pfSense

is_proccess_running empty proc fix. Issue #10540

(cherry picked from commit 050e18cf3b37e67eda2a16b07f86217421f5b582)

L2TP server secret is not base64 encoded. Fixes #10527

(cherry picked from commit b3a226f0c6b6d110a1c1d8d8da8550782ea866fb)

DynDNS DNSExit URL fix. Issue #9632

Adapted from 4f79a07e7aaa2eba78f73758573483c18b7ed4f9

L2TP client Shared Secret option. Issue #10531

(cherry picked from commit 8e267d3bc59a9d89cf74aa7616566e44b9c5bd69)

L2TP VPN shared secret. Issue #10527

(cherry picked from commit 8651a4a4f6923f05f73e65e8647804ad4621565c)

DHCP Relay: Account for dual-role interfaces. Fixes #10416

Based on a patch from John Steele on the Redmine issue

(cherry picked from commit a76e61149b79fe2892f6083454a563b860a035ab)

Fix #10525: Handle Chinese (Hong Kong / Taiwan) locale rename

CDATA encode Squid LDAP options. Issue #7654

(cherry picked from commit f14c90586d33493951debc977244f83dcd095b83)

CDATA encode FreeRADIUS user names/passwords. Issue #4497

(cherry picked from commit 5ee65c008f628340fede29d9fbf42a4a68dd63e1)

Special characters in Schedules descr and rangedescr fields. Issue #10305

(cherry picked from commit 008c15450ec5913c671bc8545682b35f92d63da8)

L2TP duplicate outbound NAT fix. Issue 10247

(cherry picked from commit 8f74c44e459e7f9c3d6559bee5d9ca1e49694852)

Fix SMTP SSL/TLS disable validation. Issue #10317

(cherry picked from commit 93166bdcffc51c85662c83ec7789855d72aa869b)

Remote OpenVPN server proto definition. Issue #10368

(cherry picked from commit bd1291d0e45ee982d5a65745086864bf36918dc7)

RED/GRED limiters do not have noecn option. Issue #10211

(cherry picked from commit 75fb1d576ab12fd399bcfeb57a02545b449a1df4)

allow to disable IPsec P1 when P2 is disabled VTI. Issue #10190

(cherry picked from commit 903826b5b231e371fe934e7ecde2d4f7b6e1be2d)

Exclude unsupported interfaces from DHCP Relay. Issue #10341

(cherry picked from commit 5285aa842118fa893a275e46616734b2f54c7e4f)

Fixed dhcpdv6 config generation for domain-list option. Fixes #10200

(cherry picked from commit afd8177f803560a1fa7040bbe2b60e68a5ec3918)

URL/URL Table alias with IDN hostnames. Issue #10321

(cherry picked from commit 48a157543b9d4f66c6f0f24316c482db82a0aa1c)

Make OpenVPN username-as-common-name options. Implements #8289

(cherry picked from commit e5c4f2a7d977fb1fd6c7b4446e187486b72285be)

Do not restart L2TP server after adding/modifying users. Issue #4866

(cherry picked from commit 810923482479d09c4987f7f29b12299be15ac352)

Do not include disabled IPSec P2 entries to <vpn_networks>. Issue #7622

(cherry picked from commit 12f9467e207e07bee4b93673b17b836e77216f6e)

DHCP6 client discard REQUEST messages. Issue #9634

(cherry picked from commit 8788b0613a66e48ff4da45f4228bda481c37f7a9)

Compare compressed IPv6 CARP VIP. Issue #6579

(cherry picked from commit 84052eb74b7c470ebf8fd0bb1b56ce475725b1a6)

Avoid very slow GUI loads when ews.netgate.com can't be resolved #8987

(cherry picked from commit 3c07f4986e6dfdd552ba8c68bb6ae866dff91dd9)

EDNS buffer size configuration. Issue #10293

(cherry picked from commit 09d529a6b3888479b015edba166d31cd214387cc)

DHCP Domain trailing dot validation. Issue #8054

(cherry picked from commit 8ee5aa03950902e8de301dedaa1fddda4a74e709)

Same gateway naming convention for the console and the WebGUI. Issue #10264

(cherry picked from commit b504ede55d68d82e84a5c48ff75ddc805b6ce391)

requested changes

(cherry picked from commit b1c85ec0fc263a0b237bd3364b249eb5f85e35dc)

Outbound NAT and multiple IPSEC IPs for mobile warriors

(cherry picked from commit 8897cbce7fc410029ac367eeee7c12261fec896f)

OpenVPN/IPsec IPv6 prefix in DNS Resolver access list. Issue #10460

(cherry picked from commit 79eef195a77d7c05628adaa7418d748c05d862a8)

IPsec VTI /30 netmask. Issue #10418

(cherry picked from commit 92ab21bb3f74413654fefd7b7a451641cf7c02a7)

