From owner-p4-projects Mon Nov 25 14:25:12 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 9D34437B404; Mon, 25 Nov 2002 14:24:46 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F64537B401 for ; Mon, 25 Nov 2002 14:24:46 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id D308C43E9C for ; Mon, 25 Nov 2002 14:24:44 -0800 (PST) (envelope-from peter@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gAPMLEmV017620 for ; Mon, 25 Nov 2002 14:21:14 -0800 (PST) (envelope-from peter@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gAPMLDaS017617 for perforce@freebsd.org; Mon, 25 Nov 2002 14:21:13 -0800 (PST) Date: Mon, 25 Nov 2002 14:21:13 -0800 (PST) Message-Id: <200211252221.gAPMLDaS017617@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to peter@freebsd.org using -f From: Peter Wemm Subject: PERFORCE change 21505 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=21505 Change 21505 by peter@peter_daintree on 2002/11/25 14:20:59 IFC @21504 Affected files ... .. //depot/projects/ia64/bin/chmod/chmod.1#7 integrate .. //depot/projects/ia64/bin/expr/expr.1#7 integrate .. //depot/projects/ia64/bin/ls/ls.1#13 integrate .. //depot/projects/ia64/include/Makefile#19 integrate .. //depot/projects/ia64/libexec/ftpd/ftpd.8#6 integrate .. //depot/projects/ia64/release/doc/en_US.ISO8859-1/early-adopter/article.sgml#4 integrate .. //depot/projects/ia64/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#52 integrate .. //depot/projects/ia64/sbin/disklabel/disklabel.8#9 integrate .. //depot/projects/ia64/sbin/ifconfig/ifconfig.8#16 integrate .. //depot/projects/ia64/sbin/rcorder/rcorder.8#4 integrate .. //depot/projects/ia64/share/examples/scsi_target/Makefile#3 integrate .. //depot/projects/ia64/share/man/man4/Makefile#24 integrate .. //depot/projects/ia64/share/man/man4/ppc.4#2 integrate .. //depot/projects/ia64/sys/cam/scsi/scsi_target.c#4 integrate .. //depot/projects/ia64/sys/dev/acpica/acpi_pcib_acpi.c#5 integrate .. //depot/projects/ia64/sys/dev/em/if_em.c#14 integrate .. //depot/projects/ia64/sys/dev/pci/pci_pci.c#12 integrate .. //depot/projects/ia64/sys/dev/sound/pci/emu10k1.c#3 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/buffer.c#4 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/channel.c#7 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/feeder.c#5 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/feeder_fmt.c#3 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/feeder_rate.c#2 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/sndstat.c#4 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/sound.c#9 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/sound.h#5 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/vchan.c#4 integrate .. //depot/projects/ia64/sys/dev/sound/usb/uaudio_pcm.c#2 integrate .. //depot/projects/ia64/sys/pci/if_dc.c#19 integrate .. //depot/projects/ia64/sys/vm/vm_map.c#34 integrate .. //depot/projects/ia64/usr.bin/getconf/Makefile#3 integrate Differences ... ==== //depot/projects/ia64/bin/chmod/chmod.1#7 (text+ko) ==== @@ -33,7 +33,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)chmod.1 8.4 (Berkeley) 3/31/94 -.\" $FreeBSD: src/bin/chmod/chmod.1,v 1.34 2002/11/04 06:46:53 tjr Exp $ +.\" $FreeBSD: src/bin/chmod/chmod.1,v 1.35 2002/11/25 14:18:42 ru Exp $ .\" .Dd March 31, 1994 .Dt CHMOD 1 @@ -56,13 +56,22 @@ operand. .Pp The options are as follows: -.Bl -tag -width Ds +.Bl -tag -width indent +.It Fl f +Do not display a diagnostic message if +.Nm +could not modify the mode for +.Va file , +nor modify the exit status to reflect such failures. .It Fl H If the .Fl R option is specified, symbolic links on the command line are followed. (Symbolic links encountered in the tree traversal are not followed by default.) +.It Fl h +If the file is a symbolic link, change the mode of the link itself +rather than the file that the link points to. .It Fl L If the .Fl R @@ -75,14 +84,6 @@ .It Fl R Change the modes of the file hierarchies rooted in the files instead of just the files themselves. -.It Fl f -Do not display a diagnostic message if -.Nm -could not modify the mode for -.Va file . -.It Fl h -If the file is a symbolic link, change the mode of the link itself -rather than the file that the link points to. .It Fl v Cause .Nm @@ -115,22 +116,24 @@ .Pp .Bl -tag -width 6n -compact -offset indent .It Li 4000 -(the