1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
|
<!--
FreeBSD errata document. Unlike some of the other RELNOTESng
files, this file should remain as a single SGML file, so that
the dollar FreeBSD dollar header has a meaningful modification
time. This file is all but useless without a datestamp on it,
so we'll take some extra care to make sure it has one.
(If we didn't do this, then the file with the datestamp might
not be the one that received the last change in the document.)
-->
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN">
%man;
<!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN">
%authors;
<!ENTITY % mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN">
%mlists;
<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
%release;
]>
<article>
<articleinfo>
<title>&os;
<![ %release.type.snapshot [
&release.prev;
]]>
<![ %release.type.release [
&release.current;
]]>
Errata</title>
<corpauthor>
The &os; Project
</corpauthor>
<pubdate>$FreeBSD$</pubdate>
<copyright>
<year>2000</year>
<year>2001</year>
<year>2002</year>
<year>2003</year>
<holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
</copyright>
</articleinfo>
<abstract>
<para>This document lists errata items for &os;
<![ %release.type.snapshot [
&release.prev;,
]]>
<![ %release.type.release [
&release.current;,
]]>
containing significant information discovered after the release
or too late in the release cycle to be otherwise included in the
release documentation.
This information includes security advisories, as well as news
relating to the software or documentation that could affect its
operation or usability. An up-to-date version of this document
should always be consulted before installing this version of
&os;.</para>
<para>This errata document for &os;
<![ %release.type.snapshot [
&release.prev;
]]>
<![ %release.type.release [
&release.current;
]]>
will be maintained until the release of &os; 5.1-RELEASE.</para>
</abstract>
<sect1 id="intro">
<title>Introduction</title>
<para>This errata document contains <quote>late-breaking news</quote>
about &os;
<![ %release.type.snapshot [
&release.prev;.
]]>
<![ %release.type.release [
&release.current;.
]]>
Before installing this version, it is important to consult this
document to learn about any post-release discoveries or problems
that may already have been found and fixed.</para>
<para>Any version of this errata document actually distributed
with the release (for example, on a CDROM distribution) will be
out of date by definition, but other copies are kept updated on
the Internet and should be consulted as the <quote>current
errata</quote> for this release. These other copies of the
errata are located at <ulink
url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites
which keep up-to-date mirrors of this location.</para>
<para>Source and binary snapshots of &os; &release.branch; also
contain up-to-date copies of this document (as of the time of
the snapshot).</para>
<para>For a list of all &os; CERT security advisories, see <ulink
url="http://www.FreeBSD.org/security/"></ulink> or <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para>
</sect1>
<sect1 id="security">
<title>Security Advisories</title>
<para>Remotely exploitable vulnerabilities in
<application>CVS</application> could allow an attacker to
execute arbitrary comands on a CVS server. More details can be
found in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc">FreeBSD-SA-03:01</ulink>.</para>
<para>A timing-based attack on <application>OpenSSL</application>,
could allow a very powerful attacker access to plaintext
under certain circumstances. This problem has been corrected in
&os; &release.current; with an upgrade
to <application>OpenSSL</application> 0.9.7. On supported
security fix branches, this problem has been corrected with the
import of <application>OpenSSL</application> 0.9.6i. See security
advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc">FreeBSD-SA-03:02</ulink>
for more details.</para>
<para>It may be possible to recover the shared secret key used by
the implementation of the <quote>syncookies</quote> feature.
This reduces its effectiveness in dealing with TCP SYN flood
denial-of-service attacks. Workaround information and fixes are
given in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc">FreeBSD-SA-03:03</ulink>.</para>
<para>Due to buffer overflows in header parsing in <application>sendmail</application>, a remote
attacker can create a specially-crafted message that may cause
&man.sendmail.8; to execute arbitrary code
with the privileges of the user running it, typically
<username>root</username>. More information, including pointers
to patches, can be found in security advisories <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc">FreeBSD-SA-03:04</ulink>
and <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc">FreeBSD-SA-03:07</ulink>.</para>
<para>The XDR encoder/decoder does incorrect bounds-checking,
which could allow a remote attacker to cause a
denial-of-service. For bugfix information, see security
advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:05.xdr.asc">FreeBSD-SA-03:05</ulink>.</para>
<para><application>OpenSSL</application> has been found
vulnerable to two recently-disclosed attacks. Information
on workarounds and patches for supported security branches is
contained in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:06.openssl.asc">FreeBSD-SA-03:06</ulink>.</para>
</sect1>
<sect1 id="late-news">
<title>Late-Breaking News</title>
<bridgehead renderas="sect3">GEOM</bridgehead>
<para>The &man.geom.4;-based disk partitioning code in the kernel
will not allow an open partition to be overwritten. This
usually prevents the use of <command>disklabel -B</command> to
update the boot blocks on a disk because the
<literal>a</literal> partition overlaps the space where the boot
blocks are stored. A suggested workaround is to boot from an
alternate disk, a CDROM, or a fixit floppy.</para>
<bridgehead renderas="sect3">&man.dump.8;</bridgehead>
<para>When using disk media with sector sizes larger than 512
bytes (for instance, &man.gbde.4; encrypted disks), the
&man.dump.8; program fails to respect the larger sector size and
cannot dump the partition. One possible workaround is to copy
the entire file system in raw format and dump the copy. It is,
for instance, possible to dump a file system stored in a regular
file:</para>
<screen>&prompt.root; <userinput>dd if=/dev/ad0s1d.bde of=/junk/ad0.dd bs=1m</userinput>
&prompt.root; <userinput>dump 0f - /junk/ad0.dd | ...</userinput></screen>
<para>A simpler workaround is to use &man.tar.1; or &man.cpio.1;
to make backup copies.</para>
<bridgehead renderas="sect3">&man.mly.4;</bridgehead>
<para>Hangs were reported during &os; 5.0 snapshot
installations when installing to &man.mly.4;-supported RAID
arrays, in hardware configurations that appear to work fine
under &os; 4.7-RELEASE. These problems have been corrected
in &os; &release.current;.</para>
<bridgehead renderas="sect3">NETNCP/Netware File System
Support</bridgehead>
<para>NETNCP and nwfs appear to be as-yet unadapted for KSE, and
hence not working. These have been fixed in &os;
&release.current;.</para>
<bridgehead renderas="sect3">&man.iir.4; controller</bridgehead>
<para>During installation, the &man.iir.4; controller appears to
probe correctly, but finds no disk devices.</para>
<bridgehead renderas="sect3">&man.truss.1; race condition</bridgehead>
<para>&man.truss.1; appears to contain a race condition during the
start-up of debugging, which can result in &man.truss.1; failing
to attach to the process before it exists. The symptom is that
&man.truss.1; reports that it cannot open the &man.procfs.5;
node supporting the process being debugged. A bug also appears
to exist wherein &man.truss.1; will hang if &man.execve.2;
returns <literal>ENOENT</literal> A further race appears to
exist in which &man.truss.1; will return <errorname>PIOCWAIT:
Input/output error</errorname> occasionally on startup. The fix
for this sufficiently changes process execution handling that it
has been deferred until after 5.0.</para>
<bridgehead renderas="sect3">Disk Partitioning in Installer</bridgehead>
<para>Some bugs have been reported in &man.sysinstall.8; disk
partitioning. One observed problem on the i386 is that
&man.sysinstall.8; cannot recalculate the free space left on a
disk after changing the type of an FDISK-type partition.</para>
<bridgehead renderas="sect3">Stale Documentation</bridgehead>
<para>In some case, documentation (such as the FAQ or Handbook)
has not been updated to take into account &os; &release.prev;
features. Examples of areas where documentation is still
needed include &man.gbde.8; and the new <quote>fast
IPsec</quote> implementation.</para>
<bridgehead renderas="sect3">SMB File System</bridgehead>
<para>Attempting to unmount smbfs shares may fail with
<errorname>Device busy</errorname> errors even when the
mount-point is not really busy. A workaround is to keep trying
to unmount the share until it eventually succeeds. This bug has
been fixed in &release.current;.</para>
<para>Forcefully unmounting (<command>umount -f</command>) smbfs
shares may cause a kernel panic. This bug has been fixed in
&release.current;.</para>
<bridgehead renderas="sect3">&man.fstat.2;</bridgehead>
<para>When called on a connected socket file descriptor,
&man.fstat.2; is supposed to return the number of bytes
available to read in the <varname>st_size</varname> member of
<varname>struct stat</varname>. However,
<varname>st_size</varname> is always erroneously reported as
<literal>0</literal> on TCP sockets. This bug has been fixed in
&release.current;.</para>
<bridgehead renderas="sect3">Kernel Event Queues</bridgehead>
<para>The &man.kqueue.2; <literal>EVFILT_READ</literal> filter
erroneously indicates that <literal>0</literal> bytes are
available to be read on TCP sockets, regardless of the number of
bytes that are actually available. The
<literal>NOTE_LOWAT</literal> flag for
<literal>EVFILT_READ</literal> is also broken on TCP sockets.
This bug has been fixed in &release.current;.</para>
<bridgehead renderas="sect3">POSIX Named Semaphores</bridgehead>
<para>&os; &release.prev; introduced support for POSIX named semaphores
but the implementation contains a critical bug that causes
&man.sem.open.3; to incorrectly handle the opening of the same
semaphore multiple times by the same process, and that causes
&man.sem.close.3; to crash calling programs. This bug has been
fixed in &release.current;.</para>
<bridgehead renderas="sect3"><filename>/dev/tty</filename>
Permissions</bridgehead>
<para>&os; &release.prev; has a minor bug in how the permissions of
<filename>/dev/tty</filename> are handled. This can be
triggered by logging in as a non-<username>root</username>,
non-<groupname>tty</groupname> group user, and using &man.su.1;
to switch to a second non-<username>root</username>,
non-<groupname>tty</groupname> group user. &man.ssh.1; will
fail because it cannot open <filename>/dev/tty</filename>. This
bug has been fixed in &release.current;.</para>
<bridgehead renderas="sect3">&man.growfs.8;</bridgehead>
<para>&man.growfs.8; no longer works on &man.vinum.4; volumes (and
presumably, on &man.geom.4; entities) since these subsystems no
longer fake disklabels, but &man.growfs.8; insists on examining
a label.</para>
<bridgehead renderas="sect3">IPFW</bridgehead>
<para>&man.ipfw.4; <literal>skipto</literal> rules do not work
when coupled with the <literal>log</literal> keyword.
&man.ipfw.4; <literal>uid</literal> rules also do not work
properly. These bugs
have been fixed in &release.current;.</para>
<bridgehead renderas="sect3">Passwords and &man.adduser.8;</bridgehead>
<para>&man.adduser.8; does not correctly handle setting user
passwords containing special shell characters. This problem has
been corrected in &release.current;.</para>
<bridgehead renderas="sect3">&man.xl.4;</bridgehead>
<para>The &man.xl.4; driver has a timing bug that may cause a
kernel panic (or other problems) when attempting to configure an
interface. This bug has been fixed in &release.current;.</para>
<bridgehead renderas="sect3">ISC DHCP</bridgehead>
<para><application>ISC DHCP</application> was updated to
3.0.1rc11. This update was actually a part of &os;
&release.prev;, but was not documented in the release
notes.</para>
<bridgehead renderas="sect3">&man.amd.8;
Interoperability</bridgehead>
<para>&release.prev; contains some bugs in its non-blocking RPC
code. The most noticeable side-effect of these bugs was that
&man.amd.8; users were not able to mount volumes from a
&release.prev; server. This bug has been fixed in
&release.current;.</para>
<bridgehead renderas="sect3">nsswitch</bridgehead>
<para>The release note documenting the addition of
<application>nsswitch</application> support gave an incorrect
name for the old resolver configuration file. It should have
been listed as <filename>/etc/host.conf</filename>.</para>
<bridgehead renderas="sect3">Mailman</bridgehead>
<para>Recently the mailing lists were changed from majordomo
to the currently used Mailman list server. More information
about using the new mailing lists can be found by visiting the
<ulink url="http://www.FreeBSD.org/mailman/listinfo/">FreeBSD
Mailman Info Page</ulink>.</para>
</sect1>
</article>
|
