article.xml revision 112435
176082Sbmah<!-- 276082Sbmah FreeBSD errata document. Unlike some of the other RELNOTESng 376082Sbmah files, this file should remain as a single SGML file, so that 476082Sbmah the dollar FreeBSD dollar header has a meaningful modification 576082Sbmah time. This file is all but useless without a datestamp on it, 676082Sbmah so we'll take some extra care to make sure it has one. 776082Sbmah 876082Sbmah (If we didn't do this, then the file with the datestamp might 976082Sbmah not be the one that received the last change in the document.) 1076082Sbmah 1176082Sbmah--> 1276082Sbmah 1376082Sbmah<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ 1476082Sbmah<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN"> 1576082Sbmah%man; 1676082Sbmah<!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN"> 1776082Sbmah%authors; 1876082Sbmah<!ENTITY % mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN"> 1976082Sbmah%mlists; 2076082Sbmah<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> 2176082Sbmah%release; 2276082Sbmah]> 2376082Sbmah 2476082Sbmah<article> 2576082Sbmah <articleinfo> 26109307Sbmah <title>&os; 27109543Sbmah<![ %release.type.snapshot [ 28109543Sbmah &release.prev; 29109543Sbmah]]> 30109543Sbmah<![ %release.type.release [ 31109543Sbmah &release.current; 32109543Sbmah]]> 33109307Sbmah Errata</title> 3477914Sbmah 3576082Sbmah <corpauthor> 3676082Sbmah The &os; Project 3776082Sbmah </corpauthor> 3876082Sbmah 3976082Sbmah <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/errata/article.sgml 112435 2003-03-20 18:57:30Z bmah $</pubdate> 4076082Sbmah 4176082Sbmah <copyright> 4276082Sbmah <year>2000</year> 4376082Sbmah <year>2001</year> 4488820Sbmah <year>2002</year> 45108829Sbmah <year>2003</year> 4676082Sbmah <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 4776082Sbmah </copyright> 4876082Sbmah </articleinfo> 4976082Sbmah 5077914Sbmah <abstract> 5179807Sbmah <para>This document lists errata items for &os; 52109543Sbmah<![ %release.type.snapshot [ 53109543Sbmah &release.prev;, 54109543Sbmah]]> 55109543Sbmah<![ %release.type.release [ 56109543Sbmah &release.current;, 57109543Sbmah]]> 5892295Sbmah containing significant information discovered after the release. 5992295Sbmah This information includes security advisories, as well as news 6092295Sbmah relating to the software or documentation that could affect its 6192295Sbmah operation or usability. An up-to-date version of this document 6292295Sbmah should always be consulted before installing this version of 6392295Sbmah &os;.</para> 6477914Sbmah 65109307Sbmah <para>This errata document for &os; 66109543Sbmah<![ %release.type.snapshot [ 67109543Sbmah &release.prev; 68109543Sbmah]]> 69109543Sbmah<![ %release.type.release [ 70109543Sbmah &release.current; 71109543Sbmah]]> 72109308Sbmah will be maintained until the release of &os; 5.1-RELEASE.</para> 7377914Sbmah </abstract> 7477914Sbmah 75109143Sroam <sect1 id="intro"> 7676082Sbmah <title>Introduction</title> 7776082Sbmah 7879807Sbmah <para>This errata document contains <quote>late-breaking news</quote> 7992295Sbmah about &os; 80109543Sbmah<![ %release.type.snapshot [ 81109543Sbmah &release.prev;. 82109543Sbmah]]> 83109543Sbmah<![ %release.type.release [ 84109543Sbmah &release.current;. 85109543Sbmah]]> 8692295Sbmah Before installing this version, it is important to consult this 8792295Sbmah document to learn about any post-release discoveries or problems 8892295Sbmah that may already have been found and fixed.</para> 8979807Sbmah 9092295Sbmah <para>Any version of this errata document actually distributed 9192295Sbmah with the release (for example, on a CDROM distribution) will be 9292295Sbmah out of date by definition, but other copies are kept updated on 9392295Sbmah the Internet and should be consulted as the <quote>current 9492295Sbmah errata</quote> for this release. These other copies of the 9592295Sbmah errata are located at <ulink 9692295Sbmah url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites 9792295Sbmah which keep up-to-date mirrors of this location.</para> 9876082Sbmah 9979807Sbmah <para>Source and binary snapshots of &os; &release.branch; also 10092295Sbmah contain up-to-date copies of this document (as of the time of 10192295Sbmah the snapshot).