Project

General

Profile

Actions

Bug #6858

closed

2.3.X is not properly updating packages

Added by Denny Page over 7 years ago. Updated over 7 years ago.

Status:
Not a Bug
Priority:
Very High
Category:
-
Target version:
-
Start date:
10/17/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

2.3.X is not updating files properly. See forum thread https://forum.pfsense.org/index.php?topic=119344.msg662359#msg662359 for detail.

Actions #1

Updated by Jim Thompson over 7 years ago

  • Assignee set to Renato Botelho
  • Priority changed from High to Very High
Actions #2

Updated by Renato Botelho over 7 years ago

  • Status changed from New to Not a Bug

Actually it's not a bug, it's expected and it's how pkg is designed to work.

When we moved to 2.3.2_1 we cherry-picked some package upgrades from FreeBSD ports tree since these upgrades fixes some vulnerabilities listed by 'pkg audit'. Following ports were updated:

php56
perl5
libxml2
libidn
curl

Due to these updates, when poudriere starts to build our ports set, it deletes all packages that depends of above listed packages and rebuild them. At this time, strongswan was rebuilt as many other ports, and a new package with same version was created.

This new package was included in 2.3.2-p1, so when you install it directly you will see the new package, and checksum differs.

During upgrade, since any shared library version has bumped, pkg understands packages like strongswan don't need to be reinstalled, because libraries it depends didn't have any ABI changes. Then you end up with the version built for 2.3.2.

If you compare the built date for strongswan package on both systems you will see this:

- 2.3.2

[2.3.2-RELEASE][admin@pf232.home]/root: pkg info strongswan
strongswan-5.5.0
Name           : strongswan
Version        : 5.5.0
Installed on   : Wed Jul 20 15:39:17 2016 UTC
Origin         : security/strongswan
Architecture   : freebsd:10:x86:64
Prefix         : /usr/local
Categories     : security
Licenses       : GPLv2
Maintainer     : strongswan@nanoteq.com
WWW            : http://www.strongswan.org
Comment        : Open Source IKEv2 IPsec-based VPN solution

- 2.3.2-p1

[2.3.2-RELEASE][admin@pfs232-1.home]/root: pkg info strongswan
strongswan-5.5.0
Name           : strongswan
Version        : 5.5.0
Installed on   : Mon Oct 17 23:14:33 2016 UTC
Origin         : security/strongswan
Architecture   : freebsd:10:x86:64
Prefix         : /usr/local
Categories     : security
Licenses       : GPLv2
Maintainer     : strongswan@nanoteq.com
WWW            : http://www.strongswan.org
Comment        : Open Source IKEv2 IPsec-based VPN solution
Actions #3

Updated by Denny Page over 7 years ago

Renato, thank you for the write up.

Does this cover file /usr/local/lib/php/20131226/suhosin.so? This shared object is the one that triggered the original crash report. It is different in 2.3.2_1 install vs upgrade. Was package php-suhosin-0.9.38 also part of the cherry picking?

Actions

Also available in: Atom PDF