|
|
@ -29,6 +29,80 @@ can be found below as well.
|
|
|
|
* Full mirror list: https://opnsense.org/download/
|
|
|
|
* Full mirror list: https://opnsense.org/download/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
23.1.2 (March 07, 2023)
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is mainly a reliability update with fixes in assorted subsystems.
|
|
|
|
|
|
|
|
Of note is the OpenVPN authentication framework rewrite in order to take
|
|
|
|
|
|
|
|
advantage of the upcoming OpenVPN 2.6 deferred authentication feature and
|
|
|
|
|
|
|
|
the fix for DHCP renew behaviour that was reported on 23.1.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The roadmap for 23.7 was published, but at this point mainly consists of
|
|
|
|
|
|
|
|
MVC/API porting efforts for existing static pages. While the rewrite is
|
|
|
|
|
|
|
|
not strictly necessary from a user perspective it will move us a lot closer
|
|
|
|
|
|
|
|
to our mission goal to introduce privilege separation and to provide an API
|
|
|
|
|
|
|
|
for all components.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Here are the full patch notes:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* system: use singleton boot detection everywhere
|
|
|
|
|
|
|
|
* system: protect against more stray scripts on boot
|
|
|
|
|
|
|
|
* system: several shell_safe() conversions
|
|
|
|
|
|
|
|
* system: when applying auto-far default route make sure the local address is not empty
|
|
|
|
|
|
|
|
* system: refactor system_default_route() to prevent empty $gateway
|
|
|
|
|
|
|
|
* system: create system_resolver_configure() and cron job support
|
|
|
|
|
|
|
|
* system: add simple script and configd action to list current group membership (configctl auth list groups)
|
|
|
|
|
|
|
|
* system: prevent alias reload in routing reconfiguration like we do in rc.syshook monitor reload
|
|
|
|
|
|
|
|
* interfaces: protect against empty GIF host route
|
|
|
|
|
|
|
|
* interfaces: fix parsing of device names with a dot in packet capture
|
|
|
|
|
|
|
|
* interfaces: force newip calls through DHCP/PPP/OVPN on IPv4
|
|
|
|
|
|
|
|
* interfaces: force newip calls through DHCP/PPP on IPv6
|
|
|
|
|
|
|
|
* firewall: fix NAT dropdowns ignoring VIPs
|
|
|
|
|
|
|
|
* firewall: fix validation of alias names such as "A_BC"
|
|
|
|
|
|
|
|
* fIrewall: show all applicable floating rules when inspecting interface rules
|
|
|
|
|
|
|
|
* firewall: prevent networks from being sent to DNS resolver in update_tables.py
|
|
|
|
|
|
|
|
* reporting: make all status mapping colors configurable for themes in the Unbound DNS page
|
|
|
|
|
|
|
|
* dnsmasq: add dns_forward_max, cache_size and local_ttl options to GUI (contributed by Dr. Uwe Meyer-Gruhl)
|
|
|
|
|
|
|
|
* firmware: remove retired LibreSSL flavour handling and annotations
|
|
|
|
|
|
|
|
* ipsec: reqid should not be provided on mobile sessions
|
|
|
|
|
|
|
|
* ipsec: validate pool names on connections page
|
|
|
|
|
|
|
|
* ipsec: allow "@" character in all other eap_id fields for new connections
|
|
|
|
|
|
|
|
* ipsec: add connection data to XMLRPC sync
|
|
|
|
|
|
|
|
* ipsec: "Dynamic gateway" (rightallowany) option should be translated to 0.0.0.0/0,::/0
|
|
|
|
|
|
|
|
* network time: remove "disable monitor" to get rid of log warnings (contributed by Dr. Uwe Meyer-Gruhl)
|
|
|
|
|
|
|
|
* openvpn: replace authentication handler to prepare for upcoming OpenVPN 2.6 with deferred authentication
|
|
|
|
|
|
|
|
* openvpn: rename -cipher option to --data-ciphers-fallback and adjust GUI accordingly
|
|
|
|
|
|
|
|
* unbound: fix typo in logger and create a pipe early in dnsbl_module.py (contributed by kulikov-a)
