diff options
| author | bmah <bmah@FreeBSD.org> | 2003-01-19 23:17:03 +0000 |
|---|---|---|
| committer | bmah <bmah@FreeBSD.org> | 2003-01-19 23:17:03 +0000 |
| commit | 93fa00b5559ca0b1edeed35e1b8aabd787b33cb8 (patch) | |
| tree | 19a6ed50956e8730eb89a0c3eb1819761d9fde92 /release/doc | |
| parent | 7033e80512b4a5cc048a2f244de9db4143ee28bc (diff) | |
| download | FreeBSD-src-93fa00b5559ca0b1edeed35e1b8aabd787b33cb8.zip FreeBSD-src-93fa00b5559ca0b1edeed35e1b8aabd787b33cb8.tar.gz | |
Trim release notes for HEAD in a post-5.0 world.
Diffstat (limited to 'release/doc')
| -rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/article.sgml | 4471 | ||||
| -rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/common/new.sgml | 4471 |
2 files changed, 36 insertions, 8906 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index 093e75d..e2be9ff 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -96,3083 +96,85 @@ <sect2 id="kernel"> <title>Kernel Changes</title> - <para arch="i386,pc98">Execution of &man.a.out.5; format executables now - requires the <literal>COMPAT_AOUT</literal> option in the kernel - configuration or the loading of the <filename>aout.ko</filename> - kernel module.</para> - - <para>&man.acct.2; has been changed to open the accounting file in - append mode, so that &man.accton.8; can be used to enable - accounting to an append-only file. &merged;</para> - - <para arch="i386" role="historic">The &man.amdpm.4; driver has been added to - provide access to the system monitoring functions of the AMD 756 - chipset. &merged;</para> - - <para arch="i386,alpha,ia64" role="historic">The &man.agp.4; driver for AGP devices has been - added. &merged;</para> - - <para arch="i386,pc98">Preliminary support for Bluetooth devices has - been added, in the form of a series of Netgraph modules (see - &man.ng.bluetooth.4;). Two modules provide device driver - support for Bluetooth adapters: The &man.ng.bt3c.4; driver - supports the 3Com/HP Bluetooth PCCARD adapters, while the - &man.ng.ubt.4; driver supports several USB Bluetooth adapters. - - <note> - <para>Bluetooth support in &os; is a work in progress.</para> - </note> - - </para> - - <para>A new in-kernel cryptographic framework (see &man.crypto.4; - and &man.crypto.9;) has been imported from OpenBSD. It provides - a consistent interface to hardware and software implementations - of cryptographic algorithms for use by the kernel and access to - cryptographic hardware for user-mode applications. - Hardware device drivers are provided to support hifn-based cards - (&man.hifn.4;) and Broadcom-based cards (&man.ubsec.4;). &merged;</para> - - <para>A new &man.ddb.4; command <command>show pcpu</command> lists - some of the per-CPU data.</para> - - <para role="historic">Two new &man.ddb.4; commands, <command>hwatch</command> and - <command>dhwatch</command>, have been introduced. Analogous to - <command>watch</command> and <command>dwatch</command>, they - install hardware watchpoints (as opposed to software - watchpoints) if supported by the architecture. &merged;</para> - - <para>A <filename>devctl</filename> device has been added to allow - userland programs to learn when devices come and go in the device - tree. This facility is primarily used - by the &man.devd.8; utility.</para> - - <para>&man.devfs.5;, which allows entries in the - <filename>/dev</filename> directory to be built automatically - and supports more flexible attachment of devices, has been - largely reworked. &man.devfs.5; is now enabled by default and - can be disabled by the <literal>NODEVFS</literal> kernel - option. - A <quote>rule</quote> subsystem - permits the administrator to define certain properties of new device - nodes before they become visible to the userland. Both static (e.g. - <filename>/dev/speaker</filename>) and dynamic (e.g. - <filename>/dev/bpf*</filename>, some removable devices) nodes are - supported. Each &man.devfs.5; mount may have a different ruleset assigned to - it, permitting different policies to be implemented for things like - jails. Rules and rulesets are manipulated with the &man.devfs.8; - utility.</para> - - <para>A new digi driver has been added to support PCI Xr-based and - ISA Xem Digiboard cards. A new &man.digictl.8; program is - (mainly) used to re-initialize cards that have external port - modules attached such as the PC/Xem. This driver replaces the older - dgm driver.</para> - - <para>An &man.eaccess.2; system call has been added, similar to - &man.access.2; except that the former uses effective credentials - rather than real credentials.</para> - - <para arch="sparc64">Support has been added for EBus-based - devices.</para> - - <para arch="i386,pc98,powerpc">Initial support has been added for - FireWire devices (see &man.firewire.4;). &merged;</para> - - <para arch="i386" role="historic">The &man.ichsmb.4; driver for the Intel 82801AA - (ICH) SMBus controller and compatibles has been - added. &merged;</para> - - <para>Each &man.jail.2; environment can now run under its own - securelevel.</para> - - <para>The tunable sysctl variables for &man.jail.2; have moved - from <varname>jail.*</varname> to the - <varname>security.*</varname> hierarchy. Other security-related - sysctl variables have moved from <varname>kern.security.*</varname> to - <varname>security.*</varname>.</para> - - <para role="historic">The <varname>kern.maxvnodes</varname> limit now properly - limits the number of vnodes in use. Previously only vnodes with - no cached pages could be freed; this could allow the number of - vnodes to grow without limit on large-memory machines accessing - many small files. A <literal>vnlru</literal> kernel thread - helps to flush and reuse vnodes. &merged;</para> - - <para role="historic">The kernel message buffer is now accessible by the - (machine-independent) <varname>kern.msgbuf</varname> sysctl - variable; &man.dmesg.8; no longer needs to be SGID - <groupname>kmem</groupname>. &merged;</para> - - <para>The kernel environment is now dynamic, and can be changed - via the new &man.kenv.2; system call.</para> - - <para role="historic">The &man.kqueue.2; event notification facility was added to - the &os; kernel. This is a new interface which is able to - replace &man.poll.2;/&man.select.2;, offering improved - performance, as well as the ability to report many different - types of events. Support for monitoring changes in sockets, - pipes, fifos, and files are present, as well as for signals and - processes. &merged;</para> - - <para arch="i386,pc98" role="historic">A new <varname>KVA_SPACE</varname> kernel option - can be used to reconfigure the size of the kernel virtual - address space. &merged;</para> - - <para>The labpc(4) driver has been removed due to - <quote>bitrot</quote>.</para> - - <para>The loader and kernel linker now look for files named - <filename>linker.hints</filename> in each directory with KLDs - for a module name and version to KLD filename mapping. The new - &man.kldxref.8; utility is used to generate these files.</para> - - <para role="historic">Linux emulation now supports the kernel functionality - required by the - <filename role="package">emulators/linux_base</filename> - (RedHat 7.X emulation) port. &merged;</para> - - <para role="historic">Linux emulation now requires <literal>options - SYSVSEM</literal> in the kernel configuration. &merged;</para> - - <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control - security facility, has been added as a kernel module. It - provides a drop-in security mechanism in addition to the - traditional UID-based security facilities, requiring no - additional configuration from the administrator. Work on this - feature was sponsored by DARPA and NAI Labs.</para> - - <para>&os; now supports an extensible Mandatory Access Control - framework, the TrustedBSD MAC Framework. It permits loadable - kernel modules to link to the kernel at compile-time, boot-time, - or run-time to augment the system security policy. The - framework permits modules to express interest in a variety - of events, and also provides common security policy services - such as label storage. A variety of sample policy modules are - shipped in this release, including implementations of fixed - and floating label Biba integrity models, Multi-Level Security - (MLS) with compartments, and a number of augmented UNIX security - models including a file system firewall. This feature will - permit easier development and maintenance of local and vendor - security extensions. The extensibility service is enabled - by adding <literal>options MAC</literal> to the kernel - configuration. - - <note> - <para>The MAC framework is considered an experimental - feature in this release, and is not enabled by default</para> - </note> - </para> - - <para arch="ia64">Machine Check Architecture (MCA) records are now - collected at boot time and made available through the - <varname>hw.mca.*</varname> sysctl variables.</para> - - <para role="historic">The <varname>maxusers</varname> kernel configuration - parameter is now a boot-time tunable variable. The kernel - parameters derived from <varname>maxusers</varname> are now also - tunables and can be overridden at boot-time. The - <varname>hz</varname> parameter is also now a - tunable. &merged;</para> - - <para role="historic">Specifying a value of <literal>0</literal> for the - <varname>maxusers</varname> kernel configuration parameter will - now cause an appropriate value to be calculated at boot-time - (between 32 and 384, depending on the amount of memory present). - This value is now the default for all - <filename>GENERIC</filename> kernels. &merged;</para> - - <para arch="alpha" role="historic">A <varname>MAXMEM</varname> kernel option, - along with the <varname>hw.physmem</varname> loader tunable, can - be used to artificially reduce the memory size of a machine for - testing (or other purposes). &merged;</para> - - <para role="historic">The kernel configuration parameters - <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>, - <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>, - <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are - all loader tunables (<varname>kern.maxtsiz</varname>, - <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para> - - <para>&man.mutex.9; profiling code has been added, enabled by the - <literal>MUTEX_PROFILING</literal> kernel configuration option. - It enables the <varname>debug.mutex.prof.*</varname> hierarchy - of sysctl variables.</para> - - <para arch="i386,pc98" role="historic">The <literal>NCPU</literal>, - <literal>NAPIC</literal>, <literal>NBUS</literal>, and - <literal>NINTR</literal> kernel configuration options, - for configuring SMP kernels, have been removed. - <literal>NCPU</literal> is now set to a maximum of 16, - and the other, aforementioned options are now - dynamic. &merged;</para> - - <para role="historic">A &man.nmdm.4; null-modem terminal driver has been added. - &merged;</para> - - <para role="historic">The <literal>O_DIRECT</literal> flag has been added to - &man.open.2; and &man.fcntl.2;. Specifying this flag for open - files will attempt to minimize the cache effects of reading and - writing. &merged;</para> - - <para role="historic">An &man.orm.4; device has been added to claim the option - ROMs in the ISA memory I/O space, to prevent other drivers from - mistakenly assigning addresses that conflict with these - ROMs. &merged;</para> - - <para>The <literal>P1003_1B</literal> kernel option is no longer - used and has been removed.</para> - - <para arch="i386,pc98">PECOFF (Win32 Execution file format) support has - been added.</para> - - <para arch="pc98" role="historic">The pmc driver, which supports the power - management controller of the NEC PC-98NOTE, has been - added. &merged;</para> - - <para role="historic">POSIX.1b Shared Memory Objects are now supported. The - implementation uses regular files, but automatically enables the - MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para> - - <para role="historic">Replaced the <literal>PQ_*CACHE</literal> options with a - single <literal>PQ_CACHESIZE</literal> option to be set to the - cache size in kilobytes. The old options are still supported - for backwards compatibility. &merged;</para> - - <para arch="i386,pc98" role="historic">The &man.puc.4; (PCI <quote>Universal</quote> - Communications) driver has been added, to help connect PCI-based - serial ports to the &man.sio.4; driver. &merged;</para> - - <para>The &man.random.4; device has been rewritten to use the - <application>Yarrow</application> algorithm. It harvests - entropy from a variety of interrupt sources, including the - console devices, Ethernet and point-to-point network interfaces, - and mass-storage devices. Entropy from the &man.random.4; - device is now periodically saved to files in - <filename>/var/db/entropy</filename>, as well as at shutdown - time. The semantics of <filename>/dev/random</filename> have - changed; it never blocks waiting for entropy bits but generates - a stream of pseudo-random data and now behaves exactly as - <filename>/dev/urandom</filename>.</para> - - <para>A new kernel option, <literal>options REGRESSION</literal>, - enables interfaces and functionality intended for use during - correctness and regression testing.</para> - - <para><literal>RLIMIT_VMEM</literal> support has been added. This - feature defines a new resource limit that covers a process's - entire virtual memory space, including &man.mmap.2; space. This - limit can be configured in &man.login.conf.5; via the new - <varname>vmemoryuse</varname> variable. &merged;</para> - - <para arch="sparc64">Support has been added for SBus-based - devices.</para> - - <para arch="sparc64">The sab driver, which supports the Siemens - SAB82532 serial chip found on many newer Sparc Ultra machines, - has been added.</para> - - <para>A bug in the &man.sendfile.2; system call, in which headers - counted against the size of the file to be sent, has been - fixed. &merged;</para> - - <para role="historic">The &man.snp.4; device is no longer static and can now be - compiled as a module. &merged;</para> - - <para arch="i386" role="historic">The &man.spic.4; driver, which provides access - to the Jog Dial device on some Sony laptops, has been - added. &man.moused.8; support for this device has also been - added. &merged;</para> - - <para>The &man.syscons.4; driver now supports keyboard-controlled - pasting, by default bound to - <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para> - - <para role="historic">Support for USB devices was added to the - <filename>GENERIC</filename> kernel and to the installation - programs to support USB devices out of the box. Note that SRM - does not support USB devices at the moment, so you must still - use an AT keyboard if you are not using a serial - console. &merged;</para> - - <para>The uaudio driver, for USB audio devices, has been - added. &merged;</para> - - <para arch="i386,pc98">The ubsa driver has been added to support - the Belkin F5U103 (and compatible) USB-to-serial adaptors. &merged;</para> - - <para arch="i386,pc98" role="historic">The &man.umodem.4; driver for USB modems - has been added. Support is provided for the 3Com 5605 and - Metricom Ricochet GS wireless USB modems. &merged;</para> - - <para arch="i386,pc98" role="historic">The &man.uscanner.4; driver for basic USB - scanner support using SANE has been added. See <ulink - url="http://www.mostang.com/sane/">the SANE home page</ulink> - for supported scanners. The HP ScanJet 4100C, 5200C and 6300C - are known to be working. &merged;</para> - - <para>The &man.ucom.4; device driver has been added, to support USB - modems, serial devices, and other programs that need to look - like a tty. The related &man.uftdi.4;, &man.uplcom.4;, &man.uvscom.4; drivers provide specific - support for FTDI serial adapters, the Prolific PL-2303 serial adapter and the SUNTAC - Slipper U VS-10U, respectively. &merged;</para> - - <para>To increase security, the <literal>UCONSOLE</literal> kernel - configuration option has been removed.</para> - - <para arch="i386,pc98">The UserConfig boot-time kernel configuration - feature, usually used to enable, disable, or configure ISA - devices, has been removed. Its functionality has been replaced - by the kernel hints file in - <filename>/boot/device.hints</filename>.</para> - - <para>The <literal>USER_LDT</literal> kernel option is now - activated by default.</para> - - <para>The &man.uvisor.4; driver for connecting Handspring Visors via USB - has been added. &merged;</para> - - <para>A VESA S3 linear framebuffer driver has been added.</para> - - <para arch="i386" role="historic">The &man.viapm.4; driver for VIA SMBus - power management controllers has been added. &merged;</para> + <para></para> <!-- Above this line, sort kernel changes by manpage/keyword--> - <para role="historic">Write combining for crashdumps has been implemented. This - feature is useful when write caching is disabled on both SCSI - and IDE disks, where large memory dumps could take up to an hour - to complete. &merged;</para> - - <para>The kernel crashdump infrastructure has been revised, to - support new platforms and in general clean up the logic in the - code. One implication of this change is that the on-disk format - for kernel dumps has changed, and is now - byte-order-agnostic.</para> - - <para>Extremely large swap areas (>67 GB) no longer panic the - system.</para> - - <para arch="alpha">Support for threads under Linux emulation has - been added.</para> - - <para role="historic">The <maketarget>buildkernel</maketarget> target now gets the - name of the configuration(s) to build from the - <varname>KERNCONF</varname> variable, not - <varname>KERNEL</varname>. It is no longer required, in some - cases, for a <maketarget>buildworld</maketarget> to precede a - <maketarget>buildkernel</maketarget>. (The - <maketarget>buildworld</maketarget> is still required when - upgrading across major releases, across - <application>binutil</application> updates and when - &man.config.8; changes version.) &merged;</para> - - <para role="historic">The out-of-swap process termination code now begins killing - processes earlier to avoid deadlocks; it now also takes into - account the swap space used by processes when computing the - process sizes. &merged;</para> - - <para>Linker sets are now self-contained; gensetdefs(8) is - unnecessary and has been removed.</para> - - <para role="historic">Network device cloning has been implemented, and the - &man.gif.4; device has been modified to take advantage of it. - Thus, instead of specifying how many &man.gif.4; interfaces are - available in kernel configuration files, &man.ifconfig.8;'s - <option>create</option> option should be used when another device - instance is desired. &merged;</para> - - <para>It is now possible to hardwire kernel environment variables - (such as tunables) at compile-time using &man.config.8;'s - <literal>ENV</literal> directive.</para> - - <para>Idle zeroing of pages can be enabled with the - <varname>vm.idlezero_enable</varname> sysctl variable.</para> - - <para arch="i386,pc98" role="historic">The load addresses of kernels are now exported - to the symbol table and various hard-coded constants have been - removed so that utilities such as &man.ps.1; can work with - kernels compiled at different addresses. &merged;</para> - - <para role="historic">Coredumps of large processes (or of a large number of - processes) no longer lock up the machine for long periods of - time. &merged;</para> - - <para>The &os; kernel scheduler now supports Kernel-Scheduled - Entities (KSEs), which provides support for multiple threads of - execution per process similar to Scheduler Activations. At this - point, the kernel has most of the changes needed to support - threading. The kernel scheduler can schedule multiple threads per - process, but only on a single CPU at a time. More information - can be found in &man.kse.2;. - - <note> - <para>KSE is a work in progress.</para> - </note> - - </para> - - <para>The kernel now has support for multiple low-level console - devices. The new &man.conscontrol.8; utility helps to manage - the different consoles.</para> - - <para arch="alpha">The console driver has gained support for - TGA-based display adapters.</para> - - <para role="historic">The kernel on the installation CDs is now separated from the - <filename>mfsroot</filename> image. This permits the use of a - full kernel when installing from CD on machines that support CD - booting (instead of the stripped-down kernel used on - floppies). &merged;</para> - - <para role="historic">The system load average computation now adds some jitter to - the timing of samples, in order to avoid synchronization with - processes that run periodically. &merged;</para> - - <para role="historic">If a debugging kernel with modules is being built - (i.e. using <literal>makeoptions DEBUG=-g</literal>), the - modules will now be built with debugging support as well, for - completeness. A side effect of this change is that modules - built and installed with debugging kernels will now occupy more - space on disk than they did previously. &merged;</para> - - <para role="historic">The kernel dump device can now be set via the - <varname>dumpdev</varname> loader tunable. As a result, it is - now possible to obtain crash dumps from panics during the late - stages of kernel initialization (before the system enters into - single-user mode). &merged;</para> - - <para>The kernel memory allocator is now a slab memory allocator, - similar to that used in Solaris. This is a SMP-safe memory - allocator that has near-linear performance as the number of CPUs - increases. It also allows for reduced memory - fragmentation.</para> - <sect3> <title>Processor/Motherboard Support</title> - <para>SMP support has been largely reworked, incorporating code - from BSD/OS 5.0. One of the main features of SMPng - (<quote>SMP Next Generation</quote>) is to allow more - processes to run in kernel, without the need for spin locks - that can dramatically reduce the efficiency of multiple - processors. Interrupt handlers now have contexts associated - with them that allow them to be blocked, which reduces the - need to lock out interrupts.</para> - - <para arch="i386,pc98">Support for the 80386 processor has been - removed from the <filename>GENERIC</filename> kernel, as this - code seriously pessimizes performance on other IA32 - processors. - The <literal>I386_CPU</literal> kernel option - to support the 80386 processor is now mutually exclusive with - support for other IA32 processors; this should slightly - improve performance on the 80386 due to the elimination of - runtime processor type checks. - Custom kernels that will run on the 80386 can - still be built by changing the CPU options in the kernel - configuration file to only include - <literal>I386_CPU</literal>.</para> - - <para arch="alpha" role="historic">AlphaServer 1200 (<quote>Tincup</quote>) has - been tested and works OK. Currently it does not want to boot - from CD or floppy but a transplanted disk that was installed - on another Alpha works well. &merged;</para> - - <para arch="alpha">The API UP1100 mainboard has been verified to - work.</para> - - <para arch="alpha">The API CS20 1U high server has been verified - to work.</para> - - <para arch="alpha">Support for AlphaServer 2100A - (<quote>Lynx</quote>) has been added.</para> - - <para arch="alpha">Kernel code has been added that allows older - generation Alpha CPUs (EV4 and EV5) to emulate instructions of - the newer Alpha CPU generations. This enables the use of - binary-only programs like <application>Adobe Acrobat - 4</application> on EV4 and EV5.</para> - - <para arch="alpha">SMP support for the Alpha is now operational.</para> - - <para arch="i386" role="historic">Detection for new processors, such as the - FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and - Transmeta Crusoe LongRun, has been added. &merged;</para> - - <para arch="alpha">Support for the following hardware has been - removed from the installation kernel to make it fit on a - 1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine, - sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595), - pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS - 900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb - (Winbond W89C840F).</para> - - <para arch="i386" role="historic">Support for Streaming <acronym>SIMD</acronym> - Extensions (<acronym>SSE</acronym>) has been introduced. The - <literal>CPU_ENABLE_SSE</literal> kernel option controls - whether support is compiled into the kernel. &merged;</para> - - <para arch="i386" role="historic">The <literal>CPU_ATHLON_SSE_HACK</literal> - kernel option has been added, which attempts to enable the SSE - feature bit on newer Athlon CPUs if the BIOS has forgotten to - enable it. &merged;</para> - - <para arch="sparc64">The UltraSPARC platform is now supported by - &os;. The following machines are supported to at least some - degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade - 100. SMP is supported, and has been tested on the - Ultra 2, Ultra 60, Enterprise 220R, and - Enterprise 420R.</para> - - <para arch="i386">On some systems, the BIOS does not activate - the I/O ports and memory of PC devices, thus making them - unusable. The <varname>hw.pci.enable_io_modes</varname> - sysctl/boot loader variable (which defaults to - <literal>1</literal>, for <quote>enabled</quote>) - forces &os; to enable these devices so that they can be - used.</para> - - <para arch="alpha">Support for TurboChannel Alphas has been - removed.</para> - - <para arch="i386">Support for the AMD Élan SC520 has been - added; this requires the <literal>CPU_ELAN</literal> option in - the kernel configuration file. &merged;</para> - - <para arch="i386,pc98">The <literal>CPU_DISABLE_CMPXCHG</literal> - kernel configuration option has been added. Enabling this - option has been shown to dramatically improve performance on - VMWare client OS installs. - - <note> - <para>This option is not compatible with - <literal>SMP</literal> kernels.</para> - </note> - - </para> + <para></para> </sect3> <sect3> <title>Bootloader Changes</title> - <para arch="i386" role="historic"><filename>boot2</filename> now supports a - <option>-n</option> option to disallow boot interruption by - keypresses. &merged;</para> - - <para arch="i386" role="historic">A new <filename>cdboot</filename> bootstrap - utility for CDROMs provides better compatability with some - BIOS implementations that do not completely implement the El - Torito bootable CDROM standard. This boot loader supports - <quote>no emulation</quote> mode booting, thus eliminating the - need for an emulated floppy disk image on a bootable - CDROM. &merged;</para> - - <para arch="i386,pc98" role="historic">The i386 boot loader now has support for a - <literal>nullconsole</literal> console type, for use on - systems with neither a video console nor a serial - port. &merged;</para> - - <para arch="i386,pc98" role="historic">The &man.loader.8; now has optional support - (enabled at compile-time, off by default) for loading - <application>bzip2</application>-compressed kernels and - modules. &merged;</para> - - <para arch="i386" role="historic">Support for Intel's Wired for Management 2.0 - (PXE) was added to the &os; boot loader. Due to API - differences, the older PXE versions are not supported. This - allow network booting using DHCP. &merged;</para> - <para arch="pc98">The PC98 bootloader now has support for booting from SCSI MO media. &merged;</para> <!-- Above this line, order bootloader changes by keyword--> - <para arch="i386" role="historic">The &os; boot loader now contains a workaround - to support CDROM booting on certain IBM BIOSs that expect the - first sector of the emulated floppy to contain a valid MS-DOS - BPB that they can modify. &merged;</para> - - <para arch="i386,pc98" role="historic">The &os; boot loader now supports a - <option>-p</option> flag to force the kernel to pause after - each line of output during the probing phase. &merged;</para> - - <para arch="alpha,i386" role="historic">The &os; boot loader is now capable of - booting from filesystems with block sizes larger than - 8K. &merged;</para> - - <para>The kernel and modules have been moved to the directory - <filename>/boot/kernel</filename>, so they can be easily - manipulated together. The boot loader has been updated to - make this change as seamless as possible.</para> - - <para arch="alpha,i386,pc98,sparc64">The boot loader now - supports loading kernels from both UFS1 and UFS2 - filesystems.</para> - </sect3> <sect3> <title>Network Interface Support</title> - <para role="historic">The &man.an.4; driver for Cisco Aironet cards now supports - Wired Equivalent Privacy (WEP) encryption, settable via - &man.ancontrol.8;. &merged;</para> - - <para role="historic">The &man.an.4; driver now supports the Cisco Aironet 350 - series of adaptors. &merged;</para> - - <para role="historic">The &man.an.4; driver now supports <quote>monitor</quote> - mode, settable via the <option>-M</option> option to - &man.ancontrol.8;. &merged;</para> - - <para role="historic">The &man.an.4; driver now supports Cisco LEAP, as well as - the <quote>Home</quote> WEP key. The Linux Aironet utilities - are now supported under emulation. &merged;</para> - - <para arch="i386,pc98" role="historic">Generic support for ARCNET token-based - networks has been added. &merged;</para> - - <para arch="i386,pc98" role="historic">The &man.bge.4; driver has been added to - support the Broadcom BCM570x family of Gigabit Ethernet - controllers, including the 3Com 3c996-T, the SysKonnect - SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on - Dell PowerEdge 2550 servers. Output TCP/IP checksum offload, - jumbo frames and VLAN tag insertion/stripping are supported, - as well as interrupt moderation. &merged;</para> - - <para arch="i386" role="historic">The cm driver has been added to support SMC - COM90cx6 ARCNET network adapters. &merged;</para> - - <para>The &man.dc.4; driver now supports NICs based on the Xircom - 3201 and Conexant LANfinity RS7112 chips.</para> - - <para role="historic">The &man.dc.4; driver now has support for - VLANs. &merged;</para> - - <para role="historic">The &man.de.4; driver now performs round-robin arbitration - between the transmit and receive units of the 21143, instead - of giving priority to the receive unit. This gives a - 10–15% performance improvement in the forwarding rate - under heavy load. &merged;</para> - - <para arch="alpha">The &man.ed.4; driver is now supported.</para> - - <para arch="i386,pc98" role="historic">Linksys Fast Ethernet PCCARD cards supported - by the &man.ed.4; driver now require the addition of flag - <literal>0x80000</literal> to their config line in - &man.pccard.conf.5;. This flag is not optional. These - Linksys cards will not be recognized without - it. &merged;</para> - - <para role="historic">A bug in the &man.ed.4; driver that could cause panics - with very short packets and BPF or bridging active has been - fixed. &merged;</para> - - <para role="historic">The &man.ed.4; driver now has support for D-Link DL10022 - chips, necessary for the NetGear FA-410TX and other cards. As - a result, <literal>device miibus</literal> is required in - kernel configurations using the &man.ed.4; - driver. &merged;</para> - - <para arch="i386">The &man.el.4; driver can now be loaded as a - module.</para> - - <para arch="i386,pc98,ia64" role="historic">The &man.em.4; driver has been added to - support NICs based on the Intel 82542, 82543, 82544, 82545EM, - and 82546EB - Gigabit Ethernet controller chips. The driver has VLAN - support, and also supports - transmit/receive checksum offload and jumbo frames on 82543 - and 82544-based adapters. &merged;</para> - - <para role="historic">The &man.faith.4; device is now loadable, unloadable, and - clonable. &merged;</para> - - <para arch="i386,pc98" role="historic">Support for Fujitsu MB86960A/MB86965A based - Ethernet PC-Cards has been added back in the &man.fe.4; - driver. &merged;</para> - - <para arch="alpha" role="historic">The &man.fpa.4; driver now supports Digital's - DEFPA FDDI adaptors on the Alpha. &merged;</para> - - <para role="historic">The &man.fxp.4; driver now requires a <literal>device - miibus</literal> entry in the kernel configuration - file. &merged;</para> - - <para role="historic">The &man.fxp.4; driver now contains a workaround for PCI - protocol violations caused by defects in some systems based on - the Intel ICH2/ICH2-M chip. The workaround is to rewrite the - EEPROM on the interface to disable Dynamic Standby Mode; once - the EEPROM is rewritten, the system needs to be rebooted for - the new settings to take effect. &merged;</para> - - <para role="historic">The &man.fxp.4; driver now supports Intel's loadable - microcode to implement receive-side interrupt coalescing and - packet bundling, on NICs that support these features. This - support can be activated by the use of the - <option>link0</option> option to - &man.ifconfig.8;. &merged;</para> - - <para arch="sparc64">The gem driver has been added to support - the Sun GEM Gigabit Ethernet and ERI Fast Ethernet - adapters.</para> - - <para role="historic">The &man.gx.4; driver has been added to support NICs based - on the Intel 82542 and 82543 Gigabit Ethernet controller - chips. Both fiber and copper variants of the cards are - supported. Both boards support VLAN tagging/insertion, and - the 82543 additionally supports TCP/IP checksum - offload. &merged;</para> - - <para arch="sparc64">The hme driver has been added to support - the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra - series machines.</para> - - <para>The &man.lmc.4; driver has been added to support LAN Media - Corp WAN adapters based on the DEC <quote>Tulip</quote> PCI - Fast Ethernet controller.</para> - - <para role="historic">The &man.lge.4; driver has been added to support the Level - 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This - device is used on some fiber optic GigE cards from SMC, D-Link - and Addtron. Jumbograms and TCP/IP checksum offload on - receive are supported, although hardware VLAN filtering is - not. &merged;</para> - - <para role="historic">The my driver, which supports the Myson Fast Ethernet and - Gigabit Ethernet adapters, has been added. &merged;</para> - - <para role="historic">Added the &man.nge.4; driver, which supports PCI Gigabit - Ethernet adapters based on the National Semiconductor DP83820 - and DP83821 Gigabit Ethernet controller chips, including the - D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante - FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T. - This driver supports transmit and receive checksum - offloading. &merged;</para> - - <para role="historic">The &man.pcn.4; driver, which supports the AMD PCnet/FAST, - PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and - HomePNA adapters, has been added. Although these cards are - already supported by the &man.lnc.4; driver, the &man.pcn.4; - driver runs these chips in 32-bit mode and uses the RX - alignment feature to achieve zero-copy receive. This driver - is also machine-independent, so it will work on the i386, - pc98 and Alpha platforms. The &man.lnc.4; driver is still needed - to support non-PCI cards. &merged;</para> - - <para role="historic">The &man.ray.4; driver, which supports the Webgear Aviator - wireless network cards, has been committed. The operation of - &man.ray.4; interfaces can be modified by - &man.raycontrol.8;. &merged;</para> - - <para arch="i386,pc98">The &man.rp.4; driver has been updated to - version 3.02 and can now be built as a module. &merged;</para> - - <para arch="i386" role="historic">The sbni driver, for supporting the Granch - SBNI12 series of ISA and PCI point-to-point communications - interfaces, has been added. The <filename - role="package">sysutils/sbniconfig</filename> port in the &os; - Ports Collection can be used for configuring these - devices. &merged;</para> - - <para role="historic">Added support for PCI Ethernet adapters based on the SiS - 900 and SiS 7016 Fast Ethernet controller chips (for example, - as seen on the SiS 635 and 735 motherboard chipsets), as well - as the National Semiconductor DP83815 chipset (including the - NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4; - driver. This device has support for VLANs. &merged;</para> - - <para arch="pc98" role="historic">The snc driver for the National Semiconductor - DP8393X (SONIC) Ethernet controller has been added. - Currently, this driver is only used on the PC-98 - architecture. &merged;</para> - - <para>The &man.stf.4; device is now clonable.</para> - - <para role="historic">The &man.tap.4; driver, a virtual Ethernet device driver - for bridged configurations, has been added. This device is - clonable. &merged;</para> - - <para role="historic">The &man.ti.4; driver now supports the Alteon AceNIC - 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT - Gigabit cards. &merged;</para> - - <para role="historic">The &man.ti.4; driver correctly masks VLAN tags. &merged;</para> - - <para>The &man.tx.4; driver now supports true multicast - filtering.</para> - - <para role="historic">The &man.txp.4; driver has been added to support NICs - based on the 3Com 3XP Typhoon/Sidewinder (3CR990) - chipset. &merged;</para> - - <para role="historic">&man.vlan.4; devices are now loadable, unloadable, and - clonable. &merged;</para> - - <para role="historic">The &man.wi.4; driver now has support for Prism II and - Prism 2.5-based NICs. 104/128-bit WEP now works on Prism - cards. &merged;</para> - - <para role="historic">The &man.wi.4; driver now supports using a &os; host as - a wireless access point. This functionality can be enabled - using the <literal>mediaopt hostap</literal> option of - &man.ifconfig.8;. This feature requires a wireless - adapter based on the Prism II chipset. &merged;</para> - - <para role="historic">The &man.wi.4; driver now has support for - <application>bsd-airtools</application>. &merged;</para> - - <para role="historic">The xe driver can now be built as a - module. &merged;</para> - - <para role="historic">The &man.xl.4; driver now supports the 3Com 3C556 and - 3C556B MiniPCI adapters used on some laptops. &merged;</para> - - <para role="historic">The &man.xl.4; driver now supports reception of VLAN - tagged frames (on the <quote>Cyclone</quote> or newer - chipsets). &merged;</para> - - <para role="historic">The &man.xl.4; driver now supports send- and receive-side - TCP/IP checksum offloading for NICs implementing this feature, - such as the 3C905B, 3C905C, and 3C980C. &merged;</para> - - <para role="historic">A bug in the &man.xl.4; driver, related to statistics - overflow interrupt handling, was causing slowdowns at medium - to high packet rates; this has been fixed. &merged;</para> - - <para role="historic">The per-interface <varname>ifnet</varname> structure now - has the ability to indicate a set of capabilities supported by - a network interface, and which ones are enabled. - &man.ifconfig.8; has support for querying these - capabilities. &merged;</para> - - <para role="historic">Performance with hosts having a large number of IP aliases - has been improved, by replacing the per-interface - <varname>if_inaddr</varname> linear list with a hash table. &merged;</para> - - <para>Network devices now automatically appear as special files in - <filename>/dev/net</filename>. Interface hardware ioctls (not - protocol or routing) can be performed on these devices. The - <varname>SIOCGIFCONF</varname> ioctl may be performed on the - special <filename>/dev/network</filename> node.</para> - - <para role="historic">Selected network drivers now implement a semi-polling - mode, which makes systems much more resilient to attacks and - overloads. To enable polling, the following options are - required in a kernel configuration file: - - <programlisting>options DEVICE_POLLING -options HZ=1000 # not compulsory but strongly recommended</programlisting> + <para></para> - The <varname>kern.polling.enable</varname> sysctl variable - will then activate polling mode; with the - <varname>kern.polling.user_frac</varname> sysctl indicating - the percentage of CPU time to be reserved for userland. The - devices initially supporting polling are &man.dc.4;, - &man.fxp.4;, &man.nge.4;, &man.rl.4;, and &man.sis.4;. More details can be found in - the &man.polling.4; manual page. &merged;</para> - - <para arch="i386,pc98" role="historic">The packet-forwarding performance of certain - network drivers (specifically &man.dc.4; and &man.sis.4;) has - been enhanced by the elimination of unnecessary buffer - copies. &merged;</para> - - <para><quote>Zero copy</quote> support has been added to the - networking stack. This feature can eliminate a copy of - network data between the kernel and userland, which is one of - the more significant bottlenecks in network throughput. - The send-side code should work with almost any network - adapter, while the receive-side code requires a network - adapter with an MTU of at least one memory page size (for - example, jumbo frames on Gigabit Ethernet). For more - information, see &man.zero.copy.9;.</para> </sect3> <sect3> <title>Network Protocols</title> - <para role="historic">&man.accept.filter.9;, a kernel feature to reduce - overheads when accepting and reading new connections on - listening sockets, has been added. &merged;</para> - - <para role="historic">The <literal>proxy</literal> modifier to &man.arp.8;'s - <option>-d</option> option has been renamed to - <literal>pub</literal>, for consistency with the - <option>-s</option> option. The <literal>only</literal> keyword - has been added to the <option>-s</option> and - <option>-S</option> flags, to be used in creating - <quote>proxy-only</quote> published entries. &merged;</para> - - <para role="historic">The read timeout feature of &man.bpf.4; now works more - correctly with &man.select.2;/&man.poll.2;, and therefore with - pthreads. &merged;</para> - - <para role="historic">&man.bridge.4; and &man.dummynet.4; have received some - enhancements and bug fixes, and are now loadable - modules. &merged;</para> - - <para role="historic">&man.bridge.4; now has better support for multiple, - fully-independent bridging clusters, and is much more stable - in the presence of dynamic attachments and detatchments. Full - support for VLANs is also supported. &merged;</para> - - <para>A <literal>FAST_IPSEC</literal> kernel option now allows - the IPsec implementation to use the kernel &man.crypto.4; framework, - along with its support for hardware cryptographic - acceleration. - <note> - <para>The <literal>FAST_IPSEC</literal> and - <literal>IPSEC</literal> options are mutually - exclusive.</para> - </note> - - <note> - <para>The <literal>FAST_IPSEC</literal> option is, at the - moment, not compatible with IPv6 or the - <literal>INET6</literal> option.</para> - </note> - - </para> - - <para>A &man.gre.4; driver, which can encapsulate IP packets - using GRE (RFC 1701) or minimal IP encapsulation for Mobile IP - (RFC 2004), has been added. &merged;</para> - - <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP - RSTs generated due to packets sent to open and unopen ports - are now limited by separate counters. Each rate limiting - queue now has its own description.</para> - - <para role="historic">ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can - now RST TCP connections in the <literal>SYN_SENT</literal> - state if the correct sequence numbers are sent back, as - controlled by the - <varname>net.inet.tcp.icmp_may_rst</varname> sysctl. &merged;</para> - - <para>ICMP Source Quench messages are no longer generated for - forwarded packets. The old behavior can be re-enabled with - the <varname>net.inet.ip.sendsourcequench</varname> sysctl - variable.</para> - - <para>IP multicast now works on VLAN devices. Several other - bugs in the VLAN code have also been fixed.</para> - - <para role="historic">A bug in the IPsec processing for IPv4, which caused the - inbound SPD checks to be ignored, has been fixed. &merged;</para> - - <para role="historic">&man.ipfw.4; now filters correctly in the presence of ECN - bits in TCP segments. &merged;</para> - - <para>&man.ipfw.4; has been re-implemented (the new version is - commonly referred to as <quote>IPFW2</quote>). It now uses - variable-sized representation of rules in the kernel, similar - to &man.bpf.4; instructions. Most of the externally-visible - behavior (i.e. through &man.ipfw.8;) should be unchanged, - although &man.ipfw.8; now supports <literal>or</literal> - connectives between match fields. &merged;</para> - - <para role="historic">A new ng_eiface netgraph module has been added, which - appears as an Ethernet interface but delivers its Ethernet - frames to a Netgraph hook. &merged;</para> - - <para>A new &man.ng.device.4; netgraph node type has been added, - which creates a device entry in <filename>/dev</filename>, to - be used as the entry point to a networking graph.</para> - - <para role="historic">A new &man.ng.etf.4; netgraph node allows Ethernet type - packets to be filtered to different hooks depending on - ethertype. &merged;</para> - - <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph - nodes, for operating on &man.gif.4; devices, have been - added.</para> - - <para>The &man.ng.ip.input.4; netgraph node, for queueing IP - packets into the main IP input processing code, has been - added.</para> - - <para>A new &man.ng.l2tp.4; netgraph node type, which implements - the encapsulation layer of the L2TP protocol as described in - RFC 2661, has been added. &merged;</para> - - <para role="historic">The &man.ng.mppc.4; and &man.ng.bridge.4; node types have - been added to the &man.netgraph.4; subsystem. The - &man.ng.ether.4; node is now dynamically loadable. - Miscellaneous bug fixes and enhancements have also been - made. &merged;</para> - - <para role="historic">A new netgraph node type &man.ng.one2many.4; for - multiplexing and demultiplexing packets over multiple links - has been added. &merged;</para> - - <para>A new ng_split node type has been added for splitting a - bidirectional packet flow into two unidirectional flows.</para> - - <para role="historic">A new sysctl - <varname>net.inet.ip.check_interface</varname>, which is on by - default, causes IP to verify that an incoming packet arrives - on an interface that has an address matching the packet's - destination address. &merged;</para> - - <para role="historic">A new sysctl - <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has - been added to control the suppression of logging when ARP - replies arrive on the wrong interface. &merged;</para> - - <para role="historic">A new <literal>options RANDOM_IP_ID</literal> kernel - option causes the ID field of IP packets to be randomized. - This closes a minor information leak which allows a remote - observer to determine the rate at which the machine is - generating packets, since the default behavior is to increment - a counter for each packet sent. &merged;</para> - - <para arch="alpha">SLIP has been removed from the - <filename>mfsroot</filename> floppy image.</para> - - <para role="historic">TCP has received some bug fixes for its delayed ACK - behavior. &merged;</para> - - <para role="historic">TCP now supports the NewReno modification to the TCP Fast - Recovery algorithm. This behavior can be controlled via the - <varname>net.inet.tcp.newreno</varname> sysctl - variable. &merged;</para> - - <para role="historic">TCP now uses a more aggressive timeout for initial SYN - segments; this allows initial connection attempts to be - dropped much faster. &merged;</para> - - <para role="historic">The <literal>TCP_COMPAT_42</literal> kernel option has - been removed. &merged;</para> - - <para role="historic">The <literal>TCP_RESTRICT_RST</literal> kernel option has - been removed. Similar functionality can be achieved with the - <varname>net.inet.tcp.blackhole</varname> sysctl - variable. &merged;</para> - - <para role="historic">TCP now has RFC 1323 extensions enabled by default in - &man.rc.conf.5;. &merged;</para> - - <para role="historic">RFC 1323 and RFC 1644 TCP extensions are now disabled for - a connection in progress if no response has been received by - the third SYN segment sent. This behavior tries to work - around (very old) terminal servers with buggy VJ header - compression implementations. &merged;</para> - - <para role="historic">The TCP implementation no longer requires the allocation - of a TCP template structure for each connection; this should - reduce the buffer usage on large systems handling many - connections. &merged;</para> - - <para role="historic">TCP's default buffer sizes, controlled by the - <varname>net.inet.tcp.sendspace</varname> and - <varname>net.inet.tcp.recvspace</varname> sysctl variables, - have been increased to 32K and 64K respectively. Previously, - the default for both buffer sizes was 16K. To try to avoid - increasing congestion, the default value for - <varname>net.inet.tcp.local_slowstart_flightsize</varname> has - been changed from infinity to 4. &merged; - - <note> - <para>On busy hosts, the new larger buffer sizes may require - manually increasing the - <varname>NMBCLUSTERS</varname> parameter, either in the - kernel configuration file or via the - <varname>kern.ipc.nmbclusters</varname> loader tunable. - <command>netstat -mb</command> can be used to monitor the - state of mbuf clusters.