Fix missing word
Fix UPnP priv metadata
Fixup some privdefs and run privilege script.
Push correct OpenVPN CSC options. Fix #12522
While there, include override/remove options for inactivity.
Merge pull request #4689 from Self-Hosting-Group/upnp-update-plugin
kea: fix an unmatched match case in the DHCP xmlrpc sync path
Correctly save IPv6 gateway. Fix #15589
Expose additional OpenVPN CSC options. Implement #12522
Adds the following override options:- Reset individual server options- IPv4 Gateway- IPv6 Gateway- Redirect IPv6 Gateway- Ping Interval- Ping Action- Block Outside DNS- Force DNS cache update
kea: Introduce high availability support for both IPv4 and IPv6
Use floating states on IPsec VTI. Fix #15606
UPnP IGD & PCP: Simplify service wording
and change menu/title to `UPnP IGD & PCP` as newer PCP is supported
Fix config access regressions
Introduce `class` tag to field markup in pkg xml spec.
Handle case difference when shifting rule separators. Fix #15537
Interface groups use the case-sensitive interface description as the"friendly" name. Since the interface argument is always set tolowercase, do the same with the rule's interface when comparing.
Additional support for repo name in config
Query for SMART data only on root disk devices. Fix #15586
kea: enable lease sanity checks to ensure data consistency. Fix: #15328
Merge pull request #4658 from MatthewA1/ntp-authentication-feature-8794
Add support for NTP authentication. Implement #8794
Initial implementation allows for one auth key between all servers.
URL encode HTTP_PROXY username and password. Fix #15565
Also enclose the fields with CDATA in config
Use the repo name when saving the branch selection
https://redmine.pfsense.org/issues/15560
Remove redundant system link step
This code regressed at some point, making $repo equal e.g.:'/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0000.conf/pfSense-repo-24_03-rel.conf'Remove the code since "repo-setup -U" handles the linking.
rc.embedded: ensure /var/run is available early
Correct config_get_path -> config_set_path in shaper.inc
Add defaults to config_get_path where needed in select files
Some calls to config_get_path may introduce errors if the key does not exist andthe default of null is returned. This commit changes some defaults in these files:
src/etc/inc/auth.inc...
Fix RRD script syntax regression
Handle failures to create an interface. Fix #14708
The function pfSense_interface_create2() may fail to create therequested interface, in which case it returns the array:['error'=>'Could not create interface']
Handle certificates with multiple CNs. Fix #15133
Multiple CNs are not supported. For compatibility, default to usingthe first CN in the certificate instead of returning an error.
Add a helper function for unserialize(). Fix #15423
For calls to unserialize() which do not check for errors, use thehelper function instead.
Only apply state tracking to pass rules
State tracking only applies to pass rules. This was broken with therefactor of 3e28d716.
Handle empty values during config upgrade. Fix #15362
The config may have an empty string - use 'empty()' instead of'isset()' since '0' is not valid in this case.
Update the interface cache when configuring IPsec. Fix #15449
Introduce a default return value to the rest of the config functions
The current return values remain the same. The added safety checksensures the correct type when calling array_* functions, and allowsfor more flexible error handling.
Clean up rule generation code for state-tracking options
Improve readability and make it easier to adjust for future changes.
Automatically use floating states for IPsec rules. Fix #15430
Avoid configuration loop with LAGG interfaces. Fix #14083
The fix to #9453 introduced a loop when configuring LAGG interfaces.This happens when interface_lagg_configure() ultimately callsset_interface_mtu() which also calls interface_lagg_configure(). Since...
Default to an empty array for functions expecting a countable value
Do this for foreach() and count().
Correct default for 'system/acb' in write_config() to empty array instead of null
Update all direct config access with accessor functions
Refactor config upgrade to use config accessors
Use config accessors in traffic shaper functions
Use config accessors in certificate functions
Use config accessors in users and groups functions
Move to is_platform_booting()
The function platform_booting() is deprecated.
Move from ${var} to {$var}
The use of ${var} has been deprecated since PHP 8.2
Move to date()
The function strftime() is deprecated since PHP 8.2
Move to mb_convert_encoding()
The functions utf8_encode()/utf8_decode() are deprecated since PHP 8.2
Move to foreach()
The function each() is deprecated since PHP 7.2.
Move to password_hash()
Use of crypt() requires a salt since PHP 8.0. Use password_hash() to align with 8ddf2b5.
