From 31b14305721bc7628636caa27ddcfe8e3858db38 Mon Sep 17 00:00:00 2001 From: hrs Date: Fri, 15 Jul 2005 15:15:20 +0000 Subject: Trim the old relnotes items. --- release/doc/en_US.ISO8859-1/relnotes/article.sgml | 1479 +------------------- .../doc/en_US.ISO8859-1/relnotes/common/new.sgml | 1479 +------------------- 2 files changed, 32 insertions(+), 2926 deletions(-) (limited to 'release') diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index 89b9a18..a6e787e 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -113,322 +113,18 @@ Security Advisories - A bug in the &man.fetch.1; utility, which allows - a malicious HTTP server to cause arbitrary portions of the client's - memory to be overwritten, has been fixed. - For more information, see security advisory - FreeBSD-SA-04:16.fetch. - &merged; - - A bug in &man.procfs.5; and &man.linprocfs.5; - which could allow a malicious local user to read parts of kernel - memory or perform a local - denial of service attack by causing a system panic, - has been fixed. - For more information, see security advisory - FreeBSD-SA-04:17.procfs. - &merged; - - Two buffer overflows in the TELNET client program have been - corrected. They could have allowed a malicious TELNET server or - an active network attacker to cause &man.telnet.1; to execute - arbitrary code with the privileges of the user running it. - More information can be found in security advisory - FreeBSD-SA-05:01.telnet. - &merged; - - An information disclosure vulnerability in the - &man.sendfile.2; system call, which could permit it to transmit - random parts of kernel memory, has been fixed. More details are - in security advisory - FreeBSD-SA-05:02.sendfile. - &merged; - - A possible privilege escalation vulnerability on &os;/amd64 - has been fixed. This allows unprivileged users to gain direct - access to some hardware which cannot be accessed - without the elevated privilege level. More details are in security advisory - FreeBSD-SA-05:03.amd64. - &merged; - - An information leak vulnerability in the - SIOCGIFCONF &man.ioctl.2;, which leaked 12 - bytes of kernel memory, has been fixed. More details are in security advisory - FreeBSD-SA-05:04.ifconf. - &merged; - - Several programming errors in &man.cvs.1;, which could - potentially cause arbitrary code to be executed on CVS servers, - have been corrected. Further information can be found in - security advisory - FreeBSD-SA-05:05.cvs. - &merged; - - An error in the default permissions on the /dev/iir device node, which - allowed unprivileged local users can send commands to the - hardware supported by the &man.iir.4; driver, has been fixed. - For more information, see security advisory - FreeBSD-SA-05:06.iir. - &merged; - - A bug in the validation of &man.i386.get.ldt.2; system call - input arguments, which may allow kernel memory to be disclosed - to a user process, has been fixed. For more information, see - security advisory - FreeBSD-SA-05:07.ldt. - &merged; - - Several information disclosure vulnerabilities in various - parts of the kernel have been fixed. For more information, see - security advisory - FreeBSD-SA-05:08.kmem. - &merged; - - Because of an information disclosure vulnerability on - processors using Hyper-Threading Technology (HTT), the - machdep.hyperthreading_allowed sysctl - variable has been added. It defaults to 1 - (HTT enabled) on &os; CURRENT, and 0 (HTT - disabled) on the 4-STABLE and 5-STABLE development branches and - supported security fix branches. More information can be found - in security advisory - FreeBSD-SA-05:09.htt. - &merged; - - A bug in the &man.tcpdump.1; utility which allows - a malicious remote user to cause a denial-of-service - by using specially crafted packets, has been fixed. - For more information, see security advisory - FreeBSD-SA-05:10.tcpdump. - &merged; - - Two problems in the &man.gzip.1; utility have been fixed. - These may allow a local user to modify permissions - of arbitrary files and overwrite arbitrary local - files when uncompressing a file. - For more information, see security advisory - FreeBSD-SA-05:11.gzip. - &merged; - - A bug in BIND 9 DNSSEC has been fixed. - When DNSSEC is enabled, this bug may allow a remote attacker to inject - a specially crafted packet which will cause &man.named.8; to terminate. - For more information, see security advisory - FreeBSD-SA-05:12.bind9. - &merged; - - A bug has been fixed in &man.ipfw.4; that could cause - packets to be matched incorrectly against a lookup table. This - bug only affects SMP machines or UP machines that have the - PREEMPTION kernel option enabled. More - information is contained in security advisory - FreeBSD-SA-05:13.ipfw. - &merged; - - Two security-related problems have been fixed in - &man.bzip2.1;. These include a potential denial of service and - unauthorized manipulation of file permissions. For more - information, see security advisory - FreeBSD-SA-05:14.bzip2. - &merged; - - Two problems in &os;'s TCP stack have been fixed. They - could allow attackers to stall existing TCP connections, - creating a denial-of-service situation. More information is - contained in security advisory - FreeBSD-SA-05:15.tcp. - &merged; - + Kernel Changes - Support for 80386 processors (the - I386_CPU kernel configuration option) has - been removed. Users running this class of CPU should use &os; - 5.X or earlier. - - The kernel debugger &man.ddb.4; now supports a - show alllocks command, which dumps a list of processes - and threads currently holding sleep mutexes (and spin mutexes for - the current thread). &merged; - - The kernel crash dump format has been changed to - ELF to support large memory (more than 4GB) environment. - - The &man.ichsmb.4; driver is now available as a loadable - kernel module. - - The &man.jail.8; feature now supports a new sysctl - security.jail.chflags_allowed, which controls the - behavior of &man.chflags.1; within a jail. - If set to 0 (the default), then a jailed root user is - treated as an unprivileged user; if set to 1, then - a jailed root user is treated the same as an unjailed root user. &merged; - - A sysctl security.jail.getfsstatroot_only has been - renamed to security.jail.enforce_statfs and - now supports the following policies: - - - - - - - - Value - Policy - - - - - - 0 - Show all mount-points without any restrictions. - - - - 1 - Show only mount-points below jail's chroot and show only part of the - mount-point's path (for example, if the jail's chroot directory is - /jails/foo and - mount-point is - /jails/foo/usr/home, - only /usr/home will be shown). - - - - 2 - Show only mount-point where jail's chroot directory is placed. - - - - - - The loader tunable debug.mpsafevm - has been enabled by default. &merged; - - &man.memguard.9;, a kernel memory allocator designed to help detect - tamper-after-free scenarios, has been added. - This must be explicitly enabled via options - DEBUG_MEMGUARD, plus small kernel modifications. It - is generally intended for use by kernel developers. - - struct ifnet and network interface API - have been changed. Due to ABI incompatibility, all drivers - not in the &os; base system need to be updated to use - the new API and recompiled. - - A number of bugs have been fixed in the ULE - scheduler. &merged; - - Fine-grained locking to allow much of the VFS stack to run - without the Giant lock has been added. This is enabled by default - on the alpha, amd64, and i386 architectures, and can be disabled - by setting the loader tunable (and sysctl variable) - debug.mpsafevfs to - 0. - - A bug in Inter-Processor Interrupt (IPI) - handling, which could cause SMP systems to crash under heavy - load, has been fixed. More details are contained in errata note - FreeBSD-EN-05:03.ipi. - &merged; - - System V IPC objects (message queues, semaphores, and shared - memory) now have support for Mandatory Access Control policies, - notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and - &man.mac.test.4;. - - Memory allocation for legacy PCI bridges has - been limited to the top 32MB of RAM. Many older, legacy bridges - only allow allocation from this range. This change only applies - to devices which do not have their memory assigned by the BIOS. - This change fixes the bad Vcc error of CardBus - bridges (&man.pccbb.4;). &merged; - - The &man.sysctl.3; MIBs beginning with debug - now require the kernel option options SYSCTL_DEBUG. - This option is disabled by default. - - The generic &man.tty.4; driver interface has been added - and many device drivers including - &man.cx.4; ({tty,cua}x), - &man.cy.4; ({tty,cua}c), - &man.digi.4; ({tty,cua}D), - &man.rc.4; ({tty,cua}m), - &man.rp.4; ({tty,cua}R), - &man.sab.4; ({tty,cua}z), - &man.si.4; ({tty,cua}A), - &man.sio.4; ({tty,cua}d), - sx ({tty,cua}G), - &man.uart.4; ({tty,cua}u), - &man.ubser.4; ({tty,cua}y), - &man.ucom.4; ({tty,cua}U), and - &man.ucycom.4; ({tty,cua}y) - have been rewritten to use it. Note that /etc/remote - and /etc/ttys have been updated as well. - - The &man.vkbd.4; driver has been added. This driver - provides a software loopback mechanism that can implement - a virtual AT keyboard similar to what the &man.pty.4; driver - does for terminals. - - - - &os; always uses the local APIC timer - even on uni-processor systems now. - - The default HZ - parameter (which controls various kernel timers) has been - increased from 100 to 1000 - on the i386 and ia64. It has been reduced from - 1024 to 1000 on the amd64 - to reduce synchronization effects with other system - clocks. - - The maximum length of shell commands has changed from 128 - bytes to PAGE_SIZE. By default, this value - is either 4KB (i386, pc98, amd64, and powerpc) or 8KB (sparc64 - and ia64). As a result, compatibility modules need to be - rebuilt to stay synchronized with data structure changes in the - kernel. - - A new tunable vm.blacklist has been added. - This can hold a space or comma separated list of physical addresses. - The pages containing these physical addresses will - not be added to the free list and thus will effectively - be ignored by the &os; VM system. The physical addresses - of any ignored pages are listed in the message buffer as well. + Boot Loader Changes - A serial console-capable version of - boot0 has been added. It can be written - to a disk using &man.boot0cfg.8; and specifying - /boot/boot0sio as the argument to the - option. - - cdboot now works around a - BIOS problem observed on some systems when booting from USB - CDROM drives. - - The autoboot loader command - now supports the prompt parameter. - - The autoboot loader command will now prevent the user - from interrupting the boot process at all if the - autoboot_delay variable is set to - -1. &merged; - - A loader menu option to set hint.atkbd.0.flags=0x1 - has been added. This setting allows USB keyboards to work - if no PS/2 keyboard is attached. - - The beastie boot menu has been disabled by default. + @@ -437,1228 +133,85 @@ Hardware Support - The &man.acpi.4; driver now turns - the ACPI and PCI devices off or to a lower power state - when suspending, and back on again when resuming. - This behavior can be disabled by - setting the debug.acpi.do_powerstate and - hw.pci.do_powerstate sysctls to 0. - - The &man.acpi.ibm.4; driver for IBM laptops - has been added. It provides support for the various - hotkeys and reading fan status and thermal - sensors. - - The &man.acpi.fujitsu.4; driver for handling - &man.acpi.4;-controlled buttons Fujitsu laptops has been added. - - The acpi_sony driver, - which supports the Sony Notebook Controller on various - Sony laptops has been added. - - The &man.atkbdc.4;, &man.atkbd.4;, and &man.psm.4; - drivers have been rewritten in more bus-independent way, - and now support the EBus found on the sparc64 platform. - - The following device drivers have been - added and enabled by default in the - GENERIC kernel: - &man.atkbdc.4;, - &man.atkbd.4;, - creator(4), - machfb(4), - &man.syscons.4;, - &man.ohci.4;, - &man.psm.4;, - &man.ukbd.4;, - &man.ums.4;, - and &man.usb.4;. - - The &man.auxio.4; driver has been added; it supports - some auxiliary I/O functions found on various SBus/EBus - &ultrasparc; models. &merged; - - The clkbrd driver has been added to support - the clock-board device frequently found on - Sun Exx00 servers. - - A framework for flexible processor speed control has been - added. It provides methods for various drivers to control CPU - power utilization by adjusting the processor speed. More - details can be found in the &man.cpufreq.4; manual page. &merged; - Currently supported drivers include ichss (Intel SpeedStep for ICH), - acpi_perf (ACPI CPU performance states), and acpi_throttle - (ACPI CPU throttling). The latter two drivers are contained - in the &man.acpi.4; driver. These can individually be disabled by setting device - hints such as hint.ichss.0.disabled="1". - - The &man.hwpmc.4; hardware performance - monitoring counter driver has been added. - This driver virtualizes the hardware performance monitoring - facilities in modern CPUs and provides support for using - these facilities from user level processes. For more details, - see manual pages of &man.hwpmc.4;, associated libraries, - and associated userland utilities. - - Support for the OLDCARD subsystem has - been removed. The NEWCARD system is now used for all PCCARD - device support. - - The pcii driver has been added to support GPIB-PCIIA IEEE-488 - cards. &merged; - - The &man.atkbd.4; driver now supports a 0x8 - (bit 3) flag to disable testing the keyboard port during - the device probe as this can cause hangs on some machines, - specifically Compaq R3000Z series amd64 laptops. - - The &man.pbio.4; driver, - which supports direct access to - the Intel 8255A programmable peripheral interface (PPI) - chip running in mode 0 (simple I/O) has been added. - - The &man.psm.4; driver now has improved support for - Synaptics Touchpad users. It now has better tracking of - slow-speed movement and support for various extra - buttons and dials. These features can be tuned with the - hw.psm.synaptics.