pfSenseをアップデート 2.4.2_1→2.4.3

pfSenseをアップデートした記録 2.4.2_1→2.4.3

アップデート内容確認

2.4.2_1(2.4.2-p1)から2.4.3にアップデートします

変更点を確認
2.4.3 New Features and Changes – pfSense Documentation
https://doc.pfsense.org/index.php/2.4.3_New_Features_and_Changes

今回のメインはMeltdown/Spectreの対応(CVE-2017-5715、CVE-2017-5754)
そしてIPsecの脆弱性対応(CVE-2018-6916)です

少し前回のリリースから時間が空いたのもあって細かい修正も多いです

アップデートの手順

事前に設定のバックアップをした上で以下の操作でアップデートを実行
手順はいつもと同じです

まずダッシュボードのVersionのところにある雲マークか
System→Updateを選択

2.4.2_1から2.4.3へアップデートと表示出てるのを確認して「Confirm」を押す

無事に完了すると自動で再起動開始されます

最後に2.4.3の状態で設定をバックアップして完了

Update時の処理ログ

>>> Updating repositories metadata... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
>>> Setting vital flag on pkg... done.
>>> Downloading upgrade packages... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (72 candidates): .......... done
Processing candidates (72 candidates): .......... done
The following 75 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
  devcpu-data: 1.16 [pfSense]
  py27-ply: 3.10_1 [pfSense]
  py27-setuptools: 36.5.0 [pfSense]

Installed packages to be UPGRADED:
  unbound: 1.6.6 -> 1.6.8 [pfSense]
  strongswan: 5.6.0 -> 5.6.2_1 [pfSense]
  sqlite3: 3.20.1_1 -> 3.21.0_1 [pfSense]
  smartmontools: 6.5_2 -> 6.6_1 [pfSense]
  readline: 7.0.3 -> 7.0.3_1 [pfSense]
  radvd: 2.17_3 -> 2.17_4 [pfSense]
  python27: 2.7.14 -> 2.7.14_1 [pfSense]
  php56-zlib: 5.6.32 -> 5.6.34 [pfSense]
  php56-xmlwriter: 5.6.32 -> 5.6.34 [pfSense]
  php56-xmlreader: 5.6.32 -> 5.6.34 [pfSense]
  php56-xml: 5.6.32 -> 5.6.34 [pfSense]
  php56-tokenizer: 5.6.32 -> 5.6.34 [pfSense]
  php56-sysvshm: 5.6.32 -> 5.6.34 [pfSense]
  php56-sysvsem: 5.6.32 -> 5.6.34 [pfSense]
  php56-sysvmsg: 5.6.32 -> 5.6.34 [pfSense]
  php56-sqlite3: 5.6.32 -> 5.6.34 [pfSense]
  php56-sockets: 5.6.32 -> 5.6.34 [pfSense]
  php56-simplexml: 5.6.32 -> 5.6.34 [pfSense]
  php56-shmop: 5.6.32 -> 5.6.34 [pfSense]
  php56-session: 5.6.32 -> 5.6.34 [pfSense]
  php56-readline: 5.6.32 -> 5.6.34 [pfSense]
  php56-posix: 5.6.32 -> 5.6.34 [pfSense]