Remove superfluous function arguments
Added in 0eae38c
Return a value in convert_openvpn_interface_to_friendly_descr()
Calls to this function expect a return value which is then echo'd.
Fix missed changes in 2aafa69
The direct value is now used instead of the constant variable.
Fix missed changes in the transition from ipfw to pf
Fix typos and copy/paste issues
Issues found by the PHP linter mostly include typos and usage ofunassigned variables. To address these, traverse the commit historyto determine the intent.
Fix PHP linter issues
Support adding to an array in array_set_path()
- Avoid infinite loop with empty paths.- Support setting $value to the $arr root.- If $path contains a trailing forward-slash '/', push $value to the leaf node; replace the leaf node if it's a scalar.
With pkg switching to curl the format of the auth string has changed
Add newlines to crontab proxy variables. Fixes #15502
Fix CA trust store custom entries. Fixes #15440
certctl rehash behavior changed, so we need to write the CA files outdifferently now so it picks them up.
Fix resolv.conf logic for DNS Forwarder. Fixes #15434
Update comment
The updated comment matches the actual behavior. Albeit thevariable name is unintuitive, it follows the behavior before therefactor.
Correct bitwise check when getting a list of gateways. Fix #15399
Use only local notifications when config file cannot be read. Fixes #15157
register_all_installed_packages: introduce option
Disallow hostnames in Kea NTP. Fixes #14991
Fix order of Kea boot files. Fixes #15032
Fix variable typo. Fixes #14996
Fix an radvd service status edge case. Fixes #14936
Update the code for consistency.
No functional changes.
Run the pfSense-repoc with the new file names style.
Instrument the upgrade JSON data with more information about errors and failures.
Now, with the proper return code, instead of presenting no data to the user whenthe pfSense-upgrade is busy (running in background), explain properly what ishappening.
Add the support to the new pfSense-repoc repository files style.
Keeps the support to the old style, so both versions of pfSense-repoc are supported.
Catch/handle some HTTP errors. Implements #15322
Fix FW log multiple instance bug. Fixes #15339
Move the mdiff function into pfsense-utils.inc and also rename it so itspurpose is more clear.
Console password reset changes. Issue #15266
Improve user password warning boxes. Issue #15266
- Show warnings for user accounts as well as admin- Try to send the user to the self-service password manager page if they have access- Move the test/error generation to a function so it is simple to reuse....
Centralize password hints. Issue #15266
Reduces repetition and makes it easier to maintain.
Fix local auth type match. Issue #15266
Set a stricter nginx header timeout.
Password management changes. Part of issue #15266
Fix tmpfs RAM disk mount permissions. Fixes #15054
Don't make OpenVPN routes for empty nets. Fixes #14919
Ensure loader.conf.lua is referenced. Fixes #15288
Correct typo. Fixes #14488
Fix PHP extension dir for PHP 8.3. Fixes #14488
More PHP error handling changes. Fixes #15263
Use correct option when removing groups. Fix #15067
While there, add comments for clarity.
Suppress Kea status info w/sample confs. Fixes #14953
Prune old Captive Portal sessions for autoadded MAC. Fix #15299
Use the correct function to delete passthrumac entries. Remove the pipecheck since it's already handled by the function.
Support blocking MAC addresses with a mask. Implement #15257
The Captive Portal allows for blocking specific MAC addresses withoutusing pf rules so a message can be displayed to the client. With thischange, masks can be used to block partial addresses.
Fix some SFP module info fields. Fixes #15112
Text format changed slightly in ifconfig, so regex patterns had to bechanged to match
Fix IPsec Dual Stack w/any remote. Fixes #15147
Use getter/setters for config access in gwlb.inc
Correct PHP error display issues. Fixes #15263
Change "IP family" to "address family"
Kill matching opposite states when schedules expire. Fix #15252
Show interface subnet details for IPsec Phase 2. Implement #15245
While there, prevent interface subnet selections fromshowing for the NAT/BINAT field.
Check static intefaces with a pending gateway. Fix #15225
Interfaces with a static configuration may have a pending gatewaystatus when killing states for downed interfaces.
Process downed gateways when killing states. Fix #15223
By the time filter_delete_states_for_down_gateways() is called,filter_generate_gateways() has already removed downed gateways from the$GatewaysList array. Hence, states are not killed for downed gateways....
Don't check empty arrays
min() requires at least one element in the array
Remove failover states using only the gateway label
Interfaces were previously specified since the inbound state needs tobe killed (due to route-to) for the connection to restart on thepreferred gateway. This interrupts connections already established on...