From owner-freebsd-security@freebsd.org  Fri Aug 26 17:24:29 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6B634B75797
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Fri, 26 Aug 2016 17:24:29 +0000 (UTC)
 (envelope-from martin@lispworks.com)
Received: from lwfs1-cam.cam.lispworks.com (mail.lispworks.com [46.17.166.21])
 by mx1.freebsd.org (Postfix) with ESMTP id 12E53142
 for <freebsd-security@freebsd.org>; Fri, 26 Aug 2016 17:24:27 +0000 (UTC)
 (envelope-from martin@lispworks.com)
Received: from higson.cam.lispworks.com (higson.cam.lispworks.com
 [192.168.1.7])
 by lwfs1-cam.cam.lispworks.com (8.14.9/8.14.9) with ESMTP id u7QHOIGZ088903;
 Fri, 26 Aug 2016 18:24:18 +0100 (BST)
 (envelope-from martin@lispworks.com)
Received: from higson.cam.lispworks.com (localhost.localdomain [127.0.0.1]) by
 higson.cam.lispworks.com (8.14.4) id u7QHOI15001233;
 Fri, 26 Aug 2016 18:24:18 +0100
Received: (from martin@localhost)
 by higson.cam.lispworks.com (8.14.4/8.14.4/Submit) id u7QHOIIh001228;
 Fri, 26 Aug 2016 18:24:18 +0100
Date: Fri, 26 Aug 2016 18:24:18 +0100
Message-Id: <201608261724.u7QHOIIh001228@higson.cam.lispworks.com>
From: Martin Simmons <martin@lispworks.com>
To: freebsd-security@freebsd.org
In-reply-to: <20160823002821.GJ1069@FreeBSD.org> (message from Gleb Smirnoff
 on Mon, 22 Aug 2016 17:28:21 -0700)
Subject: Re: Unexplained update to /boot/boot1.efi and 2 others by
 freebsd-update
References: <201608221415.u7MEFl8d009158@higson.cam.lispworks.com>
 <20160823002821.GJ1069@FreeBSD.org>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Aug 2016 17:24:29 -0000

>>>>> On Mon, 22 Aug 2016 17:28:21 -0700, Gleb Smirnoff said:
> 
>   Martin,
> 
> On Mon, Aug 22, 2016 at 03:15:47PM +0100, Martin Simmons wrote:
> M> Running freebsd-update to convert 10.1-RELEASE-p36 to -p37 updates 3 efi files
> M> in /boot, but they are not mentioned in any security advisory or errata notice
> M> that I can find and no corresponding source files are updated.  This is
> M> repeatable on several unrelated systems so I don't think my files have been
> M> corrupted.
> M> 
> M> Is this expected?
> 
> The freebsd-update build code attempts to extract and ignore timestamps in order
> to determine whether files are 'really' changing between builds; unfortunately these
> particular files contain a build artifact which the freebsd-update code was not
> able to handle, thus resulting in them being incorrectly identified as needing to be
> distributed.
> 
> So, this shouldn't have happened. But don't worry the files aren't forged and they
> do originate from the official freebsd-update server.

Thanks, that's good to know.

__Martin