os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/advisories/FreeBSD-EN-07:05.freebsd-update.asc
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

145 lines
5.4 KiB
Text
Raw Blame History

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-EN-07:05.freebsd-update Errata Notice
The FreeBSD Project
Topic: FreeBSD Update problems updating SMP kernels
Category: core
Module: usr.sbin
Announced: 2007-03-15
Affects: FreeBSD 6.2
Corrected: 2007-03-08 05:43:12 UTC (RELENG_6, 6.2-STABLE)
2007-03-15 08:06:11 UTC (RELENG_6_2, 6.2-RELEASE-p3)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.
I. Background
FreeBSD Update is a system for building, distributing, and installing
binary security and errata updates to the FreeBSD base system. Starting
with FreeBSD 6.2-RELEASE, the FreeBSD Update client software,
freebsd-update(8), has been included in the FreeBSD base system.
II. Problem Description
Due to a programming error in the FreeBSD Update client, kernels built
from the default SMP kernel configuration (including those distributed
as part of the release) are not correctly identified as such. On the
i386 platform, they are not recognized; on the amd64 platform, they are
mis-identified as GENERIC kernels.
III. Impact
On the i386 platform, if a system is running a kernel built from the
default SMP kernel configuration, and this kernel is installed somewhere
other than /boot/SMP/kernel, the FreeBSD Update client will not download
and install updates for it.
On the amd64 platform, if a system is running a kernel built from the
default SMP kernel configuration, and this kernel is installed somewhere
other than /boot/SMP/kernel, the FreeBSD Update client will replace it
with a kernel built from the GENERIC (single-processor) kernel
configuration.
IV. Workaround
As described in Security Advisories and Errata Notices, it is possible to
update FreeBSD systems by applying source code patches and rebuilding the
affected components.
Note that systems which are not running SMP kernels are not affected.
Note also that this problem applies only to FreeBSD 6.2 systems using the
FreeBSD Update client distributed as part of the FreeBSD base system.
The FreeBSD Update client distributed as security/freebsd-update in the
FreeBSD Ports Collection is not affected.
V. Solution
Perform one of the following:
1) Upgrade your affected system to 6-STABLE or to the RELENG_6_2 errata
branch dated after the correction date.
2) To patch your present system:
The following patch has been verified to apply to FreeBSD 6.2 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-07:05/freebsd-update.patch
# fetch http://security.FreeBSD.org/patches/EN-07:05/freebsd-update.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/usr.sbin/freebsd-update/
# make obj && make && make install
V.1. IMPORTANT NOTES to users of FreeBSD Update:
a) i386 systems:
It is possible that past kernel updates have not been downloaded and
installed by FreeBSD Update. To ensure that all available updates have
been installed, run FreeBSD Update twice; first to download and install
an updated FreeBSD Update client, and second to download and install any
updates which were missed earlier.
b) amd64 systems:
It is possible that systems which were initially installed with an SMP
kernel have been "updated" by replacing the kernel with a GENERIC kernel.
To see which kernel is running, run
# sysctl kern.smp.maxcpus
which will report either 1 (GENERIC kernel) or 16 (SMP kernel). (Note
that `uname -i`, the standard mechanism for determining a kernel ident,
returns "GENERIC" on both amd64 GENERIC and SMP kernels.)
If FreeBSD Update has replaced an SMP kernel by a GENERIC kernel,
repeatedly run
# freebsd-update rollback
and reboot until the system is running an SMP kernel.
Once you have verified that the system is running the correct kernel, run
FreeBSD Update twice *without rebooting*. The first time FreeBSD Update
is run it might replace an SMP kernel with a GENERIC kernel; but on the
second run (after an updated FreeBSD Update client is installed, and as
long as the system has not been rebooted into the wrong kernel) it will
download the correct kernel.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
src/usr.sbin/freebsd-update/freebsd-update.sh 1.2.2.4
RELENG_6_2
src/UPDATING 1.416.2.29.2.6
src/sys/conf/newvers.sh 1.69.2.13.2.6
src/usr.sbin/freebsd-update/freebsd-update.sh 1.2.2.2.2.2
- -------------------------------------------------------------------------
VII. References
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-07:05.freebsd-update.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
iD8DBQFF+pUJFdaIBMps37IRAo+tAKCTwLNoR2C+ACCfQ8LNm7UKJ/K2egCgh2aS
GPNjhwdxwSbjhzNPs4aidwo=
=K+Fo
-----END PGP SIGNATURE-----
Reference in a new issue View git blame Copy permalink