pfSenseをアップデートした記録 2.4.5_1→2.5.0
アップデート内容確認
2.4.5_1(2.4.5-p1)から2.5.0にアップデートします
変更点を確認
https://docs.netgate.com/pfsense/en/latest/releases/2-5-0.html
pfSense Plus
Support for Intel® QuickAssist Technology, also known as QAT.
QAT accelerates cryptographic and hashing operations on supported hardware, and can be used to accelerate IPsec, OpenVPN, and other OpenCrypto Framework-aware software.
Supported hardware includes many Intel-based systems sold by Netgate (e.g. XG-7100, SG-5100) and add-on cards.
From the FreeBSD man page:
The qat driver supports the QAT devices integrated with Atom C2000 and C3000 and Xeon C620 and D-1500 chipsets, and the Intel QAT Adapter 8950.
It can accelerate AES in CBC, CTR, XTS (except for the C2000) and GCM modes, and can perform authenticated encryption combining the CBC, CTR and XTS modes with SHA1-HMAC and SHA2-HMAC. The qat driver can also compute SHA1 and SHA2 digests.
Improved SafeXcel cryptographic accelerator support for SG-2100 and SG-1100 which can improve IPsec performance.
From the FreeBSD man page:
The driver can accelerate the following AES modes: AES-CBC, AES-CTR, AES-XTS, AES-GCM, AES-CCM
The driver also implements SHA1 and SHA2 transforms, and can combine AES-CBC and AES-CTR with SHA1-HMAC and SHA2-HMAC for encrypt-then-authenticate operations.
Updated IPsec profile export
Exports Apple profiles compatible with current iOS and OS X versions
New export function for Windows clients to configure tunnels using PowerShell
Operating System / Architecture changes
Base OS upgraded to FreeBSD 12.2-STABLE
OpenSSL upgraded to 1.1.1i-freebsd
PHP upgraded to 7.4 #9365 #10659
Python upgraded to 3.7 #9360
Security / Errata
Deprecated the built-in relayd Load Balancer #9386
relayd does not function with OpenSSL 1.1.x
The relayd FreeBSD port has been changed to require libressl – There is no apparent sign of work to make it compatible with OpenSSL 1.1.x
The HAProxy package may be used in its place; It is a much more robust and more feature-complete load balancer and reverse proxy
For more information on implementing HAProxy, see HAProxy package and the Hangout
Aliases/Tables
Fixed aliases to allow IPv6 prefix entries which end in IPv4 addresses (e.g. x:x:x:x:x:x:d.d.d.d from RFC 4291 section 2.2.2) #10694
Fixed a PHP error processing aliases when the configuration contains no aliases section #9936
Fixed URL-based Alias only storing last-most entry in the configuration #9074
Fixed an issue with PF tables remaining active after they had been deleted #9790
Added Internationalized domain names support for aliases #7255
Added the ability to copy an existing alias when creating a new entry #6908
Fixed handling of URL-based aliases containing multiple URLs #11256
Authentication
Added RADIUS authentication for SSH users #10545
Added LDAP authentication for SSH users #8698
Added option to control behavior of unauthenticated LDAP binds #9909
Converted LDAP TLS setup from environment variables to LDAP_OPT_X_TLS_* options #9417
Set RADIUS NAS Identifier to include webConfigurator and the firewall hostname when logging in the GUI #9209
Added LDAP extended query for groups in RFC2307 containers #9527
Fixed errors when using RADIUS for GUI authentication while the WAN is down #11109
Backup/Restore
Changed crypt_data() to use stronger key derivation #9421
Updated crypt_data() syntax for OpenSSL 1.1.x #9420 #10178
Disabled AutoConfigBackup manual backups when AutoConfigBackup is disabled #9785
Improved error handling when attempting to restore encrypted and otherwise invalid configurations which result in errors (e.g. wrong encryption passphrase, malformed XML) #10179
Added option to include the DHCP v4/v6 leases database in config.xml backups #10910
Added option to include the Captive Portal database in config.xml backups #10868
Added option to include the Captive Portal used MACs database in config.xml backups #10856
Added option to prevent all extra data from being added to config.xml backups #10914
Added password confirmation when encrypting a config.xml backup #10301
Added support for GPT partitioned drives to the External Configuration Locator #9097
Added support for Limiters to the Traffic Shaper backup and restore area option #4763
Added option to backup Dynamic DNS area #3559
Fixed restoration of active voucher data from backup #3128
Captive Portal
Improved XMLRPC sync of Captive Portal database information #97
Changed Captive Portal vouchers to use phpseclib so it can generate keys natively in PHP, and to work around OpenSSL deprecating key sizes needed for vouchers #9443
Added trim() to the submitted username, so that spaces before/after in input do not cause authentication errors #9274
Optimized Captive Portal authentication attempts when using multiple authentication servers #9255
Fixed Captive Portal session timeout values for RADIUS users who do not have a timeout returned from the server #9208
Changed Captive Portal so that users no longer get disconnected when changes are made to Captive Portal settings #8616
Added an option so that Captive Portals may choose to remove or retain logins across reboot #5644
Fixed deletion of related files when removing a Captive Portal zone #10891
Fixed XMLRPC sync of Captive Portal used MACs database #10857
Added validation of Captive Portal zone names to prevent using reserved words #10798
Added support for IDN hostnames to Captive Portal Allowed Hostnames tab #10747
Improved Captive Portal Allowed Hostnames so it supports multiple DNS records in responses #10724
Fixed retention of automatic pass-through MAC entries when using Captive Portal Vouchers #9933
Fixed Captive Portal Bandwidth per-user bandwidth limit values being applied when disabled #9437 #9311
Changed handling of voucher logins with Concurrent Login option so that new logins are prevented rather than removing old sessions #9432 #2146
Changed XMLRPC behavior to not remove zones from secondary node when disabling Captive Portal #9303
Fixed XMLRPC sync failing to propagate voucher roll option changes to the secondary node #8809
Fixed XMLRPC sync failing to create Captive Portal voucher files on secondary node #8807
Fixed Captive Portal + Bridge interface validation #6528
Added support for masking of Captive Portal pass-thru MACs #2424
Added support for pre-filling voucher codes via URL parameters, so they can be used via QR code #1984
Certificates
Fixed OCSP stapling detection for OpenSSL 1.1.x #9408
Fixed GUI detection of revoked status for certificates issued and revoked by an intermediate CA #9924
Removed PKCS#12 export links for entries which cannot be exported in that format (e.g. no private key) #10284
Added an option to globally trust local CA manager entries #4068
Added support for randomized certificate serial numbers when creating or signing certificates with local internal CAs #9883
Added validation for CA/CRL serial numbers #9883 #9869
Added support for importing ECDSA keys in certificates and when completing signing requests #9745
Added support for creating and signing certificates using ECDSA keys #9843 #10658
Added detailed certificate information block to the CA list, using code shared with the Certificate list #9856
Added Certificate Lifetime to certificate information block #7332
Added CA validity checks when attempting to pre-fill certificate fields from a CA #3956
Added a daily certificate expiration check and notice, with settings to control its behavior and notifications (Default: 27 days) #7332
Added functionality to import certificates without private keys (e.g. PKCS#11) #9834
Added functionality to upload a PKCS#12 file to import a certificate #8645
Added CA/Certificate renewal functionality #9842
This allows a CA or certificate to be renewed using its current settings (or a more secure profile), replacing the entry with a fresh one, and optionally retaining the existing key.
Added an “Edit” screen for Certificate entries
This view allows editing the Certificate Descriptive name field #7861
This view also adds a (not stored) password field and buttons for exporting encrypted private keys and PKCS#12 archives #1192
Improved default GUI certificate strength and handling of weak values #9825
Reduced the default GUI web server certificate lifetime to 398 days to prevent errors on Apple platforms #9825
Added notes on CA/Cert pages about using potentially insecure parameter choices
Added visible warnings on CA/Cert pages if parameters are known to be insecure or not recommended
Revamped CRL management to be easier to use and more capable
Added the ability to revoke certificates by serial number #9869
Added the ability to revoke multiple entries at a time #3258
Decluttered the main CRL list screen
Moved to a single CRL create control to the bottom under the list rather than multiple buttons
Optimized CA/Cert/CRL code in various ways, including:
Actions are now performed by refid rather than array index, which is more accurate and not as prone to being affected by parallel changes
Improved configuration change descriptions as shown in the GUI and configuration history/backups
Miscellaneous style and code re-use improvements
Changed CA/Cert date calculations to use a more accurate method, which ensures accuracy on ARM past the 2038 date barrier #9899
Configuration Backend
Changed error handling on boot error ‘XML configuration file not found’ so the user is given an opportunity to fix the problem manually #10556
Configuration Upgrade
Retired m0n0wall configuration upgrade support #10997
Console Menu
Fixed rc.initial execution of rc.local.running #10978
Fixed rc.initial handling of -c commands with arguments #10603
Fixed console menu display of subnet masks for DHCP interfaces #10740
Dashboard
Added PPP uptime to the Dashboard Interfaces Widget #9426
Improved long description truncation behavior in the services status widget #10795
Fixed Dashboard traffic graph widget display of bandwidth units (b/s vs. B/s) #9072
Added adaptive state timeout indication to the state table usage meter #7016
Fixed Thermal Sensors dashboard widget showing invalid sensors #10963
Added default route indicator to Gateways widget #11057
Added hardware interface name as a tooltip on Interfaces widget entries #11041
DHCP (IPv4)
Fixed handling of spaces in DHCP lease hostnames by dhcpleases #9758
Fixed DHCP leases hostname parsing problems which prevented some hostnames from being displayed in the GUI #3500
