article.xml revision 124801
1<!-- 2 FreeBSD errata document. Unlike some of the other RELNOTESng 3 files, this file should remain as a single SGML file, so that 4 the dollar FreeBSD dollar header has a meaningful modification 5 time. This file is all but useless without a datestamp on it, 6 so we'll take some extra care to make sure it has one. 7 8 (If we didn't do this, then the file with the datestamp might 9 not be the one that received the last change in the document.) 10 11--> 12 13<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ 14<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN"> 15%man; 16<!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN"> 17%authors; 18<!ENTITY % mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN"> 19%mlists; 20<!ENTITY % trademarks PUBLIC "-//FreeBSD//ENTITIES DocBook Trademark Entities//EN"> 21%trademarks; 22<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> 23%release; 24<!ENTITY % misc PUBLIC "-//FreeBSD//ENTITIES DocBook Miscellaneous FreeBSD Entities//EN"> 25%misc; 26]> 27 28<article> 29 <articleinfo> 30 <title>&os; 31<![ %release.type.snapshot [ 32 &release.prev; 33]]> 34<![ %release.type.release [ 35 &release.current; 36]]> 37 Errata</title> 38 39 <corpauthor> 40 The &os; Project 41 </corpauthor> 42 43 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/errata/article.sgml 124801 2004-01-21 17:03:13Z bmah $</pubdate> 44 45 <copyright> 46 <year>2000</year> 47 <year>2001</year> 48 <year>2002</year> 49 <year>2003</year> 50 <year>2004</year> 51 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 52 </copyright> 53 54 <legalnotice id="trademarks" role="trademarks"> 55 &tm-attrib.freebsd; 56 &tm-attrib.intel; 57 &tm-attrib.sparc; 58 &tm-attrib.general; 59 </legalnotice> 60 </articleinfo> 61 62 <abstract> 63 <para>This document lists errata items for &os; 64<![ %release.type.snapshot [ 65 &release.prev;, 66]]> 67<![ %release.type.release [ 68 &release.current;, 69]]> 70 containing significant information discovered after the release 71 or too late in the release cycle to be otherwise included in the 72 release documentation. 73 This information includes security advisories, as well as news 74 relating to the software or documentation that could affect its 75 operation or usability. An up-to-date version of this document 76 should always be consulted before installing this version of 77 &os;.</para> 78 79 <para>This errata document for &os; 80<![ %release.type.snapshot [ 81 &release.prev; 82]]> 83<![ %release.type.release [ 84 &release.current; 85]]> 86 will be maintained until the release of &os; &release.next;.</para> 87 </abstract> 88 89 <sect1 id="intro"> 90 <title>Introduction</title> 91 92 <para>This errata document contains <quote>late-breaking news</quote> 93 about &os; 94<![ %release.type.snapshot [ 95 &release.prev;. 96]]> 97<![ %release.type.release [ 98 &release.current;. 99]]> 100 Before installing this version, it is important to consult this 101 document to learn about any post-release discoveries or problems 102 that may already have been found and fixed.</para> 103 104 <para>Any version of this errata document actually distributed 105 with the release (for example, on a CDROM distribution) will be 106 out of date by definition, but other copies are kept updated on 107 the Internet and should be consulted as the <quote>current 108 errata</quote> for this release. These other copies of the 109 errata are located at <ulink 110 url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites 111 which keep up-to-date mirrors of this location.</para> 112 113 <para>Source and binary snapshots of &os; &release.branch; also 114 contain up-to-date copies of this document (as of the time of 115 the snapshot).</para> 116 117 <para>For a list of all &os; CERT security advisories, see <ulink 118 url="http://www.FreeBSD.org/security/"></ulink> or <ulink 119 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para> 120 121 </sect1> 122 123 <sect1 id="security"> 124 <title>Security Advisories</title> 125 126<![ %release.type.release [ 127 <para>No advisories.</para> 128]]> 129 130<![ %release.type.snapshot [ 131 <para>No advisories.</para> 132]]> 133 134 </sect1> 135 136 <sect1 id="open-issues"> 137 <title>Open Issues</title> 138 139<![ %release.type.release [ 140 <para>No open issues.</para> 141]]> 142 143<![ %release.type.snapshot [ 144 145 <para>(9 Jan 2004) Due to a change in &man.cpp.1; behavior, the 146 login screen for &man.xdm.1; is in black and white, even on 147 systems with color displays. As a workaround, update to a newer 148 version of the 149 <filename role="package">x11/XFree86-4-clients</filename> 150 port/package.</para> 151 152 <para>(9 Jan 2004) There remain some residual problems with ACPI. 153 In some cases, systems may behave erratically, or hang at boot 154 time. As a workaround, disable ACPI, using the <quote>safe 155 mode</quote> option of the bootloader or using the 156 <varname>hint.acpi.0.disabled</varname> kernel environment 157 variable. These problems are being investigated. For problems 158 that have not already been reported (check the mailing list 159 archives <emphasis>before</emphasis> posting), sending the 160 output of &man.dmesg.8; and &man.acpidump.8; to the 161 &a.current; may help diagnose the problem.