OPNSense/core 2769ae5src/opnsense/mvc/app/views/OPNsense/Diagnostics netflow.volt

trim this as well
DeltaFile
+1-1src/opnsense/mvc/app/views/OPNsense/Diagnostics/netflow.volt
+1-11 files

OPNSense/core e05881csrc/opnsense/mvc/app/controllers/OPNsense/Unbound/forms dnsreporting.xml

trim this
DeltaFile
+1-3src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/dnsreporting.xml
+1-31 files

OPNSense/core 87784f0src/opnsense/mvc/app/views/OPNsense/Unbound overview.volt

leftover here
DeltaFile
+0-1src/opnsense/mvc/app/views/OPNsense/Unbound/overview.volt
+0-11 files

OPNSense/core 37ff114src/opnsense/mvc/app/models/OPNsense/Diagnostics/Migrations M1_0_0.php

safeguard post as well
DeltaFile
+4-0src/opnsense/mvc/app/models/OPNsense/Diagnostics/Migrations/M1_0_0.php
+4-01 files

OPNSense/core 73df876src/opnsense/mvc/app/controllers/OPNsense/Kea/forms generalSettings4.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml KeaDhcpv4.php

Services: Kea DHCPv4: Add DHCP4 compatibility options (#10336)

Refs: https://kea.readthedocs.io/en/stable/arm/dhcp4-srv.html#dhcp4-compatibility"

Co-authored-by: Franco Fichtner <franco at lastsummer.de>
Co-authored-by: Monviech <79600909+Monviech at users.noreply.github.com>
DeltaFile
+10-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/generalSettings4.xml
+9-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+4-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+23-03 files

OPNSense/core d7f455bsrc/opnsense/mvc/app/controllers/OPNsense/Unbound/Api DiagnosticsController.php OverviewController.php, src/opnsense/mvc/app/models/OPNsense/Unbound Unbound.xml

unbound: blocklist improvements (#10149)

* Organizes DNSBLs by provider/category.
* Adds the Social Network blocklist by hegizi.
* The tester now gives you the DNSBL name and category instead of its shortcode.
DeltaFile
+41-30src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
+17-4src/opnsense/mvc/app/views/OPNsense/Unbound/overview.volt
+14-0src/opnsense/mvc/app/controllers/OPNsense/Unbound/Api/DiagnosticsController.php
+8-1src/opnsense/mvc/app/controllers/OPNsense/Unbound/Api/OverviewController.php
+1-0src/opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf
+81-355 files

OPNSense/core 2254237src/opnsense/mvc/app/models/OPNsense/Core/Menu Menu.xml, src/opnsense/mvc/app/models/OPNsense/Diagnostics/ACL ACL.xml

fix ACL and menu
DeltaFile
+0-1src/opnsense/mvc/app/models/OPNsense/Core/Menu/Menu.xml
+0-1src/opnsense/mvc/app/models/OPNsense/Diagnostics/ACL/ACL.xml
+0-22 files

OPNSense/core 8bf0da9. plist

update plist
DeltaFile
+1-2plist
+1-21 files

OPNSense/core 0d14c48src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api SystemhealthController.php, src/opnsense/mvc/app/models/OPNsense/Diagnostics SystemHealth.php

Reporting: Settings: convert to MVC
DeltaFile
+0-311src/www/reporting_settings.php
+192-68src/opnsense/mvc/app/views/OPNsense/Diagnostics/health.volt
+59-11src/opnsense/mvc/app/views/OPNsense/Unbound/overview.volt
+53-3src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/SystemhealthController.php
+27-10src/opnsense/mvc/app/views/OPNsense/Diagnostics/netflow.volt
+35-0src/opnsense/mvc/app/models/OPNsense/Diagnostics/SystemHealth.php
+366-40314 files not shown
+473-40920 files

OPNSense/core 8ae0a6cMk lint.mk

make: add linter pass for the situation b187227683d addresses
DeltaFile
+3-0Mk/lint.mk
+3-01 files

OPNSense/core b187227src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes OptionField.php, src/opnsense/mvc/app/models/OPNsense/Firewall Alias.xml

mvc: OptionField: allow empty values in options

This falls back to the key which isn't going to be translated
since it's likely a technical term or keyword.

