6 files changed, 104 insertions, 40 deletions

diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc
index c3536c8..47616ee 100644
--- a/src/etc/inc/authgui.inc
+++ b/src/etc/inc/authgui.inc
@@ -277,7 +277,7 @@ if (isset($config['system']['webgui']['webguicss'])) {
 							<div class="form-group">
 								<label for="usernamefld" class="col-sm-3 control-label">Username</label>
 								<div class="col-sm-9 col-md-7">
-									<input type="text" class="form-control" name="usernamefld" id="usernamefld" placeholder="Enter your username">
+									<input type="text" class="form-control" name="usernamefld" id="usernamefld" placeholder="Enter your username" autocorrect="off" autocapitalize="none" spellcheck="false">
 								</div>
 							</div>
 
diff --git a/src/etc/inc/smtp.inc b/src/etc/inc/smtp.inc
index 54aa8cf..de5522c 100644
--- a/src/etc/inc/smtp.inc
+++ b/src/etc/inc/smtp.inc
@@ -2,7 +2,7 @@
 /*
  * smtp.php
  *
- * @(#) $Header: /opt2/ena/metal/smtp/smtp.php,v 1.48 2014/11/23 22:45:30 mlemos Exp $
+ * @(#) $Header: /opt2/ena/metal/smtp/smtp.php,v 1.50 2016/01/19 00:16:06 mlemos Exp $
  *
  */
 
@@ -12,7 +12,7 @@
 
 	<package>net.manuellemos.smtp</package>
 
-	<version>@(#) $Id: smtp.php,v 1.48 2014/11/23 22:45:30 mlemos Exp $</version>
+	<version>@(#) $Id: smtp.php,v 1.50 2016/01/19 00:16:06 mlemos Exp $</version>
 	<copyright>Copyright (C) Manuel Lemos 1999-2011</copyright>
 	<title>Sending e-mail messages via SMTP protocol</title>
 	<author>Manuel Lemos</author>
@@ -261,7 +261,7 @@ class smtp_class
 	<variable>
 		<name>user_agent</name>
 		<type>STRING</type>
-		<value>SMTP Class (http://www.phpclasses.org/smtpclass $Revision: 1.48 $)</value>
+		<value>SMTP Class (http://www.phpclasses.org/smtpclass $Revision: 1.50 $)</value>
 		<documentation>
 			<purpose>Set the user agent used when connecting via an HTTP proxy.</purpose>
 			<usage>Change this value only if for some reason you want emulate a
@@ -270,7 +270,7 @@ class smtp_class
 	</variable>
 {/metadocument}
 */
-	var $user_agent='SMTP Class (http://www.phpclasses.org/smtpclass $Revision: 1.48 $)';
+	var $user_agent='SMTP Class (http://www.phpclasses.org/smtpclass $Revision: 1.50 $)';
 
 /*
 {metadocument}
@@ -1265,12 +1265,14 @@ class smtp_class
 				elseif($success = ($this->PutLine('STARTTLS')
 				&& $this->VerifyResultLines('220',$responses)>0))
 				{
-					$this->OutputDebug('Starting TLS cryptograpic protocol');
+					if($this->debug)
+						$this->OutputDebug('Starting TLS cryptograpic protocol');
 					if(!($success = @stream_socket_enable_crypto($this->connection, 1, STREAM_CRYPTO_METHOD_TLS_CLIENT)))
 						$this->error = 'could not start TLS connection encryption protocol';
 					else
 					{
-						$this->OutputDebug('TLS started');
+						if($this->debug)
+							$this->OutputDebug('TLS started');
 						$success = $this->StartSMTP($localhost);
 					}
 				}
@@ -1887,4 +1889,4 @@ class smtp_class
 
 */
 
-?>
+?>
\ No newline at end of file
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index 6d869e5..1a137d1 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -159,11 +159,11 @@ function system_resolvconf_generate($dynupdate = false) {
 	$syscfg = $config['system'];
 
 	if ((((isset($config['dnsmasq']['enable'])) &&
-	      (!isset($config['dnsmasq']['port']) || $config['dnsmasq']['port'] == "53") &&
+	      (empty($config['dnsmasq']['port']) || $config['dnsmasq']['port'] == "53") &&
 	      (empty($config['dnsmasq']['interface']) ||
 	       in_array("lo0", explode(",", $config['dnsmasq']['interface'])))) ||
 	     ((isset($config['unbound']['enable'])) &&
-	      (!isset($config['unbound']['port']) || $config['unbound']['port'] == "53") &&
+	      (empty($config['unbound']['port']) || $config['unbound']['port'] == "53") &&
 	      (empty($config['unbound']['active_interface']) ||
 	       in_array("lo0", explode(",", $config['unbound']['active_interface'])) ||
 	       in_array("all", explode(",", $config['unbound']['active_interface']), true)))) &&
diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc
index dedab7c..d627f11 100644
--- a/src/etc/inc/upgrade_config.inc
+++ b/src/etc/inc/upgrade_config.inc
@@ -654,7 +654,7 @@ function upgrade_039_to_040() {
 		$config['system']['user'][0]['priv'][2]['descr'] = gettext("Indicates whether this user is able to login for example via SSH.");
 		$config['system']['user'][0]['priv'][3]['id'] = "copyfiles";
 		$config['system']['user'][0]['priv'][3]['name'] = "Is allowed to copy files";
-		$config['system']['user'][0]['priv'][3]['descr'] = sprintf(gettext("Indicates whether this user is allowed to copy files onto the %s appliance via SCP/SFTP. If you are going to use this privilege, you must install scponly on the appliance (Hint: pkg_add -r scponly)."), $g['product_name']);
+		$config['system']['user'][0]['priv'][3]['descr'] = sprintf(gettext("Indicates whether this user is allowed to copy files onto the %s appliance via SCP/SFTP."), $g['product_name']);
 		$config['system']['user'][0]['priv'][4]['id'] = "isroot";
 		$config['system']['user'][0]['priv'][4]['name'] = "Is root user";
 		$config['system']['user'][0]['priv'][4]['descr'] = gettext("This user is associated with the UNIX root user (you should associate this privilege only with one single user).");
diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc
index b542566..c767f25 100644
--- a/src/etc/inc/util.inc
+++ b/src/etc/inc/util.inc
@@ -847,36 +847,44 @@ function subnetv4_expand($subnet) {
 	return $result;
 }
 
-/* find out whether two subnets overlap */
+/* find out whether two IPv4/IPv6 CIDR subnets overlap.
+   Note: CIDR overlap implies one is identical or included so largest sn will be the same */
 function check_subnets_overlap($subnet1, $bits1, $subnet2, $bits2) {
-
-	if (!is_numeric($bits1)) {
-		$bits1 = 32;
-	}
-	if (!is_numeric($bits2)) {
-		$bits2 = 32;
-	}
-
-	if ($bits1 < $bits2) {
-		$relbits = $bits1;
+	if (is_ipaddrv4($subnet1)) {
+		return check_subnetsv4_overlap($subnet1, $bits1, $subnet2, $bits2);
 	} else {
-		$relbits = $bits2;
+		return check_subnetsv6_overlap($subnet1, $bits1, $subnet2, $bits2);
 	}
+}
 
