From 140ab1fb5ab072bc026f6cac5880d828d74203a3 Mon Sep 17 00:00:00 2001 From: bmah Date: Sat, 7 Jun 2003 17:38:18 +0000 Subject: Update release documentation version numbers for 5.1-CURRENT. Trim release documentation and errata. While here, put back some conditional text in the errata that was removed during 5.0-RELEASE and never put back. --- release/doc/en_US.ISO8859-1/errata/article.sgml | 246 +----- release/doc/en_US.ISO8859-1/relnotes/article.sgml | 876 +-------------------- .../doc/en_US.ISO8859-1/relnotes/common/new.sgml | 876 +-------------------- release/doc/share/sgml/release.ent | 6 +- 4 files changed, 57 insertions(+), 1947 deletions(-) (limited to 'release/doc') diff --git a/release/doc/en_US.ISO8859-1/errata/article.sgml b/release/doc/en_US.ISO8859-1/errata/article.sgml index 28cf8ff..50afad3 100644 --- a/release/doc/en_US.ISO8859-1/errata/article.sgml +++ b/release/doc/en_US.ISO8859-1/errata/article.sgml @@ -111,242 +111,40 @@ Security Advisories - Remotely exploitable vulnerabilities in - CVS could allow an attacker to - execute arbitrary comands on a CVS server. More details can be - found in security advisory FreeBSD-SA-03:01. +No advisories. +]]> - A timing-based attack on OpenSSL, - could allow a very powerful attacker access to plaintext - under certain circumstances. This problem has been corrected in - &os; &release.current; with an upgrade - to OpenSSL 0.9.7. On supported - security fix branches, this problem has been corrected with the - import of OpenSSL 0.9.6i. See security - advisory FreeBSD-SA-03:02 - for more details. + +]]> - It may be possible to recover the shared secret key used by - the implementation of the syncookies feature. - This reduces its effectiveness in dealing with TCP SYN flood - denial-of-service attacks. Workaround information and fixes are - given in security advisory FreeBSD-SA-03:03. + - Due to buffer overflows in header parsing in sendmail, a remote - attacker can create a specially-crafted message that may cause - &man.sendmail.8; to execute arbitrary code - with the privileges of the user running it, typically - root. More information, including pointers - to patches, can be found in security advisories FreeBSD-SA-03:04 - and FreeBSD-SA-03:07. + + Open Issues - The XDR encoder/decoder does incorrect bounds-checking, - which could allow a remote attacker to cause a - denial-of-service. For bugfix information, see security - advisory FreeBSD-SA-03:05. +No open issues. +]]> - OpenSSL has been found - vulnerable to two recently-disclosed attacks. Information - on workarounds and patches for supported security branches is - contained in security advisory FreeBSD-SA-03:06. + +]]> Late-Breaking News - GEOM - - The &man.geom.4;-based disk partitioning code in the kernel - will not allow an open partition to be overwritten. This - usually prevents the use of disklabel -B to - update the boot blocks on a disk because the - a partition overlaps the space where the boot - blocks are stored. A suggested workaround is to boot from an - alternate disk, a CDROM, or a fixit floppy. - - &man.dump.8; - - When using disk media with sector sizes larger than 512 - bytes (for instance, &man.gbde.4; encrypted disks), the - &man.dump.8; program fails to respect the larger sector size and - cannot dump the partition. One possible workaround is to copy - the entire file system in raw format and dump the copy. It is, - for instance, possible to dump a file system stored in a regular - file: - - &prompt.root; dd if=/dev/ad0s1d.bde of=/junk/ad0.dd bs=1m -&prompt.root; dump 0f - /junk/ad0.dd | ... - - A simpler workaround is to use &man.tar.1; or &man.cpio.1; - to make backup copies. - - &man.mly.4; - - Hangs were reported during &os; 5.0 snapshot - installations when installing to &man.mly.4;-supported RAID - arrays, in hardware configurations that appear to work fine - under &os; 4.7-RELEASE. These problems have been corrected - in &os; &release.current;. - - NETNCP/Netware File System - Support - - NETNCP and nwfs appear to be as-yet unadapted for KSE, and - hence not working. These have been fixed in &os; - &release.current;. - - &man.iir.4; controller - - During installation, the &man.iir.4; controller appears to - probe correctly, but finds no disk devices. - - &man.truss.1; race condition - - &man.truss.1; appears to contain a race condition during the - start-up of debugging, which can result in &man.truss.1; failing - to attach to the process before it exists. The symptom is that - &man.truss.1; reports that it cannot open the &man.procfs.5; - node supporting the process being debugged. A bug also appears - to exist wherein &man.truss.1; will hang if &man.execve.2; - returns ENOENT A further race appears to - exist in which &man.truss.1; will return PIOCWAIT: - Input/output error occasionally on startup. The fix - for this sufficiently changes process execution handling that it - has been deferred until after 5.0. - - Disk Partitioning in Installer - - Some bugs have been reported in &man.sysinstall.8; disk - partitioning. One observed problem on the i386 is that - &man.sysinstall.8; cannot recalculate the free space left on a - disk after changing the type of an FDISK-type partition. - - Stale Documentation - - In some case, documentation (such as the FAQ or Handbook) - has not been updated to take into account &os; &release.prev; - features. Examples of areas where documentation is still - needed include &man.gbde.8; and the new fast - IPsec implementation. - - SMB File System - - Attempting to unmount smbfs shares may fail with - Device busy errors even when the - mount-point is not really busy. A workaround is to keep trying - to unmount the share until it eventually succeeds. This bug has - been fixed in &release.current;. - - Forcefully unmounting (umount -f) smbfs - shares may cause a kernel panic. This bug has been fixed in - &release.current;. - - &man.fstat.2; - - When called on a connected socket file descriptor, - &man.fstat.2; is supposed to return the number of bytes - available to read in the st_size member of - struct stat. However, - st_size is always erroneously reported as - 0 on TCP sockets. This bug has been fixed in - &release.current;. - - Kernel Event Queues - - The &man.kqueue.2; EVFILT_READ filter - erroneously indicates that 0 bytes are - available to be read on TCP sockets, regardless of the number of - bytes that are actually available. The - NOTE_LOWAT flag for - EVFILT_READ is also broken on TCP sockets. - This bug has been fixed in &release.current;. - - POSIX Named Semaphores - - &os; &release.prev; introduced support for POSIX named semaphores - but the implementation contains a critical bug that causes - &man.sem.open.3; to incorrectly handle the opening of the same - semaphore multiple times by the same process, and that causes - &man.sem.close.3; to crash calling programs. This bug has been - fixed in &release.current;. - - /dev/tty - Permissions - - &os; &release.prev; has a minor bug in how the permissions of - /dev/tty are handled. This can be - triggered by logging in as a non-root, - non-tty group user, and using &man.su.1; - to switch to a second non-root, - non-tty group user. &man.ssh.1; will - fail because it cannot open /dev/tty. This - bug has been fixed in &release.current;. - - &man.growfs.8; - - &man.growfs.8; no longer works on &man.vinum.4; volumes (and - presumably, on &man.geom.4; entities) since these subsystems no - longer fake disklabels, but &man.growfs.8; insists on examining - a label. - - IPFW - - &man.ipfw.4; skipto rules do not work - when coupled with the log keyword. - &man.ipfw.4; uid rules also do not work - properly. These bugs - have been fixed in &release.current;. - - Passwords and &man.adduser.8; - - &man.adduser.8; does not correctly handle setting user - passwords containing special shell characters. This problem has - been corrected in &release.current;. - - &man.xl.4; - - The &man.xl.4; driver has a timing bug that may cause a - kernel panic (or other problems) when attempting to configure an - interface. This bug has been fixed in &release.current;. - - ISC DHCP - - ISC DHCP was updated to - 3.0.1rc11. This update was actually a part of &os; - &release.prev;, but was not documented in the release - notes. - - &man.amd.8; - Interoperability - - &release.prev; contains some bugs in its non-blocking RPC - code. The most noticeable side-effect of these bugs was that - &man.amd.8; users were not able to mount volumes from a - &release.prev; server. This bug has been fixed in - &release.current;. - - nsswitch - - The release note documenting the addition of - nsswitch support gave an incorrect - name for the old resolver configuration file. It should have - been listed as /etc/host.conf. - - Mailman +No news. +]]> - Recently the mailing lists were changed from majordomo - to the currently used Mailman list server. More information - about using the new mailing lists can be found by visiting the - FreeBSD - Mailman Info Page. + +]]> + diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index c9a3cc9..8b7bf3d 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -116,188 +116,27 @@ Security Advisories - A remotely exploitable vulnerability in - CVS has been corrected with the - import of version 1.11.5. More details can be found in security - advisory FreeBSD-SA-03:01. - &merged; - - A timing-based attack on OpenSSL, - which could allow a very powerful attacker access to plaintext - under certain circumstances, has been prevented via an upgrade - to OpenSSL 0.9.7. See security - advisory FreeBSD-SA-03:02 - for more details. &merged; - - The security and performance of the - syncookies feature has been improved to decrease - the chance of an attacker being able to spoof connections. - More details are given in security advisory FreeBSD-SA-03:03. &merged; - - Remotely-exploitable buffer overflow vulnerabilities in - sendmail have been fixed by updating - sendmail. For more - details, see security advisory FreeBSD-SA-03:04 - and FreeBSD-SA-03:07. - &merged; - - A bounds-checking bug in the XDR implementation, which could - allow a remote attacker to cause a denial-of-service, has been - fixed. For more details see security advisory FreeBSD-SA-03:05. - &merged; - - Two recently-publicized flaws in - OpenSSL have been corrected. For - more details, see security advisory FreeBSD-SA-03:06. - &merged; + Kernel Changes - Support for the CanBe power management - controller has been added. &merged; - - &man.devfs.5; is now mandatory; the - NODEVFS option has been removed from the set of - possible kernel configuration options. - - An &man.ehci.4; driver has been added; it supports - the USB Enhanced Host Controller Interface used by USB 2.0 - controllers. - - A minor bug in the permissions handling of - /dev/tty has been fixed. As a result, - &man.ssh.1; can now be used after &man.su.1;. - - A bug that caused &man.fstat.2; to return - 0 as the number of bytes available to read - from a TCP socket has been fixed. - - A bug that caused &man.kqueue.2; to report - 0 as the number of bytes available to read - from a TCP socket has been fixed. The - NOTE_LOWAT flag for - EVFILT_READ has been fixed. - - Linux emulation mode now supports IPv6. - - &man.madvise.2; now supports a - MADV_PROTECT behavior, which informs the - virtual memory system that a process is critical and should not - be killed when swap space has been exhausted. The process must - be owned by the superuser. - - The tw driver for TW-523 power line - interfaces (used by X-10 home control products) has been - removed. It is currently non-functional, and would require a - considerable amount of work to make it work under - &release.branch;. The xten and xtend userland control programs - have also been removed. + - A second process scheduler, designed to be a general purpose - scheduler with many SMP benefits, has been added to the scheduler - framework. Exactly one scheduler must be specified in a kernel - configuration. The original scheduler may be selected using - options SCHED_4BSD. The newer - (experimental) scheduler can be selected by using - options SCHED_ULE. - - Device major numbers are now allocated dynamically by - default. This change greatly decreases the need for a static, - centralized table of major number assignments to device drivers - (a few drivers retain their old static major numbers for - compatibility), and also reduces the possibility of running out - of device major numbers. - - A partial lazy switch mechanism for - in-kernel threads has been implemented; it is designed to reduce - the overhead of short context switches (such as for interrupt - handlers) that do not involve another process. This feature can - be enabled with - options LAZY_SWITCH. - Processor/Motherboard Support - SMP kernels now have - rudimentary support for HyperThreading (HTT). The scheduler - treats the logical CPUs as if they were additional physical - CPUs. This can actually cause suboptimal performance in some - cases due to contention for resources. Therefore, logical - CPUs are halted by default at startup. They can be enabled - with the machdep.hlt_logical_cpus sysctl - variable. It is also possible to halt any CPU in the idle - loop with the machdep.hlt_cpus sysctl - variable. The &man.smp.4; manual page has more details. - - - Some other versions of &os;, including early - 5.0-CURRENT snapshots and 4.8-RELEASE, used - options HTT to enable - HyperThreading support at kernel configuration time. This - option is no longer necessary. - - - - - Support for the Physical Address Extensions - (PAE) capability on Intel Pentium Pro and higher processors - has been added. This allows the use of up to 64GB of RAM in a - machine, although the amount of memory usable by any single - process (or the &os; kernel) is unchanged. For more - information, see the &man.pae.4; manual page. Work on this - feature was sponsored by DARPA and Network Associates - Laboratories. - - A new &man.vpd.4; driver has been added to - read hardware information from the Vital Product Data structure - on IBM ThinkPad machines. - + Boot Loader Changes - The alpha boot loader - (boot1) can now be called - boot for consistency with other - platforms. - - The two parts of the boot loader - (boot1 and boot2) - have been combined into a single boot - file, to simplify programs that need to write or otherwise - manipulate the boot loader. - - The PC98 boot loader now has support for - booting from SCSI MO media. &merged; - - The /modules directory (once the - default location for modules on &os; 4.X) is no longer a - part of the default kern.module_path. - Third-party modules should be placed in - /boot/modules. - - - Modules designed for use with &os; 4.X are likely to - panic when loaded into a &os; &release.current; kernel and should be used with extreme caution. - - - - Due to code size limitations, the i386 boot - loader can only load kernels from root file systems that are - 1.5TB or smaller in size. + @@ -306,178 +145,28 @@ Network Interface Support - A new &man.axe.4; network driver has been - added. It provides support for USB Ethernet adapters based on - the ASIX Electronics AX88172 USB 2.0 chipset. - - The cm driver now supports IPX. &merged; - - The &man.rue.4; network driver has been added, - providing support for Ethernet adapters based on the RealTek - RTL8150 USB to Fast Ethernet controller chip. - - The &man.sbsh.4; driver for the Granch SBNI16 - SHDSL modem has been added. &merged; - - A new &man.wlan.4; module provides 802.11 link-layer support. The - &man.wi.4; and &man.an.4; drivers now use this facility. - - A timing bug in the - &man.xl.4; driver, which could cause a kernel panic (or other - problems) when configuring an interface, has been - fixed. + Network Protocols - &man.ipfw.4; skipto rules can once - again be used with the log keyword. - &man.ipfw.4; uid rules are once again - working. - - It is now possible to build the - FAST_IPSEC and INET6 - options into the same kernel. (They still cannot be used - together, however.) - - A bug in TCP NewReno, which caused premature exit from - fast recovery when NewReno was enabled, has been - fixed. &merged; - - TCP now has support for the Limited - Transmit mechanism proposed by RFC 3042. This feature - is intended to improve the effectiveness of TCP loss recovery - in certain circumstances. It is off by default but can be - enabled with the net.inet.tcp.rfc3042 - sysctl variable. More information can be found in - &man.tcp.4;. - - TCP now has support for increased initial congestion - window sizes as described in RFC 3390. This feature can - improve the throughput of short transfers, as well as - high-bandwidth, large propagation-delay connections. It is - off by default but can be enabled with the - net.inet.tcp.rfc3390 sysctl variable. More - information can be found in &man.tcp.4;. - - The IP fragment reassembly code behaves more gracefully - when receiving a large number of packet fragments (it is - designed to be more resistant to fragment-based denial of - service attacks). &merged; - - TCP connections in the TIME_WAIT state - now use a special protocol control block that uses less space - than a full-blown TCP PCB. This allows some of the data - structures and resources used by such a connection to be freed - earlier. - - It is now possible to specify the range of - privileged ports (TCP and UDP ports that - require superuser access to &man.bind.2; to). The range is - now specified with the - net.inet.ip.portrange.reservedlow and - net.inet.ip.portrange.reservedhigh sysctl - variables, defaulting to the traditional UNIX behavior. This - feature is intended to help network servers bind - to traditionally privileged ports without requiring superuser - access. &man.ip.4; has more details. - - Some bugs in the non-blocking RPC code has been fixed. As - a result, &man.amd.8; users are now able to mount volumes from - a &release.current; server. - - Support for XNS networking, which has not worked - correctly for almost seven years, has been removed. + Disks and Storage - The &man.aac.4; driver now runs free of the Giant kernel - lock. This change has given a nearly 20% performance speedup - on an SMP system running multiple I/O intensive loads. - - The &man.ata.4; driver now supports all known SiS - chipsets. (More details can be found in the Hardware - Notes.) - - The &man.ata.4; driver now supports the Promise SATA150 - TX2 and TX4 Serial ATA/150 controllers. - - The &man.ata.4; driver now flushes devices on shutdown. - This change may result in failure messages being printed on - the console for devices that do not support flushing. - - The CAM layer now has support for devices with more than - 232 blocks. (Assuming 512-byte - blocks, this means support for devices larger than 2TB.) - - - For users upgrading across this change, note that all - userland applications that talk to &man.pass.4; or - &man.xpt.4; devices must be recompiled. Examples of such - programs are &man.camcontrol.8; in the base system, - the sysutils/cdrtools - port, and the - multimedia/xmms port. - - - - - A number of changes have been made to the &man.cd.4; - driver. The primary user-visible change is improved - compatibility with ATAPI/USB/Firewire CDROM drives. - - &man.geom.4; is now mandatory; the - NO_GEOM has been removed from the set of - kernel configuration options. - - The &man.iir.4; driver has been updated; this update is - believed to fix problems detecting attached disks during - installation. - - The ips driver, which supports the IBM (now - Adaptec) ServeRAID series, has been added. - - A bug in the &man.mly.4; driver that caused hangs has been - corrected. - - Support has been added for volume labels on UFS and UFS2 - file systems. These labels are strings that can be used to - identify a volume, regardless of what device it appears on. - Labels can be set with the options to - &man.newfs.8; or &man.tunefs.8;. With the - GEOM_VOL module, volumes can be accessed - using their labels under /dev/vol. - - The root file system can now be located on a &man.vinum.4; - volume. More information can be found in the &man.vinum.4; - manual page. - - The wfd and wst drivers, which have been - broken for some time, have been removed. + File Systems - A new DIRECTIO kernel option enables - support for read operations that bypass the buffer cache and - put data directly into a userland buffer. This feature - requires that the O_DIRECT flag is set on - the file descriptor and that both the offset and length for - the read operation are multiples of the physical media sector - size. &merged; - - NETNCP and Netware File System Support (nwfs) are once - again working. - - Bugs that could cause the unmounting of a smbfs share to - fail or cause a kernel panic have been fixed. + @@ -485,15 +174,14 @@ PCCARD Support + Multimedia Support - The atspeaker.ko and - pcspeaker.ko modules for the - &man.speaker.4; device have been renamed - speaker.ko. + + @@ -501,567 +189,35 @@ Userland Changes - &man.adduser.8; now correctly handles setting user passwords - containing special shell characters. - - &man.adduser.8; now supports a option to - set a user's default login group. - - The &man.bsdlabel.8; utility is a replacement for the older - disklabel utility. Like its predecessor, it installs, examines, - or modifies the BSD label on a disk partition, and can install - bootstrap code. Compared to disklabel, a number of obsolete - options and parameters have been retired. A new - option instructs &man.bsdlabel.8; to use the - layout suitable for a specific machine. - - The compat4x - distribution now includes the - libcrypto.so.2, - libgmp.so.3, and - libssl.so.2 libraries from &os; - 4.7-RELEASE. - - &man.chgrp.1 and &man.chown.8 now, when the owner/group is - modified, print the old and new uid/gid if the - option is specified more than once. - - &man.config.8; now implements a nodevice - kernel configuration file directive that cancels the effect of a - device directive. The new - nooption and nomakeoption - directives cancel prior options and - makeoptions directives, respectively. - - The &man.diskinfo.8; utility has been added to show - information about a disk device and optionally to run a naive - performance test. - - The disklabel utility has been replaced by &man.bsdlabel.8;. - On the alpha, i386, and pc98 platforms, disklabel is a link to - &man.bsdlabel.8;. - - &man.dump.8; now supports caching of disk blocks with the - option. This can improve dump performance - at the cost of possibly missing file system updates that occur - between passes. - - &man.dumpfs.8; now supports a flag to - print file system parameters in the form of a &man.newfs.8; - command. - - &man.elfdump.1;, a utility to display information about &man.elf.5; - format executable files, has been added. - - &man.fetch.1; uses the .netrc support - in &man.fetch.3; and also supports a to - specify an alternate .netrc file. - - &man.fetch.3; now has support for - .netrc files (see &man.ftp.1; for more - details). - - &man.ftpd.8; now supports a option to - disable printing any host-specific information, such as the - &man.ftpd.8; version or hostname, in server messages. - &merged; - - &man.ftpd.8; now supports a option to - specify a port on which to listen in daemon mode. The default - data port number is now set to be one less than the control port - number, rather than being hard-coded. &merged; - - &man.ftpd.8; now supports an extended format of the - /etc/ftpchroot file. Please refer - to the &man.ftpchroot.5; manpage, which is now available, - for details. &merged; - - &man.ftpd.8; now supports login directory pathnames - that specify simultaneously a directory for &man.chroot.2; - and that to change to in the chrooted environment. The - /./ separator is used for - this purpose, like in other FTP daemons having this feature. - It may be used in both &man.ftpchroot.5; and &man.passwd.5;. - &merged; - - &man.fwcontrol.8; now supports and - options for receiving and sending DV - streams. &merged; - - The &man.gstat.8; utility has been added to show the disk - activity inside the &man.geom.4; subsystem. - - &man.ipfw.8; now supports enable and - disable commands to control various aspects - of the operation of &man.ipfw.4; (including enabling and - disabling the firewall itself). These provide a more convenient - and visible interface than the existing sysctl - variables. &merged; - - &man.jail.8; now supports a flag to - output an identifier for a newly-created jail. - - The &man.jexec.8; utility has been added to execute a - command inside an existing jail. - - The &man.jls.8; utility has been added to list existing - jails. - - &man.kenv.1; has been moved from - /usr/bin to /bin to - make it available at times during system startup when only the - root file system is mounted. - - &man.killall.1; now supports a option to - kill all processes inside a jail. - - The &man.libgeom.3; library has been added to allow some - userland access to the &man.geom.4; subsystem. - - The mac_portacl MAC policy module has been added. It - provides a simple ACL mechanism to permit users and groups to - bind ports for TCP or UDP, and is intended to be used in - conjunction with the recently-added - net.inet.ip.portrange.reservedhigh sysctl. - - The MAKEDEV script is now unnecessary, due to the mandatory - presence of &man.devfs.5;, and has been removed. - - &man.mergemaster.8; now supports a - option to preserve the contents of files being replaced. - - &man.mixer.8; can now implement relative volume - adjustments. - - The &man.mksnap.ffs.8; program has been added to allow - easier creation of FFS snapshots. It is