  php56-pfSense-module: 0.57 -> 0.61 [pfSense]
  php56-pdo_sqlite: 5.6.32 -> 5.6.34 [pfSense]
  php56-pdo: 5.6.32 -> 5.6.34 [pfSense]
  php56-pcntl: 5.6.32 -> 5.6.34 [pfSense]
  php56-openssl: 5.6.32 -> 5.6.34 [pfSense]
  php56-opcache: 5.6.32 -> 5.6.34 [pfSense]
  php56-mcrypt: 5.6.32 -> 5.6.34 [pfSense]
  php56-mbstring: 5.6.32 -> 5.6.34 [pfSense]
  php56-ldap: 5.6.32 -> 5.6.34 [pfSense]
  php56-json: 5.6.32 -> 5.6.34 [pfSense]
  php56-hash: 5.6.32 -> 5.6.34 [pfSense]
  php56-gettext: 5.6.32 -> 5.6.34 [pfSense]
  php56-filter: 5.6.32 -> 5.6.34 [pfSense]
  php56-dom: 5.6.32 -> 5.6.34 [pfSense]
  php56-curl: 5.6.32 -> 5.6.34 [pfSense]
  php56-ctype: 5.6.32 -> 5.6.34 [pfSense]
  php56-bz2: 5.6.32 -> 5.6.34 [pfSense]
  php56-bcmath: 5.6.32 -> 5.6.34 [pfSense]
  php56: 5.6.32 -> 5.6.34 [pfSense]
  pfSense-rc: 2.4.2_1 -> 2.4.3 [pfSense-core]
  pfSense-kernel-pfSense: 2.4.2_1 -> 2.4.3 [pfSense-core]
  pfSense-default-config: 2.4.2_1 -> 2.4.3 [pfSense-core]
  pfSense-base: 2.4.2_1 -> 2.4.3 [pfSense-core]
  pfSense-Status_Monitoring: 1.7.5 -> 1.7.6 [pfSense]
  pfSense: 2.4.2_1 -> 2.4.3 [pfSense]
  pear: 1.10.5 -> 1.10.5_1 [pfSense]
  openvpn: 2.4.4 -> 2.4.4_1 [pfSense]
  oniguruma6: 6.4.0 -> 6.6.1 [pfSense]
  ntp: 4.2.8p10_2 -> 4.2.8p11 [pfSense]
  nginx: 1.12.1_2,2 -> 1.12.2_3,2 [pfSense]
  nettle: 3.3 -> 3.4 [pfSense]
  luajit: 2.0.5 -> 2.1.0.b3 [pfSense]
  libzmq4: 4.2.2 -> 4.2.2_1 [pfSense]
  libxml2: 2.9.4 -> 2.9.7 [pfSense]
  libunistring: 0.9.7 -> 0.9.8 [pfSense]
  libnghttp2: 1.26.0 -> 1.29.0 [pfSense]
  libffi: 3.2.1_1 -> 3.2.1_2 [pfSense]
  libevent: 2.1.8 -> 2.1.8_1 [pfSense]
  json-c: 0.12.1 -> 0.13 [pfSense]
  isc-dhcp43-server: 4.3.6_1 -> 4.3.6P1 [pfSense]
  isc-dhcp43-relay: 4.3.6 -> 4.3.6P1 [pfSense]
  isc-dhcp43-client: 4.3.6 -> 4.3.6P1 [pfSense]
  indexinfo: 0.2.6 -> 0.3.1 [pfSense]
  idnkit: 1.0_6 -> 1.0_7 [pfSense]
  glib: 2.50.2_6,1 -> 2.50.3_1,1 [pfSense]
  expat: 2.2.1 -> 2.2.5 [pfSense]
  curl: 7.57.0 -> 7.58.0 [pfSense]
  ca_root_nss: 3.32.1 -> 3.36 [pfSense]
  bind-tools: 9.11.2 -> 9.11.2P1 [pfSense]

