&os;/&arch; &release.current; Release NotesThe FreeBSD Project$FreeBSD$2000200120022003The FreeBSD Documentation ProjectThe release notes for &os; &release.current; contain a summary
of
This document lists applicable security advisories that were issued since
the last release, as well as significant changes to the &os;
kernel and userland.
Some brief remarks on upgrading are also presented.IntroductionThis document contains the release notes for &os;
&release.current; on the &arch.print; hardware platform. It
describes recently added, changed, or deleted features of &os;.
It also provides some notes on upgrading
from previous versions of &os;.
The &release.type; distribution to which these release notes
apply represents a point along the &release.branch; development
branch between &release.prev; and the future &release.next;. Some
pre-built, binary &release.type; distributions along this branch
can be found at .
]]>
This distribution of &os; &release.current; is a
&release.type; distribution. It can be found at or any of its mirrors. More
information on obtaining this (or other) &release.type;
distributions of &os; can be found in the Obtaining
FreeBSD appendix to the FreeBSD
Handbook.
]]>
Users who are new to the &release.branch; series of &os;
&release.type;s should also read the Early Adopters Guide
to &os; &release.current;. This document can generally be
found in the same location as the release notes (either as a part of a
&os; distribution or on the &os; Web site). It contains important
information regarding the advantages and disadvantages of using
&os; &release.current;, as opposed to releases based on the &os;
4-STABLE development branch.All users are encouraged to consult the release errata before
installing &os;. The errata document is updated with
late-breaking information discovered late in the
release cycle or after the release. Typically, it contains
information on known bugs, security advisories, and corrections to
documentation. An up-to-date copy of the errata for &os;
&release.current; can be found on the &os; Web site.What's NewThis section describes
Typical release note items
document recent security advisories issued after
&release.prev.historic;,
new drivers or hardware support, new commands or options,
major bug fixes, or contributed software upgrades. They may also
list changes to major ports/packages or release engineering
practices. Clearly the release notes cannot list every single
change made to &os; between releases; this document focuses
primarily on security advisories, user-visible changes, and major
architectural improvements.Security AdvisoriesA single-byte buffer overflow in &man.realpath.3; was
fixed. Although the fix was committed prior to &os;
&release.prev; (and thus &release.prev; was not affected),
it was not noted in the release documentation. See security advisory
FreeBSD-SA-03:08. &merged;A bug that could allow the kernel to attempt delivery of
invalid signals has been fixed. The bug could have led to a
kernel panic or, under some circumstances, unauthorized
modification of kernel memory. For more information, see
security advisory
FreeBSD-SA-03:09. &merged;A bug in the iBCS2 emulation module, which could result in
disclosing the contents of kernel memory, has been fixed. This
module is not enabled in &os; by default. For more information,
see security advisory
FreeBSD-SA-03:10. &merged;A buffer management bug in
OpenSSH, which could potentially
cause a crash, has been fixed. More information can be found in
security advisory
FreeBSD-SA-03:12. &merged;A buffer overflow in sendmail has
been fixed. More information can be found in security advisory
FreeBSD-SA-03:13.
&merged;A bug that could allow the kernel to cause resource starvation
which eventually results in a system panic in the ARP cache code
has been fixed. More information can be found in security advisory
FreeBSD-SA-03:14.
&merged;Several errors in the OpenSSH PAM
challenge/response authentication subsystem have been fixed. The impacts
of these bugs vary; details can be found in security advisory
FreeBSD-SA-03:15.
&merged;A bug in &man.procfs.5; and &man.linprocfs.5;, which could result in
disclosing the contents of kernel memory, has been fixed.
More information can be found in security advisory
FreeBSD-SA-03:17.
&merged;Four separate security flaws in OpenSSL,
which could allow a remote attacker to crash an
OpenSSL-using application or
to execute arbitrary code with the privileges of the application,
have been fixed.
More information can be found in security advisory
FreeBSD-SA-03:18. &merged;Kernel ChangesA bug that even when no AT keyboard is connected,
&man.atkbd.4; registers an AT keyboard during console initialization
has been fixed. kbdcontrol -k /dev/kbd1
is no longer needed when only a USB keyboard is connected.
&merged;The DRM kernel modules have been updated from
DRI CVS as of 9 September 2003. Among other changes, this
import includes a newly-ported SiS 300/305/540/630/730
driver.A multi-byte character set conversion method is now supported
by the LIBICONV kernel option.A new OFW PCI framework, conditional on the
OFW_NEWPCI kernel configuration option, has
been added. This addition improves the handling of PCI busses.
