The &os; Project $FreeBSD$ 2000 2001 2002 2003 2004 2005 The &os; Documentation Project The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system since &release.branch; is created. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. This document contains the release notes for &os; &release.current; on the &arch.print; hardware platform. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; is created. Some pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Some pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This section describes the most user-visible new or changed features in &os; since &release.prev;. In general, changes described here are unique to the &release.branch; branch unless specifically marked as &merged; features. Typical release note items document recent security advisories issued after &release.prev.historic;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. A bug in the &man.fetch.1; utility which allows a malicious HTTP server to cause arbitrary portions of the client's memory to be overwritten, has been fixed. For more information, see security advisory FreeBSD-SA-04:16.fetch. &merged; A bug in &man.procfs.5; and &man.linprocfs.5; which could cause a malicious local user could perform a local denial of service attack by causing a system panic, or the user could read parts of kernel memory, has been fixed. For more information, see security advisory FreeBSD-SA-04:17.procfs. &merged; Support for 80386 processors (the I386_CPU kernel configuration option) has been removed. Users running this class of CPU should use &os; 5.X or earlier. The loader tunable debug.mpsafevm has been enabled by default. &merged; &man.memguard.9;, a kernel memory allocator designed to help detect tamper-after-free scenarios, has been added. This must be explicitly enabled via options DEBUG_MEMGUARD, plus small kernel modifications. It is generally intended for use by kernel developers. A number of bugs have been fixed in the ULE scheduler. &merged; Fine-grained locking to allow much of the VFS stack to run without the Giant lock has been added. This is enabled by default on alpha, amd64, and i386 architecture, and can be disabled by setting the loader tunable (and sysctl variable) debug.mpsafevfs to 0. A bug in Inter-Processor Interrupt (IPI) handling, which could cause SMP systems to crash under heavy load, has been fixed. More details are contained in errata note FreeBSD-EN-05:03.ipi. &merged; System V IPC objects (message queues, semaphores, and shared memory) now have support for Mandatory Access Control policies, notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and &man.mac.test.4;. Memory allocation for legacy PCI bridges has been limited to the top 32MB of RAM. Many older, legacy bridges only allow allocation from this range and this only applies to devices which don't have their memory assigned by the BIOS. This change fixes the bad Vcc error of CardBus bridges (&man.pccbb.4;). &merged; The generic &man.tty.4; driver interface has been added and many device drivers including &man.cx.4; ({tty,cua}x), &man.cy.4; ({tty,cua}c), &man.digi.4; ({tty,cua}D), &man.rc.4; ({tty,cua}m), &man.rp.4; ({tty,cua}R), &man.sab.4; ({tty,cua}z), &man.si.4; ({tty,cua}A), &man.sio.4; ({tty,cua}d), sx ({tty,cua}G), &man.uart.4; ({tty,cua}u), &man.ubser.4; ({tty,cua}y), &man.ucom.4; ({tty,cua}U), and &man.ucycom.4; ({tty,cua}y) have been rewritten to use it. Note that /etc/remote and /etc/ttys have been updated as well. A serial console-capable version of boot0 has been added. It can be written to a disk using &man.boot0cfg.8; and specifying /boot/boot0sio as the argument to the -b option. cdboot now works around a BIOS problem observed on some systems when booting from USB CDROM drives. The autoboot loader command now supports the prompt parameter. The &man.auxio.4; driver has been to drive some auxiliary I/O functions found on various SBus/EBus &ultrasparc; models. &merged; A framework for flexible processor speed control has been added. It provides methods for various drivers to control CPU power utilization by adjusting the processor speed. More details can be found in the &man.cpufreq.4; manual page. Currently supported drivers include acpi_perf (ACPI CPU performance states), ichss (Intel SpeedStep for ICH), and acpi_throttle (ACPI CPU throttling). Support for the OLDCARD subsystem has been removed. The NEWCARD system is now used for all PCCARD device support. The pcii driver has been added to support GPIB-PCIIA IEEE-488 cards. The &man.pbio.4; driver, which supports direct access to the Intel 8255A programmable peripheral interface (PPI) chip running in mode 0 (simple I/O) has been added. The &man.psm.4; driver now has improved support for Synaptics Touchpad users. It now has better tracking of slow-speed movement and now has support for various extra buttons and dials. These features can be tuned with the hw.psm.synaptics.