OPNSense - FreshBSD

OPNSense/core 28229ed — src/www interfaces.php

2026-06-16 15:47:34 UTC by Ad Schellevis on ⎇

master

Interfaces/DHCP - Further tighten security for https://github.com/opnsense/core/security/advisories/GHSA-5rx3-w735-74wm

As advanced fields should always require high level access, we should prevent accidental mistakes from administrators allowing non-admins from changing these items.
In the long run, we likely want to drop these options, but that requires at least bringing back some common options which we are able to validate properly.

Delta		File
+7	-1	src/www/interfaces.php
+7	-1	1 files

OPNSense/core 8ec23b3 — src/opnsense/service/templates/OPNsense/WebGui php.ini

2026-06-16 15:25:36 UTC by Franco Fichtner on ⎇

master

system: webgui templating more pretty

Delta		File
+1	-2	src/opnsense/service/templates/OPNsense/WebGui/php.ini
+1	-2	1 files

OPNSense/core c00711e — contrib/IXR IXR_Library.php, src/opnsense/scripts/interfaces traffic_stats.php

2026-06-16 15:11:56 UTC by Franco Fichtner on ⎇

master

src: non-canonical cast (double) is deprecated

Delta		File
+2	-2	contrib/IXR/IXR_Library.php
+1	-1	src/opnsense/scripts/interfaces/traffic_stats.php
+3	-3	2 files

OPNSense/core 50e99c6 — src/etc/inc util.inc

2026-06-16 15:07:44 UTC by Franco Fichtner on ⎇

master

system: non-canonical cast (binary) is deprecated

May need to revisit this again, but for now PHP suggests that
(string) is equivalent to (binary) although the code reads
strange.

Delta		File
+2	-2	src/etc/inc/util.inc
+2	-2	1 files

OPNSense/core 1af182a — src/opnsense/mvc/app/library/OPNsense/Firewall Rule.php FilterRule.php

2026-06-16 15:03:35 UTC by Franco Fichtner on ⎇

master

firewall: using null as an array offset is deprecated

Delta		File
+10	-7	src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
+1	-1	src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
+11	-8	2 files

OPNSense/core 041ab30 — contrib/parallel-lint/src Manager.php

2026-06-16 15:02:33 UTC by Franco Fichtner on ⎇

master

contrib: another implicit null

Delta		File
+1	-1	contrib/parallel-lint/src/Manager.php
+1	-1	1 files

OPNSense/core 8441b9e — src/opnsense/mvc/app/library/OPNsense/Core File.php FileObject.php

2026-06-16 14:47:03 UTC by Franco Fichtner on ⎇

master

src: implicitly marking parameter $chown as nullable is deprecated

Delta		File
+2	-2	src/opnsense/mvc/app/library/OPNsense/Core/File.php
+1	-1	src/opnsense/mvc/app/library/OPNsense/Core/FileObject.php
+3	-3	2 files

OPNSense/tools a32628c — config/26.7 base.obsolete.amd64

2026-06-16 14:02:53 UTC by Franco Fichtner on ⎇

master

config: rebase 26.7 while dropping obsolete files no longer present

This requires the following sequence:

1. Use the previous' major plist file and remove obsolete.
2. make base
3. make rebase

It would be nice to have this as an optional scripted target,
but documenting the procedure is good enough for now.

This was important because:

a) there is a lot of cruft in obsolete
b) ipfw15/dnctl15 were issued in 26.1.10 but not obsoleted with 26.7

Delta		File
+3	-2,794	config/26.7/base.obsolete.amd64
+3	-2,794	1 files

OPNSense/tools ae859ef — build plugins.sh

2026-06-16 08:38:14 UTC by Franco Fichtner on ⎇

master

build/plugins: handle vendor plugins due to PLUGIN_ABI ambiguity

They use the ABI in the package repository configuration and thus
they need to be rebuilt for business versions.

Delta		File
+12	-2	build/plugins.sh
+12	-2	1 files

OPNSense/core b4fa4cd — src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api AliasController.php

2026-06-15 19:51:49 UTC by haxorton via GitHub on ⎇

master

Firewall: fix 500 (TypeError) on alias getItem with unknown UUID (#10417)

Delta		File
+1	-1	src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php
+1	-1	1 files

OPNSense/plugins d82e74c — net/frr Makefile, net/frr/src/opnsense/service/templates/OPNsense/Quagga bgpd.conf

2026-06-15 14:35:15 UTC by Franco Fichtner on ⎇

stable/26.1

net/frr: sync with master

Delta		File
+1	-1	net/frr/src/opnsense/service/templates/OPNsense/Quagga/bgpd.conf
+1	-0	net/frr/Makefile
+2	-1	2 files

