article.xml revision 111834 
1<!-- 
2	FreeBSD errata document.  Unlike some of the other RELNOTESng
3	files, this file should remain as a single SGML file, so that
4	the dollar FreeBSD dollar header has a meaningful modification
5	time.  This file is all but useless without a datestamp on it,
6	so we'll take some extra care to make sure it has one.
7
8	(If we didn't do this, then the file with the datestamp might
9	not be the one that received the last change in the document.)
10
11-->
12
13<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
14<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN">
15%man;
16<!ENTITY % authors PUBLIC  "-//FreeBSD//ENTITIES DocBook Author Entities//EN">
17%authors;
18<!ENTITY % mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN">
19%mlists;
20<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
21%release;
22]>
23
24<article>
25  <articleinfo>
26    <title>&os;
27<![ %release.type.snapshot [
28    &release.prev;
29]]>
30<![ %release.type.release [
31    &release.current;
32]]>
33    Errata</title>
34
35    <corpauthor>
36    The &os; Project
37    </corpauthor>
38
39    <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/errata/article.sgml 111834 2003-03-03 18:20:00Z bmah $</pubdate>
40
41    <copyright>
42      <year>2000</year>
43      <year>2001</year>
44      <year>2002</year>
45      <year>2003</year>
46      <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
47    </copyright>
48  </articleinfo>
49
50  <abstract>
51    <para>This document lists errata items for &os; 
52<![ %release.type.snapshot [
53      &release.prev;,
54]]>
55<![ %release.type.release [
56      &release.current;,
57]]>
58      containing significant information discovered after the release.
59      This information includes security advisories, as well as news
60      relating to the software or documentation that could affect its
61      operation or usability.  An up-to-date version of this document
62      should always be consulted before installing this version of
63      &os;.</para>
64
65    <para>This errata document for &os; 
66<![ %release.type.snapshot [
67      &release.prev;
68]]>
69<![ %release.type.release [
70      &release.current;
71]]>
72      will be maintained until the release of &os; 5.1-RELEASE.</para>
73  </abstract>
74
75  <sect1 id="intro">
76    <title>Introduction</title>
77
78    <para>This errata document contains <quote>late-breaking news</quote>
79      about &os;
80<![ %release.type.snapshot [
81      &release.prev;.
82]]>
83<![ %release.type.release [
84      &release.current;.
85]]>
86      Before installing this version, it is important to consult this
87      document to learn about any post-release discoveries or problems
88      that may already have been found and fixed.</para>
89
90    <para>Any version of this errata document actually distributed
91      with the release (for example, on a CDROM distribution) will be
92      out of date by definition, but other copies are kept updated on
93      the Internet and should be consulted as the <quote>current
94      errata</quote> for this release.  These other copies of the
95      errata are located at <ulink
96      url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites
97      which keep up-to-date mirrors of this location.</para>
98
99    <para>Source and binary snapshots of &os; &release.branch; also
100      contain up-to-date copies of this document (as of the time of
101      the snapshot).</para>
102
103    <para>For a list of all &os; CERT security advisories, see <ulink
104      url="http://www.FreeBSD.org/security/"></ulink> or <ulink
105      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para>
106
107  </sect1>
108
109  <sect1 id="security">
110    <title>Security Advisories</title>
111
112    <para>Remotely exploitable vulnerabilities in
113      <application>CVS</application> could allow an attacker to
114      execute arbitrary comands on a CVS server.  More details can be
115      found in security advisory <ulink
116      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc">FreeBSD-SA-03:01</ulink>.</para>
117
118    <para>A timing-based attack on <application>OpenSSL</application>,
119      could allow a very powerful attacker access to plaintext
120      under certain circumstances.  This problem has been corrected in
121      &os; &release.current; with an upgrade
122      to <application>OpenSSL</application> 0.9.7.  On supported
123      security fix branches, this problem has been corrected with the
124      import of <application>OpenSSL</application> 0.9.6i.  See security
125      advisory <ulink
126      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc">FreeBSD-SA-03:02</ulink>
127      for more details.</para>
128
129    <para>It may be possible to recover the shared secret key used by
130      the implementation of the <quote>syncookies</quote> feature.
