|
|
|
@ -34,6 +34,141 @@ can be found below as well.
|
|
|
|
|
* Full mirror list: https://opnsense.org/download/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
22.7.8 (November 17, 2022)
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is a small maintenance and security update. You will notice that
|
|
|
|
|
LibreSSL no longer works with FreeRADIUS software due to hiding library
|
|
|
|
|
internals that are used by the software. Your current install will
|
|
|
|
|
continue to work, but we would recommend switching to OpenSSL to receive
|
|
|
|
|
FreeRADIUS updates as they become available.
|
|
|
|
|
|
|
|
|
|
Also, the infamous log_error() message is being phased out in the development
|
|
|
|
|
version to end the questions of "Why is this log message an error?" and so
|
|
|
|
|
with log_msg() each log line receives a more appropriate log level between
|
|
|
|
|
error, warning and notice.
|
|
|
|
|
|
|
|
|
|
Here are the full patch notes:
|
|
|
|
|
|
|
|
|
|
* system: add statistics tree view containing vmstat memory characteristics
|
|
|
|
|
* system: explicitly reopen main log file in case another log file was used and closed
|
|
|
|
|
* system: tweak log_msg() to prepare log level adjustments migration away from log_error()
|
|
|
|
|
* system: enforce config reload to fetch group membership in authentication tester
|
|
|
|
|
* system: separate interface type icon from name column in interface widget
|
|
|
|
|
* system: change system log default to "Notice"
|
|
|
|
|
* system: UX tweaks on activity page
|
|
|
|
|
* system: revised backend daemon startup delay
|
|
|
|
|
* system: drop empty plugins_run() result
|
|
|
|
|
* interfaces: migrate main clearing of interface data to ifctl
|
|
|
|
|
* interfaces: fix display of special HTML characters in packet capture
|
|
|
|
|
* interfaces: retain existing PPP settings on saving interface settings
|
|
|
|
|
* interfaces: delete the correct lock of PPP device
|
|
|
|
|
* interfaces: fix variable use in interface_proxyarp_configure()
|
|
|
|
|
* firewall: wrap user rule registration in new function filter_core_rules_user()
|
|
|
|
|
* firewall: simplify rule lookup by using filter_core_rules_user()
|
|
|
|
|
* firewall: allow external dynamic address in NPT
|
|
|
|
|
* firewall: remove extended VIP expansion from NAT rules
|
|
|
|
|
* firewall: fix live view hostname lookup may result in HTTP 431 error
|
|
|
|
|
* ipsec: remove side effect host route removal from Phase 1 page
|
|
|
|
|
* unbound: do not stop on potential errors in start script
|
|
|
|
|
* plugins: os-freeradius is no longer available for LibreSSL to allow updates of FreeRADIUS software
|
|
|
|
|
* plugins: os-nginx 1.31 `[1] <https://github.com/opnsense/plugins/blob/stable/22.7/www/nginx/pkg-descr>`__
|
|
|
|
|
* plugins: os-wireguard now skips invalid peers for dashboard widget (contributed by jkellerer)
|
|
|
|
|
* ports: expat 2.5.0 `[2] <https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes>`__
|
|
|
|
|
* ports: krb5 1.20.1 `[3] <https://web.mit.edu/kerberos/krb5-1.20/>`__
|
|
|
|
|
* ports: nss 3.85 `[4] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_85.html>`__
|
|
|
|
|
* ports: phalcon 5.1.1 `[5] <https://github.com/phalcon/cphalcon/releases/tag/v5.1.1>`__
|
|
|
|
|
* ports: sudo 1.9.12p1 `[6] <https://www.sudo.ws/stable.html#1.9.12p1>`__
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
22.7.7 (November 03, 2022)
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We replaced the packet capture tool with a MVC/API rewrite and
|
|
|
|
|
updated most plugins to use the new setup script facility when
|
|
|
|
|
doing a start/restart/reload through the RC system.
|
|
|
|
|
|
|
|
|
|
A number of FreeBSD kernel improvements have been included as well.
|
|
|
|
|
|
|
|
|
|
Although OpenSSL is being updated keep in mind that the current
|
|
|
|
|
popular vulnerability only exists in version 3 and we still use
|
|
|
|
|
1.1.1.
