From patchwork Tue May 6 14:10:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8703 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZsKzm4Dt0z3x4T for ; Tue, 6 May 2025 14:10:28 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZsKzj40kKz6Tn for ; Tue, 6 May 2025 14:10:25 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZsKzj0q4Kz33gK for ; Tue, 6 May 2025 14:10:25 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZsKzf1Cd3z2y7l for ; Tue, 6 May 2025 14:10:22 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZsKzd0PNFzfC; Tue, 6 May 2025 14:10:21 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1746540621; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=M/AgkGCWQn1BaHA5sbSoMwwjGKUYNCjVUmaL2qPCN5Y=; b=OS+1yH/YjvI30Wks43z0y1U/IXA8CtzZyTtYTm9lUv8emwmyxa0+KqDXJLwBhicCdBYYPd ojEQmlQE5dunqXCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1746540621; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=M/AgkGCWQn1BaHA5sbSoMwwjGKUYNCjVUmaL2qPCN5Y=; b=sUwlA+0pr1u2DTsTtXvPPPYvCw+TDugU1eDTLHRw4wQ94QRYKQX7yD0KIw5PdnVdRsEwqq BSLT5GLuQZFm7CMvnNT9k4Wb7JudbsKiCYBdsQ5OEACKVD+6Zw7zLMPAJ+8iaoX2Vn9SYY 7xDfc5WSSCEVQgxe8LPAxAlLQyZda3iumRqeoI072yUIlWiOP3zcHKKlyoUtoI9v4wwa2U vMtL5U00lhfRKu85odp7U9BIbb3W2kvDwvaJRNyWBnhs3IIVEPqStLSW63Y8yiV5f0PWbD lLykwNLw94TQaFo4mrcfVPEhi/7XYevM01/sDhu56qX+JlY/MqDQzH9N3OVpCg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 1/5] chpasswd.cgi: Fixes bug12755 - proxy auth password problem longer than 8 chars Date: Tue, 6 May 2025 16:10:09 +0200 Message-ID: <20250506141013.15292-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - The existing version of the perl module Apache::Htpasswd was using the crypt hash for the password hashing, which is very insecure. The only alternative with this module is the md5 and sha1 hashes which are also considered weak now. - The module was last updated in Nov 2012 and there is no alternative module available. - This patch replaces that perl module with using the apache htpasswd program. This can be set to use the bcrypt hash which is considered secure. This is used for the generation of the root and admin passwords during the IPFire install. - Tested out on my vm testbed system and the password for a specific user name was changed successfully without any restriction to the length of the password. - Existing passwords with the existing md5 or crypt options will still work as htpasswd can manage different encoding hashes in the one file. Fixes: bug12755 Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- html/cgi-bin/chpasswd.cgi | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/html/cgi-bin/chpasswd.cgi b/html/cgi-bin/chpasswd.cgi index 4930c4ca3..bda693193 100644 --- a/html/cgi-bin/chpasswd.cgi +++ b/html/cgi-bin/chpasswd.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -20,8 +20,6 @@ ############################################################################### use CGI qw(param); -use Apache::Htpasswd; -use Crypt::PasswdMD5; $swroot = "/var/ipfire"; @@ -76,21 +74,19 @@ if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'}) goto ERROR; } - my $htpasswd = new Apache::Htpasswd("$userdb"); - - # Check if a user with this name exists - my $old_password = $htpasswd->fetchPass($cgiparams{'USERNAME'}); - if (!$old_password) { - $errormessage = $tr{'advproxy errmsg invalid user'}; - goto ERROR; - } - - # Reset password - if (!