Index: releng/7.1/release/doc/en_US.ISO8859-1/relnotes/article.sgml =================================================================== --- releng/7.1/release/doc/en_US.ISO8859-1/relnotes/article.sgml (revision 186642) +++ releng/7.1/release/doc/en_US.ISO8859-1/relnotes/article.sgml (revision 186643) @@ -1,867 +1,867 @@ %articles.ent; %release; ]>
&os; &release.current; Release Notes The &os; Project $FreeBSD$ 2000 2001 2002 2003 2004 2005 2006 2007 2008 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. Introduction This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. What's New This section describes the most user-visible new or changed features in &os; since &release.prev;. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Security Advisories - Problems described in the following security advisories has + Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from . Advisory Date Topic SA-08:05.openssh 17 April 2008 OpenSSH X11-forwarding privilege escalation SA-08:06.bind 13 July 2008 DNS cache poisoning SA-08:07.amd64 3 September 2008 amd64 swapgs local privilege escalation SA-08:08.nmount 3 September 2008 &man.nmount.2; local arbitrary code execution SA-08:09.icmp6 3 September 2008 Remote kernel panics on IPv6 connections SA-08:10.nd6 1 October 2008 IPv6 Neighbor Discovery Protocol routing vulnerability SA-08:11.arc4random 24 November 2008 &man.arc4random.9; predictable sequence vulnerability SA-08:12.ftpd 23 December 2008 Cross-site request forgery in &man.ftpd.8; SA-08:13.protosw 23 December 2008 netgraph / bluetooth privilege escalation Kernel Changes The &man.clock.gettime.2; and the related system calls now support a clock ID CLOCK_THREAD_CPUTIME_ID, defined in POSIX. The &man.cpuset.2; system call has been added. This is an API for thread to CPU binding and CPU resource grouping and assignment. The DTrace, a comprehensive dynamic tracing framework and &man.dtrace.1; userland utility have been imported from OpenSolaris. DTrace provides a powerful infrastructure to permit administrators, developers, and service personnel to concisely answer arbitrary questions about the behavior of the operating system and user programs. The &man.ddb.4; kernel debugger now has an output capture facility. Input and output from &man.ddb.4; can now be captured to a memory buffer for later inspection using &man.sysctl.8; or a textdump. The new capture command controls this feature. The &man.ddb.4; debugger now supports a simple scripting facility, which supports a set of named scripts consisting of a set of &man.ddb.4; commands. These commands can be managed from within &man.ddb.4; or with the use of the new &man.ddb.8; utility. More details can be found in the &man.ddb.4; manual page. The &man.ddb.4; ex command now supports an mode which interprets and prints the value at the requested address as a symbol. For example, ex /S aio_swake prints the name of the function currently registered in via aio_swake hook. The &man.ddb.4; show conifhk command has been added. This lists hooks currently waiting for completion in run_interrupt_driven_config_hooks(). The &man.fcntl.2; system call now supports F_DUP2FD command. This is equivalent to &man.dup.2;, and compatible with Sun Solaris and IBM AIX. The &os;'s &man.linux.4; ABI support now implements sched_setaffinity() and get_setaffinity() using real CPU affinity setting primitives. The client side functionality of &man.rpc.lockd.8; has been implemented in &os; kernel. This implementation provides the correct semantics for &man.flock.2; style locks which are used by the &man.lockf.1; command line tool and the &man.pidfile.3; library. It also implements recovery from server restarts and ensures that dirty cache blocks are written to the server before obtaining locks (allowing multiple clients to use file locking to safely share data). Also, a new kernel option options NFSLOCKD has been added and enabled by default. If the kernel support is enabled, &man.rpc.lockd.8; automatically detects and uses the functionality. The &os; kernel now supports a new textdump format of kernel dumps. A textdump provides higher-level information via mechanically generated/extracted debugging output, rather than a simple memory dump. This facility can be used to generate brief kernel bug reports that are rich in debugging information, but are not dependent on kernel symbol tables or precisely synchronized source code. More information can be found in the &man.textdump.4; manual page. The &man.wait4.2; system call now supports flag to keep the process whose status is returned in a waitable state and which is equivalent to . The &os; kernel now supports initial support of binding interrupts to CPUs. The &man.sched.ule.4; scheduler is now the default process scheduler in GENERIC kernels. The sysctl variables kern.features.compat_freebsd[456] have been added. These are corresponding to the kernel options COMPAT_FREEBSD[456]. Boot Loader Changes The BTX kernel used by the boot loader has been changed to invoke BIOS routines from real mode. This change makes it possible to boot &os; from USB devices. A new gptboot boot loader has been added to support booting from a GPT labeled disk. A new boot command has been added to &man.gpt.8;, which makes a GPT disk bootable by writing the required bits of the boot loader, creating a new boot partition if required. Hardware Support The &man.cmx.4; driver, a driver for Omnikey CardMan 4040 PCMCIA smartcard readers, has been added. The &man.kbdmux.4; driver has been added. The &man.sunkbd.4; now supports &man.atkbd.4; emulation like &man.ukbd.4;. The nvram(4) driver is now MPSAFE. An option of the &man.puc.4; driver PUC_FASTINTR has been no longer supported. The &man.psm.4; driver now attempts detection of Synaptics touchpad before IntelliMouse. Some touchpads will pretend to be IntelliMouse causing the IntelliMouse probe to work and the Synaptics detection never to be done. The &man.uslcom.4; driver, a driver for Silicon Laboratories CP2101/CP2102-based USB serial adapters, has been imported from OpenBSD. Multimedia Support The &man.agp.4; driver now supports Intel G33 and G45. The dpms(4) driver has been added to use the VESA BIOS for DPMS during suspend and resume. The DRM kernel driver now supports i915 GME devices. Network Interface Support The &man.ale.4; driver has been added to provide support for Atheros AR8121/AR8113/AR8114 Gigabit/Fast Ethernet controllers. This driver is not enabled in GENERIC kernels for this release. The &man.em.4; driver has been split into two drivers with some common parts. The &man.em.4; driver will continue to support adapters up to the 82575, as well as new client/desktop adapters. A new &man.igb.4; driver will support new server adapters. The &man.hme.4; driver has been improved. The &man.ixgbe.4; driver has been updated to version 1.6.2 from Intel. A bug in some of the &man.miibus.4; supported drivers that IEEE 802.3 auto-negotiation was performed in a wrong order, has been fixed. Now it chooses the correct technologies supported by IEEE 802.3 in the order described in Annex 28B.3. A workaround has been added for a bug in TCP/UDP hardware checksum offload of the &man.msk.4; driver for short frames. Note that for frames that requires hardware VLAN tag insertion, the checksum offload workaround does not work due to changes of checksum offset in mbuf after the VLAN tag. So disabling hardware checksum offload for the VLAN interface is needed in such cases. The &man.ndis.4; NDIS miniport driver wrapper has been improved. The &man.sf.4; driver has been improved and now supports checksum offloading. The &man.stge.4; driver now supports WOL (Wake on LAN). The &man.vr.4; driver has been improved. The &man.wpi.4; driver has been updated to include a number of stability fixes. Network Protocols The &man.arp.8; utility now supports reject and blackhole keywords. In the entry marked as reject, traffic to the host will be discarded and the sender will be notified the host is unreachable. In the entry marked as blackhole, traffic is discarded but the sender is not notified. The &man.bpf.4; now supports an ioctl BIOCSETFNR. This is just like BIOCSETF but it does not drop all the packets buffered on the descriptor and reset the statistics. The &man.if.bridge.4; now allow to limit the number of source MACs that can be behind a bridge interface via ifmaxaddr parameter of &man.ifconfig.8;. A bug in the &man.carp.4; interface configuration which leads to a system panic has been fixed. The &man.dummynet.4; subsystem now supports fast mode operation which allows certain packets to bypass the dummynet scheduler. This can achieve lower latency and lower overhead when the packet flow is under the pipe bandwidth, and eliminate recursion in the subsystem. The new sysctl variable net.inet.ip.dummynet.io_fast has been added to enable this feature. The &man.enc.4; now supports sysctl variables to control whether the firewalls or &man.bpf.4; will see inner and outer headers or just inner or outer headers for incoming and outgoing IPsec packets. The &man.gre.4; now supports ioctls GRESKEY and GREGKEY which allows set or get GRE key used for outgoing packets. A bug in the &man.ipsec.4; subsystem that PMTU was broken in those cases when there was a route with a lower MTU than the MTU of the outgoing interface, has been fixed. The netatm subsystem has been removed due to lacking of multiprocessor support. The &man.ng.nat.4; now supports redirect functionality in libalias. For more details, see the manual page. The &man.ng.pptpgre.4; now supports multiple hooks like &man.ng.l2tp.4;, to use one pair of pptpgre and ksocket nodes for all calls between two peers. The &man.resolver.3; now allows underscore in domain names. Although this is a violation of RFC 1034 [STD 13], it is accepted by certain name servers as well as other popular operating systems' resolver library. A socket option TCP_CONGESTION for TCP socket has been added. This is for setting and retrieving the congestion control algorithm. The name used is to allow compatibility with Linux. The &man.rwlock.9; has been used throughout the inpcbinfo and inpcb infrastructure, and protocols