|
|
|
@ -26,6 +26,153 @@ can be found below as well.
|
|
|
|
|
* Full mirror list: https://opnsense.org/download/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
20.7.5 (November 20, 2020)
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We return briefly for a small patch set and plan to pin the 20.1 upgrade
|
|
|
|
|
path to this particular version to avoid unnecessary stepping stones. We
|
|
|
|
|
wish you all a healthy Friday. And of course: patch responsibly!
|
|
|
|
|
|
|
|
|
|
Here are the full patch notes:
|
|
|
|
|
|
|
|
|
|
* system: syslog-ng related fixes during package management based restart
|
|
|
|
|
* system: change dpinger syslog message to reflect correct RTT and RTTd unit (contributed by fhloston)
|
|
|
|
|
* web proxy: add toggle for pinger service (contributed by nowyouseeit)
|
|
|
|
|
* web proxy: add missing X-Forwarded-For header option
|
|
|
|
|
* mvc: new Base64Field type
|
|
|
|
|
* mvc: new VirtualIPField type
|
|
|
|
|
* plugins: os-acme-client 2.0 `[1] <https://github.com/opnsense/plugins/blob/master/security/acme-client/pkg-descr>`__
|
|
|
|
|
* plugins: os-bind 1.14 `[2] <https://github.com/opnsense/plugins/blob/master/dns/bind/pkg-descr>`__
|
|
|
|
|
* plugins: os-chrony 1.1 `[3] <https://github.com/opnsense/plugins/blob/master/net/chrony/pkg-descr>`__
|
|
|
|
|
* ports: monit 5.27.1 `[4] <https://mmonit.com/monit/changes/>`__
|
|
|
|
|
* ports: php 7.3.24 `[5] <https://www.php.net/ChangeLog-7.php#7.3.24>`__
|
|
|
|
|
* ports: pkg upstream fix for upgrade script hang `[6] <https://github.com/freebsd/pkg/pull/1893>`__
|
|
|
|
|
* ports: strongswan 5.9.0 `[7] <https://www.strongswan.org/blog/2020/07/29/strongswan-5.9.0-released.html>`__
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
20.7.4 (October 22, 2020)
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This release finally wraps up the recent Netmap kernel changes and tests.
|
|
|
|
|
The Realtek vendor driver was updated as well as third party software cURL,
|
|
|
|
|
libxml2, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple
|
|
|
|
|
of them.
|
|
|
|
|
|
|
|
|
|
We would like to thank Sunny Valley Networks for their relentless efforts
|
|
|
|
|
to bring said Netmap fixes and improvements into FreeBSD.
|
|
|
|
|
|
|
|
|
|
If you are having trouble with a stuck update try the command sequence below
|
|
|
|
|
from the root shell or simply reboot from the GUI and rerun the update in
|
|
|
|
|
case it was not fully carried out yet.
|
|
|
|
|
|
|
|
|
|
.. code-block::
|
|
|
|
|
|
|
|
|
|
# pkill syslog-ng
|
|
|
|
|
# service syslog-ng restart
|
|
|
|
|
|
|
|
|
|
Here are the full patch notes:
|
|
|
|
|
|
|
|
|
|
* system: switch web GUI address selection to avoid server.bind in IPv6 first case
|
|
|
|
|
* system: fix defunct "use default" button on web GUI listen interfaces
|
|
|
|
|
* system: signal "auth user changed" when a user is modified via web GUI
|
|
|
|
|
* system: replace gateway widget and add proper API endpoint for it
|
|
|
|
|
* system: fix reading displayName attribute on LDAP search (contributed by ServiusHack)
|
|
|
|
|
* interfaces: change maximum MTU value to 65535 in accordance with RFC 791
