From nobody Wed Sep 04 23:36:57 2024 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wzf615yfRz5VrbZ for ; Wed, 04 Sep 2024 23:36:57 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wzf614cGKz42vs; Wed, 4 Sep 2024 23:36:57 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725493017; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=0dFL40DG7Pao9Pxo5I7AZ9hbuEvwEXKYBc7m151gRek=; b=WrngpqM7wbQX9N9oxFhWfeHjvqdXmF5KXDzKeU/MF5Xo4D1RyWGQVi7hU+08Fz2TXe0D3q 57wVdRef5Z3QBFamX0w8Xx71pFgdJWVR/rIuk1lu7koVOugf5tIlNx/cLoQqZfoYjF8p99 Gp7nRawj0l6ms/8P3kRWoriJgyHbrI2FOJrtfLPfbr3jmyWjh0P9fhXV9fJmiClRwnak2B TJTjKzWfQwGNUMaPcc+D2MVeIJr3/3Sp8n0t0RuWQqjXyMlfYiqIwMpK8SmpljpsJPmSzU Zm/gTlUTiWih3mCyxXGzY8S/VSH/gB9UBnv1D/Our1fz2B5ioZUb8oo7T1cmNQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725493017; a=rsa-sha256; cv=none; b=DxKio29Nu6D09JRwsaAhWbhQkmIhSDw5sw2ah9tAqADXPMONaGo0EjxzWcj+x3tY1J3lJR fGDGM922NTrtYdQGC9+2xNFJPMEVRa2LUH7I3dbf+F9v0K165YpMBYp1IdYjrn7l3r9uEj H8wpLMGZvrQU/jxqWywJ6tWGVOXw1hb1RXc8bIyyEtcWFhcI55VcR84Wxhq2mFH5Ts6fMT yxt+tDAz8z/jw1aHaHAZFS8kLEOZIyfeiRKpub/aQRtYKY/rYc0wVC/Gw2XLYkiaA3X8gc myogGNEXdbaSPVv2FRInelKZUivZDtClJ+ZXo/NA8s75wTB8Y/678SllDrCekg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725493017; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=0dFL40DG7Pao9Pxo5I7AZ9hbuEvwEXKYBc7m151gRek=; b=tfzkCjqfwF7GuhOqQ4vvnRHJ4L7fCoqTyOn0j56N5O7zuxZRiXgcB9GX8z7FIerQL6hHDX WiyQ2X/7DcSbXH/M8vnINmMiARuMdr9FDWjLmMNXPDGLlf/IL+m0VuH5+ZfvfT1FVnL+IL O2iYpGYT69UL+VQCpMuDiPElxN3E1as0VnPRigFYMqr29IMBWZa1hdyY1Fi/FLNoO+dbY5 OmK5Z86CrG+fiJqy4+hHTyEoR3MZUdwFWYxZumFq+nNC8+LteDfDsnBpsm/GpLkXHygXzE bD60l7oTRSECzReSKFM9OylNncw8Xx6oiP9jJPlBlJMbqRLOoplDoXMalPxc3g== Received: by freefall.freebsd.org (Postfix, from userid 945) id 744FB27419; Wed, 04 Sep 2024 23:36:57 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-24:15.calendar Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20240904233657.744FB27419@freefall.freebsd.org> Date: Wed, 04 Sep 2024 23:36:57 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-announce@freebsd.org Sender: owner-freebsd-announce@FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-24:15.calendar Errata Notice The FreeBSD Project Topic: cron(8) / periodic(8) session login Category: core Module: periodic Announced: 2024-09-04 Affects: All supported versions of FreeBSD. Corrected: 2024-08-08 20:07:04 UTC (stable/14, 14.1-STABLE) 2024-09-04 21:34:23 UTC (releng/14.1, 14.1-RELEASE-p4) 2024-09-04 20:54:10 UTC (releng/14.0, 14.0-RELEASE-p10) 2024-08-08 20:07:07 UTC (stable/13, 13.4-STABLE) 2024-08-14 03:37:16 UTC (releng/13.4, 13.4-BETA3) 2024-09-04 20:29:38 UTC (releng/13.3, 13.3-RELEASE-p6) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background periodic(8) is run via cron(8) as root to perform periodic system functions to be executed on a daily, weekly, or monthly basis. II. Problem Description periodic(8) jobs are typically run in a context as the `root` user, but an erratum in calendar(1) may clobber the login session of both cron(8) and periodic(8) to a non-`root` user if the daily calendar job is enabled with `daily_calendar_enable=YES`. III. Impact Mail sent after calendar(1) has run in the daily periodic run will have a non-root sender on the envelope. This includes security jobs as well as other cron jobs that may be run after the daily job has concluded. IV. Workaround No workaround is available. Systems that have not explicitly enabled the daily calendar job are not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-24:15/calendar.patch # fetch https://security.FreeBSD.org/patches/EN-24:15/calendar.patch.asc # gpg --verify calendar.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ 33708452aaab stable/14-n268432 releng/14.1/ 86d01789bf41 releng/14.1-n267709 releng/14.0/ d94dbaa516e0 releng/14.0-n265431 stable/13/ 3a9010c98b3d stable/13-n258228 releng/13.4/ 7088bf662d46 releng/13.4-n258220 releng/13.3/ eab94c0fbb78 releng/13.3-n257447 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbY53AACgkQbljekB8A Gu+FxA/+JUfcaaoOhPcS8VabJS4UKYKH3S703qTSqaR1KsHj+nKXj5eSWCyGA4KI C4p+9C4H7shzgO4SF18+HR679i+y0QNayEpEv9MkUsuYfevx3t8+E7joOH10usi1 g92EPpAUYM5Cb0NpsjFS8gQk18qRlY76asdQlA+b8RDB0gU7lJkDTxrT4TUtJqKP ysAa2ZruGuJbZpZlVPY/JLA9/liwBZcq6fij1g4dyQke6PbvTkoWxFD/3+/ufKXu mWW+VsYxldNQRIJF9+8SuIcGTkDUr4HAP7EPYYKU8prX39lsAN0fA7oQO0ohvQ1b 20Oglq4PYQTEzv16KbAGZdByEzH2Tnzoz8jkaUeIfgnQrHEZbiaqckixi3bUOzPV SJ037qikttpxVXrs6qxehl1f9tMLXFlbRSOrVrxg+YSb8Xy0nxRvdNwuJ+1OS2bD DoPDXs3BVtecKrArDrZcbFcvzNbNiESZGRlFBI7hiy8DQFNFT755n1NnIDxjDerW Qo9MELlWerWyP2djzS+C5YeTe3HPMw8dRbPORRKBD65+dXDn+W53TeJdVY/uwN/O B9l/RRehDTB4pj79J6689h3mPSBgMC0tS33Nv1Xm42+58JPb9hP+RzHQkNVJcrxk RDpKKxgJjTm5hQ+U8TMN+YOfWJnrEGk+mSWK8Vk96C0JQJSd0lI= =Z1hr -----END PGP SIGNATURE-----