2.3.1 Update 1 Available



  • 2.3.1 Update 1 is now available. The changes can be found appended to the 2.3.1-RELEASE change list under Update 1.
    https://doc.pfsense.org/index.php/2.3.1_New_Features_and_Changes#Update_1


  • Administrator



  • @cmb:

    2.3.1 Update 1 is now available. The changes can be found appended to the 2.3.1-RELEASE change list under Update 1.
    https://doc.pfsense.org/index.php/2.3.1_New_Features_and_Changes#Update_1

    I noticed your doc (https://pfsense.org/security/advisories/pfSense-SA-16_05.webgui.asc) is PGP signed. Do you have your public key posted for us to download? Or whats the ID we can search the key servers for?

    Thanks



  • @AR15USR:

    I noticed your doc (https://pfsense.org/security/advisories/pfSense-SA-16_05.webgui.asc) is PGP signed. Do you have your public key posted for us to download? Or whats the ID we can search the key servers for?

    ID 0x9214F8DA



  • Just a side-note, using 32bit key IDs is a bad idea. See https://evil32.com for details.

    I've found a key on the keyserver for "pfSense Security Team (Security Advisories for pfSense) <security at="" pfsense="" dot="" org="">" with the following fingerprint "E345 EF8C 4539 E974 943C  831D 13B9 87FD 9214 F8DA".

    The message is successfully verified with that key.

    I'd recommend the applicable public PGP key to be added here for reference: https://www.pfsense.org/security/</security>



  • @JorgeOliveira:

    Just a side-note, using 32bit key IDs is a bad idea. See https://evil32.com for details.

    I've found a key on the keyserver for "pfSense Security Team (Security Advisories for pfSense) <security at="" pfsense="" dot="" org="">" with the following fingerprint "E345 EF8C 4539 E974 943C  831D 13B9 87FD 9214 F8DA".

    The message is successfully verified with that key.

    I'd recommend the applicable public PGP key to be added here for reference: https://www.pfsense.org/security/</security>

    Jorge are you saying they should identify their key by the longer ID of "0x13b987fd9214f8da"? Just curious..



  • @AR15USR:

    @JorgeOliveira:

    Just a side-note, using 32bit key IDs is a bad idea. See https://evil32.com for details.

    I've found a key on the keyserver for "pfSense Security Team (Security Advisories for pfSense) <security at="" pfsense="" dot="" org="">" with the following fingerprint "E345 EF8C 4539 E974 943C  831D 13B9 87FD 9214 F8DA".

    The message is successfully verified with that key.

    I'd recommend the applicable public PGP key to be added here for reference: https://www.pfsense.org/security/</security>

    Jorge are you saying they should identify their key by the longer ID of "0x13b987fd9214f8da"? Just curious..

    That and the key fingerprint as well, forging those two combined is practically impossible.



  • This update broke my instance.  >:(
    2.3.0 and 2.31 was fine but 2.3.1_1 boots and has console errors above menu:

    Fatal error: require_once(): Failed opening required 'config.inc' (include_path='.:/usr/local/share/pear') in /etc/rc.banner on line _32_ ... 
    

    Then continues to vomit the rest of that code all over the console screen and the usual menu appears but with limited functionality.
    There is NO 'pear' in /usr/local/share/

    All interfaces are down and cannot be reset; Menu options 1 and 2 do not work.

    I changed the boot kernel from kernel.old back to kernel and that did not help.

    I can get shell as menu choice 8 works but 12 (dev shell) does not.

    Menu: '13) Update from console'  runs into errors… the same that caused this mess as follows:

    
    Warning: require_once(config.inc): failed to open stream: No such file or directory on /etc/rc.conf_mount_rw on line 31
    
    Call Stack:
         0.0002     117684    1\. {main}() /etc/rc.conf_mount_rw:0
    
    Fatal Error: require_once(): Failed opening required 'config.inc' (include_path='.:/usr/local/share/pear') in /etc/rc.conf_mount_rw on line 31
    
    Call Stack:
         0.0002     117684    1\. {main}() /etc/rc.conf_mount_rw:0
    
    /usr/local/sbin/pfSense-upgrade: grep: not found 
    
    ...~
    
    

    Menu: '15) Restore recent configuration'  does not work.

    Is this update broken or what??

    Thank you for looking into it.



  • @AR15USR:

    Jorge are you saying they should identify their key by the longer ID of "0x13b987fd9214f8da"? Just curious..

    Yes.

