Date: Sat, 26 Oct 2013 20:21:27 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r43044 - in head/share: security/advisories security/patches/EN-13:04 xml Message-ID: <201310262021.r9QKLRAM028289@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Sat Oct 26 20:21:27 2013 New Revision: 43044 URL: http://svnweb.freebsd.org/changeset/doc/43044 Log: Add latest errata notice: Fix multiple freebsd-update bugs that break upgrading to FreeBSD 10.0. [EN-13:04] Added: head/share/security/advisories/FreeBSD-EN-13:04.freebsd-update.asc (contents, props changed) head/share/security/patches/EN-13:04/ head/share/security/patches/EN-13:04/freebsd-update.patch (contents, props changed) head/share/security/patches/EN-13:04/freebsd-update.patch.asc (contents, props changed) Modified: head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-13:04.freebsd-update.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-13:04.freebsd-update.asc Sat Oct 26 20:21:27 2013 (r43044) @@ -0,0 +1,157 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-13:04.freebsd-update Errata Notice + The FreeBSD Project + +Topic: Multiple freebsd-update bugs break upgrading to FreeBSD 10.0 + +Category: base +Module: freebsd-update +Announced: 2013-10-24 +Credits: Colin Percival +Affects: All supported FreeBSD releases +Corrected: 2013-10-26 08:34:35 UTC (stable/10, 10.0-STABLE) + 2013-10-26 08:34:35 UTC (stable/10, 10.0-BETA1-p1) + 2013-10-26 19:54:28 UTC (stable/9, 9.2-STABLE) + 2013-10-26 20:01:00 UTC (releng/9.2, 9.2-RELEASE-p1) + 2013-10-26 20:01:00 UTC (releng/9.2, 9.2-RC4-p1) + 2013-10-26 20:01:00 UTC (releng/9.2, 9.2-RC3-p2) + 2013-10-26 20:01:00 UTC (releng/9.1, 9.1-RELEASE-p8) + 2013-10-26 19:54:28 UTC (stable/8, 8.4-STABLE) + 2013-10-26 20:01:00 UTC (releng/8.4, 8.4-RELEASE-p5) + 2013-10-26 20:01:00 UTC (releng/8.3, 8.3-RELEASE-p12) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:http://security.freebsd.org/>. + +I. Background + +The freebsd-update(8) utility is used to download and apply binary diffs +for security and errata patches on systems installed from official FreeBSD +release CDs and DVDs. It can also be used to upgrade such systems to new +FreeBSD releases. + +II. Problem Description + +The freebsd-update(8) utility always updates shared libraries first, so +new or updated libraries will be avaialble when binaries that use them are +installed or updated. If shared libraries appear in a directory which +does not already exist on the target system, freebsd-update(8) will +attempt to install them before creating the directory. + +At the end of the updating process, freebsd-update(8) removes old shared +libraries which should no longer exist. An error in filtering the list +of filesystem objects results in symlinks to shared libraries being +incorrectly included in the lists of shared libraries. + +Additionally, freebsd-update(8) rejects updates which include files with +the tilde character ('~') in their names. Such files sometimes occur in +third-party software and may be included in the src distribution. + +III. Impact + +It is not possible to use freebsd-update(8) to upgrade an existing +installation to FreeBSD 10.0-BETA1, because 10.0 introduces two new shared +library directories, the /usr/lib/libc.so symlink is replaced by a regular +file, and the source distribution includes a file with a tilde in its name. + +It is not possible to use freebsd-update(8) to update 10.0-BETA1, as its +source distribution includes a file with a tilde in its name. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your present system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-13:04/freebsd-update.patch +# fetch http://security.FreeBSD.org/patches/EN-13:04/freebsd-update.patch.asc +# gpg --verify freebsd-update.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Reinstall freebsd-update. + +# cd /usr/src/usr.sbin/freebsd-update +# make install -DWITHOUT_MAN + +3) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +On systems running 10.0-BETA1 (and ONLY systems running 10.0-BETA1), run +the following command before using freebsd-update in order to fix it +enough that it can update itself: + +# sed -i '' -e 's/%@/%~@/' /usr/sbin/freebsd-update + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r257192 +releng/8.3/ r257194 +releng/8.4/ r257194 +stable/9/ r257192 +releng/9.1/ r257194 +releng/9.2/ r257194 +stable/10/ r257153 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this Errata Notice is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-13:04.freebsd-update.asc +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJSbCKSAAoJEO1n7NZdz2rnes0P/ifRGR4Iak0mCzk9oMEzUBGE +wrjcICt0azsnTHVuRR4ZOzxcRGliY32T36xPvc67nzJYI0KCcnKHurxALg8fmBdM ++OJCkcm8r1jFiaj7i4zxlKFfHtrrFnQe6OP4fVndB8nDjLqWzXcjLjZBZaXPM7Pp +kWkmyyJN+Hk1ih3lXyPJ9y9YTcvoPmbrIezsHqurBPKPV8dizfp2jR8OmW25koqH +26Dkt3d2KVXcrPJdTn8LE02as/zSK7s52IMJ0dgPv1/MkxxJBKDddz3x0o1rZUyM +FdMyISp04zguFg8zZITIuUKDp+N+HrY5cIiBEOHXSWXTM1uXFXrq+P+/kjYxHHZK +MJG0hi6F5RRooHPHTelZ7kKGVqPMnyT/Wo4bitfHzq5kqa6eys9rbsn5WUQkM7YL +R4HYE90fwdphIVpEy38/kOAEEjJg/8vwVItS51AqhAtVMCamR65zV2RCNobUDKWJ +oCjR+OgML5a75VwIhyy/kLaZlPB2nxb8KK3s2iVPDvFj0C368pEkRWz1kLmrc99P +YkyLAZlEGL3WV6hEh/qlM81fTJHLjahNyQAOZeK8qIORhl8zABAq+Ce7XsWFJI9T +FGjKvCSjiF3t3G2jRk9pjclXhliJrYJd1Cj9HqtvYdxEN3fEM23pfnsZqR8n0Vlr +jX7rZ0kgqqZY8/O6AeSH +=1thb +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-13:04/freebsd-update.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-13:04/freebsd-update.patch Sat Oct 26 20:21:27 2013 (r43044) @@ -0,0 +1,78 @@ +Index: usr.sbin/freebsd-update/freebsd-update.sh +=================================================================== +--- usr.sbin/freebsd-update/freebsd-update.sh ++++ usr.sbin/freebsd-update/freebsd-update.sh +@@ -1200,7 +1200,7 @@ + # Some aliases to save space later: ${P} is a character which can + # appear in a path; ${M} is the four numeric metadata fields; and + # ${H} is a sha256 hash. +- P="[-+./:=%@_[[:alnum:]]" ++ P="[-+./:=%@_[~[:alnum:]]" + M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+" + H="[0-9a-f]{64}" + +@@ -2814,16 +2814,24 @@ + + # If we haven't already dealt with the world, deal with it. + if ! [ -f $1/worlddone ]; then ++ # Create any necessary directories first ++ grep -vE '^/boot/' $1/INDEX-NEW | ++ grep -E '^[^|]+\|d\|' > INDEX-NEW ++ install_from_index INDEX-NEW || return 1 ++ + # Install new shared libraries next + grep -vE '^/boot/' $1/INDEX-NEW | +- grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW ++ grep -vE '^[^|]+\|d\|' | ++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW + install_from_index INDEX-NEW || return 1 + + # Deal with everything else + grep -vE '^/boot/' $1/INDEX-OLD | +- grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD ++ grep -vE '^[^|]+\|d\|' | ++ grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD + grep -vE '^/boot/' $1/INDEX-NEW | +- grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW ++ grep -vE '^[^|]+\|d\|' | ++ grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW + install_from_index INDEX-NEW || return 1 + install_delete INDEX-OLD INDEX-NEW || return 1 + +@@ -2844,11 +2852,11 @@ + + # Do we need to ask the user to portupgrade now? + grep -vE '^/boot/' $1/INDEX-NEW | +- grep -E '/lib/.*\.so\.[0-9]+\|' | ++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' | + cut -f 1 -d '|' | + sort > newfiles + if grep -vE '^/boot/' $1/INDEX-OLD | +- grep -E '/lib/.*\.so\.[0-9]+\|' | ++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' | + cut -f 1 -d '|' | + sort | + join -v 1 - newfiles | +@@ -2868,11 +2876,20 @@ + + # Remove old shared libraries + grep -vE '^/boot/' $1/INDEX-NEW | +- grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW ++ grep -vE '^[^|]+\|d\|' | ++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW + grep -vE '^/boot/' $1/INDEX-OLD | +- grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD ++ grep -vE '^[^|]+\|d\|' | ++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD + install_delete INDEX-OLD INDEX-NEW || return 1 + ++ # Remove old directories ++ grep -vE '^/boot/' $1/INDEX-OLD | ++ grep -E '^[^|]+\|d\|' > INDEX-OLD ++ grep -vE '^/boot/' $1/INDEX-OLD | ++ grep -E '^[^|]+\|d\|' > INDEX-OLD ++ install_delete INDEX-OLD INDEX-NEW || return 1 ++ + # Remove temporary files + rm INDEX-OLD INDEX-NEW + } Added: head/share/security/patches/EN-13:04/freebsd-update.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-13:04/freebsd-update.patch.asc Sat Oct 26 20:21:27 2013 (r43044) @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJSbCKVAAoJEO1n7NZdz2rnETwQAOMV7xt2OlnEdtppHyG7F5vj +Kyii95jtZzgdvxh33EpVjqxc/Wo8pLgmciA2tP3K6M9qwbz8B6Hc2HxMyouV1LF2 +WUoJlmZTIZCdXF1RAPndBjvze+15kD7dGPPPfA7pJWN+07p7CZEUTHBoZ94q6u3y +JlEEAjlXtYvWVJCrd2olIN0xwqNDL1AfywMOBKbfTN+NQiYr4hhPnnA33Fb+gyjK +JpEZuCJ1p5caQWLRGn7L2Ro+y32MPSujOW8P0It5xTvGNjtSVYU09ZQPKFgdvD0L +yNSJdSXLKfdpF9fLeUR2Ahwvdnao8BSMfPi2LP3g9sfapw40wP8/s8B7gCXp6wk7 +vl3ZhyqMC53O+kgHxMnbrTB1EK9q6vQ3tEhqUu3caGaCy5zqGxv49WMzNYSYxGcf +8Kqvmab65YRrB7UY8wo6Sqc3tWqfP4VwWv+eljMeDgvbwcPZ3L7oAMfSZfyPfiYK +OfR2JNWgutt6rqre5QixN3c+QsIPlpb9UUgOaoS22iveA0h8FmbOeWGyZ7Rwm6Bd +6VKO+aHiSbumr9/LPVGBxYI63dWkcRj4NZEG/B6eV3wqUJufCEzrRecbJflIEXOJ +jPg61eMA0ua+y+17D9RVkUqL9rrnhF18YfOh1JAkSzMP2J8NCEtW2ol02QAnlLDc +Vv5c44zu0PyqRqtvK5sJ +=QsbS +-----END PGP SIGNATURE----- Modified: head/share/xml/notices.xml ============================================================================== --- head/share/xml/notices.xml Sat Oct 26 18:07:50 2013 (r43043) +++ head/share/xml/notices.xml Sat Oct 26 20:21:27 2013 (r43044) @@ -8,6 +8,18 @@ <name>2013</name> <month> + <name>10</name> + + <day> + <name>26</name> + + <notice> + <name>FreeBSD-EN-13:04.freebsd-update</name> + </notice> + </day> + </month> + + <month> <name>8</name> <day>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310262021.r9QKLRAM028289>