Import a patch to fix Net_IPv6::compress("::")
Obtained from: https://github.com/phil-davis/Net_IPv6/commit/638b96a253164b65c63825c38e79812b6c5f448dSubmitted by: @phil-davis
dyndns: add header processing in curl
some dyndns implementations rely on the correct HTTP header being set. the information was lost and now fixed.
Remove accidental code
Revise login hostname dispaly
Revert "Allow login hostname to be controlled via system.php"
This reverts commit cd6b99147a673b6bd0313fff55cab7eb6879608f.
Allow login hostname to be controlled via system.php
Added hostname to login page.Option control required
(cherry picked from commit 616724395ae00a74fac4cf960ac2261b486e9dae)
Provide conrol on system.php to allow display of hostname on login banner
(cherry picked from commit a22947a4980a9f8beb294d6bad039495164ff1aa)
Update the variable with the round() return otherwise it does not has any effect.
Found while testing Ticket #6272.
(cherry picked from commit 92130da3b5fb55588d351c22042c9ce8ab5883d7)
Make setup_serial_port() write config files safely
This function used to replace /boot.conf, /boot/loader.conf and/etc/ttys on every call. Depending of the moment a power failurehappens, any of these files can be blank and it'll break console setupon next boot....
Change safe_write_file $content parameter to accept an array
Make $force_binary parameter optional, default to false
Prevent /etc/ttys to miss essential lines
We do not create /etc/ttys from scratch but we change it on every boot.If original file is corrupted for some reason we can end up with a filemissing essential lines. Added a check to verify if these lines aremissing and add them back in this case
Add extra validations on is_inrange_v46
Verify if addresses are valid IP address before convert them to makenumeric comparison.
While here, adjust indent.
Inspired by: @phil-davis patch at PR #3189
Merge pull request #3188 from NOYB/GitSync_Min_Diff_Combo
Make unlink_if_exists return true/false
This allows the caller to do a single "atomic" call to unlink_if_exists.If it returns true, then they know that the file existed and that it hasbeen unlinked successfully.This should help avoid race conditions where multiple code paths try...
Restore dhcp6 leases on full install when using MFS /tmp. While here, fix indent
Remove commented code
(cherry picked from commit 0186b761e05d6f707ddc9cf1898d20ffb7ef9405)
Bring up the wifi interface only after setting up all the other arguments. This prevents issues when using VAPs.
(cherry picked from commit 6416317a239e082b7702957263a51b4052ae43b5)
Replace underscore with hyphen in option names
Thanks Jorge
Simplify tcsh prompt and respect default terminal colors
Remove unused arg in get_pkg_info()
The 2nd argument ($info) isn't used in that function, and doesn't seem to be used anywhere else in the codebase.(cherry picked from commit b9b6841fac4393fbbe6f15ca46fe441122b883d1)
Merge pull request #3168 from NOYB/GitSync_Min_Diff_Combo
Use tabs consistently
(cherry picked from commit 553de3973dfdb0539a64510666976d523a21f2f9)
Re-enable executing the wifi mode command first. This fixes channel changing, which broke in d325e90818db2b22fc2562c38493769f217230f2.
(cherry picked from commit 8318da5192905a400076d5539ae86afeae82ee03)
Fixup ntpd IPv6 restrict clauses.
This should eliminate the following errors from the ntpd log file whenusing IPv6 or dual-stack networks:"syntax error, unexpected T_Mask, expecting T_EOC"
(cherry picked from commit daed7646d7e8e5d555676299ce660408b490ef81)
Only configure wireless MAC address if a spoofed MAC address is set
(cherry picked from commit a6c4a66da2ee8b0d4d54480dd690700b8c16bb13)
Improve gwlb.inc notification mechanisms
1) Unlink earlier to reduce the chances of any concurrency issues;2) Translate and improve output of available notification;3) While I'm here, fix whitespace and improve PHP syntax.
(cherry picked from commit 54596b8867ff706acc1a7bf74c2db81851830f5d)
Adjust parsing of OpenVPN ciphers to new output format. Fixes #6849
Create pkg.conf with ABI settings
Latest nginx requires /var/log/nginx/ to exist, so for users with /var in RAM it needs created.
Fix static blackhole routes. Bug was introduced in8be135cd114fbc9294ec9dafed2125d0e553956c (February, 2013).
(cherry picked from commit 580bef1ee3052437487553fcc5dc8428ca665098)
Remove workarounds to sort extensions.ini since ports tree now has a better solution in place to track PHP modules dependencies
Report quantity of files being installed by minimal and diff options.
Also consolidate some unset commands.
Support minimal and diff options combo rather than diff superseding minimal (sync both updated and diff files).
