Index: stable/4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml =================================================================== --- stable/4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml (revision 89653) +++ stable/4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml (revision 89654) @@ -1,820 +1,829 @@ &os;/&arch; &release.current; Release Notes $FreeBSD$ The FreeBSD Project 2000 2001 2002 The FreeBSD Documentation Project The release notes for &os; &release.current; contain a summary of the changes made in the &os; base system since &release.prev;. Both changes for kernel and userland are listed, as well as applicable security advisories for the base system that were issued since the last release. Some brief remarks on upgrading are also presented. Introduction This document contains the release notes for &os; &release.current; on the &arch.print; hardware platform. It describes new features of &os; that have been added (or changed) since &release.prev;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Some pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining FreeBSD appendix in the FreeBSD Handbook. ]]> What's New This section describes the most user-visible new or changed features in &os; since &release.prev;. Typical release note items document new drivers or hardware support, new commands or options, major bugfixes, or contributed software upgrades. Security advisories for the base system that were issued after &release.prev; are also listed. Many additional changes were made to &os; that are not listed here for lack of space. For example, documentation was corrected and improved, minor bugs were fixed, insecure coding practices were audited and corrected, and source code was cleaned up. Kernel Changes The &man.amdpm.4; driver has been added to provide access to the system monitoring functions of the AMD 756 chip set. The kern.maxvnodes limit now properly limits the number of vnodes in use. Previously only vnodes with no cached pages could be freed; this could allow the number of vnodes to grow without limit on large-memory machines accessing many small files. A vnlru kernel thread helps to flush and reuse vnodes. A new KVA_SPACE kernel option can be used to reconfigure the size of the kernel virtual address space. Linux emulation now supports the kernel functionality required by the emulators/linux_base-7 (RedHat 7.X emulation) port. A MAXMEM kernel option, along with the hw.physmem loader tunable, can be used to artificially reduce the memory size of a machine for testing (or other purposes). The kernel configuration parameters MAXTSIZ, DFLDSIZ, MAXDSIZ, DFLSSIZ, MAXSSIZ, and SGROWSIZ are all loader tunables (kern.maxtsiz, kern.maxdfldsiz, etc.). Specifying a value of 0 for the maxusers kernel configuration parameter will now cause an appropriate value to be calculated at boot-time (between 32 and 512, depending on the amount of memory present). This value is now the default for all GENERIC kernels. The pmc driver, which supports the power management controller of the NEC PC-98NOTE, has been added. The console driver has gained support for TGA-based display adapters. The load addresses of kernels are now exported to the symbol table and various hard-coded constants have been removed so that utilities such as &man.ps.1; can work with kernels compiled at different addresses. Coredumps of large processes (or of a large number of processes) no longer lock up the machine for long periods of time. The number of memory pages allocated for the per-process kernel state has been increased from 2 to 3, to reduce the likelihood of kernel stack overflow (and subsequent corruption of per-process data structures). The system load average computation now adds some jitter to the timing of samples, in order to avoid synchronization with processes that run periodically. If a debugging kernel with modules is being built (i.e. using makeoptions DEBUG=-g), the modules will now be built with debugging support as well, for completeness. A side effect of this change is that modules built and installed with debugging kernels will now occupy more space on disk than they did previously. Compaq Tru64 and &os; keep the year in the TOY clock chip in different formats. Compaq Tru64 uses a year-value that is 52 years higher than &os;. In order to allow dual booting of an Alpha machine without clobbering the TOY clock setting, &os; now supports a boot environment variable clock_compat_osf1 to use Tru64's year values. By setting this variable to 1 from the ok prompt of the loader or by putting clock_compat_osf1=1 in /boot/loader.conf, an Alpha can be dual booted without time warps. The kernel on the installation CDs is now