FreeBSD 8.4-RELEASE Errata
Copyright © 2015 The FreeBSD Documentation Project
FreeBSD is a registered trademark of the FreeBSD Foundation.
Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
SPARC, SPARC64, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. SPARC International, Inc owns all of the SPARC trademarks and under licensing agreements allows the proper use of these trademarks by its members.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “®” symbol.
This document lists errata items for FreeBSD 8.4-RELEASE, containing significant information discovered after the release or too late in the release cycle to be otherwise included in the release documentation. This information includes security advisories, as well as news relating to the software or documentation that could affect its operation or usability. An up-to-date version of this document should always be consulted before installing this version of FreeBSD.
This errata document for FreeBSD 8.4-RELEASE will be maintained until the FreeBSD 8.4-RELEASE end of life.
This errata document contains “late-breaking news” about FreeBSD 8.4-RELEASE Before installing this version, it is important to consult this document to learn about any post-release discoveries or problems that may already have been found and fixed.
Any version of this errata document actually distributed with
the release (for example, on a CDROM distribution) will be out of
date by definition, but other copies are kept updated on the
Internet and should be consulted as the “current errata” for this
release. These other copies of the errata are located at
http://www.FreeBSD.org/releases/, plus any sites
which keep up-to-date mirrors of this location.
Source and binary snapshots of FreeBSD 8.4-STABLE also contain up-to-date copies of this document (as of the time of the snapshot).
For a list of all FreeBSD CERT security advisories, see
http://www.FreeBSD.org/security/ or ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/.
Problems described in the following security advisories have
been fixed in 8.4-RELEASE. For more information, consult the
individual advisories available from http://security.FreeBSD.org/.
| Advisory | Date | Topic |
|---|---|---|
| FreeBSD-SA-13:07.bind | 26 July 2013 |
Denial of Service vulnerability in named(8) |
| FreeBSD-SA-13:09.ip_multicast | 21 August 2013 |
Integer overflow in computing the size of a temporary buffer can result in a buffer which is too small for the requested operation |
| FreeBSD-SA-13:10.sctp | 21 August 2013 |
Fix a bug that could lead to kernel memory disclosure with SCTP state cookie |
| FreeBSD-SA-13:12.ifioctl | 10 September 2013 |
In IPv6 and NetATM, stop |
| FreeBSD-SA-13:13.nullfs | 10 September 2013 |
Prevent cross-mount hardlinks between different nullfs mounts of the same underlying filesystem |
| FreeBSD-SA-14:01.bsnmpd | 14 January 2014 |
bsnmpd remote denial of service vulnerability |
| FreeBSD-SA-14:02.ntpd | 14 January 2014 |
ntpd distributed reflection Denial of Service vulnerability |
| FreeBSD-SA-14:04.bind | 14 January 2014 |
BIND remote denial of service vulnerability |
| FreeBSD-SA-14:05.nfsserver | 8 April 2014 |
NFS deadlock vulnerability |
| FreeBSD-SA-14:06.openssl | 8 April 2014 |
ECDSA Cache Side-channel Attack in OpenSSL |
| FreeBSD-SA-14:08.tcp | 30 April 2014 |
TCP reassembly vulnerability |
| FreeBSD-SA-14:11.sendmail | 5 June 2014 |
sendmail improper close-on-exec flag handling |
| FreeBSD-SA-14:12.ktrace | 5 June 2014 |
ktrace memory disclosure |
| FreeBSD-SA-14:14.openssl | 5 June 2014 |
OpenSSL multiple vulnerabilities |
| FreeBSD-SA-14:16.file | 5 June 2014 |
Multiple vulnerabilities in file(1) and libmagic(3) |
| FreeBSD-SA-14:17.kmem | 8 July 2014 |
kernel memory disclosure in control message and SCTP notifications |
| FreeBSD-SA-14:18.openssl | 9 September 2014 |
Multiple vulnerabilities in OpenSSL |
| FreeBSD-SA-14:19.tcp | 16 September 2014 |
Denial of Service in TCP packet processing |
| FreeBSD-SA-14:21.routed | 21 October 2014 |
routed(8) denial of service vulnerability |
| FreeBSD-SA-14:23.openssl | 21 October 2014 |
Multiple vulnerabilities in OpenSSL |
| FreeBSD-SA-14:25.setlogin | 4 November 2014 |
kernel stack disclosure in setlogin(2) and getlogin(2) |
| FreeBSD-SA-14:26.ftp | 4 November 2014 |
Remote command execution in ftp(1) |
| FreeBSD-SA-14:28.file | 10 December 2014 |
Multiple vulnerabilities in file(1) and libmagic(3) |
| FreeBSD-SA-14:29.bind | 10 December 2014 |
BIND remote denial of service vulnerability |
| FreeBSD-SA-14:31.ntp | 23 December 2014 |
Multiple vulnerabilities in NTP suite |
| FreeBSD-SA-15:01.ntp | 14 January 2015 |
Multiple vulnerabilities in OpenSSL |
| FreeBSD-SA-15:02.kmem | 27 January 2015 |
Fix SCTP SCTP_SS_VALUE kernel memory corruption and disclosure vulnerability |
| FreeBSD-SA-15:03.sctp | 27 January 2015 |
Fix SCTP stream reset vulnerability |
| FreeBSD-SA-15:04.igmp | 25 February 2015 |
Integer overflow in IGMP protocol |
| FreeBSD-SA-15:05.igmp | 25 February 2015 |
Remote denial of service vulnerability |
| FreeBSD-SA-15:06.openssl | 19 March 2015 |
Multiple vulnerabilities |
| FreeBSD-SA-15:07.ntp | 7 April 2015 |
Multiple vulnerabilities |
| FreeBSD-SA-15:09.ipv6 | 7 April 2015 |
Router advertisement Denial of Service |
| FreeBSD-SA-15:10.openssl | 16 June 2015 |
Multiple vulnerabilities |
| FreeBSD-SA-15:11.bind | 7 July 2015 |
Resolver remote denial of service |
| FreeBSD-SA-15:13.tcp | 21 July 2015 |
resource exhaustion due to sessions stuck in |
| FreeBSD-SA-15:15.tcp | 28 July 2015 |
resource exhaustion in TCP reassembly |
| FreeBSD-SA-15:16.openssh | 28 July 2015 |
Multiple vulnerabilities |
| FreeBSD-SA-15:17.bind | 28 July 2015 |
Remote denial of service vulnerability |
| Errata | Date | Topic |
|---|---|---|
| FreeBSD-EN-13:01.fxp | 28 June 2013 |
Fixed a problem where dhclient(8) would infinitely try to intialize fxp(4) |
| FreeBSD-EN-13:02.vtnet | 28 June 2013 |
Fixed a problem frames sent to additional MAC addresses are not forwarded to the vtnet(4) interface |
| FreeBSD-EN-13:04.freebsd-update | 26 October 2013 |
Multiple fixes |
| FreeBSD-EN-13:05.freebsd-update | 28 November 2013 |
Fix INDEX generation |
| FreeBSD-EN-14:01.random | 14 January 2014 |
Disable hardware RNGs by default |
| FreeBSD-EN-14:02.mmap | 14 January 2014 |
Fix incorrect coalescing of stack entry |
| FreeBSD-EN-14:03.pkg | 15 May 2014 |
Add pkg bootstrapping, configuration and public keys |
| FreeBSD-EN-14:04.kldxref | 15 May 2014 |
Improve build repeatability for kldxref(8) |
| FreeBSD-EN-14:06.exec | 3 June 2014 |
Fix triple-fault when executing from a threaded process |
| FreeBSD-EN-14:08.heimdal | 24 June 2014 |
Fix |
| FreeBSD-EN-14:09.jail | 8 July 2014 |
Fix jail fails to start if WITHOUT_INET/WITHOUT_INET6 is use |
| FreeBSD-EN-14:10.tzdata | 21 October 2014 |
Time zone data file update |
| FreeBSD-EN-14:12.zfs | 4 November 2014 |
Fix NFSv4 and ZFS cache consistency issue |
| FreeBSD-EN-14:13.freebsd-update | 23 December 2014 |
Fix directory deletion issue |
| FreeBSD-EN-15:02.openssl | 25 February 2015 |
OpenSSL update |
| FreeBSD-EN-15:03.freebsd-update | 25 February 2015 |
freebsd-update(8) updates libraries in suboptimal order |
| FreeBSD-EN-15:04.freebsd-update | 13 May 2015 |
freebsd-update(8) does not ensure the previous upgrade has completed |
| FreeBSD-EN-15:06.file | 9 June 2015 |
Multiple denial of service issues |
| FreeBSD-EN-15:08.sendmail | 30 June 2015 (revised) |
Sendmail TLS/DH interoperability improvement |
[20130613] The vtnet(4) network interface driver displays the following message upon configuration when using QEMU 1.4.1 and later:
vtnet0: error setting host MAC filter table
This message is harmless when the interface has only one MAC address. The patch for this issue is filed to a PR kern/178955.
