d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fb5caa50ab
freebsd-dev/release/doc/en_US.ISO8859-1/relnotes/article.sgml
Bruce A. Mah fb5caa50ab New release notes: RFC 3042 (limited transmit), RFC 3390 (increased 
initial TCP window sizes).

Submitted by:	hsu
2003-03-14 16:56:27 +00:00

646 lines
25 KiB
Plaintext
Raw Blame History

<articleinfo>
<title>&os;/&arch; &release.current; Release Notes</title>
<corpauthor>The FreeBSD Project</corpauthor>
<pubdate>$FreeBSD$</pubdate>
<copyright>
<year>2000</year>
<year>2001</year>
<year>2002</year>
<year>2003</year>
<holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
</copyright>
<abstract>
<para>The release notes for &os; &release.current; contain a summary
of
<![ %include.historic; [
the changes made to the &os; base system since &release.prev;.
]]>
<![ %no.include.historic; [
recent changes made to the &os; base system on the &release.branch;
development branch.
]]>
Both changes for kernel and userland are listed, as well as
applicable security advisories that were issued since the last
release. Some brief remarks on upgrading are also presented.</para>
</abstract>
</articleinfo>
<sect1 id="intro">
<title>Introduction</title>
<para>This document contains the release notes for &os;
&release.current; on the &arch.print; hardware platform. It
describes recently added, changed, or deleted features of &os;.
It also provides some notes on upgrading
from previous versions of &os;.</para>
<![ %release.type.snapshot [
<para>The &release.type; distribution to which these release notes
apply represents a point along the &release.branch; development
branch between &release.prev; and the future &release.next;. Some
pre-built, binary &release.type; distributions along this branch
can be found at <ulink url="&release.url;"></ulink>.</para>
]]>
<![ %release.type.release [
<para>This distribution of &os; &release.current; is a
&release.type; distribution. It can be found at <ulink
url="&release.url;"></ulink> or any of its mirrors. More
information on obtaining this (or other) &release.type;
distributions of &os; can be found in the <ulink
url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining
FreeBSD</quote> appendix</ulink> to the <ulink
url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD
Handbook</ulink>.</para>
]]>
</sect1>
<sect1 id="new">
<title>What's New</title>
<para>This section describes
<![ %include.historic; [
the most user-visible new or changed features in &os;
since &release.prev;.
In general, changes described here are unique to the &release.branch;
branch unless specifically marked as &merged; features.
]]>
<![ %no.include.historic; [
many of the user-visible new or changed features in &os;
since &release.prev;. It includes items that are unique to the
&release.branch; branch, as well as some features that may have been
recently merged to
other branches (after &os; &release.prev.historic;). The later
items are marked as &merged;.
]]>
</para>
<para>Typical release note items
document new drivers or hardware support, new commands or options,
major bugfixes, or contributed software upgrades. Applicable security
advisories issued after &release.prev.historic; are also listed.</para>
<para>Many additional changes were made to &os; that are not listed
here for lack of space. For example, documentation was corrected
and improved, minor bugs were fixed, insecure coding practices
were audited and corrected, and source code was cleaned up.</para>
<sect2 id="security">
<title>Security Advisories</title>
<para>A remotely exploitable vulnerability in
<application>CVS</application> has been corrected with the
import of version 1.11.5. More details can be found in security
advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc">FreeBSD-SA-03:01</ulink>.
&merged;</para>
<para>A timing-based attack on <application>OpenSSL</application>,
which could allow a very powerful attacker access to plaintext
under certain circumstances, has been prevented via an upgrade
to <application>OpenSSL</application> 0.9.7. See security
advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc">FreeBSD-SA-03:02</ulink>
for more details. &merged;</para>
<para>The security and performance of the
<quote>syncookies</quote> feature has been improved to decrease
the chance of an attacker being able to spoof connections.
More details are given in security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc">FreeBSD-SA-03:03</ulink>. &merged;</para>
<para>A remotely-exploitable buffer overflow vulnerability in
<application>sendmail</application> has been fixed by updating
<application>sendmail</application> to version 8.12.8. For more
details, see security advisory <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc">FreeBSD-SA-03:04</ulink>.