that depend on that infrastructure, including UDP, TCP, and IP raw sockets to reduce the lock contentions. Disks and Storage The &man.aac.4; driver now supports 64-bit array support for RAIDs larger than 2TB and simultaneous opens of the device for issuing commands to the controller. The &man.ata.4; driver now supports a loader variable hw.ata.ata_dma_check_80pin. This can be used to disable the 80pin cable check on broken systems such as certain laptops and Soekris boards. The default value is 1. A data corruption problem of the &man.ata.4; driver on ServerWorks HT1000 chipsets has been fixed. The &man.ciss.4; driver now supports a loader tunable hw.ciss.nop_message_heartbeat for NOP-message polling in ciss_periodic(). This can be used as a workaround for ADAPTER HEARTBEAT FAILED issue. The default value is 0 (disabled). The geom_part GEOM class can be built as a kernel module. The geom_linux_lvm GEOM class can be built as a kernel module. The &man.hptrr.4; driver has been updated to version 1.2 from Highpoint. A buffer overflow in the &man.iir.4; driver has been fixed. This likely fixes a great number of weird problems that have been reported with this driver. The &man.mpt.4; driver now supports mpt_user personality. The &man.rr232x.4; driver has been superseded by &man.hptrr.4; driver. The &man.twa.4; driver has been improved with regard to stability on machines with a plenty of memory and high CPU load. File Systems The &man.fdescfs.5; is now MPSAFE. The &man.gpart.8; now supports BSD disklabels (option GEOM_PART_BSD) and VTOC8 disklabels (option GEOM_PART_VTOC8). The &man.gvinum.8; now accepts volume parameter when creating a plex. A pathname lookup bug of a UNIX domain socket in the unionfs(7) has been fixed. Userland Changes The &man.adduser.8; utility now supports a option to set the mode of a new user's home directory. The &man.atacontrol.8; utility now supports a spindown command to set or report timeout after which the device will be spun down. The &man.chflags.1; now supports a flag for verbose output, a flag to ignore errors, and to allow setting flags on symbolic links with the same semantics as (for example) &man.chmod.1;. The &man.cp.1; now supports a flag, which is equivalent to flags. A bug in the &man.cp.1; utility which prevents POSIX.1e ACL (see also &man.acl.3;) from copying properly has been fixed. The &man.cron.8; utility now supports flag which overrides the default mail recipient for cron mails unless explicitly provided by MAILTO= line in crontab file. The &man.dhclient.8; now supports more options described in &man.dhcp-options.5;. The &man.dhclient.8; now supports is_default_interface() function which determines if this interface is one with the default route. A bug in the &man.dhclient.8; that prevents removal of the default route from working has been fixed. The &man.environ.7;, environment array of strings now supports unsetting a variable by setting the first character to NULL. This is required by third-party software such as Dovecot and Postfix. The &man.fdisk.8; now supports a flag to not display any warnings. The &man.fetch.1; program and libfetch library now supports a NO_PROXY environment variable. This specifies comma- or whitespace-separated list of host names for which proxies should not be used. If a single asterisk is specified, the use of proxies is disabled. The &man.ffsll.3; and &man.flsll.3; functions have been added. These functions are the same as &man.ffs.3; and &man.fls.3; except that they accept long long as the arguments. The &man.fortune.6; program now supports FORTUNE_PATH environment variable to specify search path of the fortune files. A bug in the &man.fortune.6; program that prevents option with multiple files from working has been fixed. The &man.freebsd-update.conf.5; now supports IDSIgnorePaths statement. The &man.fwcontrol.8; utility now supports option which specifies node as the root node on the next bus reset. The &man.gcc.1; now accepts option properly; it was hardcoded as . The &man.gpt.8; now supports ZFS. The &man.ifconfig.8; now supports display of WPS IE (Wireless Provisioning Services Information Element). The &man.kgdb.1; now supports an add-kld kld command to locate a &man.kld.4; and load its symbols. The &man.kgdb.1; now has a shared library backend for kernel files that treats &man.kld.4; as shared libraries and auto-loading symbols for &man.kld.4; on startup. The &man.kgdb.1; now supports a tid command and other kernel module related commands even for a remote target. The &man.kvm.getcptime.3; function to obtain the global CPU time statistics from the kernel has been added. The libalias library now supports PORT and EPRT FTP commands in lowercase. The &man.man.1; now includes a limited support of &man.bzip2.1;-compressed manual pages. The &man.mdconfig.8; now supports a (verbose) flag to command. It shows size and backing store of all &man.md.4; devices at one time. The &man.memrchr.3; function has been added. This behaves like &man.memchr.3; except that it locates the last occurrence of the specified character in the string. The