The &os; Project $FreeBSD$ 2000 2001 2002 2003 2004 2005 2006 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. This document contains the release notes for &os; &release.current; on the &arch.print; hardware platform. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This section describes the most user-visible new or changed features in &os; since &release.prev;. In general, changes described here are unique to the &release.branch; branch unless specifically marked as &merged; features. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. A temporary file vulnerability in &man.texindex.1;, which could allow a local attacker to overwrite files in the context of a user running the &man.texindex.1; utility, has been fixed. For more details see security advisory FreeBSD-SA-06:01.texindex. &merged; A temporary file vulnerability in the &man.ee.1; text editor, which could allow a local attacker to overwrite files in the context of a user running &man.ee.1;, has been fixed. For more details see security advisory FreeBSD-SA-06:02.ee. &merged; Several vulnerabilities in the &man.cpio.1; utility have been corrected. For more details see security advisory FreeBSD-SA-06:03.cpio. &merged; An error in &man.ipfw.4; IP fragment handling, which could cause a crash, has been fixed. For more details see security advisory FreeBSD-SA-06:04.ipfw. &merged; A potential buffer overflow in the IEEE 802.11 scanning code has been corrected. For more details see security advisory FreeBSD-SA-06:05.80211. &merged; Two instances in which portions of kernel memory could be disclosed to users have been fixed. For more details see security advisory FreeBSD-SA-06:06.kmem. &merged; A logic bug in the IP fragment handling in &man.pf.4;, which could cause a crash under certain circumstances, has been fixed. For more details see security advisory FreeBSD-SA-06:07.pf. &merged; An information disclosure issue found in the &os; kernel running on 7th- and 8th-generation AMD processors has been fixed. For more details see security advisory FreeBSD-SA-06:14.fpu. &merged; &man.acpi.4; now has basic support for the HPET time counter. The &man.acpi.ibm.4; driver now supports setting the fan control mode to manual or automatic, and adjusting the fan speed if the fan control mode is manual. To enable manual control of the fan speed, the sysctl variable dev.acpi_ibm.0.fan needs to be set to zero (manual). This should only be used with extreme precaution, as disabling automatic fan control might overheat the hardware and lead to permanent damage. The &man.ddb.4; debugger now provides the show lock command. If the argument has a valid lock class, this displays various information about the lock and calls a new function pointer in lock_class (lc_ddb_show) to dump class-specific information about the lock as well (such as the owner of a mutex or xlock'ed sx lock). &merged; The &man.ddb.4; debugger now provides the show sleepq command. This takes a wait channel as an argument and looks for a sleep queue associated with that wait channel. DEFAULTS kernel configuration files for each platform have been added. &merged; A bug in file descriptor handling such that simple close(0); dup(fd) sequence does not return descriptor 0 in some cases, has been fixed. The &man.firmware.9; subsystem has been added. This allows to load binary data into the kernel via a specially crafted module. &merged; The &man.gdb.1; remote debugging interface now supports copying console messages to a remote debugger instance. To enable this, set debug.gdbcons="1" in loader.conf, enter boot -d; gdb; step from the loader prompt, then attach &man.gdb.1; from a remote machine. The sysctl variable debug.gdbcons can be used to turn on/off this functionality. &man.hwpmc.4; and &man.pmcstat.8; now support profiling of dynamically loaded kernel modules and dlopen()'ed shared objects. &man.pmcstat.8; can now log over a network socket to a remote host. The &man.random.4; entropy device driver is now MPSAFE. &merged; The SIGCHLD signal queuing has been added. For each child process whose status has been changed, a SIGCHLD instance is queued. If the signal is still pending, and the process changed status several times, the signal information is updated to reflect the latest process status. There is a loader tunable kern.sigqueue.queue_sigchild which can control the behavior, setting it to zero disables the SIGCHLD queuing feature. Instead of dumping the whole physical memory, the kernel now defaults to dump only pages that are actively mapped into kvm. A new sysctl variable debug.minidump can be used to turn off this behavior when set to zero. A new sysctl variable kern.malloc_stats has been added. This allows to export kernel malloc statistics via a binary structure stream. A new sysctl variable kern.elf[32|64].can_exec_dyn has been added. This allows to execute a ET_DYN binary (shared object) when the variable is set to 1. This is set to 0 by default and useful for some Linux scripts which expect to be able to execute /lib/ld-linux.so.2. A new sysctl