OPNSense/core e64b71dsrc/opnsense/www/js opnsense.js

mvc: form handling, html decode <select> values, closes https://github.com/opnsense/core/issues/8735
DeltaFile
+4-2src/opnsense/www/js/opnsense.js
+4-21 files

OPNSense/core 2d2781c. plist, src/opnsense/mvc/app/models/OPNsense/Dnsmasq Dnsmasq.xml

dnsmasq: strict hostname and domain validation (#9232)

* Strict hostname validation in Hosts tab using legal_hostname() function of upstream source code as baseline.
* Use HostnameField for "host", "domain", "cnames" and "aliases" field, merge former AliasesField logic into HostnameField for LegacyXML configs
* Remove AliasesField
* Add php unit test for HostnameField
DeltaFile
+174-0src/opnsense/mvc/app/models/OPNsense/Dnsmasq/FieldTypes/HostnameField.php
+150-0src/opnsense/mvc/tests/app/models/OPNsense/Dnsmasq/FieldTypes/HostnameFieldTest.php
+0-64src/opnsense/mvc/app/models/OPNsense/Dnsmasq/FieldTypes/AliasesField.php
+9-13src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.xml
+2-1plist
+335-785 files

OPNSense/plugins 320de11net/shadowsocks pkg-descr Makefile

net/shadowsocks: bump plugin version to 1.3 (#4966)

* net/shadowsocks: Bump plugin version to 1.3

* Update changelog
DeltaFile
+4-0net/shadowsocks/pkg-descr
+1-2net/shadowsocks/Makefile
+5-22 files

OPNSense/plugins 59f3c77net/shadowsocks/src/opnsense/mvc/app/models/OPNsense/Shadowsocks General.xml Local.xml

net/shadowsocks: update web UI ciphers to match shadowsocks rust (#4958)

Updating cipher option set to match the one of the plugin, source:
https://github.com/shadowsocks/shadowsocks-rust?tab=readme-ov-file#supported-ciphers
Update to present options in optgroups
DeltaFile
+22-11net/shadowsocks/src/opnsense/mvc/app/models/OPNsense/Shadowsocks/General.xml
+22-11net/shadowsocks/src/opnsense/mvc/app/models/OPNsense/Shadowsocks/Local.xml
+44-222 files

OPNSense/core abb4b44src/opnsense/scripts/interfaces capture.py

diagnostics/packetcapture: Fix permission of capture zip file for wwwonly strict security mode (#9255)

* diagnostics/packetcapture: Fix permission of capture zip file when wwwonly strict security mode is enabled

* Unconditionally set wwwonly:wheel

* Also set permissions to 640
DeltaFile
+6-0src/opnsense/scripts/interfaces/capture.py
+6-01 files

OPNSense/core 75310e8src/opnsense/scripts/interfaces capture.py

Also set permissions to 640
DeltaFile
+1-0src/opnsense/scripts/interfaces/capture.py
+1-01 files

OPNSense/core 0d1d112src/opnsense/scripts/interfaces capture.py

Unconditionally set wwwonly:wheel
DeltaFile
+2-9src/opnsense/scripts/interfaces/capture.py
+2-91 files

OPNSense/core 9c5c48asrc/opnsense/scripts/interfaces capture.py

diagnostics/packetcapture: Fix permission of capture zip file when wwwonly strict security mode is enabled
DeltaFile
+12-0src/opnsense/scripts/interfaces/capture.py
+12-01 files

OPNSense/core 2998219src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms dialogEditWireguardServer.xml, src/opnsense/mvc/app/models/OPNsense/Wireguard Server.xml

vpn/wireguard: Add debug flag to instances, can be set without restarting service, send logs to wireguard log (#9236)

* vpn/wireguard: Add debug flag to instances, can be set without restarting service, send logs to wireguard log

* Add debug as comment into wireguard-server.conf, so the file hash changes and wg_start() is triggered

* Update src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/dialogEditWireguardServer.xml

