pfSenseをアップデートした記録 2.4.4→2.4.4_1
アップデート内容確認
2.4.4から2.4.4_1(2.4.4-p1)にアップデートします
変更点を確認
Releases — 2.4.4-p1 New Features and Changes | pfSense Documentation
https://www.netgate.com/docs/pfsense/releases/2-4-4-p1-new-features-and-changes.html
Security / Errata FreeBSD Errata Notice FreeBSD-EN-18:09.ip: IP fragment remediation causes IPv6 fragment reassembly failure #8934 FreeBSD Errata Notice FreeBSD-EN-18:10.syscall NULL pointer dereference in freebsd4_getfsstat system call (CVE-2018-17154) FreeBSD Errata Notice FreeBSD-EN-18:11.listen Denial of service in listen syscall over IPv6 socket (CVE-2018-6925) FreeBSD Errata Notice FreeBSD-EN-18:12.mem Small kernel memory disclosures in two system calls (CVE-2018-17155) Fixed a potential authenticated command injection issue with PowerD settings pfSense-SA-18_09.webgui #9061 Fixed handling of privileges on the All group that were previously ignored #9051 Warning Check the privileges on the All group before upgrading to avoid unintended privileges for accounts being respected that were not honored before Certificates Fixed CRL lifetime errors due to 2038 rollover on 32-bit ARM platforms #9098 Fixed date display of CA/Certificate validity ending dates after 2038 rollover on 32-bit ARM platforms #9100 Fixed PHP errors when creating certificate entries #9099 DNS Updated Unbound to 1.8.1 to address issues with memory leaks, especially in DNS over TLS support #9059 Fixed issues with the DNS search domain for the firewall being omitted from resolv.conf in certain cases #9056 Fixed PHP errors in the DNS Forwarder #8967 Dynamic DNS Fixed an issue with FreeDNS Dynamic DNS sending an IP address with an update #8924 Fixed issues with Custom (v6) Dynamic DNS logging a hostname error #8977 DHCP Server Fixed issues with DHCPv6 network boot settings #8949 Routing/Gateways Reduced the logging output of gateway change events #8914 Fixed an issue with dpinger PID files causing it to get stuck in Pending status #8921 Fixed display of a configured gateway monitor IP address when gateway monitoring is disabled #8953 Fixed issues with double quotes in gateway descriptions causing a blank gateway drop-down on firewall rules #8962 Fixed an issue where the default gateway was lost in certain cases with HA after a CARP VIP status transition #8465 IPsec Updated strongSwan to 5.7.1 #8898 Added 0.0.0.0/0 to both sides of an IPsec VTI P2 to allow connections with third-party routed IPsec implementations that require its presence #8859 Fixed boot-time handling of IPsec VTI static routes #9116 Fixed IKEv2 EAP Identity/Client ID matching so that it is strictly performed, to avoid users getting incorrect per-user settings #9055 Fixed handling of RADIUS server names containing a . in the IPsec configuration with strongSwan 5.7.1 #9106 Updated AWS IPsec wizard to use EC2 instance profiles and security groups, and switched the wizard from OpenBGPD to FRR Interfaces/VIPs Fixed issues with DHCP client MTU causing interface configure loops when advanced options are present #8507 Fixed issues with the Hyper-V hn(4) driver and ALTQ #8954 Fixed issues with Hyper-V hn(4) interfaces dropping UDP6 traffic when transmit checksums were enabled #9019 Fixed an issue with IGMP proxy failing to start on PPPoE interfaces #8935 Fixed an issue with IPv6 Transmit checksums not being disabled when hardware checksums were set to be disabled #8980 Updated mpd to 5.8_8 to address issues with Orange MTU #8995 Fixed PPPoE service name checks to allow : and other alphanumeric characters #9002 Fixed PHP errors when creating QinQ entries #9109 Fixed the MAC address shown when editing a LAGG entry to always show the hardware MAC for each NIC and not the currently active address, which is no longer accurate for LAGG members #8937 Fixed a PHP error when setting an interface address to act as a DHCP server from the console, when no other DHCP servers are already configured #9144 Fixed a situation where editing a VLAN interface caused all other VLAN interfaces with the same parent to be reconfigured, which led to several other issues #9115 Warning Editing a VLAN parent interface can still cause problems. If this becomes an issue on a firewall, consider moving from using the untagged parent to having that