&merged;</para>
</sect2>
<sect2 id="kernel">
<title>Kernel Changes</title>
<para arch="pc98">Support for the CanBe power management
controller has been added. &merged;</para>
<para>&man.devfs.5; is now mandatory; the
<literal>NODEVFS</literal> option has been removed from the set of
possible kernel configuration options.</para>
<para>A minor bug in the permissions handling of
<filename>/dev/tty</filename> has been fixed. As a result,
&man.ssh.1; can now be used after &man.su.1;.</para>
<para>A bug that caused &man.fstat.2; to return
<literal>0</literal> as the number of bytes available to read
from a TCP socket has been fixed.</para>
<para>A bug that caused &man.kqueue.2; to report
<literal>0</literal> as the number of bytes available to read
from a TCP socket has been fixed. The
<literal>NOTE_LOWAT</literal> flag for
<literal>EVFILT_READ</literal> has been fixed.</para>
<para>Linux emulation mode now supports IPv6.</para>
<!-- Above this line, sort kernel changes by manpage/keyword-->
<para>A second process scheduler, designed to be a general purpose
scheduler with many SMP benefits, has been added to the scheduler
framework. Exactly one scheduler must be specified in a kernel
configuration. The original scheduler may be selected using
<literal>options&nbsp;SCHED_4BSD</literal>. The newer
(experimental) scheduler can be selected by using
<literal>options&nbsp;SCHED_ULE</literal>.</para>
<sect3>
<title>Processor/Motherboard Support</title>
<para arch="i386">&os; now has rudimentary support for
HyperThreading (HTT). SMP kernels with the
<literal>HTT</literal> kernel option will detect and start up
the logical processors on HTT-capable machines. The logical
processors will be treated like additional physical processors
for the purposes of process scheduling. &merged;</para>
</sect3>
<sect3>
<title>Bootloader Changes</title>
<para arch="alpha">The alpha boot loader
(<filename>boot1</filename>) can now be called
<filename>boot</filename> for consistency with other
platforms.</para>
<para arch="i386,pc98">The two parts of the boot loader
(<filename>boot1</filename> and <filename>boot2</filename>)
have been combined into a single <filename>boot</filename>
file, to simplify programs that need to write or otherwise
manipulate the boot loader.</para>
<para arch="pc98">The PC98 bootloader now has support for
booting from SCSI MO media. &merged;</para>
<para>The <filename>/modules</filename> directory (once the
default location for modules on &os; 4.X) is no longer a
part of the default <varname>kern.module_path</varname>.
Third-party modules should be placed in
<filename>/boot/modules</filename>.
<note>
<para>Modules designed for use with &os; 4.X are likely to
panic and should be used with extreme caution).</para>
</note>
</para>
<!-- Above this line, order bootloader changes by keyword-->
</sect3>
<sect3>
<title>Network Interface Support</title>
<para>The cm driver now supports IPX. &merged;</para>
<para>A new wlan module provides 802.11 link-layer support. The
&man.wi.4; driver now uses this facility.</para>
<para arch="i386,alpha,pc98,sparc64">A timing bug in the
&man.xl.4; driver, which could cause a kernel panic (or other
problems) when configuring an interface, has been
fixed.</para>
</sect3>
<sect3>
<title>Network Protocols</title>
<para>&man.ipfw.4; <literal>skipto</literal> rules can once
again be used with the <literal>log</literal> keyword.
