FreeBSD Errata Notice FreeBSD-EN-23:06.loader

From: FreeBSD Errata Notices <errata-notices_at_freebsd.org>
Date: Wed, 21 Jun 2023 06:20:53 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-23:06.loader                                         Errata Notice
                                                          The FreeBSD Project

Topic:          x86 kernel console configuration

Category:       core
Module:         loader
Announced:      2023-06-21
Affects:        FreeBSD 13.x
Corrected:      2023-04-26 17:30:19 UTC (stable/13, 13.2-STABLE)
                2023-06-21 05:05:15 UTC (releng/13.2, 13.2-RELEASE-p1)
                2023-06-21 05:05:51 UTC (releng/13.1, 13.1-RELEASE-p8)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

The x86 loader's "comconsole" driver drives an ns16550-like uart for the loader
output, and it also generates a console specification for the kernel to use.

II.  Problem Description

comconsole will unconditionally clear the hw.uart.console environment variable,
whether the system is configured to use comconsole or not.

III. Impact

Systems with uart hardware that the kernel supports but loader doesn't cannot be
configured to use this uart for console output if comconsole clears the
hw.uart.console variable even when it's not in use.

IV.  Workaround

No workaround is available, but non-x86 machines and x86 machines using UEFI to
boot are not affected.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.  A reboot will be required to
get console output.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
# reboot

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-23:06/loader.patch
# fetch https://security.FreeBSD.org/patches/EN-23:06/loader.patch.asc
# gpg --verify loader.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

Reboot the system to use the new /boot/loader.

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/13/                              362677cae8e9    stable/13-n255172
releng/13.2/                            525ac1948af8  releng/13.2-n254618
releng/13.1/                            5d2bbb9db2d2  releng/13.1-n250184
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:06.loader.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmSSkjkACgkQbljekB8A
Gu/4HQ//WJFI/SehPJhbpyGKsePYJSecIA6FYS3/pEYmffxEHCxAlWIovYfZwEsl
7UrqQfCOFIEtF2Au4GAhI2srH7+ecEFYyHzMfrWANLRMnHlqqLUqCdgmY6FKSM+v
L0kIOh2ygMCU4s1nNjXDT5rwjLhS8rl+oaVbDvSHBIcwyNL0FdouuMnQR2GcHW1q
nu+iYXCG0OAS7DAJ1hmPG5f85iXvt8dRfC9i/EH7sQSLJ8wZQIgQXOGbwwpMbPDW
dsPP3mvxZ2h2i3WAMd2bidby+ImbDynpiabT8BuTg7vOo6P6pf+bREKKnHOQrN4C
sZGzpPDGPKo0rAJ94R5qAS2QgzGX5gS/p0vporpwnvKZWL18AoioHp/Bh9TXFWfW
8aQn2LcIEjd/vhU1B1Erg1ctavD71W6A5ZTxU5BocNot3ZIts2VTuF2LajUJ8bSp
y2DBP3FmpFZi3CHvDV3NmJvUyasHb12EipYhamzAWpvUxRC0YP1zLaYbFRusSlFA
D6rjrRh0sd9AGip6gZ0ZSLd0v7kuebpqCh8nTEd1Betyg1pa00SGLTp++RsPcgow
D6ty5KWjItqbS1UGibFAexXRTc0PPW+/Jd+UmgoAWA6HYuw4HwznxIdfBGy4qMsN
V30TjUxl7ulInD3Ts92TOU5FpHiS2yGNFLBkeT/RClbnaXHIC0Y=
=gAQK
-----END PGP SIGNATURE-----