Date: Wed, 4 Oct 2023 06:45:40 +0200 From: Peter Libassi <peter@libassi.se> To: monochrome <monochrome@twcny.rr.com> Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org> Subject: Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED] Message-ID: <E5535DBD-9199-4151-A485-119E5CD02EA2@libassi.se> In-Reply-To: <aaabb189-b0df-4bd2-94d2-12d407b080b1@twcny.rr.com> References: <20231003230335.0B92113333@freefall.freebsd.org> <aaabb189-b0df-4bd2-94d2-12d407b080b1@twcny.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_2C097AA0-7331-462A-A61C-468B4936453F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Me too! My sshd_config is also customized and everytime there is a new = patch I need to run freebsd-update manually and get rid of the attempt = to trash the sshd config that could make my server unreachable over the = network. Why does the freebsd-update need a vanilla sshd_config? Why not give a message and put the new freebsd vanillia sshd_config file = in /etc/ssh/sshd_config-new_version? Does this behaviour mean that the /etc/ssh/sshd_config is = uncustomizable? and if you need custom sshd configuration you should use = the port provided openssh-portable? > 4 okt. 2023 kl. 04:13 skrev monochrome <monochrome@twcny.rr.com>: >=20 > not sure if this is related or appropriate here, but for the last 2 or = 3 updates freebsd-update has been hanging on this: >=20 > The following files are affected by updates. No changes have > been downloaded, however, because the files have been modified > locally: > /etc/ssh/sshd_config >=20 >=20 >=20 > a minor annoyance, but is this the new normal?<ecRV9YIelkR0MQGe.png> = this file will obviously be changed on most systems, why do I seem like = the only one with this problem? >=20 > <cDK2pd07H0DkdvFY.png> >=20 > as of today its still doing it: FreeBSD quartzon 13.2-RELEASE-p4 = FreeBSD 13.2-RELEASE-p4 GENERIC amd64 >=20 >=20 > On 10/3/23 19:03, FreeBSD Errata Notices wrote: >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D >> FreeBSD-EN-23:09.freebsd-update = Errata Notice >> The FreeBSD = Project >>=20 >> Topic: freebsd-update incorrectly merges files on upgrade >>=20 >> Category: core >> Module: freebsd-update >> Announced: 2023-09-06 >> Affects: FreeBSD 13.2 >> Corrected: 2023-05-16 21:34:10 UTC (stable/13, 13.2-STABLE) >> 2023-09-06 16:56:24 UTC (releng/13.2, = 13.2-RELEASE-p3) >> 2023-09-28 13:42:18 UTC (stable/12, 12.4-STABLE) >> 2023-10-03 22:15:35 UTC (releng/12.4, = 12.4-RELEASE-p6) >>=20 >> For general information regarding FreeBSD Errata Notices and Security >> Advisories, including descriptions of the fields above, security >> branches, and the following sections, please visit >> <URL:https://security.FreeBSD.org/>; <https://security.freebsd.org/>. >>=20 >> 2023-09-06 Initial Revision >> 2023-10-03 Updated to include the patch for 12.4-RELEASE. >>=20 >> I. Background >>=20 >> freebsd-update provides binary updates for supported releases of = FreeBSD on >> amd64, arm64, and i386. >>=20 >> II. Problem Description >>=20 >> freebsd-update incorrectly deleted files in /etc/ in the event the = file to be >> updated matched the new release and was different than the old = release. This >> has not been an issue previously because the $FreeBSD$ tag expansion = from >> subversion virtually guaranteed the existing file was going to be = different >> from the new release. With the conversion to git in the 13.x = releases, >> $FreeBSD$ is no longer expanded, making it much more likely that a = file would >> find this issue. >>=20 >> III. Impact >>=20 >> Unmodified files in /etc/ may be deleted on running freebsd-update = upgrade. >>=20 >> IV. Workaround >>=20 >> No workaround is available. >>=20 >> V. Solution >>=20 >> Upgrade your system to a supported FreeBSD stable or release / = security >> branch (releng) dated