Good evening,
Today we pick up the recent FreeBSD security advisories as well as the usual noise in bugfixes and third party updates. We are also at the brink of a first HardenedBSD 12.1 based image so stay tuned.
Here are the full patch notes:
- system: fix leap year issue in new log reader
- system: add valid from and to dates to user certs display
- system: drop unused services.inc and diag_logs_template.inc
- interfaces: make sure descriptions are properly cleansed
- interfaces: introduce interfaces_primary_address6()
- interfaces: validate interface input in packet capture
- firewall: immediately download GeoIP if not already found
- firewall: improve performance when working with large number of aliases
- firewall: fix visibility on internal CARP rules
- captive portal: fix expiry and validity for vouchers (contributed by xx4h)
- dhcp: fix DNS registration for DHCPv6 static mappings (contributed by maurice-w)
- dhcp: add icons next to online/offline lease status (contributed by Tyler Ham)
- ipsec: allow configuration of inactivity parameter (contributed by Marcel Menzel)
- unbound: minor changes while scanning ACL subnets
- web proxy: work around to skip passing additional auth properties
- backend: allow pluginctl to return config.xml values
- console: improve type checks in set address function
- rc: join CARP early startup scripts
- plugins: os-dnscrypt-proxy fix for setup.sh on reboot
- plugins: os-dyndns 1.20 fixes verify restrictions, GratisDNS and missing break for Linode (contributed by NOYB, Johan Pramming, Andrew Gunnerson)
- plugins: os-maltrail 1.4[1]
- plugins: os-nrpe fix for setup.sh on reboot
- plugins: os-tinc 1.5 fixes bug in IPv6 support (contributed by vnxme)
- src: fix imprecise ordering of SSP canary initialization[2]
- src: fix nmount invalid pointer dereference[3]
- src: fix libfetch buffer overflow[4]
- src: fix kernel stack data disclosure[5]
- ports: ca_root_nss 3.50
- ports: php 7.2.28[6]
- ports: squid 4.10[7]
- ports: suricata 4.1.7[8]
- ports: syslog-ng 3.25.1[9]
- ports: unbound 1.10.0[10]
Stay safe,
Your OPNsense team