diff options
| author | bmah <bmah@FreeBSD.org> | 2002-03-02 01:40:11 +0000 |
|---|---|---|
| committer | bmah <bmah@FreeBSD.org> | 2002-03-02 01:40:11 +0000 |
| commit | 82fb2a7bd126bea75c082196245e0587d21b7849 (patch) | |
| tree | a8b8fb5bfbf9a174484258211c18cba5600201be /release/doc | |
| parent | 0fa4aee42b6bf42a14ef1b312b3f19cbbf56a8ad (diff) | |
| download | FreeBSD-src-82fb2a7bd126bea75c082196245e0587d21b7849.zip FreeBSD-src-82fb2a7bd126bea75c082196245e0587d21b7849.tar.gz | |
Whitespace-only commit, to make this file conform to FDP standards on
indentation and word-wrap. Convert strings of leading spaces to tabs
where appropriate, and delete trailing spaces.
No content was harmed in the creation of this delta.
Reviewed by: diff(1) on i386 and alpha HTML output
Diffstat (limited to 'release/doc')
| -rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/article.sgml | 3495 | ||||
| -rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/common/new.sgml | 3495 |
2 files changed, 3620 insertions, 3370 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index f223cdc..febde8a 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -75,1122 +75,1168 @@ <title>Kernel Changes</title> <para arch="i386">The &man.amdpm.4; driver has been added to - provide access to the system monitoring functions of the AMD 756 - chipset. &merged;</para> + provide access to the system monitoring functions of the AMD 756 + chipset. &merged;</para> - <para>The &man.agp.4; driver for AGP devices has been added. &merged;</para> + <para>The &man.agp.4; driver for AGP devices has been + added. &merged;</para> <para>A new &man.ddb.4; command <command>show pcpu</command> lists - some of the per-CPU data.</para> + some of the per-CPU data.</para> <para>Two new &man.ddb.4; commands, <command>hwatch</command> and - <command>dhwatch</command>, have been introduced. Analogous to - <command>watch</command> and <command>dwatch</command>, they install - hardware watchpoints (as opposed to software watchpoints) if supported - by the architecture. &merged;</para> + <command>dhwatch</command>, have been introduced. Analogous to + <command>watch</command> and <command>dwatch</command>, they + install hardware watchpoints (as opposed to software + watchpoints) if supported by the architecture. &merged;</para> <para>&man.devfs.5;, which allows entries in the - <filename>/dev</filename> directory to be built automatically and - supports more flexible attachment of devices, has been largely - reworked. &man.devfs.5; is now enabled by default and can be - disabled by the <literal>NODEVFS</literal> kernel option.</para> + <filename>/dev</filename> directory to be built automatically + and supports more flexible attachment of devices, has been + largely reworked. &man.devfs.5; is now enabled by default and + can be disabled by the <literal>NODEVFS</literal> kernel + option.</para> <para>The dgm driver has been removed in favor of the digi driver.</para> - <para>A new digi driver has been added to support PCI Xr-based and ISA - Xem Digiboard cards. A new &man.digictl.8; program is (mainly) used to - re-initialize cards that have external port modules attached such as - the PC/Xem.</para> + <para>A new digi driver has been added to support PCI Xr-based and + ISA Xem Digiboard cards. A new &man.digictl.8; program is + (mainly) used to re-initialize cards that have external port + modules attached such as the PC/Xem.</para> <para>An &man.eaccess.2; system call has been added, similar to - &man.access.2; except that the former uses effective credentials - rather than real credentials.</para> + &man.access.2; except that the former uses effective credentials + rather than real credentials.</para> <para arch="sparc64">Support has been added for EBus-based - devices.</para> + devices.</para> <para arch="i386">The &man.ichsmb.4; driver for the Intel 82801AA - (ICH) SMBus controller and compatibles has been - added. &merged;</para> + (ICH) SMBus controller and compatibles has been + added. &merged;</para> <para>Each &man.jail.2; environment can now run under its own - securelevel.</para> + securelevel.</para> <para>The tunable sysctl variables for &man.jail.2; have moved - from <varname>jail.*</varname> to the - <varname>security.*</varname> hierarchy. Other security-related - sysctl variables have moved from <varname>kern.security.*</varname> to - <varname>security.*</varname>.</para> + from <varname>jail.*</varname> to the + <varname>security.*</varname> hierarchy. Other security-related + sysctl variables have moved from <varname>kern.security.*</varname> to + <varname>security.*</varname>.</para> <para>The <varname>kern.maxvnodes</varname> limit now properly - limits the number of vnodes in use. Previously only vnodes with - no cached pages could be freed; this could allow the number of - vnodes to grow without limit on large-memory machines accessing - many small files. A <literal>vnlru</literal> kernel thread helps - to flush and reuse vnodes. &merged;</para> + limits the number of vnodes in use. Previously only vnodes with + no cached pages could be freed; this could allow the number of + vnodes to grow without limit on large-memory machines accessing + many small files. A <literal>vnlru</literal> kernel thread + helps to flush and reuse vnodes. &merged;</para> <para>The kernel message buffer is now accessible by the - (machine-independent) <varname>kern.msgbuf</varname> sysctl - variable; &man.dmesg.8; no longer needs to be SGID - <groupname>kmem</groupname>. &merged;</para> + (machine-independent) <varname>kern.msgbuf</varname> sysctl + variable; &man.dmesg.8; no longer needs to be SGID + <groupname>kmem</groupname>. &merged;</para> <para>The &man.kqueue.2; event notification facility was added to - the &os; kernel. This is a new interface which is able to - replace &man.poll.2;/&man.select.2;, offering improved performance, - as well as the ability to report many different types of events. - Support for monitoring changes in sockets, pipes, fifos, and files - are present, as well as for signals and processes. &merged;</para> + the &os; kernel. This is a new interface which is able to + replace &man.poll.2;/&man.select.2;, offering improved + performance, as well as the ability to report many different + types of events. Support for monitoring changes in sockets, + pipes, fifos, and files are present, as well as for signals and + processes. &merged;</para> <para arch="i386">A new <varname>KVA_SPACE</varname> kernel option - can be used to reconfigure the size of the kernel virtual address - space. &merged;</para> + can be used to reconfigure the size of the kernel virtual + address space. &merged;</para> <para>The &man.labpc.4; driver has been removed due to - <quote>bitrot</quote>.</para> + <quote>bitrot</quote>.</para> <para>The loader and kernel linker now look for files named - <filename>linker.hints</filename> in each directory with KLDs for a - module name and version to KLD filename mapping. The new - &man.kldxref.8; utility is used to generate these files.</para> + <filename>linker.hints</filename> in each directory with KLDs + for a module name and version to KLD filename mapping. The new + &man.kldxref.8; utility is used to generate these files.</para> <para>Linux emulation now supports the kernel functionality - required by the - <filename role="package">emulators/linux_base-7</filename> (RedHat 7.X emulation) - port. &merged;</para> + required by the + <filename role="package">emulators/linux_base-7</filename> + (RedHat 7.X emulation) port. &merged;</para> <para>Linux emulation now requires <literal>options - SYSVSEM</literal> in the kernel configuration. &merged;</para> + SYSVSEM</literal> in the kernel configuration. &merged;</para> <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control - security facility, has been added as a kernel module. It provides - a drop-in security mechanism in addition to the traditional - UID-based security facilities, requiring no additional - configuration from the administrator. Work on this feature was - sponsored by DARPA and NAI Labs.</para> + security facility, has been added as a kernel module. It + provides a drop-in security mechanism in addition to the + traditional UID-based security facilities, requiring no + additional configuration from the administrator. Work on this + feature was sponsored by DARPA and NAI Labs.</para> <para>The <varname>maxusers</varname> kernel configuration - parameter is now a boot-time tunable variable. The kernel - parameters derived from <varname>maxusers</varname> are now also - tunables and can be overridden at boot-time. The - <varname>hz</varname> parameter is also now a tunable. &merged;</para> + parameter is now a boot-time tunable variable. The kernel + parameters derived from <varname>maxusers</varname> are now also + tunables and can be overridden at boot-time. The + <varname>hz</varname> parameter is also now a + tunable. &merged;</para> <para>Specifying a value of <literal>0</literal> for the - <varname>maxusers</varname> kernel configuration parameter will - now cause an appropriate value to be calculated at boot-time - (between 32 and 384, depending on the amount of memory present). - This value is now the default for all - <filename>GENERIC</filename> kernels. &merged;</para> + <varname>maxusers</varname> kernel configuration parameter will + now cause an appropriate value to be calculated at boot-time + (between 32 and 384, depending on the amount of memory present). + This value is now the default for all + <filename>GENERIC</filename> kernels. &merged;</para> <para arch="alpha">A <varname>MAXMEM</varname> kernel option, - along with the <varname>hw.physmem</varname> loader tunable, can be - used to artificially reduce the memory size of a machine for - testing (or other purposes). &merged;</para> + along with the <varname>hw.physmem</varname> loader tunable, can + be used to artificially reduce the memory size of a machine for + testing (or other purposes). &merged;</para> <para>The kernel configuration parameters - <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>, - <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>, - <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are - all loader tunables (<varname>kern.maxtsiz</varname>, - <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para> + <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>, + <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>, + <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are + all loader tunables (<varname>kern.maxtsiz</varname>, + <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para> <para arch="i386">The <literal>NCPU</literal>, <literal>NAPIC</literal>, - <literal>NBUS</literal>, and <literal>NINTR</literal> kernel - configuration options, for configuring SMP kernels, have been - removed. <literal>NCPU</literal> is now set to a maximum of 16, - and the other, aforementioned options are now - dynamic. &merged;</para> + <literal>NBUS</literal>, and <literal>NINTR</literal> kernel + configuration options, for configuring SMP kernels, have been + removed. <literal>NCPU</literal> is now set to a maximum of 16, + and the other, aforementioned options are now + dynamic. &merged;</para> <para>A &man.nmdm.4; null-modem terminal driver has been added. - &merged;</para> + &merged;</para> <para>The <literal>O_DIRECT</literal> flag has been added to - &man.open.2; and &man.fcntl.2;. Specifying this flag for open - files will attempt to minimize the cache effects of reading and - writing. &merged;</para> + &man.open.2; and &man.fcntl.2;. Specifying this flag for open + files will attempt to minimize the cache effects of reading and + writing. &merged;</para> <para>An &man.orm.4; device has been added to claim the option - ROMs in the ISA memory I/O space, to prevent other drivers from - mistakenly assigning addresses that conflict with these ROMs. &merged;</para> + ROMs in the ISA memory I/O space, to prevent other drivers from + mistakenly assigning addresses that conflict with these + ROMs. &merged;</para> - <para arch="i386">PECOFF (Win32 Execution file format) support has been - added.</para> + <para arch="i386">PECOFF (Win32 Execution file format) support has + been added.</para> <para arch="i386">The pmc driver, which supports the power - management controller of the NEC PC-98NOTE, has been - added. &merged;</para> + management controller of the NEC PC-98NOTE, has been + added. &merged;</para> <para>POSIX.1b Shared Memory Objects are now supported. The - implementation uses regular files, but automatically enables the - MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para> + implementation uses regular files, but automatically enables the + MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para> <para>Replaced the <literal>PQ_*CACHE</literal> options with a - single <literal>PQ_CACHESIZE</literal> option to be set to - the cache size in kilobytes. The old options are still supported - for backwards compatibility. &merged;</para> + single <literal>PQ_CACHESIZE</literal> option to be set to the + cache size in kilobytes. The old options are still supported + for backwards compatibility. &merged;</para> <para arch="i386">The &man.puc.4; (PCI <quote>Universal</quote> - Communications) driver has been added, to help connect PCI-based - serial ports to the &man.sio.4; driver.</para> + Communications) driver has been added, to help connect PCI-based + serial ports to the &man.sio.4; driver.</para> <para>The &man.random.4; device has been rewritten to use the - <application>Yarrow</application> algorithm. It harvests entropy - from a variety of interrupt sources, including the console - devices, Ethernet and point-to-point network interfaces, and - mass-storage devices. Entropy from the &man.random.4; device is - now periodically saved to files in - <filename>/var/db/entropy</filename>, as well as at - shutdown time. The semantics of <filename>/dev/random</filename> - have changed; it never blocks waiting for entropy bits but - generates a stream of pseudo-random data and now behaves exactly - as <filename>/dev/urandom</filename>.</para> + <application>Yarrow</application> algorithm. It harvests + entropy from a variety of interrupt sources, including the + console devices, Ethernet and point-to-point network interfaces, + and mass-storage devices. Entropy from the &man.random.4; + device is now periodically saved to files in + <filename>/var/db/entropy</filename>, as well as at shutdown + time. The semantics of <filename>/dev/random</filename> have + changed; it never blocks waiting for entropy bits but generates + a stream of pseudo-random data and now behaves exactly as + <filename>/dev/urandom</filename>.</para> <para>A new kernel option, <literal>options REGRESSION</literal>, - enables interfaces and functionality intended for use during - correctness and regression testing.</para> + enables interfaces and functionality intended for use during + correctness and regression testing.</para> <para arch="sparc64">Support has been added for SBus-based - devices.</para> + devices.</para> - <para arch="i386">The &man.spic.4; driver, which provides access to the jog - dial device on some Sony laptops, has been added.</para> + <para arch="i386">The &man.spic.4; driver, which provides access + to the jog dial device on some Sony laptops, has been + added.</para> <para>The &man.syscons.4; driver now supports keyboard-controlled - pasting, by default bound to - <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para> + pasting, by default bound to + <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para> <para>Support for USB devices was added to the - <filename>GENERIC</filename> kernel and to the installation - programs to support USB devices out of the box. Note that SRM - does not support USB devices at the moment, so you must still use - an AT keyboard if you are not using a serial console. &merged;</para> + <filename>GENERIC</filename> kernel and to the installation + programs to support USB devices out of the box. Note that SRM + does not support USB devices at the moment, so you must still + use an AT keyboard if you are not using a serial + console. &merged;</para> <para arch="i386">The umodem driver for USB modems has been added. - Support is provided for the 3Com 5605 and Metricom Ricochet GS - wireless USB modems. &merged;</para> + Support is provided for the 3Com 5605 and Metricom Ricochet GS + wireless USB modems. &merged;</para> - <para arch="i386">The &man.uscanner.4; driver for basic USB scanner support - using SANE has been added. See <ulink - url="http://www.mostang.com/sane/">the SANE home page</ulink> for - supported scanners. The HP ScanJet 4100C, 5200C and 6300C are - known to be working. &merged;</para> + <para arch="i386">The &man.uscanner.4; driver for basic USB + scanner support using SANE has been added. See <ulink + url="http://www.mostang.com/sane/">the SANE home page</ulink> + for supported scanners. The HP ScanJet 4100C, 5200C and 6300C + are known to be working. &merged;</para> <para>The <literal>USER_LDT</literal> kernel option is now - activated by default.</para> + activated by default.</para> <para>A VESA S3 linear framebuffer driver has been added.</para> <!-- Above this line, sort kernel changes by manpage/keyword--> <para>Write combining for crashdumps has been implemented. This - feature is useful when write caching is disabled on both SCSI and - IDE disks, where large memory dumps could take up to an hour to - complete. &merged;</para> + feature is useful when write caching is disabled on both SCSI + and IDE disks, where large memory dumps could take up to an hour + to complete. &merged;</para> <para>Extremely large swap areas (>67 GB) no longer panic the - system.</para> + system.</para> - <para arch="alpha">Support for threads under Linux emulation has been - added.</para> + <para arch="alpha">Support for threads under Linux emulation has + been added.</para> <para>The <maketarget>buildkernel</maketarget> target now gets the - name of the configuration(s) to build from the - <varname>KERNCONF</varname> variable, not - <varname>KERNEL</varname>. It is no longer required, in some - cases, for a <maketarget>buildworld</maketarget> to precede a - <maketarget>buildkernel</maketarget>. (The - <maketarget>buildworld</maketarget> is still required when - upgrading across major releases, across - <application>binutil</application> updates and when &man.config.8; - changes version.) &merged; - </para> + name of the configuration(s) to build from the + <varname>KERNCONF</varname> variable, not + <varname>KERNEL</varname>. It is no longer required, in some + cases, for a <maketarget>buildworld</maketarget> to precede a + <maketarget>buildkernel</maketarget>. (The + <maketarget>buildworld</maketarget> is still required when + upgrading across major releases, across + <application>binutil</application> updates and when + &man.config.8; changes version.) &merged;</para> <para>The out-of-swap process termination code now begins killing - processes earlier to avoid deadlocks; it now also takes into - account the swap space used by processes when computing the - process sizes. &merged;</para> + processes earlier to avoid deadlocks; it now also takes into + account the swap space used by processes when computing the + process sizes. &merged;</para> <para>Linker sets are now self-contained; &man.gensetdefs.8; is - unnecessary and has been removed.</para> + unnecessary and has been removed.</para> <para>Numerous SMP-friendly changes have been made to the kernel's - mbuf allocator.</para> + mbuf allocator.</para> - <para>Network device cloning has been implemented, and the &man.gif.4; - device has been modified to take advantage of it. - Thus, instead of specifying how many &man.gif.4; interfaces - are available in kernel configuration files, &man.ifconfig.8;'s - <option>create</option> option should be used when another device - instance is desired. &merged;</para> + <para>Network device cloning has been implemented, and the + &man.gif.4; device has been modified to take advantage of it. + Thus, instead of specifying how many &man.gif.4; interfaces are + available in kernel configuration files, &man.ifconfig.8;'s + <option>create</option> option should be used when another device + instance is desired. &merged;</para> - <para>It is now possible to hardwire kernel environment variables (such - as tuneables) at compile-time using &man.config.8;'s - <literal>ENV</literal> directive.</para> + <para>It is now possible to hardwire kernel environment variables + (such as tuneables) at compile-time using &man.config.8;'s + <literal>ENV</literal> directive.</para> <para>Idle zeroing of pages can be enabled with the - <varname>vm.zeroidle_enable</varname> sysctl variable.</para> + <varname>vm.zeroidle_enable</varname> sysctl variable.</para> - <para arch="i386">The load addresses of kernels are now exported to the - symbol table and various hard-coded constants have been removed so that - utilities such as &man.ps.1; can work with kernels compiled at - different addresses. &merged;</para> + <para arch="i386">The load addresses of kernels are now exported + to the symbol table and various hard-coded constants have been + removed so that utilities such as &man.ps.1; can work with + kernels compiled at different addresses. &merged;</para> <para>Coredumps of large processes (or of a large number of - processes) no longer lock up the machine for long periods of - time. &merged;</para> + processes) no longer lock up the machine for long periods of + time. &merged;</para> <para>The kernel is now aware of the concept that there are - smaller units of scheduling than a process (but only one thread - per process is allowed at this time).</para> + smaller units of scheduling than a process (but only one thread + per process is allowed at this time).</para> <para>The kernel now has support for multiple low-level console - devices. The new &man.conscontrol.8; utility helps to manage the - different consoles.</para> + devices. The new &man.conscontrol.8; utility helps to manage + the different consoles.</para> - <para arch="alpha">The console driver has gained support for TGA-based - display adapters.</para> + <para arch="alpha">The console driver has gained support for + TGA-based display adapters.</para> <para>The kernel on the installation CDs is now separated from the - <filename>mfsroot</filename> image. This permits the use of a - full kernel when installing from CD on machines that support CD - booting (instead of the stripped-down kernel used on - floppies). &merged;</para> + <filename>mfsroot</filename> image. This permits the use of a + full kernel when installing from CD on machines that support CD + booting (instead of the stripped-down kernel used on + floppies). &merged;</para> <para>The system load average computation now adds some jitter to - the timing of samples, in order to avoid synchronization with - processes that run periodically. &merged;</para> + the timing of samples, in order to avoid synchronization with + processes that run periodically. &merged;</para> <para>If a debugging kernel with modules is being built - (i.e. using <literal>makeoptions DEBUG=-g</literal>), the modules - will now be built with debugging support as well, for - completeness. A side effect of this change is that modules built - and installed with debugging kernels will now occupy more space on - disk than they did previously. &merged;</para> + (i.e. using <literal>makeoptions DEBUG=-g</literal>), the + modules will now be built with debugging support as well, for + completeness. A side effect of this change is that modules + built and installed with debugging kernels will now occupy more + space on disk than they did previously. &merged;</para> <para>The kernel dump device can now be set via the - <varname>dumpdev</varname> loader tunable. As a result, it is now - possible to obtain crash dumps from panics during the late stages - of kernel initialization (before the system enters into - single-user mode). &merged;</para> + <varname>dumpdev</varname> loader tunable. As a result, it is + now possible to obtain crash dumps from panics during the late + stages of kernel initialization (before the system enters into + single-user mode). &merged;</para> <sect3> <title>Processor/Motherboard Support</title> <para>SMP support has been largely reworked, incorporating code - from BSD/OS 5.0. One of the main features of SMPng (<quote>SMP - Next Generation</quote>) is to allow more processes to run in - kernel, without the need for spin locks that can dramatically - reduce the efficiency of multiple processors. Interrupt - handlers now have contexts associated with them that allow them - to be blocked, which reduces the need to lock out - interrupts.</para> + from BSD/OS 5.0. One of the main features of SMPng + (<quote>SMP Next Generation</quote>) is to allow more + processes to run in kernel, without the need for spin locks + that can dramatically reduce the efficiency of multiple + processors. Interrupt handlers now have contexts associated + with them that allow them to be blocked, which reduces the + need to lock out interrupts.</para> <para arch="i386">Support for the 80386 processor has been - removed from the <filename>GENERIC</filename> kernel, as this - code seriously pessimizes performance on other IA32 - processors.</para> + removed from the <filename>GENERIC</filename> kernel, as this + code seriously pessimizes performance on other IA32 + processors.</para> <para arch="i386">The <literal>I386_CPU</literal> kernel option - to support the 80386 processor is now mutually exclusive with - support for other IA32 processors; this should slightly improve - performance on the 80386 due to the elimination of runtime - processor type checks.</para> + to support the 80386 processor is now mutually exclusive with + support for other IA32 processors; this should slightly + improve performance on the 80386 due to the elimination of + runtime processor type checks.</para> <para arch="i386">Custom kernels that will run on the 80386 can - still be built by changing the cpu options in the kernel - configuration file to only include - <literal>I386_CPU</literal>.</para> + still be built by changing the cpu options in the kernel + configuration file to only include + <literal>I386_CPU</literal>.</para> <para arch="alpha">AlphaServer 1200 (<quote>Tincup</quote>) has - been tested and works OK. Currently it does not want to boot - from CD or floppy but a transplanted disk that was installed on - another Alpha works well. &merged;</para> + been tested and works OK. Currently it does not want to boot + from CD or floppy but a transplanted disk that was installed + on another Alpha works well. &merged;</para> - <para arch="alpha">The API UP1100 mainboard has been verified to work.</para> + <para arch="alpha">The API UP1100 mainboard has been verified to + work.</para> - <para arch="alpha">The API CS20 1U high server has been verified to work.</para> + <para arch="alpha">The API CS20 1U high server has been verified + to work.</para> - <para arch="alpha">The DEC3000 series support has been removed from the mfsroot - floppy image so that it fits on a 1.44 Mbyte floppy again. As the - DEC3000 is currently only usable diskless this should not cause - any problems.</para> + <para arch="alpha">The DEC3000 series support has been removed + from the mfsroot floppy image so that it fits on a 1.44 Mbyte + floppy again. As the DEC3000 is currently only usable diskless + this should not cause any problems.</para> - <para arch="alpha">Support for AlphaServer 2100A (<quote>Lynx</quote>) has been - added.</para> + <para arch="alpha">Support for AlphaServer 2100A + (<quote>Lynx</quote>) has been added.</para> - <para arch="alpha">Kernel code has been added that allows older generation Alpha CPUs - (EV4 and EV5) to emulate instructions of the newer Alpha CPU - generations. This enables the use of binary-only programs like <application>Adobe - Acrobat 4</application> on EV4 and EV5.</para> + <para arch="alpha">Kernel code has been added that allows older + generation Alpha CPUs (EV4 and EV5) to emulate instructions of + the newer Alpha CPU generations. This enables the use of + binary-only programs like <application>Adobe Acrobat + 4</application> on EV4 and EV5.</para> <para arch="alpha">SMP support for the Alpha is now operational.</para> <para arch="i386">Detection for new processors, such as the - FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and Transmeta - Crusoe LongRun, has been added. &merged;</para> + FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and + Transmeta Crusoe LongRun, has been added. &merged;</para> - <para arch="alpha">Support for the following hardware has been removed - from the installation kernel to make it fit on a 1.44MB floppy again: - Multia, NoName, PC64, EB64, Aspen Alpine, sa (SCSI tape), amr, parallel - port support, vx (3c590, 3c595), pcn (AMD Am79C97x PCI 10/100), - sf (Adaptec AIC-6915), sis (SiS 900/SiS 7016), ste (Sundance ST201 - (D-Link DFE-550TX)), wb (Winbond W89C840F).</para> + <para arch="alpha">Support for the following hardware has been + removed from the installation kernel to make it fit on a + 1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine, + sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595), + pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS + 900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb + (Winbond W89C840F).</para> <para arch="i386">Support for Streaming <acronym>SIMD</acronym> - Extensions (<acronym>SSE</acronym>) has been introduced. The - <literal>CPU_ENABLE_SSE</literal> kernel option controls whether - support is compiled into the kernel. &merged;</para> + Extensions (<acronym>SSE</acronym>) has been introduced. The + <literal>CPU_ENABLE_SSE</literal> kernel option controls + whether support is compiled into the kernel. &merged;</para> </sect3> <sect3> <title>Bootloader Changes</title> - <para arch="i386">A new <filename>cdboot</filename> bootstrap utility for CDROMs provides - better compatability with some BIOS implementations that do not - completely implement the El Torito bootable CDROM standard. This - boot loader supports <quote>no emulation</quote> mode booting, - thus eliminating the need for an emulated floppy disk image on - a bootable CDROM. &merged;</para> + <para arch="i386">A new <filename>cdboot</filename> bootstrap + utility for CDROMs provides better compatability with some + BIOS implementations that do not completely implement the El + Torito bootable CDROM standard. This boot loader supports + <quote>no emulation</quote> mode booting, thus eliminating the + need for an emulated floppy disk image on a bootable + CDROM. &merged;</para> - <para arch="i386">The i386 boot loader now has support for a - <literal>nullconsole</literal> - console type, for use on systems with neither a video console nor - a serial port. &merged;</para> + <para arch="i386">The i386 boot loader now has support for a + <literal>nullconsole</literal> console type, for use on + systems with neither a video console nor a serial + port. &merged;</para> <para arch="i386">The &man.loader.8; now has optional support - (enabled at compile-time, off by default) for loading - <application>bzip2</application>-compressed kernels and - modules. &merged;</para> + (enabled at compile-time, off by default) for loading + <application>bzip2</application>-compressed kernels and + modules. &merged;</para> - <para arch="i386">Support for Intel's Wired for Management 2.0 (PXE) - was added to the &os; boot loader. Due to API differences, the - older PXE versions are not supported. This allow network booting - using DHCP. &merged;</para> + <para arch="i386">Support for Intel's Wired for Management 2.0 + (PXE) was added to the &os; boot loader. Due to API + differences, the older PXE versions are not supported. This + allow network booting using DHCP. &merged;</para> <!-- Above this line, order bootloader changes by keyword--> <para arch="i386">The &os; boot loader now contains a workaround - to support CDROM booting on certain IBM BIOSs that expect the - first sector of the emulated floppy to contain a valid MS-DOS BPB - that they can modify. &merged;</para> + to support CDROM booting on certain IBM BIOSs that expect the + first sector of the emulated floppy to contain a valid MS-DOS + BPB that they can modify. &merged;</para> <para arch="i386">The &os; boot loader now supports a - <option>-p</option> flag to force the kernel to pause after each - line of output during the probing phase. &merged;</para> + <option>-p</option> flag to force the kernel to pause after + each line of output during the probing phase. &merged;</para> <para arch="alpha,i386">The &os; boot loader is now capable of - booting from filesystems with block sizes larger than 8K. &merged;</para> + booting from filesystems with block sizes larger than + 8K. &merged;</para> <para>The kernel and modules have been moved to the directory - <filename>/boot/kernel</filename>, so they can be easily - manipulated together. The boot loader has been updated to make - this change as seamless as possible.</para> + <filename>/boot/kernel</filename>, so they can be easily + manipulated together. The boot loader has been updated to + make this change as seamless as possible.</para> </sect3> <sect3> <title>Network Interface Support</title> <para>The &man.an.4; driver for Cisco Aironet cards now supports - Wired Equivalent Privacy (WEP) encryption, settable via - &man.ancontrol.8;. &merged;</para> + Wired Equivalent Privacy (WEP) encryption, settable via + &man.ancontrol.8;. &merged;</para> <para>The &man.an.4; driver now supports the Cisco Aironet 350 - series of adaptors. &merged;</para> + series of adaptors. &merged;</para> <para>The &man.an.4; driver now supports <quote>monitor</quote> - mode, settable via the <option>-M</option> option to - &man.ancontrol.8;. &merged;</para> + mode, settable via the <option>-M</option> option to + &man.ancontrol.8;. &merged;</para> <para>The &man.an.4; driver now supports Cisco LEAP, as well as - the <quote>Home</quote> WEP key. The Linux Aironet - utilities are now supported under emulation. &merged;</para> + the <quote>Home</quote> WEP key. The Linux Aironet utilities + are now supported under emulation. &merged;</para> <para arch="i386">Generic support for ARCNET token-based - networks has been added. &merged;</para> + networks has been added. &merged;</para> <para arch="i386">The &man.bge.4; driver has been added to - support the Broadcom BCM570x family of Gigabit Ethernet - controllers, including the 3Com 3c996-T, the SysKonnect SK-9D21 - and SK-9D41, and the built-in Gigabit Ethernet NICs on Dell - PowerEdge 2550 servers. Output TCP/IP checksum offload, jumbo frames - and VLAN tag insertion/stripping are supported, as well as - interrupt moderation. &merged;</para> + support the Broadcom BCM570x family of Gigabit Ethernet + controllers, including the 3Com 3c996-T, the SysKonnect + SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on + Dell PowerEdge 2550 servers. Output TCP/IP checksum offload, + jumbo frames and VLAN tag insertion/stripping are supported, + as well as interrupt moderation. &merged;</para> <para arch="i386">The cm driver has been added to support SMC - COM90cx6 ARCNET network adapters. &merged;</para> + COM90cx6 ARCNET network adapters. &merged;</para> <para>The &man.dc.4; driver now supports NICs based on the Xircom - 3201 and Conexant LANfinity RS7112 chips.</para> + 3201 and Conexant LANfinity RS7112 chips.</para> - <para>The &man.dc.4; driver now has support for VLANs. &merged;</para> + <para>The &man.dc.4; driver now has support for + VLANs. &merged;</para> <para>The &man.de.4; driver now performs round-robin arbitration - between the transmit and receive units of the 21143, instead of - giving priority to the receive unit. This gives a 10–15% - performance improvement in the forwarding rate under heavy - load. &merged;</para> + between the transmit and receive units of the 21143, instead + of giving priority to the receive unit. This gives a + 10–15% performance improvement in the forwarding rate + under heavy load. &merged;</para> <para arch="alpha">The &man.ed.4; driver is now supported.</para> - <para arch="i386">Linksys Fast Ethernet PCCARD cards supported by the - &man.ed.4; driver now require the addition of flag - <literal>0x80000</literal> to their config line in - &man.pccard.conf.5;. This flag is not optional. These Linksys - cards will not be recognized without it. &merged;</para> + <para arch="i386">Linksys Fast Ethernet PCCARD cards supported + by the &man.ed.4; driver now require the addition of flag + <literal>0x80000</literal> to their config line in + &man.pccard.conf.5;. This flag is not optional. These + Linksys cards will not be recognized without + it. &merged;</para> - <para>A bug in the &man.ed.4; driver that could cause panics with - very short packets and BPF or bridging active has been - fixed. &merged;</para> + <para>A bug in the &man.ed.4; driver that could cause panics + with very short packets and BPF or bridging active has been + fixed. &merged;</para> - <para>The &man.ed.4; driver now has support for D-Link - DL10022 chips, necessary for the NetGear FA-410TX and other - cards. As a result, <literal>device miibus</literal> is - required in kernel configurations using the &man.ed.4; - driver. &merged;</para> + <para>The &man.ed.4; driver now has support for D-Link DL10022 + chips, necessary for the NetGear FA-410TX and other cards. As + a result, <literal>device miibus</literal> is required in + kernel configurations using the &man.ed.4; + driver. &merged;</para> <para arch="i386">The &man.el.4; driver can now be loaded as a - module.</para> + module.</para> <para arch="i386">The &man.em.4; driver has been added to - support NICs based on the Intel 82542, 82543, and 82544 Gigabit - Ethernet controller chips. The driver supports transmit/receive - checksum offload and jumbo frames on 82543 and 82544-based - adapters. &merged;</para> + support NICs based on the Intel 82542, 82543, and 82544 + Gigabit Ethernet controller chips. The driver supports + transmit/receive checksum offload and jumbo frames on 82543 + and 82544-based adapters. &merged;</para> <para>The &man.faith.4; device is now loadable, unloadable, and - clonable. &merged;</para> + clonable. &merged;</para> - <para arch="i386">Support for Fujitsu MB86960A/MB86965A based Ethernet - PC-Cards has been added back in the &man.fe.4; driver. &merged;</para> + <para arch="i386">Support for Fujitsu MB86960A/MB86965A based + Ethernet PC-Cards has been added back in the &man.fe.4; + driver. &merged;</para> <para arch="alpha">The &man.fpa.4; driver now supports Digital's - DEFPA FDDI adaptors on the Alpha. &merged;</para> + DEFPA FDDI adaptors on the Alpha. &merged;</para> <para>The &man.fxp.4; driver now requires a <literal>device - miibus</literal> entry in the kernel configuration file. &merged;</para> + miibus</literal> entry in the kernel configuration + file. &merged;</para> - <para>The &man.fxp.4; driver now contains a workaround for - PCI protocol violations caused by defects in some systems based - on the Intel ICH2/ICH2-M chip. The workaround is to rewrite the - EEPROM on the interface to disable Dynamic Standby Mode; once - the EEPROM is rewritten, the system needs to be rebooted for the - new settings to take effect. &merged;</para> + <para>The &man.fxp.4; driver now contains a workaround for PCI + protocol violations caused by defects in some systems based on + the Intel ICH2/ICH2-M chip. The workaround is to rewrite the + EEPROM on the interface to disable Dynamic Standby Mode; once + the EEPROM is rewritten, the system needs to be rebooted for + the new settings to take effect. &merged;</para> <para>The &man.fxp.4; driver now supports Intel's loadable - microcode to implement receive-side interrupt coalescing and - packet bundling, on NICs that support these features. This - support can be activated by the use of the - <option>link0</option> option to &man.ifconfig.8;. &merged;</para> + microcode to implement receive-side interrupt coalescing and + packet bundling, on NICs that support these features. This + support can be activated by the use of the + <option>link0</option> option to + &man.ifconfig.8;. &merged;</para> <para arch="sparc64">The gem driver has been added to support - the Sun GEM Gigabit Ethernet and ERI Fast Ethernet - adapters.</para> + the Sun GEM Gigabit Ethernet and ERI Fast Ethernet + adapters.</para> <para>The &man.gx.4; driver has been added to support NICs based - on the Intel 82542 and 82543 Gigabit Ethernet controller chips. - Both fiber and copper variants of the cards are supported. Both - boards support VLAN tagging/insertion, and the 82543 additionally - supports TCP/IP checksum offload. &merged;</para> + on the Intel 82542 and 82543 Gigabit Ethernet controller + chips. Both fiber and copper variants of the cards are + supported. Both boards support VLAN tagging/insertion, and + the 82543 additionally supports TCP/IP checksum + offload. &merged;</para> <para arch="sparc64">The hme driver has been added to support - the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra - series machines.</para> + the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra + series machines.</para> <para>The &man.lge.4; driver has been added to support the Level - 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This - device is used on some fiber optic GigE cards from SMC, D-Link - and Addtron. Jumbograms and TCP/IP checksum offload on receive - are supported, although hardware VLAN filtering is not. &merged;</para> + 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This + device is used on some fiber optic GigE cards from SMC, D-Link + and Addtron. Jumbograms and TCP/IP checksum offload on + receive are supported, although hardware VLAN filtering is + not. &merged;</para> <para>Added the &man.nge.4; driver, which supports PCI Gigabit - Ethernet adapters based on the National Semiconductor DP83820 - and DP83821 Gigabit Ethernet controller chips, including the - D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante - FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron - AEG320T. This driver supports transmit and receive checksum - offloading. &merged;</para> + Ethernet adapters based on the National Semiconductor DP83820 + and DP83821 Gigabit Ethernet controller chips, including the + D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante + FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T. + This driver supports transmit and receive checksum + offloading. &merged;</para> <para>The &man.pcn.4; driver, which supports the AMD PCnet/FAST, - PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and HomePNA - adapters, has been added. Although these cards are already - supported by the &man.lnc.4; driver, the &man.pcn.4; driver runs - these chips in 32-bit mode and uses the RX alignment feature to - achieve zero-copy receive. This driver is also - machine-independent, so it will work on both the i386 and Alpha - platforms. The &man.lnc.4; driver is still needed to support non-PCI - cards. &merged;</para> + PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and + HomePNA adapters, has been added. Although these cards are + already supported by the &man.lnc.4; driver, the &man.pcn.4; + driver runs these chips in 32-bit mode and uses the RX + alignment feature to achieve zero-copy receive. This driver + is also machine-independent, so it will work on both the i386 + and Alpha platforms. The &man.lnc.4; driver is still needed + to support non-PCI cards. &merged;</para> <para>The &man.ray.4; driver, which supports the Webgear Aviator - wireless network cards, has been committed. The operation of - &man.ray.4; interfaces can be modified by - &man.raycontrol.8;. &merged;</para> + wireless network cards, has been committed. The operation of + &man.ray.4; interfaces can be modified by + &man.raycontrol.8;. &merged;</para> <para arch="i386">The sbni driver, for supporting the Granch - SBNI12 series of ISA and PCI point-to-point communications - interfaces, has been added. The <filename role="package">sysutils/sbniconfig</filename> - port in the &os; Ports Collection can be used for configuring - these devices. &merged;</para> - - <para>Added support for PCI Ethernet adapters based on the - SiS 900 and SiS 7016 Fast Ethernet controller chips (for - example, as seen on the SiS 635 and 735 motherboard chipsets), as well as the - National Semiconductor DP83815 chipset (including the NetGear - FA311-TX and FA312-TX) in the form of the &man.sis.4; driver. - This device has support for VLANs. &merged;</para> + SBNI12 series of ISA and PCI point-to-point communications + interfaces, has been added. The <filename + role="package">sysutils/sbniconfig</filename> port in the &os; + Ports Collection can be used for configuring these + devices. &merged;</para> + + <para>Added support for PCI Ethernet adapters based on the SiS + 900 and SiS 7016 Fast Ethernet controller chips (for example, + as seen on the SiS 635 and 735 motherboard chipsets), as well + as the National Semiconductor DP83815 chipset (including the + NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4; + driver. This device has support for VLANs. &merged;</para> <para arch="i386">The snc driver for the National Semiconductor - DP8393X (SONIC) Ethernet controller has been added. Currently, - this driver is only used on the PC-98 architecture. &merged;</para> + DP8393X (SONIC) Ethernet controller has been added. + Currently, this driver is only used on the PC-98 + architecture. &merged;</para> <para>The &man.stf.4; device is now clonable.</para> - <para>The &man.tap.4; driver, a virtual Ethernet device driver for - bridged configurations, has been added. This device is - clonable. &merged;</para> + <para>The &man.tap.4; driver, a virtual Ethernet device driver + for bridged configurations, has been added. This device is + clonable. &merged;</para> <para>The &man.ti.4; driver now supports the Alteon AceNIC - 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT Gigabit - cards. &merged;</para> + 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT + Gigabit cards. &merged;</para> <para>The &man.ti.4; driver correctly masks VLAN tags. &merged;</para> <para>The &man.txp.4; driver has been added to support NICs - based on the 3Com 3XP Typhoon/Sidewinder (3CR990) chipset. &merged;</para> + based on the 3Com 3XP Typhoon/Sidewinder (3CR990) + chipset. &merged;</para> <para>&man.vlan.4; devices are now loadable, unloadable, and - clonable. &merged;</para> + clonable. &merged;</para> - <para>The &man.xl.4; driver now supports the 3Com 3C556 and 3C556B - MiniPCI adapters used on some laptops. &merged;</para> + <para>The &man.xl.4; driver now supports the 3Com 3C556 and + 3C556B MiniPCI adapters used on some laptops. &merged;</para> <para>The &man.xl.4; driver now supports reception of VLAN - tagged frames (on the <quote>Cyclone</quote> or newer - chipsets). &merged;</para> + tagged frames (on the <quote>Cyclone</quote> or newer + chipsets). &merged;</para> - <para>The &man.xl.4; driver now supports send- and receive-side TCP/IP - checksum offloading for NICs implementing this feature, such as - the 3C905B, 3C905C, and 3C980C. &merged;</para> + <para>The &man.xl.4; driver now supports send- and receive-side + TCP/IP checksum offloading for NICs implementing this feature, + such as the 3C905B, 3C905C, and 3C980C. &merged;</para> - <para>A bug in the &man.xl.4; driver, related to statistics overflow - interrupt handling, was causing slowdowns at medium to high - packet rates; this has been fixed. &merged;</para> + <para>A bug in the &man.xl.4; driver, related to statistics + overflow interrupt handling, was causing slowdowns at medium + to high packet rates; this has been fixed. &merged;</para> <para>The per-interface <varname>ifnet</varname> structure now - has the ability to indicate a set of capabilities supported by a - network interface, and which ones are enabled. &man.ifconfig.8; - has support for querying these capabilities. &merged;</para> + has the ability to indicate a set of capabilities supported by + a network interface, and which ones are enabled. + &man.ifconfig.8; has support for querying these + capabilities. &merged;</para> <para>Performance with hosts having a large number of IP aliases - has been improved, by replacing the per-interface - <varname>if_inaddr</varname> linear list with a hash table. &merged;</para> + has been improved, by replacing the per-interface + <varname>if_inaddr</varname> linear list with a hash table. &merged;</para> <para>Network devices now automatically appear as special files in - <filename>/dev/net</filename>. Interface hardware ioctls (not - protocol or routing) can be performed on these devices. The - <varname>SIOCGIFCONF</varname> ioctl may be performed on the - special <filename>/dev/network</filename> node.</para> + <filename>/dev/net</filename>. Interface hardware ioctls (not + protocol or routing) can be performed on these devices. The + <varname>SIOCGIFCONF</varname> ioctl may be performed on the + special <filename>/dev/network</filename> node.</para> - <para>Selected network drivers now implement a - semi-polling mode, which makes systems much more resilient to - attacks and overloads. To enable polling, the following options - are required in a kernel configuration file: + <para>Selected network drivers now implement a semi-polling + mode, which makes systems much more resilient to attacks and + overloads. To enable polling, the following options are + required in a kernel configuration file: <programlisting>options DEVICE_POLLING options HZ=1000 # not compulsory but strongly recommended</programlisting> - The <varname>kern.polling.enable</varname> sysctl variable - will then activate polling mode; with the - <varname>kern.polling.user_frac</varname> sysctl indicating the - percentage of CPU time to be reserved for userland. The devices - initially supporting polling are &man.dc.4;, &man.fxp.4;, and - &man.sis.4;. More details can be found in the &man.polling.4; - manual page. &merged;</para> + The <varname>kern.polling.enable</varname> sysctl variable + will then activate polling mode; with the + <varname>kern.polling.user_frac</varname> sysctl indicating + the percentage of CPU time to be reserved for userland. The + devices initially supporting polling are &man.dc.4;, + &man.fxp.4;, and &man.sis.4;. More details can be found in + the &man.polling.4; manual page. &merged;</para> <para arch="i386">The packet-forwarding performance of certain - network drivers (specifically &man.dc.4; and &man.sis.4;) has - been enhanced by the elimination of unnecessary buffer - copies. &merged;</para> + network drivers (specifically &man.dc.4; and &man.sis.4;) has + been enhanced by the elimination of unnecessary buffer + copies. &merged;</para> </sect3> <sect3> <title>Network Protocols</title> - <para>&man.accept.filter.9;, a kernel feature to reduce overheads - when accepting and reading new connections on listening sockets, - has been added. &merged;</para> + <para>&man.accept.filter.9;, a kernel feature to reduce + overheads when accepting and reading new connections on + listening sockets, has been added. &merged;</para> <para>The <literal>proxy</literal> modifier to &man.arp.8;'s - <option>-d</option> option has been renamed to - <literal>pub</literal>, for consistency with the - <option>-s</option> option. The <literal>only</literal> keyword - has been added to the <option>-s</option> and - <option>-S</option> flags, to be used in creating - <quote>proxy-only</quote> published entries. &merged;</para> + <option>-d</option> option has been renamed to + <literal>pub</literal>, for consistency with the + <option>-s</option> option. The <literal>only</literal> keyword + has been added to the <option>-s</option> and + <option>-S</option> flags, to be used in creating + <quote>proxy-only</quote> published entries. &merged;</para> <para>The read timeout feature of &man.bpf.4; now works more - correctly with &man.select.2;/&man.poll.2;, and therefore with - pthreads. &merged;</para> + correctly with &man.select.2;/&man.poll.2;, and therefore with + pthreads. &merged;</para> <para>&man.bridge.4; and &man.dummynet.4; have received some - enhancements and bug fixes, and are now loadable - modules. &merged;</para> + enhancements and bug fixes, and are now loadable + modules. &merged;</para> <para>&man.bridge.4; now has better support for multiple, - fully-independent bridging clusters, and is much more stable in - the presence of dynamic attachments and detatchments. Full - support for VLANs is also supported. &merged;</para> + fully-independent bridging clusters, and is much more stable + in the presence of dynamic attachments and detatchments. Full + support for VLANs is also supported. &merged;</para> - <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP RSTs - generated due to packets sent to open and unopen ports are now - limited by separate counters. Each rate limiting queue now has - its own description.</para> + <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP + RSTs generated due to packets sent to open and unopen ports + are now limited by separate counters. Each rate limiting + queue now has its own description.</para> <para>ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can - now RST TCP connections in the <literal>SYN_SENT</literal> state - if the correct sequence numbers are sent back, as controlled by the - <varname>net.inet.tcp.icmp_may_rst</varname> - sysctl.</para> + now RST TCP connections in the <literal>SYN_SENT</literal> + state if the correct sequence numbers are sent back, as + controlled by the + <varname>net.inet.tcp.icmp_may_rst</varname> sysctl.</para> <para>IP multicast now works on VLAN devices. Several other - bugs in the VLAN code have also been fixed.</para> + bugs in the VLAN code have also been fixed.