</para> - </note> - </para> - - <para role="historic">TCP now supports RFC 1948 (Defending Against Sequence - Number Attacks). The - <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl - variable controls the reseeding of the secret data used in - the RFC 1948 initial sequence number calculations. &merged;</para> - - <para role="historic">The TCP implementation in &os; now implements a cache of - outstanding, received SYN segments. Incoming SYN segments now - cause entries to be placed in the cache until the TCP - three-way handshake is complete, at which point, memory is - allocated for the connection as usual. In addition, all TCP - Initial Sequence Numbers (ISNs) are used as cookies, allowing - entries in the cache to be dropped, but still have their - corresponding ACKs accepted later. The combination of the - so-called - <quote>syncache</quote> and <quote>syncookies</quote> features - makes a host much more resistant to TCP-based Denial of - Service attacks. Work on this feature was sponsored by DARPA - and NAI Labs. &merged;</para> - - <para role="historic">A bug in the TCP implementation, which could cause - connections to stall if a sender saw a zero-sized window, has - been corrected. &merged;</para> - - <para role="historic">The TCP implementation now properly ignores packets - addressed to IP-layer broadcast addresses. &merged;</para> - - <para>The ephemeral port range used for TCP and UDP has been - changed to 49152–65535 (the old default was - 1024–5000). This increases the number of concurrent - outgoing connections/streams.</para> - - <para>The &man.tcp.4; protocol's retransmission timer can now be - manipulated with two sysctl variables, - <varname>net.inet.tcp.rexmit_min</varname> and - <varname>net.inet.tcp.rexmit_slop</varname>. The default has - been reduced from one second to 200ms (similar to the Linux default) - in order to better handle hiccups over interactive connections and - improve recovery over lossy fast connections such as wireless links.</para> - - <para>The &man.tcp.4; protocol now has the ability to dynamically - limit the send-side window to maximize bandwidth and minimize - round trip times. The feature can be enabled via the - <varname>net.inet.tcp.inflight_enable</varname> - sysctl. &merged;</para> - + <para></para> </sect3> <sect3> <title>Disks and Storage</title> - <para arch="i386" role="historic">Support for the Adaptec FSA family of PCI-SCSI - RAID controllers has been added, in the form of the - &man.aac.4; driver. This driver includes proper handling of - commands initiated by the adapter, addition/removal of disk - devices, crashdump functionality, and &man.ioctl.2; commands - necessary for the management CLI, and is fully qualified and - sanctioned by Adaptec. &merged;</para> - - <para role="historic">The &man.ahc.4; driver has received numerous updates, - bugfixes, and enhancements. Among various improvements are - improved compatibility with chips in <quote>RAID Port</quote> - mode and systems with AAA and/or ARO cards installed, as well - as performance improvements. Some bugs were also fixed, - including a rare hang on Ultra2/U160 - controllers. &merged;</para> - - <para arch="i386">The &man.ahd.4; driver, which supports the Adaptec - AIC7901, AIC7901A, and AIC7902 Ultra320 PCI-X SCSI Controller chips, has been - added. &merged;</para> - - <para arch="i386" role="historic">The &man.asr.4; driver, which provides support - for the Adaptec SCSI RAID controller family, as well as the - DPT SmartRAID V and VI families, has been - added. &merged;</para> - - <para arch="i386" role="historic">The &man.asr.4; driver now supports the - Adaptec 2000S and 2005S Zero-Channel RAID - controllers. &merged;</para> - - <para role="historic">The &man.ata.4; driver now has support for ATA100 - controllers. In addition, it now supports the ServerWorks - ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 - chipsets, and the Cyrix 5530. &merged;</para> - - <para role="historic">To provide more flexible configuration, the various - options for the &man.ata.4; driver are now boot loader - tunables, rather than kernel configure-time - options. &merged;</para> - - <para role="historic">The &man.ata.4; driver now has support for tagged queuing, - which is enabled by the <varname>hw.ata.tags</varname> loader - tunable. &merged;</para> - - <para role="historic">The &man.ata.4; driver now has support for ATA - <quote>pseudo</quote> RAID controllers as the Promise Fasttrak - and HighPoint HPT370 controllers. &merged;</para> - - <para role="historic">The &man.ata.4; driver now supports a wider variety of SiS - chipsets, as listed in the Hardware Notes. &merged;</para> - - <para role="historic">The &man.ata.4; driver now has support for creating, - deleting, querying, and rebuilding ATA RAIDs under control of - &man.atacontrol.8;. &merged;</para> - - <para role="historic">The BurnProof(TM) feature, for applicable ATAPI CD-ROM - burners, is now supported. &merged;</para> - - <para role="historic">The &man.ata.4; driver now has support for 48-bit - addressing. Devices larger than 137GB are now - supported. &merged;</para> - - <para role="historic">The &man.ata.4; driver now contains fixes for some data - corruption problems on systems using the VIA 82C686B - Southbridge chip. &merged;</para> - - <para>The &man.ata.4; driver (along with &man.burncd.8;) now - supports writing to media in DVD+RW drives.</para> - - <para>The &man.ata.4; driver now supports accessing ATA devices - as SCSI devices via the CAM layer and drivers (&man.cd.4;, - &man.da.4;, &man.st.4;, and &man.pass.4;). This feature requires - <literal>device atapicam</literal> in the kernel - configuration. More information can be found in - &man.atapicam.4;. &merged;</para> - - <para>The &man.ata.4; driver now has support for the Sil 0680 - and VIA 8233/8235 controllers. &merged;</para> - - <para>The &man.ata.4; driver now has support for the Acard - ATP850, ATP860, and ATP865 controllers.</para> - - <para arch="pc98">The &man.ata.4; driver is now supported on the - pc98 platform.</para> - - <para role="historic">The &man.cd.4; driver now has support for write - operations. This allows writing to DVD-RAM, PD and similar - drives that probe as CD devices. Note that change affects - only random-access writeable devices, not sequential-only - writeable devices such as CD-R drives, which are supported by - &man.cdrecord.1; (a part of - <filename role="package">sysutils/cdrtools</filename> in the - Ports Collection. &merged;</para> - - <para>The &man.cd.4; driver now supports the same - <literal>CDRIOCREADSPEED</literal> and - <literal>CDRIOCWRITESPEED</literal> ioctls that the - &man.acd.4; driver uses for setting the speed of CDROM - access.</para> - - <para>The &man.targ.4; driver has been rewritten and a new - usermode has been added to <filename>/usr/share/examples/scsi_target</filename> that - emulates a direct access device.</para> - - <para arch="i386" role="historic">The &man.ciss.4; driver, for devices utilizing the - Common Interface for SCSI-3 Support, has been added. This - driver supports the Compaq SmartRAID 5* family of RAID - controllers (5300, 532, 5i). &merged;</para> - - <para>The &man.fdc.4; floppy disk driver has undergone a number of - enhancements. Density selection for common settings is now - automatic; the driver is also much more flexible in setting - the densities of various subdevices.</para> - - <para>The &man.geom.4; disk I/O request transformation framework - has been added; this extensible framework is designed to - support a wide variety of operations on I/O requests on their - way from the upper kernel to the device drivers. - - <note> - <para>GEOM-enabled kernels no longer support - <quote>compatability slices</quote>. This feature - (supported on the i386 and pc98 only) allowed a user to - refer to a disk partition without specifying an MBR slice - (e.g. <filename>/dev/ad0a</filename>); the kernel would - automatically find the first applicable &os; slice and use - it. On GEOM-enabled kernels (the default), only the full partition names - (e.g. <filename>/dev/ad0s1a</filename>) are allowed when - referring to partitions within MBR slices. This - change should affect very few users.</para> - </note> - - </para> - - <para>A GEOM Based Disk Encryption module has been added. It - provides denial of access to <quote>cold disks</quote>, with - four different cryptographic barriers and up to four - changeable pass-phrases. Much more information can be found - in the &man.gbde.4; manual page. The &man.gbde.8; userland - utility provides an operation and management interface to this - module. This feature is not enabled by default; it requires - <literal>options GEOM_BDE</literal> to be added to a kernel - configuration file. - - <note> - <para>This feature should be considered experimental.</para> - </note> - - </para> - - <para role="historic">The &man.ida.4; disk driver now has crashdump - support. &merged;</para> - - <para arch="i386" role="historic">The &man.iir.4; driver has been added to support the - Intel Integrated RAID controllers, as well as prior ICP Vortex - controllers.</para> - - <para arch="alpha" role="historic">A bug that made certain CDROM drives fail to - attach when connected to a SCSI card driven by &man.isp.4; has - been fixed. &merged;</para> - - <para>The &man.isp.4; driver is now proactive about discovering - Fibre Channel topology changes.</para> - - <para>The &man.isp.4; driver now supports target mode for Qlogic - SCSI cards, including Ultra2 and Ultra3 and dual bus - cards.</para> - - <para role="historic">The &man.isp.4; driver now supports the Qlogic 2300 and - 2312 Optical Fibre Channel PCI cards. &merged;</para> - - <para arch="i386,pc98">The &man.matcd.4; driver has been removed - after falling into a state of disrepair in the source tree and - because of concerns over its licensing terms. These issues - are currently being addressed and this driver may reappear in - future versions of &os;. &merged;</para> - - <para>&man.md.4;, the memory disk device, has had the - functionality of &man.vn.4; incorporated into it. &man.md.4; - devices can now be configured by &man.mdconfig.8;. &man.vn.4; - has been removed. The Memory Filesystem (MFS) has also been - removed.</para> - - <para arch="i386,alpha,pc98,sparc64">The mpt driver, for - supporting the LSI Logic Fusion/MP architecture Fiber Channel - controllers, has been added. &merged;</para> - - <para arch="i386" role="historic">The &man.mly.4; driver, for Mylex PCI to SCSI - AccelRAID and eXtremeRAID controllers with firmware 6.X and - later, has been added. &merged;</para> - - <para arch="i386,pc98" role="historic">The ncv, nsp, and stg drivers have been ported - from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja - SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers. - All three drivers can be built and loaded as - modules. &merged;</para> - - <para arch="powerpc">The ofw driver, a basic OpenFirmware disk - driver, has been added.</para> - - <para arch="i386">The &man.pst.4; driver, for supporting Promise - SuperTrak ATA RAID controllers, has been - added. &merged;</para> - - <para>The RAIDframe disk driver has been imported from NetBSD. - This driver provides software-based RAID 0, 1, 4, and 5 - capabilities, as well as other functionality. More - information can be found in the &man.raid.4; driver manual - page. The &man.raidctl.8; utility is used to configure and - unconfigure disk arrays. This feature is not enabled by - default, and requires <literal>device raidframe</literal> to - be configured into a kernel. - - <note> - <para>This feature should be considered experimental.</para> - </note> - - </para> - - <para>Some problems in &man.sa.4; error handling have been - fixed, including the <quote>tape drive spinning indefinitely - upon &man.mt.1; <option>stat</option></quote> problem.</para> - - <para>The <varname>SCSI_DELAY</varname> configuration parameter - can now be set at boot time and runtime via the - <varname>kern.cam.scsi_delay</varname> tunable/sysctl.</para> - - <para>The &man.trm.4; driver has been added to support SCSI adapters - using the Tekram TRM-S1040 SCSI chipset. &merged;</para> - - <para arch="i386" role="historic">The &man.twe.4; 3ware ATA RAID driver has - added. &merged;</para> - - <para role="historic">The &man.wd.4; compatibility devices were removed from the - &man.ata.4; driver. &merged;</para> + <para></para> </sect3> <sect3> <title>Filesystems</title> - <para>Support for named extended attributes has been added to the - &os; kernel. This allows the kernel, and appropriately - privileged userland processes, to tag files and directories - with attribute data. Extended attributes were added to - support the TrustedBSD Project, in particular ACLs, capability - data, and mandatory access control labels (see - <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for - details).</para> - - <para role="historic">Due to a licensing change, Soft Updates have been - integrated into the main portion of the kernel source tree. - As a consequence, Soft Updates are now available with the - <filename>GENERIC</filename> kernel. &merged;</para> - - <para>A filesystem snapshot capability has been added to FFS. - Details can be found in - <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> - - <para>When running with Soft Updates, &man.statfs.2; and - &man.df.1; will track the number of blocks and files that are - committed to being freed.</para> - - <para role="historic">A bug in FFS that could cause superblock corruption on - very large filesystems has been corrected. &merged;</para> - - <para role="historic">The ISO-9660 filesystem now has a hook that supports a - loadable character conversion routine. The - <filename role="package">sysutils/cd9660_unicode</filename> - port contains a set of common conversions. &merged;</para> - - <para>&man.kernfs.5; is obsolete and has been retired.</para> - - <para role="historic">A bug in the NFS client that caused bogus access times with - <literal>O_EXCL|O_CREAT</literal> opens was - fixed. &merged;</para> - - <para role="historic">A new NFS hash function (based on the Fowler/Noll/Vo hash - algorithm) has been implemented to improve NFS performance by - increasing the efficiency of the <varname>nfsnode</varname> - hash tables. &merged;</para> - - <para>Client-side NFS locks have been implemented.</para> - - <para>The client-side and server-side of the NFS code in the - kernel used to be intertwined in various complex ways. They - have been split apart for ease of maintenance and further - development.</para> - - <para>Support for filesystem Access Control Lists (ACLs) has - been introduced, allowing more fine-grained control of - discretionary access control on files and directories. This - support was integrated from the TrustedBSD Project. More - details can be found in - <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para> - - <para role="historic">The directory layout preference algorithm for FFS - (<literal>dirprefs</literal>) has been changed. Rather than - scattering directory blocks across a disk, it attempts to - group related directory blocks together. Operations - traversing large directory hierarchies, such as the &os; Ports - tree, have shown marked speedups. This change is transparent - and automatic for new directories. &merged;</para> - - <para arch="i386,pc98" role="historic">smbfs (CIFS) support in kernel has been added. - The userland programs &man.smbutil.1; and &man.mount.smbfs.8; - can be used to work with SMB shares. Note that - &man.mount.smbfs.8; will automatically load the - <filename>smbfs.ko</filename> module into the kernel, even if - <literal>LIBMCHAIN</literal> and - <literal>LIBICONV</literal> were not compiled into the kernel. - &merged;</para> - - <para>For consistency, the fdesc, fifo, null, msdos, portal, - umap, and union filesystems have been renamed to fdescfs, - fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where - applicable, modules and mount_* programs have been renamed. - Compatibility <quote>glue</quote> has been added to - &man.mount.8; so that <literal>msdos</literal> filesystem - entries in &man.fstab.5; will work without changes.</para> - - <para>pseudofs, a pseudo-filesystem framework, has been added. - &man.linprocfs.5; and &man.procfs.5; have been modified to use - pseudofs.</para> - - <para role="historic">A simple hash-based lookup optimization for large - directories called <literal>dirhash</literal> has been added. - Conditional on the - <literal>UFS_DIRHASH</literal> kernel option (enabled by - default in the <filename>GENERIC</filename> kernel), it - improves the speed of operations on very large directories at - the expense of some memory. &merged;</para> - - <para role="historic">The virtual memory subsystem now backs UFS directory - memory requirements by default (this behavior is controlled - via the <varname>vfs.vmiodirenable</varname> sysctl - variable). &merged;</para> - - <para role="historic">A bug that prevented the root filesystem from being - mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were - always supported). &merged;</para> - - <para role="historic">A number of bugs in the filesystem code, discovered - through the use of the <application>fsx</application> - filesystem test tool, have been fixed. Under certain - circumstances (primarily related to use of NFS), these bugs - could cause data corruption or kernel panics. &merged;</para> - - <para>Network filesystems (such as NFS and smbfs filesystems) - listed in <filename>/etc/fstab</filename> can now be properly - mounted during startup initialization; their mounts are - deferred until after the network is initialized.</para> - - <para>Read-only support for the Universal Disk Format (UDF) has - been added. This format is used on packet-written CD-RWs and - most commercial DVD-Video disks. The &man.mount.udf.8; - command can be used to mount these disks.</para> - - <para>Basic support has been added for the UFS2 filesystem. - Among the new features of UFS2: - - <itemizedlist> - <listitem> - <para>The inode has been expanded to 256 bytes to make - space for 64-bit block pointers.</para> - </listitem> - - <listitem> - <para>A file-creation time field has been added.</para> - </listitem> - - <listitem> - <para>A native extended attributes implementation has been - added, permitting total attribute size stored on an inode - to be up to twice the filesystem block size. This storage - is used for Access Control Lists and MAC labels, but may - also be used by other system extensions and user - applications.</para> - </listitem> - </itemizedlist> - - UFS1 remains the default on-disk format, although UFS2 can be - selected as an option in &man.newfs.8; or via the partitioning - screen in &man.sysinstall.8;. 64-bit platforms can boot from - UFS2 root filesystems.</para> - - <para>To support new features mentioned in this section, minor - changes have been made to the format of the UFS1 superblock. - These changes may create some compatability problems when a - system older than &os; 4.7-RELEASE attempts to &man.mount.8; - or &man.fsck.8; a local UFS1 filesystem created by &os; - &release.current; or later. &os; 4.7-RELEASE and later are - fully compatible. This situation typically arises on a - dual-boot machine with multiple versions of &os; - installed.</para> - + <para></para> </sect3> <sect3> <title>PCCARD Support</title> - <para arch="i386,pc98" role="historic">The pccard driver and &man.pccardc.8; now - support multiple <quote>beep types</quote> upon card insertion - and removal. &merged;</para> - - <para role="historic">On many modern hosts, PCCARD devices can be configured to - route their interrupts via either the ISA or PCI interrupt - paths. The &man.pcic.4; driver has been updated to support - both interrupt paths (formerly, only routing via ISA was - supported). &merged; In most cases, configuration of PCMCIA - devices in laptops is simpler and more flexible. In addition, - various Cardbus bridge PCI cards (such as those used by - Orinoco PCI NICs) are now supported. Some hosts may - experience problems, such as hangs or panics, with PCI - interrupt routing; they can frequently be made to work by - forcing the older-style ISA interrupt routing. The following - lines, placed in <filename>/boot/loader.conf</filename>, may - fix the problem:</para> - - <programlisting role="historic">hw.pcic.intr_path="1" - hw.pcic.irq="0"</programlisting> - - <para role="historic">When installing &os; on such a system, typing the - following lines to the boot loader may be helpful in starting - up &os; for the first time:<para> - - <screen role="historic"><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput> -<prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen> - - <para arch="i386">Preliminary CardBus support with NEWCARD has - been added. This code supports both 32-bit and 16-bit cards. - All CardBus bridges are supported, as well as the TI-1030 - PCMCIA-PCI bridge. Other PCMCIA-PCI bridges and ISA bridges - aren't supported yet.</para> - - <para arch="i386">NEWCARD is now the default PCCARD/CardBus - system in the <filename>GENERIC</filename> kernel.</para> - + <para></para> </sect3> <sect3> <title>Multimedia Support</title> - <para arch="i386" role="historic">The &man.pcm.4; driver now supports the ESS - Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media - fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound - card/chipsets, and has received some other updates. Separate - drivers for the SoundBlaster 8 and SoundBlaster 16 now replace - an older, unified driver. A driver for the CMedia - CMI8338/CMI8738 sound chips has been added. A driver for the - CS4281 sound chip has been added. A driver for the S3 - SonicVibes chipset has been added. &merged;</para> - - <para arch="i386" role="historic">A driver for the Avance Logic ALS4000 has been - added. &merged;</para> - - <para arch="i386" role="historic">A driver for the ESS Maestro-3/Allegro has - been added, however due to licensing restrictions, it cannot - be compiled into the kernel. &merged; To use this driver, add - the following line to - <filename>/boot/loader.conf</filename>:</para> - - <programlisting role="historic">snd_maestro3_load="YES"</programlisting> - - <para arch="i386">The VT8233 audio controller now has its own - driver to facilitate supporting all known revisions of the - hardware. It is loadable at boot time by adding - <literal>device pcm</literal> to the kernel configuration or - by adding <literal>snd_via8233="YES"</literal> to - <filename>/boot/loader.conf</filename>. Documentation to - support this work was provided by VIA. &merged;</para> - - <para role="historic">The &man.bktr.4; driver has been updated to 2.18. This - update provides a number of new features. New tuner types - have been added, and improvements to the KLD module and to - memory allocation have been made. Bugs in &man.devfs.5; when - unloading and reloading have been fixed. Support for new - Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux) - has been added. &merged;</para> - - <para arch="i386,pc98" role="historic">The ufm driver, supporting the D-Link DSB-R100 - USB Radio, has been added. &merged;</para> - - <para role="historic">When sound modules are built, one can now load all the - drivers and infrastructure by <command>kldload - snd</command>. &merged;</para> - - <para>A new API has been added for sound cards with hardware - volume control.</para> - - <para arch="i386" role="historic">A driver for the Intel 443MX, 810, 815, and - 815E integrated sound devices has been added. &merged;</para> - - <para arch="i386" role="historic">The via82c686 sound driver now supports the VIA - VT8233. &merged;</para> - - <para arch="i386" role="historic">The ich sound driver now support the SiS - 7012 chipset. &merged;</para> - - <para arch="i386">The ich sound driver now provides rudimentary - support for ich4 audio support. &merged;</para> - - <para arch="i386">Drivers have been added to support the Direct - Rendering Infrastructure, which can used to provide 3D - acceleration within <application>XFree86</application>. Video - cards supported include the 3Dlabs Oxygen GMX 2000 (gammadrm), - AGP Matrox G200/G400/G450/G550 (mgadrm), 3dfx Voodoo - 3/4/5/Banshee (tdfxdrm), AGI ATI Rage 128 (r128drm), and AGP - ATI Radeon (radeondrm).</para> - + <para></para> </sect3> <sect3> <title>Contributed Software</title> - <para>The Forth Inspired Command Language - (<application>FICL</application>) used in the boot loader has - been updated to 3.02.</para> - - <para>Support for Advanced Configuration and Power Interface - (ACPI), a multi-vendor standard for configuration and power - management, has been added. This functionality has been - provided by the <application>Intel ACPI Component - Architecture</application> project, as of the ACPI CA 20021118 - snapshot. Some backward compatability for applications using - the older APM standard has been provided.</para> - - <sect4> - <title>IPFilter</title> - - <para><application>IPFilter</application> has been updated to - 3.4.29. &merged;</para> - - <para role="historic"><application>IPFilter</application> now supports - IPv6. &merged;</para> - - </sect4> - - <sect4 arch="i386"> - <title>isdn4bsd</title> - - <para><application>isdn4bsd</application> has been updated to - version 1.0.2.</para> - - <para role="historic">The &man.ifpi.4; driver for supporting the AVM - Fritz!Card PCI controller has been added. &merged;</para> - - <para role="historic">The &man.ifpi2.4; driver for supporting the AVM - Fritz!Card PCI version 2 controller has been added. &merged;</para> - - <para role="historic">The &man.ihfc.4; driver for supporting Cologne Chip - Designs HFC devices under - <application>isdn4bsd</application> has been - added. &merged;</para> - - <para role="historic">The &man.itjc.4; driver for supporting NETjet-S / Teles - PCI-TJ devices under <application>isdn4bsd</application> has - been added. &merged;</para> - - <para role="historic">Experimental support for the Eicon.Diehl DIVA 2.0 and - 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; - <application>isdn4bsd</application> driver. &merged;</para> - - <para role="historic">The &man.isic.4; driver now supports the Compaq Microcom - 610 ISDN ISA PnP card. &merged;</para> - - <para role="historic">Active CAPI-based ISDN cards manufactured by AVM are now - supported using the &man.i4bcapi.4; and the &man.iavc.4; - driver. The supported cards are the AVM B1 PCI and AVM B1 - ISA Basic Rate cards and the AVM T1 Primary Rate - cards. &merged;</para> - - <para role="historic">A new <literal>maxconnecttime</literal> keyword is now - accepted in &man.isdnd.rc.5; files to limit the time a - connection may remain open. &merged;</para> - - <para role="historic">&man.isdnphone.8; now supports a <option>-k</option> - option for sending messages via the keypad facility to a PBX - or exchange office. &merged;</para> - - <para><application>isdn4bsd</application> now supports Q.931 - subaddressing.</para> - - </sect4> - - <sect4 id="kame-kernel"> - <title>KAME</title> - - <para role="historic">The IPv6 stack is now based on a snapshot based on the - KAME Project's IPv6 snapshot as of 28 May, 2001. Most of - the items listed in this section are a result of this - import. <xref linkend="kame-userland"> lists userland - updates to the KAME IPv6 stack. &merged;</para> - - <para role="historic">&man.gif.4; is now based on RFC 2893, rather than RFC - 1933. The <literal>IFF_LINK2</literal> interface flag can - be used to control ingress filtering. &merged;</para> - - <para role="historic"><application>IPsec</application> has received some - enhancements, including the ability to use the Rijndael and - SHA2 algorithms. IPsec RC5 support has been removed due to - patent issues. &merged;</para> - - <para role="historic">&man.stf.4; now conforms to RFC 3056; the - <literal>IFF_LINK2</literal> interface flag can be used to - control ingress filtering. &merged;</para> - - <para role="historic">IPv6 has better checking of illegal addresses (such as - loopback addresses) on physical networks. &merged;</para> - - <para role="historic">The <varname>IPV6_V6ONLY</varname> socket option is now - completely supported. The kernel's default behavior with - respect to this option is controlled by the - <varname>net.inet6.ip6.v6only</varname> sysctl - variable. &merged;</para> - - <para role="historic">RFC 3041 (Privacy Extensions for Stateless Address - Autoconfiguration) is now supported. It can be enabled via - the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl - variable. &merged;</para> - </sect4> + <para></para> </sect3> </sect2> <sect2 id="security"> - <title>Security-Related Changes</title> - - <para role="historic">&man.sysinstall.8; now allows the user to select one of two - <quote>security profiles</quote> at install-time. These - profiles enable different levels of system security by enabling - or disabling various system services in &man.rc.conf.5; on new - installs. &merged;</para> - - <para role="historic">A bug in which malformed ELF executable images can hang the - system has been fixed (see security advisory - FreeBSD-SA-00:41). &merged;</para> - - <para role="historic">A security hole in Linux emulation was fixed (see security - advisory FreeBSD-SA-00:42). &merged;</para> - - <para role="historic">String-handling library calls in many programs were fixed to - reduce the possibility of buffer overflow-related exploits. - &merged;</para> - - <para role="historic">TCP now uses stronger randomness in choosing its initial - sequence numbers (see security advisory - FreeBSD-SA-00:52). &merged;</para> - - <para role="historic">Several buffer overflows in &man.tcpdump.1; were corrected - (see security advisory FreeBSD-SA-00:61). &merged;</para> - - <para role="historic">A security hole in &man.top.1; was corrected (see security - advisory FreeBSD-SA-00:62). &merged;</para> - - <para role="historic">A potential security hole caused by an off-by-one-error in - &man.gethostbyname.3; has been fixed (see security advisory - FreeBSD-SA-00:63). &merged;</para> - - <para role="historic">A potential buffer overflow in the &man.ncurses.3; library, - which could cause arbitrary code to be run from within - &man.systat.1;, has been corrected (see security advisory - FreeBSD-SA-00:68). &merged;</para> - - <para role="historic">A vulnerability in &man.telnetd.8; that could cause it to - consume large amounts of server resources has been fixed (see - security advisory FreeBSD-SA-00:69). &merged;</para> - - <para role="historic">The <literal>nat deny_incoming</literal> command in - &man.ppp.8; now works correctly (see security advisory - FreeBSD-SA-00:70). &merged;</para> - - <para role="historic">A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files - that could allow overwriting of arbitrary user-writable files - has been closed (see security advisory - FreeBSD-SA-00:76). &merged;</para> - - <para role="historic">The &man.ssh.1; binary is no longer SUID root by - default. &merged;</para> - - <para role="historic">Some fixes were applied to the Kerberos IV implementation - related to environment variables, a possible buffer overrun, and - overwriting ticket files. &merged;</para> - - <para role="historic">&man.telnet.1; now does a better job of sanitizing its - environment. &merged;</para> - - <para role="historic">Several vulnerabilities in &man.procfs.5; were fixed (see - security advisory FreeBSD-SA-00:77). &merged;</para> - - <para role="historic">A bug in <application>OpenSSH</application> in which a - server was unable to disable &man.ssh-agent.1; or - <literal>X11Forwarding</literal> was fixed (see security - advisory FreeBSD-SA-01:01). &merged;</para> - - <para role="historic">A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP - segments could incorrectly be treated as being part of an - <literal>established</literal> connection has been fixed (see - security advisory FreeBSD-SA-01:08). &merged;</para> - - <para role="historic">A bug in &man.crontab.1; that could allow users to read any - file on the system in valid &man.crontab.5; syntax has been - fixed (see security advisory FreeBSD-SA-01:09). &merged;</para> - - <para role="historic">A vulnerability in &man.inetd.8; that could allow - read-access to the initial 16 bytes of - <groupname>wheel</groupname>-accessible files has been fixed - (see security advisory FreeBSD-SA-01:11). &merged;</para> - - <para role="historic">A bug in &man.periodic.8; that used insecure temporary files - has been corrected (see security advisory - FreeBSD-SA-01:12). &merged;</para> - - <para role="historic"><application>OpenSSH</application> now has code to prevent - (instead of just mitigating through connection limits) an attack - that can lead to guessing the server key (not host key) by - regenerating the server key when an RSA failure is detected (see - security advisory FreeBSD-SA-01:24). &merged;</para> - - <para role="historic">A number of programs have had output formatting strings - corrected so as to reduce the risk of - vulnerabilities. &merged;</para> - - <para role="historic">A number of programs that use temporary files now do so more - securely. &merged;</para> - - <para role="historic">A bug in ICMP that could cause an attacker to disrupt TCP and UDP - <quote>sessions</quote> has been corrected. &merged;</para> - - <para role="historic">A bug in &man.timed.8;, which caused it to crash if send - certain malformed packets, has been corrected (see security - advisory FreeBSD-SA-01:28). &merged;</para> - - <para role="historic">A bug in &man.rwhod.8;, which caused it to crash if send - certain malformed packets, has been corrected (see security - advisory FreeBSD-SA-01:29). &merged;</para> - - <para role="historic">A security hole in &os;'s FFS and EXT2FS implementations, - which allowed a race condition that could cause users to have - unauthorized access to data, has been fixed (see security - advisory FreeBSD-SA-01:30). &merged;</para> - - <para role="historic">A remotely-exploitable vulnerability in &man.ntpd.8; has - been closed (see security advisory - FreeBSD-SA-01:31). &merged;</para> - - <para role="historic">A security hole in <application>IPFilter</application>'s - fragment cache has been closed (see security advisory - FreeBSD-SA-01:32). &merged;</para> - - <para role="historic">Buffer overflows in &man.glob.3;, which could cause - arbitrary code to be run on an FTP server, have been closed. In - addition, to prevent some forms of DOS attacks, &man.glob.3; - allows specification of a limit on the number of pathname - matches it will return. &man.ftpd.8; now uses this feature (see - security advisory FreeBSD-SA-01:33). &merged;</para> - - <para role="historic">Initial sequence numbers in TCP are more thoroughly - randomized (see security advisory FreeBSD-SA-01:39). Due to - some possible compatibility issues, the behavior of this - security fix can be enabled or disabled via the - <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl - variable.&merged;</para> - - <para role="historic">A vulnerability in the &man.fts.3; routines (used by - applications for recursively traversing a filesystem) could - allow a program to operate on files outside the intended - directory hierarchy. This bug has been fixed (see security - advisory FreeBSD-SA-01:40). &merged;</para> - - <para role="historic"><application>OpenSSH</application> now switches to the - user's UID before attempting to unlink the authentication - forwarding file, nullifying the effects of a race.</para> - - <para role="historic">A flaw allowed some signal handlers to remain in effect in a - child process after being exec-ed from its parent. This allowed - an attacker to execute arbitrary code in the context of a setuid - binary. This flaw has been corrected (see security advisory - FreeBSD-SA-01:42). &merged;</para> - - <para role="historic">A remote buffer overflow in &man.tcpdump.1; has been fixed - (see security advisory FreeBSD-SA-01:48). &merged;</para> - - <para role="historic">A remote buffer overflow in &man.telnetd.8; has been fixed - (see security advisory FreeBSD-SA-01:49). &merged;</para> - - <para role="historic">The new <varname>net.inet.ip.maxfragpackets</varname> and - <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables - limit the amount of memory that can be consumed by IPv4 and IPv6 - packet fragments, which defends against some denial of service - attacks (see security advisory - FreeBSD-SA-01:52). &merged;</para> - - <para role="historic">All services in <filename>inetd.conf</filename> are now - disabled by default for new installations. &man.sysinstall.8; - gives the option of enabling or disabling &man.inetd.8; on new - installations, as well as editing - <filename>inetd.conf</filename>. &merged;</para> - - <para role="historic">A flaw in the implementation of the &man.ipfw.8; - <literal>me</literal> rules on point-to-point links has been - corrected. Formerly, <literal>me</literal> filter rules would - match the remote IP address of a point-to-point interface in - addition to the intended local IP address (see security advisory - FreeBSD-SA-01:53). &merged;</para> - - <para role="historic">A vulnerability in &man.procfs.5;, which could allow a - process to read sensitive information from another process's - memory space, has been closed (see security advisory - FreeBSD-SA-01:55). &merged;</para> - - <para role="historic">The <literal>PARANOID</literal> hostname checking in - <application>tcp_wrappers</application> now works as advertised - (see security advisory FreeBSD-SA-01:56). &merged;</para> - - <para role="historic">A local root exploit in &man.sendmail.8; has been closed - (see security advisory FreeBSD-SA-01:57). &merged;</para> - - <para role="historic">A remote root vulnerability in &man.lpd.8; has been closed - (see security advisory FreeBSD-SA-01:58). &merged;</para> - - <para role="historic">A race condition in &man.rmuser.8; that briefly exposed a - world-readable <filename>/etc/master.passwd</filename> has been - fixed (see security advisory FreeBSD-SA-01:59). &merged;</para> - - <para role="historic">A vulnerability in <application>UUCP</application> has been - closed (see security advisory FreeBSD-SA-01:62). All - non-<username>root</username>-owned binaries in standard system - paths now have the <literal>schg</literal> flag set to prevent - exploit vectors when run by &man.cron.8;, by - <username>root</username>, or by a user other then the one owning - the binary. In addition, &man.uustat.1; is now run via - <filename>/etc/periodic/daily/410.status-uucp</filename> as - <username>uucp</username>, not <username>root</username>. In - &os; -CURRENT, <application>UUCP</application> has since been - moved to the Ports Collection and no longer a part of the base - system. &merged;</para> - - <para role="historic">A security hole in the form of a buffer overflow in the - &man.semop.2; system call has been closed. &merged;</para> - - <para role="historic">A security hole in <application>OpenSSH</application>, which - could allow users to execute code with arbitrary privileges if - <literal>UseLogin yes</literal> was set, has been closed. Note - that the default value of this setting is - <literal>UseLogin no</literal>. (See security advisory - FreeBSD-SA-01:63.) &merged;</para> - - <para role="historic">The use of an insecure temporary directory by - &man.pkg.add.1; could permit a local attacker to modify the - contents of binary packages while they were being installed. - This hole has been closed. (See security advisory - FreeBSD-SA-02:01.) &merged;</para> - - <para role="historic">A race condition in &man.pw.8;, which could expose the - contents of <filename>/etc/master.passwd</filename>, has been - eliminated. (See security advisory FreeBSD-SA-02:02.) - &merged;</para> - - <para role="historic">A bug in &man.k5su.8; could have allowed a process that had - given up superuser privileges to regain them. This bug has been - fixed. (See security advisory FreeBSD-SA-02:07.) - &merged;</para> - - <para role="historic">An <quote>off-by-one</quote> bug has been fixed in - <application>OpenSSH</application>'s multiplexing code. This bug - could have allowed an authenticated remote user to cause - &man.sshd.8; to execute arbitrary code with superuser - privileges, or allowed a malicious SSH server to execute arbitrary - code on the client system with the privileges of the client user. (See security - advisory FreeBSD-SA-02:13.) - &merged;</para> - - <para role="historic">A programming error in <application>zlib</application> could - result in attempts to free memory multiple times. The - &man.malloc.3;/&man.free.3; routines used in &os; are not - vulnerable to this error, but applications receiving - specially-crafted blocks of invalid compressed data could - be made to function incorrectly or abort. This - <application>zlib</application> bug has been fixed. For a - workaround and solutions, see security advisory FreeBSD-SA-02:18. - &merged;</para> - - <para role="historic">Bugs in the TCP SYN cache (<quote>syncache</quote>) and SYN - cookie (<quote>syncookie</quote>) implementations, which could - cause legitimate TCP/IP traffic to crash a machine, have been - fixed. For a workaround and patches, see security advisory - FreeBSD-SA-02:20. - &merged;</para> - - <para role="historic">A routing table memory leak, which could allow a remote - attacker to exhaust the memory of a target machine, has been - fixed. A workaround and patches can be found in security - advisory FreeBSD-SA-02:21. - &merged;</para> - - <para role="historic">A bug with memory-mapped I/O, which could cause a system - crash, has been fixed. For more information about a solution, - see security advisory - FreeBSD-SA-02:22. - &merged;</para> - - <para role="historic">A security hole, in which SUID programs could be made to - read from or write to inappropriate files through manipulation - of their standard I/O file descriptors, has been fixed. - Information regarding a solution can be found in security - advisory - FreeBSD-SA-02:23. - &merged;</para> - - <para role="historic">Some unexpected behavior could be allowed with &man.k5su.8; - because it does not require that an invoking user be a member of - the <groupname>wheel</groupname> group when attempting to become - the superuser (this is the case with &man.su.1;). To avoid this - situation, &man.k5su.8; is now installed non-SUID by default - (effectively disabling it). More information can be found in - security advisory - FreeBSD-SA-02:24. - &merged;</para> - - <para role="historic">Multiple vulnerabilities were found in the &man.bzip2.1; - utility, which could allow files to be overwritten without - warning or allow local users unintended access to files. These - problems have been corrected with a new import of - <application>bzip2</application>. For more information, see - security advisory - FreeBSD-SA-02:25. - &merged;</para> - - <para role="historic">A bug has been fixed in the implementation of the TCP SYN - cache (<quote>syncache</quote>), which could allow a remote - attacker to deny access to a service when accept filters - (see &man.accept.filter.9;) were in use. This bug has been - fixed; for more information, see security advisory - FreeBSD-SA-02:26. - &merged;</para> - - <para role="historic">Due to a bug in &man.rc.8;'s use of shell globbing, users - may be able to remove the contents of arbitrary files if - <filename>/tmp/.X11-unix</filename> does not exist and the - system can be made to reboot. This bug has been corrected (see - security advisory - FreeBSD-SA-02:27. - &merged;</para> - - <para>A buffer overflow in the resolver, which could be exploited - by a malicious domain name server or an attacker forging DNS - messages, has been fixed. See security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:28.resolv.asc">FreeBSD-SA-02:28</ulink> - for more details. &merged;</para> - - <para>A buffer overflow in &man.tcpdump.1;, which could be triggered by - badly-formed NFS packets, has been fixed. See security advisory - <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:29.tcpdump.asc">FreeBSD-SA-02:29</ulink> - for more details. &merged;</para> - - <para>&man.ktrace.1; can no longer trace the operation of formerly - privileged processes; this prevents the leakage of sensitive - information that the process could have obtained before - abandoning its privileges. For a discussion of this issue, see - security advisory - <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:30.ktrace.asc">FreeBSD-SA-02:30</ulink> - for more details. &merged;</para> - - <para>A race condition in &man.pppd.8;, which could be used to - change the permissions of an arbitrary file, has been corrected. - For more information, see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:32.pppd.asc">FreeBSD-SA-02:32</ulink>. - &merged;</para> - - <para>Multiple buffer overflows in - <application>OpenSSL</application> have been corrected, by way - of an upgrade to the base system version of - <application>OpenSSL</application>. More details can be found - in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc">FreeBSD-SA-02:33</ulink>. - &merged;</para> - - <para>A heap buffer overflow in the XDR decoder has been fixed. - For more details, see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:34.rpc.asc">FreeBSD-SA-02:34</ulink>. - &merged;</para> - - <para>A bug that could allow local users to read and write - arbitrary blocks on an FFS filesystem has been corrected. More - details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:35.ffs.asc">FreeBSD-SA-02:35</ulink>. - &merged;</para> - - <para>A bug in the NFS server code, which could allow a remote - denial of service attack, has been fixed. Security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:36.nfs.asc">FreeBSD-SA-02:36</ulink> - has more details. &merged;</para> - - <para>A bug that could allow local users to panic a system using - the &man.kqueue.2; mechanism has been fixed. More information - is contained in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:37.kqueue.asc">FreeBSD-SA-02:37</ulink>. - &merged;</para> - - <para>Several bounds-checking bugs in system calls, which could - result in some system calls returning a large portion of kernel - memory, have been fixed. More information can be found in - security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:38.signed-error.asc">FreeBSD-SA-02:38</ulink>. - &merged;</para> - - <para>A bug that could allow applications using - <filename>libkvm</filename> to leak sensitive file descriptors - has been corrected. (See security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc">FreeBSD-SA-02:39</ulink> - for more details.) - &merged;</para> - - <para>Buffer overflows in kadmind(8) and k5admin have been - corrected. More details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:40.kadmind.asc">FreeBSD-SA-02:40</ulink>. - &merged;</para> - - <para>Errors in &man.smrsh.8;, which could allow users to circumvent - restrictions on what programs can be executed, have been fixed. - See <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:41.smrsh.asc">FreeBSD-SA-02:41</ulink> - for details. - &merged;</para> - - <para>Buffer overflows in the DNS &man.resolver.3;, which could - cause some applications to fail, have been corrected. More - details are in <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:42.resolv.asc">FreeBSD-SA-02:42</ulink>. - &merged;</para> - - <para>Multiple vulnerabilities in <application>BIND</application> - have been fixed, as described in <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:43.bind.asc">FreeBSD-SA-02:43</ulink>. - &merged;</para> - - <para>A file descriptor leak in the &man.fpathconf.2; system call, - which could allow a local user to crash the system or - cause a privilege escalation, has been fixed. More details can - be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc">FreeBSD-SA-02:44</ulink>. - &merged;</para> + <title>Security Advisories</title> + <para></para> </sect2> <sect2 id="userland"> <title>Userland Changes</title> - <para>Support for creating &man.a.out.5; format executables with - the base system compiler toolchain has been removed.</para> - - <para>&man.adduser.8; and &man.rmuser.8; are now &man.sh.1; - scripts, rather than Perl scripts.</para> - - <para role="historic">If the first argument to &man.ancontrol.8; or - &man.wicontrol.8; doesn't start with a <literal>-</literal>, it - is assumed to be an interface. &merged;</para> - - <para role="historic">&man.apmd.8; now has the ability to monitor battery levels - and execute commands based on percentage or minutes of battery - life remaining via the <literal>apm_battery</literal> - configuration directive. See the commented-out examples in - <filename>/etc/apmd.conf</filename> for the - syntax. &merged;</para> - - <para role="historic">&man.arp.8; now prints the applicable interface name for - each ARP entry. &merged;</para> - - <para>&man.arp.8; now prints <literal>[fddi]</literal> or - <literal>[atm]</literal> tags for addresses on interfaces of - those types.</para> - - <para>The &man.asa.1; utility, to interpret FORTRAN - carriage-control characters, has been added.</para> - - <para>&man.at.1; now supports the <option>-r</option> command-line - option to remove jobs and the <option>-t</option> option to - specify times in POSIX time format.</para> - - <para role="historic">&man.atacontrol.8; has been added to control various aspects - of the &man.ata.4; driver. &merged;</para> - - <para>The system &man.awk.1; now refers to - <application>BWK awk</application>.</para> - - <para>&man.basename.1; now accept <option>-a</option> and - <option>-s</option> flags, which allow it to perform the - &man.basename.3; function on multiple files.</para> - - <para>&man.biff.1; now accepts a <option>b</option> argument to - enable <quote>bell notification</quote> of new mail (which does - not disturb the terminal contents as <command>biff y</command> - would). &merged;</para> - - <para>&man.biff.1; now uses the first terminal associated with the - standard input, standard output or standard error file - descriptor, in that order. Thus, it is possible to use the - redirection facilities of a shell (<command>biff n < - /dev/ttyp1</command>) to toggle the notification for other - terminals.