summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbmah <bmah@FreeBSD.org>2002-06-30 18:48:24 +0000
committerbmah <bmah@FreeBSD.org>2002-06-30 18:48:24 +0000
commit065834fe01ec10f137b7bed1d5897a741b697620 (patch)
tree44c3353d0f8374140170073e4b18a8fd077993b7
parentccdaff9ef1a1b58ed8ebca378804ebe71137766c (diff)
downloadFreeBSD-src-065834fe01ec10f137b7bed1d5897a741b697620.zip
FreeBSD-src-065834fe01ec10f137b7bed1d5897a741b697620.tar.gz
New release notes: ipfw(4) rewrite.
Modified release notes: ACPI 20020404, OpenSSH 3.4p1 (rewrote 3.3p1 update and reformatted).
-rw-r--r--release/doc/en_US.ISO8859-1/relnotes/article.sgml29
-rw-r--r--release/doc/en_US.ISO8859-1/relnotes/common/new.sgml29
2 files changed, 48 insertions, 10 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
index 9ff22f6..50b18f2 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@@ -913,6 +913,13 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting>
<para role="historic">&man.ipfw.4; now filters correctly in the presence of ECN
bits in TCP segments. &merged;</para>
+ <para>&man.ipfw.4 has been re-implemented. It now uses
+ variable-sized representation of rules in the kernel, similar
+ to &man.bpf.4; instructions. Most of the externally-visible
+ behavior (i.e. through &man.ipfw.8;) should be unchanged.,
+ although &man.ipfw.8; now supports <literal>or</literal>
+ connectives between match fields.</para>
+
<para role="historic">A new ng_eiface netgraph module has been added, which
appears as an Ethernet interface but delivers its Ethernet
frames to a Netgraph hook. &merged;</para>
@@ -1453,7 +1460,7 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting>
(ACPI), a multi-vendor standard for configuration and power
management, has been added. This functionality has been
provided by the <application>Intel ACPI Component
- Architecture</application> project, as of the ACPI CA 20020308
+ Architecture</application> project, as of the ACPI CA 20020404
snapshot. Some backward compatability for applications using
the older APM standard has been provided.</para>
@@ -3550,10 +3557,22 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting>
</para>
<para><application>OpenSSH</application> has been updated to
- 3.3p1. This version adds a <quote>privilege
- separation</quote> feature, which uses unprivileged
- processes to contain and restrict the effects of future
- compromises or programming errors.</para>
+ 3.4p1. The main changes are:
+ <itemizedlist>
+ <listitem>
+ <para>A <quote>privilege separation</quote> feature,
+ which uses unprivileged processes to contain and
+ restrict the effects of future compromises or
+ programming errors.</para>
+ </listitem>
+
+ <listitem>
+ <para>Several bugfixes, including closure of a
+ security hole that could lead to an integer overflow
+ and undesired privilege escalation.</para>
+ </listitem>
+ </itemizedlist>
+ </para>
<para><application>OpenSSH</application> can now authenticate
using <application>OPIE</application> passwords.</para>
diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
index 9ff22f6..50b18f2 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@@ -913,6 +913,13 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting>
<para role="historic">&man.ipfw.4; now filters correctly in the presence of ECN
bits in TCP segments. &merged;</para>
+ <para>&man.ipfw.4 has been re-implemented. It now uses
+ variable-sized representation of rules in the kernel, similar
+ to &man.bpf.4; instructions. Most of the externally-visible
+ behavior (i.e. through &man.ipfw.8;) should be unchanged.,
+ although &man.ipfw.8; now supports <literal>or</literal>
+ connectives between match fields.</para>
+
<para role="historic">A new ng_eiface netgraph module has been added, which
appears as an Ethernet interface but delivers its Ethernet
frames to a Netgraph hook. &merged;</para>
@@ -1453,7 +1460,7 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting>
(ACPI), a multi-vendor standard for configuration and power
management, has been added. This functionality has been
provided by the <application>Intel ACPI Component
- Architecture</application> project, as of the ACPI CA 20020308
+ Architecture</application> project, as of the ACPI CA 20020404
snapshot. Some backward compatability for applications using
the older APM standard has been provided.</para>
@@ -3550,10 +3557,22 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting>
</para>
<para><application>OpenSSH</application> has been updated to
- 3.3p1. This version adds a <quote>privilege
- separation</quote> feature, which uses unprivileged
- processes to contain and restrict the effects of future
- compromises or programming errors.</para>
+ 3.4p1. The main changes are:
+ <itemizedlist>
+ <listitem>
+ <para>A <quote>privilege separation</quote> feature,
+ which uses unprivileged processes to contain and
+ restrict the effects of future compromises or
+ programming errors.</para>
+ </listitem>
+
+ <listitem>
+ <para>Several bugfixes, including closure of a
+ security hole that could lead to an integer overflow
+ and undesired privilege escalation.</para>
+ </listitem>
+ </itemizedlist>
+ </para>
<para><application>OpenSSH</application> can now authenticate
using <application>OPIE</application> passwords.</para>
OpenPOWER on IntegriCloud