Hi there,
A small update ships several improvements and preparations for the upcoming version 18.7. We are also bundling a patch for the lazy FPU state restore information disclosure.
Here are the full patch notes:
- system: enforce full password policy check for local passwords including TOTP
- system: add RFC 7919 DH parameter files for upcoming 18.7 feature
- system: add 3072-bit RSA key length options to certificates (contributed by Justin Coffman)
- system: move auto-cron jobs to plugin files
- interfaces: refactor reload handling around interfaces_configure()
- interfaces: allow private addresses in 6RD
- interfaces: check existence of "status" (contributed by Tian Yunhao)
- reporting: add NetFlow/Insight database force repair function
- dhcp: update from ISC version 4.3 to 4.4
- importer: allow ZFS import for upcoming 18.7 ZFS installer feature
- importer: allow import from simple MSDOS USB drives
- intrusion detection: add app detect rules (contributed by Michael Muenz)
- rc: suppress message of service not enabled on NetFlow backup
- rc: use exec in /etc/rc and /etc/rc.shutdown hooks
- rc: rework rc.syshook facility to be driven by directories and not suffixes
- unbound: remove defunct unbound_statistics() function
- plugins: os-postfix 1.4 advanced force recipient check (contributed by Michael Muenz)
- plugins: service start corrections for accompanying rc.syshook changes
- src: incorrect TLB shootdown for Xen-based guests[1]
- src: lazy FPU state restore information disclosure[2]
- src: enable usage of locate(1) utility
- ports: isc-dhcp 4.4.1[3]
- ports: php 7.1.19[4]
- ports: unbound 1.7.3[5]
Stay safe,
Your OPNsense team