OPNsense 23.1.8 Bugfix Release

Die Open-Source Firewall OPNsense erhielt das Update 23.1.8. Das Update verbessert die Verbindung über IPv6, erweitert den Modul Support für den AXGBE Netzwerktreiber und behebt einen Fehler bei IPv6 Refragmentation über Policy-basierten Routen uvm.

OPNsense 23.1.8 Release Notes

• system: calling return_down_gateways() depends on default gateway switch setting
• system: open new session if missing to prevent spurious CRSF errors in static pages
• system: add device hint to empty interface address message in case of mismatch during default route attempt
• system: add kernel messages to the general system log
• system: make sure routing log messages all use „ROUTING:“ prefix
• system: print warning for duplicated gateway name
• system: prefix API key filename with FQDN of this host
• interfaces: deal with „prefixv6“ as an array
• interfaces: improve address cleanup when handling VIP modifications
• interfaces: explicitly report current IP address during renewal avoidance
• interfaces: patch in appropriate rebind/renew DHCPv6 handling
• interfaces: for static „Use IPv4 connectivity“ on PPPoE bring up IPv6 routes as well
• interfaces: ifctl: fix typo causing content to be printed while adding it
• interfaces: ifctl: avoid null route on fragile /64 prefix delegation
• interfaces: ifctl: do not flush name server routes
• firewall: add „set debug“ and „set keepcounters“ options to advanced options
• dhcp: provide run task „static_mapping“ to avoid polluting unrelated plugins
• dnsmasq: use new run task „static_mapping“ to collect static mappings from DHCP
• firmware: show support tiers in plugin list
• firmware: now that we have a full data model do not overdo cleanup during plugin registration
• intrusion detection: minor performance improvements when parsing metadata from rules
• openvpn: fix a warning by passing a desirable empty input containing a slash
• unbound: fix migration edge case in model version 1.0.3
• unbound: remove DNS blocklist start syshook causing an unnecessary download during bootup
• unbound: when called via GET during override creation encode using URLSearchParams()
• wizard: do not end up duplicating WAN_GW entry
• mvc: add CIDRToMask() to utilities
• mvc: prevent config restore when writer has flushed or partly written the file
• mvc: format BaseModel logger to avoid duplicate timestampsplugins: os-crowdsec 1.0.5[1]
• plugins: os-acme-client 3.17[2]
• src: axgbe: fix link issues for gigabit external SFP PHYs and 100/1000 fiber modules
• src: axgbe: apply RRC to miibus attached PHYs and add support for variable bitrate 25G SFP+ DACs
• src: axgbe: properly release resource in error case
• src: ifconfig: improve VLAN identifier parsing
• src: pfsync: hold b_mtx for callout_stop(pd_tmo)
• src: pf: remove pd_refs from pfsync
• src: pf: deal with KPI change bug on stable/13 by redirecting otherwise crashing traffic through ip6_output()
• ports: curl 8.1.0[3]
• ports: dhcp6c 20230523
• ports: lighttpd 1.4.70[4]
• ports: nss 3.89.1[5]
• ports: openvpn 2.6.4[6]
• ports: php 8.1.19[7]
• ports: suricata 6.0.12[8]

—
[1] https://github.com/opnsense/plugins/blob/stable/23.1/security/crowdsec/pkg-descr
[2] https://github.com/opnsense/plugins/blob/stable/23.1/security/acme-client/pkg-descr
[3] https://curl.se/changes.html#8_1_0
[4] https://www.lighttpd.net/2023/5/10/1.4.70/
[5] https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html
[6] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26#Changesin2.6.4
[7] https://www.php.net/ChangeLog-8.php#8.1.19
[8] https://suricata.io/2023/05/09/suricata-6-0-12-released/

Quelle: https://forum.opnsense.org/index.php?topic=34192.0