pfSense

Add specific platform detection for PC Engines APU2

Based detection on $product rather than $hw_model, because $hw_model
returns the name of the AMD SoC, which might be used on other boards.

(cherry picked from commit ffda0181a4c0989085a201e1a9b6bb0b1d691889)

Encode the auth server list before passing it on the CLI, to avoid issues with special characters that break when interpreted as URL parameters during OpenVPN auth. Fixes #7002

Do not allow a group name to start with 'pkg-', reserve it for packages use (e.g. tinc)

Update interface group name validation rules to match ifconfig

Fix #6976: Make sure interface description, interface name and alias don't have the same name

Ticket #6976: Check disabled interfaces

Ensure that mobile IPsec client addresses are added to vpn_networks. Fixes #7005

Update services_captiveportal.php

fixes https://redmine.pfsense.org/issues/6391
(cherry picked from commit 6ba184a1d6ead4cdbc4369c1a7ddcc820e8ffcce)

Comment typos in itemid.inc
(cherry picked from commit 632a238f1fb7f0c80e76058563a95bbf6785df53)

Improve input validation for services_dhcp_relay

While looking at interactions between DHCP Relay and DHCP Server, I noticed a few annoying/inconsistent things in driving the UI:
1) If there were validation errors on the Destination Server IP Addresses that the user input, messages would be given about invalid addresses but the data in the Destination Server row(s) would be reset to what it was before the user started editing, losing whatever they changes they had been trying to make so far....

move export button to heading for status monitoring page

Fix #6472: Enable/Disable associated firewall rule when NAT rule changes

Ticket #6472: Respect disabled field

Respect disabled field when creating firewall associated rule

Ticket #6472: Add toggle_id

Introduce toggle_id() used to enable/disable associated firewall rules

Do not set disabled or nordr fields when they are not selected. Checks are using isset() and not its boolean value

Simplify logic

Fix comments

$array doesn't need to be a reference here

Update simplepie (RSS Parsing library) to 1.4.3

Fix copy/paste error in variable test.

Fix log file deletion

Fix #6996 using existing variable

Fix #6857

During boot local_sync_acocunts() should be able to access LDAP server
on a non-local network or also resolve LDAP server hostname. To make it
possible move calls to create static routes and start dnsmasq/unbound
to run earlier

Specify IP to set for zoneedit

(cherry picked from commit 176d24e1206586cc67888bcbd3a4d947f043a187)

Remove destination self from NAT 1:1

It is not needed and caused problems if used and was not remembered on
edit anyway.

(cherry picked from commit 6b8f9c356f8580c2c7b34b9c2526ab2a4cc7e662)

Fix #6224 NAT edit - preserve user selections when input errors

1) Edit a NAT Port Forward rule, change the destination type to "Network", but do not input any network address/mask.
2) Press Save, an input error is reported telling that the network destination address/mask is required - good....

Feature #3151 Disable gateway monitoring actions

without disabling gateway monitoring.

This allows the user to continue to monitor the gateway with dpinger, so
they can see how it is performing, but for the system not to take any
real action if the latency/loss exceeds the given limits....

Fix bandwidth limitation in mac passthrough auth

(cherry picked from commit aa1c6774927fd6e1b11a9315900035c0e084fd82)

move back to r53.class for license continuity

(cherry picked from commit 16b163661b1d1a5bcc9a24ce023f7a06c5fb420e)

note inspiration/sanity check from r53.class code

(cherry picked from commit 260228142573deeb8ef5eaee34c761ca783f8cd3)

fix testing headers for bad data

(cherry picked from commit 8d8405baf12806a7f09ef8562cfb24f9083809d3)

noted testing for Route53

(cherry picked from commit c46412956fb629a2f7dc94ca2a553444046a39c3)

Fixed status success message typo and cleaned up

(cherry picked from commit 166f4a4c67e61334791b43a21845603c1295ab2c)

fix auth header and minor XML tag issue

(cherry picked from commit 616a24828992d37ea67e810dbf9fd84ec80562e7)

initial commit of code -- having a signing error

(cherry picked from commit cc5adcaa679686e54e4035fa5bc283b1cac085a2)

php fatal error logging

(cherry picked from commit ae3463540ea0a3cc94c18ad9c7b829b2645e8910)

NAT 1:1 edit - preserve user selections on edit-save with input errors

1) Edit a NAT 1:1 rule, change the source and/or destination type to "Network", but do not input any network address/mask.
2) Press Save, input errors are reported telling that the network source and/or destination address/mask is required - good....

