info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Unexplained update to /boot/boot1.efi and 2 others by freebsd-update
1 view
Skip to first unread message
Martin Simmons
Aug 22, 2016, 10:26:38 AM8/22/16
to freebsd-...@freebsd.org
Running freebsd-update to convert 10.1-RELEASE-p36 to -p37 updates 3 efi files
in /boot, but they are not mentioned in any security advisory or errata notice
that I can find and no corresponding source files are updated. This is
repeatable on several unrelated systems so I don't think my files have been
corrupted.
Is this expected?
# freebsd-version -u
10.1-RELEASE-p36
# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.1-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.
The following files are affected by updates, but no changes have
been downloaded because the files have been modified locally:
/etc/ntp.conf
The following files will be updated as part of updating to 10.1-RELEASE-p37:
/bin/freebsd-version
/boot/boot1.efi
/boot/boot1.efifat
/boot/loader.efi
/usr/bin/bspatch
/usr/sbin/freebsd-update
/usr/src/sys/conf/newvers.sh
/usr/src/usr.bin/bsdiff/bspatch/bspatch.c
/usr/src/usr.sbin/freebsd-update/freebsd-update.sh
__Martin
_______________________________________________
freebsd-...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-securi...@freebsd.org"
in /boot, but they are not mentioned in any security advisory or errata notice
that I can find and no corresponding source files are updated. This is
repeatable on several unrelated systems so I don't think my files have been
corrupted.
Is this expected?
# freebsd-version -u
10.1-RELEASE-p36
# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.1-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.
The following files are affected by updates, but no changes have
been downloaded because the files have been modified locally:
/etc/ntp.conf
The following files will be updated as part of updating to 10.1-RELEASE-p37:
/bin/freebsd-version
/boot/boot1.efi
/boot/boot1.efifat
/boot/loader.efi
/usr/bin/bspatch
/usr/sbin/freebsd-update
/usr/src/sys/conf/newvers.sh
/usr/src/usr.bin/bsdiff/bspatch/bspatch.c
/usr/src/usr.sbin/freebsd-update/freebsd-update.sh
__Martin
_______________________________________________
freebsd-...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-securi...@freebsd.org"
Gleb Smirnoff
Aug 22, 2016, 8:28:47 PM8/22/16
to Martin Simmons, freebsd-...@freebsd.org
Martin,
On Mon, Aug 22, 2016 at 03:15:47PM +0100, Martin Simmons wrote:
M> Running freebsd-update to convert 10.1-RELEASE-p36 to -p37 updates 3 efi files
M> in /boot, but they are not mentioned in any security advisory or errata notice
M> that I can find and no corresponding source files are updated. This is
M> repeatable on several unrelated systems so I don't think my files have been
M> corrupted.
M>
M> Is this expected?
The freebsd-update build code attempts to extract and ignore timestamps in order
to determine whether files are 'really' changing between builds; unfortunately these
particular files contain a build artifact which the freebsd-update code was not
able to handle, thus resulting in them being incorrectly identified as needing to be
distributed.
So, this shouldn't have happened. But don't worry the files aren't forged and they
do originate from the official freebsd-update server.
--
Totus tuus, Glebius.
On Mon, Aug 22, 2016 at 03:15:47PM +0100, Martin Simmons wrote:
M> Running freebsd-update to convert 10.1-RELEASE-p36 to -p37 updates 3 efi files
M> in /boot, but they are not mentioned in any security advisory or errata notice
M> that I can find and no corresponding source files are updated. This is
M> repeatable on several unrelated systems so I don't think my files have been
M> corrupted.
M>
M> Is this expected?
The freebsd-update build code attempts to extract and ignore timestamps in order
to determine whether files are 'really' changing between builds; unfortunately these
particular files contain a build artifact which the freebsd-update code was not
able to handle, thus resulting in them being incorrectly identified as needing to be
distributed.
So, this shouldn't have happened. But don't worry the files aren't forged and they
do originate from the official freebsd-update server.
--
Totus tuus, Glebius.
Martin Simmons
Aug 26, 2016, 1:24:54 PM8/26/16
to freebsd-...@freebsd.org
>>>>> On Mon, 22 Aug 2016 17:28:21 -0700, Gleb Smirnoff said:
>
> Martin,
>
> On Mon, Aug 22, 2016 at 03:15:47PM +0100, Martin Simmons wrote:
> M> Running freebsd-update to convert 10.1-RELEASE-p36 to -p37 updates 3 efi files
> M> in /boot, but they are not mentioned in any security advisory or errata notice
> M> that I can find and no corresponding source files are updated. This is
> M> repeatable on several unrelated systems so I don't think my files have been
> M> corrupted.
> M>
> M> Is this expected?
>
> The freebsd-update build code attempts to extract and ignore timestamps in order
> to determine whether files are 'really' changing between builds; unfortunately these
> particular files contain a build artifact which the freebsd-update code was not
> able to handle, thus resulting in them being incorrectly identified as needing to be
> distributed.
>
> So, this shouldn't have happened. But don't worry the files aren't forged and they
> do originate from the official freebsd-update server.
Thanks, that's good to know.
>
> Martin,
>
> On Mon, Aug 22, 2016 at 03:15:47PM +0100, Martin Simmons wrote:
> M> Running freebsd-update to convert 10.1-RELEASE-p36 to -p37 updates 3 efi files
> M> in /boot, but they are not mentioned in any security advisory or errata notice
> M> that I can find and no corresponding source files are updated. This is
> M> repeatable on several unrelated systems so I don't think my files have been
> M> corrupted.
> M>
> M> Is this expected?
>
> The freebsd-update build code attempts to extract and ignore timestamps in order
> to determine whether files are 'really' changing between builds; unfortunately these
> particular files contain a build artifact which the freebsd-update code was not
> able to handle, thus resulting in them being incorrectly identified as needing to be
> distributed.
>
> So, this shouldn't have happened. But don't worry the files aren't forged and they
> do originate from the official freebsd-update server.
__Martin
Ed Maste
Aug 31, 2016, 5:42:28 PM8/31/16
to freebsd-...@freebsd.org
On 22 August 2016 at 20:28, Gleb Smirnoff <gle...@freebsd.org> wrote:
>
> The freebsd-update build code attempts to extract and ignore timestamps in order
> to determine whether files are 'really' changing between builds; unfortunately these
> particular files contain a build artifact which the freebsd-update code was not
> able to handle, thus resulting in them being incorrectly identified as needing to be
> distributed.
The issue with PE/COFF timestamps in the UEFI bootloader components is
>
> The freebsd-update build code attempts to extract and ignore timestamps in order
> to determine whether files are 'really' changing between builds; unfortunately these
> particular files contain a build artifact which the freebsd-update code was not
> able to handle, thus resulting in them being incorrectly identified as needing to be
> distributed.
fixed as of SVN r305160 in HEAD and will make it back to stable/11 in
due course. The timestamps will now be set to a consistent, known
value.
0 new messages