diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index b868d4520bb0..e73130d9df30 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -1,1432 +1,1437 @@ &os;/&arch; &release.current; Release Notes The &os; Project $FreeBSD$ 2000 2001 2002 2003 2004 2005 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system since &release.branch; is created. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. Introduction This document contains the release notes for &os; &release.current; on the &arch.print; hardware platform. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. What's New This section describes the most user-visible new or changed features in &os; since &release.prev;. In general, changes described here are unique to the &release.branch; branch unless specifically marked as &merged; features. Typical release note items document recent security advisories issued after &release.prev.historic;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Security Advisories A bug in the &man.fetch.1; utility, which allows a malicious HTTP server to cause arbitrary portions of the client's memory to be overwritten, has been fixed. For more information, see security advisory FreeBSD-SA-04:16.fetch. &merged; A bug in &man.procfs.5; and &man.linprocfs.5; which could allow a malicious local user to read parts of kernel memory or perform a local denial of service attack by causing a system panic, has been fixed. For more information, see security advisory FreeBSD-SA-04:17.procfs. &merged; Two buffer overflows in the TELNET client program have been corrected. They could have allowed a malicious TELNET server or an active network attacker to cause &man.telnet.1; to execute arbitrary code with the privileges of the user running it. More information can be found in security advisory FreeBSD-SA-05:01.telnet. &merged; A information disclosure vulnerability in the &man.sendfile.2; system call, which could permit it to transmit random parts of kernel memory, has been fixed. More details are in security advisory FreeBSD-SA-05:02.sendfile. &merged; A possible privilege escalation vulnerability on &os;/amd64 has been fixed. This allows unprivileged users to gain direct access to some hardware which cannot be accessed without the elevated privilege level. More details are in security advisory FreeBSD-SA-05:03.amd64. &merged; An information leak vulnerability in the SIOCGIFCONF &man.ioctl.2;, which leaked 12 bytes of kernel memory, has been fixed. More details are in security advisory FreeBSD-SA-05:04.ifconf. &merged; Several programming errors in &man.cvs.1;, which could potentially cause arbitrary code to be executed on CVS servers, have been corrected. Further information can be found in security advisory FreeBSD-SA-05:05.cvs. &merged; An error in the default permissions on the /dev/iir device node, which allowed unprivileged local users can send commands to the hardware supported by the &man.iir.4; driver, has been fixed. For more information, see security advisory FreeBSD-SA-05:06.iir. &merged; A bug in the validation of &man.i386.get.ldt.2; system call input arguments, which may allow kernel memory may be disclosed to the user process, has been fixed. For more information, see security advisory FreeBSD-SA-05:07.ldt. &merged; Several information disclosure vulnerabilities in various parts of the kernel have been fixed. For more information, see security advisory FreeBSD-SA-05:08.kmem. &merged; Because of an information disclosure vulnerability on processors using Hyper-Threading Technology (HTT), the machdep.hyperthreading_allowed sysctl variable has been added. It defaults to 1 (HTT enabled) on &os; CURRENT, and 0 (HTT disabled) on the 4-STABLE and 5-STABLE development branches and supported security fix branches. More information can be found in security advisory FreeBSD-SA-05:09.htt. &merged; Kernel Changes Support for 80386 processors (the I386_CPU kernel configuration option) has been removed. Users running this class of CPU should use &os; 5.X or earlier. The kernel debugger &man.ddb.4; now supports a show alllocks command, which dumps a list of processes and threads currently holding sleep mutexes (and spin mutexes for the current thread). &merged; The &man.jail.8; feature now supports a new sysctl security.jail.chflags_allowed, which controls the behavior of &man.chflags.1; within a jail. If set to 0 (the default), then a jailed root user is treated as an unprivileged user; if set to 1, then a jailed root user is treated the same as an unjailed root user. &merged; The loader tunable debug.mpsafevm has been enabled by default. &merged; &man.memguard.9;, a kernel memory allocator designed to help detect tamper-after-free scenarios, has been added. This must be explicitly enabled via options DEBUG_MEMGUARD, plus small kernel modifications. It is generally intended for use by kernel developers. A number of bugs have been fixed in the ULE scheduler. &merged; Fine-grained locking to allow much of the VFS stack to run without the Giant lock has been added. This is enabled by default on the alpha, amd64, and i386 architectures, and can be disabled by setting the loader tunable (and sysctl variable) debug.mpsafevfs to 0. A bug in Inter-Processor Interrupt (IPI) handling, which could cause SMP systems to crash under heavy load, has been fixed. More details are contained in errata note FreeBSD-EN-05:03.ipi. &merged; System V IPC objects (message queues, semaphores, and shared memory) now have support for Mandatory Access Control policies, notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and &man.mac.test.4;. Memory allocation for legacy PCI bridges has been limited to the top 32MB of RAM. Many older, legacy bridges only allow allocation from this range. This change only applies to devices which do not have their memory assigned by the BIOS. This change fixes the bad Vcc error of CardBus bridges (&man.pccbb.4;). &merged; The &man.sysctl.3; MIBs beginning with debug now require the kernel option options SYSCTL_DEBUG. This option is disabled by default. The generic &man.tty.4; driver interface has been added and many device drivers including &man.cx.4; ({tty,cua}x), &man.cy.4; ({tty,cua}c), &man.digi.4; ({tty,cua}D), &man.rc.4; ({tty,cua}m), &man.rp.4; ({tty,cua}R), &man.sab.4; ({tty,cua}z), &man.si.4; ({tty,cua}A), &man.sio.4; ({tty,cua}d), sx ({tty,cua}G), &man.uart.4; ({tty,cua}u), &man.ubser.4; ({tty,cua}y), &man.ucom.4; ({tty,cua}U), and &man.ucycom.4; ({tty,cua}y) have been rewritten to use it. Note that /etc/remote and /etc/ttys have been updated as well. The &man.vkbd.4; driver has been added. This driver provides a software loopback mechanism that can implement a virtual AT keyboard similar to what the &man.pty.4; driver does for terminals. &os; always uses the local APIC timer even on uni-processor systems now. The default HZ parameter (which controls various kernel timers) has been increased from 100 to 1000 on the i386 and ia64. It has been reduced from 1024 to 1000 on the amd64 to reduce synchronization effects with other system clocks. The maximum length of shell commands has changed from 128 bytes to PAGE_SIZE. By default, this value is either 4KB (i386, pc98, amd64, and powerpc) or 8KB (sparc64 and ia64). As a result, compatibility modules need to be rebuilt to stay synchronized with data structure changes in the kernel. A new tunable vm.blacklist has been added. This can hold a space or comma separated list of physical addresses. The pages containing these physical addresses will not be added to the free list and thus will effectively be ignored by the &os; VM system. The physical addresses of any ignored pages are listed in the message buffer as well. Boot Loader Changes A serial console-capable version of boot0 has been added. It can be written to a disk using &man.boot0cfg.8; and specifying /boot/boot0sio as the argument to the option. cdboot now works around a BIOS problem observed on some systems when booting from USB CDROM drives. The autoboot loader command now supports the prompt parameter. The autoboot will now prevent the user from interrupting the boot process at all if the autoboot_delay variable is set to -1. &merged; A loader menu option to set hint.atkbd.0.flags=0x1 has been added. This setting allows USB keyboards to work if no PS/2 keyboard is attached. The beastie boot menu has been disabled by default. Hardware Support The &man.acpi.4; driver now turns the ACPI and PCI devices off or to a lower power state when suspending, and back on again when resuming. This behavior can be disabled by setting the debug.acpi.do_powerstate and hw.pci.do_powerstate sysctls to 0. The &man.acpi.ibm.4; driver for IBM laptops has been added. The &man.acpi.fujitsu.4; driver for handling &man.acpi.4;-controlled buttons Fujitsu laptops has been added. The acpi_sony driver, which supports the Sony Notebook Controller on various Sony laptops has been added. The &man.auxio.4; driver has been to drive some auxiliary I/O functions found on various SBus/EBus &ultrasparc; models. &merged; The clkbrd driver has been added to support the clock-board device frequently found on Sun Exx00 servers. A framework for flexible processor speed control has been added. It provides methods for various drivers to control CPU power utilization by adjusting the processor speed. More details can be found in the &man.cpufreq.4; manual page. &merged; Currently supported drivers include ichss (Intel SpeedStep for ICH), acpi_perf (ACPI CPU performance states), and acpi_throttle (ACPI CPU throttling). The latter two drivers are contained in the &man.acpi.4; driver. These can individually be disabled by setting device hints such as hint.ichss.0.disabled="1". The &man.hwpmc.4; hardware performance monitoring counter driver has been added. This driver virtualizes the hardware performance monitoring facilities in modern CPUs and provides support for using these facilities from user level processes. For more details, see manual pages of &man.hwpmc.4;, associated libraries, and associated userland utilities. Support for the OLDCARD subsystem has been removed. The NEWCARD system is now used for all PCCARD device support. The pcii driver has been added to support GPIB-PCIIA IEEE-488 cards. &merged; The &man.atkbd.4; driver now supports a 0x8 (bit 3) flag to disable testing the keyboard port during the device probe as this can cause hangs on some machines, specifically Compaq R3000Z series amd64 laptops. The &man.pbio.4; driver, which supports direct access to the Intel 8255A programmable peripheral interface (PPI) chip running in mode 0 (simple I/O) has been added. The &man.psm.4; driver now has improved support for Synaptics Touchpad users. It now has better tracking of slow-speed movement and support for various extra buttons and dials. These features can be tuned with the hw.psm.synaptics.