Copyright © 2000, 2001, 2002 by The FreeBSD Documentation Project
22.214.171.124.2.13 2002/08/13 21:38:44 bmah Exp $
The release notes for FreeBSD 4.6.2-RELEASE contain a summary of the changes made to the FreeBSD base system since 4.5-RELEASE. Both changes for kernel and userland are listed, as well as applicable security advisories for the base system that were issued since the last release. Some brief remarks on upgrading are also presented.
This document contains the release notes for FreeBSD 4.6.2-RELEASE on the Alpha/AXP hardware platform. It describes new features of FreeBSD that have been added (or changed) since 4.5-RELEASE. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD 4.6.2-RELEASE is a ``point release'', intended to address some issues (primarily security-related) discovered in FreeBSD 4.6-RELEASE. Originally, it was to carry the version number 4.6.1. However, several additional issues arose during the release engineering process, causing added delays. To avoid confusion, the release engineering and security teams decided that it would be best to rename the release-in-progress to 4.6.2.
This distribution can be found at ftp://ftp.FreeBSD.org/pub/FreeBSD/releases or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the ``Obtaining FreeBSD'' appendix in the FreeBSD Handbook.
This section describes the most user-visible new or changed features in FreeBSD since 4.5-RELEASE. Typical release note items document new drivers or hardware support, new commands or options, major bugfixes, or contributed software upgrades. Security advisories for the base system that were issued after 4.5-RELEASE are also listed.
Release note entries that describe changes specific to this point release are marked with [4.6.2].
The kernel dump device can now be set via the dumpdev loader tunable. As a result, it is now possible to obtain crash dumps from panics during the late stages of kernel initialization (before the system enters into single-user mode).
The snp(4) device is no longer static and can now be compiled as a module.
The an(4) driver now supports Cisco LEAP, as well as the ``Home'' WEP key. The Linux Aironet utilities are now supported under emulation.
The dc(4) driver now has support for VLANs.
The fpa(4) driver now works on Alpha machines.
The my driver, which supports the Myson Fast Ethernet and Gigabit Ethernet adapters, has been added.
The wi(4) driver now has support for Prism II and Prism 2.5-based NICs. 104/128-bit WEP now works on Prism cards.
The wi(4) driver now supports using a FreeBSD host as a wireless access point. This functionality can be enabled using the mediaopt hostap option of ifconfig(8). This feature requires a wireless adapter based on the Prism II chipset.
The wi(4) driver now has support for bsd-airtools.
The xe driver can now be built as a module.
Selected network drivers now implement a semi-polling mode, which makes systems much more resilient to attacks and overloads. To enable polling, the following options are required in a kernel configuration file:
options DEVICE_POLLING options HZ=1000 # not compulsory but strongly recommendedThe kern.polling.enable sysctl variable will then activate polling mode; with the kern.polling.user_frac sysctl indicating the percentage of CPU time to be reserved for userland. The devices initially supporting polling are dc(4), fxp(4), rl(4), and sis(4). More details can be found in the polling(4) manual page.
bridge(4) now has better support for multiple, fully-independent bridging clusters, and is much more stable in the presence of dynamic attachments and detatchments. Full support for VLANs is also supported.
A bug in the IPsec processing for IPv4, which caused the inbound SPD checks to be ignored, has been fixed.
A new ng_eiface netgraph module has been added, which appears as an Ethernet interface but delivers its Ethernet frames to a Netgraph hook.
A new ng_etf(4) netgraph node allows Ethernet type packets to be filtered to different hooks depending on ethertype.
The tcp(4) syncache implementation had a bug that could cause kernel panics; this has been fixed.
The TCP implementation now properly ignores packets addressed to IP-layer broadcast addresses.
The ahc(4) driver was synchronized with the version from FreeBSD -CURRENT as of 29 April 2002.
The ata(4) driver was synchronized with the driver from FreeBSD -CURRENT as of 18 March 2002.
[4.6.2] A bug which sometimes prevented ata(4) tagged queueing from working correctly has been corrected.
