diff options
Diffstat (limited to 'en_US.ISO8859-1/htdocs/releases/5.2.1R/errata.html')
-rw-r--r-- | en_US.ISO8859-1/htdocs/releases/5.2.1R/errata.html | 333 |
1 files changed, 0 insertions, 333 deletions
diff --git a/en_US.ISO8859-1/htdocs/releases/5.2.1R/errata.html b/en_US.ISO8859-1/htdocs/releases/5.2.1R/errata.html deleted file mode 100644 index b85a5f93d0..0000000000 --- a/en_US.ISO8859-1/htdocs/releases/5.2.1R/errata.html +++ /dev/null @@ -1,333 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> -<head> -<meta name="generator" content="HTML Tidy, see www.w3.org" /> -<title>FreeBSD 5.2-RELEASE Errata</title> -<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" /> -<link rel="STYLESHEET" type="text/css" href="docbook.css" /> -</head> -<body class="ARTICLE" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084" -alink="#0000FF"> -<div class="ARTICLE"> -<div class="TITLEPAGE"> -<h1 class="TITLE"><a id="AEN2" name="AEN2">FreeBSD 5.2-RELEASE Errata</a></h1> - -<h3 class="CORPAUTHOR">The FreeBSD Project</h3> - -<p class="COPYRIGHT">Copyright © 2000, 2001, 2002, 2003, 2004 The FreeBSD -Documentation Project</p> - -<p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v 1.67 -2004/03/30 17:43:26 kensmith Exp $<br /> -</p> - -<div class="LEGALNOTICE"><a id="TRADEMARKS" name="TRADEMARKS"></a> -<p>FreeBSD is a registered trademark of Wind River Systems, Inc. This is expected to -change soon.</p> - -<p>Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or -registered trademarks of Intel Corporation or its subsidiaries in the United States and -other countries.</p> - -<p>Sparc, Sparc64, SPARCEngine, and UltraSPARC are trademarks of SPARC International, Inc -in the United States and other countries. Products bearing SPARC trademarks are based -upon architecture developed by Sun Microsystems, Inc.</p> - -<p>Many of the designations used by manufacturers and sellers to distinguish their -products are claimed as trademarks. Where those designations appear in this document, and -the FreeBSD Project was aware of the trademark claim, the designations have been followed -by the ``™'' or the ``®'' symbol.</p> -</div> - -<hr /> -</div> - -<blockquote class="ABSTRACT"> -<div class="ABSTRACT"><a id="AEN20" name="AEN20"></a> -<p>This document lists errata items for FreeBSD 5.2-RELEASE, containing significant -information discovered after the release or too late in the release cycle to be otherwise -included in the release documentation. This information includes security advisories, as -well as news relating to the software or documentation that could affect its operation or -usability. An up-to-date version of this document should always be consulted before -installing this version of FreeBSD.</p> - -<p>This document also contains errata for FreeBSD 5.2.1-RELEASE, a ``point release'' made -about one month after FreeBSD 5.2-RELEASE. Unless otherwise noted, all errata items in -this document apply to both 5.2-RELEASE and 5.2.1-RELEASE.</p> - -<p>This errata document for FreeBSD 5.2-RELEASE will be maintained until the release of -FreeBSD 5.3-RELEASE.</p> -</div> -</blockquote> - -<div class="SECT1"> -<hr /> -<h2 class="SECT1"><a id="INTRO" name="INTRO">1 Introduction</a></h2> - -<p>This errata document contains ``late-breaking news'' about FreeBSD 5.2-RELEASE. Before -installing this version, it is important to consult this document to learn about any -post-release discoveries or problems that may already have been found and fixed.</p> - -<p>Any version of this errata document actually distributed with the release (for -example, on a CDROM distribution) will be out of date by definition, but other copies are -kept updated on the Internet and should be consulted as the ``current errata'' for this -release. These other copies of the errata are located at <a -href="http://www.FreeBSD.org/releases/" -target="_top">http://www.FreeBSD.org/releases/</a>, plus any sites which keep up-to-date -mirrors of this location.</p> - -<p>Source and binary snapshots of FreeBSD 5-CURRENT also contain up-to-date copies of -this document (as of the time of the snapshot).