pfSense

Correct includes/load order in guiconfig.inc. Fixes #13757

The recent change here ended up loading some things out of order.

Another DDNS empty entry fix. Fixes #13581

Improve handling of empty DDNS entries. Fixes #13581

UPnP rule/service cleanup. Fixes #13755

• Fix several incorrect config paths/tests
• Fix UPnP local interface automatic rule to pass traffic into UPnP
  itself.
• Wrap all rules/anchors in UPnP enabled test, no reason for them to be
  in the ruleset if UPnP is off....

Fix direct config accesses in unbound for php81

Fix DHCP server ping check option. Fixes #13748

Restore default interface media selection. Fix #13635

Prevent get_pf_rules() from indexing a string error. Fixes #13660

pfSense_get_pf_rules(), which populates the $rulescnt variable sent to
get_pf_rules(), will terminate its loop fetching rules if a call to
pfctl_get_rule() returns nonzero, adding to the associative array return value...

Improve visibility of select fields in dark theme. Fix #11730

Rector direct global g accesses

Add ifmcstat to status.php. Implements #13731

Fix a regression caused by Rector: Fixes #13712

Replace direct config access in services_dhcp.php. Fix #13719

Eliminate backticks shell execution operator in diag_system_activity.php.

Fix unnecessarily duplicated work. Issue #13250

Improve LDAP debug logs. Implements #13718

Disable MTU input for a bridged interface

Bridge member interfaces cannot have their MTU configured independently from a
bridge, this change disables the MTU input for an interface that is configured
as a bridge member and replaces any configured value with the bridge's actual...

$usedmacs should never be a string, default should be an array. For #13705

Rector some direct config gets with complex paths.

Rector some config unsets with complex paths.

Rector some direct config sets with pure scalar paths.

DHCP6 Adv field validation errors. Fixes #13493

A few fields were being validated but not informing the user when the
values were bad. This commit lets the user know when they have entered
invalid data in the affected fields.

Rector some direct config gets with pure scalar paths.

Rector some more direct config unsets with pure scalar paths

Rector some direct config unsets with pure scalar string paths.

IPsec cert SAN improvements. Fixes #13373

• Improve descriptions of IPsec P1 cert fields.
• Allow using a cert with a wildcard SAN so long as there is at least
  one non-wildcard SAN.

Add CA/Cert invalid descr char list to help. Fixes #13387

Correct special net NPt dst prefix handling. Fixes #13240

Disables prefix length drop-down when using a special net (e.g. track6
delegated prefix) because that already has its own prefix length.

Being able to specify a custom prefix was of dubious use and served to...

Use 'ip' when copying+converting addr rules. Fixes #13364

Ensure copied rules get unique IDs. Fixes #13507

Omit RAM disk size check when disabled. Fixes #13479

Remove unused deprecated code from dhclient script. Fixes #13501

Fix more Rector foreach fallout

captiveportal: actually allocate a pipe number for new clients

When a client authenticates to the captive portal we generate a pipe
number (actually two) for it. However, we did this with
'check_only = true', so the next client got assigned the same pipe...

Fix PPP reset hr/min blank vs 0. Fixes #13307

Replace direct config accesses in services_dhcpv6_relay.php. Fixes #13676

Fix PPP interface regression

Fix descr for unbound network ifs. Fixes #13453

Detect/set default primary console. Fixes #12960

If the user has not chosen a primary console, use the current active
console type as the default.

This prevents a user from unintentionally switching from video to serial
without making an explicit choice to do so.

Correct QAT active reporting. Fixes #13674

Account for cases where the module(s) are loaded but the driver failed
to attach.

fix pciconf output parsing

In FreeBSD 14 the output format of pciconf changed. It now splits up the
device and vendor fields.

Simplify this code by using the column output. Concatenate device and
vendor fields to match the previous output (with awk).

See https://cgit.freebsd.org/src/commit/?id=635cfe5b819f60f28b7e21b94322b0237c13244b...

Replace direct config accesses to system/webgui paths in system_advanced_admin.inc. Fixes #13659

Also move default assignment of $pconfig['webguiproto'] to 'http' from
system_advanced_admin.php to system_advanced_admin.inc and remove unneccessary
init_config_arr() calls from system_advanced_admin.php.

RemoveUnusedForeachKeyRector runresults

Remove dead statement as per rector

Spelling fixes. Fix #13357

• Incorrect input validation for `dhcp6c` `keyinfo expire` `forever` keyword in `interfaces.inc`.
• Incorrect input validation for associated rule's `Source Port` in `firewall_rules_edit.php`.
• Incorrect `voucher*.` file lock reference in `status_captiveportal_voucher_rolls.php`....

Cleanup some unreachable statements as per Rector.

Merge pull request #4606 from KoenZomers/DNSExitFix

Update/cleanup DHCP 4/6 server text. Fixes #13250

Misc EasyRule updates/fixes.