after the correction date. >>=20 >> Perform one of the following: >>=20 >> 1) To update your system via a binary patch: >>=20 >> Systems running a RELEASE version of FreeBSD on the amd64, i386, or >> (on FreeBSD 13 and later) arm64 platforms can be updated via the >> freebsd-update(8) utility: >>=20 >> # freebsd-update fetch >> # freebsd-update install >>=20 >> 2) To update your system via a source code patch: >>=20 >> The following patches have been verified to apply to the applicable >> FreeBSD release branches. >>=20 >> a) Download the relevant patch from the location below, and verify = the >> detached PGP signature using your PGP utility. >>=20 >> # fetch = https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch = <https://security.freebsd.org/patches/EN-23:09/freebsd-update.patch>; >> # fetch = https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch.asc = <https://security.freebsd.org/patches/EN-23:09/freebsd-update.patch.asc>; >> # gpg --verify freebsd-update.patch.asc >>=20 >> b) Apply the patch. Execute the following commands as root: >>=20 >> # cd /usr/src >> # patch < /path/to/patch >>=20 >> c) Recompile the operating system using buildworld and installworld = as >> described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>; = <https://www.freebsd.org/handbook/makeworld.html>. >>=20 >> VI. Correction details >>=20 >> This issue is corrected by the corresponding Git commit hash or = Subversion >> revision number in the following stable and release branches: >>=20 >> Branch/path Hash = Revision >> = ------------------------------------------------------------------------- >> stable/13/ 866e5c6b3ce7 = stable/13-n255386 >> releng/13.2/ 0b39d9de2e71 = releng/13.2-n254628 >> stable/12/ = r373221 >> releng/12.4/ = r373231 >> = ------------------------------------------------------------------------- >>=20 >> For FreeBSD 13 and later: >>=20 >> Run the following command to see which files were modified by a >> particular commit: >>=20 >> # git show --stat <commit hash> >>=20 >> Or visit the following URL, replacing NNNNNN with the hash: >>=20 >> <URL:https://cgit.freebsd.org/src/commit/?id=3DNNNNNN>; = <https://cgit.freebsd.org/src/commit/?id=3DNNNNNN>; >>=20 >> To determine the commit count in a working tree (for comparison = against >> nNNNNNN in the table above), run: >>=20 >> # git rev-list --count --first-parent HEAD >>=20 >> For FreeBSD 12 and earlier: >>=20 >> Run the following command to see which files were modified by a = particular >> revision, replacing NNNNNN with the revision number: >>=20 >> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base >>=20 >> Or visit the following URL, replacing NNNNNN with the revision = number: >>=20 >> <URL:https://svnweb.freebsd.org/base?view=3Drevision&revision=3DNNNNNN>= <https://svnweb.freebsd.org/base?view=3Drevision&revision=3DNNNNNN>; >>=20 >> VII. References >>=20 >> <URL:https://reviews.freebsd.org/D39973>; = <https://reviews.freebsd.org/D39973>; >>=20 >> The latest revision of this advisory is available at >> = <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:09.freebsd-upda= te.asc> = <https://security.freebsd.org/advisories/FreeBSD-EN-23:09.freebsd-update.a= sc> > > >=20 --Apple-Mail=_2C097AA0-7331-462A-A61C-468B4936453F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv=3D"content-type" content=3D"text/html; = charset=3Dus-ascii"></head><body style=3D"overflow-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;">Me too! My = sshd_config is also customized and everytime there is a new patch I need = to run freebsd-update manually and get rid of the attempt to trash the = sshd config that could make my server unreachable over the = network.<div><br></div><div>Why does the freebsd-update need a vanilla = sshd_config?