|
|
|
|
|
|
|
|
|
|
Here are the full patch notes:
|
|
|
|
|
|
|
|
|
|
* system: fix getOID() call for phpseclib 3 while processing CSR
|
|
|
|
|
* system: avoid error on installer user creation
|
|
|
|
|
* system: show booting banner on dashboard
|
|
|
|
|
* interfaces: show attached interface for VLAN device in overview
|
|
|
|
|
* interfaces: packet capture MVC/API replacement
|
|
|
|
|
* interfaces: fix ARP table name resolve backend issue (contributed by soif)
|
|
|
|
|
* firewall: off-by-one in regex for target port range parse
|
|
|
|
|
* firewall: support Maxmind unclassified "EU" as selectable country
|
|
|
|
|
* firewall: fix possible race condition when changing limit in live log
|
|
|
|
|
* firewall: fix sorting bug in aliases list
|
|
|
|
|
* firewall: allow the use of "dynamic" interface types in shaper, e.g. IPsec devices
|
|
|
|
|
* dnsmasq: remove expired root trust anchor (contributed by Johnny S. Lee)
|
|
|
|
|
* firmware: always fetch the signature file to avoid signature issues after upgrades
|
|
|
|
|
* firmware: use effective ABI in changelog fetch
|
|
|
|
|
* firmware: ignore automatic business plugin and license hint
|
|
|
|
|
* intrusion detection: missing OPNsense categories
|
|
|
|
|
* ipsec: missing return in controller
|
|
|
|
|
* openvpn: use ifctl in link up/down scripts
|
|
|
|
|
* unbound: move the removal of pluggable files above the configuration check
|
|
|
|
|
* unbound: remove 127/8 from private-address block when rebind protection is enabled
|
|
|
|
|
* unbound: make the default private-address items configurable via the advanced page
|
|
|
|
|
* unbound: fix possible error while opening DoT page
|
|
|
|
|
* mvc: when multiple validation messages are returned wrap each message in a div tag
|
|
|
|
|
* mvc: prevent UserExceptions to end up in the crash reporter
|
|
|
|
|
* mvc: translate a base field error
|
|
|
|
|
* backend: wait 1 second for configd socket to become available
|
|
|
|
|
* console: store UUID for VLAN device
|
|
|
|
|
* rc: remove obsolete NAME_var_script and NAME_var_mfs support
|
|
|
|
|
* plugins: migrate all plugins to NAME_setup script use
|
|
|
|
|
* plugins: $verbose argument in plugins_run() is spurious
|
|
|
|
|
* plugins: os-acme-client 3.14 `[1] <https://github.com/opnsense/plugins/blob/stable/22.7/security/acme-client/pkg-descr>`__
|
|
|
|
|
* plugins: os-apcupsd 1.1 `[2] <https://github.com/opnsense/plugins/blob/stable/22.7/sysutils/apcupsd/pkg-descr>`__
|
|
|
|
|
* plugins: os-frr 1.31 `[3] <https://github.com/opnsense/plugins/blob/stable/22.7/net/frr/pkg-descr>`__
|
|
|
|
|
* plugins: os-haproxy 3.12 `[4] <https://github.com/opnsense/plugins/blob/stable/22.7/net/haproxy/pkg-descr>`__
|
|
|
|
|
* plugins: os-maltrail 1.10 `[5] <https://github.com/opnsense/plugins/blob/stable/22.7/security/maltrail/pkg-descr>`__
|
|
|
|
|
* plugins: os-openconnect 1.4.3 `[6] <https://github.com/opnsense/plugins/blob/stable/22.7/security/openconnect/pkg-descr>`__
|
|
|
|
|
* plugins: os-telegraf 1.12.6 `[7] <https://github.com/opnsense/plugins/blob/stable/22.7/net-mgmt/telegraf/pkg-descr>`__
|
|
|
|
|
* plugins: os-tor 1.9 enables hardware acceleration (contributed by haarp)
|
|
|
|
|
* plugins: os-wireguard 1.13 `[8] <https://github.com/opnsense/plugins/blob/stable/22.7/net/wireguard/pkg-descr>`__
|
|
|
|
|
* src: revert "e1000: try auto-negotiation for fixed 100 or 10 configuration"
|
|
|
|
|
* src: vxlan: check the size of data available in mbuf before using them
|
|
|
|
|
* src: vm_page: fix a logic error in the handling of PQ_ACTIVE operations `[9] <FREEBSD:FreeBSD-EN-22:23.vm>`__
|
|
|
|
|
* src: cam: provide compatibility for CAMGETPASSTHRU for periph drivers `[10] <FREEBSD:FreeBSD-EN-22:26.cam>`__
|
|
|
|
|
* src: loader: fix elf lookup_symbol type filtering `[11] <FREEBSD:FreeBSD-EN-22:27.loader>`__
|
|
|
|
|
* src: zfs: fix a pair of bugs in zfs_fhtovp() `[12] <FREEBSD:FreeBSD-EN-22:24.zfs>`__
|
|
|
|
|
* src: zfs: fix use-after-free in btree code `[13] <FREEBSD:FreeBSD-EN-22:21.zfs>`__
|
|
|
|
|
* src: tcp: finish SACK loss recovery on sudden lack of SACK blocks `[14] <FREEBSD:FreeBSD-EN-22:25.tcp>`__
|
|
|
|
|
* src: igc: remove unnecessary PHY ID checks
|
|
|
|
|
* src: ixl: add support for I710 devices and remove non-inclusive language
|
|
|
|
|
* src: ixl: fix SR-IOV panics
|
|
|
|
|
* src: rc: run NAME_setup before RC_ARG_precmd
|
|
|
|
|
* src: u3g: add more USB IDs
|
|
|
|
|
* ports: libxml 2.10.3 `[15] <http://www.xmlsoft.org/news.html>`__
|
|
|
|
|
* ports: nss 3.84 `[16] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html>`__
|
|
|
|
|
* ports: openssl 1.1.1s `[17] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__
|
|
|
|
|
* ports: openvpn 2.5.8 `[18] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.8>`__
|
|
|
|
|
* ports: phalcon 5.1.0 `[19] <https://github.com/phalcon/cphalcon/releases/tag/v5.1.0>`__
|
|
|
|
|
* ports: php 8.0.25 `[20] <https://www.php.net/ChangeLog-8.php#8.0.25>`__
|
|
|
|
|
* ports: python 3.9.15 `[21] <https://docs.python.org/release/3.9.15/whatsnew/changelog.html>`__
|
|
|
|
|
* ports: sudo 1.9.12 `[22] <https://www.sudo.ws/stable.html#1.9.12>`__
|
|
|
|
|
* ports: unbound 1.17.0 `[23] <https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-0>`__
|
|
|
|
|
|
|
|
|
|
A hotfix release was issued as 22.7.7_1:
|
|
|
|
|
|
|
|
|
|
* openvpn: ifctl requires interface to operate
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
22.7.6 (October 12, 2022)
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|