OPNSense/core 0db5c3bsrc/opnsense/mvc/app/controllers/OPNsense/Proxy/forms dialogEditPACRule.xml, src/opnsense/mvc/app/models/OPNsense/Proxy Proxy.xml

www/squid: add proxy sortable support for proxy lists

OPNSense/ports 8c4bef0. MOVED

Framework: sync with upstream

Taken from: HardenedBSD
DeltaFile
+0-2MOVED
+0-21 files

OPNSense/ports abe3805www/py-boto3 Makefile distinfo, www/py-boto3/files patch-setup.py

www/py-boto3: sync with upstream

Taken from: HardenedBSD

OPNSense/ports c6a96d6net-mgmt/netdata pkg-plist Makefile, net-mgmt/netdata/files patch-collectors_python.d.plugin_python.d.plugin.in netdata.in

net-mgmt/netdata: sync with upstream

Taken from: HardenedBSD

OPNSense/ports c830fa6net-mgmt/icinga2 distinfo pkg-plist

net-mgmt/icinga2: sync with upstream

Taken from: HardenedBSD

OPNSense/ports a598824www/p5-Mojolicious distinfo Makefile

www/p5-Mojolicious: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 40d8ebflang/ruby25 pkg-plist Makefile

lang/ruby25: sync with upstream

Taken from: HardenedBSD

OPNSense/ports a8f71e0security/py-cryptography Makefile distinfo

security/py-cryptography: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 552fc3bdevel/py-hypothesis distinfo Makefile

devel/py-hypothesis: sync with upstream

Taken from: HardenedBSD

OPNSense/ports c57a08asecurity/vuxml vuln.xml

security/vuxml: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 7a2f2eblang/lua53 Makefile

lang/lua53: sync with upstream

Taken from: HardenedBSD

OPNSense/ports ff7a2aceditors/mp/files patch-config.sh, editors/nvi-devel/files extra-patch-expandtab

*/*: sync with upstream

Taken from: HardenedBSD

OPNSense/core 68c574asrc/etc/inc gwlb.inc

gwlb.inc, an empty gateway group can cause "Warning: count(): Parameter must be an array 
or an object that implements Countable in /usr/local/etc/inc/gwlb.inc on line 757"

(cherry picked from commit a66852b433a4743676f2dc22f508c55b1f61d27f)

OPNSense/core ec1802bsrc/etc/inc interfaces.inc

interfaces: allow interfaces_addresses() to emit subnets #3355

(cherry picked from commit 986b2ad6d9ce88055b594a4b8a918378e236794b)
(cherry picked from commit ad8ee2f286cb136f3ea186929b4323a76d9f528f)

OPNSense/core 31a81c5src/etc/inc/plugins.inc.d unbound.inc

unbound: add OpenVPN to ACL by default; closes #3342

OPNSense/src bb9e423sys/netpfil/pf pf.c

pf: Ensure that IP addresses match in ICMP error packets

States in pf(4) let ICMP and ICMP6 packets pass if they have a
packet in their payload that matches an exiting connection.  It was
not checked whether the outer ICMP packet has the same destination
IP as the source IP of the inner protocol packet.  Enforce that
these addresses match, to prevent ICMP packets that do not make
sense.

Reported by:    Nicolas Collignon, Corentin Bayet, Eloi Vanderbeken, Luca Moro at 
Synacktiv
Obtained from:  OpenBSD
Security:       CVE-2019-5598
DeltaFile
+22-3sys/netpfil/pf/pf.c
+22-31 files

OPNSense/src a5becf7sys/netpfil/pf pf.c

pf: Ensure that IP addresses match in ICMP error packets

States in pf(4) let ICMP and ICMP6 packets pass if they have a
packet in their payload that matches an exiting connection.  It was
not checked whether the outer ICMP packet has the same destination
IP as the source IP of the inner protocol packet.  Enforce that
these addresses match, to prevent ICMP packets that do not make
sense.

Reported by:    Nicolas Collignon, Corentin Bayet, Eloi Vanderbeken, Luca Moro at 
Synacktiv
Obtained from:  OpenBSD
Security:       CVE-2019-5598
DeltaFile
+22-3sys/netpfil/pf/pf.c
+22-31 files

OPNSense/core 0e95b0f. LICENSE plist, src/etc rc.kill_states

interfaces: remove rc.kill_states

There's no real world evidence this works or is needed today.
We do have to other state kills / flushes now, one works and
the other may be defunct.  To progress this remove this arcane
script and if the need arises rewrite it as something portable.

