diff options
Diffstat (limited to 'en_US.ISO8859-1/htdocs/releases/4.6.2R/relnotes-alpha.html')
| -rw-r--r-- | en_US.ISO8859-1/htdocs/releases/4.6.2R/relnotes-alpha.html | 1282 |
1 files changed, 1282 insertions, 0 deletions
diff --git a/en_US.ISO8859-1/htdocs/releases/4.6.2R/relnotes-alpha.html b/en_US.ISO8859-1/htdocs/releases/4.6.2R/relnotes-alpha.html new file mode 100644 index 0000000000..4e576f97e0 --- /dev/null +++ b/en_US.ISO8859-1/htdocs/releases/4.6.2R/relnotes-alpha.html @@ -0,0 +1,1282 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> + <head> + <meta name="generator" content="HTML Tidy, see www.w3.org"> + <title>FreeBSD/alpha 4.6.2-RELEASE Release Notes</title> + <meta name="GENERATOR" content= + "Modular DocBook HTML Stylesheet Version 1.73 "> + <link rel="STYLESHEET" type="text/css" href="docbook.css"> + </head> + + <body class="ARTICLE" bgcolor="#FFFFFF" text="#000000" link= + "#0000FF" vlink="#840084" alink="#0000FF"> + <div class="ARTICLE"> + <div class="TITLEPAGE"> + <h1 class="TITLE"><a name="AEN2">FreeBSD/alpha + 4.6.2-RELEASE Release Notes</a></h1> + + <h3 class="CORPAUTHOR">The FreeBSD Project</h3> + + <p class="COPYRIGHT">Copyright © 2000, 2001, 2002 by + The FreeBSD Documentation Project</p> + + <p class="PUBDATE">$FreeBSD: + src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v + 1.22.2.249.2.13 2002/08/13 21:38:44 bmah Exp $<br> + </p> + + <div> + <div class="ABSTRACT"> + <a name="AEN11"></a> + + <p>The release notes for FreeBSD 4.6.2-RELEASE contain + a summary of the changes made to the FreeBSD base + system since 4.5-RELEASE. Both changes for kernel and + userland are listed, as well as applicable security + advisories for the base system that were issued since + the last release. Some brief remarks on upgrading are + also presented.</p> + </div> + </div> + <hr> + </div> + + <div class="TOC"> + <dl> + <dt><b>Table of Contents</b></dt> + + <dt>1 <a href="#AEN13">Introduction</a></dt> + + <dt>2 <a href="#AEN23">What's New</a></dt> + + <dd> + <dl> + <dt>2.1 <a href="#KERNEL">Kernel Changes</a></dt> + + <dd> + <dl> + <dt>2.1.1 <a href="#AEN54">Processor/Motherboard + Support</a></dt> + + <dt>2.1.2 <a href="#AEN60">Boot Loaders</a></dt> + + <dt>2.1.3 <a href="#AEN65">Network Interface + Support</a></dt> + + <dt>2.1.4 <a href="#AEN128">Network + Protocols</a></dt> + + <dt>2.1.5 <a href="#AEN145">Disks and + Storage</a></dt> + + <dt>2.1.6 <a href="#AEN171">Filesystems</a></dt> + + <dt>2.1.7 <a href="#AEN174">PCCARD + Support</a></dt> + + <dt>2.1.8 <a href="#AEN177">Multimedia + Support</a></dt> + + <dt>2.1.9 <a href="#AEN186">Contributed + Software</a></dt> + </dl> + </dd> + + <dt>2.2 <a href="#SECURITY">Security + Advisories</a></dt> + + <dt>2.3 <a href="#USERLAND">Userland Changes</a></dt> + + <dd> + <dl> + <dt>2.3.1 <a href="#AEN537">Contributed + Software</a></dt> + + <dt>2.3.2 <a href="#AEN625">Ports/Packages + Collection</a></dt> + </dl> + </dd> + + <dt>2.4 <a href="#AEN632">Release Engineering and + Integration</a></dt> + </dl> + </dd> + + <dt>3 <a href="#AEN645">Upgrading from previous releases + of FreeBSD</a></dt> + </dl> + </div> + + <div class="SECT1"> + <hr> + + <h1 class="SECT1"><a name="AEN13">1 Introduction</a></h1> + + <p>This document contains the release notes for FreeBSD + 4.6.2-RELEASE on the Alpha/AXP hardware platform. It + describes new features of FreeBSD that have been added (or + changed) since 4.5-RELEASE. It also provides some notes on + upgrading from previous versions of FreeBSD.</p> + + <p>This distribution of FreeBSD 4.6.2-RELEASE is a ``point + release'', intended to address some issues (primarily + security-related) discovered in FreeBSD 4.6-RELEASE. + Originally, it was to carry the version number 4.6.1. + However, several additional issues arose during the release + engineering process, causing added delays. To avoid + confusion, the release engineering and security teams + decided that it would be best to rename the + release-in-progress to 4.6.2.</p> + + <p>This distribution can be found at <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/releases" target= + "_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/releases</a> or + any of its mirrors. More information on obtaining this (or + other) release distributions of FreeBSD can be found in the + <a href= + "http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html" + target="_top">``Obtaining FreeBSD''</a> appendix in the <a + href= + "http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/" + target="_top">FreeBSD Handbook</a>.</p> + </div> + + <div class="SECT1"> + <hr> + + <h1 class="SECT1"><a name="AEN23">2 What's New</a></h1> + + <p>This section describes the most user-visible new or + changed features in FreeBSD since 4.5-RELEASE. Typical + release note items document new drivers or hardware + support, new commands or options, major bugfixes, or + contributed software upgrades. Security advisories for the + base system that were issued after 4.5-RELEASE are also + listed.</p> + + <p>Release note entries that describe changes specific to + this point release are marked with [4.6.2].</p> + + <div class="SECT2"> + <hr> + + <h2 class="SECT2"><a name="KERNEL">2.1 Kernel + Changes</a></h2> + + <p>The kernel dump device can now be set via the <tt + class="VARNAME">dumpdev</tt> loader tunable. As a result, + it is now possible to obtain crash dumps from panics + during the late stages of kernel initialization (before + the system enters into single-user mode).</p> + + <p>The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=snp&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">snp</span>(4)</span></a> device is no + longer static and can now be compiled as a module.</p> + + <div class="SECT3"> + <hr> + + <h3 class="SECT3"><a name="AEN54">2.1.1 + Processor/Motherboard Support</a></h3> + </div> + + <div class="SECT3"> + <hr> + + <h3 class="SECT3"><a name="AEN60">2.1.2 Boot + Loaders</a></h3> + </div> + + <div class="SECT3"> + <hr> + + <h3 class="SECT3"><a name="AEN65">2.1.3 Network + Interface Support</a></h3> + + <p>The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=an&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">an</span>(4)</span></a> driver now + supports Cisco LEAP, as well as the ``Home'' WEP key. + The Linux Aironet utilities are now supported under + emulation.</p> + + <p>The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=dc&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">dc</span>(4)</span></a> driver now has + support for VLANs.</p> + + <p>The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=fpa&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">fpa</span>(4)</span></a> driver now + works on Alpha machines.</p> + + <p>The my driver, which supports the Myson Fast + Ethernet and Gigabit Ethernet adapters, has been + added.</p> + + <p>The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=wi&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">wi</span>(4)</span></a> driver now has + support for Prism II and Prism 2.5-based NICs. + 104/128-bit WEP now works on Prism cards.</p> + + <p>The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=wi&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">wi</span>(4)</span></a> driver now + supports using a FreeBSD host as a wireless access + point. This functionality can be enabled using the <tt + class="LITERAL">mediaopt hostap</tt> option of <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ifconfig&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ifconfig</span>(8)</span></a>. This + feature requires a wireless adapter based on the Prism + II chipset.</p> + + <p>The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=wi&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">wi</span>(4)</span></a> driver now has + support for <b class= + "APPLICATION">bsd-airtools</b>.</p> + + <p>The xe driver can now be built as a module.</p> + + <p>Selected network drivers now implement a + semi-polling mode, which makes systems much more + resilient to attacks and overloads. To enable polling, + the following options are required in a kernel + configuration file:</p> +<pre class="PROGRAMLISTING"> + options DEVICE_POLLING + options HZ=1000 # not compulsory but strongly recommended +</pre> + The <tt class="VARNAME">kern.polling.enable</tt> sysctl + variable will then activate polling mode; with the <tt + class="VARNAME">kern.polling.user_frac</tt> sysctl + indicating the percentage of CPU time to be reserved + for userland. The devices initially supporting polling + are <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=dc&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">dc</span>(4)</span></a>, <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=fxp&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">fxp</span>(4)</span></a>, <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=rl&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">rl</span>(4)</span></a>, and <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=sis&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">sis</span>(4)</span></a>. More details + can be found in the <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=polling&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">polling</span>(4)</span></a> manual + page.<br> + <br> + </div> + + <div class="SECT3"> + <hr> + + <h3 class="SECT3"><a name="AEN128">2.1.4 Network + Protocols</a></h3> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=bridge&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">bridge</span>(4)</span></a> now has + better support for multiple, fully-independent bridging + clusters, and is much more stable in the presence of + dynamic attachments and detatchments. Full support for + VLANs is also supported.</p> + + <p>A bug in the IPsec processing for IPv4, which caused + the inbound SPD checks to be ignored, has been + fixed.</p> + + <p>A new ng_eiface netgraph module has been added, + which appears as an Ethernet interface but delivers its + Ethernet frames to a Netgraph hook.</p> + + <p>A new <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ng_etf&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ng_etf</span>(4)</span></a> netgraph + node allows Ethernet type packets to be filtered to + different hooks depending on ethertype.</p> + + <p>The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=tcp&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">tcp</span>(4)</span></a> syncache + implementation had a bug that could cause kernel + panics; this has been fixed.</p> + + <p>The TCP implementation now properly ignores packets + addressed to IP-layer broadcast addresses.</p> + </div> + + <div class="SECT3"> + <hr> + + <h3 class="SECT3"><a name="AEN145">2.1.5 Disks and + Storage</a></h3> + + <p>The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ahc&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ahc</span>(4)</span></a> driver was + synchronized with the version from FreeBSD -CURRENT as + of 29 April 2002.</p> + + <p>The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ata</span>(4)</span></a> driver was + synchronized with the driver from FreeBSD -CURRENT as + of 18 March 2002.</p> + + <p>[4.6.2] A bug which sometimes prevented <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ata</span>(4)</span></a> tagged + queueing from working correctly has been corrected.