| article.xml (125606) | article.xml (126389) |
|---|---|
| 1<!-- 2 FreeBSD errata document. Unlike some of the other RELNOTESng 3 files, this file should remain as a single SGML file, so that 4 the dollar FreeBSD dollar header has a meaningful modification 5 time. This file is all but useless without a datestamp on it, 6 so we'll take some extra care to make sure it has one. 7 8 (If we didn't do this, then the file with the datestamp might --- 9 unchanged lines hidden (view full) --- 18<!ENTITY % mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN"> 19%mlists; 20<!ENTITY % trademarks PUBLIC "-//FreeBSD//ENTITIES DocBook Trademark Entities//EN"> 21%trademarks; 22<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> 23%release; 24<!ENTITY % misc PUBLIC "-//FreeBSD//ENTITIES DocBook Miscellaneous FreeBSD Entities//EN"> 25%misc; | 1<!-- 2 FreeBSD errata document. Unlike some of the other RELNOTESng 3 files, this file should remain as a single SGML file, so that 4 the dollar FreeBSD dollar header has a meaningful modification 5 time. This file is all but useless without a datestamp on it, 6 so we'll take some extra care to make sure it has one. 7 8 (If we didn't do this, then the file with the datestamp might --- 9 unchanged lines hidden (view full) --- 18<!ENTITY % mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN"> 19%mlists; 20<!ENTITY % trademarks PUBLIC "-//FreeBSD//ENTITIES DocBook Trademark Entities//EN"> 21%trademarks; 22<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> 23%release; 24<!ENTITY % misc PUBLIC "-//FreeBSD//ENTITIES DocBook Miscellaneous FreeBSD Entities//EN"> 25%misc; |
| 26 27<!ENTITY release.bugfix "5.2.1-RELEASE"> |
|
| 26]> 27 28<article> 29 <articleinfo> 30 <title>&os; 31<![ %release.type.snapshot [ 32 &release.prev; 33]]> 34<![ %release.type.release [ 35 &release.current; 36]]> 37 Errata</title> 38 39 <corpauthor> 40 The &os; Project 41 </corpauthor> 42 | 28]> 29 30<article> 31 <articleinfo> 32 <title>&os; 33<![ %release.type.snapshot [ 34 &release.prev; 35]]> 36<![ %release.type.release [ 37 &release.current; 38]]> 39 Errata</title> 40 41 <corpauthor> 42 The &os; Project 43 </corpauthor> 44 |
| 43 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/errata/article.sgml 125606 2004-02-08 22:16:29Z bmah $</pubdate> | 45 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/errata/article.sgml 126389 2004-02-28 22:49:15Z bmah $</pubdate> |
| 44 45 <copyright> 46 <year>2000</year> 47 <year>2001</year> 48 <year>2002</year> 49 <year>2003</year> 50 <year>2004</year> 51 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> --- 19 unchanged lines hidden (view full) --- 71 or too late in the release cycle to be otherwise included in the 72 release documentation. 73 This information includes security advisories, as well as news 74 relating to the software or documentation that could affect its 75 operation or usability. An up-to-date version of this document 76 should always be consulted before installing this version of 77 &os;.</para> 78 | 46 47 <copyright> 48 <year>2000</year> 49 <year>2001</year> 50 <year>2002</year> 51 <year>2003</year> 52 <year>2004</year> 53 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> --- 19 unchanged lines hidden (view full) --- 73 or too late in the release cycle to be otherwise included in the 74 release documentation. 75 This information includes security advisories, as well as news 76 relating to the software or documentation that could affect its 77 operation or usability. An up-to-date version of this document 78 should always be consulted before installing this version of 79 &os;.</para> 80 |
| 81 <para>This document also contains errata for &os; 82 &release.bugfix;, a <quote>point release</quote> made about one 83 month after &os; &release.prev;. Unless otherwise noted, all 84 errata items in this document apply to both &release.prev; 85 and &release.bugfix;.</para> 86 |
|