Also translate the $subvalue which appears to have been missed
before.
DeltaFile
+5-5src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.xml
+3-3src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/OptionField.php
+8-82 files

OPNSense/plugins b495e6b. README.md, net/ndproxy Makefile

net/ndproxy: set EoL
DeltaFile
+2-1net/ndproxy/Makefile
+1-1README.md
+3-22 files

OPNSense/src b3f06c1. UPDATING, sys/conf newvers.sh

Add UPDATING entries and bump version

Approved by:    so
DeltaFile
+26-0UPDATING
+1-1sys/conf/newvers.sh
+27-12 files

OPNSense/src 60f8236lib/libcasper/services/cap_net cap_net.c

cap_net: do not allow new limits to drop keys from the old ones

If the old limit had family/hosts/sockaddr set, the new limit must
have them too. Before, a missing key in the new limit was treated as
"allow any", which let a caller silently extend their limits.

Approved by:    so
Security:       FreeBSD-SA-26:24.cap_net
Security:       CVE-2026-45254
Reported by:    Joshua Rogers of AISLE Research Team
Reviewed by:    markj
MFC after:      1 day
Differential Revision:  https://reviews.freebsd.org/D56991

(cherry picked from commit d705a519525f2acae3c1efba11436ec6ee8aea0a)
(cherry picked from commit b79faca1c5964d89c125d02de35928b733041f3f)
DeltaFile
+31-0lib/libcasper/services/cap_net/cap_net.c
+31-01 files

OPNSense/src 7efe373usr.sbin/bsdconfig/share/media wlan.subr

bsdconfig: Make sure that SSID names are properly escaped

The f_menu_wpa_scan_results() function returns a list of networks
discovered by a scan.  The untrusted network names are evaluated in
f_dialog_menu_wireless_edit.  The quoting applied in
f_menu_wpa_scan_results() protects against evaluation of something like
"$(whoami)" but one can add single quotes to defeat that.

Pass the SSID names through f_shell_escape to work around this.  Escape
single quotes in f_dialog_wireless_edit() and f_menu_wireless_configs()
too for consistency.

I note that this module doesn't seem to actually work, see e.g.,
bugzilla PR 229883.

Approved by:    so
Security:       FreeBSD-SA-26:23.bsdinstall
Security:       CVE-2026-45255
Reported by:    Austin Ralls

    [2 lines not shown]
DeltaFile
+3-0usr.sbin/bsdconfig/share/media/wlan.subr
+3-01 files

OPNSense/src e13b397usr.sbin/bsdinstall/scripts wlanconfig

bsdinstall: Avoid invoking eval on the wlan SSID list

The wlanconfig utility is not careful about handling untrusted network
names, which can contain shell metacharacters.  Factor network selection
into a subroutine and use the `set -- "$@"` trick to build up a list of
positional parameters for bsddialog without evaluating them.

Approved by:    so
Security:       FreeBSD-SA-26:23.bsdinstall
Security:       CVE-2026-45255
Reported by:    Austin Ralls
Reviewed by:    dteske, des, asiciliano
Differential Revision:  https://reviews.freebsd.org/D56973
DeltaFile
+31-16usr.sbin/bsdinstall/scripts/wlanconfig
+31-161 files

OPNSense/src 9bb455flib/libcasper/libcasper service.c libcasper_service.c, lib/libcasper/tests cap_main_test.c Makefile

libcasper: switch from select(2) to poll(2)

The previous implementation used FD_SET() on a stack-allocated fd_set,
which is an out-of-bounds write whenever the socket fd is >= FD_SETSIZE
(1024).

poll(2) takes an array indexed by slot rather than by fd value, so it
has no FD_SETSIZE limit.

