From owner-freebsd-stable@FreeBSD.ORG Thu Oct 23 13:47:36 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 398BB2A1; Thu, 23 Oct 2014 13:47:36 +0000 (UTC) Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 88296943; Thu, 23 Oct 2014 13:47:35 +0000 (UTC) Received: by mail-lb0-f180.google.com with SMTP id n15so839243lbi.25 for ; Thu, 23 Oct 2014 06:47:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=ilwixD3gP6SaqfLI1GFrqrssIsbaCIT/6E5H1M8PcYM=; b=hNKHXrSYH+ETMriAvWNZdcPyUGh4gELHWRITEEIWqnxQIufQMVn2H9mjq8fKoAxzWe 5tQhsx7/NvUugNXTJ2iLCvL6XlbgbCzNYMMwIoFPZvG/3BKTCseNEhHMRSqYNPJ1TXF5 +vgNNcmNQ5g13v3I5+WRtRA0fCr6tctVUzOUWAuqAluqSPtwJ0gVQfzrWTCpjMYtzM2E zm5QfVtViEJyUEBLNrtQyB25yq95fOc5JzwvI9LcWdgEaPwrc7D6gH53JhHj5TKPUaO0 P1RAdwmqdPnnHknWXVi5cD/KtDpLAXsKrEfIhyzRdDnVvuO17CsBB75V2KHaWYbuYwLg JGvQ== X-Received: by 10.112.132.34 with SMTP id or2mr5183733lbb.75.1414072053454; Thu, 23 Oct 2014 06:47:33 -0700 (PDT) MIME-Version: 1.0 Sender: royce.williams@gmail.com Received: by 10.112.171.73 with HTTP; Thu, 23 Oct 2014 06:47:13 -0700 (PDT) In-Reply-To: References: <20140610195025.af77561acbb2224539762600@mimar.rs> <20140610175315.GR2341@home.opsec.eu> <20140610180515.GA2380@bewilderbeast.blackhelicopters.org> From: Royce Williams Date: Thu, 23 Oct 2014 05:47:13 -0800 X-Google-Sender-Auth: EPCKcIO443Do4Z_I5ZrktrRLvDo Message-ID: Subject: Re: freebsd-update to 9.2-RELEASE-p8 loop To: freebsd-stable , secteam@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Oct 2014 13:47:36 -0000 On Tue, Jun 10, 2014 at 11:17 AM, Royce Williams wrote: > On Tue, Jun 10, 2014 at 11:08 AM, Royce Williams wrote: >> On Tue, Jun 10, 2014 at 10:43 AM, Royce Williams wrote: >>> On Tue, Jun 10, 2014 at 10:05 AM, Michael W. Lucas >>> wrote: >>>> On Tue, Jun 10, 2014 at 07:53:15PM +0200, Kurt Jaeger wrote: >>>>> Hi! >>>>> >>>>> > I used freebsd-update to update from 9.2-RELEASE-p7 to 9.2-RELEASE-p8 >>>>> > and rebooted. >>>>> > >>>>> > After reboot, uname -a shows 9.2-RELEASE-p7, but I've seen this before >>>>> > and consider it normal. >>>>> >>>>> p8 did not touch the kernel, therefore there is no update in the uname output. >>>>> >>>>> Why it again and again updates linker.hints, I don't know. >>>> >>>> linker.hints should be added to /etc/freebsd-update.conf IgnoreFiles, i.e.: >>>> >>>> IgnorePaths /boot/kernel/linker.hints >>>> >>>> linker.hints is dynamically generated, and freebsd-update shouldn't >>>> touch it. Yes, it's a bug. >>> >>> More background in this forums thread: >>> >>> https://forums.freebsd.org/viewtopic.php?&t=1362 >>> >>> Also, I've found that just adding the IgnorePaths line may be >>> necessary, but is not sufficient. I have added that line, but >>> freebsd-update continues to detect linker.hints as a needed update: >>> >>> $ grep linker /etc/freebsd-update.conf >>> IgnorePaths /boot/kernel/linker.hints >>> >>> $ sudo freebsd-update fetch >>> Looking up update.FreeBSD.org mirrors... 5 mirrors found. >>> Fetching metadata signature for 8.4-RELEASE from update4.freebsd.org... done. >>> Fetching metadata index... done. >>> Inspecting system... done. >>> Preparing to download files... done. >>> >>> The following files will be updated as part of updating to 8.4-RELEASE-p12: >>> /boot/kernel/linker.hints >> >> Better reference on freebsd-questions, but it raises more questions >> than it answers: >> >> http://lists.freebsd.org/pipermail/freebsd-questions/2014-May/257950.html >> >> Specifically, multiple users appear to still be experiencing this, >> even after applying the fix for this erratum: >> >> http://www.freebsd.org/security/advisories/FreeBSD-EN-14:04.kldxref.asc > > ... and there an open PR here, with folks still unable to ignore > linker.hints, even after applying EN-14:04.kldxref. > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189249 > > ... and another thread from May 27 that went quiet after someone still > had the problem after applying the erratum fix: > > https://www.mail-archive.com/freebsd-security@freebsd.org/msg05027.html After this tzdata erratum: https://www.freebsd.org/security/advisories/FreeBSD-EN-14:10.tzdata.asc ... the list of files that is repeatedly updated but still subject to freebsd-update now includes: $ sudo freebsd-update fetch Looking up update.FreeBSD.org mirrors... 5 mirrors found. Fetching metadata signature for 8.4-RELEASE from update5.freebsd.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. The following files will be added as part of updating to 8.4-RELEASE-p18: /usr/src/share/zoneinfo/leap-seconds.list /usr/src/share/zoneinfo/zone1970.tab The following files will be updated as part of updating to 8.4-RELEASE-p18: /boot/kernel/linker.hints /usr/share/zoneinfo/Africa/Bamako /usr/share/zoneinfo/Africa/Banjul /usr/share/zoneinfo/Africa/Conakry /usr/share/zoneinfo/Africa/Dakar /usr/share/zoneinfo/Africa/Freetown /usr/share/zoneinfo/Africa/Lome /usr/share/zoneinfo/Africa/Nouakchott /usr/share/zoneinfo/Africa/Ouagadougou /usr/share/zoneinfo/Africa/Sao_Tome /usr/share/zoneinfo/Atlantic/St_Helena /usr/share/zoneinfo/Pacific/Johnston I have updated the Bugzilla PR with this information. The last PR update said that it involves is an errata notice candidate, and transferred the PR over to secteam; cc:ed. Note that the PR says that the fix is: "Please backport kldxref.c patch in PR 182098 to 8.4-RELEASE, 9.2-RELEASE & 10.0-RELEASE" Royce