Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - gerald_martin

Pages: [1]

23.7 Legacy Series / Re: Unable to upgrade from 23.1.11 to current 23.7.5

« on: October 11, 2023, 03:57:17 am »

@franco Thank you, this solved it! Here's output from the upgrade audit, which is now there as expected:

The Lobby now says running 23.7.5

However - the check for updates now returns this (see image) Why would it be wanting to download 23.7.4 packages if we are now running 23.7.5?

Or maybe I'm not understanding something.

GM

23.7 Legacy Series / Re: Unable to upgrade from 23.1.11 to current 23.7.5

« on: October 10, 2023, 03:31:34 pm »

Hello Franco, I've looked but have not found it. Is this the correct place? Appreciate any help you can offer.

23.7 Legacy Series / Re: Unable to upgrade from 23.1.11 to current 23.7.5

« on: October 10, 2023, 04:10:01 am »

Have used multiple mirrors, no apparent change.

But this is WEIRD - do I have an update partially completed?

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 23.1.11_2 at Mon Oct 9 21:06:28 CDT 2023
>>> Check installed kernel version
Version 23.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-nextcloud-backup 1.0_1
os-upnp 1.5_3
os-wireguard 1.13_5
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..
ca_root_nss-3.91 version mismatch, expected 3.89.1
Checking packages: ........................
opnsense-update-23.7 version mismatch, expected 23.1.11
Checking packages: .......................
py39-dnspython-2.4.0,1 version mismatch, expected 2.3.0,1
Checking packages: .
py39-duckdb-0.8.1 version mismatch, expected 0.6.1
Checking packages: ..
py39-numpy-1.25.0,1 version mismatch, expected 1.24.1_4,1
Checking packages: .
py39-pandas-2.0.3,1 version mismatch, expected 2.0.2,1
Checking packages: ....
py39-vici-5.9.11 version mismatch, expected 5.9.10
Checking packages: ......
sudo-1.9.14p3 version mismatch, expected 1.9.13p3
Checking packages: .
suricata-6.0.13_1 version mismatch, expected 6.0.13
Checking packages: ..
unbound-1.17.1_3 version mismatch, expected 1.17.1_2
Checking packages: .. done
***DONE***

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 23.1.11_2 at Mon Oct 9 21:08:28 CDT 2023
Checking connectivity for host: mirrors.nycbug.org -> 66.111.2.15
PING 66.111.2.15 (66.111.2.15): 1500 data bytes
1508 bytes from 66.111.2.15: icmp_seq=0 ttl=56 time=33.917 ms
1508 bytes from 66.111.2.15: icmp_seq=1 ttl=56 time=33.892 ms
1508 bytes from 66.111.2.15: icmp_seq=2 ttl=56 time=33.918 ms
1508 bytes from 66.111.2.15: icmp_seq=3 ttl=56 time=33.869 ms

--- 66.111.2.15 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 33.869/33.899/33.918/0.020 ms
Checking connectivity for repository (IPv4): http://mirrors.nycbug.org/pub/opnsense/FreeBSD:13:amd64/23.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 835 packages processed.
All repositories are up to date.
No IPv6 address could be found for host: mirrors.nycbug.org
***DONE***

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 23.1.11_2 at Mon Oct 9 21:09:06 CDT 2023
vulnxml file up-to-date
openssl-1.1.1u,1 is vulnerable:
OpenSSL -- Excessive time spent checking DH q parameter value
CVE: CVE-2023-3817
WWW: https://vuxml.FreeBSD.org/freebsd/bad6588e-2fe0-11ee-a0d1-84a93843eb75.html

krb5-1.21.1 is vulnerable:
krb5 -- Double-free in KDC TGS processing
CVE: CVE-2023-39975
WWW: https://vuxml.FreeBSD.org/freebsd/a6986f0f-3ac0-11ee-9a88-206a8a720317.html

python39-3.9.17 is vulnerable:
Python -- multiple vulnerabilities
CVE: CVE-2023-40217
WWW: https://vuxml.FreeBSD.org/freebsd/a57472ba-4d84-11ee-bf05-000c29de725b.html

curl-8.1.2 is vulnerable:
curl -- HTTP headers eat all memory
CVE: CVE-2023-38039
WWW: https://vuxml.FreeBSD.org/freebsd/833b469b-5247-11ee-9667-080027f5fec9.html

4 problem(s) in 4 installed package(s) found.
***DONE***

23.7 Legacy Series / Re: Unable to upgrade from 23.1.11 to current 23.7.5

« on: October 08, 2023, 02:31:01 am »

Actually, since that attempt seemed to hang, I rebooted and re-downloaded update. This is the result.

***GOT REQUEST TO UPGRADE***
Currently running OPNsense 23.1.11_2 at Sat Oct 7 19:28:20 CDT 2023
Fetching packages-23.7-amd64.tar: .......................................... done
Extracting packages-23.7-amd64.tar... done
Please reboot.
>>> Invoking upgrade script 'unbound-duckdb.py'
Unbound DNS database export not required.
***DONE***

PS: I rebooted. No change, still 23.1.11_2 version

23.7 Legacy Series / Unable to upgrade from 23.1.11 to current 23.7.5

« on: October 08, 2023, 02:13:03 am »

Hello all,

I'm unable to complete an update to one of my servers.

Usually it appears to download the package, and says reboot - but reboot brings back up the current 23.1.11 version.

Today I get this:

***GOT REQUEST TO UPGRADE***
Currently running OPNsense 23.1.11_2 at Sat Oct 7 18:12:39 CDT 2023
Fetching packages-23.7-amd64.tar: ...

Would appreciate ideas! Could there be a conflicting package? Is there more I can try short of upgrading from a new system image?

Gerald

Pages: [1]