pfSense

Always do rquery when pkg search is not used

Fix #7946: Display installed packages missing on remote repo to let user to delete it

Also kill off sshlockout_pf processes when restarting syslogd. Fixes #7984

Several corrections to service sorting to produce output consistent with user expectations. Fixes #8069

Provide mechanism to allow for transition to a new package repository server

Add the XML tags to support the switch entries.

When crafting the CA subject for ipsec.conf, handle component values that are arrays. Fixes #7929

When ntp is bound to specific interfaces, disable listening on wildcard. Fixes #8046

Add an option for LDAP servers to use the global root CA list as a peer CA. Fixes #8044

Disable HSTS for captive portals

Add option to disable HSTS for nginx (Bug #6650)

Add option to disable HSTS for nginx (Bug #6650)

Crudely fixed #7786 by eliminating check of parent bandwidth when children are sepcified in %

Merge pull request #3857 from PiBa-NL/20171022-pf-wait-dont-wedge

Merge pull request #3859 from PiBa-NL/20171031-xmlrpc-encodedspace

Merge pull request #3860 from PiBa-NL/20171031-config-backup-check-exception

pf, retry pfctl -f rule loading when pf is 'busy', don't try and fail to force -d -e as that would also fail at this point in time.

Merge pull request #3858 from nagyrobi/patch-25

config, xmlparse throw exception instead of calling die(), so corruption check will properly handle the unlink action of the corrupted config

Fix handling of wildcard CN/SAN entries in certificates. Fixes #7994

Fixed #8035

(cherry picked from commit 9c4e7fd3e155d08911feb0afc527af21d79ce917)

xmlrpc, fix usage of space and + character that need different encoding

Update the system sysctls to not harvest data from interrupts, point-to-point interfaces and ethernet devices.

The sysctl names changed in FreeBSD 11.

Make is_ipaddrv6() compatible with is_ipaddrv4().

Only the IP address must be accepted, address with netmasks do not qualify.

Ticket #8024

Do not display logo.css as a valid theme

Fix #7984: Make sure sshlockout_pf stops when syslogd stops

Fix typo in function name: insterface_is_qinq -> interface_is_qinq

Fix a typo.

Allow the use of mbuf tags to set the VLAN pcp on output packets.

This is necessary for use with the pf 'set prio'.

Ticket #7973

added a string SESSION_TIMEOUT to be returned when a widget times out

The members of a LAGG cannot be assigned, used in VLANs, QinQ, or PPP.

This commit removes the LAGG members from the list of available interfaces.

Do not allow direct download of .inc files (unparsed PHP source). Fixes #8005

Do not return QinQ interfaces in the physical interface list.

Fix the interface_is_vlan() function.

It now works when only QinQ VLANs exist in the system.

Do not attempt to change the MAC address when the interface do not store the vendor MAC address.

Fix a bug in interface_is_vlan(), only check QinQ interfaces when they exist.

Do no set the MAC address for LAGG interfaces.

Ticket #7928

Merge pull request #3811 from trunet/add-cloudns-to-dynamicdns

Interface description doesn't fit the console screen

Strip 2 more chars from interface description because with the new font used by 2.4 it goes off screen on VGA console.

Fix the netgraph path for VLAN interfaces.

Fix #7981: Convert PPP ports interface names to new VLAN notation using dots

Stop using hostuuid as serial

Recognize the first level tag of QinQ interfaces as standard VLANs.

Use the new function to validate the VLAN tags.

Fix the QinQ support.

Bring the QinQ support to the VLAN dotted format.

To avoid breaks third party software (such as dhcpd), we silently ignore the interfaces with names bigger than the maximum size in FreeBSD.

Ticket #7942

add cache busting to css using last modified timestamp

Use pkg-static binary to prevent errors when moving to new major FreeBSD version

Do not reconfigure wireless on a link up event, or else it can get stuck in a loop. Fixes #7960

Fix 7868 - Allow to enable hostres on all platforms after fix on FreeBSD-src

Use hostapd / wpa_supplicant from ports when available

Change the VLAN inteface names to use the 'dotted' format of FreeBSD, which is shorter and helps to keep the interface name smaller than the limit (16).

This fixes the 4 digit VLAN issues when the NIC name is 6 bytes long.

