&os;/&arch; &release.current; Release NotesThe &os; Project$FreeBSD$2000200120022003200420052006The &os; Documentation Project
&tm-attrib.freebsd;
&tm-attrib.ibm;
&tm-attrib.ieee;
&tm-attrib.intel;
&tm-attrib.sparc;
&tm-attrib.general;
The release notes for &os; &release.current; contain a summary
of the changes made to the &os; base system on the
&release.branch; development line.
This document lists applicable security advisories that were issued since
the last release, as well as significant changes to the &os;
kernel and userland.
Some brief remarks on upgrading are also presented.IntroductionThis document contains the release notes for &os;
&release.current; on the &arch.print; hardware platform. It
describes recently added, changed, or deleted features of &os;.
It also provides some notes on upgrading
from previous versions of &os;.
The &release.type; distribution to which these release notes
apply represents the latest point along the &release.branch; development
branch since &release.branch; was created. Information regarding pre-built, binary
&release.type; distributions along this branch
can be found at .
]]>
The &release.type; distribution to which these release notes
apply represents a point along the &release.branch; development
branch between &release.prev; and the future &release.next;.
Information regarding
pre-built, binary &release.type; distributions along this branch
can be found at .
]]>
This distribution of &os; &release.current; is a
&release.type; distribution. It can be found at or any of its mirrors. More
information on obtaining this (or other) &release.type;
distributions of &os; can be found in the Obtaining
&os; appendix to the &os;
Handbook.
]]>
All users are encouraged to consult the release errata before
installing &os;. The errata document is updated with
late-breaking information discovered late in the
release cycle or after the release. Typically, it contains
information on known bugs, security advisories, and corrections to
documentation. An up-to-date copy of the errata for &os;
&release.current; can be found on the &os; Web site.What's NewThis section describes
the most user-visible new or changed features in &os;
since &release.prev;.
In general, changes described here are unique to the &release.branch;
branch unless specifically marked as &merged; features.
Typical release note items
document recent security advisories issued after
&release.prev;,
new drivers or hardware support, new commands or options,
major bug fixes, or contributed software upgrades. They may also
list changes to major ports/packages or release engineering
practices. Clearly the release notes cannot list every single
change made to &os; between releases; this document focuses
primarily on security advisories, user-visible changes, and major
architectural improvements.Security AdvisoriesA temporary file vulnerability in &man.texindex.1;, which
could allow a local attacker to overwrite files in the context
of a user running the &man.texindex.1; utility, has been fixed.
For more details see security advisory FreeBSD-SA-06:01.texindex. &merged;A temporary file vulnerability in the &man.ee.1; text
editor, which could allow a local attacker to overwrite files in
the context of a user running &man.ee.1;, has been fixed. For
more details see security advisory FreeBSD-SA-06:02.ee. &merged;Several vulnerabilities in the &man.cpio.1; utility have
been corrected. For more
details see security advisory FreeBSD-SA-06:03.cpio. &merged;An error in &man.ipfw.4; IP fragment handling, which could
cause a crash, has been fixed. For more
details see security advisory FreeBSD-SA-06:04.ipfw. &merged;A potential buffer overflow in the IEEE 802.11 scanning code
has been corrected. For more
details see security advisory FreeBSD-SA-06:05.80211. &merged;Two instances in which portions of kernel memory could be
disclosed to users have been fixed. For more details see
security advisory FreeBSD-SA-06:06.kmem. &merged;A logic bug in the IP fragment handling in &man.pf.4;, which
could cause a crash under certain circumstances, has been fixed.
For more details see security advisory FreeBSD-SA-06:07.pf. &merged;An information disclosure issue found in the
&os; kernel running on 7th- and 8th-generation AMD processors
has been fixed. For more details see security advisory FreeBSD-SA-06:14.fpu. &merged;Kernel Changes&man.acpi.4; now has basic support for the HPET time counter.The &man.acpi.ibm.4; driver now supports setting the fan control
mode to manual or automatic, and adjusting the fan speed if the
fan control mode is manual. To enable manual control of the fan speed,
the sysctl variable dev.acpi_ibm.0.fan
needs to be set to zero (manual). This should only be used with
extreme precaution, as disabling automatic fan control might
overheat the hardware and lead to permanent damage.The &man.ddb.4; debugger now provides the show lock
command. If the argument has a valid lock class,
this displays various information about the lock and calls a
new function pointer in lock_class (lc_ddb_show) to dump class-specific
information about the lock as well (such as the owner of a mutex or
xlock'ed sx lock). &merged;The &man.ddb.4; debugger now provides the show sleepq
command. This takes a wait channel as an argument and looks
for a sleep queue associated with that wait channel.DEFAULTS kernel configuration files
for each platform have been added. &merged;A bug in file descriptor handling such that simple
close(0); dup(fd) sequence does not return
descriptor 0 in some cases, has been fixed.The &man.firmware.9; subsystem has been added. This allows
to load binary data into the kernel via a specially crafted module.
&merged;The &man.gdb.1; remote debugging interface now supports
copying console messages to a remote debugger instance.
To enable this, set debug.gdbcons="1"
in loader.conf, enter boot -d;
gdb; step from the loader prompt,
then attach &man.gdb.1; from a remote machine.
The sysctl variable debug.gdbcons can be
used to turn on/off this functionality.&man.hwpmc.4; and &man.pmcstat.8; now support profiling
of dynamically loaded kernel modules and
dlopen()'ed shared objects.
&man.pmcstat.8; can now log over a network socket
to a remote host.The &man.random.4; entropy device driver is now MPSAFE.
&merged;The SIGCHLD signal queuing has been
added. For each child process whose status has been changed,
a SIGCHLD instance is queued. If the signal is still pending,
and the process changed status several times, the signal information
is updated to reflect the latest process status.
There is a loader tunable kern.sigqueue.queue_sigchild
which can control the behavior, setting it to zero disables the
SIGCHLD queuing feature.Instead of dumping the whole physical
memory, the kernel now defaults to dump only pages that are
actively mapped into kvm. A new sysctl variable
debug.minidump
can be used to turn off this behavior when set to zero.A new sysctl variable kern.malloc_stats
has been added. This allows to export kernel malloc
statistics via a binary structure stream.A new sysctl variable kern.elf[32|64].can_exec_dyn
has been added. This allows to execute a ET_DYN binary
(shared object) when the variable is set to 1.
This is set to 0 by default and useful for some
Linux scripts which expect to be able to execute
/lib/ld-linux.so.2.A new sysctl variable kern.elf[32|64].can_exec_dyn
has been removed. Instead the brandinfo
structure has been extended to be able to provide the
BI_CAN_EXEC_DYN flag for all brands that usually
allow executing ELF dynamic binaries.A new sysctl variable kern.forcesigexit
has been added. This forces a process
to sigexit if a trap signal is being held by the current thread or
ignored by the current process and is enabled by default.RedZone, a buffer corruption protection for kernel &man.malloc.9;
facility has been implemented. This detects both of buffer underflows and
buffer overflows bugs at runtime on &man.free.9; and &man.realloc.9;,
and prints backtraces from where memory was allocated and from where
it was freed. For more details, see the &man.redzone.9; manual page.A new sysctl variable security.mac.biba.interfaces_equal
which makes all network interfaces be created with the label
biba/equal(equal-equal), has been added.
This is useful where programs such as &man.dhclient.8; and &man.ppp.8;.
which initialize network interfaces do not have any labeling support.
This variable is set as 0(disabled) by default.
&merged;A new sysctl variable vm.zone_stats
has been added. This allows to export &man.uma.9; allocator
statistics via a binary structure stream.The sysctl variable hw.pci.do_powerstate
has been changed from a boolean to a range.
0 means no power management,
1 means conservative power management which
any device class that has caused problems is added to the watch list,
2 means aggressive power management where
any device class that is not fundamental to the system is added to the list,
and 3 means power them all down unconditionally.
The default is 1.The GENERIC kernel now enables
SMP support by default.Sample kernel configuration files
src/sys/arch/conf/MAC
for the Mandatory Access Control framework have been added.POSIX_TIMERS support has been updated to 200112L.An experimental support for POSIX message queue has been
implemented.The support for Xbox, whose architecture is nearly identical
has been added. For details of the latest development,
see .Boot Loader ChangesA new option ,
which allows setting the boot2
serial console speed in the /boot.config
file or on the boot: prompt line,
has been added.A new loader tunable
comconsole_speed to change
the serial console speed has been added.
If the previous stage boot loader requested a serial console
then the default speed is determined from the current serial port
speed, and otherwise it is set to 9600 or the value of
the kernel option BOOT_COMCONSOLE_SPEED
at compile time. &merged;Hardware SupportThe &man.acpi.thermal.4; driver now supports
passive cooling. &merged;The &man.cardbus.4; driver now supports
/dev/cardbus%d.cis.The &man.ce.4; driver,
which supports Cronyx Tau-PCI/32 adapters, has been added.
&merged;Support for the PadLock Security Co-processor in VIA C3
processors has been added to the &man.crypto.9; subsystem.
&merged;A bug which prevents the &man.ichsmb.4; kernel module
from unloading has been fixed.&man.ipmi.4;, an OpenIPMI compatible driver,
has been added.
OpenIPMI (Intelligent Platform Management Interface) is an open
standard designed to enable remote monitoring and control of server,
networking and telecommunication platforms.The &man.kbdmux.4; driver has been integrated into &man.syscons.4; and
the kbd device driver.
By default &man.syscons.4; will look for the &man.kbdmux.4;
keyboard first, and then, if not found, look for any keyboard.
Switching to &man.kbdmux.4; can be done at boot time by loading
the kbdmux kernel module via &man.loader.8;,
or at runtime via &man.kldload.8; and releasing the active
keyboard. &merged;The &man.kbdmux.4; driver has been included in the
GENERIC kernel by default.
Also, the Boot FreeBSD with USB keyboard
menu item in the boot loader menu has been removed
since this fixes USB keyboard probing problems.
&merged;The loader tunable debug.mpsafevfs
is set to 1 by default.The &man.sab.4; driver has been removed (it has been
superceded by the &man.scc.4; driver).The &man.scc.4; driver has been added.
This provides generic support for serial communications
controllers and delegates the control over each channel
and mode to a subordinate driver such as &man.uart.4;.The smbios(4) driver support for amd64 has been
added.The tnt4882(4) driver which supports National Instruments
PCI-GPIB card has been added.The &man.uart.4; driver has been included in the
GENERIC kernel by default.
When both &man.sio.4; and &man.uart.4; can handle a serial port,
&man.sio.4; will claim it.The &man.uart.4; driver now supports LOM (Lights Out Management)
and RSC (Remote System Control) devices as console.A new loader tunable
hw.apic.enable_extint has been added.
This tunable can be used not to mask the ExtINT pin on the first
I/O APIC. At least one chipset for Intel Pentium III seems
to need this even though all of the pins in the 8259A's are masked.
The default is still to mask the ExtINT pin.Support has been improved for
so-called legacy-free hardware, in particular,
i386 systems without AT-style keyboard controllers such as the
Macbook Pro.Multimedia SupportThe &man.agp.4; driver now supports ATI IGP chipsets.
&merged;The &man.sound.4; driver now supports
wider range sampling rate, multiple precisions choice,
and 24/32 bit PCM format conversion. &merged;The &man.snd.als4000.4; driver is now MPSAFE. &merged;The &man.snd.atiixp.4; driver has been added.
This supports ATI IXP 200/300/400 series audio controllers. &merged;The &man.snd.atiixp.4; driver now supports
suspend and resume features.The &man.snd.cmi.4; driver is now MPSAFE.The &man.snd.es137x.4; driver is now MPSAFE. &merged;The &man.snd.ich.4; driver is now MPSAFE. &merged;The &man.snd.solo.4; driver is now MPSAFE. &merged;The &man.snd.via8233.4; driver is now MPSAFE. &merged;The &man.snd.via82c686.4; driver is now MPSAFE. &merged;The &man.speaker.4; driver now supports &os;/amd64. &merged;The &man.uaudio.4; driver now supports 24/32 bit audio
formats and conversion.Network Interface SupportThe &man.ath.4; driver has been updated to
version 0.9.16.16. &merged;The &man.bce.4; driver, which supports Broadcom
NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet controllers,
has been added. For more details, see &man.bce.4;. &merged;The &man.bge.4; driver's Jumbo frame support is now MPSAFE.The &man.bge.4; driver now supports big-endian
architectures such as sparc64.The &man.bge.4; driver now supports &man.polling.4; mode.
&merged;The &man.dc.4; driver is now MPSAFE. &merged;The &man.de.4; driver has been converted to the &man.bus.dma.9;
API and is now MPSAFE.The &man.ed.4; driver is now MPSAFE.The &man.el.4; driver has been removed.The &man.em.4; driver now supports big-endian
architectures such as sparc64. &merged;The &man.em.4; driver has been updated to
version 3.2.18 from Intel, and now supports
82571 and 82572 based adapters.The &man.em.4; driver now includes
initial support for suspend and resume features.The &man.em.4; driver has been improved on
its performance by using a fast interrupt handler and taskqueue
instead of ithread handler. This change can be disabled
by defining NO_EM_FASTINTR kernel option
for debugging purpose.The &man.iwi.4; driver now supports big-endian
architectures such as sparc64.The &man.le.4; driver, which supports AMD Am7900 LANCE
and Am79C9xx PCnet NICs and is based on NetBSD's implementation,
has been added. While the &man.lnc.4; driver also supports these
NICs, this driver has several advantages over it such as
MPSAFE, ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI
variants. &merged;The &man.lge.4; driver is now MPSAFE. &merged;The &man.my.4; driver is now MPSAFE. &merged;The &man.myri10ge.4; driver,
which supports Myricom Myri10GE 10 Gigabit Ethernet
adapters, has been added. For more details, see
&man.myri10ge.4;.The &man.nve.4; driver has been updated to version 1.0-0310
(23-Nov-2005).The &man.pcn.4; driver is now MPSAFE. &merged;The &man.re.4; driver now supports D-Link DGE-528(T)
Gigabit Ethernet card.The &man.sf.4; driver is now MPSAFE. &merged;The &man.sk.4; driver is now MPSAFE.The &man.ste.4; driver is now MPSAFE.The &man.ti.4; driver now supports big-endian
architectures such as sparc64.The &man.ufoma.4; driver for
FOMA (third generation mobile phone system by NTT DoCoMo, Inc.
in Japan) has been added.
This should support other third generation mobile phones
since the driver is based on USB Implementation Guideline
from MCPC (Mobile Computing Promotion Consortium) in Japan.The vgapci(4) driver has been added. This is a stub
device driver for VGA PCI devices and serves as a bus
so that other drivers such as drm(4),
&man.acpi.video.4;, and &man.agp.4; can attach to
it thus allowing multiple drivers for the same device.Network ProtocolsThe &man.arp.8; retransmission algorithm has been
rewritten as that ARP requests are retransmitted without
suppression, while there is demand for such ARP entry.
Due to this change, a sysctl variable
net.link.ether.inet.host_down_time
has been removed. &merged;The &man.arp.8; now supports a sysctl variable
net.link.ether.inet.log_arp_permanent_modify
to suppress logging of attempts to modify
permanent ARP entries. &merged;The &man.arp.8; utility now allows
option with and options
to allow all entries for a given interface to be removed.An experimental BPF Just-In-Time compiler
has been implemented. To enable this,
options BPF_JITTER kernel option is needed,
and a sysctl variable net.bpf.jitter.enable
can be used to disable this feature.The &man.gre.4; driver, which is for GRE encapsulation
found in RFC 1701 and RFC 1702 now supports IPv6 over GRE.The &man.if.bridge.4; bridge driver now supports
creating span ports, which transmit a copy of every frame
received by the bridge. This feature can be enabled
by using &man.ifconfig.8;. &merged;The &man.if.bridge.4; bridge driver now supports
RFC 3378 EtherIP. This change makes it possible to
add &man.gif.4; interfaces to bridges, which will then
send and receive IP protocol 97 packets.
Packets are Ethernet frames with an EtherIP header prepended.
&merged;The path MTU discovery for multicast packets in the &os;
&man.ip6.4; stack has been disabled by default because
notifying path MTU by a lot of routers in multicast
can be a kind of distributed Denial-of-Service attack to a router.
This feature can be re-enabled by using a new sysctl variable
net.inet6.ip6.mcast_pmtu. &merged;The &man.ipfw.4; IP packet filter now supports IPv6.
The &man.ip6fw.8; packet filter is deprecated and will be removed
in the future releases. &merged;The &man.ipfw.4; now supports substitution of the action
argument with the value obtained from table lookup,
which allows some optimization of rulesets.
This is now applicable only to pipe,
queue,
divert,
tee,
netgraph,
and ngtee rules. &merged;
For example, the following rules will throw different
packets to different pipes:pipe 1000 config bw 1000Kbyte/s
pipe 4000 config bw 4000Kbyte/s
table 1 add x.x.x.x 1000
table 1 add x.x.x.y 4000
pipe tablearg ip from table(1) to anyThe &man.natm.4;, Native Mode ATM protocol layer is now MPSAFE.The &man.ng.bpf.4; Netgraph node now supports BPF Just-In-Time compiler.
Also, the sysctl has been changed from net.bpf.jitter.enable
to net.bpf_jitter.enable and this controls
both &man.bpf.4; and &man.ng.bpf.4; now.The &man.ng.iface.4; Netgraph node now supports &man.altq.4;.
&merged;A bug has been fixed in which NFS over TCP would not reconnect
when the server sent a FIN. This problem had occurred
with Solaris NFS servers. &merged;The sysctl variable net.inet.ip.portrange.reservedhigh
and net.inet.ip.portrange.reservedlow
can be used with IPv6 now.A new sysctl variable net.inet.icmp.reply_from_interface
has been added. This allows the &man.icmp.4;
reply to non-local packets generated with
the IP address the packet came through in.
This is useful for routers to show in &man.traceroute.8;
the actual path a packet has taken instead of
the possibly different return path.A new sysctl variable net.inet.icmp.quotelen
has been added. This allows to change length of
the quotation of the original packet in an ICMP reply.
The minimum of 8 bytes is internally enforced.
The maximum quotation is the remaining space in the
reply mbuf. This option is added in response to the
issues raised in I-D
draft-gont-icmp-payload-00.txt.The &man.icmp.4; now always quotes the entire TCP header
when responding and allocate an mbuf cluster if needed.
This change fixes the TCP issues raised in I-D
draft-gont-icmp-payload-00.txt.A new socket option IP_MINTTL has been added.
This may be used to set the minimum acceptable
TTL a packet must have when received on a socket.
All packets with a lower TTL are silently dropped,
and this works on already connected/connecting and
listening sockets for RAW, UDP, and TCP. This option
is only really useful when set to 255 preventing packets
from outside the directly connected networks reaching
local listeners on sockets. Also, this option allows
userland implementation of The Generalized TTL
Security Mechanism (GTSM) found in RFC 3682.The stealth forwarding now supports IPv6 as well as IPv4.
This behavior can be controlled by using a new sysctl variable
net.inet6.ip6.stealth.A bug that IPV6_V6ONLY socket option
does not work for UDP has been fixed.The TCP bandwidth-delay product limiting feature has
been disabled when the RTT is below a certain threshold.
This optimization does not make sense on a LAN as it has
trouble figuring out the maximal bandwidth due to the coarse
tick granularity. A new sysctl variable
net.inet.tcp.inflight.rttthresh specifies
the threshold in milliseconds below which this feature
will disengage. It defaults to 10ms. &merged;Disks and StorageThe &man.aac.4; driver now supports the Adaptec 2610SA SATA-RAID
controller in some Hewlett-Packard machines.The &man.amr.4; driver has been improved on its performance
and now supports full 64-bit DMA. While this feature is
enabled by default, this can be forced off by setting the
hw.amr.force_sg32 loader tunable for
debugging purpose.
&merged;The &man.amr.4; driver now supports &man.ioctl.2; requests
necessary for Linux LSI MegaRaid tools on &os;'s Linux emulation
environment.
&merged;The &man.ata.4; driver now supports a workaround
for some controllers whose DMA does not work properly
in 48bit mode. For the suspicious controllers
the PIO mode will be used for access to over 137GB areas.
&merged;The &man.ata.4; driver now supports the ITE IT8211F IDE controller,
and Promise PDC40718 and PDC40719 chip found in Promise
Fasttrak TX4300.
&merged;The &man.ata.4; driver now supports DMA for kernel crash dump
and crash dumping to &man.ataraid.4; device.
&merged;The &man.ata.4; driver now supports USB mass storage class
devices. To enable it, a line device atausb
in the kernel configuration file or loading the
atausb kernel module is needed.
Note that this conflicts &man.umass.4; and cannot coexist with
each other.The &man.ataraid.4; driver now supports
JMicron ATA RAID metadata. &merged;The GEOM_LABEL class now supports
Ext2FS, NTFS, and ReiserFS. &merged;The GEOM_MIRROR class now supports
kernel crash dump to the GEOM providers.
&merged;The GEOM_MIRROR and GEOM_RAID3
classes now support sysctl variables
kern.geom.mirror.disconnect_on_failure
and
kern.geom.graid3.disconnect_on_failure
to control whether failed components will be disconnected or not.
The default value is 1 to preserve the current
behavior, and if it is set to 0 such components
are not disconnected and the kernel will try to still use them
(only first error will be logged).
This is helpful for the case of multiple broken components (in
different places), so actually all data is available.
The broken components will be visible in gmirror list
or graid3 list output with flag
BROKEN.
&merged;The GEOM_MIRROR and GEOM_RAID3
classes now use parallel I/O request for synchronization
to improve the performance. New sysctl variables
kern.geom.mirror.sync_requests and
kern.geom.raid3.sync_requests
define how many parallel I/O requests should be used.
Also, sysctl variables
kern.geom.mirror.reqs_per_sync,
kern.geom.mirror.syncs_per_sec,
kern.geom.raid3.reqs_per_sync, and
kern.geom.raid3.syncs_per_sec
are deprecated and have been removed.
&merged;A new GEOM class GEOM_ZERO has been added.
It creates very huge provider (41PB) /dev/gzero
and mainly for performance testing.
On BIO_READ request it zero-fills
bio_data and on BIO_WRITE
it does nothing.
&merged;The GEOM class kernel module g_md.ko
has been renamed to geom_md.ko
for consistency.The &man.hptmv.4; driver has been updated and now supports
amd64 as well as PAE.The &man.mfi.4; driver, which supports
the LSI MegaRAID SAS controller family, has been added.
&merged;The &man.mpt.4; driver has been updated to support
various new features such as RAID volume and RAID member
state/settings reporting, periodic volume re-synchronization
status reporting, and sysctl variables for volume
re-synchronization rate, volume member write cache status,
and volume transaction queue depth.The &man.mpt.4; driver now supports SAS HBA (partially),
64-bit PCI, and large data transfer.The &man.twa.4; driver has been updated to the 9.3.0.1
release on the 3ware Web site. &merged;A new GEOM-based disk encryption facility, GEOM_ELI, has been
added. It uses the &man.crypto.9; framework for hardware acceleration
and supports different cryptographic algorithms. See &man.geli.8; for
more information. &merged;The &man.geli.8; now supports loading keyfiles before root
file system is mounted. &merged;
For example, the following entries
can be used in /boot/loader.conf to enable
it:geli_da0_keyfile0_load="YES"
geli_da0_keyfile0_type="da0:geli_keyfile0"
geli_da0_keyfile0_name="/boot/keys/da0.key0"
geli_da0_keyfile1_load="YES"
geli_da0_keyfile1_type="da0:geli_keyfile1"
geli_da0_keyfile1_name="/boot/keys/da0.key1"
geli_da0_keyfile2_load="YES"
geli_da0_keyfile2_type="da0:geli_keyfile2"
geli_da0_keyfile2_name="/boot/keys/da0.key2"
geli_da1s3a_keyfile0_load="YES"
geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"The &man.umass.4; driver now supports
PLAY_MSF,
PLAY_TRACK,
PLAY_TRACK_REL,
PAUSE,
PLAY_12 commands so that
the &man.cdcontrol.1; utility can handle USB CD drive.File SystemsA part of the FreeBSD NFS subsystem (the interface with
the protocol stack and callouts) is now MPSAFE.An initial support of SGI's XFS filesystem has been
added.Contributed SoftwareIntel ACPI-CA
has been updated to 20051021.DRM has
been updated to a snapshot from DRI CVS as of 20051202. &merged;TrustedBSD OpenBSM distribution,
version 1.0 alpha 5, an implementation of the documented Sun Basic
Security Module (BSM) Audit API and file format, as well as local
extensions to support the Mac OS X and FreeBSD operating systems
has been added. This also includes command line tools for audit
trail reduction and conversion to text, as well as documentation
of the commands, file format, and APIs.
For this functionality, the AUDIT kernel option,
/var/audit directory, and
audit group have been added.Userland ChangesPadding of ai_addrlen
in struct addrinfo has been removed,
which was originally for the ABI compatibility.
For example, this change break the ABI compatibility of
&man.getaddrinfo.3; function on 64-bit architecture including
&os;/alpha, &os;/amd64, &os;/ia64, and &os;/sparc64.OpenBSM userland tools including &man.audit.8;,
&man.auditd.8;,
&man.auditreduce.1;,
&man.praudit.1; have been added.The &man.bsdiff.1; and &man.bspatch.1; utilities
have been added. These are tools for constructing and
applying binary patches.The &man.bsnmpd.1; utility now supports the Host Resources
MIB described in RFC 2790. &merged;The &man.cmp.1; utility now supports an
flag to compare the symbolic link itself rather than the
file that the link points to.The &man.config.8; utility now supports the nocpu
directive, which cancels the effect of a
previous cpu directive. &merged;The &man.config.8; utility now reads DEFAULTS
kernel configuration file if it exists in the current directory
before the specified configuration file. &merged;The &man.csh.1; utility now supports NLS catalog.
Note that this requires installing
the shells/tcsh_nls port.
&merged;The csup(1) utility has been imported.
This is an implementation of CVSup-compatible client written
in C language. Note that it currently supports checkout mode
only.The &man.devd.8; utility now supports a option
to specify a configuration file. &merged;The &man.ftpd.8; utility now creates a PID file
/var/run/ftpd.pid even when
no option is specified. &merged;The &man.gbde.8; utility now supports
and options
to specify a key file in addition to a passphrase.The &man.getfacl.1; utility now supports
a flag to suppress the per-file header
comment listing the file name, owner, and group.
&merged;The &man.gpt.8; utility now supports setting GPT partition labels.The &man.gvinum.8; utility now supports commands
to rename objects and to move a subdisk from
one drive to another. &merged;The &man.gvinum.8; utility now supports
resetconfig sub-command.An implementation of Generic Security Service API (GSS-API)
version 2 and its C binding described in RFC2743 and RFC2744
has been added. This is a new extensible GSS-API layer which
can support GSS-API plugins, similar the the Solaris
implementation, and the Kerberos 5 GSS mechanism has
been rewritten as a plugin library for the new implementation.The &man.ifconfig.8; utility now supports
a flag to allow printing
potentially sensitive keying material to standard output.
This sensitive information will not be printed by default.The &man.ifconfig.8; utility now supports a
parameter, which is just an alias for ,
yet is more convenient and easier to type.The parameter to &man.ifconfig.8;
no longer requires a network interface as its argument. The
argument still is supported for backward compatibility, but now
it is deprecated and its use is discouraged.The &man.jail.8; utility pports a option to
write out a JidFile, similar to a PidFile, containing
the jailid, path, hostname, IP and the command used to start
the jail. &merged;The &man.kdump.1; utility now supports a
flag, which causes kdump to print an additional field holding
the threadid. &merged;The &man.kdump.1; program now supports a
flag to suppress the display of I/O data. &merged;The &man.kenv.1; utility now supports a
flag to suppress warnings.The &man.kgdb.1; now supports a
option to open kmem-based targets in read-write mode.
This allows one to use kgdb on /dev/mem
and be able to patch memory on a live system.The &man.libarchive.3; library now supports
POSIX.1e-style Extended Attribute.The libc library now includes
initial implementation of symbol maps and symbol version
definitions.The libedit library has been
updated from the NetBSD source tree as of August 2005.The libm library now includes
initial implementation of symbol maps and symbol version
definitions.The &man.libmemstat.3; library has been added.
This is for use by debugging and monitoring applications
in tracking kernel memory statistics. It provides an
abstracted interface to &man.uma.9; and &man.malloc.9;
statistics, wrapped around the binary stream sysctl variables
for the allocators. &merged;The &man.ln.1; utility now supports
an flag which allows to delete existing
empty directories, when creating symbolic links.
&merged;The &man.locate.1; utility now supports
a flag to make this utility
interoperable with &man.xargs.1;'s flag.
&merged;The &man.ls.1; utility now supports
an flag to disable the automatic
flag for the superuser. &merged;The &man.ls.1; utility now supports
an flag to use the file creation
time for sorting.The &man.mdconfig.8; utility now supports XML
output of the device listing. Currently
list and query
sub-command support this feature.The &man.mdconfig.8; utility's option
now supports specifying multiple devices separated
by comma character.The &man.mdmfs.8; utility now supports a flag
to allow skipping &man.newfs.8; process
when using a vnode-backed disk.The &man.mdmfs.8; utility now supports a flag
to allow to specify location of the &man.mdconfig.8;
utility instead of using the default one
(/sbin/mdconfig).A new function &man.memmem.3; has been implemented in
libc. This is the binary equivalent to
&man.strstr.3; and found in glibc.The &man.mergemaster.8; utility now supports
an option to explicitly specify
an architecture to pass through to the underlying makefiles.
&merged;The &man.mount.8; nodev option has
been removed.The &man.mount.8; now supports &man.mqueuefs.5;.The &man.moused.8; daemon now supports an flag
to enable horizontal virtual scrolling similar to a
flag for vertical virtual scrolling.
&merged;The &man.netstat.1; utility now supports an
flag for interface stats mode,
which prints all interface statistics in human readable form.The &man.netstat.1; utility now supports
printing &man.ipsec.4; protocol statistics if the
kernel was compiled with FAST_IPSEC
rather than the KAME IPSEC stack.
Note that the output of netstat -s -p ipsec
differs depending on which stack is compiled into
the kernel since they each keep different statistics. &merged;The &man.periodic.8; daily script now supports
display of the status of &man.gmirror.8;, &man.graid3.8;,
&man.gstripe.8;, and &man.gconcat.8; devices.
Note that these are disabled by default. &merged;A new function, &man.pidfile.3;, which provides reliable
pidfiles handling, has been implemented in
libutil. &merged;The &man.ping.8; utility now supports a sweeping
ping in which &man.icmp.4; payload of
packets being sent is increased with given step.
This is useful for testing problematic channels, MTU issues
or traffic policing functions in networks.The &man.pkill.1; utility now supports a
option which allows to
restrict matches to a process whose PID is stored in the
pidfile file. When another new option
is also specified, the pidfile file must be locked with the
&man.flock.2; syscall or created with &man.pidfile.3;.The &man.pkill.1; utility now supports a
flag which works like
of &man.rm.1;. When this flag is specified, &man.pkill.1;
will ask for confirmation before sending a signal to
each matching process.The &man.powerd.8; program now supports a
option which allows to specify pidfile.The DNS resolver library in &os;'s libc
has been updated to BIND9's one.The &man.rfcomm.sppd.1; now supports service name
in addition to option with channel number.
The supported names are: DUN (Dial-Up Networking), FAX (Fax),
LAN (LAN Access Using PPP), and SP (Serial Port). &merged;The &man.rpcgen.1; utility now generates headers and stub files
which can be used with ANSI C compilers by default.The &man.rtld.1; runtime linker now supports ELF symbol versioning
using GNU semantics. This implementation aims to be compatible
with symbol versioning support as implemented by GNU libc and
documented in
and LSB 3.0. Also, dlvsym()
function has been added to
allow lookups for a specific version of a given symbol.The &man.sh.1; utility now supports times
built-in command.The &man.snapinfo.8; utility, which shows snapshot locations
on UFS filesystems, has been added. &merged;The &man.strtonum.3; library function has been implemented
based on OpenBSD's implementation. This is an improved version of
&man.strtoll.3;. &merged;The &man.sysctl.8; utility now supports a
flag to suppress a limited set of warnings and errors.The &man.truss.1; utility now supports an
flag for the same functionality as the strace utility
(devel/strace).The &man.truss.1; utility now supports &os;/ppc.The &man.usbd.8; utility has been removed.
The &man.devd.8; utility and its configuration
file now support functionality which is equivalent to it.The &man.xargs.1; utility now supports a
flag which makes the command execution when the standard input
does not contain any non-whitespace-characters. &merged;The shared library version number of all libraries have
been updated due to some possible ABI changes. The libraries
include: snmp_*, libdialog, libg2c, libobjc,
libreadline, libregex, libstdc++, libkrb5, libalias, libarchive,
libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt,
libdevstat, libedit, libexpat, libfetch, libftpio, libgpib,
libipsec, libkiconv, libmagic, libmp, libncp, libncurses,
libnetgraph, libngatm, libopie, libpam, libpthread, libradius,
libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw,
libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto,
libssh, and libssl.The wcsdup() function has been
implemented. This function is popular in Microsoft and GNU
systems./etc/rc.d ScriptsThe auditd script for
OpenBSM &man.auditd.8; has been added.The bluetooth script
has been added. This script will be called from
&man.devd.8; in response to device attachment/detachment
events and to stop/start particular device without unplugging
it by hand. The configuration parameters are in
/etc/defaults/bluetooth.device.conf,
and can be overridden by using
/etc/bluetooth/$device.conf
(where $device is ubt0,
btcc0, and so on.)
For more details, see &man.bluetooth.conf.5;. &merged;The ftpd script for
stand-alone &man.ftpd.8; has been added.The gbde_swap script has
been removed in favor a new encswap
script which also supports &man.geli.8; for swap
encryption.The geli and geli2
scripts has been added for &man.geli.8; device
configuration on boot.The ike script for
IPsec IKE daemon has been removed because no such daemon
is included in the base system.The hcsecd and
sdpd scripts have been added
for &man.hcsecd.8; and &man.sdpd.8; daemons.
These daemons can run even if no Bluetooth devices
are attached to the system, but both daemons depend on
Bluetooth socket layer and thus disabled by default.
Bluetooth sockets layer must be either loaded
as a module or compiled into kernel before the daemons can run.
&merged;The hostapd script for
&man.hostapd.8; has been added. &merged;The netif script now supports
ipv4_addrs_ifn,
which adds one or more IPv4 address from a ranged list in
CIRD notation. &merged; For example:ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"The rcconf.sh in /etc/rc.d
has been removed and a variable early_late_divider,
which designates the script to separate the early and late stages
of the boot process, has been added.The rc.initdiskless now uses &man.tar.1;
instead of &man.pax.1; because the &man.pax.1; needs a writable
temporary directory.The pccard script has been removed
since OLDCARD is deprecated.The ppp-user script has been renamed to
ppp. &merged;The removable_interfaces variable
has been removed.A new keyword NOAUTO in
ifconfig_ifn
has been added. This prevents configuration of an interface
at boot time or via /etc/pccard_ether,
and allows /etc/rc.d/netif
to be used to start and stop an interface
on a purely manual basis.Contributed SoftwareBIND has been updated from 9.3.1
to 9.3.2. &merged;BSNMPD has been updated from
1.11 to 1.12.GNU Readline library
has been updated from 5.0 to 5.1.GNU Troff
has been updated from version 1.19 to version 1.19.2.
&merged;IPFilter has been updated from
4.1.8 to 4.1.10.OpenSSH has been updated from
4.2p1 to 4.3p1.hostapd
has been updated from version 0.3.9 to version 0.4.8.
&merged;sendmail has been updated from
8.13.4 to 8.13.6. &merged;The timezone database has been updated from the
tzdata2005l release to the
tzdata2005r release. &merged;WPA Supplicant
has been updated from version 0.3.9 to version 0.4.8.
&merged;zlib
has been updated from version 1.2.2 to version 1.2.3.Ports/Packages Collection InfrastructureThe &man.pkg.add.1; now supports an
flag to disable checking whether the same package is already
installed or not.The &man.pkg.add.1; program now supports an
flag, which is the same as the flag
except that the given prefix is also used recursively for the
dependency packages if any. &merged;The &man.pkg.add.1; and &man.pkg.create.1; utilities now support
a flag to save packages to the current directory
(or PKGDIR if defined) by default.
&merged;The &man.pkg.create.1; program now supports an
flag to support basic regular expressions for package name,
an flag for extended regular
expressions, and a for exact matching. &merged;The &man.pkg.version.1; utility now supports an
flag to show the origin recorded on package generation
instead of the package name, and an flag
to list packages whose registered origin is origin only.
&merged;The &man.portsnap.8; utility (sysutils/portsnap)
has been added into the &os; base system. This is a secure,
easy to use, fast, lightweight, and generally good way for
users to keep their ports trees up to date. &merged;A incorrect handling of HTTP_PROXY_AUTH
in the &man.portsnap.8; utility has been fixed. &merged;The startup scripts from the local_startup
directory now evaluated by using &man.rcorder.8; with scripts
in the base system. &merged;The suffix of startup scripts from the Ports Collection
has been removed. This means foo.sh
is renamed to foo, and now
scripts whose name is something like
foo.ORG will also be invoked.
You are recommended to reinstall packages which install
such scripts and remove extra files in the
local_startup directory. &merged;New rc.conf variables,
ldconfig_local_dirs and
ldconfig_local32_dirs have been added.
These hold lists of local &man.ldconfig.8; directories.
&merged;The @cwd command in
pkg-plist now allows
no directory argument. If no
directory argument is given, it will set current
working directory to the first prefix given by the
@cwd command. &merged;Release Engineering and IntegrationThe default partition sizing algorithm of the
&man.sysinstall.8; utility has been changed.On systems where the disk capacity is larger than (3 * RAMsize + 10GB),
the default sizes will now be as follows:PartitionSizeswapRAMsize * 2/512 MB/tmp512 MB/var1024 MB + RAMsize/usrthe rest (8GB or more)On systems where the disk capacity is larger than
(RAMsize / 8 + 2 GB), the default sizes will be
in the following ranges, with space allocated
proportionally:PartitionSizeswapfrom RAMsize / 8 to RAMsize * 2/from 256MB to 512MB/tmpfrom 128MB to 512MB/varfrom 128MB to 1024MB/usrfrom 1536MB to 8192MBOn systems with even less disk space, the existing behavior is not
changed.A bug that CHECKSUM.MD5 includes
an incorrect checksum of the file itself has been fixed.A new &man.make.1; target make showconfig
has been added in src/Makefile
to show build configuration of the &os; source tree.The src.conf file, which
contains settings that will apply to every build involving
the &os; source tree, has been added.
For details, see &man.build.7; and &man.src.conf.5;.The supported version of
the GNOME desktop environment
(x11/gnome2) has been
updated from 2.10.2 to 2.12.3. &merged;The supported version of
the KDE desktop environment
(x11/kde2) has been
updated from 3.4.2 to 3.5.1. &merged;The supported version of
the Perl interpreter
(lang/perl5.8) has been updated
from 5.8.7 to 5.8.8. &merged;The supported version of
the &xorg; windowing system
(x11/xorg) has been updated
from 6.8.2 to 6.9.0. &merged;DocumentationDocumentation of existing functionality has been improved by
the addition of the following manual pages:
&man.acpi.sony.4;, &man.snd.mss.4;, &man.snd.t4dwave.4;.Upgrading from previous releases of &os;Upgrading &os; should, of course, only be attempted after
backing up all data and configuration
files.