incorrect output grammar of &man.morse.6; program has been fixed. The &man.mountd.8; utility now supports option which specifies IP addresses to bind to for TCP and UDP requests. This option may be specified multiple times. If no option is specified, INADDR_ANY will be used. Note that when specifying IP addresses with this option, it will automatically add 127.0.0.1 and if IPv6 is enabled, ::1 to the list. The &man.moused.8; utility now supports flag which changes the speed of scrolling and changes option behavior to only affect the scroll threshold. The &man.mv.1; now support POSIX specification when moving a directory to an existing directory across devices. The &man.periodic.8; now supports daily_status_mail_rejects_shorten configuration variable in &man.periodic.conf.5;. This allows the rejected mail reports to tally the rejects per blacklist without providing details about individual sender hosts. The default configuration keeps the reports in their original form. The &man.ping6.8; now uses exit status of 0 and 2 in the same manner as &man.ping.8;. The &man.ping6.8; now supports an flag, which makes &man.ping6.8; exit successfully after receiving one reply packet. The &man.ping6.8; now supports and flags, which are equivalent to &man.ping.8;'s and flags, respectively. The minimum allowed interval of &man.ping6.8; has been decreased to 0.000001 from 0.01. The &man.realpath.1; utility now supports a flag to suppress warnings; it now also accepts multiple paths on its command line. The &man.rfcomm.pppd.8; now supports a flag to register DUN (Dial-Up Networking) service in addition to the LAN (LAN Access Using PPP) service. The &man.sdpd.8; now supports a NAP, GN, and PANU profiles. The &man.setkey.8; utility now accepts esp as a protocol name for the spdadd command. A bug in &man.telnetd.8; that it attempts authentication even when option is specified has been fixed. The &man.top.1; and &man.vmstat.8; now support flag which displays per-CPU statistics. The &man.traceroute.8; now supports an flag to display AS number corresponding to the lookup IP address on each hop. It will query the number to WHOIS server specified in option. If no is specified, whois.radb.net will be used as the default value. The &man.uuid.enc.le.3;, &man.uuid.dec.le.3;, &man.uuid.enc.be.3;, and &man.uuid.dec.be.3; functions have been added. These functions encode/decode a binary representation of a UUID. The &man.watch.8; utility now supports more than 10 &man.snp.4; devices at a time. The &man.ypserv.8; now supports a option to specify the port number on which it should listen. <filename>/etc/rc.d</filename> Scripts The &man.rc.conf.5; now supports dummynet_enable variable which allow &man.dummynet.4; kernel module to be loaded when firewall_enable is YES. The ntpd &man.rc.8; script can work with no configuration file /etc/ntp.conf now. The ppp &man.rc.8; script now supports multiple instances. For more details, see description of ppp_profile variable in &man.rc.conf.5;. The sysctl &man.rc.8; script now supports loading /etc/sysctl.conf.local in addition to /etc/sysctl.conf. The &man.rc.conf.5; now supports configuration of interfaces and attached networks for firewall rule set by rc.firewall when firewall_type is simple or client. See firewall_client_net, firewall_simple_iif, firewall_simple_inet, firewall_simple_oif, and firewall_simple_onet. Contributed Software am-utils has been updated from version 6.0.10p1 to version 6.1.5. ISC BIND has been updated to version 9.4.2-P2. awk has been updated from 1 May 2007 release to the 23 October 2007 release. bzip2 has been updated from version 1.0.4 to version 1.0.5. CVS has been updated to version 1.11.22.1. hostapd has been updated to version 0.5.10 + radius ACL support. libarchive has been updated to version 2.5.5. ncurses library has been updated to version 5.6-20080503. NTP has been updated to version 4.2.4p5. OpenPAM has been updated from the Figwort release to the Hydrangea release. OpenSSH has been updated from version 4.5p1 to version 5.1p1. The &man.resolver.3; library has been updated to one of ISC BIND 9.4.3. sendmail has been updated from version 8.14.2 to version 8.14.3. The timezone database has been updated from the tzdata2007h release to the tzdata2008h release. wpa_supplicant has been updated to version 0.5.10 + syslog support. Release Engineering and Integration The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.20.1 to 2.22. The supported version of the KDE desktop environment (x11/kde3) has been updated from 3.5.8 to 3.5.10. Upgrading from previous releases of &os; Beginning with &os; 6.2-RELEASE, binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC or SMP kernels distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded have Internet connectivity. An older form of binary upgrade is supported through the Upgrade option from the main &man.sysinstall.8; menu on CDROM distribution media. This type of binary upgrade may be useful on non-&arch.i386;, non-&arch.amd64; machines or on systems with no Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.