Date: Mon, 25 Nov 2002 14:21:13 -0800 (PST) From: Peter Wemm <peter@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 21505 for review Message-ID: <200211252221.gAPMLDaS017617@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=21505 Change 21505 by peter@peter_daintree on 2002/11/25 14:20:59 IFC @21504 Affected files ... .. //depot/projects/ia64/bin/chmod/chmod.1#7 integrate .. //depot/projects/ia64/bin/expr/expr.1#7 integrate .. //depot/projects/ia64/bin/ls/ls.1#13 integrate .. //depot/projects/ia64/include/Makefile#19 integrate .. //depot/projects/ia64/libexec/ftpd/ftpd.8#6 integrate .. //depot/projects/ia64/release/doc/en_US.ISO8859-1/early-adopter/article.sgml#4 integrate .. //depot/projects/ia64/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#52 integrate .. //depot/projects/ia64/sbin/disklabel/disklabel.8#9 integrate .. //depot/projects/ia64/sbin/ifconfig/ifconfig.8#16 integrate .. //depot/projects/ia64/sbin/rcorder/rcorder.8#4 integrate .. //depot/projects/ia64/share/examples/scsi_target/Makefile#3 integrate .. //depot/projects/ia64/share/man/man4/Makefile#24 integrate .. //depot/projects/ia64/share/man/man4/ppc.4#2 integrate .. //depot/projects/ia64/sys/cam/scsi/scsi_target.c#4 integrate .. //depot/projects/ia64/sys/dev/acpica/acpi_pcib_acpi.c#5 integrate .. //depot/projects/ia64/sys/dev/em/if_em.c#14 integrate .. //depot/projects/ia64/sys/dev/pci/pci_pci.c#12 integrate .. //depot/projects/ia64/sys/dev/sound/pci/emu10k1.c#3 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/buffer.c#4 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/channel.c#7 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/feeder.c#5 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/feeder_fmt.c#3 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/feeder_rate.c#2 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/sndstat.c#4 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/sound.c#9 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/sound.h#5 integrate .. //depot/projects/ia64/sys/dev/sound/pcm/vchan.c#4 integrate .. //depot/projects/ia64/sys/dev/sound/usb/uaudio_pcm.c#2 integrate .. //depot/projects/ia64/sys/pci/if_dc.c#19 integrate .. //depot/projects/ia64/sys/vm/vm_map.c#34 integrate .. //depot/projects/ia64/usr.bin/getconf/Makefile#3 integrate Differences ... ==== //depot/projects/ia64/bin/chmod/chmod.1#7 (text+ko) ==== @@ -33,7 +33,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)chmod.1 8.4 (Berkeley) 3/31/94 -.\" $FreeBSD: src/bin/chmod/chmod.1,v 1.34 2002/11/04 06:46:53 tjr Exp $ +.\" $FreeBSD: src/bin/chmod/chmod.1,v 1.35 2002/11/25 14:18:42 ru Exp $ .\" .Dd March 31, 1994 .Dt CHMOD 1 @@ -56,13 +56,22 @@ operand. .Pp The options are as follows: -.Bl -tag -width Ds +.Bl -tag -width indent +.It Fl f +Do not display a diagnostic message if +.Nm +could not modify the mode for +.Va file , +nor modify the exit status to reflect such failures. .It Fl H If the .Fl R option is specified, symbolic links on the command line are followed. (Symbolic links encountered in the tree traversal are not followed by default.) +.It Fl h +If the file is a symbolic link, change the mode of the link itself +rather than the file that the link points to. .It Fl L If the .Fl R @@ -75,14 +84,6 @@ .It Fl R Change the modes of the file hierarchies rooted in the files instead of just the files themselves. -.It Fl f -Do not display a diagnostic message if -.Nm -could not modify the mode for -.Va file . -.It Fl h -If the file is a symbolic link, change the mode of the link itself -rather than the file that the link points to. .It Fl v Cause .Nm @@ -115,22 +116,24 @@ .Pp .Bl -tag -width 6n -compact -offset indent .It Li 4000 -(the set-user-ID-on-execution bit) Executable files with this bit set +(the setuid bit). +Executable files with this bit set will run with effective uid set to the uid of the file owner. -Directories with the set-user-id bit set will force all files and +Directories with this bit set will force all files and sub-directories created in them to be owned by the directory owner and not by the uid of the creating process, if the underlying file system supports this feature: see .Xr chmod 2 and the -.Ar suiddir +.Cm suiddir option to .Xr mount 8 . .It Li 2000 -(the set-group-ID-on-execution bit) Executable files with this bit set +(the setgid bit). +Executable files with this bit set will run with effective gid set to the gid of the file owner. .It Li 1000 -(the sticky bit) +(the sticky bit). See .Xr chmod 2 and ==== //depot/projects/ia64/bin/expr/expr.1#7 (text+ko) ==== @@ -28,7 +28,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $FreeBSD: src/bin/expr/expr.1,v 1.21 2002/10/28 00:15:42 wollman Exp $ +.\" $FreeBSD: src/bin/expr/expr.1,v 1.22 2002/11/25 13:20:30 ru Exp $ .