* hierarchy of sysctl variables. The rtc driver has been added to support the MC146818-compatible clock found on some &ultrasparc; II and III models. &merged; The &man.syscons.4; driver now supports VESA (15, 16, 24, and 32 bit) modes. To enable this feature, two kernel options SC_PIXEL_MODE and VESA (or corresponding kernel module) are needed. The &man.uart.4; driver is now enabled in the GENERIC kernel, and is now the default driver for serial ports. The ofw_console and &man.sab.4; drivers are now disabled in the GENERIC kernel. &merged; The &man.uftdi.4; driver now supports the FTDI FT2232C chip. The &man.uplcom.4; driver now supports handling of the CTS signal. The &man.ehci.4; driver has been improved. The zs driver has been removed in favor of the &man.uart.4; driver. Multimedia Support The &man.snd.audiocs.4; driver has been added to support the Crystal Semiconductor CS4231 audio controller found on &ultrasparc; workstations. &merged; The &man.uaudio.4; driver now has some added functionality, including volume control on more inputs and recording capability on some devices. &merged; Network Interface Support The &man.ath.4; driver has been updated to split the transmit rate control algorithm into a separate module. One of device ath_rate_onoe, device ath_rate_amrr, or device ath_rate_sample must be included in the kernel configuration when using the &man.ath.4; driver. The &man.bge.4; driver now supports the &man.altq.4; framework, as well as the BCM5714, 5721, 5750, 5751, 5751M and 5789 chips. &merged; The &man.cdce.4; USB Communication Device Class Ethernet driver has been added. &merged; The &man.cp.4; driver is now MPSAFE. &merged; The &man.ctau.4; driver is now MPSAFE. &merged; The &man.cx.4; driver is now MPSAFE. &merged; The &man.dc.4; driver now supports the &man.altq.4; framework. &merged; The &man.ed.4; driver now supports the &man.altq.4; framework. &merged; In the &man.em.4; driver, hardware support for VLAN tagging is now disabled by default due to some interactions between this feature and promiscuous mode. &merged; Ethernet flow control is now disabled by default in the &man.fxp.4; driver, to prevent problems with a system panics or is left in the kernel debugger. &merged; The gx(4) driver has been removed because it is no longer maintained actively and the &man.em.4; driver supports all of the supported hardware. The &man.hme.4; driver is now MPSAFE. &merged; The &man.ipw.4; (for Intel PRO/Wireless 2100), &man.iwi.4; (for Intel PRO/Wireless 2200BG/2225BG/2915ABG), &man.ral.4; (for Ralink Technology RT2500), and &man.ural.4; (for Ralink Technology RT2500USB) drivers have been added. The &man.ixgb.4; driver is now MPSAFE. &merged; The musycc driver, for the LanMedia LMC1504 T1/E1 network interface card, has been removed due to disuse. Drivers using the &man.ndis.4; device driver wrapper mechanism are now built and loaded differently. The &man.ndis.4; driver can now be pre-built as module or statically compiled into a kernel. Individual drivers can now be built with the &man.ndisgen.8; utility; the result is a kernel module that can be loaded into a running kernel using &man.kldload.8;. &merged; The &man.ndis.4; device driver wrapper now supports &windows;/x86-64 binaries on amd64 systems. &merged; The &man.nve.4; driver, which supports the nVidia nForce MCP Networking Adapter, has been added. The &man.re.4; driver now supports the &man.altq.4; framework. &merged; The &man.sf.4; driver now has support for device polling and &man.altq.4;. &merged; Several programming errors in the &man.sk.4; driver have been corrected. These bugs were particular to SMP systems, and could cause panics, page faults, aborted SSH connections, or corrupted file transfers. More details can be found in errata note FreeBSD-EN-05:02.sk. &merged; The &man.sk.4; driver now has support for &man.altq.4;. This driver also now supports jumbo frames on Yukon-based interfaces. &merged; The &man.vge.4; driver now has support for device polling (&man.polling.4;). Support for 802.11 devices in the &man.wlan.4; framework has been greatly overhauled. In addition to architectural changes, it includes completed 802.11g, WPA, 802.11i, 802.1x, WME/WMM, AP-side power-saving, and plugin frameworks for cryptography modules, authenticators, and access control. Note in particular that WEP now requires the wlan_wep module to be loaded (or compiled) into the kernel. The &man.xl.4; driver now supports &man.polling.4;. &merged; Network Protocols The MTU feedback in IPv6 has been disabled when the sender writes data that must be fragmented. &merged; The Common Address Redundancy Protocol (CARP) has been implemented. CARP comes from OpenBSD and allows multiple hosts to share an IP address, providing high availability and load balancing. For more information, see the &man.carp.4; manual page. &merged; + The &man.if.bridge.4; network bridging implementation, + originally from NetBSD, has been added. It supports the IEEE + 802.1D Spanning Tree Protocol, individual interface devices + for each bridge, and filtering of bridged packets. + The &man.ipfw.4; IPDIVERT option is now available as a kernel loadable module. If this module is not loaded, &man.ipfw.4; will refuse to install divert rules and &man.natd.8; will return the error message protocol not supported. The &man.ipfw.4; system can work with debug.mpsafenet=1 (this tunable is 1 by default) when the gid, jail, and/or uid rule options are used. &merged; The &man.ipfw.4; and &man.dummynet.4; systems now support IPv6. &man.ipfw.8; now supports classification and tagging of &man.altq.4; packets via a divert socket, as well as the TCP data length. The &man.ipfw.8; ipfw fwd rule now supports the full packet destination manipulation when the kernel option options IPFIREWALL_FORWARD_EXTENDED is specified in addition to options IPFIRWALL_FORWARD. This kernel option disables all restrictions to ensure proper behavior for locally generated packets and allows redirection of packets destined to locally configured IP addresses. Note that &man.ipfw.8; rules have to be carefully crafted to make sure that things like PMTU discovery do not break. &merged; The &man.ipfw.8; now supports IPv4 only rules. &man.ipnat.8; now allows redirect rules to work for non-TCP/UDP packets. &merged; Ongoing work is reducing the use of the Giant lock by the network protocol stack and improving the locking strategies. The libalias library can now be built as a kernel module. A new &man.ng.ipfw.4; NetGraph node provides a simple interface between the &man.ipfw.4; and &man.netgraph.4; facilities. A new &man.ng.nat.4; NetGraph node has been added to perform NAT functions. A new &man.ng.netflow.4; NetGraph node allows a router running &os; to do NetFlow version 5 exports. &merged; The &man.sppp.4; driver now includes Frame Relay support. &merged; The &man.sppp.4; driver is now MPSAFE. The new sysctl net.link.tap.user_open has been implemented. This allows unprivileged access to &man.tap.4; device nodes based on file system permissions. A bug in TCP that sometimes caused RST packets to be ignored if the receive window was zero bytes has been fixed. &merged; The RST handling of the &os; TCP stack has been improved to make reset attacks as difficult as possible while maintaining compatibility with the widest range of TCP stacks. The algorithm is as follows: For connections in the ESTABLISHED state, only resets with sequence numbers exactly matching last_ack_sent will cause a reset; all other segments will be silently dropped. For connections in all other states, a reset anywhere in the window will cause the connection to be reset. All other segments will be silently dropped. Note that this behavior technically violates the RFC 793 specification; the conventional (but less secure) behavior can be restored by setting a new sysctl net.inet.tcp.insecure_rst to 1. &merged; Several bugs in the TCP SACK implementation have been fixed. &merged; RFC 1644 T/TCP support has been removed. This is because the design is based on a weak security model that can easily permit denial-of-service attacks. This TCP extension has been considered a defective one in a recent Internet Draft. The KAME IPv4 IPsec implementation integrated in &os; now supports TCP-MD5. &merged; Random ephemeral port number allocation has led to some problems with port reuse at high connection rates. This feature is now disabled during periods of high connection rates; whenever new connections are created faster than net.inet.ip.portrange.randomcps per second, port number randomization is disabled for the next net.inet.ip.portrange.randomtime seconds. The default values for these two sysctl variables are 10 and 45, respectively. &merged; Fine-grained locking has been applied to many of the data structures in the IPX/SPX protocol stack. While not fully MPSAFE at this point, it is generally safe to use IPX/SPX without the Giant lock (in other words, the debug.mpsafenet sysctl variable may be set to 1). Unix domain sockets now support the LOCAL_CREDS and LOCAL_CONNWAIT options. The LOCAL_CREDS option provides a mechanism for the receiver to receive the credentials of the process as a &man.recvmsg.2; control message. The LOCAL_CONNWAIT option causes the &man.connect.2; function to block until &man.accept.2; has been called on the listening socket. For more details, see the &man.unix.4; manual page. Disks and Storage The &man.amr.4; driver is now safe for use on systems using &man.pae.4;. &merged; The &man.arcmsr.4; driver has been added. It supports the Areca ARC-11xx and ARC-12xx series of SATA RAID controllers. &merged; The &man.ata.4; family of drivers has been overhauled and updated. It has been split into modules that can be loaded and unloaded independently (the atapci and ata modules are prerequesites for the device subdrivers, which are atadisk, atapicd, atapifd, atapist, and ataraid). On supported SATA controllers, devices can be hot inserted/removed. ATA RAID support has been rewritten and supports a number of new metadata formats. The atapicd driver no longer supports CD changers. This update has been referred to as ATA mkIII. The SHSEC GEOM class has been added. It provides for the sharing of a secret between multiple