article.xml revision 134118
1<!-- 2 FreeBSD errata document. Unlike some of the other RELNOTESng 3 files, this file should remain as a single SGML file, so that 4 the dollar FreeBSD dollar header has a meaningful modification 5 time. This file is all but useless without a datestamp on it, 6 so we'll take some extra care to make sure it has one. 7 8 (If we didn't do this, then the file with the datestamp might 9 not be the one that received the last change in the document.) 10 11--> 12 13<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ 14<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN"> 15%articles.ent; 16 17<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> 18%release; 19<!ENTITY release.bugfix "5.2.1-RELEASE"> 20]> 21 22<article> 23 <articleinfo> 24 <title>&os; 25<![ %release.type.snapshot [ 26 &release.prev; 27]]> 28<![ %release.type.release [ 29 &release.current; 30]]> 31 Errata</title> 32 33 <corpauthor> 34 The &os; Project 35 </corpauthor> 36 37 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/errata/article.sgml 134118 2004-08-21 14:27:21Z hrs $</pubdate> 38 39 <copyright> 40 <year>2000</year> 41 <year>2001</year> 42 <year>2002</year> 43 <year>2003</year> 44 <year>2004</year> 45 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 46 </copyright> 47 48 <legalnotice id="trademarks" role="trademarks"> 49 &tm-attrib.freebsd; 50 &tm-attrib.intel; 51 &tm-attrib.sparc; 52 &tm-attrib.general; 53 </legalnotice> 54 </articleinfo> 55 56 <abstract> 57 <para>This document lists errata items for &os; 58<![ %release.type.current [ 59 &release.prev;, 60]]> 61<![ %release.type.snapshot [ 62 &release.prev;, 63]]> 64<![ %release.type.release [ 65 &release.current;, 66]]> 67 containing significant information discovered after the release 68 or too late in the release cycle to be otherwise included in the 69 release documentation. 70 This information includes security advisories, as well as news 71 relating to the software or documentation that could affect its 72 operation or usability. An up-to-date version of this document 73 should always be consulted before installing this version of 74 &os;.</para> 75 76 <para>This document also contains errata for &os; 77 &release.bugfix;, a <quote>point release</quote> made about one 78 month after &os; &release.prev;. Unless otherwise noted, all 79 errata items in this document apply to both &release.prev; 80 and &release.bugfix;.</para> 81 82 <para>This errata document for &os; 83<![ %release.type.current [ 84 &release.prev; 85]]> 86<![ %release.type.snapshot [ 87 &release.prev; 88]]> 89<![ %release.type.release [ 90 &release.current; 91]]> 92 will be maintained until the release of &os; &release.next;.</para> 93 </abstract> 94 95 <sect1 id="intro"> 96 <title>Introduction</title> 97 98 <para>This errata document contains <quote>late-breaking news</quote> 99 about &os; 100<![ %release.type.current [ 101 &release.prev;. 102]]> 103<![ %release.type.snapshot [ 104 &release.prev;. 105]]> 106<![ %release.type.release [ 107 &release.current;. 108]]> 109 Before installing this version, it is important to consult this 110 document to learn about any post-release discoveries or problems 111 that may already have been found and fixed.</para> 112 113 <para>Any version of this errata document actually distributed 114 with the release (for example, on a CDROM distribution) will be 115 out of date by definition, but other copies are kept updated on 116 the Internet and should be consulted as the <quote>current 117 errata</quote> for this release. These other copies of the 118 errata are located at <ulink 119 url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites 120 which keep up-to-date mirrors of this location.</para> 121 122 <para>Source and binary snapshots of &os; &release.branch; also 123 contain up-to-date copies of this document (as of the time of 124 the snapshot).</para> 125 126 <para>For a list of all &os; CERT security advisories, see <ulink 127 url="http://www.FreeBSD.org/security/"></ulink> or <ulink 128 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para> 129 130 </sect1> 131 132 <sect1 id="security"> 133 <title>Security Advisories</title> 134 135<![ %release.type.release [ 136 <para>No advisories.