Commit Graph

24 Commits

Author SHA1 Message Date
Ulrich Spörlein
63d46d1d5e Fix several typos in macros or macro misusage.
Found by:	make manlint
Reviewed by:	ru
Approved by:	philip (mentor)
2010-03-12 10:01:06 +00:00
Colin Percival
a235643007 Disable SSL renegotiation in order to protect against a serious
protocol flaw. [09:15]

Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]

Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]

Approved by:	so (cperciva)
Security:	FreeBSD-SA-09:15.ssl
Security:	FreeBSD-SA-09:16.rtld
Security:	FreeBSD-SA-09:17.freebsd-udpate
2009-12-03 09:18:40 +00:00
Colin Percival
d23dc1ee5f Special-case "-r X" where X is [0-9.]+ to mean "-r X-RELEASE".
Tripped over by:	too many people to count
MFC after:	1 month
2009-09-29 16:26:09 +00:00
Simon L. B. Nielsen
23d827ef05 Add support for backing up the old kernel when installing a new kernel
using freebsd-update.  This applies to using freebsd-update in "upgrade
mode" and normal freebsd-update on a security branch.

The backup kernel will be written to /boot/kernel.old, if the directory
does not exist, or the directory was created by freebsd-update in a
previous backup.  Otherwise freebsd-update will generate a new directory
name for use by the backup.  By default symbol files are not backed up
to save diskspace and avoid filling up the root partition.

This feature is fully configurable in the freebsd-update config file,
but defaults to enabled.

MFC after:	1 week (stable/7)
Reviewed by:	cperciva
Approved by:	re (kib)
2009-08-19 20:47:31 +00:00
John-Mark Gurney
c170a96b8f fix grammar...
Reviewed by:	cperciva
2009-05-06 20:07:28 +00:00
Colin Percival
bb10a826c1 In freebsd-update IDS, strip out file flags before we look for
non-matching index lines.  This fixes a bug where bogus warnings would
be printed file has the wrong file flags AND has been updated by
FreeBSD Update.

Reported by:	Royce Williams
2008-08-08 04:34:00 +00:00
Colin Percival
08e23bee1a Add "IDS" command to freebsd-update. This was present in the original
version of freebsd-update, but I took it out when I rewrote everything
and added FreeBSD Update to the base system because I didn't think it
was useful.  It turns out that quite a few people liked it and wanted
it back.

Requested by:	Royce Williams + others
MFC after:	2 weeks
2008-08-02 00:09:41 +00:00
Colin Percival
fd0963d156 Adjust recognize-shared-libraries regex to avoid matching symlinks to
shared libraries.

This fixes a problem which resulted in 6.x->7.x upgrades having the
/usr/lib/libpthread.so -> libthr.so symlink missing; what happened was
that the old libpthread.so symlink pointed to /lib/libpthread.so.2 --
which matched the "/lib/*\.so\.[0-9]+" regex -- but the new symlink
didn't, so FreeBSD Update got confused and deleted the symlink as part
of its "remove old shared libraries" step.

To recreate the symlink (which I understand is necessary for ports like
KDE to build) on a 7.x system which FreeBSD Update upgraded from 6.x:
# ln -s libthr.so /usr/lib/libpthread.so

Reported by:	Dmitry RCL Rekman
Help diagnosing bug from:	kris
MFC after:	7 days
2008-03-25 11:31:16 +00:00
Colin Percival
c58b62eff4 When updating the install list for files which have had local changes
merged with upgrade changes, don't try to compute the SHA256 hash of
files which don't exist.

Reported by:	Jaakko Heinonen
MFC after:	1 week
2008-03-23 13:41:54 +00:00
Colin Percival
0e0d8d5a75 Add change missing from previous commit: Remove temporary file. 2007-11-16 14:00:22 +00:00
Colin Percival
1ec4fb3aa4 Fix "freebsd-update rollback" applied to minor-version upgrades: Old
shared object files which have the same name as currently-installed
shared object files should be reinstalled after binaries are rolled
back.  The order for rolling back updates is therefore
1. Install any old shared object files which can be installed without
overwriting a new shared object file.
2. Rollback everything which isn't a shared object or kernel file.
3. Rollback any shared object files which we didn't deal with in (1).
4. Rollback to the old kernel.

