article.xml revision 126389
176082Sbmah<!-- 276082Sbmah FreeBSD errata document. Unlike some of the other RELNOTESng 376082Sbmah files, this file should remain as a single SGML file, so that 476082Sbmah the dollar FreeBSD dollar header has a meaningful modification 576082Sbmah time. This file is all but useless without a datestamp on it, 676082Sbmah so we'll take some extra care to make sure it has one. 776082Sbmah 876082Sbmah (If we didn't do this, then the file with the datestamp might 976082Sbmah not be the one that received the last change in the document.) 1076082Sbmah 1176082Sbmah--> 1276082Sbmah 1376082Sbmah<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ 1476082Sbmah<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN"> 1576082Sbmah%man; 1676082Sbmah<!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN"> 1776082Sbmah%authors; 1876082Sbmah<!ENTITY % mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN"> 1976082Sbmah%mlists; 20119884Ssimon<!ENTITY % trademarks PUBLIC "-//FreeBSD//ENTITIES DocBook Trademark Entities//EN"> 21119884Ssimon%trademarks; 2276082Sbmah<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> 2376082Sbmah%release; 24124312Sbmah<!ENTITY % misc PUBLIC "-//FreeBSD//ENTITIES DocBook Miscellaneous FreeBSD Entities//EN"> 25124312Sbmah%misc; 26126389Sbmah 27126389Sbmah<!ENTITY release.bugfix "5.2.1-RELEASE"> 2876082Sbmah]> 2976082Sbmah 3076082Sbmah<article> 3176082Sbmah <articleinfo> 32109307Sbmah <title>&os; 33109543Sbmah<![ %release.type.snapshot [ 34109543Sbmah &release.prev; 35109543Sbmah]]> 36109543Sbmah<![ %release.type.release [ 37109543Sbmah &release.current; 38109543Sbmah]]> 39109307Sbmah Errata</title> 4077914Sbmah 4176082Sbmah <corpauthor> 4276082Sbmah The &os; Project 4376082Sbmah </corpauthor> 4476082Sbmah 4576082Sbmah <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/errata/article.sgml 126389 2004-02-28 22:49:15Z bmah $</pubdate> 4676082Sbmah 4776082Sbmah <copyright> 4876082Sbmah <year>2000</year> 4976082Sbmah <year>2001</year> 5088820Sbmah <year>2002</year> 51108829Sbmah <year>2003</year> 52124312Sbmah <year>2004</year> 5376082Sbmah <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 5476082Sbmah </copyright> 55119884Ssimon 56119884Ssimon <legalnotice id="trademarks" role="trademarks"> 57119884Ssimon &tm-attrib.freebsd; 58119884Ssimon &tm-attrib.intel; 59119884Ssimon &tm-attrib.sparc; 60119884Ssimon &tm-attrib.general; 61119884Ssimon </legalnotice> 6276082Sbmah </articleinfo> 6376082Sbmah 6477914Sbmah <abstract> 6579807Sbmah <para>This document lists errata items for &os; 66109543Sbmah<![ %release.type.snapshot [ 67109543Sbmah &release.prev;, 68109543Sbmah]]> 69109543Sbmah<![ %release.type.release [ 70109543Sbmah &release.current;, 71109543Sbmah]]> 72112874Sbmah containing significant information discovered after the release 73112874Sbmah or too late in the release cycle to be otherwise included in the 74112874Sbmah release documentation. 7592295Sbmah This information includes security advisories, as well as news 7692295Sbmah relating to the software or documentation that could affect its 7792295Sbmah operation or usability. An up-to-date version of this document 7892295Sbmah should always be consulted before installing this version of 7992295Sbmah &os;.</para> 8077914Sbmah 81126389Sbmah <para>This document also contains errata for &os; 82126389Sbmah &release.bugfix;, a <quote>point release</quote> made about one 83126389Sbmah month after &os; &release.prev;. Unless otherwise noted, all 84126389Sbmah errata items in this document apply to both &release.prev; 85126389Sbmah and &release.bugfix;.</para> 86126389Sbmah 87109307Sbmah <para>This errata document for &os; 88109543Sbmah<![ %release.type.snapshot [ 89109543Sbmah &release.prev; 90109543Sbmah]]> 91109543Sbmah<![ %release.type.release [ 92109543Sbmah &release.current; 93109543Sbmah]]> 94116130Sbmah will be maintained until the release of &os; &release.next;.</para> 9577914Sbmah </abstract> 9677914Sbmah 97109143Sroam <sect1 id="intro"> 9876082Sbmah <title>Introduction</title> 9976082Sbmah 10079807Sbmah <para>This errata document contains <quote>late-breaking news</quote> 10192295Sbmah about &os; 102109543Sbmah<![ %release.type.snapshot [ 103109543Sbmah &release.prev;. 104109543Sbmah]]> 105109543Sbmah<![ %release.type.release [ 106109543Sbmah &release.current;. 107109543Sbmah]]> 10892295Sbmah Before installing this version, it is important to consult this 10992295Sbmah document to learn about any post-release discoveries or problems 11092295Sbmah that may already have been found and fixed.</para> 11179807Sbmah 11292295Sbmah <para>Any version of this errata document actually distributed 11392295Sbmah with the release (for example, on a CDROM distribution) will be 11492295Sbmah out of date by definition, but other copies are kept updated on 11592295Sbmah the Internet and should be consulted as the <quote>current 11692295Sbmah errata</quote> for this release. These other copies of the 11792295Sbmah errata are located at <ulink 11892295Sbmah url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites 11992295Sbmah which keep up-to-date mirrors of this location.</para> 12076082Sbmah 12179807Sbmah <para>Source and binary snapshots of &os; &release.branch; also 12292295Sbmah contain up-to-date copies of this document (as of the time of 12392295Sbmah the snapshot).</para> 12476082Sbmah 12577914Sbmah <para>For a list of all &os; CERT security advisories, see <ulink 12692295Sbmah url="http://www.FreeBSD.org/security/"></ulink> or <ulink 12792295Sbmah url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para> 12892295Sbmah 12976082Sbmah </sect1> 13076082Sbmah 131109143Sroam <sect1 id="security"> 13276082Sbmah <title>Security Advisories</title> 133109309Sbmah 134115963Sbmah<![ %release.type.release [ 135115963Sbmah <para>No advisories.</para> 136115963Sbmah]]> 137109309Sbmah 138115963Sbmah<![ %release.type.snapshot [ 139125249Sbmah 140126389Sbmah <para>(30 Jan 2004, updated 28 Feb 2004) A bug in &man.mksnap.ffs.8; causes the creation of a 141125249Sbmah filesystem snapshot to reset the flags on the filesystem to 142125249Sbmah their default values. The possible consequences depend on local 143125249Sbmah usage, but can include disabling extended access control lists 144125249Sbmah or enabling the use of setuid executables stored on an untrusted 145125249Sbmah filesystem. This bug also affects the &man.dump.8; 146125249Sbmah <option>-L</option> option, which uses &man.mksnap.ffs.8;. Note 147125249Sbmah that &man.mksnap.ffs.8; is normally only available to the 148125249Sbmah superuser and members of the <groupname>operator</groupname> 149125249Sbmah group. This bug has been fixed on the &os; &release.current; 150126389Sbmah security fix branch and in &os; &release.bugfix;. For more information, see security advisory <ulink 151125249Sbmah url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para> 152125249Sbmah 153126389Sbmah <para>(8 Feb 2004, updated 28 Feb 2004) A bug with the System V Shared Memory interface 154125606Sbmah (specifically the &man.shmat.2; system call) 155125606Sbmah can cause a shared memory segment to reference 156125606Sbmah unallocated kernel memory. In turn, this can permit a local 157125606Sbmah attacker to gain unauthorized access to parts of kernel memory, 158125606Sbmah possibly resulting in disclosure of sensitive information, 159125606Sbmah bypass of access control mechanisms, or privilege escalation. 160126389Sbmah This bug has been fixed on the &os; &release.current; 161126389Sbmah security fix branch and in &os; &release.bugfix;. 162125606Sbmah More details, including bugfix and workaround information, 163125606Sbmah can be found in security advisory <ulink 164125606Sbmah url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>.</para> 165125606Sbmah 166126389Sbmah <para>(28 Feb 2004) It is possible, under some circumstances, for 167126389Sbmah a processor with superuser privileges inside a &man.jail.8; 168126389Sbmah environment to change its root directory to a different jail, 169126389Sbmah giving it read and write access to the files and directories 170126389Sbmah within. This vulnerability has been closed on the &os; 171126389Sbmah &release.current; security fix branch and in &os; 172126389Sbmah &release.bugfix;. Information on the bug fix can be found in 173126389Sbmah security advisory <ulink 174126389Sbmah url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.mail.asc">FreeBSD-SA-04:03</ulink>.</para> 175126389Sbmah 176115963Sbmah]]> 177111435Sbmah 178115963Sbmah </sect1> 179111435Sbmah 180115963Sbmah <sect1 id="open-issues"> 181115963Sbmah <title>Open Issues</title> 182111834Sbmah 183115963Sbmah<![ %release.type.release [ 184115963Sbmah <para>No open issues.