128 lines
4.6 KiB
Text
128 lines
4.6 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-17:02.yp Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: NIS master updates are not pushed to NIS slave
|
|
|
|
Category: core
|
|
Module: yppush, ypxfr
|
|
Announced: 2017-02-23
|
|
Credits: Mark Johnston
|
|
Affects: FreeBSD 11.0-RELEASE
|
|
Corrected: 2016-10-19 17:18:48 UTC (stable/11, 11.0-STABLE)
|
|
2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
yppush(8) and ypxfr(8) utilities are used to synchronize databases from
|
|
a master NIS server.
|
|
|
|
II. Problem Description
|
|
|
|
A bug present in FreeBSD 11.0 prevents these utilities from working
|
|
properly. In particular, an attempt to synchronize a non-empty map
|
|
causes yppush(8) to crash.
|
|
|
|
III. Impact
|
|
|
|
The problem prevents updates to a master NIS server from being propagated
|
|
to NIS slave servers.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available, but NIS configurations which do not make
|
|
use of NIS slave servers are unaffected.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date.
|
|
|
|
2) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
A reboot is not required. However, the system administrator may need to
|
|
manually run yppush(8) after the update have been applied on slave systems.
|
|
|
|
3) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
# fetch https://security.FreeBSD.org/patches/EN-17:02/yp.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-17:02/yp.patch.asc
|
|
# gpg --verify yp.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
A reboot is not required. However, the system administrator may need to
|
|
manually run yppush(8) after the update have been applied on slave systems.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/11/ r307642
|
|
releng/11.0/ r314125
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213506>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:02.yp.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v2.1.18 (FreeBSD)
|
|
|
|
iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujNcACgkQ7Wfs1l3P
|
|
aucX/Q/5AbGPtToi+NC4OB0sNJbCiJD5WOP7tmbNipDm5SGoItN+lXQSv+FN1wbF
|
|
9R4vhqBqDROE35PF9QUWdFb1qE4i37lD4DznK7r1urg3n7CWx5zcPYAz3PNA7FFX
|
|
IJixTM4fjhoWoKAWMLZhc+7+ez7HB83AZrExXDBFRnj7SvceJw6B//yCRB/he9l3
|
|
trE5yvUyAiSPylG5qfA6upsJftXsluajq0uQ/yD4iGfqT8nqjOrsd4z64S6+3wTT
|
|
lnZHyjNEfIqVQ81Lp9EIsqaU7pyvPrjRQqxsHI+rZO/2YVA/RDokeIcq6s+8GN76
|
|
/H7U8XoEuLFNq39s+fHOLTIPGjSM5PN1jqreoJTXnLFqpDtc2WI3W6cvMUY3lD2y
|
|
rW3jDrQOxKF8E9qD/wyi7Sa74cC4PduEe9F+fwNOf+gQUtd/NF+OcnSo0imUnmvU
|
|
VJy7FHSUQWZY7ZDW0L7CUT6IDBvIncUKlt1DX4b8M9GkX65FtXmd4risExxBlGDh
|
|
ikMD+qzCE8tlqzXKPzEmZNLgsAj0nJiZIcD6kMDORLNyzdI7AeqSazg6Pt70XstR
|
|
r+GjK1Hclp/lTqaEJLuBrkd2LJGI2Wcyp/nRZ6OifyduvRwk5vKPhQf792zqx+FK
|
|
0sZ1T7po0aop1sDFRDZKCHMRxxpKfd5BTxEyQ24v7GL02Dz/rVk=
|
|
=zlKa
|
|
-----END PGP SIGNATURE-----
|