aboutsummaryrefslogtreecommitdiff
path: root/share/security/advisories/FreeBSD-EN-16:19.tzcode.asc
blob: 04c73925905dd691e51a979104b82955c1a3b359 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-16:19.tzcode                                         Errata Notice
                                                          The FreeBSD Project

Topic:          Avoid warnings about valid time zone abbreviations

Category:       contrib
Module:         tzcode
Announced:      2016-12-06
Credits:        Baptiste Daroussin
Affects:        All supported versions of FreeBSD
Corrected:      2016-10-15 12:37:57 UTC (stable/11, 11.0-STABLE)
                2016-12-05 23:17:05 UTC (releng/11.0, 11.0-RELEASE-p4)
                2016-10-15 12:38:21 UTC (stable/10, 10.3-STABLE)
                2016-12-05 23:13:16 UTC (releng/10.3, 10.3-RELEASE-p13)
                2016-12-05 23:12:22 UTC (releng/10.2, 10.2-RELEASE-p26)
                2016-12-05 23:09:54 UTC (releng/10.1, 10.1-RELEASE-p43)
                2016-10-15 12:38:50 UTC (stable/9, 9.3-STABLE)
                2016-12-05 22:43:24 UTC (releng/9.3, 9.3-RELEASE-p51)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

The zic(8) utility reads text from the file(s) named on the command line
and creates the time conversion information files specified in this input.

The zdump(8) utility prints the current time in each zonename named on the
command line.

II.  Problem Description

Until 2000, timezone abbreviations starting with ':', and could not contain
',', '-', '+', NUL, or a digit for POSIX compatibility.  In 2001, the POSIX
compatibility rules changed, and timezone abbreviations can contain only
'-', '+', and alphanumeric characters from the portable character set in the
current locale.

III. Impact

This is needed to be able to update tzdata to a newer version.

IV.  Workaround

No workaround is available, however systems configured to use Coordinated
Universal Time (UTC) are not affected.

V.   Solution

1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

2) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

3) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-16:19/tzcode.patch
# fetch https://security.FreeBSD.org/patches/EN-16:19/tzcode.patch.asc
# gpg --verify tzcode.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

VI.  Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/9/                                                         r307360
releng/9.3/                                                       r309567
stable/10/                                                        r307359
releng/10.1/                                                      r309570
releng/10.2/                                                      r309571
releng/10.3/                                                      r309572
stable/11/                                                        r307358
releng/11.0/                                                      r309573
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:19.tzcode.asc>
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYRw1nAAoJEO1n7NZdz2rnaowQAM/QDvH9LzIUfnydfZklBvPM
vCF0M6aDsGZNONQCik/ZdyICZ8lws/DcVKG4cz3Fth8XRI0GYsFQPO1m1AJICdVX
CH8bVmgFN0ajChezScYgXNG3qIlQKkeZK1dMaZwLkI02wtn9InqPW4vdecIUcegr
cLK8ppPTB51iWZp0HGXcURzCJRy444l6KhFwfPJdB0dzjrBRkQZXP4ewW1hVuZMK
/trACy5TzKahEzwbqtyNjC22Ou73rb39kH5XweGIx38WfyXeqh3mLwC1qny7PCcI
44V60ovwNyxzUHFFueriDeTeNp+rPkzn6MbjMbtJIhN4K3rO3ekw3KyR6lpZN0WI
VM9Lvz0+vuTHjDuJqte/yiztyexj+aol7xOMv0Ak/0JlXigFwsOVqx0zHn6cHUey
oB9cgNlmb8N51HRX0UiI6x/MJO5ZQm53LsD+YTr1y8iQDHtE2JJfnLj9v/rnFK/q
cPqwxD1vYWQa9rnImFMdI6Ahix3LvSNQLQybWYgSkq+AH5Nbsqfl3CbJdE5ry7Xn
bllPD5cbLTZVqA4hdGpptEAPFBiHgsExxPHswn1uvkMQEettVKb7hzNXkVF4p1GB
CSq80neXh2GyvyA+G07I/7uNmFqzthnGQRsI0PJAItazZnwGlnyGDDtF7okpOkYO
M70LiIMI27QIqMdiWfO5
=68Rp
-----END PGP SIGNATURE-----