variable kern.elf[32|64].can_exec_dyn has been removed. Instead the brandinfo structure has been extended to be able to provide the BI_CAN_EXEC_DYN flag for all brands that usually allow executing ELF dynamic binaries. A new sysctl variable kern.forcesigexit has been added. This forces a process to sigexit if a trap signal is being held by the current thread or ignored by the current process and is enabled by default. RedZone, a buffer corruption protection for kernel &man.malloc.9; facility has been implemented. This detects both of buffer underflows and buffer overflows bugs at runtime on &man.free.9; and &man.realloc.9;, and prints backtraces from where memory was allocated and from where it was freed. For more details, see the &man.redzone.9; manual page. A new sysctl variable security.mac.biba.interfaces_equal which makes all network interfaces be created with the label biba/equal(equal-equal), has been added. This is useful where programs such as &man.dhclient.8; and &man.ppp.8;. which initialize network interfaces do not have any labeling support. This variable is set as 0(disabled) by default. &merged; A new sysctl variable vm.zone_stats has been added. This allows to export &man.uma.9; allocator statistics via a binary structure stream. The sysctl variable hw.pci.do_powerstate has been changed from a boolean to a range. 0 means no power management, 1 means conservative power management which any device class that has caused problems is added to the watch list, 2 means aggressive power management where any device class that is not fundamental to the system is added to the list, and 3 means power them all down unconditionally. The default is 1. The GENERIC kernel now enables SMP support by default. Sample kernel configuration files src/sys/arch/conf/MAC for the Mandatory Access Control framework have been added. POSIX_TIMERS support has been updated to 200112L. An experimental support for POSIX message queue has been implemented. The support for Xbox, whose architecture is nearly identical has been added. For details of the latest development, see . A new option -S, which allows setting the boot2 serial console speed in the /boot.config file or on the boot: prompt line, has been added. A new loader tunable comconsole_speed to change the serial console speed has been added. If the previous stage boot loader requested a serial console then the default speed is determined from the current serial port speed, and otherwise it is set to 9600 or the value of the kernel option BOOT_COMCONSOLE_SPEED at compile time. &merged; The &man.acpi.thermal.4; driver now supports passive cooling. &merged; The &man.cardbus.4; driver now supports /dev/cardbus%d.cis. The &man.ce.4; driver, which supports Cronyx Tau-PCI/32 adapters, has been added. &merged; Support for the PadLock Security Co-processor in VIA C3 processors has been added to the &man.crypto.9; subsystem. &merged; A bug which prevents the &man.ichsmb.4; kernel module from unloading has been fixed. &man.ipmi.4;, an OpenIPMI compatible driver, has been added. OpenIPMI (Intelligent Platform Management Interface) is an open standard designed to enable remote monitoring and control of server, networking and telecommunication platforms. The &man.kbdmux.4; driver has been integrated into &man.syscons.4; and the kbd device driver. By default &man.syscons.4; will look for the &man.kbdmux.4; keyboard first, and then, if not found, look for any keyboard. Switching to &man.kbdmux.4; can be done at boot time by loading the kbdmux kernel module via &man.loader.8;, or at runtime via &man.kldload.8; and releasing the active keyboard. &merged; The &man.kbdmux.4; driver has been included in the GENERIC kernel by default. Also, the Boot FreeBSD with USB keyboard menu item in the boot loader menu has been removed since this fixes USB keyboard probing problems. &merged; The loader tunable debug.mpsafevfs is set to 1 by default. The &man.sab.4; driver has been removed (it has been superceded by the &man.scc.4; driver). The &man.scc.4; driver has been added. This provides generic support for serial communications controllers and delegates the control over each channel and mode to a subordinate driver such as &man.uart.4;. The smbios(4) driver support for amd64 has been added. The tnt4882(4) driver which supports National Instruments PCI-GPIB card has been added. The &man.uart.4; driver has been included in the GENERIC kernel by default. When both &man.sio.4; and &man.uart.4; can handle a serial port, &man.sio.4; will claim it. The &man.uart.4; driver now supports LOM (Lights Out Management) and RSC (Remote System Control) devices as console. A new loader tunable hw.apic.enable_extint has been added. This tunable can be used not to mask the ExtINT pin on the first I/O APIC. At least one chipset for Intel Pentium III seems to need this even though all of the pins in the 8259A's are masked. The default is still to mask the ExtINT pin. Support has been improved for so-called legacy-free hardware, in particular, i386 systems without