d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b91d620462
freebsd-dev/release/doc/en_US.ISO8859-1/relnotes/article.sgml

1556 lines
67 KiB
Plaintext
Raw Blame History

<articleinfo>
<title>&os;/&arch; &release.current; Release Notes</title>
<corpauthor>The FreeBSD Project</corpauthor>
<pubdate>$FreeBSD$</pubdate>
<copyright>
<year>2000</year>
<year>2001</year>
<year>2002</year>
<year>2003</year>
<year>2004</year>
<holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
</copyright>
<abstract>
<para>The release notes for &os; &release.current; contain a summary
of
<![ %include.historic; [
the changes made to the &os; base system since &release.prev;.
]]>
<![ %no.include.historic; [
recent changes made to the &os; base system on the &release.branch;
development branch.
]]>
This document lists applicable security advisories that were issued since
the last release, as well as significant changes to the &os;
kernel and userland.
Some brief remarks on upgrading are also presented.</para>
</abstract>
</articleinfo>
<sect1 id="intro">
<title>Introduction</title>
<para>This document contains the release notes for &os;
&release.current; on the &arch.print; hardware platform. It
describes recently added, changed, or deleted features of &os;.
It also provides some notes on upgrading
from previous versions of &os;.</para>
<![ %release.type.current [
<para>The &release.type; distribution to which these release notes
apply represents the latest point along the &release.branch; development
branch since &release.branch; is created. Some pre-built, binary
&release.type; distributions along this branch
can be found at <ulink url="&release.url;"></ulink>.</para>
]]>
<![ %release.type.snapshot [
<para>The &release.type; distribution to which these release notes
apply represents a point along the &release.branch; development
branch between &release.prev; and the future &release.next;. Some
pre-built, binary &release.type; distributions along this branch
can be found at <ulink url="&release.url;"></ulink>.</para>
]]>
<![ %release.type.release [
<para>This distribution of &os; &release.current; is a
&release.type; distribution. It can be found at <ulink
url="&release.url;"></ulink> or any of its mirrors. More
information on obtaining this (or other) &release.type;
distributions of &os; can be found in the <ulink
url="&url.books.handbook;/mirrors.html"><quote>Obtaining
FreeBSD</quote> appendix</ulink> to the <ulink
url="&url.books.handbook;/">FreeBSD
Handbook</ulink>.</para>
]]>
<para>All users are encouraged to consult the release errata before
installing &os;. The errata document is updated with
<quote>late-breaking</quote> information discovered late in the
release cycle or after the release. Typically, it contains
information on known bugs, security advisories, and corrections to
documentation. An up-to-date copy of the errata for &os;
&release.current; can be found on the &os; Web site.</para>
</sect1>
<sect1 id="new">
<title>What's New</title>
<para>This section describes
<![ %include.historic; [
the most user-visible new or changed features in &os;
since &release.prev;.
In general, changes described here are unique to the &release.branch;
branch unless specifically marked as &merged; features.
]]>
<![ %no.include.historic; [
many of the user-visible new or changed features in &os;
since &release.prev;. It includes items that are unique to the
&release.branch; branch, as well as some features that may have been
recently merged to
other branches (after &os; &release.prev.historic;). The latter
items are marked as &merged;.
]]>
</para>
<para>Typical release note items
document recent security advisories issued after
&release.prev.historic;,
new drivers or hardware support, new commands or options,
major bug fixes, or contributed software upgrades. They may also
list changes to major ports/packages or release engineering
practices. Clearly the release notes cannot list every single
change made to &os; between releases; this document focuses
primarily on security advisories, user-visible changes, and major
architectural improvements.</para>
<sect2 id="security">
<title>Security Advisories</title>
<para>A bug in &man.mksnap.ffs.8; has been fixed; it caused the creation of a
filesystem snapshot to reset the flags on the filesystem to
their default values. The possible consequences depended on local
usage, but could include disabling extended access control lists
or enabling the use of setuid executables stored on an untrusted
filesystem. This bug also affected the &man.dump.8;
<option>-L</option> option, which uses &man.mksnap.ffs.8;. Note
that &man.mksnap.ffs.8; is normally only available to the
superuser and members of the <groupname>operator</groupname>
group. For more information, see security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para>
<para>A bug with the System V Shared Memory interface
(specifically the &man.shmat.2; system call) has been fixed.
This bug can cause a shared memory segment to reference
unallocated kernel memory. In turn, this can permit a local
attacker to gain unauthorized access to parts of kernel memory,
possibly resulting in disclosure of sensitive information,
bypass of access control mechanisms, or privilege escalation.
More details can be found in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>.
&merged;</para>
<para>A programming error in the &man.jail.attach.2; system call
has been fixed. This error could allow a process with superuser
privileges inside a &man.jail.8; environment to change its root
directory to that of a different jail, and thus gain full read
and write access to files and directories within the target
jail. More information can be found in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para>
<para>A potential low-bandwidth denial-of-service attack against
the &os; TCP stack has been prevented by limiting the number of
out-of-sequence TCP segments that can be held at one time. More
details can be found in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>.
&merged;</para>
<para>A bug in <application>OpenSSL</application>'s SSL/TLS
ChangeCipherSpec message processing could result in
a null pointer dereference, has been fixed.
This could allow a remote attacker to crash an
<application>OpenSSL</application>-using
application and cause a denial-of-service on the system.
More details can be found in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc">FreeBSD-SA-04:05</ulink>.
&merged;</para>
<para>A programming error in the handling of some IPv6
socket options within the &man.setsockopt.2; system call
has been fixed. This allows a local attacker to cause a
system panic, and may allow to gain unauthorized access to
parts of kernel memory, possibly resulting in disclosure
of sensitive information, bypass of access control
mechanisms, or privilege escalation.
More details can be found in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc">FreeBSD-SA-04:06</ulink>.</para>
<para>Two programming errors in <application>CVS</application>
have been fixed. They allow a server to overwrite arbitrary
files on the client, and a client to read arbitrary files
on the server when accessing remote CVS repositories.
More details can be found in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc">FreeBSD-SA-04:07</ulink>. &merged;</para>
<para>A bugfix for <application>Heimdal</application> rectifies a
problem in which it would not perform adequate checking of
authentication across autonomous realms. For more information,
see security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:08.heimdal.asc">FreeBSD-SA-04:08</ulink>. &merged;</para>
<para>A programming error in <application>CVS</application> which
allow the malicious client to overwrite arbitrary portions of
the server's memory has been fixed. For more information,
see security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc">FreeBSD-SA-04:10</ulink>. &merged;</para>
<para>A potential cache consistency problem of
the implementation of the &man.msync.2; system call
involving the <literal>MS_INVALIDATE</literal>
operation has been fixed. However, as a side effect of closing
this security problem, the <literal>MS_INVALIDATE</literal>
flag no longer guarantees that all pages in the range are invalidated.
Users who require the old semantics of <literal>MS_INVALIDATE</literal>
and are not concerned with the security issue being fixed can set the
<varname>vm.old_msync</varname> sysctl to 1 which will revert to
the old (insecure) behavior. For more information,
see security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc">FreeBSD-SA-04:11</ulink>. &merged;</para>
<para>A programming error in the &man.jail.2; system call
which results in a failure to verify that an attempt
to manipulate routing tables originated from a non-jailed process
has been fixed.
