Deleted Added
sdiff udiff text old ( 115373 ) new ( 115963 )
full compact
article.xml (115373) article.xml (115963)
1<articleinfo>
2 <title>&os;/&arch; &release.current; Release Notes</title>
3
4 <corpauthor>The FreeBSD Project</corpauthor>
5
1<articleinfo>
2 <title>&os;/&arch; &release.current; Release Notes</title>
3
4 <corpauthor>The FreeBSD Project</corpauthor>
5
6 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 115373 2003-05-28 21:01:22Z hrs $</pubdate>
6 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 115963 2003-06-07 17:38:18Z bmah $</pubdate>
7
8 <copyright>
9 <year>2000</year>
10 <year>2001</year>
11 <year>2002</year>
12 <year>2003</year>
13 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
14 </copyright>

--- 96 unchanged lines hidden (view full) ---

111 practices. Clearly the release notes cannot list every single
112 change made to &os; between releases; this document focuses
113 primarily on security advisories, user-visible changes, and major
114 architectural improvements.</para>
115
116 <sect2 id="security">
117 <title>Security Advisories</title>
118
7
8 <copyright>
9 <year>2000</year>
10 <year>2001</year>
11 <year>2002</year>
12 <year>2003</year>
13 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
14 </copyright>

--- 96 unchanged lines hidden (view full) ---

111 practices. Clearly the release notes cannot list every single
112 change made to &os; between releases; this document focuses
113 primarily on security advisories, user-visible changes, and major
114 architectural improvements.</para>
115
116 <sect2 id="security">
117 <title>Security Advisories</title>
118
119 <para>A remotely exploitable vulnerability in
120 <application>CVS</application> has been corrected with the
121 import of version 1.11.5. More details can be found in security
122 advisory <ulink
123 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc">FreeBSD-SA-03:01</ulink>.
124 &merged;</para>
119 <para></para>
125
120
126 <para>A timing-based attack on <application>OpenSSL</application>,
127 which could allow a very powerful attacker access to plaintext
128 under certain circumstances, has been prevented via an upgrade
129 to <application>OpenSSL</application> 0.9.7. See security
130 advisory <ulink
131 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc">FreeBSD-SA-03:02</ulink>
132 for more details. &merged;</para>
133
134 <para>The security and performance of the
135 <quote>syncookies</quote> feature has been improved to decrease
136 the chance of an attacker being able to spoof connections.
137 More details are given in security advisory <ulink
138 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc">FreeBSD-SA-03:03</ulink>. &merged;</para>
139
140 <para>Remotely-exploitable buffer overflow vulnerabilities in
141 <application>sendmail</application> have been fixed by updating
142 <application>sendmail</application>. For more
143 details, see security advisory <ulink
144 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc">FreeBSD-SA-03:04</ulink>
145 and <ulink
146 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc">FreeBSD-SA-03:07</ulink>.
147 &merged;</para>
148
149 <para>A bounds-checking bug in the XDR implementation, which could
150 allow a remote attacker to cause a denial-of-service, has been
151 fixed. For more details see security advisory <ulink
152 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:05.xdr.asc">FreeBSD-SA-03:05</ulink>.
153 &merged;</para>
154
155 <para>Two recently-publicized flaws in
156 <application>OpenSSL</application> have been corrected. For
157 more details, see security advisory <ulink
158 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:06.openssl.asc">FreeBSD-SA-03:06</ulink>.
159 &merged;</para>
160
161 </sect2>
162
163 <sect2 id="kernel">
164 <title>Kernel Changes</title>
165
121 </sect2>
122
123 <sect2 id="kernel">
124 <title>Kernel Changes</title>
125
166 <para arch="pc98">Support for the CanBe power management
167 controller has been added. &merged;</para>
126 <para></para>
168
127
169 <para>&man.devfs.5; is now mandatory; the
170 <literal>NODEVFS</literal> option has been removed from the set of
171 possible kernel configuration options.</para>
172
173 <para arch="i386,ia64,pc98">An &man.ehci.4; driver has been added; it supports
174 the USB Enhanced Host Controller Interface used by USB 2.0
175 controllers.</para>
176
177 <para>A minor bug in the permissions handling of
178 <filename>/dev/tty</filename> has been fixed. As a result,
179 &man.ssh.1; can now be used after &man.su.1;.</para>
180
181 <para>A bug that caused &man.fstat.2; to return
182 <literal>0</literal> as the number of bytes available to read
183 from a TCP socket has been fixed.</para>
184
185 <para>A bug that caused &man.kqueue.2; to report
186 <literal>0</literal> as the number of bytes available to read
187 from a TCP socket has been fixed. The
188 <literal>NOTE_LOWAT</literal> flag for
189 <literal>EVFILT_READ</literal> has been fixed.</para>
190
191 <para>Linux emulation mode now supports IPv6.</para>
192
193 <para>&man.madvise.2; now supports a
194 <literal>MADV_PROTECT</literal> behavior, which informs the
195 virtual memory system that a process is critical and should not
196 be killed when swap space has been exhausted. The process must
197 be owned by the superuser.</para>
198
199 <para arch="i386,pc98">The tw driver for TW-523 power line
200 interfaces (used by X-10 home control products) has been
201 removed. It is currently non-functional, and would require a
202 considerable amount of work to make it work under
203 &release.branch;. The xten and xtend userland control programs
204 have also been removed.</para>
205
206 <!-- Above this line, sort kernel changes by manpage/keyword-->
207
128 <!-- Above this line, sort kernel changes by manpage/keyword-->
129
208 <para>A second process scheduler, designed to be a general purpose
