&os;/&arch; &release.current; Release NotesThe FreeBSD Project$FreeBSD$200020012002The FreeBSD Documentation ProjectThe release notes for &os; &release.current; contain a summary
of
Both changes for kernel and userland are listed, as well as
applicable security advisories that were issued since the last
release. Some brief remarks on upgrading are also presented.IntroductionThis document contains the release notes for &os;
&release.current; on the &arch.print; hardware platform. It
describes recently added, changed, or deleted features of &os;.
It also provides some notes on upgrading
from previous versions of &os;.
The &release.type; distribution to which these release notes
apply represents a point along the &release.branch; development
branch between &release.prev; and the future &release.next;. Some
pre-built, binary &release.type; distributions along this branch
can be found at .
]]>
This distribution of &os; &release.current; is a
&release.type; distribution. It can be found at or any of its mirrors. More
information on obtaining this (or other) &release.type;
distributions of &os; can be found in the Obtaining
FreeBSD appendix to the FreeBSD
Handbook.
]]>
What's NewThis section describes
Typical release note items
document new drivers or hardware support, new commands or options,
major bugfixes, or contributed software upgrades. Applicable security
advisories issued after &release.prev.historic; are also listed.Many additional changes were made to &os; that are not listed
here for lack of space. For example, documentation was corrected
and improved, minor bugs were fixed, insecure coding practices
were audited and corrected, and source code was cleaned up.Kernel ChangesExecution of &man.a.out.5; format executables now
requires the COMPAT_AOUT option in the kernel
configuration or the loading of the aout.ko
kernel module.&man.acct.2; has been changed to open the accounting file in
append mode, so that &man.accton.8; can be used to enable
accounting to an append-only file. &merged;The &man.amdpm.4; driver has been added to
provide access to the system monitoring functions of the AMD 756
chipset. &merged;The &man.agp.4; driver for AGP devices has been
added. &merged;Preliminary support for Bluetooth devices has
been added, in the form of a series of Netgraph modules (see
&man.ng.bluetooth.4;). Two modules provide device driver
support for Bluetooth adapters: The &man.ng.bt3c.4; driver
supports the 3Com/HP Bluetooth PCCARD adapters, while the
&man.ng.ubt.4; driver supports several USB Bluetooth adapters.
Bluetooth support in &os; is a work in progress.A new in-kernel cryptographic framework (see &man.crypto.4;
and &man.crypto.9;) has been imported from OpenBSD. It provides
a consistent interface to hardware and software implementations
of cryptographic algorithms for use by the kernel and access to
cryptographic hardware for user-mode applications.
Hardware device drivers are provided to support hifn-based cards
(&man.hifn.4;) and Broadcom-based cards (&man.ubsec.4;). &merged;A new &man.ddb.4; command show pcpu lists
some of the per-CPU data.Two new &man.ddb.4; commands, hwatch and
dhwatch, have been introduced. Analogous to
watch and dwatch, they
install hardware watchpoints (as opposed to software
watchpoints) if supported by the architecture. &merged;A devctl device has been added to allow
userland programs to learn when devices come and go in the device
tree. This facility is primarily used
by the &man.devd.8; utility.&man.devfs.5;, which allows entries in the
/dev directory to be built automatically
and supports more flexible attachment of devices, has been
largely reworked. &man.devfs.5; is now enabled by default and
can be disabled by the NODEVFS kernel
option.
A rule subsystem
permits the administrator to define certain properties of new device
nodes before they become visible to the userland. Both static (e.g.
/dev/speaker) and dynamic (e.g.
/dev/bpf*, some removable devices) nodes are
supported. Each &man.devfs.5; mount may have a different ruleset assigned to
it, permitting different policies to be implemented for things like
jails. Rules and rulesets are manipulated with the &man.devfs.8;
utility.A new digi driver has been added to support PCI Xr-based and
ISA Xem Digiboard cards. A new &man.digictl.8; program is
(mainly) used to re-initialize cards that have external port
modules attached such as the PC/Xem. This driver replaces the older
dgm driver.An &man.eaccess.2; system call has been added, similar to
&man.access.2; except that the former uses effective credentials
rather than real credentials.Support has been added for EBus-based
devices.Initial support has been added for
Firewire devices (see &man.firewire.4;). &merged;The &man.ichsmb.4; driver for the Intel 82801AA
(ICH) SMBus controller and compatibles has been
added. &merged;Each &man.jail.2; environment can now run under its own
securelevel.The tunable sysctl variables for &man.jail.2; have moved
from jail.* to the
security.* hierarchy. Other security-related
sysctl variables have moved from kern.security.* to
security.*.The kern.maxvnodes limit now properly
limits the number of vnodes in use. Previously only vnodes with
no cached pages could be freed; this could allow the number of
vnodes to grow without limit on large-memory machines accessing
many small files. A vnlru kernel thread
helps to flush and reuse vnodes. &merged;The kernel message buffer is now accessible by the
(machine-independent) kern.msgbuf sysctl
variable; &man.dmesg.8; no longer needs to be SGID
kmem. &merged;The kernel environment is now dynamic, and can be changed
via the new &man.kenv.2; system call.The &man.kqueue.2; event notification facility was added to
the &os; kernel. This is a new interface which is able to
replace &man.poll.2;/&man.select.2;, offering improved
performance, as well as the ability to report many different
types of events. Support for monitoring changes in sockets,
pipes, fifos, and files are present, as well as for signals and
processes. &merged;A new KVA_SPACE kernel option
can be used to reconfigure the size of the kernel virtual
address space. &merged;The labpc(4) driver has been removed due to
bitrot.The loader and kernel linker now look for files named
linker.hints in each directory with KLDs
for a module name and version to KLD filename mapping. The new
&man.kldxref.8; utility is used to generate these files.Linux emulation now supports the kernel functionality
required by the
emulators/linux_base
(RedHat 7.X emulation) port. &merged;Linux emulation now requires options
SYSVSEM in the kernel configuration. &merged;&man.lomac.4;, a Low-Watermark Mandatory Access Control
security facility, has been added as a kernel module. It
provides a drop-in security mechanism in addition to the
traditional UID-based security facilities, requiring no
additional configuration from the administrator. Work on this
feature was sponsored by DARPA and NAI Labs.&os; now supports an extensible Mandatory Access Control
framework, the TrustedBSD MAC Framework. It permits loadable
kernel modules to link to the kernel at compile-time, boot-time,
or run-time to augment the system security policy. The
framework permits modules to express interest in a variety
of events, and also provides common security policy services
such as label storage. A variety of sample policy modules are
shipped in this release, including implementations of fixed
and floating label Biba integrity models, Multi-Level Security
(MLS) with compartments, and a number of augmented UNIX security
models including a file system firewall. This feature will
permit easier development and maintenance of local and vendor
security extensions. The extensibility service is enabled
by adding options MAC to the kernel
configuration.
The MAC framework is considered an experimental
feature in this release, and is not enabled by defaultMachine Check Architecture (MCA) records are now
collected at boot time and made available through the
hw.mca.* sysctl variables.The maxusers kernel configuration
parameter is now a boot-time tunable variable. The kernel
parameters derived from maxusers are now also
tunables and can be overridden at boot-time. The
hz parameter is also now a
tunable. &merged;Specifying a value of 0 for the
maxusers kernel configuration parameter will
now cause an appropriate value to be calculated at boot-time
(between 32 and 384, depending on the amount of memory present).
This value is now the default for all
GENERIC kernels. &merged;A MAXMEM kernel option,
along with the hw.physmem loader tunable, can
be used to artificially reduce the memory size of a machine for
testing (or other purposes). &merged;The kernel configuration parameters
MAXTSIZ, DFLDSIZ,
MAXDSIZ, DFLSSIZ,
MAXSSIZ, and SGROWSIZ are
all loader tunables (kern.maxtsiz,
kern.maxdfldsiz, etc.). &merged;&man.mutex.9; profiling code has been added, enabled by the
MUTEX_PROFILING kernel configuration option.
It enables the debug.mutex.prof.* hierarchy
of sysctl variables.The NCPU,
NAPIC, NBUS, and
NINTR kernel configuration options,
for configuring SMP kernels, have been removed.
NCPU is now set to a maximum of 16,
and the other, aforementioned options are now
dynamic. &merged;A &man.nmdm.4; null-modem terminal driver has been added.
&merged;The O_DIRECT flag has been added to
&man.open.2; and &man.fcntl.2;. Specifying this flag for open
files will attempt to minimize the cache effects of reading and
writing. &merged;An &man.orm.4; device has been added to claim the option
ROMs in the ISA memory I/O space, to prevent other drivers from
mistakenly assigning addresses that conflict with these
ROMs. &merged;The P1003_1B kernel option is no longer
used and has been removed.PECOFF (Win32 Execution file format) support has
been added.The pmc driver, which supports the power
management controller of the NEC PC-98NOTE, has been
added. &merged;POSIX.1b Shared Memory Objects are now supported. The
implementation uses regular files, but automatically enables the
MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;Replaced the PQ_*CACHE options with a
single PQ_CACHESIZE option to be set to the
cache size in kilobytes. The old options are still supported
for backwards compatibility. &merged;The &man.puc.4; (PCI Universal
Communications) driver has been added, to help connect PCI-based
serial ports to the &man.sio.4; driver. &merged;The &man.random.4; device has been rewritten to use the
Yarrow algorithm. It harvests
entropy from a variety of interrupt sources, including the
console devices, Ethernet and point-to-point network interfaces,
and mass-storage devices. Entropy from the &man.random.4;
device is now periodically saved to files in
/var/db/entropy, as well as at shutdown
time. The semantics of /dev/random have
changed; it never blocks waiting for entropy bits but generates
a stream of pseudo-random data and now behaves exactly as
/dev/urandom.A new kernel option, options REGRESSION,
enables interfaces and functionality intended for use during
correctness and regression testing.RLIMIT_VMEM support has been added. This
feature defines a new resource limit that covers a process's
entire virtual memory space, including &man.mmap.2; space. This
limit can be configured in &man.login.conf.5; via the new
vmemoryuse variable. &merged;Support has been added for SBus-based
devices.The sab driver, which supports the Siemens
SAB82532 serial chip found on many newer Sparc Ultra machines,
has been added.A bug in the &man.sendfile.2; system call, in which headers
counted against the size of the file to be sent, has been
fixed. &merged;The &man.snp.4; device is no longer static and can now be
compiled as a module. &merged;The &man.spic.4; driver, which provides access
to the Jog Dial device on some Sony laptops, has been
added. &man.moused.8; support for this device has also been
added. &merged;The &man.syscons.4; driver now supports keyboard-controlled
pasting, by default bound to
Shift-Insert.Support for USB devices was added to the
GENERIC kernel and to the installation
programs to support USB devices out of the box. Note that SRM
does not support USB devices at the moment, so you must still
use an AT keyboard if you are not using a serial
console. &merged;The uaudio driver, for USB audio devices, has been
added. &merged;The ubsa driver has been added to support
the Belkin F5U103 (and compatible) USB-to-serial adaptors.The &man.umodem.4; driver for USB modems
has been added. Support is provided for the 3Com 5605 and
Metricom Ricochet GS wireless USB modems. &merged;The &man.uscanner.4; driver for basic USB
scanner support using SANE has been added. See the SANE home page
for supported scanners. The HP ScanJet 4100C, 5200C and 6300C
are known to be working. &merged;The &man.ucom.4; device driver has been added, to support USB
modems, serial devices, and other programs that need to look
like a tty. The related &man.uftdi.4;, &man.uplcom.4;, &man.uvscom.4; drivers provide specific
support for FTDI serial adapters, the Prolific PL-2303 serial adapter and the SUNTAC
Slipper U VS-10U, respectively. &merged;To increase security, the UCONSOLE kernel
configuration option has been removed.The UserConfig boot-time kernel configuration
feature, usually used to enable, disable, or configure ISA
devices, has been removed. Its functionality has been replaced
by the kernel hints file in
/boot/device.hints.The USER_LDT kernel option is now
activated by default.The &man.uvisor.4; driver for connecting Handspring Visors via USB
has been added. &merged;A VESA S3 linear framebuffer driver has been added.The &man.viapm.4; driver for VIA SMBus
power management controllers has been added. &merged;Write combining for crashdumps has been implemented. This
feature is useful when write caching is disabled on both SCSI
and IDE disks, where large memory dumps could take up to an hour
to complete. &merged;The kernel crashdump infrastructure has been revised, to
support new platforms and in general clean up the logic in the
code. One implication of this change is that the on-disk format
for kernel dumps has changed, and is now
byte-order-agnostic.Extremely large swap areas (>67 GB) no longer panic the
system.Support for threads under Linux emulation has
been added.The buildkernel target now gets the
name of the configuration(s) to build from the
KERNCONF variable, not
KERNEL. It is no longer required, in some
cases, for a buildworld to precede a
buildkernel. (The
buildworld is still required when
upgrading across major releases, across
binutil updates and when
&man.config.8; changes version.) &merged;The out-of-swap process termination code now begins killing
processes earlier to avoid deadlocks; it now also takes into
account the swap space used by processes when computing the
process sizes. &merged;Linker sets are now self-contained; gensetdefs(8) is
unnecessary and has been removed.Network device cloning has been implemented, and the
&man.gif.4; device has been modified to take advantage of it.
Thus, instead of specifying how many &man.gif.4; interfaces are
available in kernel configuration files, &man.ifconfig.8;'s
option should be used when another device
instance is desired. &merged;It is now possible to hardwire kernel environment variables
(such as tunables) at compile-time using &man.config.8;'s
ENV directive.Idle zeroing of pages can be enabled with the
vm.idlezero_enable sysctl variable.The load addresses of kernels are now exported
to the symbol table and various hard-coded constants have been
removed so that utilities such as &man.ps.1; can work with
kernels compiled at different addresses. &merged;Coredumps of large processes (or of a large number of
processes) no longer lock up the machine for long periods of
time. &merged;The &os; kernel scheduler now supports Kernel-Scheduled
Entities (KSEs), which provides support for multiple threads of
execution per process similar to Scheduler Activations. At this
point, the kernel has most of the changes needed to support
threading. The kernel scheduler can schedule multiple threads per
process, but only on a single CPU at a time. More information
can be found in &man.kse.2;.
KSE is a work in progress.The kernel now has support for multiple low-level console
devices. The new &man.conscontrol.8; utility helps to manage
the different consoles.The console driver has gained support for
TGA-based display adapters.The kernel on the installation CDs is now separated from the
mfsroot image. This permits the use of a
full kernel when installing from CD on machines that support CD
booting (instead of the stripped-down kernel used on
floppies). &merged;The system load average computation now adds some jitter to
the timing of samples, in order to avoid synchronization with
processes that run periodically. &merged;If a debugging kernel with modules is being built
(i.e. using makeoptions DEBUG=-g), the
modules will now be built with debugging support as well, for
completeness. A side effect of this change is that modules
built and installed with debugging kernels will now occupy more
space on disk than they did previously. &merged;The kernel dump device can now be set via the
dumpdev loader tunable. As a result, it is
now possible to obtain crash dumps from panics during the late
stages of kernel initialization (before the system enters into
single-user mode). &merged;The kernel memory allocator is now a slab memory allocator,
similar to that used in Solaris. This is a SMP-safe memory
allocator that has near-linear performance as the number of CPUs
increases. It also allows for reduced memory
fragmentation.Processor/Motherboard SupportSMP support has been largely reworked, incorporating code
from BSD/OS 5.0. One of the main features of SMPng
(SMP Next Generation) is to allow more
processes to run in kernel, without the need for spin locks
that can dramatically reduce the efficiency of multiple
processors. Interrupt handlers now have contexts associated
with them that allow them to be blocked, which reduces the
need to lock out interrupts.Support for the 80386 processor has been
removed from the GENERIC kernel, as this
code seriously pessimizes performance on other IA32
processors.
The I386_CPU kernel option
to support the 80386 processor is now mutually exclusive with
support for other IA32 processors; this should slightly
improve performance on the 80386 due to the elimination of
runtime processor type checks.
