diff options
| author | hrs <hrs@FreeBSD.org> | 2004-11-07 18:17:38 +0000 |
|---|---|---|
| committer | hrs <hrs@FreeBSD.org> | 2004-11-07 18:17:38 +0000 |
| commit | 71269597afb1f0a3b1547454c959449b2263d128 (patch) | |
| tree | 60113ee4121ae7407e5d9177f5591a1436f5092a /release | |
| parent | 91c7ceba8bf0c95957a4a830271193a008d2f102 (diff) | |
| download | FreeBSD-src-71269597afb1f0a3b1547454c959449b2263d128.zip FreeBSD-src-71269597afb1f0a3b1547454c959449b2263d128.tar.gz | |
Trim the relnotes items added before 5.3-RELEASE.
Diffstat (limited to 'release')
| -rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/article.sgml | 1753 | ||||
| -rw-r--r-- | release/doc/en_US.ISO8859-1/relnotes/common/new.sgml | 1753 |
2 files changed, 26 insertions, 3480 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index 7dcbd1b..e564051 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -16,14 +16,7 @@ <abstract> <para>The release notes for &os; &release.current; contain a summary - of -<![ %include.historic; [ - the changes made to the &os; base system since &release.prev;. -]]> -<![ %no.include.historic; [ - recent changes made to the &os; base system on the &release.branch; - development branch. -]]> + of the changes made to the &os; base system since &release.branch; is created. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. @@ -108,409 +101,17 @@ <sect2 id="security"> <title>Security Advisories</title> - <para>A bug in &man.mksnap.ffs.8; has been fixed; it caused the creation of a - file system snapshot to reset the flags on the file system to - their default values. The possible consequences depended on local - usage, but could include disabling extended access control lists - or enabling the use of setuid executables stored on an untrusted - file system. This bug also affected the &man.dump.8; - <option>-L</option> option, which uses &man.mksnap.ffs.8;. Note - that &man.mksnap.ffs.8; is normally only available to the - superuser and members of the <groupname>operator</groupname> - group. For more information, see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para> - - <para>A bug with the System V Shared Memory interface - (specifically the &man.shmat.2; system call) has been fixed. - This bug can cause a shared memory segment to reference - unallocated kernel memory. In turn, this can permit a local - attacker to gain unauthorized access to parts of kernel memory, - possibly resulting in disclosure of sensitive information, - bypass of access control mechanisms, or privilege escalation. - More details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>. - &merged;</para> - - <para>A programming error in the &man.jail.attach.2; system call - has been fixed. This error could allow a process with superuser - privileges inside a &man.jail.8; environment to change its root - directory to that of a different jail, and thus gain full read - and write access to files and directories within the target - jail. More information can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para> - - <para>A potential low-bandwidth denial-of-service attack against - the &os; TCP stack has been prevented by limiting the number of - out-of-sequence TCP segments that can be held at one time. More - details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>. - &merged;</para> - - <para>A bug in <application>OpenSSL</application>'s SSL/TLS - ChangeCipherSpec message processing could result in - a null pointer dereference, has been fixed. - This could allow a remote attacker to crash an - <application>OpenSSL</application>-using - application and cause a denial-of-service on the system. - More details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc">FreeBSD-SA-04:05</ulink>. - &merged;</para> - - <para>A programming error in the handling of some IPv6 - socket options within the &man.setsockopt.2; system call - has been fixed. This allows a local attacker to cause a - system panic, and may allow to gain unauthorized access to - parts of kernel memory, possibly resulting in disclosure - of sensitive information, bypass of access control - mechanisms, or privilege escalation. - More details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc">FreeBSD-SA-04:06</ulink>.</para> - - <para>Two programming errors in <application>CVS</application> - have been fixed. They allow a server to overwrite arbitrary - files on the client, and a client to read arbitrary files - on the server when accessing remote CVS repositories. - More details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc">FreeBSD-SA-04:07</ulink>. &merged;</para> - - <para>A bugfix for <application>Heimdal</application> rectifies a - problem in which it would not perform adequate checking of - authentication across autonomous realms. For more information, - see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:08.heimdal.asc">FreeBSD-SA-04:08</ulink>. &merged;</para> - - <para>A programming error in <application>CVS</application> which - allow the malicious client to overwrite arbitrary portions of - the server's memory has been fixed. For more information, - see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc">FreeBSD-SA-04:10</ulink>. &merged;</para> - - <para>A potential cache consistency problem of - the implementation of the &man.msync.2; system call - involving the <literal>MS_INVALIDATE</literal> - operation has been fixed. However, as a side effect of closing - this security problem, the <literal>MS_INVALIDATE</literal> - flag no longer guarantees that all pages in the range are invalidated. - Users who require the old semantics of <literal>MS_INVALIDATE</literal> - and are not concerned with the security issue being fixed can set the - <varname>vm.old_msync</varname> sysctl to 1 which will revert to - the old (insecure) behavior. For more information, - see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc">FreeBSD-SA-04:11</ulink>. &merged;</para> - - <para>A programming error in the &man.jail.2; system call - which results in a failure to verify that an attempt - to manipulate routing tables originated from a non-jailed process - has been fixed. - For more information, see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jail.asc">FreeBSD-SA-04:12</ulink>. &merged;</para> - - <para>A programming error in the handling of some Linux system calls which - may result in memory locations being accessed without proper validation - has been fixed. - For more information, see security advisory <ulink - url="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:13.linux.asc">FreeBSD-SA-04:13</ulink>. &merged;</para> - - <para>A number of programming errors in <application>CVS</application> - which allow information disclosure, denial-of-service, or - possibly arbitrary code execution, have been fixed - via an upgrade to <application>CVS</application> 1.11.17. - For more information, see security advisory <ulink - url="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc">FreeBSD-SA-04:14</ulink>. &merged;</para> - - <para>A bug in <literal>CONS_SCRSHOT</literal> &man.ioctl.2; - has been fixed; it may allow to gain unauthorized access to - parts of kernel memory, possibly resulting in disclosure - of sensitive information, bypass of access control - mechanisms, or privilege escalation. - For more information, see security advisory <ulink - url="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:15.syscons.asc">FreeBSD-SA-04:15</ulink>. &merged;</para> - + <para></para> </sect2> <sect2 id="kernel"> <title>Kernel Changes</title> - <para><literal>ADAPTIVE_MUTEXES</literal> has been added - and enabled by default. This changes the behavior - of blocking mutexes to spin if the thread that currently - owns the mutex is executing on another CPU. - This feature can be disabled explicitly by setting - a kernel option <varname>NO_ADAPTIVE_MUTEXES</varname>.</para> - - <para>A kernel option <varname>ADAPTIVE_GIANT</varname>, which - causes the Giant lock to also be treated in - an adaptive fashion when adaptive mutexes are enabled, - has been added. This improves the performance of SMP machines - and is enabled by default on the i386.</para> - - <para>The &man.bus.dma.9; interface now supports transparently honoring - the alignment and boundary constraints in the DMA tag - when loading buffers, and <function>bus_dmamap_load()</function> - will automatically use bounce buffers when needed. - In addition, a set of sysctls <varname>hw.busdma.*</varname> - for &man.bus.dma.9; statistics has been added.</para> - - <para>The &man.contigmalloc.9; function has been reimplemented - with an algorithm which stands a greatly-improved chance of working - despite pressure from running programs. The old algorithm can be used - by setting a sysctl <varname>vm.old_contigmalloc</varname>. More details - can be found in the &man.contigmalloc.9; manual page.</para> - - <para>The &man.devfs.5; path rules now work correctly on - directories.</para> - - <para>The &man.getvfsent.3; API has been removed.</para> - - <para>The <varname>hw.pci.allow_unsupported_io_range</varname> - loader tunable has been removed.</para> - - <para>&man.jail.2; now supports the use of raw sockets from within a jail. - This feature is disabled by default, and controlled by using the - <varname>security.jail.allow_raw_sockets</varname> sysctl.</para> - - <para>&man.kqueue.2; now supports a new filter - <literal>EVFILT_FS</literal> to be used to signal generic file system - events to the user space. Currently, mount, unmount, and up/down - status of NFS are signaled.</para> - - <para>KDB, a new debugger framework, has been added. - This consists of a new GDB backend, which has been rewritten to support - threading, run-length encoding compression, and so on, and - the frontend that provides a framework in which multiple, different - debugger backends can be configured and which provides - basic services to those backends. - The following options has been changed:</para> - - <itemizedlist> - <listitem> - <para>KDB is enabled by default - via the kernel options <literal>options KDB</literal>, - <literal>options GDB</literal>, and <literal>options DDB</literal>. - Both <literal>DDB</literal> and - <literal>GDB</literal> specify which KDB backends to include.</para> - </listitem> - - <listitem> - <para><literal>WITNESS_DDB</literal> has been renamed to - <literal>WITNESS_KDB</literal>.</para> - </listitem> - - <listitem> - <para><literal>DDB_TRACE</literal> has been renamed to - <literal>KDB_TRACE</literal>.</para> - </listitem> - - <listitem> - <para><literal>DDB_UNATTENDED</literal> has been renamed to - <literal>KDB_UNATTENDED</literal>.</para> - </listitem> - - <listitem> - <para><literal>SC_HISTORY_DDBKEY</literal> has been renamed to - <literal>SC_HISTORY_KDBKEY</literal>.</para> - </listitem> - - <listitem> - <para><literal>DDB_NOKLDSYM</literal> has been removed. - The new DDB backend supports pre-linker symbol - lookups as well as KLD symbol lookups at the same time.</para> - </listitem> - - <listitem> - <para><literal>GDB_REMOTE_CHAT</literal> has been removed. - The GDB protocol hacks to allow this are &os; specific. - At the same time, the GDB protocol has packets for console - output.</para> - </listitem> - </itemizedlist> - - <para>KDB also serves as the single point of contact for any and - all code that wants to make use of the debugger functions, - such as entering the debugger or handling of the - alternate break sequence. - For this purpose, the frontend has been made non-optional. - All debugger requests are forwarded or handed over to the current - backend, if applicable. - Selection of the current backend is done by the - <varname>debug.kdb.current</varname> sysctl. - A list of configured backends can be obtained with the - <varname>debug.kdb.available</varname> sysctl. - One can enter the debugger by writing to the - <varname>debug.kdb.enter</varname> sysctl.</para> - - <para>A new sysctl <varname>debug.kdb.stop_cpus</varname> has been - added. This controls whether or not IPI (Inter Processor Interrupts) - to other CPUs will be delivered when entering the debugger, - in order to stop them while in the debugger.</para> - - <para arch="amd64">Loadable kernel modules now work and are - enabled in the amd64 build.</para> - - <para arch="amd64">Preliminary support for running 32-bit - Linux binaries on amd64 has been added. This feature is enabled with the - <literal>COMPAT_LINUX32</literal> kernel option.</para> - - <para>A new kernel option <literal>MAC_STATIC</literal> which - disables internal MAC Framework synchronization protecting against - dynamic load and unload of MAC policies, has been added.</para> - - <para>The &man.mac.bsdextended.4; policy now supports to match and - apply on a first rule only in place of all rules match. - This feature can be enabled by setting a new sysctl - <varname>mac_bsdextended_firstmatch_enabled</varname>.</para> - - <para>The &man.mac.bsdextended.4; policy can now log - failed attempts to syslog's <literal>AUTHPRIV</literal> facility. - This feature can be enabled by setting a new sysctl - <varname>mac_bsdextended_logging</varname>.</para> - - <para>mballoc has been replaced with mbuma, an Mbuf and Cluster - allocator built on top of a number of extensions to the UMA framework. - Due to this change, the <literal>NMBCLUSTERS</literal> kernel option - is no longer used. The maximum number of the clusters is still - capped off according to <literal>maxusers</literal>, - but it can be made unlimited by setting the - <varname>kern.ipc.nmbclusters</varname> loader tunable to zero.</para> - - <para><filename>/dev/kmem</filename>, <filename>/dev/mem</filename>, - and <filename>/dev/io</filename> are also provided as kernel - loadable modules now.</para> - - <para>A bug in &man.mmap.2; that pages marked as <literal>PROT_NONE</literal> - may become readable under certain circumstances, has been fixed. &merged;</para> - - <para arch="i386,pc98">A new kernel option <literal>MP_WATCHDOG</literal> - has been added; it - allows one of the logical CPUs on a system to be used as a dedicated - watchdog to cause a drop to the debugger and/or generate an NMI - to the boot processor if the kernel ceases to respond. - Several sysctls are available to enable the watchdog running out of the - processor's idle thread; a callout is launched to reset a timer - in the watchdog. If the callout fails to reset the timer for ten seconds, - the timeout process will take place. The <varname>debug.watchdog_cpu</varname> - sysctl allows to select which CPU will run the watchdog.</para> - - <para arch="i386,pc98">A sysctl <varname>debug.leak_schedlock</varname> - has been added. This causes a sysctl handler that incorrectly leaks - the holding sched lock, to spin the lock - in order to trigger the watchdog provided by the - <literal>MP_WATCHDOG</literal> option.</para> - - <para>A new loader tunable <varname>debug.mpsafenet</varname> has been - added and enabled by default. This causes the &os; network stack - to operate without the Giant lock, resulting in performance - improvement by increasing parallelism and decreasing latency - in network processing. Note that enabling one of the &man.ng.tty.4; - Netgraph node type, KAME IPsec, and IPX/SPX subsystem results in a boot-time - restoration of Giant-enabled network operation, or run-time - warning on dynamic load as these components require Giant lock - for correct operation.</para> - - <para>A new kernel option <varname>NET_WITH_GIANT</varname> has been - added. This restores the default value of debug.mpsafenet to - <literal>0</literal>, and is intended for use on systems compiled with - known unsafe components, or where a more conservative configuration is - desired.</para> - - <para>A new loader tunable <varname>debug.mpsafevm</varname> has been - added. This currently results in almost - Giant-free execution of zero-fill page faults.</para> - - <para arch="i386,amd64">A loader tunable <varname>debug.mpsafevm</varname> + <para>The loader tunable <varname>debug.mpsafevm</varname> has been has been enabled by default.</para> - <para arch="alpha,amd64,i386">A new kernel option - <literal>PREEMPTION</literal> has been added. - This allows the threads that are in the kernel to be preempted - by higher priority threads. It helps with interactivity and - allows interrupt threads to run sooner rather than waiting.</para> - - <para>A devclass level has been added to the dev sysctl tree, - in order to support per-class variables in addition to - per-device variables. This means that <varname>dev.foo0.bar</varname> - is now called <varname>dev.foo.0.bar</varname>, and it is - possible to to have <varname>dev.foo.bar</varname> as well.</para> - - <para>A new sysctl, <varname>kern.always_console_output</varname>, - has been added. It makes output from the kernel go to the console despite - the use of <varname>TIOCCONS</varname>.</para> - - <para>A sysctl <varname>kern.sched.name</varname> - which has the name of the scheduler currently in use, - has been added, and the <varname>kern.quantum</varname> sysctl - has been moved to <varname>kern.sched.quantum</varname> - for consistency.</para> - - <para>The &man.pci.4; bus resource and power management have - been updated. - - <note> - <para>Although the &man.pci.4; bus power state management - has been enabled by default, it may cause problems on some systems. - This can be disabled by setting the tunable - <varname>hw.pci.do_powerstate</varname> to - <literal>0</literal>.</para> - </note> - </para> - - <para>The ULE scheduler has been added as an additional scheduler. - Note that the conventional one, which is called 4BSD, is still used - as the default scheduler in <filename>GENERIC</filename> kernel. - For the average user, - interactivity is reported to be better in many cases. This - means less <quote>skipping</quote> and <quote>jerking</quote> in - interactive applications while the machine is very busy. This - will not prevent problems due to overloaded disk subsystems, but - it does help with overloaded CPUs. On SMP machines, ULE has - per-CPU run queues which allow for CPU affinity, CPU binding, - and advanced HyperThreading support, as well as providing a - framework for more optimizations in the future. As fine-grained - kernel locking continues, the scheduler will be able to make - more efficient use of the available parallel resources.</para> - - <para>A linear search algorithm used in - &man.vm.map.findspace.9; has been replaced with - an O(log n) algorithm built into the map entry splay tree. - This significantly reduces the overhead in &man.vm.map.findspace.9; - for applications that &man.mmap.2; many hundreds or thousands - of regions.</para> - - <para>The loader tunables <varname>debug.witness_*</varname> - have been renamed to <varname>debug.witness.*</varname>.</para> - <!-- Above this line, sort kernel changes by manpage/keyword--> - <para>The &os; dynamic and static linker now support Thread Local Storage (TLS), - a <application>GCC</application> feature which supports - a <literal>__thread</literal> modifier - to the declaration of global and static variables. - This extra modifier means that the variable's value is - thread-local; one thread changing its value will not - affect the value of the variable in any other thread.</para> - - <para>The kernel's file descriptor allocation code has been - updated, and is now derived from similar code in OpenBSD.</para> - - <para arch="sparc64">On &os;/sparc64, <varname>time_t</varname> - has been changed from a 32-bit value to a 64-bit value. - - <note> - <para>Since this change is not backward-compatible, - any programs which were built on an older system using - a 32-bit <varname>time_t</varname> and - call system routines for handling - <varname>time_t</varname> values, will have to be recompiled. - More detailed information and notice on upgrading from - the source can be found in - <filename>/usr/src/UPDATING.64BTT</filename>.</para> - </note> - </para> - - <para arch="i386">It is now possible to compile the &os;/i386 - kernel with the Intel C/C++ Compiler (as in the <filename - role="package">lang/icc</filename> port).</para> - <sect3 id="boot"> <title>Boot Loader Changes</title> @@ -531,541 +132,29 @@ <sect3 id="proc"> <title>Hardware Support</title> - <para arch="i386">The &man.acpi.asus.4; driver has been added - to use ACPI-controlled hardware features, such as hot keys and - LEDs on ASUSTek laptops.</para> - - <para arch="i386">The &man.acpi.panasonic.4; driver has been added - to support hot keys of Panasonic laptops. It now supports - Let's note (or Toughbook, outside Japan) CF-R1N, CF-R2A, and - CF-R3.</para> - - <para arch="i386">The &man.acpi.toshiba.4; driver has been added - to use Toshiba's Hardware Control Interface to manipulate - certain hardware features on Toshiba laptops, such as - video output switching.</para> - - <para>The &man.acpi.video.4; driver has been added to provide - control display switching and backlight brightness using the - ACPI Video Extensions.</para> - - <para arch="i386">The &man.acpi.4; driver now supports - per-device sysctls (<varname>dev.root0.nexus0.acpi0.acpi_lid0.wake</varname>, - for instance) to allow users to set whether or not a given - device can wake the system.</para> - - <para arch="i386">The &man.acpi.4; driver will now - be disabled automatically when the machine has a well-known broken BIOS. - This behavior can be overridden by setting the loader tunable - <varname>hint.acpi.0.disabled</varname> to <literal>0</literal>.</para> - - <para arch="amd64">The &man.agp.4; driver now supports the AMD64 graphics - aperture relocation table (GART).</para> - - <para arch="i386">The &man.ctau.4; driver has been added for Cronyx Tau - synchronous serial adapters. This driver was known for a long time as - <quote>ct</quote> in its previous life outside the &os; source tree. &merged; - - <note> - <para>The driver name has changed, but the network interface still - has the <devicename>ct</devicename> name.</para> - </note> - </para> - - <para arch="i386,pc98">The &man.cp.4; driver has been added for Cronyx Tau-PCI - synchronous serial adapters.</para> - - <para arch="i386,pc98">The <devicename>dgb</devicename> - (DigiBoard intelligent serial card) driver has been - removed due to breakage. Its replacement is the &man.digi.4; driver, - which supports all the hardware of the <devicename>dgb</devicename> - driver.</para> - - <para>The &man.nmdm.4; driver has been rewritten to improve its reliability.</para> - - <para>The <devicename>raid(4)</devicename> driver - (RAIDframe disk driver from NetBSD) has been removed. - It is currently non-functional, and would require some amount of work - to make it work under the &man.geom.4; API in 5-CURRENT.</para> - - <para>An entry of the &man.pcic.4; driver has been removed from a - kernel configuration file for <filename>GENERIC</filename> kernel because - this is no longer maintained. The entry had actually - been commented out for a long time.</para> - - <para arch="i386">The &man.psm.4; driver and &man.moused.8; - now support the Synaptics TouchPad.</para> - - <para arch="i386">The entropy device &man.random.4; now - supports a hardware random number generator (RNG) - in the VIA C3 Nehemiah (Stepping 3 and above) CPU.</para> - - <para arch="sparc64">The &man.sab.4; driver now supports the - <literal>BREAK_TO_DEBUGGER</literal> kernel option.</para> - - <para arch="i386,pc98">The <devicename>sx</devicename> driver, - which supports Specialix I/O8+ and I/O4+ - intelligent multiport serial controllers, has been added.</para> - - <para arch="alpha,amd64,i386">For the &man.uart.4; device, - the <varname>hw.uart.console</varname> and - <varname>hw.uart.dbgport</varname> kernel environment variables - have been added. They can be used to select a serial console and - debug port respectively, as well as the attributes.</para> - - <para>The &man.ubser.4; device driver has been added to support - BWCT console management serial adapters.</para> - - <para>&man.ucycom.4; driver has been added for - the Cypress CY7C637xx and CY7C640/1xx families of USB to RS232 bridges, - such as the one found in the DeLorme Earthmate USB GPS - receiver (which is the only device currently supported by this driver). - This driver is not complete because there is no support yet for flow - control and output.</para> - - <para arch="i386">Several old drivers for ISA cards have been removed, - including - the <devicename>asc</devicename> driver for GI1904-based hand scanners, - the <devicename>ctx</devicename> driver for CORTEX-I Frame Grabber, - the <devicename>gp</devicename> driver for National Instruments AT-GPIB and AT-GPIB/TNT boards, - the <devicename>gsc</devicename> driver for the Genius GS-4500 hand scanner, - the <devicename>le</devicename> driver for DEC EtherWORKS II and III Ethernet controllers, - the <devicename>rdp</devicename> driver for RealTek RTL 8002-based pocket Ethernet adapters, - the <devicename>spigot</devicename> driver for the Creative Labs Video Spigot video-acquisition board, - the <devicename>stl</devicename> and - <devicename>stli</devicename> drivers for Stallion Technologies multiport serial - controllers, and the <devicename>wt</devicename> driver for Archive/Wangtek cartridge tapes. - They are currently non-functional, and would require a considerable - amount of work to make them work under the new API in 5-CURRENT. - The userland support such as related ioctls and utilities including - <devicename>sasc</devicename> and <devicename>sgsc</devicename> - has also been removed.</para> - - <para>The device driver infrastructure (as well as many drivers) - have been updated. Among the changes: Many more drivers now use - automatically-assigned major numbers (instead of the old static - major numbers). Enhanced functions to support cloning of - pseudo-devices. Several changes to the driver API, including a - new <varname>d_version</varname> field in <varname>struct - cdevsw</varname>. Note that third-party device drivers will - require recompiling after this change.</para> - <sect4 id="mm"> <title>Multimedia Support</title> - <para>The <devicename>meteor</devicename> (video capture) - driver has been removed due to - breakage and lack of maintainership.</para> - - <para>The Direct Rendering Manager (DRM) code has been updated - from the DRI Project CVS tree as of 26 May, 2004. This update - includes new PCI IDs and a new packet for Radeon.</para> - - <para>The drivers for various sound cards has been reorganized; - <literal>device sound</literal> is the generic sound driver, - and <literal>device snd_*</literal> are device-specific sound drivers now. - The <devicename>midi</devicename> driver, which supports serial port - and several sound cards, has been removed. - More details can be found in related manual pages: - &man.sound.4;, &man.snd.ad1816.4;, &man.snd.als4000.4;, &man.snd.cmi.4;, - &man.snd.cs4281.4;, &man.snd.csa.4;, &man.snd.ds1.4;, &man.snd.emu10k1.4;, - &man.snd.es137x.4;, &man.snd.gusc.4;, &man.snd.maestro3.4;, - &man.snd.sbc.4;, &man.snd.solo.4;, and &man.snd.uaudio.4;.</para> - - <para>The &man.sound.4; (formerly &man.pcm.4;) driver has been modified to read - <filename>/boot/device.hints</filename> on startup, to allow setting - of default values for mixer channels. - Note that currently the device driver's name used in - <filename>/boot/device.hints</filename> is still <literal>pcm</literal>. - More detailed information and examples can be found in the &man.sound.4; - manual page.</para> + <para></para> </sect4> <sect4 id="net-if"> <title>Network Interface Support</title> - <para arch="i386">The &man.arl.4; driver, which supports - Aironet Arlan 655 wireless adapters has been added. &merged;</para> - - <para arch="sparc64">The &man.dc.4; driver now supports sparc64 - Davicom cards that store their MAC address in - Open Firmware.</para> - - <para>A short hiccup in the &man.em.4; driver during parameter - reconfiguration, has been fixed. &merged;</para> - - <para>The &man.fwip.4; driver, which supports IP over FireWire has been added. - Note that currently the broadcast channel number is hardwired and - MCAP for multicast channel allocation is not supported. - This driver is intended to conform to the RFC 2734 and RFC 3146 - standard for IP over FireWire and eventually replace - the &man.fwe.4; driver.</para> - - <para>&man.fxp.4; now uses the device sysctl tree such as - <varname>dev.fxp0</varname>, and those sysctls can be set - on a per-device basis.</para> - - <para>&man.fxp.4; now provides actual control over its capability - to receive extended Ethernet frames, indicated by the - <literal>VLAN_MTU</literal> interface capability. - It can be toggled from userland with the aid of the - <option>vlanmtu</option> and <option>-vlanmtu</option> options - to &man.ifconfig.8;.</para> - - <para arch="i386,pc98">The <devicename>hea</devicename> - (Efficient Networks, Inc. ENI-155p ATM adapter) - driver has been removed due to breakage. Its functionality - has been subsumed into the &man.en.4; driver.</para> - - <para>The &man.hme.4; driver now natively supports - long frames, so it can be used for &man.vlan.4; with full Ethernet - MTU size.</para> - - <para>The &man.hme.4; driver now supports - TCP/UDP Transmit/Receive checksum offload. - Since &man.hme.4; does not compensate the checksum - for UDP datagram which can yield to <literal>0x0</literal>, - UDP transmit checksum offload is disabled by default. - This can be reactivated by setting the special link - option <option>link0</option> with &man.ifconfig.8;.</para> - - <para>The &man.ixgb.4; driver, which supports - Intel PRO/10GBE 10 Gigabit Ethernet cards, has been - added. &merged;</para> - - <para arch="i386">The <devicename>lmc</devicename> - (LAN Media Corp. PCI WAN adapter) driver has been - removed due to breakage and lack of maintainership.</para> - - <para arch="i386">The <devicename>loran</devicename> - (Loran-C receiver) driver has been removed due to - breakage and lack of maintainership.</para> - - <para arch="i386">&os; now provides a binary compatibility layer - for using µsoft.windows; NDIS drivers for network - adapters under &os;/i386. It includes a relocator/linker for - &windows; <filename>.SYS</filename> files to interface with - the &os; kernel and emulates various parts of the NDIS API - using native &os; kernel functions. This system supports PCI - (&man.pci.4;) and CardBus (&man.cardbus.4;) network devices, - and is designed principally for - Ethernet and wireless network interfaces. - For more information, see the &man.ndis.4; and - &man.ndiscvt.8; manual pages.</para> - - <para>A bug that prevents VLAN support in the &man.nge.4; driver - from working has been fixed. &merged;</para> - - <para>Several bugs related to &man.polling.4; support - in the &man.rl.4; driver have been fixed. &merged;</para> - - <para>Several bugs related to multicast and promiscuous mode - handling in the &man.sk.4; driver have been fixed.</para> - - <para>The &man.ste.4; driver now supports &man.polling.4;. - &merged;</para> - - <para>The &man.udav.4; driver has been added. It provides - support for USB Ethernet adapters based on the Davicom DM9601 - chipset.</para> - - <para>&man.vge.4; driver, which supports - the VIA Networking Technologies - VT6122 Gigabit Ethernet chip and integrated 10/100/1000 copper PHY, - has been added.</para> - - <para>The &man.vr.4; driver now supports &man.polling.4;. &merged;</para> - - <para>The hardware TX checksum support in the &man.xl.4; driver - has been disabled as it does not work correctly and slows down - the transmission rate. &merged;</para> - - <para>Interface &man.polling.4; support - can now be enabled on a per-interface basis. The following network drivers - support &man.polling.4;: &man.dc.4;, &man.fxp.4;, &man.em.4;, &man.ixgb.4;, - &man.nge.4;, &man.re.4;, &man.rl.4;, &man.sis.4;, &man.ste.4;, &man.vge.4;, - and &man.vr.4;. And they now also support this capability and it can - be controlled - via &man.ifconfig.8; except for &man.ixgb.4;. &merged;</para> + <para></para> </sect4> </sect3> <sect3 id="net-proto"> <title>Network Protocols</title> - <para>The &man.gre.4; tunnel driver now supports WCCP version - 2.</para> - - <para>&man.ipfw.4; rules now support the <literal>versrcreach</literal> - option to verify that a valid route to the source address - of a packet exists in the routing table. - This option is very useful for routers with a complete view of - the Internet (BGP) in the routing table to reject packets with - spoofed or unroutable source addresses. For example, - - <programlisting>deny ip from any to any not versrcreach</programlisting> - - is equivalent to the following in Cisco IOS syntax: - - <programlisting>ip verify unicast source reachable-via any</programlisting> - </para> - - <para>&man.ipfw.4; rules now support the <literal>antispoof</literal> - option to verify if incoming packet's source address belongs to - a directly connected network. If the network is directly - connected, then the interface the packet came on in is compared to - the interface the network is connected to. When incoming interface - and directly connected interface are not the same, the packet does - not match. For example: - - <programlisting>deny ip from any to any not antispoof in</programlisting> - </para> - - <para>&man.ipfw.4; rules now support the <literal>jail</literal> - option to associate the rule with a specific prison ID. - For example: - - <programlisting>count ip from any to any jail 2</programlisting> - - Note that this rule currently applies for TCP and UDP packets only. - </para> - - <para>&man.ipfw.4; now supports lookup tables. This feature is - useful for handling large sparse address sets. &merged;</para> - - <para>The &man.ipfw.4; <literal>forward</literal> rule has to be compiled - into the kernel with a kernel option <literal>IPFIREWALL_FORWARD</literal> - to enable it.</para> - - <para>A new sysctl <varname>net.inet.ip.process_options</varname> - to control the processing of IP options. When this sysctl - is set to <literal>0</literal> IP options are ignored and passed unmodified, - set to <literal>1</literal> all IP options are processed (default), - and set to <literal>2</literal> all packets with - IP options are rejected with an ICMP filter prohibited message, - respectively.</para> - - <para>Some bugs in the IPsec implementation from the KAME - Project have been fixed. These bugs were related to freeing - memory objects before all references to them were removed, and - could cause erratic behavior or kernel panics after flushing - the Security Policy Database (SPD).</para> - - <para>&man.natd.8; now supports multiple instances via - a new option <option>globalports</option>. - This allows &man.natd.8; to be bound to - different network interfaces and sharing of load.</para> - - <para>The &man.ng.atmllc.4; Netgraph node type, which handles - RFC 1483 ATM LLC encapsulation, has been added.</para> - - <para>The &man.ng.hub.4; Netgraph node type, which supports - a simple packet distribution that acts like an Ethernet hub, - has been added. &merged;</para> - - <para>The &man.ng.rfc1490.4; Netgraph node type now supports - Cisco style encapsulation, which is often used alongside - RFC 1490 in frame relay links.</para> - - <para>The &man.ng.sppp.4; Netgraph node type, which is a &man.netgraph.4 - interface to the original &man.sppp.4 network module for synchronous - lines, has been added.</para> - - <para>A new Netgraph method has been added to restore some - behavior lost in the change from 4.<replaceable>X</replaceable> style &man.ng.tee.4; - Netgraph nodes.</para> - - <para>The &man.ng.vlan.4; Netgraph node type, which supports - IEEE 802.1Q VLAN tagging, has been added. &merged;</para> - - <para><literal>PFIL_HOOKS</literal> support is now always - compiled into the kernel, and the associated kernel compile - options have been removed. All of the packet filter subsystems - that &os; supports now use the <literal>PFIL_HOOKS</literal> - framework.</para> - - <para>The link state change notification of Ethernet media - support has been added to the routing socket.</para> - - <para>Link Quality Monitoring (LQM) support in &man.ppp.8; - has been reimplemented. LQM, which is described - in RFC 1989, allows PPP to keep track of the quality - of a running connection. &merged;</para> - - <para>The pseudo-interface cloning has been updated and - the match function to allow creation of &man.stf.4; - interfaces named <devicename>stf0</devicename>, - <devicename>stf</devicename>, or <devicename>6to4</devicename>. - Note that this breaks backward compatibility; for example, - <command>ifconfig stf</command> now creates - the interface named <devicename>stf</devicename>, - not <devicename>stf0</devicename>, and does not print - <devicename>stf0</devicename> to stdout.</para> - - <para>The following TCP features are now enabled by default: RFC - 3042 (Limited Retransmit), RFC 3390 (increased initial - congestion window sizes), TCP bandwidth-delay product - limiting. A set of sysctls <varname>net.inet.tcp.rfc3042</varname>, - <varname>net.inet.tcp.rfc3390</varname>, and - <varname>net.inet.tcp.inflight.enable</varname> - for these features are available. - More information can be found in &man.tcp.4;.</para> - - <para>&os;'s TCP implementation now includes support for a - minimum MSS (settable via the - <varname>net.inet.tcp.minmss</varname> sysctl variable) and a - rate limit on connections that send many small TCP segments - within a short period of time (via the - <varname>net.inet.tcp.minmssoverload</varname> sysctl - variable). Connections exceeding this limit may be reset and - dropped. This feature provides protection against a class of - resource exhaustion attacks.</para> - - <para>The TCP implementation now includes partial (output-only) - support for RFC 2385 (TCP-MD5) digest support. This feature, - enabled with the <literal>TCP_SIGNATURE</literal> and - <literal>FAST_IPSEC</literal> kernel options, is a TCP option - for authenticating TCP sessions. &man.setkey.8; now includes - support for the TCP-MD5 class of security associations. - &merged;</para> - - <para>The TCP connection reset handling has been improved to - make several reset attacks as difficult as possible while - maintaining compatibility with the widest range of TCP stacks.</para> - - <para>The implementation of RFC 1948 has been improved. - The time offset component of an Initial Sequence Number (ISN) - now includes random positive - increments between clock ticks so that ISNs will always - be increasing, no matter how quickly the port is recycled.</para> - - <para>The random ephemeral port allocation, which come from OpenBSD - has been implemented. This is enabled by default and can be disabled - by using the <varname>net.inet.ip.portrange.randomized</varname> - sysctl. &merged;</para> - - <para>TCP Selective Acknowledgements (SACK) as described in RFC - 2018 have been added. This improves TCP performance over - connections with heavy packet loss. SACK can be enabled with - the sysctl <varname>net.inet.tcp.sack.enable</varname>.</para> + <para></para> </sect3> <sect3 id="disks"> <title>Disks and Storage</title> - <para>The &man.ata.4; driver now supports &man.cardbus.4; ATA/SATA - controllers.</para> - - <para>A number of bugs in the &man.ata.4; driver have been - fixed. Most notably, master/slave device detection should - work better, and some problems with timeouts should be - resolved.</para> - - <para>The &man.ata.4; driver now supports the Promise command - sequencer present on all modern Promise controllers - (PDC203** PDC206**). - - <note> - <para>This also adds preliminary support for the - Promise SX4/SX4000 as a <quote>normal</quote> Promise ATA - controller; ATA RAID's are supported though - but only RAID0, RAID1 and RAID0+1.</para> - </note> - </para> - - <para>The <literal>DA_OLD_QUIRKS</literal> kernel option, - which is for the CAM SCSI disk driver (&man.cam.4;), - has been removed. &merged;</para> - - <para arch="pc98">A bug of the automatic density selection code - in the &man.fd.4; driver has been fixed.</para> - - <para>A bug in &man.geom.4; that could result in I/O hangs in some rare - cases has been fixed.</para> - - <para>A new <literal>GEOM_CONCAT</literal> - &man.geom.4; class has been added to concatenate - multiple disks to appear as a single larger disk.</para> - - <para>A new <literal>GEOM_NOP</literal> &man.geom.4; class for various - testing purposes has been added.</para> - - <para>A new <literal>GEOM_RAID3</literal> &man.geom.4; class for - RAID3 transformation and &man.graid3.8; userland utility - have been added.</para> - - <para>A new <literal>GEOM_STRIPE</literal> - &man.geom.4; class which implements RAID0 transformation has been added. - This class has two modes: <quote>fast</quote> and - <quote>economic</quote>. In fast mode, - when very small stripe size is used, only one I/O request - will be sent to every disk in a stripe; it performs about 10 - times faster for small stripe sizes than economic - mode and other RAID0 implementations. - While fast mode is used by default, - it consumes more memory than - economic mode, which sends requests each time. - Economic mode can be enabled by setting a loader tunable - <varname>kern.geom.stripe.fast</varname> to 0. - It is also possible to specify the maximum memory - that fast mode can consume, - by setting the loader tunable - <varname>kern.geom.stripe.maxmem</varname>.</para> - - <para>GEOM Gate, which consists of a new <literal>GEOM_GATE</literal> - &man.geom.4; class and several GEOM Gate userland utilities - (&man.ggatel.8;, &man.ggatec.8;, - and &man.ggated.8;) has been added. It supports exporting - devices, including non &man.geom.4;-aware devices, - through the network.</para> - - <para>A new <literal>GEOM_LABEL</literal> - &man.geom.4; class to detect volume labels on various file systems, - such as UFS, MSDOSFS (FAT12, FAT16, FAT32), and ISO9660, - has been added.</para> - - <para>A new <literal>GEOM_GPT</literal> &man.geom.4; class, - which supports GUID Partition Table (GPT) partitions - and the ability to have a large - number of partitions on a single disk, has been added into - <filename>GENERIC</filename> by default.</para> - - <para>A new <literal>GEOM_MIRROR</literal> &man.geom.4; class to support - which supports RAID1 functionality, has been added. - The &man.gmirror.8; utility can be used for control - of this class.</para> - - <para>A new <literal>GEOM_UZIP</literal> &man.geom.4; class to implement - read-only compressed disks has been added. - This currently supports cloop V2.0 disk compression format.</para> - - <para>A new <literal>GEOM_VINUM</literal> &man.geom.4; class to support - cooperation between &man.vinum.4; and &man.geom.4; - has been added.</para> - - <para>The &man.ips.4; driver now supports the recent - Adaptec ServeRAID series SCSI controller cards.</para> - - <para arch="sparc64">A bug in the &man.isp.4; driver - which prevents the cards on SBus from working correctly, - has been fixed.</para> - - <para arch="i386">The &man.twa.4; driver, which supports - 3ware's 9000 series PATA/SATA RAID controllers has been added. &merged;</para> - - <para>The &man.umass.4; driver now supports the missing - ATAPI MMC commands and handles the timeout properly. &merged;</para> - - <para>The &man.vinum.4; volume manager, has been updated to use - &man.geom.4;, the 5.x disk I/O request transformation framework. - A <command>gvinum</command> userland utility has been added.</para> - - <para arch="sparc64">The &man.esp.4; device driver has been - ported from NetBSD to support the SBus SCSI card in Sun Ultra - 1e and 2 machines.</para> - - <para>Support for LSI-type software RAID has been added.</para> - + <para></para> </sect3> <sect3 id="fs"> @@ -1073,854 +162,46 @@ <para>The autofs(9) file system and the userland library &man.libautofs.3; have been added.</para> - - <para>The EXT2FS file system code now includes partial support - for large (> 4GB) files. This support is partial in that - it will refuse to create large files on file systems that have - not been upgraded to <literal>EXT2_DYN_REV</literal> or that - do not have the - <literal>EXT2_FEATURE_RO_COMPAT_LARGE_FILE</literal> flag set - in the superblock.</para> - - <para>A panic in the NFSv4 client has been fixed; this occurred - when attempting operations against an NFSv3/NFSv2-only - server.</para> - - <para>The <literal>MSDOSFS_LARGE</literal> kernel option - has been added to support FAT32 file systems bigger - than 128GB. This option is disabled by default. It - uses at least 32 bytes of kernel memory for - each file on disk; furthermore it is only safe to use in certain - controlled situations, such as read-only mount - with less than 1 million files and so on. - Exporting these large file systems - over NFS is not supported.</para> - - <para>The SMBFS client now has support for SMB request signing, - which prevents <quote>man in the middle</quote> attacks and is - required in order to connect to Windows 2003 servers in their - default configuration. As signing each message imposes a - significant performance penalty, this feature is only enabled - if the server requires it; this may eventually become an - option to &man.mount.smbfs.8;.</para> </sect3> <sect3> <title>Contributed Software</title> - <para>The <application>ALTQ framework</application> - has been imported from a KAME snapshot as of 7 June, 2004. - This import breaks ABI compatibility of - <varname>struct ifnet</varname> and requires all network - drives to be recompiled. - Additionally some of the networking drivers have been - modified to support the ALTQ framework. - Updated drivers are &man.bfe.4;, &man.em.4;, &man.fxp.4;, - &man.em.4;, &man.lnc.4;, &man.tun.4;, &man.de.4;, - &man.rl.4;, &man.sis.4;, and &man.xl.4;.</para> - - <para><application>IPFilter</application> has been updated - from version 3.4.31 to version 3.4.35 &merged;.</para> - - <para arch="ia64">An ia64 stack unwinder, - <application>Unwind Express (libuwx)</application> - by Hewlett-Packard has been imported for use in the kernel.</para> + <para></para> </sect3> </sect2> <sect2 id="userland"> <title>Userland Changes</title> - <para>&man.acpidump.8; now supports SSDT tables. Dumping or - disassembling the DSDT will now include the contents if - there are any SSDT table as well.</para> - - <para>&man.bsdlabel.8; now supports a <option>-f</option> option - to work on files instead of disk partitions.</para> - - <para>&man.bsdtar.1; is now the default &man.tar.1; utility in the &os; - base system. <filename>/usr/bin/tar</filename> - has been a symlink pointing to - <filename>/usr/bin/bsdtar</filename> by default. - To return to using <filename>/usr/bin/gtar</filename> by - default, the <varname>WITH_GTAR</varname> - make variable can be used.</para> - - <para>The <command>bthidcontrol</command> and - <command>bthidd</command> commands, which support Bluetooth - HIDs (Human Interface Devices), have been added.</para> - - <para>&man.col.1;, &man.colcrt.1;, &man.colrm.1;, - &man.column.1;, &man.fmt.1;, &man.join.1;, &man.rev.1;, - &man.tr.1;, and &man.ul.1; now support multibyte characters.</para> - - <para>&man.conscontrol.8; now supports - <literal>set</literal> and <literal>unset</literal> - commands which set/unset the virtual console. - <literal>unset</literal> makes outputs from the system, such as - the kernel &man.printf.9;, always go out to the real - main console. This is an interface to the tty ioctl - <literal>TIOCCONS</literal>.</para> - - <para>The &man.cron.8 daemon now accepts two new options, - <option>-j</option> and <option>-J</option>, to enable - time jitter for jobs to run as unprivileged users and the - superuser, respectively. Time jitter means that &man.cron.8 - will sleep for a small random period of time in the specified - range before executing a job. This feature is intended to - smooth load peaks appearing when a lot of jobs are scheduled - for a particular moment. &merged;</para> - - <para>A bug that prevents &man.crontab.1 with the <option>-e</option> - option from properly prompting the user to re-edit the entries written in - the incorrect format, has been fixed.</para> - - <para>&man.cut.1; <option>-c</option>, - <option>-d</option>, and <option>-f</option> - now work correctly in locales with multibyte characters.</para> - - <para>&man.cvs.1; now supports <option>iso8601</option> - option keyword to print dates in ISO 8601 format.</para> - - <para>&man.daemon.8; now supports a <option>-p</option> - option to create a PID file.</para> - - <para>&man.dd.1; now supports a <option>fillchar</option> option - to specify an alternative padding character when using a conversion - mode, or when using <option>noerror</option> with - <option>sync</option> and an input error occurs.</para> - - <para>&man.df.1; now supports a <option>-c</option> option to display - a grand total of statistics for file systems.</para> - - <para>A bug in &man.df.1;, which can print invalid information - when a <option>-t</option> option is specified and - a mount point is not accessible by the calling user, - has been fixed.</para> - - <para>The <command>doscmd</command> utility has been - removed from the &os; base system. It is now available - via the <filename role="package">emulators/doscmd</filename> - port in the &os; Ports Collection.</para> - - <para>&man.dump.8; and &man.restore.8; now support - a <option>-P</option> option to specify backup methods - other than files and tapes. The argument is passed to - a normal &man.sh.1; pipeline with either the - <varname>$DUMP_VOLUME</varname> or <varname>$RESTORE_VOLUME</varname> - environment variable defined, respectively. - For more information, see &man.dump.8; and &man.restore.8;.</para> - - <para>The &man.eeprom.8; utility to display and - modify system configurations stored in EEPROM or NVRAM - has been added. The current implementation supports - systems equipped with Open Firmware.</para> - - <para arch="pc98">The &man.fdcontrol.8;, &man.fdformat.1;, and - &man.fdread.1; utilities now work on &os;/pc98.</para> - - <para>&man.fgetwln.3; function, a wide character version of - &man.fgetln.3; has been added.</para> - - <para>The &man.find.1; utility now supports a <option>-acl</option> - primary to locate files with &man.acl.3;.</para> - - <para>The &man.find.1; utility now supports a new primary - <option>-depth <replaceable>n</replaceable></option> - which tests whether the depth of the current file relative - to the starting point of the traversal is <replaceable>n</replaceable>. - &merged;</para> - - <para>&man.ftpd.8; now opens a socket for a data transfer - in active mode using effective UID of the current user, - not <username>root</username>. This is useful for matching anonymous FTP data - traffic with a single &man.ipfw.8; rule with <literal>uid</literal>.</para> - - <para>The &man.ftw.3; and &man.nftw.3; functions have been implemented. - These are used to traverse a directory hierarchy.</para> - - <para>The &man.geom.8; utility for operating on &man.geom.4; classes - from the userland has been added.</para> - - <para>&man.gpt.8;, a GUID partition table maintenance utility, - now supports a <option>remove</option> command. Its - <option>add</option> command now supports a <option>-i</option> option, - which allows the user to specify - the partition number of a new partition.</para> - - <para>The &man.id.1; now supports a <option>-M</option> option - to print the MAC label of the current process.</para> - - <para>&man.ifconfig.8; now supports renaming of network interfaces - at run-time using the <option>name</option> parameter.</para> - - <para>&man.ifconfig.8; now prints the &man.polling.4; status - on the interface. &merged;</para> - - <para>&man.ifconfig.8; now provides the - <option>vlanmtu</option> and <option>-vlanmtu</option> options, - which control the capability of some Ethernet interfaces - to receive extended frames (i.e. frames containing more than - 1500 bytes of payload).</para> - - <para>&man.ifconfig.8; now provides the - <option>vlanhwtag</option> and <option>-vlanhwtag</option> options, - which control the capability of some Ethernet interfaces - to process VLAN tags in the hardware.</para> - - <para>&man.indent.1; now supports a <option>-ldi</option> option - to control indentation of local variables. A number of other - tunings were made to this utility.</para> - - <para>&man.indent.1; now supports <option>-fbs</option> and - <option>-ut</option> for function declarations - with the opening brace on the same line as the declaration - of arguments all spaces and no tabs in order - to fix problem when non-8 space tabs are used.</para> - - <para>&man.ip6fw.8; now supports a <option>-n</option> flag to - stop it from making any changes to the rules in the kernel</para> - - <para>&man.ipcs.1; now supports a <option>-u</option> option to - display information about IPC mechanisms owned by the specified - user.</para> - - <para>&man.ipfw.8; now supports a <option>-b</option> flag to - print only the action and comment for each rule, thus omitting - the rule body.</para> - - <para>&man.jail.8; now supports a <option>-U</option> option to - run command as a user which exists only in the &man.jail.2; - environment.</para> - - <para>&man.jail.8; now supports a <option>-l</option> option to - clean the environment. All environment variables are discarded - except for <varname>HOME</varname>, <varname>SHELL</varname>, - <varname>PATH</varname>, <varname>TERM</varname>, and - <varname>USER</varname> before running the jailed program under - specific user's credentials. This behavior is similar to that - provided by the &man.su.1; <option>-l</option> - option.</para> - - <para>&man.kgdb.1;, a kernel debugging utility which uses - <application>libgdb</application> - and understands kernel threads, kernel modules, and &man.kvm.3;, - has been added.</para> - - <para>&man.killall.1; now supports a <option>-e</option> flag to - make the <option>-u</option> operate on effective, rather than - real, user IDs. &merged;</para> - - <para>&man.libalias.3; now has support (and a new API) for - multiple aliasing instances in a single process. The existing - API has been reimplemented in terms of the new one to preserve - compatibility.</para> - - <para>A <application>libarchive</application> library for manipulation - of compressed and uncompressed archive files has been - added. More details can be found in &man.libarchive.3;.</para> - - <para arch="pc98"><application>libdisk</application> now uses the - correct PC98 disk partition value for &os;. This permits the - &man.sysinstall.8; disk partition editor to correctly create a - single &os; partition covering the entire disk. &merged;</para> - - <para><application>libdisk</application> now uses - <varname>d_addr_t</varname> for disk addresses. - This allows &man.sysinstall.8; to properly handle disks - and file systems more than 1 TB.</para> - - <para arch="i386,pc98,amd64,ia64">The library formerly known as - <application>libkse</application> has been renamed - <application>libpthread</application> and is now the default threading - library on the i386, amd64, and ia64 platforms. - <application>GCC</application>'s <option>-pthread</option> - option has been changed to use <application>libpthread</application> - rather than <application>libc_r</application>. - - <note> - <para>Users with older binaries (for example, ports compiled - before this change was made) should use &man.libmap.conf.5; - to map <application>libc_r</application> and/or - <application>libkse</application> to - <application>libpthread</application>.</para> - </note> - - <note> - <para>Users with NVIDIA-supplied drivers and libraries may - need to use a &man.libmap.conf.5; that maps - <application>libpthread</application> references to the older - <application>libc_r</application> since these drivers and - utilities do not work with - <application>libpthread</application>.</para> - </note> - </para> - - <para><application>libpthread</application> now supports - a <varname>LIBPTHREAD_SYSTEM_SCOPE</varname> environment - variable to force 1:1 mode (using system scope threads). Note that - building <application>libpthread</application> with - <option>-DSYSTEM_SCOPE_ONLY</option> flag also forces 1:1 mode, - and that this option is set by default for architectures that do not - support M:N mode yet. - In addition, a <varname>LIBPTHREAD_PROCESS_SCOPE</varname> environment - variable can be used to force M:N mode (using process scope - threads). For example:</para> - - <screen>&prompt.user; <userinput>LIBPTHREAD_SYSTEM_SCOPE=yes <replaceable>threaded_app</replaceable></userinput></screen> - - <para>forces the application <replaceable>threaded_app</replaceable> to use - system scope threads, and</para> - - <screen>&prompt.user; <userinput>LIBPTHREAD_PROCESS_SCOPE=yes <replaceable>threaded_app</replaceable></userinput></screen> - - <para>forces it to use process scope threads, respectively.</para> - - <para>A bug in the <option>-d</option> option of &man.look.1; - has been fixed. Also, &man.look.1; now works correctly in - locales with multibyte characters.</para> - - <para>&man.ls.1; now treat filenames as multibyte character strings - according to the current <varname>LC_CTYPE</varname> - when determining which characters are printable.</para> - - <para>&man.make.1; now supports the new <literal>.warning</literal> - directive.</para> - - <para>&man.make.1; now supports the POSIX-compatible - <literal>+</literal> flag in <filename>Makefile</filename> command lines, - which causes a line to be executed even when <option>-n</option> - is specified. This is useful for calls to submakes, for example.</para> - - <para>&man.make.1; now puts variable assignments from - the command line into the <varname>MAKEFLAGS</varname> - variable as required by POSIX. This causes such variables - to be pushed into all sub-makes called by the &man.make.1; - (except when the <varname>MAKEFLAGS</varname> - variable is explicitly changed in the sub-make's environment). - This makes them also mostly un-overrideable - in sub-makes except on the sub-make's command line.</para> - <para arch="i386">The &man.mkuzip.8;, which is a non-GPL utility to compress file system images for use with <literal>GEOM_UZIP</literal> &man.geom.4; module, has been added.</para> - <para>The &man.nearbyint.3; and - &man.nearbyintf.3; C99 functions - have been implemented.</para> - - <para>The <filename>tgmath.h</filename> C99 header has - been implemented. This provides - type-generic macros for the <filename>math.h</filename> - and <filename>complex.h</filename> functions that have - float, double and long double implementations.</para> - - <para>The GNU extensions of &man.mbsnrtowcs.3; - and &man.wcsnrtombs.3; have been implemented.</para> - - <para>&man.newsyslog.8; now allows the users to set - a debugging option via the <filename>newsyslog.conf</filename> - file.</para> - - <para>&man.newsyslog.8; now uses a new order when processing - files to rotate. It first rotates all files that need - to be rotated, then sends a single signal to each process - which needs to be signaled, and finally compresses - all the files that were rotated.</para> - - <para>A &man.nextwctype.3; function to iterate over all characters - in a particular character class - has been added.</para> - - <para>Initial support for UTF-8 versions of all the currently - supported system locales has been added. This is primarily - for the benefit of the <filename role="package">misc/utf8locale</filename> - port.</para> - - <para>An Israel Hebrew locale <literal>he_IL.UTF-8</literal> - has been added.</para> - - <para>The &man.logins.1; utility has been added to display - information about user and system accounts.</para> - - <para>&man.mountd.8; now supports the <option>-p</option> option, - which allows users to specify a known port for use - in firewall rulesets.</para> - - <para>&man.netstat.1; now displays the multicast group - memberships present in the system.</para> - - <para>&man.newfs.8; and &man.mdmfs.8; now support a - <option>-l</option> flag to enable them to set the MAC - multilabel flag on new file systems without requiring the use of - &man.tunefs.8;.</para> - - <para>&man.nologin.8; now reports login attempts via - &man.syslogd.8;.</para> - - <para>&man.nologin.8; has been moved from <filename>/sbin/nologin</filename> - to <filename>/usr/sbin/nologin</filename>. - <filename>/sbin/nologin</filename> remains as a symbolic link - for backward compatibility.</para> - - <para>A bugfix has been applied to NSS support, which fixes - problems when using third-party NSS modules (such as <filename - role="package">net/nss_ldap</filename>) and groups with large - membership lists.</para> - - <para>&man.od.1; now has POSIX-style support for multibyte - characters.</para> - - <para>&man.patch.1; has been replaced with a BSD-licensed version - from OpenBSD. This includes a <option>--posix</option> option - for strict POSIX conformance.</para> - - <para>The &man.pgrep.1; and &man.pkill.1; commands, which come from NetBSD, - have been added. They also support a <option>-M</option> option - to extract values associated with the name list from the - specified core instead of the default <filename>/dev/kmem</filename>, - and a <option>-N</option> option to extract the name list from - the specified system instead of the default kernel.</para> - - <para>&man.ppp.8; now supports a <quote>set rad_alive - <replaceable>N</replaceable></quote> command - to enable periodic RADIUS accounting information - being sent to the RADIUS server. &merged;</para> - - <para>&man.ppp.8; now supports a - <quote>set pppoe [standard|3Com]</quote> command - to configure the operating mode of an underlying - &man.ng.pppoe.4; Netgraph node.</para> - - <para>&man.ps.1; compatibility with POSIX/SUSv3 has been improved. - The changes include <option>-p</option> for a list of process IDs, - <option>-t</option> for a list of terminal names, - <option>-A</option> which is equivalent to <option>-ax</option>, - <option>-G</option> for a list of group IDs, - <option>-X</option> which is the opposite of <option>-x</option>, - and some minor improvements. For more information, see &man.ps.1;. - &merged;</para> - - <para>&man.ps.1; now supports a <option>-O emul</option> - format option, which prints the name of the system call emulation - environment the process is in.</para> - - <para>&man.pw.8; now supports a <option>-H</option> option, which - accepts an encrypted password on a file descriptor. &merged;</para> - - <para>A bug in &man.rarpd.8; that prevents it from working properly - when a interface has more than one IP address has been fixed. - &merged;</para> - - <para>&man.regex.3; now supports regular expression matching aware - of multibyte characters.</para> - - <para>The configuration files used by the &man.resolver.3; now - support the <literal>timeout:</literal> and - <literal>attempts:</literal> keywords.</para> - - <para>The &man.resolver.3; and associated interfaces are now much - more reentrant and thread-safe. Multiple DNS lookups can now be - run at the same time, showing major improvements in the - performance of some multi-threaded applications. Some - multi-threaded programs need to be recompiled; examples from the - Ports Collection are <filename - role="package">www/mozilla</filename> and variants, <filename - role="package">mail/evolution</filename>, <filename - role="package">devel/gnomevfs</filename>, and <filename - role="package">devel/gnomevfs2</filename>.</para> - - <para>&man.rmdir.1; now supports a <option>-v</option> flag, - which makes it verbose.</para> - - <para>&man.savecore.8; now works correctly for dump files larger - than 2GB.</para> - - <para>A bug in &man.script.1; has been fixed so that it now works - correctly if the standard input is closed. This fix prevents a - potentially dangerous interaction with the <filename - role="package">sysutils/portupgrade</filename> package; if it was - run non-interactively, it could remove all out-of-date - ports without reinstalling them.</para> - - <para>The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon - has been added.</para> - - <para>&man.sed.1; <literal>y</literal> (translate) command - now supports multibyte characters.</para> - - <para>The &man.sha1.1; and &man.rmd160.1; utilities have been added. - Similar to &man.md5.1;, they calculate a message digest of their - inputs. - &merged;</para> - - <para>&man.smbmsg.8;, a small utility to send/receive SMBus messages, - has been added.</para> - - <para arch="sparc64">&man.sunlabel.8; now supports two new flags: - <option>-c</option> to calculate all partition sizes - in cylinders as opposed to sectors, and - <option>-h</option> to print the label in human readable - size/offset format.</para> - - <para>&man.talk.1; now use <hostid>localhost</hostid> - as a default machine name in &man.talkd.8; - request packets, when the destination and source are local. - This makes &man.talk.1; dependent on a valid host entry - for <hostid>localhost</hostid> in <filename>/etc/hosts</filename> - or the DNS.</para> - - <para>&man.tftpd.8; now supports two new options: - a <option>-w</option> option allows new files to be created, - and a <option>-U</option> option allows the umask to be set.</para> - - <para>&man.top.1; now supports to display the current amount - of I/O. This feature can be enabled by hitting <quote>m</quote> - or passing the command line option <option>-m io</option>.</para> - - <para arch="amd64">&man.truss.1; now includes early support - for &os;/amd64.</para> - - <para>Many userland utilities in the base system (mostly GNU - contributed utilities) now use the system version of - &man.getopt.long.3;, rather than the GNU version.</para> - <sect3 id="rc-scripts"> <title><filename>/etc/rc.d</filename> Scripts</title> - <para>The <filename>diskless</filename> script has been - split out into <filename>hostname</filename>, - <filename>resolve</filename>, <filename>tmp</filename>, and - <filename>var</filename> scripts.</para> - - <para>The <filename>gbde_swap</filename> script, which supports - gbde-enabled swap devices has been added. - When the <varname>gbde_swap_enable</varname> variable is specified - in &man.rc.conf.5;, a swap device named - <filename>/dev/<replaceable>foo.bde</replaceable></filename> - in &man.fstab.5; - is automatically attached at boot time with the device - <filename>/dev/<replaceable>foo</replaceable></filename> - and a random key, which - generated by computing the MD5 checksum of 512 bytes read - from <filename>/dev/random</filename>. - Note that this prevents recovery of kernel dumps.</para> - - <para>The <varname>ip6addrctl_enable</varname> and - <varname>ip6addrctl_verbose</varname> have been added. - When <varname>ip6addrctl_enable</varname> is set - to <literal>YES</literal>, - the address selection policy is installed into the kernel. - If there is <filename>/etc/ip6addrctl.conf</filename> - it will be used, otherwise a default policy will be installed. - The default policy is one described in RFC 3484 when - <varname>ipv6_enable</varname> is set to <literal>YES</literal>. - Otherwise, the priority policy for IPv4 address will be used - as a default policy.</para> - - <para>The <filename>mixer</filename> script has been added. - It saves the current settings of all audio mixers present - in the system on shutdown and restores the settings on boot.</para> - - <para>The <filename>named</filename> script has been updated to - support <application>BIND 9</application> in the base system. - The changes include:</para> - - <itemizedlist> - <listitem> - <para>&man.named.8; runs in a &man.chroot.2; directory - <filename>/var/named</filename> by default. - This behavior can be disabled by using the - <varname>named_chrootdir</varname> variable, - and the &man.chroot.2; directory can be changed by using the - <varname>named_chrootdir</varname> variable in - <filename>rc.conf</filename>, respectively.</para> - </listitem> - - <listitem> - <para>When the <varname>named_chroot_autoupdate</varname> - variable is set to <literal>YES</literal> (this is default), - the chroot directory is automatically configured at the boot time. - A symbolic link which points to - <filename>/var/named/etc/namedb</filename> is - created as <filename>/etc/namedb</filename>, - and a symbolic link which points to - <filename>/var/named/var/run/named/pid</filename> is - created as <filename>/var/run/named/pid</filename>. - The latter can be disabled by using the - <varname>named_symlink_enable</varname> variable in - <filename>rc.conf</filename>.</para> - </listitem> - - <listitem> - <para>The <filename>rndc.key</filename> file is - automatically created if it does not exist.</para> - </listitem> - </itemizedlist> - - <para>The <filename>pf</filename> and <filename>pflog</filename> - scripts for &man.pf.4; has been added.</para> + <para></para> </sect3> </sect2> <sect2 id="contrib"> <title>Contributed Software</title> - <para>The <application>ACPI-CA</application> code has been updated - from the 20030619 snapshot to the 20040527 snapshot.</para> - - <para>The <application>AMD (am-utils)</application> has been updated - from version 6.0.9 to version 6.0.10p1.</para> - - <para><application>awk</application> from Bell Labs has been - updated from the 29 July 2003 release to the 7 February 2004 - release.</para> - - <para><application>BIND</application> has been updated - from version 8.3.1-REL to version 9.3.0. &merged;</para> - - <para><application>Binutils</application> have been updated to - a 23 May 2004 snapshot from the FSF 2.15 branch.</para> - - <para><application>CVS</application> has been updated from - version 1.11.15 to version 1.11.17. &merged;</para> - - <para>The <application>FILE</application> has been - updated from version 3.41 to version 4.10.</para> - - <para><application>gdtoa</application> (a library that performs - conversions of numbers between binary and decimal form) has been - updated from version 20030324 to version 20040118.</para> - - <para><application>GDB</application> has been updated to version - 6.1.1.</para> - - <para><application>GNU GCC</application> has been updated from - 3.3.3-prerelease as of 6 November, 2003 to 3.4.2-prerelease as of 28 July, 2004.</para> - - <para><application>GNU grep</application> has been updated from - version 2.4d to version 2.5.1.</para> - - <para><application>less</application> has been updated from - version 371 to version 381.</para> - - <para><application>GNU readline</application> 4.3 has been updated - with official patches 001 through 005.</para> - - <para>The <application>GNU regex</application> library has been - updated to the version included with <application>GNU - grep</application> 2.5.1.</para> - - <para><application>GNU sort</application> has been updated from - textutils 2.1 to a coreutils snapshot as of 12 August, 2004.</para> - - <para>The <application>GNU tar</application> implementation in the - base system is now called <filename>gtar</filename>.</para> - - <para><application>Heimdal Kerberos</application> has been - updated from version 0.6 to version 0.6.1.</para> - - <para>The <application>ISC DHCP</application> client has been - updated from version 3.0.1 RC10 to version 3.0.1.</para> - - <para><application>libpcap</application> has been updated from - version 0.7.1 to version 0.8.3.</para> - - <para><application>lukemftpd</application> - has been updated from a snapshot as of - 3 November, 2003 to one as of 9 August, 2004.</para> - - <para><application>NTP</application> - has been updated from version 4.1.1a to version 4.2.0.</para> - - <para><application>OpenPAM</application> has been updated from the - Dogwood release to the Eelgrass release.</para> - - <para><application>OpenSSH</application> has been updated from - version 3.6.1p1 to version 3.8.1p1. - - <note> - <para>The configuration defaults for &man.sshd.8; have been - changed. SSH protocol version 1 is no longer enabled by - default. In addition, password authentication over SSH is - disabled by default if PAM is enabled.</para> - </note> - </para> - - <para><application>OpenSSL</application> has been updated from - version 0.9.7c to version 0.9.7d. &merged;</para> - - <para><application>OpenSSL</application> VIA C3 Nehemiah - PadLock ACE (Advanced Cryptography Engine) crypto support, - which provides Advanced Encryption Standard (AES) encryption, - has been imported from a prerelease version - of <application>OpenSSL</application>.</para> - - <para><application>pf</application>, OpenBSD's packet filter as of - OpenBSD 3.5-stable, has been imported into &os; source tree and is now installed - by default. Two new users (<username>proxy</username> and - <username>_pflogd</username>) and three new - groups (<username>authpf</username>, <username>proxy</username>, - and <username>_pflogd</username>), - which <application>pf</application> needs, have been added as well.</para> - - <note> - <para>On upgrading from source, these user accounts must be - added in advance. <literal>mergemaster -p</literal> can be - used to assist in creating the proper entries in the - &man.passwd.5; and &man.group.5; files. - The <varname>NO_PF</varname> variable - in <filename>make.conf</filename> can be used to prevent - <application>pf</application> from building.</para> - </note> - - <para>Several userland utilities of OpenBSD's - <application>pf</application> have been imported. - &man.ftp-proxy.8; is an ftp proxy for &man.pf.4;, - &man.pfctl.8; is an equivalent to &man.ipf.8;, - &man.pflogd.8; is a daemon logging packets via <literal>if_pflog</literal> - in &man.pcap.3; format, and - &man.authpf.8; is an authentication shell - to modify &man.pf.4; rulesets.</para> - - <para><application>routed</application> has been updated from - release 2.22 to release 2.27 from rhyolite.com. Note that for - users relying on RIP's MD5 authentication feature, - &man.routed.8; routed is now incompatible with previous versions - of &os;; however it is now compatible with implementations from - Sun, Cisco and other vendors.</para> - - <para><application>sendmail</application> has been updated from - version 8.12.10 to version 8.13.1. &merged;</para> - - <para><application>tcpdump</application> has been updated from - version 3.7.1 to version 3.8.3.</para> - - <para><application>tcsh</application> has been updated from - version 6.11 to version 6.13.00.</para> - - <para>The timezone database has been updated from - <filename>tzdata2003a</filename> to - <filename>tzdata2004a</filename>.</para> - - <para><application>zlib</application> has been updated - from version 1.1.4 to version 1.2.1.</para> + <para></para> </sect2> <sect2 id="ports"> <title>Ports/Packages Collection Infrastructure</title> - <para>Most of startup/shutdown scripts installed by - various ports now use the new &man.rc.8; framework - introduced in &os; 5.<replaceable>X</replaceable>, while some ports still use the - old-style scripts. On startup, the new &man.rc.8; style scripts - are executed first and then the old-style scripts. - On shutdown, exactly the reverse happens.</para> - - <para>The <literal>SIZE</literal> attribute for distfiles, - which can be used for checking file sizes before fetching, - has been added and enabled by default. - <varname>DISABLE_SIZE</varname> is a user control knob - to disable the distfile size checking. This is especially - useful on old &os; versions which did not have &man.fetch.1; - support for this, and for some FTP proxies which always - report incorrect or bogus sizes.</para> - - <para>Two new files have been added to the ports tree to track - note-worthy changes: <filename>ports/CHANGES</filename> lists - major changes to the Ports Collection and its infrastructure. - <filename>ports/UPDATING</filename> describes some potential - pitfalls that can be encountered when updating certain ports, - analogous to <filename>src/UPDATING</filename> for the base - system.</para> - - <para>The version number parsing code has been rewritten in the - system <filename>pkg_*</filename> tools, restoring compatibility - with 4.x and - <filename role="package">sysutils/portupgrade</filename>.</para> - - <para>The package tools can now match packages with relational - operators and csh-style <literal>{...}</literal> - choices. For example:</para> - - <screen>&prompt.root; <userinput>pkg_info -I 'docbook>=3.0'</userinput></screen> - - <para>will list (all) docbook DTDs with at least version 3.0. - Additional command line options have also been added to aid - pattern matching.</para> - - <para>The package tools have improved handling of corrupt package - databases.</para> - - <para>&man.pkg.create.1; now supports a <option>-S</option> - option to make all <literal>@cwd</literal> be prefixed - during package creation.</para> - - <para>&man.pkg.info.1; now supports a <option>-j</option> - option to show the requirements script for each package.</para> + <para></para> </sect2> <sect2 id="releng"> <title>Release Engineering and Integration</title> - <para arch="i386,pc98">The building process for boot floppy images - has been completely overhauled. The most significant change is - that the loader now boots a stock <filename>GENERIC</filename> - kernel split across multiple disks (two at the time of this - writing). This greatly improves installations that begin with a - boot from floppy disk, because they now use exactly the same - kernel (and thus support the same hardware) as CDROM - installations. The stripped-down <filename>MFSROOT</filename> - kernel is no longer needed, and the <filename>mfsroot</filename> - image no longer requires kernel modules. The - <filename>boot.flp</filename> and - <filename>driver.flp</filename> images are also obsolete and no - longer built.</para> - - <para>&os; cryptography support is no longer an optional component - of releases, and the <literal>crypto</literal> release distribution - is now part of <literal>base</literal>. - Note that the <option>-DNOCRYPT</option> build option still - exists for anyone who really wants to build non-cryptographic - binaries. </para> - - <para>The supported release of <application>GNOME</application> - has been updated from version 2.4 to version 2.6.2. - - <note> - <para>If you are using the older <application>GNOME</application> - desktop itself (<filename role="package">x11/gnome2</filename>), simply upgrading it from the &os; Ports Collection - with - &man.portupgrade.1; - (<filename role="package">sysutils/portupgrade</filename>) - will cause serious problems. - If you are a <application>GNOME</application> desktop user, - please read the instructions carefully at - <ulink url="&url.base;/gnome/docs/faq26.html"></ulink>, - and use the <filename>gnome_upgrade.sh</filename> script to - properly upgrade to <application>GNOME</application> 2.6.</para> - - <para>Note that if you are just a casual user of some of the - <application>GNOME</application> libraries, - &man.portupgrade.1; should be sufficient - to update your ports.</para> - </note> - </para> - - <para>The supported release of <application>KDE</application> - has been updated from version 3.1.4 to version 3.3.0.</para> - - <para>The <filename role="package">security/portaudit</filename> utility - has been added to the &os; Ports Collection. This utility will read a database - containing known ports vulnerabilities and report them to the - administrator.</para> - - <para>&os; now uses <application>Xorg</application> instead of - <application>XFree86</application> as the default X Window System. - The supported release is <application>Xorg</application> X11R6.7.0. - Note that <application>XFree86</application> is also available in the &os; - Ports Collection (<filename role="package">x11/XFree86-4</filename>).</para> + <para></para> </sect2> <sect2 id="doc"> @@ -1934,15 +215,7 @@ <sect1 id="upgrade"> <title>Upgrading from previous releases of &os;</title> - <para>Users with existing &os; systems are - <emphasis>highly</emphasis> encouraged to read the <quote>Early - Adopter's Guide to &os; &release.current;</quote>. This document generally has - the filename <filename>EARLY.TXT</filename> on the distribution - media, or any other place that the release notes can be found. It - offers some notes on upgrading, but more importantly, also - discusses some of the relative merits of upgrading to &os; - 5.<replaceable>X</replaceable> versus running &os; - 4.<replaceable>X</replaceable>.</para> + <para></para> <important> <para>Upgrading &os; should, of course, only be attempted after diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index 7dcbd1b..e564051 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -16,14 +16,7 @@ <abstract> <para>The release notes for &os; &release.current; contain a summary - of -<![ %include.historic; [ - the changes made to the &os; base system since &release.prev;. -]]> -<![ %no.include.historic; [ - recent changes made to the &os; base system on the &release.branch; - development branch. -]]> + of the changes made to the &os; base system since &release.branch; is created. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. @@ -108,409 +101,17 @@ <sect2 id="security"> <title>Security Advisories</title> - <para>A bug in &man.mksnap.ffs.8; has been fixed; it caused the creation of a - file system snapshot to reset the flags on the file system to - their default values. The possible consequences depended on local - usage, but could include disabling extended access control lists - or enabling the use of setuid executables stored on an untrusted - file system. This bug also affected the &man.dump.8; - <option>-L</option> option, which uses &man.mksnap.ffs.8;. Note - that &man.mksnap.ffs.8; is normally only available to the - superuser and members of the <groupname>operator</groupname> - group. For more information, see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para> - - <para>A bug with the System V Shared Memory interface - (specifically the &man.shmat.2; system call) has been fixed. - This bug can cause a shared memory segment to reference - unallocated kernel memory. In turn, this can permit a local - attacker to gain unauthorized access to parts of kernel memory, - possibly resulting in disclosure of sensitive information, - bypass of access control mechanisms, or privilege escalation. - More details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>. - &merged;</para> - - <para>A programming error in the &man.jail.attach.2; system call - has been fixed. This error could allow a process with superuser - privileges inside a &man.jail.8; environment to change its root - directory to that of a different jail, and thus gain full read - and write access to files and directories within the target - jail. More information can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para> - - <para>A potential low-bandwidth denial-of-service attack against - the &os; TCP stack has been prevented by limiting the number of - out-of-sequence TCP segments that can be held at one time. More - details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>. - &merged;</para> - - <para>A bug in <application>OpenSSL</application>'s SSL/TLS - ChangeCipherSpec message processing could result in - a null pointer dereference, has been fixed. - This could allow a remote attacker to crash an - <application>OpenSSL</application>-using - application and cause a denial-of-service on the system. - More details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc">FreeBSD-SA-04:05</ulink>. - &merged;</para> - - <para>A programming error in the handling of some IPv6 - socket options within the &man.setsockopt.2; system call - has been fixed. This allows a local attacker to cause a - system panic, and may allow to gain unauthorized access to - parts of kernel memory, possibly resulting in disclosure - of sensitive information, bypass of access control - mechanisms, or privilege escalation. - More details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc">FreeBSD-SA-04:06</ulink>.</para> - - <para>Two programming errors in <application>CVS</application> - have been fixed. They allow a server to overwrite arbitrary - files on the client, and a client to read arbitrary files - on the server when accessing remote CVS repositories. - More details can be found in security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc">FreeBSD-SA-04:07</ulink>. &merged;</para> - - <para>A bugfix for <application>Heimdal</application> rectifies a - problem in which it would not perform adequate checking of - authentication across autonomous realms. For more information, - see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:08.heimdal.asc">FreeBSD-SA-04:08</ulink>. &merged;</para> - - <para>A programming error in <application>CVS</application> which - allow the malicious client to overwrite arbitrary portions of - the server's memory has been fixed. For more information, - see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc">FreeBSD-SA-04:10</ulink>. &merged;</para> - - <para>A potential cache consistency problem of - the implementation of the &man.msync.2; system call - involving the <literal>MS_INVALIDATE</literal> - operation has been fixed. However, as a side effect of closing - this security problem, the <literal>MS_INVALIDATE</literal> - flag no longer guarantees that all pages in the range are invalidated. - Users who require the old semantics of <literal>MS_INVALIDATE</literal> - and are not concerned with the security issue being fixed can set the - <varname>vm.old_msync</varname> sysctl to 1 which will revert to - the old (insecure) behavior. For more information, - see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc">FreeBSD-SA-04:11</ulink>. &merged;</para> - - <para>A programming error in the &man.jail.2; system call - which results in a failure to verify that an attempt - to manipulate routing tables originated from a non-jailed process - has been fixed. - For more information, see security advisory <ulink - url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jail.asc">FreeBSD-SA-04:12</ulink>. &merged;</para> - - <para>A programming error in the handling of some Linux system calls which - may result in memory locations being accessed without proper validation - has been fixed. - For more information, see security advisory <ulink - url="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:13.linux.asc">FreeBSD-SA-04:13</ulink>. &merged;</para> - - <para>A number of programming errors in <application>CVS</application> - which allow information disclosure, denial-of-service, or - possibly arbitrary code execution, have been fixed - via an upgrade to <application>CVS</application> 1.11.17. - For more information, see security advisory <ulink - url="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc">FreeBSD-SA-04:14</ulink>. &merged;</para> - - <para>A bug in <literal>CONS_SCRSHOT</literal> &man.ioctl.2; - has been fixed; it may allow to gain unauthorized access to - parts of kernel memory, possibly resulting in disclosure - of sensitive information, bypass of access control - mechanisms, or privilege escalation. - For more information, see security advisory <ulink - url="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:15.syscons.asc">FreeBSD-SA-04:15</ulink>. &merged;</para> - + <para></para> </sect2> <sect2 id="kernel"> <title>Kernel Changes</title> - <para><literal>ADAPTIVE_MUTEXES</literal> has been added - and enabled by default. This changes the behavior - of blocking mutexes to spin if the thread that currently - owns the mutex is executing on another CPU. - This feature can be disabled explicitly by setting - a kernel option <varname>NO_ADAPTIVE_MUTEXES</varname>.</para> - - <para>A kernel option <varname>ADAPTIVE_GIANT</varname>, which - causes the Giant lock to also be treated in - an adaptive fashion when adaptive mutexes are enabled, - has been added. This improves the performance of SMP machines - and is enabled by default on the i386.</para> - - <para>The &man.bus.dma.9; interface now supports transparently honoring - the alignment and boundary constraints in the DMA tag - when loading buffers, and <function>bus_dmamap_load()</function> - will automatically use bounce buffers when needed. - In addition, a set of sysctls <varname>hw.busdma.*</varname> - for &man.bus.dma.9; statistics has been added.</para> - - <para>The &man.contigmalloc.9; function has been reimplemented - with an algorithm which stands a greatly-improved chance of working - despite pressure from running programs. The old algorithm can be used - by setting a sysctl <varname>vm.old_contigmalloc</varname>. More details - can be found in the &man.contigmalloc.9; manual page.</para> - - <para>The &man.devfs.5; path rules now work correctly on - directories.</para> - - <para>The &man.getvfsent.3; API has been removed.</para> - - <para>The <varname>hw.pci.allow_unsupported_io_range</varname> - loader tunable has been removed.</para> - - <para>&man.jail.2; now supports the use of raw sockets from within a jail. - This feature is disabled by default, and controlled by using the - <varname>security.jail.allow_raw_sockets</varname> sysctl.</para> - - <para>&man.kqueue.2; now supports a new filter - <literal>EVFILT_FS</literal> to be used to signal generic file system - events to the user space. Currently, mount, unmount, and up/down - status of NFS are signaled.</para> - - <para>KDB, a new debugger framework, has been added. - This consists of a new GDB backend, which has been rewritten to support - threading, run-length encoding compression, and so on, and - the frontend that provides a framework in which multiple, different - debugger backends can be configured and which provides - basic services to those backends. - The following options has been changed:</para> - - <itemizedlist> - <listitem> - <para>KDB is enabled by default - via the kernel options <literal>options KDB</literal>, - <literal>options GDB</literal>, and <literal>options DDB</literal>. - Both <literal>DDB</literal> and - <literal>GDB</literal> specify which KDB backends to include.</para> - </listitem> - - <listitem> - <para><literal>WITNESS_DDB</literal> has been renamed to - <literal>WITNESS_KDB</literal>.</para> - </listitem> - - <listitem> - <para><literal>DDB_TRACE</literal> has been renamed to - <literal>KDB_TRACE</literal>.</para> - </listitem> - - <listitem> - <para><literal>DDB_UNATTENDED</literal> has been renamed to - <literal>KDB_UNATTENDED</literal>.</para> - </listitem> - - <listitem> - <para><literal>SC_HISTORY_DDBKEY</literal> has been renamed to - <literal>SC_HISTORY_KDBKEY</literal>.</para> - </listitem> - - <listitem> - <para><literal>DDB_NOKLDSYM</literal> has been removed. - The new DDB backend supports pre-linker symbol - lookups as well as KLD symbol lookups at the same time.</para> - </listitem> - - <listitem> - <para><literal>GDB_REMOTE_CHAT</literal> has been removed. - The GDB protocol hacks to allow this are &os; specific. - At the same time, the GDB protocol has packets for console - output.</para> - </listitem> - </itemizedlist> - - <para>KDB also serves as the single point of contact for any and - all code that wants to make use of the debugger functions, - such as entering the debugger or handling of the - alternate break sequence. - For this purpose, the frontend has been made non-optional. - All debugger requests are forwarded or handed over to the current - backend, if applicable. - Selection of the current backend is done by the - <varname>debug.kdb.current</varname> sysctl. - A list of configured backends can be obtained with the - <varname>debug.kdb.available</varname> sysctl. - One can enter the debugger by writing to the - <varname>debug.kdb.enter</varname> sysctl.</para> - - <para>A new sysctl <varname>debug.kdb.stop_cpus</varname> has been - added. This controls whether or not IPI (Inter Processor Interrupts) - to other CPUs will be delivered when entering the debugger, - in order to stop them while in the debugger.</para> - - <para arch="amd64">Loadable kernel modules now work and are - enabled in the amd64 build.</para> - - <para arch="amd64">Preliminary support for running 32-bit - Linux binaries on amd64 has been added. This feature is enabled with the - <literal>COMPAT_LINUX32</literal> kernel option.</para> - - <para>A new kernel option <literal>MAC_STATIC</literal> which - disables internal MAC Framework synchronization protecting against - dynamic load and unload of MAC policies, has been added.</para> - - <para>The &man.mac.bsdextended.4; policy now supports to match and - apply on a first rule only in place of all rules match. - This feature can be enabled by setting a new sysctl - <varname>mac_bsdextended_firstmatch_enabled</varname>.</para> - - <para>The &man.mac.bsdextended.4; policy can now log - failed attempts to syslog's <literal>AUTHPRIV</literal> facility. - This feature can be enabled by setting a new sysctl - <varname>mac_bsdextended_logging</varname>.</para> - - <para>mballoc has been replaced with mbuma, an Mbuf and Cluster - allocator built on top of a number of extensions to the UMA framework. - Due to this change, the <literal>NMBCLUSTERS</literal> kernel option - is no longer used. The maximum number of the clusters is still - capped off according to <literal>maxusers</literal>, - but it can be made unlimited by setting the - <varname>kern.ipc.nmbclusters</varname> loader tunable to zero.</para> - - <para><filename>/dev/kmem</filename>, <filename>/dev/mem</filename>, - and <filename>/dev/io</filename> are also provided as kernel - loadable modules now.</para> - - <para>A bug in &man.mmap.2; that pages marked as <literal>PROT_NONE</literal> - may become readable under certain circumstances, has been fixed. &merged;</para> - - <para arch="i386,pc98">A new kernel option <literal>MP_WATCHDOG</literal> - has been added; it - allows one of the logical CPUs on a system to be used as a dedicated - watchdog to cause a drop to the debugger and/or generate an NMI - to the boot processor if the kernel ceases to respond. - Several sysctls are available to enable the watchdog running out of the - processor's idle thread; a callout is launched to reset a timer - in the watchdog. If the callout fails to reset the timer for ten seconds, - the timeout process will take place. The <varname>debug.watchdog_cpu</varname> - sysctl allows to select which CPU will run the watchdog.</para> - - <para arch="i386,pc98">A sysctl <varname>debug.leak_schedlock</varname> - has been added. This causes a sysctl handler that incorrectly leaks - the holding sched lock, to spin the lock - in order to trigger the watchdog provided by the - <literal>MP_WATCHDOG</literal> option.</para> - - <para>A new loader tunable <varname>debug.mpsafenet</varname> has been - added and enabled by default. This causes the &os; network stack - to operate without the Giant lock, resulting in performance - improvement by increasing parallelism and decreasing latency - in network processing. Note that enabling one of the &man.ng.tty.4; - Netgraph node type, KAME IPsec, and IPX/SPX subsystem results in a boot-time - restoration of Giant-enabled network operation, or run-time - warning on dynamic load as these components require Giant lock - for correct operation.</para> - - <para>A new kernel option <varname>NET_WITH_GIANT</varname> has been - added. This restores the default value of debug.mpsafenet to - <literal>0</literal>, and is intended for use on systems compiled with - known unsafe components, or where a more conservative configuration is - desired.</para> - - <para>A new loader tunable <varname>debug.mpsafevm</varname> has been - added. This currently results in almost - Giant-free execution of zero-fill page faults.</para> - - <para arch="i386,amd64">A loader tunable <varname>debug.mpsafevm</varname> + <para>The loader tunable <varname>debug.mpsafevm</varname> has been has been enabled by default.</para> - <para arch="alpha,amd64,i386">A new kernel option - <literal>PREEMPTION</literal> has been added. - This allows the threads that are in the kernel to be preempted - by higher priority threads. It helps with interactivity and - allows interrupt threads to run sooner rather than waiting.</para> - - <para>A devclass level has been added to the dev sysctl tree, - in order to support per-class variables in addition to - per-device variables. This means that <varname>dev.foo0.bar</varname> - is now called <varname>dev.foo.0.bar</varname>, and it is - possible to to have <varname>dev.foo.bar</varname> as well.</para> - - <para>A new sysctl, <varname>kern.always_console_output</varname>, - has been added. It makes output from the kernel go to the console despite - the use of <varname>TIOCCONS</varname>.</para> - - <para>A sysctl <varname>kern.sched.name</varname> - which has the name of the scheduler currently in use, - has been added, and the <varname>kern.quantum</varname> sysctl - has been moved to <varname>kern.sched.quantum</varname> - for consistency.</para> - - <para>The &man.pci.4; bus resource and power management have - been updated. - - <note> - <para>Although the &man.pci.4; bus power state management - has been enabled by default, it may cause problems on some systems. - This can be disabled by setting the tunable - <varname>hw.pci.do_powerstate</varname> to - <literal>0</literal>.</para> - </note> - </para> - - <para>The ULE scheduler has been added as an additional scheduler. - Note that the conventional one, which is called 4BSD, is still used - as the default scheduler in <filename>GENERIC</filename> kernel. - For the average user, - interactivity is reported to be better in many cases. This - means less <quote>skipping</quote> and <quote>jerking</quote> in - interactive applications while the machine is very busy. This - will not prevent problems due to overloaded disk subsystems, but - it does help with overloaded CPUs. On SMP machines, ULE has - per-CPU run queues which allow for CPU affinity, CPU binding, - and advanced HyperThreading support, as well as providing a - framework for more optimizations in the future. As fine-grained - kernel locking continues, the scheduler will be able to make - more efficient use of the available parallel resources.</para> - - <para>A linear search algorithm used in - &man.vm.map.findspace.9; has been replaced with - an O(log n) algorithm built into the map entry splay tree. - This significantly reduces the overhead in &man.vm.map.findspace.9; - for applications that &man.mmap.2; many hundreds or thousands - of regions.</para> - - <para>The loader tunables <varname>debug.witness_*</varname> - have been renamed to <varname>debug.witness.*</varname>.</para> - <!-- Above this line, sort kernel changes by manpage/keyword--> - <para>The &os; dynamic and static linker now support Thread Local Storage (TLS), - a <application>GCC</application> feature which supports - a <literal>__thread</literal> modifier - to the declaration of global and static variables. - This extra modifier means that the variable's value is - thread-local; one thread changing its value will not - affect the value of the variable in any other thread.</para> - - <para>The kernel's file descriptor allocation code has been - updated, and is now derived from similar code in OpenBSD.</para> - - <para arch="sparc64">On &os;/sparc64, <varname>time_t</varname> - has been changed from a 32-bit value to a 64-bit value. - - <note> - <para>Since this change is not backward-compatible, - any programs which were built on an older system using - a 32-bit <varname>time_t</varname> and - call system routines for handling - <varname>time_t</varname> values, will have to be recompiled. - More detailed information and notice on upgrading from - the source can be found in - <filename>/usr/src/UPDATING.64BTT</filename>.</para> - </note> - </para> - - <para arch="i386">It is now possible to compile the &os;/i386 - kernel with the Intel C/C++ Compiler (as in the <filename - role="package">lang/icc</filename> port).</para> - <sect3 id="boot"> <title>Boot Loader Changes</title> @@ -531,541 +132,29 @@ <sect3 id="proc"> <title>Hardware Support</title> - <para arch="i386">The &man.acpi.asus.4; driver has been added - to use ACPI-controlled hardware features, such as hot keys and - LEDs on ASUSTek laptops.