article.xml revision 124801 
1<!-- 
2	FreeBSD errata document.  Unlike some of the other RELNOTESng
3	files, this file should remain as a single SGML file, so that
4	the dollar FreeBSD dollar header has a meaningful modification
5	time.  This file is all but useless without a datestamp on it,
6	so we'll take some extra care to make sure it has one.
7
8	(If we didn't do this, then the file with the datestamp might
9	not be the one that received the last change in the document.)
10
11-->
12
13<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
14<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN">
15%man;
16<!ENTITY % authors PUBLIC  "-//FreeBSD//ENTITIES DocBook Author Entities//EN">
17%authors;
18<!ENTITY % mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN">
19%mlists;
20<!ENTITY % trademarks PUBLIC "-//FreeBSD//ENTITIES DocBook Trademark Entities//EN">
21%trademarks;
22<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
23%release;
24<!ENTITY % misc PUBLIC  "-//FreeBSD//ENTITIES DocBook Miscellaneous FreeBSD Entities//EN">
25%misc;
26]>
27
28<article>
29  <articleinfo>
30    <title>&os;
31<![ %release.type.snapshot [
32    &release.prev;
33]]>
34<![ %release.type.release [
35    &release.current;
36]]>
37    Errata</title>
38
39    <corpauthor>
40    The &os; Project
41    </corpauthor>
42
43    <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/errata/article.sgml 124801 2004-01-21 17:03:13Z bmah $</pubdate>
44
45    <copyright>
46      <year>2000</year>
47      <year>2001</year>
48      <year>2002</year>
49      <year>2003</year>
50      <year>2004</year>
51      <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
52    </copyright>
53
54    <legalnotice id="trademarks" role="trademarks">
55      &tm-attrib.freebsd;
56      &tm-attrib.intel;
57      &tm-attrib.sparc;
58      &tm-attrib.general;
59    </legalnotice>
60  </articleinfo>
61
62  <abstract>
63    <para>This document lists errata items for &os; 
64<![ %release.type.snapshot [
65      &release.prev;,
66]]>
67<![ %release.type.release [
68      &release.current;,
69]]>
70      containing significant information discovered after the release
71      or too late in the release cycle to be otherwise included in the
72      release documentation.
73      This information includes security advisories, as well as news
74      relating to the software or documentation that could affect its
75      operation or usability.  An up-to-date version of this document
76      should always be consulted before installing this version of
77      &os;.</para>
78
79    <para>This errata document for &os; 
80<![ %release.type.snapshot [
81      &release.prev;
82]]>
83<![ %release.type.release [
84      &release.current;
85]]>
86      will be maintained until the release of &os; &release.next;.</para>
87  </abstract>
88
89  <sect1 id="intro">
90    <title>Introduction</title>
91
92    <para>This errata document contains <quote>late-breaking news</quote>
93      about &os;
94<![ %release.type.snapshot [
95      &release.prev;.
96]]>
97<![ %release.type.release [
98      &release.current;.
99]]>
100      Before installing this version, it is important to consult this
101      document to learn about any post-release discoveries or problems
102      that may already have been found and fixed.</para>
103
104    <para>Any version of this errata document actually distributed
105      with the release (for example, on a CDROM distribution) will be
106      out of date by definition, but other copies are kept updated on
107      the Internet and should be consulted as the <quote>current
108      errata</quote> for this release.  These other copies of the
109      errata are located at <ulink
110      url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites
111      which keep up-to-date mirrors of this location.</para>
112
113    <para>Source and binary snapshots of &os; &release.branch; also
114      contain up-to-date copies of this document (as of the time of
115      the snapshot).</para>
116
117    <para>For a list of all &os; CERT security advisories, see <ulink
118      url="http://www.FreeBSD.org/security/"></ulink> or <ulink
119      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para>
120
121  </sect1>
122
123  <sect1 id="security">
124    <title>Security Advisories</title>
125
126<![ %release.type.release [
127    <para>No advisories.</para>
128]]>
129
130<![ %release.type.snapshot [
131    <para>No advisories.</para>
132]]>
133
134  </sect1>
135
136  <sect1 id="open-issues">
137    <title>Open Issues</title>
138
139<![ %release.type.release [
140    <para>No open issues.</para>
141]]>
142
143<![ %release.type.snapshot [
144
145    <para>(9 Jan 2004) Due to a change in &man.cpp.1; behavior, the
146      login screen for &man.xdm.1; is in black and white, even on
147      systems with color displays.  As a workaround, update to a newer
148      version of the 
149      <filename role="package">x11/XFree86-4-clients</filename>
150      port/package.</para>
151
152    <para>(9 Jan 2004) There remain some residual problems with ACPI.
