Apply all system patches

shoulders · Mar 6, 2023, 6:12 PM

I have just found the package 'System Patches' which has a list of patches for various reasons and I have a couple of questions:

Should I apply all of the patches or only ones that I need to resolve specific questions?
After upgrading pfSense to the net verions (i.e. 2.7.0) will 'Recommended Patches' all be reverted, custom patches remain and show as appropriate in the 'System Patches' package?

thanks

tedquade · Mar 6, 2023, 6:16 PM

@shoulders Have you read the following?

https://docs.netgate.com/pfsense/en/latest/development/system-patches.html

Ted Quade

shoulders · Mar 6, 2023, 6:22 PM

@tedquade yes I have thanks and does not answer my questions

"The lower section contains Recommended System Patches for the specific running version of pfSense software. These patches are curated by Netgate and may include security fixes, bug fixes, and other beneficial changes which come up between releases. This list is only updated when the package is updated, so check the package manager for updates. The controls in this section are limited as there is no need to edit the entries or the list."

Just tells you what they are and how to install a patch.

SteveITS · Mar 6, 2023, 6:24 PM

@shoulders Normally the patches listed will be included in the next version.

As to what to do, it’s up to you. Netgate “recommends” the list. Generally any commit diff can be set as a patch as well so you’ll see Netgate fix something and post the patch ID.

shoulders · Mar 6, 2023, 6:26 PM

@steveits

I am trying to get what Netgate recommends. They should then put that on the 'system patches' page

SteveITS · Mar 6, 2023, 7:18 PM

@shoulders I'm not sure I follow...you should see a "Recommended System Patches for Netgate pfSense software version 2.6.0" section on yours. By way of comparison there are no recommended patches (yet) for 23.01.

For a more specific example, patch https://redmine.pfsense.org/issues/7727 (UPnP) is targeted for 2.7 but was already included in 22.05.

shoulders · Mar 6, 2023, 7:24 PM

do i apply all patches or only ones to fix problems I am having. what is recommended.

SteveITS · Mar 6, 2023, 7:38 PM

@shoulders I tend to apply them as needed.

tedquade · Mar 6, 2023, 7:42 PM

@shoulders I tend to apply them all.

Ted Quade

jimp · Mar 7, 2023, 1:38 PM

All of the patches are "Recommended" or they wouldn't be in the "Recommended" list :-)

But it's not lumped together or automatic because users like control over what they apply and some environments have rules/regulations about what they can apply and when.

tl;dr it's up to you, only you can decide which ones you want.

shoulders · Mar 7, 2023, 2:05 PM

@jimp I be honest the answer above still doesn't answer my question :( . Let me put it another way. Would you install all of the patches?

thanks

jimp · Mar 7, 2023, 2:28 PM

Nobody but you can tell you if you want all of them.

Most likely you would want all of them, but every environment is different.

stephenw10 · Mar 8, 2023, 12:23 AM

Personally I only apply the patches for things I know I might hit.

Gertjan · Mar 8, 2023, 11:10 AM

@stephenw10

Added to that : when applying a patch for code that I actually use, I'll contribute in testing that patch.
And if needed, I'll feedback into redmine.

Patch · Mar 9, 2023, 2:52 AM

@jimp said in Apply all system patches:

Most likely you would want all of them, but every environment is different.

@stephenw10 said in Apply all system patches:

Personally I only apply the patches for things I know I might hit.

I suppose it really depends on if the patches are considered

Samples of beta code
A point release of near production code

SteveITS · Mar 9, 2023, 3:14 AM

@patch said in Apply all system patches:

I suppose it really depends on if the patches are considered

Samples of beta code
A point release of near production code

My personal view on that is, patches listed as Recommended are solid enough for Netgate to want to push them out. Fixes suggested in forum posts (often by @jimp!) are still pretty solid but haven't yet made the Recommended list. Of course one can just view the patch contents and (if familiar with PHP/coding) see what is being changed.

Basically all of them are generated due to Redmine bug reports and once the issue is closed they will be in the next version of pfSense anyway. So maybe the answer is to track down the Redmine entry and see what it says.

jimp · Mar 9, 2023, 1:38 PM

By the time a patch makes it into the "Recommended" list it's usually either already included in a newer release or it's been well tested internally and confirmed to solve the problem in question.