</para> - - <para arch="pc98" role="historic">&man.boot98cfg.8;, a PC-98 boot manager - installation and configuration utility, has been - added. &merged;</para> - - <para role="historic">&man.burncd.8; now supports a <option>-m</option> option for - multisession mode (the default behavior now is to close disks as - single-session). A <option>-l</option> option to take a list of - image files from a filename was also added; - <filename>-</filename> can be used as a filename for - <literal>stdin</literal>. &merged;</para> - - <para>&man.burncd.8; now supports Disk At Once (DAO) mode, - selectable via the <option>-d</option> flag. &merged;</para> - - <para>&man.burncd.8; now has the ability to write VCDs/SVCDs. &merged;</para> - - <para>&man.burncd.8; now accepts a value of <literal>max</literal> - for its <option>-s</option> option to set the drive's maximum - write speed. &merged;</para> - - <para>&man.bzgrep.1;, &man.bzegrep.1;, and &man.bzfgrep.1; - have been added to perform &man.grep.1;-type operations on - &man.bzip2.1;-compressed files.</para> - - <para role="historic">&man.c89.1; has been converted from a shell script to a - binary executable, fixing some minor bugs. &merged;</para> - - <para>&man.calendar.1; now takes a <option>-W</option> option, - which operates similar to <option>-A</option> but without - special treatment at weekends, and a <option>-F</option> option - to change the notion of <quote>Friday</quote>.</para> - - <para arch="i386,pc98" role="historic">A minimalized version of &man.camcontrol.8; is - now available on the installation floppy. This allows it to - rescan for devices that have been connected after booting, or to - show the devices attached to SCSI busses (e. g. from within the - <quote>emergency holographic shell</quote>). &merged;</para> - - <para role="historic">&man.cat.1; now has the ability to read from UNIX-domain - sockets. &merged;</para> - - <para>&man.catman.1; is now a C program, instead of a - Perl script.</para> - - <para role="historic">&man.cdcontrol.1; now supports a <literal>cdid</literal> - command, which calculates and displays the CD serial number, - using the same algorithm used by the CDDB - database. &merged;</para> - - <para role="historic">&man.cdcontrol.1; now uses the <envar>CDROM</envar> - environment variable to pick a default device. &merged;</para> - - <para role="historic">&man.cdcontrol.1; now supports <literal>next</literal> and - <literal>prev</literal> commands to skip forwards or backwards a - specified number of tracks while playing an audio - CD. &merged;</para> - - <para>&man.cdcontrol.1; now supports a - <literal>speed</literal> command to set the maximum speed to be - used by the drive (the maximum possible speed can be selected - setting the speed to <literal>max</literal>). &merged;</para> - - <para>A &man.check.utility.compat.3; library function has been - added to <filename>libc</filename>, to determine - whether certain &os; base system utilities should behave in &os; 4-compatible mode - or in a <quote>standard</quote> mode (default standard). The - configuration is done &man.malloc.3;-style, with either an - environment variable or a symbolic link.</para> - - <para>&man.chflags.1; has moved from <filename>/usr/bin</filename> - to <filename>/bin</filename>.</para> - - <para role="historic">&man.chio.1; now has the ability to specify elements by - volume tag instead of by their physical location as well as the - ability to return an element to its previous - location. &merged;</para> - - <para>&man.chmod.1; now supports a <option>-h</option> for - changing the mode of a symbolic link.</para> - - <para>&man.chmod.1; now also, when the mode is modified, prints - the old and new modes if the <option>-v</option> option is - specified more than once.</para> - - <para role="historic">&man.chown.8; now correctly follows symbolic links named as - command line arguments if run without - <option>-R</option>. &merged;</para> - - <para>&man.chown.8; no longer takes <literal>.</literal> as a - user/group delimeter. This change was made to support usernames - containing a <literal>.</literal> character.</para> - - <para>Use of the <literal>CSMG_*</literal> macros no longer - require inclusion of - <filename><sys/param.h></filename></para> - - <para role="historic">&man.col.1; now takes a <option>-p</option> flag to force - unknown control sequences to be passed through - unchanged. &merged;</para> - - <para role="historic">The <filename>compat3x</filename> distribution has been - updated to include libraries present in &os; - 3.5.1-RELEASE. &merged;</para> - - <para>A <filename>compat4x</filename> distribution has been added - for compatibility with &os; 4-STABLE. It includes a subset of - the libraries distributed with &os; 4.7-RELEASE.</para> - - <para role="historic">&man.config.8; is now better about converting various - warnings that should have been errors into actual fatal errors - with an exit code. This ensures that <literal>make - buildkernel</literal> doesn't quietly ignore them and build a - bogus kernel without a human to read the errors. &merged;</para> - - <para role="historic">A number of buffer overflows in &man.config.8; have been - fixed. &merged;</para> - - <para>&man.cp.1; now takes a (nonstandard) <option>-n</option> - option to automatically answer <quote>no</quote> when it would - ask to overwrite a file. &merged;</para> - - <para>A new &man.csplit.1; utility, which splits files based on - context, has been added.</para> - - <para role="historic">&man.ctags.1; no longer creates a corrupt tags file if the - source file used <literal>//</literal> (C++-style) - comments. &merged;</para> - - <para>&man.ctags.1; now creates tags for typedefs, structs, - unions, and enums by default (implying the <option>-t</option> - option). The new <option>-T</option> reverts to the old - behavior.</para> - - <para>The &man.daemon.8; program, a command-line interface to - &man.daemon.3;, has been added. It detaches itself from its - controlling terminal and executes a program specified on the - command line. This allows the user to run an arbitrary program - as if it were written to be a daemon. &merged;</para> - - <para>The &man.devd.8; utility, a userland daemon that can run - arbitrary commands when devices come and go in the device tree, - has been added. This program is a generalization of some of the - functionality of &man.pccardd.8;. - - <note> - <para>&man.devd.8; is a work in progress.</para> - </note> - - </para> - - <para>&man.devinfo.8;, a simple tool to print the device tree and resource - usage by devices, has been added.</para> - - <para role="historic">&man.df.1; now takes a <option>-l</option> option to only - display information about locally-mounted - filesystems. &merged;</para> - - <para role="historic">&man.disklabel.8; now supports partition sizes expressed in - kilobytes, megabytes, or gigabytes, in addition to - sectors. &merged;</para> - - <para>diskpart(8) has been declared obsolete, and has been - removed.</para> - - <para role="historic">&man.dmesg.8; now has a <option>-a</option> option to show - the entire message buffer, including &man.syslogd.8; records and - <filename>/dev/console</filename> output. &merged;</para> - - <para role="historic">&man.du.1; now takes a <option>-I</option> command-line flag - to ignore/skip files and subdirectories matching a specified - shell-glob mask. &merged;</para> - - <para role="historic">&man.dump.8; now supports inheritance of the - <literal>nodump</literal> flag down a hierarchy. &merged;</para> - - <para>&man.dump.8; now supports a <option>-L</option> flag for - dumping live UFS and UFS2 filesystems safely. To obtain a - consistent dump image, &man.dump.8; takes a snapshot of the - filesystem and performs the dump on the snapshot. The snapshot - is removed when the dump is complete.</para> - <para>&man.dump.8; now supports caching of disk blocks with the <option>-C</option> option. This can improve dump performance at the cost of possibly missing filesystem updates that occur between passes.</para> - <para role="historic">The <option>-T</option> option to &man.dump.8; no longer - swallows an extra argument. &merged;</para> - - <para role="historic">&man.dump.8; has a new <option>-D</option> option, allowing - the path to the <filename>/etc/dumpdates</filename> file to be - changed. &merged;</para> - - <para role="historic">&man.dump.8; now supplies progress information in its - process title, useful for monitoring automated - backups. &merged;</para> - - <para>&man.dump.8; now supports a new <option>-S</option> flag to allow - it to just print out the dump size estimates and exit. &merged;</para> - - <para role="historic">&man.edquota.8; now takes a <option>-f</option> option to - allow limiting the prototype quota distribution (specified with - <option>-p</option>) to a single filesystem. &merged;</para> - - <para role="historic"><filename>/etc/rc.firewall</filename> and - <filename>/etc/rc.firewall6</filename> will no longer add their own - hardcoded rules in the cases of a rules file in the - <varname>firewall_type</varname> variable or a non-existent - firewall type. (The motivation for this change is to avoid - acting on assumptions about a site's firewall policies.) In - addition, the <literal>closed</literal> firewall type now works - as documented in the &man.rc.firewall.8; manual page. &merged;</para> - - <para role="historic">The functionality of <filename>/etc/security</filename> has - been been moved into a set of scripts under the &man.periodic.8; - framework, to make local customization easier and more - maintainable. These scripts now reside in - <filename>/etc/periodic/security/</filename>. &merged;</para> - - <para>&man.expr.1; is now compliant with POSIX.2-1992 (and thus - also with POSIX.1-2001). Some program depend on the old, - historic behavior and do not properly protect their arguments to - keep them from being misinterpreted as command-line options. - (the <filename role="package">devel/libtool</filename> - port/package, used by many GNU programs, is a notable example). - The old behavior can be requested by enabling compatibility mode - for &man.expr.1; as described in - &man.check.utility.compat.3;.</para> - - <para>&man.fbtab.5; now accepts glob matching patterns for target - devices, not just individual devices and directories.</para> - - <para arch="i386,pc98">&man.fdisk.8; no longer attempts to search for a - device if none has been specified on the command line, but - instead tries to figure out the default device name from the - root device.</para> - - <para>&man.fdread.1;, a program to read data from floppy disks, - has been added. It is a counterpart to &man.fdwrite.1; and is - designed to provide a means of recovering at least some data - from bad media, and to obviate the need for a complex invocation of - &man.dd.1;.</para> - - <para role="historic">&man.find.1; now takes the <option>-empty</option> flag, - which returns true if a file or directory is - empty. &merged;</para> - - <para role="historic">&man.find.1; now takes the <option>-iname</option> and - <option>-ipath</option> primaries for case-insensitive matches, - and the <option>-regexp</option> and <option>-iregexp</option> - primaries for regular-expression matches. The - <option>-E</option> flag now enables extended regular - expressions. &merged;</para> - - <para role="historic">&man.find.1; now has the <option>-anewer</option>, - <option>-cnewer</option>, <option>-mnewer</option>, - <option>-okdir</option>, and <option>-newer[acm][acmt]</option> - primaries for comparisons of file timestamps. The latter - primaries can be specified with various units of - time. &merged;</para> - - <para role="historic">&man.finger.1; now has the ability to support fingering - aliases, via the &man.finger.conf.5; file. &merged;</para> - - <para>&man.finger.1; now has support for a - <filename>.pubkey</filename> file. &merged;</para> - - <para>&man.finger.1; now supports a <option>-g</option> flag to - restrict the printing of GECOS information to the user's full - name only. &merged;</para> - - <para>&man.finger.1; now supports the <option>-4</option> and - <option>-6</option> flags to specify an address family for - remote queries. &merged;</para> - - <para role="historic">&man.fmt.1; has been rewritten; the rewrite fixes a number - of bugs compared to its prior behavior. &merged;</para> - - <para role="historic">&man.fmtcheck.3;, a function for checking consistency of - format string arguments, has been added. &merged;</para> - - <para>&man.fold.1; now supports a <option>-b</option> flag to - break at byte positions and a <option>-s</option> flag to break at - word boundaries. &merged;</para> - - <para role="historic">&man.fsdb.8; now supports a <literal>blocks</literal> - command to list the blocks allocated by a particular - inode. &merged;</para> - - <para>&man.fsck.8; wrappers have been imported; this feature - provides infrastructure for &man.fsck.8; to work on different - types of filesystems (analogous to &man.mount.8;).</para> - - <para>The behavior of &man.fsck.8; when dealing with various - passes (a la <filename>/etc/fstab</filename>) has been modified - to accommodate multiple-disk filesystems.</para> - - <para>&man.fsck.8; now has support for foreground - (<option>-F</option>) and background (<option>-B</option>) - checks. Traditionally, &man.fsck.8; is invoked before the - filesystems are mounted and all checks are done to completion at - that time. If background checking is available, &man.fsck.8; is - invoked twice. It is first invoked at the traditional time, - before the filesystems are mounted, with the <option>-F</option> - flag to do checking on all the filesystems that cannot do - background checking. It is then invoked a second time, after - the system has completed going multiuser, with the - <option>-B</option> flag to do checking on all the filesystems - that can do background checking. Unlike the foreground - checking, the background checking is started asynchronously so - that other system activity can proceed even on the filesystems - that are being checked. Boot-time enabling of this feature is - controlled by the - <varname>background_fsck</varname> option in &man.rc.conf.5;.</para> - - <para role="historic">Shortly after the receipt of a <literal>SIGINFO</literal> - signal (normally control-T from the controlling tty), - &man.fsck.ffs.8; will now output a line indicating the current - phase number and progress information relevant to the current - phase. &merged;</para> - - <para>&man.fsck.ffs.8; now supports background filesystem checks - to mounted FFS filesystems with the <option>-B</option> option - (Soft Updates must be enabled on these filesystems). The - <option>-F</option> flag now determines whether a specified - filesystem needs foreground checking.</para> - - <para role="historic">A new &man.fsck.msdosfs.8; utility has been added to check - the consistency of MS-DOS filesystems. &merged;</para> - - <para role="historic">&man.ftpd.8; now supports a <option>-r</option> flag for - read-only mode and a <option>-E</option> flag to disable - <literal>EPSV</literal>. It also has some fixes to reduce - information leakage and the ability to specify compile-time port - ranges. &merged;</para> - - <para>&man.ftpd.8; now supports the <option>-m</option> option - to permit guest users to modify existing files if allowed - by filesystem permissions. - In particular, this enables guest users to resume uploads. - &merged;</para> - - <para>&man.ftpd.8; now supports the <option>-M</option> option - to prevent guest users from creating directories. - &merged;</para> - - <para>&man.ftpd.8; now supports <option>-o</option> and - <option>-O</option> options to disable the - <literal>RETR</literal> command; the former for everybody, and - the latter only for guest users. Coupled with - <option>-A</option> and appropriate file permissions, these can - be used to create a relatively safe anonymous FTP drop box for - others to upload to. &merged;</para> - - <para>&man.ftpd.8; now supports the <option>-W</option> option - to disable logging FTP sessions to &man.wtmp.5;. &merged;</para> - - <para>The &man.fwcontrol.8; utility has been added to help users - access and control the FireWire subsystem. &merged;</para> - - <para arch="i386,pc98" role="historic">&man.gdb.1; now supports hardware - watchpoints (using the kernel's debug register + support that - has been introduced in &os; 4.0). &merged;</para> - - <para>The &man.getconf.1; utility has been added. It prints the - values of POSIX or X/Open path or system configuration - variables. &merged;</para> - - <para role="historic">The &man.getprogname.3; and &man.setprogname.3; library - functions have been added to manipulate the name of the current - program. They are used by error-reporting routines to produce - consistent output. &merged;</para> - - <para>gifconfig(8) is obsolete and has been removed. Its - functionality is now handled by the <option>tunnel</option> and - <option>deletetunnel</option> commands of - &man.ifconfig.8;.</para> - - <para>&man.gprof.1; now has a <option>-K</option> option to enable - dynamic symbol resolution from the currently-running kernel. - With this change, properly-compiled KLD modules are now able to - be profiled.</para> - - <para arch="ia64">The gpt tool for manipulating EFI GPT - partitions has been added.</para> - - <para role="historic">&man.growfs.8;, a utility for growing FFS filesystems, has - been added. &man.ffsinfo.8;, a utility for dump all the - meta-information of an existing filesystem, has also been - added. &merged;</para> - - <para role="historic">The &man.groups.1; and &man.whoami.1; shell scripts are now - unnecessary; their functionality has been completely folded into - &man.id.1;. &merged;</para> - - <para>The ibcs(8), linux(8), osf1(8), and - svr4(8) scripts, whose sole purpose was to load emulation - kernel modules, have been removed. The kernel module system - will automatically load them as needed to fulfill - dependencies.</para> - - <para role="historic">&man.indent.1; has gained some new formatting - options. &merged;</para> - - <para role="historic">&man.ifconfig.8; can set the link-layer address of - an interface using the <option>link</option> parameter. - &merged;</para> - - <para role="historic">&man.ifconfig.8; can now accept addresses in slash/CIDR - notation. &merged;</para> - - <para role="historic">&man.ifconfig.8; now has support for setting parameters for - IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4; - devices are supported, and partial support is provided for - &man.awi.4; devices. &merged;</para> - - <para role="historic">&man.ifconfig.8; no longer displays the list of supported - media by default. Instead it displays it when the - <option>-m</option> flag is given. &merged;</para> - - <para>&man.ifconfig.8; now has the ability to set promiscuous mode - on an interface, via the new <option>promisc</option> - flag. &merged;</para> - - <para>&man.ifconfig.8; now supports a <literal>monitor</literal> - interface flag, which blocks transmission of packets on that - interface. This feature is useful for monitoring network traffic - without interacting with the network in question.</para> - - <para role="historic">The syntax of &man.inetd.8;'s support for &man.faithd.8; is - now compatible with that of other BSDs. &merged;</para> - - <para role="historic">The <literal>ident</literal> protocol support in - &man.inetd.8; has been cleaned up and updated. &merged;</para> - - <para role="historic">&man.inetd.8; now has the ability to manage UNIX-domain - sockets. &merged;</para> - - <para>By default, &man.inetd.8; is no longer run by &man.rc.8; at - boot-time, although &man.sysinstall.8; gives the option of - enabling it during binary installations. &man.inetd.8; can also - be enabled by adding the following line to - <filename>/etc/rc.conf</filename>:</para> - - <programlisting>inetd_enable="YES"</programlisting> - - <para>&man.inetd.8; now has the capability for limiting the - maximum number of simultaneous invocations of each service from - a single IP address. &merged;</para> - - <para role="historic">&man.install.1; has a number of new features, including the - <option>-b</option> and <option>-B</option> options for backing up - existing target files and the <option>-S</option> option for - <quote>safe</quote> (atomic copy) operation. The - <option>-c</option> (copy) flag is now the default, and the - <option>-D</option> (debugging) flag has been withdrawn. - &man.install.1; now issues a warning if <option>-d</option> - (create directories) and <option>-C</option> (copy changed files - only) are used together. &merged;</para> - - <para role="historic">IP Filter is now supported by the &man.rc.conf.5; boot-time - configuration and initialization. &merged;</para> - - <para role="historic">&man.ipfstat.8; now supports the <option>-t</option> option - to turn on a &man.top.1;-like display. &merged;</para> - - <para role="historic">&man.ipfw.8; will now avoid the display of dynamic firewall - rules unless the <option>-d</option> flag is passed to it. The - <option>-e</option> option lists expired dynamic - rules. &merged;</para> - - <para role="historic">&man.ipfw.8; has a new feature (<literal>me</literal>) that - allows for packet matching on interfaces with - dynamically-changing IP addresses. &merged;</para> - - <para role="historic">&man.ipfw.8; has a new <literal>limit</literal> type of - firewall rule, which limits the number of sessions between - address pairs. &merged;</para> - - <para>&man.ipfw.8; filter rules can now match on the value of the - IPv4 precedence field.</para> - - <para role="historic">&man.ip6fw.8; now has the ability to use a preprocessor and - use the <option>-q</option> (quiet) flag when reading from a - file. &merged;</para> - - <para role="historic">&man.ispppcontrol.8; has been deleted, and its functionality - has been folded into &man.spppcontrol.8;. &merged;</para> - - <para role="historic">&man.k5su.8; is no longer installed SUID - <username>root</username> by default. Users requiring this - feature can either manually change the permissions on the - &man.k5su.8; executable or add - <literal>ENABLE_SUID_K5SU=yes</literal> to - <filename>/etc/make.conf</filename> before a source - upgrade. &merged;</para> - - <para>&man.kbdmap.1; and &man.vidfont.1; have been converted from - Perl to C.</para> - - <para role="historic">&man.kenv.1;, a command to dump the kernel environment, has - been added. &merged;</para> - - <para>&man.kenv.1; now has the ability to set or delete kernel - environment variables.</para> - - <para role="historic">&man.keyinfo.1; is now a C program, rather than a Perl - script. &merged;</para> - - <para>The kget(8) utility has been removed (it was only - useful for UserConfig, which is not present in &os; - &release.current;).</para> - - <para role="historic">&man.killall.1; is now a C program, rather than a Perl - script. As a result, its <option>-m</option> option now uses - the regular expression syntax of &man.regex.3;, rather than that - of Perl. &merged;</para> - - <para>&man.killall.1; no longer tries to kill zombie processes - unless the <option>-z</option> flag is specified.</para> - - <para role="historic">The &man.kldconfig.8; utility has been added to make it - easier to manipulate the kernel module search - path. &merged;</para> - - <para>&man.ktrdump.8;, a utility to dump the ktr trace buffer from - userland, has been added.</para> - - <para role="historic">&man.last.1; now implements a <option>-d</option> that - provides a <quote>snapshot</quote> of who was logged in at a - particular date and time. &merged;</para> - - <para role="historic">&man.last.1; now supports a <option>-y</option> flag, which - causes the year to be included in the session start time. &merged;</para> - - <para role="historic">The &man.lastlogin.8; utility, which prints the last login - time of each user, has been imported from - NetBSD. &merged;</para> - - <para role="historic">&man.ldconfig.8; now checks directory ownerships and - permissions for greater security; these checks can be disabled - with the <option>-i</option> flag. &merged;</para> - - <para role="historic">&man.ldd.1; can now be used on shared libraries, in addition - to executables. &merged;</para> - - <para>&man.ldd.1; now supports a <option>-a</option> flag to list - all the objects that are needed by each loaded object.</para> - - <para><filename>libc</filename> is now thread-safe by default; - <filename>libc_r</filename> contains only thread - functions.</para> - - <para role="historic"><filename>libcrypt</filename> and - <filename>libdescrypt</filename> have been unified to provide a - configurable password authentication hash library. Both the md5 - and des hash methods are provided unless the des hash is - specifically compiled out. &merged;</para> - - <para role="historic"><filename>libcrypt</filename> now has support for Blowfish - password hashing. &merged;</para> - - <para arch="i386" role="historic"><filename>libdisk</filename> can now do - install-time configuration of the <filename>boot0</filename> - boot loader. &merged;</para> - - <para role="historic"><filename>libstand</filename> now has support for - filesystems containing - <application>bzip2</application>-compressed - files. &merged;</para> - - <para><filename>libstand</filename> now has support for - overwriting the contents of a file on a UFS filesystem (it - cannot expand or truncate files because the filesystem may be - dirty or inconsistent).</para> - - <para role="historic"><filename>libstand</filename> now has support for loading - large kernels and modules split across several physical - media. &merged;</para> - - <para role="historic">The default TCP port range used by - <filename>libfetch</filename> for passive FTP retrievals has - changed; this affects the behavior of &man.fetch.1;, which has - gained the <option>-U</option> option to restore the old - behavior. &merged;</para> - - <para role="historic"><filename>libfetch</filename> now has support for an - authentication callback. &merged;</para> - - <para role="historic"><filename>libfetch</filename> now has support for a - <envar>HTTP_USER_AGENT</envar> environment - variable. &merged;</para> - - <para><filename>libgmp</filename> has been superceded by - <filename>libmp</filename>. - - <para>The functions from <filename>libposix1e</filename> have been - integrated into <filename>libc</filename>.</para> - - <para role="historic"><filename>libusb</filename> has been renamed as - <filename>libusbhid</filename>, following NetBSD's naming - conventions. &merged;</para> - - <para role="historic">&man.ln.1; now takes an <option>-i</option> option to - request user confirmation before overwriting an existing - file. &merged;</para> - - <para role="historic">&man.ln.1; now takes a <option>-h</option> flag to avoid - following a target that is a link, with a <option>-n</option> - flag for compatibility with other - implementations. &merged;</para> - - <para>&man.lock.1; now accepts a <option>-v</option> to disable - switching VTYs while the current terminal is locked. This permits - locking the entire console from a single terminal. &merged;</para> - - <para role="historic">&man.logger.1; can now send messages directly to a remote - syslog. &merged;</para> - - <para role="historic">&man.login.1; now exports environment variables set by - <application>PAM</application> modules. &merged;</para> - - <para>&man.lpc.8; has been improved; <command>lpc clean</command> - is now somewhat safer, and a new <command>lpc tclean</command> - command has been added to check to see what files would be - removed by <command>lpc clean</command>. <command>lpc - topq</command> has been reimplemented, and now allows for a much - more flexible specification of which jobs should be moved (such - as a range of job numbers, or a hostname). An <command>lpc - bottomq</command> command has been added to move jobs to the - bottom of a print queue, and a new <command>lpc - setstatus</command> command can be used to set a printer's - status message. &merged;</para> - - <para role="historic">&man.lpd.8; now takes two new options: <option>-c</option> - will log all connection errors to &man.syslogd.8;, while - <option>-W</option> will allow connections from non-reserved - ports. &merged;</para> - - <para role="historic">&man.lpd.8; now has some support for - <literal>o</literal>-type print-file actions in its control - files, which allows printing of PostScript files generated by - <application>MacOS</application> 10.1. &merged;</para> - - <para role="historic">&man.lpd.8; now recognizes the <option>-s</option> flag as - the preferred synonym for <option>-p</option> (these flags - cause &man.lpd.8; not to open a socket for network print - jobs). &merged;</para> - - <para role="historic">&man.lpd.8; now implements a new <literal>rc</literal> - printcap option. When specified in a print queue for a remote - host, boolean option causes &man.lpd.8; to resend the data file - for each copy the user requested via <command>lpr - -#<replaceable>n</replaceable></command>. &merged;</para> - - <para role="historic">Catching up with most other network utilities in the base - system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and - &man.logger.1; are now all IPv6-capable. &merged;</para> - - <para role="historic"><command>lprm -</command> now works for remote printer - queues. &merged;</para> - - <para role="historic">&man.ls.1; can produce colorized listings with the - <option>-G</option> flag (and appropriate terminal support). - The <envar>CLICOLOR</envar> environment variable can be set to - enable colorized listings by default. &merged;</para> - - <para role="historic">&man.ls.1; now accepts a <option>-h</option> flag, which - when combined with the <option>-l</option> flag, causes file - sizes to be printed with unit suffixes, such that the number of - digits printed is fewer than four. &merged;</para> - - <para>The &man.ls.1; program now supports a <option>-m</option> - flag to list files across a page, a <option>-p</option> flag to - force printing of a <literal>/</literal> after directories, and - a <option>-x</option> flag to sort filenames across a - page. &merged;</para> - - <para role="historic">&man.m4.1; now accepts a <option>-s</option> flag to cause - it to emit <literal>#line</literal> directives for use by - &man.cpp.1;. &merged;</para> - - <para role="historic">&man.mail.1; now takes a <option>-E</option> flag to avoid - sending messages with empty bodies. &merged;</para> - - <para role="historic">&man.make.1; has gained the <literal>:C///</literal> - (regular expression substitution), <literal>:L</literal> - (lowercase), and <literal>:U</literal> (uppercase) variable - modifiers. These were added to reduce the differences between - the &os; and OpenBSD/NetBSD &man.make.1; programs. - &merged;</para> - - <para>&man.make.1; now supports a <option>-C</option> flag to - change to a given directory before building its - target(s). &merged;</para> - - <para role="historic">Bugs in &man.make.1;, among which include broken null suffix - behavior, bad assumptions about current directory permissions, - and potential buffer overflows, have been fixed. &merged;</para> - - <para role="historic">The new <varname>CPUTYPE</varname> - <filename>make.conf</filename> variable controls the compilation - of processor-specific optimizations in various pieces of code - such as <application>OpenSSL</application>. &merged;</para> - - <para role="historic">The &os; <filename>Makefile</filename> infrastructure now - supports the <varname>WARNS</varname> directive from NetBSD. - This directive controls the addition of compiler warning flags - to <varname>CFLAGS</varname> in a relatively compiler-neutral - manner. &merged;</para> - - <para>&man.makewhatis.1; is now a C program, instead of a - Perl script.</para> - - <para>&man.man.1; is no longer installed SUID - <username>man</username>, in order to reduce vulnerabilities - associated with generating <quote>catpages</quote> (preformatted - manual pages cached for repeated viewing). As a result, - &man.man.1; can no longer create system catpages on a regular - user's behalf. It is still able to do so if the user has write - permissions to the directory holding catpages (e.g. a user's own - manpages) or if the running user is - <username>root</username>.</para> - - <para arch="ia64">The mca utility, for decoding Machine Check Architecture - records, has been added.</para> - - <para>The &man.mdmfs.8; command has been added; it is a wrapper - around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and - &man.mount.8; that mimics the command line option set of the - deprecated &man.mount.mfs.8;.</para> - - <para role="historic">&man.mergemaster.8; now sources an - <filename>/etc/mergemaster.rc</filename> file and also prompts - the user to run recommended commands (such as - <command>newaliases</command>) as needed. &merged;</para> - - <para role="historic">&man.mergemaster.8; now supports two new flags. - The <option>-p</option> flag enables a - <quote>pre-<literal>buildworld</literal></quote> mode to files - known to be essential to the success of the - <literal>buildworld</literal> and - <literal>installworld</literal> system updating steps. The - <option>-C</option> flag, used after a successful - &man.mergemaster.8; run, compares options in - <filename>/etc/rc.conf</filename> to the default options in - <filename>/etc/defaults/rc.conf</filename>. &merged;</para> - - <para>&man.mesg.1; now conforms to SUSv3. Among other things, it - now uses the first terminal associated with the standard input, - standard output or standard error file descriptor, in that order. - Thus, it is possible to use the redirection facilities of a shell - (<command>mesg n < /dev/ttyp1</command>) to control write access - for other terminals.</para> - - <para role="historic">mk_cmds(1) and the associated - <filename>libss</filename> have been removed; they have been - unused for quite some time. &merged;</para> - - <para>&man.mountd.8; and &man.nfsd.8; have moved from - <filename>/sbin</filename> to <filename>/usr/sbin</filename>.</para> - - <para role="historic">&man.moused.8; now takes a <option>-a</option> option to - control mouse acceleration. &merged;</para> - - <para role="historic">&man.mtree.8; now includes support for a file that lists - pathnames to be excluded when creating and verifying prototypes. - This makes it easier to use &man.mtree.8; as a part of an - intrusion-detection system. &merged;</para> - - <para>&man.mv.1; now takes a (nonstandard) <option>-n</option> option to - automatically answer <quote>no</quote> when it would ask to - overwrite a file. &merged;</para> - - <para role="historic">&man.natd.8; now supports a - <option>-log_ipfw_denied</option> option to log packets that - cannot be re-injected because they are blocked by &man.ipfw.8; - rules. &merged;</para> - - <para role="historic">The <quote>in use</quote> percentage metric displayed by - &man.netstat.1; now really reflects the percentage of network - mbufs used. &merged;</para> - - <para role="historic">&man.netstat.1; now has a <option>-W</option> flag that - tells it not to truncate addresses, even if they're too long for - the column they're printed in. &merged;</para> - - <para role="historic">&man.netstat.1; now keeps track of input and output packets - on a per-address basis for each interface. &merged;</para> - - <para role="historic">&man.netstat.1; now has a <option>-z</option> flag to reset - statistics. &merged;</para> - - <para role="historic">&man.netstat.1; now has a <option>-S</option> flag to print - address numerically but port names symbolically. &merged;</para> - - <para role="historic">&man.newfs.8; now implements write combining, which can make - creation of new filesystems up to seven times - faster. &merged;</para> - - <para role="historic">&man.newfs.8; now takes a <option>-U</option> option to - enable Soft Updates on a new filesystem. &merged;</para> - - <para role="historic">The default number of cylinders per group in &man.newfs.8; - is now computed to be the maximum allowable given the current - filesystem parameters. It can be overridden with the - <option>-c</option> option. Formerly, the default was fixed at - 16. This change leads to better &man.fsck.8; performance and - reduced fragmentation. &merged;</para> - - <para role="historic"><anchor id="newfs-block-frag-sizes">The default block and - fragment sizes for new filesystems created by &man.newfs.8; are - now 16384 and 2048 bytes, respectively (the old defaults were - 8192 and 1024 bytes). This change generally provides increased - performance, at the expense of some wasted disk - space. &merged;</para> - - <para>A number of archaic features of &man.newfs.8; have been - removed; these implemented tuning features that are essentially - useless on modern hard disks. These features were controlled by - the <option>-O</option>, <option>-d</option>, - <option>-k</option>, <option>-l</option>, <option>-n</option>, - <option>-p</option>, <option>-r</option>, <option>-t</option>, - and <option>-x</option> flags.</para> - - <para>&man.newfs.8; now supports a <option>-O</option> flag to - select the creation of UFS1 or UFS2 filesystems.</para> - - <para>The &man.newgrp.1; utility to change to a new group has been - added.</para> - - <para>&man.newsyslog.8; now compresses log files - using &man.bzip2.1; by default. (The former behavior of using - &man.gzip.1; can be specified in - <filename>/etc/newsyslog.conf</filename>.)</para> - <para>&man.newsyslog.8; now supports a <literal>W</literal> flag to force previously-started compression jobs for an entry (or group of entries specified with the <literal>G</literal> flag) @@ -3180,369 +182,6 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> to prevent system overloads caused by starting several compression jobs on big files simultaneously. &merged;</para> - <para>The &man.nextboot.8; utility has been added to specify an - alternate kernel and/or boot flags to be used the next time the - machine is booted. A previous incarnation of this feature - first appeared in &os; 2.2.</para> - - <para><application>NFS</application> now works over IPv6.</para> - - <para role="historic">&man.ngctl.8; now supports a <option>write</option> command - to send a data packet down a given hook. &merged;</para> - - <para>&man.nice.1; now uses the <option>-n</option> option to - specify the <quote>niceness</quote> of the utility being - run. &merged;</para> - - <para role="historic">&man.nl.1;, a line numbering filter program, has been - added. &merged;</para> - - <para><application>nsswitch</application> support has been merged - from NetBSD. By creating an &man.nsswitch.conf.5; file, &os; - can be configured so that various databases such as - &man.passwd.5; and &man.group.5; can be looked up using flat - files, NIS, or Hesiod. If <filename>/etc/nsswitch.conf</filename> - does not exist, it will be automatically generated from an existing - <filename>/etc/hosts.conf</filename> at system startup time. The - <filename>/etc/hosts.conf</filename> file may be used by old - executables; it will be automatically generated from - an existing <filename>/etc/nsswitch.conf</filename> during - system startup if it exists.</para> - - <para>&man.od.1; now supports the <option>-A</option> option to - specify the input address base, the <option>-N</option> option to - specify the number of bytes to dump, the <option>-j</option> - option to specify the number of bytes to skip, the - <option>-s</option> option to output signed decimal shorts, and - the <option>-t</option> option to specify output type. &merged;</para> - - <para arch="sparc64">The &man.ofwdump.8; utility has been added to - examine the OpenFirmware device tree.</para> - - <para><application>PAM</application> support has been added for - account management and sessions.</para> - - <para><application>PAM</application> configuration is now - specified by files in <filename>/etc/pam.d/</filename>, rather - than a single <filename>/etc/pam.conf</filename> file. - <filename>/etc/pam.d/README</filename> has more details.</para> - - <para>A &man.pam.echo.8; echo service module has been added.</para> - - <para>A &man.pam.exec.8; program execution service module has been - added.</para> - - <para>A &man.pam.ftp.8; module has been added to allow - authentication of anonymous FTP users.</para> - - <para>A &man.pam.ftpusers.8; module has been added to perform - checks against the &man.ftpusers.5; file.</para> - - <para>A &man.pam.ksu.8; module has been added to do Kerberos 5 - authentication and <filename>$HOME/.k5login</filename> - authorization for &man.su.1;.</para> - - <para>A &man.pam.lastlog.8; module has been added to record - sessions in the &man.utmp.5;, &man.wtmp.5;, and &man.lastlog.5; - databases.</para> - - <para>A &man.pam.login.access.8; module has been added, to allow - checking against <filename>/etc/login.access</filename>.</para> - - <para>The &man.pam.nologin.8; module, which can disallow logins - using &man.nologin.5;, has been added.</para> - - <para>The &man.pam.opie.8; and &man.pam.opieaccess.8; modules have - been added to control authentication via &man.opie.4;. &merged;</para> - - <para>A &man.pam.passwdqc.8; module has been added, to check the - quality of passwords submitted during password changes.</para> - - <para>A &man.pam.rhosts.8; module has been added to support - &man.rhosts.5; authentication.</para> - - <para>The &man.pam.rootok.8; module, which can be used to - authenticate only the superuser, has been added.</para> - - <para>A &man.pam.securetty.8; module has been added to check the - <quote>security</quote> of a TTY, as listed in &man.ttys.5;.</para> - - <para>A &man.pam.self.8; module, which allows self-authentication - of a user, has been added.</para> - - <para role="historic">A &man.pam.ssh.8; module has been added to allow the use of - SSH passphrases and keypairs for authentication. This module - also handles session management by invoking - &man.ssh-agent.1;. &merged;</para> - - <para>A &man.pam.wheel.8; module has been added to permit - authentication to members of a group, which defaults to - <groupname>wheel</groupname>.</para> - - <para role="historic">&man.passwd.1; and &man.pw.8; now select the password hash - algorithm at run time. See the <literal>passwd_format</literal> - attribute in - <filename>/etc/login.conf</filename>. &merged;</para> - - <para role="historic">&man.patch.1; now accepts a <option>-i</option> command-line - flag to read a patch from a file, rather than standard - input. &merged;</para> - - <para>The &man.pathchk.1; utility, which checks pathnames for - validity or portability between POSIX systems, has been - added. &merged;</para> - - <para role="historic">&man.pax.1; has received a number of enhancements, including - &man.cpio.1; functionality, &man.tar.1; compatibility - enhancements, <option>-z</option> and <option>-Z</option> flags - for &man.gzip.1; and &man.compress.1; functionality, and a - number of bug fixes. &merged;</para> - - <para role="historic">&man.pciconf.8; now supports a <option>-v</option> option to - display the vendor/device information of configured devices, in - conjunction with the <option>-l</option> option. The default - vendor/device database can be found at - <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para> - - <para role="historic">The behavior of &man.periodic.8; is now controlled by - <filename>/etc/defaults/periodic.conf</filename> and - <filename>/etc/periodic.conf</filename>. &merged;</para> - - <para role="historic">&man.ping.8; now supports a <option>-m</option> option to - set the TTL of outgoing packets. &merged;</para> - - <para role="historic">&man.ping.8; now supports a <option>-A</option> option to - beep when packets are lost. &merged;</para> - - <para>&man.ping.8; now supports a <option>-o</option> flag to exit - after receiving a reply.</para> - - <para role="historic">Userland &man.ppp.8; has received a number of updates and - bug fixes. &merged;</para> - - <para role="historic">&man.ppp.8; has gained the <literal>tcpmssfixup</literal> - option, which adjusts outgoing and incoming TCP SYN packets so - that the maximum receive segment size is no larger than allowed - by the interface MTU. &merged;</para> - - <para role="historic">&man.ppp.8; now supports IPv6. &merged;</para> - - <para role="historic">&man.pppd.8; (the control program for kernel-level PPP) is - now installed mode <literal>4550</literal> and - <username>root</username><literal>:</literal><groupname>dialer</groupname>, - rather than mode <literal>4555</literal> (in other words, it is - no longer world-executable). Users of &man.pppd.8; may need to - change their group settings. &merged;</para> - - <para role="historic">&man.pr.1; now supports the <option>-f</option> and - <option>-p</option> flags to pause output going to a - terminal. &merged;</para> - - <para>prefix(8) is obsolete and has been removed. Its - functionality is provided by the <option>eui64</option> command - to &man.ifconfig.8;.</para> - - <para role="historic">The <option>-W</option> option to &man.ps.1; (to extract - information from a specified swap device) has been useless for - some time; it has been removed. &merged;</para> - - <para>The &man.pselect.3; library function (introduced by POSIX.1 - as a slightly stronger version of &man.select.2;) has been - added.</para> - - <para role="historic">&man.pwd.1; can now double as &man.realpath.1;, a program to - resolve pathnames to their underlying physical - paths. &merged;</para> - - <para>&man.pwd.1; now supports the <option>-L</option> flag to - print the logical current working directory. &merged;</para> - - <para>&man.quota.1; now takes a <option>-l</option> flag to - suppress quote checks on NFS filesystems.</para> - - <para>The pseudo-random number generator implemented by - &man.rand.3; has been improved to provide less biased - results.</para> - - <para>&man.rarpd.8; now accepts a <option>-t</option> flag to - specify an alternative directory to - <filename>/tftpboot</filename>. &merged;</para> - - <para role="historic">&man.rc.8; now has a framework for handling dependencies - between &man.rc.conf.5; variables. &merged;</para> - - <para role="historic">&man.rc.8; now deletes all non-directory files in - <filename>/var/run</filename> and - <filename>/var/spool/lock</filename> at boot - time. &merged;</para> - - <para>&man.rcmd.3; now supports the use of the - <envar>RSH</envar> environment variable to specify a program to - use other than &man.rsh.1; for remote execution. As a result, - programs such as &man.dump.8; can use &man.ssh.1; for remote - transport.</para> - - <para>&man.rdist.1; has been retired from the base system, but is - still available from &os; Ports Collection as - <filename role="package">net/44bsd-rdist</filename>.</para> - - <para role="historic">&man.reboot.8; now takes a <option>-k</option> to specify - the next kernel to boot. &merged;</para> - - <para>The &man.renice.8; command implements a <option>-n</option> - option, which specifies an increment to be applied to the - priority of a process. &merged;</para> - - <para role="historic">The &man.resolver.3; in &os; now implements EDNS0 support, - which will be necessary when working with IPv6 transport-ready - resolvers/DNS servers. &merged;</para> - - <para role="historic">The &man.rfork.thread.3; library call has been added as a - helper function to &man.rfork.2;. Using this function should - avoid the need to implement complex stack swap - code. &merged;</para> - - <para role="historic">The <option>-v</option> option to &man.rm.1; now displays - the entire pathname of a file being removed. &merged;</para> - - <para role="historic">&man.route.8; is now more verbose when changing indirect - routes, in the case of a gateway route that is the same route as - the one being modified. &merged;</para> - - <para role="historic">&man.route.8; now uses - <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal> - syntax instead of - <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal> - syntax, for compatibility with &man.netstat.1;. &merged;</para> - - <para role="historic">&man.route.8; can now create <quote>proxy only</quote> - published ARP entries. &merged;</para> - - <para role="historic">The &man.route.8; <option>add</option> command now supports - the <option>-ifp</option> and <option>-ifa</option> - modifiers. &merged;</para> - - <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para> - - <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename> - (as on NetBSD), not - <filename>/usr/libexec/cpp</filename>.</para> - - <para>&man.rpc.lockd.8; has been imported from NetBSD. This - daemon provides support for servicing client NFS locks.</para> - - <para role="historic">The performance of the ELF dynamic linker &man.rtld.1; has - been improved. &merged;</para> - - <para role="historic">RSA Security has waived all patent rights to the - <application>RSA</application> algorithm. As a result, the - native <application>OpenSSL</application> implementation of the - RSA algorithm is now activated by default, and the <filename - role="package">security/rsaref</filename> port and the - <filename>librsaUSA</filename> and - <filename>librsaINTL</filename> libraries are no longer required - for USA and non-USA residents respectively. &merged;</para> - - <para>&man.rtld.1; will now print the names of all objects that - cause each object to be loaded, if the - <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment - variable is defined.</para> - - <para role="historic">&man.savecore.8; now supports a <option>-k</option> option - to prevent clearing a crash dump after saving it. It also - attempts to avoid writing large stretches of zeros to crash dump - files to save space and time. &merged;</para> - - <para role="historic">&man.savecore.8; now works correctly on machines with 2 GB - or more of RAM. &merged;</para> - - <para role="historic">&man.sed.1; now takes a <option>-E</option> option for - extended regular expression support. &merged;</para> - - <para>&man.sed.1; now takes a <option>-i</option> option to enable - in-place editing of files. &merged;</para> - - <para role="historic">&man.send-pr.1; now takes a <option>-a</option> option to - include a file into the <literal>Fix:</literal> section of a - problem report. &merged;</para> - - <para>The &man.setfacl.1; and &man.getfacl.1; commands have been - added to manage filesystem Access Control Lists.