Software-update: OPNsense 23.1.11

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 23.1.11 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 23.1.11 released

So this is the end of life release for the 23.1 series which includes the recent FreeBSD advisories as well as plugin support for Zabbix 6.4.

We have finished the OpenVPN MVC "instances" for anyone who is interested in a preview using the current development release. FreeBSD 13.2 side looks ready so we will be releasing 23.7-RC1 some time in the second half of July. The final 23.7 release is scheduled for July 31. The upgrade path from 23.1 will be enabled shortly after the new major release, but can take up to 24 hours due to testing and mirror propagation. Please do not despair. ;)

Here are the full patch notes:

system: add RADIUS authentication support for MSCHAPv2 using Crypt_CHAP_MSv2()system: propagate error in rc.syshook scriptsdhcp: validate client hostnames in Dnsmasq/Unbound lease watchersfirmware: automatic kernel upgrade after reboot like base and package stagesfirmware: sticky advanced mode if flavour is set to non-defaultintrusion detection: add missing typecast in getAlertLogsAction()mvc: fix locking regression that caused bulk changes to not being rendered correctlyplugins: os-zabbix-agent plugin variant for Zabbix 6.4plugins: os-zabbix-proxy plugin variant for Zabbix 6.4src: axgbe: account for 4 SFP ports during GPIO expander checksrc: ipsec: make algorithm tables read-onlysrc: mpr: fix copying of event_masksrc: pam_krb5: fix spoofing vulnerabilitysrc: loader: comconsole: do not unconditionally wipe out hw.uart.consolesrc: contrib/tzdata: import tzdata 2023csrc: ixgbe: change if condition for RSS and rxcsumsrc: pf: fix pf_nv##_array() size checksrc: e1000: fix VLAN 0ports: py-setuptools fix for CVE-2022-40897

system: add RADIUS authentication support for MSCHAPv2 using Crypt_CHAP_MSv2()

system: propagate error in rc.syshook scripts

dhcp: validate client hostnames in Dnsmasq/Unbound lease watchers

firmware: automatic kernel upgrade after reboot like base and package stages

firmware: sticky advanced mode if flavour is set to non-default

intrusion detection: add missing typecast in getAlertLogsAction()

mvc: fix locking regression that caused bulk changes to not being rendered correctly

plugins: os-zabbix-agent plugin variant for Zabbix 6.4

plugins: os-zabbix-proxy plugin variant for Zabbix 6.4

src: axgbe: account for 4 SFP ports during GPIO expander check

src: ipsec: make algorithm tables read-only

src: mpr: fix copying of event_mask

src: pam_krb5: fix spoofing vulnerability

src: loader: comconsole: do not unconditionally wipe out hw.uart.console

src: contrib/tzdata: import tzdata 2023c

src: ixgbe: change if condition for RSS and rxcsum

src: pf: fix pf_nv##_array() size check

src: e1000: fix VLAN 0

ports: py-setuptools fix for CVE-2022-40897

Source: Tweakers.net