article.xml revision 114233 
1<!-- 
2	FreeBSD errata document.  Unlike some of the other RELNOTESng
3	files, this file should remain as a single SGML file, so that
4	the dollar FreeBSD dollar header has a meaningful modification
5	time.  This file is all but useless without a datestamp on it,
6	so we'll take some extra care to make sure it has one.
7
8	(If we didn't do this, then the file with the datestamp might
9	not be the one that received the last change in the document.)
10
11-->
12
13<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
14<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN">
15%man;
16<!ENTITY % authors PUBLIC  "-//FreeBSD//ENTITIES DocBook Author Entities//EN">
17%authors;
18<!ENTITY % mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN">
19%mlists;
20<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
21%release;
22]>
23
24<article>
25  <articleinfo>
26    <title>&os;
27<![ %release.type.snapshot [
28    &release.prev;
29]]>
30<![ %release.type.release [
31    &release.current;
32]]>
33    Errata</title>
34
35    <corpauthor>
36    The &os; Project
37    </corpauthor>
38
39    <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/errata/article.sgml 114233 2003-04-29 17:44:37Z trhodes $</pubdate>
40
41    <copyright>
42      <year>2000</year>
43      <year>2001</year>
44      <year>2002</year>
45      <year>2003</year>
46      <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
47    </copyright>
48  </articleinfo>
49
50  <abstract>
51    <para>This document lists errata items for &os; 
52<![ %release.type.snapshot [
53      &release.prev;,
54]]>
55<![ %release.type.release [
56      &release.current;,
57]]>
58      containing significant information discovered after the release
59      or too late in the release cycle to be otherwise included in the
60      release documentation.
61      This information includes security advisories, as well as news
62      relating to the software or documentation that could affect its
63      operation or usability.  An up-to-date version of this document
64      should always be consulted before installing this version of
65      &os;.</para>
66
67    <para>This errata document for &os; 
68<![ %release.type.snapshot [
69      &release.prev;
70]]>
71<![ %release.type.release [
72      &release.current;
73]]>
74      will be maintained until the release of &os; 5.1-RELEASE.</para>
75  </abstract>
76
77  <sect1 id="intro">
78    <title>Introduction</title>
79
80    <para>This errata document contains <quote>late-breaking news</quote>
81      about &os;
82<![ %release.type.snapshot [
83      &release.prev;.
84]]>
85<![ %release.type.release [
86      &release.current;.
87]]>
88      Before installing this version, it is important to consult this
89      document to learn about any post-release discoveries or problems
90      that may already have been found and fixed.</para>
91
92    <para>Any version of this errata document actually distributed
93      with the release (for example, on a CDROM distribution) will be
94      out of date by definition, but other copies are kept updated on
95      the Internet and should be consulted as the <quote>current
96      errata</quote> for this release.  These other copies of the
97      errata are located at <ulink
98      url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites
99      which keep up-to-date mirrors of this location.</para>
100
101    <para>Source and binary snapshots of &os; &release.branch; also
102      contain up-to-date copies of this document (as of the time of
103      the snapshot).</para>
104
105    <para>For a list of all &os; CERT security advisories, see <ulink
106      url="http://www.FreeBSD.org/security/"></ulink> or <ulink
107      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para>
108
109  </sect1>
110
111  <sect1 id="security">
112    <title>Security Advisories</title>
113
114    <para>Remotely exploitable vulnerabilities in
115      <application>CVS</application> could allow an attacker to
116      execute arbitrary comands on a CVS server.  More details can be
117      found in security advisory <ulink
118      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc">FreeBSD-SA-03:01</ulink>.</para>
119
120    <para>A timing-based attack on <application>OpenSSL</application>,
121      could allow a very powerful attacker access to plaintext
122      under certain circumstances.  This problem has been corrected in
123      &os; &release.current; with an upgrade
124      to <application>OpenSSL</application> 0.9.7.  On supported
125      security fix branches, this problem has been corrected with the
126      import of <application>OpenSSL</application> 0.9.6i.  See security
127      advisory <ulink
128      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc">FreeBSD-SA-03:02</ulink>
129      for more details.</para>
130
131    <para>It may be possible to recover the shared secret key used by
132      the implementation of the <quote>syncookies</quote> feature.
133      This reduces its effectiveness in dealing with TCP SYN flood
134      denial-of-service attacks.  Workaround information and fixes are
135      given in security advisory <ulink
136      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc">FreeBSD-SA-03:03</ulink>.</para>
137
138    <para>Due to buffer overflows in header parsing in <application>sendmail</application>, a remote
139      attacker can create a specially-crafted message that may cause
140      &man.sendmail.8; to execute arbitrary code
141      with the privileges of the user running it, typically
142      <username>root</username>.  More information, including pointers
143      to patches, can be found in security advisories <ulink
144      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc">FreeBSD-SA-03:04</ulink>
145      and <ulink
146      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc">FreeBSD-SA-03:07</ulink>.</para>
147
148    <para>The XDR encoder/decoder does incorrect bounds-checking,
149      which could allow a remote attacker to cause a
150      denial-of-service.  For bugfix information, see security
151      advisory <ulink
152      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:05.xdr.asc">FreeBSD-SA-03:05</ulink>.</para>
153
154    <para><application>OpenSSL</application> has been found
155      vulnerable to two recently-disclosed attacks.  Information
156      on workarounds and patches for supported security branches is
157      contained in security advisory <ulink
158      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:06.openssl.asc">FreeBSD-SA-03:06</ulink>.</para>
159
160  </sect1>
161
162  <sect1 id="late-news">
163    <title>Late-Breaking News</title>
164
165    <bridgehead renderas="sect3">GEOM</bridgehead>
166
167    <para>The &man.geom.4;-based disk partitioning code in the kernel
168      will not allow an open partition to be overwritten.  This
169      usually prevents the use of <command>disklabel -B</command> to
170      update the boot blocks on a disk because the
171      <literal>a</literal> partition overlaps the space where the boot
172      blocks are stored.  A suggested workaround is to boot from an
173      alternate disk, a CDROM, or a fixit floppy.</para>
174
175    <bridgehead renderas="sect3">&man.dump.8;</bridgehead>
176
177    <para>When using disk media with sector sizes larger than 512
178      bytes (for instance, &man.gbde.4; encrypted disks), the
179      &man.dump.8; program fails to respect the larger sector size and
180      cannot dump the partition.  One possible workaround is to copy
181      the entire file system in raw format and dump the copy.  It is,
182      for instance, possible to dump a file system stored in a regular
183      file:</para>
184
185      <screen>&prompt.root; <userinput>dd if=/dev/ad0s1d.bde of=/junk/ad0.dd bs=1m</userinput>
186&prompt.root; <userinput>dump 0f - /junk/ad0.dd | ...</userinput></screen>
187
188    <para>A simpler workaround is to use &man.tar.1; or &man.cpio.1;
189      to make backup copies.</para>
190
191    <bridgehead renderas="sect3">&man.mly.4;</bridgehead>
192
193    <para>Hangs were reported during &os; 5.0 snapshot
194      installations when installing to &man.mly.4;-supported RAID
195      arrays, in hardware configurations that appear to work fine
196      under &os; 4.7-RELEASE.  These problems have been corrected
197      in &os; &release.current;.</para>
198
199    <bridgehead renderas="sect3">NETNCP/Netware File System
200      Support</bridgehead>
201
202    <para>NETNCP and nwfs appear to be as-yet unadapted for KSE, and
203      hence not working.  These have been fixed in &os;
204      &release.current;.</para>
205
206    <bridgehead renderas="sect3">&man.iir.4; controller</bridgehead>
207
208    <para>During installation, the &man.iir.4; controller appears to
209      probe correctly, but finds no disk devices.</para>
210
211    <bridgehead renderas="sect3">&man.truss.1; race condition</bridgehead>
212
213    <para>&man.truss.1; appears to contain a race condition during the
214      start-up of debugging, which can result in &man.truss.1; failing
215      to attach to the process before it exists.  The symptom is that
216      &man.truss.1; reports that it cannot open the &man.procfs.5;
217      node supporting the process being debugged.  A bug also appears
218      to exist wherein &man.truss.1; will hang if &man.execve.2;
219      returns <literal>ENOENT</literal> A further race appears to
220      exist in which &man.truss.1; will return <errorname>PIOCWAIT:
221      Input/output error</errorname> occasionally on startup.  The fix
222      for this sufficiently changes process execution handling that it
223      has been deferred until after 5.0.</para>
224
225    <bridgehead renderas="sect3">Disk Partitioning in Installer</bridgehead>
226
227    <para>Some bugs have been reported in &man.sysinstall.8; disk
228      partitioning.  One observed problem on the i386 is that
229      &man.sysinstall.8; cannot recalculate the free space left on a
230      disk after changing the type of an FDISK-type partition.</para>
231
232    <bridgehead renderas="sect3">Stale Documentation</bridgehead>
233
234    <para>In some case, documentation (such as the FAQ or Handbook)
235      has not been updated to take into account &os; &release.prev;
236      features.  Examples of areas where documentation is still
237      needed include &man.gbde.8; and the new <quote>fast
238      IPsec</quote> implementation.</para>
239
240    <bridgehead renderas="sect3">SMB File System</bridgehead>
241
242    <para>Attempting to unmount smbfs shares may fail with
243      <errorname>Device busy</errorname> errors even when the
244      mount-point is not really busy.  A workaround is to keep trying
245      to unmount the share until it eventually succeeds.  This bug has
246      been fixed in &release.current;.</para>
247
248    <para>Forcefully unmounting (<command>umount -f</command>) smbfs
249      shares may cause a kernel panic.  This bug has been fixed in
250      &release.current;.</para>
251
252    <bridgehead renderas="sect3">&man.fstat.2;</bridgehead>
253
254    <para>When called on a connected socket file descriptor,
255      &man.fstat.2; is supposed to return the number of bytes
256      available to read in the <varname>st_size</varname> member of
257      <varname>struct stat</varname>. However,
258      <varname>st_size</varname> is always erroneously reported as
259      <literal>0</literal> on TCP sockets.  This bug has been fixed in
260      &release.current;.</para>
261
262    <bridgehead renderas="sect3">Kernel Event Queues</bridgehead>
263
264    <para>The &man.kqueue.2; <literal>EVFILT_READ</literal> filter
265      erroneously indicates that <literal>0</literal> bytes are
266      available to be read on TCP sockets, regardless of the number of
267      bytes that are actually available. The
268      <literal>NOTE_LOWAT</literal> flag for
269      <literal>EVFILT_READ</literal> is also broken on TCP sockets.