</para> - - <para role="historic">&man.setproctitle.3; has been moved from - <filename>libutil</filename> to - <filename>libc</filename>. &merged;</para> - - <para role="historic">&man.sh.1; now implements <command>test</command> as a - built-in command for improved efficiency. &merged;</para> - - <para>&man.sh.1; no longer implements <command>printf</command> as - a built-in command because it was considered less valuable - compared to the other built-in commands (this functionality is, - of course, still available through the &man.printf.1; - executable).</para> - - <para>&man.sh.1; now supports a <option>-C</option> option to - prevent existing regular files from being overwritten by output - redirection, and a <option>-u</option> to give an error if an - unset variable is expanded. &merged;</para> - - <para>The &man.sh.1; built-in <command>cd</command> command now - supports <option>-L</option> and <option>-P</option> flags to - invoke logical or physical modes of operation, respectively. - Logical mode is the default, but the default can be changed with - the <varname>physical</varname> &man.sh.1; option. &merged;</para> - - <para>The &man.sh.1; built-in <command>jobs</command> command now - supports a <option>-s</option> flag to output PIDs only and a - <option>-l</option> flag to add PIDs to the output. &merged;</para> - - <para>&man.sh.1; now supports a <command>bind</command> built-in - command, which allows the key bindings for the shell's line editor - to be changed.</para> - - <para>The &man.sh.1; built-in <command>export</command> and - <command>readonly</command> commands now support a - <option>-p</option> flag to print their output in - <quote>portable</quote> format. &merged;</para> - - <para>&man.sh.1; no longer accepts invalid constructs as - <command><replaceable>command</replaceable> & && - <replaceable>command</replaceable></command>, <command>&& - <replaceable>command</replaceable></command>, or <command>|| - <replaceable>command</replaceable></command>. &merged;</para> - - <para role="historic">&man.sockstat.1; now has <option>-c</option> and - <option>-l</option> flags for listing connected and listening - sockets, respectively. &merged;</para> - - <para>&man.spkrtest.8; is now a &man.sh.1; script, rather than a - Perl script.</para> - - <para role="historic">&man.split.1; now has the ability to split a file longer - than 2GB. &merged;</para> - - <para>&man.split.1; now supports a <option>-a</option> option to - specify the number of letters to use for the suffix of split - files. &merged;</para> - - <para>In preparation for meeting SUSv2/POSIX - <filename><sys/select.h></filename> requirements, - <literal>struct selinfo</literal> and related functions have been - moved to <filename><sys/selinfo.h></filename>.</para> - - <para role="historic">The &man.strnstr.3; and &man.strcasestr.3; variants of - &man.strstr.3; have been implemented. &merged;</para> - - <para role="historic">&man.stty.1; now has support for an - <literal>erase2</literal> control character, so that, for - example, both the <keycap>Delete</keycap> and - <keycap>Backspace</keycap> keys can be used to erase - characters. &merged;</para> - - <para>&man.su.1; now uses <application>PAM</application> for - authentication.</para> - <para>The &man.swapoff.8; command has been added to disable paging and swapping on a device. A related &man.swapctl.8; command has been added to provide an interface to &man.swapon.8; and @@ -3554,1122 +193,48 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> </note> </para> - <para role="historic">Boot-time &man.syscons.4; configuration was moved to a - machine-independent - <filename>/etc/rc.syscons</filename>. &merged;</para> - - <para role="historic">&man.sysctl.8; now supports a <option>-N</option> option to - print out variable names only. &merged;</para> - - <para role="historic">&man.sysctl.8; has replaced the <option>-A</option> and - <option>-X</option> options with <option>-ao</option> and - <option>-ax</option> respectively; the former options are now - deprecated. The <option>-w</option> option is deprecated as - well; it is not needed to determine the user's - intentions. &merged;</para> - - <para role="historic">&man.sysctl.8; now supports a <option>-e</option> option to - separate variable names and values by <literal>=</literal> - rather than <literal>:</literal>. This feature is useful for - producing output that can be fed back to - &man.sysctl.8;. &merged;</para> - - <para>&man.sysctl.8; now accepts a <option>-d</option> flag to print - the descriptions of variables.</para> - - <para role="historic">&man.sysinstall.8; now properly preserves - <filename>/etc/mail</filename> during a binary - upgrade. &merged;</para> - - <para role="historic">&man.sysinstall.8; now uses some more intuitive defaults - thanks to some new dialog support functions. &merged;</para> - - <para>The default root partition in &man.sysinstall.8; is now - 100MB on the i386 and pc98, 120MB on the Alpha.</para> - - <para>&man.sysinstall.8; now lives in - <filename>/usr/sbin</filename>, which simplifies the - installation process. The &man.sysinstall.8; manpage is also - installed in a more consistent fashion now.</para> - - <para role="historic">&man.sysinstall.8; now has the ability to load KLDs as a - part of the installation. &merged;</para> - - <para role="historic">When run from the installation media, &man.sysinstall.8; - will automatically load any device drivers found in the - <filename>/stand/modules</filename> directory of the - <literal>mfsroot</literal> floppy or filesystem image. Note - that any drivers so loaded will not appear in the kernel's boot - messages; the &man.sysinstall.8; debugging screen will provide - additional information. &merged;</para> - - <para role="historic">&man.sysinstall.8; now enables Soft Updates by default on - all filesystems it creates, except for the root - filesystem. &merged;</para> - - <para role="historic">&man.sysinstall.8; has received updates for its - <quote>auto</quote> partitioning mode which provide more - reasonable defaults for the sizes of partitions that are - created; auto-sized partitions can now also recover the space - that becomes available when other partitions are - deleted. &merged;</para> - - <para>&man.sysinstall.8; no longer mounts the &man.procfs.5; - filesystem by default on new installs. This change was made to - improve security, but &man.procfs.5; can still be mounted - manually or via an appropriate line in the &man.fstab.5; - file.</para> - - <para role="historic">&man.sysinstall.8; now has rudimentary support for - retrieving packages from the correct volume of a multiple-volume - installation (such as a multi-CD distribution). &merged;</para> - - <para role="historic">&man.syslogd.8; can take a <option>-n</option> option to - disable DNS queries for every request. &merged;</para> - - <para role="historic">&man.syslogd.8; now supports a - <literal>LOG_CONSOLE</literal> facility (disabled by default), - which can be used to log <filename>/dev/console</filename> - output. &merged;</para> - - <para role="historic">&man.syslogd.8; now has the ability to bind to a specific - address (as opposed to using every available one) via the - <option>-b</option> option. &merged;</para> - - <para role="historic">&man.syslogd.8; now accepts a <option>-c</option> flag to - disable repeated line compression. &merged;</para> - <para>&man.systat.1; now includes an <option>-ifstat</option> display mode that displays the network traffic going through active intrfaces on the system.</para> - <para>&man.tabs.1;, a utility to set terminal tab stops, has been - added.</para> - - <para role="historic">&man.tail.1; now has the ability to work on files longer - than 2GB. &merged;</para> - - <para role="historic">&man.tar.1; now supports the <varname>TAR_RSH</varname> - variable, principally to enable the use of &man.ssh.1; as a - transport. &merged;</para> - - <para role="historic">&man.telnet.1; now does autologin and encryption by default; - a new <option>-y</option> option turns off encryption. &merged;</para> - - <para role="historic">&man.telnet.1; now supports a <option>-u</option> flag to - allow connections to UNIX-domain (<literal>AF_UNIX</literal>) - sockets. &merged;</para> - - <para>The &man.termcap.5; database now uses the - <literal>xterm</literal> terminal type from - <application>XFree86</application>. As a result, &man.xterm.1; - now supports color by default and the common workaround of - setting <varname>TERM</varname> to <literal>xterm-color</literal> - is no longer necessary. Use of the - <literal>xterm-color</literal> terminal type may result in - (benign) warnings from applications.</para> - - <para role="historic">&man.tftp.1; and &man.tftpd.8; now support IPv6. &merged;</para> - - <para role="historic">&man.tftpd.8; now takes the <option>-c</option> and - <option>-C</option> options, which allow the server to - &man.chroot.2; based on the IP address of the connecting client. - &man.tftp.1; and &man.tftpd.8; can now transfer files larger - than 65535 blocks. &merged;</para> - - <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval - and Transfer Size Options); this feature is required by some - firmware like EFI boot managers (at least on HP i2000 Itanium - servers) in order to boot an image using - <application>TFTP</application>.</para> - - <para arch="alpha">&man.timed.8; now works on the alpha.</para> - - <para>A version of Transport Independent RPC - (<application>TI-RPC</application>) has been imported.</para> - - <para role="historic">&man.tmpnam.3; will now use the <envar>TMPDIR</envar> - environment variable, if set, to specify the location of - temporary files. &merged;</para> - - <para>&man.tip.1; has been updated from - <application>OpenBSD</application>, and has the ability to act - as a &man.cu.1; substitute.</para> - - <para>&man.top.1; will now use the full width of its tty.</para> - - <para>&man.touch.1; now takes a <option>-h</option> option to - operate on a symbolic link, rather than what the link points - to.</para> - - <para>&man.tr.1; now has basic support for equivalence classes - for locales that support them. &merged;</para> - - <para>&man.tr.1; now supports a <option>-C</option> flag to - complement the set of characters specified by the first string - argument.</para> - - <para role="historic">The &man.truncate.1; utility, which truncates or extends the - length of files, has been added. &merged;</para> - - <para>&man.tunefs.8; now supports the <option>-a</option> and - <option>-l</option> flags to enable and disable the - <literal>FS_ACLS</literal> and <literal>FS_MULTILABEL</literal> - administrative flags on UFS file system.</para> - - <para>A &man.ugidfw.8; utility has been added to manage the - rulesets provided by the <literal>mac_bsdextended</literal> - Mandatory Access Control policy, similar to &man.ipfw.8;.</para> - - <para role="historic">Ukrainian language support has been added to the &os; - console. &merged;</para> - - <para><application>UUCP</application> has been removed from the - base system. It can be found in the Ports Collection, in - <filename role="package">net/freebsd-uucp</filename>.</para> - - <para>&man.unexpand.1; now supports a <option>-t</option> to - specify tabstops analogous to &man.expand.1;. &merged;</para> - - <para role="historic">&man.units.1; has received some updates and - bugfixes. &merged;</para> - - <para>&man.usbdevs.8; now supports a <option>-d</option> flag to - show the device driver associated with each device.</para> - - <para role="historic">The &man.usbhidctl.1; utility has been added to manipulate - USB Human Interface Devices. &merged;</para> - - <para role="historic">&man.uuencode.1; and &man.uudecode.1; now accept a <option>-o</option> option to - set their output files. &man.uuencode.1; can now be made to do base64 encoding - when given the <option>-m</option> flag, while &man.uudecode.1; - can now automatically decode base64 files. &merged;</para> - - <para>The base64 capabilities of &man.uuencode.1; and - &man.uudecode.1; can now be automatically enabled by invoking - these utilities as &man.b64encode.1; and &man.b64decode.1; - respectively. &merged;</para> - - <para>Functions to implement and manipulate OSF/DCE 1.1-compliant - UUIDs have been added to <filename>libc</filename>. More - information can be found in &man.uuid.3;.</para> - - <para>The &man.uuidgen.1; utility has been added. It uses the new - &man.uuidgen.2; system call to generate one or more Universally - Unique Identifiers compatible with OSF/DCE 1.1 version 1 - UUIDs.</para> - - <para role="historic">&man.vidcontrol.1; now accepts a <option>-g</option> - parameter to select custom text geometry in the - <literal>VESA_800x600</literal> raster text mode. &merged;</para> - - <para role="historic">&man.vidcontrol.1; now allows the user to omit the font size - specification when loading a font, and has some better - error-handling. &merged;</para> - - <para role="historic">&man.vidcontrol.1; now supports a <option>-p</option> option - to take a snapshot of a &man.syscons.4; video buffer. These - snapshots can be manipulated by the - <filename role="package">graphics/scr2png</filename> utility in - the Ports Collection. &merged;</para> - - <para role="historic">&man.vidcontrol.1; now supports a <option>-C</option> option - to clear the history buffer for a given tty, as well as a - <option>-h</option> option to set the size of the history - buffer. &merged;</para> - - <para>&man.vidcontrol.1; now accepts a <option>-S</option> to - allow the user to disable VTY switching. &merged;</para> - - <para>The default stripe size in &man.vinum.8; has been changed - from 256KB to 279KB, to spread out superblocks more evenly - between stripes.</para> - - <para role="historic">&man.wall.1; now supports a <option>-g</option> flag to - write a message to all users of a given group. &merged;</para> - - <para role="historic">&man.watch.8; now takes a <option>-f</option> option to - specify a &man.snp.4; device to use. &merged;</para> - - <para>&man.wc.1; now supports a <option>-m</option> flag to - count characters, rather than bytes.</para> - - <para>&man.whereis.1;, formerly a Perl script, has been - rewritten in C. It now supports a <option>-x</option> flag to - suppress the run of &man.locate.1;, and a <option>-q</option> - flag suppresses the leading name of the query.</para> - - <para>&man.whereis.1; now supports a <option>-a</option> flag - to report all matches instead of only the first of each - requested type.</para> - - <para>&man.which.1; is now a C program, rather than a Perl - script.</para> - - <para>&man.who.1; now has a number of new options: - <option>-H</option> shows column headings; <option>-T</option> - shows &man.mesg.1; state; <option>-m</option> is an equivalent - to <option>am i</option>; <option>-u</option> shows idle time; - <option>-q</option> to list names in columns. &merged;</para> - - <para role="historic">&man.whois.1; now directs queries for IP addresses to ARIN. - If a query to ARIN references APNIC or RIPE, the appropriate - server will also be queried, provided that the - <option>-Q</option> option is not specified. &merged;</para> - - <para role="historic">&man.whois.1; supports a <option>-c</option> option to - specify a country code to help direct queries towards a - particular whois server. &merged;</para> - - <para>&man.wicontrol.8; now supports a <option>-l</option> to list - the stations associated in <literal>hostap</literal> mode and a - <option>-L</option> to list available access points.</para> - - <para>&man.xargs.1; now supports a <option>-I</option> - <replaceable>replstr</replaceable> option that allows the user - to tell &man.xargs.1; to insert the data read from standard - input at specific points in the command line arguments rather - than at the end. (A &os;-specific <option>-J</option> option is - similar.) &merged;</para> - - <para>&man.xargs.1; now supports a <option>-L</option> option to - force its utility argument to be called after some number of - lines. &merged;</para> - <para>&man.xargs.1; now supports a <option>-P</option> option to execute multiple copies of the same utility in parallel.</para> - <para role="historic">The compiler chain now uses the FSF-supplied C/C++ runtime - initialization code. This change brings about better - compatibility with code generated from the various egcs and gcc - ports, as well as the stock public FSF source. &merged;</para> - - <para role="historic">The threads library has gained some signal handling changes, - bug fixes, and performance enhancements (including zero system - call thread switching). &man.gdb.1; thread support has been - updated to match these changes. &merged;</para> - - <para role="historic">Significant additions have been made to internationalization - support; &os; now has complete locale support for the - <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, - and <literal>LC_MESSAGES</literal> categories. A number of - applications have been updated to take advantage of this - support. &merged;</para> - - <para role="historic">Locale names have been changed to improve compatibility with - the names used by X11R6, as well as a number of other UNIX - versions. As an example, the - <literal>en_US.ISO_8859-1</literal> locale name has been changed - to - <literal>en_US.ISO8859-1</literal>. Entries in - <filename>/etc/locale.alias</filename> provide backward - compatibility. &merged;</para> - - <para>Various routines in the C library now have support for - <quote>wide</quote> characters. Among these are - character class functions such as &man.wctype.3;, wide character - I/O functions such as &man.getwc.3;, formatted I/O functions - such as &man.wprintf.3; and &man.wscanf.3;. Conversion - functions to &man.multibyte.3; characters are also supported.</para> - - <para role="historic"><filename>/usr/src/share/examples/BSD_daemon/</filename> now - contains a scalable Beastie graphic. &merged;</para> - - <para role="historic">As part of an ongoing process, many manual pages were - improved, both in terms of their formatting markup and in their - content. &merged;</para> - - <para>A number of utilities and libraries were enhanced to improve - their conformance with the Single UNIX Specification (SUSv3) and - IEEE Std 1003.1-2001 (<quote>POSIX.1</quote>). Specific - features added have been listed in the release notes for each - utility. The standards conformance of each utility or library - function is generally listed in its manual page.</para> - - <para>A number of traditional BSD games have been removed from the base system; - they are now available in the <filename - role="package">games/freebsd-games</filename> port. - These include: adventure(6), arithmetic(6), atc(6), - backgammon(6), battlestar(6), bs(6), canfield(6), cribbage(6), - fish(6), hack(6), hangman(6), larn(6), mille(6), phantasia(6), - piano(6), pig(6), quiz(6), rain(6), robots(6), rogue(6), - sail(6), snake(6), trek(6), wargames(6), worm(6), worms(6), and - wump(6). dm(8), which was used to control access to games, is - no longer necessary, and has also been removed. The - <quote>utility-like</quote> games, as well as &man.fortune.6;, - remain.</para> - <sect3> <title>Contributed Software</title> - <para><application>am-utils</application> has been updated to - 6.0.7.</para> - - <para>A 13 December 2002 snapshot of <application>awk</application> from Bell Labs (variously - known as <quote>BWK awk</quote> or <quote>The One True - AWK</quote>) has been imported. It is available as - <command>awk</command> or - <command>nawk</command>.</para> - - <para role="historic"><application>bc</application> has been updated from 1.04 to - 1.06. &merged;</para> - - <para role="historic">The ISC library from the <application>BIND</application> - distribution is now built as - <filename>libisc</filename>. &merged;</para> - - <para role="historic"><application>BIND</application> is now built with the - <literal>NOADDITIONAL</literal> flag, which causes - &man.named.8; to operate in a more consistent fashion for - certain common misconfigurations. &merged;</para> - - <para><application>BIND</application> has been updated to - 8.3.3. &merged;</para> - - <para><application>Binutils</application> has been updated to - a pre-release snapshot of 2.13.2 from 27 October 2002.</para> - - <para role="historic"><application>bzip2</application> 1.0.2 has been imported; - this brings the &man.bzip2.1; program and the - <filename>libbz2</filename> library to the base - system. &merged;</para> + <para><application>awk</application> from Bell Labs has been + updated to a 13 December 2002 snapshot.</para> <para>All of the <application>bzip2</application> suite of applications is now installed in the base system (in particular, <command>bzip2recover</command> is now built and installed. &merged;</para> - <para role="historic">The &man.ee.1; <application>Easy Editor</application> has - been updated to 1.4.2. &merged;</para> - - <para><application>file</application> has been updated to - 3.39.</para> - - <para><application>gcc</application> has been updated to - <application>gcc</application> 3.2.1 (released version). - <warning> - <para>The C++ ABI from <application>gcc</application> - 3.2.1 is not compatible with - previous versions.</para> - </warning> - </para> - - <para role="historic">&man.gcc.1; now uses a unified <filename>libgcc</filename> - rather than a separate one for threaded and non-threaded - programs. <filename>/usr/lib/libgcc_r.a</filename> can be - removed. &merged;</para> - - <para role="historic">&man.gcc.1; now supports the environment variable - <envar>GCC_OPTIONS</envar>, which can hold a set of default - options for <application>GCC</application>. &merged;</para> - - <para><application>gdb</application> has been updated to version - 5.2.1.</para> - - <para role="historic"><application>GNATS</application> has been updated to - 3.113. &merged;</para> - - <para><application>gperf</application> has been updated to - 2.7.2.</para> - - <para><application>groff</application> and its related utilities - have been updated to FSF version 1.18.1.</para> - - <para><application>Heimdal Kerberos</application> has been updated to - 0.5.1. &merged;</para> - - <para role="historic">The version of <application>IPFilter</application> - provided with &os; now includes the &man.ipfs.8; program, - which allows state information created for NAT entries and - stateful rules to be saved to disk and restored after a - reboot. Boot-time configuration of these features is - supported by &man.rc.conf.5;. &merged;</para> - <para>The <application>ISC DHCP</application> client has been updated to 3.0.1RC11.</para> - <para role="historic"><application>Kerberos IV</application> has been updated to - 1.0.5. &merged;</para> - - <para>The &man.more.1; command has been replaced by - &man.less.1;, although it can still be run as - <command>more</command>. &merged; Version 371 of - <application>less</application> has been imported.</para> - - <para>An XML processing library, named - <filename>libbsdxml</filename>, has been added for the benefit - of XML-using utilities in the base system. It is based almost - entirely on an import of <application>expat</application> - 1.95.5, but is installed under a different name to avoid - conflicts with any versions of - <application>expat</application> installed from the Ports - Collection.</para> - - <para><application>libpcap</application> has been updated to - 0.7.1. &merged;</para> - - <para><application>libreadline</application> has been updated to - 4.2.</para> - - <para><application>libz</application> has been updated to - 1.1.4.</para> - - <para><application>lint</application> has been updated to - snapshot of NetBSD &man.lint.1; as of 19 July 2002.</para> - - <para><application>lukemftp</application> 1.6 beta 2 (the FTP client from - NetBSD) has replaced the &os; &man.ftp.1; program. Among its - new features are more automation methods, better standards - compliance, transfer rate throttling, and a customizable - command-line prompt. Some environment variables and - command-line arguments have changed.</para> - - <para>&man.m4.1; has been imported from OpenBSD, as of 26 April - 2002. &merged;</para> - - <para><application>ncurses</application> has been updated to - 5.2-20020615.</para> - - <para>The <application>NTP</application> suite of programs has - been updated to 4.1.1b.</para> - - <para><application>OpenPAM</application> - (<quote>Daffodil</quote> release) has been imported, - replacing - <application>Linux-PAM</application>.</para> - - <para>The <application>OPIE</application> one-time-password - suite has been updated to 2.4. It has completely - replaced the functionality of - <application>S/Key</application>. &merged;</para> - - <para><application>Perl</application> has been removed from the - &os; base system. It can be installed from the &os; - Ports Collection, as a binary package, or via the <guimenuitem>Perl - distribution</guimenuitem> item in &man.sysinstall.8;'s - distribution menu. - Moving Perl out of the - base system will make future upgrades and maintenence easier. - To reduce the dependence of the base system on - Perl, many utilities have been - rewritten as shell scripts or C programs (specific notes are - made for each affected utility). - - <note> - <para>The Perl script removal work is ongoing.</para> - </note> - - <note> - <para>Most of the distribution sets in &man.sysinstall.8; - include the new Perl distribution. This change will - therefore be transparent to most users, with the exception - that updating Perl will be done separately from the base - system.</para> - </note> - - </para> - - <para><application>GNU ptx</application> has been removed from - the base system. It is not used anywhere in the base system, - and has not been recently updated or maintained. Users - requiring its functionality can install this utility as a part - of the <filename role="package">textproc/textutils</filename> - port.</para> - - <para>The <literal>rc.d</literal> framework from NetBSD has been - imported. It breaks down the system startup functionality - into a number of small, <quote>task-oriented</quote> scripts - in <filename>/etc/rc.d</filename>, with dynamic-determined - ordering of startup scripts performed at boot-time.</para> - - <para role="historic">&man.routed.8; has been updated to version - 2.22. &merged;</para> - - <para arch="i386,pc98">Version 1.4.5 of the - <application>smbfs</application> userland utilities has been - imported. &merged;</para> - - <para><application>GNU sort</application> has been updated to - the version from <application>GNU textutils - 2.0.21</application>.</para> - - <para>&man.stat.1; from <application>NetBSD</application>, as of - 5 June 2002 has, been imported.</para> - - <para><application>GNU tar</application> has been updated to - 1.13.25. &merged;</para> - - <para><application>tcpdump</application> has been updated to - 3.7.1. &merged;</para> - - <para>The &man.csh.1; shell has been replaced by &man.tcsh.1;, - although it can still be run as <command>csh</command>. - <application>tcsh</application> has been updated to version - 6.12. &merged;</para> - - <para>The contributed version of - <application>tcp_wrappers</application> now includes the - &man.tcpd.8; helper daemon. While not strictly necessary in a - standard &os; installation (because &man.inetd.8; already - incorporates this functionality), this may be useful for - &man.inetd.8; replacements such as - <application>xinetd</application>. &merged;</para> - - <para><application>texinfo</application> has been updated to - 4.2. &merged;</para> - - <para><application>top</application> has been updated to version - 3.5b12. &merged;</para> - - <para><application>traceroute</application> has been updated to - LBL version 1.4a12.</para> - - <para role="historic">&man.traceroute.8; now takes its default maximum TTL value - from the <varname>net.inet.ip.ttl</varname> sysctl - variable. &merged;</para> - - <para>The timezone database has been updated to the - <filename>tzdata2002d</filename> release. &merged;</para> - - <sect4> - <title>CVS</title> - - <para><application>cvs</application> has been updated to - a snapshot of 1.11.2.1, as of 1 December 2002. &merged;</para> - - <para role="historic">The default value for &man.cvs.1;'s - <envar>CVS_RSH</envar> variable is now - <literal>ssh</literal>, rather than - <literal>rsh</literal>. &merged;</para> - - <para role="historic">&man.cvs.1; now supports a <option>-T</option> option to - update a sandbox's <filename>CVS/Template</filename> file - from the repository. &merged;</para> - - <para role="historic">&man.cvs.1; <literal>diff</literal> now supports the - <option>-j</option> option to perform differences against a - revision relative to a branch tag. &merged;</para> - </sect4> - - <sect4> - <title>CVSup</title> - - <para role="historic"><application>CVSup</application>, a frequently used - utility in the &os; Ports Collection, was formerly - installable using several ports and packages. The - <filename role="package">net/cvsup-bin</filename> and - <filename role="package">net/cvsupd-bin</filename> - ports/packages are no longer necessary or available; the - <filename role="package">net/cvsup</filename> port should be - used instead. &merged;</para> - - <para role="historic"><application>CVSup</application> has been updated to - 16.1_3, which is available in the &os; Ports Collection as - <filename role="package">net/cvsup</filename>. This update - fixes a long-standing (but only recently encountered) bug - which affects the timestamps on all files after Sun Sep 9 - 01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX - epoch). &merged;</para> - </sect4> - - <sect4 id="kame-userland"> - <title>KAME</title> - - <para role="historic">The IPv6 stack is now based on a snapshot based on the - KAME Project's IPv6 snapshot as of 28 May, 2001. Most of - the items listed in this section are a result of this - import. - <xref linkend="kame-kernel"> lists kernel updates to the - KAME IPv6 stack. &merged;</para> - - <para role="historic">&man.faithd.8; now supports a configuration file for - access control. &merged;</para> - - <para role="historic">&man.ifconfig.8; can now perform the functions of - gifconfig(8). &merged;</para> - - <para role="historic">&man.ifconfig.8; can now perform the functions of - prefix(8). &merged;</para> - - <para role="historic">&man.ndp.8; now implements garbage collection for stale - NDP entries, as described in RFC 2461 (Neighbor Discovery - for IP Version 6 (IPv6)). &merged;</para> - - <para role="historic">pim6dd(8) and pim6sd(8) have been removed due - to restrictive licensing conditions. These programs are - available in the ports collection as - <filename role="package">net/pim6dd</filename> and - <filename role="package">net/pim6sd</filename>. &merged;</para> - - <para role="historic">&man.route6d.8; now supports an <option>-n</option> flag - to avoid updating the kernel forwarding - table. &merged;</para> - - <para role="historic">The <option>-R</option> (router renumbering) option to - &man.rtadvd.8; is currently ignored. &merged;</para> - </sect4> - - <sect4> - <title>OpenSSH</title> - - <para role="historic"><application>OpenSSH</application> has been updated to - 2.9, which provides support for the SSH2 protocol (now the - default) and DSA keys. &man.ssh-add.1; and - &man.ssh-agent.1; can now handle DSA keys, with support for - authentication forwarding. - <application>OpenSSH</application> users in the USA no - longer need to rely on the restrictively-licensed RSAREF - toolkit which is required to handle RSA keys. Among other - new features: A client and server for &man.sftp.1; has been added. - &man.scp.1; can now handle files larger than 2 GBytes. A - limit on the number of outstanding, unauthenticated - connections in &man.sshd.8; has been added. Support has - been added for the Rijndael encryption algorithm. Rekeying - of existing sessions is now supported, and an experimental - <application>SOCKS4</application> proxy has been added to - &man.ssh.1;. &merged;</para> - - <para><application>OpenSSH</application> has been updated to - version 3.4p1. &merged; Among the changes: - <itemizedlist> - <listitem> - <para>The <filename>*2</filename> files are obsolete - (for example, - <filename>~/.ssh/known_hosts</filename> can hold the - contents of - <filename>~/.ssh/known_hosts2</filename>).</para> - </listitem> - <listitem> - <para>&man.ssh-keygen.1; can import and export keys using - the SECSH Public Key File Format, for key exchange - with several commercial SSH implementations.</para> - </listitem> - <listitem> - <para>&man.ssh-add.1; now adds all three default keys.</para> - </listitem> - <listitem> - <para>&man.ssh-keygen.1; no longer defaults to a - specific key type; one must be specified with the - <option>-t</option> option.</para> - </listitem> - <listitem> - <para>A <quote>privilege separation</quote> feature, - which uses unprivileged processes to contain and - restrict the effects of future compromises or - programming errors.</para> - </listitem> - - <listitem> - <para>Several bugfixes, including closure of a - security hole that could lead to an integer overflow - and undesired privilege escalation.</para> - </listitem> - </itemizedlist> - </para> - - <para role="historic"><application>OpenSSH</application> can now authenticate - using <application>OPIE</application> passwords. &merged;</para> - - <para role="historic"><application>PAM</application> support for - <application>OpenSSH</application> has been added. &merged;</para> - - <para role="historic">A long-standing bug in - <application>OpenSSH</application>, which sometimes resulted - in a dropped session when an X11-forwarded client was - closed, was fixed. &merged;</para> - - <para role="historic"><application>Kerberos</application> compatibility has - been added to - <application>OpenSSH</application>. &merged;</para> - - <para role="historic"><application>OpenSSH</application> has been modified to - be more resistant to traffic analysis by requiring that - <quote>non-echoed</quote> characters are still echoed back - in a null packet, as well as by padding passwords sent so as - not to hint at password lengths. &merged;</para> - - <para role="historic">&man.sshd.8; is now enabled by default on new - installs. &merged;</para> - - <para role="historic">&man.sshd.8; <literal>X11Forwarding</literal> is now - turned on by default on the server (any risk is to the - client, where it is already disabled by - default). &merged;</para> - - <para role="historic">In <filename>/etc/ssh/sshd_config</filename>, the - <literal>ConnectionsPerPeriod</literal> parameter has been - deprecated in favor of - <literal>MaxStartups</literal>. &merged;</para> - - <para role="historic"><application>OpenSSH</application> now has a - <literal>VersionAddendum</literal> configuration setting for - &man.sshd.8; to allow changing the part of the - <application>OpenSSH</application> version string after the - main version number. &merged;</para> - </sect4> - - <sect4> - <title>OpenSSL</title> - - <para><application>OpenSSL</application> has been updated to - 0.9.6g. &merged;</para> - - <para role="historic"><application>OpenSSL</application> now has support for - machine-dependent ASM optimizations, activated by the new - <varname>MACHINE_CPU</varname> and/or - <varname>CPUTYPE</varname> - <filename>make.conf</filename> variables. &merged;</para> - </sect4> - - <sect4> - <title>sendmail</title> - - <para><application>sendmail</application> has been updated - from version 8.9.3 to version 8.12.6. Important changes - include: &man.sendmail.8; is no longer installed as a - set-user-ID <username>root</username> binary (now set-group-ID <groupname>smmsp</groupname>); new - default file locations (see - <filename>/usr/src/contrib/sendmail/cf/README</filename>); - &man.newaliases.1; is limited to <username>root</username> - and trusted users; STARTTLS encryption; and the MSA port - (587) is turned on by default. See - <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> - for more information. &merged;</para> - - <para role="historic">&man.mail.local.8; is no longer installed as a - set-user-ID binary. If you are using a - <filename>/etc/mail/sendmail.cf</filename> from the default - <filename>sendmail.cf</filename> included with &os; any time - after 3.1.0, you are fine. If you are using a - hand-configured <filename>sendmail.cf</filename> and - <command>mail.local</command> for delivery, check to make sure the - <literal>F=S</literal> flag is set on the - <literal>Mlocal</literal> line. Those with - <filename>.mc</filename> files who need to add the flag can - do so by adding the following line to their - <filename>.mc</filename> file and regenerating the - <filename>sendmail.cf</filename> file:</para> - - <programlisting role="historic">MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting> - - <para role="historic">Note that <literal>FEATURE(`local_lmtp')</literal> already - does this. &merged;</para> - - <para role="historic">The default <filename>/etc/mail/sendmail.cf</filename> - disables the SMTP <literal>EXPN</literal> and - <literal>VRFY</literal> commands. &merged;</para> - - <para role="historic">&man.vacation.1; has been updated to use the version - included with <application>sendmail</application>. &merged;</para> - - <para role="historic">The <application>sendmail</application> configuration - building tools are installed in - <filename>/usr/share/sendmail/cf/</filename>. &merged;</para> - - <para role="historic">New <filename>make.conf</filename> options: - <varname>SENDMAIL_MC</varname> and - <varname>SENDMAIL_ADDITIONAL_MC</varname>. See - <filename>/usr/share/examples/etc/make.conf</filename> for more - information. &merged;</para> - - <para role="historic"><filename>/etc/mail/Makefile</filename> now supports: - the new <varname>SENDMAIL_MC</varname> - <filename>make.conf</filename> option; the ability to build - <filename>.cf</filename> files from - <filename>.mc</filename> files; generalized map rebuilding; - rebuilding the aliases file; and the ability to stop, start, - and restart - <application>sendmail</application>. &merged;</para> - - <para role="historic">The <username>smmsp</username> and - <username>mailnull</username> users have been added to - <filename>/etc/master.passwd</filename>. In the absence of a - <literal>confDEF_USER_ID</literal> setting, by default, - <application>sendmail</application> will use the - <username>mailnull</username> user for extra security. - Previously, if the <username>mailnull</username> user did - not exist, the <username>daemon</username> user was used. - This change may generate some permissions issues when - mailing to files or to programs (such as <filename - role="package">mail/majordomo</filename>). &merged; The - previous behavior can be restored by adding the following - line to a system's - <filename><replaceable>*</replaceable>.mc</filename> - configuration file: - - <programlisting>define(`confDEF_USER_ID', `daemon')</programlisting> - </para> - - <para role="historic">Beginning with the import of - <application>sendmail</application> 8.12.2, multiple - <application>sendmail</application> daemons (some required - to handle outgoing mail) are started by &man.rc.8;, even if - the <varname>sendmail_enable</varname> variable is set to - <literal>NO</literal>. To completely disable - <application>sendmail</application>, - <varname>sendmail_enable</varname> must be set to - <literal>NONE</literal>. Alternatively, for systems using a - different MTA, the <varname>mta_start_script</varname> variable can - be used to point to a different startup script (more details - can be found in &man.rc.sendmail.8;). &merged;</para> - - <para>By default, &man.rc.8; no longer enables - <application>sendmail</application> for inbound SMTP - connections. Note that &man.sysinstall.8; may override this - default for a binary installation, based on what security - profile is selected. This functionality can also be - manually enabled by adding the following line to - <filename>/etc/rc.conf</filename>:</para> - - <programlisting>sendmail_enable="YES"</programlisting> - - <para>The permissions for <application>sendmail</application> - alias and map databases built via - <filename>/etc/mail/Makefile</filename> now default to mode - 0640 to protect against a file locking local denial of service. - It can be changed by setting the new - <varname>SENDMAIL_MAP_PERMS</varname> - <filename>make.conf</filename> option. &merged;</para> - - <para>The permissions for the <application>sendmail</application> - statistics file, <filename>/var/log/sendmail.st</filename>, have - been changed from mode 0644 to mode 0640 to protect against - a file locking local denial of service. &merged;</para> - - </sect4> + <para><application>OpenPAM</application> has been updated to the + <quote>Daffodil</quote> release.</para> </sect3> <sect3> <title>Ports/Packages Collection Infrastructure</title> - <para><application>BSDPAN</application>, a collection of modules - that provides tighter integration of - <application>Perl</application> into the &os; Ports - Collection, has been added.</para> - - <para role="historic">&man.pkg.create.1; and &man.pkg.add.1; can now work with - packages that have been compressed using - &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT - environment variable to determine a mirror site for new - packages. &merged;</para> - - <para role="historic">&man.pkg.create.1; now records dependencies in dependency - order rather than in the order specified on the command line. - This improves the functioning of <command>pkg_add - -r</command>. &merged;</para> - - <para role="historic">&man.pkg.create.1; now supports a <option>-b</option> to - create a package file from a locally-installed - package. &merged;</para> - - <para role="historic">When requested to delete multiple packages, - &man.pkg.delete.1; will now attempt to remove them in - dependency order rather than the order specified on the - command line. &merged;</para> - - <para role="historic">&man.pkg.delete.1; now can perform glob/regexp matching of - package names. In addition, it supports a <option>-a</option> - option for removing all packages and a <option>-i</option> - option for &man.rm.1;-style interactive - confirmation. &merged;</para> - - <para role="historic">&man.pkg.delete.1; now supports a <option>-r</option> - option for recursive package removal. &merged;</para> - - <para role="historic">&man.pkg.info.1; now supports globbing against names of - installed packages. The <option>-G</option> option disables - this behavior, and the <option>-x</option> option causes - regular expression matching instead of shell - globbing. &merged;</para> - - <para role="historic">&man.pkg.info.1; can now accept a <option>-g</option> flag - for verifying an installed package against its recorded - checksums (to see if it's been modified post-installation). - Naturally, this mechanism is only as secure as the contents of - <filename>/var/db/pkg</filename> if it's to be used for auditing - purposes. &merged;</para> - - <para role="historic">&man.pkg.sign.1; and &man.pkg.check.1; have been added to - digitally sign and verify the signatures on binary package - files. &merged;</para> - - <para>For some time, &os; 5.0-CURRENT (as well as some 4.X - releases) included a pkg_update(1) utility to update installed - packages, as well as their dependencies. This utility has - been removed; a superset of its functionality can be found in - the <filename role="package">sysutils/portupgrade</filename> - port.</para> - - <para role="historic">&man.pkg.version.1; now has a version number comparison - routine that corresponds to the Porters Handbook. It also has - a <option>-t</option> option for testing address comparisons. - &merged;</para> - - <para role="historic">&man.pkg.version.1; now takes a <option>-s</option> flag - to limit its operation to ports/packages matching a given - string. &merged;</para> - - <para>&man.pkg.version.1;, formerly a Perl script, has been - rewritten in C. The <option>-c</option>, frequently misused, - has been removed. The <filename - role="package">sysutils/portupgrade</filename> port provides a - supported and safer alternative.</para> - - <para role="historic">Version numbers of installed packages have a new - (backward-compatible) syntax, which supports the - <varname>PORTREVISION</varname> and - <varname>PORTEPOCH</varname> variables in Ports Collection - <filename>Makefile</filename>s. These changes help keep track - of changes in the ports collection entries such as security - patches or &os;-specific updates, which aren't reflected in - the original, third-party software distributions. - &man.pkg.version.1; can now compare these new-style version - numbers. &merged;</para> - - <para role="historic">To improve performance and disk utilization, the - <quote>ports skeletons</quote> in the &os; Ports Collection - have been restructured. Installed ports and packages should - not be affected. &merged;</para> - - <para role="historic">All packages and ports now contain an - <quote>origin</quote> directive, which makes it easier for - programs such as &man.pkg.version.1; to determine the - directory from which a package was built. &merged;</para> - - <para>The Ports Collection infrastructure now uses - <application>XFree86</application> 4.2.1 as the default version - of the X Window System for the purposes of satisfying - dependencies. To return to using - <application>XFree86</application> 3.3.6, add the following line - to <filename>/etc/make.conf</filename>: &merged;</para> - - <programlisting>XFREE86_VERSION=3</programlisting> - - <para>The libraries installed by the <filename - role="package">emulators/linux_base</filename> port (required - for Linux emulation) have been updated; they now correspond to - those included with <application>Red Hat Linux</application> - 7.1. &merged;</para> - - <para>By default, packages generated by the Ports Collection (as - well as the packages on the FTP sites) are now compressed - using &man.bzip2.1;, rather than &man.gzip.1;. (Thus, they - now have a <filename>.tbz</filename> extension, rather than a - <filename>.tgz</filename> extension.) The package - tools have been updated to handle the new format.</para> - - <para>The Ports Collection now maintains a separate index file - (<filename>/usr/ports/INDEX-5</filename>) for use with &os; - &release.branch;. A major motivation for a separate index - file is to cope with dependencies (such as <filename - role="package">lang/perl5</filename>) that exist in &os; - &release.branch; but not &os; 4-STABLE. The index file for - each package set is still called - <filename>INDEX</filename>.</para> - + <para></para> </sect3> </sect2> <sect2> <title>Release Engineering and Integration</title> - <para>The <filename>bin</filename> distribution has been renamed - <filename>base</filename>, in order to make creation of combined - install/recovery disks easier.</para> - - <para arch="i386">ISO images and CDROMs now use the - <filename>cdboot</filename> boot loader by default. This - eliminates the need for an emulated floppy disk image on - a bootable CDROM and allows for a full - <filename>GENERIC</filename> kernel to be used for CDROM - installations, at the expense of compatability with some old - BIOSs.</para> - - <para arch="i386,pc98,alpha" role="historic"><application>XFree86</application> 4.2.0 - is now the default version of the X Window System supported by - &man.sysinstall.8;. It installs - <application>XFree86</application> as a set of standard binary - packages, so the usual package utilities such as - &man.pkg.info.1; can be used to examine/manipulate its - components. &merged;</para> - - <para>It is now possible to make releases of &os; - 5-CURRENT on a &os; 4-STABLE host and vice versa. Cross-architecture - (building a release for a target architecture on a host of a - different architecture) releases are also possible. See - &man.release.7; for details. &merged;</para> - - <para>A third <filename>drivers.flp</filename> floppy has been - added to floppy releases. It holds loadable modules - containing drivers that do not fit in the kernel on the - <filename>kern.flp</filename> disk or in the - <filename>mfsroot.flp</filename> image.</para> + <para></para> </sect2> <sect2> <title>Documentation</title> - <para>A number of formerly-encumbered documents from the 4.4 BSD - Programmer's Supplementary Documents have been restored to - <filename>/usr/share/doc/psd</filename>. These include:</para> - - <itemizedlist> - <listitem> - <para><emphasis>The UNIX Time-Sharing System</emphasis> - (<filename>01.cacm</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>UNIX Implementation</emphasis> - (<filename>02.implement</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>The UNIX I/O System</emphasis> - (<filename>03.iosys</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>UNIX Programming — Second Edition</emphasis> - (<filename>04.uprog</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>The C Programming Language — Reference Manual</emphasis> - (<filename>06.Clang</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>Yacc: Yet Another Compiler-Compiler</emphasis> - (<filename>15.yacc</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>Lex — A Lexical Analyzer Generator</emphasis> - (<filename>16.lex</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>The M4 Macro Processor</emphasis> - (<filename>17.m4</filename>)</para> - </listitem> - </itemizedlist> - - <para>Several formerly-encumbered documents from the 4.4 BSD - User's Supplementary Documents have been restored to - <filename>/usr/share/doc/usd</filename>. They include:</para> - - <itemizedlist> - <listitem> - <para><emphasis>NROFF/TROFF User's Manual</emphasis> - (<filename>21.troff</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>A TROFF Tutorial</emphasis> - (<filename>22.trofftut</filename>)</para> - </listitem> - </itemizedlist> + <para></para> </sect2> </sect1> diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index 093e75d..e2be9ff 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -96,3083 +96,85 @@ <sect2 id="kernel"> <title>Kernel Changes</title> - <para arch="i386,pc98">Execution of &man.a.out.5; format executables now - requires the <literal>COMPAT_AOUT</literal> option in the kernel - configuration or the loading of the <filename>aout.ko</filename> - kernel module.