</para> - - <para arch="i386">The &man.acpi.panasonic.4; driver has been added - to support hot keys of Panasonic laptops. It now supports - Let's note (or Toughbook, outside Japan) CF-R1N, CF-R2A, and - CF-R3.</para> - - <para arch="i386">The &man.acpi.toshiba.4; driver has been added - to use Toshiba's Hardware Control Interface to manipulate - certain hardware features on Toshiba laptops, such as - video output switching.</para> - - <para>The &man.acpi.video.4; driver has been added to provide - control display switching and backlight brightness using the - ACPI Video Extensions.</para> - - <para arch="i386">The &man.acpi.4; driver now supports - per-device sysctls (<varname>dev.root0.nexus0.acpi0.acpi_lid0.wake</varname>, - for instance) to allow users to set whether or not a given - device can wake the system.</para> - - <para arch="i386">The &man.acpi.4; driver will now - be disabled automatically when the machine has a well-known broken BIOS. - This behavior can be overridden by setting the loader tunable - <varname>hint.acpi.0.disabled</varname> to <literal>0</literal>.</para> - - <para arch="amd64">The &man.agp.4; driver now supports the AMD64 graphics - aperture relocation table (GART).</para> - - <para arch="i386">The &man.ctau.4; driver has been added for Cronyx Tau - synchronous serial adapters. This driver was known for a long time as - <quote>ct</quote> in its previous life outside the &os; source tree. &merged; - - <note> - <para>The driver name has changed, but the network interface still - has the <devicename>ct</devicename> name.</para> - </note> - </para> - - <para arch="i386,pc98">The &man.cp.4; driver has been added for Cronyx Tau-PCI - synchronous serial adapters.</para> - - <para arch="i386,pc98">The <devicename>dgb</devicename> - (DigiBoard intelligent serial card) driver has been - removed due to breakage. Its replacement is the &man.digi.4; driver, - which supports all the hardware of the <devicename>dgb</devicename> - driver.</para> - - <para>The &man.nmdm.4; driver has been rewritten to improve its reliability.</para> - - <para>The <devicename>raid(4)</devicename> driver - (RAIDframe disk driver from NetBSD) has been removed. - It is currently non-functional, and would require some amount of work - to make it work under the &man.geom.4; API in 5-CURRENT.</para> - - <para>An entry of the &man.pcic.4; driver has been removed from a - kernel configuration file for <filename>GENERIC</filename> kernel because - this is no longer maintained. The entry had actually - been commented out for a long time.</para> - - <para arch="i386">The &man.psm.4; driver and &man.moused.8; - now support the Synaptics TouchPad.</para> - - <para arch="i386">The entropy device &man.random.4; now - supports a hardware random number generator (RNG) - in the VIA C3 Nehemiah (Stepping 3 and above) CPU.</para> - - <para arch="sparc64">The &man.sab.4; driver now supports the - <literal>BREAK_TO_DEBUGGER</literal> kernel option.</para> - - <para arch="i386,pc98">The <devicename>sx</devicename> driver, - which supports Specialix I/O8+ and I/O4+ - intelligent multiport serial controllers, has been added.</para> - - <para arch="alpha,amd64,i386">For the &man.uart.4; device, - the <varname>hw.uart.console</varname> and - <varname>hw.uart.dbgport</varname> kernel environment variables - have been added. They can be used to select a serial console and - debug port respectively, as well as the attributes.</para> - - <para>The &man.ubser.4; device driver has been added to support - BWCT console management serial adapters.</para> - - <para>&man.ucycom.4; driver has been added for - the Cypress CY7C637xx and CY7C640/1xx families of USB to RS232 bridges, - such as the one found in the DeLorme Earthmate USB GPS - receiver (which is the only device currently supported by this driver). - This driver is not complete because there is no support yet for flow - control and output.</para> - - <para arch="i386">Several old drivers for ISA cards have been removed, - including - the <devicename>asc</devicename> driver for GI1904-based hand scanners, - the <devicename>ctx</devicename> driver for CORTEX-I Frame Grabber, - the <devicename>gp</devicename> driver for National Instruments AT-GPIB and AT-GPIB/TNT boards, - the <devicename>gsc</devicename> driver for the Genius GS-4500 hand scanner, - the <devicename>le</devicename> driver for DEC EtherWORKS II and III Ethernet controllers, - the <devicename>rdp</devicename> driver for RealTek RTL 8002-based pocket Ethernet adapters, - the <devicename>spigot</devicename> driver for the Creative Labs Video Spigot video-acquisition board, - the <devicename>stl</devicename> and - <devicename>stli</devicename> drivers for Stallion Technologies multiport serial - controllers, and the <devicename>wt</devicename> driver for Archive/Wangtek cartridge tapes. - They are currently non-functional, and would require a considerable - amount of work to make them work under the new API in 5-CURRENT. - The userland support such as related ioctls and utilities including - <devicename>sasc</devicename> and <devicename>sgsc</devicename> - has also been removed.</para> - - <para>The device driver infrastructure (as well as many drivers) - have been updated. Among the changes: Many more drivers now use - automatically-assigned major numbers (instead of the old static - major numbers). Enhanced functions to support cloning of - pseudo-devices. Several changes to the driver API, including a - new <varname>d_version</varname> field in <varname>struct - cdevsw</varname>. Note that third-party device drivers will - require recompiling after this change.</para> - <sect4 id="mm"> <title>Multimedia Support</title> - <para>The <devicename>meteor</devicename> (video capture) - driver has been removed due to - breakage and lack of maintainership.</para> - - <para>The Direct Rendering Manager (DRM) code has been updated - from the DRI Project CVS tree as of 26 May, 2004. This update - includes new PCI IDs and a new packet for Radeon.</para> - - <para>The drivers for various sound cards has been reorganized; - <literal>device sound</literal> is the generic sound driver, - and <literal>device snd_*</literal> are device-specific sound drivers now. - The <devicename>midi</devicename> driver, which supports serial port - and several sound cards, has been removed. - More details can be found in related manual pages: - &man.sound.4;, &man.snd.ad1816.4;, &man.snd.als4000.4;, &man.snd.cmi.4;, - &man.snd.cs4281.4;, &man.snd.csa.4;, &man.snd.ds1.4;, &man.snd.emu10k1.4;, - &man.snd.es137x.4;, &man.snd.gusc.4;, &man.snd.maestro3.4;, - &man.snd.sbc.4;, &man.snd.solo.4;, and &man.snd.uaudio.4;.</para> - - <para>The &man.sound.4; (formerly &man.pcm.4;) driver has been modified to read - <filename>/boot/device.hints</filename> on startup, to allow setting - of default values for mixer channels. - Note that currently the device driver's name used in - <filename>/boot/device.hints</filename> is still <literal>pcm</literal>. - More detailed information and examples can be found in the &man.sound.4; - manual page.</para> + <para></para> </sect4> <sect4 id="net-if"> <title>Network Interface Support</title> - <para arch="i386">The &man.arl.4; driver, which supports - Aironet Arlan 655 wireless adapters has been added. &merged;</para> - - <para arch="sparc64">The &man.dc.4; driver now supports sparc64 - Davicom cards that store their MAC address in - Open Firmware.</para> - - <para>A short hiccup in the &man.em.4; driver during parameter - reconfiguration, has been fixed. &merged;</para> - - <para>The &man.fwip.4; driver, which supports IP over FireWire has been added. - Note that currently the broadcast channel number is hardwired and - MCAP for multicast channel allocation is not supported. - This driver is intended to conform to the RFC 2734 and RFC 3146 - standard for IP over FireWire and eventually replace - the &man.fwe.4; driver.</para> - - <para>&man.fxp.4; now uses the device sysctl tree such as - <varname>dev.fxp0</varname>, and those sysctls can be set - on a per-device basis.</para> - - <para>&man.fxp.4; now provides actual control over its capability - to receive extended Ethernet frames, indicated by the - <literal>VLAN_MTU</literal> interface capability. - It can be toggled from userland with the aid of the - <option>vlanmtu</option> and <option>-vlanmtu</option> options - to &man.ifconfig.8;.</para> - - <para arch="i386,pc98">The <devicename>hea</devicename> - (Efficient Networks, Inc. ENI-155p ATM adapter) - driver has been removed due to breakage. Its functionality - has been subsumed into the &man.en.4; driver.</para> - - <para>The &man.hme.4; driver now natively supports - long frames, so it can be used for &man.vlan.4; with full Ethernet - MTU size.</para> - - <para>The &man.hme.4; driver now supports - TCP/UDP Transmit/Receive checksum offload. - Since &man.hme.4; does not compensate the checksum - for UDP datagram which can yield to <literal>0x0</literal>, - UDP transmit checksum offload is disabled by default. - This can be reactivated by setting the special link - option <option>link0</option> with &man.ifconfig.8;.</para> - - <para>The &man.ixgb.4; driver, which supports - Intel PRO/10GBE 10 Gigabit Ethernet cards, has been - added. &merged;</para> - - <para arch="i386">The <devicename>lmc</devicename> - (LAN Media Corp. PCI WAN adapter) driver has been - removed due to breakage and lack of maintainership.</para> - - <para arch="i386">The <devicename>loran</devicename> - (Loran-C receiver) driver has been removed due to - breakage and lack of maintainership.</para> - - <para arch="i386">&os; now provides a binary compatibility layer - for using µsoft.windows; NDIS drivers for network - adapters under &os;/i386. It includes a relocator/linker for - &windows; <filename>.SYS</filename> files to interface with - the &os; kernel and emulates various parts of the NDIS API - using native &os; kernel functions. This system supports PCI - (&man.pci.4;) and CardBus (&man.cardbus.4;) network devices, - and is designed principally for - Ethernet and wireless network interfaces. - For more information, see the &man.ndis.4; and - &man.ndiscvt.8; manual pages.</para> - - <para>A bug that prevents VLAN support in the &man.nge.4; driver - from working has been fixed. &merged;</para> - - <para>Several bugs related to &man.polling.4; support - in the &man.rl.4; driver have been fixed. &merged;</para> - - <para>Several bugs related to multicast and promiscuous mode - handling in the &man.sk.4; driver have been fixed.</para> - - <para>The &man.ste.4; driver now supports &man.polling.4;. - &merged;</para> - - <para>The &man.udav.4; driver has been added. It provides - support for USB Ethernet adapters based on the Davicom DM9601 - chipset.</para> - - <para>&man.vge.4; driver, which supports - the VIA Networking Technologies - VT6122 Gigabit Ethernet chip and integrated 10/100/1000 copper PHY, - has been added.</para> - - <para>The &man.vr.4; driver now supports &man.polling.4;. &merged;</para> - - <para>The hardware TX checksum support in the &man.xl.4; driver - has been disabled as it does not work correctly and slows down - the transmission rate. &merged;</para> - - <para>Interface &man.polling.4; support - can now be enabled on a per-interface basis. The following network drivers - support &man.polling.4;: &man.dc.4;, &man.fxp.4;, &man.em.4;, &man.ixgb.4;, - &man.nge.4;, &man.re.4;, &man.rl.4;, &man.sis.4;, &man.ste.4;, &man.vge.4;, - and &man.vr.4;. And they now also support this capability and it can - be controlled - via &man.ifconfig.8; except for &man.ixgb.4;. &merged;</para> + <para></para> </sect4> </sect3> <sect3 id="net-proto"> <title>Network Protocols</title> - <para>The &man.gre.4; tunnel driver now supports WCCP version - 2.</para> - - <para>&man.ipfw.4; rules now support the <literal>versrcreach</literal> - option to verify that a valid route to the source address - of a packet exists in the routing table. - This option is very useful for routers with a complete view of - the Internet (BGP) in the routing table to reject packets with - spoofed or unroutable source addresses. For example, - - <programlisting>deny ip from any to any not versrcreach</programlisting> - - is equivalent to the following in Cisco IOS syntax: - - <programlisting>ip verify unicast source reachable-via any</programlisting> - </para> - - <para>&man.ipfw.4; rules now support the <literal>antispoof</literal> - option to verify if incoming packet's source address belongs to - a directly connected network. If the network is directly - connected, then the interface the packet came on in is compared to - the interface the network is connected to. When incoming interface - and directly connected interface are not the same, the packet does - not match. For example: - - <programlisting>deny ip from any to any not antispoof in</programlisting> - </para> - - <para>&man.ipfw.4; rules now support the <literal>jail</literal> - option to associate the rule with a specific prison ID. - For example: - - <programlisting>count ip from any to any jail 2</programlisting> - - Note that this rule currently applies for TCP and UDP packets only. - </para> - - <para>&man.ipfw.4; now supports lookup tables. This feature is - useful for handling large sparse address sets. &merged;</para> - - <para>The &man.ipfw.4; <literal>forward</literal> rule has to be compiled - into the kernel with a kernel option <literal>IPFIREWALL_FORWARD</literal> - to enable it.</para> - - <para>A new sysctl <varname>net.inet.ip.process_options</varname> - to control the processing of IP options. When this sysctl - is set to <literal>0</literal> IP options are ignored and passed unmodified, - set to <literal>1</literal> all IP options are processed (default), - and set to <literal>2</literal> all packets with - IP options are rejected with an ICMP filter prohibited message, - respectively.</para> - - <para>Some bugs in the IPsec implementation from the KAME - Project have been fixed. These bugs were related to freeing - memory objects before all references to them were removed, and - could cause erratic behavior or kernel panics after flushing - the Security Policy Database (SPD).</para> - - <para>&man.natd.8; now supports multiple instances via - a new option <option>globalports</option>. - This allows &man.natd.8; to be bound to - different network interfaces and sharing of load.</para> - - <para>The &man.ng.atmllc.4; Netgraph node type, which handles - RFC 1483 ATM LLC encapsulation, has been added.</para> - - <para>The &man.ng.hub.4; Netgraph node type, which supports - a simple packet distribution that acts like an Ethernet hub, - has been added. &merged;</para> - - <para>The &man.ng.rfc1490.4; Netgraph node type now supports - Cisco style encapsulation, which is often used alongside - RFC 1490 in frame relay links.</para> - - <para>The &man.ng.sppp.4; Netgraph node type, which is a &man.netgraph.4 - interface to the original &man.sppp.4 network module for synchronous - lines, has been added.</para> - - <para>A new Netgraph method has been added to restore some - behavior lost in the change from 4.<replaceable>X</replaceable> style &man.ng.tee.4; - Netgraph nodes.</para> - - <para>The &man.ng.vlan.4; Netgraph node type, which supports - IEEE 802.1Q VLAN tagging, has been added. &merged;</para> - - <para><literal>PFIL_HOOKS</literal> support is now always - compiled into the kernel, and the associated kernel compile - options have been removed. All of the packet filter subsystems - that &os; supports now use the <literal>PFIL_HOOKS</literal> - framework.</para> - - <para>The link state change notification of Ethernet media - support has been added to the routing socket.</para> - - <para>Link Quality Monitoring (LQM) support in &man.ppp.8; - has been reimplemented. LQM, which is described - in RFC 1989, allows PPP to keep track of the quality - of a running connection. &merged;</para> - - <para>The pseudo-interface cloning has been updated and - the match function to allow creation of &man.stf.4; - interfaces named <devicename>stf0</devicename>, - <devicename>stf</devicename>, or <devicename>6to4</devicename>. - Note that this breaks backward compatibility; for example, - <command>ifconfig stf</command> now creates - the interface named <devicename>stf</devicename>, - not <devicename>stf0</devicename>, and does not print - <devicename>stf0</devicename> to stdout.</para> - - <para>The following TCP features are now enabled by default: RFC - 3042 (Limited Retransmit), RFC 3390 (increased initial - congestion window sizes), TCP bandwidth-delay product - limiting. A set of sysctls <varname>net.inet.tcp.rfc3042</varname>, - <varname>net.inet.tcp.rfc3390</varname>, and - <varname>net.inet.tcp.inflight.enable</varname> - for these features are available. - More information can be found in &man.tcp.4;.</para> - - <para>&os;'s TCP implementation now includes support for a - minimum MSS (settable via the - <varname>net.inet.tcp.minmss</varname> sysctl variable) and a - rate limit on connections that send many small TCP segments - within a short period of time (via the - <varname>net.inet.tcp.minmssoverload</varname> sysctl - variable). Connections exceeding this limit may be reset and - dropped. This feature provides protection against a class of - resource exhaustion attacks.</para> - - <para>The TCP implementation now includes partial (output-only) - support for RFC 2385 (TCP-MD5) digest support. This feature, - enabled with the <literal>TCP_SIGNATURE</literal> and - <literal>FAST_IPSEC</literal> kernel options, is a TCP option - for authenticating TCP sessions. &man.setkey.8; now includes - support for the TCP-MD5 class of security associations. - &merged;</para> - - <para>The TCP connection reset handling has been improved to - make several reset attacks as difficult as possible while - maintaining compatibility with the widest range of TCP stacks.</para> - - <para>The implementation of RFC 1948 has been improved. - The time offset component of an Initial Sequence Number (ISN) - now includes random positive - increments between clock ticks so that ISNs will always - be increasing, no matter how quickly the port is recycled.</para> - - <para>The random ephemeral port allocation, which come from OpenBSD - has been implemented. This is enabled by default and can be disabled - by using the <varname>net.inet.ip.portrange.randomized</varname> - sysctl. &merged;</para> - - <para>TCP Selective Acknowledgements (SACK) as described in RFC - 2018 have been added. This improves TCP performance over - connections with heavy packet loss. SACK can be enabled with - the sysctl <varname>net.inet.tcp.sack.enable</varname>.</para> + <para></para> </sect3> <sect3 id="disks"> <title>Disks and Storage</title> - <para>The &man.ata.4; driver now supports &man.cardbus.4; ATA/SATA - controllers.</para> - - <para>A number of bugs in the &man.ata.4; driver have been - fixed. Most notably, master/slave device detection should - work better, and some problems with timeouts should be - resolved.</para> - - <para>The &man.ata.4; driver now supports the Promise command - sequencer present on all modern Promise controllers - (PDC203** PDC206**). - - <note> - <para>This also adds preliminary support for the - Promise SX4/SX4000 as a <quote>normal</quote> Promise ATA - controller; ATA RAID's are supported though - but only RAID0, RAID1 and RAID0+1.</para> - </note> - </para> - - <para>The <literal>DA_OLD_QUIRKS</literal> kernel option, - which is for the CAM SCSI disk driver (&man.cam.4;), - has been removed. &merged;</para> - - <para arch="pc98">A bug of the automatic density selection code - in the &man.fd.4; driver has been fixed.</para> - - <para>A bug in &man.geom.4; that could result in I/O hangs in some rare - cases has been fixed.</para> - - <para>A new <literal>GEOM_CONCAT</literal> - &man.geom.4; class has been added to concatenate - multiple disks to appear as a single larger disk.</para> - - <para>A new <literal>GEOM_NOP</literal> &man.geom.4; class for various - testing purposes has been added.