pfSense

Fix warnings in guiconfig.inc, unexpanded string in get_config_path call

Replace config array accesses in guiconfig.inc

Change some config array accesses in interfaces.php

Replace some config array access in services_dnsmasq.inc

Replace config array accesses in create_interface_list()

Fix multilevel array access outside config in util.inc

• Add generic array get/set path and path_exists functions to util.inc
• Wrap these more generic versions with the confg_* equivalents

Make list assign from explode output safer

• Make the explode limit to the number of expected items
• Assign values by array_shift() to prevent undefined key warns

Fix some undefined variable warnings

Fix several unsafe multilevel config array accesses in setup wizard

Correct single quoted string with parameter expansion

Silence unused/undef'd variable warnings in filter.inc

Replace multilevel config array access around the web gui port

Replace multilevel config array accesses regarding openvpn

Replace multilevel array accesses regarding v4 and v6 gateways

Replace more problematic multilevel config array access

Fix text_to_compressed_ipv6() to omit %ifname from v6 addresses

Prior to this, v6 addresses would be considered by Net_IPv6::compress() to have
an ipv4 part consisting of all text from the address from the final colon
separator, and try to treat it as such. This is now problematic in php 8 as when...

Use config_path_enabled() and config_get_path() for troublesome paths

Add config_path_enabled() function and associated tests

Replace more direct config array access with config_get_path()

Change numerous direct references into config to config_get_path()

Correct dhcpv6 enable check to use config_get_path()

Use config_get_path for openvpn interfaces and ifgroups

Use config_get_path for looking up static ARP entries

Use config_get_path() for friendly ifnames and vlan configs

These elements may not exist in the config depending on the user config and
available ifaces, causing errors in php 8 when attempting to do element access
on a string or nil value.

Make php stdout and stderr less verbose for nonfatal messages

Add missing require of interfaces.inc to util.inc

Correct required param after optional param syntax errors

Silence warnings about missing global key 'booting'

Add config_get_path and config_set_path for config element access

config_get_path and config_set_path allow the user to specify a configuration
element by path rather than by direct access to the global config array. This
has several advantages, including eliminating errors attempting to access...

Inhibit startup error printing to stdout in read_global_var

Add php81 extensions dir path

Use array_values() to expand $cert_curve_compatible

In php8, call_user_func_array expands the $cert_curve_compatible array into
named parameters for nominated func array_merge(), which returns an error upon
being called with unknown named parameters. To fix this, explicitly select the...

Select default php version 8.1

Consider EC digest prefix when renewing CA/Cert. Fixes #13437

Merge pull request #4611 from jaredhendrickson13/fix_system_advanced_firewall_validation

fix: corrects validations for various fields in system_advanced_firewall.inc

CRL lifetime fixes to avoid rollover. Fixes #13424

Skip URL tables with invalid names. Fixes #13425

Clean up+encode pkg rule filenames. Fixes #13426

captiveportal: fix comment

Restore the correct comment, as pointed out by "Fole Systems" in
https://redmine.pfsense.org/issues/13323#change-62565

Update UPnP status regex. Fixes #4500

Submitted-By: rtadams89 @ GitHub PR #4610

Correct omission of ipv6 addresses in get_interface_addresses. #11545

The original v6 translation wrapping from pfSense_get_ifaddrs() output to that
of pfSense_get_interface_addresses had some confusion around array keys that is
resolved in this commit.

CA/Cert descr validation fixes. Fixes #13387

Validate description on save when editing and in other situations that
were not yet covered.

While here, ensure that errors when editing a cert leave the user on the
cert edit screen properly, but successful cases return to the cert list....

Add two missing '\n' to pkg.conf.

This file is quickly overwritten by the (correct) version written by
pfSense-upgrade, this makes this failure hard to see.

Zabbix 5.4 is EoL so remove it

Get radius nas ip from correct variable. Fix #13356

Check for empty config.xml restore. Fixes #13289

Build security/pfSense-pkg-Tailscale

Build security/tailscale

Trim leading space from CSV vouchers. Fixes #13272

Fixed handling of single rule selected with multi-delete Issue #9887

Ensure we apply policy routing on whitelisted captive portal MAC addresses

We cannot simply 'pass in quick' for the _patthru tagged packets,
because that means we don't process any subsequent policy routing (or
other user) rules.

We want the _passthru tagged (i.e. whitelisted by MAC address) packets...