</para> - - <para>&man.acct.2; has been changed to open the accounting file in - append mode, so that &man.accton.8; can be used to enable - accounting to an append-only file. &merged;</para> - - <para arch="i386" role="historic">The &man.amdpm.4; driver has been added to - provide access to the system monitoring functions of the AMD 756 - chipset. &merged;</para> - - <para arch="i386,alpha,ia64" role="historic">The &man.agp.4; driver for AGP devices has been - added. &merged;</para> - - <para arch="i386,pc98">Preliminary support for Bluetooth devices has - been added, in the form of a series of Netgraph modules (see - &man.ng.bluetooth.4;). Two modules provide device driver - support for Bluetooth adapters: The &man.ng.bt3c.4; driver - supports the 3Com/HP Bluetooth PCCARD adapters, while the - &man.ng.ubt.4; driver supports several USB Bluetooth adapters. - - <note> - <para>Bluetooth support in &os; is a work in progress.</para> - </note> - - </para> - - <para>A new in-kernel cryptographic framework (see &man.crypto.4; - and &man.crypto.9;) has been imported from OpenBSD. It provides - a consistent interface to hardware and software implementations - of cryptographic algorithms for use by the kernel and access to - cryptographic hardware for user-mode applications. - Hardware device drivers are provided to support hifn-based cards - (&man.hifn.4;) and Broadcom-based cards (&man.ubsec.4;). &merged;</para> - - <para>A new &man.ddb.4; command <command>show pcpu</command> lists - some of the per-CPU data.</para> - - <para role="historic">Two new &man.ddb.4; commands, <command>hwatch</command> and - <command>dhwatch</command>, have been introduced. Analogous to - <command>watch</command> and <command>dwatch</command>, they - install hardware watchpoints (as opposed to software - watchpoints) if supported by the architecture. &merged;</para> - - <para>A <filename>devctl</filename> device has been added to allow - userland programs to learn when devices come and go in the device - tree. This facility is primarily used - by the &man.devd.8; utility.</para> - - <para>&man.devfs.5;, which allows entries in the - <filename>/dev</filename> directory to be built automatically - and supports more flexible attachment of devices, has been - largely reworked. &man.devfs.5; is now enabled by default and - can be disabled by the <literal>NODEVFS</literal> kernel - option. - A <quote>rule</quote> subsystem - permits the administrator to define certain properties of new device - nodes before they become visible to the userland. Both static (e.g. - <filename>/dev/speaker</filename>) and dynamic (e.g. - <filename>/dev/bpf*</filename>, some removable devices) nodes are - supported. Each &man.devfs.5; mount may have a different ruleset assigned to - it, permitting different policies to be implemented for things like - jails. Rules and rulesets are manipulated with the &man.devfs.8; - utility.</para> - - <para>A new digi driver has been added to support PCI Xr-based and - ISA Xem Digiboard cards. A new &man.digictl.8; program is - (mainly) used to re-initialize cards that have external port - modules attached such as the PC/Xem. This driver replaces the older - dgm driver.</para> - - <para>An &man.eaccess.2; system call has been added, similar to - &man.access.2; except that the former uses effective credentials - rather than real credentials.</para> - - <para arch="sparc64">Support has been added for EBus-based - devices.</para> - - <para arch="i386,pc98,powerpc">Initial support has been added for - FireWire devices (see &man.firewire.4;). &merged;</para> - - <para arch="i386" role="historic">The &man.ichsmb.4; driver for the Intel 82801AA - (ICH) SMBus controller and compatibles has been - added. &merged;</para> - - <para>Each &man.jail.2; environment can now run under its own - securelevel.</para> - - <para>The tunable sysctl variables for &man.jail.2; have moved - from <varname>jail.*</varname> to the - <varname>security.*</varname> hierarchy. Other security-related - sysctl variables have moved from <varname>kern.security.*</varname> to - <varname>security.*</varname>.</para> - - <para role="historic">The <varname>kern.maxvnodes</varname> limit now properly - limits the number of vnodes in use. Previously only vnodes with - no cached pages could be freed; this could allow the number of - vnodes to grow without limit on large-memory machines accessing - many small files. A <literal>vnlru</literal> kernel thread - helps to flush and reuse vnodes. &merged;</para> - - <para role="historic">The kernel message buffer is now accessible by the - (machine-independent) <varname>kern.msgbuf</varname> sysctl - variable; &man.dmesg.8; no longer needs to be SGID - <groupname>kmem</groupname>. &merged;</para> - - <para>The kernel environment is now dynamic, and can be changed - via the new &man.kenv.2; system call.</para> - - <para role="historic">The &man.kqueue.2; event notification facility was added to - the &os; kernel. This is a new interface which is able to - replace &man.poll.2;/&man.select.2;, offering improved - performance, as well as the ability to report many different - types of events. Support for monitoring changes in sockets, - pipes, fifos, and files are present, as well as for signals and - processes. &merged;</para> - - <para arch="i386,pc98" role="historic">A new <varname>KVA_SPACE</varname> kernel option - can be used to reconfigure the size of the kernel virtual - address space. &merged;</para> - - <para>The labpc(4) driver has been removed due to - <quote>bitrot</quote>.</para> - - <para>The loader and kernel linker now look for files named - <filename>linker.hints</filename> in each directory with KLDs - for a module name and version to KLD filename mapping. The new - &man.kldxref.8; utility is used to generate these files.</para> - - <para role="historic">Linux emulation now supports the kernel functionality - required by the - <filename role="package">emulators/linux_base</filename> - (RedHat 7.X emulation) port. &merged;</para> - - <para role="historic">Linux emulation now requires <literal>options - SYSVSEM</literal> in the kernel configuration. &merged;</para> - - <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control - security facility, has been added as a kernel module. It - provides a drop-in security mechanism in addition to the - traditional UID-based security facilities, requiring no - additional configuration from the administrator. Work on this - feature was sponsored by DARPA and NAI Labs.</para> - - <para>&os; now supports an extensible Mandatory Access Control - framework, the TrustedBSD MAC Framework. It permits loadable - kernel modules to link to the kernel at compile-time, boot-time, - or run-time to augment the system security policy. The - framework permits modules to express interest in a variety - of events, and also provides common security policy services - such as label storage. A variety of sample policy modules are - shipped in this release, including implementations of fixed - and floating label Biba integrity models, Multi-Level Security - (MLS) with compartments, and a number of augmented UNIX security - models including a file system firewall. This feature will - permit easier development and maintenance of local and vendor - security extensions. The extensibility service is enabled - by adding <literal>options MAC</literal> to the kernel - configuration. - - <note> - <para>The MAC framework is considered an experimental - feature in this release, and is not enabled by default</para> - </note> - </para> - - <para arch="ia64">Machine Check Architecture (MCA) records are now - collected at boot time and made available through the - <varname>hw.mca.*</varname> sysctl variables.</para> - - <para role="historic">The <varname>maxusers</varname> kernel configuration - parameter is now a boot-time tunable variable. The kernel - parameters derived from <varname>maxusers</varname> are now also - tunables and can be overridden at boot-time. The - <varname>hz</varname> parameter is also now a - tunable. &merged;</para> - - <para role="historic">Specifying a value of <literal>0</literal> for the - <varname>maxusers</varname> kernel configuration parameter will - now cause an appropriate value to be calculated at boot-time - (between 32 and 384, depending on the amount of memory present). - This value is now the default for all - <filename>GENERIC</filename> kernels. &merged;</para> - - <para arch="alpha" role="historic">A <varname>MAXMEM</varname> kernel option, - along with the <varname>hw.physmem</varname> loader tunable, can - be used to artificially reduce the memory size of a machine for - testing (or other purposes). &merged;</para> - - <para role="historic">The kernel configuration parameters - <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>, - <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>, - <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are - all loader tunables (<varname>kern.maxtsiz</varname>, - <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para> - - <para>&man.mutex.9; profiling code has been added, enabled by the - <literal>MUTEX_PROFILING</literal> kernel configuration option. - It enables the <varname>debug.mutex.prof.*</varname> hierarchy - of sysctl variables.</para> - - <para arch="i386,pc98" role="historic">The <literal>NCPU</literal>, - <literal>NAPIC</literal>, <literal>NBUS</literal>, and - <literal>NINTR</literal> kernel configuration options, - for configuring SMP kernels, have been removed. - <literal>NCPU</literal> is now set to a maximum of 16, - and the other, aforementioned options are now - dynamic. &merged;</para> - - <para role="historic">A &man.nmdm.4; null-modem terminal driver has been added. - &merged;</para> - - <para role="historic">The <literal>O_DIRECT</literal> flag has been added to - &man.open.2; and &man.fcntl.2;. Specifying this flag for open - files will attempt to minimize the cache effects of reading and - writing. &merged;</para> - - <para role="historic">An &man.orm.4; device has been added to claim the option - ROMs in the ISA memory I/O space, to prevent other drivers from - mistakenly assigning addresses that conflict with these - ROMs. &merged;</para> - - <para>The <literal>P1003_1B</literal> kernel option is no longer - used and has been removed.</para> - - <para arch="i386,pc98">PECOFF (Win32 Execution file format) support has - been added.</para> - - <para arch="pc98" role="historic">The pmc driver, which supports the power - management controller of the NEC PC-98NOTE, has been - added. &merged;</para> - - <para role="historic">POSIX.1b Shared Memory Objects are now supported. The - implementation uses regular files, but automatically enables the - MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para> - - <para role="historic">Replaced the <literal>PQ_*CACHE</literal> options with a - single <literal>PQ_CACHESIZE</literal> option to be set to the - cache size in kilobytes. The old options are still supported - for backwards compatibility. &merged;</para> - - <para arch="i386,pc98" role="historic">The &man.puc.4; (PCI <quote>Universal</quote> - Communications) driver has been added, to help connect PCI-based - serial ports to the &man.sio.4; driver. &merged;</para> - - <para>The &man.random.4; device has been rewritten to use the - <application>Yarrow</application> algorithm. It harvests - entropy from a variety of interrupt sources, including the - console devices, Ethernet and point-to-point network interfaces, - and mass-storage devices. Entropy from the &man.random.4; - device is now periodically saved to files in - <filename>/var/db/entropy</filename>, as well as at shutdown - time. The semantics of <filename>/dev/random</filename> have - changed; it never blocks waiting for entropy bits but generates - a stream of pseudo-random data and now behaves exactly as - <filename>/dev/urandom</filename>.</para> - - <para>A new kernel option, <literal>options REGRESSION</literal>, - enables interfaces and functionality intended for use during - correctness and regression testing.</para> - - <para><literal>RLIMIT_VMEM</literal> support has been added. This - feature defines a new resource limit that covers a process's - entire virtual memory space, including &man.mmap.2; space. This - limit can be configured in &man.login.conf.5; via the new - <varname>vmemoryuse</varname> variable. &merged;</para> - - <para arch="sparc64">Support has been added for SBus-based - devices.</para> - - <para arch="sparc64">The sab driver, which supports the Siemens - SAB82532 serial chip found on many newer Sparc Ultra machines, - has been added.</para> - - <para>A bug in the &man.sendfile.2; system call, in which headers - counted against the size of the file to be sent, has been - fixed. &merged;</para> - - <para role="historic">The &man.snp.4; device is no longer static and can now be - compiled as a module. &merged;</para> - - <para arch="i386" role="historic">The &man.spic.4; driver, which provides access - to the Jog Dial device on some Sony laptops, has been - added. &man.moused.8; support for this device has also been - added. &merged;</para> - - <para>The &man.syscons.4; driver now supports keyboard-controlled - pasting, by default bound to - <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para> - - <para role="historic">Support for USB devices was added to the - <filename>GENERIC</filename> kernel and to the installation - programs to support USB devices out of the box. Note that SRM - does not support USB devices at the moment, so you must still - use an AT keyboard if you are not using a serial - console. &merged;</para> - - <para>The uaudio driver, for USB audio devices, has been - added. &merged;</para> - - <para arch="i386,pc98">The ubsa driver has been added to support - the Belkin F5U103 (and compatible) USB-to-serial adaptors. &merged;</para> - - <para arch="i386,pc98" role="historic">The &man.umodem.4; driver for USB modems - has been added. Support is provided for the 3Com 5605 and - Metricom Ricochet GS wireless USB modems. &merged;</para> - - <para arch="i386,pc98" role="historic">The &man.uscanner.4; driver for basic USB - scanner support using SANE has been added. See <ulink - url="http://www.mostang.com/sane/">the SANE home page</ulink> - for supported scanners. The HP ScanJet 4100C, 5200C and 6300C - are known to be working. &merged;</para> - - <para>The &man.ucom.4; device driver has been added, to support USB - modems, serial devices, and other programs that need to look - like a tty. The related &man.uftdi.4;, &man.uplcom.4;, &man.uvscom.4; drivers provide specific - support for FTDI serial adapters, the Prolific PL-2303 serial adapter and the SUNTAC - Slipper U VS-10U, respectively. &merged;</para> - - <para>To increase security, the <literal>UCONSOLE</literal> kernel - configuration option has been removed.</para> - - <para arch="i386,pc98">The UserConfig boot-time kernel configuration - feature, usually used to enable, disable, or configure ISA - devices, has been removed. Its functionality has been replaced - by the kernel hints file in - <filename>/boot/device.hints</filename>.</para> - - <para>The <literal>USER_LDT</literal> kernel option is now - activated by default.</para> - - <para>The &man.uvisor.4; driver for connecting Handspring Visors via USB - has been added. &merged;</para> - - <para>A VESA S3 linear framebuffer driver has been added.</para> - - <para arch="i386" role="historic">The &man.viapm.4; driver for VIA SMBus - power management controllers has been added. &merged;</para> + <para></para> <!-- Above this line, sort kernel changes by manpage/keyword--> - <para role="historic">Write combining for crashdumps has been implemented. This - feature is useful when write caching is disabled on both SCSI - and IDE disks, where large memory dumps could take up to an hour - to complete. &merged;</para> - - <para>The kernel crashdump infrastructure has been revised, to - support new platforms and in general clean up the logic in the - code. One implication of this change is that the on-disk format - for kernel dumps has changed, and is now - byte-order-agnostic.</para> - - <para>Extremely large swap areas (>67 GB) no longer panic the - system.</para> - - <para arch="alpha">Support for threads under Linux emulation has - been added.</para> - - <para role="historic">The <maketarget>buildkernel</maketarget> target now gets the - name of the configuration(s) to build from the - <varname>KERNCONF</varname> variable, not - <varname>KERNEL</varname>. It is no longer required, in some - cases, for a <maketarget>buildworld</maketarget> to precede a - <maketarget>buildkernel</maketarget>. (The - <maketarget>buildworld</maketarget> is still required when - upgrading across major releases, across - <application>binutil</application> updates and when - &man.config.8; changes version.) &merged;</para> - - <para role="historic">The out-of-swap process termination code now begins killing - processes earlier to avoid deadlocks; it now also takes into - account the swap space used by processes when computing the - process sizes. &merged;</para> - - <para>Linker sets are now self-contained; gensetdefs(8) is - unnecessary and has been removed.</para> - - <para role="historic">Network device cloning has been implemented, and the - &man.gif.4; device has been modified to take advantage of it. - Thus, instead of specifying how many &man.gif.4; interfaces are - available in kernel configuration files, &man.ifconfig.8;'s - <option>create</option> option should be used when another device - instance is desired. &merged;</para> - - <para>It is now possible to hardwire kernel environment variables - (such as tunables) at compile-time using &man.config.8;'s - <literal>ENV</literal> directive.</para> - - <para>Idle zeroing of pages can be enabled with the - <varname>vm.idlezero_enable</varname> sysctl variable.</para> - - <para arch="i386,pc98" role="historic">The load addresses of kernels are now exported - to the symbol table and various hard-coded constants have been - removed so that utilities such as &man.ps.1; can work with - kernels compiled at different addresses. &merged;</para> - - <para role="historic">Coredumps of large processes (or of a large number of - processes) no longer lock up the machine for long periods of - time. &merged;</para> - - <para>The &os; kernel scheduler now supports Kernel-Scheduled - Entities (KSEs), which provides support for multiple threads of - execution per process similar to Scheduler Activations. At this - point, the kernel has most of the changes needed to support - threading. The kernel scheduler can schedule multiple threads per - process, but only on a single CPU at a time. More information - can be found in &man.kse.2;. - - <note> - <para>KSE is a work in progress.</para> - </note> - - </para> - - <para>The kernel now has support for multiple low-level console - devices. The new &man.conscontrol.8; utility helps to manage - the different consoles.</para> - - <para arch="alpha">The console driver has gained support for - TGA-based display adapters.</para> - - <para role="historic">The kernel on the installation CDs is now separated from the - <filename>mfsroot</filename> image. This permits the use of a - full kernel when installing from CD on machines that support CD - booting (instead of the stripped-down kernel used on - floppies). &merged;</para> - - <para role="historic">The system load average computation now adds some jitter to - the timing of samples, in order to avoid synchronization with - processes that run periodically. &merged;</para> - - <para role="historic">If a debugging kernel with modules is being built - (i.e. using <literal>makeoptions DEBUG=-g</literal>), the - modules will now be built with debugging support as well, for - completeness. A side effect of this change is that modules - built and installed with debugging kernels will now occupy more - space on disk than they did previously. &merged;</para> - - <para role="historic">The kernel dump device can now be set via the - <varname>dumpdev</varname> loader tunable. As a result, it is - now possible to obtain crash dumps from panics during the late - stages of kernel initialization (before the system enters into - single-user mode). &merged;</para> - - <para>The kernel memory allocator is now a slab memory allocator, - similar to that used in Solaris. This is a SMP-safe memory - allocator that has near-linear performance as the number of CPUs - increases. It also allows for reduced memory - fragmentation.</para> - <sect3> <title>Processor/Motherboard Support</title> - <para>SMP support has been largely reworked, incorporating code - from BSD/OS 5.0. One of the main features of SMPng - (<quote>SMP Next Generation</quote>) is to allow more - processes to run in kernel, without the need for spin locks - that can dramatically reduce the efficiency of multiple - processors. Interrupt handlers now have contexts associated - with them that allow them to be blocked, which reduces the - need to lock out interrupts.</para> - - <para arch="i386,pc98">Support for the 80386 processor has been - removed from the <filename>GENERIC</filename> kernel, as this - code seriously pessimizes performance on other IA32 - processors. - The <literal>I386_CPU</literal> kernel option - to support the 80386 processor is now mutually exclusive with - support for other IA32 processors; this should slightly - improve performance on the 80386 due to the elimination of - runtime processor type checks. - Custom kernels that will run on the 80386 can - still be built by changing the CPU options in the kernel - configuration file to only include - <literal>I386_CPU</literal>.</para> - - <para arch="alpha" role="historic">AlphaServer 1200 (<quote>Tincup</quote>) has - been tested and works OK. Currently it does not want to boot - from CD or floppy but a transplanted disk that was installed - on another Alpha works well. &merged;</para> - - <para arch="alpha">The API UP1100 mainboard has been verified to - work.</para> - - <para arch="alpha">The API CS20 1U high server has been verified - to work.</para> - - <para arch="alpha">Support for AlphaServer 2100A - (<quote>Lynx</quote>) has been added.</para> - - <para arch="alpha">Kernel code has been added that allows older - generation Alpha CPUs (EV4 and EV5) to emulate instructions of - the newer Alpha CPU generations. This enables the use of - binary-only programs like <application>Adobe Acrobat - 4</application> on EV4 and EV5.</para> - - <para arch="alpha">SMP support for the Alpha is now operational.</para> - - <para arch="i386" role="historic">Detection for new processors, such as the - FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and - Transmeta Crusoe LongRun, has been added. &merged;</para> - - <para arch="alpha">Support for the following hardware has been - removed from the installation kernel to make it fit on a - 1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine, - sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595), - pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS - 900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb - (Winbond W89C840F).</para> - - <para arch="i386" role="historic">Support for Streaming <acronym>SIMD</acronym> - Extensions (<acronym>SSE</acronym>) has been introduced. The - <literal>CPU_ENABLE_SSE</literal> kernel option controls - whether support is compiled into the kernel. &merged;</para> - - <para arch="i386" role="historic">The <literal>CPU_ATHLON_SSE_HACK</literal> - kernel option has been added, which attempts to enable the SSE - feature bit on newer Athlon CPUs if the BIOS has forgotten to - enable it. &merged;</para> - - <para arch="sparc64">The UltraSPARC platform is now supported by - &os;. The following machines are supported to at least some - degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade - 100. SMP is supported, and has been tested on the - Ultra 2, Ultra 60, Enterprise 220R, and - Enterprise 420R.</para> - - <para arch="i386">On some systems, the BIOS does not activate - the I/O ports and memory of PC devices, thus making them - unusable. The <varname>hw.pci.enable_io_modes</varname> - sysctl/boot loader variable (which defaults to - <literal>1</literal>, for <quote>enabled</quote>) - forces &os; to enable these devices so that they can be - used.</para> - - <para arch="alpha">Support for TurboChannel Alphas has been - removed.</para> - - <para arch="i386">Support for the AMD Élan SC520 has been - added; this requires the <literal>CPU_ELAN</literal> option in - the kernel configuration file. &merged;</para> - - <para arch="i386,pc98">The <literal>CPU_DISABLE_CMPXCHG</literal> - kernel configuration option has been added. Enabling this - option has been shown to dramatically improve performance on - VMWare client OS installs. - - <note> - <para>This option is not compatible with - <literal>SMP</literal> kernels.</para> - </note> - - </para> + <para></para> </sect3> <sect3> <title>Bootloader Changes</title> - <para arch="i386" role="historic"><filename>boot2</filename> now supports a - <option>-n</option> option to disallow boot interruption by - keypresses. &merged;</para> - - <para arch="i386" role="historic">A new <filename>cdboot</filename> bootstrap - utility for CDROMs provides better compatability with some - BIOS implementations that do not completely implement the El - Torito bootable CDROM standard. This boot loader supports - <quote>no emulation</quote> mode booting, thus eliminating the - need for an emulated floppy disk image on a bootable - CDROM. &merged;</para> - - <para arch="i386,pc98" role="historic">The i386 boot loader now has support for a - <literal>nullconsole</literal> console type, for use on - systems with neither a video console nor a serial - port. &merged;</para> - - <para arch="i386,pc98" role="historic">The &man.loader.8; now has optional support - (enabled at compile-time, off by default) for loading - <application>bzip2</application>-compressed kernels and - modules. &merged;</para> - - <para arch="i386" role="historic">Support for Intel's Wired for Management 2.0 - (PXE) was added to the &os; boot loader. Due to API - differences, the older PXE versions are not supported. This - allow network booting using DHCP. &merged;</para> - <para arch="pc98">The PC98 bootloader now has support for booting from SCSI MO media. &merged;</para> <!-- Above this line, order bootloader changes by keyword--> - <para arch="i386" role="historic">The &os; boot loader now contains a workaround - to support CDROM booting on certain IBM BIOSs that expect the - first sector of the emulated floppy to contain a valid MS-DOS - BPB that they can modify. &merged;</para> - - <para arch="i386,pc98" role="historic">The &os; boot loader now supports a - <option>-p</option> flag to force the kernel to pause after - each line of output during the probing phase. &merged;</para> - - <para arch="alpha,i386" role="historic">The &os; boot loader is now capable of - booting from filesystems with block sizes larger than - 8K. &merged;</para> - - <para>The kernel and modules have been moved to the directory - <filename>/boot/kernel</filename>, so they can be easily - manipulated together. The boot loader has been updated to - make this change as seamless as possible.</para> - - <para arch="alpha,i386,pc98,sparc64">The boot loader now - supports loading kernels from both UFS1 and UFS2 - filesystems.</para> - </sect3> <sect3> <title>Network Interface Support</title> - <para role="historic">The &man.an.4; driver for Cisco Aironet cards now supports - Wired Equivalent Privacy (WEP) encryption, settable via - &man.ancontrol.8;. &merged;</para> - - <para role="historic">The &man.an.4; driver now supports the Cisco Aironet 350 - series of adaptors. &merged;</para> - - <para role="historic">The &man.an.4; driver now supports <quote>monitor</quote> - mode, settable via the <option>-M</option> option to - &man.ancontrol.8;. &merged;</para> - - <para role="historic">The &man.an.4; driver now supports Cisco LEAP, as well as - the <quote>Home</quote> WEP key. The Linux Aironet utilities - are now supported under emulation. &merged;</para> - - <para arch="i386,pc98" role="historic">Generic support for ARCNET token-based - networks has been added. &merged;</para> - - <para arch="i386,pc98" role="historic">The &man.bge.4; driver has been added to - support the Broadcom BCM570x family of Gigabit Ethernet - controllers, including the 3Com 3c996-T, the SysKonnect - SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on - Dell PowerEdge 2550 servers. Output TCP/IP checksum offload, - jumbo frames and VLAN tag insertion/stripping are supported, - as well as interrupt moderation. &merged;</para> - - <para arch="i386" role="historic">The cm driver has been added to support SMC - COM90cx6 ARCNET network adapters. &merged;</para> - - <para>The &man.dc.4; driver now supports NICs based on the Xircom - 3201 and Conexant LANfinity RS7112 chips.</para> - - <para role="historic">The &man.dc.4; driver now has support for - VLANs. &merged;</para> - - <para role="historic">The &man.de.4; driver now performs round-robin arbitration - between the transmit and receive units of the 21143, instead - of giving priority to the receive unit. This gives a - 10–15% performance improvement in the forwarding rate - under heavy load. &merged;</para> - - <para arch="alpha">The &man.ed.4; driver is now supported.</para> - - <para arch="i386,pc98" role="historic">Linksys Fast Ethernet PCCARD cards supported - by the &man.ed.4; driver now require the addition of flag - <literal>0x80000</literal> to their config line in - &man.pccard.conf.5;. This flag is not optional. These - Linksys cards will not be recognized without - it. &merged;</para> - - <para role="historic">A bug in the &man.ed.4; driver that could cause panics - with very short packets and BPF or bridging active has been - fixed. &merged;</para> - - <para role="historic">The &man.ed.4; driver now has support for D-Link DL10022 - chips, necessary for the NetGear FA-410TX and other cards. As - a result, <literal>device miibus</literal> is required in - kernel configurations using the &man.ed.4; - driver. &merged;</para> - - <para arch="i386">The &man.el.4; driver can now be loaded as a - module.</para> - - <para arch="i386,pc98,ia64" role="historic">The &man.em.4; driver has been added to - support NICs based on the Intel 82542, 82543, 82544, 82545EM, - and 82546EB - Gigabit Ethernet controller chips. The driver has VLAN - support, and also supports - transmit/receive checksum offload and jumbo frames on 82543 - and 82544-based adapters. &merged;</para> - - <para role="historic">The &man.faith.4; device is now loadable, unloadable, and - clonable. &merged;</para> - - <para arch="i386,pc98" role="historic">Support for Fujitsu MB86960A/MB86965A based - Ethernet PC-Cards has been added back in the &man.fe.4; - driver. &merged;</para> - - <para arch="alpha" role="historic">The &man.fpa.4; driver now supports Digital's - DEFPA FDDI adaptors on the Alpha. &merged;</para> - - <para role="historic">The &man.fxp.4; driver now requires a <literal>device - miibus</literal> entry in the kernel configuration - file. &merged;</para> - - <para role="historic">The &man.fxp.4; driver now contains a workaround for PCI - protocol violations caused by defects in some systems based on - the Intel ICH2/ICH2-M chip. The workaround is to rewrite the - EEPROM on the interface to disable Dynamic Standby Mode; once - the EEPROM is rewritten, the system needs to be rebooted for - the new settings to take effect. &merged;</para> - - <para role="historic">The &man.fxp.4; driver now supports Intel's loadable - microcode to implement receive-side interrupt coalescing and - packet bundling, on NICs that support these features. This - support can be activated by the use of the - <option>link0</option> option to - &man.ifconfig.8;. &merged;</para> - - <para arch="sparc64">The gem driver has been added to support - the Sun GEM Gigabit Ethernet and ERI Fast Ethernet - adapters.</para> - - <para role="historic">The &man.gx.4; driver has been added to support NICs based - on the Intel 82542 and 82543 Gigabit Ethernet controller - chips. Both fiber and copper variants of the cards are - supported. Both boards support VLAN tagging/insertion, and - the 82543 additionally supports TCP/IP checksum - offload. &merged;</para> - - <para arch="sparc64">The hme driver has been added to support - the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra - series machines.</para> - - <para>The &man.lmc.4; driver has been added to support LAN Media - Corp WAN adapters based on the DEC <quote>Tulip</quote> PCI - Fast Ethernet controller.</para> - - <para role="historic">The &man.lge.4; driver has been added to support the Level - 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This - device is used on some fiber optic GigE cards from SMC, D-Link - and Addtron. Jumbograms and TCP/IP checksum offload on - receive are supported, although hardware VLAN filtering is - not. &merged;</para> - - <para role="historic">The my driver, which supports the Myson Fast Ethernet and - Gigabit Ethernet adapters, has been added. &merged;</para> - - <para role="historic">Added the &man.nge.4; driver, which supports PCI Gigabit - Ethernet adapters based on the National Semiconductor DP83820 - and DP83821 Gigabit Ethernet controller chips, including the - D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante - FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T. - This driver supports transmit and receive checksum - offloading. &merged;</para> - - <para role="historic">The &man.pcn.4; driver, which supports the AMD PCnet/FAST, - PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and - HomePNA adapters, has been added. Although these cards are - already supported by the &man.lnc.4; driver, the &man.pcn.4; - driver runs these chips in 32-bit mode and uses the RX - alignment feature to achieve zero-copy receive. This driver - is also machine-independent, so it will work on the i386, - pc98 and Alpha platforms. The &man.lnc.4; driver is still needed - to support non-PCI cards. &merged;</para> - - <para role="historic">The &man.ray.4; driver, which supports the Webgear Aviator - wireless network cards, has been committed. The operation of - &man.ray.4; interfaces can be modified by - &man.raycontrol.8;. &merged;</para> - - <para arch="i386,pc98">The &man.rp.4; driver has been updated to - version 3.02 and can now be built as a module. &merged;</para> - - <para arch="i386" role="historic">The sbni driver, for supporting the Granch - SBNI12 series of ISA and PCI point-to-point communications - interfaces, has been added. The <filename - role="package">sysutils/sbniconfig</filename> port in the &os; - Ports Collection can be used for configuring these - devices. &merged;</para> - - <para role="historic">Added support for PCI Ethernet adapters based on the SiS - 900 and SiS 7016 Fast Ethernet controller chips (for example, - as seen on the SiS 635 and 735 motherboard chipsets), as well - as the National Semiconductor DP83815 chipset (including the - NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4; - driver. This device has support for VLANs. &merged;</para> - - <para arch="pc98" role="historic">The snc driver for the National Semiconductor - DP8393X (SONIC) Ethernet controller has been added. - Currently, this driver is only used on the PC-98 - architecture. &merged;</para> - - <para>The &man.stf.4; device is now clonable.</para> - - <para role="historic">The &man.tap.4; driver, a virtual Ethernet device driver - for bridged configurations, has been added. This device is - clonable. &merged;</para> - - <para role="historic">The &man.ti.4; driver now supports the Alteon AceNIC - 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT - Gigabit cards. &merged;</para> - - <para role="historic">The &man.ti.4; driver correctly masks VLAN tags. &merged;</para> - - <para>The &man.tx.4; driver now supports true multicast - filtering.</para> - - <para role="historic">The &man.txp.4; driver has been added to support NICs - based on the 3Com 3XP Typhoon/Sidewinder (3CR990) - chipset. &merged;</para> - - <para role="historic">&man.vlan.4; devices are now loadable, unloadable, and - clonable. &merged;</para> - - <para role="historic">The &man.wi.4; driver now has support for Prism II and - Prism 2.5-based NICs. 104/128-bit WEP now works on Prism - cards. &merged;</para> - - <para role="historic">The &man.wi.4; driver now supports using a &os; host as - a wireless access point. This functionality can be enabled - using the <literal>mediaopt hostap</literal> option of - &man.ifconfig.8;. This feature requires a wireless - adapter based on the Prism II chipset. &merged;</para> - - <para role="historic">The &man.wi.4; driver now has support for - <application>bsd-airtools</application>. &merged;</para> - - <para role="historic">The xe driver can now be built as a - module. &merged;</para> - - <para role="historic">The &man.xl.4; driver now supports the 3Com 3C556 and - 3C556B MiniPCI adapters used on some laptops. &merged;</para> - - <para role="historic">The &man.xl.4; driver now supports reception of VLAN - tagged frames (on the <quote>Cyclone</quote> or newer - chipsets). &merged;</para> - - <para role="historic">The &man.xl.4; driver now supports send- and receive-side - TCP/IP checksum offloading for NICs implementing this feature, - such as the 3C905B, 3C905C, and 3C980C. &merged;</para> - - <para role="historic">A bug in the &man.xl.4; driver, related to statistics - overflow interrupt handling, was causing slowdowns at medium - to high packet rates; this has been fixed. &merged;</para> - - <para role="historic">The per-interface <varname>ifnet</varname> structure now - has the ability to indicate a set of capabilities supported by - a network interface, and which ones are enabled. - &man.ifconfig.8; has support for querying these - capabilities. &merged;</para> - - <para role="historic">Performance with hosts having a large number of IP aliases - has been improved, by replacing the per-interface - <varname>if_inaddr</varname> linear list with a hash table. &merged;</para> - - <para>Network devices now automatically appear as special files in - <filename>/dev/net</filename>. Interface hardware ioctls (not - protocol or routing) can be performed on these devices. The - <varname>SIOCGIFCONF</varname> ioctl may be performed on the - special <filename>/dev/network</filename> node.</para> - - <para role="historic">Selected network drivers now implement a semi-polling - mode, which makes systems much more resilient to attacks and - overloads. To enable polling, the following options are - required in a kernel configuration file: - - <programlisting>options DEVICE_POLLING -options HZ=1000 # not compulsory but strongly recommended</programlisting> + <para></para> - The <varname>kern.polling.enable</varname> sysctl variable - will then activate polling mode; with the - <varname>kern.polling.user_frac</varname> sysctl indicating - the percentage of CPU time to be reserved for userland. The - devices initially supporting polling are &man.dc.4;, - &man.fxp.4;, &man.nge.4;, &man.rl.4;, and &man.sis.4;. More details can be found in - the &man.polling.4; manual page. &merged;</para> - - <para arch="i386,pc98" role="historic">The packet-forwarding performance of certain - network drivers (specifically &man.dc.4; and &man.sis.4;) has - been enhanced by the elimination of unnecessary buffer - copies. &merged;</para> - - <para><quote>Zero copy</quote> support has been added to the - networking stack. This feature can eliminate a copy of - network data between the kernel and userland, which is one of - the more significant bottlenecks in network throughput. - The send-side code should work with almost any network - adapter, while the receive-side code requires a network - adapter with an MTU of at least one memory page size (for - example, jumbo frames on Gigabit Ethernet). For more - information, see &man.zero.copy.9;.</para> </sect3> <sect3> <title>Network Protocols</title> - <para role="historic">&man.accept.filter.9;, a kernel feature to reduce - overheads when accepting and reading new connections on - listening sockets, has been added. &merged;</para> - - <para role="historic">The <literal>proxy</literal> modifier to &man.arp.8;'s - <option>-d</option> option has been renamed to - <literal>pub</literal>, for consistency with the - <option>-s</option> option. The <literal>only</literal> keyword - has been added to the <option>-s</option> and - <option>-S</option> flags, to be used in creating - <quote>proxy-only</quote> published entries. &merged;</para> - - <para role="historic">The read timeout feature of &man.bpf.4; now works more - correctly with &man.select.2;/&man.poll.2;, and therefore with - pthreads. &merged;</para> - - <para role="historic">&man.bridge.4; and &man.dummynet.4; have received some - enhancements and bug fixes, and are now loadable - modules. &merged;</para> - - <para role="historic">&man.bridge.4; now has better support for multiple, - fully-independent bridging clusters, and is much more stable - in the presence of dynamic attachments and detatchments. Full - support for VLANs is also supported. &merged;</para> - - <para>A <literal>FAST_IPSEC</literal> kernel option now allows - the IPsec implementation to use the kernel &man.crypto.4; framework, - along with its support for hardware cryptographic - acceleration. - <note> - <para>The <literal>FAST_IPSEC</literal> and - <literal>IPSEC</literal> options are mutually - exclusive.</para> - </note> - - <note> - <para>The <literal>FAST_IPSEC</literal> option is, at the - moment, not compatible with IPv6 or the - <literal>INET6</literal> option.</para> - </note> - - </para> - - <para>A &man.gre.4; driver, which can encapsulate IP packets - using GRE (RFC 1701) or minimal IP encapsulation for Mobile IP - (RFC 2004), has been added. &merged;</para> - - <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP - RSTs generated due to packets sent to open and unopen ports - are now limited by separate counters. Each rate limiting - queue now has its own description.</para> - - <para role="historic">ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can - now RST TCP connections in the <literal>SYN_SENT</literal> - state if the correct sequence numbers are sent back, as - controlled by the - <varname>net.inet.tcp.icmp_may_rst</varname> sysctl. &merged;</para> - - <para>ICMP Source Quench messages are no longer generated for - forwarded packets. The old behavior can be re-enabled with - the <varname>net.inet.ip.sendsourcequench</varname> sysctl - variable.</para> - - <para>IP multicast now works on VLAN devices. Several other - bugs in the VLAN code have also been fixed.</para> - - <para role="historic">A bug in the IPsec processing for IPv4, which caused the - inbound SPD checks to be ignored, has been fixed. &merged;</para> - - <para role="historic">&man.ipfw.4; now filters correctly in the presence of ECN - bits in TCP segments. &merged;</para> - - <para>&man.ipfw.4; has been re-implemented (the new version is - commonly referred to as <quote>IPFW2</quote>). It now uses - variable-sized representation of rules in the kernel, similar - to &man.bpf.4; instructions. Most of the externally-visible - behavior (i.e. through &man.ipfw.8;) should be unchanged, - although &man.ipfw.8; now supports <literal>or</literal> - connectives between match fields. &merged;</para> - - <para role="historic">A new ng_eiface netgraph module has been added, which - appears as an Ethernet interface but delivers its Ethernet - frames to a Netgraph hook. &merged;</para> - - <para>A new &man.ng.device.4; netgraph node type has been added, - which creates a device entry in <filename>/dev</filename>, to - be used as the entry point to a networking graph.</para> - - <para role="historic">A new &man.ng.etf.4; netgraph node allows Ethernet type - packets to be filtered to different hooks depending on - ethertype. &merged;</para> - - <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph - nodes, for operating on &man.gif.4; devices, have been - added.</para> - - <para>The &man.ng.ip.input.4; netgraph node, for queueing IP - packets into the main IP input processing code, has been - added.</para> - - <para>A new &man.ng.l2tp.4; netgraph node type, which implements - the encapsulation layer of the L2TP protocol as described in - RFC 2661, has been added. &merged;</para> - - <para role="historic">The &man.ng.mppc.4; and &man.ng.bridge.4; node types have - been added to the &man.netgraph.4; subsystem. The - &man.ng.ether.4; node is now dynamically loadable. - Miscellaneous bug fixes and enhancements have also been - made. &merged;</para> - - <para role="historic">A new netgraph node type &man.ng.one2many.4; for - multiplexing and demultiplexing packets over multiple links - has been added. &merged;</para> - - <para>A new ng_split node type has been added for splitting a - bidirectional packet flow into two unidirectional flows.</para> - - <para role="historic">A new sysctl - <varname>net.inet.ip.check_interface</varname>, which is on by - default, causes IP to verify that an incoming packet arrives - on an interface that has an address matching the packet's - destination address. &merged;</para> - - <para role="historic">A new sysctl - <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has - been added to control the suppression of logging when ARP - replies arrive on the wrong interface. &merged;</para> - - <para role="historic">A new <literal>options RANDOM_IP_ID</literal> kernel - option causes the ID field of IP packets to be randomized. - This closes a minor information leak which allows a remote - observer to determine the rate at which the machine is - generating packets, since the default behavior is to increment - a counter for each packet sent. &merged;</para> - - <para arch="alpha">SLIP has been removed from the - <filename>mfsroot</filename> floppy image.</para> - - <para role="historic">TCP has received some bug fixes for its delayed ACK - behavior. &merged;</para> - - <para role="historic">TCP now supports the NewReno modification to the TCP Fast - Recovery algorithm. This behavior can be controlled via the - <varname>net.inet.tcp.newreno</varname> sysctl - variable. &merged;</para> - - <para role="historic">TCP now uses a more aggressive timeout for initial SYN - segments; this allows initial connection attempts to be - dropped much faster. &merged;</para> - - <para role="historic">The <literal>TCP_COMPAT_42</literal> kernel option has - been removed. &merged;</para> - - <para role="historic">The <literal>TCP_RESTRICT_RST</literal> kernel option has - been removed. Similar functionality can be achieved with the - <varname>net.inet.tcp.blackhole</varname> sysctl - variable. &merged;</para> - - <para role="historic">TCP now has RFC 1323 extensions enabled by default in - &man.rc.conf.5;. &merged;</para> - - <para role="historic">RFC 1323 and RFC 1644 TCP extensions are now disabled for - a connection in progress if no response has been received by - the third SYN segment sent. This behavior tries to work - around (very old) terminal servers with buggy VJ header - compression implementations. &merged;</para> - - <para role="historic">The TCP implementation no longer requires the allocation - of a TCP template structure for each connection; this should - reduce the buffer usage on large systems handling many - connections. &merged;</para> - - <para role="historic">TCP's default buffer sizes, controlled by the - <varname>net.inet.tcp.sendspace</varname> and - <varname>net.inet.tcp.recvspace</varname> sysctl variables, - have been increased to 32K and 64K respectively. Previously, - the default for both buffer sizes was 16K. To try to avoid - increasing congestion, the default value for - <varname>net.inet.tcp.local_slowstart_flightsize</varname> has - been changed from infinity to 4. &merged; - - <note> - <para>On busy hosts, the new larger buffer sizes may require - manually increasing the - <varname>NMBCLUSTERS</varname> parameter, either in the - kernel configuration file or via the - <varname>kern.ipc.nmbclusters</varname> loader tunable. - <command>netstat -mb</command> can be used to monitor the - state of mbuf clusters.</para> - </note> - </para> - - <para role="historic">TCP now supports RFC 1948 (Defending Against Sequence - Number Attacks). The - <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl - variable controls the reseeding of the secret data used in - the RFC 1948 initial sequence number calculations. &merged;</para> - - <para role="historic">The TCP implementation in &os; now implements a cache of - outstanding, received SYN segments. Incoming SYN segments now - cause entries to be placed in the cache until the TCP - three-way handshake is complete, at which point, memory is - allocated for the connection as usual. In addition, all TCP - Initial Sequence Numbers (ISNs) are used as cookies, allowing - entries in the cache to be dropped, but still have their - corresponding ACKs accepted later. The combination of the - so-called - <quote>syncache</quote> and <quote>syncookies</quote> features - makes a host much more resistant to TCP-based Denial of - Service attacks. Work on this feature was sponsored by DARPA - and NAI Labs. &merged;</para> - - <para role="historic">A bug in the TCP implementation, which could cause - connections to stall if a sender saw a zero-sized window, has - been corrected. &merged;</para> - - <para role="historic">The TCP implementation now properly ignores packets - addressed to IP-layer broadcast addresses. &merged;</para> - - <para>The ephemeral port range used for TCP and UDP has been - changed to 49152–65535 (the old default was - 1024–5000). This increases the number of concurrent - outgoing connections/streams.