For more information, see security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jail.asc">FreeBSD-SA-04:12</ulink>. &merged;</para>
<para>A programming error in the handling of some Linux system calls which
may result in memory locations being accessed without proper validation
has been fixed.
For more information, see security advisory <ulink
url="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:13.linux.asc">FreeBSD-SA-04:13</ulink>. &merged;</para>
</sect2>
<sect2 id="kernel">
<title>Kernel Changes</title>
<para arch="i386">The &man.acpi.asus.4; driver has been added
to use ACPI-controlled hardware features, such as hot keys and
LEDs on ASUSTek laptops.</para>
<para arch="i386">The &man.acpi.toshiba.4; driver has been added
to use Toshiba's Hardware Control Interface to manipulate
certain hardware features on Toshiba laptops, such as
video output switching.</para>
<para>The &man.acpi.video.4; driver has been added to provide
control display switching and backlight brightness using the
ACPI Video Extensions.</para>
<para arch="i386">The &man.acpi.4; driver now supports
per-device sysctls (<varname>dev.root0.nexus0.acpi0.acpi_lid0.wake</varname>,
for instance) to allow users to set whether or not a given
device can wake the system.</para>
<para arch="i386">The &man.acpi.4; driver will now
be disabled automatically when the machine has a well-known broken BIOS.
This behavior can be overridden by setting the loader tunable
<varname>hint.acpi.0.disabled</varname> to <literal>0</literal>.</para>
<para>The &man.bus.dma.9; interface now supports transparently honoring
the alignment and boundary constraints in the DMA tag
when loading buffers, and <function>bus_dmamap_load()</function>
will automatically use bounce buffers when needed.
In addition, a set of sysctls <varname>hw.busdma.*</varname>
for &man.bus.dma.9; statistics has been added.</para>
<para arch="i386">The &man.ctau.4; driver has been added for Cronyx Tau
synchronous serial adapters. This driver was known for a long time as
<quote>ct</quote> in its previous life outside the &os; source tree. &merged;
<note>
<para>The driver name has changed, but the network interface still
has the <quote>ct</quote> name.</para>
</note>
</para>
<para arch="i386,pc98">The &man.cp.4; driver has been added for Cronyx Tau-PCI
synchronous serial adapters.
</para>
<para>&man.devfs.5; path rules now work correctly on
directories.</para>
<para arch="i386,pc98">The dgb (DigiBoard intelligent serial card) driver has been
removed due to breakage. Its replacement is the &man.digi.4; driver,
which supports all the hardware of the dgb driver.</para>
<para>The &man.getvfsent.3; API has been removed.</para>
<para arch="sparc64">The &man.hme.4; driver now natively supports
long frames, so it can be used for &man.vlan.4; with full Ethernet
MTU size.</para>
<para>&man.jail.2; now supports use of raw sockets from within a jail.
This feature is disabled by default, and controlled using the
<varname>security.jail.allow_raw_sockets</varname> sysctl.</para>
<para>&man.kqueue.2; now supports a new filter
<literal>EVFILT_FS</literal> to be used to signal generic filesystem
events to the user space. Currently, mount, unmount, and up/down
status of NFS are signaled.</para>
<para>KDB, a new debugger framework, has been added.
This consists of a new GDB backend, which has been rewritten to support
threading, run-length encoding compression, and so on, and
the frontend that provides a framework in which multiple, different
debugger backends can be configured and which provides
basic services to those backends.
The following options has been changed:</para>
<itemizedlist>
<listitem>
<para>KDB is enabled by default
via the kernel options <literal>options KDB</literal>,
<literal>options GDB</literal>, and <literal>options DDB</literal>.
Both <literal>DDB</literal> and
<literal>GDB</literal> specify which KDB backends to include.</para>
</listitem>
<listitem>
<para>WITNESS_DDB has been renamed to WITNESS_KDB.</para>
</listitem>
<listitem>
<para>DDB_TRACE has been renamed to KDB_TRACE.</para>
</listitem>
<listitem>
<para>DDB_UNATTENDED has been renamed to KDB_UNATTENDED.</para>
</listitem>
<listitem>
<para>SC_HISTORY_DDBKEY has been renamed to SC_HISTORY_KDBKEY.</para>
</listitem>
<listitem>
<para>DDB_NOKLDSYM has been removed.
The new DDB backend supports pre-linker symbol
lookups as well as KLD symbol lookups at the same time.</para>
</listitem>
<listitem>
<para>GDB_REMOTE_CHAT has been removed.
The GDB protocol hacks to allow this are &os; specific.
At the same time, the GDB protocol has packets for console
output.</para>
</listitem>
</itemizedlist>
<para>KDB also serves as the single point of contact for any and
all code that wants to make use of the debugger functions,
such as entering the debugger or handling of the
alternate break sequence.
For this purpose, the frontend has been made non-optional.
All debugger requests are forwarded or handed over to the current
backend, if applicable.
Selection of the current backend is done by the
<varname>debug.kdb.current</varname> sysctl.
A list of configured backends can be obtained with the
<varname>debug.kdb.available</varname> sysctl.
One can enter the debugger by writing to the
<varname>debug.kdb.enter</varname> sysctl.</para>
<para arch="amd64">Loadable kernel modules now work and are
enabled in the amd64 build.</para>
<para arch="i386">The loran (Loran-C receiver) driver has been removed due to
breakage and lack of maintainership.</para>
<para>A new kernel option <literal>MAC_STATIC</literal> which
disables internal MAC Framework synchronization protecting against
dynamic load and unload of MAC policies, has been added.</para>
<para>mballoc has been replaced with mbuma, an Mbuf and Cluster
allocator built on top of a number of extensions to the UMA framework.
Due to this change, the <varname>NMBCLUSTERS</varname> kernel option
is no longer used. The maximum number of the clusters is still
capped off according to <varname>maxusers</varname>,
but it can be made unlimited by setting the
<varname>kern.ipc.nmbclusters</varname> loader tunable to zero.</para>
<para>The midi driver, which supports serial port and several sound cards,
has been removed.</para>
<para>A bug in &man.mmap.2; that pages marked as <literal>PROT_NONE</literal>
may become readable under certain circumstances, has been fixed. &merged;</para>
<para>&man.nmdm.4; has been rewritten to improve its reliability.</para>
<para>The raid(4) driver (RAIDframe disk driver from NetBSD) has been removed.
