From 7ea97ca1c935a99aafac117e4266aae484207822 Mon Sep 17 00:00:00 2001
From: "Bruce A. Mah" <bmah@FreeBSD.org>
Date: Mon, 26 Jan 2004 16:41:46 +0000
Subject: [PATCH] New release note:  SMBFS request signing [1].

Modified release notes:  Expand on ULE features [2], provide a further
clarification on CVS changes.

Submitted by:	tjr [1], jeffr [2]
---
 .../doc/en_US.ISO8859-1/relnotes/article.sgml | 24 +++++++++++++++++--
 .../en_US.ISO8859-1/relnotes/common/new.sgml  | 24 +++++++++++++++++--
 2 files changed, 44 insertions(+), 4 deletions(-)

diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
index 08000f6ed23..face1a336de 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@@ -132,7 +132,17 @@
       breakage and lack of maintainership.</para>
 
     <para>The ULE scheduler is now the default scheduler in the
-      <filename>GENERIC</filename> kernel.</para>
+      <filename>GENERIC</filename> kernel.  For the average user,
+      interactivity is reported to be better in many cases.  This
+      means less <quote>skipping</quote> and <quote>jerking</quote> in
+      interactive applications while the machine is very busy.  This
+      will not prevent problems due to overloaded disk subsystems, but
+      it does help with overloaded CPUs.  On SMP machines, ULE has
+      per-CPU run queues which allow for CPU affinity, CPU binding,
+      and advanced HyperThreading support, as well as providing a
+      framework for more optimizations in the future.  As fine-grained
+      kernel locking continues, the scheduler will be able to make
+      more efficient use of the available parallel resources.</para>
 
     <!-- Above this line, sort kernel changes by manpage/keyword-->
 
@@ -236,6 +246,14 @@
         when attempting operations against an NFSv3/NFSv2-only
         server.</para>
 
+      <para>The SMBFS client now has support for SMB request signing,
+	which prevents <quote>man in the middle</quote> attacks and is
+	required in order to connect to Windows 2003 servers in their
+	default configuration.  As signing each message imposes a
+	significant performance penalty, this feature is only enabled
+	if the server requires it; this may eventually become an
+	option to &man.mount.smbfs.8;.</para>
+
     </sect3>
 
     <sect3 id="mm">
@@ -275,7 +293,9 @@
     <para>Two security fixes for <application>CVS</application> (one
       related to pserver operation and the other dealing with
       malformed module requests) have been backported from later
-      versions.</para>
+      versions.  One side effect of this update is that running
+      pserver as <username>root</username> (a configuration that was
+      already unsupported and insecure) no longer works.</para>
 
     <para><application>OpenSSH</application> has been updated from
       3.6.1p1 to 3.7.1p2.</para>
diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
index 08000f6ed23..face1a336de 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@@ -132,7 +132,17 @@
       breakage and lack of maintainership.</para>
 
     <para>The ULE scheduler is now the default scheduler in the
-      <filename>GENERIC</filename> kernel.</para>
+      <filename>GENERIC</filename> kernel.  For the average user,
+      interactivity is reported to be better in many cases.  This
+      means less <quote>skipping</quote> and <quote>jerking</quote> in
+      interactive applications while the machine is very busy.  This
+      will not prevent problems due to overloaded disk subsystems, but
+      it does help with overloaded CPUs.  On SMP machines, ULE has
+      per-CPU run queues which allow for CPU affinity, CPU binding,
+      and advanced HyperThreading support, as well as providing a
+      framework for more optimizations in the future.  As fine-grained
+      kernel locking continues, the scheduler will be able to make
+      more efficient use of the available parallel resources.</para>
 
     <!-- Above this line, sort kernel changes by manpage/keyword-->
 
@@ -236,6 +246,14 @@
         when attempting operations against an NFSv3/NFSv2-only
         server.</para>
 
+      <para>The SMBFS client now has support for SMB request signing,
+	which prevents <quote>man in the middle</quote> attacks and is
+	required in order to connect to Windows 2003 servers in their
+	default configuration.  As signing each message imposes a
+	significant performance penalty, this feature is only enabled
+	if the server requires it; this may eventually become an
+	option to &man.mount.smbfs.8;.</para>
+
     </sect3>
 
     <sect3 id="mm">
@@ -275,7 +293,9 @@
     <para>Two security fixes for <application>CVS</application> (one
       related to pserver operation and the other dealing with
       malformed module requests) have been backported from later
-      versions.</para>
+      versions.  One side effect of this update is that running
+      pserver as <username>root</username> (a configuration that was
+      already unsupported and insecure) no longer works.</para>
 
     <para><application>OpenSSH</application> has been updated from
       3.6.1p1 to 3.7.1p2.</para>
-- 
2.45.2