Break verbose option in two for showing files and/or constructed command. (--show_files, --show_command)Don't save new commit ID if dry run. (--dry-run)
Use !empty() instead of isset()
(cherry picked from commit 6a9d1bfc5c90011af10a1704231340a42fa9f51d)
Improve handling of source-hash key
- Store the source-hash key in its own config field.- Validate the provided source-hash key. Check that hex string input is of the form "0x" followed by 32 hexadecimal digits. Any other string not starting with "0x" is hashed using md5 and stored as "0x" followed...
Revised service running/stopped icons
(cherry picked from commit a03162c874c4e52e6cae52c2eefce87118fd90d2)
Fix #6768 IPv6 static mapping on delegated prefixes
For example, WAN receives a /48 delegated from the upstream (ISP...),e.g. "2001:470:abcd::" pfSense then uses this as a starting point tocalculate the addresses on LAN, OPT1, OPT2 etc where they have been...
Code style changes
(cherry picked from commit b2836666a8e7fc021ea750fafc8fc6e8097d52ff)
Allow packages to request syslogd log socket to be created inside chroot by specifying it in /package/logging/logsocket element. Implements #4898.
Example:<package> <logging> <logsocket>/var/appname/var/run/log</logsocket> </logging>...
Fix up/catch up remote syslog areas. Fixes #6780
More pptp bits
Remove some more dangling PPTP bits.
Revert "Remove unused file browser.php"
This reverts commit 48ffade7502839380cc6046187e0c1447723d67a.
Move copyright from ESF to Netgate
Remove unused file browser.php
Remove some obsolete code from globals.inc
Fix handling of backup config count. Fixes #6771
Merge pull request #3071 from phil-davis/Check_IP_Services
Force changes in routing to be detected by the system
When dhcp6c without RA is enabled, dhcp6c isn't killed and respawned, this causes the system not being able to pick up the routing changes. In this case, running the configuration script which fires rc.newwanipv6 solves the problem....
DHCP6 Before RA. Additions and ammendments
Replaced posix_kill() in kill_dhcp6client_process() with mwexec("kill -9 $pid"), this is because the posix_kill call was not reliably killing the dhcp6c process, kill -9 works every time.
Changes to the rtsold script creation. The script lines starting dhcp6c should not have be written to the script when dhcpwithoutra is true....
Improve dhcpd and dhcpleases reload
1) Avoid running services_dhcpd_configure() more times than needed.2) Always restart dhcpleases after it's killed during interface recycle.3) It's not necessary to restart dhcpdv4 when doing changes in ipv6 config.
(cherry picked from commit 509e9357df4755a4fe5d1d9b20eda65bafb855e7)
Uniformize memory limits and remove old code (revised)
1) Allow setting a memory_limit up to 768M (Suhosin)2) Remove old workarounds. Memory limits on config.inc will be new defaults
(cherry picked from commit 7edcc54b2e9d1de51d5e6d0aedade89bc2cf0699)
Ensure only one instance of services_dhcpd_configure runs concurrently
This way kill and respawn will behave as they should for the dhcpd processes
(cherry picked from commit c69ea0051c5549a9db0d092e85b92f78ffb4c978)
Prevent accessing undefined offset in IPv6.inc
On perfectly good IPs (eg. 1:2::3:4) this code could cause the following notice:Notice: Undefined offset: 2 in IPv6.inc on line 560
On bad IPs like 1::2::3 it would not result in any notice.
This commit fixes the above problem, while making sure that only valid sequences pass validation.
system_dhcpleases_configure() - Improve pidfile handling
1) Set the pidfile variable in the correct place. pidfile variable is required in both 'if' and 'else' blocks.
2) Ensure pidfile is valid before sending term signal
(cherry picked from commit 4509abc380552554cbdf3f42c6783b47112f245a)
Apply the fix for ticket #6589 also into dhcpdv6 config
(cherry picked from commit 20350989db5d66ffb827beaed5ef5738cd62fc9d)
Indent dhcpd.conf option custom(cherry picked from commit c507161d557817c1f6f0adbef9ffdbad82115ee8)
Fix #6720 DHCP options by pool
It is a little bit tricky having to generate the unique "option custom-if-n-m code ..." lines at first where n = pool index and m = item index in the items of the pool. Then make sure to reference that later, getting the same pool index into the array of pools. The $all_pools array as the "overall" or "base" pool first (at index 0), followed by the user-specified pools at index 1, 2, 3,... - which are actually at indexes 0, 1, 2,... in the ordinary array of pools in the config. So the -1 at line 910 has to happen....
Fix double domain-name-servers for pool
Add a pool and specify something in 1 or more of the DNS servers boxes for the pool.The "option domain-name-servers 1.2.3.4" line appears twice in dhcpd.confThe first bit of code to do it is at lines 787-799. I have deleted this 2nd time that it is done at lines 854-856....
Fix #6724 VLAN interface displayed wrong
in interface assignment script dialog.
