d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-skq/release/doc/en_US.ISO8859-1/relnotes/article.sgml
bmah df648ac517 New release notes: if_bridge(4) private ports, wlandebug(8). 
Approved by:	re (implicitly)
2007-08-03 02:26:18 +00:00

2576 lines
112 KiB
Plaintext
Raw Blame History

<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
%articles.ent;
<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
%release;
<!-- Text constants which probably don't need to be changed.-->
<!-- The marker for MFCs. -->
<!ENTITY merged "[MERGED]">
<!-- Architecture names -->
<!ENTITY arch.amd64 "amd64">
<!ENTITY arch.arm "arm">
<!ENTITY arch.i386 "i386">
<!ENTITY arch.ia64 "ia64">
<!ENTITY arch.pc98 "pc98">
<!ENTITY arch.powerpc "powerpc">
<!ENTITY arch.sparc64 "sparc64">
<!ENTITY arch.sun4v "sun4v">
<!ENTITY % include.historic "IGNORE">
<!ENTITY % no.include.historic "IGNORE">
]>
<article>
<articleinfo>
<title>&os; &release.current; Release Notes</title>
<corpauthor>The &os; Project</corpauthor>
<pubdate>$FreeBSD$</pubdate>
<copyright>
<year>2000</year>
<year>2001</year>
<year>2002</year>
<year>2003</year>
<year>2004</year>
<year>2005</year>
<year>2006</year>
<year>2007</year>
<holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
</copyright>
<legalnotice id="trademarks" role="trademarks">
&tm-attrib.freebsd;
&tm-attrib.ibm;
&tm-attrib.ieee;
&tm-attrib.intel;
&tm-attrib.sparc;
&tm-attrib.general;
</legalnotice>
<abstract>
<para>The release notes for &os; &release.current; contain a summary
of the changes made to the &os; base system on the
&release.branch; development line.
This document lists applicable security advisories that were issued since
the last release, as well as significant changes to the &os;
kernel and userland.
Some brief remarks on upgrading are also presented.</para>
</abstract>
</articleinfo>
<sect1 id="intro">
<title>Introduction</title>
<para>This document contains the release notes for &os;
&release.current;. It
describes recently added, changed, or deleted features of &os;.
It also provides some notes on upgrading
from previous versions of &os;.</para>
<![ %release.type.current [
<para>The &release.type; distribution to which these release notes
apply represents the latest point along the &release.branch; development
branch since &release.branch; was created. Information regarding pre-built, binary
&release.type; distributions along this branch
can be found at <ulink url="&release.url;"></ulink>.</para>
]]>
<![ %release.type.snapshot [
<para>The &release.type; distribution to which these release notes
apply represents a point along the &release.branch; development
branch between &release.prev; and the future &release.next;.
Information regarding
pre-built, binary &release.type; distributions along this branch
can be found at <ulink url="&release.url;"></ulink>.</para>
]]>
<![ %release.type.release [
<para>This distribution of &os; &release.current; is a
&release.type; distribution. It can be found at <ulink
url="&release.url;"></ulink> or any of its mirrors. More
information on obtaining this (or other) &release.type;
distributions of &os; can be found in the <ulink
url="&url.books.handbook;/mirrors.html"><quote>Obtaining
&os;</quote> appendix</ulink> to the <ulink
url="&url.books.handbook;/">&os;
Handbook</ulink>.</para>
]]>
<para>All users are encouraged to consult the release errata before
installing &os;. The errata document is updated with
<quote>late-breaking</quote> information discovered late in the
release cycle or after the release. Typically, it contains
information on known bugs, security advisories, and corrections to
documentation. An up-to-date copy of the errata for &os;
&release.current; can be found on the &os; Web site.</para>
</sect1>
<sect1 id="new">
<title>What's New</title>
<para>This section describes
the most user-visible new or changed features in &os;
since &release.prev;.
In general, changes described here are unique to the &release.branch;
branch unless specifically marked as &merged; features.
</para>
<para>Typical release note items
document recent security advisories issued after
&release.prev;,
new drivers or hardware support, new commands or options,
major bug fixes, or contributed software upgrades. They may also
list changes to major ports/packages or release engineering
practices. Clearly the release notes cannot list every single
change made to &os; between releases; this document focuses
primarily on security advisories, user-visible changes, and major
architectural improvements.</para>
<sect2 id="security">
<title>Security Advisories</title>
<para>A temporary file vulnerability in &man.texindex.1;, which
could allow a local attacker to overwrite files in the context
of a user running the &man.texindex.1; utility, has been fixed.
For more details see security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:01.texindex.asc">FreeBSD-SA-06:01.texindex</ulink>. &merged;</para>
<para>A temporary file vulnerability in the &man.ee.1; text
editor, which could allow a local attacker to overwrite files in
the context of a user running &man.ee.1;, has been fixed. For
more details see security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:02.ee.asc">FreeBSD-SA-06:02.ee</ulink>. &merged;</para>
<para>Several vulnerabilities in the &man.cpio.1; utility have
been corrected. For more
details see security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:03.cpio.asc">FreeBSD-SA-06:03.cpio</ulink>. &merged;</para>
<para>An error in &man.ipfw.4; IP fragment handling, which could
cause a crash, has been fixed. For more
details see security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:04.ipfw.asc">FreeBSD-SA-06:04.ipfw</ulink>. &merged;</para>
<para>A potential buffer overflow in the IEEE 802.11 scanning code
has been corrected. For more
details see security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:05.80211.asc">FreeBSD-SA-06:05.80211</ulink>. &merged;</para>
<para>Two instances in which portions of kernel memory could be
disclosed to users have been fixed. For more details see
security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:06.kmem.asc">FreeBSD-SA-06:06.kmem</ulink>. &merged;</para>
<para>A logic bug in the IP fragment handling in &man.pf.4;, which
could cause a crash under certain circumstances, has been fixed.
For more details see security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:07.pf.asc">FreeBSD-SA-06:07.pf</ulink>. &merged;</para>
<para>A logic bug in the NFS server code, which could cause a crash when
the server received a message with a zero-length payload, has been fixed.
For more details see security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:10.nfs.asc">FreeBSD-SA-06:10.nfs</ulink>. &merged;</para>
<para>A programming error in the &man.fast.ipsec.4; implementation
results in the sequence number associated with a Security
Association not being updated, allowing packets to unconditionally
pass sequence number verification checks, has been fixed.
For more details see security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:11.ipsec.asc">FreeBSD-SA-06:11.ipsec</ulink>. &merged;</para>
<para>A logic bug that could cause &man.opiepasswd.1; to allow an unprivileged
user to configure OPIE authentication for the root user under certain
circumstances, has been fixed.
For more details see security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:12.opie.asc">FreeBSD-SA-06:12.opie</ulink>. &merged;</para>
<para>An asynchronous signal handling vulnerability in &man.sendmail.8;,
which could allow a remote attacker to execute arbitrary code with the
privileges of the user running sendmail, typically root, has been fixed.
For more details see security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:13.sendmail.asc">FreeBSD-SA-06:13.sendmail</ulink>. &merged;</para>
<para>[&arch.amd64;, &arch.i386;] An information disclosure issue found in the
&os; kernel running on 7th- and 8th-generation AMD processors
has been fixed. For more details see security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:14.fpu.asc">FreeBSD-SA-06:14.fpu</ulink>. &merged;</para>
<para>A bug in &man.ypserv.8;, which effectively disabled the
<filename>/var/yp/securenets</filename> access control mechanism,
has been corrected. More details are available in security
advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:15.ypserv.asc">FreeBSD-SA-06:15.ypserv</ulink>. &merged;</para>
<para>A bug in the smbfs file system, which could allow an
attacker to escape out of &man.chroot.2 environments on an smbfs
mounted file system, has been fixed. For more details, see
security advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc">FreeBSD-SA-06:16.smbfs</ulink>. &merged;</para>
<para>A potential denial of service problem in &man.sendmail.8;
caused by excessive recursion which leads to stack
exhaustion when attempting delivery of a malformed
MIME message, has been fixed. For more details,
see security advisory <ulink
url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc">FreeBSD-SA-06:17.sendmail</ulink>. &merged;</para>
<para>A potential buffer overflow condition in &man.sppp.4; has
been corrected. For more details, see security advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc">FreeBSD-SA-06:18.ppp</ulink>. &merged;</para>
<para>An OpenSSL bug related to validation of PKCS#1 v1.5
signatures has been fixed. For more details, see security
advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:19.openssl.asc">FreeBSD-SA-06:19.openssl</ulink>. &merged;</para>
<para>A potential denial of service attack against &man.named.8;
has been fixed. For more details, see security advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc">FreeBSD-SA-06:20.bind</ulink>. &merged;</para>
<para>Several programming errors have been fixed in &man.gzip.1;.
They could have the effect of causing a crash or an infinite
loop when decompressing files. More information can be found in
security advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:21.gzip.asc">FreeBSD-SA-06:21.gzip</ulink>. &merged;</para>
<para>Several vulnerabilities have been fixed in OpenSSH. More
details can be found in security advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:22.openssh.asc">FreeBSD-SA-06:22.openssh</ulink>. &merged;</para>
<para>Multiple errors in the OpenSSL &man.crypto.3; library have
been fixed. Potential effects are varied, and are documented in
more detail in security advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc">FreeBSD-SA-06:23.openssl</ulink>. &merged;</para>
<para>A bug that could permit corrupt archives to cause an
infinite loop in &man.libarchive.3; and &man.tar.1; has been
fixed. More details are available in
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive.asc">FreeBSD-SA-06:24.libarchive</ulink>. &merged;</para>
<para>A bug that could allow users in
the <groupname>operator</groupname> group to read parts of kernel
memory has been corrected. For more details, consult security
advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:25.kmem.asc">FreeBSD-SA-06:25.kmem</ulink>. &merged;</para>
<para>A bug in the <filename>jail</filename> startup script that
could permit privilege escalation via a symlink attack has been
fixed. More information is available in
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:01.jail.asc">FreeBSD-SA-07:01.jail</ulink>. &merged;</para>
<para>Two remote denials of service in BIND (one involving DNSSEC and
one involving recursive DNS queries) have been fixed. For more
information, see security advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:02.bind.asc">FreeBSD-SA-07:02.bind</ulink>. &merged;</para>
<para>Processing of IPv6 type 0 Routing Headers is now
controlled by the <varname>net.inet6.ip6.rthdr0_allowed</varname>
sysctl variable, which defaults to <literal>0</literal> (off).
For more information, see security advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:03.ipv6.asc">FreeBSD-SA-07:03.ipv6</ulink>. &merged;</para>
<para>A potential heap overflow in the &man.file.1; utility
(and the &man.libmagic.3; library on which it relies) has been
fixed. More details can be found in security advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:04.file.asc">FreeBSD-SA-07:04.file</ulink>. &merged;</para>
<para>Problems with &man.libarchive.3; and &man.tar.1; handling
corrupted &man.tar.5; archive files have been fixed. More
details can be found in security advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:05.libarchive.asc">FreeBSD-SA-07:05.libarchive</ulink>. &merged;</para>
<para>A buffer overflow in &man.tcpdump.1; has been corrected.
More information can be found in security advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:06.tcpdump.asc">FreeBSD-SA-07:06.tcpdump</ulink>. &merged;</para>
<para>A bug in &man.named.8;, which could result in an attacker
being able to poison a resolver's DNS cache, has been fixed.