Captive portal: add option to include idle time in total session time

Add an option to choose whether the time spent idle by a user disconnected for exceeding the idle timeout must be included in the total session time sent to the RADIUS server or not.

(cherry picked from commit 1878e1c932fa467956ef44d4bd39adb7d4d21243)

Add BIND logging to proper facility (Bug #5524)

Stop the /etc/inc/system.inc patching by dns/pfSense-pkg-bind9 package.
(cherry picked from commit 957ec89e7959e966e87f83055f57936a945a6b00)

Added STARTTLS to LDAP Auth Server Config

(cherry picked from commit d672403c250556ced61d6eec7c51f5518b5f8c6b)

Merge pull request #3251 from phil-davis/dyndnsclass23

Tidy input errors in services_ntpd_acls

1) If there are multiple rows with invalid IP addresses then the same message was displayed multiple times. We might as well let the use know which row(s) have the problem.
2) The section that checks is_subnet stuff was first using is_ipaddr() (redundantly given it is already in the else of !is_ipaddr() ), and then is_subnet() - these would have handled both the IPv4 and IPv6 cases, so the other IPv6 tests would never have happened....

Backport Cloudflare and Gratis plus passwords in base64 DynDNS changes

Note: corresponding change to upgrade_config.inc to come in master to
correctly implement the upgrade_155_to_156 code, that is master only and
will become upgrade_158_to_159

Do not truncate IPv6 addresss in NTP widget (Bug #4815)
(cherry picked from commit cd2c59c9839e38fa7cbd4ae217fe14883b086145)

wbr tag needs a css compatibility fix for some browsers

See comment in the PR
(cherry picked from commit e67157bee85f71929d687e2c03020618f18c8f6d)

[theme] Compact-RED: fix `sortable` table fonts

(cherry picked from commit f84c1e1ef92e7e69e0eb8672a450a255ee2dfe95)

Start building tftpd package

remove bogus debug

Fixed #6454
Fixed #6984

Create a dummy /etc/printcap when starting bsnmpd so it it will not log errors. Fixes #6838

interfaces, show error message if adding duplicate gateway

(cherry picked from commit e8517c7c16b8a845333c7d0e91f552144e6b5560)

Clarified help text for ddnsforcehostname option.

(cherry picked from commit 9ca5d4abf949e088d6f1966003a6bf957f3cbdf6)

Added title to ddnsforcehostname checkbox

(cherry picked from commit cfc10a3364fee9ab220b9ada5584bfbe62ba800c)

Removed TODO comment

(cherry picked from commit a7e3001c740c79da652a9a4d53509e95adaf0c77)

Add ddnsforcehostname option to DHCP6 Server configuration editor

(cherry picked from commit 1a6bda5b389df05d6dac024e8445d3a00e01e823)

Add ddnsforcehostname option to DHCP Server configuration editor

(cherry picked from commit cf15bcb41f5befb3668f4608aafeddcb8bb18a58)

Add ddnsforcehostname option to Static Mapping editor

(cherry picked from commit 62abab65c9c3fb010862201b327b426b3b9fc3b8)

Put DDNS hostname config in the wrong place

It is relevant to the interface, not just the per-static-mapping DDNS config.

(cherry picked from commit f0cce276a6c292ed23bb628c499989107f6b162e)

Implement ddns-hostname option emission for static hosts in services.inc.

(cherry picked from commit 011f550d9b6d5980bd486af3254b387d3019783b)

Add missing L2TP from this gateway handling case. Fixes #6980

Fix reversed accounting style

(cherry picked from commit f3838572c59ea5ebe656851511c75d217afec815)

Remove extraneous )

Correct "not ready" flag

Update setup_wizard.xml
(cherry picked from commit b0b2af901f352dbbaad0b09d06fe7adb105ff7a4)

LAN IP validation logic
(cherry picked from commit 6a365a4c80aced41ec87ad93ed2c986d9935a4ea)

Update setup_wizard.xml
(cherry picked from commit 3ad0f9b63f690f77cf8c4d398b521eba6909f0bc)

update conditional re:LAN dhcp
(cherry picked from commit 0eb2512f93c7e187511ea258948715c2e230e98f)

update LAN regex for case insensitivity
(cherry picked from commit 32980f321e854bf008efa04ee9187553231b6423)

- added support for duiadns.net ipv4 and ipv6

(cherry picked from commit 19b7263e859243adfcf6588533cb47b4c768765e)

IPv6 address can contain a dot

When requiring the entry of an IPv6 address, the regex pattern should still allow a dot, so that an IPv6 address can be entered in the format that has an IPv4-address-like part at the end:
aa:bb:cc:dd:ee:ff:1.2.3.4
which is a valid way to choose to specify an IPv6 address....

Captive portal: use "Admin Reset" as termination cause when disconnecting a user from admin UI

When a user is disconnected by the administrator using the pfSense captive portal status page or widget set the value of the Acct-Terminate-Cause in the RADIUS accounting stop packet to "Admin Reset" (6) as per RFC 2866....

clarified input format hint for expiration date
(cherry picked from commit 98b87cfafe8a890787ca5d22a1089678b9b250ac)

Fix System Update link

Send packages to files03 too

Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963

increase webgui usability when the remote ldap server isn't available

(cherry picked from commit b77a63948b4bd54f3d2e6e9d3822588105fb5741)

ipsec mobile clients, don't check mobile leases if mobile client isn't enabled to begin with

(cherry picked from commit 339279415ced4aaaafb96fc14a334a172b8db49f)

Improved error message to explicitly state allowable characters

Related to Bug #6432.

(cherry picked from commit 3b55b54e9c76998a2b0e28897a0be79d5cf0cb8f)

DHCPv6 ddnsdomainprimary must currently be IPv4

This field is currently validated to allow only an IPv4 address to be entered, so it may as well be consistent client-side so the user knows that only an IPv4 address is allowed.
(cherry picked from commit ff3d11c85450284d8949234f90af7a6c6681199e)

services_dhcp_edit add extra IPv4 validation

a) Validate that ipaddr must be IPv4 (note if you enter an IPv6 address, it will fail other later tests of being in the subnet etc, but it is nice to give the user an explicit message that they must enter an IPv4 address)...

Specify the IP address family in interfaces.php

Where it is known what sort of IP address is required, we can specify it in the call to Form_IpAddress. That will make the hover text reflect what is really required as input, and make the client-side regex pattern also match only the allowed chars....

Keep the rule type selection after input errors on firewall rule

If the user:
a) Edit a firewall rule
b) Select "single host or alias"
c) Enter an invalid IP address that is not an alias
d) Press "Save"
The error is displayed "1.2.3.999 is not a valid source IP address or alias"...

add All-Inkl to services.class
(cherry picked from commit 360f3a9011d143944fcd8e5e6b69fced2f9baaf7)

add All-Inkl to dyndns.class
(cherry picked from commit 575b1dcf0bdb28c431fca420d27bdedf579ec9c4)

Silence kenv calls

Added addrtolower() to interface pages

Added addrtolower calls to force IPv6 addresses to lower case
First of many

Revise filter_reload page to display entire reload_filter_status contents, not just last line

Revise shaper wizards to support multi-line filter_reload_status

Revise update_filter_relaod_status() function to append status messages rather than overwrite the file

Fixed #6922
Added code for IPv6 Dynamic DNS

Fixed #6939 by moving CSS only to the two pages that require it

Build hping

Revert "Set dhcp-cache-threshold to 0 to avoid a bug in dhcpd 4.3.x where it omits client-hostname where the cache threshold is reached. Ticket #6589"

Reverted after upgrade dhcpd server to 4.3.5

This reverts commit 9dacff7f1b2b89ebebc1e9456d642e0657bb89cc.

Revert "Apply the fix for ticket #6589 also into dhcpdv6 config"

Reverted after upgrade dhcpd server to 4.3.5

This reverts commit 776692947bda5c867c7f5e60550c3a508760c251.

Fixed #6931

Revise host and domain sorting so that the index is not lost

Added addrtolower() function to allow IPv6 addresses to be converted to lower case while preserving aliases or other text

Revert "Fix #6864 automatically convert IPv6 input to lowercase"

This reverts commit d461ff40e364fc0ecc003b9f673cbad7c6a08f2f.

(cherry picked from commit 75bc87fe10f30f49a09218820f7bb59e859cb6bb)

Revert "Fix #6918 Allow aliases with capital letters in rules"

This reverts commit 9444a281f051e11d5456cc37b2a3f56fc8a7bc33.

(cherry picked from commit 9128641db5c9b6839163948f3f71ad139c7a4625)