Software-update: OPNsense 23.7.1
Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 23.7.11 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.
OPNsense 23.7.1 released23.7 looks pretty good so far but no reason not to make it better. The MVC changes for DHCP, firewall groups, OpenVPN and Unbound receive several required fixes and the latest FreeBSD security advisories were added as well.
Here are the full patch notes:system: close boot file after probing to avoid lock inheritancesystem: fix lock() inheriting the lock statesystem: give more context in process kill error case since we operate PID numbers onlyfirewall: groups were not correctly parsed for menu post-migrationfirewall: hide row command buttons for internal groupsfirewall: add "ipv6-icmp" to protocol list in shaperfirewall: fix PHP warnings on the rules pagesdhcp: check if manufacturer exists for IPv4 lease page to prevent errordhcp: use base16 for iaid_duid decode for IPv6 lease page to prevent errordhcp: fix validation for static entry requirementfirmware: revoke 23.1 fingerprintnetwork time: support pool directive and maxclock (contributed by Kevin Fason)openvpn: fix static key deleteopenvpn: fix "mode" typo and push auth "digest" into export configopenvpn: fix race condition when using CRLs in instancesopenvpn: remove arbitrary upper bounds on some integer values in instancesunbound: migration of empty nodes failed from 23.1.11 to 23.7unbound: fix regression when disabling first domain overridemvc: fix empty item selection issue in BaseListFieldplugins: os-ddclient 1.14plugins: os-acme-client 3.19src: bhyve: fully reset the fwctl state machine if the guest requests a resetsrc: frag6: avoid a possible integer overflow in fragment handlingsrc: amdtemp: Fix missing 49 degree offset on current EPYC CPUssrc: libpfctl: ensure the initial allocation is large enoughsrc: pf: handle multiple IPv6 fragment headersports: curl 8.2.1ports: nss 3.92ports: openssl 1.1.1vports: perl 5.34.1ports: py-dnspython 2.4.1ports: strongswan 5.9.11ports: syslog-ng 4.3.1
system: close boot file after probing to avoid lock inheritancesystem: fix lock() inheriting the lock statesystem: give more context in process kill error case since we operate PID numbers onlyfirewall: groups were not correctly parsed for menu post-migrationfirewall: hide row command buttons for internal groupsfirewall: add "ipv6-icmp" to protocol list in shaperfirewall: fix PHP warnings on the rules pagesdhcp: check if manufacturer exists for IPv4 lease page to prevent errordhcp: use base16 for iaid_duid decode for IPv6 lease page to prevent errordhcp: fix validation for static entry requirementfirmware: revoke 23.1 fingerprintnetwork time: support pool directive and maxclock (contributed by Kevin Fason)openvpn: fix static key deleteopenvpn: fix "mode" typo and push auth "digest" into export configopenvpn: fix race condition when using CRLs in instancesopenvpn: remove arbitrary upper bounds on some integer values in instancesunbound: migration of empty nodes failed from 23.1.11 to 23.7unbound: fix regression when disabling first domain overridemvc: fix empty item selection issue in BaseListFieldplugins: os-ddclient 1.14plugins: os-acme-client 3.19src: bhyve: fully reset the fwctl state machine if the guest requests a resetsrc: frag6: avoid a possible integer overflow in fragment handlingsrc: amdtemp: Fix missing 49 degree offset on current EPYC CPUssrc: libpfctl: ensure the initial allocation is large enoughsrc: pf: handle multiple IPv6 fragment headersports: curl 8.2.1ports: nss 3.92ports: openssl 1.1.1vports: perl 5.34.1ports: py-dnspython 2.4.1ports: strongswan 5.9.11ports: syslog-ng 4.3.1
Source:
Tweakers.net