freebsd-dev/release/doc/en_US.ISO8859-1/relnotes/article.sgml

409 lines
16 KiB
Plaintext

<articleinfo>
<title>&os;/&arch; &release.current; Release Notes</title>
<corpauthor>The FreeBSD Project</corpauthor>
<pubdate>$FreeBSD$</pubdate>
<copyright>
<year>2000</year>
<year>2001</year>
<year>2002</year>
<year>2003</year>
<year>2004</year>
<holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
</copyright>
<abstract>
<para>The release notes for &os; &release.current; contain a summary
of
<![ %include.historic; [
the changes made to the &os; base system since &release.prev;.
]]>
<![ %no.include.historic; [
recent changes made to the &os; base system on the &release.branch;
development branch.
]]>
This document lists applicable security advisories that were issued since
the last release, as well as significant changes to the &os;
kernel and userland.
Some brief remarks on upgrading are also presented.</para>
</abstract>
</articleinfo>
<sect1 id="intro">
<title>Introduction</title>
<para>This document contains the release notes for &os;
&release.current; on the &arch.print; hardware platform. It
describes recently added, changed, or deleted features of &os;.
It also provides some notes on upgrading
from previous versions of &os;.</para>
<![ %release.type.snapshot [
<para>The &release.type; distribution to which these release notes
apply represents a point along the &release.branch; development
branch between &release.prev; and the future &release.next;. Some
pre-built, binary &release.type; distributions along this branch
can be found at <ulink url="&release.url;"></ulink>.</para>
]]>
<![ %release.type.release [
<para>This distribution of &os; &release.current; is a
&release.type; distribution. It can be found at <ulink
url="&release.url;"></ulink> or any of its mirrors. More
information on obtaining this (or other) &release.type;
distributions of &os; can be found in the <ulink
url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining
FreeBSD</quote> appendix</ulink> to the <ulink
url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD
Handbook</ulink>.</para>
]]>
<para>Users who are new to the &release.branch; series of &os;
&release.type;s should also read the <quote>Early Adopters Guide
to &os; &release.current;</quote>. This document can generally be
found in the same location as the release notes (either as a part of a
&os; distribution or on the &os; Web site). It contains important
information regarding the advantages and disadvantages of using
&os; &release.current;, as opposed to releases based on the &os;
4-STABLE development branch.</para>
<para>All users are encouraged to consult the release errata before
installing &os;. The errata document is updated with
<quote>late-breaking</quote> information discovered late in the
release cycle or after the release. Typically, it contains
information on known bugs, security advisories, and corrections to
documentation. An up-to-date copy of the errata for &os;
&release.current; can be found on the &os; Web site.</para>
</sect1>
<sect1 id="new">
<title>What's New</title>
<para>This section describes
<![ %include.historic; [
the most user-visible new or changed features in &os;
since &release.prev;.
In general, changes described here are unique to the &release.branch;
branch unless specifically marked as &merged; features.
]]>
<![ %no.include.historic; [
many of the user-visible new or changed features in &os;
since &release.prev;. It includes items that are unique to the
&release.branch; branch, as well as some features that may have been
recently merged to
other branches (after &os; &release.prev.historic;). The latter
items are marked as &merged;.