</para> 137]]> 138 139<![ %release.type.current [ 140 <para>No advisories.</para> 141]]> 142 143<![ %release.type.snapshot [ 144 145 <para>(30 Jan 2004, updated 28 Feb 2004) A bug in &man.mksnap.ffs.8; causes the creation of a 146 filesystem snapshot to reset the flags on the filesystem to 147 their default values. The possible consequences depend on local 148 usage, but can include disabling extended access control lists 149 or enabling the use of setuid executables stored on an untrusted 150 filesystem. This bug also affects the &man.dump.8; 151 <option>-L</option> option, which uses &man.mksnap.ffs.8;. Note 152 that &man.mksnap.ffs.8; is normally only available to the 153 superuser and members of the <groupname>operator</groupname> 154 group. This bug has been fixed on the &os; &release.prev; 155 security fix branch and in &os; &release.bugfix;. For more information, see security advisory <ulink 156 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para> 157 158 <para>(8 Feb 2004, updated 28 Feb 2004) A bug with the System V Shared Memory interface 159 (specifically the &man.shmat.2; system call) 160 can cause a shared memory segment to reference 161 unallocated kernel memory. In turn, this can permit a local 162 attacker to gain unauthorized access to parts of kernel memory, 163 possibly resulting in disclosure of sensitive information, 164 bypass of access control mechanisms, or privilege escalation. 165 This bug has been fixed on the &os; &release.prev; 166 security fix branch and in &os; &release.bugfix;. 167 More details, including bugfix and workaround information, 168 can be found in security advisory <ulink 169 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>.</para> 170 171 <para>(28 Feb 2004) It is possible, under some circumstances, for 172 a processor with superuser privileges inside a &man.jail.8; 173 environment to change its root directory to a different jail, 174 giving it read and write access to the files and directories 175 within. This vulnerability has been closed on the &os; 176 &release.prev; security fix branch and in &os; 177 &release.bugfix;. Information on the bug fix can be found in 178 security advisory <ulink 179 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para> 180 181 <para>(4 Mar 2004) It is possible for a remote attacker to conduct 182 a low-bandwidth denial-of-service attack against a machine 183 providing TCP-based services, filling up the target's memory 184 buffers and potentially leading to a system crash. This 185 vulnerability has been addressed on the &os; &release.prev; 186 security fix branch, but is present in both &os; &release.prev; 187 and &release.bugfix;. Security advisory <ulink 188 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink> 189 contains more details, as well as information on patching 190 existing systems.</para> 191 192 <para>(17 Mar 2004) By performing a specially crafted SSL/TLS 193 handshake with an application that uses OpenSSL a null pointer 194 may be dereferenced. This may in turn cause the application to 195 crash, resulting in a denial of service attack. For more information 196 see the Security Advisory <ulink 197 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc">FreeBSD-SA-04:05</ulink> 198 which contains more details and instructions on how to patch existing 199 systems.</para> 200 201 <para>(29 Mar 2004) A local attacker may take advantage of a 202 programming error in the handling of certain IPv6 socket options 203 in the &man.setsockopt.2; system call to read portions of kernel 204 memory without proper authorization. This may result in disclosure 205 of sensitive data, or potentially cause a panic. See Security 206 Advisory <ulink 207 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc">FreeBSD-SA-04:06</ulink> 208 for a more detailed description and instructions on how to patch 209 existing systems.