> 'Diffie-Hellman parametrelerini olu=C5=9Fturun', 'generate iso' =3D> 'ISO olu=C5=9Ftur', 'generate root/host certificates' =3D> 'Y=C3=B6netici/Sunucu Sertifikas=C4= =B1 Olu=C5=9Ftur', 'generate tripwire keys and init' =3D> 'tripwire anahtarlar=C4=B1 ve init ol= u=C5=9Ftur', @@ -1731,7 +1722,6 @@ 'nonetworkname' =3D> 'A=C4=9F ad=C4=B1 girilmedi', 'noservicename' =3D> 'Hizmet ad=C4=B1 girilmedi', 'not a valid ca certificate' =3D> 'Ge=C3=A7erli bir CA sertifikas=C4=B1 de= =C4=9Fil.', -'not a valid dh key' =3D> 'Ge=C3=A7erli bir Diffie-Hellman parametre dosyas= =C4=B1 yok. 1024, 2048, 3072 veya 4096 bit uzunlu=C4=9Funda ve PKCS#3 bi=C3= =A7imini kullan=C4=B1n.', 'not enough disk space' =3D> 'Yeterli disk alan=C4=B1 yok', 'not present' =3D> 'Mevcut de=C4=9Fil', 'not running' =3D> '=C3=A7al=C4=B1=C5=9Fm=C4=B1yor', @@ -1828,10 +1818,6 @@ 'ovpn config' =3D> 'OVPN-Yap=C4=B1land=C4=B1rmas=C4=B1', 'ovpn crypt options' =3D> '=C5=9Eifreleme se=C3=A7enekleri', 'ovpn device' =3D> 'OpenVPN ayg=C4=B1t=C4=B1:', -'ovpn dh' =3D> 'Diffie-Hellman parametre uzunlu=C4=9Fu', -'ovpn dh new key' =3D> 'Yeni Diffie-Hellman parametrelerini olu=C5=9Fturun', -'ovpn dh parameters' =3D> 'Diffie-Hellman parametre se=C3=A7enekleri', -'ovpn dh upload' =3D> 'Yeni Diffie-Hellman parametreleri y=C3=BCkle', 'ovpn dl' =3D> 'OVPN-Yap=C4=B1land=C4=B1rmas=C4=B1 =C4=B0ndir', 'ovpn engines' =3D> '=C5=9Eifreleme motoru', 'ovpn errmsg green already pushed' =3D> 'Ye=C5=9Fil a=C4=9F i=C3=A7in her za= man bir yol ayarla', @@ -2111,7 +2097,6 @@ 'show ca certificate' =3D> 'CA sertifikalar=C4=B1n=C4=B1 g=C3=B6ster', 'show certificate' =3D> 'Sertifika g=C3=B6ster', 'show crl' =3D> 'Sertifika =C4=B0ptal Listesini G=C3=B6ster', -'show dh' =3D> 'Diffie-Hellman parametrelerini g=C3=B6ster', 'show host certificate' =3D> 'Ana bilgisayar sertifikalar=C4=B1n=C4=B1 g=C3= =B6ster', 'show last x lines' =3D> 'Son x sat=C4=B1rlar=C4=B1n=C4=B1 g=C3=B6ster', 'show lines' =3D> 'Sat=C4=B1rlar=C4=B1 g=C3=B6ster', @@ -2462,7 +2447,6 @@ 'upload a certificate' =3D> 'Sertifika y=C3=BCkle:', 'upload a certificate request' =3D> 'Sertifika iste=C4=9Fi y=C3=BCkle:', 'upload ca certificate' =3D> 'CA Sertifikas=C4=B1 Y=C3=BCkle', -'upload dh key' =3D> 'Diffie-Hellman parametreleri y=C3=BCkle', 'upload fcdsl.o' =3D> 'KALDIRILACAK', 'upload file' =3D> 'Dosya y=C3=BCkle', 'upload new ruleset' =3D> 'Yeni kurallar y=C3=BCkle', diff --git a/lfs/cdrom b/lfs/cdrom index a47faa49e..f4e6e050c 100644 --- a/lfs/cdrom +++ b/lfs/cdrom @@ -199,7 +199,7 @@ endif =20 ifeq "$(HAS_MEMTEST)" "1" # Install memtest - cp /usr/lib/memtest86+/memtest.bin $(DIR_TMP)/cdrom/boot/isolinux/memtest + cp /usr/lib/memtest86+/memtest.efi $(DIR_TMP)/cdrom/boot/isolinux/memtest endif =20 ifeq "$(HAS_IPXE)" "1" diff --git a/lfs/clamav b/lfs/clamav index 987c0453a..1cd15ea27 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -27,14 +27,15 @@ include Config SUMMARY =3D Antivirus Toolkit =20 VER =3D 0.105.1 +SUBVER =3D -2 =20 THISAPP =3D clamav-$(VER) -DL_FILE =3D $(THISAPP).tar.gz +DL_FILE =3D $(THISAPP)$(SUBVER).tar.gz DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D clamav -PAK_VER =3D 62 +PAK_VER =3D 63 =20 DEPS =3D =20 @@ -50,7 +51,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_BLAKE2 =3D be46d9afd76fb536d7de7363a45d38fef6a5983011e3cd0dcc25c2= a209c8d37a2bbe1f7f4a5694152cabf622ef83e072b892ae12ba404da1955bb5b654e5216d +$(DL_FILE)_BLAKE2 =3D 09e67f4ae4f9689e634aa18cd672b16d8a4cb8b3923527c7c92ffa= 