Martin Simmons
2016-Aug-22 14:15 UTC
Unexplained update to /boot/boot1.efi and 2 others by freebsd-update
Running freebsd-update to convert 10.1-RELEASE-p36 to -p37 updates 3 efi files in /boot, but they are not mentioned in any security advisory or errata notice that I can find and no corresponding source files are updated. This is repeatable on several unrelated systems so I don't think my files have been corrupted. Is this expected? # freebsd-version -u 10.1-RELEASE-p36 # freebsd-update fetch Looking up update.FreeBSD.org mirrors... 4 mirrors found. Fetching metadata signature for 10.1-RELEASE from update4.freebsd.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. The following files are affected by updates, but no changes have been downloaded because the files have been modified locally: /etc/ntp.conf The following files will be updated as part of updating to 10.1-RELEASE-p37: /bin/freebsd-version /boot/boot1.efi /boot/boot1.efifat /boot/loader.efi /usr/bin/bspatch /usr/sbin/freebsd-update /usr/src/sys/conf/newvers.sh /usr/src/usr.bin/bsdiff/bspatch/bspatch.c /usr/src/usr.sbin/freebsd-update/freebsd-update.sh __Martin
Gleb Smirnoff
2016-Aug-23 00:28 UTC
Unexplained update to /boot/boot1.efi and 2 others by freebsd-update
Martin, On Mon, Aug 22, 2016 at 03:15:47PM +0100, Martin Simmons wrote: M> Running freebsd-update to convert 10.1-RELEASE-p36 to -p37 updates 3 efi files M> in /boot, but they are not mentioned in any security advisory or errata notice M> that I can find and no corresponding source files are updated. This is M> repeatable on several unrelated systems so I don't think my files have been M> corrupted. M> M> Is this expected? The freebsd-update build code attempts to extract and ignore timestamps in order to determine whether files are 'really' changing between builds; unfortunately these particular files contain a build artifact which the freebsd-update code was not able to handle, thus resulting in them being incorrectly identified as needing to be distributed. So, this shouldn't have happened. But don't worry the files aren't forged and they do originate from the official freebsd-update server. -- Totus tuus, Glebius.