pfSenseをアップデートした記録 2.4.5_1→2.5.0
アップデート内容確認
2.4.5_1(2.4.5-p1)から2.5.0にアップデートします
変更点を確認
https://docs.netgate.com/pfsense/en/latest/releases/2-5-0.html
pfSense Plus Support for Intel® QuickAssist Technology, also known as QAT. QAT accelerates cryptographic and hashing operations on supported hardware, and can be used to accelerate IPsec, OpenVPN, and other OpenCrypto Framework-aware software. Supported hardware includes many Intel-based systems sold by Netgate (e.g. XG-7100, SG-5100) and add-on cards. From the FreeBSD man page: The qat driver supports the QAT devices integrated with Atom C2000 and C3000 and Xeon C620 and D-1500 chipsets, and the Intel QAT Adapter 8950. It can accelerate AES in CBC, CTR, XTS (except for the C2000) and GCM modes, and can perform authenticated encryption combining the CBC, CTR and XTS modes with SHA1-HMAC and SHA2-HMAC. The qat driver can also compute SHA1 and SHA2 digests. Improved SafeXcel cryptographic accelerator support for SG-2100 and SG-1100 which can improve IPsec performance. From the FreeBSD man page: The driver can accelerate the following AES modes: AES-CBC, AES-CTR, AES-XTS, AES-GCM, AES-CCM The driver also implements SHA1 and SHA2 transforms, and can combine AES-CBC and AES-CTR with SHA1-HMAC and SHA2-HMAC for encrypt-then-authenticate operations. Updated IPsec profile export Exports Apple profiles compatible with current iOS and OS X versions New export function for Windows clients to configure tunnels using PowerShell Operating System / Architecture changes Base OS upgraded to FreeBSD 12.2-STABLE OpenSSL upgraded to 1.1.1i-freebsd PHP upgraded to 7.4 #9365 #10659 Python upgraded to 3.7 #9360 Security / Errata Deprecated the built-in relayd Load Balancer #9386 relayd does not function with OpenSSL 1.1.x The relayd FreeBSD port has been changed to require libressl – There is no apparent sign of work to make it compatible with OpenSSL 1.1.x The HAProxy package may be used in its place; It is a much more robust and more feature-complete load balancer and reverse proxy For more information on implementing HAProxy, see HAProxy package and the Hangout Aliases/Tables Fixed aliases to allow IPv6 prefix entries which end in IPv4 addresses (e.g. x:x:x:x:x:x:d.d.d.d from RFC 4291 section 2.2.2) #10694 Fixed a PHP error processing aliases when the configuration contains no aliases section #9936 Fixed URL-based Alias only storing last-most entry in the configuration #9074 Fixed an issue with PF tables remaining active after they had been deleted #9790 Added Internationalized domain names support for aliases #7255 Added the ability to copy an existing alias when creating a new entry #6908 Fixed handling of URL-based aliases containing multiple URLs #11256 Authentication Added RADIUS authentication for SSH users #10545 Added LDAP authentication for SSH users #8698 Added option to control behavior of unauthenticated LDAP binds #9909 Converted LDAP TLS setup from environment variables to LDAP_OPT_X_TLS_* options #9417 Set RADIUS NAS Identifier to include webConfigurator and the firewall hostname when logging in the GUI #9209 Added LDAP extended query for groups in RFC2307 containers #9527 Fixed errors when using RADIUS for GUI authentication while the WAN is down #11109 Backup/Restore Changed crypt_data() to use stronger key derivation #9421 Updated crypt_data() syntax for OpenSSL 1.1.x #9420 #10178 Disabled AutoConfigBackup manual backups when AutoConfigBackup is disabled #9785 Improved error handling when attempting to restore encrypted and otherwise invalid configurations which result in errors (e.g. wrong encryption passphrase, malformed XML) #10179 Added option to include the DHCP v4/v6 leases database in config.xml backups #10910 Added option to include the Captive Portal database in config.xml backups #10868 Added option to include the Captive Portal used MACs database in config.xml backups #10856 Added option to prevent all extra data from being added to config.xml backups #10914 Added password confirmation when encrypting a config.xml backup #10301 Added support for GPT partitioned drives to the External Configuration Locator #9097 Added support for Limiters to the Traffic Shaper backup and restore area option #4763 Added option to backup Dynamic DNS area #3559 Fixed restoration of active voucher data from backup #3128 Captive Portal Improved XMLRPC sync of Captive Portal database information #97 Changed Captive Portal vouchers to use phpseclib so it can generate keys natively in PHP, and to work around OpenSSL deprecating key sizes needed for vouchers #9443 Added trim() to the submitted username, so that spaces before/after in input do not cause authentication errors #9274 Optimized Captive Portal authentication attempts when using multiple authentication servers #9255 Fixed Captive Portal session timeout values for RADIUS users who do not have a timeout returned from the server #9208 Changed Captive Portal so that users no longer get disconnected when changes are made to Captive Portal settings #8616 Added an option so that Captive Portals may choose to remove or retain logins across reboot #5644 Fixed deletion of related files when removing a Captive Portal zone #10891 Fixed XMLRPC sync of Captive Portal used MACs database #10857 Added validation of Captive Portal zone names to prevent using reserved words #10798 Added support for IDN hostnames to Captive Portal Allowed Hostnames tab #10747 Improved Captive Portal Allowed Hostnames so it supports multiple DNS records in responses #10724 Fixed retention of automatic pass-through MAC entries when using Captive Portal Vouchers #9933 Fixed Captive Portal Bandwidth per-user bandwidth limit values being applied when disabled #9437 #9311 Changed handling of voucher logins with Concurrent Login option so that new logins are prevented rather than removing old sessions #9432 #2146 Changed XMLRPC behavior to not remove zones from secondary node when disabling Captive Portal #9303 Fixed XMLRPC sync failing to propagate voucher roll option changes to the secondary node #8809 Fixed XMLRPC sync failing to create Captive Portal voucher files on secondary node #8807 Fixed Captive Portal + Bridge interface validation #6528 Added support for masking of Captive Portal pass-thru MACs #2424 Added support for pre-filling voucher codes via URL parameters, so they can be used via QR code #1984 Certificates Fixed OCSP stapling detection for OpenSSL 1.1.x #9408 Fixed GUI detection of revoked status for certificates issued and revoked by an intermediate CA #9924 Removed PKCS#12 export links for entries which cannot be exported in that format (e.g. no private key) #10284 Added an option to globally trust local CA manager entries #4068 Added support for randomized certificate serial numbers when creating or signing certificates with local internal CAs #9883 Added validation for CA/CRL serial numbers #9883 #9869 Added support for importing ECDSA keys in certificates and when completing signing requests #9745 Added support for creating and signing certificates using ECDSA keys #9843 #10658 Added detailed certificate information block to the CA list, using code shared with the Certificate list #9856 Added Certificate Lifetime to certificate information block #7332 Added CA validity checks when attempting to pre-fill certificate fields from a CA #3956 Added a daily certificate expiration check and notice, with settings to control its behavior and notifications (Default: 27 days) #7332 Added functionality to import certificates without private keys (e.g. PKCS#11) #9834 Added functionality to upload a PKCS#12 file to import a certificate #8645 Added CA/Certificate renewal functionality #9842 This allows a CA or certificate to be renewed using its current settings (or a more secure profile), replacing the entry with a fresh one, and optionally retaining the existing key. Added an “Edit” screen for Certificate entries This view allows editing the Certificate Descriptive name field #7861 This view also adds a (not stored) password field and buttons for exporting encrypted private keys and PKCS#12 archives #1192 Improved default GUI certificate strength and handling of weak values #9825 Reduced the default GUI web server certificate lifetime to 398 days to prevent errors on Apple platforms #9825 Added notes on CA/Cert pages about using potentially insecure parameter choices Added visible warnings on CA/Cert pages if parameters are known to be insecure or not recommended Revamped CRL management to be easier to use and more capable Added the ability to revoke certificates by serial number #9869 Added the ability to revoke multiple entries at a time #3258 Decluttered the main CRL list screen Moved to a single CRL create control to the bottom under the list rather than multiple buttons Optimized CA/Cert/CRL code in various ways, including: Actions are now performed by refid rather than array index, which is more accurate and not as prone to being affected by parallel changes Improved configuration change descriptions as shown in the GUI and configuration history/backups Miscellaneous style and code re-use improvements Changed CA/Cert date calculations to use a more accurate method, which ensures accuracy on ARM past the 2038 date barrier #9899 