OPNSense/core bbc703csrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api SourceNatController.php

Also add this to snatrules
DeltaFile
+4-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/SourceNatController.php
+4-11 files

OPNSense/core afd997bsrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterBaseController.php

Add missing param to description
DeltaFile
+1-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php
+1-01 files

OPNSense/core 03aa222src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterBaseController.php FilterController.php

Firewall: NAT: When cloning a rule, always set a sequence at the end of the ruleset
DeltaFile
+21-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php
+4-12src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php
+4-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/OneToOneController.php
+4-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/NptController.php
+4-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/DNatController.php
+37-155 files

OPNSense/core 7a9bc3asrc/etc/inc filter.inc

firewall: minor cleanup pass over old outbound registration code et al
DeltaFile
+24-21src/etc/inc/filter.inc
+24-211 files

OPNSense/core 952d545src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterBaseController.php FilterController.php

Firewall: NAT: When cloning a rule, always set a sequence at the end of the ruleset
DeltaFile
+21-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php
+4-12src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php
+4-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/DNatController.php
+4-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/NptController.php
+4-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/OneToOneController.php
+37-155 files

OPNSense/core 9f94524src/opnsense/scripts/syslog log_archive

logging: archive and rotate. fix two issues, $link being defined after use and $log_subject not taking subfolders into account (leading to overlaps and likely faulty cleanups)
DeltaFile
+8-6src/opnsense/scripts/syslog/log_archive
+8-61 files

OPNSense/core a20daddsrc/opnsense/scripts/dnsmasq dnsmasq_watcher.py

dnsmasq: simplify previous

Just checking that Unbound watcher doesn't have the same defect;
unify the behaviour by resetting at the beginning of the loop
instead of at the end.
DeltaFile
+2-3src/opnsense/scripts/dnsmasq/dnsmasq_watcher.py
+2-31 files

OPNSense/core cabdc42src/opnsense/scripts/dnsmasq dnsmasq_watcher.py

dnsmasq: possible use before define in dnsmasq_watcher.py

noticed in https://github.com/opnsense/core/issues/10492
DeltaFile
+1-0src/opnsense/scripts/dnsmasq/dnsmasq_watcher.py
+1-01 files

OPNSense/core 480f191src/opnsense/mvc/app/models/OPNsense/OpenVPN OpenVPN.xml

openvpn: further fix validation for auth token secret and static key

PR: https://forum.opnsense.org/index.php?topic=52272.0

(cherry picked from commit 3796738ab929b6707c193d4324802cb2fe07c155)
(cherry picked from commit a6302140a97c5c811316494e0438b944d609ceda)
DeltaFile
+4-2src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+4-21 files

OPNSense/core 20070desrc/opnsense/mvc/app/library/OPNsense/Firewall FilterRule.php

fbsd 15.1 regression - fix stricter validation in pf leading to "route-to, reply-to and dup-to are not supported on block rules..."
DeltaFile
+4-0src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
+4-01 files

OPNSense/core 3796738src/opnsense/mvc/app/models/OPNsense/OpenVPN OpenVPN.xml

openvpn: same for auth token secret

PR: https://forum.opnsense.org/index.php?topic=52272.0
DeltaFile
+3-1src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+3-11 files

OPNSense/core a630214src/opnsense/mvc/app/models/OPNsense/OpenVPN OpenVPN.xml

VPN: OpenVPN: Instances -  forgot a spot in 803b2fa6855a8ef1431209edc7e257e7a7681d4e m cryptv2 uses base64
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+1-11 files

OPNSense/core 3b99734src/opnsense/service/modules template.py

configd/templates - allow "strict" mode +TARGETS using the ! keyword.

Example line:
!at.cron:/etc/cron.d/at

In which case the target won't be generated when multiple modules are being flushed out (such as template_ctl.py \* being used on boot)

While here, also deprecate codecs (python warning)

for https://github.com/opnsense/plugins/pull/5521
DeltaFile
+10-7src/opnsense/service/modules/template.py
+10-71 files

OPNSense/core 51cfab9src/opnsense/mvc/app/views/OPNsense/Core firmware.volt, src/opnsense/scripts/firmware latest.php

firmware: support for patch release matching

(cherry picked from commit c997621e316ebe9936b99ca3d0c15cbc62cc2b16)
DeltaFile
+2-2src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt
+1-1src/opnsense/scripts/firmware/latest.php
+3-32 files

OPNSense/core 2e20c13src/opnsense/mvc/app/models/OPNsense/OpenVPN OpenVPN.xml

VPN: OpenVPN: Instances - partially revert https://github.com/opnsense/core/commit/6c3be9a11699879fe50aea1c30e50de5864601d7 and add a specific regex constraint for static keys (alphanum, line endings, minus signs and hashes)

closes https://github.com/opnsense/core/issues/10483

(cherry picked from commit 803b2fa6855a8ef1431209edc7e257e7a7681d4e)
DeltaFile
+3-2src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+3-21 files

OPNSense/core bec4749src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api ExportController.php

VPN: OpenVPN: Client Export - php85 issue "Using null as an array offset is deprecated"
DeltaFile
+1-1src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php
+1-11 files

