Activity
From 04/08/2014 to 05/07/2014
05/07/2014
-
12:57 PM Bug #3645 (Resolved): Many Call-time Pass-by-reference instances in packages need fixed for PHP 5.5
- PHP 5.5 has deprecated call-time pass-by-reference, but many packages still use it for input validation and other pur...
05/05/2014
-
03:20 PM Bug #3641 (Closed): Freeradius Pfsense 2.1.3
- Freeradius does not boot.
Running debug mode radiusd -X
rlm_eap: SSL error error:02001002:system library:fopen:N... -
07:12 AM Bug #3638 (Not a Bug): Radius internal certificate broken in 2.1.12_1/2.2.5 pkg v1.6.7_2 pfSense 2.1.3
- In service > Radius > EAP > CERTIFICATES FOR TLS
If you choose the default option "Choose Cert-Manager" the path ...
04/23/2014
-
- Probably the same root cause as #2495 not a unique bug.
-
04:38 PM Bug #3622 (Rejected): OpenVPN Client Export Utility - Detect the wrong IP when generating config file and a VIP exists
- Let's say you have a WAN Interface with the IP Address 1.1.1.1 and a Virtual IP 2.2.2.2
OpenVPN is listening on the ...
04/17/2014
-
09:44 AM Feature #3608 (Rejected): new package: puppet
- A puppet agent for pfSense. Please review the pull-request and add the
package to the official repository.
https...
04/16/2014
-
11:29 AM Bug #3606 (Resolved): can't use content scanner in Dansguardian 2.12.0.3_2 pkg v.0.1.8 pfsense 2.1.2-RELEASE (amd64)
- i have those messages in system logs
Apr 16 16:17:15 root: /usr/local/etc/rc.d/dansguardian.sh: WARNING: failed to ... -
08:48 AM Bug #3605 (Closed): Dansguardian not saving groups config files with correct PICS paths.
- Either that, or the PICS files are saved as the wrong files.
When saving a PICS list, it saves the file as /usr/pb... -
- I am also seeing this bug. I wish I knew where to submit a report to the dansguardian package maintainer, though.
04/11/2014
-
07:31 PM Bug #3580 (Closed): Stunnel mangled cert on upgrade
-
09:08 AM Bug #3580: Stunnel mangled cert on upgrade
- I have just upgraded to 2.1.2-RELEASE (amd64) and the certificates look fine this time so possibly something else got...
-
- Please post in the forum to discuss and confirm before opening a bug.
You can always see what updated the configurat... -
06:00 AM Bug #3600 (Rejected): Snort rules update causes 'Last config change' in Status: Dashboard
- I updated one of my pfSense 2.1 systems to snort pkg v 3.0.6 last night. Logging in this morning, I saw this in Statu...
04/10/2014
-
03:55 PM Bug #3588: Heartbleed bug in OpenSSL
- Chris Buechler wrote:
> fixed.
PFSense 2.1.2 fixes CVE-2014-0160. -
- fixed.
-
- Frederic MEYER wrote:
> I am on 2.1 and did not upgrade to 2.1.1 (obviously waiting for 2.1.2 now...).
> Nor did I ... -
02:10 PM Bug #3588: Heartbleed bug in OpenSSL
- I am on 2.1 and did not upgrade to 2.1.1 (obviously waiting for 2.1.2 now...).
Nor did I have to reboot to see the p... -
- Frederic MEYER wrote:
> That's my point!
> So I don't understand David's output even though he claims to have updat... -
- We're looking into a way to do that but the version numbers are controlled by the FreeBSD port versions and not direc...
-
11:32 AM Bug #3588: Heartbleed bug in OpenSSL
- Don't get me wrong, but "if the version number on the PBI file itself did not change" is just something that *never* ...
-
- No, but you may have to uninstall and reinstall the package if the version number on the PBI file itself did not change.
-
- Frederic MEYER wrote:
> That's my point!
> So I don't understand David's output even though he claims to have updat... -
- Ah, well he's looking at output without considering the wrappers. He's checking the base system and not the self-cont...
-
- That's my point!
So I don't understand David's output even though he claims to have updated his system. -
- What is wrong in that output? 1.0.1g is the updated/fixed/correct version.
-
- Correct.
And, as Jeremy said,
> "Please note that haproxy-devel seems to ship its own instance own instance of o... -
- PBI packages are run using wrappers such that they see the libraries present inside of their own PBI dir. Checking wi...
-
- Frederic MEYER wrote:
> FWIW, haproxy-devel package seems to have been updated a few hours ago and bumped to 1.5-dev... -
- Agreed. Not the best place.
Will look at the development forum. -
03:48 AM Bug #3588: Heartbleed bug in OpenSSL
- Not really the place for a long off-topic discussion in a bug. I'll support Lane's suggestion to sign up for pfSense ...
