300 lines
11 KiB
Plaintext
300 lines
11 KiB
Plaintext
<!--
|
|
FreeBSD errata document. Unlike some of the other RELNOTESng
|
|
files, this file should remain as a single SGML file, so that
|
|
the dollar FreeBSD dollar header has a meaningful modification
|
|
time. This file is all but useless without a datestamp on it,
|
|
so we'll take some extra care to make sure it has one.
|
|
|
|
(If we didn't do this, then the file with the datestamp might
|
|
not be the one that received the last change in the document.)
|
|
|
|
-->
|
|
|
|
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
|
|
<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN">
|
|
%man;
|
|
<!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN">
|
|
%authors;
|
|
<!ENTITY % mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN">
|
|
%mlists;
|
|
<!ENTITY % trademarks PUBLIC "-//FreeBSD//ENTITIES DocBook Trademark Entities//EN">
|
|
%trademarks;
|
|
<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
|
|
%release;
|
|
<!ENTITY % misc PUBLIC "-//FreeBSD//ENTITIES DocBook Miscellaneous FreeBSD Entities//EN">
|
|
%misc;
|
|
]>
|
|
|
|
<article>
|
|
<articleinfo>
|
|
<title>&os;
|
|
<![ %release.type.snapshot [
|
|
&release.prev;
|
|
]]>
|
|
<![ %release.type.release [
|
|
&release.current;
|
|
]]>
|
|
Errata</title>
|
|
|
|
<corpauthor>
|
|
The &os; Project
|
|
</corpauthor>
|
|
|
|
<pubdate>$FreeBSD$</pubdate>
|
|
|
|
<copyright>
|
|
<year>2000</year>
|
|
<year>2001</year>
|
|
<year>2002</year>
|
|
<year>2003</year>
|
|
<year>2004</year>
|
|
<holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
|
|
</copyright>
|
|
|
|
<legalnotice id="trademarks" role="trademarks">
|
|
&tm-attrib.freebsd;
|
|
&tm-attrib.intel;
|
|
&tm-attrib.sparc;
|
|
&tm-attrib.general;
|
|
</legalnotice>
|
|
</articleinfo>
|
|
|
|
<abstract>
|
|
<para>This document lists errata items for &os;
|
|
<![ %release.type.snapshot [
|
|
&release.prev;,
|
|
]]>
|
|
<![ %release.type.release [
|
|
&release.current;,
|
|
]]>
|
|
containing significant information discovered after the release
|
|
or too late in the release cycle to be otherwise included in the
|
|
release documentation.
|
|
This information includes security advisories, as well as news
|
|
relating to the software or documentation that could affect its
|
|
operation or usability. An up-to-date version of this document
|
|
should always be consulted before installing this version of
|
|
&os;.</para>
|
|
|
|
<para>This errata document for &os;
|
|
<![ %release.type.snapshot [
|
|
&release.prev;
|
|
]]>
|
|
<![ %release.type.release [
|
|
&release.current;
|
|
]]>
|
|
will be maintained until the release of &os; &release.next;.</para>
|
|
</abstract>
|
|
|
|
<sect1 id="intro">
|
|
<title>Introduction</title>
|
|
|
|
<para>This errata document contains <quote>late-breaking news</quote>
|
|
about &os;
|
|
<![ %release.type.snapshot [
|
|
&release.prev;.
|
|
]]>
|
|
<![ %release.type.release [
|
|
&release.current;.
|
|
]]>
|
|
Before installing this version, it is important to consult this
|
|
document to learn about any post-release discoveries or problems
|
|
that may already have been found and fixed.</para>
|
|
|
|
<para>Any version of this errata document actually distributed
|
|
with the release (for example, on a CDROM distribution) will be
|
|
out of date by definition, but other copies are kept updated on
|
|
the Internet and should be consulted as the <quote>current
|
|
errata</quote> for this release. These other copies of the
|
|
errata are located at <ulink
|
|
url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites
|
|
which keep up-to-date mirrors of this location.</para>
|
|
|
|
<para>Source and binary snapshots of &os; &release.branch; also
|
|
contain up-to-date copies of this document (as of the time of
|
|
the snapshot).</para>
|
|
|
|
<para>For a list of all &os; CERT security advisories, see <ulink
|
|
url="http://www.FreeBSD.org/security/"></ulink> or <ulink
|
|
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para>
|
|
|
|
</sect1>
|
|
|
|
<sect1 id="security">
|
|
<title>Security Advisories</title>
|
|
|
|
<![ %release.type.release [
|
|
<para>No advisories.</para>
|
|
]]>
|
|
|
|
<![ %release.type.snapshot [
|
|
|
|
<para>(30 Jan 2004) A bug in &man.mksnap.ffs.8; causes the creation of a
|
|
filesystem snapshot to reset the flags on the filesystem to
|
|
their default values. The possible consequences depend on local
|
|
usage, but can include disabling extended access control lists
|
|
or enabling the use of setuid executables stored on an untrusted
|
|
filesystem. This bug also affects the &man.dump.8;
|
|
<option>-L</option> option, which uses &man.mksnap.ffs.8;. Note
|
|
that &man.mksnap.ffs.8; is normally only available to the
|
|
superuser and members of the <groupname>operator</groupname>
|
|
group. This bug has been fixed on the &os; &release.current;
|
|
security fix branch. For more information, see security advisory <ulink
|
|
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para>
|
|
|
|
]]>
|
|
|
|
</sect1>
|
|
|
|
<sect1 id="open-issues">
|
|
<title>Open Issues</title>
|
|
|
|
<![ %release.type.release [
|
|
<para>No open issues.</para>
|
|
]]>
|
|
|
|
<![ %release.type.snapshot [
|
|
|
|
<para>(9 Jan 2004) Due to a change in &man.cpp.1; behavior, the
|
|
login screen for &man.xdm.1; is in black and white, even on
|
|
systems with color displays. As a workaround, update to a newer
|
|
version of the
|
|
<filename role="package">x11/XFree86-4-clients</filename>
|
|
port/package.</para>
|
|
|
|
<para>(9 Jan 2004) There remain some residual problems with ACPI.
|
|
In some cases, systems may behave erratically, or hang at boot
|
|
time. As a workaround, disable ACPI, using the <quote>safe
|
|
mode</quote> option of the bootloader or using the
|
|
<varname>hint.acpi.0.disabled</varname> kernel environment
|
|
variable. These problems are being investigated. For problems
|
|
that have not already been reported (check the mailing list
|
|
archives <emphasis>before</emphasis> posting), sending the
|
|
output of &man.dmesg.8; and &man.acpidump.8; to the
|
|
&a.current; may help diagnose the problem.</para>
|
|
|
|
<para>(9 Jan 2004) In some cases, ATA devices may behave
|
|
erratically, particularly SATA devices. Reported symptoms
|
|
include command timeouts or missing interrupts. These problems
|
|
appear to be timing-dependent, making them rather difficult to
|
|
isolate. Workarounds include:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Turn off ATA DMA using the <quote>safe mode</quote>
|
|
option of the bootloader or the
|
|
<varname>hw.ata.ata_dma</varname> sysctl variable.</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>Use the host's BIOS setup options to put the ATA
|
|
controller in its <quote>legacy mode</quote>, if
|
|
available.</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>Disable ACPI, for example using the <quote>safe mode</quote>
|
|
option of the bootloader or using the
|
|
<varname>hint.acpi.0.disabled</varname> kernel environment
|
|
variable.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
<para>(9 Jan 2004) Installing over NFS when using the install
|
|
floppies requires that the <filename>nfsclient.ko</filename>
|
|
module be manually loaded from the third floppy disk. This can
|
|
be done by following the prompts when &man.sysinstall.8;
|
|
launches to load a driver off of the third floppy disk.</para>
|
|
|
|
<para>(9 Jan 2004) The use of multiple vchans (virtual audio
|
|
channels with dynamic mixing in software) in the &man.pcm.4;
|
|
driver has been known to cause some instability.</para>
|
|
|
|
<para>(10 Jan 2004) Although APIC interrupt routing seems to work
|
|
correctly on many systems, on some others (such as some laptops)
|
|
it can cause various errors, such as &man.ata.4; errors or hangs
|
|
when starting or exiting X11. For these situations, it may be
|
|
advisable to disable APIC routing, using the <quote>safe
|
|
mode</quote> of the bootloader or the
|
|
<varname>hint.apic.0.disabled</varname> loader tunable. Note
|
|
that disabling APIC is not compatible with SMP systems.</para>
|
|
|
|
<para>(10 Jan 2004) The NFSv4 client may panic when attempting an
|
|
NFSv4 operation against an NFSv3/NFSv2-only server. This
|
|
problem has been fixed with revision 1.4 of
|
|
<filename>src/sys/rpc/rpcclnt.c</filename> in &os;
|
|
&release.current;.</para>
|
|
|
|
<para>(11 Jan 2004) Some problems have been encountered when using
|
|
third-party NSS modules, such as <filename>nss_ldap</filename>,
|
|
and groups with large membership lists. These have been fixed
|
|
with revision 1.2 of <filename>src/include/nss.h</filename> and
|
|
revision 1.2 of
|
|
<filename>src/lib/libc/net/nss_compat.c</filename> in &os;
|
|
&release.current;.</para>
|
|
|
|
<para>(13 Jan 2004) The &os; &release.current; release notes
|
|
incorrectly stated that <application>GCC</application> was a
|
|
post-release GCC 3.3.3 snapshot. They should have stated that
|
|
GCC was a <emphasis>pre-release</emphasis> GCC 3.3.3
|
|
snapshot.</para>
|
|
|
|
<para>(13 Jan 2004) The <filename
|
|
role="package">sysutils/kdeadmin3</filename> port/package has a
|
|
bug in the <application>KUser</application> component that can
|
|
cause deletion of the <username>root</username> user from the
|
|
system password file. Users are strongly urged to upgrade to
|
|
version 3.1.4_1 of this port/package.</para>
|
|
|
|
<para>(21 Jan 2004) Some bugs in the IPsec implementation imported
|
|
from the KAME Project can result in memory objects being freed
|
|
before all references to them were removed. Reported symptoms
|
|
include erratic behavior or kernel panics after flushing the
|
|
Security Policy Database (SPD). Some of these problems have
|
|
been fixed in &os; &release.current; in rev. 1.31 of
|
|
<filename>src/sys/netinet6/ipsec.c</filename>, rev. 1.136 of
|
|
<filename>src/sys/netinet/in_pcb.c</filename>, and revs. 1.63
|
|
and 1.64 of <filename>src/sys/netkey/key.c</filename>. More
|
|
information about these problems has been posted to the
|
|
&a.current;, in particular the thread entitled <ulink
|
|
url="http://lists.FreeBSD.org/pipermail/freebsd-current/2004-January/thread.html#18084">
|
|
<quote>[PATCH] IPSec fixes</quote></ulink>.</para>
|
|
|
|
]]>
|
|
|
|
</sect1>
|
|
|
|
<sect1 id="late-news">
|
|
<title>Late-Breaking News</title>
|
|
|
|
<![ %release.type.release [
|
|
<para>No news.</para>
|
|
]]>
|
|
|
|
<![ %release.type.snapshot [
|
|
|
|
<para>(10 Jan 2004) The TCP implementation in &os; now includes
|
|
protection against a certain class of TCP MSS resource
|
|
exhaustion attacks, in the form of limits on the size and rate
|
|
of TCP segments. The first limit sets the minimum allowed
|
|
maximum TCP segment size, and is controlled by the
|
|
<varname>net.inet.tcp.minmss</varname> sysctl variable (the
|
|
default value is <literal>216</literal> bytes). The second
|
|
limit is set by the
|
|
<varname>net.inet.tcp.minmssoverload</varname> variable, and
|
|
controls the maximum rate of connections whose average segment
|
|
size is less than <varname>net.inet.tcp.minmss</varname>.
|
|
Connections exceeding this packet rate are reset and dropped.
|
|
Because this feature was added late in the &release.prev;
|
|
release cycle, connection rate limiting is disabled by default,
|
|
but can be enabled manually by assigning a non-zero value to
|
|
<varname>net.inet.tcp.minmssoverload</varname> (the default
|
|
value in &release.current; at the time of this writing is
|
|
<literal>1000</literal> packets per second).</para>
|
|
|
|
]]>
|
|
|
|
</sect1>
|
|
|
|
</article>
|