From 5b694358f706a57819a9ba3aba11360cb0d4659b Mon Sep 17 00:00:00 2001
From: Ad Schellevis <adschellevis@MBP-van-Ad.deciso.com>
Date: Wed, 1 Feb 2023 16:24:04 +0100
Subject: [PATCH] changelogs

---
 source/releases/BE_22.10.rst | 128 +++++++++++++++++++++++++++++++++++
 source/releases/CE_22.7.rst  |   6 +-
 source/releases/CE_23.1.rst  |  17 ++++-
 3 files changed, 149 insertions(+), 2 deletions(-)

diff --git a/source/releases/BE_22.10.rst b/source/releases/BE_22.10.rst
index 7eff32af..3e313d32 100644
--- a/source/releases/BE_22.10.rst
+++ b/source/releases/BE_22.10.rst
@@ -16,6 +16,134 @@ the images can be found below as well.
 https://downloads.opnsense.com/
 
 
+--------------------------------------------------------------------------
+22.10.1 (February 01, 2023)
+--------------------------------------------------------------------------
+
+This business release is based on the OPNsense 22.7.11 community version
+with additional reliability improvements.
+
+Here are the full patch notes:
+
+* system: fix getOID() call for phpseclib 3 while processing CSR
+* system: avoid error on installer user creation
+* system: show booting banner on dashboard
+* system: add statistics tree view containing vmstat memory characteristics
+* system: explicitly reopen main log file in case another log file was used and closed
+* system: tweak log_msg() to prepare log level adjustments migration away from log_error()
+* system: enforce config reload to fetch group membership in authentication tester
+* system: separate interface type icon from name column in interface widget
+* system: change system log default to "Notice"
+* system: UX tweaks on activity page
+* system: revised backend daemon startup delay
+* system: drop empty plugins_run() result
+* system: fix internal CRL check (contributed by kulikov-a)
+* system: add group (class) sync and user creation for RADIUS authentication
+* system: show and search ACL endpoints in privilege selector
+* system: replace a number of log_error() calls with log_msg() equivalent
+* system: improve SSH lockout behaviour
+* system: fix a few minor Coverity Scan reports in PHP and Python `[1] <https://scan.coverity.com/projects/opnsense-core>`__ 
+* interfaces: show attached interface for VLAN device in overview
+* interfaces: packet capture MVC/API replacement
+* interfaces: fix ARP table name resolve backend issue (contributed by soif)
+* interfaces: migrate main clearing of interface data to ifctl
+* interfaces: fix display of special HTML characters in packet capture
+* interfaces: retain existing PPP settings on saving interface settings
+* interfaces: delete the correct lock of PPP device
+* interfaces: fix variable use in interface_proxyarp_configure()
+* interfaces: use get_interface_list() to identify hardware devices
+* interfaces: fix single ACL use for MVC/API interface pages
+* firewall: off-by-one in regex for target port range parse
+* firewall: support Maxmind unclassified "EU" as selectable country
+* firewall: fix possible race condition when changing limit in live log
+* firewall: fix sorting bug in aliases list
+* firewall: allow the use of "dynamic" interface types in shaper, e.g. IPsec devices
+* firewall: wrap user rule registration in new function filter_core_rules_user()
+* firewall: simplify rule lookup by using filter_core_rules_user()
+* firewall: allow external dynamic address in NPT
+* firewall: remove extended VIP expansion from NAT rules
+* firewall: fix live view hostname lookup may result in HTTP 431 error
+* firewall: add category selection to aliases
+* firewall: sates page performance improvements and better address parsing in search
+* firewall: reuse "hostid" on filter reload events
+* firewall: show automated "port 0" rule as actual port "0" on PHP 8
+* reporting: fix incompatible regex syntax in FreeBSD 13.1 for firewall state health statistics
+* reporting: bail DNS resolve in traffic graphs when resolver is not configured
+* captive portal: for static MAC assignments make sure that the IP address actually changed before updating it
+* dnsmasq: remove expired root trust anchor (contributed by Johnny S. Lee)
+* firmware: always fetch the signature file to avoid signature issues after upgrades
+* firmware: use effective ABI in changelog fetch
+* firmware: ignore automatic business plugin and license hint
+* ipsec: missing return in controller
+* ipsec: remove side effect host route removal from Phase 1 page
+* ipsec: allow to search all phase 2 entries via API call
+* ipsec: default log should be set to "basic" but PHP 8 disagreed
+* openvpn: use ifctl in link up/down scripts
+* openvpn: remove unused "pool_enable" attribute
+* unbound: move the removal of pluggable files above the configuration check
+* unbound: remove 127/8 from private-address block when rebind protection is enabled
+* unbound: make the default private-address items configurable via the advanced page
+* unbound: fix possible error while opening DoT page
+* unbound: do not stop on potential errors in start script
+* unbound: rework DNSBL implementation to Python module
+* unbound: fix blocklist use with DNS64 mode (contributed by kulikov-a)
+* unbound: change working directory before checking configuration
+* unbound: introduce blocklist module changes for upcoming 23.1
+* unbound: fix log message blocklist item count (contributed by kulikov-a)
+* unbound: also change working dir for unbound-checkconf in start script (contributed by kulikov-a)
