pfSenseをアップデートした記録 2.4.5→2.4.5_1
アップデート内容確認
2.4.5から2.4.5_1(2.4.5-p1)にアップデートします
変更点を確認
https://docs.netgate.com/pfsense/en/latest/releases/2-4-5-p1-new-features-and-changes.html
Security / Errata
Addressed an issue with large pf tables causing system instability and high CPU usage during filter reload events #10414
Fixed an issue with sshguard which could prevent it from protecting against brute force logins #10488
Updated unbound to address CVE-2020-12662 and CVE-2020-12663 #10576
Updated json-c to address CVE-2020-12762 #10609
Addressed FreeBSD Security Advisories & Errata Notices including:
FreeBSD-SA-20:10.ipfw
FreeBSD-SA-20:12.libalias
FreeBSD-SA-20:13.libalias
FreeBSD-SA-20:15.cryptodev
Aliases / Tables
Fixed handling of URL/URL table aliases with IDN hostnames #10321
Authentication
Fixed handling of misconfigured groups which prevented the admin user from making configuration changes #10492
Fixed a potential temporary privilege downgrade when deleting an account #9259
Backup / Restore
Fixed handling of redundant/extraneous RRD tags when making configuration backups #10508
CARP
Fixed handling of IPv6 CARP VIPs with non-significant zeros during XMLRPC sync #6579
Certificates
Fixed a bug which prevented the user from removing a CA private key when editing #10509
Configuration Upgrade
Fixed a PHP error during upgrade from <2.4.3 with empty tags in the IPsec configuration #10458
Console Menu
Changed the naming convention of gateways created at the console to be the same as those created in the GUI #10264
DHCP (IPv6)
Added default value placeholders to some DHCPv6 RA configuration options #10448
Fixed DHCPv6 service Dynamic DNS errors #10346
Fixed rc.newwanipv6 being called for Request messages which dhcp6c should have discarded #9634
Added dashed DUID support to DHCPv6 static mappings #2568
DHCP Relay
Fixed DHCP Relay handling of scenarios where a target server may be on the same interface as some clients #10416
Excluded unsupported interface types from DHCP Relay #10341
DHCP Server
Fixed DHCPv6 static entries not being updated on external Dynamic DNS servers #10412
Fixed DHCPv6 domain-search list not being sent to clients #10200
Fixed DHCP Server not accepting IPv6 addresses for Dynamic DNS servers #6600
Diagnostics
Several improvements and items added to status.php diagnostic output #10455 #10424 #10423 #10350 #10349 #10568
Fixed Require State Filter setting on diag_states.php breaking filter rule link to associated states #10359
DNS Resolver
Fixed IPsec and OpenVPN IPv6 tunnel network/pool prefixes not being added to automatic DNS Resolver ACLs #10460
Fixed EDNS buffer size values to prepare for 2020 DNS flag day #10293
Fixed DNS Resolver handling of entries from DHCP server which contain a trailing dot in domain names #8054
Dynamic DNS
Fixed DigitalOcean Dynamic DNS client handling of IPv6 addresses #10390
Fixed DNSExit update URL #9632
Hardware / Drivers
Added support for iwm devices #7725
Note:This device only supports Station mode. It does not support acting as an access point.
Added ng_etf module to armv6 and aarch64 kernels #10463
Added QLogic 10G driver (qlxgb/qla80xx) #9891
Added virtio_console to the kernel #9985
IPsec
Fixed selection of IPsec VTI Phase 2 local network address/mask values #10418
Fixed saving IPsec connection breaking FRR BGP on VTI interfaces #10351
Updated DH group warnings to say that group 5 is also weak #10221
Fixed disabling IPsec Phase 1 with a VTI Phase 2 #10190
Fixed disabled IPsec Phase 2 entries being unintentionally included in vpn_networks table #7622
L2TP
Changed L2TP mpd.secret handling so that the server is not restarted after adding/modifying L2TP users #4866
Fixed handling of L2TP usernames containing a realm separator (@) #9828
Fixed Shared Secret handling in L2TP #10531 #10527
Limiters
Fixed input validation of limiters with ECN #10211
Fixed bogus extra warning dialog on when deleting limiters #9334
Notifications
Fixed SMTP notification SSL validation to respect the user-selected behavior #10317
NTPD
Added localhost to NTP Interface selection options #10348
OpenVPN
Fixed OpenVPN remote statement protocol handling #10368
Added option to configure OpenVPN username as common name behavior #8289
Operating System
Fixed handling of RAM disk sizes not accounting for existing disk usage when calculating available kernel memory, which could prevent saving #10420
Updated pkg to 1.13.x #10564
