pfSense

Pass the correct option for pfSense-upgrade to detect when a new version is available.

To be able to find new releases, pfSense-upgrade needs to look at all the
repositories and that is done with '-C'.

Ticket: #15880

Quote the shell variables as necessary.

No functional changes.

Limit RDNSS addresses to 3. Fix #15876

Remove the call to update_repos() in the pkg metadata update cronjob.

This is not necessary anymore as it is now handled by pfSense-upgrade.

Add some function descriptions

Support IPv6 requests for any DDNS service. Implement #11177

Introduce get_dyndns_source_address() to find the source address to be
used when sending a DDNS request. It supports both IPv4 and IPv6 -
determined by the configured gateway and addresses on the interface....

Update the Check IP Service IP pattern to improve matching potential

Add specialnet flag for VIP aliases only

Exclude Tailscale group from specialnets. Implement #15848

Clarify the notice given when rules are skipped

Exclude WireGuard group from specialnets. Implement #15848

Fix config warning message trace

kea: backup and restore lease db when using ramdisks. Fixes #15828

Allow removing package menus with different sections. Fix #15834

A package may have multiple menus with the same name but
different sections.

Work around regression when specifying the DDNS source address. Fix #15832

More details: https://github.com/curl/curl/issues/15553

process_alias_urltable(): create RAM_Disk_Store if needed. Fixes #15830

Several rcscripts using /cf/conf/RAM_Disk_Store will test and create this
directory if needed, however the process_alias_urltable() function invoked by
saveAlias() does not do this before attempting to write an archive to that...

Introduce helper function for domain:port host address validation

Also update related validation functions to force numeric ports.

Support numeric-only port validation in is_port()

Fix get_specialnet_interface() calls without the AF

Support additional specialnet types

Introduce helper functions for IP:Port validation

utils: use sig 0 to test for valid processes

kea: remove socket lock file before service startup. #14977

Config access regression when saving intermediate CA. Fix #15819

Only show the previous caller in config warning logs

Fix spacing in config warning logs

pfSense-Installer: Fix the issue when only the WAN settings are present.

During the configuration import, if only the WAN settings are present, remove
the LAN settings from the configuration XML.

Ticket: #17854

Gateways with monitoring disabled may use incorrect address family

When return_gateways_status() processes gateways that have monitoring
disabled, the source IP used is always IPv4 regardless of the actual
address family of the gateway address. Fix this by using the newer...

Gateways with monitoring disabled may be treated as down

When return_gateways_status() is called with $byname=false, gateways
that have monitoring disabled will be returned as down.

Reload mobile IPsec on gateway failover. Fix #15685

Specify the interface when applying static route changes during OpenVPN reloads

dhcp: give dhcp daemons a chance to shutdown before restarting

Revert "pfSense-rc: Relocate the removal of /var/run/booting to the very end"

This reverts commit 21063272df73ef90bb060449a7baca83b2a8f5ed.

Replace lingering /var/run/booting checks with `is_platform_booting`

Skip DDNS on disabled interfaces. Fix #15802

pfSense-rc: Relocate the removal of /var/run/booting to the very end

Add more detail to config path warnings

Decrease the number of config requests when deleting filter rules

Only import the Netgate Installer settings when trigger_initial_wizard is set.

Remove the references to 'trigger_virt_setup' since it is not used on CE.

Fix OpenVPN CSO options upgrade

Previous config versions set these options in the config but only
considered them enabled if their value is 'yes'. The enable detection
is now based on the existence of the option.

DynDNS: change Porkbun to use api.porkbun.com instead of porkbun.com

Changes the dynDNS provider 'Porkbun' to use the domain `api.porkbun.com`
instead of `porkbun.com` as accessing the API through `porkbun.com` will
cease to work December 1st. They informed customers by email of this...

Merge pull request #4704 from GChuf/removePragmaHeader

Configure routes after DHCP WAN during boot. Fix #15791

pfSense-Installer: Import the network settings from the Netgate Installer.

Read a JSON file with the Netgate Installer settings on the first boot and set
up the LAN and WAN.

Ticket: #13129

Remove unnecessary config_init_path() calls

Improve system alias descriptions

Silence alias errors with ruleset generation while booting

Dynamically-configured system aliases can be set up late in the boot
process. Silence related alerts during ruleset generation while the
system is booting. Once bootup is complete, reload the filter again...

Fix rule generation and display for system aliases

This is a followup to 52e512c0555d9f5a91732907e524364358d3f70c
- Update system alias comments and descriptions.
- Improve reserved aliases processing.
- Use alias_info_popup() code when possible for system aliases....