* - hierarchy of sysctl variables. - - The rtc driver has been added to support - the MC146818-compatible clock found on some &ultrasparc; II - and III models. &merged; - - The &man.syscons.4; driver now supports VESA - (15, 16, 24, and 32 bit) modes. To enable this feature, two - kernel options SC_PIXEL_MODE and - VESA (or corresponding kernel module) - are needed. - - The &man.uart.4; driver is now enabled in - the GENERIC kernel, and is now the - default driver for serial ports. The &man.ofw.console.4; and - &man.sab.4; drivers are now disabled in the - GENERIC kernel. &merged; - - The &man.uftdi.4; driver now supports the FTDI FT2232C - chip. - - The &man.uplcom.4; driver now supports handling of the - CTS signal. - - The &man.ehci.4; driver has been improved. - - The zs driver has been removed - in favor of the &man.uart.4; driver. + Multimedia Support - The &man.snd.audiocs.4; driver has been - added to support the Crystal Semiconductor CS4231 audio - controller found on &ultrasparc; - workstations. &merged; - - The &man.snd.csa.4; driver now supports - suspend and resume operation. - - The &man.uaudio.4; driver now has some added - functionality, including volume control on more inputs and - recording capability on some devices. &merged; - + Network Interface Support - The &man.ath.4; driver has been updated to split the - transmit rate control algorithm into a separate module. - One of device ath_rate_onoe, - device ath_rate_amrr, or - device ath_rate_sample must be included in - the kernel configuration when using the &man.ath.4; - driver. - - The &man.bge.4; driver now supports the &man.altq.4; - framework, as well as the BCM5714, 5721, 5750, 5751, 5751M and 5789 - chips. &merged; - - The &man.cdce.4; USB Communication Device Class Ethernet - driver has been added. &merged; - - The &man.cp.4; driver is now MPSAFE. &merged; - - The &man.ctau.4; driver is now MPSAFE. &merged; - - The &man.cx.4; driver is now MPSAFE. &merged; - - The &man.dc.4; driver now supports the &man.altq.4; - framework. &merged; - - The &man.ed.4; driver now supports the &man.altq.4; - framework. &merged; - - In the &man.em.4; driver, hardware support for VLAN - tagging is now disabled by default due to some interactions - between this feature and promiscuous mode. &merged; - - Ethernet flow control is now disabled by default in the - &man.fxp.4; driver, to prevent problems on a subnet when a system panics - or is left in the kernel debugger. &merged; - - The gx(4) driver has been removed because - it is no longer maintained actively and - the &man.em.4; driver supports all of the supported hardware. - - The &man.hme.4; driver is now MPSAFE. &merged; - - The &man.ipw.4; (for Intel PRO/Wireless 2100), - &man.iwi.4; (for Intel PRO/Wireless 2200BG/2225BG/2915ABG), - &man.ral.4; (for Ralink Technology RT2500), - and &man.ural.4; (for Ralink Technology RT2500USB) - drivers have been added. - - The &man.ixgb.4; driver is now MPSAFE. &merged; - - The musycc driver, for the LanMedia LMC1504 T1/E1 - network interface card, has been removed due to - disuse. - - Drivers using the &man.ndis.4; device - driver wrapper mechanism are now built and loaded - differently. The &man.ndis.4; driver can now be pre-built - as module or statically compiled into a kernel. Individual - drivers can now be built with the &man.ndisgen.8; utility; - the result is a kernel module that can be loaded into a - running kernel using &man.kldload.8;. &merged; - - The &man.ndis.4; device driver wrapper now - supports &windows;/x86-64 binaries on amd64 - systems. &merged; - - The &man.nve.4; driver, which supports the - nVidia nForce MCP Networking Adapter, has been added. - - The &man.re.4; driver now supports the &man.altq.4; - framework. &merged; - - The &man.sf.4; driver now has support for device polling - and &man.altq.4;. &merged; - - Several programming errors in the &man.sk.4; driver have - been corrected. These bugs were particular to SMP systems, and - could cause panics, page faults, aborted SSH connections, or - corrupted file transfers. More details can be found in - errata note - FreeBSD-EN-05:02.sk. - &merged; - - The &man.sk.4; driver now has support for &man.altq.4;. - This driver also now supports jumbo frames on Yukon-based - interfaces. &merged; - - The &man.ste.4; driver now has support for &man.altq.4;. - - The &man.vge.4; driver now has support for device polling - (&man.polling.4;). - - Support for 802.11 devices in the &man.wlan.4; framework has been - greatly overhauled. In addition to architectural changes, - it includes completed 802.11g, WPA, 802.11i, 802.1x, - WME/WMM, AP-side power-saving, and plugin frameworks for - cryptography modules, authenticators, and access control. - Note in particular that WEP now requires the - wlan_wep module to be loaded (or - compiled) into the kernel. - - The &man.xl.4; driver now supports - &man.polling.4;. &merged; - + Network Protocols - The MTU feedback in IPv6 has been disabled when the sender writes - data that must be fragmented. &merged; - - The Common Address Redundancy Protocol (CARP) has - been implemented. CARP comes from OpenBSD and allows - multiple hosts to share an IP address, providing - high availability and load balancing. - For more information, see the &man.carp.4; manual page. &merged; - - The &man.if.bridge.4; network bridging implementation, - originally from NetBSD, has been added. It supports the IEEE - 802.1D Spanning Tree Protocol, individual interface devices - for each bridge, and filtering of bridged packets. - The &man.ifconfig.8; utility now supports to configure - &man.if.bridge.4;. - - The &man.ipfw.4; IPDIVERT option is now - available as a kernel loadable module. - If this module is not loaded, &man.ipfw.4; will refuse to - install divert rules and &man.natd.8; - will return the error message protocol not supported. - - The &man.ipfw.4; system can work with - debug.mpsafenet=1 - (this tunable is 1 by default) - when the gid, jail, - and/or uid rule options are used. &merged; - - The &man.ipfw.4; and &man.dummynet.4; systems now - support IPv6. - - &man.ipfw.8; now supports classification and tagging - of &man.altq.4; packets via a divert socket. It is also - possible to specify rules that match TCP packets with specific - payload sizes. - - The &man.ipfw.8; ipfw fwd rule now supports - the full packet destination manipulation when the kernel option - options IPFIREWALL_FORWARD_EXTENDED is specified - in addition to options IPFIRWALL_FORWARD. - This kernel option disables all restrictions to ensure proper - behavior for locally generated packets and allows redirection of - packets destined to locally configured IP addresses. - Note that &man.ipfw.8; rules have to be carefully crafted to - make sure that things like PMTU discovery do not break. &merged; - - The &man.ipfw.8; system now supports IPv4 only rules. - - &man.ipnat.8; now allows redirect rules to - work for non-TCP/UDP packets. &merged; - - Ongoing work is reducing the use of the Giant lock by the - network protocol stack and improving the locking - strategies. - - The libalias library can now be built - as a kernel module. - - The link state change notifications of network interfaces - are sent to /dev/devctl now. - - A new &man.ng.ipfw.4; NetGraph node provides - a simple interface between the &man.ipfw.4; and &man.netgraph.4; - facilities. - - A new &man.ng.nat.4; NetGraph node has been added to - perform NAT functions. - - A new &man.ng.netflow.4; NetGraph node allows a router - running &os; to do NetFlow version 5 exports. &merged; - - A new &man.ng.tcpmss.4; NetGraph node has been added. - This supports altering MSS options of TCP packets. - - The &man.sppp.4; driver now includes Frame Relay - support. &merged; - - The &man.sppp.4; driver is now MPSAFE. - - The &os; routing table now requires gateways for routes - to be of the same address family as the route itself. - The &man.route.8; utility now rejects a combination of different - address families. For example: - - &prompt.root; route add 10.1.1.1 -inet6 fe80::1%fxp0 - - The new sysctl net.link.tap.user_open - has been implemented. This allows unprivileged access to - &man.tap.4; device nodes based on file system permissions. - - A bug in TCP that sometimes caused RST packets to - be ignored if the receive window was zero bytes has been - fixed. &merged; - - The RST - handling of the &os; TCP stack has been improved - to make reset attacks as difficult as possible while - maintaining compatibility with the widest range of TCP stacks. - The algorithm is as follows: For connections in the - ESTABLISHED - state, only resets with sequence numbers exactly matching - last_ack_sent will cause a reset; - all other segments will - be silently dropped. For connections in all other states, - a reset anywhere in the window will cause the connection - to be reset. All other segments will be silently dropped. - Note that this behavior technically violates the RFC 793 specification; - the conventional (but less secure) behavior can be restored - by setting a new sysctl net.inet.tcp.insecure_rst - to 1. &merged; - - Several bugs in the TCP SACK implementation have been - fixed. &merged; - - RFC 1644 T/TCP support has been removed. This is because - the design is based on a weak security model that can easily - permit denial-of-service attacks. This TCP - extension has been considered a defective one in - a recent Internet Draft. - - The KAME IPv4 IPsec implementation integrated - in &os; now supports TCP-MD5. &merged; - - Random ephemeral port number allocation has led to some - problems with port reuse at high connection rates. This - feature is now disabled during periods of high connection - rates; whenever new connections are created faster than - net.inet.ip.portrange.randomcps per second, - port number randomization is disabled for the next - net.inet.ip.portrange.randomtime - seconds. The default values for these two sysctl variables - are 10 and 45, - respectively. &merged; - - Fine-grained locking has been applied to many of the data - structures in the IPX/SPX protocol stack. While not fully - MPSAFE at this point, it is generally safe to use IPX/SPX - without the Giant lock (in other words, the - debug.mpsafenet sysctl variable may be set - to 1). - - Unix domain sockets now support the - LOCAL_CREDS and - LOCAL_CONNWAIT options. - The LOCAL_CREDS option provides - a mechanism for the receiver to receive the credentials - of the process as a &man.recvmsg.2; control message. - The LOCAL_CONNWAIT - option causes the &man.connect.2; function to block - until &man.accept.2; has been called on the listening socket. - For more details, see the &man.unix.4; manual page. + Disks and Storage - The &man.amr.4; driver is now safe for use on systems - using &man.pae.4;. &merged; - - The &man.arcmsr.4; driver has been added. - It supports the Areca ARC-11xx and - ARC-12xx series of SATA RAID - controllers. &merged; - - The &man.ata.4; family of drivers has been overhauled and - updated. It has been split into modules that can be loaded - and unloaded independently (the atapci - and ata modules are prerequesites for the - device subdrivers, which are atadisk, - atapicd, atapifd, - atapist, and - ataraid). On supported SATA controllers, - devices can be hot inserted/removed. ATA RAID support has - been rewritten and supports a number of new metadata formats. - The atapicd driver no longer supports CD - changers. This update has been referred to as ATA - mkIII. - - The SHSEC GEOM class has been added. It provides for the - sharing of a secret between multiple GEOM providers. All of - these providers must be present in order to reveal the - secret. This feature is controlled by the &man.gshsec.8; - utility. &merged; - - The &man.hptmv.4; driver, which supports the HighPoint - RocketRAID 182x series, has been added. &merged; - - The &man.ips.4; driver now support kernel crash dumps - on some modern ServeRAID models. &merged; - - The &man.matcd.4; driver has been removed. &merged; - - The default SCSI boot-time probe delay in the - GENERIC kernel has been reduced from - fifteen seconds to five seconds. - - The old vinum(4) subsystem has been removed - in favor of the new &man.geom.4;-based version. - - The &man.twa.4; driver has been updated to - the 9.2 release (for &os; 5.2.1) distributed from - the 3ware website. - - The &man.wd.4; driver has been removed. The - &man.ata.4; driver has been found to work well enough on the - pc98 platform that there is no need for the older &man.wd.4; - driver. - - Information about newly-mounted cd9660 file systems (such - as the presence of RockRidge extensions) is now only printed - if the kernel was booted in verbose mode. This change was - made to reduce the amount of (generally unnecessary) kernel - log messages. &merged; - + File Systems - Recomputing the summary information for - dirty UFS and UFS2 file systems is no longer - done at mount time, but is now done by background - &man.fsck.8;. This change improves the startup speed when - mounting large file systems after a crash. The prior behavior - can be restored by setting the - vfs.ffs.compute_summary_at_mount sysctl - variable to a non-zero value. &merged; - - A kernel panic in the NFS server has been fixed. More - details can be found in errata note - FreeBSD-EN-05:01.nfs. - &merged; - - Read-only support for ReiserFS version 3 has been - added. See &man.mount.reiserfs.8; for details. - + Contributed Software - ACPI-CA has been updated from - 20040527 to 20041119. &merged; - + Userland Changes - The &man.burncd.8; utility now allows commands (such as - eject) to take place after fixating a - disk. - - Machine-specific optimized versions of - &man.bcmp.3;, &man.bcopy.3;, &man.bzero.3;, &man.memcmp.3;, - &man.memcpy.3;, &man.memmove.3;, &man.memset.3;, &man.strcat.3; - and &man.strcpy.3; have been implemented. Several mathematics - functions such as &man.ceill.3; and &man.sqrtf.3; are also - replaced with the optimized versions. - - The &man.chflags.1; utility now supports the - flag, which supports changing flags on - symbolic links. - - The &man.env.1; program now supports a - flag to write the command to standard error before it is executed. - - The &man.env.1; program now supports a - option to split the string and pass them to - the command as the command-line arguments. - - The &man.env.1; program now supports a - option to set the command search path used to look for - the command. - - The &man.ftpd.8; program now uses the 212 - and 213 status codes for directory - and file status correctly (211 was used in - the previous versions). This behavior is described in RFC 959. - &merged; - - The create command of the &man.gpt.8; - utility now supports a command-line flag to - force creation of a GPT even when there is an MBR record on a - disk. &merged; - - The &man.getaddrinfo.3; function now queries A - DNS resource records before AAAA records - when AF_UNSPEC is specified. - Some broken DNS servers return NXDOMAIN - against non-existent AAAA queries, - even when it should return NOERROR - with empty return records. This is a problem for an IPv4/IPv6 dual - stack node because the NXDOMAIN returned - by the first query of an AAAA record makes - the querying server stop attempting to resolve the A - record if any. Also, this behavior has been recognized as a potential - denial-of-service attack (see - for more details). - Note that although the query order has been changed, - the returned result still includes - AF_INET6 records before - AF_INET records. &merged; - - The &man.gethostbyname.3;, &man.gethostbyname2.3;, and - &man.gethostbyaddr.3; functions are now thread-safe. &merged; - - The &man.getnetent.3;, &man.getnetbyname.3;, and - &man.getnetbyaddr.3; functions are now thread-safe. &merged; - - The &man.getprotoent.3;, &man.getprotobyname.3;, and - &man.getprotobynumber.3; functions are now thread-safe. &merged; - - The &man.getservent.3;, &man.getservbyname.3;, and - &man.getservbyport.3; functions are now thread-safe. &merged; - - For conformation to IEEE Std 1003.1-2001 - (also known as POSIX 2001), the n_net member - of struct netent and the first argument - of &man.getnetbyaddr.3; has been changed to an uint32_t. - Due to these changes, the ABI on 64-bit platforms is - incompatible with previous releases of &os; and - the major version number of the libpcap - shared library has been bumped. - On 64-bit platforms being upgraded from older &os; versions, all - userland programs that use &man.getnetbyaddr.3;, - &man.getnetbyname.3;, &man.getnetent.3;, and/or - libpcap have to be recompiled. - - The gvinum(8) utility now supports the - checkparity, - rebuildparity, and - setstate - subcommands. &merged; - - The &man.ifconfig.8; utility has been restructured. It is - now more modular and flexible with respect to supporting - interface-specific functionality. The 802.11 support has been - updated to support recent changes to the 802.11 subsystem and - drivers. - - Support for abbreviated forms of a number of &man.ipfw.8; - options has been deprecated. Warnings are printed to stderr - indicating the correct full form when one of these abbreviations - is detected. - - The &man.kldstat.8; utility now supports a - option to return the status of a specific - kernel module. &merged; - - The on-disk format of LC_CTYPE files has - been changed to be machine-independent. - - The libkvm now supports - ELF crash dump on amd64 and i386 platforms, - large crash dump (more than 4GB) in 32-bit platforms, - and PAE crash dump on i386 platform. - - The &man.mixer.8; utility now supports the - option. This is the same as the option - but does not output mixing field separators. - - A bug in the libalias library - which causes a core dump when the - option is specified in &man.natd.8; has been fixed. - - The libarchive library (as well as the - &man.tar.1; command that uses it) now has support for reading ISO - images (with optional RockRidge extensions) and ZIP archives - (with deflate and none - compression). &merged; - - The libarchive library now supports - handling a ZIP archive entry with more than 4GB compressed size (ZIP64 - extension) and Unix extension. - - The libgpib library has been added to - give userland access to GPIB devices (using the the pcii driver) - via the - ibfoo - API. &merged; - - The default stack sizes in libpthread, - libthr, - and libc_r have been increased. On 32-bit - platforms, the main thread receives a 2MB stack size by default, - with other threads receiving a 1MB stack size by default. On - 64-bit platforms, the default stack sizes are 4MB and 2MB - respectively. &merged; - - The libxpg4 library has been removed - because all of its functionality was long ago merged into - libc. - All binaries linked with libxpg4 - must be recompiled or use &man.libmap.conf.5;. - Note that the &os; base system has no such binaries. - - The &man.lpd.8; program now checks to make sure the data - file has been completely transfered before starting to - print it when a data file received from some other host. - Some implementations of &man.lpr.1; send the control file - for a print job before sending the matching data files, - which can cause problems if the receiving host is - a busy print-server. &merged; - - A number of new functions have been implemented in the - &man.math.3; library. These include &man.ceill.3;, - &man.floorl.3;, &man.ilogbl.3;, &man.fma.3; and variants, - &man.lrint.3; and variants, and &man.lround.3; and - variants. &merged; - - The &man.mknod.8; utility is now deprecated. - Device nodes have been managed by the &man.devfs.5; device file - system since &os; 5.0. - - The &man.mkuzip.8; utility, which - compresses file system images for use with - GEOM_UZIP &man.geom.4; module, - has been added. &merged; - - The &man.moused.8; daemon now supports virtual - scrolling, in which mouse motions made while holding - down the middle mouse button are interpreted as scrolling. This - feature is enabled with the - flag. &merged; - - A separate directory has been added for &man.named.8; - dynamic zones which is owned by the bind user - (for creation of the zone journal file). - For more detail, see an example dynamic zone in the sample - &man.named.conf.5;. &merged; - - The &man.ncal.1; utility now supports a - flag to generate a calendar for a specified month in the current - year. &merged; - - The &man.newfs.8; utility now supports a - flag to suppress the creation of a .snap - directory on new file systems. This feature is intended for use - on memory or vnode file systems that will not require snapshot - support. &merged; - - The &man.newfs.8; utility now emits a warning when creating - a UFS or UFS2 file system that cannot support snapshots. This - situation can occur in the case of very large file systems with - small block sizes. &merged; - - The &man.newsyslog.8; utility now supports - a option to specify an alternate root for log files - similar to DESTDIR in the BSD make process. - This only affects log file paths, not configuration file () - or archive directory () paths. - - The &man.newsyslog.8; utility now supports a - that causes it not to rotate any files. - - The NO_NIS compile-time knob for userland - has been added. As its name implies, enabling this - Makefile variable will cause NIS support to - be excluded from various programs and will cause the NIS - utilities to not be built. &merged; - - For years, &os; has used Makefile - variables of the form - NOFOO and - NO_FOO. For - consistency, those variables using the former naming convention - have been converted to the - NO_FOO form. The - file /usr/share/mk/bsd.compat.mk has a - complete list of these variables; it also implements some - temporary backward compatibility for the old names. - - The &man.periodic.8; security output now supports the display of - information about blocked packet counts from &man.pf.4;. &merged; - - The &man.pgrep.1; command now supports a option - which allows matching system processes (kernel threads). - - The &man.pgrep.1; and &man.pkill.1; commands now support a - option, which matches a process whose PID is - stored in a file. - - The &man.pgrep.1; and &man.pkill.1; commands now support a - option to ignore case in the process match. - - The &man.pgrep.1; and &man.pkill.1; commands now support a - option that matches processes - based on their &man.jail.2; ID. - - The &man.pgrep.1; and &man.pkill.1; commands now support a - option which matches only the oldest - (least recently started) of the matching processes. - - The &man.powerd.8; program for managing power consumption has been - added. - - The &man.ppp.8; program now implements an - parameter, which allows LCP ECHOs to be - enabled independently of LQR reports. Older versions of - &man.ppp.8; would revert to LCP ECHO mode on negotiation - failure. It is now necessary to specify enable - echo to get this behavior. &merged; - - The and - options, - which support pre-RFC 2865 RADIUS servers - have been added to the &man.ppp.8; program. - - Two bugs in the &man.pppd.8; program have been fixed. - They may result in an incorrect CBCP response, - which violates the Microsoft PPP Callback Control Protocol - section 3.2. &merged; - - The &man.ps.1; utility now supports a jid - keyword in the option. It displays the - &man.jail.2; ID of each process. - - The &man.pstat.8; program now supports a option - to print swap sizes with SI prefixes such as K, M, and G, - which are used to form binary multiples. - - The &man.rescue.8; utilities in the /rescue - directory now include &man.bsdtar.1; instead of GNU tar. - - The &man.restore.8; utility has regained the ability to read - &os; version 1 dump tapes. &merged; - - A bug of the &man.rexecd.8; utility which results in - it behaving as if the option is always - specified has been fixed. &merged; - - The &man.rexecd.8; utility has been removed. - There are no rexec clients in the &os; tree, and the client - function &man.rexec.3; is present only in - libcompat. - - The &man.rm.1; utility now supports an - option that asks for confirmation (once) if recursively - removing directories or if more than 3 files are listed in the - command line. &merged; - - The &man.rm.1; utility now suppresses diagnostic messages - when it attempts to remove a non-existent directory - with the and options - specified. This behavior is required by - Version 3 of the Single UNIX Specification (SUSv3). - - The following ISO/IEC 9899:1999 standard functions - have been implemented: roundl(), - lroundl(), llroundl(), - truncl(), and floorl(). - - An &man.rpmatch.3; library function has been added to check - a string for being an affirmative or negative response in the - current locale. - - The &man.rtld.1; dynamic linker now supports specifying - library replacements via the LD_LIBMAP - environment variable. This variable will override the entries - in &man.libmap.conf.5;. &merged; - - The rune(3) non-standard multibyte and wide character support - interface has been removed. - - &man.sed.1; now supports a option to - make its output line-buffered. &merged; - - The &man.strftime.3; function now supports some GNU extensions - such as - (no padding), - _ (use space as padding), - and 0 (zero padding). &merged; - - The &man.syslog.3; function is now thread-safe. &merged; - - The &man.syslogd.8; utility now opens an additional domain - socket (/var/run/logpriv by default), - with 0600 permissions to be used - by privileged programs. This prevents privileged - programs from locking when the domain sockets - run out of buffer space due to a - local denial-of-service attack. &merged; - - The &man.syslogd.8; now supports the option, - which allows to change the pathname of the privileged - socket. This is useful for preventing the daemon - from receiving any messages from the local sockets - (/var/run/log and - /var/run/logpriv are used by default). - &merged; - - The &man.syslogd.8; utility now allows - : and % - characters in the hostname specifications. - These characters are used in IPv6 addresses and scope IDs. &merged; - - The &man.systat.1; display is now - IPv6-aware. &merged; - - The option of &man.tail.1; utility - now supports more than one file at a time. &merged; - - The &man.telnet.1; and &man.telnetd.8; programs now support - the option for specifying a numeric TOS - byte. - - Prepending a + character to port numbers - passed to &man.telnet.1; program will now disable option - negotiation and allow the transfer of characters with the high - bit set. This feature is intended to support the fairly common - use of &man.telnet.1; as a protocol tester. - - The &man.tcpdrop.8; command, which closes a selected TCP - connection, has been added. It was obtained from - OpenBSD. &merged; - - &man.what.1; now supports a flag, which - causes it to print matching text, but not format it. - - &man.whois.1; now supports - a flag - for querying whois.krnic.net - (the National Internet Development Agency of Korea), - which holds details of IP address allocations within - Korea. &merged; - - The option of the &man.xargs.1; command - has been changed to conform to IEEE Std 1003.1-2004. - The standard requires that the constructed - arguments cannot grow larger than 255 bytes. - - A bug, which caused the last line of configuration files such as &man.hosts.5;, - &man.services.5;, and so on to be ignored if it did not end in a newline character, - has been fixed. &merged; - - A new system user/group _dhcp - has been added to support &man.dhclient.8; from OpenBSD. - <filename>/etc/rc.d</filename> Scripts - The rc.d/bsnmpd startup script - for &man.bsnmpd.1; has been added. - - The rc.d/jail startup script - now supports jail_name_flags - variable which allows to specify &man.jail.8; flags. - &merged; - - &man.rc.conf.5; now supports changes of network interface names - at boot time. &merged; For example: - - ifconfig_fxp0_name="net0" -ifconfig_net0="inet 10.0.0.1/16" - - The rc.d/moused script now - starts/stops/checks a specific device when - the device name is given as the second argument to the script: - - &prompt.root; /etc/rc.d/moused start ums0 - - To use different &man.rc.conf.5; knobs with different - mice, use the device name as part of the knob. - For example, if the mouse device is /dev/ums0 - the following lines can be used: - - moused_ums0_enable=yes -moused_ums0_flags="-z 4" -moused_ums0_port="/dev/ums0" - - &man.rc.conf.5; now supports the tmpmfs_flags - and varmfs_flags variables. - These can be used to pass extra options to the &man.mdmfs.8; utility, - to customize the finer details of the &man.md.4; file system creation, - such as to turn on/off softupdates, to specify a default owner - for the file system, and so on. &merged; - - The following scripts have been removed because - they were NetBSD specific and never used in &os;: - altqd, - dhcpd, - dhcrelay, - downinterfaces, - gated, - ifwatchd, - kdc, - lkm1, - lkm2, - lkm3, - mixerctl, - mopd, - mountall, - ndbootd, - network, - poffd, - postfix, - ppp, - racoon, - raidframe, - rbootd, - rtsold, - screenblank, - swap2, - sysdb, - wscons, - xdm, and - xfs + Contributed Software - awk has been updated from the 7 - February 2004 release to the 24 April 2005 release. - - BIND has been updated from version - 9.3.0 to version 9.3.1. &merged; - - bsnmp has been updated from 1.7 - to 1.10. - - bzip2 has been updated from 1.0.2 - to 1.0.3. - - OpenBSD dhclient as of OpenBSD 3.7 - has been imported. It replaces the ISC DHCP client used in - prior versions of &os;. - - FILE has been updated from 4.10 - to 4.12. - - GNU GCC has been updated from - from 3.4.2-prerelease as of 28 July, 2004 to 3.4.4. - - A number of bug fixes and performance enhancements have been - added to GNU grep in the form of - patches from Fedora's grep-2.5.1-48 source RPM. - - GNU readline has been updated from - version 4.3 to version 5.0. - - IPFilter has been updated from - 3.4.35 to 4.1.18. - - Heimdal has been updated from - 0.6.1 to 0.6.3. &merged; - - The hostapd - v0.3.9 has been imported. This is a user space IEEE - 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP - Authenticator and RADIUS authentication server. - For more details, see &man.hostapd.8;. - - libpcap has been updated from - v0.8.3 to v0.9.1 (alpha 096). - - libregex has been updated from a - snapshot from GNU grep 2.5.1 to a - snapshot from the fedora-glibc-2_3_4-21 tag - in the glibc CVS repository. - - libz has been updated from 1.2.1 - to 1.2.2. - - lukemftp has been updated from a - 26 April 2004 snapshot from OpenBSD's sources to a snapshot as - of 16 May 2005. - - A snapshot of netcat from OpenBSD - as of 4 February 2005 has been added. More information can be - found in the &man.nc.1; manual page. &merged; - - NgATM has been updated from 1.0 - to 1.2. - - OpenPAM has been updated from the - Eelgrass release to the Feterita release. - - OpenPAM has been updated from the - Feterita release to the Figwort release. - - OpenSSH has been updated from 3.8p1 - to 4.1p1. - - OpenSSL has been updated from - 0.9.7d to 0.9.7e. &merged; - - pf has been updated from the - version included with OpenBSD 3.5 to - the version included with OpenBSD - 3.7. - - sendmail has been updated from - version 8.13.1 to version 8.13.3. &merged; - - sendmail has been updated from - version 8.13.3 to version 8.13.4. It now supports - OSTYPE(freebsd6). - - tcpdump has been updated from - v3.8.3 to v3.9.1 (alpha 096). - - tcsh has been updated from - 6.13.00 to 6.14.00. - - texinfo has been updated from 4.6 - to 4.8. - - The timezone database has been updated from the - tzdata2004e release to the - tzdata2004g release. &merged; - - The WPA Supplicant - v0.3.9 has been imported. This provides WPA Supplicant - component of WPA/IEEE 802.11i features. - For more details, see &man.wpa.supplicant.8;. - + Ports/Packages Collection Infrastructure - The &man.pkg.create.1; utility now supports a - flag. When creating a package file - from the locally installed package, it creates package - files for all packages on which that locally installed - package depends if this flag is specified. - - The &man.pkg.version.1; utility now supports a - flag to suppress the output of the port - version comparison characters <, - =, and >. - - The &man.pkg.version.1; utility now supports a - flag, which causes only the - INDEX file to be used for determining if a - package is out of date. &merged; - - The - ports/INDEX* - files, which kept an index of all of the entries in the ports - collection, have been removed from the CVS repository. &merged; - These files were generated only infrequently, and therefore were - usually out-of-date and inaccurate. Users requiring an index - file (such as for use by programs such as &man.portupgrade.1;) - have two alternatives for obtaining a copy: - - - - Build an index file based on the current ports tree by - running make index from the top of the - ports/ tree. - - - - Fetch an index file over the network by running - make fetchindex from the top of the - ports/ tree. This index file will - (typically) be accurate to within a day. - - - + Release Engineering and Integration - In prior &os; releases, the disc1 - CD-ROM (or ISO image) was a bootable installation disk - containing the base system, ports tree, and common packages. - The disc2 CD-ROM (or ISO image) was a - bootable fix it disk with a live filesystem, to - be used for making emergency repairs. This layout has now - changed. For all architectures except ia64, the - disc1 image now contains the base system - distribution files, ports tree, and the live filesystem, making - it suitable for both an initial installation and repair - purposes. (On the ia64, the live filesystem is on a separate - disk due to its size.) Packages appear on separate - disks; in particular, the disc2 image - contains commonly packages such as desktop environments. - Documents from the &os; Documentation Project also appear on - disc2. &merged; - - The supported version of the - GNOME desktop environment has been - updated from 2.6.2 to 2.10.1. More information about - running GNOME on &os; can be found on - the FreeBSD GNOME Project - Web page. &merged; - - - Users of older versions of the - GNOME desktop - (x11/gnome2) - must take particular care in upgrading. Simply upgrading it - from the &os; Ports Collection with &man.portupgrade.1; - (sysutils/portupgrade) - will cause serious problems. - GNOME desktop users should read - the instructions carefully at - - and use the - gnome_upgrade.sh - script to properly upgrade to - GNOME 2.10. - - - - The supported version of the KDE - desktop environment has been updated from 3.3.0 to - 3.4.0. More information regarding running - KDE on &os; can be found on the - KDE on FreeBSD Web - page. &merged; - - - Users of older versions of - KDE should follow the upgrading - procedure documented on the - KDE on FreeBSD Web - page or in ports/UPDATING. - - - - The supported version of Xorg has - been updated from 6.7.0 to 6.8.2. &merged; - + Documentation - Documentation of existing functionality has been improved by - the addition of the following manual pages: &man.ataraid.4;, - &man.bus.space.9;, - &man.central.4;, &man.clkbrd.4;, &man.creator.4;, - &man.devfs.conf.5, &man.devfs.rules.5, - &man.ebus.4;, &man.eeprom.4;, - &man.fhc.4;, - &man.machfb.4;, - &man.ofw.console.4;, &man.openfirm.4;, &man.openprom.4;, - &man.pmap.page.init.9;, &man.pthread.atfork.3;, - &man.rtc.4;, - &man.sbus.4;, &man.sched.4bsd.4;, &man.sched.ule.4;, &man.snd.fm801.4;, - &man.snd.neomagic.4;, &man.snd.via8233.4;, &man.snd.via82c686.4;, - and &man.snd.vibes.4;. - - Manual pages in the base system have received a number of - cleanups, both for content and presentation. Cross-references - are more correct and consistent, standard section headings are - now used throughout, and markup has been cleaned up. - - The following manual pages, which were derived from RFCs - and possibly violate the IETF's copyrights, have been replaced: - &man.gai.strerror.3;, - &man.getaddrinfo.3;, - &man.getnameinfo.3;, - &man.inet6.opt.init.3;, - &man.inet6.option.space.3;, - &man.inet6.rth.space.3;, - &man.inet6.rthdr.space.3;, - &man.icmp6.4;, and - &man.ip6.4;. &merged; - + Upgrading from previous releases of &os; - Source upgrades to &os; &release.current; are only supported - from &os; 5.3-RELEASE or later. Users of older