</para> 10276082Sbmah 10377914Sbmah <para>For a list of all &os; CERT security advisories, see <ulink 10492295Sbmah url="http://www.FreeBSD.org/security/"></ulink> or <ulink 10592295Sbmah url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para> 10692295Sbmah 10776082Sbmah </sect1> 10876082Sbmah 109109143Sroam <sect1 id="security"> 11076082Sbmah <title>Security Advisories</title> 111109309Sbmah 112110463Sbmah <para>Remotely exploitable vulnerabilities in 113110463Sbmah <application>CVS</application> could allow an attacker to 114110463Sbmah execute arbitrary comands on a CVS server. More details can be 115110463Sbmah found in security advisory <ulink 116110463Sbmah url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc">FreeBSD-SA-03:01</ulink>.</para> 117109309Sbmah 118111435Sbmah <para>A timing-based attack on <application>OpenSSL</application>, 119111435Sbmah could allow a very powerful attacker access to plaintext 120111435Sbmah under certain circumstances. This problem has been corrected in 121111435Sbmah &os; &release.current; with an upgrade 122111435Sbmah to <application>OpenSSL</application> 0.9.7. On supported 123111435Sbmah security fix branches, this problem has been corrected with the 124111435Sbmah import of <application>OpenSSL</application> 0.9.6i. See security 125111435Sbmah advisory <ulink 126111435Sbmah url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc">FreeBSD-SA-03:02</ulink> 127111435Sbmah for more details.</para> 128111435Sbmah 129111435Sbmah <para>It may be possible to recover the shared secret key used by 130111435Sbmah the implementation of the <quote>syncookies</quote> feature. 131111435Sbmah This reduces its effectiveness in dealing with TCP SYN flood 132111435Sbmah denial-of-service attacks. Workaround information and fixes are 133111435Sbmah given in security advisory <ulink 134111435Sbmah url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc">FreeBSD-SA-03:03</ulink>.</para> 135111435Sbmah 136111835Sbmah <para>Due to a buffer overflow in header parsing in <application>sendmail</application>, a remote 137111835Sbmah attacker can create a specially-crafted message that may cause 138111835Sbmah &man.sendmail.8; to execute arbitrary code 139111835Sbmah with the privileges of the user running it, typically 140111834Sbmah <username>root</username>. More information, including pointers 141111834Sbmah to patches, can be found in security advisory <ulink 142111834Sbmah url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc">FreeBSD-SA-03:04</ulink>.</para> 143111834Sbmah 144112435Sbmah <para>The XDR encoder/decoder does incorrect bounds-checking, 145112435Sbmah which could allow a remote attacker to cause a 146112435Sbmah denial-of-service. For bugfix information, see security 147112435Sbmah advisory <ulink 148112435Sbmah url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:05.xdr.asc">FreeBSD-SA-03:05</ulink>.</para> 149112435Sbmah 15076082Sbmah </sect1> 15176082Sbmah 152109309Sbmah <sect1 id="late-news"> 153109309Sbmah <title>Late-Breaking News</title> 154109309Sbmah 155109583Schris <bridgehead renderas="sect3">GEOM</bridgehead> 156109583Schris 157109309Sbmah <para>The &man.geom.4;-based disk partitioning code in the kernel 158109309Sbmah will not allow an open partition to be overwritten. This 159109309Sbmah usually prevents the use of <command>disklabel -B</command> to 160109309Sbmah update the boot blocks on a disk because the 161109309Sbmah <literal>a</literal> partition overlaps the space where the boot 162109309Sbmah blocks are stored. A suggested workaround is to boot from an 163109309Sbmah alternate disk, a CDROM, or a fixit floppy.</para> 164109309Sbmah 165109583Schris <bridgehead renderas="sect3">&man.dump.8;</bridgehead> 166109583Schris 167109309Sbmah <para>When using disk media with sector sizes larger than 512 168109309Sbmah bytes (for instance, &man.gbde.4; encrypted disks), the 169109309Sbmah &man.dump.8; program fails to respect the larger sector size and 170109309Sbmah cannot dump the partition. One possible workaround is to copy 171109309Sbmah the entire file system in raw format and dump the copy. It is, 172109309Sbmah for instance, possible to dump a file system stored in a regular 173109309Sbmah file:</para> 174109309Sbmah 175109309Sbmah <screen>&prompt.root; <userinput>dd if=/dev/ad0s1d.bde of=/junk/ad0.dd bs=1m</userinput> 176109309Sbmah&prompt.root; <userinput>dump 0f - /junk/ad0.dd | ...