Hey all,
I've published a new build of hbsdfw. hbsdfw (short for HardenedBSD
Firewall) is a fork of OPNsense based on HardenedBSD 14-STABLE. It's a
hobby sub-project of HardenedBSD.
Shortly after FreeBSD moved base OpenSSL to 3, the default version in
ports was also bumped to 3. When porting the HardenedBSD 13-STABLE
hbsdfw changes to 14-STABLE, we also inherited the OpenSSL 3 update.
However, the OPNsense codebase is not yet ready for OpenSSL 3 and
(until today) the recent builds of hbsdfw had issues because of
OpenSSL 3.
With this latest build of hbsdfw, I've moved us back to OpenSSL 1.1.1
in ports. I'm happy to report that doing so fixes a lot (all?) of the
problems with broken services like Unbound DNS.
I'm following OPNsense's work closely, paying especially close
attention to anything related to OpenSSL 3 support.
As usual, if you're upgrading an existing installation, these are the
steps to follow:
1. Backup your existing config
2. Reinstall with the new image
3. Restore the config backup
Please let me know if you have any questions, comments, or concerns.
Download link:
https://hardenedbsd.org/~shawn/hbsdfw/hbsdfw_installer_vga_14.0-20231214-083405.iso.xz
SHA256 (hbsdfw_installer_vga_14.0-20231214-083405.iso.xz) = cd36b44c0476d20e34b623e62607c2f6b9a815d3d4ebe5cd9999bcbecd098f44
$ wc -c hbsdfw_installer_vga_14.0-20231214-083405.iso.xz
1608947456 hbsdfw_installer_vga_14.0-20231214-083405.iso.xz
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc