pfSense

Omit <secret> tags from L2TP in status.php config.xml dump.

Restore 2.2.x and prior means of obtaining pfsync nodes to avoid exhausting memory on systems with large state tables. Ticket #6364

Flush link-local IPs so we do not get stale data and do not waste time deleting IP if it is already set to fe80::1:1

Rename item #12 in console menu

The console menu item #12 ("pfSense/$product developer shell") has a pointless title that doesn't help users much. It also actively obscures from router admins the useful tools it contains which is a negative side-effect....

Update include() to include_once()

For safety, use include_once() when including various "side" files.
There are a couple of instances of include("guiconfig,inc") that I
changes to use require_once() to be consistent with everywhere else.
The remaining cases of include() are just (hundreds of) head.inc and...

Shorten gwifip if whole socket path exceeds 100 chars

dpinger stopps with an error when the socketname exceeds over
(around) 100 characters. The dpinger will not start and not deliver
monitoring results to the WebUI.

These long socket names can get created when using link-local addresses...

Use a different delimiter for dpinger socket names

Currently underscores are used to seperate gwifip, monitorip, etc, but
underscors are also used in vlan subinterfaces like em0_vlan10 and
therefore can't be used because the interface scope is appended to IPv6...

Set pipe_slot_limit to the maximum configured qlimit value. Move the set_sysctl out if the block where it only gets run if dummynet isn't already loaded. Ticket #6553

Clean up limiter text. Remove old commented out bit.

Fix matching of chars in IPv6 address segments

The existing regex here is wrong, it matches 0 or more of the hex digits but then there can be other rubbish in the string, in fact anything at all! It matches "az", "z", "qwerty" and so on. So the "return false" inside this "if" never happens....

Remove a-f from IPv4 address pattern

It seems to me that a through f should not be part of the pattern for the "V4" case.
(cherry picked from commit 1f49dd8a3a49b724ded5840c1db6c168ed466aae)

Always use require_once

The usage of require() and require_once() throughout the system is
inconsistent, and "bugs" come up now and then when the order of
"requires" is a bit different and some require() happens after the
include file is already included/required....

Run generate-privdefs.php to update priv.defs.inc

bring back subnetv4_expand function used by pfblockerng

Use the translated destination for kill_states if one exists. Ticket #6531

Correct/clarify column header. Ticket #6530

Fix style

pfSense_get_pf_states always returns source as src and dest as dst, this flipping based on direction is wrong. Ticket #6530

Fix style

Add include of functions.inc for declaration of gettext

Revert "Incorporated ssl changes"

It's a specific 2.4 change, only in master branch

This reverts commit 00a7688401c15015c3f43735b2b1536ebfec7e92.

Include interface scope on IPv6 static routes to link local gateway IPs. Ticket #6506

Comment typo

(cherry picked from commit b069f77e0a5e355e811dd7bd4a4d17a802a3f682)

Revert "adding privileges and separating DNS Resolver overrides from general settings"

This reverts commit fc76a1e390c8ce9579df31457c74d1d0e572b78d.

Shouldn't the priv match here be set to "services_rfc2136_edit.php*"?

(cherry picked from commit 5c403f843291bdc670dcdb45e1e097f2eb7f36ab)

Load actual value of webguihostnamemenu

This is a string from a list of valid values (empty, "hostonly", "fqdn"). So it is not correct to just gather a true/false value here.
(cherry picked from commit e93242eb2ad5a45fb6ab1526f0b6ddcc716e5b96)

Restored countdown functionality and menu refresh on successful update/remove/install
Added comments to clarify operation of the page

(cherry picked from commit 18295ff2f907f638afa9f7c665cc16e4262e6899)

Clarify ports alias hint. Ticket #6523

add traffic totals package

% and / are also allowed in values

Fix Bug #6394 - Incorrect Output of Translation

Apparently gettext() does not behave correctly when passed an empty string, this commit ensures gettext() is called only with non-empty strings

(cherry picked from commit 6ae99aba5cab12440d88dd9ddaa6535c3b9b5d82)

Remove duplicate listtags() entry 'member'.

