pfSense » pfSense Packages

09/14/2017

08:22 PM Bug #7850: Include file containing XML_RPC_encode() missing from snort

Fix was merged into the Packages respository on 9/14/2017. This bug report can be closed.
Bill Bill Meeks

09:12 AM Bug #7859 (Feedback): FRR doesn't use the raw config setting

Pushed a fix, will be up shortly. Jim Pingle

08:37 AM Bug #7859 (Resolved): FRR doesn't use the raw config setting

FRR package doesn't use the raw config settings because of the bug in the config generation. I guess the XML tag has ... Iasen Kostov

09/13/2017

05:06 PM Bug #7820: 2.4: dnsmasq can no longer handle punycode, compile time options change?

Jim Pingle wrote:
> We are compiling everything the way it should be, there isn't anything for us to change or fix. ... Paul Tarsus

09/12/2017

09:44 PM Bug #7850: Include file containing XML_RPC_encode() missing from snort

The fix for this problem has been submitted in a Github pull request. Once that request is approved and merged, this... Bill Meeks

09/11/2017

03:31 PM Bug #7820: 2.4: dnsmasq can no longer handle punycode, compile time options change?

We are compiling everything the way it should be, there isn't anything for us to change or fix. If you can replicate ... Jim Pingle

03:24 PM Bug #7820: 2.4: dnsmasq can no longer handle punycode, compile time options change?

So I take it 2.4 will ship with this regression? Paul Tarsus

08:57 AM Bug #7851 (Not a Bug): HAProxy Frontend bug - pfSense 2.3.2-RELEASE

That value works for me, I can't reproduce this at all. I can create new entries with that or edit existing entries. ... Jim Pingle

08:50 AM Bug #7851: HAProxy Frontend bug - pfSense 2.3.2-RELEASE

The value I had was/is *1000000*
Is there a limit in the number of entries I can add under the "Actions" section of ... Peter Omolo

07:22 AM Bug #7851 (Feedback): HAProxy Frontend bug - pfSense 2.3.2-RELEASE

What exact value did the field have?
I can't reproduce any problem here. If I put in a number and save, it saves t... Jim Pingle

07:53 AM Bug #7850 (Confirmed): Include file containing XML_RPC_encode() missing from snort

Checking the code, I can confirm that the snort package hasn't been adjusted for XMLRPC sync on 2.4. Looking at that ... Jim Pingle

09/10/2017

11:46 PM Bug #7851: HAProxy Frontend bug - pfSense 2.3.2-RELEASE

assigned to Pingle for evaluation. Jim Thompson

11:22 PM Bug #7851 (Not a Bug): HAProxy Frontend bug - pfSense 2.3.2-RELEASE

Hi Support,

I encountered a bug while trying to add an ACL entry on the HAProxy frontend. When I click save the “... Peter Omolo

10:59 PM Bug #7850: Include file containing XML_RPC_encode() missing from snort

This did not turn up in my pre-report search: https://forum.pfsense.org/index.php?topic=136388 Chris Linstruth

03:11 PM Bug #7850 (Resolved): Include file containing XML_RPC_encode() missing from snort

Attempting to enable XMLRPC Sync in Snort results in this:
Fatal error: Call to undefined function XML_RPC_encode(... Chris Linstruth

09/06/2017

12:27 PM Bug #7845 (Rejected): Lets Encrypt acme plugin doesn't update webConfigurator certificate

It certainly does. I'm running it on a dozen systems in my lab and they all update the GUI certificate.
Be sure to... Jim Pingle

12:24 PM Bug #7845 (Rejected): Lets Encrypt acme plugin doesn't update webConfigurator certificate

Acme renews the Lets Encrypt certificate without any problems. But it never replaces the old certificate with the ren... Dennis Alexandersson

09/05/2017

11:56 AM Bug #3342 (Resolved): Missing input validation for MAC addresses

Jim Pingle

09/03/2017

04:46 AM Bug #6378: inline background styles in squidguard package

Someone kindly merge this PR and call it a day. https://github.com/pfsense/FreeBSD-ports/pull/385
It makes things ... Kill Bill

