The FreeBSD Project $FreeBSD$ 2000 2001 2002 2003 The FreeBSD Documentation Project The release notes for &os; &release.current; contain a summary of This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. This document contains the release notes for &os; &release.current; on the &arch.print; hardware platform. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Some pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining FreeBSD appendix to the FreeBSD Handbook. ]]> Users who are new to the &release.branch; series of &os; &release.type;s should also read the Early Adopters Guide to &os; &release.current;. This document can generally be found in the same location as the release notes (either as a part of a &os; distribution or on the &os; Web site). It contains important information regarding the advantages and disadvantages of using &os; &release.current;, as opposed to releases based on the &os; 4-STABLE development branch. All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This section describes Typical release note items document recent security advisories issued after &release.prev.historic;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. A single-byte buffer overflow in &man.realpath.3; was fixed. Although the fix was committed prior to &os; &release.prev; (and thus &release.prev; was not affected), it was not noted in the release documentation. See security advisory FreeBSD-SA-03:08. &merged; A bug that could allow the kernel to attempt delivery of invalid signals has been fixed. The bug could have led to a kernel panic or, under some circumstances, unauthorized modification of kernel memory. For more information, see security advisory FreeBSD-SA-03:09. &merged; A bug in the iBCS2 emulation module, which could result in disclosing the contents of kernel memory, has been fixed. This module is not enabled in &os; by default. For more information, see security advisory FreeBSD-SA-03:10. &merged; A buffer management bug in OpenSSH, which could potentially cause a crash, has been fixed. More information can be found in security advisory FreeBSD-SA-03:12. &merged; A buffer overflow in sendmail has been fixed. More information can be found in security advisory FreeBSD-SA-03:13. &merged; A bug that could allow the kernel to cause resource starvation which eventually results in a system panic in the ARP cache code has been fixed. More information can be found in security advisory FreeBSD-SA-03:14. &merged; Several errors in the OpenSSH PAM challenge/response authentication subsystem have been fixed. The impacts of these bugs vary; details can be found in security advisory FreeBSD-SA-03:15. &merged; A bug in &man.procfs.5; and &man.linprocfs.5;, which could result in disclosing the contents of kernel memory, has been fixed. More information can be found in security advisory FreeBSD-SA-03:17. &merged; Four separate security flaws in OpenSSL, which could allow a remote attacker to crash an OpenSSL-using application or to execute arbitrary code with the privileges of the application, have been fixed. More information can be found in security advisory FreeBSD-SA-03:18. &merged; A bug that caused &man.atkbd.4; to register an AT keyboard during console initialization, even when no AT keyboard was connected, has been fixed. kbdcontrol -k /dev/kbd1 is no longer needed when only a USB keyboard is connected. &merged; The DRM kernel modules have been updated from DRI CVS as of 23 October 2003. Among other changes, this change includes a newly-ported SiS 300/305/540/630/730 driver and mostly-complete SMPng locking. The &man.dcons.4; dumb console driver has been added to provide a local and remote console. It can be accessed over Firewire using the &man.dcons.crom.4; driver. A &man.dconschat.8; utility provides user access to &man.dcons.4; devices. A multi-byte character set conversion method is now supported by the LIBICONV kernel option. A new OFW PCI framework, conditional on the OFW_NEWPCI kernel configuration option, has been added. This addition improves the handling of PCI busses. One user-visible change is that the enumeration of devices is closer to &solaris; (as a result of this change, the numbering of devices may change if more than one unit of a device type is present). The OFW_NEWPCI kernel configuration is enabled by default in the GENERIC kernel. The &man.hifn.4; driver now supports symmetric crypto for the 7955 and 7956 chipsets. &merged; The &man.puc.4;, PCI Universal Communications driver now supports to connect parallel ports to the &man.ppc.4; driver. The &man.safe.4; driver has been added to support SafeNet 1141- and 1741-based crypto accelerators. &merged; This driver should be considered experimental and and should be used with some caution. The public key support is not implemented. A kernel software watchdog facility has been implemented. For more information, see &man.watchdog.4; and &man.watchdogd.8;. The swap pager has been revamped. Among user-visible changes are a