Configuration Backend Changed error handling on boot error ‘XML configuration file not found’ so the user is given an opportunity to fix the problem manually #10556 Configuration Upgrade Retired m0n0wall configuration upgrade support #10997 Console Menu Fixed rc.initial execution of rc.local.running #10978 Fixed rc.initial handling of -c commands with arguments #10603 Fixed console menu display of subnet masks for DHCP interfaces #10740 Dashboard Added PPP uptime to the Dashboard Interfaces Widget #9426 Improved long description truncation behavior in the services status widget #10795 Fixed Dashboard traffic graph widget display of bandwidth units (b/s vs. B/s) #9072 Added adaptive state timeout indication to the state table usage meter #7016 Fixed Thermal Sensors dashboard widget showing invalid sensors #10963 Added default route indicator to Gateways widget #11057 Added hardware interface name as a tooltip on Interfaces widget entries #11041 DHCP (IPv4) Fixed handling of spaces in DHCP lease hostnames by dhcpleases #9758 Fixed DHCP leases hostname parsing problems which prevented some hostnames from being displayed in the GUI #3500 Added OMAPI settings to the DHCP Server #7304 Increased number of NTP servers sent via DHCP to 3 #9661 Added an option to prevent known DHCP clients from obtaining addresses on any interface (e.g. known clients may only obtain an address from the interface where the entry is defined) #1605 Added count of static mappings to list when editing DHCP settings for an interface #9282 Fixed handling of client identifiers on static mappings containing double quotes #10295 Added ARM32/64 network booting support to the DHCP Server #10374 Increased the number of NTP servers for DHCP Static Mappings #10333 Fix DHCP Dynamic DNS handling of per-host zone and key options from static mappings #10224 Added per-host custom BOOTP/DHCP Options to static mappings #8990 Added a button to clear all DHCP leases #7406 Fixed ARPA zone declaration formatting in DHCP server configuration file #11224 DHCP (IPv6) Added options to disable pushing IPv6 DNS servers to clients via DHCP6 #9302 Fixed DHCPv6 domain search list #10200 Fixed validation to allow omission of DHCPv6 range for use with stateless DHCP #9596 Fixed issues creating IPv6 Static Mappings #7443 Fixed DHCPv6 merging an IPv6 prefix with the input submitted in DNS servers field when using Track Interface #7384 Fixed prefix delegation not being requested if no interfaces were set to track6 #11005 Fixed DHCPv6 Dynamic DNS domain key name validation #10844 Fixed line formatting issues in the DHCPv6 configuration file #10675 Fixed prefix not being included in the DNS entry registered by DHCPv6 #8156 Fixed DHCPv6 static mapping changes requiring a restart of the DNS resolver to activate #10882 Fixed issues running DHCPv6 on certain types of tracked interfaces (e.g. bridges, VLANs) #3965 Fixed issues with WAN not renewing IPv6 address after an upstream failure #10966 DHCP Relay Fixed DHCP Relay validation to allow OpenVPN TAP interfaces #10711 Fixed inconsistent validation behavior for DHCP relay and bridges #7778 Diagnostics Added Reroot and Reboot with Filesystem Check options to GUI Reboot page #9771 Added option to control wait time between ICMP echo request (ping) packets diag_ping.php #9862 Improved data sanitization in status.php #10946 #10944 Sanitize MaxMind GeoIP key #10797 #10569 #10794 Added config history list to status.php #10696 Added DNS Resolver configuration to status.php #10635 Added L2TP VPN configuration to status.php #10583 Changed pftop page to hide filtering controls for views which do not support filtering #10625 Added support for IDN hostnames to DNS Lookup, Ping, and Traceroute #10538 Fixed diag_dns.php link to Ping passing incorrect parameters #10537 Added a button to clear the NDP cache #10975 Added a button to clear the ARP cache #4038 Fixed hostname being ignored when DNS Lookup calculates response time #11018 Fixed Kill States button on diag_dump_states.php when used with CIDR-masked subnets #9270 DNS Forwarder Updated dnsmasq to 2.84 #11278 DNS Resolver Added IPv6 OpenVPN client addresses resolution to the DNS Resolver #8624 Added DNS64 options to the DNS Resolver #10274 Added support for multiple IP addresses in a DNS Resolver Host Override entry #10896 Fixed DNS Resolver restart commands to work around potential environment issues #10781 Fixed saving DNS Resolver ACL entries when using a non-English translation #10742 Added support for IDN symbols in DNS Resolver ACL entries #10730 Added Aggressive NSEC option to the DNS Resolver #10449 Fixed DNS Resolver unintentionally retaining DHCP registration entries after disabling that feature #8981 Fixed DNS Resolver restarting on every OpenVPN client connection when registering clients in DNS #11129 Fixed issues with the DNS Resolver not starting when bound to disabled interfaces or interfaces without carrier #11087 Fixed DNS Resolver custom TLS listen port being ignored #11051 Improved formatting and ordering of items in the DNS Resolver access list configuration file #11309 Dynamic DNS Fixed Dynamic DNS Dashboard Widget address parsing for entries with split hostname/domain (e.g. Namecheap) #9564 Added support for new CloudFlare Dynamic DNS API tokens #9639 Added IPv6 support to No-IP Dynamic DNS #10256 Fixed issues with Hover Dynamic DNS #10241 Updated Cloudflare Dynamic DNS to query Zone ID with token #10992 Added support for IPv6 to easyDNS Dynamic DNS #10972 Added support for Domeneshop Dynamic DNS #10826 Added Zone option to RFC 2136 Dynamic DNS #10684 Updated FreeDNS Dynamic DNS to use their v2 API #10617 Fixed DigitalOcean Dynamic DNS processing of zones with multiple pages of records #10592 Improved Dynamic DNS Logging #10459 Added support for dynv6.com Dynamic DNS #9642 Fixed handling of Dynamic DNS AAAA records on 6rd tunnel interfaces bound to PPPoE interfaces #9641 Added a button to duplicate Dynamic DNS entries #8952 Fixed Dynamic DNS update for HE.net Tunnelbroker always setting IP address of the default WAN interface #11024 Updated HE.net Tunnelbroker Dynamic DNS to use their current API #11037 Added support for Wildcard A records for Gandi Dynamic DNS #11159 Updated No-IP Dynamic DNS to use a newer API #6638 Fixed Namecheap Dynamic DNS error code checking #5308 Improved color blind accessibility of Dynamic DNS status #3229 Gateways Added support for obtaining a gateway via DHCP which is outside of the interface subnet #7380 Added validation to prevent using descriptions on interfaces which would cause gateway names to exceeded the maximum allowed length #9401 Added tooltip text to icons on the Gateways #10719 Fixed issues with dpinger failing to update IPv6 gateway address on DHCPv6 WAN interfaces #8136 Hardware / Drivers Added bnxt driver for Broadcom NetXtreme interfaces #9155 Added iOS/Android/Generic USB tethering driver #7467 IGMP Proxy Added input validation for IGMP Proxy settings #7163 Installer Created separate Auto (UFS) UEFI and Auto (UFS) BIOS installation options to avoid problems on hardware which boots differently on USB and non-USB disks #8638 Fixed reinstalling with UFS on a ZFS formatted drive #10690 Fixed platform detection for MBT-4220 and MBT-2220 on newer BIOS revisions #9242 Fixed an issue with shutting down instead of rebooting after installing using ZFS #7307 Interfaces Added support for using IPv4 and IPv6 addresses on GRE interfaces at the same time #10392 Added a check to disable Hardware Checksum Offloading in environments with interfaces which do not support it (e.g. vtnet, ena) #10723 Changed the way interface VLAN support is detected so it does not rely on the VLANMTU flag #9548 Added a PHP shell playback script restartallwan which restarts all WAN-type interfaces #9688 Changed assignment of the fe80::1:1 default IPv6 link-local LAN address so it does not remove existing entries, which could cause problems such as Unbound failing to start #9998 Added automatic MTU adjustment for GRE interfaces using IPsec as a transport #10222 Fixed SLAAC interface selection when using IPv6 on a link which also uses PPP #9324 Added GUI interface descriptions to Operating System interfaces #1557 Added the ability to assign virtual type interfaces (IPsec, OpenVPN, GIF, GRE, etc) during console interface assignment #10947 Fixed TSO not being disabled in some cases #10836 Fixed group name length input validation #10835 Improved interface caching for environments with many interfaces #10680 Fixed fe80::1:1 being added to interfaces without track6 #10661 Added a check to prevent stf (6RD/6to4) interfaces from being used as parent interfaces #10626 Fixed redundant disabling of static ARP at boot before it could be enabled #10589 Fixed initialization of bridges which include a GIF interface at boot #10524 Fixed problems with post-install interface changes not being retained if the user did not complete the wizard #10383 Fixed inefficiencies when applying settings to a VLAN parent interface #9154 Fixed interface MTU setting not being applied to all IPv6 routes #6868 Fixed handling of MTU setting for 6rd and 6to4 interfaces #6377 Fixed IPv6 IP Alias preventing Track Interface from working with DHCPv6 and RA #5999 Changed DHCP interface