pfSense

Define curl CAPath for trusted CAs. Fixes 12737

Disabled service status correction. Fixes #13604

Merge pull request #4604 from luckman212/fix-func-args-in-gwlb.inc

Removed unused filter_flush_nat_table, fix typo. Fixes #12757

Spelling fixes. Fix #13357

• Incorrect input validation for `dhcp6c` `keyinfo expire` `forever` keyword in `interfaces.inc`.
• Incorrect input validation for associated rule's `Source Port` in `firewall_rules_edit.php`.
• Incorrect `voucher*.` file lock reference in `status_captiveportal_voucher_rolls.php`....

Merge pull request #4596 from luckman212/update-rc.initial-202206

Merge pull request #4606 from KoenZomers/DNSExitFix

Merge pull request #4605 from kaedros/master

Remove duplicate reserved alias names. Fix #13524

Respect bind interfaces in unbound. Fix #13393

Also create DHCPv6 rules for interfaces with static IPv6. Fix #13633

Correct typo. Fixes #13663

While here, reduce a few differences with Plus.

Update the loader.conf filter list.

This remove the duplicate entries for the settings added by pfSense.

Sync with the current Plus defaults.

Correct codelq shaper input validation for firewall_shaper.php. Fixes #13661

Ensure all bandwidth values are cast to int before applying arithmetic to the
return value of get_bandwidth_typescale(). This alleviates failed validation
when the bandwidth is blank....

Misc EasyRule updates/fixes.

• Addresses several known issues in EasyRule. Fixes #13445
• Updates syntax to new style for PHP 8.1. Fixes #13627

Fix config_del_path() if the node doesn't exist

If the node we're trying to delete with config_del_path() doesn't exist
array_del_path() will fail as follows:

Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/util.inc:3459...

Add bxe to the ALTQ capable interfaces list

Redmine: #13304

Rewrite functions for toggle & delete NAT. Fixes #13545

Refine IPsec deprecation behavior. Issue #13648

P1 and P2 entries are only disabled if they have no remaining valid combinations of options. This way tunnels that just had one bad entry selected can continue working.

Replace some direct config accesses in util.inc. Fixes #13640

Remove cxgbe (cc) from the ALTQ capable list

Despite what the relevant man page claimed (now fixed) the cxgbe driver
has not supported ALTQ since 2012. Do not allow ALTQ to be enabled on
those interfaces.

This reverts b3979f4abe9ecb2bdd59cbbcb61e3eccf9180b79....

Remove invalid quotes from charon attr plugin attributes. Fixes #13579

Fix setting EFI boot console type. Issue #13080

For some reason the EFI loader is forcing boot_serial=YES when it is not
set in the loader configuration. To work around this, we must set it to
NO explicitly. The loader menu displays the wrong type still but it...

ipsec: disable any tunnels using 3des, blowfish, cast128 or md5 during upgrades

Redmine: #9247

ipsec: remove obsolete algorithms

These are no longer supported in FreeBSD main. Ensure they can no longer be configured.

Redmine: #9247

ipsec: allow CHACHA20-POLY1305 to be configured

Redmine: #9246

openvpn: don't IFF_UP the new tun interface

New openvpn versions set TUNSIFMODE, which FreeBSD's if_tuntap only
allows on interfaces which are not up.

So, don't up the tap interface when we create it. Leave that to openvpn
itself.

Redmine: #13602

Fix config path typo when installing firewall schedule cron job. Fixes #13605

Fix array initialization in rc.initial.setlanip. Fixes #13583

Remove direct $config accesses form rc.filter_synchronize. Fixes Issue #13446

Skip empty dnsmasq custom options

Fixes for problematic config access in rc.initial.setlanip. Fixes #13583

More PHP81 fixes for gwlb.inc. Fixes #13563

Omit irrelevant info from auth error. Fixes #13574

Fix LDAP authentication for PHP8.1. Fixes #13559

Fix shaper.inc for PHP81. For #13553

PHP81 fix in gwlb.inc. For #13514

Update dhcp rule description

Update reserved alias names. Fix #13524

Initialize $groups in local_user_get_groups to non-null. Issue #13446

Fix handling of empty entries in NTP interfaces.

Prevent array/config_get_path() from overriding 0 values

Change the semantics of array_get_path() and config_get_path() so that only
empty strings at a path are overridden by $default if non-null, so that
legitimate 0 values set in the config are not overridden as empty() returns true...

Replace direct config accesses in auth.inc. Issue #13446

Additionally, change local_group_del_user() to include the index of the group in
the path to the group's member list when removing the user from it. This appears
to have been broken in the original code. With this fixed, remove the redundant...

