OPNsense Bugfix Release 22.7.7 und Hotfix 22.7.7-1

Die Open-Source Firewall OPNsense erhielt das Update 22.7.7 und kurze Zeit später das Hotfix 22.7.7-1. Das Update ersetzt das Packet Capture Tool durch die MVC/API und aktualisiert die meisten Plugins, sodass diese das neue Setup Scrtip beim Start/Restart und Relead unterstützen. Weiterhin wurden Verbeserungen im FreeBSD Kernel durchgeführt. Die bekannte OpenSSL Lücke existiert nicht in der aktuellen Version und betrifft nur Version 3, während OPNsense 1.1.1 nutzt.

Das Update benötigt einen Systemneustart.

OPNsense 22.7.7 Release Notes

• system: fix getOID() call for phpseclib 3 while processing CSR
• system: avoid error on installer user creation
• system: show booting banner on dashboard
• interfaces: show attached interface for VLAN device in overview
• interfaces: packet capture MVC/API replacement
• interfaces: fix ARP table name resolve backend issue (contributed by soif)
• firewall: off-by-one in regex for target port range parse
• firewall: support Maxmind unclassified “EU” as selectable country
• firewall: fix possible race condition when changing limit in live log
• firewall: fix sorting bug in aliases list
• firewall: allow the use of “dynamic” interface types in shaper, e.g. IPsec devices
• dnsmasq: remove expired root trust anchor (contributed by Johnny S. Lee)
• firmware: always fetch the signature file to avoid signature issues after upgrades
• firmware: use effective ABI in changelog fetch
• firmware: ignore automatic business plugin and license hint
• intrusion detection: missing OPNsense categories
• ipsec: missing return in controller
• openvpn: use ifctl in link up/down scripts
• unbound: move the removal of pluggable files above the configuration check
• unbound: remove 127/8 from private-address block when rebind protection is enabled
• unbound: make the default private-address items configurable via the advanced page
• unbound: fix possible error while opening DoT page
• mvc: when multiple validation messages are returned wrap each message in a div tag
• mvc: prevent UserExceptions to end up in the crash reporter
• mvc: translate a base field error
• backend: wait 1 second for configd socket to become available
• console: store UUID for VLAN device
• rc: remove obsolete NAME_var_script and NAME_var_mfs support
• plugins: migrate all plugins to NAME_setup script use
• plugins: $verbose argument in plugins_run() is spurious
• plugins: os-acme-client 3.14[1]
• plugins: os-apcupsd 1.1[2]
• plugins: os-frr 1.31[3]
• plugins: os-haproxy 3.12[4]
• plugins: os-maltrail 1.10[5]
• plugins: os-openconnect 1.4.3[6]
• plugins: os-telegraf 1.12.6[7]
• plugins: os-tor 1.9 enables hardware acceleration (contributed by haarp)
• plugins: os-wireguard 1.13[8]
• src: revert “e1000: try auto-negotiation for fixed 100 or 10 configuration”
• src: vxlan: check the size of data available in mbuf before using them
• src: vm_page: fix a logic error in the handling of PQ_ACTIVE operations[9]
• src: cam: provide compatibility for CAMGETPASSTHRU for periph drivers[10]
• src: loader: fix elf lookup_symbol type filtering[11]
• src: zfs: fix a pair of bugs in zfs_fhtovp()[12]
• src: zfs: fix use-after-free in btree code[13]
• src: tcp: finish SACK loss recovery on sudden lack of SACK blocks[14]
• src: igc: remove unnecessary PHY ID checks
• src: ixl: add support for I710 devices and remove non-inclusive language
• src: ixl: fix SR-IOV panics
• src: rc: run NAME_setup before RC_ARG_precmd
• src: u3g: add more USB IDs
• ports: libxml 2.10.3[15]
• ports: nss 3.84[16]
• ports: openssl 1.1.1s[17]
• ports: openvpn 2.5.8[18]
• ports: phalcon 5.1.0[19]
• ports: php 8.0.25[20]
• ports: python 3.9.15[21]
• ports: sudo 1.9.12[22]
• ports: unbound 1.17.0[23]

OPNsense Hotfix 22.7.7_1

• openvpn: ifctl requires interface to operate

Quelle: https://forum.opnsense.org/index.php?topic=30900.0;topicseen