renewal behavior to not restart services if the IP address did not change #11142 Fixed an error when changing bridge STP settings #11122 Added a binary package with updated Realtek interface drivers #11079 Improved link state visibility on Status > Interfaces #11045 Removed VTI interfaces from Interface Group selection since they do not currently function in this manner #11134 Fixed issues with IPv6 on top of IPv4 PPPoE placing default route on incorrect interface #9324 IPsec Added 25519 curve-based IPsec DH and PFS groups 31 and 32 #9531 Enabled the strongSwan PKCS#11 plugin #6775 Added support for ECDSA certificates to IPsec for IKE #4991 Renamed IPsec “RSA” options to “Certificate” since both RSA and ECDSA certificates are now supported, and it is also easier for users to recognize #9903 Converted IPsec configuration code from ipsec.conf ipsec/stroke style to swanctl.conf swanctl/vici style #9603 Split up much of the single large IPsec configuration function into multiple functions as appropriate. Optimized code along the way, including reducing code duplication and finding ways to generalize functions to support future expansion. For IKEv1 and IKEv2 with Split Connections enabled, P2 settings are properly respected for each individual P2, such as separate encryption algorithms #6263 N.B.: In rare cases this may expose a previous misconfiguration which allowed a Phase 2 SA to connect with improper settings, for example if a required encryption algorithm was enabled on one P2 but not another. New GUI option under VPN > IPsec, Mobile Clients tab to enable RADIUS Accounting which was previously on by default. This is now disabled by default as RADIUS accounting data will be sent for every tunnel, not only mobile clients, and if the accounting data fails to reach the RADIUS server, tunnels may be disconnected. Additional developer & advanced user notes: For those who may have scripts which touched files in /var/etc/ipsec, note that the structure of this directory has changed to the new swanctl layout. Any usage of /usr/local/sbin/ipsec or the stroke plugin must also be changed to /usr/local/sbin/swanctl and VICI. Note that some commands have no direct equivalents, but the same or better information is available in other ways. IPsec start/stop/reload functions now use /usr/local/sbin/strongswanrc IPsec-related functions were converged into ipsec.inc, removed from vpn.inc, and renamed from vpn_ipsec_<name> to ipsec_<name> Reworked how reauthentication and rekey behavior functions, giving more control to the user compared to previous options #9983 Reformatted status_ipsec.php to include more available information (rekey timer, encryption key size, IKE SPIs, ports) #9979 Added support for PKCS#11 authentication (e.g. hardware tokens such as Yubikey) for IPsec #9878 Fixed usage of Hash Algorithm on child ESP/AH proposals using AEAD ciphers #9726 Added support for IPsec remote gateway entries using FQDNs which resolve to IPv6 addresses #9405 Added manual selection of Pseudo-Random Function (PRF) for use with AEAD ciphers #9309 Added support for using per-user addresses from RADIUS and falling back to a local pool otherwise #8160 Added an option which allows multiple tunnels to use the same remote peer in certain situations (read warnings on the option before use) #10214 Improved visible distinction of online/offline mobile IPsec users in the IPsec status and dashboard widget #10340 Added options to change the IPsec NAT-T ports (local and remote) #10870 Improved boot-time initialization of IPsec VTI interfaces #10842 Added support for limiting IPsec VPN access by RADIUS user group #10748 Changed IPsec to share the same RADIUS Cisco-AVPair parser code as OpenVPN for Xauth users #10469 Fixed handling of IPsec VTI interfaces in environments with large numbers of IPsec tunnels #9592 Added IPsec Advanced option to control maximum allowed Parallel P2 Rekey exchanges #9331 Fixed issues with bringing up new Phase 2 entries on IPsec tunnels with “Split connections” enabled #8472 Fixed issues where, in rare cases, IPsec tunnels would not reconnect until the firewall was rebooted #8015 Improved the Remote Gateway field description for IPsec Phase 1 entries to indicate that 0.0.0.0 is allowed #7095 Fixed issues with IKEv2 IPsec tunnels with multiple phase 2 entries combining traffic selectors in unexpected ways (set “Split Connections” to isolate them) #6324 Added options to create IPsec bypass rules which prevent specific source and destination network pairs from entering policy-based IPsec tunnels #3329 Documented settings which work around SA duplication issues experienced by users in certain cases #10176 Improved IPsec GUI options for P1/P2 SA expiration and replacement to help prevent SA duplication #11219 Fixed a PHP error in mobile IPsec input validation #11212 Added validation to prevent unsupported wildcard certificates from being selected for use with IPsec #11297 IPv6 Router Advertisements (RADVD) Fixed Router Advertisement configuration missing information in Unmanaged mode #9710 Fixed Router Advertisement lifetime input validation #10709 L2TP Fixed L2TP secret using an empty value after removing it from the GUI #10710 Fixed L2TP input validation to allow leaving the remote address field blank when assigning addresses from RADIUS #7562 Fixed inefficiencies in the initial L2TP reconfiguration process #7558 Fixed L2TP Server and Client both using l2tpX for interface names #11006 Fixed static routes on L2TP interfaces not being reapplied when reconnecting #10407 Fixed L2TP server being restarted when making user account changes #11059 LAGG Interfaces Improved Interface Status and Widget information for LAGG #9187 Fixed route for GIF/GRE peer when using VLAN on LAGG #10623 Added option to toggle LACP PDU transmission fast timeout #10504 Fixed LAGG member interface events causing filter reloads #10365 Fixed issues with LAGG interface MTU being incorrectly applied to VLAN subinterfaces #8585 Added option to control the master interface for LAGG in Failover mode #1019 Logging Changed system logging to use plain text logging and log rotation, the old binary clog format has been deprecated #8350 Updated default log size (512k + rotated copies), default lines to display (500, was 50), and max line limits (200k, up from 2k) #9734 Added log tabs for nginx, userlog, utx/lastlog, and some other previously hidden logs #9714 Relocated Package Logs into a tab under System Logs and standardized display/filtering of package logs #9714 Added GUI options to control log rotation #9711 Added code for packages to set their own log rotation parameters #9712 Removed the redundant nginx-error.log file #7198 Fixed some instances where logs were mixed into the wrong log files/tabs (Captive Portal/DHCP/squid/php/others) #1375 Reorganized/restructured several log tabs #9714 Added a dedicated authentication log #9754 Added an option for RFC 5424 format log messages which have RFC 3339 timestamps #9808 Fixed an issue where a firewall log entry for loopback source/destination occasionally reported 127.0.0.1 as 127.0.01 #10776 Fixed issues with syslogd using an old IP address after an interface IP address change #9660 Added watchfrr to routing log #11207 Multi-WAN Fixed Gateways being removed from routing groups based on low alert thresholds #10546 Fixed a possible race condition in gateway group fail-over causing unexpected behavior #9450 Fixed a load balancing failure when one gateway had a weight of 1 and another gateway had a weight >1 #6025 NAT Reflection Fixed port forwards where the destination is a network alias creating invalid refection rules if multiple subnets are in that alias #7614 Notifications Deprecated & Removed Growl Notifications #8821 Added a daily certificate expiration notification with settings to control its behavior #7332 Fixed input validation of SMTP notification settings #8522 Added support for sending notifications via Pushover API #10495 Added support for sending notifications via Telegram #10354 Fixed a PHP error when SMTP notifications fail #11063 NTPD Added GUI options for NTP sync/poll intervals #6787 Added validation to prevent using noselect and noserve with pools #9830 Added feature to automatically detect GPS baud rate #7284 Fixed status and widget display of long hostnames and stratum #10307 Fixed handling of the checkbox options on NTP servers #10276 Updated GPS initialization commands for Garmin devices #10327 Added an option to limit NTP pool server usage #10323 Added option to force IPv4/IPv6 DNS resolution for NTP servers #10322 Added support for NTP server authentication #8794 Added an option to disable NTP #3567 Added units to the NTP status page #2850 OpenVPN Updated OpenVPN to 2.5.0 #11020 The default compression behavior has changed for security reasons. Incoming packets will be decompressed, outgoing packets will not be compressed. There is a GUI control to alter this behavior. Data cipher negotiation (Formerly known as Negotiable Cryptographic Parameters, or NCP) is now compulsory. Disabling negotiation has been deprecated. The option is still present in the GUI, but negotiation will be unilaterally enabled on upgrade. The upgrade process will attempt to use the expected data