freebsd-dev/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml

832 lines
34 KiB
Plaintext

<articleinfo>
<title>&os;/&arch; &release.current; Release Notes</title>
<corpauthor>The FreeBSD Project</corpauthor>
<pubdate>$FreeBSD$</pubdate>
<copyright>
<year>2000</year>
<year>2001</year>
<year>2002</year>
<year>2003</year>
<holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
</copyright>
<abstract>
<para>The release notes for &os; &release.current; contain a summary
of
<![ %include.historic; [
the changes made to the &os; base system since &release.prev;.
]]>
<![ %no.include.historic; [
recent changes made to the &os; base system on the &release.branch;
development branch.
]]>
Both changes for kernel and userland are listed, as well as
applicable security advisories that were issued since the last
release. Some brief remarks on upgrading are also presented.</para>
</abstract>
</articleinfo>
<sect1 id="intro">
<title>Introduction</title>
<para>This document contains the release notes for &os;
&release.current; on the &arch.print; hardware platform. It
describes recently added, changed, or deleted features of &os;.
It also provides some notes on upgrading
from previous versions of &os;.</para>
<![ %release.type.snapshot [
<para>The &release.type; distribution to which these release notes
apply represents a point along the &release.branch; development
branch between &release.prev; and the future &release.next;. Some
pre-built, binary &release.type; distributions along this branch
can be found at <ulink url="&release.url;"></ulink>.</para>
]]>
<![ %release.type.release [
<para>This distribution of &os; &release.current; is a
&release.type; distribution. It can be found at <ulink
url="&release.url;"></ulink> or any of its mirrors. More
information on obtaining this (or other) &release.type;
distributions of &os; can be found in the <ulink
url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining
FreeBSD</quote> appendix</ulink> to the <ulink
url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD
Handbook</ulink>.</para>
]]>
</sect1>
<sect1 id="new">
<title>What's New</title>
<para>This section describes
<![ %include.historic; [
the most user-visible new or changed features in &os;
since &release.prev;.
In general, changes described here are unique to the &release.branch;
branch unless specifically marked as &merged; features.
]]>
<![ %no.include.historic; [
many of the user-visible new or changed features in &os;
since &release.prev;. It includes items that are unique to the
&release.branch; branch, as well as some features that may have been
recently merged to
other branches (after &os; &release.prev.historic;). The later
items are marked as &merged;.
]]>
</para>
<para>Typical release note items
document new drivers or hardware support, new commands or options,
major bug fixes, or contributed software upgrades. Applicable security
advisories issued after &release.prev.historic; are also listed.</para>
<para>Many additional changes were made to &os; that are not listed
here for lack of space. For example, documentation was corrected
and improved, minor bugs were fixed, insecure coding practices
were audited and corrected, and source code was cleaned up.</para>
<sect2 id="security">
<title>Security Advisories</title>
<para>A remotely exploitable vulnerability in
<application>CVS</application> has been corrected with the
import of version 1.11.5. More details can be found in security
advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc">FreeBSD-SA-03:01</ulink>.
&merged;</para>
<para>A timing-based attack on <application>OpenSSL</application>,
which could allow a very powerful attacker access to plaintext
under certain circumstances, has been prevented via an upgrade
to <application>OpenSSL</application> 0.9.7. See security
advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc">FreeBSD-SA-03:02</ulink>
for more details. &merged;</para>
<para>The security and performance of the
<quote>syncookies</quote> feature has been improved to decrease
the chance of an attacker being able to spoof connections.
More details are given in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc">FreeBSD-SA-03:03</ulink>. &merged;</para>
<para>Remotely-exploitable buffer overflow vulnerabilities in
<application>sendmail</application> have been fixed by updating
<application>sendmail</application>. For more
details, see security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc">FreeBSD-SA-03:04</ulink>
and <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc">FreeBSD-SA-03:07</ulink>.
&merged;</para>
<para>A bounds-checking bug in the XDR implementation, which could
allow a remote attacker to cause a denial-of-service, has been
fixed. For more details see security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:05.xdr.asc">FreeBSD-SA-03:05</ulink>.