separated from the mfsroot image. This provides more flexibility when building custom &os; distributions. Processor/Motherboard Support The machine dependent code has been corrected to allow &os; to run on Alphaserver 2100 and 2100A machines based on EV5 Alpha processors. Machines with EV4 Alpha processors were already supported. Boot Loaders A new cdboot bootstrap utility for CDROMs provides better compatability with some BIOS implementations that do not completely implement the El Torito bootable CDROM standard. This boot loader supports no emulation mode booting, thus eliminating the need for an emulated floppy disk image on a bootable CDROM. This in turn permits the use of a full kernel when installing from CD on machines that support CD booting (instead of the stripped-down kernel used on floppies). While this functionality is not used in the &os; &release.current; ISO images, it may be used for future releases. In the meantime, this feature is available for users constructing custom distributions. The &man.loader.8; now has optional support (enabled at compile-time, off by default) for loading bzip2-compressed kernels and modules. The &os; boot loader is now capable of booting from filesystems with 16K disk blocks (the old limit was 8K). The &os; boot loader is now capable of booting from filesystems with block sizes larger than 8K. The &os; boot loader now supports a flag to force the kernel to pause after each line of output during the probing phase. Network Interface Support The &man.an.4; driver now supports monitor mode, settable via the option to &man.ancontrol.8;. The &man.bge.4; driver has been added to support the Broadcom BCM570x family of Gigabit Ethernet controllers, including the 3Com 3c996-T, the SysKonnect SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on Dell PowerEdge 2550 servers. Output TCP/IP checksum offload, jumbo frames and VLAN tag insertion/stripping are supported, as well as interrupt moderation. The &man.dc.4; driver now supports NICs based on the Conexant LANfinity RS7112 chip. The &man.de.4; driver now performs round-robin arbitration between the transmit and receive units of the 21143, instead of giving priority to the receive unit. This gives a 10–15% performance improvement in the forwarding rate under heavy load. The dgm driver has been updated from &os; -CURRENT. The &man.em.4; driver has been added to support NICs based on the Intel 82542, 82543, and 82544 Gigabit Ethernet controller chips. The driver supports transmit/receive checksum offload and jumbo frames on 82543 and 82544-based adapters. The &man.faith.4; device is now loadable, unloadable, and clonable. The &man.fxp.4; driver now supports Intel's loadable microcode to implement receive-side interrupt coalescing and packet bundling, on NICs that support these features. This support can be activated by the use of the option to &man.ifconfig.8;. The &man.gx.4; driver has been added to support NICs based on the Intel 82542 and 82543 Gigabit Ethernet controller chips. Both fiber and copper variants of the cards are supported. Both boards support VLAN tagging/insertion, and the 82543 additionally supports TCP/IP checksum offload. The sbni driver, for supporting the Granch SBNI12 series of ISA and PCI point-to-point communications interfaces, has been added. The sysutil/sbniconfig port in the &os; Ports Collection can be used for configuring these devices. The &man.sis.4; driver now supports the SiS 900-style on-board Ethernet controllers in the SiS 635 and 735 motherboard chipsets. The &man.sis.4; driver now supports VLANs. &man.vlan.4; devices are now loadable, unloadable, and clonable. The &man.wx.4; driver is now deprecated; it is now officially unmaintained. Users with Intel Pro/1000 Gigabit Ethernet interfaces should use either the &man.em.4; driver or the &man.gx.4; driver. (The &man.em.4; driver is supported by Intel, but only works on the i386 architecture. The &man.gx.4; driver was developed by the &os; Project, and is multi-platform.) The &man.xl.4; driver now supports send- and receive-side TCP/IP checksum offloading for NICs implementing this feature, such as the 3C905B, 3C905C, and 3C980C. A bug in the &man.xl.4; driver, related to statistics overflow interrupt handling, was causing slowdowns at medium to high packet rates; this has been fixed. The per-interface ifnet structure now has the ability to indicate a set of capabilities supported by a network interface, and which ones are enabled. &man.ifconfig.8; has support for querying these capabilities. Performance with hosts having a large number of IP aliases has been improved, by replacing the per-interface if_inaddr linear list with a hash table. The packet-forwarding