Hi there,

coincidentally, we scheduled 15.1.11.4 for today and have found ourselves in the middle of an OpenSSL/LibreSSL update. FreeBSD has been really quick and provided ports updates for both of them. OpenSSL base updates, however, won’t be shipped today. That isn’t so bad, because we build all ports against the newer version by default. The base update will follow next week.

There have been quite a few things happening apart from *SSL, see the notes and links to individual updates. Another round of stabilisation for the firmware GUI will make upgrading a bit more consistent in the future. And, ironically, if you encounter the update freezing up in the GUI, simply refresh the page and look for new updates.

Here is the full list of changes:

  • notable ports updates: pcre 8.37_1 [1], phalcon 2.0.2 [2], strongswan 5.3.2 [3], sqlite 3.8.10.2 [4]
  • more notable ports: openvpn 2.3.7 [5], openssl 1.0.2b [6], libressl 2.1.7 [7], pkg 1.5.4 [8]
  • opnsense-update: has gained the ability to do package updates as well
  • core: removed unused ssh_tunnel_shell and 3gstats utilities, added sudo to the default utilities
  • captiveportal/traffic shaper: better fix for localhost skip
  • traffic shaper: added ICMP, IGMP, ESP, AH and GRE protocols to selectable protocols
  • core: fixed a bug that prevented our API from working properly with Phalcon 2.0.1 and above
  • backend: added configctl command utility launcher and improved its logging capabilities
  • backend: worked around a performance degradation bug in Python 2.7 on FreeBSD
  • gateways: monitoring via `apinger’ is now turned off by default for all new gateways created (opt-out flipped to opt-in for privacy reasons)
  • firmware: refactored firmware code to use opnsense-update’s new capabilities
  • firmware: fix parsing of packages to be upgraded in fringe cases
  • firmware: fix overzealous caching of available package upgrades
  • users: user with group admins now have `wheel’ group associated with them, allowing them to us `su’ or `sudo’ (if configured)
  • users: do not copy root’s hidden files while creating a new user home directory
https://github.com/freebsd/freebsd-ports/commit/030adcf1d
[2] https://github.com/phalcon/cphalcon/releases
[3] https://wiki.strongswan.org/projects/strongswan/wiki/Changelog53
[4] https://www.sqlite.org/releaselog/3_8_10_2.html
[5] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.7
[6] http://marc.info/?l=openbsd-announce&m=143404058913441
[7] https://github.com/freebsd/freebsd-ports/commit/40365ab880101ee
[8] https://www.openssl.org/news/secadv_20150611.txt