</para> 210 211 <para>(9 May 2004) Two programming errors in 212 <application>CVS</application> can allow a server to overwrite 213 arbitrary files on the client, and a client to read arbitrary 214 files on the server when accessing remote CVS repositories. 215 More details, including patch and upgrade information, can be 216 found in security advisory <ulink 217 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc">FreeBSD-SA-04:07</ulink>.</para> 218 219 <para>(9 May 2004) <application>Heimdal</application> may, under 220 some circumstances, not perform adequate checking of 221 authentication across autonomous realms. For more information, 222 see security advisory <ulink 223 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:08.heimdal.asc">FreeBSD-SA-04:08</ulink>.</para> 224 225]]> 226 227 </sect1> 228 229 <sect1 id="open-issues"> 230 <title>Open Issues</title> 231 232<![ %release.type.current [ 233 <para>No open issues.</para> 234]]> 235 236<![ %release.type.release [ 237 <para>No open issues.</para> 238]]> 239 240<![ %release.type.snapshot [ 241 242 <para>(9 Jan 2004) Due to a change in &man.cpp.1; behavior, the 243 login screen for &man.xdm.1; is in black and white, even on 244 systems with color displays. As a workaround, update to a newer 245 version of the 246 <filename role="package">x11/XFree86-4-clients</filename> 247 port/package.</para> 248 249 <para>(9 Jan 2004) There remain some residual problems with ACPI. 250 In some cases, systems may behave erratically, or hang at boot 251 time. As a workaround, disable ACPI, using the <quote>safe 252 mode</quote> option of the bootloader or using the 253 <varname>hint.acpi.0.disabled</varname> kernel environment 254 variable. These problems are being investigated. For problems 255 that have not already been reported (check the mailing list 256 archives <emphasis>before</emphasis> posting), sending the 257 output of &man.dmesg.8; and &man.acpidump.8; to the 258 &a.current; may help diagnose the problem.</para> 259 260 <para>(9 Jan 2004, updated 28 Feb 2004) In some cases, ATA devices may behave 261 erratically, particularly SATA devices. Reported symptoms 262 include command timeouts or missing interrupts. These problems 263 appear to be timing-dependent, making them rather difficult to 264 isolate. Workarounds include:</para> 265 266 <itemizedlist> 267 <listitem> 268 <para>Turn off ATA DMA using the <quote>safe mode</quote> 269 option of the bootloader or the 270 <varname>hw.ata.ata_dma</varname> sysctl variable.</para> 271 </listitem> 272 273 <listitem> 274 <para>Use the host's BIOS setup options to put the ATA 275 controller in its <quote>legacy mode</quote>, if 276 available.</para> 277 </listitem> 278 279 <listitem> 280 <para>Disable ACPI, for example using the <quote>safe mode</quote> 281 option of the bootloader or using the 282 <varname>hint.acpi.0.disabled</varname> kernel environment 283 variable.</para> 284 </listitem> 285 </itemizedlist> 286 287 <para>Some of these problems were addressed in &os; 288 &release.bugfix; with the import of a newer &man.ata.4; from 289 &release.current;.</para> 290 291 <para>(9 Jan 2004) Installing over NFS when using the install 292 floppies requires that the <filename>nfsclient.ko</filename> 293 module be manually loaded from the third floppy disk. This can 294 be done by following the prompts when &man.sysinstall.8; 295 launches to load a driver off of the third floppy disk.</para> 296 297 <para>(9 Jan 2004) The use of multiple vchans (virtual audio 298 channels with dynamic mixing in software) in the &man.pcm.4; 299 driver has been known to cause some instability.</para> 300 301 <para>(10 Jan 2004) Although APIC interrupt routing seems to work 302 correctly on many systems, on some others (such as some laptops) 303 it can cause various errors, such as &man.ata.4; errors or hangs 304 when starting or exiting X11. For these situations, it may be 305 advisable to disable APIC routing, using the <quote>safe 306 mode</quote> of the bootloader or the 307 <varname>hint.apic.0.disabled</varname> loader tunable. Note 308 that disabling APIC is not compatible with SMP systems.