From 882bac220cfc94b5a98dbac0df1b28d6732c41d0 Mon Sep 17 00:00:00 2001 From: "Bruce A. Mah" Date: Sat, 28 Feb 2004 18:40:53 +0000 Subject: [PATCH] New release notes: SA-04:03, device driver megapatch, new file descriptor allocation code, udav(4), TCP segment reassembly queue update, EXT2FS large file support, geom_concat, indent(1) -ldi, ifconfig(8) name, ip6fw(8) -n, libalias(3) new API, newfs(8)/mdmfs(8) -l, re-entrant resolver(3) interfaces, savecore(8) large coredump support, script(1) stdin bugfix, getopt_long(3) changes, gdtoa 20040118. Modified release notes: Cross-reference resolver(3) rather than resolver(5). A number of these release notes were obtained from (or supplemented by) Mark Johnston's weekly FreeBSD cvs-src summaries. --- .../doc/en_US.ISO8859-1/relnotes/article.sgml | 95 ++++++++++++++++++- .../en_US.ISO8859-1/relnotes/common/new.sgml | 95 ++++++++++++++++++- 2 files changed, 188 insertions(+), 2 deletions(-) diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index f64d61deaac..5eae20c414d 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -140,6 +140,14 @@ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02. &merged; + A programming error in the &man.jail.attach.2; system call + has been fixed. This error could allow a process with superuser + privileges inside a &man.jail.8; environment to change its root + directory to that of a different jail, and thus gain full read + and write acecss to files and directories within the target + jail. More information can be found in security advisory FreeBSD-SA-04:03. + @@ -168,6 +176,18 @@ kernel locking continues, the scheduler will be able to make more efficient use of the available parallel resources. + The device driver infrastructure (as well as many drivers) + have been updated. Among the changes: Many more drivers now use + automatically-assigned major numbers (instead of the old static + major numbers). Enhanced functions to support cloning of + pseudodevices. Several changes to the driver API, including a + new d_version field in struct + cdevsw. Note that third-party device drivers will + require recompiling after this change. + + The kernel's file descriptor allocation code has been + updated, and is now derived from similar code in OpenBSD. + @@ -222,11 +242,18 @@ Several bugs related to multicast and promiscuous mode handling in the &man.sk.4; driver have been fixed. + The &man.udav.4; driver has been added. It provides + support for USB Ethernet adapters based on the Davicom DM9601 + chipset. + Network Protocols + The &man.gre.4; tunnel driver now supports WCCP version + 2. + Some bugs in the IPsec implementation from the KAME Project have been fixed. These bugs were related to freeing memory objects before all references to them were removed, and @@ -262,6 +289,13 @@ support for the TCP-MD5 class of security associations. &merged; + The TCP segment reassembly queue now uses the UMA kernel + memory allocator and limits the maximum number of segments it + will hold, thus preventing a certain class of denial of + service attack. Its behavior is controlled by the + net.inet.tcp.reass hierarchy of sysctl + variables. + @@ -277,9 +311,22 @@ File Systems + The EXT2FS file system code now includes partial support + for large (> 4GB) files. This support is partial in that + it will refuse to create large files on filesystems that have + not been upgraded to EXT2_DYN_REV or that + don not have the + EXT2_FEATURE_RO_COMPAT_LARGE_FILE flag set + in the superblock. + A bug in GEOM that could result in I/O hangs in some rare cases has been fixed. + A new geom_concat class has been added to concatenate + multiple disks to appear as a single larger disk. The + &man.gconcat.8; utility is used for configurating concatenated + disks. + A panic in the NFSv4 client has been fixed; this occurred when attempting operations against an NFSv3/NFSv2-only server. @@ -307,14 +354,29 @@ Userland Changes - The configuration files used by the &man.resolver.5; now + The configuration files used by the &man.resolver.3; now support the timeout: and attempts: keywords. + &man.indent.1; now supports a option + to control indentation of local variables. A number of other + tunings were made to this utility. + + &man.ifconfig.8; now supports renaming of network interfaces + at run-time using the parameter. + + &man.ip6fw.8; now supports a flag to + stop it from making any changes to the rules in the kernel + &man.ipfw.8; now supports a flag to print only the action and comment for each rule, thus omitting the rule body. + &man.libalias.3; now has support (and a new API) for + multiple aliasing instances in a single process. The existing + API has been reimplemented in terms of the new one to preserve + compatibility. + A libarchive library for manipulation of compressed and uncompressed archive files has been added. More details can be found in &man.libarchive.3;. @@ -354,6 +416,11 @@ make the operate on effective, rather than real, user ids. &merged; + &man.newfs.8; and &man.mdmfs.8; now support a + flag to enable them to set the MAC + multilabel flag on new filesystems without requiring the use of + &man.tunefs.8;. + A bugfix has been applied to NSS support, which fixes problems when using third-party NSS modules (such as net/nss_ldap) and groups with large @@ -362,9 +429,31 @@ &man.pw.8; now supports a option, which accepts an encrypted password on a file descriptor. &merged; + The &man.resolver.3; and associated interfaces are now much + more reentrant and thread-safe. Multiple DNS lookups can now be + run at the same time, showing major improvements in the + performance of some multi-threaded applications. Some + multi-threaded programs need to be recompiled; examples from the + Ports Collection are www/mozilla and variants. + + &man.savecore.8; now works correctly for dump files larger + than 2GB. + + A bug in &man.script.1; has been fixed so that it now works + correctly if its stdin is closed. This fix prevents a + potentially dangerous interaction with the sysutils/portupgrade package; if it was + run non-interactively, it could remove all out-of-date + ports without reinstalling them. + The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon has been