17.1 beta multiple vulnerabilities NTP / Squid

tillsense · December 23, 2016, 06:27:41 PM

Hi Franco,

is there a chance to fix this over console on beta?

--------------------------------------------------------------------
OPNsense 17.1.b_60-amd64
FreeBSD 11.0-RELEASE-p5
OpenSSL 1.0.2j 26 Sep 2016

tillsense · December 24, 2016, 07:02:01 AM

Ok i found this: https://github.com/opnsense/ports/issues/30 and switch to

Quote17.1/experimental

this is a good place for new updates :)

Happy Holidays and many thanks for the great work!

cheers till

--------------------------------------------------------------------
OPNsense 17.1.b_60-amd64
FreeBSD 11.0-RELEASE-p5
OpenSSL 1.0.2j 26 Sep 2016

franco · December 28, 2016, 03:17:02 PM

Hi Till,

Experimental has been updated again, but please don't rely on it. There is no automated build on the other side. It's just for testing changes that we will not officially publish. :)

Please also note the vulnerability scan is a courtesy of FreeBSD. It is not meant to indicate update schedules. It is simply a tool for vulnerability management we wanted to bring to our users.

Happy holidays!

Cheers,
Franco

tillsense · December 28, 2016, 08:28:53 PM

Hi Franco,

yes just for testing...and thank you!

QuoteAny help in making 17.1 the best it could possibly be for its final release at the end of January 2017 is highly appreciated. Please do not hesitate to contact us through any of the known channels:

how can i install one of the new kernel(latest/route) in sets? The base package is missing/not necessary? What is *route*? (rc*out*possibly*) 33M?

cheers till

--------------------------------------------------------------------
OPNsense 17.1.b_73-amd64
FreeBSD 11.0-RELEASE-p5
OpenSSL 1.0.2j 26 Sep 2016

franco · December 29, 2016, 09:41:19 AM

The test kernels have no signatures and base sets, you can install them via:

# opnsense-update -kir 17.1.b-NAME

-i is for insecure (no signature)
-k is for kernel only
-r is the name of the release

17.1.b-latest is an up-to-date version of 17.1.b with some modifications to SEGVGUARD by Shawn.

17.1.b-route is a test kernel based on FreeBSD 12-CURRENT GENERIC for work that we do to finally enable multi-wan + ipfw traffic shaping and captive portal usage. I do not recommend using this one. ;)

tillsense · December 29, 2016, 06:41:39 PM

is running... thanks!

Code Select

FreeBSD 11.0-RELEASE-p6 #0 eebfd11d3(master): Sun Dec 25 15:36:58 CET 2016
    root@sensey64:/usr/obj/usr/src/sys/SMP amd64
FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on LLVM 3.8.0)
[HBSD LOG] logging to system: enabled
[HBSD LOG] logging to user: disabled
[HBSD ASLR] status: opt-out
[HBSD ASLR] mmap: 30 bit
[HBSD ASLR] exec base: 30 bit
[HBSD ASLR] stack: 42 bit
[HBSD ASLR] vdso: 28 bit
[HBSD ASLR] map32bit: 18 bit
[HBSD ASLR] disallow MAP_32BIT mode mmap: opt-in
[HBSD ASLR (compat)] status: opt-out
[HBSD ASLR (compat)] mmap: 14 bit
[HBSD ASLR (compat)] exec base: 14 bit
[HBSD ASLR (compat)] stack: 14 bit
[HBSD ASLR (compat)] vdso: 8 bit
[HBSD SEGVGUARD] status: opt-out
[HBSD SEGVGUARD] expiry: 120 sec
[HBSD SEGVGUARD] suspension: 600 sec
[HBSD SEGVGUARD] maxcrashes: 5
CPU: AMD G-T40E Processor (1000.02-MHz K8-class CPU)

--------------------------------------------------------------------
OPNsense 17.1.b_73-amd64
FreeBSD 11.0-RELEASE-p6
OpenSSL 1.0.2j 26 Sep 2016

franco · December 29, 2016, 10:19:19 PM

Cool, thanks. 8)

17.1 beta multiple vulnerabilities NTP / Squid

tillsense

December 23, 2016, 06:27:41 PM

tillsense

December 24, 2016, 07:02:01 AM #1

franco

December 28, 2016, 03:17:02 PM #2 Last Edit: December 28, 2016, 03:18:37 PM by franco

tillsense

December 28, 2016, 08:28:53 PM #3 Last Edit: December 28, 2016, 08:37:55 PM by tillsense

franco

December 29, 2016, 09:41:19 AM #4

tillsense

December 29, 2016, 06:41:39 PM #5

franco

December 29, 2016, 10:19:19 PM #6