From a541d20516c74fb8640dd165086891c300bdf5af Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Tue, 18 Feb 2025 23:12:01 +0100
Subject: [PATCH 1/8] Add dependabot for npm

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 .github/dependabot.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index ff4ebf1b6..fae40d962 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -17,3 +17,20 @@ updates:
     github_action-dependencies:
       patterns:
         - "*"
+- package-ecosystem: npm
+  directory: "/"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "10:00"
+  open-pull-requests-limit: 10
+  target-branch: development
+  reviewers:
+    - "pi-hole/ftl-maintainers"
+  pull-request-branch-name:
+      # Separate sections of the branch name with a hyphen
+      separator: "-"
+  groups:
+    npm-dependencies:
+      patterns:
+        - "*"

From 926c2a4307483cdf2f9942562ec186e476fcd9a3 Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Wed, 19 Feb 2025 08:48:52 +0100
Subject: [PATCH 2/8] Do not fail hard on inability to validate ZIP file, just
 log a warning

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 src/zip/teleporter.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/zip/teleporter.c b/src/zip/teleporter.c
index 07b5b04ad..eb6b5012b 100644
--- a/src/zip/teleporter.c
+++ b/src/zip/teleporter.c
@@ -277,9 +277,8 @@ const char *generate_teleporter_zip(mz_zip_archive *zip, char filename[128], voi
 	mz_zip_error pErr;
 	if(!mz_zip_validate_mem_archive(*ptr, *size, MZ_ZIP_FLAG_VALIDATE_LOCATE_FILE_FLAG, &pErr))
 	{
-		log_err("Failed to validate generated Teleporter ZIP archive: %s",
-		        mz_zip_get_error_string(pErr));
-		return "Failed to validate generated Teleporter ZIP archive!";
+		log_warn("Failed to validate generated Teleporter ZIP archive: %s",
+		         mz_zip_get_error_string(pErr));
 	}
 
 	// Generate filename for ZIP archive (it has both the hostname and the

From 37579a0f59b1a012e04e5f2cc1bcb501d3ffb789 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Wed, 19 Feb 2025 10:36:55 +0100
Subject: [PATCH 3/8] Allow default GH token to write content in the build
 script

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8a255574b..254191b20 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,7 +2,7 @@ name: Build, Test, Deploy
 
 permissions:
   id-token: write
-  contents: read
+  contents: write # needed for softprops/action-gh-release
   attestations: write
 
 on:

From 099eb1ceb9c83bfd362703cdab6bac13874f38a4 Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Wed, 19 Feb 2025 17:16:38 +0100
Subject: [PATCH 4/8] Ensure we do not split too often at '=' while processing
 environment variables

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 src/config/env.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/config/env.c b/src/config/env.c
index 0981c6195..908099e00 100644
--- a/src/config/env.c
+++ b/src/config/env.c
@@ -55,14 +55,21 @@ void getEnvVars(void)
 			// Split key and value using strtok_r
 			char *saveptr = NULL;
 			char *key = strtok_r(env_copy, "=", &saveptr);
-			char *value = strtok_r(NULL, "=", &saveptr);
 
 			// Log warning if value is missing
-			if(value == NULL)
+			char *value;
+			if(strlen(*env) <= strlen(key) + 1)
 			{
 				log_warn("Environment variable %s has no value, substituting with empty string", key);
 				value = (char*)"";
 			}
+			else
+			{
+				// The entire string *after* the key + 1 (for
+				// the '=') is the value
+				value = *env + strlen(key) + 1;
+			}
+			log_debug(DEBUG_CONFIG, "ENV \"%s\" = \"%s\"", key, value);
 
 			// Add to list
 			struct env_item *new_item = calloc(1, sizeof(struct env_item));

From 9bbab698cd15a354a99a7be48acff6ca9c05a8c0 Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Wed, 19 Feb 2025 18:02:07 +0100
Subject: [PATCH 5/8] Fix legacy parsing of DEBUG_ALL option

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 src/config/legacy_reader.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/config/legacy_reader.c b/src/config/legacy_reader.c
index fb6982784..d5f19ce78 100644
--- a/src/config/legacy_reader.c
+++ b/src/config/legacy_reader.c
@@ -835,13 +835,20 @@ static void readDebugingSettingsLegacy(FILE *fp)
 		opened = true;
 	}
 
-	// DEBUG_ALL
-	// defaults to: false
-	// ~0 is a shortcut for "all bits set"
-	setDebugOption(fp, "DEBUG_ALL", ~(enum debug_flag)0);
-
-	for(enum debug_flag flag = DEBUG_DATABASE; flag < DEBUG_EXTRA; flag <<= 1)
-		setDebugOption(fp, debugstr(flag), flag);
+	bool bit = false;
+	const char *debug_all = parseFTLconf(fp, "DEBUG_ALL");
+	if(debug_all != NULL && parseBool(debug_all, &bit) && bit)
+	{
+		// Set all debug flags if DEBUG_ALL is set to true
+		set_all_debug(&config, true);
+	}
+	else
+	{
+		// Iterate over all debug flags and set them if they are present
+		// in the config file.
+		for(enum debug_flag flag = DEBUG_DATABASE; flag < DEBUG_EXTRA; flag <<= 1)
+			setDebugOption(fp, debugstr(flag), flag);
+	}
 
