From nobody Wed Oct 4 04:45:40 2023 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S0hw320BJz4wdZR for ; Wed, 4 Oct 2023 04:45:55 +0000 (UTC) (envelope-from peter@libassi.se) Received: from smtp.outgoing.loopia.se (smtp.outgoing.loopia.se [93.188.3.37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4S0hw250xSz3Q8H for ; Wed, 4 Oct 2023 04:45:54 +0000 (UTC) (envelope-from peter@libassi.se) Authentication-Results: mx1.freebsd.org; none Received: from s807.loopia.se (localhost [127.0.0.1]) by s807.loopia.se (Postfix) with ESMTP id E211A2FB09A6 for ; Wed, 4 Oct 2023 06:45:51 +0200 (CEST) Received: from s899.loopia.se (unknown [172.22.191.5]) by s807.loopia.se (Postfix) with ESMTP id D26E42E279C6; Wed, 4 Oct 2023 06:45:51 +0200 (CEST) Received: from s473.loopia.se (unknown [172.22.191.6]) by s899.loopia.se (Postfix) with ESMTP id D0CC22C8BA29; Wed, 4 Oct 2023 06:45:51 +0200 (CEST) X-Virus-Scanned: amavisd-new at amavis.loopia.se X-Spam-Flag: NO X-Spam-Score: -1.009 X-Spam-Level: X-Spam-Status: No, score=-1.009 tagged_above=-999 required=6.2 tests=[ALL_TRUSTED=-1, HTML_MESSAGE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=disabled Received: from s934.loopia.se ([172.22.191.5]) by s473.loopia.se (s473.loopia.se [172.22.190.13]) (amavisd-new, port 10024) with LMTP id Iu9g0oVV8PPh; Wed, 4 Oct 2023 06:45:50 +0200 (CEST) X-Loopia-Auth: user X-Loopia-User: peter@libassi.se X-Loopia-Originating-IP: 83.227.126.4 Received: from smtpclient.apple (c-047ee353.03-77-73746f30.bbcust.telenor.se [83.227.126.4]) (Authenticated sender: peter@libassi.se) by s934.loopia.se (Postfix) with ESMTPSA id C5E997CEA3F; Wed, 4 Oct 2023 06:45:50 +0200 (CEST) From: Peter Libassi Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_2C097AA0-7331-462A-A61C-468B4936453F" List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\)) Subject: Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED] Date: Wed, 4 Oct 2023 06:45:40 +0200 In-Reply-To: Cc: FreeBSD-STABLE Mailing List To: monochrome References: <20231003230335.0B92113333@freefall.freebsd.org> X-Mailer: Apple Mail (2.3774.100.2.1.4) X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:39570, ipnet:93.188.2.0/23, country:SE] X-Rspamd-Queue-Id: 4S0hw250xSz3Q8H --Apple-Mail=_2C097AA0-7331-462A-A61C-468B4936453F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Me too! My sshd_config is also customized and everytime there is a new = patch I need to run freebsd-update manually and get rid of the attempt = to trash the sshd config that could make my server unreachable over the = network. Why does the freebsd-update need a vanilla sshd_config? Why not give a message and put the new freebsd vanillia sshd_config file = in /etc/ssh/sshd_config-new_version? Does this behaviour mean that the /etc/ssh/sshd_config is = uncustomizable? and if you need custom sshd configuration you should use = the port provided openssh-portable? > 4 okt. 2023 kl. 04:13 skrev monochrome : >=20 > not sure if this is related or appropriate here, but for the last 2 or = 3 updates freebsd-update has been hanging on this: >=20 > The following files are affected by updates. No changes have > been downloaded, however, because the files have been modified > locally: > /etc/ssh/sshd_config >=20 >=20 >=20 > a minor annoyance, but is this the new normal? = this file will obviously be changed on most systems, why do I seem like = the only one with this problem? >=20 > >=20 > as of today its still doing it: FreeBSD quartzon 13.2-RELEASE-p4 = FreeBSD 13.2-RELEASE-p4 GENERIC amd64 >=20 >=20 > On 10/3/23 19:03, FreeBSD Errata Notices wrote: >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D >> FreeBSD-EN-23:09.freebsd-update = Errata Notice >> The FreeBSD = Project >>=20 >> Topic: freebsd-update incorrectly merges files on upgrade >>=20 >> Category: core >> Module: freebsd-update >> Announced: 2023-09-06 >> Affects: FreeBSD 13.2 >> Corrected: 2023-05-16 21:34:10 UTC (stable/13, 13.2-STABLE) >> 2023-09-06 16:56:24 UTC (releng/13.2, = 13.2-RELEASE-p3) >> 2023-09-28 13:42:18 UTC (stable/12, 12.4-STABLE) >> 2023-10-03 22:15:35 UTC (releng/12.4, = 12.4-RELEASE-p6) >>=20 >> For general information regarding FreeBSD Errata Notices and Security >> Advisories, including descriptions of the fields above, security >> branches, and the following sections, please visit >> . >>=20 >> 2023-09-06 Initial Revision >> 2023-10-03 Updated to include the patch for 12.4-RELEASE. >>=20 >> I. Background >>=20 >> freebsd-update provides binary updates for supported releases of = FreeBSD on >> amd64, arm64, and i386. >>=20 >> II. Problem Description >>=20 >> freebsd-update incorrectly deleted files in /etc/ in the event the = file to be >> updated matched the new release and was different than the old = release. This >> has not been an issue previously because the $FreeBSD$ tag expansion = from >> subversion virtually guaranteed the existing file was going to be = different >> from the new release. With the conversion to git in the 13.x = releases, >> $FreeBSD$ is no longer expanded, making it much more likely that a = file would >> find this issue. >>=20 >> III. Impact >>=20 >> Unmodified files in /etc/ may be deleted on running freebsd-update = upgrade. >>=20 >> IV. Workaround >>=20 >> No workaround is available. >>=20 >> V. Solution >>=20 >> Upgrade your system to a supported FreeBSD stable or release / = security >> branch (releng) dated after the correction date. >>=20 >> Perform one of the following: >>=20 >> 1) To update your system via a binary patch: >>=20 >> Systems running a RELEASE version of FreeBSD on the amd64, i386, or >> (on FreeBSD 13 and later) arm64 platforms can be updated via the >> freebsd-update(8) utility: >>=20 >> # freebsd-update fetch >> # freebsd-update install >>=20 >> 2) To update your system via a source code patch: >>=20 >> The following patches have been verified to apply to the applicable >> FreeBSD release branches. >>=20 >> a) Download the relevant patch from the location below, and verify = the >> detached PGP signature using your PGP utility. >>=20 >> # fetch = https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch = >> # fetch = https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch.asc = >> # gpg --verify freebsd-update.patch.asc >>=20 >> b) Apply the patch. Execute the following commands as root: >>=20 >> # cd /usr/src >> # patch < /path/to/patch >>=20 >> c) Recompile the operating system using buildworld and installworld = as >> described in = . >>=20 >> VI. Correction details >>=20 >> This issue is corrected by the corresponding Git commit hash or = Subversion >> revision number in the following stable and release branches: >>=20 >> Branch/path Hash = Revision >> = ------------------------------------------------------------------------- >> stable/13/ 866e5c6b3ce7 = stable/13-n255386 >> releng/13.2/ 0b39d9de2e71 = releng/13.2-n254628 >> stable/12/ = r373221 >> releng/12.4/ = r373231 >> = ------------------------------------------------------------------------- >>=20 >> For FreeBSD 13 and later: >>=20 >> Run the following command to see which files were modified by a >> particular commit: >>=20 >> # git show --stat >>=20 >> Or visit the following URL, replacing NNNNNN with the hash: >>=20 >> = >>=20 >> To determine the commit count in a working tree (for comparison = against >> nNNNNNN in the table above), run: >>=20 >> # git rev-list --count --first-parent HEAD >>=20 >> For FreeBSD 12 and earlier: >>=20 >> Run the following command to see which files were modified by a = particular >> revision, replacing NNNNNN with the revision number: >>=20 >> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base >>=20 >> Or visit the following URL, replacing NNNNNN with the revision = number: >>=20 >> = >>=20 >> VII. References >>=20 >> = >>=20 >> The latest revision of this advisory is available at >> = = > > >=20 --Apple-Mail=_2C097AA0-7331-462A-A61C-468B4936453F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Me too! My = sshd_config is also customized and everytime there is a new patch I need = to run freebsd-update manually and get rid of the attempt to trash the = sshd config that could make my server unreachable over the = network.