It is currently non-functional, and would require some amount of work
to make it work under the &man.geom.4; API in 5-CURRENT.</para>
<para>The &man.pcm.4; driver has been modified to read
<filename>/boot/device.hints</filename> on startup, to allow setting
of default values for mixer channels.</para>
<para arch="sparc64">The &man.sab.4; driver now supports the
<literal>BREAK_TO_DEBUGGER</literal> kernel option.</para>
<para>The drivers for various sound cards has been reorganized;
<literal>device sound</literal> is the generic sound driver,
and <literal>device snd_*</literal> are device-specific sound drivers.</para>
<para arch="i386,pc98">The sx driver, which supports Specialix I/O8+ and I/O4+
intelligent multiport serial controllers, has been added.</para>
<para>A devclass level has been added to the dev sysctl tree,
in order to support per-class variables in addition to
per-device variables. This means that <varname>dev.foo0.bar</varname>
is now called <varname>dev.foo.0.bar</varname>, and it is
possible to to have <varname>dev.foo.bar</varname> as well.</para>
<para>A sysctl <varname>kern.sched.name</varname>
which has the name of the scheduler currently in use,
has been added, and the <varname>kern.quantum</varname> sysctl
has been moved to <varname>kern.sched.quantum</varname>
for consistency.</para>
<para arch="alpha,amd64,i386">For the &man.uart.4; device,
the <varname>hw.uart.console</varname> and
<varname>hw.uart.dbgport</varname> kernel environment variables
have been added. They can be used to select a serial console and
debug port respectively, as well as the attributes.</para>
<para>The &man.ubser.4; device driver has been added to support
BWCT console management serial adapters.</para>
<para>The ULE scheduler is now the default scheduler in the
<filename>GENERIC</filename> kernel. For the average user,
interactivity is reported to be better in many cases. This
means less <quote>skipping</quote> and <quote>jerking</quote> in
interactive applications while the machine is very busy. This
will not prevent problems due to overloaded disk subsystems, but
it does help with overloaded CPUs. On SMP machines, ULE has
per-CPU run queues which allow for CPU affinity, CPU binding,
and advanced HyperThreading support, as well as providing a
framework for more optimizations in the future. As fine-grained
kernel locking continues, the scheduler will be able to make
more efficient use of the available parallel resources.</para>
<!-- Above this line, sort kernel changes by manpage/keyword-->
<para>The device driver infrastructure (as well as many drivers)
have been updated. Among the changes: Many more drivers now use
automatically-assigned major numbers (instead of the old static
major numbers). Enhanced functions to support cloning of
pseudodevices. Several changes to the driver API, including a
new <varname>d_version</varname> field in <varname>struct
cdevsw</varname>. Note that third-party device drivers will
require recompiling after this change.</para>
<para>The pseudo-interface cloning has been updated and
the match function to allow creation of &man.stf.4;
interfaces named <devicename>stf0</devicename>,
<devicename>stf</devicename>, or <devicename>6to4</devicename>.
Note that this breaks backward compatibility; for example,
<command>ifconfig stf</command> now creates
the interface named <devicename>stf</devicename>,
not <devicename>stf0</devicename>, and does not print
<devicename>stf0</devicename> to stdout.</para>
<para>The kernel's file descriptor allocation code has been
updated, and is now derived from similar code in OpenBSD.</para>
<para arch="sparc64">On &os;/sparc64, <varname>time_t</varname>
has been changed from a 32-bit value to a 64-bit value.
<note>
<para>Since this change is not backward-compatible,
any programs which were built on an older system using
a 32-bit <varname>time_t</varname> and
call system routines for handling
<varname>time_t</varname> values, will have to be recompiled.
More detailed information and notice on upgrading from
the source can be found in
<filename>/usr/src/UPDATING.64BTT</filename>.</para>
</note>
</para>
<para arch="i386">It is now possible to compile the &os;/i386
kernel with the Intel C/C++ Compiler (as in the <filename
role="package">lang/icc</filename> port).</para>
<sect3 id="proc">
<title>Platform-Specific Hardware Support</title>
<para arch="i386">The entropy device &man.random.4; now
supports a hardware random number generator (RNG)
in the VIA C3 Nehemiah (Stepping 3 and above) CPU.</para>
<para arch="i386">Several old drivers for ISA cards have been removed,
including
the asc driver for GI1904-based hand scanners,
the ctx driver for CORTEX-I Frame Grabber,
the gp driver for National Instruments AT-GPIB and AT-GPIB/TNT boards,
the gsc driver for the Genius GS-4500 hand scanner,
the le driver for DEC EtherWORKS II and III Ethernet controllers,
the rdp driver for RealTek RTL 8002-based pocket Ethernet adapters,
the spigot driver for the Creative Labs Video Spigot video-acquisition board,
the stl and stli drivers for Stallion Technologies multiport serial
controllers, and the wt driver for Archive/Wangtek cartridge tapes.
They are currently non-functional, and would require a considerable
amount of work to make them work under the new API in 5-CURRENT.
The userland support such as related ioctls and utilities including
sasc and sgsc has also been removed.</para>
<para>A new sysctl, <varname>kern.always_console_output</varname>,
has been added. It makes output from the kernel go to the console despite
the use of <varname>TIOCCONS</varname>.</para>
</sect3>
<sect3 id="boot">
<title>Boot Loader Changes</title>
<para arch="i386">A serial console-capable version of
<filename>boot0</filename> has been added. It can be written
to a disk using &man.boot0cfg.8; and specifying
<filename>/boot/boot0sio</filename> as the argument to the
<option>-b</option> option.</para>
<para arch="i386"><filename>cdboot</filename> now works around a
BIOS problem observed on some systems when booting from USB
CDROM drives.</para>
<!-- Above this line, order boot loader changes by keyword-->
</sect3>
<sect3 id="net-if">
<title>Network Interface Support</title>
<para arch="i386">The &man.arl.4; driver, which supports
Aironet Arlan 655 wireless adapters has been added. &merged;</para>
<para arch="sparc64">The &man.dc.4; driver now supports sparc64
Davicom cards that store their MAC address in
OpenFirmware.</para>
<para>A short hiccup in the &man.em.4; driver during parameter
reconfiguration, has been fixed. &merged;</para>
<para>The &man.fwip.4; driver, which supports IP over FireWire has been added.
Note that currently the broadcast channel number is hardwired and
MCAP for multicast channel allocation is not supported.
This driver is intended to conform to the RFC 2734 and RFC 3146
standard for IP over FireWire and eventually replace
the &man.fwe.4; driver.</para>
<para>&man.fxp.4; now uses the device sysctl tree such as
<varname>dev.fxp0</varname>, and those sysctls can be set
on a per-device basis.</para>
<para>&man.fxp.4; now provides actual control over its capability
to receive extended Ethernet frames, indicated by the <literal>VLAN_MTU</literal> interface capability.
It can be toggled from userland with the aid of the
<option>vlanmtu</option> and <option>-vlanmtu</option> options
to &man.ifconfig.8;.</para>
<para arch="i386,pc98">The <devicename>hea</devicename>
(Efficient Networks, Inc. ENI-155p ATM adapter)
driver has been removed due to breakage. Its functionality
has been subsumed into the &man.en.4; driver.</para>
<para>The &man.ixgb.4; driver, which supports
Intel PRO/10GBE 10 gigabit Ethernet cards, has been
added. &merged;</para>
<para arch="i386">The lmc (LAN Media Corp. PCI WAN adapter) driver has been
removed due to breakage and lack of maintainership.</para>
<para arch="i386">&os; now provides a binary compatibility layer
for using &microsoft.windows; NDIS drivers for network
adapters under &os;/i386. It includes a relocator/linker for
&windows; <filename>.SYS</filename> files to interface with
the &os; kernel and emulates various parts of the NDIS API
using native &os; kernel functions. This system supports PCI
and CardBus network devices, and is designed principally for
Ethernet and wireless network interfaces.