Filter reload at end of rc.newwanip. Fixes #13228

Don't force DNS to use 4/6 here. Fixes #13318

It's not trying to force communication with a
specific address family DNS server.

get_interface_addresses: Silence array_filter warnings

Clean up old repo files that are not needed any longer since we just template the one

Clarify delegated IPv6 prefix source. Fixes #13310

Indicates the tracked interface and prefix ID, which is more important
now that delegation works from multiple upstream sources.

Remove incorrectly restored code. Fixes #13308

Set PKG_REPO_BRANCH_DEVEL to match the branch name

Omit VIPs from interface address selection. Fixes #11545

Add function get_interface_addresses() which wraps around pfSense_get_ifaddrs() and
filters VIPs before selecting an interface v4 and v6 address.

Replace all use of pfSense_get_interface_addresses() with get_interface_addresses()

Centralize the branches into builder_defaults.sh to simplify and eliminate overwriting the variables

Add version config for use by pfSense-repo

Template the versions as well

Fix OpenVPN override TN handling. Fixes #13274

Set CP pipeno consistently when null. Fixes #13265

Encode filename browser.php. Fixes #13262

Disable distclean to prevent removing distfiles that are still in use

dhcp6 range check/tracked prefix. Fixes #12527

Switch to hping3 since hping has been EoLed and removed upstream

Merge pull request #4590 from luckman212/fix-omission-of-pr4551

Merge branch 'pfsense:master' into fix-omission-of-pr4551

oops. forgot to actually process the dpinger_dont_add_static_routes flag

Always use rstold script header. Fixes #13238

Update CARP status state sync note. Fixes #12701

Change Captive Portal anchors order and remove tagged option from L2 rules.

Do not duplicate Captive Portal passthru rule if HTTPS login is enabled

Always display Global Root CA List. Fixes #13185

Reload Captive Portal rules on nomacfilter or per-user bandwidth change. Fixes #13216

Check CP rules tag on all steps. Fixes #13215

Get all nested anchors when drilling. Fixes #13142

captiveportal: Add both https/http rules for cps with https. Fixes #13212

Alter captiveportal_zone_portalports to return an array of alias/port pairs
rather than a single pair. If https is enabled on the cp zone, then both https
and http sets are returned....

Fix CP pipe function call. Fixes #13204

Remount ZFS datasets after configuring RAM disks to ensure they are used. For #13182

Fix RAM disk handling in pfSense-rc on ZFS

Improvements to ramdisk functions for improved handling on ZFS

PKG_DBDIR/CACHEDIR should be accessed at /var/db/pkg and /var/cache/pkg in all cases

Revert "Fixes RAM disk handling on ZFS (support boot environments)"

This reverts commit e6b47d6812b1a46738c75a8991cd1393b200d7ef

Fixes RAM disk handling on ZFS (support boot environments)

Revert "Fix RAM disk support for ZFS layout changes related to BEs. Fixes #13182"

This reverts commit b9097e4cfe3fcbdec86a00a5a470d93d05ea8102

Captive Portal pipes reserve fix. Fixes #13204

Generate floating rules with "any" interface. Fix #13203

Fix RAM disk support for ZFS layout changes related to BEs. Fixes #13182

Do not force setting a gateway with floating match limiter rules. Fix #13027

Incompatible OpenVPN P2P option note. Issue #13189

Captive Portal hostname pipes delete fix. Issue #13193

captiveportal: Only apply per-user default bw to pipes for user auth. Fixes #13192

captiveportal_pipe_configure() was unaware of the context of the pipes it was
creating (user auth vs. allowed mac/ip/host), and always applied the default
pipe bandwidths in the absence of form specified values. This change allows the...

captiveportal: Correct errors in passthru mac deletion. Fixes #13192

Correct identifier mismatches in captiveportal_passthrumac_delete_entry()
($hostent vs $mac)

Correct and rename captiveportal_get_dn_passthru_ruleno() to
captiveportal_get_dn_passthru_pipes. This function was called to retrieve a...

Revert "Destroy deleted/disabled IPsec SA. Fixes #13102"

This appears to be causing a pileup of swanctl processes on systems with
a significant number of disabled tunnels.

This reverts commit d90552c59e51fb13c712b6a96a51ca2462424156.

Remove orphaned ram disk backup script

Fix pf rule for 'any' proto. Fixes #4259