GEOM providers. All of these providers must be present in order to reveal the secret. This feature is controlled by the &man.gshsec.8; utility. &merged; The &man.hptmv.4; driver, which supports the HighPoint RocketRAID 182x series, has been added. &merged; The &man.ips.4; driver now support kernel crash dumps on some modern ServeRAID models. &merged; The &man.matcd.4; driver has been removed. &merged; The default SCSI boot-time probe delay in the GENERIC kernel has been reduced from fifteen seconds to five seconds. The old vinum(4) subsystem has been removed in favor of the new &man.geom.4;-based version. The &man.twa.4; driver has been updated to the 9.2 release (for &os; 5.2.1) distributed from the 3ware website. The &man.wd.4; driver has been removed. The &man.ata.4; driver has been found to work well enough on the pc98 platform that there is no need for the older &man.wd.4; driver. Information about newly-mounted cd9660 file systems (such as the presence of RockRidge extensions) is now only printed if the kernel was booted in verbose mode. This change was made to reduce the amount of (generally unnecessary) kernel log messages. &merged; File Systems Recomputing the summary information for dirty UFS and UFS2 file systems is no longer done at mount time, but is now done by background &man.fsck.8;. This change improves the startup speed when mounting large file systems after a crash. The prior behavior can be restored by setting the vfs.ffs.compute_summary_at_mount sysctl variable to a non-zero value. &merged; A kernel panic in the NFS server has been fixed. More details can be found in errata note FreeBSD-EN-05:01.nfs. &merged; Read-only support for ReiserFS version 3 has been added. See &man.mount.reiserfs.8; for details. Contributed Software ACPI-CA has been updated from 20040527 to 20041119. &merged; Userland Changes The &man.burncd.8; utility now allows commands (such as eject) to take place after fixating a disk. Machine-specific optimized versions of &man.bcmp.3;, &man.bcopy.3;, &man.bzero.3;, &man.memcmp.3;, &man.memcpy.3;, &man.memmove.3;, &man.memset.3;, &man.strcat.3; and &man.strcpy.3; have been implemented. Several mathematics functions such as &man.ceill.3; and &man.sqrtf.3; are also replaced with the optimized versions. The &man.chflags.1; utility now supports the flag, which supports changing flags on symbolic links. The &man.ftpd.8; program now uses the 212 and 213 status codes for directory and file status correctly (211 was used in the previous versions). This behavior is described in RFC 959. &merged; The create command of the &man.gpt.8; utility now supports a command-line flag to force creation of a GPT even when there is an MBR record on a disk. &merged; The &man.getaddrinfo.3; function now queries A DNS resource records before AAAA records when AF_UNSPEC is specified. Some broken DNS servers return NXDOMAIN against non-existent AAAA queries, even when it should return NOERROR with empty return records. This is a problem for an IPv4/IPv6 dual stack node because the NXDOMAIN returned by the first query of an AAAA record makes the querying server stop attempting to resolve the A record if any. Also, this behavior has been recognized as a potential denial-of-service attack (see for more details). Note that although the query order has been changed, the returned result still includes AF_INET6 records before AF_INET records. &merged; The &man.gethostbyname.3;, &man.gethostbyname2.3;, and &man.gethostbyaddr.3; functions are now thread-safe. &merged; The &man.getnetent.3;, &man.getnetbyname.3;, and &man.getnetbyaddr.3; functions are now thread-safe. &merged; The &man.getprotoent.3;, &man.getprotobyname.3;, and &man.getprotobynumber.3; functions are now thread-safe. &merged; The &man.getservent.3;, &man.getservbyname.3;, and &man.getservbyport.3; functions are now thread-safe. &merged; For conformation to IEEE Std 1003.1-2001 (also known as POSIX 2001), the n_net of struct netent and the first argument of &man.getnetbyaddr.3; has been changed to an uint32_t. Due to these changes the ABI on 64-bit platforms becomes incompatible with previous releases of &os; and the major version number of libpcap has been bumped. If you upgrade &os; for 64-bit platforms, note that all of the userland programs which use &man.getnetbyaddr.3;, &man.getnetbyname.3;, &man.getnetent.3; and/or libpcap have to be recompiled. The gvinum(8) utility now supports checkparity, rebuildparity, and setstate subcommands. &merged; The &man.ifconfig.8; utility has been restructured. It is now more modular and flexible with respect to supporting interface-specific functionality. The 802.11 support has been updated to support recent changes to the 802.11 subsystem and drivers. Support for abbreviated forms of a number of &man.ipfw.8; options has been deprecated. Warnings are printed to stderr indicating the correct full form when one of these abbreviations is detected. The &man.kldstat.8; utility now supports a option to return the status of a specific kernel module. &merged; The on-disk format of LC_CTYPE files has been changed to be machine-independent. The &man.mixer.8; utility now supports the option. This is the same as the option but does not output mixing field separators. A bug in the libalias library which causes a core dump when the option is specified in &man.natd.8; has been fixed. The libarchive library (as well as the &man.tar.1; command that uses it) now has support for reading ISO images (with optional RockRidge extensions) and ZIP archives (with deflate and none compression). &merged; The libarchive library now supports handling a ZIP archive entry with more than 4GB compressed size (ZIP64 extension) and Unix extension. The libgpib library has been added to give userland access to GPIB devices (using the the pcii driver) via the ibfoo API. &merged; The default stack sizes in libpthread, libthr, and libc_r have been increased. On 32-bit platforms, the main thread receives a 2MB stack size by default, with other threads receiving a 1MB stack size by default. On 64-bit platforms, the default stack sizes are 4MB and 2MB respectively. &merged; The libxpg4 library has been removed because all of its functionality was long ago merged into libc. All binaries linked with libxpg4 must be recompiled or use &man.libmap.conf.5;. Note that the &os; base system has no such binaries. The &man.lpd.8; program now checks to make sure the data file has been completely transfered before starting to print it when a data file received from some other host. Some implementations of &man.lpr.1; send the control file for a print job before sending the matching data files, which can cause problems if the receiving host is a busy print-server. &merged; A number of new functions have been implemented in the &man.math.3; library. These include &man.ceill.3;, &man.floorl.3;, &man.ilogbl.3;, &man.fma.3; and variants, &man.lrint.3; and variants, and &man.lround.3; and variants. &merged; The &man.mknod.8; utility is now deprecated. Device nodes have been managed by the &man.devfs.5; device file system since &os; 5.0. The &man.mkuzip.8; utility, which compresses file system images for use with GEOM_UZIP &man.geom.4; module, has been added. &merged; The &man.moused.8; daemon now supports virtual scrolling, in which mouse motions made while holding down the middle mouse button are interpreted as scrolling. This feature is enabled with the flag. &merged; A separate directory has been added for &man.named.8; dynamic zones which is owned by the bind user (for creation of the zone journal file). For more detail, see an example dynamic zone in the sample &man.named.conf.5;. &merged; The &man.ncal.1; utility now supports a flag to generate a calendar for a specified month in the current year. &merged; The &man.newfs.8; utility now supports a flag to suppress the creation of a .snap directory on new file systems. This feature is intended for use on memory or vnode file systems that will not require snapshot support. &merged; The &man.newfs.8; utility now emits a warning when creating a UFS or UFS2 file system that cannot support snapshots. This situation can occur in the case of very large file systems with small block sizes. &merged; The &man.newsyslog.8; utility now supports a option to specify an alternate root for log files similar to DESTDIR in the BSD make process. This only affects log file paths, not configuration file () or archive directory () paths. The &man.newsyslog.8; utility now supports a that causes it not to rotate any files. The NO_NIS compile-time knob for userland has been added. As its name implies, enabling this Makefile variable will cause NIS support to be excluded from various programs and will cause the NIS utilities to not be built. &merged; For years, &os; has used Makefile variables of the form NOFOO and NO_FOO. For consistency, those variables using the former naming convention have been converted to the NO_FOO form. The file /usr/share/mk/bsd.compat.mk has a complete list of these variables; it also implements some temporary backward compatibility for the old names. The &man.periodic.8; security output now supports the display of information about blocked packet counts from &man.pf.4;. &merged; The &man.pgrep.1; now supports an option which allows to match system processes (kernel threads). The &man.pgrep.1; and &man.pkill.1; now support an option which allows to use file where PID is stored for matching. The &man.pgrep.1; and &man.pkill.1; now support an option to ignore case in the process match. The &man.pgrep.1; and &man.pkill.1; now support an option which allows to match processes based on its &man.jail.2; ID. The &man.pgrep.1; and &man.pkill.1; now support an option which allows to match oldest (least recently started) of the matching processes. The &man.powerd.8; program for managing power consumption has been added. The &man.ppp.8; program now implements an parameter, which allows LCP ECHOs to be enabled independently of LQR reports. Older versions of &man.ppp.8; would revert to LCP ECHO mode on negotiation failure. It is now necessary to specify enable echo to get this behavior. &merged; The and options, which support pre-RFC 2865 RADIUS servers have been added to the &man.ppp.8; program. Two bugs in the &man.pppd.8; program have been fixed. They may result in an incorrect CBCP response, which violates the Microsoft PPP Callback Control Protocol section 3.2. &merged; The &man.ps.1; now supports a jid keyword in the option. It displays &man.jail.2; ID of each