pfSense

CA/Cert descr validation fixes. Fixes #13387

Validate description on save when editing and in other situations that
were not yet covered.

While here, ensure that errors when editing a cert leave the user on the
cert edit screen properly, but successful cases return to the cert list....

Encode alias URL before display. Fixes #13060

(cherry picked from commit ac6e07b50d1f72d689eee3ad16427c975482adc3)

Modify CP rules to work on 22.01/2.6.0. Fixes #12834

Use http_build_query() for Google Domains DDNS post data. Fixes #12754

One-time NTP sync from static servers NG 7447

(cherry picked from commit 4745879c9967682624a2e87e190ebc12ba6f985b)

Sanity check the clock at boot. Issue NG 7447

(cherry picked from commit 42ed3b9d540c101617eaa00581c527673f6206a2)

Delete temporary ACB files. Fixes #12745

(cherry picked from commit 17490b15e73c048f8ff42df203c31942e9e2ce73)

Welcome pfSense CE 2.6.0-RELEASE

Clean up pkg filter text before use. Fixes #12725

Also remove unnecessary echos of the value.

(cherry picked from commit 5d82cce0d615a76b738798577a28a15803e59aeb)

Default repo selector to stable repo after upgrade to Plus

(cherry picked from commit c83b195f258f472ce1d45305b56352bdd36cdbc0)

Detect correct setting for custom repo and call pkg_switch_repo to be sure

(cherry picked from commit fccb675a6bb930ccb7cd62ff1287ee209929d49e)

Revert clearing custom repo on boot

(cherry picked from commit 2368c2cf715d1fa7455fcc65b55e5cd96d4a21ca)

Revert "Move custom repo removal code to a better location in rc.reboot"

This reverts commit e696b0868a495af4f19505b8261f25d6604adc8d.

Correct PHP syntax error. Fixes #12713

(cherry picked from commit f73ace96e837ca2f0957a5fafe5794e033231c2e)

Move custom repo removal code to a better location in rc.reboot

(cherry picked from commit e696b0868a495af4f19505b8261f25d6604adc8d)

openvpn.tls-verify.php exec() output fix. Issue #11829

(cherry picked from commit a80cf2c919c3abc5eb4eb479d7058ea6e69afc49)

Fix ARP table interface names. Fixes #12698

(cherry picked from commit 81e7e462f00a031f6010bfcc955681a6ccdeac7b)

ldap_get_groups() return value fix. Issue #12699

(cherry picked from commit bbca801ce97dfee00be51175aa849f13d66e3738)

Don't del ONAT rules w/o selection. Fixes #12694

(cherry picked from commit f783d68bd1708f7845fc21f035b4f3232a6f435d)

Delete all custom files if the custom repo specification is incomplete

(cherry picked from commit 51ef2e44e96254b9b3019ebf3bcaa5799f03ce79)

OpenVPN validation improvements. Fixes #12677

Added validation for the following fields:

• OpenVPN Server:
  • mode, dev_mode, protocol, interface, ecdh_curve, digest,
    engine, cert_depth, caref, crlref, certref, allow_compression,
    compression, tlsauth_keydir, netbios_ntype,...

Improve OpenVPN Data Cipher handling. Fixes #12677

(cherry picked from commit 78ce96a9af3b2ab5159ef6623078bfc4b15f8a89)

Switch configurations to point to 2.6.0.

Reviewed by: garga

Redirect user to / if Plus and attempting to directly access system_register.php

Make registration process contingent on PLus vs CE to accommodate automatic CE -> Plus merging

netgate-ca.pem is now in the base image at /usr/local/share/${product_name}/ssl/netgate-ca.pem

Update the git protocol.

For more details see: https://github.blog/2021-09-01-improving-git-protocol-security-github/

Use /conf/restore_config_data trigger file to restore extra data on install. Feature #12518

Fix default password warning check. Fixes #12666

Use the existing function to check the password to avoid duplicating
effort.

Improve solo weighted GW in Failover. Issue #12660

If there is only one gateway to add in a macro definition, there is
no point in repeating the string based on the gateway weight.

This is a potential contributing cause to issue #12660

Disable DNS Resolver recursion if the selected outgoing interfaces are not available. Fixes #12460

Originally-By: Viktor Gurov

Revert "Use OpenVPN async client-connect, clear stale rules, add option to limit connections per user. Implements #12407 and #12332 and #12267"

This reverts commit 7aaa20d95a345c4688e8786c755c7d0433451688.

Fix "assignement" typo. Fixes #12383

Update the Copyright year of the files owned by Rubicon/Netgate.