See:      https://redmine.pfsense.org/issues/1629
Also see: https://redmine.pfsense.org/issues/2887

OPNSense/core b395ec0src/etc/inc interfaces.inc filter.lib.inc, src/etc/inc/xmlrpc legacy.inc

inc: whoops, different way of returning subnets #3355

OPNSense/core fe99a9bsrc/etc/inc xmlrpc.inc

xmlrpc: style sweep
DeltaFile
+22-24src/etc/inc/xmlrpc.inc
+22-241 files

OPNSense/core 39acde6src/etc/inc interfaces.lib.inc

interfaces: remove legacy_getall_interface_addresses(); closes #3355

OPNSense/core 9105280src/etc/inc filter.lib.inc interfaces.inc, src/etc/inc/xmlrpc legacy.inc

interfaces: remove remaining legacy_getall_interface_addresses() #3355

OPNSense/core 48e4fdesrc/etc/inc/plugins.inc.d unbound.inc

unbound: replace legacy_getall_interface_addresses() #3355

While here use a cheaper single lookup for all interfaces at once.

OPNSense/core ad8ee2fsrc/etc/inc interfaces.inc

interfaces: clear scope when emitting subnets #3355

OPNSense/core 986b2adsrc/etc/inc interfaces.inc

interfaces: allow interfaces_addresses() to emit subnets #3355

OPNSense/tools 3cfaeedbuild rename.sh

build/rename: typo in vm rename
DeltaFile
+2-2build/rename.sh
+2-21 files

OPNSense/tools e939ff8config/19.1 ports.conf

config: add py-speedtest-cli; closes #126

OPNSense/ports 266f8fasecurity/softether Makefile

security/softether: sporadic build issues

OPNSense/ports dcd235fsecurity/vuxml vuln.xml

security/vuxml: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 3b3c49baudio/murmur Makefile, audio/murmur/files murmur.in

*/*: sync with upstream

Taken from: HardenedBSD

OPNSense/core 193c0e9src/opnsense/mvc/app/views/OPNsense/Cron index.volt

system: remove stray empty line in cron volt

OPNSense/core 9e5d334src/etc/inc config.inc, src/opnsense/mvc/app/library/OPNsense/Core Config.php

Cleanup backups after saving in MVC

(cherry picked from commit 26f3d71662de4ec0b105bfa1d8ec6635000aa3f6)
(cherry picked from commit cfbaafb8d592c9ae0a1b6aeba7326733e679c0d1)

OPNSense/core 4a937e9src/www vpn_ipsec_phase1.php

IPsec, bug in https://github.com/opnsense/core/issues/2332  "installpolicy" should be set 
by default

(cherry picked from commit 8b8bbc3bc73c78b536a7bd3e83dcf22e490c1678)

OPNSense/core dc0f439src/opnsense/mvc/app/views/OPNsense/CaptivePortal index.volt

Captive portal, show message on save (settings need apply)

OPNSense/core 13fa8b9src/opnsense/mvc/app/views/OPNsense/IDS index.volt

IDS, show message on save (settings need apply)

OPNSense/core 1c5c40bsrc/opnsense/mvc/app/views/OPNsense/Firewall alias.volt

Firewall/aliases, show message on save (settings need apply)

OPNSense/ports ec57072opnsense/ifinfo Makefile, opnsense/ifinfo/files Makefile

opnsense/ifinfo: housekeeping

OPNSense/core 8b8bbc3src/www vpn_ipsec_phase1.php

IPsec, bug in https://github.com/opnsense/core/issues/2332  "installpolicy" should be set 
by default

OPNSense/ports f04c1baopnsense/filterlog Makefile, opnsense/ifinfo Makefile

opnsense: drop "Created by:" notation

FreeBSD has been abandoning it lately.  All the info is in the
repository anyway.

OPNSense/ports 5fe8a10Mk bsd.default-versions.mk, Mk/Uses kde.mk

Framework: sync with upstream

Taken from: HardenedBSD

OPNSense/ports d18bf61www/phalcon distinfo Makefile

www/phalcon: partially sync with upstream

Taken from: HardenedBSD

OPNSense/ports ef84c1dsysutils/xen-guest-tools Makefile

sysutils/xen-guest-tools: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 288dab7devel/py-botocore distinfo Makefile

devel/py-botocore: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 7e518c9www/p5-LWP-MediaTypes Makefile pkg-descr

www/p5-LWP-MediaTypes: sync with upstream

Taken from: HardenedBSD

OPNSense/ports fcae8dfdevel/phpunit7 distinfo Makefile

devel/phpunit7: sync with upstream

Taken from: HardenedBSD

OPNSense/ports de69eacdevel/pear-PHP_CodeSniffer distinfo Makefile

devel/pear-PHP_CodeSniffer: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 734ecc1shells/bash distinfo Makefile

shells/bash: sync with upstream

Taken from: HardenedBSD

OPNSense/ports fbfc94bdevel/py-hypothesis distinfo Makefile

devel/py-hypothesis: sync with upstream

Taken from: HardenedBSD

OPNSense/ports f8eeb32security/vuxml vuln.xml

security/vuxml: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 6aa310amisc/help2man Makefile distinfo

misc/help2man: sync with upstream

Taken from: HardenedBSD