diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
index f64d61deaac..5eae20c414d 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@@ -140,6 +140,14 @@
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02.
&merged;
+ A programming error in the &man.jail.attach.2; system call
+ has been fixed. This error could allow a process with superuser
+ privileges inside a &man.jail.8; environment to change its root
+ directory to that of a different jail, and thus gain full read
+ and write acecss to files and directories within the target
+ jail. More information can be found in security advisory FreeBSD-SA-04:03.
+
@@ -168,6 +176,18 @@
kernel locking continues, the scheduler will be able to make
more efficient use of the available parallel resources.
+ The device driver infrastructure (as well as many drivers)
+ have been updated. Among the changes: Many more drivers now use
+ automatically-assigned major numbers (instead of the old static
+ major numbers). Enhanced functions to support cloning of
+ pseudodevices. Several changes to the driver API, including a
+ new d_version field in struct
+ cdevsw. Note that third-party device drivers will
+ require recompiling after this change.
+
+ The kernel's file descriptor allocation code has been
+ updated, and is now derived from similar code in OpenBSD.
+
@@ -222,11 +242,18 @@
Several bugs related to multicast and promiscuous mode
handling in the &man.sk.4; driver have been fixed.
+ The &man.udav.4; driver has been added. It provides
+ support for USB Ethernet adapters based on the Davicom DM9601
+ chipset.
+
Network Protocols
+ The &man.gre.4; tunnel driver now supports WCCP version
+ 2.
+
Some bugs in the IPsec implementation from the KAME
Project have been fixed. These bugs were related to freeing
memory objects before all references to them were removed, and
@@ -262,6 +289,13 @@
support for the TCP-MD5 class of security associations.
&merged;
+ The TCP segment reassembly queue now uses the UMA kernel
+ memory allocator and limits the maximum number of segments it
+ will hold, thus preventing a certain class of denial of
+ service attack. Its behavior is controlled by the
+ net.inet.tcp.reass hierarchy of sysctl
+ variables.
+
@@ -277,9 +311,22 @@
File Systems
+ The EXT2FS file system code now includes partial support
+ for large (> 4GB) files. This support is partial in that
+ it will refuse to create large files on filesystems that have
+ not been upgraded to EXT2_DYN_REV or that
+ don not have the
+ EXT2_FEATURE_RO_COMPAT_LARGE_FILE flag set
+ in the superblock.
+
A bug in GEOM that could result in I/O hangs in some rare
cases has been fixed.
+ A new geom_concat class has been added to concatenate
+ multiple disks to appear as a single larger disk. The
+ &man.gconcat.8; utility is used for configurating concatenated
+ disks.
+
A panic in the NFSv4 client has been fixed; this occurred
when attempting operations against an NFSv3/NFSv2-only
server.
@@ -307,14 +354,29 @@
Userland Changes
- The configuration files used by the &man.resolver.5; now
+ The configuration files used by the &man.resolver.3; now
support the timeout: and
attempts: keywords.
+ &man.indent.1; now supports a option
+ to control indentation of local variables. A number of other
+ tunings were made to this utility.
+
+ &man.ifconfig.8; now supports renaming of network interfaces
+ at run-time using the parameter.
+
+ &man.ip6fw.8; now supports a flag to
+ stop it from making any changes to the rules in the kernel
+
&man.ipfw.8; now supports a flag to
print only the action and comment for each rule, thus omitting
the rule body.
+ &man.libalias.3; now has support (and a new API) for
+ multiple aliasing instances in a single process. The existing
+ API has been reimplemented in terms of the new one to preserve
+ compatibility.
+
A libarchive library for manipulation
of compressed and uncompressed archive files has been
added. More details can be found in &man.libarchive.3;.
@@ -354,6 +416,11 @@
make the operate on effective, rather than
real, user ids. &merged;
+ &man.newfs.8; and &man.mdmfs.8; now support a
+ flag to enable them to set the MAC
+ multilabel flag on new filesystems without requiring the use of
+ &man.tunefs.8;.
+
A bugfix has been applied to NSS support, which fixes
problems when using third-party NSS modules (such as net/nss_ldap) and groups with large
@@ -362,9 +429,31 @@
&man.pw.8; now supports a option, which
accepts an encrypted password on a file descriptor. &merged;
+ The &man.resolver.3; and associated interfaces are now much
+ more reentrant and thread-safe. Multiple DNS lookups can now be
+ run at the same time, showing major improvements in the
+ performance of some multi-threaded applications. Some
+ multi-threaded programs need to be recompiled; examples from the
+ Ports Collection are www/mozilla and variants.
+
+ &man.savecore.8; now works correctly for dump files larger
+ than 2GB.
+
+ A bug in &man.script.1; has been fixed so that it now works
+ correctly if its stdin is closed. This fix prevents a
+ potentially dangerous interaction with the sysutils/portupgrade package; if it was
+ run non-interactively, it could remove all out-of-date
+ ports without reinstalling them.
+
The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon
has been added.
+ Many userland utilities in the base system (mostly GNU
+ contributed utilities) now use the system version of
+ &man.getopt.long.3;, rather than the GNU version.
+
@@ -384,6 +473,10 @@
root are rejected and recorded via
&man.syslog.3;.
+ gdtoa (a library that performs
+ conversions of numbers between binary and decimal form) has been
+ updated from version 20030324 to version 20040118.
