From owner-freebsd-questions@freebsd.org  Wed Sep  2 14:33:22 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5D06E9C9B97
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed,  2 Sep 2015 14:33:22 +0000 (UTC)
 (envelope-from luzar722@gmail.com)
Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com
 [IPv6:2607:f8b0:4001:c05::229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 270F6CED;
 Wed,  2 Sep 2015 14:33:22 +0000 (UTC)
 (envelope-from luzar722@gmail.com)
Received: by igbut12 with SMTP id ut12so15245869igb.1;
 Wed, 02 Sep 2015 07:33:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:cc:subject
 :references:in-reply-to:content-type:content-transfer-encoding;
 bh=xZX2jz1nb2aQ4nQHPmh43fqauClOWjODKK39dI5+dVk=;
 b=sKDuKiJ8EZqEWgPg6o7SkTRFjG0eXD/1cBIUofMVL04Wn77wN3javgskTFS+2t2yAk
 ZVhZ4wbfB2JIDL6UqJepjGAQLHSvemCpIroMTJKxOvqhvfOr+ix3KyuubLGg24fmpcJD
 tuf3ZgY/TP7z0rLWKuN+BV2nAjM1I3iLTMGrrTra09BTuow756Lxz8cSnm9O+9a9Q0bQ
 4xrwfiTe0zAEGYv2XciBcM8qeJNHzUqcrvNV6geiAWP/NGytLGtPb3Ix8do/3RijeXAn
 hvFuo8a13xRNOzNEfHtO6ikV6AOaWKPjGV0sbY10HMKgrCtSih/8C9QeY2UGWjDXRwTQ
 +6Mw==
X-Received: by 10.50.80.13 with SMTP id n13mr3569005igx.6.1441204401547;
 Wed, 02 Sep 2015 07:33:21 -0700 (PDT)
Received: from [10.0.10.5] (cpe-76-190-244-6.neo.res.rr.com. [76.190.244.6])
 by smtp.googlemail.com with ESMTPSA id n14sm164142ioi.15.2015.09.02.07.33.20
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 02 Sep 2015 07:33:20 -0700 (PDT)
Message-ID: <55E708B5.7020507@gmail.com>
Date: Wed, 02 Sep 2015 10:33:25 -0400
From: Ernie Luzar <luzar722@gmail.com>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: Matthew Seaman <matthew@FreeBSD.org>
CC: freebsd-questions@freebsd.org
Subject: Re: fail to fetch vulnxml file each night, as seen in daily security, 
 run output.
References: <55E700C9.4080000@gmail.com> <55E70319.7060604@FreeBSD.org>
In-Reply-To: <55E70319.7060604@FreeBSD.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 14:33:22 -0000

Matthew Seaman wrote:
> On 2015/09/02 14:59, Ernie Luzar wrote:
>   
>> I get the following message in the daily security run output on both my
>> 10.1 and 10.2 systems. Both which were installed from scratch using a
>> cdisc1.iso file.
>>
>> Checking for packages with security vulnerabilities:
>> pkg: 
>>     
> : No route to host
>   
>> pkg: cannot fetch vulnxml file
>>     
>
> Well? Did you verify if you could fetch the audit file manually?  Try:
>
> # pkg audit -F
>
> If that doesn't work, start investigating why your jails can't connect
> properly.  vuxml.freebsd.org is on a GeoIP load balancer, so you should
> get directed to a nearby mirror.
>
> Try this -- you should see similar output, but probably to a different
> IP number:
>
> # curl -v -o /dev/null http://vuxml.freebsd.org/freebsd/vuln.xml.bz2
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time
> Current
>                                  Dload  Upload   Total   Spent    Left
> Speed
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>     0*   Trying 2001:41c8:112:8300::50:5...
> * Connected to vuxml.freebsd.org (2001:41c8:112:8300::50:5) port 80 (#0)
>   
>> GET /freebsd/vuln.xml.bz2 HTTP/1.1
>> Host: vuxml.freebsd.org
>> User-Agent: curl/7.43.0
>> Accept: */*
>>
>>     
> < HTTP/1.1 200 OK
> < Date: Wed, 02 Sep 2015 14:05:36 GMT
> < Content-Type: application/x-bzip
> < Content-Length: 538363
> < Last-Modified: Wed, 02 Sep 2015 00:35:15 GMT
> < Connection: keep-alive
> < ETag: "55e64443-836fb"
> < Server: ToTheCloud/v0.01beta
> < Accept-Ranges: bytes
> <
> { [11164 bytes data]
> 100  525k  100  525k    0     0  4511k      0 --:--:-- --:--:-- --:--:--
> 4571k
> * Connection #0 to host vuxml.freebsd.org left intact
>
> If it doesn't work, it should at least give you some clues as to what is
> going wrong.  If it does work, then see if the daily cron job has
> mysteriously started working again, in which case you can put the
> problem down to something temporary; outside your network and beyond
> your control.
>
>   
>> -- End of security output --
>>
>>
>> Is this normal by design?
>>     
>
> Why would we publish a script that intentionally doesn't work?  No, it
> isn't normal and neither is it by design.
>
> 	Cheers,
>
> 	Matthew
>
>
>   

I just ran "pkg audit -F" command and got the same message again.
When I launch http://vuxml.freebsd.org/freebsd/vuln.xml.bz2 in my 
browser I get a 404.
This means the vuln.xml.bz2  file is not present.