</div><div>Why not give a message and put the new freebsd = vanillia sshd_config file in = /etc/ssh/sshd_config-new_version?</div><div>Does this behaviour mean = that the /etc/ssh/sshd_config is uncustomizable? and if you need custom = sshd configuration you should use the port provided <span = style=3D"caret-color: rgb(0, 0, 0); color: rgb(0, 0, = 0);">openssh-portable?</span></div><div><span style=3D"caret-color: = rgb(0, 0, 0); color: rgb(0, 0, 0);"><br></span></div><div><span = style=3D"caret-color: rgb(0, 0, 0); color: rgb(0, 0, = 0);"><br></span></div><div><br = id=3D"lineBreakAtBeginningOfMessage"><div><br><blockquote = type=3D"cite"><div>4 okt. 2023 kl. 04:13 skrev monochrome = <monochrome@twcny.rr.com>:</div><br = class=3D"Apple-interchange-newline"><div> =20 <meta http-equiv=3D"Content-Type" content=3D"text/html; = charset=3DUTF-8"> =20 <div><p>not sure if this is related or appropriate here, but for the = last 2 or 3 updates freebsd-update has been hanging on this:</p><p>The = following files are affected by updates. No changes have<br> been downloaded, however, because the files have been modified<br> locally:<br> /etc/ssh/sshd_config</p><p><br> </p><p>a minor annoyance, but is this the new normal?<span = id=3D"cid:part1.Y6ikkSBw.l4ogKRvb@twcny.rr.com"><ecRV9YIelkR0MQGe.png&g= t;</span> this file will obviously be changed on most systems, why do I seem like the only one with this problem?</p><p><span = id=3D"cid:part2.4orTk5Q0.0Iuzfk5b@twcny.rr.com"><cDK2pd07H0DkdvFY.png&g= t;</span></p><p>as of today its still doing it: FreeBSD quartzon = 13.2-RELEASE-p4 FreeBSD 13.2-RELEASE-p4 GENERIC amd64<br> <br> </p> On 10/3/23 19:03, FreeBSD Errata Notices wrote:<br> <blockquote = type=3D"cite">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D<br> = FreeBSD-EN-23:09.freebsd-update &= nbsp; &nb= sp;  = ; Errata Notice<br> = &n= bsp; &nbs= p; = &n= bsp; The FreeBSD Project<br> <br> Topic: = freebsd-update incorrectly merges files on upgrade<br> <br> Category: core<br> Module: = freebsd-update<br> Announced: 2023-09-06<br> Affects: FreeBSD = 13.2<br> Corrected: 2023-05-16 21:34:10 UTC = (stable/13, 13.2-STABLE)<br> = &n= bsp; 2023-09-06 16:56:24 UTC (releng/13.2, 13.2-RELEASE-p3)<br> = &n= bsp; 2023-09-28 13:42:18 UTC (stable/12, 12.4-STABLE)<br> = &n= bsp; 2023-10-03 22:15:35 UTC (releng/12.4, 12.4-RELEASE-p6)<br> <br> For general information regarding FreeBSD Errata Notices and Security<br> Advisories, including descriptions of the fields above, = security<br> branches, and the following sections, please visit<br> <a class=3D"moz-txt-link-rfc1738" = href=3D"https://security.freebsd.org/"><URL:https://security.FreeBSD.or= g/></a>.<br> <br> 2023-09-06 Initial Revision<br> 2023-10-03 Updated to include the = patch for 12.4-RELEASE.<br> <br> I. Background<br> <br> freebsd-update provides binary updates for supported releases of FreeBSD on<br> amd64, arm64, and i386.<br> <br> II. Problem Description<br> <br> freebsd-update incorrectly deleted files in /etc/ in the event the file to be<br> updated matched the new release and was different than the old release. This<br> has not been an issue previously because the $FreeBSD$ tag expansion from<br> subversion virtually guaranteed the existing file was going to be different<br> from the new release. With the conversion to git in the 13.x releases,<br> $FreeBSD$ is no longer expanded, making it much more likely that a file would<br> find this issue.<br> <br> III. Impact<br> <br> Unmodified files in /etc/ may be deleted on running freebsd-update upgrade.<br> <br> IV. Workaround<br> <br> No workaround is available.<br> <br> V. Solution<br> <br> Upgrade your system to a supported FreeBSD stable or release / security<br> branch (releng) dated after the correction date.