209 scheduler with many SMP benefits, has been added to the scheduler
210 framework. Exactly one scheduler must be specified in a kernel
211 configuration. The original scheduler may be selected using
212 <literal>options&nbsp;SCHED_4BSD</literal>. The newer
213 (experimental) scheduler can be selected by using
214 <literal>options&nbsp;SCHED_ULE</literal>.</para>
215
216 <para>Device major numbers are now allocated dynamically by
217 default. This change greatly decreases the need for a static,
218 centralized table of major number assignments to device drivers
219 (a few drivers retain their old static major numbers for
220 compatibility), and also reduces the possibility of running out
221 of device major numbers.</para>
222
223 <para arch="i386,pc98">A partial lazy switch mechanism for
224 in-kernel threads has been implemented; it is designed to reduce
225 the overhead of short context switches (such as for interrupt
226 handlers) that do not involve another process. This feature can
227 be enabled with
228 <literal>options&nbsp;LAZY_SWITCH</literal>.</para>
229
230 <sect3 id="proc">
231 <title>Processor/Motherboard Support</title>
232
130 <sect3 id="proc">
131 <title>Processor/Motherboard Support</title>
132
233 <para arch="i386"><literal>SMP</literal> kernels now have
234 rudimentary support for HyperThreading (HTT). The scheduler
235 treats the logical CPUs as if they were additional physical
236 CPUs. This can actually cause suboptimal performance in some
237 cases due to contention for resources. Therefore, logical
238 CPUs are halted by default at startup. They can be enabled
239 with the <varname>machdep.hlt_logical_cpus</varname> sysctl
240 variable. It is also possible to halt any CPU in the idle
241 loop with the <varname>machdep.hlt_cpus</varname> sysctl
242 variable. The &man.smp.4; manual page has more details.
243
244 <note>
245 <para>Some other versions of &os;, including early
246 5.0-CURRENT snapshots and 4.8-RELEASE, used
247 <literal>options&nbsp;HTT</literal> to enable
248 HyperThreading support at kernel configuration time. This
249 option is no longer necessary.</para>
250 </note>
251
252 </para>
253
254 <para arch="i386">Support for the Physical Address Extensions
255 (PAE) capability on Intel Pentium Pro and higher processors
256 has been added. This allows the use of up to 64GB of RAM in a
257 machine, although the amount of memory usable by any single
258 process (or the &os; kernel) is unchanged. For more
259 information, see the &man.pae.4; manual page. Work on this
260 feature was sponsored by DARPA and Network Associates
261 Laboratories.</para>
262
263 <para arch="i386">A new &man.vpd.4; driver has been added to
264 read hardware information from the Vital Product Data structure
265 on IBM ThinkPad machines.</para>
266
133 <para></para>
267 </sect3>
268
269 <sect3 id="boot">
270 <title>Boot Loader Changes</title>
271
134 </sect3>
135
136 <sect3 id="boot">
137 <title>Boot Loader Changes</title>
138
272 <para arch="alpha">The alpha boot loader
273 (<filename>boot1</filename>) can now be called
274 <filename>boot</filename> for consistency with other
275 platforms.</para>
139 <para></para>
276
140
277 <para arch="i386,pc98">The two parts of the boot loader
278 (<filename>boot1</filename> and <filename>boot2</filename>)
279 have been combined into a single <filename>boot</filename>
280 file, to simplify programs that need to write or otherwise
281 manipulate the boot loader.</para>
282
283 <para arch="pc98">The PC98 boot loader now has support for
284 booting from SCSI MO media. &merged;</para>
285
286 <para>The <filename>/modules</filename> directory (once the
287 default location for modules on &os; 4.<replaceable>X</replaceable>) is no longer a
288 part of the default <varname>kern.module_path</varname>.
289 Third-party modules should be placed in
290 <filename>/boot/modules</filename>.
291
292 <note>
293 <para>Modules designed for use with &os; 4.<replaceable>X</replaceable> are likely to
294 panic when loaded into a &os; &release.current; kernel and should be used with extreme caution.</para>
295 </note>
296 </para>
297
298 <para arch="i386">Due to code size limitations, the i386 boot
299 loader can only load kernels from root file systems that are
300 1.5TB or smaller in size.</para>
301
302 <!-- Above this line, order boot loader changes by keyword-->
303
304 </sect3>
305
306 <sect3 id="net-if">
307 <title>Network Interface Support</title>
308
141 <!-- Above this line, order boot loader changes by keyword-->
142
143 </sect3>
144
145 <sect3 id="net-if">
146 <title>Network Interface Support</title>
147
309 <para arch="i386,pc98">A new &man.axe.4; network driver has been
310 added. It provides support for USB Ethernet adapters based on
311 the ASIX Electronics AX88172 USB 2.0 chipset.</para>
148 <para></para>
312
149
313 <para>The cm driver now supports IPX. &merged;</para>
314
315 <para arch="i386,pc98">The &man.rue.4; network driver has been added,
316 providing support for Ethernet adapters based on the RealTek
317 RTL8150 USB to Fast Ethernet controller chip.</para>
318
319 <para arch="i386">The &man.sbsh.4; driver for the Granch SBNI16
320 SHDSL modem has been added. &merged;</para>
321
322 <para>A new &man.wlan.4; module provides 802.11 link-layer support. The
323 &man.wi.4; and &man.an.4; drivers now use this facility.</para>
324
325 <para arch="i386,alpha,pc98,sparc64">A timing bug in the
326 &man.xl.4; driver, which could cause a kernel panic (or other
327 problems) when configuring an interface, has been
328 fixed.</para>
329
330 </sect3>
331
332 <sect3 id="net-proto">
333 <title>Network Protocols</title>
334
150 </sect3>
151
152 <sect3 id="net-proto">
153 <title>Network Protocols</title>
154
335 <para>&man.ipfw.4; <literal>skipto</literal> rules can once
336 again be used with the <literal>log</literal> keyword.
337 &man.ipfw.4; <literal>uid</literal> rules are once again
338 working.</para>
155 <para></para>
339
156
340 <para>It is now possible to build the
341 <literal>FAST_IPSEC</literal> and <literal>INET6</literal>
342 options into the same kernel. (They still cannot be used
343 together, however.)</para>
344
345 <para>A bug in TCP NewReno, which caused premature exit from
346 fast recovery when NewReno was enabled, has been
347 fixed. &merged;</para>
348
349 <para>TCP now has support for the <quote>Limited
350 Transmit</quote> mechanism proposed by RFC 3042. This feature
351 is intended to improve the effectiveness of TCP loss recovery
352 in certain circumstances. It is off by default but can be
353 enabled with the <varname>net.inet.tcp.rfc3042</varname>
354 sysctl variable. More information can be found in
355 &man.tcp.4;.</para>
356
357 <para>TCP now has support for increased initial congestion
358 window sizes as described in RFC 3390. This feature can
359 improve the throughput of short transfers, as well as
360 high-bandwidth, large propagation-delay connections. It is
361 off by default but can be enabled with the
362 <varname>net.inet.tcp.rfc3390</varname> sysctl variable. More
363 information can be found in &man.tcp.4;.</para>
364
365 <para>The IP fragment reassembly code behaves more gracefully
366 when receiving a large number of packet fragments (it is
367 designed to be more resistant to fragment-based denial of
368 service attacks). &merged;</para>
369
370 <para>TCP connections in the <literal>TIME_WAIT</literal> state
371 now use a special protocol control block that uses less space
372 than a full-blown TCP PCB. This allows some of the data
373 structures and resources used by such a connection to be freed
374 earlier.</para>
375
376 <para>It is now possible to specify the range of
377 <quote>privileged ports</quote> (TCP and UDP ports that
378 require superuser access to &man.bind.2; to). The range is
379 now specified with the
380 <varname>net.inet.ip.portrange.reservedlow</varname> and
381 <varname>net.inet.ip.portrange.reservedhigh</varname> sysctl
382 variables, defaulting to the traditional UNIX behavior. This
383 feature is intended to help network servers bind
384 to traditionally privileged ports without requiring superuser
385 access. &man.ip.4; has more details.</para>
386
387 <para>Some bugs in the non-blocking RPC code has been fixed. As
388 a result, &man.amd.8; users are now able to mount volumes from
389 a &release.current; server.</para>
390
391 <para>Support for XNS networking, which has not worked
392 correctly for almost seven years, has been removed.</para>
393
394 </sect3>
395
396 <sect3 id="disks">
397 <title>Disks and Storage</title>
398
157 </sect3>
158
159 <sect3 id="disks">
160 <title>Disks and Storage</title>
161
399 <para>The &man.aac.4; driver now runs free of the Giant kernel
400 lock. This change has given a nearly 20% performance speedup
401 on an SMP system running multiple I/O intensive loads.</para>
162 <para></para>
402
163
403 <para>The &man.ata.4; driver now supports all known SiS
404 chipsets. (More details can be found in the Hardware
405 Notes.)</para>
406
407 <para>The &man.ata.4; driver now supports the Promise SATA150
408 TX2 and TX4 Serial ATA/150 controllers.</para>
409
410 <para>The &man.ata.4; driver now flushes devices on shutdown.
411 This change may result in failure messages being printed on
412 the console for devices that do not support flushing.</para>
413
414 <para>The CAM layer now has support for devices with more than
415 2<superscript>32</superscript> blocks. (Assuming 512-byte
416 blocks, this means support for devices larger than 2TB.)
417
418 <note>
419 <para>For users upgrading across this change, note that all
420 userland applications that talk to &man.pass.4; or
421 &man.xpt.4; devices must be recompiled. Examples of such
422 programs are &man.camcontrol.8; in the base system,
423 the <filename role="port">sysutils/cdrtools</filename>
424 port, and the
425 <filename role="port">multimedia/xmms</filename> port.</para>
426 </note>
427
428 </para>
429
430 <para>A number of changes have been made to the &man.cd.4;
431 driver. The primary user-visible change is improved
432 compatibility with ATAPI/USB/Firewire CDROM drives.</para>
433
434 <para>&man.geom.4; is now mandatory; the
435 <literal>NO_GEOM</literal> has been removed from the set of
436 kernel configuration options.</para>
437
438 <para>The &man.iir.4; driver has been updated; this update is
439 believed to fix problems detecting attached disks during
440 installation.</para>
441
442 <para arch="i386">The ips driver, which supports the IBM (now
443 Adaptec) ServeRAID series, has been added.</para>
444
445 <para>A bug in the &man.mly.4; driver that caused hangs has been
446 corrected.</para>
447
448 <para>Support has been added for volume labels on UFS and UFS2
449 file systems. These labels are strings that can be used to
450 identify a volume, regardless of what device it appears on.