More details are included in security advisory
<ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:07.bind.asc">FreeBSD-SA-07:07.bind</ulink>. &merged;</para>
</sect2>
<sect2 id="kernel">
<title>Kernel Changes</title>
<para>&man.acpi.4; now has support for the HPET time counter. &merged;</para>
<para>The &man.acpi.ibm.4; driver now supports setting the fan control
mode to manual or automatic, and adjusting the fan speed if the
fan control mode is manual. To enable manual control of the fan speed,
the sysctl variable <varname>dev.acpi_ibm.<replaceable>0</replaceable>.fan</varname>
needs to be set to zero (manual). This should only be used with
extreme precaution, as disabling automatic fan control might
overheat the hardware and lead to permanent damage.</para>
<para>The &man.apm.4; suspend/resume support has been improved.</para>
<para>Security event auditing is now supported in the &os; kernel,
and is enabled by the <literal>AUDIT</literal> kernel
configuration option. The option is enabled in the
<filename>GENERIC</filename> kernel. More information can be found
in the &man.audit.4; manual page.</para>
<para>Support for the Camellia block cipher has been added to the
&os; kernel. It can now be specified as a cipher in IPsec. More
information on Camellia can be found in RFC 4132.</para>
<para>The <literal>options COMPAT_43</literal> kernel
configuration option has been deemed unnecessary and has been
removed from <filename>GENERIC</filename> and related kernel
configurations. This change may result in a small performance
increase for some workloads.</para>
<para>The dumb console driver (&man.dcons.4;) is now enabled in the
<filename>GENERIC</filename> kernel.</para>
<para>The &man.ddb.4; debugger now provides the <literal>show lock</literal>
command. If the argument has a valid lock class,
this displays various information about the lock and calls a
new function pointer in lock_class (lc_ddb_show) to dump class-specific
information about the lock as well (such as the owner of a mutex or
xlock'ed sx lock). &merged;</para>
<para>The &man.ddb.4; debugger now provides the <literal>show sleepq</literal>
command. This takes a wait channel as an argument and looks
for a sleep queue associated with that wait channel.</para>
<para><filename>DEFAULTS</filename> kernel configuration files
for each platform have been added. These files contain
directives that are implicitly included in all kernel
configurations, and generally include basic, mandatory
functionality for each platform. &merged;</para>
<para>A bug in file descriptor handling such that a simple
<literal>close(0); dup(fd)</literal> sequence does not return
descriptor <literal>0</literal> in some cases, has been fixed.</para>
<para>The &man.firmware.9; subsystem has been added. This
subsystem provides a mechanism
to load binary data into the kernel via a specially crafted module.
&merged;</para>
<para>The &man.gdb.1; remote debugging interface now supports
copying console messages to a remote debugger instance.
To enable this, set <literal>debug.gdbcons="1"</literal>
in <filename>loader.conf</filename>, enter <literal>boot -d;
gdb; step</literal> from the loader prompt,
then attach &man.gdb.1; from a remote machine.
The sysctl variable <varname>debug.gdbcons</varname> can be
used to turn on/off this functionality.</para>
<para>&man.hwpmc.4; and &man.pmcstat.8; now support profiling
of dynamically loaded kernel modules and
shared objects loaded with &man.dlopen.3;.</para>
<para>A new <varname>kern.hostuuid</varname> sysctl variable
has been added to hold a host's Universally Unique Identifier
(UUID). This UUID is computed or generated by a new
<filename>rc.d/hostid</filename> startup script and, where
possible, is saved to disk to be persistent across reboots.</para>
<para>The <option>INCLUDE_CONFIG_FILE</option> kernel configuration
option has been improved. The full configuration of a running kernel
can now be obtained via <command>sysctl -b kern.conftxt</command>.
It can also be extracted from a kernel file via
<command>config -x kernelfile</command>. To preserve the literal
kernel configuration with all the comments included, the
<option>-C</option> option of &man.config.8; can be used.</para>
<para>Support for Kernel Scheduled Entities (KSE) is now a kernel
option (previously it was a mandatory feature in the kernel).
It is enabled in the GENERIC kernel (thus there is no change in
functionality) for all platforms except &arch.sun4v;.</para>
<para>The Linux ABI support was enhanced to support emulation of
Linux 2.6.16. This is not enabled by default. To turn it on
the <varname>compat.linux.osrelease</varname> sysctl variable
has to be set to <literal>2.6.16</literal>. Note that this
support is still experimental.</para>
<para>Support for Message Signaled Interrupts (MSI) and Extended
Message Signaled Interrupts (MSI-X) has been added to the kernel's
PCI support code. &merged;</para>
<para>The &man.priv.9; kernel interface has been added. Its purpose
is checking the availability of privilege for threads and credentials.
Unlike the existing &man.suser.9; interface, &man.priv.9; exposes a
named privilege identifier to the privilege checking code, allowing
more complex policies regarding the granting of privilege to be
expressed.</para>
<para>The &man.random.4; entropy device driver is now MPSAFE.
&merged;</para>
<para>&os; now supports concurrent &man.read.2;/&man.readv.2;
access to a file.</para>
<para>The kernel's &man.sx.9; locks have been optimized to use
simple atomic operations for the common cases of obtaining and
releasing shared and exclusive locks. While this change is not
generally user-visible, it is the basis for some substantial
performance improvements.</para>
<para>The ULE process scheduler has been revised to improve its
behavior, in particular interactivity under load, for both
uniprocessor and multiprocessor machines. This
implementation has commonly been referred to as <quote>ULE
3.0</quote>. (ULE 3.0 was formerly known as SCHED_SMP,
which in turn was based on version 2.0 of the ULE scheduler.
ULE 2.0 was never a part of any &os; release, however it
was the subject of many development, testing, and
benchmarking efforts.)</para>
<para>The <literal>SIGCHLD</literal> signal queuing has been
added. For each child process whose status has been changed,
a <literal>SIGCHLD</literal> instance is queued. If the signal is still pending,
and the process changed status several times, the signal information
is updated to reflect the latest process status.
There is a loader tunable <varname>kern.sigqueue.queue_sigchild</varname>
which can control the behavior, setting it to zero disables the
<literal>SIGCHLD</literal> queuing feature.</para>
<para>[&arch.amd64;, &arch.i386;] Instead of including all of physical
memory in a kernel crash dump, the kernel now defaults to dumping only pages that are
actively mapped into kernel virtual memory. A new
<varname>debug.minidump</varname> sysctl variable
can be used to turn off this behavior when set to zero. &merged;</para>
<para>A new sysctl variable <varname>kern.malloc_stats</varname>
has been added. This allows exporting of kernel malloc
statistics via a binary structure stream.</para>
<para>A new sysctl variable <varname>kern.forcesigexit</varname>
has been added. This forces a process
to sigexit if a trap signal is being held by the current thread or
ignored by the current process. It is enabled by default.</para>
<para>The pcvt(4) driver, an alternative to &man.syscons.4;,
has been removed, as it had fallen out of sync with the rest
of the kernel.</para>
<para>RedZone, a buffer corruption protection for the kernel &man.malloc.9;
facility has been implemented. This detects both buffer underflows and
overflows at runtime on &man.free.9; and &man.realloc.9;,
and prints backtraces from where memory was allocated and from where
it was freed. For more details, see the &man.redzone.9; manual page.</para>
<para>A new sysctl variable <varname>security.mac.biba.interfaces_equal</varname>
which makes all network interfaces be created with the label
<literal>biba/equal(equal-equal)</literal>, has been added.
This is useful where programs such as &man.dhclient.8; and &man.ppp.8;.
which initialize network interfaces do not have any labeling support.
This variable is set as <literal>0</literal> (disabled) by default.
&merged;</para>
<para>A new loader tunable <varname>vm.kmem_size_min</varname> has been
added. This allows to specify a minimal size for
<varname>vm.kmem_size</varname>.</para>
<para>A new sysctl variable <varname>vm.zone_stats</varname>
has been added. This allows to export &man.uma.9; allocator
statistics via a binary structure stream.</para>
<para>The sysctl variable <varname>hw.pci.do_powerstate</varname>
has been split into two sysctl variables
<varname>hw.pci.do_powerstate_nodriver</varname>
and <varname>hw.pci.do_powerstate_resume</varname>.
Also, these variables have been changed from a boolean to a range.
<literal>0</literal> means no power management,
<literal>1</literal> means conservative power management which
any device class that has caused problems is added to the watch list,
<literal>2</literal> means aggressive power management where
any device class that is not fundamental to the system is added to the list,
and <literal>3</literal> means power them all down unconditionally.
The default values are <literal>0</literal> for
<varname>hw.pci.do_powerstate_nodriver</varname> and
<literal>1</literal> for <varname>hw.pci.do_powerstate_resume</varname>.</para>
<para>[&arch.ia64;] The <filename>GENERIC</filename> kernel now enables
SMP support by default.</para>
<para>Sample kernel configuration files
<filename>src/sys/<replaceable>arch</replaceable>/conf/MAC</filename>
for the Mandatory Access Control framework have been added.</para>
<para><varname>POSIX_TIMERS</varname> support has been updated to 200112L.</para>
<para>An experimental support for POSIX message queue has been
implemented.</para>
<para>&os; now runs on the Xbox, whose architecture is nearly identical
to the i386. For details of the latest development, see
<ulink url="http://www.FreeBSD.org/platforms/xbox.html"></ulink>.
&merged; </para>
<para>The locking strategy for UNIX domain sockets has been
revised to improve concurrency; this change has yielded
substantial performance improvements on various SMP workloads
(in particular, MySQL on 8-way &arch.amd64; systems) with little
or no measured overhead on UP systems.</para>
<para>Several minor but widespread changes to the Newbus API have
been made In order to support some on-going work with interrupt
filtering. Because this change also breaks the kernel ABI, all
third-party device drivers will need to be modified and
recompiled.</para>
<sect3 id="boot">
<title>Boot Loader Changes</title>
<para>A new option <option>-S</option>,
which allows setting the <filename>boot2</filename>
serial console speed in the <filename>/boot.config</filename>
file or on the <prompt>boot:</prompt> prompt line,
has been added.</para>
<para>[&arch.amd64;, &arch.i386;] A new loader tunable
<varname>comconsole_speed</varname> to change
the serial console speed has been added.
If the previous stage boot loader requested a serial console,
then the default speed is determined from the current serial port
speed. Otherwise it is set to 9600 or the value of
the <literal>BOOT_COMCONSOLE_SPEED</literal> kernel option.
&merged;</para>
<para>[&arch.amd64;, &arch.i386;] &man.firewire.4; and &man.dcons.4;
support has been added to the boot loader. To enable it,
<literal>LOADER_FIREWIRE_SUPPORT=yes</literal> has to be added
to <filename>/etc/make.conf</filename> and the loader be rebuilt.
</para>
<!-- Above this line, order boot loader changes by keyword-->
<para>[&arch.pc98;] A bootable CDROM loader has been implemented
for the pc98 platform. &merged;</para>
<para>[&arch.pc98;] The <application>IPLware</application> support
in boot0.5 has been enhanced to support version 3.33.</para>
<para>[&arch.i386;] A bug in the i386 boot loader, which could
cause file system corruption if
a <filename>nextboot.conf</filename> file was used and landed
after cylinder 1023, has been fixed. &merged;</para>
</sect3>
<sect3 id="proc">
<title>Hardware Support</title>
<para>The &man.amdsmb.4; driver has been added. It provides
support for the AMD-8111 SMBus 2.0 controller. &merged;</para>
<para>The &man.cardbus.4;, &man.pccard.4;,
&man.pccbb.4;, and &man.exca.4; drivers are now buildable
as kernel modules.</para>
<para>An &man.acpi.dock.4; driver has been added to provide
support for controlling laptop docking station functions via
ACPI. &merged;</para>
<para>The &man.acpi.thermal.4; driver now supports
passive cooling. &merged;</para>
<para>The &man.acpi.thermal.4; driver now supports overriding
the <literal>_PSV</literal>, <literal>_HOT</literal>, and
<literal>_CRT</literal> temperature values.</para>
<para>Support for the alpha architecture has been removed. Alpha
support will remain on the RELENG_5 and RELENG_6 codelines.</para>
<para>The &man.cardbus.4; driver now supports
<filename>/dev/cardbus<replaceable>%d</replaceable>.cis</filename>.</para>
<para>[&arch.i386;, &arch.pc98;] The &man.ce.4; driver,
which supports Cronyx Tau-PCI/32 adapters, has been added.
&merged;</para>
<para>The <literal>est</literal> &man.cpufreq.4; driver now supports
frequency control for the VIA C7-M family of processors.</para>
<para>Support for the PadLock Security Co-processor in VIA C3,
Eden, and C7
processors has been added to the &man.crypto.9; subsystem.
More information can be found in the &man.padlock.4; manual
page.
&merged;</para>
<para>The &man.firewire.4; code is now MPSAFE.</para>
<para>icee(4), a generic I2C EEPROM driver, has been added.</para>
<para>A bug which prevented the &man.ichsmb.4; kernel module
from unloading has been fixed.</para>
<para>[&arch.amd64;, &arch.i386;] Dual-core processors (such as the Intel
Core Duo) now have both cores available for use by
default in SMP-enabled kernels. &merged;</para>
<para>[&arch.amd64;, &arch.i386;] &man.ipmi.4;, an OpenIPMI compatible driver,
has been added.
OpenIPMI (Intelligent Platform Management Interface) is an open
standard designed to enable remote monitoring and control of server,
networking and telecommunication platforms. &merged;</para>
<para>The &man.kbdmux.4; driver has been integrated into &man.syscons.4; and
the <devicename>kbd</devicename> device driver.
By default &man.syscons.4; will look for the &man.kbdmux.4;
keyboard first, and then, if not found, look for any keyboard.
