Date: Sun, 9 Jun 2013 15:10:56 +0000 (UTC) From: Hiroki Sato <hrs@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r41887 - head/en_US.ISO8859-1/htdocs/releases/8.4R Message-ID: <201306091510.r59FAuuK054808@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hrs Date: Sun Jun 9 15:10:55 2013 New Revision: 41887 URL: http://svnweb.freebsd.org/changeset/doc/41887 Log: Regen from r251576. Modified: head/en_US.ISO8859-1/htdocs/releases/8.4R/errata.html Modified: head/en_US.ISO8859-1/htdocs/releases/8.4R/errata.html ============================================================================== --- head/en_US.ISO8859-1/htdocs/releases/8.4R/errata.html Sun Jun 9 14:29:03 2013 (r41886) +++ head/en_US.ISO8859-1/htdocs/releases/8.4R/errata.html Sun Jun 9 15:10:55 2013 (r41887) @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>FreeBSD 8.4-RELEASE Errata</title><link rel="stylesheet" href="docbook.css" type="text/css" /><link rev="made" href="doc@FreeBSD.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="FreeBSD 8.4-RELEASE Errata"><div xmlns="" class="titlepage"><div><div><h2 xmlns="http://www.w3.org/1999/xhtml" class="title"><a id="idp53952848"></a>FreeBSD 8.4-RELEASE Errata </h2></div><div><h3 xmlns="http://www.w3.org/1999/xhtml" class="corpauthor"> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>FreeBSD 8.4-RELEASE Errata</title><link rel="stylesheet" href="docbook.css" type="text/css" /><link rev="made" href="doc@FreeBSD.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="FreeBSD 8.4-RELEASE Errata"><div xmlns="" class="titlepage"><div><div><h2 xmlns="http://www.w3.org/1999/xhtml" class="title"><a id="idp53953232"></a>FreeBSD 8.4-RELEASE Errata </h2></div><div><h3 xmlns="http://www.w3.org/1999/xhtml" class="corpauthor"> The FreeBSD Project </h3></div><div><p xmlns="http://www.w3.org/1999/xhtml" class="copyright">Copyright © 2013 The FreeBSD Documentation Project</p></div><div><div xmlns="http://www.w3.org/1999/xhtml" class="legalnotice" title="Legal Notice"><a id="trademarks"></a><p>FreeBSD is a registered trademark of the FreeBSD Foundation.</p><p>Intel, Celeron, EtherExpress, i386, @@ -14,7 +14,7 @@ as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the <span class="quote">“<span class="quote">™</span>”</span> or the - <span class="quote">“<span class="quote">®</span>”</span> symbol.</p></div></div><div>Last modified on 2013-06-08 by hrs.</div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#intro">1. Introduction</a></span></dt><dt><span class="sect1"><a href="#security">2. Security Advisories</a></span></dt><dt><span class="sect1"><a href="#open-issues">3. Open Issues</a></span></dt><dt><span class="sect1"><a href="#late-news">4. Late-Breaking News and Corrections</a></span></dt></dl></div><div class="abstract" title="Abstract"><p class="title"><b>Abstract</b></p><p>This document lists errata items for FreeBSD 8.4-RELEASE, + <span class="quote">“<span class="quote">®</span>”</span> symbol.</p></div></div><div>Last modified on 2013-06-09 by hrs.</div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#intro">1. Introduction</a></span></dt><dt><span class="sect1"><a href="#security">2. Security Advisories</a></span></dt><dt><span class="sect1"><a href="#open-issues">3. Open Issues</a></span></dt><dt><span class="sect1"><a href="#late-news">4. Late-Breaking News and Corrections</a></span></dt></dl></div><div class="abstract" title="Abstract"><p class="title"><b>Abstract</b></p><p>This document lists errata items for FreeBSD 8.4-RELEASE, containing significant information discovered after the release or too late in the release cycle to be otherwise included in the release documentation. @@ -37,7 +37,39 @@ contain up-to-date copies of this document (as of the time of the snapshot).</p><p>For a list of all FreeBSD CERT security advisories, see <a class="ulink" href="http://www.FreeBSD.org/security/" target="_top">http://www.FreeBSD.org/security/</a> or <a class="ulink" href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/" target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p></div><div class="sect1" title="2. Security Advisories"><div xmlns="" class="titlepage"><div><div><h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a id="security"></a>2. Security Advisories</h2></div></div></div><p>The following security advisories pertain to FreeBSD 8.4-RELEASE. For more information, consult the individual advisories available from - <a class="ulink" href="http://security.FreeBSD.org/" target="_top">http://security.FreeBSD.org/</a>.</p><div class="informaltable"><table width="100%" border="0"><colgroup><col /><col /><col /></colgroup><thead><tr><th>Advisory</th><th>Date</th><th>Topic</th></tr></thead><tbody><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:01.openssl.asc" target="_top">SA-12:01.openssl</a></td><td>03 May 2012</td><td><p>OpenSSL multiple vulnerabilities</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc" target="_top">SA-12:02.crypt</a></td><td>30 May 2012</td><td><p>Incorrect crypt() hashing</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:03.bind.asc" target="_top">SA-12:03.bind</a></td><td>12 June 2012</td><td><p>Incorrect handling of zero-length RDATA fields in named(8)</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/a dvisories/FreeBSD-SA-12:04.sysret.asc" target="_top">SA-12:04.sysret</a></td><td>12 June 2012</td><td><p>Privilege escalation when returning from kernel</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:05.bind.asc" target="_top">SA-12:05.bind</a></td><td>06 August 2012</td><td><p>named(8) DNSSEC validation Denial of Service</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:06.bind.asc" target="_top">SA-12:06.bind</a></td><td>22 November 2012</td><td><p>Multiple Denial of Service vulnerabilities with named(8)</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:07.hostapd.asc" target="_top">SA-12:07.hostapd</a></td><td>22 November 2012</td><td><p>Insufficient message length validation for EAP-TLS messages</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:08.linux.asc" target="_top">SA-12:08.li nux</a></td><td>22 November 2012</td><td><! p>Linux compatibility layer input validation error</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-13:02.libc.asc" target="_top">SA-13:02.libc</a></td><td>19 February 2013</td><td><p>glob(3) related resource exhaustion</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-13:03.openssl.asc" target="_top">SA-13:03.openssl</a></td><td>02 April 2013</td><td><p>OpenSSL multiple vulnerabilities</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-13:04.bind.asc" target="_top">SA-13:04.bind</a></td><td>02 April 2013</td><td><p>BIND remote denial of service</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-13:05.nfsserver.asc" target="_top">SA-13:05.nfsserver</a></td><td>29 April 2013</td><td><p>Insufficient input validation in the NFS server</p></td></tr></tbody></table></div></div><div class="sect1" title="3. O pen Issues"><div xmlns="" class="titlepage"><div><div><h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a id="open-issues"></a>3. Open Issues</h2></div></div></div><p>[20130608] FreeBSD 8.4-RELEASE no longer supports FreeBSD CVS + <a class="ulink" href="http://security.FreeBSD.org/" target="_top">http://security.FreeBSD.org/</a>.</p><div class="informaltable"><table width="100%" border="0"><colgroup><col /><col /><col /></colgroup><thead><tr><th>Advisory</th><th>Date</th><th>Topic</th></tr></thead><tbody><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:01.openssl.asc" target="_top">SA-12:01.openssl</a></td><td>03 May 2012</td><td><p>OpenSSL multiple vulnerabilities</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc" target="_top">SA-12:02.crypt</a></td><td>30 May 2012</td><td><p>Incorrect crypt() hashing</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:03.bind.asc" target="_top">SA-12:03.bind</a></td><td>12 June 2012</td><td><p>Incorrect handling of zero-length RDATA fields in named(8)</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/a dvisories/FreeBSD-SA-12:04.sysret.asc" target="_top">SA-12:04.sysret</a></td><td>12 June 2012</td><td><p>Privilege escalation when returning from kernel</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:05.bind.asc" target="_top">SA-12:05.bind</a></td><td>06 August 2012</td><td><p>named(8) DNSSEC validation Denial of Service</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:06.bind.asc" target="_top">SA-12:06.bind</a></td><td>22 November 2012</td><td><p>Multiple Denial of Service vulnerabilities with named(8)</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:07.hostapd.asc" target="_top">SA-12:07.hostapd</a></td><td>22 November 2012</td><td><p>Insufficient message length validation for EAP-TLS messages</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-12:08.linux.asc" target="_top">SA-12:08.li nux</a></td><td>22 November 2012</td><td><! p>Linux compatibility layer input validation error</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-13:02.libc.asc" target="_top">SA-13:02.libc</a></td><td>19 February 2013</td><td><p>glob(3) related resource exhaustion</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-13:03.openssl.asc" target="_top">SA-13:03.openssl</a></td><td>02 April 2013</td><td><p>OpenSSL multiple vulnerabilities</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-13:04.bind.asc" target="_top">SA-13:04.bind</a></td><td>02 April 2013</td><td><p>BIND remote denial of service</p></td></tr><tr><td><a class="ulink" href="http://security.freebsd.org/advisories/FreeBSD-SA-13:05.nfsserver.asc" target="_top">SA-13:05.nfsserver</a></td><td>29 April 2013</td><td><p>Insufficient input validation in the NFS server</p></td></tr></tbody></table></div></div><div class="sect1" title="3. O pen Issues"><div xmlns="" class="titlepage"><div><div><h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a id="open-issues"></a>3. Open Issues</h2></div></div></div><p>[20130609] There is incompatibility in <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">jail</span>(8)</span></a> + configuration because the <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">jail</span>(8)</span></a> utility and + <code class="filename">rc.d/jail</code> script has been changed. More + specifically, the following <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=sysctl&amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">sysctl</span>(8)</span></a> variables cannot be + used to set the default parameters for jails:</p><pre class="programlisting">security.jail.mount_zfs_allowed +security.jail.mount_procfs_allowed +security.jail.mount_nullfs_allowed +security.jail.mount_devfs_allowed +security.jail.mount_allowed +security.jail.chflags_allowed +security.jail.allow_raw_sockets +security.jail.sysvipc_allowed +security.jail.socket_unixiproute_only +security.jail.set_hostname_allowed</pre><p>These could be set by manually using <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=sysctl&amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">sysctl</span>(8)</span></a> utility, + the <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=sysctl.conf&amp;sektion=5"><span class="citerefentry"><span class="refentrytitle">sysctl.conf</span>(5)</span></a> file, or for some of them the following + variables in <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=rc.conf&amp;sektion=5"><span class="citerefentry"><span class="refentrytitle">rc.conf</span>(5)</span></a>:</p><pre class="programlisting">jail_set_hostname_allow="yes" +jail_socket_unixiproute_only="yes" +jail_sysvipc_allow="yes"</pre><p>These parameters must now be specified in + <code class="varname">jail_parameters</code> (or + <code class="varname">jail_<em class="replaceable"><code>jailname</code></em>_parameters</code> + for per-jail configuration) in <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=rc.conf&amp;sektion=5"><span class="citerefentry"><span class="refentrytitle">rc.conf</span>(5)</span></a>. For + example:</p><pre class="programlisting">jail_parameters="allow.sysvipc allow.raw_sockets"</pre><p>The valid keywords are the following. For more detail, see + <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">jail</span>(8)</span></a> manual page.</p><pre class="programlisting">allow.set_hostname +allow.sysvipc +allow.raw_sockets +allow.chflags +allow.mount +allow.mount.devfs +allow.mount.nullfs +allow.mount.procfs +allow.mount.zfs +allow.quotas +allow.socket_af</pre><p>[20130608] FreeBSD 8.4-RELEASE no longer supports FreeBSD CVS repository. Some documents mistakenly refer to <code class="literal">RELENG_8_4_0_RELEASE</code> as CVS tag for the release and <code class="literal">RELENG_8_4</code> as CVS branch tag for the @@ -49,12 +81,8 @@ <code class="literal">RELENG_8_4_0_RELEASE</code> corresponds to <code class="literal">svn://svn.FreeBSD.org/base/release/8.4.0</code>. Please note that FreeBSD source tree for 8.4-RELEASE and its security - branch cannot be updated by using official CVSup servers.</p><p>[20130607] The <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=bge&amp;sektion=4"><span class="citerefentry"><span class="refentrytitle">bge</span>(4)</span></a> network interface driver has an - issue when TSO (TCP Segmentation Offload) is enabled. It causes - intermittent reset and re-initialization.</p><p>A workaround is disabling the TSO feature. One can disable - it by adding the following line into the <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=rc.conf&amp;sektion=5"><span class="citerefentry"><span class="refentrytitle">rc.conf</span>(5)</span></a> - file:</p><pre class="programlisting">ifconfig_<em class="replaceable"><code>bge0</code></em>="-tso"</pre><p>or by using the <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=ifconfig&amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">ifconfig</span>(8)</span></a> utility manually:</p><pre class="screen"><code class="prompt">#</code> <code class="userinput">ifconfig <em class="replaceable"><code>bge0</code></em> -tso</code></pre><p>A patch to fix this issue will be released as an Errata - Notice.</p><p>[20130606] The <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=fxp&amp;sektion=4"><span class="citerefentry"><span class="refentrytitle">fxp</span>(4)</span></a> network interface driver may not + branch cannot be updated by using official CVSup servers.</p><p>[20130607] (removed about a <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=bge&amp;sektion=4"><span class="citerefentry"><span class="refentrytitle">bge</span>(4)</span></a> network interface + driver issue because it was incorrect)</p><p>[20130606] The <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=fxp&amp;sektion=4"><span class="citerefentry"><span class="refentrytitle">fxp</span>(4)</span></a> network interface driver may not work well with the <a class="citerefentry" href="http://www.FreeBSD.org/cgi/man.cgi?query=dhclient&amp;sektion=8"><span class="citerefentry"><span class="refentrytitle">dhclient</span>(8)</span></a> utility. More specifically, if the <code class="filename">/etc/rc.conf</code> has the following line:</p><pre class="programlisting">ifconfig_fxp0="DHCP"</pre><p>to activate a DHCP client to configure the network
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306091510.r59FAuuK054808>