</para> - <para>&man.ipfw.4; now filters correctly in the presence of ECN bits in TCP - segments. &merged;</para> + <para>&man.ipfw.4; now filters correctly in the presence of ECN + bits in TCP segments. &merged;</para> <para>A new &man.ng.eth.4; netgraph node allows Ethernet type - packets to be filtered to different hooks depending on - ethertype.</para> + packets to be filtered to different hooks depending on + ethertype.</para> <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph - nodes, for operating on &man.gif.4; devices, have been - added.</para> + nodes, for operating on &man.gif.4; devices, have been + added.</para> <para>The &man.ng.ip.input.4; netgraph node, for queueing IP - packets into the main IP input processing code, has been - added.</para> + packets into the main IP input processing code, has been + added.</para> <para>The &man.ng.mppc.4; and &man.ng.bridge.4; node types have - been added to the &man.netgraph.4; subsystem. The &man.ng.ether.4; node - is now dynamically loadable. Miscellaneous bug fixes and - enhancements have also been made. &merged;</para> + been added to the &man.netgraph.4; subsystem. The + &man.ng.ether.4; node is now dynamically loadable. + Miscellaneous bug fixes and enhancements have also been + made. &merged;</para> - <para>A new netgraph node type &man.ng.one2many.4; for multiplexing - and demultiplexing packets over multiple links has been added. - &merged;</para> + <para>A new netgraph node type &man.ng.one2many.4; for + multiplexing and demultiplexing packets over multiple links + has been added. &merged;</para> - <para>A new sysctl <varname>net.inet.ip.check_interface</varname>, - which is on by default, causes IP to verify that an incoming - packet arrives on an interface that has an address matching the - packet's destination address. &merged;</para> + <para>A new sysctl + <varname>net.inet.ip.check_interface</varname>, which is on by + default, causes IP to verify that an incoming packet arrives + on an interface that has an address matching the packet's + destination address. &merged;</para> <para>A new sysctl - <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has - been added to control the suppression of logging when ARP replies - arrive on the wrong interface. &merged;</para> + <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has + been added to control the suppression of logging when ARP + replies arrive on the wrong interface. &merged;</para> <para>A new <literal>options RANDOM_IP_ID</literal> kernel - option causes the ID field of IP packets to be randomized. This - closes a minor information leak which allows a remote observer - to determine the rate at which the machine is generating - packets, since the default behavior is to increment a counter - for each packet sent. &merged;</para> + option causes the ID field of IP packets to be randomized. + This closes a minor information leak which allows a remote + observer to determine the rate at which the machine is + generating packets, since the default behavior is to increment + a counter for each packet sent. &merged;</para> <para arch="alpha">SLIP has been removed from the - <filename>mfsroot</filename> floppy image.</para> + <filename>mfsroot</filename> floppy image.</para> <para>TCP has received some bug fixes for its delayed ACK - behavior. &merged;</para> + behavior. &merged;</para> - <para>TCP now supports the NewReno modification to the TCP Fast Recovery - algorithm. This behavior can be controlled via the - <varname>net.inet.tcp.newreno</varname> sysctl variable. &merged;</para> + <para>TCP now supports the NewReno modification to the TCP Fast + Recovery algorithm. This behavior can be controlled via the + <varname>net.inet.tcp.newreno</varname> sysctl + variable. &merged;</para> - <para>TCP now uses a more aggressive timeout for initial SYN segments; this - allows initial connection attempts to be dropped much - faster. &merged;</para> + <para>TCP now uses a more aggressive timeout for initial SYN + segments; this allows initial connection attempts to be + dropped much faster. &merged;</para> <para>The <literal>TCP_COMPAT_42</literal> kernel option has - been removed. &merged;</para> + been removed. &merged;</para> <para>The <literal>TCP_RESTRICT_RST</literal> kernel option has - been removed. Similar functionality can be achieved with the - <varname>net.inet.tcp.blackhole</varname> sysctl - variable. &merged;</para> + been removed. Similar functionality can be achieved with the + <varname>net.inet.tcp.blackhole</varname> sysctl + variable. &merged;</para> <para>TCP now has RFC 1323 extensions enabled by default in - &man.rc.conf.5;. &merged;</para> + &man.rc.conf.5;. &merged;</para> - <para>RFC 1323 and RFC 1644 TCP extensions are now disabled for a - connection in progress if no response has been received by the - third SYN segment sent. This behavior tries to work around - (very old) terminal servers with buggy VJ header compression - implementations. &merged;</para> + <para>RFC 1323 and RFC 1644 TCP extensions are now disabled for + a connection in progress if no response has been received by + the third SYN segment sent. This behavior tries to work + around (very old) terminal servers with buggy VJ header + compression implementations. &merged;</para> - <para>The TCP implementation no longer requires the - allocation of a TCP template structure for each connection; this - should reduce the buffer usage on large systems handling many - connections. &merged;</para> + <para>The TCP implementation no longer requires the allocation + of a TCP template structure for each connection; this should + reduce the buffer usage on large systems handling many + connections. &merged;</para> <para>TCP's default buffer sizes, controlled by the - <varname>net.inet.tcp.sendspace</varname> and - <varname>net.inet.tcp.recvspace</varname> sysctl variables, have - been increased to 32K and 64K respectively. Previously, the - default for both buffer sizes was 16K. To try to avoid - increasing congestion, the default value for - <varname>net.inet.tcp.local_slowstart_flightsize</varname> has - been changed from infinity to 4. &merged; - <note> + <varname>net.inet.tcp.sendspace</varname> and + <varname>net.inet.tcp.recvspace</varname> sysctl variables, + have been increased to 32K and 64K respectively. Previously, + the default for both buffer sizes was 16K. To try to avoid + increasing congestion, the default value for + <varname>net.inet.tcp.local_slowstart_flightsize</varname> has + been changed from infinity to 4. &merged; + + <note> <para>On busy hosts, the new larger buffer sizes may require - manually increasing the - <varname>NMBCLUSTERS</varname> parameter, either in the - kernel configuration file or via the - <varname>kern.ipc.nmbclusters</varname> loader tunable. - <command>netstat -mb</command> can be used to monitor the - state of mbuf clusters.</para> + manually increasing the + <varname>NMBCLUSTERS</varname> parameter, either in the + kernel configuration file or via the + <varname>kern.ipc.nmbclusters</varname> loader tunable. + <command>netstat -mb</command> can be used to monitor the + state of mbuf clusters.</para> </note> </para> <para>TCP now supports RFC 1948 (Defending Against Sequence - Number Attacks). This functionality is controlled by the - <varname>net.inet.tcp.strict_rfc1948</varname> and - <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl - variables. &merged;</para> + Number Attacks). This functionality is controlled by the + <varname>net.inet.tcp.strict_rfc1948</varname> and + <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl + variables. &merged;</para> <para>The TCP implementation in &os; now implements a cache of - outstanding, received SYN segments. Incoming SYN segments now - cause entries to be placed in the cache until the TCP three-way - handshake is complete, at which point, memory is allocated for - the connection as usual. In addition, all TCP Initial Sequence - Numbers (ISNs) are used as cookies, allowing entries in the - cache to be dropped, but still have their corresponding ACKs - accepted later. The combination of the so-called - <quote>syncache</quote> and <quote>syncookies</quote> features - makes a host much more resistant to - TCP-based Denial of Service attacks. Work on this feature was - sponsored by DARPA and NAI Labs. &merged;</para> + outstanding, received SYN segments. Incoming SYN segments now + cause entries to be placed in the cache until the TCP + three-way handshake is complete, at which point, memory is + allocated for the connection as usual. In addition, all TCP + Initial Sequence Numbers (ISNs) are used as cookies, allowing + entries in the cache to be dropped, but still have their + corresponding ACKs accepted later. The combination of the + so-called + <quote>syncache</quote> and <quote>syncookies</quote> features + makes a host much more resistant to TCP-based Denial of + Service attacks. Work on this feature was sponsored by DARPA + and NAI Labs. &merged;</para> <para>A bug in the TCP implementation, which could cause - connections to stall if a sender saw a zero-sized window, has - been corrected. &merged;</para> + connections to stall if a sender saw a zero-sized window, has + been corrected. &merged;</para> <para>The TCP implementation now properly ignores packets - addressed to IP-layer broadcast addresses. &merged;</para> + addressed to IP-layer broadcast addresses. &merged;</para> </sect3> <sect3> <title>Disks and Storage</title> <para arch="i386">Support for the Adaptec FSA family of PCI-SCSI - RAID controllers has been added, in the form of the &man.aac.4; - driver. This driver - includes proper handling of commands initiated by the adapter, - addition/removal of disk devices, crashdump functionality, and - &man.ioctl.2; commands necessary for the management - CLI, and is fully qualified and sanctioned by Adaptec. &merged;</para> + RAID controllers has been added, in the form of the + &man.aac.4; driver. This driver includes proper handling of + commands initiated by the adapter, addition/removal of disk + devices, crashdump functionality, and &man.ioctl.2; commands + necessary for the management CLI, and is fully qualified and + sanctioned by Adaptec. &merged;</para> <para>The &man.ahc.4; driver has received numerous updates, - bugfixes, and enhancements. Among various improvements are - improved compatibility with chips in <quote>RAID Port</quote> mode - and systems with AAA and/or ARO cards installed, as well as - performance improvements. Some bugs were also fixed, including a - rare hang on Ultra2/U160 controllers. &merged;</para> + bugfixes, and enhancements. Among various improvements are + improved compatibility with chips in <quote>RAID Port</quote> + mode and systems with AAA and/or ARO cards installed, as well + as performance improvements. Some bugs were also fixed, + including a rare hang on Ultra2/U160 + controllers. &merged;</para> <para arch="i386">The &man.asr.4; driver, which provides support - for the Adaptec SCSI RAID controller family, as well as the DPT - SmartRAID V and VI families, has been added. &merged;</para> + for the Adaptec SCSI RAID controller family, as well as the + DPT SmartRAID V and VI families, has been + added. &merged;</para> - <para arch="i386">The &man.asr.4; driver now supports the Adaptec - 2000S and 2005S Zero-Channel RAID controllers. &merged;</para> + <para arch="i386">The &man.asr.4; driver now supports the + Adaptec 2000S and 2005S Zero-Channel RAID + controllers. &merged;</para> <para>The &man.ata.4; driver now has support for ATA100 - controllers. In addition, it now supports the ServerWorks ROSB4 - ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 chipsets, and - the Cyrix 5530. &merged;</para> + controllers. In addition, it now supports the ServerWorks + ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 + chipsets, and the Cyrix 5530. &merged;</para> - <para>To provide more flexible configuration, the various options for the - &man.ata.4; driver are now boot loader tunables, rather than kernel - configure-time options. &merged;</para> + <para>To provide more flexible configuration, the various + options for the &man.ata.4; driver are now boot loader + tunables, rather than kernel configure-time + options. &merged;</para> <para>The &man.ata.4; driver now has support for tagged queuing, - which is enabled by the <varname>hw.ata.tags</varname> loader - tunable. &merged;</para> + which is enabled by the <varname>hw.ata.tags</varname> loader + tunable. &merged;</para> <para>The &man.ata.4; driver now has support for ATA - <quote>pseudo</quote> RAID controllers as the Promise Fasttrak and - HighPoint HPT370 controllers. &merged;</para> + <quote>pseudo</quote> RAID controllers as the Promise Fasttrak + and HighPoint HPT370 controllers. &merged;</para> <para>The &man.ata.4; driver now supports a wider variety of SiS - chipsets, as listed in the Hardware Notes. &merged;</para> + chipsets, as listed in the Hardware Notes. &merged;</para> - <para>The BurnProof(TM) feature, for applicable ATAPI CD-ROM burners, is now - supported. &merged;</para> + <para>The BurnProof(TM) feature, for applicable ATAPI CD-ROM + burners, is now supported. &merged;</para> <para>The &man.ata.4; driver now has support for 48-bit - addressing. Devices larger than 137GB are now - supported. &merged;</para> + addressing. Devices larger than 137GB are now + supported. &merged;</para> <para>The &man.ata.4; driver now contains fixes for some data - corruption problems on systems using the VIA 82C686B Southbridge - chip. &merged;</para> + corruption problems on systems using the VIA 82C686B + Southbridge chip. &merged;</para> <para>The CAM error recovery code has been updated.</para> - <para>The &man.cd.4; driver now has support for write operations. - This allows writing to DVD-RAM, PD and similar drives that probe - as CD devices. Note that change affects only random-access - writeable devices, not sequential-only writeable devices such as - CD-R drives, which are supported by &man.cdrecord.1; (a part of - <filename role="package">sysutils/cdrtools</filename> in the Ports Collection. &merged;</para> + <para>The &man.cd.4; driver now has support for write + operations. This allows writing to DVD-RAM, PD and similar + drives that probe as CD devices. Note that change affects + only random-access writeable devices, not sequential-only + writeable devices such as CD-R drives, which are supported by + &man.cdrecord.1; (a part of + <filename role="package">sysutils/cdrtools</filename> in the + Ports Collection. &merged;</para> - <para arch="i386">The ciss driver, for devices utilizing the Common - Interface for SCSI-3 Support, has been added. This driver - supports the Compaq SmartRAID 5* family of RAID controllers - (5300, 532, 5i). &merged;</para> + <para arch="i386">The ciss driver, for devices utilizing the + Common Interface for SCSI-3 Support, has been added. This + driver supports the Compaq SmartRAID 5* family of RAID + controllers (5300, 532, 5i). &merged;</para> <para>The &man.fdc.4; floppy disk has undergone a number of - enhancements. Density selection for common settings is now - automatic; the driver is also much more flexible in setting the - densities of various subdevices.</para> + enhancements. Density selection for common settings is now + automatic; the driver is also much more flexible in setting + the densities of various subdevices.</para> - <para>The ida disk driver now has crashdump support. &merged;</para> + <para>The ida disk driver now has crashdump + support. &merged;</para> <para arch="i386">The iir driver has been added to support the - Intel Integrated RAID controllers, as well as prior ICP Vortex - controllers.</para> + Intel Integrated RAID controllers, as well as prior ICP Vortex + controllers.</para> <para arch="alpha">A bug that made certain CDROM drives fail to - attach when connected to a SCSI card driven by &man.isp.4; has - been fixed. &merged;</para> + attach when connected to a SCSI card driven by &man.isp.4; has + been fixed. &merged;</para> <para>The &man.isp.4; driver is now proactive about discovering - Fibre Channel topology changes.</para> + Fibre Channel topology changes.</para> <para>The &man.isp.4; driver now supports target mode for Qlogic - SCSI cards, including Ultra2 and Ultra3 and dual bus cards.</para> + SCSI cards, including Ultra2 and Ultra3 and dual bus + cards.</para> <para>The &man.isp.4; driver now supports the Qlogic 2300 and - 2312 Optical Fibre Channel PCI cards. &merged;</para> + 2312 Optical Fibre Channel PCI cards. &merged;</para> <para>&man.md.4;, the memory disk device, has had the - functionality of &man.vn.4; incorporated into it. &man.md.4; - devices can now be configured by &man.mdconfig.8;. &man.vn.4; has - been removed. The Memory Filesystem (MFS) has also been - removed.</para> + functionality of &man.vn.4; incorporated into it. &man.md.4; + devices can now be configured by &man.mdconfig.8;. &man.vn.4; + has been removed. The Memory Filesystem (MFS) has also been + removed.</para> <para arch="i386">The &man.mly.4; driver, for Mylex PCI to SCSI - AccelRAID and eXtremeRAID controllers with firmware 6.X and - later, has been added. &merged;</para> + AccelRAID and eXtremeRAID controllers with firmware 6.X and + later, has been added. &merged;</para> - <para arch="i386">The ncv, nsp, and stg drivers have - been ported from NetBSD/pc98. They support the NCR 53C50 / - Workbit Ninja SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI - controllers. All three drivers can be built and loaded as - modules. &merged;</para> + <para arch="i386">The ncv, nsp, and stg drivers have been ported + from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja + SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers. + All three drivers can be built and loaded as + modules. &merged;</para> <para>Some problems in &man.sa.4; error handling have been - fixed, including the <quote>tape drive spinning indefinitely - upon &man.mt.1; <option>stat</option></quote> problem.</para> + fixed, including the <quote>tape drive spinning indefinitely + upon &man.mt.1; <option>stat</option></quote> problem.</para> - <para arch="i386">The &man.twe.4; 3ware ATA RAID driver has added. &merged;</para> + <para arch="i386">The &man.twe.4; 3ware ATA RAID driver has + added. &merged;</para> - <para>The &man.vinum.4; volume manager has received some bug fixes and - enhancements.</para> + <para>The &man.vinum.4; volume manager has received some bug + fixes and enhancements.</para> <para>The &man.wd.4; compatibility devices were removed from the - &man.ata.4; driver. &merged;</para> + &man.ata.4; driver. &merged;</para> </sect3> <sect3> <title>Filesystems</title> - <para>Support for named extended attributes was added to the &os; - kernel. This allows the kernel, and appropriately privileged - userland processes, to tag files and directories with attribute - data. Extended attributes were added to support the TrustedBSD - Project, in particular ACLs, capability data, and mandatory access - control labels (see - <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for - details).</para> + <para>Support for named extended attributes was added to the + &os; kernel. This allows the kernel, and appropriately + privileged userland processes, to tag files and directories + with attribute data. Extended attributes were added to + support the TrustedBSD Project, in particular ACLs, capability + data, and mandatory access control labels (see + <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for + details).</para> - <para>Due to a licensing change, softupdates have been integrated - into the main portion of the kernel source tree. As a - consequence, softupdates are now available with the - <filename>GENERIC</filename> kernel. &merged;</para> + <para>Due to a licensing change, softupdates have been + integrated into the main portion of the kernel source tree. + As a consequence, softupdates are now available with the + <filename>GENERIC</filename> kernel. &merged;</para> <para>A filesystem snapshot capability has been added to FFS. - Details can be found in - <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> + Details can be found in + <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> <para>Softupdates for FFS have received some bug fixes and - enhancements.</para> + enhancements.</para> <para>When running with softupdates, &man.statfs.2; and - &man.df.1; will track the number of blocks and files that are - committed to being freed.</para> + &man.df.1; will track the number of blocks and files that are + committed to being freed.</para> - <para>A bug in FFS that could cause superblock corruption on very large - filesystems has been corrected. &merged;</para> + <para>A bug in FFS that could cause superblock corruption on + very large filesystems has been corrected. &merged;</para> - <para>The Inode Filesystem (IFS) has been added; more information - can be found in - <filename>/usr/src/sys/ufs/ifs/README</filename>.</para> + <para>The Inode Filesystem (IFS) has been added; more + information can be found in + <filename>/usr/src/sys/ufs/ifs/README</filename>.</para> - <para>The ISO-9660 filesystem now has a hook that supports a loadable - character conversion routine. The - <filename role="package">sysutils/cd9660_unicode</filename> port - contains a set of common conversions.</para> + <para>The ISO-9660 filesystem now has a hook that supports a + loadable character conversion routine. The + <filename role="package">sysutils/cd9660_unicode</filename> + port contains a set of common conversions.</para> <para>&man.kernfs.5; is obsolete and has been retired.</para> <para>A bug in the NFS client that caused bogus access times with - <literal>O_EXCL|O_CREAT</literal> opens was fixed. &merged;</para> + <literal>O_EXCL|O_CREAT</literal> opens was + fixed. &merged;</para> <para>A new NFS hash function (based on the Fowler/Noll/Vo hash - algorithm) has been implemented to improve NFS performance by - increasing the efficiency of the <varname>nfsnode</varname> hash - tables. &merged;</para> + algorithm) has been implemented to improve NFS performance by + increasing the efficiency of the <varname>nfsnode</varname> + hash tables. &merged;</para> <para>Client-side NFS locks have been implemented.</para> <para>The client-side and server-side of the NFS code in the - kernel used to be intertwined in various complex ways. They - have been split apart for ease of maintenance and further - development.</para> + kernel used to be intertwined in various complex ways. They + have been split apart for ease of maintenance and further + development.</para> - <para>Support for file system Access Control Lists (ACLs) has been - introduced, allowing more fine-grained control of discretionary - access control on files and directories. This support was - integrated from the TrustedBSD Project. More details can be found in - <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para> + <para>Support for file system Access Control Lists (ACLs) has + been introduced, allowing more fine-grained control of + discretionary access control on files and directories. This + support was integrated from the TrustedBSD Project. More + details can be found in + <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para> <para>The directory layout preference algorithm for FFS - (<literal>dirprefs</literal>) has been changed. Rather than - scattering directory blocks across a disk, it attempts to group - related directory blocks together. Operations traversing large - directory hierarchies, such as the &os; Ports tree, have shown - marked speedups. This change is transparent and automatic for - new directories. &merged;</para> + (<literal>dirprefs</literal>) has been changed. Rather than + scattering directory blocks across a disk, it attempts to + group related directory blocks together. Operations + traversing large directory hierarchies, such as the &os; Ports + tree, have shown marked speedups. This change is transparent + and automatic for new directories. &merged;</para> <para arch="i386">smbfs (CIFS) support in kernel has been added. - The userland programs &man.smbutil.1; and &man.mount.smbfs.8; - can be used to work with SMB shares. Note that - &man.mount.smbfs.8; will automatically load the <filename>smbfs.ko</filename> - module into the kernel, even if <literal>LIBMCHAIN</literal> and - <literal>LIBICONV</literal> were not compiled into the kernel. - &merged;</para> + The userland programs &man.smbutil.1; and &man.mount.smbfs.8; + can be used to work with SMB shares. Note that + &man.mount.smbfs.8; will automatically load the + <filename>smbfs.ko</filename> module into the kernel, even if + <literal>LIBMCHAIN</literal> and + <literal>LIBICONV</literal> were not compiled into the kernel. + &merged;</para> <para>For consistency, the fdesc, fifo, null, msdos, portal, - umap, and union filesystems have been renamed to fdescfs, - fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where - applicable, modules and mount_* programs have been - renamed. Compatibility <quote>glue</quote> has been added to - &man.mount.8; so that <literal>msdos</literal> filesystem - entries in &man.fstab.5; will work without changes.</para> + umap, and union filesystems have been renamed to fdescfs, + fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where + applicable, modules and mount_* programs have been renamed. + Compatibility <quote>glue</quote> has been added to + &man.mount.8; so that <literal>msdos</literal> filesystem + entries in &man.fstab.5; will work without changes.</para> <para>pseudofs, a pseudo-filesystem framework, has been added. - &man.linprocfs.5; and &man.procfs.5; have been modified to use pseudofs.</para> + &man.linprocfs.5; and &man.procfs.5; have been modified to use + pseudofs.</para> - <para>A simple hash-based lookup optimization for large directories - called <literal>dirhash</literal> has been added. Conditional on the - <literal>UFS_DIRHASH</literal> kernel option (enabled by default - in the <filename>GENERIC</filename> kernel), it improves the speed - of operations on very large directories at the expense of some - memory. &merged;</para> + <para>A simple hash-based lookup optimization for large + directories called <literal>dirhash</literal> has been added. + Conditional on the + <literal>UFS_DIRHASH</literal> kernel option (enabled by + default in the <filename>GENERIC</filename> kernel), it + improves the speed of operations on very large directories at + the expense of some memory. &merged;</para> <para>The virtual memory subsystem now backs UFS directory - memory requirements by default (this behavior is controlled via - the <varname>vfs.vmiodirenable</varname> sysctl variable). &merged;</para> + memory requirements by default (this behavior is controlled + via the <varname>vfs.vmiodirenable</varname> sysctl + variable). &merged;</para> <para>A bug that prevented the root filesystem from being - mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were - always supported). &merged;</para> + mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were + always supported). &merged;</para> <para>A number of bugs in the filesystem code, discovered - through the use of the <application>fsx</application> filesystem test tool, have been fixed. - Under certain circumstances (primarily related to use of NFS), - these bugs could cause data corruption or kernel panics. &merged;</para> + through the use of the <application>fsx</application> + filesystem test tool, have been fixed. Under certain + circumstances (primarily related to use of NFS), these bugs + could cause data corruption or kernel panics. &merged;</para> <para>Network filesystems (such as NFS and smbfs filesystems) - listed in <filename>/etc/fstab</filename> can now be properly - mounted during startup initialization; their mounts are deferred - until after the network is initialized.</para> + listed in <filename>/etc/fstab</filename> can now be properly + mounted during startup initialization; their mounts are + deferred until after the network is initialized.</para> </sect3> <sect3> <title>PCCARD Support</title> - <para arch="i386">The pccard driver and &man.pccardc.8; now support multiple - <quote>beep types</quote> upon card insertion and removal. &merged;</para> + <para arch="i386">The pccard driver and &man.pccardc.8; now + support multiple <quote>beep types</quote> upon card insertion + and removal. &merged;</para> <para>On many modern hosts, PCCARD devices can be configured to - route their interrupts via either the ISA or PCI interrupt paths. - The &man.pcic.4; driver has been updated to support both interrupt - paths (formerly, only routing via ISA was supported). &merged; In most - cases, configuration of PCMCIA devices in laptops is simpler and - more flexible. In addition, various Cardbus bridge PCI cards - (such as those used by Orinoco PCI NICs) are now supported. Some - hosts may experience problems, such as hangs or panics, with PCI - interrupt routing; they can frequently be made to work by forcing - the older-style ISA interrupt routing. The following lines, - placed in <filename>/boot/loader.conf</filename>, may fix the - problem:</para> + route their interrupts via either the ISA or PCI interrupt + paths. The &man.pcic.4; driver has been updated to support + both interrupt paths (formerly, only routing via ISA was + supported). &merged; In most cases, configuration of PCMCIA + devices in laptops is simpler and more flexible. In addition, + various Cardbus bridge PCI cards (such as those used by + Orinoco PCI NICs) are now supported. Some hosts may + experience problems, such as hangs or panics, with PCI + interrupt routing; they can frequently be made to work by + forcing the older-style ISA interrupt routing. The following + lines, placed in <filename>/boot/loader.conf</filename>, may + fix the problem:</para> <programlisting>hw.pcic.intr_path="1" hw.pcic.irq="0"</programlisting> - <para>When installing &os; on such a system, typing the following - lines to the boot loader may be helpful in starting up &os; for - the first time:<para> + <para>When installing &os; on such a system, typing the + following lines to the boot loader may be helpful in starting + up &os; for the first time:<para> <screen><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput> <prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen> - <para arch="i386">Preliminary Cardbus support under NEWCARD has been added. - This code supports the TI113X, TI12XX, TI125X, Ricoh 5C46/5C47, Topic - 95/97/100 and Cirrus Logic PD683X bridges. 16-bit PC Card support - is not yet functional.</para> + <para arch="i386">Preliminary Cardbus support under NEWCARD has + been added. This code supports the TI113X, TI12XX, TI125X, + Ricoh 5C46/5C47, Topic 95/97/100 and Cirrus Logic PD683X + bridges. 16-bit PC Card support is not yet functional.</para> </sect3> <sect3> <title>Multimedia Support</title> - <para arch="i386">The &man.pcm.4; driver now supports the ESS Solo 1, - Maestro-1, Maestro-2, and Maestro-2e; Forte Media fm801, ESS - Maestro-2e, and VIA Technologies VT82C686A sound card/chipsets, - and has received some other updates. - Separate drivers for the SoundBlaster 8 and SoundBlaster 16 now - replace an older, unified driver. A driver for the CMedia - CMI8338/CMI8738 sound chips has been added. A driver for the - CS4281 sound chip has been added. A driver for the S3 - SonicVibes chipset has been added. &merged;</para> - - <para arch="i386">A driver for the Avance Logic ALS4000 has - been added. &merged;</para> - - <para arch="i386">A driver for the - ESS Maestro-3/Allegro has been added, however due to licensing - restrictions, it cannot be compiled into the kernel. &merged; To - use this driver, add the following line to - <filename>/boot/loader.conf</filename>:</para> + <para arch="i386">The &man.pcm.4; driver now supports the ESS + Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media + fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound + card/chipsets, and has received some other updates. Separate + drivers for the SoundBlaster 8 and SoundBlaster 16 now replace + an older, unified driver. A driver for the CMedia + CMI8338/CMI8738 sound chips has been added. A driver for the + CS4281 sound chip has been added. A driver for the S3 + SonicVibes chipset has been added. &merged;</para> + + <para arch="i386">A driver for the Avance Logic ALS4000 has been + added. &merged;</para> + + <para arch="i386">A driver for the ESS Maestro-3/Allegro has + been added, however due to licensing restrictions, it cannot + be compiled into the kernel. &merged; To use this driver, add + the following line to + <filename>/boot/loader.conf</filename>:</para> <programlisting>snd_maestro3_load="YES"</programlisting> <para>The &man.bktr.4; driver has been updated to 2.18. This - update provides a number of new features. New tuner - types have been added, and improvements to the KLD module and to - memory allocation have been made. Bugs in &man.devfs.5; when - unloading and reloading have been fixed. - Support for new Hauppauge Model 44xxx WinTV Cards (the ones with - no audio mux) has been added. &merged;</para> + update provides a number of new features. New tuner types + have been added, and improvements to the KLD module and to + memory allocation have been made. Bugs in &man.devfs.5; when + unloading and reloading have been fixed. Support for new + Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux) + has been added. &merged;</para> <para>When sound modules are built, one can now load all the - drivers and infrastructure by <command>kldload - snd</command>. &merged;</para> + drivers and infrastructure by <command>kldload + snd</command>. &merged;</para> <para>A new API has been added for sound cards with hardware - volume control.</para> + volume control.</para> - <para arch="i386">A driver for the Intel 443MX, 810, 815, and 815E - integrated sound devices has been added.</para> + <para arch="i386">A driver for the Intel 443MX, 810, 815, and + 815E integrated sound devices has been added.</para> </sect3> @@ -1198,105 +1244,107 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> <title>Contributed Software</title> <para>The Forth Inspired Command Language - (<application>FICL</application>) used in the boot loader has - been updated to 2.05.</para> + (<application>FICL</application>) used in the boot loader has + been updated to 2.05.</para> <para>Support for Advanced Configuration and Power Interface - (ACPI), a multi-vendor standard for configuration and power - management, has been added. This functionality has been - provided by the <application>Intel ACPI Component - Architecture</application> project, as of the ACPI CA - 20020214 snapshot. Some backward compatability for - applications using the older APM standard has been provided.</para> + (ACPI), a multi-vendor standard for configuration and power + management, has been added. This functionality has been + provided by the <application>Intel ACPI Component + Architecture</application> project, as of the ACPI CA 20020214 + snapshot. Some backward compatability for applications using + the older APM standard has been provided.</para> <sect4> - <title>IPFilter</title> + <title>IPFilter</title> <para><application>IPFilter</application> has been updated to - 3.4.20. &merged;</para> + 3.4.20. &merged;</para> <para><application>IPFilter</application> now supports - IPv6. &merged;</para> + IPv6. &merged;</para> </sect4> <sect4 arch="i386"> - <title>isdn4bsd</title> + <title>isdn4bsd</title> <para><application>isdn4bsd</application> has been updated to - version 1.0.1. As a result of this update, users of the - &man.i4bisppp.4; (kernel PPP over ISDN) driver - <emphasis>must</emphasis> now use &man.ispppcontrol.8; instead - of &man.spppcontrol.8; to configure and control these - network interfaces. &merged;</para> + version 1.0.1. As a result of this update, users of the + &man.i4bisppp.4; (kernel PPP over ISDN) driver + <emphasis>must</emphasis> now use &man.ispppcontrol.8; + instead of &man.spppcontrol.8; to configure and control these + network interfaces. &merged;</para> <para>The &man.ifpi.4; driver for supporting the AVM - Fritz!Card PCI version 2 controller has been added.</para> + Fritz!Card PCI version 2 controller has been added.</para> <para>The &man.ihfc.4; driver for supporting Cologne Chip - Designs HFC devices under <application>isdn4bsd</application> - has been added. &merged;</para> + Designs HFC devices under + <application>isdn4bsd</application> has been + added. &merged;</para> - <para>The &man.itjc.4; driver for supporting NETjet-S / Teles - PCI-TJ devices under <application>isdn4bsd</application> has - been added. &merged;</para> + <para>The &man.itjc.4; driver for supporting NETjet-S / Teles + PCI-TJ devices under <application>isdn4bsd</application> has + been added. &merged;</para> - <para>Experimental support for the Eicon.Diehl DIVA 2.0 and - 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; - <application>isdn4bsd</application> driver. &merged;</para> + <para>Experimental support for the Eicon.Diehl DIVA 2.0 and + 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; + <application>isdn4bsd</application> driver. &merged;</para> <para>The &man.isic.4; driver now supports the Compaq Microcom - 610 ISDN ISA PnP card. &merged;</para> + 610 ISDN ISA PnP card. &merged;</para> <para>Active CAPI-based ISDN cards manufactured by AVM are now - supported using the &man.i4bcapi.4; and the &man.iavc.4; driver. The - supported cards are the AVM B1 PCI and AVM B1 ISA Basic Rate - cards and the AVM T1 Primary Rate cards. &merged;</para> + supported using the &man.i4bcapi.4; and the &man.iavc.4; + driver. The supported cards are the AVM B1 PCI and AVM B1 + ISA Basic Rate cards and the AVM T1 Primary Rate + cards. &merged;</para> <para>A new <literal>maxconnecttime</literal> keyword is now - accepted in &man.isdnd.rc.5; files to limit the time a - connection may remain open. &merged;</para> + accepted in &man.isdnd.rc.5; files to limit the time a + connection may remain open. &merged;</para> - <para>&man.isdnphone.8; now supports a <option>-k</option> option for - sending messages via the keypad facility to a PBX or exchange - office. &merged;</para> + <para>&man.isdnphone.8; now supports a <option>-k</option> + option for sending messages via the keypad facility to a PBX + or exchange office. &merged;</para> </sect4> <sect4 id="kame-kernel"> - <title>KAME</title> + <title>KAME</title> - <para>The IPv6 stack is now based on a snapshot based on the KAME - Project's IPv6 snapshot as of 28 May, 2001. Most of the - items listed in this section are a result of this import. - <xref linkend="kame-userland"> lists userland updates to the - KAME IPv6 stack. &merged;</para> + <para>The IPv6 stack is now based on a snapshot based on the + KAME Project's IPv6 snapshot as of 28 May, 2001. Most of + the items listed in this section are a result of this + import. <xref linkend="kame-userland"> lists userland + updates to the KAME IPv6 stack. &merged;</para> - <para>&man.gif.4; is now based on RFC 2893, rather than RFC - 1933. The <literal>IFF_LINK2</literal> interface flag can - be used to control ingress filtering. &merged;</para> + <para>&man.gif.4; is now based on RFC 2893, rather than RFC + 1933. The <literal>IFF_LINK2</literal> interface flag can + be used to control ingress filtering. &merged;</para> <para><application>IPSec</application> has received some - enhancements, including the ability to use the Rijndael and - SHA2 algorithms. IPSec RC5 support has been removed due to - patent issues. &merged;</para> + enhancements, including the ability to use the Rijndael and + SHA2 algorithms. IPSec RC5 support has been removed due to + patent issues. &merged;</para> <para>&man.stf.4; now conforms to RFC 3056; the - <literal>IFF_LINK2</literal> interface flag can be used to - control ingress filtering. &merged;</para> + <literal>IFF_LINK2</literal> interface flag can be used to + control ingress filtering. &merged;</para> <para>IPv6 has better checking of illegal addresses (such as - loopback addresses) on physical networks. &merged;</para> + loopback addresses) on physical networks. &merged;</para> - <para>The <varname>IPV6_V6ONLY</varname> socket option is - now completely supported. The kernel's default behavior - with respect to this option is controlled by the - <varname>net.inet6.ip6.v6only</varname> sysctl - variable. &merged;</para> + <para>The <varname>IPV6_V6ONLY</varname> socket option is now + completely supported. The kernel's default behavior with + respect to this option is controlled by the + <varname>net.inet6.ip6.v6only</varname> sysctl + variable. &merged;</para> <para>RFC 3041 (Privacy Extensions for Stateless Address - Autoconfiguration) is now supported. It can be enabled via - the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl - variable. &merged;</para> + Autoconfiguration) is now supported. It can be enabled via + the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl + variable. &merged;</para> </sect4> </sect3> </sect2> @@ -1304,1566 +1352,1640 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> <title>Security-Related Changes</title> <para>&man.sysinstall.8; now allows the user to select one of two - <quote>security profiles</quote> at install-time. These profiles enable - different levels of system security by enabling or disabling - various system services in &man.rc.conf.5; on new - installs. &merged;</para> + <quote>security profiles</quote> at install-time. These + profiles enable different levels of system security by enabling + or disabling various system services in &man.rc.conf.5; on new + installs. &merged;</para> <para>A bug in which malformed ELF executable images can hang the - system has been fixed (see security advisory - FreeBSD-SA-00:41). &merged;</para> + system has been fixed (see security advisory + FreeBSD-SA-00:41). &merged;</para> <para>A security hole in Linux emulation was fixed (see security - advisory FreeBSD-SA-00:42). &merged;</para> + advisory FreeBSD-SA-00:42). &merged;</para> <para>String-handling library calls in many programs were fixed to - reduce the possibility of buffer overflow-related exploits. - &merged;</para> + reduce the possibility of buffer overflow-related exploits. + &merged;</para> - <para>TCP now uses stronger randomness in choosing its initial sequence - numbers (see security advisory FreeBSD-SA-00:52). &merged;</para> + <para>TCP now uses stronger randomness in choosing its initial + sequence numbers (see security advisory + FreeBSD-SA-00:52). &merged;</para> <para>Several buffer overflows in &man.tcpdump.1; were corrected - (see security advisory FreeBSD-SA-00:61). &merged;</para> + (see security advisory FreeBSD-SA-00:61). &merged;</para> - <para>A security hole in &man.top.1; was corrected (see security advisory - FreeBSD-SA-00:62). &merged;</para> + <para>A security hole in &man.top.1; was corrected (see security + advisory FreeBSD-SA-00:62). &merged;</para> <para>A potential security hole caused by an off-by-one-error in - &man.gethostbyname.3; has been fixed (see security advisory - FreeBSD-SA-00:63). &merged;</para> + &man.gethostbyname.3; has been fixed (see security advisory + FreeBSD-SA-00:63). &merged;</para> <para>A potential buffer overflow in the &man.ncurses.3; library, - which could cause arbitrary code to be run from within - &man.systat.1;, has been corrected (see security advisory - FreeBSD-SA-00:68). &merged;</para> + which could cause arbitrary code to be run from within + &man.systat.1;, has been corrected (see security advisory + FreeBSD-SA-00:68). &merged;</para> <para>A vulnerability in &man.telnetd.8; that could cause it to - consume large amounts of server resources has been fixed (see - security advisory FreeBSD-SA-00:69). &merged;</para> + consume large amounts of server resources has been fixed (see + security advisory FreeBSD-SA-00:69). &merged;</para> <para>The <literal>nat deny_incoming</literal> command in - &man.ppp.8; now works correctly (see security advisory - FreeBSD-SA-00:70). &merged;</para> + &man.ppp.8; now works correctly (see security advisory + FreeBSD-SA-00:70). &merged;</para> <para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files - that could allow overwriting of arbitrary user-writable files has - been closed (see security advisory FreeBSD-SA-00:76). &merged;</para> + that could allow overwriting of arbitrary user-writable files + has been closed (see security advisory + FreeBSD-SA-00:76). &merged;</para> <para>The &man.ssh.1; binary is no longer SUID root by - default. &merged;</para> + default. &merged;</para> - <para>Some fixes were applied to the Kerberos - IV implementation related to environment variables, a - possible buffer overrun, and overwriting ticket files. &merged;</para> + <para>Some fixes were applied to the Kerberos IV implementation + related to environment variables, a possible buffer overrun, and + overwriting ticket files. &merged;</para> <para>&man.telnet.1; now does a better job of sanitizing its - environment. &merged;</para> + environment. &merged;</para> <para>Several vulnerabilities in &man.procfs.5; were fixed (see - security advisory FreeBSD-SA-00:77). &merged;</para> + security advisory FreeBSD-SA-00:77). &merged;</para> <para>A bug in <application>OpenSSH</application> in which a - server was unable to disable &man.ssh-agent.1; or - <literal>X11Forwarding</literal> was fixed (see security advisory - FreeBSD-SA-01:01). &merged;</para> + server was unable to disable &man.ssh-agent.1; or + <literal>X11Forwarding</literal> was fixed (see security + advisory FreeBSD-SA-01:01). &merged;</para> <para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP - segments could incorrectly be treated as being part of an - <literal>established</literal> connection has been fixed (see - security advisory FreeBSD-SA-01:08). &merged;</para> - + segments could incorrectly be treated as being part of an + <literal>established</literal> connection has been fixed (see + security advisory FreeBSD-SA-01:08). &merged;</para> + <para>A bug in &man.crontab.1; that could allow users to read any - file on the system in valid &man.crontab.5; syntax has been fixed - (see security advisory FreeBSD-SA-01:09). &merged;</para> + file on the system in valid &man.crontab.5; syntax has been + fixed (see security advisory FreeBSD-SA-01:09). &merged;</para> <para>A vulnerability in &man.inetd.8; that could allow - read-access to the initial 16 bytes of - <groupname>wheel</groupname>-accessible files has been fixed (see security - advisory FreeBSD-SA-01:11). &merged;</para> + read-access to the initial 16 bytes of + <groupname>wheel</groupname>-accessible files has been fixed + (see security advisory FreeBSD-SA-01:11). &merged;</para> - <para>A bug in &man.periodic.8; that used insecure temporary files has been - corrected (see security advisory FreeBSD-SA-01:12). &merged;</para> + <para>A bug in &man.periodic.8; that used insecure temporary files + has been corrected (see security advisory + FreeBSD-SA-01:12). &merged;</para> <para>A bug in &man.sort.1; in which an attacker might be able to - cause it to abort processing has been fixed (see security advisory - FreeBSD-SA-01:13). &merged;</para> + cause it to abort processing has been fixed (see security + advisory FreeBSD-SA-01:13). &merged;</para> <para><application>OpenSSH</application> now has code to prevent - (instead of just mitigating through connection limits) an attack - that can lead to guessing the server key (not host key) by - regenerating the server key when an RSA failure is detected (see - security advisory FreeBSD-SA-01:24). &merged;</para> + (instead of just mitigating through connection limits) an attack + that can lead to guessing the server key (not host key) by + regenerating the server key when an RSA failure is detected (see + security advisory FreeBSD-SA-01:24). &merged;</para> <para>A number of programs have had output formatting strings - corrected so as to reduce the risk of vulnerabilities. &merged;</para> + corrected so as to reduce the risk of + vulnerabilities. &merged;</para> <para>A number of programs that use temporary files now do so more - securely. &merged;</para> + securely. &merged;</para> <para>A bug in ICMP that could cause an attacker to disrupt TCP and UDP - <quote>sessions</quote> has been corrected. &merged;</para> + <quote>sessions</quote> has been corrected. &merged;</para> <para>A bug in &man.timed.8;, which caused it to crash if send - certain malformed packets, has been corrected (see security - advisory FreeBSD-SA-01:28). &merged;</para> + certain malformed packets, has been corrected (see security + advisory FreeBSD-SA-01:28). &merged;</para> <para>A bug in &man.rwhod.8;, which caused it to crash if send - certain malformed packets, has been corrected (see security - advisory FreeBSD-SA-01:29). &merged;</para> + certain malformed packets, has been corrected (see security + advisory FreeBSD-SA-01:29). &merged;</para> <para>A security hole in &os;'s FFS and EXT2FS implementations, - which allowed a race condition that could cause users to have - unauthorized access to data, has been fixed (see security advisory - FreeBSD-SA-01:30). &merged;</para> + which allowed a race condition that could cause users to have + unauthorized access to data, has been fixed (see security + advisory FreeBSD-SA-01:30). &merged;</para> <para>A remotely-exploitable vulnerability in &man.ntpd.8; has - been closed (see security advisory FreeBSD-SA-01:31). &merged;</para> + been closed (see security advisory + FreeBSD-SA-01:31). &merged;</para> - <para>A security hole in <application>IPFilter</application>'s - fragment cache has been closed (see - security advisory FreeBSD-SA-01:32). &merged;</para> + <para>A security hole in <application>IPFilter</application>'s + fragment cache has been closed (see security advisory + FreeBSD-SA-01:32). &merged;</para> <para>Buffer overflows in &man.glob.3;, which could cause - arbitrary code to be run on an FTP server, have been closed. In - addition, to prevent some forms of DOS attacks, &man.glob.3; - allows specification of a limit on the number of pathname matches - it will return. &man.ftpd.8; now uses this feature (see security - advisory FreeBSD-SA-01:33). &merged;</para> + arbitrary code to be run on an FTP server, have been closed. In + addition, to prevent some forms of DOS attacks, &man.glob.3; + allows specification of a limit on the number of pathname + matches it will return. &man.ftpd.8; now uses this feature (see + security advisory FreeBSD-SA-01:33). &merged;</para> <para>Initial sequence numbers in TCP are more thoroughly - randomized (see security advisory FreeBSD-SA-01:39). Due to some - possible compatibility issues, the behavior of this security fix - can be enabled or disabled via the - <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl - variable.&merged;</para> + randomized (see security advisory FreeBSD-SA-01:39). Due to + some possible compatibility issues, the behavior of this + security fix can be enabled or disabled via the + <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl + variable.&merged;</para> <para>A vulnerability in the &man.fts.3; routines (used by - applications for recursively traversing a filesystem) could - allow a program to operate on files outside the intended directory - hierarchy. This bug has been fixed (see security advisory - FreeBSD-SA-01:40). &merged;</para> + applications for recursively traversing a filesystem) could + allow a program to operate on files outside the intended + directory hierarchy. This bug has been fixed (see security + advisory FreeBSD-SA-01:40). &merged;</para> <para>&os;'s TCP implementation has been made more resistant to - SYN floods, by eliminating the RST segment normally sent when - removing a connection from the listen queue.</para> + SYN floods, by eliminating the RST segment normally sent when + removing a connection from the listen queue.</para> <para><application>OpenSSH</application> now switches to the - user's UID before attempting to unlink the authentication - forwarding file, nullifying the effects of a race.</para> + user's UID before attempting to unlink the authentication + forwarding file, nullifying the effects of a race.