1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
|
<!--
FreeBSD errata document. Unlike some of the other RELNOTESng
files, this file should remain as a single SGML file, so that
the dollar FreeBSD dollar header has a meaningful modification
time. This file is all but useless without a datestamp on it,
so we'll take some extra care to make sure it has one.
(If we didn't do this, then the file with the datestamp might
not be the one that received the last change in the document.)
-->
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN">
%man;
<!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN">
%authors;
<!ENTITY % mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN">
%mlists;
<!ENTITY % trademarks PUBLIC "-//FreeBSD//ENTITIES DocBook Trademark Entities//EN">
%trademarks;
<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
%release;
<!ENTITY % misc PUBLIC "-//FreeBSD//ENTITIES DocBook Miscellaneous FreeBSD Entities//EN">
%misc;
]>
<article>
<articleinfo>
<title>&os;
<![ %release.type.snapshot [
&release.prev;
]]>
<![ %release.type.release [
&release.current;
]]>
Errata</title>
<corpauthor>
The &os; Project
</corpauthor>
<pubdate>$FreeBSD$</pubdate>
<copyright>
<year>2000</year>
<year>2001</year>
<year>2002</year>
<year>2003</year>
<year>2004</year>
<holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
</copyright>
<legalnotice id="trademarks" role="trademarks">
&tm-attrib.freebsd;
&tm-attrib.intel;
&tm-attrib.sparc;
&tm-attrib.general;
</legalnotice>
</articleinfo>
<abstract>
<para>This document lists errata items for &os;
<![ %release.type.snapshot [
&release.prev;,
]]>
<![ %release.type.release [
&release.current;,
]]>
containing significant information discovered after the release
or too late in the release cycle to be otherwise included in the
release documentation.
This information includes security advisories, as well as news
relating to the software or documentation that could affect its
operation or usability. An up-to-date version of this document
should always be consulted before installing this version of
&os;.</para>
<para>This errata document for &os;
<![ %release.type.snapshot [
&release.prev;
]]>
<![ %release.type.release [
&release.current;
]]>
will be maintained until the release of &os; &release.next;.</para>
</abstract>
<sect1 id="intro">
<title>Introduction</title>
<para>This errata document contains <quote>late-breaking news</quote>
about &os;
<![ %release.type.snapshot [
&release.prev;.
]]>
<![ %release.type.release [
&release.current;.
]]>
Before installing this version, it is important to consult this
document to learn about any post-release discoveries or problems
that may already have been found and fixed.</para>
<para>Any version of this errata document actually distributed
with the release (for example, on a CDROM distribution) will be
out of date by definition, but other copies are kept updated on
the Internet and should be consulted as the <quote>current
errata</quote> for this release. These other copies of the
errata are located at <ulink
url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites
which keep up-to-date mirrors of this location.</para>
<para>Source and binary snapshots of &os; &release.branch; also
contain up-to-date copies of this document (as of the time of
the snapshot).</para>
<para>For a list of all &os; CERT security advisories, see <ulink
url="http://www.FreeBSD.org/security/"></ulink> or <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para>
</sect1>
<sect1 id="security">
<title>Security Advisories</title>
<![ %release.type.release [
<para>No advisories.</para>
]]>
<![ %release.type.snapshot [
<para>No advisories.</para>
]]>
</sect1>
<sect1 id="open-issues">
<title>Open Issues</title>
<![ %release.type.release [
<para>No open issues.</para>
]]>
<![ %release.type.snapshot [
<para>(9 Jan 2004) Due to a change in &man.cpp.1; behavior, the
login screen for &man.xdm.1; is in black and white, even on
systems with color displays. As a workaround, update to a newer
version of the
<filename role="package">x11/XFree86-4-clients</filename>
port/package.</para>
<para>(9 Jan 2004) There remain some residual problems with ACPI.
In some cases, systems may behave erratically, or hang at boot
time. As a workaround, disable ACPI, using the <quote>safe
mode</quote> option of the bootloader or using the
<varname>hint.acpi.0.disabled</varname> kernel environment
variable. These problems are being investigated. For problems
that have not already been reported (check the mailing list
archives <emphasis>before</emphasis> posting), sending the
output of &man.dmesg.8; and &man.acpidump.8; to the
&a.current; may help diagnose the problem.</para>
<para>(9 Jan 2004) In some cases, ATA devices may behave
erratically, particularly SATA devices. Reported symptoms
include command timeouts or missing interrupts. These problems
appear to be timing-dependent, making them rather difficult to
isolate. Workarounds include:</para>
<itemizedlist>
<listitem>
<para>Turn off ATA DMA using the <quote>safe mode</quote>
option of the bootloader or the
<varname>hw.ata.ata_dma</varname> sysctl variable.</para>
</listitem>
<listitem>
<para>Use the host's BIOS setup options to put the ATA
controller in its <quote>legacy mode</quote>, if
available.</para>
</listitem>
<listitem>
<para>Disable ACPI, for example using the <quote>safe mode</quote>
option of the bootloader or using the
<varname>hint.acpi.0.disabled</varname> kernel environment
variable.</para>
</listitem>
</itemizedlist>
<para>(9 Jan 2004) Installing over NFS when using the install
floppies requires that the <filename>nfsclient.ko</filename>
module be manually loaded from the third floppy disk. This can
be done by following the prompts when &man.sysinstall.8;
launches to load a driver off of the third floppy disk.</para>
<para>(9 Jan 2004) The use of multiple vchans (virtual audio
channels with dynamic mixing in software) in the &man.pcm.4;
driver has been known to cause some instability.</para>
<para>(10 Jan 2004) Although APIC interrupt routing seems to work
correctly on many systems, on some others (such as some laptops)
it can cause various errors, such as &man.ata.4; errors or hangs
when starting or exiting X11. For these situations, it may be
advisable to disable APIC routing, using the <quote>safe
mode</quote> of the bootloader or the
<varname>hint.apic.0.disabled</varname> loader tunable. Note
that disabling APIC is not compatible with SMP systems.</para>
<para>(10 Jan 2004) The NFSv4 client may panic when attempting an
NFSv4 operation against an NFSv3/NFSv2-only server. This
problem has been fixed with revision 1.4 of
<filename>src/sys/rpc/rpcclnt.c</filename> in &os;
&release.current;.</para>
<para>(11 Jan 2004) Some problems have been encountered when using
third-party NSS modules, such as <filename>nss_ldap</filename>,
and groups with large membership lists. These have been fixed
with revision 1.2 of <filename>src/include/nss.h</filename> and
revision 1.2 of
<filename>src/lib/libc/net/nss_compat.c</filename> in &os;
&release.current;.</para>
<para>(13 Jan 2004) The &os; &release.current; release notes
incorrectly stated that <application>GCC</application> was a
post-release GCC 3.3.3 snapshot. They should have stated that
GCC was a <emphasis>pre-release</emphasis> GCC 3.3.3
snapshot.</para>
<para>(13 Jan 2004) The <filename
role="package">sysutils/kdeadmin3</filename> port/package has a
bug in the <application>KUser</application> component that can
cause deletion of the <username>root</username> user from the
system password file. Users are strongly urged to upgrade to
version 3.1.4_1 of this port/package.</para>
<para>(21 Jan 2004) Some bugs in the IPsec implementation imported
from the KAME Project can result in memory objects being freed
before all references to them were removed. Reported symptoms
include erratic behavior or kernel panics after flushing the
Security Policy Database (SPD). Some of these problems have
been fixed in &os; &release.current; in rev. 1.31 of
<filename>src/sys/netinet6/ipsec.c</filename>, rev. 1.136 of
<filename>src/sys/netinet/in_pcb.c</filename>, and revs. 1.63
and 1.64 of <filename>src/sys/netkey/key.c</filename>. More
information about these problems has been posted to the
&a.current;, in particular the thread entitled <ulink
url="http://lists.freebsd.org/pipermail/freebsd-current/2004-January/thread.html#18084">
<quote>[PATCH] IPSec fixes</quote></ulink>.</para>
]]>
</sect1>
<sect1 id="late-news">
<title>Late-Breaking News</title>
<![ %release.type.release [
<para>No news.</para>
]]>
<![ %release.type.snapshot [
<para>(10 Jan 2004) The TCP implementation in &os; now includes
protection against a certain class of TCP MSS resource
exhaustion attacks, in the form of limits on the size and rate
of TCP segments. The first limit sets the minimum allowed
maximum TCP segment size, and is controlled by the
<varname>net.inet.tcp.minmss</varname> sysctl variable (the
default value is <literal>216</literal> bytes). The second
limit is set by the
<varname>net.inet.tcp.minmssoverload</varname> variable, and
controls the maximum rate of connections whose average segment
size is less than <varname>net.inet.tcp.minmss</varname>.
Connections exceeding this packet rate are reset and dropped.
Because this feature was added late in the &release.prev;
release cycle, connection rate limiting is disabled by default,
but can be enabled manually by assigning a non-zero value to
<varname>net.inet.tcp.minmssoverload</varname> (the default
value in &release.current; at the time of this writing is
<literal>1000</literal> packets per second).</para>
]]>
</sect1>
</article>
|