Why does the freebsd-update need a vanilla = sshd_config?
Why not give a message and put the new freebsd = vanillia sshd_config file in = /etc/ssh/sshd_config-new_version?
Does this behaviour mean = that the /etc/ssh/sshd_config is uncustomizable? and if you need custom = sshd configuration you should use the port provided openssh-portable?




4 okt. 2023 kl. 04:13 skrev monochrome = <monochrome@twcny.rr.com>:

=20 =20

not sure if this is related or appropriate here, but for the = last 2 or 3 updates freebsd-update has been hanging on this:

The = following files are affected by updates. No changes have
been downloaded, however, because the files have been modified
locally:
/etc/ssh/sshd_config


a minor annoyance, but is this the new normal?<ecRV9YIelkR0MQGe.png&g= t; this file will obviously be changed on most systems, why do I seem like the only one with this problem?

<cDK2pd07H0DkdvFY.png&g= t;

as of today its still doing it: FreeBSD quartzon = 13.2-RELEASE-p4 FreeBSD 13.2-RELEASE-p4 GENERIC amd64

On 10/3/23 19:03, FreeBSD Errata Notices wrote:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D
= FreeBSD-EN-23:09.freebsd-update       &= nbsp;           &nb= sp;            = ; Errata Notice
=             &n= bsp;           &nbs= p;            =             &n= bsp;        The FreeBSD Project

Topic:          = freebsd-update incorrectly merges files on upgrade

Category:       core
Module:         = freebsd-update
Announced:      2023-09-06
Affects:        FreeBSD = 13.2
Corrected:      2023-05-16 21:34:10 UTC = (stable/13, 13.2-STABLE)
=             &n= bsp;   2023-09-06 16:56:24 UTC (releng/13.2, 13.2-RELEASE-p3)
=             &n= bsp;   2023-09-28 13:42:18 UTC (stable/12, 12.4-STABLE)
=             &n= bsp;   2023-10-03 22:15:35 UTC (releng/12.4, 12.4-RELEASE-p6)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, = security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.or= g/>.

2023-09-06      Initial Revision
2023-10-03      Updated to include the = patch for 12.4-RELEASE.

I.   Background

freebsd-update provides binary updates for supported releases of FreeBSD on
amd64, arm64, and i386.

II.  Problem Description

freebsd-update incorrectly deleted files in /etc/ in the event the file to be
updated matched the new release and was different than the old release.  This
has not been an issue previously because the $FreeBSD$ tag expansion from
subversion virtually guaranteed the existing file was going to be different
from the new release. With the conversion to git in the 13.x releases,
$FreeBSD$ is no longer expanded, making it much more likely that a file would
find this issue.

III. Impact

Unmodified files in /etc/ may be deleted on running freebsd-update upgrade.

IV.  Workaround

No workaround is available.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via = the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch # fetch https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch.a= sc
# gpg --verify freebsd-update.patch.asc

b) Apply the patch.  Execute the following commands as = root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://w= ww.FreeBSD.org/handbook/makeworld.html>.

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

= Branch/path          &nb= sp;            = ;      = Hash           &nbs= p;         Revision
= -------------------------------------------------------------------------<= br> = stable/13/          &nbs= p;            =        866e5c6b3ce7    stable/13-n255386
= releng/13.2/          &n= bsp;           &nbs= p;     0b39d9de2e71  releng/13.2-n254628
= stable/12/          &nbs= p;            =             &n= bsp;           &nbs= p;        r373221
= releng/12.4/          &n= bsp;           &nbs= p;            =             &n= bsp;      r373231
= -------------------------------------------------------------------------<= br>
For FreeBSD 13 and later:

Run the following command to see which files were modified by = a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://= cgit.freebsd.org/src/commit/?id=3DNNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

For FreeBSD 12 and earlier:

Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=3Drevision&revision=3D= NNNNNN>

VII. References

<URL:https://reviews.freebs= d.org/D39973>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:0= 9.freebsd-update.asc>
>

= --Apple-Mail=_2C097AA0-7331-462A-A61C-468B4936453F--