</para> <para>A flaw allowed some signal handlers to remain in effect in a - child process after being exec-ed from its parent. This allowed - an attacker to execute arbitrary code in the context of a setuid - binary. This flaw has been corrected (see security advisory - FreeBSD-SA-01:42). &merged;</para> + child process after being exec-ed from its parent. This allowed + an attacker to execute arbitrary code in the context of a setuid + binary. This flaw has been corrected (see security advisory + FreeBSD-SA-01:42). &merged;</para> <para>A remote buffer overflow in &man.tcpdump.1; has been fixed - (see security advisory FreeBSD-SA-01:48). &merged;</para> + (see security advisory FreeBSD-SA-01:48). &merged;</para> - <para>A remote buffer overflow in &man.telnetd.8; has been - fixed (see security advisory FreeBSD-SA-01:49). &merged;</para> + <para>A remote buffer overflow in &man.telnetd.8; has been fixed + (see security advisory FreeBSD-SA-01:49). &merged;</para> - <para>The new <varname>net.inet.ip.maxfragpackets</varname> - and <varname>net.inet.ip6.maxfragpackets</varname> sysctl - variables limit the amount of memory that can be consumed by IPv4 - and IPv6 packet fragments, which defends against some denial of service - attacks (see security advisory FreeBSD-SA-01:52). &merged;</para> + <para>The new <varname>net.inet.ip.maxfragpackets</varname> and + <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables + limit the amount of memory that can be consumed by IPv4 and IPv6 + packet fragments, which defends against some denial of service + attacks (see security advisory + FreeBSD-SA-01:52). &merged;</para> <para>All services in <filename>inetd.conf</filename> are now - disabled by default for new installations. &man.sysinstall.8; - gives the option of enabling or disabling &man.inetd.8; on new - installations, as well as editing - <filename>inetd.conf</filename>. &merged;</para> + disabled by default for new installations. &man.sysinstall.8; + gives the option of enabling or disabling &man.inetd.8; on new + installations, as well as editing + <filename>inetd.conf</filename>. &merged;</para> <para>A flaw in the implementation of the &man.ipfw.8; - <literal>me</literal> rules on point-to-point links has been - corrected. Formerly, <literal>me</literal> filter rules would - match the remote IP address of a point-to-point interface in - addition to the intended local IP address (see security advisory - FreeBSD-SA-01:53). &merged;</para> + <literal>me</literal> rules on point-to-point links has been + corrected. Formerly, <literal>me</literal> filter rules would + match the remote IP address of a point-to-point interface in + addition to the intended local IP address (see security advisory + FreeBSD-SA-01:53). &merged;</para> <para>A vulnerability in &man.procfs.5;, which could allow a - process to read sensitive information from another process's - memory space, has been closed (see security advisory - FreeBSD-SA-01:55). &merged;</para> + process to read sensitive information from another process's + memory space, has been closed (see security advisory + FreeBSD-SA-01:55). &merged;</para> <para>The <literal>PARANOID</literal> hostname checking in - <application>tcp_wrappers</application> now works as advertised - (see security advisory FreeBSD-SA-01:56). &merged;</para> + <application>tcp_wrappers</application> now works as advertised + (see security advisory FreeBSD-SA-01:56). &merged;</para> <para>A local root exploit in &man.sendmail.8; has been closed - (see security advisory FreeBSD-SA-01:57). &merged;</para> - + (see security advisory FreeBSD-SA-01:57). &merged;</para> + <para>A remote root vulnerability in &man.lpd.8; has been closed - (see security advisory FreeBSD-SA-01:58). &merged;</para> + (see security advisory FreeBSD-SA-01:58). &merged;</para> <para>A race condition in &man.rmuser.8; that briefly exposed a - world-readable <filename>/etc/master.passwd</filename> has been - fixed (see security advisory FreeBSD-SA-01:59). &merged;</para> + world-readable <filename>/etc/master.passwd</filename> has been + fixed (see security advisory FreeBSD-SA-01:59). &merged;</para> <para>A vulnerability in <application>UUCP</application> has been - closed (see security advisory FreeBSD-SA-01:62). - All non-<username>root</username>-owned binaries in standard - system paths now have the <literal>schg</literal> flag set to - prevent exploit vectors when run by &man.cron.8;, by - <username>root</username>, or by a user other then the one owning - the binary. In addition, &man.uustat.1; is now run via - <filename>/etc/periodic/daily/410.status-uucp</filename> as - <username>uucp</username>, not <username>root</username>. - In &os; -CURRENT, <application>UUCP</application> has since been moved - to the Ports Collection and no longer a part of the base - system. &merged;</para> + closed (see security advisory FreeBSD-SA-01:62). All + non-<username>root</username>-owned binaries in standard system + paths now have the <literal>schg</literal> flag set to prevent + exploit vectors when run by &man.cron.8;, by + <username>root</username>, or by a user other then the one owning + the binary. In addition, &man.uustat.1; is now run via + <filename>/etc/periodic/daily/410.status-uucp</filename> as + <username>uucp</username>, not <username>root</username>. In + &os; -CURRENT, <application>UUCP</application> has since been + moved to the Ports Collection and no longer a part of the base + system. &merged;</para> <para>A security hole in the form of a buffer overflow in the - &man.semop.2; system call has been closed. &merged;</para> + &man.semop.2; system call has been closed. &merged;</para> - <para>A security hole in <application>OpenSSH</application>, - which could allow users to execute code with arbitrary privileges - if <literal>UseLogin yes</literal> was set, has been - closed. Note that the default value of this setting is - <literal>UseLogin no</literal>. (See security advisory - FreeBSD-SA-01:63.) &merged;</para> + <para>A security hole in <application>OpenSSH</application>, which + could allow users to execute code with arbitrary privileges if + <literal>UseLogin yes</literal> was set, has been closed. Note + that the default value of this setting is + <literal>UseLogin no</literal>. (See security advisory + FreeBSD-SA-01:63.) &merged;</para> <para>The use of an insecure temporary directory by - &man.pkg.add.1; could permit a local attacker to modify the - contents of binary packages while they were being installed. - This hole has been closed. (See security advisory - FreeBSD-SA-02:01.) &merged;</para> + &man.pkg.add.1; could permit a local attacker to modify the + contents of binary packages while they were being installed. + This hole has been closed. (See security advisory + FreeBSD-SA-02:01.) &merged;</para> <para>A race condition in &man.pw.8;, which could expose the - contents of <filename>/etc/master.passwd</filename>, has been - eliminated. (See security advisory FreeBSD-SA-02:02.) &merged;</para> + contents of <filename>/etc/master.passwd</filename>, has been + eliminated. (See security advisory FreeBSD-SA-02:02.) + &merged;</para> <para>A bug in &man.k5su.8; could have allowed a process that had - given up superuser privileges to regain them. This bug has been - fixed. (See security advisory FreeBSD-SA-02:07.) &merged;</para> + given up superuser privileges to regain them. This bug has been + fixed. (See security advisory FreeBSD-SA-02:07.) + &merged;</para> </sect2> <sect2 id="userland"> <title>Userland Changes</title> <para>If the first argument to &man.ancontrol.8; or - &man.wicontrol.8; doesn't start with a <literal>-</literal>, it is - assumed to be an interface.</para> + &man.wicontrol.8; doesn't start with a <literal>-</literal>, it + is assumed to be an interface.</para> - <para>&man.apmd.8; now has the ability to monitor battery levels and - execute commands based on percentage or minutes of battery life - remaining via the <literal>apm_battery</literal> configuration - directive. See the commented-out examples in - <filename>/etc/apmd.conf</filename> for the syntax. &merged;</para> + <para>&man.apmd.8; now has the ability to monitor battery levels + and execute commands based on percentage or minutes of battery + life remaining via the <literal>apm_battery</literal> + configuration directive. See the commented-out examples in + <filename>/etc/apmd.conf</filename> for the + syntax. &merged;</para> <para>&man.arp.8; now prints the applicable interface name for - each ARP entry. &merged</para> + each ARP entry. &merged</para> <para>&man.arp.8; now prints <literal>[fddi]</literal> or - <literal>[atm]</literal> tags for addresses on interfaces of those - types.</para> + <literal>[atm]</literal> tags for addresses on interfaces of + those types.</para> <para>&man.atacontrol.8; has been added to control various aspects - of the &man.ata.4; driver.</para> + of the &man.ata.4; driver.</para> - <para arch="i386">&man.boot98cfg.8;, a PC-98 boot manager installation and - configuration utility, has been added. &merged;</para> + <para arch="i386">&man.boot98cfg.8;, a PC-98 boot manager + installation and configuration utility, has been + added. &merged;</para> <para>&man.burncd.8; now supports a <option>-m</option> option for - multisession mode (the default behavior now is to close disks as - single-session). A <option>-l</option> option to take a list of - image files from a filename was also added; <filename>-</filename> - can be used as a filename for <literal>stdin</literal>. &merged;</para> + multisession mode (the default behavior now is to close disks as + single-session). A <option>-l</option> option to take a list of + image files from a filename was also added; + <filename>-</filename> can be used as a filename for + <literal>stdin</literal>. &merged;</para> <para>&man.burncd.8; now supports Disk At Once (DAO) mode, - selectable via the <option>-d</option> flag.</para> + selectable via the <option>-d</option> flag.</para> <para>&man.burncd.8; now has the ability to write VCDs/SVCDs.</para> <para>&man.c89.1; has been converted from a shell script to a - binary executable, fixing some minor bugs. &merged;</para> + binary executable, fixing some minor bugs. &merged;</para> <para arch="i386">A minimalized version of &man.camcontrol.8; is - now available on the installation floppy. This allows it to - rescan for devices that have been connected after booting, or to - show the devices attached to SCSI busses (e. g. from within the - <quote>emergency holographic shell</quote>). &merged;</para> + now available on the installation floppy. This allows it to + rescan for devices that have been connected after booting, or to + show the devices attached to SCSI busses (e. g. from within the + <quote>emergency holographic shell</quote>). &merged;</para> <para>&man.cat.1; now has the ability to read from UNIX-domain - sockets. &merged;</para> + sockets. &merged;</para> <para>&man.cdcontrol.1; now supports a <literal>cdid</literal> - command, which calculates and displays the CD serial number, using - the same algorithm used by the CDDB database. &merged;</para> + command, which calculates and displays the CD serial number, + using the same algorithm used by the CDDB + database. &merged;</para> <para>&man.cdcontrol.1; now uses the <envar>CDROM</envar> - environment variable to pick a default device. &merged;</para> + environment variable to pick a default device. &merged;</para> <para>&man.cdcontrol.1; now supports <literal>next</literal> and - <literal>prev</literal> commands to skip forwards or backwards a - specified number of tracks while playing an audio CD. &merged;</para> + <literal>prev</literal> commands to skip forwards or backwards a + specified number of tracks while playing an audio + CD. &merged;</para> <para>&man.chflags.1; has moved from <filename>/usr/bin</filename> - to <filename>/bin</filename>.</para> + to <filename>/bin</filename>.</para> <para>&man.chio.1; now has the ability to specify elements by - volume tag instead of by their physical location as well as the - ability to return an element to its previous location. &merged;</para> + volume tag instead of by their physical location as well as the + ability to return an element to its previous + location. &merged;</para> <para>&man.chmod.1; now supports a <option>-h</option> for - changing the mode of a symbolic link.</para> + changing the mode of a symbolic link.</para> <para>&man.chown.8; now correctly follows symbolic links named as - command line arguments if run without <option>-R</option>. &merged;</para> + command line arguments if run without + <option>-R</option>. &merged;</para> <para>&man.chown.8; no longer takes <literal>.</literal> as a - user/group delimeter. This change was made to support usernames - containing a <literal>.</literal>.</para> + user/group delimeter. This change was made to support usernames + containing a <literal>.</literal>.</para> <para>Use of the <literal>CSMG_*</literal> macros no longer - require inclusion of - <filename><sys/param.h></filename></para> + require inclusion of + <filename><sys/param.h></filename></para> - <para>&man.col.1; now takes a <option>-p</option> flag to force unknown - control sequences to be passed through unchanged. &merged;</para> + <para>&man.col.1; now takes a <option>-p</option> flag to force + unknown control sequences to be passed through + unchanged. &merged;</para> - <para>The - <filename>compat3x</filename> distribution has been updated to - include libraries present in &os; 3.5.1-RELEASE. &merged;</para> + <para>The <filename>compat3x</filename> distribution has been + updated to include libraries present in &os; + 3.5.1-RELEASE. &merged;</para> <para>A <filename>compat4x</filename> distribution has been added - for compatibility with &os; 4-STABLE.</para> + for compatibility with &os; 4-STABLE.</para> - <para>&man.config.8; is now better about converting various - warnings that should - have been errors into actual fatal errors with an exit code. This - ensures that <literal>make buildkernel</literal> - doesn't quietly ignore them and - build a bogus kernel without a human to read the errors. &merged;</para> + <para>&man.config.8; is now better about converting various + warnings that should have been errors into actual fatal errors + with an exit code. This ensures that <literal>make + buildkernel</literal> doesn't quietly ignore them and build a + bogus kernel without a human to read the errors. &merged;</para> <para>A number of buffer overflows in &man.config.8; have been - fixed. &merged;</para> + fixed. &merged;</para> <para>The &man.daemon.8; program, a command-line interface to - &man.daemon.3;, has been added. It detaches itself from its - controlling terminal and executes a program specified on the command - line. This allows the user to run an arbitrary program as if it were - written to be a daemon.</para> + &man.daemon.3;, has been added. It detaches itself from its + controlling terminal and executes a program specified on the + command line. This allows the user to run an arbitrary program + as if it were written to be a daemon.</para> - <para>devinfo, a simple tool to print the device tree and resource usage by - devices, has been added.</para> + <para>devinfo, a simple tool to print the device tree and resource + usage by devices, has been added.</para> <para>&man.df.1; now takes a <option>-l</option> option to only - display information about locally-mounted filesystems. &merged;</para> + display information about locally-mounted + filesystems. &merged;</para> <para>&man.disklabel.8; now supports partition sizes expressed in - kilobytes, megabytes, or gigabytes, in addition to sectors. &merged;</para> + kilobytes, megabytes, or gigabytes, in addition to + sectors. &merged;</para> <para>&man.dmesg.8; now has a <option>-a</option> option to show - the entire message buffer, including &man.syslogd.8; records and - <filename>/dev/console</filename> output. &merged;</para> + the entire message buffer, including &man.syslogd.8; records and + <filename>/dev/console</filename> output. &merged;</para> <para>&man.du.1; now takes a <option>-I</option> command-line flag - to ignore/skip files and subdirectories matching a specified - shell-glob mask. &merged;</para> + to ignore/skip files and subdirectories matching a specified + shell-glob mask. &merged;</para> <para>&man.dump.8; now supports inheritance of the - <literal>nodump</literal> flag down a hierarchy. &merged;</para> + <literal>nodump</literal> flag down a hierarchy. &merged;</para> - <para>The <option>-T</option> option to &man.dump.8; no longer swallows - an extra argument. &merged;</para> + <para>The <option>-T</option> option to &man.dump.8; no longer + swallows an extra argument. &merged;</para> <para>&man.dump.8; has a new <option>-D</option> option, allowing - the path to the <filename>/etc/dumpdates</filename> file to be - changed. &merged;</para> + the path to the <filename>/etc/dumpdates</filename> file to be + changed. &merged;</para> <para>&man.dump.8; now supplies progress information in its - process title, useful for monitoring automated backups. &merged;</para> + process title, useful for monitoring automated + backups. &merged;</para> <para>&man.edquota.8; now takes a <option>-f</option> option to - allow limiting the prototype quota distribution (specified with - <option>-p</option>) to a single filesystem. &merged;</para> + allow limiting the prototype quota distribution (specified with + <option>-p</option>) to a single filesystem. &merged;</para> <para>The functionality of <filename>/etc/security</filename> has - been been moved into a set of scripts under the &man.periodic.8; - framework, to make local customization easier and more - maintainable. These scripts now reside in - <filename>/etc/periodic/security/</filename>. &merged;</para> + been been moved into a set of scripts under the &man.periodic.8; + framework, to make local customization easier and more + maintainable. These scripts now reside in + <filename>/etc/periodic/security/</filename>. &merged;</para> <para>&man.fbtab.5; now accepts glob matching patterns for target - devices, not just individual devices and directories.</para> + devices, not just individual devices and directories.</para> - <para arch="i386">&man.fdisk.8; no longer attempts to search for - a device if none has been specified on the command line, but - instead tries to figure out the default device name from the - root device.</para> + <para arch="i386">&man.fdisk.8; no longer attempts to search for a + device if none has been specified on the command line, but + instead tries to figure out the default device name from the + root device.</para> <para>&man.fdread.1;, a program to read data from floppy disks, - has been added. It is a counterpart to &man.fdwrite.1; and is - designed to provide a means of recovering at least some data from - bad media, and to obviate for a complex invocation of - &man.dd.1;.</para> + has been added. It is a counterpart to &man.fdwrite.1; and is + designed to provide a means of recovering at least some data + from bad media, and to obviate for a complex invocation of + &man.dd.1;.</para> <para>&man.find.1; now takes the <option>-empty</option> flag, - which returns true if a file or directory is empty. &merged;</para> + which returns true if a file or directory is + empty. &merged;</para> <para>&man.find.1; now takes the <option>-iname</option> and - <option>-ipath</option> primaries for case-insensitive matches, - and the <option>-regexp</option> and <option>-iregexp</option> - primaries for regular-expression matches. The <option>-E</option> - flag now enables extended regular expressions. &merged;</para> + <option>-ipath</option> primaries for case-insensitive matches, + and the <option>-regexp</option> and <option>-iregexp</option> + primaries for regular-expression matches. The + <option>-E</option> flag now enables extended regular + expressions. &merged;</para> <para>&man.find.1; now has the <option>-anewer</option>, - <option>-cnewer</option>, <option>-mnewer</option>, - <option>-okdir</option>, and <option>-newer[acm][acmt]</option> - primaries for comparisons of file timestamps. The latter - primaries can be specified with various units of time. &merged;</para> + <option>-cnewer</option>, <option>-mnewer</option>, + <option>-okdir</option>, and <option>-newer[acm][acmt]</option> + primaries for comparisons of file timestamps. The latter + primaries can be specified with various units of + time. &merged;</para> <para>&man.finger.1; now has the ability to support fingering - aliases, via the &man.finger.conf.5; file. &merged;</para> + aliases, via the &man.finger.conf.5; file. &merged;</para> <para>&man.finger.1; now has support for a - <filename>.pubkey</filename> file.</para> + <filename>.pubkey</filename> file.</para> <para>&man.fmt.1; has been rewritten; the rewrite fixes a number - of bugs compared to its prior behavior. &merged;</para> + of bugs compared to its prior behavior. &merged;</para> <para>&man.fmtcheck.3;, a function for checking consistency of - format string arguments, has been added. &merged;</para> + format string arguments, has been added. &merged;</para> <para>&man.fsck.8; wrappers have been imported; this feature - provides infrastructure for &man.fsck.8; to work on different - types of filesystems (analogous to &man.mount.8;).</para> + provides infrastructure for &man.fsck.8; to work on different + types of filesystems (analogous to &man.mount.8;).</para> <para>The behavior of &man.fsck.8; when dealing with various - passes (a la <filename>/etc/fstab</filename>) has been modified to - accommodate multiple-disk filesystems.</para> + passes (a la <filename>/etc/fstab</filename>) has been modified + to accommodate multiple-disk filesystems.</para> <para>&man.fsck.8; now has support for foreground - (<option>-F</option>) and background (<option>-B</option>) checks. - Traditionally, &man.fsck.8; is invoked before the filesystems are - mounted and all checks are done to completion at that time. If - background checking is available, &man.fsck.8; is invoked twice. - It is first invoked at the traditional time, before the - filesystems are mounted, with the <option>-F</option> flag to do - checking on all the filesystems that cannot do background - checking. It is then invoked a second time, after the system has - completed going multiuser, with the <option>-B</option> flag to do - checking on all the filesystems that can do background checking. - Unlike the foreground checking, the background checking is started - asynchronously so that other system activity can proceed even on - the filesystems that are being checked. Boot-time enabling of - this feature is controlled by the - <varname>background_fsck</varname> option in &man.rc.conf.5;.</para> + (<option>-F</option>) and background (<option>-B</option>) + checks. Traditionally, &man.fsck.8; is invoked before the + filesystems are mounted and all checks are done to completion at + that time. If background checking is available, &man.fsck.8; is + invoked twice. It is first invoked at the traditional time, + before the filesystems are mounted, with the <option>-F</option> + flag to do checking on all the filesystems that cannot do + background checking. It is then invoked a second time, after + the system has completed going multiuser, with the + <option>-B</option> flag to do checking on all the filesystems + that can do background checking. Unlike the foreground + checking, the background checking is started asynchronously so + that other system activity can proceed even on the filesystems + that are being checked. Boot-time enabling of this feature is + controlled by the + <varname>background_fsck</varname> option in &man.rc.conf.5;.</para> <para>Shortly after the receipt of a <literal>SIGINFO</literal> - signal (normally control-T from the controlling tty), &man.fsck.ffs.8; - will now output a line indicating the current phase number and - progress information relevant to the current phase. &merged;</para> + signal (normally control-T from the controlling tty), + &man.fsck.ffs.8; will now output a line indicating the current + phase number and progress information relevant to the current + phase. &merged;</para> <para>&man.fsck.ffs.8; now supports background filesystem checks - to mounted FFS filesystems with the <option>-B</option> option - (softupdates must be enabled on these filesystems). The - <option>-F</option> flag now determines whether a specified - filesystem needs foreground checking.</para> + to mounted FFS filesystems with the <option>-B</option> option + (softupdates must be enabled on these filesystems). The + <option>-F</option> flag now determines whether a specified + filesystem needs foreground checking.</para> <para>A new &man.fsck.msdosfs.8; utility has been added to check - the consistency of MS-DOS filesystems. &merged;</para> + the consistency of MS-DOS filesystems. &merged;</para> <para>&man.ftpd.8; now supports a <option>-r</option> flag for - read-only mode and a <option>-E</option> flag to disable - <literal>EPSV</literal>. It also has some fixes to reduce - information leakage and the ability to specify compile-time port - ranges. &merged;</para> + read-only mode and a <option>-E</option> flag to disable + <literal>EPSV</literal>. It also has some fixes to reduce + information leakage and the ability to specify compile-time port + ranges. &merged;</para> <para>&man.ftpd.8; now supports <option>-o</option> and - <option>-O</option> options to disable the <literal>RETR</literal> - command; the former for everybody, and the latter only for guest users. - Coupled with <option>-A</option> and appropriate file permissions, - these can be used to create a relatively safe anonymous FTP drop box - for others to upload to.</para> + <option>-O</option> options to disable the + <literal>RETR</literal> command; the former for everybody, and + the latter only for guest users. Coupled with + <option>-A</option> and appropriate file permissions, these can + be used to create a relatively safe anonymous FTP drop box for + others to upload to.</para> <para arch="i386">&man.gdb.1; now supports hardware watchpoints (using the - kernel's debug register + support that has been introduced in - &os; 4.0). &merged;</para> + kernel's debug register + support that has been introduced in + &os; 4.0). &merged;</para> <para>The &man.getprogname.3; and &man.setprogname.3; library - functions have been added to manipulate the name of the current - program. They are used by error-reporting routines to produce - consistent output. &merged;</para> + functions have been added to manipulate the name of the current + program. They are used by error-reporting routines to produce + consistent output. &merged;</para> <para>&man.gprof.1; now has a <option>-K</option> option to enable - dynamic symbol resolution from the currently-running kernel. With - this change, properly-compiled KLD modules are now able to be - profiled.</para> + dynamic symbol resolution from the currently-running kernel. + With this change, properly-compiled KLD modules are now able to + be profiled.</para> <para>&man.growfs.8;, a utility for growing FFS filesystems, has - been added. &man.ffsinfo.8;, a utility for dump all the - meta-information of an existing filesystem, has also been - added. &merged;</para> + been added. &man.ffsinfo.8;, a utility for dump all the + meta-information of an existing filesystem, has also been + added. &merged;</para> <para>The &man.groups.1; and &man.whoami.1; shell scripts are now - unnecessary; their functionality has been completely folded into - &man.id.1;. &merged;</para> + unnecessary; their functionality has been completely folded into + &man.id.1;. &merged;</para> - <para>The &man.ibcs2.8;, &man.linux.8;, &man.osf1.8;, and &man.svr4.8; - scripts, whose sole purpose was to load emulation - kernel modules, have been removed. The kernel module system will - automatically load them as needed to fulfill dependencies.</para> + <para>The &man.ibcs2.8;, &man.linux.8;, &man.osf1.8;, and + &man.svr4.8; scripts, whose sole purpose was to load emulation + kernel modules, have been removed. The kernel module system + will automatically load them as needed to fulfill + dependencies.</para> <para>&man.indent.1; has gained some new formatting - options. &merged;</para> + options. &merged;</para> - <para>&man.ifconfig.8; command can set the link-layer address - of an interface using the <option>lladdr</option> parameter. - &merged;</para> + <para>&man.ifconfig.8; command can set the link-layer address of + an interface using the <option>lladdr</option> parameter. + &merged;</para> <para>&man.ifconfig.8; can now accept addresses in slash/CIDR notation. &merged;</para> <para>&man.ifconfig.8; now has support for setting parameters for - IEEE 802.11 wireless network devices. &man.wi.4; and - &man.an.4; devices are supported, and partial support is provided - for &man.awi.4; devices. &merged;</para> + IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4; + devices are supported, and partial support is provided for + &man.awi.4; devices. &merged;</para> <para>&man.ifconfig.8; no longer displays the list of supported - media by default. Instead it displays it when the - <option>-m</option> flag is given. &merged;</para> + media by default. Instead it displays it when the + <option>-m</option> flag is given. &merged;</para> <para>The syntax of &man.inetd.8;'s support for &man.faithd.8; is - now compatible with that of other BSDs. &merged;</para> + now compatible with that of other BSDs. &merged;</para> - <para>The <literal>ident</literal> protocol support in &man.inetd.8; has - been cleaned up and updated. &merged;</para> + <para>The <literal>ident</literal> protocol support in + &man.inetd.8; has been cleaned up and updated. &merged;</para> <para>&man.inetd.8; now has the ability to manage UNIX-domain - sockets. &merged;</para> + sockets. &merged;</para> <para>&man.install.1; has a number of new features, including the - <option>-b</option> and <option>-B</option> options for backing up - existing target files and the <option>-S</option> option for - <quote>safe</quote> (atomic copy) operation. The - <option>-c</option> (copy) flag is now the default, and the - <option>-D</option> (debugging) flag has been withdrawn. - &man.install.1; now issues a warning if <option>-d</option> - (create directories) and <option>-C</option> (copy changed files - only) are used together. &merged;</para> - - <para>IP Filter is now supported by the - &man.rc.conf.5; boot-time configuration and - initialization. &merged;</para> + <option>-b</option> and <option>-B</option> options for backing up + existing target files and the <option>-S</option> option for + <quote>safe</quote> (atomic copy) operation. The + <option>-c</option> (copy) flag is now the default, and the + <option>-D</option> (debugging) flag has been withdrawn. + &man.install.1; now issues a warning if <option>-d</option> + (create directories) and <option>-C</option> (copy changed files + only) are used together. &merged;</para> + + <para>IP Filter is now supported by the &man.rc.conf.5; boot-time + configuration and initialization. &merged;</para> <para>&man.ipfstat.8; now supports the <option>-t</option> option - to turn on a &man.top.1;-like display. &merged;</para> + to turn on a &man.top.1;-like display. &merged;</para> - <para>&man.ipfw.8; will now avoid the display of dynamic - firewall rules unless the <option>-d</option> flag is passed to - it. The <option>-e</option> option lists expired dynamic - rules. &merged;</para> + <para>&man.ipfw.8; will now avoid the display of dynamic firewall + rules unless the <option>-d</option> flag is passed to it. The + <option>-e</option> option lists expired dynamic + rules. &merged;</para> <para>&man.ipfw.8; has a new feature (<literal>me</literal>) that - allows for packet matching on interfaces with dynamically-changing - IP addresses. &merged;</para> + allows for packet matching on interfaces with + dynamically-changing IP addresses. &merged;</para> <para>&man.ipfw.8; has a new <literal>limit</literal> type of - firewall rule, which limits the number of sessions between address - pairs. &merged;</para> + firewall rule, which limits the number of sessions between + address pairs. &merged;</para> <para>&man.ipfw.8; filter rules can now match on the value of the - IPv4 precedence field.</para> + IPv4 precedence field.</para> - <para>&man.ip6fw.8; now has the ability to use a preprocessor - and use the <option>-q</option> (quiet) flag when reading from a - file. &merged;</para> + <para>&man.ip6fw.8; now has the ability to use a preprocessor and + use the <option>-q</option> (quiet) flag when reading from a + file. &merged;</para> <para>&man.kenv.1;, a command to dump the kernel environment, has - been added. &merged;</para> + been added. &merged;</para> <para>&man.keyinfo.1; is now a C program, rather than a Perl - script. &merged;</para> + script. &merged;</para> <para>&man.killall.1; is now a C program, rather than a Perl - script. As a result, its <option>-m</option> option now uses the - regular expression syntax of &man.regex.3;, rather than that of - &man.perl.1;. &merged;</para> + script. As a result, its <option>-m</option> option now uses + the regular expression syntax of &man.regex.3;, rather than that + of &man.perl.1;. &merged;</para> <para>&man.killall.1; now allows non-root users to kill SUID root - processes that they started, the same as the Perl version did. &merged;</para> + processes that they started, the same as the Perl version + did. &merged;</para> - <para>The &man.kldconfig.8; utility has been added to make it easier to - manipulate the kernel module search path. &merged;</para> + <para>The &man.kldconfig.8; utility has been added to make it + easier to manipulate the kernel module search + path. &merged;</para> <para>&man.last.1; now implements a <option>-d</option> that - provides a <quote>snapshot</quote> of who was logged in at a - particular date and time. &merged;</para> + provides a <quote>snapshot</quote> of who was logged in at a + particular date and time. &merged;</para> <para>The &man.lastlogin.8; utility, which prints the last login - time of each user, has been imported from - NetBSD. &merged;</para> + time of each user, has been imported from + NetBSD. &merged;</para> <para>&man.ldconfig.8; now checks directory ownerships and - permissions for greater security; these checks can be disabled - with the <option>-i</option> flag. &merged;</para> + permissions for greater security; these checks can be disabled + with the <option>-i</option> flag. &merged;</para> <para>&man.ldd.1; can now be used on shared libraries, in addition - to executables. &merged;</para> + to executables. &merged;</para> <para>&man.ldd.1; now supports a <option>-a</option> flag to list - all the objects that are needed by each loaded object.</para> + all the objects that are needed by each loaded object.</para> <para><filename>libc</filename> is now thread-safe by default; - <filename>libc_r</filename> contains only thread functions.</para> + <filename>libc_r</filename> contains only thread + functions.</para> <para><filename>libcrypt</filename> and - <filename>libdescrypt</filename> have been unified to provide a - configurable password authentication hash library. Both the md5 - and des hash methods are provided unless the des hash is - specifically compiled out. &merged;</para> + <filename>libdescrypt</filename> have been unified to provide a + configurable password authentication hash library. Both the md5 + and des hash methods are provided unless the des hash is + specifically compiled out. &merged;</para> <para><filename>libcrypt</filename> now has support for Blowfish - password hashing. &merged;</para> + password hashing. &merged;</para> <para arch="i386"><filename>libdisk</filename> can now do - install-time configuration of the <filename>boot0</filename> - boot loader. &merged;</para> + install-time configuration of the <filename>boot0</filename> + boot loader. &merged;</para> <para><filename>libstand</filename> now has support for - filesystems containing <application>bzip2</application>-compressed - files. &merged;</para> + filesystems containing + <application>bzip2</application>-compressed + files. &merged;</para> <para><filename>libstand</filename> now has support for - overwriting the contents of a file on a UFS filesystem (it cannot - expand or truncate files because the filesystem may be dirty or - inconsistent).</para> + overwriting the contents of a file on a UFS filesystem (it + cannot expand or truncate files because the filesystem may be + dirty or inconsistent).</para> <para>The default TCP port range used by - <filename>libfetch</filename> for passive FTP retrievals has - changed; this affects the behavior of &man.fetch.1;, which has - gained the <option>-U</option> option to restore the old - behavior. &merged;</para> + <filename>libfetch</filename> for passive FTP retrievals has + changed; this affects the behavior of &man.fetch.1;, which has + gained the <option>-U</option> option to restore the old + behavior. &merged;</para> <para><filename>libfetch</filename> now has support for an - authentication callback. &merged;</para> + authentication callback. &merged;</para> <para><filename>libfetch</filename> now has support for a - <envar>HTTP_USER_AGENT</envar> environment variable. &merged;</para> + <envar>HTTP_USER_AGENT</envar> environment + variable. &merged;</para> <para><filename>libgmp</filename> has been superceded by - <filename>libmp</filename>. + <filename>libmp</filename>. - <para>The functions from <filename>libposix1e</filename> have been - integrated into <filename>libc</filename>.</para> + <para>The functions from <filename>libposix1e</filename> have been + integrated into <filename>libc</filename>.</para> <para>&man.ln.1; now takes an <option>-i</option> option to - request user confirmation before overwriting an existing - file. &merged;</para> + request user confirmation before overwriting an existing + file. &merged;</para> <para>&man.ln.1; now takes a <option>-h</option> flag to avoid - following a target that is a link, with a <option>-n</option> flag - for compatibility with other implementations. &merged;</para> + following a target that is a link, with a <option>-n</option> + flag for compatibility with other + implementations. &merged;</para> <para>&man.logger.1; can now send messages directly to a remote - syslog. &merged;</para> + syslog. &merged;</para> <para>&man.login.1; now exports environment variables set by - <application>PAM</application> modules. &merged;</para> + <application>PAM</application> modules. &merged;</para> <para>&man.lpc.8; has been improved; <command>lpc clean</command> - is now somewhat safer, and a new <command>lpc tclean</command> - command has been added to check to see what files would be removed - by <command>lpc clean</command>. &merged;</para> + is now somewhat safer, and a new <command>lpc tclean</command> + command has been added to check to see what files would be + removed by <command>lpc clean</command>. &merged;</para> - <para>&man.lpd.8; now takes two new options: <option>-c</option> - will log all connection errors to &man.syslogd.8;, while - <option>-W</option> will allow connections from non-reserved - ports. &merged;</para> + <para>&man.lpd.8; now takes two new options: <option>-c</option> + will log all connection errors to &man.syslogd.8;, while + <option>-W</option> will allow connections from non-reserved + ports. &merged;</para> <para>&man.lpd.8; now has some support for - <literal>o</literal>-type print-file actions in its control files, - which allows printing of PostScript files generated by - <application>MacOS</application> 10.1. &merged;</para> + <literal>o</literal>-type print-file actions in its control + files, which allows printing of PostScript files generated by + <application>MacOS</application> 10.1. &merged;</para> <para>&man.lpr.1;, &man.lpq.1;, and &man.lpd.8; have received a - few minor enhancements. &merged;</para> + few minor enhancements. &merged;</para> <para>Catching up with most other network utilities in the base - system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and - &man.logger.1; are now all IPv6-capable. &merged;</para> + system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and + &man.logger.1; are now all IPv6-capable. &merged;</para> <para><command>lprm -</command> now works for remote printer - queues. &merged;</para> + queues. &merged;</para> <para>&man.ls.1; can produce colorized listings with the - <option>-G</option> flag (and appropriate terminal - support). The <envar>CLICOLOR</envar> environment variable can be set - to enable colorized listings by default. &merged;</para> + <option>-G</option> flag (and appropriate terminal support). + The <envar>CLICOLOR</envar> environment variable can be set to + enable colorized listings by default. &merged;</para> <para>&man.mail.1; now takes a <option>-E</option> flag to avoid - sending messages with empty bodies. &merged;</para> + sending messages with empty bodies. &merged;</para> <para>&man.make.1; has gained the <literal>:C///</literal> - (regular expression substitution), <literal>:L</literal> - (lowercase), and <literal>:U</literal> (uppercase) variable - modifiers. These were added to reduce the differences between the - &os; and - OpenBSD/NetBSD - &man.make.1; programs. &merged; </para> + (regular expression substitution), <literal>:L</literal> + (lowercase), and <literal>:U</literal> (uppercase) variable + modifiers. These were added to reduce the differences between + the &os; and OpenBSD/NetBSD &man.make.1; programs. + &merged;</para> <para>Bugs in &man.make.1;, among which include broken null suffix - behavior, bad assumptions about current directory permissions, and - potential buffer overflows, have been fixed. &merged;</para> + behavior, bad assumptions about current directory permissions, + and potential buffer overflows, have been fixed. &merged;</para> <para>The new <varname>CPUTYPE</varname> - <filename>make.conf</filename> variable controls the compilation - of processor-specific optimizations in various pieces of code such - as <application>OpenSSL</application>. &merged;</para> + <filename>make.conf</filename> variable controls the compilation + of processor-specific optimizations in various pieces of code + such as <application>OpenSSL</application>. &merged;</para> <para>The &os; <filename>Makefile</filename> infrastructure now - supports the <varname>WARNS</varname> directive from NetBSD. This - directive controls the addition of compiler warning flags to - <varname>CFLAGS</varname> in a relatively compiler-neutral - manner. &merged;</para> + supports the <varname>WARNS</varname> directive from NetBSD. + This directive controls the addition of compiler warning flags + to <varname>CFLAGS</varname> in a relatively compiler-neutral + manner. &merged;</para> <para>&man.man.1; is no longer installed SUID - <username>man</username>, in order to reduce vulnerabilities - associated with generating <quote>catpages</quote> (preformatted - manual pages cached for repeated viewing). As a result, - &man.man.1; can no longer create system catpages on a regular - user's behalf. It is still able to do so if the user has write - permissions to the directory holding catpages (e.g. a user's own - manpages) or if the running user is - <username>root</username>.</para> + <username>man</username>, in order to reduce vulnerabilities + associated with generating <quote>catpages</quote> (preformatted + manual pages cached for repeated viewing). As a result, + &man.man.1; can no longer create system catpages on a regular + user's behalf. It is still able to do so if the user has write + permissions to the directory holding catpages (e.g. a user's own + manpages) or if the running user is + <username>root</username>.</para> <para>The &man.mdmfs.8; command has been added; it is a wrapper - around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and - &man.mount.8; that mimics the command line option set of the - deprecated &man.mount.mfs.8;.</para> + around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and + &man.mount.8; that mimics the command line option set of the + deprecated &man.mount.mfs.8;.</para> <para>&man.mergemaster.8; now sources an - <filename>/etc/mergemaster.rc</filename> file and also prompts the - user to run recommended commands (such as - <command>newaliases</command>) as needed. &merged;</para> + <filename>/etc/mergemaster.rc</filename> file and also prompts + the user to run recommended commands (such as + <command>newaliases</command>) as needed. &merged;</para> - <para>&man.moused.8; now takes a <option>-a</option> option to control - mouse acceleration. &merged;</para> + <para>&man.moused.8; now takes a <option>-a</option> option to + control mouse acceleration. &merged;</para> <para>&man.mtree.8; now includes support for a file that lists - pathnames to be excluded when creating and verifying prototypes. - This makes it easier to use &man.mtree.8; as a part of an - intrusion-detection system. &merged;</para> + pathnames to be excluded when creating and verifying prototypes. + This makes it easier to use &man.mtree.8; as a part of an + intrusion-detection system. &merged;</para> <para>&man.natd.8; now supports a - <option>-log_ipfw_denied</option> option to log packets that - cannot be re-injected because they are blocked by &man.ipfw.8; - rules. &merged;</para> + <option>-log_ipfw_denied</option> option to log packets that + cannot be re-injected because they are blocked by &man.ipfw.8; + rules. &merged;</para> <para>The <quote>in use</quote> percentage metric displayed by - &man.netstat.1; now really reflects the percentage of network - mbufs used. &merged;</para> + &man.netstat.1; now really reflects the percentage of network + mbufs used. &merged;</para> <para>&man.netstat.1; now has a <option>-W</option> flag that - tells it not to truncate addresses, even if they're too long for - the column they're printed in. &merged;</para> + tells it not to truncate addresses, even if they're too long for + the column they're printed in. &merged;</para> <para>&man.netstat.1; now keeps track of input and output packets - on a per-address basis for each interface. &merged;</para> + on a per-address basis for each interface. &merged;</para> <para>&man.netstat.1; now has a <option>-z</option> flag to reset - statistics. &merged;</para> + statistics. &merged;</para> <para>&man.netstat.1; now has a <option>-S</option> flag to print - address numerically but port names symbolically. &merged;</para> + address numerically but port names symbolically. &merged;</para> <para>&man.newfs.8; now implements write combining, which can make - creation of new filesystems up to seven times - faster. &merged;</para> + creation of new filesystems up to seven times + faster. &merged;</para> <para>&man.newfs.8; now takes a <option>-U</option> option to - enable softupdates on a new filesystem. &merged;</para> + enable softupdates on a new filesystem. &merged;</para> <para>The default number of cylinders per group in &man.newfs.8; - is now computed to be the maximum allowable given the current - filesystem parameters. It can be overridden with the - <option>-c</option> option. Formerly, the default was fixed at 16. This - change leads to better &man.fsck.8; performance and reduced - fragmentation. &merged;</para> - - <para><anchor id="newfs-block-frag-sizes">The default block and fragment sizes for new filesystems created - by &man.newfs.8; are now 16384 and 2048 bytes, respectively (the - old defaults were 8192 and 1024 bytes). This change generally - provides increased performance, at the expense of some wasted disk - space. &merged;</para> - - <para>&man.newsyslog.8; now has the ability to compress - log files using &man.bzip2.1;. &merged;</para> + is now computed to be the maximum allowable given the current + filesystem parameters. It can be overridden with the + <option>-c</option> option. Formerly, the default was fixed at + 16. This change leads to better &man.fsck.8; performance and + reduced fragmentation. &merged;</para> + + <para><anchor id="newfs-block-frag-sizes">The default block and + fragment sizes for new filesystems created by &man.newfs.8; are + now 16384 and 2048 bytes, respectively (the old defaults were + 8192 and 1024 bytes). This change generally provides increased + performance, at the expense of some wasted disk + space. &merged;</para> + + <para>&man.newsyslog.8; now has the ability to compress log files + using &man.bzip2.1;. &merged;</para> <para><application>NFS</application> now works over IPv6.</para> <para>&man.ngctl.8; now supports a <option>write</option> command - to send a data packet down a given hook. &merged;</para> + to send a data packet down a given hook. &merged;</para> <para>&man.nl.1;, a line numbering filter program, has been - added. &merged;</para> + added. &merged;</para> - <para><application>nsswitch</application> support has been merged from NetBSD. By creating - an &man.nsswitch.conf.5; file, &os; can be configured so that - various databases such as &man.passwd.5; and &man.group.5; can be - looked up using flat files, NIS, or Hesiod. The old - <filename>hosts.conf</filename> file is no longer used.</para> + <para><application>nsswitch</application> support has been merged + from NetBSD. By creating an &man.nsswitch.conf.5; file, &os; + can be configured so that various databases such as + &man.passwd.5; and &man.group.5; can be looked up using flat + files, NIS, or Hesiod. The old + <filename>hosts.conf</filename> file is no longer used.</para> <para><application>PAM</application> support has been added for - account management and sessions.</para> + account management and sessions.</para> <para><application>PAM</application> configuration is now - specified by files in <filename>/etc/pam.d/</filename>, rather - than a single <filename>/etc/pam.conf</filename> file. - <filename>/etc/pam.d/README</filename> has more details.</para> + specified by files in <filename>/etc/pam.d/</filename>, rather + than a single <filename>/etc/pam.conf</filename> file. + <filename>/etc/pam.d/README</filename> has more details.</para> <para>&man.passwd.1; and &man.pw.8; now select the password hash - algorithm at run time. See the <literal>passwd_format</literal> - attribute in <filename>/etc/login.conf</filename>. &merged;</para> + algorithm at run time. See the <literal>passwd_format</literal> + attribute in + <filename>/etc/login.conf</filename>. &merged;</para> <para>&man.pax.1; has received a number of enhancements, including - &man.cpio.1; functionality, &man.tar.1; compatibility - enhancements, <option>-z</option> and <option>-Z</option> flags - for &man.gzip.1; and &man.compress.1; functionality, and a number - of bug fixes.</para> + &man.cpio.1; functionality, &man.tar.1; compatibility + enhancements, <option>-z</option> and <option>-Z</option> flags + for &man.gzip.1; and &man.compress.1; functionality, and a + number of bug fixes.</para> <para>&man.pciconf.8; now supports a <option>-v</option> option to - display the vendor/device information of configured devices, - in conjunction with the <option>-l</option> option. The default - vendor/device database can be found at - <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para> + display the vendor/device information of configured devices, in + conjunction with the <option>-l</option> option. The default + vendor/device database can be found at + <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para> <para>The behavior of &man.periodic.8; is now controlled by - <filename>/etc/defaults/periodic.conf</filename> and - <filename>/etc/periodic.conf</filename>. &merged;</para> + <filename>/etc/defaults/periodic.conf</filename> and + <filename>/etc/periodic.conf</filename>. &merged;</para> <para>&man.ping.8; now supports a <option>-m</option> option to - set the TTL of outgoing packets. &merged;</para> + set the TTL of outgoing packets. &merged;</para> <para>&man.ping.8; now supports a <option>-A</option> option to - beep when packets are lost. &merged;</para> + beep when packets are lost. &merged;</para> <para>Userland &man.ppp.8; has received a number of updates and - bug fixes. &merged;</para> + bug fixes. &merged;</para> <para>&man.ppp.8; has gained the <literal>tcpmssfixup</literal> - option, which adjusts outgoing and incoming TCP SYN packets so that the maximum - receive segment size is no larger than allowed by the interface - MTU. &merged;</para> + option, which adjusts outgoing and incoming TCP SYN packets so + that the maximum receive segment size is no larger than allowed + by the interface MTU. &merged;</para> <para>&man.ppp.8; now supports IPv6.</para> <para>&man.pppd.8; (the control program for kernel-level PPP) is - now installed mode <literal>4550</literal> and - <username>root</username><literal>:</literal><groupname>dialer</groupname>, - rather than mode <literal>4555</literal> (in other words, it is no - longer world-executable). Users of &man.pppd.8; may need to - change their group settings. &merged;</para> + now installed mode <literal>4550</literal> and + <username>root</username><literal>:</literal><groupname>dialer</groupname>, + rather than mode <literal>4555</literal> (in other words, it is + no longer world-executable). Users of &man.pppd.8; may need to + change their group settings. &merged;</para> <para>The <option>-W</option> option to &man.ps.1; (to extract - information from a specified swap device) has been useless for - some time; it has been removed. &merged;</para> + information from a specified swap device) has been useless for + some time; it has been removed. &merged;</para> <para>&man.pwd.1; can now double as &man.realpath.1;, a program to - resolve pathnames to their underlying physical paths. &merged;</para> + resolve pathnames to their underlying physical + paths. &merged;</para> <para>The pseudo-random number generator implemented by - &man.rand.3; has been improved to provide less biased results.</para> + &man.rand.3; has been improved to provide less biased + results.</para> - <para>&man.rc.8; now has an framework for handling dependencies between - &man.rc.conf.5; variables. &merged;</para> + <para>&man.rc.8; now has an framework for handling dependencies + between &man.rc.conf.5; variables. &merged;</para> <para>&man.rc.8; now deletes all non-directory files in - <filename>/var/run</filename> and - <filename>/var/spool/lock</filename> at boot time. &merged;</para> + <filename>/var/run</filename> and + <filename>/var/spool/lock</filename> at boot + time. &merged;</para> <para>&man.rcmd.3; now supports the use of the - <envar>RSH</envar> environment variable to specify a program to - use other than &man.rsh.1; for remote execution. As a result, - programs such as &man.dump.8;, can use &man.ssh.1; for remote - transport.</para> + <envar>RSH</envar> environment variable to specify a program to + use other than &man.rsh.1; for remote execution. As a result, + programs such as &man.dump.8;, can use &man.ssh.1; for remote + transport.</para> - <para>&man.rdist.1; has been retired from the base system, but is still - available from &os; Ports Collection as - <filename role="package">net/44bsd-rdist</filename>.</para> + <para>&man.rdist.1; has been retired from the base system, but is + still available from &os; Ports Collection as + <filename role="package">net/44bsd-rdist</filename>.</para> <para>The &man.resolver.3; in &os; now implements EDNS0 support, - which will be necessary when working with IPv6 transport-ready - resolvers/DNS servers. &merged;</para> + which will be necessary when working with IPv6 transport-ready + resolvers/DNS servers. &merged;</para> <para>The &man.rfork.thread.3; library call has been added as a - helper function to &man.rfork.2;. Using this function should - avoid the need to implement complex stack swap - code. &merged;</para> + helper function to &man.rfork.2;. Using this function should + avoid the need to implement complex stack swap + code. &merged;</para> <para>The <option>-v</option> option to &man.rm.1; now displays - the entire pathname of a file being removed.