]]>
</para>
<para>Typical release note items
document recent security advisories issued after
&release.prev.historic;,
new drivers or hardware support, new commands or options,
major bug fixes, or contributed software upgrades. They may also
list changes to major ports/packages or release engineering
practices. Clearly the release notes cannot list every single
change made to &os; between releases; this document focuses
primarily on security advisories, user-visible changes, and major
architectural improvements.</para>
<sect2 id="security">
<title>Security Advisories</title>
<para>A bug in &man.mksnap.ffs.8; has been fixed; it caused the creation of a
filesystem snapshot to reset the flags on the filesystem to
their default values. The possible consequences depended on local
usage, but could include disabling extended access control lists
or enabling the use of setuid executables stored on an untrusted
filesystem. This bug also affected the &man.dump.8;
<option>-L</option> option, which uses &man.mksnap.ffs.8;. Note
that &man.mksnap.ffs.8; is normally only available to the
superuser and members of the <groupname>operator</groupname>
group. For more information, see security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para>
</sect2>
<sect2 id="kernel">
<title>Kernel Changes</title>
<para arch="i386,pc98">The dgb (DigiBoard intelligent serial card) driver has been
removed due to breakage. Its replacement is the &man.digi.4; driver,
which supports all the hardware of the dgb driver.</para>
<para arch="i386">The loran (Loran-C receiver) driver has been removed due to
breakage and lack of maintainership.</para>
<para>The ULE scheduler is now the default scheduler in the
<filename>GENERIC</filename> kernel. For the average user,
interactivity is reported to be better in many cases. This
means less <quote>skipping</quote> and <quote>jerking</quote> in
interactive applications while the machine is very busy. This
will not prevent problems due to overloaded disk subsystems, but
it does help with overloaded CPUs. On SMP machines, ULE has
per-CPU run queues which allow for CPU affinity, CPU binding,
and advanced HyperThreading support, as well as providing a
framework for more optimizations in the future. As fine-grained
kernel locking continues, the scheduler will be able to make
more efficient use of the available parallel resources.</para>
<!-- Above this line, sort kernel changes by manpage/keyword-->
<sect3 id="proc">
<title>Platform-Specific Hardware Support</title>
<para></para>
</sect3>
<sect3 id="boot">
<title>Boot Loader Changes</title>
<para arch="i386">A serial console-capable version of
<filename>boot0</filename> has been added. It can be written
to a disk using &man.boot0cfg.8; and specifying
<filename>/boot/boot0sio</filename> as the argument to the
<option>-b</option> option.</para>
<para arch="i386"><filename>cdboot</filename> now works around a
BIOS problem observed on some systems when booting from USB
CDROM drives.</para>
<!-- Above this line, order boot loader changes by keyword-->
</sect3>
<sect3 id="net-if">
<title>Network Interface Support</title>
<para arch="sparc64">The &man.dc.4; driver now supports sparc64
Davicom cards that store their MAC address in
OpenFirmware.</para>
<para arch="i386,pc98">The hea (Efficient Networks, Inc. ENI-155p ATM adapter)
driver has been removed due to breakage. Its functionality
has been subsumed into the &man.en.4; driver.</para>
<para arch="i386">The lmc (LAN Media Corp. PCI WAN adapter) driver has been
removed due to breakage and lack of maintainership.</para>
<para arch="i386">&os; now provides a binary compatibility layer
for using &microsoft.windows; NDIS drivers for network
adapters under &os;/i386. It includes a relocator/linker for
&windows; <filename>.SYS</filename> files to interface with
the &os; kernel and emulates various parts of the NDIS API
using native &os; kernel functions. This system supports PCI
and CardBus network devices, and is designed principally for
Ethernet and wireless network interfaces.
For more information, see the &man.ndis.4; and
&man.ndiscvt.8; manual pages.</para>
<para>Several bugs related to multicast and promiscuous mode
handling in the &man.sk.4; driver have been fixed.</para>
</sect3>
<sect3 id="net-proto">
<title>Network Protocols</title>
<para>Some bugs in the IPsec implementation from the KAME
Project have been fixed. These bugs were related to freeing
memory objects before all references to them were removed, and
could cause erratic behavior or kernel panics after flushing
the Security Policy Database (SPD).</para>
<para>The <literal>PFIL_HOOKS</literal> option is now enabled by
default in the <filename>GENERIC</filename> kernel. The most
notable effect of this change is to make
<application>IPFilter</application> work correctly when loaded
as a kernel module.</para>
<para>The following TCP features are now enabled by default: RFC
3042 (Limited Retransmit), RFC 3390 (increased initial
congestion window sizes), TCP bandwidth-delay product
limiting. More information can be found in &man.tcp.4;.</para>
<para>&os;'s TCP implementation now includes support for a
minimum MSS (settable via the
<varname>net.inet.tcp.minmss</varname> sysctl variable) and a
rate limit on connections that send many small TCP segments
within a short period of time (via the
<varname>net.inet.tcp.minmssoverload</varname> sysctl
variable). Connections exceeding this limit may be reset and
dropped. This feature provides protection against a class of
resource exhaustion attacks.</para>
</sect3>
<sect3 id="disks">
<title>Disks and Storage</title>
<para>A number of bugs in the &man.ata.4; driver have been
fixed. Most notably, master/slave device detection should
work better, and some problems with timeouts should be
resolved.</para>
</sect3>
<sect3 id="fs">
<title>File Systems</title>
<para>A bug in GEOM that could result in I/O hangs in some rare
cases has been fixed.</para>
<para>A panic in the NFSv4 client has been fixed; this occurred
when attempting operations against an NFSv3/NFSv2-only
server.</para>
<para>The SMBFS client now has support for SMB request signing,
which prevents <quote>man in the middle</quote> attacks and is
required in order to connect to Windows 2003 servers in their
default configuration. As signing each message imposes a
significant performance penalty, this feature is only enabled
if the server requires it; this may eventually become an
option to &man.mount.smbfs.8;.</para>
</sect3>
<sect3 id="mm">
<title>Multimedia Support</title>
<para>The meteor (video capture) driver has been removed due to
breakage and lack of maintainership.</para>
</sect3>
</sect2>
<sect2 id="userland">
<title>Userland Changes</title>
<para>&man.devfs.8; path rules now work correctly on
directories.</para>
<para>The configuration files used by the &man.resolver.5; now
support the <literal>timeout:</literal> and
<literal>attempts:</literal> keywords.</para>
<para>&man.ipfw.8; now supports a <option>-b</option> flag to
print only the action and comment for each rule, thus omitting
the rule body.</para>
<para arch="pc98"><filename>libdisk</filename> now uses the
correct PC98 disk partition value for &os;. This permits the
&man.sysinstall.8; disk partition editor to correctly create a
single &os; partition covering the entire disk.</para>
<para arch="i386,pc98,amd64,ia64">The library formerly known as
<filename>libkse</filename> has been renamed
<filename>libpthread</filename> and is now the default threading
library on the i386, amd64, and ia64 platforms.
<application>GCC</application>'s <option>-pthread</option>
option has been changed to use <filename>libpthread</filename>
rather than <filename>libc_r</filename>.
<note>
<para>Users with older binaries (for example, ports compiled
before this change was made) should use &man.libmap.conf.5;
to map <filename>libc_r</filename> and/or
<filename>libkse</filename> to
<filename>libpthread</filename>.</para>
</note>
<note>
<para>Users with NVIDIA-supplied drivers and libraries may
need to use a &man.libmap.conf.5; that maps
<filename>libpthread</filename> references to the older
<filename>libc_r</filename> since these drivers and
utilities do not work with
<filename>libpthread</filename>.</para>
</note>
<para>
<para>A bugfix has been applied to NSS support, which fixes
problems when using third-party NSS modules (such as <filename
role="package">net/nss_ldap</filename>) and groups with large
membership lists.</para>
</sect2>
<sect2 id="contrib">
<title>Contributed Software</title>
<para>The <application>ACPI-CA</application> code has been updated
from the 20030619 snapshot to the 20031203 snapshot.</para>
<para>Security improvements from <application>CVS</application>
1.11.10 and 1.11.11 have been backported. Specifically, certain
malformed module requests are now rejected, and when using
<command>cvs pserver</command> mode, attempts to authenticate as
<username>root</username> are rejected and recorded via
&man.syslog.3;.</para>
<para><application>OpenSSH</application> has been updated from
3.6.1p1 to 3.7.1p2.</para>
</sect2>
<sect2 id="ports">
<title>Ports/Packages Collection Infrastructure</title>
<para></para>
</sect2>
<sect2 id="releng">
<title>Release Engineering and Integration</title>
<para arch="i386,pc98">The building process for boot floppy images
has been completely overhauled. The most significant change is
that the loader now boots a stock <filename>GENERIC</filename>
kernel split across multiple disks (two at the time of this
writing). This greatly improves installations that begin with a
boot from floppy disk, because they now use exactly the same
kernel (and thus support the same hardware) as CDROM
installations. The stripped-down <filename>MFSROOT</filename>
kernel is no longer needed, and the <filename>mfsroot</filename>
image no longer requires kernel modules. The
<filename>boot.flp</filename> and
<filename>driver.flp</filename> images are also obsolete and no
longer built.</para>
</sect2>
<sect2 id="doc">
<title>Documentation</title>
<para></para>
</sect2>
</sect1>
<sect1 id="upgrade">
<title>Upgrading from previous releases of &os;</title>
<para>Users with existing &os; systems are
<emphasis>highly</emphasis> encouraged to read the <quote>Early
Adopter's Guide to &os; &release.current;</quote>. This document generally has
the filename <filename>EARLY.TXT</filename> on the distribution
media, or any other place that the release notes can be found. It
offers some notes on upgrading, but more importantly, also
discusses some of the relative merits of upgrading to &os;
5.<replaceable>X</replaceable> versus running &os;
4.<replaceable>X</replaceable>.</para>
<important>
<para>Upgrading &os; should, of course, only be attempted after
backing up <emphasis>all</emphasis> data and configuration
files.</para>
</important>
</sect1>