New OPNsense Release

OPNsense 22.1.9 released

Howdy,

Today we are addressing kernel memory leaks that occur when
reading firewall rule information from the system.  It seems
that these leaks even slipped into the FreeBSD 13.1 release
so we are happy to see them fixed now.

22.7 is very much on track.  Our final target is getting ready
for the PHP 8 upgrade but the timing is unclear as we wait for
an official Phalcon 5 release version that supports it.

Other than that please enjoy the summer and hydrate responsibly.

Here are the full patch notes:

o system: improve gateway subnet validation to fix IPv6 edge cases
o system: dpinger support for IPv6 aliases
o system: support 1500000 baudrate selection for ARM
o system: non-functional cleanups for upcoming move to PHP 8
o interfaces: add unique constraint for tag+if on VLANs
o firewall: bring back missing toggle button in aliases
o firewall: exclude internal aliases on import
o firewall: fix alias removal
o captive portal: add missing validation message for empty interface selection
o dhcp: revert back to not adding an IP to static lease creation from leases page
o openvpn: add domain search option to servers and overrides
o unbound: disabling the first DNS override entry invalidates config
o unbound: make blocklist additions/removals dynamic to prevent a restart
o unbound: zero_ttl is no longer a valid statistic (contributed by David Mora)
o plugins: os-ddclient 1.7[1]
o plugins: os-debug 1.5 fixes deprecated xdebug syntax
o plugins: os-frr 1.29[2]
o plugins: os-nginx 1.28[3]
o plugins: os-wireguard 1.11[4]
o src: pf: fix memory leaks in nvlist usage
o src: pf: stop resolving hosts as dns that use ":" modifier
o src: e1000: Increase rx_buffer_size to 32b
o src: igc: Increase rx_buffer_size local variable to 32b
o src: assorted non-functional cleanups and typo corrections
o ports: krb5 1.20[5]
o ports: lighttpd 1.4.65[6]
o ports: nss 3.79[7]
o ports: openvpn 2.5.7[8]
o ports: php 7.4.30[9]
o ports: py-certifi 2022.5.18.1
o ports: sqlite3 3.38.5[10]
o ports: sudo 1.9.11p2[11]
o ports: unbound 1.16.0[12]

Stay safe,
Your OPNsense team

--
[1] https://github.com/opnsense/plugins/blob/stable/22.1/dns/ddclient/pkg-descr
[2] https://github.com/opnsense/plugins/blob/stable/22.1/net/frr/pkg-descr
[3] https://github.com/opnsense/plugins/blob/stable/22.1/www/nginx/pkg-descr
[4] https://github.com/opnsense/plugins/blob/stable/22.1/net/wireguard/pkg-descr
[5] https://web.mit.edu/kerberos/krb5-1.20/
[6] https://www.lighttpd.net/2022/6/7/1.4.65/
[7] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.79_release_notes
[8] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.7
[9] https://www.php.net/ChangeLog-7.php#7.4.30
[10] https://sqlite.org/releaselog/3_38_5.html
[11] https://www.sudo.ws/stable.html#1.9.11p2
[12] https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-0