Date: Wed, 29 Oct 2008 19:11:03 +0000 (UTC) From: Hiroki Sato <hrs@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r184446 - releng/6.4/release/doc/en_US.ISO8859-1/relnotes/common Message-ID: <200810291911.m9TJB3sU030602@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hrs Date: Wed Oct 29 19:11:03 2008 New Revision: 184446 URL: http://svn.freebsd.org/changeset/base/184446 Log: Relnotes update for 6.4R. Security Advisories: SA-08:03.sendfile, SA-08:05.openssh, SA-08:06.bind, SA-08:07.amd64, SA-08:09.icmp6, SA-08:10.nd6. Kernel Changes: Camellia cipher support, malloc(9) RedZone added, kernel-mode client-side NFS locking (options NFSLOCKD), boot from GPT-labeled disk, acpi_asus(4) EeePC backlight support, DRM i915 GME support, bge(4) BCM5906 support, dummynet(4) fast support, aac(4) >2TB RAID array support, ata(4) ServerWorks HT1000 chipset workaround added, iir(4) stability improvement, mpt(4) mpt_user personality added. Userland Changes: bsdtar(1) --numeric-owner, -s, -S added, cp(1) ACL bug fixed, cron(8) -m added, cvs(1) -n added, dump(8) and restore(8) extattr support, fortune(6) FORTUNE_PATH support, fortune(6) -e bugfix, freebsd-update IDSIgnorePaths statement support, fwcontrol(8) -f added, make(1) :u variable modifier added, morse(6) output bug fixed, mountd(8) -h added, mv(1) behavior change, periodic(8) daily_status_mail_rejects_shorten variable added, ping6(8) exit status change, telnetd(8) authentication bug fixed, top(1) and vmstat(8) -P added, watch(8) now support >10 snp(4) devices, rc.d/ike removed, dymmynet_enable variable added to rc.conf, rc.d/ppp ppp_profile variable support, rc.d/sysctl loading /etc/sysctl.conf.local support, rc.firewall firewall_client_* and firewall_simple_* variable support, pkg_install updated to snapshot as of 30 May 2008 on CURRENT, pkg_sign(1) and pkg_check(1) removed. Contrib Software Update: am-utils 6.1.5, BIND 9.3.5-P2, NTP 4.2.4p5, FILE 4.21, libarchive 2.5.4b, ncurses 5.6-20080503, OpenPAM Hydrangea, tcsh 6.15.00, tzdata2008e. Approved by: re (implicit) Modified: releng/6.4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml Modified: releng/6.4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml ============================================================================== --- releng/6.4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml Wed Oct 29 18:56:59 2008 (r184445) +++ releng/6.4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml Wed Oct 29 19:11:03 2008 (r184446) @@ -114,17 +114,88 @@ <sect2 id="security"> <title>Security Advisories</title> - <para>An error that could allow &man.sendfile.2; to - inappropriately access the contents of a file has been fixed. - For more information, see security advisory - <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-08:03.sendfile.asc">FreeBSD-SA-08:03.sendfile</ulink>.</para> - + <para>Problems described in the following security advisories has + been fixed. For more information, consult the individual + advisories available from <ulink + url="http://security.FreeBSD.org/"></ulink>.</para> + + <informaltable frame="none" pgwide="0"> + <tgroup cols="3"> + <colspec colwidth="1*"> + <colspec colwidth="1*"> + <colspec colwidth="3*"> + <thead> + <row> + <entry>Advisory</entry> + <entry>Date</entry> + <entry>Topic</entry> + </row> + </thead> + + <tbody> + <row> + <entry><ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-08:03.sendfile.asc">SA-08:03.sendfile</ulink></entry> + <entry>14 February 2008</entry> + <entry><para>&man.sendfile.2; write-only file permission bypass</para></entry> + </row> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:05.openssh.asc" + >SA-08:05.openssh</ulink></entry> + <entry>17 April 2008</entry> + <entry><para>OpenSSH X11-forwarding privilege escalation</para></entry> + </row> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc" + >SA-08:06.bind</ulink></entry> + <entry>13 July 2008</entry> + <entry><para>DNS cache poisoning</para></entry> + </row> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:07.amd64.asc" + >SA-08:07.amd64</ulink></entry> + <entry>3 September 2008</entry> + <entry><para>amd64 swapgs local privilege escalation</para></entry> + </row> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc" + >SA-08:09.icmp6</ulink></entry> + <entry>3 September 2008</entry> + <entry><para>Remote kernel panics on IPv6 connections</entry> + </row> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc" + >SA-08:10.nd6</ulink></entry> + <entry>1 October 2008</entry> + <entry><para>IPv6 Neighbor Discovery Protocol routing vulnerability</entry> + </row> + </tbody> + </tgroup> + </informaltable> </sect2> <sect2 id="kernel"> <title>Kernel Changes</title> - <para></para> + <para>The opencrypto framework (&man.crypto.9;) and &man.ipsec.4; + subsystem now support Camellia block cipher.</para> + + <para>The &os; kernel &man.malloc.9; now supports buffer corruption + protection (RedZone). This detects both buffer underflow and buffer + overflow bugs at runtime on &man.free.9; and &man.realloc.9; and + prints backtraces from where memory was allocated and from where it + was freed. For more details, see <literal>DEBUG_REDZONE</literal> + kernel option.</para> + + <para>The client side functionality of &man.rpc.lockd.8; has been + implemented in &os; kernel. This implementation provides the + correct semantics for &man.flock.2; style locks which are used + by the &man.lockf.1; command line tool and the &man.pidfile.3; + library. It also implements recovery from server restarts and + ensures that dirty cache blocks are written to the server before + obtaining locks (allowing multiple clients to use file locking + to safely share data). Also, a new kernel option + <literal>options NFSLOCKD</literal> has been added and enabled + by default.</para> <!-- Above this line, sort kernel changes by manpage/keyword--> @@ -133,89 +204,235 @@ <!-- Above this line, order boot loader changes by keyword--> + <para>&os; now support booting from GPT-labeled disks from the BIOS.</para> + <para arch="i386,amd64">The BTX kernel used by the boot loader has been changed to invoke BIOS routines from real mode. This change makes it possible to boot &os; from USB devices.</para> - </sect3> <sect3 id="proc"> <title>Hardware Support</title> - <para></para> + <para>The &man.acpi.asus.4; driver now supports Asus EeePC backlight control.</para> <sect4 id="mm"> <title>Multimedia Support</title> - <para></para> + <para>The <filename>DRM</filename> driver now supports i915 GME device.</para> </sect4> <sect4 id="net-if"> <title>Network Interface Support</title> - <para></para> - + <para>The &man.bge.4; driver now supports BCM5906-based adapters.</para> </sect4> </sect3> <sect3 id="net-proto"> <title>Network Protocols</title> - <para></para> - + <para>The &man.dummynet.4; subsystem now supports + <literal>fast</literal> mode operation which allows certain + packets to bypass the dummynet scheduler. This can achieve + lower latency and lower overhead when the packet flow is under + the pipe bandwidth, and eliminate recursion in the subsystem. + The new sysctl variable + <varname>net.inet.ip.dummynet.io_fast</varname> has been + added to enable this feature.</para> + + <para>The &man.resolver.3; now allows underscore in domain + names. Although this is a violation of RFC 1034 [STD 13], it is + accepted by certain name servers as well as other popular operating + systems' resolver library.</para> </sect3> <sect3 id="disks"> <title>Disks and Storage</title> - <para></para> + <para>The &man.aac.4; driver now supports 64-bit array support + for RAIDs larger than 2TB and simultaneous opens of the device + for issuing commands to the controller.</para> - </sect3> + <para>A data corruption problem of the &man.ata.4; driver on + ServerWorks HT1000 chipsets has been fixed.</para> - <sect3 id="fs"> - <title>File Systems</title> - - <para></para> + <para>Stability of the &man.iir.4; driver has been improved.</para> + <para>The &man.mpt.4; driver now supports <literal>mpt_user</literal> + personality.</para> </sect3> - </sect2> <sect2 id="userland"> <title>Userland Changes</title> - <para></para> + <para>The &man.bsdtar.1; utility now supports the following options: + <option>--numeric-owner</option>, <option>-S</option>, and + <option>-s</option>.</para> + + <para>A bug in &man.cp.1; utility which prevents POSIX.1e ACL (see + also &man.acl.3;) from copying properly has been fixed.</para> + + <para>The &man.cron.8; utility now supports <option>-m</option> flag which + overrides the default mail recipient for cron mails unless explicitly + provided by <literal>MAILTO=</literal> line in <filename>crontab</filename> + file.</para> + + <para>The &man.cvs.1; now supports <option>-n</option> flag which + is the opposite of <option>-N</option> flag.</para> + + <para>The &man.dump.8; and &man.restore.8; utility now support + extended attributes (see also &man.extattr.9;).</para> + + <para>The &man.fortune.6; program now supports + <varname>FORTUNE_PATH</varname> environment variable to specify + search path of the fortune files.</para> + + <para>A bug in the &man.fortune.6; program that prevents + <option>-e</option> option with multiple files from working has + been fixed.</para> + + <para>The &man.freebsd-update.conf.5; now supports + <literal>IDSIgnorePaths</literal> statement.</para> + + <para>The &man.fwcontrol.8; utility now supports <option>-f + <replaceable>node</replaceable></option> option which specifies + <replaceable>node</replaceable> as the root node on the next bus + reset.</para> + + <para>The &man.make.1; utility now supports <literal>:u</literal> + variable modifier which removes adjacent duplicate words.</para> + + <para>The incorrect output grammer of &man.morse.6; program has + been fixed.</para> + + <para>The &man.mountd.8; utility now supports <option>-h + <replaceable>bindip</replaceable></option> option which + specifies IP addresses to bind to for TCP and UDP requests. + This option may be specified multiple times. If no + <option>-h</option> option is specified, + <literal>INADDR_ANY</literal> will be used. Note that when + specifying IP addresses with this option, it will + automatically add <literal>127.0.0.1</literal> and if IPv6 is + enabled, <literal>::1</literal> to the list.