Crea sito
RSS

pfSense 2.1.4

28 Giugno 2014

pfSense

pfsense-64

pfSense

pfSense è un distribuzione BSD derivata da m0n0wall, perciò basata su FreeBSD, nata per essere usata come firewall o router sui PC. Utilizza Packet Filter, FreeBSD 6.x e  ALTQ.

Versione 2.1.4

Questa versione contiene (In Inglese):

  • Patch for Captive Portal pipeno leaking issue which leads to the ‘Maximum login reached’ on Captive Portal. #3062
  • Remove text not relevant to Allowed IPs on the Captive Portal. #3594
  • Remove units from burst as it is always specified in bytes. (Per ipfw(8)).
  • Add column for internal port on UPnP status page.
  • Make listening on interface rather than IP optional for UPnP.
  • Fix highlighting of selected rules. #3646
  • Add guiconfig to widgets not including it. #3498
  • /etc/version_kernel and /etc/version_base no longer exist, use php_uname to get the version for XMLRPC check instead.
  • Fix variable typo. #3669
  • Delete all IP Aliases when an interface is disabled. #3650
  • Properly handle RRD archive rename during upgrade and squelch errors if it fails.
  • Convert protocol ssl:// to https:// when creating HTTP headers for XMLRPC.
  • Show disabled interfaces when they were already part of an interface group. This avoids showing a random interface instead and letting the user add it by mistake. #3680
  • The client-config-dir directive for OpenVPN is also useful when using OpenVPN’s internal DHCP while bridging, so add it in that case also.
  • Use curl instead of fetch to download update files. #3691
  • Escape variable before passing to shell from stop_service().
  • Add some protection to parameters that come through _GET in service management.
  • Escape argument on call to is_process_running, also remove some unecessary mwexec() calls.
  • Do not allow interface group name to be bigger than 15 chars. #3208
  • Be more precise to match members of a bridge interface, it should fix #3637
  • Do not expire already disabled users, it fixes #3644
  • Validate starttime and stoptime format on firewall_schedule_edit.php
  • Be more careful with host parameter on diag_dns.php and make sure it’s escaped when call shell functions
  • Escape parameters passed to shell_exec() in diag_smart.php and elsewhere
  • Make sure variables are escaped/sanitized on status_rrd_graph_img.php
  • Replace exec calls to run rm by unlink_if_exists() on status_rrd_graph_img.php
  • Replace all `hostname` calls by php_uname(‘n’) on status_rrd_graph_img.php
  • Replace all `date` calls by strftime() on status_rrd_graph_img.php
  • Add $_gb to collect possibly garbage from exec return on status_rrd_graph_img.php
  • Avoid directory traversal in pkg_edit.php when reading package xml files, also check if file exists before try to read it
  • Remove id=0 from miniupnpd menu and shortcut
  • Remove . and / from pkg name to avoid directory traversal in pkg_mgr_install.php
  • Fix core dump on viewing invalid package log
  • Avoid directory traversal on system_firmware_restorefullbackup.php
  • Re-generate session ID on a successful login to avoid session fixation
  • Protect rssfeed parameters with htmlspecialchars() in rss.widget.php
  • Protect servicestatusfilter parameter with htmlspecialchars() in services_status.widget.php
  • Always set httponly attribute on cookies
  • Set ‘Disable webConfigurator login autocomplete’ as on by default for new installs
  • Simplify logic, add some protection to user input parameters on log.widget.php
  • Make sure single quotes are encoded and avoid javascript injection on exec.php
  • Add missing NAT protocols on firewall_nat_edit.php
  • Remove extra data after space in DSCP and fix pf rule syntax. #3688
  • Only include a scheduled rule if it is strictly before the end time. #3558

Risorse

La distribuzione può essere scaricata da:

Il sito web della distribuzione è: http://www.pfsense.org/

Conclusioni

Il fix più importante è stato per il bug di OpenSSSL

Subscribe

Subscribe to our e-mail newsletter to receive updates.

No comments yet.

Leave a Reply