performance of certain network drivers (specifically &man.dc.4; and &man.sis.4;) has been enhanced by the elimination of unnecessary buffer copies. Network Protocols The read timeout feature of &man.bpf.4; now works more correctly with &man.select.2;/&man.poll.2;, and therefore with pthreads. &man.bridge.4; and &man.dummynet.4; have received some enhancements and bug fixes, and are now loadable modules. A bug in the TCP NewReno implementation, which could cause degraded throughput under certain circumstances, has been fixed. TCP's default buffer sizes, controlled by the net.inet.tcp.sendspace and net.inet.tcp.recvspace sysctl variables, have been increased to 32K and 64K respectively. Previously, the default for both buffer sizes was 16K. To try to avoid increasing congestion, the default value for net.inet.tcp.local_slowstart_flightsize has been changed from infinity to 4. A bug in the TCP implementation, which could cause connections to stall if a sender saw a zero-sized window, has been corrected. The TCP implementation in &os; now implements a cache of outstanding, received SYN segments. Incoming SYN segments now cause entries to be placed in the cache until the TCP three-way handshake is complete, at which point, memory is allocated for the connection as usual. In addition, all TCP Initial Sequence Numbers (ISNs) are used as cookies, allowing entries in the cache to be dropped, but still have their corresponding ACKs accepted later. The combination of the so-called syncache and syncookies features makes a host much more resistant to TCP-based Denial of Service attacks. Work on this feature was sponsored by DARPA and NAI Labs. Disks and Storage The &man.aac.4; driver has been updated to include proper handling of commands initiated by the adapter, addition/removal of disk devices, crashdump functionality, and &man.ioctl.2; commands necessary for the management CLI. This driver is now fully qualified and sanctioned by Adaptec. The &man.ata.4; driver now supports a wider variety of chipsets, as listed in the Hardware Notes. The &man.ata.4; driver now has support for 48-bit addressing. Devices larger than 137GB are now supported. The &man.ata.4; driver now contains fixes for some data corruption problems on systems using the VIA 82C686B Southbridge chip. The ciss driver, for devices utilizing the Common Interface for SCSI-3 Support, has been added. This driver supports the Compaq SmartRAID 5* family of RAID controllers (5300, 532, 5i). Floppy access on the Alphaserver DS10 and DS20 is broken. Use results in corrupted floppies and/or machine crashes. The &man.isp.4; driver now supports the Qlogic 2300 and 2312 Optical Fibre Channel PCI cards. The ncv, nsp, and stg SCSI drivers can now be built and loaded as modules. Filesystems The directory layout preference algorithm for FFS (dirprefs) has been changed. Rather than scattering directory blocks across a disk, it attempts to group related directory blocks together. Operations traversing large directory hierarchies, such as the &os; Ports tree, have shown marked speedups. This change is transparent and automatic for new directories. The virtual memory subsystem now backs UFS directory memory requirements by default (this behavior is controlled via the vfs.vmiodirenable sysctl variable). A bug that prevented the root filesystem from being mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were always supported). The UFS_DIRHASH hash-based lookup optimization for large directories is now enabled by default in the GENERIC kernel. A number of bugs in the filesystem code, discovered through the use of the fsx filesystem test tool, have been fixed. Under certain circumstances (primarily related to use of NFS), these bugs could cause data corruption or kernel panics. PCCARD Support Various features have been merged from the &os; -CURRENT version of the &man.pcic.4; driver, including improved support for ToPIC-based laptops, 3.3V support for some controllers, and bugfixes. Multimedia Support The &man.urio.4; driver, for the Diamond Rio series of MP3 players, has been added. (For some reason, a manual page for this driver was committed to &os; 4.3-RELEASE.) Contributed Software IPFilter now supports IPv6. isdn4bsd &man.isdnphone.8; now supports a option for sending messages via the keypad facility to a PBX or exchange office. The &man.isic.4; driver now supports the Compaq Microcom 610 ISDN ISA PnP card. Security-Related Changes Per-user ~/.login.conf files were disabled in &os; &release.prev; to avoid a security hole caused by a bug. The bug was fixed and this feature has been re-enabled. A security hole in OpenSSH, which could allow users to execute code with arbitrary privileges if