451 Labels can be set with the <option>-L</option> options to
452 &man.newfs.8; or &man.tunefs.8;. With the
453 <literal>GEOM_VOL</literal> module, volumes can be accessed
454 using their labels under <filename>/dev/vol</filename>.</para>
455
456 <para>The root file system can now be located on a &man.vinum.4;
457 volume. More information can be found in the &man.vinum.4;
458 manual page.</para>
459
460 <para arch="pc98">The wfd and wst drivers, which have been
461 broken for some time, have been removed.</para>
462
463 </sect3>
464
465 <sect3 id="fs">
466 <title>File Systems</title>
467
164 </sect3>
165
166 <sect3 id="fs">
167 <title>File Systems</title>
168
468 <para>A new <literal>DIRECTIO</literal> kernel option enables
469 support for read operations that bypass the buffer cache and
470 put data directly into a userland buffer. This feature
471 requires that the <literal>O_DIRECT</literal> flag is set on
472 the file descriptor and that both the offset and length for
473 the read operation are multiples of the physical media sector
474 size. &merged;</para>
169 <para></para>
475
170
476 <para>NETNCP and Netware File System Support (nwfs) are once
477 again working.</para>
478
479 <para>Bugs that could cause the unmounting of a smbfs share to
480 fail or cause a kernel panic have been fixed.</para>
481
482 </sect3>
483
484 <sect3 id="pccard">
485 <title>PCCARD Support</title>
486
487 <para></para>
171 </sect3>
172
173 <sect3 id="pccard">
174 <title>PCCARD Support</title>
175
176 <para></para>
177
488 </sect3>
489
490 <sect3 id="mm">
491 <title>Multimedia Support</title>
492
178 </sect3>
179
180 <sect3 id="mm">
181 <title>Multimedia Support</title>
182
493 <para arch="i386,pc98">The <filename>atspeaker.ko</filename> and
494 <filename>pcspeaker.ko</filename> modules for the
495 &man.speaker.4; device have been renamed
496 <filename>speaker.ko</filename>.</para>
183 <para></para>
184
497 </sect3>
498
499 </sect2>
500
501 <sect2 id="userland">
502 <title>Userland Changes</title>
503
185 </sect3>
186
187 </sect2>
188
189 <sect2 id="userland">
190 <title>Userland Changes</title>
191
504 <para>&man.adduser.8; now correctly handles setting user passwords
505 containing special shell characters.</para>
192 <para></para>
506
193
507 <para>&man.adduser.8; now supports a <option>-g</option> option to
508 set a user's default login group.</para>
509
510 <para>The &man.bsdlabel.8; utility is a replacement for the older
511 disklabel utility. Like its predecessor, it installs, examines,
512 or modifies the BSD label on a disk partition, and can install
513 bootstrap code. Compared to disklabel, a number of obsolete
514 options and parameters have been retired. A new
515 <option>-m</option> option instructs &man.bsdlabel.8; to use the
516 layout suitable for a specific machine.</para>
517
518 <para arch="alpha,i386">The <filename>compat4x</filename>
519 distribution now includes the
520 <filename>libcrypto.so.2</filename>,
521 <filename>libgmp.so.3</filename>, and
522 <filename>libssl.so.2</filename> libraries from &os;
523 4.7-RELEASE.</para>
524
525 <para>&man.chgrp.1 and &man.chown.8 now, when the owner/group is
526 modified, print the old and new uid/gid if the
527 <option>-v</option> option is specified more than once.</para>
528
529 <para>&man.config.8; now implements a <literal>nodevice</literal>
530 kernel configuration file directive that cancels the effect of a
531 <literal>device</literal> directive. The new
532 <literal>nooption</literal> and <literal>nomakeoption</literal>
533 directives cancel prior <literal>options</literal> and
534 <literal>makeoptions</literal> directives, respectively.</para>
535
536 <para>The &man.diskinfo.8; utility has been added to show
537 information about a disk device and optionally to run a naive
538 performance test.</para>
539
540 <para>The disklabel utility has been replaced by &man.bsdlabel.8;.
541 On the alpha, i386, and pc98 platforms, disklabel is a link to
542 &man.bsdlabel.8;.</para>
543
544 <para>&man.dump.8; now supports caching of disk blocks with the
545 <option>-C</option> option. This can improve dump performance
546 at the cost of possibly missing file system updates that occur
547 between passes.</para>
548
549 <para>&man.dumpfs.8; now supports a <option>-m</option> flag to
550 print file system parameters in the form of a &man.newfs.8;
551 command.</para>
552
553 <para>&man.elfdump.1;, a utility to display information about &man.elf.5;
554 format executable files, has been added.</para>
555
556 <para>&man.fetch.1; uses the <filename>.netrc</filename> support
557 in &man.fetch.3; and also supports a <option>-N</option> to
558 specify an alternate <filename>.netrc</filename> file.</para>
559
560 <para>&man.fetch.3; now has support for
561 <filename>.netrc</filename> files (see &man.ftp.1; for more
562 details).</para>
563
564 <para>&man.ftpd.8; now supports a <option>-h</option> option to
565 disable printing any host-specific information, such as the
566 &man.ftpd.8; version or hostname, in server messages.
