📄 relnotes-i386.txt
字号:
The nat deny_incoming command in ppp(8) now works correctly (see security
advisory FreeBSD-SA-00:70). [MERGED]
A vulnerability in csh(1)/tcsh(1) temporary files that could allow
overwriting of arbitrary user-writable files has been closed (see security
advisory FreeBSD-SA-00:76). [MERGED]
The ssh(1) binary is no longer SUID root by default. [MERGED]
Some fixes were applied to the Kerberos IV implementation related to
environment variables, a possible buffer overrun, and overwriting ticket
files. [MERGED]
telnet(1) now does a better job of sanitizing its environment. [MERGED]
Several vulnerabilities in procfs(5) were fixed (see security advisory
FreeBSD-SA-00:77). [MERGED]
A bug in OpenSSH in which a server was unable to disable ssh-agent(1) or
X11Forwarding was fixed (see security advisory FreeBSD-SA-01:01). [MERGED]
A bug in ipfw(8) and ip6fw(8) in which inbound TCP segments could
incorrectly be treated as being part of an established connection has been
fixed (see security advisory FreeBSD-SA-01:08). [MERGED]
A bug in crontab(1) that could allow users to read any file on the system
in valid crontab(5) syntax has been fixed (see security advisory
FreeBSD-SA-01:09). [MERGED]
A vulnerability in inetd(8) that could allow read-access to the initial 16
bytes of wheel-accessible files has been fixed (see security advisory
FreeBSD-SA-01:11). [MERGED]
A bug in periodic(8) that used insecure temporary files has been corrected
(see security advisory FreeBSD-SA-01:12). [MERGED]
OpenSSH now has code to prevent (instead of just mitigating through
connection limits) an attack that can lead to guessing the server key (not
host key) by regenerating the server key when an RSA failure is detected
(see security advisory FreeBSD-SA-01:24). [MERGED]
A number of programs have had output formatting strings corrected so as to
reduce the risk of vulnerabilities. [MERGED]
A number of programs that use temporary files now do so more securely.
[MERGED]
A bug in ICMP that could cause an attacker to disrupt TCP and UDP
``sessions'' has been corrected. [MERGED]
A bug in timed(8), which caused it to crash if send certain malformed
packets, has been corrected (see security advisory FreeBSD-SA-01:28).
[MERGED]
A bug in rwhod(8), which caused it to crash if send certain malformed
packets, has been corrected (see security advisory FreeBSD-SA-01:29).
[MERGED]
A security hole in FreeBSD's FFS and EXT2FS implementations, which allowed
a race condition that could cause users to have unauthorized access to
data, has been fixed (see security advisory FreeBSD-SA-01:30). [MERGED]
A remotely-exploitable vulnerability in ntpd(8) has been closed (see
security advisory FreeBSD-SA-01:31). [MERGED]
A security hole in IPFilter's fragment cache has been closed (see security
advisory FreeBSD-SA-01:32). [MERGED]
Buffer overflows in glob(3), which could cause arbitrary code to be run on
an FTP server, have been closed. In addition, to prevent some forms of DOS
attacks, glob(3) allows specification of a limit on the number of pathname
matches it will return. ftpd(8) now uses this feature (see security
advisory FreeBSD-SA-01:33). [MERGED]
Initial sequence numbers in TCP are more thoroughly randomized (see
security advisory FreeBSD-SA-01:39). Due to some possible compatibility
issues, the behavior of this security fix can be enabled or disabled via
the net.inet.tcp.tcp_seq_genscheme sysctl variable.[MERGED]
A vulnerability in the fts(3) routines (used by applications for
recursively traversing a filesystem) could allow a program to operate on
files outside the intended directory hierarchy. This bug has been fixed
(see security advisory FreeBSD-SA-01:40). [MERGED]
OpenSSH now switches to the user's UID before attempting to unlink the
authentication forwarding file, nullifying the effects of a race.