\" .Dd May 10, 2002 .Dt EXPR 1 @@ -135,8 +135,9 @@ New applications are advised to use shell arithmetic rather than .Nm . .Ss Compatibility with previous implementations -Unless -.Fx 4.x +Unless +.Fx +4.x compatibility is enabled, this version of .Nm adheres to the @@ -174,7 +175,6 @@ For historical reasons, defining the environment variable .Ev EXPR_COMPAT also enables compatibility mode. -.Pp .Sh ENVIRONMENT .Bl -tag -width ".Ev EXPR_COMPAT" .It Ev EXPR_COMPAT ==== //depot/projects/ia64/bin/ls/ls.1#13 (text+ko) ==== @@ -33,7 +33,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)ls.1 8.7 (Berkeley) 7/29/94 -.\" $FreeBSD: src/bin/ls/ls.1,v 1.71 2002/11/03 07:29:08 tjr Exp $ +.\" $FreeBSD: src/bin/ls/ls.1,v 1.72 2002/11/25 13:52:57 ru Exp $ .\" .Dd May 19, 2002 .Dt LS 1 @@ -420,10 +420,10 @@ .Pp The next field contains a plus -.Pq Sq Li + +.Pq Ql + character if the file has an ACL, or a space -.Pq Sq Li " " +.Pq Ql " " if it does not. The .Nm @@ -461,7 +461,7 @@ will be displayed in units of that size block. .It Ev CLICOLOR Use -\*[Ai] +.Tn ANSI color sequences to distinguish file types. See .Ev LSCOLORS @@ -570,7 +570,7 @@ .El .Pp Note that the above are standard -\*[Ai] +.Tn ANSI colors. The actual display may differ depending on the color capabilities of the terminal in use. @@ -648,8 +648,11 @@ utility conforms to .St -p1003.1-2001 . .Pp -.No The ACL support is compatible with IEEE\ Std\ 1003.2c\ ( Ns Dq "POSIX.2c" Ns ) -Draft\ 17 +The ACL support is compatible with +.Tn IEEE +Std\~1003.2c +.Pq Dq Tn POSIX Ns .2c +Draft\~17 (withdrawn). .Sh HISTORY An ==== //depot/projects/ia64/include/Makefile#19 (text+ko) ==== @@ -1,5 +1,5 @@ # @(#)Makefile 8.2 (Berkeley) 1/4/94 -# $FreeBSD: src/include/Makefile,v 1.189 2002/11/21 23:34:57 julian Exp $ +# $FreeBSD: src/include/Makefile,v 1.190 2002/11/25 08:55:50 ru Exp $ # # Doing a make install builds /usr/include # @@ -41,10 +41,9 @@ security/lomac security/mac_biba security/mac_bsdextended \ security/mac_mls security/mac_partition ufs/ffs ufs/ufs - -# For SHARED=symlinks, cam and netatm are symlinks, so cam/scsi and netatm/* -# are taken care of -LSYMSUBDIRS= ${LSUBDIRS:Ncam/scsi:Nnetatm/*:Nnetgraph/bluetooth/*} +# For SHARED=symlinks, cam, netatm, and netgraph are symlinks, so cam/scsi, +# netatm/*, and netgraph/* are taken care of +LSYMSUBDIRS= ${LSUBDIRS:Ncam/scsi:Nnetatm/*:Nnetgraph/*} # Define SHARED to indicate whether you want symbolic links to the system # source (``symlinks''), or a separate copy (``copies''). ``symlinks'' is ==== //depot/projects/ia64/libexec/ftpd/ftpd.8#6 (text+ko) ==== @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 -.\" $FreeBSD: src/libexec/ftpd/ftpd.8,v 1.54 2002/08/23 09:06:27 yar Exp $ +.\" $FreeBSD: src/libexec/ftpd/ftpd.8,v 1.55 2002/11/25 15:20:06 ru Exp $ .\" .Dd January 27, 2000 .Dt FTPD 8 @@ -40,12 +40,12 @@ .Nd Internet File Transfer Protocol server .Sh SYNOPSIS .Nm -.Op Fl 46AdDEmMoOrRSUvW +.Op Fl 46ADdEMmOoRrSUvW .Op Fl l Op Fl l .Op Fl a Ar address .Op Fl p Ar file +.Op Fl T Ar maxtimeout .Op Fl t Ar timeout -.Op Fl T Ar maxtimeout .Op Fl u Ar umask .Sh DESCRIPTION The @@ -82,16 +82,13 @@ is specified, accept connections via .Dv AF_INET6 socket. +.It Fl A +Allow only anonymous ftp access. .It Fl a When .Fl D is specified, accept connections only on the specified .Ar address . -.It Fl A -Allow only anonymous ftp access. -.It Fl d -Debugging information is written to the syslog using -.Dv LOG_FTP . .It Fl D With this option set, .Nm @@ -102,6 +99,9 @@ from .Xr inetd 8 and is thus useful on busy servers to reduce load. +.It Fl d +Debugging information is written to the syslog using +.Dv LOG_FTP . .It Fl E Disable the EPSV command. This is useful for servers behind older firewalls. @@ -113,38 +113,31 @@ If this option is specified twice, the retrieve (get), store (put), append, delete, make directory, remove directory and rename operations and their filename arguments are also logged. -Note: -.Dv LOG_FTP -messages -are not displayed by +By default, .Xr syslogd 8 -by default, and may have to be enabled in -.Xr syslogd 8 Ns 's -configuration file. +logs these to +.Pa /var/log/xferlog . +.It Fl M +Prevent anonymous users from creating directories. .It Fl m Permit anonymous users to overwrite or modify -existing files if allowed by filesystem permissions. +existing files if allowed by file system permissions. By default, anonymous users cannot modify existing files; in particular, files to upload will be created under a unique name. -.It Fl M -Prevent anonymous users from creating directories. -.It Fl o -Put server in write-only mode. -RETR is disabled, preventing downloads. .It Fl O Put server in write-only mode for anonymous users only. RETR is disabled for anonymous users, preventing anonymous downloads. This has no effect if .Fl o is also specified. +.It Fl o +Put server in write-only mode. +RETR is disabled, preventing downloads. .It Fl p When .Fl D is specified, write the daemon's process ID