G’day everyone,

it’s sad but true: 15.1.12 may very well be the last of its kind. 6 months are almost over and 15.7 is around the corner with a number of changes e.g. how we do version numbers, release engineering branches and upcoming versions such as 16.1. As nothing is set in stone, we ask you to participate in the discussion on the forums:


The aftermath of the recent OpenSSL release(s) finally settled so now we are shipping FreeBSD’s security advisory along with the latest releases of OpenSSL 1.0.2c and LibreSSL 2.2.0. Upgrading PHP 5.6.10 seemed like another sensible thing to do.

The firmware update side of things received another minor batch of changes and is now at a point we’re satisfied with. Should you find anything odd or unusual, please let us know.

Here is the full list of changes:

  • src: fix OpenSSL multiple vulnerabilities (SA-15:10.openssl)
  • src: update base system file(1) to 5.22 (EN-15:06)
  • src: improve reliability of ZFS (EN-15:07) [3]
  • src: updated to tzdata2015e [4]
  • ports: openssl 1.0.2c [5], libressl 2.2.0 [6], php 5.6.10 [7], dnsmasq 2.73 [8], smartmontools 6.4 [9]
  • syslogd: disable unmaintained and unused ZMQ patches
  • opnsense-update: gained independent awareness of kernel and base system version
  • opnsense-update: improved the manual page to include all recent changes
  • firmware: bring back /etc/shells support to avoid the unknown shell warning on bootup
  • firmware: always schedule next poll while upgrade is running to accommodate for web server restart delay
  • logs: fix DHCP reverse ordering and update layout
  • wizard: remove false statement about using “dhcp” for LAN setup
  • menu: order interfaces by name
  • captive portal: fix database creation query by avoiding SQL injection syntax that broke due to a recent upstream hardening of the database adapter underneath

The images can be obtained via any of our mirrors, given a bit of delay for them to pull in the latest images:


The checksums are:

SHA256 (OPNsense-15.1.12_OpenSSL-cdrom-amd64.iso.bz2) =
SHA256 (OPNsense-15.1.12_OpenSSL-nano-amd64.img.bz2) =
SHA256 (OPNsense-15.1.12_OpenSSL-serial-amd64.img.bz2) =
SHA256 (OPNsense-15.1.12_OpenSSL-vga-amd64.img.bz2) =
SHA256 (OPNsense-15.1.12_OpenSSL-cdrom-i386.iso.bz2) =
SHA256 (OPNsense-15.1.12_OpenSSL-nano-i386.img.bz2) =
SHA256 (OPNsense-15.1.12_OpenSSL-serial-i386.img.bz2) =
SHA256 (OPNsense-15.1.12_OpenSSL-vga-i386.img.bz2) =

MD5 (OPNsense-15.1.12_OpenSSL-cdrom-amd64.iso.bz2) = f7701aa70024bbab8395f808d9695eb0
MD5 (OPNsense-15.1.12_OpenSSL-nano-amd64.img.bz2) = 2e32ea342755513f87b13db4900cd1b8
MD5 (OPNsense-15.1.12_OpenSSL-serial-amd64.img.bz2) = 7722c2de2d06b56a32d32f49b28007d6
MD5 (OPNsense-15.1.12_OpenSSL-vga-amd64.img.bz2) = d2ad9fc3bad8bff348d60f6a879122e6
MD5 (OPNsense-15.1.12_OpenSSL-cdrom-i386.iso.bz2) = acefe5ce4cefe49e6c601db602af95b2
MD5 (OPNsense-15.1.12_OpenSSL-nano-i386.img.bz2) = 5f2f3c2c76996284557b2e8e4f9cadf2
MD5 (OPNsense-15.1.12_OpenSSL-serial-i386.img.bz2) = 6b0745526824badc05c53fee6c5b035c
MD5 (OPNsense-15.1.12_OpenSSL-vga-i386.img.bz2) = f1c67cac62d621a289dfb8c7384a242f

Stay safe,
Your OPNsense team

[1] https://www.freebsd.org/security/advisories/FreeBSD-SA-15:10.openssl.asc
[2] https://www.freebsd.org/security/advisories/FreeBSD-EN-15:07.zfs.asc
[3] https://www.freebsd.org/security/advisories/FreeBSD-EN-15:06.file.asc
[4] http://mm.icann.org/pipermail/tz-announce/2015-June/000032.html
[5] https://www.openssl.org/news/openssl-1.0.2-notes.html
[6] http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.0-relnotes.txt
[7] http://www.php.net/ChangeLog-5.php#5.6.10
[8] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009644.html
[9] https://www.smartmontools.org/browser/tags/RELEASE_6_4/smartmontools/NEWS