📄 relnotes-alpha.txt
字号:
2.1.9 Contributed Software
The Forth Inspired Command Language (FICL) used in the boot loader has
been updated to 2.05.
Support for Advanced Configuration and Power Interface (ACPI), a
multi-vendor standard for configuration and power management, has been
added. This functionality has been provided by the Intel ACPI Component
Architecture project, as of the ACPI CA 20020308 snapshot. Some backward
compatability for applications using the older APM standard has been
provided.
----------------------------------------------------------------------
2.1.9.1 IPFilter
IPFilter has been updated to 3.4.25.
IPFilter now supports IPv6. [MERGED]
----------------------------------------------------------------------
2.1.9.3 KAME
The IPv6 stack is now based on a snapshot based on the KAME Project's IPv6
snapshot as of 28 May, 2001. Most of the items listed in this section are
a result of this import. Section 2.3.1.3 lists userland updates to the
KAME IPv6 stack. [MERGED]
gif(4) is now based on RFC 2893, rather than RFC 1933. The IFF_LINK2
interface flag can be used to control ingress filtering. [MERGED]
IPSec has received some enhancements, including the ability to use the
Rijndael and SHA2 algorithms. IPSec RC5 support has been removed due to
patent issues. [MERGED]
stf(4) now conforms to RFC 3056; the IFF_LINK2 interface flag can be used
to control ingress filtering. [MERGED]
IPv6 has better checking of illegal addresses (such as loopback addresses)
on physical networks. [MERGED]
The IPV6_V6ONLY socket option is now completely supported. The kernel's
default behavior with respect to this option is controlled by the
net.inet6.ip6.v6only sysctl variable. [MERGED]
RFC 3041 (Privacy Extensions for Stateless Address Autoconfiguration) is
now supported. It can be enabled via the net.inet6.ip6.use_tempaddr sysctl
variable. [MERGED]
----------------------------------------------------------------------
2.2 Security-Related Changes
sysinstall(8) now allows the user to select one of two ``security
profiles'' at install-time. These profiles enable different levels of
system security by enabling or disabling various system services in
rc.conf(5) on new installs. [MERGED]
A bug in which malformed ELF executable images can hang the system has
been fixed (see security advisory FreeBSD-SA-00:41). [MERGED]
A security hole in Linux emulation was fixed (see security advisory
FreeBSD-SA-00:42). [MERGED]
String-handling library calls in many programs were fixed to reduce the
possibility of buffer overflow-related exploits. [MERGED]
TCP now uses stronger randomness in choosing its initial sequence numbers
(see security advisory FreeBSD-SA-00:52). [MERGED]
Several buffer overflows in tcpdump(1) were corrected (see security
advisory FreeBSD-SA-00:61). [MERGED]
A security hole in top(1) was corrected (see security advisory
FreeBSD-SA-00:62). [MERGED]
A potential security hole caused by an off-by-one-error in
gethostbyname(3) has been fixed (see security advisory FreeBSD-SA-00:63).
