1a3a2b1605
version that there's no need to talk about the snapshot business; all it would do is serve to confuse).
2049 lines
88 KiB
Plaintext
2049 lines
88 KiB
Plaintext
<!--
|
|
The "What's New" section of the release notes. Within
|
|
each subsection (i.e. kernel, security, userland), list
|
|
items in chronological order, unless necessary to keep
|
|
related items together, such as multiple release notes
|
|
pertaining to a single program or module.
|
|
|
|
-->
|
|
|
|
<sect1>
|
|
<sect1info>
|
|
<pubdate>$FreeBSD$</pubdate>
|
|
</sect1info>
|
|
|
|
<title>What's New</title>
|
|
|
|
<para>This section describes the most user-visible new or changed
|
|
features in &os; since &release.prev;. All changes
|
|
described here are unique to the &release.branch; branch unless
|
|
specifically marked as &merged; features.</para>
|
|
|
|
<para>Many additional changes were made to &os; that are not listed
|
|
here for lack of space. For example, documentation was corrected
|
|
and improved, minor bugs were fixed, insecure coding practices were
|
|
audited and corrected, and source code was cleaned up.</para>
|
|
|
|
<para>The release notes items are organized into three different
|
|
sections. <xref linkend="kernel"> lists recent changes to the &os;
|
|
kernel. Security fixes, including those pertaining to security
|
|
advisories, are listed in <xref linkend="security">. Finally, <xref
|
|
linkend="userland"> covers changes to &os; userland applications
|
|
included in the base system.</para>
|
|
|
|
<sect2 id="kernel">
|
|
<title>Kernel Changes</title>
|
|
|
|
<para>The &man.kqueue.2; event notification facility was added to
|
|
the &os; kernel. This is a new interface which is able to
|
|
replace &man.poll.2;/&man.select.2, offering improved performance,
|
|
as well as the ability to report many different types of events.
|
|
Support for monitoring changes in sockets, pipes, fifos, and files
|
|
are present, as well as for signals and processes. &merged;</para>
|
|
|
|
<para arch="i386">Support for Intel's Wired for Management 2.0 (PXE)
|
|
was added to the FreeBSD boot loader. Due to API differences, the
|
|
older PXE versions are not supported. This allow network booting
|
|
using DHCP. &merged;</para>
|
|
|
|
<para>Support for USB devices was added to the
|
|
<filename>GENERIC</filename> kernel and to the installation
|
|
programs to support USB devices out of the box. Note that SRM
|
|
does not support USB devices at the moment, so you must still use
|
|
an AT keyboard if you are not using a serial console. &merged;</para>
|
|
|
|
<para>POSIX.1b Shared Memory Objects are now supported. The
|
|
implementation uses regular files, but automatically enables the
|
|
MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para>
|
|
|
|
<para arch="i386">A driver for AGP hardware has been added. &merged;</para>
|
|
|
|
<para>The kernel and modules have been moved to the directory
|
|
<filename>/boot/kernel</filename>, so they can be easily
|
|
manipulated together. The boot loader has been updated to make
|
|
this change as seamless as possible.</para>
|
|
|
|
<para arch="i386">The i386 boot loader now has support for a
|
|
<literal>nullconsole</literal>
|
|
console type, for use on systems with neither a video console nor
|
|
a serial port. &merged;</para>
|
|
|
|
<para>Replaced the <literal>PQ_*CACHE</literal> options with a
|
|
single <literal>PQ_CACHESIZE</literal> option to be set to
|
|
the cache size in kilobytes. The old options are still supported
|
|
for backwards compatibility. &merged;</para>
|
|
|
|
<para arch="i386">The <literal>NCPU</literal>, <literal>NAPIC</literal>,
|
|
<literal>NBUS</literal>, and <literal>NINTR</literal> kernel
|
|
configuration options, for configuring SMP kernels, have been
|
|
removed. <literal>NCPU</literal> is now set to a maximum of 16,
|
|
and the other, aforementioned options are now
|
|
dynamic. &merged;</para>
|
|
|
|
<para>&man.devfs.5;, which allows entries in the
|
|
<filename>/dev</filename> directory to be built automatically and
|
|
supports more flexible attachment of devices, has been largely
|
|
reworked. &man.devfs.5; is now enabled by default and can be
|
|
disabled by the <literal>NODEVFS</literal> kernel option.</para>
|
|
|
|
<para arch="i386">Preliminary Cardbus support under NEWCARD has been added.
|
|
This code supports the TI113X, TI12XX, TI125X, Ricoh 5C46/5C47, Topic
|
|
95/97/100 and Cirrus Logic PD683X bridges. 16-bit PC Card support
|
|
is not yet functional.</para>
|
|
|
|
<para>Write combining for crashdumps has been implemented. This
|
|
feature is useful when write caching is disabled on both SCSI and
|
|
IDE disks, where large memory dumps could take up to an hour to
|
|
complete. &merged;</para>
|
|
|
|
<para>Extremely large swap areas (>67 GB) no longer panic the
|
|
system.</para>
|
|
|
|
<para arch="i386">The &man.ichsmb.4; driver for the Intel 82801AA
|
|
(ICH) SMBus controller and compatibles has been
|
|
added. &merged;</para>
|
|
|
|
<para arch="i386">The &man.uscanner.4; driver for basic USB scanner support
|
|
using SANE has been added. See <ulink
|
|
url="http://www.mostang.com/sane/">the SANE home page</ulink> for
|
|
supported scanners. The HP ScanJet 4100C, 5200C and 6300C are
|
|
known to be working.</para>
|
|
|
|
<para arch="i386">The umodem driver for USB modems has been added.
|
|
Support is provided for the 3Com 5605 and Metricom Ricochet GS
|
|
wireless USB modems.</para>
|
|
|
|
<para arch="alpha">Support for threads under Linux emulation has been
|
|
added.</para>
|
|
|
|
<para arch="i386">The pccard driver and &man.pccardc.8; now support multiple
|
|
<quote>beep types</quote> upon card insertion and removal. &merged;</para>
|
|
|
|
<para>A number of cleanups and enhancements have been applied to
|
|
the PCI subsystem.
|
|
<filename>/usr/share/misc/pci_vendors</filename> now contains a
|
|
vendor/device database, which can be used by
|
|
&man.pciconf.8;.</para>
|
|
|
|
<para arch="i386">The &man.spic.4; driver, which provides access to the job
|
|
dial device on some Sony laptops, has been added.</para>
|
|
|
|
<para arch="i386">PECOFF (WIN32 Execution file format) support has been
|
|
added.</para>
|
|
|
|
<para>A VESA S3 linear framebuffer driver has been added.</para>
|
|
|
|
<para>The <maketarget>buildkernel</maketarget> target now gets the
|
|
name of the configuration(s) to build from the
|
|
<varname>KERNCONF</varname> variable, not
|
|
<varname>KERNEL</varname>. It is no longer required, in some
|
|
cases, for a <maketarget>buildworld</maketarget> to precede a
|
|
<maketarget>buildkernel</maketarget>. (The
|
|
<maketarget>buildworld</maketarget> is still required when
|
|
upgrading across major releases, across
|
|
<application>binutil</application> upgrades and when &man.config.8;
|
|
changes version.)
|
|
</para>
|
|
|
|
<para>The &man.random.4; device has been rewritten to use the
|
|
<application>Yarrow</application> algorithm. It harvests entropy
|
|
from a variety of interrupt sources, including the console
|
|
devices, Ethernet and point-to-point network interfaces, and
|
|
mass-storage devices. Entropy from the &man.random.4; device is
|
|
now periodically saved to files in
|
|
<filename>/var/db/entropy</filename>, as well as at
|
|
&man.shutdown.8; time.</para>
|
|
|
|
<para>The &man.syscons.4; driver now supports keyboard-controlled
|
|
pasting, by default bound to
|
|
<keycap>Shift</keycap>-<keycap>Insert</keycap>.</para>
|
|
|
|
<para>The &man.labpc.4; driver has been removed due to
|
|
<quote>bitrot</quote>.</para>
|
|
|
|
<para>A new kernel option, <literal>options REGRESSION</literal>,
|
|
enables interfaces and functionality intended for use during
|
|
correctness and regression testing.</para>
|
|
|
|
<para>The <literal>USER_LDT</literal> kernel option is now
|
|
activated by default.</para>
|
|
|
|
<para>A new &man.ddb.4; command <command>show pcpu</command> lists
|
|
some of the per-CPU data.</para>
|
|
|
|
<para>A new digi driver has been added to support PCI Xr-based and ISA
|
|
Xem Digiboard cards. A new digictl program is (mainly) used to
|
|
re-initialise cards that have external port modules attached such as
|
|
the PC/Xem.</para>
|
|
|
|
<para>The <literal>O_DIRECT</literal> flag has been added to
|
|
&man.open.2; and &man.fcntl.2;. Specifying this flag for open
|
|
files will attempt to minimize the cache effects of reading and
|
|
writing. &merged;</para>
|
|
|
|
<para><literal>OLDCARD</literal> and &man.pccardd.8; now support
|
|
PCI cards.</para>
|
|
|
|
<para>An &man.orm.4; device has been added to claim the option
|
|
ROMs in the ISA memory I/O space, to prevent other drivers from
|
|
mistakenly assigning addresses that conflict with these ROMs. &merged;</para>
|
|
|
|
<para>The out-of-swap process termination code now begins killing
|
|
processes earlier to avoid deadlocks; it now also takes into
|
|
account the swap space used by processes when computing the
|
|
process sizes. &merged;</para>
|
|
|
|
<para>Linker sets are now self-contained; &man.gensetdefs.8; is
|
|
unnecessary and has been removed.</para>
|
|
|
|
<para>Numerous SMP-friendly changes have been made to the kernel's
|
|
mbuf allocator.</para>
|
|
|
|
<para>The dgm driver has been removed in favor of the digi driver.</para>
|
|
|
|
<para>Network device cloning has been implemented, and the &man.gif.4;
|
|
device has been modified to take advantage of it.
|
|
Thus, instead of specifying how many &man.gif.4; interfaces
|
|
are available in kernel configuration files, &man.ifconfig.8;'s
|
|
<option>create</option> option should be used when another device
|
|
instance is desired. &merged;</para>
|
|
|
|
<para>The kernel message buffer is now accessible by the
|
|
(machine-independent) <varname>kern.msgbuf</varname> sysctl
|
|
variable; &man.dmesg.8; no longer needs to be SGID
|
|
<groupname>kmem</groupname>.</para>
|
|
|
|
<para>Two new &man.ddb.4; commands, <command>hwatch</command> and
|
|
<command>dhwatch</command>, have been introduced. Analogous to
|
|
<command>watch</command> and <command>dwatch</command>, they install
|
|
hardware watchpoints (as opposed to software watchpoints) if supported
|
|
by the architecture. &merged;</para>
|
|
|
|
<para arch="i386">Support for Streaming <acronym>SIMD</acronym>
|
|
Extensions (<acronym>SSE</acronym>) has been introduced. The
|
|
<literal>CPU_ENABLE_SSE</literal> kernel option controls whether
|
|
support is compiled into the kernel.</para>
|
|
|
|
<sect3>
|
|
<title>Processor/Motherboard Support</title>
|
|
|
|
<para>SMP support has been largely reworked, incorporating code
|
|
from BSD/OS 5.0. One of the main features of SMPng (<quote>SMP
|
|
Next Generation</quote>) is to allow more processes to run in
|
|
kernel, without the need for spin locks that can dramatically
|
|
reduce the efficiency of multiple processors. Interrupt
|
|
handlers now have contexts associated with them that allow them
|
|
to be blocked, which reduces the need to lock out
|
|
interrupts.</para>
|
|
|
|
<para arch="i386">Support for the 80386 processor has been
|
|
removed from the <filename>GENERIC</filename> kernel, as this
|
|
code seriously pessimizes performance on other ia32
|
|
processors.</para>
|
|
|
|
<para arch="i386">The <literal>I386_CPU</literal> kernel option
|
|
to support the 80386 processor is now mutually exclusive with
|
|
support for other ia32 processors; this should slightly improve
|
|
performance on the 80386 due to the elimination of runtime
|
|
processor type checks.</para>
|
|
|
|
<para arch="i386">Custom kernels that will run on the 80386 can
|
|
still be built by changing the cpu options in the kernel
|
|
configuration file to only include
|
|
<literal>I386_CPU</literal>.</para>
|
|
|
|
<para arch="alpha">AlphaServer 1200 (<quote>Tincup</quote>) has
|
|
been tested and works OK. Currently it does not want to boot
|
|
from CD or floppy but a transplanted disk that was installed on
|
|
another Alpha works well. &merged;</para>
|
|
|
|
<para arch="alpha">The API UP1100 mainboard has been verified to work.</para>
|
|
|
|
<para arch="alpha">The API CS20 1U high server has been verified to work.</para>
|
|
|
|
<para arch="alpha">The DEC3000 series support has been removed from the mfsroot
|
|
floppy image so that it fits on a 1.44 Mbyte floppy again. As the
|
|
DEC3000 is currently only usable diskless this should not cause
|
|
any problems.</para>
|
|
|
|
<para arch="alpha">Support for AlphaServer 2100A (<quote>Lynx</quote>) has been
|
|
added.</para>
|
|
|
|
<para arch="alpha">Kernel code has been added that allows older generation Alpha CPUs
|
|
(EV4 and EV5) to emulate instructions of the newer Alpha CPU
|
|
generations. This enables the use of binary-only programs like Adobe
|
|
Acrobat 4 on EV4 and EV5.</para>
|
|
|
|
<para arch="alpha">SMP support for the alpha is now operational.</para>
|
|
|
|
<para arch="i386">Detection for new processors, such as the
|
|
FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and Transmeta
|
|
Crusoe LongRun, has been added. &merged;</para>
|
|
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Network Interface Support</title>
|
|
|
|
<para>Added support for PCI Ethernet adapters based on the
|
|
National Semiconductor DP83815 chipset, including the NetGear
|
|
FA311-TX and FA312-TX, in the form of the &man.sis.4; driver.</para>
|
|
|
|
<para>The &man.tap.4; driver, a virtual Ethernet device driver for
|
|
bridged configurations, has been added. &merged;</para>
|
|
|
|
<para>The &man.ti.4; driver now supports the Alteon AceNIC
|
|
1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT Gigabit
|
|
cards. &merged;</para>
|
|
|
|
<para>The &man.xl.4; driver now supports the 3Com 3C556 and 3C556B
|
|
MiniPCI adapters used on some laptops. &merged;</para>
|
|
|
|
<para arch="alpha">The &man.ed.4; driver is now supported.</para>
|
|
|
|
<para>The &man.pcn.4; driver, which supports the AMD PCnet/FAST,
|
|
PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and HomePNA
|
|
adapters, has been added. Although these cards are already
|
|
supported by the &man.lnc.4; driver, the &man.pcn.4; driver runs
|
|
these chips in 32-bit mode and uses the RX alignment feature to
|
|
achieve zero-copy receive. This driver is also
|
|
machine-independent, so it will work on both the i386 and alpha
|
|
platforms. The &man.lnc.4; driver is still needed to support non-PCI
|
|
cards. &merged;</para>
|
|
|
|
<para>Support for Fujitsu MB86960A/MB86965A based Ethernet
|
|
PC-Cards is back. &merged;</para>
|
|
|
|
<para arch="i386">The snc driver for the National Semiconductor
|
|
DP8393X (SONIC) Ethernet controller has been added. Currently,
|
|
this driver is only used on the PC-98 architecture. &merged;</para>
|
|
|
|
<para>The &man.an.4; driver for Cisco Aironet cards now supports
|
|
Wired Equivalent Privacy (WEP) encryption, settable via
|
|
&man.ancontrol.8;. &merged;</para>
|
|
|
|
<para arch="i386">The &man.el.4; driver can now be loaded as a
|
|
module.</para>
|
|
|
|
<para>The &man.ray.4; driver, which supports the Webgear Aviator
|
|
wireless network cards, has been committed. The operation of
|
|
&man.ray.4; interfaces can be modified by
|
|
&man.raycontrol.8;. &merged;</para>
|
|
|
|
<para arch="alpha">The &man.fpa.4; driver now supports Digital's
|
|
DEFPA FDDI adaptors on the Alpha.</para>
|
|
|
|
<para arch="i386">Linksys Fast Ethernet PCCARD cards supported by the
|
|
&man.ed.4; driver now require the addition of flag
|
|
<literal>0x80000</literal> to their config line in
|
|
&man.pccard.conf.5;. This flag is not optional. These Linksys
|
|
cards will not be recognized without it.</para>
|
|
|
|
<para>A bug in the &man.ed.4; driver that could cause panics with
|
|
very short packets and BPF or bridging active has been
|
|
fixed. &merged;</para>
|
|
|
|
<para>The &man.ed.4; driver now has support for D-Link
|
|
DL10022 chips, necessary for the NetGear FA-410TX and other
|
|
cards. As a result, <literal>device miibus</literal> is
|
|
required in kernel configurations using the &man.ed.4;
|
|
driver. &merged;</para>
|
|
|
|
<para>The &man.fxp.4; driver now requires a <literal>device
|
|
miibus</literal> entry in the kernel configuration file. &merged;</para>
|
|
|
|
<para>The &man.wx.4; driver now supports the Intel PRO1000-F and
|
|
PRO1000-T (10/100/1000) adapters. &merged;</para>
|
|
|
|
<para>Added the &man.nge.4; driver, which supports PCI Gigabit
|
|
Ethernet adapters based on the National Semiconductor DP83820
|
|
and DP83821 Gigabit Ethernet controller chips, including the
|
|
D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante
|
|
FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron
|
|
AEG320T. This driver supports transmit and receive checksum
|
|
offloading. &merged;</para>
|
|
|
|
<para>The &man.lge.4; driver has been added to support the Level
|
|
1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This
|
|
device is used on some fiber optic GigE cards from SMC, D-Link
|
|
and Addtron. Jumbograms and TCP/IP checksum offload on receive
|
|
are supported, although hardware VLAN filtering is not. &merged;</para>
|
|
|
|
<para>The &man.xl.4; driver now supports reception of VLAN
|
|
tagged frames (on the <quote>Cyclone</quote> or newer
|
|
chipsets). &merged;</para>
|
|
|
|
<para>The &man.ti.4; driver correctly masks VLAN tags. &merged;</para>
|
|
|
|
<para>The &man.an.4; driver now supports the Cisco Aironet 350
|
|
series of adaptors.</para>
|
|
|
|
<para>The &man.txp.4; driver has been added to support NICs
|
|
based on the 3Com 3XP Typhoon/Sidewinder (3CR990) chipset. &merged;</para>
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Network Protocols</title>
|
|
|
|
<para>&man.accept.filter.9;, a kernel feature to reduce overheads
|
|
when accepting and reading new connections on listening sockets,
|
|
has been added. &merged;</para>
|
|
|
|
<para>The &man.ng.mppc.4; and &man.ng.bridge.4; node types have
|
|
been added to the netgraph subsystem. The &man.ng.ether.4; node
|
|
is now dynamically loadable. Miscellaneous bug fixes and
|
|
enhancements have also been made. &merged;</para>
|
|
|
|
<para>&man.netgraph.4; has received some updates and bugfixes.</para>
|
|
|
|
<para>A new netgraph node type &man.ng.one2many.4; for multiplexing
|
|
and demultiplexing packets over multiple links has been added.
|
|
&merged;</para>
|
|
|
|
<para arch="alpha">SLIP has been removed from the
|
|
<filename>mfsroot</filename> floppy image.</para>
|
|
|
|
<para>ICMP ECHO and TSTAMP replies are now rate limited. TCP RSTs
|
|
generated due to packets sent to open and unopen ports are now
|
|
limited by separate counters. Each rate limiting queue now has
|
|
its own description.</para>
|
|
|
|
<para>ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can
|
|
now RST TCP connections in the <literal>SYN_SENT</literal> state
|
|
if the correct sequence numbers are sent back, as controlled by the
|
|
<varname>net.inet.tcp.icmp_may_rst</varname>
|
|
sysctl.</para>
|
|
|
|
<para>TCP has received some bug fixes for its delayed ACK
|
|
behavior. &merged;</para>
|
|
|
|
<para>TCP now supports the NewReno modification to the TCP Fast Recovery
|
|
algorithm. This behavior can be controlled via the
|
|
<varname>net.inet.tcp.newreno</varname> sysctl variable. &merged;</para>
|
|
|
|
<para>TCP now uses a more aggressive timeout for initial SYN segments; this
|
|
allows initial connection attempts to be dropped much
|
|
faster. &merged;</para>
|
|
|
|
<para>The <literal>TCP_COMPAT_42</literal> kernel option has
|
|
been removed.</para>
|
|
|
|
<para>The <literal>TCP_RESTRICT_RST</literal> kernel option has
|
|
been removed. Similar functionality can be achieved with the
|
|
<varname>net.inet.tcp.blackhole</varname> sysctl
|
|
variable. &merged;</para>
|
|
|
|
<para>TCP now has RFC 1323 extensions enabled by default in
|
|
&man.rc.conf.5;. &merged;</para>
|
|
|
|
<para>RFC 1323 and RFC 1644 TCP extensions are now disabled for a
|
|
connection in progress if no response has been received by the
|
|
third SYN segment sent. This behavior tries to work around
|
|
(very old) terminal servers with buggy VJ header compression
|
|
implementations. &merged;</para>
|
|
|
|
<para>The TCP implementation no longer requires the
|
|
allocation of a TCP template structure for each connection; this
|
|
should reduce the buffer usage on large systems handling many
|
|
connections. &merged;</para>
|
|
|
|
<para>TCP's default buffer sizes, controlled by the
|
|
<varname>net.inet.tcp.sendspace</varname> and
|
|
<varname>net.inet.tcp.recvspace</varname> sysctl variables, have
|
|
been increased to 32K and 64K respectively.</para>
|
|
|
|
<para>A new sysctl <varname>net.inet.ip.check_interface</varname>,
|
|
which is on by default, causes IP to verify that an incoming
|
|
packet arrives on an interface that has an address matching the
|
|
packet's destination address. &merged;</para>
|
|
|
|
<para>A new sysctl
|
|
<varname>net.link.ether.inet.log_arp_wrong_iface</varname> has
|
|
been added to control the suppression of logging when ARP replies
|
|
arrive on the wrong interface. &merged;</para>
|
|
|
|
<para>The <literal>proxy</literal> modifier to &man.arp.8;'s
|
|
<option>-d</option> option has been renamed to
|
|
<literal>pub</literal>, for consistency with the
|
|
<option>-s</option> option. The <literal>only</literal> keyword
|
|
has been added to the <option>-s</option> and
|
|
<option>-S</option> flags, to be used in creating
|
|
<quote>proxy-only</quote> published entries.</para>
|
|
|
|
<para>&man.ipfw.8; now filters correctly in the presence of ECN bits in TCP
|
|
segments. &merged;</para>
|
|
|
|
<para>&man.ipfw.8; will now avoid the display of dynamic
|
|
firewall rules unless the <option>-d</option> flag is passed to
|
|
it. The <option>-e</option> lists expired dynamic rules.</para>
|
|
|
|
<para>&man.bridge.4; and &man.dummynet.4; have received some
|
|
enhancements and bug fixes.</para>
|
|
|
|
<para>&man.ipfw.8; has a new feature (<literal>me</literal>) that
|
|
allows for packet matching on interfaces with dynamically-changing
|
|
IP addresses. &merged;</para>
|
|
|
|
<para>&man.ip6fw.8; now has the ability to use a preprocessor
|
|
and use the <option>-q</option> (quiet) flag when reading from a
|
|
file. &merged;</para>
|
|
|
|
<para>A new <literal>options RANDOM_IP_ID</literal> kernel
|
|
option causes the ID field of IP packets to be randomized. This
|
|
closes a minor information leak which allows a remote observer
|
|
to determine the rate at which the machine is generating
|
|
packets, since the default behaviour is to increment a counter
|
|
for each packet sent. &merged;</para>
|
|
|
|
<para>IP multicast now works on VLAN devices. Several other
|
|
bugs in the VLAN code have also been fixed.</para>
|
|
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Disks and Storage</title>
|
|
|
|
<para arch="i386">The &man.twe.4; 3ware ATA RAID driver has added. &merged;</para>
|
|
|
|
<para>The &man.ata.4; driver now has support for ATA100
|
|
controllers. In addition, it now supports the ServerWorks ROSB4
|
|
ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 chipsets, and
|
|
the Cyrix 5530. &merged;</para>
|
|
|
|
<para>To provide more flexible configuration, the various options for the
|
|
&man.ata.4; driver are now boot loader tunables, rather than kernel
|
|
configure-time options. &merged;</para>
|
|
|
|
<para>The &man.ata.4; driver now has support for tagged queuing,
|
|
which is enabled by the <literal>hw.ata.tags</literal> loader
|
|
tunable. &merged;</para>
|
|
|
|
<para>The &man.ata.4; driver now has support for ATA
|
|
<quote>pseudo</quote> RAID controllers as the Promise Fasttrak and
|
|
HighPoint HPT370 controllers. &merged;</para>
|
|
|
|
<para arch="i386">The &man.mly.4; driver, for Mylex PCI to SCSI
|
|
AccelRAID and eXtremeRAID controllers with firmware 6.X and
|
|
later, has been added. &merged;</para>
|
|
|
|
<para arch="i386">The &man.asr.4; driver, which provides support
|
|
for the Adaptec SCSI RAID controller family, as well as the DPT
|
|
SmartRAID V and VI families, has been added. &merged;</para>
|
|
|
|
<para arch="i386">Support for the Adaptec FSA family of PCI-SCSI
|
|
RAID controllers has been added, in the form of the &man.aac.4;
|
|
driver.</para>
|
|
|
|
<para>The &man.ahc.4; driver has received numerous updates,
|
|
bugfixes, and enhancements. Among various improvements are
|
|
improved compatibility with chips in <quote>RAID Port</quote> mode
|
|
and systems with AAA and/or ARO cards installed, as well as
|
|
performance improvements. Some bugs were also fixed, including a
|
|
rare hang on Ultra2/U160 controllers. &merged;</para>
|
|
|
|
<para arch="i386">The ncv, nsp, and stg drivers have
|
|
been ported from NetBSD/pc98. They support the NCR 53C50 /
|
|
Workbit Ninja SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI
|
|
controllers. &merged;</para>
|
|
|
|
<para>The &man.cd.4; driver now has support for write operations.