&merged;</para>
<para>Two recently-publicized flaws in
<application>OpenSSL</application> have been corrected. For
more details, see security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:06.openssl.asc">FreeBSD-SA-03:06</ulink>.
&merged;</para>
</sect2>
<sect2 id="kernel">
<title>Kernel Changes</title>
<para arch="pc98">Support for the CanBe power management
controller has been added. &merged;</para>
<para>&man.devfs.5; is now mandatory; the
<literal>NODEVFS</literal> option has been removed from the set of
possible kernel configuration options.</para>
<para arch="i386,pc98">The DRM kernel modules have been updated to
a snapshot from the DRI CVS repository, roughly equivalent to
XFree86 4.3.0 but also including some additional
bug fixes.</para>
<para arch="i386,ia64,pc98">An ehci driver has been added; it supports
the USB Enhanced Host Controller Interface used by USB 2.0
controllers.</para>
<para>A minor bug in the permissions handling of
<filename>/dev/tty</filename> has been fixed. As a result,
&man.ssh.1; can now be used after &man.su.1;.</para>
<para>A bug that caused &man.fstat.2; to return
<literal>0</literal> as the number of bytes available to read
from a TCP socket has been fixed.</para>
<para>A bug that caused &man.kqueue.2; to report
<literal>0</literal> as the number of bytes available to read
from a TCP socket has been fixed. The
<literal>NOTE_LOWAT</literal> flag for
<literal>EVFILT_READ</literal> has been fixed.</para>
<para>Linux emulation mode now supports IPv6.</para>
<para>&man.madvise.2; now supports a
<literal>MADV_PROTECT</literal> behavior, which informs the
virtual memory system that a process is critical and should not
be killed when swap space has been exhausted. The process must
be owned by the superuser.</para>
<!-- Above this line, sort kernel changes by manpage/keyword-->
<para>A second process scheduler, designed to be a general purpose
scheduler with many SMP benefits, has been added to the scheduler
framework. Exactly one scheduler must be specified in a kernel
configuration. The original scheduler may be selected using
<literal>options&nbsp;SCHED_4BSD</literal>. The newer
(experimental) scheduler can be selected by using
<literal>options&nbsp;SCHED_ULE</literal>.</para>
<para>Device major numbers are now allocated dynamically by
default. This change greatly decreases the need for a static,
centralized table of major number assignments to device drivers
(a few drivers retain their old static major numbers for
compatibility), and also reduces the possibility of running out
of device major numbers.</para>
<sect3 id="proc">
<title>Processor/Motherboard Support</title>
<para arch="i386">&os; now has rudimentary support for
HyperThreading (HTT). SMP kernels with the
<literal>HTT</literal> kernel option will detect and start up
the logical processors on HTT-capable machines. The logical
processors will be treated like additional physical processors
for the purposes of process scheduling. &merged;</para>
<para arch="i386">Support for the Physical Address Extensions
(PAE) capability on Intel Pentium Pro and higher processors
has been added. This allows the use of up to 64GB of RAM in a
machine, although the amount of memory usable by any single
process (or the &os; kernel) is unchanged. For more
information, see the &man.pae.4; manual page. Work on this
feature was sponsored by DARPA and Network Associates
Laboratories.</para>
<para arch="i386">A new &man.vpd.4; driver has been added to
read hardware information from the Vital Product Data structure
on IBM ThinkPad machines.</para>
</sect3>
<sect3 id="boot">
<title>Bootloader Changes</title>
<para arch="alpha">The alpha boot loader
(<filename>boot1</filename>) can now be called
<filename>boot</filename> for consistency with other
platforms.</para>
<para arch="i386,pc98">The two parts of the boot loader
(<filename>boot1</filename> and <filename>boot2</filename>)
have been combined into a single <filename>boot</filename>
file, to simplify programs that need to write or otherwise
manipulate the boot loader.</para>
<para arch="pc98">The PC98 bootloader now has support for
booting from SCSI MO media. &merged;</para>
<para>The <filename>/modules</filename> directory (once the
default location for modules on &os; 4.X) is no longer a
part of the default <varname>kern.module_path</varname>.
Third-party modules should be placed in
<filename>/boot/modules</filename>.
<note>
<para>Modules designed for use with &os; 4.X are likely to
panic and should be used with extreme caution.</para>
</note>
</para>
<!-- Above this line, order bootloader changes by keyword-->
</sect3>
<sect3 id="net-if">
<title>Network Interface Support</title>
<para>The cm driver now supports IPX. &merged;</para>
<para arch="i386">The &man.sbsh.4; driver for the Granch SBNI16
SHDSL modem has been added.</para>
<para>A new &man.wlan.4; module provides 802.11 link-layer support. The
&man.wi.4; driver now uses this facility.</para>
<para arch="i386,alpha,pc98,sparc64">A timing bug in the
&man.xl.4; driver, which could cause a kernel panic (or other
problems) when configuring an interface, has been
fixed.</para>
</sect3>
<sect3 id="net-proto">
<title>Network Protocols</title>
<para>&man.ipfw.4; <literal>skipto</literal> rules can once
again be used with the <literal>log</literal> keyword.
&man.ipfw.4; <literal>uid</literal> rules are once again
working.</para>
<para>It is now possible to build the
<literal>FAST_IPSEC</literal> and <literal>INET6</literal>
options into the same kernel. (They still cannot be used
together, however.)</para>
<para>A bug in TCP NewReno, which caused premature exit from
fast recovery when NewReno was enabled, has been
fixed. &merged;</para>
<para>TCP now has support for the <quote>Limited
Transmit</quote> mechanism proposed by RFC 3042. This feature
is intended to improve the effectiveness of TCP loss recovery
in certain circumstances. It is off by default but can be
enabled with the <varname>net.inet.tcp.rfc3042</varname>
sysctl variable. More information can be found in
&man.tcp.4;.</para>
<para>TCP now has support for increased initial congestion
window sizes as described in RFC 3390. This feature can
improve the throughput of short transfers, as well as
high-bandwidth, large propagation-delay connections. It is
off by default but can be enabled with the
<varname>net.inet.tcp.rfc3390</varname> sysctl variable. More
information can be found in &man.tcp.4;.</para>
<para>The IP fragment reassembly code behaves more gracefully
when receiving a large number of packet fragments (it is
designed to be more resistant to fragment-based denial of
service attacks). &merged;</para>
<para>TCP connections in the <literal>TIME_WAIT</literal> state
now use a special protocol control block that uses less space
than a full-blown TCP PCB. This allows some of the data
structures and resources used by such a connection to be freed
earlier.</para>
<para>It is now possible to specify the range of
<quote>privileged ports</quote> (TCP and UDP ports that
require superuser access to &man.bind.2; to). The range is
now specified with the
<varname>net.inet.ip.portrange.reservedlow</varname> and
<varname>net.inet.ip.portrange.reservedhigh</varname> sysctl
variables, defaulting to the traditional UNIX behavior. This
feature is intended to help network servers bind
to traditionally privileged ports without requiring superuser
access. &man.ip.4; has more details.</para>
<para>Some bugs in the non-blocking RPC code has been fixed. As
a result, &man.amd.8; users are now able to mount volumes from
a &release.current; server.</para>
<para>Support for XNS networking, which has not worked
correctly for almost seven years, has been removed.</para>
</sect3>
<sect3 id="disks">
<title>Disks and Storage</title>
<para>The &man.aac.4; driver now runs free of the Giant kernel
lock. This change has given a nearly 20% performance speedup
on an SMP system running multiple I/O intensive loads.</para>
<para>The &man.ata.4; driver now supports all known SiS
chipsets. (More details can be found in the Hardware
Notes.)</para>
<para>A number of changes have been made to the &man.cd.4;
driver. The primary user-visible change is improved
compatibility with ATAPI/USB/Firewire CDROM drives.</para>
<para>&man.geom.4; is now mandatory; the
<literal>NO_GEOM</literal> has been removed from the set of
kernel configuration options.</para>
<para>A bug in the &man.mly.4; driver that caused hangs has been
corrected.</para>
<para>Support has been added for volume labels on UFS and UFS2
filesystems. These labels are strings that can be used to
identify a volume, regardless of what device it appears on.