Approved by:    so
Security:       FreeBSD-SA-26:22.libcasper
Security:       CVE-2026-39461
Reported by:    Joshua Rogers
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D56695
DeltaFile
+105-83lib/libcasper/libcasper/service.c
+142-0lib/libcasper/tests/cap_main_test.c
+4-53lib/libcasper/libcasper/libcasper_service.c
+10-2lib/libcasper/tests/Makefile
+2-4lib/libcasper/libcasper/libcasper_impl.h
+263-1425 files

OPNSense/src ed2557csys/kern kern_sig.c, tests/sys/kern ptrace_test.c

ptrace: Fix validation of PT_SC_REMOTE arguments

- Fix an off-by-one in the system call number check.  A value of
  SYS_MAXSYSCALL was permitted.
- Validate the system call number after we've dealt with
  syscall(2)/__syscall(2), since they pass the syscall number as an
  argument.
- When the syscall number is for syscall(2) or __syscall(2), we must
  make sure that nargs > 0 to avoid an underflow when shifting arguments
  down.

Add regression tests.

Approved by:    so
Security:       FreeBSD-SA-26:21.ptrace
Security:       CVE-2026-45253
Fixes:          140ceb5d956b ("ptrace(2): add PT_SC_REMOTE remote syscall request")
Reported by:    Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed by:    kib, emaste
Differential Revision:  https://reviews.freebsd.org/D56978
DeltaFile
+67-21tests/sys/kern/ptrace_test.c
+10-7sys/kern/kern_sig.c
+77-282 files

OPNSense/src 77b65f9sys/fs/fuse fuse_vnops.c fuse_ipc.h, tests/sys/fs/fusefs xattr.cc

fusefs: Handle buggy servers' LISTXATTR response

The fuse protocol requires server to respond to LISTXATTR with a
NUL-terminated string.  If they don't, report an error rather than
attempt to scan through uninitialized memory for a NUL.

Approved by:    so
Security:       FreeBSD-SA-26:20.fusefs
Security:       CVE-2026-45252
admbugs:        1039
Reported by:    Joshua Rogers
Sponsored by:   ConnectWise
DeltaFile
+73-0tests/sys/fs/fusefs/xattr.cc
+11-6sys/fs/fuse/fuse_vnops.c
+1-0sys/fs/fuse/fuse_ipc.h
+85-63 files

OPNSense/src 06e5f25sys/dev/netmap netmap_freebsd.c

netmap: Drain selinfo sleepers in nm_os_selinfo_uninit()

Approved by:    so
Security:       FreeBSD-SA-26:19.file
Security:       CVE-2026-45251
DeltaFile
+1-0sys/dev/netmap/netmap_freebsd.c
+1-01 files

OPNSense/src c121cc6sys/kern sys_procdesc.c, sys/sys procdesc.h

procdesc: Make sure to drain selinfo sleepers in procdesc_free()

Otherwise they are left on a freed list after procdesc_free() is called.
This can be exploited to elevate privileges.

Remove the PDF_SELECTED micro-optimization.  doselwakeup() is a no-op if
no one ever called selrecord() on the file description, so I see no
reason to complicate the code to avoid the call.

Add some regression tests.

Approved by:    so
Security:       FreeBSD-SA-26:19.file
Security:       CVE-2026-45251
Reported by:    75Acol, Lexpl0it, fcgboy, and robinzeng2015
Reviewed by:    kib, oshogbo
Fixes:          cfb5f7686588 ("Add experimental support for process descriptors")
Differential Revision:  https://reviews.freebsd.org/D56887
DeltaFile
+128-0tests/sys/kern/procdesc.c
+3-7sys/kern/sys_procdesc.c
+2-0tests/sys/kern/Makefile
+0-1sys/sys/procdesc.h
+133-84 files

OPNSense/src dbcb565sys/kern kern_prot.c

setcred: Fix buffer overflow

Since groups is a pointer to a pointer to an array of gid_t, we should
use sizeof(**groups) or sizeof(gid_t) when calculating how much to
allocate and copy in.  We were using sizeof(*groups) instead, which
meant that on 64-bit platforms, we would allocate and copy in twice as
much as we should.  Unfortunately, in the smallgroups case, we copy
into a preallocated buffer which has the correct size, which means that
if sc_supp_groups_nb >= CRED_SMALLGROUPS_NB / 2, we overflow smallgroups.