|
|
This allows writing to DVD-RAM, PD and similar drives that probe
|
|
as CD devices. Note that change affects only random-access
|
|
writeable devices, not sequential-only writeable devices such as
|
|
CD-R drives, which are supported by &man.cdrecord.1; in the Ports
|
|
Collection. &merged;</para>
|
|
|
|
<para>The &man.vinum.4; volume manager has received some bug fixes and
|
|
enhancements.</para>
|
|
|
|
<para>&man.md.4;, the memory disk device, has had the
|
|
functionality of &man.vn.4; incorporated into it. &man.md.4;
|
|
devices can now be configured by &man.mdconfig.8;. &man.vn.4; has
|
|
been removed. The Memory Filesystem (MFS) has also been
|
|
removed.</para>
|
|
|
|
<para>BurnProof(TM) support, for applicable ATAPI CD-ROM burners, is now
|
|
supported. &merged;</para>
|
|
|
|
<para arch="alpha">A bug that made certain CDROM drives fail to
|
|
attach when connected to a SCSI card driven by &man.isp.4; has
|
|
been fixed. &merged;</para>
|
|
|
|
<para>The &man.isp.4; driver is now proactive about discovering
|
|
Fibre Channel topology changes.</para>
|
|
|
|
<para>The &man.isp.4; driver now supports target mode for Qlogic
|
|
SCSI cards, including Ultra2 and Ultra3 and dual bus cards.</para>
|
|
|
|
<para>The ida disk driver now has crashdump support. &merged;</para>
|
|
|
|
<para>The CAM error recovery code has been updated.</para>
|
|
|
|
<para>Some problems in &man.sa.4; error handling have been
|
|
fixed, including the <quote>tape drive spinning indefinitely
|
|
upon mt stat</quote> problem.</para>
|
|
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Filesystems</title>
|
|
|
|
<para>Support for named extended attributes was added to the &os;
|
|
kernel. This allows the kernel, and appropriately privileged
|
|
userland processes, to tag files and directories with attribute
|
|
data. Extended attributes were added to support the TrustedBSD
|
|
Project, in particular ACLs, capability data, and mandatory access
|
|
control labels (see
|
|
<filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for
|
|
details).</para>
|
|
|
|
<para>Due to a licensing change, softupdates have been integrated
|
|
into the main portion of the kernel source tree. As a
|
|
consequence, softupdates are now available with the
|
|
<filename>GENERIC</filename> kernel. &merged;</para>
|
|
|
|
<para>A filesystem snapshot capability has been added to FFS.
|
|
Details can be found in
|
|
<filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para>
|
|
|
|
<para>Softupdates for FFS have received some bug fixes and
|
|
enhancements.</para>
|
|
|
|
<para>When running with softupdates, &man.statfs.2; and
|
|
&man.df.1; will track the number of blocks and files that are
|
|
committed to being freed.</para>
|
|
|
|
<para>A bug in FFS that could cause superblock corruption on very large
|
|
filesystems has been corrected. &merged;</para>
|
|
|
|
<para>The Inode Filesystem (IFS) has been added; more information
|
|
can be found in
|
|
<filename>/usr/src/sys/ufs/ifs/README</filename>.</para>
|
|
|
|
<para>The ISO-9660 filesystem now has a hook that supports a loadable
|
|
character conversion routine. The
|
|
<filename>sysutils/cd9660_unicode</filename> port
|
|
contains a set of common conversions.</para>
|
|
|
|
<para>&man.kernfs.5; is obsolete and has been retired.</para>
|
|
|
|
<para>A bug in the NFS client that caused bogus access times with
|
|
<literal>O_EXCL|O_CREAT</literal> opens was fixed. &merged;</para>
|
|
|
|
<para>A new NFS hash function (based on the Fowler/Noll/Vo hash
|
|
algorithm) has been implemented to improve NFS performance by
|
|
increasing the efficiency of the <varname>nfsnode</varname> hash
|
|
tables. &merged;</para>
|
|
|
|
<para>Client-side NFS locks have been implemented.</para>
|
|
|
|
<para>Support for file system Access Control Lists (ACLs) has been
|
|
introduced, allowing more fine-grained control of discretionary
|
|
access control on files and directories. This support was
|
|
integrated from the TrustedBSD Project. More details can be found in
|
|
<filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para>
|
|
|
|
<para>The directory layout preference algorithm for FFS has been
|
|
changed to improve its speed on large filesystems.</para>
|
|
|
|
<para arch="i386">smbfs (CIFS) support in kernel has been added.
|
|
The corresponding userland filesystem mount utility can be found
|
|
in the <filename>net/smbfs</filename> port in the &os; Ports
|
|
Collection. &merged;</para>
|
|
|
|
<para>For consistency, the fdesc, fifo, null, msdos, portal,
|
|
umap, and union filesystems have been renamed to fdescfs,
|
|
fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where
|
|
applicable, modules and mount_* programs have been
|
|
renamed. Compatability <quote>glue</quote> has been added to
|
|
&man.mount.8; so that <literal>msdos</literal> filesystem
|
|
entries in &man.fstab.5; will work without changes.</para>
|
|
|
|
<para>pseudofs, a pseudo-filesystem framework, has been added.
|
|
&man.linprocfs.5; has been modified to use pseudofs.</para>
|
|
|
|
<para>A simple hash-based lookup optimization for large directories
|
|
called <literal>dirhash</literal> has been added. Conditional on the
|
|
<literal>UFS_DIRHASH</literal> kernel option, it improves the speed
|
|
of operations on very large directories at the expense of some
|
|
memory. &merged;</para>
|
|
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Multimedia Support</title>
|
|
|
|
<para arch="i386">The &man.pcm.4; driver now supports the ESS Solo 1,
|
|
Maestro-1, Maestro-2, and Maestro-2e; Forte Media fm801, ESS
|
|
Maestro-2e, and VIA Technologies VT82C686A sound card/chipsets,
|
|
and has received some other updates.
|
|
Separate drivers for the SoundBlaster 8 and Soundblaster 16 now
|
|
replace an older, unified driver. A driver for the CMedia
|
|
CMI8338/CMI8738 sound chips has been added. A driver for the
|
|
CS4281 sound chip has been added. A driver for the S3
|
|
Sonicvobes chipset has been added. &merged;</para>
|
|
|
|
<para arch="i386">A driver for the Advance Logic ALS4000 has
|
|
been added. &merged;</para>
|
|
|
|
<para arch="i386">A driver for the
|
|
ESS Maestro-3/Allegro has been added, however due to licensing
|
|
restrictions, it cannot be compiled into the kernel. &merged; To
|
|
use this driver, add the following line to
|
|
<filename>/boot/loader.conf</filename>:</para>
|
|
|
|
<programlisting>snd_maestro3_load="YES"</programlisting>
|
|
|
|
<para>The &man.bktr.4; driver has been updated to 2.18. This
|
|
update provides a number of new features: New tuner
|
|
types have been added, and improvements to the KLD module and to
|
|
memory allocation have been made. Bugs in &man.devfs.5; when
|
|
unloading and reloading have been fixed.
|
|
Support for new Hauppauge Model 44xxx WinTV Cards (the ones with
|
|
no audio mux) has been added.</para>
|
|
|
|
<para>When sound modules are built, one can now load all the
|
|
drivers and infrastructure by <command>kldload
|
|
snd</command>.</para>
|
|
|
|
<para>A new API has been added for sound cards with hardware
|
|
volume control.</para>
|
|
|
|
<para arch="i386">A driver for the Intel 443MX, 810, 815, and 815E
|
|
integrated sound devices has been added.</para>
|
|
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Contributed Software</title>
|
|
|
|
<para><application>IPFilter</application> has been updated to
|
|
3.4.20. &merged;</para>
|
|
|
|
<para>The Forth Inspired Command Language
|
|
(<application>FICL</application>) used in the boot loader has
|
|
been updated to 2.05.</para>
|
|
|
|
<para>ACPI support has been merged in from the
|
|
<application>Intel ACPI</application>
|
|
project, and updated to the ACPI CA 20010518 release.</para>
|
|
|
|
<sect4 arch="i386">
|
|
<title>isdn4bsd</title>
|
|
|
|
<para><application>isdn4bsd</application> has been updated to
|
|
version 0.96.00.</para>
|
|
|
|
<para>The &man.ihfc.4; driver for supporting Cologne Chip
|
|
Designs HFC devices under <application>isdn4bsd</application>
|
|
has been added.</para>
|
|
|
|
<para>The &man.itjc.4; driver for supporting NETjet-S / Teles
|
|
PCI-TJ devices under <application>isdn4bsd</application> has
|
|
been added.</para>
|
|
|
|
<para>Experimental support for the Eicon.Diehl DIVA 2.0 and
|
|
2.02 ISA PnP ISDN cards has been added to the &man.isic.4;
|
|
<application>isdn4bsd</application> driver.</para>
|
|
|
|
<para>Active CAPI-based ISDN cards manufacured by AVM are now
|
|
supported using the &man.i4bcapi.4; and the &man.iavc.4; driver. The
|
|
supported cards are the AVM B1 PCI and AVM B1 ISA Basic Rate
|
|
cards and the AVM T1 Primary Rate cards.</para>
|
|
|
|
<para>A new <literal>maxconnecttime</literal> keyword is now
|
|
accepted in &man.isdnd.rc.5; files to limit the time a
|
|
connection may remain open.</para>
|
|
</sect4>
|
|
|
|
<sect4 id="kame-kernel">
|
|
<title>KAME</title>
|
|
|
|
<para>The IPv6 stack is now based on a snapshot based on the KAME
|
|
Project's IPv6 snapshot as of 28 May, 2001. Most of the
|
|
items listed in this section are a result of this import.
|
|
<xref linkend="kame-userland"> lists userland updates to the
|
|
KAME IPv6 stack. &merged;</para>
|
|
|
|
<para>&man.gif.4; is now based on RFC 2893, rather than RFC
|
|
1933. The <literal>IFF_LINK2</literal> interface flag can
|
|
be used to control ingress filtering. &merged;</para>
|
|
|
|
<para><application>IPSec</application> has received some
|
|
enhancements, including the ability to use the Rijndael and
|
|
SHA2 algorithms. IPSec RC5 support has been removed due to
|
|
patent issues. &merged;</para>
|
|
|
|
<para>&man.stf.4; now conforms to RFC 3056; the
|
|
<literal>IFF_LINK2</literal> interface flag can be used to
|
|
control ingress filtering. &merged;</para>
|
|
|
|
<para>IPv6 has better checking of illegal addresses (such as
|
|
loopback addresses) on physical networks. &merged;</para>
|
|
|
|
<para>The <varname>IPV6_V6ONLY</varname> socket option is
|
|
now completely supported. The kernel's default behavior
|
|
with respect to this option is controlled by the
|
|
<varname>net.inet6.ip6.v6only</varname> sysctl
|
|
variable. &merged;</para>
|
|
|
|
<para>RFC 3041 (Privacy Extensions for Stateless Address
|
|
Autoconfiguration) is now supported. It can be enabled via
|
|
the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl
|
|
variable. &merged;</para>
|
|
</sect4>
|
|
</sect3>
|
|
</sect2>
|
|
<sect2 id="security">
|
|
<title>Security Fixes</title>
|
|
|
|
<para>&man.sysinstall.8; now allows the user to select one of three
|
|
<quote>security profiles</quote> at install-time. These profiles enable
|
|
different levels of system security by enabling or disabling
|
|
various system services in &man.rc.conf.5; on new
|
|
installs. &merged;</para>
|
|
|
|
<para>A bug in which malformed ELF executable images can hang the
|
|
system has been fixed (see security advisory
|
|
FreeBSD-SA-00:41). &merged;</para>
|
|
|
|
<para>A security hole in Linux emulation was fixed (see security
|
|
advisory FreeBSD-SA-00:42). &merged;</para>
|
|
|
|
<para>&man.rlogind.8;, &man.rshd.8;, and &man.fingerd.8; are now
|
|
disabled by default in <filename>/etc/inetd.conf</filename>. This
|
|
only affects new installations. &merged;</para>
|
|
|
|
<para>String-handling library calls in many programs were fixed to
|
|
reduce the possibility of buffer overflow-related exploits.
|
|
&merged;</para>
|
|
|
|
<para>TCP now uses stronger randomness in choosing its initial sequence
|
|
numbers (see security advisory FreeBSD-SA-00:52). &merged;</para>
|
|
|
|
<para>Several buffer overflows in &man.tcpdump.1; were corrected
|
|
(see security advisory FreeBSD-SA-00:61). &merged;</para>
|
|
|
|
<para>A security hole in &man.top.1; was corrected (see security advisory
|
|
FreeBSD-SA-00:62). &merged;</para>
|
|
|
|
<para>A potential security hole caused by an off-by-one-error in
|
|
&man.gethostbyname.3; has been fixed (see security advisory
|
|
FreeBSD-SA-00:63). &merged;</para>
|
|
|
|
<para>A potential buffer overflow in the &man.ncurses.3; library,
|
|
which could cause arbitrary code to be run from within
|
|
&man.systat.1;, has been corrected (see security advisory
|
|
FreeBSD-SA-00:68). &merged;</para>
|
|
|
|
<para>A vulnerability in &man.telnetd.8; that could cause it to
|
|
consume large amounts of server resources has been fixed (see
|
|
security advisory FreeBSD-SA-00:69). &merged;</para>
|
|
|
|
<para>The <literal>nat deny_incoming</literal> command in
|
|
&man.ppp.8; now works correctly (see security advisory
|
|
FreeBSD-SA-00:70). &merged;</para>
|
|
|
|
<para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files
|
|
that could allow overwriting of arbitrary user-writable files has
|
|
been closed (see security advisory FreeBSD-SA-00:76). &merged;</para>
|
|
|
|
<para>The &man.ssh.1; binary is no longer SUID root by
|
|
default.</para>
|
|
|
|
<para>Some fixes were applied to the Kerberos
|
|
IV implementation related to environment variables, a
|
|
possible buffer overrun, and overwriting ticket files. &merged;</para>
|
|
|
|
<para>&man.telnet.1; now does a better job of sanitizing its
|
|
environment. &merged;</para>
|
|
|
|
<para>Several vulnerabilities in &man.procfs.5; were fixed (see
|
|
security advisory FreeBSD-SA-00:77). &merged;</para>
|
|
|
|
<para>A bug in <application>OpenSSH</application> in which a
|
|
server was unable to disable &man.ssh-agent.1; or
|
|
<literal>X11Forwarding</literal> was fixed (see security advisory
|
|
FreeBSD-SA-01:01). &merged;</para>
|
|
|
|
<para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP
|
|
segments could incorrectly be treated as being part of an
|
|
<literal>established</literal> connection has been fixed (see
|
|
security advisory FreeBSD-SA-01:08). &merged;</para>
|
|
|
|
<para>A bug in &man.crontab.1; that could allow users to read any
|
|
file on the system in valid &man.crontab.5; syntax has been fixed
|
|
(see security advisory FreeBSD-SA-01:09). &merged;</para>
|
|
|
|
<para>A vulnerability in &man.inetd.8; that could allow
|
|
read-access to the initial 16 bytes of
|
|
<groupname>wheel</groupname>-accessible files has been fixed (see security
|
|
advisory FreeBSD-SA-01:11). &merged;</para>
|
|
|
|
<para>A bug in &man.periodic.8; that used insecure temporary files has been
|
|
corrected (see security advisory FreeBSD-SA-01:12). &merged;</para>
|
|
|
|
<para>A bug in &man.sort.1; in which an attacker might be able to
|
|
cause it to abort processing has been fixed (see security advisory
|
|
FreeBSD-SA-01:13). &merged;</para>
|
|
|
|
<para>To fix a remotely-exploitable buffer overflow,
|
|
<application>BIND</application> has been updated
|
|
to 8.2.3 (see security advisory FreeBSD-SA-01:18). &merged;</para>
|
|
|
|
<para><application>OpenSSH</application> now has code to prevent
|
|
(instead of just mitigating through connection limits) an attack
|
|
that can lead to guessing the server key (not host key) by
|
|
regenerating the server key when an RSA failure is detected (see
|
|
security advisory FreeBSD-SA-01:24). &merged;</para>
|
|
|
|
<para>A number of programs have had output formatting strings
|
|
corrected so as to reduce the risk of vulnerabilities. &merged;</para>
|
|
|
|
<para>A number of programs that use temporary files now do so more
|
|
securely. &merged;</para>
|
|
|
|
<para>A bug in ICMP that could cause an attacker to disrupt TCP and UDP
|
|
<quote>sessions</quote> has been corrected. &merged;</para>
|
|
|
|
<para>A bug in &man.timed.8;, which caused it to crash if send
|
|
certain malformed packets, has been corrected (see security
|
|
advisory FreeBSD-SA-01:28). &merged;</para>
|
|
|
|
<para>A bug in &man.rwhod.8;, which caused it to crash if send
|
|
certain malformed packets, has been corrected (see security
|
|
advisory FreeBSD-SA-01:29). &merged;</para>
|
|
|
|
<para>A security hole in FreeBSD's FFS and EXT2FS implementations,
|
|
which allowed a race condition that could cause users to have
|
|
unauthorized access to data, has been fixed (see security advisory
|
|
FreeBSD-SA-01:30). &merged;</para>
|
|
|
|
<para>A remotely-exploitable vulnerability in &man.ntpd.8; has
|
|
been closed (see security advisory FreeBSD-SA-01:31). &merged;</para>
|
|
|
|
<para>A security hole in <application>IPFilter</application>'s
|
|
fragment cache has been closed (see
|
|
security advisory FreeBSD-SA-01:32). &merged;</para>
|
|
|
|
<para>Buffer overflows in &man.glob.3;, which could cause
|
|
arbitrary code to be run on an FTP server, have been closed. In
|
|
addition, to prevent some forms of DOS attacks, &man.glob.3;
|
|
allows specification of a limit on the number of pathname matches
|
|
it will return. &man.ftpd.8; now uses this feature (see security
|
|
advisory FreeBSD-SA-01:33). &merged;</para>
|
|
|
|
<para>Initial sequence numbers in TCP are more thoroughly
|
|
randomized (see security advisory FreeBSD-SA-01:39). Due to some
|
|
possible compatability issues, the behavior of this security fix
|
|
can be enabled or disabled via the
|
|
<varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl
|
|
variable.&merged;</para>
|
|
|
|
<para>The new <varname>net.inet.ip.maxfragpackets</varname>
|
|
and <varname>net.inet.ip.maxfragpackets</varname> sysctl
|
|
variables limit the amount of memory that can be consumed by IPv4
|
|
and IPv6 packet fragments, which defends against some denial of service
|
|
attacks. &merged;</para>
|
|
|
|
<para>A vulnerability in the &man.fts.3; routines (used by
|
|
applications for recursively traversing a filesystem) could
|
|
allow a program to operate on files outside the intended directory
|
|
hierarchy. This bug has been fixed (see security advisory
|
|
FreeBSD-SA-01:40). &merged;</para>
|
|
|
|
<para>&os;'s TCP implementation has been made more resistant to
|
|
SYN floods, by eliminating the RST segment normally sent when
|
|
removing a connection from the listen queue.</para>
|
|
|
|
<para><application>OpenSSH</application> now switches to the
|
|
user's UID before attempting to unlink the authentication
|
|
forwarding file, nullifying the effects of a race.</para>
|
|
|
|
<para>A flaw allowed some signal handlers to remain in effect in a
|
|
child process after being exec-ed from its parent. This allowed
|
|
an attacker to execute arbitrary code in the context of a setuid
|
|
binary. This flaw has been corrected (see security advisory
|
|
FreeBSD-SA-01:42). &merged;</para>
|
|
|
|
<para>A remote buffer overflow in &man.tcpdump.1; has been fixed
|
|
(see security advisory FreeBSD-SA-01:48). &merged;</para>
|
|
|
|
<para>A remote buffer overflow in &man.telnetd.8; has been
|
|
fixed (see security advisory FreeBSD-SA-01:49). &merged;</para>
|
|
</sect2>
|
|
<sect2 id="userland">
|
|
<title>Userland Changes</title>
|
|
|
|
<para>&man.cdcontrol.1; now supports a <literal>cdid</literal>
|
|
command, which calculates and displays the CD serial number, using
|
|
the same algorithm used by the CDDB database. &merged;</para>
|
|
|
|
<para>&man.mtree.8; now includes support for a file that lists
|
|
pathnames to be excluded when creating and verifying prototypes.
|
|
This makes it easier to use &man.mtree.8; as a part of an
|
|
intrusion-detection system. &merged;</para>
|
|
|
|
<para>&man.ls.1; can produce colorized listings with the
|
|
<option>-G</option> flag (and appropriate terminal
|
|
support). &merged;</para>
|
|
|
|
<para>&man.sysinstall.8; now properly preserves
|
|
<filename>/etc/mail</filename> during a binary upgrade. &merged;</para>
|
|
|
|
<para>The &man.truncate.1; utility, which truncates or extends the length
|
|
of files, has been added. &merged;</para>
|
|
|
|
<para>&man.syslogd.8; can take a <option>-n</option> option to
|
|
disable DNS queries for every request. &merged;</para>
|
|
|
|
<para>&man.kenv.1;, a command to dump the kernel environment, has
|
|
been added. &merged;</para>
|
|
|
|
<para>The behavior of &man.periodic.8; is now controlled by
|
|
<filename>/etc/defaults/periodic.conf</filename> and
|
|
<filename>/etc/periodic.conf</filename>. &merged;</para>
|
|
|
|
<para arch="i386">&man.boot98cfg.8;, a PC-98 boot manager installation and
|
|
configuration utility, has been added. &merged;</para>
|
|
|
|
<para>&man.logger.1; can now send messages directly to a remote
|
|
syslog. &merged;</para>
|
|
|
|
<para arch="i386">&man.gdb.1; now supports hardware watchpoints (using the
|
|
kernel's debug register + support that has been introduced in
|
|
&os; 4.0). &merged;</para>
|
|
|
|
<para>&man.which.1; is now a C program, rather than a Perl
|
|
script.</para>
|
|
|
|
<para>&man.killall.1; is now a C program, rather than a Perl
|
|
script. As a result, its <option>-m</option> option now uses the
|
|
regular expression syntax of &man.regex.3;, rather than that of
|
|
&man.perl.1;. &merged;</para>
|
|
|
|
<para>&man.killall.1; now allows non-root users to kill SUID root
|
|
processes that they started, the same as the Perl version did.</para>
|
|
|
|
<para>&man.finger.1; now has the ability to support fingering
|
|
aliases, via the &man.finger.conf.5; file. &merged;</para>
|
|
|
|
<para>&man.finger.1; now has support for a
|
|
<filename>.pubkey</filename> file.</para>
|
|
|
|
<para>nsswitch support has been merged from NetBSD. By creating
|
|
an &man.nsswitch.conf.5; file, FreeBSD can be configured so that
|
|
various databases such as &man.passwd.5; and &man.group.5; can be
|
|
looked up using flat files, NIS, or Hesiod. The old
|
|
<filename>hosts.conf</filename> file is no longer used.</para>
|
|
|
|
<para>RSA Security has waived all patent rights to the RSA
|
|
algorithm. As a
|
|
result, the native <application>OpenSSL</application>
|
|
implementation of the RSA algorithm is now activated by default,
|
|
and the <filename>rsaref</filename> port and
|
|
<filename>librsaUSA</filename> are no longer required for USA
|
|
residents. &merged;</para>
|
|
|
|
<para>&man.ifconfig.8; command can set the link-layer address
|
|
of an interface. &merged;</para>
|
|
|
|
<para>&man.ifconfig.8; can now accept addresses in slash/CIDR
|
|
notation. &merged;</para>
|
|
|
|
<para>&man.ifconfig.8; now has support for setting parameters for
|
|
IEEE 802.11 wireless network devices. &man.wi.4; and
|
|
&man.an.4; devices are supported, and partial support is provided
|
|
for &man.awi.4; devices. &merged;</para>
|
|
|
|
<para>&man.ifconfig.8; no longer displays the list of supported
|
|
media by default. Instead it displays it when the
|
|
<option>-m</option> is given. &merged;</para>
|
|
|
|
<para>&man.setproctitle.3; has been moved from
|
|
<filename>libutil</filename> to
|
|
<filename>libc</filename>. &merged;</para>
|
|
|
|
<para>&man.chio.1; now has the ability to specify elements by
|
|
volume tag instead of by their physical location as well as the
|
|
ability to return an element to its previous location. &merged;</para>
|
|
|
|
<para>&man.sed.1; now takes a <option>-E</option> option for
|
|
extended regular expression support. &merged;</para>
|
|
|
|
<para>&man.ln.1; now takes an <option>-i</option> option to
|
|
request user confirmation before overwriting an existing
|
|
file. &merged;</para>
|
|
|
|
<para>&man.ln.1; now takes a <option>-h</option> flag to avoid
|
|
following a target that is a link, with a <option>-n</option> flag
|
|
for compatability with other implementations. &merged;</para>
|
|
|
|
<para>Userland &man.ppp.8; has received a number of updates and
|
|
bug fixes. &merged;</para>
|
|
|
|
<para>&man.make.1; has gained the <literal>:C///</literal>
|
|
(regular expression substitution), <literal>:L</literal>
|
|
(lowercase), and <literal>:U</literal> (uppercase) variable
|
|
modifiers. These were added to reduce the differences between the
|
|
&os; and
|
|
OpenBSD/NetBSD
|
|
&man.make.1 programs. &merged; </para>
|
|
|
|
<para>Bugs in &man.make.1;, among which include broken null suffix
|
|
behavior, bad assumptions about current directory permissions, and
|
|
potential buffer overflows, have been fixed. &merged;</para>
|
|
|
|
<para>The &os; <filename>Makefile</filename> infrastructure now
|
|
supports the <varname>WARNS</varname> directive from NetBSD. This
|
|
directive controls the addition of compiler warning flags to
|
|
<varname>CFLAGS</varname> in a relatively compiler-neutral
|
|
manner. &merged;</para>
|
|
|
|
<para>&man.fsck.8; wrappers have been imported; this feature
|
|
provides infrastructure for &man.fsck.8; to work on different
|
|
types of filesystems (analogous to &man.mount.8;).</para>
|
|
|
|
<para>The behavior of &man.fsck.8; when dealing with various
|
|
passes (a la <filename>/etc/fstab</filename>) has been modified to
|
|
accomodate multiple-disk filesystems.</para>
|
|
|
|
<para>&man.style.perl.7;, a style guide for Perl code in the &os;
|
|
base system, has been added.</para>
|
|
|
|
<para>The <quote>in use</quote> percentage metric displayed by
|
|
&man.netstat.1; now really reflects the percentage of network
|
|
mbufs used. &merged;</para>
|
|
|
|
<para>&man.netstat.1; now has a <option>-W</option> flag that
|
|
tells it not to truncate addresses, even if they're too long for
|
|
the column they're printed in. &merged;</para>
|
|
|
|
<para>&man.netstat.1; now keeps track of input and output packets
|
|
on a per-address basis for each interface. &merged;</para>
|
|
|
|
<para>&man.netstat.1; now has a <option>-z</option> flag to reset
|
|
statistics.</para>
|
|
|
|
<para>&man.sockstat.1; now has <option>-c</option> and
|
|
<option>-l</option> flags for listing connected and listening
|
|
sockets, respectively. &merged;</para>
|
|
|
|
<para>&man.mergemaster.8; has gained some new features, has been
|
|
cleaned up somewhat, and is now more cross-platform friendly.</para>
|
|
|
|
<para>&man.mergemaster.8; now sources an
|
|
<filename>/etc/mergemaster.rc</filename> file and also prompts the
|
|
user to run recommended commands (such as
|
|
<command>newaliases</command>) as needed. &merged;</para>
|
|
|
|
<para>The compiler chain now uses the FSF-supplied C/C++ runtime
|
|
initialization code. This change brings about better
|
|
compatibility with code generated from the various egcs and gcc
|
|
ports, as well as the stock public FSF source. &merged;</para>
|
|
|
|
<para>The threads library has gained some signal handling changes,
|
|
bug fixes, and performance enhancements (including zero system
|
|
call thread switching). &man.gdb.1; thread support has been
|
|
updated to match these changes. &merged;</para>
|
|
|
|
<para>&man.chflags.1; has moved from <filename>/usr/bin</filename>
|
|
to <filename>/bin</filename>.</para>
|
|
|
|
<para>Use of the <literal>CSMG_*</literal> macros no longer
|
|
require inclusion of
|
|
<filename><sys/param.h></filename></para>
|
|
|
|
<para>IP Filter is now supported by the
|
|
&man.rc.conf.5; boot-time configuration and
|
|
initialization. &merged;</para>
|
|
|
|
<para>The &man.lastlogin.8; utility, which prints the last login
|
|
time of each user, has been imported from
|
|
NetBSD. &merged;</para>
|
|
|
|
<para>&man.last.1; now implements a <option>-d</option> that
|
|
provides a <quote>snapshot</quote> of who was logged in at a
|
|
particular date and time. &merged;</para>
|
|
|
|
<para>&man.newfs.8; now implements write combining, which can make
|
|
creation of new filesystems up to seven times
|
|
faster. &merged;</para>
|
|
|
|
<para>&man.newfs.8; now takes a <option>-U</option> option to
|
|
enable softupdates on a new filesystem. &merged;</para>
|
|
|
|
<para>The default number of cylinders per group in &man.newfs.8;
|
|
is now 22, up from 16.</para>
|
|
|
|
<para>A number of buffer overflows in &man.config.8; have been
|
|
fixed. &merged;</para>
|
|
|
|
<para>&man.pwd.1; can now double as &man.realpath.1;, a program to
|
|
resolve pathnames to their underlying physical paths. &merged;</para>
|
|
|
|
<para>&man.stty.1; now has support for an
|
|
<literal>erase2</literal> control character, so that, for example,
|
|
both the <keycap>Delete</keycap> and <keycap>Backspace</keycap>
|
|
keys can be used to erase characters. &merged;</para>
|
|
|
|
<para>The &man.ibcs2.8;, &man.linux.8;, &man.osf1.8;, and &man.svr4.8;
|
|
scripts, whose sole purpose was to load emulation
|
|
kernel modules, have been removed. The kernel module system will
|
|
automatically load them as needed to fulfill dependencies.</para>
|
|
|
|
<para>&man.top.1; will now use the full width of its tty.</para>
|
|
|
|
<para>&man.growfs.8;, a utility for growing FFS filesystems, has
|
|
been added. &man.ffsinfo.8;, a utility for dump all the
|
|
meta-information of an existing filesystem, has also been
|
|
added. &merged;</para>
|
|
|
|
<para>&man.indent.1; has gained some new formatting
|
|
options. &merged;</para>
|
|
|
|
<para>&man.sysinstall.8; now uses some more intuitive defaults
|
|
thanks to some new dialog support functions. &merged;</para>
|
|
|
|
<para>The default root partition in &man.sysinstall.8; is now
|
|
100MB on the i386 and 120MB on the alpha.</para>
|
|
|
|
<para>&man.xargs.1; gained a <option>-J</option> option which allows
|
|
the user to specify exactly where in the command line the input should
|
|
be retrofitted. &merged;</para>
|
|
|
|
<para>Shortly after the receipt of a <literal>SIGINFO</literal>
|
|
signal (normally control-T from the controlling tty), &man.fsck.ffs.8;
|
|
will now output a line indicating the current phase number and
|
|
progress information relevant to the current phase. &merged;</para>
|
|
|
|
<para>&man.fsck.ffs.8; now supports background filesystem checks
|
|
to mounted FFS filesystems with the <option>-B</option> option
|
|
(softupdates must be enabled on these filesystems). The
|
|
<option>-F</option> flag now determines whether a specified
|
|
filesystem needs foreground checking.</para>
|
|
|
|
<para>&man.fsck.8; now has support for foreground
|
|
(<option>-F</option>) and background (<option>-B</option>) checks.
|
|
Traditionally, &man.fsck.8; is invoked before the filesystems are
|
|
mounted and all checks are done to completion at that time. If
|
|
background checking is available, &man.fsck.8; is invoked twice.
|
|
It is first invoked at the traditional time, before the
|
|
filesystems are mounted, with the <option>-F</option> flag to do
|
|
checking on all the filesystems that cannot do background
|
|
checking. It is then invoked a second time, after the system has
|
|
completed going multiuser, with the <option>-B</option> flag to do
|
|
checking on all the filesystems that can do background checking.
|
|
Unlike the foreground checking, the background checking is started
|
|
asynchronously so that other system activity can proceed even on
|
|
the filesystems that are being checked. Boot-time enabling of
|
|
this feature is controlled by the
|
|
<varname>background_fsck</varname> option in &man.rc.conf.5;.</para>
|
|
|
|
<para>A new &man.fsck.msdosfs.8; utility has been added to check
|
|
the consistency of MS-DOS filesystems.</para>
|
|
|
|
<para>Catching up with most other network utilities in the base
|
|
system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and
|
|
&man.logger.1; are now all IPv6-capable. &merged;</para>
|
|
|
|
<para arch="i386"><filename>libdisk</filename> can now do
|
|
install-time configuration of the &arch; <filename>boot0</filename>
|
|
boot loader. &merged;</para>
|
|
|
|
<para>The <option>-v</option> option to &man.rm.1; now displays
|
|
the entire pathname of a file being removed.</para>
|
|
|
|
<para>&man.lpr.1;, &man.lpq.1;, and &man.lpd.8; have received a
|
|
few minor enhancements. &merged;</para>
|
|
|
|
<para>&man.lpd.8; now takes two new options: <option>-c</option>
|
|
will log all connection errors to &man.syslogd.8;, while
|
|
<option>-W</option> will allow connections from non-reserved
|
|
ports. &merged;</para>
|
|
|
|
<para>&man.lpc.8; has been improved; <command>lpc clean</command>
|
|
is now somewhat safer, and a new <command>lpc tclean</command>
|
|
command has been added to check to see what files would be removed
|
|
by <command>lpc clean</command>. &merged;</para>
|
|
|
|
<para>If the first argument to &man.ancontrol.8; or
|
|
&man.wicontrol.8; doesn't start with a <literal>-</literal>, it is
|
|
assumed to be an interface.</para>
|
|
|
|
<para>&man.rdist.1; has been retired.</para>
|
|
|
|
<para>&man.ppp.8; has gained the <literal>tcpmssfixup</literal>
|
|
option, which adjusts outgoing and incoming TCP SYN packets so that the maximum
|
|
receive segment size is no larger than allowed by the interface
|
|
MTU. &merged;</para>
|
|
|
|
<para><filename>libcrypt</filename> and
|
|
<filename>libdescrypt</filename> have been unified to provide a
|
|
configurable password authentication hash library. Both the md5
|
|
and des hash methods are provided unless the des hash is
|
|
specifically compiled out. &merged;</para>
|
|
|
|
<para>&man.passwd.1; and &man.pw.8; now select the password hash
|
|
algorithm at run time. See the <literal>passwd_format</literal>
|
|
attribute in <filename>/etc/login.conf</filename>.</para>
|
|
|
|
<para>In preparation for meeting SUSv2/POSIX
|
|
<filename><sys/select.h></filename> requirements,
|
|
<literal>struct selinfo</literal> and related functions have been
|
|
moved to <filename><sys/selinfo.h></filename>.</para>
|
|
|
|
<para>&man.syslogd.8; now supports a <literal>LOG_CONSOLE</literal>
|
|
facility (disabled by
|
|
default), which can be used to log <filename>/dev/console</filename>
|
|
output. &merged;</para>
|
|
|
|
<para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename>
|
|
(as on NetBSD), not <filename>/usr/libexec/cpp</filename>.</para>
|
|
|
|
<para>Boot-time &man.syscons.4; configuration was moved to a
|
|
machine-independent <filename>/etc/rc.syscons</filename>. &merged;</para>
|
|
|
|
<para>&man.burncd.8; now supports a <option>-m</option> option for
|
|
multisession mode (the default behavior now is to close disks as
|
|
single-session). A <option>-l</option> option to take a list of
|
|
image files from a filename was also added; <filename>-</filename>
|
|
can be used as a filename for <literal>stdin</literal>. &merged;</para>
|
|
|
|
<para>&man.dmesg.8; now has a <option>-a</option> option to show
|
|
the entire message buffer, including &man.syslogd.8; records and
|
|
<filename>/dev/console</filename> output. &merged;</para>
|
|
|
|
<para>&man.cdcontrol.1; now uses the <literal>CDROM</literal>
|
|
environment variable to pick a default device. &merged;</para>
|
|
|
|
<para>&man.cdcontrol.1; now supports <literal>next</literal> and
|
|
<literal>prev</literal> commands to skip forwards or backwards a
|
|
specified number of tracks while playing an audio CD.</para>
|
|
|
|
<para>&man.sysctl.8; now supports a <option>-N</option> option to
|
|
print out variable names only.</para>
|
|
|
|
<para>&man.sysctl.8; has replaced the <option>-A</option> and
|
|
<option>-X</option> options with <option>-ao</option> and
|
|
<option>-ax</option> respectively; the former options are now
|
|
deprecated. The <option>-w</option> is deprecated as well; it is
|
|
not needed to determine the user's intentions.</para>
|
|
|
|
<para>&man.sysinstall.8; now lives in <filename>/usr/sbin</filename>,
|
|
which simplifies the installation process. The &man.sysinstall.8;
|
|
manpage is also installed in a more consistent fashion now.</para>
|
|
|
|
<para>&man.config.8; is now better about converting various
|
|
warnings that should
|
|
have been errors into actual fatal errors with an exit code. This
|
|
ensures that <literal>make buildkernel</literal>
|
|
doesn't quietly ignore them and
|
|
build a bogus kernel without a human to read the errors. &merged;</para>
|
|
|
|
<para><filename>libc</filename> is now thread-safe by default;
|
|
<filename>libc_r</filename> contains only thread functions.</para>
|
|
|
|
<para>&man.find.1; now takes the <option>-empty</option> flag,
|
|
which returns true if a file or directory is empty. &merged;</para>
|
|
|
|
<para>&man.find.1; now takes the <option>-iname</option> and
|
|
<option>-ipath</option> primaries for case-insensitive matches,
|
|
and the <option>-regexp</option> and <option>-iregexp</option>
|
|
primaries for regular-expression matches. The <option>-E</option>
|
|
flag now enables extended regular expressions. &merged;</para>
|
|
|
|
<para>&man.find.1; now has the <option>-anewer</option>,
|
|
<option>-cnewer</option>, <option>-mnewer</option>,
|
|
<option>-okdir</option>, and <option>-newer[acm][acmt]</option>
|
|
primaries for comparisons of file timestamps. &merged;</para>
|
|
|
|
<para>&man.tftpd.8; now takes the <option>-c</option> and
|
|
<option>-C</option> options, which allow the server to
|
|
&man.chroot.2; based on the IP address of the connecting client.
|
|
&man.tftp.1; and &man.tftpd.8; can now transfer files larger than
|
|
65535 blocks. &merged;</para>
|
|
|
|
<para>&man.vidcontrol.1; now accepts a <option>-g</option>
|
|
parameter to select custom text geometry in the
|
|
<literal>VESA_800x600</literal> raster text mode. &merged;</para>
|
|
|
|
<para>&man.ldconfig.8; now checks directory ownerships and
|
|
permissions for greater security; these checks can be disabled
|
|
with the <option>-i</option> flag. &merged;</para>
|
|
|
|
<para>The &man.rfork.thread.3; library call has been added as a
|
|
helper function to &man.rfork.2;. Using this function should
|
|
avoid the need to implement complex stack swap
|
|
code. &merged;</para>
|
|
|
|
<para>Significant additions have been made to internationalization
|
|
support; &os; now has complete locale support for the
|
|
<literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, and
|
|
<literal>LC_MESSAGES</literal> categories. A number of
|
|
applications have been updated to take advantage of this
|
|
support.</para>
|
|
|
|
<para>Locale names have been changed to improve compatability with
|
|
the names used by X11R6, as well as a number of other UNIX
|
|
versions. As an example, the <literal>en_US.ISO_8859-1</literal>
|
|
locale name has been changed to
|
|
<literal>en_US.ISO8859-1</literal>. Entries in
|
|
<filename>/etc/locale.alias</filename> provide backward
|
|
compatability.</para>
|
|
|
|
<para>A <filename>compat4x</filename> distribution has been added
|
|
for compatibility with &os; 4-STABLE.</para>
|
|
|
|
<para>The
|
|
<filename>compat3x</filename> distribution has been updated to
|
|
include libraries present in &os; 3.5.1-RELEASE. &merged;</para>
|
|
|
|
<para>&man.savecore.8; now supports a <option>-k</option> option
|
|
to prevent clearing a crash dump after saving it. It also
|
|
attempts to avoid writing large stretches of zeros to crash dump
|
|
files to save space and time. &merged;</para>
|
|
|
|
<para>&man.savecore.8; now works correctly on machines with 2 GB
|
|
or more of RAM. &merged;</para>
|
|
|
|
<para>&man.tar.1; now supports the <varname>TAR_RSH</varname>
|
|
variable, principally to enable the use of &man.ssh.1; as a
|
|
transport. &merged;</para>
|
|
|
|
<para>&man.disklabel.8; now supports partition sizes expressed in
|
|
kilobytes, megabytes, or gigabytes, in addition to sectors. &merged;</para>
|
|
|
|
<para>The pseudo-random number generator implemented by
|
|
&man.rand.3; has been improved to provide less biased results.</para>
|
|
|
|
<para>&man.login.1; now exports environment variables set by
|
|
<application>PAM</application> modules. &merged;</para>
|
|
|
|
<para><application>PAM</application> support has been added for
|
|
account management and sessions.</para>
|
|
|
|
<para>&man.su.1; now uses <application>PAM</application> for
|
|
authentication.</para>
|
|
|
|
<para>&man.wall.1; now supports a <option>-g</option> flag to
|
|
write a message to all users of a given group.</para>
|
|
|
|
<para>The new <varname>CPUTYPE</varname>
|
|
<filename>make.conf</filename> variable controls the compilation
|
|
of processor-specific optimizations in various pieces of code such
|
|
as <application>OpenSSL</application>. &merged;</para>
|
|
|
|
<para>The default value for &man.cvs.1;'s
|
|
<varname>CVS_RSH</varname> variable is now <literal>ssh</literal>,
|
|
rather than <literal>rsh</literal>. &merged;</para>
|
|
|
|
<para>&man.ipfstat.8; now supports the <option>-t</option> option
|
|
to turn on a &man.top.1;-like display. &merged;</para>
|
|
|
|
<para><filename>/usr/src/share/examples/BSD_daemon/</filename> now
|
|
contains a scalable Beastie graphic. &merged;</para>
|
|
|
|
<para>&man.dump.8; now supports inheritance of the
|
|
<literal>nodump</literal> flag down a hierarchy. &merged;</para>
|
|
|
|
<para>The <option>-T</option> to &man.dump.8; no longer swallows
|
|
an extra argument. &merged;</para>
|
|
|
|
<para>&man.dump.8; has a new <option>-D</option> option, allowing
|
|
the path to the <filename>/etc/dumpdates</filename> file to be
|
|
changed. &merged;</para>
|
|
|
|
<para>&man.split.1; now has the ability to split a file longer
|
|
than 2GB. &merged;</para>
|
|
|
|
<para>&man.tail.1; now has the ability to work on files longer
|
|
than 2GB. &merged;</para>
|
|
|
|
<para>&man.units.1; has received some updates and bugfixes. &merged;</para>
|
|
|
|
<para>As part of an ongoing process, many manual pages were
|
|
improved, both in terms of their formatting markup and in their
|
|
content. &merged;</para>
|
|
|
|
<para><command>lprm -</command> now works for remote printer
|
|
queues. &merged;</para>
|
|
|
|
<para>&man.ftpd.8; now supports a <option>-r</option> flag for
|
|
read-only mode and a <option>-E</option> flag to disable
|
|
<literal>EPSV</literal>. It also has some fixes to reduce
|
|
information leakage and the ability to specify compile-time port
|
|
ranges. &merged;</para>
|
|
|
|
<para>&man.ping.8; now supports a <option>-m</option> option to
|
|
set the TTL of outgoing packets. &merged;</para>
|
|
|
|
<para>&man.ping.8; now supports a <option>-A</option> option to
|
|
beep when packets are lost.</para>
|
|
|
|
<para>A version of Transport Independent RPC
|
|
(<application>TI-RPC</application>) has been imported.</para>
|
|
|
|
<para>&man.rpcbind.8; has replaced &man.portmap.8;.</para>
|
|
|
|
<para>NFS now works over IPv6.</para>
|
|
|
|
<para>&man.rpc.lockd.8; has been imported from NetBSD.</para>
|
|
|
|
<para>&man.rc.8; now has an framework for handling dependencies between
|
|
&man.rc.conf.5; variables. &merged;</para>
|
|
|
|
<para>&man.rc.8; now deletes all non-directory files in
|
|
<filename>/var/run</filename> and
|
|
<filename>/var/spool/lock</filename> at boot time.</para>
|
|
|
|
<para>The &man.setfacl.1; and &man.getfacl.1; commands have been
|
|
added to manage file system Access Control Lists.</para>
|
|
|
|
<para>The default TCP port range used by