(cherry picked from commit 40d7e4bee91246db09cc88141869abcd37390bc7)

Remove subnet_expand()

Function isn't used in main or packages repo, and in any case would need a complete rewrite to handle IPv6.
(cherry picked from commit 6215902c4043726e633fcfac1c37c710ac398653)

Fix #6482 OpenVPN Redirect Gateway Option Causes GUI Issue

This fixes the GUI inconsistency reported in the referenced bug. On edit of an OpenVPN server that has tun mode, not shared key, and the gwredir checkbox checked, the local_network fields are shown, but actually they should be hidden (because that is what happens on first data entry when gwredir is checked)....

added missing div.content wrapper when reloading filters

(cherry picked from commit e8406abe627675db2c2f77a81c1bb883f5158bb6)

Fix PHP Warning about invalid argument supplied for foreach

If _POST['members'] or _POST['groups'] is not set / none selected at GUI, it would give a warning on crash reporter (dev versions)

(cherry picked from commit 9f4722022f0e8114741e8cf1a421520fded8be1f)

Fix bad escapeshellarg logic on mpd execution

With this change single-quotes are applied in correct places

(cherry picked from commit 08cd022545be58a46b860500ff81bbe7438b6304)

Do not allow deleting your own user name

Currently if you delete your own user name, then the config ends up with a blank user tag in it. Rather than fix that up, it seems dangerous to be able to delete yourself anyway, because if you are the last user with admin privs for which you know the password (i.e. if you have not recorded the password for "admin" somewhere), then you can lock yourself out. That would require console access to fix, which for some people is a pain....

missing "("
(cherry picked from commit 70381d4803b9424c1a3f3ef518d8243062452d77)

optional arg for old behaviour
(cherry picked from commit cf63f1638aab685cc956502f5ddd862a10bf3ff8)

function name hms -> dhms

to match edit to util.inc
(cherry picked from commit c57e936a6596550619f7261e85b633ca5016cbf2)

Simplify convert_seconds_to_hms() and show days for large numbers of hours

1) Function can be simplified and all "if" statements removed, using intdiv (or casting result as int for PHP < 7) and % for calcs and sprintf for padding.
2) Input validity check before trying to convert format...

Add "delete entry" for ARP table

Useful function in some circumstances - seems no reason not to have it.

Uses IP rather than hostname since not all ARP entries have hostnames.

Probably should also have "delete all" but not done that.
(cherry picked from commit 6ea0d41e3c094a0977e7f0d022ec74276280b8ff)

Fix NTP PPS. It had 'None' option available on 2.2.x.

(cherry picked from commit ceabd66d57f7199602d3a23cb8a60080bcfa67ea)

Fix "Unable to remove NTP GPS from configuration"

https://forum.pfsense.org/index.php?topic=112771.msg627573
(cherry picked from commit 55de528cbb177b4a1f40554ad1a567198bbeebb3)

redundant check - is_numericint() tests for >= 0
(cherry picked from commit f208e9690e2ec4089cf3d3fe5f5f03fed5a36e6f)

Use global backup count instead of hardcoded value and remove redundant function
(cherry picked from commit 01b5410ae8391998ba560d40f447c7f556472c5b)

fix logic and replace hard coded value by global

backups should be a numeric int.
text hint for number of backups can now refer to the global value for this platform (and explains how to get that default, by leaving blank)
(cherry picked from commit 16b17c15f9fc29e9480431b5bc7bebe2bd4b6230)

set default_config_backup_count based on platform

At the same time the platform is being detected for PHP/GUI purposes, set the default number of backups. Also handle the case where (for any reason) detection fails, which it shouldn't, so the variables are still created...

Give settings section a more helpful/standard title to match other GUI settings tabs
(cherry picked from commit ca55edc39342865816feef390616be8b770c889b)

Self correcting - poor english
(cherry picked from commit b56769c30a23af9f575ee4a5f056558ef8322f95)

Accuracy

Large keys are not "slower to use" in many cases, since they are only used to validate or set up a session. An ongoing session usually transfers to a symmetric algorithm once established, and the user won't notice the short extra delay in session startup....

missed a comment I added and shouldn't have - removed
(cherry picked from commit 7c684f3b95f641134496bc1210cfb2d814468767)

Update OpenVPN Wizard to include missing key sizes

...and add some useful info to guide the user.
(cherry picked from commit 49810252681df9bd553e2221c885ceffaa2c4c7f)

Add missing recommended key lengths to OpenVPN options

Add key lengths to the OpenVPN options, for asymmetric keys of size 3072 (for current use), 7680, 15360 (for long term resistance), 8192 and 16384 (common binary exponents).

These are both supported by OpenVPN anyhow, and for certain uses are currently recommended (eg long term resistance to replay/decryption). See keylength.com for citations....

