article.xml revision 102320
1<articleinfo> 2 <title>&os;/&arch; &release.current; Release Notes</title> 3 4 <corpauthor>The FreeBSD Project</corpauthor> 5 6 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 102320 2002-08-23 18:00:13Z bmah $</pubdate> 7 8 <copyright> 9 <year>2000</year> 10 <year>2001</year> 11 <year>2002</year> 12 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 13 </copyright> 14 15 <abstract> 16 <para>The release notes for &os; &release.current; contain a summary 17 of 18<![ %include.historic; [ 19 the changes made to the &os; base system since &release.prev;. 20]]> 21<![ %no.include.historic; [ 22 recent changes made to the &os; base system on the &release.branch; 23 development branch. 24]]> 25 Both changes for kernel and userland are listed, as well as 26 applicable security advisories that were issued since the last 27 release. Some brief remarks on upgrading are also presented.</para> 28 </abstract> 29</articleinfo> 30 31<sect1> 32 <title>Introduction</title> 33 34 <para>This document contains the release notes for &os; 35 &release.current; on the &arch.print; hardware platform. It 36 describes recently added, changed, or deleted features of &os;. 37 It also provides some notes on upgrading 38 from previous versions of &os;.</para> 39 40<![ %release.type.snapshot [ 41 42 <para>The &release.type; distribution to which these release notes 43 apply represents a point along the &release.branch; development 44 branch between &release.prev; and the future &release.next;. Some 45 pre-built, binary &release.type; distributions along this branch 46 can be found at <ulink url="&release.url;"></ulink>.</para> 47 48]]> 49 50<![ %release.type.release [ 51 52 <para>This distribution of &os; &release.current; is a 53 &release.type; distribution. It can be found at <ulink 54 url="&release.url;"></ulink> or any of its mirrors. More 55 information on obtaining this (or other) &release.type; 56 distributions of &os; can be found in the <ulink 57 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining 58 FreeBSD</quote> appendix</ulink> to the <ulink 59 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 60 Handbook</ulink>.</para> 61 62]]> 63</sect1> 64 65<sect1> 66 <title>What's New</title> 67 68 <para>This section describes 69<![ %include.historic; [ 70 the most user-visible new or changed features in &os; 71 since &release.prev;. 72 In general, changes described here are unique to the &release.branch; 73 branch unless specifically marked as &merged; features. 74]]> 75<![ %no.include.historic; [ 76 many of the user-visible new or changed features in &os; 77 since &release.prev;. It includes items that are unique to the 78 &release.branch; branch, as well as some features that may have been 79 recently merged to 80 other branches (after &os; &release.prev.historic;). The later 81 items are marked as &merged;. 82]]> 83 </para> 84 85 <para>Typical release note items 86 document new drivers or hardware support, new commands or options, 87 major bugfixes, or contributed software upgrades. Applicable security 88 advisories issued after &release.prev; are also listed.</para> 89 90 <para>Many additional changes were made to &os; that are not listed 91 here for lack of space. For example, documentation was corrected 92 and improved, minor bugs were fixed, insecure coding practices 93 were audited and corrected, and source code was cleaned up.</para> 94 95 <sect2 id="kernel"> 96 <title>Kernel Changes</title> 97 98 <para>&man.acct.2; has been changed to open the accounting file in 99 append mode, so that &man.accton.8; can be used to enable 100 accounting to an append-only file. &merged;</para> 101 102 <para arch="i386" role="historic">The &man.amdpm.4; driver has been added to 103 provide access to the system monitoring functions of the AMD 756 104 chipset. &merged;</para> 105 106 <para role="historic">The &man.agp.4; driver for AGP devices has been 107 added. &merged;</para> 108 109 <para>A new &man.ddb.4; command <command>show pcpu</command> lists 110 some of the per-CPU data.</para> 111 112 <para role="historic">Two new &man.ddb.4; commands, <command>hwatch</command> and 113 <command>dhwatch</command>, have been introduced. Analogous to 114 <command>watch</command> and <command>dwatch</command>, they 115 install hardware watchpoints (as opposed to software 116 watchpoints) if supported by the architecture. &merged;</para> 117 118 <para>&man.devfs.5;, which allows entries in the 119 <filename>/dev</filename> directory to be built automatically 120 and supports more flexible attachment of devices, has been 121 largely reworked. &man.devfs.5; is now enabled by default and 122 can be disabled by the <literal>NODEVFS</literal> kernel 123 option.</para> 124 125 <para>The &man.devfs.5; <quote>rule</quote> subsystem has been introduced. DEVFS rules 126 permit the administrator to define certain properties of new device 127 nodes before they become visible to the userland. Both static (e.g. 128 <filename>/dev/speaker</filename>) and dynamic (e.g. 129 <filename>/dev/bpf*</filename>, some removable devices) nodes are 130 supported. Each &man.devfs.5; mount may have a different ruleset assigned to 131 it, permitting different policies to be implemented for things like 132 jails. Rules and rulesets are manipulated with the &man.devfs.8; 133 utility.</para> 134 135 <para>The dgm driver has been removed in favor of the digi driver.</para> 136 137 <para>A new digi driver has been added to support PCI Xr-based and 138 ISA Xem Digiboard cards. A new &man.digictl.8; program is 139 (mainly) used to re-initialize cards that have external port 140 modules attached such as the PC/Xem.</para> 141 142 <para>An &man.eaccess.2; system call has been added, similar to 143 &man.access.2; except that the former uses effective credentials 144 rather than real credentials.</para> 145 146 <para arch="sparc64">Support has been added for EBus-based 147 devices.</para> 148 149 <para arch="i386" role="historic">The &man.ichsmb.4; driver for the Intel 82801AA 150 (ICH) SMBus controller and compatibles has been 151 added. &merged;</para> 152 153 <para>Each &man.jail.2; environment can now run under its own 154 securelevel.</para> 155 156 <para>The tunable sysctl variables for &man.jail.2; have moved 157 from <varname>jail.*</varname> to the 158 <varname>security.*</varname> hierarchy. Other security-related 159 sysctl variables have moved from <varname>kern.security.*</varname> to 160 <varname>security.*</varname>.</para> 161 162 <para role="historic">The <varname>kern.maxvnodes</varname> limit now properly 163 limits the number of vnodes in use. Previously only vnodes with 164 no cached pages could be freed; this could allow the number of 165 vnodes to grow without limit on large-memory machines accessing 166 many small files. A <literal>vnlru</literal> kernel thread 167 helps to flush and reuse vnodes. &merged;</para> 168 169 <para role="historic">The kernel message buffer is now accessible by the 170 (machine-independent) <varname>kern.msgbuf</varname> sysctl 171 variable; &man.dmesg.8; no longer needs to be SGID 172 <groupname>kmem</groupname>. &merged;</para> 173 174 <para>The kernel environment is now dynamic, and can be changed 175 via the new &man.kenv.2; system call.</para> 176 177 <para role="historic">The &man.kqueue.2; event notification facility was added to 178 the &os; kernel. This is a new interface which is able to 179 replace &man.poll.2;/&man.select.2;, offering improved 180 performance, as well as the ability to report many different 181 types of events. Support for monitoring changes in sockets, 182 pipes, fifos, and files are present, as well as for signals and 183 processes. &merged;</para> 184 185 <para arch="i386,pc98" role="historic">A new <varname>KVA_SPACE</varname> kernel option 186 can be used to reconfigure the size of the kernel virtual 187 address space. &merged;</para> 188 189 <para>The labpc(4) driver has been removed due to 190 <quote>bitrot</quote>.</para> 191 192 <para>The loader and kernel linker now look for files named 193 <filename>linker.hints</filename> in each directory with KLDs 194 for a module name and version to KLD filename mapping. The new 195 &man.kldxref.8; utility is used to generate these files.</para> 196 197 <para role="historic">Linux emulation now supports the kernel functionality 198 required by the 199 <filename role="package">emulators/linux_base</filename> 200 (RedHat 7.X emulation) port. &merged;</para> 201 202 <para role="historic">Linux emulation now requires <literal>options 203 SYSVSEM</literal> in the kernel configuration. &merged;</para> 204 205 <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control 206 security facility, has been added as a kernel module. It 207 provides a drop-in security mechanism in addition to the 208 traditional UID-based security facilities, requiring no 209 additional configuration from the administrator. Work on this 210 feature was sponsored by DARPA and NAI Labs.</para> 211 212 <para arch="ia64">Machine Check Architecture (MCA) records are now 213 collected at boot time and made available through the 214 <varname>hw.mca.*</varname> sysctl variables.</para> 215 216 <para role="historic">The <varname>maxusers</varname> kernel configuration 217 parameter is now a boot-time tunable variable. The kernel 218 parameters derived from <varname>maxusers</varname> are now also 219 tunables and can be overridden at boot-time. The 220 <varname>hz</varname> parameter is also now a 221 tunable. &merged;</para> 222 223 <para role="historic">Specifying a value of <literal>0</literal> for the 224 <varname>maxusers</varname> kernel configuration parameter will 225 now cause an appropriate value to be calculated at boot-time 226 (between 32 and 384, depending on the amount of memory present). 227 This value is now the default for all 228 <filename>GENERIC</filename> kernels. &merged;</para> 229 230 <para arch="alpha" role="historic">A <varname>MAXMEM</varname> kernel option, 231 along with the <varname>hw.physmem</varname> loader tunable, can 232 be used to artificially reduce the memory size of a machine for 233 testing (or other purposes). &merged;</para> 234 235 <para role="historic">The kernel configuration parameters 236 <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>, 237 <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>, 238 <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are 239 all loader tunables (<varname>kern.maxtsiz</varname>, 240 <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para> 241 242 <para>&man.mutex.9; profiling code has been added, enabled by the 243 <literal>MUTEX_PROFILING</literal> kernel configuration option. 244 It enables the <varname>debug.mutex.prof.*</varname> hierarchy 245 of sysctl variables.</para> 246 247 <para arch="i386,pc98" role="historic">The <literal>NCPU</literal>, 248 <literal>NAPIC</literal>, <literal>NBUS</literal>, and 249 <literal>NINTR</literal> kernel configuration options, 250 for configuring SMP kernels, have been removed. 251 <literal>NCPU</literal> is now set to a maximum of 16, 252 and the other, aforementioned options are now 253 dynamic. &merged;</para> 254 255 <para role="historic">A &man.nmdm.4; null-modem terminal driver has been added. 256 &merged;</para> 257 258 <para role="historic">The <literal>O_DIRECT</literal> flag has been added to 259 &man.open.2; and &man.fcntl.2;. Specifying this flag for open 260 files will attempt to minimize the cache effects of reading and 261 writing. &merged;</para> 262 263 <para role="historic">An &man.orm.4; device has been added to claim the option 264 ROMs in the ISA memory I/O space, to prevent other drivers from 265 mistakenly assigning addresses that conflict with these 266 ROMs. &merged;</para> 267 268 <para arch="i386,pc98">PECOFF (Win32 Execution file format) support has 269 been added.</para> 270 271 <para arch="pc98" role="historic">The pmc driver, which supports the power 272 management controller of the NEC PC-98NOTE, has been 273 added. &merged;</para> 274 275 <para role="historic">POSIX.1b Shared Memory Objects are now supported. The 276 implementation uses regular files, but automatically enables the 277 MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para> 278 279 <para role="historic">Replaced the <literal>PQ_*CACHE</literal> options with a 280 single <literal>PQ_CACHESIZE</literal> option to be set to the 281 cache size in kilobytes. The old options are still supported 282 for backwards compatibility. &merged;</para> 283 284 <para arch="i386" role="historic">The &man.puc.4; (PCI <quote>Universal</quote> 285 Communications) driver has been added, to help connect PCI-based 286 serial ports to the &man.sio.4; driver. &merged;</para> 287 288 <para>The &man.random.4; device has been rewritten to use the 289 <application>Yarrow</application> algorithm. It harvests 290 entropy from a variety of interrupt sources, including the 291 console devices, Ethernet and point-to-point network interfaces, 292 and mass-storage devices. Entropy from the &man.random.4; 293 device is now periodically saved to files in 294 <filename>/var/db/entropy</filename>, as well as at shutdown 295 time. The semantics of <filename>/dev/random</filename> have 296 changed; it never blocks waiting for entropy bits but generates 297 a stream of pseudo-random data and now behaves exactly as 298 <filename>/dev/urandom</filename>.</para> 299 300 <para>A new kernel option, <literal>options REGRESSION</literal>, 301 enables interfaces and functionality intended for use during 302 correctness and regression testing.</para> 303 304 <para><literal>RLIMIT_VMEM</literal> support has been added. This 305 feature defines a new resource limit that covers a process's 306 entire virtual memory space, including &man.mmap.2; space. This 307 limit can be configured in &man.login.conf.5; via the new 308 <varname>vmemoryuse</varname> variable. &merged;</para> 309 310 <para arch="sparc64">Support has been added for SBus-based 311 devices.</para> 312 313 <para arch="sparc64">The se driver, which supports the Siemens 314 SAB82532 serial chip found on many newer Sparc Ultra machines, 315 has been added.</para> 316 317 <para role="historic">The &man.snp.4; device is no longer static and can now be 318 compiled as a module. &merged;</para> 319 320 <para arch="i386" role="historic">The &man.spic.4; driver, which provides access 321 to the Jog Dial device on some Sony laptops, has been 322 added. &man.moused.8; support for this device has also been 323 added. &merged;</para> 324 325 <para>The &man.syscons.4; driver now supports keyboard-controlled 326 pasting, by default bound to 327 <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para> 328 329 <para role="historic">Support for USB devices was added to the 330 <filename>GENERIC</filename> kernel and to the installation 331 programs to support USB devices out of the box. Note that SRM 332 does not support USB devices at the moment, so you must still 333 use an AT keyboard if you are not using a serial 334 console. &merged;</para> 335 336 <para>The uaudio driver, for USB audio devices, has been 337 added.</para> 338 339 <para arch="i386,pc98" role="historic">The &man.umodem.4; driver for USB modems 340 has been added. Support is provided for the 3Com 5605 and 341 Metricom Ricochet GS wireless USB modems. &merged;</para> 342 343 <para arch="i386,pc98" role="historic">The &man.uscanner.4; driver for basic USB 344 scanner support using SANE has been added. See <ulink 345 url="http://www.mostang.com/sane/">the SANE home page</ulink> 346 for supported scanners. The HP ScanJet 4100C, 5200C and 6300C 347 are known to be working. &merged;</para> 348 349 <para>The &man.ucom.4; device driver has been added, to support USB 350 modems, serial devices, and other programs that need to look 351 like a tty. The related &man.uplcom.4; and &man.uvscom.4; drivers provide specific 352 support for the Prolific PL-2303 serial adapter and the SUNTAC 353 Slipper U VS-10U, respectively. &merged;</para> 354 355 <para>To increase security, the <literal>UCONSOLE</literal> kernel 356 configuration option has been removed.</para> 357 358 <para arch="i386,pc98">The UserConfig boot-time kernel configuration 359 feature, usually used to enable, disable, or configure ISA 360 devices, has been removed. Its functionality has been replaced 361 by the kernel hints file in 362 <filename>/boot/device.hints</filename>.</para> 363 364 <para>The <literal>USER_LDT</literal> kernel option is now 365 activated by default.</para> 366 367 <para>The uvisor driver for connecting Handspring Visors via USB 368 has been added. &merged;</para> 369 370 <para>A VESA S3 linear framebuffer driver has been added.</para> 371 372 <para arch="i386" role="historic">The &man.viapm.4; driver for VIA SMBus 373 power management controllers has been added. &merged;</para> 374 375 <!-- Above this line, sort kernel changes by manpage/keyword--> 376 377 <para role="historic">Write combining for crashdumps has been implemented. This 378 feature is useful when write caching is disabled on both SCSI 379 and IDE disks, where large memory dumps could take up to an hour 380 to complete. &merged;</para> 381 382 <para>The kernel crashdump infrastructure has been revised, to 383 support new platforms and in general clean up the logic in the 384 code. One implication of this change is that the on-disk format 385 for kernel dumps has changed, and is now 386 byte-order-agnostic.</para> 387 388 <para>Extremely large swap areas (>67 GB) no longer panic the 389 system.</para> 390 391 <para arch="alpha">Support for threads under Linux emulation has 392 been added.</para> 393 394 <para role="historic">The <maketarget>buildkernel</maketarget> target now gets the 395 name of the configuration(s) to build from the 396 <varname>KERNCONF</varname> variable, not 397 <varname>KERNEL</varname>. It is no longer required, in some 398 cases, for a <maketarget>buildworld</maketarget> to precede a 399 <maketarget>buildkernel</maketarget>. (The 400 <maketarget>buildworld</maketarget> is still required when 401 upgrading across major releases, across 402 <application>binutil</application> updates and when 403 &man.config.8; changes version.) &merged;</para> 404 405 <para role="historic">The out-of-swap process termination code now begins killing 406 processes earlier to avoid deadlocks; it now also takes into 407 account the swap space used by processes when computing the 408 process sizes. &merged;</para> 409 410 <para>Linker sets are now self-contained; gensetdefs(8) is 411 unnecessary and has been removed.</para> 412 413 <para role="historic">Network device cloning has been implemented, and the 414 &man.gif.4; device has been modified to take advantage of it. 415 Thus, instead of specifying how many &man.gif.4; interfaces are 416 available in kernel configuration files, &man.ifconfig.8;'s 417 <option>create</option> option should be used when another device 418 instance is desired. &merged;</para> 419 420 <para>It is now possible to hardwire kernel environment variables 421 (such as tuneables) at compile-time using &man.config.8;'s 422 <literal>ENV</literal> directive.</para> 423 424 <para>Idle zeroing of pages can be enabled with the 425 <varname>vm.idlezero_enable</varname> sysctl variable.</para> 426 427 <para arch="i386,pc98" role="historic">The load addresses of kernels are now exported 428 to the symbol table and various hard-coded constants have been 429 removed so that utilities such as &man.ps.1; can work with 430 kernels compiled at different addresses. &merged;</para> 431 432 <para role="historic">Coredumps of large processes (or of a large number of 433 processes) no longer lock up the machine for long periods of 434 time. &merged;</para> 435 436 <para>The &os; kernel scheduler now supports Kernel-Scheduled 437 Entities (KSEs), which provides support for multiple threads of 438 execution per process similar to Schedular Activations. At this 439 point, the kernel has most of the changes needed to support 440 threading. The kernel scheduler can schedule multiple threads per 441 process, but only on a single CPU at a time. Support for 442 userland programs to create and utilize multiple threads is not 443 yet completed. 444 445 <note> 446 <para>KSE is a work in progress.</para> 447 </note> 448 449 </para> 450 451 <para>The kernel now has support for multiple low-level console 452 devices. The new &man.conscontrol.8; utility helps to manage 453 the different consoles.</para> 454 455 <para arch="alpha">The console driver has gained support for 456 TGA-based display adapters.</para> 457 458 <para role="historic">The kernel on the installation CDs is now separated from the 459 <filename>mfsroot</filename> image. This permits the use of a 460 full kernel when installing from CD on machines that support CD 461 booting (instead of the stripped-down kernel used on 462 floppies). &merged;</para> 463 464 <para role="historic">The system load average computation now adds some jitter to 465 the timing of samples, in order to avoid synchronization with 466 processes that run periodically. &merged;</para> 467 468 <para role="historic">If a debugging kernel with modules is being built 469 (i.e. using <literal>makeoptions DEBUG=-g</literal>), the 470 modules will now be built with debugging support as well, for 471 completeness. A side effect of this change is that modules 472 built and installed with debugging kernels will now occupy more 473 space on disk than they did previously. &merged;</para> 474 475 <para role="historic">The kernel dump device can now be set via the 476 <varname>dumpdev</varname> loader tunable. As a result, it is 477 now possible to obtain crash dumps from panics during the late 478 stages of kernel initialization (before the system enters into 479 single-user mode). &merged;</para> 480 481 <para>The kernel memory allocator is now a slab memory allocator, 482 similar to that used in Solaris. This is a SMP-safe memory 483 allocator that has near-linear performance as the number of CPUs 484 increases. It also allows for reduced memory 485 fragmentation.</para> 486 487 <sect3> 488 <title>Processor/Motherboard Support</title> 489 490 <para>SMP support has been largely reworked, incorporating code 491 from BSD/OS 5.0. One of the main features of SMPng 492 (<quote>SMP Next Generation</quote>) is to allow more 493 processes to run in kernel, without the need for spin locks 494 that can dramatically reduce the efficiency of multiple 495 processors. Interrupt handlers now have contexts associated 496 with them that allow them to be blocked, which reduces the 497 need to lock out interrupts.</para> 498 499 <para arch="i386,pc98">Support for the 80386 processor has been 500 removed from the <filename>GENERIC</filename> kernel, as this 501 code seriously pessimizes performance on other IA32 502 processors. 503 The <literal>I386_CPU</literal> kernel option 504 to support the 80386 processor is now mutually exclusive with 505 support for other IA32 processors; this should slightly 506 improve performance on the 80386 due to the elimination of 507 runtime processor type checks. 508 Custom kernels that will run on the 80386 can 509 still be built by changing the cpu options in the kernel 510 configuration file to only include 511 <literal>I386_CPU</literal>.</para> 512 513 <para arch="alpha" role="historic">AlphaServer 1200 (<quote>Tincup</quote>) has 514 been tested and works OK. Currently it does not want to boot 515 from CD or floppy but a transplanted disk that was installed 516 on another Alpha works well. &merged;</para> 517 518 <para arch="alpha">The API UP1100 mainboard has been verified to 519 work.</para> 520 521 <para arch="alpha">The API CS20 1U high server has been verified 522 to work.</para> 523 524 <para arch="alpha">Support for AlphaServer 2100A 525 (<quote>Lynx</quote>) has been added.</para> 526 527 <para arch="alpha">Kernel code has been added that allows older 528 generation Alpha CPUs (EV4 and EV5) to emulate instructions of 529 the newer Alpha CPU generations. This enables the use of 530 binary-only programs like <application>Adobe Acrobat 531 4</application> on EV4 and EV5.</para> 532 533 <para arch="alpha">SMP support for the Alpha is now operational.</para> 534 535 <para arch="i386" role="historic">Detection for new processors, such as the 536 FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and 537 Transmeta Crusoe LongRun, has been added. &merged;</para> 538 539 <para arch="alpha">Support for the following hardware has been 540 removed from the installation kernel to make it fit on a 541 1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine, 542 sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595), 543 pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS 544 900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb 545 (Winbond W89C840F).</para> 546 547 <para arch="i386" role="historic">Support for Streaming <acronym>SIMD</acronym> 548 Extensions (<acronym>SSE</acronym>) has been introduced. The 549 <literal>CPU_ENABLE_SSE</literal> kernel option controls 550 whether support is compiled into the kernel. &merged;</para> 551 552 <para arch="i386" role="historic">The <literal>CPU_ATHLON_SSE_HACK</literal> 553 kernel option has been added, which attempts to enable the SSE 554 feature bit on newer Athlon CPUs if the BIOS has forgotten to 555 enable it. &merged;</para> 556 557 <para arch="sparc64">The UltraSPARC platform is now supported by 558 &os;. The following machines are supported to at least some 559 degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade 560 100. SMP is supported, and has been tested on the 561 Ultra 2, Ultra 60, Enterprise 220R, and 562 Enterprise 420R.</para> 563 564 <para arch="i386">On some systems, the BIOS does not activate 565 the I/O ports and memory of PC devices, thus making them 566 unusable. The <varname>hw.pci.enable_io_modes</varname> 567 sysctl/boot loader variable (which defaults to 568 <literal>1</literal>, for <quote>enabled</quote>) 569 forces &os; to enable these devices so that they can be 570 used.</para> 571 572 <para arch="alpha">Support for TurboChannel Alphas has been 573 removed.</para> 574 575 </sect3> 576 577 <sect3> 578 <title>Bootloader Changes</title> 579 580 <para arch="i386" role="historic"><filename>boot2</filename> now supports a 581 <option>-n</option> option to disallow boot interruption by 582 keypresses. &merged;</para> 583 584 <para arch="i386" role="historic">A new <filename>cdboot</filename> bootstrap 585 utility for CDROMs provides better compatability with some 586 BIOS implementations that do not completely implement the El 587 Torito bootable CDROM standard. This boot loader supports 588 <quote>no emulation</quote> mode booting, thus eliminating the 589 need for an emulated floppy disk image on a bootable 590 CDROM. &merged;</para> 591 592 <para arch="i386,pc98" role="historic">The i386 boot loader now has support for a 593 <literal>nullconsole</literal> console type, for use on 594 systems with neither a video console nor a serial 595 port. &merged;</para> 596 597 <para arch="i386,pc98" role="historic">The &man.loader.8; now has optional support 598 (enabled at compile-time, off by default) for loading 599 <application>bzip2</application>-compressed kernels and 600 modules. &merged;</para> 601 602 <para arch="i386" role="historic">Support for Intel's Wired for Management 2.0 603 (PXE) was added to the &os; boot loader. Due to API 604 differences, the older PXE versions are not supported. This 605 allow network booting using DHCP. &merged;</para> 606 607 <!-- Above this line, order bootloader changes by keyword--> 608 609 <para arch="i386" role="historic">The &os; boot loader now contains a workaround 610 to support CDROM booting on certain IBM BIOSs that expect the 611 first sector of the emulated floppy to contain a valid MS-DOS 612 BPB that they can modify. &merged;</para> 613 614 <para arch="i386,pc98" role="historic">The &os; boot loader now supports a 615 <option>-p</option> flag to force the kernel to pause after 616 each line of output during the probing phase. &merged;</para> 617 618 <para arch="alpha,i386" role="historic">The &os; boot loader is now capable of 619 booting from filesystems with block sizes larger than 620 8K. &merged;</para> 621 622 <para>The kernel and modules have been moved to the directory 623 <filename>/boot/kernel</filename>, so they can be easily 624 manipulated together. The boot loader has been updated to 625 make this change as seamless as possible.</para> 626 </sect3> 627 628 <sect3> 629 <title>Network Interface Support</title> 630 631 <para role="historic">The &man.an.4; driver for Cisco Aironet cards now supports 632 Wired Equivalent Privacy (WEP) encryption, settable via 633 &man.ancontrol.8;. &merged;</para> 634 635 <para role="historic">The &man.an.4; driver now supports the Cisco Aironet 350 636 series of adaptors. &merged;</para> 637 638 <para role="historic">The &man.an.4; driver now supports <quote>monitor</quote> 639 mode, settable via the <option>-M</option> option to 640 &man.ancontrol.8;. &merged;</para> 641 642 <para role="historic">The &man.an.4; driver now supports Cisco LEAP, as well as 643 the <quote>Home</quote> WEP key. The Linux Aironet utilities 644 are now supported under emulation. &merged;</para> 645 646 <para arch="i386,pc98" role="historic">Generic support for ARCNET token-based 647 networks has been added. &merged;</para> 648 649 <para arch="i386,pc98" role="historic">The &man.bge.4; driver has been added to 650 support the Broadcom BCM570x family of Gigabit Ethernet 651 controllers, including the 3Com 3c996-T, the SysKonnect 652 SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on 653 Dell PowerEdge 2550 servers. Output TCP/IP checksum offload, 654 jumbo frames and VLAN tag insertion/stripping are supported, 655 as well as interrupt moderation. &merged;</para> 656 657 <para arch="i386" role="historic">The cm driver has been added to support SMC 658 COM90cx6 ARCNET network adapters. &merged;</para> 659 660 <para>The &man.dc.4; driver now supports NICs based on the Xircom 661 3201 and Conexant LANfinity RS7112 chips.</para> 662 663 <para role="historic">The &man.dc.4; driver now has support for 664 VLANs. &merged;</para> 665 666 <para role="historic">The &man.de.4; driver now performs round-robin arbitration 667 between the transmit and receive units of the 21143, instead 668 of giving priority to the receive unit. This gives a 669 10–15% performance improvement in the forwarding rate 670 under heavy load. &merged;</para> 671 672 <para arch="alpha">The &man.ed.4; driver is now supported.</para> 673 674 <para arch="i386,pc98" role="historic">Linksys Fast Ethernet PCCARD cards supported 675 by the &man.ed.4; driver now require the addition of flag 676 <literal>0x80000</literal> to their config line in 677 &man.pccard.conf.5;. This flag is not optional. These 678 Linksys cards will not be recognized without 679 it. &merged;</para> 680 681 <para role="historic">A bug in the &man.ed.4; driver that could cause panics 682 with very short packets and BPF or bridging active has been 683 fixed. &merged;</para> 684 685 <para role="historic">The &man.ed.4; driver now has support for D-Link DL10022 686 chips, necessary for the NetGear FA-410TX and other cards. As 687 a result, <literal>device miibus</literal> is required in 688 kernel configurations using the &man.ed.4; 689 driver. &merged;</para> 690 691 <para arch="i386">The &man.el.4; driver can now be loaded as a 692 module.</para> 693 694 <para arch="i386,pc98,ia64" role="historic">The &man.em.4; driver has been added to 695 support NICs based on the Intel 82542, 82543, 82544, 82545EM, 696 and 82546EB 697 Gigabit Ethernet controller chips. The driver has VLAN 698 support, and also supports 699 transmit/receive checksum offload and jumbo frames on 82543 700 and 82544-based adapters. &merged;</para> 701 702 <para role="historic">The &man.faith.4; device is now loadable, unloadable, and 703 clonable. &merged;</para> 704 705 <para arch="i386,pc98" role="historic">Support for Fujitsu MB86960A/MB86965A based 706 Ethernet PC-Cards has been added back in the &man.fe.4; 707 driver. &merged;</para> 708 709 <para arch="alpha" role="historic">The &man.fpa.4; driver now supports Digital's 710 DEFPA FDDI adaptors on the Alpha. &merged;</para> 711 712 <para role="historic">The &man.fxp.4; driver now requires a <literal>device 713 miibus</literal> entry in the kernel configuration 714 file. &merged;</para> 715 716 <para role="historic">The &man.fxp.4; driver now contains a workaround for PCI 717 protocol violations caused by defects in some systems based on 718 the Intel ICH2/ICH2-M chip. The workaround is to rewrite the 719 EEPROM on the interface to disable Dynamic Standby Mode; once 720 the EEPROM is rewritten, the system needs to be rebooted for 721 the new settings to take effect. &merged;</para> 722 723 <para role="historic">The &man.fxp.4; driver now supports Intel's loadable 724 microcode to implement receive-side interrupt coalescing and 725 packet bundling, on NICs that support these features. This 726 support can be activated by the use of the 727 <option>link0</option> option to 728 &man.ifconfig.8;. &merged;</para> 729 730 <para arch="sparc64">The gem driver has been added to support 731 the Sun GEM Gigabit Ethernet and ERI Fast Ethernet 732 adapters.</para> 733 734 <para role="historic">The &man.gx.4; driver has been added to support NICs based 735 on the Intel 82542 and 82543 Gigabit Ethernet controller 736 chips. Both fiber and copper variants of the cards are 737 supported. Both boards support VLAN tagging/insertion, and 738 the 82543 additionally supports TCP/IP checksum 739 offload. &merged;</para> 740 741 <para arch="sparc64">The hme driver has been added to support 742 the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra 743 series machines.</para> 744 745 <para role="historic">The &man.lge.4; driver has been added to support the Level 746 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This 747 device is used on some fiber optic GigE cards from SMC, D-Link 748 and Addtron. Jumbograms and TCP/IP checksum offload on 749 receive are supported, although hardware VLAN filtering is 750 not. &merged;</para> 751 752 <para role="historic">The my driver, which supports the Myson Fast Ethernet and 753 Gigabit Ethernet adapters, has been added. &merged;</para> 754 755 <para role="historic">Added the &man.nge.4; driver, which supports PCI Gigabit 756 Ethernet adapters based on the National Semiconductor DP83820 757 and DP83821 Gigabit Ethernet controller chips, including the 758 D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante 759 FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T. 760 This driver supports transmit and receive checksum 761 offloading. &merged;</para> 762 763 <para role="historic">The &man.pcn.4; driver, which supports the AMD PCnet/FAST, 764 PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and 765 HomePNA adapters, has been added. Although these cards are 766 already supported by the &man.lnc.4; driver, the &man.pcn.4; 767 driver runs these chips in 32-bit mode and uses the RX 768 alignment feature to achieve zero-copy receive. This driver 769 is also machine-independent, so it will work on the i386, 770 pc98 and Alpha platforms. The &man.lnc.4; driver is still needed 771 to support non-PCI cards. &merged;</para> 772 773 <para role="historic">The &man.ray.4; driver, which supports the Webgear Aviator 774 wireless network cards, has been committed. The operation of 775 &man.ray.4; interfaces can be modified by 776 &man.raycontrol.8;. &merged;</para> 777 778 <para arch="i386,pc98">The &man.rp.4; driver has been updated to 779 version 3.02 and can now be built as a module. &merged;</para> 780 781 <para arch="i386" role="historic">The sbni driver, for supporting the Granch 782 SBNI12 series of ISA and PCI point-to-point communications 783 interfaces, has been added. The <filename 784 role="package">sysutils/sbniconfig</filename> port in the &os; 785 Ports Collection can be used for configuring these 786 devices. &merged;</para> 787 788 <para role="historic">Added support for PCI Ethernet adapters based on the SiS 789 900 and SiS 7016 Fast Ethernet controller chips (for example, 790 as seen on the SiS 635 and 735 motherboard chipsets), as well 791 as the National Semiconductor DP83815 chipset (including the 792 NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4; 793 driver. This device has support for VLANs. &merged;</para> 794 795 <para arch="pc98" role="historic">The snc driver for the National Semiconductor 796 DP8393X (SONIC) Ethernet controller has been added. 797 Currently, this driver is only used on the PC-98 798 architecture. &merged;</para> 799 800 <para>The &man.stf.4; device is now clonable.