[4.6.2] The ata(4) driver now computes maximum transfer sizes correctly. This fixes numerous READ_BIG and other errors that occurred when accessing certain ATA devices.
A bug was been fixed in soft updates that could cause occasional filesystem corruption if the system is shut down immediately after performing heavy filesystem activities, such as installing a new kernel or other software.
An ``off-by-one'' bug has been fixed in OpenSSH's multiplexing code. This bug could have allowed an authenticated remote user to cause sshd(8) to execute arbitrary code with superuser privileges, or allowed a malicious SSH server to execute arbitrary code on the client system with the privileges of the client user. (See security advisory FreeBSD-SA-02:13.)
A programming error in zlib could result in attempts to free memory multiple times. The malloc(3)/ free(3) routines used in FreeBSD are not vulnerable to this error, but applications receiving specially-crafted blocks of invalid compressed data could be made to function incorrectly or abort. This zlib bug has been fixed. For a workaround and solutions, see security advisory FreeBSD-SA-02:18.
Bugs in the TCP SYN cache (``syncache'') and SYN cookie (``syncookie'') implementations, which could cause legitimate TCP/IP traffic to crash a machine, have been fixed. For a workaround and patches, see security advisory FreeBSD-SA-02:20.
A routing table memory leak, which could allow a remote attacker to exhaust the memory of a target machine, has been fixed. A workaround and patches can be found in security advisory FreeBSD-SA-02:21.
A bug with memory-mapped I/O, which could cause a system crash, has been fixed. For more information about a solution, see security advisory FreeBSD-SA-02:22.
A security hole, in which SUID programs could be made to read from or write to inappropriate files through manipulation of their standard I/O file descriptors, has been fixed. Information regarding a solution can be found in security advisory FreeBSD-SA-02:23.
[4.6.2] The original fix for security advisory SA-02:23 (which addressed the use of file descriptors by set-user-id or set-group-id programs) contained an error. It was still possible for systems using procfs(5) or linprocfs(5) to be exploited. This error has now been corrected; a revised version of security advisory FreeBSD-SA-02:23 contains more details.
Some unexpected behavior could be allowed with k5su(8) because it does not require that an invoking user be a member of the wheel group when attempting to become the superuser (this is the case with su(1)). To avoid this situation, k5su(8) is now installed non-SUID by default (effectively disabling it). More information can be found in security advisory FreeBSD-SA-02:24.
Multiple vulnerabilities were found in the bzip2(1) utility, which could allow files to be overwritten without warning or allow local users unintended access to files. These problems have been corrected with a new import of bzip2. For more information, see security advisory FreeBSD-SA-02:25.
A bug has been fixed in the implementation of the TCP SYN cache (``syncache''), which could allow a remote attacker to deny access to a service when accept filters (see accept_filter(9)) were in use. This bug has been fixed; for more information, see security advisory FreeBSD-SA-02:26.
Due to a bug in rc(8)'s use of shell globbing, users may be able to remove the contents of arbitrary files if /tmp/.X11-unix does not exist and the system can be made to reboot. This bug has been corrected (see security advisory FreeBSD-SA-02:27).
[4.6.2] A buffer overflow in the resolver, which could be exploited by a malicious domain name server or an attacker forging DNS messages, has been fixed. See security advisory FreeBSD-SA-02:28 for more details.
[4.6.2] ktrace(1) can no longer trace the operation of formerly privileged processes; this prevents the leakage of sensitive information that the process could have obtained before abandoning its privileges. For a discussion of this issue, see security advisory FreeBSD-SA-02:30 for more details.
[4.6.2] Multiple buffer overflows in OpenSSL have been corrected, by way of an upgrade to the base system version of OpenSSL. More details can be found in security advisory FreeBSD-SA-02:33.
[4.6.2] A heap buffer overflow in the XDR decoder has been fixed. For more details, see security advisory FreeBSD-SA-02:34.
[4.6.2] A bug that could allow local users to read and write arbitrary blocks on an FFS filesystem has been corrected. More details can be found in security advisory FreeBSD-SA-02:35.