process. The &man.pstat.8; now supports a option to print swap sizes with SI prefixes such as K, M, and G, which are used to form binary multiples. The &man.rescue.8; utilities in the /rescue directory now include &man.bsdtar.1; instead of GNU tar. The &man.restore.8; utility has regained the ability to read &os; version 1 dump tapes. &merged; A bug of the &man.rexecd.8; utility which results in it behaving as if the option is always specified has been fixed. &merged; The &man.rm.1; utility now supports an option that asks for confirmation (once) if recursively removing directories or if more than 3 files are listed in the command line. &merged; The &man.rm.1; utility now suppresses diagnostic messages when it attempts to remove a non-existent directory with the and options specified. This behavior is required by Version 3 of the Single UNIX Specification (SUSv3). The following ISO/IEC 9899:1999 standard functions have been implemented: roundl(), lroundl(), llroundl(), truncl(), and floorl(). An &man.rpmatch.3; library function has been added to check a string for being an affirmative or negative response in the current locale. The &man.rtld.1; dynamic linker now supports specifying library replacements via the LD_LIBMAP environment variable. This variable will override the entries in &man.libmap.conf.5;. &merged; The rune(3) non-standard multibyte and wide character support interface has been removed. &man.sed.1; now supports a option to make its output line-buffered. &merged; The &man.strftime.3; function now supports some GNU extensions such as - (no padding), _ (use space as padding), and 0 (zero padding). &merged; The &man.syslog.3; function is now thread-safe. &merged; The &man.syslogd.8; utility now opens an additional domain socket (/var/run/logpriv by default), with 0600 permissions to be used by privileged programs. This prevents privileged programs from locking when the domain sockets run out of buffer space due to a local denial-of-service attack. &merged; The &man.syslogd.8; now supports the option, which allows to change the pathname of the privileged socket. This is useful for preventing the daemon from receiving any messages from the local sockets (/var/run/log and /var/run/logpriv are used by default). &merged; The &man.syslogd.8; utility now allows : and % characters in the hostname specifications. These characters are used in IPv6 addresses and scope IDs. &merged; The &man.systat.1; display is now IPv6-aware. &merged; The option of &man.tail.1; utility now supports more than one file at a time. &merged; The &man.telnet.1; and &man.telnetd.8; programs now support the option for specifying a numeric TOS byte. Prepending a + character to port numbers passed to &man.telnet.1; program will now disable option negotiation and allow the transfer of characters with the high bit set. This feature is intended to support the fairly common use of &man.telnet.1; as a protocol tester. The &man.tcpdrop.8; command, which closes a selected TCP connection, has been added. It was obtained from OpenBSD. &merged; &man.what.1; now support a flag, which causes it to print matching text, but not format it. &man.whois.1; now supports a flag for querying whois.krnic.net (the National Internet Development Agency of Korea), which holds details of IP address allocations within Korea. &merged; The option of the &man.xargs.1; command has been changed to conform to IEEE Std 1003.1-2004. The standard requires that the constructed arguments cannot grow larger than 255 bytes. A bug, which caused the last line of configuration files such as &man.hosts.5;, &man.services.5;, and so on to be ignored if it did not end in a newline character, has been fixed. &merged; <filename>/etc/rc.d</filename> Scripts The rc.d/bsnmpd startup script for &man.bsnmpd.1; has been added. &man.rc.conf.5; now supports changes of network interface names at boot time. &merged; For example: ifconfig_fxp0_name="net0" ifconfig_net0="inet 10.0.0.1/16" The rc.d/moused script now starts/stops/checks a specific device when the device name is given as the second argument to the script: &prompt.root; /etc/rc.d/moused start ums0 To use different &man.rc.conf.5; knobs with different mice, use the device name as part of the knob. For example, if the mouse device is /dev/ums0 the following lines can be used: moused_ums0_enable=yes moused_ums0_flags="-z 4" moused_ums0_port="/dev/ums0" &man.rc.conf.5; now supports the tmpmfs_flags and varmfs_flags variables. These can be used to pass extra options to the &man.mdmfs.8; utility, to customize the finer details of the &man.md.4; file system creation, such as to turn on/off softupdates, to specify a default owner for the file system, and so on. &merged; Contributed Software awk has been updated from the 7 February 2004 release to the 24 April 2005 release. BIND has been updated from version 9.3.0 to version 9.3.1. &merged; bsnmp has been updated from 1.7 to 1.10. bzip2 has been updated from 1.0.2 to 1.0.3. FILE has been updated from 4.10 to 4.12. GNU GCC has been updated from from 3.4.2-prerelease as of 28 July, 2004 to 3.4.4. A number of bug fixes and performance enhancements have been added to GNU grep in the form of patches from Fedora's grep-2.5.1-48 source RPM. GNU readline has been updated from version 4.3 to version 5.0. IPFilter has been updated from 3.4.35 to 4.1.18. Heimdal has been updated from 0.6.1 to 0.6.3. &merged; libpcap has been updated from v0.8.3 to v0.9.1 (alpha 096). libregex has been updated from a snapshot from GNU grep 2.5.1 to a snapshot from the fedora-glibc-2_3_4-21 tag in the glibc CVS repository. libz has been updated from 1.2.1 to 1.2.2. lukemftp has been updated from a 26 April 2004 snapshot from OpenBSD's sources to a snapshot as of 16 May 2005. A snapshot of netcat from OpenBSD as of 4 February 2005 has been added. More information can be found in the &man.nc.1; manual page. &merged; NgATM has been updated from 1.0 to 1.2. OpenPAM has been updated from the Eelgrass release to the Feterita release. OpenSSH has been updated from 3.8p1 - to 3.9p1. + to 4.1p1. OpenSSL has been updated from 0.9.7d to 0.9.7e. &merged; pf has been updated from the version included with OpenBSD 3.5 to the version included with OpenBSD 3.7. sendmail has been updated from version 8.13.1 to version 8.13.3. &merged; TCPDUMP has been updated from v3.8.3 to v3.9.1 (alpha 096). tcsh has been updated from 6.13.00 to 6.14.00. texinfo has been updated from 4.6 to 4.8. The timezone database has been updated from the tzdata2004e release to the tzdata2004g release. &merged; Ports/Packages Collection Infrastructure The &man.pkg.version.1; utility now supports a flag to suppress the output of the port version comparison characters <, =, and >. The &man.pkg.version.1; utility now supports a flag, which causes only the INDEX file to be used for determining if a package is out of date. The ports/INDEX* files, which kept an index of all of the entries in the ports collection, have been removed from the CVS repository. &merged; These files were generated only infrequently, and therefore were usually out-of-date and inaccurate. Users requiring an index file (such as for use by programs such as &man.portupgrade.1;) have two alternatives for obtaining a copy: Build an index file based on the current ports tree by running make index from the top of the ports/ tree. Fetch an index file over the network by running make fetchindex from the top of the ports/ tree. This index file will (typically) be accurate to within a day. Release Engineering and Integration In prior &os; releases, the disc1 CD-ROM (or ISO image) was a bootable installation disk containing the base system, ports tree, and common packages. The disc2 CD-ROM (or ISO image) was a bootable fix it disk with a live filesystem, to be used for making emergency repairs. This layout has now changed. For all architectures except ia64, the disc1 image now contains the base system distribution files, ports tree, and the live filesystem, making it suitable for both an initial installation and repair purposes. (On the ia64, the live filesystem is on a separate disk due to its size.) Packages appear on separate disks; in particular, the disc2 image contains commonly packages such as desktop environments. Documents from the &os; Documentation Project also appear on disc2. &merged; The supported version of the GNOME desktop environment has been updated from 2.6.2 to 2.10. More information about running GNOME on &os; can be found on the FreeBSD GNOME Project Web page. &merged; Users of older versions of the GNOME desktop (x11/gnome2) must take particular care in upgrading. Simply upgrading it from the &os; Ports Collection with &man.portupgrade.1; (sysutils/portupgrade) will cause serious problems. GNOME desktop users should read the instructions carefully at and use the gnome_upgrade.sh script to properly upgrade to GNOME 2.10. The supported version of the KDE desktop environment has been updated from 3.3.0 to 3.4.0. More information regarding running KDE on &os; can be found on the KDE on FreeBSD Web page. &merged; Users of older versions of KDE should follow the upgrading procedure documented on the KDE on FreeBSD Web page or in ports/UPDATING. The supported version of Xorg has been updated from 6.7.0 to 6.8.2. &merged; Documentation Documentation of existing functionality has been improved by the addition of the following manual pages: &man.ataraid.4;, &man.devfs.conf.5, &man.devfs.rules.5, &man.pthread.atfork.3; &man.sched.4bsd.4;, &man.sched.ule.4;, &man.snd.fm801.4;, &man.snd.neomagic.4;, &man.snd.via8233.4;, &man.snd.via82c686.4;, and &man.snd.vibes.4;. Manual pages in the base system have received a number of cleanups, both for content and presentation. Cross-references are more correct and consistent, standard section headings are now used throughout, and markup has been cleaned up. The following manual pages, which were derived from RFCs and possibly violate the IETF's copyrights, have been replaced: &man.gai.strerror.3;, &man.getaddrinfo.3;, &man.getnameinfo.3;, &man.inet6.opt.init.3;, &man.inet6.option.space.3;, &man.inet6.rth.space.3;, &man.inet6.rthdr.space.3;, &man.icmp6.4;, and &man.ip6.4;. &merged; Upgrading from previous releases of &os; Source upgrades to &os; &release.current; are only supported from &os; 5.3-RELEASE or later. Users of older systems wanting to upgrade &release.current; will need to update to &os; 5.3 or newer first, then to &os; &release.current;. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files. diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index b868d4520bb0..e73130d9df30 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -1,1432 +1,1437 @@ &os;/&arch; &release.current; Release Notes The &os; Project $FreeBSD$ 2000 2001 2002 2003 2004 2005 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system since &release.branch; is created. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. Introduction This document contains the release notes for &os; &release.current; on the &arch.print; hardware platform. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. What's New This section describes the most user-visible new or changed features in &os; since &release.prev;. In general, changes described here are unique to the &release.branch; branch unless specifically marked as &merged; features. Typical release note items document recent security advisories issued after &release.prev.historic;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Security Advisories A bug in the &man.fetch.1; utility, which allows a malicious HTTP server to cause arbitrary portions of the client's memory to be overwritten, has been fixed. For more information, see security advisory FreeBSD-SA-04:16.fetch. &merged; A bug in &man.procfs.5; and &man.linprocfs.5; which could allow a malicious local user to read parts of kernel memory or perform a local denial of service attack by causing a system panic, has been fixed. For more information, see security advisory FreeBSD-SA-04:17.procfs. &merged; Two buffer overflows in the TELNET client program have been corrected. They could have allowed a malicious TELNET server or an active network attacker to cause &man.telnet.1; to execute arbitrary code with the privileges of the user running it. More information can be found in security advisory FreeBSD-SA-05:01.telnet. &merged; A information disclosure vulnerability in the &man.sendfile.2; system call, which could permit it to transmit random parts of kernel memory, has been fixed. More details are in security advisory FreeBSD-SA-05:02.sendfile. &merged; A possible privilege escalation vulnerability on &os;/amd64 has been fixed. This allows unprivileged users to gain direct access to some hardware which cannot be accessed without the elevated privilege level. More details are in security advisory FreeBSD-SA-05:03.amd64. &merged; An information leak vulnerability in the SIOCGIFCONF &man.ioctl.2;, which leaked 12 bytes of kernel memory, has been fixed. More details are in security advisory FreeBSD-SA-05:04.ifconf. &merged; Several programming errors in &man.cvs.1;, which could potentially cause arbitrary code to be executed on CVS servers, have been corrected. Further information can be found in security advisory FreeBSD-SA-05:05.cvs. &merged; An error in the default permissions on the /dev/iir device node, which allowed unprivileged local users can send commands to the hardware supported by the &man.iir.4; driver, has been fixed. For more information, see security advisory FreeBSD-SA-05:06.iir. &merged; A bug in the validation of &man.i386.get.ldt.2; system call input arguments, which may allow kernel memory may be disclosed to the user process, has been fixed. For more information, see security advisory FreeBSD-SA-05:07.ldt. &merged; Several information disclosure vulnerabilities in various parts of the kernel have been fixed. For more information, see security advisory FreeBSD-SA-05:08.kmem. &merged; Because of an information disclosure vulnerability on processors using Hyper-Threading Technology (HTT), the machdep.hyperthreading_allowed sysctl variable has been added. It defaults to 1 (HTT enabled) on &os; CURRENT, and 0 (HTT disabled) on the 4-STABLE and 5-STABLE development branches and supported security fix branches. More information can be found in security advisory FreeBSD-SA-05:09.htt. &merged; Kernel Changes Support for 80386 processors (the I386_CPU kernel configuration option) has been removed. Users running this class of CPU should use &os; 5.X or earlier. The kernel debugger &man.ddb.4; now supports a show alllocks command, which dumps a list of processes and threads currently holding sleep mutexes (and spin mutexes for the current thread). &merged; The &man.jail.8; feature now supports a new sysctl security.jail.chflags_allowed, which controls the behavior of &man.chflags.1; within a jail. If set to 0 (the default), then a jailed root user is treated as an unprivileged user; if set to 1, then a jailed root user is treated the same as an unjailed root user. &merged; The loader tunable debug.mpsafevm has been enabled by default. &merged; &man.memguard.9;, a kernel memory allocator designed to help detect tamper-after-free scenarios, has been added. This must be explicitly enabled via options DEBUG_MEMGUARD, plus small kernel modifications. It is generally intended for use by kernel developers. A number of bugs have been fixed in the ULE scheduler. &merged; Fine-grained locking to allow much of the VFS stack to run without the Giant lock has been added. This is enabled by default on the alpha, amd64, and i386 architectures, and can be disabled by setting the loader tunable (and sysctl variable) debug.mpsafevfs to 0. A bug in Inter-Processor Interrupt (IPI) handling, which could cause SMP systems to crash under heavy load, has been fixed. More details are contained in errata note FreeBSD-EN-05:03.ipi. &merged; System V IPC objects (message queues, semaphores, and shared memory) now have support for Mandatory Access Control policies, notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and &man.mac.test.4;. Memory allocation for legacy PCI bridges has been limited to the top 32MB of RAM. Many older, legacy bridges only allow allocation from this range. This change only applies to devices which do not have their memory assigned by the BIOS. This change fixes the bad Vcc error of CardBus bridges (&man.pccbb.4;). &merged; The &man.sysctl.3; MIBs beginning with debug now require the kernel option options SYSCTL_DEBUG. This option is disabled by default. The generic &man.tty.4; driver interface has been added and many device drivers including &man.cx.4; ({tty,cua}x), &man.cy.4; ({tty,cua}c), &man.digi.4; ({tty,cua}D), &man.rc.4; ({tty,cua}m), &man.rp.4; ({tty,cua}R), &man.sab.4; ({tty,cua}z), &man.si.4; ({tty,cua}A), &man.sio.4; ({tty,cua}d), sx ({tty,cua}G), &man.uart.4; ({tty,cua}u), &man.ubser.4; ({tty,cua}y), &man.ucom.4; ({tty,cua}U), and &man.ucycom.4; ({tty,cua}y) have been rewritten to use it. Note that /etc/remote and /etc/ttys have been updated as well. The &man.vkbd.4; driver has been added. This driver provides a software loopback mechanism that can implement a virtual AT keyboard similar to what the &man.pty.4; driver does for terminals. &os; always uses the local APIC timer even on uni-processor systems now. The default HZ parameter (which controls various kernel timers) has been increased from 100 to 1000 on the i386 and ia64. It has been reduced from 1024 to 1000 on the amd64 to reduce synchronization effects with other system clocks. The maximum length of shell commands has changed from 128 bytes to PAGE_SIZE. By default, this value is either 4KB (i386, pc98, amd64, and powerpc) or 8KB (sparc64 and ia64). As a result, compatibility modules need to be rebuilt to stay synchronized with data structure changes in the kernel. A new tunable vm.blacklist has been added. This can hold a space or comma separated list of physical addresses. The pages containing these physical addresses will not be added to the free list and thus will effectively be ignored by the &os; VM system. The physical addresses of any ignored pages are listed in the message buffer as well. Boot Loader Changes A serial console-capable version of boot0 has been added. It can be written to a disk using &man.boot0cfg.8; and specifying /boot/boot0sio as the argument to the option. cdboot now works around a BIOS problem observed on some systems when booting from USB CDROM drives. The autoboot loader command now supports the prompt parameter. The autoboot will now prevent the user from interrupting the boot process at all if the autoboot_delay variable is set to -1. &merged; A loader menu option to set hint.atkbd.0.flags=0x1 has been added. This setting allows USB keyboards to work if no PS/2 keyboard is attached. The beastie boot menu has been disabled by default. Hardware Support The &man.acpi.4; driver now turns the ACPI and PCI devices off or to a lower power state when suspending, and back on again when resuming. This behavior can be disabled by setting the debug.acpi.do_powerstate and hw.pci.do_powerstate sysctls to 0. The &man.acpi.ibm.4; driver for IBM laptops has been added. The &man.acpi.fujitsu.4; driver for handling &man.acpi.4;-controlled buttons Fujitsu laptops has been added. The acpi_sony driver, which supports the Sony Notebook Controller on various Sony laptops has been added. The &man.auxio.4; driver has been to drive some auxiliary I/O functions found on various SBus/EBus &ultrasparc; models. &merged; The clkbrd driver has been added to support the clock-board device frequently found on Sun Exx00 servers. A framework for flexible processor speed control has been added. It provides methods for various drivers to control CPU power utilization by adjusting the processor speed. More details can be found in the &man.cpufreq.4; manual page. &merged; Currently supported drivers include ichss (Intel SpeedStep for ICH), acpi_perf (ACPI CPU performance states), and acpi_throttle (ACPI CPU throttling). The latter two drivers are contained in the &man.acpi.4; driver. These can individually be disabled by setting device hints such as hint.ichss.0.disabled="1". The &man.hwpmc.4; hardware performance monitoring counter driver has been added. This driver virtualizes the hardware performance monitoring facilities in modern CPUs and provides support for using these facilities from user level processes. For more details, see manual pages of &man.hwpmc.4;, associated libraries, and associated userland utilities. Support for the OLDCARD subsystem has been removed. The NEWCARD system is now used for all PCCARD device support. The pcii driver has been added to support GPIB-PCIIA IEEE-488 cards. &merged; The &man.atkbd.4; driver now supports a 0x8 (bit 3) flag to disable testing the keyboard port during the device probe as this can cause hangs on some machines, specifically Compaq R3000Z series amd64 laptops. The &man.pbio.4; driver, which supports direct access to the Intel 8255A programmable peripheral interface (PPI) chip running in mode 0 (simple I/O) has been added. The &man.psm.4; driver now has improved support for Synaptics Touchpad users. It now has better tracking of slow-speed movement and support for various extra buttons and dials. These features can be tuned with the hw.psm.synaptics.* hierarchy of sysctl variables. The rtc driver has been added to support the MC146818-compatible clock found on some &ultrasparc; II and III models. &merged; The &man.syscons.4; driver now supports VESA (15, 16, 24, and 32 bit) modes. To enable this feature, two kernel options SC_PIXEL_MODE and VESA (or corresponding kernel module) are needed. The &man.uart.4; driver is now enabled in the GENERIC kernel, and is now the default driver for serial ports. The ofw_console and &man.sab.4; drivers are now disabled in the GENERIC kernel. &merged; The &man.uftdi.4; driver now supports the FTDI FT2232C chip. The &man.uplcom.4; driver now supports handling of the CTS signal. The &man.ehci.4; driver has been improved. The zs driver has been removed in favor of the &man.uart.4; driver. Multimedia Support The &man.snd.audiocs.4; driver has been added to support the Crystal Semiconductor CS4231 audio controller found on &ultrasparc; workstations. &merged; The &man.uaudio.4; driver now has some added functionality, including volume control on more inputs and recording capability on some devices. &merged; Network Interface Support The &man.ath.4; driver has been updated to split the transmit rate control algorithm into a separate module. One of device ath_rate_onoe, device ath_rate_amrr, or device ath_rate_sample must be included in the kernel configuration when using the &man.ath.4; driver. The &man.bge.4; driver now supports the &man.altq.4; framework, as well as the BCM5714, 5721, 5750, 5751, 5751M and 5789 chips. &merged; The &man.cdce.4; USB Communication Device Class Ethernet driver has been added. &merged; The &man.cp.4; driver is now MPSAFE. &merged; The &man.ctau.4; driver is now MPSAFE. &merged; The &man.cx.4; driver is now MPSAFE. &merged; The &man.dc.4; driver now supports the &man.altq.4; framework. &merged; The &man.ed.4; driver now supports the &man.altq.4; framework. &merged; In the &man.em.4; driver, hardware support for VLAN tagging is now disabled by default due to some interactions between this feature and promiscuous mode. &merged; Ethernet flow control is now disabled by default in the &man.fxp.4; driver, to prevent problems with a system panics or is left in the kernel debugger. &merged; The gx(4) driver has been removed because it is no longer maintained actively and the &man.em.4; driver supports all of the supported hardware. The &man.hme.4; driver is now MPSAFE. &merged; The &man.ipw.4; (for Intel PRO/Wireless 2100), &man.iwi.4; (for Intel PRO/Wireless 2200BG/2225BG/2915ABG), &man.ral.4; (for Ralink Technology RT2500), and &man.ural.4; (for Ralink Technology RT2500USB) drivers have been added. The &man.ixgb.4; driver is now MPSAFE. &merged; The musycc driver, for the LanMedia LMC1504 T1/E1 network interface card, has been removed due to disuse. Drivers using the &man.ndis.4; device driver wrapper mechanism are now built and loaded differently. The &man.ndis.4; driver can now be pre-built as module or statically compiled into a kernel. Individual drivers can now be built with the &man.ndisgen.8; utility; the result is a kernel module that can be loaded into a running kernel using &man.kldload.8;. &merged; The &man.ndis.4; device driver wrapper now supports &windows;/x86-64 binaries on amd64 systems. &merged; The &man.nve.4; driver, which supports the nVidia nForce MCP Networking Adapter, has been added. The &man.re.4; driver now supports the &man.altq.4; framework. &merged; The &man.sf.4; driver now has support for device polling and &man.altq.4;. &merged; Several programming errors in the &man.sk.4; driver have been corrected. These bugs were particular to SMP systems, and could cause panics, page faults, aborted SSH connections, or corrupted file transfers. More details can be found in errata note FreeBSD-EN-05:02.sk. &merged; The &man.sk.4; driver now has support for &man.altq.4;. This driver also now supports jumbo frames on Yukon-based interfaces. &merged; The &man.vge.4; driver now has support for device polling (&man.polling.4;). Support for 802.11 devices in the &man.wlan.4; framework has been greatly overhauled. In addition to architectural changes, it includes completed 802.11g, WPA, 802.11i, 802.1x, WME/WMM, AP-side power-saving, and plugin frameworks for cryptography modules, authenticators, and access control. Note in particular that WEP now requires the wlan_wep module to be loaded (or compiled) into the kernel. The &man.xl.4; driver now supports &man.polling.4;. &merged; Network Protocols The MTU feedback in IPv6 has been disabled when the sender writes data that must be fragmented. &merged; The Common Address Redundancy Protocol (CARP) has been implemented. CARP comes from OpenBSD and allows multiple hosts to share an IP address, providing high availability and load balancing. For more information, see the &man.carp.4; manual page. &merged; + The &man.if.bridge.4; network bridging implementation, + originally from NetBSD, has been added. It supports the IEEE + 802.1D Spanning Tree Protocol, individual interface devices + for each bridge, and filtering of bridged packets. + The &man.ipfw.4; IPDIVERT option is now available as a kernel loadable module. If this module is not loaded, &man.ipfw.4; will refuse to install divert rules and &man.natd.8; will return the error message protocol not supported. The &man.ipfw.4; system can work with debug.mpsafenet=1 (this tunable is 1 by default) when the gid, jail, and/or uid rule options are used. &merged; The &man.ipfw.4; and &man.dummynet.4; systems now support IPv6. &man.ipfw.8; now supports classification and tagging of &man.altq.4; packets via a divert socket, as well as the TCP data length. The &man.ipfw.8; ipfw fwd rule now supports the full packet destination manipulation when the kernel option options IPFIREWALL_FORWARD_EXTENDED is specified in addition to options IPFIRWALL_FORWARD. This kernel option disables all restrictions to ensure proper behavior for locally generated packets and allows redirection of packets destined to locally configured IP addresses. Note that &man.ipfw.8; rules have to be carefully crafted to make sure that things like PMTU discovery do not break. &merged; The &man.ipfw.8; now supports IPv4 only rules. &man.ipnat.8; now allows redirect rules to work for non-TCP/UDP packets. &merged; Ongoing work is reducing the use of the Giant lock by the network protocol stack and improving the locking strategies. The libalias library can now be built as a kernel module. A new &man.ng.ipfw.4; NetGraph node provides a simple interface between the &man.ipfw.4; and &man.netgraph.4; facilities. A new &man.ng.nat.4; NetGraph node has been added to perform NAT functions. A new &man.ng.netflow.4; NetGraph node allows a router running &os; to do NetFlow version 5 exports. &merged; The &man.sppp.4; driver now includes Frame Relay support. &merged; The &man.sppp.4; driver is now MPSAFE. The new sysctl net.link.tap.user_open has been implemented. This allows unprivileged access to &man.tap.4; device nodes based on file system permissions. A bug in TCP that sometimes caused RST packets to be ignored if the receive window was zero bytes has been fixed. &merged; The RST handling of the &os; TCP stack has been improved to make reset attacks as difficult as possible while maintaining compatibility with the widest range of TCP stacks. The algorithm is as follows: For connections in the ESTABLISHED state, only resets with sequence numbers exactly matching last_ack_sent will cause a reset; all other segments will be silently dropped. For connections in all other states, a reset anywhere in the window will cause the connection to be reset. All other segments will be silently dropped. Note that this behavior technically violates the RFC 793 specification; the conventional (but less secure) behavior can be restored by setting a new sysctl net.inet.tcp.insecure_rst to 1. &merged; Several bugs in the TCP SACK implementation have been fixed. &merged; RFC 1644 T/TCP support has been removed. This is because the design is based on a weak security model that can easily permit denial-of-service attacks. This TCP extension has been considered a defective one in a recent Internet Draft. The KAME IPv4 IPsec implementation integrated in &os; now supports TCP-MD5. &merged; Random ephemeral port number allocation has led to some problems with port reuse at high connection rates. This feature is now disabled during periods of high connection rates; whenever new connections are created faster than net.inet.ip.portrange.randomcps per second, port number randomization is disabled for the next net.inet.ip.portrange.randomtime seconds. The default values for these two sysctl variables are 10 and 45, respectively. &merged; Fine-grained locking has been applied to many of the data structures in the IPX/SPX protocol stack. While not fully MPSAFE at this point, it is generally safe to use IPX/SPX without the Giant lock (in other words, the debug.mpsafenet sysctl variable may be set to 1). Unix domain sockets now support the LOCAL_CREDS and LOCAL_CONNWAIT options. The LOCAL_CREDS option provides a mechanism for the receiver to receive the credentials of the process as a &man.recvmsg.2; control message. The LOCAL_CONNWAIT option causes the &man.connect.2; function to block until &man.accept.2; has been called on the listening socket. For more details, see the &man.unix.4; manual page. Disks and Storage The &man.amr.4; driver is now safe for use on systems using &man.pae.4;. &merged; The &man.arcmsr.4; driver has been added. It supports the Areca ARC-11xx and ARC-12xx series of SATA RAID controllers. &merged; The &man.ata.4; family of drivers has been overhauled and updated. It has been split into modules that can be loaded and unloaded independently (the atapci and ata modules are prerequesites for the device subdrivers, which are atadisk, atapicd, atapifd, atapist, and ataraid). On supported SATA controllers, devices can be hot inserted/removed. ATA RAID support has been rewritten and supports a number of new metadata formats. The atapicd driver no longer supports CD changers. This update has been referred to as ATA mkIII. The SHSEC GEOM class has been added. It provides for the sharing of a secret between