pfSense

Config access regression in interface groups

Add scrolling when dislaying overflow columns for NTP status

kea: enable lease sanity checks to ensure data consistency. Fix: #15328

Config access regression in CAs. Fix #15578

Fix PHP error regression when listing system users

Merge pull request #4658 from MatthewA1/ntp-authentication-feature-8794

Add support for NTP authentication. Implement #8794

Initial implementation allows for one auth key between all servers.

URL encode HTTP_PROXY username and password. Fix #15565

Also enclose the fields with CDATA in config

Use the repo name when saving the branch selection

https://redmine.pfsense.org/issues/15560

Remove redundant system link step

This code regressed at some point, making $repo equal e.g.:
'/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0000.conf/pfSense-repo-24_03-rel.conf'
Remove the code since "repo-setup -U" handles the linking.

rc.embedded: ensure /var/run is available early

Revert "Add dns/powerdns to poudriere_bulk"

This reverts commit f30a1955ce187e3b66d15dce6f4270aee606bd71.

Add dns/powerdns to poudriere_bulk

Update text references to UPnP protocols

Correct config_get_path -> config_set_path in shaper.inc

Add defaults to config_get_path where needed in select files

Some calls to config_get_path may introduce errors if the key does not exist and
the default of null is returned. This commit changes some defaults in these files:

src/etc/inc/auth.inc...

Fix RRD script syntax regression

Handle failures to create an interface. Fix #14708

The function pfSense_interface_create2() may fail to create the
requested interface, in which case it returns the array:
['error'=>'Could not create interface']

Handle certificates with multiple CNs. Fix #15133

Multiple CNs are not supported. For compatibility, default to using
the first CN in the certificate instead of returning an error.

Add a helper function for unserialize(). Fix #15423

For calls to unserialize() which do not check for errors, use the
helper function instead.

Only apply state tracking to pass rules

State tracking only applies to pass rules. This was broken with the
refactor of 3e28d716.

Handle empty values during config upgrade. Fix #15362

The config may have an empty string - use 'empty()' instead of
'isset()' since '0' is not valid in this case.

Update the interface cache when configuring IPsec. Fix #15449

Introduce a default return value to the rest of the config functions

The current return values remain the same. The added safety checks
ensures the correct type when calling array_* functions, and allows
for more flexible error handling.

Remove ripgrep since we are not using it

Clean up rule generation code for state-tracking options

Improve readability and make it easier to adjust for future changes.

Fix checkbox always being unchecked on page load

For the GUI option introduced in #15430

Encode dir names in browser.php. Fixes #15525

Automatically use floating states for IPsec rules. Fix #15430

Avoid configuration loop with LAGG interfaces. Fix #14083

The fix to #9453 introduced a loop when configuring LAGG interfaces.
This happens when interface_lagg_configure() ultimately calls
set_interface_mtu() which also calls interface_lagg_configure(). Since...

Default to an empty array for functions expecting a countable value

Do this for foreach() and count().

Correct default for 'system/acb' in write_config() to empty array instead of null

Update all direct config access with accessor functions

Refactor config upgrade to use config accessors

Use config accessors in traffic shaper functions

Use config accessors in certificate functions

Use config accessors in users and groups functions

Remove potential direct config references when displaying form rows

The first eval() change removes the reference and has no functional
effect given that $pkg_source_txt is not modified. While here, catch
any exceptions as well; before PHP 7, eval() would return false on...

Move to is_platform_booting()

The function platform_booting() is deprecated.

Move from ${var} to {$var}

The use of ${var} has been deprecated since PHP 8.2

Move to date()

The function strftime() is deprecated since PHP 8.2

Move to mb_convert_encoding()

The functions utf8_encode()/utf8_decode() are deprecated since PHP 8.2

Move to str_replace()

The function ereg_replace() is deprecated since PHP 5.3.

Move to preg_match()

The function ereg() is deprecated since PHP 5.3.

Move to foreach()

The function each() is deprecated since PHP 7.2.

Move to password_hash()

Use of crypt() requires a salt since PHP 8.0. Use password_hash() to align with 8ddf2b5.

Remove superfluous argument

The product label was mistakenly separated in 573ec19. Now simply remove it.

Remove superfluous function arguments

Added in 0eae38c

Correctly detect changed settings

Return a value in convert_openvpn_interface_to_friendly_descr()

Calls to this function expect a return value which is then echo'd.