567 &merged;</para>
568
569 <para>&man.ftpd.8; now supports a <option>-P</option> option to
570 specify a port on which to listen in daemon mode. The default
571 data port number is now set to be one less than the control port
572 number, rather than being hard-coded. &merged;</para>
573
574 <para>&man.ftpd.8; now supports an extended format of the
575 <filename>/etc/ftpchroot</filename> file. Please refer
576 to the &man.ftpchroot.5; manpage, which is now available,
577 for details. &merged;</para>
578
579 <para>&man.ftpd.8; now supports login directory pathnames
580 that specify simultaneously a directory for &man.chroot.2;
581 and that to change to in the chrooted environment. The
582 <literal>/./</literal> separator is used for
583 this purpose, like in other FTP daemons having this feature.
584 It may be used in both &man.ftpchroot.5; and &man.passwd.5;.
585 &merged;</para>
586
587 <para>&man.fwcontrol.8; now supports <option>-R</option> and
588 <option>-S</option> options for receiving and sending DV
589 streams. &merged;</para>
590
591 <para>The &man.gstat.8; utility has been added to show the disk
592 activity inside the &man.geom.4; subsystem.</para>
593
594 <para>&man.ipfw.8; now supports <literal>enable</literal> and
595 <literal>disable</literal> commands to control various aspects
596 of the operation of &man.ipfw.4; (including enabling and
597 disabling the firewall itself). These provide a more convenient
598 and visible interface than the existing sysctl
599 variables. &merged;</para>
600
601 <para>&man.jail.8; now supports a <option>-i</option> flag to
602 output an identifier for a newly-created jail.</para>
603
604 <para>The &man.jexec.8; utility has been added to execute a
605 command inside an existing jail.</para>
606
607 <para>The &man.jls.8; utility has been added to list existing
608 jails.</para>
609
610 <para>&man.kenv.1; has been moved from
611 <filename>/usr/bin</filename> to <filename>/bin</filename> to
612 make it available at times during system startup when only the
613 root file system is mounted.</para>
614
615 <para>&man.killall.1; now supports a <option>-j</option> option to
616 kill all processes inside a jail.</para>
617
618 <para>The &man.libgeom.3; library has been added to allow some
619 userland access to the &man.geom.4; subsystem.</para>
620
621 <para>The mac_portacl MAC policy module has been added. It
622 provides a simple ACL mechanism to permit users and groups to
623 bind ports for TCP or UDP, and is intended to be used in
624 conjunction with the recently-added
625 <varname>net.inet.ip.portrange.reservedhigh</varname> sysctl.</para>
626
627 <para>The <filename>MAKEDEV</filename> script is now unnecessary, due to the mandatory
628 presence of &man.devfs.5;, and has been removed.</para>
629
630 <para>&man.mergemaster.8; now supports a <option>-P</option>
631 option to preserve the contents of files being replaced.</para>
632
633 <para>&man.mixer.8; can now implement relative volume
634 adjustments.</para>
635
636 <para>The &man.mksnap.ffs.8; program has been added to allow
637 easier creation of FFS snapshots. It is a
638 SUID-<username>root</username> executable designed for use by
639 members of the <groupname>operator</groupname> group.</para>
640
641 <para>&man.mount.8; and &man.umount.8; now accept a
642 <option>-F</option> option to specify an alternate &man.fstab.5;
643 file.</para>
644
645 <para>&man.mount.nfs.8; now supports a <option>-c</option> flag to
646 avoid doing a &man.connect.2; for UDP mount points. This option
647 must be used if the server does not reply to requests from the
648 standard NFS port number 2049 or if it replies to requests using
649 a different IP address (which can occur if the server is
650 multi-homed). Setting the
651 <varname>vfs.nfs.nfs_ip_paranoia</varname> sysctl to
652 <literal>0</literal> will make this option the
653 default. &merged;</para>
654
655 <para>&man.mount.nfs.8; now supports the <option>noinet4</option>
656 and <option>noinet6</option> mount options to prevent NFS mounts
657 from using IPv4 or IPv6 respectively.</para>
658
659 <para>&man.newfs.8; will now create UFS2 file systems by default,
660 unless UFS1 is specifically requested with the
661 <option>-O1</option> option.</para>
662
663 <para>&man.newsyslog.8; has a number of new features. Among them:
664
665 <itemizedlist>
666 <listitem>
667 <para>A <literal>W</literal> flag forces previously-started
668 compression jobs for an entry (or group of entries
669 specified with the <literal>G</literal> flag) to finish
670 before beginning a new one. This feature is designed to
671 prevent system overloads caused by starting several
672 compression jobs on big files
673 simultaneously. &merged;</para>
674 </listitem>
675
676 <listitem>
677 <para>A <quote>default rotate action</quote>, to be used for
678 files specified for rotation but not specified in the
679 configuration file. &merged;</para>
680 </listitem>
681
682 <listitem>
683 <para>A <option>-s</option> command-line flag to disable
684 sending signals to processes when rotating
685 files. &merged;</para>
686 </listitem>
687
688 <listitem>
689 <para>A <literal>N</literal> configuration file flag to
690 indicate that no process needs to be signaled when
691 rotating a file. &merged;</para>
692 </listitem>
693
694 <listitem>
695 <para>A <literal>U</literal> configuration file flag to
696 specify that a process group (rather than a single
697 process) should be signaled when rotating
698 files. &merged;</para>
699 </listitem>
700
701 </itemizedlist>
702
703 </para>
704
705 <para>&man.nsdispatch.3; is now thread-safe and implements support
706 for Name Service Switch (NSS) modules. NSS modules may be
707 statically built into <filename>libc</filename> or dynamically
708 loaded via &man.dlopen.3;. They are loaded/initialized at
709 configuration time (i.e. when &man.nsdispatch.3; is called and
710 &man.nsswitch.conf.5; is read or re-read).</para>
711
712 <para>A new &man.pam.chroot.8; module has been added, which does a
713 &man.chroot.2; operation for users into either a predetermined
714 directory or one derived from their home directory.</para>
715
716 <para>&man.pam.ssh.8; has been rewritten. One side effect of the
717 rewrite is that it now starts a separate instance of
718 &man.ssh-agent.1; for each session instead of trying to connect
719 each session to the agent started by the first session.</para>
720
721 <para>&man.ping.8; now supports a <option>-D</option> flag to set
722 the <quote>Don't Fragment</quote> bit on outgoing packets.</para>
723
724 <para>&man.ping.8; now supports a <option>-M</option> option to use
725 ICMP mask request or timestamp request messages instead of ICMP
726 echo requests.</para>
727
728 <para>&man.ping.8; now supports a <option>-z</option> flag to set
729 the Type of Service bits in outgoing packets.</para>
730
731 <para>&man.pw.8; can now add a user whose name ends with a
732 <literal>$</literal> character; this change is intended to help
733 administration of <application>Samba</application>
734 services. &merged;</para>
735
736 <para>The format of the <filename>/etc/pwd.db</filename> and
737 <filename>/etc/spwd.db</filename> password databases created by
738 &man.pwd.mkdb.8; is now byte-order independent. The pre-processed
739 password databases can now be moved between machines of
740 different architectures. The format includes version numbers on
741 entries to ensure compatibility with old binaries.</para>
742
743 <para>A bug in &man.rand.3; that could cause a sequence to remain
744 stuck at <literal>0</literal> has been fixed. (&man.rand.3;
745 remains unsuitable for all but trivial uses.)</para>
746
747 <para>&man.rtld.1; now has support for the dynamic mapping of
748 shared object dependencies. This optional feature is especially
749 useful when experimenting with different threading libraries.
750 It is not, however, built by default. More information on
751 enabling and using this feature can be found in
752 &man.libmap.conf.5;.</para>
753
754 <para>&man.sem.open.3; now correctly handles multiple opens of the
755 same semaphore; as a result, &man.sem.close.3; no longer crashes
756 calling programs.</para>
757
758 <para>The seeding algorithm used by &man.srandom.3; has been
759 strengthened.</para>
760
761 <para arch="sparc64">The sunlabel utility, a program analogous to
762 &man.bsdlabel.8; that works on Sun disk labels, has been
763 added.</para>
764
765 <para arch="i386,alpha,sparc64,ia64">&man.sysinstall.8; will now
766 select UFS2 as the default layout for new file systems unless
767 specifically requested in the disk labeler.
768
769 <note arch="i386">
770 <para>Due to i386 boot loader limitations, the root file system
771 must be 1.5TB or smaller in size.</para>
772 </note>
773
774 </para>
775
776 <para>The &man.swapoff.8; command has been added to disable paging
777 and swapping on a device. A related &man.swapctl.8; command has
778 been added to provide an interface to &man.swapon.8; and
779 &man.swapoff.8; similar to other BSDs.
780
781 <note>
782 <para>The &man.swapoff.8; feature should be considered
783 experimental.</para>
784 </note>
785 </para>
786
787 <para>&man.syslogd.8; now allows multiple hosts or programs to be
788 named in host or program specifications in &man.syslog.conf.5;
789 files.</para>
790
791 <para>&man.systat.1; now includes an <option>-ifstat</option>
792 display mode that displays the network traffic going through
793 active interfaces on the system.</para>
794
795 <para>The &man.usbhidaction.1; command has been added; it performs
796 actions according to its configuration in response to USB HID
797 controls.</para>
798
799 <para>&man.uudecode.1; and &man.b64decode.1; now support a
800 <option>-r</option> flag for decoding raw (or broken) files that
801 may be missing the initial and possibly final framing
802 lines. &merged;</para>
803
804 <para>&man.vmstat.8; has re-implemented the <option>-f</option>
805 flag, which displays statistics on fork operations.</para>
806
807 <para>&man.xargs.1; now supports a <option>-P</option> option to
808 execute multiple copies of the same utility in parallel.</para>
809
810 <para>&man.xargs.1; now supports a <option>-o</option> flag to
811 reopen <filename>/dev/tty</filename> for the child process
812 before executing the command. This is useful when the child
813 process is an interactive application.</para>
814
815 <para arch="i386,pc98">The <filename>libkse</filename> library,
816 providing POSIX threading support using KSE, is now enabled and
817 installed by default.
818 This library currently supports M:N threading. Both process and
819 system scope threads are supported, as well as getting/setting
820 the concurrency level. By default, the library sets the
821 concurrency level to the number of CPUs in the system. Each
822 concurrency level correlates to a KSE, and all process scope
823 threads run in these KSEs. Each system scope thread gets its
824 own KSE in addition to those corresponding to concurrency levels.
825 <filename>libkse</filename> is still considered a
826 work-in-progress, and is not used by default. However, it can
827 be used as a replacement for the <filename>libc_r</filename>
828 thread library, by substituting <option>-lkse</option> instead of
829 <option>-pthread</option> when linking programs.</para>
830
831 <para arch="i386,pc98,sparc64,ia64">A 1:1 threading package (where for every pthread in an
832 application there is one KSE and thread) has been implemented.
833 Under this model, the kernel handles all thread scheduling
834 decisions and all signal delivery. This uses some of the common
835 KSE code, and is a restricted case of the M:N threading work
836 still in progress. The <filename>libthr</filename> library
837 implementing the userland portion of this functionality is a
838 drop-in replacement for the <filename>libc_r</filename> library.
839 Note that <filename>libthr</filename> is not (at this time)
840 built by default.</para>
841
842 <para>The historic BSD boot scripts in <filename>/etc</filename>
843 have been removed, in favor of the <filename>rc.d</filename>
844 system imported from <application>NetBSD</application>
845 (sometimes referred to as <quote>rcNG</quote>). All
846 functionality of the historic system has been preserved. In
847 particular, files such as <filename>/etc/rc.conf</filename>
848 continue to be the recommended means of configuring the system
849 startup. The <filename>rc.d</filename> system has been the
850 default since &os; 5.0-RELEASE, so this change should be largely
851 transparent for the vast majority of users. Users who have
852 customized their historic-style startup scripts should be aware
853 that the following files have been removed from
854 <filename>/etc</filename>:
855
856 <filename>rc.atm</filename>,
857 <filename>rc.devfs</filename>,
858 <filename>rc.diskless1</filename>,
859 <filename>rc.diskless2</filename>,
860 <filename>rc.i386</filename>,
861 <filename>rc.alpha</filename>,
862 <filename>rc.amd64</filename>,
863 <filename>rc.ia64</filename>,
864 <filename>rc.sparc64</filename>,
865 <filename>rc.isdn</filename>,
866 <filename>rc.network</filename>,
867 <filename>rc.network6</filename>,
868 <filename>rc.pccard</filename>,
869 <filename>rc.serial</filename>,
870 <filename>rc.syscons</filename>,
871 <filename>rc.sysctl</filename>.
872
873 &man.mergemaster.8;, when run, will offer to move these files
874 out of the way for convenience. More details can be found in
875 &man.rc.subr.8;.</para>
876
877 </sect2>
878
879 <sect2 id="contrib">
880 <title>Contributed Software</title>
881
194 </sect2>
195
196 <sect2 id="contrib">
197 <title>Contributed Software</title>
198
882 <para>The <application>ACPI-CA</application> code has been updated
883 from the 20021118 snapshot to the 20030228 snapshot.</para>
199 <para></para>
884
200
885 <para><application>awk</application> from Bell Labs has been
886 updated to a 14 March 2003 snapshot.</para>
887
888 <para><application>BIND</application> has been updated to version
889 8.3.4. &merged;</para>
890
891 <para>All of the <application>bzip2</application> suite of
892 applications is now installed in the base system (in particular,
893 <command>bzip2recover</command> is now built and
894 installed). &merged;</para>
895
896 <para><application>CVS</application> has been updated to
897 1.11.5. &merged;</para>
898
899 <para arch="i386,pc98">The <application>DRM</application> kernel modules have been updated to
900 a snapshot from the DRI CVS repository, as of 24 April 2003.
901 The <literal>DRM_LINUX</literal> kernel option hsa been removed
902 because the handler is now provided by the Linux compatibility
903 code.</para>
904
905 <para><application>FILE</application> has been updated to
906 3.41. &merged;</para>
907
908 <para><application>GCC</application> has been updated to
909 3.2.2 (release version).
910
911 <note arch="i386">
912 <para><application>GCC</application> is known to produce
913 broken code with the <option>-march=pentium4</option> option
914 set. As a workaround to avoid this problem, setting the
915 <varname>CPUTYPE=p4</varname> Makefile variable (for example, in
916 &man.make.conf.5;) enables GCC's
917 <option>-march=pentium3</option> option instead. This
918 situation is expected to be resolved when GCC 3.3 is
919 imported.</para>
920 </note>
921 </para>
922
923 <para>The <application>gdtoa</application> library, for
924 conversions between strings and floating point, has been imported. These sources
925 were dated 24 March 2003.</para>
926
927 <para><application>groff</application> (and related utilities)
928 have been updated from 1.18.1 to 1.19.</para>
929
930 <para><application>IPFilter</application> has been updated to
931 3.4.31. &merged;</para>
932
933 <para>The <application>ISC DHCP</application> client has been
934 updated to 3.0.1RC11. &merged;</para>
935
936 <para>The <application>ISC DHCP</application> client now includes
937 the &man.omshell.1; utility and the &man.dhcpctl.3; library for
938 run-time control of the client.</para>
939
940 <para><application>Kerberos IV</application> support (in the form
941 of <application>KTH eBones</application>) has been removed.
942 Users requiring this functionality can still get it from the
943 <filename role="port">security/krb4</filename> port (or
944 package). Kerberos IV compatibility mode for Kerberos 5 has
945 been removed, and the
946 <literal>k5<replaceable>program</replaceable></literal> userland
947 utilities have been renamed to
948 <literal>k<replaceable>program</replaceable></literal>.</para>
949
950 <para><application>Kerberos 5</application> is now built by
951 default in <literal>buildworld</literal> operations. Setting
952 <varname>MAKE_KERBEROS5</varname> no longer has any effect.
