Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 02 Sep 2015 10:33:25 -0400
From:      Ernie Luzar <luzar722@gmail.com>
To:        Matthew Seaman <matthew@FreeBSD.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: fail to fetch vulnxml file each night, as seen in daily security,  run output.
Message-ID:  <55E708B5.7020507@gmail.com>
In-Reply-To: <55E70319.7060604@FreeBSD.org>
References:  <55E700C9.4080000@gmail.com> <55E70319.7060604@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote:
> On 2015/09/02 14:59, Ernie Luzar wrote:
>   
>> I get the following message in the daily security run output on both my
>> 10.1 and 10.2 systems. Both which were installed from scratch using a
>> cdisc1.iso file.
>>
>> Checking for packages with security vulnerabilities:
>> pkg: 
>>     
> : No route to host
>   
>> pkg: cannot fetch vulnxml file
>>     
>
> Well? Did you verify if you could fetch the audit file manually?  Try:
>
> # pkg audit -F
>
> If that doesn't work, start investigating why your jails can't connect
> properly.  vuxml.freebsd.org is on a GeoIP load balancer, so you should
> get directed to a nearby mirror.
>
> Try this -- you should see similar output, but probably to a different
> IP number:
>
> # curl -v -o /dev/null http://vuxml.freebsd.org/freebsd/vuln.xml.bz2
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time
> Current
>                                  Dload  Upload   Total   Spent    Left
> Speed
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>     0*   Trying 2001:41c8:112:8300::50:5...
> * Connected to vuxml.freebsd.org (2001:41c8:112:8300::50:5) port 80 (#0)
>   
>> GET /freebsd/vuln.xml.bz2 HTTP/1.1
>> Host: vuxml.freebsd.org
>> User-Agent: curl/7.43.0
>> Accept: */*
>>
>>     
> < HTTP/1.1 200 OK
> < Date: Wed, 02 Sep 2015 14:05:36 GMT
> < Content-Type: application/x-bzip
> < Content-Length: 538363
> < Last-Modified: Wed, 02 Sep 2015 00:35:15 GMT
> < Connection: keep-alive
> < ETag: "55e64443-836fb"
> < Server: ToTheCloud/v0.01beta
> < Accept-Ranges: bytes
> <
> { [11164 bytes data]
> 100  525k  100  525k    0     0  4511k      0 --:--:-- --:--:-- --:--:--
> 4571k
> * Connection #0 to host vuxml.freebsd.org left intact
>
> If it doesn't work, it should at least give you some clues as to what is
> going wrong.  If it does work, then see if the daily cron job has
> mysteriously started working again, in which case you can put the
> problem down to something temporary; outside your network and beyond
> your control.
>
>   
>> -- End of security output --
>>
>>
>> Is this normal by design?
>>     
>
> Why would we publish a script that intentionally doesn't work?  No, it
> isn't normal and neither is it by design.
>
> 	Cheers,
>
> 	Matthew
>
>
>   

I just ran "pkg audit -F" command and got the same message again.
When I launch http://vuxml.freebsd.org/freebsd/vuln.xml.bz2 in my 
browser I get a 404.
This means the vuln.xml.bz2  file is not present.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55E708B5.7020507>