Patching/Upgrading OpenSSL

stephenw10

Hmm, am I missing something? The button is right there in the installed packages screen next to the package listing.

Steve

doktornotor

@stephenw10:

Hmm, am I missing something?

Talking about the Reinstall Packages button in Diagnostics - Backup/Restore

Click this button to reinstall all system packages. This may take a while.

stephenw10

Ah, I am missing something.  ::)

Steve

fragged

Diagnostics: Backup/restore has a button to reinstall all installed packages.

CNLiberal

Looks like 2.1.2 is up?

drees

@joltman:

Looks like 2.1.2 is up?

Yep:
https://www.pfsense.org/download/

CNLiberal

I just saw some people in the forum are getting an error when they're editing their rules.  I'm going to hold off for now.

Criggie

@joltman:

I just saw some people in the forum are getting an error when they're editing their rules.  I'm going to hold off for now.

2.1.2 installed, working for me.  Joltman: what's your IP address? …..

CNLiberal

??

adam65535

jimp posted that it is fixed…  problem with autoconfigbackup package which was just updated to fix it...

https://forum.pfsense.org/index.php?topic=75060.msg409582#msg409582

The github commit to the package...

https://github.com/pfsense/pfsense-packages/commit/8869c3d78abf2bf7e72fe079ed457c28f3f8edab

JeGr

@joltman: As I was reporting this, I agree to adams statement. Getting rid of autoconfbackup package before upgrading should completely avoid this. Afterwards it can be installed to it's new version (1.22) again without hiccups. Problem was completely related to the package, not the main distro.

Greets Jens

CNLiberal

Cool.  I'm proceeding.  Poor ESF servers getting hammered hard.

EDIT:  Finished.  Looks good!

Fmstrat

Hi all, I see the founder tweeted that keys may be OK:

https://twitter.com/neelmehta/status/453625474879471616

However I also know that people have pulled keys from FreeBSD. For OpenVPN users, do we need to swap our keys if we were using PFsense 2.1.x?

Thanks.

dannyman

Thanks for getting 2.1.2 out!

This will be my first upgrade.  I assume the firewall will need to reboot.  Any quick advice or how long an upgrade takes, how long is the downtime, maybe these questions are already covered somewhere?

Does the secondary firewall upgrade when it sees it peer upgrade or do I trigger that manually?

I've announced 5+ minutes downtime in a 1 hour maintenance window.  Looks like there's a backup / rollback option so I'm hoping that even if I hit a snag I won't be dead in the water!

Thanks,
-danny

BBcan177

Upgraded one of my boxes from 2.0.3 to 2.1.2.

No issues to report!  ;)

Except that Suricata lost all of its interface settings. Looks like a new install of that package. Snort was also installed and it came back 100%

Great Work Guys!

BBcan177

What testing method is recommended to test the Bleeding Heart issue in pfSense?

Bluejay

I registered just to comment on what an amazing job you guys did in getting this patch out so quickly. There are commercial routers costing hundreds of dollars (if not thousands) that I imagine will be vulnerable for weeks…

th3r3isnospoon

Thank you Jim Pingle, Chris Buechler, all the other devs and the community members that helped make this happen!  It's much appreciated!

I will be buying a gold subscription to show my thanks!

-th3r3isnospoon

phong

@dannyman:

Any quick advice or how long an upgrade takes, how long is the downtime

It took my pfSense box about 5-10 minutes for the whole process (which was without any problems).
The downtime was only 1 minute 30 seconds (the time I couldn't access internet or ping the pfSense box). My pfSense box is quite an old PC (Pentium 3 or 4).

Thank you admins for your work on this serious bug.

jasonlitka

@dannyman:

Thanks for getting 2.1.2 out!

This will be my first upgrade.  I assume the firewall will need to reboot.  Any quick advice or how long an upgrade takes, how long is the downtime, maybe these questions are already covered somewhere?

Does the secondary firewall upgrade when it sees it peer upgrade or do I trigger that manually?

I've announced 5+ minutes downtime in a 1 hour maintenance window.  Looks like there's a backup / rollback option so I'm hoping that even if I hit a snag I won't be dead in the water!

Thanks,
-danny

You're using CARP on all interfaces?  If so, the downtime will be basically zero.

Upgrade the backup first.  Once it's back up and running disable CARP on the first box to force a failover.  Once you're sure things are working on the backup, upgrade the primary.  Once the upgrade is done everyone will fail back to the primary automatically.