For more information, see the &man.ndis.4; and
&man.ndiscvt.8; manual pages.</para>
<para>The &man.ng.atmllc.4; Netgraph node type, which handles
RFC 1483 ATM LLC encapsulation, has been added.</para>
<para>The &man.ng.hub.4; Netgraph node type, which supports
a simple packet distribution that acts like an Ethernet hub,
has been added. &merged;</para>
<para>The &man.ng.rfc1490.4; Netgraph node type now supports
Cisco style encapsulation, which is often used alongside
RFC 1490 in frame relay links.</para>
<para>The &man.ng.sppp.4; Netgraph node type, which is a &man.netgraph.4
interface to the original &man.sppp.4 network module for synchronous
lines, has been added.</para>
<para>A new Netgraph method has been added to restore some
behavior lost in the change from 4.<replaceable>X</replaceable> style &man.ng.tee.4;
Netgraph nodes.</para>
<para>The &man.ng.vlan.4; Netgraph node type, which supports
IEEE 802.1Q VLAN tagging, has been added. &merged;</para>
<para>A bug that prevents VLAN support in the &man.nge.4; driver
from working has been fixed. &merged;</para>
<para>The &man.pci.4; bus resource and power management have
been updated.
<note>
<para>Although the &man.pci.4; bus power state management
has been enabled by default, it may cause problems on some systems.
This can be disabled by setting the tunable
<varname>hw.pci.do_powerstate</varname> to 0.</para>
</note>
</para>
<para>Several bugs related to &man.polling.4; support
in the &man.rl.4; driver have been fixed. &merged;</para>
<para>Several bugs related to multicast and promiscuous mode
handling in the &man.sk.4; driver have been fixed.</para>
<para>The &man.ste.4; driver now supports &man.polling.4;.
&merged;</para>
<para>The &man.udav.4; driver has been added. It provides
support for USB Ethernet adapters based on the Davicom DM9601
chipset.</para>
<para>The &man.vr.4; driver now supports &man.polling.4;. &merged;</para>
<para>The hardware TX checksum support in the &man.xl.4; driver
has been disabled as it does not work correctly and slows down
the transmission rate. &merged;</para>
<para>Interface &man.polling.4; support
can now be enabled on a per-interface basis. All of the network drivers that support &man.polling.4;
(&man.dc.4;, &man.fxp.4;, &man.em.4;, &man.nge.4;, &man.re.4;,
&man.rl.4;, &man.sis.4;, &man.ste.4;, and &man.vr.4;)
now also support this capability and it can be controlled
via &man.ifconfig.8;. &merged;</para>
</sect3>
<sect3 id="net-proto">
<title>Network Protocols</title>
<para>The <literal>DA_OLD_QUIRKS</literal> kernel option,
which is for the CAM SCSI disk driver (&man.cam.4;),
has been removed. &merged;</para>
<para>The &man.gre.4; tunnel driver now supports WCCP version
2.</para>
<para>&man.ipfw.4; rules now support the <literal>versrcreach</literal>
option to verify that a valid route to the source address
of a packet exists in the routing table.
This option is very useful for routers with a complete view of
the Internet (BGP) in the routing table to reject packets with
spoofed or unroutable source addresses. For example,
<programlisting>deny ip from any to any not versrcreach</programlisting>
is equivalent to the following in Cisco IOS syntax:
<programlisting>ip verify unicast source reachable-via any</programlisting>
</para>
<para>&man.ipfw.4; now supports lookup tables. This feature is
useful for handling large sparse address sets. &merged;</para>
<para>A new sysctl <varname>net.inet.ip.process_options</varname>
to control the processing of IP options. When this sysctl
is set to <literal>0</literal> IP options are ignored and passed unmodified,
set to <literal>1</literal> all IP options are processed (default),
and set to <literal>2</literal> all packets with
IP options are rejected with an ICMP filter prohibited message,
respectively.</para>
<para>Some bugs in the IPsec implementation from the KAME
Project have been fixed. These bugs were related to freeing
memory objects before all references to them were removed, and
could cause erratic behavior or kernel panics after flushing
the Security Policy Database (SPD).</para>
<para>&man.natd.8; now supports multiple instances via
a new option <option>globalports</option>.
This allows &man.natd.8; to be bound to
different network interfaces and sharing of load.</para>
<para>The <literal>PFIL_HOOKS</literal> option is now enabled by
default in the <filename>GENERIC</filename> kernel. The most
notable effect of this change is to make
<application>IPFilter</application> work correctly when loaded
as a kernel module.</para>
<para>The link state change notification of Ethernet media
support has been added to the routing socket.</para>
<para>Link Quality Monitoring (LQM) support in &man.ppp.8;
has been reimplemented. LQM, which is described
in RFC 1989, allows PPP to keep track of the quality
of a running connection. &merged;</para>
<para>The following TCP features are now enabled by default: RFC
3042 (Limited Retransmit), RFC 3390 (increased initial
congestion window sizes), TCP bandwidth-delay product
limiting. More information can be found in &man.tcp.4;.</para>
<para>&os;'s TCP implementation now includes support for a
minimum MSS (settable via the
<varname>net.inet.tcp.minmss</varname> sysctl variable) and a
rate limit on connections that send many small TCP segments
within a short period of time (via the
<varname>net.inet.tcp.minmssoverload</varname> sysctl
variable). Connections exceeding this limit may be reset and
dropped. This feature provides protection against a class of
resource exhaustion attacks.</para>
<para>The TCP implementation now includes partial (output-only)
support for RFC 2385 (TCP-MD5) digest support. This feature,
enabled with the <literal>TCP_SIGNATURE</literal> and
<literal>FAST_IPSEC</literal> kernel options, is a TCP option
for authenticating TCP sessions. &man.setkey.8; now includes
support for the TCP-MD5 class of security associations.
&merged;</para>
<para>The TCP connection reset handling has been improved to
make several reset attacks as difficult as possible while
maintaining compatibility with the widest range of TCP stacks.</para>
<para>The implementation of RFC 1948 has been improved.
The time offset component of an ISN now includes random positive
increments between clock ticks so that ISNs will always
be increasing, no matter how quickly the port is recycled.</para>
<para>The random ephemeral port allocation, which come from OpenBSD
has been implemented. This is enabled by default and can be disabled
using the <varname>net.inet.ip.portrange.randomized</varname>
sysctl. &merged;</para>
<para>TCP Selective Acknowledgements (SACK) as described in RFC
2018 have been added. This improves TCP performance over
connections with heavy packet loss. SACK can be enabled with
the sysctl <varname>net.inet.tcp.sack.enable</varname>.</para>
</sect3>
<sect3 id="disks">
<title>Disks and Storage</title>
<para>The &man.ata.4; driver now supports cardbus ATA/SATA
controllers.</para>
<para>A number of bugs in the &man.ata.4; driver have been
fixed. Most notably, master/slave device detection should
work better, and some problems with timeouts should be
resolved.</para>
<para>The &man.ata.4; driver now supports the Promise command
sequencer present on all modern Promise controllers
(PDC203** PDC206**).