a - SUID-root executable designed for use by - members of the operator group. - - &man.mount.8; and &man.umount.8; now accept a - option to specify an alternate &man.fstab.5; - file. - - &man.mount.nfs.8; now supports a flag to - avoid doing a &man.connect.2; for UDP mount points. This option - must be used if the server does not reply to requests from the - standard NFS port number 2049 or if it replies to requests using - a different IP address (which can occur if the server is - multi-homed). Setting the - vfs.nfs.nfs_ip_paranoia sysctl to - 0 will make this option the - default. &merged; - - &man.mount.nfs.8; now supports the - and mount options to prevent NFS mounts - from using IPv4 or IPv6 respectively. - - &man.newfs.8; will now create UFS2 file systems by default, - unless UFS1 is specifically requested with the - option. - - &man.newsyslog.8; has a number of new features. Among them: - - - - A W flag forces previously-started - compression jobs for an entry (or group of entries - specified with the G flag) to finish - before beginning a new one. This feature is designed to - prevent system overloads caused by starting several - compression jobs on big files - simultaneously. &merged; - - - - A default rotate action, to be used for - files specified for rotation but not specified in the - configuration file. &merged; - - - - A command-line flag to disable - sending signals to processes when rotating - files. &merged; - - - - A N configuration file flag to - indicate that no process needs to be signaled when - rotating a file. &merged; - - - - A U configuration file flag to - specify that a process group (rather than a single - process) should be signaled when rotating - files. &merged; - - - - - - - &man.nsdispatch.3; is now thread-safe and implements support - for Name Service Switch (NSS) modules. NSS modules may be - statically built into libc or dynamically - loaded via &man.dlopen.3;. They are loaded/initialized at - configuration time (i.e. when &man.nsdispatch.3; is called and - &man.nsswitch.conf.5; is read or re-read). - - A new &man.pam.chroot.8; module has been added, which does a - &man.chroot.2; operation for users into either a predetermined - directory or one derived from their home directory. - - &man.pam.ssh.8; has been rewritten. One side effect of the - rewrite is that it now starts a separate instance of - &man.ssh-agent.1; for each session instead of trying to connect - each session to the agent started by the first session. - - &man.ping.8; now supports a flag to set - the Don't Fragment bit on outgoing packets. - - &man.ping.8; now supports a option to use - ICMP mask request or timestamp request messages instead of ICMP - echo requests. - - &man.ping.8; now supports a flag to set - the Type of Service bits in outgoing packets. - - &man.pw.8; can now add a user whose name ends with a - $ character; this change is intended to help - administration of Samba - services. &merged; - - The format of the /etc/pwd.db and - /etc/spwd.db password databases created by - &man.pwd.mkdb.8; is now byte-order independent. The pre-processed - password databases can now be moved between machines of - different architectures. The format includes version numbers on - entries to ensure compatibility with old binaries. - - A bug in &man.rand.3; that could cause a sequence to remain - stuck at 0 has been fixed. (&man.rand.3; - remains unsuitable for all but trivial uses.) - - &man.rtld.1; now has support for the dynamic mapping of - shared object dependencies. This optional feature is especially - useful when experimenting with different threading libraries. - It is not, however, built by default. More information on - enabling and using this feature can be found in - &man.libmap.conf.5;. - - &man.sem.open.3; now correctly handles multiple opens of the - same semaphore; as a result, &man.sem.close.3; no longer crashes - calling programs. - - The seeding algorithm used by &man.srandom.3; has been - strengthened. - - The sunlabel utility, a program analogous to - &man.bsdlabel.8; that works on Sun disk labels, has been - added. - - &man.sysinstall.8; will now - select UFS2 as the default layout for new file systems unless - specifically requested in the disk labeler. - - - Due to i386 boot loader limitations, the root file system - must be 1.5TB or smaller in size. - - - - - The &man.swapoff.8; command has been added to disable paging - and swapping on a device. A related &man.swapctl.8; command has - been added to provide an interface to &man.swapon.8; and - &man.swapoff.8; similar to other BSDs. - - - The &man.swapoff.8; feature should be considered - experimental. - - - - &man.syslogd.8; now allows multiple hosts or programs to be - named in host or program specifications in &man.syslog.conf.5; - files. - - &man.systat.1; now includes an - display mode that displays the network traffic going through - active interfaces on the system. - - The &man.usbhidaction.1; command has been added; it performs - actions according to its configuration in response to USB HID - controls. - - &man.uudecode.1; and &man.b64decode.1; now support a - flag for decoding raw (or broken) files that - may be missing the initial and possibly final framing - lines. &merged; - - &man.vmstat.8; has re-implemented the - flag, which displays statistics on fork operations. - - &man.xargs.1; now supports a option to - execute multiple copies of the same utility in parallel. - - &man.xargs.1; now supports a flag to - reopen /dev/tty for the child process - before executing the command. This is useful when the child - process is an interactive application. - - The libkse library, - providing POSIX threading support using KSE, is now enabled and - installed by default. - This library currently supports M:N threading. Both process and - system scope threads are supported, as well as getting/setting - the concurrency level. By default, the library sets the - concurrency level to the number of CPUs in the system. Each - concurrency level correlates to a KSE, and all process scope - threads run in these KSEs. Each system scope thread gets its - own KSE in addition to those corresponding to concurrency levels. - libkse is still considered a - work-in-progress, and is not used by default. However, it can - be used as a replacement for the libc_r - thread library, by substituting instead of - when linking programs. - - A 1:1 threading package (where for every pthread in an - application there is one KSE and thread) has been implemented. - Under this model, the kernel handles all thread scheduling - decisions and all signal delivery. This uses some of the common - KSE code, and is a restricted case of the M:N threading work - still in progress. The libthr library - implementing the userland portion of this functionality is a - drop-in replacement for the libc_r library. - Note that libthr is not (at this time) - built by default. - - The historic BSD boot scripts in /etc - have been removed, in favor of the rc.d - system imported from NetBSD - (sometimes referred to as rcNG). All - functionality of the historic system has been preserved. In - particular, files such as /etc/rc.conf - continue to be the recommended means of configuring the system - startup. The rc.d system has been the - default since &os; 5.0-RELEASE, so this change should be largely - transparent for the vast majority of users. Users who have - customized their historic-style startup scripts should be aware - that the following files have been removed from - /etc: - - rc.atm, - rc.devfs, - rc.diskless1, - rc.diskless2, - rc.i386, - rc.alpha, - rc.amd64, - rc.ia64, - rc.sparc64, - rc.isdn, - rc.network, - rc.network6, - rc.pccard, - rc.serial, - rc.syscons, - rc.sysctl. - - &man.mergemaster.8;, when run, will offer to move these files - out of the way for convenience. More details can be found in - &man.rc.subr.8;. + Contributed Software - The ACPI-CA code has been updated - from the 20021118 snapshot to the 20030228 snapshot. - - awk from Bell Labs has been - updated to a 14 March 2003 snapshot. - - BIND has been updated to version - 8.3.4. &merged; - - All of the bzip2 suite of - applications is now installed in the base system (in particular, - bzip2recover is now built and - installed). &merged; - - CVS has been updated to - 1.11.5. &merged; - - The DRM kernel modules have been updated to - a snapshot from the DRI CVS repository, as of 24 April 2003. - The DRM_LINUX kernel option hsa been removed - because the handler is now provided by the Linux compatibility - code. - - FILE