Copyright 2024 - CSIM - Asian Institute of Technology

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:13.freebsd-update
From: FreeBSD Errata Notices <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Wed, 24 Dec 2014 00:33:32 +0100 (CET)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-14:13.freebsd-update                                 Errata Notice
                                                          The FreeBSD Project

Topic:          freebsd-update attempts to remove the root directory

Category:       base
Module:         freebsd-update
Announced:      2014-12-23
Credits:        Colin Percival
Affects:        All supported versions of FreeBSD.
Corrected:      2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)
                2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)
                2014-12-22 22:11:39 UTC (stable/10, 10.0-STABLE)
                2014-12-22 22:11:50 UTC (stable/9, 9.3-STABLE)
                2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)
                2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)
                2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)
                2014-12-22 22:11:45 UTC (stable/8, 8.4-STABLE)
                2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.

I.   Background

The freebsd-update(8) utility is used to apply binary patches to FreeBSD
systems installed from official release images, as an alternative to
rebuilding from source.  A freebsd-update(8) build server generates the
signed update packages, consisting of an index of files and directories
with checksums before the update, a set of binary patches, and an
index of files and directories with checksums after the update.  The
client downloades the indexes, verifies the signatures and checksums,
then downloads and applies the required patches.

The freebsd-update(8) utility views the system as a set of components:
"world", "kernel" and "src".  The "world" component is divided into
four subcomponents: "base", "doc", "lib32" and "games".  These
components and subcomponents correspond to six of the seven system
components offered during installation (the seventh being ports, which
is handled by the portsnap utility).

II.  Problem Description

1) The default configuration for freebsd-update(8) has all six
   components enabled.  Components which are not installed should be
   disabled in the configuration file.  Failing to do so is normally
   harmless, as the freebsd-update(8) client will ignore instructions
   to patch files that do not exist on the system.  However, if an
   update adds a file, it will be installed even if it belongs to
   a component which was not previously installed.

   Due to human error, the world/lib32 component, containing 32-bit
   compatibility libraries for 64-bit systems, was left out of the
   freebsd-update(8) server's baseline for FreeBSD 10.1-RELEASE.  As a
   result, the freebsd-update(8) client removed these libraries when
   upgrading a system from an earlier release.  The 32-bit libraries
   were re-added as part of the first set of updates released after
   the mistake was discovered.

2) Under certain circumstances, it is possible for the freebsd-update(8)
   build server to generate an update package requiring the client to
   both remove and create the same directory.  The client will normally
   detect this situation and ignore the conflicting instructions.

   Due to insufficient input normalization, if the directory being
   both removed and created is the root directory, the freebsd-update(8)
   client will fail to recognize that both instructions refer to the
   same directory.  It will then attempt and fail to 'rmdir /',
   producing an error message.

III. Impact

The first issue will cause freebsd-update(8) to install 32-bit libraries
on 10.1 systems where they were intentionally left out during installation
but /etc/freebsd-update.conf was not edited to reflect this.

The second issue, which is triggered by the addition of lib32, will
result in a harmless but disconcerting error message when installing
updates.

IV.  Workaround

The first issue is strictly speaking a configuration error.  To
address it, update /etc/freebsd-update.conf to reflect the set of
components that are installed on the system.  Specifically, replace
"world" on the Components line with "world/base", and add "world/doc"
and / or "world/games" if those those components were selected during
installation.

The second issue is harmless and can safely be ignored.  A workaround
has been put in place on the freebsd-update(8) build server so the error
will not occur while installing the update that corrects it.

Systems which are updated from source rather than using freebsd-update(8)
are not affected.

V.   Solution

Perform one of the following:

1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

2) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

3) To update your present system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-14:13/freebsd-update.patch
# fetch https://security.FreeBSD.org/patches/EN-14:13/freebsd-update.patch.asc
# gpg --verify freebsd-update.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/freebsd-update.patch

c) Rebuild and reinstall the freebsd-update(8) client:

# cd /usr/src/usr.sbin/freebsd-update
# make && make install

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/8/                                                         r276089
releng/8.4/                                                       r276154
stable/9/                                                         r276090
releng/9.1/                                                       r276155
releng/9.2/                                                       r276156
releng/9.3/                                                       r276157
stable/10/                                                        r276088
releng/10.0/                                                      r276158
releng/10.1/                                                      r276159
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

The latest revision of this Errata Notice is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-14:13.freebsd-update.asc>
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUmfVpAAoJEO1n7NZdz2rnbgkP/1XSnED0ly1kjGuK5g+148YW
gHsB0oiJ3E3qGMHl0Z3E8HSl3XA4f+rMkEM6Ez/cADlzLbWsQFo0HXaT/bEandq4
OmmJF5cvWzOpk4Zc9svae5zfoCWqpMCderHoUyfF+GIjxOwES5Ga7Fj8kxiGuSlg
WPWNoSJJnBcDLabNH4XiFo6S3OP21oJS1D9U0jlcIzknf5t+TDXwj4xM+fr1lqh2
sRmkqSkRFNQga7RN323gocX9u7wP/ePsKiAPUFLAj/gYYJVTOtfz2gwgHNg9tC2O
7T1VkbpTNvnbqz3J/bUza2jExyUuFsZpS1uFrbY0eKXRQpKSyMMUYV1sPz9g6fTV
At1kYsnsOdXkSV47zMdXTVbunO/EGsM0JSwHBIFaLfXbq1edT/SNgh/QN6s4Zehz
ZD3YUIjD062wVJW+ZRjIgTpPo9tG1vA70hmG5DKbjawF3dVg0W3ypgGRJYkjJmh2
zwSyz6V5XwtP/f5A8tw0uo6KqbO8GPDL/c2dOww79Up/9jCiqep5uNdMhnsL3w17
DRhuIluQlGMIkU7uizZWGqETW3Ok8/CVAznphJEvgXWknbr/trbAmyACdXdFwKkD
Q+oH9U+H+qA5evbC4jGpwCWN2vYZnN+gqImv/ArYxhAOt+zWQqRedFaUZdJmbzwV
fGqk6qlqwPs2F8V/VGg0
=CMmV
-----END PGP SIGNATURE-----
_______________________________________________
This email address is being protected from spambots. You need JavaScript enabled to view it. mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "This email address is being protected from spambots. You need JavaScript enabled to view it."

Powered by: MHonArc

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology