pfSense/pfsense f8560a1src/etc/inc auth_func.inc

Privilege matching -- allow JS anchors. Fixes #9550

Attempts to detect a special case where a file does not actually
exist, and yet should be allowed since it is used by JavaScript.

So long as the anchor name doesn't contain any characters that might let
it evade other checks, allow it through.

(cherry picked from commit bdbd8534eef5b93370065340de225a1cd5e5faa8)

pfSense/pfsense bdbd853src/etc/inc auth_func.inc

Privilege matching -- allow JS anchors. Fixes #9550

Attempts to detect a special case where a file does not actually
exist, and yet should be allowed since it is used by JavaScript.

So long as the anchor name doesn't contain any characters that might let
it evade other checks, allow it through.

pfSense/pfsense 00680d3src/etc rc.bootup, src/usr/local/www system_advanced_misc.php

Add GUI components for MDS mitigation. Implements #9532

While here, add option to disable PTI display in sysinfo widget.
Implements #9323

(cherry picked from commit 42c48efe1c326273079ac38176098a1993f8ae88)

pfSense/pfsense 42c48efsrc/etc rc.bootup, src/usr/local/www system_advanced_misc.php

Add GUI components for MDS mitigation. Implements #9532

While here, add option to disable PTI display in sysinfo widget.
Implements #9323

pfSense/pfsense ac0bb6bsrc/usr/local/www diag_dns.php

Use correct variable in IP address validation check for DNS. Fixes #9543

(cherry picked from commit 912562c4d76e9b629e99d44c56b363147d9ded0d)

pfSense/pfsense 912562csrc/usr/local/www diag_dns.php

Use correct variable in IP address validation check for DNS. Fixes #9543

pfSense/pfsense b9ed452src/usr/local/www head.inc

Remove wildcards incorrectly used in isAllowedPage(). Fixes #9541

(cherry picked from commit cf529cbe33ae53f3f95b37a227da141b97465f20)

pfSense/pfsense cf529cbsrc/usr/local/www head.inc

Remove wildcards incorrectly used in isAllowedPage(). Fixes #9541

pfSense/pfsense e905762tools/conf/pfPorts poudriere_bulk

Add sysutils/ccze to the repo

pfSense/pfsense e82e602tools/conf/pfPorts poudriere_bulk

Add sysutils/ccze to the repo

pfSense/pfsense 057d15dsrc/usr/local/www status_logs_common.inc

Fix a potential source of PHP errors when saving per-log settings. Fixes #9540

While here, fix save descriptions.

(cherry picked from commit 303641f8283016a88f53c7743c962e16ba683579)

pfSense/pfsense 303641fsrc/usr/local/www status_logs_common.inc

Fix a potential source of PHP errors when saving per-log settings. Fixes #9540

While here, fix save descriptions.

pfSense/pfsense 3f45cc9src/etc/inc vpn.inc ipsec.inc

Add in DH 32, a patch for strongSwan will be in soon to test with. Issue #9531

pfSense/pfsense 4fc2674src/etc/inc vpn.inc ipsec.inc

Add RFC 8031 Group 31 to IPsec. Implements #9531

pfSense/pfsense 2bf6d43src/etc/inc auth.inc

Revert "LDAP TLS option update. Implements #9417"

This reverts commit efdba6ca75e001e8426b2ecab49f71b53d5c9e30.
DeltaFile
+32-30src/etc/inc/auth.inc
+32-301 files

pfSense/pfsense 22d6b2csrc/etc/inc auth.inc

Use correct certificate path for LDAP

pfSense/pfsense 657ab39tools builder_defaults.sh

Welcome 2.4.4-RELEASE-p3

pfSense/pfsense 92d5396src/etc/inc priv.defs.inc, src/etc/inc/priv user.priv.inc

Implement new OpenVPN advanced options privilege. Fixes #9511

(cherry picked from commit 4a1841a1fabcba0100f6a4f505fc1e132c29da20)

pfSense/pfsense 0dd99desrc/usr/local/www/wizards openvpn_wizard.xml openvpn_wizard.inc

Remove Advanced box from OpenVPN Wizard. Issue #9511

(cherry picked from commit b8ca6554d022e99921835a2fdb35103f41a7302e)

pfSense/pfsense 4a1841asrc/etc/inc priv.defs.inc, src/etc/inc/priv user.priv.inc

Implement new OpenVPN advanced options privilege. Fixes #9511

pfSense/pfsense b8ca655src/usr/local/www/wizards openvpn_wizard.xml openvpn_wizard.inc

Remove Advanced box from OpenVPN Wizard. Issue #9511

pfSense/pfsense 7ccb452src/etc/inc priv.defs.inc, src/usr/local/www services_acb_backup.php services_acb.php

Fix ACB privileges. Fixes #9519

(cherry picked from commit 18c1de41332473dacd8a24ddf34e558f6366c714)

pfSense/pfsense 18c1de4src/etc/inc priv.defs.inc, src/usr/local/www services_acb_backup.php services_acb.php

Fix ACB privileges. Fixes #9519

pfSense/pfsense 6cb5a93src/etc/inc unbound.inc

Rewrite unbound remotecontrol.conf when it is empty. Fixes #9470

(cherry picked from commit 4b70a2006e6afb7813344eec8cafb8570e67256b)

pfSense/pfsense 44fb8acsrc/etc/inc unbound.inc, src/usr/local/www system.php services_unbound_domainoverride_edit.php

Add back DNS over TLS host verification code. Fixes #8602

Requires Unbound 1.9.0_1 from pfsense/freebsd-ports, which fixes a bug
in Unbound 1.9.0 which did not fully implement OpenSSL 1.0.2 host
validation support. See https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4206#c5