Custom kernels that will run on the 80386 can
still be built by changing the CPU options in the kernel
configuration file to only include
I386_CPU.AlphaServer 1200 (Tincup) has
been tested and works OK. Currently it does not want to boot
from CD or floppy but a transplanted disk that was installed
on another Alpha works well. &merged;The API UP1100 mainboard has been verified to
work.The API CS20 1U high server has been verified
to work.Support for AlphaServer 2100A
(Lynx) has been added.Kernel code has been added that allows older
generation Alpha CPUs (EV4 and EV5) to emulate instructions of
the newer Alpha CPU generations. This enables the use of
binary-only programs like Adobe Acrobat
4 on EV4 and EV5.SMP support for the Alpha is now operational.Detection for new processors, such as the
FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and
Transmeta Crusoe LongRun, has been added. &merged;Support for the following hardware has been
removed from the installation kernel to make it fit on a
1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine,
sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595),
pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS
900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb
(Winbond W89C840F).Support for Streaming SIMD
Extensions (SSE) has been introduced. The
CPU_ENABLE_SSE kernel option controls
whether support is compiled into the kernel. &merged;The CPU_ATHLON_SSE_HACK
kernel option has been added, which attempts to enable the SSE
feature bit on newer Athlon CPUs if the BIOS has forgotten to
enable it. &merged;The UltraSPARC platform is now supported by
&os;. The following machines are supported to at least some
degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade
100. SMP is supported, and has been tested on the
Ultra 2, Ultra 60, Enterprise 220R, and
Enterprise 420R.On some systems, the BIOS does not activate
the I/O ports and memory of PC devices, thus making them
unusable. The hw.pci.enable_io_modes
sysctl/boot loader variable (which defaults to
1, for enabled)
forces &os; to enable these devices so that they can be
used.Support for TurboChannel Alphas has been
removed.Support for the AMD Élan SC520 has been
added; this requires the CPU_ELAN option in
the kernel configuration file. &merged;The CPU_DISABLE_CMPXCHG
kernel configuration option has been added. Enabling this
option has been shown to dramatically improve performance on
VMWare client OS installs.
This option is not compatible with
SMP kernels.Bootloader Changesboot2 now supports a
option to disallow boot interruption by
keypresses. &merged;A new cdboot bootstrap
utility for CDROMs provides better compatability with some
BIOS implementations that do not completely implement the El
Torito bootable CDROM standard. This boot loader supports
no emulation mode booting, thus eliminating the
need for an emulated floppy disk image on a bootable
CDROM. &merged;The i386 boot loader now has support for a
nullconsole console type, for use on
systems with neither a video console nor a serial
port. &merged;The &man.loader.8; now has optional support
(enabled at compile-time, off by default) for loading
bzip2-compressed kernels and
modules. &merged;Support for Intel's Wired for Management 2.0
(PXE) was added to the &os; boot loader. Due to API
differences, the older PXE versions are not supported. This
allow network booting using DHCP. &merged;The &os; boot loader now contains a workaround
to support CDROM booting on certain IBM BIOSs that expect the
first sector of the emulated floppy to contain a valid MS-DOS
BPB that they can modify. &merged;The &os; boot loader now supports a
flag to force the kernel to pause after
each line of output during the probing phase. &merged;The &os; boot loader is now capable of
booting from filesystems with block sizes larger than
8K. &merged;The kernel and modules have been moved to the directory
/boot/kernel, so they can be easily
manipulated together. The boot loader has been updated to
make this change as seamless as possible.Network Interface SupportThe &man.an.4; driver for Cisco Aironet cards now supports
Wired Equivalent Privacy (WEP) encryption, settable via
&man.ancontrol.8;. &merged;The &man.an.4; driver now supports the Cisco Aironet 350
series of adaptors. &merged;The &man.an.4; driver now supports monitor
mode, settable via the option to
&man.ancontrol.8;. &merged;The &man.an.4; driver now supports Cisco LEAP, as well as
the Home WEP key. The Linux Aironet utilities
are now supported under emulation. &merged;Generic support for ARCNET token-based
networks has been added. &merged;The &man.bge.4; driver has been added to
support the Broadcom BCM570x family of Gigabit Ethernet
controllers, including the 3Com 3c996-T, the SysKonnect
SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on
Dell PowerEdge 2550 servers. Output TCP/IP checksum offload,
jumbo frames and VLAN tag insertion/stripping are supported,
as well as interrupt moderation. &merged;The cm driver has been added to support SMC
COM90cx6 ARCNET network adapters. &merged;The &man.dc.4; driver now supports NICs based on the Xircom
3201 and Conexant LANfinity RS7112 chips.The &man.dc.4; driver now has support for
VLANs. &merged;The &man.de.4; driver now performs round-robin arbitration
between the transmit and receive units of the 21143, instead
of giving priority to the receive unit. This gives a
10–15% performance improvement in the forwarding rate
under heavy load. &merged;The &man.ed.4; driver is now supported.Linksys Fast Ethernet PCCARD cards supported
by the &man.ed.4; driver now require the addition of flag
0x80000 to their config line in
&man.pccard.conf.5;. This flag is not optional. These
Linksys cards will not be recognized without
it. &merged;A bug in the &man.ed.4; driver that could cause panics
with very short packets and BPF or bridging active has been
fixed. &merged;The &man.ed.4; driver now has support for D-Link DL10022
chips, necessary for the NetGear FA-410TX and other cards. As
a result, device miibus is required in
kernel configurations using the &man.ed.4;
driver. &merged;The &man.el.4; driver can now be loaded as a
module.The &man.em.4; driver has been added to
support NICs based on the Intel 82542, 82543, 82544, 82545EM,
and 82546EB
Gigabit Ethernet controller chips. The driver has VLAN
support, and also supports
transmit/receive checksum offload and jumbo frames on 82543
and 82544-based adapters. &merged;The &man.faith.4; device is now loadable, unloadable, and
clonable. &merged;Support for Fujitsu MB86960A/MB86965A based
Ethernet PC-Cards has been added back in the &man.fe.4;
driver. &merged;The &man.fpa.4; driver now supports Digital's
DEFPA FDDI adaptors on the Alpha. &merged;The &man.fxp.4; driver now requires a device
miibus entry in the kernel configuration
file. &merged;The &man.fxp.4; driver now contains a workaround for PCI
protocol violations caused by defects in some systems based on
the Intel ICH2/ICH2-M chip. The workaround is to rewrite the
EEPROM on the interface to disable Dynamic Standby Mode; once
the EEPROM is rewritten, the system needs to be rebooted for
the new settings to take effect. &merged;The &man.fxp.4; driver now supports Intel's loadable
microcode to implement receive-side interrupt coalescing and
packet bundling, on NICs that support these features. This
support can be activated by the use of the
option to
&man.ifconfig.8;. &merged;The gem driver has been added to support
the Sun GEM Gigabit Ethernet and ERI Fast Ethernet
adapters.The &man.gx.4; driver has been added to support NICs based
on the Intel 82542 and 82543 Gigabit Ethernet controller
chips. Both fiber and copper variants of the cards are
supported. Both boards support VLAN tagging/insertion, and
the 82543 additionally supports TCP/IP checksum
offload. &merged;The hme driver has been added to support
the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra
series machines.The &man.lge.4; driver has been added to support the Level
1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This
device is used on some fiber optic GigE cards from SMC, D-Link
and Addtron. Jumbograms and TCP/IP checksum offload on
receive are supported, although hardware VLAN filtering is
not. &merged;The my driver, which supports the Myson Fast Ethernet and
Gigabit Ethernet adapters, has been added. &merged;Added the &man.nge.4; driver, which supports PCI Gigabit
Ethernet adapters based on the National Semiconductor DP83820
and DP83821 Gigabit Ethernet controller chips, including the
D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante
FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T.
This driver supports transmit and receive checksum
offloading. &merged;The &man.pcn.4; driver, which supports the AMD PCnet/FAST,
PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and
HomePNA adapters, has been added. Although these cards are
already supported by the &man.lnc.4; driver, the &man.pcn.4;
driver runs these chips in 32-bit mode and uses the RX
alignment feature to achieve zero-copy receive. This driver
is also machine-independent, so it will work on the i386,
pc98 and Alpha platforms. The &man.lnc.4; driver is still needed
to support non-PCI cards. &merged;The &man.ray.4; driver, which supports the Webgear Aviator
wireless network cards, has been committed. The operation of
&man.ray.4; interfaces can be modified by
&man.raycontrol.8;. &merged;The &man.rp.4; driver has been updated to
version 3.02 and can now be built as a module. &merged;The sbni driver, for supporting the Granch
SBNI12 series of ISA and PCI point-to-point communications
interfaces, has been added. The sysutils/sbniconfig port in the &os;
Ports Collection can be used for configuring these
devices. &merged;Added support for PCI Ethernet adapters based on the SiS
900 and SiS 7016 Fast Ethernet controller chips (for example,
as seen on the SiS 635 and 735 motherboard chipsets), as well
as the National Semiconductor DP83815 chipset (including the
NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4;
driver. This device has support for VLANs. &merged;The snc driver for the National Semiconductor
DP8393X (SONIC) Ethernet controller has been added.
Currently, this driver is only used on the PC-98
architecture. &merged;The &man.stf.4; device is now clonable.The &man.tap.4; driver, a virtual Ethernet device driver
for bridged configurations, has been added. This device is
clonable. &merged;The &man.ti.4; driver now supports the Alteon AceNIC
1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT
Gigabit cards. &merged;The &man.ti.4; driver correctly masks VLAN tags. &merged;The &man.tx.4; driver now supports true multicast
filtering.The &man.txp.4; driver has been added to support NICs
based on the 3Com 3XP Typhoon/Sidewinder (3CR990)
chipset. &merged;&man.vlan.4; devices are now loadable, unloadable, and
clonable. &merged;The &man.wi.4; driver now has support for Prism II and
Prism 2.5-based NICs. 104/128-bit WEP now works on Prism
cards. &merged;The &man.wi.4; driver now supports using a &os; host as
a wireless access point. This functionality can be enabled
using the mediaopt hostap option of
&man.ifconfig.8;. This feature requires a wireless
adapter based on the Prism II chipset. &merged;The &man.wi.4; driver now has support for
bsd-airtools. &merged;The xe driver can now be built as a
module. &merged;The &man.xl.4; driver now supports the 3Com 3C556 and
3C556B MiniPCI adapters used on some laptops. &merged;The &man.xl.4; driver now supports reception of VLAN
tagged frames (on the Cyclone or newer
chipsets). &merged;The &man.xl.4; driver now supports send- and receive-side
TCP/IP checksum offloading for NICs implementing this feature,
such as the 3C905B, 3C905C, and 3C980C. &merged;A bug in the &man.xl.4; driver, related to statistics
overflow interrupt handling, was causing slowdowns at medium
to high packet rates; this has been fixed. &merged;The per-interface ifnet structure now
has the ability to indicate a set of capabilities supported by
a network interface, and which ones are enabled.
&man.ifconfig.8; has support for querying these
capabilities. &merged;Performance with hosts having a large number of IP aliases
has been improved, by replacing the per-interface
if_inaddr linear list with a hash table. &merged;Network devices now automatically appear as special files in
/dev/net. Interface hardware ioctls (not
protocol or routing) can be performed on these devices. The
SIOCGIFCONF ioctl may be performed on the
special /dev/network node.Selected network drivers now implement a semi-polling
mode, which makes systems much more resilient to attacks and
overloads. To enable polling, the following options are
required in a kernel configuration file:
options DEVICE_POLLING
options HZ=1000 # not compulsory but strongly recommended
The kern.polling.enable sysctl variable
will then activate polling mode; with the
kern.polling.user_frac sysctl indicating
the percentage of CPU time to be reserved for userland. The
devices initially supporting polling are &man.dc.4;,
&man.fxp.4;, &man.nge.4;, &man.rl.4;, and &man.sis.4;. More details can be found in
the &man.polling.4; manual page. &merged;The packet-forwarding performance of certain
network drivers (specifically &man.dc.4; and &man.sis.4;) has
been enhanced by the elimination of unnecessary buffer
copies. &merged;Zero copy support has been added to the
networking stack. This feature can eliminate a copy of
network data between the kernel and userland, which is one of
the more significant bottlenecks in network throughput.
The send-side code should work with almost any network
adapter, while the receive-side code requires a network
adapter with an MTU of at least one memory page size (for
example, jumbo frames on Gigabit Ethernet). For more
information, see &man.zero.copy.9;.Network Protocols&man.accept.filter.9;, a kernel feature to reduce
overheads when accepting and reading new connections on
listening sockets, has been added. &merged;The proxy modifier to &man.arp.8;'s
option has been renamed to
pub, for consistency with the
option. The only keyword
has been added to the and
flags, to be used in creating
proxy-only published entries. &merged;The read timeout feature of &man.bpf.4; now works more
correctly with &man.select.2;/&man.poll.2;, and therefore with
pthreads. &merged;&man.bridge.4; and &man.dummynet.4; have received some
enhancements and bug fixes, and are now loadable
modules. &merged;&man.bridge.4; now has better support for multiple,
fully-independent bridging clusters, and is much more stable
in the presence of dynamic attachments and detatchments. Full
support for VLANs is also supported. &merged;A FAST_IPSEC kernel option now allows
the IPsec implementation to use the kernel &man.crypto.4; framework,
along with its support for hardware cryptographic
acceleration.
The FAST_IPSEC and
IPSEC options are mutually
exclusive.The FAST_IPSEC option is, at the
moment, not compatible with IPv6 or the
INET6 option.A &man.gre.4; driver, which can encapsulate IP packets
using GRE (RFC 1701) or minimal IP encapsulation for Mobile IP
(RFC 2004), has been added. &merged;ICMP ECHO and TSTAMP replies are now rate limited. TCP
RSTs generated due to packets sent to open and unopen ports
are now limited by separate counters. Each rate limiting
queue now has its own description.ICMP UNREACH_FILTER_PROHIB messages can
now RST TCP connections in the SYN_SENT
state if the correct sequence numbers are sent back, as
controlled by the
net.inet.tcp.icmp_may_rst sysctl. &merged;ICMP Source Quench messages are no longer generated for
forwarded packets. The old behavior can be re-enabled with
the net.inet.ip.sendsourcequench sysctl
variable.IP multicast now works on VLAN devices. Several other
bugs in the VLAN code have also been fixed.A bug in the IPsec processing for IPv4, which caused the
inbound SPD checks to be ignored, has been fixed. &merged;&man.ipfw.4; now filters correctly in the presence of ECN
bits in TCP segments. &merged;&man.ipfw.4; has been re-implemented (the new version is
commonly referred to as IPFW2). It now uses
variable-sized representation of rules in the kernel, similar
to &man.bpf.4; instructions. Most of the externally-visible
behavior (i.e. through &man.ipfw.8;) should be unchanged,
although &man.ipfw.8; now supports or
connectives between match fields. &merged;A new ng_eiface netgraph module has been added, which
appears as an Ethernet interface but delivers its Ethernet
frames to a Netgraph hook. &merged;A new &man.ng.device.4; netgraph node type has been added,
which creates a device entry in /dev, to
be used as the entry point to a networking graph.A new &man.ng.etf.4; netgraph node allows Ethernet type
packets to be filtered to different hooks depending on
ethertype. &merged;The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph
nodes, for operating on &man.gif.4; devices, have been
added.The &man.ng.ip.input.4; netgraph node, for queueing IP
packets into the main IP input processing code, has been
added.A new &man.ng.l2tp.4; netgraph node type, which implements
the encapsulation layer of the L2TP protocol as described in
RFC 2661, has been added. &merged;The &man.ng.mppc.4; and &man.ng.bridge.4; node types have
been added to the &man.netgraph.4; subsystem. The
&man.ng.ether.4; node is now dynamically loadable.
Miscellaneous bug fixes and enhancements have also been
made. &merged;A new netgraph node type &man.ng.one2many.4; for
multiplexing and demultiplexing packets over multiple links
has been added. &merged;A new ng_split node type has been added for splitting a
bidirectional packet flow into two unidirectional flows.A new sysctl
net.inet.ip.check_interface, which is on by
default, causes IP to verify that an incoming packet arrives
on an interface that has an address matching the packet's
destination address. &merged;A new sysctl
net.link.ether.inet.log_arp_wrong_iface has
been added to control the suppression of logging when ARP
replies arrive on the wrong interface. &merged;A new options RANDOM_IP_ID kernel
option causes the ID field of IP packets to be randomized.