encryption algorithms before and after the upgrade completes, but in some cases more secure algorithms may be enabled as well. #10919 We strongly encourage using AEAD ciphers such as AES-GCM, future versions of OpenVPN will require them and will not have configurable cipher lists. Added connection count to OpenVPN status and widget #9788 Enabled the OpenVPN x509-alt-username build option #9884 Restructured the OpenVPN settings directory layout Changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to /var/etc/openvpn/<mode><id>/<x> This keeps all settings for each client and server in a clean structure Moved to CApath style CA structure for OpenVPN CA/CRL usage #9915 Added support for OCSP verification of client certificates #7767 Fixed a potential race condition in OpenVPN client ACLs obtained via RADIUS #9206 Added support for more protocols (IP, ICMP), ports, and a template variable ({clientip}) in OpenVPN client ACLs obtained via RADIUS #9206 Added the ability to register OpenVPN Remote Access (User Auth) clients in the DNS Resolver #10999 Fixed an issue where duplicating an OpenVPN instance did not copy the password #10703 Fixed issues with OpenVPN TCP clients failing to start #10650 Added support for IPv6 OpenVPN ACLs obtained via RADIUS #10454 Fixed validation to enforce OpenVPN client password usage when setting a username, to prevent a missing password from interrupting the boot process #10409 Enabled asynchronous push in OpenVPN binary #10273 Added OpenVPN client-specific override option to ignore routes pushed by the server (“push-reset”) #9702 Clarified behavior of OpenVPN server option for Duplicate Connections #10363 Operating System Fixed a network performance regression in the fast forwarding path with IP redirects enabled NG4965 Fixed double ZFS entries in loader.conf #10375 Added a method to enable persistent command history in the shell #11029 Changed the default domain name of the firewall from .localdomain to .home.arpa #10533 Package System Disabled spell checking on package upgrade progress textarea #10637 Fixed issues with package upgrade or reinstall hanging indefinitely #10610 Fixed description used for buttons when editing packages #11208 PPP Interfaces Fixed issues with PPPoE over a VLAN failing to reconnect #9148 Enabled selection of QinQ interfaces for use with PPP #9472 Added option to set Host-Uniq value for PPPoE #10597 Fixed incorrect interface assignment after switching from PPPoE #10240 Fixed IPv6 not being disabled in mpd.conf when the IPv6 GUI option is set to ‘disabled’ #7386 Fixed PPPoE interface errors due to MTU settings #11035 PPPoE Server Fixed PPPoE server ignoring secondary RADIUS Server #10926 Fixed PPPoE server Accounting updates option #10869 Removed unnecessary restarts of the PPPoE server when adding/modifying users #10318 Added input validation to prevent enabling the PPPoE server on a PPPoE client interface #4510 Routing Fixed automatic static routes set for DNS gateway bindings not being removed when no longer necessary #8922 Fixed missing tooltip text for icons on the Static Routes Page #10889 RRD Graphs Fixed RRD graph handling of NTP graph data with negative freq values #6503 Fixed RRD graph creation for interfaces using CODELQ #6277 Rules / NAT Added the ability to configure negated tagging, to match packets which do not not contain a given tag #10186 Added support for IPv6 Port Forwards #10984 Fixed handling of IPv6 NPt rules on 6rd WAN interfaces #10757 Fixed 1:1 NAT issue when internal interface has VIPs #10752 Fixed policy routing rules not being written correctly for a down gateway #10716 Added EoIP to firewall rule Protocol list #10698 Fixed separator bars on floating rules not covering the full table width #10667 Fixed 1:1 NAT for IPv6 applying wrong subnet mask to “Single Host” #7742 Added validation to prevent accidentally overlapping NPt networks and interface networks #7741 Added support for dynamic interface addresses in 1:1 NAT rules #7705 Added default values of TCP and UDP timeouts to the GUI #7362 Fixed handling of IPv6 floating rules on 6rd interfaces #7142 Fixed firewall rules for “PPPoE clients” only including the first PPPoE server instance #6598 Fixed duplicated tracker IDs on block private networks rules #6030 Fixed reply-to on rules for PPPoE WANs with IPv6 SLAAC #5258 Added gateway/group IP addresses to mouseover on rules #885 Fixed formatting of floating rules with large numbers interfaces #10892 Fixed form rendering issues with Port Forward Address Fields in Safari #10674 Fixed firewall ruleset failing to load at boot when new ruleset would be invalid #6028 Fixed an issue adding or deleting separator bars when no rules are present #10827 S.M.A.R.T. Updated S.M.A.R.T. Page with new capabilities #9367 SNMP Fixed SNMP reporting incorrect speed for switch uplink interface on Netgate SG-3100 #10793 Fixed SNMP input validation to require the Host Resources module when the PF module is also enabled #10471 Traffic Graphs Changed the Traffic Graph page from rate to iftop which brings IPv6 support and various other improvements #3334 Traffic Shaper (ALTQ) Changed default ALTQ queue bandwidth type to Mbit/s #10988 Updated traffic shaper wizard settings for XBox and Wii ports #10837 Added Broadcom NetXtreme to ALTQ-capable list #10762 Added ALTQ support to the ix(4) driver #7378 Fixed deletion of associated shaper queues when deleting an interface #3488 Fixed ALTQ root queue bandwidth calculation #3381 Fixed input validation for amount of queues supported by ALTQ schedulers #1353 Added Google Stadia port range to the traffic shaper wizard #10743 Fixed PHP errors in the traffic shaper wizard #10660 Fixed ALTQ on hn(4) interfaces #8954 Traffic Shaper (Limiters) Fixed issues with net.inet.ip.dummynet.* tunables being ignored #10780 Fixed issues with renaming limiters removing them from firewall rules #3924 Fixed mask options not applying to sched limiter #10838 Changed default Limiter queue bandwidth type to Mbit/s #10727 Translations Added Italian translation #9716 Upgrade Fixed issues with checking for updates from the GUI behind a proxy with authentication #9478 Changed phrasing of message indicating the firewall is rebooting to upgrade #10387 Fixed issues with the GUI incorrectly reporting “The system is on the latest version” #8870 UPnP Improved handling of UPnP with multiple gaming systems #7727 User Manager / Privileges Added menu entry for User Password Manager if the user does not have permission to reach the User Manager #9428 Improved consistency of SSL/TLS references in LDAP authentication servers #10172 Fixed irrelevant output being printed to users with ssh_tunnel_shell #9260 Fixed theme not being applied to LDAP test results modal #7912 Changed to more secure default values for certificates created through the user manager #11167 Changed SSL/TLS LDAP authentication implementation to improve handling of multiple secure LDAP (SSL/TLS or STARTTLS) servers used at the same time #10704 Virtual IP Addresses Fixed a problem with PID file handling for the proxy ARP daemon #7379 Fixed IP Alias VIPs on PPPoE interfaces #7132 Web Interface Updated JQuery to address multiple issues #10676 Updated Bootstrap to 3.4.1 #9892 Updated Font-Awesome to v5 #9052 Increased the number of colors available for the login screen #9706 Added TLS 1.3 to GUI and Captive Portal web server configuration, and removed older versions (TLS 1.0 removed from Captive Portal, TLS 1.1 removed from GUI) #9607 Fixed empty lines in various forms throughout the GUI #9449 Improved validation of FQDNs #9023 Added CHACHA20-POLY1305 to nginx cipher list #9896 Fixed Setup Wizard input validation to allow Primary/Secondary DNS Server field to remain empty #10982 Fixed Setup Wizard input validation for IPv6 DNS Servers #10720 Added an option to omit DNS Servers from resolv.conf #10931 Fixed the icon area within buttons not being clickable #10846 Fixed visibility issues with multiple selection form control in the pfsense-BETA-dark theme #10705 Updated documentation links in the GUI #10481 Fixed netmask/prefix form control incorrectly resetting to 128/32 #10433 Updated Help shortcut links #10135 Improved handling of multiple login form submissions to avoid a potential CSRF error #9855 Fixed reboot message when changing the Hardware Checksum Offloading setting #3031 Added support for new site icons requested by current versions of Safari #11068 Added descriptions to all write_config() calls #204 WireGuard Added kernel-based WireGuard VPN implementation #8786 Wireless Added support for the athp(4) wireless interface driver #9538 #9600 Added support for the ral(4) wireless interface driver to arm64 #10934 Added support for the rtwn(4) wireless interface driver #10639 Added support for selecting 802.11n channel width (HT) #10678 Development Added a “periodic” style framework to allow for daily/weekly/monthly tasks from the base system or packages by way of plugin calls #7332 Added a central file download function for internal use throughout the GUI Added TCP_RFC7413 in kernel, required for the BIND package #7293 XMLRPC Fixed XMLRPC synchronization of admin authorized keys for the admin user #9539 Added option to synchronize changes for the account used for XMLRPC sync #9622 Fixed XMLRPC synchronization for firewall rule descriptions with special characters #1478 Fixed Incorrect synchronize IP address value causing XMLRPC errors #11017
