OPNSense/core fb4a9besrc/www status_dhcp_leases.php

dhcp/leases, forgot to replace from-to with address range min, max. for 

OPNSense/core 446caa9src/www status_dhcp_leases.php

dhcp/leases, simplify interface lookup and make it more consistent. should fix 

OPNSense/core 9b63e33src/etc/inc/plugins.inc.d dhcpd.inc, src/www services_dhcp.php

Merge branch 'clystron-dhcp_failover_params'

OPNSense/core 7a15556src/etc/inc/plugins.inc.d dhcpd.inc, src/www services_dhcp.php

minor cleanups for https://github.com/opnsense/core/pull/3484 and handle 0 values.

OPNSense/core f886e4dsrc/etc/inc/plugins.inc.d dhcpd.inc, src/www services_dhcp.php

Merge branch 'dhcp_failover_params' of https://github.com/clystron/core into 

OPNSense/core 8b22eeb. Makefile

pkg: move python dep to 3
+2-21 files

OPNSense/core f772b4esrc/sbin pluginctl

system: reduce diff vs. stable
+1-11 files

OPNSense/core 2603519src/www status_openvpn.php

openvpn: revamp status page
+205-2001 files

OPNSense/core 98abca9src/etc/inc services.inc, src/etc/inc/xmlrpc service.inc

system: rename a number of service-related functions

OPNSense/core c5edf13src/www diag_logs_common.inc diag_logs_proxy.php

Squid log webUI in readable date format #1831 (#3326)

(cherry picked from commit 1c1b8bcac95b07e0c63b95519d139273968d1ef6)
(cherry picked from commit 8fe295f70ece19df4cdbb345982f797dd241c71a)

OPNSense/core a4a86dasrc/opnsense/service/conf/actions.d actions_captiveportal.conf

captiveportal, use "onestop" to stop captiveportal, when there's no zone configured "stop" 
would be skipped since the service is disabled. issue seems to be introduced in 

(cherry picked from commit 10108b0615d53640d55ad7b47a77464ba0bbdce3)

OPNSense/core 3fb81e0src/www diag_confbak.php

system: restyle config backup page
+147-1331 files

OPNSense/core b7076ccsrc/www firewall_nat_edit.php firewall_nat.php

filter, port forward. support multiple interfaces per rule, when used and an automatic 
filter rule association is created it will be set as "Floating" + quick. closes 

(cherry picked from commit 7af64730812680b63d95bb4c8d512e9ed6313615)

OPNSense/core fe34833src/etc/inc system.inc

system: stop using a lock around resolv.conf handling #2267

This might kill a bit of delay in function use by doing an atomic
move to update resolv.conf.  Even if several instances are running
at the same time the contents of the file will be the same now.

I don't expect issues with the DNS route updates either: even if
they are removed or added twice, they will always end up being there.

(cherry picked from commit 5f4315c40ceeb6a9235cdaa4e5d758b777f72b1f)

OPNSense/core 1963974src/etc/inc authgui.inc, src/www index.php

system: login not using cache-safe image yet

(cherry picked from commit 65e31e7bbf125ccb7a58c091c1f8a62231bc0f68)
(cherry picked from commit aa9c83571fb7fcd34b51550e10cb1414b55e97d4)

OPNSense/core 6a0abf0src/opnsense/mvc/app/library/OPNsense/Auth LDAP.php, src/www system_authservers.php

auth / ldap, add group sync

PR: https://github.com/opnsense/core/issues/3471

(cherry picked from commit 5f743941754294bd2651616484c8b97cf53ae26a)
(cherry picked from commit ccdd7f65860bb3e2fc991fb1039011fee49adcac)
(cherry picked from commit 24b90841d16bb9f2ab2dcadf57abf83c11b23c3c)
(cherry picked from commit 1d7f87352819e162fe8a3645f7df195cd4c92016)

OPNSense/core 855c687src/opnsense/service/templates/OPNsense/Auth sudoers, src/www system_advanced_admin.php

system: allow an arbitrary group for sudo like ssh login; closes #3407

(cherry picked from commit 6e727e43d2fde40e9d23ed3554c0404eb4ef153a)

OPNSense/core 95b4ae2src/www diag_logs_common.inc

OPNSense/core 255e9b7src/sbin pluginctl

system: add pluginctl -s support

For legacy components route -s option through plugins_services()
to get a list of services that can be controlled like the GUI
controls.  E.g.:

    # pluginctl dhcpd [start|stop|restart]

PR: https://forum.opnsense.org/index.php?topic=12781.0
+48-191 files

OPNSense/core 10108b0src/opnsense/service/conf/actions.d actions_captiveportal.conf

captiveportal, use "onestop" to stop captiveportal, when there's no zone configured "stop" 
would be skipped since the service is disabled. issue seems to be introduced in 

OPNSense/core 4175a45src/opnsense/scripts/netflow/lib flowparser.py

system: fix netflow lib permission

OPNSense/core 283d62asrc/opnsense/mvc/app/controllers/OPNsense/Core/Api/repositories opnsense.xml

Add homelab.no repository

OPNSense/core f086f8csrc/opnsense/scripts/netflow flowd_aggregate.py

flowd aggregate, minor bug in commit counter, leading to single row commits after row # 

OPNSense/core dff8692src/etc/inc authgui.inc, src/opnsense/mvc/app/models/OPNsense/Core ACL.php

system: address CVE-2019-11816 privlege escalation bugs

Reported by: Arnaud Cordier

(cherry picked from commit 03c75f71be88d4d2d930c217377b5ff23f0ecae7)

OPNSense/core 03c75f7src/etc/inc authgui.inc, src/opnsense/mvc/app/models/OPNsense/Core ACL.php

system: address CVE-2019-11816 privlege escalation bugs

Reported by: Arnaud Cordier

OPNSense/core 28ed574src/opnsense/scripts/netflow get_timeseries.py, src/opnsense/scripts/netflow/lib/aggregates __init__.py

netflow, make sure get_timeserie_data() returns string type objects in stead of bytes, to 

we might find some other small type interpretation differences, but the bumpiest seems to 
be gone now.