</p> - -<p>For a list of all FreeBSD CERT security advisories, see <a -href="http://www.FreeBSD.org/security/" -target="_top">http://www.FreeBSD.org/security/</a> or <a -href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/" -target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p> -</div> - -<div class="SECT1"> -<hr /> -<h2 class="SECT1"><a id="SECURITY" name="SECURITY">2 Security Advisories</a></h2> - -<p>(30 Jan 2004, updated 28 Feb 2004) A bug in <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&sektion=8&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">mksnap_ffs</span>(8)</span></a> -causes the creation of a filesystem snapshot to reset the flags on the filesystem to -their default values. The possible consequences depend on local usage, but can include -disabling extended access control lists or enabling the use of setuid executables stored -on an untrusted filesystem. This bug also affects the <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=dump&sektion=8&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">dump</span>(8)</span></a> <var -class="OPTION">-L</var> option, which uses <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&sektion=8&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">mksnap_ffs</span>(8)</span></a>. -Note that <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&sektion=8&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">mksnap_ffs</span>(8)</span></a> is -normally only available to the superuser and members of the <tt -class="GROUPNAME">operator</tt> group. This bug has been fixed on the FreeBSD 5.2-RELEASE -security fix branch and in FreeBSD 5.2.1-RELEASE. For more information, see security -advisory <a -href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc" -target="_top">FreeBSD-SA-04:01</a>.</p> - -<p>(8 Feb 2004, updated 28 Feb 2004) A bug with the System V Shared Memory interface -(specifically the <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=shmat&sektion=2&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">shmat</span>(2)</span></a> system -call) can cause a shared memory segment to reference unallocated kernel memory. In turn, -this can permit a local attacker to gain unauthorized access to parts of kernel memory, -possibly resulting in disclosure of sensitive information, bypass of access control -mechanisms, or privilege escalation. This bug has been fixed on the FreeBSD 5.2-RELEASE -security fix branch and in FreeBSD 5.2.1-RELEASE. More details, including bugfix and -workaround information, can be found in security advisory <a -href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc" -target="_top">FreeBSD-SA-04:02</a>.</p> - -<p>(28 Feb 2004) It is possible, under some circumstances, for a processor with superuser -privileges inside a <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&sektion=8&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">jail</span>(8)</span></a> -environment to change its root directory to a different jail, giving it read and write -access to the files and directories within. This vulnerability has been closed on the -FreeBSD 5.2-RELEASE security fix branch and in FreeBSD 5.2.1-RELEASE. Information on the -bug fix can be found in security advisory <a -href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc" -target="_top">FreeBSD-SA-04:03</a>.</p> - -<p>(4 Mar 2004) It is possible for a remote attacker to conduct a low-bandwidth -denial-of-service attack against a machine providing TCP-based services, filling up the -target's memory buffers and potentially leading to a system crash. This vulnerability has -been addressed on the FreeBSD 5.2-RELEASE security fix branch, but is present in both -FreeBSD 5.2-RELEASE and 5.2.1-RELEASE. Security advisory <a -href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc" -target="_top">FreeBSD-SA-04:04</a> contains more details, as well as information on -patching existing systems.</p> - -<p>(17 Mar 2004) By performing a specially crafted SSL/TLS handshake with an application -that uses OpenSSL a null pointer may be dereferenced. This may in turn cause the -application to crash, resulting in a denial of service attack. For more information see -the Security Advisory <a -href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc" -target="_top">FreeBSD-SA-04:05</a> which contains more details and instructions on how to -patch existing systems.</p> - -<p>(29 Mar 2004) A local attacker may take advantage of a programming error in the -handling of certain IPv6 socket options in the <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=setsockopt&sektion=2&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">setsockopt</span>(2)</span></a> -system call to read portions of kernel memory without proper authorization. This may -result in disclosure of sensitive data, or potentially cause a panic. See Security -Advisory <a -href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc" -target="_top">FreeBSD-SA-04:06</a> for a more detailed description and instructions on -how to patch existing systems.