</para> + the entire pathname of a file being removed.</para> <para>&man.route.8; is now more verbose when changing indirect - routes, in the case of a gateway route that is the same route as - the one being modified. &merged;</para> + routes, in the case of a gateway route that is the same route as + the one being modified. &merged;</para> <para>&man.route.8; now uses - <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal> - syntax instead of - <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal> - syntax, for compatibility with &man.netstat.1;. &merged;</para> + <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal> + syntax instead of + <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal> + syntax, for compatibility with &man.netstat.1;. &merged;</para> <para>&man.route.8; can now create <quote>proxy only</quote> - published ARP entries. &merged;</para> + published ARP entries. &merged;</para> <para>The &man.route.8; <option>add</option> command now supports - the <option>-ifp</option> and <option>-ifa</option> - modifiers. &merged;</para> + the <option>-ifp</option> and <option>-ifa</option> + modifiers. &merged;</para> <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para> <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename> - (as on NetBSD), not <filename>/usr/libexec/cpp</filename>.</para> + (as on NetBSD), not + <filename>/usr/libexec/cpp</filename>.</para> <para>&man.rpc.lockd.8; has been imported from NetBSD. This - daemon enables locking on NFS filesystems.</para> + daemon enables locking on NFS filesystems.</para> <para>The performance of the ELF dynamic linker &man.rtld.1; has - been improved. &merged;</para> + been improved. &merged;</para> - <para>RSA Security has waived all patent rights to the <application>RSA</application> - algorithm. As a - result, the native <application>OpenSSL</application> - implementation of the RSA algorithm is now activated by default, - and the <filename role="package">security/rsaref</filename> port and the - <filename>librsaUSA</filename> and <filename>librsaINTL</filename> - libraries are - no longer required for USA and non-USA residents respectively. &merged;</para> + <para>RSA Security has waived all patent rights to the + <application>RSA</application> algorithm. As a result, the + native <application>OpenSSL</application> implementation of the + RSA algorithm is now activated by default, and the <filename + role="package">security/rsaref</filename> port and the + <filename>librsaUSA</filename> and + <filename>librsaINTL</filename> libraries are no longer required + for USA and non-USA residents respectively. &merged;</para> <para>&man.rtld.1; will now print the names of all objects that - cause each object to be loaded, if the - <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment - variable is defined.</para> + cause each object to be loaded, if the + <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment + variable is defined.</para> <para>&man.savecore.8; now supports a <option>-k</option> option - to prevent clearing a crash dump after saving it. It also - attempts to avoid writing large stretches of zeros to crash dump - files to save space and time. &merged;</para> + to prevent clearing a crash dump after saving it. It also + attempts to avoid writing large stretches of zeros to crash dump + files to save space and time. &merged;</para> <para>&man.savecore.8; now works correctly on machines with 2 GB - or more of RAM. &merged;</para> + or more of RAM. &merged;</para> <para>&man.sed.1; now takes a <option>-E</option> option for - extended regular expression support. &merged;</para> + extended regular expression support. &merged;</para> <para>&man.send-pr.1; now takes a <option>-a</option> option to - include a file into the <literal>Fix:</literal> section of a - problem report. &merged;</para> + include a file into the <literal>Fix:</literal> section of a + problem report. &merged;</para> <para>The &man.setfacl.1; and &man.getfacl.1; commands have been - added to manage file system Access Control Lists.</para> + added to manage file system Access Control Lists.</para> <para>&man.setproctitle.3; has been moved from - <filename>libutil</filename> to - <filename>libc</filename>. &merged;</para> + <filename>libutil</filename> to + <filename>libc</filename>. &merged;</para> <para>&man.sh.1; now implements <command>test</command> as a - built-in command for improved efficiency. &merged;</para> + built-in command for improved efficiency. &merged;</para> - <para>&man.sh.1; no longer - implements <command>printf</command> as a built-in command because - it was considered less valuable compared to the other built-in - commands (this functionality is, of course, still available - through the &man.printf.1; executable).</para> + <para>&man.sh.1; no longer implements <command>printf</command> as + a built-in command because it was considered less valuable + compared to the other built-in commands (this functionality is, + of course, still available through the &man.printf.1; + executable).</para> <para>&man.sockstat.1; now has <option>-c</option> and - <option>-l</option> flags for listing connected and listening - sockets, respectively. &merged;</para> + <option>-l</option> flags for listing connected and listening + sockets, respectively. &merged;</para> <para>&man.split.1; now has the ability to split a file longer - than 2GB. &merged;</para> + than 2GB. &merged;</para> <para>In preparation for meeting SUSv2/POSIX - <filename><sys/select.h></filename> requirements, - <literal>struct selinfo</literal> and related functions have been - moved to <filename><sys/selinfo.h></filename>.</para> + <filename><sys/select.h></filename> requirements, + <literal>struct selinfo</literal> and related functions have been + moved to <filename><sys/selinfo.h></filename>.</para> <para>The &man.strnstr.3; and &man.strcasestr.3; variants of - &man.strstr.3; have been implemented. &merged;</para> + &man.strstr.3; have been implemented. &merged;</para> <para>&man.stty.1; now has support for an - <literal>erase2</literal> control character, so that, for example, - both the <keycap>Delete</keycap> and <keycap>Backspace</keycap> - keys can be used to erase characters. &merged;</para> + <literal>erase2</literal> control character, so that, for + example, both the <keycap>Delete</keycap> and + <keycap>Backspace</keycap> keys can be used to erase + characters. &merged;</para> <para>&man.style.perl.7;, a style guide for Perl code in the &os; - base system, has been added. &merged;</para> + base system, has been added. &merged;</para> <para>&man.su.1; now uses <application>PAM</application> for - authentication.</para> + authentication.</para> <para>Boot-time &man.syscons.4; configuration was moved to a - machine-independent <filename>/etc/rc.syscons</filename>. &merged;</para> + machine-independent + <filename>/etc/rc.syscons</filename>. &merged;</para> <para>&man.sysctl.8; now supports a <option>-N</option> option to - print out variable names only. &merged;</para> + print out variable names only. &merged;</para> <para>&man.sysctl.8; has replaced the <option>-A</option> and - <option>-X</option> options with <option>-ao</option> and - <option>-ax</option> respectively; the former options are now - deprecated. The <option>-w</option> option is deprecated as well; it is - not needed to determine the user's intentions. &merged;</para> + <option>-X</option> options with <option>-ao</option> and + <option>-ax</option> respectively; the former options are now + deprecated. The <option>-w</option> option is deprecated as + well; it is not needed to determine the user's + intentions. &merged;</para> <para>&man.sysctl.8; now supports a <option>-e</option> option to - separate variable names and values by <literal>=</literal> rather - than <literal>:</literal>. This feature is useful for producing - output that can be fed back to &man.sysctl.8;. &merged;</para> + separate variable names and values by <literal>=</literal> + rather than <literal>:</literal>. This feature is useful for + producing output that can be fed back to + &man.sysctl.8;. &merged;</para> <para>&man.sysinstall.8; now properly preserves - <filename>/etc/mail</filename> during a binary upgrade. &merged;</para> + <filename>/etc/mail</filename> during a binary + upgrade. &merged;</para> <para>&man.sysinstall.8; now uses some more intuitive defaults - thanks to some new dialog support functions. &merged;</para> + thanks to some new dialog support functions. &merged;</para> <para>The default root partition in &man.sysinstall.8; is now - 100MB on the i386 and 120MB on the Alpha.</para> + 100MB on the i386 and 120MB on the Alpha.</para> - <para>&man.sysinstall.8; now lives in <filename>/usr/sbin</filename>, - which simplifies the installation process. The &man.sysinstall.8; - manpage is also installed in a more consistent fashion now.</para> + <para>&man.sysinstall.8; now lives in + <filename>/usr/sbin</filename>, which simplifies the + installation process. The &man.sysinstall.8; manpage is also + installed in a more consistent fashion now.</para> <para>&man.sysinstall.8; now has the ability to load KLDs as a - part of the installation. &merged;</para> + part of the installation. &merged;</para> <para>When run from the installation media, &man.sysinstall.8; - will automatically load any device drivers found in the - <filename>/stand/modules</filename> directory of the - <literal>mfsroot</literal> floppy or filesystem image. Note that - any drivers so loaded will not appear in the kernel's boot - messages; the &man.sysinstall.8; debugging screen will provide - additional information. &merged;</para> + will automatically load any device drivers found in the + <filename>/stand/modules</filename> directory of the + <literal>mfsroot</literal> floppy or filesystem image. Note + that any drivers so loaded will not appear in the kernel's boot + messages; the &man.sysinstall.8; debugging screen will provide + additional information. &merged;</para> <para>&man.sysinstall.8; now enables Soft Updates by default on - all filesystems it creates, except for the root - filesystem. &merged;</para> + all filesystems it creates, except for the root + filesystem. &merged;</para> <para>&man.sysinstall.8; has received updates for its - <quote>auto</quote> partitioning mode which provide more - reasonable defaults for the sizes of partitions that are created; - auto-sized partitions can now also recover the space that becomes - available when other partitions are deleted. &merged;</para> + <quote>auto</quote> partitioning mode which provide more + reasonable defaults for the sizes of partitions that are + created; auto-sized partitions can now also recover the space + that becomes available when other partitions are + deleted. &merged;</para> <para>&man.syslogd.8; can take a <option>-n</option> option to - disable DNS queries for every request. &merged;</para> + disable DNS queries for every request. &merged;</para> - <para>&man.syslogd.8; now supports a <literal>LOG_CONSOLE</literal> - facility (disabled by - default), which can be used to log <filename>/dev/console</filename> - output. &merged;</para> + <para>&man.syslogd.8; now supports a + <literal>LOG_CONSOLE</literal> facility (disabled by default), + which can be used to log <filename>/dev/console</filename> + output. &merged;</para> <para>&man.syslogd.8; now has the ability to bind to a specific - address (as opposed to using every available one) via the - <option>-b</option> option. &merged;</para> + address (as opposed to using every available one) via the + <option>-b</option> option. &merged;</para> <para>&man.syslogd.8; now accepts a <option>-c</option> flag to - disable repeated line compression. &merged;</para> + disable repeated line compression. &merged;</para> <para>&man.tail.1; now has the ability to work on files longer - than 2GB. &merged;</para> + than 2GB. &merged;</para> <para>&man.tar.1; now supports the <varname>TAR_RSH</varname> - variable, principally to enable the use of &man.ssh.1; as a - transport. &merged;</para> + variable, principally to enable the use of &man.ssh.1; as a + transport. &merged;</para> <para>&man.telnet.1; now does autologin and encryption by default; - a new <option>-y</option> option turns off encryption.</para> + a new <option>-y</option> option turns off encryption.</para> <para>&man.telnet.1; now supports a <option>-u</option> flag to - allow connections to UNIX-domain (<literal>AF_UNIX</literal>) - sockets. &merged;</para> + allow connections to UNIX-domain (<literal>AF_UNIX</literal>) + sockets. &merged;</para> <para>&man.tftpd.8; now takes the <option>-c</option> and - <option>-C</option> options, which allow the server to - &man.chroot.2; based on the IP address of the connecting client. - &man.tftp.1; and &man.tftpd.8; can now transfer files larger than - 65535 blocks. &merged;</para> + <option>-C</option> options, which allow the server to + &man.chroot.2; based on the IP address of the connecting client. + &man.tftp.1; and &man.tftpd.8; can now transfer files larger + than 65535 blocks. &merged;</para> <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval - and Transfer Size Options); this feature is required by some - firmware like EFI boot managers (at least on HP i2000 Itanium - servers) in order to boot an image using - <application>TFTP</application>.</para> + and Transfer Size Options); this feature is required by some + firmware like EFI boot managers (at least on HP i2000 Itanium + servers) in order to boot an image using + <application>TFTP</application>.</para> <para arch="alpha">&man.timed.8; now works on the alpha.</para> <para>A version of Transport Independent RPC - (<application>TI-RPC</application>) has been imported.</para> + (<application>TI-RPC</application>) has been imported.</para> <para>&man.tmpnam.3; will now use the <envar>TMPDIR</envar> - environment variable, if set, to specify the location of temporary - files. &merged;</para> + environment variable, if set, to specify the location of + temporary files. &merged;</para> <para>&man.tip.1; has been updated from - <application>OpenBSD</application>, and has the ability to act as - a &man.cu.1; substitute.</para> + <application>OpenBSD</application>, and has the ability to act + as a &man.cu.1; substitute.</para> <para>&man.top.1; will now use the full width of its tty.</para> <para>&man.touch.1; now takes a <option>-h</option> option to - operate on a symbolic link, rather than what the link points - to.</para> + operate on a symbolic link, rather than what the link points + to.</para> - <para>The &man.truncate.1; utility, which truncates or extends the length - of files, has been added. &merged;</para> + <para>The &man.truncate.1; utility, which truncates or extends the + length of files, has been added. &merged;</para> <para>Ukrainian language support has been added to the &os; - console. &merged;</para> + console. &merged;</para> <para><application>UUCP</application> has been removed from the - base system. It can be found in - the Ports Collection, in <filename role="package">net/freebsd-uucp</filename>.</para> + base system. It can be found in the Ports Collection, in + <filename role="package">net/freebsd-uucp</filename>.</para> - <para>&man.units.1; has received some updates and bugfixes. &merged;</para> + <para>&man.units.1; has received some updates and + bugfixes. &merged;</para> <para>&man.usbdevs.8; now supports a <option>-d</option> flag to - show the device driver associated with each device.</para> + show the device driver associated with each device.</para> <para>&man.uudecode.1; now accepts a <option>-o</option> option to - set its output file.</para> + set its output file.</para> <para>&man.vidcontrol.1; now accepts a <option>-g</option> - parameter to select custom text geometry in the - <literal>VESA_800x600</literal> raster text mode. &merged;</para> + parameter to select custom text geometry in the + <literal>VESA_800x600</literal> raster text mode. &merged;</para> <para>&man.vidcontrol.1; now allows the user to omit the font size - specification when loading a font, and has some better - error-handling. &merged;</para> + specification when loading a font, and has some better + error-handling. &merged;</para> - <para>&man.vidcontrol.1; now supports a <option>-p</option> option to - take a snapshot of a &man.syscons.4; video buffer. These - snapshots can be manipulated by the - <filename role="package">graphics/scr2png</filename> utility in the Ports - Collection. &merged;</para> + <para>&man.vidcontrol.1; now supports a <option>-p</option> option + to take a snapshot of a &man.syscons.4; video buffer. These + snapshots can be manipulated by the + <filename role="package">graphics/scr2png</filename> utility in + the Ports Collection. &merged;</para> <para>&man.vidcontrol.1; now supports a <option>-C</option> option - to clear the history buffer for a given tty, as well as a - <option>-h</option> option to set the size of the history buffer. &merged;</para> + to clear the history buffer for a given tty, as well as a + <option>-h</option> option to set the size of the history + buffer. &merged;</para> <para>The default stripe size in &man.vinum.8; has been changed - from 256KB to 279KB, to spread out superblocks more evenly between - stripes.</para> + from 256KB to 279KB, to spread out superblocks more evenly + between stripes.</para> <para>&man.wall.1; now supports a <option>-g</option> flag to - write a message to all users of a given group. &merged;</para> + write a message to all users of a given group. &merged;</para> <para>&man.watch.8; now takes a <option>-f</option> option to - specify a &man.snp.4; device to use.</para> + specify a &man.snp.4; device to use.</para> <para>&man.which.1; is now a C program, rather than a Perl - script.</para> + script.</para> - <para>&man.whois.1; now directs queries for IP addresses to - ARIN. If a query to ARIN references APNIC or RIPE, the - appropriate server will also be queried, provided that the - <option>-Q</option> option is not specified. &merged;</para> + <para>&man.whois.1; now directs queries for IP addresses to ARIN. + If a query to ARIN references APNIC or RIPE, the appropriate + server will also be queried, provided that the + <option>-Q</option> option is not specified. &merged;</para> <para>&man.whois.1; supports a <option>-c</option> option to - specify a country code to help direct queries towards a particular - whois server. &merged;</para> + specify a country code to help direct queries towards a + particular whois server. &merged;</para> <para>&man.xargs.1; now supports a <option>-J</option> - <replaceable>replstr</replaceable> option that allows the user to - tell &man.xargs.1; to insert the data read from standard input at - a specific point in the command line arguments rather than at the - end. &merged;</para> + <replaceable>replstr</replaceable> option that allows the user + to tell &man.xargs.1; to insert the data read from standard + input at a specific point in the command line arguments rather + than at the end. &merged;</para> <para>The compiler chain now uses the FSF-supplied C/C++ runtime - initialization code. This change brings about better - compatibility with code generated from the various egcs and gcc - ports, as well as the stock public FSF source. &merged;</para> + initialization code. This change brings about better + compatibility with code generated from the various egcs and gcc + ports, as well as the stock public FSF source. &merged;</para> <para>The threads library has gained some signal handling changes, - bug fixes, and performance enhancements (including zero system - call thread switching). &man.gdb.1; thread support has been - updated to match these changes. &merged;</para> + bug fixes, and performance enhancements (including zero system + call thread switching). &man.gdb.1; thread support has been + updated to match these changes. &merged;</para> <para>Significant additions have been made to internationalization - support; &os; now has complete locale support for the - <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, and - <literal>LC_MESSAGES</literal> categories. A number of - applications have been updated to take advantage of this - support.</para> + support; &os; now has complete locale support for the + <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, + and <literal>LC_MESSAGES</literal> categories. A number of + applications have been updated to take advantage of this + support.</para> <para>Locale names have been changed to improve compatibility with - the names used by X11R6, as well as a number of other UNIX - versions. As an example, the <literal>en_US.ISO_8859-1</literal> - locale name has been changed to - <literal>en_US.ISO8859-1</literal>. Entries in - <filename>/etc/locale.alias</filename> provide backward - compatibility. &merged;</para> + the names used by X11R6, as well as a number of other UNIX + versions. As an example, the + <literal>en_US.ISO_8859-1</literal> locale name has been changed + to + <literal>en_US.ISO8859-1</literal>. Entries in + <filename>/etc/locale.alias</filename> provide backward + compatibility. &merged;</para> <para><filename>/usr/src/share/examples/BSD_daemon/</filename> now - contains a scalable Beastie graphic. &merged;</para> + contains a scalable Beastie graphic. &merged;</para> <para>As part of an ongoing process, many manual pages were - improved, both in terms of their formatting markup and in their - content. &merged;</para> + improved, both in terms of their formatting markup and in their + content. &merged;</para> <sect3> <title>Contributed Software</title> - <para><application>am-utils</application> has been updated to - 6.0.7.</para> + <para><application>am-utils</application> has been updated to + 6.0.7.</para> <para><application>bc</application> has been updated from 1.04 to - 1.06. &merged;</para> + 1.06. &merged;</para> <para>The ISC library from the <application>BIND</application> - distribution is now built as + distribution is now built as <filename>libisc</filename>. &merged;</para> <para><application>BIND</application> is now built with the - <literal>NOADDITIONAL</literal> flag, which causes &man.named.8; - to operate in a more consistent fashion for certain common - misconfigurations. &merged;</para> + <literal>NOADDITIONAL</literal> flag, which causes + &man.named.8; to operate in a more consistent fashion for + certain common misconfigurations. &merged;</para> <para><application>BIND</application> has been updated to - 8.3.1-REL. &merged;</para> + 8.3.1-REL. &merged;</para> - <para><application>Binutils</application> has been updated to - a 21 February 2002 snapshot from the FSF 2.12 branch.</para> + <para><application>Binutils</application> has been updated to a + 21 February 2002 snapshot from the FSF 2.12 branch.</para> - <para><application>bzip2</application> 1.0.2 has been imported; this - brings the &man.bzip2.1; program and the <filename>libbz2</filename> - library to the base system. &merged;</para> + <para><application>bzip2</application> 1.0.2 has been imported; + this brings the &man.bzip2.1; program and the + <filename>libbz2</filename> library to the base + system. &merged;</para> <para>The &man.ee.1; <application>Easy Editor</application> has - been updated to 1.4.2. &merged;</para> + been updated to 1.4.2. &merged;</para> - <para><application>file</application> has been updated to 3.37.</para> + <para><application>file</application> has been updated to + 3.37.</para> - <para><application>gcc</application> has been updated to 2.95.3. &merged;</para> + <para><application>gcc</application> has been updated to + 2.95.3. &merged;</para> <para>&man.gcc.1; now uses a unified <filename>libgcc</filename> - rather than a separate one for threaded and non-threaded programs. - <filename>/usr/lib/libgcc_r.a</filename> can be removed. - &merged;</para> + rather than a separate one for threaded and non-threaded + programs. <filename>/usr/lib/libgcc_r.a</filename> can be + removed. &merged;</para> <para>&man.gcc.1; now supports the environment variable - <envar>GCC_OPTIONS</envar>, which can hold a set of default - options for <application>GCC</application>. &merged;</para> + <envar>GCC_OPTIONS</envar>, which can hold a set of default + options for <application>GCC</application>. &merged;</para> <para><application>GNATS</application> has been updated to - 3.113. &merged;</para> - + 3.113. &merged;</para> + <para><application>GNU awk</application> has been updated to - 3.1.0.</para> + 3.1.0.</para> - <para><application>gperf</application> has been updated to 2.7.2.</para> + <para><application>gperf</application> has been updated to + 2.7.2.</para> <para><application>groff</application> and its related utilities - have been updated to FSF version 1.17.2. This import brings in a - new &man.mdoc.7; macro package (sometimes referred to as - <literal>mdocNG</literal>), which removes many of the - limitations of its predecessor. &merged;</para> + have been updated to FSF version 1.17.2. This import brings + in a new &man.mdoc.7; macro package (sometimes referred to as + <literal>mdocNG</literal>), which removes many of the + limitations of its predecessor. &merged;</para> <para><application>Heimdal</application> has been updated to - 0.3f.</para> + 0.3f.</para> <para>The version of <application>IPFilter</application> - provided with &os; now includes the &man.ipfs.8; program, which - allows state information created for NAT entries and stateful - rules to be saved to disk and restored after a reboot. - Boot-time configuration of these features is supported by - &man.rc.conf.5;. &merged;</para> + provided with &os; now includes the &man.ipfs.8; program, + which allows state information created for NAT entries and + stateful rules to be saved to disk and restored after a + reboot. Boot-time configuration of these features is + supported by &man.rc.conf.5;. &merged;</para> <para>The <application>ISC DHCP</application> client has been - updated to 3.0.1RC6.</para> + updated to 3.0.1RC6.</para> <para><application>Kerberos IV</application> has been updated to - 1.0.5. &merged;</para> + 1.0.5. &merged;</para> - <para>The &man.more.1; command has been replaced by &man.less.1;, - although it can still be run as - <command>more</command>. &merged; Version 371 of <application>less</application> has - been imported.</para> + <para>The &man.more.1; command has been replaced by + &man.less.1;, although it can still be run as + <command>more</command>. &merged; Version 371 of + <application>less</application> has been imported.</para> <para><application>libpcap</application> has been updated to - 0.6.2. &merged;</para> + 0.6.2. &merged;</para> <para><application>libreadline</application> has been updated to - 4.2.</para> + 4.2.</para> <para><application>Linux-PAM</application> has been updated to - 0.75. &merged;</para> - - <para>A number of new <application>Linux-PAM</application> modules - have been added, including: <filename>pam_ftp</filename>, - <filename>pam_krb5</filename>, - <filename>pam_nologin</filename>, - <filename>pam_rootok</filename>, - <filename>pam_securetty</filename>, - <filename>pam_wheel</filename>.</para> - - <para><application>lukemftp</application> (the FTP client from NetBSD) has replaced the &os; - &man.ftp.1; program. Among its new features are more automation - methods, better standards compliance, transfer rate throttling, - and a customizable command-line prompt. Some environment - variables and command-line arguments have changed.</para> + 0.75. &merged;</para> + + <para>A number of new <application>Linux-PAM</application> + modules have been added, including: + <filename>pam_ftp</filename>, + <filename>pam_krb5</filename>, + <filename>pam_nologin</filename>, + <filename>pam_rootok</filename>, + <filename>pam_securetty</filename>, + <filename>pam_wheel</filename>.</para> + + <para><application>lukemftp</application> (the FTP client from + NetBSD) has replaced the &os; &man.ftp.1; program. Among its + new features are more automation methods, better standards + compliance, transfer rate throttling, and a customizable + command-line prompt. Some environment variables and + command-line arguments have changed.</para> <para>The FTP daemon from NetBSD, otherwise known as - <application>lukemftpd</application>, has been imported and is - available as &man.lukemftpd.8;.</para> + <application>lukemftpd</application>, has been imported and is + available as &man.lukemftpd.8;.</para> <para><application>ncurses</application> has been updated to - 5.2-20010512.</para> + 5.2-20010512.</para> - <para>The <application>NTP</application> suite of programs has been - updated to 4.1.0. &merged;</para> + <para>The <application>NTP</application> suite of programs has + been updated to 4.1.0. &merged;</para> - <para>The <application>OPIE</application> one-time-password suite - has been updated to 2.32. &merged; It has completely replaced - the functionality of <application>S/Key</application>.</para> + <para>The <application>OPIE</application> one-time-password + suite has been updated to 2.32. &merged; It has completely + replaced the functionality of + <application>S/Key</application>.</para> <para><application>Perl</application> has been updated to version - 5.6.0.</para> + 5.6.0.</para> - <para>&man.routed.8; has been updated to version 2.22. &merged;</para> + <para>&man.routed.8; has been updated to version + 2.22. &merged;</para> - <para arch="i386">Version 1.4.3 of the <application>smbfs</application> - userland utilities have been imported. &merged;</para> + <para arch="i386">Version 1.4.3 of the + <application>smbfs</application> userland utilities have been + imported. &merged;</para> <para><application>tcpdump</application> has been updated to - 3.6.3. &merged;</para> + 3.6.3. &merged;</para> <para>The &man.csh.1; shell has been replaced by &man.tcsh.1;, - although it can still be run as <command>csh</command>. - <application>tcsh</application> has been updated to version - 6.11. &merged;</para> + although it can still be run as <command>csh</command>. + <application>tcsh</application> has been updated to version + 6.11. &merged;</para> <para>The contributed version of - <application>tcp_wrappers</application> now includes the - &man.tcpd.8; helper daemon. While not strictly necessary in a - standard &os; installation (because &man.inetd.8; already - incorporates this functionality), this may be useful for - &man.inetd.8; replacements such as - <application>xinetd</application>.</para> + <application>tcp_wrappers</application> now includes the + &man.tcpd.8; helper daemon. While not strictly necessary in a + standard &os; installation (because &man.inetd.8; already + incorporates this functionality), this may be useful for + &man.inetd.8; replacements such as + <application>xinetd</application>.</para> <para><application>top</application> has been updated to version - 3.5b12.</para> + 3.5b12.</para> <para>&man.traceroute.8; now takes its default maximum TTL value - from the <varname>net.inet.ip.ttl</varname> sysctl - variable. &merged;</para> + from the <varname>net.inet.ip.ttl</varname> sysctl + variable. &merged;</para> <para>The timezone database has been updated to the - <filename>tzdata2001d</filename> release. &merged;</para> + <filename>tzdata2001d</filename> release. &merged;</para> <sect4> - <title>CVS</title> + <title>CVS</title> - <para><application>cvs</application> has been updated to - 1.11.1p1. &merged;</para> + <para><application>cvs</application> has been updated to + 1.11.1p1. &merged;</para> - <para>The default value for &man.cvs.1;'s - <envar>CVS_RSH</envar> variable is now <literal>ssh</literal>, - rather than <literal>rsh</literal>. &merged;</para> + <para>The default value for &man.cvs.1;'s + <envar>CVS_RSH</envar> variable is now + <literal>ssh</literal>, rather than + <literal>rsh</literal>. &merged;</para> - <para>&man.cvs.1; now supports a <option>-T</option> option to - update a sandbox's <filename>CVS/Template</filename> file from - the repository. &merged;</para> + <para>&man.cvs.1; now supports a <option>-T</option> option to + update a sandbox's <filename>CVS/Template</filename> file + from the repository. &merged;</para> <para>&man.cvs.1; <literal>diff</literal> now supports the - <option>-j</option> option to perform differences against a - revision relative to a branch tag. &merged;</para> + <option>-j</option> option to perform differences against a + revision relative to a branch tag. &merged;</para> </sect4> <sect4> <title>CVSup</title> <para><application>CVSup</application>, a frequently used - utility in the &os; Ports Collection, was formerly installable - using several ports and packages. The - <filename role="package">net/cvsup-bin</filename> and <filename role="package">net/cvsupd-bin</filename> - ports/packages are no longer necessary or available; the - <filename role="package">net/cvsup</filename> port should be used instead. &merged;</para> + utility in the &os; Ports Collection, was formerly + installable using several ports and packages. The + <filename role="package">net/cvsup-bin</filename> and + <filename role="package">net/cvsupd-bin</filename> + ports/packages are no longer necessary or available; the + <filename role="package">net/cvsup</filename> port should be + used instead. &merged;</para> <para><application>CVSup</application> has been updated to - 16.1_3, which is available in the &os; Ports Collection as - <filename role="package">net/cvsup</filename>. This update fixes a long-standing - (but only recently encountered) bug which affects the - timestamps on all files after Sun Sep 9 01:46:40 UTC 2001 - (1,000,000,000 seconds after the UNIX epoch). &merged;</para> + 16.1_3, which is available in the &os; Ports Collection as + <filename role="package">net/cvsup</filename>. This update + fixes a long-standing (but only recently encountered) bug + which affects the timestamps on all files after Sun Sep 9 + 01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX + epoch). &merged;</para> </sect4> <sect4 id="kame-userland"> - <title>KAME</title> + <title>KAME</title> - <para>The IPv6 stack is now based on a snapshot based on the KAME - Project's IPv6 snapshot as of 28 May, 2001. Most of the - items listed in this section are a result of this import. - <xref linkend="kame-kernel"> lists kernel updates to the KAME - IPv6 stack. &merged;</para> + <para>The IPv6 stack is now based on a snapshot based on the + KAME Project's IPv6 snapshot as of 28 May, 2001. Most of + the items listed in this section are a result of this + import. + <xref linkend="kame-kernel"> lists kernel updates to the + KAME IPv6 stack. &merged;</para> <para>&man.faithd.8; now supports a configuration file for - access control. &merged;</para> + access control. &merged;</para> <para>&man.ifconfig.8; can now perform the functions of - &man.gifconfig.8;. &merged;</para> + &man.gifconfig.8;. &merged;</para> <para>&man.ifconfig.8; can now perform the functions of - &man.prefix.8;. &man.prefix.8; is now a shell script for - partial backwards compatibility. &merged;</para> + &man.prefix.8;. &man.prefix.8; is now a shell script for + partial backwards compatibility. &merged;</para> <para>&man.ndp.8; now implements garbage collection for stale - NDP entries, as described in RFC 2461 (Neighbor Discovery for - IP Version 6 (IPv6)). &merged;</para> + NDP entries, as described in RFC 2461 (Neighbor Discovery + for IP Version 6 (IPv6)). &merged;</para> - <para>&man.pim6dd.8; and &man.pim6sd.8; have been removed due to - restrictive licensing conditions. These programs are available - in the ports collection as <filename role="package">net/pim6dd</filename> and - <filename role="package">net/pim6sd</filename>. &merged;</para> + <para>&man.pim6dd.8; and &man.pim6sd.8; have been removed due + to restrictive licensing conditions. These programs are + available in the ports collection as + <filename role="package">net/pim6dd</filename> and + <filename role="package">net/pim6sd</filename>. &merged;</para> <para>&man.route6d.8; now supports an <option>-n</option> flag - to avoid updating the kernel forwarding table. &merged;</para> + to avoid updating the kernel forwarding + table. &merged;</para> <para>The <option>-R</option> (router renumbering) option to - &man.rtadvd.8; is currently ignored. &merged;</para> + &man.rtadvd.8; is currently ignored. &merged;</para> </sect4> <sect4> - <title>OpenSSH</title> + <title>OpenSSH</title> <para><application>OpenSSH</application> has been updated to - 2.9, which provides support for the SSH2 protocol (now the - default) and DSA keys. &man.ssh-add.1; and &man.ssh-agent.1; - can now handle DSA keys, with support for authentication - forwarding. <application>OpenSSH</application> users in the - USA no longer need to rely on the restrictively-licensed - RSAREF toolkit which is required to handle RSA keys. Among - other new features: A client and server for sftp has been - added. &man.scp.1; can now handle files larger than 2 GBytes. - A limit on the number of outstanding, unauthenticated - connections in &man.sshd.8; has been added. Support has been - added for the Rijndael encryption algorithm. Rekeying of - existing sessions is now supported, and an experimental - <application>SOCKS4</application> proxy has been added to - &man.ssh.1;.</para> + 2.9, which provides support for the SSH2 protocol (now the + default) and DSA keys. &man.ssh-add.1; and + &man.ssh-agent.1; can now handle DSA keys, with support for + authentication forwarding. + <application>OpenSSH</application> users in the USA no + longer need to rely on the restrictively-licensed RSAREF + toolkit which is required to handle RSA keys. Among other + new features: A client and server for sftp has been added. + &man.scp.1; can now handle files larger than 2 GBytes. A + limit on the number of outstanding, unauthenticated + connections in &man.sshd.8; has been added. Support has + been added for the Rijndael encryption algorithm. Rekeying + of existing sessions is now supported, and an experimental + <application>SOCKS4</application> proxy has been added to + &man.ssh.1;.</para> <para><application>OpenSSH</application> can now authenticate - using OPIE passwords in SSH1 mode. Support is not yet available - in SSH2 mode. &merged;</para> + using OPIE passwords in SSH1 mode. Support is not yet + available in SSH2 mode. &merged;</para> - <para><application>PAM</application> support for - <application>OpenSSH</application> has been added.</para> + <para><application>PAM</application> support for + <application>OpenSSH</application> has been added.</para> - <para>A long-standing bug in <application>OpenSSH</application>, - which sometimes resulted in a dropped session when an - X11-forwarded client was closed, was fixed.</para> + <para>A long-standing bug in + <application>OpenSSH</application>, which sometimes resulted + in a dropped session when an X11-forwarded client was + closed, was fixed.</para> - <para><application>Kerberos</application> compatibility has been - added to <application>OpenSSH</application>. &merged;</para> + <para><application>Kerberos</application> compatibility has + been added to + <application>OpenSSH</application>. &merged;</para> - <para><application>OpenSSH</application> has been modified to be - more resistant to traffic analysis by requiring that - <quote>non-echoed</quote> characters are still echoed back in a - null packet, as well as by padding passwords sent so as not to - hint at password lengths. &merged;</para> + <para><application>OpenSSH</application> has been modified to + be more resistant to traffic analysis by requiring that + <quote>non-echoed</quote> characters are still echoed back + in a null packet, as well as by padding passwords sent so as + not to hint at password lengths. &merged;</para> - <para>&man.sshd.8; is now enabled by default on new - installs. &merged;</para> + <para>&man.sshd.8; is now enabled by default on new + installs. &merged;</para> - <para>&man.sshd.8; <literal>X11Forwarding</literal> is now turned - on by default on the server (any risk is to the client, where it - is already disabled by default). &merged;</para> + <para>&man.sshd.8; <literal>X11Forwarding</literal> is now + turned on by default on the server (any risk is to the + client, where it is already disabled by + default). &merged;</para> <para>In <filename>/etc/ssh/sshd_config</filename>, the - <literal>ConnectionsPerPeriod</literal> parameter has been - deprecated in favor of <literal>MaxStartups</literal>. &merged;</para> + <literal>ConnectionsPerPeriod</literal> parameter has been + deprecated in favor of + <literal>MaxStartups</literal>. &merged;</para> <para><application>OpenSSH</application> now has a - <literal>VersionAddendum</literal> configuration setting for - &man.sshd.8; to allow changing the part of the - <application>OpenSSH</application> version string after the - main version number.</para> + <literal>VersionAddendum</literal> configuration setting for + &man.sshd.8; to allow changing the part of the + <application>OpenSSH</application> version string after the + main version number.</para> </sect4> <sect4> - <title>OpenSSL</title> + <title>OpenSSL</title> <para><application>OpenSSL</application> has been updated to - 0.9.6c.</para> + 0.9.6c.</para> <para><application>OpenSSL</application> now has support for - machine-dependent ASM optimizations, activated by the new - <varname>MACHINE_CPU</varname> and/or <varname>CPUTYPE</varname> - <filename>make.conf</filename> variables. &merged;</para> + machine-dependent ASM optimizations, activated by the new + <varname>MACHINE_CPU</varname> and/or + <varname>CPUTYPE</varname> + <filename>make.conf</filename> variables. &merged;</para> </sect4> <sect4> <title>sendmail</title> - <para><application>sendmail</application> has been updated from - version 8.9.3 to version 8.12.2. Important changes include: - &man.sendmail.8; is no longer installed as a set-user-ID root - binary (now set-group-ID smmsp); new default file locations (see - <filename>/usr/src/contrib/sendmail/cf/README</filename>); - &man.newaliases.1; is limited to <username>root</username> and - trusted users; STARTTLS encryption; and the MSA port (587) is - turned on by default. See - <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> for - more information. &merged;</para> - - <para>&man.mail.local.8; is no longer installed as a set-user-ID - binary. If you are using a <filename>/etc/mail/sendmail.cf</filename> - from the default <filename>sendmail.cf</filename> included with &os; - any time after 3.1.0, you are fine. If you are using a - hand-configured <filename>sendmail.cf</filename> and - <command>mail.local</command> for delivery, check to make sure the - <literal>F=S</literal> flag is set on the - <literal>Mlocal</literal> line. Those with - <filename>.mc</filename> files who need to add the flag can do so - by adding the following line to their <filename>.mc</filename> - file and regenerating the <filename>sendmail.cf</filename> - file:</para> + <para><application>sendmail</application> has been updated + from version 8.9.3 to version 8.12.2. Important changes + include: &man.sendmail.8; is no longer installed as a + set-user-ID root binary (now set-group-ID smmsp); new + default file locations (see + <filename>/usr/src/contrib/sendmail/cf/README</filename>); + &man.newaliases.1; is limited to <username>root</username> + and trusted users; STARTTLS encryption; and the MSA port + (587) is turned on by default. See + <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> + for more information. &merged;</para> + + <para>&man.mail.local.8; is no longer installed as a + set-user-ID binary. If you are using a + <filename>/etc/mail/sendmail.cf</filename> from the default + <filename>sendmail.cf</filename> included with &os; any time + after 3.1.0, you are fine. If you are using a + hand-configured <filename>sendmail.cf</filename> and + <command>mail.local</command> for delivery, check to make sure the + <literal>F=S</literal> flag is set on the + <literal>Mlocal</literal> line. Those with + <filename>.mc</filename> files who need to add the flag can + do so by adding the following line to their + <filename>.mc</filename> file and regenerating the + <filename>sendmail.cf</filename> file:</para> <programlisting>MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting> <para>Note that <literal>FEATURE(`local_lmtp')</literal> already - does this. &merged;</para> + does this. &merged;</para> <para>The default <filename>/etc/mail/sendmail.cf</filename> - disables the SMTP <literal>EXPN</literal> and - <literal>VRFY</literal> commands. &merged;</para> + disables the SMTP <literal>EXPN</literal> and + <literal>VRFY</literal> commands. &merged;</para> - <para>&man.vacation.1; has been updated to use the version included with - <application>sendmail</application>. &merged;</para> + <para>&man.vacation.1; has been updated to use the version + included with <application>sendmail</application>. &merged;</para> <para>The <application>sendmail</application> configuration - building tools are installed in - <filename>/usr/share/sendmail/cf/</filename>. &merged;</para> + building tools are installed in + <filename>/usr/share/sendmail/cf/</filename>. &merged;</para> <para>New <filename>make.conf</filename> options: - <varname>SENDMAIL_MC</varname> and - <varname>SENDMAIL_ADDITIONAL_MC</varname>. See - <filename>/usr/share/examples/etc/make.conf</filename> for more - information. &merged;</para> - - <para><filename>/etc/mail/Makefile</filename> now supports: the - new <varname>SENDMAIL_MC</varname> <filename>make.conf</filename> - option; the ability to build <filename>.cf</filename> files from - <filename>.mc</filename> files; generalized map rebuilding; - rebuilding the aliases file; and the ability to stop, start, and - restart <application>sendmail</application>. &merged;</para> + <varname>SENDMAIL_MC</varname> and + <varname>SENDMAIL_ADDITIONAL_MC</varname>. See + <filename>/usr/share/examples/etc/make.conf</filename> for more + information. &merged;</para> + + <para><filename>/etc/mail/Makefile</filename> now supports: + the new <varname>SENDMAIL_MC</varname> + <filename>make.conf</filename> option; the ability to build + <filename>.cf</filename> files from + <filename>.mc</filename> files; generalized map rebuilding; + rebuilding the aliases file; and the ability to stop, start, + and restart + <application>sendmail</application>. &merged;</para> <para>The <username>smmsp</username> and - <username>mailnull</username> users have been added to - <filename>/etc/master.passwd</filename>. In the absence of a - <literal>confDEF_USER_ID</literal> setting, by default, - <application>sendmail</application> will use the - <username>mailnull</username> user for extra security. - Previously, if the <username>mailnull</username> user did not - exist, the <username>daemon</username> user was used. This - change may generate some permissions issues when mailing to - files or to programs (such as <filename role="package">mail/majordomo</filename>). - &merged; The previous behavior can be restored by adding the - following line to a system's - <filename><replaceable>*</replaceable>.mc</filename> - configuration file: + <username>mailnull</username> users have been added to + <filename>/etc/master.passwd</filename>. In the absence of a + <literal>confDEF_USER_ID</literal> setting, by default, + <application>sendmail</application> will use the + <username>mailnull</username> user for extra security. + Previously, if the <username>mailnull</username> user did + not exist, the <username>daemon</username> user was used. + This change may generate some permissions issues when + mailing to files or to programs (such as <filename + role="package">mail/majordomo</filename>). &merged; The + previous behavior can be restored by adding the following + line to a system's + <filename><replaceable>*</replaceable>.mc</filename> + configuration file: + <programlisting>define(`confDEF_USER_ID', `daemon')</programlisting> </para> </sect4> @@ -2873,84 +2995,88 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> <title>Ports/Packages Collection</title> <para><application>BSDPAN</application>, a collection of modules - that provides tighter integration of - <application>Perl</application> into the &os; Ports - Collection, has been added.</para> + that provides tighter integration of + <application>Perl</application> into the &os; Ports + Collection, has been added.</para> <para>&man.pkg.create.1; and &man.pkg.add.1; can now work with - packages that have been compressed using - &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT - environment variable to determine a mirror site for new - packages. &merged;</para> + packages that have been compressed using + &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT + environment variable to determine a mirror site for new + packages. &merged;</para> <para>&man.pkg.create.1; now records dependencies in dependency - order rather than in the order specified on the command line. - This improves the functioning of <command>pkg_add - -r</command>. &merged;</para> + order rather than in the order specified on the command line. + This improves the functioning of <command>pkg_add + -r</command>. &merged;</para> <para>&man.pkg.create.1; now supports a <option>-b</option> to - create a package file from a locally-installed - package. &merged;</para> + create a package file from a locally-installed + package. &merged;</para> <para>When requested to delete multiple packages, - &man.pkg.delete.1; will now attempt to remove them in dependency - order rather than the order specified on the command - line. &merged;</para> + &man.pkg.delete.1; will now attempt to remove them in + dependency order rather than the order specified on the + command line. &merged;</para> <para>&man.pkg.delete.1; now can perform glob/regexp matching of - package names. In addition, it supports a <option>-a</option> - option for removing all packages and a <option>-i</option> option - for &man.rm.1;-style interactive confirmation. &merged;</para> + package names. In addition, it supports a <option>-a</option> + option for removing all packages and a <option>-i</option> + option for &man.rm.1;-style interactive + confirmation. &merged;</para> <para>&man.pkg.delete.1; now supports a <option>-r</option> - option for recursive package removal. &merged;</para> + option for recursive package removal. &merged;</para> <para>&man.pkg.info.1; now supports globbing against names of - installed packages. The <option>-G</option> option disables this - behavior, and the <option>-x</option> option causes regular - expression matching instead of shell globbing. &merged;</para> - - <para>&man.pkg.info.1; can now accept a <option>-g</option> flag for - verifying an installed package against its recorded checksums (to - see if it's been modified post-installation). Naturally, this - mechanism is only as secure as the contents of - <filename>/var/db/pkg</filename> if it's to be used for auditing - purposes. &merged;</para> + installed packages. The <option>-G</option> option disables + this behavior, and the <option>-x</option> option causes + regular expression matching instead of shell + globbing. &merged;</para> + + <para>&man.pkg.info.1; can now accept a <option>-g</option> flag + for verifying an installed package against its recorded + checksums (to see if it's been modified post-installation). + Naturally, this mechanism is only as secure as the contents of + <filename>/var/db/pkg</filename> if it's to be used for auditing + purposes. &merged;</para> <para>&man.pkg.sign.1; and &man.pkg.check.1; have been added to - digitally sign and verify the signatures on binary package - files. &merged;</para> + digitally sign and verify the signatures on binary package + files. &merged;</para> <para>&man.pkg.update.1;, a utility to update installed packages - and update their dependencies, has been added. &merged;</para> + and update their dependencies, has been added. &merged;</para> <para>&man.pkg.version.1; now has a version number comparison - routine that corresponds to the Porters Handbook. It also has a - <option>-t</option> option for testing address comparisons. - &merged;</para> + routine that corresponds to the Porters Handbook. It also has + a <option>-t</option> option for testing address comparisons. + &merged;</para> <para>&man.pkg.version.1; now takes a <option>-s</option> flag - to limit its operation to ports/packages matching a given - string. &merged;</para> + to limit its operation to ports/packages matching a given + string. &merged;</para> <para>Version numbers of installed packages have a new - (backward-compatible) syntax, which supports the - <varname>PORTREVISION</varname> and <varname>PORTEPOCH</varname> - variables in Ports Collection <filename>Makefile</filename>s. - These changes help keep track of changes in the ports collection - entries such as security patches or &os;-specific updates, which - aren't reflected in the original, third-party software - distributions. &man.pkg.version.1; can now compare these - new-style version numbers. &merged;</para> - - <para>To improve performance and disk utilization, the <quote>ports - skeletons</quote> in the &os; Ports Collection have been restructured. - Installed ports and packages should not be affected. &merged;</para> - - <para>All packages and ports now contain an <quote>origin</quote> - directive, which makes it easier for programs such as - &man.pkg.version.1; to determine the directory from which a - package was built. &merged;</para> + (backward-compatible) syntax, which supports the + <varname>PORTREVISION</varname> and + <varname>PORTEPOCH</varname> variables in Ports Collection + <filename>Makefile</filename>s. These changes help keep track + of changes in the ports collection entries such as security + patches or &os;-specific updates, which aren't reflected in + the original, third-party software distributions. + &man.pkg.version.1; can now compare these new-style version + numbers. &merged;</para> + + <para>To improve performance and disk utilization, the + <quote>ports skeletons</quote> in the &os; Ports Collection + have been restructured. Installed ports and packages should + not be affected. &merged;</para> + + <para>All packages and ports now contain an + <quote>origin</quote> directive, which makes it easier for + programs such as &man.pkg.version.1; to determine the + directory from which a package was built. &merged;</para> </sect3> </sect2> </sect1> @@ -3007,4 +3133,3 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> files.