pfSense » pfSense Packages

12/18/2019

08:00 AM Feature #9973 (Pull Request Review): Nagios NRPE package isn't IPv6 capable

Jim Pingle

07:52 AM Feature #9973: Nagios NRPE package isn't IPv6 capable

Jim Pingle wrote:
> Not a bug, but a missing feature.
binding IP: I can only give one IP. For Dual Stack I need t... Viktor Gurov

06:49 AM Feature #9824 (Resolved): Add support for DuckDuckGo's Safe Search

Tested on pfSense 2.5.0.a.20191217.2217, squid 0.4.44_9
Resolved Viktor Gurov

06:40 AM Feature #9982 (Pull Request Review): basic_ldap_auth TLS connection

Jim Pingle

05:47 AM Feature #9982 (Feedback): basic_ldap_auth TLS connection

Allow to use -Z option by basic_ldap_auth for TLS LDAP connection
see:
http://www.squid-cache.org/Versions/v3/3.2... Viktor Gurov

06:09 AM Bug #9962: HAproxy Upgrade needed HTTP/2 CVE-2019-19330

any update of status? DRago_Angel [InV@DER]

03:14 AM Bug #9219 (Resolved): STunnel: .pem files are created with incorrect permissions.

Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on pfSense 2.5.0.a.20191217.2217 with stunnel 5.50_3
... Viktor Gurov

12/17/2019

08:29 PM Bug #9980: Fresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL

Thanks for the fast response!
I don't use Barnyard2, so that's good news for me.
But for others... is this ther... Sean McBride

08:21 PM Bug #9980: Fresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL

The MySQL dependency is actually being pulled in by Barnyard2 and not Suricata itself. So long as you do not configur... Bill Meeks

06:17 PM Bug #9980 (Closed): Fresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL

5 minutes ago I installed Suricata 4.1.5 package on pfSense 2.4.4-RELEASE-p3 (both newest at this time). It output a... Sean McBride

08:24 PM Bug #9981: Suricata "Use IP Reputation Lists on this interface." actually defaults to ON, despite incorrect comment.

Internal bug tracking list? Should I be filing somewhere else than here? Sean McBride

08:22 PM Bug #9981: Suricata "Use IP Reputation Lists on this interface." actually defaults to ON, despite incorrect comment.

I'll look into this and add it to my internal bug tracking list for Suricata. Bill Meeks

06:32 PM Bug #9981 (Resolved): Suricata "Use IP Reputation Lists on this interface." actually defaults to ON, despite incorrect comment.

See attached.
Despite the comment, that option is *ON* by default. I just did a fresh install. Sean McBride

08:01 AM Feature #9974 (Feedback): Add pfSense package for sysutils/node_exporter

PR has been manually merged. Thanks! Renato Botelho

08:00 AM Feature #9974 (Resolved): Add pfSense package for sysutils/node_exporter

PR: https://github.com/pfsense/FreeBSD-ports/pull/653 Renato Botelho

07:58 AM Bug #9807: Packets Monitoring graphs are being incorrectly scaled

This was picked back to 2.4.5 as well, so needs testing there. Jim Pingle

06:28 AM Bug #9807 (Feedback): Packets Monitoring graphs are being incorrectly scaled

PR has been merged. Thanks! Renato Botelho

07:28 AM Feature #9973: Nagios NRPE package isn't IPv6 capable

Not a bug, but a missing feature. Jim Pingle

04:54 AM Feature #9973 (New): Nagios NRPE package isn't IPv6 capable

In pfSense 2.4.4p3 Nagios NRPE package lacks IPv6 capabilities.
1. binding IP: I can only give one IP. For Dual St... Pim Pish

06:19 AM Bug #9219 (Feedback): STunnel: .pem files are created with incorrect permissions.

PR has been merged. Thanks! Renato Botelho

12/16/2019

10:23 AM Bug #9220 (Pull Request Review): STunnel: Tunnel list does not show certificate

Jim Pingle

09:01 AM Bug #9220: STunnel: Tunnel list does not show certificate

https://github.com/pfsense/FreeBSD-ports/pull/720 Viktor Gurov

10:23 AM Bug #9652 (Pull Request Review): Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc

Jim Pingle

10:23 AM Bug #9219 (Pull Request Review): STunnel: .pem files are created with incorrect permissions.

