3266 lines
138 KiB
Plaintext
3266 lines
138 KiB
Plaintext
<articleinfo>
|
|
<title>&os;/&arch; &release.current; Release Notes</title>
|
|
|
|
<corpauthor>The FreeBSD Project</corpauthor>
|
|
|
|
<pubdate>$FreeBSD$</pubdate>
|
|
|
|
<copyright>
|
|
<year>2000</year>
|
|
<year>2001</year>
|
|
<year>2002</year>
|
|
<holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
|
|
</copyright>
|
|
|
|
<abstract>
|
|
<para>The release notes for &os; &release.current; contain a summary
|
|
of the changes made in the &os; base system since &release.prev;.
|
|
Both changes for kernel and userland are listed, as well as
|
|
applicable security advisories that were issued since the last
|
|
release. Some brief remarks on upgrading are also presented.</para>
|
|
</abstract>
|
|
</articleinfo>
|
|
|
|
<sect1>
|
|
<title>Introduction</title>
|
|
|
|
<para>This document contains the release notes for &os;
|
|
&release.current; on the &arch.print; hardware platform. It
|
|
describes new features of &os; that have been added (or changed)
|
|
since &release.prev;. It also provides some notes on upgrading
|
|
from previous versions of &os;.</para>
|
|
|
|
<![ %release.type.snapshot [
|
|
|
|
<para>The &release.type; distribution to which these release notes
|
|
apply represents a point along the &release.branch; development
|
|
branch between &release.prev; and the future &release.next;. Some
|
|
pre-built, binary &release.type; distributions along this branch
|
|
can be found at <ulink url="&release.url;"></ulink>.</para>
|
|
|
|
]]>
|
|
|
|
<![ %release.type.release [
|
|
|
|
<para>This distribution of &os; &release.current; is a
|
|
&release.type; distribution. It can be found at <ulink
|
|
url="&release.url;"></ulink> or any of its mirrors. More
|
|
information on obtaining this (or other) &release.type;
|
|
distributions of &os; can be found in the <ulink
|
|
url="http://www.FreeBSD.org/handbook/mirrors.html"><quote>Obtaining
|
|
FreeBSD</quote> appendix</ulink> to the <ulink
|
|
url="http://www.FreeBSD.org/handbook/">FreeBSD
|
|
Handbook</ulink>.</para>
|
|
|
|
]]>
|
|
</sect1>
|
|
|
|
<sect1>
|
|
<title>What's New</title>
|
|
|
|
<para>This section describes the most user-visible new or changed
|
|
features in &os; since &release.prev;. Typical release note items
|
|
document new drivers or hardware support, new commands or options,
|
|
major bugfixes, or contributed software upgrades. Security
|
|
advisories issued after &release.prev; are also listed. In
|
|
general, changes described here are unique to the &release.branch;
|
|
branch unless specifically marked as &merged; features.</para>
|
|
|
|
<para>Many additional changes were made to &os; that are not listed
|
|
here for lack of space. For example, documentation was corrected
|
|
and improved, minor bugs were fixed, insecure coding practices
|
|
were audited and corrected, and source code was cleaned up.</para>
|
|
|
|
<sect2 id="kernel">
|
|
<title>Kernel Changes</title>
|
|
|
|
<para arch="i386">The &man.amdpm.4; driver has been added to
|
|
provide access to the system monitoring functions of the AMD 756
|
|
chipset. &merged;</para>
|
|
|
|
<para>The &man.agp.4; driver for AGP devices has been
|
|
added. &merged;</para>
|
|
|
|
<para>A new &man.ddb.4; command <command>show pcpu</command> lists
|
|
some of the per-CPU data.</para>
|
|
|
|
<para>Two new &man.ddb.4; commands, <command>hwatch</command> and
|
|
<command>dhwatch</command>, have been introduced. Analogous to
|
|
<command>watch</command> and <command>dwatch</command>, they
|
|
install hardware watchpoints (as opposed to software
|
|
watchpoints) if supported by the architecture. &merged;</para>
|
|
|
|
<para>&man.devfs.5;, which allows entries in the
|
|
<filename>/dev</filename> directory to be built automatically
|
|
and supports more flexible attachment of devices, has been
|
|
largely reworked. &man.devfs.5; is now enabled by default and
|
|
can be disabled by the <literal>NODEVFS</literal> kernel
|
|
option.</para>
|
|
|
|
<para>The dgm driver has been removed in favor of the digi driver.</para>
|
|
|
|
<para>A new digi driver has been added to support PCI Xr-based and
|
|
ISA Xem Digiboard cards. A new &man.digictl.8; program is
|
|
(mainly) used to re-initialize cards that have external port
|
|
modules attached such as the PC/Xem.</para>
|
|
|
|
<para>An &man.eaccess.2; system call has been added, similar to
|
|
&man.access.2; except that the former uses effective credentials
|
|
rather than real credentials.</para>
|
|
|
|
<para arch="sparc64">Support has been added for EBus-based
|
|
devices.</para>
|
|
|
|
<para arch="i386">The &man.ichsmb.4; driver for the Intel 82801AA
|
|
(ICH) SMBus controller and compatibles has been
|
|
added. &merged;</para>
|
|
|
|
<para>Each &man.jail.2; environment can now run under its own
|
|
securelevel.</para>
|
|
|
|
<para>The tunable sysctl variables for &man.jail.2; have moved
|
|
from <varname>jail.*</varname> to the
|
|
<varname>security.*</varname> hierarchy. Other security-related
|
|
sysctl variables have moved from <varname>kern.security.*</varname> to
|
|
<varname>security.*</varname>.</para>
|
|
|
|
<para>The <varname>kern.maxvnodes</varname> limit now properly
|
|
limits the number of vnodes in use. Previously only vnodes with
|
|
no cached pages could be freed; this could allow the number of
|
|
vnodes to grow without limit on large-memory machines accessing
|
|
many small files. A <literal>vnlru</literal> kernel thread
|
|
helps to flush and reuse vnodes. &merged;</para>
|
|
|
|
<para>The kernel message buffer is now accessible by the
|
|
(machine-independent) <varname>kern.msgbuf</varname> sysctl
|
|
variable; &man.dmesg.8; no longer needs to be SGID
|
|
<groupname>kmem</groupname>. &merged;</para>
|
|
|
|
<para>The &man.kqueue.2; event notification facility was added to
|
|
the &os; kernel. This is a new interface which is able to
|
|
replace &man.poll.2;/&man.select.2;, offering improved
|
|
performance, as well as the ability to report many different
|
|
types of events. Support for monitoring changes in sockets,
|
|
pipes, fifos, and files are present, as well as for signals and
|
|
processes. &merged;</para>
|
|
|
|
<para arch="i386">A new <varname>KVA_SPACE</varname> kernel option
|
|
can be used to reconfigure the size of the kernel virtual
|
|
address space. &merged;</para>
|
|
|
|
<para>The &man.labpc.4; driver has been removed due to
|
|
<quote>bitrot</quote>.</para>
|
|
|
|
<para>The loader and kernel linker now look for files named
|
|
<filename>linker.hints</filename> in each directory with KLDs
|
|
for a module name and version to KLD filename mapping. The new
|
|
&man.kldxref.8; utility is used to generate these files.</para>
|
|
|
|
<para>Linux emulation now supports the kernel functionality
|
|
required by the
|
|
<filename role="package">emulators/linux_base-7</filename>
|
|
(RedHat 7.X emulation) port. &merged;</para>
|
|
|
|
<para>Linux emulation now requires <literal>options
|
|
SYSVSEM</literal> in the kernel configuration. &merged;</para>
|
|
|
|
<para>&man.lomac.4;, a Low-Watermark Mandatory Access Control
|
|
security facility, has been added as a kernel module. It
|
|
provides a drop-in security mechanism in addition to the
|
|
traditional UID-based security facilities, requiring no
|
|
additional configuration from the administrator. Work on this
|
|
feature was sponsored by DARPA and NAI Labs.</para>
|
|
|
|
<para>The <varname>maxusers</varname> kernel configuration
|
|
parameter is now a boot-time tunable variable. The kernel
|
|
parameters derived from <varname>maxusers</varname> are now also
|
|
tunables and can be overridden at boot-time. The
|
|
<varname>hz</varname> parameter is also now a
|
|
tunable. &merged;</para>
|
|
|
|
<para>Specifying a value of <literal>0</literal> for the
|
|
<varname>maxusers</varname> kernel configuration parameter will
|
|
now cause an appropriate value to be calculated at boot-time
|
|
(between 32 and 384, depending on the amount of memory present).
|
|
This value is now the default for all
|
|
<filename>GENERIC</filename> kernels. &merged;</para>
|
|
|
|
<para arch="alpha">A <varname>MAXMEM</varname> kernel option,
|
|
along with the <varname>hw.physmem</varname> loader tunable, can
|
|
be used to artificially reduce the memory size of a machine for
|
|
testing (or other purposes). &merged;</para>
|
|
|
|
<para>The kernel configuration parameters
|
|
<varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>,
|
|
<varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>,
|
|
<varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are
|
|
all loader tunables (<varname>kern.maxtsiz</varname>,
|
|
<varname>kern.maxdfldsiz</varname>, etc.). &merged;</para>
|
|
|
|
<para arch="i386">The <literal>NCPU</literal>, <literal>NAPIC</literal>,
|
|
<literal>NBUS</literal>, and <literal>NINTR</literal> kernel
|
|
configuration options, for configuring SMP kernels, have been
|
|
removed. <literal>NCPU</literal> is now set to a maximum of 16,
|
|
and the other, aforementioned options are now
|
|
dynamic. &merged;</para>
|
|
|
|
<para>A &man.nmdm.4; null-modem terminal driver has been added.
|
|
&merged;</para>
|
|
|
|
<para>The <literal>O_DIRECT</literal> flag has been added to
|
|
&man.open.2; and &man.fcntl.2;. Specifying this flag for open
|
|
files will attempt to minimize the cache effects of reading and
|
|
writing. &merged;</para>
|
|
|
|
<para>An &man.orm.4; device has been added to claim the option
|
|
ROMs in the ISA memory I/O space, to prevent other drivers from
|
|
mistakenly assigning addresses that conflict with these
|
|
ROMs. &merged;</para>
|
|
|
|
<para arch="i386">PECOFF (Win32 Execution file format) support has
|
|
been added.</para>
|
|
|
|
<para arch="i386">The pmc driver, which supports the power
|
|
management controller of the NEC PC-98NOTE, has been
|
|
added. &merged;</para>
|
|
|
|
<para>POSIX.1b Shared Memory Objects are now supported. The
|
|
implementation uses regular files, but automatically enables the
|
|
MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para>
|
|
|
|
<para>Replaced the <literal>PQ_*CACHE</literal> options with a
|
|
single <literal>PQ_CACHESIZE</literal> option to be set to the
|
|
cache size in kilobytes. The old options are still supported
|
|
for backwards compatibility. &merged;</para>
|
|
|
|
<para arch="i386">The &man.puc.4; (PCI <quote>Universal</quote>
|
|
Communications) driver has been added, to help connect PCI-based
|
|
serial ports to the &man.sio.4; driver. &merged;</para>
|
|
|
|
<para>The &man.random.4; device has been rewritten to use the
|
|
<application>Yarrow</application> algorithm. It harvests
|
|
entropy from a variety of interrupt sources, including the
|
|
console devices, Ethernet and point-to-point network interfaces,
|
|
and mass-storage devices. Entropy from the &man.random.4;
|
|
device is now periodically saved to files in
|
|
<filename>/var/db/entropy</filename>, as well as at shutdown
|
|
time. The semantics of <filename>/dev/random</filename> have
|
|
changed; it never blocks waiting for entropy bits but generates
|
|
a stream of pseudo-random data and now behaves exactly as
|
|
<filename>/dev/urandom</filename>.</para>
|
|
|
|
<para>A new kernel option, <literal>options REGRESSION</literal>,
|
|
enables interfaces and functionality intended for use during
|
|
correctness and regression testing.</para>
|
|
|
|
<para arch="sparc64">Support has been added for SBus-based
|
|
devices.</para>
|
|
|
|
<para>The &man.snp.4; device is no longer static and can now be
|
|
compiled as a module. &merged;</para>
|
|
|
|
<para arch="i386">The &man.spic.4; driver, which provides access
|
|
to the jog dial device on some Sony laptops, has been
|
|
added.</para>
|
|
|
|
<para>The &man.syscons.4; driver now supports keyboard-controlled
|
|
pasting, by default bound to
|
|
<keycap>Shift</keycap>-<keycap>Insert</keycap>.</para>
|
|
|
|
<para>Support for USB devices was added to the
|
|
<filename>GENERIC</filename> kernel and to the installation
|
|
programs to support USB devices out of the box. Note that SRM
|
|
does not support USB devices at the moment, so you must still
|
|
use an AT keyboard if you are not using a serial
|
|
console. &merged;</para>
|
|
|
|
<para arch="i386">The umodem driver for USB modems has been added.
|
|
Support is provided for the 3Com 5605 and Metricom Ricochet GS
|
|
wireless USB modems. &merged;</para>
|
|
|
|
<para arch="i386">The &man.uscanner.4; driver for basic USB
|
|
scanner support using SANE has been added. See <ulink
|
|
url="http://www.mostang.com/sane/">the SANE home page</ulink>
|
|
for supported scanners. The HP ScanJet 4100C, 5200C and 6300C
|
|
are known to be working. &merged;</para>
|
|
|
|
<para>The <literal>USER_LDT</literal> kernel option is now
|
|
activated by default.</para>
|
|
|
|
<para>A VESA S3 linear framebuffer driver has been added.</para>
|
|
|
|
<!-- Above this line, sort kernel changes by manpage/keyword-->
|
|
|
|
<para>Write combining for crashdumps has been implemented. This
|
|
feature is useful when write caching is disabled on both SCSI
|
|
and IDE disks, where large memory dumps could take up to an hour
|
|
to complete. &merged;</para>
|
|
|
|
<para>Extremely large swap areas (>67 GB) no longer panic the
|
|
system.</para>
|
|
|
|
<para arch="alpha">Support for threads under Linux emulation has
|
|
been added.</para>
|
|
|
|
<para>The <maketarget>buildkernel</maketarget> target now gets the
|
|
name of the configuration(s) to build from the
|
|
<varname>KERNCONF</varname> variable, not
|
|
<varname>KERNEL</varname>. It is no longer required, in some
|
|
cases, for a <maketarget>buildworld</maketarget> to precede a
|
|
<maketarget>buildkernel</maketarget>. (The
|
|
<maketarget>buildworld</maketarget> is still required when
|
|
upgrading across major releases, across
|
|
<application>binutil</application> updates and when
|
|
&man.config.8; changes version.) &merged;</para>
|
|
|
|
<para>The out-of-swap process termination code now begins killing
|
|
processes earlier to avoid deadlocks; it now also takes into
|
|
account the swap space used by processes when computing the
|
|
process sizes. &merged;</para>
|
|
|
|
<para>Linker sets are now self-contained; &man.gensetdefs.8; is
|
|
unnecessary and has been removed.</para>
|
|
|
|
<para>Network device cloning has been implemented, and the
|
|
&man.gif.4; device has been modified to take advantage of it.
|
|
Thus, instead of specifying how many &man.gif.4; interfaces are
|
|
available in kernel configuration files, &man.ifconfig.8;'s
|
|
<option>create</option> option should be used when another device
|
|
instance is desired. &merged;</para>
|
|
|
|
<para>It is now possible to hardwire kernel environment variables
|
|
(such as tuneables) at compile-time using &man.config.8;'s
|
|
<literal>ENV</literal> directive.</para>
|
|
|
|
<para>Idle zeroing of pages can be enabled with the
|
|
<varname>vm.idlezero_enable</varname> sysctl variable.</para>
|
|
|
|
<para arch="i386">The load addresses of kernels are now exported
|
|
to the symbol table and various hard-coded constants have been
|
|
removed so that utilities such as &man.ps.1; can work with
|
|
kernels compiled at different addresses. &merged;</para>
|
|
|
|
<para>Coredumps of large processes (or of a large number of
|
|
processes) no longer lock up the machine for long periods of
|
|
time. &merged;</para>
|
|
|
|
<para>The Kernel-Scheduled Entity project has made changes to the
|
|
kernel scheduler to more efficiently handle multi-threaded
|
|
programs.</para>
|
|
|
|
<para>The kernel now has support for multiple low-level console
|
|
devices. The new &man.conscontrol.8; utility helps to manage
|
|
the different consoles.</para>
|
|
|
|
<para arch="alpha">The console driver has gained support for
|
|
TGA-based display adapters.</para>
|
|
|
|
<para>The kernel on the installation CDs is now separated from the
|
|
<filename>mfsroot</filename> image. This permits the use of a
|
|
full kernel when installing from CD on machines that support CD
|
|
booting (instead of the stripped-down kernel used on
|
|
floppies). &merged;</para>
|
|
|
|
<para>The system load average computation now adds some jitter to
|
|
the timing of samples, in order to avoid synchronization with
|
|
processes that run periodically. &merged;</para>
|
|
|
|
<para>If a debugging kernel with modules is being built
|
|
(i.e. using <literal>makeoptions DEBUG=-g</literal>), the
|
|
modules will now be built with debugging support as well, for
|
|
completeness. A side effect of this change is that modules
|
|
built and installed with debugging kernels will now occupy more
|
|
space on disk than they did previously. &merged;</para>
|
|
|
|
<para>The kernel dump device can now be set via the
|
|
<varname>dumpdev</varname> loader tunable. As a result, it is
|
|
now possible to obtain crash dumps from panics during the late
|
|
stages of kernel initialization (before the system enters into
|
|
single-user mode). &merged;</para>
|
|
|
|
<para>The kernel memory allocator is now a slab memory allocator,
|
|
similar to that used in Solaris. This is a SMP-safe memory
|
|
allocator that has near-linear performance as the number of CPUs
|
|
increases. It also allows for reduced memory
|
|
fragmentation.</para>
|
|
|
|
<sect3>
|
|
<title>Processor/Motherboard Support</title>
|
|
|
|
<para>SMP support has been largely reworked, incorporating code
|
|
from BSD/OS 5.0. One of the main features of SMPng
|
|
(<quote>SMP Next Generation</quote>) is to allow more
|
|
processes to run in kernel, without the need for spin locks
|
|
that can dramatically reduce the efficiency of multiple
|
|
processors. Interrupt handlers now have contexts associated
|
|
with them that allow them to be blocked, which reduces the
|
|
need to lock out interrupts.</para>
|
|
|
|
<para arch="i386">Support for the 80386 processor has been
|
|
removed from the <filename>GENERIC</filename> kernel, as this
|
|
code seriously pessimizes performance on other IA32
|
|
processors.