has been updated to - 3.41. &merged; - - GCC has been updated to - 3.2.2 (release version). - - - GCC is known to produce - broken code with the option - set. As a workaround to avoid this problem, setting the - CPUTYPE=p4 Makefile variable (for example, in - &man.make.conf.5;) enables GCC's - option instead. This - situation is expected to be resolved when GCC 3.3 is - imported. - - - - The gdtoa library, for - conversions between strings and floating point, has been imported. These sources - were dated 24 March 2003. - - groff (and related utilities) - have been updated from 1.18.1 to 1.19. - - IPFilter has been updated to - 3.4.31. &merged; - - The ISC DHCP client has been - updated to 3.0.1RC11. &merged; - - The ISC DHCP client now includes - the &man.omshell.1; utility and the &man.dhcpctl.3; library for - run-time control of the client. - - Kerberos IV support (in the form - of KTH eBones) has been removed. - Users requiring this functionality can still get it from the - security/krb4 port (or - package). Kerberos IV compatibility mode for Kerberos 5 has - been removed, and the - k5program userland - utilities have been renamed to - kprogram. - - Kerberos 5 is now built by - default in buildworld operations. Setting - MAKE_KERBEROS5 no longer has any effect. - Disabling the base system Kerberos 5 now requires the - NO_KERBEROS Makefile variable to be - set. - - libpcap now has support for - selecting among multiple data link types on an interface. - - lukemftpd (not built or installed - by default) has been updated to a snapshot from 22 January - 2003. - - OpenPAM has been updated from the - Citronella release to the - Dianthus release. - - OpenSSH has been updated to - 3.6.1p1. - - OpenSSL has been updated to - release 0.9.7a. Among other features, this release includes - support for AES and takes advantage of &man.crypto.4; - devices. &merged; - - sendmail has been updated to - version 8.12.9. &merged; - - &man.tcpdump.1; has been updated to version 3.7.2. &merged; - It also now supports a flag to list the data - link types available on an interface and a - option to specify the data link type to use while capturing - packets. - - texinfo has been updated from 4.2 - to 4.5. - - The timezone database has been updated from - tzdata2002d to - tzdata2003a. &merged; + Ports/Packages Collection Infrastructure - The one-line pkg-comment files have - been eliminated from each port skeleton; their contents have - been moved into each port's Makefile. This - change reduces the disk space and inodes used by the ports - tree. &merged; - - When fetching distfiles for building a port, the - FETCH_REGET Makefile - variable can be used to specify the number of times to try - continuing to fetch a distfile if it fails its MD5 checksum. - The port infrastructure also supports re-fetching interrupted - distfiles. - - &man.pkg.create.1; now supports a - option, which allows packages to register a list of other - packages with which they conflict. They will refuse to install - (via &man.pkg.add.1;) if one of the listed packages is already - present. The flag to &man.pkg.add.1; - overrides this conflict-checking. - - &man.pkg.info.1; now honors the BLOCKSIZE - environment variable in its output when the - flag is given. - - &man.pkg.info.1; now implements a - option, which is similar to the - quiet option except that it prefixes the output - with the package name. + Release Engineering and Integration - The supported release of GNOME - has been updated to 2.2.1. &merged; - - The supported release of KDE - has been updated to 3.1.2. &merged; - - There is no longer a separate krb5 - distribution. The Kerberos 5 libraries and utilities have been - incorporated into the crypto - distribution. - - &man.sysinstall.8; once again supports installing individual - components of XFree86. Supporting - changes (not user-visible) generalize the concept of installing - parts of distributions as packages. - - The supported release of XFree86 - has been updated to 4.3.0. &merged; - - Several upgrade mechanisms designed to permit major version - upgrades from &os; 2.X to 3.X and from &os; 3.X to 4.X have been - removed. + Documentation - The following new articles have been added to the - documentation set: FreeBSD From Scratch, - The Roadmap for 5-STABLE. - - A new Danish (da_DK.ISO8859-1) - translation project has been started. + diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index c9a3cc9..8b7bf3d 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -116,188 +116,27 @@ Security Advisories - A remotely exploitable vulnerability in - CVS has been corrected with the - import of version 1.11.5. More details can be found in security - advisory FreeBSD-SA-03:01. - &merged; - - A timing-based attack on OpenSSL, - which could allow a very powerful attacker access to plaintext - under certain circumstances, has been prevented via an upgrade - to OpenSSL 0.9.7. See security - advisory FreeBSD-SA-03:02 - for more details. &merged; - - The security and performance of the - syncookies feature has been improved to decrease - the chance of an attacker being able to spoof connections. - More details are given in security advisory FreeBSD-SA-03:03. &merged; - - Remotely-exploitable buffer overflow vulnerabilities in - sendmail have been fixed by updating - sendmail. For more - details, see security advisory FreeBSD-SA-03:04 - and FreeBSD-SA-03:07. - &merged; - - A bounds-checking bug in the XDR implementation, which could - allow a remote attacker to cause a denial-of-service, has been - fixed. For more details see security advisory FreeBSD-SA-03:05. - &merged; - - Two recently-publicized flaws in - OpenSSL have been corrected. For - more details, see security advisory FreeBSD-SA-03:06. - &merged; + Kernel Changes - Support for the CanBe power management - controller has been added. &merged; - - &man.devfs.5; is now mandatory; the - NODEVFS option has been removed from the set of - possible kernel configuration options. - - An &man.ehci.4; driver has been added; it supports - the USB Enhanced Host Controller Interface used by USB 2.0 - controllers. - - A minor bug in the permissions handling of - /dev/tty has been fixed. As a result, - &man.ssh.1; can now be used after &man.su.1;. - - A bug that caused &man.fstat.2; to return - 0 as the number of bytes available to read - from a TCP socket has been fixed. - - A bug that caused &man.kqueue.2; to report - 0 as the number of bytes available to read - from a TCP socket has been fixed. The - NOTE_LOWAT flag for - EVFILT_READ has been fixed. - - Linux emulation mode now supports IPv6. - - &man.madvise.2; now supports a - MADV_PROTECT behavior, which informs the - virtual memory system that a process is critical and should not - be killed when swap space has been exhausted. The process must - be owned by the superuser. - - The tw driver for TW-523 power line - interfaces (used by X-10 home control products) has been - removed. It is currently non-functional, and would require a - considerable amount of work to make it work under - &release.branch;. The xten and xtend userland control programs - have also been removed. + - A second process scheduler, designed to be a general purpose - scheduler with many SMP benefits, has been added to the scheduler - framework. Exactly one scheduler must be specified in a kernel - configuration. The original scheduler may be selected using - options SCHED_4BSD. The newer - (experimental) scheduler can be selected by using - options SCHED_ULE. - - Device major numbers are now allocated dynamically by - default. This change greatly decreases the need for a static, - centralized table of major number assignments to device drivers - (a few drivers retain their old static major numbers for - compatibility), and also reduces the possibility of running out - of device major numbers. - - A partial lazy switch mechanism for - in-kernel threads has been implemented; it is designed to reduce - the overhead of short context switches (such as for interrupt - handlers) that do not involve another process. This feature can - be enabled with - options LAZY_SWITCH. - Processor/Motherboard Support - SMP kernels now have - rudimentary support for HyperThreading (HTT). The scheduler - treats the logical CPUs as if they were additional physical - CPUs. This can actually cause suboptimal performance in some - cases due to contention for resources. Therefore, logical - CPUs are halted by default at startup. They can be enabled - with the machdep.hlt_logical_cpus sysctl - variable. It is also possible to halt any CPU in the idle - loop with the machdep.hlt_cpus sysctl - variable. The &man.smp.4; manual page has more details. - - - Some other versions of &os;, including early - 5.0-CURRENT snapshots and 4.8-RELEASE, used - options HTT to enable - HyperThreading support at kernel configuration time. This - option is no longer necessary. - - - - - Support for the Physical Address Extensions - (PAE) capability on Intel Pentium Pro and higher processors - has been added. This allows the use of up to 64GB of RAM in a - machine, although the amount of memory usable by any single - process (or the &os; kernel) is unchanged. For more - information, see the &man.pae.4; manual page. Work on this - feature was sponsored by DARPA and Network Associates - Laboratories. - - A new &man.vpd.4; driver has been added to - read hardware information from the Vital Product Data structure - on IBM ThinkPad machines. - + Boot Loader Changes - The alpha boot loader - (boot1) can now be called - boot for consistency with other - platforms. - - The two parts of the boot loader - (boot1 and boot2) - have been combined into a single boot - file, to simplify programs that need to write or otherwise - manipulate the boot loader. - - The PC98 boot loader now has support for - booting from SCSI MO media. &merged; - - The /modules directory (once the - default location for modules on &os; 4.X) is no longer a - part of the default kern.module_path. - Third-party modules should be placed in - /boot/modules. - - - Modules designed for use with &os; 4.X are likely to - panic when loaded into a &os; &release.current; kernel and should be used with extreme caution. - - - - Due to code size limitations, the i386 boot - loader can only load kernels from root file systems that are - 1.5TB or smaller in size. + @@ -306,178 +145,28 @@ Network Interface Support - A new &man.axe.4; network driver has been - added. It provides support for USB Ethernet adapters based on - the ASIX Electronics AX88172 USB 2.0 chipset. - - The cm driver now supports IPX. &merged; - - The &man.rue.4; network driver has been added, - providing support for Ethernet adapters based on the RealTek - RTL8150 USB to Fast Ethernet controller chip. - - The &man.sbsh.4; driver for the Granch SBNI16 - SHDSL modem has been added. &merged; - - A new &man.wlan.4; module provides 802.11 link-layer support. The - &man.wi.4; and &man.an.4; drivers now use this facility. - - A timing bug in the - &man.xl.4; driver, which could cause a kernel panic (or other - problems) when configuring an interface, has been - fixed. + Network Protocols - &man.ipfw.4; skipto rules can once - again be used with the log keyword. - &man.ipfw.4; uid rules are once again - working. - - It is now possible to build the - FAST_IPSEC and INET6 - options into the same kernel. (They still cannot be used - together, however.) - - A bug in TCP NewReno, which caused premature exit from - fast recovery when NewReno was enabled, has been - fixed. &merged; - - TCP now has support for the Limited - Transmit mechanism proposed by RFC 3042. This feature - is intended to improve the effectiveness of TCP loss recovery - in certain circumstances. It is off by default but can be - enabled with the net.inet.tcp.rfc3042 - sysctl variable. More information can be found in - &man.tcp.4;. - - TCP now has support for increased initial congestion - window sizes as described in RFC 3390. This feature can - improve the throughput of short transfers, as well as - high-bandwidth, large propagation-delay connections. It is - off by default but can be enabled with the - net.inet.tcp.rfc3390 sysctl variable. More - information can be found in &man.tcp.4;. - - The IP fragment reassembly code behaves more gracefully - when receiving a large number of packet fragments (it is - designed to be more resistant to fragment-based denial of - service attacks). &merged; - - TCP connections in the TIME_WAIT state - now use a special protocol control block that uses less space - than a full-blown TCP PCB. This allows some of the data - structures and resources used by such a connection to be freed - earlier. - - It is now possible to specify the range of - privileged ports (TCP and UDP ports that - require superuser access to &man.bind.2; to). The range is - now specified with the - net.inet.ip.portrange.reservedlow and - net.inet.ip.portrange.reservedhigh sysctl - variables, defaulting to the traditional UNIX behavior. This - feature is intended to help network servers bind - to traditionally privileged ports without requiring superuser - access. &man.ip.4; has more details. - - Some bugs in the non-blocking RPC code has been fixed. As - a result, &man.amd.8; users are now able to mount volumes from - a &release.current; server. - - Support for XNS networking, which has not worked - correctly for almost seven years, has been removed. + Disks and Storage - The &man.aac.4; driver now runs free of the Giant kernel - lock. This change has given a nearly 20% performance speedup - on an SMP system running multiple I/O intensive loads. - - The &man.ata.4; driver now supports all known SiS - chipsets. (More details can be found in the Hardware - Notes.) - - The &man.ata.4; driver now supports the Promise SATA150 - TX2 and TX4 Serial ATA/150 controllers. - - The &man.ata.4; driver now flushes devices on shutdown. - This change may result in failure messages being printed on - the console for devices that do not support flushing. - - The CAM layer now has support for devices with more than - 232 blocks. (Assuming 512-byte - blocks, this means support for devices larger than 2TB.) - - - For users upgrading across this change, note that all - userland applications that talk to &man.pass.4; or - &man.xpt.4; devices must be recompiled. Examples of such - programs are &man.camcontrol.8; in the base system, - the sysutils/cdrtools - port, and the - multimedia/xmms port. - - - - - A number of changes have been made to the &man.cd.4; - driver. The primary user-visible change is improved - compatibility with ATAPI/USB/Firewire CDROM drives. - - &man.geom.4; is now mandatory; the - NO_GEOM has been removed from the set of - kernel configuration options. - - The &man.iir.4; driver has been updated; this update is - believed to fix problems detecting attached disks during - installation. - - The ips driver, which supports the IBM (now - Adaptec) ServeRAID series, has been added. - - A bug in the &man.mly.4; driver that caused hangs has been - corrected. - - Support has been added for volume labels on UFS and UFS2 - file systems. These labels are strings that can be used to - identify a volume, regardless of what device it appears on. - Labels can be set with the options to - &man.newfs.8; or &man.tunefs.8;. With the - GEOM_VOL module, volumes can be accessed - using their labels under /dev/vol. - - The root file system can now be located on a &man.vinum.4; - volume. More information can be found in the &man.vinum.4; - manual page. - - The wfd and wst drivers, which have been - broken for some time, have been removed. + File Systems - A new DIRECTIO kernel option enables - support for read operations that bypass the buffer cache and - put data directly into a userland buffer. This feature - requires that the O_DIRECT flag is set on - the file descriptor and that both the offset and length for - the read operation are multiples of the physical media sector - size. &merged; - - NETNCP and Netware File System Support (nwfs) are once - again working. - - Bugs that could cause the unmounting of a smbfs share to - fail or cause a kernel panic have been fixed. + @@ -485,15 +174,14 @@ PCCARD Support + Multimedia Support - The atspeaker.ko and - pcspeaker.ko modules for the - &man.speaker.4; device have been renamed - speaker.ko. + + @@ -501,567 +189,35 @@ Userland Changes - &man.adduser.8; now correctly handles setting user passwords - containing special shell characters. - - &man.adduser.8; now supports a option to - set a user's default login group. - - The &man.bsdlabel.8; utility is a replacement for the older - disklabel utility. Like its predecessor, it installs, examines, - or modifies the BSD label on a disk partition, and can install - bootstrap code. Compared to disklabel, a number of obsolete - options and parameters have been retired. A new - option instructs &man.bsdlabel.8; to use the - layout suitable for a specific machine. - - The compat4x - distribution now includes the - libcrypto.so.2, - libgmp.so.3, and - libssl.so.2 libraries from &os; - 4.7-RELEASE. - - &man.chgrp.1 