pfSense CEをアップデート 2.5.1→2.5.2

pfSense CEをアップデートした記録 2.5.1→2.5.2

アップデート内容確認

pfSense CE 2.5.1からpfSense CE 2.5.2にアップデートします

変更点を確認
https://docs.netgate.com/pfsense/en/latest/releases/2-5-2.html

Security
    This release includes corrections for the following vulnerabilities in pfSense software:
        pfSense-SA-21_02.captiveportal (XSS in Captive Portal client login page, #11843)

General
    Added: WireGuard experimental add-on package

pfSense CE

Aliases / Tables
    Added: PHP shell playback script to modify Alias contents #11380

Authentication
    Added: Copy button for Authentication Server entries #11390

Backup / Restore
    Added: Randomize time of scheduled AutoConfigBackup runs #10811
    Fixed: Automated corruption recovery from cached config.xml backup files should check multiple backups #11748
    Fixed: AutoConfigBackup schedule custom hour value lost on page load #11946

Captive Portal
    Added: Redirect Captive Portal users to login page after they logout #11264
    Fixed: Captive Portal post-auth redirect is not properly respected #11842
    Fixed: Potential XSS vulnerability in Captive Portal redirurl handling #11843

Certificates
    Fixed: Certificate Manager does not report Unbound as using a certificate #11678
    Fixed: PHP error on certificate list due to unreadable private key #11859
    Fixed: Export P12 icon is missing if certificate is not locally renewable #11884

Configuration Upgrade
    Fixed: PHP error in upgrade_212_to_213() when upgrading certain IPsec tunnels #11801

Console Menu
    Changed: Allow reroot on ZFS from console and GUI reboot menu entries #11914

DHCP (IPv6)
    Fixed: dhcp6withoutra_script.sh does not get executed when advanced options are set #11883

DNS Forwarder
    Fixed: Disable DNSSEC option for dnsmasq #11781
    Fixed: Update dnsmasq to 2.85 to fix CVE-2021-3448 #11866

DNS Resolver
    Fixed: Unbound Python Integration repeatedly mounts dev without unmounting #11456
    Fixed: Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot #11704
    Changed: Temporarily move back to Unbound 1.12.x due to instability on Unbound 1.13.x #11915

Dashboard
    Fixed: Thermal sensors widget no longer shows values from certain hardware #11787
    Fixed: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector #11893
    Fixed: Editing widgets on Dashboard causes a PHP Warning #11939

Diagnostics
    Fixed: ARP Table populates hostname values using expired DHCP lease data #11510
    Fixed: Sanitize OpenVPN Client Export certificate password in status output #11767
    Fixed: Sanitize Captive Portal RADIUS MAC secret in status output #11769
    Fixed: MAC address OEM information missing from ARP table #11819
    Fixed: State table content on diag_dump_states.php does not sort properly #11852

Dynamic DNS
    Added: New Dynamic DNS Provider: Mythic-Beasts #7842
    Added: New Dynamic DNS Provider: one.com #11293
    Added: New Dynamic DNS Provider: Yandex PDD #11294
    Added: New Dynamic DNS Provider: NIC.RU #11358
    Added: New Dynamic DNS Provider: Gandi LiveDNS IPv6 #11420
    Fixed: Automatic 25-day forced Dynamic DNS update removes wildcard domain #11667
    Fixed: Digital Ocean Dynamic DNS help text is incorrect #11754
    Fixed: NoIP.com Dynamic DNS update failure is not detected properly #11815
    Fixed: Dynamic DNS edit page incorrectly hides username field when switching away from Digital Ocean #11840

Gateways
    Added: Input validation to prevent setting a load balancing gateway group as default #11164

Hardware / Drivers
    Changed: Deprecate old cryptographic accelerator hardware which is not viable on modern systems #11426
    Fixed: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing #11524

High Availability
    Fixed: Incorrect RADVD log message on HA event #11966

IGMP Proxy
    Fixed: IGMP Proxy restarts unnecessarily after IPv6 gateway events #11904

IPsec
    Added: GUI option to set RADIUS Timeout for EAP-RADIUS #11211
    Added: Option to switch IPsec filtering modes to choose between enc and if_ipsec filtering #11395
    Changed: Move custom IPsec NAT-T port settings to Advanced Options #11518
    Fixed: strongSwan configuration always contains user EAP/PSK values #11564
    Added: IPsec GUI option to control Child SA start_action #11576
    Fixed: Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1 #11651
    Fixed: Cannot disable IPsec P1 when related P2s are in VTI mode and enabled #11792
    Fixed: IPsec VTI interface names are not properly formed for more than 32 interfaces #11794
    Fixed: Applying IPsec settings for more than ~30 tunnels times out PHP #11795
    Fixed: ipsec_vti() does not skip disabled VTI entries #11832
    Fixed: IPsec GUI allows creating multiple identical Phase 1 entries when using FQDN for remote gateway #11912
    Fixed: Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point #11967

IPv6 Router Advertisements (RADVD)
    Added: Use virtual link local IP address as RA source address for HA environments #11103
    Added: Shortcut buttons for service control and logs on RADVD configuration #11911
    Fixed: RADVD breaks on SIGHUP #11913

Interfaces
    Fixed: DHCP interfaces are always treated as having a gateway, even if one is not assigned by the upstream DHCP server #5135
    Fixed: Interfaces page displays MAC Address field for interfaces which do not support L2 #11387
    Fixed: CLI interface configuration without IPv6 leaves RA enabled #11609
    Fixed: Incomplete PPPoE custom reset values lead to invalid cron entry #11698
    Fixed: Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes #11855
    Added: VLAN list sorting #11968

L2TP
    Fixed: Unused L2TP VPN files are not removed when the service is disabled #11299
    Added: GUI option to set MTU for L2TP VPN server #11406

NTPD
    Fixed: NTP widget displays incorrect status #11495
    Fixed: NTP authentication input validation rejects valid keys #11850

Notifications
    Fixed: Invalid HTML encoding in modal Notices window #11765

OpenVPN
    Added: Allow the firewall to use DNS servers provided to an OpenVPN client instance #11140
    Fixed: OpenVPN Wizard does not support gateway groups #11141
    Added: Set Explicit Exit Notify to 1 by default for new OpenVPN client instances #11521
    Added: Support for Cisco AVPair {clientipv6} template in firewall rules returns by RADIUS #11596
    Changed: Set explicit-exit-notify option by default for new OpenVPN server instances #11684
    Fixed: OpenVPN does not clean up parsed Cisco-AVPair rules on non-graceful disconnect #11699
    Fixed: OpenVPN does not kill IPv6 client states on disconnect #11700
    Fixed: OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP #11793
    Fixed: Certificate validation with OCSP always fails in openvpn.tls-verify.php #11830
    Changed: Update OpenVPN to 2.5.2 #11844
    Fixed: OpenVPN client startup error if IPv6 Tunnel Network is defined in TAP mode #11869

Operating System
    Added: Kernel modules for alternate congestion control algorithms #7092
    Added: Kernel module for RTL8153 driver #11125
    Added: Xen console support #11402
    Fixed: Unquoted variable in dot.tcshrc can cause proxy password to be printed #11867

Routing
    Fixed: IPv4 link-local (169.254.x.x) gateway does not function #11806

Rules / NAT
    Added: Support for IPv6 firewall entries with dynamic delegated prefix and static host address #6626
    Fixed: Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule #11688
    Fixed: Input validation prevents creating 1:1 NAT rules on IPsec #11751
    Fixed: Invalid combinations of TCP flag matching options cause pfctl parser error #11762
    Fixed: Port forward rules only function through the default gateway interface, reply-to does not work for Multi-WAN (CE Only) #11805
    Fixed: Error loading rules in certain cases where an interface is temporarily without an address #11861
    Fixed: NAT 1:1 fail to validate aliases #11923

Traffic Shaper (ALTQ)
    Fixed: Harmless error when enabling traffic shaper #11229
    Fixed: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ #11550