|
|
The <literal>I386_CPU</literal> kernel option
|
|
to support the 80386 processor is now mutually exclusive with
|
|
support for other IA32 processors; this should slightly
|
|
improve performance on the 80386 due to the elimination of
|
|
runtime processor type checks.
|
|
Custom kernels that will run on the 80386 can
|
|
still be built by changing the cpu options in the kernel
|
|
configuration file to only include
|
|
<literal>I386_CPU</literal>.</para>
|
|
|
|
<para arch="alpha">AlphaServer 1200 (<quote>Tincup</quote>) has
|
|
been tested and works OK. Currently it does not want to boot
|
|
from CD or floppy but a transplanted disk that was installed
|
|
on another Alpha works well. &merged;</para>
|
|
|
|
<para arch="alpha">The API UP1100 mainboard has been verified to
|
|
work.</para>
|
|
|
|
<para arch="alpha">The API CS20 1U high server has been verified
|
|
to work.</para>
|
|
|
|
<para arch="alpha">The DEC3000 series support has been removed
|
|
from the mfsroot floppy image so that it fits on a 1.44 Mbyte
|
|
floppy again. As the DEC3000 is currently only usable diskless
|
|
this should not cause any problems.</para>
|
|
|
|
<para arch="alpha">Support for AlphaServer 2100A
|
|
(<quote>Lynx</quote>) has been added.</para>
|
|
|
|
<para arch="alpha">Kernel code has been added that allows older
|
|
generation Alpha CPUs (EV4 and EV5) to emulate instructions of
|
|
the newer Alpha CPU generations. This enables the use of
|
|
binary-only programs like <application>Adobe Acrobat
|
|
4</application> on EV4 and EV5.</para>
|
|
|
|
<para arch="alpha">SMP support for the Alpha is now operational.</para>
|
|
|
|
<para arch="i386">Detection for new processors, such as the
|
|
FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and
|
|
Transmeta Crusoe LongRun, has been added. &merged;</para>
|
|
|
|
<para arch="alpha">Support for the following hardware has been
|
|
removed from the installation kernel to make it fit on a
|
|
1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine,
|
|
sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595),
|
|
pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS
|
|
900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb
|
|
(Winbond W89C840F).</para>
|
|
|
|
<para arch="i386">Support for Streaming <acronym>SIMD</acronym>
|
|
Extensions (<acronym>SSE</acronym>) has been introduced. The
|
|
<literal>CPU_ENABLE_SSE</literal> kernel option controls
|
|
whether support is compiled into the kernel. &merged;</para>
|
|
|
|
<para arch="i386">The <literal>CPU_ATHLON_SSE_HACK</literal>
|
|
kernel option has been added, which attempts to enable the SSE
|
|
feature bit on newer Athlon CPUs if the BIOS has forgotten to
|
|
enable it.</para>
|
|
|
|
<para arch="sparc64">The UltraSPARC platform is now supported by
|
|
&os;. The following machines are supported to at least some
|
|
degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade
|
|
100. SMP is supported, and has been tested on the
|
|
Ultra 2, Ultra 60, Enterprise 220R, and
|
|
Enterprise 420R.</para>
|
|
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Bootloader Changes</title>
|
|
|
|
<para arch="i386">A new <filename>cdboot</filename> bootstrap
|
|
utility for CDROMs provides better compatability with some
|
|
BIOS implementations that do not completely implement the El
|
|
Torito bootable CDROM standard. This boot loader supports
|
|
<quote>no emulation</quote> mode booting, thus eliminating the
|
|
need for an emulated floppy disk image on a bootable
|
|
CDROM. &merged;</para>
|
|
|
|
<para arch="i386">The i386 boot loader now has support for a
|
|
<literal>nullconsole</literal> console type, for use on
|
|
systems with neither a video console nor a serial
|
|
port. &merged;</para>
|
|
|
|
<para arch="i386">The &man.loader.8; now has optional support
|
|
(enabled at compile-time, off by default) for loading
|
|
<application>bzip2</application>-compressed kernels and
|
|
modules. &merged;</para>
|
|
|
|
<para arch="i386">Support for Intel's Wired for Management 2.0
|
|
(PXE) was added to the &os; boot loader. Due to API
|
|
differences, the older PXE versions are not supported. This
|
|
allow network booting using DHCP. &merged;</para>
|
|
|
|
<!-- Above this line, order bootloader changes by keyword-->
|
|
|
|
<para arch="i386">The &os; boot loader now contains a workaround
|
|
to support CDROM booting on certain IBM BIOSs that expect the
|
|
first sector of the emulated floppy to contain a valid MS-DOS
|
|
BPB that they can modify. &merged;</para>
|
|
|
|
<para arch="i386">The &os; boot loader now supports a
|
|
<option>-p</option> flag to force the kernel to pause after
|
|
each line of output during the probing phase. &merged;</para>
|
|
|
|
<para arch="alpha,i386">The &os; boot loader is now capable of
|
|
booting from filesystems with block sizes larger than
|
|
8K. &merged;</para>
|
|
|
|
<para>The kernel and modules have been moved to the directory
|
|
<filename>/boot/kernel</filename>, so they can be easily
|
|
manipulated together. The boot loader has been updated to
|
|
make this change as seamless as possible.</para>
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Network Interface Support</title>
|
|
|
|
<para>The &man.an.4; driver for Cisco Aironet cards now supports
|
|
Wired Equivalent Privacy (WEP) encryption, settable via
|
|
&man.ancontrol.8;. &merged;</para>
|
|
|
|
<para>The &man.an.4; driver now supports the Cisco Aironet 350
|
|
series of adaptors. &merged;</para>
|
|
|
|
<para>The &man.an.4; driver now supports <quote>monitor</quote>
|
|
mode, settable via the <option>-M</option> option to
|
|
&man.ancontrol.8;. &merged;</para>
|
|
|
|
<para>The &man.an.4; driver now supports Cisco LEAP, as well as
|
|
the <quote>Home</quote> WEP key. The Linux Aironet utilities
|
|
are now supported under emulation. &merged;</para>
|
|
|
|
<para arch="i386">Generic support for ARCNET token-based
|
|
networks has been added. &merged;</para>
|
|
|
|
<para arch="i386">The &man.bge.4; driver has been added to
|
|
support the Broadcom BCM570x family of Gigabit Ethernet
|
|
controllers, including the 3Com 3c996-T, the SysKonnect
|
|
SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on
|
|
Dell PowerEdge 2550 servers. Output TCP/IP checksum offload,
|
|
jumbo frames and VLAN tag insertion/stripping are supported,
|
|
as well as interrupt moderation. &merged;</para>
|
|
|
|
<para arch="i386">The cm driver has been added to support SMC
|
|
COM90cx6 ARCNET network adapters. &merged;</para>
|
|
|
|
<para>The &man.dc.4; driver now supports NICs based on the Xircom
|
|
3201 and Conexant LANfinity RS7112 chips.</para>
|
|
|
|
<para>The &man.dc.4; driver now has support for
|
|
VLANs. &merged;</para>
|
|
|
|
<para>The &man.de.4; driver now performs round-robin arbitration
|
|
between the transmit and receive units of the 21143, instead
|
|
of giving priority to the receive unit. This gives a
|
|
10–15% performance improvement in the forwarding rate
|
|
under heavy load. &merged;</para>
|
|
|
|
<para arch="alpha">The &man.ed.4; driver is now supported.</para>
|
|
|
|
<para arch="i386">Linksys Fast Ethernet PCCARD cards supported
|
|
by the &man.ed.4; driver now require the addition of flag
|
|
<literal>0x80000</literal> to their config line in
|
|
&man.pccard.conf.5;. This flag is not optional. These
|
|
Linksys cards will not be recognized without
|
|
it. &merged;</para>
|
|
|
|
<para>A bug in the &man.ed.4; driver that could cause panics
|
|
with very short packets and BPF or bridging active has been
|
|
fixed. &merged;</para>
|
|
|
|
<para>The &man.ed.4; driver now has support for D-Link DL10022
|
|
chips, necessary for the NetGear FA-410TX and other cards. As
|
|
a result, <literal>device miibus</literal> is required in
|
|
kernel configurations using the &man.ed.4;
|
|
driver. &merged;</para>
|
|
|
|
<para arch="i386">The &man.el.4; driver can now be loaded as a
|
|
module.</para>
|
|
|
|
<para arch="i386">The &man.em.4; driver has been added to
|
|
support NICs based on the Intel 82542, 82543, and 82544
|
|
Gigabit Ethernet controller chips. The driver supports
|
|
transmit/receive checksum offload and jumbo frames on 82543
|
|
and 82544-based adapters. &merged;</para>
|
|
|
|
<para>The &man.faith.4; device is now loadable, unloadable, and
|
|
clonable. &merged;</para>
|
|
|
|
<para arch="i386">Support for Fujitsu MB86960A/MB86965A based
|
|
Ethernet PC-Cards has been added back in the &man.fe.4;
|
|
driver. &merged;</para>
|
|
|
|
<para arch="alpha">The &man.fpa.4; driver now supports Digital's
|
|
DEFPA FDDI adaptors on the Alpha. &merged;</para>
|
|
|
|
<para>The &man.fxp.4; driver now requires a <literal>device
|
|
miibus</literal> entry in the kernel configuration
|
|
file. &merged;</para>
|
|
|
|
<para>The &man.fxp.4; driver now contains a workaround for PCI
|
|
protocol violations caused by defects in some systems based on
|
|
the Intel ICH2/ICH2-M chip. The workaround is to rewrite the
|
|
EEPROM on the interface to disable Dynamic Standby Mode; once
|
|
the EEPROM is rewritten, the system needs to be rebooted for
|
|
the new settings to take effect. &merged;</para>
|
|
|
|
<para>The &man.fxp.4; driver now supports Intel's loadable
|
|
microcode to implement receive-side interrupt coalescing and
|
|
packet bundling, on NICs that support these features. This
|
|
support can be activated by the use of the
|
|
<option>link0</option> option to
|
|
&man.ifconfig.8;. &merged;</para>
|
|
|
|
<para arch="sparc64">The gem driver has been added to support
|
|
the Sun GEM Gigabit Ethernet and ERI Fast Ethernet
|
|
adapters.</para>
|
|
|
|
<para>The &man.gx.4; driver has been added to support NICs based
|
|
on the Intel 82542 and 82543 Gigabit Ethernet controller
|
|
chips. Both fiber and copper variants of the cards are
|
|
supported. Both boards support VLAN tagging/insertion, and
|
|
the 82543 additionally supports TCP/IP checksum
|
|
offload. &merged;</para>
|
|
|
|
<para arch="sparc64">The hme driver has been added to support
|
|
the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra
|
|
series machines.</para>
|
|
|
|
<para>The &man.lge.4; driver has been added to support the Level
|
|
1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This
|
|
device is used on some fiber optic GigE cards from SMC, D-Link
|
|
and Addtron. Jumbograms and TCP/IP checksum offload on
|
|
receive are supported, although hardware VLAN filtering is
|
|
not. &merged;</para>
|
|
|
|
<para>Added the &man.nge.4; driver, which supports PCI Gigabit
|
|
Ethernet adapters based on the National Semiconductor DP83820
|
|
and DP83821 Gigabit Ethernet controller chips, including the
|
|
D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante
|
|
FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T.
|
|
This driver supports transmit and receive checksum
|
|
offloading. &merged;</para>
|
|
|
|
<para>The &man.pcn.4; driver, which supports the AMD PCnet/FAST,
|
|
PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and
|
|
HomePNA adapters, has been added. Although these cards are
|
|
already supported by the &man.lnc.4; driver, the &man.pcn.4;
|
|
driver runs these chips in 32-bit mode and uses the RX
|
|
alignment feature to achieve zero-copy receive. This driver
|
|
is also machine-independent, so it will work on both the i386
|
|
and Alpha platforms. The &man.lnc.4; driver is still needed
|
|
to support non-PCI cards. &merged;</para>
|
|
|
|
<para>The &man.ray.4; driver, which supports the Webgear Aviator
|
|
wireless network cards, has been committed. The operation of
|
|
&man.ray.4; interfaces can be modified by
|
|
&man.raycontrol.8;. &merged;</para>
|
|
|
|
<para arch="i386">The sbni driver, for supporting the Granch
|
|
SBNI12 series of ISA and PCI point-to-point communications
|
|
interfaces, has been added. The <filename
|
|
role="package">sysutils/sbniconfig</filename> port in the &os;
|
|
Ports Collection can be used for configuring these
|
|
devices. &merged;</para>
|
|
|
|
<para>Added support for PCI Ethernet adapters based on the SiS
|
|
900 and SiS 7016 Fast Ethernet controller chips (for example,
|
|
as seen on the SiS 635 and 735 motherboard chipsets), as well
|
|
as the National Semiconductor DP83815 chipset (including the
|
|
NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4;
|
|
driver. This device has support for VLANs. &merged;</para>
|
|
|
|
<para arch="i386">The snc driver for the National Semiconductor
|
|
DP8393X (SONIC) Ethernet controller has been added.
|
|
Currently, this driver is only used on the PC-98
|
|
architecture. &merged;</para>
|
|
|
|
<para>The &man.stf.4; device is now clonable.</para>
|
|
|
|
<para>The &man.tap.4; driver, a virtual Ethernet device driver
|
|
for bridged configurations, has been added. This device is
|
|
clonable. &merged;</para>
|
|
|
|
<para>The &man.ti.4; driver now supports the Alteon AceNIC
|
|
1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT
|
|
Gigabit cards. &merged;</para>
|
|
|
|
<para>The &man.ti.4; driver correctly masks VLAN tags. &merged;</para>
|
|
|
|
<para>The &man.txp.4; driver has been added to support NICs
|
|
based on the 3Com 3XP Typhoon/Sidewinder (3CR990)
|
|
chipset. &merged;</para>
|
|
|
|
<para>&man.vlan.4; devices are now loadable, unloadable, and
|
|
clonable. &merged;</para>
|
|
|
|
<para>The &man.wi.4; driver now has support for Prism II and
|
|
Prism 2.5-based NICs. 104/128-bit WEP now works on Prism
|
|
cards. &merged;</para>
|
|
|
|
<para>The &man.xl.4; driver now supports the 3Com 3C556 and
|
|
3C556B MiniPCI adapters used on some laptops. &merged;</para>
|
|
|
|
<para>The &man.xl.4; driver now supports reception of VLAN
|
|
tagged frames (on the <quote>Cyclone</quote> or newer
|
|
chipsets). &merged;</para>
|
|
|
|
<para>The &man.xl.4; driver now supports send- and receive-side
|
|
TCP/IP checksum offloading for NICs implementing this feature,
|
|
such as the 3C905B, 3C905C, and 3C980C. &merged;</para>
|
|
|
|
<para>A bug in the &man.xl.4; driver, related to statistics
|
|
overflow interrupt handling, was causing slowdowns at medium
|
|
to high packet rates; this has been fixed. &merged;</para>
|
|
|
|
<para>The per-interface <varname>ifnet</varname> structure now
|
|
has the ability to indicate a set of capabilities supported by
|
|
a network interface, and which ones are enabled.
|
|
&man.ifconfig.8; has support for querying these
|
|
capabilities. &merged;</para>
|
|
|
|
<para>Performance with hosts having a large number of IP aliases
|
|
has been improved, by replacing the per-interface
|
|
<varname>if_inaddr</varname> linear list with a hash table. &merged;</para>
|
|
|
|
<para>Network devices now automatically appear as special files in
|
|
<filename>/dev/net</filename>. Interface hardware ioctls (not
|
|
protocol or routing) can be performed on these devices. The
|
|
<varname>SIOCGIFCONF</varname> ioctl may be performed on the
|
|
special <filename>/dev/network</filename> node.</para>
|
|
|
|
<para>Selected network drivers now implement a semi-polling
|
|
mode, which makes systems much more resilient to attacks and
|
|
overloads. To enable polling, the following options are
|
|
required in a kernel configuration file:
|
|
|
|
<programlisting>options DEVICE_POLLING
|
|
options HZ=1000 # not compulsory but strongly recommended</programlisting>
|
|
|
|
The <varname>kern.polling.enable</varname> sysctl variable
|
|
will then activate polling mode; with the
|
|
<varname>kern.polling.user_frac</varname> sysctl indicating
|
|
the percentage of CPU time to be reserved for userland. The
|
|
devices initially supporting polling are &man.dc.4;,
|
|
&man.fxp.4;, and &man.sis.4;. More details can be found in
|
|
the &man.polling.4; manual page. &merged;</para>
|
|
|
|
<para arch="i386">The packet-forwarding performance of certain
|
|
network drivers (specifically &man.dc.4; and &man.sis.4;) has
|
|
been enhanced by the elimination of unnecessary buffer
|
|
copies. &merged;</para>
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Network Protocols</title>
|
|
|
|
<para>&man.accept.filter.9;, a kernel feature to reduce
|
|
overheads when accepting and reading new connections on
|
|
listening sockets, has been added. &merged;</para>
|
|
|
|
<para>The <literal>proxy</literal> modifier to &man.arp.8;'s
|
|
<option>-d</option> option has been renamed to
|
|
<literal>pub</literal>, for consistency with the
|
|
<option>-s</option> option. The <literal>only</literal> keyword
|
|
has been added to the <option>-s</option> and
|
|
<option>-S</option> flags, to be used in creating
|
|
<quote>proxy-only</quote> published entries. &merged;</para>
|
|
|
|
<para>The read timeout feature of &man.bpf.4; now works more
|
|
correctly with &man.select.2;/&man.poll.2;, and therefore with
|
|
pthreads. &merged;</para>
|
|
|
|
<para>&man.bridge.4; and &man.dummynet.4; have received some
|
|
enhancements and bug fixes, and are now loadable
|
|
modules. &merged;</para>
|
|
|
|
<para>&man.bridge.4; now has better support for multiple,
|
|
fully-independent bridging clusters, and is much more stable
|
|
in the presence of dynamic attachments and detatchments. Full
|
|
support for VLANs is also supported. &merged;</para>
|
|
|
|
<para>ICMP ECHO and TSTAMP replies are now rate limited. TCP
|
|
RSTs generated due to packets sent to open and unopen ports
|
|
are now limited by separate counters. Each rate limiting
|
|
queue now has its own description.</para>
|
|
|
|
<para>ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can
|
|
now RST TCP connections in the <literal>SYN_SENT</literal>
|
|
state if the correct sequence numbers are sent back, as
|
|
controlled by the
|
|
<varname>net.inet.tcp.icmp_may_rst</varname> sysctl. &merged;</para>
|
|
|
|
<para>IP multicast now works on VLAN devices. Several other
|
|
bugs in the VLAN code have also been fixed.</para>
|
|
|
|
<para>A bug in the IPSec processing for IPv4, which caused the
|
|
inbound SPD checks to be ignored, has been fixed. &merged;</para>
|
|
|
|
<para>&man.ipfw.4; now filters correctly in the presence of ECN
|
|
bits in TCP segments. &merged;</para>
|
|
|
|
<para>A new &man.ng.eth.4; netgraph node allows Ethernet type
|
|
packets to be filtered to different hooks depending on
|
|
ethertype.</para>
|
|
|
|
<para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph
|
|
nodes, for operating on &man.gif.4; devices, have been
|
|
added.</para>
|
|
|
|
<para>The &man.ng.ip.input.4; netgraph node, for queueing IP
|
|
packets into the main IP input processing code, has been
|
|
added.</para>
|
|
|
|
<para>The &man.ng.mppc.4; and &man.ng.bridge.4; node types have
|
|
been added to the &man.netgraph.4; subsystem. The
|
|
&man.ng.ether.4; node is now dynamically loadable.
