OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: tillsense on December 23, 2016, 06:27:41 pm

Title: 17.1 beta multiple vulnerabilities NTP / Squid
Post by: tillsense on December 23, 2016, 06:27:41 pm
Hi Franco,

is there a chance to fix this over console on beta?

--------------------------------------------------------------------
OPNsense 17.1.b_60-amd64
FreeBSD 11.0-RELEASE-p5
OpenSSL 1.0.2j 26 Sep 2016
Title: Re: 17.1 beta multiple vulnerabilities NTP / Squid
Post by: tillsense on December 24, 2016, 07:02:01 am
Ok i found this: https://github.com/opnsense/ports/issues/30 (https://github.com/opnsense/ports/issues/30) and switch to
Quote
17.1/experimental
this is a good place for new updates  :)

Happy Holidays and many thanks for the great work!

cheers till

--------------------------------------------------------------------
OPNsense 17.1.b_60-amd64
FreeBSD 11.0-RELEASE-p5
OpenSSL 1.0.2j 26 Sep 2016
Title: Re: 17.1 beta multiple vulnerabilities NTP / Squid
Post by: franco on December 28, 2016, 03:17:02 pm
Hi Till,

Experimental has been updated again, but please don't rely on it. There is no automated build on the other side. It's just for testing changes that we will not officially publish. :)

Please also note the vulnerability scan is a courtesy of FreeBSD. It is not meant to indicate update schedules. It is simply a tool for vulnerability management we wanted to bring to our users.


Happy holidays!

Cheers,
Franco
Title: Re: 17.1 beta multiple vulnerabilities NTP / Squid
Post by: tillsense on December 28, 2016, 08:28:53 pm
Hi Franco,

yes just for testing...and thank you!
Quote
Any help in making 17.1 the best it could possibly be for its final release at the end of January 2017 is highly appreciated. Please do not hesitate to contact us through any of the known channels:

how can i install one of the new kernel(latest/route) in sets? The base package is missing/not necessary? What is *route*? (rc*out*possibly*) 33M?

cheers till

--------------------------------------------------------------------
OPNsense 17.1.b_73-amd64
FreeBSD 11.0-RELEASE-p5
OpenSSL 1.0.2j 26 Sep 2016

Title: Re: 17.1 beta multiple vulnerabilities NTP / Squid
Post by: franco on December 29, 2016, 09:41:19 am
The test kernels have no signatures and base sets, you can install them via:

# opnsense-update -kir 17.1.b-NAME

-i is for insecure (no signature)
-k is for kernel only
-r is the name of the release

17.1.b-latest is an up-to-date version of 17.1.b with some modifications to SEGVGUARD by Shawn.

17.1.b-route is a test kernel based on FreeBSD 12-CURRENT GENERIC for work that we do to finally enable multi-wan + ipfw traffic shaping and captive portal usage. I do not recommend using this one. ;)
Title: Re: 17.1 beta multiple vulnerabilities NTP / Squid
Post by: tillsense on December 29, 2016, 06:41:39 pm
is running... thanks!

Code: [Select]
FreeBSD 11.0-RELEASE-p6 #0 eebfd11d3(master): Sun Dec 25 15:36:58 CET 2016
    root@sensey64:/usr/obj/usr/src/sys/SMP amd64
FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on LLVM 3.8.0)
[HBSD LOG] logging to system: enabled
[HBSD LOG] logging to user: disabled
[HBSD ASLR] status: opt-out
[HBSD ASLR] mmap: 30 bit
[HBSD ASLR] exec base: 30 bit
[HBSD ASLR] stack: 42 bit
[HBSD ASLR] vdso: 28 bit
[HBSD ASLR] map32bit: 18 bit
[HBSD ASLR] disallow MAP_32BIT mode mmap: opt-in
[HBSD ASLR (compat)] status: opt-out
[HBSD ASLR (compat)] mmap: 14 bit
[HBSD ASLR (compat)] exec base: 14 bit
[HBSD ASLR (compat)] stack: 14 bit
[HBSD ASLR (compat)] vdso: 8 bit
[HBSD SEGVGUARD] status: opt-out
[HBSD SEGVGUARD] expiry: 120 sec
[HBSD SEGVGUARD] suspension: 600 sec
[HBSD SEGVGUARD] maxcrashes: 5
CPU: AMD G-T40E Processor (1000.02-MHz K8-class CPU)


--------------------------------------------------------------------
OPNsense 17.1.b_73-amd64
FreeBSD 11.0-RELEASE-p6
OpenSSL 1.0.2j 26 Sep 2016
Title: Re: 17.1 beta multiple vulnerabilities NTP / Squid
Post by: franco on December 29, 2016, 10:19:19 pm
Cool, thanks. 8)