</para> - - <para>The &man.tcp.4; protocol's retransmission timer can now be - manipulated with two sysctl variables, - <varname>net.inet.tcp.rexmit_min</varname> and - <varname>net.inet.tcp.rexmit_slop</varname>. The default has - been reduced from one second to 200ms (similar to the Linux default) - in order to better handle hiccups over interactive connections and - improve recovery over lossy fast connections such as wireless links.</para> - - <para>The &man.tcp.4; protocol now has the ability to dynamically - limit the send-side window to maximize bandwidth and minimize - round trip times. The feature can be enabled via the - <varname>net.inet.tcp.inflight_enable</varname> - sysctl. &merged;</para> - + <para></para> </sect3> <sect3> <title>Disks and Storage</title> - <para arch="i386" role="historic">Support for the Adaptec FSA family of PCI-SCSI - RAID controllers has been added, in the form of the - &man.aac.4; driver. This driver includes proper handling of - commands initiated by the adapter, addition/removal of disk - devices, crashdump functionality, and &man.ioctl.2; commands - necessary for the management CLI, and is fully qualified and - sanctioned by Adaptec. &merged;</para> - - <para role="historic">The &man.ahc.4; driver has received numerous updates, - bugfixes, and enhancements. Among various improvements are - improved compatibility with chips in <quote>RAID Port</quote> - mode and systems with AAA and/or ARO cards installed, as well - as performance improvements. Some bugs were also fixed, - including a rare hang on Ultra2/U160 - controllers. &merged;</para> - - <para arch="i386">The &man.ahd.4; driver, which supports the Adaptec - AIC7901, AIC7901A, and AIC7902 Ultra320 PCI-X SCSI Controller chips, has been - added. &merged;</para> - - <para arch="i386" role="historic">The &man.asr.4; driver, which provides support - for the Adaptec SCSI RAID controller family, as well as the - DPT SmartRAID V and VI families, has been - added. &merged;</para> - - <para arch="i386" role="historic">The &man.asr.4; driver now supports the - Adaptec 2000S and 2005S Zero-Channel RAID - controllers. &merged;</para> - - <para role="historic">The &man.ata.4; driver now has support for ATA100 - controllers. In addition, it now supports the ServerWorks - ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 - chipsets, and the Cyrix 5530. &merged;</para> - - <para role="historic">To provide more flexible configuration, the various - options for the &man.ata.4; driver are now boot loader - tunables, rather than kernel configure-time - options. &merged;</para> - - <para role="historic">The &man.ata.4; driver now has support for tagged queuing, - which is enabled by the <varname>hw.ata.tags</varname> loader - tunable. &merged;</para> - - <para role="historic">The &man.ata.4; driver now has support for ATA - <quote>pseudo</quote> RAID controllers as the Promise Fasttrak - and HighPoint HPT370 controllers. &merged;</para> - - <para role="historic">The &man.ata.4; driver now supports a wider variety of SiS - chipsets, as listed in the Hardware Notes. &merged;</para> - - <para role="historic">The &man.ata.4; driver now has support for creating, - deleting, querying, and rebuilding ATA RAIDs under control of - &man.atacontrol.8;. &merged;</para> - - <para role="historic">The BurnProof(TM) feature, for applicable ATAPI CD-ROM - burners, is now supported. &merged;</para> - - <para role="historic">The &man.ata.4; driver now has support for 48-bit - addressing. Devices larger than 137GB are now - supported. &merged;</para> - - <para role="historic">The &man.ata.4; driver now contains fixes for some data - corruption problems on systems using the VIA 82C686B - Southbridge chip. &merged;</para> - - <para>The &man.ata.4; driver (along with &man.burncd.8;) now - supports writing to media in DVD+RW drives.</para> - - <para>The &man.ata.4; driver now supports accessing ATA devices - as SCSI devices via the CAM layer and drivers (&man.cd.4;, - &man.da.4;, &man.st.4;, and &man.pass.4;). This feature requires - <literal>device atapicam</literal> in the kernel - configuration. More information can be found in - &man.atapicam.4;. &merged;</para> - - <para>The &man.ata.4; driver now has support for the Sil 0680 - and VIA 8233/8235 controllers. &merged;</para> - - <para>The &man.ata.4; driver now has support for the Acard - ATP850, ATP860, and ATP865 controllers.</para> - - <para arch="pc98">The &man.ata.4; driver is now supported on the - pc98 platform.</para> - - <para role="historic">The &man.cd.4; driver now has support for write - operations. This allows writing to DVD-RAM, PD and similar - drives that probe as CD devices. Note that change affects - only random-access writeable devices, not sequential-only - writeable devices such as CD-R drives, which are supported by - &man.cdrecord.1; (a part of - <filename role="package">sysutils/cdrtools</filename> in the - Ports Collection. &merged;</para> - - <para>The &man.cd.4; driver now supports the same - <literal>CDRIOCREADSPEED</literal> and - <literal>CDRIOCWRITESPEED</literal> ioctls that the - &man.acd.4; driver uses for setting the speed of CDROM - access.</para> - - <para>The &man.targ.4; driver has been rewritten and a new - usermode has been added to <filename>/usr/share/examples/scsi_target</filename> that - emulates a direct access device.</para> - - <para arch="i386" role="historic">The &man.ciss.4; driver, for devices utilizing the - Common Interface for SCSI-3 Support, has been added. This - driver supports the Compaq SmartRAID 5* family of RAID - controllers (5300, 532, 5i). &merged;</para> - - <para>The &man.fdc.4; floppy disk driver has undergone a number of - enhancements. Density selection for common settings is now - automatic; the driver is also much more flexible in setting - the densities of various subdevices.</para> - - <para>The &man.geom.4; disk I/O request transformation framework - has been added; this extensible framework is designed to - support a wide variety of operations on I/O requests on their - way from the upper kernel to the device drivers. - - <note> - <para>GEOM-enabled kernels no longer support - <quote>compatability slices</quote>. This feature - (supported on the i386 and pc98 only) allowed a user to - refer to a disk partition without specifying an MBR slice - (e.g. <filename>/dev/ad0a</filename>); the kernel would - automatically find the first applicable &os; slice and use - it. On GEOM-enabled kernels (the default), only the full partition names - (e.g. <filename>/dev/ad0s1a</filename>) are allowed when - referring to partitions within MBR slices. This - change should affect very few users.</para> - </note> - - </para> - - <para>A GEOM Based Disk Encryption module has been added. It - provides denial of access to <quote>cold disks</quote>, with - four different cryptographic barriers and up to four - changeable pass-phrases. Much more information can be found - in the &man.gbde.4; manual page. The &man.gbde.8; userland - utility provides an operation and management interface to this - module. This feature is not enabled by default; it requires - <literal>options GEOM_BDE</literal> to be added to a kernel - configuration file. - - <note> - <para>This feature should be considered experimental.</para> - </note> - - </para> - - <para role="historic">The &man.ida.4; disk driver now has crashdump - support. &merged;</para> - - <para arch="i386" role="historic">The &man.iir.4; driver has been added to support the - Intel Integrated RAID controllers, as well as prior ICP Vortex - controllers.</para> - - <para arch="alpha" role="historic">A bug that made certain CDROM drives fail to - attach when connected to a SCSI card driven by &man.isp.4; has - been fixed. &merged;</para> - - <para>The &man.isp.4; driver is now proactive about discovering - Fibre Channel topology changes.</para> - - <para>The &man.isp.4; driver now supports target mode for Qlogic - SCSI cards, including Ultra2 and Ultra3 and dual bus - cards.</para> - - <para role="historic">The &man.isp.4; driver now supports the Qlogic 2300 and - 2312 Optical Fibre Channel PCI cards. &merged;</para> - - <para arch="i386,pc98">The &man.matcd.4; driver has been removed - after falling into a state of disrepair in the source tree and - because of concerns over its licensing terms. These issues - are currently being addressed and this driver may reappear in - future versions of &os;. &merged;</para> - - <para>&man.md.4;, the memory disk device, has had the - functionality of &man.vn.4; incorporated into it. &man.md.4; - devices can now be configured by &man.mdconfig.8;. &man.vn.4; - has been removed. The Memory Filesystem (MFS) has also been - removed.</para> - - <para arch="i386,alpha,pc98,sparc64">The mpt driver, for - supporting the LSI Logic Fusion/MP architecture Fiber Channel - controllers, has been added. &merged;</para> - - <para arch="i386" role="historic">The &man.mly.4; driver, for Mylex PCI to SCSI - AccelRAID and eXtremeRAID controllers with firmware 6.X and - later, has been added. &merged;</para> - - <para arch="i386,pc98" role="historic">The ncv, nsp, and stg drivers have been ported - from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja - SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers. - All three drivers can be built and loaded as - modules. &merged;</para> - - <para arch="powerpc">The ofw driver, a basic OpenFirmware disk - driver, has been added.</para> - - <para arch="i386">The &man.pst.4; driver, for supporting Promise - SuperTrak ATA RAID controllers, has been - added. &merged;</para> - - <para>The RAIDframe disk driver has been imported from NetBSD. - This driver provides software-based RAID 0, 1, 4, and 5 - capabilities, as well as other functionality. More - information can be found in the &man.raid.4; driver manual - page. The &man.raidctl.8; utility is used to configure and - unconfigure disk arrays. This feature is not enabled by - default, and requires <literal>device raidframe</literal> to - be configured into a kernel. - - <note> - <para>This feature should be considered experimental.</para> - </note> - - </para> - - <para>Some problems in &man.sa.4; error handling have been - fixed, including the <quote>tape drive spinning indefinitely - upon &man.mt.1; <option>stat</option></quote> problem.</para> - - <para>The <varname>SCSI_DELAY</varname> configuration parameter - can now be set at boot time and runtime via the - <varname>kern.cam.scsi_delay</varname> tunable/sysctl.</para> - - <para>The &man.trm.4; driver has been added to support SCSI adapters - using the Tekram TRM-S1040 SCSI chipset. &merged;</para> - - <para arch="i386" role="historic">The &man.twe.4; 3ware ATA RAID driver has - added. &merged;</para> - - <para role="historic">The &man.wd.4; compatibility devices were removed from the - &man.ata.4; driver. &merged;</para> + <para></para> </sect3> <sect3> <title>Filesystems</title> - <para>Support for named extended attributes has been added to the - &os; kernel. This allows the kernel, and appropriately - privileged userland processes, to tag files and directories - with attribute data. Extended attributes were added to - support the TrustedBSD Project, in particular ACLs, capability - data, and mandatory access control labels (see - <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for - details).</para> - - <para role="historic">Due to a licensing change, Soft Updates have been - integrated into the main portion of the kernel source tree. - As a consequence, Soft Updates are now available with the - <filename>GENERIC</filename> kernel. &merged;</para> - - <para>A filesystem snapshot capability has been added to FFS. - Details can be found in - <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> - - <para>When running with Soft Updates, &man.statfs.2; and - &man.df.1; will track the number of blocks and files that are - committed to being freed.</para> - - <para role="historic">A bug in FFS that could cause superblock corruption on - very large filesystems has been corrected. &merged;</para> - - <para role="historic">The ISO-9660 filesystem now has a hook that supports a - loadable character conversion routine. The - <filename role="package">sysutils/cd9660_unicode</filename> - port contains a set of common conversions. &merged;</para> - - <para>&man.kernfs.5; is obsolete and has been retired.</para> - - <para role="historic">A bug in the NFS client that caused bogus access times with - <literal>O_EXCL|O_CREAT</literal> opens was - fixed. &merged;</para> - - <para role="historic">A new NFS hash function (based on the Fowler/Noll/Vo hash - algorithm) has been implemented to improve NFS performance by - increasing the efficiency of the <varname>nfsnode</varname> - hash tables. &merged;</para> - - <para>Client-side NFS locks have been implemented.</para> - - <para>The client-side and server-side of the NFS code in the - kernel used to be intertwined in various complex ways. They - have been split apart for ease of maintenance and further - development.</para> - - <para>Support for filesystem Access Control Lists (ACLs) has - been introduced, allowing more fine-grained control of - discretionary access control on files and directories. This - support was integrated from the TrustedBSD Project. More - details can be found in - <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para> - - <para role="historic">The directory layout preference algorithm for FFS - (<literal>dirprefs</literal>) has been changed. Rather than - scattering directory blocks across a disk, it attempts to - group related directory blocks together. Operations - traversing large directory hierarchies, such as the &os; Ports - tree, have shown marked speedups. This change is transparent - and automatic for new directories. &merged;</para> - - <para arch="i386,pc98" role="historic">smbfs (CIFS) support in kernel has been added. - The userland programs &man.smbutil.1; and &man.mount.smbfs.8; - can be used to work with SMB shares. Note that - &man.mount.smbfs.8; will automatically load the - <filename>smbfs.ko</filename> module into the kernel, even if - <literal>LIBMCHAIN</literal> and - <literal>LIBICONV</literal> were not compiled into the kernel. - &merged;</para> - - <para>For consistency, the fdesc, fifo, null, msdos, portal, - umap, and union filesystems have been renamed to fdescfs, - fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where - applicable, modules and mount_* programs have been renamed. - Compatibility <quote>glue</quote> has been added to - &man.mount.8; so that <literal>msdos</literal> filesystem - entries in &man.fstab.5; will work without changes.</para> - - <para>pseudofs, a pseudo-filesystem framework, has been added. - &man.linprocfs.5; and &man.procfs.5; have been modified to use - pseudofs.</para> - - <para role="historic">A simple hash-based lookup optimization for large - directories called <literal>dirhash</literal> has been added. - Conditional on the - <literal>UFS_DIRHASH</literal> kernel option (enabled by - default in the <filename>GENERIC</filename> kernel), it - improves the speed of operations on very large directories at - the expense of some memory. &merged;</para> - - <para role="historic">The virtual memory subsystem now backs UFS directory - memory requirements by default (this behavior is controlled - via the <varname>vfs.vmiodirenable</varname> sysctl - variable). &merged;</para> - - <para role="historic">A bug that prevented the root filesystem from being - mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were - always supported). &merged;</para> - - <para role="historic">A number of bugs in the filesystem code, discovered - through the use of the <application>fsx</application> - filesystem test tool, have been fixed. Under certain - circumstances (primarily related to use of NFS), these bugs - could cause data corruption or kernel panics. &merged;</para> - - <para>Network filesystems (such as NFS and smbfs filesystems) - listed in <filename>/etc/fstab</filename> can now be properly - mounted during startup initialization; their mounts are - deferred until after the network is initialized.</para> - - <para>Read-only support for the Universal Disk Format (UDF) has - been added. This format is used on packet-written CD-RWs and - most commercial DVD-Video disks. The &man.mount.udf.8; - command can be used to mount these disks.</para> - - <para>Basic support has been added for the UFS2 filesystem. - Among the new features of UFS2: - - <itemizedlist> - <listitem> - <para>The inode has been expanded to 256 bytes to make - space for 64-bit block pointers.</para> - </listitem> - - <listitem> - <para>A file-creation time field has been added.</para> - </listitem> - - <listitem> - <para>A native extended attributes implementation has been - added, permitting total attribute size stored on an inode - to be up to twice the filesystem block size. This storage - is used for Access Control Lists and MAC labels, but may - also be used by other system extensions and user - applications.</para> - </listitem> - </itemizedlist> - - UFS1 remains the default on-disk format, although UFS2 can be - selected as an option in &man.newfs.8; or via the partitioning - screen in &man.sysinstall.8;. 64-bit platforms can boot from - UFS2 root filesystems.</para> - - <para>To support new features mentioned in this section, minor - changes have been made to the format of the UFS1 superblock. - These changes may create some compatability problems when a - system older than &os; 4.7-RELEASE attempts to &man.mount.8; - or &man.fsck.8; a local UFS1 filesystem created by &os; - &release.current; or later. &os; 4.7-RELEASE and later are - fully compatible. This situation typically arises on a - dual-boot machine with multiple versions of &os; - installed.</para> - + <para></para> </sect3> <sect3> <title>PCCARD Support</title> - <para arch="i386,pc98" role="historic">The pccard driver and &man.pccardc.8; now - support multiple <quote>beep types</quote> upon card insertion - and removal. &merged;</para> - - <para role="historic">On many modern hosts, PCCARD devices can be configured to - route their interrupts via either the ISA or PCI interrupt - paths. The &man.pcic.4; driver has been updated to support - both interrupt paths (formerly, only routing via ISA was - supported). &merged; In most cases, configuration of PCMCIA - devices in laptops is simpler and more flexible. In addition, - various Cardbus bridge PCI cards (such as those used by - Orinoco PCI NICs) are now supported. Some hosts may - experience problems, such as hangs or panics, with PCI - interrupt routing; they can frequently be made to work by - forcing the older-style ISA interrupt routing. The following - lines, placed in <filename>/boot/loader.conf</filename>, may - fix the problem:</para> - - <programlisting role="historic">hw.pcic.intr_path="1" - hw.pcic.irq="0"</programlisting> - - <para role="historic">When installing &os; on such a system, typing the - following lines to the boot loader may be helpful in starting - up &os; for the first time:<para> - - <screen role="historic"><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput> -<prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen> - - <para arch="i386">Preliminary CardBus support with NEWCARD has - been added. This code supports both 32-bit and 16-bit cards. - All CardBus bridges are supported, as well as the TI-1030 - PCMCIA-PCI bridge. Other PCMCIA-PCI bridges and ISA bridges - aren't supported yet.</para> - - <para arch="i386">NEWCARD is now the default PCCARD/CardBus - system in the <filename>GENERIC</filename> kernel.</para> - + <para></para> </sect3> <sect3> <title>Multimedia Support</title> - <para arch="i386" role="historic">The &man.pcm.4; driver now supports the ESS - Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media - fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound - card/chipsets, and has received some other updates. Separate - drivers for the SoundBlaster 8 and SoundBlaster 16 now replace - an older, unified driver. A driver for the CMedia - CMI8338/CMI8738 sound chips has been added. A driver for the - CS4281 sound chip has been added. A driver for the S3 - SonicVibes chipset has been added. &merged;</para> - - <para arch="i386" role="historic">A driver for the Avance Logic ALS4000 has been - added. &merged;</para> - - <para arch="i386" role="historic">A driver for the ESS Maestro-3/Allegro has - been added, however due to licensing restrictions, it cannot - be compiled into the kernel. &merged; To use this driver, add - the following line to - <filename>/boot/loader.conf</filename>:</para> - - <programlisting role="historic">snd_maestro3_load="YES"</programlisting> - - <para arch="i386">The VT8233 audio controller now has its own - driver to facilitate supporting all known revisions of the - hardware. It is loadable at boot time by adding - <literal>device pcm</literal> to the kernel configuration or - by adding <literal>snd_via8233="YES"</literal> to - <filename>/boot/loader.conf</filename>. Documentation to - support this work was provided by VIA. &merged;</para> - - <para role="historic">The &man.bktr.4; driver has been updated to 2.18. This - update provides a number of new features. New tuner types - have been added, and improvements to the KLD module and to - memory allocation have been made. Bugs in &man.devfs.5; when - unloading and reloading have been fixed. Support for new - Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux) - has been added. &merged;</para> - - <para arch="i386,pc98" role="historic">The ufm driver, supporting the D-Link DSB-R100 - USB Radio, has been added. &merged;</para> - - <para role="historic">When sound modules are built, one can now load all the - drivers and infrastructure by <command>kldload - snd</command>. &merged;</para> - - <para>A new API has been added for sound cards with hardware - volume control.</para> - - <para arch="i386" role="historic">A driver for the Intel 443MX, 810, 815, and - 815E integrated sound devices has been added. &merged;</para> - - <para arch="i386" role="historic">The via82c686 sound driver now supports the VIA - VT8233. &merged;</para> - - <para arch="i386" role="historic">The ich sound driver now support the SiS - 7012 chipset. &merged;</para> - - <para arch="i386">The ich sound driver now provides rudimentary - support for ich4 audio support. &merged;</para> - - <para arch="i386">Drivers have been added to support the Direct - Rendering Infrastructure, which can used to provide 3D - acceleration within <application>XFree86</application>. Video - cards supported include the 3Dlabs Oxygen GMX 2000 (gammadrm), - AGP Matrox G200/G400/G450/G550 (mgadrm), 3dfx Voodoo - 3/4/5/Banshee (tdfxdrm), AGI ATI Rage 128 (r128drm), and AGP - ATI Radeon (radeondrm).</para> - + <para></para> </sect3> <sect3> <title>Contributed Software</title> - <para>The Forth Inspired Command Language - (<application>FICL</application>) used in the boot loader has - been updated to 3.02.</para> - - <para>Support for Advanced Configuration and Power Interface - (ACPI), a multi-vendor standard for configuration and power - management, has been added. This functionality has been - provided by the <application>Intel ACPI Component - Architecture</application> project, as of the ACPI CA 20021118 - snapshot. Some backward compatability for applications using - the older APM standard has been provided.</para> - - <sect4> - <title>IPFilter</title> - - <para><application>IPFilter</application> has been updated to - 3.4.29. &merged;</para> - - <para role="historic"><application>IPFilter</application> now supports - IPv6. &merged;</para> - - </sect4> - - <sect4 arch="i386"> - <title>isdn4bsd</title> - - <para><application>isdn4bsd</application> has been updated to - version 1.0.2.</para> - - <para role="historic">The &man.ifpi.4; driver for supporting the AVM - Fritz!Card PCI controller has been added. &merged;</para> - - <para role="historic">The &man.ifpi2.4; driver for supporting the AVM - Fritz!Card PCI version 2 controller has been added. &merged;</para> - - <para role="historic">The &man.ihfc.4; driver for supporting Cologne Chip - Designs HFC devices under - <application>isdn4bsd</application> has been - added. &merged;</para> - - <para role="historic">The &man.itjc.4; driver for supporting NETjet-S / Teles - PCI-TJ devices under <application>isdn4bsd</application> has - been added. &merged;</para> - - <para role="historic">Experimental support for the Eicon.Diehl DIVA 2.0 and - 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; - <application>isdn4bsd</application> driver. &merged;</para> - - <para role="historic">The &man.isic.4; driver now supports the Compaq Microcom - 610 ISDN ISA PnP card. &merged;</para> - - <para role="historic">Active CAPI-based ISDN cards manufactured by AVM are now - supported using the &man.i4bcapi.4; and the &man.iavc.4; - driver. The supported cards are the AVM B1 PCI and AVM B1 - ISA Basic Rate cards and the AVM T1 Primary Rate - cards. &merged;</para> - - <para role="historic">A new <literal>maxconnecttime</literal> keyword is now - accepted in &man.isdnd.rc.5; files to limit the time a - connection may remain open. &merged;</para> - - <para role="historic">&man.isdnphone.8; now supports a <option>-k</option> - option for sending messages via the keypad facility to a PBX - or exchange office. &merged;</para> - - <para><application>isdn4bsd</application> now supports Q.931 - subaddressing.</para> - - </sect4> - - <sect4 id="kame-kernel"> - <title>KAME</title> - - <para role="historic">The IPv6 stack is now based on a snapshot based on the - KAME Project's IPv6 snapshot as of 28 May, 2001. Most of - the items listed in this section are a result of this - import. <xref linkend="kame-userland"> lists userland - updates to the KAME IPv6 stack. &merged;</para> - - <para role="historic">&man.gif.4; is now based on RFC 2893, rather than RFC - 1933. The <literal>IFF_LINK2</literal> interface flag can - be used to control ingress filtering. &merged;</para> - - <para role="historic"><application>IPsec</application> has received some - enhancements, including the ability to use the Rijndael and - SHA2 algorithms. IPsec RC5 support has been removed due to - patent issues. &merged;</para> - - <para role="historic">&man.stf.4; now conforms to RFC 3056; the - <literal>IFF_LINK2</literal> interface flag can be used to - control ingress filtering. &merged;</para> - - <para role="historic">IPv6 has better checking of illegal addresses (such as - loopback addresses) on physical networks. &merged;</para> - - <para role="historic">The <varname>IPV6_V6ONLY</varname> socket option is now - completely supported. The kernel's default behavior with - respect to this option is controlled by the - <varname>net.inet6.ip6.v6only</varname> sysctl - variable. &merged;</para> - - <para role="historic">RFC 3041 (Privacy Extensions for Stateless Address - Autoconfiguration) is now supported. It can be enabled via - the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl - variable. &merged;</para> - </sect4> + <para></para> </sect3> </sect2> <sect2 id="security"> - <title>Security-Related Changes</title> - - <para role="historic">&man.sysinstall.8; now allows the user to select one of two - <quote>security profiles</quote> at install-time. These - profiles enable different levels of system security by enabling - or disabling various system services in &man.rc.conf.5; on new - installs. &merged;</para> - - <para role="historic">A bug in which malformed ELF executable images can hang the - system has been fixed (see security advisory - FreeBSD-SA-00:41). &merged;</para> - - <para role="historic">A security hole in Linux emulation was fixed (see security - advisory FreeBSD-SA-00:42). &merged;</para> - - <para role="historic">String-handling library calls in many programs were fixed to - reduce the possibility of buffer overflow-related exploits. - &merged;</para> - - <para role="historic">TCP now uses stronger randomness in choosing its initial - sequence numbers (see security advisory - FreeBSD-SA-00:52). &merged;</para> - - <para role="historic">Several buffer overflows in &man.tcpdump.1; were corrected - (see security advisory FreeBSD-SA-00:61). &merged;</para> - - <para role="historic">A security hole in &man.top.1; was corrected (see security - advisory FreeBSD-SA-00:62). &merged;</para> - - <para role="historic">A potential security hole caused by an off-by-one-error in - &man.gethostbyname.3; has been fixed (see security advisory - FreeBSD-SA-00:63). &merged;</para> - - <para role="historic">A potential buffer overflow in the &man.ncurses.3; library, - which could cause arbitrary code to be run from within - &man.systat.1;, has been corrected (see security advisory - FreeBSD-SA-00:68). &merged;</para> - - <para role="historic">A vulnerability in &man.telnetd.8; that could cause it to - consume large amounts of server resources has been fixed (see - security advisory FreeBSD-SA-00:69). &merged;</para> - - <para role="historic">The <literal>nat deny_incoming</literal> command in - &man.ppp.8; now works correctly (see security advisory - FreeBSD-SA-00:70). &merged;</para> - - <para role="historic">A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files - that could allow overwriting of arbitrary user-writable files - has been closed (see security advisory - FreeBSD-SA-00:76). &merged;</para> - - <para role="historic">The &man.ssh.1; binary is no longer SUID root by - default. &merged;</para> - - <para role="historic">Some fixes were applied to the Kerberos IV implementation - related to environment variables, a possible buffer overrun, and - overwriting ticket files. &merged;</para> - - <para role="historic">&man.telnet.1; now does a better job of sanitizing its - environment. &merged;</para> - - <para role="historic">Several vulnerabilities in &man.procfs.5; were fixed (see - security advisory FreeBSD-SA-00:77). &merged;</para> - - <para role="historic">A bug in <application>OpenSSH</application> in which a - server was unable to disable &man.ssh-agent.1; or - <literal>X11Forwarding</literal> was fixed (see security - advisory FreeBSD-SA-01:01). &merged;</para> - - <para role="historic">A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP - segments could incorrectly be treated as being part of an - <literal>established</literal> connection has been fixed (see - security advisory FreeBSD-SA-01:08). &merged;</para> - - <para role="historic">A bug in &man.crontab.1; that could allow users to read any - file on the system in valid &man.crontab.5; syntax has been - fixed (see security advisory FreeBSD-SA-01:09). &merged;</para> - - <para role="historic">A vulnerability in &man.inetd.8; that could allow - read-access to the initial 16 bytes of - <groupname>wheel</groupname>-accessible files has been fixed - (see security advisory FreeBSD-SA-01:11). &merged;</para> - - <para role="historic">A bug in &man.periodic.8; that used insecure temporary files - has been corrected (see security advisory - FreeBSD-SA-01:12). &merged;</para> - - <para role="historic"><application>OpenSSH</application> now has code to prevent - (instead of just mitigating through connection limits) an attack - that can lead to guessing the server key (not host key) by - regenerating the server key when an RSA failure is detected (see - security advisory FreeBSD-SA-01:24). &merged;</para> - - <para role="historic">A number of programs have had output formatting strings - corrected so as to reduce the risk of - vulnerabilities. &merged;</para> - - <para role="historic">A number of programs that use temporary files now do so more - securely. &merged;</para> - - <para role="historic">A bug in ICMP that could cause an attacker to disrupt TCP and UDP - <quote>sessions</quote> has been corrected. &merged;</para> - - <para role="historic">A bug in &man.timed.8;, which caused it to crash if send - certain malformed packets, has been corrected (see security - advisory FreeBSD-SA-01:28). &merged;</para> - - <para role="historic">A bug in &man.rwhod.8;, which caused it to crash if send - certain malformed packets, has been corrected (see security - advisory FreeBSD-SA-01:29). &merged;</para> - - <para role="historic">A security hole in &os;'s FFS and EXT2FS implementations, - which allowed a race condition that could cause users to have - unauthorized access to data, has been fixed (see security - advisory FreeBSD-SA-01:30). &merged;</para> - - <para role="historic">A remotely-exploitable vulnerability in &man.ntpd.8; has - been closed (see security advisory - FreeBSD-SA-01:31). &merged;</para> - - <para role="historic">A security hole in <application>IPFilter</application>'s - fragment cache has been closed (see security advisory - FreeBSD-SA-01:32). &merged;</para> - - <para role="historic">Buffer overflows in &man.glob.3;, which could cause - arbitrary code to be run on an FTP server, have been closed. In - addition, to prevent some forms of DOS attacks, &man.glob.3; - allows specification of a limit on the number of pathname - matches it will return. &man.ftpd.8; now uses this feature (see - security advisory FreeBSD-SA-01:33). &merged;</para> - - <para role="historic">Initial sequence numbers in TCP are more thoroughly - randomized (see security advisory FreeBSD-SA-01:39). Due to - some possible compatibility issues, the behavior of this - security fix can be enabled or disabled via the - <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl - variable.&merged;</para> - - <para role="historic">A vulnerability in the &man.fts.3; routines (used by - applications for recursively traversing a filesystem) could - allow a program to operate on files outside the intended - directory hierarchy. This bug has been fixed (see security - advisory FreeBSD-SA-01:40). &merged;</para> - - <para role="historic"><application>OpenSSH</application> now switches to the - user's UID before attempting to unlink the authentication - forwarding file, nullifying the effects of a race.</para> - - <para role="historic">A flaw allowed some signal handlers to remain in effect in a - child process after being exec-ed from its parent. This allowed - an attacker to execute arbitrary code in the context of a setuid - binary. This flaw has been corrected (see security advisory - FreeBSD-SA-01:42). &merged;</para> - - <para role="historic">A remote buffer overflow in &man.tcpdump.1; has been fixed - (see security advisory FreeBSD-SA-01:48). &merged;</para> - - <para role="historic">A remote buffer overflow in &man.telnetd.8; has been fixed - (see security advisory FreeBSD-SA-01:49). &merged;</para> - - <para role="historic">The new <varname>net.inet.ip.maxfragpackets</varname> and - <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables - limit the amount of memory that can be consumed by IPv4 and IPv6 - packet fragments, which defends against some denial of service - attacks (see security advisory - FreeBSD-SA-01:52). &merged;</para> - - <para role="historic">All services in <filename>inetd.conf</filename> are now - disabled by default for new installations. &man.sysinstall.8; - gives the option of enabling or disabling &man.inetd.8; on new - installations, as well as editing - <filename>inetd.conf</filename>. &merged;</para> - - <para role="historic">A flaw in the implementation of the &man.ipfw.8; - <literal>me</literal> rules on point-to-point links has been - corrected. Formerly, <literal>me</literal> filter rules would - match the remote IP address of a point-to-point interface in - addition to the intended local IP address (see security advisory - FreeBSD-SA-01:53). &merged;</para> - - <para role="historic">A vulnerability in &man.procfs.5;, which could allow a - process to read sensitive information from another process's - memory space, has been closed (see security advisory - FreeBSD-SA-01:55). &merged;</para> - - <para role="historic">The <literal>PARANOID</literal> hostname checking in - <application>tcp_wrappers</application> now works as advertised - (see security advisory FreeBSD-SA-01:56). &merged;</para> - - <para role="historic">A local root exploit in &man.sendmail.8; has been closed - (see security advisory FreeBSD-SA-01:57). &merged;</para> - - <para role="historic">A remote root vulnerability in &man.lpd.8; has been closed - (see security advisory FreeBSD-SA-01:58). &merged;</para> - - <para role="historic">A race condition in &man.rmuser.8; that briefly exposed a - world-readable <filename>/etc/master.passwd</filename> has been - fixed (see security advisory FreeBSD-SA-01:59). &merged;</para> - - <para role="historic">A vulnerability in <application>UUCP</application> has been - closed (see security advisory FreeBSD-SA-01:62). All - non-<username>root</username>-owned binaries in standard system - paths now have the <literal>schg</literal> flag set to prevent - exploit vectors when run by &man.cron.8;, by - <username>root</username>, or by a user other then the one owning - the binary. In addition, &man.uustat.1; is now run via - <filename>/etc/periodic/daily/410.status-uucp</filename> as - <username>uucp</username>, not <username>root</username>. In - &os; -CURRENT, <application>UUCP</application> has since been - moved to the Ports Collection and no longer a part of the base - system. &merged;</para> - - <para role="historic">A security hole in the form of a buffer overflow in the - &man.semop.2; system call has been closed. &merged;</para> - - <para role="historic">A security hole in <application>OpenSSH</application>, which - could allow users to execute code with arbitrary privileges if - <literal>UseLogin yes</literal> was set, has been closed. Note - that the default value of this setting is - <literal>UseLogin no</literal>. (See security advisory - FreeBSD-SA-01:63.) &merged;</para> - - <para role="historic">The use of an insecure temporary directory by - &man.pkg.add.1; could permit a local attacker to modify the - contents of binary packages while they were being installed. - This hole has been closed. (See security advisory - FreeBSD-SA-02:01.) &merged;</para> - - <para role="historic">A race condition in &man.pw.8;, which could expose the - contents of <filename>/etc/master.passwd</filename>, has been - eliminated. (See security advisory FreeBSD-SA-02:02.) - &merged;</para> - - <para role="historic">A bug in &man.k5su.8; could have allowed a process that had - given up superuser privileges to regain them. This bug has been - fixed. (See security advisory FreeBSD-SA-02:07.) - &merged;</para> - - <para role="historic">An <quote>off-by-one</quote> bug has been fixed in - <application>OpenSSH</application>'s multiplexing code. This bug - could have allowed an authenticated remote user to cause - &man.sshd.8; to execute arbitrary code with superuser - privileges, or allowed a malicious SSH server to execute arbitrary - code on the client system with the privileges of the client user. (See security - advisory FreeBSD-SA-02:13.) - &merged;</para> - - <para role="historic">A programming error in <application>zlib</application> could - result in attempts to free memory multiple times. The - &man.malloc.3;/&man.free.3; routines used in &os; are not - vulnerable to this error, but applications receiving - specially-crafted blocks of invalid compressed data could - be made to function incorrectly or abort. This - <application>zlib</application> bug has been fixed. For a - workaround and solutions, see security advisory FreeBSD-SA-02:18. - &merged;</para> - - <para role="historic">Bugs in the TCP SYN cache (<quote>syncache</quote>) and SYN - cookie (<quote>syncookie</quote>) implementations, which could - cause legitimate TCP/IP traffic to crash a machine, have been - fixed. For a workaround and patches, see security advisory - FreeBSD-SA-02:20. - &merged;</para> - - <para role="historic">A routing table memory leak, which could allow a remote - attacker to exhaust the memory of a target machine, has been - fixed. A workaround and patches can be found in security - advisory FreeBSD-SA-02:21. - &merged;</para> - - <para role="historic">A bug with memory-mapped I/O, which could cause a system - crash, has been fixed. For more information about a solution, - see security advisory - FreeBSD-SA-02:22. - &merged;</para> - - <para role="historic">A security hole, in which SUID programs could be made to - read from or write to inappropriate files through manipulation - of their standard I/O file descriptors, has been fixed. - Information regarding a solution can be found in security - advisory - FreeBSD-SA-02:23. - &merged;</para> - - <para role="historic">Some unexpected behavior could be allowed with &man.k5su.8; - because it does not require that an invoking user be a member of - the <groupname>wheel</groupname> group when attempting to become - the superuser (this is the case with &man.su.1;). To avoid this - situation, &man.k5su.8; is now installed non-SUID by default - (effectively disabling it). More information can be found in - security advisory - FreeBSD-SA-02:24. - &merged;</para> - - <para role="historic">Multiple vulnerabilities were found in the &man.bzip2.1; - utility, which could allow files to be overwritten without - warning or allow local users unintended access to files. These - problems have been corrected with a new import of - <application>bzip2</application>. For more information, see - security advisory - FreeBSD-SA-02:25. - &merged;</para> - - <para role="historic">A bug has been fixed in the implementation of the TCP SYN - cache (<quote>syncache</quote>), which could allow a remote - attacker to deny access to a service when accept filters - (see &man.accept.filter.9;) were in use. This bug has been - fixed; for more information, see security advisory - FreeBSD-SA-02:26. - &merged;</para> - - <para role="historic">Due to a bug in &man.rc.8;'s use of shell globbing, users - may be able to remove the contents of arbitrary files if - <filename>/tmp/.X11-unix</filename> does not exist and the - system can be made to reboot. This bug has been corrected (see - security advisory - FreeBSD-SA-02:27. - &merged;</para> - - <para>A buffer overflow in the resolver, which could be exploited - by a malicious domain name server or an attacker forging DNS - messages, has been fixed. See security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:28.resolv.asc">FreeBSD-SA-02:28</ulink> - for more details. &merged;</para> - - <para>A buffer overflow in &man.tcpdump.1;, which could be triggered by - badly-formed NFS packets, has been fixed. See security advisory - <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:29.tcpdump.asc">FreeBSD-SA-02:29</ulink> - for more details. &merged;</para> - - <para>&man.ktrace.1; can no longer trace the operation of formerly - privileged processes; this prevents the leakage of sensitive - information that the process could have obtained before - abandoning its privileges. For a discussion of this issue, see - security advisory - <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:30.ktrace.asc">FreeBSD-SA-02:30</ulink> - for more details. &merged;</para> - - <para>A race condition in &man.pppd.8;, which could be used to - change the permissions of an arbitrary file, has been corrected. - For more information, see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:32.pppd.asc">FreeBSD-SA-02:32</ulink>. - &merged;</para> - - <para>Multiple buffer overflows in - <application>OpenSSL</application> have been corrected, by way - of an upgrade to the base system version of - <application>OpenSSL</application>. More details can be found - in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc">FreeBSD-SA-02:33</ulink>. - &merged;</para> - - <para>A heap buffer overflow in the XDR decoder has been fixed. - For more details, see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:34.rpc.asc">FreeBSD-SA-02:34</ulink>. - &merged;</para> - - <para>A bug that could allow local users to read and write - arbitrary blocks on an FFS filesystem has been corrected. More - details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:35.ffs.asc">FreeBSD-SA-02:35</ulink>. - &merged;</para> - - <para>A bug in the NFS server code, which could allow a remote - denial of service attack, has been fixed. Security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:36.nfs.asc">FreeBSD-SA-02:36</ulink> - has more details. &merged;</para> - - <para>A bug that could allow local users to panic a system using - the &man.kqueue.2; mechanism has been fixed. More information - is contained in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:37.kqueue.asc">FreeBSD-SA-02:37</ulink>. - &merged;</para> - - <para>Several bounds-checking bugs in system calls, which could - result in some system calls returning a large portion of kernel - memory, have been fixed. More information can be found in - security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:38.signed-error.asc">FreeBSD-SA-02:38</ulink>. - &merged;</para> - - <para>A bug that could allow applications using - <filename>libkvm</filename> to leak sensitive file descriptors - has been corrected. (See security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc">FreeBSD-SA-02:39</ulink> - for more details.) - &merged;</para> - - <para>Buffer overflows in kadmind(8) and k5admin have been - corrected. More details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:40.kadmind.asc">FreeBSD-SA-02:40</ulink>. - &merged;</para> - - <para>Errors in &man.smrsh.8;, which could allow users to circumvent - restrictions on what programs can be executed, have been fixed. - See <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:41.smrsh.asc">FreeBSD-SA-02:41</ulink> - for details. - &merged;</para> - - <para>Buffer overflows in the DNS &man.resolver.3;, which could - cause some applications to fail, have been corrected. More - details are in <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:42.resolv.asc">FreeBSD-SA-02:42</ulink>. - &merged;</para> - - <para>Multiple vulnerabilities in <application>BIND</application> - have been fixed, as described in <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:43.bind.asc">FreeBSD-SA-02:43</ulink>. - &merged;</para> - - <para>A file descriptor leak in the &man.fpathconf.2; system call, - which could allow a local user to crash the system or - cause a privilege escalation, has been fixed. More details can - be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc">FreeBSD-SA-02:44</ulink>. - &merged;</para> + <title>Security Advisories</title> + <para></para> </sect2> <sect2 id="userland"> <title>Userland Changes</title> - <para>Support for creating &man.a.out.5; format executables with - the base system compiler toolchain has been removed.</para> - - <para>&man.adduser.8; and &man.rmuser.8; are now &man.sh.1; - scripts, rather than Perl scripts.</para> - - <para role="historic">If the first argument to &man.ancontrol.8; or - &man.wicontrol.8; doesn't start with a <literal>-</literal>, it - is assumed to be an interface. &merged;</para> - - <para role="historic">&man.apmd.8; now has the ability to monitor battery levels - and execute commands based on percentage or minutes of battery - life remaining via the <literal>apm_battery</literal> - configuration directive. See the commented-out examples in - <filename>/etc/apmd.conf</filename> for the - syntax. &merged;</para> - - <para role="historic">&man.arp.8; now prints the applicable interface name for - each ARP entry. &merged;</para> - - <para>&man.arp.8; now prints <literal>[fddi]</literal> or - <literal>[atm]</literal> tags for addresses on interfaces of - those types.</para> - - <para>The &man.asa.1; utility, to interpret FORTRAN - carriage-control characters, has been added.</para> - - <para>&man.at.1; now supports the <option>-r</option> command-line - option to remove jobs and the <option>-t</option> option to - specify times in POSIX time format.</para> - - <para role="historic">&man.atacontrol.8; has been added to control various aspects - of the &man.ata.4; driver. &merged;</para> - - <para>The system &man.awk.1; now refers to - <application>BWK awk</application>.</para> - - <para>&man.basename.1; now accept <option>-a</option> and - <option>-s</option> flags, which allow it to perform the - &man.basename.3; function on multiple files.</para> - - <para>&man.biff.1; now accepts a <option>b</option> argument to - enable <quote>bell notification</quote> of new mail (which does - not disturb the terminal contents as <command>biff y</command> - would). &merged;</para> - - <para>&man.biff.1; now uses the first terminal associated with the - standard input, standard output or standard error file - descriptor, in that order. Thus, it is possible to use the - redirection facilities of a shell (<command>biff n < - /dev/ttyp1</command>) to toggle the notification for other - terminals.</para> - - <para arch="pc98" role="historic">&man.boot98cfg.8;, a PC-98 boot manager - installation and configuration utility, has been - added. &merged;</para> - - <para role="historic">&man.burncd.8; now supports a <option>-m</option> option for - multisession mode (the default behavior now is to close disks as - single-session). A <option>-l</option> option to take a list of - image files from a filename was also added; - <filename>-</filename> can be used as a filename for - <literal>stdin</literal>. &merged;</para> - - <para>&man.burncd.8; now supports Disk At Once (DAO) mode, - selectable via the <option>-d</option> flag. &merged;</para> - - <para>&man.burncd.8; now has the ability to write VCDs/SVCDs. &merged;</para> - - <para>&man.burncd.8; now accepts a value of <literal>max</literal> - for its <option>-s</option> option to set the drive's maximum - write speed. &merged;</para> - - <para>&man.bzgrep.1;, &man.bzegrep.1;, and &man.bzfgrep.1; - have been added to perform &man.grep.1;-type operations on - &man.bzip2.1;-compressed files.