TrueNAS 12.0-U8 Released

[eturgeon]

TrueNAS Community,

TrueNAS 12.0-U8 has been released! 12.0-u8 and includes several fixes, improvements, and features. These include OpenZFS 2.0, New “Console Port” and “TLS Server URI” input fields in the S3 service configuration form, Direct link to the TrueNAS Upgrades article from the update screen.

CVE Notice
All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read-write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The CVE does not affect TrueNAS in its default configuration. However, it impacts configurations where users have opted to share the same paths simultaneously via AFP and SMB. Therefore, we recommend users upgrade to 12.0-U8 as soon as possible to eliminate this security risk.

Source: CVE-2022-44142
Release Notes: https://www.truenas.com/docs/releasenotes/core/12.0u8/
Download: https://www.truenas.com/download-truenas-core/

Thanks for using TrueNAS, and we appreciate all your feedback!

 

[mistermanko]

Great and massive thanks to the team!

 

[PDM]

Boom. Here I go... #upgrade

 

[msbxa]

Done upgrade to TrueNAS-12.0.U8 and no issues but got a warning of SMB share of /mnt/msbxxx/mexxx is writable via NFS protocol and therefore susceptible to CVE 2021-20316.

 

[anodos]

Done upgrade to TrueNAS-12.0.U8 and no issues but got a warning of SMB share of /mnt/msbxxx/mexxx is writable via NFS protocol and therefore susceptible to CVE 2021-20316.

https://jira.ixsystems.com/browse/NAS-113284

I've asked our documentation team to update the release notes to include the notification explaining the new alert.

 

[Samuel Tai]

Done upgrade to TrueNAS-12.0.U8 and no issues but got a warning of SMB share of /mnt/msbxxx/mexxx is writable via NFS protocol and therefore susceptible to CVE 2021-20316.

I received the same warning. The underlying race condition can't be remediated in Samba 4.13, thus the warning. For my part, I have the share exhibiting the warning restricted to a single workstation IP, so it's not really an issue in my environment.

We'll need to wait for TrueNAS Core 13, which includes Samba 4.15 which resolves the race condition.

 

[adrianwi]

Do the reports work? I'll get my coat...

 

[Samuel Tai]

Yes, Reporting works again.

 

[ThreeDee]

update -U8 went without a hitch

Jails updated to 12.2-RELEASE-p13 now too

 

[jermak]

I have problem:

My NAS crashed while make sending a backup to it. maybe this was triggered by the update.

I cannot get the automatic update , get a message that the network is faulty;
Unable to connect to url https://update-master.ixsystems.com/TrueNAS/trains.txt: Automatic update check failed. Please check system network settings.
IP is Ok and Gateway is ok.

Than manually: downloaded the 12.8 iso, but while choosing the update file , cannot see the iso, when shifting to all files , can select iso, than the
update starts but get the following message:

======
Error: Traceback (most recent call last):
File "/usr/local/lib/freenasOS/Update.py", line 1258, in ExtractFrozenUpdate
with tarfile.open(tarball) as tf:
File "/usr/local/lib/python3.9/tarfile.py", line 1616, in open
raise ReadError("file could not be opened successfully")
tarfile.ReadError: file could not be opened successfully

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 367, in run
await self.future
File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 403, in __run_body
rv = await self.method(*([self] + args))
File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 975, in nf
return await f(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/update.py", line 389, in file
await self.middleware.call('update.install_manual_impl', job, destfile, dest_extracted)
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1256, in call
return await self._call(
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1224, in _call
return await self.run_in_executor(prepared_call.executor, methodobj, *prepared_call.args)
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1128, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 52, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/update_/install_freebsd.py", line 56, in install_manual_impl
Update.ExtractFrozenUpdate(path, dest_extracted, verbose=True)
File "/usr/local/lib/freenasOS/Update.py", line 1278, in ExtractFrozenUpdate
raise Exceptions.UpdateBadFrozenFile("Bad tar file {0}".format(tarball))
NameError: name 'Exceptions' is not defined
===========

What to do reinstall ? no critical data on NAS

 

[Samuel Tai]

For a manual update, don't use the ISO, but the TAR file: https://download.freenas.org/12.0/STABLE/U8/TrueNAS-12.0-U8-manual-update.tar.

 

[jermak]

Thanks, Maybe eturgeon, can add the link in his next posts.
Managed to solve, by re-installing with a new image from a Mem-stick.
System recognised that there was an old version installed and used the 12.8 Image to upgrade.

 

[NASbox]

Anyone found any downsides to the upgrade? I know there is a message referring CVE-2022-44142, but IIUC this isn't a new issue. Previous releases did not warn, but had the issue. Ignorance may be bliss, but not safety ;-)

P.S.: Thanks to the team for all their great work.

 

[anodos]

Anyone found any downsides to the upgrade? I know there is a message referring CVE-2022-44142, but IIUC this isn't a new issue. Previous releases did not warn, but had the issue. Ignorance may be bliss, but not safety ;-)

P.S.: Thanks to the team for all their great work.

Right, the goal is to help people make informed decisions about risk management. Since this wasn't fixable in 12-stable without running serious risk of regression (major version bump), we opted for a warning if you're affected.

 

[Samuel Tai]

Anyone found any downsides to the upgrade? I know there is a message referring CVE-2022-44142, but IIUC this isn't a new issue. Previous releases did not warn, but had the issue. Ignorance may be bliss, but not safety ;-)

P.S.: Thanks to the team for all their great work.

U8 has been running very smoothly for me. I've not yet encountered any niggling bugs yet, other than the CVE warning.

 

[NASbox]

Right, the goal is to help people make informed decisions about risk management. Since this wasn't fixable in 12-stable without running serious risk of regression (major version bump), we opted for a warning if you're affected.

Good decision under the circumstances... it isn't a new CVE, and while I don't think it's an issue in my environment/use case I wasn't aware it existed before. I'll likely pull the trigger over the weekend when I've got a bit of time.

 

[Patrick M. Hausen]

Completely trouble-free update, thanks, folks!

I'll wait for an "alpha" or "prerelease" before I take a deep dive into 13. Although I am chomping at the bit given my experience with FreeBSD 13 ...

 

[NASbox]

I am chomping at the bit given my experience with FreeBSD 13 ...

I'm curious.... does this have any impact (hopefully positive) on me as a user?

 

[Patrick M. Hausen]

If you are running a couple of jails and/or VMs the improvements in the bridge(4) interface that is used to connect them to your network are massive.

 

[NASbox]

If you are running a couple of jails and/or VMs the improvements in the bridge(4) interface that is used to connect them to your network are massive.

I think I ran into that issue.... as I recall I had to turn off some setting or I was getting dialup thoughput... it was totally pathetic. Are you fixed in the BSD camp, or are you thinking about SCALE once it is stable/ready for production?