Added OMAPI settings to the DHCP Server #7304
Increased number of NTP servers sent via DHCP to 3 #9661
Added an option to prevent known DHCP clients from obtaining addresses on any interface (e.g. known clients may only obtain an address from the interface where the entry is defined) #1605
Added count of static mappings to list when editing DHCP settings for an interface #9282
Fixed handling of client identifiers on static mappings containing double quotes #10295
Added ARM32/64 network booting support to the DHCP Server #10374
Increased the number of NTP servers for DHCP Static Mappings #10333
Fix DHCP Dynamic DNS handling of per-host zone and key options from static mappings #10224
Added per-host custom BOOTP/DHCP Options to static mappings #8990
Added a button to clear all DHCP leases #7406
Fixed ARPA zone declaration formatting in DHCP server configuration file #11224
DHCP (IPv6)
Added options to disable pushing IPv6 DNS servers to clients via DHCP6 #9302
Fixed DHCPv6 domain search list #10200
Fixed validation to allow omission of DHCPv6 range for use with stateless DHCP #9596
Fixed issues creating IPv6 Static Mappings #7443
Fixed DHCPv6 merging an IPv6 prefix with the input submitted in DNS servers field when using Track Interface #7384
Fixed prefix delegation not being requested if no interfaces were set to track6 #11005
Fixed DHCPv6 Dynamic DNS domain key name validation #10844
Fixed line formatting issues in the DHCPv6 configuration file #10675
Fixed prefix not being included in the DNS entry registered by DHCPv6 #8156
Fixed DHCPv6 static mapping changes requiring a restart of the DNS resolver to activate #10882
Fixed issues running DHCPv6 on certain types of tracked interfaces (e.g. bridges, VLANs) #3965
Fixed issues with WAN not renewing IPv6 address after an upstream failure #10966
DHCP Relay
Fixed DHCP Relay validation to allow OpenVPN TAP interfaces #10711
Fixed inconsistent validation behavior for DHCP relay and bridges #7778
Diagnostics
Added Reroot and Reboot with Filesystem Check options to GUI Reboot page #9771
Added option to control wait time between ICMP echo request (ping) packets diag_ping.php #9862
Improved data sanitization in status.php #10946 #10944 Sanitize MaxMind GeoIP key #10797 #10569 #10794
Added config history list to status.php #10696
Added DNS Resolver configuration to status.php #10635
Added L2TP VPN configuration to status.php #10583
Changed pftop page to hide filtering controls for views which do not support filtering #10625
Added support for IDN hostnames to DNS Lookup, Ping, and Traceroute #10538
Fixed diag_dns.php link to Ping passing incorrect parameters #10537
Added a button to clear the NDP cache #10975
Added a button to clear the ARP cache #4038
Fixed hostname being ignored when DNS Lookup calculates response time #11018
Fixed Kill States button on diag_dump_states.php when used with CIDR-masked subnets #9270
DNS Forwarder
Updated dnsmasq to 2.84 #11278
DNS Resolver
Added IPv6 OpenVPN client addresses resolution to the DNS Resolver #8624
Added DNS64 options to the DNS Resolver #10274
Added support for multiple IP addresses in a DNS Resolver Host Override entry #10896
Fixed DNS Resolver restart commands to work around potential environment issues #10781
Fixed saving DNS Resolver ACL entries when using a non-English translation #10742
Added support for IDN symbols in DNS Resolver ACL entries #10730
Added Aggressive NSEC option to the DNS Resolver #10449
Fixed DNS Resolver unintentionally retaining DHCP registration entries after disabling that feature #8981
Fixed DNS Resolver restarting on every OpenVPN client connection when registering clients in DNS #11129
Fixed issues with the DNS Resolver not starting when bound to disabled interfaces or interfaces without carrier #11087
Fixed DNS Resolver custom TLS listen port being ignored #11051
Improved formatting and ordering of items in the DNS Resolver access list configuration file #11309
Dynamic DNS
Fixed Dynamic DNS Dashboard Widget address parsing for entries with split hostname/domain (e.g. Namecheap) #9564
Added support for new CloudFlare Dynamic DNS API tokens #9639
Added IPv6 support to No-IP Dynamic DNS #10256
Fixed issues with Hover Dynamic DNS #10241
Updated Cloudflare Dynamic DNS to query Zone ID with token #10992
Added support for IPv6 to easyDNS Dynamic DNS #10972
Added support for Domeneshop Dynamic DNS #10826
Added Zone option to RFC 2136 Dynamic DNS #10684
Updated FreeDNS Dynamic DNS to use their v2 API #10617
Fixed DigitalOcean Dynamic DNS processing of zones with multiple pages of records #10592
Improved Dynamic DNS Logging #10459
Added support for dynv6.com Dynamic DNS #9642
Fixed handling of Dynamic DNS AAAA records on 6rd tunnel interfaces bound to PPPoE interfaces #9641
Added a button to duplicate Dynamic DNS entries #8952
Fixed Dynamic DNS update for HE.net Tunnelbroker always setting IP address of the default WAN interface #11024
Updated HE.net Tunnelbroker Dynamic DNS to use their current API #11037
Added support for Wildcard A records for Gandi Dynamic DNS #11159
Updated No-IP Dynamic DNS to use a newer API #6638
Fixed Namecheap Dynamic DNS error code checking #5308
Improved color blind accessibility of Dynamic DNS status #3229
Gateways
Added support for obtaining a gateway via DHCP which is outside of the interface subnet #7380
Added validation to prevent using descriptions on interfaces which would cause gateway names to exceeded the maximum allowed length #9401
Added tooltip text to icons on the Gateways #10719
Fixed issues with dpinger failing to update IPv6 gateway address on DHCPv6 WAN interfaces #8136
Hardware / Drivers
Added bnxt driver for Broadcom NetXtreme interfaces #9155
Added iOS/Android/Generic USB tethering driver #7467
IGMP Proxy
Added input validation for IGMP Proxy settings #7163
Installer
Created separate Auto (UFS) UEFI and Auto (UFS) BIOS installation options to avoid problems on hardware which boots differently on USB and non-USB disks #8638
Fixed reinstalling with UFS on a ZFS formatted drive #10690
Fixed platform detection for MBT-4220 and MBT-2220 on newer BIOS revisions #9242
Fixed an issue with shutting down instead of rebooting after installing using ZFS #7307
Interfaces
Added support for using IPv4 and IPv6 addresses on GRE interfaces at the same time #10392
Added a check to disable Hardware Checksum Offloading in environments with interfaces which do not support it (e.g. vtnet, ena) #10723
Changed the way interface VLAN support is detected so it does not rely on the VLANMTU flag #9548
Added a PHP shell playback script restartallwan which restarts all WAN-type interfaces #9688
Changed assignment of the fe80::1:1 default IPv6 link-local LAN address so it does not remove existing entries, which could cause problems such as Unbound failing to start #9998
Added automatic MTU adjustment for GRE interfaces using IPsec as a transport #10222
Fixed SLAAC interface selection when using IPv6 on a link which also uses PPP #9324
Added GUI interface descriptions to Operating System interfaces #1557
Added the ability to assign virtual type interfaces (IPsec, OpenVPN, GIF, GRE, etc) during console interface assignment #10947
Fixed TSO not being disabled in some cases #10836
Fixed group name length input validation #10835
Improved interface caching for environments with many interfaces #10680
Fixed fe80::1:1 being added to interfaces without track6 #10661
Added a check to prevent stf (6RD/6to4) interfaces from being used as parent interfaces #10626
Fixed redundant disabling of static ARP at boot before it could be enabled #10589
Fixed initialization of bridges which include a GIF interface at boot #10524
Fixed problems with post-install interface changes not being retained if the user did not complete the wizard #10383
Fixed inefficiencies when applying settings to a VLAN parent interface #9154
Fixed interface MTU setting not being applied to all IPv6 routes #6868
Fixed handling of MTU setting for 6rd and 6to4 interfaces #6377
Fixed IPv6 IP Alias preventing Track Interface from working with DHCPv6 and RA #5999
Changed DHCP interface renewal behavior to not restart services if the IP address did not change #11142
Fixed an error when changing bridge STP settings #11122
Added a binary package with updated Realtek interface drivers #11079
Improved link state visibility on Status > Interfaces #11045
Removed VTI interfaces from Interface Group selection since they do not currently function in this manner #11134
Fixed issues with IPv6 on top of IPv4 PPPoE placing default route on incorrect interface #9324
IPsec
Added 25519 curve-based IPsec DH and PFS groups 31 and 32 #9531
Enabled the strongSwan PKCS#11 plugin #6775
Added support for ECDSA certificates to IPsec for IKE #4991
Renamed IPsec “RSA” options to “Certificate” since both RSA and ECDSA certificates are now supported, and it is also easier for users to recognize #9903
Converted IPsec configuration code from ipsec.conf ipsec/stroke style to swanctl.conf swanctl/vici style #9603
Split up much of the single large IPsec configuration function into multiple functions as appropriate.
Optimized code along the way, including reducing code duplication and finding ways to generalize functions to support future expansion.
For IKEv1 and IKEv2 with Split Connections enabled, P2 settings are properly respected for each individual P2, such as separate encryption algorithms #6263
N.B.: In rare cases this may expose a previous misconfiguration which allowed a Phase 2 SA to connect with improper settings, for example if a required encryption algorithm was enabled on one P2 but not another.
New GUI option under VPN > IPsec, Mobile Clients tab to enable RADIUS Accounting which was previously on by default. This is now disabled by default as RADIUS accounting data will be sent for every tunnel, not only mobile clients, and if the accounting data fails to reach the RADIUS server, tunnels may be disconnected.
Additional developer & advanced user notes:
For those who may have scripts which touched files in /var/etc/ipsec, note that the structure of this directory has changed to the new swanctl layout.
Any usage of /usr/local/sbin/ipsec or the stroke plugin must also be changed to /usr/local/sbin/swanctl and VICI. Note that some commands have no direct equivalents, but the same or better information is available in other ways.