153      In some cases, systems may behave erratically, or hang at boot
154      time.  As a workaround, disable ACPI, using the <quote>safe
155      mode</quote> option of the bootloader or using the
156      <varname>hint.acpi.0.disabled</varname> kernel environment
157      variable.  These problems are being investigated.  For problems
158      that have not already been reported (check the mailing list
159      archives <emphasis>before</emphasis> posting), sending the
160      output of &man.dmesg.8; and &man.acpidump.8; to the
161      &a.current; may help diagnose the problem.</para>
162
163    <para>(9 Jan 2004) In some cases, ATA devices may behave
164      erratically, particularly SATA devices.  Reported symptoms
165      include command timeouts or missing interrupts.  These problems
166      appear to be timing-dependent, making them rather difficult to
167      isolate.  Workarounds include:</para>
168
169    <itemizedlist>
170      <listitem>
171	<para>Turn off ATA DMA using the <quote>safe mode</quote>
172	  option of the bootloader or the
173	  <varname>hw.ata.ata_dma</varname> sysctl variable.</para>
174      </listitem>
175
176      <listitem>
177	<para>Use the host's BIOS setup options to put the ATA
178	  controller in its <quote>legacy mode</quote>, if
179	  available.</para>
180      </listitem>
181
182      <listitem>
183	<para>Disable ACPI, for example using the <quote>safe mode</quote>
184	  option of the bootloader or using the
185	  <varname>hint.acpi.0.disabled</varname> kernel environment
186	  variable.</para>
187      </listitem>
188    </itemizedlist>
189
190    <para>(9 Jan 2004) Installing over NFS when using the install
191      floppies requires that the <filename>nfsclient.ko</filename>
192      module be manually loaded from the third floppy disk.  This can
193      be done by following the prompts when &man.sysinstall.8;
194      launches to load a driver off of the third floppy disk.</para>
195
196    <para>(9 Jan 2004) The use of multiple vchans (virtual audio
197      channels with dynamic mixing in software) in the &man.pcm.4;
198      driver has been known to cause some instability.</para>
199
200    <para>(10 Jan 2004) Although APIC interrupt routing seems to work
201      correctly on many systems, on some others (such as some laptops)
202      it can cause various errors, such as &man.ata.4; errors or hangs
203      when starting or exiting X11.  For these situations, it may be
204      advisable to disable APIC routing, using the <quote>safe
205      mode</quote> of the bootloader or the
206      <varname>hint.apic.0.disabled</varname> loader tunable.  Note
207      that disabling APIC is not compatible with SMP systems.</para>
208
209    <para>(10 Jan 2004) The NFSv4 client may panic when attempting an
210      NFSv4 operation against an NFSv3/NFSv2-only server.  This
211      problem has been fixed with revision 1.4 of
212      <filename>src/sys/rpc/rpcclnt.c</filename> in &os;
213      &release.current;.</para>
214
215    <para>(11 Jan 2004) Some problems have been encountered when using
216      third-party NSS modules, such as <filename>nss_ldap</filename>,
217      and groups with large membership lists.  These have been fixed
218      with revision 1.2 of <filename>src/include/nss.h</filename> and
219      revision 1.2 of
220      <filename>src/lib/libc/net/nss_compat.c</filename> in &os;
221      &release.current;.</para>
222
223    <para>(13 Jan 2004) The &os; &release.current; release notes
224      incorrectly stated that <application>GCC</application> was a
225      post-release GCC 3.3.3 snapshot.  They should have stated that
226      GCC was a <emphasis>pre-release</emphasis> GCC 3.3.3
227      snapshot.</para>
228
229    <para>(13 Jan 2004) The <filename
230      role="package">sysutils/kdeadmin3</filename> port/package has a
231      bug in the <application>KUser</application> component that can
232      cause deletion of the <username>root</username> user from the
233      system password file.  Users are strongly urged to upgrade to
234      version 3.1.4_1 of this port/package.</para>
235
236    <para>(21 Jan 2004) Some bugs in the IPsec implementation imported
237      from the KAME Project can result in memory objects being freed
238      before all references to them were removed.  Reported symptoms
239      include erratic behavior or kernel panics after flushing the
240      Security Policy Database (SPD).  Some of these problems have
241      been fixed in &os; &release.current; in rev. 1.31 of
242      <filename>src/sys/netinet6/ipsec.c</filename>, rev. 1.136 of
243      <filename>src/sys/netinet/in_pcb.c</filename>, and revs. 1.63
244      and 1.64 of <filename>src/sys/netkey/key.c</filename>.  More
245      information about these problems has been posted to the
246      &a.current;, in particular the thread entitled <ulink 
247      url="http://lists.freebsd.org/pipermail/freebsd-current/2004-January/thread.html#18084">
248      <quote>[PATCH] IPSec fixes</quote></ulink>.</para>
249
250]]>
251
252  </sect1>
253
254  <sect1 id="late-news">
255    <title>Late-Breaking News</title>
256
257<![ %release.type.release [
258    <para>No news.</para>
259]]>
260
261<![ %release.type.snapshot [
262
263    <para>(10 Jan 2004) The TCP implementation in &os; now includes
264      protection against a certain class of TCP MSS resource
265      exhaustion attacks, in the form of limits on the size and rate
266      of TCP segments.  The first limit sets the minimum allowed
267      maximum TCP segment size, and is controlled by the
268      <varname>net.inet.tcp.minmss</varname> sysctl variable (the
269      default value is <literal>216</literal> bytes).  The second
270      limit is set by the
271      <varname>net.inet.tcp.minmssoverload</varname> variable, and
272      controls the maximum rate of connections whose average segment
273      size is less than <varname>net.inet.tcp.minmss</varname>.
274      Connections exceeding this packet rate are reset and dropped.
275      Because this feature was added late in the &release.prev;
276      release cycle, connection rate limiting is disabled by default,
277      but can be enabled manually by assigning a non-zero value to
278      <varname>net.inet.tcp.minmssoverload</varname> (the default
279      value in &release.current; at the time of this writing is
280      <literal>1000</literal> packets per second).</para>
281
282]]>
283
284  </sect1>
285
286</article>
287