release: update changelogs

source/CE_releases.rst

@@ -8,7 +8,7 @@ Community Edition
     :width: 600px
     :align: center
 
-As of January 2015 there have been *222* releases leading to the latest version *22.1.4*
+As of January 2015 there have been *224* releases leading to the latest version *22.1.6*
 named "Observant Owl".
 
 

source/releases/BE_20.7.rst

@@ -224,7 +224,7 @@ Here are the full patch notes:
 
 This release finally wraps up the recent Netmap kernel changes and tests.
 The Realtek vendor driver was updated as well as third party software cURL,
-libxml2, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple
+libxml, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple
 of them.
 
 We would like to thank Sunny Valley Networks for their relentless efforts
@@ -271,7 +271,7 @@ Here are the full patch notes:
 * src: netmap tun and lagg support (contributed by Sunny Valley Networks)
 * src: update Realtek re driver to upstream version 1.96.04 (contributed by Laurent Dinclaux)
 * ports: curl 7.73.0 `[3] <https://curl.se/changes.html#7_73_0>`__ 
-* ports: libxml2 fixes for CVE-2019-20388, CVE-2020-7595 and CVE-2020-24977
+* ports: libxml fixes for CVE-2019-20388, CVE-2020-7595 and CVE-2020-24977
 * ports: nss 3.58 `[4] <https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes>`__ 
 * ports: openssl 1.1.1h `[5] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
 * ports: php 7.3.23 `[6] <https://www.php.net/ChangeLog-7.php#7.3.23>`__ 

source/releases/BE_21.4.rst

@@ -199,7 +199,7 @@ Here are the full patch notes:
 * src: libcasper: fix descriptors numbers `[14] <FREEBSD:EN-21:19.libcasper>`__ 
 * src: linux: prevent integer overflow in futex_requeue `[15] <FREEBSD:EN-21:22.linux_futex>`__ 
 * ports: filterlog 0.4 adds label support to output if applicable
-* ports: libxml2 fix for CVE-2021-3541
+* ports: libxml fix for CVE-2021-3541
 * ports: nss 3.65 `[16] <https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.65_release_notes>`__ 
 * ports: openssh 8.6p1 `[17] <https://www.openssh.com/txt/release-8.6>`__ 
 * ports: php 7.3.28 `[18] <https://www.php.net/ChangeLog-7.php#7.3.28>`__ 

