diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index 5afc26e9486d..a1e69288949d 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -1,541 +1,553 @@ &os;/&arch; &release.current; Release Notes The &os; Project $FreeBSD$ 2000 2001 2002 2003 2004 2005 2006 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. Introduction This document contains the release notes for &os; &release.current; on the &arch.print; hardware platform. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. What's New This section describes the most user-visible new or changed features in &os; since &release.prev;. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Security Advisories A bug in &man.ypserv.8;, which effectively disabled the /var/yp/securenets access control mechanism, has been corrected. More details are available in security advisory FreeBSD-SA-06:15.ypserv. A bug in the smbfs file system, which could allow an attacker to escape out of &man.chroot.2 environments on an smbfs mounted filesystem, has been fixed. For more details, see security advisory FreeBSD-SA-06:16.smbfs. A potential denial of service problem in &man.sendmail.8; caused by excessive recursion which leads to stack exhaustion when attempting delivery of a malformed MIME message, has been fixed. For more details, see security advisory FreeBSD-SA-06:17.sendmail. A potential buffer overflow condition in &man.sppp.4; has been corrected. For more details, see security advisory FreeBSD-SA-06:18.ppp. An OpenSSL bug related to validation of PKCS#1 v1.5 signatures has been fixed. For more details, see security advisory FreeBSD-SA-06:19.openssl. A potential denial of service attack against &man.named.8; has been fixed. For more details, see security advisory FreeBSD-SA-06:20.bind. + + Several programming errors have been fixed in &man.gzip.1;. + They could have the effect of causing a crash or an infinite + loop when decompressing files. More information can be found in + security advisory + FreeBSD-SA-06:21.gzip. + + Multiple errors in the OpenSSL &man.crypto.3; library have + been fixed. Potential effects are varied, and are documented in + more detail in security advisory + FreeBSD-SA-06:23.openssl. + Kernel Changes Security event auditing is now supported in the &os; kernel, and is enabled by the AUDIT kernel configuration option. More information can be found in the &man.audit.4; manual page. Instead of including all of physical memory in a kernel crash dump, the kernel now defaults to dumping only pages that are actively mapped into kernel virtual memory. This functionality requires that the new debug.minidump sysctl variable be set to 1. A bug has been fixed in the statistics-keeping code in the kernel's UMA memory allocator. This caused a count of memory allocation failures (as shown by netstat -m) to increase erroneously. &os; now runs on the Xbox, whose architecture is nearly identical to the i386. For details of the latest development, see . Boot Loader Changes A bootable CDROM loader has been implemented for the pc98 platform. Hardware Support The &man.amdsmb.4; driver has been added. It provides support for the AMD-8111 SMBus 2.0 controller. Support has been improved for so-called legacy-free hardware, in particular, i386 systems without AT-style keyboard controllers such as the Macbook Pro. &man.ipmi.4;, an OpenIPMI compatible driver, has been added. OpenIPMI (Intelligent Platform Management Interface) is an open standard designed to enable remote monitoring and control of server, networking and telecommunication platforms. Support for the PadLock Security Co-processor in VIA C3, Eden, and C7 processors has been added to the &man.crypto.9; subsystem. More information can be found in the &man.padlock.4; manual page. The &man.nfsmb.4; driver, which supports the NVIDIA nForce 2/3/4 SMBus 2.0 controller, has been added. Multimedia Support Network Interface Support The &man.ath.4; driver has been updated to HAL version 0.9.17.2. The &man.ath.4;, &man.ath.hal.4;, and ath_rate_sample drivers have been included in the GENERIC kernel by default. The &man.em.4; driver has been updated to version 6.1.4 from Intel. Among other changes, it now supports 80003, 82571, 82571EB and 82572 based adapters, as well as onboard-NICs on ICH8-based motherboards. A number of improvements and bugfixes have been made to the functionality of the &man.iwi.4; driver. This driver now requires the firmware image in the net/iwi-firmware-kmod port/package; prior versions of this driver used the net/iwi-firmware port/package. The &man.my.4; driver now has &man.altq.4; support. The &man.nve.4; driver has been updated to version 1.0-0310 (23-Nov-2005). It also now has &man.altq.4; support. The &man.sk.4; driver is now MPSAFE. The &man.stge.4; driver has been added. It supports the Sundance/Tamarack TC9021 Gigabit Ethernet controller and was ported from NetBSD. Network Protocols Multiple copies of a packet received via different &man.bpf.4; listeners now all have identical timestamps. The &man.enc.4; IPsec filtering pseudo-device has been added. It allows firewall packages using the &man.pfil.9; framework to examine (and filter) IPsec traffic before outbound encryption and after inbound decryption. The sysctl variables net.inet.ip.portrange.reservedhigh and net.inet.ip.portrange.reservedlow can be used with IPv6 now. The IPFIREWALL_FORWARD_EXTENDED kernel option has been removed. This option was used to permit &man.ipfw.4; to redirect packets with local destinations. This behavior is now always enabled when the IPFIREWALL_FORWARD kernel option is enabled. &os; &release.prev; contained a bug in the IPv6 implementation, which caused spurious error messages to be printed for point-to-point interfaces. This problem has been corrected. Disks and Storage &man.geli.8; is now able to perform data integrity verification (data authentication) of encrypted data stored on disk. Note that the encryption algorithm is now specified to the &man.geli.8; control program using the option; the option is now used to specify the authentication algorithm. File Systems The &man.linsysfs.5; pseudo-filesystem driver has been added. It provides a subset of the Linux sys filesystem, and is required for the correct operation