FreeBSD Errata Notices
2015-Feb-25 06:30 UTC
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:03.freebsd-update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================FreeBSD-EN-15:03.freebsd-update Errata Notice The FreeBSD Project Topic: freebsd-update updates libraries in suboptimal order Category: base Module: freebsd-update Announced: 2015-02-25 Credits: Brooks Davis Affects: All supported versions of FreeBSD. Corrected: 2015-02-09 09:22:47 UTC (stable/10, 10.1-STABLE) 2015-02-25 05:56:16 UTC (releng/10.1, 10.1-RELEASE-p6) 2015-02-25 05:56:16 UTC (releng/10.0, 10.0-RELEASE-p18) 2015-02-09 09:45:58 UTC (stable/9, 9.3-STABLE) 2015-02-25 05:56:54 UTC (releng/9.3, 9.3-RELEASE-p10) 2015-02-09 10:09:46 UTC (stable/8, 8.4-STABLE) 2015-02-25 05:56:54 UTC (releng/8.4, 8.4-RELEASE-p24) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.freebsd.org/>. I. Background The freebsd-update(8) utility is used to apply binary patches to FreeBSD systems installed from official release images, as an alternative to rebuilding from source. A freebsd-update(8) build server generates the signed update packages, consisting of an index of files and directories with checksums before the update, a set of binary patches, and an index of files and directories with checksums after the update. The client downloads the indexes, verifies the signatures and checksums, then downloads and applies the required patches. II. Problem Description In general, the runtime linker needs to be updated before all other libraries, including the standard C library (libc) and the threading library (libthr), because these libraries depend on functionality of the runtime linker. Before this update, the freebsd-update(8) utility did not enforce this ordering requirement and would replace libthr (and all other libraries) before updating the runtime linker. A recent change to the FreeBSD threading library that would prevent a deadlock in a child process requires a NULL pointer test in the runtime linker (/libexec/ld-elf.so.1) be in place. Since previous versions of the runtime linker do not have this test, processes will crash due to a NULL pointer deference. III. Impact If a name-service switch module linked to the threading library -- such as ldap or winbind -- was configured to provide passwd or group services in /etc/nsswitch.conf, then all attempts to look up a user or group by name after the threading library was updated would result in a crash. Most obviously, all further install(1) invocations by freebsd-update(8) will crash, leaving the system partially updated and largely unusable. IV. Workaround Disabling any name-service switch modules linked to libthr prior to running the freebsd-update(8) 'upgrade' command works around the issue. These modules include, but are not limited to, ldap and winbind. V. Solution The freebsd-update(8) utility has been updated to install the runtime linker before any libraries. You MUST upgrade systems prior to 10.1 to address this errata notice before updating to 10.1 or later using freebsd-update(8). Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/EN-15:03/freebsd-update.patch # fetch https://security.FreeBSD.org/patches/EN-15:03/freebsd-update.patch.asc # gpg --verify freebsd-update.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r278446 releng/8.4/ r279265 stable/9/ r278444 releng/9.3/ r279265 stable/10/ r278443 releng/10.0/ r279264 releng/10.1/ r279264 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References The latest revision of this Errata Notice is available at https://security.FreeBSD.org/advisories/FreeBSD-EN-15:03.freebsd-update.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.1 (FreeBSD) iQIcBAEBCgAGBQJU7WjDAAoJEO1n7NZdz2rnkNkQAOJU6l5aKWWwvxU+Bxwc/zV5 DcmGnL+7b/dN2zKdRVz6N54vuFnoUsXMd5EobxdC5MX31Yn/GnL5dQMbJDNAEL8D I6jYdqf7PQL3v+EBiOFNazjeRbx5EM2gNLfwozv5LHKxER5ggmalmmf168Se4cRX V+v2i28lCvAgOu3hXLd5gKQ3s8dNh2t/uxWI+fS3Sl6bitC0xVsXFEpTc8qIaJEu cbVmedRQEoSnQPLdpoSgbmQpjp6/45l/UtLZpK7Cr7h8BHS9wtKdWjjkNL/wyF5j 3p2yanr6koT3P1iAhBJFE/3Dw4h5PlvWH56LP4PJmACuxU02AYrjc/ZVX1IL6bLt 9AuO8W28DTi6q9q8xy+XHcYXuDS4PF3oCDZ92m2iZMHcO747q8UQdKkgCEUfIZ2n L79Dfkkx0uSmp4FIc1f/T6gDiBkZFRfs4stHRrm9K6nbyvFCAczj8wTUQPDjDUGw zGH1jN9r/I3mHi3FREd0+w++BYZproepf4yfv5c/UJN9P88vCBAZZqlS1kkxYGUz jOwzsF/MkpMWW16Xp58f7uwGTVZNTLzoq0r2GTln2R9fQAoQNrJYcBiW48MPSlQe wef9nRhC8BPOSI70dl5r16/lOu4IuBqwBFiY8QzzDc/DABmaDUQrhLRp+VDHqFeL taJCUogXb0n1CFub4f9P =J5C+ -----END PGP SIGNATURE-----