What is release 2.3_1?



  • Just logged into my router this morning, and it appears there's an update available.. but I can't find any details.

    Clearly, this isn't the 2.3.1 release, so what is it?

    EDIT: To clarify, I am on the Stable branch …
    ![Screen Shot 2016-05-02 at 10.31.30 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-05-02 at 10.31.30 AM.png_thumb)
    ![Screen Shot 2016-05-02 at 10.31.30 AM.png](/public/imported_attachments/1/Screen Shot 2016-05-02 at 10.31.30 AM.png)



  • [16:37:46] <vectr0n>o.0
    [16:37:59] <vectr0n>"Version 2.3_1 is available."
    [16:39:16] <vectr0n>jim-p-work, non-reboot update?
    [16:39:30] <@jim-p-work> <jim-p-work>A portrevision bump so boxes will see the ntpd update. Nothing else changed.
    [16:39:30] <@jim-p-work> <jim-p-work>A quick security fix style we couldn't do with the old update style
    [16:39:45] <@jim-p-work> Though it doesn't restart ntpd automatically, give that a kick from Status > Services</jim-p-work></jim-p-work></vectr0n></vectr0n></vectr0n>



  • @Christos:

    [16:37:46] <vectr0n>o.0
    [16:37:59] <vectr0n>"Version 2.3_1 is available."
    [16:39:16] <vectr0n>jim-p-work, non-reboot update?
    [16:39:30] <@jim-p-work> <jim-p-work>A portrevision bump so boxes will see the ntpd update. Nothing else changed.
    [16:39:30] <@jim-p-work> <jim-p-work>A quick security fix style we couldn't do with the old update style
    [16:39:45] <@jim-p-work> Though it doesn't restart ntpd automatically, give that a kick from Status > Services</jim-p-work></jim-p-work></vectr0n></vectr0n></vectr0n>

    Awesome, thanks!  Good to go - just applied and it worked perfectly, no reboot needed.

    Good stuff!  If we can somehow show a release note or a description with the new version # in the updater, that would be even more awesome.


  • LAYER 8 Global Moderator

    Yup nice update.. Pretty slick how this new update system works.. It even updated the nano I had on there from non pfsense repo..

    [2.3-RELEASE][root@pfSense.local.lan]/root: ntpq
    ntpq> v
    ntpq 4.2.8p7@1.3265-o Fri Apr 29 10:58:04 UTC 2016 (1)



  • @dmurphynj:

    @Christos:

    [16:37:46] <vectr0n>o.0
    [16:37:59] <vectr0n>"Version 2.3_1 is available."
    [16:39:16] <vectr0n>jim-p-work, non-reboot update?
    [16:39:30] <@jim-p-work> <jim-p-work>A portrevision bump so boxes will see the ntpd update. Nothing else changed.
    [16:39:30] <@jim-p-work> <jim-p-work>A quick security fix style we couldn't do with the old update style
    [16:39:45] <@jim-p-work> Though it doesn't restart ntpd automatically, give that a kick from Status > Services</jim-p-work></jim-p-work></vectr0n></vectr0n></vectr0n>

    Awesome, thanks!  Good to go - just applied and it worked perfectly, no reboot needed.

    Good stuff!  If we can somehow show a release note or a description with the new version # in the updater, that would be even more awesome.

    Would be great to see what changed yes. And maybe also a notice in there if you need to reboot or not. So you can wait for a later time if it does need a reboot.

    also did the update but it doesn't update the version number?

    2.3-RELEASE (amd64)
    built on Mon Apr 11 18:10:34 CDT 2016
    FreeBSD 10.3-RELEASE

    The system is on the latest version.



  • This seems to be a very specific update and you are only able to identify if it's applied going to System > Update.

    If you aplied it you will see here the 2.3_1, on main page you will only see 2.3-RELEASE.


    Are you sure you want to update pfSense system?
    Current Base System 2.3_1
    Latest Base System 2.3_1
    System is up to date

    And I also would like to know what this "update" fixed/changed.



  • A system mail would be nice if a system or package update is available.



  • @x-ecuter ntpd got an update


  • Administrator



  • Flawless update. Slick stuff :)



  • Slick update, I agree.

    Updating via System / Update / System Update included an update of an out-of-date package (pfBlockerNG), without asking or alerting, just doing it as part of the system update. Is this as expected, or a bug?



  • @bplein:

    Updating via System / Update / System Update included an update of an out-of-date package (pfBlockerNG), without asking or alerting, just doing it as part of the system update. Is this as expected, or a bug?

    That's expected, though should probably be made more clear. It's the same in that regard as it's always been, every base system update also updates all your packages. And significantly better than it used to be, since it'll only upgrade packages that are outdated (where 2.2.x and earlier would uninstall and reinstall all packages even if they were already up to date).