Fixed problems preventing the Netgate Coreboot Package from updating Coreboot properly #10573
Packages
Fixed handling of FreeRADIUS passwords containing non-XML-safe characters #4497
Fixed handling of Squid LDAP search filters containing an accent #7654
Fixed issues preventing FRR from working on certain platforms such as SG-1100 (arm64/aarch64) #10444
Fixed issues preventing Suricata from working on certain platforms such as SG-1100 (arm64/aarch64) #10228
Rules / NAT
Fixed Duplicate Outbound NAT entries from L2TP server addresses #10247
Fixed Outbound NAT rules for mobile IPsec users with per-user addresses defined #9320
Fixed IPv6 IP Alias VIPs not being added to Interface Network macros #8256
Fixed Destination port range “Any” in Port Forward rules #7704
Fixed display of interfaces on the Floating rules list #4629
Fixed rule description validation to reject \ #10542
Fixed setting NAT reflection timeout values #10591
Translations
Fixed language selection for Chinese (Taiwan) / HK Translations #10525
Services
Fixed is_process_running() handling of empty process, which could lead to an error when using the CLI to query the status of a service which does not exist #10540
Web Interface
Fixed dark theme auto-complete popup field having dark text on dark background #10499
Fixed using special characters in Schedule descriptions #10305
Fixed WebGUI main page loading very slowly when there is no Internet connectivity #8987
p1ということで脆弱性対応がメインです
アップデートの手順
事前に設定のバックアップをした上で以下の操作でアップデートを実行
手順はいつもと同じです
まずダッシュボードのVersionのところにある雲マークか
System→Updateを選択
2.4.5から2.4.5_1へアップデートと表示出てるのを確認して「Confirm」を押す
無事に完了すると自動で再起動開始されます
最後に2.4.5_1の状態で設定をバックアップして完了
Update時の処理ログ
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
Fetching meta.txz: . done
Fetching packagesite.txz: . done
Processing entries: . done
pfSense-core repository update completed. 7 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: .......... done
pfSense repository update completed. 521 packages processed.
All repositories are up to date.
>>> Setting vital flag on pkg... done.
>>> Removing vital flag from php72... done.
>>> Downloading upgrade packages...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (12 candidates): .......... done
Processing candidates (12 candidates): .......... done
The following 12 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
bind-tools: 9.14.9 -> 9.14.12 [pfSense]
json-c: 0.13.1_1 -> 0.14 [pfSense]
openvpn: 2.4.8 -> 2.4.9 [pfSense]
pfSense: 2.4.5 -> 2.4.5_1 [pfSense]
pfSense-base: 2.4.5 -> 2.4.5_1 [pfSense-core]
pfSense-default-config: 2.4.5 -> 2.4.5_1 [pfSense-core]
pfSense-kernel-pfSense: 2.4.5 -> 2.4.5_1 [pfSense-core]
pfSense-rc: 2.4.5 -> 2.4.5_1 [pfSense-core]
python37: 3.7.6 -> 3.7.7 [pfSense]
sshguard: 2.4.0_3,1 -> 2.4.0_4,1 [pfSense]
strongswan: 5.8.2 -> 5.8.4 [pfSense]
unbound: 1.9.6 -> 1.10.1 [pfSense]
Number of packages to be upgraded: 12
The process will require 9 MiB more space.
78 MiB to be downloaded.
[1/12] Fetching unbound-1.10.1.txz: .......... done
[2/12] Fetching strongswan-5.8.4.txz: .......... done
[3/12] Fetching sshguard-2.4.0_4,1.txz: .......... done
[4/12] Fetching python37-3.7.7.txz: .......... done
[5/12] Fetching pfSense-rc-2.4.5_1.txz: .. done
[6/12] Fetching pfSense-kernel-pfSense-2.4.5_1.txz: .......... done
[7/12] Fetching pfSense-default-config-2.4.5_1.txz: . done
[8/12] Fetching pfSense-base-2.4.5_1.txz: .......... done
[9/12] Fetching pfSense-2.4.5_1.txz: . done
[10/12] Fetching openvpn-2.4.9.txz: .......... done
[11/12] Fetching json-c-0.14.txz: ......... done
[12/12] Fetching bind-tools-9.14.12.txz: .......... done
Checking integrity... done (0 conflicting)
>>> Upgrading pfSense-rc...
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
pfSense-rc: 2.4.5 -> 2.4.5_1 [pfSense-core]
Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-rc from 2.4.5 to 2.4.5_1...
[1/1] Extracting pfSense-rc-2.4.5_1: ...... done
>>> Upgrading pfSense kernel...
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
pfSense-kernel-pfSense: 2.4.5 -> 2.4.5_1 [pfSense-core]
Number of packages to be upgraded: 1
The process will require 8 MiB more space.
[1/1] Upgrading pfSense-kernel-pfSense from 2.4.5 to 2.4.5_1...
[1/1] Extracting pfSense-kernel-pfSense-2.4.5_1: .......... done
===> Keeping a copy of current kernel in /boot/kernel.old
>>> Removing unnecessary packages... done.
Upgrade is complete. Rebooting in 10 seconds.
Success
コメント