&os;/&arch; &release.current; Release NotesThe FreeBSD Project$FreeBSD$20002001200220032004The FreeBSD Documentation ProjectThe release notes for &os; &release.current; contain a summary
of
This document lists applicable security advisories that were issued since
the last release, as well as significant changes to the &os;
kernel and userland.
Some brief remarks on upgrading are also presented.IntroductionThis document contains the release notes for &os;
&release.current; on the &arch.print; hardware platform. It
describes recently added, changed, or deleted features of &os;.
It also provides some notes on upgrading
from previous versions of &os;.
The &release.type; distribution to which these release notes
apply represents a point along the &release.branch; development
branch between &release.prev; and the future &release.next;. Some
pre-built, binary &release.type; distributions along this branch
can be found at .
]]>
This distribution of &os; &release.current; is a
&release.type; distribution. It can be found at or any of its mirrors. More
information on obtaining this (or other) &release.type;
distributions of &os; can be found in the Obtaining
FreeBSD appendix to the FreeBSD
Handbook.
]]>
Users who are new to the &release.branch; series of &os;
&release.type;s should also read the Early Adopters Guide
to &os; &release.current;. This document can generally be
found in the same location as the release notes (either as a part of a
&os; distribution or on the &os; Web site). It contains important
information regarding the advantages and disadvantages of using
&os; &release.current;, as opposed to releases based on the &os;
4-STABLE development branch.All users are encouraged to consult the release errata before
installing &os;. The errata document is updated with
late-breaking information discovered late in the
release cycle or after the release. Typically, it contains
information on known bugs, security advisories, and corrections to
documentation. An up-to-date copy of the errata for &os;
&release.current; can be found on the &os; Web site.What's NewThis section describes
Typical release note items
document recent security advisories issued after
&release.prev.historic;,
new drivers or hardware support, new commands or options,
major bug fixes, or contributed software upgrades. They may also
list changes to major ports/packages or release engineering
practices. Clearly the release notes cannot list every single
change made to &os; between releases; this document focuses
primarily on security advisories, user-visible changes, and major
architectural improvements.Security AdvisoriesKernel ChangesThe dgb (DigiBoard intelligent serial card) driver has been
removed due to breakage. Its replacement is the &man.digi.4; driver,
which supports all the hardware of the dgb driver.The loran (Loran-C receiver) driver has been removed due to
breakage and lack of maintainership.The ULE scheduler is now the default scheduler in the
GENERIC kernel. For the average user,
interactivity is reported to be better in many cases. This
means less skipping and jerking in
interactive applications while the machine is very busy. This
will not prevent problems due to overloaded disk subsystems, but
it does help with overloaded CPUs. On SMP machines, ULE has
per-CPU run queues which allow for CPU affinity, CPU binding,
and advanced HyperThreading support, as well as providing a
framework for more optimizations in the future. As fine-grained
kernel locking continues, the scheduler will be able to make
more efficient use of the available parallel resources.Platform-Specific Hardware SupportBoot Loader ChangesA serial console-capable version of
boot0 has been added. It can be written
to a disk using &man.boot0cfg.8; and specifying
/boot/boot0sio as the argument to the
option.cdboot now works around a
BIOS problem observed on some systems when booting from USB
CDROM drives.Network Interface SupportThe &man.dc.4; driver now supports sparc64
Davicom cards that store their MAC address in
OpenFirmware.The hea (Efficient Networks, Inc. ENI-155p ATM adapter)
driver has been removed due to breakage. Its functionality
has been subsumed into the &man.en.4; driver.The lmc (LAN Media Corp. PCI WAN adapter) driver has been
removed due to breakage and lack of maintainership.A wrapper system has been added to allow
binary Windows NDIS miniport network drivers to be used with
FreeBSD. For more information, see the &man.ndis.4; and
&man.ndiscvt.8; manual pages.Several bugs related to multicast and promiscuous mode
handling in the &man.sk.4; driver have been fixed.Network ProtocolsSome bugs in the IPsec implementation from the KAME
Project have been fixed. These bugs were related to freeing
memory objects before all references to them were removed, and
could cause erratic behavior or kernel panics after flushing
the Security Policy Database (SPD).The PFIL_HOOKS option is now enabled by
default in the GENERIC kernel. The most
notable effect of this change is to make
IPFilter work correctly when loaded
as a kernel module.The following TCP features are now enabled by default: RFC
3042 (Limited Retransmit), RFC 3390 (increased initial
congestion window sizes), TCP bandwidth-delay product
limiting. More information can be found in &man.tcp.4;.&os;'s TCP implementation now includes support for a
minimum MSS (settable via the
net.inet.tcp.minmss sysctl variable) and a
rate limit on connections that send many small TCP segments
within a short period of time (via the
net.inet.tcp.minmssoverload sysctl
variable). Connections exceeding this limit may be reset and
dropped. This feature provides protection against a class of
resource exhaustion attacks.Disks and StorageA number of bugs in the &man.ata.4; driver have been
fixed. Most notably, master/slave device detection should
work better, and some problems with timeouts should be
resolved.File SystemsA bug in GEOM that could result in I/O hangs in some rare
cases has been fixed.A panic in the NFSv4 client has been fixed; this occurred
when attempting operations against an NFSv3/NFSv2-only
server.The SMBFS client now has support for SMB request signing,
which prevents man in the middle attacks and is
required in order to connect to Windows 2003 servers in their
default configuration. As signing each message imposes a
significant performance penalty, this feature is only enabled
if the server requires it; this may eventually become an
option to &man.mount.smbfs.8;.Multimedia SupportThe meteor (video capture) driver has been removed due to
breakage and lack of maintainership.Userland ChangesThe configuration files used by the &man.resolver.5; now
support the timeout: and
attempts: keywords.&man.ipfw.8; now supports a flag to
print only the action and comment for each rule, thus omitting
the rule body.A bugfix has been applied to NSS support, which fixes
problems when using third-party NSS modules (such as net/nss_ldap) and groups with large
membership lists.Contributed SoftwareThe ACPI-CA code has been updated
from the 20030619 snapshot to the 20031203 snapshot.Security improvements from CVS
1.11.10 and 1.11.11 have been backported. Specifically, certain
malformed module requests are now rejected, and when using
cvs pserver mode, attempts to authenticate as
root are rejected and recorded via
&man.syslog.3;.OpenSSH has been updated from
3.6.1p1 to 3.7.1p2.Ports/Packages Collection InfrastructureRelease Engineering and IntegrationDocumentationUpgrading from previous releases of &os;Users with existing &os; systems are
highly encouraged to read the Early
Adopter's Guide to &os; &release.current;. This document generally has
the filename EARLY.TXT on the distribution
media, or any other place that the release notes can be found. It
offers some notes on upgrading, but more importantly, also
discusses some of the relative merits of upgrading to &os;
5.X versus running &os;
4.X.Upgrading &os; should, of course, only be attempted after
backing up all data and configuration
files.