  • >>> Updating repositories metadata... 
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up-to-date.
    Updating pfSense repository catalogue...
    pfSense repository is up-to-date.
    All repositories are up-to-date.
    >>> Unlocking package pfSense-kernel-pfSense... done.
    >>> Downloading upgrade packages... 
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up-to-date.
    Updating pfSense repository catalogue...
    pfSense repository is up-to-date.
    All repositories are up-to-date.
    Checking for upgrades (5 candidates): ..... done
    Processing candidates (5 candidates): ... done
    The following 2 package(s) will be affected (of 0 checked):
    
    Installed packages to be UPGRADED:
    	pfSense: 2.3 -> 2.3_1 [pfSense]
    	ntp: 4.2.8p6 -> 4.2.8p7 [pfSense]
    
    The process will require 2 KiB more space.
    493 KiB to be downloaded.
    Fetching pfSense-2.3_1.txz: . done
    Fetching ntp-4.2.8p7.txz: .......... done
    Checking integrity... done (0 conflicting)
    >>> Upgrading necessary packages... 
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up-to-date.
    Updating pfSense repository catalogue...
    pfSense repository is up-to-date.
    All repositories are up-to-date.
    Checking for upgrades (5 candidates): ..... done
    Processing candidates (5 candidates): ... done
    Checking integrity... done (0 conflicting)
    The following 2 package(s) will be affected (of 0 checked):
    
    Installed packages to be UPGRADED:
    	pfSense: 2.3 -> 2.3_1 [pfSense]
    	ntp: 4.2.8p6 -> 4.2.8p7 [pfSense]
    
    The process will require 2 KiB more space.
    [1/2] Upgrading ntp from 4.2.8p6 to 4.2.8p7...
    [1/2] Extracting ntp-4.2.8p7: .......... done
    [2/2] Upgrading pfSense from 2.3 to 2.3_1...
    [2/2] Extracting pfSense-2.3_1: ... done
    >>> Removing unnecessary packages... done.
    >>> Cleanup pkg cache... done.
    >>> Locking package pfSense-kernel-pfSense... done.
    Success
    

    Impressed ….. !



  • So 2.3_1 is not 2.3.1 and you can upgrade from 2.3_1 to 2.3.1?

    And, after updating to 2.3_1 it does not actually address the problem until a manual process is performed outside of the update?

    This is really confusing. No?


  • Administrator

    the update should be referred to it's full name, 2.3.0_1, to minimize confusion. And yes you will be able to update to 2.3.1.



  • @jdillard:

    it's full name, 2.3.0_1, to minimize confusion.

    Are you sure you minimize confusion with this 'unexpected' naming scheme?
    A lot of different options come to mind that may have been easier to understand. But maybe not to implement into your system?



  • pfSense team, please change the naming scheme. And, please restart all the necessary services after a patch is applied to minimize  misconfigured/unpatched production systems.



  • Nice new update system.  Works pretty well.  Happy to see no reboot required for this one.  Yes would like to see release notes in the updater to give us an idea what to expect and anything we need to do.

    No, I wouldn't want automatic restart of services long as the updater tells me which ones I need to restart since in production it may disrupt anybody using it.


  • Banned

    …would like to see some frequent updates for openSSL in the future ;-)

    https://www.openssl.org/news/secadv/20160503.txt



  • @vergilis:

    pfSense team, please change the naming scheme. And, please restart all the necessary services after a patch is applied to minimize  misconfigured/unpatched production systems.

    +1 for this



  • @2chemlud:

    …would like to see some frequent updates for openSSL in the future ;-)

    https://www.openssl.org/news/secadv/20160503.txt

    Now that little updates of individual components can happen fairly easily, in some ways security updates for stuff like this could be done routinely, even if the particular security holes that are patched do not directly apply to pfSense use cases. Then people (or dumb security checking scripts) that check the version of these things will find it is up-to-date and be happy.

    Of course there are the overheads in doing this of:
    a) pfSense core people have to do a reasonable range of testing to avoid regressions.
    b) Firewall admins may not appreciate having a (even small) update every couple of weeks, when it is strictly not essential.



  • We can put out an update with much less of a test routine as in the past since testing can be limited to things that changed. But yeah one like openssl requires a lot more care than ntpd, since it touches a lot of things. The openssl fix is in 2.3.1 already. We're possibly releasing 2.3.1 soon enough that it'll be the first including it. If that's going to take a bit longer, we'll do a 2.3.0_2.



  • And when it gets to 2.4, to save confusion over the _1 _2 patches naming convention, it would be good to call it 2.4.0 - then every release has 3 numbers in it up front, and the patches add to the end - 2.4.0_1 …
    Thus version 3 (one day/year!) would be 3.0.0



  • @phil.davis:

    And when it gets to 2.4, to save confusion over the _1 _2 patches naming convention, it would be good to call it 2.4.0

    Definitely, it ends up being too confusing without the implied zero there.



  • 2.3a, 2.3b would have been way easier to understand than 2.3_1 while working on 2.3.1
    But it's better than releasing an updated 2.x version without suffix which we already had as well…



  • the new updating system is awesome!!!



  • @nima:

    A system mail would be nice if a system or package update is available.

    Hello.

    It can be done simply with php:

    Notifier package & platform updates via email.
    https://www.javcasta.com/bounties/#notifier_package_plarform

    Regards.


Log in to reply