FreeBSD Errata Notice FreeBSD-EN-23:06.loader
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 21 Jun 2023 06:20:53 UTC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-23:06.loader Errata Notice The FreeBSD Project Topic: x86 kernel console configuration Category: core Module: loader Announced: 2023-06-21 Affects: FreeBSD 13.x Corrected: 2023-04-26 17:30:19 UTC (stable/13, 13.2-STABLE) 2023-06-21 05:05:15 UTC (releng/13.2, 13.2-RELEASE-p1) 2023-06-21 05:05:51 UTC (releng/13.1, 13.1-RELEASE-p8) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The x86 loader's "comconsole" driver drives an ns16550-like uart for the loader output, and it also generates a console specification for the kernel to use. II. Problem Description comconsole will unconditionally clear the hw.uart.console environment variable, whether the system is configured to use comconsole or not. III. Impact Systems with uart hardware that the kernel supports but loader doesn't cannot be configured to use this uart for console output if comconsole clears the hw.uart.console variable even when it's not in use. IV. Workaround No workaround is available, but non-x86 machines and x86 machines using UEFI to boot are not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. A reboot will be required to get console output. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # reboot 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-23:06/loader.patch # fetch https://security.FreeBSD.org/patches/EN-23:06/loader.patch.asc # gpg --verify loader.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Reboot the system to use the new /boot/loader. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 362677cae8e9 stable/13-n255172 releng/13.2/ 525ac1948af8 releng/13.2-n254618 releng/13.1/ 5d2bbb9db2d2 releng/13.1-n250184 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:06.loader.asc> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmSSkjkACgkQbljekB8A Gu/4HQ//WJFI/SehPJhbpyGKsePYJSecIA6FYS3/pEYmffxEHCxAlWIovYfZwEsl 7UrqQfCOFIEtF2Au4GAhI2srH7+ecEFYyHzMfrWANLRMnHlqqLUqCdgmY6FKSM+v L0kIOh2ygMCU4s1nNjXDT5rwjLhS8rl+oaVbDvSHBIcwyNL0FdouuMnQR2GcHW1q nu+iYXCG0OAS7DAJ1hmPG5f85iXvt8dRfC9i/EH7sQSLJ8wZQIgQXOGbwwpMbPDW dsPP3mvxZ2h2i3WAMd2bidby+ImbDynpiabT8BuTg7vOo6P6pf+bREKKnHOQrN4C sZGzpPDGPKo0rAJ94R5qAS2QgzGX5gS/p0vporpwnvKZWL18AoioHp/Bh9TXFWfW 8aQn2LcIEjd/vhU1B1Erg1ctavD71W6A5ZTxU5BocNot3ZIts2VTuF2LajUJ8bSp y2DBP3FmpFZi3CHvDV3NmJvUyasHb12EipYhamzAWpvUxRC0YP1zLaYbFRusSlFA D6rjrRh0sd9AGip6gZ0ZSLd0v7kuebpqCh8nTEd1Betyg1pa00SGLTp++RsPcgow D6ty5KWjItqbS1UGibFAexXRTc0PPW+/Jd+UmgoAWA6HYuw4HwznxIdfBGy4qMsN V30TjUxl7ulInD3Ts92TOU5FpHiS2yGNFLBkeT/RClbnaXHIC0Y= =gAQK -----END PGP SIGNATURE-----