| 79 <para>This errata document for &os; 80<![ %release.type.snapshot [ 81 &release.prev; 82]]> 83<![ %release.type.release [ 84 &release.current; 85]]> 86 will be maintained until the release of &os; &release.next;.</para> --- 37 unchanged lines hidden (view full) --- 124 <title>Security Advisories</title> 125 126<![ %release.type.release [ 127 <para>No advisories.</para> 128]]> 129 130<![ %release.type.snapshot [ 131 | 87 <para>This errata document for &os; 88<![ %release.type.snapshot [ 89 &release.prev; 90]]> 91<![ %release.type.release [ 92 &release.current; 93]]> 94 will be maintained until the release of &os; &release.next;.</para> --- 37 unchanged lines hidden (view full) --- 132 <title>Security Advisories</title> 133 134<![ %release.type.release [ 135 <para>No advisories.</para> 136]]> 137 138<![ %release.type.snapshot [ 139 |
| 132 | 140 <para>(30 Jan 2004, updated 28 Feb 2004) A bug in &man.mksnap.ffs.8; causes the creation of a |
| 133 filesystem snapshot to reset the flags on the filesystem to 134 their default values. The possible consequences depend on local 135 usage, but can include disabling extended access control lists 136 or enabling the use of setuid executables stored on an untrusted 137 filesystem. This bug also affects the &man.dump.8; 138 <option>-L</option> option, which uses &man.mksnap.ffs.8;. Note 139 that &man.mksnap.ffs.8; is normally only available to the 140 superuser and members of the <groupname>operator</groupname> 141 group. This bug has been fixed on the &os; &release.current; | 141 filesystem snapshot to reset the flags on the filesystem to 142 their default values. The possible consequences depend on local 143 usage, but can include disabling extended access control lists 144 or enabling the use of setuid executables stored on an untrusted 145 filesystem. This bug also affects the &man.dump.8; 146 <option>-L</option> option, which uses &man.mksnap.ffs.8;. Note 147 that &man.mksnap.ffs.8; is normally only available to the 148 superuser and members of the <groupname>operator</groupname> 149 group. This bug has been fixed on the &os; &release.current; |
| 142 security fix branch. For more information, see security advisory | 150 security fix branch and in &os; &release.bugfix;. For more information, see security advisory <ulink |
| 143 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para> 144 | 151 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para> 152 |
| 145 | 153 <para>(8 Feb 2004, updated 28 Feb 2004) A bug with the System V Shared Memory interface |
| 146 (specifically the &man.shmat.2; system call) 147 can cause a shared memory segment to reference 148 unallocated kernel memory. In turn, this can permit a local 149 attacker to gain unauthorized access to parts of kernel memory, 150 possibly resulting in disclosure of sensitive information, 151 bypass of access control mechanisms, or privilege escalation. | 154 (specifically the &man.shmat.2; system call) 155 can cause a shared memory segment to reference 156 unallocated kernel memory. In turn, this can permit a local 157 attacker to gain unauthorized access to parts of kernel memory, 158 possibly resulting in disclosure of sensitive information, 159 bypass of access control mechanisms, or privilege escalation. |
| 160 This bug has been fixed on the &os; &release.current; 161 security fix branch and in &os; &release.bugfix;. |
|
| 152 More details, including bugfix and workaround information, 153 can be found in security advisory <ulink 154 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>.</para> 155 | 162 More details, including bugfix and workaround information, 163 can be found in security advisory <ulink 164 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>.</para> 165 |
| 166 <para>(28 Feb 2004) It is possible, under some circumstances, for 167 a processor with superuser privileges inside a &man.jail.8; 168 environment to change its root directory to a different jail, 169 giving it read and write access to the files and directories 170 within. This vulnerability has been closed on the &os; 171 &release.current; security fix branch and in &os; 172 &release.bugfix;. Information on the bug fix can be found in 173 security advisory <ulink 174 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.mail.asc">FreeBSD-SA-04:03</ulink>.</para> 175 |
|
| 156]]> 157 158 </sect1> 159 160 <sect1 id="open-issues"> 161 <title>Open Issues</title> 162 163<![ %release.type.release [ --- 15 unchanged lines hidden (view full) --- 179 mode</quote> option of the bootloader or using the 180 <varname>hint.acpi.0.disabled</varname> kernel environment 181 variable. These problems are being investigated. For problems 182 that have not already been reported (check the mailing list 183 archives <emphasis>before</emphasis> posting), sending the 184 output of &man.dmesg.8; and &man.acpidump.8; to the 185 &a.current; may help diagnose the problem.</para> 186 | 176]]> 177 178 </sect1> 179 180 <sect1 id="open-issues"> 181 <title>Open Issues</title> 182 183<![ %release.type.release [ --- 15 unchanged lines hidden (view full) --- 199 mode</quote> option of the bootloader or using the 200 <varname>hint.acpi.0.disabled</varname> kernel environment 201 variable. These problems are being investigated. For problems 202 that have not already been reported (check the mailing list 203 archives <emphasis>before</emphasis> posting), sending the 204 output of &man.dmesg.8; and &man.acpidump.8; to the 205 &a.current; may help diagnose the problem.</para> 206 |
| 187 | 207 <para>(9 Jan 2004, updated 28 Feb 2004) In some cases, ATA devices may behave |
| 188 erratically, particularly SATA devices. Reported symptoms 189 include command timeouts or missing interrupts. These problems 190 appear to be timing-dependent, making them rather difficult to 191 isolate. Workarounds include:</para> 192 193 <itemizedlist> 194 <listitem> 195 <para>Turn off ATA DMA using the <quote>safe mode</quote> --- 10 unchanged lines hidden (view full) --- 206 <listitem> 207 <para>Disable ACPI, for example using the <quote>safe mode</quote> 208 option of the bootloader or using the 209 <varname>hint.acpi.0.disabled</varname> kernel environment 210 variable.</para> 211 </listitem> 212 </itemizedlist> 213 | 208 erratically, particularly SATA devices. Reported symptoms 209 include command timeouts or missing interrupts. These problems 210 appear to be timing-dependent, making them rather difficult to 211 isolate. Workarounds include:</para> 212 213 <itemizedlist> 214 <listitem> 215 <para>Turn off ATA DMA using the <quote>safe mode</quote> --- 10 unchanged lines hidden (view full) --- 226 <listitem> 227 <para>Disable ACPI, for example using the <quote>safe mode</quote> 228 option of the bootloader or using the 229 <varname>hint.acpi.0.disabled</varname> kernel environment 230 variable.</para> 231 </listitem> 232 </itemizedlist> 233 |
| 234 <para>Some of these problems were addressed in &os; 235 &release.bugfix; with the import of a newer &man.ata.4; from 236 &release.current;.</para> 237 |
|
| 214 <para>(9 Jan 2004) Installing over NFS when using the install 215 floppies requires that the <filename>nfsclient.ko</filename> 216 module be manually loaded from the third floppy disk. This can 217 be done by following the prompts when &man.sysinstall.8; 218 launches to load a driver off of the third floppy disk.</para> 219 220 <para>(9 Jan 2004) The use of multiple vchans (virtual audio 221 channels with dynamic mixing in software) in the &man.pcm.4; 222 driver has been known to cause some instability.</para> 223 224 <para>(10 Jan 2004) Although APIC interrupt routing seems to work 225 correctly on many systems, on some others (such as some laptops) 226 it can cause various errors, such as &man.ata.4; errors or hangs 227 when starting or exiting X11. For these situations, it may be 228 advisable to disable APIC routing, using the <quote>safe 229 mode</quote> of the bootloader or the 230 <varname>hint.apic.0.disabled</varname> loader tunable. Note 231 that disabling APIC is not compatible with SMP systems.</para> 232 | 238 <para>(9 Jan 2004) Installing over NFS when using the install 239 floppies requires that the <filename>nfsclient.ko</filename> 240 module be manually loaded from the third floppy disk. This can 241 be done by following the prompts when &man.sysinstall.8; 242 launches to load a driver off of the third floppy disk.</para> 243 244 <para>(9 Jan 2004) The use of multiple vchans (virtual audio 245 channels with dynamic mixing in software) in the &man.pcm.4; 246 driver has been known to cause some instability.</para> 247 248 <para>(10 Jan 2004) Although APIC interrupt routing seems to work 249 correctly on many systems, on some others (such as some laptops) 250 it can cause various errors, such as &man.ata.4; errors or hangs 251 when starting or exiting X11. For these situations, it may be 252 advisable to disable APIC routing, using the <quote>safe 253 mode</quote> of the bootloader or the 254 <varname>hint.apic.0.disabled</varname> loader tunable. Note 255 that disabling APIC is not compatible with SMP systems.</para> 256 |
| 233 | 257 <para>(10 Jan 2004, updated 28 Feb 2004) The NFSv4 client may panic when attempting an |
| 234 NFSv4 operation against an NFSv3/NFSv2-only server. This 235 problem has been fixed with revision 1.4 of 236 <filename>src/sys/rpc/rpcclnt.c</filename> in &os; | 258 NFSv4 operation against an NFSv3/NFSv2-only server. This 259 problem has been fixed with revision 1.4 of 260 <filename>src/sys/rpc/rpcclnt.c</filename> in &os; |
| 237 &release.current;.</para> | 261 &release.current;. It was also fixed in &os; 262 &release.bugfix;.</para> |
| 238 | 263 |
| 239 | 264 <para>(11 Jan 2004, updated 28 Feb 2004) Some problems have been encountered when using |
| 240 third-party NSS modules, such as <filename>nss_ldap</filename>, 241 and groups with large membership lists. These have been fixed 242 with revision 1.2 of <filename>src/include/nss.h</filename> and 243 revision 1.2 of 244 <filename>src/lib/libc/net/nss_compat.c</filename> in &os; | 265 third-party NSS modules, such as <filename>nss_ldap</filename>, 266 and groups with large membership lists. These have been fixed 267 with revision 1.2 of <filename>src/include/nss.h</filename> and 268 revision 1.2 of 269 <filename>src/lib/libc/net/nss_compat.c</filename> in &os; |
| 245 &release.current;.</para> | 270 &release.current;; this fix was backported to &os; 271 &release.bugfix;.</para> |
| 246 247 <para>(13 Jan 2004) The &os; &release.current; release notes 248 incorrectly stated that <application>GCC</application> was a 249 post-release GCC 3.3.3 snapshot. They should have stated that 250 GCC was a <emphasis>pre-release</emphasis> GCC 3.3.3 251 snapshot.</para> 252 | 272 273 <para>(13 Jan 2004) The &os; &release.current; release notes 274 incorrectly stated that <application>GCC</application> was a 275 post-release GCC 3.3.3 snapshot. They should have stated that 276 GCC was a <emphasis>pre-release</emphasis> GCC 3.3.3 277 snapshot.</para> 278 |
| 253 | 279 <para>(13 Jan 2004, updated 28 Feb 2004) The <filename |
| 254 role="package">sysutils/kdeadmin3</filename> port/package has a 255 bug in the <application>KUser</application> component that can 256 cause deletion of the <username>root</username> user from the 257 system password file. Users are strongly urged to upgrade to | 280 role="package">sysutils/kdeadmin3</filename> port/package has a 281 bug in the <application>KUser</application> component that can 282 cause deletion of the <username>root</username> user from the 283 system password file. Users are strongly urged to upgrade to |
| 258 version 3.1.4_1 of this port/package.</para> | 284 version 3.1.4_1 of this port/package. The package set included 285 with &os; &release.bugfix; contains the fixed version of this 286 package.</para> |
| 259 | 287 |
| 260 | 288 <para>(21 Jan 2004, updated 28 Feb 2004) Some bugs in the IPsec implementation imported |
| 261 from the KAME Project can result in memory objects being freed 262 before all references to them were removed. Reported symptoms 263 include erratic behavior or kernel panics after flushing the 264 Security Policy Database (SPD). Some of these problems have 265 been fixed in &os; &release.current; in rev. 1.31 of 266 <filename>src/sys/netinet6/ipsec.c</filename>, rev. 1.136 of 267 <filename>src/sys/netinet/in_pcb.c</filename>, and revs. 1.63 | 289 from the KAME Project can result in memory objects being freed 290 before all references to them were removed. Reported symptoms 291 include erratic behavior or kernel panics after flushing the 292 Security Policy Database (SPD). Some of these problems have 293 been fixed in &os; &release.current; in rev. 1.31 of 294 <filename>src/sys/netinet6/ipsec.c</filename>, rev. 1.136 of 295 <filename>src/sys/netinet/in_pcb.c</filename>, and revs. 1.63 |
