From owner-freebsd-announce@freebsd.org  Tue Dec  1 20:46:00 2020
Return-Path: <owner-freebsd-announce@freebsd.org>
Delivered-To: freebsd-announce@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 917C54B3ECA
 for <freebsd-announce@mailman.nyi.freebsd.org>;
 Tue,  1 Dec 2020 20:46:00 +0000 (UTC)
 (envelope-from security-advisories@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4ClvJS3q6Mz4rl6;
 Tue,  1 Dec 2020 20:46:00 +0000 (UTC)
 (envelope-from security-advisories@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
 t=1606855560; h=from:from:reply-to:reply-to:subject:subject:date:date:
 message-id:message-id:to:to:cc; bh=j8pHKkZyyIFUlWl6LKZMVSFWuPcR0u2L8EepmYzhhbg=;
 b=SFRRLUMO++SY0YLwWSsl6y9BsyE772lZMw31wf/kCdvfHJ4+HpiUjojs/XWD3eFj6T+yd3
 kt1kQ1CF6cTniGVa210hMZvtyvANsbDUPQbdUbW+fdxXGTb5XkGhf16a5pVMEnXsze2N5d
 aAZpTjp9O1umj2P/RuSPr9QDrgmTfAfB+7+HcS9OJqxNuSQNgyLgIAAwJUZx9k3Ex9TjU/
 riyYsgf3Hzhe2CBjHy9j+1sqyvmgyTZ2I2bkzdfik+SQ1E035OdFeaPtUKY4ofhADMqBdn
 whBr99avIwvEJ3MVj9AQvBfS1ibaNh6RN78mBkcqtgaoxlX+pwVcvtCkSxWCVw==
Received: by freefall.freebsd.org (Postfix, from userid 945)
 id 7021019D10; Tue,  1 Dec 2020 20:46:00 +0000 (UTC)
From: FreeBSD Errata Notices <errata-notices@freebsd.org>
To: FreeBSD Errata Notices <errata-notices@freebsd.org>
Reply-To: freebsd-stable@freebsd.org
Precedence: bulk
Message-Id: <20201201204600.7021019D10@freefall.freebsd.org>
Date: Tue,  1 Dec 2020 20:46:00 +0000 (UTC)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
 s=dkim; t=1606855560; h=from:from:reply-to:reply-to:subject:subject:date:date:
 message-id:message-id:to:to:cc;
 bh=j8pHKkZyyIFUlWl6LKZMVSFWuPcR0u2L8EepmYzhhbg=;
 b=Dmp9iZeDqDteHZVZeuAO6ArlBUwhqMmDZeRypj2uuXpdTLDHbgR8cV1wiIQ4CP98RHau38
 QTLtv1zftgeM38gGojFXdn5utfjPMgkS42SR6rhC0xwAabbz3Xjh/PsI9HiwAZWfFi5ajR
 SPfZzdqLk8NPvtiL1ULw/yZdSPMUM+MMy/fFgAaeeVwJ1A7SfH8ym4sy4OqOkKemtLZqrR
 ffcLqR7BpYS0qI2IHqje6zVFEjDLGWZa24PXXUBZm9UMqET9rvRhf+e1oD6g6Jjq3Yo24l
 u3p3vXgrbEVeGY71W7NF6+1nNdtdkPBFehuWHmAZg+I1ivOiSMbn1X3eMEX78A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1606855560; a=rsa-sha256; cv=none;
 b=FP8oAZZzGf/Bb3FV44T7WPnrXSHeKZ8BcQlnTCpzA27CemfujZ49gyxBMClqEjls7obwap
 DTrYm8SBVRqRSVdvB6qFtFtPlojsV+b5xgDgw7zVXxMWyR+jpJCSu2JlLiUaZA/7M4+M1f
 0QRG1/lPC+XtzWQDRGMlXbGRZGRluJL5FhwwRAHpvacRrlGnpXo7Fjl30ihJ6qOyq9wlha
 4Jxtki4JJY4Ze4cNFVjsgXC+cGGgL70gNYewd+3MPv2tjMF7zlxsVH4poUTKerdsT34nlK
 z6apzuxGcyb2LniFe2H4A1rPAblsT1ABJvWZyHDm1Ca++7CQEL9IzwZdumSH8g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-20:21.ipfw
X-BeenThere: freebsd-announce@freebsd.org
X-Mailman-Version: 2.1.34
List-Id: "Project Announcements \[moderated\]" <freebsd-announce.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-announce>, 
 <mailto:freebsd-announce-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-announce/>
List-Post: <mailto:freebsd-announce@freebsd.org>
List-Help: <mailto:freebsd-announce-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-announce>, 
 <mailto:freebsd-announce-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 20:46:00 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-20:21.ipfw                                           Errata Notice
                                                          The FreeBSD Project

Topic:          Uninitialized variable in ipfw

Category:       core
Module:         ipfw
Announced:      2020-12-01
Affects:        FreeBSD 12.2
Corrected:      2020-10-18 20:54:15 UTC (stable/12, 12.2-STABLE)
                2020-12-01 19:36:36 UTC (releng/12.2, 12.2-RELEASE-p1)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

ipfw(8) is the command-line utility used to configure the ipfw(4) firewall.

II.  Problem Description

A regression in FreeBSD 12.2 meant that ipfw(8) fwd commands referencing
specific port numbers may configure the firewall incorrectly.

III. Impact

Forwarding rules referencing port numbers may not work as configured.

IV.  Workaround

No workaround is available.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-20:21/ipfw.patch
# fetch https://security.FreeBSD.org/patches/EN-20:21/ipfw.patch.asc
# gpg --verify ipfw.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

VI.  Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/12/                                                        r366816
releng/12.2/                                                      r368252
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250434>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:21.ipfw.asc>
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GndRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cLY3w/8DpeBoG7dMm3m60BFStxuQMkUKwuMNiYXVOADLIACLW5F8fRxleAiMh1n
09YHHO/OfoGuuI8FkviqUfwBQsX9ljY8x35/UUZtf19YTllKvmz8gTTAVYmkO0g/
ohEZBMsA9h9Wfnn51/CVziTtO597mbLsJrt+lXnYVJLUIFdf6VNbK719ZtUOq53v
5mMKaFqyZJzDTouXePPVirvsiM5a2S7qVSoWTDEgog6iYxvEeXhd4Mtbaxbl2UW5
JJ1ZUycIUECCu2MI09JxZhRaRLnUA4RfzGIu63wxUJtfiKyIK0Afn3Gm/nyF+Sop
X/rm7jg1DDdqMd55QdG9AchI4D4C0DcJbTo4r8OSRFzmwQlTAsfOAlrH3ov+E+0f
rZ8SN2gjR/y+cdWQJxQ04pGh9NJkdrWMZJdZ047NnO8jF25rSN3iMgY6PydhE5TT
JKZXcfjTUqGeFveeMqdaZ5uoUyKaE/DnrNimv7Y4tcY0dsRIVIZQb6ml1dJdrkCG
6R5/yboAp2m9dtkplGUOo7cRae8bxXTQteANhZJYT3dqKDMKUJCw6ZShmr0pg2Of
KASqUMdHYSIyGoUaQ+Pd3s5UweuG8NEZt+p302qbn8cBCncMioibZqUJyo0lt/zn
jVFCZuepLOSGH7u0hYvlizkpbsXkUraBkQOTelqYyxXGoWF7WQg=
=N2u/
-----END PGP SIGNATURE-----