os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/en/releases/6.0R/errata.html
Simon L. B. Nielsen d958fda726 Regen from 1.73.2.11.
2006-01-18 09:23:01 +00:00

381 lines
18 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>FreeBSD 6.0-RELEASE Errata</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body class="ARTICLE" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="ARTICLE">
<div class="TITLEPAGE">
<h1 class="TITLE"><a id="AEN2" name="AEN2">FreeBSD 6.0-RELEASE Errata</a></h1>
<h3 class="CORPAUTHOR">The FreeBSD Project</h3>
<p class="COPYRIGHT">Copyright &copy; 2000, 2001, 2002, 2003, 2004, 2005, 2006 The
FreeBSD Documentation Project</p>
<p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v
1.73.2.11 2006/01/18 09:20:22 simon Exp $<br />
</p>
<div class="LEGALNOTICE"><a id="TRADEMARKS" name="TRADEMARKS"></a>
<p>FreeBSD is a registered trademark of the FreeBSD Foundation.</p>
<p>Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or
registered trademarks of Intel Corporation or its subsidiaries in the United States and
other countries.</p>
<p>Sparc, Sparc64, SPARCEngine, and UltraSPARC are trademarks of SPARC International, Inc
in the United States and other countries. Products bearing SPARC trademarks are based
upon architecture developed by Sun Microsystems, Inc.</p>
<p>Many of the designations used by manufacturers and sellers to distinguish their
products are claimed as trademarks. Where those designations appear in this document, and
the FreeBSD Project was aware of the trademark claim, the designations have been followed
by the &#8220;&trade;&#8221; or the &#8220;&reg;&#8221; symbol.</p>
</div>
<hr />
</div>
<blockquote class="ABSTRACT">
<div class="ABSTRACT"><a id="AEN22" name="AEN22"></a>
<p>This document lists errata items for FreeBSD 6.0-RELEASE, containing significant
information discovered after the release or too late in the release cycle to be otherwise
included in the release documentation. This information includes security advisories, as
well as news relating to the software or documentation that could affect its operation or
usability. An up-to-date version of this document should always be consulted before
installing this version of FreeBSD.</p>
<p>This errata document for FreeBSD 6.0-RELEASE will be maintained until the release of
FreeBSD 6.1-RELEASE.</p>
</div>
</blockquote>
<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="INTRO" name="INTRO">1 Introduction</a></h2>
<p>This errata document contains &#8220;late-breaking news&#8221; about FreeBSD
6.0-RELEASE. Before installing this version, it is important to consult this document to
learn about any post-release discoveries or problems that may already have been found and
fixed.</p>
<p>Any version of this errata document actually distributed with the release (for
example, on a CDROM distribution) will be out of date by definition, but other copies are
kept updated on the Internet and should be consulted as the &#8220;current errata&#8221;
for this release. These other copies of the errata are located at <a
href="http://www.FreeBSD.org/releases/"
target="_top">http://www.FreeBSD.org/releases/</a>, plus any sites which keep up-to-date
mirrors of this location.</p>
<p>Source and binary snapshots of FreeBSD 6-STABLE also contain up-to-date copies of this
document (as of the time of the snapshot).</p>
<p>For a list of all FreeBSD CERT security advisories, see <a
href="http://www.FreeBSD.org/security/"
target="_top">http://www.FreeBSD.org/security/</a> or <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"
target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
</div>
<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="LATE-NEWS" name="LATE-NEWS">2 Update Information</a></h2>
<p>No news.</p>
</div>
<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="SECURITY" name="SECURITY">3 Security Advisories</a></h2>
<p>The following security advisories pertain to FreeBSD 6.0-RELEASE. For more
information, consult the individual advisories available from <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/"
target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/</a>.</p>
<div class="INFORMALTABLE"><a id="AEN43" name="AEN43"></a>
<table border="0" frame="void" class="CALSTABLE">
<col width="1*" />
<col width="1*" />
<col width="3*" />
<thead>
<tr>
<th>Advisory</th>
<th>Date</th>
<th>Topic</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc"
target="_top">06:05.80211</a></td>
<td>18&nbsp;Janurary&nbsp;2006</td>
<td>
<p>IEEE 802.11 buffer overflow</p>
</td>
</tr>
<tr>
<td><a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc"
target="_top">06:04.ipfw</a></td>
<td>11&nbsp;Janurary&nbsp;2006</td>
<td>
<p><a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> IP
fragment denial of service</p>
</td>
</tr>
<tr>
<td><a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc"
target="_top">06:03.cpio</a></td>
<td>11&nbsp;Janurary&nbsp;2006</td>
<td>
<p>Multiple vulnerabilities in <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=cpio&sektion=1&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">cpio</span>(1)</span></a></p>
</td>
</tr>
<tr>
<td><a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc"
target="_top">06:02.eex</a></td>
<td>11&nbsp;Janurary&nbsp;2006</td>
<td>
<p><a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ee&sektion=1&manpath=FreeBSD+6.0-stable"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ee</span>(1)</span></a> temporary file
privilege escalation</p>
</td>
</tr>
<tr>
<td><a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc"
target="_top">06:01.texindex</a></td>
<td>11&nbsp;Janurary&nbsp;2006</td>
<td>
<p>Texindex temporary file privilege escalation</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="SECT1">
<hr />
<h2 class="SECT1"><a id="KNOWN-PROBLEMS" name="KNOWN-PROBLEMS">4 Known Problems and
Solutions</a></h2>
<p>(2005/11/26) On 6.0-RELEASE, the following <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> rule is
interpreted in a different way from the previous releases:</p>
<pre class="PROGRAMLISTING">
allow ipv6 from 192.168.0.2 to me
</pre>
<p>When <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> does not
support IPv6 (see the next entry for the details), <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(8)</span></a> accepts
this rule and this blocks an IPv6 packet encapsulated in an IPv4 packet (IPv6-over-IPv4
tunneling, protocol number 41) whose source address is <tt
class="LITERAL">192.168.0.2</tt>. When it supports IPv6, on the other hand, this means a
rule to allow an IPv6 packet from <tt class="LITERAL">192.168.0.2</tt>, and actually <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(8)</span></a> rejects
this rule because the syntax is incorrect (&#8220;an IPv6 packet from an IPv4
address&#8221; never happens). Unfortunately there is no simple workaround for this
problem.</p>
<p>The <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> IPv6
support still has rough edges and there are other problems due to incompatibility between
the two. As a workaround for them, you can use a combination of IPv4-only <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> and <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ip6fw&sektion=8&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ip6fw</span>(8)</span></a>, which
is almost compatible with the prior releases, instead of <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> with
IPv6 support. To disable IPv6 support of <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a>, use the
<tt class="FILENAME">ipfw.ko</tt> kernel module and do not use the kernel option <tt
class="LITERAL">IPFIREWALL</tt>.</p>
<p>(2005/11/19) Although the FreeBSD 6.0-RELEASE Release Notes states that <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a>
subsystem now supports IPv6, the combination of the <tt class="FILENAME">GENERIC</tt>
kernel and a kernel module <tt class="FILENAME">ipfw.ko</tt> does not support the <tt
class="LITERAL">ip6</tt> protocol keyword for packet filtering rule. This is because the
kernel option <tt class="LITERAL">INET6</tt> in the kernel configuration file is not
recognized when the <tt class="FILENAME">ipfw.ko</tt> is built. To enable IPv6 support of
<a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a>, rebuild
the kernel with kernel options <tt class="LITERAL">INET6</tt> and <tt
class="LITERAL">IPFIREWALL</tt> instead of using the <tt class="FILENAME">ipfw.ko</tt>
module.</p>
<p>(2005/11/16) Using <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=if_bridge&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">if_bridge</span>(4)</span></a> in
combination with a packet filter such as <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> and <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=pf&sektion=4&manpath=FreeBSD+6.0-stable"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">pf</span>(4)</span></a> can prevent the
network stack from working and/or lead to a system panic after a certain period of time.
This is because it allocates <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=mbuf&sektion=9&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">mbuf</span>(9)</span></a> buffers
for network packets and never releases a part of them, so eventually all of the buffer
memory will be exhausted. This problem has been fixed in the HEAD and the RELENG_6 branch
after 10:17:15 2005/11/16 UTC.</p>
<p>(2005/11/16, updated on 2005/11/19) When an <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(4)</span></a> <tt
class="LITERAL">divert</tt> rule is specified with the protocol keyword <tt
class="LITERAL">ip</tt> or <tt class="LITERAL">all</tt>, IPv6 packets are silently
discarded at that rule since the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=divert&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">divert</span>(4)</span></a> socket
does not support IPv6. This can be a problem especially for an IPv4 and IPv6 dual-stack
host with <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=natd&sektion=8&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">natd</span>(8)</span></a> enabled.
<span class="bold"><b class="EMPHASIS">Note that the kernel module <tt
class="FILENAME">ipfw.ko</tt> does not have this problem because it does not support
IPv6.</b></span> To avoid this problem, use an IPv4 specific divert rule such as <tt
class="LITERAL">divert natd ipv4</tt> instead of <tt class="LITERAL">divert natd
all</tt>.</p>
<p>(2005/11/6) The FreeBSD 6.0-RELEASE Release Notes wrongly states a kernel option
related to <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">ipfw</span>(8)</span></a> as <tt
class="LITERAL">IPFIRWALL_FORWARD</tt>. The correct option keyword is <tt
class="LITERAL">IPFIREWALL_FORWARD</tt>.</p>
<p>(2005/11/5) The FreeBSD 6.0-RELEASE Release Notes wrongly states the version number of
OpenSSH and IPFilter integrated into FreeBSD as 4.1p1 and 4.1.18. The correct versions
are 4.2p1 and 4.1.8 respectively.</p>
<p>(2005/11/5) Distribution of 6.0-RELEASE contains <tt
class="FILENAME">CHECKSUM.MD5</tt> and <tt class="FILENAME">CHECKSUM.SHA256</tt> files
for protecting the integrity of data. However, these files in 6.0-RELEASE erroneously
include checksums for the checksum files themselves. Although the checksums look like
wrong, they can be safely ignored because a checksum for the checksum file never
corresponds to one in the file. This problem will be fixed in the next releases.</p>
<p>(2005/11/5, FreeBSD/amd64 specific) The <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=pmcstat&sektion=8&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">pmcstat</span>(8)</span></a>
utility cannot yet handle 32-bit executables when converting <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=hwpmc&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">hwpmc</span>(4)</span></a> log
files to <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=gprof&sektion=1&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">gprof</span>(1)</span></a>
format.</p>
<p>(2005/11/5, FreeBSD/powerpc specific) The following panic may occur at boot-time on
some older PowerMac G4 systems:</p>
<pre class="SCREEN">
...
KDB: current backend: ddb
panic: Assertion curthread != NULL failed at
/usr/src/sys/kern/kern_mutex.c:268
KDB: enter panic
</pre>
<p>This is a known problem with no workaround, and will be fixed in the next release.</p>
<p>(2005/11/5) Changes of on-disk format of <tt
class="FILENAME">/usr/share/locale/*/LC_*</tt> files in 6.0-RELEASE prevent third-party
software which uses <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=setlocale&sektion=3&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">setlocale</span>(3)</span></a> for
its localization from working after a 5.x system upgraded. The software includes ones
installed into the 5.x system by using FreeBSD Ports Collection and so on. To solve this
problem, perform one of the following:</p>
<ul>
<li>
<p>Install misc/compat5x package into the upgraded 6.0 system. This package installs a
library <tt class="FILENAME">lib/compat/libc.so.5</tt> which makes the software complied
in a 5.x system use the old locale files to keep compatibility. Note that you need to
remove <tt class="FILENAME">/lib/libc.so.5</tt> after upgrading.</p>
<p>This package is available only for Tier-1 platforms.</p>
</li>
<li>
<p>Recompile the software on the 6.0 system.</p>
</li>
</ul>
<p>(2005/10/3) At boot time the FreeBSD/sparc64 GENERIC kernel may output the following
messages when the machine has no framebuffer:</p>
<pre class="SCREEN">
Aug 26 19:31:27 hostname getty[429]: open /dev/ttyv1: No such file or directory
</pre>
<p>This is because the machine with no supported graphics hardware does not recognize <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=syscons&sektion=4&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">syscons</span>(4)</span></a> and
<tt class="FILENAME">/dev/ttyv*</tt> device nodes are not created. This is not a harmful
error and can be suppressed by disabling <tt class="FILENAME">/dev/ttyv*</tt> entries in
<tt class="FILENAME">/etc/ttys</tt>.</p>
<p>(2005/10/3) Kernel modules do not work on FreeBSD/sparc64 when the machine has more
than 4GB memory. There is no workaround for this issue except for compiling the modules
statically into your custom kernel in advance.</p>
<p>(2005/10/3) The <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=kgdb&sektion=1&manpath=FreeBSD+6.0-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">kgdb</span>(1)</span></a> utility
does not work properly on FreeBSD/sparc64 for debugging panics which include traps. As a
workaround you can use <tt class="FILENAME">devel/gdb53</tt>.</p>
</div>
</div>
<hr />
<p align="center"><small>This file, and other release-related documents, can be
downloaded from <a
href="http://www.FreeBSD.org/snapshots/">http://www.FreeBSD.org/snapshots/</a>.</small></p>
<p align="center"><small>For questions about FreeBSD, read the <a
href="http://www.FreeBSD.org/docs.html">documentation</a> before contacting &#60;<a
href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.</small></p>
<p align="center"><small>All users of FreeBSD 6-STABLE should subscribe to the &#60;<a
href="mailto:stable@FreeBSD.org">stable@FreeBSD.org</a>&#62; mailing list.</small></p>
<p align="center"><small>For questions about this documentation, e-mail &#60;<a
href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</small></p>
</body>
</html>
Reference in a new issue View git blame Copy permalink