|
|
<filename>libfetch</filename> for passive FTP retrievals has
|
|
changed; this affects the behavior of &man.fetch.1;, which has
|
|
gained the <option>-U</option> option to restore the old
|
|
behavior. &merged;</para>
|
|
|
|
<para><filename>libfetch</filename> now has support for an
|
|
authentication callback.</para>
|
|
|
|
<para><filename>libfetch</filename> now has support for a
|
|
<varname>HTTP_USER_AGENT</varname> environment variable. &merged;</para>
|
|
|
|
<para>&man.atacontrol.8; has been added to control various aspects
|
|
of the &man.ata.4; driver.</para>
|
|
|
|
<para><filename>libcrypt</filename> now has support for Blowfish
|
|
password hashing. &merged;</para>
|
|
|
|
<para>The functions from <filename>libposix1e</filename> have been
|
|
integrated into <filename>libc</filename>.</para>
|
|
|
|
<para>&man.vidcontrol.1; now allows the user to omit the font size
|
|
specification when loading a font, and has some better
|
|
error-handling. &merged;</para>
|
|
|
|
<para>&man.vidcontrol.1; now supports a <option>-p</option> to
|
|
take a snapshot of a &man.syscons.4; video buffer. These
|
|
snapshots can be manipulated by some of the
|
|
<filename>scr2*</filename> utilities in the Ports
|
|
Collection. &merged;</para>
|
|
|
|
<para>&man.vidcontrol.1; now supports a <option>-C</option> option
|
|
to clear the history buffer for a given tty. &merged;</para>
|
|
|
|
<para>devinfo, a simple tool to print the device tree and resource usage by
|
|
devices, has been added.</para>
|
|
|
|
<para>&man.fmtcheck.3;, a function for checking consistency of
|
|
format string arguments, has been added.</para>
|
|
|
|
<para>&man.nl.1;, a line numbering filter program, has been added.</para>
|
|
|
|
<para>&man.c89.1; has been converted from a shell script to a
|
|
binary executable, fixing some minor bugs. &merged;</para>
|
|
|
|
<para>&man.pax.1; has received a number of enhancements, including
|
|
&man.cpio.1; functionality, &man.tar.1; compatability
|
|
enhancements, <option>-z</option> and <option>-Z</option> flags
|
|
for &man.gzip.1; and &man.compress.1; functionality, and a number
|
|
of bug fixes.</para>
|
|
|
|
<para>Ukranian language support has been added to the &os;
|
|
console. &merged;</para>
|
|
|
|
<para>The performance of the ELF dynamic linker &man.rtld.1; has
|
|
been improved. &merged;</para>
|
|
|
|
<para>&man.fdread.1;, a program to read data from floppy disks,
|
|
has been added. It is a counterpart to &man.fdwrite.1; and is
|
|
designed to provide a means of recovering at least some data from
|
|
bad media, and to obviate for a complex invocation of
|
|
&man.dd.1;.</para>
|
|
|
|
<para>&man.xargs.1; now supports a <option>-J</option>
|
|
<replaceable>replstr</replaceable> option that allows the user to
|
|
tell &man.xargs.1; to insert the data read from standard input at
|
|
a specific point in the command line arguments rather than at the
|
|
end.</para>
|
|
|
|
<para>&man.apmd.8; now supports monitoring of the battery state via the
|
|
<literal>apm_battery</literal> configuration directive.</para>
|
|
|
|
<para>&man.telnet.1; now does autologin and encryption by default;
|
|
a new <option>-y</option> option turns off encryption.</para>
|
|
|
|
<para>&man.telnet.1; now supports a <option>-u</option> flag to
|
|
allow connections to UNIX-domain (<literal>AF_UNIX</literal>)
|
|
sockets. &merged;</para>
|
|
|
|
<para>The default stripe size in &man.vinum.8; has been changed
|
|
from 256KB to 279KB, to spread out superblocks more evenly between
|
|
stripes.</para>
|
|
|
|
<para>&man.chown.8; now correctly follows symbolic links named as
|
|
command line arguments if run without <option>-R</option>.</para>
|
|
|
|
<para>&man.chown.8; no longer takes <literal>.</literal> as a
|
|
user/group delimeter. This change was made to support usernames
|
|
containing a <literal>.</literal>.</para>
|
|
|
|
<para>&man.chmod.1; now supports a <option>-h</option> for
|
|
changing the mode of a symbolic link.</para>
|
|
|
|
<para>&man.install.1; has a number of new features, including the
|
|
<option>-b</option> and <option>-B</option> options for backing up
|
|
existing target files and the <option>-S</option> option for
|
|
<quote>safe</quote> (atomic copy) operation. The
|
|
<option>-c</option> (copy) flag is now the default, and the
|
|
<option>-D</option> (debugging) flag has been withdrawn.
|
|
&man.install.1; now issues a warning if <option>-d</option>
|
|
(create directories) and <option>-C</option> (copy changed files
|
|
only) are used together. &merged;</para>
|
|
|
|
<para>&man.whois.1; now directs queries for IP addresses to
|
|
ARIN. &merged; If a query to ARIN references APNIC or RIPE, the
|
|
appropriate server will also be queried, provided that the
|
|
<option>-Q</option> is not specified.</para>
|
|
|
|
<para>A new utility &man.diskcheckd.8; has been added; it is a
|
|
daemon which runs in the background, reading entire disks to find
|
|
any read errors on those disks. Its behavior at startup time can
|
|
be controlled by the <varname>diskcheckd_enable</varname> variable
|
|
in &man.rc.conf.5;.</para>
|
|
|
|
<para>&man.fmt.1; has been rewritten; the rewrite fixes a number
|
|
of bugs compared to its prior behavior.</para>
|
|
|
|
<para>&man.df.1; now takes a <option>-l</option> option to only
|
|
display information about locally-mounted filesystems. &merged;</para>
|
|
|
|
<para>The syntax of &man.inetd.8;'s support for &man.faithd.8; is
|
|
now compatable with that of other BSDs. &merged;</para>
|
|
|
|
<para>The <literal>ident</literal> protocol support in &man.inetd.8; has
|
|
been cleaned up and updated. &merged;</para>
|
|
|
|
<para>&man.inetd.8; now has the ability to manage UNIX-domain
|
|
sockets. &merged;</para>
|
|
|
|
<para>&man.du.1; now takes a <option>-I</option> command-line flag
|
|
to ignore/skip files and subdirectories matching a specified
|
|
shell-glob mask. &merged;</para>
|
|
|
|
<para>The &man.resolver.3; in &os; now implements EDNS0 support,
|
|
which will be necessary when working with IPv6 transport-ready
|
|
resolvers/DNS servers. &merged;</para>
|
|
|
|
<para>&man.col.1; now takes a <option>-p</option> to force unknown
|
|
control sequences to be passed through unchanged.</para>
|
|
|
|
<para>The &man.mdmfs.8; command has been added; it is a wrapper
|
|
around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and
|
|
&man.mount.8; that mimics the command line option set of the
|
|
deprecated &man.mount.mfs.8;.</para>
|
|
|
|
<para>The &man.getprogname.3; and &man.setprogname.3; library
|
|
functions have been added to manipulate the name of the current
|
|
program. They are used by error-reporting routines to produce
|
|
consistent output. &merged;</para>
|
|
|
|
<para>The &man.kldconfig.8; utility has been added to make it easier to
|
|
manipulate the kernel module search path.</para>
|
|
|
|
<para>&man.moused.8; now takes a <option>-a</option> to control
|
|
mouse acceleration.</para>
|
|
|
|
<para arch="i386">&man.fdisk.8; no longer attempts to search for
|
|
a device if none has been specified on the command line, but
|
|
instead tries to figure out the default device name from the
|
|
root device.</para>
|
|
|
|
<para>&man.mail.1; now takes a <option>-E</option> flag to avoid
|
|
sending messages with empty bodies. &merged;</para>
|
|
|
|
<para>&man.route.8; is now more verbose when changing indirect
|
|
routes, in the case of a gateway route that is the same route as
|
|
the one being modified.</para>
|
|
|
|
<para>&man.route.8; now uses
|
|
<literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal>
|
|
syntax instead of
|
|
<literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal>
|
|
syntax, for compatability with &man.netstat.1;.</para>
|
|
|
|
<para>&man.route.8; can now create <quote>proxy only</quote>
|
|
published ARP entries.</para>
|
|
|
|
<sect3>
|
|
<title>Contributed Software</title>
|
|
|
|
<para><application>bc</application> has been updated from 1.04 to
|
|
1.06. &merged;</para>
|
|
|
|
<para>The ISC library from the <application>BIND</application>
|
|
distribution is now built as
|
|
<filename>libisc</filename>. &merged;</para>
|
|
|
|
<para><application>BIND</application> is now built with the
|
|
<literal>NOADDITIONAL</literal> flag, which causes &man.named.8;
|
|
to operate in a more consistent fashion for certain common
|
|
misconfigurations. &merged;</para>
|
|
|
|
<para><application>BIND</application> has been updated to
|
|
8.2.4-REL.</para>
|
|
|
|
<para><application>Binutils</application> have been upgraded to
|
|
2.11.2. &merged;</para>
|
|
|
|
<para><application>bzip2</application> 1.0.1 has been imported; this
|
|
brings the &man.bzip2.1; program and the <filename>libbz2</filename>
|
|
library to the base system. &merged;</para>
|
|
|
|
<para><application>cvs</application> has been updated to
|
|
1.11. &merged;</para>
|
|
|
|
<para>The &man.ee.1; <application>Easy Editor</application> has
|
|
been updated to 1.4.2. &merged;</para>
|
|
|
|
<para><application>file</application> has been updated to 3.36.</para>
|
|
|
|
<para>&man.awk.1;, in the form of
|
|
<application>gawk</application>, has been upgraded from 3.0.4 to 3.0.6.
|
|
This fixes a number of non-critical bugs and includes a few
|
|
performance tweaks. &merged;</para>
|
|
|
|
<para><application>gcc</application> has been updated to 2.95.3. &merged;</para>
|
|
|
|
<para>&man.gcc.1; now uses a unified <filename>libgcc</filename>
|
|
rather than a separate one for threaded and non-threaded programs.
|
|
<filename>/usr/lib/libgcc_r.a</filename> can be removed.
|
|
&merged;</para>
|
|
|
|
<para>&man.gcc.1; now supports the environment variable
|
|
<varname>GCC_OPTIONS</varname>, which can hold a set of default
|
|
options for <application>GCC</application>. &merged;</para>
|
|
|
|
<para><application>GNATS</application> has been updated to
|
|
3.113. &merged;</para>
|
|
|
|
<para><application>gperf</application> has been updated to 2.7.2.</para>
|
|
|
|
<para><application>groff</application> and its related utilities
|
|
have been updated to FSF version 1.17.2. This import brings in a
|
|
new &man.mdoc.7; macro package (sometimes referred to as
|
|
<literal>mdocNG</literal>), which removes many of the
|
|
limitations of its predecessor. &merged;</para>
|
|
|
|
<para><application>Heimdal</application> has been updated to
|
|
0.3f.</para>
|
|
|
|
<para>The <application>ISC DHCP</application> client has been
|
|
updated to 2.0pl5. &merged;</para>
|
|
|
|
<para><application>Kerberos IV</application> has been updated to
|
|
1.0.5. &merged;</para>
|
|
|
|
<para>The &man.more.1; command has been replaced by &man.less.1;,
|
|
although it can still be run as
|
|
<command>more</command>. <application>less</application> has
|
|
been imported at 3.5.8. &merged;</para>
|
|
|
|
<para><application>libpcap</application> has been updated to
|
|
0.6.2. &merged;</para>
|
|
|
|
<para><application>libreadline</application> has been upgraded to
|
|
4.2.</para>
|
|
|
|
<para><application>Linux-PAM</application> has been updated to
|
|
0.75. &merged;</para>
|
|
|
|
<para>A number of new <application>Linux-PAM</application> modules
|
|
have been added, including: <filename>pam_ftp</filename>,
|
|
<filename>pam_krb5</filename>,
|
|
<filename>pam_nologin</filename>,
|
|
<filename>pam_rootok</filename>,
|
|
<filename>pam_securetty</filename>,
|
|
<filename>pam_wheel</filename>.</para>
|
|
|
|
<para><application>ncurses</application> has been updated to
|
|
5.2-20010512.</para>
|
|
|
|
<para>The <application>OPIE</application> one-time-password suite
|
|
has been updated to 2.32. &merged; It has completely replaced
|
|
the functionality of <application>S/Key</application>.</para>
|
|
|
|
<para><application>Perl</application> has been updated to version
|
|
5.6.0.</para>
|
|
|
|
<para>&man.routed.8; has been updated to version 2.22. &merged;</para>
|
|
|
|
<para><application>tcpdump</application> has been updated to
|
|
3.6.3. &merged;</para>
|
|
|
|
<para>The &man.csh.1; shell has been replaced by &man.tcsh.1;,
|
|
although it can still be run as <command>csh</command>.
