282a032540
- Repocopy from www/<lang> to head/<lang>/htdocs to eliminate duplicate information in the www and the doc directory. - Add various administration files to svnadmin. Approved by: doceng (implicit)
273 lines
12 KiB
HTML
273 lines
12 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<meta name="generator" content="HTML Tidy, see www.w3.org">
|
|
<title>FreeBSD 4.4-RELEASE Errata</title>
|
|
<meta name="GENERATOR" content=
|
|
"Modular DocBook HTML Stylesheet Version 1.73 ">
|
|
<link rel="STYLESHEET" type="text/css" href="docbook.css">
|
|
</head>
|
|
|
|
<body class="ARTICLE" bgcolor="#FFFFFF" text="#000000" link=
|
|
"#0000FF" vlink="#840084" alink="#0000FF">
|
|
<div class="ARTICLE">
|
|
<div class="TITLEPAGE">
|
|
<h1 class="TITLE"><a name="AEN2">FreeBSD 4.4-RELEASE
|
|
Errata</a></h1>
|
|
|
|
<h3 class="CORPAUTHOR">The FreeBSD Project</h3>
|
|
|
|
<p class="COPYRIGHT">Copyright © 2000, 2001, 2002 by
|
|
The FreeBSD Documentation Project</p>
|
|
|
|
<p class="PUBDATE">$FreeBSD:
|
|
src/release/doc/en_US.ISO8859-1/errata/article.sgml,v
|
|
1.1.2.43 2002/01/25 04:12:28 bmah Exp $<br>
|
|
</p>
|
|
<hr>
|
|
</div>
|
|
|
|
<blockquote class="ABSTRACT">
|
|
<div class="ABSTRACT">
|
|
<a name="AEN11"></a>
|
|
|
|
<p>This document lists errata items for FreeBSD
|
|
4.4-RELEASE, containing significant information
|
|
discovered after the release. This information includes
|
|
security advisories, as well as news relating to the
|
|
software or documentation that could affect its operation
|
|
or usability. An up-to-date version of this document
|
|
should always be consulted before installing this version
|
|
of FreeBSD.</p>
|
|
|
|
<p>This errata document for FreeBSD 4.4-RELEASE will be
|
|
maintained until the release of FreeBSD 4.5-RELEASE.</p>
|
|
</div>
|
|
</blockquote>
|
|
|
|
<div class="SECT1">
|
|
<hr>
|
|
|
|
<h1 class="SECT1"><a name="AEN14">1 Introduction</a></h1>
|
|
|
|
<p>This errata document contains ``late-breaking news''
|
|
about FreeBSD 4.4-RELEASE. Before installing this version,
|
|
it is important to consult this document to learn about any
|
|
post-release discoveries or problems that may already have
|
|
been found and fixed.</p>
|
|
|
|
<p>Any version of this errata document actually distributed
|
|
with the release (for example, on a CDROM distribution)
|
|
will be out of date by definition, but other copies are
|
|
kept updated on the Internet and should be consulted as the
|
|
``current errata'' for this release. These other copies of
|
|
the errata are located at <a href=
|
|
"http://www.FreeBSD.org/releases/" target=
|
|
"_top">http://www.FreeBSD.org/releases/</a>, plus any sites
|
|
which keep up-to-date mirrors of this location.</p>
|
|
|
|
<p>Source and binary snapshots of FreeBSD 4-STABLE also
|
|
contain up-to-date copies of this document (as of the time
|
|
of the snapshot).</p>
|
|
|
|
<p>For a list of all FreeBSD CERT security advisories, see
|
|
<a href="http://www.FreeBSD.org/security/" target=
|
|
"_top">http://www.FreeBSD.org/security/</a> or <a href=
|
|
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/" target=
|
|
"_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
|
|
</div>
|
|
|
|
<div class="SECT1">
|
|
<hr>
|
|
|
|
<h1 class="SECT1"><a name="AEN25">2 Security
|
|
Advisories</a></h1>
|
|
|
|
<p>Support for per-user <tt class=
|
|
"FILENAME">~/.login_conf</tt> files (as documented in <a
|
|
href=
|
|
"http://www.FreeBSD.org/cgi/man.cgi?query=login.conf&sektion=5&manpath=FreeBSD+4.4-stable">
|
|
<span class="CITEREFENTRY"><span class=
|
|
"REFENTRYTITLE">login.conf</span>(5)</span></a>) was
|
|
disabled due to incorrect merging of local and global
|
|
settings. This problem has been fixed in FreeBSD
|
|
4.5-RC.</p>
|
|
|
|
<p>A local root vulnerability in <b class=
|
|
"APPLICATION">UUCP</b> was corrected before the release of
|
|
FreeBSD 4.4-RELEASE and documented in security advisory <a
|
|
href=
|
|
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:62.uucp.asc"
|
|
target="_top">FreeBSD-SA-01:62</a>. The release notes
|
|
mentioned the correction, but not the security advisory,
|
|
which was issued after the release date of 4.4-RELEASE.</p>
|
|
|
|
<p>A security hole in <b class="APPLICATION">OpenSSH</b>
|
|
could allow users to execute code with arbitrary privileges
|
|
if <tt class="LITERAL">UseLogin yes</tt> was set, has been
|
|
closed. Note that the default value of this setting is <tt
|
|
class="LITERAL">UseLogin no</tt>. For more information,
|
|
including workarounds and bugfixes, see security advisory
|
|
<a href=
|
|
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:63.openssh.asc"
|
|
target="_top">FreeBSD-SA-01:63</a>.</p>
|
|
|
|
<p>The use of an insecure temporary directory by <a href=
|
|
"http://www.FreeBSD.org/cgi/man.cgi?query=pkg_add&sektion=1&manpath=FreeBSD+4.4-stable">
|
|
<span class="CITEREFENTRY"><span class=
|
|
"REFENTRYTITLE">pkg_add</span>(1)</span></a> could permit a
|
|
local attacker to modify the contents of binary packages
|
|
while they were being installed. This hole has been closed.
|
|
For more information, see security advisory <a href=
|
|
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.asc"
|
|
target="_top">FreeBSD-SA-02:01</a>.</p>
|
|
|
|
<p>A race condition in <a href=
|
|
"http://www.FreeBSD.org/cgi/man.cgi?query=pw&sektion=8&manpath=FreeBSD+4.4-stable">
|
|
<span class="CITEREFENTRY"><span class=
|
|
"REFENTRYTITLE">pw</span>(8)</span></a>, which could expose
|
|
the contents of <tt class=
|
|
"FILENAME">/etc/master.passwd</tt>, has been eliminated.
|
|
For more information, including workarounds and bugfixes,
|
|
see security advisory <a href=
|
|
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:02.pw.asc"
|
|
target="_top">FreeBSD-SA-02:02</a>.</p>
|
|
|
|
<p>A bug in <a href=
|
|
"http://www.FreeBSD.org/cgi/man.cgi?query=k5su&sektion=8&manpath=FreeBSD+4.4-stable">
|
|
<span class="CITEREFENTRY"><span class=
|
|
"REFENTRYTITLE">k5su</span>(8)</span></a> could have
|
|
allowed a process that had given up superuser privileges to
|
|
regain them. This bug has been fixed. (See security
|
|
advisory <a href=
|
|
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc"
|
|
target="_top">FreeBSD-SA-02:07</a>.)</p>
|
|
|
|
<p>A race condition in the <a href=
|
|
"http://www.FreeBSD.org/cgi/man.cgi?query=exec&sektion=3&manpath=FreeBSD+4.4-stable">
|
|
<span class="CITEREFENTRY"><span class=
|
|
"REFENTRYTITLE">exec</span>(3)</span></a> system call,
|
|
which could result in local users obtaining increased
|
|
privileges, has been fixed. For more information, including
|
|
bugfixes, see security advisory <a href=
|
|
"ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:08.exec.asc"
|
|
target="_top">FreeBSD-SA-02:08</a>.)</p>
|
|
</div>
|
|
|
|
<div class="SECT1">
|
|
<hr>
|
|
|
|
<h1 class="SECT1"><a name="AEN61">3 System Update
|
|
Information</a></h1>
|
|
|
|
<p>The handling of some types of comments in <a href=
|
|
"http://www.FreeBSD.org/cgi/man.cgi?query=printcap&sektion=5&manpath=FreeBSD+4.4-stable">
|
|
<span class="CITEREFENTRY"><span class=
|
|
"REFENTRYTITLE">printcap</span>(5)</span></a> files is
|
|
faulty. If a comment line ends in <tt class=
|
|
"LITERAL">:\</tt> (the characters normally used to indicate
|
|
the continuation of a printer definition), the line
|
|
following the comment will be parsed as a part of the
|
|
previous printer definition.</p>
|
|
|
|
<p>One of the release notes refers to the <tt class=
|
|
"VARNAME">net.inet.tcp.tcp_seq_genscheme</tt> sysctl
|
|
variable for enabling improved compatability in TCP's
|
|
initial sequence number generation algorithm. This variable
|
|
was rendered unnecessary by the adoption of an algorithm
|
|
based on RFC 1948, which restores proper operation in all
|
|
cases while maintaining a high level of unpredictability in
|
|
initial sequence numbers.</p>
|
|
|
|
<p>The <tt class="FILENAME">tools/</tt> directory of a
|
|
FreeBSD CDROM distribution typically contains some DOS
|
|
programs for i386 machines, such as <tt class=
|
|
"FILENAME">fdimage.exe</tt> and <tt class=
|
|
"FILENAME">fips.exe</tt>. This directory was inadvertently
|
|
omitted from the initial 4.4-RELEASE ISO images generated
|
|
by the FreeBSD Project. Corrected versions of the <tt
|
|
class="FILENAME">4.4-install.iso</tt> and <tt class=
|
|
"FILENAME">4.4-mini.iso</tt> ISO images were regenerated on
|
|
Saturday, 22 September 2001. For those who need these
|
|
DOS-mode tools and do not wish to re-fetch the ISO images,
|
|
the contents of the <tt class="FILENAME">tools/</tt>
|
|
directory are available by anonymous FTP at <a href=
|
|
"ftp://ftp.FreeBSD.org/pub/FreeBSD/tools" target=
|
|
"_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/tools</a> (many
|
|
mirrors also have a copy of this directory).</p>
|
|
|
|
<p>One of the items in the release notes gave a workaround
|
|
for hangs during PCCARD ejection, but gave the wrong syntax
|
|
for the necessary command. The correct command line is:</p>
|
|
<pre class="SCREEN">
|
|
<tt class="PROMPT">#</tt> <tt class=
|
|
"USERINPUT"><b>pccardc power <tt class=
|
|
"REPLACEABLE"><i>slot</i></tt> 0</b></tt>
|
|
</pre>
|
|
<br>
|
|
<br>
|
|
|
|
<p>On the i386, the minimum memory requirement for
|
|
installing FreeBSD via <a href=
|
|
"http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.4-stable">
|
|
<span class="CITEREFENTRY"><span class=
|
|
"REFENTRYTITLE">sysinstall</span>(8)</span></a> is 16MB,
|
|
with 4-8MB required to run FreeBSD with a pared-down
|
|
kernel. The installation instructions in <tt class=
|
|
"FILENAME">INSTALL.TXT</tt> (and other renditions thereof)
|
|
cited somewhat lower figures.</p>
|
|
|
|
<p>A release note mentioned the merging of two libraries
|
|
used for password authentication hashing, but listed their
|
|
names incorrectly. The libraries that were merged were <tt
|
|
class="FILENAME">libscrypt</tt> and <tt class=
|
|
"FILENAME">libdescrypt</tt>; the new unified library is
|
|
called <tt class="FILENAME">libcrypt</tt>.</p>
|
|
|
|
<p>A problem has been noted with an increasing number of
|
|
device drivers that make heavy use of and, in some cases,
|
|
can overflow, the kernel stack. This problem has an
|
|
easily-identifable signature; processes randomly receive a
|
|
<tt class="LITERAL">SIGPROF</tt> signal and may die with
|
|
the message ``<tt class="ERRORNAME">Profiling time
|
|
alarm</tt>''. For those users experiencing this problem, a
|
|
workaround is to edit <tt class=
|
|
"FILENAME">/src/sys/i386/include/param.h</tt> and change
|
|
the line which reads:</p>
|
|
<pre class="PROGRAMLISTING">
|
|
#define UPAGES 2
|
|
</pre>
|
|
to read:
|
|
<pre class="PROGRAMLISTING">
|
|
#define UPAGES 3
|
|
</pre>
|
|
It will be necessary to recompile the kernel and reboot for
|
|
the change to take effect. This problem has been fixed in
|
|
FreeBSD 4.5-RC.<br>
|
|
<br>
|
|
</div>
|
|
</div>
|
|
<hr>
|
|
|
|
<p align="center"><small>This file, and other release-related
|
|
documents, can be downloaded from <a href=
|
|
"ftp://stable.FreeBSD.org/pub/FreeBSD/">ftp://stable.FreeBSD.org/pub/FreeBSD/</a>.</small></p>
|
|
|
|
<p align="center"><small>For questions about FreeBSD, read the
|
|
<a href="http://www.FreeBSD.org/docs.html">documentation</a>
|
|
before contacting <<a href=
|
|
"mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>>.</small></p>
|
|
|
|
<p align="center"><small><small>All users of FreeBSD 4-STABLE
|
|
should subscribe to the <<a href=
|
|
"mailto:stable@FreeBSD.org">stable@FreeBSD.org</a>> mailing
|
|
list.</small></small></p>
|
|
|
|
<p align="center">For questions about this documentation,
|
|
e-mail <<a href=
|
|
"mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>>.</p>
|
|
<br>
|
|
<br>
|
|
</body>
|
|
</html>
|
|
|