</para> 185115963Sbmah]]> 186112435Sbmah 187115963Sbmah<![ %release.type.snapshot [ 188124312Sbmah 189124312Sbmah <para>(9 Jan 2004) Due to a change in &man.cpp.1; behavior, the 190124312Sbmah login screen for &man.xdm.1; is in black and white, even on 191124312Sbmah systems with color displays. As a workaround, update to a newer 192124312Sbmah version of the 193124312Sbmah <filename role="package">x11/XFree86-4-clients</filename> 194124312Sbmah port/package.</para> 195124312Sbmah 196124312Sbmah <para>(9 Jan 2004) There remain some residual problems with ACPI. 197124312Sbmah In some cases, systems may behave erratically, or hang at boot 198124312Sbmah time. As a workaround, disable ACPI, using the <quote>safe 199124312Sbmah mode</quote> option of the bootloader or using the 200124312Sbmah <varname>hint.acpi.0.disabled</varname> kernel environment 201124312Sbmah variable. These problems are being investigated. For problems 202124312Sbmah that have not already been reported (check the mailing list 203124312Sbmah archives <emphasis>before</emphasis> posting), sending the 204124312Sbmah output of &man.dmesg.8; and &man.acpidump.8; to the 205124312Sbmah &a.current; may help diagnose the problem.</para> 206124312Sbmah 207126389Sbmah <para>(9 Jan 2004, updated 28 Feb 2004) In some cases, ATA devices may behave 208124312Sbmah erratically, particularly SATA devices. Reported symptoms 209124352Sbmah include command timeouts or missing interrupts. These problems 210124312Sbmah appear to be timing-dependent, making them rather difficult to 211124312Sbmah isolate. Workarounds include:</para> 212124312Sbmah 213124312Sbmah <itemizedlist> 214124312Sbmah <listitem> 215124312Sbmah <para>Turn off ATA DMA using the <quote>safe mode</quote> 216124312Sbmah option of the bootloader or the 217124312Sbmah <varname>hw.ata.ata_dma</varname> sysctl variable.</para> 218124312Sbmah </listitem> 219124312Sbmah 220124312Sbmah <listitem> 221124312Sbmah <para>Use the host's BIOS setup options to put the ATA 222124312Sbmah controller in its <quote>legacy mode</quote>, if 223124312Sbmah available.</para> 224124312Sbmah </listitem> 225124312Sbmah 226124312Sbmah <listitem> 227124312Sbmah <para>Disable ACPI, for example using the <quote>safe mode</quote> 228124312Sbmah option of the bootloader or using the 229124312Sbmah <varname>hint.acpi.0.disabled</varname> kernel environment 230124312Sbmah variable.</para> 231124312Sbmah </listitem> 232124312Sbmah </itemizedlist> 233124312Sbmah 234126389Sbmah <para>Some of these problems were addressed in &os; 235126389Sbmah &release.bugfix; with the import of a newer &man.ata.4; from 236126389Sbmah &release.current;.</para> 237126389Sbmah 238124312Sbmah <para>(9 Jan 2004) Installing over NFS when using the install 239124312Sbmah floppies requires that the <filename>nfsclient.ko</filename> 240124312Sbmah module be manually loaded from the third floppy disk. This can 241124312Sbmah be done by following the prompts when &man.sysinstall.8; 242124312Sbmah launches to load a driver off of the third floppy disk.</para> 243124312Sbmah 244124312Sbmah <para>(9 Jan 2004) The use of multiple vchans (virtual audio 245124312Sbmah channels with dynamic mixing in software) in the &man.pcm.4; 246124312Sbmah driver has been known to cause some instability.</para> 247124312Sbmah 248124352Sbmah <para>(10 Jan 2004) Although APIC interrupt routing seems to work 249124352Sbmah correctly on many systems, on some others (such as some laptops) 250124352Sbmah it can cause various errors, such as &man.ata.4; errors or hangs 251124352Sbmah when starting or exiting X11. For these situations, it may be 252124352Sbmah advisable to disable APIC routing, using the <quote>safe 253124352Sbmah mode</quote> of the bootloader or the 254124352Sbmah <varname>hint.apic.0.disabled</varname> loader tunable. Note 255124352Sbmah that disabling APIC is not compatible with SMP systems.</para> 256124352Sbmah 257126389Sbmah <para>(10 Jan 2004, updated 28 Feb 2004) The NFSv4 client may panic when attempting an 258124352Sbmah NFSv4 operation against an NFSv3/NFSv2-only server. This 259124352Sbmah problem has been fixed with revision 1.4 of 260124352Sbmah <filename>src/sys/rpc/rpcclnt.c</filename> in &os; 261126389Sbmah &release.current;. It was also fixed in &os; 262126389Sbmah &release.bugfix;.