&man.ipfw.4; <literal>uid</literal> rules are once again
working.</para>
<para>It is now possible to build the
<literal>FAST_IPSEC</literal> and <literal>INET6</literal>
options into the same kernel. (They still cannot be used
together, however.)</para>
<para>A bug in TCP NewReno, which caused premature exit from
fast recovery when NewReno was enabled, has been
fixed. &merged;</para>
<para>TCP now has support for the <quote>Limited
Transmit</quote> mechanism proposed by RFC 3042. This feature
is intended to improve the effectiveness of TCP loss recovery
in certain circumstances. It is off by default but can be
enabled with the <varname>net.inet.tcp.rfc3042</varname>
sysctl variable. More information can be found in
&man.tcp.4;.</para>
<para>TCP now has support for increased initial congestion
window sizes as described in RFC 3390. This feature can
improve the throughput of short transfers, as well as
high-bandwidth, large propagation-delay connections. It is
off by default but can be enabled with the
<varname>net.inet.tcp.rfc3390</varname> sysctl variable. More
information can by found in &man.tcp.4;.</para>
<para>The IP fragment reassembly code behaves more gracefully
when receiving a large number of packet fragments (it is
designed to be more resistant to fragment-based denial of
service attacks). &merged;</para>
<para>TCP connections in the <literal>TIME_WAIT</literal> state
now use a special protocol control block that uses less space
than a full-blown TCP PCB. This allows some of the data
structures and resources used by such a connection to be freed
earlier.</para>
<para>It is now possible to specify the range of
<quote>privileged ports</quote> (TCP and UDP ports that
require superuser access to &man.bind.2; to). The range is
now specified with the
<varname>net.inet.ip.portrange.reservedlow</varname> and
<varname>net.inet.ip.portrange.reservedhigh</varname> sysctl
variables, defaulting to the traditional UNIX behavior. This
feature is intended to help network servers bind
to traditionally privileged ports without requiring superuser
access. &man.ip.4; has more details.</para>
<para>Some bugs in the non-blocking RPC code has been fixed. As
a result, &man.amd.8; users are now able to mount volumes from
a &release.current; server.</para>
<para>Support for XNS networking, which has not worked
correctly for almost seven years, has been removed.</para>
</sect3>
<sect3>
<title>Disks and Storage</title>
<para>The &man.aac.4; driver now runs free of the Giant kernel
lock. This change has given a nearly 20% performance speedup
on an SMP system running multiple I/O intensive loads.</para>
<para>The &man.ata.4; driver now supports all known SiS
chipsets. (More details can be found in the Hardware
Notes.)</para>
<para>A number of changes have been made to the &man.cd.4;
driver. The primary user-visible change is improved
compatability with ATAPI/USB/Firewire CDROM drives.</para>
<para>&man.geom.4; is now mandatory; the
<literal>NO_GEOM</literal> has been removed from the set of
kernel configuration options.</para>
<para>A bug in the &man.mly.4; driver that caused hangs has been
corrected.</para>
<para>Support has been added for volume labels on UFS and UFS2
filesystems. These labels are strings that can be used to
identify a volume, regardless of what device it appears on.
Labels can be set with the <option>-L</option> options to
&man.newfs.8; or &man.tunefs.8;. With the
<literal>GEOM_VOL</literal> module, volumes can be accessed
using their labels under <filename>/dev/vol</filename>.</para>
<para>The root filesystem can now be located on a &man.vinum.4;
volume. More information can be found in the &man.vinum.4;
manual page.</para>
<para arch="pc98">The wfd and wst drivers, which have been
broken for some time, have been removed.</para>
</sect3>
<sect3>
<title>Filesystems</title>
<para>NETNCP and Netware Filesystem Support (nwfs) are once
again working.</para>
<para>Bugs that could cause the unmounting of a smbfs share to
fail or cause a kernel panic have been fixed.</para>
</sect3>
<sect3>
<title>PCCARD Support</title>
<para></para>
</sect3>
<sect3>
<title>Multimedia Support</title>
<para></para>
</sect3>
<sect3>
<title>Contributed Software</title>
<para><application>IPFilter</application> has been updated to
3.4.31. &merged;</para>
</sect3>
</sect2>
<sect2 id="userland">
<title>Userland Changes</title>
<para>&man.adduser.8; now correctly handles setting user passwords
containing special shell characters.</para>
<para arch="alpha,i386">The <filename>compat4x</filename>
distribution now includes the
<filename>libcrypto.so.2</filename>,
<filename>libgmp.so.3</filename>, and
<filename>libssl.so.2</filename> libraries from &os;
4.7-RELEASE.</para>
<para>&man.config.8; now implements a <literal>nodevice</literal>
kernel configuration file directive that cancels the effect of a
<literal>device</literal> directive. The new
<literal>nooption</literal> and <literal>nomakeoption</literal>
directives cancel prior <literal>option</literal> and
<literal>makeoption</literal> directives, respectively.</para>
<para>The <option>-N</option> and <option>-W</option> flags to
&man.disklabel.8; have been retired.</para>
<para>&man.disklabel.8; is now only built for architectures where
it is useful (i386, pc98, alpha, and ia64).</para>
<para>The <option>-s</option> to &man.disklabel.8; has been
removed because the i386 boot loader now resides in a single
file.</para>
<para>&man.dump.8; now supports caching of disk blocks with the
<option>-C</option> option. This can improve dump performance
at the cost of possibly missing filesystem updates that occur
between passes.</para>
<para>&man.dumpfs.8; now supports a <option>-m</option> flag to
print file system parameters in the form of a &man.newfs.8;
command.</para>
<para>&man.elfdump.1;, a utility to display information about &man.elf.5;
format executable files, has been added.</para>
<para>&man.fetch.1; uses the <filename>.netrc</filename> support
in &man.fetch.3; and also supports a <option>-N</option> to
specify an alternate <filename>.netrc</filename> file.</para>
<para>&man.fetch.3; now has support for
<filename>.netrc</filename> files (see &man.ftp.1; for more
details).</para>
<para>&man.ftpd.8; now supports a <option>-h</option> option to
disable printing any host-specific information, such as the
&man.ftpd.8; version or hostname, in server messages.
