Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11

bmeeks

I inadvertently introduced a nasty bug on the ALERTS tab in the 4.1.6_10 Snort package update posted earlier today (Tuesday).

DO NOT INSTALL the 4.1.6_10 update!!!

Wait for 4.1.6_11 to appear and install that one.

If you have installed the 4.1.6_10 update, then DO NOT click the Save button on the ALERTS tab. Doing so will wipe out all of your Snort interfaces configuration in config.xml and the only way to recover is via restoring the most recent backup from DIAGNOSTICS > BACKUP Configuration History.

bmeeks

The corrected 4.1.6_11 version of the Snort package is building and should show as available soon. Sorry for the goof up .

Again, if you hit Save on the ALERTS tab after making a change while using the broken 4.1.6_10 package, you can recover your previous Snort configuration by restoring the most recent backup from Configuration History under DIAGNOSTICS > BACKUP AND RESTORE in the GUI or using option 15 in the pfSense console menu.

If you did not hit Save, then things are fine and you just need to be sure and update to the 4.1.6_11 version of Snort when it shows up.

mcury

@bmeeks said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

Sorry for the goof up .

Man, you don't need to say sorry, we only have these packages because of you and you are always helping the community.

I say, thank you !!!

bmeeks

@mcury said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

@bmeeks said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

Sorry for the goof up .

Man, you don't need to say sorry, we only have these packages because of you and you are always helping the community.

I say, thank you !!!

Thanks. It's still embarrassing, though. I checked several things on the page after my fix yesterday EXCEPT that particular button. Lesson learned for next time...

mcury

@bmeeks said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

Thanks. It's still embarrassing, though. I checked several things on the page after my fix yesterday EXCEPT that particular button. Lesson learned for next time...

Who never?

fireodo

@bmeeks said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

should show as available soon

Until today (almost 2 weeks) nothing has show up - is there a problem in building the package?

Thanks for your work and
kind regards,
fireodo

Bob.Dig

@fireodo said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

Until today (almost 2 weeks) nothing has show up - is there a problem in building the package?

I can see 4.1.6_11 for Plus and 4.1.6_9 for non-plus, so seems fine.

fireodo

@Bob-Dig said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

4.1.6_9 for non-plus

So there is no 4.1.6_11 for CE ...

Thanks

bmeeks

@fireodo said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

@Bob-Dig said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

4.1.6_9 for non-plus

So there is no 4.1.6_11 for CE ...

Thanks

There is supposed to be a 4.1.6_11 for both CE and Plus. I was notified that the patch had been merged into both branches. Let me follow up with the Netgate team and see what happened on the CE side.

fireodo

@bmeeks said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

Let me follow up with the Netgate team and see what happened on the CE side.

Ah, OK - thank you!

bmeeks

I sent them an email -- awaiting a reply. I suspect they are busy working on the 23.09 Plus update, so it may take a little bit to get a reply back.

fireodo

@bmeeks Thank you!

bmeeks

Got a response from the Netgate developer team. There is some kind of internal issue they are looking into whereby the new packages for CE got built on their internal package builder server, but for some reason did not get copied over to the public server so that they were visible to users. Give Netgate a bit of time to work out the problem and get it corrected.

Just to share how this works -- the basic process for building packages uses a dedicated Poudriere ports builder server for actually creating the zipped up package files. After building is completed, those zipped up package files are copied over to a web server that hosts the public package repo that your pfSense machines queries for new packages (and downloads them from). That second step of copying over did not happen on the CE side and is what is being investigated.

fireodo

@bmeeks said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

Got a response from the Netgate developer team. There is some kind of internal issue they are looking into whereby the new packages for CE got built on their internal package builder server, but for some reason did not get copied over to the public server so that they were visible to users. Give Netgate a bit of time to work out the problem and get it corrected.

Thanks, Bill, for the Feedback!

20.10.23 EDIT: Still no Update from the Netgate Servers - I took the patched file from here:

snort_alerts.php

and replaced it on my pfsense (restart Snort after that)

bmeeks

@fireodo said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

20.10.23 EDIT: Still no Update from the Netgate Servers

Noticed the same. Not sure what's up. I did get confirmation the issue was passed along to the team responsible for the package builder servers.

fireodo

@bmeeks said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

@fireodo said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

20.10.23 EDIT: Still no Update from the Netgate Servers

Noticed the same. Not sure what's up. I did get confirmation the issue was passed along to the team responsible for the package builder servers.

Thanks - wish you a nice sunday!

slu

Look like this issue with the update to _11 is still not fixed.

bmeeks

@slu said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

Look like this issue with the update to _11 is still not fixed.

Yeah, not fixed in CE but is fixed in Plus. Just checked my 23.05.1 production box and the 4.1.6_11 package version is showing available there.

Don't know what exactly is up with the CE RELEASE and CE DEVEL branches not seeing the package update. I can ping my Netgate contact one more time.

Edit Follow-Up: sent another email to my Netgate contact asking for an update. Will post back when I hear something.

Bob.Dig

@bmeeks said in Snort 4.1.6_10 Package Update is BROKEN!!! Do not install it. A fix is coming in 4.1.6_11:

Edit Follow-Up: sent another email to my Netgate contact asking for an update. Will post back when I hear something.

Kinda very interesting in these times... edit: There it is.

bmeeks

The 4.1.6_11 version of the Snort package should now be showing up as available for pfSense 2.7 CE users. I can see it on my end.

Still not sure about 2.8 CE development snapshots. That environment is still a bit wonky for me ???