AT-style keyboard controllers such as the Macbook Pro. The &man.agp.4; driver now supports ATI IGP chipsets. &merged; The &man.sound.4; driver now supports wider range sampling rate, multiple precisions choice, and 24/32 bit PCM format conversion. &merged; The &man.snd.als4000.4; driver is now MPSAFE. &merged; The &man.snd.atiixp.4; driver has been added. This supports ATI IXP 200/300/400 series audio controllers. &merged; The &man.snd.atiixp.4; driver now supports suspend and resume features. The &man.snd.cmi.4; driver is now MPSAFE. The &man.snd.es137x.4; driver is now MPSAFE. &merged; The &man.snd.ich.4; driver is now MPSAFE. &merged; The &man.snd.solo.4; driver is now MPSAFE. &merged; The &man.snd.via8233.4; driver is now MPSAFE. &merged; The &man.snd.via82c686.4; driver is now MPSAFE. &merged; The &man.speaker.4; driver now supports &os;/amd64. &merged; The &man.uaudio.4; driver now supports 24/32 bit audio formats and conversion. The &man.ath.4; driver has been updated to version 0.9.16.16. &merged; The &man.bce.4; driver, which supports Broadcom NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet controllers, has been added. For more details, see &man.bce.4;. &merged; The &man.bge.4; driver's Jumbo frame support is now MPSAFE. The &man.bge.4; driver now supports big-endian architectures such as sparc64. The &man.bge.4; driver now supports &man.polling.4; mode. &merged; The &man.dc.4; driver is now MPSAFE. &merged; The &man.de.4; driver has been converted to the &man.bus.dma.9; API and is now MPSAFE. The &man.ed.4; driver is now MPSAFE. The &man.el.4; driver has been removed. The &man.em.4; driver now supports big-endian architectures such as sparc64. &merged; The &man.em.4; driver has been updated to version 3.2.18 from Intel, and now supports 82571 and 82572 based adapters. The &man.em.4; driver now includes initial support for suspend and resume features. The &man.em.4; driver has been improved on its performance by using a fast interrupt handler and taskqueue instead of ithread handler. This change can be disabled by defining NO_EM_FASTINTR kernel option for debugging purpose. The &man.iwi.4; driver now supports big-endian architectures such as sparc64. The &man.le.4; driver, which supports AMD Am7900 LANCE and Am79C9xx PCnet NICs and is based on NetBSD's implementation, has been added. While the &man.lnc.4; driver also supports these NICs, this driver has several advantages over it such as MPSAFE, ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI variants. &merged; The &man.lge.4; driver is now MPSAFE. &merged; The &man.my.4; driver is now MPSAFE. &merged; The &man.myri10ge.4; driver, which supports Myricom Myri10GE 10 Gigabit Ethernet adapters, has been added. For more details, see &man.myri10ge.4;. The &man.nve.4; driver has been updated to version 1.0-0310 (23-Nov-2005). The &man.pcn.4; driver is now MPSAFE. &merged; The &man.re.4; driver now supports D-Link DGE-528(T) Gigabit Ethernet card. The &man.sf.4; driver is now MPSAFE. &merged; The &man.sk.4; driver is now MPSAFE. The &man.ste.4; driver is now MPSAFE. The &man.ti.4; driver now supports big-endian architectures such as sparc64. The &man.ufoma.4; driver for FOMA (third generation mobile phone system by NTT DoCoMo, Inc. in Japan) has been added. This should support other third generation mobile phones since the driver is based on USB Implementation Guideline from MCPC (Mobile Computing Promotion Consortium) in Japan. The vgapci(4) driver has been added. This is a stub device driver for VGA PCI devices and serves as a bus so that other drivers such as drm(4), &man.acpi.video.4;, and &man.agp.4; can attach to it thus allowing multiple drivers for the same device. The &man.arp.8; retransmission algorithm has been rewritten as that ARP requests are retransmitted without suppression, while there is demand for such ARP entry. Due to this change, a sysctl variable net.link.ether.inet.host_down_time has been removed. &merged; The &man.arp.8; now supports a sysctl variable net.link.ether.inet.log_arp_permanent_modify to suppress logging of attempts to modify permanent ARP entries. &merged; The &man.arp.8; utility now allows -i option with -d and -a options to allow all entries for a given interface to be removed. An experimental BPF Just-In-Time compiler has been implemented. To enable this, options BPF_JITTER kernel option is needed, and a sysctl variable net.bpf.jitter.enable can be used to disable this feature. The &man.gre.4; driver, which is for GRE encapsulation found in RFC 1701 and RFC 1702 now supports IPv6 over GRE. The &man.if.bridge.4; bridge driver now supports creating span ports, which transmit a copy of every frame received by the bridge. This feature can be enabled by using &man.ifconfig.8;. &merged; The &man.if.bridge.4; bridge driver now supports RFC 3378 EtherIP. This change makes it possible to add &man.gif.4; interfaces to bridges, which will then send and receive IP protocol 97 packets. Packets are Ethernet frames with an EtherIP header prepended. &merged; The path MTU discovery for multicast packets in the &os; &man.ip6.4; stack has been disabled by default because notifying path MTU by a lot of routers in multicast can be a kind of distributed Denial-of-Service attack to a router. This feature can be re-enabled by using a new sysctl variable net.inet6.ip6.mcast_pmtu. &merged; The &man.ipfw.4; IP packet filter now supports IPv6. The &man.ip6fw.8; packet filter is deprecated and will be removed in the future releases. &merged; The &man.ipfw.4; now supports substitution of the action argument with the value obtained from table lookup, which allows some optimization of rulesets. This is now applicable only to pipe, queue, divert, tee, netgraph, and ngtee rules. &merged; For example, the following rules will throw different packets to different pipes: pipe 1000 config bw 1000Kbyte/s pipe 4000 config bw 4000Kbyte/s table 1 add x.x.x.x 1000 table 1 add x.x.x.y 4000 pipe tablearg ip from table(1) to any The &man.natm.4;, Native Mode ATM protocol layer is now MPSAFE. The &man.ng.bpf.4; Netgraph node now supports BPF Just-In-Time compiler. Also, the sysctl has been changed from net.bpf.jitter.enable to net.bpf_jitter.enable and this controls both &man.bpf.4; and &man.ng.bpf.4; now. The &man.ng.iface.4; Netgraph node now supports &man.altq.4;. &merged; A bug has been fixed in which NFS over TCP would not reconnect when the server sent a FIN. This problem had occurred with Solaris NFS servers. &merged; The sysctl variable net.inet.ip.portrange.reservedhigh and net.inet.ip.portrange.reservedlow can be used with IPv6 now. A new sysctl variable net.inet.icmp.reply_from_interface has been added. This allows the &man.icmp.4; reply to non-local packets generated with the IP address the packet came through in. This is useful for routers to show in &man.traceroute.8; the actual path a packet has taken instead of the possibly different return path. A new sysctl variable net.inet.icmp.quotelen has been added. This allows to change length of the quotation of the original packet in an ICMP reply. The minimum of 8 bytes is internally enforced. The maximum quotation is the remaining space in the reply mbuf. This option is added in response to the issues raised in I-D draft-gont-icmp-payload-00.txt. The &man.icmp.4; now always quotes the entire TCP header when responding and allocate an mbuf cluster if needed. This change fixes the TCP issues raised in I-D draft-gont-icmp-payload-00.txt. A new socket option IP_MINTTL has been added. This may be used to set the minimum acceptable TTL a packet must have when received on a socket. All packets with a lower TTL are silently dropped, and this works on already connected/connecting and listening sockets for RAW, UDP, and TCP. This option is only really useful when set to 255 preventing packets from outside the directly connected networks reaching local listeners on sockets. Also, this option allows userland implementation of The Generalized TTL Security Mechanism (GTSM) found in RFC 3682. The stealth forwarding now supports IPv6 as well as IPv4. This behavior can be controlled by using a new sysctl variable net.inet6.ip6.stealth. A bug that IPV6_V6ONLY socket option does not work for UDP has been fixed. The TCP bandwidth-delay product limiting feature has been disabled when the RTT is below a certain threshold. This optimization does not make sense on a LAN as it has trouble figuring out the maximal bandwidth due to the coarse tick granularity. A new sysctl variable net.inet.tcp.inflight.rttthresh specifies the threshold in milliseconds below which this feature will disengage. It defaults to 10ms. &merged; The &man.aac.4; driver now supports the Adaptec 2610SA SATA-RAID controller in some Hewlett-Packard machines. The &man.amr.4; driver has been improved on its performance and now supports full 64-bit DMA. While this feature is enabled by default, this can be forced off by setting the hw.amr.force_sg32 loader tunable for debugging purpose. &merged; The &man.amr.4; driver now supports &man.ioctl.2; requests necessary for Linux LSI MegaRaid tools on &os;'s Linux emulation environment. &merged; The &man.ata.4; driver now supports a workaround for some controllers whose DMA does not work properly in 48bit mode. For the suspicious controllers the PIO mode will be used for access to over 137GB areas. &merged; The &man.ata.4; driver now supports the ITE IT8211F IDE controller, and Promise PDC40718 and PDC40719 chip found in Promise Fasttrak TX4300. &merged; The &man.ata.4; driver now supports DMA for kernel crash dump and crash dumping to &man.ataraid.4; device. &merged; The &man.ata.4; driver now supports USB mass storage class devices. To enable it, a line device atausb in the kernel configuration file or loading the atausb kernel module is needed. Note that this conflicts &man.umass.4; and cannot coexist with each other. The &man.ataraid.4; driver now supports JMicron ATA RAID metadata. &merged; The GEOM_LABEL class now supports Ext2FS, NTFS, and ReiserFS. &merged; The GEOM_MIRROR class now supports kernel crash dump to the GEOM providers. &merged; The GEOM_MIRROR and GEOM_RAID3 classes now support sysctl variables kern.geom.mirror.disconnect_on_failure and kern.geom.graid3.disconnect_on_failure to control whether failed components will be disconnected or not. The default value is 1 to preserve the current behavior, and if it is set to 0 such components are not disconnected and the kernel will try to still use them (only first error will be logged). This is helpful for the case of multiple broken components (in different places), so actually all data is available. The broken components will be visible in gmirror list or graid3 list output with flag BROKEN. &merged; The GEOM_MIRROR and GEOM_RAID3 classes now use parallel I/O request for synchronization to improve the performance. New sysctl variables kern.geom.mirror.sync_requests and kern.geom.raid3.sync_requests define how many parallel I/O requests should be used. Also, sysctl variables kern.geom.mirror.reqs_per_sync, kern.geom.mirror.syncs_per_sec, kern.geom.raid3.reqs_per_sync, and kern.geom.raid3.syncs_per_sec are deprecated and have been removed. &merged; A new GEOM class GEOM_ZERO has been added. It creates very huge provider (41PB) /dev/gzero and mainly for performance testing. On BIO_READ request it zero-fills bio_data and on BIO_WRITE it does nothing. &merged; The GEOM class kernel module g_md.ko has been renamed to geom_md.ko for consistency. The &man.hptmv.4; driver has been updated and now supports amd64 as well as PAE. The &man.mfi.4; driver, which supports the LSI MegaRAID SAS controller family, has been added. &merged; The &man.mpt.4; driver has been updated to support various new features such as RAID volume and RAID member state/settings reporting, periodic volume re-synchronization status reporting, and sysctl variables for volume re-synchronization rate, volume member write cache status, and volume transaction queue depth. The &man.mpt.4; driver now supports SAS HBA (partially), 64-bit PCI, and large data transfer. The &man.twa.4; driver has been updated to the 9.3.0.1 release on the 3ware Web site. &merged; A new GEOM-based disk encryption facility, GEOM_ELI, has been added. It uses the &man.crypto.9; framework for hardware acceleration and supports different cryptographic algorithms. See &man.geli.8; for more information. &merged; The &man.geli.8; now supports loading keyfiles before root file system is mounted. &merged; For example, the following entries can be used in /boot/loader.conf to enable it: geli_da0_keyfile0_load="YES" geli_da0_keyfile0_type="da0:geli_keyfile0" geli_da0_keyfile0_name="/boot/keys/da0.key0" geli_da0_keyfile1_load="YES" geli_da0_keyfile1_type="da0:geli_keyfile1" geli_da0_keyfile1_name="/boot/keys/da0.key1" geli_da0_keyfile2_load="YES" geli_da0_keyfile2_type="da0:geli_keyfile2" geli_da0_keyfile2_name="/boot/keys/da0.key2" geli_da1s3a_keyfile0_load="YES" geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0" geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" The &man.umass.4; driver now supports PLAY_MSF, PLAY_TRACK, PLAY_TRACK_REL, PAUSE, PLAY_12 commands so that the &man.cdcontrol.1; utility can handle USB CD drive. A part of the FreeBSD NFS subsystem (the interface with the protocol stack and callouts) is now MPSAFE. An initial support of SGI's XFS filesystem has been added. Intel ACPI-CA has been updated to 20051021. DRM has been updated to a snapshot from DRI CVS as of 20051202. &merged; TrustedBSD OpenBSM distribution, version 1.0 alpha 5, an implementation of the documented Sun Basic Security Module (BSM) Audit API and file format, as well as local extensions to support the Mac OS X and FreeBSD operating systems has been added. This also includes command line tools for audit trail reduction and conversion to text, as well as documentation of the commands, file format, and APIs. For this functionality, the AUDIT kernel option, /var/audit directory, and audit group have been added. Padding of ai_addrlen in struct addrinfo has been removed, which was originally for the ABI compatibility. For example, this change break the ABI compatibility of &man.getaddrinfo.3; function on 64-bit architecture including &os;/alpha, &os;/amd64, &os;/ia64, and &os;/sparc64. OpenBSM userland tools including &man.audit.8;, &man.auditd.8;, &man.auditreduce.1;, &man.praudit.1; have been added. The &man.bsdiff.1; and &man.bspatch.1; utilities have been added. These are tools for constructing and applying binary patches. The &man.bsnmpd.1; utility now supports the Host Resources MIB described in RFC 2790. &merged; The &man.cmp.1; utility now supports an -h flag to compare the symbolic link itself rather than the file that the link points to. The &man.config.8; utility now supports the nocpu directive, which cancels the effect of a previous cpu directive. &merged; The &man.config.8; utility now reads DEFAULTS kernel configuration file if it exists in the current directory before the specified configuration file. &merged; The &man.csh.1; utility now supports NLS catalog. Note that this