</para> - - <para>A new <literal>GEOM_RAID3</literal> &man.geom.4; class for - RAID3 transformation and &man.graid3.8; userland utility - have been added.</para> - - <para>A new <literal>GEOM_STRIPE</literal> - &man.geom.4; class which implements RAID0 transformation has been added. - This class has two modes: <quote>fast</quote> and - <quote>economic</quote>. In fast mode, - when very small stripe size is used, only one I/O request - will be sent to every disk in a stripe; it performs about 10 - times faster for small stripe sizes than economic - mode and other RAID0 implementations. - While fast mode is used by default, - it consumes more memory than - economic mode, which sends requests each time. - Economic mode can be enabled by setting a loader tunable - <varname>kern.geom.stripe.fast</varname> to 0. - It is also possible to specify the maximum memory - that fast mode can consume, - by setting the loader tunable - <varname>kern.geom.stripe.maxmem</varname>.</para> - - <para>GEOM Gate, which consists of a new <literal>GEOM_GATE</literal> - &man.geom.4; class and several GEOM Gate userland utilities - (&man.ggatel.8;, &man.ggatec.8;, - and &man.ggated.8;) has been added. It supports exporting - devices, including non &man.geom.4;-aware devices, - through the network.</para> - - <para>A new <literal>GEOM_LABEL</literal> - &man.geom.4; class to detect volume labels on various file systems, - such as UFS, MSDOSFS (FAT12, FAT16, FAT32), and ISO9660, - has been added.</para> - - <para>A new <literal>GEOM_GPT</literal> &man.geom.4; class, - which supports GUID Partition Table (GPT) partitions - and the ability to have a large - number of partitions on a single disk, has been added into - <filename>GENERIC</filename> by default.</para> - - <para>A new <literal>GEOM_MIRROR</literal> &man.geom.4; class to support - which supports RAID1 functionality, has been added. - The &man.gmirror.8; utility can be used for control - of this class.</para> - - <para>A new <literal>GEOM_UZIP</literal> &man.geom.4; class to implement - read-only compressed disks has been added. - This currently supports cloop V2.0 disk compression format.</para> - - <para>A new <literal>GEOM_VINUM</literal> &man.geom.4; class to support - cooperation between &man.vinum.4; and &man.geom.4; - has been added.</para> - - <para>The &man.ips.4; driver now supports the recent - Adaptec ServeRAID series SCSI controller cards.</para> - - <para arch="sparc64">A bug in the &man.isp.4; driver - which prevents the cards on SBus from working correctly, - has been fixed.</para> - - <para arch="i386">The &man.twa.4; driver, which supports - 3ware's 9000 series PATA/SATA RAID controllers has been added. &merged;</para> - - <para>The &man.umass.4; driver now supports the missing - ATAPI MMC commands and handles the timeout properly. &merged;</para> - - <para>The &man.vinum.4; volume manager, has been updated to use - &man.geom.4;, the 5.x disk I/O request transformation framework. - A <command>gvinum</command> userland utility has been added.</para> - - <para arch="sparc64">The &man.esp.4; device driver has been - ported from NetBSD to support the SBus SCSI card in Sun Ultra - 1e and 2 machines.</para> - - <para>Support for LSI-type software RAID has been added.</para> - + <para></para> </sect3> <sect3 id="fs"> @@ -1073,854 +162,46 @@ <para>The autofs(9) file system and the userland library &man.libautofs.3; have been added.</para> - - <para>The EXT2FS file system code now includes partial support - for large (> 4GB) files. This support is partial in that - it will refuse to create large files on file systems that have - not been upgraded to <literal>EXT2_DYN_REV</literal> or that - do not have the - <literal>EXT2_FEATURE_RO_COMPAT_LARGE_FILE</literal> flag set - in the superblock.</para> - - <para>A panic in the NFSv4 client has been fixed; this occurred - when attempting operations against an NFSv3/NFSv2-only - server.</para> - - <para>The <literal>MSDOSFS_LARGE</literal> kernel option - has been added to support FAT32 file systems bigger - than 128GB. This option is disabled by default. It - uses at least 32 bytes of kernel memory for - each file on disk; furthermore it is only safe to use in certain - controlled situations, such as read-only mount - with less than 1 million files and so on. - Exporting these large file systems - over NFS is not supported.</para> - - <para>The SMBFS client now has support for SMB request signing, - which prevents <quote>man in the middle</quote> attacks and is - required in order to connect to Windows 2003 servers in their - default configuration. As signing each message imposes a - significant performance penalty, this feature is only enabled - if the server requires it; this may eventually become an - option to &man.mount.smbfs.8;.</para> </sect3> <sect3> <title>Contributed Software</title> - <para>The <application>ALTQ framework</application> - has been imported from a KAME snapshot as of 7 June, 2004. - This import breaks ABI compatibility of - <varname>struct ifnet</varname> and requires all network - drives to be recompiled. - Additionally some of the networking drivers have been - modified to support the ALTQ framework. - Updated drivers are &man.bfe.4;, &man.em.4;, &man.fxp.4;, - &man.em.4;, &man.lnc.4;, &man.tun.4;, &man.de.4;, - &man.rl.4;, &man.sis.4;, and &man.xl.4;.</para> - - <para><application>IPFilter</application> has been updated - from version 3.4.31 to version 3.4.35 &merged;.</para> - - <para arch="ia64">An ia64 stack unwinder, - <application>Unwind Express (libuwx)</application> - by Hewlett-Packard has been imported for use in the kernel.</para> + <para></para> </sect3> </sect2> <sect2 id="userland"> <title>Userland Changes</title> - <para>&man.acpidump.8; now supports SSDT tables. Dumping or - disassembling the DSDT will now include the contents if - there are any SSDT table as well.</para> - - <para>&man.bsdlabel.8; now supports a <option>-f</option> option - to work on files instead of disk partitions.</para> - - <para>&man.bsdtar.1; is now the default &man.tar.1; utility in the &os; - base system. <filename>/usr/bin/tar</filename> - has been a symlink pointing to - <filename>/usr/bin/bsdtar</filename> by default. - To return to using <filename>/usr/bin/gtar</filename> by - default, the <varname>WITH_GTAR</varname> - make variable can be used.</para> - - <para>The <command>bthidcontrol</command> and - <command>bthidd</command> commands, which support Bluetooth - HIDs (Human Interface Devices), have been added.</para> - - <para>&man.col.1;, &man.colcrt.1;, &man.colrm.1;, - &man.column.1;, &man.fmt.1;, &man.join.1;, &man.rev.1;, - &man.tr.1;, and &man.ul.1; now support multibyte characters.</para> - - <para>&man.conscontrol.8; now supports - <literal>set</literal> and <literal>unset</literal> - commands which set/unset the virtual console. - <literal>unset</literal> makes outputs from the system, such as - the kernel &man.printf.9;, always go out to the real - main console. This is an interface to the tty ioctl - <literal>TIOCCONS</literal>.</para> - - <para>The &man.cron.8 daemon now accepts two new options, - <option>-j</option> and <option>-J</option>, to enable - time jitter for jobs to run as unprivileged users and the - superuser, respectively. Time jitter means that &man.cron.8 - will sleep for a small random period of time in the specified - range before executing a job. This feature is intended to - smooth load peaks appearing when a lot of jobs are scheduled - for a particular moment. &merged;</para> - - <para>A bug that prevents &man.crontab.1 with the <option>-e</option> - option from properly prompting the user to re-edit the entries written in - the incorrect format, has been fixed.</para> - - <para>&man.cut.1; <option>-c</option>, - <option>-d</option>, and <option>-f</option> - now work correctly in locales with multibyte characters.</para> - - <para>&man.cvs.1; now supports <option>iso8601</option> - option keyword to print dates in ISO 8601 format.</para> - - <para>&man.daemon.8; now supports a <option>-p</option> - option to create a PID file.</para> - - <para>&man.dd.1; now supports a <option>fillchar</option> option - to specify an alternative padding character when using a conversion - mode, or when using <option>noerror</option> with - <option>sync</option> and an input error occurs.</para> - - <para>&man.df.1; now supports a <option>-c</option> option to display - a grand total of statistics for file systems.</para> - - <para>A bug in &man.df.1;, which can print invalid information - when a <option>-t</option> option is specified and - a mount point is not accessible by the calling user, - has been fixed.</para> - - <para>The <command>doscmd</command> utility has been - removed from the &os; base system. It is now available - via the <filename role="package">emulators/doscmd</filename> - port in the &os; Ports Collection.</para> - - <para>&man.dump.8; and &man.restore.8; now support - a <option>-P</option> option to specify backup methods - other than files and tapes. The argument is passed to - a normal &man.sh.1; pipeline with either the - <varname>$DUMP_VOLUME</varname> or <varname>$RESTORE_VOLUME</varname> - environment variable defined, respectively. - For more information, see &man.dump.8; and &man.restore.8;.</para> - - <para>The &man.eeprom.8; utility to display and - modify system configurations stored in EEPROM or NVRAM - has been added. The current implementation supports - systems equipped with Open Firmware.</para> - - <para arch="pc98">The &man.fdcontrol.8;, &man.fdformat.1;, and - &man.fdread.1; utilities now work on &os;/pc98.</para> - - <para>&man.fgetwln.3; function, a wide character version of - &man.fgetln.3; has been added.</para> - - <para>The &man.find.1; utility now supports a <option>-acl</option> - primary to locate files with &man.acl.3;.</para> - - <para>The &man.find.1; utility now supports a new primary - <option>-depth <replaceable>n</replaceable></option> - which tests whether the depth of the current file relative - to the starting point of the traversal is <replaceable>n</replaceable>. - &merged;</para> - - <para>&man.ftpd.8; now opens a socket for a data transfer - in active mode using effective UID of the current user, - not <username>root</username>. This is useful for matching anonymous FTP data - traffic with a single &man.ipfw.8; rule with <literal>uid</literal>.</para> - - <para>The &man.ftw.3; and &man.nftw.3; functions have been implemented. - These are used to traverse a directory hierarchy.</para> - - <para>The &man.geom.8; utility for operating on &man.geom.4; classes - from the userland has been added.</para> - - <para>&man.gpt.8;, a GUID partition table maintenance utility, - now supports a <option>remove</option> command. Its - <option>add</option> command now supports a <option>-i</option> option, - which allows the user to specify - the partition number of a new partition.</para> - - <para>The &man.id.1; now supports a <option>-M</option> option - to print the MAC label of the current process.</para> - - <para>&man.ifconfig.8; now supports renaming of network interfaces - at run-time using the <option>name</option> parameter.</para> - - <para>&man.ifconfig.8; now prints the &man.polling.4; status - on the interface. &merged;</para> - - <para>&man.ifconfig.8; now provides the - <option>vlanmtu</option> and <option>-vlanmtu</option> options, - which control the capability of some Ethernet interfaces - to receive extended frames (i.e. frames containing more than - 1500 bytes of payload).</para> - - <para>&man.ifconfig.8; now provides the - <option>vlanhwtag</option> and <option>-vlanhwtag</option> options, - which control the capability of some Ethernet interfaces - to process VLAN tags in the hardware.</para> - - <para>&man.indent.1; now supports a <option>-ldi</option> option - to control indentation of local variables. A number of other - tunings were made to this utility.</para> - - <para>&man.indent.1; now supports <option>-fbs</option> and - <option>-ut</option> for function declarations - with the opening brace on the same line as the declaration - of arguments all spaces and no tabs in order - to fix problem when non-8 space tabs are used.</para> - - <para>&man.ip6fw.8; now supports a <option>-n</option> flag to - stop it from making any changes to the rules in the kernel</para> - - <para>&man.ipcs.1; now supports a <option>-u</option> option to - display information about IPC mechanisms owned by the specified - user.</para> - - <para>&man.ipfw.8; now supports a <option>-b</option> flag to - print only the action and comment for each rule, thus omitting - the rule body.</para> - - <para>&man.jail.8; now supports a <option>-U</option> option to - run command as a user which exists only in the &man.jail.2; - environment.</para> - - <para>&man.jail.8; now supports a <option>-l</option> option to - clean the environment. All environment variables are discarded - except for <varname>HOME</varname>, <varname>SHELL</varname>, - <varname>PATH</varname>, <varname>TERM</varname>, and - <varname>USER</varname> before running the jailed program under - specific user's credentials. This behavior is similar to that - provided by the &man.su.1; <option>-l</option> - option.</para> - - <para>&man.kgdb.1;, a kernel debugging utility which uses - <application>libgdb</application> - and understands kernel threads, kernel modules, and &man.kvm.3;, - has been added.</para> - - <para>&man.killall.1; now supports a <option>-e</option> flag to - make the <option>-u</option> operate on effective, rather than - real, user IDs. &merged;</para> - - <para>&man.libalias.3; now has support (and a new API) for - multiple aliasing instances in a single process. The existing - API has been reimplemented in terms of the new one to preserve - compatibility.</para> - - <para>A <application>libarchive</application> library for manipulation - of compressed and uncompressed archive files has been - added. More details can be found in &man.libarchive.3;.</para> - - <para arch="pc98"><application>libdisk</application> now uses the - correct PC98 disk partition value for &os;. This permits the - &man.sysinstall.8; disk partition editor to correctly create a - single &os; partition covering the entire disk. &merged;</para> - - <para><application>libdisk</application> now uses - <varname>d_addr_t</varname> for disk addresses. - This allows &man.sysinstall.8; to properly handle disks - and file systems more than 1 TB.</para> - - <para arch="i386,pc98,amd64,ia64">The library formerly known as - <application>libkse</application> has been renamed - <application>libpthread</application> and is now the default threading - library on the i386, amd64, and ia64 platforms. - <application>GCC</application>'s <option>-pthread</option> - option has been changed to use <application>libpthread</application> - rather than <application>libc_r</application>. - - <note> - <para>Users with older binaries (for example, ports compiled - before this change was made) should use &man.libmap.conf.5; - to map <application>libc_r</application> and/or - <application>libkse</application> to - <application>libpthread</application>.</para> - </note> - - <note> - <para>Users with NVIDIA-supplied drivers and libraries may - need to use a &man.libmap.conf.5; that maps - <application>libpthread</application> references to the older - <application>libc_r</application> since these drivers and - utilities do not work with - <application>libpthread</application>.</para> - </note> - </para> - - <para><application>libpthread</application> now supports - a <varname>LIBPTHREAD_SYSTEM_SCOPE</varname> environment - variable to force 1:1 mode (using system scope threads). Note that - building <application>libpthread</application> with - <option>-DSYSTEM_SCOPE_ONLY</option> flag also forces 1:1 mode, - and that this option is set by default for architectures that do not - support M:N mode yet. - In addition, a <varname>LIBPTHREAD_PROCESS_SCOPE</varname> environment - variable can be used to force M:N mode (using process scope - threads). For example:</para> - - <screen>&prompt.user; <userinput>LIBPTHREAD_SYSTEM_SCOPE=yes <replaceable>threaded_app</replaceable></userinput></screen> - - <para>forces the application <replaceable>threaded_app</replaceable> to use - system scope threads, and</para> - - <screen>&prompt.user; <userinput>LIBPTHREAD_PROCESS_SCOPE=yes <replaceable>threaded_app</replaceable></userinput></screen> - - <para>forces it to use process scope threads, respectively.</para> - - <para>A bug in the <option>-d</option> option of &man.look.1; - has been fixed. Also, &man.look.1; now works correctly in - locales with multibyte characters.</para> - - <para>&man.ls.1; now treat filenames as multibyte character strings - according to the current <varname>LC_CTYPE</varname> - when determining which characters are printable.</para> - - <para>&man.make.1; now supports the new <literal>.warning</literal> - directive.</para> - - <para>&man.make.1; now supports the POSIX-compatible - <literal>+</literal> flag in <filename>Makefile</filename> command lines, - which causes a line to be executed even when <option>-n</option> - is specified. This is useful for calls to submakes, for example.</para> - - <para>&man.make.1; now puts variable assignments from - the command line into the <varname>MAKEFLAGS</varname> - variable as required by POSIX. This causes such variables - to be pushed into all sub-makes called by the &man.make.1; - (except when the <varname>MAKEFLAGS</varname> - variable is explicitly changed in the sub-make's environment). - This makes them also mostly un-overrideable - in sub-makes except on the sub-make's command line.</para> - <para arch="i386">The &man.mkuzip.8;, which is a non-GPL utility to compress file system images for use with <literal>GEOM_UZIP</literal> &man.geom.4; module, has been added.</para> - <para>The &man.nearbyint.3; and - &man.nearbyintf.3; C99 functions - have been implemented.</para> - - <para>The <filename>tgmath.h</filename> C99 header has - been implemented. This provides - type-generic macros for the <filename>math.h</filename> - and <filename>complex.h</filename> functions that have - float, double and long double implementations.</para> - - <para>The GNU extensions of &man.mbsnrtowcs.3; - and &man.wcsnrtombs.3; have been implemented.</para> - - <para>&man.newsyslog.8; now allows the users to set - a debugging option via the <filename>newsyslog.conf</filename> - file.</para> - - <para>&man.newsyslog.8; now uses a new order when processing - files to rotate. It first rotates all files that need - to be rotated, then sends a single signal to each process - which needs to be signaled, and finally compresses - all the files that were rotated.</para> - - <para>A &man.nextwctype.3; function to iterate over all characters - in a particular character class - has been added.</para> - - <para>Initial support for UTF-8 versions of all the currently - supported system locales has been added. This is primarily - for the benefit of the <filename role="package">misc/utf8locale</filename> - port.</para> - - <para>An Israel Hebrew locale <literal>he_IL.UTF-8</literal> - has been added.</para> - - <para>The &man.logins.1; utility has been added to display - information about user and system accounts.</para> - - <para>&man.mountd.8; now supports the <option>-p</option> option, - which allows users to specify a known port for use - in firewall rulesets.</para> - - <para>&man.netstat.1; now displays the multicast group - memberships present in the system.</para> - - <para>&man.newfs.8; and &man.mdmfs.8; now support a - <option>-l</option> flag to enable them to set the MAC - multilabel flag on new file systems without requiring the use of - &man.tunefs.8;.</para> - - <para>&man.nologin.8; now reports login attempts via - &man.syslogd.8;.</para> - - <para>&man.nologin.8; has been moved from <filename>/sbin/nologin</filename> - to <filename>/usr/sbin/nologin</filename>. - <filename>/sbin/nologin</filename> remains as a symbolic link - for backward compatibility.