IPsec start/stop/reload functions now use /usr/local/sbin/strongswanrc
IPsec-related functions were converged into ipsec.inc, removed from vpn.inc, and renamed from vpn_ipsec_<name> to ipsec_<name>
Reworked how reauthentication and rekey behavior functions, giving more control to the user compared to previous options #9983
Reformatted status_ipsec.php to include more available information (rekey timer, encryption key size, IKE SPIs, ports) #9979
Added support for PKCS#11 authentication (e.g. hardware tokens such as Yubikey) for IPsec #9878
Fixed usage of Hash Algorithm on child ESP/AH proposals using AEAD ciphers #9726
Added support for IPsec remote gateway entries using FQDNs which resolve to IPv6 addresses #9405
Added manual selection of Pseudo-Random Function (PRF) for use with AEAD ciphers #9309
Added support for using per-user addresses from RADIUS and falling back to a local pool otherwise #8160
Added an option which allows multiple tunnels to use the same remote peer in certain situations (read warnings on the option before use) #10214
Improved visible distinction of online/offline mobile IPsec users in the IPsec status and dashboard widget #10340
Added options to change the IPsec NAT-T ports (local and remote) #10870
Improved boot-time initialization of IPsec VTI interfaces #10842
Added support for limiting IPsec VPN access by RADIUS user group #10748
Changed IPsec to share the same RADIUS Cisco-AVPair parser code as OpenVPN for Xauth users #10469
Fixed handling of IPsec VTI interfaces in environments with large numbers of IPsec tunnels #9592
Added IPsec Advanced option to control maximum allowed Parallel P2 Rekey exchanges #9331
Fixed issues with bringing up new Phase 2 entries on IPsec tunnels with “Split connections” enabled #8472
Fixed issues where, in rare cases, IPsec tunnels would not reconnect until the firewall was rebooted #8015
Improved the Remote Gateway field description for IPsec Phase 1 entries to indicate that 0.0.0.0 is allowed #7095
Fixed issues with IKEv2 IPsec tunnels with multiple phase 2 entries combining traffic selectors in unexpected ways (set “Split Connections” to isolate them) #6324
Added options to create IPsec bypass rules which prevent specific source and destination network pairs from entering policy-based IPsec tunnels #3329
Documented settings which work around SA duplication issues experienced by users in certain cases #10176
Improved IPsec GUI options for P1/P2 SA expiration and replacement to help prevent SA duplication #11219
Fixed a PHP error in mobile IPsec input validation #11212
Added validation to prevent unsupported wildcard certificates from being selected for use with IPsec #11297
IPv6 Router Advertisements (RADVD)
Fixed Router Advertisement configuration missing information in Unmanaged mode #9710
Fixed Router Advertisement lifetime input validation #10709
L2TP
Fixed L2TP secret using an empty value after removing it from the GUI #10710
Fixed L2TP input validation to allow leaving the remote address field blank when assigning addresses from RADIUS #7562
Fixed inefficiencies in the initial L2TP reconfiguration process #7558
Fixed L2TP Server and Client both using l2tpX for interface names #11006
Fixed static routes on L2TP interfaces not being reapplied when reconnecting #10407
Fixed L2TP server being restarted when making user account changes #11059
LAGG Interfaces
Improved Interface Status and Widget information for LAGG #9187
Fixed route for GIF/GRE peer when using VLAN on LAGG #10623
Added option to toggle LACP PDU transmission fast timeout #10504
Fixed LAGG member interface events causing filter reloads #10365
Fixed issues with LAGG interface MTU being incorrectly applied to VLAN subinterfaces #8585
Added option to control the master interface for LAGG in Failover mode #1019
Logging
Changed system logging to use plain text logging and log rotation, the old binary clog format has been deprecated #8350
Updated default log size (512k + rotated copies), default lines to display (500, was 50), and max line limits (200k, up from 2k) #9734
Added log tabs for nginx, userlog, utx/lastlog, and some other previously hidden logs #9714
Relocated Package Logs into a tab under System Logs and standardized display/filtering of package logs #9714
Added GUI options to control log rotation #9711
Added code for packages to set their own log rotation parameters #9712
Removed the redundant nginx-error.log file #7198
Fixed some instances where logs were mixed into the wrong log files/tabs (Captive Portal/DHCP/squid/php/others) #1375
Reorganized/restructured several log tabs #9714
Added a dedicated authentication log #9754
Added an option for RFC 5424 format log messages which have RFC 3339 timestamps #9808
Fixed an issue where a firewall log entry for loopback source/destination occasionally reported 127.0.0.1 as 127.0.01 #10776
Fixed issues with syslogd using an old IP address after an interface IP address change #9660
Added watchfrr to routing log #11207
Multi-WAN
Fixed Gateways being removed from routing groups based on low alert thresholds #10546
Fixed a possible race condition in gateway group fail-over causing unexpected behavior #9450
Fixed a load balancing failure when one gateway had a weight of 1 and another gateway had a weight >1 #6025
NAT Reflection
Fixed port forwards where the destination is a network alias creating invalid refection rules if multiple subnets are in that alias #7614
Notifications
Deprecated & Removed Growl Notifications #8821
Added a daily certificate expiration notification with settings to control its behavior #7332
Fixed input validation of SMTP notification settings #8522
Added support for sending notifications via Pushover API #10495
Added support for sending notifications via Telegram #10354
Fixed a PHP error when SMTP notifications fail #11063
NTPD
Added GUI options for NTP sync/poll intervals #6787
Added validation to prevent using noselect and noserve with pools #9830
Added feature to automatically detect GPS baud rate #7284
Fixed status and widget display of long hostnames and stratum #10307
Fixed handling of the checkbox options on NTP servers #10276
Updated GPS initialization commands for Garmin devices #10327
Added an option to limit NTP pool server usage #10323
Added option to force IPv4/IPv6 DNS resolution for NTP servers #10322
Added support for NTP server authentication #8794
Added an option to disable NTP #3567
Added units to the NTP status page #2850
OpenVPN
Updated OpenVPN to 2.5.0 #11020
The default compression behavior has changed for security reasons. Incoming packets will be decompressed, outgoing packets will not be compressed. There is a GUI control to alter this behavior.
Data cipher negotiation (Formerly known as Negotiable Cryptographic Parameters, or NCP) is now compulsory. Disabling negotiation has been deprecated. The option is still present in the GUI, but negotiation will be unilaterally enabled on upgrade. The upgrade process will attempt to use the expected data encryption algorithms before and after the upgrade completes, but in some cases more secure algorithms may be enabled as well. #10919
We strongly encourage using AEAD ciphers such as AES-GCM, future versions of OpenVPN will require them and will not have configurable cipher lists.
Added connection count to OpenVPN status and widget #9788
Enabled the OpenVPN x509-alt-username build option #9884
Restructured the OpenVPN settings directory layout
Changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to /var/etc/openvpn/<mode><id>/<x>
This keeps all settings for each client and server in a clean structure
Moved to CApath style CA structure for OpenVPN CA/CRL usage #9915
Added support for OCSP verification of client certificates #7767
Fixed a potential race condition in OpenVPN client ACLs obtained via RADIUS #9206
Added support for more protocols (IP, ICMP), ports, and a template variable ({clientip}) in OpenVPN client ACLs obtained via RADIUS #9206
Added the ability to register OpenVPN Remote Access (User Auth) clients in the DNS Resolver #10999
Fixed an issue where duplicating an OpenVPN instance did not copy the password #10703
Fixed issues with OpenVPN TCP clients failing to start #10650
Added support for IPv6 OpenVPN ACLs obtained via RADIUS #10454
Fixed validation to enforce OpenVPN client password usage when setting a username, to prevent a missing password from interrupting the boot process #10409
Enabled asynchronous push in OpenVPN binary #10273
Added OpenVPN client-specific override option to ignore routes pushed by the server (“push-reset”) #9702
Clarified behavior of OpenVPN server option for Duplicate Connections #10363
Operating System
Fixed a network performance regression in the fast forwarding path with IP redirects enabled NG4965
Fixed double ZFS entries in loader.conf #10375
Added a method to enable persistent command history in the shell #11029
Changed the default domain name of the firewall from .localdomain to .home.arpa #10533
Package System
Disabled spell checking on package upgrade progress textarea #10637
Fixed issues with package upgrade or reinstall hanging indefinitely #10610
Fixed description used for buttons when editing packages #11208
PPP Interfaces
Fixed issues with PPPoE over a VLAN failing to reconnect #9148
Enabled selection of QinQ interfaces for use with PPP #9472
Added option to set Host-Uniq value for PPPoE #10597
Fixed incorrect interface assignment after switching from PPPoE #10240
Fixed IPv6 not being disabled in mpd.conf when the IPv6 GUI option is set to ‘disabled’ #7386
Fixed PPPoE interface errors due to MTU settings #11035
PPPoE Server
Fixed PPPoE server ignoring secondary RADIUS Server #10926
Fixed PPPoE server Accounting updates option #10869
Removed unnecessary restarts of the PPPoE server when adding/modifying users #10318
Added input validation to prevent enabling the PPPoE server on a PPPoE client interface #4510
Routing
Fixed automatic static routes set for DNS gateway bindings not being removed when no longer necessary #8922
Fixed missing tooltip text for icons on the Static Routes Page #10889
RRD Graphs
Fixed RRD graph handling of NTP graph data with negative freq values #6503
Fixed RRD graph creation for interfaces using CODELQ #6277
Rules / NAT
Added the ability to configure negated tagging, to match packets which do not not contain a given tag #10186
Added support for IPv6 Port Forwards #10984
Fixed handling of IPv6 NPt rules on 6rd WAN interfaces #10757
Fixed 1:1 NAT issue when internal interface has VIPs #10752
Fixed policy routing rules not being written correctly for a down gateway #10716
Added EoIP to firewall rule Protocol list #10698
Fixed separator bars on floating rules not covering the full table width #10667
Fixed 1:1 NAT for IPv6 applying wrong subnet mask to “Single Host” #7742
Added validation to prevent accidentally overlapping NPt networks and interface networks #7741
Added support for dynamic interface addresses in 1:1 NAT rules #7705
Added default values of TCP and UDP timeouts to the GUI #7362
Fixed handling of IPv6 floating rules on 6rd interfaces #7142
Fixed firewall rules for “PPPoE clients” only including the first PPPoE server instance #6598
Fixed duplicated tracker IDs on block private networks rules #6030
Fixed reply-to on rules for PPPoE WANs with IPv6 SLAAC #5258
Added gateway/group IP addresses to mouseover on rules #885
Fixed formatting of floating rules with large numbers interfaces #10892
Fixed form rendering issues with Port Forward Address Fields in Safari #10674
Fixed firewall ruleset failing to load at boot when new ruleset would be invalid #6028
Fixed an issue adding or deleting separator bars when no rules are present #10827
S.M.A.R.T.