Co-authored-by: Franco Fichtner <franco at opnsense.org>

---------

Co-authored-by: Franco Fichtner <franco at opnsense.org>
DeltaFile
+11-0src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/dialogEditWireguardServer.xml
+5-1src/opnsense/mvc/app/models/OPNsense/Wireguard/Server.xml
+2-0src/opnsense/scripts/wireguard/wg-service-control.php
+1-0src/opnsense/service/templates/OPNsense/Syslog/local/wireguard.conf
+1-0src/opnsense/service/templates/OPNsense/Wireguard/wireguard-server.conf
+20-15 files

OPNSense/core 9ec43d2src/opnsense/mvc/tests/app/models/OPNsense/Dnsmasq/FieldTypes LegalHostnameFieldTest.php

Since AsList is used add a test for it, also add one more value to the ValidLabels
DeltaFile
+17-1src/opnsense/mvc/tests/app/models/OPNsense/Dnsmasq/FieldTypes/LegalHostnameFieldTest.php
+17-11 files

OPNSense/core 51d52d4src/opnsense/mvc/app/models/OPNsense/Dnsmasq/FieldTypes LegalHostnameField.php

Fix one small issue the unit test found
DeltaFile
+3-1src/opnsense/mvc/app/models/OPNsense/Dnsmasq/FieldTypes/LegalHostnameField.php
+3-11 files

OPNSense/core 7b19fbe. plist, src/opnsense/mvc/tests/app/models/OPNsense/Dnsmasq/FieldTypes LegalHostnameFieldTest.php

Add php unit test for LegalHostnameField
DeltaFile
+134-0src/opnsense/mvc/tests/app/models/OPNsense/Dnsmasq/FieldTypes/LegalHostnameFieldTest.php
+1-0plist
+135-02 files

OPNSense/tools bdbdf6cconfig/25.7 ports.conf plugins.conf

enable some packages for aarch64
DeltaFile
+3-3config/25.7/ports.conf
+1-1config/25.7/plugins.conf
+4-42 files

OPNSense/core 55f4726src/etc/inc filter.inc system.inc, src/www system_advanced_firewall.php

firewall: adapt default table size for #9110

While here simplify the code and rename the functions.
DeltaFile
+27-18src/etc/inc/filter.inc
+0-15src/etc/inc/system.inc
+2-2src/www/system_advanced_firewall.php
+29-353 files

OPNSense/core f1e0bbc. plist, src/opnsense/mvc/app/models/OPNsense/Dnsmasq Dnsmasq.xml

Use LegalHostnameField for Cname and Aliases field, merge AliasesField logic into LegalHostnameField for LegacyXML configs
DeltaFile
+85-31src/opnsense/mvc/app/models/OPNsense/Dnsmasq/FieldTypes/LegalHostnameField.php
+0-64src/opnsense/mvc/app/models/OPNsense/Dnsmasq/FieldTypes/AliasesField.php
+8-7src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.xml
+0-1plist
+93-1034 files

OPNSense/core 9f29b3f. plist, src/opnsense/mvc/app/models/OPNsense/Dnsmasq Dnsmasq.xml

Change approach for validation, reduce code duplication
DeltaFile
+64-44src/opnsense/mvc/app/models/OPNsense/Dnsmasq/FieldTypes/LegalHostnameField.php
+0-106src/opnsense/mvc/app/models/OPNsense/Dnsmasq/FieldTypes/LegalDomainField.php
+3-1src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.xml
+0-1plist
+67-1524 files

OPNSense/core 604b9b1src/opnsense/scripts/wireguard wg-service-control.php

reduce diff
DeltaFile
+1-0src/opnsense/scripts/wireguard/wg-service-control.php
+1-01 files

OPNSense/core 06341cdsrc/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms dialogEditWireguardServer.xml

Update src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/dialogEditWireguardServer.xml

Co-authored-by: Franco Fichtner <franco at opnsense.org>
DeltaFile
+1-1src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/dialogEditWireguardServer.xml
+1-11 files

OPNSense/core 55ccb74src/opnsense/scripts/wireguard wg-service-control.php, src/opnsense/service/templates/OPNsense/Wireguard wireguard-server.conf

Add debug as comment into wireguard-server.conf, so the file hash changes and wg_start() is triggered
DeltaFile
+1-12src/opnsense/scripts/wireguard/wg-service-control.php
+1-0src/opnsense/service/templates/OPNsense/Wireguard/wireguard-server.conf
+2-122 files

OPNSense/core 2e06f24src/opnsense/service/modules processhandler.py, src/opnsense/service/modules/actions script_output.py base.py

configd: add ! operator to execute and flush cache when it exists, closes https://github.com/opnsense/core/issues/9170

Fix a small unnoticed bug in ActionHandler.find_action(), which flushed the action parameter after use.
Refactor HandlerClient so it extracts "preludes" like spaces, &, ! which it will then use to determine command operation mode.