Switching to &man.kbdmux.4; can be done at boot time by loading
the <literal>kbdmux</literal> kernel module via &man.loader.8;,
or at runtime via &man.kldload.8; and releasing the active
keyboard. &merged;</para>
<para>[&arch.amd64;, &arch.i386;] The &man.kbdmux.4; driver is now included in the
<filename>GENERIC</filename> kernel by default.
Also, the <quote>Boot FreeBSD with USB keyboard</quote>
menu item in the boot loader menu has been removed
since this fixes USB keyboard probing problems.
&merged;</para>
<para>The &man.nfsmb.4; driver, which supports the NVIDIA nForce
2/3/4 SMBus 2.0 controller, has been added. &merged;</para>
<para>[&arch.ia64;, &arch.powerpc;] The loader tunable <varname>debug.mpsafevfs</varname>
is set to <literal>1</literal> by default.</para>
<para>The &man.sab.4; driver has been removed (it has been
superceded by the &man.scc.4; driver).</para>
<para>The &man.scc.4; driver has been added.
This provides generic support for serial communications
controllers and delegates the control over each channel
and mode to a subordinate driver such as &man.uart.4;.</para>
<para>[&arch.amd64;] The smbios(4) driver support for amd64 has been
added.</para>
<para>[&arch.sun4v;] &os; now has preliminary support for the Sun Microsystems
UltraSPARC-T1 architecture. &os;/sun4v has been demonstrated
to run on the Sun Fire T1000 and Sun Fire T2000 servers.
More information can be found on the
<ulink url="http://www.FreeBSD.org/platforms/sun4v.html">sun4v
Project</ulink>
page.</para>
<para>The tnt4882(4) driver, which supports the National Instruments
PCI-GPIB card, has been added.</para>
<para>[&arch.amd64;, &arch.i386;, &arch.ia64;, &arch.sparc64;] The &man.uart.4; driver has been included in the
<filename>GENERIC</filename> kernel by default.
When both &man.sio.4; and &man.uart.4; can handle a given serial port,
&man.sio.4; will claim it.</para>
<para>The &man.uark.4; driver, which supports the Arkmicro
Technologies ARK3116-based USB serial adapter, has been
added.</para>
<para>The &man.uart.4; driver now supports LOM (Lights Out Management)
and RSC (Remote System Control) devices as consoles.</para>
<para>The zs driver has been removed. Its functionality
has been superceded by that of the &man.uart.4; driver.</para>
<para>[&arch.i386;] A new loader tunable
<varname>hw.apic.enable_extint</varname> has been added.
This tunable can be used to disable masking of the ExtINT pin on the first
I/O APIC. At least one chipset for the Intel Pentium III seems
to need this, even though all of the pins in the 8259As are masked.
The default is still to mask the ExtINT pin.</para>
<para>[&arch.i386;] Support has been improved for
so-called <quote>legacy-free</quote> hardware, in particular,
i386 systems without AT-style keyboard controllers such as the
Macbook Pro. &merged;</para>
<sect4 id="mm">
<title>Multimedia Support</title>
<para>The &man.agp.4; driver now supports ATI AGP chipsets.
&merged;</para>
<para>The new midi(4) driver which is based on NetBSD's one
has been added. This supports &man.snd.cmi.4; and
&man.snd.emu10k1.4; drivers.</para>
<para>The &man.sound.4; driver now supports
wider range sampling rate, multiple precisions choice,
and 24/32 bit PCM format conversion. &merged;</para>
<para>The &man.snd.als4000.4; driver is now MPSAFE. &merged;</para>
<para>The &man.snd.atiixp.4; driver has been added.
This supports ATI IXP 200/300/400 series audio controllers. &merged;</para>
<para>The &man.snd.atiixp.4; driver now supports
suspend and resume features. &merged;</para>
<para>The &man.snd.cmi.4; driver is now MPSAFE.</para>
<para>The &man.snd.emu10kx.4; driver has been added. It
supports Creative SoundBlaster Live! and Audigy series sound
cards with optional pseudo-multichannel playback.</para>
<para>The &man.snd.envy24.4; driver has been added to support
the Envy24 series of audio chips.</para>
<para>The &man.snd.envy24ht.4; driver has been added to support
the VIA Envy24HT series of audio chips.</para>
<para>The &man.snd.es137x.4; driver is now MPSAFE. &merged;</para>
<para>The &man.snd.ich.4; driver is now MPSAFE. &merged;</para>
<para>The &man.snd.hda.4; driver has been added. It supports
devices that conform to revision 1.0 of the Intel High Definition
Audio specification.</para>
<para>The &man.snd.solo.4; driver is now MPSAFE. &merged;</para>
<para>The &man.snd.spicds.4; driver has been added to support
I2S SPI audio codec chips.</para>
<para>The &man.snd.via8233.4; driver is now MPSAFE. &merged;</para>
<para>The &man.snd.via82c686.4; driver is now MPSAFE. &merged;</para>
<para>[&arch.amd64;] The &man.speaker.4; driver now supports &os;/amd64. &merged;</para>
<para>The &man.uaudio.4; driver now supports 24/32 bit audio
formats and conversion.</para>
</sect4>
<sect4 id="net-if">
<title>Network Interface Support</title>
<para>The &man.ath.4; driver has been updated to
HAL version 0.9.20.3. &merged;</para>
<para>[&arch.amd64;, &arch.i386;, &arch.pc98;, &arch.sparc64;]
The &man.ath.4;, &man.ath.hal.4;, and
<literal>ath_rate_sample</literal> drivers have been
included in the <filename>GENERIC</filename> kernel by
default. &merged;</para>
<para>The &man.axe.4; driver now supports &man.altq.4;. &merged;</para>
<para>[&arch.amd64;, &arch.i386;] The &man.bce.4; driver, which supports Broadcom
NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet controllers,
has been added. For more details, see &man.bce.4;. &merged;</para>
<para>A bug which prevents the &man.bfe.4; driver from working
on a system with over 1GB RAM has been fixed. &merged;</para>
<para>The &man.bge.4; driver's Jumbo frame support is now MPSAFE.</para>
<para>The &man.bge.4; driver now supports big-endian
architectures such as sparc64.</para>
<para>The &man.bge.4; driver now supports &man.polling.4; mode.
&merged;</para>
<para>The &man.cm.4; driver is now MPSAFE.</para>
<para>The &man.cxgb.4; driver has been added. It provides support for
10 Gigabit Ethernet adapters based on the Chelsio T3 and T3B chipsets.
</para>
<para>The &man.dc.4; driver is now MPSAFE. &merged;</para>
<para>The &man.de.4; driver has been converted to the &man.bus.dma.9;
API and is now MPSAFE.</para>
<para>The &man.ed.4; driver is now MPSAFE.</para>
<para>The &man.edsc.4; driver, which provides Ethernet discard network
interfaces, has been added. &merged;</para>
<para>The &man.el.4; driver has been removed due to lack of use.</para>
<para>The &man.em.4; driver now supports big-endian
architectures such as sparc64. &merged;</para>
<para>The &man.em.4; driver has been updated to
version 6.5.0 from Intel. Among other changes, it now supports
80003, 82571, 82571EB, 82572 and 82575 based adapters, as well as
onboard-NICs on ICH8-based motherboards. &merged;</para>
<para>The &man.em.4; driver now includes
initial support for suspend and resume features.</para>
<para>The performance of the &man.em.4; driver has been improved
by using a fast interrupt handler and taskqueue
instead of ithread handler. This change can be disabled
by defining <literal>NO_EM_FASTINTR</literal> kernel option
for debugging purpose.</para>
<para>The IP over FireWire (&man.fwip.4;) driver is now enabled in
the <filename>GENERIC</filename> kernel.</para>
<para>The &man.gem.4; driver now supports &man.altq.4;.</para>
<para>The firmware images needed by the &man.ipw.4; driver are now
part of the &os; base system. For the loaded firmware to work the
license at <filename>/usr/share/doc/legal/intel_ipw/LICENSE</filename>
must be agreed to and <literal>legal.intel_ipw.license_ack=1</literal>
has to be added to <filename>/boot/loader.conf</filename>.
Prior versions of the driver used the firmware image in the
<filename role="package">net/ipw-firmware-kmod</filename>
port/package or the
<filename role="package">net/ipw-firmware</filename>
port/package. &merged;</para>
<para>The &man.iwi.4; driver now supports big-endian
architectures such as sparc64.</para>
<para>A number of improvements and bugfixes have been made to the
functionality of the &man.iwi.4; driver. &merged;</para>
<para>The firmware images needed by the &man.iwi.4; driver are now
part of the &os; base system. For the loaded firmware to work the
license at <filename>/usr/share/doc/legal/intel_iwi/LICENSE</filename>
must be agreed to and <literal>legal.intel_iwi.license_ack=1</literal>
has to be added to <filename>/boot/loader.conf</filename>.
Prior versions of the driver used the firmware image in the
<filename role="package">net/iwi-firmware-kmod</filename>
port/package or the
<filename role="package">net/iwi-firmware</filename>
port/package. &merged;</para>
<para>The ixgbe driver, which supports the Intel 10G PCI-Express
adapter (82598), has been added.</para>
<para>The &man.le.4; driver, which supports AMD Am7900 LANCE
and Am79C9xx PCnet NICs,
has been added. While the &man.lnc.4; driver also supports these
NICs, this driver has several advantages over it such as
MPSAFE, ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI
variants. This driver is based on NetBSD's implementation.
&merged;</para>
<para>The &man.lge.4; driver is now MPSAFE. &merged;</para>
<para>The lnc(4) driver has been removed. The &man.le.4; and
&man.pcn.4; drivers support all devices that were supported
by lnc(4).</para>
<para>The &man.msk.4; driver has been added. It supports
network interfaces using the Marvell/SysKonnect Yukon II
Gigabit Ethernet controller. &merged;</para>
<para>The &man.my.4; driver is now MPSAFE. &merged;</para>
<para>The &man.my.4; driver now supports &man.altq.4;. &merged;</para>
<para>[&arch.amd64;, &arch.i386;] The &man.mxge.4; driver,
which supports Myricom Myri10GE 10 Gigabit Ethernet
adapters, has been added. For more details, see
&man.mxge.4;. &merged;</para>
<para>[&arch.amd64;, &arch.i386;] The &man.nfe.4; driver, an open-source driver for nForce
Ethernet devices, has been added, originally from
OpenBSD. This driver has replaced the &man.nve.4; driver in
the <filename>GENERIC</filename> kernel.</para>
<para>[&arch.arm;] The &man.npe.4; driver, which supports the
Intel XScale Network Processing Engine, has been
added. &merged;</para>
<para>The &man.nve.4; driver has been updated to version 1.0-0310
(23-Nov-2005). It also now has &man.altq.4; support. &merged;</para>
<para>The &man.nxge.4; driver, which supports the Neterion
Xframe 10 Gigabit Ethernet adapter, has been added.</para>
<para>The &man.pcn.4; driver is now MPSAFE. &merged;</para>
<para>The &man.re.4; driver now supports the D-Link DGE-528(T)
Gigabit Ethernet card.</para>
<para>The &man.rum.4; driver has been added. It supports
WLAN adapters based on the Ralink RT2501USB and RT2601USB
chipsets.</para>
<para>The &man.sf.4; driver is now MPSAFE. &merged;</para>
<para>The &man.sk.4; driver is now MPSAFE. &merged;</para>
<para>The &man.ste.4; driver is now MPSAFE. &merged;</para>
<para>The &man.stge.4; driver has been added. It supports the
Sundance/Tamarack TC9021 Gigabit Ethernet controller and was
ported from NetBSD. &merged;</para>
<para>The &man.ti.4; driver now supports big-endian
architectures such as sparc64.</para>
<para>The &man.ufoma.4; driver for
FOMA (third generation mobile phone system by NTT DoCoMo, Inc.
in Japan) has been added.
This should support other third generation mobile phones
since the driver is based on USB Implementation Guideline
from MCPC (Mobile Computing Promotion Consortium) in Japan.</para>
<para>The vgapci(4) driver has been added. This is a stub
device driver for VGA PCI devices and serves as a bus
so that other drivers such as drm(4),
&man.acpi.video.4;, and &man.agp.4; can attach to
it thus allowing multiple drivers for the same device.</para>
<para>The &man.vge.4; driver now supports &man.altq.4;. &merged;</para>
<para>The &man.wi.4; driver is now buildable as
a kernel module.</para>
<para>[&arch.amd64;, &arch.i386;, &arch.pc98;] The &man.wlan.wep.4;,
&man.wlan.ccmp.4;, and &man.wlan.tkip.4; drivers
have been included in the <filename>GENERIC</filename>
kernel by default.</para>
<para>The network interface groups feature has been imported
from OpenBSD. This feature allows an administrator to, for
example, apply firewall rules to an entire group of
interfaces. More information can be found in
&man.ifconfig.8;.</para>
<para>The 802.11 protocol stack has been significantly reworked.