OPNSense/plugins e43f979 — net/frr Makefile

2026-06-15 14:35:00 UTC by Franco Fichtner on ⎇

master

net/frr: bump for hotfix

Delta		File
+1	-0	net/frr/Makefile
+1	-0	1 files

OPNSense/plugins 2eb45b4 — net/frr/src/opnsense/service/templates/OPNsense/Quagga bgpd.conf

2026-06-15 14:02:46 UTC by Monviech on ⎇

master

net/frr: Fix jinja whitespace control for bfd strict mode

Delta		File
+1	-1	net/frr/src/opnsense/service/templates/OPNsense/Quagga/bgpd.conf
+1	-1	1 files

OPNSense/plugins 23ecd4f — dns/rfc2136 pkg-descr Makefile, dns/rfc2136/src/etc/inc/plugins.inc.d rfc2136.inc

2026-06-15 09:18:21 UTC by Franco Fichtner on ⎇

stable/26.1

dns/rfc2136: sync with master

Delta		File
+10	-0	dns/rfc2136/pkg-descr
+7	-3	dns/rfc2136/src/www/services_rfc2136_edit.php
+4	-1	dns/rfc2136/src/etc/inc/plugins.inc.d/rfc2136.inc
+1	-2	dns/rfc2136/Makefile
+22	-6	4 files

OPNSense/plugins 3ab2cd1 — security/stunnel Makefile, security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel ServicesController.php

2026-06-15 09:17:38 UTC by Franco Fichtner on ⎇

stable/26.1

security/stunnel: sync with master

Delta		File
+20	-20	security/stunnel/src/opnsense/scripts/stunnel/generate_certs.php
+5	-12	security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml
+1	-1	security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/ServicesController.php
+1	-1	security/stunnel/Makefile
+27	-34	4 files

OPNSense/plugins 73ff960 — www/cache Makefile

2026-06-15 09:15:08 UTC by Franco Fichtner on ⎇

master

www/cache: chicken and egg dependency test

Delta		File
+1	-3	www/cache/Makefile
+1	-3	1 files

OPNSense/plugins def849a — www/cache Makefile

2026-06-15 09:00:36 UTC by Franco Fichtner on ⎇

master

www/cache: fix this

Delta		File
+1	-1	www/cache/Makefile
+1	-1	1 files

OPNSense/plugins 1286db0 — security/netbird Makefile pkg-descr, security/netbird/src/opnsense/mvc/app/views/OPNsense/Netbird status.volt

2026-06-15 08:59:34 UTC by Franco Fichtner on ⎇

stable/26.1

security/netbird: sync with master

Delta		File
+5	-10	security/netbird/src/opnsense/mvc/app/views/OPNsense/Netbird/status.volt
+1	-1	security/netbird/Makefile
+1	-1	security/netbird/pkg-descr
+7	-12	3 files

OPNSense/plugins e75db60 — security/netbird pkg-descr

2026-06-15 08:59:11 UTC by Franco Fichtner on ⎇

master

security/netbird: changelog

Delta		File
+1	-1	security/netbird/pkg-descr
+1	-1	1 files

OPNSense/core 569b3a6 — src/etc/inc/plugins.inc.d ipsec.inc

2026-06-15 08:33:33 UTC by Franco Fichtner on ⎇

stable/26.1

ipsec: validate the use of refid in CA certificates

PR: GHSA-33q4-wcv7-r8fr
(cherry picked from commit 6bc0a1df6550c419f2a44461f6595cacf2080bfa)

Delta		File
+6	-5	src/etc/inc/plugins.inc.d/ipsec.inc
+6	-5	1 files

OPNSense/core fb4ee60 — src/www firewall_rules_edit.php

2026-06-15 08:33:33 UTC by lujiefsi via Franco Fichtner on ⎇

stable/26.1

firewall: escape shaper targets in rule edit

PR: GHSA-m4m3-v627-wgc2
(cherry picked from commit 3de53a25fdd9b605acc82e4071e9920fa1c9b418)

Delta		File
+1	-0	src/www/firewall_rules_edit.php
+1	-0	1 files

OPNSense/core e2cd067 — src/opnsense/mvc/app/models/OPNsense/Trust Cert.xml Ca.xml, src/opnsense/mvc/app/models/OPNsense/Trust/FieldTypes CertificatesField.php CAsField.php

2026-06-15 08:33:33 UTC by evan via Franco Fichtner on ⎇

stable/26.1

mvc: strict alphanumeric-only regex for certificate refid

CVE: CVE-2026-53582
PR: GHSA-xww7-76m6-mh2r
(cherry picked from commit fc2f0d745c17855d2027b192fd4e3fa913e26859)

