pfSense

Specify the interface when applying static route changes during OpenVPN reloads

dhcp: give dhcp daemons a chance to shutdown before restarting

Revert "pfSense-rc: Relocate the removal of /var/run/booting to the very end"

This reverts commit 21063272df73ef90bb060449a7baca83b2a8f5ed.

Replace lingering /var/run/booting checks with `is_platform_booting`

Skip DDNS on disabled interfaces. Fix #15802

pfSense-rc: Relocate the removal of /var/run/booting to the very end

Add more detail to config path warnings

Decrease the number of config requests when deleting filter rules

Only import the Netgate Installer settings when trigger_initial_wizard is set.

Remove the references to 'trigger_virt_setup' since it is not used on CE.

Fix OpenVPN CSO options upgrade

Previous config versions set these options in the config but only
considered them enabled if their value is 'yes'. The enable detection
is now based on the existence of the option.

DynDNS: change Porkbun to use api.porkbun.com instead of porkbun.com

Changes the dynDNS provider 'Porkbun' to use the domain `api.porkbun.com`
instead of `porkbun.com` as accessing the API through `porkbun.com` will
cease to work December 1st. They informed customers by email of this...

Merge pull request #4704 from GChuf/removePragmaHeader

Configure routes after DHCP WAN during boot. Fix #15791

pfSense-Installer: Import the network settings from the Netgate Installer.

Read a JSON file with the Netgate Installer settings on the first boot and set
up the LAN and WAN.

Ticket: #13129

Remove unnecessary config_init_path() calls

Improve system alias descriptions

Silence alias errors with ruleset generation while booting

Dynamically-configured system aliases can be set up late in the boot
process. Silence related alerts during ruleset generation while the
system is booting. Once bootup is complete, reload the filter again...

Fix rule generation and display for system aliases

This is a followup to 52e512c0555d9f5a91732907e524364358d3f70c
- Update system alias comments and descriptions.
- Improve reserved aliases processing.
- Use alias_info_popup() code when possible for system aliases....

Remove deprecated pragma header. Implement #15781

This removes adding pragma header which is now deprecated. Cache control is used instead.

Reserved table names are lower-case

Update related comments while there.

Bump config version

Introduce function to detect and resolve conflicting aliase names

Expose system aliases to the GUI. Implement #1979

Refactor get_alias_list()

It now uses CSVs for multiple types instead of an array.

Fix NTP DNS resolution option for pools. Fixes #15552

Merge pull request #4695 from Self-Hosting-Group/remove-interface

UPnP IGD & PCP: Improve descriptions

Merge pull request #4696 from lriley2020/edit-menu

Clarify console menu option 0 description. Implement #15705

Merge pull request #4700 from GChuf/sameSiteCookiesAttribute

Add samesite attribute to cookies. Implement #15729

Merge pull request #4683 from FloFaber/improve_alphabetic_interface_sorting

Config access regression. Fix #15762

kea: fix service restart shortcut

Clarify error log when omitting gateway from ruleset

Correct Mobile IPSec Attribute IDs. Fix #15755

Fix admin reset password conditions. Fixes #15751

Clean up diffs

rc.bootup: support deferred package installation scripts

Print motd-passwd when it exists

Add package hooks plugin_xmlrpc_send plugin_xmlrpc_recv, and plugin_xmlrpc_post_recv

Repeat optimization made for product_name

Save the product name on /etc/product_name at /etc/rc.banner.

This way we do not need to run PHP again on rc.initial to read the product name.

This file is only written if /etc is writeable, if /etc/product_name does not exist the old (and slow) PHP code will run....

ip_range_to_address_array() 32-bit ARM fix. Issue NG #5445

(cherry picked from commit a6ee0ff91086ba153cfd485dc8fb6d72f918d78b)
(cherry picked from commit 0f5485a49ed4da33bf48f1053be3671d7f08dd09)

Identify Azure more accurately.

Gen2 smbios info is indistinguishable between Azure and Hyper-V

Initialize the PHP settings a little bit earlier so PHP is ready for pfSense-upgrade.

Fixes #13726 in more detail (and for 22.05.1).

ddb.conf: fix script length issue

We need to re-arrange things a little to avoid the maximum script length of
128 bytes.

While here also re-order the different commands a little. Present the likely
most useful information first.

Don't unnecessarily remove the config cache

Removing the cache is no longer necessary; the behavior remains the
same without removing the config cache.

Add check for empty interface

Callers may call get_real_interface() with an empty interface;
bail early if so.

Tighten DHCP client rules. Fixes #15702

Handle empty variable

Callers of these functions may send null variabes; bail early if so.

Set the working directory before checking unbound config. Fix #15723

Improve localhost DNS checks. Fix #15722

Include GUI logout in auth log. Fix #15719

User logouts do not need to be as loud as user logins. Include
them in the auth log but make them quiet for the console.