Leading spaces are removed on purpose so we support actions like "&!cmd" "& ! cmd", since the first parameter is always a file on disk, leading spaces can't exist in current callers.

(cherry picked from commit 27bd8125c3868be56f11a7d91b00f6ec5b187abe)
DeltaFile
+17-6src/opnsense/service/modules/processhandler.py
+11-0src/opnsense/service/modules/actions/script_output.py
+3-0src/opnsense/service/modules/actions/base.py
+31-63 files

OPNSense/core dd32a27src/etc/inc auth.inc, src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api OverviewController.php

Merge remote-tracking branch 'origin/master' into firewall-automation-responsiveness
DeltaFile
+20-5src/opnsense/mvc/app/views/OPNsense/Core/hasync_status.volt
+2-2src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
+2-2src/etc/inc/auth.inc
+3-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/OverviewController.php
+27-94 files

OPNSense/core 165c945src/opnsense/mvc/app/models/OPNsense/Unbound Unbound.xml

unbound: minor change on record labels

(cherry picked from commit b033d87ce27afc965294ad84581a101d9da12588)
DeltaFile
+2-2src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
+2-21 files

OPNSense/core b033d87src/opnsense/mvc/app/models/OPNsense/Unbound Unbound.xml

unbound: minor change on record labels
DeltaFile
+2-2src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
+2-21 files

OPNSense/core ab3cf5asrc/opnsense/mvc/app/views/OPNsense/Core hasync_status.volt

core/hasync: Fix reconfigure control on small viewports (#9250)

(cherry picked from commit efed0ea116349f3f7b650175f69bd9918a3a3242)
DeltaFile
+20-5src/opnsense/mvc/app/views/OPNsense/Core/hasync_status.volt
+20-51 files

OPNSense/ports a189722security/vuxml/vuln 2025.xml 2021.xml

security/vuxml: sync with upstream

Taken from: FreeBSD
DeltaFile
+361-4security/vuxml/vuln/2025.xml
+4-4security/vuxml/vuln/2021.xml
+4-4security/vuxml/vuln/2023.xml
+3-3security/vuxml/vuln/2019.xml
+3-3security/vuxml/vuln/2022.xml
+2-2security/vuxml/vuln/2018.xml
+377-204 files not shown
+382-2510 files

OPNSense/ports 7ae14f6www/mod_security Makefile distinfo

www/mod_security: sync with upstream

Taken from: FreeBSD
DeltaFile
+4-2www/mod_security/Makefile
+3-3www/mod_security/distinfo
+7-52 files

OPNSense/ports d8fc911security/ca_root_nss Makefile

security/ca_root_nss: partially sync with upstream

Taken from: FreeBSD
DeltaFile
+2-1security/ca_root_nss/Makefile
+2-11 files

OPNSense/ports 05ac5b2net/kea Makefile, net/kea/files patch-meson.build patch-src_lib_asiodns_io__fetch.h

net/kea: sync with upstream

Taken from: FreeBSD
DeltaFile
+11-2net/kea/files/patch-meson.build
+10-0net/kea/files/patch-src_lib_asiodns_io__fetch.h
+10-0net/kea/files/patch-src_lib_asiolink_interval__timer.h
+2-1net/kea/Makefile
+33-34 files

OPNSense/ports 5587232lang/php83 distinfo Makefile

lang/php83: sync with upstream

Taken from: FreeBSD
DeltaFile
+3-3lang/php83/distinfo
+1-1lang/php83/Makefile
+4-42 files

OPNSense/ports f91d386dns/unbound Makefile distinfo

dns/unbound: sync with upstream

Taken from: FreeBSD
DeltaFile
+3-5dns/unbound/Makefile
+3-3dns/unbound/distinfo
+1-1dns/unbound/pkg-plist
+7-93 files