04:38 AM Bug #3342: Missing input validation for MAC addresses

Validation has been there for a while.
https://github.com/pfsense/FreeBSD-ports/pull/308
https://github.com/pfsen... Kill Bill

03:17 AM Bug #7670: Bind : Serial for slave zone is missing in IHM

I have no idea what's IHM but there's no serial saved in config.xml for slave zones (you cannot even configure it, th... Kill Bill

03:04 AM Bug #7271: Co-existence of unbound and BIND/named

Test this please.
https://github.com/pfsense/FreeBSD-ports/pull/416 Kill Bill

09/02/2017

06:53 AM Bug #7836: FreeRADIUS - certain chars in clients shared secret result in broken configuration

https://github.com/pfsense/FreeBSD-ports/pull/415 Kill Bill

06:50 AM Bug #7836 (Resolved): FreeRADIUS - certain chars in clients shared secret result in broken configuration

See https://forum.pfsense.org/index.php?topic=135980.msg744283#msg744283 and following.
E.g., having a shared secr... Kill Bill

08/31/2017

12:16 PM Bug #7835: freeradius unit wrong for varusersmaxbandwidthup and varusersmaxbandwidthdown

May I suggest "Enter the maximum bandwidth for download in Kbps" and moving on? Kill Bill

12:09 PM Bug #7835: freeradius unit wrong for varusersmaxbandwidthup and varusersmaxbandwidthdown

Then we can change the description to say kibibit instead. Changing the multiplier would result in people having an u... Jim Pingle

11:51 AM Bug #7835: freeradius unit wrong for varusersmaxbandwidthup and varusersmaxbandwidthdown

Jim Pingle wrote:
> There are 1024 bits in a kilobit. Not 1000. I'll fix the "in in" typo.
Freebsd uses 1000 bits... Azure it

09:36 AM Bug #7835 (Not a Bug): freeradius unit wrong for varusersmaxbandwidthup and varusersmaxbandwidthdown

There are 1024 bits in a kilobit. Not 1000. I'll fix the "in in" typo. Jim Pingle

09:31 AM Bug #7835 (Not a Bug): freeradius unit wrong for varusersmaxbandwidthup and varusersmaxbandwidthdown

When we add a new radius user, we can set Maximum Bandwidth Down/Up and in the help we can read:
*Enter the maximum ... Azure it

08/30/2017

05:39 AM Bug #7782 (Resolved): FreeRADIUS 3 - temporary FreeRADIUS CA/certificate generated on each package reinstall

Renato Botelho

02:03 AM Bug #7782: FreeRADIUS 3 - temporary FreeRADIUS CA/certificate generated on each package reinstall

Confirmed fixed, certificate/CA saved in config and no duplicates generated on reinstall. Thanks. Kill Bill

08/29/2017

02:31 PM Bug #7829 (Confirmed): Unable to expand the "Advanced Server Settings" in ACME certificate edit

OK. I see what you're talking about now.
Those settings do not exist for DNS-Manual. The fact that it displays any... Jim Pingle

02:14 PM Bug #7829 (Not a Bug): Unable to expand the "Advanced Server Settings" in ACME certificate edit

Not enough detail here (what "Method" is selected? What + button?)
The only method with a "Key Type" is nsupdate, ... Jim Pingle

01:49 PM Bug #7829 (Duplicate): Unable to expand the "Advanced Server Settings" in ACME certificate edit

Under Services\Acme\Certificate options: Edit, under Domain SAN List, clicking on the + icon next to "Key Type..." ap... Bart K

02:14 PM Bug #7782 (Feedback): FreeRADIUS 3 - temporary FreeRADIUS CA/certificate generated on each package reinstall

This should, I hope, be fixed with 0.13 of the FreeRADIUS3 package. Jim Pingle

11:23 AM Bug #7826 (Rejected): rule to open port 4500 udp for ipsec/ikev2 ignored and blocked

There must be something different about the packet causing it to be dropped. Please post on the forum, list, or reddi... Jim Pingle

11:02 AM Bug #7826 (Rejected): rule to open port 4500 udp for ipsec/ikev2 ignored and blocked

Hello,
on a pfsense 2.3.4_1 installed on a vm ( vmware ), i create a ikev2 ipsec server.
If i try to connect with... Domenico De Monte

08/28/2017

12:52 PM Bug #7820: 2.4: dnsmasq can no longer handle punycode, compile time options change?

