From owner-freebsd-announce@FreeBSD.ORG Sat Oct 26 20:26:50 2013 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 8EF2C143; Sat, 26 Oct 2013 20:26:50 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 77DBB2162; Sat, 26 Oct 2013 20:26:50 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r9QKQo9Y043191; Sat, 26 Oct 2013 20:26:50 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r9QKQovY043189; Sat, 26 Oct 2013 20:26:50 GMT (envelope-from security-advisories@freebsd.org) Date: Sat, 26 Oct 2013 20:26:50 GMT Message-Id: <201310262026.r9QKQovY043189@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-13:04.freebsd-update X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.14 Reply-To: freebsd-stable@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Oct 2013 20:26:50 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-13:04.freebsd-update Errata Notice The FreeBSD Project Topic: Multiple freebsd-update bugs break upgrading to FreeBSD 10.0 Category: base Module: freebsd-update Announced: 2013-10-24 Credits: Colin Percival Affects: All supported FreeBSD releases Corrected: 2013-10-26 08:34:35 UTC (stable/10, 10.0-STABLE) 2013-10-26 08:34:35 UTC (stable/10, 10.0-BETA1-p1) 2013-10-26 19:54:28 UTC (stable/9, 9.2-STABLE) 2013-10-26 20:01:00 UTC (releng/9.2, 9.2-RELEASE-p1) 2013-10-26 20:01:00 UTC (releng/9.2, 9.2-RC4-p1) 2013-10-26 20:01:00 UTC (releng/9.2, 9.2-RC3-p2) 2013-10-26 20:01:00 UTC (releng/9.1, 9.1-RELEASE-p8) 2013-10-26 19:54:28 UTC (stable/8, 8.4-STABLE) 2013-10-26 20:01:00 UTC (releng/8.4, 8.4-RELEASE-p5) 2013-10-26 20:01:00 UTC (releng/8.3, 8.3-RELEASE-p12) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The freebsd-update(8) utility is used to download and apply binary diffs for security and errata patches on systems installed from official FreeBSD release CDs and DVDs. It can also be used to upgrade such systems to new FreeBSD releases. II. Problem Description The freebsd-update(8) utility always updates shared libraries first, so new or updated libraries will be avaialble when binaries that use them are installed or updated. If shared libraries appear in a directory which does not already exist on the target system, freebsd-update(8) will attempt to install them before creating the directory. At the end of the updating process, freebsd-update(8) removes old shared libraries which should no longer exist. An error in filtering the list of filesystem objects results in symlinks to shared libraries being incorrectly included in the lists of shared libraries. Additionally, freebsd-update(8) rejects updates which include files with the tilde character ('~') in their names. Such files sometimes occur in third-party software and may be included in the src distribution. III. Impact It is not possible to use freebsd-update(8) to upgrade an existing installation to FreeBSD 10.0-BETA1, because 10.0 introduces two new shared library directories, the /usr/lib/libc.so symlink is replaced by a regular file, and the source distribution includes a file with a tilde in its name. It is not possible to use freebsd-update(8) to update 10.0-BETA1, as its source distribution includes a file with a tilde in its name. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-13:04/freebsd-update.patch # fetch http://security.FreeBSD.org/patches/EN-13:04/freebsd-update.patch.asc # gpg --verify freebsd-update.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Reinstall freebsd-update. # cd /usr/src/usr.sbin/freebsd-update # make install -DWITHOUT_MAN 3) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install On systems running 10.0-BETA1 (and ONLY systems running 10.0-BETA1), run the following command before using freebsd-update in order to fix it enough that it can update itself: # sed -i '' -e 's/%@/%~@/' /usr/sbin/freebsd-update VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r257192 releng/8.3/ r257194 releng/8.4/ r257194 stable/9/ r257192 releng/9.1/ r257194 releng/9.2/ r257194 stable/10/ r257153 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-13:04.freebsd-update.asc -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSbCKSAAoJEO1n7NZdz2rnes0P/ifRGR4Iak0mCzk9oMEzUBGE wrjcICt0azsnTHVuRR4ZOzxcRGliY32T36xPvc67nzJYI0KCcnKHurxALg8fmBdM +OJCkcm8r1jFiaj7i4zxlKFfHtrrFnQe6OP4fVndB8nDjLqWzXcjLjZBZaXPM7Pp kWkmyyJN+Hk1ih3lXyPJ9y9YTcvoPmbrIezsHqurBPKPV8dizfp2jR8OmW25koqH 26Dkt3d2KVXcrPJdTn8LE02as/zSK7s52IMJ0dgPv1/MkxxJBKDddz3x0o1rZUyM FdMyISp04zguFg8zZITIuUKDp+N+HrY5cIiBEOHXSWXTM1uXFXrq+P+/kjYxHHZK MJG0hi6F5RRooHPHTelZ7kKGVqPMnyT/Wo4bitfHzq5kqa6eys9rbsn5WUQkM7YL R4HYE90fwdphIVpEy38/kOAEEjJg/8vwVItS51AqhAtVMCamR65zV2RCNobUDKWJ oCjR+OgML5a75VwIhyy/kLaZlPB2nxb8KK3s2iVPDvFj0C368pEkRWz1kLmrc99P YkyLAZlEGL3WV6hEh/qlM81fTJHLjahNyQAOZeK8qIORhl8zABAq+Ce7XsWFJI9T FGjKvCSjiF3t3G2jRk9pjclXhliJrYJd1Cj9HqtvYdxEN3fEM23pfnsZqR8n0Vlr jX7rZ0kgqqZY8/O6AeSH =1thb -----END PGP SIGNATURE-----