UseLogin yes was set, has been closed. Note that the default value of this setting is UseLogin no. (See security advisory FreeBSD-SA-01:63.) The use of an insecure temporary directory by &man.pkg.add.1; could permit a local attacker to modify the contents of binary packages while they were being installed. This hole has been closed. (See security advisory FreeBSD-SA-02:01.) A race condition in &man.pw.8;, which could expose the contents of /etc/master.passwd, has been eliminated. (See security advisory FreeBSD-SA-02:02.) A bug in &man.k5su.8; could have allowed a process that had given up superuser privileges to regain them. This bug has been fixed. (See security advisory FreeBSD-SA-02:07.) Userland Changes &man.arp.8; now prints the applicable interface name for each ARP entry. + A minimalized version of &man.camcontrol.8; is + now available on the installation floppy. This allows it to + rescan for devices that have been connected after booting, or to + show the devices attached to SCSI busses (e. g. from within the + emergency holographic shell). As a side-effect, + this allows devices attached to &man.aic.4;-based PCMCIA SCSI + adapters like the Adaptec APA-1460 to be used during + installation. + &man.cat.1; now has the ability to read from UNIX-domain sockets. The compat4x compatability distribution now includes versions of libcrypto.so.1 and libssl.so.1 that do not depend on the librsaUSA.so and librsaINTL.so libraries. This change improves compatability with binaries built for &os; 4.1-RELEASE and older. &man.edquota.8; now takes a option to allow limiting the prototype quota distribution (specified with ) to a single filesystem. &man.find.1; can now take various units of time to be applied to the primaries. &man.fmt.1; has been rewritten; the rewrite fixes a number of bugs compared to its prior behavior. &man.ftpd.8; now supports and options to disable the RETR command; the former for everybody, and the latter only for guest users. Coupled with and appropriate file permissions, these can be used to create a relatively safe anonymous FTP drop box for others to upload to. The &man.groups.1; and &man.whoami.1; shell scripts are now unnecessary; their functionality has been completely folded into &man.id.1;. &man.ipfw.8; will now avoid the display of dynamic firewall rules unless the flag is passed to it. The option lists expired dynamic rules. &man.ipfw.8; has a new limit type of firewall rule, which limits the number of sessions between address pairs. &man.keyinfo.1; is now a C program, rather than a Perl script. libfetch has been synchronized to the version in &os; -CURRENT; among other features, it now has support for an authentication callback. libstand now has support for filesystems containing bzip2-compressed files. Locale names have been renamed to improve compatibility with the names used by X11R6, as well as a number of other UNIX versions. As an example, the en_US.ISO_8859-1 locale name has been changed to en_US.ISO8859-1. Entries in /etc/locale.alias, /etc/man.alias, and /etc/nls.alias provide backward compatibility. The table below summarizes the locale changes: &os; &release.prev; &os; &release.current; ISO_* ISO* ru_SU* ru_RU* DIS_* ISO*-15 *.ASCII *.US-ASCII &man.lpd.8; now has some support for o-type print-file actions in its control files, which allows printing of PostScript files generated by MacOS 10.1. &man.natd.8; now supports a option to log packets that cannot be re-injected because they are blocked by &man.ipfw.8; rules. &man.netstat.1; now has a flag to reset statistics. &man.netstat.1; now has a flag to print addresses numerically but port names symbolically. The default number of cylinders per group in &man.newfs.8; is now computed to be the maximum allowable given the current filesystem parameters. It can be overridden with the option. Formerly, the default was fixed at 16. This change leads to better &man.fsck.8; performance and reduced fragmentation. The default block and fragment sizes for new filesystems created by &man.newfs.8; are now 16384 and 2048 bytes, respectively (the old defaults were 8192 and 1024 bytes). This change generally provides increased performance, at the expense of some wasted disk space. &man.newsyslog.8; now has the ability to compress log files using &man.bzip2.1;. &man.nl.1;, a line numbering filter program, has been added. &man.pciconf.8; now supports a option to display the vendor/device information of configured devices, in conjunction with the option. The default vendor/device database can be found at /usr/share/misc/pci_vendors. &man.ping.8; now supports a option to beep when packets are lost. &man.route.8; is now more verbose when changing indirect routes, in the