* hierarchy of sysctl variables. The rtc driver has been added to support the MC146818-compatible clock found on some &ultrasparc; II and III models. &merged; The &man.uart.4; driver is now enabled in the GENERIC kernel, and is now the default driver for serial ports. The ofw_console, &man.sab.4;, and zs drivers are now disabled in the GENERIC kernel. &merged; The &man.uplcom.4; driver now supports handling of the CTS signal. The &man.snd.audiocs.4; driver has been added to support the Crystal Semiconductor CS4231 audio controller found on &ultrasparc; workstations. &merged; The &man.uaudio.4; driver now has some added functionality, including volume control on more inputs and recording capability on some devices. The &man.ath.4; driver has been updated to split the transmit rate control algorithm into a separate module. Either device ath_rate_onoe or device ath_rate_amrr must be included in the kernel configuration when using the &man.ath.4; driver. The &man.cp.4; driver is now MPSAFE. &merged; The &man.ctau.4; driver is now MPSAFE. &merged; The &man.cx.4; driver is now MPSAFE. &merged; The &man.dc.4; driver now supports the &man.altq.4; framework. In the &man.em.4; driver, hardware support for VLAN tagging is now disabled by default due to some interactions between this feature and promiscuous mode. &merged; Ethernet flow control is now disabled by default in the &man.fxp.4; driver, to prevent problems with a system panics or is left in the kernel debugger. &merged; The &man.hme.4; driver is now MPSAFE. &merged; The &man.ndis.4; device driver wrapper now supports &windows;/x86-64 binaries on amd64 systems. &merged; The &man.sf.4; driver now has support for device polling and &man.altq.4;. &merged; Several programming errors in the &man.sk.4; driver have been corrected. This bug was particular to SMP systems, and could cause panics, page faults, aborted SSH connections, or corrupted file transfers. More details can be found in errata note FreeBSD-EN-05:02.sk. &merged; The &man.sk.4; driver now has support for &man.altq.4;. This driver also now supports jumbo frames on Yukon-based interfaces. &merged; The &man.vge.4; driver now has support for device polling (&man.polling.4;). Support for 802.11 devices in the &man.wlan.4; has been greatly overhauled. In addition to architectural changes, it includes completed 802.11g, WPA, 802.11i, 802.1x, WME/WMM, AP-side power-saving, and plugin frameworks for cryptography modules, authenticators, and access control. Note in particular that WEP now requires the wlan_wep module to be loaded (or compiled) into the kernel. The MTU feedback in IPv6 has been disabled when the sender writes data that must be fragmented. &merged; CARP (Common Address Redundancy Protocol) has been implemented. CARP comes from OpenBSD and allows multiple hosts to share an IP address, providing high availability and load balancing. For more information, see &man.carp.4; manual page. &man.ipfw.4; IPDIVERT option has been available as a kernel loadable module. If this module is not loaded, &man.ipfw.4; will refuse to install divert rules and &man.natd.8; will put an error message protocol not supported. &man.ipfw.8; now supports classification and tagging of the &man.altq.4;, packets via a divert socket, and TCP data length. &man.ipfw.8; ipfw fwd rule now supports the full packet destination manipulation when the kernel option options IPFIREWALL_FORWARD_EXTENDED is specified in addition to options IPFIRWALL_FORWARD. This kernel option disables all restrictions to ensure proper behavior for locally generated packets and allows to redirect packets destined to locally configured IP addresses. Note that &man.ipfw.8; rules have to be carefully crafted to make sure that things like PMTU discovery do not break. Ongoing work is reducing the use of the Giant lock by the network protocol stack and improving the locking strategies. The &man.sppp.4; driver now includes Frame Relay support. &merged; A bug in TCP that sometimes caused RST packets to be ignored if the receive window was zero bytes has been fixed. &merged; Several bugs in the TCP SACK implementation have been fixed. &merged; RFC 1644 T/TCP support has been removed. Random ephemeral port number allocation has led to some problems with port reuse at high connection rates. This feature is now disabled during periods of high connection rates; whenever new connections are created faster than net.inet.ip.portrange.randomcps per second, port number randomization is disabled for the next net.inet.ip.portrange.randomtime seconds. The default values for these two sysctl variables are 10 and 45, respectively. Fine-grained locking has been applied to many of the data structures in the IPX/SPX protocol stack. While not fully MPSAFE at this point, it is generally safe to use IPX/SPX without the Giant lock (in other words, the debug.mpsafenet sysctl variable may be set to 1). The &man.amr.4; driver is now safe for use on systems using &man.pae.4;. &merged; The SHSEC GEOM class has been added. It provides for the sharing of a secret between multiple GEOM providers. All of these providers must be present in order to reveal the secret. This feature is controlled by the &man.gshsec.8; utility. The &man.matcd.4; driver has been removed. The default SCSI boot-time probe delay in the GENERIC kernel has been reduced from fifteen seconds to five seconds. The &man.wd.4; driver has been removed. The &man.ata.4; driver has been found to work