Bug reported by:	Jan Henrik Sylvester
MFC after:		3 days
2007-11-16 13:57:41 +00:00
Colin Percival
db6b0a619f Add support for "freebsd-update -r newrelease upgrade" -- binary
upgrading to new releases.  Important parts of this code include
 * automatically determining which optional components (e.g., src,
info, proflibs) are installed.
 * merging changes in files which are modified locally and have
changed between the currently running and new release.
 * prompting the user to rebuild all 3rd party software before
deleting old shared libraries.

Yes, this is compatible with "freebsd-update rollback" -- you can
test a new -BETA and roll back to the old release if you don't
like it.

Subject to re@ approval, this will be MFCed before 7.0-BETA3 and
6.3-RC1.

MFC after:	2 days
2007-11-12 04:47:57 +00:00
Colin Percival
2328d598d9 Two minor improvements uncovered by work on upgrading between releases:
* When installing updates, make sure that securelevel <= 0.  Otherwise
  we can't remove the schg flag from files.
* When preparing to download updates, check to see if we already have
  them sitting in the /files/ directory.  This saves bandwidth if users
  run "freebsd-update fetch" more than once without installing updates
  in between.

While I'm here, bump the copyright date.

MFC after:	3 days
2007-11-08 13:06:38 +00:00
Colin Percival
89b1456622 Change the time of the first "EoL is coming soon, you should upgrade" warning
from EoL minus 6 months to EoL minus 3 months, in order to increase the odds
of there actually being a more recent release to which users can upgrade.
(In particular, for releases which are only supported for 12 months, it's
quite likely that the next release will occur between 6 and 9 months later.)

Discussed with:	kensmith
Approved by:	re (bmah)
MFC after:	3 days
2007-08-14 14:48:46 +00:00
Colin Percival
210b8123c3 When storing old versions of files for use in generating new files via
patching and for rolling back updates, don't copy a file if it has already
been stored.  This provides a significant speedup to the "Preparing to
download files" stage of "freebsd-update fetch" if many updates have already
been applied or if a file being updated is linked many times (such as
/rescue/*).

Reported by:	Paul Dekkers
MFC after:	1 week
Approved by:	re (bmah)
2007-08-07 19:33:46 +00:00
Colin Percival
e829ed67a2 Add some missing '${BASEDIR}/'s. Prior to this commit, FreeBSD Update
operating with the "-b basedir" option would not correctly update files
which had flags set or were hardlinked.

Submitted by:	Karsten Schmidt
Pointy hat to:	cperciva
MFC after:	1 week
2007-05-16 15:20:51 +00:00
Colin Percival
2c434b2cc3 Fix problems resulting from SMP kernels (mis-)identifying themselves as
"SMP-GENERIC" (i386) or "GENERIC" (amd64).

FreeBSD 6.2 Errata candidate.

MFC after:	3 days
Pointy hat to:	cperciva
2007-03-04 00:29:42 +00:00
Colin Percival
87b66e43a4 "block is set to UTC" -> "clock is set to UTC"
Submitted by:	csjp
2006-12-31 05:18:35 +00:00
Colin Percival
764dd6b424 Add a sentence to the DESCRIPTION noting that updates aren't available
for -STABLE or -CURRENT.

Inspired by submission from:	Scott Robbins
MFC after:	3 days
2006-12-26 05:49:06 +00:00
Colin Percival
bce02f9836 Three minor bug fixes:
1. When downloading metadata files, make sure we only download each
file once; without this fix, "freebsd-update fetch" will fail the first
time it is run if there have been no updates yet for the installed
release.
2. If the FOO kernel is installed in /boot/kernel instead of /boot/FOO
and the /boot/FOO directory does not exist, don't try to update
/boot/FOO.  This is an issue only where an update involves adding a new
kernel module.
3. When removing files and directories, operate in reverse
lexographical order, in order to ensure that files are removed before
the directory which contains them.

MFC after:	3 days
2006-11-25 07:30:12 +00:00
Colin Percival
f2890dbd24 Set LC_ALL=C in order to avoid problems with character ranges and
sorting.

PR:		bin/104505
MFC after:	3 days
2006-10-21 11:04:34 +00:00
Colin Percival
b698a3ab22 Conform to wider English usage.
Submitted by:	Royce Williams
2006-09-02 10:47:01 +00:00
Ruslan Ermilov
23e8fc3aeb It's spelled MAN. 2006-09-01 09:07:11 +00:00
Colin Percival
48ffe56ac5 Add FreeBSD Update 2.0 client code. The build code is in the projects
repository.

Sponsored by:	FreeBSD security development fundraiser
2006-08-31 09:51:34 +00:00