[4.6.2] A bug in the NFS server code, which could allow a remote denial of service attack, has been fixed. Security advisory FreeBSD-SA-02:36 has more details.
On ATAPI CDROM drives, cdcontrol(1) now supports a speed command to set the maximum speed to be used by the drive.
ctags(1) no longer creates a corrupt tags file if the source file used // (C++-style) comments.
dump(8) now supplies progress information in its process title, useful for monitoring automated backups.
/etc/rc.firewall and /etc/rc.firewall6 will no longer add their own hardcoded rules in the cases of a rules file in the firewall_type variable or a non-existent firewall type. (The motivation for this change is to avoid acting on assumptions about a site's firewall policies.) In addition, the closed firewall type now works as documented in the rc.firewall(8) manual page.
The functionality of /etc/security has been been moved into a set of scripts under the periodic(8) framework, to make local customization easier and more maintainable. These scripts now reside in /etc/periodic/security/.
The ether address family of ifconfig(8) has been changed to a more generic link family (ether is still accepted for backwards compatability).
fsdb(8) now supports a blocks command to list the blocks allocated by a particular inode.
k5su(8) is no longer installed SUID root by default. Users requiring this feature can either manually change the permissions on the k5su(8) executable or add ENABLE_SUID_K5SU=yes to /etc/make.conf before a source upgrade.
ldd(1) can now be used on shared libraries, in addition to executables.
last(1) now supports a -y flag, which causes the year to be included in the session start time.
libstand now has support for loading large kernels and modules split across several physical media.
libusb has been renamed as libusbhid, following NetBSD's naming conventions.
ls(1) now accepts a -h flag, which when combined with the -l flag, causes file sizes to be printed with unit suffixes, such that the number of digits printed is fewer than four.
mergemaster(8) now supports two new flags. The -p flag enables a ``pre-buildworld'' mode to compare files known to be essential to the success of the buildworld and installworld system updating steps. The -C flag, used after a successful mergemaster(8) run, compares options in /etc/rc.conf to the default options in /etc/defaults/rc.conf.
ngctl(8) now supports a write command to send a data packet down a given hook.
patch(1) now accepts a -i command-line flag to read a patch from a file, rather than standard input.
[4.6.2] pam_opie(8) no longer emits fake challenges when the no_fake_prompts variable is specified.
[4.6.2] A pam_opieaccess(8) module has been added.
[4.6.2] pam_unix(8) has been synchronized with the version in FreeBSD -CURRENT as of 9 March 2002 (pre-OpenPAM).
pr(1) now supports the -f and -p flags to pause output going to a terminal.
The -W option to ps(1) (to extract information from a specified swap device) has been useless for some time; it has been removed.
reboot(8) now takes a -k to specify the next kernel to boot.
sshd(8) no longer emits fake S/Key challenges for users who do not have S/Key enabled. The prior behavior created confusing, useless one-time-password prompts when using some newer SSH clients to connect to a FreeBSD system.
sysinstall(8) now has rudimentary support for retrieving packages from the correct volume of a multiple-volume installation (such as a multi-CD distribution).
The usbhidctl(1) utility has been added to manipulate USB Human Interface Devices.
uuencode(1) and uudecode(1) now accept a -o option to set their output files. uuencode(1) can now be made to do base64 encoding when given the -m flag, while uudecode(1) can now automatically decode base64 files.
Locales with names of the form *.EUC have been renamed to the form *.euc??. For example, ja_JP.EUC has become ja_JP.eucJP. This improves locale name compatability with FreeBSD CURRENT, X11R6, and a number of other UNIX versions.
The locale support was synchronized with the code from FreeBSD -CURRENT. This change brings support for the LC_NUMERIC, LC_MONETARY, and LC_MESSAGES categories, as well as improvements to strftime(3), revised locale definitions, and improvement of the localization of many base system programs.
[4.6.2] BIND has been updated to 8.3.3.
bzip2 has been updated to 1.0.2.
