Fix a potential source of PHP errors when saving per-log settings. Fixes #9540
While here, fix save descriptions.
(cherry picked from commit 303641f8283016a88f53c7743c962e16ba683579)
Implement new OpenVPN advanced options privilege. Fixes #9511
Remove Advanced box from OpenVPN Wizard. Issue #9511
Fix ACB privileges. Fixes #9519
Add warning for OpenVPN client, server, and override privileges.
Since these can use OpenVPN advanced directives to call externalscripts, they can be used to run commands that the user may nototherwise have access to run.
Issue #9510
Encode download parameter before use. Fixes #9508
Encode descr in the WOL widget. Fixes #9507
Encode output in status_filter_reload.php. Fixes #9499
Init array before use
Update status.php to use ping-auth for pubkey
Fix another typo
status.php updates
Fix typo
Revert "Change ovpn_auth_verify_async to php-cgi. Fixes #9460"
check_reload_status 0.0.10 fixes the original issue, this can go backthe way it was.
This reverts commit ce76f299853dccb036de229f08a30013593c98fd.
Change ovpn_auth_verify_async to php-cgi. Fixes #9460
Do now show scheduler icon when scheduler tag is empty
Spotted by: Oliveira MaisSecurity <oliveira@maissecurity.com.br>
Fix empty log files in the GUI. Fixes #9415
While here, add CARP details to proto field of GUI log view.
Fix CA/Cert search description. Issue #9412
Fix bonus closing tag. Issue #9412
Add sorting and search to CA/Certs. Implements #9412
Deprecate the built-in relayd Load Balancer. Closes #9386
It is not available on FreeBSD 12 with OpenSSL 1.1.x.
Users can migrate to the HAProxy package.
Fix the spamming of warnings about ttyv0 not being available on ARM64 devices.
While here, use a more meaningful name for the function.
Initialized entries variable before use. Fixes #9359
Use only sshguard table for blocking ssh/gui attacks. Issue #9223
Fix output buffering when downloading config backups. Fixes #9390
Update SMART status page with more detail/commands. Implements #9367
Fix more illegal offset errors. Issue #9366
Target the proper loop in switch statements. Issue #9365
Fix some illegal offset errors. Issue #9366
Remove all calls to conf_mount_r[ow]
Update loader.conf when maximumtableentries changes
On Firewall -> Advanced -> Firewall, when maximumtableentries itemchanges, make sure /boot/loader.conf is changed accordingly. If thevalue is bigger than sysctl net.pf.request_maxcount, then warn user that...
Update translation files
Regenerate pot
Update privileges
Fix OU Name DN entry when creating a user cert. Fixes #9317
Correct syntax error in diag_backup.php. Fixes #9316
Force the <enableserial> on when restoring a backup on a device with serial only console.
Affects multiple devices.
Ticket #1547
Fix limiter selection validation.
Test $sform before use, fixes #9313
Ticket #9308: Replace use of /etc/ca_countries by get_cert_country_codes()
Make get_countr_code() parameter default to 'ALL'
Add back DNS over TLS host verification code. Fixes #8602
Requires Unbound 1.9.0_1 from pfsense/freebsd-ports, which fixes a bugin Unbound 1.9.0 which did not fully implement OpenSSL 1.0.2 hostvalidation support. See https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4206#c5
Add validation and encoding to various firewall advanced values. Issue #9294
Input validation and encoding of IGMP proxy addresses. Issue #9294
Validate NTP GPS type, encode output. Issue #9294
Encode traceroute error message. Issue #9294
Validate submitted interfaces. Issue #9294
Fix input validation of webguiproto. Issue #9294
type cast traffic graph inputs to fix #9072
status.php optimizations. Implements #9290
Fix desc of OpenVPN sync to show that it also syncs certs. Fixes #9283
Packet capture page fixes. Fixes #9239
Init array for 6o4 tunneling Fixes #9264
Allow a trailing dot in a hostname on diag_dns.php. Fixes #9276
Remove links to DNSStuf tools. Fixes #9275
Fix saving IPv6 over IPv4 tunneling NAT setting. Fixes #9264
Update copyright notices to 2019. Happy New Year
Change alias name/pf keyword check to be case insensitive. Fixes #9231
Init filter rules in firewall_nat.php. Fixes #9193
Merge pull request #4019 from GrantSheehan/master
Rework cert keylen/digest validation. Fixes #9180
Fix DigitalOcean DynDNS client
Fixes the check on the return value since it's been updated to useHTTP/2 syntax. Also adds logic to allow using `@` to denote updating theroot domain A record as well.
Fix array init in setup_wizard.xml. Fixes #9170
Do not call interfaces_vlan_configure() every time an interface is edited in GUI.
This is just necessary when a parent interface is changed and we have to propagate the changes to all clones (MTU, FLAGS and others).
Add a logic to detect when a parent interface is changed and only then call interfaces_vlan_configure()....
Make the WF2Q+ the default scheduler for the dummynet limiters.
The WF2Q+ was the default scheduler in previous versions, it is well tested and support dynamic queues.
Add a note for the FIFO scheduler to make clear that it does not support dynamic queues (by design) and as such, it is working as intended....
Allow no username for FreeDNS-v6
Also include that and Digital Ocean in the help text.
Fix #9121: Initialize arrays to prevent PHP 7 errors
Minor fixes related to #9121
Fix #8937: Show hwaddr for LAGG members
Merge pull request #4016 from Augustin-FL/captiveportal-spelling
Merge pull request #4014 from Augustin-FL/captiveportal-blocked-mac
Merge pull request #4004 from NanoCaiordo/js-warnings
Fix few spelling issuesTicket #9134
Remove obsolete OLSRD code. Implements #9117
Fix #9071: Make sure pkg metadata is updated when repo config changes
Remove unused variable
Simplify logic to remove packages section from backup
Redirect Blocked MAC without requiring credentials if Blocked MAC URL has been entered.
Redmine #9114
Initialize QinQ arrays before use. Fixes #9109
Fix change detection of GUI web server toggles. Fixes #9105
Add checkbox to disable SMTP SSL cert verification. Implements #9001
The default action is to validate the certificate. If the user knows theserver does not have a valid certificate (e.g. self-signed), this optionwill allow encryption to be used without validating the identity of the...
Prevent CRL from using too large a lifetime on ARM. Fixes #9098
Improve handling of empty cert tags. Fixes #9099
Prevent log size from being too large, which breaks clog. Fixes #9081
Prevent PHP error when saving log config. Fixes #9095
Update src/usr/local/www/vendor/d3/d3.min.js
Restored d3.min.js
make sure to only pass valid options when supported by the browser
Removed js warnings
Add help text to sshguard whitelistReduce delete button sizeChange label text to "Add address"
Fix #8864: Let users modify sshguard parameters and whitelist
Array initialization in NAT pages. Fixes #9080
Validate and protect powerd option values. Fixes #9061
Merge pull request #4000 from Augustin-FL/patch-cp-3
Fixes to ssh agent forwarding setting
Restore the RADIUS NAS ID option to Captive Portal. Fixes #8998
Keeps the default of using CaptivePortal-<zonename> when not set,otherwise uses the value supplied by the user as with older versions.
Implement login fallback for RADIUS MAC authentication