131      This reduces its effectiveness in dealing with TCP SYN flood
132      denial-of-service attacks.  Workaround information and fixes are
133      given in security advisory <ulink
134      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc">FreeBSD-SA-03:03</ulink>.</para>
135
136    <para>Due to a buffer overflow in header parsing, a remote
137      attacker could create a specially crafted message that may cause
138      <application>sendmail</application> to execute arbitrary code
139      with the privileges of the user running sendmail, typically
140      <username>root</username>.  More information, including pointers
141      to patches, can be found in security advisory <ulink
142      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc">FreeBSD-SA-03:04</ulink>.</para>
143
144  </sect1>
145
146  <sect1 id="late-news">
147    <title>Late-Breaking News</title>
148
149    <bridgehead renderas="sect3">GEOM</bridgehead>
150
151    <para>The &man.geom.4;-based disk partitioning code in the kernel
152      will not allow an open partition to be overwritten.  This
153      usually prevents the use of <command>disklabel -B</command> to
154      update the boot blocks on a disk because the
155      <literal>a</literal> partition overlaps the space where the boot
156      blocks are stored.  A suggested workaround is to boot from an
157      alternate disk, a CDROM, or a fixit floppy.</para>
158
159    <bridgehead renderas="sect3">&man.dump.8;</bridgehead>
160
161    <para>When using disk media with sector sizes larger than 512
162      bytes (for instance, &man.gbde.4; encrypted disks), the
163      &man.dump.8; program fails to respect the larger sector size and
164      cannot dump the partition.  One possible workaround is to copy
165      the entire file system in raw format and dump the copy.  It is,
166      for instance, possible to dump a file system stored in a regular
167      file:</para>
168
169      <screen>&prompt.root; <userinput>dd if=/dev/ad0s1d.bde of=/junk/ad0.dd bs=1m</userinput>
170&prompt.root; <userinput>dump 0f - /junk/ad0.dd | ...</userinput></screen>
171
172    <para>A simpler workaround is to use &man.tar.1; or &man.cpio.1;
173      to make backup copies.</para>
174
175    <bridgehead renderas="sect3">&man.mly.4;</bridgehead>
176
177    <para>Hangs were reported during &os; 5.0 snapshot
178      installations when installing to &man.mly.4;-supported RAID
179      arrays, in hardware configurations that appear to work fine
180      under &os; 4.7-RELEASE.  These problems have been corrected
181      in &os; &release.current;.</para>
182
183    <bridgehead renderas="sect3">NETNCP/Netware File System
184      Support</bridgehead>
185
186    <para>NETNCP and nwfs appear to be as-yet unadapted for KSE, and
187      hence not working.  These have been fixed in &os;
188      &release.current;.</para>
189
190    <bridgehead renderas="sect3">&man.iir.4; controller</bridgehead>
191
192    <para>During installation, the &man.iir.4; controller appears to
193      probe correctly, but finds no disk devices.</para>
194
195    <bridgehead renderas="sect3">&man.truss.1; race condition</bridgehead>
196
197    <para>&man.truss.1; appears to contain a race condition during the
198      start-up of debugging, which can result in &man.truss.1; failing
199      to attach to the process before it exists.  The symptom is that
200      &man.truss.1; reports that it cannot open the &man.procfs.5;
201      node supporting the process being debugged.  A bug also appears
202      to exist wherein &man.truss.1; will hang if &man.execve.2;
203      returns <literal>ENOENT</literal> A further race appears to
204      exist in which &man.truss.1; will return <errorname>PIOCWAIT:
205      Input/output error</errorname> occasionally on startup.  The fix
206      for this sufficiently changes process execution handling that it
207      has been deferred until after 5.0.</para>
208
209    <bridgehead renderas="sect3">Disk Partitioning in Installer</bridgehead>
210
211    <para>Some bugs have been reported in &man.sysinstall.8; disk
212      partitioning.  One observed problem on the i386 is that
213      &man.sysinstall.8; cannot recalculate the free space left on a
214      disk after changing the type of an FDISK-type partition.</para>
215
216    <bridgehead renderas="sect3">Stale Documentation</bridgehead>
217
218    <para>In some case, documentation (such as the FAQ or Handbook)
219      has not been updated to take into account &os; &release.prev;
220      features.  Examples of areas where documentation is still
221      needed include &man.gbde.8; and the new <quote>fast
222      IPsec</quote> implementation.</para>
