Index: stable/4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml =================================================================== --- stable/4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml (revision 81846) +++ stable/4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml (revision 81847) @@ -1,611 +1,611 @@ $FreeBSD$ What's New This section describes the most user-visible new or changed features in &os; since &release.prev;. Many additional changes were made to &os; that are not listed here for lack of space. For example, documentation was corrected and improved, minor bugs were fixed, insecure coding practices were audited and corrected, and source code was cleaned up. The release notes items are organized into three different sections. lists recent changes to the &os; kernel. Security fixes, including those pertaining to security advisories, are listed in . Finally, covers changes to &os; userland applications included in the base system. Kernel Changes The O_DIRECT flag has been added to &man.open.2; and &man.fcntl.2;. Specifying this flag for open files will attempt to minimize the cache effects of reading and writing. An &man.orm.4; device has been added to claim the option ROMs in the ISA memory I/O space, to prevent other drivers from mistakenly assigning addresses that conflict with these ROMs. The out-of-swap process termination code now begins killing processes earlier to avoid deadlocks; it now also takes into account the swap space used by processes when computing the process sizes. Network device cloning has been implemented, and the &man.gif.4; device has been modified to take advantage of it. Thus, instead of specifying how many &man.gif.4; interfaces are available in kernel configuration files, &man.ifconfig.8;'s option should be used when another device instance is desired. Two new &man.ddb.4; commands, hwatch and dhwatch, have been introduced. Analogous to watch and dwatch, they install hardware watchpoints (as opposed to software watchpoints) if supported by the architecture. A &man.nmdm.4; null-modem terminal driver has been added. The maxusers kernel configuration parameter is now a boot-time tunable variable. The kernel parameters derived from maxusers are now also tunables and can be overridden at boot-time. The hz parameter is also now a tunable. Processor/Motherboard Support Detection for new processors, such as the Transmeta Crusoe, and Transmeta Crusoe with LongRun, has been added. Because of space constraints on the boot floppy support for DEC3000 TurboChannel-based machines has been removed from the installation kernel. For the same reason the following device drivers are no longer present in the installation kernel: ncr, sa, amr, plip, le, pcn, wx and sl. Note that most if not all Symbios adapters are covered by the new sym driver. Support for Streaming SIMD Extensions (SSE) has been introduced. The CPU_ENABLE_SSE kernel option controls whether support is compiled into the kernel. Network Interface Support The &man.fxp.4; driver now requires a device miibus entry in the kernel configuration file. The &man.wx.4; driver now supports the Intel PRO1000-F and PRO1000-T (10/100/1000) adapters. The &man.an.4; driver has received a few bug fixes; promiscuous mode now works, and it can be configured before being brought up. The &man.xl.4; driver now supports reception of VLAN tagged frames (on the Cyclone or newer chipsets). The &man.ti.4; driver correctly masks VLAN tags. Added the &man.nge.4; driver, which supports PCI Gigabit Ethernet adapters based on the National Semiconductor DP83820 and DP83821 Gigabit Ethernet controller chips, including the D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T. This driver supports transmit and receive checksum offloading. The &man.lge.4; driver has been added to support the Level 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This device is used on some fiber optic GigE cards from SMC, D-Link and Addtron. Jumbograms and TCP/IP checksum offload on receive are supported, although hardware VLAN filtering is not. The &man.tx.4; driver now supports the fiber-optic SMC 9432FTX NICs. The &man.ed.4; driver now has support for D-Link DL10022 chips, necessary for the NetGear FA-410TX and other cards. As a result, device miibus is required in kernel configurations using the &man.ed.4; driver. The &man.txp.4; driver has been added to support NICs based on the 3Com 3XP