(cherry picked from commit 7e8bfed216304b37342a0800eb35ef7c29546f5d)

pfSense/pfsense fdb7f0asrc/usr/local/www status.php

status.php updates

* Ensure firewall info is generated when run from the CLI
* For SG-1100, also include its public key

(cherry picked from commit 2309b26a2b4643d9b4d0ea9be371004a781acc09)

pfSense/pfsense c6d5430src/usr/local/www index.php

Fix another typo

(cherry picked from commit a0930ca608eb6b22b256c95ab2d829932b085f82)

pfSense/pfsense ff32782src/etc/inc filter.inc

Add parens around NAT reflection rule interface. Fixes #9446

(cherry picked from commit 8800ee6f90d2ac91ca9c2886bd260bc1a4e12893)

pfSense/pfsense 1f5fcdbsrc/etc/inc copynotice.inc, src/usr/local/www index.php

Fix typo

(cherry picked from commit 929cc874f6d32908739cc30e70c0eeba25127fb8)

pfSense/pfsense 70f50a2src/etc/inc copyget.inc

Fix a typo.

Reported by:    jimt

(cherry picked from commit b0945941088c7383882688a6c6e774eb831f6486)

pfSense/pfsense 87642f6src/etc/inc authgui.inc

#9096 - updated login title

(cherry picked from commit 814a7c2f1d828fedef13bb2bf326d8014e9e25bf)

pfSense/pfsense efdba6csrc/etc/inc auth.inc

LDAP TLS option update. Implements #9417

(cherry picked from commit 996a1ad90e5682bf881bafd8b75d1b1a7e3f7831)
DeltaFile
+30-32src/etc/inc/auth.inc
+30-321 files

pfSense/pfsense 4a762cfsrc/etc/inc copynotice.inc, src/usr/local/www/widgets/include picture.inc openvpn.inc

Update copyright notices to 2019. Happy New Year

(cherry picked from commit 0b4c14a491664053aad3cc76e1ffd67b70ff2da1)

pfSense/pfsense ffe379asrc/etc/inc auth_func.inc

Strengthen path privilege check. Fixes #9513

* Removes/resolves any relative paths in the submitted URL
* Validates that the file exists
* Trims the path component off after in a nicer way

(cherry picked from commit 0604f68855ff65b92cdebd57a08a2ceccbef675c)

pfSense/pfsense 0604f68src/etc/inc auth_func.inc

Strengthen path privilege check. Fixes #9513

* Removes/resolves any relative paths in the submitted URL
* Validates that the file exists
* Trims the path component off after in a nicer way

pfSense/pfsense 2d7ec8bsrc/etc/inc/priv user.priv.inc

Make widget privilege matching more specific. Fixes #9512

(cherry picked from commit bc319bc01a4d709b39e4c93c7223d277ee666bff)

pfSense/pfsense bc319bcsrc/etc/inc/priv user.priv.inc

Make widget privilege matching more specific. Fixes #9512

pfSense/pfsense a8a07cfsrc/etc/inc priv.defs.inc, src/usr/local/www vpn_openvpn_client.php vpn_openvpn_csc.php

Add warning for OpenVPN client, server, and override privileges.

Since these can use OpenVPN advanced directives to call external
scripts, they can be used to run commands that the user may not
otherwise have access to run.

Issue #9510

(cherry picked from commit f75b0eb8e781570a84e8700b150e09e081ccacfe)

pfSense/pfsense f75b0ebsrc/etc/inc priv.defs.inc, src/usr/local/www vpn_openvpn_server.php vpn_openvpn_csc.php

Add warning for OpenVPN client, server, and override privileges.

Since these can use OpenVPN advanced directives to call external
scripts, they can be used to run commands that the user may not
otherwise have access to run.

Issue #9510

pfSense/pfsense 48ab49asrc/usr/local/www services_acb.php

Encode download parameter before use. Fixes #9508

(cherry picked from commit ce77c104eee92cfbbc0d84980e60899295dadeac)

pfSense/pfsense ce77c10src/usr/local/www services_acb.php

Encode download parameter before use. Fixes #9508

pfSense/pfsense 5b5bb24src/usr/local/www/widgets/widgets wake_on_lan.widget.php

Encode descr in the WOL widget. Fixes #9507

(cherry picked from commit 5789a02eab9b2ebbcb1f28d1d037b408b436a853)

pfSense/pfsense 5789a02src/usr/local/www/widgets/widgets wake_on_lan.widget.php

Encode descr in the WOL widget. Fixes #9507

pfSense/pfsense 41c9facsrc/usr/local/www status_filter_reload.php

Encode output in status_filter_reload.php. Fixes #9499

(cherry picked from commit 1af9400d594cd183d011f22fa9b3a7630570a250)

pfSense/pfsense 1af9400src/usr/local/www status_filter_reload.php

Encode output in status_filter_reload.php. Fixes #9499

pfSense/pfsense 42d3290src/usr/local/www interfaces_qinq_edit.php

Init array before use

pfSense/pfsense 89c1390src/usr/local/www interfaces_qinq_edit.php

Init array before use

(cherry picked from commit a8a0b1321d2a477772aac4d0034d819b61f2c9bf)

pfSense/pfsense b8d7497tools/conf/pfPorts poudriere_bulk

Fix #9451: Enable build of zabbix 4.2

pfSense/pfsense 3033533tools/conf/pfPorts poudriere_bulk

Fix #9451: Enable build of zabbix 4.2

pfSense/pfsense 1b5941etools/conf/pfPorts make.conf

Remove zabbix 3.2 and 3.4 options