Create port forward rules for PPPoE Servers interface. Fixes #12452

Fix SSH keys permissions on restore. Fixes #12637

Do not update Dynamic DNS if the public IP address cannot be determined. Fixes #12617

Ignore DynDNS requestif for non-custom providers. Fixes #12631

Use installer_copied_config as an extra data restore trigger. Issue #12518

Fix PHP error on backup if SSH keys do not exists. Issue #12635

Merge pull request #4550 from znerol-forks/fix/master/radvd-search-list

Merge pull request #4541 from blkeller/document-auto-nat

Merge pull request #4546 from olehfb/namedotcom_dyndns

Merge pull request #4540 from spootle/master

Minor cosmetic fix in gateway widget.

Initialize searchliststring variable in every loop iteration

Make sure $sitems (skip items) is always an array.

Add tag 1 to Captive Portal passthrough MAC table. Fixes #12615

Do not update DNS RFC2136 if the public IP address cannot be determined. Fixes #12617

Pushover notifications fix. Issue #12614

Use Trusted Store CAs for Dynamic DNS. Fixes #12589

Bounce dipinger when bringing down interface that has a gateway

Restart RADVD on interface IPv6 address change. Fixes #12604

One.com DDNS update. Issue #12352

(cherry picked from commit 9a84d3b0b5e4709a5bde99d3edf4f8e89524b602)

2.6.0 is now BETA

Init tracker ID before filter reload. Fixes #12588

syslog: fix ridentifier retrieval when looking up by rule number

pf rules no longer include the ridentifier immediately after the rule
number but instead list it as a separate keyword like this:

@4(0) block drop in log inet all label "Default deny rule IPv4" ridentifier 1000105583...

Send Telegram/Pushover/Slack notifications on CARP MASTER event. Fixes #12584

Use notify_all_remote() in /etc/rc.notify_message. Fixes #12585

syslog: fix ridentifier retrieval

pf rules no longer include the ridentifier immediately after the rule
number but instead list it as a separate keyword like this:

@4(0) block drop in log inet all label "Default deny rule IPv4" ridentifier 1000105583

...

Rename 'tracker' to 'ridentifier'

FreeBSD has included our 'tracker' functionality, but calls it
'ridentifier' instead. Change the rule generating code to cope with
that.

IPsec RADIUS Advanced Parameters default value reset fix. Issue #12575

IPsec IKEv2 Retransmission options. Implements #12184

Revert "move firewall functions to include file"

This reverts commit a5a4cf87eeacfaf922151ce356fca1eee53762eb

Revert "Certmanager mvc"

This reverts commit 033c3ae82d20ca5760ed483cf8d0c947764b2371

Certmanager mvc

Restore RRD and extra data on bsdinstall config.xml restore. Implements #12518

Add missing upload_url to acbupload.php. Fixes #12572

Gateway/Group link fix on the firewall rules page. Issue #12555

IPsec on backup CARP group validation. Fixes #12566

Add dynamic DNS service provider Name.com, closes #12567

Do not display direction indicator on the non-floating tabs. Fixes #12559

Certificate fields input validation. Issue #12035

SNMP IPv6 support. Implements #12325

Input validation to prevent removing a gateway if it is still in use by DNS servers. Fixes #8390

Backup and Restore SSH Host Key(s). Feature #11118

Gateway / Gateway group edit on the firewall rules page. Implements #12555

Add a note about the AutoConfig backup behavior. Implements #12296

Route overlap input validation fix. Issue #12554

IPsec status isset+is_array phase2 check. Fixes #12550

move firewall functions to include file

Do not show the pulldown menu when rebooting after restoring AutoConfigBackup. Fixes #10662

Static routes handling update. Fixes #11599 #11895 #7547

• Confirmation box to apply static routes add/route/change
• Reloading routes using aliases after changing the alias
• Correct route updates after changing destination or gateway

Support DNS server gateway selection on ``system.php`` for multiple gateways not assigned to interfaces. Implements #12116

Update enableallowallwan to only include shaper.inc once.

Hide the Duplicate Connection Limit input field until the Duplicate Connection check box is ticked. Issue #12267

Interface Groups start digit input validation. Fixes #12529

Allow to select 3 (8s) NTP min poll value. Implements #9439

Fix typo

Ui3 bandwidth

Local Logging warning note. Issue #12511

DNS check improvements for fw check and ACB. Fixes #12141

Uninitialized config variables in interface_assign.php

Use OpenVPN async client-connect, clear stale rules, add option to limit connections per user. Implements #12407 and #12332 and #12267

Port Forward checks for special interfaces and reflection type. Fixes #12452

NTP Peer mode. Implements #11496

Input error message box on the interfaces_ppps.php page. Fixes #12514

Fix reservation on CE installs with a pool called 'zroot'.

Keep port value for PPPoE/L2TP/PPTP on interfaces.php page. Fixes #12498

pfSense-rc: Fix ZFS reservation

e804230c08 introduced an error when USE_ZFS is not set:

Starting syslog...done.
[: : bad number
Starting CRON... done.

Fix it by only checking if variable is not empty