[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:13.freebsd-update
FreeBSD Errata Notices
errata-notices at freebsd.org
Tue Dec 23 23:33:41 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
FreeBSD-EN-14:13.freebsd-update Errata Notice
The FreeBSD Project
Topic: freebsd-update attempts to remove the root directory
Credits: Colin Percival
Affects: All supported versions of FreeBSD.
Corrected: 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)
2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)
2014-12-22 22:11:39 UTC (stable/10, 10.0-STABLE)
2014-12-22 22:11:50 UTC (stable/9, 9.3-STABLE)
2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)
2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)
2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)
2014-12-22 22:11:45 UTC (stable/8, 8.4-STABLE)
2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
The freebsd-update(8) utility is used to apply binary patches to FreeBSD
systems installed from official release images, as an alternative to
rebuilding from source. A freebsd-update(8) build server generates the
signed update packages, consisting of an index of files and directories
with checksums before the update, a set of binary patches, and an
index of files and directories with checksums after the update. The
client downloades the indexes, verifies the signatures and checksums,
then downloads and applies the required patches.
The freebsd-update(8) utility views the system as a set of components:
"world", "kernel" and "src". The "world" component is divided into
four subcomponents: "base", "doc", "lib32" and "games". These
components and subcomponents correspond to six of the seven system
components offered during installation (the seventh being ports, which
is handled by the portsnap utility).
II. Problem Description
1) The default configuration for freebsd-update(8) has all six
components enabled. Components which are not installed should be
disabled in the configuration file. Failing to do so is normally
harmless, as the freebsd-update(8) client will ignore instructions
to patch files that do not exist on the system. However, if an
update adds a file, it will be installed even if it belongs to
a component which was not previously installed.
Due to human error, the world/lib32 component, containing 32-bit
compatibility libraries for 64-bit systems, was left out of the
freebsd-update(8) server's baseline for FreeBSD 10.1-RELEASE. As a
result, the freebsd-update(8) client removed these libraries when
upgrading a system from an earlier release. The 32-bit libraries
were re-added as part of the first set of updates released after
the mistake was discovered.
2) Under certain circumstances, it is possible for the freebsd-update(8)
build server to generate an update package requiring the client to
both remove and create the same directory. The client will normally
detect this situation and ignore the conflicting instructions.
Due to insufficient input normalization, if the directory being
both removed and created is the root directory, the freebsd-update(8)
client will fail to recognize that both instructions refer to the
same directory. It will then attempt and fail to 'rmdir /',
producing an error message.
The first issue will cause freebsd-update(8) to install 32-bit libraries
on 10.1 systems where they were intentionally left out during installation
but /etc/freebsd-update.conf was not edited to reflect this.
The second issue, which is triggered by the addition of lib32, will
result in a harmless but disconcerting error message when installing
The first issue is strictly speaking a configuration error. To
address it, update /etc/freebsd-update.conf to reflect the set of
components that are installed on the system. Specifically, replace
"world" on the Components line with "world/base", and add "world/doc"
and / or "world/games" if those those components were selected during
The second issue is harmless and can safely be ignored. A workaround
has been put in place on the freebsd-update(8) build server so the error
will not occur while installing the update that corrects it.
Systems which are updated from source rather than using freebsd-update(8)
are not affected.
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-14:13/freebsd-update.patch
# fetch https://security.FreeBSD.org/patches/EN-14:13/freebsd-update.patch.asc
# gpg --verify freebsd-update.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/freebsd-update.patch
c) Rebuild and reinstall the freebsd-update(8) client:
# cd /usr/src/usr.sbin/freebsd-update
# make && make install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
The latest revision of this Errata Notice is available at
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the freebsd-announce