OPNSense/core 8bb3f1fsrc/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms export_options.xml, src/opnsense/mvc/app/library/OPNsense/OpenVPN ArchiveOpenVPN.php ViscosityVisz.php

OpenVPN export, support cryptoapicert to load certificates from the windows certificate 
system store, for https://github.com/opnsense/core/issues/3500

OPNSense/core 450ff5bsrc/opnsense/mvc/app/library/OPNsense/Auth/Services Squid.php

Proxy, minor regression in authentication. contraints are always checked now, which should 
only apply for local. related to https://github.com/opnsense/core/issues/3250

(cherry picked from commit 54551b03eecc95ff4698726b95ba7b7574afae37)
(cherry picked from commit e8dbda338fa759d60520b1c7fba4771075d5a172)

OPNSense/core e8dbda3src/opnsense/mvc/app/library/OPNsense/Auth/Services Squid.php

rework previous

OPNSense/core 54551b0src/opnsense/mvc/app/library/OPNsense/Auth/Services Squid.php

Proxy, minor regression in authentication. contraints are always checked now, which should 
only apply for local. related to https://github.com/opnsense/core/issues/3250

OPNSense/core 5213f74src/opnsense/mvc/app/library/OPNsense/Auth LDAP.php

system: style update

(cherry picked from commit 7218726f59c39cf6a76b0b2d09aa247d19f066c0)

OPNSense/core 4482cb1src/etc/inc interfaces.inc

interfaces: code review, flip logic

OPNSense/core 0606345src/etc/inc interfaces.inc

interface: push IPv6 alias to IPv6 interface

OPNSense/core 86590d2src/etc/inc interfaces.inc

interfaces: make these checks explicit, 19.7 will not do them internally

OPNSense/core 943e0f4src/etc/inc interfaces.inc

interfaces: small VIP restructure, IPv6 on IPv6 device

OPNSense/core 902f8b9src/etc/inc interfaces.inc

interfaces: subtle changes in IPv6 and variable naming

OPNSense/core a3570b9. Makefile

pkg: move python dep to 3

(cherry picked from commit 8b22eebb9c55dba29f4a1d55eb8d97cf33f6415e)
(cherry picked from commit 5d83d8612c68182eda5115552fe5fd9aca5914ea)
DeltaFile
+9-9Makefile
+9-91 files

OPNSense/core 5d83d86. Makefile

pkg: since CORE_PYTHON2 goes away make 3 the CORE_PYTHON default
DeltaFile
+9-9Makefile
+9-91 files

OPNSense/core 5184400src/www firewall_rules.php

firewall: change this back #3497

OPNSense/core 4af1fb0src/etc rc.bootup, src/etc/inc interfaces.inc

ipsec: plugin use indirect calls

OPNSense/core 7218726src/opnsense/mvc/app/library/OPNsense/Auth LDAP.php

system: style update

OPNSense/core fb4a9besrc/www status_dhcp_leases.php

dhcp/leases, forgot to replace from-to with address range min, max. for 
https://github.com/opnsense/core/issues/3487

OPNSense/core 446caa9src/www status_dhcp_leases.php

dhcp/leases, simplify interface lookup and make it more consistent. should fix 
https://github.com/opnsense/core/issues/3487

OPNSense/core 9b63e33src/etc/inc/plugins.inc.d dhcpd.inc, src/www services_dhcp.php

Merge branch 'clystron-dhcp_failover_params'

OPNSense/core 7a15556src/etc/inc/plugins.inc.d dhcpd.inc, src/www services_dhcp.php

minor cleanups for https://github.com/opnsense/core/pull/3484 and handle 0 values.

OPNSense/core f886e4dsrc/etc/inc/plugins.inc.d dhcpd.inc, src/www services_dhcp.php

Merge branch 'dhcp_failover_params' of https://github.com/clystron/core into 
clystron-dhcp_failover_params

OPNSense/core 8b22eeb. Makefile

pkg: move python dep to 3
DeltaFile
+2-2Makefile
+2-21 files

OPNSense/core f772b4esrc/sbin pluginctl

system: reduce diff vs. stable
DeltaFile
+1-1src/sbin/pluginctl
+1-11 files

OPNSense/core 2603519src/www status_openvpn.php

openvpn: revamp status page
DeltaFile
+205-200src/www/status_openvpn.php
+205-2001 files

OPNSense/core 98abca9src/etc/inc services.inc, src/etc/inc/xmlrpc service.inc

system: rename a number of service-related functions

OPNSense/core c5edf13src/www diag_logs_common.inc diag_logs_proxy.php

Squid log webUI in readable date format #1831 (#3326)

(cherry picked from commit 1c1b8bcac95b07e0c63b95519d139273968d1ef6)
(cherry picked from commit 8fe295f70ece19df4cdbb345982f797dd241c71a)

OPNSense/core a4a86dasrc/opnsense/service/conf/actions.d actions_captiveportal.conf

captiveportal, use "onestop" to stop captiveportal, when there's no zone configured "stop" 
would be skipped since the service is disabled. issue seems to be introduced in 
https://github.com/opnsense/core/commit/0299224578b982c1e28681fbb967a49a96b58017

(cherry picked from commit 10108b0615d53640d55ad7b47a77464ba0bbdce3)

OPNSense/core 3fb81e0src/www diag_confbak.php

system: restyle config backup page
DeltaFile
+147-133src/www/diag_confbak.php
+147-1331 files

OPNSense/core b7076ccsrc/www firewall_nat_edit.php firewall_nat.php

filter, port forward. support multiple interfaces per rule, when used and an automatic 
filter rule association is created it will be set as "Floating" + quick. closes 
https://github.com/opnsense/core/issues/1242

(cherry picked from commit 7af64730812680b63d95bb4c8d512e9ed6313615)

OPNSense/core fe34833src/etc/inc system.inc

system: stop using a lock around resolv.conf handling #2267

This might kill a bit of delay in function use by doing an atomic
move to update resolv.conf.  Even if several instances are running
at the same time the contents of the file will be the same now.

