From nobody@FreeBSD.org  Fri Aug  7 09:36:37 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2FB3A106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  7 Aug 2009 09:36:37 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 04F678FC18
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  7 Aug 2009 09:36:37 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n779aaxL094371
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 7 Aug 2009 09:36:36 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n779aasU094370;
	Fri, 7 Aug 2009 09:36:36 GMT
	(envelope-from nobody)
Message-Id: <200908070936.n779aasU094370@www.freebsd.org>
Date: Fri, 7 Aug 2009 09:36:36 GMT
From: Vedad KAJTAZ <vedad@kajtaz.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: freebsd-update doesn't update the system under some circumstances
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         137514
>Category:       bin
>Synopsis:       freebsd-update(8) doesn't update the system under some circumstances
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    cperciva
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 07 09:40:02 UTC 2009
>Closed-Date:    
>Last-Modified:  Mon Mar 12 02:03:02 UTC 2012
>Originator:     Vedad KAJTAZ
>Release:        7.0-RELEASE-p7
>Organization:
>Environment:
FreeBSD ns1.osilex.net 7.0-RELEASE-p7 FreeBSD 7.0-RELEASE-p7 #0: Sun Dec 21 12:33:45 UTC 2008     root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
Hello,

freebsd-update is unable to update my system and my jails.

ns1.******.net is my name server jail. It is vulnerable to the bind DOS discovered in july 2009, but freebsd-update doesn't upgrade it:

[root@ns1 /]$ freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 7.0-RELEASE from update5.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 7.0-RELEASE-p12.

WARNING: FreeBSD 7.0-RELEASE-p7 HAS PASSED ITS END-OF-LIFE DATE.
Any security issues discovered after Fri May  1 02:00:00 CEST 2009
will not have been corrected.


BUT, when cloning the jail, freebsd-update works on the clone:

[root@kenny jails]$ /etc/rc.d/jail stop ns1
[root@kenny jails]$ rsync -a -A -X -x -P ns1/ ns1ghost

I've then duplicated jail's entry in host's /etc/rc.conf, duplicated the fstab file and changed named's listen ip adress, and finally started the clone:

[root@kenny jails]$ /etc/rc.d/jail start ns1ghost
[root@kenny jails]$ jexec 17 /usr/local/bin/bash -l
[root@ns1ghost /]$ freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 7.0-RELEASE from update5.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files will be updated as part of updating to 7.0-RELEASE-p12:
/usr/sbin/named
/usr/sbin/named-compilezone

WARNING: FreeBSD 7.0-RELEASE-p7 HAS PASSED ITS END-OF-LIFE DATE.
Any security issues discovered after Fri May  1 02:00:00 CEST 2009
will not have been corrected.


I have no idea why this works on the clone and not the original jail.

diff -r shows totally identical systems.

Restarting the original jail doesn't help either.

Therefore I guess it is somehow related to file timestamps.

Thanks,
Best regards

>How-To-Repeat:
Always reproduceable on my server. ns1 never patches, ns1ghost always patches.
>Fix:


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: remko 
State-Changed-When: Fri Aug 7 19:04:04 UTC 2009 
State-Changed-Why:  
Probably the jail has no metadata about the upgrade yet and fetches the 
very latest information available. The 7.0 version is no longer 
supported so it's not that weird that no new updates are being pushed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=137514 

From: Vedad KAJTAZ <vedad@kajtaz.net>
To: bug-followup@FreeBSD.org, vedad@kajtaz.net
Cc:  
Subject: Re: misc/137514: freebsd-update doesn't update the system under some
 circumstances
Date: Mon, 10 Aug 2009 12:20:17 +0200

 Hi,
 
 I'm afraid you did not read my report carefully.
 When I duplicate the jail (cp or Rsync), it does patch to 7.0-RELEASE-p12.
 But the original jail does not, probably due to some file timestamp 
 related problem.
 
 
 Best regards,
State-Changed-From-To: closed->open 
State-Changed-By: linimon 
State-Changed-When: Mon Aug 10 15:45:39 UTC 2009 
State-Changed-Why:  
Apparently this is still a problem. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=137514 
Responsible-Changed-From-To: freebsd-bugs->cperciva 
Responsible-Changed-By: remko 
Responsible-Changed-When: Tue Aug 11 06:09:29 UTC 2009 
Responsible-Changed-Why:  
Over to the author 

http://www.freebsd.org/cgi/query-pr.cgi?pr=137514 
>Unformatted:
