Date: Tue, 17 Jan 2023 12:54:11 -0500 From: "David E. Cross" <david@crossfamilyweb.com> To: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: ...tales of lost ENs. Message-ID: <c8bf660c-e121-6abf-8057-bc28e7482348@crossfamilyweb.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
So, many (many) months ago I complained about 'missing' ENs.
I was then told that no EN had ever been filed (which since I was asking
about bug reports I had seen listed by other people never occurred to me
that it hadn't been done).
I then submitted 3 ENs (date on the files is Aug 30, 2022)
Then yet another person commented about one of those bugs in a new
release (12.x) that never got fixed.
I then posted all 3 ENs, this time publically.
I have not seen any mention of these; how do I nudge these along?
(re-attached for visibility, they are out of date since at least one now
affects 12.x because it sat so long)
[-- Attachment #2 --]
=============================================================================
FreeBSD-EN-ERRATA_TEMPLATE Errata Notice
The FreeBSD Project
Topic:
Category: core
Module: loader
Announced: 2022-XX-XX
Credits:
Affects: FreeBSD 13.1
Corrected: ????
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
geli is an encrpytion component of the GEOM subsystem of FreeBSD that
allows partitions or disks to be encrypted. Both the kernel and loader(8)
have support to allow booting from encrypted disks and prompting for a
password at boot time.
II. Problem Description
A change to libstand(3) sometime between 13.0 and 13.1 prevents loader from
recognizing the partition after the built in geli driver has attached the
partition , preventing auto booting of encrypted root partitions.
This bug was tracked at:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264282
III. Impact
Systems running 13.1 with encrypted root disks will not autoboot.
IV. Workaround
Systems affected may revert to loader(8) from 13.0. Additionally
setting currdev and rootdev to the correct partition manually will
allow booting of the system.
Systems without geli root disk encryption are unaffected.
V. Solution
PATCH
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
[XX Needs reboot? Mention please]
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
*** Reboot needed to validate fix ***
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 13.1]
# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch
# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch.asc
# gpg --verify XXXX.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
<for a userland utility:>
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:
Branch/path Hash Revision
-------------------------------------------------------------------------
stable/13/ XXXXXXXXXXXX stable/13-nXXXXXX
releng/13.1/ XXXXXXXXXXXX releng/13.1-nXXXXXX
-------------------------------------------------------------------------
For FreeBSD 13 and later:
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>;
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
<other info on the problem>
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=XXXXXX>;
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-XX:XX.XXXXX.asc>;
[-- Attachment #3 --]
=============================================================================
FreeBSD-EN-ERRATA_TEMPLATE Errata Notice
The FreeBSD Project
Topic:
Category: core
Module: LLVM
Announced: 2022-XX-XX
Credits:
Affects: Unsure? 13.1 definitely, bug report references 12.x
but unsure if that made it to a -RELEASE
Corrected: 2022-XX-XX XX:XX:XX UTC (stable/13, 13.1-STABLE)
2022-XX-XX XX:XX:XX UTC (releng/13.1, 13.1-RELEASE-pXX)
2022-XX-XX XX:XX:XX UTC (releng/13.0, 13.0-RELEASE-pXX)
2022-XX-XX XX:XX:XX UTC (stable/12, 12.3-STABLE)
2022-XX-XX XX:XX:XX UTC (releng/12.3, 12.3-RELEASE)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
LLVM is a third party compiler that is distributed as part of base.
FreeBSD uses this compiler to convert source code to system object code
for the kernel, libraries, system utilities, and ports.
AVX is a set of instructions on Intel processors that speed certain
vector computing operations. AVX-512 is a specific version of these
instructions available on specific CPUs.
II. Problem Description
FreeBSD and LLVM allow various options to be set to tailor the system
to specific environments by setting build parameters that affect linking,
optimization, and target CPU. The version of LLVM included with
FreeBSD 13.1 (and maybe 12.x?) includes a bug with certain target CPUs
using AVX-512 instructions that causes the compiler to enter an infinite
loop, eventually terminating when it has used all available memory.
III. Impact
When compiling certain libraries or applications with the system LLVM
in 13.1 (and maybe 12.x?) the compiler will hang.
IV. Workaround
Removing the CPUTYPE option from /etc/make.conf, or by setting it to a
CPUTYPE that does not have AVX512 will prevent the infinite loop.
Settin the CPUTYPE is a non-default setting, systems using default
configurations are unaffected.
V. Solution
Patch from : https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264394
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
[XX Needs reboot? Mention please]
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
[XX Needs reboot? Mention please]
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 13.1]
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
<for a userland utility:>
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:
Branch/path Hash Revision
-------------------------------------------------------------------------
stable/13/ XXXXXXXXXXXX stable/13-nXXXXXX
releng/13.1/ XXXXXXXXXXXX releng/13.1-nXXXXXX
releng/13.0/ XXXXXXXXXXXX releng/13.0-nXXXXXX
stable/12/ rXXXXXX
releng/12.3/ rXXXXXX
-------------------------------------------------------------------------
For FreeBSD 13 and later:
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>;
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
For FreeBSD 12 and earlier:
Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
VII. References
<other info on the problem>
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=XXXXXX>;
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-XX:XX.XXXXX.asc>;
[-- Attachment #4 --]
=============================================================================
FreeBSD-EN-ERRATA_TEMPLATE Errata Notice
The FreeBSD Project
Topic:
Category: core
Module: bhyve
Announced: 2022-XX-XX
Credits:
Affects: 13.1
Corrected: 2022-XX-XX XX:XX:XX UTC (stable/13, 13.1-STABLE)
2022-XX-XX XX:XX:XX UTC (releng/13.1, 13.1-RELEASE-pXX)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
bhyve is the FreeBSD hypervisor, loader is the FreeBSD boot loader,
userboot.so is a version of loader that runs in userland as part of the
bhyveload process to setup the bhyve environemnt for executing a FreeBSD
guest operating system under bhyve.
BIND_NOW is a system hardening setting that makes certain types of
memory corruption more difficult.
II. Problem Description
Compiling the world with BIND_NOW (a non-default option) results in a
version of userboot.so that will not link with bhyveload, preventing
setup and execution of FreeBSD based guest operating systems with the
bhyve VM.
III. Impact
Systems that choose this hardening option are unable to run the default
type of FreeBSD VM under bhyve.
IV. Workaround
Multiple workarounds exist.
a) Removing BIND_NOW from system build options in src.conf and rebuilding
b) using UEFI based bhyve VMs (not available on all hardware)
c) using a different version of userboot.so via the -l option to
bhyveload. For example one saved in an alternate location after a build
without BIND_NOW
V. Solution
Apply patch from:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262920
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Does not need reboot.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
[XX Needs reboot? Mention please]
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 13.1]
# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch
# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch.asc
# gpg --verify XXXX.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
<for a userland utility:>
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:
Branch/path Hash Revision
-------------------------------------------------------------------------
stable/13/ XXXXXXXXXXXX stable/13-nXXXXXX
releng/13.1/ XXXXXXXXXXXX releng/13.1-nXXXXXX
releng/13.0/ XXXXXXXXXXXX releng/13.0-nXXXXXX
stable/12/ rXXXXXX
releng/12.3/ rXXXXXX
-------------------------------------------------------------------------
For FreeBSD 13 and later:
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>;
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
For FreeBSD 12 and earlier:
Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
VII. References
<other info on the problem>
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=XXXXXX>;
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-XX:XX.XXXXX.asc>;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c8bf660c-e121-6abf-8057-bc28e7482348>