TrueNAS 12.0-U8 Released

eturgeon

Super Moderator
Moderator
iXsystems
Joined
Nov 29, 2021
Messages
60
TrueNAS Community,

TrueNAS 12.0-U8 has been released! 12.0-u8 and includes several fixes, improvements, and features. These include OpenZFS 2.0, New “Console Port” and “TLS Server URI” input fields in the S3 service configuration form, Direct link to the TrueNAS Upgrades article from the update screen.

CVE Notice
All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read-write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The CVE does not affect TrueNAS in its default configuration. However, it impacts configurations where users have opted to share the same paths simultaneously via AFP and SMB. Therefore, we recommend users upgrade to 12.0-U8 as soon as possible to eliminate this security risk.

Source: CVE-2022-44142
Release Notes: https://www.truenas.com/docs/releasenotes/core/12.0u8/
Download: https://www.truenas.com/download-truenas-core/

Thanks for using TrueNAS, and we appreciate all your feedback!
 
Joined
Jan 27, 2020
Messages
577
Great :cool: and massive thanks to the team!
 

PDM

Dabbler
Joined
Dec 17, 2011
Messages
24
Boom. Here I go... #upgrade
 

msbxa

Contributor
Joined
Sep 21, 2014
Messages
151
Done upgrade to TrueNAS-12.0.U8 and no issues but got a warning of SMB share of /mnt/msbxxx/mexxx is writable via NFS protocol and therefore susceptible to CVE 2021-20316.
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
Done upgrade to TrueNAS-12.0.U8 and no issues but got a warning of SMB share of /mnt/msbxxx/mexxx is writable via NFS protocol and therefore susceptible to CVE 2021-20316.

I received the same warning. The underlying race condition can't be remediated in Samba 4.13, thus the warning. For my part, I have the share exhibiting the warning restricted to a single workstation IP, so it's not really an issue in my environment.

We'll need to wait for TrueNAS Core 13, which includes Samba 4.15 which resolves the race condition.
 

adrianwi

Guru
Joined
Oct 15, 2013
Messages
1,231
Do the reports work? I'll get my coat...

:grin:
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
Yes, Reporting works again.
 

ThreeDee

Guru
Joined
Jun 13, 2013
Messages
698
update -U8 went without a hitch

Jails updated to 12.2-RELEASE-p13 now too
 

jermak

Cadet
Joined
Jun 26, 2012
Messages
2
I have problem:

My NAS crashed while make sending a backup to it. maybe this was triggered by the update.

I cannot get the automatic update , get a message that the network is faulty;
Unable to connect to url https://update-master.ixsystems.com/TrueNAS/trains.txt: Automatic update check failed. Please check system network settings.
IP is Ok and Gateway is ok.

Than manually: downloaded the 12.8 iso, but while choosing the update file , cannot see the iso, when shifting to all files , can select iso, than the
update starts but get the following message:

======
Error: Traceback (most recent call last):
File "/usr/local/lib/freenasOS/Update.py", line 1258, in ExtractFrozenUpdate
with tarfile.open(tarball) as tf:
File "/usr/local/lib/python3.9/tarfile.py", line 1616, in open
raise ReadError("file could not be opened successfully")
tarfile.ReadError: file could not be opened successfully

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 367, in run
await self.future
File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 403, in __run_body
rv = await self.method(*([self] + args))
File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 975, in nf
return await f(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/update.py", line 389, in file
await self.middleware.call('update.install_manual_impl', job, destfile, dest_extracted)
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1256, in call
return await self._call(
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1224, in _call
return await self.run_in_executor(prepared_call.executor, methodobj, *prepared_call.args)
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1128, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 52, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/update_/install_freebsd.py", line 56, in install_manual_impl
Update.ExtractFrozenUpdate(path, dest_extracted, verbose=True)
File "/usr/local/lib/freenasOS/Update.py", line 1278, in ExtractFrozenUpdate
raise Exceptions.UpdateBadFrozenFile("Bad tar file {0}".format(tarball))
NameError: name 'Exceptions' is not defined
===========

What to do reinstall ? no critical data on NAS
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398

jermak

Cadet
Joined
Jun 26, 2012
Messages
2
Thanks, Maybe eturgeon, can add the link in his next posts.
Managed to solve, by re-installing with a new image from a Mem-stick.
System recognised that there was an old version installed and used the 12.8 Image to upgrade.
 

NASbox

Guru
Joined
May 8, 2012
Messages
644
Anyone found any downsides to the upgrade? I know there is a message referring CVE-2022-44142, but IIUC this isn't a new issue. Previous releases did not warn, but had the issue. Ignorance may be bliss, but not safety ;-)

P.S.: Thanks to the team for all their great work.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,543
Anyone found any downsides to the upgrade? I know there is a message referring CVE-2022-44142, but IIUC this isn't a new issue. Previous releases did not warn, but had the issue. Ignorance may be bliss, but not safety ;-)

P.S.: Thanks to the team for all their great work.
Right, the goal is to help people make informed decisions about risk management. Since this wasn't fixable in 12-stable without running serious risk of regression (major version bump), we opted for a warning if you're affected.
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
Anyone found any downsides to the upgrade? I know there is a message referring CVE-2022-44142, but IIUC this isn't a new issue. Previous releases did not warn, but had the issue. Ignorance may be bliss, but not safety ;-)

P.S.: Thanks to the team for all their great work.

U8 has been running very smoothly for me. I've not yet encountered any niggling bugs yet, other than the CVE warning.
 

NASbox

Guru
Joined
May 8, 2012
Messages
644
Right, the goal is to help people make informed decisions about risk management. Since this wasn't fixable in 12-stable without running serious risk of regression (major version bump), we opted for a warning if you're affected.
Good decision under the circumstances... it isn't a new CVE, and while I don't think it's an issue in my environment/use case I wasn't aware it existed before. I'll likely pull the trigger over the weekend when I've got a bit of time.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737
Completely trouble-free update, thanks, folks!

I'll wait for an "alpha" or "prerelease" before I take a deep dive into 13. Although I am chomping at the bit given my experience with FreeBSD 13 ...
 

NASbox

Guru
Joined
May 8, 2012
Messages
644

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737
If you are running a couple of jails and/or VMs the improvements in the bridge(4) interface that is used to connect them to your network are massive.
 

NASbox

Guru
Joined
May 8, 2012
Messages
644
If you are running a couple of jails and/or VMs the improvements in the bridge(4) interface that is used to connect them to your network are massive.
I think I ran into that issue.... as I recall I had to turn off some setting or I was getting dialup thoughput... it was totally pathetic. Are you fixed in the BSD camp, or are you thinking about SCALE once it is stable/ready for production?
 
Top