I think the current URL for the the daemon patch is (with the period
before patch)
https://www.freebsd.org/security/patches/EN-25:06/daemon.patch
On 4/10/25 12:34 PM, FreeBSD Errata Notices wrote:
=============================================================================
FreeBSD-EN-25:06.daemon Errata Notice
The FreeBSD
Project
Topic: daemon(8) missing signals
Category: core
Module: daemon
Announced: 2025-04-10
Affects: FreeBSD 14.2 and FreeBSD 13.4
Corrected: 2024-12-10 23:05:46 UTC (stable/14, 14.2-STABLE)
2025-04-10 14:57:41 UTC (releng/14.2, 14.2-RELEASE-p3)
2024-12-10 23:06:11 UTC (stable/13, 13.4-STABLE)
2025-04-10 14:59:37 UTC (releng/13.4, 13.4-RELEASE-p5)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
daemon(8) can be sent some signals to control its behavior: SIGHUP to
re-open
its output file, or SIGTERM to cleanly terminate the child and shutdown.
II. Problem Description
Following a change to use kqueue(2) to manage signals, daemon(8) would
lose
signal events that occur while it waits to restart the supervised process.
III. Impact
The most notable impact is that daemon(8) may hang if a SIGTERM is
sent to it
after the child has gone away, and before it is restarted.
Note that FreeBSD 13.5 is not affected. FreeBSD 13.5-PRERELEASE and later
builds of stable/13 include the fix.
IV. Workaround
No workaround is available. daemon(8) invocations that do not use -r
are not
affected, with a larger -R argument being specified making it more
likely to
hit the problematic window.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and restart any daemon(8)
processes that may be affected or reboot the system.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64
platforms,
or the i386 platform on FreeBSD 13, can be updated via the
freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-25:06/daemonpatch
# fetch https://security.FreeBSD.org/patches/EN-25:06/daemonpatch.asc
# gpg --verify daemon.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable daemons, or reboot the system.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
-------------------------------------------------------------------------
stable/14/ 7ea2874eadf9 stable/14-n269895
releng/14.2/ 4651d400f100 releng/14.2-n269521
stable/13/ 4bb1a558a281 stable/13-n258848
releng/13.4/ a1f4a530dea3 releng/13.4-n258282
-------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277959>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:06.daemon.asc>
--
Lucas Holt
l...@foolishgames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)