 	// Parse debug options
 	set_debug_flags(&config);

From 7d8ef1365f534d258083b0ac3d697998698da902 Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Wed, 19 Feb 2025 18:15:59 +0100
Subject: [PATCH 6/8] Do not redirect to login page for ACME challenges

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 src/webserver/lua_web.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/webserver/lua_web.c b/src/webserver/lua_web.c
index e10870358..4475ac934 100644
--- a/src/webserver/lua_web.c
+++ b/src/webserver/lua_web.c
@@ -70,6 +70,15 @@ int request_handler(struct mg_connection *conn, void *cbdata)
 	/* Handler may access the request info using mg_get_request_info */
 	const struct mg_request_info *req_info = mg_get_request_info(conn);
 
+	// Do not redirect for ACME challenges
+	log_info("Local URI: \"%s\"", req_info->local_uri_raw);
+	const bool is_acme = strcmp(req_info->local_uri_raw, "/.well-known/acme-challenge") == 0;
+	if(is_acme)
+	{
+		// ACME challenge - no authentication required
+		return 0;
+	}
+
 	// Build minimal api struct to check authentication
 	struct ftl_conn api = { 0 };
 	api.conn = conn;

From 15cede0e1aa9248f649ccde2162ddd96eec78868 Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Wed, 19 Feb 2025 20:43:10 +0100
Subject: [PATCH 7/8] Instead match beginning of the acme-challenge string

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 src/webserver/lua_web.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/webserver/lua_web.c b/src/webserver/lua_web.c
index 4475ac934..05919ac4a 100644
--- a/src/webserver/lua_web.c
+++ b/src/webserver/lua_web.c
@@ -72,7 +72,8 @@ int request_handler(struct mg_connection *conn, void *cbdata)
 
 	// Do not redirect for ACME challenges
 	log_info("Local URI: \"%s\"", req_info->local_uri_raw);
-	const bool is_acme = strcmp(req_info->local_uri_raw, "/.well-known/acme-challenge") == 0;
+	const char acme_challenge[] = "/.well-known/acme-challenge/";
+	const bool is_acme = strncmp(req_info->local_uri_raw, acme_challenge, strlen(acme_challenge)) == 0;
 	if(is_acme)
 	{
 		// ACME challenge - no authentication required

From 996fae940e2e619cda699aaf934d7e92d0ec9eab Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Thu, 20 Feb 2025 21:35:14 +0100
Subject: [PATCH 8/8] Change default value of webserver.port to comply with
 auto-generated config string

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 src/config/config.c  | 2 +-
 test/pihole.toml     | 2 +-
 test/test_suite.bats | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/config/config.c b/src/config/config.c
index 5d9d45e10..aeb662b69 100644
--- a/src/config/config.c
+++ b/src/config/config.c
@@ -1004,7 +1004,7 @@ static void initConfig(struct config *conf)
 	conf->webserver.port.a = cJSON_CreateStringReference("comma-separated list of <[ip_address:]port>");
 	conf->webserver.port.f = FLAG_RESTART_FTL;
 	conf->webserver.port.t = CONF_STRING;
-	conf->webserver.port.d.s = (char*)"80o,[::]:80o,443so,[::]:443so";
+	conf->webserver.port.d.s = (char*)"80o,443os,[::]:80o,[::]:443os";
 	conf->webserver.port.c = validate_stub; // Type-based checking + civetweb syntax checking
 
 	conf->webserver.threads.k = "webserver.threads";
diff --git a/test/pihole.toml b/test/pihole.toml
index 7118005a5..d46e14027 100644
--- a/test/pihole.toml
+++ b/test/pihole.toml
@@ -657,7 +657,7 @@
   #
   # Possible values are:
   #     comma-separated list of <[ip_address:]port>
-  port = "80o,[::]:80o,443so,[::]:443so"
+  port = "80o,443os,[::]:80o,[::]:443os"
 
   # Maximum number of worker threads allowed.
   # The Pi-hole web server handles each incoming connection in a separate thread.
diff --git a/test/test_suite.bats b/test/test_suite.bats
index 413c1d15b..fbba82d60 100644
--- a/test/test_suite.bats
+++ b/test/test_suite.bats
@@ -2105,7 +2105,7 @@
   [[ "${lines[0]}" == "[ 1.1.1.1 abc-custom.com def-custom.de, 2.2.2.2 äste.com steä.com ]" ]]
   run bash -c './pihole-FTL --config webserver.port'
   printf "%s\n" "${lines[@]}"
-  [[ "${lines[0]}" == "80o,[::]:80o,443so,[::]:443so" ]]
+  [[ "${lines[0]}" == "80o,443os,[::]:80o,[::]:443os" ]]
 }
 
 @test "Create, verify and re-import Teleporter file via CLI" {