|
|
Miscellaneous bug fixes and enhancements have also been
|
|
made. &merged;</para>
|
|
|
|
<para>A new netgraph node type &man.ng.one2many.4; for
|
|
multiplexing and demultiplexing packets over multiple links
|
|
has been added. &merged;</para>
|
|
|
|
<para>A new sysctl
|
|
<varname>net.inet.ip.check_interface</varname>, which is on by
|
|
default, causes IP to verify that an incoming packet arrives
|
|
on an interface that has an address matching the packet's
|
|
destination address. &merged;</para>
|
|
|
|
<para>A new sysctl
|
|
<varname>net.link.ether.inet.log_arp_wrong_iface</varname> has
|
|
been added to control the suppression of logging when ARP
|
|
replies arrive on the wrong interface. &merged;</para>
|
|
|
|
<para>A new <literal>options RANDOM_IP_ID</literal> kernel
|
|
option causes the ID field of IP packets to be randomized.
|
|
This closes a minor information leak which allows a remote
|
|
observer to determine the rate at which the machine is
|
|
generating packets, since the default behavior is to increment
|
|
a counter for each packet sent. &merged;</para>
|
|
|
|
<para arch="alpha">SLIP has been removed from the
|
|
<filename>mfsroot</filename> floppy image.</para>
|
|
|
|
<para>TCP has received some bug fixes for its delayed ACK
|
|
behavior. &merged;</para>
|
|
|
|
<para>TCP now supports the NewReno modification to the TCP Fast
|
|
Recovery algorithm. This behavior can be controlled via the
|
|
<varname>net.inet.tcp.newreno</varname> sysctl
|
|
variable. &merged;</para>
|
|
|
|
<para>TCP now uses a more aggressive timeout for initial SYN
|
|
segments; this allows initial connection attempts to be
|
|
dropped much faster. &merged;</para>
|
|
|
|
<para>The <literal>TCP_COMPAT_42</literal> kernel option has
|
|
been removed. &merged;</para>
|
|
|
|
<para>The <literal>TCP_RESTRICT_RST</literal> kernel option has
|
|
been removed. Similar functionality can be achieved with the
|
|
<varname>net.inet.tcp.blackhole</varname> sysctl
|
|
variable. &merged;</para>
|
|
|
|
<para>TCP now has RFC 1323 extensions enabled by default in
|
|
&man.rc.conf.5;. &merged;</para>
|
|
|
|
<para>RFC 1323 and RFC 1644 TCP extensions are now disabled for
|
|
a connection in progress if no response has been received by
|
|
the third SYN segment sent. This behavior tries to work
|
|
around (very old) terminal servers with buggy VJ header
|
|
compression implementations. &merged;</para>
|
|
|
|
<para>The TCP implementation no longer requires the allocation
|
|
of a TCP template structure for each connection; this should
|
|
reduce the buffer usage on large systems handling many
|
|
connections. &merged;</para>
|
|
|
|
<para>TCP's default buffer sizes, controlled by the
|
|
<varname>net.inet.tcp.sendspace</varname> and
|
|
<varname>net.inet.tcp.recvspace</varname> sysctl variables,
|
|
have been increased to 32K and 64K respectively. Previously,
|
|
the default for both buffer sizes was 16K. To try to avoid
|
|
increasing congestion, the default value for
|
|
<varname>net.inet.tcp.local_slowstart_flightsize</varname> has
|
|
been changed from infinity to 4. &merged;
|
|
|
|
<note>
|
|
<para>On busy hosts, the new larger buffer sizes may require
|
|
manually increasing the
|
|
<varname>NMBCLUSTERS</varname> parameter, either in the
|
|
kernel configuration file or via the
|
|
<varname>kern.ipc.nmbclusters</varname> loader tunable.
|
|
<command>netstat -mb</command> can be used to monitor the
|
|
state of mbuf clusters.</para>
|
|
</note>
|
|
</para>
|
|
|
|
<para>TCP now supports RFC 1948 (Defending Against Sequence
|
|
Number Attacks). This functionality is controlled by the
|
|
<varname>net.inet.tcp.strict_rfc1948</varname> and
|
|
<varname>net.inet.tcp.isn_reseed_interval</varname> sysctl
|
|
variables. &merged;</para>
|
|
|
|
<para>The TCP implementation in &os; now implements a cache of
|
|
outstanding, received SYN segments. Incoming SYN segments now
|
|
cause entries to be placed in the cache until the TCP
|
|
three-way handshake is complete, at which point, memory is
|
|
allocated for the connection as usual. In addition, all TCP
|
|
Initial Sequence Numbers (ISNs) are used as cookies, allowing
|
|
entries in the cache to be dropped, but still have their
|
|
corresponding ACKs accepted later. The combination of the
|
|
so-called
|
|
<quote>syncache</quote> and <quote>syncookies</quote> features
|
|
makes a host much more resistant to TCP-based Denial of
|
|
Service attacks. Work on this feature was sponsored by DARPA
|
|
and NAI Labs. &merged;</para>
|
|
|
|
<para>A bug in the TCP implementation, which could cause
|
|
connections to stall if a sender saw a zero-sized window, has
|
|
been corrected. &merged;</para>
|
|
|
|
<para>The TCP implementation now properly ignores packets
|
|
addressed to IP-layer broadcast addresses. &merged;</para>
|
|
|
|
<para>The ephemeral port range used for TCP and UDP has been
|
|
changed to 49152–65535 (the old default was
|
|
1024–5000). This increases the number of concurrent
|
|
outgoing connections/streams.</para>
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Disks and Storage</title>
|
|
|
|
<para arch="i386">Support for the Adaptec FSA family of PCI-SCSI
|
|
RAID controllers has been added, in the form of the
|
|
&man.aac.4; driver. This driver includes proper handling of
|
|
commands initiated by the adapter, addition/removal of disk
|
|
devices, crashdump functionality, and &man.ioctl.2; commands
|
|
necessary for the management CLI, and is fully qualified and
|
|
sanctioned by Adaptec. &merged;</para>
|
|
|
|
<para>The &man.ahc.4; driver has received numerous updates,
|
|
bugfixes, and enhancements. Among various improvements are
|
|
improved compatibility with chips in <quote>RAID Port</quote>
|
|
mode and systems with AAA and/or ARO cards installed, as well
|
|
as performance improvements. Some bugs were also fixed,
|
|
including a rare hang on Ultra2/U160
|
|
controllers. &merged;</para>
|
|
|
|
<para arch="i386">The &man.asr.4; driver, which provides support
|
|
for the Adaptec SCSI RAID controller family, as well as the
|
|
DPT SmartRAID V and VI families, has been
|
|
added. &merged;</para>
|
|
|
|
<para arch="i386">The &man.asr.4; driver now supports the
|
|
Adaptec 2000S and 2005S Zero-Channel RAID
|
|
controllers. &merged;</para>
|
|
|
|
<para>The &man.ata.4; driver now has support for ATA100
|
|
controllers. In addition, it now supports the ServerWorks
|
|
ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100
|
|
chipsets, and the Cyrix 5530. &merged;</para>
|
|
|
|
<para>To provide more flexible configuration, the various
|
|
options for the &man.ata.4; driver are now boot loader
|
|
tunables, rather than kernel configure-time
|
|
options. &merged;</para>
|
|
|
|
<para>The &man.ata.4; driver now has support for tagged queuing,
|
|
which is enabled by the <varname>hw.ata.tags</varname> loader
|
|
tunable. &merged;</para>
|
|
|
|
<para>The &man.ata.4; driver now has support for ATA
|
|
<quote>pseudo</quote> RAID controllers as the Promise Fasttrak
|
|
and HighPoint HPT370 controllers. &merged;</para>
|
|
|
|
<para>The &man.ata.4; driver now supports a wider variety of SiS
|
|
chipsets, as listed in the Hardware Notes. &merged;</para>
|
|
|
|
<para>The &man.ata.4; driver now has support for rebuilding
|
|
failed drives in a RAID1 configuration, under control of
|
|
&man.atacontrol.8;. &merged;</para>
|
|
|
|
<para>The BurnProof(TM) feature, for applicable ATAPI CD-ROM
|
|
burners, is now supported. &merged;</para>
|
|
|
|
<para>The &man.ata.4; driver now has support for 48-bit
|
|
addressing. Devices larger than 137GB are now
|
|
supported. &merged;</para>
|
|
|
|
<para>The &man.ata.4; driver now contains fixes for some data
|
|
corruption problems on systems using the VIA 82C686B
|
|
Southbridge chip. &merged;</para>
|
|
|
|
<!-- The following note needs to be made more specific or eliminated. -->
|
|
<para>The CAM error recovery code has been updated.</para>
|
|
|
|
<para>The &man.cd.4; driver now has support for write
|
|
operations. This allows writing to DVD-RAM, PD and similar
|
|
drives that probe as CD devices. Note that change affects
|
|
only random-access writeable devices, not sequential-only
|
|
writeable devices such as CD-R drives, which are supported by
|
|
&man.cdrecord.1; (a part of
|
|
<filename role="package">sysutils/cdrtools</filename> in the
|
|
Ports Collection. &merged;</para>
|
|
|
|
<para arch="i386">The ciss driver, for devices utilizing the
|
|
Common Interface for SCSI-3 Support, has been added. This
|
|
driver supports the Compaq SmartRAID 5* family of RAID
|
|
controllers (5300, 532, 5i). &merged;</para>
|
|
|
|
<para>The &man.fdc.4; floppy disk has undergone a number of
|
|
enhancements. Density selection for common settings is now
|
|
automatic; the driver is also much more flexible in setting
|
|
the densities of various subdevices.</para>
|
|
|
|
<para>The ida disk driver now has crashdump
|
|
support. &merged;</para>
|
|
|
|
<para arch="i386">The iir driver has been added to support the
|
|
Intel Integrated RAID controllers, as well as prior ICP Vortex
|
|
controllers.</para>
|
|
|
|
<para arch="alpha">A bug that made certain CDROM drives fail to
|
|
attach when connected to a SCSI card driven by &man.isp.4; has
|
|
been fixed. &merged;</para>
|
|
|
|
<para>The &man.isp.4; driver is now proactive about discovering
|
|
Fibre Channel topology changes.</para>
|
|
|
|
<para>The &man.isp.4; driver now supports target mode for Qlogic
|
|
SCSI cards, including Ultra2 and Ultra3 and dual bus
|
|
cards.</para>
|
|
|
|
<para>The &man.isp.4; driver now supports the Qlogic 2300 and
|
|
2312 Optical Fibre Channel PCI cards. &merged;</para>
|
|
|
|
<para>&man.md.4;, the memory disk device, has had the
|
|
functionality of &man.vn.4; incorporated into it. &man.md.4;
|
|
devices can now be configured by &man.mdconfig.8;. &man.vn.4;
|
|
has been removed. The Memory Filesystem (MFS) has also been
|
|
removed.</para>
|
|
|
|
<para arch="i386">The &man.mly.4; driver, for Mylex PCI to SCSI
|
|
AccelRAID and eXtremeRAID controllers with firmware 6.X and
|
|
later, has been added. &merged;</para>
|
|
|
|
<para arch="i386">The ncv, nsp, and stg drivers have been ported
|
|
from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja
|
|
SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers.
|
|
All three drivers can be built and loaded as
|
|
modules. &merged;</para>
|
|
|
|
<para>Some problems in &man.sa.4; error handling have been
|
|
fixed, including the <quote>tape drive spinning indefinitely
|
|
upon &man.mt.1; <option>stat</option></quote> problem.</para>
|
|
|
|
<para arch="i386">The &man.twe.4; 3ware ATA RAID driver has
|
|
added. &merged;</para>
|
|
|
|
<!-- The following note needs to be made more specific or eliminated. -->
|
|
<para>The &man.vinum.4; volume manager has received some bug
|
|
fixes and enhancements.</para>
|
|
|
|
<para>The &man.wd.4; compatibility devices were removed from the
|
|
&man.ata.4; driver. &merged;</para>
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Filesystems</title>
|
|
|
|
<para>Support for named extended attributes was added to the
|
|
&os; kernel. This allows the kernel, and appropriately
|
|
privileged userland processes, to tag files and directories
|
|
with attribute data. Extended attributes were added to
|
|
support the TrustedBSD Project, in particular ACLs, capability
|
|
data, and mandatory access control labels (see
|
|
<filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for
|
|
details).</para>
|
|
|
|
<para>Due to a licensing change, softupdates have been
|
|
integrated into the main portion of the kernel source tree.
|
|
As a consequence, softupdates are now available with the
|
|
<filename>GENERIC</filename> kernel. &merged;</para>
|
|
|
|
<para>A filesystem snapshot capability has been added to FFS.
|
|
Details can be found in
|
|
<filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para>
|
|
|
|
<!-- The following note needs to be made more specific or eliminated. -->
|
|
<para>Softupdates for FFS have received some bug fixes and
|
|
enhancements.</para>
|
|
|
|
<para>When running with softupdates, &man.statfs.2; and
|
|
&man.df.1; will track the number of blocks and files that are
|
|
committed to being freed.</para>
|
|
|
|
<para>A bug in FFS that could cause superblock corruption on
|
|
very large filesystems has been corrected. &merged;</para>
|
|
|
|
<para>The Inode Filesystem (IFS) has been added; more
|
|
information can be found in
|
|
<filename>/usr/src/sys/ufs/ifs/README</filename>.</para>
|
|
|
|
<para>The ISO-9660 filesystem now has a hook that supports a
|
|
loadable character conversion routine. The
|
|
<filename role="package">sysutils/cd9660_unicode</filename>
|
|
port contains a set of common conversions. &merged;</para>
|
|
|
|
<para>&man.kernfs.5; is obsolete and has been retired.</para>
|
|
|
|
<para>A bug in the NFS client that caused bogus access times with
|
|
<literal>O_EXCL|O_CREAT</literal> opens was
|
|
fixed. &merged;</para>
|
|
|
|
<para>A new NFS hash function (based on the Fowler/Noll/Vo hash
|
|
algorithm) has been implemented to improve NFS performance by
|
|
increasing the efficiency of the <varname>nfsnode</varname>
|
|
hash tables. &merged;</para>
|
|
|
|
<para>Client-side NFS locks have been implemented.</para>
|
|
|
|
<para>The client-side and server-side of the NFS code in the
|
|
kernel used to be intertwined in various complex ways. They
|
|
have been split apart for ease of maintenance and further
|
|
development.</para>
|
|
|
|
<para>Support for file system Access Control Lists (ACLs) has
|
|
been introduced, allowing more fine-grained control of
|
|
discretionary access control on files and directories. This
|
|
support was integrated from the TrustedBSD Project. More
|
|
details can be found in
|
|
<filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para>
|
|
|
|
<para>The directory layout preference algorithm for FFS
|
|
(<literal>dirprefs</literal>) has been changed. Rather than
|
|
scattering directory blocks across a disk, it attempts to
|
|
group related directory blocks together. Operations
|
|
traversing large directory hierarchies, such as the &os; Ports
|
|
tree, have shown marked speedups. This change is transparent
|
|
and automatic for new directories. &merged;</para>
|
|
|
|
<para arch="i386">smbfs (CIFS) support in kernel has been added.
|
|
The userland programs &man.smbutil.1; and &man.mount.smbfs.8;
|
|
can be used to work with SMB shares. Note that
|
|
&man.mount.smbfs.8; will automatically load the
|
|
<filename>smbfs.ko</filename> module into the kernel, even if
|
|
<literal>LIBMCHAIN</literal> and
|
|
<literal>LIBICONV</literal> were not compiled into the kernel.
|
|
&merged;</para>
|
|
|
|
<para>For consistency, the fdesc, fifo, null, msdos, portal,
|
|
umap, and union filesystems have been renamed to fdescfs,
|
|
fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where
|
|
applicable, modules and mount_* programs have been renamed.
|
|
Compatibility <quote>glue</quote> has been added to
|
|
&man.mount.8; so that <literal>msdos</literal> filesystem
|
|
entries in &man.fstab.5; will work without changes.</para>
|
|
|
|
<para>pseudofs, a pseudo-filesystem framework, has been added.
|
|
&man.linprocfs.5; and &man.procfs.5; have been modified to use
|
|
pseudofs.</para>
|
|
|
|
<para>A simple hash-based lookup optimization for large
|
|
directories called <literal>dirhash</literal> has been added.