<note>
<para>This also adds preliminary support for the
Promise SX4/SX4000 as a <quote>normal</quote> Promise ATA
controller; ATA RAID's are supported though
but only RAID0, RAID1 and RAID0+1.</para>
</note>
</para>
<para arch="pc98">A bug of the automatic density selection code
in the &man.fd.4; driver has been fixed.</para>
<para>The &man.ips.4; driver now supports the recent
Adaptec ServeRAID series SCSI controller cards.</para>
<para arch="sparc64">A bug in the &man.isp.4; driver
which prevents the cards on SBus from working correctly,
has been fixed.</para>
<para arch="i386">The &man.twa.4; driver, which supports
3ware's 9000 series PATA/SATA RAID controllers has been added. &merged;</para>
<para>The &man.umass.4; driver now supports the missing
ATAPI MMC commands and handles the timeout properly. &merged;</para>
<para>The &man.vinum.4; volume manager, has been updated to use
&man.geom.4;, the 5.x disk I/O request transformation framework.
A gvinum userland tool has been added.</para>
<para arch="sparc64">The &man.esp.4; device driver has been
ported from NetBSD to support the SBus SCSI card in Sun Ultra
1e and 2 machines.</para>
<para>Support for LSI-type software RAID has been added.</para>
</sect3>
<sect3 id="fs">
<title>File Systems</title>
<para>The EXT2FS file system code now includes partial support
for large (&gt; 4GB) files. This support is partial in that
it will refuse to create large files on filesystems that have
not been upgraded to <literal>EXT2_DYN_REV</literal> or that
do not have the
<literal>EXT2_FEATURE_RO_COMPAT_LARGE_FILE</literal> flag set
in the superblock.</para>
<para>A bug in GEOM that could result in I/O hangs in some rare
cases has been fixed.</para>
<para>A new <literal>GEOM_CONCAT</literal>
class has been added to concatenate
multiple disks to appear as a single larger disk.</para>
<para>A new <literal>GEOM_NOP</literal> class for various
testing purposes has been added.</para>
<para>A new <literal>GEOM_STRIPE</literal>
class which implements RAID0 transformation has been added.
This class has two modes: <quote>fast</quote> and
<quote>economic</quote>. In fast mode,
when very small stripe size is used, only one I/O request
will be sent to every disk in a stripe; it performs about 10
times faster for small stripe sizes than economic
mode and other RAID0 implementations.
While fast mode is used by default,
it consumes more memory than
economic mode, which sends requests each time.
Economic mode can be enabled by setting a loader tunable
<varname>kern.geom.stripe.fast</varname> to 0.
It is also possible to specify the maximum memory
that fast mode can consume,
by setting the loader tunable
<varname>kern.geom.stripe.maxmem</varname>.</para>
<para>GEOM Gate, which consists of a new <literal>GEOM_GATE</literal>
class and several GEOM Gate userland utilities
(&man.ggatel.8;, &man.ggatec.8;,
and &man.ggated.8;) has been added. It supports exporting
devices, including non GEOM-aware devices, through the network.</para>
<para>A new <literal>GEOM_LABEL</literal>
class to detect volume labels on various file systems,
such as UFS, MSDOSFS (FAT12, FAT16, FAT32), and ISO9660,
has been added.</para>
<para>A new <literal>GEOM_GPT</literal> kernel option,
which supports GPT partitions and the ability to have a large
number of partitions on a single disk, has been added into
<filename>GENERIC</filename> by default.</para>
<para>A new <literal>GEOM_VINUM</literal> class to support
cooperation between &man.vinum.4; and &man.geom.4;
has been added.</para>
<para>A panic in the NFSv4 client has been fixed; this occurred
when attempting operations against an NFSv3/NFSv2-only
server.</para>
<para>The SMBFS client now has support for SMB request signing,
which prevents <quote>man in the middle</quote> attacks and is
required in order to connect to Windows 2003 servers in their
default configuration. As signing each message imposes a
significant performance penalty, this feature is only enabled
if the server requires it; this may eventually become an
option to &man.mount.smbfs.8;.</para>
<para>The <literal>options MSDOSFS_LARGE</literal> kernel option
has been added to support for FAT32 filesystems bigger
than 128GB. This option is disabled by default. It
uses at least 32 bytes of kernel memory for
each file on disk; furthermore it is only safe to use in certain
controlled situations, such as read-only mount
with less than 1 million files and so on.
Exporting these large filesystems
over NFS is not supported.</para>
</sect3>
<sect3 id="mm">
<title>Multimedia Support</title>
<para>The meteor (video capture) driver has been removed due to
breakage and lack of maintainership.</para>
<para>The Direct Rendering Manager (DRM) code has been updated
from the DRI Project CVS tree as of 2004-05-26. This update
includes new PCI IDs and a new packet for Radeon.</para>
</sect3>
<sect3>
<title>Contributed Software</title>
<para>The <application>ALTQ framework</application>
has been imported from a KAME snapshot as of 20040607.
This import breaks ABI compatibility of
<varname>struct ifnet</varname> and requires all network
drives to be recompiled.
Additionally some of the networking drivers have been
modified to support the ALTQ framework.
Updated drivers are &man.bfe.4;, &man.em.4;, &man.fxp.4;,
&man.em.4;, &man.lnc.4;, &man.tun.4;, &man.de.4;,
&man.rl.4;, &man.sis.4;, and &man.xl.4;.</para>
<para><application>IPFilter</application> has been updated
from version 3.4.31 to version 3.4.35 &merged;.</para>
<para arch="ia64">An ia64 stack unwinder,
<application>Unwind Express (libuwx)</application>
by Hewlett-Packard has been imported for use in the kernel.</para>
</sect3>
</sect2>
<sect2 id="userland">
<title>Userland Changes</title>
<para>&man.bsdlabel.8; now supports a <option>-f</option> option
to work on files instead of disk partitions.</para>
<para>&man.bsdtar.1; is now the default &man.tar.1; utility in the &os;
base system. <filename>/usr/bin/tar</filename>
has been a symlink pointing to
<filename>/usr/bin/bsdtar</filename> by default.
To return to using <filename>/usr/bin/gtar</filename> by
default, the <varname>WITH_GTAR</varname>
make variable can be used.</para>
<para>The <command>bthidcontrol</command> and
<command>bthidd</command> commands, which support Bluetooth
HIDs (Human Interface Devices), have been added.</para>
<para>&man.conscontrol.8; now supports
<literal>set</literal> and <literal>unset</literal>
commands which set/unset the virtual console.
<literal>unset</literal> makes outputs from the system, such as
the kernel &man.printf.9;, always go out to the real
main console. This is an interface to the tty ioctl
<varname>TIOCCONS</varname>.</para>
<para>The &man.cron.8 daemon now accepts two new options,
<option>-j</option> and <option>-J</option>, to enable
time jitter for jobs to run as unprivileged users and the
superuser, respectively. Time jitter means that &man.cron.8
will sleep for a small random period of time in the specified
range before executing a job. This feature is intended to
smooth load peaks appearing when a lot of jobs are scheduled
for a particular moment. &merged;</para>
<para>&man.cut.1; <option>-c</option>,
<option>-d</option>, and <option>-f</option>
now work correctly in locales with multibyte characters.</para>
<para>&man.cvs.1; now supports <option>iso8601</option>
option keyword to print dates in ISO 8601 format.</para>
<para>&man.daemon.8; now supports a <option>-p</option>
option to create a PID file.</para>
<para>&man.df.1; now supports a <option>-c</option> option to display
a grand total of statistics for file systems.</para>
<para>The <command>doscmd</command> utility has been
removed from the &os; base system. It is now available
via the <filename role="package">emulators/doscmd</filename>
port in the &os; Ports Collection.</para>
<para>&man.dump.8; and &man.restore.8; now support
a <option>-P</option> option to specify backup methods
other than files and tapes. The argument is passed to
a normal &man.sh.1; pipeline with either
<varname>$DUMP_VOLUME</varname> or <varname>$RESTORE_VOLUME</varname>
defined in the environment, respectively.