change in the layout policy (from fixed-width striping to a round-robin across devices) for better I/O throughput, the elimination of compile-time limits on the number of swap devices, and a reduction in memory overheads. Large changes have been made to the i386 machine-dependent code to improve interrupt routing and handling, as well as SMP support. Two major user-visible changes are that SMP kernels can run on UP systems and that SMP functionality is now enabled by default in the GENERIC kernel. Also, the options APIC_IO kernel option has been replaced by device apic. Large changes have been made to the i386 machine-dependent code to improve interrupt routing and handling. An integer overflow that could cause kernel panics on PAE machines of certain large memory sizes has been corrected. Floating point emulation in the kernel has been removed. Problems with some Pentium 4 CPUs and some older Pentium Pro and Pentium II CPUs have been worked around. Typically these manifested themselves as memory corruption or unexplained crashes. The new &man.ath.4; and &man.ath.hal.4; drivers provide support for 802.11a/b/g devices based on the AR5210, AR5211, and AR5212 chips. The &man.bfe.4; driver has been added to support Broadcom BCM4401 based Fast Ethernet adapters. &man.bge.4; now supports Broadcom 5705 based Gigabit Ethernet NICs. &merged; A bug in the &man.bge.4; driver that prevented it from working correctly at 10 Mbps has been fixed. The &man.em.4; driver now has support for tuning the interrupt delays using sysctl tunables without recompiling the driver. The &man.harp.4; driver has been added. This is a pseudo physical interface driver for HARP, which attaches to all netgraph ATM interface in the system and presents a physical interface to the HARP stack for each of these interfaces. The &man.hatm.4; driver has been added to support Fore/Marconi HE155 and HE622 ATM cards. The &man.patm.4; driver has been added to support IDT77252 based ATM interfaces. The &man.re.4; driver has been added. It provides support for the RealTek RTL8139C+, RTL8169, RTL8169S and RTL8110S PCI Fast Ethernet and Gigabit Ethernet controllers. &man.sk.4; now supports SK-9521 V2.0 and 3COM 3C940 based Gigabit Ethernet NICs. &merged; The &man.uart.4; driver has been added to support various classes of UART (Universal Asynchronous Receiver/Transmitter) devices. It is an analog of the &man.sio.4; driver but supports a wider range of devices. This driver is necessary to support serial ports on certain architectures, such as ia64 and sparc64. The suspend/resume support for the &man.wi.4; driver now works correctly when the device is configured down. &merged; The 802.11 support layer has been rewritten to allow for future growth and new features. The xe driver now supports CE2, CEM28, and CEM33 cards, and &man.multicast.4; datagram. Also several bugs in the driver has been fixed. A number of network drivers have had their interrupt handlers marked as MPSAFE, meaning they can run without the Giant lock. Among the drivers so converted are: &man.ath.4;, &man.em.4;, &man.ep.4;, &man.fxp.4;, &man.sn.4;, &man.wi.4;, and &man.sis.4;. The IP_ONESBCAST option has been added to enable undirected &man.ip.4; broadcasts to be sent to specific network interfaces. A bug in &man.ipfw.4; limit rule processing that could cause various panics has been fixed. &merged; &man.ipfw.4; rules now support comma-separated address lists (such as 1.2.3.4, 5.6.7.8/30, 9.10.11.12/22), and allow spaces after commas to make lists of addresses more readable. &merged; &man.ipfw.4; rules now support C++-style comments. Each comment is stored together with its rule and appears using the &man.ipfw.8; show command. &merged; &man.ipfw.8; can now modify &man.ipfw.4; rules in set 31, which was read-only and used for the default rules. They can be deleted by ipfw delete set 31 command but are not deleted by the ipfw flush command. This implements a flexible form of persistent rules. More details can be found in &man.ipfw.8;. &merged; The &man.ng.atmpif.4; NetGraph node type has been added. It emulates a HARP physical interface, and allows one to run the HARP ATM stack without real hardware. Kernel support has been added for Protocol Independent Multicast routing (&man.pim.4;). &merged; To reduce information leakage, IPv4 packets no longer have a ip_id field set unless fragmentation is being done. The &os; Bluetooth protocol stack has been updated: libsdp has been re-implemented under BSD style license. This is because the Linux BlueZ's code is distributed under GPL. &man.hccontrol.8; utility now supports four new commands: Read/Write_Page_Scan_Mode and Read/Write_Page_Scan_Period_Mode. &man.hcsecd.8; daemon now stores link keys on a disk. It is no longer required to pair devices every time. A netgraph timeouts problem in &man.ng.hci.4; and &man.ng.l2cap.4; kernel modules, which could cause access to data structure that was already freed, has been fixed. &man.ng.ubt.4; module, which