* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 9c0dab3d3ca807e836823253aced80a14bc1970a
@ 2025-05-07 9:07 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-05-07 9:07 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 9c0dab3d3ca807e836823253aced80a14bc1970a (commit)
via 6532b8c3ac8a677e7e6acdb619a7901c4e957f77 (commit)
via 2e836d34277c307d0c54c7164037c008615e0cba (commit)
via b63aac0d9a974bddecbfe65c2d01234554a2944f (commit)
via 4c39e38f90fea60ef62e07267fd84f1b89de0297 (commit)
via a63c51da8ea03896c3340960821fbacece58f861 (commit)
via 6c1549ff7a9c8e3f9f17a29a6b169fce175fea42 (commit)
via c45de047a62d34fcbb2bca252eccf79a439fc3e7 (commit)
via bc3c914b12689a8f245b2332bc6055bcc3f3dc89 (commit)
via caa53632f2311fefd346536309e7a053b9b79c60 (commit)
via d097d9c4933dcb31f1e382852464fa92788be29c (commit)
from 18702b07f5c59ce600adcf6f069cecf686e7e2d4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9c0dab3d3ca807e836823253aced80a14bc1970a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 7 09:06:12 2025 +0000
chpasswd.cgi: Add missing $
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6532b8c3ac8a677e7e6acdb619a7901c4e957f77
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 7 09:05:25 2025 +0000
core195: Remove the dropped Apache::Htpasswd module
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 2e836d34277c307d0c54c7164037c008615e0cba
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue May 6 16:10:13 2025 +0200
core195: Ship chpasswd.cgi and proxy.cgi files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b63aac0d9a974bddecbfe65c2d01234554a2944f
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue May 6 16:10:12 2025 +0200
perl-Apache_Htpasswd: remove module from IPFire
- This module was only used for the proxy.cgi and chpasswd.cgi files for the local
authentication option.
- As this module was last updated in Nov 2012 its use has been replaced by direct use
of htpasswd. This is dealt with by other patches in this set.
- With those changes this module is no longer required.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4c39e38f90fea60ef62e07267fd84f1b89de0297
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue May 6 16:10:11 2025 +0200
chpasswd.cgi: Make swroot refs the same as for other cgi files
- This uses the swroot definition from general-functions.pl and makes the definition
the same as used in the majority of other IPFire cgi files.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a63c51da8ea03896c3340960821fbacece58f861
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue May 6 16:10:10 2025 +0200
proxy.cgi: Fixes bug12755 - proxy auth problem with password longer than 8 chars
- This makes the proxy local password management the same between chpasswd.cgi and
proxy.cgi
- Tested out on my vm testbed and was able to create and modify users and their passwords
in the proxy.cgi page or modify a password for a specified user on the chpasswd.cgi
page. This all happened successfully and was confirmed by testing out the local
authentication.
Fixes: bug12755
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6c1549ff7a9c8e3f9f17a29a6b169fce175fea42
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue May 6 16:10:09 2025 +0200
chpasswd.cgi: Fixes bug12755 - proxy auth password problem longer than 8 chars
- The existing version of the perl module Apache::Htpasswd was using the crypt hash for
the password hashing, which is very insecure. The only alternative with this module
is the md5 and sha1 hashes which are also considered weak now.
- The module was last updated in Nov 2012 and there is no alternative module available.
- This patch replaces that perl module with using the apache htpasswd program. This can
be set to use the bcrypt hash which is considered secure. This is used for the
generation of the root and admin passwords during the IPFire install.
- Tested out on my vm testbed system and the password for a specific user name was
changed successfully without any restriction to the length of the password.
- Existing passwords with the existing md5 or crypt options will still work as htpasswd
can manage different encoding hashes in the one file.
