summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorhrs <hrs@FreeBSD.org>2005-07-15 15:15:20 +0000
committerhrs <hrs@FreeBSD.org>2005-07-15 15:15:20 +0000
commit31b14305721bc7628636caa27ddcfe8e3858db38 (patch)
tree9feb5721da84282cabbd7f394a48ca347626c253
parent71c506efead126c794dc4a75e9f30291e0b42381 (diff)
downloadFreeBSD-src-31b14305721bc7628636caa27ddcfe8e3858db38.zip
FreeBSD-src-31b14305721bc7628636caa27ddcfe8e3858db38.tar.gz
Trim the old relnotes items.
Diffstat
-rw-r--r--release/doc/en_US.ISO8859-1/relnotes/article.sgml1479
-rw-r--r--release/doc/en_US.ISO8859-1/relnotes/common/new.sgml1479
2 files changed, 32 insertions, 2926 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
index 89b9a18..a6e787e 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@@ -113,322 +113,18 @@
<sect2 id="security">
<title>Security Advisories</title>
- <para>A bug in the &man.fetch.1; utility, which allows
- a malicious HTTP server to cause arbitrary portions of the client's
- memory to be overwritten, has been fixed.
- For more information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:16.fetch.asc">FreeBSD-SA-04:16.fetch</ulink>.
- &merged;</para>
-
- <para>A bug in &man.procfs.5; and &man.linprocfs.5;
- which could allow a malicious local user to read parts of kernel
- memory or perform a local
- denial of service attack by causing a system panic,
- has been fixed.
- For more information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc">FreeBSD-SA-04:17.procfs</ulink>.
- &merged;</para>
-
- <para>Two buffer overflows in the TELNET client program have been
- corrected. They could have allowed a malicious TELNET server or
- an active network attacker to cause &man.telnet.1; to execute
- arbitrary code with the privileges of the user running it.
- More information can be found in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc">FreeBSD-SA-05:01.telnet</ulink>.
- &merged;</para>
-
- <para>An information disclosure vulnerability in the
- &man.sendfile.2; system call, which could permit it to transmit
- random parts of kernel memory, has been fixed. More details are
- in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc">FreeBSD-SA-05:02.sendfile</ulink>.
- &merged;</para>
-
- <para arch="amd64">A possible privilege escalation vulnerability on &os;/amd64
- has been fixed. This allows unprivileged users to gain direct
- access to some hardware which cannot be accessed
- without the elevated privilege level. More details are in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc">FreeBSD-SA-05:03.amd64</ulink>.
- &merged;</para>
-
- <para>An information leak vulnerability in the
- <literal>SIOCGIFCONF</literal> &man.ioctl.2;, which leaked 12
- bytes of kernel memory, has been fixed. More details are in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc">FreeBSD-SA-05:04.ifconf</ulink>.
- &merged;</para>
-
- <para>Several programming errors in &man.cvs.1;, which could
- potentially cause arbitrary code to be executed on CVS servers,
- have been corrected. Further information can be found in
- security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc">FreeBSD-SA-05:05.cvs</ulink>.
- &merged;</para>
-
- <para>An error in the default permissions on the <filename
- class="devicefile">/dev/iir</filename> device node, which
- allowed unprivileged local users can send commands to the
- hardware supported by the &man.iir.4; driver, has been fixed.
- For more information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc">FreeBSD-SA-05:06.iir</ulink>.
- &merged;</para>
-
- <para>A bug in the validation of &man.i386.get.ldt.2; system call
- input arguments, which may allow kernel memory to be disclosed
- to a user process, has been fixed. For more information, see
- security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc">FreeBSD-SA-05:07.ldt</ulink>.
- &merged;</para>
-
- <para>Several information disclosure vulnerabilities in various
- parts of the kernel have been fixed. For more information, see
- security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc">FreeBSD-SA-05:08.kmem</ulink>.
- &merged;</para>
-
- <para arch="i386,amd64">Because of an information disclosure vulnerability on
- processors using Hyper-Threading Technology (HTT), the
- <varname>machdep.hyperthreading_allowed</varname> sysctl
- variable has been added. It defaults to <literal>1</literal>
- (HTT enabled) on &os; CURRENT, and <literal>0</literal> (HTT
- disabled) on the 4-STABLE and 5-STABLE development branches and
- supported security fix branches. More information can be found
- in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc">FreeBSD-SA-05:09.htt</ulink>.
- &merged;</para>
-
- <para>A bug in the &man.tcpdump.1; utility which allows
- a malicious remote user to cause a denial-of-service
- by using specially crafted packets, has been fixed.
- For more information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:10.tcpdump.asc">FreeBSD-SA-05:10.tcpdump</ulink>.
- &merged;</para>
-
- <para>Two problems in the &man.gzip.1; utility have been fixed.
- These may allow a local user to modify permissions
- of arbitrary files and overwrite arbitrary local
- files when uncompressing a file.
- For more information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:11.gzip.asc">FreeBSD-SA-05:11.gzip</ulink>.
- &merged;</para>
-
- <para>A bug in <application>BIND 9</application> DNSSEC has been fixed.
- When DNSSEC is enabled, this bug may allow a remote attacker to inject
- a specially crafted packet which will cause &man.named.8; to terminate.
- For more information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:12.bind9.asc">FreeBSD-SA-05:12.bind9</ulink>.
- &merged;</para>
-
- <para>A bug has been fixed in &man.ipfw.4; that could cause
- packets to be matched incorrectly against a lookup table. This
- bug only affects SMP machines or UP machines that have the
- <literal>PREEMPTION</literal> kernel option enabled. More
- information is contained in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc">FreeBSD-SA-05:13.ipfw</ulink>.
- &merged;</para>
-
- <para>Two security-related problems have been fixed in
- &man.bzip2.1;. These include a potential denial of service and
- unauthorized manipulation of file permissions. For more
- information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip2.asc">FreeBSD-SA-05:14.bzip2</ulink>.
- &merged;</para>
-
- <para>Two problems in &os;'s TCP stack have been fixed. They
- could allow attackers to stall existing TCP connections,
- creating a denial-of-service situation. More information is
- contained in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc">FreeBSD-SA-05:15.tcp</ulink>.
- &merged;</para>
-
+ <para></para>
</sect2>
<sect2 id="kernel">
<title>Kernel Changes</title>
- <para arch="i386">Support for 80386 processors (the
- <literal>I386_CPU</literal> kernel configuration option) has
- been removed. Users running this class of CPU should use &os;
- 5.<replaceable>X</replaceable> or earlier.</para>
-
- <para>The kernel debugger &man.ddb.4; now supports a
- <command>show alllocks</command> command, which dumps a list of processes
- and threads currently holding sleep mutexes (and spin mutexes for
- the current thread). &merged;</para>
-
- <para arch="amd64,i386,pc98">The kernel crash dump format has been changed to
- ELF to support large memory (more than 4GB) environment.</para>
-
- <para>The &man.ichsmb.4; driver is now available as a loadable
- kernel module.</para>
-
- <para>The &man.jail.8; feature now supports a new sysctl
- <varname>security.jail.chflags_allowed</varname>, which controls the
- behavior of &man.chflags.1; within a jail.
- If set to <literal>0</literal> (the default), then a jailed <username>root</username> user is
- treated as an unprivileged user; if set to <literal>1</literal>, then
- a jailed root user is treated the same as an unjailed <username>root</username> user. &merged;</para>
-
- <para>A sysctl <varname>security.jail.getfsstatroot_only</varname> has been
- renamed to <varname>security.jail.enforce_statfs</varname> and
- now supports the following policies:</para>
-
- <informaltable frame="none">
- <tgroup cols="2">
- <colspec colwidth="1*">
- <colspec colwidth="3*">
- <thead>
- <row>
- <entry>Value</entry>
- <entry>Policy</entry>
- </row>
- </thead>
-
- <tbody>
- <row>
- <entry>0</entry>
- <entry>Show all mount-points without any restrictions.</entry>
- </row>
-
- <row>
- <entry>1</entry>
- <entry>Show only mount-points below jail's chroot and show only part of the
- mount-point's path (for example, if the jail's chroot directory is
- <filename>/jails/foo</filename> and
- mount-point is
- <filename>/jails/foo/usr/home</filename>,
- only <filename>/usr/home</filename> will be shown).</entry>
- </row>
-
- <row>
- <entry>2</entry>
- <entry>Show only mount-point where jail's chroot directory is placed.</entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
-
- <para arch="alpha,amd64,i386,sparc64">The loader tunable <varname>debug.mpsafevm</varname>
- has been enabled by default. &merged;</para>
-
- <para>&man.memguard.9;, a kernel memory allocator designed to help detect
- <quote>tamper-after-free</quote> scenarios, has been added.
- This must be explicitly enabled via <literal>options
- DEBUG_MEMGUARD</literal>, plus small kernel modifications. It
- is generally intended for use by kernel developers.</para>
-
- <para><varname>struct ifnet</varname> and network interface API
- have been changed. Due to ABI incompatibility, all drivers
- not in the &os; base system need to be updated to use
- the new API and recompiled.</para>
-
- <para>A number of bugs have been fixed in the ULE
- scheduler. &merged;</para>
-
- <para>Fine-grained locking to allow much of the VFS stack to run
- without the Giant lock has been added. This is enabled by default
- on the alpha, amd64, and i386 architectures, and can be disabled
- by setting the loader tunable (and sysctl variable)
- <varname>debug.mpsafevfs</varname> to
- <literal>0</literal>.</para>
-
- <para arch="i386">A bug in Inter-Processor Interrupt (IPI)
- handling, which could cause SMP systems to crash under heavy
- load, has been fixed. More details are contained in errata note
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:03.ipi.asc">FreeBSD-EN-05:03.ipi</ulink>.
- &merged;</para>
-
- <para>System V IPC objects (message queues, semaphores, and shared
- memory) now have support for Mandatory Access Control policies,
- notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and
- &man.mac.test.4;.</para>
-
- <para arch="i386">Memory allocation for legacy PCI bridges has
- been limited to the top 32MB of RAM. Many older, legacy bridges
- only allow allocation from this range. This change only applies
- to devices which do not have their memory assigned by the BIOS.
- This change fixes the <quote>bad Vcc</quote> error of CardBus
- bridges (&man.pccbb.4;). &merged;</para>
-
- <para>The &man.sysctl.3; MIBs beginning with <quote>debug</quote>
- now require the kernel option <literal>options SYSCTL_DEBUG</literal>.
- This option is disabled by default.</para>
-
- <para>The generic &man.tty.4; driver interface has been added
- and many device drivers including
- &man.cx.4; (<literal>{tty,cua}x</literal>),
- &man.cy.4; (<literal>{tty,cua}c</literal>),
- &man.digi.4; (<literal>{tty,cua}D</literal>),
- &man.rc.4; (<literal>{tty,cua}m</literal>),
- &man.rp.4; (<literal>{tty,cua}R</literal>),
- &man.sab.4; (<literal>{tty,cua}z</literal>),
- &man.si.4; (<literal>{tty,cua}A</literal>),
- &man.sio.4; (<literal>{tty,cua}d</literal>),
- sx (<literal>{tty,cua}G</literal>),
- &man.uart.4; (<literal>{tty,cua}u</literal>),
- &man.ubser.4; (<literal>{tty,cua}y</literal>),
- &man.ucom.4; (<literal>{tty,cua}U</literal>), and
- &man.ucycom.4; (<literal>{tty,cua}y</literal>)
- have been rewritten to use it. Note that <filename>/etc/remote</filename>
- and <filename>/etc/ttys</filename> have been updated as well.</para>
-
- <para>The &man.vkbd.4; driver has been added. This driver
- provides a software loopback mechanism that can implement
- a virtual AT keyboard similar to what the &man.pty.4; driver
- does for terminals.</para>
-
- <!-- Above this line, sort kernel changes by manpage/keyword-->
-
- <para arch="i386,amd64">&os; always uses the local APIC timer
- even on uni-processor systems now.</para>
-
- <para arch="i386,amd64,ia64">The default <varname>HZ</varname>
- parameter (which controls various kernel timers) has been
- increased from <literal>100</literal> to <literal>1000</literal>
- on the i386 and ia64. It has been reduced from
- <literal>1024</literal> to <literal>1000</literal> on the amd64
- to reduce synchronization effects with other system
- clocks.</para>
-
- <para>The maximum length of shell commands has changed from 128
- bytes to <varname>PAGE_SIZE</varname>. By default, this value
- is either 4KB (i386, pc98, amd64, and powerpc) or 8KB (sparc64
- and ia64). As a result, compatibility modules need to be
- rebuilt to stay synchronized with data structure changes in the
- kernel.</para>
-
- <para>A new tunable <varname>vm.blacklist</varname> has been added.
- This can hold a space or comma separated list of physical addresses.
- The pages containing these physical addresses will
- not be added to the free list and thus will effectively
- be ignored by the &os; VM system. The physical addresses
- of any ignored pages are listed in the message buffer as well.</para>
+ <para></para>
<sect3 id="boot">
<title>Boot Loader Changes</title>
- <para arch="i386">A serial console-capable version of
- <filename>boot0</filename> has been added. It can be written
- to a disk using &man.boot0cfg.8; and specifying
- <filename>/boot/boot0sio</filename> as the argument to the
- <option>-b</option> option.</para>
-
- <para arch="i386"><filename>cdboot</filename> now works around a
- BIOS problem observed on some systems when booting from USB
- CDROM drives.</para>
-
- <para>The <command>autoboot</command> loader command
- now supports the prompt parameter.</para>
-
- <para>The <command>autoboot</command> loader command will now prevent the user
- from interrupting the boot process at all if the
- <varname>autoboot_delay</varname> variable is set to
- <literal>-1</literal>. &merged;</para>
-
- <para>A loader menu option to set <varname>hint.atkbd.0.flags=0x1</varname>
- has been added. This setting allows USB keyboards to work
- if no PS/2 keyboard is attached.</para>
-
- <para>The beastie boot menu has been disabled by default.</para>
+ <para></para>
<!-- Above this line, order boot loader changes by keyword-->
@@ -437,1228 +133,85 @@
<sect3 id="proc">
<title>Hardware Support</title>
- <para arch="i386,amd64">The &man.acpi.4; driver now turns
- the ACPI and PCI devices off or to a lower power state
- when suspending, and back on again when resuming.
- This behavior can be disabled by
- setting the <varname>debug.acpi.do_powerstate</varname> and
- <varname>hw.pci.do_powerstate</varname> sysctls to <literal>0</literal>.</para>
-
- <para arch="i386,amd64">The &man.acpi.ibm.4; driver for IBM laptops
- has been added. It provides support for the various
- hotkeys and reading fan status and thermal
- sensors.</para>
-
- <para arch="i386,amd64">The &man.acpi.fujitsu.4; driver for handling
- &man.acpi.4;-controlled buttons Fujitsu laptops has been added.</para>
-
- <para arch="i386,amd64">The acpi_sony driver,
- which supports the Sony Notebook Controller on various
- Sony laptops has been added.</para>
-
- <para>The &man.atkbdc.4;, &man.atkbd.4;, and &man.psm.4;
- drivers have been rewritten in more bus-independent way,
- and now support the EBus found on the sparc64 platform.</para>
-
- <para arch="sparc64">The following device drivers have been
- added and enabled by default in the
- <filename>GENERIC</filename> kernel:
- &man.atkbdc.4;,
- &man.atkbd.4;,
- creator(4),
- machfb(4),
- &man.syscons.4;,
- &man.ohci.4;,
- &man.psm.4;,
- &man.ukbd.4;,
- &man.ums.4;,
- and &man.usb.4;.</para>
-
- <para arch="sparc64">The &man.auxio.4; driver has been added; it supports
- some auxiliary I/O functions found on various SBus/EBus
- &ultrasparc; models. &merged;</para>
-
- <para arch="sparc64">The clkbrd driver has been added to support
- the <literal>clock-board</literal> device frequently found on
- Sun E<replaceable>xx</replaceable>00 servers.</para>
-
- <para>A framework for flexible processor speed control has been
- added. It provides methods for various drivers to control CPU
- power utilization by adjusting the processor speed. More
- details can be found in the &man.cpufreq.4; manual page. &merged;
- Currently supported drivers include ichss (Intel SpeedStep for ICH),
- acpi_perf (ACPI CPU performance states), and acpi_throttle
- (ACPI CPU throttling). The latter two drivers are contained
- in the &man.acpi.4; driver. These can individually be disabled by setting device
- hints such as <varname>hint.<replaceable>ichss</replaceable>.0.disabled="1"</varname>.</para>
-
- <para>The &man.hwpmc.4; hardware performance
- monitoring counter driver has been added.
- This driver virtualizes the hardware performance monitoring
- facilities in modern CPUs and provides support for using
- these facilities from user level processes. For more details,
- see manual pages of &man.hwpmc.4;, associated libraries,
- and associated userland utilities.</para>
-
- <para arch="i386">Support for the OLDCARD subsystem has
- been removed. The NEWCARD system is now used for all PCCARD
- device support.</para>
-
- <para>The pcii driver has been added to support GPIB-PCIIA IEEE-488
- cards. &merged;</para>
-
- <para>The &man.atkbd.4; driver now supports a <literal>0x8</literal>
- (bit 3) flag to disable testing the keyboard port during
- the device probe as this can cause hangs on some machines,
- specifically Compaq R3000Z series amd64 laptops.</para>
-
- <para arch="i386">The &man.pbio.4; driver,
- which supports direct access to
- the Intel 8255A programmable peripheral interface (PPI)
- chip running in mode 0 (simple I/O) has been added.</para>
-
- <para>The &man.psm.4; driver now has improved support for
- Synaptics Touchpad users. It now has better tracking of
- slow-speed movement and support for various extra
- buttons and dials. These features can be tuned with the
- <varname>hw.psm.synaptics.<replaceable>*</replaceable></varname>
- hierarchy of sysctl variables.</para>
-
- <para arch="sparc64">The rtc driver has been added to support
- the MC146818-compatible clock found on some &ultrasparc; II
- and III models. &merged;</para>
-
- <para arch="i386">The &man.syscons.4; driver now supports VESA
- (15, 16, 24, and 32 bit) modes. To enable this feature, two
- kernel options <literal>SC_PIXEL_MODE</literal> and
- <literal>VESA</literal> (or corresponding kernel module)
- are needed.</para>
-
- <para arch="sparc64">The &man.uart.4; driver is now enabled in
- the <filename>GENERIC</filename> kernel, and is now the
- default driver for serial ports. The &man.ofw.console.4; and
- &man.sab.4; drivers are now disabled in the
- <filename>GENERIC</filename> kernel. &merged;</para>
-
- <para>The &man.uftdi.4; driver now supports the FTDI FT2232C
- chip.</para>
-
- <para>The &man.uplcom.4; driver now supports handling of the
- <literal>CTS</literal> signal.</para>
-
- <para>The &man.ehci.4; driver has been improved.</para>
-
- <para arch="sparc64">The zs driver has been removed
- in favor of the &man.uart.4; driver.</para>
+ <para></para>
<sect4 id="mm">
<title>Multimedia Support</title>
- <para arch="sparc64">The &man.snd.audiocs.4; driver has been
- added to support the Crystal Semiconductor CS4231 audio
- controller found on &ultrasparc;
- workstations. &merged;</para>
-
- <para>The &man.snd.csa.4; driver now supports
- suspend and resume operation.</para>
-
- <para>The &man.uaudio.4; driver now has some added
- functionality, including volume control on more inputs and
- recording capability on some devices. &merged;</para>
-
+ <para></para>
</sect4>
<sect4 id="net-if">
<title>Network Interface Support</title>
- <para>The &man.ath.4; driver has been updated to split the
- transmit rate control algorithm into a separate module.
- One of <literal>device ath_rate_onoe</literal>,
- <literal>device ath_rate_amrr</literal>, or
- <literal>device ath_rate_sample</literal> must be included in
- the kernel configuration when using the &man.ath.4;
- driver.</para>
-
- <para>The &man.bge.4; driver now supports the &man.altq.4;
- framework, as well as the BCM5714, 5721, 5750, 5751, 5751M and 5789
- chips. &merged;</para>
-
- <para>The &man.cdce.4; USB Communication Device Class Ethernet
- driver has been added. &merged;</para>
-
- <para>The &man.cp.4; driver is now MPSAFE. &merged;</para>
-
- <para>The &man.ctau.4; driver is now MPSAFE. &merged;</para>
-
- <para>The &man.cx.4; driver is now MPSAFE. &merged;</para>
-
- <para>The &man.dc.4; driver now supports the &man.altq.4;
- framework. &merged;</para>
-
- <para>The &man.ed.4; driver now supports the &man.altq.4;
- framework. &merged;</para>
-
- <para>In the &man.em.4; driver, hardware support for VLAN
- tagging is now disabled by default due to some interactions
- between this feature and promiscuous mode. &merged;</para>
-
- <para>Ethernet flow control is now disabled by default in the
- &man.fxp.4; driver, to prevent problems on a subnet when a system panics
- or is left in the kernel debugger. &merged;</para>
-
- <para>The gx(4) driver has been removed because
- it is no longer maintained actively and
- the &man.em.4; driver supports all of the supported hardware.</para>
-
- <para>The &man.hme.4; driver is now MPSAFE. &merged;</para>
-
- <para>The &man.ipw.4; (for Intel PRO/Wireless 2100),
- &man.iwi.4; (for Intel PRO/Wireless 2200BG/2225BG/2915ABG),
- &man.ral.4; (for Ralink Technology RT2500),
- and &man.ural.4; (for Ralink Technology RT2500USB)
- drivers have been added.</para>
-
- <para>The &man.ixgb.4; driver is now MPSAFE. &merged;</para>
-
- <para>The musycc driver, for the LanMedia LMC1504 T1/E1
- network interface card, has been removed due to
- disuse.</para>
-
- <para arch="i386,amd64">Drivers using the &man.ndis.4; device
- driver wrapper mechanism are now built and loaded
- differently. The &man.ndis.4; driver can now be pre-built
- as module or statically compiled into a kernel. Individual
- drivers can now be built with the &man.ndisgen.8; utility;
- the result is a kernel module that can be loaded into a
- running kernel using &man.kldload.8;. &merged;</para>
-
- <para arch="amd64">The &man.ndis.4; device driver wrapper now
- supports &windows;/x86-64 binaries on amd64
- systems. &merged;</para>
-
- <para arch="i386,amd64">The &man.nve.4; driver, which supports the
- nVidia nForce MCP Networking Adapter, has been added.</para>
-
- <para>The &man.re.4; driver now supports the &man.altq.4;
- framework. &merged;</para>
-
- <para>The &man.sf.4; driver now has support for device polling
- and &man.altq.4;. &merged;</para>
-
- <para>Several programming errors in the &man.sk.4; driver have
- been corrected. These bugs were particular to SMP systems, and
- could cause panics, page faults, aborted SSH connections, or
- corrupted file transfers. More details can be found in
- errata note
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:02.sk.asc">FreeBSD-EN-05:02.sk</ulink>.
- &merged;</para>
-
- <para>The &man.sk.4; driver now has support for &man.altq.4;.
- This driver also now supports jumbo frames on Yukon-based
- interfaces. &merged;</para>
-
- <para>The &man.ste.4; driver now has support for &man.altq.4;.</para>
-
- <para>The &man.vge.4; driver now has support for device polling
- (&man.polling.4;).</para>
-
- <para>Support for 802.11 devices in the &man.wlan.4; framework has been
- greatly overhauled. In addition to architectural changes,
- it includes completed 802.11g, WPA, 802.11i, 802.1x,
- WME/WMM, AP-side power-saving, and plugin frameworks for
- cryptography modules, authenticators, and access control.
- Note in particular that WEP now requires the
- <filename>wlan_wep</filename> module to be loaded (or
- compiled) into the kernel.</para>
-
- <para>The &man.xl.4; driver now supports
- &man.polling.4;. &merged;</para>
-
+ <para></para>
</sect4>
</sect3>
<sect3 id="net-proto">
<title>Network Protocols</title>
- <para>The MTU feedback in IPv6 has been disabled when the sender writes
- data that must be fragmented. &merged;</para>
-
- <para>The Common Address Redundancy Protocol (CARP) has
- been implemented. CARP comes from OpenBSD and allows
- multiple hosts to share an IP address, providing
- high availability and load balancing.
- For more information, see the &man.carp.4; manual page. &merged;</para>
-
- <para>The &man.if.bridge.4; network bridging implementation,
- originally from NetBSD, has been added. It supports the IEEE
- 802.1D Spanning Tree Protocol, individual interface devices
- for each bridge, and filtering of bridged packets.
- The &man.ifconfig.8; utility now supports to configure
- &man.if.bridge.4;.</para>
-
- <para>The &man.ipfw.4; <literal>IPDIVERT</literal> option is now
- available as a kernel loadable module.
- If this module is not loaded, &man.ipfw.4; will refuse to
- install <literal>divert</literal> rules and &man.natd.8;
- will return the error message <quote>protocol not supported</quote>.</para>
-
- <para>The &man.ipfw.4; system can work with
- <varname>debug.mpsafenet</varname>=<literal>1</literal>
- (this tunable is <literal>1</literal> by default)
- when the <literal>gid</literal>, <literal>jail</literal>,
- and/or <literal>uid</literal> rule options are used. &merged;</para>
-
- <para>The &man.ipfw.4; and &man.dummynet.4; systems now
- support IPv6.</para>
-
- <para>&man.ipfw.8; now supports classification and tagging
- of &man.altq.4; packets via a divert socket. It is also
- possible to specify rules that match TCP packets with specific
- payload sizes.</para>
-
- <para>The &man.ipfw.8; <literal>ipfw fwd</literal> rule now supports
- the full packet destination manipulation when the kernel option
- <literal>options IPFIREWALL_FORWARD_EXTENDED</literal> is specified
- in addition to <literal>options IPFIRWALL_FORWARD</literal>.
- This kernel option disables all restrictions to ensure proper
- behavior for locally generated packets and allows redirection of
- packets destined to locally configured IP addresses.
- Note that &man.ipfw.8; rules have to be carefully crafted to
- make sure that things like PMTU discovery do not break. &merged;</para>
-
- <para>The &man.ipfw.8; system now supports IPv4 only rules.</para>
-
- <para>&man.ipnat.8; now allows redirect rules to
- work for non-TCP/UDP packets. &merged;</para>
-
- <para>Ongoing work is reducing the use of the Giant lock by the
- network protocol stack and improving the locking
- strategies.</para>
-
- <para>The <filename>libalias</filename> library can now be built
- as a kernel module.</para>
-
- <para>The link state change notifications of network interfaces
- are sent to <filename>/dev/devctl</filename> now.</para>
-
- <para>A new &man.ng.ipfw.4; NetGraph node provides
- a simple interface between the &man.ipfw.4; and &man.netgraph.4;
- facilities.</para>
-
- <para>A new &man.ng.nat.4; NetGraph node has been added to
- perform NAT functions.</para>
-
- <para>A new &man.ng.netflow.4; NetGraph node allows a router
- running &os; to do NetFlow version 5 exports. &merged;</para>
-
- <para>A new &man.ng.tcpmss.4; NetGraph node has been added.
- This supports altering MSS options of TCP packets.</para>
-
- <para>The &man.sppp.4; driver now includes Frame Relay
- support. &merged;</para>
-
- <para>The &man.sppp.4; driver is now MPSAFE.</para>
-
- <para>The &os; routing table now requires gateways for routes
- to be of the same address family as the route itself.
- The &man.route.8; utility now rejects a combination of different
- address families. For example:</para>
-
- <screen>&prompt.root; route add 10.1.1.1 -inet6 fe80::1%fxp0</screen>
-
- <para>The new sysctl <varname>net.link.tap.user_open</varname>
- has been implemented. This allows unprivileged access to
- &man.tap.4; device nodes based on file system permissions.</para>
-
- <para>A bug in TCP that sometimes caused RST packets to
- be ignored if the receive window was zero bytes has been
- fixed. &merged;</para>
-
- <para>The <literal>RST</literal>
- handling of the &os; TCP stack has been improved
- to make reset attacks as difficult as possible while
- maintaining compatibility with the widest range of TCP stacks.
- The algorithm is as follows: For connections in the
- <literal>ESTABLISHED</literal>
- state, only resets with sequence numbers exactly matching
- <varname>last_ack_sent</varname> will cause a reset;
- all other segments will
- be silently dropped. For connections in all other states,
- a reset anywhere in the window will cause the connection
- to be reset. All other segments will be silently dropped.
- Note that this behavior technically violates the RFC 793 specification;
- the conventional (but less secure) behavior can be restored
- by setting a new sysctl <varname>net.inet.tcp.insecure_rst</varname>
- to <literal>1</literal>. &merged;</para>
-
- <para>Several bugs in the TCP SACK implementation have been
- fixed. &merged;</para>
-
- <para>RFC 1644 T/TCP support has been removed. This is because
- the design is based on a weak security model that can easily
- permit denial-of-service attacks. This TCP
- extension has been considered a defective one in
- a recent Internet Draft.</para>
-
- <para>The KAME IPv4 IPsec implementation integrated
- in &os; now supports TCP-MD5. &merged;</para>
-
- <para>Random ephemeral port number allocation has led to some
- problems with port reuse at high connection rates. This
- feature is now disabled during periods of high connection
- rates; whenever new connections are created faster than
- <varname>net.inet.ip.portrange.randomcps</varname> per second,
- port number randomization is disabled for the next
- <varname>net.inet.ip.portrange.randomtime</varname>
- seconds. The default values for these two sysctl variables
- are <literal>10</literal> and <literal>45</literal>,
- respectively. &merged;</para>
-
- <para>Fine-grained locking has been applied to many of the data
- structures in the IPX/SPX protocol stack. While not fully
- MPSAFE at this point, it is generally safe to use IPX/SPX
- without the Giant lock (in other words, the
- <varname>debug.mpsafenet</varname> sysctl variable may be set
- to <literal>1</literal>).</para>
-
- <para>Unix domain sockets now support the
- <literal>LOCAL_CREDS</literal> and
- <literal>LOCAL_CONNWAIT</literal> options.
- The <literal>LOCAL_CREDS</literal> option provides
- a mechanism for the receiver to receive the credentials
- of the process as a &man.recvmsg.2; control message.
- The <literal>LOCAL_CONNWAIT</literal>
- option causes the &man.connect.2; function to block
- until &man.accept.2; has been called on the listening socket.
- For more details, see the &man.unix.4; manual page.</para>
+ <para></para>
</sect3>
<sect3 id="disks">
<title>Disks and Storage</title>
- <para>The &man.amr.4; driver is now safe for use on systems
- using &man.pae.4;. &merged;</para>
-
- <para arch="i386,ia64">The &man.arcmsr.4; driver has been added.
- It supports the Areca ARC-11<replaceable>xx</replaceable> and
- ARC-12<replaceable>xx</replaceable> series of SATA RAID
- controllers. &merged;</para>
-
- <para>The &man.ata.4; family of drivers has been overhauled and
- updated. It has been split into modules that can be loaded
- and unloaded independently (the <filename>atapci</filename>
- and <filename>ata</filename> modules are prerequesites for the
- device subdrivers, which are <filename>atadisk</filename>,
- <filename>atapicd</filename>, <filename>atapifd</filename>,
- <filename>atapist</filename>, and
- <filename>ataraid</filename>). On supported SATA controllers,
- devices can be hot inserted/removed. ATA RAID support has
- been rewritten and supports a number of new metadata formats.
