From 8628ba5ae0d4f25f99583be6c3cb055e35107beb Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Tue, 11 Mar 2025 17:43:16 +0100 Subject: [PATCH] changelogs --- source/CE_releases.rst | 2 +- source/releases/BE_20.1.rst | 4 +-- source/releases/BE_20.7.rst | 4 +-- source/releases/BE_21.10.rst | 18 ++++++------- source/releases/BE_22.4.rst | 2 +- source/releases/CE_15.1.rst | 29 +++++++------------- source/releases/CE_16.1.rst | 2 +- source/releases/CE_16.7.rst | 4 +-- source/releases/CE_17.7.rst | 2 +- source/releases/CE_18.7.rst | 4 +-- source/releases/CE_20.1.rst | 4 +-- source/releases/CE_20.7.rst | 4 +-- source/releases/CE_21.7.rst | 14 +++++----- source/releases/CE_22.1.rst | 2 +- source/releases/CE_25.1.rst | 52 ++++++++++++++++++++++++++++++++++++ 15 files changed, 95 insertions(+), 52 deletions(-) diff --git a/source/CE_releases.rst b/source/CE_releases.rst index 6d16e643..f11cc51f 100644 --- a/source/CE_releases.rst +++ b/source/CE_releases.rst @@ -8,7 +8,7 @@ Community Edition :width: 600px :align: center -As of January 2015 there have been *306* releases leading to the latest version *25.1.2* +As of January 2015 there have been *307* releases leading to the latest version *25.1.3* named "Ultimate Unicorn". diff --git a/source/releases/BE_20.1.rst b/source/releases/BE_20.1.rst index 084e60d8..2b592858 100644 --- a/source/releases/BE_20.1.rst +++ b/source/releases/BE_20.1.rst @@ -487,7 +487,7 @@ And here are the full patch notes against version 20.1-RC1: Known issues and limitations: * HardenedBSD 12.1 has been postponed to the next major release -* Legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp have been deprecated and will no longer receive updates +* Legacy MPD plugins os-l2tp, os-pppoe and os-pptp have been deprecated and will no longer receive updates * To prevent stale configuration files for remote syslog we advise to setup the new targets first `[9] `__ and disable the old ones under System: Settings: Logging * i386 has not been deprecated for the time being ;) @@ -587,7 +587,7 @@ Known issues and limitations: * HardenedBSD 12.1 has been postponed to the next major release * Nano growfs does not work on this release candidate, but a fix for 20.1 already exists * Installer still advertises 19.7, but a fix for 20.1 already exists -* Legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp have been deprecated and will no longer receive updates +* Legacy MPD plugins os-l2tp, os-pppoe and os-pptp have been deprecated and will no longer receive updates * i386 has not been deprecated for the time being ;) The public key for the 20.1 series is: diff --git a/source/releases/BE_20.7.rst b/source/releases/BE_20.7.rst index 62a11408..2c3c0282 100644 --- a/source/releases/BE_20.7.rst +++ b/source/releases/BE_20.7.rst @@ -479,7 +479,7 @@ Here are the full patch notes against version 20.7-RC1: Known issues and limitations: -* legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp are no longer available +* legacy MPD plugins os-l2tp, os-pppoe and os-pptp are no longer available * i386 architecture builds are no longer available The public key for the 20.7 series is: @@ -594,7 +594,7 @@ Here are the full patch notes against 20.1.8_1: Known issues and limitations: -* Legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp will no longer be available +* Legacy MPD plugins os-l2tp, os-pppoe and os-pptp will no longer be available * i386 architecture builds will no longer be available * Installer still advertises 20.1 diff --git a/source/releases/BE_21.10.rst b/source/releases/BE_21.10.rst index 21a88e8c..085863cc 100644 --- a/source/releases/BE_21.10.rst +++ b/source/releases/BE_21.10.rst @@ -236,14 +236,14 @@ Here are the full patch notes: * src: fix kernel panic in vmci driver initialization `[16] `__ * src: timezone database information