pfSense

Correct UPnP page metadata

Fixup some privdefs and run privilege script.

Handle large sections when skipping package config. Fix #15624

Using regex to remove the 'installedpackages' config section may fail
depending on the size of the string being parsed. Avoid this limit by
modifying a config array instead.

Push correct OpenVPN CSC options. Fix #12522

While there, include override/remove options for inactivity.

Merge pull request #4689 from Self-Hosting-Group/upnp-update-plugin

kea: relocate HA TLS transport settings below advanced options

Config access regression in captive portal allowed MACs

kea: lower max unacked clients default from 10 to 0.

Use full logo URL for captive portal redirects. Fix #15404

Restore protocol selections in Packet Capture GUI. Fix #15609

Support system protocol names for packet captures. Implement #15609

Remove network/broadcast input validation for IPv6 VIPs. Fix #15361

Expose additional OpenVPN CSC options. Implement #12522

Adds the following override options:
- Reset individual server options
- IPv4 Gateway
- IPv6 Gateway
- Redirect IPv6 Gateway
- Ping Interval
- Ping Action
- Block Outside DNS
- Force DNS cache update

kea: Introduce high availability support for both IPv4 and IPv6

Config access regression when toggling filter rules

static routes: enable autotrim on `destination network`

UPnP IGD & PCP: Simplify service wording

and change menu/title to `UPnP IGD & PCP` as newer PCP is supported

Revert "Update text references to UPnP protocols"

This reverts commit 429312ff683b5762d0cb6eca69c474121a9dfca1.

Fix config access regressions

services_unbound.php: fix typo

Add the missing ','.

Introduce `class` tag to field markup in pkg xml spec.

Fix vertical text alignment on Unbound `Display Custom Options` button

Config access regression in OpenVPN wizard

Query for SMART data only on root disk devices. Fix #15586

Fix vertical text alignment on `Display Advanced` buttons

Config access regression in wireless interfaces

Config access regression in interface groups

Add scrolling when dislaying overflow columns for NTP status

Config access regression in CAs. Fix #15578

Fix PHP error regression when listing system users

Merge pull request #4658 from MatthewA1/ntp-authentication-feature-8794

Add support for NTP authentication. Implement #8794

Initial implementation allows for one auth key between all servers.

URL encode HTTP_PROXY username and password. Fix #15565

Also enclose the fields with CDATA in config

Use the repo name when saving the branch selection

https://redmine.pfsense.org/issues/15560

Remove redundant system link step

This code regressed at some point, making $repo equal e.g.:
'/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0000.conf/pfSense-repo-24_03-rel.conf'
Remove the code since "repo-setup -U" handles the linking.

Update text references to UPnP protocols

Add a helper function for unserialize(). Fix #15423

For calls to unserialize() which do not check for errors, use the
helper function instead.

Fix checkbox always being unchecked on page load

For the GUI option introduced in #15430

Encode dir names in browser.php. Fixes #15525

Automatically use floating states for IPsec rules. Fix #15430

Default to an empty array for functions expecting a countable value

Do this for foreach() and count().

Update all direct config access with accessor functions

Use config accessors in traffic shaper functions

Use config accessors in certificate functions

Use config accessors in users and groups functions

Remove potential direct config references when displaying form rows

The first eval() change removes the reference and has no functional
effect given that $pkg_source_txt is not modified. While here, catch
any exceptions as well; before PHP 7, eval() would return false on...

Move to is_platform_booting()

The function platform_booting() is deprecated.

Move from ${var} to {$var}

The use of ${var} has been deprecated since PHP 8.2

Move to date()

The function strftime() is deprecated since PHP 8.2

Move to str_replace()

The function ereg_replace() is deprecated since PHP 5.3.

Move to preg_match()

The function ereg() is deprecated since PHP 5.3.

Remove superfluous argument

The product label was mistakenly separated in 573ec19. Now simply remove it.

Remove superfluous function arguments

Added in 0eae38c

Correctly detect changed settings

Correctly set duplicates limit in forms

Fix missing variable assignment in 22dbacd

Fix missed changes in f593f80

The argument being removed was previously used to retrieve optX
interfaces; this no longer applies.

Fix missed changes in 0e2bed2

The "level" is determined automatically by the function.

Fix missed changes in c618897

The function parameter was removed since it was not used.