Typhoon/Sidewinder (3CR990) chipset. Network Protocols TCP now has RFC 1323 extensions enabled by default in &man.rc.conf.5;. RFC 1323 and RFC 1644 TCP extensions are now disabled for a connection in progress if no response has been received by the third SYN segment sent. This behavior tries to work around (very old) terminal servers with buggy VJ header compression implementations. The TCP_RESTRICT_RST kernel option has been removed. Similar functionality can be achieved with the net.inet.tcp.blackhole sysctl variable. The TCP implementation no longer requires the allocation of a TCP template structure for each connection; this should reduce the buffer usage on large systems handling many connections. A new options RANDOM_IP_ID kernel option causes the ID field of IP packets to be randomized. This closes a minor information leak which allows a remote observer to determine the rate at which the machine is generating packets, since the default behavior is to increment a counter for each packet sent. Disks and Storage The &man.ata.4; driver again has write-caching enabled by default. The &man.wd.4; compatibility devices were removed from the &man.ata.4; driver. Filesystems smbfs (CIFS) support in kernel has been added. The corresponding userland filesystem mount utility can be found in the net/smbfs port in the &os; Ports Collection. A simple hash-based lookup optimization for large directories called dirhash has been added. Conditional on the UFS_DIRHASH kernel option, it improves the speed of operations on very large directories at the expense of some memory. Multimedia Support A driver for the Advance Logic ALS4000 has been added. Contributed Software IPFilter has been updated to 3.4.20. isdn4bsd isdn4bsd has been updated to version 1.0.1. As a result of this update, users of the &man.i4bisppp.4; (kernel PPP over ISDN) driver must now use &man.ispppcontrol.8; instead of &man.spppcontrol.8; to configure and control these network interfaces. The &man.ihfc.4; driver for supporting Cologne Chip Designs HFC devices under isdn4bsd has been added. The &man.itjc.4; driver for supporting NETjet-S / Teles PCI-TJ devices under isdn4bsd has been added. Experimental support for the Eicon.Diehl DIVA 2.0 and 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; isdn4bsd driver. Active CAPI-based ISDN cards manufacured by AVM are now supported using the &man.i4bcapi.4; and the &man.iavc.4; driver. The supported cards are the AVM B1 PCI and AVM B1 ISA Basic Rate cards and the AVM T1 Primary Rate cards. A new maxconnecttime keyword is now accepted in &man.isdnd.rc.5; files to limit the time a connection may remain open. KAME The IPv6 stack is now based on a snapshot based on the KAME Project's IPv6 snapshot as of 28 May, 2001. Most of the items listed in this section are a result of this import. lists userland updates to the KAME IPv6 stack. &man.gif.4; is now based on RFC 2893, rather than RFC 1933. The IFF_LINK2 interface flag can be used to control ingress filtering. IPSec has received some enhancements, including the ability to use the Rijndael and SHA2 algorithms. IPSec RC5 support has been removed due to patent issues. &man.stf.4; now conforms to RFC 3056; the IFF_LINK2 interface flag can be used to control ingress filtering. IPv6 has better checking of illegal addresses (such as loopback addresses) on physical networks. The IPV6_V6ONLY socket option is now completely supported. The kernel's default behavior with respect to this option is controlled by the net.inet6.ip6.v6only sysctl variable. RFC 3041 (Privacy Extensions for Stateless Address Autoconfiguration) is now supported. It can be enabled via the net.inet6.ip6.use_tempaddr sysctl variable. Security-Related Changes The security fix mentioned in security advisory FreeBSD-SA-01:39, which governs initial sequence number generation for TCP connections, has raised some possible compatibility issues. To mitigate this effect, the fix can now be enabled or disabled using the net.inet.tcp.tcp_seq_genscheme sysctl variable. A vulnerability in the &man.fts.3; routines (used by applications for recursively traversing a filesystem) could allow a program to operate on files outside the intended directory hierarchy. This bug has been fixed (see security advisory FreeBSD-SA-01:40). The portmapper, /usr/sbin/portmap, is now turned off by default. However, if you turn on NFS server, NIS services, or Amd; the portmapper will still be