-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-EN-07:05.freebsd-update                                 Errata Notice
                                                          The FreeBSD Project

Topic:          FreeBSD Update problems updating SMP kernels

Category:       core
Module:         usr.sbin
Announced:      2007-03-15
Affects:        FreeBSD 6.2
Corrected:      2007-03-08 05:43:12 UTC (RELENG_6, 6.2-STABLE)
                2007-03-15 08:06:11 UTC (RELENG_6_2, 6.2-RELEASE-p3)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.

I.   Background

FreeBSD Update is a system for building, distributing, and installing
binary security and errata updates to the FreeBSD base system.  Starting
with FreeBSD 6.2-RELEASE, the FreeBSD Update client software, 
freebsd-update(8), has been included in the FreeBSD base system.

II.  Problem Description

Due to a programming error in the FreeBSD Update client, kernels built
from the default SMP kernel configuration (including those distributed
as part of the release) are not correctly identified as such.  On the 
i386 platform, they are not recognized; on the amd64 platform, they are
mis-identified as GENERIC kernels.

III. Impact

On the i386 platform, if a system is running a kernel built from the
default SMP kernel configuration, and this kernel is installed somewhere
other than /boot/SMP/kernel, the FreeBSD Update client will not download
and install updates for it.

On the amd64 platform, if a system is running a kernel built from the
default SMP kernel configuration, and this kernel is installed somewhere
other than /boot/SMP/kernel, the FreeBSD Update client will replace it
with a kernel built from the GENERIC (single-processor) kernel
configuration.

IV.  Workaround

As described in Security Advisories and Errata Notices, it is possible to
update FreeBSD systems by applying source code patches and rebuilding the
affected components.

Note that systems which are not running SMP kernels are not affected.

Note also that this problem applies only to FreeBSD 6.2 systems using the
FreeBSD Update client distributed as part of the FreeBSD base system.
The FreeBSD Update client distributed as security/freebsd-update in the
FreeBSD Ports Collection is not affected.

V.   Solution

Perform one of the following:

1) Upgrade your affected system to 6-STABLE or to the RELENG_6_2 errata
branch dated after the correction date.

2) To patch your present system:

The following patch has been verified to apply to FreeBSD 6.2 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/EN-07:05/freebsd-update.patch
# fetch http://security.FreeBSD.org/patches/EN-07:05/freebsd-update.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/usr.sbin/freebsd-update/
# make obj && make && make install

V.1. IMPORTANT NOTES to users of FreeBSD Update:

a) i386 systems:

It is possible that past kernel updates have not been downloaded and
installed by FreeBSD Update.  To ensure that all available updates have
been installed, run FreeBSD Update twice; first to download and install
an updated FreeBSD Update client, and second to download and install any
updates which were missed earlier.

b) amd64 systems:

It is possible that systems which were initially installed with an SMP
kernel have been "updated" by replacing the kernel with a GENERIC kernel.
To see which kernel is running, run
# sysctl kern.smp.maxcpus
which will report either 1 (GENERIC kernel) or 16 (SMP kernel).  (Note
that `uname -i`, the standard mechanism for determining a kernel ident,
returns "GENERIC" on both amd64 GENERIC and SMP kernels.)

If FreeBSD Update has replaced an SMP kernel by a GENERIC kernel,
repeatedly run
# freebsd-update rollback
and reboot until the system is running an SMP kernel.

Once you have verified that the system is running the correct kernel, run
FreeBSD Update twice *without rebooting*.  The first time FreeBSD Update
is run it might replace an SMP kernel with a GENERIC kernel; but on the
second run (after an updated FreeBSD Update client is installed, and as
long as the system has not been rebooted into the wrong kernel) it will
download the correct kernel.

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch                                                           Revision
  Path
- -------------------------------------------------------------------------
RELENG_6
  src/usr.sbin/freebsd-update/freebsd-update.sh                   1.2.2.4
RELENG_6_2
  src/UPDATING                                             1.416.2.29.2.6
  src/sys/conf/newvers.sh                                   1.69.2.13.2.6
  src/usr.sbin/freebsd-update/freebsd-update.sh               1.2.2.2.2.2
- -------------------------------------------------------------------------

VII. References

The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-07:05.freebsd-update.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFF+pUJFdaIBMps37IRAo+tAKCTwLNoR2C+ACCfQ8LNm7UKJ/K2egCgh2aS
GPNjhwdxwSbjhzNPs4aidwo=
=K+Fo
-----END PGP SIGNATURE-----