Traffic Shaper (Limiters)
    Fixed: Unused Limiter entries with schedules create unnecessary cron jobs #11636
    Fixed: Error when setting queue limit on CODELQ limiter #11725

Upgrade
    Fixed: Language presented to user during upgrade is misleading #11897

Web Interface
    Added: Replace HTTP links with HTTPS in the GUI #11228
    Fixed: Ambiguous text in help and input validation error for system domain name #11658
    Fixed: PHP error if PHP_error.log file is too large #11685
    Fixed: RAM Disk Settings shows Kernel Memory at 0 Kb and does not allow the user to create RAM disks #11702
    Fixed: HTTP Referer error message text is incorrect #11873
    Fixed: Missing /0 subnet when cloning repeatable CIDR mask controls #11880
    Fixed: Update NGINX to address CVE-2021-23017 #12061

WireGuard
    Fixed: Ignore WireGuard configurations under <installedpackages></installedpackages> #11808

Wireless
    Added: GUI options for WPA Enterprise with identity/password #2400
    Fixed: wpa_supplicant uses 100% of a CPU core at boot #11453

XMLRPC
    Fixed: XMLRPC synchronization restarts all OpenVPN instances on the secondary node when making any change on the primary node #11082
    Fixed: XMLRPC Client does not honor its default timeout value #11718

今回は修正メインのアップデートです

pfSense CE 2.5.1で一時的に削除されたWireGuardについては
将来的にはカーネル実装されて機能復帰する予定ですが
それまではアドオンとして導入可能になりました
(まだ実験的導入となります)

前バージョンのpfSense CE 2.5.1時点で既知の問題として
報告されていたAES-NIの不具合については
今回のpfSense CE 2.5.2で修正済となってます

Update時の処理ログを見るとUnboundのバージョンが戻されているのが確認できますが
これはpfSense CE 2.5.1だとDNS Resolverのオプション設定である
「Register DHCP leases in the DNS Resolver」を有効にしていると
DNS Resolverの本体であるUnboundがクラッシュする不具合があったようです
Unbound自体の不具合とみられるため不具合回避の為にUnbound自体を
1.13.xから1.12.xへ戻すことになったようなので正常なアップデート処理になります

アップデートの手順

今回もpfSense CEでのアップデートです

事前に設定のバックアップをした上で以下の操作でアップデートを実行
手順はいつもと同じです

2.5.1から2.5.2へアップデートと表示出てるのを確認して「Confirm」を押す

無事に完了すると自動で再起動開始されます

最後に2.5.2の状態で設定をバックアップして完了

Update時の処理ログ

>>> Updating repositories metadata... 
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: . done
Processing entries: . done
pfSense-core repository update completed. 7 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: .......... done
pfSense repository update completed. 498 packages processed.
All repositories are up to date.
>>> Setting vital flag on pkg... done.
>>> Removing vital flag from php74... done.
>>> Downloading upgrade packages... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (77 candidates): .......... done
Processing candidates (77 candidates): .......... done
The following 83 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    mpdecimal: 2.5.1 [pfSense]
    php74-pear-HTTP_Request2-230: 2.3.0,1 [pfSense]
    py38-ply: 3.11 [pfSense]
    py38-setuptools: 57.0.0 [pfSense]
    python38: 3.8.10 [pfSense]
    unbound112: 1.12.0_1 [pfSense]

