Regen from errata/article.sgml 1.73.2.13.
This commit is contained in:
parent
d24593e5db
commit
9623f7ab1b
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/www/; revision=27043
1 changed files with 43 additions and 43 deletions
|
@ -20,7 +20,7 @@ alink="#0000FF">
|
|||
FreeBSD Documentation Project</p>
|
||||
|
||||
<p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v
|
||||
1.73.2.12 2006/01/25 10:35:54 simon Exp $<br />
|
||||
1.73.2.13 2006/02/05 20:41:34 bmah Exp $<br />
|
||||
</p>
|
||||
|
||||
<div class="LEGALNOTICE"><a id="TRADEMARKS" name="TRADEMARKS"></a>
|
||||
|
@ -117,18 +117,18 @@ target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/</a>.</p>
|
|||
<tr>
|
||||
<td><a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc"
|
||||
target="_top">06:07.pf</a></td>
|
||||
<td>25 Janurary 2006</td>
|
||||
<td>25 January 2006</td>
|
||||
<td>
|
||||
<p>IP fragment handling panic in <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=pf&sektion=4&manpath=FreeBSD+6.0-stable"><span
|
||||
class="CITEREFENTRY"><span class="REFENTRYTITLE">pf</span>(4)</span></a></p>
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=pf&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">pf</span>(4)</span></a></p>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td><a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc"
|
||||
target="_top">06:06.kmem</a></td>
|
||||
<td>25 Janurary 2006</td>
|
||||
<td>25 January 2006</td>
|
||||
<td>
|
||||
<p>Local kernel memory disclosure</p>
|
||||
</td>
|
||||
|
@ -138,7 +138,7 @@ target="_top">06:06.kmem</a></td>
|
|||
<td><a
|
||||
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc"
|
||||
target="_top">06:05.80211</a></td>
|
||||
<td>18 Janurary 2006</td>
|
||||
<td>18 January 2006</td>
|
||||
<td>
|
||||
<p>IEEE 802.11 buffer overflow</p>
|
||||
</td>
|
||||
|
@ -147,10 +147,10 @@ target="_top">06:05.80211</a></td>
|
|||
<tr>
|
||||
<td><a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc"
|
||||
target="_top">06:04.ipfw</a></td>
|
||||
<td>11 Janurary 2006</td>
|
||||
<td>11 January 2006</td>
|
||||
<td>
|
||||
<p><a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> IP
|
||||
fragment denial of service</p>
|
||||
</td>
|
||||
|
@ -159,10 +159,10 @@ fragment denial of service</p>
|
|||
<tr>
|
||||
<td><a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc"
|
||||
target="_top">06:03.cpio</a></td>
|
||||
<td>11 Janurary 2006</td>
|
||||
<td>11 January 2006</td>
|
||||
<td>
|
||||
<p>Multiple vulnerabilities in <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=cpio&sektion=1&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=cpio&sektion=1&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">cpio</span>(1)</span></a></p>
|
||||
</td>
|
||||
</tr>
|
||||
|
@ -170,12 +170,12 @@ href="http://www.FreeBSD.org/cgi/man.cgi?query=cpio&sektion=1&manpath=FreeBSD+6.
|
|||
<tr>
|
||||
<td><a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc"
|
||||
target="_top">06:02.eex</a></td>
|
||||
<td>11 Janurary 2006</td>
|
||||
<td>11 January 2006</td>
|
||||
<td>
|
||||
<p><a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ee&sektion=1&manpath=FreeBSD+6.0-stable"><span
|
||||
class="CITEREFENTRY"><span class="REFENTRYTITLE">ee</span>(1)</span></a> temporary file
|
||||
privilege escalation</p>
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ee&sektion=1&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ee</span>(1)</span></a> temporary
|
||||
file privilege escalation</p>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
|
@ -183,7 +183,7 @@ privilege escalation</p>
|
|||
<td><a
|
||||
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc"
|
||||
target="_top">06:01.texindex</a></td>
|
||||
<td>11 Janurary 2006</td>
|
||||
<td>11 January 2006</td>
|
||||
<td>
|
||||
<p>Texindex temporary file privilege escalation</p>
|
||||
</td>
|
||||
|
@ -199,7 +199,7 @@ target="_top">06:01.texindex</a></td>
|
|||
Solutions</a></h2>
|
||||
|
||||
<p>(2005/11/26) On 6.0-RELEASE, the following <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> rule is
|
||||
interpreted in a different way from the previous releases:</p>
|
||||
|
||||
|
@ -208,41 +208,41 @@ allow ipv6 from 192.168.0.2 to me
|
|||
</pre>
|
||||
|
||||
<p>When <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> does not
|
||||
support IPv6 (see the next entry for the details), <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(8)</span></a> accepts
|
||||
this rule and this blocks an IPv6 packet encapsulated in an IPv4 packet (IPv6-over-IPv4
|
||||
tunneling, protocol number 41) whose source address is <tt
|
||||
class="LITERAL">192.168.0.2</tt>. When it supports IPv6, on the other hand, this means a
|
||||
rule to allow an IPv6 packet from <tt class="LITERAL">192.168.0.2</tt>, and actually <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(8)</span></a> rejects
|
||||
this rule because the syntax is incorrect (“an IPv6 packet from an IPv4
|
||||
address” never happens). Unfortunately there is no simple workaround for this
|
||||
problem.</p>
|
||||
|
||||
<p>The <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> IPv6
|
||||
support still has rough edges and there are other problems due to incompatibility between
|
||||
the two. As a workaround for them, you can use a combination of IPv4-only <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> and <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ip6fw&sektion=8&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ip6fw&sektion=8&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ip6fw</span>(8)</span></a>, which
|
||||
is almost compatible with the prior releases, instead of <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> with
|
||||
IPv6 support. To disable IPv6 support of <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a>, use the
|
||||
<tt class="FILENAME">ipfw.ko</tt> kernel module and do not use the kernel option <tt
|
||||
class="LITERAL">IPFIREWALL</tt>.</p>
|
||||
|
||||
<p>(2005/11/19) Although the FreeBSD 6.0-RELEASE Release Notes states that <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a>
|
||||
subsystem now supports IPv6, the combination of the <tt class="FILENAME">GENERIC</tt>
|
||||
kernel and a kernel module <tt class="FILENAME">ipfw.ko</tt> does not support the <tt
|
||||
|
@ -250,39 +250,39 @@ class="LITERAL">ip6</tt> protocol keyword for packet filtering rule. This is bec
|
|||
kernel option <tt class="LITERAL">INET6</tt> in the kernel configuration file is not
|
||||
recognized when the <tt class="FILENAME">ipfw.ko</tt> is built. To enable IPv6 support of
|
||||
<a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a>, rebuild
|
||||
the kernel with kernel options <tt class="LITERAL">INET6</tt> and <tt
|
||||
class="LITERAL">IPFIREWALL</tt> instead of using the <tt class="FILENAME">ipfw.ko</tt>
|
||||
module.</p>
|
||||
|
||||
<p>(2005/11/16) Using <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=if_bridge&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=if_bridge&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">if_bridge</span>(4)</span></a> in
|
||||
combination with a packet filter such as <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> and <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=pf&sektion=4&manpath=FreeBSD+6.0-stable"><span
|
||||
class="CITEREFENTRY"><span class="REFENTRYTITLE">pf</span>(4)</span></a> can prevent the
|
||||
network stack from working and/or lead to a system panic after a certain period of time.
|
||||
This is because it allocates <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=mbuf&sektion=9&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=pf&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">pf</span>(4)</span></a> can
|
||||
prevent the network stack from working and/or lead to a system panic after a certain
|
||||
period of time. This is because it allocates <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=mbuf&sektion=9&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">mbuf</span>(9)</span></a> buffers
|
||||
for network packets and never releases a part of them, so eventually all of the buffer
|
||||
memory will be exhausted. This problem has been fixed in the HEAD and the RELENG_6 branch
|
||||
after 10:17:15 2005/11/16 UTC.</p>
|
||||
|
||||
<p>(2005/11/16, updated on 2005/11/19) When an <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> <tt
|
||||
class="LITERAL">divert</tt> rule is specified with the protocol keyword <tt
|
||||
class="LITERAL">ip</tt> or <tt class="LITERAL">all</tt>, IPv6 packets are silently
|
||||
discarded at that rule since the <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=divert&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=divert&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">divert</span>(4)</span></a> socket
|
||||
does not support IPv6. This can be a problem especially for an IPv4 and IPv6 dual-stack
|
||||
host with <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=natd&sektion=8&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=natd&sektion=8&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">natd</span>(8)</span></a> enabled.
|
||||
<span class="bold"><b class="EMPHASIS">Note that the kernel module <tt
|
||||
class="FILENAME">ipfw.ko</tt> does not have this problem because it does not support
|
||||
|
@ -292,7 +292,7 @@ all</tt>.</p>
|
|||
|
||||
<p>(2005/11/6) The FreeBSD 6.0-RELEASE Release Notes wrongly states a kernel option
|
||||
related to <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(8)</span></a> as <tt
|
||||
class="LITERAL">IPFIRWALL_FORWARD</tt>. The correct option keyword is <tt
|
||||
class="LITERAL">IPFIREWALL_FORWARD</tt>.</p>
|
||||
|
@ -309,13 +309,13 @@ wrong, they can be safely ignored because a checksum for the checksum file never
|
|||
corresponds to one in the file. This problem will be fixed in the next releases.</p>
|
||||
|
||||
<p>(2005/11/5, FreeBSD/amd64 specific) The <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=pmcstat&sektion=8&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=pmcstat&sektion=8&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">pmcstat</span>(8)</span></a>
|
||||
utility cannot yet handle 32-bit executables when converting <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=hwpmc&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=hwpmc&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">hwpmc</span>(4)</span></a> log
|
||||
files to <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=gprof&sektion=1&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=gprof&sektion=1&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">gprof</span>(1)</span></a>
|
||||
format.</p>
|
||||
|
||||
|
@ -335,7 +335,7 @@ KDB: enter panic
|
|||
<p>(2005/11/5) Changes of on-disk format of <tt
|
||||
class="FILENAME">/usr/share/locale/*/LC_*</tt> files in 6.0-RELEASE prevent third-party
|
||||
software which uses <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=setlocale&sektion=3&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=setlocale&sektion=3&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">setlocale</span>(3)</span></a> for
|
||||
its localization from working after a 5.x system upgraded. The software includes ones
|
||||
installed into the 5.x system by using FreeBSD Ports Collection and so on. To solve this
|
||||
|
@ -364,7 +364,7 @@ Aug 26 19:31:27 hostname getty[429]: open /dev/ttyv1: No such file or directory
|
|||
</pre>
|
||||
|
||||
<p>This is because the machine with no supported graphics hardware does not recognize <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=syscons&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=syscons&sektion=4&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">syscons</span>(4)</span></a> and
|
||||
<tt class="FILENAME">/dev/ttyv*</tt> device nodes are not created. This is not a harmful
|
||||
error and can be suppressed by disabling <tt class="FILENAME">/dev/ttyv*</tt> entries in
|
||||
|
@ -375,7 +375,7 @@ than 4GB memory. There is no workaround for this issue except for compiling the
|
|||
statically into your custom kernel in advance.</p>
|
||||
|
||||
<p>(2005/10/3) The <a
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=kgdb&sektion=1&manpath=FreeBSD+6.0-stable">
|
||||
href="http://www.FreeBSD.org/cgi/man.cgi?query=kgdb&sektion=1&manpath=FreeBSD+6.0-stable">
|
||||
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">kgdb</span>(1)</span></a> utility
|
||||
does not work properly on FreeBSD/sparc64 for debugging panics which include traps. As a
|
||||
workaround you can use <tt class="FILENAME">devel/gdb53</tt>.</p>
|
||||
|
|
Loading…
Reference in a new issue