Avoid using -a in test(1)

-1 is not allowed, exit only uses 0-255

Always set interface-automatic in unbound config. Fix #13393

Fix array_get_path() not returning $default for null-like values. #13446

In array_get_path(), a $default provided that is not null is intended to invoke
alternate behavior where if the path exists and is empty, $default should be
returned. This requires not identical compare as opposed to a not equal compare,...

Fix DDNS GW check PHP error

We need to get the status value from the returned array, not use the
array itself.

Revert "Workaround new pkg(8) behavior causing files with "NULL" in the path to be..."

This reverts commit 8b7ab58088f15bec9f9d5cede5fdcd8e3b9fe10e

Workaround new pkg(8) behavior causing files with "NULL" in the path to be skipped on install. Fixes #13394.

qinq: use if_vlan rather than netgraph

if_vlan now supports QinQ, so use that rather than netgraph. This is
expected to perform better, removes a subsystem dependency and
simplifies the php code as well.

Note that this is not possible on stable/12.

Remove unused argument from interface_qinq_configure()

$fd is always NULL, so there's no point in having branches for it.

Correct config_path_enabled path in system_generate_nginx_config. #13446

Path corrections to system.inc. Issue #13446

• Corrected single quote strings wwith variable expansion
• Corrected 2-deep paths that were incorrectly pattern replaced to
  array_get_path('foo','bar' instead of array_get_path('foo/bar')

Correct edns config path in system_resolvconf_generate. Issue #13446

Make *_get_path() return $default for empty values. Issue #13446.

When $default is non-null and the path resolves to an empty element, return
$default instead of the value. This allows callers to intentionally ignore empty
values by specifying $default and simplifies the expressions needed to determine...

Fix for system.inc. For #13446

Replace direct config accesses in system.inc. Issue #13446.

Correct service enabled detection

Fix PHP8 issues in rc.openvpn and rc.carp*

Fix services installation only installing the last service of a pkg. Issue #13446.

The original re-fetched the services list from the config at every iteration
over the package's services list when adding services during installation. After
moving to a get/set model for the config, this discarded service added at each...

Introduce config_init_path for config_* family completeness. For #13446

Allow user to select PKCS#12 encryption. Fixes #13257

Convert P12 export to OpenSSL. Fixes #13257

PHP native method of creating PKCS#12 archives does not support using specific algorithms for encryption, so use the openssl binary instead.

Use AES-256 and SHA256 when encrypting the PKCS#12 data and private key.

Fixes some PHP bugs. For #13446

Fix primary console handling for EFI. Fixes #13080

Tested and working for both BIOS and EFI systems.

Skip empty ca/cert/crl tags.

Update external http links

Fix formatting in pkg-utils.inc output

Fix array/config path functions to handle key 0 correctly. Issue #13446

Fix various PHP issues in vpn.inc

Also rewrite the method used to get DNS servers. It's still not perfect
but the old code had several potential problems like sending invalid DNS
servers to clients.

Skip empty DHCP static map entries.

Replace all direct $config accesses in pkg-utils.inc. Issue #13446

Correct Namecheap parsing failure. Fixes #12816

Better fix that converts the content encoding in case it really is in
the stated encoding, plus a more robust method of dropping the XML
definition entirely in case the first attempt fails.

Skip empty services when installing packages.

Replace all direct $config accesses in interfaces.inc. #13446

Make array/config path funcs handle empty path elements. #13446

Introduce array_init_path, refactor init_config_arr, and fix potential race. For #13446

Cert-related PHP 8.x changes.

More PHP81 fixes for certs.inc

Update is_openvpn_*_ca family for PHP81 for #13446

Fixes some PHP81 related config access issues related to interfaces and interface assignments for #13446

System Identification fixes

add missing '$'

Replace all direct $config accesses in services.inc. Issue #13446

Hide stderr output when the mmcsd0 device does not exist

Test to make sure we have a ZFS partition before trying to run zpool commands

Merge pull request #4612 from zeroflow/master

Rename DHCP status from online/offline to active / idle/offline

Fix state limit

Correctly count pf eth rule counters. Fix #13418

service-utils PHP8.1 fixes. Issue #13446

Fix PHP error building if list. Issue #13446

dhclient pid path fix. Issue #13217

Reconfigure bridges with OpenVPN QinQ interfaces on boot. Fixes #13225

Add option to list ACB restores in reverse order. Feature #11266

Use certificate trust store when verifying alias URLs. Fix #13367

Remove unnecessary link tag. Fixes #7996

Avoid creating empty ciscoavpair rules files. Fix #13243