This closes a minor information leak which allows a remote
observer to determine the rate at which the machine is
generating packets, since the default behavior is to increment
a counter for each packet sent. &merged;SLIP has been removed from the
mfsroot floppy image.TCP has received some bug fixes for its delayed ACK
behavior. &merged;TCP now supports the NewReno modification to the TCP Fast
Recovery algorithm. This behavior can be controlled via the
net.inet.tcp.newreno sysctl
variable. &merged;TCP now uses a more aggressive timeout for initial SYN
segments; this allows initial connection attempts to be
dropped much faster. &merged;The TCP_COMPAT_42 kernel option has
been removed. &merged;The TCP_RESTRICT_RST kernel option has
been removed. Similar functionality can be achieved with the
net.inet.tcp.blackhole sysctl
variable. &merged;TCP now has RFC 1323 extensions enabled by default in
&man.rc.conf.5;. &merged;RFC 1323 and RFC 1644 TCP extensions are now disabled for
a connection in progress if no response has been received by
the third SYN segment sent. This behavior tries to work
around (very old) terminal servers with buggy VJ header
compression implementations. &merged;The TCP implementation no longer requires the allocation
of a TCP template structure for each connection; this should
reduce the buffer usage on large systems handling many
connections. &merged;TCP's default buffer sizes, controlled by the
net.inet.tcp.sendspace and
net.inet.tcp.recvspace sysctl variables,
have been increased to 32K and 64K respectively. Previously,
the default for both buffer sizes was 16K. To try to avoid
increasing congestion, the default value for
net.inet.tcp.local_slowstart_flightsize has
been changed from infinity to 4. &merged;
On busy hosts, the new larger buffer sizes may require
manually increasing the
NMBCLUSTERS parameter, either in the
kernel configuration file or via the
kern.ipc.nmbclusters loader tunable.
netstat -mb can be used to monitor the
state of mbuf clusters.TCP now supports RFC 1948 (Defending Against Sequence
Number Attacks). The
net.inet.tcp.isn_reseed_interval sysctl
variable controls the reseeding of the secret data used in
the RFC 1948 initial sequence number calculations. &merged;The TCP implementation in &os; now implements a cache of
outstanding, received SYN segments. Incoming SYN segments now
cause entries to be placed in the cache until the TCP
three-way handshake is complete, at which point, memory is
allocated for the connection as usual. In addition, all TCP
Initial Sequence Numbers (ISNs) are used as cookies, allowing
entries in the cache to be dropped, but still have their
corresponding ACKs accepted later. The combination of the
so-called
syncache and syncookies features
makes a host much more resistant to TCP-based Denial of
Service attacks. Work on this feature was sponsored by DARPA
and NAI Labs. &merged;A bug in the TCP implementation, which could cause
connections to stall if a sender saw a zero-sized window, has
been corrected. &merged;The TCP implementation now properly ignores packets
addressed to IP-layer broadcast addresses. &merged;The ephemeral port range used for TCP and UDP has been
changed to 49152–65535 (the old default was
1024–5000). This increases the number of concurrent
outgoing connections/streams.The &man.tcp.4; protocol's retransmission timer can now be
manipulated with two sysctl variables,
net.inet.tcp.rexmit_min and
net.inet.tcp.rexmit_slop. The default has
been reduced from one second to 200ms (similar to the Linux default)
in order to better handle hiccups over interactive connections and
improve recovery over lossy fast connections such as wireless links.The &man.tcp.4; protocol now has the ability to dynamically
limit the send-side window to maximize bandwidth and minimize
round trip times. The feature can be enabled via the
net.inet.tcp.inflight_enable
sysctl. &merged;Disks and StorageSupport for the Adaptec FSA family of PCI-SCSI
RAID controllers has been added, in the form of the
&man.aac.4; driver. This driver includes proper handling of
commands initiated by the adapter, addition/removal of disk
devices, crashdump functionality, and &man.ioctl.2; commands
necessary for the management CLI, and is fully qualified and
sanctioned by Adaptec. &merged;The &man.ahc.4; driver has received numerous updates,
bugfixes, and enhancements. Among various improvements are
improved compatibility with chips in RAID Port
mode and systems with AAA and/or ARO cards installed, as well
as performance improvements. Some bugs were also fixed,
including a rare hang on Ultra2/U160
controllers. &merged;The &man.ahd.4; driver, which supports the Adaptec
AIC7901, AIC7901A, and AIC7902 Ultra320 PCI-X SCSI Controller chips, has been
added. &merged;The &man.asr.4; driver, which provides support
for the Adaptec SCSI RAID controller family, as well as the
DPT SmartRAID V and VI families, has been
added. &merged;The &man.asr.4; driver now supports the
Adaptec 2000S and 2005S Zero-Channel RAID
controllers. &merged;The &man.ata.4; driver now has support for ATA100
controllers. In addition, it now supports the ServerWorks
ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100
chipsets, and the Cyrix 5530. &merged;To provide more flexible configuration, the various
options for the &man.ata.4; driver are now boot loader
tunables, rather than kernel configure-time
options. &merged;The &man.ata.4; driver now has support for tagged queuing,
which is enabled by the hw.ata.tags loader
tunable. &merged;The &man.ata.4; driver now has support for ATA
pseudo RAID controllers as the Promise Fasttrak
and HighPoint HPT370 controllers. &merged;The &man.ata.4; driver now supports a wider variety of SiS
chipsets, as listed in the Hardware Notes. &merged;The &man.ata.4; driver now has support for creating,
deleting, querying, and rebuilding ATA RAIDs under control of
&man.atacontrol.8;. &merged;The BurnProof(TM) feature, for applicable ATAPI CD-ROM
burners, is now supported. &merged;The &man.ata.4; driver now has support for 48-bit
addressing. Devices larger than 137GB are now
supported. &merged;The &man.ata.4; driver now contains fixes for some data
corruption problems on systems using the VIA 82C686B
Southbridge chip. &merged;The &man.ata.4; driver (along with &man.burncd.8;) now
supports writing to media in DVD+RW drives.The &man.ata.4; driver now supports accessing ATA devices
as SCSI devices via the CAM layer and drivers (&man.cd.4;,
&man.da.4;, &man.st.4;, and &man.pass.4;). This feature requires
device atapicam in the kernel
configuration. More information can be found in
&man.atapicam.4;. &merged;The &man.ata.4; driver now has support for the Sil 0680
and VIA 8233/8235 controllers. &merged;The &man.cd.4; driver now has support for write
operations. This allows writing to DVD-RAM, PD and similar
drives that probe as CD devices. Note that change affects
only random-access writeable devices, not sequential-only
writeable devices such as CD-R drives, which are supported by
&man.cdrecord.1; (a part of
sysutils/cdrtools in the
Ports Collection. &merged;The &man.cd.4; driver now supports the same
CDRIOCREADSPEED and
CDRIOCWRITESPEED ioctls that the
&man.acd.4; driver uses for setting the speed of CDROM
access.The &man.targ.4; driver has been rewritten and a new
usermode has been added to /usr/share/examples/scsi_target that
emulates a direct access device.The ciss driver, for devices utilizing the
Common Interface for SCSI-3 Support, has been added. This
driver supports the Compaq SmartRAID 5* family of RAID
controllers (5300, 532, 5i). &merged;The &man.fdc.4; floppy disk driver has undergone a number of
enhancements. Density selection for common settings is now
automatic; the driver is also much more flexible in setting
the densities of various subdevices.The &man.geom.4; disk I/O request transformation framework
has been added; this extensible framework is designed to
support a wide variety of operations on I/O requests on their
way from the upper kernel to the device drivers.
GEOM-enabled kernels no longer support
compatability slices. This feature
(supported on the i386 and pc98 only) allowed a user to
refer to a disk partition without specifying an MBR slice
(e.g. /dev/ad0a); the kernel would
automatically find the first applicable &os; slice and use
it. On GEOM-enabled kernels (the default), only the full partition names
(e.g. /dev/ad0s1a) are allowed when
referring to partitions within MBR slices. This
change should affect very few users.A GEOM Based Disk Encryption module has been added. It
provides denial of access to cold disks, with
four different cryptographic barriers and up to four
changeable pass-phrases. Much more information can be found
in the &man.gbde.4; manual page. The &man.gbde.8; userland
utility provides an operation and management interface to this
module. This feature is not enabled by default; it requires
options GEOM_BDE to be added to a kernel
configuration file.
This feature should be considered experimental.The ida disk driver now has crashdump
support. &merged;The iir driver has been added to support the
Intel Integrated RAID controllers, as well as prior ICP Vortex
controllers.A bug that made certain CDROM drives fail to
attach when connected to a SCSI card driven by &man.isp.4; has
been fixed. &merged;The &man.isp.4; driver is now proactive about discovering
Fibre Channel topology changes.The &man.isp.4; driver now supports target mode for Qlogic
SCSI cards, including Ultra2 and Ultra3 and dual bus
cards.The &man.isp.4; driver now supports the Qlogic 2300 and
2312 Optical Fibre Channel PCI cards. &merged;The &man.matcd.4; driver has been removed
due to breakage and licensing issues. &merged;&man.md.4;, the memory disk device, has had the
functionality of &man.vn.4; incorporated into it. &man.md.4;
devices can now be configured by &man.mdconfig.8;. &man.vn.4;
has been removed. The Memory Filesystem (MFS) has also been
removed.The mpt driver, for
supporting the LSI Logic Fusion/MP architecture Fiber Channel
controllers, has been added. &merged;The &man.mly.4; driver, for Mylex PCI to SCSI
AccelRAID and eXtremeRAID controllers with firmware 6.X and
later, has been added. &merged;The ncv, nsp, and stg drivers have been ported
from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja
SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers.
All three drivers can be built and loaded as
modules. &merged;The ofw driver, a basic OpenFirmware disk
driver, has been added.The &man.pst.4; driver, for supporting Promise
SuperTrak ATA RAID controllers, has been
added. &merged;The RAIDframe disk driver has been imported from NetBSD.
This driver provides software-based RAID 0, 1, 4, and 5
capabilities, as well as other functionality. More
information can be found in the &man.raid.4; driver manual
page. The &man.raidctl.8; utility is used to configure and
unconfigure disk arrays. This feature is not enabled by
default, and requires device raidframe to
be configured into a kernel.
This feature should be considered experimental.Some problems in &man.sa.4; error handling have been
fixed, including the tape drive spinning indefinitely
upon &man.mt.1; problem.The SCSI_DELAY configuration parameter
can now be set at boot time and runtime via the
kern.cam.scsi_delay tunable/sysctl.The trm driver has been added to support SCSI adapters
using the Tekram TRM-S1040 SCSI chipset. &merged;The &man.twe.4; 3ware ATA RAID driver has
added. &merged;The &man.wd.4; compatibility devices were removed from the
&man.ata.4; driver. &merged;FilesystemsSupport for named extended attributes has been added to the
&os; kernel. This allows the kernel, and appropriately
privileged userland processes, to tag files and directories
with attribute data. Extended attributes were added to
support the TrustedBSD Project, in particular ACLs, capability
data, and mandatory access control labels (see
/usr/src/sys/ufs/ufs/README.extattr for
details).Due to a licensing change, softupdates have been
integrated into the main portion of the kernel source tree.
As a consequence, softupdates are now available with the
GENERIC kernel. &merged;A filesystem snapshot capability has been added to FFS.
Details can be found in
/usr/src/sys/ufs/ffs/README.snapshot.When running with softupdates, &man.statfs.2; and
&man.df.1; will track the number of blocks and files that are
committed to being freed.A bug in FFS that could cause superblock corruption on
very large filesystems has been corrected. &merged;The ISO-9660 filesystem now has a hook that supports a
loadable character conversion routine. The
sysutils/cd9660_unicode
port contains a set of common conversions. &merged;&man.kernfs.5; is obsolete and has been retired.A bug in the NFS client that caused bogus access times with
O_EXCL|O_CREAT opens was
fixed. &merged;A new NFS hash function (based on the Fowler/Noll/Vo hash
algorithm) has been implemented to improve NFS performance by
increasing the efficiency of the nfsnode
hash tables. &merged;Client-side NFS locks have been implemented.The client-side and server-side of the NFS code in the
kernel used to be intertwined in various complex ways. They
have been split apart for ease of maintenance and further
development.Support for filesystem Access Control Lists (ACLs) has
been introduced, allowing more fine-grained control of
discretionary access control on files and directories. This
support was integrated from the TrustedBSD Project. More
details can be found in
/usr/src/sys/ufs/ufs/README.acls.The directory layout preference algorithm for FFS
(dirprefs) has been changed. Rather than
scattering directory blocks across a disk, it attempts to
group related directory blocks together. Operations
traversing large directory hierarchies, such as the &os; Ports
tree, have shown marked speedups. This change is transparent
and automatic for new directories. &merged;smbfs (CIFS) support in kernel has been added.
The userland programs &man.smbutil.1; and &man.mount.smbfs.8;
can be used to work with SMB shares. Note that
&man.mount.smbfs.8; will automatically load the
smbfs.ko module into the kernel, even if
LIBMCHAIN and
LIBICONV were not compiled into the kernel.
&merged;For consistency, the fdesc, fifo, null, msdos, portal,
umap, and union filesystems have been renamed to fdescfs,
fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where
applicable, modules and mount_* programs have been renamed.
Compatibility glue has been added to
&man.mount.8; so that msdos filesystem
entries in &man.fstab.5; will work without changes.pseudofs, a pseudo-filesystem framework, has been added.
&man.linprocfs.5; and &man.procfs.5; have been modified to use
pseudofs.A simple hash-based lookup optimization for large
directories called dirhash has been added.
Conditional on the
UFS_DIRHASH kernel option (enabled by
default in the GENERIC kernel), it
improves the speed of operations on very large directories at
the expense of some memory. &merged;The virtual memory subsystem now backs UFS directory
memory requirements by default (this behavior is controlled
via the vfs.vmiodirenable sysctl
variable). &merged;A bug that prevented the root filesystem from being
mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were
always supported). &merged;A number of bugs in the filesystem code, discovered
through the use of the fsx
filesystem test tool, have been fixed. Under certain
circumstances (primarily related to use of NFS), these bugs
could cause data corruption or kernel panics. &merged;Network filesystems (such as NFS and smbfs filesystems)
listed in /etc/fstab can now be properly
mounted during startup initialization; their mounts are
deferred until after the network is initialized.Read-only support for the Universal Disk Format (UDF) has
been added. This format is used on packet-written CD-RWs and
most commercial DVD-Video disks. The &man.mount.udf.8;
command can be used to mount these disks.Basic support has been added for the UFS2 filesystem.
Among the new features of UFS2:
The inode has been expanded to 256 bytes to make
space for 64-bit block pointers.A file-creation time field has been added.A native extended attributes implementation has been
added, permitting total attribute size stored on an inode
to be up to twice the filesystem block size. This storage
is used for Access Control Lists and MAC labels, but may
also be used by other system extensions and user
applications.
UFS1 remains the default on-disk format, although UFS2 can be
selected as an option in &man.newfs.8; or via the partitioning
screen in &man.sysinstall.8;. 64-bit platforms can boot from
UFS2 root filesystems.PCCARD SupportThe pccard driver and &man.pccardc.8; now
support multiple beep types upon card insertion
and removal. &merged;On many modern hosts, PCCARD devices can be configured to
route their interrupts via either the ISA or PCI interrupt
paths. The &man.pcic.4; driver has been updated to support
both interrupt paths (formerly, only routing via ISA was
supported). &merged; In most cases, configuration of PCMCIA
devices in laptops is simpler and more flexible. In addition,
various Cardbus bridge PCI cards (such as those used by
Orinoco PCI NICs) are now supported. Some hosts may
experience problems, such as hangs or panics, with PCI
interrupt routing; they can frequently be made to work by
forcing the older-style ISA interrupt routing. The following
lines, placed in /boot/loader.conf, may
fix the problem:hw.pcic.intr_path="1"
hw.pcic.irq="0"When installing &os; on such a system, typing the
following lines to the boot loader may be helpful in starting
up &os; for the first time:okset hw.pcic.intr_path="1"okset hw.pcic.irq="0"Preliminary CardBus support with NEWCARD has
been added. This code supports both 32-bit and 16-bit cards.
