pfSense

Remove dead statement as per rector

Spelling fixes. Fix #13357

• Incorrect input validation for `dhcp6c` `keyinfo expire` `forever` keyword in `interfaces.inc`.
• Incorrect input validation for associated rule's `Source Port` in `firewall_rules_edit.php`.
• Incorrect `voucher*.` file lock reference in `status_captiveportal_voucher_rolls.php`....

Cleanup some unreachable statements as per Rector.

Merge pull request #4596 from luckman212/update-rc.initial-202206

Merge pull request #4606 from KoenZomers/DNSExitFix

Merge pull request #4605 from kaedros/master

Remove duplicate reserved alias names. Fix #13524

Respect bind interfaces in unbound. Fix #13393

Also create DHCPv6 rules for interfaces with static IPv6. Fix #13633

Update/cleanup DHCP 4/6 server text. Fixes #13250

Correct typo. Fixes #13663

While here, reduce a few differences with Plus.

Update the loader.conf filter list.

This remove the duplicate entries for the settings added by pfSense.

Sync with the current Plus defaults.

Correct codelq shaper input validation for firewall_shaper.php. Fixes #13661

Ensure all bandwidth values are cast to int before applying arithmetic to the
return value of get_bandwidth_typescale(). This alleviates failed validation
when the bandwidth is blank....

Misc EasyRule updates/fixes.

• Addresses several known issues in EasyRule. Fixes #13445
• Updates syntax to new style for PHP 8.1. Fixes #13627

Fix config_del_path() if the node doesn't exist

If the node we're trying to delete with config_del_path() doesn't exist
array_del_path() will fail as follows:

Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/util.inc:3459...

Add bxe to the ALTQ capable interfaces list

Redmine: #13304

Backup/Restore fixes for dup SSH/RRD. Issue #13132

Fixes for multiple SSHDATA or RRDDATA sections in config.xml

• On backup, strip out any existing SSH and RRD data sections before
  adding new ones.
• On restore, remove any empty data sections and if there is more than...

Rewrite functions for toggle & delete NAT. Fixes #13545

Refine IPsec deprecation behavior. Issue #13648

P1 and P2 entries are only disabled if they have no remaining valid combinations of options. This way tunnels that just had one bad entry selected can continue working.

Replace direct config accesses regarding ssh configuration. Fixes #13645

In system_advanced_admin.inc, use config interface funcs instead of direct
$config access regarding ssh configuration nodes. Also initialize the ssh
section as an array if it doesn't exist in system_advanced_admin.php to prevent...

Replace some direct config accesses in util.inc. Fixes #13640

Remove cxgbe (cc) from the ALTQ capable list

Despite what the relevant man page claimed (now fixed) the cxgbe driver
has not supported ALTQ since 2012. Do not allow ALTQ to be enabled on
those interfaces.

This reverts b3979f4abe9ecb2bdd59cbbcb61e3eccf9180b79....

Remove invalid quotes from charon attr plugin attributes. Fixes #13579

Fix setting EFI boot console type. Issue #13080

For some reason the EFI loader is forcing boot_serial=YES when it is not
set in the loader configuration. To work around this, we must set it to
NO explicitly. The loader menu displays the wrong type still but it...

ipsec: remove warnings about now removed algorithms

Redmine: #9247

ipsec: disable any tunnels using 3des, blowfish, cast128 or md5 during upgrades

Redmine: #9247

ipsec: remove obsolete algorithms

These are no longer supported in FreeBSD main. Ensure they can no longer be configured.

Redmine: #9247

ipsec: allow CHACHA20-POLY1305 to be configured

Redmine: #9246

Replace direct config accesses in firewall_rules_edit.php. Fixes #13614

Revert "Change OpenVPN auth to php-cgi for the time being. Fixes #4521"

This reverts commit 1bfdb794cb2a06932da0029ca37f9727c3f74274.

openvpn: don't IFF_UP the new tun interface

New openvpn versions set TUNSIFMODE, which FreeBSD's if_tuntap only
allows on interfaces which are not up.

So, don't up the tap interface when we create it. Leave that to openvpn
itself.

Redmine: #13602

Fix malformed format strings in French translation. Fixes #13607

Fix config path typo when installing firewall schedule cron job. Fixes #13605

Correctly handle port aliases in port forwarding rules. Fixes #13601

Fix potentially problematic config access in sshd enable/disable. Fixes #13599

Fix array initialization in rc.initial.setlanip. Fixes #13583

Remove direct $config accesses form rc.filter_synchronize. Fixes Issue #13446

Skip empty dnsmasq custom options

Perform proper input validation on static DHCP mapping additional BOOTP/DHCP Options. Fixes #13584

Fix saving dhcp6c-dns setting in services_dhcpv6.php. Fixes #13594

services_dhcpv6.php: Fix a PHP81 config access error

Remove extraneous and malformed meta refresh tag during proto/port change for web UI. Fixes #13591

Fixes for problematic config access in rc.initial.setlanip. Fixes #13583

More PHP81 fixes for gwlb.inc. Fixes #13563

Change text in info block on Status > IPsec. Fixes #13398

OVPN linkdown script improvements

Omit irrelevant info from auth error. Fixes #13574

Make a better effort to describe an alias reference. Fixes #13539

Each of deleteAlias(), openvpnAlias(), and staticrouteAlias() are called when
deleting or modifying an alias to indicate that it is referenced by some other
configuration item, which in turn call find_alias_reference() which returns...

