New OPNsense Release

OPNsense 19.7.2 released

Hi there,

This update ships the latest FreeBSD security advisories along with several smaller improvements and fixes. Sunny Valley Networks is the first vendor to introduce additional software to the plugin framework in the form of the Sensei plugin.

Here are the full patch notes:

o system: missing "" in legacy output via Syslog-ng
o system: fix writing gateway information for DNS servers
o system: allow gateway to work in DHCPv6 WAN when no router solicitation is available
o firewall: unhide automatic interface-based output rules
o firewall: unhide automatic non-interface-based floating rules
o firewall: lift length restriction in NAT rule description
o firewall: avoid newlines in rule descriptions
o firewall: only show usable addresses in NAT outbound rules
o interfaces: fix extended CARP output when parsing interface information
o interfaces: add more outputs to overview page to increase usefulness
o interfaces: use shared DHCP lease reader for ARP list
o captive portal: fix binary read issue in Python 3
o dhcp: fix DHCPv4 relay interface selection (contributed by jayantsahtoe)
o firmware: handle file signature verify correctly with multiple fingerprint repositories
o firmware: Aivian mirror is no longer active
o firmware: Cloudfence mirror in Brazil added
o plugins: os-acme-client 1.24[1]
o plugins: os-bind 1.6 (contributed by crazy-max)
o plugins: os-dnscrypt-proxy 1.5 (contributed by crazy-max)
o plugins: os-grid_example 1.0[2]
o plugins: os-helloworld Python 3 compatibility[3]
o plugins: os-nut 1.5 adds Riello driver (contributed by Michael Muenz)
o plugins: os-sunnyvalley 1.0[4][5]
o src: fix panic from Intel CPU vulnerability mitigation[6]
o src: fix multiple telnet client vulnerabilities[7]
o src: fix pts write-after-free[8]
o src: fix kernel memory disclosure in freebsd32_ioctl[9]
o src: fix reference count overflow in mqueuefs[10]
o src: fix byhve out-of-bounds read in XHCI device[11]
o src: fix file descriptor reference count leak[12]
o ports: libevent 2.1.11[13]

Stay safe,
Your OPNsense team

--
[1] https://github.com/opnsense/plugins/pull/1399
[2] https://docs.opnsense.org/development/examples/using_grids.html
[3] https://docs.opnsense.org/development/examples/helloworld.html
[4] https://docs.opnsense.org/third_party_plugins.html
[5] https://www.sunnyvalley.io/sensei
[6] https://www.freebsd.org/security/advisories/FreeBSD-EN-19:13.mds.asc
[7] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc
[8] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:13.pts.asc
[9] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:14.freebsd32.asc
[10] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc
[11] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc
[12] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:17.fd.asc
[13] https://raw.githubusercontent.com/libevent/libevent/release-2.1.11-stable/ChangeLog