diff options
Diffstat (limited to 'website/static/security/advisories/FreeBSD-EN-24:01.tzdata.asc')
| -rw-r--r-- | website/static/security/advisories/FreeBSD-EN-24:01.tzdata.asc | 191 |
1 files changed, 191 insertions, 0 deletions
diff --git a/website/static/security/advisories/FreeBSD-EN-24:01.tzdata.asc b/website/static/security/advisories/FreeBSD-EN-24:01.tzdata.asc new file mode 100644 index 0000000000..a724f566d8 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:01.tzdata.asc @@ -0,0 +1,191 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:01.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2024-02-14 +Affects: All supported versions of FreeBSD +Corrected: 2024-02-05 00:30:01 UTC (stable/14, 14.0-STABLE) + 2024-02-14 06:21:06 UTC (releng/14.0, 14.0-RELEASE-p5) + 2024-02-05 00:30:42 UTC (stable/13, 13.3-STABLE) + 2024-02-14 06:27:47 UTC (releng/13.2, 13.2-RELEASE-p10) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The IANA Time Zone Database (often called tz or zoneinfo) contains code and +data that represent the history of local time for many representative +locations around the globe. It is updated periodically to reflect changes +made by political bodies to time zone boundaries, UTC offsets, and +daylight-saving rules. + +Leap seconds are occasional adjustments added to -- or potentially subtracted +from -- Coordinated Universal Time (UTC). An authoritative list of leap +second adjustments is maintained by the International Earth Rotation and +Reference Systems Service (IERS). + +FreeBSD releases install the IANA Time Zone Database in /usr/share/zoneinfo. +The tzsetup(8) utility allows the user to specify the default local time +zone. Based on the selected time zone, tzsetup(8) copies one of the files +from /usr/share/zoneinfo to /etc/localtime. A time zone may also be selected +for an individual process by setting its TZ environment variable to a desired +time zone name. + +The latest list of leap seconds at the time of release is installed on FreeBSD +in /var/db/ntpd.leap-seconds.list. The startup rc(8) scripts of the ntpd(8) +Network Time Protocol implementation included in the FreeBSD base system can +periodically download an updated leap-seconds.list file from configurable +internet sites. + +II. Problem Description + +Several changes to future and past timestamps have been recorded in the IANA +Time Zone Database after previous FreeBSD releases were released. This +affects many users in different parts of the world. Because of these +changes, the data in the zoneinfo files need to be updated. If the local +timezone on the running system is affected, tzsetup(8) needs to be run to +update /etc/localtime. + +In the default configuration, the ntpd(8) startup script included with FreeBSD +checks for an updated leap-seconds.list on the IETF's web server. As of 2023, +the IETF no longer distributes a copy of this file. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected time zones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +With the default configuration, FreeBSD systems cannot file updates to the +installed leap-seconds.list file. Since no leap second was introduced at the +end of 2023, the leap-seconds.list file included with all supported FreeBSD +releases is still accurate. Moreover, ntpd(8) is able to receive updated leap +second information from its peers. However, a diagnostic warning about an +expired leap-seconds.list is printed at startup. + +IV. Workaround + +The system administrator can install an updated version of the IANA Time Zone +Database from the misc/zoneinfo port and run tzsetup(8). + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +The ntpd(8) startup script can be configured to download an updated +leap-seconds.list file from IERS with the following rc.conf(5) setting: + +ntp_leapfile_sources="https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list" + +Larger sites, or sites without reliable connectivity to the internet, may wish +to point to their locally maintained copy of this file. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Please note that some third party software, for instance PHP, Ruby, Java, +Perl and Python, may be using different zoneinfo data sources, in such cases +this software must be updated separately. Software packages that are +installed via binary packages can be upgraded by executing 'pkg upgrade'. + +Following the instructions in this Errata Notice will only update the IANA +Time Zone Database installed in /usr/share/zoneinfo. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:01/tzdata-2024a.patch +# fetch https://security.FreeBSD.org/patches/EN-24:01/tzdata-2024a.patch.asc +# gpg --verify tzdata-2024a.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 26fe22019cb2 stable/14-n266642 +releng/14.0/ a3b7bafd2acc releng/14.0-n265409 +stable/13/ f4256acec1c9 stable/13-n257384 +releng/13.2/ 66bb668fe5f2 releng/13.2-n254660 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://github.com/eggert/tz/blob/2023d/NEWS> +<URL:https://github.com/eggert/tz/blob/2024a/NEWS> +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275419> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:01.tzdata.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmXMY7QACgkQbljekB8A +Gu+fHhAAmDag450+55aZqz9vmY6yEr9gLH0h6Y+yJpvNegzIXaBT+bltNiuO60Dt +r5N/Q9W5Ovwk2cER+jkZ7jvsY6YCtj1lWlv7w9jW2yRNkhDYwY3NBANgEueUsVww +fsZq9lkhQjrtsWnygCSdd+6qj7FZ0ufs53rs35bYxt0/aYx510wBQ6+i6eV0kS2C +2fSWX26/feCHsjd1wyWSvrw7xA1eq8YxVc1Psx8hCYnqOSxuVhL/PpmP1EXl+gF0 +VBHdnmVMibDGRYpiBKxZD+LGCt/KD2oyBEtCXHohkXmIGhouojeSolL7f8IG25ZM +HW0HjKQSTozcjADl4HQpEE7DIYcxc9O2hW2l6WoEf7KAOitsq7nMQHMVp5qd1BsJ +24NihZJ4LNDCpzC4C0jpX9FpKwzrWjldVCBSMCVTZCo2MW+7WXNNDX4TbN66CPqN +cl8bnBCs9Znn6/JrkBR1Bf5TFrGpowEBw9sMVzp4S/QnZkT14mLgV6wlBq8WYmDz +aspdBTq8GWLekl4wIiCKFBV+C3KluPSDlnFF2utcXNZuBVyXyke2Bxsuul7vXnE8 +nTWwegaWWRg3ki9Lnk3dtxN3/5EQ4KfJZdfouT9DwRt3/Ja0aWqkc4GU9L4K8GkL +ag2CzVlnUiqjsOplONpoKqYrg5vqLfdojOshCs42cNZco5r3USw= +=OaBj +-----END PGP SIGNATURE----- |