</para> </important> </sect1> - diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index f223cdc..febde8a 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -75,1122 +75,1168 @@ <title>Kernel Changes</title> <para arch="i386">The &man.amdpm.4; driver has been added to - provide access to the system monitoring functions of the AMD 756 - chipset. &merged;</para> + provide access to the system monitoring functions of the AMD 756 + chipset. &merged;</para> - <para>The &man.agp.4; driver for AGP devices has been added. &merged;</para> + <para>The &man.agp.4; driver for AGP devices has been + added. &merged;</para> <para>A new &man.ddb.4; command <command>show pcpu</command> lists - some of the per-CPU data.</para> + some of the per-CPU data.</para> <para>Two new &man.ddb.4; commands, <command>hwatch</command> and - <command>dhwatch</command>, have been introduced. Analogous to - <command>watch</command> and <command>dwatch</command>, they install - hardware watchpoints (as opposed to software watchpoints) if supported - by the architecture. &merged;</para> + <command>dhwatch</command>, have been introduced. Analogous to + <command>watch</command> and <command>dwatch</command>, they + install hardware watchpoints (as opposed to software + watchpoints) if supported by the architecture. &merged;</para> <para>&man.devfs.5;, which allows entries in the - <filename>/dev</filename> directory to be built automatically and - supports more flexible attachment of devices, has been largely - reworked. &man.devfs.5; is now enabled by default and can be - disabled by the <literal>NODEVFS</literal> kernel option.</para> + <filename>/dev</filename> directory to be built automatically + and supports more flexible attachment of devices, has been + largely reworked. &man.devfs.5; is now enabled by default and + can be disabled by the <literal>NODEVFS</literal> kernel + option.</para> <para>The dgm driver has been removed in favor of the digi driver.</para> - <para>A new digi driver has been added to support PCI Xr-based and ISA - Xem Digiboard cards. A new &man.digictl.8; program is (mainly) used to - re-initialize cards that have external port modules attached such as - the PC/Xem.</para> + <para>A new digi driver has been added to support PCI Xr-based and + ISA Xem Digiboard cards. A new &man.digictl.8; program is + (mainly) used to re-initialize cards that have external port + modules attached such as the PC/Xem.</para> <para>An &man.eaccess.2; system call has been added, similar to - &man.access.2; except that the former uses effective credentials - rather than real credentials.</para> + &man.access.2; except that the former uses effective credentials + rather than real credentials.</para> <para arch="sparc64">Support has been added for EBus-based - devices.</para> + devices.</para> <para arch="i386">The &man.ichsmb.4; driver for the Intel 82801AA - (ICH) SMBus controller and compatibles has been - added. &merged;</para> + (ICH) SMBus controller and compatibles has been + added. &merged;</para> <para>Each &man.jail.2; environment can now run under its own - securelevel.</para> + securelevel.</para> <para>The tunable sysctl variables for &man.jail.2; have moved - from <varname>jail.*</varname> to the - <varname>security.*</varname> hierarchy. Other security-related - sysctl variables have moved from <varname>kern.security.*</varname> to - <varname>security.*</varname>.</para> + from <varname>jail.*</varname> to the + <varname>security.*</varname> hierarchy. Other security-related + sysctl variables have moved from <varname>kern.security.*</varname> to + <varname>security.*</varname>.</para> <para>The <varname>kern.maxvnodes</varname> limit now properly - limits the number of vnodes in use. Previously only vnodes with - no cached pages could be freed; this could allow the number of - vnodes to grow without limit on large-memory machines accessing - many small files. A <literal>vnlru</literal> kernel thread helps - to flush and reuse vnodes. &merged;</para> + limits the number of vnodes in use. Previously only vnodes with + no cached pages could be freed; this could allow the number of + vnodes to grow without limit on large-memory machines accessing + many small files. A <literal>vnlru</literal> kernel thread + helps to flush and reuse vnodes. &merged;</para> <para>The kernel message buffer is now accessible by the - (machine-independent) <varname>kern.msgbuf</varname> sysctl - variable; &man.dmesg.8; no longer needs to be SGID - <groupname>kmem</groupname>. &merged;</para> + (machine-independent) <varname>kern.msgbuf</varname> sysctl + variable; &man.dmesg.8; no longer needs to be SGID + <groupname>kmem</groupname>. &merged;</para> <para>The &man.kqueue.2; event notification facility was added to - the &os; kernel. This is a new interface which is able to - replace &man.poll.2;/&man.select.2;, offering improved performance, - as well as the ability to report many different types of events. - Support for monitoring changes in sockets, pipes, fifos, and files - are present, as well as for signals and processes. &merged;</para> + the &os; kernel. This is a new interface which is able to + replace &man.poll.2;/&man.select.2;, offering improved + performance, as well as the ability to report many different + types of events. Support for monitoring changes in sockets, + pipes, fifos, and files are present, as well as for signals and + processes. &merged;</para> <para arch="i386">A new <varname>KVA_SPACE</varname> kernel option - can be used to reconfigure the size of the kernel virtual address - space. &merged;</para> + can be used to reconfigure the size of the kernel virtual + address space. &merged;</para> <para>The &man.labpc.4; driver has been removed due to - <quote>bitrot</quote>.</para> + <quote>bitrot</quote>.</para> <para>The loader and kernel linker now look for files named - <filename>linker.hints</filename> in each directory with KLDs for a - module name and version to KLD filename mapping. The new - &man.kldxref.8; utility is used to generate these files.</para> + <filename>linker.hints</filename> in each directory with KLDs + for a module name and version to KLD filename mapping. The new + &man.kldxref.8; utility is used to generate these files.</para> <para>Linux emulation now supports the kernel functionality - required by the - <filename role="package">emulators/linux_base-7</filename> (RedHat 7.X emulation) - port. &merged;</para> + required by the + <filename role="package">emulators/linux_base-7</filename> + (RedHat 7.X emulation) port. &merged;</para> <para>Linux emulation now requires <literal>options - SYSVSEM</literal> in the kernel configuration. &merged;</para> + SYSVSEM</literal> in the kernel configuration. &merged;</para> <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control - security facility, has been added as a kernel module. It provides - a drop-in security mechanism in addition to the traditional - UID-based security facilities, requiring no additional - configuration from the administrator. Work on this feature was - sponsored by DARPA and NAI Labs.</para> + security facility, has been added as a kernel module. It + provides a drop-in security mechanism in addition to the + traditional UID-based security facilities, requiring no + additional configuration from the administrator. Work on this + feature was sponsored by DARPA and NAI Labs.</para> <para>The <varname>maxusers</varname> kernel configuration - parameter is now a boot-time tunable variable. The kernel - parameters derived from <varname>maxusers</varname> are now also - tunables and can be overridden at boot-time. The - <varname>hz</varname> parameter is also now a tunable. &merged;</para> + parameter is now a boot-time tunable variable. The kernel + parameters derived from <varname>maxusers</varname> are now also + tunables and can be overridden at boot-time. The + <varname>hz</varname> parameter is also now a + tunable. &merged;</para> <para>Specifying a value of <literal>0</literal> for the - <varname>maxusers</varname> kernel configuration parameter will - now cause an appropriate value to be calculated at boot-time - (between 32 and 384, depending on the amount of memory present). - This value is now the default for all - <filename>GENERIC</filename> kernels. &merged;</para> + <varname>maxusers</varname> kernel configuration parameter will + now cause an appropriate value to be calculated at boot-time + (between 32 and 384, depending on the amount of memory present). + This value is now the default for all + <filename>GENERIC</filename> kernels. &merged;</para> <para arch="alpha">A <varname>MAXMEM</varname> kernel option, - along with the <varname>hw.physmem</varname> loader tunable, can be - used to artificially reduce the memory size of a machine for - testing (or other purposes). &merged;</para> + along with the <varname>hw.physmem</varname> loader tunable, can + be used to artificially reduce the memory size of a machine for + testing (or other purposes). &merged;</para> <para>The kernel configuration parameters - <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>, - <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>, - <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are - all loader tunables (<varname>kern.maxtsiz</varname>, - <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para> + <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>, + <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>, + <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are + all loader tunables (<varname>kern.maxtsiz</varname>, + <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para> <para arch="i386">The <literal>NCPU</literal>, <literal>NAPIC</literal>, - <literal>NBUS</literal>, and <literal>NINTR</literal> kernel - configuration options, for configuring SMP kernels, have been - removed. <literal>NCPU</literal> is now set to a maximum of 16, - and the other, aforementioned options are now - dynamic. &merged;</para> + <literal>NBUS</literal>, and <literal>NINTR</literal> kernel + configuration options, for configuring SMP kernels, have been + removed. <literal>NCPU</literal> is now set to a maximum of 16, + and the other, aforementioned options are now + dynamic. &merged;</para> <para>A &man.nmdm.4; null-modem terminal driver has been added. - &merged;</para> + &merged;</para> <para>The <literal>O_DIRECT</literal> flag has been added to - &man.open.2; and &man.fcntl.2;. Specifying this flag for open - files will attempt to minimize the cache effects of reading and - writing. &merged;</para> + &man.open.2; and &man.fcntl.2;. Specifying this flag for open + files will attempt to minimize the cache effects of reading and + writing. &merged;</para> <para>An &man.orm.4; device has been added to claim the option - ROMs in the ISA memory I/O space, to prevent other drivers from - mistakenly assigning addresses that conflict with these ROMs. &merged;</para> + ROMs in the ISA memory I/O space, to prevent other drivers from + mistakenly assigning addresses that conflict with these + ROMs. &merged;</para> - <para arch="i386">PECOFF (Win32 Execution file format) support has been - added.</para> + <para arch="i386">PECOFF (Win32 Execution file format) support has + been added.</para> <para arch="i386">The pmc driver, which supports the power - management controller of the NEC PC-98NOTE, has been - added. &merged;</para> + management controller of the NEC PC-98NOTE, has been + added. &merged;</para> <para>POSIX.1b Shared Memory Objects are now supported. The - implementation uses regular files, but automatically enables the - MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para> + implementation uses regular files, but automatically enables the + MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para> <para>Replaced the <literal>PQ_*CACHE</literal> options with a - single <literal>PQ_CACHESIZE</literal> option to be set to - the cache size in kilobytes. The old options are still supported - for backwards compatibility. &merged;</para> + single <literal>PQ_CACHESIZE</literal> option to be set to the + cache size in kilobytes. The old options are still supported + for backwards compatibility. &merged;</para> <para arch="i386">The &man.puc.4; (PCI <quote>Universal</quote> - Communications) driver has been added, to help connect PCI-based - serial ports to the &man.sio.4; driver.</para> + Communications) driver has been added, to help connect PCI-based + serial ports to the &man.sio.4; driver.</para> <para>The &man.random.4; device has been rewritten to use the - <application>Yarrow</application> algorithm. It harvests entropy - from a variety of interrupt sources, including the console - devices, Ethernet and point-to-point network interfaces, and - mass-storage devices. Entropy from the &man.random.4; device is - now periodically saved to files in - <filename>/var/db/entropy</filename>, as well as at - shutdown time. The semantics of <filename>/dev/random</filename> - have changed; it never blocks waiting for entropy bits but - generates a stream of pseudo-random data and now behaves exactly - as <filename>/dev/urandom</filename>.</para> + <application>Yarrow</application> algorithm. It harvests + entropy from a variety of interrupt sources, including the + console devices, Ethernet and point-to-point network interfaces, + and mass-storage devices. Entropy from the &man.random.4; + device is now periodically saved to files in + <filename>/var/db/entropy</filename>, as well as at shutdown + time. The semantics of <filename>/dev/random</filename> have + changed; it never blocks waiting for entropy bits but generates + a stream of pseudo-random data and now behaves exactly as + <filename>/dev/urandom</filename>.</para> <para>A new kernel option, <literal>options REGRESSION</literal>, - enables interfaces and functionality intended for use during - correctness and regression testing.</para> + enables interfaces and functionality intended for use during + correctness and regression testing.</para> <para arch="sparc64">Support has been added for SBus-based - devices.</para> + devices.</para> - <para arch="i386">The &man.spic.4; driver, which provides access to the jog - dial device on some Sony laptops, has been added.</para> + <para arch="i386">The &man.spic.4; driver, which provides access + to the jog dial device on some Sony laptops, has been + added.</para> <para>The &man.syscons.4; driver now supports keyboard-controlled - pasting, by default bound to - <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para> + pasting, by default bound to + <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para> <para>Support for USB devices was added to the - <filename>GENERIC</filename> kernel and to the installation - programs to support USB devices out of the box. Note that SRM - does not support USB devices at the moment, so you must still use - an AT keyboard if you are not using a serial console. &merged;</para> + <filename>GENERIC</filename> kernel and to the installation + programs to support USB devices out of the box. Note that SRM + does not support USB devices at the moment, so you must still + use an AT keyboard if you are not using a serial + console. &merged;</para> <para arch="i386">The umodem driver for USB modems has been added. - Support is provided for the 3Com 5605 and Metricom Ricochet GS - wireless USB modems. &merged;</para> + Support is provided for the 3Com 5605 and Metricom Ricochet GS + wireless USB modems. &merged;</para> - <para arch="i386">The &man.uscanner.4; driver for basic USB scanner support - using SANE has been added. See <ulink - url="http://www.mostang.com/sane/">the SANE home page</ulink> for - supported scanners. The HP ScanJet 4100C, 5200C and 6300C are - known to be working. &merged;</para> + <para arch="i386">The &man.uscanner.4; driver for basic USB + scanner support using SANE has been added. See <ulink + url="http://www.mostang.com/sane/">the SANE home page</ulink> + for supported scanners. The HP ScanJet 4100C, 5200C and 6300C + are known to be working. &merged;</para> <para>The <literal>USER_LDT</literal> kernel option is now - activated by default.</para> + activated by default.</para> <para>A VESA S3 linear framebuffer driver has been added.</para> <!-- Above this line, sort kernel changes by manpage/keyword--> <para>Write combining for crashdumps has been implemented. This - feature is useful when write caching is disabled on both SCSI and - IDE disks, where large memory dumps could take up to an hour to - complete. &merged;</para> + feature is useful when write caching is disabled on both SCSI + and IDE disks, where large memory dumps could take up to an hour + to complete. &merged;</para> <para>Extremely large swap areas (>67 GB) no longer panic the - system.</para> + system.</para> - <para arch="alpha">Support for threads under Linux emulation has been - added.</para> + <para arch="alpha">Support for threads under Linux emulation has + been added.</para> <para>The <maketarget>buildkernel</maketarget> target now gets the - name of the configuration(s) to build from the - <varname>KERNCONF</varname> variable, not - <varname>KERNEL</varname>. It is no longer required, in some - cases, for a <maketarget>buildworld</maketarget> to precede a - <maketarget>buildkernel</maketarget>. (The - <maketarget>buildworld</maketarget> is still required when - upgrading across major releases, across - <application>binutil</application> updates and when &man.config.8; - changes version.) &merged; - </para> + name of the configuration(s) to build from the + <varname>KERNCONF</varname> variable, not + <varname>KERNEL</varname>. It is no longer required, in some + cases, for a <maketarget>buildworld</maketarget> to precede a + <maketarget>buildkernel</maketarget>. (The + <maketarget>buildworld</maketarget> is still required when + upgrading across major releases, across + <application>binutil</application> updates and when + &man.config.8; changes version.) &merged;</para> <para>The out-of-swap process termination code now begins killing - processes earlier to avoid deadlocks; it now also takes into - account the swap space used by processes when computing the - process sizes. &merged;</para> + processes earlier to avoid deadlocks; it now also takes into + account the swap space used by processes when computing the + process sizes. &merged;</para> <para>Linker sets are now self-contained; &man.gensetdefs.8; is - unnecessary and has been removed.</para> + unnecessary and has been removed.</para> <para>Numerous SMP-friendly changes have been made to the kernel's - mbuf allocator.</para> + mbuf allocator.</para> - <para>Network device cloning has been implemented, and the &man.gif.4; - device has been modified to take advantage of it. - Thus, instead of specifying how many &man.gif.4; interfaces - are available in kernel configuration files, &man.ifconfig.8;'s - <option>create</option> option should be used when another device - instance is desired. &merged;</para> + <para>Network device cloning has been implemented, and the + &man.gif.4; device has been modified to take advantage of it. + Thus, instead of specifying how many &man.gif.4; interfaces are + available in kernel configuration files, &man.ifconfig.8;'s + <option>create</option> option should be used when another device + instance is desired. &merged;</para> - <para>It is now possible to hardwire kernel environment variables (such - as tuneables) at compile-time using &man.config.8;'s - <literal>ENV</literal> directive.</para> + <para>It is now possible to hardwire kernel environment variables + (such as tuneables) at compile-time using &man.config.8;'s + <literal>ENV</literal> directive.</para> <para>Idle zeroing of pages can be enabled with the - <varname>vm.zeroidle_enable</varname> sysctl variable.</para> + <varname>vm.zeroidle_enable</varname> sysctl variable.</para> - <para arch="i386">The load addresses of kernels are now exported to the - symbol table and various hard-coded constants have been removed so that - utilities such as &man.ps.1; can work with kernels compiled at - different addresses. &merged;</para> + <para arch="i386">The load addresses of kernels are now exported + to the symbol table and various hard-coded constants have been + removed so that utilities such as &man.ps.1; can work with + kernels compiled at different addresses. &merged;</para> <para>Coredumps of large processes (or of a large number of - processes) no longer lock up the machine for long periods of - time. &merged;</para> + processes) no longer lock up the machine for long periods of + time. &merged;</para> <para>The kernel is now aware of the concept that there are - smaller units of scheduling than a process (but only one thread - per process is allowed at this time).</para> + smaller units of scheduling than a process (but only one thread + per process is allowed at this time).</para> <para>The kernel now has support for multiple low-level console - devices. The new &man.conscontrol.8; utility helps to manage the - different consoles.</para> + devices. The new &man.conscontrol.8; utility helps to manage + the different consoles.</para> - <para arch="alpha">The console driver has gained support for TGA-based - display adapters.</para> + <para arch="alpha">The console driver has gained support for + TGA-based display adapters.</para> <para>The kernel on the installation CDs is now separated from the - <filename>mfsroot</filename> image. This permits the use of a - full kernel when installing from CD on machines that support CD - booting (instead of the stripped-down kernel used on - floppies). &merged;</para> + <filename>mfsroot</filename> image. This permits the use of a + full kernel when installing from CD on machines that support CD + booting (instead of the stripped-down kernel used on + floppies). &merged;</para> <para>The system load average computation now adds some jitter to - the timing of samples, in order to avoid synchronization with - processes that run periodically. &merged;</para> + the timing of samples, in order to avoid synchronization with + processes that run periodically. &merged;</para> <para>If a debugging kernel with modules is being built - (i.e. using <literal>makeoptions DEBUG=-g</literal>), the modules - will now be built with debugging support as well, for - completeness. A side effect of this change is that modules built - and installed with debugging kernels will now occupy more space on - disk than they did previously. &merged;</para> + (i.e. using <literal>makeoptions DEBUG=-g</literal>), the + modules will now be built with debugging support as well, for + completeness. A side effect of this change is that modules + built and installed with debugging kernels will now occupy more + space on disk than they did previously. &merged;</para> <para>The kernel dump device can now be set via the - <varname>dumpdev</varname> loader tunable. As a result, it is now - possible to obtain crash dumps from panics during the late stages - of kernel initialization (before the system enters into - single-user mode). &merged;</para> + <varname>dumpdev</varname> loader tunable. As a result, it is + now possible to obtain crash dumps from panics during the late + stages of kernel initialization (before the system enters into + single-user mode). &merged;</para> <sect3> <title>Processor/Motherboard Support</title> <para>SMP support has been largely reworked, incorporating code - from BSD/OS 5.0. One of the main features of SMPng (<quote>SMP - Next Generation</quote>) is to allow more processes to run in - kernel, without the need for spin locks that can dramatically - reduce the efficiency of multiple processors. Interrupt - handlers now have contexts associated with them that allow them - to be blocked, which reduces the need to lock out - interrupts.</para> + from BSD/OS 5.0. One of the main features of SMPng + (<quote>SMP Next Generation</quote>) is to allow more + processes to run in kernel, without the need for spin locks + that can dramatically reduce the efficiency of multiple + processors. Interrupt handlers now have contexts associated + with them that allow them to be blocked, which reduces the + need to lock out interrupts.</para> <para arch="i386">Support for the 80386 processor has been - removed from the <filename>GENERIC</filename> kernel, as this - code seriously pessimizes performance on other IA32 - processors.</para> + removed from the <filename>GENERIC</filename> kernel, as this + code seriously pessimizes performance on other IA32 + processors.</para> <para arch="i386">The <literal>I386_CPU</literal> kernel option - to support the 80386 processor is now mutually exclusive with - support for other IA32 processors; this should slightly improve - performance on the 80386 due to the elimination of runtime - processor type checks.</para> + to support the 80386 processor is now mutually exclusive with + support for other IA32 processors; this should slightly + improve performance on the 80386 due to the elimination of + runtime processor type checks.</para> <para arch="i386">Custom kernels that will run on the 80386 can - still be built by changing the cpu options in the kernel - configuration file to only include - <literal>I386_CPU</literal>.</para> + still be built by changing the cpu options in the kernel + configuration file to only include + <literal>I386_CPU</literal>.</para> <para arch="alpha">AlphaServer 1200 (<quote>Tincup</quote>) has - been tested and works OK. Currently it does not want to boot - from CD or floppy but a transplanted disk that was installed on - another Alpha works well. &merged;</para> + been tested and works OK. Currently it does not want to boot + from CD or floppy but a transplanted disk that was installed + on another Alpha works well. &merged;</para> - <para arch="alpha">The API UP1100 mainboard has been verified to work.</para> + <para arch="alpha">The API UP1100 mainboard has been verified to + work.</para> - <para arch="alpha">The API CS20 1U high server has been verified to work.</para> + <para arch="alpha">The API CS20 1U high server has been verified + to work.</para> - <para arch="alpha">The DEC3000 series support has been removed from the mfsroot - floppy image so that it fits on a 1.44 Mbyte floppy again. As the - DEC3000 is currently only usable diskless this should not cause - any problems.</para> + <para arch="alpha">The DEC3000 series support has been removed + from the mfsroot floppy image so that it fits on a 1.44 Mbyte + floppy again. As the DEC3000 is currently only usable diskless + this should not cause any problems.</para> - <para arch="alpha">Support for AlphaServer 2100A (<quote>Lynx</quote>) has been - added.</para> + <para arch="alpha">Support for AlphaServer 2100A + (<quote>Lynx</quote>) has been added.</para> - <para arch="alpha">Kernel code has been added that allows older generation Alpha CPUs - (EV4 and EV5) to emulate instructions of the newer Alpha CPU - generations. This enables the use of binary-only programs like <application>Adobe - Acrobat 4</application> on EV4 and EV5.</para> + <para arch="alpha">Kernel code has been added that allows older + generation Alpha CPUs (EV4 and EV5) to emulate instructions of + the newer Alpha CPU generations. This enables the use of + binary-only programs like <application>Adobe Acrobat + 4</application> on EV4 and EV5.</para> <para arch="alpha">SMP support for the Alpha is now operational.</para> <para arch="i386">Detection for new processors, such as the - FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and Transmeta - Crusoe LongRun, has been added. &merged;</para> + FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and + Transmeta Crusoe LongRun, has been added. &merged;</para> - <para arch="alpha">Support for the following hardware has been removed - from the installation kernel to make it fit on a 1.44MB floppy again: - Multia, NoName, PC64, EB64, Aspen Alpine, sa (SCSI tape), amr, parallel - port support, vx (3c590, 3c595), pcn (AMD Am79C97x PCI 10/100), - sf (Adaptec AIC-6915), sis (SiS 900/SiS 7016), ste (Sundance ST201 - (D-Link DFE-550TX)), wb (Winbond W89C840F).</para> + <para arch="alpha">Support for the following hardware has been + removed from the installation kernel to make it fit on a + 1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine, + sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595), + pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS + 900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb + (Winbond W89C840F).</para> <para arch="i386">Support for Streaming <acronym>SIMD</acronym> - Extensions (<acronym>SSE</acronym>) has been introduced. The - <literal>CPU_ENABLE_SSE</literal> kernel option controls whether - support is compiled into the kernel. &merged;</para> + Extensions (<acronym>SSE</acronym>) has been introduced. The + <literal>CPU_ENABLE_SSE</literal> kernel option controls + whether support is compiled into the kernel. &merged;</para> </sect3> <sect3> <title>Bootloader Changes</title> - <para arch="i386">A new <filename>cdboot</filename> bootstrap utility for CDROMs provides - better compatability with some BIOS implementations that do not - completely implement the El Torito bootable CDROM standard. This - boot loader supports <quote>no emulation</quote> mode booting, - thus eliminating the need for an emulated floppy disk image on - a bootable CDROM. &merged;</para> + <para arch="i386">A new <filename>cdboot</filename> bootstrap + utility for CDROMs provides better compatability with some + BIOS implementations that do not completely implement the El + Torito bootable CDROM standard. This boot loader supports + <quote>no emulation</quote> mode booting, thus eliminating the + need for an emulated floppy disk image on a bootable + CDROM. &merged;</para> - <para arch="i386">The i386 boot loader now has support for a - <literal>nullconsole</literal> - console type, for use on systems with neither a video console nor - a serial port. &merged;</para> + <para arch="i386">The i386 boot loader now has support for a + <literal>nullconsole</literal> console type, for use on + systems with neither a video console nor a serial + port. &merged;</para> <para arch="i386">The &man.loader.8; now has optional support - (enabled at compile-time, off by default) for loading - <application>bzip2</application>-compressed kernels and - modules. &merged;</para> + (enabled at compile-time, off by default) for loading + <application>bzip2</application>-compressed kernels and + modules. &merged;</para> - <para arch="i386">Support for Intel's Wired for Management 2.0 (PXE) - was added to the &os; boot loader. Due to API differences, the - older PXE versions are not supported. This allow network booting - using DHCP. &merged;</para> + <para arch="i386">Support for Intel's Wired for Management 2.0 + (PXE) was added to the &os; boot loader. Due to API + differences, the older PXE versions are not supported. This + allow network booting using DHCP. &merged;</para> <!-- Above this line, order bootloader changes by keyword--> <para arch="i386">The &os; boot loader now contains a workaround - to support CDROM booting on certain IBM BIOSs that expect the - first sector of the emulated floppy to contain a valid MS-DOS BPB - that they can modify. &merged;</para> + to support CDROM booting on certain IBM BIOSs that expect the + first sector of the emulated floppy to contain a valid MS-DOS + BPB that they can modify. &merged;</para> <para arch="i386">The &os; boot loader now supports a - <option>-p</option> flag to force the kernel to pause after each - line of output during the probing phase. &merged;</para> + <option>-p</option> flag to force the kernel to pause after + each line of output during the probing phase. &merged;</para> <para arch="alpha,i386">The &os; boot loader is now capable of - booting from filesystems with block sizes larger than 8K. &merged;</para> + booting from filesystems with block sizes larger than + 8K. &merged;</para> <para>The kernel and modules have been moved to the directory - <filename>/boot/kernel</filename>, so they can be easily - manipulated together. The boot loader has been updated to make - this change as seamless as possible.</para> + <filename>/boot/kernel</filename>, so they can be easily + manipulated together. The boot loader has been updated to + make this change as seamless as possible.</para> </sect3> <sect3> <title>Network Interface Support</title> <para>The &man.an.4; driver for Cisco Aironet cards now supports - Wired Equivalent Privacy (WEP) encryption, settable via - &man.ancontrol.8;. &merged;</para> + Wired Equivalent Privacy (WEP) encryption, settable via + &man.ancontrol.8;. &merged;</para> <para>The &man.an.4; driver now supports the Cisco Aironet 350 - series of adaptors. &merged;</para> + series of adaptors. &merged;</para> <para>The &man.an.4; driver now supports <quote>monitor</quote> - mode, settable via the <option>-M</option> option to - &man.ancontrol.8;. &merged;</para> + mode, settable via the <option>-M</option> option to + &man.ancontrol.8;. &merged;</para> <para>The &man.an.4; driver now supports Cisco LEAP, as well as - the <quote>Home</quote> WEP key. The Linux Aironet - utilities are now supported under emulation. &merged;</para> + the <quote>Home</quote> WEP key. The Linux Aironet utilities + are now supported under emulation. &merged;</para> <para arch="i386">Generic support for ARCNET token-based - networks has been added. &merged;</para> + networks has been added. &merged;</para> <para arch="i386">The &man.bge.4; driver has been added to - support the Broadcom BCM570x family of Gigabit Ethernet - controllers, including the 3Com 3c996-T, the SysKonnect SK-9D21 - and SK-9D41, and the built-in Gigabit Ethernet NICs on Dell - PowerEdge 2550 servers. Output TCP/IP checksum offload, jumbo frames - and VLAN tag insertion/stripping are supported, as well as - interrupt moderation. &merged;</para> + support the Broadcom BCM570x family of Gigabit Ethernet + controllers, including the 3Com 3c996-T, the SysKonnect + SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on + Dell PowerEdge 2550 servers. Output TCP/IP checksum offload, + jumbo frames and VLAN tag insertion/stripping are supported, + as well as interrupt moderation. &merged;</para> <para arch="i386">The cm driver has been added to support SMC - COM90cx6 ARCNET network adapters. &merged;</para> + COM90cx6 ARCNET network adapters. &merged;</para> <para>The &man.dc.4; driver now supports NICs based on the Xircom - 3201 and Conexant LANfinity RS7112 chips.</para> + 3201 and Conexant LANfinity RS7112 chips.</para> - <para>The &man.dc.4; driver now has support for VLANs. &merged;</para> + <para>The &man.dc.4; driver now has support for + VLANs. &merged;</para> <para>The &man.de.4; driver now performs round-robin arbitration - between the transmit and receive units of the 21143, instead of - giving priority to the receive unit. This gives a 10–15% - performance improvement in the forwarding rate under heavy - load. &merged;</para> + between the transmit and receive units of the 21143, instead + of giving priority to the receive unit. This gives a + 10–15% performance improvement in the forwarding rate + under heavy load. &merged;</para> <para arch="alpha">The &man.ed.4; driver is now supported.</para> - <para arch="i386">Linksys Fast Ethernet PCCARD cards supported by the - &man.ed.4; driver now require the addition of flag - <literal>0x80000</literal> to their config line in - &man.pccard.conf.5;. This flag is not optional. These Linksys - cards will not be recognized without it. &merged;</para> + <para arch="i386">Linksys Fast Ethernet PCCARD cards supported + by the &man.ed.4; driver now require the addition of flag + <literal>0x80000</literal> to their config line in + &man.pccard.conf.5;. This flag is not optional. These + Linksys cards will not be recognized without + it. &merged;</para> - <para>A bug in the &man.ed.4; driver that could cause panics with - very short packets and BPF or bridging active has been - fixed. &merged;</para> + <para>A bug in the &man.ed.4; driver that could cause panics + with very short packets and BPF or bridging active has been + fixed. &merged;</para> - <para>The &man.ed.4; driver now has support for D-Link - DL10022 chips, necessary for the NetGear FA-410TX and other - cards. As a result, <literal>device miibus</literal> is - required in kernel configurations using the &man.ed.4; - driver. &merged;</para> + <para>The &man.ed.4; driver now has support for D-Link DL10022 + chips, necessary for the NetGear FA-410TX and other cards. As + a result, <literal>device miibus</literal> is required in + kernel configurations using the &man.ed.4; + driver. &merged;</para> <para arch="i386">The &man.el.4; driver can now be loaded as a - module.</para> + module.</para> <para arch="i386">The &man.em.4; driver has been added to - support NICs based on the Intel 82542, 82543, and 82544 Gigabit - Ethernet controller chips. The driver supports transmit/receive - checksum offload and jumbo frames on 82543 and 82544-based - adapters. &merged;</para> + support NICs based on the Intel 82542, 82543, and 82544 + Gigabit Ethernet controller chips. The driver supports + transmit/receive checksum offload and jumbo frames on 82543 + and 82544-based adapters. &merged;</para> <para>The &man.faith.4; device is now loadable, unloadable, and - clonable. &merged;</para> + clonable. &merged;</para> - <para arch="i386">Support for Fujitsu MB86960A/MB86965A based Ethernet - PC-Cards has been added back in the &man.fe.4; driver. &merged;</para> + <para arch="i386">Support for Fujitsu MB86960A/MB86965A based + Ethernet PC-Cards has been added back in the &man.fe.4; + driver. &merged;</para> <para arch="alpha">The &man.fpa.4; driver now supports Digital's - DEFPA FDDI adaptors on the Alpha. &merged;</para> + DEFPA FDDI adaptors on the Alpha. &merged;</para> <para>The &man.fxp.4; driver now requires a <literal>device - miibus</literal> entry in the kernel configuration file. &merged;</para> + miibus</literal> entry in the kernel configuration + file. &merged;</para> - <para>The &man.fxp.4; driver now contains a workaround for - PCI protocol violations caused by defects in some systems based - on the Intel ICH2/ICH2-M chip. The workaround is to rewrite the - EEPROM on the interface to disable Dynamic Standby Mode; once - the EEPROM is rewritten, the system needs to be rebooted for the - new settings to take effect. &merged;</para> + <para>The &man.fxp.4; driver now contains a workaround for PCI + protocol violations caused by defects in some systems based on + the Intel ICH2/ICH2-M chip. The workaround is to rewrite the + EEPROM on the interface to disable Dynamic Standby Mode; once + the EEPROM is rewritten, the system needs to be rebooted for + the new settings to take effect. &merged;</para> <para>The &man.fxp.4; driver now supports Intel's loadable - microcode to implement receive-side interrupt coalescing and - packet bundling, on NICs that support these features. This - support can be activated by the use of the - <option>link0</option> option to &man.ifconfig.8;. &merged;</para> + microcode to implement receive-side interrupt coalescing and + packet bundling, on NICs that support these features. This + support can be activated by the use of the + <option>link0</option> option to + &man.ifconfig.8;. &merged;</para> <para arch="sparc64">The gem driver has been added to support - the Sun GEM Gigabit Ethernet and ERI Fast Ethernet - adapters.</para> + the Sun GEM Gigabit Ethernet and ERI Fast Ethernet + adapters.</para> <para>The &man.gx.4; driver has been added to support NICs based - on the Intel 82542 and 82543 Gigabit Ethernet controller chips. - Both fiber and copper variants of the cards are supported. Both - boards support VLAN tagging/insertion, and the 82543 additionally - supports TCP/IP checksum offload. &merged;</para> + on the Intel 82542 and 82543 Gigabit Ethernet controller + chips. Both fiber and copper variants of the cards are + supported. Both boards support VLAN tagging/insertion, and + the 82543 additionally supports TCP/IP checksum + offload. &merged;</para> <para arch="sparc64">The hme driver has been added to support - the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra - series machines.</para> + the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra + series machines.</para> <para>The &man.lge.4; driver has been added to support the Level - 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This - device is used on some fiber optic GigE cards from SMC, D-Link - and Addtron. Jumbograms and TCP/IP checksum offload on receive - are supported, although hardware VLAN filtering is not. &merged;</para> + 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This + device is used on some fiber optic GigE cards from SMC, D-Link + and Addtron. Jumbograms and TCP/IP checksum offload on + receive are supported, although hardware VLAN filtering is + not. &merged;</para> <para>Added the &man.nge.4; driver, which supports PCI Gigabit - Ethernet adapters based on the National Semiconductor DP83820 - and DP83821 Gigabit Ethernet controller chips, including the - D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante - FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron - AEG320T. This driver supports transmit and receive checksum - offloading. &merged;</para> + Ethernet adapters based on the National Semiconductor DP83820 + and DP83821 Gigabit Ethernet controller chips, including the + D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante + FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T. + This driver supports transmit and receive checksum + offloading. &merged;</para> <para>The &man.pcn.4; driver, which supports the AMD PCnet/FAST, - PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and HomePNA - adapters, has been added. Although these cards are already - supported by the &man.lnc.4; driver, the &man.pcn.4; driver runs - these chips in 32-bit mode and uses the RX alignment feature to - achieve zero-copy receive. This driver is also - machine-independent, so it will work on both the i386 and Alpha - platforms. The &man.lnc.4; driver is still needed to support non-PCI - cards. &merged;</para> + PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and + HomePNA adapters, has been added. Although these cards are + already supported by the &man.lnc.4; driver, the &man.pcn.4; + driver runs these chips in 32-bit mode and uses the RX + alignment feature to achieve zero-copy receive. This driver + is also machine-independent, so it will work on both the i386 + and Alpha platforms. The &man.lnc.4; driver is still needed + to support non-PCI cards. &merged;</para> <para>The &man.ray.4; driver, which supports the Webgear Aviator - wireless network cards, has been committed. The operation of - &man.ray.4; interfaces can be modified by - &man.raycontrol.8;. &merged;</para> + wireless network cards, has been committed. The operation of + &man.ray.4; interfaces can be modified by + &man.raycontrol.8;. &merged;</para> <para arch="i386">The sbni driver, for supporting the Granch - SBNI12 series of ISA and PCI point-to-point communications - interfaces, has been added. The <filename role="package">sysutils/sbniconfig</filename> - port in the &os; Ports Collection can be used for configuring - these devices. &merged;</para> - - <para>Added support for PCI Ethernet adapters based on the - SiS 900 and SiS 7016 Fast Ethernet controller chips (for - example, as seen on the SiS 635 and 735 motherboard chipsets), as well as the - National Semiconductor DP83815 chipset (including the NetGear - FA311-TX and FA312-TX) in the form of the &man.sis.4; driver. - This device has support for VLANs. &merged;</para> + SBNI12 series of ISA and PCI point-to-point communications + interfaces, has been added. The <filename + role="package">sysutils/sbniconfig</filename> port in the &os; + Ports Collection can be used for configuring these + devices. &merged;</para> + + <para>Added support for PCI Ethernet adapters based on the SiS + 900 and SiS 7016 Fast Ethernet controller chips (for example, + as seen on the SiS 635 and 735 motherboard chipsets), as well + as the National Semiconductor DP83815 chipset (including the + NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4; + driver. This device has support for VLANs. &merged;</para> <para arch="i386">The snc driver for the National Semiconductor - DP8393X (SONIC) Ethernet controller has been added. Currently, - this driver is only used on the PC-98 architecture. &merged;</para> + DP8393X (SONIC) Ethernet controller has been added. + Currently, this driver is only used on the PC-98 + architecture. &merged;</para> <para>The &man.stf.4; device is now clonable.</para> - <para>The &man.tap.4; driver, a virtual Ethernet device driver for - bridged configurations, has been added. This device is - clonable. &merged;</para> + <para>The &man.tap.4; driver, a virtual Ethernet device driver + for bridged configurations, has been added. This device is + clonable. &merged;</para> <para>The &man.ti.4; driver now supports the Alteon AceNIC - 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT Gigabit - cards. &merged;</para> + 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT + Gigabit cards. &merged;</para> <para>The &man.ti.4; driver correctly masks VLAN tags. &merged;</para> <para>The &man.txp.4; driver has been added to support NICs - based on the 3Com 3XP Typhoon/Sidewinder (3CR990) chipset. &merged;</para> + based on the 3Com 3XP Typhoon/Sidewinder (3CR990) + chipset. &merged;</para> <para>&man.vlan.4; devices are now loadable, unloadable, and - clonable. &merged;</para> + clonable. &merged;</para> - <para>The &man.xl.4; driver now supports the 3Com 3C556 and 3C556B - MiniPCI adapters used on some laptops. &merged;</para> + <para>The &man.xl.4; driver now supports the 3Com 3C556 and + 3C556B MiniPCI adapters used on some laptops. &merged;</para> <para>The &man.xl.4; driver now supports reception of VLAN - tagged frames (on the <quote>Cyclone</quote> or newer - chipsets). &merged;</para> + tagged frames (on the <quote>Cyclone</quote> or newer + chipsets). &merged;</para> - <para>The &man.xl.4; driver now supports send- and receive-side TCP/IP - checksum offloading for NICs implementing this feature, such as - the 3C905B, 3C905C, and 3C980C. &merged;</para> + <para>The &man.xl.4; driver now supports send- and receive-side + TCP/IP checksum offloading for NICs implementing this feature, + such as the 3C905B, 3C905C, and 3C980C. &merged;</para> - <para>A bug in the &man.xl.4; driver, related to statistics overflow - interrupt handling, was causing slowdowns at medium to high - packet rates; this has been fixed. &merged;</para> + <para>A bug in the &man.xl.4; driver, related to statistics + overflow interrupt handling, was causing slowdowns at medium + to high packet rates; this has been fixed. &merged;</para> <para>The per-interface <varname>ifnet</varname> structure now - has the ability to indicate a set of capabilities supported by a - network interface, and which ones are enabled. &man.ifconfig.8; - has support for querying these capabilities. &merged;</para> + has the ability to indicate a set of capabilities supported by + a network interface, and which ones are enabled. + &man.ifconfig.8; has support for querying these + capabilities. &merged;</para> <para>Performance with hosts having a large number of IP aliases - has been improved, by replacing the per-interface - <varname>if_inaddr</varname> linear list with a hash table. &merged;</para> + has been improved, by replacing the per-interface + <varname>if_inaddr</varname> linear list with a hash table. &merged;</para> <para>Network devices now automatically appear as special files in - <filename>/dev/net</filename>. Interface hardware ioctls (not - protocol or routing) can be performed on these devices. The - <varname>SIOCGIFCONF</varname> ioctl may be performed on the - special <filename>/dev/network</filename> node.</para> + <filename>/dev/net</filename>. Interface hardware ioctls (not + protocol or routing) can be performed on these devices. The + <varname>SIOCGIFCONF</varname> ioctl may be performed on the + special <filename>/dev/network</filename> node.</para> - <para>Selected network drivers now implement a - semi-polling mode, which makes systems much more resilient to - attacks and overloads. To enable polling, the following options - are required in a kernel configuration file: + <para>Selected network drivers now implement a semi-polling + mode, which makes systems much more resilient to attacks and + overloads. To enable polling, the following options are + required in a kernel configuration file: <programlisting>options DEVICE_POLLING options HZ=1000 # not compulsory but strongly recommended</programlisting> - The <varname>kern.polling.enable</varname> sysctl variable - will then activate polling mode; with the - <varname>kern.polling.user_frac</varname> sysctl indicating the - percentage of CPU time to be reserved for userland. The devices - initially supporting polling are &man.dc.4;, &man.fxp.4;, and - &man.sis.4;. More details can be found in the &man.polling.4; - manual page. &merged;</para> + The <varname>kern.polling.enable</varname> sysctl variable + will then activate polling mode; with the + <varname>kern.polling.user_frac</varname> sysctl indicating + the percentage of CPU time to be reserved for userland. The + devices initially supporting polling are &man.dc.4;, + &man.fxp.4;, and &man.sis.4;. More details can be found in + the &man.polling.4; manual page. &merged;</para> <para arch="i386">The packet-forwarding performance of certain - network drivers (specifically &man.dc.4; and &man.sis.4;) has - been enhanced by the elimination of unnecessary buffer - copies. &merged;</para> + network drivers (specifically &man.dc.4; and &man.sis.4;) has + been enhanced by the elimination of unnecessary buffer + copies. &merged;</para> </sect3> <sect3> <title>Network Protocols</title> - <para>&man.accept.filter.9;, a kernel feature to reduce overheads - when accepting and reading new connections on listening sockets, - has been added. &merged;</para> + <para>&man.accept.filter.9;, a kernel feature to reduce + overheads when accepting and reading new connections on + listening sockets, has been added. &merged;</para> <para>The <literal>proxy</literal> modifier to &man.arp.8;'s - <option>-d</option> option has been renamed to - <literal>pub</literal>, for consistency with the - <option>-s</option> option. The <literal>only</literal> keyword - has been added to the <option>-s</option> and - <option>-S</option> flags, to be used in creating - <quote>proxy-only</quote> published entries. &merged;</para> + <option>-d</option> option has been renamed to + <literal>pub</literal>, for consistency with the + <option>-s</option> option. The <literal>only</literal> keyword + has been added to the <option>-s</option> and + <option>-S</option> flags, to be used in creating + <quote>proxy-only</quote> published entries. &merged;</para> <para>The read timeout feature of &man.bpf.4; now works more - correctly with &man.select.2;/&man.poll.2;, and therefore with - pthreads. &merged;</para> + correctly with &man.select.2;/&man.poll.2;, and therefore with + pthreads. &merged;</para> <para>&man.bridge.4; and &man.dummynet.4; have received some - enhancements and bug fixes, and are now loadable - modules. &merged;</para> + enhancements and bug fixes, and are now loadable + modules. &merged;</para> <para>&man.bridge.4; now has better support for multiple, - fully-independent bridging clusters, and is much more stable in - the presence of dynamic attachments and detatchments. Full - support for VLANs is also supported. &merged;</para> + fully-independent bridging clusters, and is much more stable + in the presence of dynamic attachments and detatchments. Full + support for VLANs is also supported. &merged;</para> - <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP RSTs - generated due to packets sent to open and unopen ports are now - limited by separate counters. Each rate limiting queue now has - its own description.</para> + <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP + RSTs generated due to packets sent to open and unopen ports + are now limited by separate counters. Each rate limiting + queue now has its own description.</para> <para>ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can - now RST TCP connections in the <literal>SYN_SENT</literal> state - if the correct sequence numbers are sent back, as controlled by the - <varname>net.inet.tcp.icmp_may_rst</varname> - sysctl.</para> + now RST TCP connections in the <literal>SYN_SENT</literal> + state if the correct sequence numbers are sent back, as + controlled by the + <varname>net.inet.tcp.icmp_may_rst</varname> sysctl.</para> <para>IP multicast now works on VLAN devices. Several other - bugs in the VLAN code have also been fixed.</para> + bugs in the VLAN code have also been fixed.</para> - <para>&man.ipfw.4; now filters correctly in the presence of ECN bits in TCP - segments. &merged;</para> + <para>&man.ipfw.4; now filters correctly in the presence of ECN + bits in TCP segments. &merged;</para> <para>A new &man.ng.eth.4; netgraph node allows Ethernet type - packets to be filtered to different hooks depending on - ethertype.</para> + packets to be filtered to different hooks depending on + ethertype.</para> <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph - nodes, for operating on &man.gif.4; devices, have been - added.</para> + nodes, for operating on &man.gif.4; devices, have been + added.