OPNSense/core a754a92. Makefile, src/etc/inc/plugins.inc.d core.inc

Firewall: Aliases - add Expire option to external aliases to automatically cleanup tables via cron, closes https://github.com/opnsense/core/issues/8831

As expiretable was already used for predefined sshlockout and virusprot tables, we moved the option to the model and made sure the internal ones have their settings in the model as well.
For simplicity, we flush the tables that need to be expired to cron, using either a 15 minute or 1 minute interval, depending on timing.

pfctl offers the same functionality as expiretable now, so lets drop the latter for simplicity.
DeltaFile
+20-0src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt
+10-2src/etc/inc/plugins.inc.d/core.inc
+2-6src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php
+4-0src/opnsense/mvc/app/models/OPNsense/Firewall/static_aliases/core.json
+4-0src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.xml
+0-1Makefile
+40-96 files

OPNSense/core 05ddadfsrc/opnsense/mvc/app/views/OPNsense/IPsec spd.volt

ipsec: tooltip trigger not necessary anymore since 699b690
DeltaFile
+0-3src/opnsense/mvc/app/views/OPNsense/IPsec/spd.volt
+0-31 files

OPNSense/core 04ff7absrc/opnsense/mvc/app/models/OPNsense/Dnsmasq/FieldTypes DomainIPField.php

dnsmasq: Fix DomainIPField, allow IP address to be emptied
DeltaFile
+1-2src/opnsense/mvc/app/models/OPNsense/Dnsmasq/FieldTypes/DomainIPField.php
+1-21 files

OPNSense/core 6379eb5src/opnsense/mvc/app/models/OPNsense/Dnsmasq Dnsmasq.php

dnsmasq: Fix missing condition in ipset validation (#8907)

DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.php
+1-11 files

OPNSense/core 1bf388asrc/opnsense/mvc/app/models/OPNsense/Dnsmasq Dnsmasq.php

dnsmasq: Fix missing condition in ipset validation
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.php
+1-11 files

OPNSense/plugins 6864606security/stunnel Makefile, security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel Stunnel.xml

security/stunnel Add LDAP and NNTP to supported STARTTLS protocols (#4788)

DeltaFile
+3-1security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml
+1-2security/stunnel/Makefile
+4-32 files

OPNSense/core 7d8f487src/opnsense/www/js opnsense_bootgrid.js

ui: fix last page pagination values on non-ajax grids
DeltaFile
+1-1src/opnsense/www/js/opnsense_bootgrid.js
+1-11 files

OPNSense/core 9a06de0src/opnsense/www/js opnsense_bootgrid.js

ui: add missing statusMapping functionality for new bootgrid
DeltaFile
+8-1src/opnsense/www/js/opnsense_bootgrid.js
+8-11 files

OPNSense/core 13135e1src/opnsense/mvc/app/views/OPNsense/Firewall filter_rule.volt

automation/filter: Use fetch_options for category selectpicker, simplify the reconfigureActInProgress logic
DeltaFile
+33-43src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+33-431 files

OPNSense/core fae7b60src/opnsense/mvc/app/controllers/OPNsense/Core/Api FirmwareController.php, src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes BaseSetField.php IPPortField.php

Merge remote-tracking branch 'origin/master' into automation-improve-grid-reload-behavior
DeltaFile
+115-0src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseSetField.php
+34-54src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/IPPortField.php
+3-74src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/NetworkField.php
+10-62src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/HostnameField.php
+23-33src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/CSVListField.php
+28-21src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
+213-24428 files not shown
+387-38734 files

OPNSense/core 51724b5src/opnsense/mvc/app/controllers/OPNsense/Core/Api FirmwareController.php, src/opnsense/mvc/app/views/OPNsense/Core firmware.volt

System: Firmware: Plugins - Add checkbox to show tier3 and development plugins, which are now hidden by default.

* minor style cleanups in the controller array() vs []
* Change tier handling in the controller, only trust tiers from OPNsense, set Zenarmors plugins to fixed tier 2
* Change -devel packages to tier "DEV"
DeltaFile
+28-21src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
+21-2src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt
+49-232 files

OPNSense/core a97d38dsrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterController.php

automation/filter: Filter out empty category names (#8905)

DeltaFile
+1-2src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php
+1-21 files

OPNSense/core ab3bc16src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterController.php

automation/filter: Filter out empty category names
DeltaFile
+1-2src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php
+1-21 files

OPNSense/core c3ac12bsrc/opnsense/mvc/app/models/OPNsense/Monit Monit.xml

monit: style issue in model
DeltaFile
+1-3src/opnsense/mvc/app/models/OPNsense/Monit/Monit.xml
+1-31 files

OPNSense/core 43838c0src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes BaseSetField.php, src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes IPPortFieldTest.php HostnameFieldTest.php

mvc: add isList() to BaseSetField for testing #8897
DeltaFile
+25-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/IPPortFieldTest.php
+11-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/HostnameFieldTest.php
+11-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/NetworkFieldTest.php
+9-0src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseSetField.php
+2-1src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/CSVListFieldTest.php
+58-15 files

OPNSense/core 153d3ccsrc/opnsense/mvc/app/models/OPNsense/Base/FieldTypes IPPortField.php, src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes IPPortFieldTest.php

mvc: allow PortOptional=Y for IPPortField

PR: https://github.com/opnsense/plugins/pull/4698
PR: https://github.com/opnsense/plugins/pull/4445
DeltaFile
+31-9src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/IPPortField.php
+24-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/IPPortFieldTest.php
+55-92 files