Labels can be set with the <option>-L</option> options to
&man.newfs.8; or &man.tunefs.8;. With the
<literal>GEOM_VOL</literal> module, volumes can be accessed
using their labels under <filename>/dev/vol</filename>.</para>
<para>The root filesystem can now be located on a &man.vinum.4;
volume. More information can be found in the &man.vinum.4;
manual page.</para>
<para arch="pc98">The wfd and wst drivers, which have been
broken for some time, have been removed.</para>
</sect3>
<sect3 id="fs">
<title>Filesystems</title>
<para>A new <literal>DIRECTIO</literal> kernel option enables
support for read operations that bypass the buffer cache and
put data directly into a userland buffer. This feature
requires that the <literal>O_DIRECT</literal> flag is set on
the file descriptor and that both the offset and length for
the read operation are multiples of the physical media sector
size. &merged;</para>
<para>NETNCP and Netware Filesystem Support (nwfs) are once
again working.</para>
<para>Bugs that could cause the unmounting of a smbfs share to
fail or cause a kernel panic have been fixed.</para>
</sect3>
<sect3 id="pccard">
<title>PCCARD Support</title>
<para></para>
</sect3>
<sect3 id="mm">
<title>Multimedia Support</title>
<para arch="i386,pc98">The <filename>atspeaker.ko</filename> and
<filename>pcspeaker.ko</filename> modules for the
&man.speaker.4; device have been renamed
<filename>speaker.ko</filename>.</para>
</sect3>
</sect2>
<sect2 id="userland">
<title>Userland Changes</title>
<para>&man.adduser.8; now correctly handles setting user passwords
containing special shell characters.</para>
<para>&man.adduser.8; now supports a <option>-g</option> option to
set a user's default login group.</para>
<para arch="alpha,i386">The <filename>compat4x</filename>
distribution now includes the
<filename>libcrypto.so.2</filename>,
<filename>libgmp.so.3</filename>, and
<filename>libssl.so.2</filename> libraries from &os;
4.7-RELEASE.</para>
<para>&man.config.8; now implements a <literal>nodevice</literal>
kernel configuration file directive that cancels the effect of a
<literal>device</literal> directive. The new
<literal>nooption</literal> and <literal>nomakeoption</literal>
directives cancel prior <literal>option</literal> and
<literal>makeoption</literal> directives, respectively.</para>
<para>The &man.diskinfo.8; utility has been added to show
information about a disk device and optionally to run a naive
performance test.</para>
<para>The <option>-N</option> and <option>-W</option> flags to
&man.disklabel.8; have been retired.</para>
<para>&man.disklabel.8; is now only built for architectures where
it is useful (i386, pc98, alpha, and ia64).</para>
<para>The <option>-s</option> to &man.disklabel.8; has been
removed because the i386 boot loader now resides in a single
file.</para>
<para>&man.dump.8; now supports caching of disk blocks with the
<option>-C</option> option. This can improve dump performance
at the cost of possibly missing filesystem updates that occur
between passes.</para>
<para>&man.dumpfs.8; now supports a <option>-m</option> flag to
print file system parameters in the form of a &man.newfs.8;
command.</para>
<para>&man.elfdump.1;, a utility to display information about &man.elf.5;
format executable files, has been added.</para>
<para>&man.fetch.1; uses the <filename>.netrc</filename> support
in &man.fetch.3; and also supports a <option>-N</option> to
specify an alternate <filename>.netrc</filename> file.</para>
<para>&man.fetch.3; now has support for
<filename>.netrc</filename> files (see &man.ftp.1; for more
details).</para>
<para>&man.ftpd.8; now supports a <option>-h</option> option to
disable printing any host-specific information, such as the
&man.ftpd.8; version or hostname, in server messages.
&merged;</para>
<para>&man.ftpd.8; now supports a <option>-P</option> option to
specify a port on which to listen in daemon mode. The default
data port number is now set to be one less than the control port
number, rather than being hard-coded. &merged;</para>
<para>&man.ftpd.8; now supports an extended format of the
<filename>/etc/ftpchroot</filename> file. Please refer
to the &man.ftpchroot.5; manpage, which is now available,
for details. &merged;</para>
<para>&man.ftpd.8; now supports login directory pathnames
that specify simultaneously a directory for &man.chroot.2;
and that to change to in the chrooted environment. The
<literal>/./</literal> separator is used for
this purpose, like in other FTP daemons having this feature.
