New OPNsense Release

OPNsense 20.7.3 released

Hello hello,

Today is the day for a number of FreeBSD security advisories and a few
reliability fixes.

We are still testing a batch of Netmap improvement patches with a separate
kernel.  This and the Realtek vendor driver update will likely follow in
the next kernel update.  All feedback is welcome.

Here are the full patch notes:

o system: use different shell gateway name to appease wizard
o system: simplify CARP hook
o interfaces: phase out usage
o firewall: add MAC type to top right filter selection
o firewall: fix two scrub rule parsing bugs
o firewall: omit group type interfaces in filter selection
o intrusion detection: re-create rule cache after rule deployment
o unbound: add "unbound-plus" section to XMLRPC sync
o dhcp: adding DDNS values of each additional pool to the $ddns_zones array (contributed by Mathieu St-Pierre)
o dhcp: add static interface mode to router advertisements
o rc: fix ssh key permissions on MSDOS import
o rc: support service identifier in pluginctl -s mode
o plugins: os-bind download link changes (contributed by gap579137)
o plugins: os-chrony 1.0 (contributed by Michael Muenz)
o plugins: os-dnscrypt-proxy blocklist script fixes (contributed by Mark Keisler)
o plugins: os-frr 1.17[1]
o plugins: os-postfix 1.17[2]
o plugins: os-rspamd 1.10[3]
o plugins: os-theme-cicada 1.25 (contributed by Team Rebellion)
o plugins: os-theme-tukan 1.23 (contributed by Team Rebellion)
o plugins: os-theme-vicuna 1.1 (contributed by Team Rebellion)
o plugins: os-wireguard 1.3[4]
o plugins: os-zabbix-agent 1.8[5]
o src: fix FreeBSD Linux ABI kernel panic[6]
o src: fix SCTP socket use-after-free[7]
o src: fix dhclient heap overflow[8]
o src: fix ure device driver susceptible to packet-in-packet attack[9]
o src: fix bhyve privilege escalation via VMCS access[10]
o src: fix bhyve SVM guest escape[11]
o src: fix ftpd privilege escalation via ftpchroot[12]
o src: set PAX_HARDENING_NOSHLIBRANDOM in the RTLD by default
o src: fix kernel panic while trying to read multicast stream
o ports: mpd 5.9[13]
o ports: nss 3.57[14]
o ports: php 7.3.22[15]
o ports: pkg 1.15.6[16]

Stay safe,
Your OPNsense team