Among the new features are support for background scanning
and roaming between APs, as well as support that will be
required by 802.11n-capable devices.</para>
<para>The 802.11 protocol stack now has support for 900 MHz
cards, as well as quarter- and half-channel support
for 802.11a. &merged;</para>
<para>The &os; network stack now runs entirely free of the
Giant kernel lock, and relies solely on the kernel's
fine-grained locking primitives to manage parallelism. This
significantly improves the network stack's performance on
multi-processor systems; uni-processor systems could also
see performance gains.
ISDN4BSD, &man.ng.h4.4;, and netatm have been temporarily
disconnected from the build. These modules all require
the Giant kernel lock for their operation; disconnecting
them allows the removal of the NET_NEEDS_GIANT compatability
shim. It is planned to convert
these modules to fine-grained kernel locking and re-connect
them for &os; 7.1-RELEASE.</para>
</sect4>
</sect3>
<sect3 id="net-proto">
<title>Network Protocols</title>
<para>The &man.arp.4; retransmission algorithm has been
rewritten so that ARP requests are retransmitted without
suppression, while there is demand for such ARP entry.
Due to this change, a sysctl variable
<varname>net.link.ether.inet.host_down_time</varname>
has been removed. &merged;</para>
<para>The &man.arp.4; protocol now supports a sysctl variable
<varname>net.link.ether.inet.log_arp_permanent_modify</varname>
to suppress logging of attempts to modify
permanent ARP entries. &merged;</para>
<para>[&arch.amd64;, &arch.i386;, &arch.pc98;] An experimental BPF Just-In-Time compiler
has been implemented for both &man.bpf.4; and &man.ng.bpf.4;.
To enable this, the
<literal>options BPF_JITTER</literal> kernel option is needed.
The <varname>net.bpf_jitter.enable</varname>
can be used to disable this feature.</para>
<para>Multiple copies of a packet received via different
&man.bpf.4; listeners now all have identical
timestamps. &merged;</para>
<para>The &man.bpf.4; device now supports several new
&man.ioctl.2; calls to allow examining inbound vs. outbound
packets, as well as packets that have been injected onto the
network.</para>
<para>The bridge(4) driver has been removed from the tree. Its
functionality has been completely replaced by
&man.if.bridge.4;.</para>
<para>The &man.enc.4; IPsec filtering pseudo-device has been
added. It allows firewall packages using the &man.pfil.9;
framework to examine (and filter) IPsec traffic before
outbound encryption and after inbound decryption. &merged;</para>
<para>The &man.gre.4; driver, which is for GRE encapsulation
found in RFC 1701 and RFC 1702, now supports IPv6 over GRE.</para>
<para>The &man.if.bridge.4; driver now supports
creating SPAN ports, which transmit a copy of every frame
received by the bridge. This feature can be enabled
by using &man.ifconfig.8;. &merged;</para>
<para>The &man.if.bridge.4; driver now supports
RFC 3378 EtherIP. This change makes it possible to
add &man.gif.4; interfaces to bridges, which will then
send and receive IP protocol 97 packets.
Packets are Ethernet frames with an EtherIP header prepended.
&merged;</para>
<para>The &man.if.bridge.4; driver now supports RSTP, the Rapid
Spanning Tree Protocol (802.1w). &merged;</para>
<para>The &man.if.bridge.4; driver now supports a
<literal>private</literal> flag on bridge ports;
no private port on a bridge can communicate with any
other private port. This functionlity is useful in
scenarios such as number of customers VLANs bridged
with a server network; it might be desirable to prevent
the customer VLANs from communicating with each other
but allow all of them to access the server network. The
private flag on a bridge port can be set or cleared via
&man.ifconfig.8;.</para>
<para>A hard-coded limit on the number of IPv4 multicast group
memberships (formerly 20) has been removed.</para>
<para>The path MTU discovery for multicast packets in the &os;
IPv6 stack has been disabled by default.
Path MTU notification from a large number of multicast routers
can be a kind of distributed Denial-of-Service attack to a router.
This feature can be re-enabled by using a new sysctl variable
<varname>net.inet6.ip6.mcast_pmtu</varname>. &merged;</para>
<para>IPv6 multicast forwarding is now dynamically loadable, via
the <filename>ip_mroute.ko</filename> module.</para>
<para>IPv6 link-local addresses are now enabled only
if <varname>ipv6_enable</varname> is set in &man.rc.conf.5;.
&merged;</para>
<para>The &man.ipfw.4; IP packet filter now supports IPv6. &merged;</para>
<para>The &man.ipfw.4; firewall system now supports
a <literal>tablearg</literal> feature, which allows
values obtained from a table lookup to be used as part of a
rule. &merged;
This feature can be used to optimize some rulesets
or to implement policy-based routing inside a firewall.
For example, the following rules will throw different
packets to different pipes:</para>
<programlisting>pipe 1000 config bw 1000Kbyte/s
pipe 4000 config bw 4000Kbyte/s
table 1 add x.x.x.x 1000
table 1 add x.x.x.y 4000
pipe tablearg ip from table(1) to any</programlisting>
<para>The &man.ipfw.4; packet filter now supports
<literal>tag</literal> and <literal>untag</literal> rule keywords.
When a packet matches a rule with the <literal>tag</literal>
keyword, the numeric tag for the given number in the range
from 0 to 65535 will be attached to the packet.
The tag acts as an internal marker (it is not sent out over
the wire) that can be used to identify these packets later on,
for example, by using <literal>tagged</literal>
rule option. For more details, see &man.ipfw.8;. &merged;</para>
<para>The &man.ipfw.4; packet filter now supports filtering on
Routing Header Type 0 and Mobile IPv6 Routing Header Type 2
in addition to filtering on the non-differentiated presence
of any Routing Header.</para>
<para>The <literal>IPFIREWALL_FORWARD_EXTENDED</literal> kernel
option has been removed. This option was used to permit
&man.ipfw.4; to redirect packets with local destinations.
This behavior is now always enabled when
the <literal>IPFIREWALL_FORWARD</literal> kernel option is
enabled. &merged;</para>
<para>The ip6fw(8) packet filter has been removed. Since &man.ipfw.4; has gained
IPv6 support, it should be used instead. Please note that some rules might need
to be adjusted.</para>
<para>The KAME IPsec implementation has been removed. In its
place, <literal>FAST_IPSEC</literal> is now the only IPsec
implementation supported by the &os; kernel. The
<literal>IPSEC</literal> kernel configuration option, which
formerly enabled KAME IPsec, now enables
<literal>FAST_IPSEC</literal>. <literal>FAST_IPSEC</literal>
now supports both IPv4 and IPv6, uses fine-grained kernel
locking, and supports hardware cryptographic
acceleration.</para>
<para>Support for tunneling IPX over IP has been removed.</para>
<para>The &man.lagg.4; driver, ported from OpenBSD and NetBSD,
has been added to support a variety of protocols and algorithms
for link aggregation, failover, and fault tolerance. &merged;</para>
<para>The &man.natm.4;, Native Mode ATM protocol layer is now MPSAFE.</para>
<para>The &man.ng.car.4; Netgraph node has been added. It implements
various traffic shaping and rate limiting algorithms.</para>
<para>A new &man.ng.deflate.4; Netgraph node type has been
added. It implements Deflate PPP compression. &merged;</para>
<para>The &man.ng.ether.4; Netgraph node no longer overwrites
the MAC address of outgoing frames by default. &merged;</para>
<para>The &man.ng.iface.4; Netgraph node now supports &man.altq.4;.
&merged;</para>
<para>A new &man.ng.pred1.4; Netgraph node type has been added
to implement Predictor-1 PPP compression. &merged;</para>
<para>The &man.ng.tag.4; Netgraph node has been added to
support the manipulation of mbuf tags attached to data in the
kernel. &merged;</para>
<para>A bug has been fixed in which NFS over TCP would not reconnect
when the server sent a FIN. This problem had occurred
with Solaris NFS servers. &merged;</para>
<para>The default retransmit timer for NFS over TCP is now 60 seconds.
This change prevents the unnecessary retransmission of
non-idempotent NFS requests. The <varname>nfs_access_cache</varname>
variable in &man.rc.conf.5; has also been changed to 60.</para>
<para>The default minimum number of nfsiod kernel threads
(&man.sysctl.8; variable <varname>vfs.nfs.iodmin</varname>)
has been changed from 4 to 0.</para>
<para>The sysctl variables <varname>net.inet.ip.portrange.reservedhigh</varname>
and <varname>net.inet.ip.portrange.reservedlow</varname>
can be used with IPv6 now. &merged;</para>
<para>A new sysctl variable <varname>net.inet.icmp.reply_from_interface</varname>
has been added. This allows the &man.icmp.4;
reply to non-local packets to be generated with
the IP address the packet came through in.
This is useful for routers to show in &man.traceroute.8;
the actual path a packet has taken instead of
the possibly different return path.</para>
<para>A new sysctl variable <varname>net.inet.icmp.quotelen</varname>
has been added. This allows to change length of
the quotation of the original packet in an ICMP reply.
The minimum of 8 bytes is internally enforced.
The maximum quotation is the remaining space in the
reply mbuf. This option is added in response to the
issues raised in I-D
<filename>draft-gont-icmp-payload-00.txt</filename>.</para>
<para>The &man.icmp.4; now always quotes the entire TCP header
when responding and allocate an mbuf cluster if needed.
This change fixes the TCP issues raised in I-D
<filename>draft-gont-icmp-payload-00.txt</filename>.</para>
<para>A new socket option <literal>IP_MINTTL</literal> has been added.
This may be used to set the minimum acceptable
TTL a packet must have when received on a socket.
All packets with a lower TTL are silently dropped.
This works on already connected/connecting and
listening sockets for RAW, UDP, and TCP. This option
is only really useful when set to <literal>255</literal>, preventing packets
from outside the directly connected networks reaching
local listeners on sockets. Also, this option allows
userland implementation of <quote>The Generalized TTL
Security Mechanism (GTSM)</quote> found in RFC 3682.</para>
<para>The kernel &man.ppp.4; driver now supports IPv6.</para>
<para>Stealth forwarding now supports IPv6 as well as IPv4.
This behavior can be controlled by using a new sysctl variable
<varname>net.inet6.ip6.stealth</varname>.</para>
<para>The <literal>PIM</literal> kernel option has been removed.
The corresponding code is now included in the
<literal>MROUTING</literal> kernel option.</para>
<para>Support has been added for the RFC 3678 Source-Specific
Multicast (SSM) socket API. More details can be found in
the &man.sourcefilter.3; manual page.</para>
<para>Support has been added for the Stream Control Transmission
Protocol (SCTP). SCTP implements a reliable, message-oriented
transport protocol, and is defined in RFC 4960. It is enabled
in &os; with the <literal>SCTP</literal> kernel option and is
part of the <filename>GENERIC</filename> kernel. More
information can be found in the &man.sctp.4; manual page.</para>
<para>The <literal>IPV6_V6ONLY</literal> socket option
now works for UDP.</para>
<para>The <literal>TCP_DROP_SYNFIN</literal> kernel option is now
included in the kernel by default. The
<varname>net.inet.tcp.drop_synfin</varname> sysctl variable still
defaults to <literal>0</literal>.</para>
<para>The TCP bandwidth-delay product limiting feature has
been disabled when the RTT is below a certain threshold.
This optimization does not make sense on a LAN, as it has
trouble figuring out the maximal bandwidth due to the coarse
tick granularity. A new sysctl variable
<varname>net.inet.tcp.inflight.rttthresh</varname> specifies
the threshold in milliseconds below which this feature
will disengage. It defaults to 10ms. &merged;</para>
<para>The &os; network stack now has support for TCP
Segmentation Offload (TSO). TSO reduces the overhead of
sending bulk TCP data by allowing a network interface to
convert a large data transfer into multiple TCP segments to be
sent on the network. This functionality can be enabled or
disabled on a per-interface basis with
the <literal>tso</literal> and <literal>-tso</literal> flags
to &man.ifconfig.8;. Network interfaces and drivers
supporting TSO currently include &man.em.4;,
&man.mxge.4; and &man.cxgb.4;.</para>
<para>&os; now supports auto-sizing of TCP socket buffers. This
allows the socket buffer sizes to adapt dynamically to network
conditions, rather than being set statically. The behavior of
this feature can be controlled using
the <varname>net.inet.tcp.sendbuf_*</varname>
and <varname>net.inet.tcp.recvbuf_*</varname> sysctl
variables.</para>
<para>The <varname>net.link.tap.up_on_open</varname> sysctl variable
has been added to the &man.tap.4; driver. If enabled, new tap
devices will marked <literal>up</literal> upon creation. &merged;
</para>
<para>Support for &man.kqueue.2; operations has been added to
the &man.tun.4; driver. &merged;</para>
</sect3>
<sect3 id="disks">
<title>Disks and Storage</title>
<para>The &man.aac.4; driver now supports the Adaptec 2610SA SATA-RAID
controller in some Hewlett-Packard machines.</para>
<para>The performance of the &man.amr.4; driver has been improved;
it also now supports full 64-bit DMA. While this feature is
enabled by default, this can be forced off by setting the
<varname>hw.amr.force_sg32</varname> loader tunable for
debugging purpose.
