This section describes the most user-visible new or changed features in FreeBSD since 5.5-RELEASE.
Typical release note items document recent security advisories issued after 5.5-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
A bug in ypserv(8), which effectively disabled the /var/yp/securenets access control mechanism, has been corrected. More details are available in security advisory FreeBSD-SA-06:15.ypserv.
A bug in the smbfs file system, which could allow an attacker to escape out of chroot(2) environments on an smbfs mounted filesystem, has been fixed. For more details, see security advisory FreeBSD-SA-06:16.smbfs.
A potential denial of service problem in sendmail(8) caused by excessive recursion which leads to stack exhaustion when attempting delivery of a malformed MIME message, has been fixed. For more details, see security advisory FreeBSD-SA-06:17.sendmail.
A potential buffer overflow condition in sppp(4) has been corrected. For more details, see security advisory FreeBSD-SA-06:18.ppp.
An OpenSSL bug related to validation of PKCS#1 v1.5 signatures has been fixed. For more details, see security advisory FreeBSD-SA-06:19.openssl.
A potential denial of service attack against named(8) has been fixed. For more details, see security advisory FreeBSD-SA-06:20.bind.
Several programming errors have been fixed in gzip(1). They could have the effect of causing a crash or an infinite loop when decompressing files. More information can be found in security advisory FreeBSD-SA-06:21.gzip.
Several vulnerabilities have been fixed in OpenSSH. More details can be found in security advisory FreeBSD-SA-06:22.openssh.
Multiple errors in the OpenSSL crypto(3) library have been fixed. Potential effects are varied, and are documented in more detail in security advisory FreeBSD-SA-06:23.openssl.
A bug that could allow users in the operator group to read parts of kernel memory has been corrected. For more details, consult security advisory FreeBSD-SA-06:25.kmem.
A bug in gtar(1) has been fixed. Under certain circumstances, this bug could allow an attacker to overwrite files with the permissions of a user running gtar(1). More details on the exact impact of the bug, as well as workaround and patch information, can be found in security advisory FreeBSD-SA-06:26.gtar.
A bug in the jail startup script that could permit privilege escalation via a symlink attack has been fixed. More information is available in FreeBSD-SA-07:01.jail.
Two remote denials of service in BIND (one involving DNSSEC and one involving recursive DNS queries) have been fixed. For more information, see security advisory FreeBSD-SA-07:02.bind.
Processing of IPv6 type 0 Routing Headers is now controlled by the net.inet6.ip6.rthdr0_allowed sysctl variable, which defaults to
0 (off). For more information, see security advisory FreeBSD-SA-07:03.ipv6.
Problems with libarchive(3) and tar(1) handling corrupted tar(5) archive files have been fixed. More details can be found in security advisory FreeBSD-SA-07:05.libarchive.
A buffer overflow in OpenSSL (fixed incorrectly in a previously security patch) has been corrected. More details can be found in security advisory FreeBSD-SA-07:08.openssl.
An flaw that could lead to the disclosure of previously-generated random(4) data has been corrected. Information regarding this issue can be found in security advisory FreeBSD-SA-07:09.random.
An error in gtar(1), which could in certain circumstances lead to arbitrary overwriting of files in the file system, has been fixed. More information about this issue can be found in security advisory FreeBSD-SA-07:10.tar.
Information disclosure issues found in openpty(3) and ptsname(3) have been corrected. Information regarding this issue can be found in security advisory FreeBSD-SA-08:01.pty.
An error that could allow sendfile(2) to inappropriately access the contents of a file has been fixed. For more information, see security advisory FreeBSD-SA-08:03.sendfile.
A null pointer dereference panic in IPsec has been corrected. More information can be found in security advisory FreeBSD-SA-08:04.ipsec.
The BTX kernel used by the boot loader has been changed to invoke BIOS routines from real mode. This change makes it possible to boot FreeBSD from USB devices.
Multiple copies of a packet received via different bpf(4) listeners now all have identical timestamps.
The sysctl variables net.inet.ip.portrange.reservedhigh
and net.inet.ip.portrange.reservedlow can be used with IPv6
now.
The sendmail script can be instructed not to rebuild the
aliases database if it is missing or older than the aliases file. If desired, set the new
rc.conf option sendmail_rebuild_aliases to "NO" to turn off
that functionality.
BIND has been updated from 9.3.1 to 9.3.4-p1.
bzip2 has been updated from 1.0.2 to 1.0.5.
netcat has been updated from the version in a 4 February 2005 OpenBSD snapshot to the version included in OpenBSD 3.9.
sendmail has been updated from 8.13.6 to 8.14.2.
The timezone database has been updated from the tzdata2006g release to the tzdata2007k release.
The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.12.3 to 2.22.
The supported version of the KDE desktop environment (x11/kde3) has been updated from 3.5.1 to 3.5.7.
The supported Linux emulation now uses the libraries in the emulators/linux_base-fc4 package.
This file, and other release-related documents, can be downloaded from http://www.FreeBSD.org/snapshots/.
For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
All users of FreeBSD 5-STABLE should subscribe to the <stable@FreeBSD.org> mailing list.
For questions about this documentation, e-mail <doc@FreeBSD.org>.