All CardBus bridges are supported, as well as the TI-1030
PCMCIA-PCI bridge. Other PCMCIA-PCI bridges and ISA bridges
aren't supported yet.NEWCARD is now the default PCCARD/CardBus
system in the GENERIC kernel.Multimedia SupportThe &man.pcm.4; driver now supports the ESS
Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media
fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound
card/chipsets, and has received some other updates. Separate
drivers for the SoundBlaster 8 and SoundBlaster 16 now replace
an older, unified driver. A driver for the CMedia
CMI8338/CMI8738 sound chips has been added. A driver for the
CS4281 sound chip has been added. A driver for the S3
SonicVibes chipset has been added. &merged;A driver for the Avance Logic ALS4000 has been
added. &merged;A driver for the ESS Maestro-3/Allegro has
been added, however due to licensing restrictions, it cannot
be compiled into the kernel. &merged; To use this driver, add
the following line to
/boot/loader.conf:snd_maestro3_load="YES"The VT8233 audio controller now has its own
driver to facilitate supporting all known revisions of the
hardware. It is loadable at boot time by adding
device pcm to the kernel configuration or
by adding snd_via8233="YES" to
/boot/loader.conf. Documentation to
support this work was provided by VIA. &merged;The &man.bktr.4; driver has been updated to 2.18. This
update provides a number of new features. New tuner types
have been added, and improvements to the KLD module and to
memory allocation have been made. Bugs in &man.devfs.5; when
unloading and reloading have been fixed. Support for new
Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux)
has been added. &merged;The ufm driver, supporting the D-Link DSB-R100
USB Radio, has been added. &merged;When sound modules are built, one can now load all the
drivers and infrastructure by kldload
snd. &merged;A new API has been added for sound cards with hardware
volume control.A driver for the Intel 443MX, 810, 815, and
815E integrated sound devices has been added. &merged;The via82c686 sound driver now supports the VIA
VT8233. &merged;The ich sound driver now support the SiS
7012 chipset. &merged;The ich sound driver now provides rudimentary
support for ich4 audio support. &merged;Drivers have been added to support the Direct
Rendering Infrastructure, which can used to provide 3D
acceleration within XFree86. Video
cards supported include the 3Dlabs Oxygen GMX 2000 (gammadrm),
AGP Matrox G200/G400/G450/G550 (mgadrm), 3dfx Voodoo
3/4/5/Banshee (tdfxdrm), AGI ATI Rage 128 (r128drm), and AGP
ATI Radeon (radeondrm).Contributed SoftwareThe Forth Inspired Command Language
(FICL) used in the boot loader has
been updated to 3.02.Support for Advanced Configuration and Power Interface
(ACPI), a multi-vendor standard for configuration and power
management, has been added. This functionality has been
provided by the Intel ACPI Component
Architecture project, as of the ACPI CA 20021118
snapshot. Some backward compatability for applications using
the older APM standard has been provided.IPFilterIPFilter has been updated to
3.4.29. &merged;IPFilter now supports
IPv6. &merged;isdn4bsdisdn4bsd has been updated to
version 1.0.2.The &man.ifpi.4; driver for supporting the AVM
Fritz!Card PCI controller has been added. &merged;The &man.ifpi2.4; driver for supporting the AVM
Fritz!Card PCI version 2 controller has been added. &merged;The &man.ihfc.4; driver for supporting Cologne Chip
Designs HFC devices under
isdn4bsd has been
added. &merged;The &man.itjc.4; driver for supporting NETjet-S / Teles
PCI-TJ devices under isdn4bsd has
been added. &merged;Experimental support for the Eicon.Diehl DIVA 2.0 and
2.02 ISA PnP ISDN cards has been added to the &man.isic.4;
isdn4bsd driver. &merged;The &man.isic.4; driver now supports the Compaq Microcom
610 ISDN ISA PnP card. &merged;Active CAPI-based ISDN cards manufactured by AVM are now
supported using the &man.i4bcapi.4; and the &man.iavc.4;
driver. The supported cards are the AVM B1 PCI and AVM B1
ISA Basic Rate cards and the AVM T1 Primary Rate
cards. &merged;A new maxconnecttime keyword is now
accepted in &man.isdnd.rc.5; files to limit the time a
connection may remain open. &merged;&man.isdnphone.8; now supports a
option for sending messages via the keypad facility to a PBX
or exchange office. &merged;isdn4bsd now supports Q.931
subaddressing.KAMEThe IPv6 stack is now based on a snapshot based on the
KAME Project's IPv6 snapshot as of 28 May, 2001. Most of
the items listed in this section are a result of this
import. lists userland
updates to the KAME IPv6 stack. &merged;&man.gif.4; is now based on RFC 2893, rather than RFC
1933. The IFF_LINK2 interface flag can
be used to control ingress filtering. &merged;IPsec has received some
enhancements, including the ability to use the Rijndael and
SHA2 algorithms. IPsec RC5 support has been removed due to
patent issues. &merged;&man.stf.4; now conforms to RFC 3056; the
IFF_LINK2 interface flag can be used to
control ingress filtering. &merged;IPv6 has better checking of illegal addresses (such as
loopback addresses) on physical networks. &merged;The IPV6_V6ONLY socket option is now
completely supported. The kernel's default behavior with
respect to this option is controlled by the
net.inet6.ip6.v6only sysctl
variable. &merged;RFC 3041 (Privacy Extensions for Stateless Address
Autoconfiguration) is now supported. It can be enabled via
the net.inet6.ip6.use_tempaddr sysctl
variable. &merged;Security-Related Changes&man.sysinstall.8; now allows the user to select one of two
security profiles at install-time. These
profiles enable different levels of system security by enabling
or disabling various system services in &man.rc.conf.5; on new
installs. &merged;A bug in which malformed ELF executable images can hang the
system has been fixed (see security advisory
FreeBSD-SA-00:41). &merged;A security hole in Linux emulation was fixed (see security
advisory FreeBSD-SA-00:42). &merged;String-handling library calls in many programs were fixed to
reduce the possibility of buffer overflow-related exploits.
&merged;TCP now uses stronger randomness in choosing its initial
sequence numbers (see security advisory
FreeBSD-SA-00:52). &merged;Several buffer overflows in &man.tcpdump.1; were corrected
(see security advisory FreeBSD-SA-00:61). &merged;A security hole in &man.top.1; was corrected (see security
advisory FreeBSD-SA-00:62). &merged;A potential security hole caused by an off-by-one-error in
&man.gethostbyname.3; has been fixed (see security advisory
FreeBSD-SA-00:63). &merged;A potential buffer overflow in the &man.ncurses.3; library,
which could cause arbitrary code to be run from within
&man.systat.1;, has been corrected (see security advisory
FreeBSD-SA-00:68). &merged;A vulnerability in &man.telnetd.8; that could cause it to
consume large amounts of server resources has been fixed (see
security advisory FreeBSD-SA-00:69). &merged;The nat deny_incoming command in
&man.ppp.8; now works correctly (see security advisory
FreeBSD-SA-00:70). &merged;A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files
that could allow overwriting of arbitrary user-writable files
has been closed (see security advisory
FreeBSD-SA-00:76). &merged;The &man.ssh.1; binary is no longer SUID root by
default. &merged;Some fixes were applied to the Kerberos IV implementation
related to environment variables, a possible buffer overrun, and
overwriting ticket files. &merged;&man.telnet.1; now does a better job of sanitizing its
environment. &merged;Several vulnerabilities in &man.procfs.5; were fixed (see
security advisory FreeBSD-SA-00:77). &merged;A bug in OpenSSH in which a
server was unable to disable &man.ssh-agent.1; or
X11Forwarding was fixed (see security
advisory FreeBSD-SA-01:01). &merged;A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP
segments could incorrectly be treated as being part of an
established connection has been fixed (see
security advisory FreeBSD-SA-01:08). &merged;A bug in &man.crontab.1; that could allow users to read any
file on the system in valid &man.crontab.5; syntax has been
fixed (see security advisory FreeBSD-SA-01:09). &merged;A vulnerability in &man.inetd.8; that could allow
read-access to the initial 16 bytes of
wheel-accessible files has been fixed
(see security advisory FreeBSD-SA-01:11). &merged;A bug in &man.periodic.8; that used insecure temporary files
has been corrected (see security advisory
FreeBSD-SA-01:12). &merged;OpenSSH now has code to prevent
(instead of just mitigating through connection limits) an attack
that can lead to guessing the server key (not host key) by
regenerating the server key when an RSA failure is detected (see
security advisory FreeBSD-SA-01:24). &merged;A number of programs have had output formatting strings
corrected so as to reduce the risk of
vulnerabilities. &merged;A number of programs that use temporary files now do so more
securely. &merged;A bug in ICMP that could cause an attacker to disrupt TCP and UDP
sessions has been corrected. &merged;A bug in &man.timed.8;, which caused it to crash if send
certain malformed packets, has been corrected (see security
advisory FreeBSD-SA-01:28). &merged;A bug in &man.rwhod.8;, which caused it to crash if send
certain malformed packets, has been corrected (see security
advisory FreeBSD-SA-01:29). &merged;A security hole in &os;'s FFS and EXT2FS implementations,
which allowed a race condition that could cause users to have
unauthorized access to data, has been fixed (see security
advisory FreeBSD-SA-01:30). &merged;A remotely-exploitable vulnerability in &man.ntpd.8; has
been closed (see security advisory
FreeBSD-SA-01:31). &merged;A security hole in IPFilter's
fragment cache has been closed (see security advisory
FreeBSD-SA-01:32). &merged;Buffer overflows in &man.glob.3;, which could cause
arbitrary code to be run on an FTP server, have been closed. In
addition, to prevent some forms of DOS attacks, &man.glob.3;
allows specification of a limit on the number of pathname
matches it will return. &man.ftpd.8; now uses this feature (see
security advisory FreeBSD-SA-01:33). &merged;Initial sequence numbers in TCP are more thoroughly
randomized (see security advisory FreeBSD-SA-01:39). Due to
some possible compatibility issues, the behavior of this
security fix can be enabled or disabled via the
net.inet.tcp.tcp_seq_genscheme sysctl
variable.&merged;A vulnerability in the &man.fts.3; routines (used by
applications for recursively traversing a filesystem) could
allow a program to operate on files outside the intended
directory hierarchy. This bug has been fixed (see security
advisory FreeBSD-SA-01:40). &merged;OpenSSH now switches to the
user's UID before attempting to unlink the authentication
forwarding file, nullifying the effects of a race.A flaw allowed some signal handlers to remain in effect in a
child process after being exec-ed from its parent. This allowed
an attacker to execute arbitrary code in the context of a setuid
binary. This flaw has been corrected (see security advisory
FreeBSD-SA-01:42). &merged;A remote buffer overflow in &man.tcpdump.1; has been fixed
(see security advisory FreeBSD-SA-01:48). &merged;A remote buffer overflow in &man.telnetd.8; has been fixed
(see security advisory FreeBSD-SA-01:49). &merged;The new net.inet.ip.maxfragpackets and
net.inet.ip6.maxfragpackets sysctl variables
limit the amount of memory that can be consumed by IPv4 and IPv6
packet fragments, which defends against some denial of service
attacks (see security advisory
FreeBSD-SA-01:52). &merged;All services in inetd.conf are now
disabled by default for new installations. &man.sysinstall.8;
gives the option of enabling or disabling &man.inetd.8; on new
installations, as well as editing
inetd.conf. &merged;A flaw in the implementation of the &man.ipfw.8;
me rules on point-to-point links has been
corrected. Formerly, me filter rules would
match the remote IP address of a point-to-point interface in
addition to the intended local IP address (see security advisory
FreeBSD-SA-01:53). &merged;A vulnerability in &man.procfs.5;, which could allow a
process to read sensitive information from another process's
memory space, has been closed (see security advisory
FreeBSD-SA-01:55). &merged;The PARANOID hostname checking in
tcp_wrappers now works as advertised
(see security advisory FreeBSD-SA-01:56). &merged;A local root exploit in &man.sendmail.8; has been closed
(see security advisory FreeBSD-SA-01:57). &merged;A remote root vulnerability in &man.lpd.8; has been closed
(see security advisory FreeBSD-SA-01:58). &merged;A race condition in &man.rmuser.8; that briefly exposed a
world-readable /etc/master.passwd has been
fixed (see security advisory FreeBSD-SA-01:59). &merged;A vulnerability in UUCP has been
closed (see security advisory FreeBSD-SA-01:62). All
non-root-owned binaries in standard system
paths now have the schg flag set to prevent
exploit vectors when run by &man.cron.8;, by
root, or by a user other then the one owning
the binary. In addition, &man.uustat.1; is now run via
/etc/periodic/daily/410.status-uucp as
uucp, not root. In
&os; -CURRENT, UUCP has since been
moved to the Ports Collection and no longer a part of the base
system. &merged;A security hole in the form of a buffer overflow in the
&man.semop.2; system call has been closed. &merged;A security hole in OpenSSH, which
could allow users to execute code with arbitrary privileges if
UseLogin yes was set, has been closed. Note
that the default value of this setting is
UseLogin no. (See security advisory
FreeBSD-SA-01:63.) &merged;The use of an insecure temporary directory by
&man.pkg.add.1; could permit a local attacker to modify the
contents of binary packages while they were being installed.
This hole has been closed. (See security advisory
FreeBSD-SA-02:01.) &merged;A race condition in &man.pw.8;, which could expose the
contents of /etc/master.passwd, has been
eliminated. (See security advisory FreeBSD-SA-02:02.)
&merged;A bug in &man.k5su.8; could have allowed a process that had
given up superuser privileges to regain them. This bug has been
fixed. (See security advisory FreeBSD-SA-02:07.)
&merged;An off-by-one bug has been fixed in
OpenSSH's multiplexing code. This bug
could have allowed an authenticated remote user to cause
&man.sshd.8; to execute arbitrary code with superuser
privileges, or allowed a malicious SSH server to execute arbitrary
code on the client system with the privileges of the client user. (See security
advisory FreeBSD-SA-02:13.)
&merged;A programming error in zlib could
result in attempts to free memory multiple times. The
&man.malloc.3;/&man.free.3; routines used in &os; are not
vulnerable to this error, but applications receiving
specially-crafted blocks of invalid compressed data could
be made to function incorrectly or abort. This
zlib bug has been fixed. For a
workaround and solutions, see security advisory FreeBSD-SA-02:18.
&merged;Bugs in the TCP SYN cache (syncache) and SYN
cookie (syncookie) implementations, which could
cause legitimate TCP/IP traffic to crash a machine, have been
fixed. For a workaround and patches, see security advisory
FreeBSD-SA-02:20.
&merged;A routing table memory leak, which could allow a remote
attacker to exhaust the memory of a target machine, has been
fixed. A workaround and patches can be found in security
advisory FreeBSD-SA-02:21.
&merged;A bug with memory-mapped I/O, which could cause a system
crash, has been fixed. For more information about a solution,
see security advisory
FreeBSD-SA-02:22.
&merged;A security hole, in which SUID programs could be made to
read from or write to inappropriate files through manipulation
of their standard I/O file descriptors, has been fixed.
Information regarding a solution can be found in security
advisory
FreeBSD-SA-02:23.
&merged;Some unexpected behavior could be allowed with &man.k5su.8;
because it does not require that an invoking user be a member of
the wheel group when attempting to become
the superuser (this is the case with &man.su.1;). To avoid this
situation, &man.k5su.8; is now installed non-SUID by default
(effectively disabling it). More information can be found in
security advisory
FreeBSD-SA-02:24.
&merged;Multiple vulnerabilities were found in the &man.bzip2.1;
utility, which could allow files to be overwritten without
warning or allow local users unintended access to files. These
problems have been corrected with a new import of
bzip2. For more information, see
security advisory
FreeBSD-SA-02:25.
&merged;A bug has been fixed in the implementation of the TCP SYN
cache (syncache), which could allow a remote
attacker to deny access to a service when accept filters
(see &man.accept.filter.9;) were in use. This bug has been
fixed; for more information, see security advisory
FreeBSD-SA-02:26.
&merged;Due to a bug in &man.rc.8;'s use of shell globbing, users
may be able to remove the contents of arbitrary files if
/tmp/.X11-unix does not exist and the
system can be made to reboot. This bug has been corrected (see
security advisory
FreeBSD-SA-02:27.
&merged;A buffer overflow in the resolver, which could be exploited
by a malicious domain name server or an attacker forging DNS
messages, has been fixed. See security advisory FreeBSD-SA-02:28
for more details. &merged;A buffer overflow in &man.tcpdump.1;, which could be triggered by
badly-formed NFS packets, has been fixed. See security advisory
FreeBSD-SA-02:29
for more details. &merged;&man.ktrace.1; can no longer trace the operation of formerly
privileged processes; this prevents the leakage of sensitive
information that the process could have obtained before
abandoning its privileges. For a discussion of this issue, see
security advisory
FreeBSD-SA-02:30
for more details. &merged;A race condition in &man.pppd.8;, which could be used to
change the permissions of an arbitrary file, has been corrected.
For more information, see security advisory FreeBSD-SA-02:32.
&merged;Multiple buffer overflows in
OpenSSL have been corrected, by way
of an upgrade to the base system version of
OpenSSL. More details can be found
in security advisory FreeBSD-SA-02:33.
&merged;A heap buffer overflow in the XDR decoder has been fixed.
For more details, see security advisory FreeBSD-SA-02:34.
&merged;A bug that could allow local users to read and write
arbitrary blocks on an FFS filesystem has been corrected. More
details can be found in security advisory FreeBSD-SA-02:35.
&merged;A bug in the NFS server code, which could allow a remote
denial of service attack, has been fixed. Security advisory FreeBSD-SA-02:36
has more details. &merged;A bug that could allow local users to panic a system using
the &man.kqueue.2; mechanism has been fixed. More information
is contained in security advisory FreeBSD-SA-02:37.
&merged;Several bounds-checking bugs in system calls, which could
result in some system calls returning a large portion of kernel
memory, have been fixed. More information can be found in
security advisory FreeBSD-SA-02:38.
&merged;A bug that could allow applications using
libkvm to leak sensitive file descriptors
has been corrected. (See security advisory FreeBSD-SA-02:39
for more details.)
&merged;Buffer overflows in kadmind(8) and k5admin have been
corrected. More details can be found in security advisory FreeBSD-SA-02:40.
&merged;Errors in &man.smrsh.8;, which could allow users to circumvent
restrictions on what programs can be executed, have been fixed.
See FreeBSD-SA-02:41
for details.
&merged;Buffer overflows in the DNS &man.resolver.3;, which could
cause some applications to fail, have been corrected. More
details are in FreeBSD-SA-02:42.
&merged;Multiple vulnerabilities in BIND
have been fixed, as described in FreeBSD-SA-02:43.
&merged;Userland ChangesSupport for creating &man.a.out.5; format executables with
the base system compiler toolchain has been removed.&man.adduser.8; and &man.rmuser.8; are now &man.sh.1;
scripts, rather than Perl scripts.If the first argument to &man.ancontrol.8; or
&man.wicontrol.8; doesn't start with a -, it
is assumed to be an interface. &merged;&man.apmd.8; now has the ability to monitor battery levels
and execute commands based on percentage or minutes of battery
life remaining via the apm_battery
configuration directive. See the commented-out examples in
/etc/apmd.conf for the
syntax. &merged;&man.arp.8; now prints the applicable interface name for
each ARP entry. &merged;&man.arp.8; now prints [fddi] or
[atm] tags for addresses on interfaces of
those types.The &man.asa.1; utility, to interpret FORTRAN
carriage-control characters, has been added.&man.at.1; now supports the command-line
option to remove jobs and the option to
specify times in POSIX time format.&man.atacontrol.8; has been added to control various aspects
of the &man.ata.4; driver. &merged;The system &man.awk.1; now refers to
BWK awk.&man.basename.1; now accept and
flags, which allow it to perform the
&man.basename.3; function on multiple files.&man.biff.1; now accepts a argument to
enable bell notification of new mail (which does
not disturb the terminal contents as biff y
would). &merged;&man.biff.1; now uses the first terminal associated with the
standard input, standard output or standard error file
descriptor, in that order. Thus, it is possible to use the
redirection facilities of a shell (biff n <
/dev/ttyp1) to toggle the notification for other
terminals.&man.boot98cfg.8;, a PC-98 boot manager
installation and configuration utility, has been
added. &merged;&man.burncd.8; now supports a option for
multisession mode (the default behavior now is to close disks as
single-session). A option to take a list of
image files from a filename was also added;
- can be used as a filename for
stdin. &merged;&man.burncd.8; now supports Disk At Once (DAO) mode,
selectable via the flag. &merged;&man.burncd.8; now has the ability to write VCDs/SVCDs. &merged;&man.burncd.8; now accepts a value of max
for its option to set the drive's maximum
write speed. &merged;&man.bzgrep.1;, &man.bzegrep.1;, and &man.bzfgrep.1;
have been added to perform &man.grep.1;-type operations on
&man.bzip2.1;-compressed files.&man.c89.1; has been converted from a shell script to a
binary executable, fixing some minor bugs. &merged;&man.calendar.1; now takes a option,
which operates similar to but without
special treatment at weekends, and a option
to change the notion of Friday.A minimalized version of &man.camcontrol.8; is
now available on the installation floppy. This allows it to
rescan for devices that have been connected after booting, or to
show the devices attached to SCSI busses (e. g. from within the
emergency holographic shell). &merged;&man.cat.1; now has the ability to read from UNIX-domain
sockets. &merged;&man.catman.1; is now a C program, instead of a
Perl script.&man.cdcontrol.1; now supports a cdid
command, which calculates and displays the CD serial number,
using the same algorithm used by the CDDB
database. &merged;&man.cdcontrol.1; now uses the CDROM
environment variable to pick a default device. &merged;&man.cdcontrol.1; now supports next and
prev commands to skip forwards or backwards a
specified number of tracks while playing an audio
CD. &merged;&man.cdcontrol.1; now supports a
speed command to set the maximum speed to be
used by the drive (the maximum possible speed can be selected
setting the speed to max). &merged;A &man.check.utility.compat.3; library function has been
added to libc, to determine
whether certain &os; base system utilities should behave in &os; 4-compatible mode
or in a standard mode (default standard). The
configuration is done &man.malloc.3;-style, with either an
environment variable or a symbolic link.&man.chflags.1; has moved from /usr/bin
to /bin.&man.chio.1; now has the ability to specify elements by
volume tag instead of by their physical location as well as the
ability to return an element to its previous
location. &merged;&man.chmod.1; now supports a for
changing the mode of a symbolic link.&man.chmod.1; now also, when the mode is modified, prints
the old and new modes if the option is
specified more than once.&man.chown.8; now correctly follows symbolic links named as
command line arguments if run without
. &merged;&man.chown.8; no longer takes . as a
user/group delimeter. This change was made to support usernames
containing a . character.Use of the CSMG_* macros no longer
require inclusion of
<sys/param.h>&man.col.1; now takes a flag to force
unknown control sequences to be passed through
unchanged. &merged;The compat3x distribution has been
updated to include libraries present in &os;
3.5.1-RELEASE. &merged;A compat4x distribution has been added
for compatibility with &os; 4-STABLE.&man.config.8; is now better about converting various
warnings that should have been errors into actual fatal errors
with an exit code. This ensures that make
buildkernel doesn't quietly ignore them and build a
bogus kernel without a human to read the errors. &merged;A number of buffer overflows in &man.config.8; have been
fixed. &merged;&man.cp.1; now takes a (nonstandard)
option to automatically answer no when it would
ask to overwrite a file. &merged;A new &man.csplit.1; utility, which splits files based on
context, has been added.&man.ctags.1; no longer creates a corrupt tags file if the
source file used // (C++-style)
comments. &merged;&man.ctags.1; now creates tags for typedefs, structs,
unions, and enums by default (implying the
option). The new reverts to the old
behavior.The &man.daemon.8; program, a command-line interface to
&man.daemon.3;, has been added. It detaches itself from its
controlling terminal and executes a program specified on the
command line. This allows the user to run an arbitrary program
as if it were written to be a daemon. &merged;The &man.devd.8; utility, a userland daemon that can run
arbitrary commands when devices come and go in the device tree,
has been added. This program is a generalization of some of the
functionality of &man.pccardd.8;.
&man.devd.8; is a work in progress.&man.devinfo.8;, a simple tool to print the device tree and resource
usage by devices, has been added.&man.df.1; now takes a option to only
display information about locally-mounted
filesystems. &merged;&man.disklabel.8; now supports partition sizes expressed in
kilobytes, megabytes, or gigabytes, in addition to
sectors. &merged;diskpart(8) has been declared obsolete, and has been
removed.&man.dmesg.8; now has a option to show
the entire message buffer, including &man.syslogd.8; records and
/dev/console output. &merged;&man.du.1; now takes a command-line flag
to ignore/skip files and subdirectories matching a specified
shell-glob mask. &merged;&man.dump.8; now supports inheritance of the
nodump flag down a hierarchy. &merged;&man.dump.8; now supports a flag for
dumping live UFS and UFS2 filesystems safely. To obtain a
consistent dump image, &man.dump.8; takes a snapshot of the
filesystem and performs the dump on the snapshot. The snapshot
is removed when the dump is complete.The option to &man.dump.8; no longer
swallows an extra argument. &merged;&man.dump.8; has a new option, allowing
the path to the /etc/dumpdates file to be
changed. &merged;&man.dump.8; now supplies progress information in its
process title, useful for monitoring automated
backups. &merged;&man.dump.8; now supports a new flag to allow
it to just print out the dump size estimates and exit. &merged;&man.edquota.8; now takes a option to
allow limiting the prototype quota distribution (specified with
) to a single filesystem. &merged;/etc/rc.firewall and
/etc/rc.firewall6 will no longer add their own
hardcoded rules in the cases of a rules file in the
firewall_type variable or a non-existent
firewall type. (The motivation for this change is to avoid
acting on assumptions about a site's firewall policies.) In
addition, the closed firewall type now works
as documented in the &man.rc.firewall.8; manual page. &merged;The functionality of /etc/security has
been been moved into a set of scripts under the &man.periodic.8;
framework, to make local customization easier and more
maintainable. These scripts now reside in
/etc/periodic/security/. &merged;&man.expr.1; is now compliant with POSIX.2-1992 (and thus
also with POSIX.1-2001). Some program depend on the old,
historic behavior and do not properly protect their arguments to
keep them from being misinterpreted as command-line options.
(the devel/libtool
port/package, used by many GNU programs, is a notable example).
The old behavior can be requested by enabling compatibility mode
for &man.expr.1; as described in
&man.check.utility.compat.3;.&man.fbtab.5; now accepts glob matching patterns for target
devices, not just individual devices and directories.&man.fdisk.8; no longer attempts to search for a
device if none has been specified on the command line, but
instead tries to figure out the default device name from the
root device.&man.fdread.1;, a program to read data from floppy disks,
has been added. It is a counterpart to &man.fdwrite.1; and is
designed to provide a means of recovering at least some data
from bad media, and to obviate the need for a complex invocation of
&man.dd.1;.&man.find.1; now takes the flag,
which returns true if a file or directory is
empty. &merged;&man.find.1; now takes the and
primaries for case-insensitive matches,
and the and
primaries for regular-expression matches. The
flag now enables extended regular
expressions. &merged;&man.find.1; now has the ,
, ,
, and
primaries for comparisons of file timestamps. The latter
primaries can be specified with various units of
time. &merged;&man.finger.1; now has the ability to support fingering
aliases, via the &man.finger.conf.5; file. &merged;&man.finger.1; now has support for a
.pubkey file. &merged;&man.finger.1; now supports a flag to
restrict the printing of GECOS information to the user's full
name only. &merged;&man.finger.1; now supports the and
flags to specify an address family for
remote queries. &merged;&man.fmt.1; has been rewritten; the rewrite fixes a number
of bugs compared to its prior behavior. &merged;&man.fmtcheck.3;, a function for checking consistency of
format string arguments, has been added. &merged;&man.fold.1; now supports a flag to
break at byte positions and a flag to break at
word boundaries. &merged;&man.fsdb.8; now supports a blocks
command to list the blocks allocated by a particular
inode. &merged;&man.fsck.8; wrappers have been imported; this feature
provides infrastructure for &man.fsck.8; to work on different
types of filesystems (analogous to &man.mount.8;).The behavior of &man.fsck.8; when dealing with various
passes (a la /etc/fstab) has been modified
to accommodate multiple-disk filesystems.&man.fsck.8; now has support for foreground
() and background ()
checks. Traditionally, &man.fsck.8; is invoked before the
filesystems are mounted and all checks are done to completion at
that time. If background checking is available, &man.fsck.8; is
invoked twice. It is first invoked at the traditional time,
before the filesystems are mounted, with the
flag to do checking on all the filesystems that cannot do
background checking. It is then invoked a second time, after
the system has completed going multiuser, with the
flag to do checking on all the filesystems
that can do background checking. Unlike the foreground
checking, the background checking is started asynchronously so
that other system activity can proceed even on the filesystems
that are being checked. Boot-time enabling of this feature is
controlled by the
background_fsck option in &man.rc.conf.5;.Shortly after the receipt of a SIGINFO
signal (normally control-T from the controlling tty),
&man.fsck.ffs.8; will now output a line indicating the current
phase number and progress information relevant to the current
phase. &merged;&man.fsck.ffs.8; now supports background filesystem checks
to mounted FFS filesystems with the option
(softupdates must be enabled on these filesystems). The
flag now determines whether a specified
filesystem needs foreground checking.A new &man.fsck.msdosfs.8; utility has been added to check
the consistency of MS-DOS filesystems. &merged;&man.ftpd.8; now supports a flag for
read-only mode and a flag to disable
EPSV. It also has some fixes to reduce
information leakage and the ability to specify compile-time port
ranges. &merged;&man.ftpd.8; now supports the option
to permit guest users to modify existing files if allowed
by filesystem permissions.
In particular, this enables guest users to resume uploads.
&merged;&man.ftpd.8; now supports the option
to prevent guest users from creating directories.
&merged;&man.ftpd.8; now supports and
options to disable the
RETR command; the former for everybody, and
the latter only for guest users. Coupled with
and appropriate file permissions, these can
be used to create a relatively safe anonymous FTP drop box for
others to upload to. &merged;&man.ftpd.8; now supports the option
to disable logging FTP sessions to &man.wtmp.5;. &merged;&man.gdb.1; now supports hardware
watchpoints (using the kernel's debug register + support that
has been introduced in &os; 4.0). &merged;The &man.getconf.1; utility has been added. It prints the
values of POSIX or X/Open path or system configuration
variables. &merged;The &man.getprogname.3; and &man.setprogname.3; library
functions have been added to manipulate the name of the current
program. They are used by error-reporting routines to produce
consistent output. &merged;gifconfig(8) is obsolete and has been removed. Its
functionality is now handled by the and
commands of
&man.ifconfig.8;.&man.gprof.1; now has a option to enable
dynamic symbol resolution from the currently-running kernel.
With this change, properly-compiled KLD modules are now able to
be profiled.The gpt tool for manipulating EFI GPT
partitions has been added.&man.growfs.8;, a utility for growing FFS filesystems, has
been added. &man.ffsinfo.8;, a utility for dump all the
meta-information of an existing filesystem, has also been
added. &merged;The &man.groups.1; and &man.whoami.1; shell scripts are now
unnecessary; their functionality has been completely folded into
&man.id.1;. &merged;The ibcs(8), linux(8), osf1(8), and
svr4(8) scripts, whose sole purpose was to load emulation
kernel modules, have been removed. The kernel module system
will automatically load them as needed to fulfill
dependencies.&man.indent.1; has gained some new formatting
options. &merged;&man.ifconfig.8; can set the link-layer address of
an interface using the parameter.
&merged;&man.ifconfig.8; can now accept addresses in slash/CIDR
notation. &merged;&man.ifconfig.8; now has support for setting parameters for
IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4;
devices are supported, and partial support is provided for
&man.awi.4; devices. &merged;&man.ifconfig.8; no longer displays the list of supported
media by default. Instead it displays it when the
flag is given. &merged;&man.ifconfig.8; now has the ability to set promiscuous mode
on an interface, via the new
flag. &merged;&man.ifconfig.8; now supports a monitor
interface flag, which blocks transmission of packets on that
interface. This feature is useful for monitoring network traffic
without interacting with the network in question.The syntax of &man.inetd.8;'s support for &man.faithd.8; is
now compatible with that of other BSDs. &merged;The ident protocol support in
&man.inetd.8; has been cleaned up and updated. &merged;&man.inetd.8; now has the ability to manage UNIX-domain
sockets. &merged;By default, &man.inetd.8; is no longer run by &man.rc.8; at
boot-time, although &man.sysinstall.8; gives the option of
enabling it during binary installations. &man.inetd.8; can also
be enabled by adding the following line to
/etc/rc.conf:inetd_enable="YES"&man.inetd.8; now has the capability for limiting the
maximum number of simultaneous invocations of each service from
a single IP address. &merged;&man.install.1; has a number of new features, including the
and options for backing up
existing target files and the option for
safe (atomic copy) operation. The
(copy) flag is now the default, and the
(debugging) flag has been withdrawn.
