os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/en/releases/5.1R/errata.html
Bruce A. Mah 8598b8a8c9 Regen from article.sgml 1.54.
2003-12-05 00:06:11 +00:00

266 lines
14 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>FreeBSD 5.1-RELEASE Errata</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
</head>
<body class="ARTICLE" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="ARTICLE">
<div class="TITLEPAGE">
<h1 class="TITLE"><a id="AEN2" name="AEN2">FreeBSD 5.1-RELEASE Errata</a></h1>
<h3 class="CORPAUTHOR">The FreeBSD Project</h3>
<p class="COPYRIGHT">Copyright &copy; 2000, 2001, 2002, 2003 The FreeBSD Documentation
Project</p>
<p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v 1.54
2003/12/04 23:53:54 bmah Exp $<br />
</p>
<div class="LEGALNOTICE"><a id="TRADEMARKS" name="TRADEMARKS"></a>
<p>FreeBSD is a registered trademark of Wind River Systems, Inc. This is expected to
change soon.</p>
<p>Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or
registered trademarks of Intel Corporation or its subsidiaries in the United States and
other countries.</p>
<p>Sparc, Sparc64, SPARCEngine, and UltraSPARC are trademarks of SPARC International, Inc
in the United States and other countries. Products bearing SPARC trademarks are based
upon architecture developed by Sun Microsystems, Inc.</p>
<p>Many of the designations used by manufacturers and sellers to distinguish their
products are claimed as trademarks. Where those designations appear in this document, and
the FreeBSD Project was aware of the trademark claim, the designations have been followed
by the ``&trade;'' or the ``&reg;'' symbol.</p>
</div>
<hr />
</div>
<blockquote class="ABSTRACT">
<div class="ABSTRACT"><a id="AEN19" name="AEN19"></a>
<p>This document lists errata items for FreeBSD 5.1-RELEASE, containing significant
information discovered after the release or too late in the release cycle to be otherwise
included in the release documentation. This information includes security advisories, as
well as news relating to the software or documentation that could affect its operation or
usability. An up-to-date version of this document should always be consulted before
installing this version of FreeBSD.</p>
<p>This errata document for FreeBSD 5.1-RELEASE will be maintained until the release of
FreeBSD 5.2-RELEASE.</p>
</div>
</blockquote>
<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="INTRO" name="INTRO">1 Introduction</a></h2>
<p>This errata document contains ``late-breaking news'' about FreeBSD 5.1-RELEASE. Before
installing this version, it is important to consult this document to learn about any
post-release discoveries or problems that may already have been found and fixed.</p>
<p>Any version of this errata document actually distributed with the release (for
example, on a CDROM distribution) will be out of date by definition, but other copies are
kept updated on the Internet and should be consulted as the ``current errata'' for this
release. These other copies of the errata are located at <a
href="http://www.FreeBSD.org/releases/"
target="_top">http://www.FreeBSD.org/releases/</a>, plus any sites which keep up-to-date
mirrors of this location.</p>
<p>Source and binary snapshots of FreeBSD 5-CURRENT also contain up-to-date copies of
this document (as of the time of the snapshot).</p>
<p>For a list of all FreeBSD CERT security advisories, see <a
href="http://www.FreeBSD.org/security/"
target="_top">http://www.FreeBSD.org/security/</a> or <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"
target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
</div>
<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="SECURITY" name="SECURITY">2 Security Advisories</a></h2>
<p>The implementation of the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=realpath&amp;sektion=3&amp;manpath=FreeBSD+5.1-current">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">realpath</span>(3)</span></a>
function contained a single-byte buffer overflow bug. This had various impacts, depending
on the application using <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=realpath&amp;sektion=3&amp;manpath=FreeBSD+5.1-current">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">realpath</span>(3)</span></a> and
other factors. This bug was fixed on the 5-CURRENT development branch before 5.1-RELEASE;
FreeBSD 5.1-RELEASE is therefore not affected. However, this change was not noted in the
release documentation. For more information, see security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:08.realpath.asc"
target="_top">FreeBSD-SA-03:08</a>.</p>
<p>The kernel contains a bug that could allow it to attempt delivery of invalid signals,
leading to a kernel panic or, under some circumstances, unauthorized modification of
kernel memory. This bug has been fixed on the 5-CURRENT development branch and the
5.1-RELEASE security fix branch. For more information, see security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:09.signal.asc"
target="_top">FreeBSD-SA-03:09</a>.</p>
<p>A bug in the iBCS2 emulation module could result in disclosing the contents of kernel
memory. (Note that this module is not enabled in FreeBSD by default.) This bug has been
fixed on the 5-CURRENT development branch and the 5.1-RELEASE security fix branch. More
information can be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc"
target="_top">FreeBSD-SA-03:10</a>.</p>
<p><b class="APPLICATION">OpenSSH</b> contains a bug in its buffer management code that
could potentially cause it to crash. This bug has been fixed via a vendor-supplied patch
on the 5-CURRENT development branch and the 5.1-RELEASE security fix branch. For more
details, refer to security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.asc"
target="_top">FreeBSD-SA-03:12</a>.</p>
<p><b class="APPLICATION">sendmail</b> contains a remotely-exploitable buffer overflow.
This bug has been fixed via a new version import on the 5-CURRENT development branch and
via a vendor-supplied patch on the 5.1-RELEASE security fix branch. More details can be
found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:13.sendmail.asc"
target="_top">FreeBSD-SA-03:13</a>.</p>
<p>The FreeBSD ARP code contains a bug that could allow the kernel to cause resource
starvation which eventually results in a system panic. This bug has been fixed on the
5-CURRENT development branch and the 5.1-RELEASE security fix branch. More information
can be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc"
target="_top">FreeBSD-SA-03:14</a>.</p>
<p>Several bugs in the <b class="APPLICATION">OpenSSH</b> PAM authentication code could
have impacts ranging from incorrect authentication to a stack corruption. These have been
corrected via vendor-supplied patches; details can be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:15.openssh.asc"
target="_top">FreeBSD-SA-03:15</a>.</p>
<p>The implementation of the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=procfs&amp;sektion=5&amp;manpath=FreeBSD+5.1-current">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">procfs</span>(5)</span></a> and
the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=linprocfs&amp;sektion=5&amp;manpath=FreeBSD+5.1-current">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">linprocfs</span>(5)</span></a>
contain a bug that could result in disclosing the contents of kernel memory. This bug has
been fixed on the 5-CURRENT development branch and the 5.1-RELEASE security fix branch.
More information can be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:17.procfs.asc"
target="_top">FreeBSD-SA-03:17</a>.</p>
<p><b class="APPLICATION">OpenSSL</b> contains several bugs which could allow a remote
attacker to crash an <b class="APPLICATION">OpenSSL</b>-using application or to execute
arbitrary code with the privileges of the application. These bugs have been fixed via a
vendor-supplied patch on the 5-CURRENT development branch and the 5.1-RELEASE security
fix branch. Note that only applications that use <b class="APPLICATION">OpenSSL</b>'s
ASN.1 or X.509 handling code are affected (<b class="APPLICATION">OpenSSH</b> is
unaffected, for example). More information can be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:18.openssl.asc"
target="_top">FreeBSD-SA-03:18</a>.</p>
<p><b class="APPLICATION">BIND</b> contains the potential for a denial-of-service attack.
This vulnerability has been addressed by a vendor patch on the 5.1-RELEASE security fix
branch and by the import of a new version to the 5-CURRENT development branch. For more
information, see <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:19.bind.asc"
target="_top">FreeBSD-SA-03:19</a>.</p>
</div>
<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="OPEN-ISSUES" name="OPEN-ISSUES">3 Open Issues</a></h2>
<p>The RAIDframe disk driver described in <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=raid&amp;sektion=4&amp;manpath=FreeBSD+5.1-current">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">raid</span>(4)</span></a> is
non-functional for this release.</p>
<p>ACPI seems to make some <span class="TRADEMARK">i386</span>&#8482; machines unstable.
Turning off ACPI support may help solve some of these problems; see an item in <a
href="#LATE-NEWS">Section 4</a>.</p>
<p>An integer overflow could cause kernel panics on PAE-using machines with certain
memory sizes. This bug has been corrected on both the <var
class="LITERAL">RELENG_5_1</var> and <var class="LITERAL">HEAD</var> branches. A
workaround for this problem is to remove some memory, update the system in question, and
reinstall the memory.</p>
<p>Attempting to write to an <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=msdosfs&amp;sektion=5&amp;manpath=FreeBSD+5.1-current">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">msdosfs</span>(5)</span></a> file
system that has been upgraded from read-only to read-write via <tt class="COMMAND">mount
-u</tt> will cause the system to lock up. To work around this problem, unmount the file
system first, then mount it again with the appropriate options instead of using <tt
class="COMMAND">mount -u</tt>.</p>
</div>
<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="LATE-NEWS" name="LATE-NEWS">4 Late-Breaking News</a></h2>
<p><a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&amp;sektion=4&amp;manpath=FreeBSD+5.1-current">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> should
work correctly on strict-alignment 64-bit architectures such as alpha and <span
class="TRADEMARK">Sparc64</span>&reg;.</p>
<p>The release notes should have stated that the <tt class="FILENAME">libthr</tt> library
is built by default for the <span class="TRADEMARK">i386</span> platform.</p>
<p>FreeBSD 5.1-RELEASE includes some new boot loader scripts designed to make booting
FreeBSD with different options easier. This may help diagnose bootstrapping problems.
These scripts build on the existing Forth-based boot loader scripts (thus, <tt
class="FILENAME">/boot/loader.conf</tt> and other existing loader configuration files
still apply). They are only installed by default for new binary installs on <span
class="TRADEMARK">i386</span> machines. The new scripts present a boot-time menu that
controls how FreeBSD is booted, and include options to turn off ACPI, a ``safe mode''
boot, single-user booting, and verbose booting. ``Safe mode'' booting can be particularly
useful when compatibility with a system's hardware is uncertain, and sets the following
kernel tunable variables:</p>
<pre class="PROGRAMLISTING">
hint.acpi.0.disabled=1 # disable ACPI (i386 only)
hw.ata.ata_dma=0 # disable IDE DMA
hw.ata.atapi_dma=0 # disable ATAPI/IDE DMA
hw.ata.wc=0 # disable IDE disk write cache
hw.eisa_slots=0 # disable probing for EISA devices
</pre>
<p>For new installs on <span class="TRADEMARK">i386</span> architecture machines, <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&amp;sektion=8&amp;manpath=FreeBSD+5.1-current">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">sysinstall</span>(8)</span></a>
will try to determine if ACPI was disabled via the new boot loader scripts mentioned
above, and if so, ask if this change should be made permanent.</p>
<p>The release notes should have mentioned that work on the following features was
sponsored by the Defense Advanced Research Projects Agency (DARPA): OpenPAM, NSS support,
PAE support, various MAC framework updates, the GEOM disk geometry system.</p>
</div>
</div>
<hr />
<p align="center"><small>This file, and other release-related documents, can be
downloaded from <a
href="http://snapshots.jp.FreeBSD.org/">http://snapshots.jp.FreeBSD.org/</a>.</small></p>
<p align="center"><small>For questions about FreeBSD, read the <a
href="http://www.FreeBSD.org/docs.html">documentation</a> before contacting &#60;<a
href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.</small></p>
<p align="center"><small><small>All users of FreeBSD 5-CURRENT should subscribe to the
&#60;<a href="mailto:current@FreeBSD.org">current@FreeBSD.org</a>&#62; mailing
list.</small></small></p>
<p align="center">For questions about this documentation, e-mail &#60;<a
href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</p>
<br />
<br />
</body>
</html>
Reference in a new issue View git blame Copy permalink