Added option to System > General Setup > webConfigurator to change the title of the Help menu in the navbar to either the system hostname or fqdn.

(cherry picked from commit 1d12996755ee6fb9b9e163d292bdba160a926e64)

Make QinQ interfaces work again

(cherry picked from commit 1322ee22354f1a6e184819fb7009a2996b63de97)

Allow IGMP Proxy logging verbosity to be selected via system log settings (PR 2901)

(cherry picked from commit 2bd0585e30e5ec8fc3b79ca3f579bf9a7c1bcbc8)

adding privileges and separating DNS Resolver overrides from general settings

(cherry picked from commit fc76a1e390c8ce9579df31457c74d1d0e572b78d)

Force 4096 RSA keys

Add option `-b 4096` to force the keys to 4096-bit.

This parameter is ignored for Ed25519 keys.

(cherry picked from commit 971257cbdf687c79943237b6c2f5e37c596318af)

Harden sshd_config

The changes are better explained in the following article:

https://stribika.github.io/2015/01/04/secure-secure-shell.html
(cherry picked from commit dca77360ffe868327d82c20834eceb1079d5823b)

Fixed #6504 by making table sortable

(cherry picked from commit 55f67b5abd9b809807e328477779d97120908273)

jQuery datepicker added to interfaces.php and interfaces_ppps_edit.php for setting custom expirey date

(cherry picked from commit d85d82b7686d5899948e6ec4b1587e74937820cf)

Fixed #6516 by replacing HTML5 datepicker with jQuery widget

(cherry picked from commit 53c38ff16c1eb8743e69d506f69167c88cf34910)

fix rowhelper select_source empty combo

while using $config['installedpackage']{['...'] as source

add htop to poudriere_bulk

Only call interfaces_vips_configure once if it's needed, rather than doing the same thing over and over for every VIP on an interface. Ticket #6515

update d3.js

update nvd3 files

Fix style

require_once auth.inc in vpn.inc since it uses functions from there, though normal use of the system won't require that, those who run certain things manually/custom may require it

Fixed #6514 by requiring string starts with letter ot underscore

(cherry picked from commit f0a053846d6cde2724c47b5553e1395cfd21445c)

Only omit aggressive line from ipsec.conf where IKEv2. Ticket #6513

Fixed #6498 by providing new address type argument to Form_IpAddress(). In this case it is specified as "V6".

(cherry picked from commit 3e4adb7139b4cddbb06a2aba7e0727d1762b35ee)

Incorporated ssl changes

Set kern.corefile, fixes #6510

Use synlink path for core repo and fix resume build

Fix typo

Fix redundant phrasing.

Add the hability of building images with custom logos on build scripts

Add NYI custom_logos

Teach rc script to copy custom_logos over default one

Remove tab_array from interfaces_groups_edit.php to be consistent with other *_edit files

Correct value for 9600. Ticket #6416

Use correct format for REVISION on image filenames

Add PRODUCT_REVISION to image filenames

Fix #6468 Do not allow edit of day and times

in rows of time ranges for a schedule.
The code was always intended that the user uses the calendar pad and start hour/minute stop hour/minute drop-down fields to enter days and time range. If an existing day-time-range is wrong, then the workflow is to delete the row and then enter the correct day-time-range using the calendar pad and start hour/minute stop hour/minute drop-down fields....

Use escapeshellarg on shell calls in auth.inc. Ticket #6475

Validate submitted groups when editing a user. Ticket #6475

Add input validation to system_groupmanager.php to prevent invalid members from being submitted. Ticket #6475

Fix #6463 Dest net alias matching on page load

Do not set destination field to use customarray
Note: dstbeginport_cust does not exist on this page, so I got removed it here also to avoid future confusion.

Add resetwebgui to developer shell

This might be helpful to people if they have set the theme to something
that they are having trouble displaying, reading... or enabled some
widget that is not good or...
It allows them to get back to a known-working dashboard state, from...

Fix #6460 Interface mismatch apply changes button

Rework pkg_mgr_install.php:

- Stop using id parameter for additional packages, keep using it only
for firmware upgrades
- Created to control variables $completed and $confirmed to check all
the stages and make it easy to understand what is happening
- Stop using $pkgid and use $pkgname instead...

Implement pkg_valid_name()

Fix variable name s/POST/_POST/ and also parameter name s/complete/completed/

Fix indent

Improve readability

Improve readability

Simplify mode parameter validation