OPNSense/core 2bdc74bsrc/opnsense/scripts/netflow dump_log.py

netflow, switch dump_log.py script to python3

OPNSense/core 3d1617bsrc/opnsense/scripts/netflow get_timeseries.py

netflow, minor type issue, parameter received as bytes in get_timeseries.py

OPNSense/core 918e467src/etc/rc.d flowd_aggregate

netflow, fix rc script for flowd_aggregate

OPNSense/core 31982e2src/opnsense/scripts/netflow flowd_aggregate.py, src/opnsense/scripts/netflow/lib parse.py

netflow, migrate flowd aggregator to python 3

OPNSense/core 0b40897src/www services_dhcpv6_edit.php services_dhcp_edit.php

Fix dhcp leases help text (#3488)

OPNSense/core 6b3ac6asrc/etc/inc/plugins.inc.d ipsec.inc

ipsec: always reset to defaults; closes #3486

(cherry picked from commit 6cd82973ec49ebb5860323a686704a1bba744fcd)

OPNSense/core 17e4e9csrc/opnsense/scripts/netflow/lib parse.py

netflow, aggregator replace flowd with our new implementation

OPNSense/core 8aecf38src/opnsense/scripts/netflow/lib flowparser.py

netflow, log parser. for backwards compatibility add copy of recv_sec field in recv

OPNSense/core 6cd8297src/etc/inc/plugins.inc.d ipsec.inc

ipsec: always reset to defaults; closes #3486

OPNSense/core 5eef724src/opnsense/scripts/netflow/lib flowparser.py

netflow, flow log parser improvements

- faster / cleaner ipv4 conversion
- ipv6 conversion in compressed format, which equals flowd previous output
- unpack source and dest ports

OPNSense/core 0bdbdf7src/opnsense/scripts/netflow/lib flowparser.py

netflow, improve log parser performance, cache some calculations.

In theory we could probably increase performance even more by limitting the number of 
calls to struct.unpack, but this will make it more difficult to read.
This version is about 30% faster then the original C version shipped with flowd.

Some more testing todo, but preliminary results look good.

OPNSense/core 93f7cffsrc/opnsense/scripts/netflow/lib flowparser.py

netflow, flowparser.py performance improvement in parsing ipv4/ipv6 addresses.

OPNSense/core 8226709src/etc/inc/plugins.inc.d dhcpd.inc, src/www services_dhcp.php

added failover_split parameter, there is still an issue with proper
handling of 0 as non-default
added hint to failover_peer help that the leases-file will be deleted on

OPNSense/core 4ad677b. plist

pkg: fix plist
+1-01 files

OPNSense/core a99d1ecsrc/opnsense/scripts/netflow/lib flowparser.py

netflow, minor type issue in previous

OPNSense/core 7e55ef5src/opnsense/scripts/netflow/lib flowparser.py

netflow, work in progress pure python replacement to parse /var/log/flowd.log files

OPNSense/core aa9c835src/www index.php

dashboard: use cache_safe() for last unprotected logo instance

Placement is debatable here, but for the sake of consistency
do it like all the other spots already do.  It's cool.
+5-11 files

OPNSense/core 18cf159src/opnsense/scripts/systemhealth activity.py fetchData.py

system: switch only python3.6 usage to python3 symlink

OPNSense/core b1bf871. plist, src Makefile

python3, add symlink to default python 3, closes 

(cherry picked from commit 8bb082ab9042cbf39f362471494f108d68d1a867)
(cherry picked from commit 297d8ddd9d5218f6407fb497b496892d7f37d14d)

OPNSense/core ecd5ac9. Makefile

make: speed up `upgrade' by not doing compression

(cherry picked from commit 3a59bec6a95a4b8c2a77ad8bf4354dc6311e9d13)
(cherry picked from commit 61ebecddfb8b391e7b8bcf9eb2823598194dd373)
(cherry picked from commit 28f87839f2c2e473b34fad4400bff0e6e9ada234)
+11-41 files

OPNSense/core 28f8783. Makefile

make: LOCALBASE should be used
+1-11 files

OPNSense/core a766639Scripts/development crawl_legacy_deps.py inspect_function_usage.py, Scripts/development/lib legacy_deps.py __init__.py

cleanup, remove some helpers that where useful back in 2015 to search dependencies in 
legacy files. Don't want to upgrade them to python3, since we don't use this anymore.

(cherry picked from commit 413d4f1aa3a7d80ca291f523880ab30ae39d2d97)

OPNSense/core c3aa701. plist

pkg: remove unused file
+0-11 files

OPNSense/core 1dfc0e2src/opnsense/scripts/OPNsense/CaptivePortal listClients.py overlay_template.py, src/opnsense/scripts/OPNsense/CaptivePortal/lib db.py

CaptivePortal, convert scripts from python 2 --> 3