This is a direct commit to stable/14.

Approved by:    so
Security:       FreeBSD-SA-26:18.setcred
Reported by:    Ryan of Calif.io
Fixes:          ddb3eb4efe55 ("New setcred() system call and associated MAC hooks")
DeltaFile
+2-2sys/kern/kern_prot.c
+2-21 files

OPNSense/src 19387ebusr.sbin/freebsd-update freebsd-update.sh

freebsd-update: Skip /etc/ssl/cert.pem

We already run `certctl rehash` at the end, there is no point in asking
users upgrading from 15.0 to 15.1 to manually merge the trust store.

Approved by:    so
Security:       FreeBSD-EN-26:13.freebsd-update
MFC after:      3 days
Reviewed by:    cperciva
Differential Revision:  https://reviews.freebsd.org/D57028

(cherry picked from commit 2509ddee9bdb2240ba2f622e3a55a98ebc2aa4ae)
(cherry picked from commit 7d9c1d3895b307085131f922d7e46a4812f04675)
DeltaFile
+1-1usr.sbin/freebsd-update/freebsd-update.sh
+1-11 files

OPNSense/src c15566c. UPDATING, sys/conf newvers.sh

Add UPDATING entries and bump version

Approved by:    so
DeltaFile
+5-0UPDATING
+1-1sys/conf/newvers.sh
+6-12 files

OPNSense/src 1ca7f34sbin/dhclient dhclient.c

dhclient: Improve server and filename validation

* Don't iterate over each string three times; once is enough.

* Reject control characters (anything below space) in addition to the
  double quote and backslash.

* If an unsafe character is encountered, discard the string instead of
  rejecting the entire lease.

* If backslashes are encountered in the file name option, convert them
  to forward slashes instead of rejecting the option.

* Tweak the warning messages a bit.  Looking through the rest of the
  code, it seems to me that notes generally end with a period while
  warnings generally don't.

Approved by:    so
Security:       FreeBSD-EN-26:11.dhclient

    [8 lines not shown]
DeltaFile
+54-21sbin/dhclient/dhclient.c
+54-211 files

OPNSense/ports b936e3fdns/unbound distinfo Makefile

dns/unbound: sync with upstream

Taken from: FreeBSD
DeltaFile
+3-3dns/unbound/distinfo
+1-1dns/unbound/Makefile
+1-1dns/unbound/pkg-plist
+5-53 files

OPNSense/core 546de35src/opnsense/www/js opnsense.js

ui: improve form validation error append (#10333)

Since this iterates over a lot of irrelevant IDs and then mismatches
with the target change this by safeguarding against fields that are
likely not going to work without help_block_<id> and switch target
to a suffix match.

One spot where this matters: under kea v6 subnet add "DNS servers"
entry e.g. "::", click auto collect for check mark, click save. Interface
and subnet validation is red, the DNS server one shown is not.
DeltaFile
+10-5src/opnsense/www/js/opnsense.js
+10-51 files

OPNSense/ports 4f03535dns/ddclient distinfo

dns/ddclient: yeah, sure GitHub...
DeltaFile
+3-3dns/ddclient/distinfo
+3-31 files

OPNSense/core 5c51ecdsrc/etc/inc/plugins.inc.d kea.inc

kea: align newwanip hook with reality
DeltaFile
+2-2src/etc/inc/plugins.inc.d/kea.inc
+2-21 files

OPNSense/core fbba9a9src/opnsense/www/js opnsense.js

ui: improve form validation error append

Since this iterates over a lot of irrelevant IDs and then mismatches
with the target change this by safeguarding against fields that are
likely not going to work without help_block_<id> and switch target
to a suffix match.
DeltaFile
+10-5src/opnsense/www/js/opnsense.js
+10-51 files