set-user-ID-on-execution bit) Executable files with this bit set +(the setuid bit). +Executable files with this bit set will run with effective uid set to the uid of the file owner. -Directories with the set-user-id bit set will force all files and +Directories with this bit set will force all files and sub-directories created in them to be owned by the directory owner and not by the uid of the creating process, if the underlying file system supports this feature: see .Xr chmod 2 and the -.Ar suiddir +.Cm suiddir option to .Xr mount 8 . .It Li 2000 -(the set-group-ID-on-execution bit) Executable files with this bit set +(the setgid bit). +Executable files with this bit set will run with effective gid set to the gid of the file owner. .It Li 1000 -(the sticky bit) +(the sticky bit). See .Xr chmod 2 and ==== //depot/projects/ia64/bin/expr/expr.1#7 (text+ko) ==== @@ -28,7 +28,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $FreeBSD: src/bin/expr/expr.1,v 1.21 2002/10/28 00:15:42 wollman Exp $ +.\" $FreeBSD: src/bin/expr/expr.1,v 1.22 2002/11/25 13:20:30 ru Exp $ .\" .Dd May 10, 2002 .Dt EXPR 1 @@ -135,8 +135,9 @@ New applications are advised to use shell arithmetic rather than .Nm . .Ss Compatibility with previous implementations -Unless -.Fx 4.x +Unless +.Fx +4.x compatibility is enabled, this version of .Nm adheres to the @@ -174,7 +175,6 @@ For historical reasons, defining the environment variable .Ev EXPR_COMPAT also enables compatibility mode. -.Pp .Sh ENVIRONMENT .Bl -tag -width ".Ev EXPR_COMPAT" .It Ev EXPR_COMPAT ==== //depot/projects/ia64/bin/ls/ls.1#13 (text+ko) ==== @@ -33,7 +33,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)ls.1 8.7 (Berkeley) 7/29/94 -.\" $FreeBSD: src/bin/ls/ls.1,v 1.71 2002/11/03 07:29:08 tjr Exp $ +.\" $FreeBSD: src/bin/ls/ls.1,v 1.72 2002/11/25 13:52:57 ru Exp $ .\" .Dd May 19, 2002 .Dt LS 1 @@ -420,10 +420,10 @@ .Pp The next field contains a plus -.Pq Sq Li + +.Pq Ql + character if the file has an ACL, or a space -.Pq Sq Li " " +.Pq Ql " " if it does not. The .Nm @@ -461,7 +461,7 @@ will be displayed in units of that size block. .It Ev CLICOLOR Use -\*[Ai] +.Tn ANSI color sequences to distinguish file types. See .Ev LSCOLORS @@ -570,7 +570,7 @@ .El .Pp Note that the above are standard -\*[Ai] +.Tn ANSI colors. The actual display may differ depending on the color capabilities of the terminal in use. @@ -648,8 +648,11 @@ utility conforms to .St -p1003.1-2001 . .Pp -.No The ACL support is compatible with IEEE\ Std\ 1003.2c\ ( Ns Dq "POSIX.2c" Ns ) -Draft\ 17 +The ACL support is compatible with +.Tn IEEE +Std\~1003.2c +.Pq Dq Tn POSIX Ns .2c +Draft\~17 (withdrawn). .Sh HISTORY An ==== //depot/projects/ia64/include/Makefile#19 (text+ko) ==== @@ -1,5 +1,5 @@ # @(#)Makefile 8.2 (Berkeley) 1/4/94 -# $FreeBSD: src/include/Makefile,v 1.189 2002/11/21 23:34:57 julian Exp $ +# $FreeBSD: src/include/Makefile,v 1.190 2002/11/25 08:55:50 ru Exp $ # # Doing a make install builds /usr/include # @@ -41,10 +41,9 @@ security/lomac security/mac_biba security/mac_bsdextended \ security/mac_mls security/mac_partition ufs/ffs ufs/ufs - -# For SHARED=symlinks, cam and netatm are symlinks, so cam/scsi and netatm/* -# are taken care of -LSYMSUBDIRS= ${LSUBDIRS:Ncam/scsi:Nnetatm/*:Nnetgraph/bluetooth/*} +# For SHARED=symlinks, cam, netatm, and netgraph are symlinks, so cam/scsi, +# netatm/*, and netgraph/* are taken care of +LSYMSUBDIRS= ${LSUBDIRS:Ncam/scsi:Nnetatm/*:Nnetgraph/*} # Define SHARED to indicate whether you want symbolic links to the system # source (``symlinks''), or a separate copy (``copies''). ``symlinks'' is ==== //depot/projects/ia64/libexec/ftpd/ftpd.8#6 (text+ko) ==== @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 -.\" $FreeBSD: src/libexec/ftpd/ftpd.8,v 1.54 2002/08/23 09:06:27 yar Exp $ +.\" $FreeBSD: src/libexec/ftpd/ftpd.8,v 1.55 2002/11/25 15:20:06 ru Exp $ .\" .Dd January 27, 2000 .Dt FTPD 8 @@ -40,12 +40,12 @@ .Nd Internet File Transfer Protocol server .Sh SYNOPSIS .Nm -.Op Fl 46AdDEmMoOrRSUvW +.Op Fl 46ADdEMmOoRrSUvW .Op Fl l Op Fl l .Op Fl a Ar address .Op Fl p Ar file +.Op Fl T Ar maxtimeout .Op Fl t Ar timeout -.Op Fl T Ar maxtimeout .Op Fl u Ar umask .Sh DESCRIPTION The @@ -82,16 +82,13 @@ is specified, accept connections via .Dv AF_INET6 socket. +.It Fl A +Allow only anonymous ftp access. .It Fl a When .Fl D is specified, accept connections only on the specified .Ar address . -.It Fl A -Allow only anonymous ftp access. -.It Fl d -Debugging information is written to the syslog using -.Dv LOG_FTP . .It Fl D With this option set, .Nm @@ -102,6 +99,9 @@ from .Xr inetd 8 and is thus useful on busy servers to reduce load. +.It Fl d +Debugging information is written to the syslog using +.Dv LOG_FTP . .It Fl E Disable the EPSV command. This is useful for servers behind older firewalls. @@ -113,38 +113,31 @@ If this option is specified twice, the retrieve (get), store (put), append, delete, make directory, remove directory and rename operations and their filename arguments are also logged. -Note: -.Dv LOG_FTP -messages -are not displayed by +By default, .Xr syslogd 8 -by default, and may have to be enabled in -.Xr syslogd 8 Ns 's -configuration file. +logs these to +.Pa /var/log/xferlog . +.It Fl M +Prevent anonymous users from creating directories. .It Fl m Permit anonymous users to overwrite or modify -existing files if allowed by filesystem permissions. +existing files if allowed by file system permissions. By default, anonymous users cannot modify existing files; in particular, files to upload will be created under a unique name. -.It Fl M -Prevent anonymous users from creating directories. -.It Fl o -Put server in write-only mode. -RETR is disabled, preventing downloads. .It Fl O Put server in write-only mode for anonymous users only. RETR is disabled for anonymous users, preventing anonymous downloads. This has no effect if .Fl o is also specified. +.It Fl o +Put server in write-only mode. +RETR is disabled, preventing downloads. .It Fl p When .Fl D is specified, write the daemon's process ID to .Ar file . -.It Fl r -Put server in read-only mode. -All commands which may modify the local filesystem are disabled. .It Fl R With this option set, .Nm @@ -155,16 +148,15 @@ will only honor PORT commands directed to unprivileged ports on the remote user's host (which violates the FTP protocol specification but closes some security holes). +.It Fl r +Put server in read-only mode. +All commands which may modify the local file system are disabled. .It Fl S With this option set, .Nm logs all anonymous file downloads to the file .Pa /var/log/ftpd when this file exists. -.It Fl t -The inactivity timeout period is set to -.Ar timeout -seconds (the default is 15 minutes). .It Fl T A client may also request a different timeout period; the maximum period allowed may be set to @@ -173,6 +165,17 @@ .Fl T option. The default limit is 2 hours. +.It Fl t +The inactivity timeout period is set to +.Ar timeout +seconds (the default is 15 minutes). +.It Fl U +In previous versions of +.Nm , +when a passive mode client requested a data connection to the server, +the server would use data ports in the range 1024..4999. Now, by default, +the server will use data ports in the range 49152..65535. Specifying this +option will revert to the old behavior. .It Fl u The default file creation mode mask is set to .Ar umask , @@ -180,18 +183,11 @@ Refer to .Xr umask 2 for details. -.It Fl U -In previous versions of -.Nm , -when a passive mode client requested a data connection to the server, -the server would use data ports in the range 1024..4999. Now, by default, -the server will use data ports in the range 49152..65535. Specifying this -option will revert to the old behavior. .It Fl v A synonym for .Fl d . .It Fl W -Don't log FTP sessions to +Do not log FTP sessions to .Pa /var/log/wtmp . .El .Pp @@ -269,7 +265,7 @@ .El .Pp The following non-standard or -.Tn UNIX +.Ux specific commands are supported by the SITE request. @@ -488,7 +484,7 @@ .Pa ~/bin directory exist. .Sh FILES -.Bl -tag -width /etc/ftpwelcome -compact +.Bl -tag -width ".Pa /var/log/xferlog" -compact .It Pa /etc/ftpusers List of unwelcome/restricted users. .It Pa /etc/ftpchroot @@ -503,6 +499,8 @@ Displayed and access refused. .It Pa /var/log/ftpd Log file for anonymous transfers. +.It Pa /var/log/xferlog +Default place for session logs. .El .Sh SEE ALSO .Xr ftp 1 , ==== //depot/projects/ia64/release/doc/en_US.ISO8859-1/early-adopter/article.sgml#4 (text+ko) ==== @@ -26,7 +26,7 @@ The &os; Release Engineering Team - $FreeBSD: src/release/doc/en_US.ISO8859-1/early-adopter/article.sgml,v 1.5 2002/11/03 22:06:48 ceri Exp $ + $FreeBSD: src/release/doc/en_US.ISO8859-1/early-adopter/article.sgml,v 1.6 2002/11/25 21:14:16 keramida Exp $ 2002 @@ -412,7 +412,7 @@ While &os; 5.0 contains a number of new and exciting features, it may not be suitable for all users at this time. In this document, we presented some background on release - engineering, some of the more notable new features of the 5.0 + engineering, some of the more notable new features of the 5.X series, and some drawbacks to early adoption. We also presented some future plans for the 4-STABLE development branch and some tips on upgrading for early adopters. ==== //depot/projects/ia64/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#52 (text+ko) ==== @@ -3,7 +3,7 @@ The FreeBSD Project - $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.455 2002/11/23 00:31:58 njl Exp $ + $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.456 2002/11/25 21:12:52 bmah Exp $ 2000 @@ -85,7 +85,7 @@ Typical release note items document new drivers or hardware support, new commands or options, major bugfixes, or contributed software upgrades. Applicable security - advisories issued after &release.prev; are also listed. + advisories issued after &release.prev.historic; are also listed. Many additional changes were made to &os; that are not listed here for lack of space. For example, documentation was corrected @@ -138,10 +138,9 @@ and supports more flexible attachment of devices, has been largely reworked. &man.devfs.5; is now enabled by default and can be disabled by the NODEVFS kernel - option. - - The &man.devfs.5; rule subsystem has been introduced. DEVFS rules - permit the administrator to define certain properties of new device + option. + A rule subsystem + permits the administrator to define certain properties of new device nodes before they become visible to the userland. Both static (e.g. /dev/speaker) and dynamic (e.g. /dev/bpf*, some removable devices) nodes are @@ -150,12 +149,11 @@ jails. Rules and rulesets are manipulated with the &man.devfs.8; utility. - The dgm driver has been removed in favor of the digi driver. - A new digi driver has been added to support PCI Xr-based and ISA Xem Digiboard cards. A new &man.digictl.8; program is (mainly) used to re-initialize cards that have external port - modules attached such as the PC/Xem. + modules attached such as the PC/Xem. This driver replaces the older + dgm driver. An &man.eaccess.2; system call has been added, similar to &man.access.2; except that the former uses effective credentials @@ -233,7 +231,7 @@ &os; now supports an extensible Mandatory Access Control framework, the TrustedBSD MAC Framework. It permits loadable kernel modules to link to the kernel at compile-time, boot-time, - or run-time, and augment the system security policy. The + or run-time to augment the system security policy. The framework permits modules to express interest in a variety of events, and also provides common security policy services such as label storage. A variety of sample policy modules are @@ -471,7 +469,7 @@ instance is desired. &merged; It is now possible to hardwire kernel environment variables - (such as tuneables) at compile-time using &man.config.8;'s + (such as tunables) at compile-time using &man.config.8;'s ENV directive. Idle zeroing of pages can be enabled with the @@ -558,7 +556,7 @@ improve performance on the 80386 due to the elimination of runtime processor type checks. Custom kernels that will run on the 80386 can - still be built by changing the cpu options in the kernel + still be built by changing the CPU options in the kernel configuration file to only include I386_CPU. @@ -995,7 +993,7 @@ support for VLANs is also supported. &merged; A FAST_IPSEC kernel option now allows - the IPsec implementation to use the kernel crypo framework, + the IPsec implementation to use the kernel &man.crypto.4; framework, along with its support for hardware cryptographic acceleration. @@ -1040,7 +1038,7 @@ commonly referred to as IPFW2). It now uses variable-sized representation of rules in the kernel, similar to &man.bpf.4; instructions. Most of the externally-visible - behavior (i.e. through &man.ipfw.8;) should be unchanged., + behavior (i.e. through &man.ipfw.8;) should be unchanged, although &man.ipfw.8; now supports or connectives between match fields. &merged; @@ -1193,7 +1191,7 @@ net.inet.tcp.rexmit_min and net.inet.tcp.rexmit_slop. The default has been reduced from one second to 200ms (similar to the Linux default) - in order to better handle hicups over interactive connections and + in order to better handle hiccups over interactive connections and improve recovery over lossy fast connections such as wireless links. The &man.tcp.4; protocol now has the ability to dynamically @@ -1309,7 +1307,7 @@ driver supports the Compaq SmartRAID 5* family of RAID controllers (5300, 532, 5i). &merged; - The &man.fdc.4; floppy disk has undergone a number of + The &man.fdc.4; floppy disk driver has undergone a number of enhancements. Density selection for common settings is now automatic; the driver is also much more flexible in setting the densities of various subdevices. @@ -1326,7 +1324,7 @@ refer to a disk partition without specifying an MBR slice (e.g. /dev/ad0a); the kernel would automatically find the first applicable &os; slice and use - it. On GEOM kernels, only the full partition names + it. On GEOM-enabled kernels (the default), only the full partition names (e.g. /dev/ad0s1a) are allowed when referring to partitions within MBR slices. This change should affect very few users. @@ -1437,7 +1435,7 @@ Filesystems - Support for named extended attributes was added to the + Support for named extended attributes has been added to the &os; kernel. This allows the kernel, and appropriately privileged userland processes, to tag files and directories with attribute data. Extended attributes were added to @@ -1455,10 +1453,6 @@ Details can be found in /usr/src/sys/ufs/ffs/README.snapshot. - - Softupdates for FFS have received some bug fixes and - enhancements. - When running with softupdates, &man.statfs.2; and &man.df.1; will track the number of blocks and files that are committed to being freed. @@ -1819,45 +1813,45 @@ or disabling various system services in &man.rc.conf.5; on new installs. &merged; - A bug in which malformed ELF executable images can hang the + A bug in which malformed ELF executable images can hang the system has been fixed (see security advisory FreeBSD-SA-00:41). &merged; - A security hole in Linux emulation was fixed (see security + A security hole in Linux emulation was fixed (see security advisory FreeBSD-SA-00:42). &merged; String-handling library calls in many programs were fixed to reduce the possibility of buffer overflow-related exploits. &merged; - TCP now uses stronger randomness in choosing its initial + TCP now uses stronger randomness in choosing its initial sequence numbers (see security advisory FreeBSD-SA-00:52). &merged; - Several buffer overflows in &man.tcpdump.1; were corrected + Several buffer overflows in &man.tcpdump.1; were corrected (see security advisory FreeBSD-SA-00:61). &merged; - A security hole in &man.top.1; was corrected (see security + A security hole in &man.top.1; was corrected (see security advisory FreeBSD-SA-00:62). &merged; - A potential security hole caused by an off-by-one-error in + A potential security hole caused by an off-by-one-error in &man.gethostbyname.3; has been fixed (see security advisory FreeBSD-SA-00:63). &merged; - A potential buffer overflow in the &man.ncurses.3; library, + A potential buffer overflow in the &man.ncurses.3; library, which could cause arbitrary code to be run from within &man.systat.1;, has been corrected (see security advisory FreeBSD-SA-00:68). &merged; - A vulnerability in &man.telnetd.8; that could cause it to + A vulnerability in &man.telnetd.8; that could cause it to consume large amounts of server resources has been fixed (see security advisory FreeBSD-SA-00:69). &merged; - The nat deny_incoming command in + The nat deny_incoming command in &man.ppp.8; now works correctly (see security advisory FreeBSD-SA-00:70). &merged; - A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files + A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files that could allow overwriting of arbitrary user-writable files has been closed (see security advisory FreeBSD-SA-00:76). &merged; @@ -1872,33 +1866,33 @@ &man.telnet.1; now does a better job of sanitizing its environment. &merged; - Several vulnerabilities in &man.procfs.5; were fixed (see + Several vulnerabilities in &man.procfs.5; were fixed (see security advisory FreeBSD-SA-00:77). &merged; - A bug in OpenSSH in which a + A bug in OpenSSH in which a server was unable to disable &man.ssh-agent.1; or X11Forwarding was fixed (see security advisory FreeBSD-SA-01:01). &merged; - A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP + A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP segments could incorrectly be treated as being part of an established connection has been fixed (see security advisory FreeBSD-SA-01:08). &merged; - A bug in &man.crontab.1; that could allow users to read any + A bug in &man.crontab.1; that could allow users to read any file on the system in valid &man.crontab.5; syntax has been fixed (see security advisory FreeBSD-SA-01:09). &merged; - A vulnerability in &man.inetd.8; that could allow + A vulnerability in &man.inetd.8; that could allow read-access to the initial 16 bytes of wheel-accessible files has been fixed (see security advisory FreeBSD-SA-01:11). &merged; - A bug in &man.periodic.8; that used insecure temporary files + A bug in &man.periodic.8; that used insecure temporary files has been corrected (see security advisory FreeBSD-SA-01:12). &merged; - OpenSSH now has code to prevent + OpenSSH now has code to prevent (instead of just mitigating through connection limits) an attack that can lead to guessing the server key (not host key) by regenerating the server key when an RSA failure is detected (see @@ -1914,42 +1908,42 @@ A bug in ICMP that could cause an attacker to disrupt TCP and UDP sessions has been corrected. &merged; - A bug in &man.timed.8;, which caused it to crash if send + A bug in &man.timed.8;, which caused it to crash if send certain malformed packets, has been corrected (see security advisory FreeBSD-SA-01:28). &merged; - A bug in &man.rwhod.8;, which caused it to crash if send + A bug in &man.rwhod.8;, which caused it to crash if send certain malformed packets, has been corrected (see security advisory FreeBSD-SA-01:29). &merged; - A security hole in &os;'s FFS and EXT2FS implementations, + A security hole in &os;'s FFS and EXT2FS implementations, which allowed a race condition that could cause users to have unauthorized access to data, has been fixed (see security advisory FreeBSD-SA-01:30). &merged; - A remotely-exploitable vulnerability in &man.ntpd.8; has + A remotely-exploitable vulnerability in &man.ntpd.8; has been closed (see security advisory FreeBSD-SA-01:31). &merged; - A security hole in IPFilter's + A security hole in IPFilter's fragment cache has been closed (see security advisory FreeBSD-SA-01:32). &merged; - Buffer overflows in &man.glob.3;, which could cause + Buffer overflows in &man.glob.3;, which could cause arbitrary code to be run on an FTP server, have been closed. In addition, to prevent some forms of DOS attacks, &man.glob.3; allows specification of a limit on the number of pathname matches it will return. &man.ftpd.8; now uses this feature (see security advisory FreeBSD-SA-01:33). &merged; - Initial sequence numbers in TCP are more thoroughly + Initial sequence numbers in TCP are more thoroughly randomized (see security advisory FreeBSD-SA-01:39). Due to some possible compatibility issues, the behavior of this security fix can be enabled or disabled via the net.inet.tcp.tcp_seq_genscheme sysctl variable.&merged; - A vulnerability in the &man.fts.3; routines (used by + A vulnerability in the &man.fts.3; routines (used by applications for recursively traversing a filesystem) could allow a program to operate on files outside the intended directory hierarchy. This bug has been fixed (see security @@ -1959,19 +1953,19 @@ user's UID before attempting to unlink the authentication forwarding file, nullifying the effects of a race. - A flaw allowed some signal handlers to remain in effect in a + A flaw allowed some signal handlers to remain in effect in a child process after being exec-ed from its parent. This allowed an attacker to execute arbitrary code in the context of a setuid binary. This flaw has been corrected (see security advisory FreeBSD-SA-01:42). &merged; - A remote buffer overflow in &man.tcpdump.1; has been fixed + A remote buffer overflow in &man.tcpdump.1; has been fixed (see security advisory FreeBSD-SA-01:48). &merged; - A remote buffer overflow in &man.telnetd.8; has been fixed + A remote buffer overflow in &man.telnetd.8; has been fixed (see security advisory FreeBSD-SA-01:49). &merged; - The new net.inet.ip.maxfragpackets and + The new net.inet.ip.maxfragpackets and net.inet.ip6.maxfragpackets sysctl variables limit the amount of memory