Fixes: bug12755
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c45de047a62d34fcbb2bca252eccf79a439fc3e7
Author: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Mon May 5 16:15:46 2025 +0200
monit: Update to 5.35.1
For details see:
https://mmonit.com/monit/changes/
"Fixed: Issue #1127: Monit may crash when check program is used"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit bc3c914b12689a8f245b2332bc6055bcc3f3dc89
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 6 17:21:38 2025 +0000
unbound: Use fast reload
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit caa53632f2311fefd346536309e7a053b9b79c60
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue May 6 17:19:05 2025 +0000
core195: Ship Unbound
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d097d9c4933dcb31f1e382852464fa92788be29c
Author: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Mon May 5 16:12:39 2025 +0200
unbound: Update to 1.23.0
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-23-0
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/perl-Apache-Htpasswd | 6 --
config/rootfiles/common/unbound | 2 +-
config/rootfiles/core/195/filelists/files | 2 +
.../{oldcore/106 => core/195}/filelists/unbound | 0
config/rootfiles/core/195/update.sh | 3 +
html/cgi-bin/chpasswd.cgi | 46 ++++++-------
html/cgi-bin/proxy.cgi | 13 +---
lfs/monit | 6 +-
lfs/perl-Apache-Htpasswd | 77 ----------------------
lfs/unbound | 6 +-
make.sh | 1 -
src/initscripts/system/unbound | 2 +-
12 files changed, 36 insertions(+), 128 deletions(-)
delete mode 100644 config/rootfiles/common/perl-Apache-Htpasswd
copy config/rootfiles/{oldcore/106 => core/195}/filelists/unbound (100%)
delete mode 100644 lfs/perl-Apache-Htpasswd
Difference in files:
diff --git a/config/rootfiles/common/perl-Apache-Htpasswd b/config/rootfiles/common/perl-Apache-Htpasswd
deleted file mode 100644
index bd19e73a9..000000000
--- a/config/rootfiles/common/perl-Apache-Htpasswd
+++ /dev/null
@@ -1,6 +0,0 @@
-#usr/lib/perl5/site_perl/5.36.0/Apache
-usr/lib/perl5/site_perl/5.36.0/Apache/Htpasswd.pm
-#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Apache
-#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Apache/Htpasswd
-#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Apache/Htpasswd/.packlist
-#usr/share/man/man3/Apache::Htpasswd.3
diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound
index 57390d6d9..8913c376f 100644
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
#usr/lib/libunbound.la
#usr/lib/libunbound.so
usr/lib/libunbound.so.8
-usr/lib/libunbound.so.8.1.30
+usr/lib/libunbound.so.8.1.31
#usr/lib/pkgconfig/libunbound.pc
usr/sbin/unbound
usr/sbin/unbound-anchor
diff --git a/config/rootfiles/core/195/filelists/files b/config/rootfiles/core/195/filelists/files
index a4b1b0eeb..61e6d4c7e 100644
--- a/config/rootfiles/core/195/filelists/files
+++ b/config/rootfiles/core/195/filelists/files
@@ -13,6 +13,8 @@ srv/web/ipfire/cgi-bin/pakfire.cgi
srv/web/ipfire/cgi-bin/services.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
srv/web/ipfire/cgi-bin/wireguard.cgi
+srv/web/ipfire/cgi-bin/chpasswd.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/html/themes/ipfire/include/css/style.css
usr/lib/firewall/firewall-lib.pl
usr/local/bin/wireguardctrl
diff --git a/config/rootfiles/core/195/filelists/unbound b/config/rootfiles/core/195/filelists/unbound
new file mode 120000
index 000000000..66adf0924
--- /dev/null
+++ b/config/rootfiles/core/195/filelists/unbound
@@ -0,0 +1 @@
+../../../common/unbound
\ No newline at end of file
diff --git a/config/rootfiles/core/195/update.sh b/config/rootfiles/core/195/update.sh