added. + Many userland utilities in the base system (mostly GNU + contributed utilities) now use the system version of + &man.getopt.long.3;, rather than the GNU version. + @@ -384,6 +473,10 @@ root are rejected and recorded via &man.syslog.3;. + gdtoa (a library that performs + conversions of numbers between binary and decimal form) has been + updated from version 20030324 to version 20040118. + GNU readline 4.3 has been updated with official patches 001 through 005. diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index f64d61deaac..5eae20c414d 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -140,6 +140,14 @@ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02. &merged; + A programming error in the &man.jail.attach.2; system call + has been fixed. This error could allow a process with superuser + privileges inside a &man.jail.8; environment to change its root + directory to that of a different jail, and thus gain full read + and write acecss to files and directories within the target + jail. More information can be found in security advisory FreeBSD-SA-04:03. + @@ -168,6 +176,18 @@ kernel locking continues, the scheduler will be able to make more efficient use of the available parallel resources. + The device driver infrastructure (as well as many drivers) + have been updated. Among the changes: Many more drivers now use + automatically-assigned major numbers (instead of the old static + major numbers). Enhanced functions to support cloning of + pseudodevices. Several changes to the driver API, including a + new d_version field in struct + cdevsw. Note that third-party device drivers will + require recompiling after this change. + + The kernel's file descriptor allocation code has been + updated, and is now derived from similar code in OpenBSD. + @@ -222,11 +242,18 @@ Several bugs related to multicast and promiscuous mode handling in the &man.sk.4; driver have been fixed. + The &man.udav.4; driver has been added. It provides + support for USB Ethernet adapters based on the Davicom DM9601 + chipset. + Network Protocols + The &man.gre.4; tunnel driver now supports WCCP version + 2. + Some bugs in the IPsec implementation from the KAME Project have been fixed. These bugs were related to freeing memory objects before all references to them were removed, and @@ -262,6 +289,13 @@ support for the TCP-MD5 class of security associations. &merged; + The TCP segment reassembly queue now uses the UMA kernel + memory allocator and limits the maximum number of segments it + will hold, thus preventing a certain class of denial of + service attack. Its behavior is controlled by the + net.inet.tcp.reass hierarchy of sysctl + variables. + @@ -277,9 +311,22 @@ File Systems + The EXT2FS file system code now includes partial support + for large (> 4GB) files. This support is partial in that + it will refuse to create large files on filesystems that have + not been upgraded to EXT2_DYN_REV or that + don not have the + EXT2_FEATURE_RO_COMPAT_LARGE_FILE flag set + in the superblock. + A bug in GEOM that could result in I/O hangs in some rare cases has been fixed. + A new geom_concat class has been added to concatenate + multiple disks to appear as a single larger disk. The + &man.gconcat.8; utility is used for configurating concatenated + disks. + A panic in the NFSv4 client has been fixed; this occurred when attempting operations against an NFSv3/NFSv2-only server. @@ -307,14 +354,29 @@ Userland Changes - The configuration files used by the &man.resolver.5; now + The configuration files used by the &man.resolver.3; now support the timeout: and attempts: keywords. + &man.indent.1; now supports a option + to control indentation of local variables. A number of other + tunings were made to this utility. + + &man.ifconfig.8; now supports renaming of network interfaces + at run-time using the parameter. + + &man.ip6fw.8; now supports a flag to + stop it from making any changes to the rules in the kernel + &man.ipfw.8; now supports a flag to print only the action and comment for each rule, thus omitting the rule body. + &man.libalias.3; now has support (and a new API) for + multiple aliasing instances in a single process. The existing + API has been reimplemented in terms of the new one to preserve + compatibility. + A libarchive library for manipulation of compressed and uncompressed archive files has been added. More details can be found in &man.libarchive.3;. @@ -354,6 +416,11 @@ make the operate on effective, rather than real, user ids. &merged; + &man.newfs.8; and &man.mdmfs.8; now support a + flag to enable them to set the MAC + multilabel flag on new filesystems without requiring the use of + &man.tunefs.8;. + A bugfix has been applied to NSS support, which fixes problems when using third-party NSS modules (such as net/nss_ldap) and groups with large @@ -362,9 +429,31 @@ &man.pw.8; now supports a option, which accepts an encrypted password on a file descriptor. &merged; + The &man.resolver.3; and associated interfaces are now much + more reentrant and thread-safe. Multiple DNS lookups can now be + run at the same time, showing major improvements in the + performance of some multi-threaded applications. Some + multi-threaded programs need to be recompiled; examples from the + Ports Collection are www/mozilla and variants. + + &man.savecore.8; now works correctly for dump files larger + than 2GB. + + A bug in &man.script.1; has been fixed so that it now works + correctly if its stdin is closed. This fix prevents a + potentially dangerous interaction with the sysutils/portupgrade package; if it was + run non-interactively, it could remove all out-of-date + ports without reinstalling them. + The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon has been added. + Many userland utilities in the base system (mostly GNU + contributed utilities) now use the system version of + &man.getopt.long.3;, rather than the GNU version. + @@ -384,6 +473,10 @@ root are rejected and recorded via &man.syslog.3;. + gdtoa (a library that performs + conversions of numbers between binary and decimal form) has been + updated from version 20030324 to version 20040118. + GNU readline 4.3 has been updated with official patches 001 through 005.