-
- FWIW, haproxy-devel package seems to have been updated a few hours ago and bumped to 1.5-dev22 pkg v 0.8.
I did the ... -
02:09 AM Bug #3588: Heartbleed bug in OpenSSL
- Since others are pointing me to this ticket to keep tabs I thought it best to comment with something useful.
If yo... -
02:01 AM Bug #3588: Heartbleed bug in OpenSSL
- To everyone involved, is there anything we can do to assist with getting this released? Rather keen to get this patch...
04/09/2014
-
07:35 PM Bug #3588: Heartbleed bug in OpenSSL
- Jim Thompson wrote:
> And you registered only today to tell us that?
>
> Hi Jim,
> I do not think comments like this ... -
07:29 PM Bug #3588: Heartbleed bug in OpenSSL
- Jim Thompson wrote:
> Justin Foreman wrote:
> > Agreed with Sam. I've had to make the call to disable our VPN. The ... -
07:05 PM Bug #3588: Heartbleed bug in OpenSSL
- in any case, yes, this bug had to be fixed.
and while we were in there, the ECDSA bug had to be fixed (note that i... -
- Note: This bug is for Heartbleed in _packages_, and many (if not all) of those have already been updated and bumped s...
-
- Justin Foreman wrote:
> Agreed with Sam. I've had to make the call to disable our VPN. The natives are getting restl... -
06:56 PM Bug #3588: Heartbleed bug in OpenSSL
- We know its vulnerable, but for what its worth.. I have tested the POC available here: https://gist.github.com/mpdavi...
-
06:55 PM Bug #3588: Heartbleed bug in OpenSSL
- The release will be done when its done.
I release involves some 80+ variants all of which have to be built.
Build... -
- Agreed with Sam. I've had to make the call to disable our VPN. The natives are getting restless. This is a *security*...
-
- Any update with this?
It's pretty critical... -
- Guys, can someone fix the CRLs in 2.1.1 *before* releasing 2.1.2? A LOT of people will want/need to revoke certificat...
-
- When will haproxy-devel be available as a separate update? This would solve my problem.
-
04:29 AM Bug #3588: Heartbleed bug in OpenSSL
- I don't know more than you, but once Chris and the US wakes up, by the look of the above. ie sometime on Apr 9: US ti...
-
04:27 AM Bug #3588: Heartbleed bug in OpenSSL
- Is there any ETA on new release? A realistic one, not 1 hour then 10+ :)
I need to patch but I'd rather wait and ... -
04:15 AM Bug #3588: Heartbleed bug in OpenSSL
- Phil Jaenke wrote:
> Lot's of PolarSSL stuff and about how awesome it is ....
Don't think a bug report is the r...
04/08/2014
-
10:11 PM Bug #3588: Heartbleed bug in OpenSSL
- Please note that haproxy-devel seems to ship its own instance own instance of openssl, so will need to be reviewed as...
-
08:53 PM Bug #3588: Heartbleed bug in OpenSSL
- Chris Buechler wrote:
> "actually been audited", "has a vastly better track record"? Uh, no. OpenSSL has had a lot m... -
- oh that. 1 hour, hah! I wish. We've burned easily 20+ man hours in the last day on this.
-
- nothing says "1 hour", it takes 4-5 times that long just to build a release, much less actually test it and push it o...
-
06:16 PM Bug #3588: Heartbleed bug in OpenSSL
- Revised time estimate? Says "1 hour" up top, which strikes me as overly optimistic.
Thanks,
-danny -
- "actually been audited", "has a vastly better track record"? Uh, no. OpenSSL has had a lot more eyes on it than Polar...
-
- At this point, I would vastly prefer to see OpenSSL kicked to the curb as unceremoniously as possible in favor of Pol...
-
- Not exactly. The problem in packages is distinct from the one in base. The base firmware update won't fix package and...
-
- Additionally, already reported in #3585
-
- It's known and we're already working on it.
-
- http://heartbleed.com reports a serious defect in OpenSSL 1.0.1 that has been fixed in 1.0.1g
haproxy is vulnerable. -
- fixed
-
01:52 PM Bug #3590 (Resolved): Snort package missing
- When attempting to install snort from PFsense, the package is missing from the repo.
Beginning package installatio... -
05:53 AM Bug #3584: arpwatch package fails to start in pfsense 2.1.1
- Thanks for the quick response which was right on the spot.
I made the proposed change to /usr/local/pkg/arpwatch.xml... -
- This recent commit introduced those quotes to the arpwatch package: https://github.com/pfsense/pfsense-packages/commi...
-
- I'm not sure if this is a bug with arpwatch or with pfsense 2.1.1, it did not happen in pfsense 2.1 though, with the ...
-
01:05 AM Feature #3583 (Closed): haproxy-devel: individual backend for each acl
- To define several backends based on acl's for one frontend a backend selection iten is recommended for each acl - cur...
Also available in: Atom