前回のアップデートから1年8か月も空いてしまったのもあり相当な修正量です
アップデート前に必ずバックアップ!作業時間・確認時間を確保しておきましょう
まず確認したいのはベースOSがFreeBSD11.3からFreeBSD12.0への変更で
ハードウェア要件はもちろんドライバ関係が更新・削除されているので
古いハードウェアを利用している人は事前にチェックしましょう
The FreeBSD Project | FreeBSD 12.0-RELEASE Release Notes
https://www.freebsd.org/releases/12.0R/relnotes/
一時期はpfSense2.5.0からAES-NI必須になると言われており
AES-NI非対応CPUは使えない予定でしたが
計画が変更されたのでpfSense2.5.0でも2.4系と同じくAES-NIは必須ではありません
Netgateが力を入れてきたWireGuardも今回から正式に実装されているので
WireGuardを利用したVPNも利用可能
OpenVPNについては今回からOpenVPN2.4系からOpenVPN2.5.0に更新されているので
更新後に既存のOpenVPNクライアントから接続できない可能性もあります
(特にOpenVPN2.3系と共存している環境の場合)
OpenVPNで遠隔管理している環境の場合はすぐに現地で作業できる状態で
アップデート作業を実施した方が無難です
OpenVPN 2.5 のサイファの互換性 | OpenVPN.JP
https://www.openvpn.jp/2020/10/29/1370/
非推奨だった標準のロードバランサーが遂に削除されていますので
HAProxyパッケージに移行していない環境は注意です
他にも修正だけでなく機能変更などが結構あるので
各自で利用している機能の部分だけでもリリースノートをチェックしましょう
アップデート処理中の再起動にいつもより少し時間がかかり
5分程度ですが多めに作業時間が必要でした
再起動時はWEBGUI画面復帰までちゃんと待機しましょう
私の環境では6時間ほど経過しましたがパケロス・切断もなく
外部とのセッションは維持できており問題ありませんでしたが
設定値が一部消えたりする報告もあるので
アップデート後にFW・DNS・VPNなど再確認しておきましょう
pfSense Plusについて
リリースノートの最初にもある通り
先月に発表されたpfSense Plusが今月よりリリースされました
今までは商用向けのpfSense FE(Factory Edition)と
無償で利用できるpfSense CE(Community Edition)の2種類でしたが
商用向けのpfSense FEがpfSense Plusになります
pfSense CEについては今までと同じでオープンソースで開発が継続されますが
pfSense PlusについてはNetgateが開発するクローズドソースとなります
pfSense Plusは主にNetgateが開発・販売しているアプライアンスを購入した人向けで
iXsystemsのTrueNAS(CORE/Enterprise)と似たような感じですが
pfSense Plusの方は将来的に他のハードウェアでも
有償で導入できるようになる予定みたいです
バージョン管理を間違えないようにpfSense CEは今まで通り2.5.xの表記ですが
pfSense PlusはTSNRと同様に「年.月」になり
今回のリリースはpfSense Plus 21.02になります
今までのpfSense FEはARMサポートぐらいしかpfSense CEと違いはなかったのですが
今回の21.02ではpfSense CEにはないIntel QuickAssist Technologyのサポート
今後もNetgateアプライアンスにチューニングしたりいろいろ差別化していく予定とのこと
(ロードマップを今後発表予定)
既にNetgateアプライアンスをpfSense FEで利用している場合は
今回のアップデート機能でpfSense Plusにスイッチ可能ですが
NetgateアプライアンスにpfSense CEをインストールして利用している場合は
現時点では再インストールでスイッチする必要があるとのこと
pfSense CEからpfSense Plusへのアップデート機能は2021年中に実装予定みたいです
ちなみにAWSとAzureで利用できるpfSenseはpfSense FEなので
pfSense Plusを利用可能となります
アップデートの手順
今回はいつも通りpfSense CEからpfSense CEへのアップデートです
事前に設定のバックアップをした上で以下の操作でアップデートを実行
手順はいつもと同じです
2.4.5_1から2.5.0へアップデートと表示出てるのを確認して「Confirm」を押す
Update時の処理ログ
>>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching packagesite.txz: . done Processing entries: . done pfSense-core repository update completed. 7 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching packagesite.txz: .......... done Processing entries: Processing entries............. done pfSense repository update completed. 509 packages processed. All repositories are up to date. >>> Locking package pkg... done. >>> Setting vital flag on pkg... done. >>> Removing vital flag from php72... done. >>> Unlocking package pkg... done. >>> Downloading upgrade packages... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking for upgrades (101 candidates): .......... done Processing candidates (101 candidates): .......... done The following 216 package(s) will be affected (of 0 checked): Installed packages to be REMOVED: php72: 7.2.29 php72-bcmath: 7.2.29 php72-bz2: 7.2.29 php72-ctype: 7.2.29 php72-curl: 7.2.29 php72-dom: 7.2.29 php72-filter: 7.2.29 php72-gettext: 7.2.29 php72-hash: 7.2.29 php72-intl: 7.2.29 php72-json: 7.2.29 php72-ldap: 7.2.29 php72-mbstring: 7.2.29 php72-opcache: 7.2.29 php72-openssl: 7.2.29 php72-openssl_x509_crl: 1.2 php72-pcntl: 7.2.29 php72-pdo: 7.2.29 php72-pdo_sqlite: 7.2.29 php72-pear: 1.10.6 php72-pear-Auth_RADIUS: 1.1.0_4 php72-pear-Cache_Lite: 1.7.16,1 php72-pear-Crypt_CHAP: 1.5.0 php72-pear-HTTP_Request2: 2.3.0,1 php72-pear-Mail: 1.4.1,1 php72-pear-Net_Growl: 2.7.0 php72-pear-Net_IPv6: 1.3.0.b2_2 php72-pear-Net_SMTP: 1.9.0 php72-pear-Net_Socket: 1.0.14 php72-pear-Net_URL2: 2.2.1 php72-pear-XML_RPC2: 1.1.4 php72-pecl-mcrypt: 1.0.3 php72-pecl-radius: 1.4.0.b1 php72-pecl-rrd: 2.0.1_1 php72-pecl-zmq: 1.1.3_3 php72-pfSense-module: 0.65 php72-posix: 7.2.29 php72-readline: 7.2.29 php72-session: 7.2.29 php72-shmop: 7.2.29 php72-simplepie: 1.5.1_1 php72-simplexml: 7.2.29 php72-sockets: 7.2.29 php72-sqlite3: 7.2.29 php72-sysvmsg: 7.2.29 php72-sysvsem: 7.2.29 php72-sysvshm: 7.2.29 php72-tokenizer: 7.2.29 php72-xml: 7.2.29 php72-xmlreader: 7.2.29 php72-xmlwriter: 7.2.29 php72-zlib: 7.2.29 New packages to be INSTALLED: ccid: 1.4.32 [pfSense] dbus: 1.12.20_3 [pfSense] iftop: 1.0.p4 [pfSense] libinotify: 20180201_2 [pfSense] libuv: 1.40.0 [pfSense] nss_ldap: 1.265_13 [pfSense] opensc: 0.21.0 [pfSense] pam_ldap: 186 [pfSense] pam_mkhomedir: 0.2 [pfSense] pcre2: 10.36 [pfSense] pcsc-lite: 1.9.0_1,2 [pfSense] php74: 7.4.15 [pfSense] php74-bcmath: 7.4.15 [pfSense] php74-bz2: 7.4.15 [pfSense] php74-ctype: 7.4.15 [pfSense] php74-curl: 7.4.15 [pfSense] php74-dom: 7.4.15 [pfSense] php74-filter: 7.4.15 [pfSense] php74-gettext: 7.4.15 [pfSense] php74-intl: 7.4.15 [pfSense] php74-json: 7.4.15 [pfSense] php74-ldap: 7.4.15 [pfSense] php74-mbstring: 7.4.15 [pfSense] php74-opcache: 7.4.15 [pfSense] php74-openssl: 7.4.15 [pfSense] php74-openssl_x509_crl: 1.3 [pfSense] php74-pcntl: 7.4.15 [pfSense] php74-pdo: 7.4.15 [pfSense] php74-pdo_sqlite: 7.4.15 [pfSense] php74-pear: 1.10.12 [pfSense] php74-pear-Auth_RADIUS: 1.1.0_4 [pfSense] php74-pear-Cache_Lite: 1.7.16,1 [pfSense] php74-pear-Crypt_CHAP: 1.5.0 [pfSense] php74-pear-HTTP_Request2: 2.3.0,1 [pfSense] php74-pear-Mail: 1.4.1,1 [pfSense] php74-pear-Net_IPv6: 1.3.0.b2_2 [pfSense] php74-pear-Net_SMTP: 1.9.0 [pfSense] php74-pear-Net_Socket: 1.0.14 [pfSense] php74-pear-Net_URL2: 2.2.1 [pfSense] php74-pear-XML_RPC2: 1.1.4 [pfSense] php74-pecl-mcrypt: 1.0.4 [pfSense] php74-pecl-radius: 1.4.0.b1 [pfSense] php74-pecl-rrd: 2.0.1_1 [pfSense] php74-pecl-zmq: 1.1.3_3 [pfSense] php74-pfSense-module: 0.69_1 [pfSense] php74-phpseclib: 2.0.17 [pfSense] php74-posix: 7.4.15 [pfSense] php74-readline: 7.4.15 [pfSense] php74-session: 7.4.15 [pfSense] php74-shmop: 7.4.15 [pfSense] php74-simplepie: 1.5.1_1 [pfSense] php74-simplexml: 7.4.15 [pfSense] php74-sockets: 7.4.15 [pfSense] php74-sqlite3: 7.4.15 [pfSense] php74-sysvmsg: 7.4.15 [pfSense] php74-sysvsem: 7.4.15 [pfSense] php74-sysvshm: 7.4.15 [pfSense] php74-tokenizer: 7.4.15 [pfSense] php74-xml: 7.4.15 [pfSense] php74-xmlreader: 7.4.15 [pfSense] php74-xmlwriter: 7.4.15 [pfSense] php74-zlib: 7.4.15 [pfSense] wireguard-tools: 20210201 [pfSense] Installed packages to be UPGRADED: bind-tools: 9.14.12 -> 9.16.11 [pfSense] bsnmp-ucd: 0.4.4 -> 0.4.5 [pfSense] ca_root_nss: 3.51 -> 3.58 [pfSense] check_reload_status: 0.0.8 -> 0.0.10_1 [pfSense] curl: 7.67.0 -> 7.74.0 [pfSense] devcpu-data: 1.28 -> 1.37 [pfSense] dhcp6: 20080615.2_2 -> 20080615.2_4 [pfSense] dhcpleases: 0.3_2 -> 0.5_1 [pfSense] dhcpleases6: 0.1_2 -> 0.1_3 [pfSense] dmidecode: 3.2 -> 3.3 [pfSense] dnsmasq: 2.80_4,1 -> 2.84,1 [pfSense] expat: 2.2.8 -> 2.2.10 [pfSense] filterdns: 2.0_3 -> 2.0_5 [pfSense] filterlog: 0.1_5 -> 0.1_6 [pfSense] gettext-runtime: 0.20.1 -> 0.21 [pfSense] glib: 2.56.3_7,1 -> 2.66.4_1,1 [pfSense] gmp: 6.1.2_1 -> 6.2.1 [pfSense] hostapd: 2.9 -> 2.9_2 [pfSense] icu: 65.1,1 -> 68.2,1 [pfSense] igmpproxy: 0.2.1_1,1 -> 0.3,1 [pfSense] ipmitool: 1.8.18_2 -> 1.8.18_3 [pfSense] isc-dhcp44-client: 4.4.1_1 -> 4.4.2_1 [pfSense] isc-dhcp44-relay: 4.4.1 -> 4.4.2_1 [pfSense] isc-dhcp44-server: 4.4.1_4 -> 4.4.2_1 [pfSense] json-c: 0.14 -> 0.15_1 [pfSense] ldns: 1.7.1_1 -> 1.7.1_2 [pfSense] libedit: 3.1.20191211,1 -> 3.1.20191231,1 [pfSense] libevent: 2.1.11 -> 2.1.12 [pfSense] libffi: 3.2.1_3 -> 3.3_1 [pfSense] libgcrypt: 1.8.5 -> 1.8.7 [pfSense] libgpg-error: 1.36 -> 1.41 [pfSense] libiconv: 1.14_11 -> 1.16 [pfSense] liblz4: 1.9.2,1 -> 1.9.3,1 [pfSense] libnghttp2: 1.40.0 -> 1.42.0 [pfSense] libxml2: 2.9.10 -> 2.9.10_2 [pfSense] libxslt: 1.1.34 -> 1.1.34_1 [pfSense] links: 2.16_2,1 -> 2.20.2_1,1 [pfSense] lua-resty-core: 0.1.17 -> 0.1.21_1 [pfSense] lua-resty-lrucache: 0.09 -> 0.10 [pfSense] luajit-openresty: 2.1.20190912_2 -> 2.1.20201027 [pfSense] miniupnpd: 2.1.20190210,1 -> 2.2.1,1 [pfSense] mpd5: 5.8_10 -> 5.9 [pfSense] nettle: 3.5.1_1 -> 3.6 [pfSense] nginx: 1.16.1_11,2 -> 1.18.0_45,2 [pfSense] norm: 1.5r6 -> 1.5r6_1 [pfSense] ntp: 4.2.8p14 -> 4.2.8p15 [pfSense] oniguruma: 6.9.3 -> 6.9.6 [pfSense] openldap-client: 2.4.48 -> 2.4.57 [pfSense] openvpn: 2.4.9 -> 2.5.0 [pfSense] pcre: 8.43_2 -> 8.44 [pfSense] perl5: 5.30.1 -> 5.32.1_1 [pfSense] pfSense: 2.4.5_1 -> 2.5.0 [pfSense] pfSense-Status_Monitoring: 1.7.11_1 -> 1.7.11_3 [pfSense] pfSense-base: 2.4.5_1 -> 2.5.0 [pfSense-core] pfSense-default-config: 2.4.5_1 -> 2.5.0 [pfSense-core] pfSense-kernel-pfSense: 2.4.5_1 -> 2.5.0 [pfSense-core] pfSense-rc: 2.4.5_1 -> 2.5.0 [pfSense-core] py37-setuptools: 41.4.0_1 -> 44.0.0 [pfSense] python37: 3.7.7 -> 3.7.9_1 [pfSense] radvd: 2.18_2 -> 2.19 [pfSense] rate: 0.9_1 -> 0.9_2 [pfSense] readline: 8.0.1 -> 8.0.4 [pfSense] rrdtool: 1.7.2_1 -> 1.7.2_4 [pfSense] smartmontools: 7.0_2 -> 7.2 [pfSense] sqlite3: 3.30.1 -> 3.34.0,1 [pfSense] ssh_tunnel_shell: 0.1_1 -> 0.2_1 [pfSense] sshguard: 2.4.0_4,1 -> 2.4.1,1 [pfSense] strongswan: 5.8.4 -> 5.9.1 [pfSense] unbound: 1.10.1 -> 1.13.0_2 [pfSense] wpa_supplicant: 2.9 -> 2.9_7 [pfSense] wrapalixresetbutton: 0.0.7 -> 0.0.7_1 [pfSense] Installed