1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>FreeBSD 9.0-RELEASE Errata</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<script type="text/javascript" src="http://www.FreeBSD.org/layout/js/google.js">
</script>
</head>
<body class="ARTICLE" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="ARTICLE">
<div class="TITLEPAGE">
<h1 class="TITLE"><a id="AEN2" name="AEN2">FreeBSD 9.0-RELEASE Errata</a></h1>
<h3 class="CORPAUTHOR">The FreeBSD Project</h3>
<p class="COPYRIGHT">Copyright © 2012 The FreeBSD Documentation Project</p>
<p class="PUBDATE">$FreeBSD: stable/9/release/doc/en_US.ISO8859-1/errata/article.sgml
230254 2012-01-17 02:49:23Z hrs $<br />
</p>
<div class="LEGALNOTICE"><a id="TRADEMARKS" name="TRADEMARKS"></a>
<p>FreeBSD is a registered trademark of the FreeBSD Foundation.</p>
<p>Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or
registered trademarks of Intel Corporation or its subsidiaries in the United States and
other countries.</p>
<p>SPARC, SPARC64, SPARCengine, and UltraSPARC are trademarks of SPARC International, Inc
in the United States and other countries. SPARC International, Inc owns all of the SPARC
trademarks and under licensing agreements allows the proper use of these trademarks by
its members.</p>
<p>Many of the designations used by manufacturers and sellers to distinguish their
products are claimed as trademarks. Where those designations appear in this document, and
the FreeBSD Project was aware of the trademark claim, the designations have been followed
by the “™” or the “®” symbol.</p>
</div>
<hr />
</div>
<blockquote class="ABSTRACT">
<div class="ABSTRACT"><a id="AEN16" name="AEN16"></a>
<p>This document lists errata items for FreeBSD 9.0-RELEASE, containing significant
information discovered after the release or too late in the release cycle to be otherwise
included in the release documentation. This information includes security advisories, as
well as news relating to the software or documentation that could affect its operation or
usability. An up-to-date version of this document should always be consulted before
installing this version of FreeBSD.</p>
<p>This errata document for FreeBSD 9.0-RELEASE will be maintained until the release of
FreeBSD 9.1-RELEASE.</p>
</div>
</blockquote>
<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="INTRO" name="INTRO">1 Introduction</a></h2>
<p>This errata document contains “late-breaking news” about FreeBSD
9.0-RELEASE. Before installing this version, it is important to consult this document to
learn about any post-release discoveries or problems that may already have been found and
fixed.</p>
<p>Any version of this errata document actually distributed with the release (for
example, on a CDROM distribution) will be out of date by definition, but other copies are
kept updated on the Internet and should be consulted as the “current errata”
for this release. These other copies of the errata are located at <a
href="http://www.FreeBSD.org/releases/"
target="_top">http://www.FreeBSD.org/releases/</a>, plus any sites which keep up-to-date
mirrors of this location.</p>
<p>Source and binary snapshots of FreeBSD 9.0-STABLE also contain up-to-date copies of
this document (as of the time of the snapshot).</p>
<p>For a list of all FreeBSD CERT security advisories, see <a
href="http://www.FreeBSD.org/security/"
target="_top">http://www.FreeBSD.org/security/</a> or <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"
target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
</div>
<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="SECURITY" name="SECURITY">2 Security Advisories</a></h2>
<p>Problems described in the following security advisories have been fixed in
9.0-RELEASE. For more information, consult the individual advisories available from <a
href="http://security.FreeBSD.org/" target="_top">http://security.FreeBSD.org/</a>.</p>
<div class="INFORMALTABLE"><a id="AEN34" name="AEN34"></a>
<table border="0" frame="void" width="100%" class="CALSTABLE">
<col width="20%" />
<col width="20%" />
<col width="60%" />
<thead>
<tr>
<th>Advisory</th>