started. A flaw allowed some signal handlers to remain in effect in a child process after being exec-ed from its parent. This allowed an attacker to execute arbitrary code in the context of a setuid binary. This flaw has been corrected (see security advisory FreeBSD-SA-01:42). A remote buffer overflow in &man.tcpdump.1; has been fixed (see security advisory FreeBSD-SA-01:48). A remote buffer overflow in &man.telnetd.8; has been fixed (see security advisory FreeBSD-SA-01:49). The new net.inet.ip.maxfragpackets and net.inet.ip6.maxfragpackets sysctl variables limit the amount of memory that can be consumed by IPv4 and IPv6 packet fragments, which defends against some denial of service attacks (see security advisory FreeBSD-SA-01:52). The number of security profiles available in &man.sysinstall.8; for new installations has been reduced to two. All services in inetd.conf are now disabled by default for new installations. &man.sysinstall.8; gives the option of enabling or disabling &man.inetd.8; on new installations, as well as editing inetd.conf. Userland Changes &man.ip6fw.8; now has the ability to use a preprocessor and use the (quiet) flag when reading from a file. &man.ping.8; now supports a option to set the TTL of outgoing packets. &man.ln.1; now takes a flag to avoid following a target that is a link, with a flag for compatibility with other implementations. &man.find.1; now has the , , , , and primaries for comparisons of file timestamps. The performance of the ELF dynamic linker has been improved. &man.ifconfig.8; can now accept addresses in slash/CIDR notation. &man.c89.1; has been converted from a shell script to a binary executable, fixing some minor bugs. &man.vidcontrol.1; now supports a to take a snapshot of a &man.syscons.4; video buffer. These snapshots can be manipulated by some of the scr2* utilities in the Ports Collection. &man.vidcontrol.1; now allows the user to omit the font size specification when loading a font, and has some better error-handling. &man.telnet.1; now supports a flag to allow connections to UNIX-domain (AF_UNIX) sockets. &man.newfs.8; now takes a option to enable softupdates on a new filesystem. libcrypt now has support for Blowfish password hashing. Ukrainian language support has been added to the &os; console. &man.savecore.8; now works correctly on machines with 2 GB or more of RAM. The syntax of &man.inetd.8;'s support for &man.faithd.8; is now compatible with that of other BSDs. The ident protocol support in &man.inetd.8; has been cleaned up and updated. &man.inetd.8; now has the ability to manage UNIX-domain sockets. The &man.resolver.3; in &os; now implements EDNS0 support, which will be necessary when working with IPv6 transport-ready resolvers/DNS servers. &man.df.1; now takes a option to only display information about locally-mounted filesystems. &man.whois.1; now directs queries for IP addresses to ARIN. If a query to ARIN references APNIC or RIPE, the appropriate server will also be queried, provided that the option is not specified. The to &man.dump.8; no longer swallows an extra argument. &man.dump.8; has a new option, allowing the path to the /etc/dumpdates file to be changed. libfetch now has support for a - HTTP_USER_AGENT environment variable. + HTTP_USER_AGENT environment variable. The &man.getprogname.3; and &man.setprogname.3; library functions have been added to manipulate the name of the current program. They are used by error-reporting routines to produce consistent output. &man.xargs.1; gained a option which allows the user to specify exactly where in the command line the input should be retrofitted. &man.ifconfig.8; now has support for setting parameters for IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4; devices are supported. &man.ifconfig.8; no longer displays the list of supported media by default. Instead it displays it when the is given. &man.lpd.8; now takes two new options: will log all connection errors to &man.syslogd.8;, while will allow connections from non-reserved ports. &man.lpc.8; has been improved; lpc clean is now somewhat safer, and a new lpc tclean command has been added to check to see what files would be removed by lpc clean. &man.du.1; now takes a command-line flag to ignore/skip files and subdirectories matching a specified shell-glob mask. &man.growfs.8;, a utility for growing FFS filesystems, has been added. &man.ffsinfo.8;, a utility for dump all the meta-information