Jim Pingle

10:22 AM Bug #9807 (Pull Request Review): Packets Monitoring graphs are being incorrectly scaled

Jim Pingle

12/14/2019

02:00 AM Bug #9652: Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc

https://github.com/pfsense/FreeBSD-ports/pull/719 Viktor Gurov

12/13/2019

11:37 PM Bug #9219: STunnel: .pem files are created with incorrect permissions.

https://github.com/pfsense/FreeBSD-ports/pull/718 Viktor Gurov

12/12/2019

01:28 PM Bug #9807: Packets Monitoring graphs are being incorrectly scaled

https://github.com/pfsense/FreeBSD-ports/pull/717 Viktor Gurov

07:02 AM Bug #9807: Packets Monitoring graphs are being incorrectly scaled

They are a part of the Status_Monitoring package (which is included in the base install), so the files are in the fre... Jim Pingle

06:41 AM Bug #9807: Packets Monitoring graphs are being incorrectly scaled

for some reason there is no rrd_fetch_json.php and status_monitoring.php files on github
fixed version:... Viktor Gurov

12/11/2019

11:42 PM Bug #9967 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services

Please post on the forum to discuss and identify the issue. There is not enough information here to know what the iss... Jim Pingle

10:12 PM Bug #9967 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services

ear in pf sense 2.4.4-DEVELOPMENT (AMD64) when squid proxy sever enable the squid SSL Filtering option for block secu... Noman Akbar

08:13 AM Bug #9965 (Resolved): Since 0.15.7_2, legit LDAP server certs cannot be selected anymore

Thanks for testing! Jim Pingle

08:00 AM Bug #9965: Since 0.15.7_2, legit LDAP server certs cannot be selected anymore

Excellent; thank you very much! I can confirm this is fixed here! Didier Raboud

07:50 AM Bug #9965 (Feedback): Since 0.15.7_2, legit LDAP server certs cannot be selected anymore

Fixed in 0.15.7_7 Jim Pingle

05:29 AM Bug #9965 (Resolved): Since 0.15.7_2, legit LDAP server certs cannot be selected anymore

It seems that https://github.com/pfsense/FreeBSD-ports/commit/8cbbd84a374f4942e082c5898e93040c5ac65bbb broke the `/pk... Didier Raboud

07:53 AM Bug #9962: HAproxy Upgrade needed HTTP/2 CVE-2019-19330

The new versions are in the ports tree in master, but need picked back to devel, RELENG_2_4_4, and RELENG_2_4_5 Jim Pingle

12/10/2019

08:11 AM Bug #9962 (Resolved): HAproxy Upgrade needed HTTP/2 CVE-2019-19330

[https://nvd.nist.gov/vuln/detail/CVE-2019-19330]
Haproxy 1.8 need be updated to 1.8.23 (RD: 2019/11/25) from 1.8.... DRago_Angel [InV@DER]

12/06/2019

10:40 PM Bug #9960 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services

Do not open issues here for this. Post on the forum to discuss and diagnose the problem and obtain more information. ... Jim Pingle

10:38 PM Bug #9960 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services

dear in pf sense 2.5.0-DEVELOPMENT (AMD64) when squid proxy sever enable the squid SSL Filtering option for block sec... Noman Akbar

10:32 PM Feature #9959 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services

Please post on the forum to discuss and identify the issue. There is not enough information here. 2.5.0 is in develop... Jim Pingle

10:29 PM Feature #9959 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services

dear in pf sense 2.5.0-DEVELOPMENT (AMD64) when squid proxy sever enable the squid SSL Filtering option for block sec... Noman Akbar

12/02/2019

04:26 PM Bug #9849: NUT not starting as root? Isn't loading USB drivers?

Braden McGrath wrote:
> Ryan McCullough wrote:
> > It looks like the NUT/UPS driver isn't loading the USB driver un... Ryan McCullough

04:16 PM Bug #9849: NUT not starting as root? Isn't loading USB drivers?

Ryan McCullough wrote:
> It looks like the NUT/UPS driver isn't loading the USB driver unless I pass the "-u root" p... Braden McGrath

01:24 PM Bug #9940 (Duplicate): Removing "default" view under monitoring blocked

Duplicate of #9352 Jim Pingle

12:56 PM Bug #9940 (Duplicate): Removing "default" view under monitoring blocked

I managed to add a extra view named "default" in the monitoring page. When trying to remove said misstake it is not p... Joakim Dellrud

11/29/2019

08:29 AM Bug #9935 (Pull Request Review): hide ECDSA certs for Zabbix

Jim Pingle

07:41 AM Bug #9932 (Rejected): Squid is not showing CAs for SSL Interception

Can't reproduce this on 2.5.0 or 2.4.4 Both show CAs as they should. Post on the forum if you are still having issues. Jim Pingle

11/28/2019

10:18 AM Bug #9935 (Resolved): hide ECDSA certs for Zabbix

ECDSA certificates are not yet supported in Zabbix
see https://support.zabbix.com/browse/ZBXNEXT-5475
https:/... Viktor Gurov

08:00 AM Bug #9934: suricata update kills WAN interface

Suricata is running in INLINE IPS mode. Every time, when suricata is stopped or started, it does a link up/down. Is t... Srijan Nandi

07:28 AM Bug #9934 (Closed): suricata update kills WAN interface

Hello Everyone,
I am running pfSense *2.4.4-RELEASE-p3 (amd64*) with suricata *VERSION 4.1.5_2*. I had set suricat... Srijan Nandi

02:55 AM Feature #9901 (Resolved): show ECDSA CAs only with correct curves

tested on pfSense 2.5.0.a.20191127.2047 with squid 0.4.44_9
correct, resolved Viktor Gurov

