pfSense

Import a patch to fix Net_IPv6::compress("::")

Obtained from: https://github.com/phil-davis/Net_IPv6/commit/638b96a253164b65c63825c38e79812b6c5f448d
Submitted by: @phil-davis

Improve IPv4 address validation for services_dhcp

The input pattern that goes with Form_IpAddress by default allows for IPv4 and IPv6 valid characters. The back-end validation here is checking for IPv4 addresses, so it seems reasonable that the front-end input pattern checks might as well be restricted to the IPv4 valid characters. Unneeded setPattern have also been removed....

dyndns: add header processing in curl

some dyndns implementations rely on the correct HTTP header being set. the information was lost and now fixed.

Fix display advanced after input error for system_gateways_edit

Use case:
1) Edit a gateway that has no advanced settings (i.e. the Advanced section does not need to open on page load) - that works fine.
2) Modify the Gateway IP Address to something invalid like 1:2::z...

Better handle no dhcpv6 leases file

(cherry picked from commit 2355c154b7598f937ba2121429659f5676ce4d96)

Merge pull request #3204 from phil-davis/patch-6

Fix #6872 CP bandwidth 0 is no valid

The front-end validation prevents zero from being entered. "Leave empty" is the way to specify no limit.
(cherry picked from commit b7f2ebb5448f7992cceec899504bdd0a29058fb9)

Remove accidental code

Revise login hostname dispaly

Revert "Allow login hostname to be controlled via system.php"

This reverts commit cd6b99147a673b6bd0313fff55cab7eb6879608f.

Allow login hostname to be controlled via system.php

Added hostname to login page.
Option control required

(cherry picked from commit 616724395ae00a74fac4cf960ac2261b486e9dae)

Provide conrol on system.php to allow display of hostname on login banner

(cherry picked from commit a22947a4980a9f8beb294d6bad039495164ff1aa)

Update the variable with the round() return otherwise it does not has any effect.

Found while testing Ticket #6272.

(cherry picked from commit 92130da3b5fb55588d351c22042c9ce8ab5883d7)

Fix #6869 diag_routes resolve names for RELENG_2_3

This code to parse the netstat output and use gethostbyaddr() to reverse resolve names is only needed in RELENG_2_3, so that long names are not truncated. In FreeBSD 10.3 some long resolved names are still being truncated by `netstat`, even though `-W` is specified....

Make setup_serial_port() write config files safely

This function used to replace /boot.conf, /boot/loader.conf and
/etc/ttys on every call. Depending of the moment a power failure
happens, any of these files can be blank and it'll break console setup
on next boot....

Change safe_write_file $content parameter to accept an array

Make $force_binary parameter optional, default to false

Prevent /etc/ttys to miss essential lines

We do not create /etc/ttys from scratch but we change it on every boot.
If original file is corrupted for some reason we can end up with a file
missing essential lines. Added a check to verify if these lines are
missing and add them back in this case

Fix up help text on outbound NAT.

Clarify source port warning when editing a firewall rule.

In the setup wizard, do not change the DHCP range if it is already set inside the new subnet. Otherwise it will overwrite a range set manually from the DHCP settings or the console when the wizard is run later. Fixes #4820

DHCPV6 only check VIPs in range if range valid

If the user has input invalid values into range from and to, then there
is no point checking any IPv6 VIPs to see if they fall in the range.
None of them would be "in range" because the specified range is not even...

Add extra validations on is_inrange_v⁴⁶

Verify if addresses are valid IP address before convert them to make
numeric comparison.

While here, adjust indent.

Inspired by: @phil-davis patch at PR #3189

Merge pull request #3188 from NOYB/GitSync_Min_Diff_Combo

Make unlink_if_exists return true/false

This allows the caller to do a single "atomic" call to unlink_if_exists.
If it returns true, then they know that the file existed and that it has
been unlinked successfully.
This should help avoid race conditions where multiple code paths try...

Restore dhcp6 leases on full install when using MFS /tmp. While here, fix indent

Remove commented code

(cherry picked from commit 0186b761e05d6f707ddc9cf1898d20ffb7ef9405)

Bring up the wifi interface only after setting up all the other arguments. This prevents issues when using VAPs.

(cherry picked from commit 6416317a239e082b7702957263a51b4052ae43b5)

Replace underscore with hyphen in option names

Thanks Jorge

Allow Hyphens in DHCP NTP Server form validation

Also removes the ability to have underscores `_` in ntp server
FQDNs.

