-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-20:21.ipfw Errata Notice
The FreeBSD Project
Topic: Uninitialized variable in ipfw
Category: core
Module: ipfw
Announced: 2020-12-01
Affects: FreeBSD 12.2
Corrected: 2020-10-18 20:54:15 UTC (stable/12, 12.2-STABLE)
2020-12-01 19:36:36 UTC (releng/12.2, 12.2-RELEASE-p1)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
.
I. Background
ipfw(8) is the command-line utility used to configure the ipfw(4) firewall.
II. Problem Description
A regression in FreeBSD 12.2 meant that ipfw(8) fwd commands referencing
specific port numbers may configure the firewall incorrectly.
III. Impact
Forwarding rules referencing port numbers may not work as configured.
IV. Workaround
No workaround is available.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-20:21/ipfw.patch
# fetch https://security.FreeBSD.org/patches/EN-20:21/ipfw.patch.asc
# gpg --verify ipfw.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in .
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r366816
releng/12.2/ r368252
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GndRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cLY3w/8DpeBoG7dMm3m60BFStxuQMkUKwuMNiYXVOADLIACLW5F8fRxleAiMh1n
09YHHO/OfoGuuI8FkviqUfwBQsX9ljY8x35/UUZtf19YTllKvmz8gTTAVYmkO0g/
ohEZBMsA9h9Wfnn51/CVziTtO597mbLsJrt+lXnYVJLUIFdf6VNbK719ZtUOq53v
5mMKaFqyZJzDTouXePPVirvsiM5a2S7qVSoWTDEgog6iYxvEeXhd4Mtbaxbl2UW5
JJ1ZUycIUECCu2MI09JxZhRaRLnUA4RfzGIu63wxUJtfiKyIK0Afn3Gm/nyF+Sop
X/rm7jg1DDdqMd55QdG9AchI4D4C0DcJbTo4r8OSRFzmwQlTAsfOAlrH3ov+E+0f
rZ8SN2gjR/y+cdWQJxQ04pGh9NJkdrWMZJdZ047NnO8jF25rSN3iMgY6PydhE5TT
JKZXcfjTUqGeFveeMqdaZ5uoUyKaE/DnrNimv7Y4tcY0dsRIVIZQb6ml1dJdrkCG
6R5/yboAp2m9dtkplGUOo7cRae8bxXTQteANhZJYT3dqKDMKUJCw6ZShmr0pg2Of
KASqUMdHYSIyGoUaQ+Pd3s5UweuG8NEZt+p302qbn8cBCncMioibZqUJyo0lt/zn
jVFCZuepLOSGH7u0hYvlizkpbsXkUraBkQOTelqYyxXGoWF7WQg=
=N2u/
-----END PGP SIGNATURE-----