02:54 AM Feature #9906 (Resolved): show ECDSA CAs and certs only with correct curves

tested on pfSense 2.5.0.a.20191127.2047 with freeradius3 0.15.7_6
correct, resolved Viktor Gurov

02:53 AM Bug #9919 (Resolved): stunnel server connection failure if ECDSA cert is not in IPsec list

tested on pfSense 2.5.0.a.20191127.2047 with stunnel 5.50_2
correct, resolved Viktor Gurov

02:51 AM Feature #9929 (Resolved): show only ECDSA-safe exports packages

tested on pfSense 2.5.0.a.20191127.2047 with openvpn-client-export 1.4.19_1
correct, resolved Viktor Gurov

11/27/2019

12:06 PM Bug #9932: Squid is not showing CAs for SSL Interception

Correct Version: 0.4.44_9 Nicolas Bezutt

11:58 AM Bug #9932 (Rejected): Squid is not showing CAs for SSL Interception

After update to 0.4.4_9, the CA field in SSL Man In The Middle Filtering is no more showing any certificates. Older V... Nicolas Bezutt

10:24 AM Feature #9929 (Feedback): show only ECDSA-safe exports packages

PR has been merged. Thanks! Renato Botelho

07:59 AM Feature #9929 (Pull Request Review): show only ECDSA-safe exports packages

Jim Pingle

04:32 AM Feature #9929: show only ECDSA-safe exports packages

two more packages with certificates left - Zabbix-agent and Net-SNMP Viktor Gurov

04:29 AM Feature #9929 (Resolved): show only ECDSA-safe exports packages

show only ECDSA-safe exports packages on OpenVPN \ Client Export Utility page
i.e. certs with prime256v1, secp384r... Viktor Gurov

10:23 AM Feature #9901 (Feedback): show ECDSA CAs only with correct curves

PR has been merged. Thanls! Renato Botelho

11/25/2019

10:40 AM Bug #9919 (Feedback): stunnel server connection failure if ECDSA cert is not in IPsec list

PR has been merged. Thanks! Renato Botelho

10:38 AM Feature #9906 (Feedback): show ECDSA CAs and certs only with correct curves

PR has been merged. Thanks! Renato Botelho

08:46 AM Bug #9922 (Feedback): haproxy_version does not use full path to haproxy, leads to errors when run during cron

Fixed:
https://github.com/pfsense/FreeBSD-ports/commit/47f4f91aa8159e47f24990eb2496784cb9ef07c6
https://github.co... Jim Pingle

08:41 AM Bug #9922 (Resolved): haproxy_version does not use full path to haproxy, leads to errors when run during cron

When /etc/rc.filter_configure_sync is run from cron, it yields errors from haproxy. For example in this simulated run... Jim Pingle

11/23/2019

11:00 PM Bug #9919 (Pull Request Review): stunnel server connection failure if ECDSA cert is not in IPsec list

Jim Pingle

03:03 AM Bug #9919: stunnel server connection failure if ECDSA cert is not in IPsec list

https://github.com/pfsense/FreeBSD-ports/pull/712 Viktor Gurov

02:42 AM Bug #9919 (Resolved): stunnel server connection failure if ECDSA cert is not in IPsec list

stunnel client can use cert with any ECDSA curve,
but if stunnel server use incorrect (not prime256v1, secp384r1, se... Viktor Gurov

11/22/2019

08:11 AM Feature #9742: Print Patch ID in log while patching

The sshguard log message wouldn't be related.
I see logs for manual patching and reverting, but no log messages wh... Jim Pingle

01:23 AM Feature #9742: Print Patch ID in log while patching

tested on pfSense 2.5.0.a.20191121.2127 with System_Patches 1.2_4
test patch: https://github.com/pfsense/pfsense/com... Viktor Gurov

01:26 AM Bug #9850 (Resolved): show huperscan option only for x86 arch

Tested on 2.5.0.a.20191121.1639 (SG-1000, arm) and suricata 4.1.5_2
Ok, Resolved Viktor Gurov

11/21/2019

02:28 PM Feature #9874 (Pull Request Review): safesearch enforcing

Jim Pingle

03:24 AM Feature #9874: safesearch enforcing

received email from Yandex support with the list of domains for redirection:... Viktor Gurov

02:27 PM Feature #9916 (Pull Request Review): Check allow-transfer in custom option when the zone is slave

Jim Pingle

01:32 PM Feature #9916 (Resolved): Check allow-transfer in custom option when the zone is slave

If i add custom option (allow-transfer) to my slave zone, bind exit with error, because say already defined this opti... Am1g0 B0y

11/19/2019

01:45 PM Bug #9795: FRR add two or more ipv6 BGP Neighbors will system down

i try setup use openbgpd normarl work ipv6 with openvpn. so i think the frr sure has bugs. yon Liu

12:10 AM Feature #9913 (Resolved): Adding note Squid Traffic Managment Settings about feature limit

Squid Traffic Managment Settings mostly works with generic HTTP, so that, it may not work without HTTPS Interception ... Constantine Kormashev