cannot be build on &os; &release.prev;, has been fixed. &man.rfcomm.sppd.1; and &man.rfcomm.pppd.8; now support to query RFCOMM channel via SDP from the server. Specifying RFCOMM channel manually, this behavior can be disabled and these utilities will not use SDP query. &man.sdpcontrol.8; utility, which is analogous to sdptool utility in the Linux BlueZ SDP package, has been added. Support for the IPv6 Advanced Sockets API now conforms to RFC 3542 (also known as RFC 2292bis), rather than RFC 2292. Applications using this API have been updated accordingly. Support for the source address selection part of RFC 3484 has been added. The &man.ip6addrctl.8; utility can be used to configure the address selection policy. The &man.amr.4; driver now has system crashdump support. &merged; A major rework of the &man.ata.4; driver has been committed. One of the more notable changes is that the &man.ata.4; driver has now out from under the Giant kernel lock. Note that ATA software RAID systems must now include device ataraid in their kernel configuration files, as it is no longer automatically implied by device atadisk. &man.ccd.4; can now operate on raw disks and other &man.geom.4; providers. The &man.da.4; driver no longer tries to send 6-byte commands to USB and Firewire devices. The quirks for these devices (which hopefully are now unnecessary) have been disabled; to restore the old behavior, add options DA_OLD_QUIRKS to the kernel configuration. &merged; Various &man.geom.4; modules can now be loaded as kernel modules, namely: geom_apple, geom_bde, geom_bsd, geom_gpt, geom_mbr, geom_pc98, geom_sunlabel, geom_vol_ffs. A GEOM_FOX module has been added to detect and select between multiple redundant paths to the same device. The &man.matcd.4; driver, which supports the Matsushita CR-562 and CR-563 CD drives, has returned. The &man.twe.4; driver now supports the 3ware generic API. &merged; Multi-byte character conversion with the cd9660, msdosfs, ntfs, and udf filesystems is now supported by including the CD9660_ICONV, MSDOSFS_ICONV, NTFS_ICONV, and UDF_ICONV kernel options, respectively. Some off-by-one errors in the smbfs that prevented it from working correctly with 15-character NetBIOS names have been fixed. &man.acpidb.8;, an ACPI DSDT debugger, has been added. &man.arp.8; now supports a -i option to limit the scope of the current operation to the ARP entries on a particular interface. This option applies to the display operations only. It should be useful on routers with numerous network interfaces. &merged; The &man.atmconfig.8; program has been added for configuration of the ATM drivers and IP-over-ATM functionality. &man.chroot.8; now allows the optional setting of a user, primary group, or group list to use inside the chroot environment via the -u, -g, and -G options respectively. &merged; The dev_mkdb utility is unnecessary due to the mandatory presence of devfs, and has been removed. &man.dhclient.8; now polls the state of network interfaces and only sends DHCP requests on interfaces that are up. The polling interval can be controlled with the -i option. The default mode for the lost+found directory of &man.fsck.8; is now 0700 instead of 01777. &merged; The &man.ffsinfo.8; utility has been updated to understand UFS2 filesystems and has been re-enabled. The &man.iasl.8; utility, a compiler/decompiler for ACPI Source Language (ASL) and ACPI Machine language (AML), has been added. &man.ifconfig.8; now supports a staticarp option for an interface, which disables the sending of ARP requests for that interface. &man.ipfw.8; list and show command now support ranges of rule numbers. &merged; &man.ipfw.8; now supports a -n flag to test the syntax of commands without actually changing anything. &merged; The libalias library, &man.natd.8;, and &man.ppp.8; now support Cisco Skinny Station protocol, which is the protocol used by Cisco IP phones to talk to Cisco Call Managers. Note that currently having the Call Manager behind the NAT gateway is not supported. &merged; The libcipher DES cryptography library has been removed. All of its functionality is provided by the libcrypto library, and all base systems programs that used libcipher have been converted to use libcrypto instead. The libkiconv library has been added to support working with loadable character set conversion tables in the kernel. libkse is now the default threading library on &os;/ia64. The libthr 1:1 threading library is now built by default. The &man.locale.1; utility has been re-implemented and is now POSIX-compliant. A new -m option shows all available codesets. The &man.mount.8; utility now supports to display the filesystem ID for each file system in addition to the normal information when a -v flag is specified, and &man.umount.8; utility now accepts the filesystem ID as well as the usual device and path names. This allows to unambiguously specify which file system is to be unmounted even when two or more file systems share the same