Regen from article.sgml 1.64.

svn path=/www/; revision=20216
2004-02-28 22:56:23 +00:00 · 2004-02-28 22:56:23 +00:00 · 44efbdabc8 · 2020-12-08 03:00:23 +00:00
commit 44efbdabc8
parent 2e91791d34
2 changed files with 271 additions and 57 deletions
--- a/en/releases/5.2.1R/errata.html
+++ b/en/releases/5.2.1R/errata.html
@ -3,7 +3,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta name="generator" content="HTML Tidy, see www.w3.org" />
-<title>FreeBSD 5.2.1-RELEASE Errata</title>
+<title>FreeBSD 5.2-RELEASE Errata</title>
 <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
 <link rel="STYLESHEET" type="text/css" href="docbook.css" />
 </head>
@ -11,15 +11,15 @@
 alink="#0000FF">
 <div class="ARTICLE">
 <div class="TITLEPAGE">
-<h1 class="TITLE"><a id="AEN2" name="AEN2">FreeBSD 5.2.1-RELEASE Errata</a></h1>
+<h1 class="TITLE"><a id="AEN2" name="AEN2">FreeBSD 5.2-RELEASE Errata</a></h1>
 <h3 class="CORPAUTHOR">The FreeBSD Project</h3>
-<p class="COPYRIGHT">Copyright &copy; 2000, 2001, 2002, 2003 The FreeBSD Documentation
+<p class="COPYRIGHT">Copyright &copy; 2000, 2001, 2002, 2003, 2004 The FreeBSD
-Project</p>
+Documentation Project</p>
-<p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v 1.54
+<p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v 1.64
-2003/12/04 23:53:54 bmah Exp $<br />
+2004/02/28 22:49:15 bmah Exp $<br />
 </p>
 <div class="LEGALNOTICE"><a id="TRADEMARKS" name="TRADEMARKS"></a>
@ -44,15 +44,19 @@ by the ``&trade;'' or the ``&reg;'' symbol.</p>
 </div>
 <blockquote class="ABSTRACT">
-<div class="ABSTRACT"><a id="AEN19" name="AEN19"></a>
+<div class="ABSTRACT"><a id="AEN20" name="AEN20"></a>
-<p>This document lists errata items for FreeBSD 5.2.1-RELEASE, containing significant
+<p>This document lists errata items for FreeBSD 5.2-RELEASE, containing significant
 information discovered after the release or too late in the release cycle to be otherwise
 included in the release documentation. This information includes security advisories, as
 well as news relating to the software or documentation that could affect its operation or
 usability. An up-to-date version of this document should always be consulted before
 installing this version of FreeBSD.</p>
-<p>This errata document for FreeBSD 5.2.1-RELEASE will be maintained until the release of
+<p>This document also contains errata for FreeBSD 5.2.1-RELEASE, a ``point release'' made
 about one month after FreeBSD 5.2-RELEASE. Unless otherwise noted, all errata items in
 this document apply to both 5.2-RELEASE and 5.2.1-RELEASE.</p>
 <p>This errata document for FreeBSD 5.2-RELEASE will be maintained until the release of
 FreeBSD 5.3-RELEASE.</p>
 </div>
 </blockquote>
@ -61,9 +65,9 @@ FreeBSD 5.3-RELEASE.</p>
 <hr />
 <h2 class="SECT1"><a id="INTRO" name="INTRO">1 Introduction</a></h2>
-<p>This errata document contains ``late-breaking news'' about FreeBSD 5.2.1-RELEASE.
+<p>This errata document contains ``late-breaking news'' about FreeBSD 5.2-RELEASE. Before
-Before installing this version, it is important to consult this document to learn about
+installing this version, it is important to consult this document to learn about any
-any post-release discoveries or problems that may already have been found and fixed.</p>
+post-release discoveries or problems that may already have been found and fixed.</p>
 <p>Any version of this errata document actually distributed with the release (for
 example, on a CDROM distribution) will be out of date by definition, but other copies are
@ -87,34 +91,211 @@ target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
 <hr />
 <h2 class="SECT1"><a id="SECURITY" name="SECURITY">2 Security Advisories</a></h2>
-<p>No advisories.</p>
+<p>(30 Jan 2004, updated 28 Feb 2004) A bug in <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&amp;sektion=8&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">mksnap_ffs</span>(8)</span></a>
 causes the creation of a filesystem snapshot to reset the flags on the filesystem to
 their default values. The possible consequences depend on local usage, but can include
 disabling extended access control lists or enabling the use of setuid executables stored
 on an untrusted filesystem. This bug also affects the <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=dump&amp;sektion=8&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">dump</span>(8)</span></a> <var
 class="OPTION">-L</var> option, which uses <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&amp;sektion=8&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">mksnap_ffs</span>(8)</span></a>.
 Note that <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&amp;sektion=8&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">mksnap_ffs</span>(8)</span></a> is
 normally only available to the superuser and members of the <tt
 class="GROUPNAME">operator</tt> group. This bug has been fixed on the FreeBSD 5.2-CURRENT
 security fix branch and in FreeBSD 5.2.1-RELEASE. For more information, see security
 advisory <a
 href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc"
 target="_top">FreeBSD-SA-04:01</a>.</p>
 <p>(8 Feb 2004, updated 28 Feb 2004) A bug with the System V Shared Memory interface
 (specifically the <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=shmat&amp;sektion=2&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">shmat</span>(2)</span></a> system
 call) can cause a shared memory segment to reference unallocated kernel memory. In turn,
 this can permit a local attacker to gain unauthorized access to parts of kernel memory,
 possibly resulting in disclosure of sensitive information, bypass of access control
 mechanisms, or privilege escalation. This bug has been fixed on the FreeBSD 5.2-CURRENT
 security fix branch and in FreeBSD 5.2.1-RELEASE. More details, including bugfix and
 workaround information, can be found in security advisory <a
 href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc"
 target="_top">FreeBSD-SA-04:02</a>.</p>
 <p>(28 Feb 2004) It is possible, under some circumstances, for a processor with superuser
 privileges inside a <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&amp;sektion=8&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">jail</span>(8)</span></a>
 environment to change its root directory to a different jail, giving it read and write
 access to the files and directories within. This vulnerability has been closed on the
 FreeBSD 5.2-CURRENT security fix branch and in FreeBSD 5.2.1-RELEASE. Information on the
 bug fix can be found in security advisory <a
 href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.mail.asc"
 target="_top">FreeBSD-SA-04:03</a>.</p>
 </div>
 <div class="SECT1">
 <hr />
 <h2 class="SECT1"><a id="OPEN-ISSUES" name="OPEN-ISSUES">3 Open Issues</a></h2>
-<p>No open issues.</p>
+<p>(9 Jan 2004) Due to a change in <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=cpp&amp;sektion=1&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">cpp</span>(1)</span></a> behavior,
 the login screen for <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=xdm&amp;sektion=1&amp;manpath=XFree86+4.3.0">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">xdm</span>(1)</span></a> is in
 black and white, even on systems with color displays. As a workaround, update to a newer
 version of the <a
 href="http://www.FreeBSD.org/cgi/url.cgi?ports/x11/XFree86-4-clients/pkg-descr"><tt
 class="FILENAME">x11/XFree86-4-clients</tt></a> port/package.</p>
 <p>(9 Jan 2004) There remain some residual problems with ACPI. In some cases, systems may
 behave erratically, or hang at boot time. As a workaround, disable ACPI, using the ``safe
 mode'' option of the bootloader or using the <var
 class="VARNAME">hint.acpi.0.disabled</var> kernel environment variable. These problems
 are being investigated. For problems that have not already been reported (check the
 mailing list archives <span class="emphasis"><i class="EMPHASIS">before</i></span>
 posting), sending the output of <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=dmesg&amp;sektion=8&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">dmesg</span>(8)</span></a> and <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=acpidump&amp;sektion=8&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">acpidump</span>(8)</span></a> to
 the <a href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-current"
 target="_top">FreeBSD-CURRENT mailing list</a> may help diagnose the problem.</p>
 <p>(9 Jan 2004, updated 28 Feb 2004) In some cases, ATA devices may behave erratically,
 particularly SATA devices. Reported symptoms include command timeouts or missing
 interrupts. These problems appear to be timing-dependent, making them rather difficult to
 isolate. Workarounds include:</p>
 <ul>
 <li>
 <p>Turn off ATA DMA using the ``safe mode'' option of the bootloader or the <var
 class="VARNAME">hw.ata.ata_dma</var> sysctl variable.</p>
 </li>
 <li>
 <p>Use the host's BIOS setup options to put the ATA controller in its ``legacy mode'', if
 available.</p>
 </li>
 <li>
 <p>Disable ACPI, for example using the ``safe mode'' option of the bootloader or using
 the <var class="VARNAME">hint.acpi.0.disabled</var> kernel environment variable.</p>
 </li>
 </ul>
 <p>Some of these problems were addressed in FreeBSD 5.2.1-RELEASE with the import of a
 newer <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=ata&amp;sektion=4&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">ata</span>(4)</span></a> from
 5.2-CURRENT.</p>
 <p>(9 Jan 2004) Installing over NFS when using the install floppies requires that the <tt
 class="FILENAME">nfsclient.ko</tt> module be manually loaded from the third floppy disk.
 This can be done by following the prompts when <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&amp;sektion=8&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">sysinstall</span>(8)</span></a>
 launches to load a driver off of the third floppy disk.</p>
 <p>(9 Jan 2004) The use of multiple vchans (virtual audio channels with dynamic mixing in
 software) in the <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=pcm&amp;sektion=4&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">pcm</span>(4)</span></a> driver
 has been known to cause some instability.</p>
 <p>(10 Jan 2004) Although APIC interrupt routing seems to work correctly on many systems,
 on some others (such as some laptops) it can cause various errors, such as <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=ata&amp;sektion=4&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">ata</span>(4)</span></a> errors or
 hangs when starting or exiting X11. For these situations, it may be advisable to disable
 APIC routing, using the ``safe mode'' of the bootloader or the <var
 class="VARNAME">hint.apic.0.disabled</var> loader tunable. Note that disabling APIC is
 not compatible with SMP systems.</p>
 <p>(10 Jan 2004, updated 28 Feb 2004) The NFSv4 client may panic when attempting an NFSv4
 operation against an NFSv3/NFSv2-only server. This problem has been fixed with revision
 1.4 of <tt class="FILENAME">src/sys/rpc/rpcclnt.c</tt> in FreeBSD 5.2-CURRENT. It was
 also fixed in FreeBSD 5.2.1-RELEASE.</p>
 <p>(11 Jan 2004, updated 28 Feb 2004) Some problems have been encountered when using
 third-party NSS modules, such as <tt class="FILENAME">nss_ldap</tt>, and groups with
 large membership lists. These have been fixed with revision 1.2 of <tt
 class="FILENAME">src/include/nss.h</tt> and revision 1.2 of <tt
 class="FILENAME">src/lib/libc/net/nss_compat.c</tt> in FreeBSD 5.2-CURRENT; this fix was
 backported to FreeBSD 5.2.1-RELEASE.</p>
 <p>(13 Jan 2004) The FreeBSD 5.2-CURRENT release notes incorrectly stated that <b
 class="APPLICATION">GCC</b> was a post-release GCC 3.3.3 snapshot. They should have
 stated that GCC was a <span class="emphasis"><i class="EMPHASIS">pre-release</i></span>
 GCC 3.3.3 snapshot.</p>
 <p>(13 Jan 2004, updated 28 Feb 2004) The <a
 href="http://www.FreeBSD.org/cgi/url.cgi?ports/sysutils/kdeadmin3/pkg-descr"><tt
 class="FILENAME">sysutils/kdeadmin3</tt></a> port/package has a bug in the <b
 class="APPLICATION">KUser</b> component that can cause deletion of the <tt
 class="USERNAME">root</tt> user from the system password file. Users are strongly urged
 to upgrade to version 3.1.4_1 of this port/package. The package set included with FreeBSD
 5.2.1-RELEASE contains the fixed version of this package.</p>
 <p>(21 Jan 2004, updated 28 Feb 2004) Some bugs in the IPsec implementation imported from
 the KAME Project can result in memory objects being freed before all references to them
 were removed. Reported symptoms include erratic behavior or kernel panics after flushing
 the Security Policy Database (SPD). Some of these problems have been fixed in FreeBSD
 5.2-CURRENT in rev. 1.31 of <tt class="FILENAME">src/sys/netinet6/ipsec.c</tt>, rev.
 1.136 of <tt class="FILENAME">src/sys/netinet/in_pcb.c</tt>, and revs. 1.63 and 1.64 of
 <tt class="FILENAME">src/sys/netkey/key.c</tt>. These bugfixes were backported to FreeBSD
 5.2.1-RELEASE. More information about these problems has been posted to the <a
 href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-current"
 target="_top">FreeBSD-CURRENT mailing list</a>, in particular the thread entitled <a
 href="http://lists.FreeBSD.org/pipermail/freebsd-current/2004-January/thread.html#18084"
 target="_top">``[PATCH] IPSec fixes''</a>.</p>
 <p>(28 Feb 2004) The edition of the Porters Handbook included with FreeBSD 5.2.1-RELEASE
 contained an incorrect value for 5.2.1-RELEASE's <var
 class="VARNAME">__FreeBSD_version</var>. The correct value is <var
 class="LITERAL">502010</var>.</p>
 </div>
 <div class="SECT1">
 <hr />
 <h2 class="SECT1"><a id="LATE-NEWS" name="LATE-NEWS">4 Late-Breaking News</a></h2>
-<p>No news.</p>
+<p>(10 Jan 2004, updated 28 Feb 2004) The TCP implementation in FreeBSD now includes
 protection against a certain class of TCP MSS resource exhaustion attacks, in the form of
 limits on the size and rate of TCP segments. The first limit sets the minimum allowed
 maximum TCP segment size, and is controlled by the <var
 class="VARNAME">net.inet.tcp.minmss</var> sysctl variable (the default value is <var
 class="LITERAL">216</var> bytes). The second limit is set by the <var
 class="VARNAME">net.inet.tcp.minmssoverload</var> variable, and controls the maximum rate
 of connections whose average segment size is less than <var
 class="VARNAME">net.inet.tcp.minmss</var>. Connections exceeding this packet rate are
 reset and dropped. Because this feature was added late in the 5.2-RELEASE release cycle,
 connection rate limiting is disabled by default, but can be enabled manually by assigning
 a non-zero value to <var class="VARNAME">net.inet.tcp.minmssoverload</var>. This feature
 was added to FreeBSD 5.2-RELEASE too late for inclusion in its release notes.</p>
 </div>
 </div>
 <hr />
 <p align="center"><small>This file, and other release-related documents, can be
-downloaded from <a href="ftp://ftp.FreeBSD.org/">ftp://ftp.FreeBSD.org/</a>.</small></p>
+downloaded from <a
 href="http://snapshots.jp.FreeBSD.org/">http://snapshots.jp.FreeBSD.org/</a>.</small></p>
 <p align="center"><small>For questions about FreeBSD, read the <a
 href="http://www.FreeBSD.org/docs.html">documentation</a> before contacting &#60;<a
 href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.</small></p>
-<p align="center"><small>For questions about this documentation, e-mail &#60;<a
+<p align="center"><small><small>All users of FreeBSD 5-CURRENT should subscribe to the
-href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</small></p>
+&#60;<a href="mailto:current@FreeBSD.org">current@FreeBSD.org</a>&#62; mailing
 list.</small></small></p>
 <p align="center">For questions about this documentation, e-mail &#60;<a
 href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</p>
 <br />
 <br />
--- a/en/releases/5.2R/errata.html
+++ b/en/releases/5.2R/errata.html
@ -18,8 +18,8 @@ alink="#0000FF">
 <p class="COPYRIGHT">Copyright &copy; 2000, 2001, 2002, 2003, 2004 The FreeBSD
 Documentation Project</p>
-<p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v 1.63
+<p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v 1.64
-2004/02/08 22:16:29 bmah Exp $<br />
+2004/02/28 22:49:15 bmah Exp $<br />
 </p>
 <div class="LEGALNOTICE"><a id="TRADEMARKS" name="TRADEMARKS"></a>
@ -52,6 +52,10 @@ well as news relating to the software or documentation that could affect its ope
 usability. An up-to-date version of this document should always be consulted before
 installing this version of FreeBSD.</p>
 <p>This document also contains errata for FreeBSD 5.2.1-RELEASE, a ``point release'' made
 about one month after FreeBSD 5.2-RELEASE. Unless otherwise noted, all errata items in
 this document apply to both 5.2-RELEASE and 5.2.1-RELEASE.</p>
 <p>This errata document for FreeBSD 5.2-RELEASE will be maintained until the release of
 FreeBSD 5.3-RELEASE.</p>
 </div>
@ -87,7 +91,7 @@ target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
 <hr />
 <h2 class="SECT1"><a id="SECURITY" name="SECURITY">2 Security Advisories</a></h2>
-<p>(30 Jan 2004) A bug in <a
+<p>(30 Jan 2004, updated 28 Feb 2004) A bug in <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&amp;sektion=8&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">mksnap_ffs</span>(8)</span></a>
 causes the creation of a filesystem snapshot to reset the flags on the filesystem to
@ -104,20 +108,34 @@ href="http://www.FreeBSD.org/cgi/man.cgi?query=mksnap_ffs&amp;sektion=8&amp;manp
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">mksnap_ffs</span>(8)</span></a> is
 normally only available to the superuser and members of the <tt
 class="GROUPNAME">operator</tt> group. This bug has been fixed on the FreeBSD 5.2-CURRENT
-security fix branch. For more information, see security advisory <a
+security fix branch and in FreeBSD 5.2.1-RELEASE. For more information, see security
 advisory <a
 href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc"
 target="_top">FreeBSD-SA-04:01</a>.</p>
-<p>(8 Feb 2004) A bug with the System V Shared Memory interface (specifically the <a
+<p>(8 Feb 2004, updated 28 Feb 2004) A bug with the System V Shared Memory interface
 (specifically the <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=shmat&amp;sektion=2&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">shmat</span>(2)</span></a> system
 call) can cause a shared memory segment to reference unallocated kernel memory. In turn,
 this can permit a local attacker to gain unauthorized access to parts of kernel memory,
 possibly resulting in disclosure of sensitive information, bypass of access control
-mechanisms, or privilege escalation. More details, including bugfix and workaround
+mechanisms, or privilege escalation. This bug has been fixed on the FreeBSD 5.2-CURRENT
-information, can be found in security advisory <a
+security fix branch and in FreeBSD 5.2.1-RELEASE. More details, including bugfix and
 workaround information, can be found in security advisory <a
 href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc"
 target="_top">FreeBSD-SA-04:02</a>.</p>
 <p>(28 Feb 2004) It is possible, under some circumstances, for a processor with superuser
 privileges inside a <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&amp;sektion=8&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">jail</span>(8)</span></a>
 environment to change its root directory to a different jail, giving it read and write
 access to the files and directories within. This vulnerability has been closed on the
 FreeBSD 5.2-CURRENT security fix branch and in FreeBSD 5.2.1-RELEASE. Information on the
 bug fix can be found in security advisory <a
 href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.mail.asc"
 target="_top">FreeBSD-SA-04:03</a>.</p>
 </div>
 <div class="SECT1">
@ -149,10 +167,10 @@ href="http://www.FreeBSD.org/cgi/man.cgi?query=acpidump&amp;sektion=8&amp;manpat
 the <a href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-current"
 target="_top">FreeBSD-CURRENT mailing list</a> may help diagnose the problem.</p>
-<p>(9 Jan 2004) In some cases, ATA devices may behave erratically, particularly SATA
+<p>(9 Jan 2004, updated 28 Feb 2004) In some cases, ATA devices may behave erratically,
-devices. Reported symptoms include command timeouts or missing interrupts. These problems
+particularly SATA devices. Reported symptoms include command timeouts or missing
-appear to be timing-dependent, making them rather difficult to isolate. Workarounds
+interrupts. These problems appear to be timing-dependent, making them rather difficult to
-include:</p>
+isolate. Workarounds include:</p>
 <ul>
 <li>
@ -171,6 +189,12 @@ the <var class="VARNAME">hint.acpi.0.disabled</var> kernel environment variable.
 </li>
 </ul>
 <p>Some of these problems were addressed in FreeBSD 5.2.1-RELEASE with the import of a
 newer <a
 href="http://www.FreeBSD.org/cgi/man.cgi?query=ata&amp;sektion=4&amp;manpath=FreeBSD+5.2-current">
 <span class="CITEREFENTRY"><span class="REFENTRYTITLE">ata</span>(4)</span></a> from
 5.2-CURRENT.</p>
 <p>(9 Jan 2004) Installing over NFS when using the install floppies requires that the <tt
 class="FILENAME">nfsclient.ko</tt> module be manually loaded from the third floppy disk.
 This can be done by following the prompts when <a
@ -193,58 +217,67 @@ APIC routing, using the ``safe mode'' of the bootloader or the <var
 class="VARNAME">hint.apic.0.disabled</var> loader tunable. Note that disabling APIC is
 not compatible with SMP systems.</p>
-<p>(10 Jan 2004) The NFSv4 client may panic when attempting an NFSv4 operation against an
+<p>(10 Jan 2004, updated 28 Feb 2004) The NFSv4 client may panic when attempting an NFSv4
-NFSv3/NFSv2-only server. This problem has been fixed with revision 1.4 of <tt
+operation against an NFSv3/NFSv2-only server. This problem has been fixed with revision
-class="FILENAME">src/sys/rpc/rpcclnt.c</tt> in FreeBSD 5.2-CURRENT.</p>
+1.4 of <tt class="FILENAME">src/sys/rpc/rpcclnt.c</tt> in FreeBSD 5.2-CURRENT. It was
 also fixed in FreeBSD 5.2.1-RELEASE.</p>
-<p>(11 Jan 2004) Some problems have been encountered when using third-party NSS modules,
+<p>(11 Jan 2004, updated 28 Feb 2004) Some problems have been encountered when using
-such as <tt class="FILENAME">nss_ldap</tt>, and groups with large membership lists. These
+third-party NSS modules, such as <tt class="FILENAME">nss_ldap</tt>, and groups with
-have been fixed with revision 1.2 of <tt class="FILENAME">src/include/nss.h</tt> and
+large membership lists. These have been fixed with revision 1.2 of <tt
-revision 1.2 of <tt class="FILENAME">src/lib/libc/net/nss_compat.c</tt> in FreeBSD
+class="FILENAME">src/include/nss.h</tt> and revision 1.2 of <tt
-5.2-CURRENT.</p>
+class="FILENAME">src/lib/libc/net/nss_compat.c</tt> in FreeBSD 5.2-CURRENT; this fix was
 backported to FreeBSD 5.2.1-RELEASE.</p>
 <p>(13 Jan 2004) The FreeBSD 5.2-CURRENT release notes incorrectly stated that <b
 class="APPLICATION">GCC</b> was a post-release GCC 3.3.3 snapshot. They should have
 stated that GCC was a <span class="emphasis"><i class="EMPHASIS">pre-release</i></span>
 GCC 3.3.3 snapshot.</p>
-<p>(13 Jan 2004) The <a
+<p>(13 Jan 2004, updated 28 Feb 2004) The <a
 href="http://www.FreeBSD.org/cgi/url.cgi?ports/sysutils/kdeadmin3/pkg-descr"><tt
 class="FILENAME">sysutils/kdeadmin3</tt></a> port/package has a bug in the <b
 class="APPLICATION">KUser</b> component that can cause deletion of the <tt
 class="USERNAME">root</tt> user from the system password file. Users are strongly urged
-to upgrade to version 3.1.4_1 of this port/package.</p>
+to upgrade to version 3.1.4_1 of this port/package. The package set included with FreeBSD
 5.2.1-RELEASE contains the fixed version of this package.</p>
-<p>(21 Jan 2004) Some bugs in the IPsec implementation imported from the KAME Project can
+<p>(21 Jan 2004, updated 28 Feb 2004) Some bugs in the IPsec implementation imported from
-result in memory objects being freed before all references to them were removed. Reported
+the KAME Project can result in memory objects being freed before all references to them
-symptoms include erratic behavior or kernel panics after flushing the Security Policy
+were removed. Reported symptoms include erratic behavior or kernel panics after flushing
-Database (SPD). Some of these problems have been fixed in FreeBSD 5.2-CURRENT in rev.
+the Security Policy Database (SPD). Some of these problems have been fixed in FreeBSD
-1.31 of <tt class="FILENAME">src/sys/netinet6/ipsec.c</tt>, rev. 1.136 of <tt
+5.2-CURRENT in rev. 1.31 of <tt class="FILENAME">src/sys/netinet6/ipsec.c</tt>, rev.
-class="FILENAME">src/sys/netinet/in_pcb.c</tt>, and revs. 1.63 and 1.64 of <tt
+1.136 of <tt class="FILENAME">src/sys/netinet/in_pcb.c</tt>, and revs. 1.63 and 1.64 of
-class="FILENAME">src/sys/netkey/key.c</tt>. More information about these problems has
+<tt class="FILENAME">src/sys/netkey/key.c</tt>. These bugfixes were backported to FreeBSD
-been posted to the <a href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-current"
+5.2.1-RELEASE. More information about these problems has been posted to the <a
 href="http://lists.FreeBSD.org/mailman/listinfo/freebsd-current"
 target="_top">FreeBSD-CURRENT mailing list</a>, in particular the thread entitled <a
 href="http://lists.FreeBSD.org/pipermail/freebsd-current/2004-January/thread.html#18084"
 target="_top">``[PATCH] IPSec fixes''</a>.</p>
 <p>(28 Feb 2004) The edition of the Porters Handbook included with FreeBSD 5.2.1-RELEASE
 contained an incorrect value for 5.2.1-RELEASE's <var
 class="VARNAME">__FreeBSD_version</var>. The correct value is <var
 class="LITERAL">502010</var>.</p>
 </div>
 <div class="SECT1">
 <hr />
 <h2 class="SECT1"><a id="LATE-NEWS" name="LATE-NEWS">4 Late-Breaking News</a></h2>
-<p>(10 Jan 2004) The TCP implementation in FreeBSD now includes protection against a
+<p>(10 Jan 2004, updated 28 Feb 2004) The TCP implementation in FreeBSD now includes
-certain class of TCP MSS resource exhaustion attacks, in the form of limits on the size
+protection against a certain class of TCP MSS resource exhaustion attacks, in the form of
-and rate of TCP segments. The first limit sets the minimum allowed maximum TCP segment
+limits on the size and rate of TCP segments. The first limit sets the minimum allowed
-size, and is controlled by the <var class="VARNAME">net.inet.tcp.minmss</var> sysctl
+maximum TCP segment size, and is controlled by the <var
-variable (the default value is <var class="LITERAL">216</var> bytes). The second limit is
+class="VARNAME">net.inet.tcp.minmss</var> sysctl variable (the default value is <var
-set by the <var class="VARNAME">net.inet.tcp.minmssoverload</var> variable, and controls
+class="LITERAL">216</var> bytes). The second limit is set by the <var
-the maximum rate of connections whose average segment size is less than <var
+class="VARNAME">net.inet.tcp.minmssoverload</var> variable, and controls the maximum rate
 of connections whose average segment size is less than <var
 class="VARNAME">net.inet.tcp.minmss</var>. Connections exceeding this packet rate are
 reset and dropped. Because this feature was added late in the 5.2-RELEASE release cycle,
 connection rate limiting is disabled by default, but can be enabled manually by assigning
-a non-zero value to <var class="VARNAME">net.inet.tcp.minmssoverload</var> (the default
+a non-zero value to <var class="VARNAME">net.inet.tcp.minmssoverload</var>. This feature
-value in 5.2-CURRENT at the time of this writing is <var class="LITERAL">1000</var>
+was added to FreeBSD 5.2-RELEASE too late for inclusion in its release notes.</p>
 packets per second).</p>
 </div>
 </div>