</para> <para>The &man.ng.ip.input.4; netgraph node, for queueing IP - packets into the main IP input processing code, has been - added.</para> + packets into the main IP input processing code, has been + added.</para> <para>The &man.ng.mppc.4; and &man.ng.bridge.4; node types have - been added to the &man.netgraph.4; subsystem. The &man.ng.ether.4; node - is now dynamically loadable. Miscellaneous bug fixes and - enhancements have also been made. &merged;</para> + been added to the &man.netgraph.4; subsystem. The + &man.ng.ether.4; node is now dynamically loadable. + Miscellaneous bug fixes and enhancements have also been + made. &merged;</para> - <para>A new netgraph node type &man.ng.one2many.4; for multiplexing - and demultiplexing packets over multiple links has been added. - &merged;</para> + <para>A new netgraph node type &man.ng.one2many.4; for + multiplexing and demultiplexing packets over multiple links + has been added. &merged;</para> - <para>A new sysctl <varname>net.inet.ip.check_interface</varname>, - which is on by default, causes IP to verify that an incoming - packet arrives on an interface that has an address matching the - packet's destination address. &merged;</para> + <para>A new sysctl + <varname>net.inet.ip.check_interface</varname>, which is on by + default, causes IP to verify that an incoming packet arrives + on an interface that has an address matching the packet's + destination address. &merged;</para> <para>A new sysctl - <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has - been added to control the suppression of logging when ARP replies - arrive on the wrong interface. &merged;</para> + <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has + been added to control the suppression of logging when ARP + replies arrive on the wrong interface. &merged;</para> <para>A new <literal>options RANDOM_IP_ID</literal> kernel - option causes the ID field of IP packets to be randomized. This - closes a minor information leak which allows a remote observer - to determine the rate at which the machine is generating - packets, since the default behavior is to increment a counter - for each packet sent. &merged;</para> + option causes the ID field of IP packets to be randomized. + This closes a minor information leak which allows a remote + observer to determine the rate at which the machine is + generating packets, since the default behavior is to increment + a counter for each packet sent. &merged;</para> <para arch="alpha">SLIP has been removed from the - <filename>mfsroot</filename> floppy image.</para> + <filename>mfsroot</filename> floppy image.</para> <para>TCP has received some bug fixes for its delayed ACK - behavior. &merged;</para> + behavior. &merged;</para> - <para>TCP now supports the NewReno modification to the TCP Fast Recovery - algorithm. This behavior can be controlled via the - <varname>net.inet.tcp.newreno</varname> sysctl variable. &merged;</para> + <para>TCP now supports the NewReno modification to the TCP Fast + Recovery algorithm. This behavior can be controlled via the + <varname>net.inet.tcp.newreno</varname> sysctl + variable. &merged;</para> - <para>TCP now uses a more aggressive timeout for initial SYN segments; this - allows initial connection attempts to be dropped much - faster. &merged;</para> + <para>TCP now uses a more aggressive timeout for initial SYN + segments; this allows initial connection attempts to be + dropped much faster. &merged;</para> <para>The <literal>TCP_COMPAT_42</literal> kernel option has - been removed. &merged;</para> + been removed. &merged;</para> <para>The <literal>TCP_RESTRICT_RST</literal> kernel option has - been removed. Similar functionality can be achieved with the - <varname>net.inet.tcp.blackhole</varname> sysctl - variable. &merged;</para> + been removed. Similar functionality can be achieved with the + <varname>net.inet.tcp.blackhole</varname> sysctl + variable. &merged;</para> <para>TCP now has RFC 1323 extensions enabled by default in - &man.rc.conf.5;. &merged;</para> + &man.rc.conf.5;. &merged;</para> - <para>RFC 1323 and RFC 1644 TCP extensions are now disabled for a - connection in progress if no response has been received by the - third SYN segment sent. This behavior tries to work around - (very old) terminal servers with buggy VJ header compression - implementations. &merged;</para> + <para>RFC 1323 and RFC 1644 TCP extensions are now disabled for + a connection in progress if no response has been received by + the third SYN segment sent. This behavior tries to work + around (very old) terminal servers with buggy VJ header + compression implementations. &merged;</para> - <para>The TCP implementation no longer requires the - allocation of a TCP template structure for each connection; this - should reduce the buffer usage on large systems handling many - connections. &merged;</para> + <para>The TCP implementation no longer requires the allocation + of a TCP template structure for each connection; this should + reduce the buffer usage on large systems handling many + connections. &merged;</para> <para>TCP's default buffer sizes, controlled by the - <varname>net.inet.tcp.sendspace</varname> and - <varname>net.inet.tcp.recvspace</varname> sysctl variables, have - been increased to 32K and 64K respectively. Previously, the - default for both buffer sizes was 16K. To try to avoid - increasing congestion, the default value for - <varname>net.inet.tcp.local_slowstart_flightsize</varname> has - been changed from infinity to 4. &merged; - <note> + <varname>net.inet.tcp.sendspace</varname> and + <varname>net.inet.tcp.recvspace</varname> sysctl variables, + have been increased to 32K and 64K respectively. Previously, + the default for both buffer sizes was 16K. To try to avoid + increasing congestion, the default value for + <varname>net.inet.tcp.local_slowstart_flightsize</varname> has + been changed from infinity to 4. &merged; + + <note> <para>On busy hosts, the new larger buffer sizes may require - manually increasing the - <varname>NMBCLUSTERS</varname> parameter, either in the - kernel configuration file or via the - <varname>kern.ipc.nmbclusters</varname> loader tunable. - <command>netstat -mb</command> can be used to monitor the - state of mbuf clusters.</para> + manually increasing the + <varname>NMBCLUSTERS</varname> parameter, either in the + kernel configuration file or via the + <varname>kern.ipc.nmbclusters</varname> loader tunable. + <command>netstat -mb</command> can be used to monitor the + state of mbuf clusters.</para> </note> </para> <para>TCP now supports RFC 1948 (Defending Against Sequence - Number Attacks). This functionality is controlled by the - <varname>net.inet.tcp.strict_rfc1948</varname> and - <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl - variables. &merged;</para> + Number Attacks). This functionality is controlled by the + <varname>net.inet.tcp.strict_rfc1948</varname> and + <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl + variables. &merged;</para> <para>The TCP implementation in &os; now implements a cache of - outstanding, received SYN segments. Incoming SYN segments now - cause entries to be placed in the cache until the TCP three-way - handshake is complete, at which point, memory is allocated for - the connection as usual. In addition, all TCP Initial Sequence - Numbers (ISNs) are used as cookies, allowing entries in the - cache to be dropped, but still have their corresponding ACKs - accepted later. The combination of the so-called - <quote>syncache</quote> and <quote>syncookies</quote> features - makes a host much more resistant to - TCP-based Denial of Service attacks. Work on this feature was - sponsored by DARPA and NAI Labs. &merged;</para> + outstanding, received SYN segments. Incoming SYN segments now + cause entries to be placed in the cache until the TCP + three-way handshake is complete, at which point, memory is + allocated for the connection as usual. In addition, all TCP + Initial Sequence Numbers (ISNs) are used as cookies, allowing + entries in the cache to be dropped, but still have their + corresponding ACKs accepted later. The combination of the + so-called + <quote>syncache</quote> and <quote>syncookies</quote> features + makes a host much more resistant to TCP-based Denial of + Service attacks. Work on this feature was sponsored by DARPA + and NAI Labs. &merged;</para> <para>A bug in the TCP implementation, which could cause - connections to stall if a sender saw a zero-sized window, has - been corrected. &merged;</para> + connections to stall if a sender saw a zero-sized window, has + been corrected. &merged;</para> <para>The TCP implementation now properly ignores packets - addressed to IP-layer broadcast addresses. &merged;</para> + addressed to IP-layer broadcast addresses. &merged;</para> </sect3> <sect3> <title>Disks and Storage</title> <para arch="i386">Support for the Adaptec FSA family of PCI-SCSI - RAID controllers has been added, in the form of the &man.aac.4; - driver. This driver - includes proper handling of commands initiated by the adapter, - addition/removal of disk devices, crashdump functionality, and - &man.ioctl.2; commands necessary for the management - CLI, and is fully qualified and sanctioned by Adaptec. &merged;</para> + RAID controllers has been added, in the form of the + &man.aac.4; driver. This driver includes proper handling of + commands initiated by the adapter, addition/removal of disk + devices, crashdump functionality, and &man.ioctl.2; commands + necessary for the management CLI, and is fully qualified and + sanctioned by Adaptec. &merged;</para> <para>The &man.ahc.4; driver has received numerous updates, - bugfixes, and enhancements. Among various improvements are - improved compatibility with chips in <quote>RAID Port</quote> mode - and systems with AAA and/or ARO cards installed, as well as - performance improvements. Some bugs were also fixed, including a - rare hang on Ultra2/U160 controllers. &merged;</para> + bugfixes, and enhancements. Among various improvements are + improved compatibility with chips in <quote>RAID Port</quote> + mode and systems with AAA and/or ARO cards installed, as well + as performance improvements. Some bugs were also fixed, + including a rare hang on Ultra2/U160 + controllers. &merged;</para> <para arch="i386">The &man.asr.4; driver, which provides support - for the Adaptec SCSI RAID controller family, as well as the DPT - SmartRAID V and VI families, has been added. &merged;</para> + for the Adaptec SCSI RAID controller family, as well as the + DPT SmartRAID V and VI families, has been + added. &merged;</para> - <para arch="i386">The &man.asr.4; driver now supports the Adaptec - 2000S and 2005S Zero-Channel RAID controllers. &merged;</para> + <para arch="i386">The &man.asr.4; driver now supports the + Adaptec 2000S and 2005S Zero-Channel RAID + controllers. &merged;</para> <para>The &man.ata.4; driver now has support for ATA100 - controllers. In addition, it now supports the ServerWorks ROSB4 - ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 chipsets, and - the Cyrix 5530. &merged;</para> + controllers. In addition, it now supports the ServerWorks + ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 + chipsets, and the Cyrix 5530. &merged;</para> - <para>To provide more flexible configuration, the various options for the - &man.ata.4; driver are now boot loader tunables, rather than kernel - configure-time options. &merged;</para> + <para>To provide more flexible configuration, the various + options for the &man.ata.4; driver are now boot loader + tunables, rather than kernel configure-time + options. &merged;</para> <para>The &man.ata.4; driver now has support for tagged queuing, - which is enabled by the <varname>hw.ata.tags</varname> loader - tunable. &merged;</para> + which is enabled by the <varname>hw.ata.tags</varname> loader + tunable. &merged;</para> <para>The &man.ata.4; driver now has support for ATA - <quote>pseudo</quote> RAID controllers as the Promise Fasttrak and - HighPoint HPT370 controllers. &merged;</para> + <quote>pseudo</quote> RAID controllers as the Promise Fasttrak + and HighPoint HPT370 controllers. &merged;</para> <para>The &man.ata.4; driver now supports a wider variety of SiS - chipsets, as listed in the Hardware Notes. &merged;</para> + chipsets, as listed in the Hardware Notes. &merged;</para> - <para>The BurnProof(TM) feature, for applicable ATAPI CD-ROM burners, is now - supported. &merged;</para> + <para>The BurnProof(TM) feature, for applicable ATAPI CD-ROM + burners, is now supported. &merged;</para> <para>The &man.ata.4; driver now has support for 48-bit - addressing. Devices larger than 137GB are now - supported. &merged;</para> + addressing. Devices larger than 137GB are now + supported. &merged;</para> <para>The &man.ata.4; driver now contains fixes for some data - corruption problems on systems using the VIA 82C686B Southbridge - chip. &merged;</para> + corruption problems on systems using the VIA 82C686B + Southbridge chip. &merged;</para> <para>The CAM error recovery code has been updated.</para> - <para>The &man.cd.4; driver now has support for write operations. - This allows writing to DVD-RAM, PD and similar drives that probe - as CD devices. Note that change affects only random-access - writeable devices, not sequential-only writeable devices such as - CD-R drives, which are supported by &man.cdrecord.1; (a part of - <filename role="package">sysutils/cdrtools</filename> in the Ports Collection. &merged;</para> + <para>The &man.cd.4; driver now has support for write + operations. This allows writing to DVD-RAM, PD and similar + drives that probe as CD devices. Note that change affects + only random-access writeable devices, not sequential-only + writeable devices such as CD-R drives, which are supported by + &man.cdrecord.1; (a part of + <filename role="package">sysutils/cdrtools</filename> in the + Ports Collection. &merged;</para> - <para arch="i386">The ciss driver, for devices utilizing the Common - Interface for SCSI-3 Support, has been added. This driver - supports the Compaq SmartRAID 5* family of RAID controllers - (5300, 532, 5i). &merged;</para> + <para arch="i386">The ciss driver, for devices utilizing the + Common Interface for SCSI-3 Support, has been added. This + driver supports the Compaq SmartRAID 5* family of RAID + controllers (5300, 532, 5i). &merged;</para> <para>The &man.fdc.4; floppy disk has undergone a number of - enhancements. Density selection for common settings is now - automatic; the driver is also much more flexible in setting the - densities of various subdevices.</para> + enhancements. Density selection for common settings is now + automatic; the driver is also much more flexible in setting + the densities of various subdevices.</para> - <para>The ida disk driver now has crashdump support. &merged;</para> + <para>The ida disk driver now has crashdump + support. &merged;</para> <para arch="i386">The iir driver has been added to support the - Intel Integrated RAID controllers, as well as prior ICP Vortex - controllers.</para> + Intel Integrated RAID controllers, as well as prior ICP Vortex + controllers.</para> <para arch="alpha">A bug that made certain CDROM drives fail to - attach when connected to a SCSI card driven by &man.isp.4; has - been fixed. &merged;</para> + attach when connected to a SCSI card driven by &man.isp.4; has + been fixed. &merged;</para> <para>The &man.isp.4; driver is now proactive about discovering - Fibre Channel topology changes.</para> + Fibre Channel topology changes.</para> <para>The &man.isp.4; driver now supports target mode for Qlogic - SCSI cards, including Ultra2 and Ultra3 and dual bus cards.</para> + SCSI cards, including Ultra2 and Ultra3 and dual bus + cards.</para> <para>The &man.isp.4; driver now supports the Qlogic 2300 and - 2312 Optical Fibre Channel PCI cards. &merged;</para> + 2312 Optical Fibre Channel PCI cards. &merged;</para> <para>&man.md.4;, the memory disk device, has had the - functionality of &man.vn.4; incorporated into it. &man.md.4; - devices can now be configured by &man.mdconfig.8;. &man.vn.4; has - been removed. The Memory Filesystem (MFS) has also been - removed.</para> + functionality of &man.vn.4; incorporated into it. &man.md.4; + devices can now be configured by &man.mdconfig.8;. &man.vn.4; + has been removed. The Memory Filesystem (MFS) has also been + removed.</para> <para arch="i386">The &man.mly.4; driver, for Mylex PCI to SCSI - AccelRAID and eXtremeRAID controllers with firmware 6.X and - later, has been added. &merged;</para> + AccelRAID and eXtremeRAID controllers with firmware 6.X and + later, has been added. &merged;</para> - <para arch="i386">The ncv, nsp, and stg drivers have - been ported from NetBSD/pc98. They support the NCR 53C50 / - Workbit Ninja SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI - controllers. All three drivers can be built and loaded as - modules. &merged;</para> + <para arch="i386">The ncv, nsp, and stg drivers have been ported + from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja + SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers. + All three drivers can be built and loaded as + modules. &merged;</para> <para>Some problems in &man.sa.4; error handling have been - fixed, including the <quote>tape drive spinning indefinitely - upon &man.mt.1; <option>stat</option></quote> problem.</para> + fixed, including the <quote>tape drive spinning indefinitely + upon &man.mt.1; <option>stat</option></quote> problem.</para> - <para arch="i386">The &man.twe.4; 3ware ATA RAID driver has added. &merged;</para> + <para arch="i386">The &man.twe.4; 3ware ATA RAID driver has + added. &merged;</para> - <para>The &man.vinum.4; volume manager has received some bug fixes and - enhancements.</para> + <para>The &man.vinum.4; volume manager has received some bug + fixes and enhancements.</para> <para>The &man.wd.4; compatibility devices were removed from the - &man.ata.4; driver. &merged;</para> + &man.ata.4; driver. &merged;</para> </sect3> <sect3> <title>Filesystems</title> - <para>Support for named extended attributes was added to the &os; - kernel. This allows the kernel, and appropriately privileged - userland processes, to tag files and directories with attribute - data. Extended attributes were added to support the TrustedBSD - Project, in particular ACLs, capability data, and mandatory access - control labels (see - <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for - details).</para> + <para>Support for named extended attributes was added to the + &os; kernel. This allows the kernel, and appropriately + privileged userland processes, to tag files and directories + with attribute data. Extended attributes were added to + support the TrustedBSD Project, in particular ACLs, capability + data, and mandatory access control labels (see + <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for + details).</para> - <para>Due to a licensing change, softupdates have been integrated - into the main portion of the kernel source tree. As a - consequence, softupdates are now available with the - <filename>GENERIC</filename> kernel. &merged;</para> + <para>Due to a licensing change, softupdates have been + integrated into the main portion of the kernel source tree. + As a consequence, softupdates are now available with the + <filename>GENERIC</filename> kernel. &merged;</para> <para>A filesystem snapshot capability has been added to FFS. - Details can be found in - <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> + Details can be found in + <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> <para>Softupdates for FFS have received some bug fixes and - enhancements.</para> + enhancements.</para> <para>When running with softupdates, &man.statfs.2; and - &man.df.1; will track the number of blocks and files that are - committed to being freed.</para> + &man.df.1; will track the number of blocks and files that are + committed to being freed.</para> - <para>A bug in FFS that could cause superblock corruption on very large - filesystems has been corrected. &merged;</para> + <para>A bug in FFS that could cause superblock corruption on + very large filesystems has been corrected. &merged;</para> - <para>The Inode Filesystem (IFS) has been added; more information - can be found in - <filename>/usr/src/sys/ufs/ifs/README</filename>.</para> + <para>The Inode Filesystem (IFS) has been added; more + information can be found in + <filename>/usr/src/sys/ufs/ifs/README</filename>.</para> - <para>The ISO-9660 filesystem now has a hook that supports a loadable - character conversion routine. The - <filename role="package">sysutils/cd9660_unicode</filename> port - contains a set of common conversions.</para> + <para>The ISO-9660 filesystem now has a hook that supports a + loadable character conversion routine. The + <filename role="package">sysutils/cd9660_unicode</filename> + port contains a set of common conversions.</para> <para>&man.kernfs.5; is obsolete and has been retired.</para> <para>A bug in the NFS client that caused bogus access times with - <literal>O_EXCL|O_CREAT</literal> opens was fixed. &merged;</para> + <literal>O_EXCL|O_CREAT</literal> opens was + fixed. &merged;</para> <para>A new NFS hash function (based on the Fowler/Noll/Vo hash - algorithm) has been implemented to improve NFS performance by - increasing the efficiency of the <varname>nfsnode</varname> hash - tables. &merged;</para> + algorithm) has been implemented to improve NFS performance by + increasing the efficiency of the <varname>nfsnode</varname> + hash tables. &merged;</para> <para>Client-side NFS locks have been implemented.</para> <para>The client-side and server-side of the NFS code in the - kernel used to be intertwined in various complex ways. They - have been split apart for ease of maintenance and further - development.</para> + kernel used to be intertwined in various complex ways. They + have been split apart for ease of maintenance and further + development.</para> - <para>Support for file system Access Control Lists (ACLs) has been - introduced, allowing more fine-grained control of discretionary - access control on files and directories. This support was - integrated from the TrustedBSD Project. More details can be found in - <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para> + <para>Support for file system Access Control Lists (ACLs) has + been introduced, allowing more fine-grained control of + discretionary access control on files and directories. This + support was integrated from the TrustedBSD Project. More + details can be found in + <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para> <para>The directory layout preference algorithm for FFS - (<literal>dirprefs</literal>) has been changed. Rather than - scattering directory blocks across a disk, it attempts to group - related directory blocks together. Operations traversing large - directory hierarchies, such as the &os; Ports tree, have shown - marked speedups. This change is transparent and automatic for - new directories. &merged;</para> + (<literal>dirprefs</literal>) has been changed. Rather than + scattering directory blocks across a disk, it attempts to + group related directory blocks together. Operations + traversing large directory hierarchies, such as the &os; Ports + tree, have shown marked speedups. This change is transparent + and automatic for new directories. &merged;</para> <para arch="i386">smbfs (CIFS) support in kernel has been added. - The userland programs &man.smbutil.1; and &man.mount.smbfs.8; - can be used to work with SMB shares. Note that - &man.mount.smbfs.8; will automatically load the <filename>smbfs.ko</filename> - module into the kernel, even if <literal>LIBMCHAIN</literal> and - <literal>LIBICONV</literal> were not compiled into the kernel. - &merged;</para> + The userland programs &man.smbutil.1; and &man.mount.smbfs.8; + can be used to work with SMB shares. Note that + &man.mount.smbfs.8; will automatically load the + <filename>smbfs.ko</filename> module into the kernel, even if + <literal>LIBMCHAIN</literal> and + <literal>LIBICONV</literal> were not compiled into the kernel. + &merged;</para> <para>For consistency, the fdesc, fifo, null, msdos, portal, - umap, and union filesystems have been renamed to fdescfs, - fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where - applicable, modules and mount_* programs have been - renamed. Compatibility <quote>glue</quote> has been added to - &man.mount.8; so that <literal>msdos</literal> filesystem - entries in &man.fstab.5; will work without changes.</para> + umap, and union filesystems have been renamed to fdescfs, + fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where + applicable, modules and mount_* programs have been renamed. + Compatibility <quote>glue</quote> has been added to + &man.mount.8; so that <literal>msdos</literal> filesystem + entries in &man.fstab.5; will work without changes.</para> <para>pseudofs, a pseudo-filesystem framework, has been added. - &man.linprocfs.5; and &man.procfs.5; have been modified to use pseudofs.</para> + &man.linprocfs.5; and &man.procfs.5; have been modified to use + pseudofs.</para> - <para>A simple hash-based lookup optimization for large directories - called <literal>dirhash</literal> has been added. Conditional on the - <literal>UFS_DIRHASH</literal> kernel option (enabled by default - in the <filename>GENERIC</filename> kernel), it improves the speed - of operations on very large directories at the expense of some - memory. &merged;</para> + <para>A simple hash-based lookup optimization for large + directories called <literal>dirhash</literal> has been added. + Conditional on the + <literal>UFS_DIRHASH</literal> kernel option (enabled by + default in the <filename>GENERIC</filename> kernel), it + improves the speed of operations on very large directories at + the expense of some memory. &merged;</para> <para>The virtual memory subsystem now backs UFS directory - memory requirements by default (this behavior is controlled via - the <varname>vfs.vmiodirenable</varname> sysctl variable). &merged;</para> + memory requirements by default (this behavior is controlled + via the <varname>vfs.vmiodirenable</varname> sysctl + variable). &merged;</para> <para>A bug that prevented the root filesystem from being - mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were - always supported). &merged;</para> + mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were + always supported). &merged;</para> <para>A number of bugs in the filesystem code, discovered - through the use of the <application>fsx</application> filesystem test tool, have been fixed. - Under certain circumstances (primarily related to use of NFS), - these bugs could cause data corruption or kernel panics. &merged;</para> + through the use of the <application>fsx</application> + filesystem test tool, have been fixed. Under certain + circumstances (primarily related to use of NFS), these bugs + could cause data corruption or kernel panics. &merged;</para> <para>Network filesystems (such as NFS and smbfs filesystems) - listed in <filename>/etc/fstab</filename> can now be properly - mounted during startup initialization; their mounts are deferred - until after the network is initialized.</para> + listed in <filename>/etc/fstab</filename> can now be properly + mounted during startup initialization; their mounts are + deferred until after the network is initialized.</para> </sect3> <sect3> <title>PCCARD Support</title> - <para arch="i386">The pccard driver and &man.pccardc.8; now support multiple - <quote>beep types</quote> upon card insertion and removal. &merged;</para> + <para arch="i386">The pccard driver and &man.pccardc.8; now + support multiple <quote>beep types</quote> upon card insertion + and removal. &merged;</para> <para>On many modern hosts, PCCARD devices can be configured to - route their interrupts via either the ISA or PCI interrupt paths. - The &man.pcic.4; driver has been updated to support both interrupt - paths (formerly, only routing via ISA was supported). &merged; In most - cases, configuration of PCMCIA devices in laptops is simpler and - more flexible. In addition, various Cardbus bridge PCI cards - (such as those used by Orinoco PCI NICs) are now supported. Some - hosts may experience problems, such as hangs or panics, with PCI - interrupt routing; they can frequently be made to work by forcing - the older-style ISA interrupt routing. The following lines, - placed in <filename>/boot/loader.conf</filename>, may fix the - problem:</para> + route their interrupts via either the ISA or PCI interrupt + paths. The &man.pcic.4; driver has been updated to support + both interrupt paths (formerly, only routing via ISA was + supported). &merged; In most cases, configuration of PCMCIA + devices in laptops is simpler and more flexible. In addition, + various Cardbus bridge PCI cards (such as those used by + Orinoco PCI NICs) are now supported. Some hosts may + experience problems, such as hangs or panics, with PCI + interrupt routing; they can frequently be made to work by + forcing the older-style ISA interrupt routing. The following + lines, placed in <filename>/boot/loader.conf</filename>, may + fix the problem:</para> <programlisting>hw.pcic.intr_path="1" hw.pcic.irq="0"</programlisting> - <para>When installing &os; on such a system, typing the following - lines to the boot loader may be helpful in starting up &os; for - the first time:<para> + <para>When installing &os; on such a system, typing the + following lines to the boot loader may be helpful in starting + up &os; for the first time:<para> <screen><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput> <prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen> - <para arch="i386">Preliminary Cardbus support under NEWCARD has been added. - This code supports the TI113X, TI12XX, TI125X, Ricoh 5C46/5C47, Topic - 95/97/100 and Cirrus Logic PD683X bridges. 16-bit PC Card support - is not yet functional.</para> + <para arch="i386">Preliminary Cardbus support under NEWCARD has + been added. This code supports the TI113X, TI12XX, TI125X, + Ricoh 5C46/5C47, Topic 95/97/100 and Cirrus Logic PD683X + bridges. 16-bit PC Card support is not yet functional.</para> </sect3> <sect3> <title>Multimedia Support</title> - <para arch="i386">The &man.pcm.4; driver now supports the ESS Solo 1, - Maestro-1, Maestro-2, and Maestro-2e; Forte Media fm801, ESS - Maestro-2e, and VIA Technologies VT82C686A sound card/chipsets, - and has received some other updates. - Separate drivers for the SoundBlaster 8 and SoundBlaster 16 now - replace an older, unified driver. A driver for the CMedia - CMI8338/CMI8738 sound chips has been added. A driver for the - CS4281 sound chip has been added. A driver for the S3 - SonicVibes chipset has been added. &merged;</para> - - <para arch="i386">A driver for the Avance Logic ALS4000 has - been added. &merged;</para> - - <para arch="i386">A driver for the - ESS Maestro-3/Allegro has been added, however due to licensing - restrictions, it cannot be compiled into the kernel. &merged; To - use this driver, add the following line to - <filename>/boot/loader.conf</filename>:</para> + <para arch="i386">The &man.pcm.4; driver now supports the ESS + Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media + fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound + card/chipsets, and has received some other updates. Separate + drivers for the SoundBlaster 8 and SoundBlaster 16 now replace + an older, unified driver. A driver for the CMedia + CMI8338/CMI8738 sound chips has been added. A driver for the + CS4281 sound chip has been added. A driver for the S3 + SonicVibes chipset has been added. &merged;</para> + + <para arch="i386">A driver for the Avance Logic ALS4000 has been + added. &merged;</para> + + <para arch="i386">A driver for the ESS Maestro-3/Allegro has + been added, however due to licensing restrictions, it cannot + be compiled into the kernel. &merged; To use this driver, add + the following line to + <filename>/boot/loader.conf</filename>:</para> <programlisting>snd_maestro3_load="YES"</programlisting> <para>The &man.bktr.4; driver has been updated to 2.18. This - update provides a number of new features. New tuner - types have been added, and improvements to the KLD module and to - memory allocation have been made. Bugs in &man.devfs.5; when - unloading and reloading have been fixed. - Support for new Hauppauge Model 44xxx WinTV Cards (the ones with - no audio mux) has been added. &merged;</para> + update provides a number of new features. New tuner types + have been added, and improvements to the KLD module and to + memory allocation have been made. Bugs in &man.devfs.5; when + unloading and reloading have been fixed. Support for new + Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux) + has been added. &merged;</para> <para>When sound modules are built, one can now load all the - drivers and infrastructure by <command>kldload - snd</command>. &merged;</para> + drivers and infrastructure by <command>kldload + snd</command>. &merged;</para> <para>A new API has been added for sound cards with hardware - volume control.</para> + volume control.</para> - <para arch="i386">A driver for the Intel 443MX, 810, 815, and 815E - integrated sound devices has been added.</para> + <para arch="i386">A driver for the Intel 443MX, 810, 815, and + 815E integrated sound devices has been added.</para> </sect3> @@ -1198,105 +1244,107 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> <title>Contributed Software</title> <para>The Forth Inspired Command Language - (<application>FICL</application>) used in the boot loader has - been updated to 2.05.</para> + (<application>FICL</application>) used in the boot loader has + been updated to 2.05.</para> <para>Support for Advanced Configuration and Power Interface - (ACPI), a multi-vendor standard for configuration and power - management, has been added. This functionality has been - provided by the <application>Intel ACPI Component - Architecture</application> project, as of the ACPI CA - 20020214 snapshot. Some backward compatability for - applications using the older APM standard has been provided.</para> + (ACPI), a multi-vendor standard for configuration and power + management, has been added. This functionality has been + provided by the <application>Intel ACPI Component + Architecture</application> project, as of the ACPI CA 20020214 + snapshot. Some backward compatability for applications using + the older APM standard has been provided.</para> <sect4> - <title>IPFilter</title> + <title>IPFilter</title> <para><application>IPFilter</application> has been updated to - 3.4.20. &merged;</para> + 3.4.20. &merged;</para> <para><application>IPFilter</application> now supports - IPv6. &merged;</para> + IPv6. &merged;</para> </sect4> <sect4 arch="i386"> - <title>isdn4bsd</title> + <title>isdn4bsd</title> <para><application>isdn4bsd</application> has been updated to - version 1.0.1. As a result of this update, users of the - &man.i4bisppp.4; (kernel PPP over ISDN) driver - <emphasis>must</emphasis> now use &man.ispppcontrol.8; instead - of &man.spppcontrol.8; to configure and control these - network interfaces. &merged;</para> + version 1.0.1. As a result of this update, users of the + &man.i4bisppp.4; (kernel PPP over ISDN) driver + <emphasis>must</emphasis> now use &man.ispppcontrol.8; + instead of &man.spppcontrol.8; to configure and control these + network interfaces. &merged;</para> <para>The &man.ifpi.4; driver for supporting the AVM - Fritz!Card PCI version 2 controller has been added.</para> + Fritz!Card PCI version 2 controller has been added.</para> <para>The &man.ihfc.4; driver for supporting Cologne Chip - Designs HFC devices under <application>isdn4bsd</application> - has been added. &merged;</para> + Designs HFC devices under + <application>isdn4bsd</application> has been + added. &merged;</para> - <para>The &man.itjc.4; driver for supporting NETjet-S / Teles - PCI-TJ devices under <application>isdn4bsd</application> has - been added. &merged;</para> + <para>The &man.itjc.4; driver for supporting NETjet-S / Teles + PCI-TJ devices under <application>isdn4bsd</application> has + been added. &merged;</para> - <para>Experimental support for the Eicon.Diehl DIVA 2.0 and - 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; - <application>isdn4bsd</application> driver. &merged;</para> + <para>Experimental support for the Eicon.Diehl DIVA 2.0 and + 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; + <application>isdn4bsd</application> driver. &merged;</para> <para>The &man.isic.4; driver now supports the Compaq Microcom - 610 ISDN ISA PnP card. &merged;</para> + 610 ISDN ISA PnP card. &merged;</para> <para>Active CAPI-based ISDN cards manufactured by AVM are now - supported using the &man.i4bcapi.4; and the &man.iavc.4; driver. The - supported cards are the AVM B1 PCI and AVM B1 ISA Basic Rate - cards and the AVM T1 Primary Rate cards. &merged;</para> + supported using the &man.i4bcapi.4; and the &man.iavc.4; + driver. The supported cards are the AVM B1 PCI and AVM B1 + ISA Basic Rate cards and the AVM T1 Primary Rate + cards. &merged;</para> <para>A new <literal>maxconnecttime</literal> keyword is now - accepted in &man.isdnd.rc.5; files to limit the time a - connection may remain open. &merged;</para> + accepted in &man.isdnd.rc.5; files to limit the time a + connection may remain open. &merged;</para> - <para>&man.isdnphone.8; now supports a <option>-k</option> option for - sending messages via the keypad facility to a PBX or exchange - office. &merged;</para> + <para>&man.isdnphone.8; now supports a <option>-k</option> + option for sending messages via the keypad facility to a PBX + or exchange office. &merged;</para> </sect4> <sect4 id="kame-kernel"> - <title>KAME</title> + <title>KAME</title> - <para>The IPv6 stack is now based on a snapshot based on the KAME - Project's IPv6 snapshot as of 28 May, 2001. Most of the - items listed in this section are a result of this import. - <xref linkend="kame-userland"> lists userland updates to the - KAME IPv6 stack. &merged;</para> + <para>The IPv6 stack is now based on a snapshot based on the + KAME Project's IPv6 snapshot as of 28 May, 2001. Most of + the items listed in this section are a result of this + import. <xref linkend="kame-userland"> lists userland + updates to the KAME IPv6 stack. &merged;</para> - <para>&man.gif.4; is now based on RFC 2893, rather than RFC - 1933. The <literal>IFF_LINK2</literal> interface flag can - be used to control ingress filtering. &merged;</para> + <para>&man.gif.4; is now based on RFC 2893, rather than RFC + 1933. The <literal>IFF_LINK2</literal> interface flag can + be used to control ingress filtering. &merged;</para> <para><application>IPSec</application> has received some - enhancements, including the ability to use the Rijndael and - SHA2 algorithms. IPSec RC5 support has been removed due to - patent issues. &merged;</para> + enhancements, including the ability to use the Rijndael and + SHA2 algorithms. IPSec RC5 support has been removed due to + patent issues. &merged;</para> <para>&man.stf.4; now conforms to RFC 3056; the - <literal>IFF_LINK2</literal> interface flag can be used to - control ingress filtering. &merged;</para> + <literal>IFF_LINK2</literal> interface flag can be used to + control ingress filtering. &merged;</para> <para>IPv6 has better checking of illegal addresses (such as - loopback addresses) on physical networks. &merged;</para> + loopback addresses) on physical networks. &merged;</para> - <para>The <varname>IPV6_V6ONLY</varname> socket option is - now completely supported. The kernel's default behavior - with respect to this option is controlled by the - <varname>net.inet6.ip6.v6only</varname> sysctl - variable. &merged;</para> + <para>The <varname>IPV6_V6ONLY</varname> socket option is now + completely supported. The kernel's default behavior with + respect to this option is controlled by the + <varname>net.inet6.ip6.v6only</varname> sysctl + variable. &merged;</para> <para>RFC 3041 (Privacy Extensions for Stateless Address - Autoconfiguration) is now supported. It can be enabled via - the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl - variable. &merged;</para> + Autoconfiguration) is now supported. It can be enabled via + the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl + variable. &merged;</para> </sect4> </sect3> </sect2> @@ -1304,1566 +1352,1640 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> <title>Security-Related Changes</title> <para>&man.sysinstall.8; now allows the user to select one of two - <quote>security profiles</quote> at install-time. These profiles enable - different levels of system security by enabling or disabling - various system services in &man.rc.conf.5; on new - installs. &merged;</para> + <quote>security profiles</quote> at install-time. These + profiles enable different levels of system security by enabling + or disabling various system services in &man.rc.conf.5; on new + installs. &merged;</para> <para>A bug in which malformed ELF executable images can hang the - system has been fixed (see security advisory - FreeBSD-SA-00:41). &merged;</para> + system has been fixed (see security advisory + FreeBSD-SA-00:41). &merged;</para> <para>A security hole in Linux emulation was fixed (see security - advisory FreeBSD-SA-00:42). &merged;</para> + advisory FreeBSD-SA-00:42). &merged;</para> <para>String-handling library calls in many programs were fixed to - reduce the possibility of buffer overflow-related exploits. - &merged;</para> + reduce the possibility of buffer overflow-related exploits. + &merged;</para> - <para>TCP now uses stronger randomness in choosing its initial sequence - numbers (see security advisory FreeBSD-SA-00:52). &merged;</para> + <para>TCP now uses stronger randomness in choosing its initial + sequence numbers (see security advisory + FreeBSD-SA-00:52). &merged;</para> <para>Several buffer overflows in &man.tcpdump.1; were corrected - (see security advisory FreeBSD-SA-00:61). &merged;</para> + (see security advisory FreeBSD-SA-00:61). &merged;</para> - <para>A security hole in &man.top.1; was corrected (see security advisory - FreeBSD-SA-00:62). &merged;</para> + <para>A security hole in &man.top.1; was corrected (see security + advisory FreeBSD-SA-00:62). &merged;</para> <para>A potential security hole caused by an off-by-one-error in - &man.gethostbyname.3; has been fixed (see security advisory - FreeBSD-SA-00:63). &merged;</para> + &man.gethostbyname.3; has been fixed (see security advisory + FreeBSD-SA-00:63). &merged;</para> <para>A potential buffer overflow in the &man.ncurses.3; library, - which could cause arbitrary code to be run from within - &man.systat.1;, has been corrected (see security advisory - FreeBSD-SA-00:68). &merged;</para> + which could cause arbitrary code to be run from within + &man.systat.1;, has been corrected (see security advisory + FreeBSD-SA-00:68). &merged;</para> <para>A vulnerability in &man.telnetd.8; that could cause it to - consume large amounts of server resources has been fixed (see - security advisory FreeBSD-SA-00:69). &merged;</para> + consume large amounts of server resources has been fixed (see + security advisory FreeBSD-SA-00:69). &merged;</para> <para>The <literal>nat deny_incoming</literal> command in - &man.ppp.8; now works correctly (see security advisory - FreeBSD-SA-00:70). &merged;</para> + &man.ppp.8; now works correctly (see security advisory + FreeBSD-SA-00:70). &merged;</para> <para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files - that could allow overwriting of arbitrary user-writable files has - been closed (see security advisory FreeBSD-SA-00:76). &merged;</para> + that could allow overwriting of arbitrary user-writable files + has been closed (see security advisory + FreeBSD-SA-00:76). &merged;</para> <para>The &man.ssh.1; binary is no longer SUID root by - default. &merged;</para> + default. &merged;</para> - <para>Some fixes were applied to the Kerberos - IV implementation related to environment variables, a - possible buffer overrun, and overwriting ticket files. &merged;</para> + <para>Some fixes were applied to the Kerberos IV implementation + related to environment variables, a possible buffer overrun, and + overwriting ticket files. &merged;</para> <para>&man.telnet.1; now does a better job of sanitizing its - environment. &merged;</para> + environment. &merged;</para> <para>Several vulnerabilities in &man.procfs.5; were fixed (see - security advisory FreeBSD-SA-00:77). &merged;</para> + security advisory FreeBSD-SA-00:77). &merged;</para> <para>A bug in <application>OpenSSH</application> in which a - server was unable to disable &man.ssh-agent.1; or - <literal>X11Forwarding</literal> was fixed (see security advisory - FreeBSD-SA-01:01). &merged;</para> + server was unable to disable &man.ssh-agent.1; or + <literal>X11Forwarding</literal> was fixed (see security + advisory FreeBSD-SA-01:01). &merged;</para> <para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP - segments could incorrectly be treated as being part of an - <literal>established</literal> connection has been fixed (see - security advisory FreeBSD-SA-01:08). &merged;</para> - + segments could incorrectly be treated as being part of an + <literal>established</literal> connection has been fixed (see + security advisory FreeBSD-SA-01:08). &merged;</para> + <para>A bug in &man.crontab.1; that could allow users to read any - file on the system in valid &man.crontab.5; syntax has been fixed - (see security advisory FreeBSD-SA-01:09). &merged;</para> + file on the system in valid &man.crontab.5; syntax has been + fixed (see security advisory FreeBSD-SA-01:09). &merged;</para> <para>A vulnerability in &man.inetd.8; that could allow - read-access to the initial 16 bytes of - <groupname>wheel</groupname>-accessible files has been fixed (see security - advisory FreeBSD-SA-01:11). &merged;</para> + read-access to the initial 16 bytes of + <groupname>wheel</groupname>-accessible files has been fixed + (see security advisory FreeBSD-SA-01:11). &merged;</para> - <para>A bug in &man.periodic.8; that used insecure temporary files has been - corrected (see security advisory FreeBSD-SA-01:12). &merged;</para> + <para>A bug in &man.periodic.8; that used insecure temporary files + has been corrected (see security advisory + FreeBSD-SA-01:12). &merged;</para> <para>A bug in &man.sort.1; in which an attacker might be able to - cause it to abort processing has been fixed (see security advisory - FreeBSD-SA-01:13). &merged;</para> + cause it to abort processing has been fixed (see security + advisory FreeBSD-SA-01:13). &merged;</para> <para><application>OpenSSH</application> now has code to prevent - (instead of just mitigating through connection limits) an attack - that can lead to guessing the server key (not host key) by - regenerating the server key when an RSA failure is detected (see - security advisory FreeBSD-SA-01:24). &merged;</para> + (instead of just mitigating through connection limits) an attack + that can lead to guessing the server key (not host key) by + regenerating the server key when an RSA failure is detected (see + security advisory FreeBSD-SA-01:24). &merged;</para> <para>A number of programs have had output formatting strings - corrected so as to reduce the risk of vulnerabilities. &merged;</para> + corrected so as to reduce the risk of + vulnerabilities. &merged;</para> <para>A number of programs that use temporary files now do so more - securely. &merged;</para> + securely. &merged;</para> <para>A bug in ICMP that could cause an attacker to disrupt TCP and UDP - <quote>sessions</quote> has been corrected. &merged;</para> + <quote>sessions</quote> has been corrected. &merged;</para> <para>A bug in &man.timed.8;, which caused it to crash if send - certain malformed packets, has been corrected (see security - advisory FreeBSD-SA-01:28). &merged;</para> + certain malformed packets, has been corrected (see security + advisory FreeBSD-SA-01:28). &merged;</para> <para>A bug in &man.rwhod.8;, which caused it to crash if send - certain malformed packets, has been corrected (see security - advisory FreeBSD-SA-01:29). &merged;</para> + certain malformed packets, has been corrected (see security + advisory FreeBSD-SA-01:29). &merged;</para> <para>A security hole in &os;'s FFS and EXT2FS implementations, - which allowed a race condition that could cause users to have - unauthorized access to data, has been fixed (see security advisory - FreeBSD-SA-01:30). &merged;</para> + which allowed a race condition that could cause users to have + unauthorized access to data, has been fixed (see security + advisory FreeBSD-SA-01:30). &merged;</para> <para>A remotely-exploitable vulnerability in &man.ntpd.8; has - been closed (see security advisory FreeBSD-SA-01:31). &merged;</para> + been closed (see security advisory + FreeBSD-SA-01:31). &merged;</para> - <para>A security hole in <application>IPFilter</application>'s - fragment cache has been closed (see - security advisory FreeBSD-SA-01:32). &merged;</para> + <para>A security hole in <application>IPFilter</application>'s + fragment cache has been closed (see security advisory + FreeBSD-SA-01:32). &merged;</para> <para>Buffer overflows in &man.glob.3;, which could cause - arbitrary code to be run on an FTP server, have been closed. In - addition, to prevent some forms of DOS attacks, &man.glob.3; - allows specification of a limit on the number of pathname matches - it will return. &man.ftpd.8; now uses this feature (see security - advisory FreeBSD-SA-01:33). &merged;</para> + arbitrary code to be run on an FTP server, have been closed. In + addition, to prevent some forms of DOS attacks, &man.glob.3; + allows specification of a limit on the number of pathname + matches it will return. &man.ftpd.8; now uses this feature (see + security advisory FreeBSD-SA-01:33). &merged;</para> <para>Initial sequence numbers in TCP are more thoroughly - randomized (see security advisory FreeBSD-SA-01:39). Due to some - possible compatibility issues, the behavior of this security fix - can be enabled or disabled via the - <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl - variable.&merged;</para> + randomized (see security advisory FreeBSD-SA-01:39). Due to + some possible compatibility issues, the behavior of this + security fix can be enabled or disabled via the + <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl + variable.&merged;</para> <para>A vulnerability in the &man.fts.3; routines (used by - applications for recursively traversing a filesystem) could - allow a program to operate on files outside the intended directory - hierarchy. This bug has been fixed (see security advisory - FreeBSD-SA-01:40). &merged;</para> + applications for recursively traversing a filesystem) could + allow a program to operate on files outside the intended + directory hierarchy. This bug has been fixed (see security + advisory FreeBSD-SA-01:40). &merged;</para> <para>&os;'s TCP implementation has been made more resistant to - SYN floods, by eliminating the RST segment normally sent when - removing a connection from the listen queue.</para> + SYN floods, by eliminating the RST segment normally sent when + removing a connection from the listen queue.</para> <para><application>OpenSSH</application> now switches to the - user's UID before attempting to unlink the authentication - forwarding file, nullifying the effects of a race.</para> + user's UID before attempting to unlink the authentication + forwarding file, nullifying the effects of a race.