device and mount point names. The &man.mount.cd9660.8; and &man.mount.ntfs.8; utilities now support a -C option to specify local character sets to convert Unicode filenames. It is possible to specify multi-byte character sets using this option. The &man.mount.msdosfs.8; utility now supports a -M option to specify the maximum file permissions for directories in the file system. &merged; The &man.mount.msdosfs.8; utility now supports a -D option to specify MS-DOS codepages and a -L option to specify local character sets. They are used to convert character sets of filenames. The /usr/libdata/msdosfs tables have retired. The &man.mount.nwfs.8;, &man.mount.portalfs.8;, and &man.mount.smbfs.8; utilities have been moved from /sbin to /usr/sbin. The &man.rc.conf.5; variable ntpd_flags for &man.ntpd.8; now includes -f /var/db/ntpd.drift by default. The &man.pam.guest.8; PAM module has been added to allow guest logins. It replaces the pam_ftp(8) module. &man.ps.1; and &man.top.1; now support a -H flag to display all kernel-visible threads in each process. A bug that &man.rarpd.8; does not recognize removable Ethernet NICs has been fixed. &man.rtld.1; now includes libmap functionality by default; the WITH_LIBMAP compile knob is unnecessary and has been retired. More information can be found in &man.libmap.conf.5;. The symorder utility has been removed. It is unnecessary now that all kernels use ELF format and there is no a.out format toolchain. &man.sysinstall.8; now gives the ability to select an alternate MTA during installation. Currently, exim and Postfix are supported. &man.systat.1; now includes displays for IPv6 and ICMPv6 traffic. &merged; A number of utilities available in /bin and /sbin are now available as a statically-linked crunched binary that lives in /rescue. This functionality is similar to the /stand directory installed by &man.sysinstall.8;, but /rescue includes more functionality and is updated as part of buildworld/installworld operations. More details can be found in &man.rescue.8;. It is now possible to build /bin and /sbin directories containing dynamically-linked executables. This feature brings support for loadable PAM and NSS modules to base system utilities located in those directories. It also reduces the storage requirements for the root filesystem due to the use of shared libraries. This feature can be enabled in a buildworld by defining the Makefile variable WITH_DYNAMICROOT. The ACPI-CA code has been updated from the 20030228 snapshot to the 20030619 snapshot. amd has been updated from 6.0.7 to 6.0.9. awk from Bell Labs has been updated from a 14 March 2003 snapshot to a 29 July 2003 snapshot. BIND has been updated from 8.3.4 to 8.3.6. GCC has been updated from 3.2.2 to a 3.3.3 post-release snapshot from 6 November 2003. Previous versions of GCC generated incorrect code when -march=pentium4 optimization was enabled. This problem is believed to have been fixed with this upgrade, and the earlier workaround for the case of CPUTYPE=p4 has been removed. The GCC -pthread option, which formerly controlled linking of the threading library, has been removed. This flag is confusing in the presence of multiple threading libraries (specifically libc_r, libkse, and libthr). Ports should use the PTHREAD_LIBS variable to select the correct threading library. GNU Readline has been updated from 4.2 to 4.3. GNU Sort has been updated from the version in textutils 2.0.21 to the version in textutils 2.1. Heimdal Kerberos has been updated from 0.5.1 to 0.6. The ISC DHCP client has been updated from 3.0.1rc11 to 3.0.1rc12. lukemftp has been updated from 1.6beta2 to a 11 November 2003 snapshot from NetBSD. OpenPAM has been updated from the Dianthus release to the Dogwood release. OpenSSL has been updated from 0.9.7a to 0.9.7c. &merged; sendmail has been updated to version 8.12.10. &merged; texinfo has been updated from 4.5 to 4.6. &merged; The timezone database has been updated from the tzdata2003a release to the tzdata2003d release. &merged; If GNU_CONFIGURE is defined, all instances of config.guess and config.sub found under WRKDIR are replaced with the master versions from PORTSDIR/Template. This allows old ports (which contain old versions of these scripts) to build on newer architectures like ia64 and amd64. Floppy disk installation images are no longer built for the alpha, amd64, and ia64 architectures. The supported release of GNOME has been updated from 2.2.1 to 2.4. &merged; The supported release of KDE has been updated from 3.1.2 to 3.1.4. &merged; Users with existing &os; systems are highly encouraged to read the Early Adopter's Guide to &os; &release.current;. This document generally has the filename EARLY.TXT on the distribution media, or any other place that the release notes can be found. It offers some notes on upgrading, but more importantly, also discusses some of the relative merits of upgrading to &os; 5.X versus running &os; 4.X. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.