of an existing filesystem, has also been added. &man.mail.1; now takes a flag to avoid sending messages with empty bodies. &man.vidcontrol.1; now supports a option to clear the history buffer for a given tty, as well as a to set the size of the history buffer. &man.last.1; now implements a that provides a snapshot of who was logged in at a particular date and time. libcrypt and libdescrypt have been unified to provide a configurable password authentication hash library. Both the md5 and des hash methods are provided unless the des hash is specifically compiled out. &man.install.1; has a number of new features, including the and options for backing up existing target files and the option for safe (atomic copy) operation. The (copy) flag is now the default, and the (debugging) flag has been withdrawn. &man.install.1; now issues a warning if (create directories) and (copy changed files only) are used together. The &os; Makefile infrastructure now supports the WARNS directive from NetBSD. This directive controls the addition of compiler warning flags to CFLAGS in a relatively compiler-neutral manner. A new &man.fsck.msdosfs.8; utility has been added to check the consistency of MS-DOS filesystems. The &man.kldconfig.8; utility has been added to make it easier to manipulate the kernel module search path. &man.moused.8; now takes a to control mouse acceleration. The tcpmssfixup &man.ppp.8; option now adjusts the maximum receive segment size of incoming TCP SYN segments as well as outgoing TCP SYN segments. &man.sysctl.8; now supports a option to print out variable names only. &man.sysctl.8; has replaced the and options with and respectively; the former options are now deprecated. The is deprecated as well; it is not needed to determine the user's intentions. &man.cdcontrol.1; now supports next and prev commands to skip forwards or backwards a specified number of tracks while playing an audio CD. &man.col.1; now takes a to force unknown control sequences to be passed through unchanged. &man.tmpnam.3; will now use the TMPDIR environment variable, if set, to specify the location of temporary files. Contributed Software BIND is now built with the NOADDITIONAL flag, which causes &man.named.8; to operate in a more consistent fashion for certain common misconfigurations. BIND has been updated to 8.2.4-REL. Binutils have been upgraded to 2.11.2. The &man.ee.1; Easy Editor has been updated to 1.4.2. file has been updated to 3.36. &man.gcc.1; now supports the environment variable - GCC_OPTIONS, which can hold a set of default + GCC_OPTIONS, which can hold a set of default options for GCC. GNATS has been updated to 3.113. groff and its related utilities have been updated to FSF version 1.17.2. This import brings in a new &man.mdoc.7; macro package (sometimes referred to as mdocNG), which removes many of the limitations of its predecessor. OpenSSL has been upgraded to 0.9.6a. sendmail and associated utilities have been upgraded to version 8.11.5. See /usr/src/contrib/sendmail/RELEASE_NOTES for more information. &man.traceroute.8; now takes its default maximum TTL value from the net.inet.ip.ttl sysctl variable. tcpdump has been updated to 3.6.3. bzip2 1.0.1 has been imported; this brings the &man.bzip2.1; program and the libbz2 library to the base system. libpcap has been updated to 0.6.2. KAME The IPv6 stack is now based on a snapshot based on the KAME Project's IPv6 snapshot as of 28 May, 2001. Most of the items listed in this section are a result of this import. lists kernel updates to the KAME IPv6 stack. &man.faithd.8; now supports a configuration file for access control. &man.ifconfig.8; can now perform the functions of &man.gifconfig.8;. &man.ifconfig.8; can now perform the functions of &man.prefix.8;. &man.prefix.8; is now a shell script for partial backwards compatibility. &man.ndp.8; now implements garbage collection for stale NDP entries, as described in RFC 2461 (Neighbor Discovery for IP Version 6 (IPv6)). &man.pim6dd.8; and &man.pim6sd.8; have been removed due to restrictive licensing conditions. These programs are available in the ports collection as net/pim6dd and net/pim6sd. &man.route6d.8; now supports a flag to avoid updating the kernel forwarding table. The (router renumbering) option to &man.rtadvd.8; is currently ignored. Ports/Packages Collection &man.pkg.version.1; now takes a flag to limit its operation to ports/packages matching a given string.