to .Ar file . -.It Fl r -Put server in read-only mode. -All commands which may modify the local filesystem are disabled. .It Fl R With this option set, .Nm @@ -155,16 +148,15 @@ will only honor PORT commands directed to unprivileged ports on the remote user's host (which violates the FTP protocol specification but closes some security holes). +.It Fl r +Put server in read-only mode. +All commands which may modify the local file system are disabled. .It Fl S With this option set, .Nm logs all anonymous file downloads to the file .Pa /var/log/ftpd when this file exists. -.It Fl t -The inactivity timeout period is set to -.Ar timeout -seconds (the default is 15 minutes). .It Fl T A client may also request a different timeout period; the maximum period allowed may be set to @@ -173,6 +165,17 @@ .Fl T option. The default limit is 2 hours. +.It Fl t +The inactivity timeout period is set to +.Ar timeout +seconds (the default is 15 minutes). +.It Fl U +In previous versions of +.Nm , +when a passive mode client requested a data connection to the server, +the server would use data ports in the range 1024..4999. Now, by default, +the server will use data ports in the range 49152..65535. Specifying this +option will revert to the old behavior. .It Fl u The default file creation mode mask is set to .Ar umask , @@ -180,18 +183,11 @@ Refer to .Xr umask 2 for details. -.It Fl U -In previous versions of -.Nm , -when a passive mode client requested a data connection to the server, -the server would use data ports in the range 1024..4999. Now, by default, -the server will use data ports in the range 49152..65535. Specifying this -option will revert to the old behavior. .It Fl v A synonym for .Fl d . .It Fl W -Don't log FTP sessions to +Do not log FTP sessions to .Pa /var/log/wtmp . .El .Pp @@ -269,7 +265,7 @@ .El .Pp The following non-standard or -.Tn UNIX +.Ux specific commands are supported by the SITE request. @@ -488,7 +484,7 @@ .Pa ~/bin directory exist. .Sh FILES -.Bl -tag -width /etc/ftpwelcome -compact +.Bl -tag -width ".Pa /var/log/xferlog" -compact .It Pa /etc/ftpusers List of unwelcome/restricted users. .It Pa /etc/ftpchroot @@ -503,6 +499,8 @@ Displayed and access refused. .It Pa /var/log/ftpd Log file for anonymous transfers. +.It Pa /var/log/xferlog +Default place for session logs. .El .Sh SEE ALSO .Xr ftp 1 , ==== //depot/projects/ia64/release/doc/en_US.ISO8859-1/early-adopter/article.sgml#4 (text+ko) ==== @@ -26,7 +26,7 @@ <corpauthor>The &os; Release Engineering Team</corpauthor> </authorgroup> - <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/early-adopter/article.sgml,v 1.5 2002/11/03 22:06:48 ceri Exp $</pubdate> + <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/early-adopter/article.sgml,v 1.6 2002/11/25 21:14:16 keramida Exp $</pubdate> <copyright> <year>2002</year> @@ -412,7 +412,7 @@ <para>While &os; 5.0 contains a number of new and exciting features, it may not be suitable for all users at this time. In this document, we presented some background on release - engineering, some of the more notable new features of the 5.0 + engineering, some of the more notable new features of the 5.<replaceable>X</replaceable> series, and some drawbacks to early adoption. We also presented some future plans for the 4-STABLE development branch and some tips on upgrading for early adopters.</para> ==== //depot/projects/ia64/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#52 (text+ko) ==== @@ -3,7 +3,7 @@ <corpauthor>The FreeBSD Project</corpauthor> - <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.455 2002/11/23 00:31:58 njl Exp $</pubdate> + <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.456 2002/11/25 21:12:52 bmah Exp $</pubdate> <copyright> <year>2000</year> @@ -85,7 +85,7 @@ <para>Typical release note items document new drivers or hardware support, new commands or options, major bugfixes, or contributed software upgrades. Applicable security - advisories issued after &release.prev; are also listed.</para> + advisories issued after &release.prev.historic; are also listed.</para> <para>Many additional changes were made to &os; that are not listed here for lack of space. For example, documentation was corrected @@ -138,10 +138,9 @@ and supports more flexible attachment of devices, has been largely reworked. &man.devfs.5; is now enabled by default and can be disabled by the <literal>NODEVFS</literal> kernel - option.</para> - - <para>The &man.devfs.5; <quote>rule</quote> subsystem has been introduced. DEVFS rules - permit the administrator to define certain properties of new device + option. + A <quote>rule</quote> subsystem + permits the administrator to define certain properties of new device nodes before they become visible to the userland. Both static (e.g. <filename>/dev/speaker</filename>) and dynamic (e.g. <filename>/dev/bpf*</filename>, some removable devices) nodes are @@ -150,12 +149,11 @@ jails. Rules and rulesets are manipulated with the &man.devfs.8; utility.