and &man.chown.8 now, when the owner/group is - modified, print the old and new uid/gid if the - option is specified more than once. - - &man.config.8; now implements a nodevice - kernel configuration file directive that cancels the effect of a - device directive. The new - nooption and nomakeoption - directives cancel prior options and - makeoptions directives, respectively. - - The &man.diskinfo.8; utility has been added to show - information about a disk device and optionally to run a naive - performance test. - - The disklabel utility has been replaced by &man.bsdlabel.8;. - On the alpha, i386, and pc98 platforms, disklabel is a link to - &man.bsdlabel.8;. - - &man.dump.8; now supports caching of disk blocks with the - option. This can improve dump performance - at the cost of possibly missing file system updates that occur - between passes. - - &man.dumpfs.8; now supports a flag to - print file system parameters in the form of a &man.newfs.8; - command. - - &man.elfdump.1;, a utility to display information about &man.elf.5; - format executable files, has been added. - - &man.fetch.1; uses the .netrc support - in &man.fetch.3; and also supports a to - specify an alternate .netrc file. - - &man.fetch.3; now has support for - .netrc files (see &man.ftp.1; for more - details). - - &man.ftpd.8; now supports a option to - disable printing any host-specific information, such as the - &man.ftpd.8; version or hostname, in server messages. - &merged; - - &man.ftpd.8; now supports a option to - specify a port on which to listen in daemon mode. The default - data port number is now set to be one less than the control port - number, rather than being hard-coded. &merged; - - &man.ftpd.8; now supports an extended format of the - /etc/ftpchroot file. Please refer - to the &man.ftpchroot.5; manpage, which is now available, - for details. &merged; - - &man.ftpd.8; now supports login directory pathnames - that specify simultaneously a directory for &man.chroot.2; - and that to change to in the chrooted environment. The - /./ separator is used for - this purpose, like in other FTP daemons having this feature. - It may be used in both &man.ftpchroot.5; and &man.passwd.5;. - &merged; - - &man.fwcontrol.8; now supports and - options for receiving and sending DV - streams. &merged; - - The &man.gstat.8; utility has been added to show the disk - activity inside the &man.geom.4; subsystem. - - &man.ipfw.8; now supports enable and - disable commands to control various aspects - of the operation of &man.ipfw.4; (including enabling and - disabling the firewall itself). These provide a more convenient - and visible interface than the existing sysctl - variables. &merged; - - &man.jail.8; now supports a flag to - output an identifier for a newly-created jail. - - The &man.jexec.8; utility has been added to execute a - command inside an existing jail. - - The &man.jls.8; utility has been added to list existing - jails. - - &man.kenv.1; has been moved from - /usr/bin to /bin to - make it available at times during system startup when only the - root file system is mounted. - - &man.killall.1; now supports a option to - kill all processes inside a jail. - - The &man.libgeom.3; library has been added to allow some - userland access to the &man.geom.4; subsystem. - - The mac_portacl MAC policy module has been added. It - provides a simple ACL mechanism to permit users and groups to - bind ports for TCP or UDP, and is intended to be used in - conjunction with the recently-added - net.inet.ip.portrange.reservedhigh sysctl. - - The MAKEDEV script is now unnecessary, due to the mandatory - presence of &man.devfs.5;, and has been removed. - - &man.mergemaster.8; now supports a - option to preserve the contents of files being replaced. - - &man.mixer.8; can now implement relative volume - adjustments. - - The &man.mksnap.ffs.8; program has been added to allow - easier creation of FFS snapshots. It is a - SUID-root executable designed for use by - members of the operator group. - - &man.mount.8; and &man.umount.8; now accept a - option to specify an alternate &man.fstab.5; - file. - - &man.mount.nfs.8; now supports a flag to - avoid doing a &man.connect.2; for UDP mount points. This option - must be used if the server does not reply to requests from the - standard NFS port number 2049 or if it replies to requests using - a different IP address (which can occur if the server is - multi-homed). Setting the - vfs.nfs.nfs_ip_paranoia sysctl to - 0 will make this option the - default. &merged; - - &man.mount.nfs.8; now supports the - and mount options to prevent NFS mounts - from using IPv4 or IPv6 respectively. - - &man.newfs.8; will now create UFS2 file systems by default, - unless UFS1 is specifically requested with the - option. - - &man.newsyslog.8; has a number of new features. Among them: - - - - A W flag forces previously-started - compression jobs for an entry (or group of entries - specified with the G flag) to finish - before beginning a new one. This feature is designed to - prevent system overloads caused by starting several - compression jobs on big files - simultaneously. &merged; - - - - A default rotate action, to be used for - files specified for rotation but not specified in the - configuration file. &merged; - - - - A command-line flag to disable - sending signals to processes when rotating - files. &merged; - - - - A N configuration file flag to - indicate that no process needs to be signaled when - rotating a file. &merged; - - - - A U configuration file flag to - specify that a process group (rather than a single - process) should be signaled when rotating - files. &merged; - - - - - - - &man.nsdispatch.3; is now thread-safe and implements support - for Name Service Switch (NSS) modules. NSS modules may be - statically built into libc or dynamically - loaded via &man.dlopen.3;. They are loaded/initialized at - configuration time (i.e. when &man.nsdispatch.3; is called and - &man.nsswitch.conf.5; is read or re-read). - - A new &man.pam.chroot.8; module has been added, which does a - &man.chroot.2; operation for users into either a predetermined - directory or one derived from their home directory. - - &man.pam.ssh.8; has been rewritten. One side effect of the - rewrite is that it now starts a separate instance of - &man.ssh-agent.1; for each session instead of trying to connect - each session to the agent started by the first session. - - &man.ping.8; now supports a flag to set - the Don't Fragment bit on outgoing packets. - - &man.ping.8; now supports a option to use - ICMP mask request or timestamp request messages instead of ICMP - echo requests. - - &man.ping.8; now supports a flag to set - the Type of Service bits in outgoing packets. - - &man.pw.8; can now add a user whose name ends with a - $ character; this change is intended to help - administration of Samba - services. &merged; - - The format of the /etc/pwd.db and - /etc/spwd.db password databases created by - &man.pwd.mkdb.8; is now byte-order independent. The pre-processed - password databases can now be moved between machines of - different architectures. The format includes version numbers on - entries to ensure compatibility with old binaries. - - A bug in &man.rand.3; that could cause a sequence to remain - stuck at 0 has been fixed. (&man.rand.3; - remains unsuitable for all but trivial uses.) - - &man.rtld.1; now has support for the dynamic mapping of - shared object dependencies. This optional feature is especially - useful when experimenting with different threading libraries. - It is not, however, built by default. More information on - enabling and using this feature can be found in - &man.libmap.conf.5;. - - &man.sem.open.3; now correctly handles multiple opens of the - same semaphore; as a result, &man.sem.close.3; no longer crashes - calling programs. - - The seeding algorithm used by &man.srandom.3; has been - strengthened. - - The sunlabel utility, a program analogous to - &man.bsdlabel.8; that works on Sun disk labels, has been - added. - - &man.sysinstall.8; will now - select UFS2 as the default layout for new file systems unless - specifically requested in the disk labeler. - - - Due to i386 boot loader limitations, the root file system - must be 1.5TB or smaller in size. - - - - - The &man.swapoff.8; command has been added to disable paging - and swapping on a device. A related &man.swapctl.8; command has - been added to provide an interface to &man.swapon.8; and - &man.swapoff.8; similar to other BSDs. - - - The &man.swapoff.8; feature