Closes #6806

(cherry picked from commit c68dbfc7580180cd9d47bdbecaeeb6cf835fe210)

Format file_notice alerts in webgui with newline characters as <br/> for easier reading.

(cherry picked from commit 348fae16e4c4735afef619184fba76b97effd875)

Simplify tcsh prompt and respect default terminal colors

lowercasing and sprintf of setHelp
(cherry picked from commit 705679339705657832422f5fdc336b5e39d48b79)

label src/dst incorrect - fixed (minor)
(cherry picked from commit a309ffa5cc1e8682bb083f9288f73f43a2a9c282)

UI improvement - src port button label and src port help msgs

1. Rename "srcportadv" to "srcporttoggle" - not ideal to have 2 fields both labelled "advanced options". This presentation probably works nicer
2. Self-explanatory show/hide button itself doesn't need a label. (If srcports are shown, they will have a label as usual)...

Remove unused arg in get_pkg_info()

The 2nd argument ($info) isn't used in that function, and doesn't seem to be used anywhere else in the codebase.
(cherry picked from commit b9b6841fac4393fbbe6f15ca46fe441122b883d1)

Merge pull request #3168 from NOYB/GitSync_Min_Diff_Combo

Use tabs consistently

(cherry picked from commit 553de3973dfdb0539a64510666976d523a21f2f9)

Re-enable executing the wifi mode command first. This fixes channel changing, which broke in d325e90818db2b22fc2562c38493769f217230f2.

(cherry picked from commit 8318da5192905a400076d5539ae86afeae82ee03)

Fixup ntpd IPv6 restrict clauses.

This should eliminate the following errors from the ntpd log file when
using IPv6 or dual-stack networks:
"syntax error, unexpected T_Mask, expecting T_EOC"

(cherry picked from commit daed7646d7e8e5d555676299ce660408b490ef81)

add array index how value for authserver list

(cherry picked from commit db0c1e142c98a6253204d69218557b91a8754337)

Only configure wireless MAC address if a spoofed MAC address is set

(cherry picked from commit a6c4a66da2ee8b0d4d54480dd690700b8c16bb13)

Improve gwlb.inc notification mechanisms

1) Unlink earlier to reduce the chances of any concurrency issues;
2) Translate and improve output of available notification;
3) While I'm here, fix whitespace and improve PHP syntax.

(cherry picked from commit 54596b8867ff706acc1a7bf74c2db81851830f5d)

Adjust parsing of OpenVPN ciphers to new output format. Fixes #6849

Create pkg.conf with ABI settings

Move pfSense-upgrade to FreeBSD-ports

Latest nginx requires /var/log/nginx/ to exist, so for users with /var in RAM it needs created.

Fix static blackhole routes. Bug was introduced in
8be135cd114fbc9294ec9dafed2125d0e553956c (February, 2013).

(cherry picked from commit 580bef1ee3052437487553fcc5dc8428ca665098)

Simplify logic
(cherry picked from commit 9a2d3fe1bf9bdad73fbffca44d5c1f02aa9825ae)

Spelling mistake "system_gateways.php"

Fix spelling mistake in "system_gateways.php"

(cherry picked from commit 47180823dc0560801085a227abf512e265363b16)

Remove workarounds to sort extensions.ini since ports tree now has a better solution in place to track PHP modules dependencies

Fix typo: The input field is named source_hash_key

(cherry picked from commit 870b9bc11b993ce8122b448083d29a04bcb30151)

Fixed #6835 by revising Javascript show/hide

(cherry picked from commit 850c3d8b9352e7467beca8502c24ca8d4fbbbd29)

Report quantity of files being installed by minimal and diff options.

Also consolidate some unset commands.

Support minimal and diff options combo rather than diff superseding minimal (sync both updated and diff files).

Break verbose option in two for showing files and/or constructed command. (--show_files, --show_command)
Don't save new commit ID if dry run. (--dry-run)

Make serial/UUID bold

Show system platform and serial / UUID

Obscure RADIUS shared secret.

Ensure a mobile P2 is marked as such when saving.

Use wider display for pftop to fill up dead area. Output still looks OK with narrower terminals as well.

Some views were omitting important info at the narrower width

Declare $config as a global in guiconfig.inc csrf_startup() function, to properly respect the timeouts. Ticket #6803

Apply #601 fix to firewall_nat.php

(cherry picked from commit 4b0815f38a8a0f98519ca0c2bff7c81b6464e579)

Fixed #6801

(cherry picked from commit 00098bc80b6f85eb74f2f3bc2b4eb7430614110d)

Do not show certificates in drop-down list that are already contained in this CRL.