</para> - <para>The dgm driver has been removed in favor of the digi driver.</para> - <para>A new digi driver has been added to support PCI Xr-based and ISA Xem Digiboard cards. A new &man.digictl.8; program is (mainly) used to re-initialize cards that have external port - modules attached such as the PC/Xem.</para> + modules attached such as the PC/Xem. This driver replaces the older + dgm driver.</para> <para>An &man.eaccess.2; system call has been added, similar to &man.access.2; except that the former uses effective credentials @@ -233,7 +231,7 @@ <para>&os; now supports an extensible Mandatory Access Control framework, the TrustedBSD MAC Framework. It permits loadable kernel modules to link to the kernel at compile-time, boot-time, - or run-time, and augment the system security policy. The + or run-time to augment the system security policy. The framework permits modules to express interest in a variety of events, and also provides common security policy services such as label storage. A variety of sample policy modules are @@ -471,7 +469,7 @@ instance is desired. &merged;</para> <para>It is now possible to hardwire kernel environment variables - (such as tuneables) at compile-time using &man.config.8;'s + (such as tunables) at compile-time using &man.config.8;'s <literal>ENV</literal> directive.</para> <para>Idle zeroing of pages can be enabled with the @@ -558,7 +556,7 @@ improve performance on the 80386 due to the elimination of runtime processor type checks. Custom kernels that will run on the 80386 can - still be built by changing the cpu options in the kernel + still be built by changing the CPU options in the kernel configuration file to only include <literal>I386_CPU</literal>.</para> @@ -995,7 +993,7 @@ support for VLANs is also supported. &merged;</para> <para>A <literal>FAST_IPSEC</literal> kernel option now allows - the IPsec implementation to use the kernel crypo framework, + the IPsec implementation to use the kernel &man.crypto.4; framework, along with its support for hardware cryptographic acceleration. <note> @@ -1040,7 +1038,7 @@ commonly referred to as <quote>IPFW2</quote>). It now uses variable-sized representation of rules in the kernel, similar to &man.bpf.4; instructions. Most of the externally-visible - behavior (i.e. through &man.ipfw.8;) should be unchanged., + behavior (i.e. through &man.ipfw.8;) should be unchanged, although &man.ipfw.8; now supports <literal>or</literal> connectives between match fields. &merged;</para> @@ -1193,7 +1191,7 @@ <varname>net.inet.tcp.rexmit_min</varname> and <varname>net.inet.tcp.rexmit_slop</varname>. The default has been reduced from one second to 200ms (similar to the Linux default) - in order to better handle hicups over interactive connections and + in order to better handle hiccups over interactive connections and improve recovery over lossy fast connections such as wireless links.</para> <para>The &man.tcp.4; protocol now has the ability to dynamically @@ -1309,7 +1307,7 @@ driver supports the Compaq SmartRAID 5* family of RAID controllers (5300, 532, 5i). &merged;</para> - <para>The &man.fdc.4; floppy disk has undergone a number of + <para>The &man.fdc.4; floppy disk driver has undergone a number of enhancements. Density selection for common settings is now automatic; the driver is also much more flexible in setting the densities of various subdevices.</para> @@ -1326,7 +1324,7 @@ refer to a disk partition without specifying an MBR slice (e.g. <filename>/dev/ad0a</filename>); the kernel would automatically find the first applicable &os; slice and use - it. On GEOM kernels, only the full partition names + it. On GEOM-enabled kernels (the default), only the full partition names (e.g. <filename>/dev/ad0s1a</filename>) are allowed when referring to partitions within MBR slices. This change should affect very few users.</para> @@ -1437,7 +1435,7 @@ <sect3> <title>Filesystems</title> - <para>Support for named extended attributes was added to the + <para>Support for named extended attributes has been added to the &os; kernel. This allows the kernel, and appropriately privileged userland processes, to tag files and directories with attribute data. Extended attributes were added to @@ -1455,10 +1453,6 @@ Details can be found in <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> -<!-- The following note needs to be made more specific or eliminated. --> - <para>Softupdates for FFS have received some bug fixes and - enhancements.</para> - <para>When running with softupdates, &man.statfs.2; and &man.df.1; will track the number of blocks and files that are committed to being freed.