|
|
<application>tcsh</application> has been updated to version
|
|
6.10. &merged;</para>
|
|
|
|
<para>&man.traceroute.8; now takes its default maximum TTL value
|
|
from the <varname>net.inet.ip.ttl</varname> sysctl
|
|
variable. &merged;</para>
|
|
|
|
<sect4 id="kame-userland">
|
|
<title>KAME</title>
|
|
|
|
<para>The IPv6 stack is now based on a snapshot based on the KAME
|
|
Project's IPv6 snapshot as of 28 May, 2001. Most of the
|
|
items listed in this section are a result of this import.
|
|
<xref linkend="kame-kernel"> lists kernel updates to the KAME
|
|
IPv6 stack. &merged;</para>
|
|
|
|
<para>&man.faithd.8; now supports a configuration file for
|
|
access control. &merged;</para>
|
|
|
|
<para>&man.ifconfig.8; can now perform the functions of
|
|
&man.gifconfig.8;. &merged;</para>
|
|
|
|
<para>&man.ifconfig.8; can now perform the functions of
|
|
&man.prefix.8;. &man.prefix.8; is now a shell script for
|
|
partial backwards compatability. &merged;</para>
|
|
|
|
<para>&man.ndp.8; now implements garbage collection for stale
|
|
NDP entries, as described in RFC 2461 (Neighbor Discovery for
|
|
IP Version 6 (IPv6)). &merged;</para>
|
|
|
|
<para>&man.pim6dd.8; and &man.pim6sd.8; have been removed due to
|
|
restrictive licensing conditions. These programs are available
|
|
in the ports collection as <filename>net/pim6dd</filename> and
|
|
<filename>net/pim6dd</filename>. &merged;</para>
|
|
|
|
<para>&man.route6d.8; now supports a <option>-n</option> flag
|
|
to avoid updating the kernel forwarding table. &merged;</para>
|
|
|
|
<para>The <option>-R</option> (router renumbering) option to
|
|
&man.rtadvd.8; is currently ignored. &merged;</para>
|
|
</sect4>
|
|
|
|
<sect4>
|
|
<title>OpenSSH</title>
|
|
|
|
<para><application>OpenSSH</application> has been upgraded to
|
|
2.1.0, which provides support for the SSH2 protocol, including DSA
|
|
keys. Therefore, <application>OpenSSH</application> users in the
|
|
US no longer need to rely on the restrictively-licensed
|
|
RSAREF toolkit which is required to
|
|
handle RSA keys. <application>OpenSSH</application> 2.1 interoperates well with other SSH2
|
|
clients and servers, including the <filename>ssh2</filename> port.
|
|
See the <ulink url="http://www.openssh.com/">OpenSSH Web
|
|
site</ulink> for more details. &merged;</para>
|
|
|
|
<para><application>OpenSSH</application> can now authenticate
|
|
using OPIE passwords in SSH1 mode. Support is not yet available
|
|
in SSH2 mode. &merged;</para>
|
|
|
|
<para><application>OpenSSH</application> has been upgraded to
|
|
2.2.0. &man.ssh-add.1; and &man.ssh-agent.1; can now handle DSA
|
|
keys. A server for sftp, interoperable with ssh.com
|
|
clients and others has been added. &man.scp.1; can now handle
|
|
files larger than 2 GBytes. Interoperability with other SSH2
|
|
clients/servers has been improved. A new feature to limit the
|
|
number of outstanding unauthenticated ssh connections in
|
|
&man.sshd.8; has been added. &merged;</para>
|
|
|
|
<para><application>OpenSSH</application> has been upgraded to
|
|
2.3.0. This version adds support for the Rijndael encryption
|
|
algorithm. &merged;</para>
|
|
|
|
<para><application>PAM</application> support for
|
|
<application>OpenSSH</application> has been added.</para>
|
|
|
|
<para>A long-standing bug in <application>OpenSSH</application>,
|
|
which sometimes resulted in a dropped session when an
|
|
X11-forwarded client was closed, was fixed.</para>
|
|
|
|
<para><application>Kerberos</application> compatability has been
|
|
added to <application>OpenSSH</application>. &merged;</para>
|
|
|
|
<para><application>OpenSSH</application> has been modified to be
|
|
more resistant to traffic analysis by requiring that
|
|
<quote>non-echoed</quote> characters are still echoed back in a
|
|
null packet, as well as by padding passwords sent so as not to
|
|
hint at password lengths. &merged;</para>
|
|
|
|
<para>&man.sshd.8; is now enabled by default on new
|
|
installs. &merged;</para>
|
|
|
|
<para>&man.sshd.8; <literal>X11Forwarding</literal> is now turned
|
|
on by default on the server (any risk is to the client, where it
|
|
is already disabled by default).</para>
|
|
|
|
<para>In <filename>/etc/ssh/sshd_config</filename>, the
|
|
<literal>ConnectionsPerPeriod</literal> parameter has been
|
|
deprecated in favor of <literal>MaxStartups</literal>.</para>
|
|
|
|
<para><application>OpenSSH</application> now has a
|
|
<literal>VersionAddendum</literal> configuration setting for
|
|
&man.sshd.8; to allow changing the part of the
|
|
<application>OpenSSH</application> version string after the
|
|
main version number.</para>
|
|
|
|
<para><application>OpenSSH</application> has been updated to
|
|
version 2.9, which adds two new programs, &man.sftp.1; and
|
|
&man.ssh-keyscan.1;. Among the various enhancements: The
|
|
default protocol is now v2, rekeying of existing SSH sessions
|
|
is now supported, and an experimental
|
|
<application>SOCKS4</application> proxy has been added to
|
|
&man.ssh.1;.</para>
|
|
</sect4>
|
|
|
|
<sect4>
|
|
<title>OpenSSL</title>
|
|
|
|
<para><application>OpenSSL</application> has been upgraded to
|
|
0.9.6b.</para>
|
|
|
|
<para><application>OpenSSL</application> now has support for
|
|
machine-dependent ASM optimizations, activated by the new
|
|
<varname>MACHINE_CPU</varname> and/or <varname>CPUTYPE</varname>
|
|
<filename>make.conf</filename> variables. &merged;</para>
|
|
</sect4>
|
|
|
|
<sect4>
|
|
<title>sendmail</title>
|
|
|
|
<para><application>sendmail</application> has been upgraded from
|
|
version 8.9.3 to version 8.11.5. Important changes include: new
|
|
default file locations (see
|
|
<filename>/usr/src/contrib/sendmail/cf/README</filename>);
|
|
&man.newaliases.1; is limited to <username>root</username> and
|
|
trusted users; STARTTLS encryption; and the MSA port (587) is
|
|
turned on by default. See
|
|
<filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> for
|
|
more information. &merged;</para>
|
|
|
|
<para>&man.mail.local.8; is no longer installed as a SUID binary.
|
|
If you are using a <filename>/etc/mail/sendmail.cf</filename> from
|
|
the default <filename>sendmail.cf</filename> included with &os;
|
|
any time after 3.1.0, you are fine. If you are using a
|
|
hand-configured <filename>sendmail.cf</filename> and
|
|
<command>mail.local</command> for delivery, check to make sure the
|
|
<literal>F=S</literal> flag is set on the
|
|
<literal>Mlocal</literal> line. Those with
|
|
<filename>.mc</filename> files who need to add the flag can do so
|
|
by adding the following line to their <filename>.mc</filename>
|
|
file and regenerating the <filename>sendmail.cf</filename>
|
|
file:</para>
|
|
|
|
<programlisting>MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting>
|
|
|
|
<para>Note that <literal>FEATURE(`local_lmtp')</literal> already
|
|
does this. &merged;</para>
|
|
|
|
<para>The default <filename>/etc/mail/sendmail.cf</filename>
|
|
disables the SMTP <literal>EXPN</literal> and
|
|
<literal>VRFY</literal> commands. &merged;</para>
|
|
|
|
<para>&man.vacation.1; has been updated to use the version included with
|
|
<application>sendmail</application>. &merged;</para>
|
|
|
|
<para>The <application>sendmail</application> configuration
|
|
building tools are installed in
|
|
<filename>/usr/share/sendmail/cf/</filename>. &merged;</para>
|
|
|
|
<para>New <filename>make.conf</filename> options:
|
|
<varname>SENDMAIL_MC</varname> and
|
|
<varname>SENDMAIL_ADDITIONAL_MC</varname>. See
|
|
<filename>/etc/defaults/make.conf</filename> for more
|
|
information. &merged;</para>
|
|
|
|
<para><filename>/etc/mail/Makefile</filename> now supports: the
|
|
new <varname>SENDMAIL_MC</varname> <filename>make.conf</filename>
|
|
option; the ability to build <filename>.cf</filename> files from
|
|
<filename>.mc</filename> files; generalized map rebuilding;
|
|
rebuilding the aliases file; and the ability to stop, start, and
|
|
restart <application>sendmail</application>. &merged;</para>
|
|
</sect4>
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Ports/Packages Collection</title>
|
|
|
|
<para>Version numbers of installed packages have a new
|
|
(backward-compatible) syntax, which supports the
|
|
<varname>PORTREVISION</varname> and <varname>PORTEPOCH</varname>
|
|
variables in Ports Collection <filename>Makefile</filename>s.
|
|
These changes help keep track of changes in the ports collection
|
|
entries such as security patches or &os;-specific updates, which
|
|
aren't reflected in the original, third-party software
|
|
distributions. &man.pkg.version.1; can now compare these
|
|
new-style version numbers. &merged;</para>
|
|
|
|
<para>To improve performance and disk utilization, the <quote>ports
|
|
skeletons</quote> in the FreeBSD Ports Collection have been restructured.
|
|
Installed ports and packages should not be affected. &merged;</para>
|
|
|
|
<para>All packages and ports now contain an <quote>origin</quote>
|
|
directive, which makes it easier for programs such as
|
|
&man.pkg.version.1; to determine the directory from which a
|
|
package was built. &merged;</para>
|
|
|
|
<para>&man.pkg.update.1;, a utility to update installed packages
|
|
and update their dependencies, has been added. &merged;</para>
|
|
|
|
<para>&man.pkg.info.1; now supports globbing against names of
|
|
installed packages. The <option>-G</option> option disables this
|
|
behavior, and the <option>-x</option> option causes regular
|
|
expression matching instead of shell globbing. &merged;</para>
|
|
|
|
<para>&man.pkg.info.1; can now accept a <option>-g</option> flag for
|
|
verifying an installed package against its recorded checksums (to
|
|
see if it's been modified post-installation). Naturally, this
|
|
mechanism is only as secure as the contents of
|
|
<filename>/var/db/pkg</filename> if it's to be used for auditing
|
|
purposes. &merged;</para>
|
|
|
|
<para>&man.pkg.create.1; and &man.pkg.add.1; can now work with
|
|
packages that have been compressed using
|
|
&man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT
|
|
environment variable to determine a mirror site for new
|
|
packages. &merged;</para>
|
|
|
|
<para>&man.pkg.create.1; now records dependencies in dependency
|
|
order rather than in the order specified on the command line.
|
|
This improves the functioning of <command>pkg_add
|
|
-r</command>. &merged;</para>
|
|
|
|
<para>&man.pkg.version.1; now has a version number comparison
|
|
routine that corresponds to the Porters Handbook. It also has a
|
|
<option>-t</option> option for testing address comparisons.
|
|
&merged;</para>
|
|
|
|
<para>&man.pkg.version.1; now takes a <option>-s</option> flag
|
|
to limit its operation to ports/packages matching a given
|
|
string. &merged;</para>
|
|
|
|
<para>When requested to delete multiple packages,
|
|
&man.pkg.delete.1; will now attempt to remove them in dependency
|
|
order rather than the order specified on the command
|
|
line. &merged;</para>
|
|
|
|
<para>&man.pkg.delete.1; now can perform glob/regexp matching of
|
|
package names. In addition, it supports a <option>-a</option>
|
|
option for removing all packages and a <option>-i</option> option
|
|
for &man.rm.1;-style interactive confirmation. &merged;</para>
|
|
|
|
<para>&man.pkg.sign.1; and &man.pkg.check.1; have been added to
|
|
digitally sign and verify the signatures on binary package
|
|
files. &merged;</para>
|
|
|
|
<para><application>BSDPAN</application>, a collection of modules
|
|
that provides tighter integration of
|
|
<application>Perl</application> into the &os; Ports
|
|
Collection, has been added.</para>
|
|
</sect3>
|
|
</sect2>
|
|
</sect1>
|