From owner-freebsd-security@freebsd.org  Mon Aug 22 14:26:16 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E291EBC1A49
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Mon, 22 Aug 2016 14:26:16 +0000 (UTC)
 (envelope-from martin@lispworks.com)
Received: from lwfs1-cam.cam.lispworks.com (mail.lispworks.com [46.17.166.21])
 by mx1.freebsd.org (Postfix) with ESMTP id 8DA651EFA
 for <freebsd-security@freebsd.org>; Mon, 22 Aug 2016 14:26:15 +0000 (UTC)
 (envelope-from martin@lispworks.com)
Received: from higson.cam.lispworks.com (higson.cam.lispworks.com
 [192.168.1.7])
 by lwfs1-cam.cam.lispworks.com (8.14.9/8.14.9) with ESMTP id u7MEFlHr028958;
 Mon, 22 Aug 2016 15:15:47 +0100 (BST)
 (envelope-from martin@lispworks.com)
Received: from higson.cam.lispworks.com (localhost.localdomain [127.0.0.1]) by
 higson.cam.lispworks.com (8.14.4) id u7MEFlsr009161;
 Mon, 22 Aug 2016 15:15:47 +0100
Received: (from martin@localhost)
 by higson.cam.lispworks.com (8.14.4/8.14.4/Submit) id u7MEFl8d009158;
 Mon, 22 Aug 2016 15:15:47 +0100
Date: Mon, 22 Aug 2016 15:15:47 +0100
Message-Id: <201608221415.u7MEFl8d009158@higson.cam.lispworks.com>
From: Martin Simmons <martin@lispworks.com>
To: freebsd-security@freebsd.org
Subject: Unexplained update to /boot/boot1.efi and 2 others by freebsd-update
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2016 14:26:17 -0000

Running freebsd-update to convert 10.1-RELEASE-p36 to -p37 updates 3 efi files
in /boot, but they are not mentioned in any security advisory or errata notice
that I can find and no corresponding source files are updated.  This is
repeatable on several unrelated systems so I don't think my files have been
corrupted.

Is this expected?

# freebsd-version -u
10.1-RELEASE-p36
# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.1-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files are affected by updates, but no changes have
been downloaded because the files have been modified locally:
/etc/ntp.conf

The following files will be updated as part of updating to 10.1-RELEASE-p37:
/bin/freebsd-version
/boot/boot1.efi
/boot/boot1.efifat
/boot/loader.efi
/usr/bin/bspatch
/usr/sbin/freebsd-update
/usr/src/sys/conf/newvers.sh
/usr/src/usr.bin/bsdiff/bspatch/bspatch.c
/usr/src/usr.sbin/freebsd-update/freebsd-update.sh

__Martin