OPNsense 22.1.4 Bugfix und FreeBSD 13 VLAN Release

OPNsense Logo
OPNsense Logo

Die Open-Source Firewall, OPNsense, erhielt das Update 22.1.4. Dieses bringt nun auch volle VLAN Funktionalität, basierend auf FreeBSD 13. Dafür wurde auch die MVC GUI, sowie die API, angepasst. Zwei weitere Fehler in GIF/GRE wurden ebenso behoben. Auf Grund von Abhängigkeiten wird LibreSSL als 3.3.6 Version angezeigt, die laut CVE-2022-0778 eine Sicherheitslücke aufweist. Dem ist nicht so und die Version

inQ support based on the FreeBSD 13 VLAN base functionality is finally here! To make the best use of it a MVC conversion of the GUI pages was carried out meaning these are now fully API-enabled as well. Two bugs in the previous GIF/GRE rework have also been reported and fixed.

Note while this does fix CVE-2022-0778 even for LibreSSL the security audit database by FreeBSD will falsely flag the 3.3.6 release as vulnerable when in fact it is not. Since build issues arise on LibreSSL 3.4 that involve plugin dependencies in all likelihood we will be refraining from updating to version 3.4 altogether and do not have much hope for the upcoming 3.5 either.

Here are the full patch notes:

system: prefer configured IP address family use earlier on boot
system: allow boot to perform generic UFS/ZFS grow using the /.probe.for.growfs marker file
system: import ZFS pools before mounting ZFS datasets
reporting: use asynchronous DNS resolver for reverse lookups on traffic page
interfaces: loopback "lo0" exists for VIPs
interfaces: only strip addresses on configured IP types
interfaces: use new ifctl utility for DHCPv6 IP type and add manual page
interfaces: adjust MTU configuration when parent also requires MTU changes
interfaces: VLAN MVC conversion with API and QinQ support
interfaces: cleanup surrounding LAGG function use
firewall: constrain default CARP allow rules to those defined in RFC 5798
firewall: make sure that rule use of gateways (route-to) and reply-to are mutually exclusive
firewall: tighten alias FQDN validation to avoid accepting mistypes such as "192.168.01.1"
firmware: revoke the 21.7 fingerprint
intrusion detection: improve row count on alerts page
backend: consolidate configctl utility into one location and add manual page
plugins: os-ddclient 1.4[1]
plugins: os-theme-cicada 1.29
plugins: os-theme-vicuna 1.41
src: openssl: fix a bug in BN_mod_sqrt() that can cause it to loop forever[2]
src: zfs: fix handling of errors from dmu_write_uio_dbuf()[3]
src: debugnet: remove spurious message on boot
ports: ca_root_nss fix for faulty upstream file linking
ports: libressl 3.3.6[4]
ports: openssl 1.1.1n[5]
ports: openvpn 2.5.6[6]

A hotfix release was issued as 22.1.4_1:

mvc: properly root the model mount point to avoid unrelated XML node name overlap

Ersten Kommentar schreiben

Antworten

Deine E-Mail-Adresse wird nicht veröffentlicht.


*


Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.