systems wanting to - upgrade &release.current; will need to update to &os; 5.3 or newer - first, then to &os; &release.current;. + Upgrading &os; should, of course, only be attempted after diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index 89b9a18..a6e787e 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -113,322 +113,18 @@ Security Advisories - A bug in the &man.fetch.1; utility, which allows - a malicious HTTP server to cause arbitrary portions of the client's - memory to be overwritten, has been fixed. - For more information, see security advisory - FreeBSD-SA-04:16.fetch. - &merged; - - A bug in &man.procfs.5; and &man.linprocfs.5; - which could allow a malicious local user to read parts of kernel - memory or perform a local - denial of service attack by causing a system panic, - has been fixed. - For more information, see security advisory - FreeBSD-SA-04:17.procfs. - &merged; - - Two buffer overflows in the TELNET client program have been - corrected. They could have allowed a malicious TELNET server or - an active network attacker to cause &man.telnet.1; to execute - arbitrary code with the privileges of the user running it. - More information can be found in security advisory - FreeBSD-SA-05:01.telnet. - &merged; - - An information disclosure vulnerability in the - &man.sendfile.2; system call, which could permit it to transmit - random parts of kernel memory, has been fixed. More details are - in security advisory - FreeBSD-SA-05:02.sendfile. - &merged; - - A possible privilege escalation vulnerability on &os;/amd64 - has been fixed. This allows unprivileged users to gain direct - access to some hardware which cannot be accessed - without the elevated privilege level. More details are in security advisory - FreeBSD-SA-05:03.amd64. - &merged; - - An information leak vulnerability in the - SIOCGIFCONF &man.ioctl.2;, which leaked 12 - bytes of kernel memory, has been fixed. More details are in security advisory - FreeBSD-SA-05:04.ifconf. - &merged; - - Several programming errors in &man.cvs.1;, which could - potentially cause arbitrary code to be executed on CVS servers, - have been corrected. Further information can be found in - security advisory - FreeBSD-SA-05:05.cvs. - &merged; - - An error in the default permissions on the /dev/iir device node, which - allowed unprivileged local users can send commands to the - hardware supported by the &man.iir.4; driver, has been fixed. - For more information, see security advisory - FreeBSD-SA-05:06.iir. - &merged; - - A bug in the validation of &man.i386.get.ldt.2; system call - input arguments, which may allow kernel memory to be disclosed - to a user process, has been fixed. For more information, see - security advisory - FreeBSD-SA-05:07.ldt. - &merged; - - Several information disclosure vulnerabilities in various - parts of the kernel have been fixed. For more information, see - security advisory - FreeBSD-SA-05:08.kmem. - &merged; - - Because of an information disclosure vulnerability on - processors using Hyper-Threading Technology (HTT), the - machdep.hyperthreading_allowed sysctl - variable has been added. It defaults to 1 - (HTT enabled) on &os; CURRENT, and 0 (HTT - disabled) on the 4-STABLE and 5-STABLE development branches and - supported security fix branches. More information can be found - in security advisory - FreeBSD-SA-05:09.htt. - &merged; - - A bug in the &man.tcpdump.1; utility which allows - a malicious remote user to cause a denial-of-service - by using specially crafted packets, has been fixed. - For more information, see security advisory - FreeBSD-SA-05:10.tcpdump. - &merged; - - Two problems in the &man.gzip.1; utility have been fixed. - These may allow a local user to modify permissions - of arbitrary files and overwrite arbitrary local - files when uncompressing a file. - For more information, see security advisory - FreeBSD-SA-05:11.gzip. - &merged; - - A bug in BIND 9 DNSSEC has been fixed. - When DNSSEC is enabled, this bug may allow a remote attacker to inject - a specially crafted packet which will cause &man.named.8; to terminate. - For more information, see security advisory - FreeBSD-SA-05:12.bind9. - &merged; - - A bug has been fixed in &man.ipfw.4; that could cause - packets to be matched incorrectly against a lookup table. This - bug only affects SMP machines or UP machines that have the - PREEMPTION kernel option enabled. More - information is contained in security advisory - FreeBSD-SA-05:13.ipfw. - &merged; - - Two security-related problems have been fixed in - &man.bzip2.1;. These include a potential denial of service and - unauthorized manipulation of file permissions. For more - information, see security advisory - FreeBSD-SA-05:14.bzip2. - &merged; - - Two problems in &os;'s TCP stack have been fixed. They - could allow attackers to stall existing TCP connections, - creating a denial-of-service situation. More information is - contained in security advisory - FreeBSD-SA-05:15.tcp. - &merged; - + Kernel Changes - Support for 80386 processors (the - I386_CPU kernel configuration option) has - been removed. Users running this class of CPU should use &os; - 5.X or earlier. - - The kernel debugger &man.ddb.4; now supports a - show alllocks command, which dumps a list of processes - and threads currently holding sleep mutexes (and spin mutexes for - the current thread). &merged; - - The kernel crash dump format has been changed to - ELF to support large memory (more than 4GB) environment. - - The &man.ichsmb.4; driver is now available as a loadable - kernel module. - - The &man.jail.8; feature now supports a new sysctl - security.jail.chflags_allowed, which controls the - behavior of &man.chflags.1; within a jail. - If set to 0 (the default), then a jailed root user is - treated as an unprivileged user; if set to 1, then - a jailed root user is treated the same as an unjailed root user. &merged; - - A sysctl security.jail.getfsstatroot_only has been - renamed to security.jail.enforce_statfs and - now supports the following policies: - - - - - - - - Value - Policy - - - - - - 0 - Show all mount-points without any restrictions. - - - - 1 - Show only mount-points below jail's chroot and show only part of the - mount-point's path (for example, if the jail's chroot directory is - /jails/foo and - mount-point is - /jails/foo/usr/home, - only /usr/home will be shown). - - - - 2 - Show only mount-point where jail's chroot directory is placed. - - - - - - The loader tunable debug.mpsafevm - has been enabled by default. &merged; - - &man.memguard.9;, a kernel memory allocator designed to help detect - tamper-after-free scenarios, has been added. - This must be explicitly enabled via options - DEBUG_MEMGUARD, plus small kernel modifications. It - is generally intended for use by kernel developers. - - struct ifnet and network interface API - have been changed. Due to ABI incompatibility, all drivers - not in the &os; base system need to be updated to use - the new API and recompiled. - - A number of bugs have been fixed in the ULE - scheduler. &merged; - - Fine-grained locking to allow much of the VFS stack to run - without the Giant lock has been added. This is enabled by default - on the alpha, amd64, and i386 architectures, and can be disabled - by setting the loader tunable (and sysctl variable) - debug.mpsafevfs to - 0. - - A bug in Inter-Processor Interrupt (IPI) - handling, which could cause SMP systems to crash under heavy - load, has been fixed. More details are contained in errata note - FreeBSD-EN-05:03.ipi. - &merged; - - System V IPC objects (message queues, semaphores, and shared - memory) now have support for Mandatory Access Control policies, - notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and - &man.mac.test.4;. - - Memory allocation for legacy PCI bridges has - been limited to the top 32MB of RAM. Many older, legacy bridges - only allow allocation from this range. This change only applies - to devices which do not have their memory assigned by the BIOS. - This change fixes the bad Vcc error of CardBus - bridges (&man.pccbb.4;). &merged; - - The &man.sysctl.3; MIBs beginning with debug - now require the kernel option options SYSCTL_DEBUG. - This option is disabled by default. - - The generic &man.tty.4; driver interface has been added - and many device drivers including - &man.cx.4; ({tty,cua}x), - &man.cy.4; ({tty,cua}c), - &man.digi.4; ({tty,cua}D), - &man.rc.4; ({tty,cua}m), - &man.rp.4; ({tty,cua}R), - &man.sab.4; ({tty,cua}z), - &man.si.4; ({tty,cua}A), - &man.sio.4; ({tty,cua}d), - sx ({tty,cua}G), - &man.uart.4; ({tty,cua}u), - &man.ubser.4; ({tty,cua}y), - &man.ucom.4; ({tty,cua}U), and - &man.ucycom.4; ({tty,cua}y) - have been rewritten to use it. Note that /etc/remote - and /etc/ttys have been updated as well. - - The &man.vkbd.4; driver has been added. This driver - provides a software loopback mechanism that can implement - a virtual AT keyboard similar to what the &man.pty.4; driver - does for terminals. - - - - &os; always uses the local APIC timer - even on uni-processor systems now. - - The default HZ - parameter (which controls various kernel timers) has been - increased from 100 to 1000 - on the i386 and ia64. It has been reduced from - 1024 to 1000 on the amd64 - to reduce synchronization effects with other system - clocks. - - The maximum length of shell commands has changed from 128 - bytes to PAGE_SIZE. By default, this value - is either 4KB (i386, pc98, amd64, and powerpc) or 8KB (sparc64 - and ia64). As a result, compatibility modules need to be - rebuilt to stay synchronized with data structure changes in the - kernel. - - A new tunable vm.blacklist has been added. - This can hold a space or comma separated list of physical addresses. - The pages containing these physical addresses will - not be added to the free list and thus will effectively - be ignored by the &os; VM system. The physical addresses - of any ignored pages are listed in the message buffer as well. + Boot Loader Changes - A serial console-capable version of - boot0 has been added. It can be written - to a disk using &man.boot0cfg.8; and specifying - /boot/boot0sio as the argument to the - option. - - cdboot now works around a - BIOS problem observed on some systems when booting from USB - CDROM drives. - - The autoboot loader command - now supports the prompt parameter. - - The autoboot loader command will now prevent the user - from interrupting the boot process at all if the - autoboot_delay variable is set to - -1. &merged; - - A loader menu option to set hint.atkbd.0.flags=0x1 - has been added. This setting allows USB keyboards to work - if no PS/2 keyboard is attached. - - The beastie boot menu has been disabled by default. + @@ -437,1228 +133,85 @@ Hardware Support - The &man.acpi.4; driver now turns - the ACPI and PCI devices off or to a lower power state - when suspending, and back on again when resuming. - This behavior can be disabled by - setting the debug.acpi.do_powerstate and - hw.pci.do_powerstate sysctls to 0. - - The &man.acpi.ibm.4; driver for IBM laptops - has been added. It provides support for the various - hotkeys and reading fan status and thermal - sensors. - - The &man.acpi.fujitsu.4; driver for handling - &man.acpi.4;-controlled buttons Fujitsu laptops has been added. - - The acpi_sony driver, - which supports the Sony Notebook Controller on various - Sony laptops has been added. - - The &man.atkbdc.4;, &man.atkbd.4;, and &man.psm.4; - drivers have been rewritten in more bus-independent way, - and now support the EBus found on the sparc64 platform. - - The following device drivers have been - added and enabled by default in the - GENERIC kernel: - &man.atkbdc.4;, - &man.atkbd.4;, - creator(4), - machfb(4), - &man.syscons.4;, - &man.ohci.4;, - &man.psm.4;, - &man.ukbd.4;, - &man.ums.4;, - and &man.usb.4;. - - The &man.auxio.4; driver has been added; it supports - some auxiliary I/O functions found on various SBus/EBus - &ultrasparc; models. &merged; - - The clkbrd driver has been added to support - the clock-board device frequently found on - Sun Exx00 servers. - - A framework for flexible processor speed control has been - added. It provides methods for various drivers to control CPU - power utilization by adjusting the processor speed. More - details can be found in the &man.cpufreq.4; manual page. &merged; - Currently supported drivers include ichss (Intel SpeedStep for ICH), - acpi_perf (ACPI CPU performance states), and acpi_throttle - (ACPI CPU throttling). The latter two drivers are contained - in the &man.acpi.4; driver. These can individually be disabled by setting device - hints such as hint.ichss.0.disabled="1". - - The &man.hwpmc.4; hardware performance - monitoring counter driver has been added. - This driver virtualizes the hardware performance monitoring - facilities in modern CPUs and provides support for using - these facilities from user level processes. For more details, - see manual pages of &man.hwpmc.4;, associated libraries, - and associated userland utilities. - - Support for the OLDCARD subsystem has - been removed. The NEWCARD system is now used for all PCCARD - device support. - - The pcii driver has been added to support GPIB-PCIIA IEEE-488 - cards. &merged; - - The &man.atkbd.4; driver now supports a 0x8 - (bit 3) flag to disable testing the keyboard port during - the device probe as this can cause hangs on some machines, - specifically Compaq R3000Z series amd64 laptops. - - The &man.pbio.4; driver, - which supports direct access to - the Intel 8255A programmable peripheral interface (PPI) - chip running in mode 0 (simple I/O) has been added. - - The &man.psm.4; driver now has improved support for - Synaptics Touchpad users. It now has better tracking of - slow-speed movement and support for various extra - buttons and dials. These features can be tuned with the - hw.psm.synaptics.