<th>Date</th>
<th>Topic</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:01.mountd.asc"
target="_top">SA-11:01.mountd</a></td>
<td>20 April 2011</td>
<td>
<p>Network ACL mishandling in <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=mountd&sektion=8&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">mountd</span>(8)</span></a></p>
</td>
</tr>
<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc"
target="_top">SA-11:02.bind</a></td>
<td>28 May 2011</td>
<td>
<p>BIND remote DoS with large RRSIG RRsets and negative caching</p>
</td>
</tr>
<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc"
target="_top">SA-11:04.compress</a></td>
<td>28 September 2011</td>
<td>
<p>Errors handling corrupt compress file in <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=compress&sektion=1&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">compress</span>(1)</span></a> and
<a
href="http://www.FreeBSD.org/cgi/man.cgi?query=gzip&sektion=1&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">gzip</span>(1)</span></a></p>
</td>
</tr>
<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc"
target="_top">SA-11:05.unix</a></td>
<td>28 September 2011</td>
<td>
<p>Buffer overflow in handling of UNIX socket addresses</p>
</td>
</tr>
<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:06.bind.asc"
target="_top">SA-11:06.bind</a></td>
<td>23 December 2011</td>
<td>
<p>Remote packet Denial of Service against <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=named&sektion=8&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">named</span>(8)</span></a>
servers</p>
</td>
</tr>
<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:07.chroot.asc"
target="_top">SA-11:07.chroot</a></td>
<td>23 December 2011</td>
<td>
<p>Code execution via chrooted ftpd</p>
</td>
</tr>
<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
target="_top">SA-11:08.telnetd</a></td>
<td>23 December 2011</td>
<td>
<p>telnetd code execution vulnerability</p>
</td>
</tr>
<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:09.pam_ssh.asc"
target="_top">SA-11:09.pam_ssh</a></td>
<td>23 December 2011</td>
<td>
<p>pam_ssh improperly grants access when user account has unencrypted SSH private
keys</p>
</td>
</tr>
<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:10.pam.asc"
target="_top">SA-11:10.pam</a></td>
<td>23 December 2011</td>
<td>
<p><code class="FUNCTION">pam_start()</code> does not validate service names</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="OPEN-ISSUES" name="OPEN-ISSUES">3 Open Issues</a></h2>
<ul>
<li>
<p>In some releases prior to 9.0-RELEASE, upgrading by using <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=freebsd-update&sektion=8&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span
class="REFENTRYTITLE">freebsd-update</span>(8)</span></a> can fail. This issue has been
fixed by a change in Errata Notice EN-12:01. For more information, see <a
href="http://security.freebsd.org/advisories/FreeBSD-EN-12:01.freebsd-update.asc"
target="_top">http://security.freebsd.org/advisories/FreeBSD-EN-12:01.freebsd-update.asc</a></p>
</li>
<li>
<p>[amd64, i386] FreeBSD 9.0-RELEASE includes several changes to improve resource
management of PCI devices. Some x86 machines may not boot or may have devices that no
longer attach when using ACPI as a result of these changes. This can be worked around by
setting a <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=loader&sektion=8&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">loader</span>(8)</span></a>
tunable <code class="VARNAME">debug.acpi.disabled</code> to <tt
class="LITERAL">hostres</tt>. To do this, enter the following lines at the loader
prompt:</p>
<pre class="SCREEN">
set debug.acpi.disabled="hostres"
boot
</pre>
<p>Or, put the following line into <tt class="FILENAME">/boot/loader.conf</tt>:</p>
<pre class="PROGRAMLISTING">
debug.acpi.disabled="hostres"
</pre>
</li>
<li>
<p>A <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=devctl&sektion=4&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">devctl</span>(4)</span></a> event
