Hi!
A quick update to address the new FreeBSD security advisory for ping utility as well as Suricata. The DNS block list was rewritten in Python and there will be a couple of cool additions for it in the foreseeable future. :)
Here are the full patch notes:
- system: fix internal CRL check (contributed by kulikov-a)
- system: fix a few minor Coverity Scan reports in PHP code[1]
- interfaces: use get_interface_list() to identify hardware devices
- interfaces: fix single ACL use for MVC/API interface pages
- firewall: add category selection to aliases
- unbound: rework DNSBL implementation to Python module
- backend: clean up scripts/systemheath location
- backend: moved log format definitions to new location for core and several plugins
- mvc: change default sorting to case-insensitive
- mvc: move JavaScript and CSS imports to base controller
- mvc: make sure HostnameField with ZoneRootAllowed accepts "@." prefix
- plugins: os-telegraf 1.12.7[2]
- plugins: os-theme-cicada 1.30 (contributed by Team Rebellion)
- plugins: os-theme-vicuna 1.42 (contributed by Team Rebellion)
- plugins: os-wireguard now attempts to start tunnels again when all DNS is configured
- src: ixgbe: workaround errata about UDP frames with zero checksum
- src: hpet: Allow a MMIO window smaller than 1K
- src: ping: fix handling of IP packet sizes[3]
- ports: php 8.0.26[4]
- ports: sqlite 3.40.0[5]
- ports: suricata 6.0.9[6]
A hotfix release was issued as 22.7.9_3:
- unbound: fix blocklist use with DNS64 mode (contributed by kulikov-a)
- unbound: change working directory before checking configuration
- web proxy: fix broken "Google GSuite restricted" option
- ports: suricata backs out new version 14 netmap API changes for now[7]
Stay safe,
Your OPNsense team