:: c0urier.net

Good morning,

Small reliability update which also includes a rework for firewall alias  handling and performance.

Later today we will also publish a call for testing for the upcoming 22.7 operating system base using FreeBSD 13.1. It is going to be compatible
with this 22.1.x series and existing feedback about it is promising so far.

Here are the full patch notes:

o system: only restore missing or zero size ACL files
o system: support plugin device reconfiguration in pluginctl utility
o system: prevent gateway monitoring from entering a “filter reload” loop
o system: use password_verify() in authenticators (contributed by oittaa)
o system: hide password from command line during config encryption
o interfaces: add technical interface ID display to assignments page
o firewall: various usability and visibility improvements for aliases
o firewall: performance improvement for large numbers of port type aliases
o firewall: simplify sort and add natural sorting in alias diagnostics
o captive portal: add extendedPreAuthData for MAC address retrieval during authentication
o dhcp: refactor IPv4 lease removal and purge static leases before starting service
o dhcp: allow custom configuration from directories
o firmware: bypass cache with timestamp in “upgradestatus” call (contributed by gibwar)
o firmware: lowercase search in plugins/packages
o intrusion detection: fix log file ACL mismatch
o ipsec: squelch spurious errors on stderr for backend status action
o unbound: add custom “destination address” as advanced option for blocklists
o mvc: distinct between HTTP errors 401 and 403 during authentication
o mvc: call microtime(true) only once during config save (contributed by csbyte)
o plugins: os-acme-client 3.11[1]
o plugins: os-nginx 1.27[2]
o plugins: os-postfix 1.22[3]
o src: tcp: rewind erroneous RTO only while performing RTO retransmissions
o src: bnxt: Allow bnxt interfaces to use VLANs
o src: rc: use _pidcmd to determine pid for protect
o ports: curl 7.83.1[4]
o ports: sqlite 3.38.2[5]
o ports: strongswan 5.9.6[6]

Stay safe,
Your OPNsense team

—
[1] https://github.com/opnsense/plugins/blob/stable/22.1/security/acme-client/pkg-descr
[2] https://github.com/opnsense/plugins/blob/stable/22.1/www/nginx/pkg-descr
[3] https://github.com/opnsense/plugins/blob/stable/22.1/mail/postfix/pkg-descr
[4] https://curl.se/changes.html#7_83_1
[5] https://sqlite.org/releaselog/3_38_2.html
[6] https://github.com/strongswan/strongswan/releases/tag/5.9.6