|
|
|
|
|
|
|
|
* unbound: fix type cast to prevent unnecessary updateBlocklist action
|
|
|
|
|
|
|
|
* unbound: add missing blocklist
|
|
|
|
|
|
|
|
* ui: solve deprecation in PHP via html_safe() wrapper
|
|
|
|
|
|
|
|
* wizard: unbound hardened DNSSEC setting moved
|
|
|
|
|
|
|
|
* plugins: os-acme-client 3.16 `[1] <https://github.com/opnsense/plugins/blob/stable/23.1/security/acme-client/pkg-descr>`__
|
|
|
|
|
|
|
|
* plugins: os-crowdsec 1.0.2 `[2] <https://github.com/opnsense/plugins/blob/stable/23.1/security/crowdsec/pkg-descr>`__
|
|
|
|
|
|
|
|
* plugins: os-rfc2136 1.8 `[3] <https://github.com/opnsense/plugins/blob/stable/23.1/dns/rfc2136/pkg-descr>`__
|
|
|
|
|
|
|
|
* plugins: os-theme-cicada 1.33 (contributed by Team Rebellion)
|
|
|
|
|
|
|
|
* plugins: os-theme-tucan 1.26 (contributed by Team Rebellion)
|
|
|
|
|
|
|
|
* plugins: os-theme-vicuna 1.44 (contributed by Team Rebellion)
|
|
|
|
|
|
|
|
* src: fix multiple OpenSSL vulnerabilities `[4] <FREEBSD:FreeBSD-SA-23:03.openssl>`__
|
|
|
|
|
|
|
|
* src: pfsync: support deferring IPv6 packets
|
|
|
|
|
|
|
|
* src: pfsync: add missing bucket lock
|
|
|
|
|
|
|
|
* src: pfsync: ensure 'error' is always initialised
|
|
|
|
|
|
|
|
* ports: filterlog 0.7 fixes unknown TCP option print
|
|
|
|
|
|
|
|
* ports: lighttpd 1.4.69 `[5] <https://www.lighttpd.net/2023/2/10/1.4.69/>`__
|
|
|
|
|
|
|
|
* ports: monit 5.33.0 `[6] <https://mmonit.com/monit/changes/>`__
|
|
|
|
|
|
|
|
* ports: nss 3.88.1 `[7] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_88_1.html>`__
|
|
|
|
|
|
|
|
* ports: openldap 2.6.4 `[8] <https://www.openldap.org/software/release/changes.html>`__
|
|
|
|
|
|
|
|
* ports: openssh 9.2p1 `[9] <https://www.openssh.com/txt/release-9.2>`__
|
|
|
|
|
|
|
|
* ports: php 8.1.16 `[10] <https://www.php.net/ChangeLog-8.php#8.1.16>`__
|
|
|
|
|
|
|
|
* ports: phalcon 5.2.1 `[11] <https://github.com/phalcon/cphalcon/releases/tag/v5.2.1>`__
|
|
|
|
|
|
|
|
* ports: sqlite 3.41.0 `[12] <https://sqlite.org/releaselog/3_41_0.html>`__
|
|
|
|
|
|
|
|
* ports: strongswan 5.9.10 `[13] <https://github.com/strongswan/strongswan/releases/tag/5.9.10>`__
|
|
|
|
|
|
|
|
* ports: sudo 1.9.13p2 `[14] <https://www.sudo.ws/stable.html#1.9.13p2>`__
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
23.1.1 (February 15, 2023)
|
|
|
|
23.1.1 (February 15, 2023)
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
--------------------------------------------------------------------------
|
|
|
@ -116,7 +190,7 @@ Here are the full patch notes:
|
|
|
|
* ports: dnsmasq 2.89 `[8] <https://www.thekelleys.org.uk/dnsmasq/CHANGELOG>`__
|
|
|
|
* ports: dnsmasq 2.89 `[8] <https://www.thekelleys.org.uk/dnsmasq/CHANGELOG>`__
|
|
|
|
* ports: dpinger 3.3 `[9] <https://github.com/dennypage/dpinger/releases/tag/v3.3>`__
|
|
|
|
* ports: dpinger 3.3 `[9] <https://github.com/dennypage/dpinger/releases/tag/v3.3>`__
|
|
|
|
* ports: lighttpd 1.4.68 `[10] <https://www.lighttpd.net/2023/1/3/1.4.68/>`__
|
|
|
|
* ports: lighttpd 1.4.68 `[10] <https://www.lighttpd.net/2023/1/3/1.4.68/>`__
|
|
|
|
* ports: openssh-portable 9.1p1 `[11] <https://www.openssh.com/txt/release-9.1>`__
|
|
|
|
* ports: openssh 9.1p1 `[11] <https://www.openssh.com/txt/release-9.1>`__
|
|
|
|
* ports: openssl 1.1.1t `[12] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__
|
|
|
|
* ports: openssl 1.1.1t `[12] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__
|
|
|
|
* ports: php 8.1.15 `[13] <https://www.php.net/ChangeLog-8.php#8.1.15>`__
|
|
|
|
* ports: php 8.1.15 `[13] <https://www.php.net/ChangeLog-8.php#8.1.15>`__
|
|
|
|
|
|
|
|
|
|
|
|