OPNSense/core 3dc5f71src/opnsense/scripts/filter/lib alias.py

Filter, alias. calculate uniqueid() using all of its contents +minor cleanup (this alias 
is always in _known_aliases). closes https://github.com/opnsense/core/issues/3432

OPNSense/core e784027src/opnsense/scripts/filter update_tables.py

filter, aliases. add alias cleanup. previously a delete of an alias would result in the 
old one still being there. closes https://github.com/opnsense/core/issues/3431

Since all aliases are written to /usr/local/etc/filter_tables.conf, it should be safe to 
drop all for which a file in aliastables exists but no entry is available in 
filter_tables.conf anymore.
For debug purposes we log the entries which we delete, although this probably wouldn't be 
absolutely necessary, it might help to debug potential issues.

OPNSense/tools aa997e9config/19.1 make.conf

config: STUBBY is now the getdns default

OPNSense/core 97f1d7esrc/etc/inc/plugins.inc.d core.inc

backup, disable cron when not enabled. closes https://github.com/opnsense/core/issues/3430

(cherry picked from commit 2e896d47b3dd66b3ef0a019102d04b2f1635822c)

OPNSense/core 2e896d4src/etc/inc/plugins.inc.d core.inc

backup, disable cron when not enabled. closes https://github.com/opnsense/core/issues/3430

OPNSense/core c75f636. plist, src/etc/inc/plugins.inc.d ipsec.inc

IPsec, switch to PAM, closes https://github.com/opnsense/core/issues/3265

OPNSense/core b80b5fasrc/opnsense/mvc/app/library/OPNsense/Auth AuthenticationFactory.php IService.php, src/opnsense/mvc/app/library/OPNsense/Auth/Services IPsec.php System.php

system: sync PAM-based authentication rework

OPNSense/ports 4b6df2b. UPDATING, Mk bsd.default-versions.mk

Framework: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 721118csecurity/mbedtls distinfo Makefile

security/mbedtls: sync with upstream

Taken from: HardenedBSD

OPNSense/ports be00b61databases/freetds distinfo Makefile

databases/freetds: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 1a6f5f8mail/postfix/files patch-src_global_dict__mysql.c patch-src_tls_tls.h

mail/postfix: sync with upstream

Taken from: HardenedBSD

OPNSense/ports de26237security/gnutls distinfo Makefile

security/gnutls: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 3bee5a0security/vuxml vuln.xml

security/vuxml: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 46685b6java/openjdk8 Makefile, java/openjdk8/files patch-bsd patch-bsd-test

*/*: sync with upstream

Taken from: HardenedBSD

OPNSense/core cf6609fsrc/opnsense/mvc/app/library/OPNsense/Base UIModelGrid.php, src/opnsense/mvc/app/models/OPNsense/Firewall Alias.php

src: style and whitespace sweep

(cherry picked from commit a0f234f76169bd0e904c5eb45e5757d03684316c)

OPNSense/core 395342esrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api AliasController.php, src/opnsense/mvc/app/models/OPNsense/Firewall Alias.php

Alias, add export+import option, closes https://github.com/opnsense/core/issues/3171

(cherry picked from commit f2948e6af4707717859d131b9d2f19d5106cd944)

OPNSense/core bbbf919src/opnsense/mvc/app/controllers/OPNsense/Base ApiMutableModelControllerBase.php, src/opnsense/mvc/app/library/OPNsense/Base UIModelGrid.php

MVC, add filter closure to searchBase(), for https://github.com/opnsense/plugins/pull/1274

(cherry picked from commit 8ae69d5f06ae1db9936dbceae8b32f8ea4733da4)
(cherry picked from commit 39a95d3c39f77cdf5ff93a59229dcb62e130248b)

OPNSense/core ed9ade8src/opnsense/scripts/OPNsense/CaptivePortal/lib db.py

Captive portal, in case someone execs listClients before service start, make sure the 
directory exists. for https://github.com/opnsense/core/issues/3425

(cherry picked from commit a193e1e39711477da6bd52c20f9c96116841a4e7)

OPNSense/core f89552bsrc/opnsense/scripts/OPNsense/CaptivePortal/htdocs_default/css bootstrap.min.css, src/opnsense/scripts/OPNsense/CaptivePortal/htdocs_default/js bootstrap.min.js

captive portal: update to bootstrap 3.4.1

OPNSense/core db4833e. plist, src/etc/inc interfaces.inc

interfaces: ppp-related changes from master

(cherry picked from commit cfc95122f2d248e61d03d8f1dbae3cbd40260196)
(cherry picked from commit 75c3100ba7fca08e874dfea7b40831781bdf7f74)
(cherry picked from commit be9a1c94ab0a96d7c3a1f94eedaa4c88c5275639)

OPNSense/core 66335ffsrc/etc/inc filter.inc, src/www system_general.php

system: remove feature that was never implemented

OPNSense/core de0c990src/www vpn_ipsec_mobile.php

ipsec: restyle mobile settings a little

(cherry picked from commit 9cb95f7c86b925b3095b12f598f2769e25cbd269)

