BSDSec

deadsimple BSD Security Advisories and Announcements

FreeBSD Errata Notice FreeBSD-EN-25:14.route

8 August, 2025 by errata-notices@freebsd.org | freebsd 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-25:14.route                                          Errata Notice
                                                          The FreeBSD Project

Topic:          route(8) monitor buffers too much when redirected to a file

Category:       core
Module:         route
Announced:      2025-08-08
Affects:        FreeBSD 14.x
Corrected:      2025-07-21 02:13:16 UTC (stable/14, 14.3-STABLE)
                2025-08-08 00:39:04 UTC (releng/14.3, 14.3-RELEASE-p2)
                2025-08-08 00:39:17 UTC (releng/14.2, 14.2-RELEASE-p5)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

route(8)'s `monitor` command continuously reports routing changes on the system,
which may be used interactively or by other tooling.  When a command's output
is redirected to a file, its standard output becomes fully buffered.

II.  Problem Description

In FreeBSD 14.x, route(8) does not flush its standard output at distinct message
boundaries as it previously did in FreeBSD 13.x and before.  As such, it could
appear that no changes are happening on the system when its output has been
redirected to a file.

III. Impact

Other programs that rely on `route monitor` are likely to miss changes that
they are expecting to see, unless routing tables/information are changing at
a high frequency.

IV.  Workaround

Use `stdbuf -oL route monitor` to force the output of `route monitor` to be
line-buffered.  See stdbuf(1).  Programs watching `route monitor` output are
not incredibly common.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and restart any affected
services.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:

# freebsd-update fetch
# freebsd-update install

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-25:14/route.patch
# fetch https://security.FreeBSD.org/patches/EN-25:14/route.patch.asc
# gpg --verify route.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

VI.  Correction details

This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/14/                              dd695839efd8    stable/14-n271995
releng/14.3/                            97f34921d77b  releng/14.3-n271437
releng/14.2/                            168703212b61  releng/14.2-n269531
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id'8265>
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id'5026>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:14.route.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmiVSh8ACgkQbljekB8A
Gu9SKxAAwfW3Ql0ZaqG5aIYJ1FOUBMY/F0p22E9RmO1L8xGpX6m0vzjQUrrCycHq
3Lc+QWg4IpDq9WUvfg3yuslZpRnRa679EVjeR7R/Bo7qgfAEVYVZK52g5L7kukAq
ta9Ufqltrp5UZUkYdfj1k5nROM/SfSROj8opvlwDxdwjzgr0shiY5WUfYTxkTFOA
WNSzxnjB95VLgT9PCRXv2oUvs/4N/vZtLwzxFPkfBsbLOyz0+lDZ/ub5q1tllBfi
QMRrsJ+bxAfjZtD0VutmL1kY0BaialP6/hOqTka+DuGVi3C73mk6+/xlu/ig7RUk
xsaAigN5pdfQpa2UDx+vEVp5OYHIja6rgzlZeIELv1sZLridp8kySygQ7W3k9PED
nQM6rZe4d/sp7REv/wSCK0sC6BEQ5KgZ1l89ChR8BtCb7gVj69A/OU1KoSyUkuAV
Qn8vCVr0zOBXrwlGIgP94R2qhl4smWylynKajjqT6Hgh3k4KRZMJKfFxDAQlUxWf
5m1aHD41O7h92L6IixoVAHQ0E/MtnuV9Pos5lDlDewRvUdSSfT02UahcIOoch860
NtsFyurxnBOVPtpr92gg1aVx/u4EnP3/2NnMDWwLIM80QvsXOXZ+e6WigBJ3bJxB
FAMdoiMJyi3orwDfxnCuUBOwnnwLtxjd3iw5frZXEa5xJfmKpsA=YgHt
-----END PGP SIGNATURE-----