Fix missed changes in 015a482

The IP Protocol is now determined automatically be the function.

Fix missed changes in the transition from ipfw to pf

Fix typos and copy/paste issues

Issues found by the PHP linter mostly include typos and usage of
unassigned variables. To address these, traverse the commit history
to determine the intent.

Fix PHP linter issues

Set correct value when toggling CARP maintenance

Correct inconsistent CRL tab names. Fixes #15454

Add boot method to sysinfo widget. Implements #15422

Fix usermgrpasswd check for non-privileged users. Fixes #15442

Fix syntax when moving IPsec P2. Fixes #15384

Set FW log widget min interval to 5. Fixes #12673

Fix syntax error (short open tag)

Fix log widget callback filename. Issue #12673

Improve the messaging used when the upgrade system is busy.

Replace the generic 'error' message by a correct and more clear message.

Reflect config value of ddnsreverse for DHCPv6. Fixes #15118

Disallow hostnames in Kea NTP. Fixes #14991

• If they are in the config.xml data already, do not write them into
  the Kea configuration.
• Do not allow the user to enter them in the GUI

Instrument the upgrade JSON data with more information about errors and failures.

Now, with the proper return code, instead of presenting no data to the user when
the pfSense-upgrade is busy (running in background), explain properly what is
happening.

Catch/handle some HTTP errors. Implements #15322

• Catch 50x errors, even from PHP FPM, so users don't end up with a
  blank white screen if an error happens too early in processing.
• Catch 404 errros.
• Handle both with static pages since PHP-FPM may have an issue of its...

Correct empty resolver alias handling. Fixes #14942

Adjust unbound host alias validation. Fixes #14942

Add self-service user pw mgr to menu/tab. Issue #15266

No need to hide this since it's convenient and works well.

While here, make all tab arrays in the user manager consistent.

Fix FW log multiple instance bug. Fixes #15339

Move the mdiff function into pfsense-utils.inc and also rename it so its
purpose is more clear.

Add password check mode to usermgrpasswd. Issue #15266

More accurate priv check for warning. Issue #15266

Improve user password warning boxes. Issue #15266

- Show warnings for user accounts as well as admin
- Try to send the user to the self-service password
manager page if they have access
- Move the test/error generation to a function so it
is simple to reuse....

Use pw validation function in wizard. Issue #15266

Centralize password hints. Issue #15266

Reduces repetition and makes it easier to maintain.

User Manager shell scripts. Issue #15266

• usermgrwhoami prints info about the current user from the user manager
  database.
• usermgrpasswd allows root/admin to change passwords for user manager
  entries from the shell/console.

Password validation for user manager. Issue #15266

Log widget fast update changes. Fixes #12673

Submitted-By: LouisAtGH @ GitHub

status_interfaces.php: make sure "{}" is expanded by PHP and not be sh

pkg_mgr_install.php: ensure pkg_switch_repo reads latest config

Password management changes. Part of issue #15266

• Add function to determine if a given password is valid for use.
• Revise the self-service password change page to be more user-friendly
  and to handle password validation.
• Leave room for Plus to utilize additional restrictions.

Ensure RO user cannot trigger QinQ operations. Fixes #15318

Ensure RO user cannot trigger VLAN operations. Fixes #15282

While here, fix a problem that prevented a VLAN delete operation that
failed from displaying errors.

More PHP error handling changes. Fixes #15263

• Clean up outdated code/comments
• Change how error messages are formed in different contexts
• Allow warnings to be handled if debugging is enabled
• Fix diag_command.php parsing/handling of error detection and output

Use correct option when removing groups. Fix #15067

While there, add comments for clarity.

Suppress Kea status info w/sample confs. Fixes #14953

Don't add overflow scroll to static navigation menu. Fix #7943

Restores old behavior to the static navigation menu.

Improve input validation for Captive Portal MAC masks

Now rejects decimal masks and masks of size 0.

Support blocking MAC addresses with a mask. Implement #15257

The Captive Portal allows for blocking specific MAC addresses without
using pf rules so a message can be displayed to the client. With this
change, masks can be used to block partial addresses.

Fix some SFP module info fields. Fixes #15112

Text format changed slightly in ifconfig, so regex patterns had to be
changed to match

Add hardware IDs for 4xxx QAT. Implements #15233