From 4c533b7968aed68c9dd4b5a76c0edf105d22c955 Mon Sep 17 00:00:00 2001 From: jdeluyck <5451787+jdeluyck@users.noreply.github.com> Date: Tue, 25 May 2021 19:52:32 +0200 Subject: [PATCH 01/10] Allow additional characters for 'Distinguished name Organisation" --- src/www/system_camanager.php | 4 ++++ src/www/system_certmanager.php | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/www/system_camanager.php b/src/www/system_camanager.php index 8fc90a3bb..f8a2ecd8b 100644 --- a/src/www/system_camanager.php +++ b/src/www/system_camanager.php @@ -321,6 +321,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["dn_commonname"])) { $input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters."); } + } elseif ($reqdfields[$i] == "csr_dn_organization") { + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\"\']/", $pconfig["csr_dn_organization"])) { + $input_errors[] = gettext("The field 'Distinguished name Organization' contains invalid characters."); + } } elseif (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["$reqdfields[$i]"])) { $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } diff --git a/src/www/system_certmanager.php b/src/www/system_certmanager.php index d133ec0c9..8f44852d5 100644 --- a/src/www/system_certmanager.php +++ b/src/www/system_certmanager.php @@ -577,7 +577,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters."); } - } elseif (($reqdfields[$i] != "descr" && $reqdfields[$i] != "csr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { + } elseif ($reqdfields[$i] == "csr_dn_organization") { + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\"\']/", $pconfig["csr_dn_organization"])) { + $input_errors[] = gettext("The field 'Distinguished name Organization' contains invalid characters."); + } + } elseif (($reqdfields[$i] != "descr" && $reqdfields[$i] != "csr" && $reqdfields[$i] != "csr_dn_organization") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } } From 57fbbeb0845b02da6ccc4e50f3e3bed57cac4b53 Mon Sep 17 00:00:00 2001 From: jdeluyck <5451787+jdeluyck@users.noreply.github.com> Date: Tue, 25 May 2021 20:47:33 +0200 Subject: [PATCH 02/10] also fix dn_organization --- src/www/system_camanager.php | 6 +++--- src/www/system_certmanager.php | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/www/system_camanager.php b/src/www/system_camanager.php index f8a2ecd8b..8f4812d6a 100644 --- a/src/www/system_camanager.php +++ b/src/www/system_camanager.php @@ -321,11 +321,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["dn_commonname"])) { $input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters."); } - } elseif ($reqdfields[$i] == "csr_dn_organization") { - if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\"\']/", $pconfig["csr_dn_organization"])) { + } elseif ($reqdfields[$i] == "dn_organization") { + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\"\']/", $pconfig["dn_organization"])) { $input_errors[] = gettext("The field 'Distinguished name Organization' contains invalid characters."); } - } elseif (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["$reqdfields[$i]"])) { + } elseif (($reqdfields[$i] != "descr" && $reqdfields[$i] != "dn_organization") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["$reqdfields[$i]"])) { $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } } diff --git a/src/www/system_certmanager.php b/src/www/system_certmanager.php index 8f44852d5..e5ade4244 100644 --- a/src/www/system_certmanager.php +++ b/src/www/system_certmanager.php @@ -577,9 +577,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters."); } - } elseif ($reqdfields[$i] == "csr_dn_organization") { - if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\"\']/", $pconfig["csr_dn_organization"])) { - $input_errors[] = gettext("The field 'Distinguished name Organization' contains invalid characters."); + } elseif ($reqdfields[$i] == "csr_dn_organization" || $reqdfields[$i] == "dn_organization") { + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\"\']/", $pconfig[$reqdfields[$i]])) { + $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } } elseif (($reqdfields[$i] != "descr" && $reqdfields[$i] != "csr" && $reqdfields[$i] != "csr_dn_organization") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); From b8cf4e899a745f3322452a742ed4f091c6314b4d Mon Sep 17 00:00:00 2001 From: jdeluyck <5451787+jdeluyck@users.noreply.github.com> Date: Tue, 25 May 2021 20:48:37 +0200 Subject: [PATCH 03/10] fix check on dn_organisation --- src/www/system_certmanager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/www/system_certmanager.php b/src/www/system_certmanager.php index e5ade4244..b7b7b7587 100644 --- a/src/www/system_certmanager.php +++ b/src/www/system_certmanager.php @@ -581,7 +581,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } - } elseif (($reqdfields[$i] != "descr" && $reqdfields[$i] != "csr" && $reqdfields[$i] != "csr_dn_organization") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { + } elseif (($reqdfields[$i] != "descr" && $reqdfields[$i] != "csr" && $reqdfields[$i] != "csr_dn_organization" && $reqdfields[$i] != "dn_organization") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } } From 053bb014be1d6bbb6c03dc165180e0cc07254b12 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Wed, 26 May 2021 10:16:54 +0200 Subject: [PATCH 04/10] shell: fix restore copy; closes #5011 --- src/opnsense/scripts/shell/restore.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/opnsense/scripts/shell/restore.sh b/src/opnsense/scripts/shell/restore.sh index 1af5daa60..e5c123836 100755 --- a/src/opnsense/scripts/shell/restore.sh +++ b/src/opnsense/scripts/shell/restore.sh @@ -84,7 +84,7 @@ while [ -z "${RESTORE}" ]; do echo done -echo cp /conf/backup/${RESTORE} /conf/config.xml +cp /conf/backup/${RESTORE} /conf/config.xml read -p "Do you want to reboot to apply the backup cleanly? [y/N]: " YN From 9a2f5c72231fba8841b363d242819fed961f57c8 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Wed, 26 May 2021 10:33:38 +0200 Subject: [PATCH 05/10] dhcp: missing dot --- src/www/services_dhcp.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/www/services_dhcp.php b/src/www/services_dhcp.php index c231cb0ba..f46f4ac20 100644 --- a/src/www/services_dhcp.php +++ b/src/www/services_dhcp.php @@ -685,7 +685,7 @@ include("head.inc"); /> From b824a7e0192a63d5e8ea80d731d432f1fb39724b Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Wed, 26 May 2021 12:06:26 +0200 Subject: [PATCH 06/10] webgui: make restart action usable in cron jobs, fixes #4956 (#4998) --- src/opnsense/service/conf/actions.d/actions_webgui.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/src/opnsense/service/conf/actions.d/actions_webgui.conf b/src/opnsense/service/conf/actions.d/actions_webgui.conf index fee6af903..17797d930 100644 --- a/src/opnsense/service/conf/actions.d/actions_webgui.conf +++ b/src/opnsense/service/conf/actions.d/actions_webgui.conf @@ -3,3 +3,4 @@ command:/usr/local/etc/rc.restart_webgui parameters:%s type:script message:Restarting web GUI +description:Restart web GUI service From 842e661ce4686b8bb5ab9af337d9142a9be69712 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Wed, 26 May 2021 12:55:15 +0200 Subject: [PATCH 07/10] github: offer link to open/closed tickets for search Too many duplicates in some cases when bugs were fixed fast. --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 169f77226..3f9beff78 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -10,7 +10,7 @@ assignees: '' Before you add a new report, we ask you kindly to acknowledge the following: - [ ] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md -- [ ] I have searched the existing issues and I am convinced that mine is new. +- [ ] I am convinced that my report is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue **Describe the bug** From 468eaa8a68b61fdfbc9d1c0b951dc0b6c8b58f66 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Wed, 26 May 2021 13:19:35 +0200 Subject: [PATCH 08/10] interfaces: interface_configure() checks for enabled --- src/www/interfaces.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/www/interfaces.php b/src/www/interfaces.php index 10bd99c80..a69c3fcc4 100644 --- a/src/www/interfaces.php +++ b/src/www/interfaces.php @@ -550,9 +550,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $toapplylist = unserialize(file_get_contents('/tmp/.interfaces.apply')); foreach ($toapplylist as $ifapply => $ifcfgo) { interface_bring_down($ifapply, $ifcfgo); - if (isset($config['interfaces'][$ifapply]['enable'])) { - interface_configure(false, $ifapply, true); - } + interface_configure(false, $ifapply, true); } system_routing_configure(); From f9cfb4658b1fb9785cccc8acabee0a52467b7b28 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Wed, 26 May 2021 14:30:26 +0200 Subject: [PATCH 09/10] System / Routes - delete previous route when changed. closes https://github.com/opnsense/core/issues/4621 --- .../controllers/OPNsense/Routes/Api/RoutesController.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Routes/Api/RoutesController.php b/src/opnsense/mvc/app/controllers/OPNsense/Routes/Api/RoutesController.php index 1a532b0e9..820dc1cd0 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Routes/Api/RoutesController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/Routes/Api/RoutesController.php @@ -66,6 +66,13 @@ class RoutesController extends ApiMutableModelControllerBase */ public function setrouteAction($uuid) { + $node = $this->getBase("route", "route", $uuid); + // delete previous route when changed (one shot, apply should only delete the last known situation) + if (!empty($node['route']['network']) && $_POST['route']['network'] != $node['route']['network'] + && !file_exists("/tmp/delete_route_{$uuid}.todo") + ) { + file_put_contents("/tmp/delete_route_{$uuid}.todo", $node['route']['network']); + } return $this->setBase("route", "route", $uuid); } From de09fb4f36051f7d6868b4ecaceb828c1059ef4f Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Wed, 26 May 2021 15:16:22 +0200 Subject: [PATCH 10/10] Trust - Distinguished name - Organisation validations, cleanup https://github.com/opnsense/core/pull/5010 --- src/www/system_camanager.php | 4 ++-- src/www/system_certmanager.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/www/system_camanager.php b/src/www/system_camanager.php index 8f4812d6a..9558a118d 100644 --- a/src/www/system_camanager.php +++ b/src/www/system_camanager.php @@ -323,9 +323,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { } } elseif ($reqdfields[$i] == "dn_organization") { if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\"\']/", $pconfig["dn_organization"])) { - $input_errors[] = gettext("The field 'Distinguished name Organization' contains invalid characters."); + $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } - } elseif (($reqdfields[$i] != "descr" && $reqdfields[$i] != "dn_organization") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["$reqdfields[$i]"])) { + } elseif ($reqdfields[$i] != "descr" && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["$reqdfields[$i]"])) { $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } } diff --git a/src/www/system_certmanager.php b/src/www/system_certmanager.php index b7b7b7587..86fe83bfe 100644 --- a/src/www/system_certmanager.php +++ b/src/www/system_certmanager.php @@ -581,7 +581,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } - } elseif (($reqdfields[$i] != "descr" && $reqdfields[$i] != "csr" && $reqdfields[$i] != "csr_dn_organization" && $reqdfields[$i] != "dn_organization") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { + } elseif ($reqdfields[$i] != "descr" && $reqdfields[$i] != "csr" && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } }