doc/en_US.ISO8859-1/htdocs/releases/9.0R/errata.html

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>FreeBSD 9.0-RELEASE Errata</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<script type="text/javascript" src="http://www.FreeBSD.org/layout/js/google.js">
</script>
</head>
<body class="ARTICLE" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="ARTICLE">
<div class="TITLEPAGE">
<h1 class="TITLE"><a id="AEN2" name="AEN2">FreeBSD 9.0-RELEASE Errata</a></h1>

<h3 class="CORPAUTHOR">The FreeBSD Project</h3>

<p class="COPYRIGHT">Copyright &copy; 2012 The FreeBSD Documentation Project</p>

<p class="PUBDATE">$FreeBSD: stable/9/release/doc/en_US.ISO8859-1/errata/article.sgml
230254 2012-01-17 02:49:23Z hrs $<br />
</p>

<div class="LEGALNOTICE"><a id="TRADEMARKS" name="TRADEMARKS"></a>
<p>FreeBSD is a registered trademark of the FreeBSD Foundation.</p>

<p>Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or
registered trademarks of Intel Corporation or its subsidiaries in the United States and
other countries.</p>

<p>SPARC, SPARC64, SPARCengine, and UltraSPARC are trademarks of SPARC International, Inc
in the United States and other countries. SPARC International, Inc owns all of the SPARC
trademarks and under licensing agreements allows the proper use of these trademarks by
its members.</p>

<p>Many of the designations used by manufacturers and sellers to distinguish their
products are claimed as trademarks. Where those designations appear in this document, and
the FreeBSD Project was aware of the trademark claim, the designations have been followed
by the &#8220;&trade;&#8221; or the &#8220;&reg;&#8221; symbol.</p>
</div>

<hr />
</div>

<blockquote class="ABSTRACT">
<div class="ABSTRACT"><a id="AEN16" name="AEN16"></a>
<p>This document lists errata items for FreeBSD 9.0-RELEASE, containing significant
information discovered after the release or too late in the release cycle to be otherwise
included in the release documentation. This information includes security advisories, as
well as news relating to the software or documentation that could affect its operation or
usability. An up-to-date version of this document should always be consulted before
installing this version of FreeBSD.</p>

<p>This errata document for FreeBSD 9.0-RELEASE will be maintained until the release of
FreeBSD 9.1-RELEASE.</p>
</div>
</blockquote>

<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="INTRO" name="INTRO">1 Introduction</a></h2>

<p>This errata document contains &#8220;late-breaking news&#8221; about FreeBSD
9.0-RELEASE. Before installing this version, it is important to consult this document to
learn about any post-release discoveries or problems that may already have been found and
fixed.</p>

<p>Any version of this errata document actually distributed with the release (for
example, on a CDROM distribution) will be out of date by definition, but other copies are
kept updated on the Internet and should be consulted as the &#8220;current errata&#8221;
for this release. These other copies of the errata are located at <a
href="http://www.FreeBSD.org/releases/"
target="_top">http://www.FreeBSD.org/releases/</a>, plus any sites which keep up-to-date
mirrors of this location.</p>

<p>Source and binary snapshots of FreeBSD 9.0-STABLE also contain up-to-date copies of
this document (as of the time of the snapshot).</p>

<p>For a list of all FreeBSD CERT security advisories, see <a
href="http://www.FreeBSD.org/security/"
target="_top">http://www.FreeBSD.org/security/</a> or <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"
target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
</div>

<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="SECURITY" name="SECURITY">2 Security Advisories</a></h2>

<p>Problems described in the following security advisories have been fixed in
9.0-RELEASE. For more information, consult the individual advisories available from <a
href="http://security.FreeBSD.org/" target="_top">http://security.FreeBSD.org/</a>.</p>

<div class="INFORMALTABLE"><a id="AEN34" name="AEN34"></a>
<table border="0" frame="void" width="100%" class="CALSTABLE">
<col width="20%" />
<col width="20%" />
<col width="60%" />
<thead>
<tr>
<th>Advisory</th>
<th>Date</th>
<th>Topic</th>
</tr>
</thead>

<tbody>
<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:01.mountd.asc"
target="_top">SA-11:01.mountd</a></td>
<td>20&nbsp;April&nbsp;2011</td>
<td>
<p>Network ACL mishandling in <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=mountd&sektion=8&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">mountd</span>(8)</span></a></p>
</td>
</tr>

<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc"
target="_top">SA-11:02.bind</a></td>
<td>28&nbsp;May&nbsp;2011</td>
<td>
<p>BIND remote DoS with large RRSIG RRsets and negative caching</p>
</td>
</tr>

<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc"
target="_top">SA-11:04.compress</a></td>
<td>28&nbsp;September&nbsp;2011</td>
<td>
<p>Errors handling corrupt compress file in <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=compress&sektion=1&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">compress</span>(1)</span></a> and
<a
href="http://www.FreeBSD.org/cgi/man.cgi?query=gzip&sektion=1&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">gzip</span>(1)</span></a></p>
</td>
</tr>

<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc"
target="_top">SA-11:05.unix</a></td>
<td>28&nbsp;September&nbsp;2011</td>
<td>
<p>Buffer overflow in handling of UNIX socket addresses</p>
</td>
</tr>

<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:06.bind.asc"
target="_top">SA-11:06.bind</a></td>
<td>23&nbsp;December&nbsp;2011</td>
<td>
<p>Remote packet Denial of Service against <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=named&sektion=8&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">named</span>(8)</span></a>
servers</p>
</td>
</tr>

<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:07.chroot.asc"
target="_top">SA-11:07.chroot</a></td>
<td>23&nbsp;December&nbsp;2011</td>
<td>
<p>Code execution via chrooted ftpd</p>
</td>
</tr>

<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
target="_top">SA-11:08.telnetd</a></td>
<td>23&nbsp;December&nbsp;2011</td>
<td>
<p>telnetd code execution vulnerability</p>
</td>
</tr>

<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:09.pam_ssh.asc"
target="_top">SA-11:09.pam_ssh</a></td>
<td>23&nbsp;December&nbsp;2011</td>
<td>
<p>pam_ssh improperly grants access when user account has unencrypted SSH private
keys</p>
</td>
</tr>

<tr>
<td><a href="http://security.freebsd.org/advisories/FreeBSD-SA-11:10.pam.asc"
target="_top">SA-11:10.pam</a></td>
<td>23&nbsp;December&nbsp;2011</td>
<td>
<p><code class="FUNCTION">pam_start()</code> does not validate service names</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>

<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="OPEN-ISSUES" name="OPEN-ISSUES">3 Open Issues</a></h2>

<ul>
<li>
<p>In some releases prior to 9.0-RELEASE, upgrading by using <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=freebsd-update&sektion=8&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span
class="REFENTRYTITLE">freebsd-update</span>(8)</span></a> can fail. This issue has been
fixed by a change in Errata Notice EN-12:01. For more information, see <a
href="http://security.freebsd.org/advisories/FreeBSD-EN-12:01.freebsd-update.asc"
target="_top">http://security.freebsd.org/advisories/FreeBSD-EN-12:01.freebsd-update.asc</a></p>
</li>

<li>
<p>[amd64, i386] FreeBSD 9.0-RELEASE includes several changes to improve resource
management of PCI devices. Some x86 machines may not boot or may have devices that no
longer attach when using ACPI as a result of these changes. This can be worked around by
setting a <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=loader&sektion=8&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">loader</span>(8)</span></a>
tunable <code class="VARNAME">debug.acpi.disabled</code> to <tt
class="LITERAL">hostres</tt>. To do this, enter the following lines at the loader
prompt:</p>

<pre class="SCREEN">
set debug.acpi.disabled="hostres"
boot
</pre>

<p>Or, put the following line into <tt class="FILENAME">/boot/loader.conf</tt>:</p>

<pre class="PROGRAMLISTING">
debug.acpi.disabled="hostres"
</pre>
</li>

<li>
<p>A <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=devctl&sektion=4&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">devctl</span>(4)</span></a> event
upon arrival of a <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ugen&sektion=4&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ugen</span>(4)</span></a> device
has been changed. The event now includes <tt class="LITERAL">ugen</tt> and <tt
class="LITERAL">cdev</tt> variables instead of <tt class="LITERAL">device-name</tt>. This
change can prevent the following <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=devd&sektion=8&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">devd</span>(8)</span></a> rule
which worked in a previous releases from working:</p>

<pre class="PROGRAMLISTING">
attach 0 {
    match "device-name" "ugen[0-9]+.[0-9]+";
    action "/path/to/script /dev/$device-name";
}
</pre>

<p>This should be updated to the following:</p>

<pre class="PROGRAMLISTING">
attach 0 {
    match "subsystem" "DEVICE";
    match "type" "ATTACH";
    match "cdev" "ugen[0-9]+.[0-9]+";
    action "/path/to/script /dev/$cdev";
}
</pre>
</li>

<li>
<p>The FreeBSD 9.0-RELEASE Release Notes should have mentioned that SSM (Source-Specific
Multicast) MLDv2 now uses <tt class="LITERAL">ALLOW_NEW_SOURCES</tt> and <tt
class="LITERAL">BLOCK_OLD_SOURCES</tt> record types to signal a join or a leave by
default. This conforms RFC 4604, &#8220;Using Internet Group Management Protocol Version
3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for
Source-Specific Multicast&#8221;. A new <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=sysctl&sektion=8&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">sysctl</span>(8)</span></a>
variable <code class="VARNAME">net.inet6.mld.use_allow</code> which controls the behavior
has been added. The default value is <tt class="LITERAL">1</tt> (use <tt
class="LITERAL">ALLOW_NEW_SOURCES</tt> and <tt
class="LITERAL">BLOCK_OLD_SOURCES</tt>).</p>
</li>

<li>
<p>9.0-RELEASE fails to configure an interface specified in the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=rc.conf&sektion=5&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">rc.conf</span>(5)</span></a>
variable <code class="VARNAME">ipv6_prefix_<tt class="REPLACEABLE"><i>IF</i></tt></code>
when the interface does not have a corresponding <code class="VARNAME">ifconfig_<tt
class="REPLACEABLE"><i>IF</i></tt>_ipv6</code> variable. This problem will be fixed in
the future releases. To work around this problem on 9.0-RELEASE, add an <code
class="VARNAME">ifconfig_<tt class="REPLACEABLE"><i>IF</i></tt>_ipv6</code> line for each
interface specified in <code class="VARNAME">ipv6_prefix_<tt
class="REPLACEABLE"><i>IF</i></tt></code> as the following:</p>

<pre class="PROGRAMLISTING">
ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
ifconfig_em0_ipv6="inet6 auto_linklocal"
</pre>
</li>

<li>
<p>In 9.0-RELEASE the FreeBSD USB subsystem supports USB 3.0 by the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=xhci&sektion=4&manpath=FreeBSD+9.0-RELEASE">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">xhci</span>(4)</span></a> driver.
However, a bug that could prevent it from working with a USB 3.0 hub has been found and
fixed after the release date. This means 9.0-RELEASE and prior do not work with a USB 3.0
hub. This problem has been fixed in HEAD and will be merged into the 9-STABLE branch.</p>
</li>
</ul>
</div>

<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="LATE-NEWS" name="LATE-NEWS">4 Late-Breaking News</a></h2>

<p>No news.</p>
</div>
</div>

<hr />
<p align="center"><small>This file, and other release-related documents, can be
downloaded from <a
href="http://www.FreeBSD.org/releases/">http://www.FreeBSD.org/releases/</a>.</small></p>

<p align="center"><small>For questions about FreeBSD, read the <a
href="http://www.FreeBSD.org/docs.html">documentation</a> before contacting &#60;<a
href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.</small></p>

<p align="center"><small>All users of FreeBSD 9.0-STABLE should subscribe to the &#60;<a
href="mailto:stable@FreeBSD.org">stable@FreeBSD.org</a>&#62; mailing list.</small></p>

<p align="center"><small>For questions about this documentation, e-mail &#60;<a
href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</small></p>
</body>
</html>