</para> @@ -1819,45 +1813,45 @@ or disabling various system services in &man.rc.conf.5; on new installs. &merged;</para> - <para>A bug in which malformed ELF executable images can hang the + <para role="historic">A bug in which malformed ELF executable images can hang the system has been fixed (see security advisory FreeBSD-SA-00:41). &merged;</para> - <para>A security hole in Linux emulation was fixed (see security + <para role="historic">A security hole in Linux emulation was fixed (see security advisory FreeBSD-SA-00:42). &merged;</para> <para role="historic">String-handling library calls in many programs were fixed to reduce the possibility of buffer overflow-related exploits. &merged;</para> - <para>TCP now uses stronger randomness in choosing its initial + <para role="historic">TCP now uses stronger randomness in choosing its initial sequence numbers (see security advisory FreeBSD-SA-00:52). &merged;</para> - <para>Several buffer overflows in &man.tcpdump.1; were corrected + <para role="historic">Several buffer overflows in &man.tcpdump.1; were corrected (see security advisory FreeBSD-SA-00:61). &merged;</para> - <para>A security hole in &man.top.1; was corrected (see security + <para role="historic">A security hole in &man.top.1; was corrected (see security advisory FreeBSD-SA-00:62). &merged;</para> - <para>A potential security hole caused by an off-by-one-error in + <para role="historic">A potential security hole caused by an off-by-one-error in &man.gethostbyname.3; has been fixed (see security advisory FreeBSD-SA-00:63). &merged;</para> - <para>A potential buffer overflow in the &man.ncurses.3; library, + <para role="historic">A potential buffer overflow in the &man.ncurses.3; library, which could cause arbitrary code to be run from within &man.systat.1;, has been corrected (see security advisory FreeBSD-SA-00:68). &merged;</para> - <para>A vulnerability in &man.telnetd.8; that could cause it to + <para role="historic">A vulnerability in &man.telnetd.8; that could cause it to consume large amounts of server resources has been fixed (see security advisory FreeBSD-SA-00:69). &merged;</para> - <para>The <literal>nat deny_incoming</literal> command in + <para role="historic">The <literal>nat deny_incoming</literal> command in &man.ppp.8; now works correctly (see security advisory FreeBSD-SA-00:70). &merged;</para> - <para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files + <para role="historic">A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files that could allow overwriting of arbitrary user-writable files has been closed (see security advisory FreeBSD-SA-00:76). &merged;</para> @@ -1872,33 +1866,33 @@ <para role="historic">&man.telnet.1; now does a better job of sanitizing its environment. &merged;</para> - <para>Several vulnerabilities in &man.procfs.5; were fixed (see + <para role="historic">Several vulnerabilities in &man.procfs.5; were fixed (see security advisory FreeBSD-SA-00:77). &merged;</para> - <para>A bug in <application>OpenSSH</application> in which a + <para role="historic">A bug in <application>OpenSSH</application> in which a server was unable to disable &man.ssh-agent.1; or <literal>X11Forwarding</literal> was fixed (see security advisory FreeBSD-SA-01:01). &merged;</para> - <para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP + <para role="historic">A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP segments could incorrectly be treated as being part of an <literal>established</literal> connection has been fixed (see security advisory FreeBSD-SA-01:08). &merged;</para> - <para>A bug in &man.crontab.1; that could allow users to read any + <para role="historic">A bug in &man.crontab.1; that could allow users to read any file on the system in valid &man.crontab.5; syntax has been fixed (see security advisory FreeBSD-SA-01:09). &merged;</para> - <para>A vulnerability in &man.inetd.8; that could allow + <para role="historic">A vulnerability in &man.inetd.8; that could allow read-access to the initial 16 bytes of <groupname>wheel</groupname>-accessible files has been fixed (see security advisory FreeBSD-SA-01:11). &merged;</para> - <para>A bug in &man.periodic.8; that used insecure temporary files + <para role="historic">A bug in &man.periodic.8; that used insecure temporary files has been corrected (see security advisory FreeBSD-SA-01:12). &merged;</para> - <para><application>OpenSSH</application> now has code to prevent + <para role="historic"><application>OpenSSH</application> now has code to prevent (instead of just mitigating through connection limits) an attack that can lead to guessing the server key (not host key) by regenerating the server key when an RSA failure is detected (see @@ -1914,42 +1908,42 @@ <para role="historic">A bug in ICMP that could cause an attacker to disrupt TCP and UDP <quote>sessions</quote> has been corrected. &merged;</para> - <para>A bug in &man.timed.8;, which caused it to crash if send + <para role="historic">A bug in &man.timed.8;, which caused it