pfSense

RemoveUnusedForeachKeyRector runresults

Remove dead statement as per rector

Update `Submitting a Pull Request via GitHub` link

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

Spelling fixes. Fix #13357

• Incorrect input validation for `dhcp6c` `keyinfo expire` `forever` keyword in `interfaces.inc`.
• Incorrect input validation for associated rule's `Source Port` in `firewall_rules_edit.php`.
• Incorrect `voucher*.` file lock reference in `status_captiveportal_voucher_rolls.php`....

Cleanup some unreachable statements as per Rector.

Merge pull request #4596 from luckman212/update-rc.initial-202206

Merge pull request #4606 from KoenZomers/DNSExitFix

Merge pull request #4605 from kaedros/master

Remove duplicate reserved alias names. Fix #13524

Respect bind interfaces in unbound. Fix #13393

Also create DHCPv6 rules for interfaces with static IPv6. Fix #13633

Add initial support for Rector dev tooling.

Update/cleanup DHCP 4/6 server text. Fixes #13250

Correct typo. Fixes #13663

While here, reduce a few differences with Plus.

Update the loader.conf filter list.

This remove the duplicate entries for the settings added by pfSense.

Sync with the current Plus defaults.

Update the EFI loader from the package installation script.

The simply action of installation the script will perform the loader update.

Correct codelq shaper input validation for firewall_shaper.php. Fixes #13661

Ensure all bandwidth values are cast to int before applying arithmetic to the
return value of get_bandwidth_typescale(). This alleviates failed validation
when the bandwidth is blank....

Misc EasyRule updates/fixes.

• Addresses several known issues in EasyRule. Fixes #13445
• Updates syntax to new style for PHP 8.1. Fixes #13627

Add devel/pecl-xdebug to poudriere_bulk

Fix config_del_path() if the node doesn't exist

If the node we're trying to delete with config_del_path() doesn't exist
array_del_path() will fail as follows:

Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/util.inc:3459...

Add bxe to the ALTQ capable interfaces list

Redmine: #13304

Backup/Restore fixes for dup SSH/RRD. Issue #13132

Fixes for multiple SSHDATA or RRDDATA sections in config.xml

• On backup, strip out any existing SSH and RRD data sections before
  adding new ones.
• On restore, remove any empty data sections and if there is more than...

Rewrite functions for toggle & delete NAT. Fixes #13545

Refine IPsec deprecation behavior. Issue #13648

P1 and P2 entries are only disabled if they have no remaining valid combinations of options. This way tunnels that just had one bad entry selected can continue working.

Replace direct config accesses regarding ssh configuration. Fixes #13645

In system_advanced_admin.inc, use config interface funcs instead of direct
$config access regarding ssh configuration nodes. Also initialize the ssh
section as an array if it doesn't exist in system_advanced_admin.php to prevent...

Replace some direct config accesses in util.inc. Fixes #13640

Remove cxgbe (cc) from the ALTQ capable list

Despite what the relevant man page claimed (now fixed) the cxgbe driver
has not supported ALTQ since 2012. Do not allow ALTQ to be enabled on
those interfaces.

This reverts b3979f4abe9ecb2bdd59cbbcb61e3eccf9180b79....

Remove invalid quotes from charon attr plugin attributes. Fixes #13579

Fix setting EFI boot console type. Issue #13080

For some reason the EFI loader is forcing boot_serial=YES when it is not
set in the loader configuration. To work around this, we must set it to
NO explicitly. The loader menu displays the wrong type still but it...

make.conf: enable GCM for strongswan

This will also cause a rebuild, which we need to get chacha20 support
now that the kernel supports it.

ipsec: remove warnings about now removed algorithms

Redmine: #9247

ipsec: disable any tunnels using 3des, blowfish, cast128 or md5 during upgrades

Redmine: #9247

ipsec: remove obsolete algorithms

These are no longer supported in FreeBSD main. Ensure they can no longer be configured.

Redmine: #9247

ipsec: allow CHACHA20-POLY1305 to be configured

Redmine: #9246

Replace direct config accesses in firewall_rules_edit.php. Fixes #13614

Revert "Change OpenVPN auth to php-cgi for the time being. Fixes #4521"

This reverts commit 1bfdb794cb2a06932da0029ca37f9727c3f74274.

openvpn: don't IFF_UP the new tun interface

New openvpn versions set TUNSIFMODE, which FreeBSD's if_tuntap only
allows on interfaces which are not up.

So, don't up the tap interface when we create it. Leave that to openvpn
itself.

