fail to fetch vulnxml file each night, as seen in daily security, run output.

mfv mfv at
Wed Sep 2 15:08:28 UTC 2015

> On Wed, 2015-09-02 at 09:43 "William A. Mahaffey III"
> <wam at> wrote:
>On 09/02/15 09:36, Ernie Luzar wrote:
>> William A. Mahaffey III wrote:
>>> On 09/02/15 09:05, Ernie Luzar wrote:
>>>> Hello list;
>>>> I get the following message in the daily security run output on
>>>> both my 10.1 and 10.2 systems. Both which were installed from
>>>> scratch using a cdisc1.iso file.
>>>> Checking for packages with security vulnerabilities:
>>>> pkg: No route to
>>>> host pkg: cannot fetch vulnxml file
>>>> -- End of security output --
>>>> Is this normal by design?
>>> 'No route to host' means networking issue. I get the same thing 
>>> whenever I disconnect my Cable modem overnight, which I often do. 
>>> Make sure your networking is working AOK overnight when that fetch
>>> is attempted.
>> My network is on 7/24 so that is not the problem.
>> When I launch   in my 
>> browser I get a 404.
>> This means the vuln.xml.bz2  is not present.
>Agreed. Misconfigured repo or repo down for some reason ? If so, not a 
>design or software flaw BTW, but a (presumably temporary)
>infrastructure issue. If a bad file-name in a config file, bug, file
>it :-), although it is a bit hard to believe that would have survived
>2 software version revisions.

Hello Ernie and William,

As a test I just ran
After this file was downloaded, it was decompressed.

It was then compared to another decompressed file which was installed
using "pkg audit -F".

This is the results of that comparison:

[10:52] /tmp > sha256 /tmp/vuln.xml /var/db/pkg/vuln.xml

SHA256 (/tmp/vuln.xml) =

SHA256 (/var/db/pkg/vuln.xml) =

Clearly vuln.xml can be downloaded by hand or installed using pkg.  As
such it seems there is a network issue.

Cheers ...


More information about the freebsd-questions mailing list