Updated S.M.A.R.T. Page with new capabilities #9367
SNMP
Fixed SNMP reporting incorrect speed for switch uplink interface on Netgate SG-3100 #10793
Fixed SNMP input validation to require the Host Resources module when the PF module is also enabled #10471
Traffic Graphs
Changed the Traffic Graph page from rate to iftop which brings IPv6 support and various other improvements #3334
Traffic Shaper (ALTQ)
Changed default ALTQ queue bandwidth type to Mbit/s #10988
Updated traffic shaper wizard settings for XBox and Wii ports #10837
Added Broadcom NetXtreme to ALTQ-capable list #10762
Added ALTQ support to the ix(4) driver #7378
Fixed deletion of associated shaper queues when deleting an interface #3488
Fixed ALTQ root queue bandwidth calculation #3381
Fixed input validation for amount of queues supported by ALTQ schedulers #1353
Added Google Stadia port range to the traffic shaper wizard #10743
Fixed PHP errors in the traffic shaper wizard #10660
Fixed ALTQ on hn(4) interfaces #8954
Traffic Shaper (Limiters)
Fixed issues with net.inet.ip.dummynet.* tunables being ignored #10780
Fixed issues with renaming limiters removing them from firewall rules #3924
Fixed mask options not applying to sched limiter #10838
Changed default Limiter queue bandwidth type to Mbit/s #10727
Translations
Added Italian translation #9716
Upgrade
Fixed issues with checking for updates from the GUI behind a proxy with authentication #9478
Changed phrasing of message indicating the firewall is rebooting to upgrade #10387
Fixed issues with the GUI incorrectly reporting “The system is on the latest version” #8870
UPnP
Improved handling of UPnP with multiple gaming systems #7727
User Manager / Privileges
Added menu entry for User Password Manager if the user does not have permission to reach the User Manager #9428
Improved consistency of SSL/TLS references in LDAP authentication servers #10172
Fixed irrelevant output being printed to users with ssh_tunnel_shell #9260
Fixed theme not being applied to LDAP test results modal #7912
Changed to more secure default values for certificates created through the user manager #11167
Changed SSL/TLS LDAP authentication implementation to improve handling of multiple secure LDAP (SSL/TLS or STARTTLS) servers used at the same time #10704
Virtual IP Addresses
Fixed a problem with PID file handling for the proxy ARP daemon #7379
Fixed IP Alias VIPs on PPPoE interfaces #7132
Web Interface
Updated JQuery to address multiple issues #10676
Updated Bootstrap to 3.4.1 #9892
Updated Font-Awesome to v5 #9052
Increased the number of colors available for the login screen #9706
Added TLS 1.3 to GUI and Captive Portal web server configuration, and removed older versions (TLS 1.0 removed from Captive Portal, TLS 1.1 removed from GUI) #9607
Fixed empty lines in various forms throughout the GUI #9449
Improved validation of FQDNs #9023
Added CHACHA20-POLY1305 to nginx cipher list #9896
Fixed Setup Wizard input validation to allow Primary/Secondary DNS Server field to remain empty #10982
Fixed Setup Wizard input validation for IPv6 DNS Servers #10720
Added an option to omit DNS Servers from resolv.conf #10931
Fixed the icon area within buttons not being clickable #10846
Fixed visibility issues with multiple selection form control in the pfsense-BETA-dark theme #10705
Updated documentation links in the GUI #10481
Fixed netmask/prefix form control incorrectly resetting to 128/32 #10433
Updated Help shortcut links #10135
Improved handling of multiple login form submissions to avoid a potential CSRF error #9855
Fixed reboot message when changing the Hardware Checksum Offloading setting #3031
Added support for new site icons requested by current versions of Safari #11068
Added descriptions to all write_config() calls #204
WireGuard
Added kernel-based WireGuard VPN implementation #8786
Wireless
Added support for the athp(4) wireless interface driver #9538 #9600
Added support for the ral(4) wireless interface driver to arm64 #10934
Added support for the rtwn(4) wireless interface driver #10639
Added support for selecting 802.11n channel width (HT) #10678
Development
Added a “periodic” style framework to allow for daily/weekly/monthly tasks from the base system or packages by way of plugin calls #7332
Added a central file download function for internal use throughout the GUI
Added TCP_RFC7413 in kernel, required for the BIND package #7293
XMLRPC
Fixed XMLRPC synchronization of admin authorized keys for the admin user #9539
Added option to synchronize changes for the account used for XMLRPC sync #9622
Fixed XMLRPC synchronization for firewall rule descriptions with special characters #1478
Fixed Incorrect synchronize IP address value causing XMLRPC errors #11017
前回のアップデートから1年8か月も空いてしまったのもあり相当な修正量です
アップデート前に必ずバックアップ!作業時間・確認時間を確保しておきましょう
まず確認したいのはベースOSがFreeBSD11.3からFreeBSD12.0への変更で
ハードウェア要件はもちろんドライバ関係が更新・削除されているので
古いハードウェアを利用している人は事前にチェックしましょう
The FreeBSD Project | FreeBSD 12.0-RELEASE Release Notes
https://www.freebsd.org/releases/12.0R/relnotes/
一時期はpfSense2.5.0からAES-NI必須になると言われており
AES-NI非対応CPUは使えない予定でしたが
計画が変更されたのでpfSense2.5.0でも2.4系と同じくAES-NIは必須ではありません
Netgateが力を入れてきたWireGuardも今回から正式に実装されているので
WireGuardを利用したVPNも利用可能
OpenVPNについては今回からOpenVPN2.4系からOpenVPN2.5.0に更新されているので
更新後に既存のOpenVPNクライアントから接続できない可能性もあります
(特にOpenVPN2.3系と共存している環境の場合)
OpenVPNで遠隔管理している環境の場合はすぐに現地で作業できる状態で
アップデート作業を実施した方が無難です
OpenVPN 2.5 のサイファの互換性 | OpenVPN.JP
https://www.openvpn.jp/2020/10/29/1370/
非推奨だった標準のロードバランサーが遂に削除されていますので
HAProxyパッケージに移行していない環境は注意です
他にも修正だけでなく機能変更などが結構あるので
各自で利用している機能の部分だけでもリリースノートをチェックしましょう
アップデート処理中の再起動にいつもより少し時間がかかり
5分程度ですが多めに作業時間が必要でした
再起動時はWEBGUI画面復帰までちゃんと待機しましょう
私の環境では6時間ほど経過しましたがパケロス・切断もなく
外部とのセッションは維持できており問題ありませんでしたが
設定値が一部消えたりする報告もあるので
アップデート後にFW・DNS・VPNなど再確認しておきましょう
pfSense Plusについて
リリースノートの最初にもある通り
先月に発表されたpfSense Plusが今月よりリリースされました
今までは商用向けのpfSense FE(Factory Edition)と
無償で利用できるpfSense CE(Community Edition)の2種類でしたが
商用向けのpfSense FEがpfSense Plusになります
pfSense CEについては今までと同じでオープンソースで開発が継続されますが
pfSense PlusについてはNetgateが開発するクローズドソースとなります
pfSense Plusは主にNetgateが開発・販売しているアプライアンスを購入した人向けで
iXsystemsのTrueNAS(CORE/Enterprise)と似たような感じですが
pfSense Plusの方は将来的に他のハードウェアでも
有償で導入できるようになる予定みたいです
バージョン管理を間違えないようにpfSense CEは今まで通り2.5.xの表記ですが
pfSense PlusはTSNRと同様に「年.月」になり
今回のリリースはpfSense Plus 21.02になります
今までのpfSense FEはARMサポートぐらいしかpfSense CEと違いはなかったのですが
今回の21.02ではpfSense CEにはないIntel QuickAssist Technologyのサポート
今後もNetgateアプライアンスにチューニングしたりいろいろ差別化していく予定とのこと
(ロードマップを今後発表予定)
既にNetgateアプライアンスをpfSense FEで利用している場合は
今回のアップデート機能でpfSense Plusにスイッチ可能ですが
NetgateアプライアンスにpfSense CEをインストールして利用している場合は
現時点では再インストールでスイッチする必要があるとのこと
pfSense CEからpfSense Plusへのアップデート機能は2021年中に実装予定みたいです
ちなみにAWSとAzureで利用できるpfSenseはpfSense FEなので
pfSense Plusを利用可能となります
アップデートの手順
今回はいつも通りpfSense CEからpfSense CEへのアップデートです
事前に設定のバックアップをした上で以下の操作でアップデートを実行
手順はいつもと同じです
2.4.5_1から2.5.0へアップデートと表示出てるのを確認して「Confirm」を押す
無事に完了すると自動で再起動開始されます
最後に2.5.0の状態で設定をバックアップして完了
Update時の処理ログ
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: . done
Processing entries: . done
pfSense-core repository update completed. 7 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries:
Processing entries............. done
pfSense repository update completed. 509 packages processed.
All repositories are up to date.
>>> Locking package pkg... done.
>>> Setting vital flag on pkg... done.
>>> Removing vital flag from php72... done.
>>> Unlocking package pkg... done.
>>> Downloading upgrade packages...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (101 candidates): .......... done
Processing candidates (101 candidates): .......... done
The following 216 package(s) will be affected (of 0 checked):
Installed packages to be REMOVED:
php72: 7.2.29
php72-bcmath: 7.2.29
php72-bz2: 7.2.29
php72-ctype: 7.2.29
php72-curl: 7.2.29
php72-dom: 7.2.29
php72-filter: 7.2.29
php72-gettext: 7.2.29
php72-hash: 7.2.29
php72-intl: 7.2.29
php72-json: 7.2.29
php72-ldap: 7.2.29
php72-mbstring: 7.2.29
php72-opcache: 7.2.29
php72-openssl: 7.2.29
php72-openssl_x509_crl: 1.2
php72-pcntl: 7.2.29
php72-pdo: 7.2.29
php72-pdo_sqlite: 7.2.29
php72-pear: 1.10.6
php72-pear-Auth_RADIUS: 1.1.0_4
php72-pear-Cache_Lite: 1.7.16,1
php72-pear-Crypt_CHAP: 1.5.0
php72-pear-HTTP_Request2: 2.3.0,1
php72-pear-Mail: 1.4.1,1
php72-pear-Net_Growl: 2.7.0
php72-pear-Net_IPv6: 1.3.0.b2_2
php72-pear-Net_SMTP: 1.9.0
php72-pear-Net_Socket: 1.0.14
php72-pear-Net_URL2: 2.2.1
php72-pear-XML_RPC2: 1.1.4
php72-pecl-mcrypt: 1.0.3
php72-pecl-radius: 1.4.0.b1
php72-pecl-rrd: 2.0.1_1
php72-pecl-zmq: 1.1.3_3
php72-pfSense-module: 0.65
php72-posix: 7.2.29
php72-readline: 7.2.29
php72-session: 7.2.29
php72-shmop: 7.2.29
php72-simplepie: 1.5.1_1
php72-simplexml: 7.2.29
php72-sockets: 7.2.29
php72-sqlite3: 7.2.29
php72-sysvmsg: 7.2.29
php72-sysvsem: 7.2.29
php72-sysvshm: 7.2.29
php72-tokenizer: 7.2.29
php72-xml: 7.2.29
php72-xmlreader: 7.2.29
php72-xmlwriter: 7.2.29
php72-zlib: 7.2.29
New packages to be INSTALLED:
ccid: 1.4.32 [pfSense]
dbus: 1.12.20_3 [pfSense]
iftop: 1.0.p4 [pfSense]
libinotify: 20180201_2 [pfSense]
libuv: 1.40.0 [pfSense]
nss_ldap: 1.265_13 [pfSense]
opensc: 0.21.0 [pfSense]
pam_ldap: 186 [pfSense]
pam_mkhomedir: 0.2 [pfSense]
pcre2: 10.36 [pfSense]
pcsc-lite: 1.9.0_1,2 [pfSense]
php74: 7.4.15 [pfSense]
php74-bcmath: 7.4.15 [pfSense]
php74-bz2: 7.4.15 [pfSense]
php74-ctype: 7.4.15 [pfSense]
php74-curl: 7.4.15 [pfSense]
php74-dom: 7.4.15 [pfSense]
php74-filter: 7.4.15 [pfSense]
php74-gettext: 7.4.15 [pfSense]
php74-intl: 7.4.15 [pfSense]
php74-json: 7.4.15 [pfSense]
php74-ldap: 7.4.15 [pfSense]
php74-mbstring: 7.4.15 [pfSense]
php74-opcache: 7.4.15 [pfSense]
php74-openssl: 7.4.15 [pfSense]
php74-openssl_x509_crl: 1.3 [pfSense]
php74-pcntl: 7.4.15 [pfSense]
php74-pdo: 7.4.15 [pfSense]
php74-pdo_sqlite: 7.4.15 [pfSense]
php74-pear: 1.10.12 [pfSense]
php74-pear-Auth_RADIUS: 1.1.0_4 [pfSense]
php74-pear-Cache_Lite: 1.7.16,1 [pfSense]
php74-pear-Crypt_CHAP: 1.5.0 [pfSense]
php74-pear-HTTP_Request2: 2.3.0,1 [pfSense]
php74-pear-Mail: 1.4.1,1 [pfSense]
php74-pear-Net_IPv6: 1.3.0.b2_2 [pfSense]
php74-pear-Net_SMTP: 1.9.0 [pfSense]
php74-pear-Net_Socket: 1.0.14 [pfSense]
php74-pear-Net_URL2: 2.2.1 [pfSense]
php74-pear-XML_RPC2: 1.1.4 [pfSense]
php74-pecl-mcrypt: 1.0.4 [pfSense]
php74-pecl-radius: 1.4.0.b1 [pfSense]
php74-pecl-rrd: 2.0.1_1 [pfSense]
php74-pecl-zmq: 1.1.3_3 [pfSense]
php74-pfSense-module: 0.69_1 [pfSense]
php74-phpseclib: 2.0.17 [pfSense]
php74-posix: 7.4.15 [pfSense]
php74-readline: 7.4.15 [pfSense]
php74-session: 7.4.15 [pfSense]
php74-shmop: 7.4.15 [pfSense]
php74-simplepie: 1.5.1_1 [pfSense]
php74-simplexml: 7.4.15 [pfSense]
php74-sockets: 7.4.15 [pfSense]
php74-sqlite3: 7.4.15 [pfSense]
php74-sysvmsg: 7.4.15 [pfSense]
php74-sysvsem: 7.4.15 [pfSense]
php74-sysvshm: 7.4.15 [pfSense]
php74-tokenizer: 7.4.15 [pfSense]
php74-xml: 7.4.15 [pfSense]
php74-xmlreader: 7.4.15 [pfSense]
php74-xmlwriter: 7.4.15 [pfSense]
php74-zlib: 7.4.15 [pfSense]
wireguard-tools: 20210201 [pfSense]
Installed packages to be UPGRADED:
bind-tools: 9.14.12 -> 9.16.11 [pfSense]
bsnmp-ucd: 0.4.4 -> 0.4.5 [pfSense]
ca_root_nss: 3.51 -> 3.58 [pfSense]
check_reload_status: 0.0.8 -> 0.0.10_1 [pfSense]
curl: 7.67.0 -> 7.74.0 [pfSense]
devcpu-data: 1.28 -> 1.37 [pfSense]
dhcp6: 20080615.2_2 -> 20080615.2_4 [pfSense]
dhcpleases: 0.3_2 -> 0.5_1 [pfSense]
dhcpleases6: 0.1_2 -> 0.1_3 [pfSense]
dmidecode: 3.2 -> 3.3 [pfSense]
dnsmasq: 2.80_4,1 -> 2.84,1 [pfSense]
expat: 2.2.8 -> 2.2.10 [pfSense]
filterdns: 2.0_3 -> 2.0_5 [pfSense]
filterlog: 0.1_5 -> 0.1_6 [pfSense]
gettext-runtime: 0.20.1 -> 0.21 [pfSense]
glib: 2.56.3_7,1 -> 2.66.4_1,1 [pfSense]
gmp: 6.1.2_1 -> 6.2.1 [pfSense]
hostapd: 2.9 -> 2.9_2 [pfSense]
icu: 65.1,1 -> 68.2,1 [pfSense]
igmpproxy: 0.2.1_1,1 -> 0.3,1 [pfSense]
ipmitool: 1.8.18_2 -> 1.8.18_3 [pfSense]
isc-dhcp44-client: 4.4.1_1 -> 4.4.2_1 [pfSense]
isc-dhcp44-relay: 4.4.1 -> 4.4.2_1 [pfSense]
isc-dhcp44-server: 4.4.1_4 -> 4.4.2_1 [pfSense]
json-c: 0.14 -> 0.15_1 [pfSense]
ldns: 1.7.1_1 -> 1.7.1_2 [pfSense]
libedit: 3.1.20191211,1 -> 3.1.20191231,1 [pfSense]
libevent: 2.1.11 -> 2.1.12 [pfSense]
libffi: 3.2.1_3 -> 3.3_1 [pfSense]
libgcrypt: 1.8.5 -> 1.8.7 [pfSense]
libgpg-error: 1.36 -> 1.41 [pfSense]
libiconv: 1.14_11 -> 1.16 [pfSense]
liblz4: 1.9.2,1 -> 1.9.3,1 [pfSense]
libnghttp2: 1.40.0 -> 1.42.0 [pfSense]
libxml2: 2.9.10 -> 2.9.10_2 [pfSense]
libxslt: 1.1.34 -> 1.1.34_1 [pfSense]
links: 2.16_2,1 -> 2.20.2_1,1 [pfSense]
lua-resty-core: 0.1.17 -> 0.1.21_1 [pfSense]
lua-resty-lrucache: 0.09 -> 0.10 [pfSense]
luajit-openresty: 2.1.20190912_2 -> 2.1.20201027 [pfSense]
miniupnpd: 2.1.20190210,1 -> 2.2.1,1 [pfSense]
mpd5: 5.8_10 -> 5.9 [pfSense]
nettle: 3.5.1_1 -> 3.6 [pfSense]
nginx: 1.16.1_11,2 -> 1.18.0_45,2 [pfSense]
norm: 1.5r6 -> 1.5r6_1 [pfSense]
ntp: 4.2.8p14 -> 4.2.8p15 [pfSense]
oniguruma: 6.9.3 -> 6.9.6 [pfSense]
openldap-client: 2.4.48 -> 2.4.57 [pfSense]
openvpn: 2.4.9 -> 2.5.0 [pfSense]
pcre: 8.43_2 -> 8.44 [pfSense]
perl5: 5.30.1 -> 5.32.1_1 [pfSense]
pfSense: 2.4.5_1 -> 2.5.0 [pfSense]
pfSense-Status_Monitoring: 1.7.11_1 -> 1.7.11_3 [pfSense]
pfSense-base: 2.4.5_1 -> 2.5.0 [pfSense-core]
pfSense-default-config: 2.4.5_1 -> 2.5.0 [pfSense-core]
pfSense-kernel-pfSense: 2.4.5_1 -> 2.5.0 [pfSense-core]
pfSense-rc: 2.4.5_1 -> 2.5.0 [pfSense-core]
py37-setuptools: 41.4.0_1 -> 44.0.0 [pfSense]
python37: 3.7.7 -> 3.7.9_1 [pfSense]
radvd: 2.18_2 -> 2.19 [pfSense]
rate: 0.9_1 -> 0.9_2 [pfSense]
readline: 8.0.1 -> 8.0.4 [pfSense]
rrdtool: 1.7.2_1 -> 1.7.2_4 [pfSense]
smartmontools: 7.0_2 -> 7.2 [pfSense]
sqlite3: 3.30.1 -> 3.34.0,1 [pfSense]
ssh_tunnel_shell: 0.1_1 -> 0.2_1 [pfSense]
sshguard: 2.4.0_4,1 -> 2.4.1,1 [pfSense]
strongswan: 5.8.4 -> 5.9.1 [pfSense]
unbound: 1.10.1 -> 1.13.0_2 [pfSense]
wpa_supplicant: 2.9 -> 2.9_7 [pfSense]
wrapalixresetbutton: 0.0.7 -> 0.0.7_1 [pfSense]
Installed packages to be REINSTALLED:
beep-1.0_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
bsnmp-regex-0.6_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
bwi-firmware-kmod-3.130.20 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
choparp-20150613 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
cpdup-1.20 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
cpustats-0.1_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
dpinger-3.0 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
expiretable-0.6_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
indexinfo-0.3.1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libargon2-20190702 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libdaemon-0.14_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libidn2-2.3.0_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libltdl-2.4.6 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libmcrypt-2.5.8_3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libucl-0.8.1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libunistring-0.9.10_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libzmq4-4.3.1_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
lzo2-2.10_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
minicron-0.0.2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
mobile-broadband-provider-info-20190618_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
openvpn-auth-script-1.0.0.3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
pftop-0.7_9 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
py37-ply-3.11 [pfSense] (ABI changed: 'freebsd:11:*' -> 'freebsd:12:*')
qstats-0.2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
scponly-4.8.20110526_4 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
uclcmd-0.1_3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
voucher-0.1_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
vstr-1.0.15_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
wol-0.7.1_4 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
xinetd-2.3.15_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
Number of packages to be removed: 52
Number of packages to be installed: 63
Number of packages to be upgraded: 71
Number of packages to be reinstalled: 30
The process will require 76 MiB more space.
173 MiB to be downloaded.
[1/164] Fetching xinetd-2.3.15_2.txz: .......... done
[2/164] Fetching wrapalixresetbutton-0.0.7_1.txz: . done
[3/164] Fetching wpa_supplicant-2.9_7.txz: .......... done
[4/164] Fetching wol-0.7.1_4.txz: .... done
[5/164] Fetching vstr-1.0.15_1.txz: .......... done
[6/164] Fetching voucher-0.1_2.txz: . done
[7/164] Fetching unbound-1.13.0_2.txz: .......... done
[8/164] Fetching uclcmd-0.1_3.txz: ... done
[9/164] Fetching strongswan-5.9.1.txz: .......... done
[10/164] Fetching sshguard-2.4.1,1.txz: .......... done
[11/164] Fetching ssh_tunnel_shell-0.2_1.txz: .......... done
[12/164] Fetching sqlite3-3.34.0,1.txz: .......... done
[13/164] Fetching smartmontools-7.2.txz: .......... done
[14/164] Fetching scponly-4.8.20110526_4.txz: ... done
[15/164] Fetching rrdtool-1.7.2_4.txz: .......... done
[16/164] Fetching readline-8.0.4.txz: .......... done
[17/164] Fetching rate-0.9_2.txz: ....... done
[18/164] Fetching radvd-2.19.txz: ....... done
[19/164] Fetching qstats-0.2.txz: . done
[20/164] Fetching python37-3.7.9_1.txz: .......... done
[21/164] Fetching py37-setuptools-44.0.0.txz: .......... done
[22/164] Fetching py37-ply-3.11.txz: .......... done
[23/164] Fetching pftop-0.7_9.txz: ........ done
[24/164] Fetching pfSense-rc-2.5.0.txz: .. done
[25/164] Fetching pfSense-kernel-pfSense-2.5.0.txz: .......... done
[26/164] Fetching pfSense-default-config-2.5.0.txz: . done
[27/164] Fetching pfSense-base-2.5.0.txz: .......... done
[28/164] Fetching pfSense-Status_Monitoring-1.7.11_3.txz: ... done
[29/164] Fetching pfSense-2.5.0.txz: . done
[30/164] Fetching perl5-5.32.1_1.txz: .......... done
[31/164] Fetching pcre-8.44.txz: .......... done
[32/164] Fetching openvpn-auth-script-1.0.0.3.txz: . done
[33/164] Fetching openvpn-2.5.0.txz: .......... done
[34/164] Fetching openldap-client-2.4.57.txz: .......... done
[35/164] Fetching oniguruma-6.9.6.txz: .......... done
[36/164] Fetching ntp-4.2.8p15.txz: .......... done
[37/164] Fetching norm-1.5r6_1.txz: .......... done
[38/164] Fetching nginx-1.18.0_45,2.txz: .......... done
[39/164] Fetching nettle-3.6.txz: .......... done
[40/164] Fetching mpd5-5.9.txz: .......... done
[41/164] Fetching mobile-broadband-provider-info-20190618_1.txz: ........ done
[42/164] Fetching miniupnpd-2.2.1,1.txz: ......... done
[43/164] Fetching minicron-0.0.2.txz: . done
[44/164] Fetching lzo2-2.10_1.txz: .......... done
[45/164] Fetching luajit-openresty-2.1.20201027.txz: .......... done
[46/164] Fetching lua-resty-lrucache-0.10.txz: . done
[47/164] Fetching lua-resty-core-0.1.21_1.txz: .... done
[48/164] Fetching links-2.20.2_1,1.txz: .......... done
[49/164] Fetching libzmq4-4.3.1_1.txz: .......... done
[50/164] Fetching libxslt-1.1.34_1.txz: .......... done
[51/164] Fetching libxml2-2.9.10_2.txz: .......... done
[52/164] Fetching libunistring-0.9.10_1.txz: .......... done
[53/164] Fetching libucl-0.8.1.txz: .......... done
[54/164] Fetching libnghttp2-1.42.0.txz: .......... done
[55/164] Fetching libmcrypt-2.5.8_3.txz: .......... done
[56/164] Fetching liblz4-1.9.3,1.txz: .......... done
[57/164] Fetching libltdl-2.4.6.txz: ..... done
[58/164] Fetching libidn2-2.3.0_1.txz: .......... done
[59/164] Fetching libiconv-1.16.txz: .......... done
[60/164] Fetching libgpg-error-1.41.txz: .......... done
[61/164] Fetching libgcrypt-1.8.7.txz: .......... done
[62/164] Fetching libffi-3.3_1.txz: ..... done
[63/164] Fetching libevent-2.1.12.txz: .......... done
[64/164] Fetching libedit-3.1.20191231,1.txz: .......... done
[65/164] Fetching libdaemon-0.14_1.txz: .... done
[66/164] Fetching libargon2-20190702.txz: ......... done
[67/164] Fetching ldns-1.7.1_2.txz: .......... done
[68/164] Fetching json-c-0.15_1.txz: ........ done
[69/164] Fetching isc-dhcp44-server-4.4.2_1.txz: .......... done
[70/164] Fetching isc-dhcp44-relay-4.4.2_1.txz: .......... done
[71/164] Fetching isc-dhcp44-client-4.4.2_1.txz: .......... done
[72/164] Fetching ipmitool-1.8.18_3.txz: .......... done
[73/164] Fetching indexinfo-0.3.1.txz: . done
[74/164] Fetching igmpproxy-0.3,1.txz: ... done
[75/164] Fetching icu-68.2,1.txz: .......... done
[76/164] Fetching hostapd-2.9_2.txz: .......... done
[77/164] Fetching gmp-6.2.1.txz: .......... done
[78/164] Fetching glib-2.66.4_1,1.txz: .......... done
[79/164] Fetching gettext-runtime-0.21.txz: .......... done
[80/164] Fetching filterlog-0.1_6.txz: .. done
[81/164] Fetching filterdns-2.0_5.txz: ... done
[82/164] Fetching expiretable-0.6_1.txz: . done
[83/164] Fetching expat-2.2.10.txz: .......... done
[84/164] Fetching dpinger-3.0.txz: .. done
[85/164] Fetching dnsmasq-2.84,1.txz: .......... done
[86/164] Fetching dmidecode-3.3.txz: ........ done
[87/164] Fetching dhcpleases6-0.1_3.txz: .. done
[88/164] Fetching dhcpleases-0.5_1.txz: .. done
[89/164] Fetching dhcp6-20080615.2_4.txz: .......... done
[90/164] Fetching devcpu-data-1.37.txz: .......... done
[91/164] Fetching curl-7.74.0.txz: .......... done
[92/164] Fetching cpustats-0.1_1.txz: . done
[93/164] Fetching cpdup-1.20.txz: .... done
[94/164] Fetching choparp-20150613.txz: . done
[95/164] Fetching check_reload_status-0.0.10_1.txz: ..... done
[96/164] Fetching ca_root_nss-3.58.txz: .......... done
[97/164] Fetching bwi-firmware-kmod-3.130.20.txz: ... done
[98/164] Fetching bsnmp-ucd-0.4.5.txz: ... done
[99/164] Fetching bsnmp-regex-0.6_2.txz: ... done
[100/164] Fetching bind-tools-9.16.11.txz: .......... done
[101/164] Fetching beep-1.0_1.txz: . done
[102/164] Fetching dbus-1.12.20_3.txz: .......... done
[103/164] Fetching php74-7.4.15.txz: .......... done
[104/164] Fetching pcre2-10.36.txz: .......... done
[105/164] Fetching php74-pecl-rrd-2.0.1_1.txz: .. done
[106/164] Fetching php74-simplepie-1.5.1_1.txz: ......... done
[107/164] Fetching php74-curl-7.4.15.txz: .... done
[108/164] Fetching php74-tokenizer-7.4.15.txz: .. done
[109/164] Fetching php74-mbstring-7.4.15.txz: .......... done
[110/164] Fetching php74-session-7.4.15.txz: ..... done
[111/164] Fetching php74-opcache-7.4.15.txz: .......... done
[112/164] Fetching php74-xmlwriter-7.4.15.txz: .. done
[113/164] Fetching php74-xmlreader-7.4.15.txz: .. done
[114/164] Fetching php74-dom-7.4.15.txz: ....... done
[115/164] Fetching php74-xml-7.4.15.txz: ... done
[116/164] Fetching php74-simplexml-7.4.15.txz: ... done
[117/164] Fetching php74-ctype-7.4.15.txz: . done
[118/164] Fetching php74-posix-7.4.15.txz: .. done
[119/164] Fetching wireguard-tools-20210201.txz: ...... done
[120/164] Fetching php74-phpseclib-2.0.17.txz: .......... done
[121/164] Fetching php74-openssl-7.4.15.txz: ........ done
[122/164] Fetching php74-filter-7.4.15.txz: ... done
[123/164] Fetching php74-openssl_x509_crl-1.3.txz: .. done
[124/164] Fetching php74-bcmath-7.4.15.txz: ... done
[125/164] Fetching php74-pecl-mcrypt-1.0.4.txz: .. done
[126/164] Fetching php74-pear-Crypt_CHAP-1.5.0.txz: . done
[127/164] Fetching php74-pear-1.10.12.txz: .......... done
[128/164] Fetching php74-zlib-7.4.15.txz: ... done
[129/164] Fetching pam_mkhomedir-0.2.txz: . done
[130/164] Fetching pam_ldap-186.txz: ..... done
[131/164] Fetching opensc-0.21.0.txz: .......... done
[132/164] Fetching pcsc-lite-1.9.0_1,2.txz: .......... done
[133/164] Fetching php74-sockets-7.4.15.txz: ..... done
[134/164] Fetching php74-ldap-7.4.15.txz: .... done
[135/164] Fetching php74-pecl-zmq-1.1.3_3.txz: .... done
[136/164] Fetching php74-pecl-radius-1.4.0.b1.txz: ... done
[137/164] Fetching php74-pear-XML_RPC2-1.1.4.txz: ........ done
[138/164] Fetching php74-pear-HTTP_Request2-2.3.0,1.txz: .......... done
[139/164] Fetching php74-pear-Net_URL2-2.2.1.txz: ... done
[140/164] Fetching php74-pear-Cache_Lite-1.7.16,1.txz: .... done
[141/164] Fetching php74-pear-Net_IPv6-1.3.0.b2_2.txz: .. done
[142/164] Fetching php74-pear-Auth_RADIUS-1.1.0_4.txz: .. done
[143/164] Fetching nss_ldap-1.265_13.txz: ....... done
[144/164] Fetching iftop-1.0.p4.txz: ..... done
[145/164] Fetching php74-pear-Mail-1.4.1,1.txz: ... done
[146/164] Fetching php74-pear-Net_SMTP-1.9.0.txz: .. done
[147/164] Fetching php74-pear-Net_Socket-1.0.14.txz: . done
[148/164] Fetching php74-sysvshm-7.4.15.txz: . done
[149/164] Fetching php74-sysvsem-7.4.15.txz: . done
[150/164] Fetching php74-sysvmsg-7.4.15.txz: . done
[151/164] Fetching php74-shmop-7.4.15.txz: . done
[152/164] Fetching php74-readline-7.4.15.txz: .. done
[153/164] Fetching php74-pcntl-7.4.15.txz: .. done
[154/164] Fetching php74-json-7.4.15.txz: ... done
[155/164] Fetching php74-intl-7.4.15.txz: .......... done
[156/164] Fetching php74-gettext-7.4.15.txz: . done
[157/164] Fetching php74-pfSense-module-0.69_1.txz: ...... done
[158/164] Fetching ccid-1.4.32.txz: ........ done
[159/164] Fetching php74-sqlite3-7.4.15.txz: ... done
[160/164] Fetching php74-pdo_sqlite-7.4.15.txz: .. done
[161/164] Fetching php74-pdo-7.4.15.txz: ...... done
[162/164] Fetching php74-bz2-7.4.15.txz: .. done
[163/164] Fetching libinotify-20180201_2.txz: .... done
[164/164] Fetching libuv-1.40.0.txz: .......... done
Checking integrity... done (51 conflicting)
- php74-7.4.15 [pfSense] conflicts with php72-7.2.29 [installed] on /usr/local/bin/php
- php74-7.4.15 [pfSense] conflicts with php72-hash-7.2.29 [installed] on /usr/local/include/php/ext/hash/php_hash.h
- php74-pecl-rrd-2.0.1_1 [pfSense] conflicts with php72-pecl-rrd-2.0.1_1 [installed] on /usr/local/include/php/ext/rrd/rrd_info.h
- php74-simplepie-1.5.1_1 [pfSense] conflicts with php72-simplepie-1.5.1_1 [installed] on /usr/local/www/simplepie/simplepie.inc
- php74-curl-7.4.15 [pfSense] conflicts with php72-curl-7.2.29 [installed] on /usr/local/include/php/ext/curl/config.h
- php74-tokenizer-7.4.15 [pfSense] conflicts with php72-tokenizer-7.2.29 [installed] on /usr/local/include/php/ext/tokenizer/config.h
- php74-mbstring-7.4.15 [pfSense] conflicts with php72-mbstring-7.2.29 [installed] on /usr/local/include/php/ext/mbstring/php_mbregex.h
- php74-session-7.4.15 [pfSense] conflicts with php72-session-7.2.29 [installed] on /usr/local/include/php/ext/session/php_session.h
- php74-opcache-7.4.15 [pfSense] conflicts with php72-opcache-7.2.29 [installed] on /usr/local/include/php/ext/opcache/zend_file_cache.h
- php74-xmlwriter-7.4.15 [pfSense] conflicts with php72-xmlwriter-7.2.29 [installed] on /usr/local/include/php/ext/xmlwriter/config.h
- php74-xmlreader-7.4.15 [pfSense] conflicts with php72-xmlreader-7.2.29 [installed] on /usr/local/include/php/ext/xmlreader/config.h
- php74-dom-7.4.15 [pfSense] conflicts with php72-dom-7.2.29 [installed] on /usr/local/include/php/ext/dom/dom_ce.h
- php74-xml-7.4.15 [pfSense] conflicts with php72-xml-7.2.29 [installed] on /usr/local/include/php/ext/xml/php_xml.h
- php74-simplexml-7.4.15 [pfSense] conflicts with php72-simplexml-7.2.29 [installed] on /usr/local/include/php/ext/simplexml/php_simplexml.h
- php74-ctype-7.4.15 [pfSense] conflicts with php72-ctype-7.2.29 [installed] on /usr/local/include/php/ext/ctype/config.h
- php74-posix-7.4.15 [pfSense] conflicts with php72-posix-7.2.29 [installed] on /usr/local/include/php/ext/posix/config.h
- php74-openssl-7.4.15 [pfSense] conflicts with php72-openssl-7.2.29 [installed] on /usr/local/include/php/ext/openssl/config.h
- php74-filter-7.4.15 [pfSense] conflicts with php72-filter-7.2.29 [installed] on /usr/local/include/php/ext/filter/filter_private.h
- php74-openssl_x509_crl-1.3 [pfSense] conflicts with php72-openssl_x509_crl-1.2 [installed] on /usr/local/share/openssl_x509_crl/ASN1.php
- php74-bcmath-7.4.15 [pfSense] conflicts with php72-bcmath-7.2.29 [installed] on /usr/local/include/php/ext/bcmath/config.h
- php74-pecl-mcrypt-1.0.4 [pfSense] conflicts with php72-pecl-mcrypt-1.0.3 [installed] on /usr/local/include/php/ext/mcrypt/php_mcrypt.h
- php74-pear-Crypt_CHAP-1.5.0 [pfSense] conflicts with php72-pear-Crypt_CHAP-1.5.0 [installed] on /usr/local/share/pear/Crypt/CHAP.php
- php74-pear-1.10.12 [pfSense] conflicts with php72-pear-1.10.6 [installed] on /usr/local/bin/pear
- php74-zlib-7.4.15 [pfSense] conflicts with php72-zlib-7.2.29 [installed] on /usr/local/include/php/ext/zlib/php_zlib.h
- php74-sockets-7.4.15 [pfSense] conflicts with php72-sockets-7.2.29 [installed] on /usr/local/include/php/ext/sockets/sendrecvmsg.h
- php74-ldap-7.4.15 [pfSense] conflicts with php72-ldap-7.2.29 [installed] on /usr/local/include/php/ext/ldap/config.h
- php74-pecl-zmq-1.1.3_3 [pfSense] conflicts with php72-pecl-zmq-1.1.3_3 [installed] on /usr/local/include/php/ext/zmq/php_zmq_pollset.h
- php74-pecl-radius-1.4.0.b1 [pfSense] conflicts with php72-pecl-radius-1.4.0.b1 [installed] on /usr/local/include/php/ext/radius/radius_init_const.h
- php74-pear-XML_RPC2-1.1.4 [pfSense] conflicts with php72-pear-XML_RPC2-1.1.4 [installed] on /usr/local/share/doc/pear/XML_RPC2/docs/Makefile
- php74-pear-HTTP_Request2-2.3.0,1 [pfSense] conflicts with php72-pear-HTTP_Request2-2.3.0,1 [installed] on /usr/local/share/doc/pear/HTTP_Request2/LICENSE
- php74-pear-Net_URL2-2.2.1 [pfSense] conflicts with php72-pear-Net_URL2-2.2.1 [installed] on /usr/local/share/doc/pear/Net_URL2/docs/6470.php
- php74-pear-Cache_Lite-1.7.16,1 [pfSense] conflicts with php72-pear-Cache_Lite-1.7.16,1 [installed] on /usr/local/share/doc/pear/Cache_Lite/LICENSE
- php74-pear-Net_IPv6-1.3.0.b2_2 [pfSense] conflicts with php72-pear-Net_IPv6-1.3.0.b2_2 [installed] on /usr/local/share/pear/Net/IPv6.php
- php74-pear-Auth_RADIUS-1.1.0_4 [pfSense] conflicts with php72-pear-Auth_RADIUS-1.1.0_4 [installed] on /usr/local/share/doc/pear/Auth_RADIUS/examples/radius-acct.php
- php74-pear-Mail-1.4.1,1 [pfSense] conflicts with php72-pear-Mail-1.4.1,1 [installed] on /usr/local/share/doc/pear/Mail/LICENSE
- php74-pear-Net_SMTP-1.9.0 [pfSense] conflicts with php72-pear-Net_SMTP-1.9.0 [installed] on /usr/local/share/doc/pear/Net_SMTP/LICENSE
- php74-pear-Net_Socket-1.0.14 [pfSense] conflicts with php72-pear-Net_Socket-1.0.14 [installed] on /usr/local/share/pear/Net/Socket.php
- php74-sysvshm-7.4.15 [pfSense] conflicts with php72-sysvshm-7.2.29 [installed] on /usr/local/include/php/ext/sysvshm/php_sysvshm.h
- php74-sysvsem-7.4.15 [pfSense] conflicts with php72-sysvsem-7.2.29 [installed] on /usr/local/include/php/ext/sysvsem/php_sysvsem.h
- php74-sysvmsg-7.4.15 [pfSense] conflicts with php72-sysvmsg-7.2.29 [installed] on /usr/local/include/php/ext/sysvmsg/config.h
- php74-shmop-7.4.15 [pfSense] conflicts with php72-shmop-7.2.29 [installed] on /usr/local/include/php/ext/shmop/php_shmop.h
- php74-readline-7.4.15 [pfSense] conflicts with php72-readline-7.2.29 [installed] on /usr/local/include/php/ext/readline/readline_cli.h
- php74-pcntl-7.4.15 [pfSense] conflicts with php72-pcntl-7.2.29 [installed] on /usr/local/include/php/ext/pcntl/php_pcntl.h
- php74-json-7.4.15 [pfSense] conflicts with php72-json-7.2.29 [installed] on /usr/local/include/php/ext/json/php_json_encoder.h
- php74-intl-7.4.15 [pfSense] conflicts with php72-intl-7.2.29 [installed] on /usr/local/include/php/ext/intl/intl_error.h
- php74-gettext-7.4.15 [pfSense] conflicts with php72-gettext-7.2.29 [installed] on /usr/local/include/php/ext/gettext/php_gettext.h
- php74-pfSense-module-0.69_1 [pfSense] conflicts with php72-pfSense-module-0.65 [installed] on /usr/local/include/php/ext/pfSense/php_pfSense.h
- php74-sqlite3-7.4.15 [pfSense] conflicts with php72-sqlite3-7.2.29 [installed] on /usr/local/include/php/ext/sqlite3/config.h
- php74-pdo_sqlite-7.4.15 [pfSense] conflicts with php72-pdo_sqlite-7.2.29 [installed] on /usr/local/include/php/ext/pdo_sqlite/php_pdo_sqlite.h
- php74-pdo-7.4.15 [pfSense] conflicts with php72-pdo-7.2.29 [installed] on /usr/local/include/php/ext/pdo/php_pdo.h
- php74-bz2-7.4.15 [pfSense] conflicts with php72-bz2-7.2.29 [installed] on /usr/local/include/php/ext/bz2/php_bz2.h
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 216 package(s) will be affected (of 0 checked):
Installed packages to be REMOVED:
php72: 7.2.29
php72-bcmath: 7.2.29
php72-bz2: 7.2.29
php72-ctype: 7.2.29
php72-curl: 7.2.29
php72-dom: 7.2.29
php72-filter: 7.2.29
php72-gettext: 7.2.29
php72-hash: 7.2.29
php72-intl: 7.2.29
php72-json: 7.2.29
php72-ldap: 7.2.29
php72-mbstring: 7.2.29
php72-opcache: 7.2.29
php72-openssl: 7.2.29
php72-openssl_x509_crl: 1.2
php72-pcntl: 7.2.29
php72-pdo: 7.2.29
php72-pdo_sqlite: 7.2.29
php72-pear: 1.10.6
php72-pear-Auth_RADIUS: 1.1.0_4
php72-pear-Cache_Lite: 1.7.16,1
php72-pear-Crypt_CHAP: 1.5.0
php72-pear-HTTP_Request2: 2.3.0,1
php72-pear-Mail: 1.4.1,1
php72-pear-Net_Growl: 2.7.0
php72-pear-Net_IPv6: 1.3.0.b2_2
php72-pear-Net_SMTP: 1.9.0
php72-pear-Net_Socket: 1.0.14
php72-pear-Net_URL2: 2.2.1
php72-pear-XML_RPC2: 1.1.4
php72-pecl-mcrypt: 1.0.3
php72-pecl-radius: 1.4.0.b1
php72-pecl-rrd: 2.0.1_1
php72-pecl-zmq: 1.1.3_3
php72-pfSense-module: 0.65
php72-posix: 7.2.29
php72-readline: 7.2.29
php72-session: 7.2.29
php72-shmop: 7.2.29
php72-simplepie: 1.5.1_1
php72-simplexml: 7.2.29
php72-sockets: 7.2.29