</para> 309 310 <para>(10 Jan 2004, updated 28 Feb 2004) The NFSv4 client may panic when attempting an 311 NFSv4 operation against an NFSv3/NFSv2-only server. This 312 problem has been fixed with revision 1.4 of 313 <filename>src/sys/rpc/rpcclnt.c</filename> in &os; 314 &release.current;. It was also fixed in &os; 315 &release.bugfix;.</para> 316 317 <para>(11 Jan 2004, updated 28 Feb 2004) Some problems have been encountered when using 318 third-party NSS modules, such as <filename>nss_ldap</filename>, 319 and groups with large membership lists. These have been fixed 320 with revision 1.2 of <filename>src/include/nss.h</filename> and 321 revision 1.2 of 322 <filename>src/lib/libc/net/nss_compat.c</filename> in &os; 323 &release.current;; this fix was backported to &os; 324 &release.bugfix;.</para> 325 326 <para>(13 Jan 2004) The &os; &release.current; release notes 327 incorrectly stated that <application>GCC</application> was a 328 post-release GCC 3.3.3 snapshot. They should have stated that 329 GCC was a <emphasis>pre-release</emphasis> GCC 3.3.3 330 snapshot.</para> 331 332 <para>(13 Jan 2004, updated 28 Feb 2004) The <filename 333 role="package">sysutils/kdeadmin3</filename> port/package has a 334 bug in the <application>KUser</application> component that can 335 cause deletion of the <username>root</username> user from the 336 system password file. Users are strongly urged to upgrade to 337 version 3.1.4_1 of this port/package. The package set included 338 with &os; &release.bugfix; contains the fixed version of this 339 package.</para> 340 341 <para>(21 Jan 2004, updated 28 Feb 2004) Some bugs in the IPsec implementation imported 342 from the KAME Project can result in memory objects being freed 343 before all references to them were removed. Reported symptoms 344 include erratic behavior or kernel panics after flushing the 345 Security Policy Database (SPD). Some of these problems have 346 been fixed in &os; &release.current; in rev. 1.31 of 347 <filename>src/sys/netinet6/ipsec.c</filename>, rev. 1.136 of 348 <filename>src/sys/netinet/in_pcb.c</filename>, and revs. 1.63 349 and 1.64 of <filename>src/sys/netkey/key.c</filename>. These 350 bugfixes were backported to &os; &release.bugfix;. More 351 information about these problems has been posted to the 352 &a.current;, in particular the thread entitled <ulink 353 url="http://lists.FreeBSD.org/pipermail/freebsd-current/2004-January/thread.html#18084"> 354 <quote>[PATCH] IPSec fixes</quote></ulink>.</para> 355 356 <para>(28 Feb 2004) The edition of the Porters Handbook included 357 with &os; &release.bugfix; contained an incorrect value for 358 &release.bugfix;'s <varname>__FreeBSD_version</varname>. The 359 correct value is <literal>502010</literal>.</para> 360 361]]> 362 363 </sect1> 364 365 <sect1 id="late-news"> 366 <title>Late-Breaking News</title> 367 368<![ %release.type.current [ 369 <para>No news.</para> 370]]> 371 372<![ %release.type.release [ 373 <para>No news.</para> 374]]> 375 376<![ %release.type.snapshot [ 377 378 <para>(10 Jan 2004, updated 28 Feb 2004) The TCP implementation in &os; now includes 379 protection against a certain class of TCP MSS resource 380 exhaustion attacks, in the form of limits on the size and rate 381 of TCP segments. The first limit sets the minimum allowed 382 maximum TCP segment size, and is controlled by the 383 <varname>net.inet.tcp.minmss</varname> sysctl variable (the 384 default value is <literal>216</literal> bytes). The second 385 limit is set by the 386 <varname>net.inet.tcp.minmssoverload</varname> variable, and 387 controls the maximum rate of connections whose average segment 388 size is less than <varname>net.inet.tcp.minmss</varname>. 389 Connections exceeding this packet rate are reset and dropped. 390 Because this feature was added late in the &release.prev; 391 release cycle, connection rate limiting is disabled by default, 392 but can be enabled manually by assigning a non-zero value to 393 <varname>net.inet.tcp.minmssoverload</varname>. This feature 394 was added to &os; &release.prev; too late for inclusion in its 395 release notes.</para> 396 397]]> 398 399 </sect1> 400 401</article> 402