FreeBSD The Power to Serve

FreeBSD 12.2-RELEASE Errata

Abstract

This document lists errata items for FreeBSD 12.2-RELEASE, containing significant information discovered after the release or too late in the release cycle to be otherwise included in the release documentation. This information includes security advisories, as well as news relating to the software or documentation that could affect its operation or usability. An up-to-date version of this document should always be consulted before installing this version of FreeBSD.

This errata document for FreeBSD 12.2-RELEASE will be maintained until the release of FreeBSD 12.3-RELEASE.

Introduction

This errata document contains "late-breaking news" about FreeBSD 12.2-RELEASE Before installing this version, it is important to consult this document to learn about any post-release discoveries or problems that may already have been found and fixed.

Any version of this errata document actually distributed with the release (for example, on a CDROM distribution) will be out of date by definition, but other copies are kept updated on the Internet and should be consulted as the "current errata" for this release. These other copies of the errata are located at https://www.FreeBSD.org/releases/, plus any sites which keep up-to-date mirrors of this location.

Source and binary snapshots of FreeBSD 12-STABLE also contain up-to-date copies of this document (as of the time of the snapshot).

For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/security/.

Security Advisories

Advisory Date Topic

FreeBSD-SA-20:31.icmp6

1 December 2020

Use-after-free in error message handling

FreeBSD-SA-20:32.rtsold

1 December 2020

Multiple vulnerabilities

FreeBSD-SA-20:33.openssl

8 December 2020

NULL pointer de-reference

FreeBSD-SA-21:01.fsdisclosure

29 January 2021

Kernel stack disclosure

FreeBSD-SA-21:02.xenoom

29 January 2021

Kernel panic

FreeBSD-SA-21:03.pam_login_access

24 February 2021

Privilege escalation

FreeBSD-SA-21:04.jail_remove

24 February 2021

Privilege escalation

FreeBSD-SA-21:05.jail_chdir

24 February 2021

Privilege escalation

FreeBSD-SA-21:06.xen

24 February 2021

Resource leaks

FreeBSD-SA-21:07.openssl

25 March 2021

Multiple vulnerabilities

FreeBSD-SA-21:08.vm

6 April 2021

Kernel memory disclosure

FreeBSD-SA-21:09.accept_filter

6 April 2021

Privilege escalation or memory disclosure

FreeBSD-SA-21:10.jail_mount

6 April 2021

Privilege escalation

FreeBSD-SA-21:11.smap

26 May 2021

Mitigation bypass

FreeBSD-SA-21:12.libradius

26 May 2021

Denial of service

FreeBSD-SA-21:13.bhyve

24 August 2021

Missing error handling in bhyve(8) device models

FreeBSD-SA-21:14.ggatec

24 August 2021

Remote code execution in ggatec(8)

FreeBSD-SA-21:15.libfetch

24 August 2021

libfetch out of bounds read

FreeBSD-SA-21:16.openssl

24 August 2021

Multiple vulnerabilities in OpenSSL

FreeBSD-SA-21:17.openssl

24 August 2021

Multiple vulnerabilities in OpenSSL

Errata Notices

Errata Date Topic

FreeBSD-EN-20:19.audit

1 December 2020

execve/fexecve system call auditing

FreeBSD-EN-20:20.tzdata

1 December 2020

Timezone database information update

FreeBSD-EN-20:21.ipfw

1 December 2020

Uninitialized variable

FreeBSD-EN-20:22.callout

1 December 2020

Race condition in callout CPU migration

FreeBSD-EN-21:01.tzdata

29 January 2021

Timezone database information update

FreeBSD-EN-21:03.vnet

29 January 2021

Panic when destroying VNET and epair simultaneously

FreeBSD-EN-21:04.zfs

29 January 2021

zfs recv fails to propagate snapshot deletion

FreeBSD-EN-21:06.microcode

24 February 2021

Boot-time microcode loading causes a boot hang

FreeBSD-EN-21:07.caroot

24 February 2021

Root certificate bundle update

FreeBSD-EN-21:08.freebsd-update

24 February 2021

freebsd-update passwd regeneration

FreeBSD-EN-21:09.pf

6 April 2021

net.pf.request_maxcount not settable from loader.conf(5)

FreeBSD-EN-21:10.lldb

6 April 2021

lldb abort on print command

FreeBSD-EN-21:11.aesni

26 May 2021

Race condition in aesni(4) encrypt-then-auth operations

FreeBSD-EN-21:12.divert

26 May 2021

Kernel double free when transmitting on a divert socket

FreeBSD-EN-21:14.pms

26 May 2021

pms(4) data corruption

FreeBSD-EN-21:16.bc

26 May 2021

dc update

FreeBSD-EN-21:17.libradius

1 June 2021

Incorrect validation in rad_get_attr(3)

FreeBSD-EN-21:19.libcasper

30 June 2021

libcasper assertion failure

FreeBSD-EN-21:22.linux_futex

30 June 2021

Linux compatibility layer futex(2) system call vulnerability

FreeBSD-EN-21:24.libcrypto

24 August 2021

OpenSSL 1.1.1e API functions not exported

FreeBSD-EN-21:25.bhyve

24 August 2021

Fix NVMe iovec construction for large IOs

Open Issues

[2020-10-27] A regression in ipfw(8) was discovered where packets are not properly forwarded with multiple IP addresses bound to the same interface.

This issue had been corrected in FreeBSD-EN-20:21.ipfw.

See PR 250434 for additional details.

[2020-10-27] A regression with zfs(8) send/recv was discovered where ZFS snapshots are not properly deleted under certain conditions.

An Errata Notice is planned for 12.2-RELEASE.

See PR 249438 for additional details.

[2020-10-27] A regression was discovered with the FreeBSD/armv7 BEAGLEBONE images where SD card I/O takes an excessive amount of time. As such, there are no BEAGLEBONE images for this release.

Late-Breaking News

[2020-10-27] A very late issue was discovered with the x11/gdm package included on the amd64 and i386 DVD installer which causes GDM to fail to start properly.

Those installing GNOME as a new installation from the DVD should upgrade x11/gdm from the upstream pkg(8) mirrors after installation.

Those installing GNOME on a new installation from the upstream pkg(8) mirrors, or upgrading from a previous FreeBSD release should not experience any issues.

[2020-11-11] Due to slight changes to the ABI and KBI between FreeBSD 12.1 and FreeBSD 12.2, it is important to note that certain third-party kernel modules may need to be rebuilt locally, until FreeBSD 12.1 reaches end of life.

Of note, this includes, but is not limited to, graphics/*-kmod, net/*-kmod, and possibly others that are too extensive to list.