upon arrival of a <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ugen&sektion=4&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ugen</span>(4)</span></a> device
has been changed. The event now includes <tt class="LITERAL">ugen</tt> and <tt
class="LITERAL">cdev</tt> variables instead of <tt class="LITERAL">device-name</tt>. This
change can prevent the following <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=devd&sektion=8&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">devd</span>(8)</span></a> rule
which worked in a previous releases from working:</p>
<pre class="PROGRAMLISTING">
attach 0 {
match "device-name" "ugen[0-9]+.[0-9]+";
action "/path/to/script /dev/$device-name";
}
</pre>
<p>This should be updated to the following:</p>
<pre class="PROGRAMLISTING">
attach 0 {
match "subsystem" "DEVICE";
match "type" "ATTACH";
match "cdev" "ugen[0-9]+.[0-9]+";
action "/path/to/script /dev/$cdev";
}
</pre>
</li>
<li>
<p>The FreeBSD 9.0-RELEASE Release Notes should have mentioned that SSM (Source-Specific
Multicast) MLDv2 now uses <tt class="LITERAL">ALLOW_NEW_SOURCES</tt> and <tt
class="LITERAL">BLOCK_OLD_SOURCES</tt> record types to signal a join or a leave by
default. This conforms RFC 4604, “Using Internet Group Management Protocol Version
3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for
Source-Specific Multicast”. A new <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=sysctl&sektion=8&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">sysctl</span>(8)</span></a>
variable <code class="VARNAME">net.inet6.mld.use_allow</code> which controls the behavior
has been added. The default value is <tt class="LITERAL">1</tt> (use <tt
class="LITERAL">ALLOW_NEW_SOURCES</tt> and <tt
class="LITERAL">BLOCK_OLD_SOURCES</tt>).</p>
</li>
<li>
<p>9.0-RELEASE fails to configure an interface specified in the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=rc.conf&sektion=5&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">rc.conf</span>(5)</span></a>
variable <code class="VARNAME">ipv6_prefix_<tt class="REPLACEABLE"><i>IF</i></tt></code>
when the interface does not have a corresponding <code class="VARNAME">ifconfig_<tt
class="REPLACEABLE"><i>IF</i></tt>_ipv6</code> variable. This problem will be fixed in
the future releases. To work around this problem on 9.0-RELEASE, add an <code
class="VARNAME">ifconfig_<tt class="REPLACEABLE"><i>IF</i></tt>_ipv6</code> line for each
interface specified in <code class="VARNAME">ipv6_prefix_<tt
class="REPLACEABLE"><i>IF</i></tt></code> as the following:</p>
<pre class="PROGRAMLISTING">
ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
ifconfig_em0_ipv6="inet6 auto_linklocal"
</pre>
</li>
<li>
<p>In 9.0-RELEASE the FreeBSD USB subsystem supports USB 3.0 by the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=xhci&sektion=4&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">xhci</span>(4)</span></a> driver.
However, a bug that could prevent it from working with a USB 3.0 hub has been found and
fixed after the release date. This means 9.0-RELEASE and prior do not work with a USB 3.0
hub. This problem has been fixed in HEAD and will be merged into the 9-STABLE branch.</p>
</li>
</ul>
</div>
<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="LATE-NEWS" name="LATE-NEWS">4 Late-Breaking News</a></h2>
<p>No news.</p>
</div>
</div>
<hr />
<p align="center"><small>This file, and other release-related documents, can be
downloaded from <a
href="http://www.FreeBSD.org/releases/">http://www.FreeBSD.org/releases/</a>.</small></p>
<p align="center"><small>For questions about FreeBSD, read the <a
href="http://www.FreeBSD.org/docs.html">documentation</a> before contacting <<a
href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>>.</small></p>
<p align="center"><small>All users of FreeBSD 9.0-STABLE should subscribe to the <<a
href="mailto:stable@FreeBSD.org">stable@FreeBSD.org</a>> mailing list.</small></p>
<p align="center"><small>For questions about this documentation, e-mail <<a
href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>>.</small></p>
</body>
</html>
|
