Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 The FreeBSD Documentation Project
$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v
1.761.2.88 2008/04/17 01:02:03 delphij Exp $
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, EtherJet, Netfinity, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Sparc, Sparc64, SPARCEngine, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. Products bearing SPARC trademarks are based upon architecture developed by Sun Microsystems, Inc.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the ``™'' or the ``®'' symbol.
The release notes for FreeBSD 5.5-STABLE contain a summary of the changes made to the FreeBSD base system since 5.5-RELEASE. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
This document contains the release notes for FreeBSD 5.5-STABLE on the UltraSPARC hardware platform. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
The snapshot distribution to which these release notes apply represents a point along the 5-STABLE development branch after 5.5-RELEASE. Note that no further, formal releases on the 5-STABLE branch are planned at this time. Information regarding pre-built, binary snapshot distributions along this branch can be found at http://www.FreeBSD.org/snapshots/.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with ``late-breaking'' information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 5.5-STABLE can be found on the FreeBSD Web site.
This section describes the most user-visible new or changed features in FreeBSD since 5.5-RELEASE.
Typical release note items document recent security advisories issued after 5.5-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
A bug in ypserv(8), which effectively disabled the /var/yp/securenets access control mechanism, has been corrected. More details are available in security advisory FreeBSD-SA-06:15.ypserv.
A bug in the smbfs file system, which could allow an attacker to escape out of chroot(2) environments on an smbfs mounted filesystem, has been fixed. For more details, see security advisory FreeBSD-SA-06:16.smbfs.
A potential denial of service problem in sendmail(8) caused by excessive recursion which leads to stack exhaustion when attempting delivery of a malformed MIME message, has been fixed. For more details, see security advisory FreeBSD-SA-06:17.sendmail.
A potential buffer overflow condition in sppp(4) has been corrected. For more details, see security advisory FreeBSD-SA-06:18.ppp.
An OpenSSL bug related to validation of PKCS#1 v1.5 signatures has been fixed. For more details, see security advisory FreeBSD-SA-06:19.openssl.
A potential denial of service attack against named(8) has been fixed. For more details, see security advisory FreeBSD-SA-06:20.bind.
Several programming errors have been fixed in gzip(1). They could have the effect of causing a crash or an infinite loop when decompressing files. More information can be found in security advisory FreeBSD-SA-06:21.gzip.
Several vulnerabilities have been fixed in OpenSSH. More details can be found in security advisory FreeBSD-SA-06:22.openssh.
Multiple errors in the OpenSSL crypto(3) library have been fixed. Potential effects are varied, and are documented in more detail in security advisory FreeBSD-SA-06:23.openssl.
A bug that could allow users in the operator group to read parts of kernel memory has been corrected. For more details, consult security advisory FreeBSD-SA-06:25.kmem.
A bug in gtar(1) has been fixed. Under certain circumstances, this bug could allow an attacker to overwrite files with the permissions of a user running gtar(1). More details on the exact impact of the bug, as well as workaround and patch information, can be found in security advisory FreeBSD-SA-06:26.gtar.
A bug in the jail startup script that could permit privilege escalation via a symlink attack has been fixed. More information is available in FreeBSD-SA-07:01.jail.
Two remote denials of service in BIND (one involving DNSSEC and one involving recursive DNS queries) have been fixed. For more information, see security advisory FreeBSD-SA-07:02.bind.
Processing of IPv6 type 0 Routing Headers is now controlled by the net.inet6.ip6.rthdr0_allowed sysctl variable, which defaults to
0 (off). For more information, see security advisory FreeBSD-SA-07:03.ipv6.
Problems with libarchive(3) and tar(1) handling corrupted tar(5) archive files have been fixed. More details can be found in security advisory FreeBSD-SA-07:05.libarchive.
A buffer overflow in OpenSSL (fixed incorrectly in a previously security patch) has been corrected. More details can be found in security advisory FreeBSD-SA-07:08.openssl.
An flaw that could lead to the disclosure of previously-generated random(4) data has been corrected. Information regarding this issue can be found in security advisory FreeBSD-SA-07:09.random.
An error in gtar(1), which could in certain circumstances lead to arbitrary overwriting of files in the file system, has been fixed. More information about this issue can be found in security advisory FreeBSD-SA-07:10.tar.
Information disclosure issues found in openpty(3) and ptsname(3) have been corrected. Information regarding this issue can be found in security advisory FreeBSD-SA-08:01.pty.
An error that could allow sendfile(2) to inappropriately access the contents of a file has been fixed. For more information, see security advisory FreeBSD-SA-08:03.sendfile.
A null pointer dereference panic in IPsec has been corrected. More information can be found in security advisory FreeBSD-SA-08:04.ipsec.
Multiple copies of a packet received via different bpf(4) listeners now all have identical timestamps.
The sysctl variables net.inet.ip.portrange.reservedhigh
and net.inet.ip.portrange.reservedlow can be used with IPv6
now.
The sendmail script can be instructed not to rebuild the
aliases database if it is missing or older than the aliases file. If desired, set the new
rc.conf option sendmail_rebuild_aliases to "NO" to turn off
that functionality.
BIND has been updated from 9.3.1 to 9.3.4-p1.
bzip2 has been updated from 1.0.2 to 1.0.5.
netcat has been updated from the version in a 4 February 2005 OpenBSD snapshot to the version included in OpenBSD 3.9.
sendmail has been updated from 8.13.6 to 8.14.2.
The timezone database has been updated from the tzdata2006g release to the tzdata2007k release.
The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.12.3 to 2.22.
The supported version of the KDE desktop environment (x11/kde3) has been updated from 3.5.1 to 3.5.7.
If you're upgrading from a previous release of FreeBSD, you generally will have three options:
Using the binary upgrade option of sysinstall(8). This option is perhaps the quickest, although it presumes that your installation of FreeBSD uses no special compilation options.
Performing a complete reinstall of FreeBSD. Technically, this is not an upgrading method, and in any case is usually less convenient than a binary upgrade, in that it requires you to manually backup and restore the contents of /etc. However, it may be useful in cases where you want (or need) to change the partitioning of your disks.
From source code in /usr/src. This route is more flexible, but requires more disk space, time, and technical expertise. More information can be found in the ``Using make world'' section of the FreeBSD Handbook. Upgrading from very old versions of FreeBSD may be problematic; in cases like this, it is usually more effective to perform a binary upgrade or a complete reinstall.
Please read the INSTALL.TXT file for more information, preferably before beginning an upgrade. If you are upgrading from source, please be sure to read /usr/src/UPDATING as well.
Finally, if you want to use one of various means to track the -STABLE or -CURRENT branches of FreeBSD, please be sure to consult the ``-CURRENT vs. -STABLE'' section of the FreeBSD Handbook.
Important: Upgrading FreeBSD should, of course, only be attempted after backing up all data and configuration files.
This file, and other release-related documents, can be downloaded from http://www.FreeBSD.org/snapshots/.
For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
All users of FreeBSD 5-STABLE should subscribe to the <stable@FreeBSD.org> mailing list.
For questions about this documentation, e-mail <doc@FreeBSD.org>.