BSDSec

deadsimple BSD Security Advisories and Announcements

FreeBSD Errata Notice FreeBSD-EN-23:01.tzdata

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-23:01.tzdata                                         Errata Notice
                                                          The FreeBSD Project

Topic:          Timezone database information update

Category:       contrib
Module:         zoneinfo
Announced:      2022-02-08
Affects:        All supported versions of FreeBSD.
Corrected:      2022-12-01 01:36:29 UTC (stable/13, 13.1-STABLE)
                2023-02-08 16:08:28 UTC (releng/13.1, 13.1-RELEASE-p6)
                2022-12-01 01:40:23 UTC (stable/12, 12.4-STABLE)
                2023-02-08 18:30:20 UTC (releng/12.4, 12.4-RELEASE-p1)
                2023-02-08 18:28:25 UTC (releng/12.3, 12.3-RELEASE-p11)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

The IANA Time Zone Database (often called tz or zoneinfo) contains code and
data that represent the history of local time for many representative
locations around the globe.  It is updated periodically to reflect changes
made by political bodies to time zone boundaries, UTC offsets, and
daylight-saving rules.

FreeBSD releases install the IANA Time Zone Database in /usr/share/zoneinfo.
The tzsetup(8) utility allows the user to specify the default local time
zone.  Based on the selected time zone, tzsetup(8) copies one of the files
from /usr/share/zoneinfo to /etc/localtime.  A time zone may also be selected
for an individual process by setting its TZ environment variable to a desired
time zone name.

II.  Problem Description

Several changes to future and past timestamps have been recorded in the IANA
Time Zone Database after previous FreeBSD releases were released.  This
affects many users in different parts of the world.  Because of these
changes, the data in the zoneinfo files need to be updated.  If the local
timezone on the running system is affected, tzsetup(8) needs to be run to
update /etc/localtime.

III. Impact

An incorrect time will be displayed on a system configured to use one of the
affected time zones if the /usr/share/zoneinfo and /etc/localtime files are
not updated, and all applications on the system that rely on the system time,
such as cron(8) and syslog(8), will be affected.

IV.  Workaround

The system administrator can install an updated version of the IANA Time Zone
Database from the misc/zoneinfo port and run tzsetup(8).

Applications that store and display times in Coordinated Universal Time (UTC)
are not affected.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

Please note that some third party software, for instance PHP, Ruby, Java,
Perl and Python, may be using different zoneinfo data sources, in such cases
this software must be updated separately.  Software packages that are
installed via binary packages can be upgraded by executing 'pkg upgrade'.

Following the instructions in this Errata Notice will only update the IANA
Time Zone Database installed in /usr/share/zoneinfo.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

Restart all the affected applications and daemons, or reboot the system.

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-23:01/tzdata-2022g.patch
# fetch https://security.FreeBSD.org/patches/EN-23:01/tzdata-2022g.patch.asc
# gpg --verify tzdata-2022g.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch -E < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

Restart all the affected applications and daemons, or reboot the system.

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/13/                              e851e0aabdff    stable/13-n253192
releng/13.1/                            9e3b86743c4b  releng/13.1-n250175
stable/12/                                                        r372783
releng/12.4/                                                      r372915
releng/12.3/                                                      r372911
- -------------------------------------------------------------------------

For FreeBSD 13 and later:

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

For FreeBSD 12 and earlier:

Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

<URL:https://github.com/eggert/tz/blob/2022g/NEWS>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:01.tzdata.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmPj7/8ACgkQbljekB8A
Gu/xNg/9EgSCULshR9xN3vYa4sTdsMVLpz24zuRMxPqYAAFckJ2GDOwDuvIA78r+
U8u/efb0pE3xJvbAH0vFMUqt7mxsJeO4TVurEpAMrsuQRfjru0FLzNlXhJUnTDF9
mSveNDs1QeihpaOfG8b8v8onk1Nr6SMuVO37s5FdFNrGxc+WHpmXJiQqHy71r0AG
4CtdgZ+TxjRmvKeU2ue/+xjDVhhTUEFoOjwaeq54dgVP9u3aFENFejcOjPZYVWJt
aNaMAiWvarER1HIhqKppVbui/U7J73lWC0ocBwCAA/NDhC5C0IEw3tPx5KLOmw5c
M4TX4bliFNLWnokPEdTd9OLU0OJzDhPn00awm9NH0c6F3y/dznHoYtKXVirj7GpW
FbKxsrsJf8xFxAHyFApLan7i7I1Y3R+mnRimYMUonfv08tVcCMlSu9QMXNmC+0+r
phCU6mwtrv/RwoRk0QGYyg9z4sfX+eKX2zhHiEigvbD6IHnIpcIRgu6yuZL/eETg
AwG2WUX3WSvi6C6hcQKPYw0mhxp4WnIFz6FmFYWBESDTSDjWRhmHCLU2VV7JvuPn
zRpY1dYJSbulAvWEXbKTh5oALuYfVSeL9qnbL2cmcxFCHJcyMm/yB9VOG9nMBFQD
drCXwK/KGV1jvD0OxHaemLs7hxTJwOaI4RKl9OWIS6J195YdPIc=z60r
-----END PGP SIGNATURE-----