System Patches package version 2.2.x

jimp

A new version of the System Patches package is building now and will be available shortly.

There are two changes in this versions:

• Added recommended patches for 23.01

  There is quite a long list of things we've fixed which will be beneficial for users to apply.

• Add buttons to apply and revert all patches of a given type (custom or recommended)

  This makes it easier to apply or revert things all at once. There are separate buttons to apply or revert all of the items in each list separately: One set of buttons for custom patch entries, one set of buttons for the recommended patches list.

Apply/Revert All Safety

Even if you have some patches already applied, it's generally safe to use "Apply All" as it will have the same net effect as manually clicking apply on anything that has an apply button. Same goes for revert.

Custom Patches that Overlap Recommended Patches

If you added custom patches for items now in the recommended patches list and the recommended patches entry shows a "revert" action, it's safe to remove the custom patch entry.

If the recommended patch version doesn't show either an apply or revert button, that indicates there is some difference in the applied patch and the recommended version. Revert the custom version, then apply it from the recommended patch list.

It's rare that would happen unless the custom entry was taken from the forum or Redmine as a diff directly instead of fetching a commit ID. If there is some difference in the patch, the committed version in the recommended list is likely superior.

Reboot is Likely Necessary

There are several patches for 23.01 that will require a reboot to activate (e.g. one needs to run the config upgrade at boot, one needs to re-write RRD scripts, etc.). The easiest thing to do there is install or update the package, apply all recommended patches, and then reboot.

Version 2.2.2

Version 2.2.2 is building now, but only contains additional patches for Plus 23.01. Other versions will see an update since I keep them all in sync to make maintenance easier, but there are no functional differences for any other version.

9 additional patches are included for 23.01, primarily to address PHP errors.

johnpoz

@jimp wow there is a lot ;) Guess will be doing a reboot in the morning when My change window opens..

change window = when I wake up and nobody is using the internet or plex ;)

jimp

@johnpoz said in System Patches package version 2.2:

@jimp wow there is a lot ;) Guess will be doing a reboot in the morning when My change window opens..

change window = when I wake up and nobody is using the internet or plex ;)

There are even more things we've fixed that didn't make the cut, and some more may come in yet. I didn't add entries for some of the less common edge cases we've seen and fixed since they were much less likely to be encountered in the wild than the ones I included in the list.

michmoor

@jimp Thanks Jim. Appreciate the teams hard work.

SteveITS

@jimp said in System Patches package version 2.2:

reboot to activate

Could there be some sort of a reboot column/check/icon in the row for those patches? Would help steer those who Apply All and don't read all the redmine entries. :)

michmoor

@steveits dude get out of my head. I was thinking about that when replying to the thread but i decided against it.
But yeah, notification of a reboot required message would solve issues..especially here in the forums.

johnpoz

@steveits said in System Patches package version 2.2:

and don't read

Well yeah that is always problematic - why would they read the email sent? ;) Just sayin hehehe

Even just a breeze over of all those entries should be pretty easy to spot that many of them that say reboot required.. Not saying users won't miss it.. hehe.. But its not like 1 in 20, but 4 out of the top 5 in my list state "requires reboot"

I could see if there was 1 out 20 of them, and it was number 17 in the list or something ;)

And then Jim in Bold bigger font states in this post "Reboot is Likely Necessary"

SteveITS

@michmoor said in System Patches package version 2.2:

dude get out of my head

Nope. I'm all for idi*t-proofing where possible. Though I wouldn't call it that in public. :) As someone once told me, paraphrased, "I want to be all powerful, but a prompt of 'are you sure, knuckehead?' would be appreciated."

And yeah, I didn't install the package update yet and couldn't really read the scrolling image well but the text does say to reboot. So, d'oh!

mcury

Today is a holiday here, so I decided to perform a clean 23.01 install.
Restored my config, then applied all these patches, everything working smoothly for a few hours now.
System: SG-3100 - pfblockerng, wireguard, softflowd (version from older repository).

michmoor

Curious, if there are new patches for 23.05 in the future, will the list get automatically populated or do we need to initiate something?

SteveITS

@michmoor said in System Patches package version 2.2:

if there are new patches for 23.05 in the future, will the list get automatically populated or do we need to initiate something?

The patch list is updated by updating the package. So with 23.01 (3 weeks ago) the package updated and the list was blank.

edit: I read this as, "after 23.05 is released"

jimp

@michmoor said in System Patches package version 2.2:

Curious, if there are new patches for 23.05 in the future, will the list get automatically populated or do we need to initiate something?

23.05 wouldn't use the system patches package that way since it's getting daily snapshot builds. Any fixes that go in would be in the builds the next day.

jdeloach

@jimp said in System Patches package version 2.2:

@michmoor said in System Patches package version 2.2:

Curious, if there are new patches for 23.05 in the future, will the list get automatically populated or do we need to initiate something?

23.05 wouldn't use the system patches package that way since it's getting daily snapshot builds. Any fixes that go in would be in the builds the next day.

I'm confused. I'm running pfSense 2.6.0 CE and I see these dozen or so patches as being available to apply, yet when I open the Redmine associated with each patch, it states that the target is for 2.7.0/plus target 23.01.

Are these patches really safe to apply to 2.6.0 CE? No where do I see anything in the redmine that states it is for 2.6.0???

login-to-view

slu

@jdeloach said in System Patches package version 2.2:

Are these patches really safe to apply to 2.6.0 CE?

See the package update today on the 2.6.0 CE and have the same question, save to apply because the System_Patches package is available on 2.6.0 CE?

Bob.Dig

@slu They are patches till the can be backed in the new version, so this is normal.

slu

@bob-dig but this affect 23.x only or 2.6.0 CE as well?
With other words, can I break the system with patches or is there some version check in the background?

Bob.Dig

@slu Good question. Is there anything related to FreeBSD 14 or PHP 8.1 in it? Then wait.

23.01:

Spoiler

login-to-view

4. and 6. I remember are 23.1 only for example, so if you have them too, then this is not for you.

jimp

@jdeloach said in System Patches package version 2.2:

I'm confused. I'm running pfSense 2.6.0 CE and I see these dozen or so patches as being available to apply, yet when I open the Redmine associated with each patch, it states that the target is for 2.7.0/plus target 23.01.

Are these patches really safe to apply to 2.6.0 CE? No where do I see anything in the redmine that states it is for 2.6.0???

The patches for 2.6.0 are not new. They have been there for weeks, since 23.01 released. The ones you see on 2.6.0 are safe to apply on 2.6.0. On 2.6.0 the only change you'll see from this new version of the package is the apply/revert all buttons.

The recommended patch list is version filtered. You only see the patches relevant to whatever you are running.

slu

@jimp said in System Patches package version 2.2:

The recommended patch list is version filtered. You only see the patches relevant to whatever you are running.

Thank you, now its clear to me.

JonathanLee

@jimp thanks!!!