|
|
Conditional on the
|
|
<literal>UFS_DIRHASH</literal> kernel option (enabled by
|
|
default in the <filename>GENERIC</filename> kernel), it
|
|
improves the speed of operations on very large directories at
|
|
the expense of some memory. &merged;</para>
|
|
|
|
<para>The virtual memory subsystem now backs UFS directory
|
|
memory requirements by default (this behavior is controlled
|
|
via the <varname>vfs.vmiodirenable</varname> sysctl
|
|
variable). &merged;</para>
|
|
|
|
<para>A bug that prevented the root filesystem from being
|
|
mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were
|
|
always supported). &merged;</para>
|
|
|
|
<para>A number of bugs in the filesystem code, discovered
|
|
through the use of the <application>fsx</application>
|
|
filesystem test tool, have been fixed. Under certain
|
|
circumstances (primarily related to use of NFS), these bugs
|
|
could cause data corruption or kernel panics. &merged;</para>
|
|
|
|
<para>Network filesystems (such as NFS and smbfs filesystems)
|
|
listed in <filename>/etc/fstab</filename> can now be properly
|
|
mounted during startup initialization; their mounts are
|
|
deferred until after the network is initialized.</para>
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>PCCARD Support</title>
|
|
|
|
<para arch="i386">The pccard driver and &man.pccardc.8; now
|
|
support multiple <quote>beep types</quote> upon card insertion
|
|
and removal. &merged;</para>
|
|
|
|
<para>On many modern hosts, PCCARD devices can be configured to
|
|
route their interrupts via either the ISA or PCI interrupt
|
|
paths. The &man.pcic.4; driver has been updated to support
|
|
both interrupt paths (formerly, only routing via ISA was
|
|
supported). &merged; In most cases, configuration of PCMCIA
|
|
devices in laptops is simpler and more flexible. In addition,
|
|
various Cardbus bridge PCI cards (such as those used by
|
|
Orinoco PCI NICs) are now supported. Some hosts may
|
|
experience problems, such as hangs or panics, with PCI
|
|
interrupt routing; they can frequently be made to work by
|
|
forcing the older-style ISA interrupt routing. The following
|
|
lines, placed in <filename>/boot/loader.conf</filename>, may
|
|
fix the problem:</para>
|
|
|
|
<programlisting>hw.pcic.intr_path="1"
|
|
hw.pcic.irq="0"</programlisting>
|
|
|
|
<para>When installing &os; on such a system, typing the
|
|
following lines to the boot loader may be helpful in starting
|
|
up &os; for the first time:<para>
|
|
|
|
<screen><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput>
|
|
<prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen>
|
|
|
|
<para arch="i386">Preliminary Cardbus support under NEWCARD has
|
|
been added. This code supports the TI113X, TI12XX, TI125X,
|
|
Ricoh 5C46/5C47, Topic 95/97/100 and Cirrus Logic PD683X
|
|
bridges. 16-bit PC Card support is not yet functional.</para>
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Multimedia Support</title>
|
|
|
|
<para arch="i386">The &man.pcm.4; driver now supports the ESS
|
|
Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media
|
|
fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound
|
|
card/chipsets, and has received some other updates. Separate
|
|
drivers for the SoundBlaster 8 and SoundBlaster 16 now replace
|
|
an older, unified driver. A driver for the CMedia
|
|
CMI8338/CMI8738 sound chips has been added. A driver for the
|
|
CS4281 sound chip has been added. A driver for the S3
|
|
SonicVibes chipset has been added. &merged;</para>
|
|
|
|
<para arch="i386">A driver for the Avance Logic ALS4000 has been
|
|
added. &merged;</para>
|
|
|
|
<para arch="i386">A driver for the ESS Maestro-3/Allegro has
|
|
been added, however due to licensing restrictions, it cannot
|
|
be compiled into the kernel. &merged; To use this driver, add
|
|
the following line to
|
|
<filename>/boot/loader.conf</filename>:</para>
|
|
|
|
<programlisting>snd_maestro3_load="YES"</programlisting>
|
|
|
|
<para>The &man.bktr.4; driver has been updated to 2.18. This
|
|
update provides a number of new features. New tuner types
|
|
have been added, and improvements to the KLD module and to
|
|
memory allocation have been made. Bugs in &man.devfs.5; when
|
|
unloading and reloading have been fixed. Support for new
|
|
Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux)
|
|
has been added. &merged;</para>
|
|
|
|
<para arch="i386">The ufm driver, supporting the D-Link DSB-R100
|
|
USB Radio, has been added. &merged;</para>
|
|
|
|
<para>When sound modules are built, one can now load all the
|
|
drivers and infrastructure by <command>kldload
|
|
snd</command>. &merged;</para>
|
|
|
|
<para>A new API has been added for sound cards with hardware
|
|
volume control.</para>
|
|
|
|
<para arch="i386">A driver for the Intel 443MX, 810, 815, and
|
|
815E integrated sound devices has been added. &merged;</para>
|
|
|
|
<para arch="i386">The via82c686 sound driver now supports the VIA
|
|
VT8233. &merged;</para>
|
|
|
|
<para arch="i386">The ich sound driver now support the SiS
|
|
7012 chipset. &merged;</para>
|
|
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Contributed Software</title>
|
|
|
|
<para>The Forth Inspired Command Language
|
|
(<application>FICL</application>) used in the boot loader has
|
|
been updated to 2.05.</para>
|
|
|
|
<para>Support for Advanced Configuration and Power Interface
|
|
(ACPI), a multi-vendor standard for configuration and power
|
|
management, has been added. This functionality has been
|
|
provided by the <application>Intel ACPI Component
|
|
Architecture</application> project, as of the ACPI CA 20020308
|
|
snapshot. Some backward compatability for applications using
|
|
the older APM standard has been provided.</para>
|
|
|
|
<sect4>
|
|
<title>IPFilter</title>
|
|
|
|
<para><application>IPFilter</application> has been updated to
|
|
3.4.25.</para>
|
|
|
|
<para><application>IPFilter</application> now supports
|
|
IPv6. &merged;</para>
|
|
|
|
</sect4>
|
|
|
|
<sect4 arch="i386">
|
|
<title>isdn4bsd</title>
|
|
|
|
<para><application>isdn4bsd</application> has been updated to
|
|
version 1.0.1. As a result of this update, users of the
|
|
&man.i4bisppp.4; (kernel PPP over ISDN) driver
|
|
<emphasis>must</emphasis> now use &man.ispppcontrol.8;
|
|
instead of &man.spppcontrol.8; to configure and control these
|
|
network interfaces. &merged;</para>
|
|
|
|
<para>The &man.ifpi.4; driver for supporting the AVM
|
|
Fritz!Card PCI version 2 controller has been added. &merged;</para>
|
|
|
|
<para>The &man.ihfc.4; driver for supporting Cologne Chip
|
|
Designs HFC devices under
|
|
<application>isdn4bsd</application> has been
|
|
added. &merged;</para>
|
|
|
|
<para>The &man.itjc.4; driver for supporting NETjet-S / Teles
|
|
PCI-TJ devices under <application>isdn4bsd</application> has
|
|
been added. &merged;</para>
|
|
|
|
<para>Experimental support for the Eicon.Diehl DIVA 2.0 and
|
|
2.02 ISA PnP ISDN cards has been added to the &man.isic.4;
|
|
<application>isdn4bsd</application> driver. &merged;</para>
|
|
|
|
<para>The &man.isic.4; driver now supports the Compaq Microcom
|
|
610 ISDN ISA PnP card. &merged;</para>
|
|
|
|
<para>Active CAPI-based ISDN cards manufactured by AVM are now
|
|
supported using the &man.i4bcapi.4; and the &man.iavc.4;
|
|
driver. The supported cards are the AVM B1 PCI and AVM B1
|
|
ISA Basic Rate cards and the AVM T1 Primary Rate
|
|
cards. &merged;</para>
|
|
|
|
<para>A new <literal>maxconnecttime</literal> keyword is now
|
|
accepted in &man.isdnd.rc.5; files to limit the time a
|
|
connection may remain open. &merged;</para>
|
|
|
|
<para>&man.isdnphone.8; now supports a <option>-k</option>
|
|
option for sending messages via the keypad facility to a PBX
|
|
or exchange office. &merged;</para>
|
|
</sect4>
|
|
|
|
<sect4 id="kame-kernel">
|
|
<title>KAME</title>
|
|
|
|
<para>The IPv6 stack is now based on a snapshot based on the
|
|
KAME Project's IPv6 snapshot as of 28 May, 2001. Most of
|
|
the items listed in this section are a result of this
|
|
import. <xref linkend="kame-userland"> lists userland
|
|
updates to the KAME IPv6 stack. &merged;</para>
|
|
|
|
<para>&man.gif.4; is now based on RFC 2893, rather than RFC
|
|
1933. The <literal>IFF_LINK2</literal> interface flag can
|
|
be used to control ingress filtering. &merged;</para>
|
|
|
|
<para><application>IPSec</application> has received some
|
|
enhancements, including the ability to use the Rijndael and
|
|
SHA2 algorithms. IPSec RC5 support has been removed due to
|
|
patent issues. &merged;</para>
|
|
|
|
<para>&man.stf.4; now conforms to RFC 3056; the
|
|
<literal>IFF_LINK2</literal> interface flag can be used to
|
|
control ingress filtering. &merged;</para>
|
|
|
|
<para>IPv6 has better checking of illegal addresses (such as
|
|
loopback addresses) on physical networks. &merged;</para>
|
|
|
|
<para>The <varname>IPV6_V6ONLY</varname> socket option is now
|
|
completely supported. The kernel's default behavior with
|
|
respect to this option is controlled by the
|
|
<varname>net.inet6.ip6.v6only</varname> sysctl
|
|
variable. &merged;</para>
|
|
|
|
<para>RFC 3041 (Privacy Extensions for Stateless Address
|
|
Autoconfiguration) is now supported. It can be enabled via
|
|
the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl
|
|
variable. &merged;</para>
|
|
</sect4>
|
|
</sect3>
|
|
</sect2>
|
|
<sect2 id="security">
|
|
<title>Security-Related Changes</title>
|
|
|
|
<para>&man.sysinstall.8; now allows the user to select one of two
|
|
<quote>security profiles</quote> at install-time. These
|
|
profiles enable different levels of system security by enabling
|
|
or disabling various system services in &man.rc.conf.5; on new
|
|
installs. &merged;</para>
|
|
|
|
<para>A bug in which malformed ELF executable images can hang the
|
|
system has been fixed (see security advisory
|
|
FreeBSD-SA-00:41). &merged;</para>
|
|
|
|
<para>A security hole in Linux emulation was fixed (see security
|
|
advisory FreeBSD-SA-00:42). &merged;</para>
|
|
|
|
<para>String-handling library calls in many programs were fixed to
|
|
reduce the possibility of buffer overflow-related exploits.
|
|
&merged;</para>
|
|
|
|
<para>TCP now uses stronger randomness in choosing its initial
|
|
sequence numbers (see security advisory
|
|
FreeBSD-SA-00:52). &merged;</para>
|
|
|
|
<para>Several buffer overflows in &man.tcpdump.1; were corrected
|
|
(see security advisory FreeBSD-SA-00:61). &merged;</para>
|
|
|
|
<para>A security hole in &man.top.1; was corrected (see security
|
|
advisory FreeBSD-SA-00:62). &merged;</para>
|
|
|
|
<para>A potential security hole caused by an off-by-one-error in
|
|
&man.gethostbyname.3; has been fixed (see security advisory
|
|
FreeBSD-SA-00:63). &merged;</para>
|
|
|
|
<para>A potential buffer overflow in the &man.ncurses.3; library,
|
|
which could cause arbitrary code to be run from within
|
|
&man.systat.1;, has been corrected (see security advisory
|
|
FreeBSD-SA-00:68). &merged;</para>
|
|
|
|
<para>A vulnerability in &man.telnetd.8; that could cause it to
|
|
consume large amounts of server resources has been fixed (see
|
|
security advisory FreeBSD-SA-00:69). &merged;</para>
|
|
|
|
<para>The <literal>nat deny_incoming</literal> command in
|
|
&man.ppp.8; now works correctly (see security advisory
|
|
FreeBSD-SA-00:70). &merged;</para>
|
|
|
|
<para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files
|
|
that could allow overwriting of arbitrary user-writable files
|
|
has been closed (see security advisory
|
|
FreeBSD-SA-00:76). &merged;</para>
|
|
|
|
<para>The &man.ssh.1; binary is no longer SUID root by
|
|
default. &merged;</para>
|
|
|
|
<para>Some fixes were applied to the Kerberos IV implementation
|
|
related to environment variables, a possible buffer overrun, and
|
|
overwriting ticket files. &merged;</para>
|
|
|
|
<para>&man.telnet.1; now does a better job of sanitizing its
|
|
environment. &merged;</para>
|
|
|
|
<para>Several vulnerabilities in &man.procfs.5; were fixed (see
|
|
security advisory FreeBSD-SA-00:77). &merged;</para>
|
|
|
|
<para>A bug in <application>OpenSSH</application> in which a
|
|
server was unable to disable &man.ssh-agent.1; or
|
|
<literal>X11Forwarding</literal> was fixed (see security
|
|
advisory FreeBSD-SA-01:01). &merged;</para>
|
|
|
|
<para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP
|
|
segments could incorrectly be treated as being part of an
|
|
<literal>established</literal> connection has been fixed (see
|
|
security advisory FreeBSD-SA-01:08). &merged;</para>
|
|
|
|
<para>A bug in &man.crontab.1; that could allow users to read any
|
|
file on the system in valid &man.crontab.5; syntax has been
|
|
fixed (see security advisory FreeBSD-SA-01:09). &merged;</para>
|
|
|
|
<para>A vulnerability in &man.inetd.8; that could allow
|
|
read-access to the initial 16 bytes of
|
|
<groupname>wheel</groupname>-accessible files has been fixed
|
|
(see security advisory FreeBSD-SA-01:11). &merged;</para>
|
|
|
|
<para>A bug in &man.periodic.8; that used insecure temporary files
|
|
has been corrected (see security advisory
|
|
FreeBSD-SA-01:12). &merged;</para>
|
|
|
|
<para>A bug in &man.sort.1; in which an attacker might be able to
|
|
cause it to abort processing has been fixed (see security
|
|
advisory FreeBSD-SA-01:13). &merged;</para>
|
|
|
|
<para><application>OpenSSH</application> now has code to prevent
|
|
(instead of just mitigating through connection limits) an attack
|
|
that can lead to guessing the server key (not host key) by
|
|
regenerating the server key when an RSA failure is detected (see
|
|
security advisory FreeBSD-SA-01:24). &merged;</para>
|
|
|
|
<para>A number of programs have had output formatting strings
|
|
corrected so as to reduce the risk of
|
|
vulnerabilities. &merged;</para>
|
|
|
|
<para>A number of programs that use temporary files now do so more
|
|
securely. &merged;</para>
|
|
|
|
<para>A bug in ICMP that could cause an attacker to disrupt TCP and UDP
|
|
<quote>sessions</quote> has been corrected. &merged;</para>
|
|
|
|
<para>A bug in &man.timed.8;, which caused it to crash if send
|
|
certain malformed packets, has been corrected (see security
|
|
advisory FreeBSD-SA-01:28). &merged;</para>
|
|
|
|
<para>A bug in &man.rwhod.8;, which caused it to crash if send
|
|
certain malformed packets, has been corrected (see security
|
|
advisory FreeBSD-SA-01:29). &merged;</para>
|
|
|
|
<para>A security hole in &os;'s FFS and EXT2FS implementations,
|
|
which allowed a race condition that could cause users to have
|
|
unauthorized access to data, has been fixed (see security
|
|
advisory FreeBSD-SA-01:30). &merged;</para>
|
|
|
|
<para>A remotely-exploitable vulnerability in &man.ntpd.8; has
|
|
been closed (see security advisory
|
|
FreeBSD-SA-01:31). &merged;</para>
|
|
|
|
<para>A security hole in <application>IPFilter</application>'s
|
|
fragment cache has been closed (see security advisory
|
|
FreeBSD-SA-01:32). &merged;</para>
|
|
|
|
<para>Buffer overflows in &man.glob.3;, which could cause
|
|
arbitrary code to be run on an FTP server, have been closed. In
|
|
addition, to prevent some forms of DOS attacks, &man.glob.3;
|
|
allows specification of a limit on the number of pathname
|
|
matches it will return. &man.ftpd.8; now uses this feature (see
|
|
security advisory FreeBSD-SA-01:33). &merged;</para>
|
|
|
|
<para>Initial sequence numbers in TCP are more thoroughly
|
|
randomized (see security advisory FreeBSD-SA-01:39). Due to
|
|
some possible compatibility issues, the behavior of this
|
|
security fix can be enabled or disabled via the
|
|
<varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl
|
|
variable.&merged;</para>
|
|
|
|
<para>A vulnerability in the &man.fts.3; routines (used by
|
|
applications for recursively traversing a filesystem) could
|
|
allow a program to operate on files outside the intended
|
|
directory hierarchy. This bug has been fixed (see security
|
|
advisory FreeBSD-SA-01:40). &merged;</para>
|
|
|
|
<para><application>OpenSSH</application> now switches to the
|
|
user's UID before attempting to unlink the authentication
|
|
forwarding file, nullifying the effects of a race.</para>
|
|
|
|
<para>A flaw allowed some signal handlers to remain in effect in a
|
|
child process after being exec-ed from its parent. This allowed
|
|
an attacker to execute arbitrary code in the context of a setuid
|
|
binary. This flaw has been corrected (see security advisory
|
|
FreeBSD-SA-01:42). &merged;</para>
|
|
|
|
<para>A remote buffer overflow in &man.tcpdump.1; has been fixed
|
|
(see security advisory FreeBSD-SA-01:48). &merged;</para>
|
|
|
|
<para>A remote buffer overflow in &man.telnetd.8; has been fixed
|
|
(see security advisory FreeBSD-SA-01:49). &merged;</para>
|
|
|
|
<para>The new <varname>net.inet.ip.maxfragpackets</varname> and
|
|
<varname>net.inet.ip6.maxfragpackets</varname> sysctl variables
|
|
limit the amount of memory that can be consumed by IPv4 and IPv6
|
|
packet fragments, which defends against some denial of service
|
|
attacks (see security advisory
|
|
FreeBSD-SA-01:52). &merged;</para>
|
|
|
|
<para>All services in <filename>inetd.conf</filename> are now
|
|
disabled by default for new installations. &man.sysinstall.8;
|
|
gives the option of enabling or disabling &man.inetd.8; on new
|
|
installations, as well as editing
|
|
<filename>inetd.conf</filename>. &merged;</para>
|
|
|
|
<para>A flaw in the implementation of the &man.ipfw.8;
|
|
<literal>me</literal> rules on point-to-point links has been
|
|
corrected. Formerly, <literal>me</literal> filter rules would
|
|
match the remote IP address of a point-to-point interface in
|
|
addition to the intended local IP address (see security advisory
|
|
FreeBSD-SA-01:53). &merged;</para>
|
|
|
|
<para>A vulnerability in &man.procfs.5;, which could allow a
|
|
process to read sensitive information from another process's
|
|
memory space, has been closed (see security advisory
|
|
FreeBSD-SA-01:55). &merged;</para>
|
|
|
|
<para>The <literal>PARANOID</literal> hostname checking in
|
|
<application>tcp_wrappers</application> now works as advertised
|
|
(see security advisory FreeBSD-SA-01:56). &merged;</para>
|
|
|
|
<para>A local root exploit in &man.sendmail.8; has been closed
|
|
(see security advisory FreeBSD-SA-01:57). &merged;</para>
|
|
|
|
<para>A remote root vulnerability in &man.lpd.8; has been closed
|
|
(see security advisory FreeBSD-SA-01:58). &merged;</para>
|
|
|
|
<para>A race condition in &man.rmuser.8; that briefly exposed a
|
|
world-readable <filename>/etc/master.passwd</filename> has been
|
|
fixed (see security advisory FreeBSD-SA-01:59). &merged;</para>
|
|
|
|
<para>A vulnerability in <application>UUCP</application> has been
|
|
closed (see security advisory FreeBSD-SA-01:62). All
|
|
non-<username>root</username>-owned binaries in standard system
|
|
paths now have the <literal>schg</literal> flag set to prevent
|
|
exploit vectors when run by &man.cron.8;, by
|
|
<username>root</username>, or by a user other then the one owning
|
|
the binary. In addition, &man.uustat.1; is now run via
|
|
<filename>/etc/periodic/daily/410.status-uucp</filename> as
|
|
<username>uucp</username>, not <username>root</username>. In
|
|
&os; -CURRENT, <application>UUCP</application> has since been
|
|
moved to the Ports Collection and no longer a part of the base
|
|
system. &merged;</para>
|
|
|
|
<para>A security hole in the form of a buffer overflow in the
|
|
&man.semop.2; system call has been closed. &merged;</para>
|
|
|
|
<para>A security hole in <application>OpenSSH</application>, which
|
|
could allow users to execute code with arbitrary privileges if
|
|
<literal>UseLogin yes</literal> was set, has been closed. Note
|
|
that the default value of this setting is
|
|
<literal>UseLogin no</literal>. (See security advisory
|
|
FreeBSD-SA-01:63.) &merged;</para>
|
|
|
|
<para>The use of an insecure temporary directory by
|
|
&man.pkg.add.1; could permit a local attacker to modify the
|
|
contents of binary packages while they were being installed.
