os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/advisories/FreeBSD-EN-14:04.kldxref.asc
Xin LI 6705d61482 Add the latest advisory and 3 new errata notices: 
Fix OpenSSL NULL pointer deference vulnerability. [SA-14:09]

  Add pkg bootstrapping, configuration and public keys. [EN-14:03]
  Improve build repeatability for kldxref(8). [EN-14:04]
  Fix data corruption with ciss(4). [EN-14:05]
2014-05-13 23:55:52 +00:00

127 lines
4.7 KiB
Text
Raw Blame History

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-14:04.kldxref Errata Notice
The FreeBSD Project
Topic: Build repeatability for kldxref(8)
Category: core
Module: kldxref
Announced: 2014-05-13
Credits: Jilles Tjoelker
Affects: All versions of FreeBSD prior to 10.0-RELEASE.
Corrected: 2014-05-13 23:35:29 UTC (stable/8, 8.4-STABLE)
2014-05-13 23:24:32 UTC (releng/8.4, 8.4-RELEASE-p10)
2013-12-23 22:38:41 UTC (stable/9, 9.2-STABLE)
2014-05-13 23:24:14 UTC (releng/9.2, 9.2-RELEASE-p6)
2014-05-13 23:24:14 UTC (releng/9.1, 9.1-RELEASE-p13)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.
I. Background
The kldxref utility is used to generate hint files which list modules, their
version numbers, and the files that contain them. These hints are used by
the kernel loader to determine where to find a particular KLD module.
II. Problem Description
Previous versions of kldxref(8) do not use an ordered list of files when
generating the hints file. The result of kldxref(8) is equivalent but not
the same if file system layout have been changed.
III. Impact
The generated hint files can be different across different builds, making
unnecessary downloads for binary patch files.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-14:04/kldxref.patch
# fetch http://security.FreeBSD.org/patches/EN-14:04/kldxref.patch.asc
# gpg --verify kldxref.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
3) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r265990
releng/8.4/ r265989
stable/9/ r259799
releng/9.1/ r265988
releng/9.2/ r265988
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-14:04.kldxref.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBCgAGBQJTcq5IAAoJEO1n7NZdz2rnmPgP/iPAKX2lIGwRXkrYFbNPEBSz
+Tehkgw/ReNG0iaAJql/p0LrxyGUoCwE2rpTJxxC8KB9X8Eq74DhjSNpdYaE12E2
YFMyIyAb1b6wqU34Q7DsR9oPhqIcb9yET2dEg+s5NVSWfC7AMWdvvaJjjxtLgG4L
M9yksDAKs3AJOHEVEtluy7Do8A5W/6b5SHXENbG+AUUBtwnDBKcs9riXic/TQ1WB
vJzHwAJVznQ03bnxqjuG+gZoej6xUHusX+ih87ioKiJrcZ/5szq2C6LIUnRnAA66
6b/szBJ3gRBweOKeopESIcZfwaLCd53EX9/r9vqAfXK6+3uqoIXzkZCyzo+cgSwa
+88SmZ3/4dao24JPoLbVupIyU0CJjmoLsV9jVCrC/fbkUFTxq7Cgbxeai3rmrpXC
p11FXPJd4cOgwuQYUw3rowtoq8z8Wn3PI073SzwT2OZg4SgXRUn+FzGpMWwqbWoa
1idQ9KSM/pFkoa7bdK5S7mYtp7jU9HQeiTXZYYF1S3URr2XpE1vyUFVOuDJpGkkW
KIT/hdy02wGzPPGjQoFkSR2KpUmJr2zHhVSUdt7a8vvYhbZBR21sBIUNKSoWkYtC
2CQXF4pFBHO/i79RiEU+2E1CKWpsqoHnvnKNRq3Bp54aaU9xa4YcRwRJ7lj9RALm
+igNrZJMo3yw3gs89uGp
=W4to
-----END PGP SIGNATURE-----
Reference in a new issue View git blame Copy permalink