Ticket #294

Allow both AES-NI and Crypto modules to be loaded at the same time. Fixes #7810

Merge pull request #3821 from PiBa-NL/20170916-bsnmp-hostrest-check

Change OpenVPN to retry client auth when it fails by default, rather than making the process exit which confuses users. Fixes #7506

Merge pull request #3826 from doktornotor/patch-5

Unbound Serve expired

Serve expired – Records stay in cache after TTL expires, with a TTL value of 0, if a new lookup is requested the cached record will be served for maximum performance, but at same time the resolver will ask for a new value from upstream to refresh the value and TTL.

Fix #7949

Add UEFI 32 and UEFI 64 filenames defined inside a pool to dhcpd.conf

snmpd, hostres cpu usage on virtual environments that have a virtual cd drive seems to happen on most (all?) hypervisors.

Break from the loop when we run out of interfaces in console 'Assign Interfaces'.

Merge branch 'master' into add-cloudns-to-dynamicdns

Use include() to add logo content and use complete path

update svg logos to pull from file

Detect XG-1537

Revert "Do not associate IP and MAC on down table. It should help #7813 and #7833"

This reverts commit aa61ecfde0952ed1c3a035ac9489f5a5f9c51425.

Do not associate IP and MAC on down table. It should help #7813 and #7833

Revert "Update translation files"

Bad commit log

This reverts commit ff8d44d194b6a5ada8fcd2aafe8c7ec358a7adae.

Update translation files

Unbound - allow snoop from localhost

dig +trace fails without this, which is super annoying for debugging/diagnostics/benchmarking or whatever similar purposes. Allowing both recursive and non-recursive queries should be of no security concern as long as it's localhost-only.

Fix #7834: Delete IPFW pipes when disable Captive Portal zone

Remove correct file

Ticket #7834: Add missing global declarations

SNMP, check for several hypervisors that cause hostres module high cpu usage
also skip setting it in the bnsmp config when such platform is detected without needing the user to save settings again

Remove the previous 'no_dad' workaround now that if_stf is fixed.

Partly revert b76e0baebb70775b192507ec18f523141800ce95.

If /boot/loader.conf is not presetn check /boot/loader.conf.local.

Move this file_exists test inside the dpinger status check loop and also suppress PHP errors from stream_socket_client()
Both are done to avoid a race where the status file can be missing and the status check fails, resulting in an alert/crash report.

Fix incorrect function name/typo. Ticket #7719

(cherry picked from commit 48c4a0ea0958c0820f6caab2bf5182967114ac58)

Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854
Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.
While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display.

Fix #7719

When Dynamic DNS entry uses a gateway group as interface,
return_gateway_groups_array() will be called and it returns real
interface instead of friendly name, as expected. Take both friendly and
real interface name into consideration.

Merge pull request #3763 from PiBa-NL/20170624-apinger-initialize

Add a field to pick a digest algo when signing a CSR, otherwise it ends up with SHA1. Fixes #7853
While here, add the cert serial number and sig digest type to the info block for each cert.

Use the full CA chain when sending an LDAP SSL query. Fixes #7830
While here, fix a couple more ldap_start_tls() calls that need a preceding @.

Restore bad username or password message

Don't print a PHP error if LDAP STARTTLS fails.

dyndns: Adding support for ClouDNS (https://www.cloudns.net)

Bump config revision, fix comment. Ticket #7809

Setup upgrade code for wireless interfaces to the new format needed for 2.4, and switch rc.bootup so the config upgrade happens before a mismatch test, otherwise we can't fix this type of situation. Fixes #7809

Correct typo. Fixes #7802

If the user chose to have DDNS Hostnames forced, respect that in the backend code for static map IPv6 hosts. Fixes #7324

Add French to GUI

Add Polish to GUI, it's over 75% complete

Merge pull request #3795 from PiBa-NL/20170808-hfsc-no-prio

Merge pull request #3799 from marjohn56/Unbound-start-delay

Do not use reference to avoid losing data

Always run additional_config_upgrade() and do it after config is written

Fix indent/space

Check if specific config upgrade code already ran and skip it

Add a function to be called every time convert_config() runs

Refresh cache every 2h when using GUI

Unset workaround used to set cronjob on 2.3.x

Put the FQDN first in /etc/hosts to make dnsmasq happy when reverse resolving hostnames. Make a special exception for localhost. Fixes #7771