Software-update: OPNsense 25.1.11

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars achter OPNsense hebben de elfde en laatste update voor versie 25.1 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 25.1.11 released

This maintenance release will also be the EoL version for the 25.1 series. It ships the latest FreeBSD SA/EN patches plus other third party security updates and a few minor fixes. We did see issues with the "e2fsprogs-libuuid" dependency lately obsoleted by FreeBSD ports and while packages such as "netdata" may refuse updating in the first update it should eventually reinstall correctly using the new "libuuid" package. If you see related issues make sure you are not using multi-repo setups that still provide the obsoleted dependency. That being said, 25.7-RC1 is already out, but RC2 likely follows tomorrow. We are still set for a final release date of July 23. See you on the other side!

Here are the full patch notes:

system: fix passing "arguments" as parameters for cron jobsdnsmasq: fix DomainIPField to allow IP address to be emptieddnsmasq: register DHCPv6 firewall rules as welldnsmasq: fix empty dhcp option value spawning stray commafirmware: remove unbound/duckdb migration scriptlang: further updatesopenvpn: validate group membership after authenticationunbound: ignore TXT records for wildcard host entriesplugins: os-stunnel 1.0.6 adds LDAP and NNTP to supported STARTTLS protocols (contributed by Patrick M. Hausen)plugins: os-zabbix-agent 1.16plugins: os-zabbix-proxy1.13src: ifconfig: optimise non-listing case with netlinksrc: xz: fix use-after-free in multi-threaded xz decodersrc: ena: fix misconfiguration when requesting regular LLQsrc: zfs: fix corruption in ZFS replication streams from encrypted datasetssrc: libc: allow __cxa_atexit handlers to be added during __cxa_finalizeports: libxml 2.14.4ports: nss 3.113.1ports: openssl 3.0.17ports: php 8.3.23ports: sqlite 3.50.2ports: sudo 1.9.17p1ports: suricata 7.0.11

system: fix passing "arguments" as parameters for cron jobs

dnsmasq: fix DomainIPField to allow IP address to be emptied

dnsmasq: register DHCPv6 firewall rules as well

dnsmasq: fix empty dhcp option value spawning stray comma

firmware: remove unbound/duckdb migration script

lang: further updates

openvpn: validate group membership after authentication

unbound: ignore TXT records for wildcard host entries

plugins: os-stunnel 1.0.6 adds LDAP and NNTP to supported STARTTLS protocols (contributed by Patrick M. Hausen)

plugins: os-zabbix-agent 1.16

plugins: os-zabbix-proxy1.13

src: ifconfig: optimise non-listing case with netlink

src: xz: fix use-after-free in multi-threaded xz decoder

src: ena: fix misconfiguration when requesting regular LLQ

src: zfs: fix corruption in ZFS replication streams from encrypted datasets

src: libc: allow __cxa_atexit handlers to be added during __cxa_finalize

ports: libxml 2.14.4

ports: nss 3.113.1

ports: openssl 3.0.17

ports: php 8.3.23

ports: sqlite 3.50.2

ports: sudo 1.9.17p1

ports: suricata 7.0.11

Source: Tweakers.net