From 77378671708094e1e4c01a6031611e177fb34f10 Mon Sep 17 00:00:00 2001
From: Hiroki Sato <hrs@FreeBSD.org>
Date: Fri, 30 Apr 2004 11:52:34 +0000
Subject: New release note: 	jail(8) raw socket support, 	mmap(2)
 security fix, 	TCP connection reset handling improved, and 	import of
 lukemftp 2004/04/26 snapshot.

MFC:
	rarpd(8) multiple IP addresses support.
---
 release/doc/en_US.ISO8859-1/relnotes/article.sgml    | 18 +++++++++++++++++-
 release/doc/en_US.ISO8859-1/relnotes/common/new.sgml | 18 +++++++++++++++++-
 2 files changed, 34 insertions(+), 2 deletions(-)

(limited to 'release')

diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
index 48ac82080583..c37055bf2dbb 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@@ -220,9 +220,16 @@
 
     <para>The &man.getvfsent.3; API has been removed.</para>
 
+    <para>&man.jail.8; now supports use of raw sockets from within a jail.
+      This feature is disabled by default, and controlled using the
+      <varname>security.jail.allow_raw_sockets</varname> sysctl.</para>
+
     <para arch="i386">The loran (Loran-C receiver) driver has been removed due to
       breakage and lack of maintainership.</para>
 
+    <para>A bug in &man.mmap.2; that pages marked as <literal>PROT_NONE</literal>
+      may become readable under certain circumstances, has been fixed.  &merged;</para>
+
     <para>The raid(4), RAIDframe disk driver from NetBSD has been removed.
       This is currently non-functional, and would require some amount of work
       to make it work under the &man.geom.4; API in 5-CURRENT.</para>
@@ -467,6 +474,10 @@
 	support for the TCP-MD5 class of security associations.
 	&merged;</para>
 
+      <para>The TCP connection reset handling has been improved to
+        make several reset attacks as difficult as possible while
+	maintaining compatibility with the widest range of TCP stacks.</para>
+
       <para>The implementation of RFC 1948 has been improved.
 	The time offset component of an ISN now includes random positive
 	increments between clock ticks so that ISNs will always
@@ -720,7 +731,8 @@
       accepts an encrypted password on a file descriptor. &merged;</para>
 
     <para>A bug in &man.rarpd.8; that prevents it from working properly
-      when a interface has more than one IP address has been fixed.</para>
+      when a interface has more than one IP address has been fixed.
+      &merged;</para>
 
     <para>The configuration files used by the &man.resolver.3; now
       support the <literal>timeout:</literal> and
@@ -828,6 +840,10 @@
     <para><application>libpcap</application> has been updated from
       version 0.7.1 to version 0.8.3.</para>
 
+    <para><application>lukemftp</application>
+      has been updated from a snapshot as of
+      November 3, 2003 to one as of April 26, 2004.</para>
+
     <para><application>OpenPAM</application> has been updated from the
       Dogwood release to the Eelgrass release.</para>
 
diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
index 48ac82080583..c37055bf2dbb 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@@ -220,9 +220,16 @@
 
     <para>The &man.getvfsent.3; API has been removed.</para>
 
+    <para>&man.jail.8; now supports use of raw sockets from within a jail.
+      This feature is disabled by default, and controlled using the
+      <varname>security.jail.allow_raw_sockets</varname> sysctl.</para>
+
     <para arch="i386">The loran (Loran-C receiver) driver has been removed due to
       breakage and lack of maintainership.</para>
 
+    <para>A bug in &man.mmap.2; that pages marked as <literal>PROT_NONE</literal>
+      may become readable under certain circumstances, has been fixed.  &merged;</para>
+
     <para>The raid(4), RAIDframe disk driver from NetBSD has been removed.
       This is currently non-functional, and would require some amount of work
       to make it work under the &man.geom.4; API in 5-CURRENT.</para>
@@ -467,6 +474,10 @@
 	support for the TCP-MD5 class of security associations.
 	&merged;</para>
 
+      <para>The TCP connection reset handling has been improved to
+        make several reset attacks as difficult as possible while
+	maintaining compatibility with the widest range of TCP stacks.</para>
+
       <para>The implementation of RFC 1948 has been improved.
 	The time offset component of an ISN now includes random positive
 	increments between clock ticks so that ISNs will always
@@ -720,7 +731,8 @@
       accepts an encrypted password on a file descriptor. &merged;</para>
 
     <para>A bug in &man.rarpd.8; that prevents it from working properly
-      when a interface has more than one IP address has been fixed.</para>
+      when a interface has more than one IP address has been fixed.
+      &merged;</para>
 
     <para>The configuration files used by the &man.resolver.3; now
       support the <literal>timeout:</literal> and
@@ -828,6 +840,10 @@
     <para><application>libpcap</application> has been updated from
       version 0.7.1 to version 0.8.3.</para>
 
+    <para><application>lukemftp</application>
+      has been updated from a snapshot as of
+      November 3, 2003 to one as of April 26, 2004.</para>
+
     <para><application>OpenPAM</application> has been updated from the
       Dogwood release to the Eelgrass release.</para>
 
-- 
cgit v1.2.3