Software Update: OPNsense 22.7.7

Spread the love

The OPNsense package is a firewall with extensive opportunities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be fully configured via a web interface and includes support for 2fa, openvpn, ipsec, carp and captive portal. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 22.7.7 and this version is accompanied by the following notes:

OPNsense 22.7.7 released

We replaced the packet capture tool with a MVC/API rewrite and updated most plugins to use the new setup script facility when doing a start/restart/reload through the RC system. A number of FreeBSD kernel improvements have been included as well.

Although OpenSSL is being updated keep in mind that the current popular vulnerability only exists in version 3 and we still use 1.1.1.

Here are the full patch notes:

  • system: fix getOID() call for phpseclib 3 while processing CSR
  • system: avoid error on installer user creation
  • system: show booting banner on dashboard
  • interfaces: show attached interface for VLAN device in overview
  • interfaces: packet capture MVC/API replacement
  • interfaces: fix ARP table name resolve backend issue (contributed by soif)
  • firewall: off-by-one in regex for target port range parse
  • firewall: support Maxmind unclassified “EU” as selectable country
  • firewall: fix possible race condition when changing limit in live log
  • firewall: fix sorting bug in aliases list
  • firewall: allow the use of “dynamic” interface types in shaper, eg IPsec devices
  • dnsmasq: remove expired root trust anchor (contributed by Johnny S. Lee)
  • firmware: always fetch the signature file to avoid signature issues after upgrades
  • firmware: use effective ABI in changelog fetch
  • firmware: ignore automatic business plugin and license hint
  • intrusion detection: missing OPNsense categories
  • ipsec:missing return in controller
  • openvpn: use ifctl in link up/down scripts
  • unbound: move the removal of pluggable files above the configuration check
  • unbound: remove 127/8 from private-address block when rebind protection is enabled
  • unbound: make the default private-address items configurable via the advanced page
  • unbound: fix possible error while opening DoT page
  • mvc: when multiple validation messages are returned wrap each message in a div tag
  • mvc: prevent UserExceptions to end up in the crash reporter
  • mvc: translate a base field error
  • backend: wait 1 second for configd socket to become available
  • console: store UUID for VLAN device
  • rc: remove obsolete NAME_var_script and NAME_var_mfs support
  • plugins: migrate all plugins to NAME_setup script use
  • plugins: $verbose argument in plugins_run() is spurious
  • plugins: os-acme-client 3.14
  • plugins: os-apcupsd 1.1
  • plugins: os-frr 1.31
  • plugins: os-haproxy 3.12
  • plugins: os-maltrail 1.10
  • plugins: os-openconnect 1.4.3
  • plugins: os-telegraf 1.12.6
  • plugins: os-tor 1.9 enables hardware acceleration (contributed by haarp)
  • plugins: os-wireguard 1.13
  • src: revert “e1000: try auto-negotiation for fixed 100 or 10 configuration”
  • src: vxlan: check the size of data available in mbuf before using them
  • src: vm_page: fix a logic error in the handling of PQ_ACTIVE operations
  • src: cam: provide compatibility for CAMGETPASSTHRU for periph drivers
  • src: loader: fix elf lookup_symbol type filtering
  • src: zfs: fix a pair of bugs in zfs_fhtovp()
  • src:zfs:fix use-after-free in btree code
  • src: tcp: finish SACK loss recovery on sudden lack of SACK blocks
  • src: igc: remove unnecessary PHY ID checks
  • src: ixl: add support for I710 devices and remove non-inclusive language
  • src: ixl: fix SR-IOV panics
  • src: rc: run NAME_setup before RC_ARG_precmd
  • src: u3g: add more USB IDs
  • ports: libxml 2.10.3
  • ports: nss 3.84
  • ports: openssl 1.1.1s
  • ports: openvpn 2.5.8
  • ports: phalcon 5.1.0
  • ports:php 8.0.25
  • ports:python 3.9.15
  • ports: sudo 1.9.12
  • ports: unbound 1.17.0

Version number 22.7.7
Release status Final
Operating systems Linux, BSD
Website OPNsense
License type GPL