953 Disabling the base system Kerberos 5 now requires the
954 <varname>NO_KERBEROS</varname> Makefile variable to be
955 set.</para>
956
957 <para><application>libpcap</application> now has support for
958 selecting among multiple data link types on an interface.</para>
959
960 <para><application>lukemftpd</application> (not built or installed
961 by default) has been updated to a snapshot from 22 January
962 2003.</para>
963
964 <para><application>OpenPAM</application> has been updated from the
965 <quote>Citronella</quote> release to the
966 <quote>Dianthus</quote> release.</para>
967
968 <para><application>OpenSSH</application> has been updated to
969 3.6.1p1.</para>
970
971 <para><application>OpenSSL</application> has been updated to
972 release 0.9.7a. Among other features, this release includes
973 support for AES and takes advantage of &man.crypto.4;
974 devices. &merged;</para>
975
976 <para><application>sendmail</application> has been updated to
977 version 8.12.9. &merged;</para>
978
979 <para>&man.tcpdump.1; has been updated to version 3.7.2. &merged;
980 It also now supports a <option>-L</option> flag to list the data
981 link types available on an interface and a <option>-y</option>
982 option to specify the data link type to use while capturing
983 packets.</para>
984
985 <para><application>texinfo</application> has been updated from 4.2
986 to 4.5.</para>
987
988 <para>The timezone database has been updated from
989 <filename>tzdata2002d</filename> to
990 <filename>tzdata2003a</filename>. &merged;</para>
991
992 </sect2>
993
994 <sect2 id="ports">
995 <title>Ports/Packages Collection Infrastructure</title>
996
201 </sect2>
202
203 <sect2 id="ports">
204 <title>Ports/Packages Collection Infrastructure</title>
205
997 <para>The one-line <filename>pkg-comment</filename> files have
998 been eliminated from each port skeleton; their contents have
999 been moved into each port's <filename>Makefile</filename>. This
1000 change reduces the disk space and inodes used by the ports
1001 tree. &merged;</para>
206 <para></para>
1002
207
1003 <para>When fetching distfiles for building a port, the
1004 <varname>FETCH_REGET</varname> <filename>Makefile</filename>
1005 variable can be used to specify the number of times to try
1006 continuing to fetch a distfile if it fails its MD5 checksum.
1007 The port infrastructure also supports re-fetching interrupted
1008 distfiles.</para>
1009
1010 <para>&man.pkg.create.1; now supports a <option>-C</option>
1011 option, which allows packages to register a list of other
1012 packages with which they conflict. They will refuse to install
1013 (via &man.pkg.add.1;) if one of the listed packages is already
1014 present. The <option>-f</option> flag to &man.pkg.add.1;
1015 overrides this conflict-checking.</para>
1016
1017 <para>&man.pkg.info.1; now honors the <varname>BLOCKSIZE</varname>
1018 environment variable in its output when the <option>-b</option>
1019 flag is given.</para>
1020
1021 <para>&man.pkg.info.1; now implements a <option>-Q</option>
1022 option, which is similar to the <option>-q</option>
1023 <quote>quiet</quote> option except that it prefixes the output
1024 with the package name.</para>
1025
1026 </sect2>
1027
1028 <sect2 id="releng">
1029 <title>Release Engineering and Integration</title>
1030
208 </sect2>
209
210 <sect2 id="releng">
211 <title>Release Engineering and Integration</title>
212
1031 <para>The supported release of <application>GNOME</application>
1032 has been updated to 2.2.1. &merged;</para>
213 <para></para>
1033
214
1034 <para>The supported release of <application>KDE</application>
1035 has been updated to 3.1.2. &merged;</para>
1036
1037 <para>There is no longer a separate <filename>krb5</filename>
1038 distribution. The Kerberos 5 libraries and utilities have been
1039 incorporated into the <filename>crypto</filename>
1040 distribution.</para>
1041
1042 <para>&man.sysinstall.8; once again supports installing individual
1043 components of <application>XFree86</application>. Supporting
1044 changes (not user-visible) generalize the concept of installing
1045 parts of distributions as packages.</para>
1046
1047 <para>The supported release of <application>XFree86</application>
1048 has been updated to 4.3.0. &merged;</para>
1049
1050 <para>Several upgrade mechanisms designed to permit major version
1051 upgrades from &os; 2.<replaceable>X</replaceable> to 3.<replaceable>X</replaceable> and from &os; 3.<replaceable>X</replaceable> to 4.<replaceable>X</replaceable> have been
1052 removed.</para>
1053
1054 </sect2>
1055
1056 <sect2 id="doc">
1057 <title>Documentation</title>
1058
215 </sect2>
216
217 <sect2 id="doc">
218 <title>Documentation</title>
219
1059 <para>The following new articles have been added to the
1060 documentation set: <quote>FreeBSD From Scratch</quote>,
1061 <quote>The Roadmap for 5-STABLE</quote>.</para>
220 <para></para>
1062
221
1063 <para>A new Danish (<filename>da_DK.ISO8859-1</filename>)
1064 translation project has been started.</para>
1065
1066 </sect2>
1067
1068</sect1>
1069
1070<sect1 id="upgrade">
1071 <title>Upgrading from previous releases of &os;</title>
1072
1073 <para>Users with existing &os; systems are

--- 15 unchanged lines hidden --- 		222 </sect2>
223
224</sect1>
225
226<sect1 id="upgrade">
227 <title>Upgrading from previous releases of &os;</title>
228
229 <para>Users with existing &os; systems are

--- 15 unchanged lines hidden ---