</para> 801 802 <para role="historic">The &man.tap.4; driver, a virtual Ethernet device driver 803 for bridged configurations, has been added. This device is 804 clonable. &merged;</para> 805 806 <para role="historic">The &man.ti.4; driver now supports the Alteon AceNIC 807 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT 808 Gigabit cards. &merged;</para> 809 810 <para role="historic">The &man.ti.4; driver correctly masks VLAN tags. &merged;</para> 811 812 <para>The &man.tx.4; driver now supports true multicast 813 filtering.</para> 814 815 <para role="historic">The &man.txp.4; driver has been added to support NICs 816 based on the 3Com 3XP Typhoon/Sidewinder (3CR990) 817 chipset. &merged;</para> 818 819 <para role="historic">&man.vlan.4; devices are now loadable, unloadable, and 820 clonable. &merged;</para> 821 822 <para role="historic">The &man.wi.4; driver now has support for Prism II and 823 Prism 2.5-based NICs. 104/128-bit WEP now works on Prism 824 cards. &merged;</para> 825 826 <para role="historic">The &man.wi.4; driver now supports using a &os; host as 827 a wireless access point. This functionality can be enabled 828 using the <literal>mediaopt hostap</literal> option of 829 &man.ifconfig.8;. This feature requires a wireless 830 adapter based on the Prism II chipset. &merged;</para> 831 832 <para role="historic">The &man.wi.4; driver now has support for 833 <application>bsd-airtools</application>. &merged;</para> 834 835 <para role="historic">The xe driver can now be built as a 836 module. &merged;</para> 837 838 <para role="historic">The &man.xl.4; driver now supports the 3Com 3C556 and 839 3C556B MiniPCI adapters used on some laptops. &merged;</para> 840 841 <para role="historic">The &man.xl.4; driver now supports reception of VLAN 842 tagged frames (on the <quote>Cyclone</quote> or newer 843 chipsets). &merged;</para> 844 845 <para role="historic">The &man.xl.4; driver now supports send- and receive-side 846 TCP/IP checksum offloading for NICs implementing this feature, 847 such as the 3C905B, 3C905C, and 3C980C. &merged;</para> 848 849 <para role="historic">A bug in the &man.xl.4; driver, related to statistics 850 overflow interrupt handling, was causing slowdowns at medium 851 to high packet rates; this has been fixed. &merged;</para> 852 853 <para role="historic">The per-interface <varname>ifnet</varname> structure now 854 has the ability to indicate a set of capabilities supported by 855 a network interface, and which ones are enabled. 856 &man.ifconfig.8; has support for querying these 857 capabilities. &merged;</para> 858 859 <para role="historic">Performance with hosts having a large number of IP aliases 860 has been improved, by replacing the per-interface 861 <varname>if_inaddr</varname> linear list with a hash table. &merged;</para> 862 863 <para>Network devices now automatically appear as special files in 864 <filename>/dev/net</filename>. Interface hardware ioctls (not 865 protocol or routing) can be performed on these devices. The 866 <varname>SIOCGIFCONF</varname> ioctl may be performed on the 867 special <filename>/dev/network</filename> node.</para> 868 869 <para role="historic">Selected network drivers now implement a semi-polling 870 mode, which makes systems much more resilient to attacks and 871 overloads. To enable polling, the following options are 872 required in a kernel configuration file: 873 874 <programlisting>options DEVICE_POLLING 875options HZ=1000 # not compulsory but strongly recommended</programlisting> 876 877 The <varname>kern.polling.enable</varname> sysctl variable 878 will then activate polling mode; with the 879 <varname>kern.polling.user_frac</varname> sysctl indicating 880 the percentage of CPU time to be reserved for userland. The 881 devices initially supporting polling are &man.dc.4;, 882 &man.fxp.4;, &man.rl.4;, and &man.sis.4;. More details can be found in 883 the &man.polling.4; manual page. &merged;</para> 884 885 <para arch="i386,pc98" role="historic">The packet-forwarding performance of certain 886 network drivers (specifically &man.dc.4; and &man.sis.4;) has 887 been enhanced by the elimination of unnecessary buffer 888 copies. &merged;</para> 889 890 <para><quote>Zero copy</quote> support has been added to the 891 networking stack. This feature can eliminate a copy of 892 network data between the kernel and userland, which is one of 893 the more significant bottlenecks in network throughput. 894 The send-side code should work with almost any network 895 adapter, while the receive-side code requires a network 896 adapter with an MTU of at least one memory page size (for 897 example, jumbo frames on Gigabit Ethernet). For more 898 information, see &man.zero.copy.9;.</para> 899 </sect3> 900 901 <sect3> 902 <title>Network Protocols</title> 903 904 <para role="historic">&man.accept.filter.9;, a kernel feature to reduce 905 overheads when accepting and reading new connections on 906 listening sockets, has been added. &merged;</para> 907 908 <para role="historic">The <literal>proxy</literal> modifier to &man.arp.8;'s 909 <option>-d</option> option has been renamed to 910 <literal>pub</literal>, for consistency with the 911 <option>-s</option> option. The <literal>only</literal> keyword 912 has been added to the <option>-s</option> and 913 <option>-S</option> flags, to be used in creating 914 <quote>proxy-only</quote> published entries. &merged;</para> 915 916 <para role="historic">The read timeout feature of &man.bpf.4; now works more 917 correctly with &man.select.2;/&man.poll.2;, and therefore with 918 pthreads. &merged;</para> 919 920 <para role="historic">&man.bridge.4; and &man.dummynet.4; have received some 921 enhancements and bug fixes, and are now loadable 922 modules. &merged;</para> 923 924 <para role="historic">&man.bridge.4; now has better support for multiple, 925 fully-independent bridging clusters, and is much more stable 926 in the presence of dynamic attachments and detatchments. Full 927 support for VLANs is also supported. &merged;</para> 928 929 <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP 930 RSTs generated due to packets sent to open and unopen ports 931 are now limited by separate counters. Each rate limiting 932 queue now has its own description.</para> 933 934 <para role="historic">ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can 935 now RST TCP connections in the <literal>SYN_SENT</literal> 936 state if the correct sequence numbers are sent back, as 937 controlled by the 938 <varname>net.inet.tcp.icmp_may_rst</varname> sysctl. &merged;</para> 939 940 <para>IP multicast now works on VLAN devices. Several other 941 bugs in the VLAN code have also been fixed.</para> 942 943 <para role="historic">A bug in the IPsec processing for IPv4, which caused the 944 inbound SPD checks to be ignored, has been fixed. &merged;</para> 945 946 <para role="historic">&man.ipfw.4; now filters correctly in the presence of ECN 947 bits in TCP segments. &merged;</para> 948 949 <para>&man.ipfw.4; has been re-implemented (the new version is 950 commonly referred to as <quote>IPFW2</quote>). It now uses 951 variable-sized representation of rules in the kernel, similar 952 to &man.bpf.4; instructions. Most of the externally-visible 953 behavior (i.e. through &man.ipfw.8;) should be unchanged., 954 although &man.ipfw.8; now supports <literal>or</literal> 955 connectives between match fields. &merged;</para> 956 957 <para role="historic">A new ng_eiface netgraph module has been added, which 958 appears as an Ethernet interface but delivers its Ethernet 959 frames to a Netgraph hook. &merged;</para> 960 961 <para>A new &man.ng.device.4; netgraph node type has been added, 962 which creates a device entry in <filename>/dev</filename>, to 963 be used as the entry point to a networking graph.</para> 964 965 <para role="historic">A new &man.ng.etf.4; netgraph node allows Ethernet type 966 packets to be filtered to different hooks depending on 967 ethertype. &merged;</para> 968 969 <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph 970 nodes, for operating on &man.gif.4; devices, have been 971 added.</para> 972 973 <para>The &man.ng.ip.input.4; netgraph node, for queueing IP 974 packets into the main IP input processing code, has been 975 added.</para> 976 977 <para role="historic">The &man.ng.mppc.4; and &man.ng.bridge.4; node types have 978 been added to the &man.netgraph.4; subsystem. The 979 &man.ng.ether.4; node is now dynamically loadable. 980 Miscellaneous bug fixes and enhancements have also been 981 made. &merged;</para> 982 983 <para role="historic">A new netgraph node type &man.ng.one2many.4; for 984 multiplexing and demultiplexing packets over multiple links 985 has been added. &merged;</para> 986 987 <para>A new ng_split node type has been added for splitting a 988 bidirectional packet flow into two unidirectional flows.</para> 989 990 <para role="historic">A new sysctl 991 <varname>net.inet.ip.check_interface</varname>, which is on by 992 default, causes IP to verify that an incoming packet arrives 993 on an interface that has an address matching the packet's 994 destination address. &merged;</para> 995 996 <para role="historic">A new sysctl 997 <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has 998 been added to control the suppression of logging when ARP 999 replies arrive on the wrong interface. &merged;</para> 1000 1001 <para role="historic">A new <literal>options RANDOM_IP_ID</literal> kernel 1002 option causes the ID field of IP packets to be randomized. 1003 This closes a minor information leak which allows a remote 1004 observer to determine the rate at which the machine is 1005 generating packets, since the default behavior is to increment 1006 a counter for each packet sent. &merged;</para> 1007 1008 <para arch="alpha">SLIP has been removed from the 1009 <filename>mfsroot</filename> floppy image.</para> 1010 1011 <para role="historic">TCP has received some bug fixes for its delayed ACK 1012 behavior. &merged;</para> 1013 1014 <para role="historic">TCP now supports the NewReno modification to the TCP Fast 1015 Recovery algorithm. This behavior can be controlled via the 1016 <varname>net.inet.tcp.newreno</varname> sysctl 1017 variable. &merged;</para> 1018 1019 <para role="historic">TCP now uses a more aggressive timeout for initial SYN 1020 segments; this allows initial connection attempts to be 1021 dropped much faster. &merged;</para> 1022 1023 <para role="historic">The <literal>TCP_COMPAT_42</literal> kernel option has 1024 been removed. &merged;</para> 1025 1026 <para role="historic">The <literal>TCP_RESTRICT_RST</literal> kernel option has 1027 been removed. Similar functionality can be achieved with the 1028 <varname>net.inet.tcp.blackhole</varname> sysctl 1029 variable. &merged;</para> 1030 1031 <para role="historic">TCP now has RFC 1323 extensions enabled by default in 1032 &man.rc.conf.5;. &merged;</para> 1033 1034 <para role="historic">RFC 1323 and RFC 1644 TCP extensions are now disabled for 1035 a connection in progress if no response has been received by 1036 the third SYN segment sent. This behavior tries to work 1037 around (very old) terminal servers with buggy VJ header 1038 compression implementations. &merged;</para> 1039 1040 <para role="historic">The TCP implementation no longer requires the allocation 1041 of a TCP template structure for each connection; this should 1042 reduce the buffer usage on large systems handling many 1043 connections. &merged;</para> 1044 1045 <para role="historic">TCP's default buffer sizes, controlled by the 1046 <varname>net.inet.tcp.sendspace</varname> and 1047 <varname>net.inet.tcp.recvspace</varname> sysctl variables, 1048 have been increased to 32K and 64K respectively. Previously, 1049 the default for both buffer sizes was 16K. To try to avoid 1050 increasing congestion, the default value for 1051 <varname>net.inet.tcp.local_slowstart_flightsize</varname> has 1052 been changed from infinity to 4. &merged; 1053 1054 <note> 1055 <para>On busy hosts, the new larger buffer sizes may require 1056 manually increasing the 1057 <varname>NMBCLUSTERS</varname> parameter, either in the 1058 kernel configuration file or via the 1059 <varname>kern.ipc.nmbclusters</varname> loader tunable. 1060 <command>netstat -mb</command> can be used to monitor the 1061 state of mbuf clusters.</para> 1062 </note> 1063 </para> 1064 1065 <para role="historic">TCP now supports RFC 1948 (Defending Against Sequence 1066 Number Attacks). The 1067 <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl 1068 variable controls the reseeding of the secret data used in 1069 the RFC 1948 initial sequence number calculations. &merged;</para> 1070 1071 <para role="historic">The TCP implementation in &os; now implements a cache of 1072 outstanding, received SYN segments. Incoming SYN segments now 1073 cause entries to be placed in the cache until the TCP 1074 three-way handshake is complete, at which point, memory is 1075 allocated for the connection as usual. In addition, all TCP 1076 Initial Sequence Numbers (ISNs) are used as cookies, allowing 1077 entries in the cache to be dropped, but still have their 1078 corresponding ACKs accepted later. The combination of the 1079 so-called 1080 <quote>syncache</quote> and <quote>syncookies</quote> features 1081 makes a host much more resistant to TCP-based Denial of 1082 Service attacks. Work on this feature was sponsored by DARPA 1083 and NAI Labs. &merged;</para> 1084 1085 <para role="historic">A bug in the TCP implementation, which could cause 1086 connections to stall if a sender saw a zero-sized window, has 1087 been corrected. &merged;</para> 1088 1089 <para role="historic">The TCP implementation now properly ignores packets 1090 addressed to IP-layer broadcast addresses. &merged;</para> 1091 1092 <para>The ephemeral port range used for TCP and UDP has been 1093 changed to 49152–65535 (the old default was 1094 1024–5000). This increases the number of concurrent 1095 outgoing connections/streams.</para> 1096 </sect3> 1097 1098 <sect3> 1099 <title>Disks and Storage</title> 1100 1101 <para arch="i386" role="historic">Support for the Adaptec FSA family of PCI-SCSI 1102 RAID controllers has been added, in the form of the 1103 &man.aac.4; driver. This driver includes proper handling of 1104 commands initiated by the adapter, addition/removal of disk 1105 devices, crashdump functionality, and &man.ioctl.2; commands 1106 necessary for the management CLI, and is fully qualified and 1107 sanctioned by Adaptec. &merged;</para> 1108 1109 <para role="historic">The &man.ahc.4; driver has received numerous updates, 1110 bugfixes, and enhancements. Among various improvements are 1111 improved compatibility with chips in <quote>RAID Port</quote> 1112 mode and systems with AAA and/or ARO cards installed, as well 1113 as performance improvements. Some bugs were also fixed, 1114 including a rare hang on Ultra2/U160 1115 controllers. &merged;</para> 1116 1117 <para arch="i386">The ahd driver, which supports the Adaptec 1118 AIC7902 Ultra320 PCI-X SCSI Controller chip, has been 1119 added.</para> 1120 1121 <para arch="i386" role="historic">The &man.asr.4; driver, which provides support 1122 for the Adaptec SCSI RAID controller family, as well as the 1123 DPT SmartRAID V and VI families, has been 1124 added. &merged;</para> 1125 1126 <para arch="i386" role="historic">The &man.asr.4; driver now supports the 1127 Adaptec 2000S and 2005S Zero-Channel RAID 1128 controllers. &merged;</para> 1129 1130 <para role="historic">The &man.ata.4; driver now has support for ATA100 1131 controllers. In addition, it now supports the ServerWorks 1132 ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 1133 chipsets, and the Cyrix 5530. &merged;</para> 1134 1135 <para role="historic">To provide more flexible configuration, the various 1136 options for the &man.ata.4; driver are now boot loader 1137 tunables, rather than kernel configure-time 1138 options. &merged;</para> 1139 1140 <para role="historic">The &man.ata.4; driver now has support for tagged queuing, 1141 which is enabled by the <varname>hw.ata.tags</varname> loader 1142 tunable. &merged;</para> 1143 1144 <para role="historic">The &man.ata.4; driver now has support for ATA 1145 <quote>pseudo</quote> RAID controllers as the Promise Fasttrak 1146 and HighPoint HPT370 controllers. &merged;</para> 1147 1148 <para role="historic">The &man.ata.4; driver now supports a wider variety of SiS 1149 chipsets, as listed in the Hardware Notes. &merged;</para> 1150 1151 <para role="historic">The &man.ata.4; driver now has support for creating, 1152 deleting, querying, and rebuilding ATA RAIDs under control of 1153 &man.atacontrol.8;. &merged;</para> 1154 1155 <para role="historic">The BurnProof(TM) feature, for applicable ATAPI CD-ROM 1156 burners, is now supported. &merged;</para> 1157 1158 <para role="historic">The &man.ata.4; driver now has support for 48-bit 1159 addressing. Devices larger than 137GB are now 1160 supported. &merged;</para> 1161 1162 <para role="historic">The &man.ata.4; driver now contains fixes for some data 1163 corruption problems on systems using the VIA 82C686B 1164 Southbridge chip. &merged;</para> 1165 1166 <para>The &man.ata.4; driver (along with &man.burncd.8;) now 1167 supports writing to media in DVD+RW drives.</para> 1168 1169 <para>The &man.ata.4; driver now supports accessing ATA devices 1170 as SCSI devices via the CAM layer. This feature requires 1171 <literal>device atapicam</literal> in the kernel 1172 configuration.</para> 1173 1174 <para role="historic">The &man.cd.4; driver now has support for write 1175 operations. This allows writing to DVD-RAM, PD and similar 1176 drives that probe as CD devices. Note that change affects 1177 only random-access writeable devices, not sequential-only 1178 writeable devices such as CD-R drives, which are supported by 1179 &man.cdrecord.1; (a part of 1180 <filename role="package">sysutils/cdrtools</filename> in the 1181 Ports Collection. &merged;</para> 1182 1183 <para arch="i386" role="historic">The ciss driver, for devices utilizing the 1184 Common Interface for SCSI-3 Support, has been added. This 1185 driver supports the Compaq SmartRAID 5* family of RAID 1186 controllers (5300, 532, 5i). &merged;</para> 1187 1188 <para>The &man.fdc.4; floppy disk has undergone a number of 1189 enhancements. Density selection for common settings is now 1190 automatic; the driver is also much more flexible in setting 1191 the densities of various subdevices.</para> 1192 1193 <para>The &man.geom.4; disk I/O request transformation framework 1194 has been added; this extensible framework is designed to 1195 support a wide variety of operations on I/O requests on their 1196 way from the upper kernel to the device drivers.