* - hierarchy of sysctl variables. - - The rtc driver has been added to support - the MC146818-compatible clock found on some &ultrasparc; II - and III models. &merged; - - The &man.syscons.4; driver now supports VESA - (15, 16, 24, and 32 bit) modes. To enable this feature, two - kernel options SC_PIXEL_MODE and - VESA (or corresponding kernel module) - are needed. - - The &man.uart.4; driver is now enabled in - the GENERIC kernel, and is now the - default driver for serial ports. The &man.ofw.console.4; and - &man.sab.4; drivers are now disabled in the - GENERIC kernel. &merged; - - The &man.uftdi.4; driver now supports the FTDI FT2232C - chip. - - The &man.uplcom.4; driver now supports handling of the - CTS signal. - - The &man.ehci.4; driver has been improved. - - The zs driver has been removed - in favor of the &man.uart.4; driver. + Multimedia Support - The &man.snd.audiocs.4; driver has been - added to support the Crystal Semiconductor CS4231 audio - controller found on &ultrasparc; - workstations. &merged; - - The &man.snd.csa.4; driver now supports - suspend and resume operation. - - The &man.uaudio.4; driver now has some added - functionality, including volume control on more inputs and - recording capability on some devices. &merged; - + Network Interface Support - The &man.ath.4; driver has been updated to split the - transmit rate control algorithm into a separate module. - One of device ath_rate_onoe, - device ath_rate_amrr, or - device ath_rate_sample must be included in - the kernel configuration when using the &man.ath.4; - driver. - - The &man.bge.4; driver now supports the &man.altq.4; - framework, as well as the BCM5714, 5721, 5750, 5751, 5751M and 5789 - chips. &merged; - - The &man.cdce.4; USB Communication Device Class Ethernet - driver has been added. &merged; - - The &man.cp.4; driver is now MPSAFE. &merged; - - The &man.ctau.4; driver is now MPSAFE. &merged; - - The &man.cx.4; driver is now MPSAFE. &merged; - - The &man.dc.4; driver now supports the &man.altq.4; - framework. &merged; - - The &man.ed.4; driver now supports the &man.altq.4; - framework. &merged; - - In the &man.em.4; driver, hardware support for VLAN - tagging is now disabled by default due to some interactions - between this feature and promiscuous mode. &merged; - - Ethernet flow control is now disabled by default in the - &man.fxp.4; driver, to prevent problems on a subnet when a system panics - or is left in the kernel debugger. &merged; - - The gx(4) driver has been removed because - it is no longer maintained actively and - the &man.em.4; driver supports all of the supported hardware. - - The &man.hme.4; driver is now MPSAFE. &merged; - - The &man.ipw.4; (for Intel PRO/Wireless 2100), - &man.iwi.4; (for Intel PRO/Wireless 2200BG/2225BG/2915ABG), - &man.ral.4; (for Ralink Technology RT2500), - and &man.ural.4; (for Ralink Technology RT2500USB) - drivers have been added. - - The &man.ixgb.4; driver is now MPSAFE. &merged; - - The musycc driver, for the LanMedia LMC1504 T1/E1 - network interface card, has been removed due to - disuse. - - Drivers using the &man.ndis.4; device - driver wrapper mechanism are now built and loaded - differently. The &man.ndis.4; driver can now be pre-built - as module or statically compiled into a kernel. Individual - drivers can now be built with the &man.ndisgen.8; utility; - the result is a kernel module that can be loaded into a - running kernel using &man.kldload.8;. &merged; - - The &man.ndis.4; device driver wrapper now - supports &windows;/x86-64 binaries on amd64 - systems. &merged; - - The &man.nve.4; driver, which supports the - nVidia nForce MCP Networking Adapter, has been added. - - The &man.re.4; driver now supports the &man.altq.4; - framework. &merged; - - The &man.sf.4; driver now has support for device polling - and &man.altq.4;. &merged; - - Several programming errors in the &man.sk.4; driver have - been corrected. These bugs were particular to SMP systems, and - could cause panics, page faults, aborted SSH connections, or - corrupted file transfers. More details can be found in - errata note - FreeBSD-EN-05:02.sk. - &merged; - - The &man.sk.4; driver now has support for &man.altq.4;. - This driver also now supports jumbo frames on Yukon-based - interfaces. &merged; - - The &man.ste.4; driver now has support for &man.altq.4;. - - The &man.vge.4; driver now has support for device polling - (&man.polling.4;). - - Support for 802.11 devices in the &man.wlan.4; framework has been - greatly overhauled. In addition to architectural changes, - it includes completed 802.11g, WPA, 802.11i, 802.1x, - WME/WMM, AP-side power-saving, and plugin frameworks for - cryptography modules, authenticators, and access control. - Note in particular that WEP now requires the - wlan_wep module to be loaded (or - compiled) into the kernel. - - The &man.xl.4; driver now supports - &man.polling.4;. &merged; - + Network Protocols - The MTU feedback in IPv6 has been disabled when the sender writes - data that must be fragmented. &merged; - - The Common Address Redundancy Protocol (CARP) has - been implemented. CARP comes from OpenBSD and allows - multiple hosts to share an IP address, providing - high availability and load balancing. - For more information, see the &man.carp.4; manual page. &merged; - - The &man.if.bridge.4; network bridging implementation, - originally from NetBSD, has been added. It supports the IEEE - 802.1D Spanning Tree Protocol, individual interface devices - for each bridge, and filtering of bridged packets. - The &man.ifconfig.8; utility now supports to configure - &man.if.bridge.4;. - - The &man.ipfw.4; IPDIVERT option is now - available as a kernel loadable module. - If this module is not loaded, &man.ipfw.4; will refuse to - install divert rules and &man.natd.8; - will return the error message protocol not supported. - - The &man.ipfw.4; system can work with - debug.mpsafenet=1 - (this tunable is 1 by default) - when the gid, jail, - and/or uid rule options are used. &merged; - - The &man.ipfw.4; and &man.dummynet.4; systems now - support IPv6. - - &man.ipfw.8; now supports classification and tagging - of &man.altq.4; packets via a divert socket. It is also - possible to specify rules that match TCP packets with specific - payload sizes. - - The &man.ipfw.8; ipfw fwd rule now supports - the full packet destination manipulation when the kernel option - options IPFIREWALL_FORWARD_EXTENDED is specified - in addition to options IPFIRWALL_FORWARD. - This kernel option disables all restrictions to ensure proper - behavior for locally generated packets and allows redirection of - packets destined to locally configured IP addresses. - Note that &man.ipfw.8; rules have to be carefully crafted to - make sure that things like PMTU discovery do not break. &merged; - - The &man.ipfw.8; system now supports IPv4 only rules. - - &man.ipnat.8; now allows redirect rules to - work for non-TCP/UDP packets. &merged; - - Ongoing work is reducing the use of the Giant lock by the - network protocol stack and improving the locking - strategies. - - The libalias library can now be built - as a kernel module. - - The link state change notifications of network interfaces - are sent to /dev/devctl now. - - A new &man.ng.ipfw.4; NetGraph node provides - a simple interface between the &man.ipfw.4; and &man.netgraph.4; - facilities. - - A new &man.ng.nat.4; NetGraph node has been added to - perform NAT functions. - - A new &man.ng.netflow.4; NetGraph node allows a router - running &os; to do NetFlow version 5 exports. &merged; - - A new &man.ng.tcpmss.4; NetGraph node has been added. - This supports altering MSS options of TCP packets. - - The &man.sppp.4; driver now includes Frame Relay - support. &merged; - - The &man.sppp.4; driver is now MPSAFE. - - The &os; routing table now requires gateways for routes - to be of the same address family as the route itself. - The &man.route.8; utility now rejects a combination of different - address families. For example: - - &prompt.root; route add 10.1.1.1 -inet6 fe80::1%fxp0 - - The new sysctl net.link.tap.user_open - has been implemented. This allows unprivileged access to - &man.tap.4; device nodes based on file system permissions. - - A bug in TCP that sometimes caused RST packets to - be ignored if the receive window was zero bytes has been - fixed. &merged; - - The RST - handling of the &os; TCP stack has been improved - to make reset attacks as difficult as possible while - maintaining compatibility with the widest range of TCP stacks. - The algorithm is as follows: For connections in the - ESTABLISHED - state, only resets with sequence numbers exactly matching - last_ack_sent will cause a reset; - all other segments will - be silently dropped. For connections in all other states, - a reset anywhere in the window will cause the connection - to be reset. All other segments will be silently dropped. - Note that this behavior technically violates the RFC 793 specification; - the conventional (but less secure) behavior can be restored - by setting a new sysctl net.inet.tcp.insecure_rst - to 1. &merged; - - Several bugs in the TCP SACK implementation have been - fixed. &merged; - - RFC 1644 T/TCP support has been removed. This is because - the design is based on a weak security model that can easily - permit denial-of-service attacks. This TCP - extension has been considered a defective one in - a recent Internet Draft. - - The KAME IPv4 IPsec implementation integrated - in &os; now supports TCP-MD5. &merged; - - Random ephemeral port number allocation has led to some - problems with port reuse at high connection rates. This - feature is now disabled during periods of high connection - rates; whenever new connections are created faster than - net.inet.ip.portrange.randomcps per second, - port number randomization is disabled for the next - net.inet.ip.portrange.randomtime - seconds. The default values for these two sysctl variables - are 10 and 45, - respectively. &merged; - - Fine-grained locking has been applied to many of the data - structures in the IPX/SPX protocol stack. While not fully - MPSAFE at this point, it is generally safe to use IPX/SPX - without the Giant lock (in other words, the - debug.mpsafenet sysctl variable may be set - to 1). - - Unix domain sockets now support the - LOCAL_CREDS and - LOCAL_CONNWAIT options. - The LOCAL_CREDS option provides - a mechanism for the receiver to receive the credentials - of the process as a &man.recvmsg.2; control message. - The LOCAL_CONNWAIT - option causes the &man.connect.2; function to block - until &man.accept.2; has been called on the listening socket. - For more details, see the &man.unix.4; manual page. + Disks and Storage - The &man.amr.4; driver is now safe for use on systems - using &man.pae.4;. &merged; - - The &man.arcmsr.4; driver has been added. - It supports the Areca ARC-11xx and - ARC-12xx series of SATA RAID - controllers. &merged; - - The &man.ata.4; family of drivers has been overhauled and - updated. It has been split into modules that can be loaded - and unloaded independently (the atapci - and ata modules are prerequesites for the - device subdrivers, which are atadisk, - atapicd, atapifd, - atapist, and - ataraid). On supported SATA controllers, - devices can be hot inserted/removed. ATA RAID support has - been rewritten