Hi all,
We are back for one last update of the 16.7 series with a small number of fixes and security-related package updates. Do not forget that 17.1 is scheduled for next week: the update instructions will be delivered via the usual firmware update path.
Until then, here are the full patch notes:
- traffic shaper: order rules numerically by sequence number
- firmware: added opnsense-revert tool for release-based package revert
- captive portal: fix downloading files in Chrome
- insight: fix downloading files in Chrome
- mvc: consistently set locale (contributed by Alexander Shursha)
- mvc: do not deliver content twice on API calls
- python: downgraded to 2.7.12 in order to fix segmentation faults within insight reporting
- libressl: avoid possible side-channel leak of ECDSA private keys when signing[1]
- ports: bind 9.10.4-P5[2]
- ports: perl5 5.24.1[3]
- ports: sqlite3 3.16.2[4]
- ports: openssh-portable 7.4p1[5]
- ports: sudo 1.8.19p2[6]
- ports: lighttpd 1.4.45[7]
- ports: php56 5.6.30[8]
Stay safe,
Your OPNsense team
—
[1] https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig
[2] https://deepthought.isc.org/article/AA-01447/0/BIND-9.10.4-P5-Release-Notes.html
[3] http://search.cpan.org/dist/perl-5.24.1/pod/perldelta.pod
[4] https://sqlite.org/releaselog/3_16_2.html
[5] https://www.openssh.com/txt/release-7.4
[6] https://www.sudo.ws/stable.html#1.8.19p2
[7] https://www.lighttpd.net/2017/1/14/1.4.45/
[8] http://php.net/ChangeLog-5.php#5.6.30