article.xml revision 120801
1<!-- 2 FreeBSD errata document. Unlike some of the other RELNOTESng 3 files, this file should remain as a single SGML file, so that 4 the dollar FreeBSD dollar header has a meaningful modification 5 time. This file is all but useless without a datestamp on it, 6 so we'll take some extra care to make sure it has one. 7 8 (If we didn't do this, then the file with the datestamp might 9 not be the one that received the last change in the document.) 10 11--> 12 13<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ 14<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN"> 15%man; 16<!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN"> 17%authors; 18<!ENTITY % mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN"> 19%mlists; 20<!ENTITY % trademarks PUBLIC "-//FreeBSD//ENTITIES DocBook Trademark Entities//EN"> 21%trademarks; 22<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> 23%release; 24]> 25 26<article> 27 <articleinfo> 28 <title>&os; 29<![ %release.type.snapshot [ 30 &release.prev; 31]]> 32<![ %release.type.release [ 33 &release.current; 34]]> 35 Errata</title> 36 37 <corpauthor> 38 The &os; Project 39 </corpauthor> 40 41 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/errata/article.sgml 120801 2003-10-05 09:17:25Z hrs $</pubdate> 42 43 <copyright> 44 <year>2000</year> 45 <year>2001</year> 46 <year>2002</year> 47 <year>2003</year> 48 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 49 </copyright> 50 51 <legalnotice id="trademarks" role="trademarks"> 52 &tm-attrib.freebsd; 53 &tm-attrib.intel; 54 &tm-attrib.sparc; 55 &tm-attrib.general; 56 </legalnotice> 57 </articleinfo> 58 59 <abstract> 60 <para>This document lists errata items for &os; 61<![ %release.type.snapshot [ 62 &release.prev;, 63]]> 64<![ %release.type.release [ 65 &release.current;, 66]]> 67 containing significant information discovered after the release 68 or too late in the release cycle to be otherwise included in the 69 release documentation. 70 This information includes security advisories, as well as news 71 relating to the software or documentation that could affect its 72 operation or usability. An up-to-date version of this document 73 should always be consulted before installing this version of 74 &os;.</para> 75 76 <para>This errata document for &os; 77<![ %release.type.snapshot [ 78 &release.prev; 79]]> 80<![ %release.type.release [ 81 &release.current; 82]]> 83 will be maintained until the release of &os; &release.next;.</para> 84 </abstract> 85 86 <sect1 id="intro"> 87 <title>Introduction</title> 88 89 <para>This errata document contains <quote>late-breaking news</quote> 90 about &os; 91<![ %release.type.snapshot [ 92 &release.prev;. 93]]> 94<![ %release.type.release [ 95 &release.current;. 96]]> 97 Before installing this version, it is important to consult this 98 document to learn about any post-release discoveries or problems 99 that may already have been found and fixed.</para> 100 101 <para>Any version of this errata document actually distributed 102 with the release (for example, on a CDROM distribution) will be 103 out of date by definition, but other copies are kept updated on 104 the Internet and should be consulted as the <quote>current 105 errata</quote> for this release. These other copies of the 106 errata are located at <ulink 107 url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites 108 which keep up-to-date mirrors of this location.</para> 109 110 <para>Source and binary snapshots of &os; &release.branch; also 111 contain up-to-date copies of this document (as of the time of 112 the snapshot).</para> 113 114 <para>For a list of all &os; CERT security advisories, see <ulink 115 url="http://www.FreeBSD.org/security/"></ulink> or <ulink 116 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para> 117 118 </sect1> 119 120 <sect1 id="security"> 121 <title>Security Advisories</title> 122 123<![ %release.type.release [ 124 <para>No advisories.</para> 125]]> 126 127<![ %release.type.snapshot [ 128 <para>The implementation of the &man.realpath.3; function contained 129 a single-byte buffer overflow bug. This had various 130 impacts, depending on the application using &man.realpath.3; and 131 other factors. This bug was fixed on the &release.branch; development 132 branch before &release.prev;; &os; &release.prev; is therefore not affected. However, this change 133 was not noted in the release documentation. For 134 more information, see security advisory 135 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:08.realpath.asc">FreeBSD-SA-03:08</ulink>.</para> 136 137 <para>The kernel contains a bug that could allow it to attempt 138 delivery of invalid signals, leading to a kernel panic or, under 139 some circumstances, unauthorized modification of kernel memory. 140 This bug has been fixed on the &release.branch; development 141 branch and the &release.prev; security fix branch. For more 142 information, see security advisory 143 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:09.signal.asc">FreeBSD-SA-03:09</ulink>.</para> 144 145 <para>A bug in the iBCS2 emulation module could result in 146 disclosing the contents of kernel memory. (Note that this 147 module is not enabled in &os; by default.) This bug has been 148 fixed on the &release.branch; development branch and the 149 &release.prev; security fix branch. More information can be 150 found in security advisory 151 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc">FreeBSD-SA-03:10</ulink>.</para> 152 153 <para><application>OpenSSH</application> contains a bug in its 154 buffer management code that could potentially cause it to crash. 