Check IPv6 interface aliases for firewall rules. Issue #8256

(cherry picked from commit 453c3b38407cd5f804d40f0a9946a05297dd3655)

DHCPv6 update-static-leases. Issue #10412

(cherry picked from commit 1a618dc0d1977120810bfd8454fd4deda0a4ed55)

DHCPv6 service Dynamic DNS fix. Issue #10346

(cherry picked from commit 9fbd8f713449b2315daac91e219e711c8954ce7c)

pfSense copynotice.inc copyright 2020. Issue #10373

(cherry picked from commit 501c65dfb00cbfb737a659c6be0fd3113045980e)

Ignore user-config-readonly for admin/admins. Fixes #10492

(cherry picked from commit fa0ed29ef58fe6758f2cdc96f5bf68da32241faf)

More safety belts for upgrade_174_to_175(). Fixes #10458

(cherry picked from commit ca676aa35482c4e4fd64bfdcee9afe6d33b6c5fe)

DigitalOcean IPv6 DDNS Client to find IPv6 entries when updating. Issue #10390

-[] Redmine Issue: https://redmine.pfsense.org/issues/10390

-[] Ready for review

(cherry picked from commit 08939cfbc054fcaed03a3128b673b2db592cc2ad)

The time has come for 2.4.5-RELEASE

Fix potential PHP error in service-utils.inc. Fixes #10308

Correct 'default' behavior of OpenVPN TLS key dir. Fixes #10287

(cherry picked from commit d2011b0addd27766e6b402270c79d06c6c485f04)

L2TP and PPPoE user password validation. Fixes #10275

(cherry picked from commit 48dae98cf7837af3071521bdabb788af6d3e0f41)

Auto GUI/OpenVPN wizard cert lifetime reduced to 398. Fixes #9825

Add net.pf.request_maxcount to loader.conf

On FreeBSD 12 and newer pf uses this sysctl to define maximum number of
items supported by its allocations. Make sure it's always present in
/boot/loader.conf and set it to the same value of config item for
system -> maximumtableentries...

get_service_with_port(): Validate port contents. Fixes #10255

Fix braces. Issue #10246

(cherry picked from commit c03557a25af6a41cb84078416e4f7023449305b2)

NAT rule dst port reference corrections. Fixes #10246

When negating, the number of elements in $dstaddr_port is different. Do
not hardcode the index of the assumed last value, but calculate it
instead.

Otherwise the ruleset can have invalid entries like "port port" in...

IPsec VTI IPv6 address correction. Fixes #9801

When setting up IPv6 VTI, assume /64 -- Previous code was assuming /32
which wasn't correct, and it can't be /128 either since the IPv6
addresses are not point-to-point like IPv4.

(cherry picked from commit c519b62f8fc3ed094952c6289d21c429df139c51)

Ensure ALTQ bw is treated as int when factoring RRD values. Fixes #10248

(cherry picked from commit 3c95346d32bf4b243b242b73f91c5204ebf16d86)

Revert "Fix #10235"

This reverts commit 64e656556369fe61fe4315fac4c1b78e4763e35f.

Fix #10235

Add a missing break to case statement. Without it, $compression was
being filled with a bad value and also if push compress was being used,
it added the option breaking connection.

Reported by: Vinicius Dell'Aglio on Telegram pfSense group

Partial/future work-around for #10216 - When checking to see if the copyright notice has changed (and should be displayed) only check the first HTML <DIV>. This will avoid the notice popping up if the survey text is changed.

RAM Disk robustness improvements. Fixes NG 3173

• Prevents RAM disk from being partially enabled and left in a broken
  state if the RAM disks cannot be created
• Prevents RAM disks from potentially overcommitting free kernel memory,
  which FreeBSD now prevents, but could result in errors....

Fix PHP error in ipsec_reload_package_hook(). Fixes #10217

Welcome 2.4.5-RC

Sync translations with 2.5.0

CF DDNS wants int for TTL. Issue #10196

(cherry picked from commit e9869c5abc70dc4aa7cd27d2a139696a1970903f)

Add TTL for CloudFlare DDNS. Fixes #10196

(cherry picked from commit 9404b54a44a820b9c0332149a6ea794eed54bdac)

XMLRPC: fix last shaper/limiter removing. Issue #9468-9469

(cherry picked from commit c9a96f16a4cb582884c8a09d42dd1a61c206b97d)

Revert "add fe80::1:1 as an alias. Issue #9998"

It's a 2.5.x only

This reverts commit a69c0e4e0f2337b956aa6dd2d0668d3c2b1a92b7.

add fe80::1:1 as an alias. Issue #9998

(cherry picked from commit 24da61c68c91ea1d1cb7214aeeddd6c9ae741ce5)

Update repository info before checking for updates

(cherry picked from commit ff90ae73c35f293f370104c18d386c08e9e813c7)

Link to the book, not old OpenBSD docs. Fixes #10184

(cherry picked from commit 1bcc6e56e51b8ac1e329c9c0dd2bfc0f40983ead)

Mount devfs for unbound when python is enabled. Fixes #9251

Update SSL refs to SSL/TLS. Fixes #10172

switch to resolve_host_addresses() func

(cherry picked from commit 6e658d8dd1a3e05b2b0153651a5060ff9225e415)

urltable can return >1 IPs

(cherry picked from commit 477d5b5f4d83ec01266d8db3a592192ca45efb5a)

Use central download function

Reduce duplicated/inconsistent code by using the new download function.

(cherry picked from commit ecb594d094ce0e11cacd9062ebd0aa0ba190444a)

Add central file download function for use throughout the GUI.

(cherry picked from commit 1342f80fb512cf2f6a5925f03e61930ac41445af)

Wait 0.2 seconds after stopping Nginx.
Redmine #10159

(cherry picked from commit 4ddcc5caa393c6478b62b76d7213c2af0c1dde7b)

Merge pull request #4155 from BBcan177/RELENG_2_4_5

Ticket #9612: Reboot early when needed

When fsck -z doesn't work on first attempt due to old binary, reboot
before configure the system to make it faster

Ticket #9612: Prevent infinite loop and skip zfs

• Detect when system does not contain any UFS partitions and skip it to
  run fsck -z
• On a system with a broken filesystem it could end up on an infinite
  loop since fsck -z call would always return != 0. Save a counter on...

Fix #9612: Reboot twice if needed and run fsck -z

After changing pfSense-rc to create /.fix_for_SA-19-10.ufs file to flag
system to run fsck -z during pre-install stage it started failing
because fsck binary, at that point while only kernel was upgraded, still...

Unbound python integration

Unbound python integration

Fix #6263: Deduplicate encryption options on ipsec.conf

On a configuration with multiple P2, all encryption options from all P2
are added to ipsec.conf. The list could have duplicated itens when
multiple P2 use the same options. Deduplicate this list.

Remove vestiges of legacy ACB system

(cherry picked from commit 8a6d9d7f82e7a992d2c48910fb4bb847b28f3f45)

Remove some outdated references. Issue #10156

(cherry picked from commit 26700efcdf3bbe62cc7893d0f7b765c1a70492fa)

Remove some outdated references. Issue #10156

(cherry picked from commit e48255d5b36fdb953af8afeb775686c619c52500)

Fix typo

Fix sshguard config/command. Fixes #9971

Also requires sshguard patch

This is 2020. Issue #9245

Fix copyright header on rc.package_reinstall_all. Issue #9245

Move igmpproxy logs to routing.log. Fixes #10139

Ignore the flash devices during the scan for config files at boot.

(cherry picked from commit 99a641df363bfc9c1e62474180598a770ff22385)

Fix #9285: Move ping-check option from global to per-subnet

(cherry picked from commit 5197e3e3a3b0ee048785e2ffb4222d7cba4e6c74)

use disablepingcheck as option name

(cherry picked from commit a0541b292d4cde76b9e95c1d8cbd99f5f26afee5)

add an option to the DHCP server to disable the ping check feature

(cherry picked from commit 7847e55fa2cd5813adb1ee4aa888b694957109b9)

Revert "Fix #9285: Move ping-check option from global to per-subnet"

This reverts commit 9133e01dc049920d716b045a86e78a9a05d98354.

Update copyright notice years. Issue #9245

Update copyright notice years. Issue #9245

Add Gandi LiveDNS DynDNS client.

(cherry picked from commit edfe22f8bae894eb678f3e7060cc91cea6f664da)

Prevent OpenVPN tunnel network reuse. Fixes #3244

Ensures that a submitted tunnel network is not already in use on other
OpenVPN client or server instances, to avoid conflicts.

(cherry picked from commit 19a0636d7c0e0178209406480cc383853f0d3f72)

Use full path for pkg-static

Add exit notify to OpenVPN servers/clients. Implements #9078

(cherry picked from commit 7591a72a5108a2ac28d28745cec43ea282869aae)

Correct jQuery include

(cherry picked from commit bb31e48e2c1eea6a7a3925f5398bce17c19f3af4)

Fixed #9407

(cherry picked from commit df4262d0e1d8d460ba93b9fcde16476306ee21f6)

Fix #9873: Use pkg-static

When pkg repo points to a new major version pkg is updated, use
pkg-static binary to check PHP version and make sure the command works

Don't dedup DNS from dyn sources if override is disabled. Fixes #9963

(cherry picked from commit f829d7e2967d170f09756937e9076e87d5f9e2d7)