# Unable to use freebsd-update to patch FreeBSD-SA-09:12.bind



## gslin (Jul 31, 2009)

I'm not able to patch FreeBSD-SA-09:12.bind using freebsd-update:

```
$ sudo freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 7.2-RELEASE from update4.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 7.2-RELEASE-p3.
$ named -v
BIND 9.4.3-P2
```
Any suggestions ?


----------



## mky (Aug 16, 2009)

Try csup to update your system.


----------



## DutchDaemon (Aug 16, 2009)

> NOTE: Due to this issue being accidentally disclosed early, updated
> binaries are yet not available via freebsd-update at the time this
> advisory is being published.  Email will be sent to the freebsd-security
> mailing list when the binaries are available via freebsd-update.



Apparently nothing changed yet.


----------



## ohauer (Aug 16, 2009)

There is a easy methode to see if named is updated already by freebsd-update.

Lets calculate the freebsd update filename from the installed named binary to see if already installed.
With the sha265 of named we can search for the update file.

```
$> sha256 /usr/sbin/named
   SHA256 (/usr/sbin/named) = [color="Red"]2d7f223f5786b7b8772d1273b5e71832bae180bf3740f072b9017178a3283dbd[/color]

$> cd /var/db/freebsd-update/

$> grep -Rl [color="Red"]2d7f223f5786b7b8772d1273b5e71832bae180bf3740f072b9017178a3283dbd[/color] . 2>/dev/null
   f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-rollback/INDEX-NEW
   install.tuPk7K/INDEX-NEW

$> ls -l ./files/[color="Red"]2d7f223f5786b7b8772d1273b5e71832bae180bf3740f072b9017178a3283dbd.gz[/color]                                       
   -rw-r--r--  1 root  wheel  647782 30 Jul 09:32 files/[color="Red"]2d7f223f5786b7b8772d1273b5e71832bae180bf3740f072b9017178a3283dbd.gz[/color]
```
It seems the updated named is already installed.

Now we will take a look how we can update the named binary again.
Some directory names can be different at your machine special the install.RANDOM one.

```
#> cd /var/db/freebsd-update
#> ls -l
 lrwxr-xr-x  1 root  wheel    14B 16 Aug 17:58 f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-rollback@ -> install.tuPk7K
 drwxr-xr-x  2 root  wheel   6.5K 16 Aug 17:58 files/
 drwx------  2 root  wheel   512B 16 Aug 18:06 install.tuPk7K/
 -rw-r--r--  1 root  wheel   800B 10 Jun 12:11 pub.ssl
 -rw-r--r--  1 root  wheel    75B 16 Aug 17:58 serverlist
 -rw-r--r--  1 root  wheel    75B 16 Aug 17:58 serverlist_full
 -rw-r--r--  1 root  wheel    25B 16 Aug 17:58 serverlist_tried
 -rw-r--r--  1 root  wheel   150B 16 Aug 17:58 tINDEX.present
 -rw-r--r--  1 root  wheel   110B 16 Aug 17:58 tag

#> rm f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-rollback
#> rm tag tINDEX.present
#> rm -r install.tuPk7K/

#> ls -l
 drwxr-xr-x  2 root  wheel   6.5K 16 Aug 17:58 files/
 -rw-r--r--  1 root  wheel   800B 10 Jun 12:11 pub.ssl
 -rw-r--r--  1 root  wheel    75B 16 Aug 17:58 serverlist
 -rw-r--r--  1 root  wheel    75B 16 Aug 17:58 serverlist_full
 -rw-r--r--  1 root  wheel    25B 16 Aug 17:58 serverlist_tried
```
Now we will update named again, use cat not cp to keep file mode!

```
#> [color="Blue"]cat /dev/null > /usr/sbin/named[/color]
#> ls -l /usr/sbin/named /usr/sbin/lwresd
 -r-xr-xr-x  2 root  wheel  [color="Red"][B]0[/B][/color] 16 Aug 18:08 /usr/sbin/lwresd*
 -r-xr-xr-x  2 root  wheel  [color="Red"][B]0[/B][/color] 16 Aug 18:08 /usr/sbin/named*

#> freebsd-update fetch
 Looking up update.FreeBSD.org mirrors... 3 mirrors found.
 Fetching metadata signature for 7.2-RELEASE from update4.freebsd.org... done.
 Fetching metadata index... done.
 Inspecting system... done.
 Preparing to download files... done.

The following files will be updated as part of updating to 7.2-RELEASE-p3:
[color="Red"] /usr/sbin/lwresd
 /usr/sbin/named
[/color]

#> freebsd-update install
 Installing updates... done.

#> ls -l /usr/sbin/named /usr/sbin/lwresd
 -r-xr-xr-x  2 root  wheel  [color="Red"][B]1632140[/B][/color] 16 Aug 18:42 /usr/sbin/lwresd*
 -r-xr-xr-x  2 root  wheel  [color="Red"][B]1632140[/B][/color] 16 Aug 18:42 /usr/sbin/named*


# sha256 /usr/sbin/named /usr/sbin/lwresd
 [color="Red"]SHA256 (/usr/sbin/named) = 2d7f223f5786b7b8772d1273b5e71832bae180bf3740f072b9017178a3283dbd
 SHA256 (/usr/sbin/lwresd) = 2d7f223f5786b7b8772d1273b5e71832bae180bf3740f072b9017178a3283dbd[/color]
```

I hope this steps can help to verify the updates


----------



## ohauer (Aug 16, 2009)

> Apparently nothing changed yet.



Ups, this are bad new for bind users.
Anyway I hope the steps described to verify are useful.


----------



## DutchDaemon (Aug 16, 2009)

So, either csup /usr/src/contrib/bind separately, or install the BIND port.


----------

