diff --git a/release/texts/alpha/RELNOTES.TXT b/release/texts/alpha/RELNOTES.TXT index f7cb0ee06eca..e01ebca55875 100644 --- a/release/texts/alpha/RELNOTES.TXT +++ b/release/texts/alpha/RELNOTES.TXT @@ -115,8 +115,8 @@ Support for probabalistic rule matching has been added to IPFW. [MERGED] IPFW logging is now dynamic. IPFW logging counts can be reset, and any given rule can be given an arbitrary logging limit. [MERGED] -The top-level category "security" has been added, and IPFW now uses -syslog(3) to log all messages to /var/log/security. +The top-level syslog(3) category "security" has been added, and IPFW now +uses syslog(3) to log all messages to /var/log/security. Driver support has been added for PCI fast ethernet adapters based on the Silicon Integrated Systems SiS 900 and SiS 7016 ethernet controllers. @@ -170,6 +170,10 @@ adapters. This includes PCMCIA, PCI and ISA models. 1.2. SECURITY FIXES ------------------- +Numerous security enhancements and fixes have been applied during the +course of development of FreeBSD 4.0. Most of these have also been +backported to the 3.x-STABLE series. + A new jail(2) system call and admin command (jail(8)) have been added for additional flexibility in creating secure process execution environments. @@ -177,6 +181,15 @@ OpenSSL v0.9.4 (a general-purpose cryptography and SSL2/3/TLSv1 toolkit) has been integrated with the base system. In the future this will be used to provide strong cryptography for FreeBSD utilities out-of-the-box. +OpenSSH 1.2 has been integrated with the base system. OpenSSH is a free +(BSD-licensed), full-featured implementation of the SSH v1 protocol, which +is completely interoperable with other SSH v1 clients and servers, such as +the /usr/ports/security/ssh port. OpenSSH provides all of the features of +this port - in fact it is based on an older release before the software +became restrictively licensed. FreeBSD 4.0 provides SSH client/server +functionality out-of-the-box if you choose to install the 'DES' +cryptography distribution in sysinstall. + 1.3. USERLAND CHANGES --------------------- diff --git a/release/texts/i386/RELNOTES.TXT b/release/texts/i386/RELNOTES.TXT index 4b0a4f5aeef0..8f606264a83a 100644 --- a/release/texts/i386/RELNOTES.TXT +++ b/release/texts/i386/RELNOTES.TXT @@ -122,8 +122,8 @@ of independent queues. [MERGED] Several fixes to bridging, which now supports clusters of interfaces with bridging being done independently within each cluster. [MERGED] -The top-level category "security" has been added, and IPFW now uses -syslog(3) to log all messages to /var/log/security. +The top-level syslog(3) category "security" has been added, and IPFW now +uses syslog(3) to log all messages to /var/log/security. Driver support has been added for PCI fast ethernet adapters based on the Silicon Integrated Systems SiS 900 and SiS 7016 ethernet controllers. @@ -178,6 +178,10 @@ adapters. This includes PCMCIA, PCI and ISA models. 1.2. SECURITY FIXES ------------------- +Numerous security enhancements and fixes have been applied during the +course of development of FreeBSD 4.0. Most of these have also been +backported to the 3.x-STABLE series. + A new jail(2) system call and admin command (jail(8)) have been added for additional flexibility in creating secure process execution environments. @@ -185,6 +189,15 @@ OpenSSL v0.9.4 (a general-purpose cryptography and SSL2/3/TLSv1 toolkit) has been integrated with the base system. In the future this will be used to provide strong cryptography for FreeBSD utilities out-of-the-box. +OpenSSH 1.2 has been integrated with the base system. OpenSSH is a free +(BSD-licensed), full-featured implementation of the SSH v1 protocol, which +is completely interoperable with other SSH v1 clients and servers, such as +the /usr/ports/security/ssh port. OpenSSH provides all of the features of +this port - in fact it is based on an older release before the software +became restrictively licensed. FreeBSD 4.0 provides SSH client/server +functionality out-of-the-box if you choose to install the 'DES' +cryptography distribution in sysinstall. + Telnet has a new encrypted authentication mechanism called SRA. SRA uses a Diffie-Hellmen exchange to establish a session key, then uses that to DES encrypt the username and password. As a side effect the