freebsd-update: Fix merging already-updated files

When performing an "upgrade" (moving between FreeBSD releases, as opposed to "update" which merely applies security/errata updates to the installed release) FreeBSD Update: 1. Generates a list of "files needing to be merged", namely those files which don't match the version installed in the "old" release and have paths matching the MergeChanges configuration directive (by default, /boot/device.hints and everything under /etc/). and later on, 2. Compares the currently-installed files to the versions in the "new" release, removing index entries for files which "don't need to be updated because they're not changing". Unfortunately if a file falls into both of these categories -- that is to say, if a file in /etc/ is the same as the version in the new release and not the same as the version in the old release -- the resulting "merge" step saw that the file was no longer listed as being part of the new release, resulting in the file being deleted. For the first 18 years of FreeBSD Update's existence, this never happened, since $FreeBSD$ tags resulted in "new release" files always being different from any files systems would already have installed. This commit fixes this behaviour by only placing a file into the "files needing to be merged" list if it does not match the version in the old release *or* the version in the new release. Reported by: des Reviewed by: delphij (earlier version), des, emaste Approved by: so Security: FreeBSD-EN-23:09.freebsd-update Differential Revision: https://reviews.freebsd.org/D39973 (cherry picked from commit c55b7e5) (cherry picked from commit 5f446a1)
freebsd · Oct 3, 2023 · 193b7e3 · 193b7e3
1 parent 927b6e7
commit 193b7e3
Showing 1 changed file with 11 additions and 9 deletions.
diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh
@@ -1677,21 +1677,23 @@ fetch_inspect_system () {
 	echo "done."
 }
 
-# For any paths matching ${MERGECHANGES}, compare $1 and $2 and find any
-# files which differ; generate $3 containing these paths and the old hashes.
+# For any paths matching ${MERGECHANGES}, compare $2 against $1 and $3 and
+# find any files with values unique to $2; generate $4 containing these paths
+# and their corresponding hashes from $1.
 fetch_filter_mergechanges () {
 	# Pull out the paths and hashes of the files matching ${MERGECHANGES}.
-	for F in $1 $2; do
+	for F in $1 $2 $3; do
 		for X in ${MERGECHANGES}; do
 			grep -E "^${X}" ${F}
 		done |
 		    cut -f 1,2,7 -d '|' |
 		    sort > ${F}-values
 	done
 
-	# Any line in $2-values which doesn't appear in $1-values and is a
-	# file means that we should list the path in $3.
-	comm -13 $1-values $2-values |
+	# Any line in $2-values which doesn't appear in $1-values or $3-values
+	# and is a file means that we should list the path in $3.
+	sort $1-values $3-values |
+	    comm -13 - $2-values |
 	    fgrep '|f|' |
 	    cut -f 1 -d '|' > $2-paths
 
@@ -1703,10 +1705,10 @@ fetch_filter_mergechanges () {
 	while read X; do
 		look "${X}|" $1-values |
 		    head -1
-	done < $2-paths > $3
+	done < $2-paths > $4
 
 	# Clean up
-	rm $1-values $2-values $2-paths
+	rm $1-values $2-values $3-values $2-paths
 }
 
 # For any paths matching ${UPDATEIFUNMODIFIED}, remove lines from $[123]
@@ -2698,7 +2700,7 @@ upgrade_run () {
 
 	# Based on ${MERGECHANGES}, generate a file tomerge-old with the
 	# paths and hashes of old versions of files to merge.
-	fetch_filter_mergechanges INDEX-OLD INDEX-PRESENT tomerge-old
+	fetch_filter_mergechanges INDEX-OLD INDEX-PRESENT INDEX-NEW tomerge-old
 
 	# Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which
 	# correspond to lines in INDEX-PRESENT with hashes not appearing