A flaw allowed some signal handlers to remain in effect in a child process
after being exec-ed from its parent. This allowed an attacker to execute
arbitrary code in the context of a setuid binary. This flaw has been
corrected (see security advisory FreeBSD-SA-01:42). [MERGED]
A remote buffer overflow in tcpdump(1) has been fixed (see security
advisory FreeBSD-SA-01:48). [MERGED]
A remote buffer overflow in telnetd(8) has been fixed (see security
advisory FreeBSD-SA-01:49). [MERGED]
The new net.inet.ip.maxfragpackets and net.inet.ip6.maxfragpackets sysctl
variables limit the amount of memory that can be consumed by IPv4 and IPv6
packet fragments, which defends against some denial of service attacks
(see security advisory FreeBSD-SA-01:52). [MERGED]
All services in inetd.conf are now disabled by default for new
installations. sysinstall(8) gives the option of enabling or disabling
inetd(8) on new installations, as well as editing inetd.conf. [MERGED]
A flaw in the implementation of the ipfw(8) me rules on point-to-point
links has been corrected. Formerly, me filter rules would match the remote
IP address of a point-to-point interface in addition to the intended local
IP address (see security advisory FreeBSD-SA-01:53). [MERGED]
A vulnerability in procfs(5), which could allow a process to read
sensitive information from another process's memory space, has been closed
(see security advisory FreeBSD-SA-01:55). [MERGED]
The PARANOID hostname checking in tcp_wrappers now works as advertised
(see security advisory FreeBSD-SA-01:56). [MERGED]
A local root exploit in sendmail(8) has been closed (see security advisory
FreeBSD-SA-01:57). [MERGED]
A remote root vulnerability in lpd(8) has been closed (see security
advisory FreeBSD-SA-01:58). [MERGED]
A race condition in rmuser(8) that briefly exposed a world-readable
/etc/master.passwd has been fixed (see security advisory
FreeBSD-SA-01:59). [MERGED]
A vulnerability in UUCP has been closed (see security advisory
FreeBSD-SA-01:62). All non-root-owned binaries in standard system paths
now have the schg flag set to prevent exploit vectors when run by cron(8),
by root, or by a user other then the one owning the binary. In addition,
uustat(1) is now run via /etc/periodic/daily/410.status-uucp as uucp, not
root. In FreeBSD -CURRENT, UUCP has since been moved to the Ports
Collection and no longer a part of the base system. [MERGED]
A security hole in the form of a buffer overflow in the semop(2) system
call has been closed. [MERGED]
A security hole in OpenSSH, which could allow users to execute code with
arbitrary privileges if UseLogin yes was set, has been closed. Note that
the default value of this setting is UseLogin no. (See security advisory
FreeBSD-SA-01:63.) [MERGED]
The use of an insecure temporary directory by pkg_add(1) could permit a
local attacker to modify the contents of binary packages while they were
being installed. This hole has been closed. (See security advisory
FreeBSD-SA-02:01.) [MERGED]
A race condition in pw(8), which could expose the contents of
/etc/master.passwd, has been eliminated. (See security advisory
FreeBSD-SA-02:02.) [MERGED]
A bug in k5su(8) could have allowed a process that had given up superuser
privileges to regain them. This bug has been fixed. (See security advisory
FreeBSD-SA-02:07.) [MERGED]
An ``off-by-one'' bug has been fixed in OpenSSH's multiplexing code. This
bug could have allowed an authenticated remote user to cause sshd(8) to
execute arbitrary code with superuser privileges, or allowed a malicious
SSH server to execute arbitrary code on the client system with the
privileges of the client user. (See security advisory FreeBSD-SA-02:13.)