It may be used in both &man.ftpchroot.5; and &man.passwd.5;.
&merged;</para>
<para>&man.fwcontrol.8; now supports <option>-R</option> and
<option>-S</option> options for receiving and sending DV
streams. &merged;</para>
<para>The &man.gstat.8; utility has been added to show the disk
activity inside the &man.geom.4; subsystem.</para>
<para>&man.ipfw.8; now supports <literal>enable</literal> and
<literal>disable</literal> commands to control various aspects
of the operation of &man.ipfw.4; (including enabling and
disabling the firewall itself). These provide a more convenient
and visible interface than the existing sysctl
variables. &merged;</para>
<para>&man.jail.8; now supports a <option>-i</option> flag to
output an identifier for a newly-created jail.</para>
<para>The &man.jexec.8; utility has been added to execute a
command inside an existing jail.</para>
<para>The &man.jls.8; utility has been added to list existing
jails.</para>
<para>&man.kenv.1; has been moved from
<filename>/usr/bin</filename> to <filename>/bin</filename> to
make it available at times during system startup when only the
root filesystem is mounted.</para>
<para>&man.killall.1; now supports a <option>-j</option> option to
kill all processes inside a jail.</para>
<para>The &man.libgeom.3; library has been added to allow some
userland access to the &man.geom.4; subsystem.</para>
<para>The mac_portacl MAC policy module has been added. It
provides a simple ACL mechanism to permit users and groups to
bind ports for TCP or UDP, and is intended to be used in
conjunction with the recently-added
<varname>net.inet.ip.portrange.reservedhigh</varname> sysctl.</para>
<para>The MAKEDEV script is now unnecessary, due to the mandatory
presence of &man.devfs.5;, and has been removed.</para>
<para>&man.mixer.8; can now implement relative volume
adjustments.</para>
<para>The &man.mksnap.ffs.8; program has been added to allow
easier creation of FFS snapshots. It is a
SUID-<username>root</username> executable designed for use by
members of the <groupname>operator</groupname> group.</para>
<para>&man.mount.8; and &man.umount.8; now accept a
<option>-F</option> option to specify an alternate &man.fstab.5;
file.</para>
<para>&man.mount.nfs.8; now supports a <option>-c</option> flag to
avoid doing a &man.connect.2; for UDP mount points. This option
must be used if the server does not reply to requests from the
standard NFS port number 2049 or if it replies to requests using
a different IP address (which can occur if the server is
multi-homed). Setting the
<varname>vfs.nfs.nfs_ip_paranoia</varname> sysctl to
<literal>0</literal> will make this option the
default. &merged;</para>
<para>&man.mount.nfs.8; now supports the <option>noinet4</option>
and <option>noinet6</option> mount options to prevent NFS mounts
from using IPv4 or IPv6 respectively.</para>
<para>&man.newsyslog.8; now supports a <literal>W</literal> flag
to force previously-started compression jobs for an entry (or
group of entries specified with the <literal>G</literal> flag)
to finish before beginning a new one. This feature is designed
to prevent system overloads caused by starting several
compression jobs on big files simultaneously. &merged;</para>
<para>&man.nsdispatch.3; is now thread-safe and implements support
for Name Service Switch (NSS) modules. NSS modules may be
statically built into <filename>libc</filename> or dynamically
loaded via &man.dlopen.3;. They are loaded/initialized at
configuration time (i.e. when &man.nsdispatch.3; is called and
&man.nsswitch.conf.5; is read or re-read).</para>
<para>A new &man.pam.chroot.8; module has been added, which does a
&man.chroot.2; operation for users into either a predetermined
directory or one derived from their home directory.</para>
<para>&man.pam.ssh.8; has been rewritten. One side effect of the
rewrite is that it now starts a separate instance of
&man.ssh-agent.1; for each session instead of trying to connect
each session to the agent started by the first session.</para>
<para>&man.ping.8; now supports a <option>-D</option> flag to set
the <quote>Don't Fragment</quote> bit on outgoing packets.</para>
<para>&man.ping.8; now supports a <option>-M</option> option to use
ICMP mask request or timestamp request messages instead of ICMP
echo requests.</para>
<para>&man.ping.8; now supports a <option>-z</option> flag to set