to crash if send certain malformed packets, has been corrected (see security advisory FreeBSD-SA-01:28). &merged;</para> - <para>A bug in &man.rwhod.8;, which caused it to crash if send + <para role="historic">A bug in &man.rwhod.8;, which caused it to crash if send certain malformed packets, has been corrected (see security advisory FreeBSD-SA-01:29). &merged;</para> - <para>A security hole in &os;'s FFS and EXT2FS implementations, + <para role="historic">A security hole in &os;'s FFS and EXT2FS implementations, which allowed a race condition that could cause users to have unauthorized access to data, has been fixed (see security advisory FreeBSD-SA-01:30). &merged;</para> - <para>A remotely-exploitable vulnerability in &man.ntpd.8; has + <para role="historic">A remotely-exploitable vulnerability in &man.ntpd.8; has been closed (see security advisory FreeBSD-SA-01:31). &merged;</para> - <para>A security hole in <application>IPFilter</application>'s + <para role="historic">A security hole in <application>IPFilter</application>'s fragment cache has been closed (see security advisory FreeBSD-SA-01:32). &merged;</para> - <para>Buffer overflows in &man.glob.3;, which could cause + <para role="historic">Buffer overflows in &man.glob.3;, which could cause arbitrary code to be run on an FTP server, have been closed. In addition, to prevent some forms of DOS attacks, &man.glob.3; allows specification of a limit on the number of pathname matches it will return. &man.ftpd.8; now uses this feature (see security advisory FreeBSD-SA-01:33). &merged;</para> - <para>Initial sequence numbers in TCP are more thoroughly + <para role="historic">Initial sequence numbers in TCP are more thoroughly randomized (see security advisory FreeBSD-SA-01:39). Due to some possible compatibility issues, the behavior of this security fix can be enabled or disabled via the <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl variable.&merged;</para> - <para>A vulnerability in the &man.fts.3; routines (used by + <para role="historic">A vulnerability in the &man.fts.3; routines (used by applications for recursively traversing a filesystem) could allow a program to operate on files outside the intended directory hierarchy. This bug has been fixed (see security @@ -1959,19 +1953,19 @@ user's UID before attempting to unlink the authentication forwarding file, nullifying the effects of a race.</para> - <para>A flaw allowed some signal handlers to remain in effect in a + <para role="historic">A flaw allowed some signal handlers to remain in effect in a child process after being exec-ed from its parent. This allowed an attacker to execute arbitrary code in the context of a setuid binary. This flaw has been corrected (see security advisory FreeBSD-SA-01:42). &merged;</para> - <para>A remote buffer overflow in &man.tcpdump.1; has been fixed + <para role="historic">A remote buffer overflow in &man.tcpdump.1; has been fixed (see security advisory FreeBSD-SA-01:48). &merged;</para> - <para>A remote buffer overflow in &man.telnetd.8; has been fixed + <para role="historic">A remote buffer overflow in &man.telnetd.8; has been fixed (see security advisory FreeBSD-SA-01:49). &merged;</para> - <para>The new <varname>net.inet.ip.maxfragpackets</varname> and + <para role="historic">The new <varname>net.inet.ip.maxfragpackets</varname> and <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables limit the amount of memory that can be consumed by IPv4 and IPv6 packet fragments, which defends against some denial of service @@ -1984,33 +1978,33 @@ installations, as well as editing <filename>inetd.conf</filename>. &merged;</para> - <para>A flaw in the implementation of the &man.ipfw.8; + <para role="historic">A flaw in the implementation of the &man.ipfw.8; <literal>me</literal> rules on point-to-point links has been corrected. Formerly, <literal>me</literal> filter rules would match the remote IP address of a point-to-point interface in addition to the intended local IP address (see security advisory FreeBSD-SA-01:53). &merged;</para> - <para>A vulnerability in &man.procfs.5;, which could allow a + <para role="historic">A vulnerability in &man.procfs.5;, which could allow a process to read sensitive information from another process's memory space, has been closed (see security advisory FreeBSD-SA-01:55). &merged;</para> - <para>The <literal>PARANOID</literal> hostname checking in + <para role="historic">The <literal>PARANOID</literal> hostname checking in <application>tcp_wrappers</application> now works as advertised (see security advisory FreeBSD-SA-01:56). &merged;</para> - <para>A local root exploit in &man.sendmail.8; has been closed + <para role="historic">A local root exploit in &man.sendmail.8; has been closed (see security advisory FreeBSD-SA-01:57). &merged;</para> - <para>A remote root vulnerability in &man.lpd.8; has been closed + <para role="historic">A remote root vulnerability in &man.lpd.8; has been closed (see security advisory FreeBSD-SA-01:58). &merged;</para> - <para>A race condition in &man.rmuser.8; that briefly exposed a + <para role="historic">A race condition in &man.rmuser.8; that briefly exposed a world-readable <filename>/etc/master.passwd</filename> has been fixed (see security advisory FreeBSD-SA-01:59). &merged;</para> - <para>A vulnerability in <application>UUCP</application> has been + <para role="historic">A vulnerability in <application>UUCP</application> has been closed (see security advisory FreeBSD-SA-01:62). All non-<username>root</username>-owned binaries in standard system paths now have the <literal>schg</literal> flag set to prevent @@ -2026,112 +2020,108 @@ <para role="historic">A security hole in the form of a buffer overflow in the &man.semop.2; system call has been closed. &merged;</para> - <para>A security hole in <application>OpenSSH</application>, which + <para role="historic">A security hole in <application>OpenSSH</application>, which could allow users to execute code with arbitrary privileges if <literal>UseLogin yes</literal> was set, has been closed. Note that the default value of this setting is <literal>UseLogin no</literal>. (See security advisory FreeBSD-SA-01:63.) &merged;</para> - <para>The use of an insecure temporary directory by + <para role="historic">The use of an insecure temporary directory by &man.pkg.add.1; could permit a local attacker to modify the contents of binary packages while they were being installed. This hole has been closed. (See security advisory FreeBSD-SA-02:01.) &merged;</para> - <para>A race condition in &man.pw.8;, which could expose the + <para role="historic">A race condition in &man.pw.8;, which could expose the contents of <filename>/etc/master.passwd</filename>, has been eliminated. (See security advisory FreeBSD-SA-02:02.) &merged;</para> - <para>A bug in &man.k5su.8; could have allowed a process that had + <para role="historic">A bug in &man.k5su.8; could have allowed a process that had given up superuser privileges to regain them. This bug has been fixed. (See security advisory FreeBSD-SA-02:07.) &merged;</para> - <para>An <quote>off-by-one</quote> bug has been fixed in + <para role="historic">An <quote>off-by-one</quote> bug has been fixed in <application>OpenSSH</application>'s multiplexing code. This bug could have allowed an authenticated remote user to cause &man.sshd.8; to execute arbitrary code with superuser privileges, or allowed a malicious SSH server to execute arbitrary code on the client system with the privileges of the client user. (See security - advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.) + advisory FreeBSD-SA-02:13.) &merged;</para> - <para>A programming error in <application>zlib</application> could + <para role="historic">A programming error in <application>zlib</application> could result in attempts to free memory multiple times. The &man.malloc.3;/&man.free.3; routines used in &os; are not vulnerable to this error, but applications receiving specially-crafted blocks of invalid compressed data could be made to function incorrectly or abort. This <application>zlib</application> bug has been fixed. For a - workaround and solutions, see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.v1.2.asc">FreeBSD-SA-02:18</ulink>. + workaround and solutions, see security advisory FreeBSD-SA-02:18. &merged;</para> - <para>Bugs in the TCP SYN cache (<quote>syncache</quote>) and SYN + <para role="historic">Bugs in the TCP SYN cache (<quote>syncache</quote>) and SYN cookie (<quote>syncookie</quote>) implementations, which could cause legitimate TCP/IP traffic to crash a machine, have been fixed. For a workaround and patches, see security advisory - <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc">FreeBSD-SA-02:20</ulink>. + FreeBSD-SA-02:20. &merged;</para> - <para>A routing table memory leak, which could allow a remote + <para role="historic">A routing table memory leak, which could allow a remote attacker to exhaust the memory of a target machine, has been fixed. A workaround and patches can be found in security - advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc">FreeBSD-SA-02:21</ulink>. + advisory FreeBSD-SA-02:21. &merged;</para> - <para>A bug with memory-mapped I/O, which could cause a system + <para role="historic">A bug with memory-mapped I/O, which could cause a system crash, has been fixed. For more information about a solution, - see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc">FreeBSD-SA-02:22</ulink>. + see security advisory + FreeBSD-SA-02:22. &merged;</para> - <para>A security hole, in which SUID programs could be made to + <para role="historic">A security hole, in which SUID programs could be made to read from or write to inappropriate files through manipulation of