</para> 263124352Sbmah 264126389Sbmah <para>(11 Jan 2004, updated 28 Feb 2004) Some problems have been encountered when using 265124484Sbmah third-party NSS modules, such as <filename>nss_ldap</filename>, 266124484Sbmah and groups with large membership lists. These have been fixed 267124484Sbmah with revision 1.2 of <filename>src/include/nss.h</filename> and 268124484Sbmah revision 1.2 of 269124484Sbmah <filename>src/lib/libc/net/nss_compat.c</filename> in &os; 270126389Sbmah &release.current;; this fix was backported to &os; 271126389Sbmah &release.bugfix;.</para> 272124484Sbmah 273124484Sbmah <para>(13 Jan 2004) The &os; &release.current; release notes 274124484Sbmah incorrectly stated that <application>GCC</application> was a 275124484Sbmah post-release GCC 3.3.3 snapshot. They should have stated that 276124484Sbmah GCC was a <emphasis>pre-release</emphasis> GCC 3.3.3 277124484Sbmah snapshot.</para> 278124484Sbmah 279126389Sbmah <para>(13 Jan 2004, updated 28 Feb 2004) The <filename 280124485Sbmah role="package">sysutils/kdeadmin3</filename> port/package has a 281124485Sbmah bug in the <application>KUser</application> component that can 282124485Sbmah cause deletion of the <username>root</username> user from the 283124485Sbmah system password file. Users are strongly urged to upgrade to 284126389Sbmah version 3.1.4_1 of this port/package. The package set included 285126389Sbmah with &os; &release.bugfix; contains the fixed version of this 286126389Sbmah package.</para> 287124485Sbmah 288126389Sbmah <para>(21 Jan 2004, updated 28 Feb 2004) Some bugs in the IPsec implementation imported 289124801Sbmah from the KAME Project can result in memory objects being freed 290124801Sbmah before all references to them were removed. Reported symptoms 291124801Sbmah include erratic behavior or kernel panics after flushing the 292124801Sbmah Security Policy Database (SPD). Some of these problems have 293124801Sbmah been fixed in &os; &release.current; in rev. 1.31 of 294124801Sbmah <filename>src/sys/netinet6/ipsec.c</filename>, rev. 1.136 of 295124801Sbmah <filename>src/sys/netinet/in_pcb.c</filename>, and revs. 1.63 296126389Sbmah and 1.64 of <filename>src/sys/netkey/key.c</filename>. These 297126389Sbmah bugfixes were backported to &os; &release.bugfix;. More 298124801Sbmah information about these problems has been posted to the 299124801Sbmah &a.current;, in particular the thread entitled <ulink 300124947Sbmah url="http://lists.FreeBSD.org/pipermail/freebsd-current/2004-January/thread.html#18084"> 301124801Sbmah <quote>[PATCH] IPSec fixes</quote></ulink>.</para> 302124801Sbmah 303126389Sbmah <para>(28 Feb 2004) The edition of the Porters Handbook included 304126389Sbmah with &os; &release.bugfix; contained an incorrect value for 305126389Sbmah &release.bugfix;'s <varname>__FreeBSD_version</varname>. The 306126389Sbmah correct value is <literal>502010</literal>.</para> 307126389Sbmah 308115963Sbmah]]> 309112477Sbmah 31076082Sbmah </sect1> 31176082Sbmah 312109309Sbmah <sect1 id="late-news"> 313109309Sbmah <title>Late-Breaking News</title> 314109309Sbmah 315115963Sbmah<![ %release.type.release [ 316115963Sbmah <para>No news.</para> 317115963Sbmah]]> 318109583Schris 319115963Sbmah<![ %release.type.snapshot [ 320124352Sbmah 321126389Sbmah <para>(10 Jan 2004, updated 28 Feb 2004) The TCP implementation in &os; now includes 322124352Sbmah protection against a certain class of TCP MSS resource 323124352Sbmah exhaustion attacks, in the form of limits on the size and rate 324124352Sbmah of TCP segments. The first limit sets the minimum allowed 325124352Sbmah maximum TCP segment size, and is controlled by the 326124352Sbmah <varname>net.inet.tcp.minmss</varname> sysctl variable (the 327124352Sbmah default value is <literal>216</literal> bytes). The second 328124352Sbmah limit is set by the 329124352Sbmah <varname>net.inet.tcp.minmssoverload</varname> variable, and 330124352Sbmah controls the maximum rate of connections whose average segment 331124352Sbmah size is less than <varname>net.inet.tcp.minmss</varname>. 332124352Sbmah Connections exceeding this packet rate are reset and dropped. 333124352Sbmah Because this feature was added late in the &release.prev; 334124352Sbmah release cycle, connection rate limiting is disabled by default, 335124352Sbmah but can be enabled manually by assigning a non-zero value to 336126389Sbmah <varname>net.inet.tcp.minmssoverload</varname>. This feature 337126389Sbmah was added to &os; &release.prev; too late for inclusion in its 338126389Sbmah release notes.</para> 339124352Sbmah 340115963Sbmah]]> 341109309Sbmah 342115963Sbmah </sect1> 343109583Schris 34476082Sbmah</article> 345