For more information, see &man.dump.8; and &man.restore.8;.</para>
<para>The &man.eeprom.8; utility to display and
modify system configurations stored in EEPROM or NVRAM
has been added. The current implementation supports
systems equipped with Open Firmware.</para>
<para arch="pc98">The &man.fdcontrol.8;, &man.fdformat.1;, and
&man.fdread.1; utilities now work on &os;/pc98.</para>
<para>&man.fgetwln.3; function, a wide character version of
&man.fgetln.3; has been added.</para>
<para>The &man.find.1; utility now supports a <option>-acl</option>
primary to locate files with &man.acl.3;.</para>
<para>The &man.find.1; utility now supports a new primary
<option>-depth <replaceable>n</replaceable></option>
which tests whether the depth of the current file relative
to the starting point of the traversal is <replaceable>n</replaceable>.
&merged;</para>
<para>&man.ftw.3; and &man.nftw.3; functions have been implemented.
These are used to traverse a directory hierarchy.</para>
<para>The &man.geom.8; utility for operating on GEOM classes
from the userland has been added.</para>
<para>The &man.id.1; now supports a <option>-M</option> option
to print the MAC label of the current process.</para>
<para>&man.ifconfig.8; now supports renaming of network interfaces
at run-time using the <option>name</option> parameter.</para>
<para>&man.ifconfig.8; now prints the &man.polling.4; status
on the interface. &merged;</para>
<para>&man.ifconfig.8; now provides the
<option>vlanmtu</option> and <option>-vlanmtu</option> options,
which control the capability of some Ethernet interfaces
to receive extended frames (i.e. frames containing more than
1500 bytes of payload).</para>
<para>&man.ifconfig.8; now provides the
<option>vlanhwtag</option> and <option>-vlanhwtag</option> options,
which control the capability of some Ethernet interfaces
to process VLAN tags in the hardware.</para>
<para>&man.indent.1; now supports a <option>-ldi</option> option
to control indentation of local variables. A number of other
tunings were made to this utility.</para>
<para>&man.indent.1; now supports <option>-fbs</option> and
<option>-ut</option> for function declarations
with the opening brace on the same line as the declaration
of arguments all spaces and no tabs in order
to fix problem when non-8 space tabs are used.</para>
<para>&man.ip6fw.8; now supports a <option>-n</option> flag to
stop it from making any changes to the rules in the kernel</para>
<para>&man.ipcs.1; now supports a <option>-u</option> option to
display information about IPC mechanisms owned by the specified
user.</para>
<para>&man.ipfw.8; now supports a <option>-b</option> flag to
print only the action and comment for each rule, thus omitting
the rule body.</para>
<para>&man.jail.8; now supports a <option>-U</option> option to
run command as a user which exists only in the &man.jail.2;
environment.</para>
<para>&man.join.1; now supports multibyte characters.</para>
<para>&man.killall.1; now supports a <option>-e</option> flag to
make the <option>-u</option> operate on effective, rather than
real, user IDs. &merged;</para>
<para>&man.libalias.3; now has support (and a new API) for
multiple aliasing instances in a single process. The existing
API has been reimplemented in terms of the new one to preserve
compatibility.</para>
<para>A <filename>libarchive</filename> library for manipulation
of compressed and uncompressed archive files has been
added. More details can be found in &man.libarchive.3;.</para>
<para arch="pc98"><filename>libdisk</filename> now uses the
correct PC98 disk partition value for &os;. This permits the
&man.sysinstall.8; disk partition editor to correctly create a
single &os; partition covering the entire disk. &merged;</para>
<para><filename>libdisk</filename> now uses
<varname>d_addr_t</varname> for disk addresses.
This allows &man.sysinstall.8; to properly handle disks
and filesystems more than 1 TB.</para>
<para arch="i386,pc98,amd64,ia64">The library formerly known as
<filename>libkse</filename> has been renamed
<filename>libpthread</filename> and is now the default threading
library on the i386, amd64, and ia64 platforms.
<application>GCC</application>'s <option>-pthread</option>
option has been changed to use <filename>libpthread</filename>
rather than <filename>libc_r</filename>.
<note>
<para>Users with older binaries (for example, ports compiled
before this change was made) should use &man.libmap.conf.5;
to map <filename>libc_r</filename> and/or
<filename>libkse</filename> to
<filename>libpthread</filename>.</para>
</note>
<note>
<para>Users with NVIDIA-supplied drivers and libraries may
need to use a &man.libmap.conf.5; that maps
<filename>libpthread</filename> references to the older
<filename>libc_r</filename> since these drivers and
utilities do not work with
<filename>libpthread</filename>.</para>
</note>
</para>
<para>&man.ls.1; now treat filenames as multibyte character strings
according to the current <varname>LC_CTYPE</varname>
when determining which characters are printable.</para>
<para>&man.make.1; now supports the new <literal>.warning</literal>
directive.</para>
<para>nearbyint(3) and nearbyintf(3) C99 functions
have been implemented.</para>
<para>&man.newsyslog.8; now allows the users to set
a debugging option via the <filename>newsyslog.conf</filename>
file.</para>
<para>&man.newsyslog.8; now uses a new order when processing
files to rotate. It first rotates all files that need
to be rotated, then sends a single signal to each process
which needs to be signaled, and finally compresses
all the files that were rotated.</para>
<para>A &man.nextwctype.3; function to iterate over all characters
in a particular character class
has been added.</para>
<para>Initial support for UTF-8 versions of all the currently
supported system locales has been added. This is primarily
for the benefit of the <filename role="package">misc/utf8locale</filename>
port.</para>
<para>An Israel Hebrew locale <literal>he_IL.UTF-8</literal>
has been added.</para>
<para>The &man.logins.1; utility has been added to display
information about user and system accounts.</para>
<para>&man.mountd.8; now supports the <option>-p</option> option,
which allows users to specify a known port for use
in firewall rulesets.</para>
<para>&man.netstat.1; now displays the multicast group
memberships present in the system.</para>
<para>&man.newfs.8; and &man.mdmfs.8; now support a
<option>-l</option> flag to enable them to set the MAC
multilabel flag on new filesystems without requiring the use of
&man.tunefs.8;.</para>
<para>&man.nologin.8; now reports login attempts via
&man.syslogd.8;.</para>
<para>&man.nologin.8; has been moved from <filename>/sbin/nologin</filename>
to <filename>/usr/sbin/nologin</filename>.
<filename>/sbin/nologin</filename> remains as a symbolic link
for backward compatibility.</para>
<para>A bugfix has been applied to NSS support, which fixes
problems when using third-party NSS modules (such as <filename
role="package">net/nss_ldap</filename>) and groups with large
membership lists.</para>
<para>&man.od.1; now has POSIX-style support for multibyte
characters.</para>
<para>The &man.pgrep.1; and &man.pkill.1; commands, which come from NetBSD,
have been added. They also support a <option>-M</option> option
to extract values associated with the name list from the
specified core instead of the default <filename>/dev/kmem</filename>,
and a <option>-N</option> option to extract the name list from
the specified system instead of the default kernel.</para>
<para>The userland &man.ppp.8; implementation now supports a <quote>set rad_alive
<replaceable>N</replaceable></quote> command
to enable periodic RADIUS accounting information
being sent to the RADIUS server.</para>
<para>&man.ps.1; compatibility with POSIX/SUSv3 has been improved.
