Current File : //backups/router/usr/local/opnsense/changelog/22.1.2.htm
<p>Hello,</p><p>This release adds GUI support for Intel QuickAssist Technology (QAT) and syncookies as per virtue of the FreeBSD 13 operating system. The work to modernise the interfaces subsystem and improve the new ddclient dynamic DNS plugin are also progressing.</p><p>Due to signs of decay in the build infrastructure, license nitpicking in FreeBSD ports and the upcoming OpenSSL 3 release (which will complicate things most likely) we have decided to discontinue LibreSSL at the end of this year meaning there will be no more LibreSSL flavour starting with version 23.1. Non-essential software will no longer be manually fixed and provided as binary packages if broken by upstream from this point on.</p><p>Since 2015 we have been working on functional LibreSSL support with steady means, but 7 years later and OpenSSL making an effort through numerous ways we are sad to give up this alternative since we do not see LibreSSL being used and properly integrated in software projects as often anymore. It has been a slow but steady decline for the past 2 years that also has to do with a LibreSSL release cycle tailored for OpenBSD in particular and OpenSSL library integration quality, which is almost impossible to improve upon in complex third-party software projects. We simply cannot afford the time for it any longer.</p><p>All users are able to update to the OpenSSL flavour without issues now or at any later given point.</p><p>Here are the full patch notes:</p><p><ul><li>system: Intel QuickAssist Technology (QAT) crypto module selection and support multiple selection</li><li>system: AESNI crypto module is a kernel-builtin since 22.1 and no longer needs to be selected to work</li><li>system: enable library support of PCRE JIT included since 22.1.1</li><li>system: limit rowCount in log viewer (contributed by kulikov-a)</li><li>system: unify system tunables handling and tweak UX of the respective GUI page</li><li>system: no longer default to hw.uart.console use in factory configuration</li><li>system: remove console mute use from boot sequence</li><li>reporting: fill missing insight data with zeros</li><li>interfaces: assignments should take OpenVPN into account</li><li>interfaces: only ever store nobind for ipalias/carp</li><li>interfaces: align IPv4 address statistics read with IPv6</li><li>interfaces: simplify device destroy code</li><li>interfaces: no longer use legacy_get_interface_addresses() in MAC address read</li><li>interfaces: remove unused opportunistic interface address functions</li><li>firewall: exclude localhost stateless traffic from default logging (contributed by kulikov-a)</li><li>firewall: using port type aliases the "enable" flag was ignored when not enabled</li><li>firewall: add support for syncookies</li><li>firmware: opnsense-code: support "-z" snapshot mode</li><li>firmware: opnsense-revert: support "-z" snapshot mode</li><li>firmware: opnsense-update: support version print for sets</li><li>firmware: check repository and plugin state in health audit</li><li>ipsec: pass protocol when resolving via ipsec_resolve() (contributed by FloMeyer)</li><li>ipsec: fix mobile property passing when creating a new phase 2 entry</li><li>ipsec: rename "My Certificate Authority" to "Remote Certificate Authority" to avoid ambiguity</li><li>openvpn: avoid use of find_interface_network() et al</li><li>openvpn: stop removing name server-related files never written</li><li>openvpn: improve gateway detection in topology mode</li><li>ipsec: avoid use of find_interface_network() et al</li><li>dhcp: avoid use of find_interface_network() et al</li><li>console: move console mute calls into port setting function</li><li>ui: sidebar 2nd submenu view fix (contributed by Team Rebellion)</li><li>mvc: refactor and extend HostnameField to add options to validate partial hostnames and root zones</li><li>plugins: os-bind 1.22[<a target="_blank" href="https://github.com/opnsense/plugins/blob/stable/22.1/dns/bind/pkg-descr">1</a>]</li><li>plugins: os-ddclient 1.2[<a target="_blank" href="https://github.com/opnsense/plugins/blob/stable/22.1/dns/ddclient/pkg-descr">2</a>]</li><li>plugins: os-freeradius 1.9.19[<a target="_blank" href="https://github.com/opnsense/plugins/blob/stable/22.1/net/freeradius/pkg-descr">3</a>]</li><li>plugins: os-stunnel 1.0.4 fix connect format for IPv6 (contributed by Johnny S. Lee)</li><li>src: stand: add EFI support for MMIO serial consoles</li><li>src: apei: make sure event data fit into the buffer</li><li>ports: php 7.4.28[<a target="_blank" href="https://www.php.net/ChangeLog-7.php#7.4.28">4</a>]</li><li>ports: unbound 1.15.0[<a target="_blank" href="https://nlnetlabs.nl/projects/unbound/download/#unbound-1-15-0">5</a>]</li></ul></p><p>A hotfix release was issued as 22.1.2_1:</p><p><ul><li>ipsec: fix mobile switch logic</li><li>ports: cyrus-sasl 2.1.28</li></ul></p><p>Images have been subsequently released as 22.1.2(_2):</p><p><ul><li>system: fix return code on factory port assignment to prevent configuration loop</li></ul></p><p><br>Stay safe especially in darker times,<br> Your OPNsense team</p><p><pre>SHA256 (OPNsense-22.1.2-OpenSSL-dvd-amd64.iso.bz2) = d066d5620e28c22ff1d8de18532b61f8c7317b3258d5bdafb6a7a8dbb1eea002
SHA256 (OPNsense-22.1.2-OpenSSL-nano-amd64.img.bz2) = dea720e15e67063d839bbf48017d32eb27071d58afee36bec40029319f5cc47e
SHA256 (OPNsense-22.1.2-OpenSSL-serial-amd64.img.bz2) = 1b32287c13cc445a9a7a365b7879d00d3413ea53faf4cb23b3ef77b7916a1b7c
SHA256 (OPNsense-22.1.2-OpenSSL-vga-amd64.img.bz2) = c6bbc0755d9458cc6484a98f074b62beaa30c5f02bd728ee1b0e896d2613b4b4</pre></p>
Mini Shell