Add two recent errata notices.

svn path=/head/; revision=46693

share/security/advisories/FreeBSD-EN-15:04.freebsd-update.asc

@@ -0,0 +1,156 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:04.freebsd-update                                 Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          freebsd-update(8) does not ensure the previous upgrade was
+                completed
+
+Category:       core
+Module:         freebsd-update
+Announced:      2015-05-13
+Credits:        Allan Jude
+Affects:        All supported versions of FreeBSD.
+Corrected:      2015-05-13 22:36:00 UTC (stable/10, 10.1-STABLE)
+                2015-05-13 22:52:35 UTC (releng/10.1, 10.1-RELEASE-p10)
+                2015-05-13 22:36:52 UTC (stable/9, 9.3-STABLE)
+                2015-05-13 22:52:51 UTC (releng/9.3, 9.3-RELEASE-p14)
+                2015-05-13 22:39:29 UTC (stable/8, 8.4-STABLE)
+                2015-05-13 22:52:51 UTC (releng/8.4, 8.4-RELEASE-p28)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I.   Background
+
+The freebsd-update(8) utility is used to apply binary patches to FreeBSD
+systems installed from official release images, as an alternative to
+rebuilding from source.  A freebsd-update(8) build server generates the
+signed update packages, consisting of an index of files and directories
+with checksums before the update, a set of binary patches, and an
+index of files and directories with checksums after the update.  The
+client downloads the indexes, verifies the signatures and checksums,
+then downloads and applies the required patches.
+
+II.  Problem Description
+
+Binary upgrades using the freebsd-update(8) utility consist of several
+invocations of the freebsd-update(8) utility itself.  Each invocation
+performs a different task that depends on the previous invocation being
+successfully completed.
+
+If an upgrade is not thoroughly completed, it is possible for the
+freebsd-update(8) utility to download a subsequent patchset to a system
+with an inconsistent userland and/or kernel.  In the case of such an
+incomplete upgrade, the freebsd-update(8) utility may incorrectly
+evaluate the running userland and/or kernel, which can cause binary
+patches to be incorrectly applied.  In some situations, it is possible
+for patches to be applied for the incorrect FreeBSD version.
+
+III. Impact
+
+If incorrect patches are applied to the system as a result of a previous
+incomplete upgrade, it is possible that some system services may fail to
+start after rebooting the system, such as if the service is started by an
+executable that depends on a shared library that has been relocated as
+part of the upgrade.
+
+IV.  Workaround
+
+No workaround is available, but systems that do not use FreeBSD-provided
+binary updates to upgrade are not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 9.3 and 10.1]
+# fetch https://security.FreeBSD.org/patches/EN-15:04/freebsd-update.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:04/freebsd-update.patch.asc
+# gpg --verify freebsd-update.patch.asc
+
+[FreeBSD 8.4]
+# fetch https://security.FreeBSD.org/patches/EN-15:04/freebsd-update-8.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:04/freebsd-update-8.patch.asc
+# gpg --verify freebsd-update-8.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/8/                                                         r282872
+releng/8.4/                                                       r282874
+stable/9/                                                         r282871
+releng/9.3/                                                       r282874
+stable/10/                                                        r282870
+releng/10.1/                                                      r282873
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/196760>
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:04.freebsd-update.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.2 (FreeBSD)
+
+iQIcBAEBCgAGBQJVU9dbAAoJEO1n7NZdz2rnCewQAM51TcFY4IZvSJbSe5RLDGRr
+4KsAwkgNW45Z+iUjvg5wnnkXZYau1fadMyQilbrKLk9d0MY1dQlJ7lW0Jkk9q+Oq
+JhXjanQYvIZKK9eYi0gpVVqp9sN57dpv96ZP+CDiJX9FDow7OPGKmEiJgoavahpb
+kg5kOywjDEv/DkttLJgHHmEBK41Gad2Jrz16N6k7mlHFSpFmEGRefaqqPqmLdzs0
+t0liDFI+fIAYOOKgIDG8Gqe3FCqbhnAf3bmkU/gyJKf1o5vPWowo9O5CvGH+mHPl
+hmQBD70d+6kkv6ZH5RxMa38Vc3FpZXmaipdObJyoIoOjBw1UqEV6OwS+810xNDCx
+bwN5q8QP5l/M7SHDO1n/FyP8BVbk6TXVKJ1R+t1bsKd07synL12gVTe0VVm+w0rh
++TVdF7cFRWB1Rp3JFw7cGz47ZFv08AaZ3CzdoH9qCEKOTnJnkyW3L4hceTWjkF8H
+c5gas5Wp3UZeUZ2LT+LcB89W4LSn3Xv3y7AJDsVP9MGHSkjSDGIJKfWiXl/GWHql
+M/zT6WeraOZyOwNr4F9QFp1hYSxvR+Izh7C0nFefBNf8YID3/hiKYNjxkf5Dz+fN
+4A+RVt3COUteAeF5ikPVUiMfJljubingmN5NvTVmKQN6nRm5Pn6rrOouJqf3W0Mh
+QE8Ps/3y/Sw1e/m45snD
+=IdxG
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-EN-15:05.ufs.asc