their standard I/O file descriptors, has been fixed. Information regarding a solution can be found in security - advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc">FreeBSD-SA-02:23</ulink>. + advisory + FreeBSD-SA-02:23. &merged;</para> - <para>Some unexpected behavior could be allowed with &man.k5su.8; + <para role="historic">Some unexpected behavior could be allowed with &man.k5su.8; because it does not require that an invoking user be a member of the <groupname>wheel</groupname> group when attempting to become the superuser (this is the case with &man.su.1;). To avoid this situation, &man.k5su.8; is now installed non-SUID by default (effectively disabling it). More information can be found in - security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc">FreeBSD-SA-02:24</ulink>. + security advisory + FreeBSD-SA-02:24. &merged;</para> - <para>Multiple vulnerabilities were found in the &man.bzip2.1; + <para role="historic">Multiple vulnerabilities were found in the &man.bzip2.1; utility, which could allow files to be overwritten without warning or allow local users unintended access to files. These problems have been corrected with a new import of <application>bzip2</application>. For more information, see - security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc">FreeBSD-SA-02:25</ulink>. + security advisory + FreeBSD-SA-02:25. &merged;</para> - <para>A bug has been fixed in the implementation of the TCP SYN + <para role="historic">A bug has been fixed in the implementation of the TCP SYN cache (<quote>syncache</quote>), which could allow a remote attacker to deny access to a service when accept filters (see &man.accept.filter.9;) were in use. This bug has been - fixed; for more information, see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:26.accept.asc">FreeBSD-SA-02:26</ulink>. + fixed; for more information, see security advisory + FreeBSD-SA-02:26. &merged;</para> - <para>Due to a bug in &man.rc.8;'s use of shell globbing, users + <para role="historic">Due to a bug in &man.rc.8;'s use of shell globbing, users may be able to remove the contents of arbitrary files if <filename>/tmp/.X11-unix</filename> does not exist and the system can be made to reboot. This bug has been corrected (see - security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc">FreeBSD-SA-02:27</ulink>). + security advisory + FreeBSD-SA-02:27. &merged;</para> <para>A buffer overflow in the resolver, which could be exploited @@ -2317,7 +2307,7 @@ <para>&man.calendar.1; now takes a <option>-W</option> option, which operates similar to <option>-A</option> but without - special treatment at weekends, and a <option>-F</option>option + special treatment at weekends, and a <option>-F</option> option to change the notion of <quote>Friday</quote>.</para> <para arch="i386,pc98" role="historic">A minimalized version of &man.camcontrol.8; is @@ -2378,7 +2368,7 @@ <para>&man.chown.8; no longer takes <literal>.</literal> as a user/group delimeter. This change was made to support usernames - containing a <literal>.</literal>.</para> + containing a <literal>.</literal> character.</para> <para>Use of the <literal>CSMG_*</literal> macros no longer require inclusion of @@ -2432,7 +2422,7 @@ functionality of &man.pccardd.8;. <note> - <para>&man.devd.8; is work-in-progress.</para> + <para>&man.devd.8; is a work in progress.</para> </note> </para> @@ -2516,7 +2506,7 @@ <para>&man.fdread.1;, a program to read data from floppy disks, has been added. It is a counterpart to &man.fdwrite.1; and is designed to provide a means of recovering at least some data - from bad media, and to obviate for a complex invocation of + from bad media, and to obviate the need for a complex invocation of &man.dd.1;.</para> <para role="historic">&man.find.1; now takes the <option>-empty</option> flag, @@ -3087,7 +3077,7 @@ space. &merged;</para> <para>A number of archaic features of &man.newfs.8; have been - removed; these implement tuning features that are essentially + removed; these implemented tuning features that are essentially useless on modern hard disks. These features were controlled by the <option>-O</option>, <option>-d</option>, <option>-k</option>, <option>-l</option>, <option>-n</option>, @@ -3300,7 +3290,7 @@ <para>&man.rcmd.3; now supports the use of the <envar>RSH</envar> environment variable to specify a program to use other than &man.rsh.1; for remote execution. As a result, - programs such as &man.dump.8;, can use &man.ssh.1; for remote + programs such as &man.dump.8; can use &man.ssh.1; for remote transport.</para> <para>&man.rdist.1; has been retired from the base system, but is @@ -3525,7 +3515,10 @@ deleted. &merged;</para> <para>&man.sysinstall.8; no longer mounts the &man.procfs.5; - filesystem by default on new installs.</para> >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211252221.gAPMLDaS017617>