Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 62764

Summary: EMERGE fails to see new/updateable packages when available.
Product: Portage Development Reporter: Arnvid L. Karstad <arnvid>
Component: Core - DependenciesAssignee: Portage team <dev-portage>
Status: RESOLVED INVALID    
Severity: major    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Arnvid L. Karstad 2004-09-03 16:22:37 UTC 
When you do an  emerge -DUp world it shows that there are no new ebuilds. 
But when you do emerge -DUp net-mail/courier-imap it clearly showed that it could update from 3.0.2-r1 to 3.0.7


Reproducible: Always
Steps to Reproduce:
se above
Comment 1 Daniel Black (RETIRED) gentoo-dev 2004-09-03 16:59:15 UTC 
please add "emerge info" output
and the output of the  emerge -DUvp world
and  emerge -DUvp net-mail/courier-imap
Comment 2 Arnvid L. Karstad 2004-09-03 17:50:32 UTC 
emerge info:

Portage 2.0.50-r10 (default-x86-2004.0, gcc-3.3.4, glibc-2.3.3.20040420-r1, 2.6.7-gentoo-r14)
=================================================================
System uname: 2.6.7-gentoo-r14 i686 Intel(R) Xeon(TM) CPU 2.00GHz
Gentoo Base System version 1.4.16
distcc 2.13 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
Autoconf: sys-devel/autoconf-2.59-r4
Automake: sys-devel/automake-1.8.5-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=pentium4 -msse2 -O3 -mmmx -mfpmath=sse -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/alias /var/qmail/control /var/vpopmail/domains /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=pentium4 -msse2 -O3 -mmmx -mfpmath=sse -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="http://mirror.pudas.net/gentoo ftp://ftp.easynet.nl/mirror/gentoo/ ftp://sunsite.cnlab-switch.ch/mirror/gentoo/"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="aalib apache2 berkdb cap caps cdr chroot clamav clearpasswd crypt devfs26 devmap dio evms2 fbcon fwdzone gd gdbm gif gmp gpm gtkhtml hardened idea imap ipalias ipv6 ipv6arpa javamail javascript jpeg libg++ libwww maildir mcal md5sum mmap mmx mng mysql nagios-dns nagios-ntp nagios-ping nagios-ssh ncurses nls odbc openssh pam pcap pcre pdflib perl php png pnp postgres pthreads python readline roundrobin samba sasl serial shaper slang snmp spell sse ssl tcpd truetype usb vhosts virus-scan vpopmail x86 xml xml2 zlib"
Comment 3 Arnvid L. Karstad 2004-09-03 17:51:08 UTC 
trance root # emerge -DUvp world
>>> --upgradeonly implies --update... adding --update to options.

These are the packages that I would merge, in order:

Calculating world dependencies ...done!

Total size of downloads: 0 kB
Comment 4 Arnvid L. Karstad 2004-09-03 17:51:55 UTC 
trance root # emerge -DUvp net-mail/courier-imap
>>> --upgradeonly implies --update... adding --update to options.

These are the packages that I would merge, in order:

Calculating dependencies ...done!

Total size of downloads: 0 kB
Comment 5 Arnvid L. Karstad 2004-09-03 17:52:25 UTC 
Oh, btw, I have upgraded manually.. Couldn't let the services be down since there was an exploit out for the version I was running...
Comment 6 Brian Harring (RETIRED) gentoo-dev 2004-09-07 16:37:04 UTC 
I'd assume net-mail/courier-imap wasn't in your world file, or a dep of a world file entry...
been doing --oneshot or /path/to/ebuild at all?
Comment 7 Arnvid L. Karstad 2004-09-07 17:46:15 UTC 
hmm, I definatly never have done an "one-shot" since I haven't heard about it before.

I've did a lot of things to get my server to work like it should really, since courier first refused to check mail at all..