I don't expect issues with the DNS route updates either: even if
they are removed or added twice, they will always end up being there.

(cherry picked from commit 5f4315c40ceeb6a9235cdaa4e5d758b777f72b1f)

OPNSense/core 1963974src/etc/inc authgui.inc, src/www index.php

system: login not using cache-safe image yet

(cherry picked from commit 65e31e7bbf125ccb7a58c091c1f8a62231bc0f68)
(cherry picked from commit aa9c83571fb7fcd34b51550e10cb1414b55e97d4)

OPNSense/core 6a0abf0src/opnsense/mvc/app/library/OPNsense/Auth LDAP.php, src/www system_authservers.php

auth / ldap, add group sync

PR: https://github.com/opnsense/core/issues/3471

(cherry picked from commit 5f743941754294bd2651616484c8b97cf53ae26a)
(cherry picked from commit ccdd7f65860bb3e2fc991fb1039011fee49adcac)
(cherry picked from commit 24b90841d16bb9f2ab2dcadf57abf83c11b23c3c)
(cherry picked from commit 1d7f87352819e162fe8a3645f7df195cd4c92016)

OPNSense/core 855c687src/opnsense/service/templates/OPNsense/Auth sudoers, src/www system_advanced_admin.php

system: allow an arbitrary group for sudo like ssh login; closes #3407

(cherry picked from commit 6e727e43d2fde40e9d23ed3554c0404eb4ef153a)

OPNSense/core 95b4ae2src/www diag_logs_common.inc

OPNSense/core 255e9b7src/sbin pluginctl

system: add pluginctl -s support

For legacy components route -s option through plugins_services()
to get a list of services that can be controlled like the GUI
controls.  E.g.:

    # pluginctl dhcpd [start|stop|restart]

PR: https://forum.opnsense.org/index.php?topic=12781.0
DeltaFile
+48-19src/sbin/pluginctl
+48-191 files

OPNSense/core 10108b0src/opnsense/service/conf/actions.d actions_captiveportal.conf

captiveportal, use "onestop" to stop captiveportal, when there's no zone configured "stop" 
would be skipped since the service is disabled. issue seems to be introduced in 
https://github.com/opnsense/core/commit/0299224578b982c1e28681fbb967a49a96b58017

OPNSense/core 4175a45src/opnsense/scripts/netflow/lib flowparser.py

system: fix netflow lib permission

OPNSense/core 283d62asrc/opnsense/mvc/app/controllers/OPNsense/Core/Api/repositories opnsense.xml

Add homelab.no repository

OPNSense/core f086f8csrc/opnsense/scripts/netflow flowd_aggregate.py

flowd aggregate, minor bug in commit counter, leading to single row commits after row # 
100k

OPNSense/core dff8692src/etc/inc authgui.inc, src/opnsense/mvc/app/models/OPNsense/Core ACL.php

system: address CVE-2019-11816 privlege escalation bugs

Reported by: Arnaud Cordier

(cherry picked from commit 03c75f71be88d4d2d930c217377b5ff23f0ecae7)

OPNSense/core 03c75f7src/etc/inc authgui.inc, src/opnsense/mvc/app/models/OPNsense/Core ACL.php

system: address CVE-2019-11816 privlege escalation bugs

Reported by: Arnaud Cordier

OPNSense/core 28ed574src/opnsense/scripts/netflow get_timeseries.py, src/opnsense/scripts/netflow/lib/aggregates __init__.py

netflow, make sure get_timeserie_data() returns string type objects in stead of bytes, to 
prevent 
https://github.com/opnsense/core/commit/17e4e9c0fca9b1dddd84b674ed0c63b62e198db0#commitcomment-33587137

we might find some other small type interpretation differences, but the bumpiest seems to 
be gone now.

OPNSense/core 2bdc74bsrc/opnsense/scripts/netflow dump_log.py

netflow, switch dump_log.py script to python3

OPNSense/core 3d1617bsrc/opnsense/scripts/netflow get_timeseries.py

netflow, minor type issue, parameter received as bytes in get_timeseries.py

OPNSense/core 918e467src/etc/rc.d flowd_aggregate

netflow, fix rc script for flowd_aggregate

OPNSense/core 31982e2src/opnsense/scripts/netflow flowd_aggregate.py, src/opnsense/scripts/netflow/lib parse.py

netflow, migrate flowd aggregator to python 3

OPNSense/core 0b40897src/www services_dhcpv6_edit.php services_dhcp_edit.php

Fix dhcp leases help text (#3488)


OPNSense/core 6b3ac6asrc/etc/inc/plugins.inc.d ipsec.inc

ipsec: always reset to defaults; closes #3486

(cherry picked from commit 6cd82973ec49ebb5860323a686704a1bba744fcd)

OPNSense/core 17e4e9csrc/opnsense/scripts/netflow/lib parse.py

netflow, aggregator replace flowd with our new implementation

OPNSense/core 8aecf38src/opnsense/scripts/netflow/lib flowparser.py

netflow, log parser. for backwards compatibility add copy of recv_sec field in recv

OPNSense/core 6cd8297src/etc/inc/plugins.inc.d ipsec.inc

ipsec: always reset to defaults; closes #3486