155 This bug has been fixed via a vendor-supplied patch on the 156 &release.branch; development branch and the &release.prev; 157 security fix branch. For more details, refer to security 158 advisory 159 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.asc">FreeBSD-SA-03:12</ulink>.</para> 160 161 <para><application>sendmail</application> contains a 162 remotely-exploitable buffer overflow. This bug has been fixed 163 via a new version import on the &release.branch; development 164 branch and via a vendor-supplied patch on the &release.prev; 165 security fix branch. More details can be found in security 166 advisory 167 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:13.sendmail.asc">FreeBSD-SA-03:13</ulink>.</para> 168 169 <para>The &os; ARP code contains a bug that could allow the kernel 170 to cause resource starvation which eventually results in a system panic. 171 This bug has been fixed on the &release.branch; development branch and the 172 &release.prev; security fix branch. More information can be 173 found in security advisory 174 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc">FreeBSD-SA-03:14</ulink>.</para> 175 176 <para>The implementation of the &man.procfs.5; and the &man.linprocfs.5; 177 contain a bug that could result in disclosing the contents of kernel memory. 178 This bug has been fixed on the &release.branch; development branch and the 179 &release.prev; security fix branch. More information can be 180 found in security advisory 181 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:17.procfs.asc">FreeBSD-SA-03:17</ulink>.</para> 182 183 <para><application>OpenSSL</application> contains several bugs 184 which could allow a remote attacker to crash an 185 <application>OpenSSL</application>-using application or 186 to execute arbitrary code with the privileges of the application. 187 These bugs have been fixed via a vendor-supplied patch on the &release.branch; 188 development branch and the &release.prev; security fix branch. 189 Note that only applications that use <application>OpenSSL</application>'s 190 ASN.1 or X.509 handling code are affected (<application>OpenSSH</application> 191 is unaffected, for example). 192 More information can be found in security advisory 193 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:18.openssl.asc">FreeBSD-SA-03:18</ulink>.</para> 194]]> 195 196 </sect1> 197 198 <sect1 id="open-issues"> 199 <title>Open Issues</title> 200 201<![ %release.type.release [ 202 <para>No open issues.</para> 203]]> 204 205<![ %release.type.snapshot [ 206 <para>The RAIDframe disk driver described in &man.raid.4; is 207 non-functional for this release.</para> 208 209 <para>ACPI seems to make some &i386; machines unstable. Turning off 210 ACPI support may help solve some of these problems; see an item 211 in <xref linkend="late-news">.</para> 212 213 <para>An integer overflow could cause kernel panics on PAE-using 214 machines with certain memory sizes. This bug has been corrected 215 on both the <literal>RELENG_5_1</literal> and 216 <literal>HEAD</literal> branches. A workaround for this problem 217 is to remove some memory, update the system in question, and 218 reinstall the memory.</para> 219 220 <para>Attempting to write to an &man.msdosfs.5; file system that 221 has been upgraded from read-only to read-write via 222 <command>mount -u</command> will cause the system to lock up. 223 To work around this problem, unmount the file system first, then 224 mount it again with the appropriate options instead of using 225 <command>mount -u</command>.</para> 226]]> 227 228 </sect1> 229 230 <sect1 id="late-news"> 231 <title>Late-Breaking News</title> 232 233<![ %release.type.release [ 234 <para>No news.</para> 235]]> 236 237<![ %release.type.snapshot [ 238 <para>&man.ipfw.4; should work correctly on strict-alignment 239 64-bit architectures such as alpha and &sparc64;.</para> 240 241 <para>The release notes should have stated that the 242 <filename>libthr</filename> library is built by default for the 243 &i386; platform.</para> 244 245 <para>&os; &release.prev; includes some new boot loader scripts 246 designed to make booting &os; with different options easier. 247 This may help diagnose bootstrapping problems. These scripts 248 build on the existing Forth-based boot loader scripts (thus, 249 <filename>/boot/loader.conf</filename> and other existing loader 250 configuration files still apply). They are only installed by 251 default for new binary installs on &i386; machines. The new 252 scripts present a boot-time menu that controls how &os; is 253 booted, and include options to turn off ACPI, a <quote>safe 254 mode</quote> boot, single-user booting, and verbose booting. 255 <quote>Safe mode</quote> booting can be particularly useful when 256 compatibility with a system's hardware is uncertain, and sets 257 the following kernel tunable variables:</para> 258 259 <programlisting>hint.acpi.0.disabled=1 # disable ACPI (i386 only) 260hw.ata.ata_dma=0 # disable IDE DMA 261hw.ata.atapi_dma=0 # disable ATAPI/IDE DMA 262hw.ata.wc=0 # disable IDE disk write cache 263hw.eisa_slots=0 # disable probing for EISA devices</programlisting> 264 265 <para>For new installs on &i386; architecture machines, 266 &man.sysinstall.8; will try to determine if ACPI was disabled 267 via the new boot loader scripts mentioned above, and if so, 268 ask if this change should be made permanent.</para> 269 270 <para>The release notes should have mentioned that work on the 271 following features was sponsored by the Defense Advanced 272 Research Projects Agency (DARPA): OpenPAM, NSS support, PAE 273 support, various MAC framework updates, the GEOM disk geometry 274 system.</para> 275 276]]> 277 278 </sect1> 279 280</article> 281