From nobody Wed Jun 21 06:20:53 2023 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QmD06009Vz4g7kj for ; Wed, 21 Jun 2023 06:20:53 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QmD056HGyz3t39; Wed, 21 Jun 2023 06:20:53 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687328453; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=CDWLUzAZunFNQHejv/tBENjsvdj1/5icKG9+uqaQ1cM=; b=YegE0I6VFgqCWKqYTIAKogseTkXuD6DVM/IBAKtjpVop0+MXX4CQ+ZamI6YXQaKlfCVOaR uwfQEaR5F/cK6wXsS0g58KnyxzYnQBnKrNXPJDjwEUrnhC8GysCnYXGUFXFlSy7xSQ2LAB ucOpLsQC+a2bUQHJ/l8s84ZhBqBbumjO+Cnew/JlD6IxtQdycJ3DCkpBe852ngZdepnqDN 7ExLufrLBFL7/Kh3SaaP9WVmCntdcDKdeiCdVTfWadP8OzLRJ75+aQXVRc++JWLn5nCpDp nccxphCyPS8foTRaihjZGIjUsXbxJGIgM+EXPweLCFfb9qN2WfSc5ZskJAW8ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687328453; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=CDWLUzAZunFNQHejv/tBENjsvdj1/5icKG9+uqaQ1cM=; b=TsAoMAM6ilwviT10kA45qpMfv5AE+8q9bis6Kepmx2AIFkRKhaUvXbJ5LAxhIMXtS4XcuI V9mmVvUccBQTKydfPM3ZuJEvG/zzhsqtJbvbOOPdDDaUoWwBMuPoAlDBi29a5xdgovejZ/ iqO9l2btATsph5xKcfdrPZldxQBlPPOgb90ChsarDxXohkTty80SZbbp2uf2DtzmJ6QQzk Qr2C+Bnn1z8xmwjgynWz0UTA1U9NPyLnmEFMEtqg10TNZVZLai4E+/BKN/De1UjfXeT0IS yGSbxA58evRuanrXoZKsnDvasuGoGgCpBcAeUnIR5zPd31gJpWyG5eY7czpB+Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687328453; a=rsa-sha256; cv=none; b=R8/UtX/MpseQD7HklZ2IwU4TUV0ctk/hO0GFPr234p0UWTzfYFoSMh7Vg9JgHUsBoSZk1q UxZDdY7NAPxI44QBYc+G73uUPb/plOyrHAZi63Bmpuz5LqBX6B5xhAkCUkm6ijdNJebjT3 XRGOUbSIue8uZnSrtoeFWqJU/cpndGW2vYW/SUdcPWV2lOsUfNEfCFyZiaWDpNDvF1nkO0 ePwvWgU7ZiD+BSQRaU9HD2qvPTk2A0vvXSIIDbPT0NrvYq8DKyZuiH+7ZLyWz6FHI9bCKw E4Bpl2wDSkD1E5/ppu2icWftPTMu3vxJZB63IHi0MrlBAWBu6fUprgtSmN09Ng== Received: by freefall.freebsd.org (Postfix, from userid 945) id B786DEDCF; Wed, 21 Jun 2023 06:20:53 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-23:06.loader Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20230621062053.B786DEDCF@freefall.freebsd.org> Date: Wed, 21 Jun 2023 06:20:53 +0000 (UTC) X-ThisMailContainsUnwantedMimeParts: N List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-23:06.loader Errata Notice The FreeBSD Project Topic: x86 kernel console configuration Category: core Module: loader Announced: 2023-06-21 Affects: FreeBSD 13.x Corrected: 2023-04-26 17:30:19 UTC (stable/13, 13.2-STABLE) 2023-06-21 05:05:15 UTC (releng/13.2, 13.2-RELEASE-p1) 2023-06-21 05:05:51 UTC (releng/13.1, 13.1-RELEASE-p8) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The x86 loader's "comconsole" driver drives an ns16550-like uart for the loader output, and it also generates a console specification for the kernel to use. II. Problem Description comconsole will unconditionally clear the hw.uart.console environment variable, whether the system is configured to use comconsole or not. III. Impact Systems with uart hardware that the kernel supports but loader doesn't cannot be configured to use this uart for console output if comconsole clears the hw.uart.console variable even when it's not in use. IV. Workaround No workaround is available, but non-x86 machines and x86 machines using UEFI to boot are not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. A reboot will be required to get console output. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # reboot 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-23:06/loader.patch # fetch https://security.FreeBSD.org/patches/EN-23:06/loader.patch.asc # gpg --verify loader.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Reboot the system to use the new /boot/loader. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 362677cae8e9 stable/13-n255172 releng/13.2/ 525ac1948af8 releng/13.2-n254618 releng/13.1/ 5d2bbb9db2d2 releng/13.1-n250184 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmSSkjkACgkQbljekB8A Gu/4HQ//WJFI/SehPJhbpyGKsePYJSecIA6FYS3/pEYmffxEHCxAlWIovYfZwEsl 7UrqQfCOFIEtF2Au4GAhI2srH7+ecEFYyHzMfrWANLRMnHlqqLUqCdgmY6FKSM+v L0kIOh2ygMCU4s1nNjXDT5rwjLhS8rl+oaVbDvSHBIcwyNL0FdouuMnQR2GcHW1q nu+iYXCG0OAS7DAJ1hmPG5f85iXvt8dRfC9i/EH7sQSLJ8wZQIgQXOGbwwpMbPDW dsPP3mvxZ2h2i3WAMd2bidby+ImbDynpiabT8BuTg7vOo6P6pf+bREKKnHOQrN4C sZGzpPDGPKo0rAJ94R5qAS2QgzGX5gS/p0vporpwnvKZWL18AoioHp/Bh9TXFWfW 8aQn2LcIEjd/vhU1B1Erg1ctavD71W6A5ZTxU5BocNot3ZIts2VTuF2LajUJ8bSp y2DBP3FmpFZi3CHvDV3NmJvUyasHb12EipYhamzAWpvUxRC0YP1zLaYbFRusSlFA D6rjrRh0sd9AGip6gZ0ZSLd0v7kuebpqCh8nTEd1Betyg1pa00SGLTp++RsPcgow D6ty5KWjItqbS1UGibFAexXRTc0PPW+/Jd+UmgoAWA6HYuw4HwznxIdfBGy4qMsN V30TjUxl7ulInD3Ts92TOU5FpHiS2yGNFLBkeT/RClbnaXHIC0Y= =gAQK -----END PGP SIGNATURE-----