From owner-freebsd-security@freebsd.org Tue Aug 23 00:28:23 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DE416BB7713 for ; Tue, 23 Aug 2016 00:28:23 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebi.us (glebi.us [96.95.210.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebi.us", Issuer "cell.glebi.us" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C89FA11FF for ; Tue, 23 Aug 2016 00:28:23 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebi.us (localhost [127.0.0.1]) by cell.glebi.us (8.15.2/8.15.2) with ESMTPS id u7N0SMWZ048859 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 22 Aug 2016 17:28:22 -0700 (PDT) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebi.us (8.15.2/8.15.2/Submit) id u7N0SLke048858; Mon, 22 Aug 2016 17:28:21 -0700 (PDT) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebi.us: glebius set sender to glebius@FreeBSD.org using -f Date: Mon, 22 Aug 2016 17:28:21 -0700 From: Gleb Smirnoff To: Martin Simmons Cc: freebsd-security@freebsd.org Subject: Re: Unexplained update to /boot/boot1.efi and 2 others by freebsd-update Message-ID: <20160823002821.GJ1069@FreeBSD.org> References: <201608221415.u7MEFl8d009158@higson.cam.lispworks.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201608221415.u7MEFl8d009158@higson.cam.lispworks.com> User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Aug 2016 00:28:24 -0000 Martin, On Mon, Aug 22, 2016 at 03:15:47PM +0100, Martin Simmons wrote: M> Running freebsd-update to convert 10.1-RELEASE-p36 to -p37 updates 3 efi files M> in /boot, but they are not mentioned in any security advisory or errata notice M> that I can find and no corresponding source files are updated. This is M> repeatable on several unrelated systems so I don't think my files have been M> corrupted. M> M> Is this expected? The freebsd-update build code attempts to extract and ignore timestamps in order to determine whether files are 'really' changing between builds; unfortunately these particular files contain a build artifact which the freebsd-update code was not able to handle, thus resulting in them being incorrectly identified as needing to be distributed. So, this shouldn't have happened. But don't worry the files aren't forged and they do originate from the official freebsd-update server. -- Totus tuus, Glebius.