and supports a number of new metadata formats. - The atapicd driver no longer supports CD - changers. This update has been referred to as ATA - mkIII. - - The SHSEC GEOM class has been added. It provides for the - sharing of a secret between multiple GEOM providers. All of - these providers must be present in order to reveal the - secret. This feature is controlled by the &man.gshsec.8; - utility. &merged; - - The &man.hptmv.4; driver, which supports the HighPoint - RocketRAID 182x series, has been added. &merged; - - The &man.ips.4; driver now support kernel crash dumps - on some modern ServeRAID models. &merged; - - The &man.matcd.4; driver has been removed. &merged; - - The default SCSI boot-time probe delay in the - GENERIC kernel has been reduced from - fifteen seconds to five seconds. - - The old vinum(4) subsystem has been removed - in favor of the new &man.geom.4;-based version. - - The &man.twa.4; driver has been updated to - the 9.2 release (for &os; 5.2.1) distributed from - the 3ware website. - - The &man.wd.4; driver has been removed. The - &man.ata.4; driver has been found to work well enough on the - pc98 platform that there is no need for the older &man.wd.4; - driver. - - Information about newly-mounted cd9660 file systems (such - as the presence of RockRidge extensions) is now only printed - if the kernel was booted in verbose mode. This change was - made to reduce the amount of (generally unnecessary) kernel - log messages. &merged; - + File Systems - Recomputing the summary information for - dirty UFS and UFS2 file systems is no longer - done at mount time, but is now done by background - &man.fsck.8;. This change improves the startup speed when - mounting large file systems after a crash. The prior behavior - can be restored by setting the - vfs.ffs.compute_summary_at_mount sysctl - variable to a non-zero value. &merged; - - A kernel panic in the NFS server has been fixed. More - details can be found in errata note - FreeBSD-EN-05:01.nfs. - &merged; - - Read-only support for ReiserFS version 3 has been - added. See &man.mount.reiserfs.8; for details. - + Contributed Software - ACPI-CA has been updated from - 20040527 to 20041119. &merged; - + Userland Changes - The &man.burncd.8; utility now allows commands (such as - eject) to take place after fixating a - disk. - - Machine-specific optimized versions of - &man.bcmp.3;, &man.bcopy.3;, &man.bzero.3;, &man.memcmp.3;, - &man.memcpy.3;, &man.memmove.3;, &man.memset.3;, &man.strcat.3; - and &man.strcpy.3; have been implemented. Several mathematics - functions such as &man.ceill.3; and &man.sqrtf.3; are also - replaced with the optimized versions. - - The &man.chflags.1; utility now supports the - flag, which supports changing flags on - symbolic links. - - The &man.env.1; program now supports a - flag to write the command to standard error before it is executed. - - The &man.env.1; program now supports a - option to split the string and pass them to - the command as the command-line arguments. - - The &man.env.1; program now supports a - option to set the command search path used to look for - the command. - - The &man.ftpd.8; program now uses the 212 - and 213 status codes for directory - and file status correctly (211 was used in - the previous versions). This behavior is described in RFC 959. - &merged; - - The create command of the &man.gpt.8; - utility now supports a command-line flag to - force creation of a GPT even when there is an MBR record on a - disk. &merged; - - The &man.getaddrinfo.3; function now queries A - DNS resource records before AAAA records - when AF_UNSPEC is specified. - Some broken DNS servers return NXDOMAIN - against non-existent AAAA queries, - even when it should return NOERROR - with empty return records. This is a problem for an IPv4/IPv6 dual - stack node because the NXDOMAIN returned - by the first query of an AAAA record makes - the querying server stop attempting to resolve the A - record if any. Also, this behavior has been recognized as a potential - denial-of-service attack (see - for more details). - Note that although the query order has been changed, - the returned result still includes - AF_INET6 records before - AF_INET records. &merged; - - The &man.gethostbyname.3;, &man.gethostbyname2.3;, and - &man.gethostbyaddr.3; functions are now thread-safe. &merged; - - The &man.getnetent.3;, &man.getnetbyname.3;, and - &man.getnetbyaddr.3; functions are now thread-safe. &merged; - - The &man.getprotoent.3;, &man.getprotobyname.3;, and - &man.getprotobynumber.3; functions are now thread-safe. &merged; - - The &man.getservent.3;, &man.getservbyname.3;, and - &man.getservbyport.3; functions are now thread-safe. &merged; - - For conformation to IEEE Std 1003.1-2001 - (also known as POSIX 2001), the n_net member - of struct netent and the first argument - of &man.getnetbyaddr.3; has been changed to an uint32_t. - Due to these changes, the ABI on 64-bit platforms is - incompatible with previous releases of &os; and - the major version number of the libpcap - shared library has been bumped. - On 64-bit platforms being upgraded from older &os; versions, all - userland programs that use &man.getnetbyaddr.3;, - &man.getnetbyname.3;, &man.getnetent.3;, and/or - libpcap have to be recompiled. - - The gvinum(8) utility now supports the - checkparity, - rebuildparity, and - setstate - subcommands. &merged; - - The &man.ifconfig.8; utility has been restructured. It is - now more modular and flexible with respect to supporting - interface-specific functionality. The 802.11 support has been - updated to support recent changes to the 802.11 subsystem and - drivers. - - Support for abbreviated forms of a number of &man.ipfw.8; - options has been deprecated. Warnings are printed to stderr - indicating the correct full form when one of these abbreviations - is detected. - - The &man.kldstat.8; utility now supports a - option to return the status of a specific - kernel module. &merged; - - The on-disk format of LC_CTYPE files has - been changed to be machine-independent. - - The libkvm now supports - ELF crash dump on amd64 and i386 platforms, - large crash dump (more than 4GB) in 32-bit platforms, - and PAE crash dump on i386 platform. - - The &man.mixer.8; utility now supports the - option. This is the same as the option - but does not output mixing field separators. - - A bug in the libalias library - which causes a core dump when the - option is specified in &man.natd.8; has been fixed. - - The libarchive library (as well as the - &man.tar.1; command that uses it) now has support for reading ISO - images (with optional RockRidge extensions) and ZIP archives - (with deflate and none - compression). &merged; - - The libarchive library now supports - handling a ZIP archive entry with more than 4GB compressed size (ZIP64 - extension) and Unix extension. - - The libgpib library has been added to - give userland access to GPIB devices (using the the pcii driver) - via the - ibfoo - API. &merged; - - The default stack sizes in libpthread, - libthr, - and libc_r have been increased. On 32-bit - platforms, the main thread receives a 2MB stack size by default, - with other threads receiving a 1MB stack size by default. On - 64-bit platforms, the default stack sizes are 4MB and 2MB - respectively. &merged; - - The libxpg4 library has been removed - because all of its functionality was long ago merged into - libc. - All binaries linked with libxpg4 - must be recompiled or use &man.libmap.conf.5;. - Note that the &os; base system has no such binaries. - - The &man.lpd.8; program now checks to make sure the data - file has been completely transfered before starting to - print it when a data file received from some other host. - Some implementations of &man.lpr.1; send the control file - for a print job before sending the matching data files, - which can cause problems if the receiving host is - a busy print-server. &merged; - - A number of new functions have been implemented in the - &man.math.3; library. These include &man.ceill.3;, - &man.floorl.3;, &man.ilogbl.3;, &man.fma.3; and variants, - &man.lrint.3; and variants, and &man.lround.3; and - variants. &merged; - - The &man.mknod.8; utility is now deprecated. - Device nodes have been managed by the &man.devfs.5; device file - system since &os; 5.0. - - The &man.mkuzip.8; utility, which - compresses file system images for use with - GEOM_UZIP &man.geom.4; module, - has been added. &merged; - - The &man.moused.8; daemon now supports virtual - scrolling, in which mouse motions made while holding - down the middle mouse button are interpreted as scrolling. This - feature is enabled with the - flag. &merged; - - A separate directory has been added for &man.named.8; - dynamic zones which is owned by the bind user - (for creation of the zone journal file). - For more detail, see an example dynamic zone in the sample - &man.named.conf.5;. &merged; - - The &man.ncal.1; utility now supports a - flag to generate a calendar for a specified month in the current - year. &merged; - - The &man.newfs.8; utility now supports a - flag to suppress the creation of a .snap - directory on new file systems. This feature is intended for use - on memory or vnode file systems that will not require snapshot - support. &merged; - - The &man.newfs.8; utility now emits a warning when creating - a UFS or UFS2 file system that cannot support snapshots. This - situation can occur in the case of very large file systems with - small block sizes. &merged; - - The &man.newsyslog.8; utility now supports - a option to specify an alternate root for log files - similar to DESTDIR in the BSD make process. - This only affects log file paths, not configuration file () - or archive directory () paths. - - The &man.newsyslog.8; utility now supports a - that causes it not to rotate any files. - - The NO_NIS compile-time knob for userland - has been added. As its name implies, enabling this - Makefile variable will cause NIS support to - be excluded from various programs and will cause the NIS - utilities to not be built. &merged; - - For years, &os; has used Makefile - variables of the form - NOFOO and - NO_FOO. For - consistency, those variables using the former naming convention - have been converted to the - NO_FOO form. The - file /usr/share/mk/bsd.compat.mk has a - complete list of these variables; it also implements some - temporary backward compatibility for the old names. - - The &man.periodic.8; security output now supports the display of - information about blocked packet counts from &man.pf.4;. &merged; - - The &man.pgrep.1; command now supports a option - which allows matching system processes (kernel threads). - - The &man.pgrep.1; and &man.pkill.1; commands now support a - option, which matches a process whose PID is - stored in a file. - - The &man.pgrep.1; and &man.pkill.1; commands now support a - option to ignore case in the process match. - - The &man.pgrep.1; and &man.pkill.1; commands now support a - option that matches processes - based on their &man.jail.2; ID. - - The &man.pgrep.1; and &man.pkill.1; commands now support a - option which matches only the oldest - (least recently started) of the matching processes. - - The &man.powerd.8; program for managing power consumption has been - added. - - The &man.ppp.8; program now implements an - parameter, which allows LCP ECHOs to be - enabled independently of LQR reports. Older versions of - &man.ppp.8; would revert to LCP ECHO mode on negotiation - failure. It is now necessary to specify enable - echo to get this behavior. &merged; - - The and - options, - which support pre-RFC 2865 RADIUS servers - have been added to the &man.ppp.8; program. - - Two bugs in the &man.pppd.8; program have been fixed. - They may result in an incorrect CBCP response, - which violates the Microsoft PPP Callback Control Protocol - section 3.2. &merged; - - The &man.ps.1; utility now supports a jid - keyword in the option. It displays the - &man.jail.2; ID of each process. - - The &man.pstat.8; program now supports a option - to print swap sizes with SI prefixes such as K, M, and G, - which are used to form binary multiples. - - The &man.rescue.8; utilities in the /rescue - directory now include &man.bsdtar.1; instead of GNU tar. - - The &man.restore.8; utility has regained the ability to read - &os; version 1 dump tapes. &merged; - - A bug of the &man.rexecd.8; utility which results in - it behaving as if the option is always - specified has been fixed. &merged; - - The &man.rexecd.8; utility has been removed. - There are no rexec clients in the &os; tree, and the client - function &man.rexec.3; is present only in - libcompat. - - The &man.rm.1; utility now supports an - option that asks for confirmation (once) if recursively - removing directories or if more than 3 files are listed in the - command line. &merged; - - The &man.rm.1; utility now suppresses diagnostic messages - when it attempts to remove a non-existent directory - with the and options - specified. This behavior is required by - Version 3 of the Single UNIX Specification (SUSv3). - - The following ISO/IEC 9899:1999 standard functions - have been implemented: roundl(), - lroundl(), llroundl(), - truncl(), and floorl(). - - An &man.rpmatch.3; library function has been added to check - a string for being an affirmative or negative response in the - current locale. - - The &man.rtld.1; dynamic linker now supports specifying - library replacements via the LD_LIBMAP - environment variable. This variable will override the entries - in &man.libmap.conf.5;. &merged; - - The rune(3) non-standard multibyte and wide character support - interface has been removed. - - &man.sed.1; now supports a option to - make its output line-buffered. &merged; - - The &man.strftime.3; function now supports some GNU extensions - such as - (no padding), - _ (use space as padding), - and 0 (zero padding). &merged; - - The &man.syslog.3; function is now thread-safe. &merged; - - The &man.syslogd.8; utility now opens an additional domain - socket (/var/run/logpriv by default), - with 0600 permissions to be used - by privileged programs. This prevents privileged - programs from locking when the domain sockets - run out of buffer space due to a - local denial-of-service attack. &merged; - - The &man.syslogd.8; now supports the option, - which allows to change the pathname of the privileged - socket. This is useful for preventing the daemon - from receiving any messages from the local sockets - (/var/run/log and - /var/run/logpriv are used by default). - &merged; - - The &man.syslogd.8; utility now allows - : and % - characters in the hostname specifications. - These characters are used in IPv6 addresses and scope IDs. &merged; - - The &man.systat.1; display is now - IPv6-aware. &merged; - - The option of &man.tail.1; utility - now supports more than one file at a time. &merged; - - The &man.telnet.1; and &man.telnetd.8; programs now support - the option for specifying a numeric TOS - byte. - - Prepending a + character to port numbers - passed to &man.telnet.1; program will now disable option - negotiation and allow the transfer of characters with the high - bit set. This feature is intended to support the fairly common - use of &man.telnet.1; as a protocol tester. - - The &man.tcpdrop.8; command, which closes a selected TCP - connection, has been added. It was obtained from - OpenBSD. &merged; - - &man.what.1; now supports a flag, which - causes it to print matching text, but not format it. - - &man.whois.1; now supports - a flag - for querying whois.krnic.net - (the National Internet Development Agency of Korea), - which holds details of IP address allocations within - Korea. &merged; - - The option of the &man.xargs.1; command - has been changed to conform to IEEE Std 1003.1-2004. - The standard requires that the constructed - arguments cannot grow larger than 255 bytes. - - A bug, which caused the last line of configuration files such as &man.hosts.5;, - &man.services.5;, and so on to be ignored if it did not end in a newline character, - has been fixed. &merged; - - A new system user/group _dhcp - has been added to support &man.dhclient.8; from OpenBSD. - <filename>/etc/rc.d</filename> Scripts - The rc.d/bsnmpd startup script - for &man.bsnmpd.1; has been added. - - The rc.d/jail startup script - now supports jail_name_flags - variable which allows to specify &man.jail.8; flags. - &merged; - - &man.rc.conf.5; now supports changes of network interface names - at boot time. &merged; For example: - - ifconfig_fxp0_name="net0" -ifconfig_net0="inet 10.0.0.1/16" - - The rc.d/moused script now - starts/stops/checks a specific device when - the device name is given as the second argument to the script: - - &prompt.root; /etc/rc.d/moused start ums0 - - To use different &man.rc.conf.5; knobs with different - mice, use the device name as part of the knob. - For example, if the mouse device is /dev/ums0 - the following lines can be used: - - moused_ums0_enable=yes -moused_ums0_flags="-z 4" -moused_ums0_port="/dev/ums0" - - &man.rc.conf.5; now supports the tmpmfs_flags - and varmfs_flags variables. - These can be used to pass extra options to the &man.mdmfs.8; utility, - to customize the finer details of the &man.md.4; file system creation, - such as to turn on/off softupdates, to specify a default owner - for the file system, and so on. &merged; - - The following scripts have been removed because - they were NetBSD specific and never used in &os;: - altqd, - dhcpd, - dhcrelay, - downinterfaces, - gated, - ifwatchd, - kdc, - lkm1, - lkm2, - lkm3, - mixerctl, - mopd, - mountall, - ndbootd, - network, - poffd, - postfix, - ppp, - racoon, - raidframe, - rbootd, - rtsold, - screenblank, - swap2, - sysdb, - wscons, - xdm, and - xfs + Contributed Software - awk has been updated from the 7 - February 2004 release to the 24 April 2005 release. - - BIND has been updated from version - 9.3.0 to version 9.3.1. &merged; - - bsnmp has been updated from 1.7 - to 1.10. - - bzip2 has been updated from 1.0.2 - to 1.0.3. - - OpenBSD dhclient as of OpenBSD 3.7 - has been imported. It replaces the ISC DHCP client used in - prior versions of &os;. - - FILE has been updated from 4.10 - to 4.12. - - GNU GCC has been updated from - from 3.4.2-prerelease as of 28 July, 2004 to 3.4.4. - - A number of bug fixes and performance enhancements have been - added to GNU grep in the form of - patches from Fedora's grep-2.5.1-48 source RPM. - - GNU readline has been updated from - version 4.3 to version 5.0. - - IPFilter has been updated from - 3.4.35 to 4.1.18. - - Heimdal has been updated from - 0.6.1 to 0.6.3. &merged; - - The hostapd - v0.3.9 has been imported. This is a user space IEEE - 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP - Authenticator and RADIUS authentication server. - For more details, see &man.hostapd.8;. - - libpcap has been updated from - v0.8.3 to v0.9.1 (alpha 096). - - libregex has been updated from a - snapshot from GNU grep 2.5.1 to a - snapshot from the fedora-glibc-2_3_4-21 tag - in the glibc CVS repository. - - libz has been updated from 1.2.1 - to 1.2.2. - - lukemftp has been updated from a - 26 April 2004 snapshot from OpenBSD's sources to a snapshot as - of 16 May 2005. - - A snapshot of netcat from OpenBSD - as of 4 February 2005 has been added. More information can be - found in the &man.nc.1; manual page. &merged; - - NgATM has been updated from 1.0 - to 1.2. - - OpenPAM has been updated from the - Eelgrass release to the Feterita release. - - OpenPAM has been updated from the - Feterita release to the Figwort release. - - OpenSSH has been updated from 3.8p1 - to 4.1p1. - - OpenSSL has been updated from - 0.9.7d to 0.9.7e. &merged; - - pf has been updated from the - version included with OpenBSD 3.5 to - the version included with OpenBSD - 3.7. - - sendmail has been updated from - version 8.13.1 to version 8.13.3. &merged; - - sendmail has been updated from - version 8.13.3 to version 8.13.4. It now supports - OSTYPE(freebsd6). - - tcpdump has been updated from - v3.8.3 to v3.9.1 (alpha 096). - - tcsh has been updated from - 6.13.00 to 6.14.00. - - texinfo has been updated from 4.6 - to 4.8. - - The timezone database has been updated from the - tzdata2004e release to the - tzdata2004g release. &merged; - - The WPA Supplicant - v0.3.9 has been imported. This provides WPA Supplicant - component of WPA/IEEE 802.11i features. - For more details, see &man.wpa.supplicant.8;. - + Ports/Packages Collection Infrastructure - The &man.pkg.create.1; utility now supports a - flag. When creating a package file - from the locally installed package, it creates package - files for all packages on which that locally installed - package depends if this flag is specified. - - The &man.pkg.version.1; utility now supports a - flag to suppress the output of the port - version comparison characters <, - =, and >. - - The &man.pkg.version.1; utility now supports a - flag, which causes only the - INDEX file to be used for determining if a - package is out of date. &merged; - - The - ports/INDEX* - files, which kept an index of all of the entries in the ports - collection, have been removed from the CVS repository. &merged; - These files were generated only infrequently, and therefore were - usually out-of-date and inaccurate. Users requiring an index - file (such as for use by programs such as &man.portupgrade.1;) - have two alternatives for obtaining a copy: - - - - Build an index file based on the current ports tree by - running make index from the top of the - ports/ tree. - - - - Fetch an index file over the network by running - make fetchindex from the top of the - ports/ tree. This index file will - (typically) be accurate to within a day. - - - + Release Engineering and Integration - In prior &os; releases, the disc1 - CD-ROM (or ISO image) was a bootable installation disk - containing the base system, ports tree, and common packages. - The disc2 CD-ROM (or ISO image) was a - bootable fix it disk with a live filesystem, to - be used for making emergency repairs. This layout has now - changed. For all architectures except ia64, the - disc1 image now contains the base system - distribution files, ports tree, and the live filesystem, making - it suitable for both an initial installation and repair - purposes. (On the ia64, the live filesystem is on a separate - disk due to its size.) Packages appear on separate - disks; in particular, the disc2 image - contains commonly packages such as desktop environments. - Documents from the &os; Documentation Project also appear on - disc2. &merged; - - The supported version of the - GNOME desktop environment has been - updated from 2.6.2 to 2.10.1. More information about - running GNOME on &os; can be found on - the FreeBSD GNOME Project - Web page. &merged; - - - Users of older versions of the - GNOME desktop - (x11/gnome2) - must take particular care in upgrading. Simply upgrading it - from the &os; Ports Collection with &man.portupgrade.1; - (sysutils/portupgrade) - will cause serious problems. - GNOME desktop users should read - the instructions carefully at - - and use the - gnome_upgrade.sh - script to properly upgrade to - GNOME 2.10. - - - - The supported version of the KDE - desktop environment has been updated from 3.3.0 to - 3.4.0. More information regarding running - KDE on &os; can be found on the - KDE on FreeBSD Web - page. &merged; - - - Users of older versions of - KDE should follow the upgrading - procedure documented on the - KDE on FreeBSD Web - page or in ports/UPDATING. - - - - The supported version of Xorg has - been updated from 6.7.0 to 6.8.2. &merged; - + Documentation - Documentation of existing functionality has been improved by - the addition of the following manual pages: &man.ataraid.4;, - &man.bus.space.9;, - &man.central.4;, &man.clkbrd.4;, &man.creator.4;, - &man.devfs.conf.5, &man.devfs.rules.5, - &man.ebus.4;, &man.eeprom.4;, - &man.fhc.4;, - &man.machfb.4;, - &man.ofw.console.4;, &man.openfirm.4;, &man.openprom.4;, - &man.pmap.page.init.9;, &man.pthread.atfork.3;, - &man.rtc.4;, - &man.sbus.4;, &man.sched.4bsd.4;, &man.sched.ule.4;, &man.snd.fm801.4;, - &man.snd.neomagic.4;, &man.snd.via8233.4;, &man.snd.via82c686.4;, - and &man.snd.vibes.4;. - - Manual pages in the base system have received a number of - cleanups, both for content and presentation. Cross-references - are more correct and consistent, standard section headings are - now used throughout, and markup has been cleaned up. - - The following manual pages, which were derived from RFCs - and possibly violate the IETF's copyrights, have been replaced: - &man.gai.strerror.3;, - &man.getaddrinfo.3;, - &man.getnameinfo.3;, - &man.inet6.opt.init.3;, - &man.inet6.option.space.3;, - &man.inet6.rth.space.3;, - &man.inet6.rthdr.space.3;, - &man.icmp6.4;, and - &man.ip6.4;. &merged; - + Upgrading from previous releases of &os; - Source upgrades to &os; &release.current; are only supported - from &os; 5.3-RELEASE or later. Users of older systems wanting to - upgrade &release.current; will need to update to &os; 5.3 or newer - first, then to &os; &release.current;. + Upgrading &os; should, of course, only be attempted after -- cgit v1.1