But it seems in the end I forced it with:
1090864443:  *** emerge  /usr/portage/net-mail/courier-imap/courier-imap-3.0.2-r1.ebuild


trance log # grep imap emerge.log | grep -A 1 "\*\*\*"
1089884705:  *** emerge  net-mail/courier-imap
1089885011:  >>> emerge (4 of 4) net-mail/courier-imap-3.0.2 to /
--
1089910632:  *** emerge  search courier-imap
1089910657:  *** emerge  search courier-imap
1089910682:  *** emerge  search courier-imap
1089912052:  *** emerge  unmerge courier-imap
1089912067:  *** emerge  unmerge courier-imap
1089912072: === Unmerging... (net-mail/courier-imap-3.0.2)
--
1089912104:  *** emerge  unmerge courier-imap
1089912158:  *** emerge  courier-imap
1089912158:  >>> emerge (1 of 1) net-mail/courier-imap-3.0.5 to /
--
1089927005:  *** emerge  unmerge courier-imap
1089927010: === Unmerging... (net-mail/courier-imap-3.0.5)
--
1090108729:  *** emerge  search courier-imapd
1090108731:  *** emerge  search courier-imap
1090864252:  *** emerge  imap
1090864259:  *** emerge  search imap
1090864443:  *** emerge  /usr/portage/net-mail/courier-imap/courier-imap-3.0.2-r1.ebuild
1090864443:  >>> emerge (1 of 1) net-mail/courier-imap-3.0.2-r1 to /
--
1091046676:  *** emerge  search courier-imap
1091046681:  *** emerge  search courier-imap
1091046706:  *** emerge  /usr/portage/net-mail/courier-imap/courier-imap-3.0.2-r1.ebuild
1091046706:  >>> emerge (1 of 1) net-mail/courier-imap-3.0.2-r1 to /
--
1094251881:  *** emerge  search courier-imap
1094251929:  *** emerge --deep --upgradeonly --update net-mail/courier-imap
1094252029:  >>> emerge (2 of 2) net-mail/courier-imap-3.0.7 to /
--
1094252277:  *** emerge --deep --upgradeonly --update net-mail/courier-imap
1094252280:  >>> emerge (1 of 1) net-mail/courier-imap-3.0.7 to /
Comment 8 Brian Harring (RETIRED) gentoo-dev 2004-09-07 20:45:28 UTC 
not much use for the logs... just check for it in /var/cache/edb/world please.  I'd bet it's not there :)
Comment 9 Arnvid L. Karstad 2004-09-08 04:54:06 UTC 
trance edb # grep courier /var/cache/edb/world
net-mail/courier-imap
Comment 10 Nicholas Jones (RETIRED) gentoo-dev 2004-09-08 20:13:35 UTC 
Please don't use -U. Try with -u instead.
Comment 11 Arnvid L. Karstad 2004-09-10 20:08:41 UTC 
Try what?? if you had read the gentoo emerge log ... and my msg's you'd see that I have forcible upgraded it.. Still doesn't change the fact that it didn't show when one do emerge -up/-Dup/-DUup world 

:(

I can't downgrade and test again. As the system is running mail in the open. And I dont want to be running a vuln service.
Comment 12 Jason Stubbs (RETIRED) gentoo-dev 2004-09-20 18:36:09 UTC 
It sounds like courier-imapd was in fact not in the world file, but the manual upgrade added it in. If you ever come across the problem again, please provide all the information that was asked for here before you upgrade.
Comment 13 Arnvid L. Karstad 2004-09-23 20:16:26 UTC 
This seems to be the case yet again with tons of stuff really.
I just reinstalled one of my systems and found the following to be happening:

when emerging something with dependenices

the dependencies dont get added to the world file:

vision root # emerge -pv samba

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild  N    ] dev-libs/libxml2-2.6.11  -debug +ipv6 +python +readline  0 kB
[ebuild  N    ] sys-apps/attr-2.4.7-r1  -debug +nls  82 kB
[ebuild  N    ] sys-apps/acl-2.2.13-r2  +nls  121 kB
[ebuild  N    ] net-fs/samba-3.0.7  +acl +cups -debug -doc -kerberos -ldap -mysql -oav +pam -postgres +python +readline -(selinux) +xml +xml2  423 kB