&merged;</para>
<para>&man.ftpd.8; now supports a <option>-P</option> option to
specify a port on which to listen in daemon mode. The default
data port number is now set to be one less than the control port
number, rather than being hard-coded. &merged;</para>
<para>&man.ftpd.8; now supports an extended format of the
<filename>/etc/ftpchroot</filename> file. Please refer
to the &man.ftpchroot.5; manpage, which is now available,
for details. &merged;</para>
<para>&man.ftpd.8; now supports login directory pathnames
that specify simultaneously a directory for &man.chroot.2;
and that to change to in the chrooted environment. The
<literal>/./</literal> separator is used for
this purpose, like in other FTP daemons having this feature.
It may be used in both &man.ftpchroot.5; and &man.passwd.5;.
&merged;</para>
<para>&man.fwcontrol.8; now supports <option>-R</option> and
<option>-S</option> options for receiving and sending DV
streams. &merged;</para>
<para>&man.ipfw.8; now supports <literal>enable</literal> and
<literal>disable</literal> commands to control various aspects
of the operation of &man.ipfw.4; (including enabling and
disabling the firewall itself). These provide a more convenient
and visible interface than the existing sysctl
variables. &merged;</para>
<para>&man.kenv.1; has been moved from
<filename>/usr/bin</filename> to <filename>/bin</filename> to
make it available at times during system startup when only the
root filesystem is mounted.</para>
<para>The MAKEDEV script is now unnecessary, due to the mandatory
presence of &man.devfs.5;, and has been removed.</para>
<para>The &man.libgeom.3; library has been added to allow some
userland access to the &man.geom.4; subsystem.</para>
<para>The mac_portacl MAC policy module has been added. It
provides a simple ACL mechanism to permit users and groups to
bind ports for TCP or UDP, and is intended to be used in
conjunction with the recently-added
<varname>net.inet.ip.portrange.reservedhigh</varname> sysctl.
<para>The &man.mksnap.ffs.8; program has been added to allow
easier creation of FFS snapshots. It is a
SUID-<username>root</username> executable designed for use by
members of the <groupname>operator</groupname>group.</para>
<para>&man.mount.nfs.8; now supports a <option>-c</option> flag to
avoid doing a &man.connect.2; for UDP mount points. This option
must be used if the server does not reply to requests from the
standard NFS port number 2049 or if it replies to requests using
a different IP address (which can occur if the server is
multi-homed). Setting the
<varname>vfs.nfs.nfs_ip_paranoia</varname> sysctl to
<literal>0</literal> will make this option the
default. &merged;</para>
<para>&man.newsyslog.8; now supports a <literal>W</literal> flag
to force previously-started compression jobs for an entry (or
group of entries specified with the <literal>G</literal> flag)
to finish before beginning a new one. This feature is designed
to prevent system overloads caused by starting several
compression jobs on big files simultaneously. &merged;</para>
<para>&man.pam.ssh.8; has been rewritten. One side effect of the
rewrite is that it now starts a separate instance of
&man.ssh-agent.1; for each session instead of trying to connect
each session to the agent started by the first session.</para>
<para>&man.ping.8; now supports a <option>-D</option> flag to set
the <quote>Don't Fragment</quote> bit on outgoing packets.</para>
<para>&man.ping.8; now supports a <option>-M</option> option to use
ICMP mask request or timestamp request messages instead of ICMP echo requests.</para>
<para>&man.ping.8; now supports a <option>-z</option> flag to set
the Type of Service bits in outgoing packets.</para>
<para>&man.pw.8; can now add a user whose name ends with a
<literal>$</literal> character; this change is intended to help
administration of <application>Samba</application>
services. &merged;</para>
<para>A bug in &man.rand.3; that could cause a sequence to remain
stuck at <literal>0</literal> has been fixed. (&man.rand.3;
remains unsuitable for all but trivial uses.)</para>
<para>&man.sem.open.3; now correctly handles multiple opens of the
same semaphore; as a result, &man.sem.close.3; no longer crashes
calling programs.</para>
<para>The seeding algorithm used by &man.srandom.3; has been
strengthened.</para>
<para arch="sparc64">The sunlabel utility, a program analogous to
&man.disklabel.8; that works on Sun disk labels, has been
added.</para>
<para>The &man.swapoff.8; command has been added to disable paging
and swapping on a device. A related &man.swapctl.8; command has
been added to provide an interface to &man.swapon.8; and
&man.swapoff.8; similar to other BSDs.
