-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-25:18.freebsd-update                                 Errata Notice
                                                          The FreeBSD Project

Topic:          freebsd-update(8) installs libraries in incorrect order

Category:       core
Module:         freebsd-update
Announced:      2025-09-30
Credits:        Graham Perrin
Affects:        All supported versions of FreeBSD.
Corrected:      2025-09-25 19:26:37 UTC (stable/15, 15.0-ALPHA4)
                2025-09-25 19:27:06 UTC (stable/14, 14.3-STABLE)
                2025-09-30 15:37:15 UTC (releng/14.3, 14.3-RELEASE-p4)
                2025-09-30 15:37:24 UTC (releng/14.2, 14.2-RELEASE-p7)
                2025-09-25 19:27:34 UTC (stable/13, 13.5-STABLE)
                2025-09-30 15:37:34 UTC (releng/13.5, 13.5-RELEASE-p5)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

The freebsd-update(8) utility is used to fetch, install, and rollback
binary updates to the FreeBSD base system.  In addition to security and
errata updates within a release (its original purpose), freebsd-update(8)
can be used to upgrade to a newer FreeBSD release.

II.  Problem Description

When installing updates, freebsd-update(8) did not enforce ordering between
the C standard library ("libc") and the system library ("libsys") which was
introduced in FreeBSD 15.0.

III. Impact

When using freebsd-update(8) to upgrade a system from FreeBSD 13.x or 14.x to
FreeBSD 15.0, freebsd-update(8) would install a new libc which depends on
libsys before the libsys library existed.  This resulted in the rest of the
update failing to install and a mostly-unusable system, with only statically
linked binaries (e.g. in /rescue) functioning.

IV.  Workaround

No workaround is available, but this misbehaviour only applies to using
freebsd-update(8) to upgrade to FreeBSD 15.0; applying security and errata
updates (including this one) within a release branch is unaffected.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:

# freebsd-update fetch
# freebsd-update install

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-25:18/freebsd-update.patch
# fetch https://security.FreeBSD.org/patches/EN-25:18/freebsd-update.patch.asc
# gpg --verify freebsd-update.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

VI.  Correction details

This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/15/                              8134e7f4b406    stable/15-n280326
stable/14/                              e26928669f39    stable/14-n272484
releng/14.3/                            978e04ff5bcf  releng/14.3-n271445
releng/14.2/                            3447fea3523b  releng/14.2-n269536
stable/13/                              87eb52f1b061    stable/13-n259445
releng/13.5/                            ab91dd76ff72  releng/13.5-n259177
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289769>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:18.freebsd-update.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjb+x0ACgkQbljekB8A
Gu8DQhAAt4nGFTHJcC4dVceeanMY4+p8zUqtrjGP1wO+dgnBbPJuHteMlaK8bi0N
A1f+XRCcbHN7OUZz0k+WgNsFOC583Zg29l+Oe6DvgRzyjUhp7q70/vgEUYbTn2eM
CeXL0GNP9h/UYcqmpot4bO0VvXf9g6qG6qBqYN31eSuDBWcRLLAOzQwbWTLxZYgB
vYDPTqMSOTygGJEiSwGDkywE45N0JvT/GA9kNiu9uh5xL0dQLgwi07BB3+bQ3rNx
hB5sK5EJSa0FcRmpSxXvtQJK5l9eIYkAcFUo0K4/UaSknIFqSOr7j4zS3MOE1PPa
7u+ZJY3SMYg9/YRlRpLs7FGe8t+Oz/1IFgjJ1bJVHZCA55kGaB9toh+wunGsSUHc
+DzPGC0PYmcVLtk75WgjjkofCRCco8Dx3QlLfEUKxzNJFL+LwfE+zi5Pk//GJcr2
V6RipeMNJGc60N/Zz2X95ut/43/tOBFh157oSXnVFdTbDJ7zc16EvjH99IIwlkEy
pasLr0i0XklormpAyUkddA3z57qy3580/sZf07QUHrQJQfy738qPf1QY6ejk560D
INBXdJk5FNJAYiogMrHyK0N1xX5WHk6qbbiAOmSefFCKcB7uL5CPcu6l8D0sAtyP
CbzuTLGqCWiDBT0aLK1xn1MNQMPT4PL7JhWqrSJnQpicgibqAsg=
=8oNH
-----END PGP SIGNATURE-----