Date: Fri, 7 Aug 2009 09:36:36 GMT From: Vedad KAJTAZ <vedad@kajtaz.net> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/137514: freebsd-update doesn't update the system under some circumstances Message-ID: <200908070936.n779aasU094370@www.freebsd.org> Resent-Message-ID: <200908070940.n779e387057707@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 137514 >Category: misc >Synopsis: freebsd-update doesn't update the system under some circumstances >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 07 09:40:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Vedad KAJTAZ >Release: 7.0-RELEASE-p7 >Organization: >Environment: FreeBSD ns1.osilex.net 7.0-RELEASE-p7 FreeBSD 7.0-RELEASE-p7 #0: Sun Dec 21 12:33:45 UTC 2008 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: Hello, freebsd-update is unable to update my system and my jails. ns1.******.net is my name server jail. It is vulnerable to the bind DOS discovered in july 2009, but freebsd-update doesn't upgrade it: [root@ns1 /]$ freebsd-update fetch Looking up update.FreeBSD.org mirrors... 3 mirrors found. Fetching metadata signature for 7.0-RELEASE from update5.FreeBSD.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. No updates needed to update system to 7.0-RELEASE-p12. WARNING: FreeBSD 7.0-RELEASE-p7 HAS PASSED ITS END-OF-LIFE DATE. Any security issues discovered after Fri May 1 02:00:00 CEST 2009 will not have been corrected. BUT, when cloning the jail, freebsd-update works on the clone: [root@kenny jails]$ /etc/rc.d/jail stop ns1 [root@kenny jails]$ rsync -a -A -X -x -P ns1/ ns1ghost I've then duplicated jail's entry in host's /etc/rc.conf, duplicated the fstab file and changed named's listen ip adress, and finally started the clone: [root@kenny jails]$ /etc/rc.d/jail start ns1ghost [root@kenny jails]$ jexec 17 /usr/local/bin/bash -l [root@ns1ghost /]$ freebsd-update fetch Looking up update.FreeBSD.org mirrors... 3 mirrors found. Fetching metadata signature for 7.0-RELEASE from update5.FreeBSD.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. The following files will be updated as part of updating to 7.0-RELEASE-p12: /usr/sbin/named /usr/sbin/named-compilezone WARNING: FreeBSD 7.0-RELEASE-p7 HAS PASSED ITS END-OF-LIFE DATE. Any security issues discovered after Fri May 1 02:00:00 CEST 2009 will not have been corrected. I have no idea why this works on the clone and not the original jail. diff -r shows totally identical systems. Restarting the original jail doesn't help either. Therefore I guess it is somehow related to file timestamps. Thanks, Best regards >How-To-Repeat: Always reproduceable on my server. ns1 never patches, ns1ghost always patches. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908070936.n779aasU094370>