</p> + + <p>The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ata</span>(4)</span></a> driver now has + support for creating, deleting, querying, and + rebuilding ATA RAIDs under control of <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=atacontrol&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">atacontrol</span>(8)</span></a>.</p> + + <p>[4.6.2] The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ata</span>(4)</span></a> driver now + computes maximum transfer sizes correctly. This fixes + numerous <tt class="LITERAL">READ_BIG</tt> and other + errors that occurred when accessing certain ATA + devices.</p> + </div> + + <div class="SECT3"> + <hr> + + <h3 class="SECT3"><a name="AEN171">2.1.6 + Filesystems</a></h3> + + <p>A bug was been fixed in soft updates that could + cause occasional filesystem corruption if the system is + shut down immediately after performing heavy filesystem + activities, such as installing a new kernel or other + software.</p> + </div> + + <div class="SECT3"> + <hr> + + <h3 class="SECT3"><a name="AEN174">2.1.7 PCCARD + Support</a></h3> + </div> + + <div class="SECT3"> + <hr> + + <h3 class="SECT3"><a name="AEN177">2.1.8 Multimedia + Support</a></h3> + </div> + + <div class="SECT3"> + <hr> + + <h3 class="SECT3"><a name="AEN186">2.1.9 Contributed + Software</a></h3> + + <div class="SECT4"> + <h4 class="SECT4"><a name="AEN188">2.1.9.1 + IPFilter</a></h4> + + <p><b class="APPLICATION">IPFilter</b> has been + updated to 3.4.27.</p> + </div> + </div> + </div> + + <div class="SECT2"> + <hr> + + <h2 class="SECT2"><a name="SECURITY">2.2 Security + Advisories</a></h2> + + <p>An ``off-by-one'' bug has been fixed in <b class= + "APPLICATION">OpenSSH</b>'s multiplexing code. This bug + could have allowed an authenticated remote user to cause + <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=sshd&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">sshd</span>(8)</span></a> to execute + arbitrary code with superuser privileges, or allowed a + malicious SSH server to execute arbitrary code on the + client system with the privileges of the client user. + (See security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc" + target="_top">FreeBSD-SA-02:13</a>.)</p> + + <p>A programming error in <b class="APPLICATION">zlib</b> + could result in attempts to free memory multiple times. + The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=malloc&sektion=3&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">malloc</span>(3)</span></a>/<a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=free&sektion=3&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">free</span>(3)</span></a> routines used + in FreeBSD are not vulnerable to this error, but + applications receiving specially-crafted blocks of + invalid compressed data could be made to function + incorrectly or abort. This <b class= + "APPLICATION">zlib</b> bug has been fixed. For a + workaround and solutions, see security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.v1.2.asc" + target="_top">FreeBSD-SA-02:18</a>.</p> + + <p>Bugs in the TCP SYN cache (``syncache'') and SYN + cookie (``syncookie'') implementations, which could cause + legitimate TCP/IP traffic to crash a machine, have been + fixed. For a workaround and patches, see security + advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc" + target="_top">FreeBSD-SA-02:20</a>.</p> + + <p>A routing table memory leak, which could allow a + remote attacker to exhaust the memory of a target + machine, has been fixed. A workaround and patches can be + found in security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc" + target="_top">FreeBSD-SA-02:21</a>.</p> + + <p>A bug with memory-mapped I/O, which could cause a + system crash, has been fixed. For more information about + a solution, see security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc" + target="_top">FreeBSD-SA-02:22</a>.</p> + + <p>A security hole, in which SUID programs could be made + to read from or write to inappropriate files through + manipulation of their standard I/O file descriptors, has + been fixed. Information regarding a solution can be found + in security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc" + target="_top">FreeBSD-SA-02:23</a>.</p> + + <p>[4.6.2] The original fix for security advisory + SA-02:23 (which addressed the use of file descriptors by + set-user-id or set-group-id programs) contained an error. + It was still possible for systems using <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=procfs&sektion=5&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">procfs</span>(5)</span></a> or <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=linprocfs&sektion=5&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">linprocfs</span>(5)</span></a> to be + exploited. This error has now been corrected; a revised + version of security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc" + target="_top">FreeBSD-SA-02:23</a> contains more + details.</p> + + <p>Some unexpected behavior could be allowed with <a + href= + "http://www.FreeBSD.org/cgi/man.cgi?query=k5su&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">k5su</span>(8)</span></a> because it does + not require that an invoking user be a member of the <tt + class="GROUPNAME">wheel</tt> group when attempting to + become the superuser (this is the case with <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=su&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">su</span>(1)</span></a>). To avoid this + situation, <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=k5su&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">k5su</span>(8)</span></a> is now + installed non-SUID by default (effectively disabling it). + More information can be found in security advisory <a + href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc" + target="_top">FreeBSD-SA-02:24</a>.