</p> -</div> - -<div class="SECT1"> -<hr /> -<h2 class="SECT1"><a id="OPEN-ISSUES" name="OPEN-ISSUES">3 Open Issues</a></h2> - -<p>(9 Jan 2004) Due to a change in <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=cpp&sektion=1&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">cpp</span>(1)</span></a> behavior, -the login screen for <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=xdm&sektion=1&manpath=XFree86+4.3.0"><span -class="CITEREFENTRY"><span class="REFENTRYTITLE">xdm</span>(1)</span></a> is in black and -white, even on systems with color displays. As a workaround, update to a newer version of -the <a -href="http://www.FreeBSD.org/cgi/url.cgi?ports/x11/XFree86-4-clients/pkg-descr"><tt -class="FILENAME">x11/XFree86-4-clients</tt></a> port/package.</p> - -<p>(9 Jan 2004) There remain some residual problems with ACPI. In some cases, systems may -behave erratically, or hang at boot time. As a workaround, disable ACPI, using the ``safe -mode'' option of the bootloader or using the <var -class="VARNAME">hint.acpi.0.disabled</var> kernel environment variable. These problems -are being investigated. For problems that have not already been reported (check the -mailing list archives <span class="emphasis"><i class="EMPHASIS">before</i></span> -posting), sending the output of <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=dmesg&sektion=8&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">dmesg</span>(8)</span></a> and <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=acpidump&sektion=8&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">acpidump</span>(8)</span></a> to -the <a href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-current" -target="_top">FreeBSD-CURRENT mailing list</a> may help diagnose the problem.</p> - -<p>(9 Jan 2004, updated 28 Feb 2004) In some cases, ATA devices may behave erratically, -particularly SATA devices. Reported symptoms include command timeouts or missing -interrupts. These problems appear to be timing-dependent, making them rather difficult to -isolate. Workarounds include:</p> - -<ul> -<li> -<p>Turn off ATA DMA using the ``safe mode'' option of the bootloader or the <var -class="VARNAME">hw.ata.ata_dma</var> sysctl variable.</p> -</li> - -<li> -<p>Use the host's BIOS setup options to put the ATA controller in its ``legacy mode'', if -available.</p> -</li> - -<li> -<p>Disable ACPI, for example using the ``safe mode'' option of the bootloader or using -the <var class="VARNAME">hint.acpi.0.disabled</var> kernel environment variable.</p> -</li> -</ul> - -<p>Some of these problems were addressed in FreeBSD 5.2.1-RELEASE with the import of a -newer <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ata</span>(4)</span></a> from -5.2-CURRENT.</p> - -<p>(9 Jan 2004) Installing over NFS when using the install floppies requires that the <tt -class="FILENAME">nfsclient.ko</tt> module be manually loaded from the third floppy disk. -This can be done by following the prompts when <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">sysinstall</span>(8)</span></a> -launches to load a driver off of the third floppy disk.</p> - -<p>(9 Jan 2004) The use of multiple vchans (virtual audio channels with dynamic mixing in -software) in the <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=pcm&sektion=4&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">pcm</span>(4)</span></a> driver -has been known to cause some instability.</p> - -<p>(10 Jan 2004) Although APIC interrupt routing seems to work correctly on many systems, -on some others (such as some laptops) it can cause various errors, such as <a -href="http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+5.2-current"> -<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ata</span>(4)</span></a> errors or -hangs when starting or exiting X11. For these situations, it may be advisable to disable -APIC routing, using the ``safe mode'' of the bootloader or the <var -class="VARNAME">hint.apic.0.disabled</var> loader tunable. Note that disabling APIC is -not compatible with SMP systems.</p> - -<p>(10 Jan 2004, updated 28 Feb 2004) The NFSv4 client may panic when attempting an NFSv4 -operation against an NFSv3/NFSv2-only server. This problem has been fixed with revision -1.4 of <tt class="FILENAME">src/sys/rpc/rpcclnt.c</tt> in FreeBSD 5.2-CURRENT. It was -also fixed in FreeBSD 5.2.1-RELEASE.