Installed packages to be UPGRADED:
    bind-tools: 9.16.12 -> 9.16.16 [pfSense]
    ca_root_nss: 3.58 -> 3.63 [pfSense]
    cpdup: 1.20 -> 1.22 [pfSense]
    curl: 7.74.0 -> 7.76.1 [pfSense]
    dbus: 1.12.20_3 -> 1.12.20_4 [pfSense]
    devcpu-data: 1.37 -> 1.39 [pfSense]
    dnsmasq: 2.84,1 -> 2.85_1,1 [pfSense]
    expat: 2.2.10 -> 2.4.1 [pfSense]
    expiretable: 0.6_1 -> 0.6_2 [pfSense]
    glib: 2.66.4_1,1 -> 2.66.8,2 [pfSense]
    hostapd: 2.9_2 -> 2.9_3 [pfSense]
    icu: 68.2,1 -> 69.1,1 [pfSense]
    isc-dhcp44-client: 4.4.2_1 -> 4.4.2P1 [pfSense]
    isc-dhcp44-relay: 4.4.2_1 -> 4.4.2P1 [pfSense]
    isc-dhcp44-server: 4.4.2_1 -> 4.4.2P1_1 [pfSense]
    libedit: 3.1.20191231,1 -> 3.1.20210216,1 [pfSense]
    libgcrypt: 1.8.7 -> 1.9.3 [pfSense]
    libgpg-error: 1.41 -> 1.42 [pfSense]
    libidn2: 2.3.0_1 -> 2.3.1 [pfSense]
    libnghttp2: 1.42.0 -> 1.43.0 [pfSense]
    libuv: 1.40.0 -> 1.41.0 [pfSense]
    libxml2: 2.9.10_2 -> 2.9.10_4 [pfSense]
    libzmq4: 4.3.1_1 -> 4.3.4 [pfSense]
    mobile-broadband-provider-info: 20190618_1 -> 20201225 [pfSense]
    nettle: 3.7.2_1 -> 3.7.2_2 [pfSense]
    nginx: 1.18.0_45,2 -> 1.20.1,2 [pfSense]
    oniguruma: 6.9.6 -> 6.9.7.1 [pfSense]
    openldap-client: 2.4.57 -> 2.4.59 [pfSense]
    openvpn: 2.5.1 -> 2.5.2_2 [pfSense]
    pcre2: 10.36 -> 10.37 [pfSense]
    pcsc-lite: 1.9.0_1,2 -> 1.9.1,2 [pfSense]
    pfSense: 2.5.1 -> 2.5.2 [pfSense]
    pfSense-base: 2.5.1 -> 2.5.2 [pfSense-core]
    pfSense-default-config: 2.5.1 -> 2.5.2 [pfSense-core]
    pfSense-kernel-pfSense: 2.5.1 -> 2.5.2 [pfSense-core]
    pfSense-rc: 2.5.1 -> 2.5.2 [pfSense-core]
    php74: 7.4.15 -> 7.4.20 [pfSense]
    php74-bcmath: 7.4.15 -> 7.4.20 [pfSense]
    php74-bz2: 7.4.15 -> 7.4.20 [pfSense]
    php74-ctype: 7.4.15 -> 7.4.20 [pfSense]
    php74-curl: 7.4.15 -> 7.4.20 [pfSense]
    php74-dom: 7.4.15 -> 7.4.20 [pfSense]
    php74-filter: 7.4.15 -> 7.4.20 [pfSense]
    php74-gettext: 7.4.15 -> 7.4.20 [pfSense]
    php74-intl: 7.4.15 -> 7.4.20 [pfSense]
    php74-json: 7.4.15 -> 7.4.20 [pfSense]
    php74-ldap: 7.4.15 -> 7.4.20 [pfSense]
    php74-mbstring: 7.4.15 -> 7.4.20 [pfSense]
    php74-opcache: 7.4.15 -> 7.4.20 [pfSense]
    php74-openssl: 7.4.15 -> 7.4.20 [pfSense]
    php74-pcntl: 7.4.15 -> 7.4.20 [pfSense]
    php74-pdo: 7.4.15 -> 7.4.20 [pfSense]
    php74-pdo_sqlite: 7.4.15 -> 7.4.20 [pfSense]
    php74-pecl-radius: 1.4.0.b1 -> 1.4.0b1_1 [pfSense]
    php74-pfSense-module: 0.69_1 -> 0.72 [pfSense]
    php74-posix: 7.4.15 -> 7.4.20 [pfSense]
    php74-readline: 7.4.15 -> 7.4.20 [pfSense]
    php74-session: 7.4.15 -> 7.4.20 [pfSense]
    php74-shmop: 7.4.15 -> 7.4.20 [pfSense]
    php74-simplexml: 7.4.15 -> 7.4.20 [pfSense]
    php74-sockets: 7.4.15 -> 7.4.20 [pfSense]
    php74-sqlite3: 7.4.15 -> 7.4.20 [pfSense]
    php74-sysvmsg: 7.4.15 -> 7.4.20 [pfSense]
    php74-sysvsem: 7.4.15 -> 7.4.20 [pfSense]
    php74-sysvshm: 7.4.15 -> 7.4.20 [pfSense]
    php74-tokenizer: 7.4.15 -> 7.4.20 [pfSense]
    php74-xml: 7.4.15 -> 7.4.20 [pfSense]
    php74-xmlreader: 7.4.15 -> 7.4.20 [pfSense]
    php74-xmlwriter: 7.4.15 -> 7.4.20 [pfSense]
    php74-zlib: 7.4.15 -> 7.4.20 [pfSense]
    radvd: 2.19 -> 2.19_2 [pfSense]
    readline: 8.0.4 -> 8.1.1 [pfSense]
    smartmontools: 7.2 -> 7.2_1 [pfSense]
    sqlite3: 3.34.0,1 -> 3.35.5_1,1 [pfSense]
    strongswan: 5.9.1 -> 5.9.2_2 [pfSense]
    wpa_supplicant: 2.9_7 -> 2.9_10 [pfSense]