-	$sn1 = gen_subnet_mask_long($relbits) & ip2long($subnet1);
-	$sn2 = gen_subnet_mask_long($relbits) & ip2long($subnet2);
-
-	return ($sn1 == $sn2);
+/* find out whether two IPv4 CIDR subnets overlap.
+   Note: CIDR overlap means sn1/sn2 are identical or one is included in other. So sn using largest $bits will be the same  */
+function check_subnetsv4_overlap($subnet1, $bits1, $subnet2, $bits2) {
+	$largest_sn = min($bits1, $bits2);
+	$subnetv4_start1 = gen_subnetv4($subnet1, $largest_sn);
+	$subnetv4_start2 = gen_subnetv4($subnet2, $largest_sn);
+	
+	if($subnetv4_start1 == '' || $subnetv4_start2 == '') {
+		// One or both args is not a valid IPv4 subnet
+		//FIXME: needs to return "bad data" not true/false if bad. For now return false, best we can do until fixed
+		return false;
+	}
+	return ($subnetv4_start1 == $subnetv4_start2);
 }
 
-/* find out whether two IPv6 subnets overlap */
+/* find out whether two IPv6 CIDR subnets overlap.
+   Note: CIDR overlap means sn1/sn2 are identical or one is included in other. So sn using largest $bits will be the same  */
 function check_subnetsv6_overlap($subnet1, $bits1, $subnet2, $bits2) {
-	$sub1_min = gen_subnetv6($subnet1, $bits1);
-	$sub1_max = gen_subnetv6_max($subnet1, $bits1);
-	$sub2_min = gen_subnetv6($subnet2, $bits2);
-	$sub2_max = gen_subnetv6_max($subnet2, $bits2);
-
-	return (is_inrange_v6($sub1_min, $sub2_min, $sub2_max) || is_inrange_v6($sub1_max, $sub2_min, $sub2_max) || is_inrange_v6($sub2_min, $sub1_min, $sub1_max));
+	$largest_sn = min($bits1, $bits2);
+	$subnetv6_start1 = gen_subnetv6($subnet1, $largest_sn);
+	$subnetv6_start2 = gen_subnetv6($subnet2, $largest_sn);
+	
+	if($subnetv6_start1 == '' || $subnetv6_start2 == '') {
+		// One or both args is not a valid IPv6 subnet
+		//FIXME: needs to return "bad data" not true/false if bad. For now return false, best we can do until fixed
+		return false;
+	}
+	return ($subnetv6_start1 == $subnetv6_start2);
 }
 