Remove deprecated pragma header. Implement #15781

This removes adding pragma header which is now deprecated. Cache control is used instead.

Reserved table names are lower-case

Update related comments while there.

Bump config version

Introduce function to detect and resolve conflicting aliase names

Expose system aliases to the GUI. Implement #1979

Refactor get_alias_list()

It now uses CSVs for multiple types instead of an array.

Fix NTP DNS resolution option for pools. Fixes #15552

Merge pull request #4695 from Self-Hosting-Group/remove-interface

UPnP IGD & PCP: Improve descriptions

Merge pull request #4696 from lriley2020/edit-menu

Clarify console menu option 0 description. Implement #15705

Merge pull request #4700 from GChuf/sameSiteCookiesAttribute

Add samesite attribute to cookies. Implement #15729

Merge pull request #4683 from FloFaber/improve_alphabetic_interface_sorting

Config access regression. Fix #15762

kea: fix service restart shortcut

Clarify error log when omitting gateway from ruleset

Correct Mobile IPSec Attribute IDs. Fix #15755

Fix admin reset password conditions. Fixes #15751

Clean up diffs

rc.bootup: support deferred package installation scripts

Print motd-passwd when it exists

Add package hooks plugin_xmlrpc_send plugin_xmlrpc_recv, and plugin_xmlrpc_post_recv

Repeat optimization made for product_name

Save the product name on /etc/product_name at /etc/rc.banner.

This way we do not need to run PHP again on rc.initial to read the product name.

This file is only written if /etc is writeable, if /etc/product_name does not exist the old (and slow) PHP code will run....

ip_range_to_address_array() 32-bit ARM fix. Issue NG #5445

(cherry picked from commit a6ee0ff91086ba153cfd485dc8fb6d72f918d78b)
(cherry picked from commit 0f5485a49ed4da33bf48f1053be3671d7f08dd09)

Identify Azure more accurately.

Gen2 smbios info is indistinguishable between Azure and Hyper-V

Initialize the PHP settings a little bit earlier so PHP is ready for pfSense-upgrade.

Fixes #13726 in more detail (and for 22.05.1).

ddb.conf: fix script length issue

We need to re-arrange things a little to avoid the maximum script length of
128 bytes.

While here also re-order the different commands a little. Present the likely
most useful information first.

Don't unnecessarily remove the config cache

Removing the cache is no longer necessary; the behavior remains the
same without removing the config cache.

Add check for empty interface

Callers may call get_real_interface() with an empty interface;
bail early if so.

Tighten DHCP client rules. Fixes #15702

Handle empty variable

Callers of these functions may send null variabes; bail early if so.

Set the working directory before checking unbound config. Fix #15723

Improve localhost DNS checks. Fix #15722

Include GUI logout in auth log. Fix #15719

User logouts do not need to be as loud as user logins. Include
them in the auth log but make them quiet for the console.

Allow adding package menus with different sections

A package may have multiple menus with the same name but
different sections.

Additional safety checks for explode()

See 8c81cad531b1dd43a6514604091b3c4a6932d715

Fix config paths with leading slash

A single or a leading forwward-slash is not supported.

Skip ppp modem interfaces where appropriate

Refactor automatic EDNS. Fix #15704

The change adds handling for empty active interfaces. Additionally,
support passing an interface list to allow unbound config testing
based on the desired config rather than the currently active config.

Additional safety checks for explode()

See 8c81cad531b1dd43a6514604091b3c4a6932d715

Handle unassigned interfaces in rc.newwanip

Add safety checks for calls to convert_real_interface_to_friendly_interface_name()

The function will return null for unassigned interfaces. Add checks
for this where appropriate.

Filter out empty array values for explode()

Calling explode() with an empty string will return a single-element
array with an empty value. This change filters out empty values
where appropriate - i.e. where it's not already a condition check for
it and the value should not be empty.

Skip ppp modem interfaces where appropriate

This avoids calling e.g. get_real_interface() for a modem device.

Fix returned gateways list

When get_gateways() was introduced, some existing function calls
that were updated to use this new function now get a different
result. This is due to the use of GW_CACHE_ALL which includes
disabled, inactive, and localhost gateways. This change returns the...

Fix checks for mobile IPsec

When mobile is set, it is an empty string and hence should be
checked with isset(). Also make sure the mobile network type
is properly set, otherwise ipsec_idinfo_to_cidr() will not catch it.

Don't try to configure empty ntpd interfaces

Don't try to configure interface groups without members

kea: allow identical MAC address filters on multiple interfaces. Fixes #15130

Log invalid config path access