traffic be tagged so that the parent interface is not assigned or in use. #9154 Known issues include: PPPoE instances on VLANs will not reconnect after the interface is reconfigured #9148 VLAN interfaces that use IPv6 tracking may lose their addresses #9136 Hardware/Platform Fixed handling of EFI console when a device boots from UEFI, where vidconsole is not valid #8978 Fixed PHP errors in switch configuration on platforms including integrated switches Added support for SG-5100 hardware watchdog Note Enable the Watchdog daemon under System > Advanced on the Miscellaneous tab, and then reboot and enable it in the BIOS with a timeout longer than the timeout configured in the GUI. User Management / Authentication Fixed handling of privileges on the All group that were previously ignored #9051 Warning Check the privileges on the All group before upgrading to avoid unintended privileges for accounts being respected that were not honored before Added GUI options to control sshguard sensitivity and whitelisting to allow users to fine-tune the behavior of the brute force login protection #8864 Added an option to enable SSH agent forwarding (disabled by default) #8590 Fixed inconsistencies with ssh settings in the configuration #8974 Fixed PHP errors with ssh settings #8606 Added support for LDAP client certificates on authentication servers (Factory only) #9007 Fixed an issue with Local Database authentication when using non-English languages in certain cases, such as with Captive Portal #9086 Captive Portal Fixed Captive Portal RADIUS NAS Identifier default values to include the zone name #8998 Restored the ability to set a custom NAS Identifier on Captive Portal RADIUS settings #8998 Fixed issues with Captive Portal logout popup #9010 Fixed handling of the login page displayed when RADIUS MAC Authentication fails #9032 Fixed username sent in RADIUS accounting with MAC-based authentication #9131 Fixed an issue with the blocked MAC address redirect URL #9114 WebGUI / Dashboard Fixed nginx restart handling when toggling GUI web server options under System > Advanced, Admin Access tab Fixed empty crash reports after upgrade #8915 Added CDATA protection to common name fields so they can safely contain international characters #9006 Firewall Rules / Aliases / NAT The filterdns daemon has been rewritten, solving a number of issues with the old implementation, including: Fixes filterdns triggering every 16 seconds even when DNS records have not changed #7143 Fixes invalid FQDN entries in aliases causing an alias table to fail silently #8001 Fixes filterdns failing on a regular basis #8758 Fixed /etc/rc.kill_states not correctly parsing pfctl output #8554 Fixed formatting of alias names to still wrap but not replace underscores #8893 Fixed PHP errors from filter_rules_sort() when a configuration contains no rules #8993 Fixed PHP errors when creating schedules #9009 Fixed PHP errors when creating entries on NAT pages #9080 Fixed PHP errors from easyrule when no aliases are present #9119 Fixed “Drag to reorder” description in rule list when rule drag-and-drop is disabled #9128 Traffic Shaping (ALTQ/Limiters) Fixed issues with Limiter queue display on upgraded configurations #8956 Fixed the default limiter scheduler to match previous version (WF2Q+) #8973 Added scheduler information to the limiter information page #8973 Packages Fixed issues with package installation causing problems when crossing major PHP versions #8938 Fixed PHP errors when installing packages #9067 Backup/Restore Added schedule (cron) support to AutoConfigBackup #8947 Fixed issues with AutoConfigBackup restoring a configuration from a different host #8901 Fixed the AutoConfigBackup menu from the deprecated package still showing when the package is no longer present #8959 Fixed an issue with Reinstall Packages hanging when run from Diagnostics > Backup & Restore #8933 Fixed issues with multiple <rrddata> tags in config.xml #8994 Fixed a race condition in package operations after a configuration restore that could lead to no packages being reinstalled #9045 Fixed issues with the External Config Locator not finding a config.xml in /config #9066 Fixed an issue where packages may not be reinstalled during a configuration restore