The &os; Project $FreeBSD$ 2000 2001 2002 2003 2004 2005 2006 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. This document contains the release notes for &os; &release.current; on the &arch.print; hardware platform. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This section describes the most user-visible new or changed features in &os; since &release.prev;. In general, changes described here are unique to the &release.branch; branch unless specifically marked as &merged; features. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. A temporary file vulnerability in &man.texindex.1;, which could allow a local attacker to overwrite files in the context of a user running the &man.texindex.1; utility, has been fixed. For more details see security advisory FreeBSD-SA-06:01.texindex. &merged; A temporary file vulnerability in the &man.ee.1; text editor, which could allow a local attacker to overwrite files in the context of a user running &man.ee.1;, has been fixed. For more details see security advisory FreeBSD-SA-06:02.ee. &merged; Several vulnerabilities in the &man.cpio.1; utility have been corrected. For more details see security advisory FreeBSD-SA-06:03.cpio. &merged; An error in &man.ipfw.4; IP fragment handling, which could cause a crash, has been fixed. For more details see security advisory FreeBSD-SA-06:04.ipfw. &merged; A potential buffer overflow in the IEEE 802.11 scanning code has been corrected. For more details see security advisory FreeBSD-SA-06:05.80211. &merged; Two instances in which portions of kernel memory could be disclosed to users have been fixed. For more details see security advisory FreeBSD-SA-06:06.kmem. &merged; A logic bug in the IP fragment handling in &man.pf.4;, which could cause a crash under certain circumstances, has been fixed. For more details see security advisory FreeBSD-SA-06:07.pf. &merged; A new sysctl variable kern.malloc_stats has been added. This allows to export kernel malloc statistics via a binary structure stream. A new sysctl variable vm.zone_stats has been added. This allows to export &man.uma.9; allocator statistics via a binary structure stream. The sysctl variable hw.pci.do_powerstate has been changed from a boolean to a range. 0 means no power management, 1 means conservative power management which any device class that has caused problems is added to the watch list, 2 means aggressive power management where any device class that is not fundamental to the system is added to the list, and 3 means power them all down unconditionally. The default is 1. The GENERIC kernel now enables SMP support by default. Sample kernel configuration files src/sys/arch/conf/MAC for the Mandatory Access Control framework have been added. A new option -S, which allows setting the boot2 serial console speed in the /boot.config file or on the boot: prompt line, has been added. A new loader tunable comconsole_speed to change the serial console speed has been added. If the previous stage boot loader requested a serial console then the default speed is determined from the current serial port speed, and otherwise it is set to 9600 or the value of the kernel option BOOT_COMCONSOLE_SPEED at compile time. The &man.acpi.thermal.4; driver now supports passive cooling. Support for the PadLock Security Co-processor in VIA C3 processors has been added to the &man.crypto.9; subsystem. &merged; A bug which prevents the &man.ichsmb.4; kernel module from unloading has been fixed. The loader tunable debug.mpsafevfs is set to 1 by default. The smbios(4) driver support for amd64 has been added. The tnt4882(4) driver which supports National Instruments PCI-GPIB card has been added. A new loader tunable hw.apic.enable_extint has been added. This tunable can be used not to mask the ExtINT pin on the first I/O APIC. At least one chipset for Intel Pentium III seems to need this even though all of the pins in the 8259A's are masked. The default is still to mask the ExtINT pin. The &man.agp.4; driver now supports ATI IGP chipsets. The &man.sound.4; driver now supports wider range sampling rate, multiple precisions choice, and 24/32 bit PCM format conversion. The &man.snd.als4000.4; driver is now MPSAFE. The &man.snd.cmi.4; driver is now MPSAFE. The &man.snd.via8233.4; driver is now MPSAFE. The &man.snd.via82c686.4; driver is now MPSAFE. The &man.dc.4; driver is now MPSAFE. &merged; The &man.de.4; driver has been converted to the &man.bus.dma.9; API and is now MPSAFE. The &man.ed.4; driver is now MPSAFE. The &man.el.4; driver has been removed. The &man.my.4; driver is now MPSAFE. &merged; The &man.pcn.4; driver is now MPSAFE. &merged; The &man.re.4; driver now supports D-Link DGE-528(T) Gigabit Ethernet card. The &man.sf.4; driver is now MPSAFE. &merged; The &man.ste.4; driver is now MPSAFE. The &man.gre.4; driver, which is for GRE encapsulation found in RFC 1701 and RFC 1702 now supports IPv6 over GRE. The path MTU discovery for multicast packets in the &os; &man.ip6.4; stack has been disabled by default because notifying path MTU by a lot of routers in multicast can be a kind of distributed Denial-of-Service attack to a router. This feature can be enabled by using a new sysctl variable net.inet6.ip6.mcast_pmtu. The &man.ipfw.4;, IP packet filter now supports IPv6. The &man.ip6fw.8; is deprecated and will be removed in the future releases. The &man.natm.4;, Native Mode ATM protocol layer is now MPSAFE. A new sysctl variable net.inet.icmp.reply_from_interface has been added. This allows the &man.icmp.4; reply to non-local packets generated with the IP address the packet came through in. This is useful for routers to show in &man.traceroute.8; the actual path a packet has taken instead of the possibly different return path. A new sysctl variable net.inet.icmp.quotelen has been added. This allows to change length of the quotation of the original packet in an ICMP reply. The minimum of 8 bytes is internally enforced. The maximum quotation is the remaining space in the reply mbuf. This option is added in response to the issues raised in I-D draft-gont-icmp-payload-00.txt. The &man.icmp.4; now always quotes the entire TCP header when responding and allocate an mbuf cluster if needed. This change fixes the TCP issues raised in I-D draft-gont-icmp-payload-00.txt. A new socket option IP_MINTTL has been added. This may be used to set the minimum acceptable TTL a packet must have when received on a socket. All packets with a lower TTL are silently dropped, and this works on already connected/connecting and listening sockets for RAW, UDP, and TCP. This option is only really useful when set to 255 preventing packets from outside the directly connected networks reaching local listeners on sockets. Also, this option allows userland implementation of The Generalized TTL Security Mechanism (GTSM) found in RFC 3682. The stealth forwarding now supports IPv6 as well as IPv4. This behavior can be controlled by using a new sysctl variable net.inet6.ip6.stealth. The &man.aac.4; driver now supports the Adaptec 2610SA SATA-RAID controller in some Hewlett-Packard machines. The &man.ata.4; driver now supports a workaround for some controllers whose DMA does not work properly in 48bit mode. For the suspicious controllers the PIO mode will be used for access to over 137GB areas. The &man.ata.4; driver now supports the ITE IT8211F IDE controller, and Promise PDC40718 and PDC40719 chip found in Promise Fasttrak TX4300. A new GEOM class GEOM_ZERO has been added. It creates very huge provider (41PB) /dev/gzero and mainly for performance testing. On BIO_READ request it zero-fills bio_data and on BIO_WRITE it does nothing. The GEOM_LABEL class now supports Ext2FS and ReiserFS. The &man.hptmv.4; driver has been updated and now supports amd64 as well as PAE. The &man.mpt.4; driver has been updated to support various new features such as RAID volume and RAID member state/settings reporting, periodic volume re-synchronization status reporting, and sysctl variables for volume re-synchronization rate, volume member write cache status, and volume transaction queue depth. A new GEOM-based disk encryption facility, GEOM_ELI, has been added. It uses the &man.crypto.9; framework for hardware acceleration and supports different cryptographic algorithms. See &man.geli.8; for more information. &merged; The &man.umass.4; driver now supports PLAY_MSF, PLAY_TRACK, PLAY_TRACK_REL, PAUSE, PLAY_12 commands so that the &man.cdcontrol.1; utility can handle USB CD drive. A part of the FreeBSD NFS subsystem (the interface with the protocol stack and callouts) is now MPSAFE. Padding of ai_addrlen in struct addrinfo has been removed, which was originally for the ABI compatibility. For example, this change break the ABI compatibility of &man.getaddrinfo.3; function on 64-bit architecture including &os;/alpha, &os;/amd64, &os;/ia64, and &os;/sparc64. The &man.bsdiff.1; and &man.bspatch.1; utilities have been added. These are tools for constructing and applying binary patches. The &man.cmp.1; utility now supports an -h flag to compare the symbolic link itself rather than the file that the link points to. The &man.gpt.8; utility now supports setting GPT partition labels. The &man.ifconfig.8; utility now supports a -k flag to allow printing potentially sensitive keying material to standard output. This sensitive information will not be printed by default. The &man.ifconfig.8; utility now supports a -tunnel parameter, which is just an alias for deletetunnel, yet is more convenient and easier to type. The -vlandev parameter to &man.ifconfig.8; no longer requires a network interface as its argument. The argument still is supported for backward compatibility, but now it is deprecated and its use is discouraged. The &man.kenv.1; utility now supports a -q flag to suppress warnings. The libedit library has been updated from the NetBSD source tree as of August 2005. The &man.libmemstat.3; library has been added. This is for use by debugging and monitoring applications in tracking kernel memory statistics. It provides an abstracted interface to &man.uma.9; and &man.malloc.9; statistics, wrapped around the binary stream sysctl variables for the allocators. &merged; A new function &man.memmem.3; has been implemented in libc. This is the binary equivalent to &man.strstr.3; and found in glibc. The &man.moused.8; now supports an -H flag to enable horizontal virtual scrolling similar to a -V flag for vertical virtual scrolling. The &man.netstat.1; utility now supports an -h flag for interface stats mode, which prints all interface statistics in human readable form. A new functions, &man.pidfile.3;, which allow reliable pidfiles handling have been implemented in libutil. The &man.ping.8; utility now supports a sweeping ping in which &man.icmp.4; payload of packets being sent is increased with given step. This is useful for testing problematic channels, MTU issues or traffic policing functions in networks. The &man.pkill.1; utility now supports a -F option which allows to restrict matches to a process whose PID is stored in the pidfile file. When another new option -L is also specified, the pidfile file must be locked with the &man.flock.2; syscall or created with &man.pidfile.3;. The &man.powerd.8; program now supports a -P option which allows to specify pidfile. The &man.rpcgen.1; utility now generates headers and stub files which can be used with ANSI C compilers by default. The &man.sysctl.8; utility now supports a -q flag to suppress a limited set of warnings and errors. The shared library version number of all libraries have been updated due to some possible ABI changes. The libraries include: snmp_*, libdialog, libg2c, libobjc, libreadline, libregex, libstdc++, libkrb5, libalias, libarchive, libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt, libdevstat, libedit, libexpat, libfetch, libftpio, libgpib, libipsec, libkiconv, libmagic, libmp, libncp, libncurses, libnetgraph, libngatm, libopie, libpam, libpthread, libradius, libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw, libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto, libssh, and libssl. The wcsdup() function has been implemented. This function is popular in Microsoft and GNU systems. The gbde_swap script has been removed in favor a new encswap script which also supports &man.geli.8; for swap encryption. The geli and geli2 scripts has been added for &man.geli.8; device configuration on boot. The removable_interfaces variable has been removed. A new keyword NOAUTO in ifconfig_ifn has been added. This prevents configuration of an interface at boot time or via /etc/pccard_ether, and allows /etc/rc.d/netif to be used to start and stop an interface on a purely manual basis. BIND has been updated from 9.3.1 to 9.3.2. &merged; IPFilter has been updated from 4.1.8 to 4.1.10. OpenSSH has been updated from version 4.0p1 to version 4.2p1. &merged; sendmail has been updated from version 8.13.3 to version 8.13.4. &merged; The timezone database has been updated from the tzdata2005l release to the tzdata2005r release. &merged; The &man.pkg.version.1; now supports an -o flag to show the origin recorded on package generation instead of the package name, and an -O flag to list packages whose registered origin is origin only. The &man.portsnap.8; utility (sysutils/portsnap) has been added into the &os; base system. This is a secure, easy to use, fast, lightweight, and generally good way for users to keep their ports trees up to date. The default partition sizing algorithm of the &man.sysinstall.8; utility has been changed. On systems where the disk capacity is larger than (3 * RAMsize + 10GB), the default sizes will now be as follows: Partition Size swapRAMsize * 2 /512 MB /tmp512 MB /var1024 MB + RAMsize /usrthe rest (8GB or more) On systems where the disk capacity is larger than (RAMsize / 8 + 2 GB), the default sizes will be in the following ranges, with space allocated proportionally: Partition Size swapfrom RAMsize / 8 to RAMsize * 2 /from 256MB to 512MB /tmpfrom 128MB to 512MB /varfrom 128MB to 1024MB /usrfrom 1536MB to 8192MB On systems with even less disk space, the existing behavior is not changed. The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.10.2 to 2.12.3. &merged; The supported version of the KDE desktop environment (x11/kde2) has been updated from 3.4.2 to 3.5.1. &merged; The supported version of the Perl interpreter (lang/perl5.8) has been updated from 5.8.7 to 5.8.8. &merged; The supported version of the &xorg; windowing system (x11/xorg) has been updated from 6.8.2 to 6.9.0. &merged; Documentation of existing functionality has been improved by the addition of the following manual pages: &man.acpi.sony.4;, &man.snd.mss.4;, &man.snd.t4dwave.4;. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.