Copyright © 2013 The FreeBSD Documentation Project
Copyright 2013 The FreeBSD Documentation Project
FreeBSD is a registered trademark of + the FreeBSD Foundation.
Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United - States and other countries.
SPARC, SPARC64, SPARCengine, and + States and other countries.
SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use @@ -13,37 +13,38 @@ manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the - designations have been followed by the “™” or the - “®” symbol.
Table of Contents
Abstract
This document lists errata items for FreeBSD 8.4-RELEASE, - containing significant information discovered after the release - or too late in the release cycle to be otherwise included in the - release documentation. - This information includes security advisories, as well as news - relating to the software or documentation that could affect its - operation or usability. An up-to-date version of this document - should always be consulted before installing this version of - FreeBSD.
This errata document for FreeBSD 8.4-RELEASE - will be maintained until the release of FreeBSD 8.5-RELEASE.
This document lists errata items for FreeBSD 8.4-RELEASE, + containing significant information discovered after the release + or too late in the release cycle to be otherwise included in the + release documentation. + This information includes security advisories, as well as news + relating to the software or documentation that could affect its + operation or usability. An up-to-date version of this document + should always be consulted before installing this version of + FreeBSD.
This errata document for FreeBSD 8.4-RELEASE + will be maintained until the FreeBSD 8.4-RELEASE end of life.
This errata document contains “late-breaking news” about FreeBSD 8.4-RELEASE Before installing this version, it is important to consult this document to learn about any post-release discoveries or problems that may already have been found and fixed.
Any version of this errata document actually distributed
with the release (for example, on a CDROM distribution) will be
out of date by definition, but other copies are kept updated on
- the Internet and should be consulted as the “current
- errata” for this release. These other copies of the
- errata are located at http://www.FreeBSD.org/releases/, plus any sites
+ the Internet and should be consulted as the “current
+ errata” for this release. These other copies of the
+ errata are located at http://www.FreeBSD.org/releases/, plus any sites
which keep up-to-date mirrors of this location.
Source and binary snapshots of FreeBSD 8.4-STABLE also contain up-to-date copies of this document (as of the time of - the snapshot).
For a list of all FreeBSD CERT security advisories, see http://www.FreeBSD.org/security/ or ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/.
The following security advisories pertain to FreeBSD 8.4-RELEASE. - For more information, consult the individual advisories available from - http://security.FreeBSD.org/.
| Advisory | Date | Topic |
|---|---|---|
| SA-12:01.openssl | 03 May 2012 | OpenSSL multiple vulnerabilities |
| SA-12:02.crypt | 30 May 2012 | Incorrect crypt() hashing |
| SA-12:03.bind | 12 June 2012 | Incorrect handling of zero-length RDATA fields in named(8) |
| SA-12:04.sysret | 12 June 2012 | Privilege escalation when returning from kernel |
| SA-12:05.bind | 06 August 2012 | named(8) DNSSEC validation Denial of Service |
| SA-12:06.bind | 22 November 2012 | Multiple Denial of Service vulnerabilities with named(8) |
| SA-12:07.hostapd | 22 November 2012 | Insufficient message length validation for EAP-TLS messages |
| SA-12:08.linux | 22 November 2012 | Linux compatibility layer input validation error |
| SA-13:02.libc | 19 February 2013 | glob(3) related resource exhaustion |
| SA-13:03.openssl | 02 April 2013 | OpenSSL multiple vulnerabilities |
| SA-13:04.bind | 02 April 2013 | BIND remote denial of service |
| SA-13:05.nfsserver | 29 April 2013 | Insufficient input validation in the NFS server |
[20130613] The vtnet(4) network interface driver + the snapshot).
For a list of all FreeBSD CERT security advisories, see http://www.FreeBSD.org/security/ or ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/.
Problems described in the following security advisories have
+ been fixed in 8.4-RELEASE. For more information, consult
+ the individual advisories available from
+ http://security.FreeBSD.org/.
| Advisory | Date | Topic |
|---|---|---|
| SA-12:01.openssl | 03May2012 | OpenSSL multiple vulnerabilities |
| SA-12:02.crypt | 30May2012 | Incorrect |
| SA-12:03.bind | 12June2012 | Incorrect handling of zero-length RDATA fields in named(8) |
| SA-12:04.sysret | 12June2012 | Privilege escalation when returning from kernel |
| SA-12:05.bind | 6August2012 | named(8) DNSSEC validation Denial of Service |
| SA-12:06.bind | 22November2012 | Multiple Denial of Service vulnerabilities with named(8) |
| SA-12:07.hostapd | 22November2012 | Insufficient message length validation for EAP-TLS messages |
| SA-12:08.linux | 22November2012 | Linux compatibility layer input validation error |
| SA-13:02.libc | 19February2013 | glob(3) related resource exhaustion |
| SA-13:03.openssl | 02April2013 | OpenSSL multiple vulnerabilities |
| SA-13:04.bind | 02April2013 | BIND remote denial of service |
| SA-13:05.nfsserver | 29April2013 | Insufficient input validation in the NFS server |
[20130613] The vtnet(4) network interface driver displays the following message upon configuration when using QEMU 1.4.1 and later:
vtnet0: error setting host MAC filter table
This message is harmless when the interface has only one MAC - address. The patch for this issue is filed to a PR kern/178955.
[20130609] There is incompatibility in jail(8) - configuration because the jail(8) utility and + address. The patch for this issue is filed to a PR kern/178955.
[20130609] There is incompatibility in jail(8)
+ configuration because the jail(8) utility and
rc.d/jail script has been changed. More
- specifically, the following sysctl(8) variables cannot be
+ specifically, the following sysctl(8) variables cannot be
used to set the default parameters for jails:
security.jail.mount_zfs_allowed security.jail.mount_procfs_allowed security.jail.mount_nullfs_allowed @@ -53,16 +54,16 @@ security.jail.chflags_allowed security.jail.allow_raw_sockets security.jail.sysvipc_allowed security.jail.socket_unixiproute_only -security.jail.set_hostname_allowed
These could be set by manually using sysctl(8) utility, - the sysctl.conf(5) file, or for some of them the following - variables in rc.conf(5):
jail_set_hostname_allow="yes" +security.jail.set_hostname_allowed
These could be set by manually using sysctl(8) utility, + the sysctl.conf(5) file, or for some of them the following + variables in rc.conf(5):
jail_set_hostname_allow="yes" jail_socket_unixiproute_only="yes" jail_sysvipc_allow="yes"
These parameters must now be specified in
jail_parameters (or
jail_
- for per-jail configuration) in rc.conf(5). For
+ for per-jail configuration) in rc.conf(5). For
example:jailname_parameters
jail_parameters="allow.sysvipc allow.raw_sockets"
The valid keywords are the following. For more detail, see - jail(8) manual page.
allow.set_hostname + jail(8) manual page.allow.set_hostname allow.sysvipc allow.raw_sockets allow.chflags @@ -84,26 +85,26 @@ allow.socket_af[20130608] FreeBSD 8.4-RELEASE no longer supports FreeBS
RELENG_8_4_0_RELEASEcorresponds tosvn://svn.FreeBSD.org/base/release/8.4.0. Please note that FreeBSD source tree for 8.4-RELEASE and its security - branch cannot be updated by using official CVSup servers.[20130607] (removed about a bge(4) network interface - driver issue because it was incorrect)
[20130606] The fxp(4) network interface driver may not - work well with the dhclient(8) utility. More specifically, + branch cannot be updated by using official CVSup servers.
[20130607] (removed about a bge(4) network interface + driver issue because it was incorrect)
[20130606] The fxp(4) network interface driver may not + work well with the dhclient(8) utility. More specifically, if the
/etc/rc.confhas the following line:ifconfig_fxp0="DHCP"to activate a DHCP client to configure the network interface, the following notification messages are displayed and - the dhclient(8) utility keeps trying to initialize the + the dhclient(8) utility keeps trying to initialize the network interface forever.
kernel: fxp0: link state changed to UP kernel: fxp0: link state changed to DOWNA patch to fix this issue will be released as an Errata - Notice.
[20130606] As described in FreeBSD 8.4-RELEASE Release Notes, + Notice.
[20130606] As described in FreeBSD 8.4-RELEASE Release Notes,
FreeBSD ZFS subsystem has been updated to support feature flags for
ZFS pools. However, the default version number of a newly
created ZFS pool is still 28.
This is because FreeBSD 9.0 and 9.1 do not support the feature
flags. This means ZFS pools with feature flag support cannot be
used on FreeBSD 9.0 and 9.1. An 8.X system with v28 ZFS pools can
- be upgraded to 9.X with no problem. Note that zfs(8)
+ be upgraded to 9.X with no problem. Note that zfs(8)
send and receive commands
do not work between pools with different versions. Once a ZFS
pool is upgraded from v28, there is no way to upgrade the system
to FreeBSD 9.0 and 9.1. FreeBSD 9.2 and later will support ZFS pools
with feature flags.
To create a ZFS pool with feature flag support, use the
- zpool(8) create command and then the
- zpool(8) upgrade command.
create command and then the
+ zpool(8) upgrade command.