</p> - -<p>(11 Jan 2004, updated 28 Feb 2004) Some problems have been encountered when using -third-party NSS modules, such as <tt class="FILENAME">nss_ldap</tt>, and groups with -large membership lists. These have been fixed with revision 1.2 of <tt -class="FILENAME">src/include/nss.h</tt> and revision 1.2 of <tt -class="FILENAME">src/lib/libc/net/nss_compat.c</tt> in FreeBSD 5.2-CURRENT; this fix was -backported to FreeBSD 5.2.1-RELEASE.</p> - -<p>(13 Jan 2004) The FreeBSD 5.2-CURRENT release notes incorrectly stated that <b -class="APPLICATION">GCC</b> was a post-release GCC 3.3.3 snapshot. They should have -stated that GCC was a <span class="emphasis"><i class="EMPHASIS">pre-release</i></span> -GCC 3.3.3 snapshot.</p> - -<p>(13 Jan 2004, updated 28 Feb 2004) The <a -href="http://www.FreeBSD.org/cgi/url.cgi?ports/sysutils/kdeadmin3/pkg-descr"><tt -class="FILENAME">sysutils/kdeadmin3</tt></a> port/package has a bug in the <b -class="APPLICATION">KUser</b> component that can cause deletion of the <tt -class="USERNAME">root</tt> user from the system password file. Users are strongly urged -to upgrade to version 3.1.4_1 of this port/package. The package set included with FreeBSD -5.2.1-RELEASE contains the fixed version of this package.</p> - -<p>(21 Jan 2004, updated 28 Feb 2004) Some bugs in the IPsec implementation imported from -the KAME Project can result in memory objects being freed before all references to them -were removed. Reported symptoms include erratic behavior or kernel panics after flushing -the Security Policy Database (SPD). Some of these problems have been fixed in FreeBSD -5.2-CURRENT in rev. 1.31 of <tt class="FILENAME">src/sys/netinet6/ipsec.c</tt>, rev. -1.136 of <tt class="FILENAME">src/sys/netinet/in_pcb.c</tt>, and revs. 1.63 and 1.64 of -<tt class="FILENAME">src/sys/netkey/key.c</tt>. These bugfixes were backported to FreeBSD -5.2.1-RELEASE. More information about these problems has been posted to the <a -href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-current" -target="_top">FreeBSD-CURRENT mailing list</a>, in particular the thread entitled <a -href="http://lists.FreeBSD.org/pipermail/freebsd-current/2004-January/thread.html#18084" -target="_top">``[PATCH] IPSec fixes''</a>.</p> - -<p>(28 Feb 2004) The edition of the Porters Handbook included with FreeBSD 5.2.1-RELEASE -contained an incorrect value for 5.2.1-RELEASE's <var -class="VARNAME">__FreeBSD_version</var>. The correct value is <var -class="LITERAL">502010</var>.</p> -</div> - -<div class="SECT1"> -<hr /> -<h2 class="SECT1"><a id="LATE-NEWS" name="LATE-NEWS">4 Late-Breaking News</a></h2> - -<p>(10 Jan 2004, updated 28 Feb 2004) The TCP implementation in FreeBSD now includes -protection against a certain class of TCP MSS resource exhaustion attacks, in the form of -limits on the size and rate of TCP segments. The first limit sets the minimum allowed -maximum TCP segment size, and is controlled by the <var -class="VARNAME">net.inet.tcp.minmss</var> sysctl variable (the default value is <var -class="LITERAL">216</var> bytes). The second limit is set by the <var -class="VARNAME">net.inet.tcp.minmssoverload</var> variable, and controls the maximum rate -of connections whose average segment size is less than <var -class="VARNAME">net.inet.tcp.minmss</var>. Connections exceeding this packet rate are -reset and dropped. Because this feature was added late in the 5.2-RELEASE release cycle, -connection rate limiting is disabled by default, but can be enabled manually by assigning -a non-zero value to <var class="VARNAME">net.inet.tcp.minmssoverload</var>. This feature -was added to FreeBSD 5.2-RELEASE too late for inclusion in its release notes.</p> -</div> -</div> - -<hr /> -<p align="center"><small>This file, and other release-related documents, can be -downloaded from <a -href="http://snapshots.jp.FreeBSD.org/">http://snapshots.jp.FreeBSD.org/</a>.</small></p> - -<p align="center"><small>For questions about FreeBSD, read the <a -href="http://www.FreeBSD.org/docs.html">documentation</a> before contacting <<a -href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>>.</small></p> - -<p align="center"><small><small>All users of FreeBSD 5-CURRENT should subscribe to the -<<a href="mailto:current@FreeBSD.org">current@FreeBSD.org</a>> mailing -list.</small></small></p> - -<p align="center">For questions about this documentation, e-mail <<a -href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>>.</p> - -<br /> -<br /> -</body> -</html> - |