223
224    <bridgehead renderas="sect3">SMB File System</bridgehead>
225
226    <para>Attempting to unmount smbfs shares may fail with
227      <errorname>Device busy</errorname> errors even when the
228      mount-point is not really busy.  A workaround is to keep trying
229      to unmount the share until it eventually succeeds.  This bug has
230      been fixed in &release.current;.</para>
231
232    <para>Forcefully unmounting (<command>umount -f</command>) smbfs
233      shares may cause a kernel panic.  This bug has been fixed in
234      &release.current;.</para>
235
236    <bridgehead renderas="sect3">&man.fstat.2;</bridgehead>
237
238    <para>When called on a connected socket file descriptor,
239      &man.fstat.2; is supposed to return the number of bytes
240      available to read in the <varname>st_size</varname> member of
241      <varname>struct stat</varname>. However,
242      <varname>st_size</varname> is always erroneously reported as
243      <literal>0</literal> on TCP sockets.  This bug has been fixed in
244      &release.current;.</para>
245
246    <bridgehead renderas="sect3">Kernel Event Queues</bridgehead>
247
248    <para>The &man.kqueue.2; <literal>EVFILT_READ</literal> filter
249      erroneously indicates that <literal>0</literal> bytes are
250      available to be read on TCP sockets, regardless of the number of
251      bytes that are actually available. The
252      <literal>NOTE_LOWAT</literal> flag for
253      <literal>EVFILT_READ</literal> is also broken on TCP sockets.
254      This bug has been fixed in &release.current;.</para>
255
256    <bridgehead renderas="sect3">POSIX Named Semaphores</bridgehead>
257
258    <para>&os; &release.prev; introduced support for POSIX named semaphores
259      but the implementation contains a critical bug that causes
260      &man.sem.open.3; to incorrectly handle the opening of the same
261      semaphore multiple times by the same process, and that causes
262      &man.sem.close.3; to crash calling programs.  This bug has been
263      fixed in &release.current;.</para>
264
265    <bridgehead renderas="sect3"><filename>/dev/tty</filename>
266      Permissions</bridgehead>
267
268    <para>&os; &release.prev; has a minor bug in how the permissions of
269      <filename>/dev/tty</filename> are handled.  This can be
270      triggered by logging in as a non-<username>root</username>,
271      non-<groupname>tty</groupname> group user, and using &man.su.1;
272      to switch to a second non-<username>root</username>,
273      non-<groupname>tty</groupname> group user.  &man.ssh.1; will
274      fail because it cannot open <filename>/dev/tty</filename>.  This
275      bug has been fixed in &release.current;.</para>
276
277    <bridgehead renderas="sect3">&man.growfs.8;</bridgehead>
278
279    <para>&man.growfs.8; no longer works on &man.vinum.4; volumes (and
280      presumably, on &man.geom.4; entities) since these subsystems no
281      longer fake disklabels, but &man.growfs.8; insists on examining
282      a label.</para>
283
284    <bridgehead renderas="sect3">IPFW</bridgehead>
285
286    <para>&man.ipfw.4; <literal>skipto</literal> rules do not work
287      when coupled with the <literal>log</literal> keyword.
288      &man.ipfw.4; <literal>uid</literal> rules also do not work
289      properly.  These bugs
290      have been fixed in &release.current;.</para>
291
292    <bridgehead renderas="sect3">Passwords and &man.adduser.8;</bridgehead>
293
294    <para>&man.adduser.8; does not correctly handle setting user
295      passwords containing special shell characters.  This problem has
296      been corrected in &release.current;.</para>
297
298    <bridgehead renderas="sect3">&man.xl.4;</bridgehead>
299
300    <para>The &man.xl.4; driver has a timing bug that may cause a
301      kernel panic (or other problems) when attempting to configure an
302      interface.  This bug has been fixed in &release.current;.</para>
303
304    <bridgehead renderas="sect3">ISC DHCP</bridgehead>
305
306    <para><application>ISC DHCP</application> was updated to
307      3.0.1rc11.  This update was actually a part of &os;
308      &release.prev;, but was not documented in the release
309      notes.</para>
310
311    <bridgehead renderas="sect3">&man.amd.8;
312      Interoperability</bridgehead>
313
314    <para>&release.prev; contains some bugs in its non-blocking RPC
315      code.  The most noticeable side-effect of these bugs was that
316      &man.amd.8; users were not able to mount volumes from a
317      &release.prev; server.  This bug has been fixed in
318      &release.current;.</para>
319
320  </sect1>
321</article>
322