One user-visible change is that the enumeration of devices is
closer to &solaris; (as a result of this change, the numbering
of devices may change if more than one unit of a device type is
present). The OFW_NEWPCI kernel
configuration is enabled by default in the
GENERIC kernel.The &man.hifn.4; driver now supports
symmetric crypto for the 7955 and 7956 chipsets.
&merged;The &man.puc.4;,
PCI Universal Communications driver now supports
to connect parallel ports to the &man.ppc.4; driver.The &man.safe.4; driver has been added
to support SafeNet 1141, 1741-based crypto accelerators.
&merged;
This driver should be considered experimental and
and should be used with some caution.The public key support is not implemented.A kernel software watchdog facility has been implemented.
For more information, see &man.watchdog.4; and
&man.watchdogd.8;.The swap pager has been revamped. Among user-visible
changes are a change in the layout policy (from fixed-width
striping to a round-robin across devices) for better I/O
throughput, the elimination of compile-time limits on the number
of swap devices, and a reduction in memory overheads.Platform-Specific Hardware SupportPCI interrupts are always routed on i386 UP
machines, which may improve the usability of some PCI devices
(particularly on laptops).An integer overflow that could cause kernel
panics on PAE machines of certain large memory sizes has been
corrected.Floating point emulation in the kernel has
been removed.Boot Loader ChangesNetwork Interface SupportThe new &man.ath.4; and &man.ath.hal.4; drivers provide
support for 802.11a/b/g devices based on the AR5210, AR5211,
and AR5212 chips.The &man.bfe.4; driver has been added to support Broadcom
BCM4401 based Fast Ethernet adapters.&man.bge.4; now supports Broadcom 5705 based Gigabit Ethernet NICs.
&merged;A bug in the &man.bge.4; driver that prevented it from
working correctly at 10 Mbps has been fixed.The &man.em.4; driver now has support for tuning
the interrupt delays using sysctl tunables
without recompiling the driver.The &man.harp.4; driver has been added.
This is a pseudo physical interface driver for HARP,
which attaches to all netgraph ATM interface in the
system and presents a physical interface to the HARP stack
for each of these interfaces.The &man.hatm.4; driver has been added
to support Fore/Marconi HE155 and HE622 ATM cards.The &man.patm.4; driver has been added to
support IDT77252 based ATM interfaces.The &man.re.4; driver has been added. It provides support
for the RealTek RTL8139C+, RTL8169, RTL8169S and RTL8110S PCI
Fast Ethernet and Gigabit Ethernet controllers.&man.sk.4; now supports SK-9521 V2.0 and 3COM 3C940 based Gigabit
Ethernet NICs. &merged;The &man.uart.4; driver has been added to support various
classes of UART (Universal Asynchronous Receiver/Transmitter)
devices. It is an analog of the &man.sio.4; driver but
supports a wider range of devices. This driver is necessary
to support serial ports on certain architectures, such as
ia64 and sparc64.The suspend/resume support for the &man.wi.4; driver
now works correctly when the device is configured down.
&merged;The 802.11 support layer has been rewritten to allow for
future growth and new features.The xe driver now supports CE2, CEM28,
and CEM33 cards, and &man.multicast.4; datagram. Also several
bugs in the driver has been fixed.Network ProtocolsAn IP_ONESBCAST option has been added
to enable undirected &man.ip.4; broadcasts to be sent to
specific network interfaces.A bug in &man.ipfw.4; limit rule processing that could
cause various panics has been fixed.&man.ipfw.4; rules now support comma-separated address lists
(such as 1.2.3.4, 5.6.7.8/30, 9.10.11.12/22),
and allow spaces after commas to make lists of addresses more readable.
&merged;&man.ipfw.4; rules now support C++-style comments.
Each comment is stored together with its rule and appears using
the &man.ipfw.8; show command.
&merged;&man.ipfw.8; can now modify &man.ipfw.4; rules in set 31,
which was read-only and used for the default rules.
They can be deleted by ipfw delete set 31
command but are not deleted
by the ipfw flush command.
This implements a flexible form of persistent
rules. More details can be found in &man.ipfw.8;.
&merged;The &man.ng.atmpif.4; NetGraph node type has been added.
It emulates a HARP physical interface, and allows one
to run the HARP ATM stack without real hardware.Kernel support has been added for Protocol Independent
Multicast routing (&man.pim.4;). &merged;To reduce information leakage, IPv4 packets no longer have
a ip_id field set unless fragmentation is
being done.The &os; Bluetooth protocol stack has been updated:libsdp has been re-implemented
under BSD style license. This is because the Linux BlueZ's code is
distributed under GPL.&man.hccontrol.8; utility now supports four new commands:
Read/Write_Page_Scan_Mode and Read/Write_Page_Scan_Period_Mode.&man.hcsecd.8; daemon now stores link keys on a disk.
It is no longer required to pair devices every time.A netgraph timeouts problem in &man.ng.hci.4; and
&man.ng.l2cap.4; kernel modules, which could cause
access to data structure that was already freed,
has been fixed.&man.ng.ubt.4; module, which cannot be build on
&os; &release.prev;, has been fixed.&man.rfcomm.sppd.1; and &man.rfcomm.pppd.8; now support
to query RFCOMM channel via SDP from the server. Specifying
RFCOMM channel manually, this behavior can be disabled and
these utilities will not use SDP query.&man.sdpcontrol.8; utility, which is analogous to sdptool utility in
the Linux BlueZ SDP package, has been added.Disks and StorageThe &man.amr.4; driver now has system crashdump support.A major rework of the &man.ata.4; driver has been
committed. One of the more notable changes is that the
&man.ata.4; driver has now out from under the Giant kernel
lock. Note that ATA software RAID systems must now include
device ataraid in their kernel
configuration files, as it is no longer automatically implied
by device atadisk.&man.ccd.4; can now operate on raw disks and other
&man.geom.4; providers.The &man.da.4; driver no longer tries to send 6-byte
commands to USB and Firewire devices. The quirks for these
devices (which hopefully are now unnecessary) have been
disabled; to restore the old behavior, add options
DA_OLD_QUIRKS to the kernel configuration. &merged;Various &man.geom.4; modules can now be loaded as kernel
modules, namely:
geom_apple,
geom_bde,
geom_bsd,
geom_gpt,
geom_mbr,
geom_pc98,
geom_sunlabel,
geom_vol_ffs.
A GEOM_FOX module has been added to
detect and select between multiple redundant paths to the same
device.The &man.matcd.4; driver, which supports the
Matsushita CR-562 and CR-563 CD drives, has returned.The &man.twe.4; driver now supports the 3ware generic
API. &merged;File SystemsMulti-byte character conversion with the cd9660, msdosfs,
and ntfs filesystems is now supported by including the
CD9660_ICONV,
MSDOSFS_ICONV, and
NTFS_ICONV kernel options,
respectively.Some off-by-one errors in the smbfs that prevented it from
working correctly with 15-character NetBIOS names have been fixed.Multimedia SupportUserland Changes&man.acpidb.8;, an ACPI DSDT debugger, has been
added.&man.arp.8; now supports a option
to limit the scope of the current operation to the ARP entries
on a particular interface. This option applies to the display
operations only. It should be useful on routers with numerous
network interfaces. &merged;The &man.atmconfig.8; program has been added for
configuration of the ATM drivers and IP-over-ATM
functionality.&man.chroot.8; now allows the optional setting of a user,
primary group, or group list to use inside the chroot
environment via the , ,
and options respectively. &merged;The dev_db utility is unnecessary due to the mandatory
presence of devfs, and has been removed.&man.dhclient.8; now polls the state of network interfaces
and only sends DHCP requests on interfaces that are up. The
polling interval can be controlled with the
option.The &man.ffsinfo.8; utility has been updated to understand
UFS2 filesystems and has been re-enabled.The &man.iasl.8; utility, a compiler/decompiler for ACPI
Source Language (ASL) and ACPI Machine language (AML), has been
added.&man.ipfw.8; list and show
command now support ranges of rule numbers.
&merged;&man.ipfw.8; now supports a flag
to test the syntax of commands without actually changing anything.
&merged;The libalias library,
&man.natd.8;, and &man.ppp.8; now support Cisco Skinny Station protocol,
which is the protocol used by Cisco IP phones to talk to Cisco Call
Managers. Note that currently having the Call Manager behind
the NAT gateway is not supported.The libcipher DES cryptography library
has been removed. All of its functionality is provided by the
libcrypto library, and all base systems
programs that used libcipher have been
converted to use libcrypto instead.The libkiconv library has been added to
support working with loadable character set conversion tables in
the kernel.The libthr 1:1
threading library is now built by default.The &man.locale.1; utility has been re-implemented and is
now POSIX-compliant. A new option shows all
available codesets.The &man.mount.8; utility now supports to display the filesystem
ID for each file system in addition to the normal information
when a flag is specified,
and &man.umount.8; utility now accepts the filesystem ID
as well as the usual device and path names.
This allows to unambiguously specify which file system is
to be unmounted even when two or more file systems share
the same device and mount point names.The &man.mount.cd9660.8; and &man.mount.ntfs.8; utilities
now support a option to specify local
character sets to convert Unicode filenames. It is possible to
specify multi-byte character sets using this option.The &man.mount.msdosfs.8; utility now supports a
option to specify the maximum file
permissions for directories in the file system. &merged;The &man.mount.msdosfs.8; utility now supports a
option to specify MS-DOS codepages and a
option to specify local character sets. They are
used to convert character sets of filenames. The
/usr/libdata/msdosfs tables have
retired.The &man.mount.nwfs.8;, &man.mount.portalfs.8;, and
&man.mount.smbfs.8; utilities have been moved from
/sbin to /usr/sbin.The &man.rc.conf.5; variable ntpd_flags for
&man.ntpd.8; now includes
by default.The &man.pam.guest.8; PAM module has been added to allow
guest logins. It replaces the pam_ftp(8) module.&man.ps.1; and &man.top.1; now support a flag to display all
kernel-visible threads in each process.A bug that &man.rarpd.8; does not recognize removable Ethernet NICs
has been fixed.&man.rtld.1; now includes libmap
functionality by default; the WITH_LIBMAP
compile knob is unnecessary and has been retired. More
information can be found in &man.libmap.conf.5;.The symorder utility has been removed. It is unnecessary
now that all kernels use ELF format and there is no a.out format
toolchain.&man.sysinstall.8; now gives the ability to select an
alternate MTA during installation. Currently,
exim and
Postfix are supported.&man.systat.1; now includes displays for IPv6 and ICMPv6
traffic. &merged;A number of utilities available in /bin
and /sbin are now available as a
statically-linked crunched binary that lives in
/rescue. This functionality is similar to
the /stand directory installed by
&man.sysinstall.8;, but /rescue includes
more functionality and is updated as part of
buildworld/installworld operations. More details can be found in
&man.rescue.8;.
It is now possible to build /bin and
/sbin directories containing
dynamically-linked executables. This feature brings support for
loadable PAM and NSS modules to base system utilities located in
those directories. It also reduces the storage requirements for
the root filesystem due to the use of shared libraries. This
feature can be enabled in a buildworld by
defining the Makefile variable
WITH_DYNAMICROOT.Contributed SoftwareThe ACPI-CA code has been updated
from the 20030228 snapshot to the 20030619 snapshot.amd has been updated from 6.0.7
to 6.0.9.awk from Bell Labs has been
updated from a 14 March 2003 snapshot to a 29 July 2003 snapshot.BIND has been updated from 8.3.4
to 8.3.6.GCC has been updated from 3.2.2 to
3.3.1-release.
Previous versions of GCC
generated incorrect code when
-march=pentium4 optimization was
enabled. This problem is believed to have been fixed with
this upgrade, and the earlier workaround for the case of
CPUTYPE=p4 has been removed.The GCC
option, which formerly controlled linking of the threading
library, has been removed. This flag is confusing in the
presence of multiple threading libraries (specifically
libc_r, libkse, and
libthr). Ports should use the
PTHREAD_LIBS variable to select the correct
threading library.GNU Readline has been updated
from 4.2 to 4.3.GNU Sort has been updated from
the version in textutils 2.0.21 to the version in textutils
2.1.Heimdal Kerberos has been
updated from 0.5.1 to 0.6.The ISC DHCP client has been
updated from 3.0.1rc11 to 3.0.1rc12.lukemftp has been updated from
1.6beta2 to a 30 June 2003 snapshot from NetBSD.OpenPAM has been updated from the
Dianthus release to the
Dogwood release.OpenSSL has been updated from
0.9.7a to 0.9.7c. &merged;sendmail has been updated to
version 8.12.10.texinfo has been updated from 4.5
to 4.6. &merged;The timezone database has been updated
from the tzdata2003a release
to the tzdata2003d release.Ports/Packages Collection InfrastructureIf GNU_CONFIGURE is defined,
all instances of config.guess and
config.sub found
under WRKDIR
are replaced with the master versions from
PORTSDIR/Template.
This allows old ports (which contain old versions
of these scripts) to build on newer architectures like ia64 and amd64.Release Engineering and IntegrationFloppy disk installation images are
no longer built for the alpha, amd64, and ia64
architectures.The supported release of GNOME has
been updated from 2.2.1 to 2.4. &merged;The supported release of KDE has
been updated from 3.1.2 to 3.1.4. &merged;DocumentationUpgrading from previous releases of &os;Users with existing &os; systems are
highly encouraged to read the Early
Adopter's Guide to &os; &release.current;. This document generally has
the filename EARLY.TXT on the distribution
media, or any other place that the release notes can be found. It
offers some notes on upgrading, but more importantly, also
discusses some of the relative merits of upgrading to &os;
5.X versus running &os;
4.X.Upgrading &os; should, of course, only be attempted after
backing up all data and configuration
files.