should be considered - experimental. - - - - &man.syslogd.8; now allows multiple hosts or programs to be - named in host or program specifications in &man.syslog.conf.5; - files. - - &man.systat.1; now includes an - display mode that displays the network traffic going through - active interfaces on the system. - - The &man.usbhidaction.1; command has been added; it performs - actions according to its configuration in response to USB HID - controls. - - &man.uudecode.1; and &man.b64decode.1; now support a - flag for decoding raw (or broken) files that - may be missing the initial and possibly final framing - lines. &merged; - - &man.vmstat.8; has re-implemented the - flag, which displays statistics on fork operations. - - &man.xargs.1; now supports a option to - execute multiple copies of the same utility in parallel. - - &man.xargs.1; now supports a flag to - reopen /dev/tty for the child process - before executing the command. This is useful when the child - process is an interactive application. - - The libkse library, - providing POSIX threading support using KSE, is now enabled and - installed by default. - This library currently supports M:N threading. Both process and - system scope threads are supported, as well as getting/setting - the concurrency level. By default, the library sets the - concurrency level to the number of CPUs in the system. Each - concurrency level correlates to a KSE, and all process scope - threads run in these KSEs. Each system scope thread gets its - own KSE in addition to those corresponding to concurrency levels. - libkse is still considered a - work-in-progress, and is not used by default. However, it can - be used as a replacement for the libc_r - thread library, by substituting instead of - when linking programs. - - A 1:1 threading package (where for every pthread in an - application there is one KSE and thread) has been implemented. - Under this model, the kernel handles all thread scheduling - decisions and all signal delivery. This uses some of the common - KSE code, and is a restricted case of the M:N threading work - still in progress. The libthr library - implementing the userland portion of this functionality is a - drop-in replacement for the libc_r library. - Note that libthr is not (at this time) - built by default. - - The historic BSD boot scripts in /etc - have been removed, in favor of the rc.d - system imported from NetBSD - (sometimes referred to as rcNG). All - functionality of the historic system has been preserved. In - particular, files such as /etc/rc.conf - continue to be the recommended means of configuring the system - startup. The rc.d system has been the - default since &os; 5.0-RELEASE, so this change should be largely - transparent for the vast majority of users. Users who have - customized their historic-style startup scripts should be aware - that the following files have been removed from - /etc: - - rc.atm, - rc.devfs, - rc.diskless1, - rc.diskless2, - rc.i386, - rc.alpha, - rc.amd64, - rc.ia64, - rc.sparc64, - rc.isdn, - rc.network, - rc.network6, - rc.pccard, - rc.serial, - rc.syscons, - rc.sysctl. - - &man.mergemaster.8;, when run, will offer to move these files - out of the way for convenience. More details can be found in - &man.rc.subr.8;. + Contributed Software - The ACPI-CA code has been updated - from the 20021118 snapshot to the 20030228 snapshot. - - awk from Bell Labs has been - updated to a 14 March 2003 snapshot. - - BIND has been updated to version - 8.3.4. &merged; - - All of the bzip2 suite of - applications is now installed in the base system (in particular, - bzip2recover is now built and - installed). &merged; - - CVS has been updated to - 1.11.5. &merged; - - The DRM kernel modules have been updated to - a snapshot from the DRI CVS repository, as of 24 April 2003. - The DRM_LINUX kernel option hsa been removed - because the handler is now provided by the Linux compatibility - code. - - FILE has been updated to - 3.41. &merged; - - GCC has been updated to - 3.2.2 (release version). - - - GCC is known to produce - broken code with the option - set. As a workaround to avoid this problem, setting the - CPUTYPE=p4 Makefile variable (for example, in - &man.make.conf.5;) enables GCC's - option instead. This - situation is expected to be resolved when GCC 3.3 is - imported. - - - - The gdtoa library, for - conversions between strings and floating point, has been imported. These sources - were dated 24 March 2003. - - groff (and related utilities) - have been updated from 1.18.1 to 1.19. - - IPFilter has been updated to - 3.4.31. &merged; - - The ISC DHCP client has been - updated to 3.0.1RC11. &merged; - - The ISC DHCP client now includes - the &man.omshell.1; utility and the &man.dhcpctl.3; library for - run-time control of the client. - - Kerberos IV support (in the form - of KTH eBones) has been removed. - Users requiring this functionality can still get it from the - security/krb4 port (or - package). Kerberos IV compatibility mode for Kerberos 5 has - been removed, and the - k5program userland - utilities have been renamed to - kprogram. - - Kerberos 5 is now built by - default in buildworld operations. Setting - MAKE_KERBEROS5 no longer has any effect. - Disabling the base system Kerberos 5 now requires the - NO_KERBEROS Makefile variable to be - set. - - libpcap now has support for - selecting among multiple data link types on an interface. - - lukemftpd (not built or installed - by default) has been updated to a snapshot from 22 January - 2003. - - OpenPAM has been updated from the - Citronella release to the - Dianthus release. - - OpenSSH has been updated to - 3.6.1p1. - - OpenSSL has been updated to - release 0.9.7a. Among other features, this release includes - support for AES and takes advantage of &man.crypto.4; - devices. &merged; - - sendmail has been updated to - version 8.12.9. &merged; - - &man.tcpdump.1; has been updated to version 3.7.2. &merged; - It also now supports a flag to list the data - link types available on an interface and a - option to specify the data link type to use while capturing - packets. - - texinfo has been updated from 4.2 - to 4.5. - - The timezone database has been updated from - tzdata2002d to - tzdata2003a. &merged; + Ports/Packages Collection Infrastructure - The one-line pkg-comment files have - been eliminated from each port skeleton; their contents have - been moved into each port's Makefile. This - change reduces the disk space and inodes used by the ports - tree. &merged; - - When fetching distfiles for building a port, the - FETCH_REGET Makefile - variable can be used to specify the number of times to try - continuing to fetch a distfile if it fails its MD5 checksum. - The port infrastructure also supports re-fetching interrupted - distfiles. - - &man.pkg.create.1; now supports a - option, which allows packages to register a list of other - packages with which they conflict. They will refuse to install - (via &man.pkg.add.1;) if one of the listed packages is already - present. The flag to &man.pkg.add.1; - overrides this conflict-checking. - - &man.pkg.info.1; now honors the BLOCKSIZE - environment variable in its output when the - flag is given. - - &man.pkg.info.1; now implements a - option, which is similar to the - quiet option except that it prefixes the output - with the package name. + Release Engineering and Integration - The supported release of GNOME - has been updated to 2.2.1. &merged; - - The supported release of KDE - has been updated to 3.1.2. &merged; - - There is no longer a separate krb5 - distribution. The Kerberos 5 libraries and utilities have been - incorporated into the crypto - distribution. - - &man.sysinstall.8; once again supports installing individual - components of XFree86. Supporting - changes (not user-visible) generalize the concept of installing - parts of distributions as packages. - - The supported release of XFree86 - has been updated to 4.3.0. &merged; - - Several upgrade mechanisms designed to permit major version - upgrades from &os; 2.X to 3.X and from &os; 3.X to 4.X have been - removed. + Documentation - The following new articles have been added to the - documentation set: FreeBSD From Scratch, - The Roadmap for 5-STABLE. - - A new Danish (da_DK.ISO8859-1) - translation project has been started. + diff --git a/release/doc/share/sgml/release.ent b/release/doc/share/sgml/release.ent index cdc749b..9633cfc 100644 --- a/release/doc/share/sgml/release.ent +++ b/release/doc/share/sgml/release.ent @@ -6,12 +6,12 @@ - + - + - + -- cgit v1.1