OPNSense/plugins d60556fdns/dyndns Makefile, dns/dyndns/src/etc rc.dyndns

dns/dyndns: separate devel noise left

OPNSense/plugins 496021adns/rfc2136 Makefile, dns/rfc2136/src/etc rc.rfc2136

dns/rfc2136: sync with master

OPNSense/plugins 7f24141dns/dyndns Makefile, dns/dyndns/src/etc rc.dyndns

dns/dyndns: sync with master

OPNSense/plugins 0e404aadns/rfc2136 Makefile, dns/rfc2136/src/etc rc.rfc2136

dns/rfc2136: separate devel noise left

OPNSense/core a0c9e20src/etc rc.filter_synchronize, src/etc/inc/xmlrpc legacy.inc

system: support for syncing alias+vhid to the slave

OPNSense/core 8befa52src/etc/inc filter.inc, src/www guiconfig.inc system_usermanager.php

HAsync, prevent sloppy apply behaviour in various places due to configuring the backup 
device and point the user to our status page.

(cherry picked from commit b214b89e2078e26cee8e778a43b1946ee5ac9943)
(cherry picked from commit 883063c49c499697dba0f8b12a7855da9690d0c5)

OPNSense/core f1955a5. Makefile, src/opnsense/scripts/systemhealth activity.py fetchData.py

system: move health scripts to Python 3.6

OPNSense/core f5cbcb2src/etc/inc/plugins.inc.d ipsec.inc

ipsec: only apply mobile PFS to mobile phase 2; closes #3323

(cherry picked from commit cf721cf4b115c0b9247e9c5139dbdc32b226d05e)

OPNSense/core 25442f6. plist, src/etc/inc/plugins.inc.d ipsec.inc

implemented wildcard includes for ipsec/strongswan

(cherry picked from commit acdf14e63667034cda82dc75fcdcccd4b4367f6d)
(cherry picked from commit a4d157db0bc622c68af6da717c311499d8362691)
(cherry picked from commit dfd48d29349688d25b102b928ccbd509aa516f9a)
(cherry picked from commit 2056e907ffd47cf2646899f37448c8e54f19cc05)

OPNSense/core 1568140src/www status_dhcp_leases.php status_dhcpv6_leases.php

dhcpd/leases, double html escaping. closes https://github.com/opnsense/core/issues/3427

(cherry picked from commit 248156f8ee783b86f7ce5c6d7fdc914361b4af57)

OPNSense/core e182339src/etc/inc system.inc

system: cleanly rewrite CA root files, add our own; closes #1460

(cherry picked from commit 59b913f9e5e5c7c722f5364e91feaac358e63ebf)
(cherry picked from commit 3d46287880bc0ed3960402f50ef809438c79a2ec)
(cherry picked from commit 241716e8a7a9f5bba53c870442505167bdced076)

OPNSense/core 2dc1d24src/etc/inc system.inc

system: remove unused option

(cherry picked from commit 81b43740f2f4f6a028042dd06c955ebdee8dd3a0)

OPNSense/ports df46a92opnsense/dhcp6c distinfo Makefile

opnsense/dhcp6c: update raw options handling on reload

OPNSense/core 248156fsrc/www status_dhcp_leases.php status_dhcpv6_leases.php

dhcpd/leases, double html escaping. closes https://github.com/opnsense/core/issues/3427

OPNSense/ports e08ecfe. UPDATING, Mk bsd.options.mk bsd.sanity.mk

Framework: sync with upstream

Taken from: HardenedBSD

OPNSense/ports bfa7e29archivers/zstd distinfo Makefile

archivers/zstd: sync with upstream

Taken from: HardenedBSD

OPNSense/ports e4a75a3security/libssh2 distinfo Makefile

security/libssh2: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 39c3ee4www/p5-Mojolicious distinfo Makefile

www/p5-Mojolicious: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 24e89e2devel/p5-Module-Build distinfo Makefile

devel/p5-Module-Build: sync with upstream

Taken from: HardenedBSD

OPNSense/ports a45dc18dns/getdns distinfo Makefile

dns/getdns: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 938de56www/libnghttp2 distinfo Makefile

www/libnghttp2: sync with upstream

Taken from: HardenedBSD

OPNSense/ports fdc6cd2security/vuxml vuln.xml

security/vuxml: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 8f3ba38games/renpy6/files patch-pygame-1.9.5, graphics/gwenview/files patch-git_61543b

*/*: sync with upstream

Taken from: HardenedBSD

OPNSense/core 81b4374src/etc/inc system.inc

system: remove unused option

OPNSense/core 4dd8df5src/opnsense/mvc/app/library/OPNsense/Routing Gateways.php

Routing, gateways for https://github.com/opnsense/core/issues/2279 align automatic 
gateways to legacy behaviour. Since gif/gre interfaces already write _router files, we 
should only add openvpn client gateways to mimic the way it wasbefore. Also skip disabled 
interfaces.

OPNSense/core f6c0e84src/opnsense/mvc/app/library/OPNsense/Routing Gateways.php

system: retain old GW naming convention #2279

OPNSense/core a193e1esrc/opnsense/scripts/OPNsense/CaptivePortal/lib db.py

Captive portal, in case someone execs listClients before service start, make sure the 
directory exists. for https://github.com/opnsense/core/issues/3425

OPNSense/plugins b830ffadns/dyndns/src/etc/inc/plugins.inc.d/dyndns phpDynDNS.inc

dns/dyndns: whitespace sweep