• Addresses several known issues in EasyRule. Fixes #13445
• Updates syntax to new style for PHP 8.1. Fixes #13627

Backup/Restore fixes for dup SSH/RRD. Issue #13132

Fixes for multiple SSHDATA or RRDDATA sections in config.xml

• On backup, strip out any existing SSH and RRD data sections before
  adding new ones.
• On restore, remove any empty data sections and if there is more than...

Rewrite functions for toggle & delete NAT. Fixes #13545

Refine IPsec deprecation behavior. Issue #13648

P1 and P2 entries are only disabled if they have no remaining valid combinations of options. This way tunnels that just had one bad entry selected can continue working.

Replace direct config accesses regarding ssh configuration. Fixes #13645

In system_advanced_admin.inc, use config interface funcs instead of direct
$config access regarding ssh configuration nodes. Also initialize the ssh
section as an array if it doesn't exist in system_advanced_admin.php to prevent...

ipsec: remove warnings about now removed algorithms

Redmine: #9247

ipsec: allow CHACHA20-POLY1305 to be configured

Redmine: #9246

Replace direct config accesses in firewall_rules_edit.php. Fixes #13614

Revert "Change OpenVPN auth to php-cgi for the time being. Fixes #4521"

This reverts commit 1bfdb794cb2a06932da0029ca37f9727c3f74274.

Fix malformed format strings in French translation. Fixes #13607

Correctly handle port aliases in port forwarding rules. Fixes #13601

Fix potentially problematic config access in sshd enable/disable. Fixes #13599

Perform proper input validation on static DHCP mapping additional BOOTP/DHCP Options. Fixes #13584

Fix saving dhcp6c-dns setting in services_dhcpv6.php. Fixes #13594

services_dhcpv6.php: Fix a PHP81 config access error

Remove extraneous and malformed meta refresh tag during proto/port change for web UI. Fixes #13591

Change text in info block on Status > IPsec. Fixes #13398

OVPN linkdown script improvements

Make a better effort to describe an alias reference. Fixes #13539

Each of deleteAlias(), openvpnAlias(), and staticrouteAlias() are called when
deleting or modifying an alias to indicate that it is referenced by some other
configuration item, which in turn call find_alias_reference() which returns...

Do no reload the filter if $apply is false in deleteAlias. Fixes #13538

Fix session timeout expiry. Fixes #13561

Fixed usage of image_type_to_extension. Fixes #13396

Fix PHP error when editing aliases w/o if groups.

Fix PHP error in LAGG pages

Convert RSS Widget to use simplepie via Composer

Update firewall_nat_out.inc for PHP81

Fix firewall_nat_1to1.inc for PHP81

Fix PHP81 error in firewall_nat.inc

Fix carp_status.widget.php for PHP81. Fixes #13535

Fix syntax error in system_authservers.php. For #13533

Fix a PHP81 bug in system_authservers.php

Encode path+fn in browser.php. Fixes #13262

DHCP/v6 PHP8 error fixes for some cases.

If a config starts with only WAN, no LAN assigned, there are a number of
tags that were not handled properly on DHCP, DHCPv6, and RA.

Fixed up some other unrelated low-hanging fruit while I'm here, but all
of these files need a lot more work for PHP8.

Fix service status widget listing of non-disabled services

Add quotes around variable usage to prevent word splitting

Avoid using -o in test(1)

-1 is not allowed, exit only uses 0-255

Add quotes around variable usage to prevent word splitting

PHP8 updates for resolver host editing

Fix PHP syntax in prefixes.php

PHP8 fixes for service status widget. Fixes #13506

qinq: use if_vlan rather than netgraph

if_vlan now supports QinQ, so use that rather than netgraph. This is
expected to perform better, removes a subsystem dependency and
simplifies the php code as well.

Note that this is not possible on stable/12.

Properly quote variables

No functional change intended

Fix missing ikeid in created ipsec p1. Issue #13446.

When a new or duped p1 is submitted, $p1ent['ikeid'] is an empty string. Prior
to php 8.0, comparing ($p1ent['ikeid'] == 0) for the empty string would yield
true, allowing the code to properly create and assign a new ikeid by calling...

Allow user to select PKCS#12 encryption. Fixes #13257

Convert P12 export to OpenSSL. Fixes #13257

PHP native method of creating PKCS#12 archives does not support using specific algorithms for encryption, so use the openssl binary instead.

Use AES-256 and SHA256 when encrypting the PKCS#12 data and private key.

Fixes some PHP bugs. For #13446

Fix primary console handling for EFI. Fixes #13080

Tested and working for both BIOS and EFI systems.

Update external http links

Fix some config access bugs in pkg.php for PHP81. Fixes #13446

Replace direct $config accesses in interfaces_vlan_edit.php. Issue #13446

Cert-related PHP 8.x changes.