Add missing \) and fix syntax

Extra "S" fixed - thanks @rbgarga
(cherry picked from commit d20b69c529654f2b5d4adf9ab2bba5116f980c64)

Add OpenVPN key lengths to Wizard - missed in original PRs

Original PRs and rationale:

• https://github.com/pfsense/pfsense/pull/2944 ("Add missing recommended key lengths/digest to Cert system")
• https://github.com/pfsense/pfsense/pull/2942 ("Add missing recommended key lengths to OpenVPN options")...

Sanitize 'zone' parameter on CP pages

Show a little more key info in main info table

• Key crypto info shown
• TAP/TUN appended to description (important descriptive distinction)
  (cherry picked from commit b1919bc7d635c875c9187df7ac4885cde7acf621)

Prepare pfSense-upgrade to work with new major OS upgrade

Add 'now' parameter do do_reboot() to force it to happen immediately

Make pkg_lock() and pkg_unlock() work with wildcards

Merge pull request #3137 from NOYB/Secure_SMTP_Connection_Modes_-_Mutually_Exclusive

Correct indentation.

Fixed #6786 by making table sortable

(cherry picked from commit e846d7f882d57331d7ead5fcf593e7e4daf7e247)

Simplify icmp conversion

pprior code "converts" every icmp type - of which only 3 actually get changed (rest keep same value anyhow!). If also uses a SWITCH {} construct rather than lookup + foreach, which is longer and less efficient.
(cherry picked from commit 0ce1667bc6fe80ef8e6b4d0d6d38d9859d5f4d94)

Use !empty() instead of isset()

(cherry picked from commit 6a9d1bfc5c90011af10a1704231340a42fa9f51d)

Improve handling of source-hash key

- Store the source-hash key in its own config field.
- Validate the provided source-hash key. Check that hex string input is
of the form "0x" followed by 32 hexadecimal digits. Any other string
not starting with "0x" is hashed using md5 and stored as "0x" followed...

Add field to specify source-hash key

The source-hash pool option uses a hash of the source address to
determine the translation address. This hashing algorithm is also fed a
key, which unless specified defaults to a random value. This random
value is then generated each time pf is reloaded....

Merged #2975

Revised service running/stopped icons

(cherry picked from commit a03162c874c4e52e6cae52c2eefce87118fd90d2)

Fixed #6788 by clearing only the first label in the cloned row

(cherry picked from commit d38d215d1d9429d3a1a15708f92b14cf3a15b247)

Secure SMTP Connection Modes - Mutually Exclusive

Secure SMTP Connection modes are mutually exclusive. Select only one.

Fix #6768 IPv6 static mapping on delegated prefixes

For example, WAN receives a /48 delegated from the upstream (ISP...),
e.g. "2001:470:abcd::" pfSense then uses this as a starting point to
calculate the addresses on LAN, OPT1, OPT2 etc where they have been...

Code style changes

(cherry picked from commit b2836666a8e7fc021ea750fafc8fc6e8097d52ff)

Allow packages to request syslogd log socket to be created inside chroot by specifying it in /package/logging/logsocket element. Implements #4898.

Example:
<package>
<logging>
<logsocket>/var/appname/var/run/log</logsocket>
</logging>...

dnsresolver, make interface boxes resizable, to allow for easier picking/checking of multiple selected interfaces

(cherry picked from commit 57625777c88603f1d2ca55cc981c5ec538c3770f)

Fix diag_dns regressions

After testing diag_dns behaviour some regressions have been noticed.

1) Looking up ipv6.google.com (it only has AAAA records) doesn't work
- gethostbyname() only supports v4, ipv6.google.com only has v6
- this bug was recently and inadvertently introduced...

Remove empty concatenation.

(cherry picked from commit a25c797a44e5cd2480947eb5ae427dcb8e0c031c)

Check IP Services - Info Box

Change warning box with dismissal to collapsible info box.

(cherry picked from commit 6f3ac947b2a83f18ade12ad9876fb8d75a9ff3a2)

Fix up/catch up remote syslog areas. Fixes #6780

More pptp bits

Remove some more dangling PPTP bits.

Fix description of the VPN remote log setting

Move copyright from ESF to Netgate

Revert "Remove unused file browser.php"

This reverts commit 48ffade7502839380cc6046187e0c1447723d67a.

Move copyright from ESF to Netgate

Remove unused file browser.php

css: Fix jQuery UI widgets' font

Use the main font with jQuery UI widgets (e.g. autocomplete forms)

(cherry picked from commit e540a9d774f5dfcdd18bf51529932f79f78374a0)