Heimdal Kerberos has been updated to 0.4e.
The ISC DHCP client has been updated to 3.0.1RC8.
[4.6.2] OpenSSH has been updated to version 3.4p1. Among the changes:
The *2 files are obsolete (for example, ~/.ssh/known_hosts can hold the contents of ~/.ssh/known_hosts2).
ssh-keygen(1) can import and export keys using the SECSH Public Key File Format, for key exchange with several commercial SSH implementations.
ssh-add(1) now adds all three default keys.
ssh-keygen(1) no longer defaults to a specific key type; one must be specified with the -t option.
A ``privilege separation'' feature, which uses unprivileged processes to contain and restrict the effects of future compromises or programming errors.
Several bugfixes, including closure of a security hole that could lead to an integer overflow and undesired privilege escalation.
Note: As with FreeBSD 4.6-RELEASE, Protocol 1,2 remains the default protocol setting in /etc/ssh/ssh_config. In FreeBSD -CURRENT (and FreeBSD 4-STABLE as of this writing), the default is Protocol 2,1.
[4.6.2] OpenSSL has been updated to 0.9.6e.
texinfo has been updated to 4.1.
The timezone database has been updated to the tzdata2002c release.
sendmail has been updated to 8.12.3. sendmail(8) is no longer installed as a set-user-ID root binary (now set-group-ID smmsp). See /usr/src/contrib/sendmail/RELEASE_NOTES and /etc/mail/README for more information.
With this sendmail upgrade, multiple sendmail daemons (some required to handle outgoing mail) are started by rc(8), even if the sendmail_enable variable is set to NO. To completely disable sendmail, sendmail_enable must be set to NONE. Alternatively, for systems using a different MTA, the mta_start_script variable can be used to point to a different startup script (more details can be found in rc.sendmail(8)).
The permissions for sendmail alias and map databases built via /etc/mail/Makefile now default to mode 0640 to protect against a file locking local denial of service. It can be changed by setting the new SENDMAIL_MAP_PERMS make.conf option.
The permissions for the sendmail statistics file, /var/log/sendmail.st, have been changed from mode 0644 to mode 0640 to protect against a file locking local denial of service.
[4.6.2] A potential DNS map buffer overflow bug (in code that is not used in configurations by default) has been fixed.
Note: This bug has been addressed in FreeBSD 4.6-STABLE by the import of a newer version of sendmail.
The Ports Collection infrastructure now uses XFree86 4.2.0 as the default version of the X Window System for the purposes of satisfying dependencies. To return to using XFree86 3.3.6, add the following line to /etc/make.conf:
XFree86 4.2.0 is now the default version of the X Window System supported by sysinstall(8). It installs XFree86 as a set of standard binary packages, so the usual package utilities such as pkg_info(1) can be used to examine/manipulate its components.
[4.6.2] A bug that caused /usr/share/examples to be incompletely populated on fresh installs has been fixed.
If you're upgrading from a previous release of FreeBSD, you generally will have three options:
Using the binary upgrade option of sysinstall(8). This option is perhaps the quickest, although it presumes that your installation of FreeBSD uses no special compilation options.
Performing a complete reinstall of FreeBSD. Technically, this is not an upgrading method, and in any case is usually less convenient than a binary upgrade, in that it requires you to manually backup and restore the contents of /etc. However, it may be useful in cases where you want (or need) to change the partitioning of your disks.
From source code in /usr/src. This route is more flexible, but requires more disk space, time, and technical expertise. More information can be found in the ``Using make world'' section of the FreeBSD Handbook. Upgrading from very old versions of FreeBSD may be problematic; in cases like this, it is usually more effective to perform a binary upgrade or a complete reinstall.
Please read the INSTALL.TXT file for more information, preferably before beginning an upgrade. If you are upgrading from source, please be sure to read /usr/src/UPDATING as well.
Important: Upgrading FreeBSD should, of course, only be attempted after backing up all data and configuration files.
This file, and other release-related documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/releases.
For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.