Good evening, Today we pick up the recent FreeBSD security advisories as well as the usual noise in bugfixes and third party updates. We are also at the brink of a first HardenedBSD 12.1 based image so stay tuned.
Here are the full patch notes: o system: fix leap year issue in new log reader o system: add valid from and to dates to user certs display o system: drop unused services.inc and diag_logs_template.inc o interfaces: make sure descriptions are properly cleansed o interfaces: introduce interfaces_primary_address6() o interfaces: validate interface input in packet capture o firewall: immediately download GeoIP if not already found o firewall: improve performance when working with large number of aliases o firewall: fix visibility on internal CARP rules o captive portal: fix expiry and validity for vouchers (contributed by xx4h) o dhcp: fix DNS registration for DHCPv6 static mappings (contributed by maurice-w) o dhcp: add icons next to online/offline lease status (contributed by Tyler Ham) o ipsec: allow configuration of inactivity parameter (contributed by Marcel Menzel) o unbound: minor changes while scanning ACL subnets o web proxy: work around to skip passing additional auth properties o backend: allow pluginctl to return config.xml values o console: improve type checks in set address function o rc: join CARP early startup scripts o plugins: os-dnscrypt-proxy fix for setup.sh on reboot o plugins: os-dyndns 1.20 fixes verify restrictions, GratisDNS and missing break for Linode (contributed by NOYB, Johan Pramming, Andrew Gunnerson) o plugins: os-maltrail 1.4[1] o plugins: os-nrpe fix for setup.sh on reboot o plugins: os-tinc 1.5 fixes bug in IPv6 support (contributed by vnxme) o src: fix imprecise ordering of SSP canary initialization[2] o src: fix nmount invalid pointer dereference[3] o src: fix libfetch buffer overflow[4] o src: fix kernel stack data disclosure[5] o ports: ca_root_nss 3.50 o ports: php 7.2.28[6] o ports: squid 4.10[7] o ports: suricata 4.1.7[8] o ports: syslog-ng 3.25.1[9] o ports: unbound 1.10.0[10] Stay safe, Your OPNsense team -- [1] https://github.com/opnsense/plugins/blob/master/security/maltrail/pkg-descr [2] https://www.freebsd.org/security/advisories/FreeBSD-EN-20:01.ssp.asc [3] https://www.freebsd.org/security/advisories/FreeBSD-EN-20:02.nmount.asc [4] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:01.libfetch.asc [5] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:03.thrmisc.asc [6] https://www.php.net/ChangeLog-7.php#7.2.28 [7] http://squid.mirror.colo-serv.net/archive/4/squid-4.10-RELEASENOTES.html [8] https://suricata-ids.org/2020/02/13/suricata-4-1-7-released/ [9] https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.25.1 [10] https://nlnetlabs.nl/projects/unbound/download/ _______________________________________________ announce mailing list announce@lists.opnsense.org http://lists.opnsense.org/listinfo/announce