requires installing the shells/tcsh_nls port. &merged; The csup(1) utility has been imported. This is an implementation of CVSup-compatible client written in C language. Note that it currently supports checkout mode only. The &man.devd.8; utility now supports a -f option to specify a configuration file. &merged; The &man.ftpd.8; utility now creates a PID file /var/run/ftpd.pid even when no -p option is specified. &merged; The &man.gbde.8; utility now supports -k and -K options to specify a key file in addition to a passphrase. The &man.getfacl.1; utility now supports a -q flag to suppress the per-file header comment listing the file name, owner, and group. &merged; The &man.gpt.8; utility now supports setting GPT partition labels. The &man.gvinum.8; utility now supports commands to rename objects and to move a subdisk from one drive to another. &merged; The &man.gvinum.8; utility now supports resetconfig sub-command. An implementation of Generic Security Service API (GSS-API) version 2 and its C binding described in RFC2743 and RFC2744 has been added. This is a new extensible GSS-API layer which can support GSS-API plugins, similar the the Solaris implementation, and the Kerberos 5 GSS mechanism has been rewritten as a plugin library for the new implementation. The &man.ifconfig.8; utility now supports a -k flag to allow printing potentially sensitive keying material to standard output. This sensitive information will not be printed by default. The &man.ifconfig.8; utility now supports a -tunnel parameter, which is just an alias for deletetunnel, yet is more convenient and easier to type. The -vlandev parameter to &man.ifconfig.8; no longer requires a network interface as its argument. The argument still is supported for backward compatibility, but now it is deprecated and its use is discouraged. The &man.jail.8; utility pports a -J jid_file option to write out a JidFile, similar to a PidFile, containing the jailid, path, hostname, IP and the command used to start the jail. &merged; The &man.kdump.1; utility now supports a -H flag, which causes kdump to print an additional field holding the threadid. &merged; The &man.kdump.1; program now supports a -s flag to suppress the display of I/O data. &merged; The &man.kenv.1; utility now supports a -q flag to suppress warnings. The &man.kgdb.1; now supports a -w option to open kmem-based targets in read-write mode. This allows one to use kgdb on /dev/mem and be able to patch memory on a live system. The &man.libarchive.3; library now supports POSIX.1e-style Extended Attribute. The libc library now includes initial implementation of symbol maps and symbol version definitions. The libedit library has been updated from the NetBSD source tree as of August 2005. The libm library now includes initial implementation of symbol maps and symbol version definitions. The &man.libmemstat.3; library has been added. This is for use by debugging and monitoring applications in tracking kernel memory statistics. It provides an abstracted interface to &man.uma.9; and &man.malloc.9; statistics, wrapped around the binary stream sysctl variables for the allocators. &merged; The &man.ln.1; utility now supports an -F flag which allows to delete existing empty directories, when creating symbolic links. &merged; The &man.locate.1; utility now supports a -0 flag to make this utility interoperable with &man.xargs.1;'s -0 flag. &merged; The &man.ls.1; utility now supports an -I flag to disable the automatic -A flag for the superuser. &merged; The &man.ls.1; utility now supports an -U flag to use the file creation time for sorting. The &man.mdconfig.8; utility now supports XML output of the device listing. Currently list and query sub-command support this feature. The &man.mdconfig.8; utility's -u option now supports specifying multiple devices separated by comma character. The &man.mdmfs.8; utility now supports a -P flag to allow skipping &man.newfs.8; process when using a vnode-backed disk. The &man.mdmfs.8; utility now supports a -E flag to allow to specify location of the &man.mdconfig.8; utility instead of using the default one (/sbin/mdconfig). A new function &man.memmem.3; has been implemented in libc. This is the binary equivalent to &man.strstr.3; and found in glibc. The &man.mergemaster.8; utility now supports an -A option to explicitly specify an architecture to pass through to the underlying makefiles. &merged; The &man.mount.8; nodev option has been removed. The &man.mount.8; now supports &man.mqueuefs.5;. The &man.moused.8; daemon now supports an -H flag to enable horizontal virtual scrolling similar to a -V flag for vertical virtual scrolling. &merged; The &man.netstat.1; utility now supports an -h flag for interface stats mode, which prints all interface statistics in human readable form. The &man.netstat.1; utility now supports printing &man.ipsec.4; protocol statistics if the kernel was compiled with FAST_IPSEC rather than the KAME IPSEC stack. Note that the output of netstat -s -p ipsec differs depending on which stack is compiled