Software-update: OPNsense 23.1.5

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 23.1.5 uitgebracht en deze versie gaat vergezeld met de volgende aantekeningen:

OPNsense 23.1.5 released

This moves MVC/API migration a bit further and fixes the radvd restart behaviour using SIGHUP which caused issues with the initial 23.1.4. Unbound gained wildcard domain blocking and its backend was further refactored and improved upon.

Here are the full patch notes:

system: timezone parsing issue for zones west of UTC using "-"system: migrate services page and widget to MVC/APIsystem: move web GUI service definition to correct filesystem: add service_by_filter() service search extensionsystem: pin down the auto-far gateway selection and routing log adjustmentssystem: prevent applying tunables which are already setfirewall: refactor alias update scriptsdhcp: bring back the SIGHUP handling of radvd due to fix upstreamipsec: replace status call with portable alternativenetwork time: migrate service status to PID fileopenvpn: fix client output for widget (contributed by kulikov-a)openvpn: migrate connection status page and widget to MVC/APIunbound: replace status call with portable alternativeunbound: bring back missing advanced page ACL entryunbound: implement wildcard blocking and refactor DNSBL moduleunbound: account for CNAME redirection in DNSBL moduleunbound: prevent logging SERVFAIL twice in DNSBL moduleunbound: allow scripts to extend blocklist functionalitymvc: add MaskPerItem toggle to allow regex validation per entry in CSVListFieldui: add a fail() handler to disable action button spinnerplugins: os-frr 1.33[1]src: pfsync: fix pfsync_undefer_state() lockingsrc: pfsync: add missing unlock in pfsync_defer_tmo()src: epair: merged assorted fixesports: openssl fix for CVE-2023-0464ports: radvd fix for SIGHUP behaviour

system: timezone parsing issue for zones west of UTC using "-"

system: migrate services page and widget to MVC/API

system: move web GUI service definition to correct file

system: add service_by_filter() service search extension

system: pin down the auto-far gateway selection and routing log adjustments

system: prevent applying tunables which are already set

firewall: refactor alias update scripts

dhcp: bring back the SIGHUP handling of radvd due to fix upstream

ipsec: replace status call with portable alternative

network time: migrate service status to PID file

openvpn: fix client output for widget (contributed by kulikov-a)

openvpn: migrate connection status page and widget to MVC/API

unbound: replace status call with portable alternative

unbound: bring back missing advanced page ACL entry

unbound: implement wildcard blocking and refactor DNSBL module

unbound: account for CNAME redirection in DNSBL module

unbound: prevent logging SERVFAIL twice in DNSBL module

unbound: allow scripts to extend blocklist functionality

mvc: add MaskPerItem toggle to allow regex validation per entry in CSVListField

ui: add a fail() handler to disable action button spinner

plugins: os-frr 1.33[1]

src: pfsync: fix pfsync_undefer_state() locking

src: pfsync: add missing unlock in pfsync_defer_tmo()

src: epair: merged assorted fixes

ports: openssl fix for CVE-2023-0464

ports: radvd fix for SIGHUP behaviour

Source: Tweakers.net