1. Forum
  2. USENET
  3. muc.lists.freebsd.stable

  • Re: FreeBSD Errata Notice FreeBSD-EN-26:07.pkgbase [Some notes/reminders about pkgbase /usr/src content and such]

    From Mark Millard@marklmi@yahoo.com to muc.lists.freebsd.stable on Tue Apr 21 11:57:59 2026
    From Newsgroup: muc.lists.freebsd.stable

    Since this one is about pkgbase contexts . . .

    On 4/21/26 10:02, FreeBSD Errata Notices wrote:
    ============================================================================= FreeBSD-EN-26:07.pkgbase Errata Notice
    The FreeBSD Project

    Topic: Base packages fail to build with newer versions of libucl

    Category: core
    Module: packages
    Announced: 2026-04-21
    Affects: FreeBSD 15.0
    Corrected: 2026-04-07 11:27:02 UTC (stable/15, 15.0-STABLE)
    2026-04-21 15:44:26 UTC (releng/15.0, 15.0-RELEASE-p6)

    For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security
    branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>.

    I. Background

    The libucl library is used for parsing documents in the UCL markup format. The base system private Lua (flua) exposes libucl to Lua applications via
    the "ucl" module.

    II. Problem Description

    In libucl version 0.9.3, an API change was made in the Lua ucl module
    to prohibit the use of certain syntax by default, specifically the
    ".include" directive. This change causes the base system package build ("make update-packages") to fail when the host system is using libucl
    0.9.3 or later.

    III. Impact

    Future versions of FreeBSD, which include libucl 0.9.3 or later, will
    be unable to build FreeBSD 15.0 base system packages from source.

    IV. Workaround

    No workaround is available.

    V. Solution

    Update the base system source tree to a supported FreeBSD stable or
    release / security branch (releng) dated after the correction date.

    No action is required on the host (build) system.

    To update your system via a source code patch:

    The following patches have been verified to apply to the applicable
    FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

    # fetch https://security.FreeBSD.org/patches/EN-26:07/pkgbase.patch
    # fetch https://security.FreeBSD.org/patches/EN-26:07/pkgbase.patch.asc
    # gpg --verify pkgbase.patch.asc

    b) Apply the patch. Execute the following commands as root:

    # cd /usr/src

    If /usr/src is from a pkgbase install/upgrade, it is not set up for use
    with git. That is relevant later below.

    # patch < /path/to/patch

    For folks that do not build their own pkgbase, normally the technique
    would be to do a normal binary pkgbase update. In this case, using
    aarch64 as an example context, if that activity included FreeBSD-src-sys
    and FreeBSD-src (at or later than shown below):

    FreeBSD-src-sys-15.snap20260421090558.pkg
    FreeBSD-src-15.snap20260421100537.pkg

    that should have updated to have source files were based on having had
    the patch applied. (Snapshot date/time naming will vary across platforms.)


    VI. Correction details

    This issue is corrected as of the corresponding Git commit hash in the following stable and release branches:

    Branch/path Hash Revision ------------------------------------------------------------------------- stable/15/ 976b2ebf4309 stable/15-n282865 releng/15.0/ f3bbb238daa1 releng/15.0-n281021 -------------------------------------------------------------------------

    Run the following command to see which files were modified by a
    particular commit:

    # git show --stat <commit hash>

    /usr/src supplied by pkgbase does not have normal/easy traceability to
    git hashes so far as I know. (For example, establish a git comparison
    tree and then recursive diff that and the pkgbase /usr/src --ignoring
    git infrastructure files that are not in /usr/src/ .)

    For pkgbase's base_latest distributions (so: stable/15 based in this
    context) the git hash that would be accurate for /usr/src/sys/ (which
    has its own .pkg file) might not be an exact match to what would match
    all of the rest of /usr/src/ (which has its own .pkg file): a commit can
    occur between the two separate source grabs and make the two hashes
    distinct. (main also has this property.)

    Looking at the appropriate (say, * being aarch64):

    https://pkg.freebsd.org/FreeBSD:15:*/base_latest/?C=M&O=D

    can help confirm things are in place. Similarly for looking at
    appropriate base_latest rows in:

    https://people.freebsd.org/~dbaio/pkg-master-report.html

    For example: For a while after the announcements went out, freebsd:14:aarch64:64 in pkg-master-report's display showed as "missing"
    (20 for % Synched) when I looked. (Now it shows 100.)


    Or visit the following URL, replacing NNNNNN with the hash:

    <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

    To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run:

    # git rev-list --count --first-parent HEAD

    VII. References

    The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:07.pkgbase.asc>


    --
    ===
    Mark Millard
    marklmi at yahoo.com


    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.21f-Linux NewsLink 1.2