&merged;</para>
<para>The &man.amr.4; driver now supports the &man.ioctl.2; requests
necessary for the Linux LSI MegaRaid tools in &os;'s Linux emulation
environment.
&merged;</para>
<para>The &man.arcmsr.4; driver has been updated to version
1.20.00.13. &merged;</para>
<para>The &man.ahc.4; driver is now MPSAFE.</para>
<para>The &man.ahd.4; driver is now MPSAFE.</para>
<para>The &man.ata.4; driver now supports a workaround
for some controllers whose DMA does not work properly
in 48bit mode. For affected controllers,
PIO mode will be used for access to areas beyond 137GB.
&merged;</para>
<para>The &man.ata.4; driver now supports the ITE IT8211F IDE controller,
and the Promise PDC40718 and PDC40719 chip found in Promise
Fasttrak TX4300.
&merged;</para>
<para>The &man.ata.4; driver now supports DMA for kernel crash dumps,
as well as crash dumping to an &man.ataraid.4; device.
&merged;</para>
<para>The &man.ata.4; driver now supports USB mass storage class
devices. To enable it, a line <literal>device atausb</literal>
in the kernel configuration file or loading the
<filename>atausb</filename> kernel module is needed.
Note that this functionality cannot coexist with the
&man.umass.4; driver. &merged;</para>
<para>The &man.ataraid.4; driver now supports
JMicron ATA RAID metadata. &merged;</para>
<para>The CAM subsystem is now MPSAFE.</para>
<para>The &man.ciss.4; driver is now MPSAFE.</para>
<para>A new <literal>GEOM_JOURNAL</literal> class has been added
to the GEOM storage transformation system. It supports
block-level journaling operations, which can be used by file
system modules to perform file system journaling and to keep
file systems in a consistent state. (Currently, only UFS file
systems are supported.) Its operation can be controlled using
the &man.gjournal.8; utility.</para>
<para>The <literal>GEOM_LABEL</literal> class now supports
Ext2FS, NTFS, and ReiserFS. &merged;</para>
<para>The <literal>GEOM_MIRROR</literal> class now supports
kernel crash dumps to the GEOM providers.
&merged;</para>
<para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal>
classes now support sysctl variables
<varname>kern.geom.mirror.disconnect_on_failure</varname>
and
<varname>kern.geom.graid3.disconnect_on_failure</varname>
to control whether failed components will be disconnected or not.
The default value is <literal>1</literal> to preserve the current
behavior, and if it is set to <literal>0</literal> such components
are not disconnected and the kernel will try to still use them
(only the first error will be logged).
This is helpful for the case of multiple broken components (in
different places), so actually all data is available.
The broken components will be visible in <command>gmirror list</command>
or <command>graid3 list</command> output with flag
<literal>BROKEN</literal>.
&merged;</para>
<para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal>
classes now use parallel I/O requests for synchronization
to improve the performance. New sysctl variables
<varname>kern.geom.mirror.sync_requests</varname> and
<varname>kern.geom.raid3.sync_requests</varname>
define how many parallel I/O requests should be used.
Also, the sysctl variables
<varname>kern.geom.mirror.reqs_per_sync</varname>,
<varname>kern.geom.mirror.syncs_per_sec</varname>,
<varname>kern.geom.raid3.reqs_per_sync</varname>, and
<varname>kern.geom.raid3.syncs_per_sec</varname>
are deprecated and have been removed.
&merged;</para>
<para>A new GEOM_MULTIPATH class has been added to support
multiple access paths to disk devices. The &man.gmultipath.8;
utility has been added to control the behavior of disk devices
using this feature.</para>
<para>A new GEOM class <literal>GEOM_ZERO</literal> has been added.
It creates a very huge provider (41PB) <filename>/dev/gzero</filename>
and is mainly useful for performance testing.
On <literal>BIO_READ</literal> request it zero-fills
<varname>bio_data</varname> and on <literal>BIO_WRITE</literal>
it does nothing.
&merged;</para>
<para>The GEOM class kernel module <filename>g_md.ko</filename>
has been renamed to <filename>geom_md.ko</filename>
for consistency.</para>
<para>[&arch.amd64;, &arch.i386;] The &man.hptiop.4; driver has been added.
It supports the Highpoint RocketRAID 3xxx series of controllers.</para>
<para>[&arch.amd64;, &arch.i386;] The &man.hptmv.4; driver has been updated and now supports
amd64 as well as PAE.</para>
<para>The &man.isp.4; driver is now MPSAFE.</para>
<para>The &man.mfi.4; driver, which supports
the LSI MegaRAID SAS controller family, has been added.
&merged;</para>
<para>The &man.mpt.4; driver has been updated to support
various new features such as RAID volume and RAID member
state/settings reporting, periodic volume re-synchronization
status reporting, and sysctl variables for volume
re-synchronization rate, volume member write cache status,
and volume transaction queue depth. &merged;</para>
<para>The &man.mpt.4; driver now supports SAS HBA (partially),
64-bit PCI, and large data transfer. &merged;</para>
<para>The &man.mpt.4; driver is now MPSAFE.</para>
<para>[&arch.amd64;, &arch.i386;] Experimental support for the
TMPFS file system has been added. TMPFS is an efficient
memory file system originally developed for the NetBSD project
during the Google Summer of Code. More information can be
found in the &man.tmpfs.5; manual page.</para>
<para>The &man.twa.4; driver has been updated to the 3.70.03.007
release on the 3ware Web site. It now supports AMCC's 3ware
9650 series of SATA controllers. &merged;</para>
<para>A new GEOM-based disk encryption facility, GEOM_ELI, has been
added. It uses the &man.crypto.9; framework for hardware acceleration
and supports different cryptographic algorithms. See &man.geli.8; for
more information. &merged;</para>
<para>The &man.geli.8; disk encryption system now supports loading keyfiles before the root
file system is mounted. &merged;
For example, the following entries
can be used in <filename>/boot/loader.conf</filename> to enable
it:</para>
<programlisting>geli_da0_keyfile0_load="YES"
geli_da0_keyfile0_type="da0:geli_keyfile0"
geli_da0_keyfile0_name="/boot/keys/da0.key0"
geli_da0_keyfile1_load="YES"
geli_da0_keyfile1_type="da0:geli_keyfile1"
geli_da0_keyfile1_name="/boot/keys/da0.key1"
geli_da0_keyfile2_load="YES"
geli_da0_keyfile2_type="da0:geli_keyfile2"
geli_da0_keyfile2_name="/boot/keys/da0.key2"
geli_da1s3a_keyfile0_load="YES"
geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"</programlisting>
<para>&man.geli.8; is now able to perform data integrity
verification (data authentication) of encrypted data stored on
disk. Note that the encryption algorithm is now specified to
the &man.geli.8; control program using the <option>-e</option>
option; the <option>-a</option> option is now used to specify
the authentication algorithm. &merged;</para>
<para>The &man.iscsi.initiator.4; driver, a kernel driver for
the Internet SCSI (iSCSI) protocol, has been added. This
driver allows access to remote SCSI devices over TCP/IP
networks. The &man.iscontrol.8; userland utility is used
to control the operation of the driver.</para>
<para>The scsi_sg driver, which emulates a significant
subset of the Linux SCSI SG passthrough device API, has
been added. It is
intended to allow programs running under Linux emulation
(as well as native &os; applications) to access the
<filename>/dev/sg<replaceable>*</replaceable></filename>
devices supported by Linux. &merged;</para>
<para>The &man.umass.4; driver now supports
<literal>PLAY_MSF</literal>,
<literal>PLAY_TRACK</literal>,
<literal>PLAY_TRACK_REL</literal>,
<literal>PAUSE</literal>,
<literal>PLAY_12</literal> commands so that
the &man.cdcontrol.1; utility can handle a USB CD drive.</para>
</sect3>
<sect3 id="fs">
<title>File Systems</title>
<para>[&arch.amd64;, &arch.i386;, &arch.pc98;] The &man.linsysfs.5;
pseudo-file system driver has been added.
It provides a subset of the
Linux <filename>sys</filename> file system, and is required for
the correct operation of some Linux binaries (such as the LSI
MegaRAID SAS utility). &merged;</para>
<para>A part of the FreeBSD NFS subsystem (the interface with
the protocol stack and callouts, the NFS client side) is now MPSAFE.</para>
<para>The &man.pseudofs.9; pseudo file system construction kit and
all of its consumers (&man.procfs.5;, &man.linprocfs.5; and
&man.linsysfs.5;), are now MPSAFE.</para>
<para>The unionfs file system has been re-implemented. This
version solves many crashing and locking issues compared to
the previous implementation. It also adds
new <quote>transparent</quote> and <quote>masquerade</quote>
modes for automatically creating files in the upper file system
layer of unions. More information can be found in the
&man.mount.unionfs.8; manual page. &merged;</para>
<para>[&arch.amd64;, &arch.i386;, &arch.pc98;] Support for Sun's ZFS has been
added. More information about this file system can be found
in the &man.zfs.8; manual page or
on the <ulink url="http://www.opensolaris.org/os/community/zfs/">
OpenSolaris ZFS page</ulink>.</para>
<para>Initial (read-only) support for SGI's XFS file system has been
added.</para>
</sect3>
</sect2>
<sect2 id="userland">
<title>Userland Changes</title>
<para>The addr2ascii() and ascii2addr() library calls, originally
introduced by the INRIA IPv6 implementation, have been removed
from <filename>libc</filename>. They have no consumers in the
&os; base system. In a related change, support
for <literal>AF_LINK</literal> addresses has been added to
&man.getnameinfo.3;.</para>
<para>Padding of <varname>ai_addrlen</varname>
in <varname>struct addrinfo</varname> has been removed,
which was originally for the ABI compatibility.
For example, this change breaks the ABI compatibility of the
&man.getaddrinfo.3; function on 64-bit architectures, including
&os;/amd64, &os;/ia64, and &os;/sparc64.</para>
<para>The &man.asf.8; utility has been revised and extended. Now
it can operate via several interfaces including &man.kvm.3;,
which supports not only live systems, but also kernel crash dumps.
&merged;</para>
<para>The &man.arp.8; utility now allows the <option>-i</option>
option together with the <option>-d</option> and <option>-a</option> options
to allow all entries for a given interface to be removed. &merged;</para>
<para>The &man.atrun.8; utility has gained PAM support. Before
running a job for a user account, it will check the account
status with PAM and refuse to run the job if the account is
unavailable. The default definition of an unavailable account
includes those expired and administratively locked out with
&man.pw.8;.</para>
<para>The OpenBSM userland tools, including &man.audit.8;,
&man.auditd.8;,
&man.auditreduce.1;, and
&man.praudit.1;, have been added. &merged;</para>
<para>The &man.bsdiff.1; and &man.bspatch.1; utilities
have been added. These are tools for constructing and
applying binary patches. &merged;</para>
<para>The &man.bsnmpd.1; utility now supports the Host Resources
MIB described in RFC 2790. &merged;</para>
<para>&man.cached.8; has been added. It is a daemon that caches
the results of nsswitch lookups (such as those to the password,
group, and services databases) for improved performance.</para>
<para>The &man.cmp.1; utility now supports an <option>-h</option>
flag to compare the symbolic link itself rather than the
file that the link points to. &merged;</para>
<para>The &man.config.8; utility now supports the <literal>nocpu</literal>
directive, which cancels the effect of a
previous <literal>cpu</literal> directive. &merged;</para>
<para>The &man.config.8; utility now reads <filename>DEFAULTS</filename>
kernel configuration file if it exists in the current directory
before the specified configuration file. &merged;</para>
<para>The &man.cp.1; utility now supports a <option>-l</option>
option, which causes it to create hardlinks to the source files
instead of copying them. &merged;</para>
<para>The &man.cron.8; daemon has gained PAM support. Before
running a command from account's private &man.crontab.5; file,
it will check the account status with PAM and skip the command
if the account is unavailable. The default definition of an
unavailable account includes those expired and administratively
locked out with &man.pw.8;. In addition, &man.cron.8; will
skip commands from private &man.crontab.5; files if a
&man.nologin.5; file exists, unless the &man.crontab.5; owner's
login class is exempt from &man.nologin.5; restriction.
Commands from the system file <filename>/etc/crontab</filename>
are not subject to the PAM check.</para>
<para>The &man.csh.1; utility now supports NLS catalogs.
Note that this requires installing
the <filename role="package">shells/tcsh_nls</filename> port.
&merged;</para>
<para>The &man.csup.1; utility has been imported.
This is an implementation of a CVSup-compatible client written
in the C language. Note that it currently supports checkout mode
only. &merged;</para>
<para>The &man.dhclient.8; program now supports the Classless Static
Route option as described in RFC 3442.</para>
<para>The &man.dhclient.8; program now sends the host's name in
DHCP requests if it is not specified in the configuration
file. &merged;</para>
<para>The &man.devd.8; utility now supports a <option>-f</option> option
to specify a configuration file. &merged;</para>
<para>The &man.du.1; program now supports a <option>-n</option>
flag, which causes it to ignore files and directories with
the <literal>nodump</literal> flag set. &merged;</para>
<para>The &man.dump.8; and &man.restore.8; programs now attempt to
save and restore extended attribute information on files.</para>
<para>The &man.fdisk.8; program now supports a <option>-p</option>
flag to print the slice table in fdisk configuration format.</para>
<para>The &man.fsdb.8; utility now supports changing the birth
time of files on UFS2 file systems using the new
<literal>btime</literal> command. &merged;</para>
<para>The &man.fsdb.8; program now supports
a <literal>findblk</literal> command, which finds the inode(s)
owning a specific disk block. &merged;</para>
<para>The &man.find.1; program now supports <option>-Btime</option>
and other related primaries, which can be used to create expressions
based on a file's creation time. &merged;</para>
<para>T/TCP support in &man.finger.1; (and the <option>-T</option>
flag used to enable it) has been removed.</para>
<para>A bug in the &man.find.1; program which prevents
numeric arguments for <option>-user</option> and
<option>-group</option> from working as expected
has been fixed.</para>
<para>The &man.freebsd-update.8; utility, a tool for managing
binary updates to the &os; base system, has been added. &merged;</para>
<para>The &man.ftpd.8; utility now creates a PID file
<filename>/var/run/ftpd.pid</filename> even when
no <option>-p</option> option is specified. &merged;</para>
<para>The &man.ftpd.8; utility now has support for RFC2389 (FEAT)
and rudimentary support for RFC2640 (UTF8). The RFC2640 support
is optional and can be enabled using the new <option>-8</option>
flag. More information can be found in the &man.ftpd.8; manual
page. &merged;</para>
<para>The &man.gcc.1; SSP (Stack-Smashing Protector) support is now
enabled by default.</para>
<para>The &man.gbde.8; utility now supports
<option>-k</option> and <option>-K</option> options
to specify a key file in addition to a passphrase.</para>
<para>The &man.getfacl.1; utility now supports
a <option>-q</option> flag to suppress the per-file header
comment listing the file name, owner, and group.
&merged;</para>
<para>The &man.getent.1; utility has been imported from NetBSD.
It retrieves and displays information from an administrative
database (such as <filename>hosts</filename>) using the lookup
order specified in &man.nsswitch.conf.5;. &merged;</para>
<para>The &man.gpt.8; utility now supports setting GPT partition labels.</para>
<para>The &man.gvinum.8; utility now supports commands
to rename objects and to move a subdisk from
one drive to another. &merged;</para>
<para>The &man.gvinum.8; utility now supports the
<command>resetconfig</command> sub-command.</para>
<para>An implementation of Generic Security Service API (GSS-API)
version 2 and its C binding described in RFC2743 and RFC2744
has been added. This is a new extensible GSS-API layer which
can support GSS-API plugins, similar the the Solaris
implementation, and the Kerberos 5 GSS mechanism has
been rewritten as a plugin library for the new implementation.</para>
<para>The &man.hccontrol.8; utility now supports HCI node
autodetection.</para>
<para>The &man.id.1; utility now prints the effective user
ID after the group ID.</para>
<para>The &man.id.1; utility now supports a <option>-A</option>
flag to print process audit properties, including the audit user
id. &merged;</para>
<para>The &man.ifconfig.8; utility now supports
a <option>-k</option> flag to allow printing
potentially sensitive keying material to standard output.
This sensitive information will not be printed by default.
&merged;</para>
<para>The &man.ifconfig.8; utility now supports a <option>-tunnel</option>
parameter, which is just an alias for <option>deletetunnel</option>,
yet is more convenient and easier to type. &merged;</para>
<para>The <option>-vlandev</option> parameter to &man.ifconfig.8;
no longer requires a network interface as its argument. The
argument still is supported for backward compatibility, but
is now deprecated and its use is discouraged. &merged;</para>
<para>The &man.iostat.8; utility now supports
a <option>-x</option> flag (inspired by Solaris) to print
extended disk statistics. If the new <option>-z</option> flag is
also specified, no output is made for disks with no
activity. &merged;</para>
<para>The &man.ipfwpcap.8; utility has been added; it captures
packets on a &man.divert.4; socket and writes them as
&man.pcap.3; (also known as &man.tcpdump.1;) format data to a
file or pipe.</para>
<para>The &man.jail.8; utility supports a <option>-J
<replaceable>jid_file</replaceable></option> option to
write out a JidFile, similar to a PidFile, containing
the jailid, path, hostname, IP and the command used to start
the jail. &merged;</para>
<para>The &man.jail.8; program now supports a <option>-s</option>
option to specify a jail's securelevel. &merged;</para>
<para>The &man.jexec.8; utility now supports <option>-u</option>
and <option>-U</option> flags to specify username credentials
under which a command should be executed. &merged;</para>
<para>The &man.kdump.1; program now supports a <option>-H</option>
flag, which causes kdump to print an additional field holding
the threadid. &merged;</para>
<para>The &man.kdump.1; program now supports a <option>-s</option>
flag to suppress the display of I/O data. &merged;</para>
<para>The &man.kdump.1; program now supports printing
flags in a system call argument by using symbol names.</para>
<para>The &man.kenv.1; utility now supports a <option>-q</option>
flag to suppress warnings.</para>
<para>&man.kgdb.1; now supports a <option>-w</option>
option to open kmem-based targets in read-write mode.
This allows one to use kgdb on <filename>/dev/mem</filename>
and be able to patch memory on a live system.</para>
<para>The &man.libarchive.3; library now supports
POSIX.1e-style Extended Attributes.</para>
<para>The &man.libarchive.3; library now contains support for
&man.ar.1;-style archives.</para>
<para>The <application>libc</application> library now includes
initial implementation of symbol maps and symbol version
definitions.</para>
<para>The <application>libedit</application> library has been
updated from the NetBSD source tree as of August 2005.</para>
<para>The <application>libm</application> library now includes
initial implementation of symbol maps and symbol version
definitions.</para>
<para>The &man.libmemstat.3; library has been added.
This is for use by debugging and monitoring applications
in tracking kernel memory statistics. It provides an
abstracted interface to &man.uma.9; and &man.malloc.9;
statistics, wrapped around the binary stream sysctl variables
for the allocators. &merged;</para>
<para>The &man.ln.1; utility now supports
an <option>-F</option> flag, which deletes existing
empty directories when creating symbolic links.
&merged;</para>
<para>The &man.locate.1; utility now supports
a <option>-0</option> flag to make this utility
interoperable with &man.xargs.1;'s <option>-0</option> flag.
&merged;</para>
<para>The &man.logger.1; utility now supports
a <option>-P</option>, which specifies the port to which syslog
messages should be sent. &merged;</para>
<para>The &man.ls.1; utility now supports
an <option>-I</option> flag to disable the automatic
<option>-A</option> flag for the superuser. &merged;</para>
<para>The &man.ls.1; utility now supports
an <option>-U</option> flag to use the file creation
time for sorting. &merged;</para>
<para>A new &man.malloc.3; implementation has been introduced.
This implementation, sometimes referred to
as <quote>jemalloc</quote>, was designed to improve the
performance of multi-threaded programs, particularly on SMP
systems, while preserving the performance of single-threaded
programs. Due to the use of different algorithms and data
structures, jemalloc may expose some previously-unknown bugs in
userland code, although most of the &os; base system and common
ports have been tested and/or fixed. Note that jemalloc uses
&man.mmap.2; to obtain memory and only uses &man.sbrk.2; under
limited circumstances (and then only for 32-bit architectures).
As a result, the <literal>datasize</literal> resource limit
has little practical effect for typical applications. The
<literal>vmemoryuse</literal> resource limit, however, can be
used to bound the total virtual memory used by a process, as
described in &man.limits.1;.</para>
<para>The &man.mdconfig.8; utility now supports producing
device listings formatted as XML. Currently, the
<command>list</command> and <command>query</command>
sub-commands support this feature.</para>
<para>The &man.mdconfig.8; utility's <option>-u</option> option
now supports specifying multiple devices separated
by comma character.</para>
<para>The &man.mdmfs.8; utility now supports a <option>-P</option> flag
to allow skipping the &man.newfs.8; process
when using a vnode-backed disk.</para>
<para>The &man.mdmfs.8; utility now supports a <option>-E</option> flag
to allow to specify location of the &man.mdconfig.8;
utility instead of using the default one
(<filename>/sbin/mdconfig</filename>).</para>
<para>A new function &man.memmem.3; has been implemented in
<filename>libc</filename>. This is the binary equivalent to
&man.strstr.3; and found in <filename>glibc</filename>.</para>
<para>The &man.mergemaster.8; utility now supports
an <option>-A</option> option to explicitly specify
an architecture to pass through to the underlying makefiles.
&merged;</para>
<para>The &man.mount.8; <literal>nodev</literal> option has
been removed.</para>
<para>The &man.mount.8; utility now supports &man.mqueuefs.5;.</para>
<para>A bug which prevents the &man.mount.8; utility from converting
a read-only mount to read-write via <command>mount -u -o rw</command>,
has been fixed.</para>
<para>The &man.mount.8; utility now supports a
<literal>late</literal> keyword in &man.fstab.5;, along with a
corresponding <option>-l</option> command-line option to specify
that these <quote>late</quote> file systems should be
mounted. &merged;</para>
<para>The &man.moused.8; daemon now supports an <option>-H</option> flag
to enable horizontal virtual scrolling similar to the
<option>-V</option> flag for vertical virtual scrolling.
&merged;</para>
<para>The mrouted(8) multicast routing daemon has been removed
from the &os; base system. It implements the DVMRP multicast
routing protocol, which has largely been replaced by PIM in many
multicast installations. The related map-mbone(8) and mrinfo(8)
utilities have also been removed. These programs are now
available in the &os; Ports Collection
as <filename role="package">net/mrouted</filename>.</para>
<para>The &man.netstat.1; utility now supports an
<option>-h</option> flag for interface stats mode,
which prints all interface statistics in human readable form. &merged;</para>
<para>The &man.netstat.1; utility now supports
printing &man.ipsec.4; protocol statistics.
Note that the output of <command>netstat -s -p ipsec</command>
differs depending on which stack is compiled into
the kernel since they each keep different statistics. &merged;</para>
<para>The &man.netstat.1; utility now supports printing
&man.sctp.4; protocol statistics.</para>
<para>The <filename>/etc/nsswitch.conf</filename> file is now
installed statically instead of being generated on every
reboot.</para>
<para>The objformat(1) utility and getobjformat(3) library (the
last remnants of a.out object file support) have been removed.</para>
<para>The &man.pam.nologin.8; module no longer provides a
an authentication function; instead it now provides an account
management function. Third-party files in
<filename>/usr/local/etc/pam.d</filename> may
need manual editing; specifically, lines in these files of
the form:
<screen>auth required pam_nologin.so no_warn</screen></para>
<para>These lines need to have the word <literal>auth</literal>
replaced with the word <literal>account</literal>.</para>
<para>The &man.periodic.8; daily script now supports
display of the status of &man.gmirror.8;, &man.graid3.8;,
&man.gstripe.8;, and &man.gconcat.8; devices.
Note that these are disabled by default. &merged;</para>
<para>A new function, &man.pidfile.3;, which provides reliable
pidfiles handling, has been implemented in
<filename>libutil</filename>. &merged;</para>
<para>The &man.ping.8; utility now supports a <quote>sweeping
ping</quote> in which &man.icmp.4; payload of
packets being sent is increased with given step.
This is useful for testing problematic channels, MTU issues
or traffic policing functions in networks. &merged;</para>
<para>The &man.ping.8; command now supports a <option>-W</option>
option to specify the maximum time to wait for an echo reply.
&merged;</para>
<para>The &man.pkill.1; utility now supports a
<option>-F</option> option which allows to
restrict matches to a process whose PID is stored in the
pidfile file. When another new option <option>-L</option>
is also specified, the pidfile file must be locked with the
&man.flock.2; syscall or created with &man.pidfile.3;.</para>
<para>The &man.pkill.1; utility now supports a
<option>-I</option> flag which works like <option>-i</option>
of &man.rm.1;. When this flag is specified, &man.pkill.1;
will ask for confirmation before sending a signal to
each matching process.</para>
<para>The &man.pkill.1; utility (also known as &man.pgrep.1;) has
been moved from <filename>/usr/bin</filename>
to <filename>/bin</filename> so that it can be used by startup
scripts. Symbolic links from its former location have been
created for backward compatibility. &merged;</para>
<para>The &man.pmcstat.8; program has seen several enhancements:
It can now log over a network socket to a remote host. The
<option>-c</option> now takes a comma-seperated list of CPUs
to configure for PMC allocation. The <option>-t</option> option
has been enhanced to take a regular expression for selecting
processes based on their command names. &man.pmcstat.8; now
allocates system PMCs on all CPUs by default, not just CPU 0.</para>
<para>The &man.powerd.8; program now supports a
<option>-P</option> option, which specifies a pidfile to use.</para>
<para>An extensible implementation of &man.printf.3;, compatible
with GLIBC, has been added to <filename>libc</filename>. It is
only used if the environment variable
<varname>USE_XPRINTF</varname> is defined, one of the extension
functions is called, or the global variable
<varname>__use_xprintf</varname> is set to a value greater than
<literal>0</literal>. Five extensions are currently supported:
<literal>%H</literal> (hex dump),
<literal>%T</literal> (<varname>time_t</varname> and
time-related structures),
<literal>%M</literal> (errno message),
<literal>%Q</literal> (double-quoted, escaped string),
<literal>%V</literal> (&man.strvis.3;-format string),
&merged;</para>
<para>The &man.pw.8; program now supports a <option>-M</option>
option to set the permissions of a user's newly created home
directory. &merged;</para>
<para>The DNS resolver library in &os;'s <application>libc</application>
has been updated to that from BIND 9.4.1.</para>
<para>The &man.rfcomm.sppd.1; program now supports service names
in addition to <option>-c</option> option with channel number.
The supported names are: DUN (Dial-Up Networking), FAX (Fax),
LAN (LAN Access Using PPP), and SP (Serial Port). &merged;</para>
<para>The &man.rpcbind.8; program can now bind its TCP listening
socket to an IP address other than INADDR_ANY using the
<option>-h</option> flag. The new <option>-6</option> flag allows
it to bind to IPv6 addresses only.</para>
<para>The &man.rpcgen.1; utility now generates headers and stub files
that can be used with ANSI C compilers by default.</para>
<para>The &man.rpc.lockd.8; and &man.rpc.statd.8; programs now
accept <option>-p</option> options to indicate which port they
should bind to. &merged;</para>
<para>The &man.rtld.1; runtime linker now supports ELF symbol versioning
using GNU semantics. This implementation aims to be compatible
with symbol versioning support as implemented by GNU libc and
documented in <ulink url="http://people.redhat.com/~drepper/symbol-versioning"></ulink>
and LSB 3.0. Also, <function>dlvsym()</function>
function has been added to
allow lookups for a specific version of a given symbol.</para>
<para>The &man.sa.8; utility now supports <option>-U</option>
and <option>-P</option> flags. They can be used to specify
the per-user and per-process summary file location,
respectively.</para>
<para>A bug in the &man.sed.1; utility which can cause
incorrect calculation of pattern space length in some cases
has been fixed.</para>
<para>The &man.sed.1; utility now supports case-insensitive
pattern matching; this feature can be enabled by using
the <literal>I</literal> flag after the closing delimiter for a
regular expression.</para>
<para>The behavior of the &man.setenv.3; family of library calls
has been changed from the historic BSD API to the
behavior mandated by POSIX. As a result, several base system
utility that relied on the old API have been updated to track
this change.</para>
<para>The <option>-h</option> flag to &man.setfacl.1; now properly
sets the ACL on a symbolic link, not the link target.</para>
<para>The &man.sh.1; utility now supports a <literal>times</literal>
built-in command. &merged;</para>
<para>The &man.snapinfo.8; utility, which shows snapshot locations
on UFS file systems, has been added. &merged;</para>
<para>The &man.sockstat.1; utility, which shows connected and
listening network sockets, now supports a new <option>-P</option>
command-line option, which can be used to filter displayed sockets
by protocol name (as listed in &man.protocols.5;).</para>
<para>The &man.strtonum.3; library function has been implemented
based on OpenBSD's implementation. This is an improved version of
&man.strtoll.3;. &merged;</para>
<para>The &man.sysctl.8; utility now supports a <option>-q</option>
flag to suppress a limited set of warnings and errors.</para>
<para>The &man.tail.1; utility now supports a <option>-q</option>
flag to suppress header lines when multiple files are
specified. &merged;</para>
<para>The version of tcpslice in the &os; base system has been
removed due to obsolescence. A more up-to-date version can be
found in the Ports Collection
as <filename role="package">net/tcpslice</filename>.</para>
<para>The &man.time.1; utility now prints the time that a given
command has been running if sent a <literal>SIGINFO</literal> signal.</para>
<para>The &man.top.1; program now supports a <option>-a</option>
flag to display process titles from their argument vectors;
this feature is useful for watching processes that change their
titles via &man.setproctitle.3;.</para>
<para>The &man.top.1; program now supports a <option>-j</option>
flag to display the &man.jail.8; ID for each process. &merged;</para>
<para>The &man.touch.1; utility now supports a <option>-A</option>
flag that allows the access and modification times of a file to be
adjusted by a specified value. &merged;</para>
<para>The &man.traceroute.8; program now supports
a <option>-D</option> flag, which causes it to display the
differences between the sent and received
packets. &merged;</para>
<para>The &man.traceroute.8; utility now supports
a <option>-e</option> option, which sets a fixed destination
port for probe packets. This can be useful for tracing behind
packet-filtering firewalls. &merged;</para>
<para>&man.traceroute.8; now decodes the complete set of ICMP
unreachable messages in its output. &merged;</para>
<para>The &man.truss.1; utility now supports an <option>-s</option>
flag for the same functionality as the strace utility
(<filename role="package">devel/strace</filename>).</para>
<para>The &man.truss.1; utility no longer depends on the availability
of the &man.procfs.5; file system; it uses the &man.ptrace.2;
interface instead for controlling a traced process.</para>
<para>[&arch.powerpc;] The &man.truss.1; utility now supports &os;/powerpc.</para>
<para>The usbd(8) utility has been removed.
The &man.devd.8; utility and its configuration
file now support functionality which is equivalent to it.</para>
<para>The &man.uuidgen.1; utility has been moved from
<filename>/usr/bin</filename> to <filename>/bin</filename>.</para>
<para>The vnconfig(8) utility, which was long ago replaced by
&man.mdconfig.8;, has been removed.</para>
<para>The wicontrol(8) utility has been removed. Configuration
functions for &man.wi.4; interfaces should be performed using
&man.ifconfig.8;.</para>
<para>The &man.xargs.1; utility now supports a <option>-r</option>
flag which makes the command execution when the standard input
does not contain any non-whitespace-characters. &merged;</para>
<para>The shared library version number of all libraries has
been updated due to some possible ABI changes. The libraries
include: snmp_<replaceable>*</replaceable>, libdialog, libg2c, libobjc,
libreadline, libregex, libstdc++, libkrb5, libalias, libarchive,
libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt,
libdevstat, libedit, libexpat, libfetch, libftpio, libgpib,
libipsec, libkiconv, libmagic, libmp, libncp, libncurses,
libnetgraph, libngatm, libopie, libpam, libpthread, libradius,
libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw,
libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto,
libssh, and libssl.</para>
<para>The <function>wcsdup()</function> function has been
implemented. This function is popular in Microsoft and GNU
systems.</para>
<para>The &man.wlandebug.8; utility has been added to the main
&os; source tree (it previously lived in a tools area). It
provides control over a number of types of debugging output
in the &man.wlan.4; module and related drivers, and can be
useful for debugging wireless issues.</para>
<para>The &man.wpa.passphrase.8; utility has been added. It
generates a 256-bit pre-shared WPA key from an ASCII
passphrase. &merged;</para>
<para>The compiler toolchain is now capable of generating
executables for systems using the ARM processor. &merged;</para>
<sect3 id="rc-scripts">
<title><filename>/etc/rc.d</filename> Scripts</title>
<para>The <filename>auditd</filename> script for
OpenBSM &man.auditd.8; has been added. &merged;</para>
<para>The <filename>bluetooth</filename> script
has been added. This script will be called from
&man.devd.8; in response to device attachment/detachment
events and to stop/start particular device without unplugging
it by hand. The configuration parameters are in
<filename>/etc/defaults/bluetooth.device.conf</filename>,
and can be overridden by using
<filename>/etc/bluetooth/<replaceable>$device</replaceable>.conf</filename>
(where <replaceable>$device</replaceable> is <devicename>ubt0</devicename>,
<devicename>btcc0</devicename>, and so on.)
For more details, see &man.bluetooth.conf.5;. &merged;</para>
<para>The <filename>ftpd</filename> script for
stand-alone &man.ftpd.8; has been added.</para>
<para>The <filename>gbde_swap</filename> script has
been removed in favor a new <filename>encswap</filename>
script which also supports &man.geli.8; for swap
encryption.</para>
<para>The <filename>geli</filename> and <filename>geli2</filename>
scripts has been added for &man.geli.8; device
configuration on boot.</para>
<para>The <filename>ike</filename> script for
IPsec IKE daemon has been removed because no such daemon
is included in the base system.</para>
<para>The <filename>hcsecd</filename> and
<filename>sdpd</filename> scripts have been added
for &man.hcsecd.8; and &man.sdpd.8; daemons.
These daemons can run even if no Bluetooth devices
are attached to the system, but both daemons depend on
Bluetooth socket layer and thus disabled by default.
Bluetooth sockets layer must be either loaded
as a module or compiled into kernel before the daemons can run.
&merged;</para>
<para>The <filename>hostapd</filename> script for
&man.hostapd.8; has been added. &merged;</para>
<para>The <filename>mdconfig</filename> script to
handle vnode backed &man.md.4; devices has been added.
This is a replacement of the <filename>ramdisk</filename>
script, and all of variables in <varname>ramdisk_*</varname>
have been changed to <varname>mdconfig_*</varname>.
Also, two new &man.rc.conf.5; variables
<varname>mdconfig_<replaceable>*</replaceable>_files</varname>
and
<varname>mdconfig_<replaceable>*</replaceable>_cmd</varname>
have been added. For example:</para>
<programlisting>mdconfig_md0="-t malloc -s 10m"
mdconfig_md1="-t vnode -f /var/foo.img"</programlisting>
<para>The <filename>netif</filename> script now supports
<varname>ipv4_addrs_<replaceable>ifn</replaceable></varname>
variables,
which add one or more IPv4 address from a ranged list in
CIDR notation. &merged; For example:</para>
<programlisting>ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"</programlisting>
<para>The <filename>rcconf.sh</filename> script in <filename>/etc/rc.d</filename>
has been removed and a variable <varname>early_late_divider</varname>,
which designates the script to separate the early and late stages
of the boot process, has been added.</para>
<para>The <filename>rc.initdiskless</filename> script now uses &man.tar.1;
instead of &man.pax.1; because &man.pax.1; needs a writable
temporary directory that may not be available when this script
runs.</para>
<para>The <filename>pccard</filename> script has been removed
since OLDCARD is deprecated.</para>
<para>The <filename>ppp-user</filename> script has been renamed to
<filename>ppp</filename>. &merged;</para>
<para>The <filename>sendmail</filename> script no longer rebuilds
the aliases database if it is missing or older than the aliases
file. If desired, set the new rc.conf option
<varname>sendmail_rebuild_aliases</varname> to "YES" to restore
that functionality.</para>
<para>The <varname>removable_interfaces</varname> variable
has been removed.</para>
<para>A new keyword <literal>NOAUTO</literal> in
<varname>ifconfig_<replaceable>ifn</replaceable></varname>
has been added. This prevents configuration of an interface
at boot time or via <filename>/etc/pccard_ether</filename>,
and allows <filename>/etc/rc.d/netif</filename>
to be used to start and stop an interface
on a purely manual basis.</para>
</sect3>
</sect2>
<sect2 id="contrib">
<title>Contributed Software</title>
<para><application>Intel ACPI-CA</application>
has been updated to 20070320.</para>
<para><application>awk</application> has been updated from the 24
April 2005 release to the 1 May 2007 release.</para>
<para><application>BIND</application> has been updated from 9.3.1
to 9.4.1-p1.</para>
<para><application>BSNMPD</application> has been updated from
1.11 to 1.12.</para>
<para><application>BZIP2</application> has been updated from
1.0.3 to 1.0.4.
&merged;</para>
<para>GNU <application>Diffutils</application> has been updated
from 2.7 to 2.8.7.
&merged;</para>
<para><application>DRM</application> has
been updated to a snapshot from DRI CVS as of 20060517.
&merged;</para>
<para>The Forth Inspired Command Language (<application>FICL</application>)
used in the boot loader has been updated to 3.03.</para>
<para><application>FILE</application> has been updated from 4.12
to 4.21.</para>
<para>The GNU version of <application>gzip</application> has been
replaced with a modified version of gzip ported from NetBSD.
&merged;</para>
<para><application>netcat</application> has been updated from the
version in a 4 February 2005 OpenBSD snapshot to the version
included in OpenBSD 4.1. &merged;</para>
<para><application>GCC</application> has been updated from 3.4.4
to 4.2.0.</para>
<para><application>GNU Readline library</application> has been
updated from 5.0 to 5.2 patch 2. &merged;</para>
<para><application>GNU Troff</application>
has been updated from version 1.19 to version 1.19.2.
&merged;</para>
<para><application>IPFilter</application> has been updated from
4.1.8 to 4.1.23.</para>
<para><application>less</application> has been updated from v381
to v406. &merged;</para>
<para><application>libpcap</application> has been updated from
0.9.1 to 0.9.4. &merged;</para>
<para><application>lukemftpd</application> has been updated from a
snapshot from NetBSD as of 9 August 2004 to a snapshot from
NetBSD as of 31 August 2006. &merged;</para>
<para><application>OpenSSH</application> has been updated from
4.2p1 to 4.5p1. &merged;</para>
<para><application>OpenSSL</application> has been updated from
0.9.7e to 0.9.8e.</para>
<para><application>ncurses</application> has been updated from
5.2-20020615 to 5.6-20061217. ncurses now also has wide
character support. &merged;</para>
<para><application>hostapd</application>
has been updated from version 0.3.9 to version 0.5.8.
</para>
<para><application>PF</application> has been updated from OpenBSD
version 3.7 to OpenBSD version 4.1.</para>
<para><application>sendmail</application> has been updated from
8.13.4 to 8.14.1. &merged;</para>
<para><application>tcpdump</application> has been updated from
3.9.1 to 3.9.4. &merged;</para>
<para>The timezone database has been updated from the
<application>tzdata2005l</application> release to the
<application>tzdata2006n</application> release. &merged;</para>
<para><application>tip</application> has been updated to a
snapshot from OpenBSD as of 20060831.</para>
<para>TrustedBSD <application>OpenBSM</application>,
version 1.0 alpha 15, an implementation of the documented Sun Basic
Security Module (BSM) Audit API and file format, as well as local
extensions to support the Mac OS X and &os; operating systems
has been added. This also includes command line tools for audit
trail reduction and conversion to text and XML, as well as
documentation of the commands, file format, and APIs.
For this functionality, the <literal>AUDIT</literal> kernel option,
<filename>/var/audit</filename> directory, and
<literal>audit</literal> group have been added. &merged;</para>
<para><application>WPA Supplicant</application>
has been updated from version 0.3.9 to version 0.5.8.
</para>
<para><application>zlib</application>
has been updated from version 1.2.2 to version 1.2.3. &merged;</para>
</sect2>
<sect2 id="ports">
<title>Ports/Packages Collection Infrastructure</title>
<para>&man.pkg.add.1; now supports an <option>-F</option>
flag to disable checking whether the same package is already
installed or not. &merged;</para>
<para>The &man.pkg.add.1; program now supports an <option>-P</option>
flag, which is the same as the <option>-p</option> flag
except that the given prefix is also used recursively for the
dependency packages if any. &merged;</para>
<para>The &man.pkg.add.1; and &man.pkg.create.1; utilities now support
a <option>-K</option> flag to save packages to the current directory
(or <varname>PKGDIR</varname> if defined) by default.
&merged;</para>
<para>The &man.pkg.create.1; program now supports an <option>-x</option>
flag to support basic regular expressions for package name,
an <option>-E</option> flag for extended regular
expressions, and a <option>-G</option> for exact matching. &merged;</para>
<para>The &man.pkg.version.1; utility now supports an <option>-o</option>
flag to show the origin recorded on package generation
instead of the package name, and an <option>-O</option> flag
to list packages with a specific registered origin.
&merged;</para>
<para>The &man.portsnap.8; utility (<filename>sysutils/portsnap</filename>)
has been added into the &os; base system. This is a secure,
easy to use, fast, lightweight, and generally good way for
users to keep their ports trees up to date. &merged;</para>
<para>A incorrect handling of <varname>HTTP_PROXY_AUTH</varname>
in the &man.portsnap.8; utility has been fixed. &merged;</para>
<para>The startup scripts from the <varname>local_startup</varname>
directory now evaluated by using &man.rcorder.8; with scripts
in the base system. &merged;</para>
<para>The suffix of startup scripts from the Ports Collection
has been removed. This means <filename>foo.sh</filename>
is renamed to <filename>foo</filename>, and now
scripts whose name is something like
<filename>foo.ORG</filename> will also be invoked.
You are recommended to reinstall packages which install
such scripts and remove extra files in the
<varname>local_startup</varname> directory. &merged;</para>
<para>New <filename>rc.conf</filename> variables,
<varname>ldconfig_local_dirs</varname> and
<varname>ldconfig_local32_dirs</varname> have been added.
These hold lists of local &man.ldconfig.8; directories.
&merged;</para>
<para>The <command>@cwd</command> command in
<filename>pkg-plist</filename> now allows
the case where no directory argument is given. If no
directory argument is given, it will set current
working directory to the first prefix given by the
<command>@cwd</command> command. &merged;</para>
</sect2>
<sect2 id="releng">
<title>Release Engineering and Integration</title>
<para>The default partition sizing algorithm of the
&man.sysinstall.8; utility has been changed.</para>
<itemizedlist>
<listitem>
<para>On systems where the disk capacity is larger than (3 * RAMsize + 10GB),
the default sizes will now be as follows:</para>
<informaltable frame="none" pgwide="0">
<tgroup cols="2">
<colspec colwidth="1*">
<colspec colwidth="2*">
<thead>
<row>
<entry>Partition</entry>
<entry>Size</entry>
</row>
</thead>
<tbody>
<row><entry>swap</entry><entry>RAMsize * 2</entry></row>
<row><entry><filename>/</filename></entry><entry>512 MB</entry></row>
<row><entry><filename>/tmp</filename></entry><entry>512 MB</entry></row>
<row><entry><filename>/var</filename></entry><entry>1024 MB + RAMsize</entry></row>
<row><entry><filename>/usr</filename></entry><entry>the rest (8GB or more)</entry></row>
</tbody>
</tgroup>
</informaltable>
</listitem>
<listitem>
<para>On systems where the disk capacity is larger than
(RAMsize / 8 + 2 GB), the default sizes will be
in the following ranges, with space allocated
proportionally:</para>
<informaltable frame="none" pgwide="0">
<tgroup cols="2">
<colspec colwidth="1*">
<colspec colwidth="2*">
<thead>
<row>
<entry>Partition</entry>
<entry>Size</entry>
</row>
</thead>
<tbody>
<row><entry>swap</entry><entry>from RAMsize / 8 to RAMsize * 2</entry></row>
<row><entry><filename>/</filename></entry><entry>from 256MB to 512MB</entry></row>
<row><entry><filename>/tmp</filename></entry><entry>from 128MB to 512MB</entry></row>
<row><entry><filename>/var</filename></entry><entry>from 128MB to 1024MB</entry></row>
<row><entry><filename>/usr</filename></entry><entry>from 1536MB to 8192MB</entry></row>
</tbody>
</tgroup>
</informaltable>
</listitem>
<listitem>
<para>On systems with even less disk space, the existing behavior is not
changed.</para>
</listitem>
</itemizedlist>
<para>The &man.sysinstall.8; utility now displays the running &os;
version in menu titles. &merged;</para>
<para>A new <literal>showconfig</literal>
target has been added in <filename>src/Makefile</filename>
to show the build configuration of the &os; source tree.</para>
<para>A <filename>/media</filename> directory has been
added to contain mount points for removable media
such as CDROMs, floppy disks, USB drives, and so on. &merged;</para>
<para>The <filename>src.conf</filename> file, which
contains settings that will apply to every build involving
the &os; source tree, has been added.
For details, see &man.build.7; and &man.src.conf.5;.</para>
<para>The supported version of
the <application>GNOME</application> desktop environment
(<filename role="package">x11/gnome2</filename>) has been
updated from 2.10.2 to 2.18.0. As a part of this update, the
default prefix for <application>GNOME</application> (and some
related programs) has moved from
<filename>/usr/X11R6</filename>
to <filename>/usr/local</filename>. &merged;</para>
<para>The supported version of
the <application>KDE</application> desktop environment
(<filename role="package">x11/kde3</filename>) has been
updated from 3.4.2 to 3.5.7. &merged;</para>
<para>[&arch.amd64;, &arch.i386;] The supported Linux emulation now uses the
libraries in the
<filename role="package">emulators/linux_base-fc4</filename>
package. &merged;</para>
<para>The supported version of
the <application>Perl</application> interpreter
(<filename role="package">lang/perl5.8</filename>) has been updated
from 5.8.7 to 5.8.8. &merged;</para>
<para>The supported version of
the <application>&xorg;</application> windowing system
(<filename role="package">x11/xorg</filename>) has been updated
from 6.8.2 to 7.2.0. &merged;</para>
<para>The default value of <varname>X11BASE</varname> has been changed
from <filename>/usr/X11R6</filename> to <filename>/usr/local</filename>,
the default value of <varname>LOCALBASE</varname>. &merged;</para>
<para>[&arch.pc98;] &os;/pc98 release CDROMs are now
bootable on systems with some supported SCSI adapters.
&merged;</para>
</sect2>
<sect2 id="doc">
<title>Documentation</title>
<para>Documentation of existing functionality has been improved by
the addition of the following manual pages:
&man.acpi.sony.4;, &man.device.get.sysctl.9;,
&man.ext2fs.5;,
&man.mca.8;,
&man.nanobsd.8;,
&man.snd.mss.4;, &man.snd.t4dwave.4;,
&man.sysctl.9;.</para>
<para>The manual pages for <application>NTP</application>
have been updated to 4.2.0, to match the version of
code actually included in &os;. &merged;</para>
<para>Initial support for kernel subsystem API documentation generating
framework using <filename role="package">devel/doxygen</filename>
has been added into <filename>src/sys/doc/subsys</filename>.
To generate the API document, type <command>make doxygen</command>
in <filename>src/</filename> directory.</para>
</sect2>
</sect1>
<sect1 id="upgrade">
<title>Upgrading from previous releases of &os;</title>
<para>[&arch.i386;, &arch.amd64;] Beginning with &os; 6.2-RELEASE,
binary upgrades between RELEASE versions (and snapshots of the
various security branches) are supported using the
&man.freebsd-update.8; utility. The binary upgrade procedure will
update unmodified userland utilities, as well as unmodified GENERIC or
SMP kernels distributed as a part of an official &os; release.
The &man.freebsd-update.8; utility requires that the host being
upgraded have Internet connectivity.</para>
<para>An older form of binary upgrade is supported through the
<command>Upgrade</command> option from the main &man.sysinstall.8;
menu on CDROM distribution media. This type of binary upgrade
may be useful on non-&arch.i386;, non-&arch.amd64; machines
or on systems with no Internet connectivity.</para>
<para>Source-based upgrades (those based on recompiling the &os;
base system from source code) from previous versions are
supported, according to the instructions in
<filename>/usr/src/UPDATING</filename>.</para>
<important>
<para>Upgrading &os; should, of course, only be attempted after
backing up <emphasis>all</emphasis> data and configuration
files.</para>
</important>
</sect1>
</article>
Reference in New Issue View Git Blame Copy Permalink