</para> + + <para>The &man.moused.8; utility now supports <option>-L</option> + flag which changes the speed of scrolling and changes + <option>-U</option> option behavior to only affect the scroll + threshold.</para> + + <para>The &man.mv.1; now support POSIX specification when moving a + directory to an existing directory across devices.</para> + + <para>The &man.periodic.8; now supports + <varname>daily_status_mail_rejects_shorten</varname> + configuration variable in &man.periodic.conf.5;. This allows + the rejected mail reports to tally the rejects per blacklist + without providing details about individual sender hosts. The + default configuration keeps the reports in their original + form.</para> + + <para>The &man.ping6.8; now uses exit status of + <literal>0</literal> and <literal>2</literal> in the same manner + as &man.ping.8;.</para> + + <para>A bug in &man.telnetd.8; that it attempts authentication + even when <option>-a all</option> option is specified has been + fixed.</para> + + <para>The &man.top.1; and &man.vmstat.8; now support + <option>-P</option> flag which displays per-CPU statistics.</para> - <sect3 id="rc-scripts"> + <para>The &man.watch.8; utility now supports more than 10 + &man.snp.4; devices at a time.</para> + + <sect3 id="rc-scripts"> <title><filename>/etc/rc.d</filename> Scripts</title> - <para></para> + <para>The <filename>ike</filename> &man.rc.8; script has been + removed.</para> + <para>The &man.rc.conf.5; now supports + <varname>dummynet_enable</varname> variable which allow + &man.dummynet.4; kernel module to be loaded when + <varname>firewall_enable</varname> is <literal>YES</literal>.</para> + + <para>The <filename>ppp</filename> &man.rc.8; script now + supports multiple instances. For more details, see description of + <varname>ppp_profile</varname> variable in &man.rc.conf.5;.</para> + + <para>The <filename>rfcomm_pppd_server</filename> &man.rc.8; + script which allows start &man.rfcomm.pppd.8; in server mode + at boot time, has been added. Multiple profiles can be + started at the same time. For more details, see + &man.rc.conf.5;.</para> + + <para>The <filename>sysctl</filename> &man.rc.8; script now + supports loading <filename>/etc/sysctl.conf.local</filename> in + addition to <filename>/etc/sysctl.conf</filename>.</para> + + <para>The &man.rc.conf.5; now supports configuration of + interfaces and attached networks for firewall rule set by + <filename>rc.firewall</filename> when + <varname>firewall_type</varname> is <literal>simple</literal> or + <literal>client</literal>. See + <varname>firewall_client_net</varname>, + <varname>firewall_simple_iif</varname>, + <varname>firewall_simple_inet</varname>, + <varname>firewall_simple_oif</varname>, and + <varname>firewall_simple_onet</varname>.</para> </sect3> - </sect2> <sect2 id="contrib"> <title>Contributed Software</title> + <para><application>am-utils</application> has been updated to + version 6.1.5.</para> + + <para><application>ISC BIND</application> has been updated to + version 9.3.5-P2.</para> + <para><application>bzip2</application> has been updated from 1.0.4 to 1.0.5.</para> + <para><application>NTP</application> has been updated to version + 4.2.4p5.</para> + + <para><application>FILE</application> has been updated to version + 4.21.</para> + + <para><filename>libarchive</filename> has been virtually updated + to 2.5.4b. Note that the internal version number remains 1.9.25 + because the API/ABI compatibility is preserved.</para> + + <para><application>ncurses</application> library has been updated + to version 5.6-20080503.</para> + + <para><application>OpenPAM</application> has been updated to + Hydrangea release.</para> + <para><application>sendmail</application> has been updated from 8.14.2 to 8.14.3.</para> + <para><application>tcsh</application> has been updated to version + 6.15.00.</para> + <para>The timezone database has been updated from the <application>tzdata2007k</application> release to - the <application>tzdata2008b</application> release.</para> - + the <application>tzdata2008e</application> release.</para> </sect2> <sect2 id="ports"> <title>Ports/Packages Collection Infrastructure</title> - <para></para> + <para>The <filename>pkg_install</filename> utilities have been upgraded to + snapshot on 8.0-CURRENT as of May 30, 2008.</para> + <para>The &man.pkg.sign.1; and the &man.pkg.check.1; utility + have been removed.</para> </sect2> <sect2 id="releng"> @@ -224,15 +441,12 @@ <para>The supported version of the <application>GNOME</application> desktop environment (<filename role="package">x11/gnome2</filename>) has been - updated from 2.20.1 to 2.22.</para> - - </sect2> - - <sect2 id="doc"> - <title>Documentation</title> - - <para></para> + updated from 2.20.1 to 2.22.3.</para> + <para>The supported version of + the <application>KDE</application> desktop environment + (<filename role="package">x11/kde3</filename>) has been + updated from 3.5.8 to 3.5.10.</para> </sect2> </sect1>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810291911.m9TJB3sU030602>