Installed packages to be REINSTALLED:
    php74-pear-XML_RPC2-1.1.4 [pfSense] (direct dependency changed: php74-pear-HTTP_Request2-230)

Number of packages to be installed: 6
Number of packages to be upgraded: 76
Number of packages to be reinstalled: 1

The process will require 132 MiB more space.
150 MiB to be downloaded.
[1/83] Fetching wpa_supplicant-2.9_10.txz: .......... done
[2/83] Fetching strongswan-5.9.2_2.txz: .......... done
[3/83] Fetching sqlite3-3.35.5_1,1.txz: .......... done
[4/83] Fetching smartmontools-7.2_1.txz: .......... done
[5/83] Fetching readline-8.1.1.txz: .......... done
[6/83] Fetching radvd-2.19_2.txz: ....... done
[7/83] Fetching php74-zlib-7.4.20.txz: ... done
[8/83] Fetching php74-xmlwriter-7.4.20.txz: .. done
[9/83] Fetching php74-xmlreader-7.4.20.txz: .. done
[10/83] Fetching php74-xml-7.4.20.txz: ... done
[11/83] Fetching php74-tokenizer-7.4.20.txz: .. done
[12/83] Fetching php74-sysvshm-7.4.20.txz: . done
[13/83] Fetching php74-sysvsem-7.4.20.txz: . done
[14/83] Fetching php74-sysvmsg-7.4.20.txz: . done
[15/83] Fetching php74-sqlite3-7.4.20.txz: ... done
[16/83] Fetching php74-sockets-7.4.20.txz: ..... done
[17/83] Fetching php74-simplexml-7.4.20.txz: ... done
[18/83] Fetching php74-shmop-7.4.20.txz: . done
[19/83] Fetching php74-session-7.4.20.txz: ..... done
[20/83] Fetching php74-readline-7.4.20.txz: .. done
[21/83] Fetching php74-posix-7.4.20.txz: .. done
[22/83] Fetching php74-pfSense-module-0.72.txz: ...... done
[23/83] Fetching php74-pecl-radius-1.4.0b1_1.txz: ... done
[24/83] Fetching php74-pear-XML_RPC2-1.1.4.txz: ........ done
[25/83] Fetching php74-pdo_sqlite-7.4.20.txz: .. done
[26/83] Fetching php74-pdo-7.4.20.txz: ...... done
[27/83] Fetching php74-pcntl-7.4.20.txz: .. done
[28/83] Fetching php74-openssl-7.4.20.txz: ........ done
[29/83] Fetching php74-opcache-7.4.20.txz: .......... done
[30/83] Fetching php74-mbstring-7.4.20.txz: .......... done
[31/83] Fetching php74-ldap-7.4.20.txz: .... done
[32/83] Fetching php74-json-7.4.20.txz: ... done
[33/83] Fetching php74-intl-7.4.20.txz: .......... done
[34/83] Fetching php74-gettext-7.4.20.txz: . done
[35/83] Fetching php74-filter-7.4.20.txz: ... done
[36/83] Fetching php74-dom-7.4.20.txz: ....... done
[37/83] Fetching php74-curl-7.4.20.txz: .... done
[38/83] Fetching php74-ctype-7.4.20.txz: . done
[39/83] Fetching php74-bz2-7.4.20.txz: .. done
[40/83] Fetching php74-bcmath-7.4.20.txz: ... done
[41/83] Fetching php74-7.4.20.txz: .......... done
[42/83] Fetching pfSense-rc-2.5.2.txz: .. done
[43/83] Fetching pfSense-kernel-pfSense-2.5.2.txz: .......... done
[44/83] Fetching pfSense-default-config-2.5.2.txz: . done
[45/83] Fetching pfSense-base-2.5.2.txz: .......... done
[46/83] Fetching pfSense-2.5.2.txz: . done
[47/83] Fetching pcsc-lite-1.9.1,2.txz: .......... done
[48/83] Fetching pcre2-10.37.txz: .......... done
[49/83] Fetching openvpn-2.5.2_2.txz: .......... done
[50/83] Fetching openldap-client-2.4.59.txz: .......... done
[51/83] Fetching oniguruma-6.9.7.1.txz: .......... done
[52/83] Fetching nginx-1.20.1,2.txz: .......... done
[53/83] Fetching nettle-3.7.2_2.txz: .......... done
[54/83] Fetching mobile-broadband-provider-info-20201225.txz: ........ done
[55/83] Fetching libzmq4-4.3.4.txz: .......... done
[56/83] Fetching libxml2-2.9.10_4.txz: .......... done
[57/83] Fetching libuv-1.41.0.txz: .......... done
[58/83] Fetching libnghttp2-1.43.0.txz: .......... done
[59/83] Fetching libidn2-2.3.1.txz: .......... done
[60/83] Fetching libgpg-error-1.42.txz: .......... done
[61/83] Fetching libgcrypt-1.9.3.txz: .......... done
[62/83] Fetching libedit-3.1.20210216,1.txz: .......... done
[63/83] Fetching isc-dhcp44-server-4.4.2P1_1.txz: .......... done
[64/83] Fetching isc-dhcp44-relay-4.4.2P1.txz: .......... done
[65/83] Fetching isc-dhcp44-client-4.4.2P1.txz: .......... done
[66/83] Fetching icu-69.1,1.txz: .......... done
[67/83] Fetching hostapd-2.9_3.txz: .......... done
[68/83] Fetching glib-2.66.8,2.txz: .......... done
[69/83] Fetching expiretable-0.6_2.txz: . done
[70/83] Fetching expat-2.4.1.txz: .......... done
[71/83] Fetching dnsmasq-2.85_1,1.txz: .......... done
[72/83] Fetching devcpu-data-1.39.txz: .......... done
[73/83] Fetching dbus-1.12.20_4.txz: .......... done
[74/83] Fetching curl-7.76.1.txz: .......... done
[75/83] Fetching cpdup-1.22.txz: .... done
[76/83] Fetching ca_root_nss-3.63.txz: .......... done
[77/83] Fetching bind-tools-9.16.16.txz: .......... done
[78/83] Fetching python38-3.8.10.txz: .......... done
[79/83] Fetching mpdecimal-2.5.1.txz: .......... done
[80/83] Fetching unbound112-1.12.0_1.txz: .......... done
[81/83] Fetching php74-pear-HTTP_Request2-230-2.3.0,1.txz: .......... done
[82/83] Fetching py38-ply-3.11.txz: .......... done
[83/83] Fetching py38-setuptools-57.0.0.txz: .......... done
Checking integrity... done (2 conflicting)
  - unbound112-1.12.0_1 [pfSense] conflicts with unbound-1.13.1 [installed] on /usr/local/etc/unbound/unbound.conf.sample
  - php74-pear-HTTP_Request2-230-2.3.0,1 [pfSense] conflicts with php74-pear-HTTP_Request2-2.3.0,1 [installed] on /usr/local/share/doc/pear/HTTP_Request2/LICENSE
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 85 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
    php74-pear-HTTP_Request2: 2.3.0,1
    unbound: 1.13.1