Allow adding package menus with different sections

A package may have multiple menus with the same name but
different sections.

Additional safety checks for explode()

See 8c81cad531b1dd43a6514604091b3c4a6932d715

Fix config paths with leading slash

A single or a leading forwward-slash is not supported.

Skip ppp modem interfaces where appropriate

Refactor automatic EDNS. Fix #15704

The change adds handling for empty active interfaces. Additionally,
support passing an interface list to allow unbound config testing
based on the desired config rather than the currently active config.

Additional safety checks for explode()

See 8c81cad531b1dd43a6514604091b3c4a6932d715

Handle unassigned interfaces in rc.newwanip

Add safety checks for calls to convert_real_interface_to_friendly_interface_name()

The function will return null for unassigned interfaces. Add checks
for this where appropriate.

Filter out empty array values for explode()

Calling explode() with an empty string will return a single-element
array with an empty value. This change filters out empty values
where appropriate - i.e. where it's not already a condition check for
it and the value should not be empty.

Skip ppp modem interfaces where appropriate

This avoids calling e.g. get_real_interface() for a modem device.

Fix returned gateways list

When get_gateways() was introduced, some existing function calls
that were updated to use this new function now get a different
result. This is due to the use of GW_CACHE_ALL which includes
disabled, inactive, and localhost gateways. This change returns the...

Fix checks for mobile IPsec

When mobile is set, it is an empty string and hence should be
checked with isset(). Also make sure the mobile network type
is properly set, otherwise ipsec_idinfo_to_cidr() will not catch it.

Don't try to configure empty ntpd interfaces

Don't try to configure interface groups without members

kea: allow identical MAC address filters on multiple interfaces. Fixes #15130

Log invalid config path access

Trim name when adding package navigation menus

Add path safety checks to config access functions

Before the move to config access functions, accessing the global config
array with null keys would lead to errors or null results. An
additional failure case was introduced with the move to config access
functions: null keys may lead to a result from a different path. Check...

Fix accidental deletion of CAs

$ca does not reference the config at this point - no need to remove it.

Source xml parsing functions in config.lib.inc

config.lib.inc may be sourced without the xml parsing functions being
available first. For example, from auth.inc(31) and config.inc(40).

Revert "Adjust xmlparse.inc require order"

This reverts commit c599e81b822bb8d6c89b3844372b44fcc55808bf.
Revert this in favor of requiring the file within the relevant includes.

Kill states on both sides during gateway failover

Actually kill states when recovering the default gateway group

Adjust xmlparse.inc require order

XML parsing functions must be available for other includes to use them.
This is most important during boot where config.xml can potentially be
parsed e.g. in config.lib.inc.

Fix saving DHCP6 config with empty interface config

Correct OpenVPN QinQ creation. Fix #15692

Also avoid creating bogus dynamic gateways for QinQ interfaces.

Silence error when checking for dynamic route

If the grep command doesn't find the route, there's no need to log an error.

Don't restart sshguard when the syslogd service is restarted

Stop sshguard spam in system logs. Fix #12747

Instead of restarting sshguard with each log rotation, keep it running
separately while monitoring the auth log file. This allows sshguard
start/stop events to still be included in the system log without
spamming it. When the log file is rotated by newsyslog, sshguard will...

Introduce parse_config() and init_config_arr() stubs for backwards compatibility

Clarify comment while there.

Minor cleanup

Move to CURLINFO_RESPONSE_CODE

As of cURL 7.10.8, CURLINFO_HTTP_CODE is a legacy alias of
CURLINFO_RESPONSE_CODE.

Fix function declaration in config_read_file()

Refactor config file reading and recovery

config_read_file():
- Refactor to adapt code from parse_config(), parse_config_bootup(),
and write_config().
- Don't exit the PHP script on failure - leave that to the caller.
- config_read(): generate config cache if needed. Included inside...

Introduce explicit config file read/write functions

Be more explicit about config locks

Introduce config lock in encrypted_configxml() and restore_backup().

Remove config lock from parse_config() and parse_config_bootup(); these
still indirectly lock the config via calls to restore_backup().

Fix null gateways being ignored

Allow changing system-default SCTP timeouts. Implement #15661

Make sure array_init_path() always initializes the array

Improve path handling in array_init_path()

Adapt the path handling from array_set_path() into array_init_path().

Set blockbogons and blockpriv as flags in setup wizard

These config items are treated as flags everywhere else.

More revisions to OpenVPN CSC. Fix #12522

Fix push reset was not applied
Fix some flags were improperly set in config

Don't monitor disabled gateways. Fix #15635

The introduction of get_gateways() regressed the behavior of excluding
disabled gateways by default.

Additional revisions to OpenVPN CSC. Fix #12522

Fix the keep_minimal checkbox being unchecked on page load, and
move it below the remove_options list. Add more remove options
and clarify remove_route.

Fix missing word

Fix UPnP priv metadata