Für die Open-Source Firewall OPNsense ist vor 5 Tagen das Update 18.7.10 erschienen.
veröffentlicht. Damit bereiten die Entwickler die Firewall weiter in Richtung einfachem Update auf die am 29.01.2019 kommende Version 19.1 vor. Neben der aktuellen Version 4.1 von Suricata, dem Export von Custom-Passwörter für P12 Zertifikate werden auch die aktuellen FreeBSD base Patche installiert. Insgesamt gibt es 22 Updates mit einer Größe von ca. 115MB.
OPNsense Bugfix Release 18.7.10
- system: P12 certificate export now allows to specify a password
- system: allow plain IPv6 for LDAP and RADIUS host
- system: properly sort columns with size units in activity page
- system: remove references to „automatic“ in HA help texts
- system: add option to only show temperature of one core in widget
- system: speed up isArraySequential()
- system: introduce configdp_run() variant
- system: assorted code cleanups
- interfaces: only show name servers offered by individual link in status page
- interfaces: DUID-LL generator fix (contributed by Team Rebellion)
- interfaces: show disabled and virtual interfaces in groups
- interfaces: change wireless page interface iterators
- interfaces: change LAGG page interface iterators
- interfaces: remove unused get_dns_servers()
- interfaces: assorted code cleanups
- firewall: fix an exception error in alias config read
- firewall: fix typo in outbound NAT destination help text
- firewall: rename „Localhost“ to „Loopback“ for clarity in virtual IP pages
- firewall: unify anti-lockout behaviour to match rules and GUI display
- firewall: switch to tokenizer for shaper source and destination fields
- firewall: fix alias utility issue when adding into empty alias
- firewall: correct alias name limit to 31 characters
- firewall: bring back auto-complete for nested aliases
- firewall: NAT rules on reflection for port forwards only when address exists on interface
- firewall: lower bogon download retry attempts to 3
- firewall: schedule JS code update
- captive portal: add setting to always send accounting requests
- captive portal: assorted code cleanups
- dhcp: DHCPv6 leases not always correctly displayed (contributed by Team Rebellion)
- dhcp: override IPv6 PD range fix (contributed by Team Rebellion)
- dhcp: switch subnet verification to new network interface retrieval
- firmware: individual error messages during base and kernel installation
- firmware: obsolete set usage has been removed, embedded into base set
- firmware: always recalculate size returned in the GUI and use pkg-style units
- firmware: migrate more scripting to opnsense-version
- firmware: remove defunct dataroute mirror
- importer: make current zpool visible, but immune to import
- installer: find all possible configs and include them for startup
- intrusion detection: change default alert level to notice
- openvpn: allow empty remote subnet in client
- openvpn: use new network interface retrieval
- openvpn: assorted code cleanups
- unbound: always add global DNS servers in forwarding mode
- unbound: restart when crashed even if request came from unassociated interface
- wizard: sync bogon help text with interfaces GUI counterparts
- wizard: hint at updates after completion
- wizard: assorted code cleanups
- mvc: harden setFormData()
- plugins: os-api-backup 1.0 allows API access to config.xml (contributed by Fabian Franz)
- plugins: os-bind 1.4[1] (contributed by Michael Muenz)
- plugins: os-clamav fixes /var MFS permission mismatch
- plugins: os-dnscrypt-proxy 1.1 allows manual server selection (contributed by Michael Muenz)
- plugins: os-dyndns 1.1 fix for using apex domains with CloudFlare DDNS (contributed by Charles Ulrich)
- plugins: os-frr 1.6 adds OSPF key ID and default route metric, BGP router ID, etc. (contributed by Michael Muenz and Fabian Franz)
- plugins: os-haproxy 2.13[2] (contributed by Frank Wall)
- plugins: os-ntopng fixes HTTPS setup permission
- plugins: os-openconnect 1.3.2 adds non-inter option, groups and client certificates, etc. (contributed by Diego Rivera and Michael Muenz)
- plugins: os-postfix 1.8[3] (contributed by Michael Muenz)
- plugins: os-theme-cicada 1.12 (contributed by Team Rebellion)
- plugins: os-theme-tukan 1.11 (contributed by Team Rebellion)
- plugins: os-upnp 1.3 allows up to 8 user permissions
- src: bootpd buffer overflow[4]
- src: kernel panic under load on Intel „Skylake“ CPU[5]
- src: ZFS vnode reclaim deadlock[6]
- ports: curl 7.63.0[7]
- ports: libressl 2.7.5[8]
- ports: libxml 2.9.8[9]
- ports: phalcon 3.4.2[10]
- ports: suricata 4.1.2[11][12][13]
- ports: syslogd 11.2
- ports: unbound 1.8.3[14]
—
[1] https://github.com/opnsense/plugins/blob/master/dns/bind/pkg-descr
[2] https://github.com/opnsense/plugins/pull/1090
[3] https://github.com/opnsense/plugins/blob/master/mail/postfix/pkg-descr
[4] https://www.freebsd.org/security/advisories/FreeBSD-SA-18:15.bootpd.asc
[5] https://www.freebsd.org/security/advisories/FreeBSD-EN-18:17.vm.asc
[6] https://www.freebsd.org/security/advisories/FreeBSD-EN-18:18.zfs.asc
[7] https://curl.haxx.se/mail/lib-2017-02/0109.html
[8] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.5-relnotes.txt
[9] https://mail.gnome.org/archives/xml/2018-March/msg00001.html
[10] https://github.com/phalcon/cphalcon/releases/tag/v3.4.2
[11] https://suricata-ids.org/2018/11/06/suricata-4-1-released/
[12] https://suricata-ids.org/2018/12/17/suricata-4-1-1-available/
[13] https://suricata-ids.org/2018/12/21/suricata-4-1-2-released/
[14] https://nlnetlabs.nl/projects/unbound/download/
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.