Total size of downloads: 627 kB



vision root # emerge info
Portage 2.0.50-r11 (default-x86-2004.2, gcc-3.3.4, glibc-2.3.3.20040420-r1, 2.6.8-gentoo-r3)
=================================================================
System uname: 2.6.8-gentoo-r3 i686 Intel(R) Pentium(R) M processor 1700MHz
Gentoo Base System version 1.4.16
Autoconf: sys-devel/autoconf-2.59-r4
Automake: sys-devel/automake-1.8.5-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -march=pentium3 -msse2 -mmmx -msse -mfpmath=sse -pipe -fomit-frame-pointer -funroll-loops"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=pentium3 -msse2 -mmmx -msse -mfpmath=sse -pipe -fomit-frame-pointer -funroll-loops"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="http://gentoo.osuosl.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X aalib acl acpi acpi4linux adns aim apm avi berkdb bitmap-fonts bzlib cdr cdrom clamav cle266 client codecs crypt cscope ctype cups dba dbm devmap dio divx4linux dvd dvdread emacs emoticon encode erandom esx flac flash foomaticdb gd gdbm gif gmp gnome gnutls gpm gtk gtk2 gtkhtml hal icq imlib imlib2 ipv6 ipv6arpa jpeg kde libg++ libwww mad maildir md5sum mikmod mmap mmx mmx2 mng mono motif mp3 mpeg mpeg4 mpi mplayer msn ncurses net nls nosendmail ntlm oggvorbis openal opengl openssh oss pam pcap pcmcia pcre pdf pdflib perl png pnp ppds pthreads python qdbm qt quicktime readline samba sasl scanner sdl server sftplogging silc silverxp slang slp sms snmp soap sockets spell sse sse2 ssl svga t1lib tcltk tcpd truetype type1 usb v4l2 x86 xml xml2 xmms xpm xprint xv xvid xvmc yahoo zlib"



WWhile it was emergeing the dependencies.. nothing changed on the world file.
vision root # wc /var/cache/edb/world
 17  17 327 /var/cache/edb/world
vision root # wc /var/cache/edb/world.pre.samba
 17  17 327 /var/cache/edb/world.pre.samba
[B

When it was done ..

vision root # wc /var/cache/edb/world
 18  18 340 /var/cache/edb/world
vision root # wc /var/cache/edb/world.pre.samba
 17  17 327 /var/cache/edb/world.pre.samba

just one new line

vision root # more /var/cache/edb/world
net-wireless/madwifi-driver
sys-libs/gpm
sys-apps/vixie-cron
app-portage/ufed
sys-kernel/gentoo-dev-sources
net-wireless/wireless-tools
app-editors/nano
sys-libs/gdbm
sys-devel/gettext
net-libs/openslp
net-fs/samba
app-admin/syslog-ng
sys-kernel/linux-headers
media-libs/jpeg
sys-boot/grub
net-print/cups
sys-apps/hotplug
sys-apps/pciutils

now where did the rest go???
Comment 14 Arnvid L. Karstad 2004-09-23 20:17:11 UTC 
Seems to me that emerge skips adding dependencies to the world file...
Comment 15 Jason Stubbs (RETIRED) gentoo-dev 2004-09-23 20:47:31 UTC 
The dependencies are not meant to be added to the world file. The world file only contains what you care about - ie what you explicitly emerge.
Comment 16 Marius Mauch (RETIRED) gentoo-dev 2004-09-23 21:52:55 UTC 
not a bug
Comment 17 Arnvid L. Karstad 2004-09-23 22:57:44 UTC 
so if something is dependant on for instance zlib... And zlib gets an remote exploitable hole or openssl does... since noone ever emerge'd openssl or zlib directly.. emerge -up world will never show that there are updated packages for the exploitable installed libs.. lovely... not a bug, just a gapping security hole... gotta love your logic guys :-( ... emerge -up world didn't show my courier-imap as being upgradeable thus left my system open for exploitation for weeks.. and it's not a bugs.. mm yes.. logic..
Comment 18 Marius Mauch (RETIRED) gentoo-dev 2004-09-23 23:23:37 UTC 
You want to learn about --deep and GLSAs
Comment 19 Jason Stubbs (RETIRED) gentoo-dev 2004-09-23 23:24:44 UTC 
glsa-check. If you really want to know about security updates, you can subscribe to gentoo-announce as well. Until glsa-check is integrated into emerge, knowing that an upgrade is available is just as useless.
Comment 20 Arnvid L. Karstad 2004-09-24 00:55:24 UTC 
Please read my initial posting on this bug.. what did I use.. -D which means iirc --deep... mm yes... Guess I allready knew that. and yes.. I did get the bugtraq reports on it. Doesn't mean people will think that if emerge doesn't tell them there's an upgrade, that they will go emerge -s and search for it themselves...
Comment 21 Jason Stubbs (RETIRED) gentoo-dev 2004-09-24 01:54:23 UTC 
And as said before, that implies that net-mail/courier-imap was not part of world.