- The <filename>atapicd</filename> driver no longer supports CD
- changers. This update has been referred to as <quote>ATA
- mkIII</quote>.</para>
-
- <para>The SHSEC GEOM class has been added. It provides for the
- sharing of a secret between multiple GEOM providers. All of
- these providers must be present in order to reveal the
- secret. This feature is controlled by the &man.gshsec.8;
- utility. &merged;</para>
-
- <para>The &man.hptmv.4; driver, which supports the HighPoint
- RocketRAID 182x series, has been added. &merged;</para>
-
- <para>The &man.ips.4; driver now support kernel crash dumps
- on some modern ServeRAID models. &merged;</para>
-
- <para>The &man.matcd.4; driver has been removed. &merged;</para>
-
- <para>The default SCSI boot-time probe delay in the
- <filename>GENERIC</filename> kernel has been reduced from
- fifteen seconds to five seconds.</para>
-
- <para>The old vinum(4) subsystem has been removed
- in favor of the new &man.geom.4;-based version.</para>
-
- <para>The &man.twa.4; driver has been updated to
- the 9.2 release (for &os; 5.2.1) distributed from
- the 3ware website.</para>
-
- <para arch="pc98">The &man.wd.4; driver has been removed. The
- &man.ata.4; driver has been found to work well enough on the
- pc98 platform that there is no need for the older &man.wd.4;
- driver.</para>
-
- <para>Information about newly-mounted cd9660 file systems (such
- as the presence of RockRidge extensions) is now only printed
- if the kernel was booted in verbose mode. This change was
- made to reduce the amount of (generally unnecessary) kernel
- log messages. &merged;</para>
-
+ <para></para>
</sect3>
<sect3 id="fs">
<title>File Systems</title>
- <para>Recomputing the summary information for
- <quote>dirty</quote> UFS and UFS2 file systems is no longer
- done at mount time, but is now done by background
- &man.fsck.8;. This change improves the startup speed when
- mounting large file systems after a crash. The prior behavior
- can be restored by setting the
- <varname>vfs.ffs.compute_summary_at_mount</varname> sysctl
- variable to a non-zero value. &merged;</para>
-
- <para>A kernel panic in the NFS server has been fixed. More
- details can be found in errata note
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:01.nfs.asc">FreeBSD-EN-05:01.nfs</ulink>.
- &merged;</para>
-
- <para arch="i386,pc98">Read-only support for ReiserFS version 3 has been
- added. See &man.mount.reiserfs.8; for details.</para>
-
+ <para></para>
</sect3>
<sect3>
<title>Contributed Software</title>
- <para><application>ACPI-CA</application> has been updated from
- 20040527 to 20041119. &merged;</para>
-
+ <para></para>
</sect3>
</sect2>
<sect2 id="userland">
<title>Userland Changes</title>
- <para>The &man.burncd.8; utility now allows commands (such as
- <command>eject</command>) to take place after fixating a
- disk.</para>
-
- <para arch="amd64">Machine-specific optimized versions of
- &man.bcmp.3;, &man.bcopy.3;, &man.bzero.3;, &man.memcmp.3;,
- &man.memcpy.3;, &man.memmove.3;, &man.memset.3;, &man.strcat.3;
- and &man.strcpy.3; have been implemented. Several mathematics
- functions such as &man.ceill.3; and &man.sqrtf.3; are also
- replaced with the optimized versions.</para>
-
- <para>The &man.chflags.1; utility now supports the
- <option>-h</option> flag, which supports changing flags on
- symbolic links.</para>
-
- <para>The &man.env.1; program now supports a <option>-v</option>
- flag to write the command to standard error before it is executed.</para>
-
- <para>The &man.env.1; program now supports a <option>-S
- <replaceable>string</replaceable></option>
- option to split the <replaceable>string</replaceable> and pass them to
- the command as the command-line arguments.</para>
-
- <para>The &man.env.1; program now supports a <option>-P
- <replaceable>altpath</replaceable></option>
- option to set the command search path used to look for
- the command.</para>
-
- <para>The &man.ftpd.8; program now uses the <literal>212</literal>
- and <literal>213</literal> status codes for directory
- and file status correctly (<literal>211</literal> was used in
- the previous versions). This behavior is described in RFC 959.
- &merged;</para>
-
- <para>The <literal>create</literal> command of the &man.gpt.8;
- utility now supports a <option>-f</option> command-line flag to
- force creation of a GPT even when there is an MBR record on a
- disk. &merged;</para>
-
- <para>The &man.getaddrinfo.3; function now queries <literal>A</literal>
- DNS resource records before <literal>AAAA</literal> records
- when <literal>AF_UNSPEC</literal> is specified.
- Some broken DNS servers return <literal>NXDOMAIN</literal>
- against non-existent <literal>AAAA</literal> queries,
- even when it should return <literal>NOERROR</literal>
- with empty return records. This is a problem for an IPv4/IPv6 dual
- stack node because the <literal>NXDOMAIN</literal> returned
- by the first query of an <literal>AAAA</literal> record makes
- the querying server stop attempting to resolve the <literal>A</literal>
- record if any. Also, this behavior has been recognized as a potential
- denial-of-service attack (see <ulink url="http://www.kb.cert.org/vuls/id/714121"></ulink>
- for more details).
- Note that although the query order has been changed,
- the returned result still includes
- <literal>AF_INET6</literal> records before
- <literal>AF_INET</literal> records. &merged;</para>
-
- <para>The &man.gethostbyname.3;, &man.gethostbyname2.3;, and
- &man.gethostbyaddr.3; functions are now thread-safe. &merged;</para>
-
- <para>The &man.getnetent.3;, &man.getnetbyname.3;, and
- &man.getnetbyaddr.3; functions are now thread-safe. &merged;</para>
-
- <para>The &man.getprotoent.3;, &man.getprotobyname.3;, and
- &man.getprotobynumber.3; functions are now thread-safe. &merged;</para>
-
- <para>The &man.getservent.3;, &man.getservbyname.3;, and
- &man.getservbyport.3; functions are now thread-safe. &merged;</para>
-
- <para>For conformation to IEEE Std 1003.1-2001
- (also known as POSIX 2001), the <varname>n_net</varname> member
- of <varname>struct netent</varname> and the first argument
- of &man.getnetbyaddr.3; has been changed to an <literal>uint32_t</literal>.
- Due to these changes, the ABI on 64-bit platforms is
- incompatible with previous releases of &os; and
- the major version number of the <filename>libpcap</filename>
- shared library has been bumped.
- On 64-bit platforms being upgraded from older &os; versions, all
- userland programs that use &man.getnetbyaddr.3;,
- &man.getnetbyname.3;, &man.getnetent.3;, and/or
- <filename>libpcap</filename> have to be recompiled.</para>
-
- <para>The gvinum(8) utility now supports the
- <command>checkparity</command>,
- <command>rebuildparity</command>, and
- <command>setstate</command>
- subcommands. &merged;</para>
-
- <para>The &man.ifconfig.8; utility has been restructured. It is
- now more modular and flexible with respect to supporting
- interface-specific functionality. The 802.11 support has been
- updated to support recent changes to the 802.11 subsystem and
- drivers.</para>
-
- <para>Support for abbreviated forms of a number of &man.ipfw.8;
- options has been deprecated. Warnings are printed to stderr
- indicating the correct full form when one of these abbreviations
- is detected.</para>
-
- <para>The &man.kldstat.8; utility now supports a
- <option>-m</option> option to return the status of a specific
- kernel module. &merged;</para>
-
- <para>The on-disk format of <literal>LC_CTYPE</literal> files has
- been changed to be machine-independent.</para>
-
- <para>The <application>libkvm</application> now supports
- ELF crash dump on amd64 and i386 platforms,
- large crash dump (more than 4GB) in 32-bit platforms,
- and PAE crash dump on i386 platform.</para>
-
- <para>The &man.mixer.8; utility now supports the <option>-S</option>
- option. This is the same as the <option>-s</option> option
- but does not output mixing field separators.</para>
-
- <para>A bug in the <filename>libalias</filename> library
- which causes a core dump when the <option>-reverse</option>
- option is specified in &man.natd.8; has been fixed.</para>
-
- <para>The <filename>libarchive</filename> library (as well as the
- &man.tar.1; command that uses it) now has support for reading ISO
- images (with optional RockRidge extensions) and ZIP archives
- (with <literal>deflate</literal> and <literal>none</literal>
- compression). &merged;</para>
-
- <para>The <filename>libarchive</filename> library now supports
- handling a ZIP archive entry with more than 4GB compressed size (ZIP64
- extension) and Unix extension.</para>
-
- <para>The <filename>libgpib</filename> library has been added to
- give userland access to GPIB devices (using the the pcii driver)
- via the
- <function>ib<replaceable>foo</replaceable></function>
- API. &merged;</para>
-
- <para>The default stack sizes in <filename>libpthread</filename>,
- <filename>libthr</filename>,
- and <filename>libc_r</filename> have been increased. On 32-bit
- platforms, the main thread receives a 2MB stack size by default,
- with other threads receiving a 1MB stack size by default. On
- 64-bit platforms, the default stack sizes are 4MB and 2MB
- respectively. &merged;</para>
-
- <para>The <filename>libxpg4</filename> library has been removed
- because all of its functionality was long ago merged into
- <filename>libc</filename>.
- All binaries linked with <filename>libxpg4</filename>
- must be recompiled or use &man.libmap.conf.5;.
- Note that the &os; base system has no such binaries.</para>
-
- <para>The &man.lpd.8; program now checks to make sure the data
- file has been completely transfered before starting to
- print it when a data file received from some other host.
- Some implementations of &man.lpr.1; send the control file
- for a print job before sending the matching data files,
- which can cause problems if the receiving host is
- a busy print-server. &merged;</para>
-
- <para>A number of new functions have been implemented in the
- &man.math.3; library. These include &man.ceill.3;,
- &man.floorl.3;, &man.ilogbl.3;, &man.fma.3; and variants,
- &man.lrint.3; and variants, and &man.lround.3; and
- variants. &merged;</para>
-
- <para>The &man.mknod.8; utility is now deprecated.
- Device nodes have been managed by the &man.devfs.5; device file
- system since &os; 5.0.</para>
-
- <para arch="i386">The &man.mkuzip.8; utility, which
- compresses file system images for use with
- <literal>GEOM_UZIP</literal> &man.geom.4; module,
- has been added. &merged;</para>
-
- <para>The &man.moused.8; daemon now supports <quote>virtual
- scrolling</quote>, in which mouse motions made while holding
- down the middle mouse button are interpreted as scrolling. This
- feature is enabled with the <option>-V</option>
- flag. &merged;</para>
-
- <para>A separate directory has been added for &man.named.8;
- dynamic zones which is owned by the <username>bind</username> user
- (for creation of the zone journal file).
- For more detail, see an example dynamic zone in the sample
- &man.named.conf.5;. &merged;</para>
-
- <para>The &man.ncal.1; utility now supports a <option>-m</option>
- flag to generate a calendar for a specified month in the current
- year. &merged;</para>
-
- <para>The &man.newfs.8; utility now supports a <option>-n</option>
- flag to suppress the creation of a <filename>.snap</filename>
- directory on new file systems. This feature is intended for use
- on memory or vnode file systems that will not require snapshot
- support. &merged;</para>
-
- <para>The &man.newfs.8; utility now emits a warning when creating
- a UFS or UFS2 file system that cannot support snapshots. This
- situation can occur in the case of very large file systems with
- small block sizes. &merged;</para>
-
- <para>The &man.newsyslog.8; utility now supports
- a <option>-d</option> option to specify an alternate root for log files
- similar to <varname>DESTDIR</varname> in the BSD make process.
- This only affects log file paths, not configuration file (<option>-f</option>)
- or archive directory (<option>-a</option>) paths.</para>
-
- <para>The &man.newsyslog.8; utility now supports a
- <option>-N</option> that causes it not to rotate any files.</para>
-
- <para>The <literal>NO_NIS</literal> compile-time knob for userland
- has been added. As its name implies, enabling this
- <filename>Makefile</filename> variable will cause NIS support to
- be excluded from various programs and will cause the NIS
- utilities to not be built. &merged;</para>
-
- <para>For years, &os; has used <filename>Makefile</filename>
- variables of the form
- <varname>NO<replaceable>FOO</replaceable></varname> and
- <varname>NO_<replaceable>FOO</replaceable></varname>. For
- consistency, those variables using the former naming convention
- have been converted to the
- <varname>NO_<replaceable>FOO</replaceable></varname> form. The
- file <filename>/usr/share/mk/bsd.compat.mk</filename> has a
- complete list of these variables; it also implements some
- temporary backward compatibility for the old names.</para>
-
- <para>The &man.periodic.8; security output now supports the display of
- information about blocked packet counts from &man.pf.4;. &merged;</para>
-
- <para>The &man.pgrep.1; command now supports a <option>-S</option> option
- which allows matching system processes (kernel threads).</para>
-
- <para>The &man.pgrep.1; and &man.pkill.1; commands now support a
- <option>-F</option> option, which matches a process whose PID is
- stored in a file.</para>
-
- <para>The &man.pgrep.1; and &man.pkill.1; commands now support a
- <option>-i</option> option to ignore case in the process match.</para>
-
- <para>The &man.pgrep.1; and &man.pkill.1; commands now support a
- <option>-j</option> option that matches processes
- based on their &man.jail.2; ID.</para>
-
- <para>The &man.pgrep.1; and &man.pkill.1; commands now support a
- <option>-o</option> option which matches only the oldest
- (least recently started) of the matching processes.</para>
-
- <para>The &man.powerd.8; program for managing power consumption has been
- added.</para>
-
- <para>The &man.ppp.8; program now implements an
- <option>echo</option> parameter, which allows LCP ECHOs to be
- enabled independently of LQR reports. Older versions of
- &man.ppp.8; would revert to LCP ECHO mode on negotiation
- failure. It is now necessary to specify <command>enable
- echo</command> to get this behavior. &merged;</para>
-
- <para>The <option>disable NAS-IP-Address</option> and
- <option>disable NAS-Identifier</option> options,
- which support pre-RFC 2865 RADIUS servers
- have been added to the &man.ppp.8; program.</para>
-
- <para>Two bugs in the &man.pppd.8; program have been fixed.
- They may result in an incorrect CBCP response,
- which violates the Microsoft PPP Callback Control Protocol
- section 3.2. &merged;</para>
-
- <para>The &man.ps.1; utility now supports a <literal>jid</literal>
- keyword in the <option>-o</option> option. It displays the
- &man.jail.2; ID of each process.</para>
-
- <para>The &man.pstat.8; program now supports a <option>-h</option> option
- to print swap sizes with SI prefixes such as K, M, and G,
- which are used to form binary multiples.</para>
-
- <para>The &man.rescue.8; utilities in the <filename>/rescue</filename>
- directory now include &man.bsdtar.1; instead of GNU tar.</para>
-
- <para>The &man.restore.8; utility has regained the ability to read
- &os; version 1 dump tapes. &merged;</para>
-
- <para>A bug of the &man.rexecd.8; utility which results in
- it behaving as if the <option>-i</option> option is always
- specified has been fixed. &merged;</para>
-
- <para>The &man.rexecd.8; utility has been removed.
- There are no rexec clients in the &os; tree, and the client
- function &man.rexec.3; is present only in
- <filename>libcompat</filename>.</para>
-
- <para>The &man.rm.1; utility now supports an <option>-I</option>
- option that asks for confirmation (once) if recursively
- removing directories or if more than 3 files are listed in the
- command line. &merged;</para>
-
- <para>The &man.rm.1; utility now suppresses diagnostic messages
- when it attempts to remove a non-existent directory
- with the <option>-r</option> and <option>-f</option> options
- specified. This behavior is required by
- Version 3 of the Single UNIX Specification (SUSv3).</para>
-
- <para>The following ISO/IEC 9899:1999 standard functions
- have been implemented: <function>roundl()</function>,
- <function>lroundl()</function>, <function>llroundl()</function>,
- <function>truncl()</function>, and <function>floorl()</function>.</para>
-
- <para>An &man.rpmatch.3; library function has been added to check
- a string for being an affirmative or negative response in the
- current locale.</para>
-
- <para>The &man.rtld.1; dynamic linker now supports specifying
- library replacements via the <varname>LD_LIBMAP</varname>
- environment variable. This variable will override the entries
- in &man.libmap.conf.5;. &merged;</para>
-
- <para>The rune(3) non-standard multibyte and wide character support
- interface has been removed.</para>
-
- <para>&man.sed.1; now supports a <option>-l</option> option to
- make its output line-buffered. &merged;</para>
-
- <para>The &man.strftime.3; function now supports some GNU extensions
- such as <literal>-</literal> (no padding),
- <literal>_</literal> (use space as padding),
- and <literal>0</literal> (zero padding). &merged;</para>
-
- <para>The &man.syslog.3; function is now thread-safe. &merged;</para>
-
- <para>The &man.syslogd.8; utility now opens an additional domain
- socket (<filename>/var/run/logpriv</filename> by default),
- with <literal>0600</literal> permissions to be used
- by privileged programs. This prevents privileged
- programs from locking when the domain sockets
- run out of buffer space due to a
- local denial-of-service attack. &merged;</para>
-
- <para>The &man.syslogd.8; now supports the <option>-S</option> option,
- which allows to change the pathname of the privileged
- socket. This is useful for preventing the daemon
- from receiving any messages from the local sockets
- (<filename>/var/run/log</filename> and
- <filename>/var/run/logpriv</filename> are used by default).
- &merged;</para>
-
- <para>The &man.syslogd.8; utility now allows
- <literal>:</literal> and <literal>%</literal>
- characters in the hostname specifications.
- These characters are used in IPv6 addresses and scope IDs. &merged;</para>
-
- <para>The &man.systat.1; <option>-netstat</option> display is now
- IPv6-aware. &merged;</para>
-
- <para>The <option>-f</option> option of &man.tail.1; utility
- now supports more than one file at a time. &merged;</para>
-
- <para>The &man.telnet.1; and &man.telnetd.8; programs now support
- the <option>-S</option> option for specifying a numeric TOS
- byte.</para>
-
- <para>Prepending a <literal>+</literal> character to port numbers
- passed to &man.telnet.1; program will now disable option
- negotiation and allow the transfer of characters with the high
- bit set. This feature is intended to support the fairly common
- use of &man.telnet.1; as a protocol tester.</para>
-
- <para>The &man.tcpdrop.8; command, which closes a selected TCP
- connection, has been added. It was obtained from
- OpenBSD. &merged;</para>
-
- <para>&man.what.1; now supports a <option>-q</option> flag, which
- causes it to print matching text, but not format it.</para>
-
- <para>&man.whois.1; now supports
- a <option>-k</option> flag
- for querying <hostid role="fqdn">whois.krnic.net</hostid>
- (the National Internet Development Agency of Korea),
- which holds details of IP address allocations within
- Korea. &merged;</para>
-
- <para>The <option>-I</option> option of the &man.xargs.1; command
- has been changed to conform to IEEE Std 1003.1-2004.
- The standard requires that the constructed
- arguments cannot grow larger than 255 bytes.</para>
-
- <para>A bug, which caused the last line of configuration files such as &man.hosts.5;,
- &man.services.5;, and so on to be ignored if it did not end in a newline character,
- has been fixed. &merged;</para>
-
- <para>A new system user/group <username>_dhcp</username>
- has been added to support &man.dhclient.8; from OpenBSD.</para>
-
<sect3 id="rc-scripts">
<title><filename>/etc/rc.d</filename> Scripts</title>
- <para>The <filename>rc.d/bsnmpd</filename> startup script
- for &man.bsnmpd.1; has been added.</para>
-
- <para>The <filename>rc.d/jail</filename> startup script
- now supports <varname>jail_<replaceable>name</replaceable>_flags</varname>
- variable which allows to specify &man.jail.8; flags.
- &merged;</para>
-
- <para>&man.rc.conf.5; now supports changes of network interface names
- at boot time. &merged; For example:</para>
-
- <programlisting>ifconfig_fxp0_name="net0"
-ifconfig_net0="inet 10.0.0.1/16"</programlisting>
-
- <para>The <filename>rc.d/moused</filename> script now
- starts/stops/checks a specific device when
- the device name is given as the second argument to the script:</para>
-
- <screen>&prompt.root; /etc/rc.d/moused start ums0</screen>
-
- <para>To use different &man.rc.conf.5; knobs with different
- mice, use the device name as part of the knob.
- For example, if the mouse device is <filename>/dev/ums0</filename>
- the following lines can be used:</para>
-
- <programlisting>moused_ums0_enable=yes
-moused_ums0_flags="-z 4"
-moused_ums0_port="/dev/ums0"</programlisting>
-
- <para>&man.rc.conf.5; now supports the <varname>tmpmfs_flags</varname>
- and <varname>varmfs_flags</varname> variables.
- These can be used to pass extra options to the &man.mdmfs.8; utility,
- to customize the finer details of the &man.md.4; file system creation,
- such as to turn on/off softupdates, to specify a default owner
- for the file system, and so on. &merged;</para>
-
- <para>The following scripts have been removed because
- they were NetBSD specific and never used in &os;:
- <filename>altqd</filename>,
- <filename>dhcpd</filename>,
- <filename>dhcrelay</filename>,
- <filename>downinterfaces</filename>,
- <filename>gated</filename>,
- <filename>ifwatchd</filename>,
- <filename>kdc</filename>,
- <filename>lkm1</filename>,
- <filename>lkm2</filename>,
- <filename>lkm3</filename>,
- <filename>mixerctl</filename>,
- <filename>mopd</filename>,
- <filename>mountall</filename>,
- <filename>ndbootd</filename>,
- <filename>network</filename>,
- <filename>poffd</filename>,
- <filename>postfix</filename>,
- <filename>ppp</filename>,
- <filename>racoon</filename>,
- <filename>raidframe</filename>,
- <filename>rbootd</filename>,
- <filename>rtsold</filename>,
- <filename>screenblank</filename>,
- <filename>swap2</filename>,
- <filename>sysdb</filename>,
- <filename>wscons</filename>,
- <filename>xdm</filename>, and
- <filename>xfs</filename></para>
+ <para></para>
</sect3>
</sect2>
<sect2 id="contrib">
<title>Contributed Software</title>
- <para><application>awk</application> has been updated from the 7
- February 2004 release to the 24 April 2005 release.</para>
-
- <para><application>BIND</application> has been updated from version
- 9.3.0 to version 9.3.1. &merged;</para>
-
- <para><application>bsnmp</application> has been updated from 1.7
- to 1.10.</para>
-
- <para><application>bzip2</application> has been updated from 1.0.2
- to 1.0.3.</para>
-
- <para><application>OpenBSD dhclient</application> as of OpenBSD 3.7
- has been imported. It replaces the ISC DHCP client used in
- prior versions of &os;.</para>
-
- <para><application>FILE</application> has been updated from 4.10
- to 4.12.</para>
-
- <para><application>GNU GCC</application> has been updated from
- from 3.4.2-prerelease as of 28 July, 2004 to 3.4.4.</para>
-
- <para>A number of bug fixes and performance enhancements have been
- added to <application>GNU grep</application> in the form of
- patches from Fedora's grep-2.5.1-48 source RPM.</para>
-
- <para><application>GNU readline</application> has been updated from
- version 4.3 to version 5.0.</para>
-
- <para><application>IPFilter</application> has been updated from
- 3.4.35 to 4.1.18.</para>
-
- <para><application>Heimdal</application> has been updated from
- 0.6.1 to 0.6.3. &merged;</para>
-
- <para>The <application>hostapd</application>
- v0.3.9 has been imported. This is a user space IEEE
- 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
- Authenticator and RADIUS authentication server.
- For more details, see &man.hostapd.8;.</para>
-
- <para><application>libpcap</application> has been updated from
- v0.8.3 to v0.9.1 (alpha 096).</para>
-
- <para><application>libregex</application> has been updated from a
- snapshot from <application>GNU grep</application> 2.5.1 to a
- snapshot from the <literal>fedora-glibc-2_3_4-21</literal> tag
- in the <application>glibc</application> CVS repository.</para>
-
- <para><application>libz</application> has been updated from 1.2.1
- to 1.2.2.</para>
-
- <para><application>lukemftp</application> has been updated from a
- 26 April 2004 snapshot from OpenBSD's sources to a snapshot as
- of 16 May 2005.</para>
-
- <para>A snapshot of <application>netcat</application> from OpenBSD
- as of 4 February 2005 has been added. More information can be
- found in the &man.nc.1; manual page. &merged;</para>
-
- <para><application>NgATM</application> has been updated from 1.0
- to 1.2.</para>
-
- <para><application>OpenPAM</application> has been updated from the
- Eelgrass release to the Feterita release.</para>
-
- <para><application>OpenPAM</application> has been updated from the
- Feterita release to the Figwort release.</para>
-
- <para><application>OpenSSH</application> has been updated from 3.8p1
- to 4.1p1.</para>
-
- <para><application>OpenSSL</application> has been updated from
- 0.9.7d to 0.9.7e. &merged;</para>
-
- <para><application>pf</application> has been updated from the
- version included with <application>OpenBSD</application> 3.5 to
- the version included with <application>OpenBSD</application>
- 3.7.</para>
-
- <para><application>sendmail</application> has been updated from
- version 8.13.1 to version 8.13.3. &merged;</para>
-
- <para><application>sendmail</application> has been updated from
- version 8.13.3 to version 8.13.4. It now supports
- <literal>OSTYPE(freebsd6)</literal>.</para>
-
- <para><application>tcpdump</application> has been updated from
- v3.8.3 to v3.9.1 (alpha 096).</para>
-
- <para><application>tcsh</application> has been updated from
- 6.13.00 to 6.14.00.</para>
-
- <para><application>texinfo</application> has been updated from 4.6
- to 4.8.</para>
-
- <para>The timezone database has been updated from the
- <application>tzdata2004e</application> release to the
- <application>tzdata2004g</application> release. &merged;</para>
-
- <para>The <application>WPA Supplicant</application>
- v0.3.9 has been imported. This provides WPA Supplicant
- component of WPA/IEEE 802.11i features.
- For more details, see &man.wpa.supplicant.8;.</para>
-
+ <para></para>
</sect2>
<sect2 id="ports">
<title>Ports/Packages Collection Infrastructure</title>
- <para>The &man.pkg.create.1; utility now supports a
- <option>-R</option> flag. When creating a package file
- from the locally installed package, it creates package
- files for all packages on which that locally installed
- package depends if this flag is specified.</para>
-
- <para>The &man.pkg.version.1; utility now supports a
- <option>-q</option> flag to suppress the output of the port
- version comparison characters <literal>&lt;</literal>,
- <literal>=</literal>, and <literal>&gt;</literal>.</para>
-
- <para>The &man.pkg.version.1; utility now supports a
- <option>-I</option> flag, which causes only the
- <filename>INDEX</filename> file to be used for determining if a
- package is out of date. &merged;</para>
-
- <para>The
- <filename>ports/INDEX<replaceable>*</replaceable></filename>
- files, which kept an index of all of the entries in the ports
- collection, have been removed from the CVS repository. &merged;
- These files were generated only infrequently, and therefore were
- usually out-of-date and inaccurate. Users requiring an index
- file (such as for use by programs such as &man.portupgrade.1;)
- have two alternatives for obtaining a copy:</para>
-
- <itemizedlist>
- <listitem>
- <para>Build an index file based on the current ports tree by
- running <command>make index</command> from the top of the
- <filename>ports/</filename> tree.</para>
- </listitem>
-
- <listitem>
- <para>Fetch an index file over the network by running
- <command>make fetchindex</command> from the top of the
- <filename>ports/</filename> tree. This index file will
- (typically) be accurate to within a day.</para>
- </listitem>
- </itemizedlist>
-
+ <para></para>
</sect2>
<sect2 id="releng">
<title>Release Engineering and Integration</title>
- <para>In prior &os; releases, the <filename>disc1</filename>
- CD-ROM (or ISO image) was a bootable installation disk
- containing the base system, ports tree, and common packages.
- The <filename>disc2</filename> CD-ROM (or ISO image) was a
- bootable <quote>fix it</quote> disk with a live filesystem, to
- be used for making emergency repairs. This layout has now
- changed. For all architectures except ia64, the
- <filename>disc1</filename> image now contains the base system
- distribution files, ports tree, and the live filesystem, making
- it suitable for both an initial installation and repair
- purposes. (On the ia64, the live filesystem is on a separate
- disk due to its size.) Packages appear on separate
- disks; in particular, the <filename>disc2</filename> image
- contains commonly packages such as desktop environments.
- Documents from the &os; Documentation Project also appear on
- <filename>disc2</filename>. &merged;</para>
-
- <para>The supported version of the
- <application>GNOME</application> desktop environment has been
- updated from 2.6.2 to 2.10.1. More information about
- running <application>GNOME</application> on &os; can be found on
- the <ulink url="&url.base;/gnome/">FreeBSD GNOME Project</ulink>
- Web page. &merged;
-
- <note>
- <para>Users of older versions of the
- <application>GNOME</application> desktop
- (<filename role="package">x11/gnome2</filename>)
- must take particular care in upgrading. Simply upgrading it
- from the &os; Ports Collection with &man.portupgrade.1;
- (<filename role="package">sysutils/portupgrade</filename>)
- will cause serious problems.
- <application>GNOME</application> desktop users should read
- the instructions carefully at
- <ulink url="&url.base;/gnome/docs/faq210.html"></ulink>
- and use the
- <ulink url="&url.base;/gnome/gnome_upgrade.sh"><filename>gnome_upgrade.sh</filename></ulink>
- script to properly upgrade to
- <application>GNOME</application> 2.10.</para>
- </note>
- </para>
-
- <para>The supported version of the <application>KDE</application>
- desktop environment has been updated from 3.3.0 to
- 3.4.0. More information regarding running
- <application>KDE</application> on &os; can be found on the
- <ulink url="http://freebsd.kde.org/">KDE on FreeBSD</ulink> Web
- page. &merged;
-
- <note>
- <para>Users of older versions of
- <application>KDE</application> should follow the upgrading
- procedure documented on the
- <ulink url="http://freebsd.kde.org/">KDE on FreeBSD</ulink> Web
- page or in <filename>ports/UPDATING</filename>.</para>
- </note>
- </para>
-
- <para>The supported version of <application>Xorg</application> has
- been updated from 6.7.0 to 6.8.2. &merged;</para>
-
+ <para></para>
</sect2>
<sect2 id="doc">
<title>Documentation</title>
- <para>Documentation of existing functionality has been improved by
- the addition of the following manual pages: &man.ataraid.4;,
- &man.bus.space.9;,
- &man.central.4;, &man.clkbrd.4;, &man.creator.4;,
- &man.devfs.conf.5, &man.devfs.rules.5,
- &man.ebus.4;, &man.eeprom.4;,
- &man.fhc.4;,
- &man.machfb.4;,
- &man.ofw.console.4;, &man.openfirm.4;, &man.openprom.4;,
- &man.pmap.page.init.9;, &man.pthread.atfork.3;,
- &man.rtc.4;,
- &man.sbus.4;, &man.sched.4bsd.4;, &man.sched.ule.4;, &man.snd.fm801.4;,
- &man.snd.neomagic.4;, &man.snd.via8233.4;, &man.snd.via82c686.4;,
- and &man.snd.vibes.4;.</para>
-
- <para>Manual pages in the base system have received a number of
- cleanups, both for content and presentation. Cross-references
- are more correct and consistent, standard section headings are
- now used throughout, and markup has been cleaned up.</para>
-
- <para>The following manual pages, which were derived from RFCs
- and possibly violate the IETF's copyrights, have been replaced:
- &man.gai.strerror.3;,
- &man.getaddrinfo.3;,
- &man.getnameinfo.3;,
- &man.inet6.opt.init.3;,
- &man.inet6.option.space.3;,
- &man.inet6.rth.space.3;,
- &man.inet6.rthdr.space.3;,
- &man.icmp6.4;, and
- &man.ip6.4;. &merged;</para>
-
+ <para></para>
</sect2>
</sect1>
<sect1 id="upgrade">
<title>Upgrading from previous releases of &os;</title>
- <para>Source upgrades to &os; &release.current; are only supported
- from &os; 5.3-RELEASE or later. Users of older systems wanting to
- upgrade &release.current; will need to update to &os; 5.3 or newer
- first, then to &os; &release.current;.</para>
+ <para></para>
<important>
<para>Upgrading &os; should, of course, only be attempted after
diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
index 89b9a18..a6e787e 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@@ -113,322 +113,18 @@
<sect2 id="security">
<title>Security Advisories</title>
- <para>A bug in the &man.fetch.1; utility, which allows
- a malicious HTTP server to cause arbitrary portions of the client's
- memory to be overwritten, has been fixed.
- For more information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:16.fetch.asc">FreeBSD-SA-04:16.fetch</ulink>.
- &merged;</para>
-
- <para>A bug in &man.procfs.5; and &man.linprocfs.5;
- which could allow a malicious local user to read parts of kernel
- memory or perform a local
- denial of service attack by causing a system panic,
- has been fixed.
- For more information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc">FreeBSD-SA-04:17.procfs</ulink>.
- &merged;</para>
-
- <para>Two buffer overflows in the TELNET client program have been
- corrected. They could have allowed a malicious TELNET server or
- an active network attacker to cause &man.telnet.1; to execute
- arbitrary code with the privileges of the user running it.
- More information can be found in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc">FreeBSD-SA-05:01.telnet</ulink>.
- &merged;</para>
-
- <para>An information disclosure vulnerability in the
- &man.sendfile.2; system call, which could permit it to transmit
- random parts of kernel memory, has been fixed. More details are
- in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc">FreeBSD-SA-05:02.sendfile</ulink>.
- &merged;</para>
-
- <para arch="amd64">A possible privilege escalation vulnerability on &os;/amd64
- has been fixed. This allows unprivileged users to gain direct
- access to some hardware which cannot be accessed
- without the elevated privilege level. More details are in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc">FreeBSD-SA-05:03.amd64</ulink>.
- &merged;</para>
-
- <para>An information leak vulnerability in the
- <literal>SIOCGIFCONF</literal> &man.ioctl.2;, which leaked 12
- bytes of kernel memory, has been fixed. More details are in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc">FreeBSD-SA-05:04.ifconf</ulink>.
- &merged;</para>
-
- <para>Several programming errors in &man.cvs.1;, which could
- potentially cause arbitrary code to be executed on CVS servers,
- have been corrected. Further information can be found in
- security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc">FreeBSD-SA-05:05.cvs</ulink>.
- &merged;</para>
-
- <para>An error in the default permissions on the <filename
- class="devicefile">/dev/iir</filename> device node, which
- allowed unprivileged local users can send commands to the
- hardware supported by the &man.iir.4; driver, has been fixed.
- For more information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc">FreeBSD-SA-05:06.iir</ulink>.
- &merged;</para>
-
- <para>A bug in the validation of &man.i386.get.ldt.2; system call
- input arguments, which may allow kernel memory to be disclosed
- to a user process, has been fixed. For more information, see
- security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc">FreeBSD-SA-05:07.ldt</ulink>.
- &merged;</para>
-
- <para>Several information disclosure vulnerabilities in various
- parts of the kernel have been fixed. For more information, see
- security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc">FreeBSD-SA-05:08.kmem</ulink>.
- &merged;</para>
-
- <para arch="i386,amd64">Because of an information disclosure vulnerability on
- processors using Hyper-Threading Technology (HTT), the
- <varname>machdep.hyperthreading_allowed</varname> sysctl
- variable has been added. It defaults to <literal>1</literal>
- (HTT enabled) on &os; CURRENT, and <literal>0</literal> (HTT
- disabled) on the 4-STABLE and 5-STABLE development branches and
- supported security fix branches. More information can be found
- in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc">FreeBSD-SA-05:09.htt</ulink>.
- &merged;</para>
-
- <para>A bug in the &man.tcpdump.1; utility which allows
- a malicious remote user to cause a denial-of-service
- by using specially crafted packets, has been fixed.
- For more information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:10.tcpdump.asc">FreeBSD-SA-05:10.tcpdump</ulink>.
- &merged;</para>
-
- <para>Two problems in the &man.gzip.1; utility have been fixed.
- These may allow a local user to modify permissions
- of arbitrary files and overwrite arbitrary local
- files when uncompressing a file.
- For more information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:11.gzip.asc">FreeBSD-SA-05:11.gzip</ulink>.
- &merged;</para>
-
- <para>A bug in <application>BIND 9</application> DNSSEC has been fixed.
- When DNSSEC is enabled, this bug may allow a remote attacker to inject
- a specially crafted packet which will cause &man.named.8; to terminate.
- For more information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:12.bind9.asc">FreeBSD-SA-05:12.bind9</ulink>.
- &merged;</para>
-
- <para>A bug has been fixed in &man.ipfw.4; that could cause
- packets to be matched incorrectly against a lookup table. This
- bug only affects SMP machines or UP machines that have the
- <literal>PREEMPTION</literal> kernel option enabled. More
- information is contained in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc">FreeBSD-SA-05:13.ipfw</ulink>.
- &merged;</para>
-
- <para>Two security-related problems have been fixed in
- &man.bzip2.1;. These include a potential denial of service and
- unauthorized manipulation of file permissions. For more
- information, see security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip2.asc">FreeBSD-SA-05:14.bzip2</ulink>.
- &merged;</para>
-
- <para>Two problems in &os;'s TCP stack have been fixed. They
- could allow attackers to stall existing TCP connections,
- creating a denial-of-service situation. More information is
- contained in security advisory
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc">FreeBSD-SA-05:15.tcp</ulink>.
- &merged;</para>
-
+ <para></para>
</sect2>
<sect2 id="kernel">
<title>Kernel Changes</title>
- <para arch="i386">Support for 80386 processors (the
- <literal>I386_CPU</literal> kernel configuration option) has
- been removed. Users running this class of CPU should use &os;
- 5.<replaceable>X</replaceable> or earlier.</para>
-
- <para>The kernel debugger &man.ddb.4; now supports a
- <command>show alllocks</command> command, which dumps a list of processes
- and threads currently holding sleep mutexes (and spin mutexes for
- the current thread). &merged;</para>
-
- <para arch="amd64,i386,pc98">The kernel crash dump format has been changed to
- ELF to support large memory (more than 4GB) environment.</para>
-
- <para>The &man.ichsmb.4; driver is now available as a loadable
- kernel module.</para>
-
- <para>The &man.jail.8; feature now supports a new sysctl
- <varname>security.jail.chflags_allowed</varname>, which controls the
- behavior of &man.chflags.1; within a jail.
- If set to <literal>0</literal> (the default), then a jailed <username>root</username> user is
- treated as an unprivileged user; if set to <literal>1</literal>, then
- a jailed root user is treated the same as an unjailed <username>root</username> user. &merged;</para>
-
- <para>A sysctl <varname>security.jail.getfsstatroot_only</varname> has been
- renamed to <varname>security.jail.enforce_statfs</varname> and
- now supports the following policies:</para>
-
- <informaltable frame="none">
- <tgroup cols="2">
- <colspec colwidth="1*">
- <colspec colwidth="3*">
- <thead>
- <row>
- <entry>Value</entry>
- <entry>Policy</entry>
- </row>
- </thead>
-
- <tbody>
- <row>
- <entry>0</entry>
- <entry>Show all mount-points without any restrictions.</entry>
- </row>
-
- <row>
- <entry>1</entry>
- <entry>Show only mount-points below jail's chroot and show only part of the
- mount-point's path (for example, if the jail's chroot directory is
- <filename>/jails/foo</filename> and
- mount-point is
- <filename>/jails/foo/usr/home</filename>,
- only <filename>/usr/home</filename> will be shown).</entry>
- </row>
-
- <row>
- <entry>2</entry>
- <entry>Show only mount-point where jail's chroot directory is placed.</entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
-
- <para arch="alpha,amd64,i386,sparc64">The loader tunable <varname>debug.mpsafevm</varname>
- has been enabled by default. &merged;</para>
-
- <para>&man.memguard.9;, a kernel memory allocator designed to help detect
- <quote>tamper-after-free</quote> scenarios, has been added.
- This must be explicitly enabled via <literal>options
- DEBUG_MEMGUARD</literal>, plus small kernel modifications. It
- is generally intended for use by kernel developers.</para>
-
- <para><varname>struct ifnet</varname> and network interface API
- have been changed. Due to ABI incompatibility, all drivers
- not in the &os; base system need to be updated to use
- the new API and recompiled.</para>
-
- <para>A number of bugs have been fixed in the ULE
- scheduler. &merged;</para>
-
- <para>Fine-grained locking to allow much of the VFS stack to run
- without the Giant lock has been added. This is enabled by default
- on the alpha, amd64, and i386 architectures, and can be disabled
- by setting the loader tunable (and sysctl variable)
- <varname>debug.mpsafevfs</varname> to
- <literal>0</literal>.</para>
-
- <para arch="i386">A bug in Inter-Processor Interrupt (IPI)
- handling, which could cause SMP systems to crash under heavy
- load, has been fixed. More details are contained in errata note
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:03.ipi.asc">FreeBSD-EN-05:03.ipi</ulink>.
- &merged;</para>
-
- <para>System V IPC objects (message queues, semaphores, and shared
- memory) now have support for Mandatory Access Control policies,
- notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and
- &man.mac.test.4;.</para>
-
- <para arch="i386">Memory allocation for legacy PCI bridges has
- been limited to the top 32MB of RAM. Many older, legacy bridges
- only allow allocation from this range. This change only applies
- to devices which do not have their memory assigned by the BIOS.
- This change fixes the <quote>bad Vcc</quote> error of CardBus
- bridges (&man.pccbb.4;). &merged;</para>
-
- <para>The &man.sysctl.3; MIBs beginning with <quote>debug</quote>
- now require the kernel option <literal>options SYSCTL_DEBUG</literal>.
- This option is disabled by default.</para>
-
- <para>The generic &man.tty.4; driver interface has been added
- and many device drivers including
- &man.cx.4; (<literal>{tty,cua}x</literal>),
- &man.cy.4; (<literal>{tty,cua}c</literal>),
- &man.digi.4; (<literal>{tty,cua}D</literal>),
- &man.rc.4; (<literal>{tty,cua}m</literal>),
- &man.rp.4; (<literal>{tty,cua}R</literal>),
- &man.sab.4; (<literal>{tty,cua}z</literal>),
- &man.si.4; (<literal>{tty,cua}A</literal>),
- &man.sio.4; (<literal>{tty,cua}d</literal>),
- sx (<literal>{tty,cua}G</literal>),
- &man.uart.4; (<literal>{tty,cua}u</literal>),
- &man.ubser.4; (<literal>{tty,cua}y</literal>),
- &man.ucom.4; (<literal>{tty,cua}U</literal>), and
- &man.ucycom.4; (<literal>{tty,cua}y</literal>)
- have been rewritten to use it. Note that <filename>/etc/remote</filename>
- and <filename>/etc/ttys</filename> have been updated as well.</para>
-
- <para>The &man.vkbd.4; driver has been added. This driver
- provides a software loopback mechanism that can implement
- a virtual AT keyboard similar to what the &man.pty.4; driver
- does for terminals.</para>
-
- <!-- Above this line, sort kernel changes by manpage/keyword-->
-
- <para arch="i386,amd64">&os; always uses the local APIC timer
- even on uni-processor systems now.</para>
-
- <para arch="i386,amd64,ia64">The default <varname>HZ</varname>
- parameter (which controls various kernel timers) has been
- increased from <literal>100</literal> to <literal>1000</literal>
- on the i386 and ia64. It has been reduced from
- <literal>1024</literal> to <literal>1000</literal> on the amd64
- to reduce synchronization effects with other system
- clocks.</para>
-
- <para>The maximum length of shell commands has changed from 128
- bytes to <varname>PAGE_SIZE</varname>. By default, this value
- is either 4KB (i386, pc98, amd64, and powerpc) or 8KB (sparc64
- and ia64). As a result, compatibility modules need to be
- rebuilt to stay synchronized with data structure changes in the
- kernel.</para>
-
- <para>A new tunable <varname>vm.blacklist</varname> has been added.
- This can hold a space or comma separated list of physical addresses.
- The pages containing these physical addresses will
- not be added to the free list and thus will effectively
- be ignored by the &os; VM system. The physical addresses
- of any ignored pages are listed in the message buffer as well.</para>
+ <para></para>
<sect3 id="boot">
<title>Boot Loader Changes</title>
- <para arch="i386">A serial console-capable version of
- <filename>boot0</filename> has been added. It can be written
- to a disk using &man.boot0cfg.8; and specifying
- <filename>/boot/boot0sio</filename> as the argument to the
- <option>-b</option> option.</para>
-
- <para arch="i386"><filename>cdboot</filename> now works around a
- BIOS problem observed on some systems when booting from USB
- CDROM drives.</para>
-
- <para>The <command>autoboot</command> loader command
- now supports the prompt parameter.</para>
-
- <para>The <command>autoboot</command> loader command will now prevent the user
- from interrupting the boot process at all if the
- <varname>autoboot_delay</varname> variable is set to
- <literal>-1</literal>. &merged;</para>
-
- <para>A loader menu option to set <varname>hint.atkbd.0.flags=0x1</varname>
- has been added. This setting allows USB keyboards to work
- if no PS/2 keyboard is attached.</para>
-
- <para>The beastie boot menu has been disabled by default.</para>
+ <para></para>
<!-- Above this line, order boot loader changes by keyword-->
@@ -437,1228 +133,85 @@
<sect3 id="proc">
<title>Hardware Support</title>
- <para arch="i386,amd64">The &man.acpi.4; driver now turns
- the ACPI and PCI devices off or to a lower power state
- when suspending, and back on again when resuming.
- This behavior can be disabled by
- setting the <varname>debug.acpi.do_powerstate</varname> and
- <varname>hw.pci.do_powerstate</varname> sysctls to <literal>0</literal>.</para>
-
- <para arch="i386,amd64">The &man.acpi.ibm.4; driver for IBM laptops
- has been added. It provides support for the various
- hotkeys and reading fan status and thermal
- sensors.</para>
-
- <para arch="i386,amd64">The &man.acpi.fujitsu.4; driver for handling
- &man.acpi.4;-controlled buttons Fujitsu laptops has been added.</para>
-
- <para arch="i386,amd64">The acpi_sony driver,
- which supports the Sony Notebook Controller on various
- Sony laptops has been added.</para>
-
- <para>The &man.atkbdc.4;, &man.atkbd.4;, and &man.psm.4;
- drivers have been rewritten in more bus-independent way,
- and now support the EBus found on the sparc64 platform.</para>
-
- <para arch="sparc64">The following device drivers have been
- added and enabled by default in the
- <filename>GENERIC</filename> kernel:
- &man.atkbdc.4;,
- &man.atkbd.4;,
- creator(4),
- machfb(4),
- &man.syscons.4;,
- &man.ohci.4;,
- &man.psm.4;,
- &man.ukbd.4;,
- &man.ums.4;,
- and &man.usb.4;.</para>
-
- <para arch="sparc64">The &man.auxio.4; driver has been added; it supports
- some auxiliary I/O functions found on various SBus/EBus
- &ultrasparc; models. &merged;</para>
-
- <para arch="sparc64">The clkbrd driver has been added to support
- the <literal>clock-board</literal> device frequently found on
- Sun E<replaceable>xx</replaceable>00 servers.</para>
-
- <para>A framework for flexible processor speed control has been
- added. It provides methods for various drivers to control CPU
- power utilization by adjusting the processor speed. More
- details can be found in the &man.cpufreq.4; manual page. &merged;
- Currently supported drivers include ichss (Intel SpeedStep for ICH),
- acpi_perf (ACPI CPU performance states), and acpi_throttle
- (ACPI CPU throttling). The latter two drivers are contained
- in the &man.acpi.4; driver. These can individually be disabled by setting device
- hints such as <varname>hint.<replaceable>ichss</replaceable>.0.disabled="1"</varname>.</para>
-
- <para>The &man.hwpmc.4; hardware performance
- monitoring counter driver has been added.