&man.install.1; now issues a warning if
(create directories) and (copy changed files
only) are used together. &merged;IP Filter is now supported by the &man.rc.conf.5; boot-time
configuration and initialization. &merged;&man.ipfstat.8; now supports the option
to turn on a &man.top.1;-like display. &merged;&man.ipfw.8; will now avoid the display of dynamic firewall
rules unless the flag is passed to it. The
option lists expired dynamic
rules. &merged;&man.ipfw.8; has a new feature (me) that
allows for packet matching on interfaces with
dynamically-changing IP addresses. &merged;&man.ipfw.8; has a new limit type of
firewall rule, which limits the number of sessions between
address pairs. &merged;&man.ipfw.8; filter rules can now match on the value of the
IPv4 precedence field.&man.ip6fw.8; now has the ability to use a preprocessor and
use the (quiet) flag when reading from a
file. &merged;&man.ispppcontrol.8; has been deleted, and its functionality
has been folded into &man.spppcontrol.8;. &merged;&man.k5su.8; is no longer installed SUID
root by default. Users requiring this
feature can either manually change the permissions on the
&man.k5su.8; executable or add
ENABLE_SUID_K5SU=yes to
/etc/make.conf before a source
upgrade. &merged;&man.kbdmap.1; and &man.vidfont.1; have been converted from
Perl to C.&man.kenv.1;, a command to dump the kernel environment, has
been added. &merged;&man.kenv.1; now has the ability to set or delete kernel
environment variables.&man.keyinfo.1; is now a C program, rather than a Perl
script. &merged;The kget(8) utility has been removed (it was only
useful for UserConfig, which is not present in &os;
&release.current;).&man.killall.1; is now a C program, rather than a Perl
script. As a result, its option now uses
the regular expression syntax of &man.regex.3;, rather than that
of Perl. &merged;&man.killall.1; no longer tries to kill zombie processes
unless the flag is specified.The &man.kldconfig.8; utility has been added to make it
easier to manipulate the kernel module search
path. &merged;&man.ktrdump.8;, a utility to dump the ktr trace buffer from
userland, has been added.&man.last.1; now implements a that
provides a snapshot of who was logged in at a
particular date and time. &merged;&man.last.1; now supports a flag, which
causes the year to be included in the session start time. &merged;The &man.lastlogin.8; utility, which prints the last login
time of each user, has been imported from
NetBSD. &merged;&man.ldconfig.8; now checks directory ownerships and
permissions for greater security; these checks can be disabled
with the flag. &merged;&man.ldd.1; can now be used on shared libraries, in addition
to executables. &merged;&man.ldd.1; now supports a flag to list
all the objects that are needed by each loaded object.libc is now thread-safe by default;
libc_r contains only thread
functions.libcrypt and
libdescrypt have been unified to provide a
configurable password authentication hash library. Both the md5
and des hash methods are provided unless the des hash is
specifically compiled out. &merged;libcrypt now has support for Blowfish
password hashing. &merged;libdisk can now do
install-time configuration of the boot0
boot loader. &merged;libstand now has support for
filesystems containing
bzip2-compressed
files. &merged;libstand now has support for
overwriting the contents of a file on a UFS filesystem (it
cannot expand or truncate files because the filesystem may be
dirty or inconsistent).libstand now has support for loading
large kernels and modules split across several physical
media. &merged;The default TCP port range used by
libfetch for passive FTP retrievals has
changed; this affects the behavior of &man.fetch.1;, which has
gained the option to restore the old
behavior. &merged;libfetch now has support for an
authentication callback. &merged;libfetch now has support for a
HTTP_USER_AGENT environment
variable. &merged;libgmp has been superceded by
libmp.
The functions from libposix1e have been
integrated into libc.libusb has been renamed as
libusbhid, following NetBSD's naming
conventions. &merged;&man.ln.1; now takes an option to
request user confirmation before overwriting an existing
file. &merged;&man.ln.1; now takes a flag to avoid
following a target that is a link, with a
flag for compatibility with other
implementations. &merged;&man.lock.1; now accepts a to disable
switching VTYs while the current terminal is locked. This permits
locking the entire console from a single terminal. &merged;&man.logger.1; can now send messages directly to a remote
syslog. &merged;&man.login.1; now exports environment variables set by
PAM modules. &merged;&man.lpc.8; has been improved; lpc clean
is now somewhat safer, and a new lpc tclean
command has been added to check to see what files would be
removed by lpc clean. lpc
topq has been reimplemented, and now allows for a much
more flexible specification of which jobs should be moved (such
as a range of job numbers, or a hostname). An lpc
bottomq command has been added to move jobs to the
bottom of a print queue, and a new lpc
setstatus command can be used to set a printer's
status message. &merged;&man.lpd.8; now takes two new options:
will log all connection errors to &man.syslogd.8;, while
will allow connections from non-reserved
ports. &merged;&man.lpd.8; now has some support for
o-type print-file actions in its control
files, which allows printing of PostScript files generated by
MacOS 10.1. &merged;&man.lpd.8; now recognizes the flag as
the preferred synonym for (these flags
cause &man.lpd.8; not to open a socket for network print
jobs). &merged;&man.lpd.8; now implements a new rc
printcap option. When specified in a print queue for a remote
host, boolean option causes &man.lpd.8; to resend the data file
for each copy the user requested via lpr
-#n. &merged;Catching up with most other network utilities in the base
system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and
&man.logger.1; are now all IPv6-capable. &merged;lprm - now works for remote printer
queues. &merged;&man.ls.1; can produce colorized listings with the
flag (and appropriate terminal support).
The CLICOLOR environment variable can be set to
enable colorized listings by default. &merged;&man.ls.1; now accepts a flag, which
when combined with the flag, causes file
sizes to be printed with unit suffixes, such that the number of
digits printed is fewer than four. &merged;The &man.ls.1; program now supports a
flag to list files across a page, a flag to
force printing of a / after directories, and
a flag to sort filenames across a
page. &merged;&man.m4.1; now accepts a flag to cause
it to emit #line directives for use by
&man.cpp.1;. &merged;&man.mail.1; now takes a flag to avoid
sending messages with empty bodies. &merged;&man.make.1; has gained the :C///
(regular expression substitution), :L
(lowercase), and :U (uppercase) variable
modifiers. These were added to reduce the differences between
the &os; and OpenBSD/NetBSD &man.make.1; programs.
&merged;Bugs in &man.make.1;, among which include broken null suffix
behavior, bad assumptions about current directory permissions,
and potential buffer overflows, have been fixed. &merged;The new CPUTYPEmake.conf variable controls the compilation
of processor-specific optimizations in various pieces of code
such as OpenSSL. &merged;The &os; Makefile infrastructure now
supports the WARNS directive from NetBSD.
This directive controls the addition of compiler warning flags
to CFLAGS in a relatively compiler-neutral
manner. &merged;&man.makewhatis.1; is now a C program, instead of a
Perl script.&man.man.1; is no longer installed SUID
man, in order to reduce vulnerabilities
associated with generating catpages (preformatted
manual pages cached for repeated viewing). As a result,
&man.man.1; can no longer create system catpages on a regular
user's behalf. It is still able to do so if the user has write
permissions to the directory holding catpages (e.g. a user's own
manpages) or if the running user is
root.The mca utility, for decoding machine check
records, has been added.The &man.mdmfs.8; command has been added; it is a wrapper
around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and
&man.mount.8; that mimics the command line option set of the
deprecated &man.mount.mfs.8;.&man.mergemaster.8; now sources an
/etc/mergemaster.rc file and also prompts
the user to run recommended commands (such as
newaliases) as needed. &merged;&man.mergemaster.8; now supports two new flags.
The flag enables a
pre-buildworld mode to files
known to be essential to the success of the
buildworld and
installworld system updating steps. The
flag, used after a successful
&man.mergemaster.8; run, compares options in
/etc/rc.conf to the default options in
/etc/defaults/rc.conf. &merged;&man.mesg.1; now conforms to SUSv3. Among other things, it
now uses the first terminal associated with the standard input,
standard output or standard error file descriptor, in that order.
Thus, it is possible to use the redirection facilities of a shell
(mesg n < /dev/ttyp1) to control write access
for other terminals.mk_cmds(1) and the associated
libss have been removed; they have been
unused for quite some time. &merged;&man.mountd.8; and &man.nfsd.8; have moved from
/sbin to /usr/sbin.&man.moused.8; now takes a option to
control mouse acceleration. &merged;&man.mtree.8; now includes support for a file that lists
pathnames to be excluded when creating and verifying prototypes.
This makes it easier to use &man.mtree.8; as a part of an
intrusion-detection system. &merged;&man.mv.1; now takes a (nonstandard) option to
automatically answer no when it would ask to
overwrite a file. &merged;&man.natd.8; now supports a
option to log packets that
cannot be re-injected because they are blocked by &man.ipfw.8;
rules. &merged;The in use percentage metric displayed by
&man.netstat.1; now really reflects the percentage of network
mbufs used. &merged;&man.netstat.1; now has a flag that
tells it not to truncate addresses, even if they're too long for
the column they're printed in. &merged;&man.netstat.1; now keeps track of input and output packets
on a per-address basis for each interface. &merged;&man.netstat.1; now has a flag to reset
statistics. &merged;&man.netstat.1; now has a flag to print
address numerically but port names symbolically. &merged;&man.newfs.8; now implements write combining, which can make
creation of new filesystems up to seven times
faster. &merged;&man.newfs.8; now takes a option to
enable softupdates on a new filesystem. &merged;The default number of cylinders per group in &man.newfs.8;
is now computed to be the maximum allowable given the current
filesystem parameters. It can be overridden with the
option. Formerly, the default was fixed at
16. This change leads to better &man.fsck.8; performance and
reduced fragmentation. &merged;The default block and
fragment sizes for new filesystems created by &man.newfs.8; are
now 16384 and 2048 bytes, respectively (the old defaults were
8192 and 1024 bytes). This change generally provides increased
performance, at the expense of some wasted disk
space. &merged;A number of archaic features of &man.newfs.8; have been
removed; these implemented tuning features that are essentially
useless on modern hard disks. These features were controlled by
the , ,
, , ,
, , ,
and flags.&man.newfs.8; now supports a flag to
select the creation of UFS1 or UFS2 filesystems.The &man.newgrp.1; utility to change to a new group has been
added.&man.newsyslog.8; now compresses log files
using &man.bzip2.1; by default. (The former behavior of using
&man.gzip.1; can be specified in
/etc/newsyslog.conf.)The &man.nextboot.8; utility has been added to specify an
alternate kernel and/or boot flags to be used the next time the
machine is booted. A previous incarnation of this feature
first appeared in &os; 2.2.NFS now works over IPv6.&man.ngctl.8; now supports a command
to send a data packet down a given hook. &merged;&man.nice.1; now uses the option to
specify the niceness of the utility being
run. &merged;&man.nl.1;, a line numbering filter program, has been
added. &merged;nsswitch support has been merged
from NetBSD. By creating an &man.nsswitch.conf.5; file, &os;
can be configured so that various databases such as
&man.passwd.5; and &man.group.5; can be looked up using flat
files, NIS, or Hesiod. If /etc/nsswitch.conf
does not exist, it will be automatically generated from an existing
/etc/hosts.conf at system startup time. The
/etc/hosts.conf file may be used by old
executables; it will be automatically generated from
an existing /etc/nsswitch.conf during
system startup if it exists.&man.od.1; now supports the option to
specify the input address base, the option to
specify the number of bytes to dump, the
option to specify the number of bytes to skip, the
option to output signed decimal shorts, and
the option to specify output type. &merged;The &man.ofwdump.8; utility has been added to
examine the OpenFirmware device tree.PAM support has been added for
account management and sessions.PAM configuration is now
specified by files in /etc/pam.d/, rather
than a single /etc/pam.conf file.
/etc/pam.d/README has more details.A &man.pam.echo.8; echo service module has been added.A &man.pam.exec.8; program execution service module has been
added.A &man.pam.ftp.8; module has been added to allow
authentication of anonymous FTP users.A &man.pam.ftpusers.8; module has been added to perform
checks against the &man.ftpusers.5; file.A &man.pam.ksu.8; module has been added to do Kerberos 5
authentication and $HOME/.k5login
authorization for &man.su.1;.A &man.pam.lastlog.8; module has been added to record
sessions in the &man.utmp.5;, &man.wtmp.5;, and &man.lastlog.5;
databases.A &man.pam.login.access.8; module has been added, to allow
checking against /etc/login.access.The &man.pam.nologin.8; module, which can disallow logins
using &man.nologin.5;, has been added.The &man.pam.opie.8; and &man.pam.opieaccess.8; modules have
been added to control authentication via &man.opie.4;. &merged;A &man.pam.passwdqc.8; module has been added, to check the
quality of passwords submitted during password changes.A &man.pam.rhosts.8; module has been added to support
&man.rhosts.5; authentication.The &man.pam.rootok.8; module, which can be used to
authenticate only the superuser, has been added.A &man.pam.securetty.8; module has been added to check the
security of a TTY, as listed in &man.ttys.5;.A &man.pam.self.8; module, which allows self-authentication
of a user, has been added.A &man.pam.ssh.8; module has been added to allow the use of
SSH passphrases and keypairs for authentication. This module
also handles session management by invoking
&man.ssh-agent.1;. &merged;A &man.pam.wheel.8; module has been added to permit
authentication to members of a group, which defaults to
wheel.&man.passwd.1; and &man.pw.8; now select the password hash
algorithm at run time. See the passwd_format
attribute in
/etc/login.conf. &merged;&man.patch.1; now accepts a command-line
flag to read a patch from a file, rather than standard
input. &merged;The &man.pathchk.1; utility, which checks pathnames for
validity or portability between POSIX systems, has been
added. &merged;&man.pax.1; has received a number of enhancements, including
&man.cpio.1; functionality, &man.tar.1; compatibility
enhancements, and flags
for &man.gzip.1; and &man.compress.1; functionality, and a
number of bug fixes. &merged;&man.pciconf.8; now supports a option to
display the vendor/device information of configured devices, in
conjunction with the option. The default
vendor/device database can be found at
/usr/share/misc/pci_vendors. &merged;The behavior of &man.periodic.8; is now controlled by
/etc/defaults/periodic.conf and
/etc/periodic.conf. &merged;&man.ping.8; now supports a option to
set the TTL of outgoing packets. &merged;&man.ping.8; now supports a option to
beep when packets are lost. &merged;&man.ping.8; now supports a flag to exit
after receiving a reply.Userland &man.ppp.8; has received a number of updates and
bug fixes. &merged;&man.ppp.8; has gained the tcpmssfixup
option, which adjusts outgoing and incoming TCP SYN packets so
that the maximum receive segment size is no larger than allowed
by the interface MTU. &merged;&man.ppp.8; now supports IPv6. &merged;&man.pppd.8; (the control program for kernel-level PPP) is
now installed mode 4550 and
root:dialer,
rather than mode 4555 (in other words, it is
no longer world-executable). Users of &man.pppd.8; may need to
change their group settings. &merged;&man.pr.1; now supports the and
flags to pause output going to a
terminal. &merged;prefix(8) is obsolete and has been removed. Its
functionality is provided by the command
to &man.ifconfig.8;.The option to &man.ps.1; (to extract
information from a specified swap device) has been useless for
some time; it has been removed. &merged;The &man.pselect.3; library function (introduced by POSIX.1
as a slightly stronger version of &man.select.2;) has been
added.&man.pwd.1; can now double as &man.realpath.1;, a program to
resolve pathnames to their underlying physical
paths. &merged;&man.pwd.1; now supports the flag to
print the logical current working directory. &merged;&man.quota.1; now takes a flag to
suppress quote checks on NFS filesystems.The pseudo-random number generator implemented by
&man.rand.3; has been improved to provide less biased
results.&man.rc.8; now has an framework for handling dependencies
between &man.rc.conf.5; variables. &merged;&man.rc.8; now deletes all non-directory files in
/var/run and
/var/spool/lock at boot
time. &merged;&man.rcmd.3; now supports the use of the
RSH environment variable to specify a program to
use other than &man.rsh.1; for remote execution. As a result,
programs such as &man.dump.8; can use &man.ssh.1; for remote
transport.&man.rdist.1; has been retired from the base system, but is
still available from &os; Ports Collection as
net/44bsd-rdist.&man.reboot.8; now takes a to specify
the next kernel to boot. &merged;The &man.renice.8; command implements a
option, which specifies an increment to be applied to the
priority of a process. &merged;The &man.resolver.3; in &os; now implements EDNS0 support,
which will be necessary when working with IPv6 transport-ready
resolvers/DNS servers. &merged;The &man.rfork.thread.3; library call has been added as a
helper function to &man.rfork.2;. Using this function should
avoid the need to implement complex stack swap
code. &merged;The option to &man.rm.1; now displays
the entire pathname of a file being removed. &merged;&man.route.8; is now more verbose when changing indirect
routes, in the case of a gateway route that is the same route as
the one being modified. &merged;&man.route.8; now uses
host/bits
syntax instead of
net/bits
syntax, for compatibility with &man.netstat.1;. &merged;&man.route.8; can now create proxy only
published ARP entries. &merged;The &man.route.8; command now supports
the and
modifiers. &merged;&man.rpcbind.8; has replaced &man.portmap.8;.&man.rpcgen.1; now uses /usr/bin/cpp
(as on NetBSD), not
/usr/libexec/cpp.&man.rpc.lockd.8; has been imported from NetBSD. This
daemon provides support for servicing client NFS locks.The performance of the ELF dynamic linker &man.rtld.1; has
been improved. &merged;RSA Security has waived all patent rights to the
RSA algorithm. As a result, the
native OpenSSL implementation of the
RSA algorithm is now activated by default, and the security/rsaref port and the
librsaUSA and
librsaINTL libraries are no longer required
for USA and non-USA residents respectively. &merged;&man.rtld.1; will now print the names of all objects that
cause each object to be loaded, if the
LD_TRACE_LOADED_OBJECTS_ALL environment
variable is defined.&man.savecore.8; now supports a option
to prevent clearing a crash dump after saving it. It also
attempts to avoid writing large stretches of zeros to crash dump
files to save space and time. &merged;&man.savecore.8; now works correctly on machines with 2 GB
or more of RAM. &merged;&man.sed.1; now takes a option for
extended regular expression support. &merged;&man.sed.1; now takes a option to enable
in-place editing of files. &merged;&man.send-pr.1; now takes a option to
include a file into the Fix: section of a
problem report. &merged;The &man.setfacl.1; and &man.getfacl.1; commands have been
added to manage filesystem Access Control Lists.&man.setproctitle.3; has been moved from
libutil to
libc. &merged;&man.sh.1; now implements test as a
built-in command for improved efficiency. &merged;&man.sh.1; no longer implements printf as
a built-in command because it was considered less valuable
compared to the other built-in commands (this functionality is,
of course, still available through the &man.printf.1;
executable).&man.sh.1; now supports a option to
prevent existing regular files from being overwritten by output
redirection, and a to give an error if an
unset variable is expanded. &merged;The &man.sh.1; built-in cd command now
supports and flags to
invoke logical or physical modes of operation, respectively.
Logical mode is the default, but the default can be changed with
the physical &man.sh.1; option. &merged;The &man.sh.1; built-in jobs command now
supports a flag to output PIDs only and a
flag to add PIDs to the output. &merged;&man.sh.1; now supports a bind built-in
command, which allows the key bindings for the shell's line editor
to be changed.The &man.sh.1; built-in export and
readonly commands now support a
flag to print their output in
portable format. &merged;&man.sh.1; no longer accepts invalid constructs as
command & &&
command, &&
command, or ||
command. &merged;&man.sockstat.1; now has and
flags for listing connected and listening
sockets, respectively. &merged;&man.spkrtest.8; is now a &man.sh.1; script, rather than a
Perl script.&man.split.1; now has the ability to split a file longer
than 2GB. &merged;&man.split.1; now supports a option to
specify the number of letters to use for the suffix of split
files. &merged;In preparation for meeting SUSv2/POSIX
<sys/select.h> requirements,
struct selinfo and related functions have been
moved to <sys/selinfo.h>.The &man.strnstr.3; and &man.strcasestr.3; variants of
&man.strstr.3; have been implemented. &merged;&man.stty.1; now has support for an
erase2 control character, so that, for
example, both the Delete and
Backspace keys can be used to erase
characters. &merged;&man.su.1; now uses PAM for
authentication.Boot-time &man.syscons.4; configuration was moved to a
machine-independent
/etc/rc.syscons. &merged;&man.sysctl.8; now supports a option to
print out variable names only. &merged;&man.sysctl.8; has replaced the and
options with and
respectively; the former options are now
deprecated. The option is deprecated as
well; it is not needed to determine the user's
intentions. &merged;&man.sysctl.8; now supports a option to
separate variable names and values by =
rather than :. This feature is useful for
producing output that can be fed back to
&man.sysctl.8;. &merged;&man.sysctl.8; now accepts a flag to print
the descriptions of variables.&man.sysinstall.8; now properly preserves
/etc/mail during a binary
upgrade. &merged;&man.sysinstall.8; now uses some more intuitive defaults
thanks to some new dialog support functions. &merged;The default root partition in &man.sysinstall.8; is now
100MB on the i386 and pc98, 120MB on the Alpha.&man.sysinstall.8; now lives in
/usr/sbin, which simplifies the
installation process. The &man.sysinstall.8; manpage is also
installed in a more consistent fashion now.&man.sysinstall.8; now has the ability to load KLDs as a
part of the installation. &merged;When run from the installation media, &man.sysinstall.8;
will automatically load any device drivers found in the
/stand/modules directory of the
mfsroot floppy or filesystem image. Note
that any drivers so loaded will not appear in the kernel's boot
messages; the &man.sysinstall.8; debugging screen will provide
additional information. &merged;&man.sysinstall.8; now enables Soft Updates by default on
all filesystems it creates, except for the root
filesystem. &merged;&man.sysinstall.8; has received updates for its
auto partitioning mode which provide more
reasonable defaults for the sizes of partitions that are
created; auto-sized partitions can now also recover the space
that becomes available when other partitions are
deleted. &merged;&man.sysinstall.8; no longer mounts the &man.procfs.5;
filesystem by default on new installs. This change was made to
improve security, but &man.procfs.5; can still be mounted
manually or via an appropriate line in the &man.fstab.5;
file.&man.sysinstall.8; now has rudimentary support for
retrieving packages from the correct volume of a multiple-volume
installation (such as a multi-CD distribution). &merged;&man.syslogd.8; can take a option to
disable DNS queries for every request. &merged;&man.syslogd.8; now supports a
LOG_CONSOLE facility (disabled by default),
which can be used to log /dev/console
output. &merged;&man.syslogd.8; now has the ability to bind to a specific
address (as opposed to using every available one) via the
option. &merged;&man.syslogd.8; now accepts a flag to
disable repeated line compression. &merged;&man.tabs.1;, a utility to set terminal tab stops, has been
added.&man.tail.1; now has the ability to work on files longer
than 2GB. &merged;&man.tar.1; now supports the TAR_RSH
variable, principally to enable the use of &man.ssh.1; as a
transport. &merged;&man.telnet.1; now does autologin and encryption by default;
a new option turns off encryption. &merged;&man.telnet.1; now supports a flag to
allow connections to UNIX-domain (AF_UNIX)
sockets. &merged;The &man.termcap.5; database now uses the
xterm terminal type from
XFree86. As a result, &man.xterm.1;
now supports color by default and the common workaround of
setting TERM to xterm-color
is no longer necessary. Use of the
xterm-color terminal type may result in
(benign) warnings from applications.&man.tftp.1; and &man.tftpd.8; now support IPv6. &merged;&man.tftpd.8; now takes the and
options, which allow the server to
&man.chroot.2; based on the IP address of the connecting client.
&man.tftp.1; and &man.tftpd.8; can now transfer files larger
than 65535 blocks. &merged;&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval
and Transfer Size Options); this feature is required by some
firmware like EFI boot managers (at least on HP i2000 Itanium
servers) in order to boot an image using
TFTP.&man.timed.8; now works on the alpha.A version of Transport Independent RPC
(TI-RPC) has been imported.&man.tmpnam.3; will now use the TMPDIR
environment variable, if set, to specify the location of
temporary files. &merged;&man.tip.1; has been updated from
OpenBSD, and has the ability to act
as a &man.cu.1; substitute.&man.top.1; will now use the full width of its tty.&man.touch.1; now takes a option to
operate on a symbolic link, rather than what the link points
to.&man.tr.1; now has basic support for equivalence classes
for locales that support them. &merged;&man.tr.1; now supports a flag to
complement the set of characters specified by the first string
argument.The &man.truncate.1; utility, which truncates or extends the
length of files, has been added. &merged;&man.tunefs.8; now supports the and
flags to enable and disable the
FS_ACLS and FS_MULTILABEL
administrative flags on UFS file system.A &man.ugidfw.8; utility has been added to manage the
rulesets provided by the mac_bsdextended
Mandatory Access Control policy, similar to &man.ipfw.8;.Ukrainian language support has been added to the &os;
console. &merged;UUCP has been removed from the
base system. It can be found in the Ports Collection, in
net/freebsd-uucp.&man.unexpand.1; now supports a to
specify tabstops analogous to &man.expand.1;. &merged;&man.units.1; has received some updates and
bugfixes. &merged;&man.usbdevs.8; now supports a flag to
show the device driver associated with each device.The &man.usbhidctl.1; utility has been added to manipulate
USB Human Interface Devices. &merged;&man.uuencode.1; and &man.uudecode.1; now accept a option to
set their output files. &man.uuencode.1; can now be made to do base64 encoding
when given the flag, while &man.uudecode.1;
can now automatically decode base64 files. &merged;The base64 capabilities of &man.uuencode.1; and
&man.uudecode.1; can now be automatically enabled by invoking
these utilities as &man.b64encode.1; and &man.b64decode.1;
respectively. &merged;Functions to implement and manipulate OSF/DCE 1.1-compliant
UUIDs have been added to libc. More
information can be found in &man.uuid.3;.The &man.uuidgen.1; utility has been added. It uses the new
&man.uuidgen.2; system call to generate one or more Universally
Unique Identifiers compatible with OSF/DCE 1.1 version 1
UUIDs.&man.vidcontrol.1; now accepts a
parameter to select custom text geometry in the
VESA_800x600 raster text mode. &merged;&man.vidcontrol.1; now allows the user to omit the font size
specification when loading a font, and has some better
error-handling. &merged;&man.vidcontrol.1; now supports a option
to take a snapshot of a &man.syscons.4; video buffer. These
snapshots can be manipulated by the
graphics/scr2png utility in
the Ports Collection. &merged;&man.vidcontrol.1; now supports a option
to clear the history buffer for a given tty, as well as a
option to set the size of the history
buffer. &merged;&man.vidcontrol.1; now accepts a to
allow the user to disable VTY switching. &merged;The default stripe size in &man.vinum.8; has been changed
from 256KB to 279KB, to spread out superblocks more evenly
between stripes.&man.wall.1; now supports a flag to
write a message to all users of a given group. &merged;&man.watch.8; now takes a option to
specify a &man.snp.4; device to use. &merged;&man.wc.1; now supports a flag to
count characters, rather than bytes.&man.whereis.1;, formerly a Perl script, has been
rewritten in C. It now supports a flag to
suppress the run of &man.locate.1;, and a
flag suppresses the leading name of the query.&man.whereis.1; now supports a flag
to report all matches instead of only the first of each
requested type.&man.which.1; is now a C program, rather than a Perl
script.&man.who.1; now has a number of new options:
shows column headings;
shows &man.mesg.1; state; is an equivalent
to ; shows idle time;
to list names in columns. &merged;&man.whois.1; now directs queries for IP addresses to ARIN.
If a query to ARIN references APNIC or RIPE, the appropriate
server will also be queried, provided that the
option is not specified. &merged;&man.whois.1; supports a option to
specify a country code to help direct queries towards a
particular whois server. &merged;&man.wicontrol.8; now supports a to list
the stations associated in hostap mode and a
to list available access points.&man.xargs.1; now supports a
replstr option that allows the user
to tell &man.xargs.1; to insert the data read from standard
input at specific points in the command line arguments rather
than at the end. (A &os;-specific option is
similar.) &merged;&man.xargs.1; now supports a option to
force its utility argument to be called after some number of
lines. &merged;The compiler chain now uses the FSF-supplied C/C++ runtime
initialization code. This change brings about better
compatibility with code generated from the various egcs and gcc
ports, as well as the stock public FSF source. &merged;The threads library has gained some signal handling changes,
bug fixes, and performance enhancements (including zero system
call thread switching). &man.gdb.1; thread support has been
updated to match these changes. &merged;Significant additions have been made to internationalization
support; &os; now has complete locale support for the
LC_MONETARY, LC_NUMERIC,
and LC_MESSAGES categories. A number of
applications have been updated to take advantage of this
support. &merged;Locale names have been changed to improve compatibility with
the names used by X11R6, as well as a number of other UNIX
versions. As an example, the
en_US.ISO_8859-1 locale name has been changed
to
en_US.ISO8859-1. Entries in
/etc/locale.alias provide backward
compatibility. &merged;Various routines in the C library now have support for
wide characters. Among these are
character class functions such as &man.wctype.3;, wide character
I/O functions such as &man.getwc.3;, formatted I/O functions
such as &man.wprintf.3; and &man.wscanf.3;. Conversion
functions to &man.multibyte.3; characters are also supported./usr/src/share/examples/BSD_daemon/ now
contains a scalable Beastie graphic. &merged;As part of an ongoing process, many manual pages were
improved, both in terms of their formatting markup and in their
content. &merged;A number of utilities and libraries were enhanced to improve
their conformance with the Single UNIX Specification (SUSv3) and
IEEE Std 1003.1-2001 (POSIX.1). Specific
features added have been listed in the release notes for each
utility. The standards conformance of each utility or library
function is generally listed in its manual page.A number of traditional BSD games have been removed from the base system;
they are now available in the games/freebsd-games port.
These include: adventure(6), arithmetic(6), atc(6),
backgammon(6), battlestar(6), bs(6), canfield(6), cribbage(6),
fish(6), hack(6), hangman(6), larn(6), mille(6), phantasia(6),
piano(6), pig(6), quiz(6), rain(6), robots(6), rogue(6),
sail(6), snake(6), trek(6), wargames(6), worm(6), worms(6), and
wump(6). dm(8), which was used to control access to games, is
no longer necessary, and has also been removed. The
utility-like games, as well as &man.fortune.6;,
remain.Contributed Softwaream-utils has been updated to
6.0.7.A 10 February 2002 snapshot of awk from Bell Labs (variously
known as BWK awk or The One True
AWK) has been imported. It is available as
awk or
nawk.bc has been updated from 1.04 to
1.06. &merged;The ISC library from the BIND
distribution is now built as
libisc. &merged;BIND is now built with the
NOADDITIONAL flag, which causes
&man.named.8; to operate in a more consistent fashion for
certain common misconfigurations. &merged;BIND has been updated to
8.3.3. &merged;Binutils has been updated to
a pre-release snapshot of 2.13.2 from 27 October 2002.bzip2 1.0.2 has been imported;
this brings the &man.bzip2.1; program and the
libbz2 library to the base
system. &merged;The &man.ee.1; Easy Editor has
been updated to 1.4.2. &merged;file has been updated to
3.39.gcc has been updated to
gcc 3.2.1 (released version).
The C++ ABI from gcc
3.2.1 is not compatible with
previous versions.&man.gcc.1; now uses a unified libgcc
rather than a separate one for threaded and non-threaded
programs. /usr/lib/libgcc_r.a can be
removed. &merged;&man.gcc.1; now supports the environment variable
GCC_OPTIONS, which can hold a set of default
options for GCC. &merged;gdb has been updated to version
5.2.1.GNATS has been updated to
3.113. &merged;gperf has been updated to
2.7.2.groff and its related utilities
have been updated to FSF version 1.18.1.Heimdal Kerberos has been updated to
0.5.1. &merged;The version of IPFilter
provided with &os; now includes the &man.ipfs.8; program,
which allows state information created for NAT entries and
stateful rules to be saved to disk and restored after a
reboot. Boot-time configuration of these features is
supported by &man.rc.conf.5;. &merged;The ISC DHCP client has been
updated to 3.0.1RC9.Kerberos IV has been updated to
1.0.5. &merged;The &man.more.1; command has been replaced by
&man.less.1;, although it can still be run as
more. &merged; Version 371 of
less has been imported.An XML processing library, named
libbsdxml, has been added for the benefit
of XML-using utilities in the base system. It is based almost
entirely on an import of expat
1.95.5, but is installed under a different name to avoid
conflicts with any versions of
expat installed from the Ports
Collection.libpcap has been updated to
0.7.1. &merged;libreadline has been updated to
4.2.libz has been updated to
1.1.4.lint has been updated to
snapshot of NetBSD &man.lint.1; as of 19 July 2002.lukemftp 1.6 beta 2 (the FTP client from
NetBSD) has replaced the &os; &man.ftp.1; program. Among its
new features are more automation methods, better standards
compliance, transfer rate throttling, and a customizable
command-line prompt. Some environment variables and
command-line arguments have changed.&man.m4.1; has been imported from OpenBSD, as of 26 April
2002. &merged;ncurses has been updated to
5.2-20020615.The NTP suite of programs has
been updated to 4.1.1b.OpenPAM
(Citronella release) has been imported,
replacing
Linux-PAM.The OPIE one-time-password
suite has been updated to 2.4. It has completely
replaced the functionality of
S/Key. &merged;Perl has been removed from the
&os; base system. It can be installed from the &os;
Ports Collection, as a binary package, or via the Perl
distribution item in &man.sysinstall.8;'s
distribution menu.
Moving Perl out of the
base system will make future upgrades and maintenence easier.
To reduce the dependence of the base system on
Perl, many utilities have been
rewritten as shell scripts or C programs (specific notes are
made for each affected utility).
The Perl script removal work is ongoing.Most of the distribution sets in &man.sysinstall.8;
include the new Perl distribution. This change will
therefore be transparent to most users, with the exception
that updating Perl will be done separately from the base
system.GNU ptx has been removed from
the base system. It is not used anywhere in the base system,
and has not been recently updated or maintained. Users
requiring its functionality can install this utility as a part
of the textproc/textutils
port.The rc.d framework from NetBSD has been
imported. It breaks down the system startup functionality
into a number of small, task-oriented scripts
in /etc/rc.d, with dynamic-determined
ordering of startup scripts performed at boot-time.&man.routed.8; has been updated to version
2.22. &merged;Version 1.4.5 of the
smbfs userland utilities has been
imported. &merged;GNU sort has been updated to
the version from GNU textutils
2.0.21.&man.stat.1; from NetBSD, as of
5 June 2002 has, been imported.GNU tar has been updated to
1.13.25. &merged;tcpdump has been updated to
3.7.1. &merged;The &man.csh.1; shell has been replaced by &man.tcsh.1;,
although it can still be run as csh.
tcsh has been updated to version
6.12. &merged;The contributed version of
tcp_wrappers now includes the
&man.tcpd.8; helper daemon. While not strictly necessary in a
standard &os; installation (because &man.inetd.8; already
incorporates this functionality), this may be useful for
&man.inetd.8; replacements such as
xinetd. &merged;texinfo has been updated to
4.2. &merged;top has been updated to version
3.5b12. &merged;traceroute has been updated to
LBL version 1.4a12.&man.traceroute.8; now takes its default maximum TTL value
from the net.inet.ip.ttl sysctl
variable. &merged;The timezone database has been updated to the
tzdata2002d release. &merged;CVScvs has been updated to
a snapshot of 1.11.2.1, as of 1 December 2002.The default value for &man.cvs.1;'s
CVS_RSH variable is now
ssh, rather than
rsh. &merged;&man.cvs.1; now supports a option to
update a sandbox's CVS/Template file
from the repository. &merged;&man.cvs.1; diff now supports the
option to perform differences against a
revision relative to a branch tag. &merged;CVSupCVSup, a frequently used
utility in the &os; Ports Collection, was formerly
installable using several ports and packages. The
net/cvsup-bin and
net/cvsupd-bin
ports/packages are no longer necessary or available; the
net/cvsup port should be
used instead. &merged;CVSup has been updated to
16.1_3, which is available in the &os; Ports Collection as
net/cvsup. This update
fixes a long-standing (but only recently encountered) bug
which affects the timestamps on all files after Sun Sep 9
01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX
epoch). &merged;KAMEThe IPv6 stack is now based on a snapshot based on the
KAME Project's IPv6 snapshot as of 28 May, 2001. Most of
the items listed in this section are a result of this
import.
lists kernel updates to the
KAME IPv6 stack. &merged;&man.faithd.8; now supports a configuration file for
access control. &merged;&man.ifconfig.8; can now perform the functions of
gifconfig(8). &merged;&man.ifconfig.8; can now perform the functions of
prefix(8). &merged;&man.ndp.8; now implements garbage collection for stale
NDP entries, as described in RFC 2461 (Neighbor Discovery
for IP Version 6 (IPv6)). &merged;pim6dd(8) and pim6sd(8) have been removed due
to restrictive licensing conditions. These programs are
available in the ports collection as
net/pim6dd and
net/pim6sd. &merged;&man.route6d.8; now supports an flag
to avoid updating the kernel forwarding
table. &merged;The (router renumbering) option to
&man.rtadvd.8; is currently ignored. &merged;OpenSSHOpenSSH has been updated to
2.9, which provides support for the SSH2 protocol (now the
default) and DSA keys. &man.ssh-add.1; and
&man.ssh-agent.1; can now handle DSA keys, with support for
authentication forwarding.
OpenSSH users in the USA no
longer need to rely on the restrictively-licensed RSAREF
toolkit which is required to handle RSA keys. Among other
new features: A client and server for &man.sftp.1; has been added.
&man.scp.1; can now handle files larger than 2 GBytes. A
limit on the number of outstanding, unauthenticated
connections in &man.sshd.8; has been added. Support has
been added for the Rijndael encryption algorithm. Rekeying
of existing sessions is now supported, and an experimental
SOCKS4 proxy has been added to
&man.ssh.1;. &merged;OpenSSH has been updated to
version 3.4p1. &merged; Among the changes:
The *2 files are obsolete
(for example,
~/.ssh/known_hosts can hold the
contents of
~/.ssh/known_hosts2).&man.ssh-keygen.1; can import and export keys using
the SECSH Public Key File Format, for key exchange
with several commercial SSH implementations.&man.ssh-add.1; now adds all three default keys.&man.ssh-keygen.1; no longer defaults to a
specific key type; one must be specified with the
option.A privilege separation feature,
which uses unprivileged processes to contain and
restrict the effects of future compromises or
programming errors.Several bugfixes, including closure of a
security hole that could lead to an integer overflow
and undesired privilege escalation.OpenSSH can now authenticate
using OPIE passwords. &merged;PAM support for
OpenSSH has been added. &merged;A long-standing bug in
OpenSSH, which sometimes resulted
in a dropped session when an X11-forwarded client was
closed, was fixed. &merged;Kerberos compatibility has
been added to
OpenSSH. &merged;OpenSSH has been modified to
be more resistant to traffic analysis by requiring that
non-echoed characters are still echoed back
in a null packet, as well as by padding passwords sent so as
not to hint at password lengths. &merged;&man.sshd.8; is now enabled by default on new
installs. &merged;&man.sshd.8; X11Forwarding is now
turned on by default on the server (any risk is to the
client, where it is already disabled by
default). &merged;In /etc/ssh/sshd_config, the
ConnectionsPerPeriod parameter has been
deprecated in favor of
MaxStartups. &merged;OpenSSH now has a
VersionAddendum configuration setting for
&man.sshd.8; to allow changing the part of the
OpenSSH version string after the
main version number. &merged;OpenSSLOpenSSL has been updated to
0.9.6g. &merged;OpenSSL now has support for
machine-dependent ASM optimizations, activated by the new
MACHINE_CPU and/or
CPUTYPEmake.conf variables. &merged;sendmailsendmail has been updated
from version 8.9.3 to version 8.12.6. Important changes
include: &man.sendmail.8; is no longer installed as a
set-user-ID root binary (now set-group-ID smmsp); new
default file locations (see
/usr/src/contrib/sendmail/cf/README);
&man.newaliases.1; is limited to root
and trusted users; STARTTLS encryption; and the MSA port
(587) is turned on by default. See
/usr/src/contrib/sendmail/RELEASE_NOTES
for more information. &merged;&man.mail.local.8; is no longer installed as a
set-user-ID binary. If you are using a
/etc/mail/sendmail.cf from the default
sendmail.cf included with &os; any time
after 3.1.0, you are fine. If you are using a
hand-configured sendmail.cf and
mail.local for delivery, check to make sure the
F=S flag is set on the
Mlocal line. Those with
.mc files who need to add the flag can
do so by adding the following line to their
.mc file and regenerating the
sendmail.cf file:MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnlNote that FEATURE(`local_lmtp') already
does this. &merged;The default /etc/mail/sendmail.cf
disables the SMTP EXPN and
VRFY commands. &merged;&man.vacation.1; has been updated to use the version
included with sendmail. &merged;The sendmail configuration
building tools are installed in
/usr/share/sendmail/cf/. &merged;New make.conf options:
SENDMAIL_MC and
SENDMAIL_ADDITIONAL_MC. See
/usr/share/examples/etc/make.conf for more
information. &merged;/etc/mail/Makefile now supports:
the new SENDMAIL_MCmake.conf option; the ability to build
.cf files from
.mc files; generalized map rebuilding;
rebuilding the aliases file; and the ability to stop, start,
and restart
sendmail. &merged;The smmsp and
mailnull users have been added to
/etc/master.passwd. In the absence of a
confDEF_USER_ID setting, by default,
sendmail will use the
mailnull user for extra security.
Previously, if the mailnull user did
not exist, the daemon user was used.
This change may generate some permissions issues when
mailing to files or to programs (such as mail/majordomo). &merged; The
previous behavior can be restored by adding the following
line to a system's
*.mc
configuration file:
define(`confDEF_USER_ID', `daemon')Beginning with the import of
sendmail 8.12.2, multiple
sendmail daemons (some required
to handle outgoing mail) are started by &man.rc.8;, even if
the sendmail_enable variable is set to
NO. To completely disable
sendmail,
sendmail_enable must be set to
NONE. Alternatively, for systems using a
different MTA, the mta_start_script variable can
be used to point to a different startup script (more details
can be found in &man.rc.sendmail.8;). &merged;By default, &man.rc.8; no longer enables
sendmail for inbound SMTP
connections. Note that &man.sysinstall.8; may override this
default for a binary installation, based on what security
profile is selected. This functionality can also be
manually enabled by adding the following line to
/etc/rc.conf:sendmail_enable="YES"The permissions for sendmail
alias and map databases built via
/etc/mail/Makefile now default to mode
0640 to protect against a file locking local denial of service.
It can be changed by setting the new
SENDMAIL_MAP_PERMSmake.conf option. &merged;The permissions for the sendmail
statistics file, /var/log/sendmail.st, have
been changed from mode 0644 to mode 0640 to protect against
a file locking local denial of service. &merged;Ports/Packages Collection InfrastructureBSDPAN, a collection of modules
that provides tighter integration of
Perl into the &os; Ports
Collection, has been added.&man.pkg.create.1; and &man.pkg.add.1; can now work with
packages that have been compressed using
&man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT
environment variable to determine a mirror site for new
packages. &merged;&man.pkg.create.1; now records dependencies in dependency
order rather than in the order specified on the command line.
This improves the functioning of pkg_add
-r. &merged;&man.pkg.create.1; now supports a to
create a package file from a locally-installed
package. &merged;When requested to delete multiple packages,
&man.pkg.delete.1; will now attempt to remove them in
dependency order rather than the order specified on the
command line. &merged;&man.pkg.delete.1; now can perform glob/regexp matching of
package names. In addition, it supports a
option for removing all packages and a
option for &man.rm.1;-style interactive
confirmation. &merged;&man.pkg.delete.1; now supports a
option for recursive package removal. &merged;&man.pkg.info.1; now supports globbing against names of
installed packages. The option disables
this behavior, and the option causes
regular expression matching instead of shell
globbing. &merged;&man.pkg.info.1; can now accept a flag
for verifying an installed package against its recorded
checksums (to see if it's been modified post-installation).
Naturally, this mechanism is only as secure as the contents of
/var/db/pkg if it's to be used for auditing
purposes. &merged;&man.pkg.sign.1; and &man.pkg.check.1; have been added to
digitally sign and verify the signatures on binary package
files. &merged;For some time, &os; 5.0-CURRENT (as well as some 4.X
releases) included a pkg_update(1) utility to update installed
packages, as well as their dependencies. This utility has
been removed; a superset of its functionality can be found in
the sysutils/portupgrade
port.&man.pkg.version.1; now has a version number comparison
routine that corresponds to the Porters Handbook. It also has
a option for testing address comparisons.
&merged;&man.pkg.version.1; now takes a flag
to limit its operation to ports/packages matching a given
string. &merged;&man.pkg.version.1;, formerly a Perl script, has been
rewritten in C. The , frequently misused,
has been removed. The sysutils/portupgrade port provides a
supported and safer alternative.Version numbers of installed packages have a new
(backward-compatible) syntax, which supports the
PORTREVISION and
PORTEPOCH variables in Ports Collection
Makefiles. These changes help keep track
of changes in the ports collection entries such as security
patches or &os;-specific updates, which aren't reflected in
the original, third-party software distributions.
&man.pkg.version.1; can now compare these new-style version
numbers. &merged;To improve performance and disk utilization, the
ports skeletons in the &os; Ports Collection
have been restructured. Installed ports and packages should
not be affected. &merged;All packages and ports now contain an
origin directive, which makes it easier for
programs such as &man.pkg.version.1; to determine the
directory from which a package was built. &merged;The Ports Collection infrastructure now uses
XFree86 4.2.1 as the default version
of the X Window System for the purposes of satisfying
dependencies. To return to using
XFree86 3.3.6, add the following line
to /etc/make.conf: &merged;XFREE86_VERSION=3The libraries installed by the emulators/linux_base port (required
for Linux emulation) have been updated; they now correspond to
those included with Red Hat Linux
7.1. &merged;By default, packages generated by the Ports Collection (as
well as the packages on the FTP sites) are now compressed
using &man.bzip2.1;, rather than &man.gzip.1;. (Thus, they
now have a .tbz extension, rather than a
.tgz extension.) The package
tools have been updated to handle the new format.The Ports Collection now maintains a separate index file
(/usr/ports/INDEX-5) for use with &os;
&release.branch;. A major motivation for a separate index
file is to cope with dependencies (such as lang/perl5) that exist in &os;
&release.branch; but not &os; 4-STABLE. The index file for
each package set is still called
INDEX.Release Engineering and IntegrationThe bin distribution has been renamed
base, in order to make creation of combined
install/recovery disks easier.ISO images and CDROMs now use the
cdboot boot loader by default. This
eliminates the need for an emulated floppy disk image on
a bootable CDROM and allows for a full
GENERIC kernel to be used for CDROM
installations, at the expense of compatability with some old
BIOSs.XFree86 4.2.0
is now the default version of the X Window System supported by
&man.sysinstall.8;. It installs
XFree86 as a set of standard binary
packages, so the usual package utilities such as
&man.pkg.info.1; can be used to examine/manipulate its
components. &merged;It is now possible to make releases of &os;
5-CURRENT on a &os; 4-STABLE host and vice versa. Cross-architecture
(building a release for a target architecture on a host of a
different architecture) releases are also possible. See
&man.release.7; for details. &merged;A third drivers.flp floppy has been
added to floppy releases. It holds loadable modules
containing drivers that do not fit in the kernel on the
kern.flp disk or in the
mfsroot.flp image.DocumentationA number of formerly-encumbered documents from the 4.4 BSD
Programmer's Supplementary Documents have been restored to
/usr/share/doc/psd. These include:The UNIX Time-Sharing System
(01.cacm)UNIX Implementation
(02.implement)The UNIX I/O System
(03.iosys)UNIX Programming — Second Edition
(04.uprog)The C Programming Language — Reference Manual
(06.Clang)Yacc: Yet Another Compiler-Compiler
(15.yacc)Lex — A Lexical Analyzer Generator
(16.lex)The M4 Macro Processor
(17.m4)Several formerly-encumbered documents from the 4.4 BSD
User's Supplementary Documents have been restored to
/usr/share/doc/usd. They include:NROFF/TROFF User's Manual
(21.troff)A TROFF Tutorial
(22.trofftut)Upgrading from previous releases of &os;Users with existing &os; systems are
highly encouraged to read the Early
Adopter's Guide to &os; 5.0. This document generally has
the filename EARLY.TXT on the distribution
media, or any other place that the release notes can be found. It
offers some notes on upgrading, but more importantly, also
discusses some of the relative merits of upgrading to &os;
5.X versus running &os;
4.X.Upgrading &os; should, of course, only be attempted after
backing up all data and configuration
files.