case of a gateway route that is the same route as the one being modified. &man.route.8; now uses host/bits syntax instead of net/bits syntax, for compatibility with &man.netstat.1;. &man.route.8; can now create proxy only published ARP entries. The &man.route.8; command now supports the and modifiers. &man.send-pr.1; now takes a option to include a file into the Fix: section of a problem report. &man.sh.1; now implements test as a built-in command for improved efficiency. &man.sysctl.8; now supports a option to separate variable names and values by = rather than :. This feature is useful for producing output that can be fed back to &man.sysctl.8;. &man.sysinstall.8; now has the ability to load KLDs as a part of the installation. &man.sysinstall.8; now enables Soft Updates by default on all filesystems it creates, except for the root filesystem. &man.sysinstall.8; has received updates for its auto partitioning mode which provide more reasonable defaults for the sizes of partitions that are created; auto-sized partitions can now also recover the space that becomes available when other partitions are deleted. &man.syslogd.8; now has the ability to bind to a specific address (as opposed to using every available one) via the option. &man.syslogd.8; now accepts a flag to disable repeated line compression. Previously, &man.vnconfig.8; was only capable of configuring 16 devices when invoked with the (configuration file) option. This limit has been removed. &man.wall.1; now supports a flag to write a message to all users of a given group. &man.whois.1; supports a option to specify a country code to help direct queries towards a particular whois server. Contributed Software The version of IPFilter provided with &os; now includes the &man.ipfs.8; program, which allows state information created for NAT entries and stateful rules to be saved to disk and restored after a reboot. Boot-time configuration of these features is supported by &man.rc.conf.5;. The NTP suite of programs has been updated to 4.1.0. OpenSSH has been updated to version 2.9, which adds two new programs, &man.sftp.1; and &man.ssh-keyscan.1;. Among the various enhancements: Rekeying of existing SSH sessions is now supported, &man.ssh-agent.1; now supports authentication forwarding for DSA keys, and an experimental SOCKS4 proxy has been added to &man.ssh.1;. Protocol 1,2 remains the default protocol setting in /etc/ssh/ssh_config. In &os; -CURRENT, the default is Protocol 2,1. tcsh has been updated to version 6.11. Version 1.4.3 of the smbfs userland utilities have been imported. &man.smbutil.1; and &man.mount.smbfs.8; are now available in the base system, without the need to install the net/smbfs port. Note that &man.mount.smbfs.8; will automatically load the smbfs.ko module into the kernel, even if LIBMCHAIN and LIBICONV were not compiled into the kernel. The timezone database has been updated to the tzdata2001d release. CVS CVS has been updated to 1.11.1p1. &man.cvs.1; now supports a option to update a sandbox's CVS/Template file from the repository. &man.cvs.1; diff now supports the option to perform differences against a revision relative to a branch tag. Ports/Packages Collection &man.pkg.create.1; now supports a option to create a package file from a locally-installed package. &man.pkg.delete.1; now supports a option for recursive package removal. Upgrading from previous releases of &os; If you're upgrading from a previous release of &os;, you generally will have three options: Using the binary upgrade option of &man.sysinstall.8;. This option is perhaps the quickest, although it presumes that your installation of &os; uses no special compilation options. Performing a complete reinstall of &os;. Technically, this is not an upgrading method, and in any case is usually less convenient than a binary upgrade, in that it requires you to manually backup and restore the contents of /etc. However, it may be useful in cases where you want (or need) to change the partitioning of your disks. From source code in /usr/src. This route is more flexible, but requires more disk space, time, and more technical expertise. Upgrading from very old versions of &os; may be problematic; in cases like this, it is usually more effective to perform a binary upgrade or a complete reinstall. Please read the INSTALL.TXT file for more information, preferably before beginning an upgrade. If you are upgrading from source, please be sure to read /usr/src/UPDATING as well. Finally, if you want to use one of various means to track the -STABLE or -CURRENT branches of &os;, please be sure to consult the -CURRENT vs. -STABLE section of the FreeBSD Handbook. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.