pfSense

Remove the previous 'no_dad' workaround now that if_stf is fixed.

Partly revert b76e0baebb70775b192507ec18f523141800ce95.

(cherry picked from commit dad3885f9f5afbe0768387527122a885414dd3bc)

Populate more default values in the OpenVPN configuration generated by the wizard and rearrange some options so there is less of a difference when editing the configuration for the first time. Fixes #7864

Do not show group privilege controls unless the user is editing an existing group. Fixes #7865

(cherry picked from commit 7af38087fef168f213c6880c6782153630c13386)

Fixed #7728
Revised enabled/disabled diplay to match other firewall pages

(cherry picked from commit 25b82b200de7e846066bef3c6a3918592527763f)

Implements PR170013 - Revise setup wizardwording and links

(cherry picked from commit d8455e10d71ab90b7faa96bc1748fa761e7a4166)

If /boot/loader.conf is not presetn check /boot/loader.conf.local.

(cherry picked from commit 4ff3adec7a6bdd6d87cc5eeae2b1039954ee5ce2)

Move this file_exists test inside the dpinger status check loop and also suppress PHP errors from stream_socket_client()
Both are done to avoid a race where the status file can be missing and the status check fails, resulting in an alert/crash report.

(cherry picked from commit 59104a6ff6c862482eddb9696fd8d22dec89052e)

Fix incorrect function name/typo. Ticket #7719

Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854
Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.
While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display....

Fix #7719

When Dynamic DNS entry uses a gateway group as interface,
return_gateway_groups_array() will be called and it returns real
interface instead of friendly name, as expected. Take both friendly and
real interface name into consideration.

gateway monitoring, give apinger some time to properly 'initialize' before using its results

(cherry picked from commit 29fa6f0f46ba039a67a93c00a08bcaecc3935b78)

Update translation files

Regenerate pot

Add a field to pick a digest algo when signing a CSR, otherwise it ends up with SHA1. Fixes #7853
While here, add the cert serial number and sig digest type to the info block for each cert.

(cherry picked from commit aec3a259271be5dae63b148a48b7778c0cd0660e)

Remove /root/force_growfs after use it

Use spaces in the write_config() message to prevent text wrapping issues in webGUI

See https://redmine.pfsense.org/issues/6363

(cherry picked from commit 8cb29dac04283045f82303c2ee1d2f772299d238)

Use the full CA chain when sending an LDAP SSL query. Fixes #7830
While here, fix a couple more ldap_start_tls() calls that need a preceding @.

(cherry picked from commit ff500c90646c8db5abe77d7efb02c7d191df6902)

Restore bad username or password message

(cherry picked from commit ca44a37cad5e905e3a76b6ce862de6ec5d3bcb06)

Fixed #7827

(cherry picked from commit 634d68709128495b22caffef36f9351e3361e2ff)

Don't print a PHP error if LDAP STARTTLS fails.

(cherry picked from commit b2c7a79c5ff8eefda4b19cf2718056c1ba6c12ca)

Update translation files

Regenerate pot

Partially addresses #7805
Bios date and version check date formats now match other timestamps on the dashboard

(cherry picked from commit fddb73c70c6a2a76332b03fb75c857368a280219)

Merge branch 'RELENG_2_4_0' of gitlab.netgate.com:pfsense/pfsense into RELENG_2_4_0

Fixed #7811

(cherry picked from commit 1562b46aaaa0e402cb3b253d85aae734d4677dec)

Bump config revision, fix comment. Ticket #7809

Setup upgrade code for wireless interfaces to the new format needed for 2.4, and switch rc.bootup so the config upgrade happens before a mismatch test, otherwise we can't fix this type of situation. Fixes #7809

Fixed #7804 Replace Math.trunc with Math.floor to make IE happy

(cherry picked from commit a1c3244c96b033891136ff2d95be61500a720231)

Captive portal: fix idle times in details popup

Explicitly cast $idle_time to integer.