OPNSense/core 803b2fasrc/opnsense/mvc/app/models/OPNsense/OpenVPN OpenVPN.xml

VPN: OpenVPN: Instances - partially revert https://github.com/opnsense/core/commit/6c3be9a11699879fe50aea1c30e50de5864601d7 and add a specific regex constraint for static keys (alphanum, line endings, minus signs and hashes)

closes https://github.com/opnsense/core/issues/10483
DeltaFile
+3-2src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+3-21 files

OPNSense/core d9ac167src/etc config.xml.sample

config.xml.sample - fix default to use mvc firewall rules.

uuid's are omitted intentionally as the initial migration will generate a unique one automatically.
DeltaFile
+61-24src/etc/config.xml.sample
+61-241 files

OPNSense/core c997621src/opnsense/mvc/app/views/OPNsense/Core firmware.volt, src/opnsense/scripts/firmware latest.php

firmware: support for patch release matching
DeltaFile
+2-2src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt
+1-1src/opnsense/scripts/firmware/latest.php
+3-32 files

OPNSense/core 527412c. plist

pkg: fix plist
DeltaFile
+1-1plist
+1-11 files

OPNSense/core a730be4src/opnsense/mvc/app/controllers/OPNsense/Base ApiMutableModelControllerBase.php, src/opnsense/scripts/filter list_legacy_rules.php

php85 - some minor issues foud while testing firewall rules migration
DeltaFile
+1-1src/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php
+1-1src/opnsense/scripts/filter/list_legacy_rules.php
+2-22 files

OPNSense/core fbfac13. plist, src/opnsense/mvc/app/controllers/OPNsense/Interfaces/forms dialogAssignment.xml

Interfaces: Assignments - minor usability improvements.

* show "hint" when editing an interface without a description
* add lock toggle and set to locked by default.
* show identifier by default in grid and edit dialog

as discussed in https://github.com/opnsense/core/pull/10476
DeltaFile
+45-0src/opnsense/mvc/app/models/OPNsense/Interfaces/FieldTypes/IfDescField.php
+17-11src/opnsense/mvc/app/controllers/OPNsense/Interfaces/forms/dialogAssignment.xml
+1-8src/opnsense/mvc/app/views/OPNsense/Interface/assignment.volt
+5-1src/opnsense/mvc/app/models/OPNsense/Interfaces/NetworkInterface.xml
+4-0src/opnsense/mvc/app/models/OPNsense/Interfaces/NetworkInterface.php
+1-0plist
+73-206 files

OPNSense/core e7c5cd2src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes BaseField.php

mvc: BaseField: in getNodes, emit descriptions as well when they're not the same as the value to match getNodeContent()'s behavior.

ref: https://github.com/opnsense/core/pull/10476
DeltaFile
+11-2src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseField.php
+11-21 files

OPNSense/core 9e47011src/opnsense/mvc/app/models/OPNsense/Monit Monit.xml

monit: allow spaces in places

Monit model never had a security concept and GHSA-fq94-cxvc-9r7w made
sure to restrict the fields, but went a bit too far with them.

PR: https://forum.opnsense.org/index.php?topic=52263.0
(cherry picked from commit b86fb99465d9faa603040c8b3af36e09067e24e0)
DeltaFile
+3-0src/opnsense/mvc/app/models/OPNsense/Monit/Monit.xml
+3-01 files

OPNSense/core f674f4fsrc/opnsense/mvc/app/models/OPNsense/Core ACL.php

System: Access: Users - hasPrivilege not merging user privs correctly.

PR: GHSA-p9pr-782r-w2xw
(cherry picked from commit e15a884973746319e79bd2cd421e8a015cc3ddb9)
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Core/ACL.php
+1-11 files

OPNSense/core 82aaab1src/opnsense/mvc/app/models/OPNsense/Firewall/Menu Menu.php

Firewall: fix some small issues in menu registration, taking under account the situations where legacy removed the items leading to config.xml like:

  <filter>
    <rule/>
  </filter>

And mvc Filter->rules always being there (the container vs the entries)

(cherry picked from commit bf08cc48326216eca7703a93b06f10825e64ae43)
DeltaFile
+4-3src/opnsense/mvc/app/models/OPNsense/Firewall/Menu/Menu.php
+4-31 files

OPNSense/core e15a884src/opnsense/mvc/app/models/OPNsense/Core ACL.php

System: Access: Users - hasPrivilege not merging user privs correctly.

PR: GHSA-p9pr-782r-w2xw
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Core/ACL.php
+1-11 files

OPNSense/core 766cb88src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api SourceNatController.php

Firewall: NAT: Source NAT: Fix automatic rules not displayed for PPPoE interfaces, flatten automatic rules into two per WAN type interface (#10482)
DeltaFile
+67-67src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/SourceNatController.php
+67-671 files

OPNSense/core 72b8c5fsrc/opnsense/mvc/app/models/OPNsense/Core/ACL ACL.xml

ACL: cleanup some user ACL's for simplicity and overlap.
DeltaFile
+4-14src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
+4-141 files

OPNSense/core f22884esrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api SourceNatController.php

Firewall: NAT: Source NAT: Fix automatic rules not displayed for PPPoE interfaces, flatten automatic rules into two per WAN type interface
DeltaFile
+67-67src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/SourceNatController.php
+67-671 files