Software-update: OPNsense 24.1.5

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 24.1.5 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 24.1.5 released

Today the kernel receives a number of minor updates that have accumulated since 24.1.2 was released. The primary focus for the time being is adding fixes and MVC improvements for upcoming feature backports into the next 24.1.x versions. The update presents itself as a hotfix 24.1.5_1 but that is only due to catching an issue during the last QA stage with an update of the gettext library.

Here are the full patch notes:

system: fix PHP warnings and spurious validation in route modelsystem: fix translation of static PHP pages with newer gettextinterfaces: support a primary interface in LAGG failover modeinterfaces: stop caching IPv6 address to decide if reload is requiredfirmware: opnsense-revert: fix issue with downloaded package installipsec: fix typo in config generation for AH proposalsunbound: duckduckgo.com blocklist fixwireguard: add a peer configuration generator with QR code capabilitywireguard: improve overall configuration UXmvc: add "safe" filter in Phalcon volt templatesmvc: feed current language into view to replace hardcoded "en-US"mvc: fix minor regression with "allownew" not having a defaultmvc: extend model implementation to support volatile fieldsmvc: add setBaseHook() to ApiMutableModelControllerBaserc: fix wrong order in service startup (contributed by Frank Wall)ui: move cache_safe() functions to appropriate includeui: add a "statusled" formatter to bootgridui: add a "grid-reload" helper to SimpleActionButtonplugins: os-bind 1.21plugins: os-caddy 1.5.3src: wg: fix handling of errors in wg_transmit()src: wg: use proper barriers around pkt->p_statesrc: kern: fix panic with disabled ttyssrc: opencrypto: advance the correct pointer in crypto_cursor_copydata()src: opencrypto: handle end-of-cursor conditions in crypto_cursor_segment()src: opencrypto: respect alignment constraints in xor_and_encrypt()src: ccr,ccp: fix argument order to sglist_append_vmpagessrc: ossl: add missing labels to bsaes-armv7.Ssrc: ipsec esp: avoid dereferencing freed secasindexsrc: irdma: upgrade to 1.2.36-ksrc: irdma: remove artificial completion generatorsrc: tcp: cubic - restart epoch after RTOsrc: tcp: prevent div by zero in cc_htcpsrc: net80211: adjust more VHT structures/fieldsports: curl 8.7.1ports: expat 2.6.2ports: libucl 0.9.1ports: lighttpd 1.4.75ports: nss 3.99ports: openssh-portable 9.7p1ports: openvpn 2.6.10ports: php 8.2.17ports: py-duckdb 0.10.1ports: py-netaddr 1.2.1

system: fix PHP warnings and spurious validation in route model

system: fix translation of static PHP pages with newer gettext

interfaces: support a primary interface in LAGG failover mode

interfaces: stop caching IPv6 address to decide if reload is required

firmware: opnsense-revert: fix issue with downloaded package install

ipsec: fix typo in config generation for AH proposals

unbound: duckduckgo.com blocklist fix

wireguard: add a peer configuration generator with QR code capability

wireguard: improve overall configuration UX

mvc: add "safe" filter in Phalcon volt templates

mvc: feed current language into view to replace hardcoded "en-US"

mvc: fix minor regression with "allownew" not having a default

mvc: extend model implementation to support volatile fields

mvc: add setBaseHook() to ApiMutableModelControllerBase

rc: fix wrong order in service startup (contributed by Frank Wall)

ui: move cache_safe() functions to appropriate include

ui: add a "statusled" formatter to bootgrid

ui: add a "grid-reload" helper to SimpleActionButton

plugins: os-bind 1.21

plugins: os-caddy 1.5.3

src: wg: fix handling of errors in wg_transmit()

src: wg: use proper barriers around pkt->p_state

src: kern: fix panic with disabled ttys

src: opencrypto: advance the correct pointer in crypto_cursor_copydata()

src: opencrypto: handle end-of-cursor conditions in crypto_cursor_segment()

src: opencrypto: respect alignment constraints in xor_and_encrypt()

src: ccr,ccp: fix argument order to sglist_append_vmpages

src: ossl: add missing labels to bsaes-armv7.S

src: ipsec esp: avoid dereferencing freed secasindex

src: irdma: upgrade to 1.2.36-k

src: irdma: remove artificial completion generator

src: tcp: cubic - restart epoch after RTO

src: tcp: prevent div by zero in cc_htcp

src: net80211: adjust more VHT structures/fields

ports: curl 8.7.1

ports: expat 2.6.2

ports: libucl 0.9.1

ports: lighttpd 1.4.75

ports: nss 3.99

ports: openssh-portable 9.7p1

ports: openvpn 2.6.10

ports: php 8.2.17

ports: py-duckdb 0.10.1

ports: py-netaddr 1.2.1

Source: Tweakers.net