[MERGED]
A programming error in zlib could result in attempts to free memory
multiple times. The malloc(3)/free(3) routines used in FreeBSD are not
vulnerable to this error, but applications receiving specially-crafted
blocks of invalid compressed data could be made to function incorrectly or
abort. This zlib bug has been fixed. For a workaround and solutions, see
security advisory FreeBSD-SA-02:18. [MERGED]
Bugs in the TCP SYN cache (``syncache'') and SYN cookie (``syncookie'')
implementations, which could cause legitimate TCP/IP traffic to crash a
machine, have been fixed. For a workaround and patches, see security
advisory FreeBSD-SA-02:20. [MERGED]
A routing table memory leak, which could allow a remote attacker to
exhaust the memory of a target machine, has been fixed. A workaround and
patches can be found in security advisory FreeBSD-SA-02:21. [MERGED]
A bug with memory-mapped I/O, which could cause a system crash, has been
fixed. For more information about a solution, see security advisory
FreeBSD-SA-02:22. [MERGED]
A security hole, in which SUID programs could be made to read from or
write to inappropriate files through manipulation of their standard I/O
file descriptors, has been fixed. Information regarding a solution can be
found in security advisory FreeBSD-SA-02:23. [MERGED]
----------------------------------------------------------------------
2.3 Userland Changes
If the first argument to ancontrol(8) or wicontrol(8) doesn't start with a
-, it is assumed to be an interface.
apmd(8) now has the ability to monitor battery levels and execute commands
based on percentage or minutes of battery life remaining via the
apm_battery configuration directive. See the commented-out examples in
/etc/apmd.conf for the syntax. [MERGED]
arp(8) now prints the applicable interface name for each ARP entry.
[MERGED]
arp(8) now prints [fddi] or [atm] tags for addresses on interfaces of
those types.
atacontrol(8) has been added to control various aspects of the ata(4)
driver. [MERGED]
boot98cfg(8), a PC-98 boot manager installation and configuration utility,
has been added. [MERGED]
burncd(8) now supports a -m option for multisession mode (the default
behavior now is to close disks as single-session). A -l option to take a
list of image files from a filename was also added; - can be used as a
filename for stdin. [MERGED]
burncd(8) now supports Disk At Once (DAO) mode, selectable via the -d
flag.
burncd(8) now has the ability to write VCDs/SVCDs.
c89(1) has been converted from a shell script to a binary executable,
fixing some minor bugs. [MERGED]
A minimalized version of camcontrol(8) is now available on the
installation floppy. This allows it to rescan for devices that have been
connected after booting, or to show the devices attached to SCSI busses
(e. g. from within the ``emergency holographic shell''). [MERGED]
cat(1) now has the ability to read from UNIX-domain sockets. [MERGED]
cdcontrol(1) now supports a cdid command, which calculates and displays
the CD serial number, using the same algorithm used by the CDDB database.
[MERGED]
cdcontrol(1) now uses the CDROM environment variable to pick a default
device. [MERGED]
cdcontrol(1) now supports next and prev commands to skip forwards or
backwards a specified number of tracks while playing an audio CD. [MERGED]
chflags(1) has moved from /usr/bin to /bin.
chio(1) now has the ability to specify elements by volume tag instead of
by their physical location as well as the ability to return an element to
its previous location. [MERGED]
chmod(1) now supports a -h for changing the mode of a symbolic link.
chown(8) now correctly follows symbolic links named as command line
arguments if run without -R. [MERGED]
chown(8) no longer takes . as a user/group delimeter. This change was made
to support usernames containing a ..
Use of the CSMG_* macros no longer require inclusion of <sys/param.h>
col(1) now takes a -p flag to force unknown control sequences to be passed
through unchanged. [MERGED]
The compat3x distribution has been updated to include libraries present in
FreeBSD 3.5.1-RELEASE. [MERGED]
A compat4x distribution has been added for compatibility with FreeBSD
4-STABLE.
config(8) is now better about converting various warnings that should have
been errors into actual fatal errors with an exit code. This ensures that
make buildkernel doesn't quietly ignore them and build a bogus kernel
without a human to read the errors. [MERGED]
A number of buffer overflows in config(8) have been fixed. [MERGED]
ctags(1) no longer creates a corrupt tags file if the source file used //
(C++-style) comments. [MERGED]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -