doc/share/security/advisories/FreeBSD-EN-12:01.freebsd-update.asc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-EN-12:01.freebsd-update                                 Errata Notice
                                                          The FreeBSD Project

Topic:          freebsd-update support for FreeBSD 9.0-RELEASE

Category:       core
Module:         freebsd-update
Announced:      2012-01-04
Affects:        All versions of FreeBSD prior to 9.0-RC2.
Corrected:      2011-10-26 20:07:58 UTC (RELENG_7, 7.4-STABLE)
                2012-01-04 23:47:20 UTC (RELENG_7_4, 7.4-RELEASE-p6)
                2012-01-04 23:47:20 UTC (RELENG_7_3, 7.3-RELEASE-p10)
                2011-10-26 20:06:27 UTC (RELENG_8, 8.2-STABLE)
                2012-01-04 23:47:20 UTC (RELENG_8_2, 8.2-RELEASE-p6)
                2012-01-04 23:47:20 UTC (RELENG_8_1, 8.1-RELEASE-p8)
                2011-10-26 20:01:43 UTC (RELENG_9, 9.0-RC2)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.

I.   Background

freebsd-update(8) allows system administrators to install binary updates to
the base FreeBSD install, as distributed by the FreeBSD Project.

II.  Problem Description

freebsd-update in affected releases is unable to perform an automated upgrade
to FreeBSD 9.0 due to unsupported characters in FreeBSD 9.0 filenames.  When
this bug is triggered, updates fail with the following error message:

  The update metadata is correctly signed, but
  failed an integrity check.
  Cowardly refusing to proceed any further.

III. Impact

Affected systems are unable to update from affected releases to FreeBSD 9.0
using freebsd-update.

IV.  Workaround

No workaround is available.

V.   Solution

Perform one of the following:

1) For FreeBSD 7.x, upgrade your system to 7-STABLE, or to the RELENG_7_4 or
  RELENG_7_3 security branch dated after the correction date.  For FreeBSD
  8.x, upgrade your system to 8-STABLE, or to the RELENG_8_1 or RELENG_8_2
  security branch dated after the correction date.

2) To patch your present system:

The following patches have been verified to apply to FreeBSD 7.3, 7.4, 8.1,
and 8.2 systems.

a) Download the relevant patch from the location below, and verify the
   detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/EN-12:01/freebsd-update.patch
# fetch http://security.FreeBSD.org/patches/EN-12:01/freebsd-update.patch.asc

b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/usr.sbin/freebsd-update
# make obj && make && make install

3) To update your affected system via a binary patch:

Systems running 7.3-RELEASE, 7.4-RELEASE, 8.1-RELEASE, or 8.2-RELEASE on the
i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

CVS:

Branch                                                           Revision
  Path
- -------------------------------------------------------------------------
RELENG_7
  src/usr.sbin/freebsd-update/freebsd-update.sh                   1.8.2.7
RELENG_7_4
  src/UPDATING                                             1.507.2.36.2.8
  src/sys/conf/newvers.sh                                  1.72.2.18.2.11
  src/usr.sbin/freebsd-update/freebsd-update.sh               1.8.2.5.4.2
RELENG_7_3
  src/UPDATING                                            1.507.2.34.2.12
  src/sys/conf/newvers.sh                                  1.72.2.16.2.14
  src/usr.sbin/freebsd-update/freebsd-update.sh               1.8.2.5.2.2
RELENG_8
  src/usr.sbin/freebsd-update/freebsd-update.sh                  1.16.2.6
RELENG_8_2
  src/UPDATING                                             1.632.2.19.2.8
  src/sys/conf/newvers.sh                                  1.83.2.12.2.11
  src/usr.sbin/freebsd-update/freebsd-update.sh              1.16.2.4.2.2
RELENG_8_1
  src/UPDATING                                            1.632.2.14.2.11
  src/sys/conf/newvers.sh                                  1.83.2.10.2.12
  src/usr.sbin/freebsd-update/freebsd-update.sh              1.16.2.3.2.2
RELENG_9
  src/usr.sbin/freebsd-update/freebsd-update.sh                  1.25.2.2
- -------------------------------------------------------------------------

Subversion:

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/7/                                                         r226813
releng/7.4/                                                       r229539
releng/7.3/                                                       r229539
stable/8/                                                         r226812
releng/8.2/                                                       r229539
releng/8.1/                                                       r229539
stable/9/                                                         r226811
- -------------------------------------------------------------------------

VII. References

The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-12:01.freebsd-update.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)

iEYEARECAAYFAk8E5YQACgkQFdaIBMps37LeTACeKYRkY5s+Iy+JCf/Zc3yvKSLD
2RsAnRsmN3gCPYglNjwkhJctdkLdGULh
=6LzH
-----END PGP SIGNATURE-----