The str_replace() calls were not smart enough to just get rid of bare "igb1" when "igb1_vlan123" and such like was also in the list.(cherry picked from commit fd020a2d94077cc9c8ee6bac5b3da11e116c84a2)
Add a selection for OpenVPN to have no compression preference + comp-noadapt, which is necessary in some client edge cases. Fixes #6739
Use "-C /dev/null" when starting dnsmasq to avoid it picking up an incorrect default config which would override our command line parameters. Fixes #6730
Add an option to push "block-outside-dns" to clients of an RA OpenVPN. Fixes #6719
Fix DDNS domain for static map DHCP entries
If you specify DDNS Domain in a DHCP static map entry, it does not make its way through to dhcpd.confThis is because the var name $pdnscfg is wrong from an old copy-paste that first made this code.(cherry picked from commit a5a55231770e548898b6b1c18146cc0c6631c5c6)
Code style and comments
No functional change - just making style consistent
(cherry picked from commit 9d3e8723171c727cf43338bd8e95ab2bb7e6a66c)
Protect package_reinstall_all()
If one restores a config.xml without packages, there will be a warning about invalid argument supplied for foreach(). This commit fixes the problem.
(cherry picked from commit 5eda5816d8a7bd05730c70e44493815079925b48)
Merge pull request #3095 from NewEraCracker/redmine-6686
Pass along send_smtp_message() return, otherwise message will not be shown when testing SMTP settings
Ensure extensions.ini is readable by non root users
https://redmine.pfsense.org/issues/6686
Text typo
Noted by Daryl Morse in comment on Redmine bug 6637.(cherry picked from commit bf6ae0ad277710ffa64ee0967c5d4f717c2bc54b)
Ignore linkup eventos for interfaces that are member of bridges and have no IP address configured
Verify if interface is active gw for gw group before update dynamic DNS
Fix a redundant HTTP "User-Agent" string.
CURLOPT_USERAGENT expect the value to the user-agent string, not the entire key-value pair.Before this fix, HTTP header "User-Agent: User-Agent: phpDynDNS/0.7" was sent for DDNS updates.NGINX configuration at GratisDNS will not accept a user-agent formatted in the above way....
Merge pull request #3066 from phil-davis/notifychannelupdown
Merge pull request #3065 from phil-davis/radius-openvpn
services_dhcp: Ignore BOOTP queries
BOOTP leases do not have a maximum lease time by default, this couldpotentially lead to a DHCP address pool exhaustion.
This commit adds an option to ignore BOOTP queries.
Redmine #4351
(cherry picked from commit 6d53301b1f612ff3e0490abbb46b53c50193b80b)
Update firewall rules separators when NAT associated rule is deleted.
Bug: https://redmine.pfsense.org/issues/6676(cherry picked from commit 7475d7b337c0a08dc4d6636f33b0998067f26008)
Save widget settings per user
For users that have "custom settings" enabled, save the "tool" settingsof their widgets on a per-user basis.User that do not have "custom settings" enabled will continue to use andsave widget settings to/from the system-wide settings....
Fix typo, LT2P->L2TP
Merge pull request #3074 from phil-davis/gwredir
dpinger: fixed check for pidfile length #6505
(cherry picked from commit 4aaf38742563c427b42a813387d84246ff20a2f2)
Merge pull request #3073 from phil-davis/certs
Merge pull request #3069 from phil-davis/LAGG-MTU
Merge pull request #3068 from phil-davis/subnet_size
Merge pull request #3067 from phil-davis/useallcerts
Merge pull request #3064 from phil-davis/cloudflare
Merge pull request #3063 from phil-davis/dhcpinitbeforera3055_23
Some small improvements to OpenVPN server handling when using CARP VIPs in Gateway Groups. Might help with issue #6607
Increase filtering tail limit for logging, fixes #6652
Whitespace fixes
Remove '-x' flag from dhcpwithoutra launch of dhcp6c
This is the equivalent fix for the RELENG_2_3 branch to pull request #3078
Backport openvpn_add_dhcpopts already sets redirect-gateway
Ticket 6633Original commit to master washttps://github.com/pfsense/pfsense/commit/f8038899f250c656b1ef03fe351fb9cfdadeaf0cAdding this PR for completeness so that this is visible as somethingthat can be back-ported to RELENG_2_3
Backport Add missing recommended key lengths/digest to Cert system
Original pull request to master was #2944
Backport Check IP Services
Original pull request to master was #3037
Backport Fix issue with QinQ on LAGG interfaces where MTU doesn't apply to parent
Original pull request to master was #2905
Backport simplify subnet_size()
Original pull request to master was #3007
Backport Use all certificates in the chain when creating the ca-file for server-side OpenVPN configuration
Original pull request to master was #2966
Backport notify by email and in syslog when a channel goes up or down
Original pull request to master was #2847