
Für die Open-Source Firewall OPNsense ist das Update 18.7.9 erschienen. Neben einigen Bugfixes, wurde das neue Plugin DNSCrypt-Proxy, sowie einige Sicherheitsupdates von FreeBSD und 3.Partie Plugins
veröffentlicht .
OPNsense 18.7.9 Release Notes
- system: allow setting alternative names on CSR
- system: add link-local routes with correct scope
- system: fix LDAP import button for Firefox
- system: assorted cleanups in HTML and PHP code
- interfaces: add note about CGN addresses included in private range
- interfaces: fix checksum disable for IPv6 TX / RX flags
- interfaces: multiple type DUID support (contributed by Team Rebellion)
- interfaces: properly read and write dhcp6c DUID binary file
- interfaces: do not read VLAN capabilities from nonexistent interfaces
- interfaces: removal of PEAR.inc from IPv6 address library
- interfaces: assorted cleanups in HTML and PHP code
- firewall: only suffix subnet alias entry when a network is expected
- firewall: default alias protocol to both IPv4 and IPv6
- firewall: fix validation of outbound NAT destination alias
- firewall: fix performance regression in get_alias_description()
- firewall: repair defunct “no nat proto carp all” rule
- firewall: limit type to CARP when checking for VIP VHID reuse
- firewall: refactor subnet retrieval in VIP deletion
- firewall: display VHID for IP alias in overview
- firewall: DHCPv6 outgoing firewall rule changed to “from (self)” to fix static setups
- firewall: rearranged outbound NAT bottom symbol hints (contributed by Team Rebellion)
- firewall: ignore empty values in alias migration (contributed by Frank Wall)
- firewall: assorted cleanups in HTML and PHP code
- captive portal: work around service boot ordering issue
- captive portal: change “onestop” to “stop” in backend action
- dnsmasq: add DNSSEC option
- dnsmasq: assorted cleanups in HTML and PHP code
- dhcp: show lease count in page heading
- dhcp: refactor IPv6 subnet read
- dhcp: fix DDNS IPv6 algorithm use
- dhcp: assorted cleanups in HTML and PHP code
- firmware: opnsense-version can now handle kernel, base and plugin metadata
- firmware: when pkg needs to be updated do not prompt for base and kernel set
- firmware: use embedded obsolete file list for removal on base set install
- intrusion detection: fix daily cron job, was actually monthly
- ipsec: assorted cleanups in HTML and PHP code
- openvpn: assorted cleanups in HTML and PHP code
- unbound: only use IPv6 when enabled and IPv4 is not preferred
- unbound: restart after VPN is up
- unbound: updated help text for verbosity level (contributed by Northguy)
- unbound: assorted cleanups in HTML and PHP code
- web proxy: move bump_step1 down (contributed by Michael Muenz)
- mvc: missing isset() in routes migration
- mvc: Phalcon 3.4.2 scope compatibility fix
- mvc: assorted fixes in PHPDoc
- mvc: fix advanced field bug in dialogs (contributed by Fabian Franz)
- mvc: SetIfConstraint (contributed by Fabian Franz)
- mvc: hidden input field (contributed by Fabian Franz)
- mvc: json-data access support (contributed by Fabian Franz)
- ui: remove markup from user indicator
- ui: sidebar fixes (contributed by Team Rebellion)
- plugins: os-acme-client 1.18 with GratisDNS and ACME DNS support (contributed by Frank Wall, ricobach, TuEye)
- plugins: os-bind 1.3 adds Google and Yahoo safe search (contributed by Michael Muenz)
- plugins: os-dnscrypt-proxy 1.0 (contributed by Michael Muenz)
- plugins: os-freeradius 1.8.3 makes use of certificates clearer (contributed by Michael Muenz)
- plugins: os-haproxy 2.12 HTTP/2 support, http-request before use_backend (contributed by Frank Wall, Mathias Aerts)
- plugins: os-net-snmp 1.3 mark device as L3 enabled via SysServices (contributed by Michael Muenz)
- plugins: os-nginx 1.5 with lots of new features[1] (contributed by Fabian Franz, Carlos Cesario, Julio Cesar Camargo, fzoske)
- plugins: os-nut 1.4 adds listen directive and more flexible arguments (contributed by Michael Muenz)
- plugins: os-postfix 1.7 adds address rewriting, sender/recipient BCC and domain masquerading (contributed by Michael Muenz)
- plugins: os-theme-cicada 1.11 (contributed by Team Rebellion)
- plugins: os-theme-rebellion 1.8.1 (contributed by Team Rebellion)
- plugins: os-theme-tukan 1.10 (contributed by Team Rebellion)
- src: fix multiple vulnerabilities in NFS server code[2]
- src: fix ICMP buffer underwrite[3]
- src: timezone database information update[4]
- src: fix deferred kernel loading breaks loader password[5]
- src: fix insufficient bounds checking in bhyve(8) device model[6]
- ports: lighttpd 1.4.52[7]
- ports: sqlite 3.26.0[8]
- ports: perl 5.26.3[9]
- ports: php 7.1.25[10]
- ports: hostapd / wpa_supplicant 2.7[11]
- ports: unbound 1.8.2[12]
[1] https://github.com/opnsense/plugins/blob/master/www/nginx/pkg-descr
[2] https://www.freebsd.org/security/advisories/FreeBSD-SA-18:13.nfs.asc
[3] https://www.freebsd.org/security/advisories/FreeBSD-EN-18:13.icmp.asc
[4] https://www.freebsd.org/security/advisories/FreeBSD-EN-18:14.tzdata.asc
[5] https://www.freebsd.org/security/advisories/FreeBSD-EN-18:15.loader.asc
[6] https://www.freebsd.org/security/advisories/FreeBSD-SA-18:14.bhyve.asc
[7] https://www.lighttpd.net/2018/11/28/1.4.52/
[8] https://www.sqlite.org/releaselog/3_26_0.html
[9] https://metacpan.org/pod/release/SHAY/perl-5.26.3/pod/perldelta.pod
[10] http://php.net/ChangeLog-7.php#7.1.25
[11] http://lists.infradead.org/pipermail/hostap/2018-December/039069.html
[12] https://nlnetlabs.nl/news/2018/Dec/04/unbound-1.8.2-released/