[MERGED]
A potential buffer overflow in the ncurses(3) library, which could cause
arbitrary code to be run from within systat(1), has been corrected (see
security advisory FreeBSD-SA-00:68). [MERGED]
A vulnerability in telnetd(8) that could cause it to consume large amounts
of server resources has been fixed (see security advisory
FreeBSD-SA-00:69). [MERGED]
The nat deny_incoming command in ppp(8) now works correctly (see security
advisory FreeBSD-SA-00:70). [MERGED]
A vulnerability in csh(1)/tcsh(1) temporary files that could allow
overwriting of arbitrary user-writable files has been closed (see security
advisory FreeBSD-SA-00:76). [MERGED]
The ssh(1) binary is no longer SUID root by default. [MERGED]
Some fixes were applied to the Kerberos IV implementation related to
environment variables, a possible buffer overrun, and overwriting ticket
files. [MERGED]
telnet(1) now does a better job of sanitizing its environment. [MERGED]
Several vulnerabilities in procfs(5) were fixed (see security advisory
FreeBSD-SA-00:77). [MERGED]
A bug in OpenSSH in which a server was unable to disable ssh-agent(1) or
X11Forwarding was fixed (see security advisory FreeBSD-SA-01:01). [MERGED]
A bug in ipfw(8) and ip6fw(8) in which inbound TCP segments could
incorrectly be treated as being part of an established connection has been
fixed (see security advisory FreeBSD-SA-01:08). [MERGED]
A bug in crontab(1) that could allow users to read any file on the system
in valid crontab(5) syntax has been fixed (see security advisory
FreeBSD-SA-01:09). [MERGED]
A vulnerability in inetd(8) that could allow read-access to the initial 16
bytes of wheel-accessible files has been fixed (see security advisory
FreeBSD-SA-01:11). [MERGED]
A bug in periodic(8) that used insecure temporary files has been corrected
(see security advisory FreeBSD-SA-01:12). [MERGED]
OpenSSH now has code to prevent (instead of just mitigating through
connection limits) an attack that can lead to guessing the server key (not
host key) by regenerating the server key when an RSA failure is detected
(see security advisory FreeBSD-SA-01:24). [MERGED]
A number of programs have had output formatting strings corrected so as to
reduce the risk of vulnerabilities. [MERGED]
A number of programs that use temporary files now do so more securely.
[MERGED]
A bug in ICMP that could cause an attacker to disrupt TCP and UDP
``sessions'' has been corrected. [MERGED]
A bug in timed(8), which caused it to crash if send certain malformed
packets, has been corrected (see security advisory FreeBSD-SA-01:28).
[MERGED]
A bug in rwhod(8), which caused it to crash if send certain malformed
packets, has been corrected (see security advisory FreeBSD-SA-01:29).
[MERGED]
A security hole in FreeBSD's FFS and EXT2FS implementations, which allowed
a race condition that could cause users to have unauthorized access to
data, has been fixed (see security advisory FreeBSD-SA-01:30). [MERGED]
A remotely-exploitable vulnerability in ntpd(8) has been closed (see
security advisory FreeBSD-SA-01:31). [MERGED]
A security hole in IPFilter's fragment cache has been closed (see security
advisory FreeBSD-SA-01:32). [MERGED]
Buffer overflows in glob(3), which could cause arbitrary code to be run on
an FTP server, have been closed. In addition, to prevent some forms of DOS
attacks, glob(3) allows specification of a limit on the number of pathname
matches it will return. ftpd(8) now uses this feature (see security
advisory FreeBSD-SA-01:33). [MERGED]
Initial sequence numbers in TCP are more thoroughly randomized (see
security advisory FreeBSD-SA-01:39). Due to some possible compatibility
issues, the behavior of this security fix can be enabled or disabled via
the net.inet.tcp.tcp_seq_genscheme sysctl variable.[MERGED]
A vulnerability in the fts(3) routines (used by applications for
recursively traversing a filesystem) could allow a program to operate on
files outside the intended directory hierarchy. This bug has been fixed
(see security advisory FreeBSD-SA-01:40). [MERGED]
OpenSSH now switches to the user's UID before attempting to unlink the
authentication forwarding file, nullifying the effects of a race.