Do no reload the filter if $apply is false in deleteAlias. Fixes #13538

Fix LDAP authentication for PHP8.1. Fixes #13559

Fix session timeout expiry. Fixes #13561

Fixed usage of image_type_to_extension. Fixes #13396

Fix shaper.inc for PHP81. For #13553

Fix PHP error when editing aliases w/o if groups.

Fix PHP error in LAGG pages

Convert RSS Widget to use simplepie via Composer

Update firewall_nat_out.inc for PHP81

Fix firewall_nat_1to1.inc for PHP81

Fix PHP81 error in firewall_nat.inc

Fix carp_status.widget.php for PHP81. Fixes #13535

PHP81 fix in gwlb.inc. For #13514

Fix syntax error in system_authservers.php. For #13533

Fix a PHP81 bug in system_authservers.php

Encode path+fn in browser.php. Fixes #13262

Update dhcp rule description

Update reserved alias names. Fix #13524

DHCP/v6 PHP8 error fixes for some cases.

If a config starts with only WAN, no LAN assigned, there are a number of
tags that were not handled properly on DHCP, DHCPv6, and RA.

Fixed up some other unrelated low-hanging fruit while I'm here, but all
of these files need a lot more work for PHP8.

Initialize $groups in local_user_get_groups to non-null. Issue #13446

Fix service status widget listing of non-disabled services

Fix handling of empty entries in NTP interfaces.

Prevent array/config_get_path() from overriding 0 values

Change the semantics of array_get_path() and config_get_path() so that only
empty strings at a path are overridden by $default if non-null, so that
legitimate 0 values set in the config are not overridden as empty() returns true...

Replace direct config accesses in auth.inc. Issue #13446

Additionally, change local_group_del_user() to include the index of the group in
the path to the group's member list when removing the user from it. This appears
to have been broken in the original code. With this fixed, remove the redundant...

Add quotes around variable usage to prevent word splitting

Avoid using -o in test(1)

-1 is not allowed, exit only uses 0-255

Avoid using -a in test(1)

-1 is not allowed, exit only uses 0-255

Add quotes around variable usage to prevent word splitting

Always set interface-automatic in unbound config. Fix #13393

PHP8 updates for resolver host editing

Fix PHP syntax in prefixes.php

Fix array_get_path() not returning $default for null-like values. #13446

In array_get_path(), a $default provided that is not null is intended to invoke
alternate behavior where if the path exists and is empty, $default should be
returned. This requires not identical compare as opposed to a not equal compare,...

Fix DDNS GW check PHP error

We need to get the status value from the returned array, not use the
array itself.

Revert "Workaround new pkg(8) behavior causing files with "NULL" in the path to be..."

This reverts commit 8b7ab58088f15bec9f9d5cede5fdcd8e3b9fe10e

PHP8 fixes for service status widget. Fixes #13506

Workaround new pkg(8) behavior causing files with "NULL" in the path to be skipped on install. Fixes #13394.

qinq: use if_vlan rather than netgraph

if_vlan now supports QinQ, so use that rather than netgraph. This is
expected to perform better, removes a subsystem dependency and
simplifies the php code as well.

Note that this is not possible on stable/12.

Remove unused argument from interface_qinq_configure()

$fd is always NULL, so there's no point in having branches for it.

Correct config_path_enabled path in system_generate_nginx_config. #13446

Path corrections to system.inc. Issue #13446

• Corrected single quote strings wwith variable expansion
• Corrected 2-deep paths that were incorrectly pattern replaced to
  array_get_path('foo','bar' instead of array_get_path('foo/bar')

Correct edns config path in system_resolvconf_generate. Issue #13446

Make *_get_path() return $default for empty values. Issue #13446.

When $default is non-null and the path resolves to an empty element, return
$default instead of the value. This allows callers to intentionally ignore empty
values by specifying $default and simplifies the expressions needed to determine...

Fix for system.inc. For #13446

Properly quote variables

No functional change intended

Fix missing ikeid in created ipsec p1. Issue #13446.

When a new or duped p1 is submitted, $p1ent['ikeid'] is an empty string. Prior
to php 8.0, comparing ($p1ent['ikeid'] == 0) for the empty string would yield
true, allowing the code to properly create and assign a new ikeid by calling...

Replace direct config accesses in system.inc. Issue #13446.

Correct service enabled detection

Fix PHP8 issues in rc.openvpn and rc.carp*

Fix services installation only installing the last service of a pkg. Issue #13446.

The original re-fetched the services list from the config at every iteration
over the package's services list when adding services during installation. After
moving to a get/set model for the config, this discarded service added at each...