svn commit: r43044 - in head/share: security/advisories security/patches/EN-13:04 xml
Xin LI
delphij at FreeBSD.org
Sat Oct 26 20:21:28 UTC 2013
Author: delphij
Date: Sat Oct 26 20:21:27 2013
New Revision: 43044
URL: http://svnweb.freebsd.org/changeset/doc/43044
Log:
Add latest errata notice:
Fix multiple freebsd-update bugs that break upgrading to
FreeBSD 10.0. [EN-13:04]
Added:
head/share/security/advisories/FreeBSD-EN-13:04.freebsd-update.asc (contents, props changed)
head/share/security/patches/EN-13:04/
head/share/security/patches/EN-13:04/freebsd-update.patch (contents, props changed)
head/share/security/patches/EN-13:04/freebsd-update.patch.asc (contents, props changed)
Modified:
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-13:04.freebsd-update.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-13:04.freebsd-update.asc Sat Oct 26 20:21:27 2013 (r43044)
@@ -0,0 +1,157 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-13:04.freebsd-update Errata Notice
+ The FreeBSD Project
+
+Topic: Multiple freebsd-update bugs break upgrading to FreeBSD 10.0
+
+Category: base
+Module: freebsd-update
+Announced: 2013-10-24
+Credits: Colin Percival
+Affects: All supported FreeBSD releases
+Corrected: 2013-10-26 08:34:35 UTC (stable/10, 10.0-STABLE)
+ 2013-10-26 08:34:35 UTC (stable/10, 10.0-BETA1-p1)
+ 2013-10-26 19:54:28 UTC (stable/9, 9.2-STABLE)
+ 2013-10-26 20:01:00 UTC (releng/9.2, 9.2-RELEASE-p1)
+ 2013-10-26 20:01:00 UTC (releng/9.2, 9.2-RC4-p1)
+ 2013-10-26 20:01:00 UTC (releng/9.2, 9.2-RC3-p2)
+ 2013-10-26 20:01:00 UTC (releng/9.1, 9.1-RELEASE-p8)
+ 2013-10-26 19:54:28 UTC (stable/8, 8.4-STABLE)
+ 2013-10-26 20:01:00 UTC (releng/8.4, 8.4-RELEASE-p5)
+ 2013-10-26 20:01:00 UTC (releng/8.3, 8.3-RELEASE-p12)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I. Background
+
+The freebsd-update(8) utility is used to download and apply binary diffs
+for security and errata patches on systems installed from official FreeBSD
+release CDs and DVDs. It can also be used to upgrade such systems to new
+FreeBSD releases.
+
+II. Problem Description
+
+The freebsd-update(8) utility always updates shared libraries first, so
+new or updated libraries will be avaialble when binaries that use them are
+installed or updated. If shared libraries appear in a directory which
+does not already exist on the target system, freebsd-update(8) will
+attempt to install them before creating the directory.
+
+At the end of the updating process, freebsd-update(8) removes old shared
+libraries which should no longer exist. An error in filtering the list
+of filesystem objects results in symlinks to shared libraries being
+incorrectly included in the lists of shared libraries.
+
+Additionally, freebsd-update(8) rejects updates which include files with
+the tilde character ('~') in their names. Such files sometimes occur in
+third-party software and may be included in the src distribution.
+
+III. Impact
+
+It is not possible to use freebsd-update(8) to upgrade an existing
+installation to FreeBSD 10.0-BETA1, because 10.0 introduces two new shared
+library directories, the /usr/lib/libc.so symlink is replaced by a regular
+file, and the source distribution includes a file with a tilde in its name.
+
+It is not possible to use freebsd-update(8) to update 10.0-BETA1, as its
+source distribution includes a file with a tilde in its name.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-13:04/freebsd-update.patch
+# fetch http://security.FreeBSD.org/patches/EN-13:04/freebsd-update.patch.asc
+# gpg --verify freebsd-update.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Reinstall freebsd-update.
