Do not use reference to avoid losing data
Ignore upgrade_167_to_168() when upgrade_166_to_167() runs, they are both the same
Always run additional_config_upgrade() and do it after config is written
Each item in additional_config_upgrade() must write config after changing it
Detect old workarounds in config upgrade and deal with them
Bring upgrade_166_to_167() to 2.3 world
Move workaround used to enable pkg metadata update cronjob to a generic mechanism
Check if specific config upgrade code already ran and skip it
Add a function to be called every time convert_config() runs
Revert config version to 15.8 and remove upgrade script
(cherry picked from commit d800d0f5babe2f6d7bb9a7de8afa709c28e930df)
Refresh cache every 2h when using GUI
Update cache when GUI successfully update pkg metadata
Speedup get_system_pkg_version() considering only installed packages
Use cache file to show pfSense version information
Run rc.update_pkg_metadata in background when repository changes
Put the FQDN first in /etc/hosts to make dnsmasq happy when reverse resolving hostnames. Make a special exception for localhost. Fixes #7771
(cherry picked from commit 0e78c2f544ad577234a0a2f87ce2e8caefdfdb77)(cherry picked from commit de7d6cb87d600c6e093aa3e9f76246fe62824ac7)
Add Netgate Services and Support widget
(cherry picked from commit 179991b76e7a330a98ea520531551dfd6befb0b3)
New login design back-ported from 2.4
(cherry picked from commit 1605d94079fed5822ef1069eee05541d0ebc20ca)
Use an alternate method to stop unbound and fix #7326
(cherry picked from commit 782453b4dbb77e5bc97a43f56b95a006c5434d65)(cherry picked from commit 67fea036201f5af338338f6113033574ec25777e)
If a client address is in the webConfiguratorlockout table, do not allow them to access the GUI. Print an error and kill their states. Ticket #7693Extra check to be sure that an existing open state cannot bypass lockout controls.
(cherry picked from commit cc9b0f76da4936ac7510eee6cb5e0574d11b5973)...
Fix typo
(cherry picked from commit 2c3b9ac554cc3940962e7f9b1799857583c394ab)(cherry picked from commit 930914fd813130b0d1bd8af2ff09e6832a5e7862)
Restructure how unbound zone data is written to fix processing of "redirect" zone entries. Fixes #7690Also corrects some other misc issues for formatting of zone data.While here, add an option, not exposed in the GUI, for users to get the previous behavior of defining short names for hosts....
Removed MSS clamping exclusions
(cherry picked from commit 53c26adecad735f7a015466dbbcba3f22655a902)
Several complaints of unbound problems after commiting, so back this out. Revert "Change the way unbound is stopped when the process is being restarted, to give the old process enough time to exit cleanly. Fixes #7326"
This reverts commit 863804a917987ea10993433c84399b5711c3c352.
Remove extra spaces from User Agent
Send uniqueid instead of UUID on user-agent
Declare user_agent variable in the function it's used
Move uniqueid read to a function system_get_uniqueid()
Change the way unbound is stopped when the process is being restarted, to give the old process enough time to exit cleanly. Fixes #7326
(cherry picked from commit 38d110824c87ff60c6289c0432d55009586ceee4)
unbound-control needs to know the config path or else it can't work properly. Fixes #7667
(cherry picked from commit 8a0aa42c197361ebb82387e5bdc8378e5440837f)
Set a value for this variable in each case, so a previous value isn't re-used in a loop.
(cherry picked from commit faab657a256f9385d5e0ffb4084666e760b515a5)(cherry picked from commit 86ab9eb54b30b591703e752ceca047d202b76332)
Use recently added hwaddr field to restore original MAC address
Fix net.inet.ip.random_id tunable description (Bug #6087)(cherry picked from commit 77408e612de12311d9fd517b2de2de586f4c0ddb)
(cherry picked from commit df0b717d364ac3743ae6161cde312157fefe781d)
Fix APU2 with coreboot v4.x detection
See https://forum.pfsense.org/index.php?topic=106444.msg716558#msg716558(cherry picked from commit 9457d0f616506bf0e50e49d7d977ebc1aa945e4f)
(cherry picked from commit 7ba3a0208039b80996374140a8e2a8bc4d16ff8d)
Make consistent rule information section
(cherry picked from commit f0dc8b688c2b7d973bc18769579ee8cc6d3d2dad)(cherry picked from commit 4c4504b1e785396d92be853072a9c557c55b3c4a)
Use is_numeric() to make sure $prefix is not 0
Update interfaces.inc
Not defined pid file on starting choparp. The pfSense may not kill the program to reconfiguration.(cherry picked from commit 7d316581f4bf05613a556867b1154e4b5b842b1a)
(cherry picked from commit 22b18e3641aa9b0d23a33d66cee54a04f19401e9)
Request PD even if no interfaces are set to track6 (Bug #4544)
See https://redmine.pfsense.org/issues/4544#note-4(cherry picked from commit b0837cebf9836c4cdd5873b3e463f1afb8403811)
(cherry picked from commit 8740bd5ed417bbfc26fb57f35aa6bd74f737e4a5)
Update dyndns.class(cherry picked from commit 61c813f96de90e07bb63075847dabc041a5560b8)
(cherry picked from commit 0673b7b8eccfdd1d7aa8bd56de2ed6ba785a5370)
Match whitespace after $vhid when checking CARP status to avoid partial matches. Fixes #7638While here, fix variable references with braces and combine the two calls to grep into a single pattern.
(cherry picked from commit fd4e14b8853e7a30ee23532d686270cb40d84d03)...
Fix DNS wildcard support for Loopia
Fix for the problem that wildcard CNAME records disappear from Loopia when doing a DNS update. As discussed here: https://forum.pfsense.org/index.php?topic=67793.0
Backport changes for syslogd handling to fix #7256
(cherry picked from commit 576cbe26c184734e93f59320d43aeb2e510c9804)
Backport syslogd service definition/control to RELENG_2_3. Ticket #4382
(cherry picked from commit 5917696ded82c3343d52c03b850d4ce564a159b4)
Only cache CP RADIUS Auth credentials when reauthentication is enabled. Fixes #7528
(cherry picked from commit d4e42c54a2b7d9c955b11ad3034a186a73159f1a)(cherry picked from commit ed44d5fb36f1f69196417e3feab2a9d6df4a47c8)
Fix #7508 stop write_config after reset_factory_defaults
(cherry picked from commit 3dcaae882cdfdd86826be4db9b38ce04389701ec)
Work around broken wizard rules for ticket #7434
Fix comparisons for CDATA tags in config
Some length numbers here do not match the strings they are comparing with. That looks very odd.Note that:```substr($ent, 0, 5) == "text" ```will return true when $ent is "text". So actually this "works". But it returns false if $ent is "text1" "texta" etc....
Vendor MAC Retention File Consolidate
Use a single file for vendor MAC retention (vendor_mac). a) Writes only one file during boot up rather than a file for each interface. b) More efficient than numerous tiny files. c) Friendlier to write cycle sensitive media in a RAM disk disabled system.
Vendor MAC Retention File Relocate
Relocate the vendor MAC retention file to /var/db directory. a) It's more at home here with other network interface stuff. b) Friendlier to write cycle sensitive media in a RAM disk enabled system.
Vendor MAC Restore Logic
Only use the vendor MAC retention file for restoring the vendor MAC when not booting. a) During boot up the current MAC that is obtained from the system is the vendor MAC. b) Using this eliminates the inefficient need to open the vendor MAC retention file for every interface during system boot up.
Spoof MAC Var Name
Rename 'spoof_mac' var to generic 'mac_addr'. a) It may be the vendor MAC or a spoofed MAC. b) Update the comment re: not reapplying an already applied MAC.
Fix #7120: Restore vendor mac address when spoofmac is set to blank
Always add the CN as the first SAN when creating a certificate in the GUI or an automatic GUI self-signed certificate. Per RFC 2818, relying on the CN to determine the hostname is deprecated, SANs are required. Chrome 58 started enforcing this requirement. Fixes #7496
Update services.inc(cherry picked from commit 2e3768baa8e6e5793ce165f0d8f60b25bdbdb444)
Update dyndns.class(cherry picked from commit 74533d412818113372b7b1a4e46db48313fd965d)
Update services.inc(cherry picked from commit 1bfa06953e0f440c3d6b71bbb3d671ef524899d4)
Refactor update_alias_names_upon_change
(cherry picked from commit 24807bfeaec218948937a1fdc2b4e863319e41a0)
Remove redundant check, get_pkg_info() call uses a parameter to return only installed packages
Fix indent and spaces
Use correct function (is_pkg_installed) and unbreak get_pkg_info()
add validation via validate_ipv4_list to interfaces.inc
Adds ability to ignore DHCP offers from multiple servers- Forum thread: https://forum.pfsense.org/index.php?topic=124046.msg705100#msg705100- related dhclient source:https://github.com/pfsense/FreeBSD-src/blob/devel/sbin/dhclient/clparse.c#L945
changed files:...
vslb.inc - Add missing include, use sigkillbyname()
Add QinQ interfaces to the list of interfaces not to check (Bug #4669)
Remove dummy config_lock() and config_unlock() functions
Been no-op for ages (https://github.com/pfsense/pfsense/commit/0027de0a544438f146cfc94f005fd6f4ba9f94d7).
load package add-on tabs into config to avoid parsing all installed package xml's, fix tabgroup filter
(cherry picked from commit bc0661b7b32a99016b9e71b0ece969f6584034c2)
Refactor is_port_or functions
(cherry picked from commit fe108b671d09cf34a11270e286dcd4c4ce1c0597)
Add underscores to is_port* function names
(cherry picked from commit 593e9fe32d2959cd823fe5da55714ccfb9a0e958)
Merge pull request #3671 from phil-davis/handle-empty-port-alias-RELENG_2_3
Correct definition of ports for SMB used by the shaper wizard. Fixes #7434
Redmine #7428 Hanlde empty port alias
Refactor filter_generate_nested_alias
Provide functions for checking port range alias combinations
Fix handling of port ranges in this validation test. Ticket #7421
File a notice and omit rule(s) using a missing port alias. Fixes #7421
Don't process empty anchors as it could lead to flushing more than intended when cleaning up after relayd. Fixes #7396
Run custom deinstall commands during the deinstall phase instead of post-deinstall, otherwise they will never get run. Fixes #7401
Perform a filter reload after starting relayd so it does not leave the firewall without pf tables. Fixes #7396
Revert "C2758 is VGA only too"
This reverts commit 0a00b197976e638199ab88b823ec6c75ad9a99b2.
C2758 is VGA only too
Fix #7364 Console assigned VLAN disappears after reboot
(cherry picked from commit 75a1149e0104561446e6f90f98d98c6c13c52996)
Setup XG-154x console to VGA only
Remove whirlpool from the list of CA/Cert digest algorithms as it does not work properly. OpenSSL claims it's not valid ("unknown signature algorithm"). Fixes #7370While I'm here, stop needlessly repeating the algo list, it's a global in certs.inc, so use that single copy of the list.
Remove unused base_packages variable from globals(cherry picked from commit 40f5b3e22effc3319afea306a7d691a5e6934c37)
Allow CloudFlare DDNS entries to use "" or "." for the hostname portion of the domain in the GUI to update the domain's @ record. Then in the backend code, remove that from the FQDN since CloudFlare doesn't like that to be sent explicitly. Fixes #7357
" or "
Fix is confirmed to work by two forum users: https://forum.pfsense.org/index.php?topic=122099.msg699763#msg699763
Fix 7294 keep full rule description
Signed-off-by: Phil Davis <phil.davis@inf.org>(cherry picked from commit 680e15baef76a9c598d52d3f2b9ab498077336a8)
Add a function to normalize CR and CRLF-style newlines to Unix LF
See Bug #5306.(cherry picked from commit 117776e0c01e68a8b65584d86d7b8b56fe75c9d0)
Services - Status Icon - Sort Order
Make status column sort order work correctly with the icons.Also refactor get_service_status_icon() output string construction to be cleaner and clearer.
(2.4, 2.3)
(cherry picked from commit 446505a9f9be7f43e4515658f1a5444bc3732a3f)
certificatemanager, link certificate to the proper CA after completing the CSR request
(cherry picked from commit 7fd7fbcff3304285f4407bec2ae62bab7195bcc4)
Fix the pkg_call() and set the timeout to a sane value (Bug #6594)(cherry picked from commit 9c91c7bd747074b8cdaa90e8810f0c2df081f72d)
Use the same cache filename pattern for RFC2136 IPv6 items as used by dyndns
Use | to separate dyndns IPv4 fields on cache file as done by rfc2136 items and for all IPv6 items
Fix #7299 and other stuff
As far as I can see, filter_generate_user_rule() is always supposed to be called with 'ipprotocol' set to 'inet' or 'inet6'. The cases of rules for both ('inet46') are handled by calling filter_generate_user_rule() twice, passing 'inet' then 'inet6'....
Only start dhcpleases if DHCP server is enabled (Bug #6750)(cherry picked from commit 3d8b01e8c6392b4177572d540c8160c7e6e071ca)
Captive portal: fix "Disconnect All" button
(cherry picked from commit 4fb2b17772928f39add5fc0529e94ed07a09de31)
Fix #7257: Use pfSense-upgrade to look for new versions
Revert "Add privs to control display of notices"
Fix #7051
This reverts commit 04665e78537906f7375668ca665cba17f95a4864.
Revert "Use cached groups in get_user_privileges"
This reverts commit 855826896509a1a0bec77a51535a8f004b4ca570.
Use cached groups in get_user_privileges
(cherry picked from commit 7abc3f992e5dd5bff53495844ce944163d6d1d9b)
Fix ldap_get_groups return value when down
In some places ldap_get_groups has:```return memberof;```It should have the "$" in front, so it will return the $memberof array (that is empty when this happens).
This causes issues for callers that expect to have a return value that is either false, an empty array, or an array of the groups....