From owner-svn-src-all@FreeBSD.ORG Wed Oct 29 19:11:03 2008 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7528C1065675; Wed, 29 Oct 2008 19:11:03 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 663A08FC21; Wed, 29 Oct 2008 19:11:03 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id m9TJB3Tn030603; Wed, 29 Oct 2008 19:11:03 GMT (envelope-from hrs@svn.freebsd.org) Received: (from hrs@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id m9TJB3sU030602; Wed, 29 Oct 2008 19:11:03 GMT (envelope-from hrs@svn.freebsd.org) Message-Id: <200810291911.m9TJB3sU030602@svn.freebsd.org> From: Hiroki Sato Date: Wed, 29 Oct 2008 19:11:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r184446 - releng/6.4/release/doc/en_US.ISO8859-1/relnotes/common X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2008 19:11:03 -0000 Author: hrs Date: Wed Oct 29 19:11:03 2008 New Revision: 184446 URL: http://svn.freebsd.org/changeset/base/184446 Log: Relnotes update for 6.4R. Security Advisories: SA-08:03.sendfile, SA-08:05.openssh, SA-08:06.bind, SA-08:07.amd64, SA-08:09.icmp6, SA-08:10.nd6. Kernel Changes: Camellia cipher support, malloc(9) RedZone added, kernel-mode client-side NFS locking (options NFSLOCKD), boot from GPT-labeled disk, acpi_asus(4) EeePC backlight support, DRM i915 GME support, bge(4) BCM5906 support, dummynet(4) fast support, aac(4) >2TB RAID array support, ata(4) ServerWorks HT1000 chipset workaround added, iir(4) stability improvement, mpt(4) mpt_user personality added. Userland Changes: bsdtar(1) --numeric-owner, -s, -S added, cp(1) ACL bug fixed, cron(8) -m added, cvs(1) -n added, dump(8) and restore(8) extattr support, fortune(6) FORTUNE_PATH support, fortune(6) -e bugfix, freebsd-update IDSIgnorePaths statement support, fwcontrol(8) -f added, make(1) :u variable modifier added, morse(6) output bug fixed, mountd(8) -h added, mv(1) behavior change, periodic(8) daily_status_mail_rejects_shorten variable added, ping6(8) exit status change, telnetd(8) authentication bug fixed, top(1) and vmstat(8) -P added, watch(8) now support >10 snp(4) devices, rc.d/ike removed, dymmynet_enable variable added to rc.conf, rc.d/ppp ppp_profile variable support, rc.d/sysctl loading /etc/sysctl.conf.local support, rc.firewall firewall_client_* and firewall_simple_* variable support, pkg_install updated to snapshot as of 30 May 2008 on CURRENT, pkg_sign(1) and pkg_check(1) removed. Contrib Software Update: am-utils 6.1.5, BIND 9.3.5-P2, NTP 4.2.4p5, FILE 4.21, libarchive 2.5.4b, ncurses 5.6-20080503, OpenPAM Hydrangea, tcsh 6.15.00, tzdata2008e. Approved by: re (implicit) Modified: releng/6.4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml Modified: releng/6.4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml ============================================================================== --- releng/6.4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml Wed Oct 29 18:56:59 2008 (r184445) +++ releng/6.4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml Wed Oct 29 19:11:03 2008 (r184446) @@ -114,17 +114,88 @@ Security Advisories - An error that could allow &man.sendfile.2; to - inappropriately access the contents of a file has been fixed. - For more information, see security advisory - FreeBSD-SA-08:03.sendfile. - + Problems described in the following security advisories has + been fixed. For more information, consult the individual + advisories available from . + + + + + + + + + Advisory + Date + Topic + + + + + + SA-08:03.sendfile + 14 February 2008 + &man.sendfile.2; write-only file permission bypass + + + SA-08:05.openssh + 17 April 2008 + OpenSSH X11-forwarding privilege escalation + + + SA-08:06.bind + 13 July 2008 + DNS cache poisoning + + + SA-08:07.amd64 + 3 September 2008 + amd64 swapgs local privilege escalation + + + SA-08:09.icmp6 + 3 September 2008 + Remote kernel panics on IPv6 connections + + + SA-08:10.nd6 + 1 October 2008 + IPv6 Neighbor Discovery Protocol routing vulnerability + + + + Kernel Changes - + The opencrypto framework (&man.crypto.9;) and &man.ipsec.4; + subsystem now support Camellia block cipher. + + The &os; kernel &man.malloc.9; now supports buffer corruption + protection (RedZone). This detects both buffer underflow and buffer + overflow bugs at runtime on &man.free.9; and &man.realloc.9; and + prints backtraces from where memory was allocated and from where it + was freed. For more details, see DEBUG_REDZONE + kernel option. + + The client side functionality of &man.rpc.lockd.8; has been + implemented in &os; kernel. This implementation provides the + correct semantics for &man.flock.2; style locks which are used + by the &man.lockf.1; command line tool and the &man.pidfile.3; + library. It also implements recovery from server restarts and + ensures that dirty cache blocks are written to the server before + obtaining locks (allowing multiple clients to use file locking + to safely share data). Also, a new kernel option + options NFSLOCKD has been added and enabled + by default. @@ -133,89 +204,235 @@ + &os; now support booting from GPT-labeled disks from the BIOS. + The BTX kernel used by the boot loader has been changed to invoke BIOS routines from real mode. This change makes it possible to boot &os; from USB devices. - Hardware Support - + The &man.acpi.asus.4; driver now supports Asus EeePC backlight control. Multimedia Support - + The DRM driver now supports i915 GME device. Network Interface Support - - + The &man.bge.4; driver now supports BCM5906-based adapters. Network Protocols - - + The &man.dummynet.4; subsystem now supports + fast mode operation which allows certain + packets to bypass the dummynet scheduler. This can achieve + lower latency and lower overhead when the packet flow is under + the pipe bandwidth, and eliminate recursion in the subsystem. + The new sysctl variable + net.inet.ip.dummynet.io_fast has been + added to enable this feature. + + The &man.resolver.3; now allows underscore in domain + names. Although this is a violation of RFC 1034 [STD 13], it is + accepted by certain name servers as well as other popular operating + systems' resolver library. Disks and Storage - + The &man.aac.4; driver now supports 64-bit array support + for RAIDs larger than 2TB and simultaneous opens of the device + for issuing commands to the controller. - + A data corruption problem of the &man.ata.4; driver on + ServerWorks HT1000 chipsets has been fixed. - - File Systems - - + Stability of the &man.iir.4; driver has been improved. + The &man.mpt.4; driver now supports mpt_user + personality. - Userland Changes - + The &man.bsdtar.1; utility now supports the following options: + , , and + . + + A bug in &man.cp.1; utility which prevents POSIX.1e ACL (see + also &man.acl.3;) from copying properly has been fixed. + + The &man.cron.8; utility now supports flag which + overrides the default mail recipient for cron mails unless explicitly + provided by MAILTO= line in crontab + file. + + The &man.cvs.1; now supports flag which + is the opposite of flag. + + The &man.dump.8; and &man.restore.8; utility now support + extended attributes (see also &man.extattr.9;). + + The &man.fortune.6; program now supports + FORTUNE_PATH environment variable to specify + search path of the fortune files. + + A bug in the &man.fortune.6; program that prevents + option with multiple files from working has + been fixed. + + The &man.freebsd-update.conf.5; now supports + IDSIgnorePaths statement. + + The &man.fwcontrol.8; utility now supports option which specifies + node as the root node on the next bus + reset. + + The &man.make.1; utility now supports :u + variable modifier which removes adjacent duplicate words. + + The incorrect output grammer of &man.morse.6; program has + been fixed. + + The &man.mountd.8; utility now supports option which + specifies IP addresses to bind to for TCP and UDP requests. + This option may be specified multiple times. If no + option is specified, + INADDR_ANY will be used. Note that when + specifying IP addresses with this option, it will + automatically add 127.0.0.1 and if IPv6 is + enabled, ::1 to the list. + + The &man.moused.8; utility now supports + flag which changes the speed of scrolling and changes + option behavior to only affect the scroll + threshold. + + The &man.mv.1; now support POSIX specification when moving a + directory to an existing directory across devices. + + The &man.periodic.8; now supports + daily_status_mail_rejects_shorten + configuration variable in &man.periodic.conf.5;. This allows + the rejected mail reports to tally the rejects per blacklist + without providing details about individual sender hosts. The + default configuration keeps the reports in their original + form. + + The &man.ping6.8; now uses exit status of + 0 and 2 in the same manner + as &man.ping.8;. + + A bug in &man.telnetd.8; that it attempts authentication + even when option is specified has been + fixed. + + The &man.top.1; and &man.vmstat.8; now support + flag which displays per-CPU statistics. - + The &man.watch.8; utility now supports more than 10 + &man.snp.4; devices at a time. + + <filename>/etc/rc.d</filename> Scripts - + The ike &man.rc.8; script has been + removed. + The &man.rc.conf.5; now supports + dummynet_enable variable which allow + &man.dummynet.4; kernel module to be loaded when + firewall_enable is YES. + + The ppp &man.rc.8; script now + supports multiple instances. For more details, see description of + ppp_profile variable in &man.rc.conf.5;. + + The rfcomm_pppd_server &man.rc.8; + script which allows start &man.rfcomm.pppd.8; in server mode + at boot time, has been added. Multiple profiles can be + started at the same time. For more details, see + &man.rc.conf.5;. + + The sysctl &man.rc.8; script now + supports loading /etc/sysctl.conf.local in + addition to /etc/sysctl.conf. + + The &man.rc.conf.5; now supports configuration of + interfaces and attached networks for firewall rule set by + rc.firewall when + firewall_type is simple or + client. See + firewall_client_net, + firewall_simple_iif, + firewall_simple_inet, + firewall_simple_oif, and + firewall_simple_onet. - Contributed Software + am-utils has been updated to + version 6.1.5. + + ISC BIND has been updated to + version 9.3.5-P2. + bzip2 has been updated from 1.0.4 to 1.0.5. + NTP has been updated to version + 4.2.4p5. + + FILE has been updated to version + 4.21. + + libarchive has been virtually updated + to 2.5.4b. Note that the internal version number remains 1.9.25 + because the API/ABI compatibility is preserved. + + ncurses library has been updated + to version 5.6-20080503. + + OpenPAM has been updated to + Hydrangea release. + sendmail has been updated from 8.14.2 to 8.14.3. + tcsh has been updated to version + 6.15.00. + The timezone database has been updated from the tzdata2007k release to - the tzdata2008b release. - + the tzdata2008e release. Ports/Packages Collection Infrastructure - + The pkg_install utilities have been upgraded to + snapshot on 8.0-CURRENT as of May 30, 2008. + The &man.pkg.sign.1; and the &man.pkg.check.1; utility + have been removed. @@ -224,15 +441,12 @@ The supported version of the GNOME desktop environment (x11/gnome2) has been - updated from 2.20.1 to 2.22. - - - - - Documentation - - + updated from 2.20.1 to 2.22.3. + The supported version of + the KDE desktop environment + (x11/kde3) has been + updated from 3.5.8 to 3.5.10.