of some Linux binaries (such as the LSI MegaRAID SAS utility). A deadlock observed when both quotas and snapshots were in use on a file system on &os; &release.prev; has been corrected. A performance regression with NFS servers running &os; &release.prev;, caused by a leak of the Giant kernel lock, has been fixed. Userland Changes The &man.asf.8; utility has been revised and extended. Now it can operate via several interfaces including &man.kvm.3;, which supports not only live systems, but also kernel crash dumps. The OpenBSM userland tools, including &man.audit.8;, &man.auditd.8;, &man.auditreduce.1;, and &man.praudit.1;, have been added. The &man.cp.1; utility now supports a option, which causes it to create hardlinks to the source files instead of copying them. The &man.csup.1; utility has been imported. This is an implementation of a CVSup-compatible client written in the C language. Note that it currently supports checkout mode only. The &man.dhclient.8; program now sends the host's name in DHCP requests if it is not specified in the configuration file. The &man.du.1; program now supports a flag, which causes it to ignore files and directories with the nodump flag set. The &man.find.1; program now supports and other related primaries, which can be used to create expressions based on a file's creation time. The &man.freebsd-update.8; utility, a tool for managing binary updates to the &os; base system, has been added. The &man.getent.1; utility has been imported from NetBSD. It retrieves and displays information from an administrative database (such as hosts) using the lookup order specified in &man.nsswitch.conf.5;. The &man.id.1; utility now supports a flag to print process audit properties, including the audit user id. The &man.iostat.8; utility now supports a flag (inspired by Solaris) to print extended disk statistics. If the new flag is also specified, no output is made for disks with no activity. The &man.jail.8; program now supports a option to specify a jail's securelevel. The &man.jexec.8; utility now supports and flags to specify username credentials under which a command should be executed. The &man.logger.1; utility now supports a , which specifies the port to which syslog messages should be sent. The &man.ls.1; utility now supports an flag to use the file creation time for sorting. The &man.mount.8; utility now supports a late keyword in &man.fstab.5;, along with a corresponding command-line option to specify that these late file systems should be mounted. The &man.pkill.1; utility (also known as &man.pgrep.1;) has been moved from /usr/bin to /bin so that it can be used by startup scripts. Symbolic links from its former location have been created for backward compatibliity. An extensible implementation of &man.printf.3;, compatible with GLIBC, has been added to libc. It is only used if the environment variable USE_XPRINTF is defined, one of the extension functions is called, or the global variable __use_xprintf is set to a value greater than 0. Five extensions are currently supported: %H (hex dump), %T (time_t and time-related structures), %M (errno message), %Q (double-quoted, escaped string), %V (&man.strvis.3;-format string), The DNS resolver library in &os;'s libc has been updated to BIND9's one. The &man.tail.1; utility now supports a flag to suppress header lines when multiple files are specified. The &man.traceroute.8; utility now supports a option, which sets a fixed destination port for probe packets. This can be useful for tracing behind packet-filtering firewalls. &man.traceroute.8; now decodes the complete set of ICMP unreachable messages in its output. <filename>/etc/rc.d</filename> Scripts The auditd script for OpenBSM &man.auditd.8; has been added. A bug in the rc.d/jail startup script, which caused a number of problems for users attempting to use jails on &os; &release.prev;, has been corrected. Contributed Software BIND has been updated from 9.3.1 to 9.3.2-P1. GCC has been updated from 3.4.4 to 3.4.6. IPFilter has been updated from 4.1.8 to 4.1.13. less has been updated from v381 to v394. lukemftpd has been updated from a snapshot from NetBSD as of 9 August 2004 to a snapshot from NetBSD as of 31 August 2006. netcat has been updated from the version in a 4 February 2005 OpenBSD snapshot to the version included in OpenBSD 3.9. sendmail has been updated from 8.13.6 to 8.13.8. The timezone database has been updated from the tzdata2005r release to the tzdata2006g release. TrustedBSD OpenBSM, version 1.0 alpha 10, an implementation of the documented Sun Basic Security Module (BSM) Audit API and file format, as well as local extensions to support the Mac OS X and FreeBSD operating systems has been added. This also includes command line tools for audit trail reduction and conversion to text, as well as documentation of the commands, file format, and APIs. For this functionality, the AUDIT kernel option, /var/audit directory, and audit group have been added. Ports/Packages Collection Infrastructure &man.pkg.add.1; now supports an flag to disable checking whether the same package is already installed or not. Release Engineering and Integration The &man.sysinstall.8; utility now displays the running &os; version in menu titles. A /media directory has been added to contain mount points for removable media such as CDROMs, floppy disks, USB drives, and so on. The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.12.3 to 2.14.2. The supported version of the KDE desktop environment (x11/kde3) has been updated from 3.5.1 to 3.5.4. The supported Linux emulation now uses the libraries in the emulators/linux_base-fc4 package. Documentation The manual pages for NTP have been updated to 4.2.0, to match the version of code actually included in &os;. Documentation of existing functionality has been improved by the addition of the following manual pages: &man.nanobsd.8;, &man.sysctl.9;. Upgrading from previous releases of &os; Source upgrades to &os; &release.current; are only supported from &os; 5.3-RELEASE or later. Users of older systems wanting to upgrade &release.current; will need to update to &os; 5.3 or newer first, then to &os; &release.current;. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.