| 268 and 1.64 of <filename>src/sys/netkey/key.c</filename>. More | 296 and 1.64 of <filename>src/sys/netkey/key.c</filename>. These 297 bugfixes were backported to &os; &release.bugfix;. More |
| 269 information about these problems has been posted to the 270 &a.current;, in particular the thread entitled <ulink 271 url="http://lists.FreeBSD.org/pipermail/freebsd-current/2004-January/thread.html#18084"> 272 <quote>[PATCH] IPSec fixes</quote></ulink>.</para> 273 | 298 information about these problems has been posted to the 299 &a.current;, in particular the thread entitled <ulink 300 url="http://lists.FreeBSD.org/pipermail/freebsd-current/2004-January/thread.html#18084"> 301 <quote>[PATCH] IPSec fixes</quote></ulink>.</para> 302 |
| 303 <para>(28 Feb 2004) The edition of the Porters Handbook included 304 with &os; &release.bugfix; contained an incorrect value for 305 &release.bugfix;'s <varname>__FreeBSD_version</varname>. The 306 correct value is <literal>502010</literal>.</para> 307 |
|
| 274]]> 275 276 </sect1> 277 278 <sect1 id="late-news"> 279 <title>Late-Breaking News</title> 280 281<![ %release.type.release [ 282 <para>No news.</para> 283]]> 284 285<![ %release.type.snapshot [ 286 | 308]]> 309 310 </sect1> 311 312 <sect1 id="late-news"> 313 <title>Late-Breaking News</title> 314 315<![ %release.type.release [ 316 <para>No news.</para> 317]]> 318 319<![ %release.type.snapshot [ 320 |
| 287 | 321 <para>(10 Jan 2004, updated 28 Feb 2004) The TCP implementation in &os; now includes |
| 288 protection against a certain class of TCP MSS resource 289 exhaustion attacks, in the form of limits on the size and rate 290 of TCP segments. The first limit sets the minimum allowed 291 maximum TCP segment size, and is controlled by the 292 <varname>net.inet.tcp.minmss</varname> sysctl variable (the 293 default value is <literal>216</literal> bytes). The second 294 limit is set by the 295 <varname>net.inet.tcp.minmssoverload</varname> variable, and 296 controls the maximum rate of connections whose average segment 297 size is less than <varname>net.inet.tcp.minmss</varname>. 298 Connections exceeding this packet rate are reset and dropped. 299 Because this feature was added late in the &release.prev; 300 release cycle, connection rate limiting is disabled by default, 301 but can be enabled manually by assigning a non-zero value to | 322 protection against a certain class of TCP MSS resource 323 exhaustion attacks, in the form of limits on the size and rate 324 of TCP segments. The first limit sets the minimum allowed 325 maximum TCP segment size, and is controlled by the 326 <varname>net.inet.tcp.minmss</varname> sysctl variable (the 327 default value is <literal>216</literal> bytes). The second 328 limit is set by the 329 <varname>net.inet.tcp.minmssoverload</varname> variable, and 330 controls the maximum rate of connections whose average segment 331 size is less than <varname>net.inet.tcp.minmss</varname>. 332 Connections exceeding this packet rate are reset and dropped. 333 Because this feature was added late in the &release.prev; 334 release cycle, connection rate limiting is disabled by default, 335 but can be enabled manually by assigning a non-zero value to |
| 302 <varname>net.inet.tcp.minmssoverload</varname> (the default 303 value in &release.current; at the time of this writing is 304 <literal>1000</literal> packets per second).</para> | 336 <varname>net.inet.tcp.minmssoverload</varname>. This feature 337 was added to &os; &release.prev; too late for inclusion in its 338 release notes.</para> |
| 305 306]]> 307 308 </sect1> 309 310</article> | 339 340]]> 341 342 </sect1> 343 344</article> |