</userinput></screen> 177109309Sbmah 178109309Sbmah <para>A simpler workaround is to use &man.tar.1; or &man.cpio.1; 179109309Sbmah to make backup copies.</para> 180109309Sbmah 181109583Schris <bridgehead renderas="sect3">&man.mly.4;</bridgehead> 182109583Schris 183110514Sbmah <para>Hangs were reported during &os; 5.0 snapshot 184109309Sbmah installations when installing to &man.mly.4;-supported RAID 185109309Sbmah arrays, in hardware configurations that appear to work fine 186110514Sbmah under &os; 4.7-RELEASE. These problems have been corrected 187110514Sbmah in &os; &release.current;.</para> 188109309Sbmah 189109583Schris <bridgehead renderas="sect3">NETNCP/Netware File System 190109583Schris Support</bridgehead> 191109583Schris 192109309Sbmah <para>NETNCP and nwfs appear to be as-yet unadapted for KSE, and 193111706Sbmah hence not working. These have been fixed in &os; 194111706Sbmah &release.current;.</para> 195109309Sbmah 196109583Schris <bridgehead renderas="sect3">&man.iir.4; controller</bridgehead> 197109583Schris 198109309Sbmah <para>During installation, the &man.iir.4; controller appears to 199109309Sbmah probe correctly, but finds no disk devices.</para> 200109309Sbmah 201109583Schris <bridgehead renderas="sect3">&man.truss.1; race condition</bridgehead> 202109583Schris 203109309Sbmah <para>&man.truss.1; appears to contain a race condition during the 204109309Sbmah start-up of debugging, which can result in &man.truss.1; failing 205109309Sbmah to attach to the process before it exists. The symptom is that 206109309Sbmah &man.truss.1; reports that it cannot open the &man.procfs.5; 207109309Sbmah node supporting the process being debugged. A bug also appears 208109309Sbmah to exist wherein &man.truss.1; will hang if &man.execve.2; 209109309Sbmah returns <literal>ENOENT</literal> A further race appears to 210109309Sbmah exist in which &man.truss.1; will return <errorname>PIOCWAIT: 211109309Sbmah Input/output error</errorname> occasionally on startup. The fix 212109309Sbmah for this sufficiently changes process execution handling that it 213109309Sbmah has been deferred until after 5.0.</para> 214109309Sbmah 215109583Schris <bridgehead renderas="sect3">Disk Partitioning in Installer</bridgehead> 216109583Schris 217109309Sbmah <para>Some bugs have been reported in &man.sysinstall.8; disk 218109309Sbmah partitioning. One observed problem on the i386 is that 219109309Sbmah &man.sysinstall.8; cannot recalculate the free space left on a 220109309Sbmah disk after changing the type of an FDISK-type partition.</para> 221109309Sbmah 222109583Schris <bridgehead renderas="sect3">Stale Documentation</bridgehead> 223109583Schris 224109309Sbmah <para>In some case, documentation (such as the FAQ or Handbook) 225109543Sbmah has not been updated to take into account &os; &release.prev; 226109309Sbmah features. Examples of areas where documentation is still 227109309Sbmah needed include &man.gbde.8; and the new <quote>fast 228109309Sbmah IPsec</quote> implementation.</para> 229109309Sbmah 230109583Schris <bridgehead renderas="sect3">SMB File System</bridgehead> 231109583Schris 232109338Sbmah <para>Attempting to unmount smbfs shares may fail with 233109338Sbmah <errorname>Device busy</errorname> errors even when the 234109338Sbmah mount-point is not really busy. A workaround is to keep trying 235109338Sbmah to unmount the share until it eventually succeeds. This bug has 236109543Sbmah been fixed in &release.current;.</para> 237109338Sbmah 238109338Sbmah <para>Forcefully unmounting (<command>umount -f</command>) smbfs 239109338Sbmah shares may cause a kernel panic. This bug has been fixed in 240109543Sbmah &release.current;.</para> 241109338Sbmah 242109583Schris <bridgehead renderas="sect3">&man.fstat.2;</bridgehead> 243109583Schris 244109338Sbmah <para>When called on a connected socket file descriptor, 245109338Sbmah &man.fstat.2; is supposed to return the number of bytes 246109338Sbmah available to read in the <varname>st_size</varname> member of 247109338Sbmah <varname>struct stat</varname>. However, 248109338Sbmah <varname>st_size</varname> is always erroneously reported as 249109338Sbmah <literal>0</literal> on TCP sockets. This bug has been fixed in 250109543Sbmah &release.current;.