OPNsense 18.7.10 released
Happy new year everyone,
2019 means 19.1 is almost here. In the meantime accept this small
incremental update with goodies such as Suricata 4.1, custom passwords
for P12 certificate export as well as fresh fixes in the FreeBSD base.
A lot of cleanups went into this update to make sure there will be a
smooth transition to 19.1-RC for you early birds. We expect RC1 in 1-2
weeks and the final 19.1 on January 29.
Here are the full patch notes:
o system: P12 certificate export now allows to specify a password
o system: allow plain IPv6 for LDAP and RADIUS host
o system: properly sort columns with size units in activity page
o system: remove references to "automatic" in HA help texts
o system: add option to only show temperature of one core in widget
o system: speed up isArraySequential()
o system: introduce configdp_run() variant
o system: assorted code cleanups
o interfaces: only show name servers offered by individual link in status page
o interfaces: DUID-LL generator fix (contributed by Team Rebellion)
o interfaces: show disabled and virtual interfaces in groups
o interfaces: change wireless page interface iterators
o interfaces: change LAGG page interface iterators
o interfaces: remove unused get_dns_servers()
o interfaces: assorted code cleanups
o firewall: fix an exception error in alias config read
o firewall: fix typo in outbound NAT destination help text
o firewall: rename "Localhost" to "Loopback" for clarity in virtual IP pages
o firewall: unify anti-lockout behaviour to match rules and GUI display
o firewall: switch to tokenizer for shaper source and destination fields
o firewall: fix alias utility issue when adding into empty alias
o firewall: correct alias name limit to 31 characters
o firewall: bring back auto-complete for nested aliases
o firewall: NAT rules on reflection for port forwards only when address exists on interface
o firewall: lower bogon download retry attempts to 3
o firewall: schedule JS code update
o captive portal: add setting to always send accounting requests
o captive portal: assorted code cleanups
o dhcp: DHCPv6 leases not always correctly displayed (contributed by Team Rebellion)
o dhcp: override IPv6 PD range fix (contributed by Team Rebellion)
o dhcp: switch subnet verification to new network interface retrieval
o firmware: individual error messages during base and kernel installation
o firmware: obsolete set usage has been removed, embedded into base set
o firmware: always recalculate size returned in the GUI and use pkg-style units
o firmware: migrate more scripting to opnsense-version
o firmware: remove defunct dataroute mirror
o importer: make current zpool visible, but immune to import
o installer: find all possible configs and include them for startup
o intrusion detection: change default alert level to notice
o openvpn: allow empty remote subnet in client
o openvpn: use new network interface retrieval
o openvpn: assorted code cleanups
o unbound: always add global DNS servers in forwarding mode
o unbound: restart when crashed even if request came from unassociated interface
o wizard: sync bogon help text with interfaces GUI counterparts
o wizard: hint at updates after completion
o wizard: assorted code cleanups
o mvc: harden setFormData()
o plugins: os-api-backup 1.0 allows API access to config.xml (contributed by Fabian Franz)
o plugins: os-bind 1.4[1] (contributed by Michael Muenz)
o plugins: os-clamav fixes /var MFS permission mismatch
o plugins: os-dnscrypt-proxy 1.1 allows manual server selection (contributed by Michael Muenz)
o plugins: os-dyndns 1.1 fix for using apex domains with CloudFlare DDNS (contributed by Charles Ulrich)
o plugins: os-frr 1.6 adds OSPF key ID and default route metric, BGP router ID, etc. (contributed by Michael Muenz and Fabian Franz)
o plugins: os-haproxy 2.13[2] (contributed by Frank Wall)
o plugins: os-ntopng fixes HTTPS setup permission
o plugins: os-openconnect 1.3.2 adds non-inter option, groups and client certificates, etc. (contributed by Diego Rivera and Michael Muenz)
o plugins: os-postfix 1.8[3] (contributed by Michael Muenz)
o plugins: os-theme-cicada 1.12 (contributed by Team Rebellion)
o plugins: os-theme-tukan 1.11 (contributed by Team Rebellion)
o plugins: os-upnp 1.3 allows up to 8 user permissions
o src: bootpd buffer overflow[4]
o src: kernel panic under load on Intel "Skylake" CPU[5]
o src: ZFS vnode reclaim deadlock[6]
o ports: curl 7.63.0[7]
o ports: libressl 2.7.5[8]
o ports: libxml 2.9.8[9]
o ports: phalcon 3.4.2[10]
o ports: suricata 4.1.2[11][12][13]
o ports: syslogd 11.2
o ports: unbound 1.8.3[14]
Stay safe,
Your OPNsense team
--
[1] https://github.com/opnsense/plugins/blob/master/dns/bind/pkg-descr
[2] https://github.com/opnsense/plugins/pull/1090
[3] https://github.com/opnsense/plugins/blob/master/mail/postfix/pkg-descr
[4] https://www.freebsd.org/security/advisories/FreeBSD-SA-18:15.bootpd.asc
[5] https://www.freebsd.org/security/advisories/FreeBSD-EN-18:17.vm.asc
[6] https://www.freebsd.org/security/advisories/FreeBSD-EN-18:18.zfs.asc
[7] https://curl.haxx.se/mail/lib-2017-02/0109.html
[8] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.5-relnotes.txt
[9] https://mail.gnome.org/archives/xml/2018-March/msg00001.html
[10] https://github.com/phalcon/cphalcon/releases/tag/v3.4.2
[11] https://suricata-ids.org/2018/11/06/suricata-4-1-released/
[12] https://suricata-ids.org/2018/12/17/suricata-4-1-1-available/
[13] https://suricata-ids.org/2018/12/21/suricata-4-1-2-released/
[14] https://nlnetlabs.nl/projects/unbound/download/