The &os; Project $FreeBSD$ 2012 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; This document lists errata items for &os; containing significant information discovered after the release or too late in the release cycle to be otherwise included in the release documentation. This information includes security advisories, as well as news relating to the software or documentation that could affect its operation or usability. An up-to-date version of this document should always be consulted before installing this version of &os;. This errata document for &os; will be maintained until the release of &os; &release.next;. This errata document contains late-breaking news about &os; Before installing this version, it is important to consult this document to learn about any post-release discoveries or problems that may already have been found and fixed. Any version of this errata document actually distributed with the release (for example, on a CDROM distribution) will be out of date by definition, but other copies are kept updated on the Internet and should be consulted as the current errata for this release. These other copies of the errata are located at , plus any sites which keep up-to-date mirrors of this location. Source and binary snapshots of &os; &release.branch; also contain up-to-date copies of this document (as of the time of the snapshot). For a list of all &os; CERT security advisories, see or . Problems described in the following security advisories have been fixed in &release.current;. For more information, consult the individual advisories available from . Advisory Date Topic SA-11:01.mountd 20 April 2011 Network ACL mishandling in &man.mountd.8; SA-11:02.bind 28 May 2011 BIND remote DoS with large RRSIG RRsets and negative caching SA-11:04.compress 28 September 2011 Errors handling corrupt compress file in &man.compress.1; and &man.gzip.1; SA-11:05.unix 28 September 2011 Buffer overflow in handling of UNIX socket addresses SA-11:06.bind 23 December 2011 Remote packet Denial of Service against &man.named.8; servers SA-11:07.chroot 23 December 2011 Code execution via chrooted ftpd SA-11:08.telnetd 23 December 2011 telnetd code execution vulnerability SA-11:09.pam_ssh 23 December 2011 pam_ssh improperly grants access when user account has unencrypted SSH private keys SA-11:10.pam 23 December 2011 pam_start() does not validate service names In some releases prior to &release.current;, upgrading by using &man.freebsd-update.8; can fail. This issue has been fixed by a change in Errata Notice EN-12:01. For more information, see &os; &release.current; includes several changes to improve resource management of PCI devices. Some x86 machines may not boot or may have devices that no longer attach when using ACPI as a result of these changes. This can be worked around by setting a &man.loader.8; tunable debug.acpi.disabled to hostres. To do this, enter the following lines at the loader prompt: set debug.acpi.disabled="hostres" boot Or, put the following line into /boot/loader.conf: debug.acpi.disabled="hostres" A &man.devctl.4; event upon arrival of a &man.ugen.4; device has been changed. The event now includes ugen and cdev variables instead of device-name. This change can prevent the following &man.devd.8; rule which worked in a previous releases from working: attach 0 { match "device-name" "ugen[0-9]+.[0-9]+"; action "/path/to/script /dev/$device-name"; } This should be updated to the following: attach 0 { match "subsystem" "DEVICE"; match "type" "ATTACH"; match "cdev" "ugen[0-9]+.[0-9]+"; action "/path/to/script /dev/$cdev"; } The &os; &release.current; Release Notes should have mentioned that SSM (Source-Specific Multicast) MLDv2 now uses ALLOW_NEW_SOURCES and BLOCK_OLD_SOURCES record types to signal a join or a leave by default. This conforms RFC 4604, Using Internet Group Management Protocol Version 3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for Source-Specific Multicast. A new &man.sysctl.8; variable net.inet6.mld.use_allow which controls the behavior has been added. The default value is 1 (use ALLOW_NEW_SOURCES and BLOCK_OLD_SOURCES). &release.current; fails to configure an interface specified in the &man.rc.conf.5; variable ipv6_prefix_IF when the interface does not have a corresponding ifconfig_IF_ipv6 variable. This problem will be fixed in the future releases. To work around this problem on &release.current;, add an ifconfig_IF_ipv6 line for each interface specified in ipv6_prefix_IF as the following: ipv6_prefix_em0="2001:db8:1:0 2001:db8:2:0" ifconfig_em0_ipv6="inet6 auto_linklocal" In &release.current; the &os; USB subsystem supports USB 3.0 by the &man.xhci.4; driver. However, a bug that could prevent it from working with a USB 3.0 hub has been found and fixed after the release date. This means &release.current; and prior do not work with a USB 3.0 hub. This problem has been fixed in HEAD and will be merged into the 9-STABLE branch. No news. ]]> No news. ]]> No news. ]]>