update `[17] `__ * ports: dnspython 2.1.0 `[18] `__ -* ports: jinja 3.0.1 `[19] `__ -* ports: lighttpd 1.4.61 `[20] `__ -* ports: nss 3.72 `[21] `__ -* ports: openssh 8.8p1 `[22] `__ -* ports: openvpn 2.5.4 `[23] `__ -* ports: pcre2 10.39 `[24] `__ -* ports: php 7.4.25 `[25] `__ -* ports: phpseclib 2.0.34 `[26] `__ +* ports: lighttpd 1.4.61 `[19] `__ +* ports: nss 3.72 `[20] `__ +* ports: openssh 8.8p1 `[21] `__ +* ports: openvpn 2.5.4 `[22] `__ +* ports: pcre2 10.39 `[23] `__ +* ports: php 7.4.25 `[24] `__ +* ports: phpseclib 2.0.34 `[25] `__ +* ports: py-jinja 3.0.1 `[26] `__ * ports: strongswan 5.9.4 `[27] `__ * ports: sudo 1.9.8p2 `[28] `__ @@ -401,7 +401,7 @@ Here are the full patch notes: * ports: ifinfo 13.0 * ports: krb5 1.19.2 `[20] `__ * ports: monit 5.29.0 `[21] `__ -* ports: mpd5 adds L2TP interoperability fix from upstream +* ports: mpd adds L2TP interoperability fix from upstream * ports: nettle 3.7.3 * ports: nss 3.70 `[22] `__ * ports: openvpn 2.5.3 `[23] `__ diff --git a/source/releases/BE_22.4.rst b/source/releases/BE_22.4.rst index f9ce1666..8c642232 100644 --- a/source/releases/BE_22.4.rst +++ b/source/releases/BE_22.4.rst @@ -307,7 +307,7 @@ Here are the full patch notes: * interfaces: align GIF configuration with base system options * interfaces: fix default handling for VIP nobind option * interfaces: allow VIP nobind feature on CARP addresses -* interfaces: stop mpd5 daemon before starting +* interfaces: stop MPD process before starting * interfaces: always show interface in GIF and GRE overview even on VIP use * interfaces: fix GIF and GRE VIP use loading order in IP alias cases * interfaces: remove device creation side effect from bridge, LAGG, GIF, GRE and VLAN GUI pages diff --git a/source/releases/CE_15.1.rst b/source/releases/CE_15.1.rst index f9171032..235d75de 100644 --- a/source/releases/CE_15.1.rst +++ b/source/releases/CE_15.1.rst @@ -1049,36 +1049,27 @@ At this point, using any of the two methods, you should be on OPNsense 15.1.7-78bdb9aef FreeBSD 10.1-RELEASE-p6. This is the official change log: + * Fix integer overflow in IGMP protocol `[1] `__ * Fix vt(4) crash with improper ioctl parameters `[2] `__ * Updated base system OpenSSL to 1.0.1l `[3] `__ * Fix freebsd-update libraries update ordering issue `[4] `__ -* Disabled OpenSSH's High Performance SSH/SCP and None-Cipher extensions to - follow up on several security-related discussions. -* Switched from a heavy Bind installation to a lightweight one to reduce - attack surface. -* Removed and replaced the legacy :code:`check_reload_status` daemon with a - Python-based rewrite. +* Disabled OpenSSH's High Performance SSH/SCP and None-Cipher extensions to follow up on several security-related discussions. +* Switched from a heavy Bind installation to a lightweight one to reduce attack surface. +* Removed and replaced the legacy :code:`check_reload_status` daemon with a Python-based rewrite. * Fixed the auto-login console lockout regression introduced in 15.1.6.1. -* Fixed a problem associated with OpenVPN not being able to read passwords - from files. -* Notable ports upgrades: bind-tools 9.10.2, strongswan 5.2.2_1, curl 7.41 - plus our LibreSSL fixes for mpd4/mpd5/libpdel. +* Fixed a problem associated with OpenVPN not being able to read passwords from files. +* Notable ports upgrades: bind-tools 9.10.2, strongswan 5.2.2_1, curl 7.41 plus our LibreSSL fixes for mpd/libpdel. * Removed PHP-FPM remnants from IPv6 and OpenVPN scripts. -* Fixed several OpenSSL invokes to use the latest port version as opposed - to the base version. +* Fixed several OpenSSL invokes to use the latest port version as opposed to the base version. * Improved memory/disc/swap usage on the dashboard. * Properly set DNS Resolver Advanced defaults. * Fixed append of custom Unbound scrips. -* Modified the root menu shell to pass through to a real shell when arguments - are given. +* Modified the root menu shell to pass through to a real shell when arguments are given. * Zapped the spurious "Array" prefix in user-defined aliases. * Moved the bogons files fetch location to a local mirror. -* The core.git development boot hook has been improved to properly include - /usr/local/etc/rc changes. -* All of our packages are now annotated as coming from our mirror as well as - additional safeguards potentially allowing you to use additional FreeBSD - packages on top of OPNsense. +* The core.git development boot hook has been improved to properly include /usr/local/etc/rc changes. +* All of our packages are now annotated as coming from our mirror as well as additional safeguards potentially allowing you to use additional FreeBSD packages on top of OPNsense. -------------------------------------------------------------------------- diff --git a/source/releases/CE_16.1.rst b/source/releases/CE_16.1.rst index 17c04062..70329ae8 100644 --- a/source/releases/CE_16.1.rst +++ b/source/releases/CE_16.1.rst @@ -492,7 +492,7 @@ And this is the change log for 16.7 BETA: NetFlow data * interfaces: polling mode has been deprecated and will be phased out soon -* vpn: L2TP, PPTP and PPPoE servers have been ported to use MPD5 +* vpn: L2TP, PPTP and PPPoE servers have been ported to use MPD version 5 * vpn: legacy servers have been prepared to be moved from base install to plugins * cron: code preparations for opening up the MVC cron API diff --git a/source/releases/CE_16.7.rst b/source/releases/CE_16.7.rst index c1acccfa..ede80e36 100644 --- a/source/releases/CE_16.7.rst +++ b/source/releases/CE_16.7.rst @@ -181,7 +181,7 @@ Here is the full list of changes: * openvpn: add reneg-sec option to client exports * dnsmasq: fix 16.7.10 regression in host file handling * web proxy: make backend config plugin-friendly -* plugins: fix a potential error in MPD5 plugins (contributed by Evgeny Bevz) +* plugins: fix a potential error in MPD plugins (contributed by Evgeny Bevz) * src: fix possible login(1) argument injection in telnetd(8) `[2] `__ * src: fix link_ntoa(3) buffer overflow in libc `[3] `__ * src: fix possible escape from bhyve(8) virtual machine `[4] `__ @@ -925,7 +925,7 @@ Here is our list of major features that were worked on since 16.1: * Russian translations 100% completed * NetFlow export to multiple remote destinations * NetFlow local reporting frontend -* PPTP, L2TP and PPPoE Servers ported to MPD5 +* PPTP, L2TP and PPPoE Servers ported to MPD version 5 * HAProxy plugin * Traffic shaping with CoDel / FQ-CoDel * Firewall alias geolocation support diff --git a/source/releases/CE_17.7.rst b/source/releases/CE_17.7.rst index d8fe8d31..8ffd8afc 100644 --- a/source/releases/CE_17.7.rst +++ b/source/releases/CE_17.7.rst @@ -210,7 +210,7 @@ Here are the full patch notes: * ports: lighttpd 1.4.48 `[5] `__ * ports: php 7.1.12 `[6] `__ * ports: pkg 1.10.3 `[7] `__ -* ports: py-Jinja2 2.10 `[8] `__ +* ports: py-jinja 2.10 `[8] `__ * ports: syslogd 11.1 A hotfix release was issued as 17.7.9_8: diff --git a/source/releases/CE_18.7.rst b/source/releases/CE_18.7.rst index e8c8bf08..58d985e6 100644 --- a/source/releases/CE_18.7.rst +++ b/source/releases/CE_18.7.rst @@ -501,7 +501,7 @@ Here are the full patch notes: * plugins: os-tukan 1.4 (contributed by Team Rebellion) * plugins: os-vnstat 1.0 (contributed by Michael Muenz) * plugins: os-zerotier fixes status table (contributed by Christoph Engelbert) -* ports: mpd5 upstream MTU fix `[2] `__ +* ports: mpd upstream MTU fix `[2] `__ * ports: PHP 7.1.23 `[3] `__ A hotfix release was issued as 18.7.5_1: @@ -751,7 +751,7 @@ Here are the full patch notes: * src: resource exhaustion in TCP reassembly `[1] `__ * ports: curl 7.61.0 `[2] `__ * ports: hyperscan 4.7.0 `[3] `__ -* ports: mpd5 upstream fixes `[4] `__ `[5] `__ +* ports: mpd upstream fixes `[4] `__ `[5] `__ * ports: py-cryptography 2.3 `[6] `__ * ports: py-idna 2.7 `[7] `__ diff --git a/source/releases/CE_20.1.rst b/source/releases/CE_20.1.rst index 084e60d8..2b592858 100644 --- a/source/releases/CE_20.1.rst +++ b/source/releases/CE_20.1.rst @@ -487,7 +487,7 @@ And here are the full patch notes against version 20.1-RC1: Known issues and limitations: * HardenedBSD 12.1 has been postponed to the next major release -* Legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp have been deprecated and will no longer receive updates +* Legacy MPD plugins os-l2tp, os-pppoe and os-pptp have been deprecated and will no longer receive updates * To prevent stale configuration files for remote syslog we advise to setup the new targets first `[9] `__ and disable the old ones under System: Settings: Logging * i386 has not been deprecated for the time being ;) @@ -587,7 +587,7 @@ Known issues and limitations: * HardenedBSD 12.1 has been postponed to the next major release * Nano growfs does not work on this release candidate, but a fix for 20.1 already exists * Installer still advertises 19.7, but a fix for 20.1 already exists -* Legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp have been deprecated and will no longer receive updates +* Legacy MPD plugins os-l2tp, os-pppoe and os-pptp have been deprecated and will no longer receive updates * i386 has not been deprecated for the time being ;) The public key for the 20.1 series is: diff --git a/source/releases/CE_20.7.rst b/source/releases/CE_20.7.rst index 62a11408..2c3c0282 100644 --- a/source/releases/CE_20.7.rst +++ b/source/releases/CE_20.7.rst @@ -479,7 +479,7 @@ Here are the full patch notes against version 20.7-RC1: Known issues and limitations: -* legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp are no longer available +* legacy MPD plugins os-l2tp, os-pppoe and os-pptp are no longer available * i386 architecture builds are no longer available The public key for the 20.7 series is: @@ -594,7 +594,7 @@ Here are the full patch notes against 20.1.8_1: Known issues and limitations: -* Legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp will no longer be available +* Legacy MPD plugins os-l2tp, os-pppoe and os-pptp will no longer be available * i386 architecture builds will no longer be available * Installer still advertises 20.1 diff --git a/source/releases/CE_21.7.rst b/source/releases/CE_21.7.rst index 569c2e4d..704fabb7 100644 --- a/source/releases/CE_21.7.rst +++ b/source/releases/CE_21.7.rst @@ -337,12 +337,12 @@ Here are the full patch notes: * src: aesni: avoid a potential out-of-bounds load in aes_encrypt_icm() * ports: curl 7.79.1 `[6] `__ * ports: dnspython 2.1.0 `[7] `__ -* ports: jinja 3.0.1 `[8] `__ -* ports: libressl 3.3.5 `[9] `__ -* ports: lighttpd 1.4.60 `[10] `__ -* ports: nss 3.71 `[11] `__ -* ports: openvpn 2.5.4 `[12] `__ -* ports: php 7.4.24 `[13] `__ +* ports: libressl 3.3.5 `[8] `__ +* ports: lighttpd 1.4.60 `[9] `__ +* ports: nss 3.71 `[10] `__ +* ports: openvpn 2.5.4 `[11] `__ +* ports: php 7.4.24 `[12] `__ +* ports: py-jinja 3.0.1 `[13] `__ * ports: strongswan 5.9.4 `[14] `__ * ports: sudo 1.9.8p2 `[15] `__ @@ -479,7 +479,7 @@ Here are the full patch notes: * ports: libressl 3.3.4 `[8] `__ * ports: nss 3.69 `[9] `__ * ports: monit 5.29.0 `[10] `__ -* ports: mpd5 adds L2TP interoperability fix from upstream +* ports: mpd adds L2TP interoperability fix from upstream * ports: openssl 1.1.1l `[11] `__ * ports: php 7.4.23 `[12] `__ * ports: strongswan 5.9.3 `[13] `__ diff --git a/source/releases/CE_22.1.rst b/source/releases/CE_22.1.rst index 1eda92a0..9309c13c 100644 --- a/source/releases/CE_22.1.rst +++ b/source/releases/CE_22.1.rst @@ -540,7 +540,7 @@ Here are the full patch notes: * system: allow severity levels in PHP log messages and mark authentication success messages as notice * interfaces: fix default handling for VIP nobind option * interfaces: allow VIP nobind feature on CARP addresses -* interfaces: stop mpd5 daemon before starting +* interfaces: stop MPD process before starting * interfaces: always show interface in GIF and GRE overview even on VIP use * interfaces: fix GIF and GRE VIP use loading order in IP alias cases * interfaces: remove device creation side effect from bridge, LAGG, GIF, GRE and VLAN GUI pages diff --git a/source/releases/CE_25.1.rst b/source/releases/CE_25.1.rst index fdc4d0f7..c3f8ddb0 100644 --- a/source/releases/CE_25.1.rst +++ b/source/releases/CE_25.1.rst @@ -26,6 +26,58 @@ can be found below as well. * Full mirror list: https://opnsense.org/download/ +-------------------------------------------------------------------------- +25.1.3 (March 11, 2025) +-------------------------------------------------------------------------- + + +* system: implement user CSV export/import functionality (sponsored by: m.a.x. it) +* system: switch boot logo and MOTD to the new-style logo (contributed by Gavin Chappell) +* system: migrate 'default' tunable value to empty one and improve UX +* system: bring back user/group audit messages lost in MVC conversion +* system: replace legacy service widget hook with a proper configd call +* interface: use shared base_bootgrid_table and base_apply_button where possible +* interfaces: remove obsolete code in get_real_interfaces() to match getRealInterface() +* interfaces: improve validation for CARP/proxy ARP VIP +* interfaces: remove defunct "other" VIP type +* interfaces: skip "nosync" processing on VIPs +* firewall: support partial alias exports +* kea-dhcp: use shared base_bootgrid_table and base_apply_button +* network time: move XMLRPC definition to correct file +* openvpn: add DCO validation for fragment size +* unbound: use shared base_bootgrid_table and base_apply_button +* unbound: fix model migration pertaining to "dots" model changes +* wireguard: use shared base_bootgrid_table and base_apply_button +* backend: allow pluginctl to filter on -x/-X option +* mvc: decode HTML tags in menu items +* mvc: fix unit tests for model relation fields +* plugins: os-caddy 1.8.3 `[1] `__ +* plugins: os-dmidecode 1.2 adds new dashboard widget (contributed by Neil Merchant) +* plugins: os-frr 1.43 `[2] `__ +* plugins: os-intrusion-detection-content-pt-open 1.0 (contributed by kulikov-a) +* plugins: os-sftp-backup 1.0 allows configuration backups over SFTP +* plugins: os-zabbix-agent 1.15 `[3] `__ +* plugins: os-zabbix-proxy 1.12 `[4] `__ +* src: carp: fix checking IPv4 multicast address +* src: icmp: use per rate limit randomized jitter +* src: ixgbe: Fix a logic error in ixgbe_read_mailbox_vf() +* src: netinet6: do not forward to the unspecified address +* src: netinet: do not forward or ICMP response to INADDR_ANY +* src: netinet: ipsec and ktls cannot coexists +* src: pf: align sanity checks for pfrw_free +* src: pf: allow all forms of neighbor advertisements in either direction +* src: pf: cleanup leftover PF_ICMP_MULTI_\* code that is not needed anymore +* src: pf: do not keep state when dropping overlapping IPv6 fragments +* src: pf: drop IPv6 packets built from overlapping fragments in pf reassembly +* src: pf: fix fragment hole count +* src: sysctl: enable vnet sysctl variables to be loader tunable +* ports: mpd default logging level increased to LOG_NOTICE +* ports: nss 3.109 `[5] `__ +* ports: pftop 0.12 +* ports: py-jinja 3.1.6 `[6] `__ + + + -------------------------------------------------------------------------- 25.1.2 (February 28, 2025) --------------------------------------------------------------------------