264b415dc49b5ee82ceaa518cf701a910b49a344753c7d0de894a772b0b871e492c95d60f4 =20 install : $(TARGET) =20 diff --git a/lfs/configroot b/lfs/configroot index f278ccf77..ef92f5f08 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -169,7 +169,7 @@ $(TARGET) : # Configroot permissions chown -Rv nobody:nobody $(CONFIG_ROOT) chown root:root $(CONFIG_ROOT) - for i in backup/exclude.user backup/include.user *.pl addon-lang/ langs/ ; = do \ + for i in backup/exclude.user backup/include.user connscheduler/lib.pl *.pl = addon-lang/ langs/ menu.d/; do \ chown -Rv root:root $(CONFIG_ROOT)/$$i; \ done chown -Rv root:root $(CONFIG_ROOT)/*/bin diff --git a/lfs/memtest b/lfs/memtest index 7e5ac895f..ae87558de 100644 --- a/lfs/memtest +++ b/lfs/memtest @@ -24,9 +24,9 @@ =20 include Config =20 -VER =3D 5.01 +VER =3D 6.00 =20 -THISAPP =3D memtest86+-$(VER) +THISAPP =3D memtest86plus-$(VER) DL_FILE =3D $(THISAPP).tar.gz DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) @@ -41,7 +41,8 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_BLAKE2 =3D ef63eaabaf6d3d27b85c73618c692dd61cce52f3670a57958d1816= 23888bdc3aa538855da9a82ec2ab70b180938e3df99f0b06f606b2d6f64e8aabbe781b3050 +$(DL_FILE)_BLAKE2 =3D bba26dab7165239fe95dc7f174e5f876f47421008ca6201bc57549= 598f512df56a6a0ca71f8c2c26c01188d243b58ab6ddd525cf01f0dece0cdb61a6acf38685 + =20 install : $(TARGET) =20 @@ -71,11 +72,8 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP)/build64 && make memtest.efi -mkdir -p /usr/lib/memtest86+ - - # 64bit only systems cannot link mentest without 32bit gcc libs - # so we use the precompiled binary from memtest author - cd $(DIR_APP) && cp -f precomp.bin /usr/lib/memtest86+/memtest.bin - + cd $(DIR_APP)/build64 && cp -f memtest.efi /usr/lib/memtest86+/memtest.efi @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/openssl b/lfs/openssl index 28a92a6b3..0431203f0 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -123,5 +123,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl =20 + # Install RFC 7919 defined standard group ffdhe4096 + install -m 0644 $(DIR_SRC)/config/ssl/ffdhe4096.pem /etc/ssl + @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/postfix b/lfs/postfix index 9c028ad7c..0a078b8d2 100644 --- a/lfs/postfix +++ b/lfs/postfix @@ -26,7 +26,7 @@ include Config =20 SUMMARY =3D A fast, secure, and flexible mailer =20 -VER =3D 3.7.2 +VER =3D 3.7.3 =20 THISAPP =3D postfix-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D postfix -PAK_VER =3D 37 +PAK_VER =3D 38 =20 DEPS =3D =20 @@ -70,7 +70,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_BLAKE2 =3D 3f7aaba222b64274f756ea37b8ac06c29469d9183879deb4942a70= 9d75783f4a8ca81204971b6658aba4b5bea46ed9c21b14e1f8fc6b613f257acd3aad16c170 +$(DL_FILE)_BLAKE2 =3D 005abf49b27e59bd3e3251e345df4da0c830314c4d4478aee11057= 163166afa1a0159017c46bead6572d29d9738a18e1a42a0b72fe260facd3ad77f8ed309271 =20 install : $(TARGET) =20 diff --git a/lfs/squid b/lfs/squid index 08eb9965d..7a7b775ff 100644 --- a/lfs/squid +++ b/lfs/squid @@ -170,6 +170,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) =20 chown -R nobody:nobody /var/ipfire/updatexlrator chown -R root:root /var/ipfire/updatexlrator/bin + chown root:root /var/ipfire/updatexlrator/updxlrator-lib.pl chown nobody.squid /var/updatecache chown nobody.squid /var/updatecache/download chown nobody.squid /var/updatecache/metadata hooks/post-receive -- IPFire 2.x development tree --===============8830008632883939056==--