</para> - - <para>A bugfix has been applied to NSS support, which fixes - problems when using third-party NSS modules (such as <filename - role="package">net/nss_ldap</filename>) and groups with large - membership lists.</para> - - <para>&man.od.1; now has POSIX-style support for multibyte - characters.</para> - - <para>&man.patch.1; has been replaced with a BSD-licensed version - from OpenBSD. This includes a <option>--posix</option> option - for strict POSIX conformance.</para> - - <para>The &man.pgrep.1; and &man.pkill.1; commands, which come from NetBSD, - have been added. They also support a <option>-M</option> option - to extract values associated with the name list from the - specified core instead of the default <filename>/dev/kmem</filename>, - and a <option>-N</option> option to extract the name list from - the specified system instead of the default kernel.</para> - - <para>&man.ppp.8; now supports a <quote>set rad_alive - <replaceable>N</replaceable></quote> command - to enable periodic RADIUS accounting information - being sent to the RADIUS server. &merged;</para> - - <para>&man.ppp.8; now supports a - <quote>set pppoe [standard|3Com]</quote> command - to configure the operating mode of an underlying - &man.ng.pppoe.4; Netgraph node.</para> - - <para>&man.ps.1; compatibility with POSIX/SUSv3 has been improved. - The changes include <option>-p</option> for a list of process IDs, - <option>-t</option> for a list of terminal names, - <option>-A</option> which is equivalent to <option>-ax</option>, - <option>-G</option> for a list of group IDs, - <option>-X</option> which is the opposite of <option>-x</option>, - and some minor improvements. For more information, see &man.ps.1;. - &merged;</para> - - <para>&man.ps.1; now supports a <option>-O emul</option> - format option, which prints the name of the system call emulation - environment the process is in.</para> - - <para>&man.pw.8; now supports a <option>-H</option> option, which - accepts an encrypted password on a file descriptor. &merged;</para> - - <para>A bug in &man.rarpd.8; that prevents it from working properly - when a interface has more than one IP address has been fixed. - &merged;</para> - - <para>&man.regex.3; now supports regular expression matching aware - of multibyte characters.</para> - - <para>The configuration files used by the &man.resolver.3; now - support the <literal>timeout:</literal> and - <literal>attempts:</literal> keywords.</para> - - <para>The &man.resolver.3; and associated interfaces are now much - more reentrant and thread-safe. Multiple DNS lookups can now be - run at the same time, showing major improvements in the - performance of some multi-threaded applications. Some - multi-threaded programs need to be recompiled; examples from the - Ports Collection are <filename - role="package">www/mozilla</filename> and variants, <filename - role="package">mail/evolution</filename>, <filename - role="package">devel/gnomevfs</filename>, and <filename - role="package">devel/gnomevfs2</filename>.</para> - - <para>&man.rmdir.1; now supports a <option>-v</option> flag, - which makes it verbose.</para> - - <para>&man.savecore.8; now works correctly for dump files larger - than 2GB.</para> - - <para>A bug in &man.script.1; has been fixed so that it now works - correctly if the standard input is closed. This fix prevents a - potentially dangerous interaction with the <filename - role="package">sysutils/portupgrade</filename> package; if it was - run non-interactively, it could remove all out-of-date - ports without reinstalling them.</para> - - <para>The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon - has been added.</para> - - <para>&man.sed.1; <literal>y</literal> (translate) command - now supports multibyte characters.</para> - - <para>The &man.sha1.1; and &man.rmd160.1; utilities have been added. - Similar to &man.md5.1;, they calculate a message digest of their - inputs. - &merged;</para> - - <para>&man.smbmsg.8;, a small utility to send/receive SMBus messages, - has been added.</para> - - <para arch="sparc64">&man.sunlabel.8; now supports two new flags: - <option>-c</option> to calculate all partition sizes - in cylinders as opposed to sectors, and - <option>-h</option> to print the label in human readable - size/offset format.</para> - - <para>&man.talk.1; now use <hostid>localhost</hostid> - as a default machine name in &man.talkd.8; - request packets, when the destination and source are local. - This makes &man.talk.1; dependent on a valid host entry - for <hostid>localhost</hostid> in <filename>/etc/hosts</filename> - or the DNS.</para> - - <para>&man.tftpd.8; now supports two new options: - a <option>-w</option> option allows new files to be created, - and a <option>-U</option> option allows the umask to be set.</para> - - <para>&man.top.1; now supports to display the current amount - of I/O. This feature can be enabled by hitting <quote>m</quote> - or passing the command line option <option>-m io</option>.</para> - - <para arch="amd64">&man.truss.1; now includes early support - for &os;/amd64.</para> - - <para>Many userland utilities in the base system (mostly GNU - contributed utilities) now use the system version of - &man.getopt.long.3;, rather than the GNU version.</para> - <sect3 id="rc-scripts"> <title><filename>/etc/rc.d</filename> Scripts</title> - <para>The <filename>diskless</filename> script has been - split out into <filename>hostname</filename>, - <filename>resolve</filename>, <filename>tmp</filename>, and - <filename>var</filename> scripts.</para> - - <para>The <filename>gbde_swap</filename> script, which supports - gbde-enabled swap devices has been added. - When the <varname>gbde_swap_enable</varname> variable is specified - in &man.rc.conf.5;, a swap device named - <filename>/dev/<replaceable>foo.bde</replaceable></filename> - in &man.fstab.5; - is automatically attached at boot time with the device - <filename>/dev/<replaceable>foo</replaceable></filename> - and a random key, which - generated by computing the MD5 checksum of 512 bytes read - from <filename>/dev/random</filename>. - Note that this prevents recovery of kernel dumps.</para> - - <para>The <varname>ip6addrctl_enable</varname> and - <varname>ip6addrctl_verbose</varname> have been added. - When <varname>ip6addrctl_enable</varname> is set - to <literal>YES</literal>, - the address selection policy is installed into the kernel. - If there is <filename>/etc/ip6addrctl.conf</filename> - it will be used, otherwise a default policy will be installed. - The default policy is one described in RFC 3484 when - <varname>ipv6_enable</varname> is set to <literal>YES</literal>. - Otherwise, the priority policy for IPv4 address will be used - as a default policy.</para> - - <para>The <filename>mixer</filename> script has been added. - It saves the current settings of all audio mixers present - in the system on shutdown and restores the settings on boot.</para> - - <para>The <filename>named</filename> script has been updated to - support <application>BIND 9</application> in the base system. - The changes include:</para> - - <itemizedlist> - <listitem> - <para>&man.named.8; runs in a &man.chroot.2; directory - <filename>/var/named</filename> by default. - This behavior can be disabled by using the - <varname>named_chrootdir</varname> variable, - and the &man.chroot.2; directory can be changed by using the - <varname>named_chrootdir</varname> variable in - <filename>rc.conf</filename>, respectively.</para> - </listitem> - - <listitem> - <para>When the <varname>named_chroot_autoupdate</varname> - variable is set to <literal>YES</literal> (this is default), - the chroot directory is automatically configured at the boot time. - A symbolic link which points to - <filename>/var/named/etc/namedb</filename> is - created as <filename>/etc/namedb</filename>, - and a symbolic link which points to - <filename>/var/named/var/run/named/pid</filename> is - created as <filename>/var/run/named/pid</filename>. - The latter can be disabled by using the - <varname>named_symlink_enable</varname> variable in - <filename>rc.conf</filename>.</para> - </listitem> - - <listitem> - <para>The <filename>rndc.key</filename> file is - automatically created if it does not exist.</para> - </listitem> - </itemizedlist> - - <para>The <filename>pf</filename> and <filename>pflog</filename> - scripts for &man.pf.4; has been added.</para> + <para></para> </sect3> </sect2> <sect2 id="contrib"> <title>Contributed Software</title> - <para>The <application>ACPI-CA</application> code has been updated - from the 20030619 snapshot to the 20040527 snapshot.</para> - - <para>The <application>AMD (am-utils)</application> has been updated - from version 6.0.9 to version 6.0.10p1.</para> - - <para><application>awk</application> from Bell Labs has been - updated from the 29 July 2003 release to the 7 February 2004 - release.</para> - - <para><application>BIND</application> has been updated - from version 8.3.1-REL to version 9.3.0. &merged;</para> - - <para><application>Binutils</application> have been updated to - a 23 May 2004 snapshot from the FSF 2.15 branch.</para> - - <para><application>CVS</application> has been updated from - version 1.11.15 to version 1.11.17. &merged;</para> - - <para>The <application>FILE</application> has been - updated from version 3.41 to version 4.10.</para> - - <para><application>gdtoa</application> (a library that performs - conversions of numbers between binary and decimal form) has been - updated from version 20030324 to version 20040118.</para> - - <para><application>GDB</application> has been updated to version - 6.1.1.</para> - - <para><application>GNU GCC</application> has been updated from - 3.3.3-prerelease as of 6 November, 2003 to 3.4.2-prerelease as of 28 July, 2004.</para> - - <para><application>GNU grep</application> has been updated from - version 2.4d to version 2.5.1.</para> - - <para><application>less</application> has been updated from - version 371 to version 381.</para> - - <para><application>GNU readline</application> 4.3 has been updated - with official patches 001 through 005.</para> - - <para>The <application>GNU regex</application> library has been - updated to the version included with <application>GNU - grep</application> 2.5.1.</para> - - <para><application>GNU sort</application> has been updated from - textutils 2.1 to a coreutils snapshot as of 12 August, 2004.</para> - - <para>The <application>GNU tar</application> implementation in the - base system is now called <filename>gtar</filename>.</para> - - <para><application>Heimdal Kerberos</application> has been - updated from version 0.6 to version 0.6.1.</para> - - <para>The <application>ISC DHCP</application> client has been - updated from version 3.0.1 RC10 to version 3.0.1.</para> - - <para><application>libpcap</application> has been updated from - version 0.7.1 to version 0.8.3.</para> - - <para><application>lukemftpd</application> - has been updated from a snapshot as of - 3 November, 2003 to one as of 9 August, 2004.</para> - - <para><application>NTP</application> - has been updated from version 4.1.1a to version 4.2.0.</para> - - <para><application>OpenPAM</application> has been updated from the - Dogwood release to the Eelgrass release.</para> - - <para><application>OpenSSH</application> has been updated from - version 3.6.1p1 to version 3.8.1p1. - - <note> - <para>The configuration defaults for &man.sshd.8; have been - changed. SSH protocol version 1 is no longer enabled by - default. In addition, password authentication over SSH is - disabled by default if PAM is enabled.</para> - </note> - </para> - - <para><application>OpenSSL</application> has been updated from - version 0.9.7c to version 0.9.7d. &merged;</para> - - <para><application>OpenSSL</application> VIA C3 Nehemiah - PadLock ACE (Advanced Cryptography Engine) crypto support, - which provides Advanced Encryption Standard (AES) encryption, - has been imported from a prerelease version - of <application>OpenSSL</application>.</para> - - <para><application>pf</application>, OpenBSD's packet filter as of - OpenBSD 3.5-stable, has been imported into &os; source tree and is now installed - by default. Two new users (<username>proxy</username> and - <username>_pflogd</username>) and three new - groups (<username>authpf</username>, <username>proxy</username>, - and <username>_pflogd</username>), - which <application>pf</application> needs, have been added as well.</para> - - <note> - <para>On upgrading from source, these user accounts must be - added in advance. <literal>mergemaster -p</literal> can be - used to assist in creating the proper entries in the - &man.passwd.5; and &man.group.5; files. - The <varname>NO_PF</varname> variable - in <filename>make.conf</filename> can be used to prevent - <application>pf</application> from building.</para> - </note> - - <para>Several userland utilities of OpenBSD's - <application>pf</application> have been imported. - &man.ftp-proxy.8; is an ftp proxy for &man.pf.4;, - &man.pfctl.8; is an equivalent to &man.ipf.8;, - &man.pflogd.8; is a daemon logging packets via <literal>if_pflog</literal> - in &man.pcap.3; format, and - &man.authpf.8; is an authentication shell - to modify &man.pf.4; rulesets.</para> - - <para><application>routed</application> has been updated from - release 2.22 to release 2.27 from rhyolite.com. Note that for - users relying on RIP's MD5 authentication feature, - &man.routed.8; routed is now incompatible with previous versions - of &os;; however it is now compatible with implementations from - Sun, Cisco and other vendors.</para> - - <para><application>sendmail</application> has been updated from - version 8.12.10 to version 8.13.1. &merged;</para> - - <para><application>tcpdump</application> has been updated from - version 3.7.1 to version 3.8.3.</para> - - <para><application>tcsh</application> has been updated from - version 6.11 to version 6.13.00.</para> - - <para>The timezone database has been updated from - <filename>tzdata2003a</filename> to - <filename>tzdata2004a</filename>.</para> - - <para><application>zlib</application> has been updated - from version 1.1.4 to version 1.2.1.</para> + <para></para> </sect2> <sect2 id="ports"> <title>Ports/Packages Collection Infrastructure</title> - <para>Most of startup/shutdown scripts installed by - various ports now use the new &man.rc.8; framework - introduced in &os; 5.<replaceable>X</replaceable>, while some ports still use the - old-style scripts. On startup, the new &man.rc.8; style scripts - are executed first and then the old-style scripts. - On shutdown, exactly the reverse happens.</para> - - <para>The <literal>SIZE</literal> attribute for distfiles, - which can be used for checking file sizes before fetching, - has been added and enabled by default. - <varname>DISABLE_SIZE</varname> is a user control knob - to disable the distfile size checking. This is especially - useful on old &os; versions which did not have &man.fetch.1; - support for this, and for some FTP proxies which always - report incorrect or bogus sizes.</para> - - <para>Two new files have been added to the ports tree to track - note-worthy changes: <filename>ports/CHANGES</filename> lists - major changes to the Ports Collection and its infrastructure. - <filename>ports/UPDATING</filename> describes some potential - pitfalls that can be encountered when updating certain ports, - analogous to <filename>src/UPDATING</filename> for the base - system.</para> - - <para>The version number parsing code has been rewritten in the - system <filename>pkg_*</filename> tools, restoring compatibility - with 4.x and - <filename role="package">sysutils/portupgrade</filename>.</para> - - <para>The package tools can now match packages with relational - operators and csh-style <literal>{...}</literal> - choices. For example:</para> - - <screen>&prompt.root; <userinput>pkg_info -I 'docbook>=3.0'</userinput></screen> - - <para>will list (all) docbook DTDs with at least version 3.0. - Additional command line options have also been added to aid - pattern matching.</para> - - <para>The package tools have improved handling of corrupt package - databases.</para> - - <para>&man.pkg.create.1; now supports a <option>-S</option> - option to make all <literal>@cwd</literal> be prefixed - during package creation.</para> - - <para>&man.pkg.info.1; now supports a <option>-j</option> - option to show the requirements script for each package.</para> + <para></para> </sect2> <sect2 id="releng"> <title>Release Engineering and Integration</title> - <para arch="i386,pc98">The building process for boot floppy images - has been completely overhauled. The most significant change is - that the loader now boots a stock <filename>GENERIC</filename> - kernel split across multiple disks (two at the time of this - writing). This greatly improves installations that begin with a - boot from floppy disk, because they now use exactly the same - kernel (and thus support the same hardware) as CDROM - installations. The stripped-down <filename>MFSROOT</filename> - kernel is no longer needed, and the <filename>mfsroot</filename> - image no longer requires kernel modules. The - <filename>boot.flp</filename> and - <filename>driver.flp</filename> images are also obsolete and no - longer built.</para> - - <para>&os; cryptography support is no longer an optional component - of releases, and the <literal>crypto</literal> release distribution - is now part of <literal>base</literal>. - Note that the <option>-DNOCRYPT</option> build option still - exists for anyone who really wants to build non-cryptographic - binaries. </para> - - <para>The supported release of <application>GNOME</application> - has been updated from version 2.4 to version 2.6.2. - - <note> - <para>If you are using the older <application>GNOME</application> - desktop itself (<filename role="package">x11/gnome2</filename>), simply upgrading it from the &os; Ports Collection - with - &man.portupgrade.1; - (<filename role="package">sysutils/portupgrade</filename>) - will cause serious problems. - If you are a <application>GNOME</application> desktop user, - please read the instructions carefully at - <ulink url="&url.base;/gnome/docs/faq26.html"></ulink>, - and use the <filename>gnome_upgrade.sh</filename> script to - properly upgrade to <application>GNOME</application> 2.6.</para> - - <para>Note that if you are just a casual user of some of the - <application>GNOME</application> libraries, - &man.portupgrade.1; should be sufficient - to update your ports.</para> - </note> - </para> - - <para>The supported release of <application>KDE</application> - has been updated from version 3.1.4 to version 3.3.0.</para> - - <para>The <filename role="package">security/portaudit</filename> utility - has been added to the &os; Ports Collection. This utility will read a database - containing known ports vulnerabilities and report them to the - administrator.</para> - - <para>&os; now uses <application>Xorg</application> instead of - <application>XFree86</application> as the default X Window System. - The supported release is <application>Xorg</application> X11R6.7.0. - Note that <application>XFree86</application> is also available in the &os; - Ports Collection (<filename role="package">x11/XFree86-4</filename>).</para> + <para></para> </sect2> <sect2 id="doc"> @@ -1934,15 +215,7 @@ <sect1 id="upgrade"> <title>Upgrading from previous releases of &os;</title> - <para>Users with existing &os; systems are - <emphasis>highly</emphasis> encouraged to read the <quote>Early - Adopter's Guide to &os; &release.current;</quote>. This document generally has - the filename <filename>EARLY.TXT</filename> on the distribution - media, or any other place that the release notes can be found. It - offers some notes on upgrading, but more importantly, also - discusses some of the relative merits of upgrading to &os; - 5.<replaceable>X</replaceable> versus running &os; - 4.<replaceable>X</replaceable>.</para> + <para></para> <important> <para>Upgrading &os; should, of course, only be attempted after |