</p> + + <p>Multiple vulnerabilities were found in the <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=bzip2&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">bzip2</span>(1)</span></a> utility, which + could allow files to be overwritten without warning or + allow local users unintended access to files. These + problems have been corrected with a new import of <b + class="APPLICATION">bzip2</b>. For more information, see + security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc" + target="_top">FreeBSD-SA-02:25</a>.</p> + + <p>A bug has been fixed in the implementation of the TCP + SYN cache (``syncache''), which could allow a remote + attacker to deny access to a service when accept filters + (see <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=accept_filter&sektion=9&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">accept_filter</span>(9)</span></a>) were + in use. This bug has been fixed; for more information, + see security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:26.accept.asc" + target="_top">FreeBSD-SA-02:26</a>.</p> + + <p>Due to a bug in <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=rc&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">rc</span>(8)</span></a>'s use of shell + globbing, users may be able to remove the contents of + arbitrary files if <tt class= + "FILENAME">/tmp/.X11-unix</tt> does not exist and the + system can be made to reboot. This bug has been corrected + (see security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc" + target="_top">FreeBSD-SA-02:27</a>).</p> + + <p>[4.6.2] A buffer overflow in the resolver, which could + be exploited by a malicious domain name server or an + attacker forging DNS messages, has been fixed. See + security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:28.resolv.asc" + target="_top">FreeBSD-SA-02:28</a> for more details.</p> + + <p>[4.6.2] A buffer overflow in <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=tcpdump&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">tcpdump</span>(1)</span></a>, which could + be triggered by badly-formed NFS packets, has been fixed. + See security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:29.tcpdump.asc" + target="_top">FreeBSD-SA-02:29</a> for more details.</p> + + <p>[4.6.2] <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ktrace&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ktrace</span>(1)</span></a> can no longer + trace the operation of formerly privileged processes; + this prevents the leakage of sensitive information that + the process could have obtained before abandoning its + privileges. For a discussion of this issue, see security + advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:30.ktrace.asc" + target="_top">FreeBSD-SA-02:30</a> for more details.</p> + + <p>[4.6.2] A race condition in <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=pppd&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">pppd</span>(8)</span></a>, which could be + used to change the permissions of an arbitrary file, has + been corrected. For more information, see security + advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:32.pppd.asc" + target="_top">FreeBSD-SA-02:32</a>.</p> + + <p>[4.6.2] Multiple buffer overflows in <b class= + "APPLICATION">OpenSSL</b> have been corrected, by way of + an upgrade to the base system version of <b class= + "APPLICATION">OpenSSL</b>. More details can be found in + security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc" + target="_top">FreeBSD-SA-02:33</a>.</p> + + <p>[4.6.2] A heap buffer overflow in the XDR decoder has + been fixed. For more details, see security advisory <a + href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:34.rpc.asc" + target="_top">FreeBSD-SA-02:34</a>.</p> + + <p>[4.6.2] A bug that could allow local users to read and + write arbitrary blocks on an FFS filesystem has been + corrected. More details can be found in security advisory + <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:35.ffs.asc" + target="_top">FreeBSD-SA-02:35</a>.</p> + + <p>[4.6.2] A bug in the NFS server code, which could + allow a remote denial of service attack, has been fixed. + Security advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:36.nfs.asc" + target="_top">FreeBSD-SA-02:36</a> has more details.</p> + + <p>[4.6.2] A bug that could allow local users to panic a + system using the <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=kqueue&sektion=2&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">kqueue</span>(2)</span></a> mechanism has + been fixed. More information is contained in security + advisory <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:37.kqueue.asc" + target="_top">FreeBSD-SA-02:37</a>.</p> + </div> + + <div class="SECT2"> + <hr> + + <h2 class="SECT2"><a name="USERLAND">2.3 Userland + Changes</a></h2> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=atacontrol&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">atacontrol</span>(8)</span></a> has been + added to control various aspects of the <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ata</span>(4)</span></a> driver.</p> + + <p>On ATAPI CDROM drives, <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=cdcontrol&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">cdcontrol</span>(1)</span></a> now + supports a <tt class="LITERAL">speed</tt> command to set + the maximum speed to be used by the drive.