New packages to be INSTALLED:
    mpdecimal: 2.5.1 [pfSense]
    php74-pear-HTTP_Request2-230: 2.3.0,1 [pfSense]
    py38-ply: 3.11 [pfSense]
    py38-setuptools: 57.0.0 [pfSense]
    python38: 3.8.10 [pfSense]
    unbound112: 1.12.0_1 [pfSense]

Installed packages to be UPGRADED:
    bind-tools: 9.16.12 -> 9.16.16 [pfSense]
    ca_root_nss: 3.58 -> 3.63 [pfSense]
    cpdup: 1.20 -> 1.22 [pfSense]
    curl: 7.74.0 -> 7.76.1 [pfSense]
    dbus: 1.12.20_3 -> 1.12.20_4 [pfSense]
    devcpu-data: 1.37 -> 1.39 [pfSense]
    dnsmasq: 2.84,1 -> 2.85_1,1 [pfSense]
    expat: 2.2.10 -> 2.4.1 [pfSense]
    expiretable: 0.6_1 -> 0.6_2 [pfSense]
    glib: 2.66.4_1,1 -> 2.66.8,2 [pfSense]
    hostapd: 2.9_2 -> 2.9_3 [pfSense]
    icu: 68.2,1 -> 69.1,1 [pfSense]
    isc-dhcp44-client: 4.4.2_1 -> 4.4.2P1 [pfSense]
    isc-dhcp44-relay: 4.4.2_1 -> 4.4.2P1 [pfSense]
    isc-dhcp44-server: 4.4.2_1 -> 4.4.2P1_1 [pfSense]
    libedit: 3.1.20191231,1 -> 3.1.20210216,1 [pfSense]
    libgcrypt: 1.8.7 -> 1.9.3 [pfSense]
    libgpg-error: 1.41 -> 1.42 [pfSense]
    libidn2: 2.3.0_1 -> 2.3.1 [pfSense]
    libnghttp2: 1.42.0 -> 1.43.0 [pfSense]
    libuv: 1.40.0 -> 1.41.0 [pfSense]
    libxml2: 2.9.10_2 -> 2.9.10_4 [pfSense]
    libzmq4: 4.3.1_1 -> 4.3.4 [pfSense]
    mobile-broadband-provider-info: 20190618_1 -> 20201225 [pfSense]
    nettle: 3.7.2_1 -> 3.7.2_2 [pfSense]
    nginx: 1.18.0_45,2 -> 1.20.1,2 [pfSense]
    oniguruma: 6.9.6 -> 6.9.7.1 [pfSense]
    openldap-client: 2.4.57 -> 2.4.59 [pfSense]
    openvpn: 2.5.1 -> 2.5.2_2 [pfSense]
    pcre2: 10.36 -> 10.37 [pfSense]
    pcsc-lite: 1.9.0_1,2 -> 1.9.1,2 [pfSense]
    pfSense: 2.5.1 -> 2.5.2 [pfSense]
    pfSense-base: 2.5.1 -> 2.5.2 [pfSense-core]
    pfSense-default-config: 2.5.1 -> 2.5.2 [pfSense-core]
    pfSense-kernel-pfSense: 2.5.1 -> 2.5.2 [pfSense-core]
    pfSense-rc: 2.5.1 -> 2.5.2 [pfSense-core]
    php74: 7.4.15 -> 7.4.20 [pfSense]
    php74-bcmath: 7.4.15 -> 7.4.20 [pfSense]
    php74-bz2: 7.4.15 -> 7.4.20 [pfSense]
    php74-ctype: 7.4.15 -> 7.4.20 [pfSense]
    php74-curl: 7.4.15 -> 7.4.20 [pfSense]
    php74-dom: 7.4.15 -> 7.4.20 [pfSense]
    php74-filter: 7.4.15 -> 7.4.20 [pfSense]
    php74-gettext: 7.4.15 -> 7.4.20 [pfSense]
    php74-intl: 7.4.15 -> 7.4.20 [pfSense]
    php74-json: 7.4.15 -> 7.4.20 [pfSense]
    php74-ldap: 7.4.15 -> 7.4.20 [pfSense]
    php74-mbstring: 7.4.15 -> 7.4.20 [pfSense]
    php74-opcache: 7.4.15 -> 7.4.20 [pfSense]