php72-sqlite3: 7.2.29
php72-sysvmsg: 7.2.29
php72-sysvsem: 7.2.29
php72-sysvshm: 7.2.29
php72-tokenizer: 7.2.29
php72-xml: 7.2.29
php72-xmlreader: 7.2.29
php72-xmlwriter: 7.2.29
php72-zlib: 7.2.29
New packages to be INSTALLED:
ccid: 1.4.32 [pfSense]
dbus: 1.12.20_3 [pfSense]
iftop: 1.0.p4 [pfSense]
libinotify: 20180201_2 [pfSense]
libuv: 1.40.0 [pfSense]
nss_ldap: 1.265_13 [pfSense]
opensc: 0.21.0 [pfSense]
pam_ldap: 186 [pfSense]
pam_mkhomedir: 0.2 [pfSense]
pcre2: 10.36 [pfSense]
pcsc-lite: 1.9.0_1,2 [pfSense]
php74: 7.4.15 [pfSense]
php74-bcmath: 7.4.15 [pfSense]
php74-bz2: 7.4.15 [pfSense]
php74-ctype: 7.4.15 [pfSense]
php74-curl: 7.4.15 [pfSense]
php74-dom: 7.4.15 [pfSense]
php74-filter: 7.4.15 [pfSense]
php74-gettext: 7.4.15 [pfSense]
php74-intl: 7.4.15 [pfSense]
php74-json: 7.4.15 [pfSense]
php74-ldap: 7.4.15 [pfSense]
php74-mbstring: 7.4.15 [pfSense]
php74-opcache: 7.4.15 [pfSense]
php74-openssl: 7.4.15 [pfSense]
php74-openssl_x509_crl: 1.3 [pfSense]
php74-pcntl: 7.4.15 [pfSense]
php74-pdo: 7.4.15 [pfSense]
php74-pdo_sqlite: 7.4.15 [pfSense]
php74-pear: 1.10.12 [pfSense]
php74-pear-Auth_RADIUS: 1.1.0_4 [pfSense]
php74-pear-Cache_Lite: 1.7.16,1 [pfSense]
php74-pear-Crypt_CHAP: 1.5.0 [pfSense]
php74-pear-HTTP_Request2: 2.3.0,1 [pfSense]
php74-pear-Mail: 1.4.1,1 [pfSense]
php74-pear-Net_IPv6: 1.3.0.b2_2 [pfSense]
php74-pear-Net_SMTP: 1.9.0 [pfSense]
php74-pear-Net_Socket: 1.0.14 [pfSense]
php74-pear-Net_URL2: 2.2.1 [pfSense]
php74-pear-XML_RPC2: 1.1.4 [pfSense]
php74-pecl-mcrypt: 1.0.4 [pfSense]
php74-pecl-radius: 1.4.0.b1 [pfSense]
php74-pecl-rrd: 2.0.1_1 [pfSense]
php74-pecl-zmq: 1.1.3_3 [pfSense]
php74-pfSense-module: 0.69_1 [pfSense]
php74-phpseclib: 2.0.17 [pfSense]
php74-posix: 7.4.15 [pfSense]
php74-readline: 7.4.15 [pfSense]
php74-session: 7.4.15 [pfSense]
php74-shmop: 7.4.15 [pfSense]
php74-simplepie: 1.5.1_1 [pfSense]
php74-simplexml: 7.4.15 [pfSense]
php74-sockets: 7.4.15 [pfSense]
php74-sqlite3: 7.4.15 [pfSense]
php74-sysvmsg: 7.4.15 [pfSense]
php74-sysvsem: 7.4.15 [pfSense]
php74-sysvshm: 7.4.15 [pfSense]
php74-tokenizer: 7.4.15 [pfSense]
php74-xml: 7.4.15 [pfSense]
php74-xmlreader: 7.4.15 [pfSense]
php74-xmlwriter: 7.4.15 [pfSense]
php74-zlib: 7.4.15 [pfSense]
wireguard-tools: 20210201 [pfSense]
Installed packages to be UPGRADED:
bind-tools: 9.14.12 -> 9.16.11 [pfSense]
bsnmp-ucd: 0.4.4 -> 0.4.5 [pfSense]
ca_root_nss: 3.51 -> 3.58 [pfSense]
check_reload_status: 0.0.8 -> 0.0.10_1 [pfSense]
curl: 7.67.0 -> 7.74.0 [pfSense]
devcpu-data: 1.28 -> 1.37 [pfSense]
dhcp6: 20080615.2_2 -> 20080615.2_4 [pfSense]
dhcpleases: 0.3_2 -> 0.5_1 [pfSense]
dhcpleases6: 0.1_2 -> 0.1_3 [pfSense]
dmidecode: 3.2 -> 3.3 [pfSense]
dnsmasq: 2.80_4,1 -> 2.84,1 [pfSense]
expat: 2.2.8 -> 2.2.10 [pfSense]
filterdns: 2.0_3 -> 2.0_5 [pfSense]
filterlog: 0.1_5 -> 0.1_6 [pfSense]
gettext-runtime: 0.20.1 -> 0.21 [pfSense]
glib: 2.56.3_7,1 -> 2.66.4_1,1 [pfSense]
gmp: 6.1.2_1 -> 6.2.1 [pfSense]
hostapd: 2.9 -> 2.9_2 [pfSense]
icu: 65.1,1 -> 68.2,1 [pfSense]
igmpproxy: 0.2.1_1,1 -> 0.3,1 [pfSense]
ipmitool: 1.8.18_2 -> 1.8.18_3 [pfSense]
isc-dhcp44-client: 4.4.1_1 -> 4.4.2_1 [pfSense]
isc-dhcp44-relay: 4.4.1 -> 4.4.2_1 [pfSense]
isc-dhcp44-server: 4.4.1_4 -> 4.4.2_1 [pfSense]
json-c: 0.14 -> 0.15_1 [pfSense]
ldns: 1.7.1_1 -> 1.7.1_2 [pfSense]
libedit: 3.1.20191211,1 -> 3.1.20191231,1 [pfSense]
libevent: 2.1.11 -> 2.1.12 [pfSense]
libffi: 3.2.1_3 -> 3.3_1 [pfSense]
libgcrypt: 1.8.5 -> 1.8.7 [pfSense]
libgpg-error: 1.36 -> 1.41 [pfSense]
libiconv: 1.14_11 -> 1.16 [pfSense]
liblz4: 1.9.2,1 -> 1.9.3,1 [pfSense]
libnghttp2: 1.40.0 -> 1.42.0 [pfSense]
libxml2: 2.9.10 -> 2.9.10_2 [pfSense]
libxslt: 1.1.34 -> 1.1.34_1 [pfSense]
links: 2.16_2,1 -> 2.20.2_1,1 [pfSense]
lua-resty-core: 0.1.17 -> 0.1.21_1 [pfSense]
lua-resty-lrucache: 0.09 -> 0.10 [pfSense]
luajit-openresty: 2.1.20190912_2 -> 2.1.20201027 [pfSense]
miniupnpd: 2.1.20190210,1 -> 2.2.1,1 [pfSense]
mpd5: 5.8_10 -> 5.9 [pfSense]
nettle: 3.5.1_1 -> 3.6 [pfSense]
nginx: 1.16.1_11,2 -> 1.18.0_45,2 [pfSense]
norm: 1.5r6 -> 1.5r6_1 [pfSense]
ntp: 4.2.8p14 -> 4.2.8p15 [pfSense]
oniguruma: 6.9.3 -> 6.9.6 [pfSense]
openldap-client: 2.4.48 -> 2.4.57 [pfSense]
openvpn: 2.4.9 -> 2.5.0 [pfSense]
pcre: 8.43_2 -> 8.44 [pfSense]
perl5: 5.30.1 -> 5.32.1_1 [pfSense]
pfSense: 2.4.5_1 -> 2.5.0 [pfSense]
pfSense-Status_Monitoring: 1.7.11_1 -> 1.7.11_3 [pfSense]
pfSense-base: 2.4.5_1 -> 2.5.0 [pfSense-core]
pfSense-default-config: 2.4.5_1 -> 2.5.0 [pfSense-core]
pfSense-kernel-pfSense: 2.4.5_1 -> 2.5.0 [pfSense-core]
pfSense-rc: 2.4.5_1 -> 2.5.0 [pfSense-core]
py37-setuptools: 41.4.0_1 -> 44.0.0 [pfSense]
python37: 3.7.7 -> 3.7.9_1 [pfSense]
radvd: 2.18_2 -> 2.19 [pfSense]
rate: 0.9_1 -> 0.9_2 [pfSense]
readline: 8.0.1 -> 8.0.4 [pfSense]
rrdtool: 1.7.2_1 -> 1.7.2_4 [pfSense]
smartmontools: 7.0_2 -> 7.2 [pfSense]
sqlite3: 3.30.1 -> 3.34.0,1 [pfSense]
ssh_tunnel_shell: 0.1_1 -> 0.2_1 [pfSense]
sshguard: 2.4.0_4,1 -> 2.4.1,1 [pfSense]
strongswan: 5.8.4 -> 5.9.1 [pfSense]
unbound: 1.10.1 -> 1.13.0_2 [pfSense]
wpa_supplicant: 2.9 -> 2.9_7 [pfSense]
wrapalixresetbutton: 0.0.7 -> 0.0.7_1 [pfSense]
Installed packages to be REINSTALLED:
beep-1.0_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
bsnmp-regex-0.6_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
bwi-firmware-kmod-3.130.20 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
choparp-20150613 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
cpdup-1.20 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
cpustats-0.1_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
dpinger-3.0 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
expiretable-0.6_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
indexinfo-0.3.1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libargon2-20190702 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libdaemon-0.14_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libidn2-2.3.0_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libltdl-2.4.6 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libmcrypt-2.5.8_3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libucl-0.8.1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libunistring-0.9.10_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
libzmq4-4.3.1_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
lzo2-2.10_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
minicron-0.0.2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
mobile-broadband-provider-info-20190618_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
openvpn-auth-script-1.0.0.3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
pftop-0.7_9 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
py37-ply-3.11 [pfSense] (ABI changed: 'freebsd:11:*' -> 'freebsd:12:*')
qstats-0.2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
scponly-4.8.20110526_4 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
uclcmd-0.1_3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
voucher-0.1_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
vstr-1.0.15_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
wol-0.7.1_4 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
xinetd-2.3.15_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64')
Number of packages to be removed: 52
Number of packages to be installed: 63
Number of packages to be upgraded: 71
Number of packages to be reinstalled: 30
The process will require 76 MiB more space.
>>> Downloading pkg...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be REINSTALLED:
pkg-1.16.1 [pfSense]
Number of packages to be reinstalled: 1
>>> Locking package pkg... done.
>>> Upgrading pfSense-rc...
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
pfSense-rc: 2.4.5_1 -> 2.5.0 [pfSense-core]
Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-rc from 2.4.5_1 to 2.5.0...
[1/1] Extracting pfSense-rc-2.5.0: ...... done
>>> Upgrading pfSense kernel...
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
pfSense-kernel-pfSense: 2.4.5_1 -> 2.5.0 [pfSense-core]
Number of packages to be upgraded: 1
The process will require 14 MiB more space.
[1/1] Upgrading pfSense-kernel-pfSense from 2.4.5_1 to 2.5.0...
[1/1] Extracting pfSense-kernel-pfSense-2.5.0: .......... done
===> Keeping a copy of current kernel in /boot/kernel.old
>>> Removing unnecessary packages... done.
System is going to be upgraded. Rebooting in 10 seconds.
>>> Unlocking package pkg... done.
Success
コメント