Jim Pingle wrote:
> dnsmasq on 2.4 is compiled with NLS enabled
Hmmmm...... Kill Bill

12:10 PM Bug #7820: 2.4: dnsmasq can no longer handle punycode, compile time options change?

Jim Pingle wrote:
> dnsmasq on 2.4 is compiled with NLS enabled, which in turn sets up a dependency for IDN2 and use... Paul Tarsus

09:01 AM Bug #7820 (Feedback): 2.4: dnsmasq can no longer handle punycode, compile time options change?

dnsmasq on 2.4 is compiled with NLS enabled, which in turn sets up a dependency for IDN2 and uses -DHAVE_LIBIDN2. It ... Jim Pingle

12:00 PM Feature #7824 (Resolved): [acme / Let's Encrypt] Bump to the latest acme.sh package

Our domain names are managed by Gandi, and we cannot use the Gandi Live API for the verification of the domain name o... S. Debreuil

08/27/2017

12:56 PM Bug #7820: 2.4: dnsmasq can no longer handle punycode, compile time options change?

Just noticed this change in dnsmasq 2.77, new in 2.4:
> Remove historic automatic inclusion of IDN support when bu... Paul Tarsus

12:49 PM Bug #7820 (Closed): 2.4: dnsmasq can no longer handle punycode, compile time options change?

I've used dnsmasq with a custom hosts file for years, with mappings including the following:
> 0.0.0.0 r7---sn-vgq... Paul Tarsus

08:57 AM Feature #6436 (Resolved): Add Stunnel binaries to the pfSense repository

Jim Pingle

03:04 AM Feature #6436: Add Stunnel binaries to the pfSense repository

Merged, can be closed. Kill Bill

08:56 AM Bug #6948 (Resolved): HAproxy files tab input validation nonsense - impossible to save files

Jim Pingle

03:15 AM Bug #6948: HAproxy files tab input validation nonsense - impossible to save files

Can be closed. Kill Bill

08/25/2017

02:45 PM Bug #7696 (Resolved): Telegraf Package Saving Incorrect Password

Jim Pingle

09:23 AM Bug #7696: Telegraf Package Saving Incorrect Password

Fixed in 0.3 Kill Bill

02:45 PM Bug #6603 (Resolved): pfblockerng's Unbound modifications leave system broken post-config restore

Jim Pingle

09:22 AM Bug #6603: pfblockerng's Unbound modifications leave system broken post-config restore

The above is included in 2.1.1_10. Kill Bill

01:42 PM Bug #7797: Squid Reverse Proxy alternating between destinations

Kill Bill wrote:
> As noted on another bug (Bug #7752), the reverse proxy part of Squid is pretty much unmaintained.... Mickael Fouquet

08/24/2017

04:29 AM Bug #6563: Squid still accepts sha1 certificates

https://github.com/pfsense/FreeBSD-ports/pull/402 since pretty much any decent browser nags about these nowadays. Kill Bill

03:16 AM Feature #7691: Allow for custom icap services for squid

You can integrate any of them by putting them to _Custom Options (After Auth)_ (or pretty much any of the advanced cu... Kill Bill

08/22/2017

04:42 PM Bug #7438: Squid 0.4.36_2 Remote Cache Parent not working

As noted above, this needs to go to the forums to identify the problem. Kill Bill

04:17 PM Bug #7674: Issue Downloading Snort Alert Log Download

This problem is fixed in the Snort package update to version 3.2.9.5. This ticket can be closed when the pull reques... Bill Meeks

02:24 PM Bug #7610: Squid use all memory ram.