packages to be REINSTALLED: beep-1.0_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') bsnmp-regex-0.6_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') bwi-firmware-kmod-3.130.20 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') choparp-20150613 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') cpdup-1.20 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') cpustats-0.1_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') dpinger-3.0 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') expiretable-0.6_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') indexinfo-0.3.1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libargon2-20190702 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libdaemon-0.14_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libidn2-2.3.0_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libltdl-2.4.6 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libmcrypt-2.5.8_3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libucl-0.8.1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libunistring-0.9.10_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libzmq4-4.3.1_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') lzo2-2.10_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') minicron-0.0.2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') mobile-broadband-provider-info-20190618_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') openvpn-auth-script-1.0.0.3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') pftop-0.7_9 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') py37-ply-3.11 [pfSense] (ABI changed: 'freebsd:11:*' -> 'freebsd:12:*') qstats-0.2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') scponly-4.8.20110526_4 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') uclcmd-0.1_3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') voucher-0.1_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') vstr-1.0.15_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') wol-0.7.1_4 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') xinetd-2.3.15_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') Number of packages to be removed: 52 Number of packages to be installed: 63 Number of packages to be upgraded: 71 Number of packages to be reinstalled: 30 The process will require 76 MiB more space. 173 MiB to be downloaded. [1/164] Fetching xinetd-2.3.15_2.txz: .......... done [2/164] Fetching wrapalixresetbutton-0.0.7_1.txz: . done [3/164] Fetching wpa_supplicant-2.9_7.txz: .......... done [4/164] Fetching wol-0.7.1_4.txz: .... done [5/164] Fetching vstr-1.0.15_1.txz: .......... done [6/164] Fetching voucher-0.1_2.txz: . done [7/164] Fetching unbound-1.13.0_2.txz: .......... done [8/164] Fetching uclcmd-0.1_3.txz: ... done [9/164] Fetching strongswan-5.9.1.txz: .......... done [10/164] Fetching sshguard-2.4.1,1.txz: .......... done [11/164] Fetching ssh_tunnel_shell-0.2_1.txz: .......... done [12/164] Fetching sqlite3-3.34.0,1.txz: .......... done [13/164] Fetching smartmontools-7.2.txz: .......... done [14/164] Fetching scponly-4.8.20110526_4.txz: ... done [15/164] Fetching rrdtool-1.7.2_4.txz: .......... done [16/164] Fetching readline-8.0.4.txz: .......... done [17/164] Fetching rate-0.9_2.txz: ....... done [18/164] Fetching radvd-2.19.txz: ....... done [19/164] Fetching qstats-0.2.txz: . done [20/164] Fetching python37-3.7.9_1.txz: .......... done [21/164] Fetching py37-setuptools-44.0.0.txz: .......... done [22/164] Fetching py37-ply-3.11.txz: .......... done [23/164] Fetching pftop-0.7_9.txz: ........ done [24/164] Fetching pfSense-rc-2.5.0.txz: .. done [25/164] Fetching pfSense-kernel-pfSense-2.5.0.txz: .......... done [26/164] Fetching pfSense-default-config-2.5.0.txz: . done [27/164] Fetching pfSense-base-2.5.0.txz: .......... done [28/164] Fetching pfSense-Status_Monitoring-1.7.11_3.txz: ... done [29/164] Fetching pfSense-2.5.0.txz: . done [30/164] Fetching perl5-5.32.1_1.txz: .......... done [31/164] Fetching pcre-8.44.txz: .......... done [32/164] Fetching openvpn-auth-script-1.0.0.3.txz: . done [33/164] Fetching openvpn-2.5.0.txz: .......... done [34/164] Fetching openldap-client-2.4.57.txz: .......... done [35/164] Fetching oniguruma-6.9.6.txz: .......... done [36/164] Fetching ntp-4.2.8p15.txz: .......... done [37/164] Fetching norm-1.5r6_1.txz: .......... done [38/164] Fetching nginx-1.18.0_45,2.txz: .......... done [39/164] Fetching nettle-3.6.txz: .......... done [40/164] Fetching mpd5-5.9.txz: .......... done [41/164] Fetching mobile-broadband-provider-info-20190618_1.txz: ........ done [42/164] Fetching miniupnpd-2.2.1,1.txz: ......... done [43/164] Fetching minicron-0.0.2.txz: . done [44/164] Fetching lzo2-2.10_1.txz: .......... done [45/164] Fetching luajit-openresty-2.1.20201027.txz: .......... done [46/164] Fetching lua-resty-lrucache-0.10.txz: . done [47/164] Fetching lua-resty-core-0.1.21_1.txz: .... done [48/164] Fetching links-2.20.2_1,1.txz: .......... done [49/164] Fetching libzmq4-4.3.1_1.txz: .......... done [50/164] Fetching libxslt-1.1.34_1.txz: .......... done [51/164] Fetching libxml2-2.9.10_2.txz: .......... done [52/164] Fetching libunistring-0.9.10_1.txz: .......... done [53/164] Fetching libucl-0.8.1.txz: .......... done [54/164] Fetching libnghttp2-1.42.0.txz: .......... done [55/164] Fetching libmcrypt-2.5.8_3.txz: .......... done [56/164] Fetching liblz4-1.9.3,1.txz: .......... done [57/164] Fetching libltdl-2.4.6.txz: ..... done [58/164] Fetching libidn2-2.3.0_1.txz: .......... done [59/164] Fetching libiconv-1.16.txz: .......... done [60/164] Fetching libgpg-error-1.41.txz: .......... done [61/164] Fetching libgcrypt-1.8.7.txz: .......... done [62/164] Fetching libffi-3.3_1.txz: ..... done [63/164] Fetching libevent-2.1.12.txz: .......... done [64/164] Fetching libedit-3.1.20191231,1.txz: .......... done [65/164] Fetching libdaemon-0.14_1.txz: .... done [66/164] Fetching libargon2-20190702.txz: ......... done [67/164] Fetching ldns-1.7.1_2.txz: .......... done [68/164] Fetching json-c-0.15_1.txz: ........ done [69/164] Fetching isc-dhcp44-server-4.4.2_1.txz: .......... done [70/164] Fetching isc-dhcp44-relay-4.4.2_1.txz: .......... done [71/164] Fetching isc-dhcp44-client-4.4.2_1.txz: .......... done [72/164] Fetching ipmitool-1.8.18_3.txz: .......... done [73/164] Fetching indexinfo-0.3.1.txz: . done [74/164] Fetching igmpproxy-0.3,1.txz: ... done [75/164] Fetching icu-68.2,1.txz: .......... done [76/164] Fetching hostapd-2.9_2.txz: .......... done [77/164] Fetching gmp-6.2.1.txz: .......... done [78/164] Fetching glib-2.66.4_1,1.txz: .......... done [79/164] Fetching gettext-runtime-0.21.txz: .......... done [80/164] Fetching filterlog-0.1_6.txz: .. done [81/164] Fetching filterdns-2.0_5.txz: ... done [82/164] Fetching expiretable-0.6_1.txz: . done [83/164] Fetching expat-2.2.10.txz: .......... done [84/164] Fetching dpinger-3.0.txz: .. done [85/164] Fetching dnsmasq-2.84,1.txz: .......... done [86/164] Fetching dmidecode-3.3.txz: ........ done [87/164] Fetching dhcpleases6-0.1_3.txz: .. done [88/164] Fetching dhcpleases-0.5_1.txz: .. done [89/164] Fetching dhcp6-20080615.2_4.txz: .......... done [90/164] Fetching devcpu-data-1.37.txz: .......... done [91/164] Fetching curl-7.74.0.txz: .......... done [92/164] Fetching cpustats-0.1_1.txz: . done [93/164] Fetching cpdup-1.20.txz: .... done [94/164] Fetching choparp-20150613.txz: . done [95/164] Fetching check_reload_status-0.0.10_1.txz: ..... done [96/164] Fetching ca_root_nss-3.58.txz: .......... done [97/164] Fetching bwi-firmware-kmod-3.130.20.txz: ... done [98/164] Fetching bsnmp-ucd-0.4.5.txz: ... done [99/164] Fetching bsnmp-regex-0.6_2.txz: ... done [100/164] Fetching bind-tools-9.16.11.txz: .......... done [101/164] Fetching beep-1.0_1.txz: . done [102/164] Fetching dbus-1.12.20_3.txz: .......... done [103/164] Fetching php74-7.4.15.txz: .......... done [104/164] Fetching pcre2-10.36.txz: .......... done [105/164] Fetching php74-pecl-rrd-2.0.1_1.txz: .. done [106/164] Fetching php74-simplepie-1.5.1_1.txz: ......... done [107/164] Fetching php74-curl-7.4.15.txz: .... done [108/164] Fetching php74-tokenizer-7.4.15.txz: .. done [109/164] Fetching php74-mbstring-7.4.15.txz: .......... done [110/164] Fetching php74-session-7.4.15.txz: ..... done [111/164] Fetching php74-opcache-7.4.15.txz: .......... done [112/164] Fetching php74-xmlwriter-7.4.15.txz: .. done [113/164] Fetching php74-xmlreader-7.4.15.txz: .. done [114/164] Fetching php74-dom-7.4.15.txz: ....... done [115/164] Fetching php74-xml-7.4.15.txz: ... done [116/164] Fetching php74-simplexml-7.4.15.txz: ... done [117/164] Fetching php74-ctype-7.4.15.txz: . done [118/164] Fetching php74-posix-7.4.15.txz: .. done [119/164] Fetching wireguard-tools-20210201.txz: ...... done [120/164] Fetching php74-phpseclib-2.0.17.txz: .......... done [121/164] Fetching php74-openssl-7.4.15.txz: ........ done [122/164] Fetching php74-filter-7.4.15.txz: ... done [123/164] Fetching php74-openssl_x509_crl-1.3.txz: .. done [124/164] Fetching php74-bcmath-7.4.15.txz: ... done [125/164] Fetching php74-pecl-mcrypt-1.0.4.txz: .. done [126/164] Fetching php74-pear-Crypt_CHAP-1.5.0.txz: . done [127/164] Fetching php74-pear-1.10.12.txz: .......... done [128/164] Fetching php74-zlib-7.4.15.txz: ... done [129/164] Fetching pam_mkhomedir-0.2.txz: . done [130/164] Fetching pam_ldap-186.txz: ..... done [131/164] Fetching opensc-0.21.0.txz: .......... done [132/164] Fetching pcsc-lite-1.9.0_1,2.txz: .......... done [133/164] Fetching php74-sockets-7.4.15.txz: ..... done [134/164] Fetching php74-ldap-7.4.15.txz: .... done [135/164] Fetching php74-pecl-zmq-1.1.3_3.txz: .... done [136/164] Fetching php74-pecl-radius-1.4.0.b1.txz: ... done [137/164] Fetching php74-pear-XML_RPC2-1.1.4.txz: ........ done [138/164] Fetching php74-pear-HTTP_Request2-2.3.0,1.txz: .......... done [139/164] Fetching php74-pear-Net_URL2-2.2.1.txz: ... done [140/164] Fetching php74-pear-Cache_Lite-1.7.16,1.txz: .... done [141/164] Fetching php74-pear-Net_IPv6-1.3.0.b2_2.txz: .. done [142/164] Fetching php74-pear-Auth_RADIUS-1.1.0_4.txz: .. done [143/164] Fetching nss_ldap-1.265_13.txz: ....... done [144/164] Fetching iftop-1.0.p4.txz: ..... done [145/164] Fetching php74-pear-Mail-1.4.1,1.txz: ... done [146/164] Fetching php74-pear-Net_SMTP-1.9.0.txz: .. done [147/164] Fetching php74-pear-Net_Socket-1.0.14.txz: . done [148/164] Fetching php74-sysvshm-7.4.15.txz: . done [149/164] Fetching php74-sysvsem-7.4.15.txz: . done [150/164] Fetching php74-sysvmsg-7.4.15.txz: . done [151/164] Fetching php74-shmop-7.4.15.txz: . done [152/164] Fetching php74-readline-7.4.15.txz: .. done [153/164] Fetching php74-pcntl-7.4.15.txz: .. done [154/164] Fetching php74-json-7.4.15.txz: ... done [155/164] Fetching php74-intl-7.4.15.txz: .......... done [156/164] Fetching php74-gettext-7.4.15.txz: . done [157/164] Fetching php74-pfSense-module-0.69_1.txz: ...... done [158/164] Fetching ccid-1.4.32.txz: ........ done [159/164] Fetching php74-sqlite3-7.4.15.txz: ... done [160/164] Fetching php74-pdo_sqlite-7.4.15.txz: .. done [161/164] Fetching php74-pdo-7.4.15.txz: ...... done [162/164] Fetching php74-bz2-7.4.15.txz: .. done [163/164] Fetching libinotify-20180201_2.txz: .... done [164/164] Fetching libuv-1.40.0.txz: .......... done Checking integrity... done (51 conflicting) - php74-7.4.15 [pfSense] conflicts with php72-7.2.29 [installed] on /usr/local/bin/php - php74-7.4.15 [pfSense] conflicts with php72-hash-7.2.29 [installed] on /usr/local/include/php/ext/hash/php_hash.h - php74-pecl-rrd-2.0.1_1 [pfSense] conflicts with php72-pecl-rrd-2.0.1_1 [installed] on /usr/local/include/php/ext/rrd/rrd_info.h - php74-simplepie-1.5.1_1 [pfSense] conflicts with php72-simplepie-1.5.1_1 [installed] on /usr/local/www/simplepie/simplepie.inc - php74-curl-7.4.15 [pfSense] conflicts with php72-curl-7.2.29 [installed] on /usr/local/include/php/ext/curl/config.h - php74-tokenizer-7.4.15 [pfSense] conflicts with php72-tokenizer-7.2.29 [installed] on /usr/local/include/php/ext/tokenizer/config.h - php74-mbstring-7.4.15 [pfSense] conflicts with php72-mbstring-7.2.29 [installed] on /usr/local/include/php/ext/mbstring/php_mbregex.h - php74-session-7.4.15 [pfSense] conflicts with php72-session-7.2.29 [installed] on /usr/local/include/php/ext/session/php_session.h - php74-opcache-7.4.15 [pfSense] conflicts with php72-opcache-7.2.29 [installed] on /usr/local/include/php/ext/opcache/zend_file_cache.h - php74-xmlwriter-7.4.15 [pfSense] conflicts with php72-xmlwriter-7.2.29 [installed] on /usr/local/include/php/ext/xmlwriter/config.h - php74-xmlreader-7.4.15 [pfSense] conflicts with php72-xmlreader-7.2.29 [installed] on /usr/local/include/php/ext/xmlreader/config.h - php74-dom-7.4.15 [pfSense] conflicts with php72-dom-7.2.29 [installed] on /usr/local/include/php/ext/dom/dom_ce.h - php74-xml-7.4.15 [pfSense] conflicts with php72-xml-7.2.29 [installed] on /usr/local/include/php/ext/xml/php_xml.h - php74-simplexml-7.4.15 [pfSense] conflicts with php72-simplexml-7.2.29 [installed] on /usr/local/include/php/ext/simplexml/php_simplexml.h - php74-ctype-7.4.15 [pfSense] conflicts with php72-ctype-7.2.29 [installed] on /usr/local/include/php/ext/ctype/config.h - php74-posix-7.4.15 [pfSense] conflicts with php72-posix-7.2.29 [installed] on /usr/local/include/php/ext/posix/config.h - php74-openssl-7.4.15 [pfSense] conflicts with php72-openssl-7.2.29 [installed] on /usr/local/include/php/ext/openssl/config.h - php74-filter-7.4.15 [pfSense] conflicts with php72-filter-7.2.29 [installed] on /usr/local/include/php/ext/filter/filter_private.h - php74-openssl_x509_crl-1.3 [pfSense] conflicts with php72-openssl_x509_crl-1.2 [installed] on /usr/local/share/openssl_x509_crl/ASN1.php - php74-bcmath-7.4.15 [pfSense] conflicts with php72-bcmath-7.2.29 [installed] on /usr/local/include/php/ext/bcmath/config.h - php74-pecl-mcrypt-1.0.4 [pfSense] conflicts with php72-pecl-mcrypt-1.0.3 [installed] on /usr/local/include/php/ext/mcrypt/php_mcrypt.h - php74-pear-Crypt_CHAP-1.5.0 [pfSense] conflicts with php72-pear-Crypt_CHAP-1.5.0 [installed] on /usr/local/share/pear/Crypt/CHAP.php - php74-pear-1.10.12 [pfSense] conflicts with php72-pear-1.10.6 [installed] on /usr/local/bin/pear - php74-zlib-7.4.15 [pfSense] conflicts with php72-zlib-7.2.29 [installed] on /usr/local/include/php/ext/zlib/php_zlib.h - php74-sockets-7.4.15 [pfSense] conflicts with php72-sockets-7.2.29 [installed] on /usr/local/include/php/ext/sockets/sendrecvmsg.h - php74-ldap-7.4.15 [pfSense] conflicts with php72-ldap-7.2.29 [installed] on /usr/local/include/php/ext/ldap/config.h - php74-pecl-zmq-1.1.3_3 [pfSense] conflicts with php72-pecl-zmq-1.1.3_3 [installed] on /usr/local/include/php/ext/zmq/php_zmq_pollset.h - php74-pecl-radius-1.4.0.b1 [pfSense] conflicts with php72-pecl-radius-1.4.0.b1 [installed] on /usr/local/include/php/ext/radius/radius_init_const.h - php74-pear-XML_RPC2-1.1.4 [pfSense] conflicts with php72-pear-XML_RPC2-1.1.4 [installed] on /usr/local/share/doc/pear/XML_RPC2/docs/Makefile - php74-pear-HTTP_Request2-2.3.0,1 [pfSense] conflicts with php72-pear-HTTP_Request2-2.3.0,1 [installed] on /usr/local/share/doc/pear/HTTP_Request2/LICENSE - php74-pear-Net_URL2-2.2.1 [pfSense] conflicts with php72-pear-Net_URL2-2.2.1 [installed] on /usr/local/share/doc/pear/Net_URL2/docs/6470.php - php74-pear-Cache_Lite-1.7.16,1 [pfSense] conflicts with php72-pear-Cache_Lite-1.7.16,1 [installed] on /usr/local/share/doc/pear/Cache_Lite/LICENSE - php74-pear-Net_IPv6-1.3.0.b2_2 [pfSense] conflicts with php72-pear-Net_IPv6-1.3.0.b2_2 [installed] on /usr/local/share/pear/Net/IPv6.php - php74-pear-Auth_RADIUS-1.1.0_4 [pfSense] conflicts with php72-pear-Auth_RADIUS-1.1.0_4 [installed] on /usr/local/share/doc/pear/Auth_RADIUS/examples/radius-acct.php - php74-pear-Mail-1.4.1,1 [pfSense] conflicts with php72-pear-Mail-1.4.1,1 [installed] on /usr/local/share/doc/pear/Mail/LICENSE - php74-pear-Net_SMTP-1.9.0 [pfSense] conflicts with php72-pear-Net_SMTP-1.9.0 [installed] on /usr/local/share/doc/pear/Net_SMTP/LICENSE - php74-pear-Net_Socket-1.0.14 [pfSense] conflicts with php72-pear-Net_Socket-1.0.14 [installed] on /usr/local/share/pear/Net/Socket.php - php74-sysvshm-7.4.15 [pfSense] conflicts with php72-sysvshm-7.2.29 [installed] on /usr/local/include/php/ext/sysvshm/php_sysvshm.h - php74-sysvsem-7.4.15 [pfSense] conflicts with php72-sysvsem-7.2.29 [installed] on /usr/local/include/php/ext/sysvsem/php_sysvsem.h - php74-sysvmsg-7.4.15 [pfSense] conflicts with php72-sysvmsg-7.2.29 [installed] on /usr/local/include/php/ext/sysvmsg/config.h - php74-shmop-7.4.15 [pfSense] conflicts with php72-shmop-7.2.29 [installed] on /usr/local/include/php/ext/shmop/php_shmop.h - php74-readline-7.4.15 [pfSense] conflicts with php72-readline-7.2.29 [installed] on /usr/local/include/php/ext/readline/readline_cli.h - php74-pcntl-7.4.15 [pfSense] conflicts with php72-pcntl-7.2.29 [installed] on /usr/local/include/php/ext/pcntl/php_pcntl.h - php74-json-7.4.15 [pfSense] conflicts with php72-json-7.2.29 [installed] on /usr/local/include/php/ext/json/php_json_encoder.h - php74-intl-7.4.15 [pfSense] conflicts with php72-intl-7.2.29 [installed] on /usr/local/include/php/ext/intl/intl_error.h - php74-gettext-7.4.15 [pfSense] conflicts with php72-gettext-7.2.29 [installed] on /usr/local/include/php/ext/gettext/php_gettext.h - php74-pfSense-module-0.69_1 [pfSense] conflicts with php72-pfSense-module-0.65 [installed] on /usr/local/include/php/ext/pfSense/php_pfSense.h - php74-sqlite3-7.4.15 [pfSense] conflicts with php72-sqlite3-7.2.29 [installed] on /usr/local/include/php/ext/sqlite3/config.h - php74-pdo_sqlite-7.4.15 [pfSense] conflicts with php72-pdo_sqlite-7.2.29 [installed] on /usr/local/include/php/ext/pdo_sqlite/php_pdo_sqlite.h - php74-pdo-7.4.15 [pfSense] conflicts with php72-pdo-7.2.29 [installed] on /usr/local/include/php/ext/pdo/php_pdo.h - php74-bz2-7.4.15 [pfSense] conflicts with php72-bz2-7.2.29 [installed] on /usr/local/include/php/ext/bz2/php_bz2.h Checking integrity... done (0 conflicting) Conflicts with the existing packages have been found. One more solver iteration is needed to resolve them. The following 216 package(s) will be affected (of 0 checked): Installed packages to be REMOVED: php72: 7.2.29 php72-bcmath: 7.2.29 php72-bz2: 7.2.29 php72-ctype: 7.2.29 php72-curl: 7.2.29 php72-dom: 7.2.29 php72-filter: 7.2.29 php72-gettext: 7.2.29 php72-hash: 7.2.29 php72-intl: 7.2.29 php72-json: 7.2.29 php72-ldap: 