 /* return true if $addr is in $subnet, false if not */
diff --git a/src/etc/pfSense.obsoletedfiles b/src/etc/pfSense.obsoletedfiles
index 4f6f453..f389efc 100644
--- a/src/etc/pfSense.obsoletedfiles
+++ b/src/etc/pfSense.obsoletedfiles
@@ -445,7 +445,6 @@
 /usr/local/bin/spawn-fcgi
 /usr/local/bin/tickadj
 /usr/local/bin/verifysig
-/usr/local/etc/lighttpd
 /usr/local/etc/pkg.conf
 /usr/local/info
 /usr/local/lib/engines
@@ -518,7 +517,66 @@
 /usr/local/lib/libsyslog-ng-3.4.7.so
 /usr/local/lib/libsyslog-ng-3.5.4.1.so
 /usr/local/lib/libxml2.so.5
-/usr/local/lib/lighttpd
+/usr/local/lib/lighttpd/mod_access.a
+/usr/local/lib/lighttpd/mod_access.la
+/usr/local/lib/lighttpd/mod_accesslog.a
+/usr/local/lib/lighttpd/mod_accesslog.la
+/usr/local/lib/lighttpd/mod_alias.a
+/usr/local/lib/lighttpd/mod_alias.la
+/usr/local/lib/lighttpd/mod_auth.a
+/usr/local/lib/lighttpd/mod_auth.la
+/usr/local/lib/lighttpd/mod_cgi.a
+/usr/local/lib/lighttpd/mod_cgi.la
+/usr/local/lib/lighttpd/mod_cml.a
+/usr/local/lib/lighttpd/mod_cml.la
+/usr/local/lib/lighttpd/mod_compress.a
+/usr/local/lib/lighttpd/mod_compress.la
+/usr/local/lib/lighttpd/mod_dirlisting.a
+/usr/local/lib/lighttpd/mod_dirlisting.la
+/usr/local/lib/lighttpd/mod_evasive.a
+/usr/local/lib/lighttpd/mod_evasive.la
+/usr/local/lib/lighttpd/mod_evhost.a
+/usr/local/lib/lighttpd/mod_evhost.la
+/usr/local/lib/lighttpd/mod_expire.a
+/usr/local/lib/lighttpd/mod_expire.la
+/usr/local/lib/lighttpd/mod_fastcgi.a
+/usr/local/lib/lighttpd/mod_fastcgi.la
+/usr/local/lib/lighttpd/mod_flv_streaming.a
+/usr/local/lib/lighttpd/mod_flv_streaming.la
+/usr/local/lib/lighttpd/mod_indexfile.a
+/usr/local/lib/lighttpd/mod_indexfile.la
+/usr/local/lib/lighttpd/mod_mysql_vhost.a
+/usr/local/lib/lighttpd/mod_mysql_vhost.la
+/usr/local/lib/lighttpd/mod_proxy.a
+/usr/local/lib/lighttpd/mod_proxy.la
+/usr/local/lib/lighttpd/mod_redirect.a
+/usr/local/lib/lighttpd/mod_redirect.la
+/usr/local/lib/lighttpd/mod_rewrite.a
+/usr/local/lib/lighttpd/mod_rewrite.la
+/usr/local/lib/lighttpd/mod_rrdtool.a
+/usr/local/lib/lighttpd/mod_rrdtool.la
+/usr/local/lib/lighttpd/mod_scgi.a
+/usr/local/lib/lighttpd/mod_scgi.la
+/usr/local/lib/lighttpd/mod_secdownload.a
+/usr/local/lib/lighttpd/mod_secdownload.la
+/usr/local/lib/lighttpd/mod_setenv.a
+/usr/local/lib/lighttpd/mod_setenv.la
+/usr/local/lib/lighttpd/mod_simple_vhost.a
+/usr/local/lib/lighttpd/mod_simple_vhost.la
+/usr/local/lib/lighttpd/mod_ssi.a
+/usr/local/lib/lighttpd/mod_ssi.la
+/usr/local/lib/lighttpd/mod_staticfile.a
+/usr/local/lib/lighttpd/mod_staticfile.la
+/usr/local/lib/lighttpd/mod_status.a
+/usr/local/lib/lighttpd/mod_status.la
+/usr/local/lib/lighttpd/mod_trigger_b4_dl.a
+/usr/local/lib/lighttpd/mod_trigger_b4_dl.la
+/usr/local/lib/lighttpd/mod_userdir.a
+/usr/local/lib/lighttpd/mod_userdir.la
+/usr/local/lib/lighttpd/mod_usertrack.a
+/usr/local/lib/lighttpd/mod_usertrack.la
+/usr/local/lib/lighttpd/mod_webdav.a
+/usr/local/lib/lighttpd/mod_webdav.la
 /usr/local/lib/mysql/libmysqlclient.so.15
 /usr/local/lib/olsrd_dot_draw.so.0.3
 /usr/local/lib/olsrd_dyn_gw.so.0.4
@@ -578,8 +636,6 @@
 /usr/local/sbin/ipfw_context
 /usr/local/sbin/ipfw-classifyd
 /usr/local/sbin/kbdcheck
-/usr/local/sbin/lighttpd
-/usr/local/sbin/lighttpd-angel
 /usr/local/sbin/mdnsd
 /usr/local/sbin/mini_httpd
 /usr/local/sbin/mpd
@@ -968,7 +1024,5 @@
 /var/db/rrd/index.html
 /var/dhcpd/lib/libc.so.6
 /var/etc/pppoe-vpn
-/var/log/lighttpd
-/var/log/lighttpd.log
 /var/mail/_relayd
 /var/mail/unbound