OPNsense 20.1.2 released
Good evening,
Today we pick up the recent FreeBSD security advisories as well as the usual noise in bugfixes and third party updates. We are also at the brink of a first HardenedBSD 12.1 based image so stay tuned.
Here are the full patch notes:
o system: fix leap year issue in new log reader
o system: add valid from and to dates to user certs display
o system: drop unused services.inc and diag_logs_template.inc
o interfaces: make sure descriptions are properly cleansed
o interfaces: introduce interfaces_primary_address6()
o interfaces: validate interface input in packet capture
o firewall: immediately download GeoIP if not already found
o firewall: improve performance when working with large number of aliases
o firewall: fix visibility on internal CARP rules
o captive portal: fix expiry and validity for vouchers (contributed by xx4h)
o dhcp: fix DNS registration for DHCPv6 static mappings (contributed by maurice-w)
o dhcp: add icons next to online/offline lease status (contributed by Tyler Ham)
o ipsec: allow configuration of inactivity parameter (contributed by Marcel Menzel)
o unbound: minor changes while scanning ACL subnets
o web proxy: work around to skip passing additional auth properties
o backend: allow pluginctl to return config.xml values
o console: improve type checks in set address function
o rc: join CARP early startup scripts
o plugins: os-dnscrypt-proxy fix for setup.sh on reboot
o plugins: os-dyndns 1.20 fixes verify restrictions, GratisDNS and missing break for Linode (contributed by NOYB, Johan Pramming, Andrew Gunnerson)
o plugins: os-maltrail 1.4[1]
o plugins: os-nrpe fix for setup.sh on reboot
o plugins: os-tinc 1.5 fixes bug in IPv6 support (contributed by vnxme)
o src: fix imprecise ordering of SSP canary initialization[2]
o src: fix nmount invalid pointer dereference[3]
o src: fix libfetch buffer overflow[4]
o src: fix kernel stack data disclosure[5]
o ports: ca_root_nss 3.50
o ports: php 7.2.28[6]
o ports: squid 4.10[7]
o ports: suricata 4.1.7[8]
o ports: syslog-ng 3.25.1[9]
o ports: unbound 1.10.0[10]
Stay safe,
Your OPNsense team
--
[1] https://github.com/opnsense/plugins/blob/master/security/maltrail/pkg-descr
[2] https://www.freebsd.org/security/advisories/FreeBSD-EN-20:01.ssp.asc
[3] https://www.freebsd.org/security/advisories/FreeBSD-EN-20:02.nmount.asc
[4] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:01.libfetch.asc
[5] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:03.thrmisc.asc
[6] https://www.php.net/ChangeLog-7.php#7.2.28
[7] http://squid.mirror.colo-serv.net/archive/4/squid-4.10-RELEASENOTES.html
[8] https://suricata-ids.org/2020/02/13/suricata-4-1-7-released/
[9] https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.25.1
[10] https://nlnetlabs.nl/projects/unbound/download/