+* unbound: fix missing query_reply property leading to an AttributeError
+* unbound: safeguard retrieval of blocklist shortcode
+* web proxy: fix broken "Google GSuite restricted" option
+* backend: wait 1 second for configd socket to become available
+* backend: clean up scripts/systemheath location
+* backend: moved log format definitions to new location for core and several plugins
+* mvc: when multiple validation messages are returned wrap each message in a div tag
+* mvc: translate a base field error
+* mvc: change default sorting to case-insensitive
+* mvc: move JavaScript and CSS imports to base controller
+* mvc: make sure HostnameField with ZoneRootAllowed accepts "@." prefix
+* mvc: fix IntegerField minimum value (contributed by xbb)
+* rc: remove obsolete NAME_var_script and NAME_var_mfs support
+* ui: unicode content for tokenizer (contributed by kulikov-a)
+* plugins: migrate all plugins to NAME_setup script use
+* plugins: $verbose argument in plugins_run() is spurious
+* plugins: os-acme-client 3.15 `[2] <https://github.com/opnsense/plugins/blob/stable/22.7/security/acme-client/pkg-descr>`__ 
+* plugins: os-apcupsd 1.1 `[3] <https://github.com/opnsense/plugins/blob/stable/22.7/sysutils/apcupsd/pkg-descr>`__ 
+* plugins: os-clamav 1.8 `[4] <https://github.com/opnsense/plugins/blob/stable/22.7/security/clamav/pkg-descr>`__ 
+* plugins: os-ddclient IPv6 parsing fix `[5] <https://github.com/opnsense/plugins/blob/stable/22.7/dns/ddclient/pkg-descr>`__ 
+* plugins: os-freeradius is no longer available for LibreSSL to allow updates of FreeRADIUS software
+* plugins: os-frr 1.31 `[6] <https://github.com/opnsense/plugins/blob/stable/22.7/net/frr/pkg-descr>`__ 
+* plugins: os-haproxy 3.12 `[7] <https://github.com/opnsense/plugins/blob/stable/22.7/net/haproxy/pkg-descr>`__ 
+* plugins: os-maltrail 1.10 `[8] <https://github.com/opnsense/plugins/blob/stable/22.7/security/maltrail/pkg-descr>`__ 
+* plugins: os-nginx 1.31 `[9] <https://github.com/opnsense/plugins/blob/stable/22.7/www/nginx/pkg-descr>`__ 
+* plugins: os-openconnect 1.4.3 `[10] <https://github.com/opnsense/plugins/blob/stable/22.7/security/openconnect/pkg-descr>`__ 
+* plugins: os-rfc2136 1.7 fixes key format issue with latest bind-tools update
+* plugins: os-stunnel fixes missing include in certificate script
+* plugins: os-telegraf 1.12.7 `[11] <https://github.com/opnsense/plugins/blob/stable/22.7/net-mgmt/telegraf/pkg-descr>`__ 
+* plugins: os-theme-cicada 1.31 (contributed by Team Rebellion)
+* plugins: os-theme-vicuna 1.43 (contributed by Team Rebellion)
+* plugins: os-tor 1.9 enables hardware acceleration (contributed by haarp)
+* plugins: os-wireguard 1.13 `[12] <https://github.com/opnsense/plugins/blob/stable/22.7/net/wireguard/pkg-descr>`__ 
+* ports: curl 7.87.0 `[13] <https://curl.se/changes.html#7_87_0>`__ 
+* ports: dnsmasq 2.88 `[14] <https://www.thekelleys.org.uk/dnsmasq/CHANGELOG>`__ 
+* ports: expat 2.5.0 `[15] <https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes>`__ 
+* ports: krb5 1.20.1 `[16] <https://web.mit.edu/kerberos/krb5-1.20/>`__ 
+* ports: libxml 2.10.3 `[17] <http://www.xmlsoft.org/news.html>`__ 
+* ports: nss 3.87 `[18] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html>`__ 
+* ports: openssl 1.1.1s `[19] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openvpn 2.5.8 `[20] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.8>`__ 
+* ports: pcre 10.42 `[21] <https://www.pcre.org/changelog.txt>`__ 
+* ports: phalcon 5.1.4 `[22] <https://github.com/phalcon/cphalcon/releases/tag/v5.1.4>`__ 
+* ports: php 8.0.27 `[23] <https://www.php.net/ChangeLog-8.php#8.0.27>`__ 
+* ports: phpseclib 3.0.18 `[24] <https://github.com/phpseclib/phpseclib/releases/tag/3.0.18>`__ 
+* ports: python 3.9.16 `[25] <https://docs.python.org/release/3.9.16/whatsnew/changelog.html>`__ 
+* ports: sqlite 3.40.1 `[26] <https://sqlite.org/releaselog/3_40_1.html>`__ 
+* ports: strongswan 5.9.9 `[27] <https://github.com/strongswan/strongswan/releases/tag/5.9.9>`__ 
+* ports: suricata 6.0.9 `[28] <https://suricata.io/2022/11/29/suricata-6-0-9-released/>`__ 
+* ports: unbound 1.17.1 `[29] <https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-1>`__ 
+
+
+
 --------------------------------------------------------------------------
 22.10 (October 26, 2022)
 --------------------------------------------------------------------------
diff --git a/source/releases/CE_22.7.rst b/source/releases/CE_22.7.rst
index abd30bfa..7d99af58 100644
--- a/source/releases/CE_22.7.rst
+++ b/source/releases/CE_22.7.rst
@@ -57,7 +57,7 @@ Here are the full patch notes:
 * reporting: fix incompatible regex syntax in FreeBSD 13.1 for firewall state health statistics
 * unbound: safeguard retrieval of blocklist shortcode
 * mvc: fix IntegerField minimum value (contributed by xbb)
-* plugins: acme-client 3.15 `[2] <https://github.com/opnsense/plugins/blob/stable/22.7/security/acme-client/pkg-descr>`__ 
+* plugins: os-acme-client 3.15 `[2] <https://github.com/opnsense/plugins/blob/stable/22.7/security/acme-client/pkg-descr>`__ 
 * plugins: os-stunnel fixes missing include in certificate script
 * ports: curl 7.87.0 `[3] <https://curl.se/changes.html#7_87_0>`__ 
 * ports: nss 3.87 `[4] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html>`__ 
@@ -68,6 +68,10 @@ Here are the full patch notes:
 * ports: strongswan 5.9.9 `[9] <https://github.com/strongswan/strongswan/releases/tag/5.9.9>`__ 
 * ports: unbound 1.17.1 `[10] <https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-1>`__ 
 