The changes include <option>-p</option> for a list of process IDs,
<option>-t</option> for a list of terminal names,
<option>-A</option> which is equivalent to <option>-ax</option>,
<option>-G</option> for a list of group IDs,
<option>-X</option> which is the opposite of <option>-x</option>,
and some minor improvements. For more information, see &man.ps.1;.
&merged;</para>
<para>&man.ps.1; now supports a <option>-O emul</option>
format option, which prints the name of the system call emulation
environment the process is in.</para>
<para>&man.pw.8; now supports a <option>-H</option> option, which
accepts an encrypted password on a file descriptor. &merged;</para>
<para>A bug in &man.rarpd.8; that prevents it from working properly
when a interface has more than one IP address has been fixed.
&merged;</para>
<para>&man.regex.3; now supports regular expression matching aware
of multibyte characters.</para>
<para>The configuration files used by the &man.resolver.3; now
support the <literal>timeout:</literal> and
<literal>attempts:</literal> keywords.</para>
<para>The &man.resolver.3; and associated interfaces are now much
more reentrant and thread-safe. Multiple DNS lookups can now be
run at the same time, showing major improvements in the
performance of some multi-threaded applications. Some
multi-threaded programs need to be recompiled; examples from the
Ports Collection are <filename
role="package">www/mozilla</filename> and variants, <filename
role="package">mail/evolution</filename>, <filename
role="package">devel/gnomevfs</filename>, and <filename
role="package">devel/gnomevfs2</filename>.</para>
<para>&man.rev.1; now supports multibyte characters.</para>
<para>&man.rmdir.1; now supports a <option>-v</option> flag,
which makes it verbose.</para>
<para>&man.savecore.8; now works correctly for dump files larger
than 2GB.</para>
<para>A bug in &man.script.1; has been fixed so that it now works
correctly if its stdin is closed. This fix prevents a
potentially dangerous interaction with the <filename
role="package">sysutils/portupgrade</filename> package; if it was
run non-interactively, it could remove all out-of-date
ports without reinstalling them.</para>
<para>The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon
has been added.</para>
<para>&man.sed.1; <literal>y</literal> (translate) command
now supports multibyte characters.</para>
<para>The &man.sha1.1; and &man.rmd160.1; utilities have been added.
Similar to &man.md5.1;, they calculate a message digest of their
inputs.
&merged;</para>
<para>&man.smbmsg.8;, a small utility to send/receive SMBus messages,
has been added.</para>
<para arch="sparc64">&man.sunlabel.8; now supports two new flags:
<option>-c</option> to calculate all partition sizes
in cylinders as opposed to sectors, and
<option>-h</option> to print the label in human readable
size/offset format.</para>
<para>&man.talk.1; now use <hostid>localhost</hostid>
as a default machine name in &man.talkd.8;
request packets, when the destination and source are local.
This makes &man.talk.1; dependent on a valid host entry
for <hostid>localhost</hostid> in <filename>/etc/hosts</filename>
or the DNS.</para>
<para>&man.tftpd.8; now supports two new options:
a <option>-w</option> option allows new files to be created,
and a <option>-U</option> option allows the umask to be set.</para>
<para>&man.top.1; now supports to display the current amount
of I/O. This feature can be enabled by hitting <quote>m</quote>
or passing the command line option <option>-m io</option>.</para>
<para>&man.tr.1; now supports multibyte characters.</para>
<para arch="amd64">&man.truss.1; now includes early support
for &os;/amd64.</para>
<para>Many userland utilities in the base system (mostly GNU
contributed utilities) now use the system version of
&man.getopt.long.3;, rather than the GNU version.</para>
<sect3 id="rc-scripts">
<title><filename>/etc/rc.d</filename> Scripts</title>
<para>The <filename>diskless</filename> script has been
split out into <filename>hostname</filename>,
<filename>resolve</filename>, <filename>tmp</filename>, and
<filename>var</filename> scripts.</para>
<para>The <filename>gbde_swap</filename> script, which supports
gbde-enabled swap devices has been added.
When the <varname>gbde_swap_enable</varname> variable is specified
in &man.rc.conf.5;, a swap device named
<filename>/dev/<replaceable>foo.bde</replaceable></filename>
in &man.fstab.5;
is automatically attached at boot time with the device
<filename>/dev/<replaceable>foo</replaceable></filename>
and a random key, which
generated by computing the MD5 checksum of 512 bytes read
from <filename>/dev/random</filename>.
Note that this prevents recovery of kernel dumps.</para>
<para>The <varname>ip6addrctl_enable</varname> and
<varname>ip6addrctl_verbose</varname> have been added.
When <varname>ip6addrctl_enable</varname> is set
to <literal>YES</literal>,
the address selection policy is installed into the kernel.
If there is <filename>/etc/ip6addrctl.conf</filename>
it will be used, otherwise a default policy will be installed.
The default policy is one described in RFC 3484 when
<varname>ipv6_enable</varname> is set to <literal>YES</literal>.
Otherwise, the priority policy for IPv4 address will be used
as a default policy.</para>
<para>The <filename>mixer</filename> script has been added.
It saves the current settings of all audio mixers present
in the system on shutdown and restores the settings on boot.</para>
<para>The <filename>pf</filename> and <filename>pflog</filename>
scripts for &man.pf.4; has been added.</para>
</sect3>
</sect2>
<sect2 id="contrib">
<title>Contributed Software</title>
<para>The <application>ACPI-CA</application> code has been updated
from the 20030619 snapshot to the 20040527 snapshot.</para>
<para>The <application>AMD (am-utils)</application> has been updated
from version 6.0.9 to version 6.0.10p1.</para>
<para><application>awk</application> from Bell Labs has been
updated from the 29 July 2003 release to the 7 February 2004
release.</para>
<para><application>Binutils</application> have been updated to
a 23 May 2004 snapshot from the FSF 2.15 branch.</para>
<para><application>CVS</application> has been updated from
version 1.11.15 to version 1.11.17. &merged;</para>
<para><application>gdtoa</application> (a library that performs
conversions of numbers between binary and decimal form) has been
updated from version 20030324 to version 20040118.</para>
<para><application>GDB</application> has been updated to version
6.1.1.</para>
<para><application>GNU grep</application> has been updated from
2.4d to 2.5.1.</para>
<para><application>less</application> has been updated from
version 371 to version 381.</para>
<para><application>GNU readline</application> 4.3 has been updated
with official patches 001 through 005.</para>
<para>The <application>GNU regex</application> library has been
updated to the version included with <application>GNU
grep</application> 2.5.1.</para>
<para><application>GNU sort</application> has been updated from
textutils 2.1 to coreutils 5.2.1.</para>
<para>The <application>GNU tar</application> implementation in the
base system is now called <filename>gtar</filename>.</para>
<para><application>Heimdal Kerberos</application> has been
updated from 0.6 to 0.6.1.</para>
<para>The <application>ISC DHCP</application> client has been
updated from 3.0.1 RC10 to 3.0.1 RC14.</para>
<para><application>libpcap</application> has been updated from
version 0.7.1 to version 0.8.3.</para>
<para><application>lukemftp</application>
has been updated from a snapshot as of
November 3, 2003 to one as of April 26, 2004.</para>
<para><application>OpenPAM</application> has been updated from the
Dogwood release to the Eelgrass release.</para>
<para><application>OpenSSH</application> has been updated from
3.6.1p1 to 3.8.1p1.