the Type of Service bits in outgoing packets.</para>
<para>&man.pw.8; can now add a user whose name ends with a
<literal>$</literal> character; this change is intended to help
administration of <application>Samba</application>
services. &merged;</para>
<para>A bug in &man.rand.3; that could cause a sequence to remain
stuck at <literal>0</literal> has been fixed. (&man.rand.3;
remains unsuitable for all but trivial uses.)</para>
<para>&man.rtld.1; now has support for the dynamic mapping of
shared object dependencies. More information can be found in
&man.libmap.conf.5;. This is an optional feature, disabled by
default.</para>
<para>&man.sem.open.3; now correctly handles multiple opens of the
same semaphore; as a result, &man.sem.close.3; no longer crashes
calling programs.</para>
<para>The seeding algorithm used by &man.srandom.3; has been
strengthened.</para>
<para arch="sparc64">The sunlabel utility, a program analogous to
&man.disklabel.8; that works on Sun disk labels, has been
added.</para>
<para>The &man.swapoff.8; command has been added to disable paging
and swapping on a device. A related &man.swapctl.8; command has
been added to provide an interface to &man.swapon.8; and
&man.swapoff.8; similar to other BSDs.
<note>
<para>The &man.swapoff.8; feature should be considered
experimental.</para>
</note>
</para>
<para>&man.syslogd.8; now allows multiple hosts or programs to be
named in host or program specifications in &man.syslog.conf.5;
files.</para>
<para>&man.systat.1; now includes an <option>-ifstat</option>
display mode that displays the network traffic going through
active interfaces on the system.</para>
<para>The &man.usbhidaction.1; command has been added; it performs
actions according to its configuration in response to USB HID
controls.</para>
<para>&man.uudecode.1; and &man.b64decode.1; now support a
<option>-r</option> flag for decoding raw (or broken) files that
may be missing the initial and possibly final framing
lines. &merged;</para>
<para>&man.vmstat.8; has re-implemented the <option>-f</option>
flag, which displays statistics on fork operations.</para>
<para>&man.xargs.1; now supports a <option>-P</option> option to
execute multiple copies of the same utility in parallel.</para>
<para>&man.xargs.1; now supports a <option>-o</option> flag to
reopen <filename>/dev/tty</filename> for the child process
before executing the command. This is useful when the child
process is an interactive application.</para>
<para>A 1:1 threading package (where for every pthread in an
application there is one KSE and thread) has been implemented.
Under this model, the kernel handles all thread scheduling
decisions and all signal delivery. This uses some of the common
KSE code, and is a restricted case of the M:N threading work
still in progress. The <filename>libthr</filename> library
implementing the userland portion of this functionality is a
drop-in replacement for the <filename>libc_r</filename> library.
Note that <filename>libthr</filename> is not (at this time)
built by default.</para>
</sect2>
<sect2 id="contrib">
<title>Contributed Software</title>
<para><application>awk</application> from Bell Labs has been
updated to a 14 March 2003 snapshot.</para>
<para><application>BIND</application> has been updated to version
8.3.4. &merged;</para>
<para>All of the <application>bzip2</application> suite of
applications is now installed in the base system (in particular,
<command>bzip2recover</command> is now built and
installed). &merged;</para>
<para><application>CVS</application> has been updated to
1.11.5. &merged;</para>
<para><application>FILE</application> has been updated to
3.41. &merged;</para>
<para><application>GCC</application> has been updated to
3.2.2 (release version).</para>
<para>The <application>gdtoa</application> library, for
conversions between strings and floating point. These sources
were dated 24 March 2003.</para>
<para><application>IPFilter</application> has been updated to
3.4.31. &merged;</para>
<para>The <application>ISC DHCP</application> client has been
updated to 3.0.1RC11. &merged;</para>
<para>The <application>ISC DHCP</application> client now includes
the &man.omshell.1; utility and the &man.dhcpctl.3; library for
run-time control of the client.</para>
<para><application>Kerberos IV</application> support (in the form
of <application>KTH eBones</application>) has been removed.