Redmine: #13602

Fix malformed format strings in French translation. Fixes #13607

Fix config path typo when installing firewall schedule cron job. Fixes #13605

Correctly handle port aliases in port forwarding rules. Fixes #13601

Add knobs for zabbix62

Remove knobs that are already the default, like IPv6.

Fix potentially problematic config access in sshd enable/disable. Fixes #13599

Fix array initialization in rc.initial.setlanip. Fixes #13583

Remove direct $config accesses form rc.filter_synchronize. Fixes Issue #13446

Skip empty dnsmasq custom options

Perform proper input validation on static DHCP mapping additional BOOTP/DHCP Options. Fixes #13584

Fix saving dhcp6c-dns setting in services_dhcpv6.php. Fixes #13594

services_dhcpv6.php: Fix a PHP81 config access error

Remove extraneous and malformed meta refresh tag during proto/port change for web UI. Fixes #13591

Fixes for problematic config access in rc.initial.setlanip. Fixes #13583

More PHP81 fixes for gwlb.inc. Fixes #13563

Change text in info block on Status > IPsec. Fixes #13398

OVPN linkdown script improvements

Omit irrelevant info from auth error. Fixes #13574

Excluded valgrind from arm since it has not been ported there

Make a better effort to describe an alias reference. Fixes #13539

Each of deleteAlias(), openvpnAlias(), and staticrouteAlias() are called when
deleting or modifying an alias to indicate that it is referenced by some other
configuration item, which in turn call find_alias_reference() which returns...

Do no reload the filter if $apply is false in deleteAlias. Fixes #13538

Add Zabbix 6.2 pfSense packages to the list to build

Fix LDAP authentication for PHP8.1. Fixes #13559

Fix session timeout expiry. Fixes #13561

Add valgrind to pfPorts

Fixed usage of image_type_to_extension. Fixes #13396

Fix shaper.inc for PHP81. For #13553

Fix PHP error when editing aliases w/o if groups.

Fix PHP error in LAGG pages

Convert RSS Widget to use simplepie via Composer

Revert adding textproc/php81-xml{,reader}

Sort poudriere_bulk package list.

Add textproc/php81-xml and textproc/php81-xmlreader

Update firewall_nat_out.inc for PHP81

Fix firewall_nat_1to1.inc for PHP81

Fix PHP81 error in firewall_nat.inc

Add simplepie to composer manifest

poudriere: add drm-510-kmod

The i915kms driver is no longer part of the base system, but has to be
installed from ports instead. Build the port.

Redmine: 13522

Fix carp_status.widget.php for PHP81. Fixes #13535

Update composer.lock for PHP81

Add a new core package, pfSense-boot to hold the OS boot files.

This package will be used to allow the update of the OS loader,
which needs to happen on the first phase of the update, before the
boot of the new kernel.

Remove the /boot files the base core package....

PHP81 fix in gwlb.inc. For #13514

Fix syntax error in system_authservers.php. For #13533

Fix a PHP81 bug in system_authservers.php

Encode path+fn in browser.php. Fixes #13262

Update dhcp rule description

Update reserved alias names. Fix #13524

DHCP/v6 PHP8 error fixes for some cases.

If a config starts with only WAN, no LAN assigned, there are a number of
tags that were not handled properly on DHCP, DHCPv6, and RA.

Fixed up some other unrelated low-hanging fruit while I'm here, but all
of these files need a lot more work for PHP8.

Initialize $groups in local_user_get_groups to non-null. Issue #13446

Merge branch 'master' of gitlab.netgate.com:pfSense/pfSense

Add net/intel-em-kmod to the poudriere_bulk list of packages.

Requested by: stevew

Fix service status widget listing of non-disabled services

Fix handling of empty entries in NTP interfaces.

Prevent array/config_get_path() from overriding 0 values

Change the semantics of array_get_path() and config_get_path() so that only
empty strings at a path are overridden by $default if non-null, so that
legitimate 0 values set in the config are not overridden as empty() returns true...

Replace direct config accesses in auth.inc. Issue #13446

Additionally, change local_group_del_user() to include the index of the group in
the path to the group's member list when removing the user from it. This appears
to have been broken in the original code. With this fixed, remove the redundant...

Build Realtek kmod pkg for testing.

Revert "Temporarily remove lsof and Telegraf from the build until fixed on main"

This reverts commit 363ea6b079308123e8286bbf10fef3625b523fab.

Patches needed for building on main have landed, so bring these back in

Add pkg rootdir support to core packages

Add quotes around variable usage to prevent word splitting

Avoid using -o in test(1)

-1 is not allowed, exit only uses 0-255

Avoid using -a in test(1)

-1 is not allowed, exit only uses 0-255