+
GNU readline 4.3 has been updated
with official patches 001 through 005.
diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
index f64d61deaac..5eae20c414d 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@@ -140,6 +140,14 @@
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02.
&merged;
+ A programming error in the &man.jail.attach.2; system call
+ has been fixed. This error could allow a process with superuser
+ privileges inside a &man.jail.8; environment to change its root
+ directory to that of a different jail, and thus gain full read
+ and write acecss to files and directories within the target
+ jail. More information can be found in security advisory FreeBSD-SA-04:03.
+
@@ -168,6 +176,18 @@
kernel locking continues, the scheduler will be able to make
more efficient use of the available parallel resources.
+ The device driver infrastructure (as well as many drivers)
+ have been updated. Among the changes: Many more drivers now use
+ automatically-assigned major numbers (instead of the old static
+ major numbers). Enhanced functions to support cloning of
+ pseudodevices. Several changes to the driver API, including a
+ new d_version field in struct
+ cdevsw. Note that third-party device drivers will
+ require recompiling after this change.
+
+ The kernel's file descriptor allocation code has been
+ updated, and is now derived from similar code in OpenBSD.
+
@@ -222,11 +242,18 @@
Several bugs related to multicast and promiscuous mode
handling in the &man.sk.4; driver have been fixed.
+ The &man.udav.4; driver has been added. It provides
+ support for USB Ethernet adapters based on the Davicom DM9601
+ chipset.
+
Network Protocols
+ The &man.gre.4; tunnel driver now supports WCCP version
+ 2.
+
Some bugs in the IPsec implementation from the KAME
Project have been fixed. These bugs were related to freeing
memory objects before all references to them were removed, and
@@ -262,6 +289,13 @@
support for the TCP-MD5 class of security associations.
&merged;
+ The TCP segment reassembly queue now uses the UMA kernel
+ memory allocator and limits the maximum number of segments it
+ will hold, thus preventing a certain class of denial of
+ service attack. Its behavior is controlled by the
+ net.inet.tcp.reass hierarchy of sysctl
+ variables.
+
@@ -277,9 +311,22 @@
File Systems
+ The EXT2FS file system code now includes partial support
+ for large (> 4GB) files. This support is partial in that
+ it will refuse to create large files on filesystems that have
+ not been upgraded to EXT2_DYN_REV or that
+ don not have the
+ EXT2_FEATURE_RO_COMPAT_LARGE_FILE flag set
+ in the superblock.
+
A bug in GEOM that could result in I/O hangs in some rare
cases has been fixed.
+ A new geom_concat class has been added to concatenate
+ multiple disks to appear as a single larger disk. The
+ &man.gconcat.8; utility is used for configurating concatenated
+ disks.
+
A panic in the NFSv4 client has been fixed; this occurred
when attempting operations against an NFSv3/NFSv2-only
server.
@@ -307,14 +354,29 @@
Userland Changes
- The configuration files used by the &man.resolver.5; now
+ The configuration files used by the &man.resolver.3; now
support the timeout: and
attempts: keywords.
+ &man.indent.1; now supports a option
+ to control indentation of local variables. A number of other
+ tunings were made to this utility.
+
+ &man.ifconfig.8; now supports renaming of network interfaces
+ at run-time using the parameter.
+
+ &man.ip6fw.8; now supports a flag to
+ stop it from making any changes to the rules in the kernel
+
&man.ipfw.8; now supports a flag to
print only the action and comment for each rule, thus omitting
the rule body.
+ &man.libalias.3; now has support (and a new API) for
+ multiple aliasing instances in a single process. The existing
+ API has been reimplemented in terms of the new one to preserve
+ compatibility.
+
A libarchive library for manipulation
of compressed and uncompressed archive files has been
added. More details can be found in &man.libarchive.3;.
@@ -354,6 +416,11 @@
make the operate on effective, rather than
real, user ids. &merged;
+ &man.newfs.8; and &man.mdmfs.8; now support a
+ flag to enable them to set the MAC
+ multilabel flag on new filesystems without requiring the use of
+ &man.tunefs.8;.
+
A bugfix has been applied to NSS support, which fixes
problems when using third-party NSS modules (such as net/nss_ldap) and groups with large
@@ -362,9 +429,31 @@
&man.pw.8; now supports a option, which
accepts an encrypted password on a file descriptor. &merged;
+ The &man.resolver.3; and associated interfaces are now much
+ more reentrant and thread-safe. Multiple DNS lookups can now be
+ run at the same time, showing major improvements in the
+ performance of some multi-threaded applications. Some
+ multi-threaded programs need to be recompiled; examples from the
+ Ports Collection are www/mozilla and variants.
+
+ &man.savecore.8; now works correctly for dump files larger
+ than 2GB.
+
+ A bug in &man.script.1; has been fixed so that it now works
+ correctly if its stdin is closed. This fix prevents a
+ potentially dangerous interaction with the sysutils/portupgrade package; if it was
+ run non-interactively, it could remove all out-of-date
+ ports without reinstalling them.
+
The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon
has been added.
+ Many userland utilities in the base system (mostly GNU
+ contributed utilities) now use the system version of
+ &man.getopt.long.3;, rather than the GNU version.
+
@@ -384,6 +473,10 @@
root are rejected and recorded via
&man.syslog.3;.
+ gdtoa (a library that performs
+ conversions of numbers between binary and decimal form) has been
+ updated from version 20030324 to version 20040118.
+
GNU readline 4.3 has been updated
with official patches 001 through 005.