performed immediately after a fresh install #9071 Fixed a stream_select() error when restoring packages #9102 Wake on LAN Fixed issues with ordering of entries in Wake on LAN #8926 Added top control buttons to Wake on LAN for Add and Wake all Devices when there are more than 25 entries #8943 NTP Fixed issues with NTP status when using noquery in the default permissions along with a specific ACL for localhost #7609 Logging / Notifications Fixed an issue with log file sizes >= 2^32/2 #9081 Fixed PHP errors when saving log settings #9095 Added a checkbox to disable TLS certificate verification for SMTP notifications #9001 Install/Upgrade Added a FAT partition to the installer memstick to make it easier to restore a config.xml file during the install process. Also includes a copy of the license and a README. #9104 Fixed PHP errors in upgrade code for IPsec #9083 Miscellaneous Fixed HTTPS proxy authentication support for connections on the firewall itself #9029 Clarified wording of Kernel PTI options on System > Advanced, Miscellaneous tab #9026 Added a Save button to Status > Traffic Graphs to store default settings to use when loading the page #8976 Added support for nvme controllers to the S.M.A.R.T. diagnostics page #9042
FreeBSDのエラッタ修正がメインですが
2.4.4から期間が空いたのもありp1とは思えない数の修正点があります
消化したチケットの数を見ても0.0.1アップ規模ですね
アップデートの手順
事前に設定のバックアップをした上で以下の操作でアップデートを実行
手順はいつもと同じです
まずダッシュボードのVersionのところにある雲マークか
System→Updateを選択
2.4.4から2.4.4_1へアップデートと表示出てるのを確認して「Confirm」を押す
Update時の処理ログ
>>> Updating repositories metadata... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. >>> Setting vital flag on pkg... done. >>> Removing vital flag from lang/php72... done. >>> Downloading upgrade packages... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking for upgrades (13 candidates): .......... done Processing candidates (13 candidates): .......... done The following 14 package(s) will be affected (of 0 checked): New packages to be INSTALLED: ccache: 3.4.2 [pfSense] Installed packages to be UPGRADED: unbound: 1.7.3 -> 1.8.1 [pfSense] strongswan: 5.6.3 -> 5.7.1 [pfSense] php72-pfSense-module: 0.64_6 -> 0.65 [pfSense] pfSense-rc: 2.4.4 -> 2.4.4_1 [pfSense-core] pfSense-kernel-pfSense: 2.4.4 -> 2.4.4_1 [pfSense-core] pfSense-default-config: 2.4.4 -> 2.4.4_1 [pfSense-core] pfSense-base: 2.4.4 -> 2.4.4_1 [pfSense-core] pfSense: 2.4.4 -> 2.4.4_1 [pfSense] mpd5: 5.8_7 -> 5.8_8 [pfSense] igmpproxy: 0.2.1,1 -> 0.2.1_1,1 [pfSense] filterdns: 1.0_16 -> 2.0_1 [pfSense] curl: 7.61.1 -> 7.62.0 [pfSense] Installed packages to be REINSTALLED: scponly-4.8.20110526_2 [pfSense] (direct dependency added: ccache) Number of packages to be installed: 1 Number of packages to be upgraded: 12 Number of packages to be reinstalled: 1 55 MiB to be downloaded. [1/14] Fetching unbound-1.8.1.txz: .......... done [2/14] Fetching strongswan-5.7.1.txz: .......... done [3/14] Fetching scponly-4.8.20110526_2.txz: ... done [4/14] Fetching php72-pfSense-module-0.65.txz: ...... done [5/14] Fetching pfSense-rc-2.4.4_1.txz: .. done [6/14] Fetching pfSense-kernel-pfSense-2.4.4_1.txz: .......... done [7/14] Fetching pfSense-default-config-2.4.4_1.txz: . done [8/14] Fetching pfSense-base-2.4.4_1.txz: .......... done [9/14] Fetching pfSense-2.4.4_1.txz: . done [10/14] Fetching mpd5-5.8_8.txz: .......... done [11/14] Fetching igmpproxy-0.2.1_1,1.txz: ... done [12/14] Fetching filterdns-2.0_1.txz: ... done [13/14] Fetching curl-7.62.0.txz: .......... done [14/14] Fetching ccache-3.4.2.txz: .......... done Checking integrity... done (0 conflicting) >>> Upgrading pfSense-rc... Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-rc: 2.4.4 -> 2.4.4_1 [pfSense-core] Number of packages to be upgraded: 1 [1/1] Upgrading pfSense-rc from 2.4.4 to 2.4.4_1... [1/1] Extracting pfSense-rc-2.4.4_1: .... done >>> Upgrading pfSense kernel... Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-kernel-pfSense: 2.4.4 -> 2.4.4_1 [pfSense-core] Number of packages to be upgraded: 1 [1/1] Upgrading pfSense-kernel-pfSense from 2.4.4 to 2.4.4_1... [1/1] Extracting pfSense-kernel-pfSense-2.4.4_1: .......... done ===> Keeping a copy of current kernel in /boot/kernel.old >>> Removing unnecessary packages... done. Upgrade is complete. Rebooting in 10 seconds. Success
コメント