source/releases/CE_15.7.rst

@@ -37,7 +37,7 @@ tools.  Please see the full patch notes for details and references:
 * base: inconsistency between locale and rune locale states `[4] <https://www.freebsd.org/security/advisories/FreeBSD-EN-15:09.xlocale.asc>`__ 
 * notable ports updates: phalcon 2.0.3 `[5] <https://github.com/phalcon/cphalcon/releases/tag/phalcon-v2.0.3>`__ , curl 7.43.0_2 `[6] <https://curl.haxx.se/changes.html>`__ ,
   openssh 6.8p1_8, python 2.7.10 `[7] <https://hg.python.org/cpython/raw-file/15c95b7d81dc/Misc/NEWS>`__ , perl 5.20.2_5 `[8] <https://perldoc.perl.org/5.20.2/perldelta>`__ , ntp 4.2.8p3 `[9] <http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable>`__ ,
-  libxml2 2.9.2_3 `[10] <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1819>`__ , openldap24-server 2.4.41 `[11] <https://www.openldap.org/software/release/changes.html>`__ 
+  libxml 2.9.2_3 `[10] <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1819>`__ , openldap24-server 2.4.41 `[11] <https://www.openldap.org/software/release/changes.html>`__ 
 * opnsense-update: will no longer try to reinstall the istalled version
   after a fresh installation
 * bsdinstaller: bring back cpdup to error out on low memory installation
@@ -376,11 +376,9 @@ Here are the full patch notes:
 * ports: choparp 20150613 `[5] <https://github.com/quinot/choparp>`__ 
 * ports: libxml 2.9.3 `[6] <http://www.xmlsoft.org/news.html>`__ 
 * ports: pkg 1.6.2 `[7] <https://github.com/freebsd/freebsd-ports/commit/0466b08981bf9c714>`__ 
-* ports: opnsense-bootstrap, the infamous installer that works on stock
-  FreeBSD `[8] <https://github.com/opnsense/update/commit/e3f63ecdb1149a8cc30e3>`__ 
+* ports: opnsense-bootstrap, the infamous installer that works on stock FreeBSD `[8] <https://github.com/opnsense/update/commit/e3f63ecdb1149a8cc30e3>`__ 
 * intrusion detection: ignore json parse errors in eve log file
-* intrusion prevention (development): added Suricata 2.1beta4 in inline
-  mode `[9] <https://forum.opnsense.org/index.php?topic=1740>`__ 
+* intrusion prevention (development): added Suricata 2.1beta4 in inline mode `[9] <https://forum.opnsense.org/index.php?topic=1740>`__ 
 * interfaces: reverted cache removal due to multiple speed regressions reports
 * backend: send timeouts with proper description to syslog
 * openvpn: fix auth server selection for translations
@@ -1140,7 +1138,7 @@ tools.  Please see the full patch notes for details and references:
 * base: inconsistency between locale and rune locale states `[4] <https://www.freebsd.org/security/advisories/FreeBSD-EN-15:09.xlocale.asc>`__ 
 * notable ports updates: phalcon 2.0.3 `[5] <https://github.com/phalcon/cphalcon/releases/tag/phalcon-v2.0.3>`__ , curl 7.43.0_2 `[6] <https://curl.haxx.se/changes.html>`__ ,
   openssh 6.8p1_8, python 2.7.10 `[7] <https://hg.python.org/cpython/raw-file/15c95b7d81dc/Misc/NEWS>`__ , perl 5.20.2_5 `[8] <https://perldoc.perl.org/5.20.2/perldelta>`__ , ntp 4.2.8p3 `[9] <http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable>`__ ,
-  libxml2 2.9.2_3 `[10] <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1819>`__ , openldap24-server 2.4.41 `[11] <https://www.openldap.org/software/release/changes.html>`__ 
+  libxml 2.9.2_3 `[10] <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1819>`__ , openldap24-server 2.4.41 `[11] <https://www.openldap.org/software/release/changes.html>`__ 
 * opnsense-update: will no longer try to reinstall the istalled version
   after a fresh installation
 * bsdinstaller: bring back cpdup to error out on low memory installation

source/releases/CE_16.7.rst

@@ -609,8 +609,11 @@ Here are the full patch notes:
 * lang: Italian is now a release language (contributed by Antonio Prado)
 * lang: minor updates for Russian (contributed by Smart-Soft)
 * lang: minor updates for German and French
-* ports: haproxy 1.6.8 `[1] <http://www.haproxy.org/download/1.6/src/CHANGELOG>`__ , php 5.6.25 `[2] <https://php.net/ChangeLog-5.php#5.6.25>`__ , sqlite 3.14.1 `[3] <https://sqlite.org/releaselog/3_14_1.html>`__ 
-* ports: openvpn 2.3.12 `[4] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12>`__ , libxml 2.9.4 `[5] <http://xmlsoft.org/news.html>`__ 
+* ports: haproxy 1.6.8 `[1] <http://www.haproxy.org/download/1.6/src/CHANGELOG>`__ 
+* ports: php 5.6.25 `[2] <https://php.net/ChangeLog-5.php#5.6.25>`__ 
+* ports: sqlite 3.14.1 `[3] <https://sqlite.org/releaselog/3_14_1.html>`__ 
+* ports: openvpn 2.3.12 `[4] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12>`__ 
+* ports: libxml 2.9.4 `[5] <http://www.xmlsoft.org/news.html>`__ 
 