    php74-openssl: 7.4.15 -> 7.4.20 [pfSense]
    php74-pcntl: 7.4.15 -> 7.4.20 [pfSense]
    php74-pdo: 7.4.15 -> 7.4.20 [pfSense]
    php74-pdo_sqlite: 7.4.15 -> 7.4.20 [pfSense]
    php74-pecl-radius: 1.4.0.b1 -> 1.4.0b1_1 [pfSense]
    php74-pfSense-module: 0.69_1 -> 0.72 [pfSense]
    php74-posix: 7.4.15 -> 7.4.20 [pfSense]
    php74-readline: 7.4.15 -> 7.4.20 [pfSense]
    php74-session: 7.4.15 -> 7.4.20 [pfSense]
    php74-shmop: 7.4.15 -> 7.4.20 [pfSense]
    php74-simplexml: 7.4.15 -> 7.4.20 [pfSense]
    php74-sockets: 7.4.15 -> 7.4.20 [pfSense]
    php74-sqlite3: 7.4.15 -> 7.4.20 [pfSense]
    php74-sysvmsg: 7.4.15 -> 7.4.20 [pfSense]
    php74-sysvsem: 7.4.15 -> 7.4.20 [pfSense]
    php74-sysvshm: 7.4.15 -> 7.4.20 [pfSense]
    php74-tokenizer: 7.4.15 -> 7.4.20 [pfSense]
    php74-xml: 7.4.15 -> 7.4.20 [pfSense]
    php74-xmlreader: 7.4.15 -> 7.4.20 [pfSense]
    php74-xmlwriter: 7.4.15 -> 7.4.20 [pfSense]
    php74-zlib: 7.4.15 -> 7.4.20 [pfSense]
    radvd: 2.19 -> 2.19_2 [pfSense]
    readline: 8.0.4 -> 8.1.1 [pfSense]
    smartmontools: 7.2 -> 7.2_1 [pfSense]
    sqlite3: 3.34.0,1 -> 3.35.5_1,1 [pfSense]
    strongswan: 5.9.1 -> 5.9.2_2 [pfSense]
    wpa_supplicant: 2.9_7 -> 2.9_10 [pfSense]

Installed packages to be REINSTALLED:
    php74-pear-XML_RPC2-1.1.4 [pfSense] (direct dependency changed: php74-pear-HTTP_Request2-230)

Number of packages to be removed: 2
Number of packages to be installed: 6
Number of packages to be upgraded: 76
Number of packages to be reinstalled: 1

The process will require 123 MiB more space.
>>> Downloading pkg... 

Number of packages to be fetched: 1
No packages are required to be fetched.
Integrity check was successful.
>>> Upgrading pfSense-rc... 
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
    pfSense-rc: 2.5.1 -> 2.5.2 [pfSense-core]

Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-rc from 2.5.1 to 2.5.2...
===> Setting net.pf.request_maxcount=400000
[1/1] Extracting pfSense-rc-2.5.2: ...... done
>>> Upgrading pfSense kernel... 
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
    pfSense-kernel-pfSense: 2.5.1 -> 2.5.2 [pfSense-core]

Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-kernel-pfSense from 2.5.1 to 2.5.2...
[1/1] Extracting pfSense-kernel-pfSense-2.5.2: .......... done
===> Keeping a copy of current kernel in /boot/kernel.old
>>> Removing unnecessary packages... done.
System is going to be upgraded.  Rebooting in 10 seconds.
Success