</para> <para>A flaw allowed some signal handlers to remain in effect in a - child process after being exec-ed from its parent. This allowed - an attacker to execute arbitrary code in the context of a setuid - binary. This flaw has been corrected (see security advisory - FreeBSD-SA-01:42). &merged;</para> + child process after being exec-ed from its parent. This allowed + an attacker to execute arbitrary code in the context of a setuid + binary. This flaw has been corrected (see security advisory + FreeBSD-SA-01:42). &merged;</para> <para>A remote buffer overflow in &man.tcpdump.1; has been fixed - (see security advisory FreeBSD-SA-01:48). &merged;</para> + (see security advisory FreeBSD-SA-01:48). &merged;</para> - <para>A remote buffer overflow in &man.telnetd.8; has been - fixed (see security advisory FreeBSD-SA-01:49). &merged;</para> + <para>A remote buffer overflow in &man.telnetd.8; has been fixed + (see security advisory FreeBSD-SA-01:49). &merged;</para> - <para>The new <varname>net.inet.ip.maxfragpackets</varname> - and <varname>net.inet.ip6.maxfragpackets</varname> sysctl - variables limit the amount of memory that can be consumed by IPv4 - and IPv6 packet fragments, which defends against some denial of service - attacks (see security advisory FreeBSD-SA-01:52). &merged;</para> + <para>The new <varname>net.inet.ip.maxfragpackets</varname> and + <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables + limit the amount of memory that can be consumed by IPv4 and IPv6 + packet fragments, which defends against some denial of service + attacks (see security advisory + FreeBSD-SA-01:52). &merged;</para> <para>All services in <filename>inetd.conf</filename> are now - disabled by default for new installations. &man.sysinstall.8; - gives the option of enabling or disabling &man.inetd.8; on new - installations, as well as editing - <filename>inetd.conf</filename>. &merged;</para> + disabled by default for new installations. &man.sysinstall.8; + gives the option of enabling or disabling &man.inetd.8; on new + installations, as well as editing + <filename>inetd.conf</filename>. &merged;</para> <para>A flaw in the implementation of the &man.ipfw.8; - <literal>me</literal> rules on point-to-point links has been - corrected. Formerly, <literal>me</literal> filter rules would - match the remote IP address of a point-to-point interface in - addition to the intended local IP address (see security advisory - FreeBSD-SA-01:53). &merged;</para> + <literal>me</literal> rules on point-to-point links has been + corrected. Formerly, <literal>me</literal> filter rules would + match the remote IP address of a point-to-point interface in + addition to the intended local IP address (see security advisory + FreeBSD-SA-01:53). &merged;</para> <para>A vulnerability in &man.procfs.5;, which could allow a - process to read sensitive information from another process's - memory space, has been closed (see security advisory - FreeBSD-SA-01:55). &merged;</para> + process to read sensitive information from another process's + memory space, has been closed (see security advisory + FreeBSD-SA-01:55). &merged;</para> <para>The <literal>PARANOID</literal> hostname checking in - <application>tcp_wrappers</application> now works as advertised - (see security advisory FreeBSD-SA-01:56). &merged;</para> + <application>tcp_wrappers</application> now works as advertised + (see security advisory FreeBSD-SA-01:56). &merged;</para> <para>A local root exploit in &man.sendmail.8; has been closed - (see security advisory FreeBSD-SA-01:57). &merged;</para> - + (see security advisory FreeBSD-SA-01:57). &merged;</para> + <para>A remote root vulnerability in &man.lpd.8; has been closed - (see security advisory FreeBSD-SA-01:58). &merged;</para> + (see security advisory FreeBSD-SA-01:58). &merged;</para> <para>A race condition in &man.rmuser.8; that briefly exposed a - world-readable <filename>/etc/master.passwd</filename> has been - fixed (see security advisory FreeBSD-SA-01:59). &merged;</para> + world-readable <filename>/etc/master.passwd</filename> has been + fixed (see security advisory FreeBSD-SA-01:59). &merged;</para> <para>A vulnerability in <application>UUCP</application> has been - closed (see security advisory FreeBSD-SA-01:62). - All non-<username>root</username>-owned binaries in standard - system paths now have the <literal>schg</literal> flag set to - prevent exploit vectors when run by &man.cron.8;, by - <username>root</username>, or by a user other then the one owning - the binary. In addition, &man.uustat.1; is now run via - <filename>/etc/periodic/daily/410.status-uucp</filename> as - <username>uucp</username>, not <username>root</username>. - In &os; -CURRENT, <application>UUCP</application> has since been moved - to the Ports Collection and no longer a part of the base - system. &merged;</para> + closed (see security advisory FreeBSD-SA-01:62). All + non-<username>root</username>-owned binaries in standard system + paths now have the <literal>schg</literal> flag set to prevent + exploit vectors when run by &man.cron.8;, by + <username>root</username>, or by a user other then the one owning + the binary. In addition, &man.uustat.1; is now run via + <filename>/etc/periodic/daily/410.status-uucp</filename> as + <username>uucp</username>, not <username>root</username>. In + &os; -CURRENT, <application>UUCP</application> has since been + moved to the Ports Collection and no longer a part of the base + system. &merged;</para> <para>A security hole in the form of a buffer overflow in the - &man.semop.2; system call has been closed. &merged;</para> + &man.semop.2; system call has been closed. &merged;</para> - <para>A security hole in <application>OpenSSH</application>, - which could allow users to execute code with arbitrary privileges - if <literal>UseLogin yes</literal> was set, has been - closed. Note that the default value of this setting is - <literal>UseLogin no</literal>. (See security advisory - FreeBSD-SA-01:63.) &merged;</para> + <para>A security hole in <application>OpenSSH</application>, which + could allow users to execute code with arbitrary privileges if + <literal>UseLogin yes</literal> was set, has been closed. Note + that the default value of this setting is + <literal>UseLogin no</literal>. (See security advisory + FreeBSD-SA-01:63.) &merged;</para> <para>The use of an insecure temporary directory by - &man.pkg.add.1; could permit a local attacker to modify the - contents of binary packages while they were being installed. - This hole has been closed. (See security advisory - FreeBSD-SA-02:01.) &merged;</para> + &man.pkg.add.1; could permit a local attacker to modify the + contents of binary packages while they were being installed. + This hole has been closed. (See security advisory + FreeBSD-SA-02:01.) &merged;</para> <para>A race condition in &man.pw.8;, which could expose the - contents of <filename>/etc/master.passwd</filename>, has been - eliminated. (See security advisory FreeBSD-SA-02:02.) &merged;</para> + contents of <filename>/etc/master.passwd</filename>, has been + eliminated. (See security advisory FreeBSD-SA-02:02.) + &merged;</para> <para>A bug in &man.k5su.8; could have allowed a process that had - given up superuser privileges to regain them. This bug has been - fixed. (See security advisory FreeBSD-SA-02:07.) &merged;</para> + given up superuser privileges to regain them. This bug has been + fixed. (See security advisory FreeBSD-SA-02:07.) + &merged;</para> </sect2> <sect2 id="userland"> <title>Userland Changes</title> <para>If the first argument to &man.ancontrol.8; or - &man.wicontrol.8; doesn't start with a <literal>-</literal>, it is - assumed to be an interface.</para> + &man.wicontrol.8; doesn't start with a <literal>-</literal>, it + is assumed to be an interface.</para> - <para>&man.apmd.8; now has the ability to monitor battery levels and - execute commands based on percentage or minutes of battery life - remaining via the <literal>apm_battery</literal> configuration - directive. See the commented-out examples in - <filename>/etc/apmd.conf</filename> for the syntax. &merged;</para> + <para>&man.apmd.8; now has the ability to monitor battery levels + and execute commands based on percentage or minutes of battery + life remaining via the <literal>apm_battery</literal> + configuration directive. See the commented-out examples in + <filename>/etc/apmd.conf</filename> for the + syntax. &merged;</para> <para>&man.arp.8; now prints the applicable interface name for - each ARP entry. &merged</para> + each ARP entry. &merged</para> <para>&man.arp.8; now prints <literal>[fddi]</literal> or - <literal>[atm]</literal> tags for addresses on interfaces of those - types.</para> + <literal>[atm]</literal> tags for addresses on interfaces of + those types.</para> <para>&man.atacontrol.8; has been added to control various aspects - of the &man.ata.4; driver.</para> + of the &man.ata.4; driver.</para> - <para arch="i386">&man.boot98cfg.8;, a PC-98 boot manager installation and - configuration utility, has been added. &merged;</para> + <para arch="i386">&man.boot98cfg.8;, a PC-98 boot manager + installation and configuration utility, has been + added. &merged;</para> <para>&man.burncd.8; now supports a <option>-m</option> option for - multisession mode (the default behavior now is to close disks as - single-session). A <option>-l</option> option to take a list of - image files from a filename was also added; <filename>-</filename> - can be used as a filename for <literal>stdin</literal>. &merged;</para> + multisession mode (the default behavior now is to close disks as + single-session). A <option>-l</option> option to take a list of + image files from a filename was also added; + <filename>-</filename> can be used as a filename for + <literal>stdin</literal>. &merged;</para> <para>&man.burncd.8; now supports Disk At Once (DAO) mode, - selectable via the <option>-d</option> flag.</para> + selectable via the <option>-d</option> flag.</para> <para>&man.burncd.8; now has the ability to write VCDs/SVCDs.</para> <para>&man.c89.1; has been converted from a shell script to a - binary executable, fixing some minor bugs. &merged;</para> + binary executable, fixing some minor bugs. &merged;</para> <para arch="i386">A minimalized version of &man.camcontrol.8; is - now available on the installation floppy. This allows it to - rescan for devices that have been connected after booting, or to - show the devices attached to SCSI busses (e. g. from within the - <quote>emergency holographic shell</quote>). &merged;</para> + now available on the installation floppy. This allows it to + rescan for devices that have been connected after booting, or to + show the devices attached to SCSI busses (e. g. from within the + <quote>emergency holographic shell</quote>). &merged;</para> <para>&man.cat.1; now has the ability to read from UNIX-domain - sockets. &merged;</para> + sockets. &merged;</para> <para>&man.cdcontrol.1; now supports a <literal>cdid</literal> - command, which calculates and displays the CD serial number, using - the same algorithm used by the CDDB database. &merged;</para> + command, which calculates and displays the CD serial number, + using the same algorithm used by the CDDB + database. &merged;</para> <para>&man.cdcontrol.1; now uses the <envar>CDROM</envar> - environment variable to pick a default device. &merged;</para> + environment variable to pick a default device. &merged;</para> <para>&man.cdcontrol.1; now supports <literal>next</literal> and - <literal>prev</literal> commands to skip forwards or backwards a - specified number of tracks while playing an audio CD. &merged;</para> + <literal>prev</literal> commands to skip forwards or backwards a + specified number of tracks while playing an audio + CD. &merged;</para> <para>&man.chflags.1; has moved from <filename>/usr/bin</filename> - to <filename>/bin</filename>.</para> + to <filename>/bin</filename>.</para> <para>&man.chio.1; now has the ability to specify elements by - volume tag instead of by their physical location as well as the - ability to return an element to its previous location. &merged;</para> + volume tag instead of by their physical location as well as the + ability to return an element to its previous + location. &merged;</para> <para>&man.chmod.1; now supports a <option>-h</option> for - changing the mode of a symbolic link.</para> + changing the mode of a symbolic link.</para> <para>&man.chown.8; now correctly follows symbolic links named as - command line arguments if run without <option>-R</option>. &merged;</para> + command line arguments if run without + <option>-R</option>. &merged;</para> <para>&man.chown.8; no longer takes <literal>.</literal> as a - user/group delimeter. This change was made to support usernames - containing a <literal>.</literal>.</para> + user/group delimeter. This change was made to support usernames + containing a <literal>.</literal>.</para> <para>Use of the <literal>CSMG_*</literal> macros no longer - require inclusion of - <filename><sys/param.h></filename></para> + require inclusion of + <filename><sys/param.h></filename></para> - <para>&man.col.1; now takes a <option>-p</option> flag to force unknown - control sequences to be passed through unchanged. &merged;</para> + <para>&man.col.1; now takes a <option>-p</option> flag to force + unknown control sequences to be passed through + unchanged. &merged;</para> - <para>The - <filename>compat3x</filename> distribution has been updated to - include libraries present in &os; 3.5.1-RELEASE. &merged;</para> + <para>The <filename>compat3x</filename> distribution has been + updated to include libraries present in &os; + 3.5.1-RELEASE. &merged;</para> <para>A <filename>compat4x</filename> distribution has been added - for compatibility with &os; 4-STABLE.</para> + for compatibility with &os; 4-STABLE.</para> - <para>&man.config.8; is now better about converting various - warnings that should - have been errors into actual fatal errors with an exit code. This - ensures that <literal>make buildkernel</literal> - doesn't quietly ignore them and - build a bogus kernel without a human to read the errors. &merged;</para> + <para>&man.config.8; is now better about converting various + warnings that should have been errors into actual fatal errors + with an exit code. This ensures that <literal>make + buildkernel</literal> doesn't quietly ignore them and build a + bogus kernel without a human to read the errors. &merged;</para> <para>A number of buffer overflows in &man.config.8; have been - fixed. &merged;</para> + fixed. &merged;</para> <para>The &man.daemon.8; program, a command-line interface to - &man.daemon.3;, has been added. It detaches itself from its - controlling terminal and executes a program specified on the command - line. This allows the user to run an arbitrary program as if it were - written to be a daemon.</para> + &man.daemon.3;, has been added. It detaches itself from its + controlling terminal and executes a program specified on the + command line. This allows the user to run an arbitrary program + as if it were written to be a daemon.</para> - <para>devinfo, a simple tool to print the device tree and resource usage by - devices, has been added.</para> + <para>devinfo, a simple tool to print the device tree and resource + usage by devices, has been added.</para> <para>&man.df.1; now takes a <option>-l</option> option to only - display information about locally-mounted filesystems. &merged;</para> + display information about locally-mounted + filesystems. &merged;</para> <para>&man.disklabel.8; now supports partition sizes expressed in - kilobytes, megabytes, or gigabytes, in addition to sectors. &merged;</para> + kilobytes, megabytes, or gigabytes, in addition to + sectors. &merged;</para> <para>&man.dmesg.8; now has a <option>-a</option> option to show - the entire message buffer, including &man.syslogd.8; records and - <filename>/dev/console</filename> output. &merged;</para> + the entire message buffer, including &man.syslogd.8; records and + <filename>/dev/console</filename> output. &merged;</para> <para>&man.du.1; now takes a <option>-I</option> command-line flag - to ignore/skip files and subdirectories matching a specified - shell-glob mask. &merged;</para> + to ignore/skip files and subdirectories matching a specified + shell-glob mask. &merged;</para> <para>&man.dump.8; now supports inheritance of the - <literal>nodump</literal> flag down a hierarchy. &merged;</para> + <literal>nodump</literal> flag down a hierarchy. &merged;</para> - <para>The <option>-T</option> option to &man.dump.8; no longer swallows - an extra argument. &merged;</para> + <para>The <option>-T</option> option to &man.dump.8; no longer + swallows an extra argument. &merged;</para> <para>&man.dump.8; has a new <option>-D</option> option, allowing - the path to the <filename>/etc/dumpdates</filename> file to be - changed. &merged;</para> + the path to the <filename>/etc/dumpdates</filename> file to be + changed. &merged;</para> <para>&man.dump.8; now supplies progress information in its - process title, useful for monitoring automated backups. &merged;</para> + process title, useful for monitoring automated + backups. &merged;</para> <para>&man.edquota.8; now takes a <option>-f</option> option to - allow limiting the prototype quota distribution (specified with - <option>-p</option>) to a single filesystem. &merged;</para> + allow limiting the prototype quota distribution (specified with + <option>-p</option>) to a single filesystem. &merged;</para> <para>The functionality of <filename>/etc/security</filename> has - been been moved into a set of scripts under the &man.periodic.8; - framework, to make local customization easier and more - maintainable. These scripts now reside in - <filename>/etc/periodic/security/</filename>. &merged;</para> + been been moved into a set of scripts under the &man.periodic.8; + framework, to make local customization easier and more + maintainable. These scripts now reside in + <filename>/etc/periodic/security/</filename>. &merged;</para> <para>&man.fbtab.5; now accepts glob matching patterns for target - devices, not just individual devices and directories.</para> + devices, not just individual devices and directories.</para> - <para arch="i386">&man.fdisk.8; no longer attempts to search for - a device if none has been specified on the command line, but - instead tries to figure out the default device name from the - root device.</para> + <para arch="i386">&man.fdisk.8; no longer attempts to search for a + device if none has been specified on the command line, but + instead tries to figure out the default device name from the + root device.</para> <para>&man.fdread.1;, a program to read data from floppy disks, - has been added. It is a counterpart to &man.fdwrite.1; and is - designed to provide a means of recovering at least some data from - bad media, and to obviate for a complex invocation of - &man.dd.1;.</para> + has been added. It is a counterpart to &man.fdwrite.1; and is + designed to provide a means of recovering at least some data + from bad media, and to obviate for a complex invocation of + &man.dd.1;.</para> <para>&man.find.1; now takes the <option>-empty</option> flag, - which returns true if a file or directory is empty. &merged;</para> + which returns true if a file or directory is + empty. &merged;</para> <para>&man.find.1; now takes the <option>-iname</option> and - <option>-ipath</option> primaries for case-insensitive matches, - and the <option>-regexp</option> and <option>-iregexp</option> - primaries for regular-expression matches. The <option>-E</option> - flag now enables extended regular expressions. &merged;</para> + <option>-ipath</option> primaries for case-insensitive matches, + and the <option>-regexp</option> and <option>-iregexp</option> + primaries for regular-expression matches. The + <option>-E</option> flag now enables extended regular + expressions. &merged;</para> <para>&man.find.1; now has the <option>-anewer</option>, - <option>-cnewer</option>, <option>-mnewer</option>, - <option>-okdir</option>, and <option>-newer[acm][acmt]</option> - primaries for comparisons of file timestamps. The latter - primaries can be specified with various units of time. &merged;</para> + <option>-cnewer</option>, <option>-mnewer</option>, + <option>-okdir</option>, and <option>-newer[acm][acmt]</option> + primaries for comparisons of file timestamps. The latter + primaries can be specified with various units of + time. &merged;</para> <para>&man.finger.1; now has the ability to support fingering - aliases, via the &man.finger.conf.5; file. &merged;</para> + aliases, via the &man.finger.conf.5; file. &merged;</para> <para>&man.finger.1; now has support for a - <filename>.pubkey</filename> file.</para> + <filename>.pubkey</filename> file.</para> <para>&man.fmt.1; has been rewritten; the rewrite fixes a number - of bugs compared to its prior behavior. &merged;</para> + of bugs compared to its prior behavior. &merged;</para> <para>&man.fmtcheck.3;, a function for checking consistency of - format string arguments, has been added. &merged;</para> + format string arguments, has been added. &merged;</para> <para>&man.fsck.8; wrappers have been imported; this feature - provides infrastructure for &man.fsck.8; to work on different - types of filesystems (analogous to &man.mount.8;).</para> + provides infrastructure for &man.fsck.8; to work on different + types of filesystems (analogous to &man.mount.8;).</para> <para>The behavior of &man.fsck.8; when dealing with various - passes (a la <filename>/etc/fstab</filename>) has been modified to - accommodate multiple-disk filesystems.</para> + passes (a la <filename>/etc/fstab</filename>) has been modified + to accommodate multiple-disk filesystems.</para> <para>&man.fsck.8; now has support for foreground - (<option>-F</option>) and background (<option>-B</option>) checks. - Traditionally, &man.fsck.8; is invoked before the filesystems are - mounted and all checks are done to completion at that time. If - background checking is available, &man.fsck.8; is invoked twice. - It is first invoked at the traditional time, before the - filesystems are mounted, with the <option>-F</option> flag to do - checking on all the filesystems that cannot do background - checking. It is then invoked a second time, after the system has - completed going multiuser, with the <option>-B</option> flag to do - checking on all the filesystems that can do background checking. - Unlike the foreground checking, the background checking is started - asynchronously so that other system activity can proceed even on - the filesystems that are being checked. Boot-time enabling of - this feature is controlled by the - <varname>background_fsck</varname> option in &man.rc.conf.5;.</para> + (<option>-F</option>) and background (<option>-B</option>) + checks. Traditionally, &man.fsck.8; is invoked before the + filesystems are mounted and all checks are done to completion at + that time. If background checking is available, &man.fsck.8; is + invoked twice. It is first invoked at the traditional time, + before the filesystems are mounted, with the <option>-F</option> + flag to do checking on all the filesystems that cannot do + background checking. It is then invoked a second time, after + the system has completed going multiuser, with the + <option>-B</option> flag to do checking on all the filesystems + that can do background checking. Unlike the foreground + checking, the background checking is started asynchronously so + that other system activity can proceed even on the filesystems + that are being checked. Boot-time enabling of this feature is + controlled by the + <varname>background_fsck</varname> option in &man.rc.conf.5;.</para> <para>Shortly after the receipt of a <literal>SIGINFO</literal> - signal (normally control-T from the controlling tty), &man.fsck.ffs.8; - will now output a line indicating the current phase number and - progress information relevant to the current phase. &merged;</para> + signal (normally control-T from the controlling tty), + &man.fsck.ffs.8; will now output a line indicating the current + phase number and progress information relevant to the current + phase. &merged;</para> <para>&man.fsck.ffs.8; now supports background filesystem checks - to mounted FFS filesystems with the <option>-B</option> option - (softupdates must be enabled on these filesystems). The - <option>-F</option> flag now determines whether a specified - filesystem needs foreground checking.</para> + to mounted FFS filesystems with the <option>-B</option> option + (softupdates must be enabled on these filesystems). The + <option>-F</option> flag now determines whether a specified + filesystem needs foreground checking.</para> <para>A new &man.fsck.msdosfs.8; utility has been added to check - the consistency of MS-DOS filesystems. &merged;</para> + the consistency of MS-DOS filesystems. &merged;</para> <para>&man.ftpd.8; now supports a <option>-r</option> flag for - read-only mode and a <option>-E</option> flag to disable - <literal>EPSV</literal>. It also has some fixes to reduce - information leakage and the ability to specify compile-time port - ranges. &merged;</para> + read-only mode and a <option>-E</option> flag to disable + <literal>EPSV</literal>. It also has some fixes to reduce + information leakage and the ability to specify compile-time port + ranges. &merged;</para> <para>&man.ftpd.8; now supports <option>-o</option> and - <option>-O</option> options to disable the <literal>RETR</literal> - command; the former for everybody, and the latter only for guest users. - Coupled with <option>-A</option> and appropriate file permissions, - these can be used to create a relatively safe anonymous FTP drop box - for others to upload to.</para> + <option>-O</option> options to disable the + <literal>RETR</literal> command; the former for everybody, and + the latter only for guest users. Coupled with + <option>-A</option> and appropriate file permissions, these can + be used to create a relatively safe anonymous FTP drop box for + others to upload to.</para> <para arch="i386">&man.gdb.1; now supports hardware watchpoints (using the - kernel's debug register + support that has been introduced in - &os; 4.0). &merged;</para> + kernel's debug register + support that has been introduced in + &os; 4.0). &merged;</para> <para>The &man.getprogname.3; and &man.setprogname.3; library - functions have been added to manipulate the name of the current - program. They are used by error-reporting routines to produce - consistent output. &merged;</para> + functions have been added to manipulate the name of the current + program. They are used by error-reporting routines to produce + consistent output. &merged;</para> <para>&man.gprof.1; now has a <option>-K</option> option to enable - dynamic symbol resolution from the currently-running kernel. With - this change, properly-compiled KLD modules are now able to be - profiled.</para> + dynamic symbol resolution from the currently-running kernel. + With this change, properly-compiled KLD modules are now able to + be profiled.</para> <para>&man.growfs.8;, a utility for growing FFS filesystems, has - been added. &man.ffsinfo.8;, a utility for dump all the - meta-information of an existing filesystem, has also been - added. &merged;</para> + been added. &man.ffsinfo.8;, a utility for dump all the + meta-information of an existing filesystem, has also been + added. &merged;</para> <para>The &man.groups.1; and &man.whoami.1; shell scripts are now - unnecessary; their functionality has been completely folded into - &man.id.1;. &merged;</para> + unnecessary; their functionality has been completely folded into + &man.id.1;. &merged;</para> - <para>The &man.ibcs2.8;, &man.linux.8;, &man.osf1.8;, and &man.svr4.8; - scripts, whose sole purpose was to load emulation - kernel modules, have been removed. The kernel module system will - automatically load them as needed to fulfill dependencies.</para> + <para>The &man.ibcs2.8;, &man.linux.8;, &man.osf1.8;, and + &man.svr4.8; scripts, whose sole purpose was to load emulation + kernel modules, have been removed. The kernel module system + will automatically load them as needed to fulfill + dependencies.</para> <para>&man.indent.1; has gained some new formatting - options. &merged;</para> + options. &merged;</para> - <para>&man.ifconfig.8; command can set the link-layer address - of an interface using the <option>lladdr</option> parameter. - &merged;</para> + <para>&man.ifconfig.8; command can set the link-layer address of + an interface using the <option>lladdr</option> parameter. + &merged;</para> <para>&man.ifconfig.8; can now accept addresses in slash/CIDR notation. &merged;</para> <para>&man.ifconfig.8; now has support for setting parameters for - IEEE 802.11 wireless network devices. &man.wi.4; and - &man.an.4; devices are supported, and partial support is provided - for &man.awi.4; devices. &merged;</para> + IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4; + devices are supported, and partial support is provided for + &man.awi.4; devices. &merged;</para> <para>&man.ifconfig.8; no longer displays the list of supported - media by default. Instead it displays it when the - <option>-m</option> flag is given. &merged;</para> + media by default. Instead it displays it when the + <option>-m</option> flag is given. &merged;</para> <para>The syntax of &man.inetd.8;'s support for &man.faithd.8; is - now compatible with that of other BSDs. &merged;</para> + now compatible with that of other BSDs. &merged;</para> - <para>The <literal>ident</literal> protocol support in &man.inetd.8; has - been cleaned up and updated. &merged;</para> + <para>The <literal>ident</literal> protocol support in + &man.inetd.8; has been cleaned up and updated. &merged;</para> <para>&man.inetd.8; now has the ability to manage UNIX-domain - sockets. &merged;</para> + sockets. &merged;</para> <para>&man.install.1; has a number of new features, including the - <option>-b</option> and <option>-B</option> options for backing up - existing target files and the <option>-S</option> option for - <quote>safe</quote> (atomic copy) operation. The - <option>-c</option> (copy) flag is now the default, and the - <option>-D</option> (debugging) flag has been withdrawn. - &man.install.1; now issues a warning if <option>-d</option> - (create directories) and <option>-C</option> (copy changed files - only) are used together. &merged;</para> - - <para>IP Filter is now supported by the - &man.rc.conf.5; boot-time configuration and - initialization. &merged;</para> + <option>-b</option> and <option>-B</option> options for backing up + existing target files and the <option>-S</option> option for + <quote>safe</quote> (atomic copy) operation. The + <option>-c</option> (copy) flag is now the default, and the + <option>-D</option> (debugging) flag has been withdrawn. + &man.install.1; now issues a warning if <option>-d</option> + (create directories) and <option>-C</option> (copy changed files + only) are used together. &merged;</para> + + <para>IP Filter is now supported by the &man.rc.conf.5; boot-time + configuration and initialization. &merged;</para> <para>&man.ipfstat.8; now supports the <option>-t</option> option - to turn on a &man.top.1;-like display. &merged;</para> + to turn on a &man.top.1;-like display. &merged;</para> - <para>&man.ipfw.8; will now avoid the display of dynamic - firewall rules unless the <option>-d</option> flag is passed to - it. The <option>-e</option> option lists expired dynamic - rules. &merged;</para> + <para>&man.ipfw.8; will now avoid the display of dynamic firewall + rules unless the <option>-d</option> flag is passed to it. The + <option>-e</option> option lists expired dynamic + rules. &merged;</para> <para>&man.ipfw.8; has a new feature (<literal>me</literal>) that - allows for packet matching on interfaces with dynamically-changing - IP addresses. &merged;</para> + allows for packet matching on interfaces with + dynamically-changing IP addresses. &merged;</para> <para>&man.ipfw.8; has a new <literal>limit</literal> type of - firewall rule, which limits the number of sessions between address - pairs. &merged;</para> + firewall rule, which limits the number of sessions between + address pairs. &merged;</para> <para>&man.ipfw.8; filter rules can now match on the value of the - IPv4 precedence field.</para> + IPv4 precedence field.</para> - <para>&man.ip6fw.8; now has the ability to use a preprocessor - and use the <option>-q</option> (quiet) flag when reading from a - file. &merged;</para> + <para>&man.ip6fw.8; now has the ability to use a preprocessor and + use the <option>-q</option> (quiet) flag when reading from a + file. &merged;</para> <para>&man.kenv.1;, a command to dump the kernel environment, has - been added. &merged;</para> + been added. &merged;</para> <para>&man.keyinfo.1; is now a C program, rather than a Perl - script. &merged;</para> + script. &merged;</para> <para>&man.killall.1; is now a C program, rather than a Perl - script. As a result, its <option>-m</option> option now uses the - regular expression syntax of &man.regex.3;, rather than that of - &man.perl.1;. &merged;</para> + script. As a result, its <option>-m</option> option now uses + the regular expression syntax of &man.regex.3;, rather than that + of &man.perl.1;. &merged;</para> <para>&man.killall.1; now allows non-root users to kill SUID root - processes that they started, the same as the Perl version did. &merged;</para> + processes that they started, the same as the Perl version + did. &merged;</para> - <para>The &man.kldconfig.8; utility has been added to make it easier to - manipulate the kernel module search path. &merged;</para> + <para>The &man.kldconfig.8; utility has been added to make it + easier to manipulate the kernel module search + path. &merged;</para> <para>&man.last.1; now implements a <option>-d</option> that - provides a <quote>snapshot</quote> of who was logged in at a - particular date and time. &merged;</para> + provides a <quote>snapshot</quote> of who was logged in at a + particular date and time. &merged;</para> <para>The &man.lastlogin.8; utility, which prints the last login - time of each user, has been imported from - NetBSD. &merged;</para> + time of each user, has been imported from + NetBSD. &merged;</para> <para>&man.ldconfig.8; now checks directory ownerships and - permissions for greater security; these checks can be disabled - with the <option>-i</option> flag. &merged;</para> + permissions for greater security; these checks can be disabled + with the <option>-i</option> flag. &merged;</para> <para>&man.ldd.1; can now be used on shared libraries, in addition - to executables. &merged;</para> + to executables. &merged;</para> <para>&man.ldd.1; now supports a <option>-a</option> flag to list - all the objects that are needed by each loaded object.</para> + all the objects that are needed by each loaded object.</para> <para><filename>libc</filename> is now thread-safe by default; - <filename>libc_r</filename> contains only thread functions.</para> + <filename>libc_r</filename> contains only thread + functions.</para> <para><filename>libcrypt</filename> and - <filename>libdescrypt</filename> have been unified to provide a - configurable password authentication hash library. Both the md5 - and des hash methods are provided unless the des hash is - specifically compiled out. &merged;</para> + <filename>libdescrypt</filename> have been unified to provide a + configurable password authentication hash library. Both the md5 + and des hash methods are provided unless the des hash is + specifically compiled out. &merged;</para> <para><filename>libcrypt</filename> now has support for Blowfish - password hashing. &merged;</para> + password hashing. &merged;</para> <para arch="i386"><filename>libdisk</filename> can now do - install-time configuration of the <filename>boot0</filename> - boot loader. &merged;</para> + install-time configuration of the <filename>boot0</filename> + boot loader. &merged;</para> <para><filename>libstand</filename> now has support for - filesystems containing <application>bzip2</application>-compressed - files. &merged;</para> + filesystems containing + <application>bzip2</application>-compressed + files. &merged;</para> <para><filename>libstand</filename> now has support for - overwriting the contents of a file on a UFS filesystem (it cannot - expand or truncate files because the filesystem may be dirty or - inconsistent).</para> + overwriting the contents of a file on a UFS filesystem (it + cannot expand or truncate files because the filesystem may be + dirty or inconsistent).</para> <para>The default TCP port range used by - <filename>libfetch</filename> for passive FTP retrievals has - changed; this affects the behavior of &man.fetch.1;, which has - gained the <option>-U</option> option to restore the old - behavior. &merged;</para> + <filename>libfetch</filename> for passive FTP retrievals has + changed; this affects the behavior of &man.fetch.1;, which has + gained the <option>-U</option> option to restore the old + behavior. &merged;</para> <para><filename>libfetch</filename> now has support for an - authentication callback. &merged;</para> + authentication callback. &merged;</para> <para><filename>libfetch</filename> now has support for a - <envar>HTTP_USER_AGENT</envar> environment variable. &merged;</para> + <envar>HTTP_USER_AGENT</envar> environment + variable. &merged;</para> <para><filename>libgmp</filename> has been superceded by - <filename>libmp</filename>. + <filename>libmp</filename>. - <para>The functions from <filename>libposix1e</filename> have been - integrated into <filename>libc</filename>.</para> + <para>The functions from <filename>libposix1e</filename> have been + integrated into <filename>libc</filename>.</para> <para>&man.ln.1; now takes an <option>-i</option> option to - request user confirmation before overwriting an existing - file. &merged;</para> + request user confirmation before overwriting an existing + file. &merged;</para> <para>&man.ln.1; now takes a <option>-h</option> flag to avoid - following a target that is a link, with a <option>-n</option> flag - for compatibility with other implementations. &merged;</para> + following a target that is a link, with a <option>-n</option> + flag for compatibility with other + implementations. &merged;</para> <para>&man.logger.1; can now send messages directly to a remote - syslog. &merged;</para> + syslog. &merged;</para> <para>&man.login.1; now exports environment variables set by - <application>PAM</application> modules. &merged;</para> + <application>PAM</application> modules. &merged;</para> <para>&man.lpc.8; has been improved; <command>lpc clean</command> - is now somewhat safer, and a new <command>lpc tclean</command> - command has been added to check to see what files would be removed - by <command>lpc clean</command>. &merged;</para> + is now somewhat safer, and a new <command>lpc tclean</command> + command has been added to check to see what files would be + removed by <command>lpc clean</command>. &merged;</para> - <para>&man.lpd.8; now takes two new options: <option>-c</option> - will log all connection errors to &man.syslogd.8;, while - <option>-W</option> will allow connections from non-reserved - ports. &merged;</para> + <para>&man.lpd.8; now takes two new options: <option>-c</option> + will log all connection errors to &man.syslogd.8;, while + <option>-W</option> will allow connections from non-reserved + ports. &merged;</para> <para>&man.lpd.8; now has some support for - <literal>o</literal>-type print-file actions in its control files, - which allows printing of PostScript files generated by - <application>MacOS</application> 10.1. &merged;</para> + <literal>o</literal>-type print-file actions in its control + files, which allows printing of PostScript files generated by + <application>MacOS</application> 10.1. &merged;</para> <para>&man.lpr.1;, &man.lpq.1;, and &man.lpd.8; have received a - few minor enhancements. &merged;</para> + few minor enhancements. &merged;</para> <para>Catching up with most other network utilities in the base - system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and - &man.logger.1; are now all IPv6-capable. &merged;</para> + system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and + &man.logger.1; are now all IPv6-capable. &merged;</para> <para><command>lprm -</command> now works for remote printer - queues. &merged;</para> + queues. &merged;</para> <para>&man.ls.1; can produce colorized listings with the - <option>-G</option> flag (and appropriate terminal - support). The <envar>CLICOLOR</envar> environment variable can be set - to enable colorized listings by default. &merged;</para> + <option>-G</option> flag (and appropriate terminal support). + The <envar>CLICOLOR</envar> environment variable can be set to + enable colorized listings by default. &merged;</para> <para>&man.mail.1; now takes a <option>-E</option> flag to avoid - sending messages with empty bodies. &merged;</para> + sending messages with empty bodies. &merged;</para> <para>&man.make.1; has gained the <literal>:C///</literal> - (regular expression substitution), <literal>:L</literal> - (lowercase), and <literal>:U</literal> (uppercase) variable - modifiers. These were added to reduce the differences between the - &os; and - OpenBSD/NetBSD - &man.make.1; programs. &merged; </para> + (regular expression substitution), <literal>:L</literal> + (lowercase), and <literal>:U</literal> (uppercase) variable + modifiers. These were added to reduce the differences between + the &os; and OpenBSD/NetBSD &man.make.1; programs. + &merged;</para> <para>Bugs in &man.make.1;, among which include broken null suffix - behavior, bad assumptions about current directory permissions, and - potential buffer overflows, have been fixed. &merged;</para> + behavior, bad assumptions about current directory permissions, + and potential buffer overflows, have been fixed. &merged;</para> <para>The new <varname>CPUTYPE</varname> - <filename>make.conf</filename> variable controls the compilation - of processor-specific optimizations in various pieces of code such - as <application>OpenSSL</application>. &merged;</para> + <filename>make.conf</filename> variable controls the compilation + of processor-specific optimizations in various pieces of code + such as <application>OpenSSL</application>. &merged;</para> <para>The &os; <filename>Makefile</filename> infrastructure now - supports the <varname>WARNS</varname> directive from NetBSD. This - directive controls the addition of compiler warning flags to - <varname>CFLAGS</varname> in a relatively compiler-neutral - manner. &merged;</para> + supports the <varname>WARNS</varname> directive from NetBSD. + This directive controls the addition of compiler warning flags + to <varname>CFLAGS</varname> in a relatively compiler-neutral + manner. &merged;</para> <para>&man.man.1; is no longer installed SUID - <username>man</username>, in order to reduce vulnerabilities - associated with generating <quote>catpages</quote> (preformatted - manual pages cached for repeated viewing). As a result, - &man.man.1; can no longer create system catpages on a regular - user's behalf. It is still able to do so if the user has write - permissions to the directory holding catpages (e.g. a user's own - manpages) or if the running user is - <username>root</username>.</para> + <username>man</username>, in order to reduce vulnerabilities + associated with generating <quote>catpages</quote> (preformatted + manual pages cached for repeated viewing). As a result, + &man.man.1; can no longer create system catpages on a regular + user's behalf. It is still able to do so if the user has write + permissions to the directory holding catpages (e.g. a user's own + manpages) or if the running user is + <username>root</username>.</para> <para>The &man.mdmfs.8; command has been added; it is a wrapper - around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and - &man.mount.8; that mimics the command line option set of the - deprecated &man.mount.mfs.8;.</para> + around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and + &man.mount.8; that mimics the command line option set of the + deprecated &man.mount.mfs.8;.</para> <para>&man.mergemaster.8; now sources an - <filename>/etc/mergemaster.rc</filename> file and also prompts the - user to run recommended commands (such as - <command>newaliases</command>) as needed. &merged;</para> + <filename>/etc/mergemaster.rc</filename> file and also prompts + the user to run recommended commands (such as + <command>newaliases</command>) as needed. &merged;</para> - <para>&man.moused.8; now takes a <option>-a</option> option to control - mouse acceleration. &merged;</para> + <para>&man.moused.8; now takes a <option>-a</option> option to + control mouse acceleration. &merged;</para> <para>&man.mtree.8; now includes support for a file that lists - pathnames to be excluded when creating and verifying prototypes. - This makes it easier to use &man.mtree.8; as a part of an - intrusion-detection system. &merged;</para> + pathnames to be excluded when creating and verifying prototypes. + This makes it easier to use &man.mtree.8; as a part of an + intrusion-detection system. &merged;</para> <para>&man.natd.8; now supports a - <option>-log_ipfw_denied</option> option to log packets that - cannot be re-injected because they are blocked by &man.ipfw.8; - rules. &merged;</para> + <option>-log_ipfw_denied</option> option to log packets that + cannot be re-injected because they are blocked by &man.ipfw.8; + rules. &merged;</para> <para>The <quote>in use</quote> percentage metric displayed by - &man.netstat.1; now really reflects the percentage of network - mbufs used. &merged;</para> + &man.netstat.1; now really reflects the percentage of network + mbufs used. &merged;</para> <para>&man.netstat.1; now has a <option>-W</option> flag that - tells it not to truncate addresses, even if they're too long for - the column they're printed in. &merged;</para> + tells it not to truncate addresses, even if they're too long for + the column they're printed in. &merged;</para> <para>&man.netstat.1; now keeps track of input and output packets - on a per-address basis for each interface. &merged;</para> + on a per-address basis for each interface. &merged;</para> <para>&man.netstat.1; now has a <option>-z</option> flag to reset - statistics. &merged;</para> + statistics. &merged;</para> <para>&man.netstat.1; now has a <option>-S</option> flag to print - address numerically but port names symbolically. &merged;</para> + address numerically but port names symbolically. &merged;</para> <para>&man.newfs.8; now implements write combining, which can make - creation of new filesystems up to seven times - faster. &merged;</para> + creation of new filesystems up to seven times + faster. &merged;</para> <para>&man.newfs.8; now takes a <option>-U</option> option to - enable softupdates on a new filesystem. &merged;</para> + enable softupdates on a new filesystem. &merged;</para> <para>The default number of cylinders per group in &man.newfs.8; - is now computed to be the maximum allowable given the current - filesystem parameters. It can be overridden with the - <option>-c</option> option. Formerly, the default was fixed at 16. This - change leads to better &man.fsck.8; performance and reduced - fragmentation. &merged;</para> - - <para><anchor id="newfs-block-frag-sizes">The default block and fragment sizes for new filesystems created - by &man.newfs.8; are now 16384 and 2048 bytes, respectively (the - old defaults were 8192 and 1024 bytes). This change generally - provides increased performance, at the expense of some wasted disk - space. &merged;</para> - - <para>&man.newsyslog.8; now has the ability to compress - log files using &man.bzip2.1;. &merged;</para> + is now computed to be the maximum allowable given the current + filesystem parameters. It can be overridden with the + <option>-c</option> option. Formerly, the default was fixed at + 16. This change leads to better &man.fsck.8; performance and + reduced fragmentation. &merged;</para> + + <para><anchor id="newfs-block-frag-sizes">The default block and + fragment sizes for new filesystems created by &man.newfs.8; are + now 16384 and 2048 bytes, respectively (the old defaults were + 8192 and 1024 bytes). This change generally provides increased + performance, at the expense of some wasted disk + space. &merged;</para> + + <para>&man.newsyslog.8; now has the ability to compress log files + using &man.bzip2.1;. &merged;</para> <para><application>NFS</application> now works over IPv6.</para> <para>&man.ngctl.8; now supports a <option>write</option> command - to send a data packet down a given hook. &merged;</para> + to send a data packet down a given hook. &merged;</para> <para>&man.nl.1;, a line numbering filter program, has been - added. &merged;</para> + added. &merged;</para> - <para><application>nsswitch</application> support has been merged from NetBSD. By creating - an &man.nsswitch.conf.5; file, &os; can be configured so that - various databases such as &man.passwd.5; and &man.group.5; can be - looked up using flat files, NIS, or Hesiod. The old - <filename>hosts.conf</filename> file is no longer used.</para> + <para><application>nsswitch</application> support has been merged + from NetBSD. By creating an &man.nsswitch.conf.5; file, &os; + can be configured so that various databases such as + &man.passwd.5; and &man.group.5; can be looked up using flat + files, NIS, or Hesiod. The old + <filename>hosts.conf</filename> file is no longer used.</para> <para><application>PAM</application> support has been added for - account management and sessions.</para> + account management and sessions.</para> <para><application>PAM</application> configuration is now - specified by files in <filename>/etc/pam.d/</filename>, rather - than a single <filename>/etc/pam.conf</filename> file. - <filename>/etc/pam.d/README</filename> has more details.</para> + specified by files in <filename>/etc/pam.d/</filename>, rather + than a single <filename>/etc/pam.conf</filename> file. + <filename>/etc/pam.d/README</filename> has more details.</para> <para>&man.passwd.1; and &man.pw.8; now select the password hash - algorithm at run time. See the <literal>passwd_format</literal> - attribute in <filename>/etc/login.conf</filename>. &merged;</para> + algorithm at run time. See the <literal>passwd_format</literal> + attribute in + <filename>/etc/login.conf</filename>. &merged;</para> <para>&man.pax.1; has received a number of enhancements, including - &man.cpio.1; functionality, &man.tar.1; compatibility - enhancements, <option>-z</option> and <option>-Z</option> flags - for &man.gzip.1; and &man.compress.1; functionality, and a number - of bug fixes.</para> + &man.cpio.1; functionality, &man.tar.1; compatibility + enhancements, <option>-z</option> and <option>-Z</option> flags + for &man.gzip.1; and &man.compress.1; functionality, and a + number of bug fixes.</para> <para>&man.pciconf.8; now supports a <option>-v</option> option to - display the vendor/device information of configured devices, - in conjunction with the <option>-l</option> option. The default - vendor/device database can be found at - <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para> + display the vendor/device information of configured devices, in + conjunction with the <option>-l</option> option. The default + vendor/device database can be found at + <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para> <para>The behavior of &man.periodic.8; is now controlled by - <filename>/etc/defaults/periodic.conf</filename> and - <filename>/etc/periodic.conf</filename>. &merged;</para> + <filename>/etc/defaults/periodic.conf</filename> and + <filename>/etc/periodic.conf</filename>. &merged;</para> <para>&man.ping.8; now supports a <option>-m</option> option to - set the TTL of outgoing packets. &merged;</para> + set the TTL of outgoing packets. &merged;</para> <para>&man.ping.8; now supports a <option>-A</option> option to - beep when packets are lost. &merged;</para> + beep when packets are lost. &merged;</para> <para>Userland &man.ppp.8; has received a number of updates and - bug fixes. &merged;</para> + bug fixes. &merged;</para> <para>&man.ppp.8; has gained the <literal>tcpmssfixup</literal> - option, which adjusts outgoing and incoming TCP SYN packets so that the maximum - receive segment size is no larger than allowed by the interface - MTU. &merged;</para> + option, which adjusts outgoing and incoming TCP SYN packets so + that the maximum receive segment size is no larger than allowed + by the interface MTU. &merged;</para> <para>&man.ppp.8; now supports IPv6.</para> <para>&man.pppd.8; (the control program for kernel-level PPP) is - now installed mode <literal>4550</literal> and - <username>root</username><literal>:</literal><groupname>dialer</groupname>, - rather than mode <literal>4555</literal> (in other words, it is no - longer world-executable). Users of &man.pppd.8; may need to - change their group settings. &merged;</para> + now installed mode <literal>4550</literal> and + <username>root</username><literal>:</literal><groupname>dialer</groupname>, + rather than mode <literal>4555</literal> (in other words, it is + no longer world-executable). Users of &man.pppd.8; may need to + change their group settings. &merged;</para> <para>The <option>-W</option> option to &man.ps.1; (to extract - information from a specified swap device) has been useless for - some time; it has been removed. &merged;</para> + information from a specified swap device) has been useless for + some time; it has been removed. &merged;</para> <para>&man.pwd.1; can now double as &man.realpath.1;, a program to - resolve pathnames to their underlying physical paths. &merged;</para> + resolve pathnames to their underlying physical + paths. &merged;</para> <para>The pseudo-random number generator implemented by - &man.rand.3; has been improved to provide less biased results.</para> + &man.rand.3; has been improved to provide less biased + results.</para> - <para>&man.rc.8; now has an framework for handling dependencies between - &man.rc.conf.5; variables. &merged;</para> + <para>&man.rc.8; now has an framework for handling dependencies + between &man.rc.conf.5; variables. &merged;</para> <para>&man.rc.8; now deletes all non-directory files in - <filename>/var/run</filename> and - <filename>/var/spool/lock</filename> at boot time. &merged;</para> + <filename>/var/run</filename> and + <filename>/var/spool/lock</filename> at boot + time. &merged;</para> <para>&man.rcmd.3; now supports the use of the - <envar>RSH</envar> environment variable to specify a program to - use other than &man.rsh.1; for remote execution. As a result, - programs such as &man.dump.8;, can use &man.ssh.1; for remote - transport.</para> + <envar>RSH</envar> environment variable to specify a program to + use other than &man.rsh.1; for remote execution. As a result, + programs such as &man.dump.8;, can use &man.ssh.1; for remote + transport.</para> - <para>&man.rdist.1; has been retired from the base system, but is still - available from &os; Ports Collection as - <filename role="package">net/44bsd-rdist</filename>.</para> + <para>&man.rdist.1; has been retired from the base system, but is + still available from &os; Ports Collection as + <filename role="package">net/44bsd-rdist</filename>.</para> <para>The &man.resolver.3; in &os; now implements EDNS0 support, - which will be necessary when working with IPv6 transport-ready - resolvers/DNS servers. &merged;</para> + which will be necessary when working with IPv6 transport-ready + resolvers/DNS servers. &merged;</para> <para>The &man.rfork.thread.3; library call has been added as a - helper function to &man.rfork.2;. Using this function should - avoid the need to implement complex stack swap - code. &merged;</para> + helper function to &man.rfork.2;. Using this function should + avoid the need to implement complex stack swap + code. &merged;</para> <para>The <option>-v</option> option to &man.rm.1; now displays - the entire pathname of a file being removed.</para> + the entire pathname of a file being removed.</para> <para>&man.route.8; is now more verbose when changing indirect - routes, in the case of a gateway route that is the same route as - the one being modified. &merged;</para> + routes, in the case of a gateway route that is the same route as + the one being modified. &merged;</para> <para>&man.route.8; now uses - <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal> - syntax instead of - <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal> - syntax, for compatibility with &man.netstat.1;. &merged;</para> + <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal> + syntax instead of + <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal> + syntax, for compatibility with &man.netstat.1;. &merged;</para> <para>&man.route.8; can now create <quote>proxy only</quote> - published ARP entries. &merged;</para> + published ARP entries. &merged;</para> <para>The &man.route.8; <option>add</option> command now supports - the <option>-ifp</option> and <option>-ifa</option> - modifiers. &merged;</para> + the <option>-ifp</option> and <option>-ifa</option> + modifiers. &merged;</para> <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para> <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename> - (as on NetBSD), not <filename>/usr/libexec/cpp</filename>.</para> + (as on NetBSD), not + <filename>/usr/libexec/cpp</filename>.</para> <para>&man.rpc.lockd.8; has been imported from NetBSD. This - daemon enables locking on NFS filesystems.</para> + daemon enables locking on NFS filesystems.</para> <para>The performance of the ELF dynamic linker &man.rtld.1; has - been improved. &merged;</para> + been improved. &merged;</para> - <para>RSA Security has waived all patent rights to the <application>RSA</application> - algorithm. As a - result, the native <application>OpenSSL</application> - implementation of the RSA algorithm is now activated by default, - and the <filename role="package">security/rsaref</filename> port and the - <filename>librsaUSA</filename> and <filename>librsaINTL</filename> - libraries are - no longer required for USA and non-USA residents respectively. &merged;</para> + <para>RSA Security has waived all patent rights to the + <application>RSA</application> algorithm. As a result, the + native <application>OpenSSL</application> implementation of the + RSA algorithm is now activated by default, and the <filename + role="package">security/rsaref</filename> port and the + <filename>librsaUSA</filename> and + <filename>librsaINTL</filename> libraries are no longer required + for USA and non-USA residents respectively. &merged;</para> <para>&man.rtld.1; will now print the names of all objects that - cause each object to be loaded, if the - <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment - variable is defined.</para> + cause each object to be loaded, if the + <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment + variable is defined.</para> <para>&man.savecore.8; now supports a <option>-k</option> option - to prevent clearing a crash dump after saving it. It also - attempts to avoid writing large stretches of zeros to crash dump - files to save space and time. &merged;</para> + to prevent clearing a crash dump after saving it. It also + attempts to avoid writing large stretches of zeros to crash dump + files to save space and time. &merged;</para> <para>&man.savecore.8; now works correctly on machines with 2 GB - or more of RAM. &merged;</para> + or more of RAM. &merged;</para> <para>&man.sed.1; now takes a <option>-E</option> option for - extended regular expression support. &merged;</para> + extended regular expression support. &merged;</para> <para>&man.send-pr.1; now takes a <option>-a</option> option to - include a file into the <literal>Fix:</literal> section of a - problem report. &merged;</para> + include a file into the <literal>Fix:</literal> section of a + problem report. &merged;</para> <para>The &man.setfacl.1; and &man.getfacl.1; commands have been - added to manage file system Access Control Lists.</para> + added to manage file system Access Control Lists.</para> <para>&man.setproctitle.3; has been moved from - <filename>libutil</filename> to - <filename>libc</filename>. &merged;</para> + <filename>libutil</filename> to + <filename>libc</filename>. &merged;</para> <para>&man.sh.1; now implements <command>test</command> as a - built-in command for improved efficiency. &merged;</para> + built-in command for improved efficiency. &merged;</para> - <para>&man.sh.1; no longer - implements <command>printf</command> as a built-in command because - it was considered less valuable compared to the other built-in - commands (this functionality is, of course, still available - through the &man.printf.1; executable).</para> + <para>&man.sh.1; no longer implements <command>printf</command> as + a built-in command because it was considered less valuable + compared to the other built-in commands (this functionality is, + of course, still available through the &man.printf.1; + executable).</para> <para>&man.sockstat.1; now has <option>-c</option> and - <option>-l</option> flags for listing connected and listening - sockets, respectively. &merged;</para> + <option>-l</option> flags for listing connected and listening + sockets, respectively. &merged;</para> <para>&man.split.1; now has the ability to split a file longer - than 2GB. &merged;</para> + than 2GB. &merged;</para> <para>In preparation for meeting SUSv2/POSIX - <filename><sys/select.h></filename> requirements, - <literal>struct selinfo</literal> and related functions have been - moved to <filename><sys/selinfo.h></filename>.</para> + <filename><sys/select.h></filename> requirements, + <literal>struct selinfo</literal> and related functions have been + moved to <filename><sys/selinfo.h></filename>.</para> <para>The &man.strnstr.3; and &man.strcasestr.3; variants of - &man.strstr.3; have been implemented. &merged;</para> + &man.strstr.3; have been implemented. &merged;</para> <para>&man.stty.1; now has support for an - <literal>erase2</literal> control character, so that, for example, - both the <keycap>Delete</keycap> and <keycap>Backspace</keycap> - keys can be used to erase characters. &merged;</para> + <literal>erase2</literal> control character, so that, for + example, both the <keycap>Delete</keycap> and + <keycap>Backspace</keycap> keys can be used to erase + characters. &merged;</para> <para>&man.style.perl.7;, a style guide for Perl code in the &os; - base system, has been added. &merged;</para> + base system, has been added. &merged;</para> <para>&man.su.1; now uses <application>PAM</application> for - authentication.</para> + authentication.</para> <para>Boot-time &man.syscons.4; configuration was moved to a - machine-independent <filename>/etc/rc.syscons</filename>. &merged;</para> + machine-independent + <filename>/etc/rc.syscons</filename>. &merged;</para> <para>&man.sysctl.8; now supports a <option>-N</option> option to - print out variable names only. &merged;</para> + print out variable names only. &merged;</para> <para>&man.sysctl.8; has replaced the <option>-A</option> and - <option>-X</option> options with <option>-ao</option> and - <option>-ax</option> respectively; the former options are now - deprecated. The <option>-w</option> option is deprecated as well; it is - not needed to determine the user's intentions. &merged;</para> + <option>-X</option> options with <option>-ao</option> and + <option>-ax</option> respectively; the former options are now + deprecated. The <option>-w</option> option is deprecated as + well; it is not needed to determine the user's + intentions. &merged;</para> <para>&man.sysctl.8; now supports a <option>-e</option> option to - separate variable names and values by <literal>=</literal> rather - than <literal>:</literal>. This feature is useful for producing - output that can be fed back to &man.sysctl.8;. &merged;</para> + separate variable names and values by <literal>=</literal> + rather than <literal>:</literal>. This feature is useful for + producing output that can be fed back to + &man.sysctl.8;. &merged;</para> <para>&man.sysinstall.8; now properly preserves - <filename>/etc/mail</filename> during a binary upgrade. &merged;</para> + <filename>/etc/mail</filename> during a binary + upgrade. &merged;</para> <para>&man.sysinstall.8; now uses some more intuitive defaults - thanks to some new dialog support functions. &merged;</para> + thanks to some new dialog support functions. &merged;</para> <para>The default root partition in &man.sysinstall.8; is now - 100MB on the i386 and 120MB on the Alpha.</para> + 100MB on the i386 and 120MB on the Alpha.</para> - <para>&man.sysinstall.8; now lives in <filename>/usr/sbin</filename>, - which simplifies the installation process. The &man.sysinstall.8; - manpage is also installed in a more consistent fashion now.</para> + <para>&man.sysinstall.8; now lives in + <filename>/usr/sbin</filename>, which simplifies the + installation process. The &man.sysinstall.8; manpage is also + installed in a more consistent fashion now.</para> <para>&man.sysinstall.8; now has the ability to load KLDs as a - part of the installation. &merged;</para> + part of the installation. &merged;</para> <para>When run from the installation media, &man.sysinstall.8; - will automatically load any device drivers found in the - <filename>/stand/modules</filename> directory of the - <literal>mfsroot</literal> floppy or filesystem image. Note that - any drivers so loaded will not appear in the kernel's boot - messages; the &man.sysinstall.8; debugging screen will provide - additional information. &merged;</para> + will automatically load any device drivers found in the + <filename>/stand/modules</filename> directory of the + <literal>mfsroot</literal> floppy or filesystem image. Note + that any drivers so loaded will not appear in the kernel's boot + messages; the &man.sysinstall.8; debugging screen will provide + additional information. &merged;</para> <para>&man.sysinstall.8; now enables Soft Updates by default on - all filesystems it creates, except for the root - filesystem. &merged;</para> + all filesystems it creates, except for the root + filesystem. &merged;</para> <para>&man.sysinstall.8; has received updates for its - <quote>auto</quote> partitioning mode which provide more - reasonable defaults for the sizes of partitions that are created; - auto-sized partitions can now also recover the space that becomes - available when other partitions are deleted. &merged;</para> + <quote>auto</quote> partitioning mode which provide more + reasonable defaults for the sizes of partitions that are + created; auto-sized partitions can now also recover the space + that becomes available when other partitions are + deleted. &merged;</para> <para>&man.syslogd.8; can take a <option>-n</option> option to - disable DNS queries for every request. &merged;</para> + disable DNS queries for every request. &merged;</para> - <para>&man.syslogd.8; now supports a <literal>LOG_CONSOLE</literal> - facility (disabled by - default), which can be used to log <filename>/dev/console</filename> - output. &merged;</para> + <para>&man.syslogd.8; now supports a + <literal>LOG_CONSOLE</literal> facility (disabled by default), + which can be used to log <filename>/dev/console</filename> + output. &merged;</para> <para>&man.syslogd.8; now has the ability to bind to a specific - address (as opposed to using every available one) via the - <option>-b</option> option. &merged;</para> + address (as opposed to using every available one) via the + <option>-b</option> option. &merged;</para> <para>&man.syslogd.8; now accepts a <option>-c</option> flag to - disable repeated line compression. &merged;</para> + disable repeated line compression. &merged;</para> <para>&man.tail.1; now has the ability to work on files longer - than 2GB. &merged;</para> + than 2GB. &merged;</para> <para>&man.tar.1; now supports the <varname>TAR_RSH</varname> - variable, principally to enable the use of &man.ssh.1; as a - transport. &merged;</para> + variable, principally to enable the use of &man.ssh.1; as a + transport. &merged;</para> <para>&man.telnet.1; now does autologin and encryption by default; - a new <option>-y</option> option turns off encryption.</para> + a new <option>-y</option> option turns off encryption.</para> <para>&man.telnet.1; now supports a <option>-u</option> flag to - allow connections to UNIX-domain (<literal>AF_UNIX</literal>) - sockets. &merged;</para> + allow connections to UNIX-domain (<literal>AF_UNIX</literal>) + sockets. &merged;</para> <para>&man.tftpd.8; now takes the <option>-c</option> and - <option>-C</option> options, which allow the server to - &man.chroot.2; based on the IP address of the connecting client. - &man.tftp.1; and &man.tftpd.8; can now transfer files larger than - 65535 blocks. &merged;</para> + <option>-C</option> options, which allow the server to + &man.chroot.2; based on the IP address of the connecting client. + &man.tftp.1; and &man.tftpd.8; can now transfer files larger + than 65535 blocks. &merged;</para> <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval - and Transfer Size Options); this feature is required by some - firmware like EFI boot managers (at least on HP i2000 Itanium - servers) in order to boot an image using - <application>TFTP</application>.</para> + and Transfer Size Options); this feature is required by some + firmware like EFI boot managers (at least on HP i2000 Itanium + servers) in order to boot an image using + <application>TFTP</application>.</para> <para arch="alpha">&man.timed.8; now works on the alpha.</para> <para>A version of Transport Independent RPC - (<application>TI-RPC</application>) has been imported.</para> + (<application>TI-RPC</application>) has been imported.</para> <para>&man.tmpnam.3; will now use the <envar>TMPDIR</envar> - environment variable, if set, to specify the location of temporary - files. &merged;</para> + environment variable, if set, to specify the location of + temporary files. &merged;</para> <para>&man.tip.1; has been updated from - <application>OpenBSD</application>, and has the ability to act as - a &man.cu.1; substitute.</para> + <application>OpenBSD</application>, and has the ability to act + as a &man.cu.1; substitute.</para> <para>&man.top.1; will now use the full width of its tty.</para> <para>&man.touch.1; now takes a <option>-h</option> option to - operate on a symbolic link, rather than what the link points - to.</para> + operate on a symbolic link, rather than what the link points + to.</para> - <para>The &man.truncate.1; utility, which truncates or extends the length - of files, has been added. &merged;</para> + <para>The &man.truncate.1; utility, which truncates or extends the + length of files, has been added. &merged;</para> <para>Ukrainian language support has been added to the &os; - console. &merged;</para> + console. &merged;</para> <para><application>UUCP</application> has been removed from the - base system. It can be found in - the Ports Collection, in <filename role="package">net/freebsd-uucp</filename>.</para> + base system. It can be found in the Ports Collection, in + <filename role="package">net/freebsd-uucp</filename>.</para> - <para>&man.units.1; has received some updates and bugfixes. &merged;</para> + <para>&man.units.1; has received some updates and + bugfixes. &merged;</para> <para>&man.usbdevs.8; now supports a <option>-d</option> flag to - show the device driver associated with each device.</para> + show the device driver associated with each device.</para> <para>&man.uudecode.1; now accepts a <option>-o</option> option to - set its output file.</para> + set its output file.</para> <para>&man.vidcontrol.1; now accepts a <option>-g</option> - parameter to select custom text geometry in the - <literal>VESA_800x600</literal> raster text mode. &merged;</para> + parameter to select custom text geometry in the + <literal>VESA_800x600</literal> raster text mode. &merged;</para> <para>&man.vidcontrol.1; now allows the user to omit the font size - specification when loading a font, and has some better - error-handling. &merged;</para> + specification when loading a font, and has some better + error-handling. &merged;</para> - <para>&man.vidcontrol.1; now supports a <option>-p</option> option to - take a snapshot of a &man.syscons.4; video buffer. These - snapshots can be manipulated by the - <filename role="package">graphics/scr2png</filename> utility in the Ports - Collection. &merged;</para> + <para>&man.vidcontrol.1; now supports a <option>-p</option> option + to take a snapshot of a &man.syscons.4; video buffer. These + snapshots can be manipulated by the + <filename role="package">graphics/scr2png</filename> utility in + the Ports Collection. &merged;</para> <para>&man.vidcontrol.1; now supports a <option>-C</option> option - to clear the history buffer for a given tty, as well as a - <option>-h</option> option to set the size of the history buffer. &merged;</para> + to clear the history buffer for a given tty, as well as a + <option>-h</option> option to set the size of the history + buffer. &merged;</para> <para>The default stripe size in &man.vinum.8; has been changed - from 256KB to 279KB, to spread out superblocks more evenly between - stripes.</para> + from 256KB to 279KB, to spread out superblocks more evenly + between stripes.</para> <para>&man.wall.1; now supports a <option>-g</option> flag to - write a message to all users of a given group. &merged;</para> + write a message to all users of a given group. &merged;</para> <para>&man.watch.8; now takes a <option>-f</option> option to - specify a &man.snp.4; device to use.</para> + specify a &man.snp.4; device to use.</para> <para>&man.which.1; is now a C program, rather than a Perl - script.</para> + script.</para> - <para>&man.whois.1; now directs queries for IP addresses to - ARIN. If a query to ARIN references APNIC or RIPE, the - appropriate server will also be queried, provided that the - <option>-Q</option> option is not specified. &merged;</para> + <para>&man.whois.1; now directs queries for IP addresses to ARIN. + If a query to ARIN references APNIC or RIPE, the appropriate + server will also be queried, provided that the + <option>-Q</option> option is not specified. &merged;</para> <para>&man.whois.1; supports a <option>-c</option> option to - specify a country code to help direct queries towards a particular - whois server. &merged;</para> + specify a country code to help direct queries towards a + particular whois server. &merged;</para> <para>&man.xargs.1; now supports a <option>-J</option> - <replaceable>replstr</replaceable> option that allows the user to - tell &man.xargs.1; to insert the data read from standard input at - a specific point in the command line arguments rather than at the - end. &merged;</para> + <replaceable>replstr</replaceable> option that allows the user + to tell &man.xargs.1; to insert the data read from standard + input at a specific point in the command line arguments rather + than at the end. &merged;</para> <para>The compiler chain now uses the FSF-supplied C/C++ runtime - initialization code. This change brings about better - compatibility with code generated from the various egcs and gcc - ports, as well as the stock public FSF source. &merged;</para> + initialization code. This change brings about better + compatibility with code generated from the various egcs and gcc + ports, as well as the stock public FSF source. &merged;</para> <para>The threads library has gained some signal handling changes, - bug fixes, and performance enhancements (including zero system - call thread switching). &man.gdb.1; thread support has been - updated to match these changes. &merged;</para> + bug fixes, and performance enhancements (including zero system + call thread switching). &man.gdb.1; thread support has been + updated to match these changes. &merged;</para> <para>Significant additions have been made to internationalization - support; &os; now has complete locale support for the - <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, and - <literal>LC_MESSAGES</literal> categories. A number of - applications have been updated to take advantage of this - support.</para> + support; &os; now has complete locale support for the + <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, + and <literal>LC_MESSAGES</literal> categories. A number of + applications have been updated to take advantage of this + support.</para> <para>Locale names have been changed to improve compatibility with - the names used by X11R6, as well as a number of other UNIX - versions. As an example, the <literal>en_US.ISO_8859-1</literal> - locale name has been changed to - <literal>en_US.ISO8859-1</literal>. Entries in - <filename>/etc/locale.alias</filename> provide backward - compatibility. &merged;</para> + the names used by X11R6, as well as a number of other UNIX + versions. As an example, the + <literal>en_US.ISO_8859-1</literal> locale name has been changed + to + <literal>en_US.ISO8859-1</literal>. Entries in + <filename>/etc/locale.alias</filename> provide backward + compatibility. &merged;</para> <para><filename>/usr/src/share/examples/BSD_daemon/</filename> now - contains a scalable Beastie graphic. &merged;</para> + contains a scalable Beastie graphic. &merged;</para> <para>As part of an ongoing process, many manual pages were - improved, both in terms of their formatting markup and in their - content. &merged;</para> + improved, both in terms of their formatting markup and in their + content. &merged;</para> <sect3> <title>Contributed Software</title> - <para><application>am-utils</application> has been updated to - 6.0.7.</para> + <para><application>am-utils</application> has been updated to + 6.0.7.</para> <para><application>bc</application> has been updated from 1.04 to - 1.06. &merged;</para> + 1.06. &merged;</para> <para>The ISC library from the <application>BIND</application> - distribution is now built as + distribution is now built as <filename>libisc</filename>. &merged;</para> <para><application>BIND</application> is now built with the - <literal>NOADDITIONAL</literal> flag, which causes &man.named.8; - to operate in a more consistent fashion for certain common - misconfigurations. &merged;</para> + <literal>NOADDITIONAL</literal> flag, which causes + &man.named.8; to operate in a more consistent fashion for + certain common misconfigurations. &merged;</para> <para><application>BIND</application> has been updated to - 8.3.1-REL. &merged;</para> + 8.3.1-REL. &merged;</para> - <para><application>Binutils</application> has been updated to - a 21 February 2002 snapshot from the FSF 2.12 branch.</para> + <para><application>Binutils</application> has been updated to a + 21 February 2002 snapshot from the FSF 2.12 branch.</para> - <para><application>bzip2</application> 1.0.2 has been imported; this - brings the &man.bzip2.1; program and the <filename>libbz2</filename> - library to the base system. &merged;</para> + <para><application>bzip2</application> 1.0.2 has been imported; + this brings the &man.bzip2.1; program and the + <filename>libbz2</filename> library to the base + system. &merged;</para> <para>The &man.ee.1; <application>Easy Editor</application> has - been updated to 1.4.2. &merged;</para> + been updated to 1.4.2. &merged;</para> - <para><application>file</application> has been updated to 3.37.</para> + <para><application>file</application> has been updated to + 3.37.</para> - <para><application>gcc</application> has been updated to 2.95.3. &merged;</para> + <para><application>gcc</application> has been updated to + 2.95.3. &merged;</para> <para>&man.gcc.1; now uses a unified <filename>libgcc</filename> - rather than a separate one for threaded and non-threaded programs. - <filename>/usr/lib/libgcc_r.a</filename> can be removed. - &merged;</para> + rather than a separate one for threaded and non-threaded + programs. <filename>/usr/lib/libgcc_r.a</filename> can be + removed. &merged;</para> <para>&man.gcc.1; now supports the environment variable - <envar>GCC_OPTIONS</envar>, which can hold a set of default - options for <application>GCC</application>. &merged;</para> + <envar>GCC_OPTIONS</envar>, which can hold a set of default + options for <application>GCC</application>. &merged;</para> <para><application>GNATS</application> has been updated to - 3.113. &merged;</para> - + 3.113. &merged;</para> + <para><application>GNU awk</application> has been updated to - 3.1.0.</para> + 3.1.0.</para> - <para><application>gperf</application> has been updated to 2.7.2.</para> + <para><application>gperf</application> has been updated to + 2.7.2.</para> <para><application>groff</application> and its related utilities - have been updated to FSF version 1.17.2. This import brings in a - new &man.mdoc.7; macro package (sometimes referred to as - <literal>mdocNG</literal>), which removes many of the - limitations of its predecessor. &merged;</para> + have been updated to FSF version 1.17.2. This import brings + in a new &man.mdoc.7; macro package (sometimes referred to as + <literal>mdocNG</literal>), which removes many of the + limitations of its predecessor. &merged;</para> <para><application>Heimdal</application> has been updated to - 0.3f.</para> + 0.3f.</para> <para>The version of <application>IPFilter</application> - provided with &os; now includes the &man.ipfs.8; program, which - allows state information created for NAT entries and stateful - rules to be saved to disk and restored after a reboot. - Boot-time configuration of these features is supported by - &man.rc.conf.5;. &merged;</para> + provided with &os; now includes the &man.ipfs.8; program, + which allows state information created for NAT entries and + stateful rules to be saved to disk and restored after a + reboot. Boot-time configuration of these features is + supported by &man.rc.conf.5;. &merged;</para> <para>The <application>ISC DHCP</application> client has been - updated to 3.0.1RC6.</para> + updated to 3.0.1RC6.</para> <para><application>Kerberos IV</application> has been updated to - 1.0.5. &merged;</para> + 1.0.5. &merged;</para> - <para>The &man.more.1; command has been replaced by &man.less.1;, - although it can still be run as - <command>more</command>. &merged; Version 371 of <application>less</application> has - been imported.</para> + <para>The &man.more.1; command has been replaced by + &man.less.1;, although it can still be run as + <command>more</command>. &merged; Version 371 of + <application>less</application> has been imported.</para> <para><application>libpcap</application> has been updated to - 0.6.2. &merged;</para> + 0.6.2. &merged;</para> <para><application>libreadline</application> has been updated to - 4.2.</para> + 4.2.</para> <para><application>Linux-PAM</application> has been updated to - 0.75. &merged;</para> - - <para>A number of new <application>Linux-PAM</application> modules - have been added, including: <filename>pam_ftp</filename>, - <filename>pam_krb5</filename>, - <filename>pam_nologin</filename>, - <filename>pam_rootok</filename>, - <filename>pam_securetty</filename>, - <filename>pam_wheel</filename>.</para> - - <para><application>lukemftp</application> (the FTP client from NetBSD) has replaced the &os; - &man.ftp.1; program. Among its new features are more automation - methods, better standards compliance, transfer rate throttling, - and a customizable command-line prompt. Some environment - variables and command-line arguments have changed.</para> + 0.75. &merged;</para> + + <para>A number of new <application>Linux-PAM</application> + modules have been added, including: + <filename>pam_ftp</filename>, + <filename>pam_krb5</filename>, + <filename>pam_nologin</filename>, + <filename>pam_rootok</filename>, + <filename>pam_securetty</filename>, + <filename>pam_wheel</filename>.</para> + + <para><application>lukemftp</application> (the FTP client from + NetBSD) has replaced the &os; &man.ftp.1; program. Among its + new features are more automation methods, better standards + compliance, transfer rate throttling, and a customizable + command-line prompt. Some environment variables and + command-line arguments have changed.</para> <para>The FTP daemon from NetBSD, otherwise known as - <application>lukemftpd</application>, has been imported and is - available as &man.lukemftpd.8;.</para> + <application>lukemftpd</application>, has been imported and is + available as &man.lukemftpd.8;.</para> <para><application>ncurses</application> has been updated to - 5.2-20010512.</para> + 5.2-20010512.</para> - <para>The <application>NTP</application> suite of programs has been - updated to 4.1.0. &merged;</para> + <para>The <application>NTP</application> suite of programs has + been updated to 4.1.0. &merged;</para> - <para>The <application>OPIE</application> one-time-password suite - has been updated to 2.32. &merged; It has completely replaced - the functionality of <application>S/Key</application>.</para> + <para>The <application>OPIE</application> one-time-password + suite has been updated to 2.32. &merged; It has completely + replaced the functionality of + <application>S/Key</application>.</para> <para><application>Perl</application> has been updated to version - 5.6.0.</para> + 5.6.0.</para> - <para>&man.routed.8; has been updated to version 2.22. &merged;</para> + <para>&man.routed.8; has been updated to version + 2.22. &merged;</para> - <para arch="i386">Version 1.4.3 of the <application>smbfs</application> - userland utilities have been imported. &merged;</para> + <para arch="i386">Version 1.4.3 of the + <application>smbfs</application> userland utilities have been + imported. &merged;</para> <para><application>tcpdump</application> has been updated to - 3.6.3. &merged;</para> + 3.6.3. &merged;</para> <para>The &man.csh.1; shell has been replaced by &man.tcsh.1;, - although it can still be run as <command>csh</command>. - <application>tcsh</application> has been updated to version - 6.11. &merged;</para> + although it can still be run as <command>csh</command>. + <application>tcsh</application> has been updated to version + 6.11. &merged;</para> <para>The contributed version of - <application>tcp_wrappers</application> now includes the - &man.tcpd.8; helper daemon. While not strictly necessary in a - standard &os; installation (because &man.inetd.8; already - incorporates this functionality), this may be useful for - &man.inetd.8; replacements such as - <application>xinetd</application>.</para> + <application>tcp_wrappers</application> now includes the + &man.tcpd.8; helper daemon. While not strictly necessary in a + standard &os; installation (because &man.inetd.8; already + incorporates this functionality), this may be useful for + &man.inetd.8; replacements such as + <application>xinetd</application>.</para> <para><application>top</application> has been updated to version - 3.5b12.</para> + 3.5b12.</para> <para>&man.traceroute.8; now takes its default maximum TTL value - from the <varname>net.inet.ip.ttl</varname> sysctl - variable. &merged;</para> + from the <varname>net.inet.ip.ttl</varname> sysctl + variable. &merged;</para> <para>The timezone database has been updated to the - <filename>tzdata2001d</filename> release. &merged;</para> + <filename>tzdata2001d</filename> release. &merged;</para> <sect4> - <title>CVS</title> + <title>CVS</title> - <para><application>cvs</application> has been updated to - 1.11.1p1. &merged;</para> + <para><application>cvs</application> has been updated to + 1.11.1p1. &merged;</para> - <para>The default value for &man.cvs.1;'s - <envar>CVS_RSH</envar> variable is now <literal>ssh</literal>, - rather than <literal>rsh</literal>. &merged;</para> + <para>The default value for &man.cvs.1;'s + <envar>CVS_RSH</envar> variable is now + <literal>ssh</literal>, rather than + <literal>rsh</literal>. &merged;</para> - <para>&man.cvs.1; now supports a <option>-T</option> option to - update a sandbox's <filename>CVS/Template</filename> file from - the repository. &merged;</para> + <para>&man.cvs.1; now supports a <option>-T</option> option to + update a sandbox's <filename>CVS/Template</filename> file + from the repository. &merged;</para> <para>&man.cvs.1; <literal>diff</literal> now supports the - <option>-j</option> option to perform differences against a - revision relative to a branch tag. &merged;</para> + <option>-j</option> option to perform differences against a + revision relative to a branch tag. &merged;</para> </sect4> <sect4> <title>CVSup</title> <para><application>CVSup</application>, a frequently used - utility in the &os; Ports Collection, was formerly installable - using several ports and packages. The - <filename role="package">net/cvsup-bin</filename> and <filename role="package">net/cvsupd-bin</filename> - ports/packages are no longer necessary or available; the - <filename role="package">net/cvsup</filename> port should be used instead. &merged;</para> + utility in the &os; Ports Collection, was formerly + installable using several ports and packages. The + <filename role="package">net/cvsup-bin</filename> and + <filename role="package">net/cvsupd-bin</filename> + ports/packages are no longer necessary or available; the + <filename role="package">net/cvsup</filename> port should be + used instead. &merged;</para> <para><application>CVSup</application> has been updated to - 16.1_3, which is available in the &os; Ports Collection as - <filename role="package">net/cvsup</filename>. This update fixes a long-standing - (but only recently encountered) bug which affects the - timestamps on all files after Sun Sep 9 01:46:40 UTC 2001 - (1,000,000,000 seconds after the UNIX epoch). &merged;</para> + 16.1_3, which is available in the &os; Ports Collection as + <filename role="package">net/cvsup</filename>. This update + fixes a long-standing (but only recently encountered) bug + which affects the timestamps on all files after Sun Sep 9 + 01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX + epoch). &merged;</para> </sect4> <sect4 id="kame-userland"> - <title>KAME</title> + <title>KAME</title> - <para>The IPv6 stack is now based on a snapshot based on the KAME - Project's IPv6 snapshot as of 28 May, 2001. Most of the - items listed in this section are a result of this import. - <xref linkend="kame-kernel"> lists kernel updates to the KAME - IPv6 stack. &merged;</para> + <para>The IPv6 stack is now based on a snapshot based on the + KAME Project's IPv6 snapshot as of 28 May, 2001. Most of + the items listed in this section are a result of this + import. + <xref linkend="kame-kernel"> lists kernel updates to the + KAME IPv6 stack. &merged;</para> <para>&man.faithd.8; now supports a configuration file for - access control. &merged;</para> + access control. &merged;</para> <para>&man.ifconfig.8; can now perform the functions of - &man.gifconfig.8;. &merged;</para> + &man.gifconfig.8;. &merged;</para> <para>&man.ifconfig.8; can now perform the functions of - &man.prefix.8;. &man.prefix.8; is now a shell script for - partial backwards compatibility. &merged;</para> + &man.prefix.8;. &man.prefix.8; is now a shell script for + partial backwards compatibility. &merged;</para> <para>&man.ndp.8; now implements garbage collection for stale - NDP entries, as described in RFC 2461 (Neighbor Discovery for - IP Version 6 (IPv6)). &merged;</para> + NDP entries, as described in RFC 2461 (Neighbor Discovery + for IP Version 6 (IPv6)). &merged;</para> - <para>&man.pim6dd.8; and &man.pim6sd.8; have been removed due to - restrictive licensing conditions. These programs are available - in the ports collection as <filename role="package">net/pim6dd</filename> and - <filename role="package">net/pim6sd</filename>. &merged;</para> + <para>&man.pim6dd.8; and &man.pim6sd.8; have been removed due + to restrictive licensing conditions. These programs are + available in the ports collection as + <filename role="package">net/pim6dd</filename> and + <filename role="package">net/pim6sd</filename>. &merged;</para> <para>&man.route6d.8; now supports an <option>-n</option> flag - to avoid updating the kernel forwarding table. &merged;</para> + to avoid updating the kernel forwarding + table. &merged;</para> <para>The <option>-R</option> (router renumbering) option to - &man.rtadvd.8; is currently ignored. &merged;</para> + &man.rtadvd.8; is currently ignored. &merged;</para> </sect4> <sect4> - <title>OpenSSH</title> + <title>OpenSSH</title> <para><application>OpenSSH</application> has been updated to - 2.9, which provides support for the SSH2 protocol (now the - default) and DSA keys. &man.ssh-add.1; and &man.ssh-agent.1; - can now handle DSA keys, with support for authentication - forwarding. <application>OpenSSH</application> users in the - USA no longer need to rely on the restrictively-licensed - RSAREF toolkit which is required to handle RSA keys. Among - other new features: A client and server for sftp has been - added. &man.scp.1; can now handle files larger than 2 GBytes. - A limit on the number of outstanding, unauthenticated - connections in &man.sshd.8; has been added. Support has been - added for the Rijndael encryption algorithm. Rekeying of - existing sessions is now supported, and an experimental - <application>SOCKS4</application> proxy has been added to - &man.ssh.1;.</para> + 2.9, which provides support for the SSH2 protocol (now the + default) and DSA keys. &man.ssh-add.1; and + &man.ssh-agent.1; can now handle DSA keys, with support for + authentication forwarding. + <application>OpenSSH</application> users in the USA no + longer need to rely on the restrictively-licensed RSAREF + toolkit which is required to handle RSA keys. Among other + new features: A client and server for sftp has been added. + &man.scp.1; can now handle files larger than 2 GBytes. A + limit on the number of outstanding, unauthenticated + connections in &man.sshd.8; has been added. Support has + been added for the Rijndael encryption algorithm. Rekeying + of existing sessions is now supported, and an experimental + <application>SOCKS4</application> proxy has been added to + &man.ssh.1;.</para> <para><application>OpenSSH</application> can now authenticate - using OPIE passwords in SSH1 mode. Support is not yet available - in SSH2 mode. &merged;</para> + using OPIE passwords in SSH1 mode. Support is not yet + available in SSH2 mode. &merged;</para> - <para><application>PAM</application> support for - <application>OpenSSH</application> has been added.</para> + <para><application>PAM</application> support for + <application>OpenSSH</application> has been added.</para> - <para>A long-standing bug in <application>OpenSSH</application>, - which sometimes resulted in a dropped session when an - X11-forwarded client was closed, was fixed.</para> + <para>A long-standing bug in + <application>OpenSSH</application>, which sometimes resulted + in a dropped session when an X11-forwarded client was + closed, was fixed.</para> - <para><application>Kerberos</application> compatibility has been - added to <application>OpenSSH</application>. &merged;</para> + <para><application>Kerberos</application> compatibility has + been added to + <application>OpenSSH</application>. &merged;</para> - <para><application>OpenSSH</application> has been modified to be - more resistant to traffic analysis by requiring that - <quote>non-echoed</quote> characters are still echoed back in a - null packet, as well as by padding passwords sent so as not to - hint at password lengths. &merged;</para> + <para><application>OpenSSH</application> has been modified to + be more resistant to traffic analysis by requiring that + <quote>non-echoed</quote> characters are still echoed back + in a null packet, as well as by padding passwords sent so as + not to hint at password lengths. &merged;</para> - <para>&man.sshd.8; is now enabled by default on new - installs. &merged;</para> + <para>&man.sshd.8; is now enabled by default on new + installs. &merged;</para> - <para>&man.sshd.8; <literal>X11Forwarding</literal> is now turned - on by default on the server (any risk is to the client, where it - is already disabled by default). &merged;</para> + <para>&man.sshd.8; <literal>X11Forwarding</literal> is now + turned on by default on the server (any risk is to the + client, where it is already disabled by + default). &merged;</para> <para>In <filename>/etc/ssh/sshd_config</filename>, the - <literal>ConnectionsPerPeriod</literal> parameter has been - deprecated in favor of <literal>MaxStartups</literal>. &merged;</para> + <literal>ConnectionsPerPeriod</literal> parameter has been + deprecated in favor of + <literal>MaxStartups</literal>. &merged;</para> <para><application>OpenSSH</application> now has a - <literal>VersionAddendum</literal> configuration setting for - &man.sshd.8; to allow changing the part of the - <application>OpenSSH</application> version string after the - main version number.</para> + <literal>VersionAddendum</literal> configuration setting for + &man.sshd.8; to allow changing the part of the + <application>OpenSSH</application> version string after the + main version number.</para> </sect4> <sect4> - <title>OpenSSL</title> + <title>OpenSSL</title> <para><application>OpenSSL</application> has been updated to - 0.9.6c.</para> + 0.9.6c.</para> <para><application>OpenSSL</application> now has support for - machine-dependent ASM optimizations, activated by the new - <varname>MACHINE_CPU</varname> and/or <varname>CPUTYPE</varname> - <filename>make.conf</filename> variables. &merged;</para> + machine-dependent ASM optimizations, activated by the new + <varname>MACHINE_CPU</varname> and/or + <varname>CPUTYPE</varname> + <filename>make.conf</filename> variables. &merged;</para> </sect4> <sect4> <title>sendmail</title> - <para><application>sendmail</application> has been updated from - version 8.9.3 to version 8.12.2. Important changes include: - &man.sendmail.8; is no longer installed as a set-user-ID root - binary (now set-group-ID smmsp); new default file locations (see - <filename>/usr/src/contrib/sendmail/cf/README</filename>); - &man.newaliases.1; is limited to <username>root</username> and - trusted users; STARTTLS encryption; and the MSA port (587) is - turned on by default. See - <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> for - more information. &merged;</para> - - <para>&man.mail.local.8; is no longer installed as a set-user-ID - binary. If you are using a <filename>/etc/mail/sendmail.cf</filename> - from the default <filename>sendmail.cf</filename> included with &os; - any time after 3.1.0, you are fine. If you are using a - hand-configured <filename>sendmail.cf</filename> and - <command>mail.local</command> for delivery, check to make sure the - <literal>F=S</literal> flag is set on the - <literal>Mlocal</literal> line. Those with - <filename>.mc</filename> files who need to add the flag can do so - by adding the following line to their <filename>.mc</filename> - file and regenerating the <filename>sendmail.cf</filename> - file:</para> + <para><application>sendmail</application> has been updated + from version 8.9.3 to version 8.12.2. Important changes + include: &man.sendmail.8; is no longer installed as a + set-user-ID root binary (now set-group-ID smmsp); new + default file locations (see + <filename>/usr/src/contrib/sendmail/cf/README</filename>); + &man.newaliases.1; is limited to <username>root</username> + and trusted users; STARTTLS encryption; and the MSA port + (587) is turned on by default. See + <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> + for more information. &merged;</para> + + <para>&man.mail.local.8; is no longer installed as a + set-user-ID binary. If you are using a + <filename>/etc/mail/sendmail.cf</filename> from the default + <filename>sendmail.cf</filename> included with &os; any time + after 3.1.0, you are fine. If you are using a + hand-configured <filename>sendmail.cf</filename> and + <command>mail.local</command> for delivery, check to make sure the + <literal>F=S</literal> flag is set on the + <literal>Mlocal</literal> line. Those with + <filename>.mc</filename> files who need to add the flag can + do so by adding the following line to their + <filename>.mc</filename> file and regenerating the + <filename>sendmail.cf</filename> file:</para> <programlisting>MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting> <para>Note that <literal>FEATURE(`local_lmtp')</literal> already - does this. &merged;</para> + does this. &merged;</para> <para>The default <filename>/etc/mail/sendmail.cf</filename> - disables the SMTP <literal>EXPN</literal> and - <literal>VRFY</literal> commands. &merged;</para> + disables the SMTP <literal>EXPN</literal> and + <literal>VRFY</literal> commands. &merged;</para> - <para>&man.vacation.1; has been updated to use the version included with - <application>sendmail</application>. &merged;</para> + <para>&man.vacation.1; has been updated to use the version + included with <application>sendmail</application>. &merged;</para> <para>The <application>sendmail</application> configuration - building tools are installed in - <filename>/usr/share/sendmail/cf/</filename>. &merged;</para> + building tools are installed in + <filename>/usr/share/sendmail/cf/</filename>. &merged;</para> <para>New <filename>make.conf</filename> options: - <varname>SENDMAIL_MC</varname> and - <varname>SENDMAIL_ADDITIONAL_MC</varname>. See - <filename>/usr/share/examples/etc/make.conf</filename> for more - information. &merged;</para> - - <para><filename>/etc/mail/Makefile</filename> now supports: the - new <varname>SENDMAIL_MC</varname> <filename>make.conf</filename> - option; the ability to build <filename>.cf</filename> files from - <filename>.mc</filename> files; generalized map rebuilding; - rebuilding the aliases file; and the ability to stop, start, and - restart <application>sendmail</application>. &merged;</para> + <varname>SENDMAIL_MC</varname> and + <varname>SENDMAIL_ADDITIONAL_MC</varname>. See + <filename>/usr/share/examples/etc/make.conf</filename> for more + information. &merged;</para> + + <para><filename>/etc/mail/Makefile</filename> now supports: + the new <varname>SENDMAIL_MC</varname> + <filename>make.conf</filename> option; the ability to build + <filename>.cf</filename> files from + <filename>.mc</filename> files; generalized map rebuilding; + rebuilding the aliases file; and the ability to stop, start, + and restart + <application>sendmail</application>. &merged;</para> <para>The <username>smmsp</username> and - <username>mailnull</username> users have been added to - <filename>/etc/master.passwd</filename>. In the absence of a - <literal>confDEF_USER_ID</literal> setting, by default, - <application>sendmail</application> will use the - <username>mailnull</username> user for extra security. - Previously, if the <username>mailnull</username> user did not - exist, the <username>daemon</username> user was used. This - change may generate some permissions issues when mailing to - files or to programs (such as <filename role="package">mail/majordomo</filename>). - &merged; The previous behavior can be restored by adding the - following line to a system's - <filename><replaceable>*</replaceable>.mc</filename> - configuration file: + <username>mailnull</username> users have been added to + <filename>/etc/master.passwd</filename>. In the absence of a + <literal>confDEF_USER_ID</literal> setting, by default, + <application>sendmail</application> will use the + <username>mailnull</username> user for extra security. + Previously, if the <username>mailnull</username> user did + not exist, the <username>daemon</username> user was used. + This change may generate some permissions issues when + mailing to files or to programs (such as <filename + role="package">mail/majordomo</filename>). &merged; The + previous behavior can be restored by adding the following + line to a system's + <filename><replaceable>*</replaceable>.mc</filename> + configuration file: + <programlisting>define(`confDEF_USER_ID', `daemon')</programlisting> </para> </sect4> @@ -2873,84 +2995,88 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> <title>Ports/Packages Collection</title> <para><application>BSDPAN</application>, a collection of modules - that provides tighter integration of - <application>Perl</application> into the &os; Ports - Collection, has been added.</para> + that provides tighter integration of + <application>Perl</application> into the &os; Ports + Collection, has been added.</para> <para>&man.pkg.create.1; and &man.pkg.add.1; can now work with - packages that have been compressed using - &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT - environment variable to determine a mirror site for new - packages. &merged;</para> + packages that have been compressed using + &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT + environment variable to determine a mirror site for new + packages. &merged;</para> <para>&man.pkg.create.1; now records dependencies in dependency - order rather than in the order specified on the command line. - This improves the functioning of <command>pkg_add - -r</command>. &merged;</para> + order rather than in the order specified on the command line. + This improves the functioning of <command>pkg_add + -r</command>. &merged;</para> <para>&man.pkg.create.1; now supports a <option>-b</option> to - create a package file from a locally-installed - package. &merged;</para> + create a package file from a locally-installed + package. &merged;</para> <para>When requested to delete multiple packages, - &man.pkg.delete.1; will now attempt to remove them in dependency - order rather than the order specified on the command - line. &merged;</para> + &man.pkg.delete.1; will now attempt to remove them in + dependency order rather than the order specified on the + command line. &merged;</para> <para>&man.pkg.delete.1; now can perform glob/regexp matching of - package names. In addition, it supports a <option>-a</option> - option for removing all packages and a <option>-i</option> option - for &man.rm.1;-style interactive confirmation. &merged;</para> + package names. In addition, it supports a <option>-a</option> + option for removing all packages and a <option>-i</option> + option for &man.rm.1;-style interactive + confirmation. &merged;</para> <para>&man.pkg.delete.1; now supports a <option>-r</option> - option for recursive package removal. &merged;</para> + option for recursive package removal. &merged;</para> <para>&man.pkg.info.1; now supports globbing against names of - installed packages. The <option>-G</option> option disables this - behavior, and the <option>-x</option> option causes regular - expression matching instead of shell globbing. &merged;</para> - - <para>&man.pkg.info.1; can now accept a <option>-g</option> flag for - verifying an installed package against its recorded checksums (to - see if it's been modified post-installation). Naturally, this - mechanism is only as secure as the contents of - <filename>/var/db/pkg</filename> if it's to be used for auditing - purposes. &merged;</para> + installed packages. The <option>-G</option> option disables + this behavior, and the <option>-x</option> option causes + regular expression matching instead of shell + globbing. &merged;</para> + + <para>&man.pkg.info.1; can now accept a <option>-g</option> flag + for verifying an installed package against its recorded + checksums (to see if it's been modified post-installation). + Naturally, this mechanism is only as secure as the contents of + <filename>/var/db/pkg</filename> if it's to be used for auditing + purposes. &merged;</para> <para>&man.pkg.sign.1; and &man.pkg.check.1; have been added to - digitally sign and verify the signatures on binary package - files. &merged;</para> + digitally sign and verify the signatures on binary package + files. &merged;</para> <para>&man.pkg.update.1;, a utility to update installed packages - and update their dependencies, has been added. &merged;</para> + and update their dependencies, has been added. &merged;</para> <para>&man.pkg.version.1; now has a version number comparison - routine that corresponds to the Porters Handbook. It also has a - <option>-t</option> option for testing address comparisons. - &merged;</para> + routine that corresponds to the Porters Handbook. It also has + a <option>-t</option> option for testing address comparisons. + &merged;</para> <para>&man.pkg.version.1; now takes a <option>-s</option> flag - to limit its operation to ports/packages matching a given - string. &merged;</para> + to limit its operation to ports/packages matching a given + string. &merged;</para> <para>Version numbers of installed packages have a new - (backward-compatible) syntax, which supports the - <varname>PORTREVISION</varname> and <varname>PORTEPOCH</varname> - variables in Ports Collection <filename>Makefile</filename>s. - These changes help keep track of changes in the ports collection - entries such as security patches or &os;-specific updates, which - aren't reflected in the original, third-party software - distributions. &man.pkg.version.1; can now compare these - new-style version numbers. &merged;</para> - - <para>To improve performance and disk utilization, the <quote>ports - skeletons</quote> in the &os; Ports Collection have been restructured. - Installed ports and packages should not be affected. &merged;</para> - - <para>All packages and ports now contain an <quote>origin</quote> - directive, which makes it easier for programs such as - &man.pkg.version.1; to determine the directory from which a - package was built. &merged;</para> + (backward-compatible) syntax, which supports the + <varname>PORTREVISION</varname> and + <varname>PORTEPOCH</varname> variables in Ports Collection + <filename>Makefile</filename>s. These changes help keep track + of changes in the ports collection entries such as security + patches or &os;-specific updates, which aren't reflected in + the original, third-party software distributions. + &man.pkg.version.1; can now compare these new-style version + numbers. &merged;</para> + + <para>To improve performance and disk utilization, the + <quote>ports skeletons</quote> in the &os; Ports Collection + have been restructured. Installed ports and packages should + not be affected. &merged;</para> + + <para>All packages and ports now contain an + <quote>origin</quote> directive, which makes it easier for + programs such as &man.pkg.version.1; to determine the + directory from which a package was built. &merged;</para> </sect3> </sect2> </sect1> @@ -3007,4 +3133,3 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting> files.</para> </important> </sect1> - |