that can be consumed by IPv4 and IPv6 packet fragments, which defends against some denial of service @@ -1984,33 +1978,33 @@ installations, as well as editing inetd.conf. &merged; - A flaw in the implementation of the &man.ipfw.8; + A flaw in the implementation of the &man.ipfw.8; me rules on point-to-point links has been corrected. Formerly, me filter rules would match the remote IP address of a point-to-point interface in addition to the intended local IP address (see security advisory FreeBSD-SA-01:53). &merged; - A vulnerability in &man.procfs.5;, which could allow a + A vulnerability in &man.procfs.5;, which could allow a process to read sensitive information from another process's memory space, has been closed (see security advisory FreeBSD-SA-01:55). &merged; - The PARANOID hostname checking in + The PARANOID hostname checking in tcp_wrappers now works as advertised (see security advisory FreeBSD-SA-01:56). &merged; - A local root exploit in &man.sendmail.8; has been closed + A local root exploit in &man.sendmail.8; has been closed (see security advisory FreeBSD-SA-01:57). &merged; - A remote root vulnerability in &man.lpd.8; has been closed + A remote root vulnerability in &man.lpd.8; has been closed (see security advisory FreeBSD-SA-01:58). &merged; - A race condition in &man.rmuser.8; that briefly exposed a + A race condition in &man.rmuser.8; that briefly exposed a world-readable /etc/master.passwd has been fixed (see security advisory FreeBSD-SA-01:59). &merged; - A vulnerability in UUCP has been + A vulnerability in UUCP has been closed (see security advisory FreeBSD-SA-01:62). All non-root-owned binaries in standard system paths now have the schg flag set to prevent @@ -2026,112 +2020,108 @@ A security hole in the form of a buffer overflow in the &man.semop.2; system call has been closed. &merged; - A security hole in OpenSSH, which + A security hole in OpenSSH, which could allow users to execute code with arbitrary privileges if UseLogin yes was set, has been closed. Note that the default value of this setting is UseLogin no. (See security advisory FreeBSD-SA-01:63.) &merged; - The use of an insecure temporary directory by + The use of an insecure temporary directory by &man.pkg.add.1; could permit a local attacker to modify the contents of binary packages while they were being installed. This hole has been closed. (See security advisory FreeBSD-SA-02:01.) &merged; - A race condition in &man.pw.8;, which could expose the + A race condition in &man.pw.8;, which could expose the contents of /etc/master.passwd, has been eliminated. (See security advisory FreeBSD-SA-02:02.) &merged; - A bug in &man.k5su.8; could have allowed a process that had + A bug in &man.k5su.8; could have allowed a process that had given up superuser privileges to regain them. This bug has been fixed. (See security advisory FreeBSD-SA-02:07.) &merged; - An off-by-one bug has been fixed in + An off-by-one bug has been fixed in OpenSSH's multiplexing code. This bug could have allowed an authenticated remote user to cause &man.sshd.8; to execute arbitrary code with superuser privileges, or allowed a malicious SSH server to execute arbitrary code on the client system with the privileges of the client user. (See security - advisory FreeBSD-SA-02:13.) + advisory FreeBSD-SA-02:13.) &merged; - A programming error in zlib could + A programming error in zlib could result in attempts to free memory multiple times. The &man.malloc.3;/&man.free.3; routines used in &os; are not vulnerable to this error, but applications receiving specially-crafted blocks of invalid compressed data could be made to function incorrectly or abort. This zlib bug has been fixed. For a - workaround and solutions, see security advisory FreeBSD-SA-02:18. + workaround and solutions, see security advisory FreeBSD-SA-02:18. &merged; - Bugs in the TCP SYN cache (syncache) and SYN + Bugs in the TCP SYN cache (syncache) and SYN cookie (syncookie) implementations, which could cause legitimate TCP/IP traffic to crash a machine, have been fixed. For a workaround and patches, see security advisory - FreeBSD-SA-02:20. + FreeBSD-SA-02:20. &merged; - A routing table memory leak, which could allow a remote + A routing table memory leak, which could allow a remote attacker to exhaust the memory of a target machine, has been fixed. A workaround and patches can be