|
|
|
|
|
* interfaces: update wireless device detection prefixes
|
|
|
|
|
* interfaces: lexical sort interface keys for assignments
|
|
|
|
|
* firewall: add support for network exclusions in network alias type
|
|
|
|
|
* firewall: add NAT information to pfInfo page (contributed by kulikov-a)
|
|
|
|
|
* firewall: associated NAT rules missed state keyword
|
|
|
|
|
* firewall: allow "or" conditions in live log
|
|
|
|
|
* firewall: use pfctl for alias IP check (contributed by kulikov-a)
|
|
|
|
|
* dnsmasq: regenerate resolv.conf on save
|
|
|
|
|
* dnsmasq: log queries option
|
|
|
|
|
* intrusion detection: ignore pkill exit status when performing update
|
|
|
|
|
* ipsec: add description to reconfigure action (contributed by Frank Wall)
|
|
|
|
|
* unbound: rebuild unbound blacklist download
|
|
|
|
|
* unbound: restructure reconfigure so that we always flush config
|
|
|
|
|
* backend: add new "config changed" event using syshook structure (sponsored by Modirum)
|
|
|
|
|
* mvc: add a few missing control widgets from log pages
|
|
|
|
|
* ui: upgrade moment.js to 2.27.0
|
|
|
|
|
* plugins: os-freeradius 1.9.8 `[1] <https://github.com/opnsense/plugins/blob/master/net/freeradius/pkg-descr>`__
|
|
|
|
|
* plugins: os-git-backup 1.0 `[2] <https://github.com/opnsense/plugins/issues/2049>`__ (sponsored by Modirum)
|
|
|
|
|
* plugins: os-haproxy 2.25 `[3] <https://curl.haxx.se/changes.html>`__
|
|
|
|
|
* plugins: os-stunnel 1.0.2 adds service protocol selector (contributed by fhloston)
|
|
|
|
|
* src: extended netmap update and driver fixes
|
|
|
|
|
* src: netmap tun and lagg support (contributed by Sunny Valley Networks)
|
|
|
|
|
* src: update Realtek re driver to upstream version 1.96.04 (contributed by Laurent Dinclaux)
|
|
|
|
|
* ports: curl 7.73.0 `[3] <https://curl.haxx.se/changes.html>`__
|
|
|
|
|
* ports: libxml2 fixes for CVE-2019-20388, CVE-2020-7595 and CVE-2020-24977
|
|
|
|
|
* ports: nss 3.58 `[4] <https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes>`__
|
|
|
|
|
* ports: openssl 1.1.1h `[5] <https://www.openssl.org/news/changelog.html#openssl-111>`__
|
|
|
|
|
* ports: php 7.3.23 `[6] <https://www.php.net/ChangeLog-7.php#7.3.23>`__
|
|
|
|
|
* ports: pkg 1.15.10
|
|
|
|
|
* ports: radvd patch for dynamic interface shifting index
|
|
|
|
|
* ports: sudo 1.9.3p1 `[7] <https://www.sudo.ws/stable.html#1.9.3p1>`__
|
|
|
|
|
* ports: suricata 5.0.4 `[8] <https://suricata-ids.org/2020/10/08/suricata-4-1-9-and-5-0-4-released/>`__
|
|
|
|
|
* ports: syslog-ng 3.29.1 `[9] <https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.29.1>`__
|
|
|
|
|
* ports: unbound 1.12.0 `[10] <https://nlnetlabs.nl/projects/unbound/download/>`__
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
20.7.3 (September 24, 2020)
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Today is the day for a number of FreeBSD security advisories and a few
|
|
|
|
|
reliability fixes.
|
|
|
|
|
|
|
|
|
|
We are still testing a batch of Netmap improvement patches with a separate
|
|
|
|
|
kernel. This and the Realtek vendor driver update will likely follow in
|
|
|
|
|
the next kernel update. All feedback is welcome.