</para> - - <para role="historic">&man.c89.1; has been converted from a shell script to a - binary executable, fixing some minor bugs. &merged;</para> - - <para>&man.calendar.1; now takes a <option>-W</option> option, - which operates similar to <option>-A</option> but without - special treatment at weekends, and a <option>-F</option> option - to change the notion of <quote>Friday</quote>.</para> - - <para arch="i386,pc98" role="historic">A minimalized version of &man.camcontrol.8; is - now available on the installation floppy. This allows it to - rescan for devices that have been connected after booting, or to - show the devices attached to SCSI busses (e. g. from within the - <quote>emergency holographic shell</quote>). &merged;</para> - - <para role="historic">&man.cat.1; now has the ability to read from UNIX-domain - sockets. &merged;</para> - - <para>&man.catman.1; is now a C program, instead of a - Perl script.</para> - - <para role="historic">&man.cdcontrol.1; now supports a <literal>cdid</literal> - command, which calculates and displays the CD serial number, - using the same algorithm used by the CDDB - database. &merged;</para> - - <para role="historic">&man.cdcontrol.1; now uses the <envar>CDROM</envar> - environment variable to pick a default device. &merged;</para> - - <para role="historic">&man.cdcontrol.1; now supports <literal>next</literal> and - <literal>prev</literal> commands to skip forwards or backwards a - specified number of tracks while playing an audio - CD. &merged;</para> - - <para>&man.cdcontrol.1; now supports a - <literal>speed</literal> command to set the maximum speed to be - used by the drive (the maximum possible speed can be selected - setting the speed to <literal>max</literal>). &merged;</para> - - <para>A &man.check.utility.compat.3; library function has been - added to <filename>libc</filename>, to determine - whether certain &os; base system utilities should behave in &os; 4-compatible mode - or in a <quote>standard</quote> mode (default standard). The - configuration is done &man.malloc.3;-style, with either an - environment variable or a symbolic link.</para> - - <para>&man.chflags.1; has moved from <filename>/usr/bin</filename> - to <filename>/bin</filename>.</para> - - <para role="historic">&man.chio.1; now has the ability to specify elements by - volume tag instead of by their physical location as well as the - ability to return an element to its previous - location. &merged;</para> - - <para>&man.chmod.1; now supports a <option>-h</option> for - changing the mode of a symbolic link.</para> - - <para>&man.chmod.1; now also, when the mode is modified, prints - the old and new modes if the <option>-v</option> option is - specified more than once.</para> - - <para role="historic">&man.chown.8; now correctly follows symbolic links named as - command line arguments if run without - <option>-R</option>. &merged;</para> - - <para>&man.chown.8; no longer takes <literal>.</literal> as a - user/group delimeter. This change was made to support usernames - containing a <literal>.</literal> character.</para> - - <para>Use of the <literal>CSMG_*</literal> macros no longer - require inclusion of - <filename><sys/param.h></filename></para> - - <para role="historic">&man.col.1; now takes a <option>-p</option> flag to force - unknown control sequences to be passed through - unchanged. &merged;</para> - - <para role="historic">The <filename>compat3x</filename> distribution has been - updated to include libraries present in &os; - 3.5.1-RELEASE. &merged;</para> - - <para>A <filename>compat4x</filename> distribution has been added - for compatibility with &os; 4-STABLE. It includes a subset of - the libraries distributed with &os; 4.7-RELEASE.</para> - - <para role="historic">&man.config.8; is now better about converting various - warnings that should have been errors into actual fatal errors - with an exit code. This ensures that <literal>make - buildkernel</literal> doesn't quietly ignore them and build a - bogus kernel without a human to read the errors. &merged;</para> - - <para role="historic">A number of buffer overflows in &man.config.8; have been - fixed. &merged;</para> - - <para>&man.cp.1; now takes a (nonstandard) <option>-n</option> - option to automatically answer <quote>no</quote> when it would - ask to overwrite a file. &merged;</para> - - <para>A new &man.csplit.1; utility, which splits files based on - context, has been added.</para> - - <para role="historic">&man.ctags.1; no longer creates a corrupt tags file if the - source file used <literal>//</literal> (C++-style) - comments. &merged;</para> - - <para>&man.ctags.1; now creates tags for typedefs, structs, - unions, and enums by default (implying the <option>-t</option> - option). The new <option>-T</option> reverts to the old - behavior.</para> - - <para>The &man.daemon.8; program, a command-line interface to - &man.daemon.3;, has been added. It detaches itself from its - controlling terminal and executes a program specified on the - command line. This allows the user to run an arbitrary program - as if it were written to be a daemon. &merged;</para> - - <para>The &man.devd.8; utility, a userland daemon that can run - arbitrary commands when devices come and go in the device tree, - has been added. This program is a generalization of some of the - functionality of &man.pccardd.8;. - - <note> - <para>&man.devd.8; is a work in progress.</para> - </note> - - </para> - - <para>&man.devinfo.8;, a simple tool to print the device tree and resource - usage by devices, has been added.</para> - - <para role="historic">&man.df.1; now takes a <option>-l</option> option to only - display information about locally-mounted - filesystems. &merged;</para> - - <para role="historic">&man.disklabel.8; now supports partition sizes expressed in - kilobytes, megabytes, or gigabytes, in addition to - sectors. &merged;</para> - - <para>diskpart(8) has been declared obsolete, and has been - removed.</para> - - <para role="historic">&man.dmesg.8; now has a <option>-a</option> option to show - the entire message buffer, including &man.syslogd.8; records and - <filename>/dev/console</filename> output. &merged;</para> - - <para role="historic">&man.du.1; now takes a <option>-I</option> command-line flag - to ignore/skip files and subdirectories matching a specified - shell-glob mask. &merged;</para> - - <para role="historic">&man.dump.8; now supports inheritance of the - <literal>nodump</literal> flag down a hierarchy. &merged;</para> - - <para>&man.dump.8; now supports a <option>-L</option> flag for - dumping live UFS and UFS2 filesystems safely. To obtain a - consistent dump image, &man.dump.8; takes a snapshot of the - filesystem and performs the dump on the snapshot. The snapshot - is removed when the dump is complete.</para> - <para>&man.dump.8; now supports caching of disk blocks with the <option>-C</option> option. This can improve dump performance at the cost of possibly missing filesystem updates that occur between passes.</para> - <para role="historic">The <option>-T</option> option to &man.dump.8; no longer - swallows an extra argument. &merged;</para> - - <para role="historic">&man.dump.8; has a new <option>-D</option> option, allowing - the path to the <filename>/etc/dumpdates</filename> file to be - changed. &merged;</para> - - <para role="historic">&man.dump.8; now supplies progress information in its - process title, useful for monitoring automated - backups. &merged;</para> - - <para>&man.dump.8; now supports a new <option>-S</option> flag to allow - it to just print out the dump size estimates and exit. &merged;</para> - - <para role="historic">&man.edquota.8; now takes a <option>-f</option> option to - allow limiting the prototype quota distribution (specified with - <option>-p</option>) to a single filesystem. &merged;</para> - - <para role="historic"><filename>/etc/rc.firewall</filename> and - <filename>/etc/rc.firewall6</filename> will no longer add their own - hardcoded rules in the cases of a rules file in the - <varname>firewall_type</varname> variable or a non-existent - firewall type. (The motivation for this change is to avoid - acting on assumptions about a site's firewall policies.) In - addition, the <literal>closed</literal> firewall type now works - as documented in the &man.rc.firewall.8; manual page. &merged;</para> - - <para role="historic">The functionality of <filename>/etc/security</filename> has - been been moved into a set of scripts under the &man.periodic.8; - framework, to make local customization easier and more - maintainable. These scripts now reside in - <filename>/etc/periodic/security/</filename>. &merged;</para> - - <para>&man.expr.1; is now compliant with POSIX.2-1992 (and thus - also with POSIX.1-2001). Some program depend on the old, - historic behavior and do not properly protect their arguments to - keep them from being misinterpreted as command-line options. - (the <filename role="package">devel/libtool</filename> - port/package, used by many GNU programs, is a notable example). - The old behavior can be requested by enabling compatibility mode - for &man.expr.1; as described in - &man.check.utility.compat.3;.</para> - - <para>&man.fbtab.5; now accepts glob matching patterns for target - devices, not just individual devices and directories.</para> - - <para arch="i386,pc98">&man.fdisk.8; no longer attempts to search for a - device if none has been specified on the command line, but - instead tries to figure out the default device name from the - root device.</para> - - <para>&man.fdread.1;, a program to read data from floppy disks, - has been added. It is a counterpart to &man.fdwrite.1; and is - designed to provide a means of recovering at least some data - from bad media, and to obviate the need for a complex invocation of - &man.dd.1;.</para> - - <para role="historic">&man.find.1; now takes the <option>-empty</option> flag, - which returns true if a file or directory is - empty. &merged;</para> - - <para role="historic">&man.find.1; now takes the <option>-iname</option> and - <option>-ipath</option> primaries for case-insensitive matches, - and the <option>-regexp</option> and <option>-iregexp</option> - primaries for regular-expression matches. The - <option>-E</option> flag now enables extended regular - expressions. &merged;</para> - - <para role="historic">&man.find.1; now has the <option>-anewer</option>, - <option>-cnewer</option>, <option>-mnewer</option>, - <option>-okdir</option>, and <option>-newer[acm][acmt]</option> - primaries for comparisons of file timestamps. The latter - primaries can be specified with various units of - time. &merged;</para> - - <para role="historic">&man.finger.1; now has the ability to support fingering - aliases, via the &man.finger.conf.5; file. &merged;</para> - - <para>&man.finger.1; now has support for a - <filename>.pubkey</filename> file. &merged;</para> - - <para>&man.finger.1; now supports a <option>-g</option> flag to - restrict the printing of GECOS information to the user's full - name only. &merged;</para> - - <para>&man.finger.1; now supports the <option>-4</option> and - <option>-6</option> flags to specify an address family for - remote queries. &merged;</para> - - <para role="historic">&man.fmt.1; has been rewritten; the rewrite fixes a number - of bugs compared to its prior behavior. &merged;</para> - - <para role="historic">&man.fmtcheck.3;, a function for checking consistency of - format string arguments, has been added. &merged;</para> - - <para>&man.fold.1; now supports a <option>-b</option> flag to - break at byte positions and a <option>-s</option> flag to break at - word boundaries. &merged;</para> - - <para role="historic">&man.fsdb.8; now supports a <literal>blocks</literal> - command to list the blocks allocated by a particular - inode. &merged;</para> - - <para>&man.fsck.8; wrappers have been imported; this feature - provides infrastructure for &man.fsck.8; to work on different - types of filesystems (analogous to &man.mount.8;).</para> - - <para>The behavior of &man.fsck.8; when dealing with various - passes (a la <filename>/etc/fstab</filename>) has been modified - to accommodate multiple-disk filesystems.</para> - - <para>&man.fsck.8; now has support for foreground - (<option>-F</option>) and background (<option>-B</option>) - checks. Traditionally, &man.fsck.8; is invoked before the - filesystems are mounted and all checks are done to completion at - that time. If background checking is available, &man.fsck.8; is - invoked twice. It is first invoked at the traditional time, - before the filesystems are mounted, with the <option>-F</option> - flag to do checking on all the filesystems that cannot do - background checking. It is then invoked a second time, after - the system has completed going multiuser, with the - <option>-B</option> flag to do checking on all the filesystems - that can do background checking. Unlike the foreground - checking, the background checking is started asynchronously so - that other system activity can proceed even on the filesystems - that are being checked. Boot-time enabling of this feature is - controlled by the - <varname>background_fsck</varname> option in &man.rc.conf.5;.</para> - - <para role="historic">Shortly after the receipt of a <literal>SIGINFO</literal> - signal (normally control-T from the controlling tty), - &man.fsck.ffs.8; will now output a line indicating the current - phase number and progress information relevant to the current - phase. &merged;</para> - - <para>&man.fsck.ffs.8; now supports background filesystem checks - to mounted FFS filesystems with the <option>-B</option> option - (Soft Updates must be enabled on these filesystems). The - <option>-F</option> flag now determines whether a specified - filesystem needs foreground checking.</para> - - <para role="historic">A new &man.fsck.msdosfs.8; utility has been added to check - the consistency of MS-DOS filesystems. &merged;</para> - - <para role="historic">&man.ftpd.8; now supports a <option>-r</option> flag for - read-only mode and a <option>-E</option> flag to disable - <literal>EPSV</literal>. It also has some fixes to reduce - information leakage and the ability to specify compile-time port - ranges. &merged;</para> - - <para>&man.ftpd.8; now supports the <option>-m</option> option - to permit guest users to modify existing files if allowed - by filesystem permissions. - In particular, this enables guest users to resume uploads. - &merged;</para> - - <para>&man.ftpd.8; now supports the <option>-M</option> option - to prevent guest users from creating directories. - &merged;</para> - - <para>&man.ftpd.8; now supports <option>-o</option> and - <option>-O</option> options to disable the - <literal>RETR</literal> command; the former for everybody, and - the latter only for guest users. Coupled with - <option>-A</option> and appropriate file permissions, these can - be used to create a relatively safe anonymous FTP drop box for - others to upload to. &merged;</para> - - <para>&man.ftpd.8; now supports the <option>-W</option> option - to disable logging FTP sessions to &man.wtmp.5;. &merged;</para> - - <para>The &man.fwcontrol.8; utility has been added to help users - access and control the FireWire subsystem. &merged;</para> - - <para arch="i386,pc98" role="historic">&man.gdb.1; now supports hardware - watchpoints (using the kernel's debug register + support that - has been introduced in &os; 4.0). &merged;</para> - - <para>The &man.getconf.1; utility has been added. It prints the - values of POSIX or X/Open path or system configuration - variables. &merged;</para> - - <para role="historic">The &man.getprogname.3; and &man.setprogname.3; library - functions have been added to manipulate the name of the current - program. They are used by error-reporting routines to produce - consistent output. &merged;</para> - - <para>gifconfig(8) is obsolete and has been removed. Its - functionality is now handled by the <option>tunnel</option> and - <option>deletetunnel</option> commands of - &man.ifconfig.8;.</para> - - <para>&man.gprof.1; now has a <option>-K</option> option to enable - dynamic symbol resolution from the currently-running kernel. - With this change, properly-compiled KLD modules are now able to - be profiled.</para> - - <para arch="ia64">The gpt tool for manipulating EFI GPT - partitions has been added.</para> - - <para role="historic">&man.growfs.8;, a utility for growing FFS filesystems, has - been added. &man.ffsinfo.8;, a utility for dump all the - meta-information of an existing filesystem, has also been - added. &merged;</para> - - <para role="historic">The &man.groups.1; and &man.whoami.1; shell scripts are now - unnecessary; their functionality has been completely folded into - &man.id.1;. &merged;</para> - - <para>The ibcs(8), linux(8), osf1(8), and - svr4(8) scripts, whose sole purpose was to load emulation - kernel modules, have been removed. The kernel module system - will automatically load them as needed to fulfill - dependencies.</para> - - <para role="historic">&man.indent.1; has gained some new formatting - options. &merged;</para> - - <para role="historic">&man.ifconfig.8; can set the link-layer address of - an interface using the <option>link</option> parameter. - &merged;</para> - - <para role="historic">&man.ifconfig.8; can now accept addresses in slash/CIDR - notation. &merged;</para> - - <para role="historic">&man.ifconfig.8; now has support for setting parameters for - IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4; - devices are supported, and partial support is provided for - &man.awi.4; devices. &merged;</para> - - <para role="historic">&man.ifconfig.8; no longer displays the list of supported - media by default. Instead it displays it when the - <option>-m</option> flag is given. &merged;</para> - - <para>&man.ifconfig.8; now has the ability to set promiscuous mode - on an interface, via the new <option>promisc</option> - flag. &merged;</para> - - <para>&man.ifconfig.8; now supports a <literal>monitor</literal> - interface flag, which blocks transmission of packets on that - interface. This feature is useful for monitoring network traffic - without interacting with the network in question.</para> - - <para role="historic">The syntax of &man.inetd.8;'s support for &man.faithd.8; is - now compatible with that of other BSDs. &merged;</para> - - <para role="historic">The <literal>ident</literal> protocol support in - &man.inetd.8; has been cleaned up and updated. &merged;</para> - - <para role="historic">&man.inetd.8; now has the ability to manage UNIX-domain - sockets. &merged;</para> - - <para>By default, &man.inetd.8; is no longer run by &man.rc.8; at - boot-time, although &man.sysinstall.8; gives the option of - enabling it during binary installations. &man.inetd.8; can also - be enabled by adding the following line to - <filename>/etc/rc.conf</filename>:</para> - - <programlisting>inetd_enable="YES"</programlisting> - - <para>&man.inetd.8; now has the capability for limiting the - maximum number of simultaneous invocations of each service from - a single IP address. &merged;</para> - - <para role="historic">&man.install.1; has a number of new features, including the - <option>-b</option> and <option>-B</option> options for backing up - existing target files and the <option>-S</option> option for - <quote>safe</quote> (atomic copy) operation. The - <option>-c</option> (copy) flag is now the default, and the - <option>-D</option> (debugging) flag has been withdrawn. - &man.install.1; now issues a warning if <option>-d</option> - (create directories) and <option>-C</option> (copy changed files - only) are used together. &merged;</para> - - <para role="historic">IP Filter is now supported by the &man.rc.conf.5; boot-time - configuration and initialization. &merged;</para> - - <para role="historic">&man.ipfstat.8; now supports the <option>-t</option> option - to turn on a &man.top.1;-like display. &merged;</para> - - <para role="historic">&man.ipfw.8; will now avoid the display of dynamic firewall - rules unless the <option>-d</option> flag is passed to it. The - <option>-e</option> option lists expired dynamic - rules. &merged;</para> - - <para role="historic">&man.ipfw.8; has a new feature (<literal>me</literal>) that - allows for packet matching on interfaces with - dynamically-changing IP addresses. &merged;</para> - - <para role="historic">&man.ipfw.8; has a new <literal>limit</literal> type of - firewall rule, which limits the number of sessions between - address pairs. &merged;</para> - - <para>&man.ipfw.8; filter rules can now match on the value of the - IPv4 precedence field.</para> - - <para role="historic">&man.ip6fw.8; now has the ability to use a preprocessor and - use the <option>-q</option> (quiet) flag when reading from a - file. &merged;</para> - - <para role="historic">&man.ispppcontrol.8; has been deleted, and its functionality - has been folded into &man.spppcontrol.8;. &merged;</para> - - <para role="historic">&man.k5su.8; is no longer installed SUID - <username>root</username> by default. Users requiring this - feature can either manually change the permissions on the - &man.k5su.8; executable or add - <literal>ENABLE_SUID_K5SU=yes</literal> to - <filename>/etc/make.conf</filename> before a source - upgrade. &merged;</para> - - <para>&man.kbdmap.1; and &man.vidfont.1; have been converted from - Perl to C.</para> - - <para role="historic">&man.kenv.1;, a command to dump the kernel environment, has - been added. &merged;</para> - - <para>&man.kenv.1; now has the ability to set or delete kernel - environment variables.</para> - - <para role="historic">&man.keyinfo.1; is now a C program, rather than a Perl - script. &merged;</para> - - <para>The kget(8) utility has been removed (it was only - useful for UserConfig, which is not present in &os; - &release.current;).</para> - - <para role="historic">&man.killall.1; is now a C program, rather than a Perl - script. As a result, its <option>-m</option> option now uses - the regular expression syntax of &man.regex.3;, rather than that - of Perl. &merged;</para> - - <para>&man.killall.1; no longer tries to kill zombie processes - unless the <option>-z</option> flag is specified.</para> - - <para role="historic">The &man.kldconfig.8; utility has been added to make it - easier to manipulate the kernel module search - path. &merged;</para> - - <para>&man.ktrdump.8;, a utility to dump the ktr trace buffer from - userland, has been added.</para> - - <para role="historic">&man.last.1; now implements a <option>-d</option> that - provides a <quote>snapshot</quote> of who was logged in at a - particular date and time. &merged;</para> - - <para role="historic">&man.last.1; now supports a <option>-y</option> flag, which - causes the year to be included in the session start time. &merged;</para> - - <para role="historic">The &man.lastlogin.8; utility, which prints the last login - time of each user, has been imported from - NetBSD. &merged;</para> - - <para role="historic">&man.ldconfig.8; now checks directory ownerships and - permissions for greater security; these checks can be disabled - with the <option>-i</option> flag. &merged;</para> - - <para role="historic">&man.ldd.1; can now be used on shared libraries, in addition - to executables. &merged;</para> - - <para>&man.ldd.1; now supports a <option>-a</option> flag to list - all the objects that are needed by each loaded object.</para> - - <para><filename>libc</filename> is now thread-safe by default; - <filename>libc_r</filename> contains only thread - functions.</para> - - <para role="historic"><filename>libcrypt</filename> and - <filename>libdescrypt</filename> have been unified to provide a - configurable password authentication hash library. Both the md5 - and des hash methods are provided unless the des hash is - specifically compiled out. &merged;</para> - - <para role="historic"><filename>libcrypt</filename> now has support for Blowfish - password hashing. &merged;</para> - - <para arch="i386" role="historic"><filename>libdisk</filename> can now do - install-time configuration of the <filename>boot0</filename> - boot loader. &merged;</para> - - <para role="historic"><filename>libstand</filename> now has support for - filesystems containing - <application>bzip2</application>-compressed - files. &merged;</para> - - <para><filename>libstand</filename> now has support for - overwriting the contents of a file on a UFS filesystem (it - cannot expand or truncate files because the filesystem may be - dirty or inconsistent).</para> - - <para role="historic"><filename>libstand</filename> now has support for loading - large kernels and modules split across several physical - media. &merged;</para> - - <para role="historic">The default TCP port range used by - <filename>libfetch</filename> for passive FTP retrievals has - changed; this affects the behavior of &man.fetch.1;, which has - gained the <option>-U</option> option to restore the old - behavior. &merged;</para> - - <para role="historic"><filename>libfetch</filename> now has support for an - authentication callback. &merged;</para> - - <para role="historic"><filename>libfetch</filename> now has support for a - <envar>HTTP_USER_AGENT</envar> environment - variable. &merged;</para> - - <para><filename>libgmp</filename> has been superceded by - <filename>libmp</filename>. - - <para>The functions from <filename>libposix1e</filename> have been - integrated into <filename>libc</filename>.</para> - - <para role="historic"><filename>libusb</filename> has been renamed as - <filename>libusbhid</filename>, following NetBSD's naming - conventions. &merged;</para> - - <para role="historic">&man.ln.1; now takes an <option>-i</option> option to - request user confirmation before overwriting an existing - file. &merged;</para> - - <para role="historic">&man.ln.1; now takes a <option>-h</option> flag to avoid - following a target that is a link, with a <option>-n</option> - flag for compatibility with other - implementations. &merged;</para> - - <para>&man.lock.1; now accepts a <option>-v</option> to disable - switching VTYs while the current terminal is locked. This permits - locking the entire console from a single terminal. &merged;</para> - - <para role="historic">&man.logger.1; can now send messages directly to a remote - syslog. &merged;</para> - - <para role="historic">&man.login.1; now exports environment variables set by - <application>PAM</application> modules. &merged;</para> - - <para>&man.lpc.8; has been improved; <command>lpc clean</command> - is now somewhat safer, and a new <command>lpc tclean</command> - command has been added to check to see what files would be - removed by <command>lpc clean</command>. <command>lpc - topq</command> has been reimplemented, and now allows for a much - more flexible specification of which jobs should be moved (such - as a range of job numbers, or a hostname). An <command>lpc - bottomq</command> command has been added to move jobs to the - bottom of a print queue, and a new <command>lpc - setstatus</command> command can be used to set a printer's - status message. &merged;</para> - - <para role="historic">&man.lpd.8; now takes two new options: <option>-c</option> - will log all connection errors to &man.syslogd.8;, while - <option>-W</option> will allow connections from non-reserved - ports. &merged;</para> - - <para role="historic">&man.lpd.8; now has some support for - <literal>o</literal>-type print-file actions in its control - files, which allows printing of PostScript files generated by - <application>MacOS</application> 10.1. &merged;</para> - - <para role="historic">&man.lpd.8; now recognizes the <option>-s</option> flag as - the preferred synonym for <option>-p</option> (these flags - cause &man.lpd.8; not to open a socket for network print - jobs). &merged;</para> - - <para role="historic">&man.lpd.8; now implements a new <literal>rc</literal> - printcap option. When specified in a print queue for a remote - host, boolean option causes &man.lpd.8; to resend the data file - for each copy the user requested via <command>lpr - -#<replaceable>n</replaceable></command>. &merged;</para> - - <para role="historic">Catching up with most other network utilities in the base - system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and - &man.logger.1; are now all IPv6-capable. &merged;</para> - - <para role="historic"><command>lprm -</command> now works for remote printer - queues. &merged;</para> - - <para role="historic">&man.ls.1; can produce colorized listings with the - <option>-G</option> flag (and appropriate terminal support). - The <envar>CLICOLOR</envar> environment variable can be set to - enable colorized listings by default. &merged;</para> - - <para role="historic">&man.ls.1; now accepts a <option>-h</option> flag, which - when combined with the <option>-l</option> flag, causes file - sizes to be printed with unit suffixes, such that the number of - digits printed is fewer than four. &merged;</para> - - <para>The &man.ls.1; program now supports a <option>-m</option> - flag to list files across a page, a <option>-p</option> flag to - force printing of a <literal>/</literal> after directories, and - a <option>-x</option> flag to sort filenames across a - page. &merged;</para> - - <para role="historic">&man.m4.1; now accepts a <option>-s</option> flag to cause - it to emit <literal>#line</literal> directives for use by - &man.cpp.1;. &merged;</para> - - <para role="historic">&man.mail.1; now takes a <option>-E</option> flag to avoid - sending messages with empty bodies. &merged;</para> - - <para role="historic">&man.make.1; has gained the <literal>:C///</literal> - (regular expression substitution), <literal>:L</literal> - (lowercase), and <literal>:U</literal> (uppercase) variable - modifiers. These were added to reduce the differences between - the &os; and OpenBSD/NetBSD &man.make.1; programs. - &merged;</para> - - <para>&man.make.1; now supports a <option>-C</option> flag to - change to a given directory before building its - target(s). &merged;</para> - - <para role="historic">Bugs in &man.make.1;, among which include broken null suffix - behavior, bad assumptions about current directory permissions, - and potential buffer overflows, have been fixed. &merged;</para> - - <para role="historic">The new <varname>CPUTYPE</varname> - <filename>make.conf</filename> variable controls the compilation - of processor-specific optimizations in various pieces of code - such as <application>OpenSSL</application>. &merged;</para> - - <para role="historic">The &os; <filename>Makefile</filename> infrastructure now - supports the <varname>WARNS</varname> directive from NetBSD. - This directive controls the addition of compiler warning flags - to <varname>CFLAGS</varname> in a relatively compiler-neutral - manner. &merged;</para> - - <para>&man.makewhatis.1; is now a C program, instead of a - Perl script.</para> - - <para>&man.man.1; is no longer installed SUID - <username>man</username>, in order to reduce vulnerabilities - associated with generating <quote>catpages</quote> (preformatted - manual pages cached for repeated viewing). As a result, - &man.man.1; can no longer create system catpages on a regular - user's behalf. It is still able to do so if the user has write - permissions to the directory holding catpages (e.g. a user's own - manpages) or if the running user is - <username>root</username>.</para> - - <para arch="ia64">The mca utility, for decoding Machine Check Architecture - records, has been added.</para> - - <para>The &man.mdmfs.8; command has been added; it is a wrapper - around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and - &man.mount.8; that mimics the command line option set of the - deprecated &man.mount.mfs.8;.</para> - - <para role="historic">&man.mergemaster.8; now sources an - <filename>/etc/mergemaster.rc</filename> file and also prompts - the user to run recommended commands (such as - <command>newaliases</command>) as needed. &merged;</para> - - <para role="historic">&man.mergemaster.8; now supports two new flags. - The <option>-p</option> flag enables a - <quote>pre-<literal>buildworld</literal></quote> mode to files - known to be essential to the success of the - <literal>buildworld</literal> and - <literal>installworld</literal> system updating steps. The - <option>-C</option> flag, used after a successful - &man.mergemaster.8; run, compares options in - <filename>/etc/rc.conf</filename> to the default options in - <filename>/etc/defaults/rc.conf</filename>. &merged;</para> - - <para>&man.mesg.1; now conforms to SUSv3. Among other things, it - now uses the first terminal associated with the standard input, - standard output or standard error file descriptor, in that order. - Thus, it is possible to use the redirection facilities of a shell - (<command>mesg n < /dev/ttyp1</command>) to control write access - for other terminals.</para> - - <para role="historic">mk_cmds(1) and the associated - <filename>libss</filename> have been removed; they have been - unused for quite some time. &merged;</para> - - <para>&man.mountd.8; and &man.nfsd.8; have moved from - <filename>/sbin</filename> to <filename>/usr/sbin</filename>.</para> - - <para role="historic">&man.moused.8; now takes a <option>-a</option> option to - control mouse acceleration. &merged;</para> - - <para role="historic">&man.mtree.8; now includes support for a file that lists - pathnames to be excluded when creating and verifying prototypes. - This makes it easier to use &man.mtree.8; as a part of an - intrusion-detection system. &merged;</para> - - <para>&man.mv.1; now takes a (nonstandard) <option>-n</option> option to - automatically answer <quote>no</quote> when it would ask to - overwrite a file. &merged;</para> - - <para role="historic">&man.natd.8; now supports a - <option>-log_ipfw_denied</option> option to log packets that - cannot be re-injected because they are blocked by &man.ipfw.8; - rules. &merged;</para> - - <para role="historic">The <quote>in use</quote> percentage metric displayed by - &man.netstat.1; now really reflects the percentage of network - mbufs used. &merged;</para> - - <para role="historic">&man.netstat.1; now has a <option>-W</option> flag that - tells it not to truncate addresses, even if they're too long for - the column they're printed in. &merged;</para> - - <para role="historic">&man.netstat.1; now keeps track of input and output packets - on a per-address basis for each interface. &merged;</para> - - <para role="historic">&man.netstat.1; now has a <option>-z</option> flag to reset - statistics. &merged;</para> - - <para role="historic">&man.netstat.1; now has a <option>-S</option> flag to print - address numerically but port names symbolically. &merged;</para> - - <para role="historic">&man.newfs.8; now implements write combining, which can make - creation of new filesystems up to seven times - faster. &merged;</para> - - <para role="historic">&man.newfs.8; now takes a <option>-U</option> option to - enable Soft Updates on a new filesystem. &merged;</para> - - <para role="historic">The default number of cylinders per group in &man.newfs.8; - is now computed to be the maximum allowable given the current - filesystem parameters. It can be overridden with the - <option>-c</option> option. Formerly, the default was fixed at - 16. This change leads to better &man.fsck.8; performance and - reduced fragmentation. &merged;</para> - - <para role="historic"><anchor id="newfs-block-frag-sizes">The default block and - fragment sizes for new filesystems created by &man.newfs.8; are - now 16384 and 2048 bytes, respectively (the old defaults were - 8192 and 1024 bytes). This change generally provides increased - performance, at the expense of some wasted disk - space. &merged;</para> - - <para>A number of archaic features of &man.newfs.8; have been - removed; these implemented tuning features that are essentially - useless on modern hard disks. These features were controlled by - the <option>-O</option>, <option>-d</option>, - <option>-k</option>, <option>-l</option>, <option>-n</option>, - <option>-p</option>, <option>-r</option>, <option>-t</option>, - and <option>-x</option> flags.</para> - - <para>&man.newfs.8; now supports a <option>-O</option> flag to - select the creation of UFS1 or UFS2 filesystems.</para> - - <para>The &man.newgrp.1; utility to change to a new group has been - added.</para> - - <para>&man.newsyslog.8; now compresses log files - using &man.bzip2.1; by default. (The former behavior of using - &man.gzip.1; can be specified in - <filename>/etc/newsyslog.conf</filename>.)</para> - <para>&man.newsyslog.8; now supports a <literal>W</literal> flag to force previously-started compression jobs for an entry (or group of entries specified with the <literal>G</literal> flag) @@ -3180,369 +182,6 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> to prevent system overloads caused by starting several compression jobs on big files simultaneously. &merged;</para> - <para>The &man.nextboot.8; utility has been added to specify an - alternate kernel and/or boot flags to be used the next time the - machine is booted. A previous incarnation of this feature - first appeared in &os; 2.2.</para> - - <para><application>NFS</application> now works over IPv6.</para> - - <para role="historic">&man.ngctl.8; now supports a <option>write</option> command - to send a data packet down a given hook. &merged;</para> - - <para>&man.nice.1; now uses the <option>-n</option> option to - specify the <quote>niceness</quote> of the utility being - run. &merged;</para> - - <para role="historic">&man.nl.1;, a line numbering filter program, has been - added. &merged;</para> - - <para><application>nsswitch</application> support has been merged - from NetBSD. By creating an &man.nsswitch.conf.5; file, &os; - can be configured so that various databases such as - &man.passwd.5; and &man.group.5; can be looked up using flat - files, NIS, or Hesiod. If <filename>/etc/nsswitch.conf</filename> - does not exist, it will be automatically generated from an existing - <filename>/etc/hosts.conf</filename> at system startup time. The - <filename>/etc/hosts.conf</filename> file may be used by old - executables; it will be automatically generated from - an existing <filename>/etc/nsswitch.conf</filename> during - system startup if it exists.</para> - - <para>&man.od.1; now supports the <option>-A</option> option to - specify the input address base, the <option>-N</option> option to - specify the number of bytes to dump, the <option>-j</option> - option to specify the number of bytes to skip, the - <option>-s</option> option to output signed decimal shorts, and - the <option>-t</option> option to specify output type. &merged;</para> - - <para arch="sparc64">The &man.ofwdump.8; utility has been added to - examine the OpenFirmware device tree.</para> - - <para><application>PAM</application> support has been added for - account management and sessions.</para> - - <para><application>PAM</application> configuration is now - specified by files in <filename>/etc/pam.d/</filename>, rather - than a single <filename>/etc/pam.conf</filename> file. - <filename>/etc/pam.d/README</filename> has more details.</para> - - <para>A &man.pam.echo.8; echo service module has been added.</para> - - <para>A &man.pam.exec.8; program execution service module has been - added.</para> - - <para>A &man.pam.ftp.8; module has been added to allow - authentication of anonymous FTP users.</para> - - <para>A &man.pam.ftpusers.8; module has been added to perform - checks against the &man.ftpusers.5; file.</para> - - <para>A &man.pam.ksu.8; module has been added to do Kerberos 5 - authentication and <filename>$HOME/.k5login</filename> - authorization for &man.su.1;.</para> - - <para>A &man.pam.lastlog.8; module has been added to record - sessions in the &man.utmp.5;, &man.wtmp.5;, and &man.lastlog.5; - databases.</para> - - <para>A &man.pam.login.access.8; module has been added, to allow - checking against <filename>/etc/login.access</filename>.</para> - - <para>The &man.pam.nologin.8; module, which can disallow logins - using &man.nologin.5;, has been added.</para> - - <para>The &man.pam.opie.8; and &man.pam.opieaccess.8; modules have - been added to control authentication via &man.opie.4;. &merged;</para> - - <para>A &man.pam.passwdqc.8; module has been added, to check the - quality of passwords submitted during password changes.</para> - - <para>A &man.pam.rhosts.8; module has been added to support - &man.rhosts.5; authentication.</para> - - <para>The &man.pam.rootok.8; module, which can be used to - authenticate only the superuser, has been added.</para> - - <para>A &man.pam.securetty.8; module has been added to check the - <quote>security</quote> of a TTY, as listed in &man.ttys.5;.</para> - - <para>A &man.pam.self.8; module, which allows self-authentication - of a user, has been added.</para> - - <para role="historic">A &man.pam.ssh.8; module has been added to allow the use of - SSH passphrases and keypairs for authentication. This module - also handles session management by invoking - &man.ssh-agent.1;. &merged;</para> - - <para>A &man.pam.wheel.8; module has been added to permit - authentication to members of a group, which defaults to - <groupname>wheel</groupname>.</para> - - <para role="historic">&man.passwd.1; and &man.pw.8; now select the password hash - algorithm at run time. See the <literal>passwd_format</literal> - attribute in - <filename>/etc/login.conf</filename>. &merged;</para> - - <para role="historic">&man.patch.1; now accepts a <option>-i</option> command-line - flag to read a patch from a file, rather than standard - input. &merged;</para> - - <para>The &man.pathchk.1; utility, which checks pathnames for - validity or portability between POSIX systems, has been - added. &merged;</para> - - <para role="historic">&man.pax.1; has received a number of enhancements, including - &man.cpio.1; functionality, &man.tar.1; compatibility - enhancements, <option>-z</option> and <option>-Z</option> flags - for &man.gzip.1; and &man.compress.1; functionality, and a - number of bug fixes. &merged;</para> - - <para role="historic">&man.pciconf.8; now supports a <option>-v</option> option to - display the vendor/device information of configured devices, in - conjunction with the <option>-l</option> option. The default - vendor/device database can be found at - <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para> - - <para role="historic">The behavior of &man.periodic.8; is now controlled by - <filename>/etc/defaults/periodic.conf</filename> and - <filename>/etc/periodic.conf</filename>. &merged;</para> - - <para role="historic">&man.ping.8; now supports a <option>-m</option> option to - set the TTL of outgoing packets. &merged;</para> - - <para role="historic">&man.ping.8; now supports a <option>-A</option> option to - beep when packets are lost. &merged;</para> - - <para>&man.ping.8; now supports a <option>-o</option> flag to exit - after receiving a reply.</para> - - <para role="historic">Userland &man.ppp.8; has received a number of updates and - bug fixes. &merged;</para> - - <para role="historic">&man.ppp.8; has gained the <literal>tcpmssfixup</literal> - option, which adjusts outgoing and incoming TCP SYN packets so - that the maximum receive segment size is no larger than allowed - by the interface MTU. &merged;</para> - - <para role="historic">&man.ppp.8; now supports IPv6. &merged;</para> - - <para role="historic">&man.pppd.8; (the control program for kernel-level PPP) is - now installed mode <literal>4550</literal> and - <username>root</username><literal>:</literal><groupname>dialer</groupname>, - rather than mode <literal>4555</literal> (in other words, it is - no longer world-executable). Users of &man.pppd.8; may need to - change their group settings. &merged;</para> - - <para role="historic">&man.pr.1; now supports the <option>-f</option> and - <option>-p</option> flags to pause output going to a - terminal. &merged;</para> - - <para>prefix(8) is obsolete and has been removed. Its - functionality is provided by the <option>eui64</option> command - to &man.ifconfig.8;.</para> - - <para role="historic">The <option>-W</option> option to &man.ps.1; (to extract - information from a specified swap device) has been useless for - some time; it has been removed. &merged;</para> - - <para>The &man.pselect.3; library function (introduced by POSIX.1 - as a slightly stronger version of &man.select.2;) has been - added.</para> - - <para role="historic">&man.pwd.1; can now double as &man.realpath.1;, a program to - resolve pathnames to their underlying physical - paths. &merged;</para> - - <para>&man.pwd.1; now supports the <option>-L</option> flag to - print the logical current working directory. &merged;</para> - - <para>&man.quota.1; now takes a <option>-l</option> flag to - suppress quote checks on NFS filesystems.</para> - - <para>The pseudo-random number generator implemented by - &man.rand.3; has been improved to provide less biased - results.</para> - - <para>&man.rarpd.8; now accepts a <option>-t</option> flag to - specify an alternative directory to - <filename>/tftpboot</filename>. &merged;</para> - - <para role="historic">&man.rc.8; now has a framework for handling dependencies - between &man.rc.conf.5; variables. &merged;</para> - - <para role="historic">&man.rc.8; now deletes all non-directory files in - <filename>/var/run</filename> and - <filename>/var/spool/lock</filename> at boot - time. &merged;</para> - - <para>&man.rcmd.3; now supports the use of the - <envar>RSH</envar> environment variable to specify a program to - use other than &man.rsh.1; for remote execution. As a result, - programs such as &man.dump.8; can use &man.ssh.1; for remote - transport.</para> - - <para>&man.rdist.1; has been retired from the base system, but is - still available from &os; Ports Collection as - <filename role="package">net/44bsd-rdist</filename>.</para> - - <para role="historic">&man.reboot.8; now takes a <option>-k</option> to specify - the next kernel to boot. &merged;</para> - - <para>The &man.renice.8; command implements a <option>-n</option> - option, which specifies an increment to be applied to the - priority of a process. &merged;</para> - - <para role="historic">The &man.resolver.3; in &os; now implements EDNS0 support, - which will be necessary when working with IPv6 transport-ready - resolvers/DNS servers. &merged;</para> - - <para role="historic">The &man.rfork.thread.3; library call has been added as a - helper function to &man.rfork.2;. Using this function should - avoid the need to implement complex stack swap - code. &merged;</para> - - <para role="historic">The <option>-v</option> option to &man.rm.1; now displays - the entire pathname of a file being removed. &merged;</para> - - <para role="historic">&man.route.8; is now more verbose when changing indirect - routes, in the case of a gateway route that is the same route as - the one being modified. &merged;</para> - - <para role="historic">&man.route.8; now uses - <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal> - syntax instead of - <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal> - syntax, for compatibility with &man.netstat.1;. &merged;</para> - - <para role="historic">&man.route.8; can now create <quote>proxy only</quote> - published ARP entries. &merged;</para> - - <para role="historic">The &man.route.8; <option>add</option> command now supports - the <option>-ifp</option> and <option>-ifa</option> - modifiers. &merged;</para> - - <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para> - - <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename> - (as on NetBSD), not - <filename>/usr/libexec/cpp</filename>.</para> - - <para>&man.rpc.lockd.8; has been imported from NetBSD. This - daemon provides support for servicing client NFS locks.</para> - - <para role="historic">The performance of the ELF dynamic linker &man.rtld.1; has - been improved. &merged;</para> - - <para role="historic">RSA Security has waived all patent rights to the - <application>RSA</application> algorithm. As a result, the - native <application>OpenSSL</application> implementation of the - RSA algorithm is now activated by default, and the <filename - role="package">security/rsaref</filename> port and the - <filename>librsaUSA</filename> and - <filename>librsaINTL</filename> libraries are no longer required - for USA and non-USA residents respectively. &merged;</para> - - <para>&man.rtld.1; will now print the names of all objects that - cause each object to be loaded, if the - <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment - variable is defined.</para> - - <para role="historic">&man.savecore.8; now supports a <option>-k</option> option - to prevent clearing a crash dump after saving it. It also - attempts to avoid writing large stretches of zeros to crash dump - files to save space and time. &merged;</para> - - <para role="historic">&man.savecore.8; now works correctly on machines with 2 GB - or more of RAM. &merged;</para> - - <para role="historic">&man.sed.1; now takes a <option>-E</option> option for - extended regular expression support. &merged;</para> - - <para>&man.sed.1; now takes a <option>-i</option> option to enable - in-place editing of files. &merged;</para> - - <para role="historic">&man.send-pr.1; now takes a <option>-a</option> option to - include a file into the <literal>Fix:</literal> section of a - problem report. &merged;</para> - - <para>The &man.setfacl.1; and &man.getfacl.1; commands have been - added to manage filesystem Access Control Lists.