</para> 251109338Sbmah 252109583Schris <bridgehead renderas="sect3">Kernel Event Queues</bridgehead> 253109583Schris 254109338Sbmah <para>The &man.kqueue.2; <literal>EVFILT_READ</literal> filter 255109338Sbmah erroneously indicates that <literal>0</literal> bytes are 256109338Sbmah available to be read on TCP sockets, regardless of the number of 257109338Sbmah bytes that are actually available. The 258109338Sbmah <literal>NOTE_LOWAT</literal> flag for 259109338Sbmah <literal>EVFILT_READ</literal> is also broken on TCP sockets. 260109543Sbmah This bug has been fixed in &release.current;.</para> 261109338Sbmah 262109583Schris <bridgehead renderas="sect3">POSIX Named Semaphores</bridgehead> 263109583Schris 264109543Sbmah <para>&os; &release.prev; introduced support for POSIX named semaphores 265109338Sbmah but the implementation contains a critical bug that causes 266109338Sbmah &man.sem.open.3; to incorrectly handle the opening of the same 267109338Sbmah semaphore multiple times by the same process, and that causes 268109338Sbmah &man.sem.close.3; to crash calling programs. This bug has been 269109543Sbmah fixed in &release.current;.</para> 270109338Sbmah 271109583Schris <bridgehead renderas="sect3"><filename>/dev/tty</filename> 272109583Schris Permissions</bridgehead> 273109583Schris 274109543Sbmah <para>&os; &release.prev; has a minor bug in how the permissions of 275109339Sbmah <filename>/dev/tty</filename> are handled. This can be 276109339Sbmah triggered by logging in as a non-<username>root</username>, 277109339Sbmah non-<groupname>tty</groupname> group user, and using &man.su.1; 278109339Sbmah to switch to a second non-<username>root</username>, 279109339Sbmah non-<groupname>tty</groupname> group user. &man.ssh.1; will 280109339Sbmah fail because it cannot open <filename>/dev/tty</filename>. This 281109543Sbmah bug has been fixed in &release.current;.</para> 282109339Sbmah 283109583Schris <bridgehead renderas="sect3">&man.growfs.8;</bridgehead> 284109583Schris 285109400Sbmah <para>&man.growfs.8; no longer works on &man.vinum.4; volumes (and 286109400Sbmah presumably, on &man.geom.4; entities) since these subsystems no 287109400Sbmah longer fake disklabels, but &man.growfs.8; insists on examining 288109400Sbmah a label.</para> 289109400Sbmah 290109612Sbmah <bridgehead renderas="sect3">IPFW</bridgehead> 291109612Sbmah 292109612Sbmah <para>&man.ipfw.4; <literal>skipto</literal> rules do not work 293111706Sbmah when coupled with the <literal>log</literal> keyword. 294111706Sbmah &man.ipfw.4; <literal>uid</literal> rules also do not work 295111706Sbmah properly. These bugs 296111706Sbmah have been fixed in &release.current;.</para> 297109689Sbmah 298109689Sbmah <bridgehead renderas="sect3">Passwords and &man.adduser.8;</bridgehead> 299109689Sbmah 300109689Sbmah <para>&man.adduser.8; does not correctly handle setting user 301109689Sbmah passwords containing special shell characters. This problem has 302109689Sbmah been corrected in &release.current;.</para> 303109689Sbmah 304109692Sbmah <bridgehead renderas="sect3">&man.xl.4;</bridgehead> 305109692Sbmah 306109692Sbmah <para>The &man.xl.4; driver has a timing bug that may cause a 307109692Sbmah kernel panic (or other problems) when attempting to configure an 308109692Sbmah interface. This bug has been fixed in &release.current;.</para> 309109692Sbmah 310109791Sbmah <bridgehead renderas="sect3">ISC DHCP</bridgehead> 311109791Sbmah 312109791Sbmah <para><application>ISC DHCP</application> was updated to 313109791Sbmah 3.0.1rc11. This update was actually a part of &os; 314109791Sbmah &release.prev;, but was not documented in the release 315109791Sbmah notes.</para> 316109791Sbmah 317110124Sbmah <bridgehead renderas="sect3">&man.amd.8; 318110124Sbmah Interoperability</bridgehead> 319110124Sbmah 320110124Sbmah <para>&release.prev; contains some bugs in its non-blocking RPC 321110124Sbmah code. The most noticeable side-effect of these bugs was that 322110124Sbmah &man.amd.8; users were not able to mount volumes from a 323110124Sbmah &release.prev; server. This bug has been fixed in 324110124Sbmah &release.current;.</para> 325110124Sbmah 32676082Sbmah </sect1> 32776082Sbmah</article> 328