7.2.29 php72-mbstring: 7.2.29 php72-opcache: 7.2.29 php72-openssl: 7.2.29 php72-openssl_x509_crl: 1.2 php72-pcntl: 7.2.29 php72-pdo: 7.2.29 php72-pdo_sqlite: 7.2.29 php72-pear: 1.10.6 php72-pear-Auth_RADIUS: 1.1.0_4 php72-pear-Cache_Lite: 1.7.16,1 php72-pear-Crypt_CHAP: 1.5.0 php72-pear-HTTP_Request2: 2.3.0,1 php72-pear-Mail: 1.4.1,1 php72-pear-Net_Growl: 2.7.0 php72-pear-Net_IPv6: 1.3.0.b2_2 php72-pear-Net_SMTP: 1.9.0 php72-pear-Net_Socket: 1.0.14 php72-pear-Net_URL2: 2.2.1 php72-pear-XML_RPC2: 1.1.4 php72-pecl-mcrypt: 1.0.3 php72-pecl-radius: 1.4.0.b1 php72-pecl-rrd: 2.0.1_1 php72-pecl-zmq: 1.1.3_3 php72-pfSense-module: 0.65 php72-posix: 7.2.29 php72-readline: 7.2.29 php72-session: 7.2.29 php72-shmop: 7.2.29 php72-simplepie: 1.5.1_1 php72-simplexml: 7.2.29 php72-sockets: 7.2.29 php72-sqlite3: 7.2.29 php72-sysvmsg: 7.2.29 php72-sysvsem: 7.2.29 php72-sysvshm: 7.2.29 php72-tokenizer: 7.2.29 php72-xml: 7.2.29 php72-xmlreader: 7.2.29 php72-xmlwriter: 7.2.29 php72-zlib: 7.2.29 New packages to be INSTALLED: ccid: 1.4.32 [pfSense] dbus: 1.12.20_3 [pfSense] iftop: 1.0.p4 [pfSense] libinotify: 20180201_2 [pfSense] libuv: 1.40.0 [pfSense] nss_ldap: 1.265_13 [pfSense] opensc: 0.21.0 [pfSense] pam_ldap: 186 [pfSense] pam_mkhomedir: 0.2 [pfSense] pcre2: 10.36 [pfSense] pcsc-lite: 1.9.0_1,2 [pfSense] php74: 7.4.15 [pfSense] php74-bcmath: 7.4.15 [pfSense] php74-bz2: 7.4.15 [pfSense] php74-ctype: 7.4.15 [pfSense] php74-curl: 7.4.15 [pfSense] php74-dom: 7.4.15 [pfSense] php74-filter: 7.4.15 [pfSense] php74-gettext: 7.4.15 [pfSense] php74-intl: 7.4.15 [pfSense] php74-json: 7.4.15 [pfSense] php74-ldap: 7.4.15 [pfSense] php74-mbstring: 7.4.15 [pfSense] php74-opcache: 7.4.15 [pfSense] php74-openssl: 7.4.15 [pfSense] php74-openssl_x509_crl: 1.3 [pfSense] php74-pcntl: 7.4.15 [pfSense] php74-pdo: 7.4.15 [pfSense] php74-pdo_sqlite: 7.4.15 [pfSense] php74-pear: 1.10.12 [pfSense] php74-pear-Auth_RADIUS: 1.1.0_4 [pfSense] php74-pear-Cache_Lite: 1.7.16,1 [pfSense] php74-pear-Crypt_CHAP: 1.5.0 [pfSense] php74-pear-HTTP_Request2: 2.3.0,1 [pfSense] php74-pear-Mail: 1.4.1,1 [pfSense] php74-pear-Net_IPv6: 1.3.0.b2_2 [pfSense] php74-pear-Net_SMTP: 1.9.0 [pfSense] php74-pear-Net_Socket: 1.0.14 [pfSense] php74-pear-Net_URL2: 2.2.1 [pfSense] php74-pear-XML_RPC2: 1.1.4 [pfSense] php74-pecl-mcrypt: 1.0.4 [pfSense] php74-pecl-radius: 1.4.0.b1 [pfSense] php74-pecl-rrd: 2.0.1_1 [pfSense] php74-pecl-zmq: 1.1.3_3 [pfSense] php74-pfSense-module: 0.69_1 [pfSense] php74-phpseclib: 2.0.17 [pfSense] php74-posix: 7.4.15 [pfSense] php74-readline: 7.4.15 [pfSense] php74-session: 7.4.15 [pfSense] php74-shmop: 7.4.15 [pfSense] php74-simplepie: 1.5.1_1 [pfSense] php74-simplexml: 7.4.15 [pfSense] php74-sockets: 7.4.15 [pfSense] php74-sqlite3: 7.4.15 [pfSense] php74-sysvmsg: 7.4.15 [pfSense] php74-sysvsem: 7.4.15 [pfSense] php74-sysvshm: 7.4.15 [pfSense] php74-tokenizer: 7.4.15 [pfSense] php74-xml: 7.4.15 [pfSense] php74-xmlreader: 7.4.15 [pfSense] php74-xmlwriter: 7.4.15 [pfSense] php74-zlib: 7.4.15 [pfSense] wireguard-tools: 20210201 [pfSense] Installed packages to be UPGRADED: bind-tools: 9.14.12 -> 9.16.11 [pfSense] bsnmp-ucd: 0.4.4 -> 0.4.5 [pfSense] ca_root_nss: 3.51 -> 3.58 [pfSense] check_reload_status: 0.0.8 -> 0.0.10_1 [pfSense] curl: 7.67.0 -> 7.74.0 [pfSense] devcpu-data: 1.28 -> 1.37 [pfSense] dhcp6: 20080615.2_2 -> 20080615.2_4 [pfSense] dhcpleases: 0.3_2 -> 0.5_1 [pfSense] dhcpleases6: 0.1_2 -> 0.1_3 [pfSense] dmidecode: 3.2 -> 3.3 [pfSense] dnsmasq: 2.80_4,1 -> 2.84,1 [pfSense] expat: 2.2.8 -> 2.2.10 [pfSense] filterdns: 2.0_3 -> 2.0_5 [pfSense] filterlog: 0.1_5 -> 0.1_6 [pfSense] gettext-runtime: 0.20.1 -> 0.21 [pfSense] glib: 2.56.3_7,1 -> 2.66.4_1,1 [pfSense] gmp: 6.1.2_1 -> 6.2.1 [pfSense] hostapd: 2.9 -> 2.9_2 [pfSense] icu: 65.1,1 -> 68.2,1 [pfSense] igmpproxy: 0.2.1_1,1 -> 0.3,1 [pfSense] ipmitool: 1.8.18_2 -> 1.8.18_3 [pfSense] isc-dhcp44-client: 4.4.1_1 -> 4.4.2_1 [pfSense] isc-dhcp44-relay: 4.4.1 -> 4.4.2_1 [pfSense] isc-dhcp44-server: 4.4.1_4 -> 4.4.2_1 [pfSense] json-c: 0.14 -> 0.15_1 [pfSense] ldns: 1.7.1_1 -> 1.7.1_2 [pfSense] libedit: 3.1.20191211,1 -> 3.1.20191231,1 [pfSense] libevent: 2.1.11 -> 2.1.12 [pfSense] libffi: 3.2.1_3 -> 3.3_1 [pfSense] libgcrypt: 1.8.5 -> 1.8.7 [pfSense] libgpg-error: 1.36 -> 1.41 [pfSense] libiconv: 1.14_11 -> 1.16 [pfSense] liblz4: 1.9.2,1 -> 1.9.3,1 [pfSense] libnghttp2: 1.40.0 -> 1.42.0 [pfSense] libxml2: 2.9.10 -> 2.9.10_2 [pfSense] libxslt: 1.1.34 -> 1.1.34_1 [pfSense] links: 2.16_2,1 -> 2.20.2_1,1 [pfSense] lua-resty-core: 0.1.17 -> 0.1.21_1 [pfSense] lua-resty-lrucache: 0.09 -> 0.10 [pfSense] luajit-openresty: 2.1.20190912_2 -> 2.1.20201027 [pfSense] miniupnpd: 2.1.20190210,1 -> 2.2.1,1 [pfSense] mpd5: 5.8_10 -> 5.9 [pfSense] nettle: 3.5.1_1 -> 3.6 [pfSense] nginx: 1.16.1_11,2 -> 1.18.0_45,2 [pfSense] norm: 1.5r6 -> 1.5r6_1 [pfSense] ntp: 4.2.8p14 -> 4.2.8p15 [pfSense] oniguruma: 6.9.3 -> 6.9.6 [pfSense] openldap-client: 2.4.48 -> 2.4.57 [pfSense] openvpn: 2.4.9 -> 2.5.0 [pfSense] pcre: 8.43_2 -> 8.44 [pfSense] perl5: 5.30.1 -> 5.32.1_1 [pfSense] pfSense: 2.4.5_1 -> 2.5.0 [pfSense] pfSense-Status_Monitoring: 1.7.11_1 -> 1.7.11_3 [pfSense] pfSense-base: 2.4.5_1 -> 2.5.0 [pfSense-core] pfSense-default-config: 2.4.5_1 -> 2.5.0 [pfSense-core] pfSense-kernel-pfSense: 2.4.5_1 -> 2.5.0 [pfSense-core] pfSense-rc: 2.4.5_1 -> 2.5.0 [pfSense-core] py37-setuptools: 41.4.0_1 -> 44.0.0 [pfSense] python37: 3.7.7 -> 3.7.9_1 [pfSense] radvd: 2.18_2 -> 2.19 [pfSense] rate: 0.9_1 -> 0.9_2 [pfSense] readline: 8.0.1 -> 8.0.4 [pfSense] rrdtool: 1.7.2_1 -> 1.7.2_4 [pfSense] smartmontools: 7.0_2 -> 7.2 [pfSense] sqlite3: 3.30.1 -> 3.34.0,1 [pfSense] ssh_tunnel_shell: 0.1_1 -> 0.2_1 [pfSense] sshguard: 2.4.0_4,1 -> 2.4.1,1 [pfSense] strongswan: 5.8.4 -> 5.9.1 [pfSense] unbound: 1.10.1 -> 1.13.0_2 [pfSense] wpa_supplicant: 2.9 -> 2.9_7 [pfSense] wrapalixresetbutton: 0.0.7 -> 0.0.7_1 [pfSense] Installed packages to be REINSTALLED: beep-1.0_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') bsnmp-regex-0.6_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') bwi-firmware-kmod-3.130.20 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') choparp-20150613 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') cpdup-1.20 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') cpustats-0.1_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') dpinger-3.0 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') expiretable-0.6_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') indexinfo-0.3.1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libargon2-20190702 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libdaemon-0.14_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libidn2-2.3.0_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libltdl-2.4.6 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libmcrypt-2.5.8_3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libucl-0.8.1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libunistring-0.9.10_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') libzmq4-4.3.1_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') lzo2-2.10_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') minicron-0.0.2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') mobile-broadband-provider-info-20190618_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') openvpn-auth-script-1.0.0.3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') pftop-0.7_9 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') py37-ply-3.11 [pfSense] (ABI changed: 'freebsd:11:*' -> 'freebsd:12:*') qstats-0.2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') scponly-4.8.20110526_4 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') uclcmd-0.1_3 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') voucher-0.1_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') vstr-1.0.15_1 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') wol-0.7.1_4 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') xinetd-2.3.15_2 [pfSense] (ABI changed: 'freebsd:11:x86:64' -> 'freebsd:12:x86:64') Number of packages to be removed: 52 Number of packages to be installed: 63 Number of packages to be upgraded: 71 Number of packages to be reinstalled: 30 The process will require 76 MiB more space. >>> Downloading pkg... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be REINSTALLED: pkg-1.16.1 [pfSense] Number of packages to be reinstalled: 1 >>> Locking package pkg... done. >>> Upgrading pfSense-rc... Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-rc: 2.4.5_1 -> 2.5.0 [pfSense-core] Number of packages to be upgraded: 1 [1/1] Upgrading pfSense-rc from 2.4.5_1 to 2.5.0... [1/1] Extracting pfSense-rc-2.5.0: ...... done >>> Upgrading pfSense kernel... Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-kernel-pfSense: 2.4.5_1 -> 2.5.0 [pfSense-core] Number of packages to be upgraded: 1 The process will require 14 MiB more space. [1/1] Upgrading pfSense-kernel-pfSense from 2.4.5_1 to 2.5.0... [1/1] Extracting pfSense-kernel-pfSense-2.5.0: .......... done ===> Keeping a copy of current kernel in /boot/kernel.old >>> Removing unnecessary packages... done. System is going to be upgraded. Rebooting in 10 seconds. >>> Unlocking package pkg... done. Success
コメント