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ctags&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ctags</span>(1)</span></a> no longer + creates a corrupt tags file if the source file used <tt + class="LITERAL">//</tt> (C++-style) comments.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=dump&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">dump</span>(8)</span></a> now supplies + progress information in its process title, useful for + monitoring automated backups.</p> + + <p><tt class="FILENAME">/etc/rc.firewall</tt> and <tt + class="FILENAME">/etc/rc.firewall6</tt> will no longer + add their own hardcoded rules in the cases of a rules + file in the <tt class="VARNAME">firewall_type</tt> + variable or a non-existent firewall type. (The motivation + for this change is to avoid acting on assumptions about a + site's firewall policies.) In addition, the <tt class= + "LITERAL">closed</tt> firewall type now works as + documented in the <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=rc.firewall&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">rc.firewall</span>(8)</span></a> manual + page.</p> + + <p>The functionality of <tt class= + "FILENAME">/etc/security</tt> has been been moved into a + set of scripts under the <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=periodic&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">periodic</span>(8)</span></a> framework, + to make local customization easier and more maintainable. + These scripts now reside in <tt class= + "FILENAME">/etc/periodic/security/</tt>.</p> + + <p>The <tt class="OPTION">ether</tt> address family of <a + href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ifconfig&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ifconfig</span>(8)</span></a> has been + changed to a more generic <tt class="OPTION">link</tt> + family (<tt class="OPTION">ether</tt> is still accepted + for backwards compatability).</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=fsdb&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">fsdb</span>(8)</span></a> now supports a + <tt class="LITERAL">blocks</tt> command to list the + blocks allocated by a particular inode.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ispppcontrol&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ispppcontrol</span>(8)</span></a> has + been deleted, and its functionality has been folded into + <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=spppcontrol&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">spppcontrol</span>(8)</span></a>.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=k5su&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">k5su</span>(8)</span></a> is no longer + installed SUID <tt class="USERNAME">root</tt> by default. + Users requiring this feature can either manually change + the permissions on the <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=k5su&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">k5su</span>(8)</span></a> executable or + add <tt class="LITERAL">ENABLE_SUID_K5SU=yes</tt> to <tt + class="FILENAME">/etc/make.conf</tt> before a source + upgrade.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ldd&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ldd</span>(1)</span></a> can now be used + on shared libraries, in addition to executables.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=last&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">last</span>(1)</span></a> now supports a + <tt class="OPTION">-y</tt> flag, which causes the year to + be included in the session start time.</p> + + <p><tt class="FILENAME">libstand</tt> now has support for + loading large kernels and modules split across several + physical media.</p> + + <p><tt class="FILENAME">libusb</tt> has been renamed as + <tt class="FILENAME">libusbhid</tt>, following NetBSD's + naming conventions.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=lpd&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">lpd</span>(8)</span></a> now recognizes + the <tt class="OPTION">-s</tt> flag as the preferred + synonym for <tt class="OPTION">-p</tt> (these flags cause + <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=lpd&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">lpd</span>(8)</span></a> not to open a + socket for network print jobs).</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=lpd&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">lpd</span>(8)</span></a> now implements a + new <tt class="LITERAL">rc</tt> printcap option. When + specified in a print queue for a remote host, boolean + option causes <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=lpd&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">lpd</span>(8)</span></a> to resend the + data file for each copy the user requested via <tt class= + "COMMAND">lpr -#<tt class= + "REPLACEABLE"><i>n</i></tt></tt>.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ls&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ls</span>(1)</span></a> now accepts a <tt + class="OPTION">-h</tt> flag, which when combined with the + <tt class="OPTION">-l</tt> flag, causes file sizes to be + printed with unit suffixes, such that the number of + digits printed is fewer than four.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=m4&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">m4</span>(1)</span></a> now accepts a <tt + class="OPTION">-s</tt> flag to cause it to emit <tt + class="LITERAL">#line</tt> directives for use by <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=cpp&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">cpp</span>(1)</span></a>.