Delta		File
+14	-11	src/opnsense/mvc/app/models/OPNsense/Trust/FieldTypes/CertificatesField.php
+6	-1	src/opnsense/mvc/app/models/OPNsense/Trust/FieldTypes/CAsField.php
+4	-1	src/opnsense/mvc/app/models/OPNsense/Trust/Cert.xml
+4	-1	src/opnsense/mvc/app/models/OPNsense/Trust/Ca.xml
+28	-14	4 files

OPNSense/core f390601 — . plist, src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes TextField.php StrictTextField.php

2026-06-15 08:31:51 UTC by Monviech via Franco Fichtner on ⎇

stable/26.1

mvc: add new validators to TextField: AllowSpaces, AllowNewlines, AllowSpecial and introduce new StrictTextField (#10398)

(cherry picked from commit c34b7786516afb6dff7a43af92c4328225b81e69)
(cherry picked from commit 9d0e4bf2bb4fdd20f872ff612c5135a7f9115101)

Delta		File
+127	-0	src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/StrictTextFieldTest.php
+81	-0	src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/TextFieldTest.php
+61	-2	src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/TextField.php
+51	-0	src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/StrictTextField.php
+2	-0	plist
+322	-2	5 files

OPNSense/core 94acb26 — src/opnsense/www/js/widgets/Metadata Core.xml

2026-06-15 08:30:24 UTC by Monviech via Franco Fichtner on ⎇

stable/26.1

dnsmasq: change widget link from settings to leases page (#10420)

(cherry picked from commit 5e8f226d49196c55cd61ba1ee8e69fbbc194a835)

Delta		File
+1	-1	src/opnsense/www/js/widgets/Metadata/Core.xml
+1	-1	1 files

OPNSense/core 1ae1f62 — src/opnsense/mvc/app/models/OPNsense/TrafficShaper TrafficShaper.php

2026-06-15 08:30:20 UTC by Franco Fichtner on ⎇

stable/26.1

firewall: fix typo that prevented queues to be selectable in pf-based traffic shaping

(cherry picked from commit 558809488e9014f3452aa7cbcf1c5555a8697846)

Delta		File
+10	-3	src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.php
+10	-3	1 files

OPNSense/core aa27c06 — src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogNptRule.xml, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.php

2026-06-15 08:27:51 UTC by Franco Fichtner on ⎇

master

firewall: allow WAN as "associated interface" for NPTv6 #10413

Delta		File
+13	-5	src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
+1	-1	src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogNptRule.xml
+14	-6	2 files

OPNSense/core 3de53a2 — src/www firewall_rules_edit.php

2026-06-15 08:21:26 UTC by lujiefsi via Franco Fichtner on ⎇

master

firewall: escape shaper targets in rule edit

PR: GHSA-m4m3-v627-wgc2

Delta		File
+1	-0	src/www/firewall_rules_edit.php
+1	-0	1 files

OPNSense/core 5588094 — src/opnsense/mvc/app/models/OPNsense/TrafficShaper TrafficShaper.php

2026-06-15 08:21:24 UTC by Franco Fichtner on ⎇

master

firewall: fix typo that prevented queues to be selectable in pf-based traffic shaping

Delta		File
+10	-3	src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.php
+10	-3	1 files

OPNSense/core 6bc0a1d — src/etc/inc/plugins.inc.d ipsec.inc

2026-06-15 08:00:56 UTC by Franco Fichtner on ⎇

master

ipsec: validate the use of refid in CA certificates

PR: GHSA-33q4-wcv7-r8fr

Delta		File
+6	-5	src/etc/inc/plugins.inc.d/ipsec.inc
+6	-5	1 files

OPNSense/core fc2f0d7 — src/opnsense/mvc/app/models/OPNsense/Trust Ca.xml Cert.xml, src/opnsense/mvc/app/models/OPNsense/Trust/FieldTypes CertificatesField.php CAsField.php

2026-06-15 07:31:36 UTC by evan via Franco Fichtner on ⎇

master

mvc: strict alphanumeric-only regex for certificate refid

CVE: CVE-2026-53582
PR: GHSA-xww7-76m6-mh2r

Delta		File
+14	-11	src/opnsense/mvc/app/models/OPNsense/Trust/FieldTypes/CertificatesField.php
+6	-1	src/opnsense/mvc/app/models/OPNsense/Trust/FieldTypes/CAsField.php
+4	-1	src/opnsense/mvc/app/models/OPNsense/Trust/Ca.xml
+4	-1	src/opnsense/mvc/app/models/OPNsense/Trust/Cert.xml
+28	-14	4 files