</para> 162 163 <para>(9 Jan 2004) In some cases, ATA devices may behave 164 erratically, particularly SATA devices. Reported symptoms 165 include command timeouts or missing interrupts. These problems 166 appear to be timing-dependent, making them rather difficult to 167 isolate. Workarounds include:</para> 168 169 <itemizedlist> 170 <listitem> 171 <para>Turn off ATA DMA using the <quote>safe mode</quote> 172 option of the bootloader or the 173 <varname>hw.ata.ata_dma</varname> sysctl variable.</para> 174 </listitem> 175 176 <listitem> 177 <para>Use the host's BIOS setup options to put the ATA 178 controller in its <quote>legacy mode</quote>, if 179 available.</para> 180 </listitem> 181 182 <listitem> 183 <para>Disable ACPI, for example using the <quote>safe mode</quote> 184 option of the bootloader or using the 185 <varname>hint.acpi.0.disabled</varname> kernel environment 186 variable.</para> 187 </listitem> 188 </itemizedlist> 189 190 <para>(9 Jan 2004) Installing over NFS when using the install 191 floppies requires that the <filename>nfsclient.ko</filename> 192 module be manually loaded from the third floppy disk. This can 193 be done by following the prompts when &man.sysinstall.8; 194 launches to load a driver off of the third floppy disk.</para> 195 196 <para>(9 Jan 2004) The use of multiple vchans (virtual audio 197 channels with dynamic mixing in software) in the &man.pcm.4; 198 driver has been known to cause some instability.</para> 199 200 <para>(10 Jan 2004) Although APIC interrupt routing seems to work 201 correctly on many systems, on some others (such as some laptops) 202 it can cause various errors, such as &man.ata.4; errors or hangs 203 when starting or exiting X11. For these situations, it may be 204 advisable to disable APIC routing, using the <quote>safe 205 mode</quote> of the bootloader or the 206 <varname>hint.apic.0.disabled</varname> loader tunable. Note 207 that disabling APIC is not compatible with SMP systems.</para> 208 209 <para>(10 Jan 2004) The NFSv4 client may panic when attempting an 210 NFSv4 operation against an NFSv3/NFSv2-only server. This 211 problem has been fixed with revision 1.4 of 212 <filename>src/sys/rpc/rpcclnt.c</filename> in &os; 213 &release.current;.</para> 214 215 <para>(11 Jan 2004) Some problems have been encountered when using 216 third-party NSS modules, such as <filename>nss_ldap</filename>, 217 and groups with large membership lists. These have been fixed 218 with revision 1.2 of <filename>src/include/nss.h</filename> and 219 revision 1.2 of 220 <filename>src/lib/libc/net/nss_compat.c</filename> in &os; 221 &release.current;.</para> 222 223 <para>(13 Jan 2004) The &os; &release.current; release notes 224 incorrectly stated that <application>GCC</application> was a 225 post-release GCC 3.3.3 snapshot. They should have stated that 226 GCC was a <emphasis>pre-release</emphasis> GCC 3.3.3 227 snapshot.</para> 228 229 <para>(13 Jan 2004) The <filename 230 role="package">sysutils/kdeadmin3</filename> port/package has a 231 bug in the <application>KUser</application> component that can 232 cause deletion of the <username>root</username> user from the 233 system password file. Users are strongly urged to upgrade to 234 version 3.1.4_1 of this port/package.</para> 235 236 <para>(21 Jan 2004) Some bugs in the IPsec implementation imported 237 from the KAME Project can result in memory objects being freed 238 before all references to them were removed. Reported symptoms 239 include erratic behavior or kernel panics after flushing the 240 Security Policy Database (SPD). Some of these problems have 241 been fixed in &os; &release.current; in rev. 1.31 of 242 <filename>src/sys/netinet6/ipsec.c</filename>, rev. 1.136 of 243 <filename>src/sys/netinet/in_pcb.c</filename>, and revs. 1.63 244 and 1.64 of <filename>src/sys/netkey/key.c</filename>. More 245 information about these problems has been posted to the 246 &a.current;, in particular the thread entitled <ulink 247 url="http://lists.freebsd.org/pipermail/freebsd-current/2004-January/thread.html#18084"> 248 <quote>[PATCH] IPSec fixes</quote></ulink>.</para> 249 250]]> 251 252 </sect1> 253 254 <sect1 id="late-news"> 255 <title>Late-Breaking News</title> 256 257<![ %release.type.release [ 258 <para>No news.</para> 259]]> 260 261<![ %release.type.snapshot [ 262 263 <para>(10 Jan 2004) The TCP implementation in &os; now includes 264 protection against a certain class of TCP MSS resource 265 exhaustion attacks, in the form of limits on the size and rate 266 of TCP segments. The first limit sets the minimum allowed 267 maximum TCP segment size, and is controlled by the 268 <varname>net.inet.tcp.minmss</varname> sysctl variable (the 269 default value is <literal>216</literal> bytes). The second 270 limit is set by the 271 <varname>net.inet.tcp.minmssoverload</varname> variable, and 272 controls the maximum rate of connections whose average segment 273 size is less than <varname>net.inet.tcp.minmss</varname>. 274 Connections exceeding this packet rate are reset and dropped. 275 Because this feature was added late in the &release.prev; 276 release cycle, connection rate limiting is disabled by default, 277 but can be enabled manually by assigning a non-zero value to 278 <varname>net.inet.tcp.minmssoverload</varname> (the default 279 value in &release.current; at the time of this writing is 280 <literal>1000</literal> packets per second).</para> 281 282]]> 283 284 </sect1> 285 286</article> 287