well enough on the pc98 platform that there is no need for the older &man.wd.4; driver. Information about newly-mounted cd9660 file systems (such as the presence of Rockridge extensions) is now only printed if the kernel was booted in verbose mode. This change was made to reduce the amount of (generally unnecessary) kernel log messages. &merged; The autofs(9) file system and the userland library &man.libautofs.3; have been added. A kernel panic in the NFS server has been fixed. More details can be found in errata note FreeBSD-EN-05:01.nfs. &merged; ACPI-CA has been updated from 20040527 to 20041119. &merged; The &man.burncd.8; utility now allows commands (such as eject) to take place after fixating a disk. The create command of the &man.gpt.8; utility now supports a -f command-line flag to force creation of a GPT even when there is an MBR record on a disk. &merged; The &man.dump.8; utility now supports a -n flag to suppress the creation of a .snap directory on new file systems. This feature is intended for use on memory or vnode file systems that will not require snapshot support. The &man.ifconfig.8; utility has been restructured. It is now more modular and flexible with respect to supporting interface-specific functionality. The 802.11 support has been updated to support recent changes to the 802.11 subsystem and drivers. Support for abbreviated forms of a number of &man.ipfw.8; options has been deprecated. Warnings are printed to stderr indicated the correct full form when one of these abbreviations is detected. The libarchive library (as well as the &man.tar.1; command that uses it) now has support for reading ISO images (with optional RockRidge extensions) and ZIP archives (with deflate and none compression). The NO_NIS compile-time knob for userland has been added. As its name implies, enabling this Makefile variable will cause NIS support to be excluded from various programs and will cause the NIS utilities to not be built. &merged; The &man.mkuzip.8;, which is a non-GPL utility to compress file system images for use with GEOM_UZIP &man.geom.4; module, has been added. The &man.newsyslog.8; utility now supports a -d option to specify an alternate root for log files similar to DESTDIR in the BSD make process. This only affects log file paths, not config file (-f) or archive directory (-a) paths. The &man.ncal.1; utility now supports a -m flag to generate a calendar for a specified month in the current year. &merged; The libgpib library has been added to give userland access to GPIB devices (using the the pcii driver) via the ibfoo API. The &man.mknod.8; utility has been marked deprecated. Device nodes have been managed by the &man.devfs.5; device file system since &os; 5.0. For years, &os; has used Makefile variables of the form NOFOO and NO_FOO. For consistency, those variables using the former naming convention have been converted to the NO_FOO form. The file /usr/share/mk/bsd.compat.mk has a complete list of these variables; it also implements some temporary backward compatibility for the old names. The &man.ppp.8; program now implements an echo parameter, which allows LCP ECHOs to be enabled independently of LQR reports. Older versions of &man.ppp.8; would revert to LCP ECHO mode on negotiation failure. It is now necessary to specify enable echo to get this behavior. &merged; An &man.rpmatch.3; library function has been added to check a string for being an affirmative or negative response in the current locale. The rune(3) non-standard multibyte and wide character support interface has been removed. The &man.telnet.1; and &man.telnetd.8; programs now support the -S option for specifying a numeric TOS byte. The &man.tcpdrop.8; command, which closes a selected TCP connection, has been added. It was obtained from OpenBSD. &man.whois.1; now supports a -k flag for querying whois.krnic.net (the National Internet Development Agency of Korea) which hold details of IP address allocations within Korea. &merged; The -I of the &man.xargs.1; command has been changed to confirm IEEE Std 1003.1-2004. The standard requires that the constructed arguments cannot grow larger than 255 bytes. FILE has been updated from 4.10 to 4.12. GNU readline has been updated from version 4.3 to version 5.0. lukemftp has been updated from a 26 April 2004 snapshot from OpenBSD's sources to a snapshot as of 19 February 2005. A snapshot of netcat from OpenBSD as of 4 February 2005 has been added. More information can be found in the &man.nc.1; manual page. &merged; OpenPAM has been updated from the Eelgrass release to the Feterita release. OpenSSH has been updated from 3.8p1 to 3.9p1. sendmail has been updated from version 8.13.1 to version 8.13.3. &merged; The timezone database has been updated from the tzdata2004e release to the tzdata2004g release. &merged; The &man.pkg.version.1; utility now supports a -q flag to suppress the output of <, =, >. Manual pages in the base system have received a number of cleanups, both for content and presentation. Cross-references are more correct and consistent, standard section headings are now used throughout, and markup has been cleaned up. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.