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=mergemaster&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">mergemaster</span>(8)</span></a> now + supports two new flags. The <tt class="OPTION">-p</tt> + flag enables a ``pre-<tt class= + "LITERAL">buildworld</tt>'' mode to compare files known + to be essential to the success of the <tt class= + "LITERAL">buildworld</tt> and <tt class= + "LITERAL">installworld</tt> system updating steps. The + <tt class="OPTION">-C</tt> flag, used after a successful + <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=mergemaster&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">mergemaster</span>(8)</span></a> run, + compares options in <tt class= + "FILENAME">/etc/rc.conf</tt> to the default options in + <tt class="FILENAME">/etc/defaults/rc.conf</tt>.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ngctl&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ngctl</span>(8)</span></a> now supports a + <tt class="OPTION">write</tt> command to send a data + packet down a given hook.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=patch&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">patch</span>(1)</span></a> now accepts a + <tt class="OPTION">-i</tt> command-line flag to read a + patch from a file, rather than standard input.</p> + + <p>[4.6.2] <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=pam_opie&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">pam_opie</span>(8)</span></a> no longer + emits fake challenges when the <tt class= + "VARNAME">no_fake_prompts</tt> variable is specified.</p> + + <p>[4.6.2] A <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=pam_opieaccess&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">pam_opieaccess</span>(8)</span></a> + module has been added.</p> + + <p>[4.6.2] <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=pam_radius&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">pam_radius</span>(8)</span></a>, <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=pam_ssh&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">pam_ssh</span>(8)</span></a>, and <a + href= + "http://www.FreeBSD.org/cgi/man.cgi?query=pam_tacplus&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">pam_tacplus</span>(8)</span></a> have + been synchronized with the versions in FreeBSD -CURRENT + as of 3 July 2002.</p> + + <p>A <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=pam_ssh&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">pam_ssh</span>(8)</span></a> module has + been added to allow the use of SSH passphrases and + keypairs for authentication. This module also handles + session management by invoking <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ssh-agent&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ssh-agent</span>(1)</span></a>.</p> + + <p>[4.6.2] <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=pam_unix&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">pam_unix</span>(8)</span></a> has been + synchronized with the version in FreeBSD -CURRENT as of 9 + March 2002 (pre-<b class="APPLICATION">OpenPAM</b>).</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=pr&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">pr</span>(1)</span></a> now supports the + <tt class="OPTION">-f</tt> and <tt class="OPTION">-p</tt> + flags to pause output going to a terminal.</p> + + <p>The <tt class="OPTION">-W</tt> option to <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ps&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ps</span>(1)</span></a> (to extract + information from a specified swap device) has been + useless for some time; it has been removed.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=reboot&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">reboot</span>(8)</span></a> now takes a + <tt class="OPTION">-k</tt> to specify the next kernel to + boot.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=sshd&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">sshd</span>(8)</span></a> no longer emits + fake S/Key challenges for users who do not have S/Key + enabled. The prior behavior created confusing, useless + one-time-password prompts when using some newer SSH + clients to connect to a FreeBSD system.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">sysinstall</span>(8)</span></a> now has + rudimentary support for retrieving packages from the + correct volume of a multiple-volume installation (such as + a multi-CD distribution).</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=tftp&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">tftp</span>(1)</span></a> and <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=tftpd&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">tftpd</span>(8)</span></a> now support + IPv6.</p> + + <p>The <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=usbhidctl&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">usbhidctl</span>(1)</span></a> utility + has been added to manipulate USB Human Interface + Devices.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=uuencode&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">uuencode</span>(1)</span></a> and <a + href= + "http://www.FreeBSD.org/cgi/man.cgi?query=uudecode&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">uudecode</span>(1)</span></a> now accept + a <tt class="OPTION">-o</tt> option to set their output + files. <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=uuencode&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">uuencode</span>(1)</span></a> can now be + made to do base64 encoding when given the <tt class= + "OPTION">-m</tt> flag, while <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=uudecode&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">uudecode</span>(1)</span></a> can now + automatically decode base64 files.