270      This bug has been fixed in &release.current;.</para>
271
272    <bridgehead renderas="sect3">POSIX Named Semaphores</bridgehead>
273
274    <para>&os; &release.prev; introduced support for POSIX named semaphores
275      but the implementation contains a critical bug that causes
276      &man.sem.open.3; to incorrectly handle the opening of the same
277      semaphore multiple times by the same process, and that causes
278      &man.sem.close.3; to crash calling programs.  This bug has been
279      fixed in &release.current;.</para>
280
281    <bridgehead renderas="sect3"><filename>/dev/tty</filename>
282      Permissions</bridgehead>
283
284    <para>&os; &release.prev; has a minor bug in how the permissions of
285      <filename>/dev/tty</filename> are handled.  This can be
286      triggered by logging in as a non-<username>root</username>,
287      non-<groupname>tty</groupname> group user, and using &man.su.1;
288      to switch to a second non-<username>root</username>,
289      non-<groupname>tty</groupname> group user.  &man.ssh.1; will
290      fail because it cannot open <filename>/dev/tty</filename>.  This
291      bug has been fixed in &release.current;.</para>
292
293    <bridgehead renderas="sect3">&man.growfs.8;</bridgehead>
294
295    <para>&man.growfs.8; no longer works on &man.vinum.4; volumes (and
296      presumably, on &man.geom.4; entities) since these subsystems no
297      longer fake disklabels, but &man.growfs.8; insists on examining
298      a label.</para>
299
300    <bridgehead renderas="sect3">IPFW</bridgehead>
301
302    <para>&man.ipfw.4; <literal>skipto</literal> rules do not work
303      when coupled with the <literal>log</literal> keyword.
304      &man.ipfw.4; <literal>uid</literal> rules also do not work
305      properly.  These bugs
306      have been fixed in &release.current;.</para>
307
308    <bridgehead renderas="sect3">Passwords and &man.adduser.8;</bridgehead>
309
310    <para>&man.adduser.8; does not correctly handle setting user
311      passwords containing special shell characters.  This problem has
312      been corrected in &release.current;.</para>
313
314    <bridgehead renderas="sect3">&man.xl.4;</bridgehead>
315
316    <para>The &man.xl.4; driver has a timing bug that may cause a
317      kernel panic (or other problems) when attempting to configure an
318      interface.  This bug has been fixed in &release.current;.</para>
319
320    <bridgehead renderas="sect3">ISC DHCP</bridgehead>
321
322    <para><application>ISC DHCP</application> was updated to
323      3.0.1rc11.  This update was actually a part of &os;
324      &release.prev;, but was not documented in the release
325      notes.</para>
326
327    <bridgehead renderas="sect3">&man.amd.8;
328      Interoperability</bridgehead>
329
330    <para>&release.prev; contains some bugs in its non-blocking RPC
331      code.  The most noticeable side-effect of these bugs was that
332      &man.amd.8; users were not able to mount volumes from a
333      &release.prev; server.  This bug has been fixed in
334      &release.current;.</para>
335
336    <bridgehead renderas="sect3">nsswitch</bridgehead>
337
338    <para>The release note documenting the addition of
339      <application>nsswitch</application> support gave an incorrect
340      name for the old resolver configuration file.  It should have
341      been listed as <filename>/etc/host.conf</filename>.</para>
342
343    <bridgehead reneras="sect3">Mailman</bridgehead>
344
345    <para>Recently the mailing lists were changed from majordomo
346      to the currently used Mailman list server.  More information
347      about using the new mailing lists can be found by visiting the
348      <a href="http://www.FreeBSD.org/mailman/listinfo/">FreeBSD
349      Mailman Info Page</a>.</para>
350
351  </sect1>
352</article>
353