into the kernel since they each keep different statistics. &merged; The &man.periodic.8; daily script now supports display of the status of &man.gmirror.8;, &man.graid3.8;, &man.gstripe.8;, and &man.gconcat.8; devices. Note that these are disabled by default. &merged; A new function, &man.pidfile.3;, which provides reliable pidfiles handling, has been implemented in libutil. &merged; The &man.ping.8; utility now supports a sweeping ping in which &man.icmp.4; payload of packets being sent is increased with given step. This is useful for testing problematic channels, MTU issues or traffic policing functions in networks. The &man.pkill.1; utility now supports a -F option which allows to restrict matches to a process whose PID is stored in the pidfile file. When another new option -L is also specified, the pidfile file must be locked with the &man.flock.2; syscall or created with &man.pidfile.3;. The &man.pkill.1; utility now supports a -I flag which works like -i of &man.rm.1;. When this flag is specified, &man.pkill.1; will ask for confirmation before sending a signal to each matching process. The &man.powerd.8; program now supports a -P option which allows to specify pidfile. The DNS resolver library in &os;'s libc has been updated to BIND9's one. The &man.rfcomm.sppd.1; now supports service name in addition to -c option with channel number. The supported names are: DUN (Dial-Up Networking), FAX (Fax), LAN (LAN Access Using PPP), and SP (Serial Port). &merged; The &man.rpcgen.1; utility now generates headers and stub files which can be used with ANSI C compilers by default. The &man.rtld.1; runtime linker now supports ELF symbol versioning using GNU semantics. This implementation aims to be compatible with symbol versioning support as implemented by GNU libc and documented in and LSB 3.0. Also, dlvsym() function has been added to allow lookups for a specific version of a given symbol. The &man.sh.1; utility now supports times built-in command. The &man.snapinfo.8; utility, which shows snapshot locations on UFS filesystems, has been added. &merged; The &man.strtonum.3; library function has been implemented based on OpenBSD's implementation. This is an improved version of &man.strtoll.3;. &merged; The &man.sysctl.8; utility now supports a -q flag to suppress a limited set of warnings and errors. The &man.truss.1; utility now supports an -s flag for the same functionality as the strace utility (devel/strace). The &man.truss.1; utility now supports &os;/ppc. The &man.usbd.8; utility has been removed. The &man.devd.8; utility and its configuration file now support functionality which is equivalent to it. The &man.xargs.1; utility now supports a -r flag which makes the command execution when the standard input does not contain any non-whitespace-characters. &merged; The shared library version number of all libraries have been updated due to some possible ABI changes. The libraries include: snmp_*, libdialog, libg2c, libobjc, libreadline, libregex, libstdc++, libkrb5, libalias, libarchive, libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt, libdevstat, libedit, libexpat, libfetch, libftpio, libgpib, libipsec, libkiconv, libmagic, libmp, libncp, libncurses, libnetgraph, libngatm, libopie, libpam, libpthread, libradius, libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw, libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto, libssh, and libssl. The wcsdup() function has been implemented. This function is popular in Microsoft and GNU systems. The auditd script for OpenBSM &man.auditd.8; has been added. The bluetooth script has been added. This script will be called from &man.devd.8; in response to device attachment/detachment events and to stop/start particular device without unplugging it by hand. The configuration parameters are in /etc/defaults/bluetooth.device.conf, and can be overridden by using /etc/bluetooth/$device.conf (where $device is ubt0, btcc0, and so on.) For more details, see &man.bluetooth.conf.5;. &merged; The ftpd script for stand-alone &man.ftpd.8; has been added. The gbde_swap script has been removed in favor a new encswap script which also supports &man.geli.8; for swap encryption. The geli and geli2 scripts has been added for &man.geli.8; device configuration on boot. The ike script for IPsec IKE daemon has been removed because no such daemon is included in the base system. The hcsecd and sdpd scripts have been added for &man.hcsecd.8; and &man.sdpd.8; daemons. These daemons can run even if no Bluetooth devices are attached to the system, but both daemons depend on Bluetooth socket layer and thus disabled by default. Bluetooth sockets layer must be either loaded as a module or compiled into kernel before the daemons can run. &merged; The hostapd script for &man.hostapd.8; has been added. &merged; The netif script now supports ipv4_addrs_ifn, which adds one or more IPv4 address from a ranged list in CIRD notation. &merged; For example: ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28" The rcconf.sh in /etc/rc.d has been