|
|
This hole has been closed. (See security advisory
|
|
FreeBSD-SA-02:01.) &merged;</para>
|
|
|
|
<para>A race condition in &man.pw.8;, which could expose the
|
|
contents of <filename>/etc/master.passwd</filename>, has been
|
|
eliminated. (See security advisory FreeBSD-SA-02:02.)
|
|
&merged;</para>
|
|
|
|
<para>A bug in &man.k5su.8; could have allowed a process that had
|
|
given up superuser privileges to regain them. This bug has been
|
|
fixed. (See security advisory FreeBSD-SA-02:07.)
|
|
&merged;</para>
|
|
|
|
<para>An <quote>off-by-one</quote> bug has been fixed in
|
|
<application>OpenSSH</application>'s multiplexing code. This bug
|
|
could have allowed an authenticated remote user to cause
|
|
&man.sshd.8; to execute arbitrary code with superuser
|
|
privileges, or allowed a malicious SSH server to execute arbitrary
|
|
code on the client system with the privileges of the client user. (See security
|
|
advisory <ulink
|
|
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.)
|
|
&merged;</para>
|
|
|
|
<para>A programming error in <application>zlib</application> could
|
|
result in attempts to free memory multiple times. The
|
|
&man.malloc.3;/&man.free.3; routines used in &os; are not
|
|
vulnerable to this error, but applications receiving
|
|
specially-crafted blocks of invalid compressed data could
|
|
be made to function incorrectly or abort. This
|
|
<application>zlib</application> bug has been fixed. For a
|
|
workaround and solutions, see security advisory <ulink
|
|
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.asc">FreeBSD-SA-02:18</ulink>.
|
|
&merged;</para>
|
|
|
|
</sect2>
|
|
<sect2 id="userland">
|
|
<title>Userland Changes</title>
|
|
|
|
<para>If the first argument to &man.ancontrol.8; or
|
|
&man.wicontrol.8; doesn't start with a <literal>-</literal>, it
|
|
is assumed to be an interface.</para>
|
|
|
|
<para>&man.apmd.8; now has the ability to monitor battery levels
|
|
and execute commands based on percentage or minutes of battery
|
|
life remaining via the <literal>apm_battery</literal>
|
|
configuration directive. See the commented-out examples in
|
|
<filename>/etc/apmd.conf</filename> for the
|
|
syntax. &merged;</para>
|
|
|
|
<para>&man.arp.8; now prints the applicable interface name for
|
|
each ARP entry. &merged</para>
|
|
|
|
<para>&man.arp.8; now prints <literal>[fddi]</literal> or
|
|
<literal>[atm]</literal> tags for addresses on interfaces of
|
|
those types.</para>
|
|
|
|
<para>&man.atacontrol.8; has been added to control various aspects
|
|
of the &man.ata.4; driver. &merged;</para>
|
|
|
|
<para arch="sparc64">The system &man.awk.1; refers to
|
|
<application>BWK awk</application> on the &arch; platform. It
|
|
remains <application>GNU awk</application> on other
|
|
platforms.</para>
|
|
|
|
<para arch="i386">&man.boot98cfg.8;, a PC-98 boot manager
|
|
installation and configuration utility, has been
|
|
added. &merged;</para>
|
|
|
|
<para>&man.burncd.8; now supports a <option>-m</option> option for
|
|
multisession mode (the default behavior now is to close disks as
|
|
single-session). A <option>-l</option> option to take a list of
|
|
image files from a filename was also added;
|
|
<filename>-</filename> can be used as a filename for
|
|
<literal>stdin</literal>. &merged;</para>
|
|
|
|
<para>&man.burncd.8; now supports Disk At Once (DAO) mode,
|
|
selectable via the <option>-d</option> flag.</para>
|
|
|
|
<para>&man.burncd.8; now has the ability to write VCDs/SVCDs.</para>
|
|
|
|
<para>&man.c89.1; has been converted from a shell script to a
|
|
binary executable, fixing some minor bugs. &merged;</para>
|
|
|
|
<para arch="i386">A minimalized version of &man.camcontrol.8; is
|
|
now available on the installation floppy. This allows it to
|
|
rescan for devices that have been connected after booting, or to
|
|
show the devices attached to SCSI busses (e. g. from within the
|
|
<quote>emergency holographic shell</quote>). &merged;</para>
|
|
|
|
<para>&man.cat.1; now has the ability to read from UNIX-domain
|
|
sockets. &merged;</para>
|
|
|
|
<para>&man.cdcontrol.1; now supports a <literal>cdid</literal>
|
|
command, which calculates and displays the CD serial number,
|
|
using the same algorithm used by the CDDB
|
|
database. &merged;</para>
|
|
|
|
<para>&man.cdcontrol.1; now uses the <envar>CDROM</envar>
|
|
environment variable to pick a default device. &merged;</para>
|
|
|
|
<para>&man.cdcontrol.1; now supports <literal>next</literal> and
|
|
<literal>prev</literal> commands to skip forwards or backwards a
|
|
specified number of tracks while playing an audio
|
|
CD. &merged;</para>
|
|
|
|
<para>&man.chflags.1; has moved from <filename>/usr/bin</filename>
|
|
to <filename>/bin</filename>.</para>
|
|
|
|
<para>&man.chio.1; now has the ability to specify elements by
|
|
volume tag instead of by their physical location as well as the
|
|
ability to return an element to its previous
|
|
location. &merged;</para>
|
|
|
|
<para>&man.chmod.1; now supports a <option>-h</option> for
|
|
changing the mode of a symbolic link.</para>
|
|
|
|
<para>&man.chown.8; now correctly follows symbolic links named as
|
|
command line arguments if run without
|
|
<option>-R</option>. &merged;</para>
|
|
|
|
<para>&man.chown.8; no longer takes <literal>.</literal> as a
|
|
user/group delimeter. This change was made to support usernames
|
|
containing a <literal>.</literal>.</para>
|
|
|
|
<para>Use of the <literal>CSMG_*</literal> macros no longer
|
|
require inclusion of
|
|
<filename><sys/param.h></filename></para>
|
|
|
|
<para>&man.col.1; now takes a <option>-p</option> flag to force
|
|
unknown control sequences to be passed through
|
|
unchanged. &merged;</para>
|
|
|
|
<para>The <filename>compat3x</filename> distribution has been
|
|
updated to include libraries present in &os;
|
|
3.5.1-RELEASE. &merged;</para>
|
|
|
|
<para>A <filename>compat4x</filename> distribution has been added
|
|
for compatibility with &os; 4-STABLE.</para>
|
|
|
|
<para>&man.config.8; is now better about converting various
|
|
warnings that should have been errors into actual fatal errors
|
|
with an exit code. This ensures that <literal>make
|
|
buildkernel</literal> doesn't quietly ignore them and build a
|
|
bogus kernel without a human to read the errors. &merged;</para>
|
|
|
|
<para>A number of buffer overflows in &man.config.8; have been
|
|
fixed. &merged;</para>
|
|
|
|
<para>&man.ctags.1; no longer creates a corrupt tags file if the
|
|
source file used <literal>//</literal> (C++-style)
|
|
comments. &merged;</para>
|
|
|
|
<para>The &man.daemon.8; program, a command-line interface to
|
|
&man.daemon.3;, has been added. It detaches itself from its
|
|
controlling terminal and executes a program specified on the
|
|
command line. This allows the user to run an arbitrary program
|
|
as if it were written to be a daemon.</para>
|
|
|
|
<para>devinfo, a simple tool to print the device tree and resource
|
|
usage by devices, has been added.</para>
|
|
|
|
<para>&man.df.1; now takes a <option>-l</option> option to only
|
|
display information about locally-mounted
|
|
filesystems. &merged;</para>
|
|
|
|
<para>&man.disklabel.8; now supports partition sizes expressed in
|
|
kilobytes, megabytes, or gigabytes, in addition to
|
|
sectors. &merged;</para>
|
|
|
|
<para>&man.dmesg.8; now has a <option>-a</option> option to show
|
|
the entire message buffer, including &man.syslogd.8; records and
|
|
<filename>/dev/console</filename> output. &merged;</para>
|
|
|
|
<para>&man.du.1; now takes a <option>-I</option> command-line flag
|
|
to ignore/skip files and subdirectories matching a specified
|
|
shell-glob mask. &merged;</para>
|
|
|
|
<para>&man.dump.8; now supports inheritance of the
|
|
<literal>nodump</literal> flag down a hierarchy. &merged;</para>
|
|
|
|
<para>The <option>-T</option> option to &man.dump.8; no longer
|
|
swallows an extra argument. &merged;</para>
|
|
|
|
<para>&man.dump.8; has a new <option>-D</option> option, allowing
|
|
the path to the <filename>/etc/dumpdates</filename> file to be
|
|
changed. &merged;</para>
|
|
|
|
<para>&man.dump.8; now supplies progress information in its
|
|
process title, useful for monitoring automated
|
|
backups. &merged;</para>
|
|
|
|
<para>&man.dump.8; now supports a new <option>-S</option> to allow
|
|
it to just print out the dump size estimates and exit.</para>
|
|
|
|
<para>&man.edquota.8; now takes a <option>-f</option> option to
|
|
allow limiting the prototype quota distribution (specified with
|
|
<option>-p</option>) to a single filesystem. &merged;</para>
|
|
|
|
<para><filename>/etc/rc.firewall</filename> and
|
|
<filename>/etc/rc.firewall6</filename> will no longer add their own
|
|
hardcoded rules in the cases of a rules file in the
|
|
<varname>firewall_type</varname> variable or a non-existent
|
|
firewall type. (The motivation for this change is to avoid
|
|
acting on assumptions about a site's firewall policies.) In
|
|
addition, the <literal>closed</literal> firewall type now works
|
|
as documented in the &man.rc.firewall.8; manual page. &merged;</para>
|
|
|
|
<para>The functionality of <filename>/etc/security</filename> has
|
|
been been moved into a set of scripts under the &man.periodic.8;
|
|
framework, to make local customization easier and more
|
|
maintainable. These scripts now reside in
|
|
<filename>/etc/periodic/security/</filename>. &merged;</para>
|
|
|
|
<para>&man.fbtab.5; now accepts glob matching patterns for target
|
|
devices, not just individual devices and directories.</para>
|
|
|
|
<para arch="i386">&man.fdisk.8; no longer attempts to search for a
|
|
device if none has been specified on the command line, but
|
|
instead tries to figure out the default device name from the
|
|
root device.</para>
|
|
|
|
<para>&man.fdread.1;, a program to read data from floppy disks,
|
|
has been added. It is a counterpart to &man.fdwrite.1; and is
|
|
designed to provide a means of recovering at least some data
|
|
from bad media, and to obviate for a complex invocation of
|
|
&man.dd.1;.</para>
|
|
|
|
<para>&man.find.1; now takes the <option>-empty</option> flag,
|
|
which returns true if a file or directory is
|
|
empty. &merged;</para>
|
|
|
|
<para>&man.find.1; now takes the <option>-iname</option> and
|
|
<option>-ipath</option> primaries for case-insensitive matches,
|
|
and the <option>-regexp</option> and <option>-iregexp</option>
|
|
primaries for regular-expression matches. The
|
|
<option>-E</option> flag now enables extended regular
|
|
expressions. &merged;</para>
|
|
|
|
<para>&man.find.1; now has the <option>-anewer</option>,
|
|
<option>-cnewer</option>, <option>-mnewer</option>,
|
|
<option>-okdir</option>, and <option>-newer[acm][acmt]</option>
|
|
primaries for comparisons of file timestamps. The latter
|
|
primaries can be specified with various units of
|
|
time. &merged;</para>
|
|
|
|
<para>&man.finger.1; now has the ability to support fingering
|
|
aliases, via the &man.finger.conf.5; file. &merged;</para>
|
|
|
|
<para>&man.finger.1; now has support for a
|
|
<filename>.pubkey</filename> file.</para>
|
|
|
|
<para>&man.fmt.1; has been rewritten; the rewrite fixes a number
|
|
of bugs compared to its prior behavior. &merged;</para>
|
|
|
|
<para>&man.fmtcheck.3;, a function for checking consistency of
|
|
format string arguments, has been added. &merged;</para>
|
|
|
|
<para>&man.fsck.8; wrappers have been imported; this feature
|
|
provides infrastructure for &man.fsck.8; to work on different
|
|
types of filesystems (analogous to &man.mount.8;).</para>
|
|
|
|
<para>The behavior of &man.fsck.8; when dealing with various
|
|
passes (a la <filename>/etc/fstab</filename>) has been modified
|
|
to accommodate multiple-disk filesystems.</para>
|
|
|
|
<para>&man.fsck.8; now has support for foreground
|
|
(<option>-F</option>) and background (<option>-B</option>)
|
|
checks. Traditionally, &man.fsck.8; is invoked before the
|
|
filesystems are mounted and all checks are done to completion at
|
|
that time. If background checking is available, &man.fsck.8; is
|
|
invoked twice. It is first invoked at the traditional time,
|
|
before the filesystems are mounted, with the <option>-F</option>
|
|
flag to do checking on all the filesystems that cannot do
|
|
background checking. It is then invoked a second time, after
|
|
the system has completed going multiuser, with the
|
|
<option>-B</option> flag to do checking on all the filesystems
|
|
that can do background checking. Unlike the foreground
|
|
checking, the background checking is started asynchronously so
|
|
that other system activity can proceed even on the filesystems
|
|
that are being checked. Boot-time enabling of this feature is
|
|
controlled by the
|
|
<varname>background_fsck</varname> option in &man.rc.conf.5;.</para>
|
|
|
|
<para>Shortly after the receipt of a <literal>SIGINFO</literal>
|
|
signal (normally control-T from the controlling tty),
|
|
&man.fsck.ffs.8; will now output a line indicating the current
|
|
phase number and progress information relevant to the current
|
|
phase. &merged;</para>
|
|
|
|
<para>&man.fsck.ffs.8; now supports background filesystem checks
|
|
to mounted FFS filesystems with the <option>-B</option> option
|
|
(softupdates must be enabled on these filesystems). The
|
|
<option>-F</option> flag now determines whether a specified
|
|
filesystem needs foreground checking.</para>
|
|
|
|
<para>A new &man.fsck.msdosfs.8; utility has been added to check
|
|
the consistency of MS-DOS filesystems. &merged;</para>
|
|
|
|
<para>&man.ftpd.8; now supports a <option>-r</option> flag for
|
|
read-only mode and a <option>-E</option> flag to disable
|
|
<literal>EPSV</literal>. It also has some fixes to reduce
|
|
information leakage and the ability to specify compile-time port
|
|
ranges. &merged;</para>
|
|
|
|
<para>&man.ftpd.8; now supports <option>-o</option> and
|
|
<option>-O</option> options to disable the
|
|
<literal>RETR</literal> command; the former for everybody, and
|
|
the latter only for guest users. Coupled with
|
|
<option>-A</option> and appropriate file permissions, these can
|
|
be used to create a relatively safe anonymous FTP drop box for
|
|
others to upload to.</para>
|
|
|
|
<para arch="i386">&man.gdb.1; now supports hardware watchpoints (using the
|
|
kernel's debug register + support that has been introduced in
|
|
&os; 4.0). &merged;</para>
|
|
|
|
<para>The &man.getprogname.3; and &man.setprogname.3; library
|
|
functions have been added to manipulate the name of the current
|
|
program. They are used by error-reporting routines to produce
|
|
consistent output. &merged;</para>
|
|
|
|
<para>&man.gprof.1; now has a <option>-K</option> option to enable
|
|
dynamic symbol resolution from the currently-running kernel.
|
|
With this change, properly-compiled KLD modules are now able to
|
|
be profiled.</para>
|
|
|
|
<para>&man.growfs.8;, a utility for growing FFS filesystems, has
|
|
been added. &man.ffsinfo.8;, a utility for dump all the
|
|
meta-information of an existing filesystem, has also been
|
|
added. &merged;</para>
|
|
|
|
<para>The &man.groups.1; and &man.whoami.1; shell scripts are now
|
|
unnecessary; their functionality has been completely folded into
|
|
&man.id.1;. &merged;</para>
|
|
|
|
<para>The &man.ibcs2.8;, &man.linux.8;, &man.osf1.8;, and
|
|
&man.svr4.8; scripts, whose sole purpose was to load emulation
|
|
kernel modules, have been removed. The kernel module system
|
|
will automatically load them as needed to fulfill
|
|
dependencies.</para>
|
|
|
|
<para>&man.indent.1; has gained some new formatting
|
|
options. &merged;</para>
|
|
|
|
<para>&man.ifconfig.8; command can set the link-layer address of
|
|
an interface using the <option>lladdr</option> parameter.
|
|
&merged;</para>
|
|
|
|
<para>&man.ifconfig.8; can now accept addresses in slash/CIDR
|
|
notation. &merged;</para>
|
|
|
|
<para>&man.ifconfig.8; now has support for setting parameters for
|
|
IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4;
|
|
devices are supported, and partial support is provided for
|
|
&man.awi.4; devices. &merged;</para>
|
|
|
|
<para>&man.ifconfig.8; no longer displays the list of supported
|
|
media by default. Instead it displays it when the
|
|
<option>-m</option> flag is given. &merged;</para>
|
|
|
|
<para>The syntax of &man.inetd.8;'s support for &man.faithd.8; is
|
|
now compatible with that of other BSDs. &merged;</para>
|
|
|
|
<para>The <literal>ident</literal> protocol support in
|
|
&man.inetd.8; has been cleaned up and updated. &merged;</para>
|
|
|
|
<para>&man.inetd.8; now has the ability to manage UNIX-domain
|
|
sockets. &merged;</para>
|
|
|
|
<para>&man.install.1; has a number of new features, including the
|
|
<option>-b</option> and <option>-B</option> options for backing up
|
|
existing target files and the <option>-S</option> option for
|
|
<quote>safe</quote> (atomic copy) operation. The
|
|
<option>-c</option> (copy) flag is now the default, and the
|
|
<option>-D</option> (debugging) flag has been withdrawn.