A flaw allowed some signal handlers to remain in effect in a child process
after being exec-ed from its parent. This allowed an attacker to execute
arbitrary code in the context of a setuid binary. This flaw has been
corrected (see security advisory FreeBSD-SA-01:42). [MERGED]
A remote buffer overflow in tcpdump(1) has been fixed (see security
advisory FreeBSD-SA-01:48). [MERGED]
A remote buffer overflow in telnetd(8) has been fixed (see security
advisory FreeBSD-SA-01:49). [MERGED]
The new net.inet.ip.maxfragpackets and net.inet.ip6.maxfragpackets sysctl
variables limit the amount of memory that can be consumed by IPv4 and IPv6
packet fragments, which defends against some denial of service attacks
(see security advisory FreeBSD-SA-01:52). [MERGED]
All services in inetd.conf are now disabled by default for new
installations. sysinstall(8) gives the option of enabling or disabling
inetd(8) on new installations, as well as editing inetd.conf. [MERGED]
A flaw in the implementation of the ipfw(8) me rules on point-to-point
links has been corrected. Formerly, me filter rules would match the remote
IP address of a point-to-point interface in addition to the intended local
IP address (see security advisory FreeBSD-SA-01:53). [MERGED]
A vulnerability in procfs(5), which could allow a process to read
sensitive information from another process's memory space, has been closed
(see security advisory FreeBSD-SA-01:55). [MERGED]
The PARANOID hostname checking in tcp_wrappers now works as advertised
(see security advisory FreeBSD-SA-01:56). [MERGED]
A local root exploit in sendmail(8) has been closed (see security advisory
FreeBSD-SA-01:57). [MERGED]
A remote root vulnerability in lpd(8) has been closed (see security
advisory FreeBSD-SA-01:58). [MERGED]
A race condition in rmuser(8) that briefly exposed a world-readable
/etc/master.passwd has been fixed (see security advisory
FreeBSD-SA-01:59). [MERGED]
A vulnerability in UUCP has been closed (see security advisory
FreeBSD-SA-01:62). All non-root-owned binaries in standard system paths
now have the schg flag set to prevent exploit vectors when run by cron(8),
by root, or by a user other then the one owning the binary. In addition,
uustat(1) is now run via /etc/periodic/daily/410.status-uucp as uucp, not
root. In FreeBSD -CURRENT, UUCP has since been moved to the Ports
Collection and no longer a part of the base system. [MERGED]
A security hole in the form of a buffer overflow in the semop(2) system
call has been closed. [MERGED]
A security hole in OpenSSH, which could allow users to execute code with
arbitrary privileges if UseLogin yes was set, has been closed. Note that
the default value of this setting is UseLogin no. (See security advisory
FreeBSD-SA-01:63.) [MERGED]
The use of an insecure temporary directory by pkg_add(1) could permit a
local attacker to modify the contents of binary packages while they were
being installed. This hole has been closed. (See security advisory
FreeBSD-SA-02:01.) [MERGED]
A race condition in pw(8), which could expose the contents of
/etc/master.passwd, has been eliminated. (See security advisory
FreeBSD-SA-02:02.) [MERGED]
A bug in k5su(8) could have allowed a process that had given up superuser
privileges to regain them. This bug has been fixed. (See security advisory
FreeBSD-SA-02:07.) [MERGED]
An ``off-by-one'' bug has been fixed in OpenSSH's multiplexing code. This
bug could have allowed an authenticated remote user to cause sshd(8) to
execute arbitrary code with superuser privileges, or allowed a malicious
SSH server to execute arbitrary code on the client system with the
privileges of the client user. (See security advisory FreeBSD-SA-02:13.)
[MERGED]
A programming error in zlib could result in attempts to free memory
multiple times. The malloc(3)/free(3) routines used in FreeBSD are not
vulnerable to this error, but applications receiving specially-crafted
blocks of invalid compressed data could be made to function incorrectly or
abort. This zlib bug has been fixed. For a workaround and solutions, see
security advisory FreeBSD-SA-02:18. [MERGED]
Bugs in the TCP SYN cache (``syncache'') and SYN cookie (``syncookie'')
implementations, which could cause legitimate TCP/IP traffic to crash a
machine, have been fixed. For a workaround and patches, see security
advisory FreeBSD-SA-02:20. [MERGED]
A routing table memory leak, which could allow a remote attacker to
exhaust the memory of a target machine, has been fixed. A workaround and
patches can be found in security advisory FreeBSD-SA-02:21. [MERGED]
A bug with memory-mapped I/O, which could cause a system crash, has been
fixed. For more information about a solution, see security advisory
FreeBSD-SA-02:22. [MERGED]
A security hole, in which SUID programs could be made to read from or
write to inappropriate files through manipulation of their standard I/O
file descriptors, has been fixed. Information regarding a solution can be
found in security advisory FreeBSD-SA-02:23. [MERGED]
----------------------------------------------------------------------
2.3 Userland Changes
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -