2 FreeBSD errata document. Unlike some of the other RELNOTESng
3 files, this file should remain as a single SGML file, so that
4 the dollar FreeBSD dollar header has a meaningful modification
5 time. This file is all but useless without a datestamp on it,
6 so we'll take some extra care to make sure it has one.
8 (If we didn't do this, then the file with the datestamp might
9 not be the one that received the last change in the document.)
13 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
14 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
17 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
19 <!ENTITY release.bugfix "7.1-RELEASE">
25 <![ %release.type.current [
28 <![ %release.type.snapshot [
31 <![ %release.type.release [
40 <pubdate>$FreeBSD$</pubdate>
45 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
48 <legalnotice id="trademarks" role="trademarks">
57 <para>This document lists errata items for &os;
58 <![ %release.type.current [
61 <![ %release.type.snapshot [
64 <![ %release.type.release [
67 containing significant information discovered after the release
68 or too late in the release cycle to be otherwise included in the
69 release documentation.
70 This information includes security advisories, as well as news
71 relating to the software or documentation that could affect its
72 operation or usability. An up-to-date version of this document
73 should always be consulted before installing this version of
76 <para>This errata document for &os;
77 <![ %release.type.current [
80 <![ %release.type.snapshot [
83 <![ %release.type.release [
86 will be maintained until the release of &os; &release.next;.</para>
90 <title>Introduction</title>
92 <para>This errata document contains <quote>late-breaking news</quote>
94 <![ %release.type.current [
97 <![ %release.type.snapshot [
100 <![ %release.type.release [
103 Before installing this version, it is important to consult this
104 document to learn about any post-release discoveries or problems
105 that may already have been found and fixed.</para>
107 <para>Any version of this errata document actually distributed
108 with the release (for example, on a CDROM distribution) will be
109 out of date by definition, but other copies are kept updated on
110 the Internet and should be consulted as the <quote>current
111 errata</quote> for this release. These other copies of the
112 errata are located at <ulink
113 url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites
114 which keep up-to-date mirrors of this location.</para>
116 <para>Source and binary snapshots of &os; &release.branch; also
117 contain up-to-date copies of this document (as of the time of
118 the snapshot).</para>
120 <para>For a list of all &os; CERT security advisories, see <ulink
121 url="http://www.FreeBSD.org/security/"></ulink> or <ulink
122 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para>
126 <sect1 id="security">
127 <title>Security Advisories</title>
129 <para>No advisories.</para>
132 <para>The following security advisories pertain to &os; &release.bugfix;.
133 For more information, consult the individual advisories available from
134 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
136 <informaltable frame="none" pgwide="0">
138 <colspec colwidth="1*">
139 <colspec colwidth="1*">
140 <colspec colwidth="3*">
143 <entry>Advisory</entry>
151 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:05.openssh.asc"
152 >SA-08:05.openssh</ulink></entry>
153 <entry>17 April 2008</entry>
154 <entry><para>OpenSSH X11-forwarding privilege escalation</para></entry>
163 <sect1 id="open-issues">
164 <title>Open Issues</title>
166 <para>[20090105] As in the Announcement of 7.1-RELEASE, certain Intel NICs
167 will come up as &man.igb.4; instead of &man.em.4; in this
168 release. There are only 3 PCI ID's that should have
169 their name changed from &man.em.4; to &man.igb.4;:</para>
173 <para>0x10A78086</para>
177 <para>0x10A98086</para>
181 <para>0x10D68086</para>
185 <para>You should be able to determine if your card will
186 change names by running the following command:</para>
188 <screen>&prompt.user; pciconf -l
190 em0@pci0:0:25:0: class=0x020000 card=0x02381028 chip=0x10c08086 rev=0x02 hdr=0x00</screen>
192 <para>and for the line representing your NIC (should be named
193 <emphasis>em</emphasis> on older systems,
194 e.g. <emphasis>em0</emphasis> or <emphasis>em1</emphasis>, etc)
195 check the fourth column. If that says
196 <literal>chip=0x10a78086</literal> (or one of the other two IDs
197 given above) you will have the adapter's name change.</para>
200 <sect1 id="late-news">
201 <title>Late-Breaking News and Corrections</title>
203 <para>[20090105] The Release Notes for 7.1-RELEASE should have
204 mentioned that the &man.procstat.1; utility has been added.
205 This is a process inspection utility which provides both some of
206 the missing functionality from &man.procfs.5; and new
207 functionality for monitoring and debugging specific
210 <para>[20090105] The Release Notes for 7.1-RELEASE should have mentioned
211 changes that the &man.ae.4; driver has been added to provide support
212 for the Attansic/Atheros L2 FastEthernet controllers.