Users requiring this functionality can still get it from the
<filename role="port">security/krb4</filename> port (or
package). Kerberos IV compatibility mode for Kerberos 5 has
been removed, and the
<literal>k5<replaceable>program</replaceable></literal> userland
utilities have been renamed to
<literal>k<replaceable>program</replaceable></literal>.</para>
<para><application>libpcap</application> now has support for
selecting among multiple data link types on an interface.</para>
<para><application>lukemftpd</application> (not built or installed
by default) has been updated to a snapshot from 22 January
2003.</para>
<para><application>OpenPAM</application> has been updated to the
<quote>Daffodil</quote> release.</para>
<para><application>OpenSSL</application> has been updated to
release 0.9.7a. Among other features, this release includes
support for AES and takes advantage of &man.crypto.4;
devices. &merged;</para>
<para><application>sendmail</application> has been updated to
version 8.12.9. &merged;</para>
<para>&man.tcpdump.1; has been updated to version 3.7.2. &merged;
It also now supports a <option>-L</option> flag to list the data
link types available on an interface and a <option>-y</option>
option to specify the data link type to use while capturing
packets.</para>
</sect2>
<sect2 id="ports">
<title>Ports/Packages Collection Infrastructure</title>
<para>The one-line <filename>pkg-comment</filename> files have
been eliminated from each port skeleton; their contents have
been moved into each port's <filename>Makefile</filename>. This
change reduces the disk space and inodes used by the ports
tree. &merged;</para>
<para>When fetching distfiles for building a port, the
<varname>FETCH_REGET</varname> <filename>Makefile</filename>
variable can be used to specify the number of times to try
continuing to fetch a distfile if it fails its MD5 checksum.
The port infrastructure also supports re-fetching interrupted
distfiles.</para>
<para>&man.pkg.create.1; now supports a <option>-C</option>
option, which allows packages to register a list of other
packages with which they conflict. They will refuse to install
(via &man.pkg.add.1;) if one of the listed packages is already
present. The <option>-f</option> flag to &man.pkg.add.1;
overrides this conflict-checking.</para>
<para>&man.pkg.info.1; now honors the <varname>BLOCKSIZE</varname>
environment variable in its output when the <option>-b</option>
flag is given.</para>
<para>&man.pkg.info.1; now implements a <option>-Q</option>
option, which is similar to the <option>-q</option>
<quote>quiet</quote> option except that it prefixes the output
with the package name.</para>
</sect2>
<sect2 id="releng">
<title>Release Engineering and Integration</title>
<para>The supported release of <application>GNOME</application>
has been updated to 2.2.1. &merged;</para>
<para>The supported release of <application>KDE</application>
has been updated to 3.1.1a. &merged;</para>
<para>&man.sysinstall.8; once again supports installing individual
components of <application>XFree86</application>. Supporting
changes (not user-visible) generalize the concept of installing
parts of distributions as packages.</para>
<para>The supported release of <application>XFree86</application>
has been updated to 4.3.0. &merged;</para>
<para>Several upgrade mechanisms designed to permit major version
upgrades from &os; 2.X to 3.X and from &os; 3.X to 4.X have been
removed.</para>
</sect2>
<sect2 id="doc">
<title>Documentation</title>
<para></para>
</sect2>
</sect1>
<sect1 id="upgrade">
<title>Upgrading from previous releases of &os;</title>
<para>Users with existing &os; systems are
<emphasis>highly</emphasis> encouraged to read the <quote>Early
Adopter's Guide to &os; 5.0</quote>. This document generally has
the filename <filename>EARLY.TXT</filename> on the distribution
media, or any other place that the release notes can be found. It
offers some notes on upgrading, but more importantly, also
discusses some of the relative merits of upgrading to &os;
5.<replaceable>X</replaceable> versus running &os;
4.<replaceable>X</replaceable>.</para>
<important>
<para>Upgrading &os; should, of course, only be attempted after
backing up <emphasis>all</emphasis> data and configuration
files.</para>
</important>
</sect1>