Software-update: pfSense 2.3.4-p1

Het pfSense project is in 2004 begonnen als een afsplitsing van m0n0wall vanwege verschillende visies bij de ontwikkelaars en in de loop van de jaren uitgegroeid tot een router- en firewallpakket dat in zowel kleine als zeer grote omgevingen kan worden ingezet. Voor meer informatie verwijzen we jullie door naar deze pagina. Het ontwikkelteam heeft pfSense 2.3.4-p1 uitgebracht met de volgende veranderingen:

2.3.4-p1 New Features and Changes

The 2.3.4-p1 errata release is a minor release after 2.3.4 and contains beneficial security and bug fixes.

Security / Errata

• pfSense-SA-17_05.webgui:
  • Fixed a potential XSS issue in the diag_edit.php file browser
  • Fixed a potential XSS in handling of the 'type' parameter on diag_table.php
  • Fixed validation and a potential XSS in interface names on firewall_nat_edit.php
• pfSense-SA-17_06.webgui:
  • Added a warning screen to the GUI and prevent access if the client IP address is currently in the lockout table, and also remove the client's connection states

Bug Fixes

Captive Portal

• Fixed Captive Portal RADIUS Authentication to only cache credentials when required to perform reauthentication
• Restored the captive portal feature to view the captive portal page directly from the portal web server as an additional button

Dynamic DNS

• Fixed issues with wildcard CNAME records disappearing from Loopia when doing a DNS update
• Fixed issues with CloudFlare Dynamic DNS
• Fixed Hover Dynamic DNS updates so they Verify the SSL Peer

Logging

• Added syslogd service definition to enable status display and control
• Fixed issues with syslogd stopping when installing or uninstalling some packages

Virtual IP Addresses

• Fixed issues with CARP status display overmatching some VIP numbers
• Fixed pid file handling for choparp (Proxy ARP Daemon)
• Added the ability to sort the Virtual IP address list

DNS

• Fixed diag_dns.php so it will not create an empty alias if name does not resolve
• Fixed diag_dns.php to not show Add Alias if the user does not have privileges to add an alais
• Fixed diag_dns.php to change the update alias button text after adding an alias
• Fixed diag_dns.php to disable the Add Alias button when the host field is changed
• Fixed calls to unbound-control to have the full configuration path specified so they do not fail
• Fixed handling of "redirect" zone entries in the DNS Resolver so they do not produce invalid zones
• Changed the way the DNS Resolver code writes out host entries, so the zones are more well-formed
• Changed the way the DNS Resolver process (unbound) is stopped, to allow it to exit cleanly.

Interfaces

• Fixed DHCPv6 to request a prefix delegation even if no interfaces are set to track6
• Updated handling of original MAC address retention for interfaces with spoofed MACs
• Fixed an array handling problem when working with gateway entries on the Interface configuration page
• Fixed handling of MSS clamping values for PPPoE/L2TP/PPTP WANs

DHCP

• Fixed an issue where some DHCP Lease information was encoded twice with htmlentities/htmlspecialchars
• Fixed an issue where in some edge cases, a variable was not properly set in a loop, leading to a previous value being reused

Misc

• Removed "/usr/local/share/examples" from obsolete files list, some packages rely on the files being there
• Added a few more items to status.php for support purposes, such as a download button, socket buffer info, and the netgate ID
• Fixed status.php to redact BGP MD5 password/key in output
• Fixed OpenVPN to use is_numeric() to make sure $prefix is not 0
• Changed the "Rule Information" section so it is consistent between firewall and NAT rule pages
• Fixed APU2 detection for devices running coreboot v4.x
• Fixed the tunable description for net.inet.ip.random_id
• Fixed some outdated links for help and support
• Fixed some issues with empty config tags in packages
• Fixed issues with entry IDs after deleting Authentication Server instances