213 This driver is not enabled in <filename>GENERIC</filename>
214 kernels for this release.</para>
216 <para>[20090105] The Release Notes for 7.1-RELEASE included the
217 following misdescriptions:</para>
221 <para>In the entry of &man.linux.4; ABI support,
222 <function>get_setaffinity()</function> should have been
223 <function>sched_setaffinity()</function>.</para>
227 <para>[20090105] The Release Notes for 7.1-RELEASE should have
228 mentioned changes that the &man.jme.4; driver has been added to
229 provide support for PCIe adapters based on JMicron JMC250
230 gigabit Ethernet and JMC260 fast Ethernet controllers.</para>
232 <para>[20090105] The Release Notes for 7.1-RELEASE should have
233 mentioned changes that the &man.age.4; driver has been added to
234 provide support for Attansic/Atheros L1 gigabit Ethernet
237 <para>[20090105] The Release Notes for 7.1-RELEASE should have
238 mentioned changes that the &man.malo.4; driver has been added to
239 provide support for Marvell Libertas 88W8335 based PCI network
242 <para>[20090105] The Release Notes for 7.1-RELEASE should have
243 mentioned changes that the bm(4) driver has been added to
244 provide support for Apple Big Mac (BMAC) Ethernet controller,
245 found on various Apple G3 models.</para>
247 <para>[20090105] The Release Notes for 7.1-RELEASE should have
248 mentioned changes that the et(4) driver has been added to
249 provide support for Agere ET1310 10/100/Gigabit Ethernet
252 <para>[20090105] The Release Notes for 7.1-RELEASE should have
253 mentioned changes that the &man.glxsb.4; driver has been added
254 to provide support for the Security Block in AMD Geode LX
257 <para>[20090105] The Release Notes for 7.1-RELEASE should have
258 mentioned that &os; now supports multiple routing tables. To
259 enable this, the following steps are needed:</para>
263 <para>Add the following kernel configuration option and
264 rebuild the kernel. The <literal>2</literal> is the number
265 of FIB (Forward Information Base, synonym for a routing
266 table here). The maximum value is 16.</para>
268 <programlisting>options ROUTETABLES=2</programlisting>
270 <para>The procedure for rebuilding the &os; kernel is
271 described in the <ulink
272 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html#AEN30408">&os;
273 Handbook</ulink>.</para>
275 <para>This number can be modified on boot time. To do so, add
276 the following to <filename>/boot/loader.conf</filename> and
277 reboot the system:</para>
279 <programlisting>net.fibs=6</programlisting>
283 <para>Set a loader tunable <varname>net.my_fibnum</varname> if
284 needed. This means the default number of routing tables.
285 If not specified, <literal>0</literal> will be used.</para>
289 <para>Set a loader tunable
290 <varname>net.add_addr_allfibs</varname> if needed. This
291 enables to add routes to all FIBs for new interfaces by
292 default. When this is set to <literal>0</literal>, it will
293 only allocate routes on interface changes for the FIB of the
294 caller when adding a new set of addresses to an interface.
295 Note that this tunable is set to <literal>1</literal> by
300 <para>To select one of the FIBs, the new &man.setfib.1; utility
301 can be used. This set an associated FIB with the process. For
304 <screen>&prompt.root; setfib -3 ping target.example.com</screen>
306 <para>The FIB #3 will be used for the &man.ping.8; command.</para>
308 <para>The FIB which the packet will be associated with will be
309 determined in the following rules:</para>
313 <para>All packets which have a FIB associated with them will
314 use the FIB. If not, FIB #0 will be used.</para>
318 <para>A packet received on an interface for forwarding uses
323 <para>A TCP listen socket associated with an FIB will generate
324 accept sockets which are associated with the same FIB.</para>
328 <para>A packet generated in response to other packet uses the
329 FIB associated with the packet being responded to.</para>
333 <para>A packet generated on tunnel interfaces such as
334 &man.gif.4; and &man.tun.4; will be encapsulated using the
335 FIB of the process which set up the tunnel.</para>
339 <para>Routing messages will be associated with the process's
344 <para>Also, the &man.ipfw.8; now supports an action rule
345 <literal>setfib</literal>. The following action:</para>
347 <programlisting>setfib <replaceable>fibnum</replaceable></programlisting>
349 <para>will make the matched packet use the FIB specified in
350 <replaceable>fibnum</replaceable>. The rule processing
351 continues at the next rule.</para>