multiple GEOM providers. All of these providers must be present in order to reveal the secret. This feature is controlled by the &man.gshsec.8; utility. &merged; The &man.hptmv.4; driver, which supports the HighPoint RocketRAID 182x series, has been added. &merged; The &man.ips.4; driver now support kernel crash dumps on some modern ServeRAID models. &merged; The &man.matcd.4; driver has been removed. &merged; The default SCSI boot-time probe delay in the GENERIC kernel has been reduced from fifteen seconds to five seconds. The old vinum(4) subsystem has been removed in favor of the new &man.geom.4;-based version. The &man.twa.4; driver has been updated to the 9.2 release (for &os; 5.2.1) distributed from the 3ware website. The &man.wd.4; driver has been removed. The &man.ata.4; driver has been found to work well enough on the pc98 platform that there is no need for the older &man.wd.4; driver. Information about newly-mounted cd9660 file systems (such as the presence of RockRidge extensions) is now only printed if the kernel was booted in verbose mode. This change was made to reduce the amount of (generally unnecessary) kernel log messages. &merged; File Systems Recomputing the summary information for dirty UFS and UFS2 file systems is no longer done at mount time, but is now done by background &man.fsck.8;. This change improves the startup speed when mounting large file systems after a crash. The prior behavior can be restored by setting the vfs.ffs.compute_summary_at_mount sysctl variable to a non-zero value. &merged; A kernel panic in the NFS server has been fixed. More details can be found in errata note FreeBSD-EN-05:01.nfs. &merged; Read-only support for ReiserFS version 3 has been added. See &man.mount.reiserfs.8; for details. Contributed Software ACPI-CA has been updated from 20040527 to 20041119. &merged; Userland Changes The &man.burncd.8; utility now allows commands (such as eject) to take place after fixating a disk. Machine-specific optimized versions of &man.bcmp.3;, &man.bcopy.3;, &man.bzero.3;, &man.memcmp.3;, &man.memcpy.3;, &man.memmove.3;, &man.memset.3;, &man.strcat.3; and &man.strcpy.3; have been implemented. Several mathematics functions such as &man.ceill.3; and &man.sqrtf.3; are also replaced with the optimized versions. The &man.chflags.1; utility now supports the flag, which supports changing flags on symbolic links. The &man.ftpd.8; program now uses the 212 and 213 status codes for directory and file status correctly (211 was used in the previous versions). This behavior is described in RFC 959. &merged; The create command of the &man.gpt.8; utility now supports a command-line flag to force creation of a GPT even when there is an MBR record on a disk. &merged; The &man.getaddrinfo.3; function now queries A DNS resource records before AAAA records when AF_UNSPEC is specified. Some broken DNS servers return NXDOMAIN against non-existent AAAA queries, even when it should return NOERROR with empty return records. This is a problem for an IPv4/IPv6 dual stack node because the NXDOMAIN returned by the first query of an AAAA record makes the querying server stop attempting to resolve the A record if any. Also, this behavior has been recognized as a potential denial-of-service attack (see for more details). Note that although the query order has been changed, the returned result still includes AF_INET6 records before AF_INET records. &merged; The &man.gethostbyname.3;, &man.gethostbyname2.3;, and &man.gethostbyaddr.3; functions are now thread-safe. &merged; The &man.getnetent.3;, &man.getnetbyname.3;, and &man.getnetbyaddr.3; functions are now thread-safe. &merged; The &man.getprotoent.3;, &man.getprotobyname.3;, and &man.getprotobynumber.3; functions are now thread-safe. &merged; The &man.getservent.3;, &man.getservbyname.3;, and &man.getservbyport.3; functions are now thread-safe. &merged; For conformation to IEEE Std 1003.1-2001 (also known as POSIX 2001), the n_net of struct netent and the first argument of &man.getnetbyaddr.3; has been changed to an uint32_t. Due to these changes the ABI on 64-bit platforms becomes incompatible with previous releases of &os; and the major version number of libpcap has been bumped. If you upgrade &os; for 64-bit platforms, note that all of the userland programs which use &man.getnetbyaddr.3;, &man.getnetbyname.3;, &man.getnetent.3; and/or libpcap have to be recompiled. The gvinum(8) utility now supports checkparity, rebuildparity, and setstate subcommands. &merged; The &man.ifconfig.8; utility has been restructured. It is now more modular and flexible with respect to supporting interface-specific functionality. The 802.11 support has been updated to support recent changes to the 802.11 subsystem and drivers. Support for abbreviated forms of a number of &man.ipfw.8; options has been deprecated. Warnings are printed to stderr indicating the correct full form when one of these abbreviations is detected. The &man.kldstat.8; utility now supports a option to return the status of a specific kernel module. &merged; The on-disk format of LC_CTYPE files has been changed to be machine-independent. The &man.mixer.8; utility now supports the option. This is the same as the option but does not output mixing field separators. A bug in the libalias library which causes a core dump when the option is specified in &man.natd.8; has been fixed. The libarchive library (as well as the &man.tar.1; command that uses it) now has support for reading ISO images (with optional RockRidge extensions) and ZIP archives (with deflate and none compression). &merged; The libarchive library now supports handling a ZIP archive entry with more than 4GB compressed size (ZIP64 extension) and Unix extension. The libgpib library has been added to give userland access to GPIB devices (using the the pcii driver) via the ibfoo API. &merged; The default stack sizes in libpthread, libthr, and libc_r have been increased. On 32-bit platforms, the main thread receives a 2MB stack size by default, with other threads receiving a 1MB stack size by default. On 64-bit platforms, the default stack sizes are 4MB and 2MB respectively. &merged; The libxpg4 library has been removed because all of its functionality was long ago merged into libc. All binaries linked with libxpg4 must be recompiled or use &man.libmap.conf.5;. Note that the &os; base system has no such binaries. The &man.lpd.8; program now checks to make sure the data file has been completely transfered before starting to print it when a data file received from some other host. Some implementations of &man.lpr.1; send the control file for a print job before sending the matching data files, which can cause problems if the receiving host is a busy print-server. &merged; A number of new functions have been implemented in the &man.math.3; library. These include &man.ceill.3;, &man.floorl.3;, &man.ilogbl.3;, &man.fma.3; and variants, &man.lrint.3; and variants, and &man.lround.3; and variants. &merged; The &man.mknod.8; utility is now deprecated. Device nodes have been managed by the &man.devfs.5; device file system since &os; 5.0. The &man.mkuzip.8; utility, which compresses file system images for use with GEOM_UZIP &man.geom.4; module, has been added. &merged; The &man.moused.8; daemon now supports virtual scrolling, in which mouse motions made while holding down the middle mouse button are interpreted as scrolling. This feature is enabled with the flag. &merged; A separate directory has been added for &man.named.8; dynamic zones which is owned by the bind user (for creation of the zone journal file). For more detail, see an example dynamic zone in the sample &man.named.conf.5;. &merged; The &man.ncal.1; utility now supports a flag to generate a calendar for a specified month in the current year. &merged; The &man.newfs.8; utility now supports a flag to suppress the creation of a .snap directory on new file systems. This feature is intended for use on memory or vnode file systems that will not require snapshot support. &merged; The &man.newfs.8; utility now emits a warning when creating a UFS or UFS2 file system that cannot support snapshots. This situation can occur in the case of very large file systems with small block sizes. &merged; The &man.newsyslog.8; utility now supports a option to specify an alternate root for log files similar to DESTDIR in the BSD make process. This only affects log file paths, not configuration file () or archive directory () paths. The &man.newsyslog.8; utility now supports a that causes it not to rotate any files. The NO_NIS compile-time knob for userland has been added. As its name implies, enabling this Makefile variable will cause NIS support to be excluded from various programs and will cause the NIS utilities to not be built. &merged; For years, &os; has used Makefile variables of the form NOFOO and NO_FOO. For consistency, those variables using the former naming convention have been converted to the NO_FOO form. The file /usr/share/mk/bsd.compat.mk has a complete list of these variables; it also implements some temporary backward compatibility for the old names. The &man.periodic.8; security output now supports the display of information about blocked packet counts from &man.pf.4;. &merged; The &man.pgrep.1; now supports an option which allows to match system processes (kernel threads). The &man.pgrep.1; and &man.pkill.1; now support an option which allows to use file where PID is stored for matching. The &man.pgrep.1; and &man.pkill.1; now support an option to ignore case in the process match. The &man.pgrep.1; and &man.pkill.1; now support an option which allows to match processes based on its &man.jail.2; ID. The &man.pgrep.1; and &man.pkill.1; now support an option which allows to match oldest (least recently started) of the matching processes. The &man.powerd.8; program for managing power consumption has been added. The &man.ppp.8; program now implements an parameter, which allows LCP ECHOs to be enabled independently of LQR reports. Older versions of &man.ppp.8; would revert to LCP ECHO mode on negotiation failure. It is now necessary to specify enable echo to get this behavior. &merged; The and options, which support pre-RFC 2865 RADIUS servers have been added to the &man.ppp.8; program. Two bugs in the &man.pppd.8; program have been fixed. They may result in an incorrect CBCP response, which violates the Microsoft PPP Callback Control Protocol section 3.2. &merged; The &man.ps.1; now supports a jid keyword in the option. It displays &man.jail.2; ID of each