This is an upstream bug with no fix and no good workaround for 3.5.x - cf. http://bugs.squid-cache.org/show_bug.cgi?i... Kill Bill

01:20 PM Bug #7797: Squid Reverse Proxy alternating between destinations

As noted on another bug (Bug #7752), the reverse proxy part of Squid is pretty much unmaintained. I'd strongly sugges... Kill Bill

01:09 PM Bug #7797 (Feedback): Squid Reverse Proxy alternating between destinations

Hello,
It's pretty hard to explain this bug, but it seems to be very old bug. This post explain it perfectly: http... Mickael Fouquet

11:39 AM Bug #7752: Squid 3 reverse proxy - HTTPS==>HTTP fails

The way the reverse proxy part of the Squid package is written, it will only redirect HTTPS to HTTPS and HTTP to HTTP... Kill Bill

11:39 AM Bug #7391 (Not a Bug): 0.4.36_1 localnet ACL missing

Jim Pingle

11:31 AM Bug #7391: 0.4.36_1 localnet ACL missing

As noted in https://redmine.pfsense.org/issues/7391#note-7 the OpenVPN interfaces are not added by design since it ad... Kill Bill

11:37 AM Bug #7431 (Resolved): BIND (9.11-2) Log shortcut needs to be updated.

Jim Pingle

11:24 AM Bug #7431: BIND (9.11-2) Log shortcut needs to be updated.

Merged long ago, can be closed. Kill Bill

11:08 AM Bug #7696: Telegraf Package Saving Incorrect Password

https://github.com/pfsense/FreeBSD-ports/pull/399/ Kill Bill

07:59 AM Feature #7792: FRR pkg pfsense can not wok as ABR with stub areas (no stub area bit)

The "Disable FIB Updates" option is the only GUI control to setup stub areas but it is global, not per interface/netw... Jim Pingle

01:26 AM Feature #7792 (Resolved): FRR pkg pfsense can not wok as ABR with stub areas (no stub area bit)

Setup pfsense as ABR with several areas and found one does not work properly if one of areas is stub. There are two m... Constantine Kormashev

07:53 AM Feature #7794 (Assigned): FRR pkg pfsense no metric-type option in OSPF redistribute section of web-interface

The OSPF metric option under Route Maps, "Metric" in the drop-down "Metric Action". The options there are the only op... Jim Pingle

03:14 AM Feature #7794 (Resolved): FRR pkg pfsense no metric-type option in OSPF redistribute section of web-interface

There is not @metric-type@ option in OSPF redistribute section of web-interface. By default FRR makes redistribution ... Constantine Kormashev

07:40 AM Feature #7793: FRR pkg pfsense web interface checking for RID is setup in OSPF6 section

The input validation is weak to nonexistent all throughout FRR, it's all on my todo list yet.
As it is made now, i... Jim Pingle

01:46 AM Feature #7793 (Resolved): FRR pkg pfsense web interface checking for RID is setup in OSPF6 section

There is not any checking for RID in OSPF6 section in web interface now, but one must be, because in case there is no... Constantine Kormashev

08/18/2017

11:40 AM Bug #7782 (Resolved): FreeRADIUS 3 - temporary FreeRADIUS CA/certificate generated on each package reinstall

The code is pretty good to avoid user confusion and get things working out of the box, however it should set the conf... Kill Bill

10:36 AM Bug #6603: pfblockerng's Unbound modifications leave system broken post-config restore

Fed up with this issue. It breaks fresh 2.4 installs exactly as noted in the above comment - see https://redmine.pfse... Kill Bill

08/17/2017

08:54 AM Bug #7780 (Closed): Blacklist update doesn't work on Firefox

When I click in Download it does nothing. It works on Chrome.
Firefox 55.0.1 x86_64 on Arch Linux. Thiago Coutinho

08/16/2017

04:21 PM Bug #7756: suricata suricata_check_dir_size_limit() needs to be improved

This bug is fixed in GUI package version 4.0.0 using the code submitted by the OP. Bill Meeks

04:17 PM Bug #7716: Suricata - Barnyard2 webui configuration updates result in base64-encoded value written to the config for the password

This bug was fixed in GUI package version 3.2.2_3 via a Pull Request submitted by the OP. Bill Meeks

04:12 PM Bug #7578: Suricata -- Removing Hosts from Block Table via Alerts

This bug is fixed in GUI package version 4.0.0. Bill Meeks