OPNSense/core 612cce7src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes CSVListField.php, src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes CSVListFieldTest.php

mvc: convert CSVListField to use BaseSetField #8897

Add a mask validation test while at it.
DeltaFile
+23-33src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/CSVListField.php
+29-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/CSVListFieldTest.php
+52-332 files

OPNSense/core bb5e03asrc/opnsense/mvc/app/models/OPNsense/Base/FieldTypes BaseSetField.php NetworkField.php, src/opnsense/mvc/app/models/OPNsense/OpenVPN OpenVPN.xml

mvc: new base class for separator/list based fields #8897
DeltaFile
+106-0src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseSetField.php
+3-74src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/NetworkField.php
+10-62src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/HostnameField.php
+3-46src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/MacAddressField.php
+3-45src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/IPPortField.php
+0-11src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+125-23818 files not shown
+134-27624 files

OPNSense/core 34b077dsrc/opnsense/mvc/app/models/OPNsense/Base/FieldTypes IPPortField.php, src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes IPPortFieldTest.php

mvc: allow PortOptional=Y for IPPortField

PR: https://github.com/opnsense/plugins/pull/4698
PR: https://github.com/opnsense/plugins/pull/4445
DeltaFile
+31-9src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/IPPortField.php
+24-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/IPPortFieldTest.php
+55-92 files

OPNSense/core 25a927csrc/opnsense/mvc/app/models/OPNsense/Base/FieldTypes BaseSetField.php, src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes IPPortFieldTest.php HostnameFieldTest.php

mvc: add isList() to BaseSetField for testing #8897
DeltaFile
+25-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/IPPortFieldTest.php
+11-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/HostnameFieldTest.php
+11-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/NetworkFieldTest.php
+9-0src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseSetField.php
+2-1src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/CSVListFieldTest.php
+58-15 files

OPNSense/core 6bf3780src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes BaseSetField.php, src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes HostnameFieldTest.php IPPortFieldTest.php

mvc: add isList() to BaseSetField for testing #8897
DeltaFile
+11-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/HostnameFieldTest.php
+11-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/IPPortFieldTest.php
+11-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/NetworkFieldTest.php
+9-0src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseSetField.php
+2-1src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/CSVListFieldTest.php
+44-15 files

OPNSense/plugins dd2b7f8security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api SettingsController.php, security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient Utils.php SftpUploader.php

Merge pull request #4755 from fraenki/acme_4_10

security/acme-client: release 4.10
DeltaFile
+70-29security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php
+7-72security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/Utils.php
+41-22security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SftpUploader.php
+25-22security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAccount.php
+44-0security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsWebsupport.php
+21-18security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php
+208-16314 files not shown
+340-21220 files

OPNSense/plugins 7cd4589www/OPNProxy Makefile, www/squid Makefile

www: bring os-squid and os-OPNProxy to tier 3
DeltaFile
+0-1www/OPNProxy/Makefile
+0-1www/squid/Makefile
+0-22 files

OPNSense/plugins e3717e6security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient Utils.php SftpUploader.php, security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient upload_sftp.php run_remote_ssh.php

security/acme-client: assorted logging enhancements
DeltaFile
+7-72security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/Utils.php
+22-19security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SftpUploader.php
+21-18security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php
+17-14security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SSHKeys.php
+12-10security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/run_remote_ssh.php
+9-9security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAccount.php
+88-1427 files not shown
+129-16113 files

OPNSense/core cb576b9src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes CSVListField.php, src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes CSVListFieldTest.php

mvc: convert CSVListField to use BaseSetField #8897

Add a mask validation test while at it.
DeltaFile
+23-33src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/CSVListField.php
+29-0src/opnsense/mvc/tests/app/models/OPNsense/Base/FieldTypes/CSVListFieldTest.php
+52-332 files

OPNSense/core 7d4cfdbsrc/opnsense/mvc/app/models/OPNsense/Base/FieldTypes BaseSetField.php NetworkField.php, src/opnsense/mvc/app/models/OPNsense/OpenVPN OpenVPN.xml

mvc: new base class for separator/list based fields #8897
DeltaFile
+106-0src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseSetField.php
+3-74src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/NetworkField.php
+10-62src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/HostnameField.php
+3-46src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/MacAddressField.php
+3-45src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/IPPortField.php
+0-11src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+125-23818 files not shown
+134-27624 files

OPNSense/core b8974edsrc/opnsense/mvc/app/controllers/OPNsense/Auth/Api PrivController.php

system: replace getCurrentValue() in PrivController
DeltaFile
+6-10src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/PrivController.php
+6-101 files

OPNSense/core ddc4693src/opnsense/mvc/app/controllers/OPNsense/Auth/Api UserController.php

system: switch away from using getCurrentValue() in UserController
DeltaFile
+2-2src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php
+2-21 files

OPNSense/src e13f0desys/netpfil/pf pf_table.c

pf: align sanity checks for pfrw_free
DeltaFile
+7-3sys/netpfil/pf/pf_table.c
+7-31 files

OPNSense/src 94a56b8sys/net pfvar.h, sys/netpfil/pf pf.c

pf: backport changes around the following commit #242

 commit 49f39043a02d6011c1907e1b07eb034652a1269c
 Author: phessler <phessler at openbsd.org>
 Date:   Fri Apr 28 14:08:34 2023 +0000

    Relax the "pass all" rule so all forms of neighbor advertisements are allowed
    in either direction.

    This more closely matches the IPv4 ARP behaviour.

    From sashan@
    discussed with kn@ deraadt@
DeltaFile
+38-2sys/netpfil/pf/pf.c
+3-1sys/net/pfvar.h
+41-32 files