<note>
<para>The configuration defaults for &man.sshd.8; have been
changed. SSH protocol version 1 is no longer enabled by
default. In addition, password authentication over SSH is
disabled by default if PAM is enabled.</para>
</note>
</para>
<para><application>OpenSSL</application> has been updated from
0.9.7c to 0.9.7d. &merged;</para>
<para><application>pf</application>, OpenBSD's packet filter as of
OpenBSD 3.5, has been imported into &os; source tree and is now installed
by default. Two new users (<username>proxy</username> and
<username>_pflogd</username>) and three new
groups (<username>authpf</username>, <username>proxy</username>,
and <username>_pflogd</username>),
which <application>pf</application> needs, have been added as well.</para>
<note>
<para>On upgrading from source, these user accounts must be
added in advance. <literal>mergemaster -p</literal> can be
used to assist in creating the proper entries in the
&man.passwd.5; and &man.group.5; files.
The <varname>NO_PF</varname> variable
in <filename>make.conf</filename> can be used to prevent
<application>pf</application> from building.</para>
</note>
<para>Several userland utilities of OpenBSD's
<application>pf</application> have been imported.
<filename>libexec/ftp-proxy</filename> is an ftp proxy for
<application>pf</application>,
<filename>sbin/pfctl</filename> is an equivalent to
<filename>sbin/ipf</filename>,
<filename>sbin/pflogd</filename>
is a daemon logging packets via <literal>if_pflog</literal>
in pcap format, and
<filename>usr.sbin/authpf</filename> is an authentication shell
to modify pf rulesets.</para>
<para><application>routed</application> has been updated from
release 2.22 to release 2.27 from rhyolite.com. Note that for
users relying on RIP's MD5 authentication feature,
&man.routed.8; routed is now incompatible with previous versions
of &os;; however it is now compatible with implementations from
Sun, Cisco and other vendors.</para>
<para><application>sendmail</application> has been updated from
version 8.12.10 to version 8.13.1. &merged;</para>
<para><application>tcpdump</application> has been updated from
version 3.7.1 to version 3.8.3.</para>
<para><application>tcsh</application> has been updated from
version 6.11 to version 6.13.00.</para>
<para>The timezone database has been updated from
<filename>tzdata2003a</filename> to
<filename>tzdata2004a</filename>.</para>
<para><application>zlib</application> has been updated
from version 1.1.4 to version 1.2.1.</para>
</sect2>
<sect2 id="ports">
<title>Ports/Packages Collection Infrastructure</title>
<para>The <literal>SIZE</literal> attribute for distfiles,
which can be used for checking file sizes before fetching,
has been added and enabled by default.
<varname>DISABLE_SIZE</varname> is a user control knob
to disable the distfile size checking. This is especially
useful on old &os; versions which did not have &man.fetch.1;
support for this, and for some FTP proxies which always
report incorrect or bogus sizes.</para>
<para>Two new files have been added to the ports tree to track
note-worthy changes: <filename>ports/CHANGES</filename> lists
major changes to the Ports Collection and its infrastructure.
<filename>ports/UPDATING</filename> describes some potential
pitfalls that can be encountered when updating certain ports,
analogous to <filename>src/UPDATING</filename> for the base
system.</para>
<para>The version number parsing code has been rewritten in the
system pkg tools, restoring compatibility with 4.x and
portupgrade.</para>
<para>The package tools can now match packages with relational
operators and csh-style {...} choices, e.g.:</para>
<screen>&prompt.root; <userinput>pkg_info -I 'docbook>=3.0'</userinput></screen>
<para>will list (all) docbook DTDs with at least version 3.0.
Additional command line options have also been added to aid
pattern matching.</para>
<para>The package tools have improved handling of corrupt package
databases.</para>
<para>&man.pkg.create.1; now supports a <option>-S</option>
option to make all <literal>@cwd</literal> be prefixed
during package creation.</para>
<para>&man.pkg.info.1; now supports a <option>-j</option>
option to show the requirements script for each package.</para>
</sect2>
<sect2 id="releng">
<title>Release Engineering and Integration</title>
<para arch="i386,pc98">The building process for boot floppy images
has been completely overhauled. The most significant change is
that the loader now boots a stock <filename>GENERIC</filename>
kernel split across multiple disks (two at the time of this
writing). This greatly improves installations that begin with a
boot from floppy disk, because they now use exactly the same
kernel (and thus support the same hardware) as CDROM
installations. The stripped-down <filename>MFSROOT</filename>
kernel is no longer needed, and the <filename>mfsroot</filename>
image no longer requires kernel modules. The
<filename>boot.flp</filename> and
<filename>driver.flp</filename> images are also obsolete and no
longer built.</para>
<para>The supported release of <application>GNOME</application>
has been updated from 2.4 to 2.6.
<note>
<para>If you are using the older <application>GNOME</application>
desktop itself (<filename role="package">x11/gnome2</filename>), simply upgrading it from the &os; Ports Collection
with
&man.portupgrade.1;
(<filename role="package">sysutils/portupgrade</filename>)
will cause serious problems.
If you are a <application>GNOME</application> desktop user,
please read the instructions carefully at
<ulink url="&url.base;/gnome/docs/faq26.html"></ulink>,
and use the <filename>gnome_upgrade.sh</filename> script to
properly upgrade to <application>GNOME</application> 2.6.</para>
<para>Note that if you are just a casual user of some of the
<application>GNOME</application> libraries,
&man.portupgrade.1; should be sufficient
to update your ports.</para>
</note>
</para>
<para>The supported release of <application>KDE</application>
has been updated from 3.1.4 to 3.2.3.</para>
<para>The <filename role="package">security/portaudit</filename> utility
has been added to the &os; Ports Collection. This utility will read a database
containing known ports vulnerabilities and report them to the
administrator.</para>
</sect2>
<sect2 id="doc">
<title>Documentation</title>
<para></para>
</sect2>
</sect1>
<sect1 id="upgrade">
<title>Upgrading from previous releases of &os;</title>
<para>Users with existing &os; systems are
<emphasis>highly</emphasis> encouraged to read the <quote>Early
Adopter's Guide to &os; &release.current;</quote>. This document generally has
the filename <filename>EARLY.TXT</filename> on the distribution
media, or any other place that the release notes can be found. It
offers some notes on upgrading, but more importantly, also
discusses some of the relative merits of upgrading to &os;
5.<replaceable>X</replaceable> versus running &os;
4.<replaceable>X</replaceable>.</para>
<important>
<para>Upgrading &os; should, of course, only be attempted after
backing up <emphasis>all</emphasis> data and configuration
files.</para>
</important>
</sect1>
Reference in New Issue View Git Blame Copy Permalink