stuck on "pending install" and also missing "ipfw" patch?

G

garrett

Hi, just upgraded to 15.0-RELEASE-p1:
Code: 
# freebsd-version -kru
15.0-RELEASE
15.0-RELEASE
15.0-RELEASE-p1

Code: 
# uname -a
FreeBSD freebsd-do.lan 15.0-RELEASE FreeBSD 15.0-RELEASE \
  releng/15.0-n280995-7aedc8de6446 GENERIC amd64

The freebsd-update cron reports:
Code: 
You have a partially completed upgrade pending
Run 'freebsd-update [options] install' first.
Run 'freebsd-update [options] fetch -F' to proceed anyway.

We don't use ipfw so I am not overly concerned, however...

Overnight the security 405.pkg-base-audit also reports:
Code: 
# ./405.pkg-base-audit

Checking for security vulnerabilities in base (userland & kernel):
Database fetched: 2025-12-29T12:00-05:00
FreeBSD-kernel-15.0 is vulnerable:
  FreeBSD -- ipfw denial of service
  CVE: CVE-2025-14769
  WWW: https://vuxml.FreeBSD.org/freebsd/0b22e22a-dae9-11f0-80b8-bc241121aa0a.html

1 problem(s) in 1 package(s) found.
0 problem(s) in 0 package(s) found.

I was careful to upgrade to 14.3-RELEASE-p7 before 15.0, but maybe I missed a step? In my 14.3-RELEASE-p7 snapshot, I have:
Code: 
/.zfs/snapshot/2025-12-27-11:58:40-0/sbin # ll | grep ipfw
-r-xr-xr-x   2 root wheel    uarch  192456 Jun 16  2025 ipfw*
/.zfs/snapshot/2025-12-27-11:58:40-0/sbin # file ipfw
ipfw: ELF 64-bit LSB pie executable, x86-64, version 1 (FreeBSD), \
  dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 14.3, FreeBSD-style, stripped

And in the live files:
Code: 
/sbin # file ipfw
ipfw: ELF 64-bit LSB pie executable, x86-64, version 1 (FreeBSD), \
  dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 15.0 (1500068), FreeBSD-style, stripped

I have attempted repeated freebsd-update install -> freedbsd-update fetch -F, restarts, etc and there are no updates, it says 15.0-RELEASE-p1 already installed.

This occurred on 2 servers, so I figure it must be me! What do I need to check to fix this?
 
You must log in or register to reply here.
Back
Top