Installed packages to be REINSTALLED:
  miniupnpd-1.9.20160113,1 [pfSense] (options changed)

Number of packages to be installed: 3
Number of packages to be upgraded: 71
Number of packages to be reinstalled: 1

The process will require 9 MiB more space.
88 MiB to be downloaded.
[1/75] Fetching unbound-1.6.8.txz: .......... done
[2/75] Fetching strongswan-5.6.2_1.txz: .......... done
[3/75] Fetching sqlite3-3.21.0_1.txz: .......... done
[4/75] Fetching smartmontools-6.6_1.txz: .......... done
[5/75] Fetching readline-7.0.3_1.txz: .......... done
[6/75] Fetching radvd-2.17_4.txz: ....... done
[7/75] Fetching python27-2.7.14_1.txz: .......... done
[8/75] Fetching php56-zlib-5.6.34.txz: .. done
[9/75] Fetching php56-xmlwriter-5.6.34.txz: .. done
[10/75] Fetching php56-xmlreader-5.6.34.txz: .. done
[11/75] Fetching php56-xml-5.6.34.txz: ... done
[12/75] Fetching php56-tokenizer-5.6.34.txz: . done
[13/75] Fetching php56-sysvshm-5.6.34.txz: . done
[14/75] Fetching php56-sysvsem-5.6.34.txz: . done
[15/75] Fetching php56-sysvmsg-5.6.34.txz: .. done
[16/75] Fetching php56-sqlite3-5.6.34.txz: ... done
[17/75] Fetching php56-sockets-5.6.34.txz: ..... done
[18/75] Fetching php56-simplexml-5.6.34.txz: ... done
[19/75] Fetching php56-shmop-5.6.34.txz: . done
[20/75] Fetching php56-session-5.6.34.txz: .... done
[21/75] Fetching php56-readline-5.6.34.txz: .. done
[22/75] Fetching php56-posix-5.6.34.txz: .. done
[23/75] Fetching php56-pfSense-module-0.61.txz: ...... done
[24/75] Fetching php56-pdo_sqlite-5.6.34.txz: .. done
[25/75] Fetching php56-pdo-5.6.34.txz: ...... done
[26/75] Fetching php56-pcntl-5.6.34.txz: .. done
[27/75] Fetching php56-openssl-5.6.34.txz: ...... done
[28/75] Fetching php56-opcache-5.6.34.txz: ........ done
[29/75] Fetching php56-mcrypt-5.6.34.txz: .. done
[30/75] Fetching php56-mbstring-5.6.34.txz: .......... done
[31/75] Fetching php56-ldap-5.6.34.txz: ... done
[32/75] Fetching php56-json-5.6.34.txz: ... done
[33/75] Fetching php56-hash-5.6.34.txz: .......... done
[34/75] Fetching php56-gettext-5.6.34.txz: . done
[35/75] Fetching php56-filter-5.6.34.txz: ... done
[36/75] Fetching php56-dom-5.6.34.txz: ....... done
[37/75] Fetching php56-curl-5.6.34.txz: .... done
[38/75] Fetching php56-ctype-5.6.34.txz: . done
[39/75] Fetching php56-bz2-5.6.34.txz: .. done
[40/75] Fetching php56-bcmath-5.6.34.txz: ... done
[41/75] Fetching php56-5.6.34.txz: .......... done
[42/75] Fetching pfSense-rc-2.4.3.txz: .. done
[43/75] Fetching pfSense-kernel-pfSense-2.4.3.txz: .......... done
[44/75] Fetching pfSense-default-config-2.4.3.txz: . done
[45/75] Fetching pfSense-base-2.4.3.txz: .......... done
[46/75] Fetching pfSense-Status_Monitoring-1.7.6.txz: ... done
[47/75] Fetching pfSense-2.4.3.txz: . done
[48/75] Fetching pear-1.10.5_1.txz: .......... done
[49/75] Fetching openvpn-2.4.4_1.txz: .......... done
[50/75] Fetching oniguruma6-6.6.1.txz: .......... done
[51/75] Fetching ntp-4.2.8p11.txz: .......... done
[52/75] Fetching nginx-1.12.2_3,2.txz: .......... done
[53/75] Fetching nettle-3.4.txz: .......... done
[54/75] Fetching miniupnpd-1.9.20160113,1.txz: ........ done
[55/75] Fetching luajit-2.1.0.b3.txz: .......... done
[56/75] Fetching libzmq4-4.2.2_1.txz: .......... done
[57/75] Fetching libxml2-2.9.7.txz: .......... done
[58/75] Fetching libunistring-0.9.8.txz: .......... done
[59/75] Fetching libnghttp2-1.29.0.txz: .......... done
[60/75] Fetching libffi-3.2.1_2.txz: ..... done
[61/75] Fetching libevent-2.1.8_1.txz: .......... done
[62/75] Fetching json-c-0.13.txz: ........ done
[63/75] Fetching isc-dhcp43-server-4.3.6P1.txz: .......... done
[64/75] Fetching isc-dhcp43-relay-4.3.6P1.txz: .......... done
[65/75] Fetching isc-dhcp43-client-4.3.6P1.txz: .......... done
[66/75] Fetching indexinfo-0.3.1.txz: . done
[67/75] Fetching idnkit-1.0_7.txz: .......... done
[68/75] Fetching glib-2.50.3_1,1.txz: .......... done
[69/75] Fetching expat-2.2.5.txz: .......... done
[70/75] Fetching curl-7.58.0.txz: .......... done
[71/75] Fetching ca_root_nss-3.36.txz: .......... done
[72/75] Fetching bind-tools-9.11.2P1.txz: .......... done
[73/75] Fetching devcpu-data-1.16.txz: .......... done
[74/75] Fetching py27-ply-3.10_1.txz: .......... done
[75/75] Fetching py27-setuptools-36.5.0.txz: .......... done
Checking integrity... done (0 conflicting)
>>> Upgrading pfSense kernel... 
Checking integrity... done (0 conflicting)
The following 2 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
  pfSense-kernel-pfSense: 2.4.2_1 -> 2.4.3 [pfSense-core]
  pfSense-rc: 2.4.2_1 -> 2.4.3 [pfSense-core]

Number of packages to be upgraded: 2
[1/2] Upgrading pfSense-rc from 2.4.2_1 to 2.4.3...
[1/2] Extracting pfSense-rc-2.4.3: .... done
[2/2] Upgrading pfSense-kernel-pfSense from 2.4.2_1 to 2.4.3...
[2/2] Extracting pfSense-kernel-pfSense-2.4.3: .......... done
===> Keeping a copy of current kernel in /boot/kernel.old
Upgrade is complete.  Rebooting in 10 seconds.
Success