process. The &man.pstat.8; now supports a option to print swap sizes with SI prefixes such as K, M, and G, which are used to form binary multiples. The &man.rescue.8; utilities in the /rescue directory now include &man.bsdtar.1; instead of GNU tar. The &man.restore.8; utility has regained the ability to read &os; version 1 dump tapes. &merged; A bug of the &man.rexecd.8; utility which results in it behaving as if the option is always specified has been fixed. &merged; The &man.rm.1; utility now supports an option that asks for confirmation (once) if recursively removing directories or if more than 3 files are listed in the command line. &merged; The &man.rm.1; utility now suppresses diagnostic messages when it attempts to remove a non-existent directory with the and options specified. This behavior is required by Version 3 of the Single UNIX Specification (SUSv3). The following ISO/IEC 9899:1999 standard functions have been implemented: roundl(), lroundl(), llroundl(), truncl(), and floorl(). An &man.rpmatch.3; library function has been added to check a string for being an affirmative or negative response in the current locale. The &man.rtld.1; dynamic linker now supports specifying library replacements via the LD_LIBMAP environment variable. This variable will override the entries in &man.libmap.conf.5;. &merged; The rune(3) non-standard multibyte and wide character support interface has been removed. &man.sed.1; now supports a option to make its output line-buffered. &merged; The &man.strftime.3; function now supports some GNU extensions such as - (no padding), _ (use space as padding), and 0 (zero padding). &merged; The &man.syslog.3; function is now thread-safe. &merged; The &man.syslogd.8; utility now opens an additional domain socket (/var/run/logpriv by default), with 0600 permissions to be used by privileged programs. This prevents privileged programs from locking when the domain sockets run out of buffer space due to a local denial-of-service attack. &merged; The &man.syslogd.8; now supports the option, which allows to change the pathname of the privileged socket. This is useful for preventing the daemon from receiving any messages from the local sockets (/var/run/log and /var/run/logpriv are used by default). &merged; The &man.syslogd.8; utility now allows : and % characters in the hostname specifications. These characters are used in IPv6 addresses and scope IDs. &merged; The &man.systat.1; display is now IPv6-aware. &merged; The option of &man.tail.1; utility now supports more than one file at a time. &merged; The &man.telnet.1; and &man.telnetd.8; programs now support the option for specifying a numeric TOS byte. Prepending a + character to port numbers passed to &man.telnet.1; program will now disable option negotiation and allow the transfer of characters with the high bit set. This feature is intended to support the fairly common use of &man.telnet.1; as a protocol tester. The &man.tcpdrop.8; command, which closes a selected TCP connection, has been added. It was obtained from OpenBSD. &merged; &man.what.1; now support a flag, which causes it to print matching text, but not format it. &man.whois.1; now supports a flag for querying whois.krnic.net (the National Internet Development Agency of Korea), which holds details of IP address allocations within Korea. &merged; The option of the &man.xargs.1; command has been changed to conform to IEEE Std 1003.1-2004. The standard requires that the constructed arguments cannot grow larger than 255 bytes. A bug, which caused the last line of configuration files such as &man.hosts.5;, &man.services.5;, and so on to be ignored if it did not end in a newline character, has been fixed. &merged; <filename>/etc/rc.d</filename> Scripts The rc.d/bsnmpd startup script for &man.bsnmpd.1; has been added. &man.rc.conf.5; now supports changes of network interface names at boot time. &merged; For example: ifconfig_fxp0_name="net0" ifconfig_net0="inet 10.0.0.1/16" The rc.d/moused script now starts/stops/checks a specific device when the device name is given as the second argument to the script: &prompt.root; /etc/rc.d/moused start ums0 To use different &man.rc.conf.5; knobs with different mice, use the device name as part of the knob. For example, if the mouse device is /dev/ums0 the following lines can be used: moused_ums0_enable=yes moused_ums0_flags="-z 4" moused_ums0_port="/dev/ums0" &man.rc.conf.5; now supports the tmpmfs_flags and varmfs_flags variables. These can be used to pass extra options to the &man.mdmfs.8; utility, to customize the finer details of the &man.md.4; file system creation, such as to turn on/off softupdates, to specify a default owner for the file system, and so on. &merged; Contributed Software awk has been updated from the 7 February 2004 release to the 24 April 2005 release. BIND has been updated from version 9.3.0 to version 9.3.1. &merged; bsnmp has been updated from 1.7 to 1.10. bzip2 has been updated from 1.0.2 to 1.0.3. FILE has been updated from 4.10 to 4.12. GNU GCC has been updated from from 3.4.2-prerelease as of 28 July, 2004 to 3.4.4. A number of bug fixes and performance enhancements have been added to GNU grep in the form of patches from Fedora's grep-2.5.1-48 source RPM. GNU readline has been updated from version 4.3 to version 5.0. IPFilter has been updated from 3.4.35 to 4.1.18. Heimdal has been updated from 0.6.1 to 0.6.3. &merged; libpcap has been updated from v0.8.3 to v0.9.1 (alpha 096). libregex has been updated from a snapshot from GNU grep 2.5.1 to a snapshot from the fedora-glibc-2_3_4-21 tag in the glibc CVS repository. libz has been updated from 1.2.1 to 1.2.2. lukemftp has been updated from a 26 April 2004 snapshot from OpenBSD's sources to a snapshot as of 16 May 2005. A snapshot of netcat from OpenBSD as of 4 February 2005 has been added. More information can be found in the &man.nc.1; manual page. &merged; NgATM has been updated from 1.0 to 1.2. OpenPAM has been updated from the Eelgrass release to the Feterita release. OpenSSH has been updated from 3.8p1 - to 3.9p1. + to 4.1p1. OpenSSL has been updated from 0.9.7d to 0.9.7e. &merged; pf has been updated from the version included with OpenBSD 3.5 to the version included with OpenBSD 3.7. sendmail has been updated from version 8.13.1 to version 8.13.3. &merged; TCPDUMP has been updated from v3.8.3 to v3.9.1 (alpha 096). tcsh has been updated from 6.13.00 to 6.14.00. texinfo has been updated from 4.6 to 4.8. The timezone database has been updated from the tzdata2004e release to the tzdata2004g release. &merged; Ports/Packages Collection Infrastructure The &man.pkg.version.1; utility now supports a flag to suppress the output of the port version comparison characters <, =, and >. The &man.pkg.version.1; utility now supports a flag, which causes only the INDEX file to be used for determining if a package is out of date. The ports/INDEX* files, which kept an index of all of the entries in the ports collection, have been removed from the CVS repository. &merged; These files were generated only infrequently, and therefore were usually out-of-date and inaccurate. Users requiring an index file (such as for use by programs such as &man.portupgrade.1;) have two alternatives for obtaining a copy: Build an index file based on the current ports tree by running make index from the top of the ports/ tree. Fetch an index file over the network by running make fetchindex from the top of the ports/ tree. This index file will (typically) be accurate to within a day. Release Engineering and Integration In prior &os; releases, the disc1 CD-ROM (or ISO image) was a bootable installation disk containing the base system, ports tree, and common packages. The disc2 CD-ROM (or ISO image) was a bootable fix it disk with a live filesystem, to be used for making emergency repairs. This layout has now changed. For all architectures except ia64, the disc1 image now contains the base system distribution files, ports tree, and the live filesystem, making it suitable for both an initial installation and repair purposes. (On the ia64, the live filesystem is on a separate disk due to its size.) Packages appear on separate disks; in particular, the disc2 image contains commonly packages such as desktop environments. Documents from the &os; Documentation Project also appear on disc2. &merged; The supported version of the GNOME desktop environment has been updated from 2.6.2 to 2.10. More information about running GNOME on &os; can be found on the FreeBSD GNOME Project Web page. &merged; Users of older versions of the GNOME desktop (x11/gnome2) must take particular care in upgrading. Simply upgrading it from the &os; Ports Collection with &man.portupgrade.1; (sysutils/portupgrade) will cause serious problems. GNOME desktop users should read the instructions carefully at and use the gnome_upgrade.sh script to properly upgrade to GNOME 2.10. The supported version of the KDE desktop environment has been updated from 3.3.0 to 3.4.0. More information regarding running KDE on &os; can be found on the KDE on FreeBSD Web page. &merged; Users of older versions of KDE should follow the upgrading procedure documented on the KDE on FreeBSD Web page or in ports/UPDATING. The supported version of Xorg has been updated from 6.7.0 to 6.8.2. &merged; Documentation Documentation of existing functionality has been improved by the addition of the following manual pages: &man.ataraid.4;, &man.devfs.conf.5, &man.devfs.rules.5, &man.pthread.atfork.3; &man.sched.4bsd.4;, &man.sched.ule.4;, &man.snd.fm801.4;, &man.snd.neomagic.4;, &man.snd.via8233.4;, &man.snd.via82c686.4;, and &man.snd.vibes.4;. Manual pages in the base system have received a number of cleanups, both for content and presentation. Cross-references are more correct and consistent, standard section headings are now used throughout, and markup has been cleaned up. The following manual pages, which were derived from RFCs and possibly violate the IETF's copyrights, have been replaced: &man.gai.strerror.3;, &man.getaddrinfo.3;, &man.getnameinfo.3;, &man.inet6.opt.init.3;, &man.inet6.option.space.3;, &man.inet6.rth.space.3;, &man.inet6.rthdr.space.3;, &man.icmp6.4;, and &man.ip6.4;. &merged; Upgrading from previous releases of &os; Source upgrades to &os; &release.current; are only supported from &os; 5.3-RELEASE or later. Users of older systems wanting to upgrade &release.current; will need to update to &os; 5.3 or newer first, then to &os; &release.current;. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.