index 95669eab9..164976696 100644
--- a/config/rootfiles/core/195/update.sh
+++ b/config/rootfiles/core/195/update.sh
@@ -34,6 +34,8 @@ done
# Stop services
# Remove files
+rm -rfv \
+ /usr/lib/perl5/site_perl/5.36.0/Apache/Htpasswd.pm
# Extract files
extract_files
@@ -93,6 +95,7 @@ fi
# Start services
/etc/init.d/firewall restart
/etc/init.d/sshd restart
+/etc/init.d/unbound restart
# This update needs a reboot...
#touch /var/run/need_reboot
diff --git a/html/cgi-bin/chpasswd.cgi b/html/cgi-bin/chpasswd.cgi
index 4930c4ca3..c00caca20 100644
--- a/html/cgi-bin/chpasswd.cgi
+++ b/html/cgi-bin/chpasswd.cgi
@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -20,10 +20,8 @@
###############################################################################
use CGI qw(param);
-use Apache::Htpasswd;
-use Crypt::PasswdMD5;
-$swroot = "/var/ipfire";
+require '/var/ipfire/general-functions.pl';
my %cgiparams;
my %mainsettings;
@@ -32,8 +30,8 @@ my %proxysettings;
$proxysettings{'NCSA_MIN_PASS_LEN'} = 6;
### Initialize environment
-&readhash("${swroot}/main/settings", \%mainsettings);
-&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
+&readhash("${General::swroot}/main/settings", \%mainsettings);
+&readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings);
$language = $mainsettings{'LANGUAGE'};
### Initialize language
@@ -42,12 +40,12 @@ if ($language =~ /^(\w+)$/) {$language = $1;}
# Uncomment this to force a certain language:
# $language='en';
#
-require "${swroot}/langs/en.pl";
-require "${swroot}/langs/${language}.pl";
+require "${General::swroot}/langs/en.pl";
+require "${General::swroot}/langs/${language}.pl";
-my $userdb = "$swroot/proxy/advanced/ncsa/passwd";
+my $userdb = "$General::swroot/proxy/advanced/ncsa/passwd";
-&readhash("$swroot/ethernet/settings", \%netsettings);
+&readhash("$General::swroot/ethernet/settings", \%netsettings);
my $success = 0;
@@ -76,21 +74,19 @@ if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
goto ERROR;
}
- my $htpasswd = new Apache::Htpasswd("$userdb");
-
- # Check if a user with this name exists
- my $old_password = $htpasswd->fetchPass($cgiparams{'USERNAME'});
- if (!$old_password) {
- $errormessage = $tr{'advproxy errmsg invalid user'};
- goto ERROR;
- }
-
- # Reset password
- if (!$htpasswd->htpasswd($cgiparams{'USERNAME'}, $cgiparams{'NEW_PASSWORD_1'},
- $cgiparams{'OLD_PASSWORD'})) {
- $errormessage = $tr{'advproxy errmsg password incorrect'};
- goto ERROR;
- }
+ # Check if a user with this name and password exists in the userdb file
+ # and if it does then change the password to the new one
+ my $user = &General::system_output("grep", "$cgiparams{'USERNAME'}", "$userdb");
+ my $old_password = &General::system_output("/usr/bin/htpasswd", "-bv", "$userdb", "$cgiparams{'USERNAME'}", "$cgiparams{'OLD_PASSWORD'}");
+ if (!$user) {
+ $errormessage = $tr{'advproxy errmsg invalid user'};
+ goto ERROR;
+ } elsif (!$old_password) {
+ $errormessage = $tr{'advproxy errmsg password incorrect'};
+ goto ERROR;
+ } else {
+ &General::system("/usr/bin/htpasswd", "-bB", "-C 10", "$userdb", "$cgiparams{'USERNAME'}", "$cgiparams{'NEW_PASSWORD_1'}");
+ }
$success = 1;
undef %cgiparams;
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index c8e3576df..bdce2fa66 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -20,7 +20,6 @@
###############################################################################
use strict;
-use Apache::Htpasswd;
use Scalar::Util qw(looks_like_number);
# enable only the following on debugging purpose
@@ -4050,15 +4049,7 @@ sub adduser
close(FILE);
} else {
&deluser($str_user);
-
- my %htpasswd_options = (
- passwdFile => "$userdb",
- UseMD5 => 1,
- );
-
- my $htpasswd = new Apache::Htpasswd(\%htpasswd_options);
-
- $htpasswd->htpasswd($str_user, $str_pass);
+ &General::system("/usr/bin/htpasswd", "-bB", "-C 10", "$userdb", "$str_user", "$str_pass");
}
if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
diff --git a/lfs/monit b/lfs/monit
index 1df10064e..c8995599b 100644
--- a/lfs/monit
+++ b/lfs/monit
@@ -24,7 +24,7 @@
include Config
-VER = 5.35.0
+VER = 5.35.1
SUMMARY = Utility for monitoring services on a Unix system
THISAPP = monit-$(VER)
@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = monit
-PAK_VER = 28
+PAK_VER = 29
DEPS =
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = b14485224e0697d390b0e772391e74f209a2f0b74bc371399eb6dd6b902b7d7648877466bbc6c672b68d1d7ad186e262b8026f6aa3d3258d5a558baee6d36373
+$(DL_FILE)_BLAKE2 = 6718984afde770dcffb4702fa4590d6615748702e58791e434232cb89818724ac5caac398c83b6a4725b464013a2010e3a31a90829714cd326b88e9fab02b779
install : $(TARGET)
diff --git a/lfs/perl-Apache-Htpasswd b/lfs/perl-Apache-Htpasswd
deleted file mode 100644
index 14421fba2..000000000
--- a/lfs/perl-Apache-Htpasswd
+++ /dev/null
@@ -1,77 +0,0 @@
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-VER = 1.9
-
-THISAPP = Apache-Htpasswd-$(VER)
-DL_FILE = $(THISAPP).tar.gz
-DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
-TARGET = $(DIR_INFO)/$(THISAPP)
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects = $(DL_FILE)
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-
-$(DL_FILE)_BLAKE2 = abf3bd699f0db8c818f3b590d040bece213078127836f29984b4d7c9db26cbdac9c7f4572b17f526f60ad48ee7d3680d2b1d426bcc3b0b4646d42a9461cddd4d
-
-install : $(TARGET)
-
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-
-b2 : $(subst %,%_BLAKE2,$(objects))
-
-###############################################################################
-# Downloading, checking, b2sum
-###############################################################################
-
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
- @$(CHECK)
-
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
- @$(LOAD)
-
-$(subst %,%_BLAKE2,$(objects)) :
- @$(B2SUM)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
- @$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && perl Makefile.PL
- cd $(DIR_APP) && make $(MAKETUNING)
- cd $(DIR_APP) && make install
- @rm -rf $(DIR_APP)
- @$(POSTBUILD)
diff --git a/lfs/unbound b/lfs/unbound
index 537ccff7e..abcb4e104 100644
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.22.0
+VER = 1.23.0
THISAPP = unbound-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 28cf5c6c5e29d4026beb33e8a17b012d1185a3a100fafd3e2717233f47c7b0ad2bf7b7fc2d5ad8c15b6fef496ed9d9c95d116535c3c34c945b27c2a42fa197ff
+$(DL_FILE)_BLAKE2 = 160bb2bee5450313a68ac81b73fd4bb21b14f8d25172d314644a34309dc75f28802126533f3ac1cb8d48599af8cb7caca83b866c9193286396f81c5fabc29651
install : $(TARGET)
diff --git a/make.sh b/make.sh
index ab3867a8f..61921fee6 100755
--- a/make.sh
+++ b/make.sh
@@ -1713,7 +1713,6 @@ build_system() {
lfsmake2 perl-GD-TextUtil
lfsmake2 perl-Device-SerialPort
lfsmake2 perl-Device-Modem
- lfsmake2 perl-Apache-Htpasswd
lfsmake2 perl-Parse-Yapp
lfsmake2 perl-Data-UUID
lfsmake2 perl-Try-Tiny
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 24d925638..56f7f4ff0 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -598,7 +598,7 @@ case "$1" in
write_hosts_conf
# Call unbound-control and perform the reload
- /usr/sbin/unbound-control -q reload
+ /usr/sbin/unbound-control -q fast_reload
# Dummy Resolve to wait for unbound
resolve "ping.ipfire.org" &>/dev/null
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-05-07 9:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-05-07 9:07 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 9c0dab3d3ca807e836823253aced80a14bc1970a Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox