Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

[FreeBSD/releng/9.1.git] / release / doc / en_US.ISO8859-1 / errata / article.sgml

<!--
        FreeBSD errata document.  Unlike some of the other RELNOTESng
        files, this file should remain as a single SGML file, so that
        the dollar FreeBSD dollar header has a meaningful modification
        time.  This file is all but useless without a datestamp on it,
        so we'll take some extra care to make sure it has one.

        (If we didn't do this, then the file with the datestamp might
        not be the one that received the last change in the document.)

-->

<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
%articles.ent;

<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
%release;
]>

<article>
  <articleinfo>
    <title>&os;
<![ %release.type.current [
    &release.current;
]]>
<![ %release.type.snapshot [
    &release.prev;
]]>
<![ %release.type.release [
    &release.current;
]]>
    Errata</title>

    <corpauthor>
    The &os; Project
    </corpauthor>

    <pubdate>$FreeBSD$</pubdate>

    <copyright>
      <year>2012</year>
      <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
    </copyright>

    <legalnotice id="trademarks" role="trademarks">
      &tm-attrib.freebsd;
      &tm-attrib.intel;
      &tm-attrib.sparc;
      &tm-attrib.general;
    </legalnotice>
  </articleinfo>

  <abstract>
    <para>This document lists errata items for &os;
<![ %release.type.current [
      &release.current;,
]]>
<![ %release.type.snapshot [
      &release.prev;,
]]>
<![ %release.type.release [
      &release.current;,
]]>
      containing significant information discovered after the release
      or too late in the release cycle to be otherwise included in the
      release documentation.
      This information includes security advisories, as well as news
      relating to the software or documentation that could affect its
      operation or usability.  An up-to-date version of this document
      should always be consulted before installing this version of
      &os;.</para>

    <para>This errata document for &os;
<![ %release.type.current [
      &release.current;
]]>
<![ %release.type.snapshot [
      &release.prev;
]]>
<![ %release.type.release [
      &release.current;
]]>
      will be maintained until the release of &os; &release.next;.</para>
  </abstract>

  <sect1 id="intro">
    <title>Introduction</title>

    <para>This errata document contains <quote>late-breaking news</quote>
      about &os;
<![ %release.type.current [
      &release.current;.
]]>
<![ %release.type.snapshot [
      &release.prev;.
]]>
<![ %release.type.release [
      &release.current;.
]]>
      Before installing this version, it is important to consult this
      document to learn about any post-release discoveries or problems
      that may already have been found and fixed.</para>

    <para>Any version of this errata document actually distributed
      with the release (for example, on a CDROM distribution) will be
      out of date by definition, but other copies are kept updated on
      the Internet and should be consulted as the <quote>current
      errata</quote> for this release.  These other copies of the
      errata are located at <ulink
      url="http://www.FreeBSD.org/releases/"></ulink>, plus any sites
      which keep up-to-date mirrors of this location.</para>

    <para>Source and binary snapshots of &os; &release.branch; also
      contain up-to-date copies of this document (as of the time of
      the snapshot).</para>

    <para>For a list of all &os; CERT security advisories, see <ulink
      url="http://www.FreeBSD.org/security/"></ulink> or <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para>

  </sect1>

  <sect1 id="security">
    <title>Security Advisories</title>

    <para>Problems described in the following security advisories have
      been fixed in &release.current;.  For more information, consult
      the individual advisories available from <ulink
        url="http://security.FreeBSD.org/"></ulink>.</para>

    <informaltable frame="none" pgwide="1">
      <tgroup cols="3">
      <colspec colwidth="1*">
      <colspec colwidth="1*">
      <colspec colwidth="3*">

      <thead>
          <row>
            <entry>Advisory</entry>
            <entry>Date</entry>
            <entry>Topic</entry>
          </row>
        </thead>

        <tbody>
          <row>
            <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:01.mountd.asc"
                >SA-11:01.mountd</ulink></entry>
            <entry>20&nbsp;April&nbsp;2011</entry>
            <entry><para>Network ACL mishandling in &man.mountd.8;</para></entry>
          </row>

          <row>
            <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc"
                >SA-11:02.bind</ulink></entry>
            <entry>28&nbsp;May&nbsp;2011</entry>
            <entry><para>BIND remote DoS with large RRSIG RRsets and negative
                caching</para></entry>
          </row>

          <row>
            <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc"
                >SA-11:04.compress</ulink></entry>
            <entry>28&nbsp;September&nbsp;2011</entry>
            <entry><para>Errors handling corrupt compress file in
                &man.compress.1; and &man.gzip.1;</para></entry>
          </row>

          <row>
            <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc"
                >SA-11:05.unix</ulink></entry>
            <entry>28&nbsp;September&nbsp;2011</entry>
            <entry><para>Buffer overflow in handling of UNIX socket
                addresses</para></entry>
          </row>

          <row>
            <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:06.bind.asc"
                >SA-11:06.bind</ulink></entry>
            <entry>23&nbsp;December&nbsp;2011</entry>
            <entry><para>Remote packet Denial of Service against &man.named.8;
                servers</para></entry>
          </row>

          <row>
            <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:07.chroot.asc"
                >SA-11:07.chroot</ulink></entry>
            <entry>23&nbsp;December&nbsp;2011</entry>
            <entry><para>Code execution via chrooted ftpd</para></entry>
          </row>

          <row>
            <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
                >SA-11:08.telnetd</ulink></entry>
            <entry>23&nbsp;December&nbsp;2011</entry>
            <entry><para>telnetd code execution vulnerability</para></entry>
          </row>

          <row>
            <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:09.pam_ssh.asc"
                >SA-11:09.pam_ssh</ulink></entry>
            <entry>23&nbsp;December&nbsp;2011</entry>
            <entry><para>pam_ssh improperly grants access when user account has
                unencrypted SSH private keys</para></entry>
          </row>

          <row>
            <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:10.pam.asc"
                >SA-11:10.pam</ulink></entry>
            <entry>23&nbsp;December&nbsp;2011</entry>
            <entry><para><function>pam_start()</function> does not validate
                service names</para></entry>
          </row>
        </tbody>
      </tgroup>
    </informaltable>
  </sect1>

  <sect1 id="open-issues">
    <title>Open Issues</title>

    <itemizedlist>
      <listitem>
        <para>In some releases prior to &release.current;, upgrading
          by using &man.freebsd-update.8; can fail.  This issue has
          been fixed by a change in Errata Notice EN-12:01.  For more
          information, see <ulink
            url="http://security.freebsd.org/advisories/FreeBSD-EN-12:01.freebsd-update.asc"></ulink></para>
      </listitem>

      <listitem>
        <para arch="amd64,i386">&os; &release.current; includes
          several changes to improve resource management of PCI
          devices.  Some x86 machines may not boot or may have devices
          that no longer attach when using ACPI as a result of these
          changes.  This can be worked around by setting a
          &man.loader.8; tunable
          <varname>debug.acpi.disabled</varname> to
          <literal>hostres</literal>.  To do this, enter the following
          lines at the loader prompt:</para>

        <screen>set debug.acpi.disabled="hostres"
boot</screen>

        <para>Or, put the following line into
          <filename>/boot/loader.conf</filename>:</para>

        <programlisting>debug.acpi.disabled="hostres"</programlisting>
      </listitem>

      <listitem>
        <para>A &man.devctl.4; event upon arrival of a &man.ugen.4;
          device has been changed.  The event now includes
          <literal>ugen</literal> and <literal>cdev</literal>
          variables instead of <literal>device-name</literal>.  This
          change can prevent the following &man.devd.8; rule which
          worked in a previous releases from working:</para>

        <programlisting>attach 0 {
        match "device-name" "ugen[0-9]+.[0-9]+";
        action "/path/to/script /dev/$device-name";
}</programlisting>

        <para>This should be updated to the following:</para>

        <programlisting>attach 0 {
        match "subsystem" "DEVICE";
        match "type" "ATTACH";
        match "cdev" "ugen[0-9]+.[0-9]+";
        action "/path/to/script /dev/$cdev";
}</programlisting>
      </listitem>

      <listitem>
        <para>The &os; &release.current; Release Notes should have
          mentioned that SSM (Source-Specific Multicast) MLDv2 now
          uses <literal>ALLOW_NEW_SOURCES</literal> and
          <literal>BLOCK_OLD_SOURCES</literal> record types to signal
          a join or a leave by default.  This conforms RFC 4604,
          <quote>Using Internet Group Management Protocol Version 3
          (IGMPv3) and Multicast Listener Discovery Protocol Version 2
          (MLDv2) for Source-Specific Multicast</quote>.  A new
          &man.sysctl.8; variable
          <varname>net.inet6.mld.use_allow</varname> which controls
          the behavior has been added.  The default value is
          <literal>1</literal> (use
          <literal>ALLOW_NEW_SOURCES</literal> and
          <literal>BLOCK_OLD_SOURCES</literal>).</para>
      </listitem>

      <listitem>
        <para>&release.current; fails to configure an interface
          specified in the &man.rc.conf.5; variable
          <varname>ipv6_prefix_<replaceable>IF</replaceable></varname>
          when the interface does not have a corresponding
          <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>
          variable.  This problem will be fixed in the future
          releases.  To work around this problem on &release.current;,
          add an
          <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>
          line for each interface specified in
          <varname>ipv6_prefix_<replaceable>IF</replaceable></varname>
          as the following:</para>

        <programlisting>ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0"
ifconfig_em0_ipv6="inet6 auto_linklocal"</programlisting>
      </listitem>

      <listitem>
        <para>In &release.current; the &os; USB subsystem supports USB
          3.0 by the &man.xhci.4; driver.  However, a bug that could
          prevent it from working with a USB 3.0 hub has been found
          and fixed after the release date.  This means
          &release.current; and prior do not work with a USB 3.0 hub.
          This problem has been fixed in HEAD and will be merged into
          the 9-STABLE branch.</para>
      </listitem>
    </itemizedlist>
  </sect1>

  <sect1 id="late-news">
    <title>Late-Breaking News</title>

<![ %release.type.current [
    <para>No news.</para>
]]>

<![ %release.type.release [
    <para>No news.</para>
]]>

<![ %release.type.snapshot [
    <para>No news.</para>
]]>
  </sect1>

</article>