</para> - - <para role="historic">&man.setproctitle.3; has been moved from - <filename>libutil</filename> to - <filename>libc</filename>. &merged;</para> - - <para role="historic">&man.sh.1; now implements <command>test</command> as a - built-in command for improved efficiency. &merged;</para> - - <para>&man.sh.1; no longer implements <command>printf</command> as - a built-in command because it was considered less valuable - compared to the other built-in commands (this functionality is, - of course, still available through the &man.printf.1; - executable).</para> - - <para>&man.sh.1; now supports a <option>-C</option> option to - prevent existing regular files from being overwritten by output - redirection, and a <option>-u</option> to give an error if an - unset variable is expanded. &merged;</para> - - <para>The &man.sh.1; built-in <command>cd</command> command now - supports <option>-L</option> and <option>-P</option> flags to - invoke logical or physical modes of operation, respectively. - Logical mode is the default, but the default can be changed with - the <varname>physical</varname> &man.sh.1; option. &merged;</para> - - <para>The &man.sh.1; built-in <command>jobs</command> command now - supports a <option>-s</option> flag to output PIDs only and a - <option>-l</option> flag to add PIDs to the output. &merged;</para> - - <para>&man.sh.1; now supports a <command>bind</command> built-in - command, which allows the key bindings for the shell's line editor - to be changed.</para> - - <para>The &man.sh.1; built-in <command>export</command> and - <command>readonly</command> commands now support a - <option>-p</option> flag to print their output in - <quote>portable</quote> format. &merged;</para> - - <para>&man.sh.1; no longer accepts invalid constructs as - <command><replaceable>command</replaceable> & && - <replaceable>command</replaceable></command>, <command>&& - <replaceable>command</replaceable></command>, or <command>|| - <replaceable>command</replaceable></command>. &merged;</para> - - <para role="historic">&man.sockstat.1; now has <option>-c</option> and - <option>-l</option> flags for listing connected and listening - sockets, respectively. &merged;</para> - - <para>&man.spkrtest.8; is now a &man.sh.1; script, rather than a - Perl script.</para> - - <para role="historic">&man.split.1; now has the ability to split a file longer - than 2GB. &merged;</para> - - <para>&man.split.1; now supports a <option>-a</option> option to - specify the number of letters to use for the suffix of split - files. &merged;</para> - - <para>In preparation for meeting SUSv2/POSIX - <filename><sys/select.h></filename> requirements, - <literal>struct selinfo</literal> and related functions have been - moved to <filename><sys/selinfo.h></filename>.</para> - - <para role="historic">The &man.strnstr.3; and &man.strcasestr.3; variants of - &man.strstr.3; have been implemented. &merged;</para> - - <para role="historic">&man.stty.1; now has support for an - <literal>erase2</literal> control character, so that, for - example, both the <keycap>Delete</keycap> and - <keycap>Backspace</keycap> keys can be used to erase - characters. &merged;</para> - - <para>&man.su.1; now uses <application>PAM</application> for - authentication.</para> - <para>The &man.swapoff.8; command has been added to disable paging and swapping on a device. A related &man.swapctl.8; command has been added to provide an interface to &man.swapon.8; and @@ -3554,1122 +193,48 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> </note> </para> - <para role="historic">Boot-time &man.syscons.4; configuration was moved to a - machine-independent - <filename>/etc/rc.syscons</filename>. &merged;</para> - - <para role="historic">&man.sysctl.8; now supports a <option>-N</option> option to - print out variable names only. &merged;</para> - - <para role="historic">&man.sysctl.8; has replaced the <option>-A</option> and - <option>-X</option> options with <option>-ao</option> and - <option>-ax</option> respectively; the former options are now - deprecated. The <option>-w</option> option is deprecated as - well; it is not needed to determine the user's - intentions. &merged;</para> - - <para role="historic">&man.sysctl.8; now supports a <option>-e</option> option to - separate variable names and values by <literal>=</literal> - rather than <literal>:</literal>. This feature is useful for - producing output that can be fed back to - &man.sysctl.8;. &merged;</para> - - <para>&man.sysctl.8; now accepts a <option>-d</option> flag to print - the descriptions of variables.</para> - - <para role="historic">&man.sysinstall.8; now properly preserves - <filename>/etc/mail</filename> during a binary - upgrade. &merged;</para> - - <para role="historic">&man.sysinstall.8; now uses some more intuitive defaults - thanks to some new dialog support functions. &merged;</para> - - <para>The default root partition in &man.sysinstall.8; is now - 100MB on the i386 and pc98, 120MB on the Alpha.</para> - - <para>&man.sysinstall.8; now lives in - <filename>/usr/sbin</filename>, which simplifies the - installation process. The &man.sysinstall.8; manpage is also - installed in a more consistent fashion now.</para> - - <para role="historic">&man.sysinstall.8; now has the ability to load KLDs as a - part of the installation. &merged;</para> - - <para role="historic">When run from the installation media, &man.sysinstall.8; - will automatically load any device drivers found in the - <filename>/stand/modules</filename> directory of the - <literal>mfsroot</literal> floppy or filesystem image. Note - that any drivers so loaded will not appear in the kernel's boot - messages; the &man.sysinstall.8; debugging screen will provide - additional information. &merged;</para> - - <para role="historic">&man.sysinstall.8; now enables Soft Updates by default on - all filesystems it creates, except for the root - filesystem. &merged;</para> - - <para role="historic">&man.sysinstall.8; has received updates for its - <quote>auto</quote> partitioning mode which provide more - reasonable defaults for the sizes of partitions that are - created; auto-sized partitions can now also recover the space - that becomes available when other partitions are - deleted. &merged;</para> - - <para>&man.sysinstall.8; no longer mounts the &man.procfs.5; - filesystem by default on new installs. This change was made to - improve security, but &man.procfs.5; can still be mounted - manually or via an appropriate line in the &man.fstab.5; - file.</para> - - <para role="historic">&man.sysinstall.8; now has rudimentary support for - retrieving packages from the correct volume of a multiple-volume - installation (such as a multi-CD distribution). &merged;</para> - - <para role="historic">&man.syslogd.8; can take a <option>-n</option> option to - disable DNS queries for every request. &merged;</para> - - <para role="historic">&man.syslogd.8; now supports a - <literal>LOG_CONSOLE</literal> facility (disabled by default), - which can be used to log <filename>/dev/console</filename> - output. &merged;</para> - - <para role="historic">&man.syslogd.8; now has the ability to bind to a specific - address (as opposed to using every available one) via the - <option>-b</option> option. &merged;</para> - - <para role="historic">&man.syslogd.8; now accepts a <option>-c</option> flag to - disable repeated line compression. &merged;</para> - <para>&man.systat.1; now includes an <option>-ifstat</option> display mode that displays the network traffic going through active intrfaces on the system.</para> - <para>&man.tabs.1;, a utility to set terminal tab stops, has been - added.</para> - - <para role="historic">&man.tail.1; now has the ability to work on files longer - than 2GB. &merged;</para> - - <para role="historic">&man.tar.1; now supports the <varname>TAR_RSH</varname> - variable, principally to enable the use of &man.ssh.1; as a - transport. &merged;</para> - - <para role="historic">&man.telnet.1; now does autologin and encryption by default; - a new <option>-y</option> option turns off encryption. &merged;</para> - - <para role="historic">&man.telnet.1; now supports a <option>-u</option> flag to - allow connections to UNIX-domain (<literal>AF_UNIX</literal>) - sockets. &merged;</para> - - <para>The &man.termcap.5; database now uses the - <literal>xterm</literal> terminal type from - <application>XFree86</application>. As a result, &man.xterm.1; - now supports color by default and the common workaround of - setting <varname>TERM</varname> to <literal>xterm-color</literal> - is no longer necessary. Use of the - <literal>xterm-color</literal> terminal type may result in - (benign) warnings from applications.</para> - - <para role="historic">&man.tftp.1; and &man.tftpd.8; now support IPv6. &merged;</para> - - <para role="historic">&man.tftpd.8; now takes the <option>-c</option> and - <option>-C</option> options, which allow the server to - &man.chroot.2; based on the IP address of the connecting client. - &man.tftp.1; and &man.tftpd.8; can now transfer files larger - than 65535 blocks. &merged;</para> - - <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval - and Transfer Size Options); this feature is required by some - firmware like EFI boot managers (at least on HP i2000 Itanium - servers) in order to boot an image using - <application>TFTP</application>.</para> - - <para arch="alpha">&man.timed.8; now works on the alpha.</para> - - <para>A version of Transport Independent RPC - (<application>TI-RPC</application>) has been imported.</para> - - <para role="historic">&man.tmpnam.3; will now use the <envar>TMPDIR</envar> - environment variable, if set, to specify the location of - temporary files. &merged;</para> - - <para>&man.tip.1; has been updated from - <application>OpenBSD</application>, and has the ability to act - as a &man.cu.1; substitute.</para> - - <para>&man.top.1; will now use the full width of its tty.</para> - - <para>&man.touch.1; now takes a <option>-h</option> option to - operate on a symbolic link, rather than what the link points - to.</para> - - <para>&man.tr.1; now has basic support for equivalence classes - for locales that support them. &merged;</para> - - <para>&man.tr.1; now supports a <option>-C</option> flag to - complement the set of characters specified by the first string - argument.</para> - - <para role="historic">The &man.truncate.1; utility, which truncates or extends the - length of files, has been added. &merged;</para> - - <para>&man.tunefs.8; now supports the <option>-a</option> and - <option>-l</option> flags to enable and disable the - <literal>FS_ACLS</literal> and <literal>FS_MULTILABEL</literal> - administrative flags on UFS file system.</para> - - <para>A &man.ugidfw.8; utility has been added to manage the - rulesets provided by the <literal>mac_bsdextended</literal> - Mandatory Access Control policy, similar to &man.ipfw.8;.</para> - - <para role="historic">Ukrainian language support has been added to the &os; - console. &merged;</para> - - <para><application>UUCP</application> has been removed from the - base system. It can be found in the Ports Collection, in - <filename role="package">net/freebsd-uucp</filename>.</para> - - <para>&man.unexpand.1; now supports a <option>-t</option> to - specify tabstops analogous to &man.expand.1;. &merged;</para> - - <para role="historic">&man.units.1; has received some updates and - bugfixes. &merged;</para> - - <para>&man.usbdevs.8; now supports a <option>-d</option> flag to - show the device driver associated with each device.</para> - - <para role="historic">The &man.usbhidctl.1; utility has been added to manipulate - USB Human Interface Devices. &merged;</para> - - <para role="historic">&man.uuencode.1; and &man.uudecode.1; now accept a <option>-o</option> option to - set their output files. &man.uuencode.1; can now be made to do base64 encoding - when given the <option>-m</option> flag, while &man.uudecode.1; - can now automatically decode base64 files. &merged;</para> - - <para>The base64 capabilities of &man.uuencode.1; and - &man.uudecode.1; can now be automatically enabled by invoking - these utilities as &man.b64encode.1; and &man.b64decode.1; - respectively. &merged;</para> - - <para>Functions to implement and manipulate OSF/DCE 1.1-compliant - UUIDs have been added to <filename>libc</filename>. More - information can be found in &man.uuid.3;.</para> - - <para>The &man.uuidgen.1; utility has been added. It uses the new - &man.uuidgen.2; system call to generate one or more Universally - Unique Identifiers compatible with OSF/DCE 1.1 version 1 - UUIDs.</para> - - <para role="historic">&man.vidcontrol.1; now accepts a <option>-g</option> - parameter to select custom text geometry in the - <literal>VESA_800x600</literal> raster text mode. &merged;</para> - - <para role="historic">&man.vidcontrol.1; now allows the user to omit the font size - specification when loading a font, and has some better - error-handling. &merged;</para> - - <para role="historic">&man.vidcontrol.1; now supports a <option>-p</option> option - to take a snapshot of a &man.syscons.4; video buffer. These - snapshots can be manipulated by the - <filename role="package">graphics/scr2png</filename> utility in - the Ports Collection. &merged;</para> - - <para role="historic">&man.vidcontrol.1; now supports a <option>-C</option> option - to clear the history buffer for a given tty, as well as a - <option>-h</option> option to set the size of the history - buffer. &merged;</para> - - <para>&man.vidcontrol.1; now accepts a <option>-S</option> to - allow the user to disable VTY switching. &merged;</para> - - <para>The default stripe size in &man.vinum.8; has been changed - from 256KB to 279KB, to spread out superblocks more evenly - between stripes.</para> - - <para role="historic">&man.wall.1; now supports a <option>-g</option> flag to - write a message to all users of a given group. &merged;</para> - - <para role="historic">&man.watch.8; now takes a <option>-f</option> option to - specify a &man.snp.4; device to use. &merged;</para> - - <para>&man.wc.1; now supports a <option>-m</option> flag to - count characters, rather than bytes.</para> - - <para>&man.whereis.1;, formerly a Perl script, has been - rewritten in C. It now supports a <option>-x</option> flag to - suppress the run of &man.locate.1;, and a <option>-q</option> - flag suppresses the leading name of the query.</para> - - <para>&man.whereis.1; now supports a <option>-a</option> flag - to report all matches instead of only the first of each - requested type.</para> - - <para>&man.which.1; is now a C program, rather than a Perl - script.</para> - - <para>&man.who.1; now has a number of new options: - <option>-H</option> shows column headings; <option>-T</option> - shows &man.mesg.1; state; <option>-m</option> is an equivalent - to <option>am i</option>; <option>-u</option> shows idle time; - <option>-q</option> to list names in columns. &merged;</para> - - <para role="historic">&man.whois.1; now directs queries for IP addresses to ARIN. - If a query to ARIN references APNIC or RIPE, the appropriate - server will also be queried, provided that the - <option>-Q</option> option is not specified. &merged;</para> - - <para role="historic">&man.whois.1; supports a <option>-c</option> option to - specify a country code to help direct queries towards a - particular whois server. &merged;</para> - - <para>&man.wicontrol.8; now supports a <option>-l</option> to list - the stations associated in <literal>hostap</literal> mode and a - <option>-L</option> to list available access points.</para> - - <para>&man.xargs.1; now supports a <option>-I</option> - <replaceable>replstr</replaceable> option that allows the user - to tell &man.xargs.1; to insert the data read from standard - input at specific points in the command line arguments rather - than at the end. (A &os;-specific <option>-J</option> option is - similar.) &merged;</para> - - <para>&man.xargs.1; now supports a <option>-L</option> option to - force its utility argument to be called after some number of - lines. &merged;</para> - <para>&man.xargs.1; now supports a <option>-P</option> option to execute multiple copies of the same utility in parallel.</para> - <para role="historic">The compiler chain now uses the FSF-supplied C/C++ runtime - initialization code. This change brings about better - compatibility with code generated from the various egcs and gcc - ports, as well as the stock public FSF source. &merged;</para> - - <para role="historic">The threads library has gained some signal handling changes, - bug fixes, and performance enhancements (including zero system - call thread switching). &man.gdb.1; thread support has been - updated to match these changes. &merged;</para> - - <para role="historic">Significant additions have been made to internationalization - support; &os; now has complete locale support for the - <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, - and <literal>LC_MESSAGES</literal> categories. A number of - applications have been updated to take advantage of this - support. &merged;</para> - - <para role="historic">Locale names have been changed to improve compatibility with - the names used by X11R6, as well as a number of other UNIX - versions. As an example, the - <literal>en_US.ISO_8859-1</literal> locale name has been changed - to - <literal>en_US.ISO8859-1</literal>. Entries in - <filename>/etc/locale.alias</filename> provide backward - compatibility. &merged;</para> - - <para>Various routines in the C library now have support for - <quote>wide</quote> characters. Among these are - character class functions such as &man.wctype.3;, wide character - I/O functions such as &man.getwc.3;, formatted I/O functions - such as &man.wprintf.3; and &man.wscanf.3;. Conversion - functions to &man.multibyte.3; characters are also supported.</para> - - <para role="historic"><filename>/usr/src/share/examples/BSD_daemon/</filename> now - contains a scalable Beastie graphic. &merged;</para> - - <para role="historic">As part of an ongoing process, many manual pages were - improved, both in terms of their formatting markup and in their - content. &merged;</para> - - <para>A number of utilities and libraries were enhanced to improve - their conformance with the Single UNIX Specification (SUSv3) and - IEEE Std 1003.1-2001 (<quote>POSIX.1</quote>). Specific - features added have been listed in the release notes for each - utility. The standards conformance of each utility or library - function is generally listed in its manual page.</para> - - <para>A number of traditional BSD games have been removed from the base system; - they are now available in the <filename - role="package">games/freebsd-games</filename> port. - These include: adventure(6), arithmetic(6), atc(6), - backgammon(6), battlestar(6), bs(6), canfield(6), cribbage(6), - fish(6), hack(6), hangman(6), larn(6), mille(6), phantasia(6), - piano(6), pig(6), quiz(6), rain(6), robots(6), rogue(6), - sail(6), snake(6), trek(6), wargames(6), worm(6), worms(6), and - wump(6). dm(8), which was used to control access to games, is - no longer necessary, and has also been removed. The - <quote>utility-like</quote> games, as well as &man.fortune.6;, - remain.</para> - <sect3> <title>Contributed Software</title> - <para><application>am-utils</application> has been updated to - 6.0.7.</para> - - <para>A 13 December 2002 snapshot of <application>awk</application> from Bell Labs (variously - known as <quote>BWK awk</quote> or <quote>The One True - AWK</quote>) has been imported. It is available as - <command>awk</command> or - <command>nawk</command>.</para> - - <para role="historic"><application>bc</application> has been updated from 1.04 to - 1.06. &merged;</para> - - <para role="historic">The ISC library from the <application>BIND</application> - distribution is now built as - <filename>libisc</filename>. &merged;</para> - - <para role="historic"><application>BIND</application> is now built with the - <literal>NOADDITIONAL</literal> flag, which causes - &man.named.8; to operate in a more consistent fashion for - certain common misconfigurations. &merged;</para> - - <para><application>BIND</application> has been updated to - 8.3.3. &merged;</para> - - <para><application>Binutils</application> has been updated to - a pre-release snapshot of 2.13.2 from 27 October 2002.</para> - - <para role="historic"><application>bzip2</application> 1.0.2 has been imported; - this brings the &man.bzip2.1; program and the - <filename>libbz2</filename> library to the base - system. &merged;</para> + <para><application>awk</application> from Bell Labs has been + updated to a 13 December 2002 snapshot.</para> <para>All of the <application>bzip2</application> suite of applications is now installed in the base system (in particular, <command>bzip2recover</command> is now built and installed. &merged;</para> - <para role="historic">The &man.ee.1; <application>Easy Editor</application> has - been updated to 1.4.2. &merged;</para> - - <para><application>file</application> has been updated to - 3.39.</para> - - <para><application>gcc</application> has been updated to - <application>gcc</application> 3.2.1 (released version). - <warning> - <para>The C++ ABI from <application>gcc</application> - 3.2.1 is not compatible with - previous versions.</para> - </warning> - </para> - - <para role="historic">&man.gcc.1; now uses a unified <filename>libgcc</filename> - rather than a separate one for threaded and non-threaded - programs. <filename>/usr/lib/libgcc_r.a</filename> can be - removed. &merged;</para> - - <para role="historic">&man.gcc.1; now supports the environment variable - <envar>GCC_OPTIONS</envar>, which can hold a set of default - options for <application>GCC</application>. &merged;</para> - - <para><application>gdb</application> has been updated to version - 5.2.1.</para> - - <para role="historic"><application>GNATS</application> has been updated to - 3.113. &merged;</para> - - <para><application>gperf</application> has been updated to - 2.7.2.</para> - - <para><application>groff</application> and its related utilities - have been updated to FSF version 1.18.1.</para> - - <para><application>Heimdal Kerberos</application> has been updated to - 0.5.1. &merged;</para> - - <para role="historic">The version of <application>IPFilter</application> - provided with &os; now includes the &man.ipfs.8; program, - which allows state information created for NAT entries and - stateful rules to be saved to disk and restored after a - reboot. Boot-time configuration of these features is - supported by &man.rc.conf.5;. &merged;</para> - <para>The <application>ISC DHCP</application> client has been updated to 3.0.1RC11.</para> - <para role="historic"><application>Kerberos IV</application> has been updated to - 1.0.5. &merged;</para> - - <para>The &man.more.1; command has been replaced by - &man.less.1;, although it can still be run as - <command>more</command>. &merged; Version 371 of - <application>less</application> has been imported.</para> - - <para>An XML processing library, named - <filename>libbsdxml</filename>, has been added for the benefit - of XML-using utilities in the base system. It is based almost - entirely on an import of <application>expat</application> - 1.95.5, but is installed under a different name to avoid - conflicts with any versions of - <application>expat</application> installed from the Ports - Collection.</para> - - <para><application>libpcap</application> has been updated to - 0.7.1. &merged;</para> - - <para><application>libreadline</application> has been updated to - 4.2.</para> - - <para><application>libz</application> has been updated to - 1.1.4.</para> - - <para><application>lint</application> has been updated to - snapshot of NetBSD &man.lint.1; as of 19 July 2002.</para> - - <para><application>lukemftp</application> 1.6 beta 2 (the FTP client from - NetBSD) has replaced the &os; &man.ftp.1; program. Among its - new features are more automation methods, better standards - compliance, transfer rate throttling, and a customizable - command-line prompt. Some environment variables and - command-line arguments have changed.</para> - - <para>&man.m4.1; has been imported from OpenBSD, as of 26 April - 2002. &merged;</para> - - <para><application>ncurses</application> has been updated to - 5.2-20020615.</para> - - <para>The <application>NTP</application> suite of programs has - been updated to 4.1.1b.</para> - - <para><application>OpenPAM</application> - (<quote>Daffodil</quote> release) has been imported, - replacing - <application>Linux-PAM</application>.</para> - - <para>The <application>OPIE</application> one-time-password - suite has been updated to 2.4. It has completely - replaced the functionality of - <application>S/Key</application>. &merged;</para> - - <para><application>Perl</application> has been removed from the - &os; base system. It can be installed from the &os; - Ports Collection, as a binary package, or via the <guimenuitem>Perl - distribution</guimenuitem> item in &man.sysinstall.8;'s - distribution menu. - Moving Perl out of the - base system will make future upgrades and maintenence easier. - To reduce the dependence of the base system on - Perl, many utilities have been - rewritten as shell scripts or C programs (specific notes are - made for each affected utility). - - <note> - <para>The Perl script removal work is ongoing.</para> - </note> - - <note> - <para>Most of the distribution sets in &man.sysinstall.8; - include the new Perl distribution. This change will - therefore be transparent to most users, with the exception - that updating Perl will be done separately from the base - system.</para> - </note> - - </para> - - <para><application>GNU ptx</application> has been removed from - the base system. It is not used anywhere in the base system, - and has not been recently updated or maintained. Users - requiring its functionality can install this utility as a part - of the <filename role="package">textproc/textutils</filename> - port.</para> - - <para>The <literal>rc.d</literal> framework from NetBSD has been - imported. It breaks down the system startup functionality - into a number of small, <quote>task-oriented</quote> scripts - in <filename>/etc/rc.d</filename>, with dynamic-determined - ordering of startup scripts performed at boot-time.</para> - - <para role="historic">&man.routed.8; has been updated to version - 2.22. &merged;</para> - - <para arch="i386,pc98">Version 1.4.5 of the - <application>smbfs</application> userland utilities has been - imported. &merged;</para> - - <para><application>GNU sort</application> has been updated to - the version from <application>GNU textutils - 2.0.21</application>.</para> - - <para>&man.stat.1; from <application>NetBSD</application>, as of - 5 June 2002 has, been imported.</para> - - <para><application>GNU tar</application> has been updated to - 1.13.25. &merged;</para> - - <para><application>tcpdump</application> has been updated to - 3.7.1. &merged;</para> - - <para>The &man.csh.1; shell has been replaced by &man.tcsh.1;, - although it can still be run as <command>csh</command>. - <application>tcsh</application> has been updated to version - 6.12. &merged;</para> - - <para>The contributed version of - <application>tcp_wrappers</application> now includes the - &man.tcpd.8; helper daemon. While not strictly necessary in a - standard &os; installation (because &man.inetd.8; already - incorporates this functionality), this may be useful for - &man.inetd.8; replacements such as - <application>xinetd</application>. &merged;</para> - - <para><application>texinfo</application> has been updated to - 4.2. &merged;</para> - - <para><application>top</application> has been updated to version - 3.5b12. &merged;</para> - - <para><application>traceroute</application> has been updated to - LBL version 1.4a12.</para> - - <para role="historic">&man.traceroute.8; now takes its default maximum TTL value - from the <varname>net.inet.ip.ttl</varname> sysctl - variable. &merged;</para> - - <para>The timezone database has been updated to the - <filename>tzdata2002d</filename> release. &merged;</para> - - <sect4> - <title>CVS</title> - - <para><application>cvs</application> has been updated to - a snapshot of 1.11.2.1, as of 1 December 2002. &merged;</para> - - <para role="historic">The default value for &man.cvs.1;'s - <envar>CVS_RSH</envar> variable is now - <literal>ssh</literal>, rather than - <literal>rsh</literal>. &merged;</para> - - <para role="historic">&man.cvs.1; now supports a <option>-T</option> option to - update a sandbox's <filename>CVS/Template</filename> file - from the repository. &merged;</para> - - <para role="historic">&man.cvs.1; <literal>diff</literal> now supports the - <option>-j</option> option to perform differences against a - revision relative to a branch tag. &merged;</para> - </sect4> - - <sect4> - <title>CVSup</title> - - <para role="historic"><application>CVSup</application>, a frequently used - utility in the &os; Ports Collection, was formerly - installable using several ports and packages. The - <filename role="package">net/cvsup-bin</filename> and - <filename role="package">net/cvsupd-bin</filename> - ports/packages are no longer necessary or available; the - <filename role="package">net/cvsup</filename> port should be - used instead. &merged;</para> - - <para role="historic"><application>CVSup</application> has been updated to - 16.1_3, which is available in the &os; Ports Collection as - <filename role="package">net/cvsup</filename>. This update - fixes a long-standing (but only recently encountered) bug - which affects the timestamps on all files after Sun Sep 9 - 01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX - epoch). &merged;</para> - </sect4> - - <sect4 id="kame-userland"> - <title>KAME</title> - - <para role="historic">The IPv6 stack is now based on a snapshot based on the - KAME Project's IPv6 snapshot as of 28 May, 2001. Most of - the items listed in this section are a result of this - import. - <xref linkend="kame-kernel"> lists kernel updates to the - KAME IPv6 stack. &merged;</para> - - <para role="historic">&man.faithd.8; now supports a configuration file for - access control. &merged;</para> - - <para role="historic">&man.ifconfig.8; can now perform the functions of - gifconfig(8). &merged;</para> - - <para role="historic">&man.ifconfig.8; can now perform the functions of - prefix(8). &merged;</para> - - <para role="historic">&man.ndp.8; now implements garbage collection for stale - NDP entries, as described in RFC 2461 (Neighbor Discovery - for IP Version 6 (IPv6)). &merged;</para> - - <para role="historic">pim6dd(8) and pim6sd(8) have been removed due - to restrictive licensing conditions. These programs are - available in the ports collection as - <filename role="package">net/pim6dd</filename> and - <filename role="package">net/pim6sd</filename>. &merged;</para> - - <para role="historic">&man.route6d.8; now supports an <option>-n</option> flag - to avoid updating the kernel forwarding - table. &merged;</para> - - <para role="historic">The <option>-R</option> (router renumbering) option to - &man.rtadvd.8; is currently ignored. &merged;</para> - </sect4> - - <sect4> - <title>OpenSSH</title> - - <para role="historic"><application>OpenSSH</application> has been updated to - 2.9, which provides support for the SSH2 protocol (now the - default) and DSA keys. &man.ssh-add.1; and - &man.ssh-agent.1; can now handle DSA keys, with support for - authentication forwarding. - <application>OpenSSH</application> users in the USA no - longer need to rely on the restrictively-licensed RSAREF - toolkit which is required to handle RSA keys. Among other - new features: A client and server for &man.sftp.1; has been added. - &man.scp.1; can now handle files larger than 2 GBytes. A - limit on the number of outstanding, unauthenticated - connections in &man.sshd.8; has been added. Support has - been added for the Rijndael encryption algorithm. Rekeying - of existing sessions is now supported, and an experimental - <application>SOCKS4</application> proxy has been added to - &man.ssh.1;. &merged;</para> - - <para><application>OpenSSH</application> has been updated to - version 3.4p1. &merged; Among the changes: - <itemizedlist> - <listitem> - <para>The <filename>*2</filename> files are obsolete - (for example, - <filename>~/.ssh/known_hosts</filename> can hold the - contents of - <filename>~/.ssh/known_hosts2</filename>).</para> - </listitem> - <listitem> - <para>&man.ssh-keygen.1; can import and export keys using - the SECSH Public Key File Format, for key exchange - with several commercial SSH implementations.</para> - </listitem> - <listitem> - <para>&man.ssh-add.1; now adds all three default keys.</para> - </listitem> - <listitem> - <para>&man.ssh-keygen.1; no longer defaults to a - specific key type; one must be specified with the - <option>-t</option> option.</para> - </listitem> - <listitem> - <para>A <quote>privilege separation</quote> feature, - which uses unprivileged processes to contain and - restrict the effects of future compromises or - programming errors.</para> - </listitem> - - <listitem> - <para>Several bugfixes, including closure of a - security hole that could lead to an integer overflow - and undesired privilege escalation.</para> - </listitem> - </itemizedlist> - </para> - - <para role="historic"><application>OpenSSH</application> can now authenticate - using <application>OPIE</application> passwords. &merged;</para> - - <para role="historic"><application>PAM</application> support for - <application>OpenSSH</application> has been added. &merged;</para> - - <para role="historic">A long-standing bug in - <application>OpenSSH</application>, which sometimes resulted - in a dropped session when an X11-forwarded client was - closed, was fixed. &merged;</para> - - <para role="historic"><application>Kerberos</application> compatibility has - been added to - <application>OpenSSH</application>. &merged;</para> - - <para role="historic"><application>OpenSSH</application> has been modified to - be more resistant to traffic analysis by requiring that - <quote>non-echoed</quote> characters are still echoed back - in a null packet, as well as by padding passwords sent so as - not to hint at password lengths. &merged;</para> - - <para role="historic">&man.sshd.8; is now enabled by default on new - installs. &merged;</para> - - <para role="historic">&man.sshd.8; <literal>X11Forwarding</literal> is now - turned on by default on the server (any risk is to the - client, where it is already disabled by - default). &merged;</para> - - <para role="historic">In <filename>/etc/ssh/sshd_config</filename>, the - <literal>ConnectionsPerPeriod</literal> parameter has been - deprecated in favor of - <literal>MaxStartups</literal>. &merged;</para> - - <para role="historic"><application>OpenSSH</application> now has a - <literal>VersionAddendum</literal> configuration setting for - &man.sshd.8; to allow changing the part of the - <application>OpenSSH</application> version string after the - main version number. &merged;</para> - </sect4> - - <sect4> - <title>OpenSSL</title> - - <para><application>OpenSSL</application> has been updated to - 0.9.6g. &merged;</para> - - <para role="historic"><application>OpenSSL</application> now has support for - machine-dependent ASM optimizations, activated by the new - <varname>MACHINE_CPU</varname> and/or - <varname>CPUTYPE</varname> - <filename>make.conf</filename> variables. &merged;</para> - </sect4> - - <sect4> - <title>sendmail</title> - - <para><application>sendmail</application> has been updated - from version 8.9.3 to version 8.12.6. Important changes - include: &man.sendmail.8; is no longer installed as a - set-user-ID <username>root</username> binary (now set-group-ID <groupname>smmsp</groupname>); new - default file locations (see - <filename>/usr/src/contrib/sendmail/cf/README</filename>); - &man.newaliases.1; is limited to <username>root</username> - and trusted users; STARTTLS encryption; and the MSA port - (587) is turned on by default. See - <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> - for more information. &merged;</para> - - <para role="historic">&man.mail.local.8; is no longer installed as a - set-user-ID binary. If you are using a - <filename>/etc/mail/sendmail.cf</filename> from the default - <filename>sendmail.cf</filename> included with &os; any time - after 3.1.0, you are fine. If you are using a - hand-configured <filename>sendmail.cf</filename> and - <command>mail.local</command> for delivery, check to make sure the - <literal>F=S</literal> flag is set on the - <literal>Mlocal</literal> line. Those with - <filename>.mc</filename> files who need to add the flag can - do so by adding the following line to their - <filename>.mc</filename> file and regenerating the - <filename>sendmail.cf</filename> file:</para> - - <programlisting role="historic">MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting> - - <para role="historic">Note that <literal>FEATURE(`local_lmtp')</literal> already - does this. &merged;</para> - - <para role="historic">The default <filename>/etc/mail/sendmail.cf</filename> - disables the SMTP <literal>EXPN</literal> and - <literal>VRFY</literal> commands. &merged;</para> - - <para role="historic">&man.vacation.1; has been updated to use the version - included with <application>sendmail</application>. &merged;</para> - - <para role="historic">The <application>sendmail</application> configuration - building tools are installed in - <filename>/usr/share/sendmail/cf/</filename>. &merged;</para> - - <para role="historic">New <filename>make.conf</filename> options: - <varname>SENDMAIL_MC</varname> and - <varname>SENDMAIL_ADDITIONAL_MC</varname>. See - <filename>/usr/share/examples/etc/make.conf</filename> for more - information. &merged;</para> - - <para role="historic"><filename>/etc/mail/Makefile</filename> now supports: - the new <varname>SENDMAIL_MC</varname> - <filename>make.conf</filename> option; the ability to build - <filename>.cf</filename> files from - <filename>.mc</filename> files; generalized map rebuilding; - rebuilding the aliases file; and the ability to stop, start, - and restart - <application>sendmail</application>. &merged;</para> - - <para role="historic">The <username>smmsp</username> and - <username>mailnull</username> users have been added to - <filename>/etc/master.passwd</filename>. In the absence of a - <literal>confDEF_USER_ID</literal> setting, by default, - <application>sendmail</application> will use the - <username>mailnull</username> user for extra security. - Previously, if the <username>mailnull</username> user did - not exist, the <username>daemon</username> user was used. - This change may generate some permissions issues when - mailing to files or to programs (such as <filename - role="package">mail/majordomo</filename>). &merged; The - previous behavior can be restored by adding the following - line to a system's - <filename><replaceable>*</replaceable>.mc</filename> - configuration file: - - <programlisting>define(`confDEF_USER_ID', `daemon')</programlisting> - </para> - - <para role="historic">Beginning with the import of - <application>sendmail</application> 8.12.2, multiple - <application>sendmail</application> daemons (some required - to handle outgoing mail) are started by &man.rc.8;, even if - the <varname>sendmail_enable</varname> variable is set to - <literal>NO</literal>. To completely disable - <application>sendmail</application>, - <varname>sendmail_enable</varname> must be set to - <literal>NONE</literal>. Alternatively, for systems using a - different MTA, the <varname>mta_start_script</varname> variable can - be used to point to a different startup script (more details - can be found in &man.rc.sendmail.8;). &merged;</para> - - <para>By default, &man.rc.8; no longer enables - <application>sendmail</application> for inbound SMTP - connections. Note that &man.sysinstall.8; may override this - default for a binary installation, based on what security - profile is selected. This functionality can also be - manually enabled by adding the following line to - <filename>/etc/rc.conf</filename>:</para> - - <programlisting>sendmail_enable="YES"</programlisting> - - <para>The permissions for <application>sendmail</application> - alias and map databases built via - <filename>/etc/mail/Makefile</filename> now default to mode - 0640 to protect against a file locking local denial of service. - It can be changed by setting the new - <varname>SENDMAIL_MAP_PERMS</varname> - <filename>make.conf</filename> option. &merged;</para> - - <para>The permissions for the <application>sendmail</application> - statistics file, <filename>/var/log/sendmail.st</filename>, have - been changed from mode 0644 to mode 0640 to protect against - a file locking local denial of service. &merged;</para> - - </sect4> + <para><application>OpenPAM</application> has been updated to the + <quote>Daffodil</quote> release.</para> </sect3> <sect3> <title>Ports/Packages Collection Infrastructure</title> - <para><application>BSDPAN</application>, a collection of modules - that provides tighter integration of - <application>Perl</application> into the &os; Ports - Collection, has been added.</para> - - <para role="historic">&man.pkg.create.1; and &man.pkg.add.1; can now work with - packages that have been compressed using - &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT - environment variable to determine a mirror site for new - packages. &merged;</para> - - <para role="historic">&man.pkg.create.1; now records dependencies in dependency - order rather than in the order specified on the command line. - This improves the functioning of <command>pkg_add - -r</command>. &merged;</para> - - <para role="historic">&man.pkg.create.1; now supports a <option>-b</option> to - create a package file from a locally-installed - package. &merged;</para> - - <para role="historic">When requested to delete multiple packages, - &man.pkg.delete.1; will now attempt to remove them in - dependency order rather than the order specified on the - command line. &merged;</para> - - <para role="historic">&man.pkg.delete.1; now can perform glob/regexp matching of - package names. In addition, it supports a <option>-a</option> - option for removing all packages and a <option>-i</option> - option for &man.rm.1;-style interactive - confirmation. &merged;</para> - - <para role="historic">&man.pkg.delete.1; now supports a <option>-r</option> - option for recursive package removal. &merged;</para> - - <para role="historic">&man.pkg.info.1; now supports globbing against names of - installed packages. The <option>-G</option> option disables - this behavior, and the <option>-x</option> option causes - regular expression matching instead of shell - globbing. &merged;</para> - - <para role="historic">&man.pkg.info.1; can now accept a <option>-g</option> flag - for verifying an installed package against its recorded - checksums (to see if it's been modified post-installation). - Naturally, this mechanism is only as secure as the contents of - <filename>/var/db/pkg</filename> if it's to be used for auditing - purposes. &merged;</para> - - <para role="historic">&man.pkg.sign.1; and &man.pkg.check.1; have been added to - digitally sign and verify the signatures on binary package - files. &merged;</para> - - <para>For some time, &os; 5.0-CURRENT (as well as some 4.X - releases) included a pkg_update(1) utility to update installed - packages, as well as their dependencies. This utility has - been removed; a superset of its functionality can be found in - the <filename role="package">sysutils/portupgrade</filename> - port.</para> - - <para role="historic">&man.pkg.version.1; now has a version number comparison - routine that corresponds to the Porters Handbook. It also has - a <option>-t</option> option for testing address comparisons. - &merged;</para> - - <para role="historic">&man.pkg.version.1; now takes a <option>-s</option> flag - to limit its operation to ports/packages matching a given - string. &merged;</para> - - <para>&man.pkg.version.1;, formerly a Perl script, has been - rewritten in C. The <option>-c</option>, frequently misused, - has been removed. The <filename - role="package">sysutils/portupgrade</filename> port provides a - supported and safer alternative.</para> - - <para role="historic">Version numbers of installed packages have a new - (backward-compatible) syntax, which supports the - <varname>PORTREVISION</varname> and - <varname>PORTEPOCH</varname> variables in Ports Collection - <filename>Makefile</filename>s. These changes help keep track - of changes in the ports collection entries such as security - patches or &os;-specific updates, which aren't reflected in - the original, third-party software distributions. - &man.pkg.version.1; can now compare these new-style version - numbers. &merged;</para> - - <para role="historic">To improve performance and disk utilization, the - <quote>ports skeletons</quote> in the &os; Ports Collection - have been restructured. Installed ports and packages should - not be affected. &merged;</para> - - <para role="historic">All packages and ports now contain an - <quote>origin</quote> directive, which makes it easier for - programs such as &man.pkg.version.1; to determine the - directory from which a package was built. &merged;</para> - - <para>The Ports Collection infrastructure now uses - <application>XFree86</application> 4.2.1 as the default version - of the X Window System for the purposes of satisfying - dependencies. To return to using - <application>XFree86</application> 3.3.6, add the following line - to <filename>/etc/make.conf</filename>: &merged;</para> - - <programlisting>XFREE86_VERSION=3</programlisting> - - <para>The libraries installed by the <filename - role="package">emulators/linux_base</filename> port (required - for Linux emulation) have been updated; they now correspond to - those included with <application>Red Hat Linux</application> - 7.1. &merged;</para> - - <para>By default, packages generated by the Ports Collection (as - well as the packages on the FTP sites) are now compressed - using &man.bzip2.1;, rather than &man.gzip.1;. (Thus, they - now have a <filename>.tbz</filename> extension, rather than a - <filename>.tgz</filename> extension.) The package - tools have been updated to handle the new format.</para> - - <para>The Ports Collection now maintains a separate index file - (<filename>/usr/ports/INDEX-5</filename>) for use with &os; - &release.branch;. A major motivation for a separate index - file is to cope with dependencies (such as <filename - role="package">lang/perl5</filename>) that exist in &os; - &release.branch; but not &os; 4-STABLE. The index file for - each package set is still called - <filename>INDEX</filename>.</para> - + <para></para> </sect3> </sect2> <sect2> <title>Release Engineering and Integration</title> - <para>The <filename>bin</filename> distribution has been renamed - <filename>base</filename>, in order to make creation of combined - install/recovery disks easier.</para> - - <para arch="i386">ISO images and CDROMs now use the - <filename>cdboot</filename> boot loader by default. This - eliminates the need for an emulated floppy disk image on - a bootable CDROM and allows for a full - <filename>GENERIC</filename> kernel to be used for CDROM - installations, at the expense of compatability with some old - BIOSs.</para> - - <para arch="i386,pc98,alpha" role="historic"><application>XFree86</application> 4.2.0 - is now the default version of the X Window System supported by - &man.sysinstall.8;. It installs - <application>XFree86</application> as a set of standard binary - packages, so the usual package utilities such as - &man.pkg.info.1; can be used to examine/manipulate its - components. &merged;</para> - - <para>It is now possible to make releases of &os; - 5-CURRENT on a &os; 4-STABLE host and vice versa. Cross-architecture - (building a release for a target architecture on a host of a - different architecture) releases are also possible. See - &man.release.7; for details. &merged;</para> - - <para>A third <filename>drivers.flp</filename> floppy has been - added to floppy releases. It holds loadable modules - containing drivers that do not fit in the kernel on the - <filename>kern.flp</filename> disk or in the - <filename>mfsroot.flp</filename> image.</para> + <para></para> </sect2> <sect2> <title>Documentation</title> - <para>A number of formerly-encumbered documents from the 4.4 BSD - Programmer's Supplementary Documents have been restored to - <filename>/usr/share/doc/psd</filename>. These include:</para> - - <itemizedlist> - <listitem> - <para><emphasis>The UNIX Time-Sharing System</emphasis> - (<filename>01.cacm</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>UNIX Implementation</emphasis> - (<filename>02.implement</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>The UNIX I/O System</emphasis> - (<filename>03.iosys</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>UNIX Programming — Second Edition</emphasis> - (<filename>04.uprog</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>The C Programming Language — Reference Manual</emphasis> - (<filename>06.Clang</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>Yacc: Yet Another Compiler-Compiler</emphasis> - (<filename>15.yacc</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>Lex — A Lexical Analyzer Generator</emphasis> - (<filename>16.lex</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>The M4 Macro Processor</emphasis> - (<filename>17.m4</filename>)</para> - </listitem> - </itemizedlist> - - <para>Several formerly-encumbered documents from the 4.4 BSD - User's Supplementary Documents have been restored to - <filename>/usr/share/doc/usd</filename>. They include:</para> - - <itemizedlist> - <listitem> - <para><emphasis>NROFF/TROFF User's Manual</emphasis> - (<filename>21.troff</filename>)</para> - </listitem> - - <listitem> - <para><emphasis>A TROFF Tutorial</emphasis> - (<filename>22.trofftut</filename>)</para> - </listitem> - </itemizedlist> + <para></para> </sect2> </sect1> |