+
+# cd /usr/src/usr.sbin/freebsd-update
+# make install -DWITHOUT_MAN
+
+3) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+On systems running 10.0-BETA1 (and ONLY systems running 10.0-BETA1), run
+the following command before using freebsd-update in order to fix it
+enough that it can update itself:
+
+# sed -i '' -e 's/%@/%~@/' /usr/sbin/freebsd-update
+
+VI. Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r257192
+releng/8.3/ r257194
+releng/8.4/ r257194
+stable/9/ r257192
+releng/9.1/ r257194
+releng/9.2/ r257194
+stable/10/ r257153
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-13:04.freebsd-update.asc
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJSbCKSAAoJEO1n7NZdz2rnes0P/ifRGR4Iak0mCzk9oMEzUBGE
+wrjcICt0azsnTHVuRR4ZOzxcRGliY32T36xPvc67nzJYI0KCcnKHurxALg8fmBdM
++OJCkcm8r1jFiaj7i4zxlKFfHtrrFnQe6OP4fVndB8nDjLqWzXcjLjZBZaXPM7Pp
+kWkmyyJN+Hk1ih3lXyPJ9y9YTcvoPmbrIezsHqurBPKPV8dizfp2jR8OmW25koqH
+26Dkt3d2KVXcrPJdTn8LE02as/zSK7s52IMJ0dgPv1/MkxxJBKDddz3x0o1rZUyM
+FdMyISp04zguFg8zZITIuUKDp+N+HrY5cIiBEOHXSWXTM1uXFXrq+P+/kjYxHHZK
+MJG0hi6F5RRooHPHTelZ7kKGVqPMnyT/Wo4bitfHzq5kqa6eys9rbsn5WUQkM7YL
+R4HYE90fwdphIVpEy38/kOAEEjJg/8vwVItS51AqhAtVMCamR65zV2RCNobUDKWJ
+oCjR+OgML5a75VwIhyy/kLaZlPB2nxb8KK3s2iVPDvFj0C368pEkRWz1kLmrc99P
+YkyLAZlEGL3WV6hEh/qlM81fTJHLjahNyQAOZeK8qIORhl8zABAq+Ce7XsWFJI9T
+FGjKvCSjiF3t3G2jRk9pjclXhliJrYJd1Cj9HqtvYdxEN3fEM23pfnsZqR8n0Vlr
+jX7rZ0kgqqZY8/O6AeSH
+=1thb
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-13:04/freebsd-update.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-13:04/freebsd-update.patch Sat Oct 26 20:21:27 2013 (r43044)
@@ -0,0 +1,78 @@
+Index: usr.sbin/freebsd-update/freebsd-update.sh
+===================================================================
+--- usr.sbin/freebsd-update/freebsd-update.sh
++++ usr.sbin/freebsd-update/freebsd-update.sh
+@@ -1200,7 +1200,7 @@
+ # Some aliases to save space later: ${P} is a character which can
+ # appear in a path; ${M} is the four numeric metadata fields; and
+ # ${H} is a sha256 hash.
+- P="[-+./:=%@_[[:alnum:]]"
++ P="[-+./:=%@_[~[:alnum:]]"
+ M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+"
+ H="[0-9a-f]{64}"
+
+@@ -2814,16 +2814,24 @@
+
+ # If we haven't already dealt with the world, deal with it.
+ if ! [ -f $1/worlddone ]; then
++ # Create any necessary directories first
++ grep -vE '^/boot/' $1/INDEX-NEW |
++ grep -E '^[^|]+\|d\|' > INDEX-NEW
++ install_from_index INDEX-NEW || return 1
++
+ # Install new shared libraries next
+ grep -vE '^/boot/' $1/INDEX-NEW |
+- grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
++ grep -vE '^[^|]+\|d\|' |
++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
+ install_from_index INDEX-NEW || return 1
+
+ # Deal with everything else
+ grep -vE '^/boot/' $1/INDEX-OLD |
+- grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD
++ grep -vE '^[^|]+\|d\|' |
++ grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD
+ grep -vE '^/boot/' $1/INDEX-NEW |
+- grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
++ grep -vE '^[^|]+\|d\|' |
++ grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
+ install_from_index INDEX-NEW || return 1
+ install_delete INDEX-OLD INDEX-NEW || return 1
+
+@@ -2844,11 +2852,11 @@
+
+ # Do we need to ask the user to portupgrade now?
+ grep -vE '^/boot/' $1/INDEX-NEW |
+- grep -E '/lib/.*\.so\.[0-9]+\|' |
++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' |
+ cut -f 1 -d '|' |
+ sort > newfiles
+ if grep -vE '^/boot/' $1/INDEX-OLD |
+- grep -E '/lib/.*\.so\.[0-9]+\|' |
++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' |
+ cut -f 1 -d '|' |
+ sort |
+ join -v 1 - newfiles |
+@@ -2868,11 +2876,20 @@
+
+ # Remove old shared libraries
+ grep -vE '^/boot/' $1/INDEX-NEW |
+- grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
++ grep -vE '^[^|]+\|d\|' |
++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
+ grep -vE '^/boot/' $1/INDEX-OLD |
+- grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD
++ grep -vE '^[^|]+\|d\|' |
++ grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD
+ install_delete INDEX-OLD INDEX-NEW || return 1
+
++ # Remove old directories
++ grep -vE '^/boot/' $1/INDEX-OLD |
++ grep -E '^[^|]+\|d\|' > INDEX-OLD
++ grep -vE '^/boot/' $1/INDEX-OLD |
++ grep -E '^[^|]+\|d\|' > INDEX-OLD
++ install_delete INDEX-OLD INDEX-NEW || return 1
++
+ # Remove temporary files
+ rm INDEX-OLD INDEX-NEW
+ }
Added: head/share/security/patches/EN-13:04/freebsd-update.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-13:04/freebsd-update.patch.asc Sat Oct 26 20:21:27 2013 (r43044)
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJSbCKVAAoJEO1n7NZdz2rnETwQAOMV7xt2OlnEdtppHyG7F5vj
+Kyii95jtZzgdvxh33EpVjqxc/Wo8pLgmciA2tP3K6M9qwbz8B6Hc2HxMyouV1LF2
+WUoJlmZTIZCdXF1RAPndBjvze+15kD7dGPPPfA7pJWN+07p7CZEUTHBoZ94q6u3y
+JlEEAjlXtYvWVJCrd2olIN0xwqNDL1AfywMOBKbfTN+NQiYr4hhPnnA33Fb+gyjK
+JpEZuCJ1p5caQWLRGn7L2Ro+y32MPSujOW8P0It5xTvGNjtSVYU09ZQPKFgdvD0L
+yNSJdSXLKfdpF9fLeUR2Ahwvdnao8BSMfPi2LP3g9sfapw40wP8/s8B7gCXp6wk7
+vl3ZhyqMC53O+kgHxMnbrTB1EK9q6vQ3tEhqUu3caGaCy5zqGxv49WMzNYSYxGcf
+8Kqvmab65YRrB7UY8wo6Sqc3tWqfP4VwWv+eljMeDgvbwcPZ3L7oAMfSZfyPfiYK
+OfR2JNWgutt6rqre5QixN3c+QsIPlpb9UUgOaoS22iveA0h8FmbOeWGyZ7Rwm6Bd
+6VKO+aHiSbumr9/LPVGBxYI63dWkcRj4NZEG/B6eV3wqUJufCEzrRecbJflIEXOJ
+jPg61eMA0ua+y+17D9RVkUqL9rrnhF18YfOh1JAkSzMP2J8NCEtW2ol02QAnlLDc
+Vv5c44zu0PyqRqtvK5sJ
+=QsbS
+-----END PGP SIGNATURE-----
Modified: head/share/xml/notices.xml
==============================================================================
--- head/share/xml/notices.xml Sat Oct 26 18:07:50 2013 (r43043)
+++ head/share/xml/notices.xml Sat Oct 26 20:21:27 2013 (r43044)
@@ -8,6 +8,18 @@
<name>2013</name>
<month>
+ <name>10</name>
+
+ <day>
+ <name>26</name>
+
+ <notice>
+ <name>FreeBSD-EN-13:04.freebsd-update</name>
+ </notice>
+ </day>
+ </month>
+
+ <month>
<name>8</name>
<day>
More information about the svn-doc-all
mailing list