found in security - advisory FreeBSD-SA-02:21. + advisory FreeBSD-SA-02:21. &merged; - A bug with memory-mapped I/O, which could cause a system + A bug with memory-mapped I/O, which could cause a system crash, has been fixed. For more information about a solution, - see security advisory FreeBSD-SA-02:22. + see security advisory + FreeBSD-SA-02:22. &merged; - A security hole, in which SUID programs could be made to + A security hole, in which SUID programs could be made to read from or write to inappropriate files through manipulation of their standard I/O file descriptors, has been fixed. Information regarding a solution can be found in security - advisory FreeBSD-SA-02:23. + advisory + FreeBSD-SA-02:23. &merged; - Some unexpected behavior could be allowed with &man.k5su.8; + Some unexpected behavior could be allowed with &man.k5su.8; because it does not require that an invoking user be a member of the wheel group when attempting to become the superuser (this is the case with &man.su.1;). To avoid this situation, &man.k5su.8; is now installed non-SUID by default (effectively disabling it). More information can be found in - security advisory FreeBSD-SA-02:24. + security advisory + FreeBSD-SA-02:24. &merged; - Multiple vulnerabilities were found in the &man.bzip2.1; + Multiple vulnerabilities were found in the &man.bzip2.1; utility, which could allow files to be overwritten without warning or allow local users unintended access to files. These problems have been corrected with a new import of bzip2. For more information, see - security advisory FreeBSD-SA-02:25. + security advisory + FreeBSD-SA-02:25. &merged; - A bug has been fixed in the implementation of the TCP SYN + A bug has been fixed in the implementation of the TCP SYN cache (syncache), which could allow a remote attacker to deny access to a service when accept filters (see &man.accept.filter.9;) were in use. This bug has been - fixed; for more information, see security advisory FreeBSD-SA-02:26. + fixed; for more information, see security advisory + FreeBSD-SA-02:26. &merged; - Due to a bug in &man.rc.8;'s use of shell globbing, users + Due to a bug in &man.rc.8;'s use of shell globbing, users may be able to remove the contents of arbitrary files if /tmp/.X11-unix does not exist and the system can be made to reboot. This bug has been corrected (see - security advisory FreeBSD-SA-02:27). + security advisory + FreeBSD-SA-02:27. &merged; A buffer overflow in the resolver, which could be exploited @@ -2317,7 +2307,7 @@ &man.calendar.1; now takes a option, which operates similar to but without - special treatment at weekends, and a option + special treatment at weekends, and a option to change the notion of Friday. A minimalized version of &man.camcontrol.8; is @@ -2378,7 +2368,7 @@ &man.chown.8; no longer takes . as a user/group delimeter. This change was made to support usernames - containing a .. + containing a . character. Use of the CSMG_* macros no longer require inclusion of @@ -2432,7 +2422,7 @@ functionality of &man.pccardd.8;. - &man.devd.8; is work-in-progress. + &man.devd.8; is a work in progress. @@ -2516,7 +2506,7 @@ &man.fdread.1;, a program to read data from floppy disks, has been added. It is a counterpart to &man.fdwrite.1; and is designed to provide a means of recovering at least some data - from bad media, and to obviate for a complex invocation of + from bad media, and to obviate the need for a complex invocation of &man.dd.1;. &man.find.1; now takes the flag, @@ -3087,7 +3077,7 @@ space. &merged; A number of archaic features of &man.newfs.8; have been - removed; these implement tuning features that are essentially + removed; these implemented tuning features that are essentially useless on modern hard disks. These features were controlled by the , , , , , @@ -3300,7 +3290,7 @@ &man.rcmd.3; now supports the use of the RSH environment variable to specify a program to use other than &man.rsh.1; for remote execution. As a result, - programs such as &man.dump.8;, can use &man.ssh.1; for remote + programs such as &man.dump.8; can use &man.ssh.1; for remote transport. &man.rdist.1; has been retired from the base system, but is @@ -3525,7 +3515,10 @@ deleted. &merged; &man.sysinstall.8; no longer mounts the &man.procfs.5; - filesystem by default on new installs. >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message