+A hotfix release was issued as 22.7.11_1:
+
+* firmware: enable upgrade path to 23.1 (OpenSSL only)
+
 
 
 --------------------------------------------------------------------------
diff --git a/source/releases/CE_23.1.rst b/source/releases/CE_23.1.rst
index 8bff7d24..34563824 100644
--- a/source/releases/CE_23.1.rst
+++ b/source/releases/CE_23.1.rst
@@ -133,6 +133,21 @@ Here are the full patch notes against 22.7.11:
 * ports: php 8.1.14 `[11] <https://www.php.net/ChangeLog-8.php#8.1.14>`__ 
 * ports: sudo 1.9.12p2 `[12] <https://www.sudo.ws/stable.html#1.9.12p2>`__ 
 
+A hotfix release was issued as 23.1_6:
+
+* system: incorrect link to CARP status page on dashboard widget
+* reporting: bail DNS resolve in traffic graphs when resolver is not configured
+* captive portal: for static MAC assignments make sure that the IP address actually changed before updating it
+* ipsec: missing a bracket for agressive mode selection
+* ipsec: mute a spurious boot warning
+* ipsec: myid may be be optional
+* plugins: os-bind fix plugin directory path
+* plugins: os-ddclient minor PHP fix
+* plugins: os-frr allow restart via cron
+* plugins: os-nut wrong user for latest port
+* plugins: os-upnp typo in log level
+* plugins: os-wireguard service widget fix
+
 Migration notes, known issues and limitations:
 
 * LibreSSL flavour has been discontinued.  Switch to OpenSSL flavour to proceed with the upgrade.
@@ -275,7 +290,7 @@ Here are the full patch notes against 22.7.10:
 * mvc: add TextField tests (contributed by agh1467)
 * ui: assorted improvements in bootgrid and form controls
 * ui: switch to pure JSON data in bootgrids
-* plugins: acme-client 3.15 `[2] <https://github.com/opnsense/plugins/blob/stable/23.1/security/acme-client/pkg-descr>`__ 
+* plugins: os-acme-client 3.15 `[2] <https://github.com/opnsense/plugins/blob/stable/23.1/security/acme-client/pkg-descr>`__ 
 * plugins: os-bind 1.25 `[3] <https://github.com/opnsense/plugins/blob/stable/23.1/dns/bind/pkg-descr>`__ 
 * plugins: os-ddclient 1.11 `[4] <https://github.com/opnsense/plugins/blob/stable/23.1/dns/ddclient/pkg-descr>`__ 
 * plugins: os-dyndns end of life note moves to 23.7