<br> <br> Perform one of the following:<br> <br> 1) To update your system via a binary patch:<br> <br> Systems running a RELEASE version of FreeBSD on the amd64, i386, or<br> (on FreeBSD 13 and later) arm64 platforms can be updated via = the<br> freebsd-update(8) utility:<br> <br> # freebsd-update fetch<br> # freebsd-update install<br> <br> 2) To update your system via a source code patch:<br> <br> The following patches have been verified to apply to the applicable<br> FreeBSD release branches.<br> <br> a) Download the relevant patch from the location below, and verify the<br> detached PGP signature using your PGP utility.<br> <br> # fetch <a class=3D"moz-txt-link-freetext" = href=3D"https://security.freebsd.org/patches/EN-23:09/freebsd-update.patch= ">https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch</a><b= r> # fetch <a class=3D"moz-txt-link-freetext" = href=3D"https://security.freebsd.org/patches/EN-23:09/freebsd-update.patch= .asc">https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch.a= sc</a><br> # gpg --verify freebsd-update.patch.asc<br> <br> b) Apply the patch. Execute the following commands as = root:<br> <br> # cd /usr/src<br> # patch < /path/to/patch<br> <br> c) Recompile the operating system using buildworld and installworld as<br> described in <a class=3D"moz-txt-link-rfc1738" = href=3D"https://www.freebsd.org/handbook/makeworld.html"><URL:https://w= ww.FreeBSD.org/handbook/makeworld.html></a>.<br> <br> VI. Correction details<br> <br> This issue is corrected by the corresponding Git commit hash or Subversion<br> revision number in the following stable and release branches:<br> <br> = Branch/path &nb= sp;  = ; = Hash &nbs= p; Revision<br> = -------------------------------------------------------------------------<= br> = stable/13/ &nbs= p; = 866e5c6b3ce7 stable/13-n255386<br> = releng/13.2/ &n= bsp; &nbs= p; 0b39d9de2e71 releng/13.2-n254628<br> = stable/12/ &nbs= p; = &n= bsp; &nbs= p; r373221<br> = releng/12.4/ &n= bsp; &nbs= p; = &n= bsp; r373231<br> = -------------------------------------------------------------------------<= br> <br> For FreeBSD 13 and later:<br> <br> Run the following command to see which files were modified by = a<br> particular commit:<br> <br> # git show --stat <commit hash><br> <br> Or visit the following URL, replacing NNNNNN with the hash:<br> <br> <a class=3D"moz-txt-link-rfc1738" = href=3D"https://cgit.freebsd.org/src/commit/?id=3DNNNNNN"><URL:https://= cgit.freebsd.org/src/commit/?id=3DNNNNNN></a><br> <br> To determine the commit count in a working tree (for comparison against<br> nNNNNNN in the table above), run:<br> <br> # git rev-list --count --first-parent HEAD<br> <br> For FreeBSD 12 and earlier:<br> <br> Run the following command to see which files were modified by a particular<br> revision, replacing NNNNNN with the revision number:<br> <br> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base<br> <br> Or visit the following URL, replacing NNNNNN with the revision number:<br> <br> <a class=3D"moz-txt-link-rfc1738" = href=3D"https://svnweb.freebsd.org/base?view=3Drevision&revision=3DNNN= NNN"><URL:https://svnweb.freebsd.org/base?view=3Drevision&revision=3D= NNNNNN></a><br> <br> VII. References<br> <br> <a class=3D"moz-txt-link-rfc1738" = href=3D"https://reviews.freebsd.org/D39973"><URL:https://reviews.freebs= d.org/D39973></a><br> <br> The latest revision of this advisory is available at<br> <a class=3D"moz-txt-link-rfc1738" = href=3D"https://security.freebsd.org/advisories/FreeBSD-EN-23:09.freebsd-u= pdate.asc"><URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:0= 9.freebsd-update.asc></a><br> </blockquote> <span style=3D"white-space: pre-wrap; display: block; width: = 98vw;">> </span><br> </div> </div></blockquote></div><br></div></body></html>= --Apple-Mail=_2C097AA0-7331-462A-A61C-468B4936453F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E5535DBD-9199-4151-A485-119E5CD02EA2>