- This driver virtualizes the hardware performance monitoring
- facilities in modern CPUs and provides support for using
- these facilities from user level processes. For more details,
- see manual pages of &man.hwpmc.4;, associated libraries,
- and associated userland utilities.</para>
-
- <para arch="i386">Support for the OLDCARD subsystem has
- been removed. The NEWCARD system is now used for all PCCARD
- device support.</para>
-
- <para>The pcii driver has been added to support GPIB-PCIIA IEEE-488
- cards. &merged;</para>
-
- <para>The &man.atkbd.4; driver now supports a <literal>0x8</literal>
- (bit 3) flag to disable testing the keyboard port during
- the device probe as this can cause hangs on some machines,
- specifically Compaq R3000Z series amd64 laptops.</para>
-
- <para arch="i386">The &man.pbio.4; driver,
- which supports direct access to
- the Intel 8255A programmable peripheral interface (PPI)
- chip running in mode 0 (simple I/O) has been added.</para>
-
- <para>The &man.psm.4; driver now has improved support for
- Synaptics Touchpad users. It now has better tracking of
- slow-speed movement and support for various extra
- buttons and dials. These features can be tuned with the
- <varname>hw.psm.synaptics.<replaceable>*</replaceable></varname>
- hierarchy of sysctl variables.</para>
-
- <para arch="sparc64">The rtc driver has been added to support
- the MC146818-compatible clock found on some &ultrasparc; II
- and III models. &merged;</para>
-
- <para arch="i386">The &man.syscons.4; driver now supports VESA
- (15, 16, 24, and 32 bit) modes. To enable this feature, two
- kernel options <literal>SC_PIXEL_MODE</literal> and
- <literal>VESA</literal> (or corresponding kernel module)
- are needed.</para>
-
- <para arch="sparc64">The &man.uart.4; driver is now enabled in
- the <filename>GENERIC</filename> kernel, and is now the
- default driver for serial ports. The &man.ofw.console.4; and
- &man.sab.4; drivers are now disabled in the
- <filename>GENERIC</filename> kernel. &merged;</para>
-
- <para>The &man.uftdi.4; driver now supports the FTDI FT2232C
- chip.</para>
-
- <para>The &man.uplcom.4; driver now supports handling of the
- <literal>CTS</literal> signal.</para>
-
- <para>The &man.ehci.4; driver has been improved.</para>
-
- <para arch="sparc64">The zs driver has been removed
- in favor of the &man.uart.4; driver.</para>
+ <para></para>
<sect4 id="mm">
<title>Multimedia Support</title>
- <para arch="sparc64">The &man.snd.audiocs.4; driver has been
- added to support the Crystal Semiconductor CS4231 audio
- controller found on &ultrasparc;
- workstations. &merged;</para>
-
- <para>The &man.snd.csa.4; driver now supports
- suspend and resume operation.</para>
-
- <para>The &man.uaudio.4; driver now has some added
- functionality, including volume control on more inputs and
- recording capability on some devices. &merged;</para>
-
+ <para></para>
</sect4>
<sect4 id="net-if">
<title>Network Interface Support</title>
- <para>The &man.ath.4; driver has been updated to split the
- transmit rate control algorithm into a separate module.
- One of <literal>device ath_rate_onoe</literal>,
- <literal>device ath_rate_amrr</literal>, or
- <literal>device ath_rate_sample</literal> must be included in
- the kernel configuration when using the &man.ath.4;
- driver.</para>
-
- <para>The &man.bge.4; driver now supports the &man.altq.4;
- framework, as well as the BCM5714, 5721, 5750, 5751, 5751M and 5789
- chips. &merged;</para>
-
- <para>The &man.cdce.4; USB Communication Device Class Ethernet
- driver has been added. &merged;</para>
-
- <para>The &man.cp.4; driver is now MPSAFE. &merged;</para>
-
- <para>The &man.ctau.4; driver is now MPSAFE. &merged;</para>
-
- <para>The &man.cx.4; driver is now MPSAFE. &merged;</para>
-
- <para>The &man.dc.4; driver now supports the &man.altq.4;
- framework. &merged;</para>
-
- <para>The &man.ed.4; driver now supports the &man.altq.4;
- framework. &merged;</para>
-
- <para>In the &man.em.4; driver, hardware support for VLAN
- tagging is now disabled by default due to some interactions
- between this feature and promiscuous mode. &merged;</para>
-
- <para>Ethernet flow control is now disabled by default in the
- &man.fxp.4; driver, to prevent problems on a subnet when a system panics
- or is left in the kernel debugger. &merged;</para>
-
- <para>The gx(4) driver has been removed because
- it is no longer maintained actively and
- the &man.em.4; driver supports all of the supported hardware.</para>
-
- <para>The &man.hme.4; driver is now MPSAFE. &merged;</para>
-
- <para>The &man.ipw.4; (for Intel PRO/Wireless 2100),
- &man.iwi.4; (for Intel PRO/Wireless 2200BG/2225BG/2915ABG),
- &man.ral.4; (for Ralink Technology RT2500),
- and &man.ural.4; (for Ralink Technology RT2500USB)
- drivers have been added.</para>
-
- <para>The &man.ixgb.4; driver is now MPSAFE. &merged;</para>
-
- <para>The musycc driver, for the LanMedia LMC1504 T1/E1
- network interface card, has been removed due to
- disuse.</para>
-
- <para arch="i386,amd64">Drivers using the &man.ndis.4; device
- driver wrapper mechanism are now built and loaded
- differently. The &man.ndis.4; driver can now be pre-built
- as module or statically compiled into a kernel. Individual
- drivers can now be built with the &man.ndisgen.8; utility;
- the result is a kernel module that can be loaded into a
- running kernel using &man.kldload.8;. &merged;</para>
-
- <para arch="amd64">The &man.ndis.4; device driver wrapper now
- supports &windows;/x86-64 binaries on amd64
- systems. &merged;</para>
-
- <para arch="i386,amd64">The &man.nve.4; driver, which supports the
- nVidia nForce MCP Networking Adapter, has been added.</para>
-
- <para>The &man.re.4; driver now supports the &man.altq.4;
- framework. &merged;</para>
-
- <para>The &man.sf.4; driver now has support for device polling
- and &man.altq.4;. &merged;</para>
-
- <para>Several programming errors in the &man.sk.4; driver have
- been corrected. These bugs were particular to SMP systems, and
- could cause panics, page faults, aborted SSH connections, or
- corrupted file transfers. More details can be found in
- errata note
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:02.sk.asc">FreeBSD-EN-05:02.sk</ulink>.
- &merged;</para>
-
- <para>The &man.sk.4; driver now has support for &man.altq.4;.
- This driver also now supports jumbo frames on Yukon-based
- interfaces. &merged;</para>
-
- <para>The &man.ste.4; driver now has support for &man.altq.4;.</para>
-
- <para>The &man.vge.4; driver now has support for device polling
- (&man.polling.4;).</para>
-
- <para>Support for 802.11 devices in the &man.wlan.4; framework has been
- greatly overhauled. In addition to architectural changes,
- it includes completed 802.11g, WPA, 802.11i, 802.1x,
- WME/WMM, AP-side power-saving, and plugin frameworks for
- cryptography modules, authenticators, and access control.
- Note in particular that WEP now requires the
- <filename>wlan_wep</filename> module to be loaded (or
- compiled) into the kernel.</para>
-
- <para>The &man.xl.4; driver now supports
- &man.polling.4;. &merged;</para>
-
+ <para></para>
</sect4>
</sect3>
<sect3 id="net-proto">
<title>Network Protocols</title>
- <para>The MTU feedback in IPv6 has been disabled when the sender writes
- data that must be fragmented. &merged;</para>
-
- <para>The Common Address Redundancy Protocol (CARP) has
- been implemented. CARP comes from OpenBSD and allows
- multiple hosts to share an IP address, providing
- high availability and load balancing.
- For more information, see the &man.carp.4; manual page. &merged;</para>
-
- <para>The &man.if.bridge.4; network bridging implementation,
- originally from NetBSD, has been added. It supports the IEEE
- 802.1D Spanning Tree Protocol, individual interface devices
- for each bridge, and filtering of bridged packets.
- The &man.ifconfig.8; utility now supports to configure
- &man.if.bridge.4;.</para>
-
- <para>The &man.ipfw.4; <literal>IPDIVERT</literal> option is now
- available as a kernel loadable module.
- If this module is not loaded, &man.ipfw.4; will refuse to
- install <literal>divert</literal> rules and &man.natd.8;
- will return the error message <quote>protocol not supported</quote>.</para>
-
- <para>The &man.ipfw.4; system can work with
- <varname>debug.mpsafenet</varname>=<literal>1</literal>
- (this tunable is <literal>1</literal> by default)
- when the <literal>gid</literal>, <literal>jail</literal>,
- and/or <literal>uid</literal> rule options are used. &merged;</para>
-
- <para>The &man.ipfw.4; and &man.dummynet.4; systems now
- support IPv6.</para>
-
- <para>&man.ipfw.8; now supports classification and tagging
- of &man.altq.4; packets via a divert socket. It is also
- possible to specify rules that match TCP packets with specific
- payload sizes.</para>
-
- <para>The &man.ipfw.8; <literal>ipfw fwd</literal> rule now supports
- the full packet destination manipulation when the kernel option
- <literal>options IPFIREWALL_FORWARD_EXTENDED</literal> is specified
- in addition to <literal>options IPFIRWALL_FORWARD</literal>.
- This kernel option disables all restrictions to ensure proper
- behavior for locally generated packets and allows redirection of
- packets destined to locally configured IP addresses.
- Note that &man.ipfw.8; rules have to be carefully crafted to
- make sure that things like PMTU discovery do not break. &merged;</para>
-
- <para>The &man.ipfw.8; system now supports IPv4 only rules.</para>
-
- <para>&man.ipnat.8; now allows redirect rules to
- work for non-TCP/UDP packets. &merged;</para>
-
- <para>Ongoing work is reducing the use of the Giant lock by the
- network protocol stack and improving the locking
- strategies.</para>
-
- <para>The <filename>libalias</filename> library can now be built
- as a kernel module.</para>
-
- <para>The link state change notifications of network interfaces
- are sent to <filename>/dev/devctl</filename> now.</para>
-
- <para>A new &man.ng.ipfw.4; NetGraph node provides
- a simple interface between the &man.ipfw.4; and &man.netgraph.4;
- facilities.</para>
-
- <para>A new &man.ng.nat.4; NetGraph node has been added to
- perform NAT functions.</para>
-
- <para>A new &man.ng.netflow.4; NetGraph node allows a router
- running &os; to do NetFlow version 5 exports. &merged;</para>
-
- <para>A new &man.ng.tcpmss.4; NetGraph node has been added.
- This supports altering MSS options of TCP packets.</para>
-
- <para>The &man.sppp.4; driver now includes Frame Relay
- support. &merged;</para>
-
- <para>The &man.sppp.4; driver is now MPSAFE.</para>
-
- <para>The &os; routing table now requires gateways for routes
- to be of the same address family as the route itself.
- The &man.route.8; utility now rejects a combination of different
- address families. For example:</para>
-
- <screen>&prompt.root; route add 10.1.1.1 -inet6 fe80::1%fxp0</screen>
-
- <para>The new sysctl <varname>net.link.tap.user_open</varname>
- has been implemented. This allows unprivileged access to
- &man.tap.4; device nodes based on file system permissions.</para>
-
- <para>A bug in TCP that sometimes caused RST packets to
- be ignored if the receive window was zero bytes has been
- fixed. &merged;</para>
-
- <para>The <literal>RST</literal>
- handling of the &os; TCP stack has been improved
- to make reset attacks as difficult as possible while
- maintaining compatibility with the widest range of TCP stacks.
- The algorithm is as follows: For connections in the
- <literal>ESTABLISHED</literal>
- state, only resets with sequence numbers exactly matching
- <varname>last_ack_sent</varname> will cause a reset;
- all other segments will
- be silently dropped. For connections in all other states,
- a reset anywhere in the window will cause the connection
- to be reset. All other segments will be silently dropped.
- Note that this behavior technically violates the RFC 793 specification;
- the conventional (but less secure) behavior can be restored
- by setting a new sysctl <varname>net.inet.tcp.insecure_rst</varname>
- to <literal>1</literal>. &merged;</para>
-
- <para>Several bugs in the TCP SACK implementation have been
- fixed. &merged;</para>
-
- <para>RFC 1644 T/TCP support has been removed. This is because
- the design is based on a weak security model that can easily
- permit denial-of-service attacks. This TCP
- extension has been considered a defective one in
- a recent Internet Draft.</para>
-
- <para>The KAME IPv4 IPsec implementation integrated
- in &os; now supports TCP-MD5. &merged;</para>
-
- <para>Random ephemeral port number allocation has led to some
- problems with port reuse at high connection rates. This
- feature is now disabled during periods of high connection
- rates; whenever new connections are created faster than
- <varname>net.inet.ip.portrange.randomcps</varname> per second,
- port number randomization is disabled for the next
- <varname>net.inet.ip.portrange.randomtime</varname>
- seconds. The default values for these two sysctl variables
- are <literal>10</literal> and <literal>45</literal>,
- respectively. &merged;</para>
-
- <para>Fine-grained locking has been applied to many of the data
- structures in the IPX/SPX protocol stack. While not fully
- MPSAFE at this point, it is generally safe to use IPX/SPX
- without the Giant lock (in other words, the
- <varname>debug.mpsafenet</varname> sysctl variable may be set
- to <literal>1</literal>).</para>
-
- <para>Unix domain sockets now support the
- <literal>LOCAL_CREDS</literal> and
- <literal>LOCAL_CONNWAIT</literal> options.
- The <literal>LOCAL_CREDS</literal> option provides
- a mechanism for the receiver to receive the credentials
- of the process as a &man.recvmsg.2; control message.
- The <literal>LOCAL_CONNWAIT</literal>
- option causes the &man.connect.2; function to block
- until &man.accept.2; has been called on the listening socket.
- For more details, see the &man.unix.4; manual page.</para>
+ <para></para>
</sect3>
<sect3 id="disks">
<title>Disks and Storage</title>
- <para>The &man.amr.4; driver is now safe for use on systems
- using &man.pae.4;. &merged;</para>
-
- <para arch="i386,ia64">The &man.arcmsr.4; driver has been added.
- It supports the Areca ARC-11<replaceable>xx</replaceable> and
- ARC-12<replaceable>xx</replaceable> series of SATA RAID
- controllers. &merged;</para>
-
- <para>The &man.ata.4; family of drivers has been overhauled and
- updated. It has been split into modules that can be loaded
- and unloaded independently (the <filename>atapci</filename>
- and <filename>ata</filename> modules are prerequesites for the
- device subdrivers, which are <filename>atadisk</filename>,
- <filename>atapicd</filename>, <filename>atapifd</filename>,
- <filename>atapist</filename>, and
- <filename>ataraid</filename>). On supported SATA controllers,
- devices can be hot inserted/removed. ATA RAID support has
- been rewritten and supports a number of new metadata formats.
