pfSense

add an option to the DHCP server to disable the ping check feature

Update copyright notices to 2019. Happy New Year

Ensure IPsec P1 entries have a 'protocol' value. Fixes #9207

#9096 - updated login title

Merge pull request #4019 from GrantSheehan/master

Fix nginx resolver handling when a cert needs OCSP stapling. Fixes #9160

Fix DigitalOcean DynDNS client

Fixes the check on the return value since it's been updated to use
HTTP/2 syntax. Also adds logic to allow using `@` to denote updating the
root domain A record as well.

Fixed regression where calling station id was removed from openvpn

Fix NPt validation to allow single addresses. Fixes #9163

Add Korean to the list of available languages

Do not call interfaces_vlan_configure() every time an interface is edited in GUI.

This is just necessary when a parent interface is changed and we have to propagate the changes to all clones (MTU, FLAGS and others).

Add a logic to detect when a parent interface is changed and only then call interfaces_vlan_configure()....

Make the WF2Q+ the default scheduler for the dummynet limiters.

The WF2Q+ was the default scheduler in previous versions, it is well tested and support dynamic queues.

Add a note for the FIFO scheduler to make clear that it does not support dynamic queues (by design) and as such, it is working as intended....

Fix #9121: Initialize arrays to prevent PHP 7 errors

Fix #8465: Preserve default gw when switch to BACKUP

interfaces_carp_set_maintenancemode() calls interface_carp_configure()
to each configured CARP and it ends up reconfiguring completely the
interface when it's not necessary.

Add a new parameter $maintenancemode_only to interface_carp_configure()...

Break long lines

Merge pull request #4016 from Augustin-FL/captiveportal-spelling

Merge pull request #9131 from Augustin-FL/patch-accounting

Fix few spelling issues
Ticket #9134

Send MAC address as username if radmac is used for connecting an user
Ticket #9131

Init various arrays in easyrule before use with references. Fixes #9119

Remove obsolete OLSRD code. Implements #9117

Always configure VTI routes when setting up the interface. Fixes #9116

Fix previous regex. Issue #9106

Replace '.' in radius name for strongSwan. Fixes #9106

Fix #9102: Suppress stream_select() undesired warnings

Add 0.0.0.0/0 to VTI left/rightsubnets. Fixes #8859

No negative feedback from testing, time for a wider push.

This helps with third party devices that require 0.0.0.0/0 to route
traffic on a VTI P2.

Add checkbox to disable SMTP SSL cert verification. Implements #9001

The default action is to validate the certificate. If the user knows the
server does not have a valid certificate (e.g. self-signed), this option
will allow encryption to be used without validating the identity of the...

If the cert date is negative, use DateTime instead of date. Fixes #9100

Prevent CRL from using too large a lifetime on ARM. Fixes #9098

Prevent log size from being too large, which breaks clog. Fixes #9081

Make MBT prefer video console. Fixes #9094

Avoids foot-shooting by restoring a config with serial enabled.

Use EFI console when needed. Fixes #8978

Fix 9086: Remove gettext() from all 'Local Databases' strings

Skip empty IPsec P1 during upgrade to 17.5. Fixes #9083

Fix #8864: Let users modify sshguard parameters and whitelist

Initialize package arrays before use. Fixes #9067

Fix processing of the 'all' group. Fixes #9051

All the 'all' group to the list of groups at the end, rather than the
start. This way it will be considered no matter how users login. This
also fixes issues some users had with the original changes.

Validate and protect powerd option values. Fixes #9061

Use the fw domain for DNS search when no other choices exist. Fixes #9056

Strictly define the EAP Identifier for custom local client entries. Fixes #9055

Merge pull request #3987 from PiBa-NL/20180920-apinger-wait-for-terminate

Merge pull request #4000 from Augustin-FL/patch-cp-3

Consider the "all" group when determining privileges. Fixes #9051

Fix Limiter validation check, which allows old queues to display. Fixes #8956

The AQM defaults to droptail when empty, but empty was being rejected as
invalid even though it was handled in the code.

Show nvme controllers in SMART list. Fixes #9042

Revert "Show nvme devices in SMART disk list. Fixes #9042"

This reverts commit bdb6021f79f222b2c7d732436800e96cb34ea973.

Show nvme devices in SMART disk list. Fixes #9042

ssh settings upgrade fixes

Restore the RADIUS NAS ID option to Captive Portal. Fixes #8998

Keeps the default of using CaptivePortal-<zonename> when not set,
otherwise uses the value supplied by the user as with older versions.

generate a flag even if trying to perform RADIUS MAC authentication on a non-RADIUS server.