|
|
&man.install.1; now issues a warning if <option>-d</option>
|
|
(create directories) and <option>-C</option> (copy changed files
|
|
only) are used together. &merged;</para>
|
|
|
|
<para>IP Filter is now supported by the &man.rc.conf.5; boot-time
|
|
configuration and initialization. &merged;</para>
|
|
|
|
<para>&man.ipfstat.8; now supports the <option>-t</option> option
|
|
to turn on a &man.top.1;-like display. &merged;</para>
|
|
|
|
<para>&man.ipfw.8; will now avoid the display of dynamic firewall
|
|
rules unless the <option>-d</option> flag is passed to it. The
|
|
<option>-e</option> option lists expired dynamic
|
|
rules. &merged;</para>
|
|
|
|
<para>&man.ipfw.8; has a new feature (<literal>me</literal>) that
|
|
allows for packet matching on interfaces with
|
|
dynamically-changing IP addresses. &merged;</para>
|
|
|
|
<para>&man.ipfw.8; has a new <literal>limit</literal> type of
|
|
firewall rule, which limits the number of sessions between
|
|
address pairs. &merged;</para>
|
|
|
|
<para>&man.ipfw.8; filter rules can now match on the value of the
|
|
IPv4 precedence field.</para>
|
|
|
|
<para>&man.ip6fw.8; now has the ability to use a preprocessor and
|
|
use the <option>-q</option> (quiet) flag when reading from a
|
|
file. &merged;</para>
|
|
|
|
<para>&man.kenv.1;, a command to dump the kernel environment, has
|
|
been added. &merged;</para>
|
|
|
|
<para>&man.keyinfo.1; is now a C program, rather than a Perl
|
|
script. &merged;</para>
|
|
|
|
<para>&man.killall.1; is now a C program, rather than a Perl
|
|
script. As a result, its <option>-m</option> option now uses
|
|
the regular expression syntax of &man.regex.3;, rather than that
|
|
of &man.perl.1;. &merged;</para>
|
|
|
|
<para>&man.killall.1; now allows non-root users to kill SUID root
|
|
processes that they started, the same as the Perl version
|
|
did. &merged;</para>
|
|
|
|
<para>The &man.kldconfig.8; utility has been added to make it
|
|
easier to manipulate the kernel module search
|
|
path. &merged;</para>
|
|
|
|
<para>&man.last.1; now implements a <option>-d</option> that
|
|
provides a <quote>snapshot</quote> of who was logged in at a
|
|
particular date and time. &merged;</para>
|
|
|
|
<para>&man.last.1; now supports a <option>-y</option> flag, which
|
|
causes the year to be included in the session start time.</para>
|
|
|
|
<para>The &man.lastlogin.8; utility, which prints the last login
|
|
time of each user, has been imported from
|
|
NetBSD. &merged;</para>
|
|
|
|
<para>&man.ldconfig.8; now checks directory ownerships and
|
|
permissions for greater security; these checks can be disabled
|
|
with the <option>-i</option> flag. &merged;</para>
|
|
|
|
<para>&man.ldd.1; can now be used on shared libraries, in addition
|
|
to executables. &merged;</para>
|
|
|
|
<para>&man.ldd.1; now supports a <option>-a</option> flag to list
|
|
all the objects that are needed by each loaded object.</para>
|
|
|
|
<para><filename>libc</filename> is now thread-safe by default;
|
|
<filename>libc_r</filename> contains only thread
|
|
functions.</para>
|
|
|
|
<para><filename>libcrypt</filename> and
|
|
<filename>libdescrypt</filename> have been unified to provide a
|
|
configurable password authentication hash library. Both the md5
|
|
and des hash methods are provided unless the des hash is
|
|
specifically compiled out. &merged;</para>
|
|
|
|
<para><filename>libcrypt</filename> now has support for Blowfish
|
|
password hashing. &merged;</para>
|
|
|
|
<para arch="i386"><filename>libdisk</filename> can now do
|
|
install-time configuration of the <filename>boot0</filename>
|
|
boot loader. &merged;</para>
|
|
|
|
<para><filename>libstand</filename> now has support for
|
|
filesystems containing
|
|
<application>bzip2</application>-compressed
|
|
files. &merged;</para>
|
|
|
|
<para><filename>libstand</filename> now has support for
|
|
overwriting the contents of a file on a UFS filesystem (it
|
|
cannot expand or truncate files because the filesystem may be
|
|
dirty or inconsistent).</para>
|
|
|
|
<para><filename>libstand</filename> now has support for loading
|
|
large kernels and modules split across several physical
|
|
media.</para>
|
|
|
|
<para>The default TCP port range used by
|
|
<filename>libfetch</filename> for passive FTP retrievals has
|
|
changed; this affects the behavior of &man.fetch.1;, which has
|
|
gained the <option>-U</option> option to restore the old
|
|
behavior. &merged;</para>
|
|
|
|
<para><filename>libfetch</filename> now has support for an
|
|
authentication callback. &merged;</para>
|
|
|
|
<para><filename>libfetch</filename> now has support for a
|
|
<envar>HTTP_USER_AGENT</envar> environment
|
|
variable. &merged;</para>
|
|
|
|
<para><filename>libgmp</filename> has been superceded by
|
|
<filename>libmp</filename>.
|
|
|
|
<para>The functions from <filename>libposix1e</filename> have been
|
|
integrated into <filename>libc</filename>.</para>
|
|
|
|
<para>&man.ln.1; now takes an <option>-i</option> option to
|
|
request user confirmation before overwriting an existing
|
|
file. &merged;</para>
|
|
|
|
<para>&man.ln.1; now takes a <option>-h</option> flag to avoid
|
|
following a target that is a link, with a <option>-n</option>
|
|
flag for compatibility with other
|
|
implementations. &merged;</para>
|
|
|
|
<para>&man.logger.1; can now send messages directly to a remote
|
|
syslog. &merged;</para>
|
|
|
|
<para>&man.login.1; now exports environment variables set by
|
|
<application>PAM</application> modules. &merged;</para>
|
|
|
|
<para>&man.lpc.8; has been improved; <command>lpc clean</command>
|
|
is now somewhat safer, and a new <command>lpc tclean</command>
|
|
command has been added to check to see what files would be
|
|
removed by <command>lpc clean</command>. &merged;</para>
|
|
|
|
<para>&man.lpd.8; now takes two new options: <option>-c</option>
|
|
will log all connection errors to &man.syslogd.8;, while
|
|
<option>-W</option> will allow connections from non-reserved
|
|
ports. &merged;</para>
|
|
|
|
<para>&man.lpd.8; now has some support for
|
|
<literal>o</literal>-type print-file actions in its control
|
|
files, which allows printing of PostScript files generated by
|
|
<application>MacOS</application> 10.1. &merged;</para>
|
|
|
|
<para>&man.lpr.1;, &man.lpq.1;, and &man.lpd.8; have received a
|
|
few minor enhancements. &merged;</para>
|
|
|
|
<para>Catching up with most other network utilities in the base
|
|
system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and
|
|
&man.logger.1; are now all IPv6-capable. &merged;</para>
|
|
|
|
<para><command>lprm -</command> now works for remote printer
|
|
queues. &merged;</para>
|
|
|
|
<para>&man.ls.1; can produce colorized listings with the
|
|
<option>-G</option> flag (and appropriate terminal support).
|
|
The <envar>CLICOLOR</envar> environment variable can be set to
|
|
enable colorized listings by default. &merged;</para>
|
|
|
|
<para>&man.mail.1; now takes a <option>-E</option> flag to avoid
|
|
sending messages with empty bodies. &merged;</para>
|
|
|
|
<para>&man.make.1; has gained the <literal>:C///</literal>
|
|
(regular expression substitution), <literal>:L</literal>
|
|
(lowercase), and <literal>:U</literal> (uppercase) variable
|
|
modifiers. These were added to reduce the differences between
|
|
the &os; and OpenBSD/NetBSD &man.make.1; programs.
|
|
&merged;</para>
|
|
|
|
<para>Bugs in &man.make.1;, among which include broken null suffix
|
|
behavior, bad assumptions about current directory permissions,
|
|
and potential buffer overflows, have been fixed. &merged;</para>
|
|
|
|
<para>The new <varname>CPUTYPE</varname>
|
|
<filename>make.conf</filename> variable controls the compilation
|
|
of processor-specific optimizations in various pieces of code
|
|
such as <application>OpenSSL</application>. &merged;</para>
|
|
|
|
<para>The &os; <filename>Makefile</filename> infrastructure now
|
|
supports the <varname>WARNS</varname> directive from NetBSD.
|
|
This directive controls the addition of compiler warning flags
|
|
to <varname>CFLAGS</varname> in a relatively compiler-neutral
|
|
manner. &merged;</para>
|
|
|
|
<para>&man.man.1; is no longer installed SUID
|
|
<username>man</username>, in order to reduce vulnerabilities
|
|
associated with generating <quote>catpages</quote> (preformatted
|
|
manual pages cached for repeated viewing). As a result,
|
|
&man.man.1; can no longer create system catpages on a regular
|
|
user's behalf. It is still able to do so if the user has write
|
|
permissions to the directory holding catpages (e.g. a user's own
|
|
manpages) or if the running user is
|
|
<username>root</username>.</para>
|
|
|
|
<para>The &man.mdmfs.8; command has been added; it is a wrapper
|
|
around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and
|
|
&man.mount.8; that mimics the command line option set of the
|
|
deprecated &man.mount.mfs.8;.</para>
|
|
|
|
<para>&man.mergemaster.8; now sources an
|
|
<filename>/etc/mergemaster.rc</filename> file and also prompts
|
|
the user to run recommended commands (such as
|
|
<command>newaliases</command>) as needed. &merged;</para>
|
|
|
|
<para>&man.moused.8; now takes a <option>-a</option> option to
|
|
control mouse acceleration. &merged;</para>
|
|
|
|
<para>&man.mtree.8; now includes support for a file that lists
|
|
pathnames to be excluded when creating and verifying prototypes.
|
|
This makes it easier to use &man.mtree.8; as a part of an
|
|
intrusion-detection system. &merged;</para>
|
|
|
|
<para>&man.natd.8; now supports a
|
|
<option>-log_ipfw_denied</option> option to log packets that
|
|
cannot be re-injected because they are blocked by &man.ipfw.8;
|
|
rules. &merged;</para>
|
|
|
|
<para>The <quote>in use</quote> percentage metric displayed by
|
|
&man.netstat.1; now really reflects the percentage of network
|
|
mbufs used. &merged;</para>
|
|
|
|
<para>&man.netstat.1; now has a <option>-W</option> flag that
|
|
tells it not to truncate addresses, even if they're too long for
|
|
the column they're printed in. &merged;</para>
|
|
|
|
<para>&man.netstat.1; now keeps track of input and output packets
|
|
on a per-address basis for each interface. &merged;</para>
|
|
|
|
<para>&man.netstat.1; now has a <option>-z</option> flag to reset
|
|
statistics. &merged;</para>
|
|
|
|
<para>&man.netstat.1; now has a <option>-S</option> flag to print
|
|
address numerically but port names symbolically. &merged;</para>
|
|
|
|
<para>&man.newfs.8; now implements write combining, which can make
|
|
creation of new filesystems up to seven times
|
|
faster. &merged;</para>
|
|
|
|
<para>&man.newfs.8; now takes a <option>-U</option> option to
|
|
enable softupdates on a new filesystem. &merged;</para>
|
|
|
|
<para>The default number of cylinders per group in &man.newfs.8;
|
|
is now computed to be the maximum allowable given the current
|
|
filesystem parameters. It can be overridden with the
|
|
<option>-c</option> option. Formerly, the default was fixed at
|
|
16. This change leads to better &man.fsck.8; performance and
|
|
reduced fragmentation. &merged;</para>
|
|
|
|
<para><anchor id="newfs-block-frag-sizes">The default block and
|
|
fragment sizes for new filesystems created by &man.newfs.8; are
|
|
now 16384 and 2048 bytes, respectively (the old defaults were
|
|
8192 and 1024 bytes). This change generally provides increased
|
|
performance, at the expense of some wasted disk
|
|
space. &merged;</para>
|
|
|
|
<para>&man.newsyslog.8; now has the ability to compress log files
|
|
using &man.bzip2.1;. &merged;</para>
|
|
|
|
<para><application>NFS</application> now works over IPv6.</para>
|
|
|
|
<para>&man.ngctl.8; now supports a <option>write</option> command
|
|
to send a data packet down a given hook. &merged;</para>
|
|
|
|
<para>&man.nl.1;, a line numbering filter program, has been
|
|
added. &merged;</para>
|
|
|
|
<para><application>nsswitch</application> support has been merged
|
|
from NetBSD. By creating an &man.nsswitch.conf.5; file, &os;
|
|
can be configured so that various databases such as
|
|
&man.passwd.5; and &man.group.5; can be looked up using flat
|
|
files, NIS, or Hesiod. The old
|
|
<filename>hosts.conf</filename> file is no longer used.</para>
|
|
|
|
<para><application>PAM</application> support has been added for
|
|
account management and sessions.</para>
|
|
|
|
<para><application>PAM</application> configuration is now
|
|
specified by files in <filename>/etc/pam.d/</filename>, rather
|
|
than a single <filename>/etc/pam.conf</filename> file.