@@ -0,0 +1,138 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:05.ufs                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Deadlock on reboot with UFS tuned with SU+J
+
+Category:       core
+Module:         ufs
+Announced:      2015-05-13
+Credits:        Konstantin Belousov
+Affects:        FreeBSD 10.1
+Corrected:      2015-04-10 02:23:44 UTC (stable/10, 10.1-STABLE)
+                2015-05-13 22:52:35 UTC (releng/10.1, 10.1-RELEASE-p10)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I.   Background
+
+The Unix File System (UFS) is one of several filesystems available on
+FreeBSD.  UFS supports several optimization features, such as soft updates
+and journaling, both of which keep track of filesystem metadata to ensure
+a consistent state in the event of a crash or power failure.
+
+II.  Problem Description
+
+When the root filesystem is configured with soft updates and journaling
+both enabled, which is the default for FreeBSD 10.1-RELEASE installations,
+the system may deadlock after a source-based or binary upgrade when the
+init(8) binary is replaced.  The deadlock occurs when issuing reboot(8)
+or shutdown(8), after which the system becomes unresponsive when syncing
+the filesystem.
+
+III. Impact
+
+When the deadlock occurs, a hard system reset or power cycle may be
+required.
+
+IV.  Workaround
+
+Systems that do not have soft updates and journaling enabled on a UFS root
+filesystem are unaffected.
+
+It is possible to work around the issue by waiting before issuing reboot(8)
+or shutdown(8) after upgrading the userland.  It has been observed that
+deferring the reboot(8) for a period of 60 seconds to be sufficient.  It is
+encouraged to issue several sync(8) commands during this period, to help
+ensure the filesystem writes have completed.
+
+Additionally, disabling soft update journaling on the root filesystem can
+also work around the issue.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-15:05/ufs.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:05/ufs.patch.asc
+# gpg --verify ufs.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/10/                                                        r281350
+releng/10.1/                                                      r282873
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/195458>
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:05.ufs.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.2 (FreeBSD)
+
+iQIcBAEBCgAGBQJVU9dbAAoJEO1n7NZdz2rn3JYP/2HeyHsGEAwl+1NCVLu/Eimj
+wl/jK7Pl2SMWCEAkynkP8Cs5ibCbtzA4SV1RP8OPCF42yQJmk/kzR0Rmuq+LboFC
+QGmus/0Q/JCXqabDEzNx7/tHibeJInveGDf4a4/rg38Q+zO7MYZFmGsWoFEC2RKn
+lEWb/kh5AxMagaj5lns4WHmo0TFlyOUFaJijGxXhHu3IFZwuZB60a5cXJ8OjBulk
+FO7uIcZ7OTP43y4VvvBsFV6bxeFyoMNF8tgB+dsBzatNQhl7yAxWMMEiDUNBEaqV
+mfjKZxHRkB+GGjQwv2Cq4463kNQvwknN9vms536fS7HuecFMITbyD37ySR3pSRoi
+KVGopfpDr0NWjn1/N7UyAsY+6CAYqpsilYvq2slBu2J/Aj6jCyDhPUTnjHKz1m91
+rdyBjkHod9XkLYqwCkJlWjIxnLxCDlv8vwUjOe2/TjCUFO6FIO6lgvCVkgekIlwG
+rPxx+bqfKSarQQSL6a4MWFFYwt79c292A3nodS0sLIL4YRNwQnFvuYVB/qxIWD1x
+ecKJmbL0bm3S1T/qWa89Xh55NWFKs0bxVmjQCWu84re/20+oWcaXFg8Oeqnq+xFV
+ke4EzbxhoU4KWzvsFbc+U+EZhTVLVlnjbAW073Z6QyykfBs2RhudUGB51T/3XB3I
+jAU8LNkMBjZhe7khLFLD
+=BTx0
+-----END PGP SIGNATURE-----