 
 

source/releases/CE_17.7.rst

@@ -119,7 +119,7 @@ Here are the full patch notes:
 * mvc: ignore client-side anchors in breadcrumb generation
 * ui: do not use a CSRF input element ID
 * plugins: os-freeradius 1.4.1 fixes a warning in clients (contributed by Michael Muenz)
-* ports: libxml 2.4.7 `[1] <http://xmlsoft.org/news.html>`__ 
+* ports: libxml 2.4.7 `[1] <http://www.xmlsoft.org/news.html>`__ 
 * ports: py-ipaddress 1.0.19
 
 

source/releases/CE_20.7.rst

@@ -224,7 +224,7 @@ Here are the full patch notes:
 
 This release finally wraps up the recent Netmap kernel changes and tests.
 The Realtek vendor driver was updated as well as third party software cURL,
-libxml2, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple
+libxml, OpenSSL, PHP, Suricata, Syslog-ng and Unbound just to name a couple
 of them.
 
 We would like to thank Sunny Valley Networks for their relentless efforts
@@ -271,7 +271,7 @@ Here are the full patch notes:
 * src: netmap tun and lagg support (contributed by Sunny Valley Networks)
 * src: update Realtek re driver to upstream version 1.96.04 (contributed by Laurent Dinclaux)
 * ports: curl 7.73.0 `[3] <https://curl.se/changes.html#7_73_0>`__ 
-* ports: libxml2 fixes for CVE-2019-20388, CVE-2020-7595 and CVE-2020-24977
+* ports: libxml fixes for CVE-2019-20388, CVE-2020-7595 and CVE-2020-24977
 * ports: nss 3.58 `[4] <https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes>`__ 
 * ports: openssl 1.1.1h `[5] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
 * ports: php 7.3.23 `[6] <https://www.php.net/ChangeLog-7.php#7.3.23>`__ 

source/releases/CE_21.1.rst

@@ -267,7 +267,7 @@ Here are the full patch notes:
 * ports: expat 2.4.1
 * ports: filterlog 0.4 adds label support to output if applicable
 * ports: libressl 3.3.3 `[12] <https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.3-relnotes.txt>`__ 
-* ports: libxml2 fix for CVE-2021-3541
+* ports: libxml fix for CVE-2021-3541
 * ports: nss 3.65 `[13] <https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.65_release_notes>`__ 
 * ports: openssh 8.6p1 `[14] <https://www.openssh.com/txt/release-8.6>`__ 
 * ports: openvpn 2.4.11 `[15] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.11>`__ 

source/releases/CE_22.1.rst

@@ -33,6 +33,83 @@ can be found below as well.
 * Full mirror list: https://opnsense.org/download/
 
 
+--------------------------------------------------------------------------
+22.1.6 (April 13, 2022)
+--------------------------------------------------------------------------
+
+
+Since the Unbound migration for overrides surfaced a number of issues
+in the new code this is a follow-up release to ensure interoperability.
+Thank you for the honest feedback, bug reports and code submissions.
+
+Here are the full patch notes:
+
+* system: obsolete plugins calling missing functions shall not produce fatal errors
+* system: added the correct content-type for the dashboard plugins feed (contributed by Bo Frederiksen)
+* reporting: do not rely on /var/run/booting test in system health backend code
+* firewall: adjust default deny label to include mention of possible state violation
+* firewall: fix sessions page ACL
+* interfaces: bring back strict reordering of VIPs during dynamic address acquire
+* dhcp: added reload action for cron use
+* dhcp: support supplying iPXE filename
+* firmware: use isolated directory for database update check
+* firmware: cross-version check was not using correct information
+* firmware: cross-version update should indicate base/kernel reinstall
+* unbound: domain override IP may contain port information
+* unbound: show combined hostname.domain description in new alias popup
+* unbound: properly support "_msdcs" domain override prefix
+* unbound: add missing alias description
+* unbound: fix overrides case sort order (contributed by NYOB)
+* unbound: fix ACL for overrides
+* unbound: fix handling of wildcard aliases (contributed by devin122)
+* mvc: add generic searchRecordsetBase() to match existing searchBase()
+* ports: phpseclib 2.0.37 `[1] <https://github.com/phpseclib/phpseclib/releases/tag/2.0.37>`__ 
+
+
+
+--------------------------------------------------------------------------
+22.1.5 (April 07, 2022)
+--------------------------------------------------------------------------
+
+
+Due to popular demand the user experience for the revamped VLAN handling
+was improved in several areas.  Also incuded are a larger Unbound MVC
+rework and DNS system route apply changes from one single spot.  Last but
+not least the zlib vulnerability was fixed in FreeBSD amongst others.
+
+Here are the full patch notes:
+
+* system: set up all DNS system routes from system_resolvconf_generate()
+* system: properly clear legacy files when clearing log files
+* reporting: add ACPI and ARM temperature support to health data
+* interfaces: do not assume exclusive use of router file in IPv6 PPPoE case
+* interfaces: for symmetry with PPPoE do not reload WAN when address disappears
+* interfaces: VLAN UX changes include better tag and parent visibility and handling
+* interfaces: improve VLAN parent selection for batch changes to allow for a single apply
+* interfaces: hint at missing apply when trying to add a new interface in assignment page
+* captive portal: prevent cleansing password field
+* dhcp: give a hint on why an interface was ignored in radvd
+* firmware: exclude revision matching from latest changelog version check
+* unbound: add custom forwarding and overrides MVC pages
+* ui: omit total entries display for log grids
+* plugins: os-acme-client 3.9 `[1] <https://github.com/opnsense/plugins/blob/stable/22.1/security/acme-client/pkg-descr>`__ 
+* plugins: os-chrony 1.5 `[2] <https://github.com/opnsense/plugins/blob/stable/22.1/net/chrony/pkg-descr>`__ 
+* plugins: os-ddclient 1.5 `[3] <https://github.com/opnsense/plugins/blob/stable/22.1/dns/ddclient/pkg-descr>`__ 
+* src: pf(4) tables may fail to load `[4] <FREEBSD:FreeBSD-EN-22:15.pf>`__ 
+* src: potential jail escape vulnerabilities in netmap `[5] <FREEBSD:FreeBSD-SA-22:04.netmap>`__ 
+* src: bhyve e82545 device emulation out-of-bounds write `[6] <FREEBSD:FreeBSD-SA-22:05.bhyve>`__ 
+* src: mpr/mps/mpt driver ioctl heap out-of-bounds write `[7] <FREEBSD:FreeBSD-SA-22:06.ioctl>`__ 
+* src: 802.11 heap buffer overflow `[8] <FREEBSD:FreeBSD-SA-22:07.wifi_meshid>`__ 
+* src: zlib compression out-of-bounds write `[9] <FREEBSD:FreeBSD-SA-22:08.zlib>`__ 
+* ports: curl 7.82.0 `[10] <https://curl.se/changes.html#7_82_0>`__ 
+* ports: expat 2.4.8 `[11] <https://github.com/libexpat/libexpat/blob/R_2_4_8/expat/Changes>`__ 
+* ports libxml 2.9.13 `[12] <http://www.xmlsoft.org/news.html>`__ 
+* ports: monit 5.32.0 `[13] <https://mmonit.com/monit/changes/>`__ 
+* ports: nss 3.77 `[14] <https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.77_release_notes>`__ 
+* ports: python 3.8.13 `[15] <https://docs.python.org/release/3.8.13/whatsnew/changelog.html>`__ 
+
+
+
 --------------------------------------------------------------------------
 22.1.4 (March 24, 2022)
 --------------------------------------------------------------------------