|
|
<filename>/etc/pam.d/README</filename> has more details.</para>
|
|
|
|
<para>A number of new <application>PAM</application>
|
|
modules have been added.</para>
|
|
|
|
<!-- XXX List new PAM modules -->
|
|
|
|
<para>&man.passwd.1; and &man.pw.8; now select the password hash
|
|
algorithm at run time. See the <literal>passwd_format</literal>
|
|
attribute in
|
|
<filename>/etc/login.conf</filename>. &merged;</para>
|
|
|
|
<para>&man.pax.1; has received a number of enhancements, including
|
|
&man.cpio.1; functionality, &man.tar.1; compatibility
|
|
enhancements, <option>-z</option> and <option>-Z</option> flags
|
|
for &man.gzip.1; and &man.compress.1; functionality, and a
|
|
number of bug fixes.</para>
|
|
|
|
<para>&man.pciconf.8; now supports a <option>-v</option> option to
|
|
display the vendor/device information of configured devices, in
|
|
conjunction with the <option>-l</option> option. The default
|
|
vendor/device database can be found at
|
|
<filename>/usr/share/misc/pci_vendors</filename>. &merged;</para>
|
|
|
|
<para>The behavior of &man.periodic.8; is now controlled by
|
|
<filename>/etc/defaults/periodic.conf</filename> and
|
|
<filename>/etc/periodic.conf</filename>. &merged;</para>
|
|
|
|
<para>&man.ping.8; now supports a <option>-m</option> option to
|
|
set the TTL of outgoing packets. &merged;</para>
|
|
|
|
<para>&man.ping.8; now supports a <option>-A</option> option to
|
|
beep when packets are lost. &merged;</para>
|
|
|
|
<para>Userland &man.ppp.8; has received a number of updates and
|
|
bug fixes. &merged;</para>
|
|
|
|
<para>&man.ppp.8; has gained the <literal>tcpmssfixup</literal>
|
|
option, which adjusts outgoing and incoming TCP SYN packets so
|
|
that the maximum receive segment size is no larger than allowed
|
|
by the interface MTU. &merged;</para>
|
|
|
|
<para>&man.ppp.8; now supports IPv6.</para>
|
|
|
|
<para>&man.pppd.8; (the control program for kernel-level PPP) is
|
|
now installed mode <literal>4550</literal> and
|
|
<username>root</username><literal>:</literal><groupname>dialer</groupname>,
|
|
rather than mode <literal>4555</literal> (in other words, it is
|
|
no longer world-executable). Users of &man.pppd.8; may need to
|
|
change their group settings. &merged;</para>
|
|
|
|
<para>The <option>-W</option> option to &man.ps.1; (to extract
|
|
information from a specified swap device) has been useless for
|
|
some time; it has been removed. &merged;</para>
|
|
|
|
<para>&man.pwd.1; can now double as &man.realpath.1;, a program to
|
|
resolve pathnames to their underlying physical
|
|
paths. &merged;</para>
|
|
|
|
<para>The pseudo-random number generator implemented by
|
|
&man.rand.3; has been improved to provide less biased
|
|
results.</para>
|
|
|
|
<para>&man.rc.8; now has an framework for handling dependencies
|
|
between &man.rc.conf.5; variables. &merged;</para>
|
|
|
|
<para>&man.rc.8; now deletes all non-directory files in
|
|
<filename>/var/run</filename> and
|
|
<filename>/var/spool/lock</filename> at boot
|
|
time. &merged;</para>
|
|
|
|
<para>&man.rcmd.3; now supports the use of the
|
|
<envar>RSH</envar> environment variable to specify a program to
|
|
use other than &man.rsh.1; for remote execution. As a result,
|
|
programs such as &man.dump.8;, can use &man.ssh.1; for remote
|
|
transport.</para>
|
|
|
|
<para>&man.rdist.1; has been retired from the base system, but is
|
|
still available from &os; Ports Collection as
|
|
<filename role="package">net/44bsd-rdist</filename>.</para>
|
|
|
|
<para>The &man.resolver.3; in &os; now implements EDNS0 support,
|
|
which will be necessary when working with IPv6 transport-ready
|
|
resolvers/DNS servers. &merged;</para>
|
|
|
|
<para>The &man.rfork.thread.3; library call has been added as a
|
|
helper function to &man.rfork.2;. Using this function should
|
|
avoid the need to implement complex stack swap
|
|
code. &merged;</para>
|
|
|
|
<para>The <option>-v</option> option to &man.rm.1; now displays
|
|
the entire pathname of a file being removed.</para>
|
|
|
|
<para>&man.route.8; is now more verbose when changing indirect
|
|
routes, in the case of a gateway route that is the same route as
|
|
the one being modified. &merged;</para>
|
|
|
|
<para>&man.route.8; now uses
|
|
<literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal>
|
|
syntax instead of
|
|
<literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal>
|
|
syntax, for compatibility with &man.netstat.1;. &merged;</para>
|
|
|
|
<para>&man.route.8; can now create <quote>proxy only</quote>
|
|
published ARP entries. &merged;</para>
|
|
|
|
<para>The &man.route.8; <option>add</option> command now supports
|
|
the <option>-ifp</option> and <option>-ifa</option>
|
|
modifiers. &merged;</para>
|
|
|
|
<para>&man.rpcbind.8; has replaced &man.portmap.8;.</para>
|
|
|
|
<para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename>
|
|
(as on NetBSD), not
|
|
<filename>/usr/libexec/cpp</filename>.</para>
|
|
|
|
<para>&man.rpc.lockd.8; has been imported from NetBSD. This
|
|
daemon provides support for servicing client NFS locks.</para>
|
|
|
|
<para>The performance of the ELF dynamic linker &man.rtld.1; has
|
|
been improved. &merged;</para>
|
|
|
|
<para>RSA Security has waived all patent rights to the
|
|
<application>RSA</application> algorithm. As a result, the
|
|
native <application>OpenSSL</application> implementation of the
|
|
RSA algorithm is now activated by default, and the <filename
|
|
role="package">security/rsaref</filename> port and the
|
|
<filename>librsaUSA</filename> and
|
|
<filename>librsaINTL</filename> libraries are no longer required
|
|
for USA and non-USA residents respectively. &merged;</para>
|
|
|
|
<para>&man.rtld.1; will now print the names of all objects that
|
|
cause each object to be loaded, if the
|
|
<varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment
|
|
variable is defined.</para>
|
|
|
|
<para>&man.savecore.8; now supports a <option>-k</option> option
|
|
to prevent clearing a crash dump after saving it. It also
|
|
attempts to avoid writing large stretches of zeros to crash dump
|
|
files to save space and time. &merged;</para>
|
|
|
|
<para>&man.savecore.8; now works correctly on machines with 2 GB
|
|
or more of RAM. &merged;</para>
|
|
|
|
<para>&man.sed.1; now takes a <option>-E</option> option for
|
|
extended regular expression support. &merged;</para>
|
|
|
|
<para>&man.send-pr.1; now takes a <option>-a</option> option to
|
|
include a file into the <literal>Fix:</literal> section of a
|
|
problem report. &merged;</para>
|
|
|
|
<para>The &man.setfacl.1; and &man.getfacl.1; commands have been
|
|
added to manage file system Access Control Lists.</para>
|
|
|
|
<para>&man.setproctitle.3; has been moved from
|
|
<filename>libutil</filename> to
|
|
<filename>libc</filename>. &merged;</para>
|
|
|
|
<para>&man.sh.1; now implements <command>test</command> as a
|
|
built-in command for improved efficiency. &merged;</para>
|
|
|
|
<para>&man.sh.1; no longer implements <command>printf</command> as
|
|
a built-in command because it was considered less valuable
|
|
compared to the other built-in commands (this functionality is,
|
|
of course, still available through the &man.printf.1;
|
|
executable).</para>
|
|
|
|
<para>&man.sockstat.1; now has <option>-c</option> and
|
|
<option>-l</option> flags for listing connected and listening
|
|
sockets, respectively. &merged;</para>
|
|
|
|
<para>&man.split.1; now has the ability to split a file longer
|
|
than 2GB. &merged;</para>
|
|
|
|
<para>In preparation for meeting SUSv2/POSIX
|
|
<filename><sys/select.h></filename> requirements,
|
|
<literal>struct selinfo</literal> and related functions have been
|
|
moved to <filename><sys/selinfo.h></filename>.</para>
|
|
|
|
<para>The &man.strnstr.3; and &man.strcasestr.3; variants of
|
|
&man.strstr.3; have been implemented. &merged;</para>
|
|
|
|
<para>&man.stty.1; now has support for an
|
|
<literal>erase2</literal> control character, so that, for
|
|
example, both the <keycap>Delete</keycap> and
|
|
<keycap>Backspace</keycap> keys can be used to erase
|
|
characters. &merged;</para>
|
|
|
|
<para>&man.style.perl.7;, a style guide for Perl code in the &os;
|
|
base system, has been added. &merged;</para>
|
|
|
|
<para>&man.su.1; now uses <application>PAM</application> for
|
|
authentication.</para>
|
|
|
|
<para>Boot-time &man.syscons.4; configuration was moved to a
|
|
machine-independent
|
|
<filename>/etc/rc.syscons</filename>. &merged;</para>
|
|
|
|
<para>&man.sysctl.8; now supports a <option>-N</option> option to
|
|
print out variable names only. &merged;</para>
|
|
|
|
<para>&man.sysctl.8; has replaced the <option>-A</option> and
|
|
<option>-X</option> options with <option>-ao</option> and
|
|
<option>-ax</option> respectively; the former options are now
|
|
deprecated. The <option>-w</option> option is deprecated as
|
|
well; it is not needed to determine the user's
|
|
intentions. &merged;</para>
|
|
|
|
<para>&man.sysctl.8; now supports a <option>-e</option> option to
|
|
separate variable names and values by <literal>=</literal>
|
|
rather than <literal>:</literal>. This feature is useful for
|
|
producing output that can be fed back to
|
|
&man.sysctl.8;. &merged;</para>
|
|
|
|
<para>&man.sysinstall.8; now properly preserves
|
|
<filename>/etc/mail</filename> during a binary
|
|
upgrade. &merged;</para>
|
|
|
|
<para>&man.sysinstall.8; now uses some more intuitive defaults
|
|
thanks to some new dialog support functions. &merged;</para>
|
|
|
|
<para>The default root partition in &man.sysinstall.8; is now
|
|
100MB on the i386 and 120MB on the Alpha.</para>
|
|
|
|
<para>&man.sysinstall.8; now lives in
|
|
<filename>/usr/sbin</filename>, which simplifies the
|
|
installation process. The &man.sysinstall.8; manpage is also
|
|
installed in a more consistent fashion now.</para>
|
|
|
|
<para>&man.sysinstall.8; now has the ability to load KLDs as a
|
|
part of the installation. &merged;</para>
|
|
|
|
<para>When run from the installation media, &man.sysinstall.8;
|
|
will automatically load any device drivers found in the
|
|
<filename>/stand/modules</filename> directory of the
|
|
<literal>mfsroot</literal> floppy or filesystem image. Note
|
|
that any drivers so loaded will not appear in the kernel's boot
|
|
messages; the &man.sysinstall.8; debugging screen will provide
|
|
additional information. &merged;</para>
|
|
|
|
<para>&man.sysinstall.8; now enables Soft Updates by default on
|
|
all filesystems it creates, except for the root
|
|
filesystem. &merged;</para>
|
|
|
|
<para>&man.sysinstall.8; has received updates for its
|
|
<quote>auto</quote> partitioning mode which provide more
|
|
reasonable defaults for the sizes of partitions that are
|
|
created; auto-sized partitions can now also recover the space
|
|
that becomes available when other partitions are
|
|
deleted. &merged;</para>
|
|
|
|
<para>&man.syslogd.8; can take a <option>-n</option> option to
|
|
disable DNS queries for every request. &merged;</para>
|
|
|
|
<para>&man.syslogd.8; now supports a
|
|
<literal>LOG_CONSOLE</literal> facility (disabled by default),
|
|
which can be used to log <filename>/dev/console</filename>
|
|
output. &merged;</para>
|
|
|
|
<para>&man.syslogd.8; now has the ability to bind to a specific
|
|
address (as opposed to using every available one) via the
|
|
<option>-b</option> option. &merged;</para>
|
|
|
|
<para>&man.syslogd.8; now accepts a <option>-c</option> flag to
|
|
disable repeated line compression. &merged;</para>
|
|
|
|
<para>&man.tail.1; now has the ability to work on files longer
|
|
than 2GB. &merged;</para>
|
|
|
|
<para>&man.tar.1; now supports the <varname>TAR_RSH</varname>
|
|
variable, principally to enable the use of &man.ssh.1; as a
|
|
transport. &merged;</para>
|
|
|
|
<para>&man.telnet.1; now does autologin and encryption by default;
|
|
a new <option>-y</option> option turns off encryption.</para>
|
|
|
|
<para>&man.telnet.1; now supports a <option>-u</option> flag to
|
|
allow connections to UNIX-domain (<literal>AF_UNIX</literal>)
|
|
sockets. &merged;</para>
|
|
|
|
<para>&man.tftpd.8; now takes the <option>-c</option> and
|
|
<option>-C</option> options, which allow the server to
|
|
&man.chroot.2; based on the IP address of the connecting client.
|
|
&man.tftp.1; and &man.tftpd.8; can now transfer files larger
|
|
than 65535 blocks. &merged;</para>
|
|
|
|
<para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval
|
|
and Transfer Size Options); this feature is required by some
|
|
firmware like EFI boot managers (at least on HP i2000 Itanium
|
|
servers) in order to boot an image using
|
|
<application>TFTP</application>.</para>
|
|
|
|
<para arch="alpha">&man.timed.8; now works on the alpha.</para>
|
|
|
|
<para>A version of Transport Independent RPC
|
|
(<application>TI-RPC</application>) has been imported.</para>
|
|
|
|
<para>&man.tmpnam.3; will now use the <envar>TMPDIR</envar>
|
|
environment variable, if set, to specify the location of
|
|
temporary files. &merged;</para>
|
|
|
|
<para>&man.tip.1; has been updated from
|
|
<application>OpenBSD</application>, and has the ability to act
|
|
as a &man.cu.1; substitute.</para>
|
|
|
|
<para>&man.top.1; will now use the full width of its tty.</para>
|
|
|
|
<para>&man.touch.1; now takes a <option>-h</option> option to
|
|
operate on a symbolic link, rather than what the link points
|
|
to.</para>
|
|
|
|
<para>The &man.truncate.1; utility, which truncates or extends the
|
|
length of files, has been added. &merged;</para>
|
|
|
|
<para>Ukrainian language support has been added to the &os;
|
|
console. &merged;</para>
|
|
|
|
<para><application>UUCP</application> has been removed from the
|
|
base system. It can be found in the Ports Collection, in
|
|
<filename role="package">net/freebsd-uucp</filename>.</para>
|
|
|
|
<para>&man.units.1; has received some updates and
|
|
bugfixes. &merged;</para>
|
|
|
|
<para>&man.usbdevs.8; now supports a <option>-d</option> flag to
|
|
show the device driver associated with each device.</para>
|
|
|
|
<para>&man.uudecode.1; now accepts a <option>-o</option> option to
|
|
set its output file.</para>
|
|
|
|
<para>&man.vidcontrol.1; now accepts a <option>-g</option>
|
|
parameter to select custom text geometry in the
|
|
<literal>VESA_800x600</literal> raster text mode. &merged;</para>
|
|
|
|
<para>&man.vidcontrol.1; now allows the user to omit the font size
|
|
specification when loading a font, and has some better
|
|
error-handling. &merged;</para>
|
|
|
|
<para>&man.vidcontrol.1; now supports a <option>-p</option> option
|
|
to take a snapshot of a &man.syscons.4; video buffer. These
|
|
snapshots can be manipulated by the
|
|
<filename role="package">graphics/scr2png</filename> utility in
|
|
the Ports Collection. &merged;</para>
|
|
|
|
<para>&man.vidcontrol.1; now supports a <option>-C</option> option
|
|
to clear the history buffer for a given tty, as well as a
|
|
<option>-h</option> option to set the size of the history
|
|
buffer. &merged;</para>
|
|
|
|
<para>The default stripe size in &man.vinum.8; has been changed
|
|
from 256KB to 279KB, to spread out superblocks more evenly
|
|
between stripes.</para>
|
|
|
|
<para>&man.wall.1; now supports a <option>-g</option> flag to
|
|
write a message to all users of a given group. &merged;</para>
|
|
|
|
<para>&man.watch.8; now takes a <option>-f</option> option to
|
|
specify a &man.snp.4; device to use. &merged;</para>
|
|
|
|
<para>&man.which.1; is now a C program, rather than a Perl
|
|
script.</para>
|
|
|
|
<para>&man.whois.1; now directs queries for IP addresses to ARIN.
|
|
If a query to ARIN references APNIC or RIPE, the appropriate
|
|
server will also be queried, provided that the
|
|
<option>-Q</option> option is not specified. &merged;</para>
|
|
|
|
<para>&man.whois.1; supports a <option>-c</option> option to
|
|
specify a country code to help direct queries towards a
|
|
particular whois server. &merged;</para>
|
|
|
|
<para>&man.xargs.1; now supports a <option>-J</option>
|
|
<replaceable>replstr</replaceable> option that allows the user
|
|
to tell &man.xargs.1; to insert the data read from standard
|
|
input at a specific point in the command line arguments rather
|
|
than at the end. &merged;</para>
|
|
|
|
<para>The compiler chain now uses the FSF-supplied C/C++ runtime
|
|
initialization code. This change brings about better
|
|
compatibility with code generated from the various egcs and gcc
|
|
ports, as well as the stock public FSF source. &merged;</para>
|
|
|
|
<para>The threads library has gained some signal handling changes,
|
|
bug fixes, and performance enhancements (including zero system
|
|
call thread switching). &man.gdb.1; thread support has been
|
|
updated to match these changes. &merged;</para>
|
|
|
|
<para>Significant additions have been made to internationalization
|
|
support; &os; now has complete locale support for the
|
|
<literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>,
|
|
and <literal>LC_MESSAGES</literal> categories. A number of
|
|
applications have been updated to take advantage of this
|
|
support.</para>
|
|
|
|
<para>Locale names have been changed to improve compatibility with
|
|
the names used by X11R6, as well as a number of other UNIX
|
|
versions. As an example, the
|
|
<literal>en_US.ISO_8859-1</literal> locale name has been changed
|
|
to
|
|
<literal>en_US.ISO8859-1</literal>. Entries in
|
|
<filename>/etc/locale.alias</filename> provide backward
|
|
compatibility. &merged;</para>
|
|
|
|
<para><filename>/usr/src/share/examples/BSD_daemon/</filename> now
|
|
contains a scalable Beastie graphic. &merged;</para>
|
|
|
|
<para>As part of an ongoing process, many manual pages were
|
|
improved, both in terms of their formatting markup and in their
|
|
content. &merged;</para>
|
|
|
|
<sect3>
|
|
<title>Contributed Software</title>
|
|
|
|
<para><application>am-utils</application> has been updated to
|
|
6.0.7.</para>
|
|
|
|
<para>A 10 February 2002 snapshot of <application>awk</application> from Bell Labs (variously
|
|
known as <quote>BWK awk</quote> or <quote>The One True
|
|
AWK</quote>) has been imported. It is available as
|
|
<command>awk</command> on the sparc64 architecture, and
|
|
<command>nawk</command> on other architectures.</para>
|
|
|
|
<para><application>bc</application> has been updated from 1.04 to
|
|
1.06. &merged;</para>
|
|
|
|
<para>The ISC library from the <application>BIND</application>
|
|
distribution is now built as
|
|
<filename>libisc</filename>. &merged;</para>
|
|
|
|
<para><application>BIND</application> is now built with the
|
|
<literal>NOADDITIONAL</literal> flag, which causes
|
|
&man.named.8; to operate in a more consistent fashion for
|
|
certain common misconfigurations. &merged;</para>
|
|
|
|
<para><application>BIND</application> has been updated to
|
|
8.3.1-REL. &merged;</para>
|
|
|
|
<para><application>Binutils</application> has been updated to
|
|
2.12.0.</para>
|
|
|
|
<para><application>bzip2</application> 1.0.2 has been imported;
|
|
this brings the &man.bzip2.1; program and the
|
|
<filename>libbz2</filename> library to the base
|
|
system. &merged;</para>
|
|
|
|
<para>The &man.ee.1; <application>Easy Editor</application> has
|
|
been updated to 1.4.2. &merged;</para>
|
|
|
|
<para><application>file</application> has been updated to
|
|
3.37.</para>
|
|
|
|
<para><application>gcc</application> has been updated to
|
|
a snapshot of the 2.95 development branch from 20 March 2002
|
|
(this snapshot includes changes made after the release of
|
|
<application>gcc</application>2.95.3).</para>
|
|
|
|
<para>&man.gcc.1; now uses a unified <filename>libgcc</filename>
|
|
rather than a separate one for threaded and non-threaded
|
|
programs. <filename>/usr/lib/libgcc_r.a</filename> can be
|
|
removed. &merged;</para>
|
|
|
|
<para>&man.gcc.1; now supports the environment variable
|
|
<envar>GCC_OPTIONS</envar>, which can hold a set of default
|
|
options for <application>GCC</application>. &merged;</para>
|
|
|
|
<para><application>GNATS</application> has been updated to
|
|
3.113. &merged;</para>
|
|
|
|
<para><application>GNU awk</application> has been updated to
|
|
3.1.0. It is available as <command>gawk</command> on the
|
|
sparc64 architecture, and as <command>awk</command> on other
|
|
architectures.</para>
|
|
|
|
<para><application>gperf</application> has been updated to
|
|
2.7.2.</para>
|
|
|
|
<para><application>groff</application> and its related utilities
|
|
have been updated to FSF version 1.17.2. This import brings
|
|
in a new &man.mdoc.7; macro package (sometimes referred to as
|
|
<literal>mdocNG</literal>), which removes many of the
|
|
limitations of its predecessor. &merged;</para>
|
|
|
|
<para><application>Heimdal</application> has been updated to
|
|
0.3f.</para>
|
|
|
|
<para>The version of <application>IPFilter</application>
|
|
provided with &os; now includes the &man.ipfs.8; program,
|
|
which allows state information created for NAT entries and
|
|
stateful rules to be saved to disk and restored after a
|
|
reboot. Boot-time configuration of these features is
|
|
supported by &man.rc.conf.5;. &merged;</para>
|
|
|
|
<para>The <application>ISC DHCP</application> client has been
|
|
updated to 3.0.1RC6.</para>
|
|
|
|
<para><application>Kerberos IV</application> has been updated to
|
|
1.0.5. &merged;</para>
|
|
|
|
<para>The &man.more.1; command has been replaced by
|
|
&man.less.1;, although it can still be run as
|
|
<command>more</command>. &merged; Version 371 of
|
|
<application>less</application> has been imported.</para>
|
|
|
|
<para><application>libpcap</application> has been updated to
|
|
0.6.2. &merged;</para>
|
|
|
|
<para><application>libreadline</application> has been updated to
|
|
4.2.</para>
|
|
|
|
<para><application>libz</application> has been updated to
|
|
1.1.4.</para>
|
|
|
|
<para><application>lint</application> has been updated to
|
|
snapshot of NetBSD &man.lint.1; as of 3 March 2002.</para>
|
|
|
|
<para><application>lukemftp</application> (the FTP client from
|
|
NetBSD) has replaced the &os; &man.ftp.1; program. Among its
|
|
new features are more automation methods, better standards
|
|
compliance, transfer rate throttling, and a customizable
|
|
command-line prompt. Some environment variables and
|
|
command-line arguments have changed.</para>
|
|
|
|
<para>The FTP daemon from NetBSD, otherwise known as
|
|
<application>lukemftpd</application>, has been imported and is
|
|
available as &man.lukemftpd.8;.</para>
|
|
|
|
<para><application>ncurses</application> has been updated to
|
|
5.2-20010512.</para>
|
|
|
|
<para>The <application>NTP</application> suite of programs has
|
|
been updated to 4.1.0. &merged;</para>
|
|
|
|
<para><application>OpenPAM</application>
|
|
(<quote>Centaury</quote> release) has been imported,
|
|
replacing
|
|
<application>Linux-PAM</application>.</para>
|
|
|
|
<para>The <application>OPIE</application> one-time-password
|
|
suite has been updated to 2.4. It has completely
|
|
replaced the functionality of
|
|
<application>S/Key</application>.</para>
|
|
|
|
<para><application>Perl</application> has been updated to version
|
|
5.6.1.</para>
|
|
|
|
<para>&man.routed.8; has been updated to version
|
|
2.22. &merged;</para>
|
|
|
|
<para arch="i386">Version 1.4.3 of the
|
|
<application>smbfs</application> userland utilities have been
|
|
imported. &merged;</para>
|
|
|
|
<para><application>tcpdump</application> has been updated to
|
|
3.6.3. &merged;</para>
|
|
|
|
<para>The &man.csh.1; shell has been replaced by &man.tcsh.1;,
|
|
although it can still be run as <command>csh</command>.
