Index: stable/5/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml =================================================================== --- stable/5/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml (revision 157146) +++ stable/5/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml (revision 157147) @@ -1,454 +1,484 @@ &os;/&arch; &release.current; Release Notes The &os; Project $FreeBSD$ 2000 2001 2002 2003 2004 2005 2006 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system since &release.prev;. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. Introduction This document contains the release notes for &os; &release.current; on the &arch.print; hardware platform. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. What's New This section describes the most user-visible new or changed features in &os; since &release.prev;. In general, changes described here are unique to the &release.branch; branch unless specifically marked as &merged; features. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Security Advisories Because of an information disclosure vulnerability on processors using Hyper-Threading Technology (HTT), the machdep.hyperthreading_allowed sysctl variable has been added. It defaults to 1 (HTT enabled) on &os; CURRENT, and 0 (HTT disabled) on the 4-STABLE and 5-STABLE development branches and supported security fix branches. More information can be found in security advisory FreeBSD-SA-05:09.htt. A bug in the &man.tcpdump.1; utility which allows a malicious remote user to cause a denial-of-service by using specially crafted packets, has been fixed. For more information, see security advisory FreeBSD-SA-05:10.tcpdump. Two problems in the &man.gzip.1; utility have been fixed. These may allow a local user to modify permissions of arbitrary files and overwrite arbitrary local files when uncompressing a file. For more information, see security advisory FreeBSD-SA-05:11.gzip. A bug has been fixed in &man.ipfw.4; that could cause packets to be matched incorrectly against a lookup table. This bug only affects SMP machines or UP machines that have the PREEMPTION kernel option enabled. More information is contained in security advisory FreeBSD-SA-05:13.ipfw. Two security-related problems have been fixed in &man.bzip2.1;. These include a potential denial of service and unauthorized manipulation of file permissions. For more information, see security advisory FreeBSD-SA-05:14.bzip2. Two problems in &os;'s TCP stack have been fixed. They could allow attackers to stall existing TCP connections, creating a denial-of-service situation. More information is contained in security advisory FreeBSD-SA-05:15.tcp. Two buffer overflows in the zlib library has been corrected. More information can be found in security advisory FreeBSD-SA-05:16.zlib and FreeBSD-SA-05:18.zlib. A security vulnerability that could allow processes running inside a &man.jail.2; to gain access to hidden &man.devfs.5; file nodes has been corrected, as described in security advisory FreeBSD-SA-05:17.devfs. A programming error in the &man.ipsec.4; implementation, which resulted in AES-XCBC-MAC authentication using a constant key, has been corrected. More details are in security advisory FreeBSD-SA-05:19.ipsec. A temporary file vulnerability in &man.cvsbug.8;, which could allow an attacker to modify or overwrite files with the permissions of a user running the &man.cvsbug.8; utility, has been fixed. More details can be found in security advisory FreeBSD-SA-05:20.cvsbug. A bug in OpenSSL that could allow an attacker to force an use older version of the SSL (with known weakensses) has been corrected. Details can be found in security advisory FreeBSD-SA-05:21.openssl. A temporary file vulnerability in &man.texindex.1;, which could allow a local attacker to overwrite files in the context of a user running the &man.texindex.1; utility, has been fixed. For more details see security advisory FreeBSD-SA-06:01.texindex. A temporary file vulnerability in the &man.ee.1; text editor, which could allow a local attacker to overwrite files in the context of a user running &man.ee.1;, has been fixed. For more details see security advisory FreeBSD-SA-06:02.ee. Several vulnerabilities in the &man.cpio.1; utility have been corrected. For more details see security advisory FreeBSD-SA-06:03.cpio. Two instances in which portions of kernel memory could be disclosed to users have been fixed. For more details see security advisory FreeBSD-SA-06:06.kmem. A logic bug in the IP fragment handling in &man.pf.4;, which could cause a crash under certain circumstances, has been fixed. For more details see security advisory FreeBSD-SA-06:07.pf. An error in Selective Acknowledgement (SACK) support in the TCP/IP stack, which could cause an infinite loop upon reception of a particular series of packets, has been corrected. More details are contained in security advisory FreeBSD-SA-06:08.sack. + A logic bug in the OpenSSH performs internal accounting, which + could cause the master decides that it is overloaded and stops + accepting client connections, has been fixed. + For more details see security advisory FreeBSD-SA-06:09.openssh. + + A logic bug in the NFS server code, which could cause a crash when + the server received a message with a zero-length payload, has been fixed. + For more details see security advisory FreeBSD-SA-06:10.nfs. + + A programming error in the &man.fast.ipsec.4; implementation + results in the sequence number associated with a Security + Association not being updated, allowing packets to unconditionally + pass sequence number verification checks, has been fixed. + For more details see security advisory FreeBSD-SA-06:11.ipsec. + + A logic bug that could cause &man.opiepasswd.1; to allow an unprivileged + user to configure OPIE authentication for the root user under certain + circumstances, has been fixed. + For more details see security advisory FreeBSD-SA-06:12.opie. + + An asynchronous signal handling vulnerability in &man.sendmail.8;, + which could allow a remote attacker to execute arbitrary code with the + privileges of the user running sendmail, typically root, has been fixed. + For more details see security advisory FreeBSD-SA-06:13.sendmail. + Kernel Changes Boot Loader Changes The autoboot command will now prevent the user from interrupting the boot process at all if the autoboot_delay variable is set to -1. Hardware Support The &man.ce.4; driver has been added to support Cronyx Tau32-PCI adapters. Multimedia Support The &man.uaudio.4; driver now has some added functionality, including volume control on more inputs and recording capability on some devices. Network Interface Support The &man.bge.4; driver now supports the BCM5714 and 5789 chips. The &man.ixgb.4; driver is now MPSAFE. Drivers using the &man.ndis.4; device driver wrapper mechanism are now built and loaded differently. The &man.ndis.4; driver can now be pre-built as module or statically compiled into a kernel. Individual drivers can now be built with the &man.ndisgen.8; utility; the result is a kernel module that can be loaded into a running kernel using &man.kldload.8;. The &man.xl.4; driver now supports &man.polling.4; Network Protocols Disks and Storage File Systems Contributed Software Userland Changes The &man.gethostbyname.3;, &man.gethostbyname2.3;, and &man.gethostbyaddr.3; functions are now thread-safe. The &man.getnetent.3;, &man.getnetbyname.3;, and &man.getnetbyaddr.3; functions are now thread-safe. The &man.getprotoent.3;, &man.getprotobyname.3;, and &man.getprotobynumber.3; functions are now thread-safe. The &man.getservent.3;, &man.getservbyname.3;, and &man.getservbyport.3; functions are now thread-safe. The &man.kldstat.8; utility now supports a option to return the status of a specific kernel module. The default stack sizes in libpthread, libthr, and libc_r have been increased. On 32-bit platforms, the main thread receives a 2MB stack size by default, with other threads receiving a 1MB stack size by default. On 64-bit platforms, the default stack sizes are 4MB and 2MB respectively. &man.sed.1; now supports a option to make its output line-buffered. <filename>/etc/rc.d</filename> Scripts The rc.d/jail startup script now supports jail_name_flags variable which allows to specify &man.jail.8; flags. Contributed Software BIND has been updated from 9.3.1 to 9.3.2. sendmail has been updated from version 8.13.3 to version 8.13.4. The timezone database has been updated from the tzdata2005g release to the tzdata2005r release. Ports/Packages Collection Infrastructure The &man.pkg.version.1; utility now supports a flag, which causes only the INDEX file to be used for determining if a package is out of date. Release Engineering and Integration The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.10.2 to 2.12.3. The supported version of the KDE desktop environment (x11/kde2) has been updated from 3.4.2 to 3.5.1. The supported version of the Perl interpreter (lang/perl5.8) has been updated from 5.8.7 to 5.8.8. The supported version of the &xorg; windowing system (x11/xorg) has been updated from 6.8.2 to 6.9.0. Documentation Upgrading from previous releases of &os; If you're upgrading from a previous release of &os;, you generally will have three options: Using the binary upgrade option of &man.sysinstall.8;. This option is perhaps the quickest, although it presumes that your installation of &os; uses no special compilation options. Performing a complete reinstall of &os;. Technically, this is not an upgrading method, and in any case is usually less convenient than a binary upgrade, in that it requires you to manually backup and restore the contents of /etc. However, it may be useful in cases where you want (or need) to change the partitioning of your disks. From source code in /usr/src. This route is more flexible, but requires more disk space, time, and technical expertise. More information can be found in the Using make world section of the FreeBSD Handbook. Upgrading from very old versions of &os; may be problematic; in cases like this, it is usually more effective to perform a binary upgrade or a complete reinstall. Please read the INSTALL.TXT file for more information, preferably before beginning an upgrade. If you are upgrading from source, please be sure to read /usr/src/UPDATING as well. Finally, if you want to use one of various means to track the -STABLE or -CURRENT branches of &os;, please be sure to consult the -CURRENT vs. -STABLE section of the FreeBSD Handbook. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.