[20130609] There is incompatibility in
jail(8) configuration
because the
jail(8) utility and
rc.d/jail script has been changed.
More specifically, the following
sysctl(8) variables
cannot be used to set the default parameters for jails:
security.jail.mount_zfs_allowed security.jail.mount_procfs_allowed security.jail.mount_nullfs_allowed security.jail.mount_devfs_allowed security.jail.mount_allowed security.jail.chflags_allowed security.jail.allow_raw_sockets security.jail.sysvipc_allowed security.jail.socket_unixiproute_only security.jail.set_hostname_allowed
These could be set by manually using sysctl(8) utility, the sysctl.conf(5) file, or for some of them the following variables in rc.conf(5):
jail_set_hostname_allow="yes" jail_socket_unixiproute_only="yes" jail_sysvipc_allow="yes"
These parameters must now be specified in jail_parameters (or jail_ for
per-jail configuration) in
rc.conf(5). For
example:jailname_parameters
jail_parameters="allow.sysvipc allow.raw_sockets"
The valid keywords are the following. For more detail, see jail(8) manual page.
allow.set_hostname allow.sysvipc allow.raw_sockets allow.chflags allow.mount allow.mount.devfs allow.mount.nullfs allow.mount.procfs allow.mount.zfs allow.quotas allow.socket_af
[20130608] FreeBSD 8.4-RELEASE no longer supports FreeBSD CVS
repository. Some documents mistakenly refer to RELENG_8_4_0_RELEASE as CVS tag for the release
and RELENG_8_4 as CVS branch tag for
the 8.4-RELEASE security branch. However, FreeBSD Project no longer
supports FreeBSD CVS repository and 8.4-RELEASE has been released
by using FreeBSD subversion repository instead. RELENG_8_4 corresponds to svn://svn.FreeBSD.org/base/releng/8.4, and
RELENG_8_4_0_RELEASE corresponds to
svn://svn.FreeBSD.org/base/release/8.4.0. Please
note that FreeBSD source tree for 8.4-RELEASE and its security
branch cannot be updated by using official CVSup servers.
[20130607] (removed about a bge(4) network interface driver issue because it was incorrect)
[20130606] The
fxp(4) network
interface driver may not work well with the
dhclient(8) utility.
More specifically, if the /etc/rc.conf has the following line:
ifconfig_fxp0="DHCP"
to activate a DHCP client to configure the network interface, the following notification messages are displayed and the dhclient(8) utility keeps trying to initialize the network interface forever.
kernel: fxp0: link state changed to UP kernel: fxp0: link state changed to DOWN
A patch to fix this issue will be released as an Errata Notice.
[20130606] As described in FreeBSD 8.4-RELEASE Release Notes,
FreeBSD ZFS subsystem has been updated to support feature flags for
ZFS pools. However, the default version number of a newly created
ZFS pool is still 28.
This is because FreeBSD 9.0 and 9.1 do not support the feature
flags. This means ZFS pools with feature flag support cannot be
used on FreeBSD 9.0 and 9.1. An 8.X system with v28 ZFS pools can
be upgraded to 9.X with no problem. Note that
zfs(8) send and receive
commands do not work between pools with different versions. Once a
ZFS pool is upgraded from v28, there is no way to upgrade the
system to FreeBSD 9.0 and 9.1. FreeBSD 9.2 and later will support
ZFS pools with feature flags.
To create a ZFS pool with feature flag support, use the
zpool(8) create command and then the
zpool(8) upgrade command.