|
|
<application>tcsh</application> has been updated to version
|
|
6.11. &merged;</para>
|
|
|
|
<para>The contributed version of
|
|
<application>tcp_wrappers</application> now includes the
|
|
&man.tcpd.8; helper daemon. While not strictly necessary in a
|
|
standard &os; installation (because &man.inetd.8; already
|
|
incorporates this functionality), this may be useful for
|
|
&man.inetd.8; replacements such as
|
|
<application>xinetd</application>.</para>
|
|
|
|
<para><application>top</application> has been updated to version
|
|
3.5b12.</para>
|
|
|
|
<para>&man.traceroute.8; now takes its default maximum TTL value
|
|
from the <varname>net.inet.ip.ttl</varname> sysctl
|
|
variable. &merged;</para>
|
|
|
|
<para>The timezone database has been updated to the
|
|
<filename>tzdata2001d</filename> release. &merged;</para>
|
|
|
|
<sect4>
|
|
<title>CVS</title>
|
|
|
|
<para><application>cvs</application> has been updated to
|
|
1.11.1p1. &merged;</para>
|
|
|
|
<para>The default value for &man.cvs.1;'s
|
|
<envar>CVS_RSH</envar> variable is now
|
|
<literal>ssh</literal>, rather than
|
|
<literal>rsh</literal>. &merged;</para>
|
|
|
|
<para>&man.cvs.1; now supports a <option>-T</option> option to
|
|
update a sandbox's <filename>CVS/Template</filename> file
|
|
from the repository. &merged;</para>
|
|
|
|
<para>&man.cvs.1; <literal>diff</literal> now supports the
|
|
<option>-j</option> option to perform differences against a
|
|
revision relative to a branch tag. &merged;</para>
|
|
</sect4>
|
|
|
|
<sect4>
|
|
<title>CVSup</title>
|
|
|
|
<para><application>CVSup</application>, a frequently used
|
|
utility in the &os; Ports Collection, was formerly
|
|
installable using several ports and packages. The
|
|
<filename role="package">net/cvsup-bin</filename> and
|
|
<filename role="package">net/cvsupd-bin</filename>
|
|
ports/packages are no longer necessary or available; the
|
|
<filename role="package">net/cvsup</filename> port should be
|
|
used instead. &merged;</para>
|
|
|
|
<para><application>CVSup</application> has been updated to
|
|
16.1_3, which is available in the &os; Ports Collection as
|
|
<filename role="package">net/cvsup</filename>. This update
|
|
fixes a long-standing (but only recently encountered) bug
|
|
which affects the timestamps on all files after Sun Sep 9
|
|
01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX
|
|
epoch). &merged;</para>
|
|
</sect4>
|
|
|
|
<sect4 id="kame-userland">
|
|
<title>KAME</title>
|
|
|
|
<para>The IPv6 stack is now based on a snapshot based on the
|
|
KAME Project's IPv6 snapshot as of 28 May, 2001. Most of
|
|
the items listed in this section are a result of this
|
|
import.
|
|
<xref linkend="kame-kernel"> lists kernel updates to the
|
|
KAME IPv6 stack. &merged;</para>
|
|
|
|
<para>&man.faithd.8; now supports a configuration file for
|
|
access control. &merged;</para>
|
|
|
|
<para>&man.ifconfig.8; can now perform the functions of
|
|
&man.gifconfig.8;. &merged;</para>
|
|
|
|
<para>&man.ifconfig.8; can now perform the functions of
|
|
&man.prefix.8;. &man.prefix.8; is now a shell script for
|
|
partial backwards compatibility. &merged;</para>
|
|
|
|
<para>&man.ndp.8; now implements garbage collection for stale
|
|
NDP entries, as described in RFC 2461 (Neighbor Discovery
|
|
for IP Version 6 (IPv6)). &merged;</para>
|
|
|
|
<para>&man.pim6dd.8; and &man.pim6sd.8; have been removed due
|
|
to restrictive licensing conditions. These programs are
|
|
available in the ports collection as
|
|
<filename role="package">net/pim6dd</filename> and
|
|
<filename role="package">net/pim6sd</filename>. &merged;</para>
|
|
|
|
<para>&man.route6d.8; now supports an <option>-n</option> flag
|
|
to avoid updating the kernel forwarding
|
|
table. &merged;</para>
|
|
|
|
<para>The <option>-R</option> (router renumbering) option to
|
|
&man.rtadvd.8; is currently ignored. &merged;</para>
|
|
</sect4>
|
|
|
|
<sect4>
|
|
<title>OpenSSH</title>
|
|
|
|
<para><application>OpenSSH</application> has been updated to
|
|
2.9, which provides support for the SSH2 protocol (now the
|
|
default) and DSA keys. &man.ssh-add.1; and
|
|
&man.ssh-agent.1; can now handle DSA keys, with support for
|
|
authentication forwarding.
|
|
<application>OpenSSH</application> users in the USA no
|
|
longer need to rely on the restrictively-licensed RSAREF
|
|
toolkit which is required to handle RSA keys. Among other
|
|
new features: A client and server for &man.sftp.1; has been added.
|
|
&man.scp.1; can now handle files larger than 2 GBytes. A
|
|
limit on the number of outstanding, unauthenticated
|
|
connections in &man.sshd.8; has been added. Support has
|
|
been added for the Rijndael encryption algorithm. Rekeying
|
|
of existing sessions is now supported, and an experimental
|
|
<application>SOCKS4</application> proxy has been added to
|
|
&man.ssh.1;. &merged;</para>
|
|
|
|
<para><application>OpenSSH</application> has been updated to
|
|
version 3.1. Among the changes:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>The <filename>*2</filename> files are obsolete
|
|
(for example,
|
|
<filename>~/.ssh/known_hosts</filename> can hold the
|
|
contents of
|
|
<filename>~/.ssh/known_hosts2</filename>).</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>&man.ssh-keygen.1; can import and export keys using
|
|
the SECSH Public Key File Format, for key exchange
|
|
with several commercial SSH implementations.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>&man.ssh-add.1; now adds all three default keys.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>&man.ssh-keygen.1; no longer defaults to a
|
|
specific key type; one must be specified with the
|
|
<option>-t</option> option.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
|
|
<para><application>OpenSSH</application> can now authenticate
|
|
using <application>OPIE</application> passwords.</para>
|
|
|
|
<para><application>PAM</application> support for
|
|
<application>OpenSSH</application> has been added.</para>
|
|
|
|
<para>A long-standing bug in
|
|
<application>OpenSSH</application>, which sometimes resulted
|
|
in a dropped session when an X11-forwarded client was
|
|
closed, was fixed.</para>
|
|
|
|
<para><application>Kerberos</application> compatibility has
|
|
been added to
|
|
<application>OpenSSH</application>. &merged;</para>
|
|
|
|
<para><application>OpenSSH</application> has been modified to
|
|
be more resistant to traffic analysis by requiring that
|
|
<quote>non-echoed</quote> characters are still echoed back
|
|
in a null packet, as well as by padding passwords sent so as
|
|
not to hint at password lengths. &merged;</para>
|
|
|
|
<para>&man.sshd.8; is now enabled by default on new
|
|
installs. &merged;</para>
|
|
|
|
<para>&man.sshd.8; <literal>X11Forwarding</literal> is now
|
|
turned on by default on the server (any risk is to the
|
|
client, where it is already disabled by
|
|
default). &merged;</para>
|
|
|
|
<para>In <filename>/etc/ssh/sshd_config</filename>, the
|
|
<literal>ConnectionsPerPeriod</literal> parameter has been
|
|
deprecated in favor of
|
|
<literal>MaxStartups</literal>. &merged;</para>
|
|
|
|
<para><application>OpenSSH</application> now has a
|
|
<literal>VersionAddendum</literal> configuration setting for
|
|
&man.sshd.8; to allow changing the part of the
|
|
<application>OpenSSH</application> version string after the
|
|
main version number.</para>
|
|
</sect4>
|
|
|
|
<sect4>
|
|
<title>OpenSSL</title>
|
|
|
|
<para><application>OpenSSL</application> has been updated to
|
|
0.9.6c.</para>
|
|
|
|
<para><application>OpenSSL</application> now has support for
|
|
machine-dependent ASM optimizations, activated by the new
|
|
<varname>MACHINE_CPU</varname> and/or
|
|
<varname>CPUTYPE</varname>
|
|
<filename>make.conf</filename> variables. &merged;</para>
|
|
</sect4>
|
|
|
|
<sect4>
|
|
<title>sendmail</title>
|
|
|
|
<para><application>sendmail</application> has been updated
|
|
from version 8.9.3 to version 8.12.2. Important changes
|
|
include: &man.sendmail.8; is no longer installed as a
|
|
set-user-ID root binary (now set-group-ID smmsp); new
|
|
default file locations (see
|
|
<filename>/usr/src/contrib/sendmail/cf/README</filename>);
|
|
&man.newaliases.1; is limited to <username>root</username>
|
|
and trusted users; STARTTLS encryption; and the MSA port
|
|
(587) is turned on by default. See
|
|
<filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename>
|
|
for more information. &merged;</para>
|
|
|
|
<para>&man.mail.local.8; is no longer installed as a
|
|
set-user-ID binary. If you are using a
|
|
<filename>/etc/mail/sendmail.cf</filename> from the default
|
|
<filename>sendmail.cf</filename> included with &os; any time
|
|
after 3.1.0, you are fine. If you are using a
|
|
hand-configured <filename>sendmail.cf</filename> and
|
|
<command>mail.local</command> for delivery, check to make sure the
|
|
<literal>F=S</literal> flag is set on the
|
|
<literal>Mlocal</literal> line. Those with
|
|
<filename>.mc</filename> files who need to add the flag can
|
|
do so by adding the following line to their
|
|
<filename>.mc</filename> file and regenerating the
|
|
<filename>sendmail.cf</filename> file:</para>
|
|
|
|
<programlisting>MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting>
|
|
|
|
<para>Note that <literal>FEATURE(`local_lmtp')</literal> already
|
|
does this. &merged;</para>
|
|
|
|
<para>The default <filename>/etc/mail/sendmail.cf</filename>
|
|
disables the SMTP <literal>EXPN</literal> and
|
|
<literal>VRFY</literal> commands. &merged;</para>
|
|
|
|
<para>&man.vacation.1; has been updated to use the version
|
|
included with <application>sendmail</application>. &merged;</para>
|
|
|
|
<para>The <application>sendmail</application> configuration
|
|
building tools are installed in
|
|
<filename>/usr/share/sendmail/cf/</filename>. &merged;</para>
|
|
|
|
<para>New <filename>make.conf</filename> options:
|
|
<varname>SENDMAIL_MC</varname> and
|
|
<varname>SENDMAIL_ADDITIONAL_MC</varname>. See
|
|
<filename>/usr/share/examples/etc/make.conf</filename> for more
|
|
information. &merged;</para>
|
|
|
|
<para><filename>/etc/mail/Makefile</filename> now supports:
|
|
the new <varname>SENDMAIL_MC</varname>
|
|
<filename>make.conf</filename> option; the ability to build
|
|
<filename>.cf</filename> files from
|
|
<filename>.mc</filename> files; generalized map rebuilding;
|
|
rebuilding the aliases file; and the ability to stop, start,
|
|
and restart
|
|
<application>sendmail</application>. &merged;</para>
|
|
|
|
<para>The <username>smmsp</username> and
|
|
<username>mailnull</username> users have been added to
|
|
<filename>/etc/master.passwd</filename>. In the absence of a
|
|
<literal>confDEF_USER_ID</literal> setting, by default,
|
|
<application>sendmail</application> will use the
|
|
<username>mailnull</username> user for extra security.
|
|
Previously, if the <username>mailnull</username> user did
|
|
not exist, the <username>daemon</username> user was used.
|
|
This change may generate some permissions issues when
|
|
mailing to files or to programs (such as <filename
|
|
role="package">mail/majordomo</filename>). &merged; The
|
|
previous behavior can be restored by adding the following
|
|
line to a system's
|
|
<filename><replaceable>*</replaceable>.mc</filename>
|
|
configuration file:
|
|
|
|
<programlisting>define(`confDEF_USER_ID', `daemon')</programlisting>
|
|
</para>
|
|
</sect4>
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Ports/Packages Collection</title>
|
|
|
|
<para><application>BSDPAN</application>, a collection of modules
|
|
that provides tighter integration of
|
|
<application>Perl</application> into the &os; Ports
|
|
Collection, has been added.</para>
|
|
|
|
<para>&man.pkg.create.1; and &man.pkg.add.1; can now work with
|
|
packages that have been compressed using
|
|
&man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT
|
|
environment variable to determine a mirror site for new
|
|
packages. &merged;</para>
|
|
|
|
<para>&man.pkg.create.1; now records dependencies in dependency
|
|
order rather than in the order specified on the command line.
|
|
This improves the functioning of <command>pkg_add
|
|
-r</command>. &merged;</para>
|
|
|
|
<para>&man.pkg.create.1; now supports a <option>-b</option> to
|
|
create a package file from a locally-installed
|
|
package. &merged;</para>
|
|
|
|
<para>When requested to delete multiple packages,
|
|
&man.pkg.delete.1; will now attempt to remove them in
|
|
dependency order rather than the order specified on the
|
|
command line. &merged;</para>
|
|
|
|
<para>&man.pkg.delete.1; now can perform glob/regexp matching of
|
|
package names. In addition, it supports a <option>-a</option>
|
|
option for removing all packages and a <option>-i</option>
|
|
option for &man.rm.1;-style interactive
|
|
confirmation. &merged;</para>
|
|
|
|
<para>&man.pkg.delete.1; now supports a <option>-r</option>
|
|
option for recursive package removal. &merged;</para>
|
|
|
|
<para>&man.pkg.info.1; now supports globbing against names of
|
|
installed packages. The <option>-G</option> option disables
|
|
this behavior, and the <option>-x</option> option causes
|
|
regular expression matching instead of shell
|
|
globbing. &merged;</para>
|
|
|
|
<para>&man.pkg.info.1; can now accept a <option>-g</option> flag
|
|
for verifying an installed package against its recorded
|
|
checksums (to see if it's been modified post-installation).
|
|
Naturally, this mechanism is only as secure as the contents of
|
|
<filename>/var/db/pkg</filename> if it's to be used for auditing
|
|
purposes. &merged;</para>
|
|
|
|
<para>&man.pkg.sign.1; and &man.pkg.check.1; have been added to
|
|
digitally sign and verify the signatures on binary package
|
|
files. &merged;</para>
|
|
|
|
<para>&man.pkg.update.1;, a utility to update installed packages
|
|
and update their dependencies, has been added. &merged;</para>
|
|
|
|
<para>&man.pkg.version.1; now has a version number comparison
|
|
routine that corresponds to the Porters Handbook. It also has
|
|
a <option>-t</option> option for testing address comparisons.
|
|
&merged;</para>
|
|
|
|
<para>&man.pkg.version.1; now takes a <option>-s</option> flag
|
|
to limit its operation to ports/packages matching a given
|
|
string. &merged;</para>
|
|
|
|
<para>Version numbers of installed packages have a new
|
|
(backward-compatible) syntax, which supports the
|
|
<varname>PORTREVISION</varname> and
|
|
<varname>PORTEPOCH</varname> variables in Ports Collection
|
|
<filename>Makefile</filename>s. These changes help keep track
|
|
of changes in the ports collection entries such as security
|
|
patches or &os;-specific updates, which aren't reflected in
|
|
the original, third-party software distributions.
|
|
&man.pkg.version.1; can now compare these new-style version
|
|
numbers. &merged;</para>
|
|
|
|
<para>To improve performance and disk utilization, the
|
|
<quote>ports skeletons</quote> in the &os; Ports Collection
|
|
have been restructured. Installed ports and packages should
|
|
not be affected. &merged;</para>
|
|
|
|
<para>All packages and ports now contain an
|
|
<quote>origin</quote> directive, which makes it easier for
|
|
programs such as &man.pkg.version.1; to determine the
|
|
directory from which a package was built. &merged;</para>
|
|
</sect3>
|
|
</sect2>
|
|
</sect1>
|
|
|
|
<sect1>
|
|
<title>Upgrading from previous releases of &os;</title>
|
|
|
|
<para>If you're upgrading from a previous release of &os;, you
|
|
generally will have three options:
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Using the binary upgrade option of &man.sysinstall.8;.
|
|
This option is perhaps the quickest, although it presumes
|
|
that your installation of &os; uses no special compilation
|
|
options.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Performing a complete reinstall of &os;. Technically,
|
|
this is not an upgrading method, and in any case is usually less
|
|
convenient than a binary upgrade, in that it requires you to
|
|
manually backup and restore the contents of
|
|
<filename>/etc</filename>. However, it may be useful in
|
|
cases where you want (or need) to change the partitioning of
|
|
your disks.
|
|
</listitem>
|
|
<listitem>
|
|
<para>From source code in <filename>/usr/src</filename>. This
|
|
route is more flexible, but requires more disk space, time,
|
|
and more technical expertise. Upgrading from very old
|
|
versions of &os; may be problematic; in cases like this, it
|
|
is usually more effective to perform a binary upgrade or a
|
|
complete reinstall.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
|
|
<para>Please read the <filename>INSTALL.TXT</filename> file for more
|
|
information, preferably <emphasis>before</emphasis> beginning an
|
|
upgrade. If you are upgrading from source, please be sure to read
|
|
<filename>/usr/src/UPDATING</filename> as well.</para>
|
|
|
|
<para>Finally, if you want to use one of various means to track the
|
|
-STABLE or -CURRENT branches of &os;, please be sure to consult
|
|
the <ulink
|
|
url="http://www.FreeBSD.org/handbook/current-stable.html"><quote>-CURRENT
|
|
vs. -STABLE</quote></ulink> section of the <ulink
|
|
url="http://www.FreeBSD.org/handbook/">FreeBSD
|
|
Handbook</ulink>.</para>
|
|
|
|
<important>
|
|
<para>Upgrading &os; should, of course, only be attempted after
|
|
backing up <emphasis>all</emphasis> data and configuration
|
|
files.</para>
|
|
</important>
|
|
</sect1>
|