|
|
|
|
|
|
|
|
|
|
Here are the full patch notes:
|
|
|
|
|
|
|
|
|
|
* system: use different shell gateway name to appease wizard
|
|
|
|
|
* system: simplify CARP hook
|
|
|
|
|
* interfaces: phase out netaddr.eui.ieee.OUI_REGISTRY_PATH usage
|
|
|
|
|
* firewall: add MAC type to top right filter selection
|
|
|
|
|
* firewall: fix two scrub rule parsing bugs
|
|
|
|
|
* firewall: omit group type interfaces in filter selection
|
|
|
|
|
* intrusion detection: re-create rule cache after rule deployment
|
|
|
|
|
* unbound: add "unbound-plus" section to XMLRPC sync
|
|
|
|
|
* dhcp: adding DDNS values of each additional pool to the $ddns_zones array (contributed by Mathieu St-Pierre)
|
|
|
|
|
* dhcp: add static interface mode to router advertisements
|
|
|
|
|
* rc: fix ssh key permissions on MSDOS import
|
|
|
|
|
* rc: support service identifier in pluginctl -s mode
|
|
|
|
|
* plugins: os-bind download link changes (contributed by gap579137)
|
|
|
|
|
* plugins: os-chrony 1.0 (contributed by Michael Muenz)
|
|
|
|
|
* plugins: os-dnscrypt-proxy blocklist script fixes (contributed by Mark Keisler)
|
|
|
|
|
* plugins: os-frr 1.17 `[1] <https://github.com/opnsense/plugins/blob/master/net/frr/pkg-descr>`__
|
|
|
|
|
* plugins: os-postfix 1.17 `[2] <https://github.com/opnsense/plugins/blob/master/mail/postfix/pkg-descr>`__
|
|
|
|
|
* plugins: os-rspamd 1.10 `[3] <https://github.com/opnsense/plugins/blob/master/mail/rspamd/pkg-descr>`__
|
|
|
|
|
* plugins: os-theme-cicada 1.25 (contributed by Team Rebellion)
|
|
|
|
|
* plugins: os-theme-tukan 1.23 (contributed by Team Rebellion)
|
|
|
|
|
* plugins: os-theme-vicuna 1.1 (contributed by Team Rebellion)
|
|
|
|
|
* plugins: os-wireguard 1.3 `[4] <https://github.com/opnsense/plugins/blob/master/net/wireguard/pkg-descr>`__
|
|
|
|
|
* plugins: os-zabbix-agent 1.8 `[5] <https://github.com/opnsense/plugins/blob/master/net-mgmt/zabbix-agent/pkg-descr>`__
|
|
|
|
|
* src: fix FreeBSD Linux ABI kernel panic `[6] <https://www.freebsd.org/security/advisories/FreeBSD-EN-20:17.linuxthread.asc>`__
|
|
|
|
|
* src: fix SCTP socket use-after-free `[7] <https://www.freebsd.org/security/advisories/FreeBSD-SA-20:25.sctp.asc>`__
|
|
|
|
|
* src: fix dhclient heap overflow `[8] <https://www.freebsd.org/security/advisories/FreeBSD-SA-20:26.dhclient.asc>`__
|
|
|
|
|
* src: fix ure device driver susceptible to packet-in-packet attack `[9] <https://www.freebsd.org/security/advisories/FreeBSD-SA-20:27.ure.asc>`__
|
|
|
|
|
* src: fix bhyve privilege escalation via VMCS access `[10] <https://www.freebsd.org/security/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc>`__
|
|
|
|
|
* src: fix bhyve SVM guest escape `[11] <https://www.freebsd.org/security/advisories/FreeBSD-SA-20:29.bhyve_svm.asc>`__
|
|
|
|
|
* src: fix ftpd privilege escalation via ftpchroot `[12] <https://www.freebsd.org/security/advisories/FreeBSD-SA-20:30.ftpd.asc>`__
|
|
|
|
|
* src: set PAX_HARDENING_NOSHLIBRANDOM in the RTLD by default
|
|
|
|
|
* src: fix kernel panic while trying to read multicast stream
|
|
|
|
|
* ports: mpd 5.9 `[13] <http://mpd.sourceforge.net/doc5/mpd4.html#4>`__
|
|
|
|
|
* ports: nss 3.57 `[14] <https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes>`__
|
|
|
|
|
* ports: php 7.3.22 `[15] <https://www.php.net/ChangeLog-7.php#7.3.22>`__
|
|
|
|
|
* ports: pkg 1.15.6 `[16] <https://github.com/freebsd/freebsd-ports/commit/fd4f5566aea>`__
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
20.7.2 (September 02, 2020)
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|