Correctly set duplicates limit in forms

Fix missing variable assignment in 22dbacd

Fix missed changes in f593f80

The argument being removed was previously used to retrieve optX
interfaces; this no longer applies.

Fix missed changes in 0e2bed2

The "level" is determined automatically by the function.

Fix missed changes in c618897

The function parameter was removed since it was not used.

Fix missed changes in 015a482

The IP Protocol is now determined automatically be the function.

Fix missed changes in 2aafa69

The direct value is now used instead of the constant variable.

Fix missed changes in the transition from ipfw to pf

Fix typos and copy/paste issues

Issues found by the PHP linter mostly include typos and usage of
unassigned variables. To address these, traverse the commit history
to determine the intent.

Fix PHP linter issues

Support adding to an array in array_set_path()

- Avoid infinite loop with empty paths.
- Support setting $value to the $arr root.
- If $path contains a trailing forward-slash '/', push $value to the
leaf node; replace the leaf node if it's a scalar.

With pkg switching to curl the format of the auth string has changed

Set correct value when toggling CARP maintenance

Add newlines to crontab proxy variables. Fixes #15502

Reapply "Add zsh to the list of packages to build"

This reverts commit 3d4cab4078a9276446d847612c97a52c328fd965.

The plist fix has landed and merged from upstream

Add a speedtest alternative written in go

Correct inconsistent CRL tab names. Fixes #15454

fix config.xml recovery

Use bsddialog because dialog no longer exists.

Add boot method to sysinfo widget. Implements #15422

Fix CA trust store custom entries. Fixes #15440

certctl rehash behavior changed, so we need to write the CA files out
differently now so it picks them up.

Fix usermgrpasswd check for non-privileged users. Fixes #15442

Fix resolv.conf logic for DNS Forwarder. Fixes #15434

Update comment

The updated comment matches the actual behavior. Albeit the
variable name is unintuitive, it follows the behavior before the
refactor.

Correct bitwise check when getting a list of gateways. Fix #15399

Fix syntax when moving IPsec P2. Fixes #15384

Use only local notifications when config file cannot be read. Fixes #15157

Set FW log widget min interval to 5. Fixes #12673

Fix syntax error (short open tag)

Fix log widget callback filename. Issue #12673

Improve the messaging used when the upgrade system is busy.

Replace the generic 'error' message by a correct and more clear message.

register_all_installed_packages: introduce option

Reflect config value of ddnsreverse for DHCPv6. Fixes #15118

Disallow hostnames in Kea NTP. Fixes #14991

• If they are in the config.xml data already, do not write them into
  the Kea configuration.
• Do not allow the user to enter them in the GUI

Fix order of Kea boot files. Fixes #15032

Fix variable typo. Fixes #14996

Fix an radvd service status edge case. Fixes #14936

Update the code for consistency.

No functional changes.

Run the pfSense-repoc with the new file names style.

Instrument the upgrade JSON data with more information about errors and failures.

Now, with the proper return code, instead of presenting no data to the user when
the pfSense-upgrade is busy (running in background), explain properly what is
happening.

Add the support to the new pfSense-repoc repository files style.

Keeps the support to the old style, so both versions of pfSense-repoc are supported.

Catch/handle some HTTP errors. Implements #15322

• Catch 50x errors, even from PHP FPM, so users don't end up with a
  blank white screen if an error happens too early in processing.
• Catch 404 errros.
• Handle both with static pages since PHP-FPM may have an issue of its...

Correct empty resolver alias handling. Fixes #14942

Adjust unbound host alias validation. Fixes #14942

pfSense-boot: now just a distribution package, eliminate post-install script

Add self-service user pw mgr to menu/tab. Issue #15266

No need to hide this since it's convenient and works well.

While here, make all tab arrays in the user manager consistent.

Fix FW log multiple instance bug. Fixes #15339

Move the mdiff function into pfsense-utils.inc and also rename it so its
purpose is more clear.

Add password check mode to usermgrpasswd. Issue #15266

Console password reset changes. Issue #15266

• Correct menu description as this is the admin user manager account and
  it is not specific to the GUI.
• Clean up code and fix various strings/formatting
• Use the password change script instead of setting a default value so...

More accurate priv check for warning. Issue #15266

Improve user password warning boxes. Issue #15266

- Show warnings for user accounts as well as admin
- Try to send the user to the self-service password
manager page if they have access
- Move the test/error generation to a function so it
is simple to reuse....

Use pw validation function in wizard. Issue #15266