Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED]

Reply: Karl Levik : "Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED]"
Reply: Tomoaki AOKI : "Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED]"
Reply: Robert Blayzor : "Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED]"
In reply to: monochrome : "Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED]"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Peter Libassi <peter_at_libassi.se>
Date: Wed, 04 Oct 2023 04:45:40 UTC
Me too! My sshd_config is also customized and everytime there is a new patch I need to run freebsd-update manually and get rid of the attempt to trash the sshd config that could make my server unreachable over the network.

Why does the freebsd-update need a vanilla sshd_config?
Why not give a message and put the new freebsd vanillia sshd_config file in /etc/ssh/sshd_config-new_version?
Does this behaviour mean that the /etc/ssh/sshd_config is uncustomizable? and if you need custom sshd configuration you should use the port provided openssh-portable?




> 4 okt. 2023 kl. 04:13 skrev monochrome <monochrome@twcny.rr.com>:
> 
> not sure if this is related or appropriate here, but for the last 2 or 3 updates freebsd-update has been hanging on this:
> 
> The following files are affected by updates. No changes have
> been downloaded, however, because the files have been modified
> locally:
> /etc/ssh/sshd_config
> 
> 
> 
> a minor annoyance, but is this the new normal?<ecRV9YIelkR0MQGe.png> this file will obviously be changed on most systems, why do I seem like the only one with this problem?
> 
> <cDK2pd07H0DkdvFY.png>
> 
> as of today its still doing it: FreeBSD quartzon 13.2-RELEASE-p4 FreeBSD 13.2-RELEASE-p4 GENERIC amd64
> 
> 
> On 10/3/23 19:03, FreeBSD Errata Notices wrote:
>> =============================================================================
>> FreeBSD-EN-23:09.freebsd-update                                 Errata Notice
>>                                                           The FreeBSD Project
>> 
>> Topic:          freebsd-update incorrectly merges files on upgrade
>> 
>> Category:       core
>> Module:         freebsd-update
>> Announced:      2023-09-06
>> Affects:        FreeBSD 13.2
>> Corrected:      2023-05-16 21:34:10 UTC (stable/13, 13.2-STABLE)
>>                 2023-09-06 16:56:24 UTC (releng/13.2, 13.2-RELEASE-p3)
>>                 2023-09-28 13:42:18 UTC (stable/12, 12.4-STABLE)
>>                 2023-10-03 22:15:35 UTC (releng/12.4, 12.4-RELEASE-p6)
>> 
>> For general information regarding FreeBSD Errata Notices and Security
>> Advisories, including descriptions of the fields above, security
>> branches, and the following sections, please visit
>> <URL:https://security.FreeBSD.org/> <https://security.freebsd.org/>.
>> 
>> 2023-09-06      Initial Revision
>> 2023-10-03      Updated to include the patch for 12.4-RELEASE.
>> 
>> I.   Background
>> 
>> freebsd-update provides binary updates for supported releases of FreeBSD on
>> amd64, arm64, and i386.
>> 
>> II.  Problem Description
>> 
>> freebsd-update incorrectly deleted files in /etc/ in the event the file to be
>> updated matched the new release and was different than the old release.  This
>> has not been an issue previously because the $FreeBSD$ tag expansion from
>> subversion virtually guaranteed the existing file was going to be different
>> from the new release. With the conversion to git in the 13.x releases,
>> $FreeBSD$ is no longer expanded, making it much more likely that a file would
>> find this issue.
>> 
>> III. Impact
>> 
>> Unmodified files in /etc/ may be deleted on running freebsd-update upgrade.
>> 
>> IV.  Workaround
>> 
>> No workaround is available.
>> 
>> V.   Solution
>> 
>> Upgrade your system to a supported FreeBSD stable or release / security
>> branch (releng) dated after the correction date.
>> 
>> Perform one of the following:
>> 
>> 1) To update your system via a binary patch:
>> 
>> Systems running a RELEASE version of FreeBSD on the amd64, i386, or
>> (on FreeBSD 13 and later) arm64 platforms can be updated via the
>> freebsd-update(8) utility:
>> 
>> # freebsd-update fetch
>> # freebsd-update install
>> 
>> 2) To update your system via a source code patch:
>> 
>> The following patches have been verified to apply to the applicable
>> FreeBSD release branches.
>> 
>> a) Download the relevant patch from the location below, and verify the
>> detached PGP signature using your PGP utility.
>> 
>> # fetch https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch <https://security.freebsd.org/patches/EN-23:09/freebsd-update.patch>
>> # fetch https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch.asc <https://security.freebsd.org/patches/EN-23:09/freebsd-update.patch.asc>
>> # gpg --verify freebsd-update.patch.asc
>> 
>> b) Apply the patch.  Execute the following commands as root:
>> 
>> # cd /usr/src
>> # patch < /path/to/patch
>> 
>> c) Recompile the operating system using buildworld and installworld as
>> described in <URL:https://www.FreeBSD.org/handbook/makeworld.html> <https://www.freebsd.org/handbook/makeworld.html>.
>> 
>> VI.  Correction details
>> 
>> This issue is corrected by the corresponding Git commit hash or Subversion
>> revision number in the following stable and release branches:
>> 
>> Branch/path                             Hash                     Revision
>> -------------------------------------------------------------------------
>> stable/13/                              866e5c6b3ce7    stable/13-n255386
>> releng/13.2/                            0b39d9de2e71  releng/13.2-n254628
>> stable/12/                                                        r373221
>> releng/12.4/                                                      r373231
>> -------------------------------------------------------------------------
>> 
>> For FreeBSD 13 and later:
>> 
>> Run the following command to see which files were modified by a
>> particular commit:
>> 
>> # git show --stat <commit hash>
>> 
>> Or visit the following URL, replacing NNNNNN with the hash:
>> 
>> <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> <https://cgit.freebsd.org/src/commit/?id=NNNNNN>
>> 
>> To determine the commit count in a working tree (for comparison against
>> nNNNNNN in the table above), run:
>> 
>> # git rev-list --count --first-parent HEAD
>> 
>> For FreeBSD 12 and earlier:
>> 
>> Run the following command to see which files were modified by a particular
>> revision, replacing NNNNNN with the revision number:
>> 
>> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
>> 
>> Or visit the following URL, replacing NNNNNN with the revision number:
>> 
>> <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> <https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
>> 
>> VII. References
>> 
>> <URL:https://reviews.freebsd.org/D39973> <https://reviews.freebsd.org/D39973>
>> 
>> The latest revision of this advisory is available at
>> <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:09.freebsd-update.asc> <https://security.freebsd.org/advisories/FreeBSD-EN-23:09.freebsd-update.asc>
> >
>