</p> + + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=watch&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">watch</span>(8)</span></a> now takes a + <tt class="OPTION">-f</tt> option to specify a <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=snp&sektion=4&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">snp</span>(4)</span></a> device to + use.</p> + + <p>Locales with names of the form <tt class= + "LITERAL">*.EUC</tt> have been renamed to the form <tt + class="LITERAL">*.euc??</tt>. For example, <tt class= + "LITERAL">ja_JP.EUC</tt> has become <tt class= + "LITERAL">ja_JP.eucJP</tt>. This improves locale name + compatability with FreeBSD CURRENT, X11R6, and a number + of other UNIX versions.</p> + + <p>The locale support was synchronized with the code from + FreeBSD -CURRENT. This change brings support for the <tt + class="LITERAL">LC_NUMERIC</tt>, <tt class= + "LITERAL">LC_MONETARY</tt>, and <tt class= + "LITERAL">LC_MESSAGES</tt> categories, as well as + improvements to <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=strftime&sektion=3&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">strftime</span>(3)</span></a>, revised + locale definitions, and improvement of the localization + of many base system programs.</p> + + <div class="SECT3"> + <hr> + + <h3 class="SECT3"><a name="AEN537">2.3.1 Contributed + Software</a></h3> + + <p>[4.6.2] <b class="APPLICATION">BIND</b> has been + updated to 8.3.3.</p> + + <p><b class="APPLICATION">bzip2</b> has been updated to + 1.0.2.</p> + + <p><b class="APPLICATION">Heimdal Kerberos</b> has been + updated to 0.4e.</p> + + <p>The <b class="APPLICATION">ISC DHCP</b> client has + been updated to 3.0.1RC8.</p> + + <p>[4.6.2] <b class="APPLICATION">OpenSSH</b> has been + updated to version 3.4p1. Among the changes:</p> + + <ul> + <li> + <p>The <tt class="FILENAME">*2</tt> files are + obsolete (for example, <tt class= + "FILENAME">~/.ssh/known_hosts</tt> can hold the + contents of <tt class= + "FILENAME">~/.ssh/known_hosts2</tt>).</p> + </li> + + <li> + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ssh-keygen&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ssh-keygen</span>(1)</span></a> can + import and export keys using the SECSH Public Key + File Format, for key exchange with several + commercial SSH implementations.</p> + </li> + + <li> + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ssh-add&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ssh-add</span>(1)</span></a> now + adds all three default keys.</p> + </li> + + <li> + <p><a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=ssh-keygen&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">ssh-keygen</span>(1)</span></a> no + longer defaults to a specific key type; one must be + specified with the <tt class="OPTION">-t</tt> + option.</p> + </li> + + <li> + <p>A ``privilege separation'' feature, which uses + unprivileged processes to contain and restrict the + effects of future compromises or programming + errors.</p> + </li> + + <li> + <p>Several bugfixes, including closure of a + security hole that could lead to an integer + overflow and undesired privilege escalation.</p> + </li> + </ul> + + <div class="NOTE"> + <blockquote class="NOTE"> + <p><b>Note:</b> As with FreeBSD 4.6-RELEASE, <tt + class="LITERAL">Protocol 1,2</tt> remains the + default protocol setting in <tt class= + "FILENAME">/etc/ssh/ssh_config</tt>. In FreeBSD + -CURRENT (and FreeBSD 4-STABLE as of this writing), + the default is <tt class="LITERAL">Protocol + 2,1</tt>.</p> + </blockquote> + </div> + <br> + <br> + + <p>[4.6.2] <b class="APPLICATION">OpenSSL</b> has been + updated to 0.9.6e.</p> + + <p><b class="APPLICATION">texinfo</b> has been updated + to 4.1.</p> + + <p>The timezone database has been updated to the <tt + class="FILENAME">tzdata2002c</tt> release.</p> + + <div class="SECT4"> + <hr> + + <h4 class="SECT4"><a name="AEN587">2.3.1.1 + Sendmail</a></h4> + + <p><b class="APPLICATION">sendmail</b> has been + updated to 8.12.3. <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=sendmail&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">sendmail</span>(8)</span></a> is no + longer installed as a set-user-ID <tt class= + "USERNAME">root</tt> binary (now set-group-ID <tt + class="GROUPNAME">smmsp</tt>). See <tt class= + "FILENAME">/usr/src/contrib/sendmail/RELEASE_NOTES</tt> + and <tt class="FILENAME">/etc/mail/README</tt> for + more information.</p> + + <p>With this <b class="APPLICATION">sendmail</b> + upgrade, multiple <b class="APPLICATION">sendmail</b> + daemons (some required to handle outgoing mail) are + started by <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=rc&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">rc</span>(8)</span></a>, even if the + <tt class="VARNAME">sendmail_enable</tt> variable is + set to <tt class="LITERAL">NO</tt>. To completely + disable <b class="APPLICATION">sendmail</b>, <tt + class="VARNAME">sendmail_enable</tt> must be set to + <tt class="LITERAL">NONE</tt>. Alternatively, for + systems using a different MTA, the <tt class= + "VARNAME">mta_start_script</tt> variable can be used + to point to a different startup script (more details + can be found in <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=rc.sendmail&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">rc.sendmail</span>(8)</span></a>).