<note>
<para>The &man.swapoff.8; feature should be considered
experimental.</para>
</note>
</para>
<para>&man.syslogd.8; now allows multiple hosts or programs to be
named in host or program specifications in &man.syslog.conf.5;
files.</para>
<para>&man.systat.1; now includes an <option>-ifstat</option>
display mode that displays the network traffic going through
active intrfaces on the system.</para>
<para>&man.xargs.1; now supports a <option>-P</option> option to
execute multiple copies of the same utility in parallel.</para>
<sect3>
<title>Contributed Software</title>
<para><application>awk</application> from Bell Labs has been
updated to a 13 December 2002 snapshot.</para>
<para><application>BIND</application> has been updated to
version 8.3.4. &merged;</para>
<para>All of the <application>bzip2</application> suite of
applications is now installed in the base system (in
particular, <command>bzip2recover</command> is now built and
installed). &merged;</para>
<para><application>CVS</application> has been updated to
1.11.5. &merged;</para>
<para><application>FILE</application> has been updated to
3.41.</para>
<para><application>GCC</application> has been updated to
3.2.2 (release version).</para>
<para>The <application>ISC DHCP</application> client has been
updated to 3.0.1RC11. &merged;</para>
<para><application>libpcap</application> now has support for
selecting among multiple data link types on an
interface.</para>
<para><application>OpenPAM</application> has been updated to the
<quote>Daffodil</quote> release.</para>
<para><application>OpenSSL</application> has been updated to
release 0.9.7a. Among other features, this release includes
support for AES and takes advantage of &man.crypto.4;
devices. &merged;</para>
<para><application>sendmail</application> has been updated to
version 8.12.8. &merged;</para>
<para>&man.tcpdump.1; has been updated to version 3.7.2. &merged;
It also now supports a <option>-L</option> flag to
list the data link types available on an interface and a
<option>-y</option> option to specify the data link type to use while
capturing packets.</para>
</sect3>
<sect3>
<title>Ports/Packages Collection Infrastructure</title>
<para>The one-line <filename>pkg-comment</filename> files have
been eliminated from each port skeleton; their contents have
been moved into each port's <filename>Makefile</filename>.
This change reduces the disk space and inodes used by the
ports tree. &merged;</para>
</sect3>
</sect2>
<sect2>
<title>Release Engineering and Integration</title>
<para>The supported release of <application>GNOME</application>
has been updated to 2.2. &merged;</para>
<para>The supported release of <application>KDE</application>
has been updated to 3.1. &merged;</para>
<para>&man.sysinstall.8; once again supports installing individual
components of <application>XFree86</application>. Supporting
changes (not user-visible) generalize the concept of installing
parts of distributions as packages.</para>
<para>The supported release of <application>XFree86</application>
has been updated to 4.3.0. &merged;</para>
</sect2>
<sect2>
<title>Documentation</title>
<para></para>
</sect2>
</sect1>
<sect1 id="upgrade">
<title>Upgrading from previous releases of &os;</title>
<para>Users with existing &os; systems are
<emphasis>highly</emphasis> encouraged to read the <quote>Early
Adopter's Guide to &os; 5.0</quote>. This document generally has
the filename <filename>EARLY.TXT</filename> on the distribution
media, or any other place that the release notes can be found. It
offers some notes on upgrading, but more importantly, also
discusses some of the relative merits of upgrading to &os;
5.<replaceable>X</replaceable> versus running &os;
4.<replaceable>X</replaceable>.</para>
<important>
<para>Upgrading &os; should, of course, only be attempted after
backing up <emphasis>all</emphasis> data and configuration
files.</para>
</important>
</sect1>
Reference in New Issue View Git Blame Copy Permalink