Implement login fallback for RADIUS MAC authentication

Include zone name in Nas-Identifier

Clean up test for CDATA tags and add common_name. Fixes #9006

Fix erroneous hostname error for Custom IPv6. Fixes #8977

Supersede the DHCP MTU when advanced options are present. Issue #8507

Prevent a reference error w/o rules in the config. Fixes #8993

ssh settings alignment. Fixes #8974

Remove redundant settings stored in the wrong place
Store all ssh settings in the same place
Initialize this array before use

Merge pull request #3986 from 9Lukas5/master

Merge pull request #3984 from luckman212/gwlb-log-spew

Added scheduled config backup
Fixed: #8947

garga changes
move conditional before platform_booting
and join w && instead of indenting

gateway monitoring, wait for apinger to terminate or remove its pid file when restarting it.

enable ip send for FreeDNS DynDNS update

without this, only legacy IP records get updated correctly.

redmi ticket: https://redmine.pfsense.org/issues/8924

Add missing regex to validate serial

Use all possible kenv variables to detect serial

Fix #8910: Restore older versions behaviour and consider 'wan' interface as primary default gateway

reduce the tons of log spew that currently spit out during boot
and gateway failure events. Try to make the logs readable again,
while still allowing verbose logging if needed via a new hidden
config option:

['system']['gw-debug']

Fix #8911: Keep configured pkg repository when restoring config

Fix an obvious mistake.

Reported by: stevew
Ticket: #8906
Pointy-hat to: loos

Always pass the $local variabled to load_loader_conf(), it makes the code easier to read.

Sync the know variables with factory.

Filter properly the know variables in loader.conf.

The know variables should be used as prefix not as literals.

Fixed #8880

Merge branch 'master' of gitlab.netgate.com:pfsense/pfsense

Fix a PHP error when upgrading gateways

Revise async_crypto setting

Make async_crypto explicit enabled/disabled rather than current isset

Move IPsec VTI interface cleanup list. Fixes #8858

Generate the cleanup list before the P1 loop but after the initial
interface configuration.

Use safe_mkdir() for IPsec dirs. Fixes #8856

Simplifies the process of making IPsec dirs, though it may not correct
the original reported issue since that appears to be a disk problem,
it's still better/safer than what was done here before.

Fix #7694: Replace sshlockout_pf by sshguard

Missing line to fix #8850

Allow packages to opt out of a forced start. Fixes #8850

If a package performs its own service start during its sync process,
then add <starts_on_sync/> to its service definition in the package XML
file. Then when rc.start_packages is called, the forced start will not...

Fix Minnowboard Turbot model names. SG-2320 -> MBT-2220, SG-2340 -> MBT-4220

$wancfg is not a reference to $config. Set $random_mac properly on config and break long lines while here

Revert ticket #1337

FreeBSD is not happy with simple set VLAN to use a different MAC
address. Revert it for now and prevent users to change VLAN interface
MAC address.

Fix some integer assumptions with calculate_ipv6_delegation_length()

Implement #1335:

Let VLANs to have a different MAC address than its parent.

While here also fixes #8138 and do not ignore <spoofmac> for interfaces
without hwaddr field

Merge pull request #3974 from Augustin-FL/patch-passthrough

Merge pull request #3973 from PiBa-NL/20180821-getarraybyref

Fix syntax and use unlink_if_exists()

Merge pull request #3965 from Hobby-Student/master

Fixed #8823

Add the GUI support to set the VLAN Priority for the DHCP requests.

Ticket #7425

Automatically store username of the MAC created pass-through

Handle HTTP_REFERER better when changing IP addr. Fixes #8822

Fall back to probing active interface addresses rather than config.xml to allow changed addresses that have not yet been applied.

Add a missed case for auth source detection. Fixes #8817

add getarraybyref() utility function for general use (used also to avoid php7 'Cannot create references to/from string offsets' messages)

Certs: Fix CA subject assumptions. Fixes #8801

Several areas made assumptions about the number and order of CA subject
fields that were no longer correct after issue #8381 was corrected.

While here, also remove some outdated references to fields that are no...

on arm and arm64 machines, set kern.shutdown.secure_halt = 1

the arm systems leave enough running after halt to forward packets.
this is a bad thing. on arm systems, set this sysctl so that when
a halt command is issued, it is severely stopped and no packet...

User login source & proxy fwd addr to user data. Fixes #8813 Fixes #8816

While here, use this info more consistently across log messages and
places where user info is recorded when making changes.