- The <filename>atapicd</filename> driver no longer supports CD
- changers. This update has been referred to as <quote>ATA
- mkIII</quote>.</para>
-
- <para>The SHSEC GEOM class has been added. It provides for the
- sharing of a secret between multiple GEOM providers. All of
- these providers must be present in order to reveal the
- secret. This feature is controlled by the &man.gshsec.8;
- utility. &merged;</para>
-
- <para>The &man.hptmv.4; driver, which supports the HighPoint
- RocketRAID 182x series, has been added. &merged;</para>
-
- <para>The &man.ips.4; driver now support kernel crash dumps
- on some modern ServeRAID models. &merged;</para>
-
- <para>The &man.matcd.4; driver has been removed. &merged;</para>
-
- <para>The default SCSI boot-time probe delay in the
- <filename>GENERIC</filename> kernel has been reduced from
- fifteen seconds to five seconds.</para>
-
- <para>The old vinum(4) subsystem has been removed
- in favor of the new &man.geom.4;-based version.</para>
-
- <para>The &man.twa.4; driver has been updated to
- the 9.2 release (for &os; 5.2.1) distributed from
- the 3ware website.</para>
-
- <para arch="pc98">The &man.wd.4; driver has been removed. The
- &man.ata.4; driver has been found to work well enough on the
- pc98 platform that there is no need for the older &man.wd.4;
- driver.</para>
-
- <para>Information about newly-mounted cd9660 file systems (such
- as the presence of RockRidge extensions) is now only printed
- if the kernel was booted in verbose mode. This change was
- made to reduce the amount of (generally unnecessary) kernel
- log messages. &merged;</para>
-
+ <para></para>
</sect3>
<sect3 id="fs">
<title>File Systems</title>
- <para>Recomputing the summary information for
- <quote>dirty</quote> UFS and UFS2 file systems is no longer
- done at mount time, but is now done by background
- &man.fsck.8;. This change improves the startup speed when
- mounting large file systems after a crash. The prior behavior
- can be restored by setting the
- <varname>vfs.ffs.compute_summary_at_mount</varname> sysctl
- variable to a non-zero value. &merged;</para>
-
- <para>A kernel panic in the NFS server has been fixed. More
- details can be found in errata note
- <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:01.nfs.asc">FreeBSD-EN-05:01.nfs</ulink>.
- &merged;</para>
-
- <para arch="i386,pc98">Read-only support for ReiserFS version 3 has been
- added. See &man.mount.reiserfs.8; for details.</para>
-
+ <para></para>
</sect3>
<sect3>
<title>Contributed Software</title>
- <para><application>ACPI-CA</application> has been updated from
- 20040527 to 20041119. &merged;</para>
-
+ <para></para>
</sect3>
</sect2>
<sect2 id="userland">
<title>Userland Changes</title>
- <para>The &man.burncd.8; utility now allows commands (such as
- <command>eject</command>) to take place after fixating a
- disk.</para>
-
- <para arch="amd64">Machine-specific optimized versions of
- &man.bcmp.3;, &man.bcopy.3;, &man.bzero.3;, &man.memcmp.3;,
- &man.memcpy.3;, &man.memmove.3;, &man.memset.3;, &man.strcat.3;
- and &man.strcpy.3; have been implemented. Several mathematics
- functions such as &man.ceill.3; and &man.sqrtf.3; are also
- replaced with the optimized versions.</para>
-
- <para>The &man.chflags.1; utility now supports the
- <option>-h</option> flag, which supports changing flags on
- symbolic links.</para>
-
- <para>The &man.env.1; program now supports a <option>-v</option>
- flag to write the command to standard error before it is executed.</para>
-
- <para>The &man.env.1; program now supports a <option>-S
- <replaceable>string</replaceable></option>
- option to split the <replaceable>string</replaceable> and pass them to
- the command as the command-line arguments.</para>
-
- <para>The &man.env.1; program now supports a <option>-P
- <replaceable>altpath</replaceable></option>
- option to set the command search path used to look for
- the command.</para>
-
- <para>The &man.ftpd.8; program now uses the <literal>212</literal>
- and <literal>213</literal> status codes for directory
- and file status correctly (<literal>211</literal> was used in
- the previous versions). This behavior is described in RFC 959.
- &merged;</para>
-
- <para>The <literal>create</literal> command of the &man.gpt.8;
- utility now supports a <option>-f</option> command-line flag to
- force creation of a GPT even when there is an MBR record on a
- disk. &merged;</para>
-
- <para>The &man.getaddrinfo.3; function now queries <literal>A</literal>
- DNS resource records before <literal>AAAA</literal> records
- when <literal>AF_UNSPEC</literal> is specified.
- Some broken DNS servers return <literal>NXDOMAIN</literal>
- against non-existent <literal>AAAA</literal> queries,
- even when it should return <literal>NOERROR</literal>
- with empty return records. This is a problem for an IPv4/IPv6 dual
- stack node because the <literal>NXDOMAIN</literal> returned
- by the first query of an <literal>AAAA</literal> record makes
- the querying server stop attempting to resolve the <literal>A</literal>
- record if any. Also, this behavior has been recognized as a potential
- denial-of-service attack (see <ulink url="http://www.kb.cert.org/vuls/id/714121"></ulink>
- for more details).
- Note that although the query order has been changed,
- the returned result still includes
- <literal>AF_INET6</literal> records before
- <literal>AF_INET</literal> records. &merged;</para>
-
- <para>The &man.gethostbyname.3;, &man.gethostbyname2.3;, and
- &man.gethostbyaddr.3; functions are now thread-safe. &merged;</para>
-
- <para>The &man.getnetent.3;, &man.getnetbyname.3;, and
- &man.getnetbyaddr.3; functions are now thread-safe. &merged;</para>
-
- <para>The &man.getprotoent.3;, &man.getprotobyname.3;, and
- &man.getprotobynumber.3; functions are now thread-safe. &merged;</para>
-
- <para>The &man.getservent.3;, &man.getservbyname.3;, and
- &man.getservbyport.3; functions are now thread-safe. &merged;</para>
-
- <para>For conformation to IEEE Std 1003.1-2001
- (also known as POSIX 2001), the <varname>n_net</varname> member
- of <varname>struct netent</varname> and the first argument
- of &man.getnetbyaddr.3; has been changed to an <literal>uint32_t</literal>.
- Due to these changes, the ABI on 64-bit platforms is
- incompatible with previous releases of &os; and
- the major version number of the <filename>libpcap</filename>
- shared library has been bumped.
- On 64-bit platforms being upgraded from older &os; versions, all
- userland programs that use &man.getnetbyaddr.3;,
- &man.getnetbyname.3;, &man.getnetent.3;, and/or
- <filename>libpcap</filename> have to be recompiled.</para>
-
- <para>The gvinum(8) utility now supports the
- <command>checkparity</command>,
- <command>rebuildparity</command>, and
- <command>setstate</command>
- subcommands. &merged;</para>
-
- <para>The &man.ifconfig.8; utility has been restructured. It is
- now more modular and flexible with respect to supporting
- interface-specific functionality. The 802.11 support has been
- updated to support recent changes to the 802.11 subsystem and
- drivers.</para>
-
- <para>Support for abbreviated forms of a number of &man.ipfw.8;
- options has been deprecated. Warnings are printed to stderr
- indicating the correct full form when one of these abbreviations
- is detected.</para>
-
- <para>The &man.kldstat.8; utility now supports a
- <option>-m</option> option to return the status of a specific
- kernel module. &merged;</para>
-
- <para>The on-disk format of <literal>LC_CTYPE</literal> files has
- been changed to be machine-independent.</para>
-
- <para>The <application>libkvm</application> now supports
- ELF crash dump on amd64 and i386 platforms,
- large crash dump (more than 4GB) in 32-bit platforms,
- and PAE crash dump on i386 platform.</para>
-
- <para>The &man.mixer.8; utility now supports the <option>-S</option>
- option. This is the same as the <option>-s</option> option
- but does not output mixing field separators.</para>
-
- <para>A bug in the <filename>libalias</filename> library
- which causes a core dump when the <option>-reverse</option>
- option is specified in &man.natd.8; has been fixed.</para>
-
- <para>The <filename>libarchive</filename> library (as well as the
- &man.tar.1; command that uses it) now has support for reading ISO
- images (with optional RockRidge extensions) and ZIP archives
- (with <literal>deflate</literal> and <literal>none</literal>
- compression). &merged;</para>
-
- <para>The <filename>libarchive</filename> library now supports
- handling a ZIP archive entry with more than 4GB compressed size (ZIP64
- extension) and Unix extension.</para>
-
- <para>The <filename>libgpib</filename> library has been added to
- give userland access to GPIB devices (using the the pcii driver)
- via the
- <function>ib<replaceable>foo</replaceable></function>
- API. &merged;</para>
-
- <para>The default stack sizes in <filename>libpthread</filename>,
- <filename>libthr</filename>,
- and <filename>libc_r</filename> have been increased. On 32-bit
- platforms, the main thread receives a 2MB stack size by default,
- with other threads receiving a 1MB stack size by default. On
- 64-bit platforms, the default stack sizes are 4MB and 2MB
- respectively. &merged;</para>
-
- <para>The <filename>libxpg4</filename> library has been removed
- because all of its functionality was long ago merged into
- <filename>libc</filename>.
- All binaries linked with <filename>libxpg4</filename>
- must be recompiled or use &man.libmap.conf.5;.
- Note that the &os; base system has no such binaries.</para>
-
- <para>The &man.lpd.8; program now checks to make sure the data
- file has been completely transfered before starting to
- print it when a data file received from some other host.
- Some implementations of &man.lpr.1; send the control file
- for a print job before sending the matching data files,
- which can cause problems if the receiving host is
- a busy print-server. &merged;</para>
-
- <para>A number of new functions have been implemented in the
- &man.math.3; library. These include &man.ceill.3;,
- &man.floorl.3;, &man.ilogbl.3;, &man.fma.3; and variants,
- &man.lrint.3; and variants, and &man.lround.3; and
- variants. &merged;</para>
-
- <para>The &man.mknod.8; utility is now deprecated.
- Device nodes have been managed by the &man.devfs.5; device file
- system since &os; 5.0.</para>
-
- <para arch="i386">The &man.mkuzip.8; utility, which
- compresses file system images for use with
- <literal>GEOM_UZIP</literal> &man.geom.4; module,
- has been added. &merged;</para>
-
- <para>The &man.moused.8; daemon now supports <quote>virtual
- scrolling</quote>, in which mouse motions made while holding
- down the middle mouse button are interpreted as scrolling. This
- feature is enabled with the <option>-V</option>
- flag. &merged;</para>
-
- <para>A separate directory has been added for &man.named.8;
- dynamic zones which is owned by the <username>bind</username> user
- (for creation of the zone journal file).
- For more detail, see an example dynamic zone in the sample
- &man.named.conf.5;. &merged;</para>
-
- <para>The &man.ncal.1; utility now supports a <option>-m</option>
- flag to generate a calendar for a specified month in the current
- year. &merged;</para>
-
- <para>The &man.newfs.8; utility now supports a <option>-n</option>
- flag to suppress the creation of a <filename>.snap</filename>
- directory on new file systems. This feature is intended for use
- on memory or vnode file systems that will not require snapshot
- support. &merged;</para>
-
- <para>The &man.newfs.8; utility now emits a warning when creating
- a UFS or UFS2 file system that cannot support snapshots. This
- situation can occur in the case of very large file systems with
- small block sizes. &merged;</para>
-
- <para>The &man.newsyslog.8; utility now supports
- a <option>-d</option> option to specify an alternate root for log files
- similar to <varname>DESTDIR</varname> in the BSD make process.
- This only affects log file paths, not configuration file (<option>-f</option>)
- or archive directory (<option>-a</option>) paths.</para>
-
- <para>The &man.newsyslog.8; utility now supports a
- <option>-N</option> that causes it not to rotate any files.</para>
-
- <para>The <literal>NO_NIS</literal> compile-time knob for userland
- has been added. As its name implies, enabling this
- <filename>Makefile</filename> variable will cause NIS support to
- be excluded from various programs and will cause the NIS
- utilities to not be built. &merged;</para>
-
- <para>For years, &os; has used <filename>Makefile</filename>
- variables of the form
- <varname>NO<replaceable>FOO</replaceable></varname> and
- <varname>NO_<replaceable>FOO</replaceable></varname>. For
- consistency, those variables using the former naming convention
- have been converted to the
- <varname>NO_<replaceable>FOO</replaceable></varname> form. The
- file <filename>/usr/share/mk/bsd.compat.mk</filename> has a
- complete list of these variables; it also implements some
- temporary backward compatibility for the old names.</para>
-
- <para>The &man.periodic.8; security output now supports the display of
- information about blocked packet counts from &man.pf.4;. &merged;</para>
-
- <para>The &man.pgrep.1; command now supports a <option>-S</option> option
- which allows matching system processes (kernel threads).</para>
-
- <para>The &man.pgrep.1; and &man.pkill.1; commands now support a
- <option>-F</option> option, which matches a process whose PID is
- stored in a file.</para>
-
- <para>The &man.pgrep.1; and &man.pkill.1; commands now support a
- <option>-i</option> option to ignore case in the process match.</para>
-
- <para>The &man.pgrep.1; and &man.pkill.1; commands now support a
- <option>-j</option> option that matches processes
- based on their &man.jail.2; ID.</para>
-
- <para>The &man.pgrep.1; and &man.pkill.1; commands now support a
- <option>-o</option> option which matches only the oldest
- (least recently started) of the matching processes.</para>
-
- <para>The &man.powerd.8; program for managing power consumption has been
- added.</para>
-
- <para>The &man.ppp.8; program now implements an
- <option>echo</option> parameter, which allows LCP ECHOs to be
- enabled independently of LQR reports. Older versions of
- &man.ppp.8; would revert to LCP ECHO mode on negotiation
- failure. It is now necessary to specify <command>enable
- echo</command> to get this behavior. &merged;</para>
-
- <para>The <option>disable NAS-IP-Address</option> and
- <option>disable NAS-Identifier</option> options,
- which support pre-RFC 2865 RADIUS servers
- have been added to the &man.ppp.8; program.</para>
-
- <para>Two bugs in the &man.pppd.8; program have been fixed.
- They may result in an incorrect CBCP response,
- which violates the Microsoft PPP Callback Control Protocol
- section 3.2. &merged;</para>
-
- <para>The &man.ps.1; utility now supports a <literal>jid</literal>
- keyword in the <option>-o</option> option. It displays the
- &man.jail.2; ID of each process.</para>
-
- <para>The &man.pstat.8; program now supports a <option>-h</option> option
- to print swap sizes with SI prefixes such as K, M, and G,
- which are used to form binary multiples.</para>
-
- <para>The &man.rescue.8; utilities in the <filename>/rescue</filename>
- directory now include &man.bsdtar.1; instead of GNU tar.</para>
-
- <para>The &man.restore.8; utility has regained the ability to read
- &os; version 1 dump tapes. &merged;</para>
-
- <para>A bug of the &man.rexecd.8; utility which results in
- it behaving as if the <option>-i</option> option is always
- specified has been fixed. &merged;</para>
-
- <para>The &man.rexecd.8; utility has been removed.
- There are no rexec clients in the &os; tree, and the client
- function &man.rexec.3; is present only in
- <filename>libcompat</filename>.</para>
-
- <para>The &man.rm.1; utility now supports an <option>-I</option>
- option that asks for confirmation (once) if recursively
- removing directories or if more than 3 files are listed in the
- command line. &merged;</para>
-
- <para>The &man.rm.1; utility now suppresses diagnostic messages
- when it attempts to remove a non-existent directory
- with the <option>-r</option> and <option>-f</option> options
- specified. This behavior is required by
- Version 3 of the Single UNIX Specification (SUSv3).</para>
-
- <para>The following ISO/IEC 9899:1999 standard functions
- have been implemented: <function>roundl()</function>,
- <function>lroundl()</function>, <function>llroundl()</function>,
- <function>truncl()</function>, and <function>floorl()</function>.</para>
-
- <para>An &man.rpmatch.3; library function has been added to check
- a string for being an affirmative or negative response in the
- current locale.</para>
-
- <para>The &man.rtld.1; dynamic linker now supports specifying
- library replacements via the <varname>LD_LIBMAP</varname>
- environment variable. This variable will override the entries
- in &man.libmap.conf.5;. &merged;</para>
-
- <para>The rune(3) non-standard multibyte and wide character support
- interface has been removed.</para>
-
- <para>&man.sed.1; now supports a <option>-l</option> option to
- make its output line-buffered. &merged;</para>
-
- <para>The &man.strftime.3; function now supports some GNU extensions
- such as <literal>-</literal> (no padding),
- <literal>_</literal> (use space as padding),
- and <literal>0</literal> (zero padding). &merged;</para>
-
- <para>The &man.syslog.3; function is now thread-safe. &merged;</para>
-
- <para>The &man.syslogd.8; utility now opens an additional domain
- socket (<filename>/var/run/logpriv</filename> by default),
- with <literal>0600</literal> permissions to be used
- by privileged programs. This prevents privileged
- programs from locking when the domain sockets
- run out of buffer space due to a
- local denial-of-service attack. &merged;</para>
-
- <para>The &man.syslogd.8; now supports the <option>-S</option> option,
- which allows to change the pathname of the privileged
- socket. This is useful for preventing the daemon
- from receiving any messages from the local sockets
- (<filename>/var/run/log</filename> and
- <filename>/var/run/logpriv</filename> are used by default).