    @rjbradlow:

    This update broke my instance.  >:(
    (…)
    I can get shell as menu choice 8 works but 12 (dev shell) does not.
    (...)

    This may be caused by network/hardware problem causing an half-baked upgrade process. I'd recommend running this on shell:

    pkg upgrade -f
    

    It will download and reinstall all packages. Be aware this may take a considerable amount of time: 30 minutes to 2 hours. Be patient.



  • @JorgeOliveira:

    @rjbradlow:

    This update broke my instance.  >:(
    (…)
    I can get shell as menu choice 8 works but 12 (dev shell) does not.
    (...)

    This may be caused by network/hardware problem causing an half-baked upgrade process. I'd recommend running this on shell:

    pkg upgrade -f
    

    It will download and reinstall all packages. Be aware this may take a considerable amount of time: 30 minutes to 2 hours. Be patient.

    Thank you Jorge but I also mentioned that all interfaces were down… and unable to be brought up so no dice there... No Network at all. Totally hosed.
    I'm a Linux / bash guy and not familiar enough with the castrated shell in pfSense to attempt trying to fix it by hand.
    If you look at the error again it states that the update was looking for a nonexistent directory named 'pear' and thus the missing file 'config.inc' as well.

    So am I to gather from your reply that this directory does actually exist and was not downloaded by some networking glitch on a machine that had been updating and working flawlessly up to the latest update?

    If so then why would it have been deleted instead of overwritten during a minor update from 2.3.1 to 2.3.1_1?

    ???



  • I don't know what the PEAR thing is about, maybe that happ0ened to be the last dir in the searchlist for looking for include files.
    You should have a bunch of include files in /etc/inc

    /etc/inc/config.inc
    

    Do you have files there?
    Does the content of /etc/inc/config.inc look like a bunch of PHP functions?



  • @phil.davis:

    Does the content of /etc/inc/config.inc look like a bunch of PHP functions?

    Yes it is there with all of it's friends and yes it is PHP.



  • @rjbradlow:

    @phil.davis:

    Does the content of /etc/inc/config.inc look like a bunch of PHP functions?

    Yes it is there with all of it's friends and yes it is PHP.

    That's a good start.
    /etc/rc.php_ini_setup should create:

    /usr/local/etc/php.ini
    

    and that should specify the include path:

    include_path = ".:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form"
    

    and if all that is good, then config.inc (and lots of other include files) should be found.



  • @phil.davis:

    That's a good start.
    /etc/rc.php_ini_setup should create:

    /usr/local/etc/php.ini
    

    and that should specify the include path:

    include_path = ".:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form"
    

    and if all that is good, then config.inc (and lots of other include files) should be found.

    ./rc_php_ini_setup: /usr/bin/grep: not found
    

    Thank you Phil.  :)

    Downloaded and mounted latest ISO, copied grep from ISO to /usr/bin/

    Re-ran /etc/rc_php_ini_setup and exited to find a normal console menu

    Further repairs in progress.


  • Banned

    Hy!

    Don't get me wrong, but is it really worth the effort? Fresh install, extract your config.xml, copy over to fresh install and start over again… max 1 hour, I guess.

    regards

    chemlud



  • @2chemlud:

    Hy!

    Don't get me wrong, but is it really worth the effort? Fresh install, extract your config.xml, copy over to fresh install and start over again… max 1 hour, I guess.

    regards

    chemlud

    Thanks chemlud,
    It was certainly worth the learning experience.

    Must have been a botched download like Jorge said.

    I booted the cd and did a recovery which extracted the xml file and all was done in a matter of a few minutes after my last post.

    quick and painless thanks to everyone's help here and the fine job the devs did with that nice recovery feature.

    Thanks to all … great job guys!!


  • Administrator

    @JorgeOliveira:

    Just a side-note, using 32bit key IDs is a bad idea. See https://evil32.com for details.

    I've found a key on the keyserver for "pfSense Security Team (Security Advisories for pfSense) <security at="" pfsense="" dot="" org="">" with the following fingerprint "E345 EF8C 4539 E974 943C  831D 13B9 87FD 9214 F8DA".

    The message is successfully verified with that key.

    I'd recommend the applicable public PGP key to be added here for reference: https://www.pfsense.org/security/</security>

    It's there now: https://pfsense.org/security/



  • is 2.3.1 Update 2 in the air ??

    my ssh checking update has detected an upgrade, i have reloaded my pfsense box but nothing changed…

    what is going ?




Log in to reply