From owner-freebsd-bugs@FreeBSD.ORG Fri Aug 7 09:40:03 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 999E01065674 for ; Fri, 7 Aug 2009 09:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 76CA98FC19 for ; Fri, 7 Aug 2009 09:40:03 +0000 (UTC) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n779e3rw057708 for ; Fri, 7 Aug 2009 09:40:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n779e387057707; Fri, 7 Aug 2009 09:40:03 GMT (envelope-from gnats) Resent-Date: Fri, 7 Aug 2009 09:40:03 GMT Resent-Message-Id: <200908070940.n779e387057707@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Vedad KAJTAZ Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2FB3A106566B for ; Fri, 7 Aug 2009 09:36:37 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 04F678FC18 for ; Fri, 7 Aug 2009 09:36:37 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n779aaxL094371 for ; Fri, 7 Aug 2009 09:36:36 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n779aasU094370; Fri, 7 Aug 2009 09:36:36 GMT (envelope-from nobody) Message-Id: <200908070936.n779aasU094370@www.freebsd.org> Date: Fri, 7 Aug 2009 09:36:36 GMT From: Vedad KAJTAZ To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: misc/137514: freebsd-update doesn't update the system under some circumstances X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Aug 2009 09:40:03 -0000 >Number: 137514 >Category: misc >Synopsis: freebsd-update doesn't update the system under some circumstances >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 07 09:40:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Vedad KAJTAZ >Release: 7.0-RELEASE-p7 >Organization: >Environment: FreeBSD ns1.osilex.net 7.0-RELEASE-p7 FreeBSD 7.0-RELEASE-p7 #0: Sun Dec 21 12:33:45 UTC 2008 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: Hello, freebsd-update is unable to update my system and my jails. ns1.******.net is my name server jail. It is vulnerable to the bind DOS discovered in july 2009, but freebsd-update doesn't upgrade it: [root@ns1 /]$ freebsd-update fetch Looking up update.FreeBSD.org mirrors... 3 mirrors found. Fetching metadata signature for 7.0-RELEASE from update5.FreeBSD.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. No updates needed to update system to 7.0-RELEASE-p12. WARNING: FreeBSD 7.0-RELEASE-p7 HAS PASSED ITS END-OF-LIFE DATE. Any security issues discovered after Fri May 1 02:00:00 CEST 2009 will not have been corrected. BUT, when cloning the jail, freebsd-update works on the clone: [root@kenny jails]$ /etc/rc.d/jail stop ns1 [root@kenny jails]$ rsync -a -A -X -x -P ns1/ ns1ghost I've then duplicated jail's entry in host's /etc/rc.conf, duplicated the fstab file and changed named's listen ip adress, and finally started the clone: [root@kenny jails]$ /etc/rc.d/jail start ns1ghost [root@kenny jails]$ jexec 17 /usr/local/bin/bash -l [root@ns1ghost /]$ freebsd-update fetch Looking up update.FreeBSD.org mirrors... 3 mirrors found. Fetching metadata signature for 7.0-RELEASE from update5.FreeBSD.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. The following files will be updated as part of updating to 7.0-RELEASE-p12: /usr/sbin/named /usr/sbin/named-compilezone WARNING: FreeBSD 7.0-RELEASE-p7 HAS PASSED ITS END-OF-LIFE DATE. Any security issues discovered after Fri May 1 02:00:00 CEST 2009 will not have been corrected. I have no idea why this works on the clone and not the original jail. diff -r shows totally identical systems. Restarting the original jail doesn't help either. Therefore I guess it is somehow related to file timestamps. Thanks, Best regards >How-To-Repeat: Always reproduceable on my server. ns1 never patches, ns1ghost always patches. >Fix: >Release-Note: >Audit-Trail: >Unformatted: