PDA

View Full Version : SELS11SP2 Patch Error



kbannister
20-Nov-2013, 20:42
I am running zypper up on a SLES 11SP2 server. I get this error and cannot move on. This server receives its updates from my SMT server. Just did one other SLES11SP2 server and that went fine. Any idea what I can do to fix this. Let me know if you need additional information.

Thank you!

Loading repository data...
Reading installed packages...

The following NEW package is going to be installed:
libtevent0-32bit

The following packages are going to be upgraded:
MozillaFirefox MozillaFirefox-translations apache2-mod_php5 apache2-prefork
autoyast2 autoyast2-installation bind-libs bind-utils cups cups-client
cups-libs cups-libs-32bit glib2 gpg2 gvfs gvfs-backends gvfs-fuse gvfs-lang
kernel-default kernel-default-base kernel-default-devel libfreebl3-32bit
libgio-2_0-0 libgio-2_0-0-32bit libglib-2_0-0 libgmodule-2_0-0
libgmodule-2_0-0-32bit libgobject-2_0-0 libgobject-2_0-0-32bit
libgthread-2_0-0 libgthread-2_0-0-32bit libgvfscommon0 libldb1 libsmbclient0
libsmbclient0-32bit libsnmp15 libtalloc2 libtalloc2-32bit libtevent0 mkinitrd
mozilla-nss mozilla-nss-32bit multipath-tools openssh openssh-askpass php5
php5-ctype php5-dom php5-hash php5-iconv php5-json php5-suhosin
php5-tokenizer php5-xmlreader php5-xmlwriter puppet python python-base
python-tk python-xml samba samba-32bit samba-client samba-client-32bit
samba-krb-printing samba-winbind samba-winbind-32bit suseRegister util-linux
vino vino-lang yelp yelp-lang

73 packages to upgrade, 1 new.
Overall download size: 139.7 MiB. After the operation, 950.0 KiB will be freed.
Continue? [y/n/?] (y): y
Installing: util-linux-2.19.1-6.33.47.1 [error]
Installation of util-linux-2.19.1-6.33.47.1 failed:
(with --nodeps --force) Error: Subprocess failed. Error: RPM failed: error: unpacking of archive failed on file /usr/bin/x86_64: cpio: rename failed - Is a directory


Abort, retry, ignore? [a/r/i] (a):

jmozdzen
20-Nov-2013, 21:11
Hi kbannister,

> Installation of util-linux-2.19.1-6.33.47.1 failed:
> (with --nodeps --force) Error: Subprocess failed. Error: RPM failed: error: unpacking of archive failed on file /usr/bin/x86_64: cpio: rename failed - Is a directory

on my machines, /usr/bin/x86_64 is a *symlink*

jmozdzen@xxx01:~> l /usr/bin/x86_64
lrwxrwxrwx 1 root root 7 28. Sep 19:37 /usr/bin/x86_64 -> setarch*
jmozdzen@xxx01:~> rpm -qf /usr/bin/x86_64
util-linux-2.19.1-6.48.12
jmozdzen@xxx01:~>
(this is a SLES11SP3 machine, so don't worry about the different RPM level)

Run "rpm -V util-linux" and clean up (i.e. remove that "directory", if reported as an error). Seems like some files might be corrupt on your file system(s), if rpm -V proves that, I recommend running "rpm -Va" (as i.e. some config files are reported as changed, that'll be some manual check work on the resulting list, but if already one file is corrupt, it's worth the time).

Regards,
Jens

kbannister
20-Nov-2013, 21:52
Hi Jens,

I ran rpm -V util-linux and got this:
/usr/bin/wall should be root:tty 2755. (wrong permissions 0755)
/usr/bin/write should be root:tty 2755. (wrong permissions 0755)

I fixed the permissions. chmod 2755 /usr/bin/wall chmod 2755 /usr/bin/write. Which are now -rwxr-sr-x 1 root tty

Then I ran rpm -Va util-linux and I get a whole lot of this: S.5....T /usr/bin/wall
..5....T /usr/bin/whereis
..5....T /usr/bin/which
S.5....T /usr/bin/write
.M....G. /usr/bin/x86_64
S.5....T d /usr/share/man/man1/hostid.1.gz

Never done this before so not sure what else you are suggesting I do.

Have run zypper up again and I receive the same error.

jmozdzen
20-Nov-2013, 22:20
Hi kbannister,

Hi Jens,

I ran rpm -V util-linux and got this:
/usr/bin/wall should be root:tty 2755. (wrong permissions 0755)
/usr/bin/write should be root:tty 2755. (wrong permissions 0755)

I fixed the permissions. chmod 2755 /usr/bin/wall chmod 2755 /usr/bin/write. Which are now -rwxr-sr-x 1 root tty

Then I ran rpm -Va util-linux and I get a whole lot of this: S.5....T /usr/bin/wall
..5....T /usr/bin/whereis
..5....T /usr/bin/which
S.5....T /usr/bin/write
.M....G. /usr/bin/x86_64
strange this didn't pop up with "-V util-linux" (BTW, "-Va" means "verify all packages", so the extra "util-linux" is... extra ;) ). I'd say move it out of the way, /usr/bin/x86_64 ought to be a file, not a directory.

BTW, you might want to give that file system an extra forced fsck in advance, to clear out any file system inconsistencies that might have accumulated after months of uptime.

The "5" mean "md5 checksum is wrong", verified against the values at installation time. So either someone tampered with those files, or your file system is in trouble (which is more likely). Via "rpm -qf <filename>" you can find out which RPM each file belongs to, and then re-install that RPM, i.e. via zypper... use force if required. Do this *after* the update - that may already clear up some of the files, as packages are updated.

Once the "directory" /usr/bin/x86_64 is out of the way, "util-linux" ought to be update-able again.

Regards,
Jens

kbannister
20-Nov-2013, 22:57
How do you know all this stuff!! Will I ever learn it! I renamed the x86_64 directory to x86_64.org. Ran zypper up and the patches installed. Yay. I can't reboot for another hour so hope it all worked.

I did get this error at the end. Do you know what that means.
(Use the Enter or Space key to scroll the text by lines or pages.)

Message from package puppet:

Note:
If you've set the 'certdnsnames' option in your master's
puppet.conf file, merely installing the updated packages is not
sufficient to fix this problem. You need to either pick a new DNS
name for the master and reconfigure all agents to use it or re-new
certificates on all agents.

Please refer to the documentation in
/usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5
for detailed instructions and scripts.

Puppetlabs' site also provides more information:
http://puppetlabs.com/security/cve/cve-2011-3872/faq/
http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/

jmozdzen
20-Nov-2013, 23:27
Hi kbannister,

How do you know all this stuff!! Will I ever learn it!

well, I read a lot... man pages, documentation, web pages ;)


I renamed the x86_64 directory to x86_64.org. Ran zypper up and the patches installed. Yay. I can't reboot for another hour so hope it all worked.

Please take the output from "rpm -Va" serious (if still persisting after that recent update), as other programs may be damaged, too - a probable cause is some file system or disk problem, so running "fsck -f" on that file system isn't really optional now.



I did get this error at the end. Do you know what that means.

Yes. :) If you're actually running puppet (rather than just having the software installed), you need to fix your configuration.


Please refer to the documentation in
/usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5
for detailed instructions and scripts.

Puppetlabs' site also provides more information:
http://puppetlabs.com/security/cve/cve-2011-3872/faq/
http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/

The local documentation and the FAQ tell you what this is about.

If you don't actually run puppet, then remove it (or fix the config anyhow) - a later user may expect this to be fixed already and will not receive another notice, this would impose e security risk.

Regards,
Jens