- &merged;</para>
-
- <para>The &man.syslogd.8; utility now allows
- <literal>:</literal> and <literal>%</literal>
- characters in the hostname specifications.
- These characters are used in IPv6 addresses and scope IDs. &merged;</para>
-
- <para>The &man.systat.1; <option>-netstat</option> display is now
- IPv6-aware. &merged;</para>
-
- <para>The <option>-f</option> option of &man.tail.1; utility
- now supports more than one file at a time. &merged;</para>
-
- <para>The &man.telnet.1; and &man.telnetd.8; programs now support
- the <option>-S</option> option for specifying a numeric TOS
- byte.</para>
-
- <para>Prepending a <literal>+</literal> character to port numbers
- passed to &man.telnet.1; program will now disable option
- negotiation and allow the transfer of characters with the high
- bit set. This feature is intended to support the fairly common
- use of &man.telnet.1; as a protocol tester.</para>
-
- <para>The &man.tcpdrop.8; command, which closes a selected TCP
- connection, has been added. It was obtained from
- OpenBSD. &merged;</para>
-
- <para>&man.what.1; now supports a <option>-q</option> flag, which
- causes it to print matching text, but not format it.</para>
-
- <para>&man.whois.1; now supports
- a <option>-k</option> flag
- for querying <hostid role="fqdn">whois.krnic.net</hostid>
- (the National Internet Development Agency of Korea),
- which holds details of IP address allocations within
- Korea. &merged;</para>
-
- <para>The <option>-I</option> option of the &man.xargs.1; command
- has been changed to conform to IEEE Std 1003.1-2004.
- The standard requires that the constructed
- arguments cannot grow larger than 255 bytes.</para>
-
- <para>A bug, which caused the last line of configuration files such as &man.hosts.5;,
- &man.services.5;, and so on to be ignored if it did not end in a newline character,
- has been fixed. &merged;</para>
-
- <para>A new system user/group <username>_dhcp</username>
- has been added to support &man.dhclient.8; from OpenBSD.</para>
-
<sect3 id="rc-scripts">
<title><filename>/etc/rc.d</filename> Scripts</title>
- <para>The <filename>rc.d/bsnmpd</filename> startup script
- for &man.bsnmpd.1; has been added.</para>
-
- <para>The <filename>rc.d/jail</filename> startup script
- now supports <varname>jail_<replaceable>name</replaceable>_flags</varname>
- variable which allows to specify &man.jail.8; flags.
- &merged;</para>
-
- <para>&man.rc.conf.5; now supports changes of network interface names
- at boot time. &merged; For example:</para>
-
- <programlisting>ifconfig_fxp0_name="net0"
-ifconfig_net0="inet 10.0.0.1/16"</programlisting>
-
- <para>The <filename>rc.d/moused</filename> script now
- starts/stops/checks a specific device when
- the device name is given as the second argument to the script:</para>
-
- <screen>&prompt.root; /etc/rc.d/moused start ums0</screen>
-
- <para>To use different &man.rc.conf.5; knobs with different
- mice, use the device name as part of the knob.
- For example, if the mouse device is <filename>/dev/ums0</filename>
- the following lines can be used:</para>
-
- <programlisting>moused_ums0_enable=yes
-moused_ums0_flags="-z 4"
-moused_ums0_port="/dev/ums0"</programlisting>
-
- <para>&man.rc.conf.5; now supports the <varname>tmpmfs_flags</varname>
- and <varname>varmfs_flags</varname> variables.
- These can be used to pass extra options to the &man.mdmfs.8; utility,
- to customize the finer details of the &man.md.4; file system creation,
- such as to turn on/off softupdates, to specify a default owner
- for the file system, and so on. &merged;</para>
-
- <para>The following scripts have been removed because
- they were NetBSD specific and never used in &os;:
- <filename>altqd</filename>,
- <filename>dhcpd</filename>,
- <filename>dhcrelay</filename>,
- <filename>downinterfaces</filename>,
- <filename>gated</filename>,
- <filename>ifwatchd</filename>,
- <filename>kdc</filename>,
- <filename>lkm1</filename>,
- <filename>lkm2</filename>,
- <filename>lkm3</filename>,
- <filename>mixerctl</filename>,
- <filename>mopd</filename>,
- <filename>mountall</filename>,
- <filename>ndbootd</filename>,
- <filename>network</filename>,
- <filename>poffd</filename>,
- <filename>postfix</filename>,
- <filename>ppp</filename>,
- <filename>racoon</filename>,
- <filename>raidframe</filename>,
- <filename>rbootd</filename>,
- <filename>rtsold</filename>,
- <filename>screenblank</filename>,
- <filename>swap2</filename>,
- <filename>sysdb</filename>,
- <filename>wscons</filename>,
- <filename>xdm</filename>, and
- <filename>xfs</filename></para>
+ <para></para>
</sect3>
</sect2>
<sect2 id="contrib">
<title>Contributed Software</title>
- <para><application>awk</application> has been updated from the 7
- February 2004 release to the 24 April 2005 release.</para>
-
- <para><application>BIND</application> has been updated from version
- 9.3.0 to version 9.3.1. &merged;</para>
-
- <para><application>bsnmp</application> has been updated from 1.7
- to 1.10.</para>
-
- <para><application>bzip2</application> has been updated from 1.0.2
- to 1.0.3.</para>
-
- <para><application>OpenBSD dhclient</application> as of OpenBSD 3.7
- has been imported. It replaces the ISC DHCP client used in
- prior versions of &os;.</para>
-
- <para><application>FILE</application> has been updated from 4.10
- to 4.12.</para>
-
- <para><application>GNU GCC</application> has been updated from
- from 3.4.2-prerelease as of 28 July, 2004 to 3.4.4.</para>
-
- <para>A number of bug fixes and performance enhancements have been
- added to <application>GNU grep</application> in the form of
- patches from Fedora's grep-2.5.1-48 source RPM.</para>
-
- <para><application>GNU readline</application> has been updated from
- version 4.3 to version 5.0.</para>
-
- <para><application>IPFilter</application> has been updated from
- 3.4.35 to 4.1.18.</para>
-
- <para><application>Heimdal</application> has been updated from
- 0.6.1 to 0.6.3. &merged;</para>
-
- <para>The <application>hostapd</application>
- v0.3.9 has been imported. This is a user space IEEE
- 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
- Authenticator and RADIUS authentication server.
- For more details, see &man.hostapd.8;.</para>
-
- <para><application>libpcap</application> has been updated from
- v0.8.3 to v0.9.1 (alpha 096).</para>
-
- <para><application>libregex</application> has been updated from a
- snapshot from <application>GNU grep</application> 2.5.1 to a
- snapshot from the <literal>fedora-glibc-2_3_4-21</literal> tag
- in the <application>glibc</application> CVS repository.</para>
-
- <para><application>libz</application> has been updated from 1.2.1
- to 1.2.2.</para>
-
- <para><application>lukemftp</application> has been updated from a
- 26 April 2004 snapshot from OpenBSD's sources to a snapshot as
- of 16 May 2005.</para>
-
- <para>A snapshot of <application>netcat</application> from OpenBSD
- as of 4 February 2005 has been added. More information can be
- found in the &man.nc.1; manual page. &merged;</para>
-
- <para><application>NgATM</application> has been updated from 1.0
- to 1.2.</para>
-
- <para><application>OpenPAM</application> has been updated from the
- Eelgrass release to the Feterita release.</para>
-
- <para><application>OpenPAM</application> has been updated from the
- Feterita release to the Figwort release.</para>
-
- <para><application>OpenSSH</application> has been updated from 3.8p1
- to 4.1p1.</para>
-
- <para><application>OpenSSL</application> has been updated from
- 0.9.7d to 0.9.7e. &merged;</para>
-
- <para><application>pf</application> has been updated from the
- version included with <application>OpenBSD</application> 3.5 to
- the version included with <application>OpenBSD</application>
- 3.7.</para>
-
- <para><application>sendmail</application> has been updated from
- version 8.13.1 to version 8.13.3. &merged;</para>
-
- <para><application>sendmail</application> has been updated from
- version 8.13.3 to version 8.13.4. It now supports
- <literal>OSTYPE(freebsd6)</literal>.</para>
-
- <para><application>tcpdump</application> has been updated from
- v3.8.3 to v3.9.1 (alpha 096).</para>
-
- <para><application>tcsh</application> has been updated from
- 6.13.00 to 6.14.00.</para>
-
- <para><application>texinfo</application> has been updated from 4.6
- to 4.8.</para>
-
- <para>The timezone database has been updated from the
- <application>tzdata2004e</application> release to the
- <application>tzdata2004g</application> release. &merged;</para>
-
- <para>The <application>WPA Supplicant</application>
- v0.3.9 has been imported. This provides WPA Supplicant
- component of WPA/IEEE 802.11i features.
- For more details, see &man.wpa.supplicant.8;.</para>
-
+ <para></para>
</sect2>
<sect2 id="ports">
<title>Ports/Packages Collection Infrastructure</title>
- <para>The &man.pkg.create.1; utility now supports a
- <option>-R</option> flag. When creating a package file
- from the locally installed package, it creates package
- files for all packages on which that locally installed
- package depends if this flag is specified.</para>
-
- <para>The &man.pkg.version.1; utility now supports a
- <option>-q</option> flag to suppress the output of the port
- version comparison characters <literal>&lt;</literal>,
- <literal>=</literal>, and <literal>&gt;</literal>.</para>
-
- <para>The &man.pkg.version.1; utility now supports a
- <option>-I</option> flag, which causes only the
- <filename>INDEX</filename> file to be used for determining if a
- package is out of date. &merged;</para>
-
- <para>The
- <filename>ports/INDEX<replaceable>*</replaceable></filename>
- files, which kept an index of all of the entries in the ports
- collection, have been removed from the CVS repository. &merged;
- These files were generated only infrequently, and therefore were
- usually out-of-date and inaccurate. Users requiring an index
- file (such as for use by programs such as &man.portupgrade.1;)
- have two alternatives for obtaining a copy:</para>
-
- <itemizedlist>
- <listitem>
- <para>Build an index file based on the current ports tree by
- running <command>make index</command> from the top of the
- <filename>ports/</filename> tree.</para>
- </listitem>
-
- <listitem>
- <para>Fetch an index file over the network by running
- <command>make fetchindex</command> from the top of the
- <filename>ports/</filename> tree. This index file will
- (typically) be accurate to within a day.</para>
- </listitem>
- </itemizedlist>
-
+ <para></para>
</sect2>
<sect2 id="releng">
<title>Release Engineering and Integration</title>
- <para>In prior &os; releases, the <filename>disc1</filename>
- CD-ROM (or ISO image) was a bootable installation disk
- containing the base system, ports tree, and common packages.
- The <filename>disc2</filename> CD-ROM (or ISO image) was a
- bootable <quote>fix it</quote> disk with a live filesystem, to
- be used for making emergency repairs. This layout has now
- changed. For all architectures except ia64, the
- <filename>disc1</filename> image now contains the base system
- distribution files, ports tree, and the live filesystem, making
- it suitable for both an initial installation and repair
- purposes. (On the ia64, the live filesystem is on a separate
- disk due to its size.) Packages appear on separate
- disks; in particular, the <filename>disc2</filename> image
- contains commonly packages such as desktop environments.
- Documents from the &os; Documentation Project also appear on
- <filename>disc2</filename>. &merged;</para>
-
- <para>The supported version of the
- <application>GNOME</application> desktop environment has been
- updated from 2.6.2 to 2.10.1. More information about
- running <application>GNOME</application> on &os; can be found on
- the <ulink url="&url.base;/gnome/">FreeBSD GNOME Project</ulink>
- Web page. &merged;
-
- <note>
- <para>Users of older versions of the
- <application>GNOME</application> desktop
- (<filename role="package">x11/gnome2</filename>)
- must take particular care in upgrading. Simply upgrading it
- from the &os; Ports Collection with &man.portupgrade.1;
- (<filename role="package">sysutils/portupgrade</filename>)
- will cause serious problems.
- <application>GNOME</application> desktop users should read
- the instructions carefully at
- <ulink url="&url.base;/gnome/docs/faq210.html"></ulink>
- and use the
- <ulink url="&url.base;/gnome/gnome_upgrade.sh"><filename>gnome_upgrade.sh</filename></ulink>
- script to properly upgrade to
- <application>GNOME</application> 2.10.</para>
- </note>
- </para>
-
- <para>The supported version of the <application>KDE</application>
- desktop environment has been updated from 3.3.0 to
- 3.4.0. More information regarding running
- <application>KDE</application> on &os; can be found on the
- <ulink url="http://freebsd.kde.org/">KDE on FreeBSD</ulink> Web
- page. &merged;
-
- <note>
- <para>Users of older versions of
- <application>KDE</application> should follow the upgrading
- procedure documented on the
- <ulink url="http://freebsd.kde.org/">KDE on FreeBSD</ulink> Web
- page or in <filename>ports/UPDATING</filename>.</para>
- </note>
- </para>
-
- <para>The supported version of <application>Xorg</application> has
- been updated from 6.7.0 to 6.8.2. &merged;</para>
-
+ <para></para>
</sect2>
<sect2 id="doc">
<title>Documentation</title>
- <para>Documentation of existing functionality has been improved by
- the addition of the following manual pages: &man.ataraid.4;,
- &man.bus.space.9;,
- &man.central.4;, &man.clkbrd.4;, &man.creator.4;,
- &man.devfs.conf.5, &man.devfs.rules.5,
- &man.ebus.4;, &man.eeprom.4;,
- &man.fhc.4;,
- &man.machfb.4;,
- &man.ofw.console.4;, &man.openfirm.4;, &man.openprom.4;,
- &man.pmap.page.init.9;, &man.pthread.atfork.3;,
- &man.rtc.4;,
- &man.sbus.4;, &man.sched.4bsd.4;, &man.sched.ule.4;, &man.snd.fm801.4;,
- &man.snd.neomagic.4;, &man.snd.via8233.4;, &man.snd.via82c686.4;,
- and &man.snd.vibes.4;.</para>
-
- <para>Manual pages in the base system have received a number of
- cleanups, both for content and presentation. Cross-references
- are more correct and consistent, standard section headings are
- now used throughout, and markup has been cleaned up.</para>
-
- <para>The following manual pages, which were derived from RFCs
- and possibly violate the IETF's copyrights, have been replaced:
- &man.gai.strerror.3;,
- &man.getaddrinfo.3;,
- &man.getnameinfo.3;,
- &man.inet6.opt.init.3;,
- &man.inet6.option.space.3;,
- &man.inet6.rth.space.3;,
- &man.inet6.rthdr.space.3;,
- &man.icmp6.4;, and
- &man.ip6.4;. &merged;</para>
-
+ <para></para>
</sect2>
</sect1>
<sect1 id="upgrade">
<title>Upgrading from previous releases of &os;</title>
- <para>Source upgrades to &os; &release.current; are only supported
- from &os; 5.3-RELEASE or later. Users of older systems wanting to
- upgrade &release.current; will need to update to &os; 5.3 or newer
- first, then to &os; &release.current;.</para>
+ <para></para>
<important>
<para>Upgrading &os; should, of course, only be attempted after
OpenPOWER on IntegriCloud