$htpasswd->htpasswd($cgiparams{'USERNAME'}, $cgiparams{'NEW_PASSWORD_1'}, - $cgiparams{'OLD_PASSWORD'})) { - $errormessage = $tr{'advproxy errmsg password incorrect'}; - goto ERROR; - } + # Check if a user with this name and password exists in the userdb file + # and if it does then change the password to the new one + my $user = &General::system_output("grep", "$cgiparams{'USERNAME'}", "$userdb"); + my $old_password = &General::system_output("/usr/bin/htpasswd", "-bv", "$userdb", "$cgiparams{'USERNAME'}", "$cgiparams{'OLD_PASSWORD'}"); + if (!$user) { + $errormessage = $tr{'advproxy errmsg invalid user'}; + goto ERROR; + } elsif (!old_password) { + $errormessage = $tr{'advproxy errmsg password incorrect'}; + goto ERROR; + } else { + &General::system("/usr/bin/htpasswd", "-bB", "-C 10", "$userdb", "$cgiparams{'USERNAME'}", "$cgiparams{'NEW_PASSWORD_1'}"); + } $success = 1; undef %cgiparams; From patchwork Tue May 6 14:10:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8704 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZsKzm4crPz3xDv for ; Tue, 6 May 2025 14:10:28 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZsKzj45vdz6Ts for ; Tue, 6 May 2025 14:10:25 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZsKzj18XBz33gT for ; Tue, 6 May 2025 14:10:25 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZsKzf1kclz33BR for ; Tue, 6 May 2025 14:10:22 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZsKzf09KYz2X6; Tue, 6 May 2025 14:10:21 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1746540622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=spJk/+sSBAPI9vn676eLXmmj5AcTRYJ4Iqtgyvp8cUQ=; b=pky4w53DnT6Jabl735gjiVFDyEeYYk+UfVpQ6dzir8y8Y0t7gc5v4Ti3wO9i8KeRwrhN6t JoWMdLFTf1UwjEAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1746540622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=spJk/+sSBAPI9vn676eLXmmj5AcTRYJ4Iqtgyvp8cUQ=; b=adOcctqnNfCipfpJKPdgpSlTjnpzpZOtP1bPWoJoRaK5rNpXdNmOmL75lPFyuZL/pDEA/k wLIHVnVs/c+33p81CVhXGQ7rBFL3sr60OImtUNqLYSfnWEQxOGmVIVpF1B3xAtG47Afib9 xuoXp7vMISOhI/C/MPg0BxuO+bDGj/jMmHX1Lco3zI/yjccCpfw/oFds5VgFE89MIkJxrW mYTeR+rQZBTl1jUJ3V4VGnH6s8XhRRP8cVJ7SnknaJImfZUStpdQo4Ej+OwtmTbjGcBABk NBdFJqdDi8hxunBp0KR/ov8pvXjaPRSv4vfh2zpcPZ4mYEtZb0snyCbTbYaNzA== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 2/5] proxy.cgi: Fixes bug12755 - proxy auth problem with password longer than 8 chars Date: Tue, 6 May 2025 16:10:10 +0200 Message-ID: <20250506141013.15292-2-adolf.belka@ipfire.org> In-Reply-To: <20250506141013.15292-1-adolf.belka@ipfire.org> References: <20250506141013.15292-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - This makes the proxy local password management the same between chpasswd.cgi and proxy.cgi - Tested out on my vm testbed and was able to create and modify users and their passwords in the proxy.cgi page or modify a password for a specified user on the chpasswd.cgi page. This all happened successfully and was confirmed by testing out the local authentication. Fixes: bug12755 Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- html/cgi-bin/proxy.cgi | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index c8e3576df..bdce2fa66 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -20,7 +20,6 @@ ############################################################################### use strict; -use Apache::Htpasswd; use Scalar::Util qw(looks_like_number); # enable only the following on debugging purpose @@ -4050,15 +4049,7 @@ sub adduser close(FILE); } else { &deluser($str_user); - - my %htpasswd_options = ( - passwdFile => "$userdb", - UseMD5 => 1, - ); - - my $htpasswd = new Apache::Htpasswd(\%htpasswd_options); - - $htpasswd->htpasswd($str_user, $str_pass); + &General::system("/usr/bin/htpasswd", "-bB", "-C 10", "$userdb", "$str_user", "$str_pass"); } if ($str_group eq 'standard') { open(FILE, ">>$stdgrp"); From patchwork Tue May 6 14:10:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8705 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZsKzp30mDz3x4T for ; Tue, 6 May 2025 14:10:30 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZsKzk3V7kz6WN for ; Tue, 6 May 2025 14:10:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZsKzk1Bxxz33cg for ; Tue, 6 May 2025 14:10:26 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZsKzg0GMWz33jF for ; Tue, 6 May 2025 14:10:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZsKzf1ZhSzfC; Tue, 6 May 2025 14:10:22 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1746540622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=keaYQEt/6ntwLlauZc0w11IbPDTHtQsqNxvI+IVMe4Y=; b=JfHqAEv85ouhod82NL2rPOt/5GA+qvSktAZ4XVGRRSaRPLgAsHTQt05120OAJxhc46zvlp rTpAbSDWm2bgBJAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1746540622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=keaYQEt/6ntwLlauZc0w11IbPDTHtQsqNxvI+IVMe4Y=; b=iKJ5cViV6ZIReyQA9fnEFpLNr3nxmMrBJNY4Ya1puSVsn3Zso7yav8JEdi1MNA5FG/I547 Q/tAmWwLcGQHnBhCql0a381lt5MSpO3Ku0uPC+tjTPpucpTNd7B7RqCBJPkfcoaNOHjzQs XwAIVq9EWQGBsJZPwd9NHZxpR+4nXiE/DFTB2tYjzNGrl6tFnld1jZHc/vc0gIGZ7OgNhH 8hYZyBW+xXQjWgiwTLu4PX0RSkJeBuvGvlhV7jk/70/o9YEg0BL44ZoCPUnOdssSP2Sqtf n3iS/HGe6rGNB15cYS6j7bXMMZmCqD11UzLoru35p3MMlobr/x7Zabbhra8/NQ== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 3/5] chpasswd.cgi: Make swroot refs the same as for other cgi files Date: Tue, 6 May 2025 16:10:11 +0200 Message-ID: <20250506141013.15292-3-adolf.belka@ipfire.org> In-Reply-To: <20250506141013.15292-1-adolf.belka@ipfire.org> References: <20250506141013.15292-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - This uses the swroot definition from general-functions.pl and makes the definition the same as used in the majority of other IPFire cgi files. Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- html/cgi-bin/chpasswd.cgi | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/html/cgi-bin/chpasswd.cgi b/html/cgi-bin/chpasswd.cgi index bda693193..6e9dd9e1c 100644 --- a/html/cgi-bin/chpasswd.cgi +++ b/html/cgi-bin/chpasswd.cgi @@ -21,7 +21,7 @@ use CGI qw(param); -$swroot = "/var/ipfire"; +require '/var/ipfire/general-functions.pl'; my %cgiparams; my %mainsettings; @@ -30,8 +30,8 @@ my %proxysettings; $proxysettings{'NCSA_MIN_PASS_LEN'} = 6; ### Initialize environment -&readhash("${swroot}/main/settings", \%mainsettings); -&readhash("${swroot}/proxy/advanced/settings", \%proxysettings); +&readhash("${General::swroot}/main/settings", \%mainsettings); +&readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings); $language = $mainsettings{'LANGUAGE'}; ### Initialize language @@ -40,12 +40,12 @@ if ($language =~ /^(\w+)$/) {$language = $1;} # Uncomment this to force a certain language: # $language='en'; # -require "${swroot}/langs/en.pl"; -require "${swroot}/langs/${language}.pl"; +require "${General::swroot}/langs/en.pl"; +require "${General::swroot}/langs/${language}.pl"; -my $userdb = "$swroot/proxy/advanced/ncsa/passwd"; +my $userdb = "$General::swroot/proxy/advanced/ncsa/passwd"; -&readhash("$swroot/ethernet/settings", \%netsettings); +&readhash("$General::swroot/ethernet/settings", \%netsettings); my $success = 0; From patchwork Tue May 6 14:10:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8706 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZsKzs0BSZz3x4T for ; Tue, 6 May 2025 14:10:33 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZsKzl4n3rz6YW for ; Tue, 6 May 2025 14:10:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZsKzl0wn9z33gL for ; Tue, 6 May 2025 14:10:27 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZsKzh0R57z33gS for ; Tue, 6 May 2025 14:10:24 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZsKzg0BY9z34s; Tue, 6 May 2025 14:10:23 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1746540623; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6vgSV3f2tJmALpZYEXyxTOhe2M54p6gduR/QjLNUyn0=; b=m2O498DUAdwwJfZTqFGDljuHTRelNLVv5CL/ZpYOYKm8k/Ai/+UG9tXp4/30DKSeBexBF8 XDz9mxE+lkgnJgBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1746540623; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6vgSV3f2tJmALpZYEXyxTOhe2M54p6gduR/QjLNUyn0=; b=mDWhfhmDComCZlZabxi4dxAyEjgICZllhN0TdAE7GdZNGK6HvaiHlBqIw1kXrC8r8fVTlQ BqNXowxomT28wcYjgX9Nqy8cHkkA1alcz3Ry9RjkjTnRJwONkxaWFMqecb/UcfqoZgWsNO 69gmzM020ittZRtt7gFIX0FrMiIapcVArjkUwlQs1qlqNyyuRbocDLbH1OF4MdXGpvpfyX GjqQJ9kn19/dz6wXWmsnsABF01Swh1PW/n+wMRMcsVf9jTU7t1dR2x35OpRXQKfhdMymnR PMP0PSVIVA9xCuqETO+fmHdQW/RSuQtPkkIyQP0jrmorosud30+v7XlMybivSQ== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 4/5] perl-Apache_Htpasswd: remove module from IPFire Date: Tue, 6 May 2025 16:10:12 +0200 Message-ID: <20250506141013.15292-4-adolf.belka@ipfire.org> In-Reply-To: <20250506141013.15292-1-adolf.belka@ipfire.org> References: <20250506141013.15292-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - This module was only used for the proxy.cgi and chpasswd.cgi files for the local authentication option. - As this module was last updated in Nov 2012 its use has been replaced by direct use of htpasswd. This is dealt with by other patches in this set. - With those changes this module is no longer required. Signed-off-by: Adolf Belka --- config/rootfiles/common/perl-Apache-Htpasswd | 6 -- lfs/perl-Apache-Htpasswd | 77 -------------------- make.sh | 1 - 3 files changed, 84 deletions(-) delete mode 100644 config/rootfiles/common/perl-Apache-Htpasswd delete mode 100644 lfs/perl-Apache-Htpasswd diff --git a/config/rootfiles/common/perl-Apache-Htpasswd b/config/rootfiles/common/perl-Apache-Htpasswd deleted file mode 100644 index bd19e73a9..000000000 --- a/config/rootfiles/common/perl-Apache-Htpasswd +++ /dev/null @@ -1,6 +0,0 @@ -#usr/lib/perl5/site_perl/5.36.0/Apache -usr/lib/perl5/site_perl/5.36.0/Apache/Htpasswd.pm -#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Apache -#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Apache/Htpasswd -#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Apache/Htpasswd/.packlist -#usr/share/man/man3/Apache::Htpasswd.3 diff --git a/lfs/perl-Apache-Htpasswd b/lfs/perl-Apache-Htpasswd deleted file mode 100644 index 14421fba2..000000000 --- a/lfs/perl-Apache-Htpasswd +++ /dev/null @@ -1,77 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = 1.9 - -THISAPP = Apache-Htpasswd-$(VER) -DL_FILE = $(THISAPP).tar.gz -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_BLAKE2 = abf3bd699f0db8c818f3b590d040bece213078127836f29984b4d7c9db26cbdac9c7f4572b17f526f60ad48ee7d3680d2b1d426bcc3b0b4646d42a9461cddd4d - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -b2 : $(subst %,%_BLAKE2,$(objects)) - -############################################################################### -# Downloading, checking, b2sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_BLAKE2,$(objects)) : - @$(B2SUM) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && perl Makefile.PL - cd $(DIR_APP) && make $(MAKETUNING) - cd $(DIR_APP) && make install - @rm -rf $(DIR_APP) - @$(POSTBUILD) diff --git a/make.sh b/make.sh index ab3867a8f..61921fee6 100755 --- a/make.sh +++ b/make.sh @@ -1713,7 +1713,6 @@ build_system() { lfsmake2 perl-GD-TextUtil lfsmake2 perl-Device-SerialPort lfsmake2 perl-Device-Modem - lfsmake2 perl-Apache-Htpasswd lfsmake2 perl-Parse-Yapp lfsmake2 perl-Data-UUID lfsmake2 perl-Try-Tiny From patchwork Tue May 6 14:10:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8707 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZsKzt1Rspz3x4T for ; Tue, 6 May 2025 14:10:34 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZsKzm0m3Kz6cn for ; Tue, 6 May 2025 14:10:28 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZsKzl3fSVz342V for ; Tue, 6 May 2025 14:10:27 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZsKzh2qMkz33qp for ; Tue, 6 May 2025 14:10:24 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZsKzg3d3cz6QL; Tue, 6 May 2025 14:10:23 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1746540623; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/249Y/dW7HNiIiUaK7kCYf5B31KOVl3UFJLAiSsV8Rc=; b=kwV0nPctGVRZb0MvgFI73nAy8DxDOQ1o5FYMxweXSbmvWQDb5rOnB9kCV7MtCWfyFfdxBR yNVPDD2lDjqemIBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1746540623; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/249Y/dW7HNiIiUaK7kCYf5B31KOVl3UFJLAiSsV8Rc=; b=A8WzHWAYftR+X4rYf9mHbfzf1ewAGEx5o+kbqa6c9x1A2/JdnkRKio04AtI1hkDqYoKlnp WIntt1j5orzMAAAGznbtxytcXXSy8bijPfxx/PBxSecRaX1ImszvvjayJZmof/WwrJ3IBZ 9EbSHDjFJjPtfTiONcgyGt7VXbBUYcGFqf3uCi05FGf1wzHD1c04ZvB3cSDZ995G+QUmHz uHKgmqa4HzFRIn4SklIZiZLOuaG88iZMP6bFbiuezkuEbuMNM8a0eDyig0e5FTbWHnjNvh ODl2rDpxctRMEZXQn27cf9xftNg6/O/Uzcj6cqKadLBt/ZuAwyhFZiDxQwJp+w== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 5/5] core195: Ship chpasswd.cgi and proxy.cgi files Date: Tue, 6 May 2025 16:10:13 +0200 Message-ID: <20250506141013.15292-5-adolf.belka@ipfire.org> In-Reply-To: <20250506141013.15292-1-adolf.belka@ipfire.org> References: <20250506141013.15292-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Signed-off-by: Adolf Belka --- config/rootfiles/core/195/filelists/files | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/rootfiles/core/195/filelists/files b/config/rootfiles/core/195/filelists/files index a4b1b0eeb..61e6d4c7e 100644 --- a/config/rootfiles/core/195/filelists/files +++ b/config/rootfiles/core/195/filelists/files @@ -13,6 +13,8 @@ srv/web/ipfire/cgi-bin/pakfire.cgi srv/web/ipfire/cgi-bin/services.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi srv/web/ipfire/cgi-bin/wireguard.cgi +srv/web/ipfire/cgi-bin/chpasswd.cgi +srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/html/themes/ipfire/include/css/style.css usr/lib/firewall/firewall-lib.pl usr/local/bin/wireguardctrl