removed and a variable early_late_divider, which designates the script to separate the early and late stages of the boot process, has been added. The rc.initdiskless now uses &man.tar.1; instead of &man.pax.1; because the &man.pax.1; needs a writable temporary directory. The pccard script has been removed since OLDCARD is deprecated. The ppp-user script has been renamed to ppp. &merged; The removable_interfaces variable has been removed. A new keyword NOAUTO in ifconfig_ifn has been added. This prevents configuration of an interface at boot time or via /etc/pccard_ether, and allows /etc/rc.d/netif to be used to start and stop an interface on a purely manual basis. BIND has been updated from 9.3.1 to 9.3.2. &merged; BSNMPD has been updated from 1.11 to 1.12. GNU Readline library has been updated from 5.0 to 5.1. GNU Troff has been updated from version 1.19 to version 1.19.2. &merged; IPFilter has been updated from 4.1.8 to 4.1.10. OpenSSH has been updated from 4.2p1 to 4.3p1. hostapd has been updated from version 0.3.9 to version 0.4.8. &merged; sendmail has been updated from 8.13.4 to 8.13.6. &merged; The timezone database has been updated from the tzdata2005l release to the tzdata2005r release. &merged; WPA Supplicant has been updated from version 0.3.9 to version 0.4.8. &merged; zlib has been updated from version 1.2.2 to version 1.2.3. The &man.pkg.add.1; now supports an -F flag to disable checking whether the same package is already installed or not. The &man.pkg.add.1; program now supports an -P flag, which is the same as the -p flag except that the given prefix is also used recursively for the dependency packages if any. &merged; The &man.pkg.add.1; and &man.pkg.create.1; utilities now support a -K flag to save packages to the current directory (or PKGDIR if defined) by default. &merged; The &man.pkg.create.1; program now supports an -x flag to support basic regular expressions for package name, an -E flag for extended regular expressions, and a -G for exact matching. &merged; The &man.pkg.version.1; utility now supports an -o flag to show the origin recorded on package generation instead of the package name, and an -O flag to list packages whose registered origin is origin only. &merged; The &man.portsnap.8; utility (sysutils/portsnap) has been added into the &os; base system. This is a secure, easy to use, fast, lightweight, and generally good way for users to keep their ports trees up to date. &merged; A incorrect handling of HTTP_PROXY_AUTH in the &man.portsnap.8; utility has been fixed. &merged; The startup scripts from the local_startup directory now evaluated by using &man.rcorder.8; with scripts in the base system. &merged; The suffix of startup scripts from the Ports Collection has been removed. This means foo.sh is renamed to foo, and now scripts whose name is something like foo.ORG will also be invoked. You are recommended to reinstall packages which install such scripts and remove extra files in the local_startup directory. &merged; New rc.conf variables, ldconfig_local_dirs and ldconfig_local32_dirs have been added. These hold lists of local &man.ldconfig.8; directories. &merged; The @cwd command in pkg-plist now allows no directory argument. If no directory argument is given, it will set current working directory to the first prefix given by the @cwd command. &merged; The default partition sizing algorithm of the &man.sysinstall.8; utility has been changed. On systems where the disk capacity is larger than (3 * RAMsize + 10GB), the default sizes will now be as follows: Partition Size swapRAMsize * 2 /512 MB /tmp512 MB /var1024 MB + RAMsize /usrthe rest (8GB or more) On systems where the disk capacity is larger than (RAMsize / 8 + 2 GB), the default sizes will be in the following ranges, with space allocated proportionally: Partition Size swapfrom RAMsize / 8 to RAMsize * 2 /from 256MB to 512MB /tmpfrom 128MB to 512MB /varfrom 128MB to 1024MB /usrfrom 1536MB to 8192MB On systems with even less disk space, the existing behavior is not changed. A bug that CHECKSUM.MD5 includes an incorrect checksum of the file itself has been fixed. A new &man.make.1; target make showconfig has been added in src/Makefile to show build configuration of the &os; source tree. The src.conf file, which contains settings that will apply to every build involving the &os; source tree, has been added. For details, see &man.build.7; and &man.src.conf.5;. The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.10.2 to 2.12.3. &merged; The supported version of the KDE desktop environment (x11/kde2) has been updated from 3.4.2 to 3.5.1. &merged; The supported version of the Perl interpreter (lang/perl5.8) has been updated from 5.8.7 to 5.8.8. &merged; The supported version of the &xorg; windowing system (x11/xorg) has been updated from 6.8.2 to 6.9.0. &merged; Documentation of existing functionality has been improved by the addition of the following manual pages: &man.acpi.sony.4;, &man.snd.mss.4;, &man.snd.t4dwave.4;. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.