os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/en_US.ISO8859-1/htdocs/releases/8.4R/errata.html
Hiroki Sato f5f0931e9b Regen from r251680.
2013-06-13 05:53:08 +00:00

109 lines
No EOL
16 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>FreeBSD 8.4-RELEASE Errata</title><link rel="stylesheet" href="docbook.css" type="text/css" /><link rev="made" href="doc@FreeBSD.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="FreeBSD 8.4-RELEASE Errata"><div xmlns="" class="titlepage"><div><div><h2 xmlns="http://www.w3.org/1999/xhtml" class="title"><a id="idp53953232"></a>FreeBSD 8.4-RELEASE Errata </h2></div><div><h3 xmlns="http://www.w3.org/1999/xhtml" class="corpauthor">
The FreeBSD Project
</h3></div><div><p xmlns="http://www.w3.org/1999/xhtml" class="copyright">Copyright © 2013 The FreeBSD Documentation Project</p></div><div><div xmlns="http://www.w3.org/1999/xhtml" class="legalnotice" title="Legal Notice"><a id="trademarks"></a><p>FreeBSD is a registered trademark of
the FreeBSD Foundation.</p><p>Intel, Celeron, EtherExpress, i386,
i486, Itanium, Pentium, and Xeon are trademarks or registered
trademarks of Intel Corporation or its subsidiaries in the United
States and other countries.</p><p>SPARC, SPARC64, SPARCengine, and
UltraSPARC are trademarks of SPARC International, Inc in the United
States and other countries. SPARC International, Inc owns all of the
SPARC trademarks and under licensing agreements allows the proper use
of these trademarks by its members.</p><p>Many of the designations used by
manufacturers and sellers to distinguish their products are claimed
as trademarks. Where those designations appear in this document,
and the FreeBSD Project was aware of the trademark claim, the
designations have been followed by the <span class="quote"><span class="quote"></span></span> or the
<span class="quote"><span class="quote">®</span></span> symbol.</p></div></div><div>Last modified on 2013-06-13 by hrs.</div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#intro">1. Introduction</a></span></dt><dt><span class="sect1"><a href="#security">2. Security Advisories</a></span></dt><dt><span class="sect1"><a href="#open-issues">3. Open Issues</a></span></dt><dt><span class="sect1"><a href="#late-news">4. Late-Breaking News and Corrections</a></span></dt></dl></div><div class="abstract" title="Abstract"><p class="title"><b>Abstract</b></p><p>This document lists errata items for FreeBSD 8.4-RELEASE,
containing significant information discovered after the release
or too late in the release cycle to be otherwise included in the
release documentation.
This information includes security advisories, as well as news
relating to the software or documentation that could affect its
operation or usability. An up-to-date version of this document
should always be consulted before installing this version of
FreeBSD.</p><p>This errata document for FreeBSD 8.4-RELEASE
will be maintained until the release of FreeBSD 8.5-RELEASE.</p></div><div class="sect1" title="1. Introduction"><div xmlns="" class="titlepage"><div><div><h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a id="intro"></a>1. Introduction</h2></div></div></div><p>This errata document contains <span class="quote"><span class="quote">late-breaking news</span></span>
about FreeBSD 8.4-RELEASE
Before installing this version, it is important to consult this
document to learn about any post-release discoveries or problems
that may already have been found and fixed.</p><p>Any version of this errata document actually distributed
with the release (for example, on a CDROM distribution) will be
out of date by definition, but other copies are kept updated on
the Internet and should be consulted as the <span class="quote"><span class="quote">current
errata</span></span> for this release. These other copies of the
errata are located at <a class="ulink" href="http://www.FreeBSD.org/releases/" target="_top">http://www.FreeBSD.org/releases/</a>, plus any sites
which keep up-to-date mirrors of this location.</p><p>Source and binary snapshots of FreeBSD 8.4-STABLE also
contain up-to-date copies of this document (as of the time of
the snapshot).</p><p>For a list of all FreeBSD CERT security advisories, see <a class="ulink" href="http://www.FreeBSD.org/security/" target="_top">http://www.FreeBSD.org/security/</a> or <a class="ulink" href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/" target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p></div><div class="sect1" title="2. Security Advisories"><div xmlns="" class="titlepage"><div><div><h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a id="security"></a>2. Security Advisories</h2></div></div></div><p>The following security advisories pertain to FreeBSD 8.4-RELEASE.
For more information, consult the individual advisories available from
<a class="ulink" href="http://security.FreeBSD.org/" target="_top">http://security.FreeBSD.org/</a>.</p><div class="informaltable"><table width="100%" border="0"><colgroup><col /><col /><col /></colgroup><thead><tr><th>Advisory</th><th>Date</th><th>Topic</th></tr></thead><tbody><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:01.openssl.asc" target="_top">SA-12:01.openssl</a></td><td>03 May 2012</td><td><p>OpenSSL multiple vulnerabilities</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc" target="_top">SA-12:02.crypt</a></td><td>30 May 2012</td><td><p>Incorrect crypt() hashing</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:03.bind.asc" target="_top">SA-12:03.bind</a></td><td>12 June 2012</td><td><p>Incorrect handling of zero-length RDATA fields in named(8)</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc" target="_top">SA-12:04.sysret</a></td><td>12 June 2012</td><td><p>Privilege escalation when returning from kernel</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:05.bind.asc" target="_top">SA-12:05.bind</a></td><td>06 August 2012</td><td><p>named(8) DNSSEC validation Denial of Service</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:06.bind.asc" target="_top">SA-12:06.bind</a></td><td>22 November 2012</td><td><p>Multiple Denial of Service vulnerabilities with named(8)</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:07.hostapd.asc" target="_top">SA-12:07.hostapd</a></td><td>22 November 2012</td><td><p>Insufficient message length validation for EAP-TLS messages</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:08.linux.asc" target="_top">SA-12:08.linux</a></td><td>22 November 2012</td><td><p>Linux compatibility layer input validation error</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-13:02.libc.asc" target="_top">SA-13:02.libc</a></td><td>19 February 2013</td><td><p>glob(3) related resource exhaustion</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-13:03.openssl.asc" target="_top">SA-13:03.openssl</a></td><td>02 April 2013</td><td><p>OpenSSL multiple vulnerabilities</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-13:04.bind.asc" target="_top">SA-13:04.bind</a></td><td>02 April 2013</td><td><p>BIND remote denial of service</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-13:05.nfsserver.asc" target="_top">SA-13:05.nfsserver</a></td><td>29 April 2013</td><td><p>Insufficient input validation in the NFS server</p></td></tr></tbody></table></div></div><div class="sect1" title="3. Open Issues"><div xmlns="" class="titlepage"><div><div><h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a id="open-issues"></a>3. Open Issues</h2></div></div></div><p>[20130613] The <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=vtnet&amp;amp;sektion=4"><span class="citerefentry"><span class="refentrytitle">vtnet</span>(4)</span></a> network interface driver
displays the following message upon configuration when using
<span class="application">QEMU</span> 1.4.1 and later:</p><pre class="screen">vtnet0: error setting host MAC filter table</pre><p>This message is harmless when the interface has only one MAC
address. The patch for this issue is filed to a PR <a class="ulink" href="http://www.FreeBSD.org/cgi/query-pr.cgi?pr=178955" target="_top">kern/178955</a>.</p><p>[20130609] There is incompatibility in <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&amp;amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">jail</span>(8)</span></a>
configuration because the <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&amp;amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">jail</span>(8)</span></a> utility and
<code class="filename">rc.d/jail</code> script has been changed. More
specifically, the following <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=sysctl&amp;amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">sysctl</span>(8)</span></a> variables cannot be
used to set the default parameters for jails:</p><pre class="programlisting">security.jail.mount_zfs_allowed
security.jail.mount_procfs_allowed
security.jail.mount_nullfs_allowed
security.jail.mount_devfs_allowed
security.jail.mount_allowed
security.jail.chflags_allowed
security.jail.allow_raw_sockets
security.jail.sysvipc_allowed
security.jail.socket_unixiproute_only
security.jail.set_hostname_allowed</pre><p>These could be set by manually using <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=sysctl&amp;amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">sysctl</span>(8)</span></a> utility,
the <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=sysctl.conf&amp;amp;sektion=5"><span class="citerefentry"><span class="refentrytitle">sysctl.conf</span>(5)</span></a> file, or for some of them the following
variables in <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=rc.conf&amp;amp;sektion=5"><span class="citerefentry"><span class="refentrytitle">rc.conf</span>(5)</span></a>:</p><pre class="programlisting">jail_set_hostname_allow="yes"
jail_socket_unixiproute_only="yes"
jail_sysvipc_allow="yes"</pre><p>These parameters must now be specified in
<code class="varname">jail_parameters</code> (or
<code class="varname">jail_<em class="replaceable"><code>jailname</code></em>_parameters</code>
for per-jail configuration) in <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=rc.conf&amp;amp;sektion=5"><span class="citerefentry"><span class="refentrytitle">rc.conf</span>(5)</span></a>. For
example:</p><pre class="programlisting">jail_parameters="allow.sysvipc allow.raw_sockets"</pre><p>The valid keywords are the following. For more detail, see
<a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&amp;amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">jail</span>(8)</span></a> manual page.</p><pre class="programlisting">allow.set_hostname
allow.sysvipc
allow.raw_sockets
allow.chflags
allow.mount
allow.mount.devfs
allow.mount.nullfs
allow.mount.procfs
allow.mount.zfs
allow.quotas
allow.socket_af</pre><p>[20130608] FreeBSD 8.4-RELEASE no longer supports FreeBSD CVS
repository. Some documents mistakenly refer to
<code class="literal">RELENG_8_4_0_RELEASE</code> as CVS tag for the release and
<code class="literal">RELENG_8_4</code> as CVS branch tag for the
8.4-RELEASE security branch. However, FreeBSD Project no longer
supports FreeBSD CVS repository and 8.4-RELEASE has been released by
using FreeBSD subversion repository instead.
<code class="literal">RELENG_8_4</code> corresponds to
<code class="literal">svn://svn.FreeBSD.org/base/releng/8.4</code>, and
<code class="literal">RELENG_8_4_0_RELEASE</code> corresponds to
<code class="literal">svn://svn.FreeBSD.org/base/release/8.4.0</code>.
Please note that FreeBSD source tree for 8.4-RELEASE and its security
branch cannot be updated by using official CVSup servers.</p><p>[20130607] (removed about a <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=bge&amp;amp;sektion=4"><span class="citerefentry"><span class="refentrytitle">bge</span>(4)</span></a> network interface
driver issue because it was incorrect)</p><p>[20130606] The <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=fxp&amp;amp;sektion=4"><span class="citerefentry"><span class="refentrytitle">fxp</span>(4)</span></a> network interface driver may not
work well with the <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=dhclient&amp;amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">dhclient</span>(8)</span></a> utility. More specifically,
if the <code class="filename">/etc/rc.conf</code> has the following
line:</p><pre class="programlisting">ifconfig_fxp0="DHCP"</pre><p>to activate a DHCP client to configure the network
interface, the following notification messages are displayed and
the <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=dhclient&amp;amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">dhclient</span>(8)</span></a> utility keeps trying to initialize the
network interface forever.</p><pre class="screen">kernel: fxp0: link state changed to UP
kernel: fxp0: link state changed to DOWN</pre><p>A patch to fix this issue will be released as an Errata
Notice.</p></div><div class="sect1" title="4. Late-Breaking News and Corrections"><div xmlns="" class="titlepage"><div><div><h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a id="late-news"></a>4. Late-Breaking News and Corrections</h2></div></div></div><p>[20130606] As described in FreeBSD 8.4-RELEASE Release Notes,
FreeBSD ZFS subsystem has been updated to support feature flags for
ZFS pools. However, the default version number of a newly
created ZFS pool is still <code class="literal">28</code>.</p><p>This is because FreeBSD 9.0 and 9.1 do not support the feature
flags. This means ZFS pools with feature flag support cannot be
used on FreeBSD 9.0 and 9.1. An 8.X system with v28 ZFS pools can
be upgraded to 9.X with no problem. Note that <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=zfs&amp;amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">zfs</span>(8)</span></a>
<code class="command">send</code> and <code class="command">receive</code> commands
do not work between pools with different versions. Once a ZFS
pool is upgraded from v28, there is no way to upgrade the system
to FreeBSD 9.0 and 9.1. FreeBSD 9.2 and later will support ZFS pools
with feature flags.</p><p>To create a ZFS pool with feature flag support, use the
<a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=zpool&amp;amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">zpool</span>(8)</span></a> <code class="command">create</code> command and then the
<a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=zpool&amp;amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">zpool</span>(8)</span></a> <code class="command">upgrade</code> command.</p></div></div></body></html>
Reference in a new issue View git blame Copy permalink