(cherry picked from commit 07df3494bd9a508e568b4ae999369ec8b2d14ec2)

Update system_update_settings.php

Tidied the Dashboard update settings text

(cherry picked from commit c2fae874e64753eb113dc0618927d9042881fd39)

Correct typo. Fixes #7802

(cherry picked from commit 61a8cc10858e49051a6976ccc7464ec34fd3ffce)

Update translation files

Regenerate pot

Fixed #7787
Always make an IPSec mobiles table, even if none have been configured. Prevents JS null value
error message on console

(cherry picked from commit 75863a79705fccce21b7e0d0312ce1ef0b0985be)

When saving a GIF interface, do not allow the user to enter a subnet directly in the address box. The subnet is determined by the "GIF tunnel subnet" drop-down. Fixes #7789

(cherry picked from commit 6d028dc26c129ce1b0b25551142819772664f1e5)

fixed #7795
By changing var name to no longer conflict with ipsec widget

(cherry picked from commit 3ed475b11dfcb2999a71195987495ccf05808127)

If the user chose to have DDNS Hostnames forced, respect that in the backend code for static map IPv6 hosts. Fixes #7324

(cherry picked from commit bad77fc0aca53e560710eaa75b3de198d7edb8f3)

Add French to GUI

Update translation files

Regenerate pot

Fix JSON format for mobile IPSec data per Kill Bill (Thanks!)

(cherry picked from commit ce3a6cfd365f171f6ffff86024a16dabb26803c8)

Time to go for 2.4.0-RC

Remove dashboard update period stuff

No longer experimental so comment removed

Add Polish to GUI, it's over 75% complete

Update translation files

Regenerate pot

Widget comment edit

Re-write CPU usage calculation to avoid sleep in AJAX call

Speedup package related calls to get_pkg_info() since now we have a script that update metadata periodically

Merge pull request #3795 from PiBa-NL/20170808-hfsc-no-prio

Merge pull request #3799 from marjohn56/Unbound-start-delay

Merge pull request #3796 from eyJhb/master

Fixed #7625

Do not use reference to avoid losing data

Always run additional_config_upgrade() and do it after config is written

Fix indent/space

Check if specific config upgrade code already ran and skip it

Add a function to be called every time convert_config() runs

Hide dashboard update period control. No longer needed with central refresh system

Convert firewall log widget to centralized refresh system

Use central refresh system for dyndns widget

Refresh cache every 2h when using GUI

Make sure pfSense-upgrade return code is obtained instead of tail's one

Unset workaround used to set cronjob on 2.3.x

Converted thermal sensor widget to use central refresh system

ipsec widget converted to JSON formatted refresh

Put the FQDN first in /etc/hosts to make dnsmasq happy when reverse resolving hostnames. Make a special exception for localhost. Fixes #7771

Revise error page to comply with login page style

Comment typos

Fix a couple of 'route: writing to routing socket: Invalid argument' warnings during the boot.

Use the correct variable and only add the route when the hostname is resolved (if the remote address is a hostname).
route: writing to routing socket: Invalid argument

Do not run the dpinger when the IPv6 address has the tentative flag even after the timeout.

Disable the DAD on the stf interface. This prevents the dpinger from start.

Fixed #7625
By:
Separating the source and destination onChange functions
Preventing the mask selector from being automatically updated if it is disabled
Simplifying the auto mask JavaScript

Refresh metadata before an upgrade

Spelling :(

Improve comments

Add AJAX version check

Show user when pkg metadata was updated

Update cache when GUI successfully update pkg metadata

Change refresh link to icon

Consider only last output line

Some systems - only one that I am aware of, complain that unbound is starting before dchp6 has completed leading to problems, this occurs only on boot.

Further examination did indeed show that the problem is caused by unbound starting before the dhcp6c - RTSOLD - rc.newwanipv6 have completed, making sure that these have all run before unbound is allowed to start corrects the problem....

remove old logo from default page

Speedup get_system_pkg_version() considering only installed packages

Use cache file to show pfSense version information

Save pkg update return code

Add a protection to prevent ending up with duplicate crontab entry

Revised Netgate Services and Support widget to use AJAX when refreshing the data

dyndns: changed CloudFlare to Cloudflare - correct spelling

Update translation files

Regenerate pot

Sort languages alphabetically (in English)

Add Dutch to GUI, it's over 75% complete

Run rc.update_pkg_metadata in background when repository changes

Remove dead code using in the past to migrate from pfSense-repo-devel to a single pkg called pfSense-repo

Make sure pkg metadata is updated at least once daily. It will be used to speedup GUI parts related to pkg update

dyndns: added password help text for cloudflare

Ensure the callback function exists before calling

gateway, ntp, and openVPN widgets updated