</p> + + <p>The permissions for <b class= + "APPLICATION">sendmail</b> alias and map databases + built via <tt class= + "FILENAME">/etc/mail/Makefile</tt> now default to + mode 0640 to protect against a file locking local + denial of service. It can be changed by setting the + new <tt class="VARNAME">SENDMAIL_MAP_PERMS</tt> <tt + class="FILENAME">make.conf</tt> option.</p> + + <p>The permissions for the <b class= + "APPLICATION">sendmail</b> statistics file, <tt + class="FILENAME">/var/log/sendmail.st</tt>, have been + changed from mode 0644 to mode 0640 to protect + against a file locking local denial of service.</p> + + <p>[4.6.2] A potential DNS map buffer overflow bug + (in code that is not used in configurations by + default) has been fixed.</p> + + <div class="NOTE"> + <blockquote class="NOTE"> + <p><b>Note:</b> This bug has been addressed in + FreeBSD 4.6-STABLE by the import of a newer + version of <b class= + "APPLICATION">sendmail</b>.</p> + </blockquote> + </div> + <br> + <br> + </div> + </div> + + <div class="SECT3"> + <hr> + + <h3 class="SECT3"><a name="AEN625">2.3.2 Ports/Packages + Collection</a></h3> + + <p>The Ports Collection infrastructure now uses <b + class="APPLICATION">XFree86</b> 4.2.0 as the default + version of the X Window System for the purposes of + satisfying dependencies. To return to using <b class= + "APPLICATION">XFree86</b> 3.3.6, add the following line + to <tt class="FILENAME">/etc/make.conf</tt>:</p> +<pre class="PROGRAMLISTING"> + XFREE86_VERSION=3 +</pre> + </div> + </div> + + <div class="SECT2"> + <hr> + + <h2 class="SECT2"><a name="AEN632">2.4 Release + Engineering and Integration</a></h2> + + <p><b class="APPLICATION">XFree86</b> 4.2.0 is now the + default version of the X Window System supported by <a + href= + "http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">sysinstall</span>(8)</span></a>. It + installs <b class="APPLICATION">XFree86</b> as a set of + standard binary packages, so the usual package utilities + such as <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=pkg_info&sektion=1&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">pkg_info</span>(1)</span></a> can be used + to examine/manipulate its components.</p> + + <p>[4.6.2] A bug that caused <tt class= + "FILENAME">/usr/share/examples</tt> to be incompletely + populated on fresh installs has been fixed.</p> + </div> + </div> + + <div class="SECT1"> + <hr> + + <h1 class="SECT1"><a name="AEN645">3 Upgrading from + previous releases of FreeBSD</a></h1> + + <p>If you're upgrading from a previous release of FreeBSD, + you generally will have three options:</p> + + <ul> + <li> + <p>Using the binary upgrade option of <a href= + "http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.6-RELEASE"> + <span class="CITEREFENTRY"><span class= + "REFENTRYTITLE">sysinstall</span>(8)</span></a>. This + option is perhaps the quickest, although it presumes + that your installation of FreeBSD uses no special + compilation options.</p> + </li> + + <li> + <p>Performing a complete reinstall of FreeBSD. + Technically, this is not an upgrading method, and in + any case is usually less convenient than a binary + upgrade, in that it requires you to manually backup and + restore the contents of <tt class="FILENAME">/etc</tt>. + However, it may be useful in cases where you want (or + need) to change the partitioning of your disks.</p> + </li> + + <li> + <p>From source code in <tt class= + "FILENAME">/usr/src</tt>. This route is more flexible, + but requires more disk space, time, and technical + expertise. More information can be found in the <a + href= + "http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html" + target="_top">``Using <tt class="COMMAND">make + world</tt>''</a> section of the <a href= + "http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/" + target="_top">FreeBSD Handbook</a>. Upgrading from + very old versions of FreeBSD may be problematic; in + cases like this, it is usually more effective to + perform a binary upgrade or a complete reinstall.</p> + </li> + </ul> + <br> + <br> + + <p>Please read the <tt class="FILENAME">INSTALL.TXT</tt> + file for more information, preferably <span class= + "emphasis"><i class="EMPHASIS">before</i></span> beginning + an upgrade. If you are upgrading from source, please be + sure to read <tt class="FILENAME">/usr/src/UPDATING</tt> as + well.</p> + + <p>Finally, if you want to use one of various means to + track the -STABLE or -CURRENT branches of FreeBSD, please + be sure to consult the <a href= + "http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html" + target="_top">``-CURRENT vs. -STABLE''</a> section of the + <a href= + "http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/" + target="_top">FreeBSD Handbook</a>.</p> + + <div class="IMPORTANT"> + <blockquote class="IMPORTANT"> + <p><b>Important:</b> Upgrading FreeBSD should, of + course, only be attempted after backing up <span class= + "emphasis"><i class="EMPHASIS">all</i></span> data and + configuration files.</p> + </blockquote> + </div> + </div> + </div> + <hr> + + <p align="center"><small>This file, and other release-related + documents, can be downloaded from <a href= + "ftp://ftp.FreeBSD.org/pub/FreeBSD/releases">ftp://ftp.FreeBSD.org/pub/FreeBSD/releases</a>.</small></p> + + <p align="center"><small>For questions about FreeBSD, read the + <a href="http://www.FreeBSD.org/docs.html">documentation</a> + before contacting <<a href= + "mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>>.</small></p> + + <p align="center"><small>For questions about this + documentation, e-mail <<a href= + "mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>>.</small></p> + <br> + <br> + </body> +</html> + |