Bug #6858
closed2.3.X is not properly updating packages
0%
Description
2.3.X is not updating files properly. See forum thread https://forum.pfsense.org/index.php?topic=119344.msg662359#msg662359 for detail.
Updated by Jim Thompson over 8 years ago
- Assignee set to Renato Botelho
- Priority changed from High to Very High
Updated by Renato Botelho over 8 years ago
- Status changed from New to Not a Bug
Actually it's not a bug, it's expected and it's how pkg is designed to work.
When we moved to 2.3.2_1 we cherry-picked some package upgrades from FreeBSD ports tree since these upgrades fixes some vulnerabilities listed by 'pkg audit'. Following ports were updated:
php56
perl5
libxml2
libidn
curl
Due to these updates, when poudriere starts to build our ports set, it deletes all packages that depends of above listed packages and rebuild them. At this time, strongswan was rebuilt as many other ports, and a new package with same version was created.
This new package was included in 2.3.2-p1, so when you install it directly you will see the new package, and checksum differs.
During upgrade, since any shared library version has bumped, pkg understands packages like strongswan don't need to be reinstalled, because libraries it depends didn't have any ABI changes. Then you end up with the version built for 2.3.2.
If you compare the built date for strongswan package on both systems you will see this:
- 2.3.2
[2.3.2-RELEASE][admin@pf232.home]/root: pkg info strongswan strongswan-5.5.0 Name : strongswan Version : 5.5.0 Installed on : Wed Jul 20 15:39:17 2016 UTC Origin : security/strongswan Architecture : freebsd:10:x86:64 Prefix : /usr/local Categories : security Licenses : GPLv2 Maintainer : strongswan@nanoteq.com WWW : http://www.strongswan.org Comment : Open Source IKEv2 IPsec-based VPN solution
- 2.3.2-p1
[2.3.2-RELEASE][admin@pfs232-1.home]/root: pkg info strongswan strongswan-5.5.0 Name : strongswan Version : 5.5.0 Installed on : Mon Oct 17 23:14:33 2016 UTC Origin : security/strongswan Architecture : freebsd:10:x86:64 Prefix : /usr/local Categories : security Licenses : GPLv2 Maintainer : strongswan@nanoteq.com WWW : http://www.strongswan.org Comment : Open Source IKEv2 IPsec-based VPN solution
Updated by Denny Page over 8 years ago
Renato, thank you for the write up.
Does this cover file /usr/local/lib/php/20131226/suhosin.so? This shared object is the one that triggered the original crash report. It is different in 2.3.2_1 install vs upgrade. Was package php-suhosin-0.9.38 also part of the cherry picking?