</para> 1197 1198 <para role="historic">The ida disk driver now has crashdump 1199 support. &merged;</para> 1200 1201 <para arch="i386" role="historic">The iir driver has been added to support the 1202 Intel Integrated RAID controllers, as well as prior ICP Vortex 1203 controllers.</para> 1204 1205 <para arch="alpha" role="historic">A bug that made certain CDROM drives fail to 1206 attach when connected to a SCSI card driven by &man.isp.4; has 1207 been fixed. &merged;</para> 1208 1209 <para>The &man.isp.4; driver is now proactive about discovering 1210 Fibre Channel topology changes.</para> 1211 1212 <para>The &man.isp.4; driver now supports target mode for Qlogic 1213 SCSI cards, including Ultra2 and Ultra3 and dual bus 1214 cards.</para> 1215 1216 <para role="historic">The &man.isp.4; driver now supports the Qlogic 2300 and 1217 2312 Optical Fibre Channel PCI cards. &merged;</para> 1218 1219 <para>&man.md.4;, the memory disk device, has had the 1220 functionality of &man.vn.4; incorporated into it. &man.md.4; 1221 devices can now be configured by &man.mdconfig.8;. &man.vn.4; 1222 has been removed. The Memory Filesystem (MFS) has also been 1223 removed.</para> 1224 1225 <para arch="i386,alpha,pc98,sparc64">The mpt driver, for 1226 supporting the LSI Logic Fusion/MP architecture Fiber Channel 1227 controllers, has been added. &merged;</para> 1228 1229 <para arch="i386" role="historic">The &man.mly.4; driver, for Mylex PCI to SCSI 1230 AccelRAID and eXtremeRAID controllers with firmware 6.X and 1231 later, has been added. &merged;</para> 1232 1233 <para arch="i386,pc98" role="historic">The ncv, nsp, and stg drivers have been ported 1234 from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja 1235 SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers. 1236 All three drivers can be built and loaded as 1237 modules. &merged;</para> 1238 1239 <para arch="powerpc">The ofw driver, a basic OpenFirmware disk 1240 driver, has been added.</para> 1241 1242 <para arch="i386">The pst driver, for supporting Promise 1243 SuperTrak ATA RAID controllers, has been 1244 added. &merged;</para> 1245 1246 <para>Some problems in &man.sa.4; error handling have been 1247 fixed, including the <quote>tape drive spinning indefinitely 1248 upon &man.mt.1; <option>stat</option></quote> problem.</para> 1249 1250 <para arch="i386" role="historic">The &man.twe.4; 3ware ATA RAID driver has 1251 added. &merged;</para> 1252 1253 <para role="historic">The &man.wd.4; compatibility devices were removed from the 1254 &man.ata.4; driver. &merged;</para> 1255 </sect3> 1256 1257 <sect3> 1258 <title>Filesystems</title> 1259 1260 <para>Support for named extended attributes was added to the 1261 &os; kernel. This allows the kernel, and appropriately 1262 privileged userland processes, to tag files and directories 1263 with attribute data. Extended attributes were added to 1264 support the TrustedBSD Project, in particular ACLs, capability 1265 data, and mandatory access control labels (see 1266 <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for 1267 details).</para> 1268 1269 <para role="historic">Due to a licensing change, softupdates have been 1270 integrated into the main portion of the kernel source tree. 1271 As a consequence, softupdates are now available with the 1272 <filename>GENERIC</filename> kernel. &merged;</para> 1273 1274 <para>A filesystem snapshot capability has been added to FFS. 1275 Details can be found in 1276 <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> 1277 1278<!-- The following note needs to be made more specific or eliminated. --> 1279 <para>Softupdates for FFS have received some bug fixes and 1280 enhancements.</para> 1281 1282 <para>When running with softupdates, &man.statfs.2; and 1283 &man.df.1; will track the number of blocks and files that are 1284 committed to being freed.</para> 1285 1286 <para role="historic">A bug in FFS that could cause superblock corruption on 1287 very large filesystems has been corrected. &merged;</para> 1288 1289 <para role="historic">The ISO-9660 filesystem now has a hook that supports a 1290 loadable character conversion routine. The 1291 <filename role="package">sysutils/cd9660_unicode</filename> 1292 port contains a set of common conversions. &merged;</para> 1293 1294 <para>&man.kernfs.5; is obsolete and has been retired.</para> 1295 1296 <para role="historic">A bug in the NFS client that caused bogus access times with 1297 <literal>O_EXCL|O_CREAT</literal> opens was 1298 fixed. &merged;</para> 1299 1300 <para role="historic">A new NFS hash function (based on the Fowler/Noll/Vo hash 1301 algorithm) has been implemented to improve NFS performance by 1302 increasing the efficiency of the <varname>nfsnode</varname> 1303 hash tables. &merged;</para> 1304 1305 <para>Client-side NFS locks have been implemented.</para> 1306 1307 <para>The client-side and server-side of the NFS code in the 1308 kernel used to be intertwined in various complex ways. They 1309 have been split apart for ease of maintenance and further 1310 development.</para> 1311 1312 <para>Support for filesystem Access Control Lists (ACLs) has 1313 been introduced, allowing more fine-grained control of 1314 discretionary access control on files and directories. This 1315 support was integrated from the TrustedBSD Project. More 1316 details can be found in 1317 <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para> 1318 1319 <para role="historic">The directory layout preference algorithm for FFS 1320 (<literal>dirprefs</literal>) has been changed. Rather than 1321 scattering directory blocks across a disk, it attempts to 1322 group related directory blocks together. Operations 1323 traversing large directory hierarchies, such as the &os; Ports 1324 tree, have shown marked speedups. This change is transparent 1325 and automatic for new directories. &merged;</para> 1326 1327 <para arch="i386,pc98" role="historic">smbfs (CIFS) support in kernel has been added. 1328 The userland programs &man.smbutil.1; and &man.mount.smbfs.8; 1329 can be used to work with SMB shares. Note that 1330 &man.mount.smbfs.8; will automatically load the 1331 <filename>smbfs.ko</filename> module into the kernel, even if 1332 <literal>LIBMCHAIN</literal> and 1333 <literal>LIBICONV</literal> were not compiled into the kernel. 1334 &merged;</para> 1335 1336 <para>For consistency, the fdesc, fifo, null, msdos, portal, 1337 umap, and union filesystems have been renamed to fdescfs, 1338 fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where 1339 applicable, modules and mount_* programs have been renamed. 1340 Compatibility <quote>glue</quote> has been added to 1341 &man.mount.8; so that <literal>msdos</literal> filesystem 1342 entries in &man.fstab.5; will work without changes.</para> 1343 1344 <para>pseudofs, a pseudo-filesystem framework, has been added. 1345 &man.linprocfs.5; and &man.procfs.5; have been modified to use 1346 pseudofs.</para> 1347 1348 <para role="historic">A simple hash-based lookup optimization for large 1349 directories called <literal>dirhash</literal> has been added. 1350 Conditional on the 1351 <literal>UFS_DIRHASH</literal> kernel option (enabled by 1352 default in the <filename>GENERIC</filename> kernel), it 1353 improves the speed of operations on very large directories at 1354 the expense of some memory. &merged;</para> 1355 1356 <para role="historic">The virtual memory subsystem now backs UFS directory 1357 memory requirements by default (this behavior is controlled 1358 via the <varname>vfs.vmiodirenable</varname> sysctl 1359 variable). &merged;</para> 1360 1361 <para role="historic">A bug that prevented the root filesystem from being 1362 mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were 1363 always supported). &merged;</para> 1364 1365 <para role="historic">A number of bugs in the filesystem code, discovered 1366 through the use of the <application>fsx</application> 1367 filesystem test tool, have been fixed. Under certain 1368 circumstances (primarily related to use of NFS), these bugs 1369 could cause data corruption or kernel panics. &merged;</para> 1370 1371 <para>Network filesystems (such as NFS and smbfs filesystems) 1372 listed in <filename>/etc/fstab</filename> can now be properly 1373 mounted during startup initialization; their mounts are 1374 deferred until after the network is initialized.</para> 1375 1376 <para>Read-only support for the Universal Disk Format (UDF) has 1377 been added. This format is used on packet-written CD-RWs and 1378 most commercial DVD-Video disks. The &man.mount.udf.8; 1379 command can be used to mount these disks.</para> 1380 1381 <para>Basic support has been added for the UFS2 filesystem. 1382 Among its features: 1383 1384 <itemizedlist> 1385 <listitem> 1386 <para>The inode has been expanded to 256 bytes to make 1387 space for 64-bit block pointers.</para> 1388 </listitem> 1389 1390 <listitem> 1391 <para>A file-creation time field has been added.</para> 1392 </listitem> 1393 1394 <listitem> 1395 <para>Space has been provided for extended attributes, up 1396 to twice the filesystem block size.</para> 1397 </listitem> 1398 </itemizedlist> 1399 1400 </para> 1401 1402 </sect3> 1403 1404 <sect3> 1405 <title>PCCARD Support</title> 1406 1407 <para arch="i386,pc98" role="historic">The pccard driver and &man.pccardc.8; now 1408 support multiple <quote>beep types</quote> upon card insertion 1409 and removal. &merged;</para> 1410 1411 <para role="historic">On many modern hosts, PCCARD devices can be configured to 1412 route their interrupts via either the ISA or PCI interrupt 1413 paths. The &man.pcic.4; driver has been updated to support 1414 both interrupt paths (formerly, only routing via ISA was 1415 supported). &merged; In most cases, configuration of PCMCIA 1416 devices in laptops is simpler and more flexible. In addition, 1417 various Cardbus bridge PCI cards (such as those used by 1418 Orinoco PCI NICs) are now supported. Some hosts may 1419 experience problems, such as hangs or panics, with PCI 1420 interrupt routing; they can frequently be made to work by 1421 forcing the older-style ISA interrupt routing. The following 1422 lines, placed in <filename>/boot/loader.conf</filename>, may 1423 fix the problem:</para> 1424 1425 <programlisting role="historic">hw.pcic.intr_path="1" 1426 hw.pcic.irq="0"</programlisting> 1427 1428 <para role="historic">When installing &os; on such a system, typing the 1429 following lines to the boot loader may be helpful in starting 1430 up &os; for the first time:<para> 1431 1432 <screen role="historic"><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput> 1433<prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen> 1434 1435 <para arch="i386">Preliminary Cardbus support under NEWCARD has 1436 been added. This code supports the TI113X, TI12XX, TI125X, 1437 Ricoh 5C46/5C47, Topic 95/97/100 and Cirrus Logic PD683X 1438 bridges. 16-bit PC Card support is not yet functional.</para> 1439 1440 <para arch="i386">NEWCARD is now the default pccard/cardbus 1441 system in the <filename>GENERIC</filename> kernel.</para> 1442 1443 </sect3> 1444 1445 <sect3> 1446 <title>Multimedia Support</title> 1447 1448 <para arch="i386" role="historic">The &man.pcm.4; driver now supports the ESS 1449 Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media 1450 fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound 1451 card/chipsets, and has received some other updates. Separate 1452 drivers for the SoundBlaster 8 and SoundBlaster 16 now replace 1453 an older, unified driver. A driver for the CMedia 1454 CMI8338/CMI8738 sound chips has been added. A driver for the 1455 CS4281 sound chip has been added. A driver for the S3 1456 SonicVibes chipset has been added. &merged;</para> 1457 1458 <para arch="i386" role="historic">A driver for the Avance Logic ALS4000 has been 1459 added. &merged;</para> 1460 1461 <para arch="i386" role="historic">A driver for the ESS Maestro-3/Allegro has 1462 been added, however due to licensing restrictions, it cannot 1463 be compiled into the kernel. &merged; To use this driver, add 1464 the following line to 1465 <filename>/boot/loader.conf</filename>:</para> 1466 1467 <programlisting role="historic">snd_maestro3_load="YES"</programlisting> 1468 1469 <para arch="i386">The VT8233 audio controller now has its own 1470 driver to facilitate supporting all known revisions of the 1471 hardware. It is loadable at boot time by adding 1472 <literal>device pcm</literal> to the kernel configuration or 1473 by adding <literal>snd_via8233="YES"</literal> to 1474 <filename>/boot/loader.conf</filename>. Documentation to 1475 support this work was provided by VIA. &merged;</para> 1476 1477 <para role="historic">The &man.bktr.4; driver has been updated to 2.18. This 1478 update provides a number of new features. New tuner types 1479 have been added, and improvements to the KLD module and to 1480 memory allocation have been made. Bugs in &man.devfs.5; when 1481 unloading and reloading have been fixed. Support for new 1482 Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux) 1483 has been added. &merged;</para> 1484 1485 <para arch="i386,pc98" role="historic">The ufm driver, supporting the D-Link DSB-R100 1486 USB Radio, has been added. &merged;</para> 1487 1488 <para role="historic">When sound modules are built, one can now load all the 1489 drivers and infrastructure by <command>kldload 1490 snd</command>. &merged;</para> 1491 1492 <para>A new API has been added for sound cards with hardware 1493 volume control.</para> 1494 1495 <para arch="i386" role="historic">A driver for the Intel 443MX, 810, 815, and 1496 815E integrated sound devices has been added. &merged;</para> 1497 1498 <para arch="i386" role="historic">The via82c686 sound driver now supports the VIA 1499 VT8233. &merged;</para> 1500 1501 <para arch="i386" role="historic">The ich sound driver now support the SiS 1502 7012 chipset. &merged;</para> 1503 1504 <para arch="i386">The ich sound driver now provides rudimentary 1505 support for ich4 audio support. &merged;</para> 1506 1507 <para arch="i386">Drivers have been added to support the Direct 1508 Rendering Infrastructure, which can used to provide 3D 1509 acceleration within <application>XFree86</application>. Video 1510 cards supported include the 3Dlabs Oxygen GMX 2000 (gammadrm), 1511 AGP Matrox G200/G400/G450/G550 (mgadrm), 3dfx Voodoo 1512 3/4/5/Banshee (tdfxdrm), AGI ATI Rage 128 (r128drm), and AGP 1513 ATI Radeon (radeondrm).</para> 1514 1515 </sect3> 1516 1517 <sect3> 1518 <title>Contributed Software</title> 1519 1520 <para>The Forth Inspired Command Language 1521 (<application>FICL</application>) used in the boot loader has 1522 been updated to 3.02.</para> 1523 1524 <para>Support for Advanced Configuration and Power Interface 1525 (ACPI), a multi-vendor standard for configuration and power 1526 management, has been added. This functionality has been 1527 provided by the <application>Intel ACPI Component 1528 Architecture</application> project, as of the ACPI CA 20020725 1529 snapshot. Some backward compatability for applications using 1530 the older APM standard has been provided.</para> 1531 1532 <sect4> 1533 <title>IPFilter</title> 1534 1535 <para><application>IPFilter</application> has been updated to 1536 3.4.28.</para> 1537 1538 <para role="historic"><application>IPFilter</application> now supports 1539 IPv6. &merged;</para> 1540 1541 </sect4> 1542 1543 <sect4 arch="i386"> 1544 <title>isdn4bsd</title> 1545 1546 <para><application>isdn4bsd</application> has been updated to 1547 version 1.0.2.</para> 1548 1549 <para role="historic">The &man.ifpi.4; driver for supporting the AVM 1550 Fritz!Card PCI controller has been added. &merged;</para> 1551 1552 <para role="historic">The &man.ifpi2.4; driver for supporting the AVM 1553 Fritz!Card PCI version 2 controller has been added. &merged;</para> 1554 1555 <para role="historic">The &man.ihfc.4; driver for supporting Cologne Chip 1556 Designs HFC devices under 1557 <application>isdn4bsd</application> has been 1558 added. &merged;</para> 1559 1560 <para role="historic">The &man.itjc.4; driver for supporting NETjet-S / Teles 1561 PCI-TJ devices under <application>isdn4bsd</application> has 1562 been added. &merged;</para> 1563 1564 <para role="historic">Experimental support for the Eicon.Diehl DIVA 2.0 and 1565 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; 1566 <application>isdn4bsd</application> driver. &merged;</para> 1567 1568 <para role="historic">The &man.isic.4; driver now supports the Compaq Microcom 1569 610 ISDN ISA PnP card. &merged;</para> 1570 1571 <para role="historic">Active CAPI-based ISDN cards manufactured by AVM are now 1572 supported using the &man.i4bcapi.4; and the &man.iavc.4; 1573 driver. The supported cards are the AVM B1 PCI and AVM B1 1574 ISA Basic Rate cards and the AVM T1 Primary Rate 1575 cards. &merged;</para> 1576 1577 <para role="historic">A new <literal>maxconnecttime</literal> keyword is now 1578 accepted in &man.isdnd.rc.5; files to limit the time a 1579 connection may remain open. &merged;</para> 1580 1581 <para role="historic">&man.isdnphone.8; now supports a <option>-k</option> 1582 option for sending messages via the keypad facility to a PBX 1583 or exchange office. &merged;</para> 1584 1585 <para><application>isdn4bsd</application> now supports Q.931 1586 subaddressing.</para> 1587 1588 </sect4> 1589 1590 <sect4 id="kame-kernel"> 1591 <title>KAME</title> 1592 1593 <para role="historic">The IPv6 stack is now based on a snapshot based on the 1594 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of 1595 the items listed in this section are a result of this 1596 import. <xref linkend="kame-userland"> lists userland 1597 updates to the KAME IPv6 stack. &merged;</para> 1598 1599 <para role="historic">&man.gif.4; is now based on RFC 2893, rather than RFC 1600 1933. The <literal>IFF_LINK2</literal> interface flag can 1601 be used to control ingress filtering. &merged;</para> 1602 1603 <para role="historic"><application>IPsec</application> has received some 1604 enhancements, including the ability to use the Rijndael and 1605 SHA2 algorithms. IPsec RC5 support has been removed due to 1606 patent issues. &merged;</para> 1607 1608 <para role="historic">&man.stf.4; now conforms to RFC 3056; the 1609 <literal>IFF_LINK2</literal> interface flag can be used to 1610 control ingress filtering. &merged;</para> 1611 1612 <para role="historic">IPv6 has better checking of illegal addresses (such as 1613 loopback addresses) on physical networks. &merged;</para> 1614 1615 <para role="historic">The <varname>IPV6_V6ONLY</varname> socket option is now 1616 completely supported. The kernel's default behavior with 1617 respect to this option is controlled by the 1618 <varname>net.inet6.ip6.v6only</varname> sysctl 1619 variable. &merged;</para> 1620 1621 <para role="historic">RFC 3041 (Privacy Extensions for Stateless Address 1622 Autoconfiguration) is now supported. It can be enabled via 1623 the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl 1624 variable. &merged;</para> 1625 </sect4> 1626 </sect3> 1627 </sect2> 1628 1629 <sect2 id="security"> 1630 <title>Security-Related Changes</title> 1631 1632 <para role="historic">&man.sysinstall.8; now allows the user to select one of two 1633 <quote>security profiles</quote> at install-time. These 1634 profiles enable different levels of system security by enabling 1635 or disabling various system services in &man.rc.conf.5; on new 1636 installs. &merged;</para> 1637 1638 <para>A bug in which malformed ELF executable images can hang the 1639 system has been fixed (see security advisory 1640 FreeBSD-SA-00:41). &merged;</para> 1641 1642 <para>A security hole in Linux emulation was fixed (see security 1643 advisory FreeBSD-SA-00:42). &merged;</para> 1644 1645 <para role="historic">String-handling library calls in many programs were fixed to 1646 reduce the possibility of buffer overflow-related exploits. 1647 &merged;</para> 1648 1649 <para>TCP now uses stronger randomness in choosing its initial 1650 sequence numbers (see security advisory 1651 FreeBSD-SA-00:52). &merged;</para> 1652 1653 <para>Several buffer overflows in &man.tcpdump.1; were corrected 1654 (see security advisory FreeBSD-SA-00:61). &merged;</para> 1655 1656 <para>A security hole in &man.top.1; was corrected (see security 1657 advisory FreeBSD-SA-00:62). &merged;</para> 1658 1659 <para>A potential security hole caused by an off-by-one-error in 1660 &man.gethostbyname.3; has been fixed (see security advisory 1661 FreeBSD-SA-00:63). &merged;</para> 1662 1663 <para>A potential buffer overflow in the &man.ncurses.3; library, 1664 which could cause arbitrary code to be run from within 1665 &man.systat.1;, has been corrected (see security advisory 1666 FreeBSD-SA-00:68). &merged;</para> 1667 1668 <para>A vulnerability in &man.telnetd.8; that could cause it to 1669 consume large amounts of server resources has been fixed (see 1670 security advisory FreeBSD-SA-00:69). &merged;</para> 1671 1672 <para>The <literal>nat deny_incoming</literal> command in 1673 &man.ppp.8; now works correctly (see security advisory 1674 FreeBSD-SA-00:70). &merged;</para> 1675 1676 <para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files 1677 that could allow overwriting of arbitrary user-writable files 1678 has been closed (see security advisory 1679 FreeBSD-SA-00:76). &merged;</para> 1680 1681 <para role="historic">The &man.ssh.1; binary is no longer SUID root by 1682 default. &merged;</para> 1683 1684 <para role="historic">Some fixes were applied to the Kerberos IV implementation 1685 related to environment variables, a possible buffer overrun, and 1686 overwriting ticket files. &merged;</para> 1687 1688 <para role="historic">&man.telnet.1; now does a better job of sanitizing its 1689 environment. &merged;</para> 1690 1691 <para>Several vulnerabilities in &man.procfs.5; were fixed (see 1692 security advisory FreeBSD-SA-00:77). &merged;</para> 1693 1694 <para>A bug in <application>OpenSSH</application> in which a 1695 server was unable to disable &man.ssh-agent.1; or 1696 <literal>X11Forwarding</literal> was fixed (see security 1697 advisory FreeBSD-SA-01:01). &merged;</para> 1698 1699 <para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP 1700 segments could incorrectly be treated as being part of an 1701 <literal>established</literal> connection has been fixed (see 1702 security advisory FreeBSD-SA-01:08). &merged;</para> 1703 1704 <para>A bug in &man.crontab.1; that could allow users to read any 1705 file on the system in valid &man.crontab.5; syntax has been 1706 fixed (see security advisory FreeBSD-SA-01:09). &merged;</para> 1707 1708 <para>A vulnerability in &man.inetd.8; that could allow 1709 read-access to the initial 16 bytes of 1710 <groupname>wheel</groupname>-accessible files has been fixed 1711 (see security advisory FreeBSD-SA-01:11). &merged;</para> 1712 1713 <para>A bug in &man.periodic.8; that used insecure temporary files 1714 has been corrected (see security advisory 1715 FreeBSD-SA-01:12). &merged;</para> 1716 1717 <para><application>OpenSSH</application> now has code to prevent 1718 (instead of just mitigating through connection limits) an attack 1719 that can lead to guessing the server key (not host key) by 1720 regenerating the server key when an RSA failure is detected (see 1721 security advisory FreeBSD-SA-01:24). &merged;</para> 1722 1723 <para role="historic">A number of programs have had output formatting strings 1724 corrected so as to reduce the risk of 1725 vulnerabilities. &merged;</para> 1726 1727 <para role="historic">A number of programs that use temporary files now do so more 1728 securely. &merged;</para> 1729 1730 <para role="historic">A bug in ICMP that could cause an attacker to disrupt TCP and UDP 1731 <quote>sessions</quote> has been corrected. &merged;</para> 1732 1733 <para>A bug in &man.timed.8;, which caused it to crash if send 1734 certain malformed packets, has been corrected (see security 1735 advisory FreeBSD-SA-01:28). &merged;</para> 1736 1737 <para>A bug in &man.rwhod.8;, which caused it to crash if send 1738 certain malformed packets, has been corrected (see security 1739 advisory FreeBSD-SA-01:29). &merged;</para> 1740 1741 <para>A security hole in &os;'s FFS and EXT2FS implementations, 1742 which allowed a race condition that could cause users to have 1743 unauthorized access to data, has been fixed (see security 1744 advisory FreeBSD-SA-01:30). &merged;</para> 1745 1746 <para>A remotely-exploitable vulnerability in &man.ntpd.8; has 1747 been closed (see security advisory 1748 FreeBSD-SA-01:31). &merged;</para> 1749 1750 <para>A security hole in <application>IPFilter</application>'s 1751 fragment cache has been closed (see security advisory 1752 FreeBSD-SA-01:32). &merged;</para> 1753 1754 <para>Buffer overflows in &man.glob.3;, which could cause 1755 arbitrary code to be run on an FTP server, have been closed. In 1756 addition, to prevent some forms of DOS attacks, &man.glob.3; 1757 allows specification of a limit on the number of pathname 1758 matches it will return. &man.ftpd.8; now uses this feature (see 1759 security advisory FreeBSD-SA-01:33). &merged;</para> 1760 1761 <para>Initial sequence numbers in TCP are more thoroughly 1762 randomized (see security advisory FreeBSD-SA-01:39). Due to 1763 some possible compatibility issues, the behavior of this 1764 security fix can be enabled or disabled via the 1765 <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl 1766 variable.&merged;</para> 1767 1768 <para>A vulnerability in the &man.fts.3; routines (used by 1769 applications for recursively traversing a filesystem) could 1770 allow a program to operate on files outside the intended 1771 directory hierarchy. This bug has been fixed (see security 1772 advisory FreeBSD-SA-01:40). &merged;</para> 1773 1774 <para role="historic"><application>OpenSSH</application> now switches to the 1775 user's UID before attempting to unlink the authentication 1776 forwarding file, nullifying the effects of a race.</para> 1777 1778 <para>A flaw allowed some signal handlers to remain in effect in a 1779 child process after being exec-ed from its parent. This allowed 1780 an attacker to execute arbitrary code in the context of a setuid 1781 binary. This flaw has been corrected (see security advisory 1782 FreeBSD-SA-01:42). &merged;</para> 1783 1784 <para>A remote buffer overflow in &man.tcpdump.1; has been fixed 1785 (see security advisory FreeBSD-SA-01:48). &merged;</para> 1786 1787 <para>A remote buffer overflow in &man.telnetd.8; has been fixed 1788 (see security advisory FreeBSD-SA-01:49). &merged;</para> 1789 1790 <para>The new <varname>net.inet.ip.maxfragpackets</varname> and 1791 <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables 1792 limit the amount of memory that can be consumed by IPv4 and IPv6 1793 packet fragments, which defends against some denial of service 1794 attacks (see security advisory 1795 FreeBSD-SA-01:52). &merged;</para> 1796 1797 <para role="historic">All services in <filename>inetd.conf</filename> are now 1798 disabled by default for new installations. &man.sysinstall.8; 1799 gives the option of enabling or disabling &man.inetd.8; on new 1800 installations, as well as editing 1801 <filename>inetd.conf</filename>. &merged;</para> 1802 1803 <para>A flaw in the implementation of the &man.ipfw.8; 1804 <literal>me</literal> rules on point-to-point links has been 1805 corrected. Formerly, <literal>me</literal> filter rules would 1806 match the remote IP address of a point-to-point interface in 1807 addition to the intended local IP address (see security advisory 1808 FreeBSD-SA-01:53). &merged;</para> 1809 1810 <para>A vulnerability in &man.procfs.5;, which could allow a 1811 process to read sensitive information from another process's 1812 memory space, has been closed (see security advisory 1813 FreeBSD-SA-01:55). &merged;</para> 1814 1815 <para>The <literal>PARANOID</literal> hostname checking in 1816 <application>tcp_wrappers</application> now works as advertised 1817 (see security advisory FreeBSD-SA-01:56). &merged;</para> 1818 1819 <para>A local root exploit in &man.sendmail.8; has been closed 1820 (see security advisory FreeBSD-SA-01:57). &merged;</para> 1821 1822 <para>A remote root vulnerability in &man.lpd.8; has been closed 1823 (see security advisory FreeBSD-SA-01:58). &merged;</para> 1824 1825 <para>A race condition in &man.rmuser.8; that briefly exposed a 1826 world-readable <filename>/etc/master.passwd</filename> has been 1827 fixed (see security advisory FreeBSD-SA-01:59). &merged;</para> 1828 1829 <para>A vulnerability in <application>UUCP</application> has been 1830 closed (see security advisory FreeBSD-SA-01:62). All 1831 non-<username>root</username>-owned binaries in standard system 1832 paths now have the <literal>schg</literal> flag set to prevent 1833 exploit vectors when run by &man.cron.8;, by 1834 <username>root</username>, or by a user other then the one owning 1835 the binary. In addition, &man.uustat.1; is now run via 1836 <filename>/etc/periodic/daily/410.status-uucp</filename> as 1837 <username>uucp</username>, not <username>root</username>. In 1838 &os; -CURRENT, <application>UUCP</application> has since been 1839 moved to the Ports Collection and no longer a part of the base 1840 system. &merged;</para> 1841 1842 <para role="historic">A security hole in the form of a buffer overflow in the 1843 &man.semop.2; system call has been closed. &merged;</para> 1844 1845 <para>A security hole in <application>OpenSSH</application>, which 1846 could allow users to execute code with arbitrary privileges if 1847 <literal>UseLogin yes</literal> was set, has been closed. Note 1848 that the default value of this setting is 1849 <literal>UseLogin no</literal>. (See security advisory 1850 FreeBSD-SA-01:63.) &merged;</para> 1851 1852 <para>The use of an insecure temporary directory by 1853 &man.pkg.add.1; could permit a local attacker to modify the 1854 contents of binary packages while they were being installed. 1855 This hole has been closed. (See security advisory 1856 FreeBSD-SA-02:01.) &merged;</para> 1857 1858 <para>A race condition in &man.pw.8;, which could expose the 1859 contents of <filename>/etc/master.passwd</filename>, has been 1860 eliminated. (See security advisory FreeBSD-SA-02:02.) 1861 &merged;</para> 1862 1863 <para>A bug in &man.k5su.8; could have allowed a process that had 1864 given up superuser privileges to regain them. This bug has been 1865 fixed. (See security advisory FreeBSD-SA-02:07.) 1866 &merged;</para> 1867 1868 <para>An <quote>off-by-one</quote> bug has been fixed in 1869 <application>OpenSSH</application>'s multiplexing code. This bug 1870 could have allowed an authenticated remote user to cause 1871 &man.sshd.8; to execute arbitrary code with superuser 1872 privileges, or allowed a malicious SSH server to execute arbitrary 1873 code on the client system with the privileges of the client user. (See security 1874 advisory <ulink 1875 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.) 1876 &merged;</para> 1877 1878 <para>A programming error in <application>zlib</application> could 1879 result in attempts to free memory multiple times. The 1880 &man.malloc.3;/&man.free.3; routines used in &os; are not 1881 vulnerable to this error, but applications receiving 1882 specially-crafted blocks of invalid compressed data could 1883 be made to function incorrectly or abort. This 1884 <application>zlib</application> bug has been fixed. For a 1885 workaround and solutions, see security advisory <ulink 1886 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.v1.2.asc">FreeBSD-SA-02:18</ulink>. 1887 &merged;</para> 1888 1889 <para>Bugs in the TCP SYN cache (<quote>syncache</quote>) and SYN 1890 cookie (<quote>syncookie</quote>) implementations, which could 1891 cause legitimate TCP/IP traffic to crash a machine, have been 1892 fixed. For a workaround and patches, see security advisory 1893 <ulink 1894 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc">FreeBSD-SA-02:20</ulink>. 1895 &merged;</para> 1896 1897 <para>A routing table memory leak, which could allow a remote 1898 attacker to exhaust the memory of a target machine, has been 1899 fixed. A workaround and patches can be found in security 1900 advisory <ulink 1901 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc">FreeBSD-SA-02:21</ulink>. 1902 &merged;</para> 1903 1904 <para>A bug with memory-mapped I/O, which could cause a system 1905 crash, has been fixed. For more information about a solution, 1906 see security advisory <ulink 1907 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc">FreeBSD-SA-02:22</ulink>. 1908 &merged;</para> 1909 1910 <para>A security hole, in which SUID programs could be made to 1911 read from or write to inappropriate files through manipulation 1912 of their standard I/O file descriptors, has been fixed. 1913 Information regarding a solution can be found in security 1914 advisory <ulink 1915 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc">FreeBSD-SA-02:23</ulink>. 1916 &merged;</para> 1917 1918 <para>Some unexpected behavior could be allowed with &man.k5su.8; 1919 because it does not require that an invoking user be a member of 1920 the <groupname>wheel</groupname> group when attempting to become 1921 the superuser (this is the case with &man.su.1;). To avoid this 1922 situation, &man.k5su.8; is now installed non-SUID by default 1923 (effectively disabling it). More information can be found in 1924 security advisory <ulink 1925 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc">FreeBSD-SA-02:24</ulink>. 1926 &merged;</para> 1927 1928 <para>Multiple vulnerabilities were found in the &man.bzip2.1; 1929 utility, which could allow files to be overwritten without 1930 warning or allow local users unintended access to files. These 1931 problems have been corrected with a new import of 1932 <application>bzip2</application>. For more information, see 1933 security advisory <ulink 1934 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc">FreeBSD-SA-02:25</ulink>. 1935 &merged;</para> 1936 1937 <para>A bug has been fixed in the implementation of the TCP SYN 1938 cache (<quote>syncache</quote>), which could allow a remote 1939 attacker to deny access to a service when accept filters 1940 (see &man.accept.filter.9;) were in use. This bug has been 1941 fixed; for more information, see security advisory <ulink 1942 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:26.accept.asc">FreeBSD-SA-02:26</ulink>. 1943 &merged;</para> 1944 1945 <para>Due to a bug in &man.rc.8;'s use of shell globbing, users 1946 may be able to remove the contents of arbitrary files if 1947 <filename>/tmp/.X11-unix</filename> does not exist and the 1948 system can be made to reboot. This bug has been corrected (see 1949 security advisory <ulink 1950 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc">FreeBSD-SA-02:27</ulink>). 1951 &merged;</para> 1952 1953 <para>A buffer overflow in the resolver, which could be exploited 1954 by a malicious domain name server or an attacker forging DNS 1955 messages, has been fixed. See security advisory <ulink 1956 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:28.resolv.asc">FreeBSD-SA-02:28</ulink> 1957 for more details. &merged;</para> 1958 1959 <para>A buffer overflow in &man.tcpdump.1;, which could be triggered by 1960 badly-formed NFS packets, has been fixed. See security advisory 1961 <ulink 1962 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:29.tcpdump.asc">FreeBSD-SA-02:29</ulink> 1963 for more details. &merged;</para> 1964 1965 <para>&man.ktrace.1; can no longer trace the operation of formerly 1966 privileged processes; this prevents the leakage of sensitive 1967 information that the process could have obtained before 1968 abandoning its privileges. For a discussion of this issue, see 1969 security advisory 1970 <ulink 1971 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:30.ktrace.asc">FreeBSD-SA-02:30</ulink> 1972 for more details. &merged;</para> 1973 1974 <para>A race condition in &man.pppd.8;, which could be used to 1975 change the permissions of an arbitrary file, has been corrected. 1976 For more information, see security advisory <ulink 1977 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:32.pppd.asc">FreeBSD-SA-02:32</ulink>. 1978 &merged;</para> 1979 1980 <para>Multiple buffer overflows in 1981 <application>OpenSSL</application> have been corrected, by way 1982 of an upgrade to the base system version of 1983 <application>OpenSSL</application>. More details can be found 1984 in security advisory <ulink 1985 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc">FreeBSD-SA-02:33</ulink>. 1986 &merged;</para> 1987 1988 <para>A heap buffer overflow in the XDR decoder has been fixed. 1989 For more details, see security advisory <ulink 1990 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:34.rpc.asc">FreeBSD-SA-02:34</ulink>. 1991 &merged;</para> 1992 1993 <para>A bug that could allow local users to read and write 1994 arbitrary blocks on an FFS filesystem has been corrected. More 1995 details can be found in security advisory <ulink 1996 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:35.ffs.asc">FreeBSD-SA-02:35</ulink>. 1997 &merged;</para> 1998 1999 <para>A bug in the NFS server code, which could allow a remote 2000 denial of service attack, has been fixed. Security advisory <ulink 2001 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:36.nfs.asc">FreeBSD-SA-02:36</ulink> 2002 has more details. &merged;</para> 2003 2004 <para>A bug that could allow local users to panic a system using 2005 the &man.kqueue.2; mechanism has been fixed. More information 2006 is contained in security advisory <ulink 2007 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:37.kqueue.asc">FreeBSD-SA-02:37</ulink>. 2008 &merged;</para> 2009 2010 <para>Several bounds-checking bugs in system calls, which could 2011 result in some system calls returning a large portion of kernel 2012 memory, have been fixed. More information can be found in 2013 security advisory <ulink 2014 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:38.signed-error.asc">FreeBSD-SA-02:38</ulink>. 2015 &merged;</para> 2016 2017 </sect2> 2018 2019 <sect2 id="userland"> 2020 <title>Userland Changes</title> 2021 2022 <para role="historic">If the first argument to &man.ancontrol.8; or 2023 &man.wicontrol.8; doesn't start with a <literal>-</literal>, it 2024 is assumed to be an interface. &merged;</para> 2025 2026 <para role="historic">&man.apmd.8; now has the ability to monitor battery levels 2027 and execute commands based on percentage or minutes of battery 2028 life remaining via the <literal>apm_battery</literal> 2029 configuration directive. See the commented-out examples in 2030 <filename>/etc/apmd.conf</filename> for the 2031 syntax. &merged;</para> 2032 2033 <para role="historic">&man.arp.8; now prints the applicable interface name for 2034 each ARP entry. &merged;</para> 2035 2036 <para>&man.arp.8; now prints <literal>[fddi]</literal> or 2037 <literal>[atm]</literal> tags for addresses on interfaces of 2038 those types.</para> 2039 2040 <para>The &man.asa.1; utility, to interpret FORTRAN 2041 carriage-control characters, has been added.</para> 2042 2043 <para>&man.at.1; now supports the <option>-r</option> command-line 2044 option to remove jobs and the <option>-t</option> option to 2045 specify times in POSIX time format.</para> 2046 2047 <para role="historic">&man.atacontrol.8; has been added to control various aspects 2048 of the &man.ata.4; driver. &merged;</para> 2049 2050 <para>The system &man.awk.1; now refers to 2051 <application>BWK awk</application>.</para> 2052 2053 <para>&man.basename.1; now accept <option>-a</option> and 2054 <option>-s</option> flags, which allow it to perform the 2055 &man.basename.3; function on multiple files.</para> 2056 2057 <para>&man.biff.1; now accepts a <option>b</option> argument to 2058 enable <quote>bell notification</quote> of new mail (which does 2059 not disturb the terminal contents as <command>biff y</command> 2060 would). &merged;</para> 2061 2062 <para>&man.biff.1; now uses the first terminal associated with the 2063 standard input, standard output or standard error file 2064 descriptor, in that order. Thus, it is possible to use the 2065 redirection facilities of a shell (<command>biff n < 2066 /dev/ttyp1</command>) to toggle the notification for other 2067 terminals.</para> 2068 2069 <para arch="pc98" role="historic">&man.boot98cfg.8;, a PC-98 boot manager 2070 installation and configuration utility, has been 2071 added. &merged;</para> 2072 2073 <para role="historic">&man.burncd.8; now supports a <option>-m</option> option for 2074 multisession mode (the default behavior now is to close disks as 2075 single-session). A <option>-l</option> option to take a list of 2076 image files from a filename was also added; 2077 <filename>-</filename> can be used as a filename for 2078 <literal>stdin</literal>. &merged;</para> 2079 2080 <para>&man.burncd.8; now supports Disk At Once (DAO) mode, 2081 selectable via the <option>-d</option> flag.</para> 2082 2083 <para>&man.burncd.8; now has the ability to write VCDs/SVCDs.</para> 2084 2085 <para role="historic">&man.c89.1; has been converted from a shell script to a 2086 binary executable, fixing some minor bugs. &merged;</para> 2087 2088 <para>&man.calendar.1; now takes a <option>-W</option> option, 2089 which operates similar to <option>-A</option> but without 2090 special treatment at weekends, and a <option>-F</option>option 2091 to change the notion of <quote>Friday</quote>.</para> 2092 2093 <para arch="i386,pc98" role="historic">A minimalized version of &man.camcontrol.8; is 2094 now available on the installation floppy. This allows it to 2095 rescan for devices that have been connected after booting, or to 2096 show the devices attached to SCSI busses (e. g. from within the 2097 <quote>emergency holographic shell</quote>). &merged;</para> 2098 2099 <para role="historic">&man.cat.1; now has the ability to read from UNIX-domain 2100 sockets. &merged;</para> 2101 2102 <para>&man.catman.1; is now a C program, instead of a 2103 Perl script.</para> 2104 2105 <para role="historic">&man.cdcontrol.1; now supports a <literal>cdid</literal> 2106 command, which calculates and displays the CD serial number, 2107 using the same algorithm used by the CDDB 2108 database. &merged;</para> 2109 2110 <para role="historic">&man.cdcontrol.1; now uses the <envar>CDROM</envar> 2111 environment variable to pick a default device. &merged;</para> 2112 2113 <para role="historic">&man.cdcontrol.1; now supports <literal>next</literal> and 2114 <literal>prev</literal> commands to skip forwards or backwards a 2115 specified number of tracks while playing an audio 2116 CD. &merged;</para> 2117 2118 <para>On ATAPI CDROM drives, &man.cdcontrol.1; now supports a 2119 <literal>speed</literal> command to set the maximum speed to be 2120 used by the drive. &merged;</para> 2121 2122 <para>&man.chflags.1; has moved from <filename>/usr/bin</filename> 2123 to <filename>/bin</filename>.</para> 2124 2125 <para role="historic">&man.chio.1; now has the ability to specify elements by 2126 volume tag instead of by their physical location as well as the 2127 ability to return an element to its previous 2128 location. &merged;</para> 2129 2130 <para>&man.chmod.1; now supports a <option>-h</option> for 2131 changing the mode of a symbolic link.</para> 2132 2133 <para>&man.chmod.1; now also, when the mode is modified, prints 2134 the old and new modes if the <option>-v</option> option is 2135 specified more than once.</para> 2136 2137 <para role="historic">&man.chown.8; now correctly follows symbolic links named as 2138 command line arguments if run without 2139 <option>-R</option>. &merged;</para> 2140 2141 <para>&man.chown.8; no longer takes <literal>.</literal> as a 2142 user/group delimeter. This change was made to support usernames 2143 containing a <literal>.</literal>.</para> 2144 2145 <para>Use of the <literal>CSMG_*</literal> macros no longer 2146 require inclusion of 2147 <filename><sys/param.h></filename></para> 2148 2149 <para role="historic">&man.col.1; now takes a <option>-p</option> flag to force 2150 unknown control sequences to be passed through 2151 unchanged. &merged;</para> 2152 2153 <para role="historic">The <filename>compat3x</filename> distribution has been 2154 updated to include libraries present in &os; 2155 3.5.1-RELEASE. &merged;</para> 2156 2157 <para>A <filename>compat4x</filename> distribution has been added 2158 for compatibility with &os; 4-STABLE.</para> 2159 2160 <para role="historic">&man.config.8; is now better about converting various 2161 warnings that should have been errors into actual fatal errors 2162 with an exit code. This ensures that <literal>make 2163 buildkernel</literal> doesn't quietly ignore them and build a 2164 bogus kernel without a human to read the errors. &merged;</para> 2165 2166 <para role="historic">A number of buffer overflows in &man.config.8; have been 2167 fixed. &merged;</para> 2168 2169 <para>&man.cp.1; now takes a (nonstandard) <option>-n</option> 2170 option to automatically answer <quote>no</quote> when it would 2171 ask to overwrite a file. &merged;</para> 2172 2173 <para>A new &man.csplit.1; utility, which splits files based on 2174 context, has been added.</para> 2175 2176 <para role="historic">&man.ctags.1; no longer creates a corrupt tags file if the 2177 source file used <literal>//</literal> (C++-style) 2178 comments. &merged;</para> 2179 2180 <para>&man.ctags.1; now creates tags for typedefs, structs, 2181 unions, and enums by default (implying the <option>-t</option> 2182 option). The new <option>-T</option> reverts to the old 2183 behavior.</para> 2184 2185 <para>The &man.daemon.8; program, a command-line interface to 2186 &man.daemon.3;, has been added. It detaches itself from its 2187 controlling terminal and executes a program specified on the 2188 command line. This allows the user to run an arbitrary program 2189 as if it were written to be a daemon.</para> 2190 2191 <para>&man.devinfo.8;, a simple tool to print the device tree and resource 2192 usage by devices, has been added.</para> 2193 2194 <para role="historic">&man.df.1; now takes a <option>-l</option> option to only 2195 display information about locally-mounted 2196 filesystems. &merged;</para> 2197 2198 <para role="historic">&man.disklabel.8; now supports partition sizes expressed in 2199 kilobytes, megabytes, or gigabytes, in addition to 2200 sectors. &merged;</para> 2201 2202 <para>diskpart(8) has been declared obsolete, and has been 2203 removed.</para> 2204 2205 <para role="historic">&man.dmesg.8; now has a <option>-a</option> option to show 2206 the entire message buffer, including &man.syslogd.8; records and 2207 <filename>/dev/console</filename> output. &merged;</para> 2208 2209 <para role="historic">&man.du.1; now takes a <option>-I</option> command-line flag 2210 to ignore/skip files and subdirectories matching a specified 2211 shell-glob mask. &merged;</para> 2212 2213 <para role="historic">&man.dump.8; now supports inheritance of the 2214 <literal>nodump</literal> flag down a hierarchy. &merged;</para> 2215 2216 <para role="historic">The <option>-T</option> option to &man.dump.8; no longer 2217 swallows an extra argument. &merged;</para> 2218 2219 <para role="historic">&man.dump.8; has a new <option>-D</option> option, allowing 2220 the path to the <filename>/etc/dumpdates</filename> file to be 2221 changed. &merged;</para> 2222 2223 <para role="historic">&man.dump.8; now supplies progress information in its 2224 process title, useful for monitoring automated 2225 backups. &merged;</para> 2226 2227 <para>&man.dump.8; now supports a new <option>-S</option> flag to allow 2228 it to just print out the dump size estimates and exit. &merged;</para> 2229 2230 <para role="historic">&man.edquota.8; now takes a <option>-f</option> option to 2231 allow limiting the prototype quota distribution (specified with 2232 <option>-p</option>) to a single filesystem. &merged;</para> 2233 2234 <para role="historic"><filename>/etc/rc.firewall</filename> and 2235 <filename>/etc/rc.firewall6</filename> will no longer add their own 2236 hardcoded rules in the cases of a rules file in the 2237 <varname>firewall_type</varname> variable or a non-existent 2238 firewall type. (The motivation for this change is to avoid 2239 acting on assumptions about a site's firewall policies.) In 2240 addition, the <literal>closed</literal> firewall type now works 2241 as documented in the &man.rc.firewall.8; manual page. &merged;</para> 2242 2243 <para role="historic">The functionality of <filename>/etc/security</filename> has 2244 been been moved into a set of scripts under the &man.periodic.8; 2245 framework, to make local customization easier and more 2246 maintainable. These scripts now reside in 2247 <filename>/etc/periodic/security/</filename>. &merged;</para> 2248 2249 <para>&man.expr.1; is now compliant with the POSIX Utility Syntax 2250 Guidelines. Some programs depend on the old, historic behavior 2251 (the <filename role="package">devel/libtool</filename> 2252 port/package was/is a notable example). In these situations, 2253 the <envar>EXPR_COMPAT</envar> environment variable can be 2254 defined, which causes &man.expr.1; to behave more like previous 2255 versions.</para> 2256 2257 <para>&man.fbtab.5; now accepts glob matching patterns for target 2258 devices, not just individual devices and directories.</para> 2259 2260 <para arch="i386">&man.fdisk.8; no longer attempts to search for a 2261 device if none has been specified on the command line, but 2262 instead tries to figure out the default device name from the 2263 root device.</para> 2264 2265 <para>&man.fdread.1;, a program to read data from floppy disks, 2266 has been added. It is a counterpart to &man.fdwrite.1; and is 2267 designed to provide a means of recovering at least some data 2268 from bad media, and to obviate for a complex invocation of 2269 &man.dd.1;.</para> 2270 2271 <para role="historic">&man.find.1; now takes the <option>-empty</option> flag, 2272 which returns true if a file or directory is 2273 empty. &merged;</para> 2274 2275 <para role="historic">&man.find.1; now takes the <option>-iname</option> and 2276 <option>-ipath</option> primaries for case-insensitive matches, 2277 and the <option>-regexp</option> and <option>-iregexp</option> 2278 primaries for regular-expression matches. The 2279 <option>-E</option> flag now enables extended regular 2280 expressions. &merged;</para> 2281 2282 <para role="historic">&man.find.1; now has the <option>-anewer</option>, 2283 <option>-cnewer</option>, <option>-mnewer</option>, 2284 <option>-okdir</option>, and <option>-newer[acm][acmt]</option> 2285 primaries for comparisons of file timestamps. The latter 2286 primaries can be specified with various units of 2287 time. &merged;</para> 2288 2289 <para role="historic">&man.finger.1; now has the ability to support fingering 2290 aliases, via the &man.finger.conf.5; file. &merged;</para> 2291 2292 <para>&man.finger.1; now has support for a 2293 <filename>.pubkey</filename> file. &merged;</para> 2294 2295 <para>&man.finger.1; now supports a <option>-g</option> flag to 2296 restrict the printing of GECOS information to the user's full 2297 name only. &merged;</para> 2298 2299 <para>&man.finger.1; now supports the <option>-4</option> and 2300 <option>-6</option> flags to specify an address family for 2301 remote queries. &merged;</para> 2302 2303 <para role="historic">&man.fmt.1; has been rewritten; the rewrite fixes a number 2304 of bugs compared to its prior behavior. &merged;</para> 2305 2306 <para role="historic">&man.fmtcheck.3;, a function for checking consistency of 2307 format string arguments, has been added. &merged;</para> 2308 2309 <para>&man.fold.1; now supports a <option>-b</option> flag to 2310 break at byte positions and a <option>-s</option> flag to break at 2311 word boundaries. &merged;</para> 2312 2313 <para role="historic">&man.fsdb.8; now supports a <literal>blocks</literal> 2314 command to list the blocks allocated by a particular 2315 inode. &merged;</para> 2316 2317 <para>&man.fsck.8; wrappers have been imported; this feature 2318 provides infrastructure for &man.fsck.8; to work on different 2319 types of filesystems (analogous to &man.mount.8;).</para> 2320 2321 <para>The behavior of &man.fsck.8; when dealing with various 2322 passes (a la <filename>/etc/fstab</filename>) has been modified 2323 to accommodate multiple-disk filesystems.</para> 2324 2325 <para>&man.fsck.8; now has support for foreground 2326 (<option>-F</option>) and background (<option>-B</option>) 2327 checks. Traditionally, &man.fsck.8; is invoked before the 2328 filesystems are mounted and all checks are done to completion at 2329 that time. If background checking is available, &man.fsck.8; is 2330 invoked twice. It is first invoked at the traditional time, 2331 before the filesystems are mounted, with the <option>-F</option> 2332 flag to do checking on all the filesystems that cannot do 2333 background checking. It is then invoked a second time, after 2334 the system has completed going multiuser, with the 2335 <option>-B</option> flag to do checking on all the filesystems 2336 that can do background checking. Unlike the foreground 2337 checking, the background checking is started asynchronously so 2338 that other system activity can proceed even on the filesystems 2339 that are being checked. Boot-time enabling of this feature is 2340 controlled by the 2341 <varname>background_fsck</varname> option in &man.rc.conf.5;.</para> 2342 2343 <para role="historic">Shortly after the receipt of a <literal>SIGINFO</literal> 2344 signal (normally control-T from the controlling tty), 2345 &man.fsck.ffs.8; will now output a line indicating the current 2346 phase number and progress information relevant to the current 2347 phase. &merged;</para> 2348 2349 <para>&man.fsck.ffs.8; now supports background filesystem checks 2350 to mounted FFS filesystems with the <option>-B</option> option 2351 (softupdates must be enabled on these filesystems). The 2352 <option>-F</option> flag now determines whether a specified 2353 filesystem needs foreground checking.</para> 2354 2355 <para role="historic">A new &man.fsck.msdosfs.8; utility has been added to check 2356 the consistency of MS-DOS filesystems. &merged;</para> 2357 2358 <para role="historic">&man.ftpd.8; now supports a <option>-r</option> flag for 2359 read-only mode and a <option>-E</option> flag to disable 2360 <literal>EPSV</literal>. It also has some fixes to reduce 2361 information leakage and the ability to specify compile-time port 2362 ranges. &merged;</para> 2363 2364 <para>&man.ftpd.8; now supports <option>-o</option> and 2365 <option>-O</option> options to disable the 2366 <literal>RETR</literal> command; the former for everybody, and 2367 the latter only for guest users. Coupled with 2368 <option>-A</option> and appropriate file permissions, these can 2369 be used to create a relatively safe anonymous FTP drop box for 2370 others to upload to.</para> 2371 2372 <para arch="i386,pc98" role="historic">&man.gdb.1; now supports hardware 2373 watchpoints (using the kernel's debug register + support that 2374 has been introduced in &os; 4.0). &merged;</para> 2375 2376 <para role="historic">The &man.getprogname.3; and &man.setprogname.3; library 2377 functions have been added to manipulate the name of the current 2378 program. They are used by error-reporting routines to produce 2379 consistent output. &merged;</para> 2380 2381 <para>gifconfig(8) is obsolete and has been removed. Its 2382 functionality is now handled by the <option>tunnel</option> and 2383 <option>deletetunnel</option> commands of 2384 &man.ifconfig.8;.</para> 2385 2386 <para>&man.gprof.1; now has a <option>-K</option> option to enable 2387 dynamic symbol resolution from the currently-running kernel. 2388 With this change, properly-compiled KLD modules are now able to 2389 be profiled.</para> 2390 2391 <para arch="ia64">The gpt tool for manipulating EFI GPT 2392 partitions has been added.</para> 2393 2394 <para role="historic">&man.growfs.8;, a utility for growing FFS filesystems, has 2395 been added. &man.ffsinfo.8;, a utility for dump all the 2396 meta-information of an existing filesystem, has also been 2397 added. &merged;</para> 2398 2399 <para role="historic">The &man.groups.1; and &man.whoami.1; shell scripts are now 2400 unnecessary; their functionality has been completely folded into 2401 &man.id.1;. &merged;</para> 2402 2403 <para>The ibcs(8), linux(8), osf1(8), and 2404 svr4(8) scripts, whose sole purpose was to load emulation 2405 kernel modules, have been removed. The kernel module system 2406 will automatically load them as needed to fulfill 2407 dependencies.</para> 2408 2409 <para role="historic">&man.indent.1; has gained some new formatting 2410 options. &merged;</para> 2411 2412 <para role="historic">&man.ifconfig.8; can set the link-layer address of 2413 an interface using the <option>link</option> parameter. 2414 &merged;</para> 2415 2416 <para role="historic">&man.ifconfig.8; can now accept addresses in slash/CIDR 2417 notation. &merged;</para> 2418 2419 <para role="historic">&man.ifconfig.8; now has support for setting parameters for 2420 IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4; 2421 devices are supported, and partial support is provided for 2422 &man.awi.4; devices. &merged;</para> 2423 2424 <para role="historic">&man.ifconfig.8; no longer displays the list of supported 2425 media by default. Instead it displays it when the 2426 <option>-m</option> flag is given. &merged;</para> 2427 2428 <para role="historic">The syntax of &man.inetd.8;'s support for &man.faithd.8; is 2429 now compatible with that of other BSDs. &merged;</para> 2430 2431 <para role="historic">The <literal>ident</literal> protocol support in 2432 &man.inetd.8; has been cleaned up and updated. &merged;</para> 2433 2434 <para role="historic">&man.inetd.8; now has the ability to manage UNIX-domain 2435 sockets. &merged;</para> 2436 2437 <para>By default, &man.inetd.8; is no longer run by &man.rc.8; at 2438 boot-time, although &man.sysinstall.8; gives the option of 2439 enabling it during binary installations. &man.inetd.8; can also 2440 be enabled by adding the following line to 2441 <filename>/etc/rc.conf</filename>:</para> 2442 2443 <programlisting>inetd_enable="YES"</programlisting> 2444 2445 <para role="historic">&man.install.1; has a number of new features, including the 2446 <option>-b</option> and <option>-B</option> options for backing up 2447 existing target files and the <option>-S</option> option for 2448 <quote>safe</quote> (atomic copy) operation. The 2449 <option>-c</option> (copy) flag is now the default, and the 2450 <option>-D</option> (debugging) flag has been withdrawn. 2451 &man.install.1; now issues a warning if <option>-d</option> 2452 (create directories) and <option>-C</option> (copy changed files 2453 only) are used together. &merged;</para> 2454 2455 <para role="historic">IP Filter is now supported by the &man.rc.conf.5; boot-time 2456 configuration and initialization. &merged;</para> 2457 2458 <para role="historic">&man.ipfstat.8; now supports the <option>-t</option> option 2459 to turn on a &man.top.1;-like display. &merged;</para> 2460 2461 <para role="historic">&man.ipfw.8; will now avoid the display of dynamic firewall 2462 rules unless the <option>-d</option> flag is passed to it. The 2463 <option>-e</option> option lists expired dynamic 2464 rules. &merged;</para> 2465 2466 <para role="historic">&man.ipfw.8; has a new feature (<literal>me</literal>) that 2467 allows for packet matching on interfaces with 2468 dynamically-changing IP addresses. &merged;</para> 2469 2470 <para role="historic">&man.ipfw.8; has a new <literal>limit</literal> type of 2471 firewall rule, which limits the number of sessions between 2472 address pairs. &merged;</para> 2473 2474 <para>&man.ipfw.8; filter rules can now match on the value of the 2475 IPv4 precedence field.</para> 2476 2477 <para role="historic">&man.ip6fw.8; now has the ability to use a preprocessor and 2478 use the <option>-q</option> (quiet) flag when reading from a 2479 file. &merged;</para> 2480 2481 <para role="historic">&man.ispppcontrol.8; has been deleted, and its functionality 2482 has been folded into &man.spppcontrol.8;. &merged;</para> 2483 2484 <para role="historic">&man.k5su.8; is no longer installed SUID 2485 <username>root</username> by default. Users requiring this 2486 feature can either manually change the permissions on the 2487 &man.k5su.8; executable or add 2488 <literal>ENABLE_SUID_K5SU=yes</literal> to 2489 <filename>/etc/make.conf</filename> before a source 2490 upgrade. &merged;</para> 2491 2492 <para>&man.kbdmap.1; and &man.vidfont.1; have been converted from 2493 Perl to C.</para> 2494 2495 <para role="historic">&man.kenv.1;, a command to dump the kernel environment, has 2496 been added. &merged;</para> 2497 2498 <para>&man.kenv.1; now has the ability to set or delete kernel 2499 environment variables.</para> 2500 2501 <para role="historic">&man.keyinfo.1; is now a C program, rather than a Perl 2502 script. &merged;</para> 2503 2504 <para>The kget(8) utility has been removed (it was only 2505 useful for UserConfig, which is not present in &os; 2506 &release.current;).</para> 2507 2508 <para role="historic">&man.killall.1; is now a C program, rather than a Perl 2509 script. As a result, its <option>-m</option> option now uses 2510 the regular expression syntax of &man.regex.3;, rather than that 2511 of Perl. &merged;</para> 2512 2513 <para>&man.killall.1; no longer tries to kill zombie processes 2514 unless the <option>-z</option> flag is specified.</para> 2515 2516 <para role="historic">The &man.kldconfig.8; utility has been added to make it 2517 easier to manipulate the kernel module search 2518 path. &merged;</para> 2519 2520 <para>ktrdump, a utility to dump the ktr trace buffer from 2521 userland, has been added.</para> 2522 2523 <para role="historic">&man.last.1; now implements a <option>-d</option> that 2524 provides a <quote>snapshot</quote> of who was logged in at a 2525 particular date and time. &merged;</para> 2526 2527 <para role="historic">&man.last.1; now supports a <option>-y</option> flag, which 2528 causes the year to be included in the session start time. &merged;</para> 2529 2530 <para role="historic">The &man.lastlogin.8; utility, which prints the last login 2531 time of each user, has been imported from 2532 NetBSD. &merged;</para> 2533 2534 <para role="historic">&man.ldconfig.8; now checks directory ownerships and 2535 permissions for greater security; these checks can be disabled 2536 with the <option>-i</option> flag. &merged;</para> 2537 2538 <para role="historic">&man.ldd.1; can now be used on shared libraries, in addition 2539 to executables. &merged;</para> 2540 2541 <para>&man.ldd.1; now supports a <option>-a</option> flag to list 2542 all the objects that are needed by each loaded object.</para> 2543 2544 <para><filename>libc</filename> is now thread-safe by default; 2545 <filename>libc_r</filename> contains only thread 2546 functions.</para> 2547 2548 <para role="historic"><filename>libcrypt</filename> and 2549 <filename>libdescrypt</filename> have been unified to provide a 2550 configurable password authentication hash library. Both the md5 2551 and des hash methods are provided unless the des hash is 2552 specifically compiled out. &merged;</para> 2553 2554 <para role="historic"><filename>libcrypt</filename> now has support for Blowfish 2555 password hashing. &merged;</para> 2556 2557 <para arch="i386" role="historic"><filename>libdisk</filename> can now do 2558 install-time configuration of the <filename>boot0</filename> 2559 boot loader. &merged;</para> 2560 2561 <para role="historic"><filename>libstand</filename> now has support for 2562 filesystems containing 2563 <application>bzip2</application>-compressed 2564 files. &merged;</para> 2565 2566 <para><filename>libstand</filename> now has support for 2567 overwriting the contents of a file on a UFS filesystem (it 2568 cannot expand or truncate files because the filesystem may be 2569 dirty or inconsistent).</para> 2570 2571 <para role="historic"><filename>libstand</filename> now has support for loading 2572 large kernels and modules split across several physical 2573 media. &merged;</para> 2574 2575 <para role="historic">The default TCP port range used by 2576 <filename>libfetch</filename> for passive FTP retrievals has 2577 changed; this affects the behavior of &man.fetch.1;, which has 2578 gained the <option>-U</option> option to restore the old 2579 behavior. &merged;</para> 2580 2581 <para role="historic"><filename>libfetch</filename> now has support for an 2582 authentication callback. &merged;</para> 2583 2584 <para role="historic"><filename>libfetch</filename> now has support for a 2585 <envar>HTTP_USER_AGENT</envar> environment 2586 variable. &merged;</para> 2587 2588 <para><filename>libgmp</filename> has been superceded by 2589 <filename>libmp</filename>. 2590 2591 <para>The functions from <filename>libposix1e</filename> have been 2592 integrated into <filename>libc</filename>.</para> 2593 2594 <para role="historic"><filename>libusb</filename> has been renamed as 2595 <filename>libusbhid</filename>, following NetBSD's naming 2596 conventions. &merged;</para> 2597 2598 <para role="historic">&man.ln.1; now takes an <option>-i</option> option to 2599 request user confirmation before overwriting an existing 2600 file. &merged;</para> 2601 2602 <para role="historic">&man.ln.1; now takes a <option>-h</option> flag to avoid 2603 following a target that is a link, with a <option>-n</option> 2604 flag for compatibility with other 2605 implementations. &merged;</para> 2606 2607 <para>&man.lock.1; now accepts a <option>-v</option> to disable 2608 switching VTYs while the current terminal is locked. This permits 2609 locking the entire console from a single terminal.</para> 2610 2611 <para role="historic">&man.logger.1; can now send messages directly to a remote 2612 syslog. &merged;</para> 2613 2614 <para role="historic">&man.login.1; now exports environment variables set by 2615 <application>PAM</application> modules. &merged;</para> 2616 2617 <para role="historic">&man.lpc.8; has been improved; <command>lpc clean</command> 2618 is now somewhat safer, and a new <command>lpc tclean</command> 2619 command has been added to check to see what files would be 2620 removed by <command>lpc clean</command>. &merged;</para> 2621 2622 <para role="historic">&man.lpd.8; now takes two new options: <option>-c</option> 2623 will log all connection errors to &man.syslogd.8;, while 2624 <option>-W</option> will allow connections from non-reserved 2625 ports. &merged;</para> 2626 2627 <para role="historic">&man.lpd.8; now has some support for 2628 <literal>o</literal>-type print-file actions in its control 2629 files, which allows printing of PostScript files generated by 2630 <application>MacOS</application> 10.1. &merged;</para> 2631 2632 <para role="historic">&man.lpd.8; now recognizes the <option>-s</option> flag as 2633 the preferred synonym for <option>-p</option> (these flags 2634 cause &man.lpd.8; not to open a socket for network print 2635 jobs). &merged;</para> 2636 2637 <para role="historic">&man.lpd.8; now implements a new <literal>rc</literal> 2638 printcap option. When specified in a print queue for a remote 2639 host, boolean option causes &man.lpd.8; to resend the data file 2640 for each copy the user requested via <command>lpr 2641 -#<replaceable>n</replaceable></command>. &merged;</para> 2642 2643 <para role="historic">Catching up with most other network utilities in the base 2644 system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and 2645 &man.logger.1; are now all IPv6-capable. &merged;</para> 2646 2647 <para role="historic"><command>lprm -</command> now works for remote printer 2648 queues. &merged;</para> 2649 2650 <para role="historic">&man.ls.1; can produce colorized listings with the 2651 <option>-G</option> flag (and appropriate terminal support). 2652 The <envar>CLICOLOR</envar> environment variable can be set to 2653 enable colorized listings by default. &merged;</para> 2654 2655 <para role="historic">&man.ls.1; now accepts a <option>-h</option> flag, which 2656 when combined with the <option>-l</option> flag, causes file 2657 sizes to be printed with unit suffixes, such that the number of 2658 digits printed is fewer than four. &merged;</para> 2659 2660 <para>The &man.ls.1; program now supports a <option>-m</option> 2661 flag to list files across a page, a <option>-p</option> flag to 2662 force printing of a <literal>/</literal> after directories, and 2663 a <option>-x</option> flag to sort filenames across a 2664 page. &merged;</para> 2665 2666 <para role="historic">&man.m4.1; now accepts a <option>-s</option> flag to cause 2667 it to emit <literal>#line</literal> directives for use by 2668 &man.cpp.1;. &merged;</para> 2669 2670 <para role="historic">&man.mail.1; now takes a <option>-E</option> flag to avoid 2671 sending messages with empty bodies. &merged;</para> 2672 2673 <para role="historic">&man.make.1; has gained the <literal>:C///</literal> 2674 (regular expression substitution), <literal>:L</literal> 2675 (lowercase), and <literal>:U</literal> (uppercase) variable 2676 modifiers. These were added to reduce the differences between 2677 the &os; and OpenBSD/NetBSD &man.make.1; programs. 2678 &merged;</para> 2679 2680 <para role="historic">Bugs in &man.make.1;, among which include broken null suffix 2681 behavior, bad assumptions about current directory permissions, 2682 and potential buffer overflows, have been fixed. &merged;</para> 2683 2684 <para role="historic">The new <varname>CPUTYPE</varname> 2685 <filename>make.conf</filename> variable controls the compilation 2686 of processor-specific optimizations in various pieces of code 2687 such as <application>OpenSSL</application>. &merged;</para> 2688 2689 <para role="historic">The &os; <filename>Makefile</filename> infrastructure now 2690 supports the <varname>WARNS</varname> directive from NetBSD. 2691 This directive controls the addition of compiler warning flags 2692 to <varname>CFLAGS</varname> in a relatively compiler-neutral 2693 manner. &merged;</para> 2694 2695 <para>&man.makewhatis.1; is now a C program, instead of a 2696 Perl script.</para> 2697 2698 <para>&man.man.1; is no longer installed SUID 2699 <username>man</username>, in order to reduce vulnerabilities 2700 associated with generating <quote>catpages</quote> (preformatted 2701 manual pages cached for repeated viewing). As a result, 2702 &man.man.1; can no longer create system catpages on a regular 2703 user's behalf. It is still able to do so if the user has write 2704 permissions to the directory holding catpages (e.g. a user's own 2705 manpages) or if the running user is 2706 <username>root</username>.</para> 2707 2708 <para arch="ia64">The mca utility, for decoding machine check 2709 records, has been added.</para> 2710 2711 <para>The &man.mdmfs.8; command has been added; it is a wrapper 2712 around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and 2713 &man.mount.8; that mimics the command line option set of the 2714 deprecated &man.mount.mfs.8;.</para> 2715 2716 <para role="historic">&man.mergemaster.8; now sources an 2717 <filename>/etc/mergemaster.rc</filename> file and also prompts 2718 the user to run recommended commands (such as 2719 <command>newaliases</command>) as needed. &merged;</para> 2720 2721 <para role="historic">&man.mergemaster.8; now supports two new flags. 2722 The <option>-p</option> flag enables a 2723 <quote>pre-<literal>buildworld</literal></quote> mode to files 2724 known to be essential to the success of the 2725 <literal>buildworld</literal> and 2726 <literal>installworld</literal> system updating steps. The 2727 <option>-C</option> flag, used after a successful 2728 &man.mergemaster.8; run, compares options in 2729 <filename>/etc/rc.conf</filename> to the default options in 2730 <filename>/etc/defaults/rc.conf</filename>. &merged;</para> 2731 2732 <para>&man.mesg.1; now conforms to SUSv3. Among other things, it 2733 now uses the first terminal associated with the standard input, 2734 standard output or standard error file descriptor, in that order. 2735 Thus, it is possible to use the redirection facilities of a shell 2736 (<command>mesg n < /dev/ttyp1</command>) to control write access 2737 for other terminals.</para> 2738 2739 <para role="historic">mk_cmds(1) and the associated 2740 <filename>libss</filename> have been removed; they have been 2741 unused for quite some time. &merged;</para> 2742 2743 <para>&man.mountd.8; and &man.nfsd.8; have moved from 2744 <filename>/sbin</filename> to <filename>/usr/sbin</filename>.</para> 2745 2746 <para role="historic">&man.moused.8; now takes a <option>-a</option> option to 2747 control mouse acceleration. &merged;</para> 2748 2749 <para role="historic">&man.mtree.8; now includes support for a file that lists 2750 pathnames to be excluded when creating and verifying prototypes. 2751 This makes it easier to use &man.mtree.8; as a part of an 2752 intrusion-detection system. &merged;</para> 2753 2754 <para>&man.mv.1; now takes a (nonstandard) <option>-n</option> option to 2755 automatically answer <quote>no</quote> when it would ask to 2756 overwrite a file. &merged;</para> 2757 2758 <para role="historic">&man.natd.8; now supports a 2759 <option>-log_ipfw_denied</option> option to log packets that 2760 cannot be re-injected because they are blocked by &man.ipfw.8; 2761 rules. &merged;</para> 2762 2763 <para role="historic">The <quote>in use</quote> percentage metric displayed by 2764 &man.netstat.1; now really reflects the percentage of network 2765 mbufs used. &merged;</para> 2766 2767 <para role="historic">&man.netstat.1; now has a <option>-W</option> flag that 2768 tells it not to truncate addresses, even if they're too long for 2769 the column they're printed in. &merged;</para> 2770 2771 <para role="historic">&man.netstat.1; now keeps track of input and output packets 2772 on a per-address basis for each interface. &merged;</para> 2773 2774 <para role="historic">&man.netstat.1; now has a <option>-z</option> flag to reset 2775 statistics. &merged;</para> 2776 2777 <para role="historic">&man.netstat.1; now has a <option>-S</option> flag to print 2778 address numerically but port names symbolically. &merged;</para> 2779 2780 <para role="historic">&man.newfs.8; now implements write combining, which can make 2781 creation of new filesystems up to seven times 2782 faster. &merged;</para> 2783 2784 <para role="historic">&man.newfs.8; now takes a <option>-U</option> option to 2785 enable softupdates on a new filesystem. &merged;</para> 2786 2787 <para role="historic">The default number of cylinders per group in &man.newfs.8; 2788 is now computed to be the maximum allowable given the current 2789 filesystem parameters. It can be overridden with the 2790 <option>-c</option> option. Formerly, the default was fixed at 2791 16. This change leads to better &man.fsck.8; performance and 2792 reduced fragmentation. &merged;</para> 2793 2794 <para role="historic"><anchor id="newfs-block-frag-sizes">The default block and 2795 fragment sizes for new filesystems created by &man.newfs.8; are 2796 now 16384 and 2048 bytes, respectively (the old defaults were 2797 8192 and 1024 bytes). This change generally provides increased 2798 performance, at the expense of some wasted disk 2799 space. &merged;</para> 2800 2801 <para>A number of archaic features of &man.newfs.8; have been 2802 removed; these implement tuning features that are essentially 2803 useless on modern hard disks. These features were controlled by 2804 the <option>-O</option>, <option>-d</option>, 2805 <option>-k</option>, <option>-l</option>, <option>-n</option>, 2806 <option>-p</option>, <option>-r</option>, <option>-t</option>, 2807 and <option>-x</option> flags.</para> 2808 2809 <para>&man.newfs.8; now supports a <option>-O</option> flag to 2810 select the creation of UFS1 or UFS2 filesystems.</para> 2811 2812 <para>The &man.newgrp.1; utility to change to a new group has been 2813 added.</para> 2814 2815 <para role="historic">&man.newsyslog.8; now has the ability to compress log files 2816 using &man.bzip2.1;. &merged;</para> 2817 2818 <para><application>NFS</application> now works over IPv6.</para> 2819 2820 <para role="historic">&man.ngctl.8; now supports a <option>write</option> command 2821 to send a data packet down a given hook. &merged;</para> 2822 2823 <para>&man.nice.1; now uses the <option>-n</option> option to 2824 specify the <quote>niceness</quote> of the utility being 2825 run. &merged;</para> 2826 2827 <para role="historic">&man.nl.1;, a line numbering filter program, has been 2828 added. &merged;</para> 2829 2830 <para><application>nsswitch</application> support has been merged 2831 from NetBSD. By creating an &man.nsswitch.conf.5; file, &os; 2832 can be configured so that various databases such as 2833 &man.passwd.5; and &man.group.5; can be looked up using flat 2834 files, NIS, or Hesiod. The old 2835 <filename>hosts.conf</filename> file is no longer used.</para> 2836 2837 <para>&man.od.1; now supports the <option>-A</option> option to 2838 specify the input address base, the <option>-N</option> option to 2839 specify the number of bytes to dump, the <option>-j</option> 2840 option to specify the number of bytes to skip, the 2841 <option>-s</option> option to output signed decimal shorts, and 2842 the <option>-t</option> option to specify output type. &merged;</para> 2843 2844 <para><application>PAM</application> support has been added for 2845 account management and sessions.</para> 2846 2847 <para><application>PAM</application> configuration is now 2848 specified by files in <filename>/etc/pam.d/</filename>, rather 2849 than a single <filename>/etc/pam.conf</filename> file. 2850 <filename>/etc/pam.d/README</filename> has more details.</para> 2851 2852 <para>A &man.pam.echo.8; echo service module has been added.</para> 2853 2854 <para>A &man.pam.exec.8; program execution service module has been 2855 added.</para> 2856 2857 <para>A &man.pam.ftp.8; module has been added to allow 2858 authentication of anonymous FTP users.</para> 2859 2860 <para>A &man.pam.ftpusers.8; module has been added to perform 2861 checks against the &man.ftpusers.5; file.</para> 2862 2863 <para>A &man.pam.ksu.8; module has been added to do Kerberos 5 2864 authentication and <filename>$HOME/.k5login</filename> 2865 authorization for &man.su.1;.</para> 2866 2867 <para>A &man.pam.lastlog.8; module has been added to record 2868 sessions in the &man.utmp.5;, &man.wtmp.5;, and &man.lastlog.5; 2869 databases.</para> 2870 2871 <para>A &man.pam.login.access.8; module has been added, to allow 2872 checking against <filename>/etc/login.access</filename>.</para> 2873 2874 <para>The &man.pam.nologin.8; module, which can disallow logins 2875 using &man.nologin.5;, has been added.</para> 2876 2877 <para>The &man.pam.opie.8; and &man.pam.opieaccess.8; modules have 2878 been added to control authentication via &man.opie.4;. &merged;</para> 2879 2880 <para>A &man.pam.passwdqc.8; module has been added, to check the 2881 quality of passwords submitted during password changes.</para> 2882 2883 <para>A &man.pam.rhosts.8; module has been added to support 2884 &man.rhosts.5; authentication.</para> 2885 2886 <para>The &man.pam.rootok.8; module, which can be used to 2887 authenticate only the superuser, has been added.</para> 2888 2889 <para>A &man.pam.securetty.8; module has been added to check the 2890 <quote>security</quote> of a TTY, as listed in &man.ttys.5;.</para> 2891 2892 <para>A &man.pam.self.8; module, which allows self-authentication 2893 of a user, has been added.</para> 2894 2895 <para role="historic">A &man.pam.ssh.8; module has been added to allow the use of 2896 SSH passphrases and keypairs for authentication. This module 2897 also handles session management by invoking 2898 &man.ssh-agent.1;. &merged;</para> 2899 2900 <para>A &man.pam.wheel.8; module has been added to permit 2901 authentication to members of a group, which defaults to 2902 <groupname>wheel</groupname>.</para> 2903 2904 <para role="historic">&man.passwd.1; and &man.pw.8; now select the password hash 2905 algorithm at run time. See the <literal>passwd_format</literal> 2906 attribute in 2907 <filename>/etc/login.conf</filename>. &merged;</para> 2908 2909 <para role="historic">&man.patch.1; now accepts a <option>-i</option> command-line 2910 flag to read a patch from a file, rather than standard 2911 input. &merged;</para> 2912 2913 <para>The &man.pathchk.1; utility, which checks pathnames for 2914 validity or portability between POSIX systems, has been 2915 added.</para> 2916 2917 <para role="historic">&man.pax.1; has received a number of enhancements, including 2918 &man.cpio.1; functionality, &man.tar.1; compatibility 2919 enhancements, <option>-z</option> and <option>-Z</option> flags 2920 for &man.gzip.1; and &man.compress.1; functionality, and a 2921 number of bug fixes. &merged;</para> 2922 2923 <para role="historic">&man.pciconf.8; now supports a <option>-v</option> option to 2924 display the vendor/device information of configured devices, in 2925 conjunction with the <option>-l</option> option. The default 2926 vendor/device database can be found at 2927 <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para> 2928 2929 <para role="historic">The behavior of &man.periodic.8; is now controlled by 2930 <filename>/etc/defaults/periodic.conf</filename> and 2931 <filename>/etc/periodic.conf</filename>. &merged;</para> 2932 2933 <para role="historic">&man.ping.8; now supports a <option>-m</option> option to 2934 set the TTL of outgoing packets. &merged;</para> 2935 2936 <para role="historic">&man.ping.8; now supports a <option>-A</option> option to 2937 beep when packets are lost. &merged;</para> 2938 2939 <para role="historic">Userland &man.ppp.8; has received a number of updates and 2940 bug fixes. &merged;</para> 2941 2942 <para role="historic">&man.ppp.8; has gained the <literal>tcpmssfixup</literal> 2943 option, which adjusts outgoing and incoming TCP SYN packets so 2944 that the maximum receive segment size is no larger than allowed 2945 by the interface MTU. &merged;</para> 2946 2947 <para role="historic">&man.ppp.8; now supports IPv6. &merged;</para> 2948 2949 <para role="historic">&man.pppd.8; (the control program for kernel-level PPP) is 2950 now installed mode <literal>4550</literal> and 2951 <username>root</username><literal>:</literal><groupname>dialer</groupname>, 2952 rather than mode <literal>4555</literal> (in other words, it is 2953 no longer world-executable). Users of &man.pppd.8; may need to 2954 change their group settings. &merged;</para> 2955 2956 <para role="historic">&man.pr.1; now supports the <option>-f</option> and 2957 <option>-p</option> flags to pause output going to a 2958 terminal. &merged;</para> 2959 2960 <para>prefix(8) is obsolete and has been removed. Its 2961 functionality is provided by the <option>eui64</option> command 2962 to &man.ifconfig.8;.</para> 2963 2964 <para role="historic">The <option>-W</option> option to &man.ps.1; (to extract 2965 information from a specified swap device) has been useless for 2966 some time; it has been removed. &merged;</para> 2967 2968 <para>The &man.pselect.3; library function (introduced by POSIX.1 2969 as a slightly stronger version of &man.select.2;) has been 2970 added.</para> 2971 2972 <para role="historic">&man.pwd.1; can now double as &man.realpath.1;, a program to 2973 resolve pathnames to their underlying physical 2974 paths. &merged;</para> 2975 2976 <para>&man.pwd.1; now supports the <option>-L</option> flag to 2977 print the logical current working directory. &merged;</para> 2978 2979 <para>The pseudo-random number generator implemented by 2980 &man.rand.3; has been improved to provide less biased 2981 results.</para> 2982 2983 <para role="historic">&man.rc.8; now has an framework for handling dependencies 2984 between &man.rc.conf.5; variables. &merged;</para> 2985 2986 <para role="historic">&man.rc.8; now deletes all non-directory files in 2987 <filename>/var/run</filename> and 2988 <filename>/var/spool/lock</filename> at boot 2989 time. &merged;</para> 2990 2991 <para>&man.rcmd.3; now supports the use of the 2992 <envar>RSH</envar> environment variable to specify a program to 2993 use other than &man.rsh.1; for remote execution. As a result, 2994 programs such as &man.dump.8;, can use &man.ssh.1; for remote 2995 transport.</para> 2996 2997 <para>&man.rdist.1; has been retired from the base system, but is 2998 still available from &os; Ports Collection as 2999 <filename role="package">net/44bsd-rdist</filename>.</para> 3000 3001 <para role="historic">&man.reboot.8; now takes a <option>-k</option> to specify 3002 the next kernel to boot. &merged;</para> 3003 3004 <para>The &man.renice.8; command implements a <option>-n</option> 3005 option, which specifies an increment to be applied to the 3006 priority of a process. &merged;</para> 3007 3008 <para role="historic">The &man.resolver.3; in &os; now implements EDNS0 support, 3009 which will be necessary when working with IPv6 transport-ready 3010 resolvers/DNS servers. &merged;</para> 3011 3012 <para role="historic">The &man.rfork.thread.3; library call has been added as a 3013 helper function to &man.rfork.2;. Using this function should 3014 avoid the need to implement complex stack swap 3015 code. &merged;</para> 3016 3017 <para role="historic">The <option>-v</option> option to &man.rm.1; now displays 3018 the entire pathname of a file being removed. &merged;</para> 3019 3020 <para role="historic">&man.route.8; is now more verbose when changing indirect 3021 routes, in the case of a gateway route that is the same route as 3022 the one being modified. &merged;</para> 3023 3024 <para role="historic">&man.route.8; now uses 3025 <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal> 3026 syntax instead of 3027 <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal> 3028 syntax, for compatibility with &man.netstat.1;. &merged;</para> 3029 3030 <para role="historic">&man.route.8; can now create <quote>proxy only</quote> 3031 published ARP entries. &merged;</para> 3032 3033 <para role="historic">The &man.route.8; <option>add</option> command now supports 3034 the <option>-ifp</option> and <option>-ifa</option> 3035 modifiers. &merged;</para> 3036 3037 <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para> 3038 3039 <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename> 3040 (as on NetBSD), not 3041 <filename>/usr/libexec/cpp</filename>.</para> 3042 3043 <para>&man.rpc.lockd.8; has been imported from NetBSD. This 3044 daemon provides support for servicing client NFS locks.</para> 3045 3046 <para role="historic">The performance of the ELF dynamic linker &man.rtld.1; has 3047 been improved. &merged;</para> 3048 3049 <para role="historic">RSA Security has waived all patent rights to the 3050 <application>RSA</application> algorithm. As a result, the 3051 native <application>OpenSSL</application> implementation of the 3052 RSA algorithm is now activated by default, and the <filename 3053 role="package">security/rsaref</filename> port and the 3054 <filename>librsaUSA</filename> and 3055 <filename>librsaINTL</filename> libraries are no longer required 3056 for USA and non-USA residents respectively. &merged;</para> 3057 3058 <para>&man.rtld.1; will now print the names of all objects that 3059 cause each object to be loaded, if the 3060 <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment 3061 variable is defined.</para> 3062 3063 <para role="historic">&man.savecore.8; now supports a <option>-k</option> option 3064 to prevent clearing a crash dump after saving it. It also 3065 attempts to avoid writing large stretches of zeros to crash dump 3066 files to save space and time. &merged;</para> 3067 3068 <para role="historic">&man.savecore.8; now works correctly on machines with 2 GB 3069 or more of RAM. &merged;</para> 3070 3071 <para role="historic">&man.sed.1; now takes a <option>-E</option> option for 3072 extended regular expression support. &merged;</para> 3073 3074 <para>&man.sed.1; now takes a <option>-i</option> option to enable 3075 in-place editing of files. &merged;</para> 3076 3077 <para role="historic">&man.send-pr.1; now takes a <option>-a</option> option to 3078 include a file into the <literal>Fix:</literal> section of a 3079 problem report. &merged;</para> 3080 3081 <para>The &man.setfacl.1; and &man.getfacl.1; commands have been 3082 added to manage filesystem Access Control Lists.</para> 3083 3084 <para role="historic">&man.setproctitle.3; has been moved from 3085 <filename>libutil</filename> to 3086 <filename>libc</filename>. &merged;</para> 3087 3088 <para role="historic">&man.sh.1; now implements <command>test</command> as a 3089 built-in command for improved efficiency. &merged;</para> 3090 3091 <para>&man.sh.1; no longer implements <command>printf</command> as 3092 a built-in command because it was considered less valuable 3093 compared to the other built-in commands (this functionality is, 3094 of course, still available through the &man.printf.1; 3095 executable).</para> 3096 3097 <para>&man.sh.1; now supports a <option>-C</option> option to 3098 prevent existing regular files from being overwritten by output 3099 redirection, and a <option>-u</option> to give an error if an 3100 unset variable is expanded. &merged;</para> 3101 3102 <para>The &man.sh.1; built-in <command>cd</command> command now 3103 supports <option>-L</option> and <option>-P</option> flags to 3104 invoke logical or physical modes of operation, respectively. 3105 Logical mode is the default, but the default can be changed with 3106 the <varname>physical</varname> &man.sh.1; option. &merged;</para> 3107 3108 <para>The &man.sh.1; built-in <command>jobs</command> command now 3109 supports a <option>-s</option> flag to output PIDs only and a 3110 <option>-l</option> flag to add PIDs to the output. &merged;</para> 3111 3112 <para>&man.sh.1; now supports a <command>bind</command> built-in 3113 command, which allows the key bindings for the shell's line editor 3114 to be changed.</para> 3115 3116 <para>The &man.sh.1; built-in <command>export</command> and 3117 <command>readonly</command> commands now support a 3118 <option>-p</option> flag to print their output in 3119 <quote>portable</quote> format. &merged;</para> 3120 3121 <para>&man.sh.1; no longer accepts invalid constructs as 3122 <command><replaceable>command</replaceable> & && 3123 <replaceable>command</replaceable></command>, <command>&& 3124 <replaceable>command</replaceable></command>, or <command>|| 3125 <replaceable>command</replaceable></command>. &merged;</para> 3126 3127 <para role="historic">&man.sockstat.1; now has <option>-c</option> and 3128 <option>-l</option> flags for listing connected and listening 3129 sockets, respectively. &merged;</para> 3130 3131 <para>&man.spkrtest.8; is now a &man.sh.1; script, rather than a 3132 Perl script.</para> 3133 3134 <para role="historic">&man.split.1; now has the ability to split a file longer 3135 than 2GB. &merged;</para> 3136 3137 <para>&man.split.1; now supports a <option>-a</option> option to 3138 specify the number of letters to use for the suffix of split 3139 files. &merged;</para> 3140 3141 <para>In preparation for meeting SUSv2/POSIX 3142 <filename><sys/select.h></filename> requirements, 3143 <literal>struct selinfo</literal> and related functions have been 3144 moved to <filename><sys/selinfo.h></filename>.</para> 3145 3146 <para role="historic">The &man.strnstr.3; and &man.strcasestr.3; variants of 3147 &man.strstr.3; have been implemented. &merged;</para> 3148 3149 <para role="historic">&man.stty.1; now has support for an 3150 <literal>erase2</literal> control character, so that, for 3151 example, both the <keycap>Delete</keycap> and 3152 <keycap>Backspace</keycap> keys can be used to erase 3153 characters. &merged;</para> 3154 3155 <para>&man.su.1; now uses <application>PAM</application> for 3156 authentication.</para> 3157 3158 <para role="historic">Boot-time &man.syscons.4; configuration was moved to a 3159 machine-independent 3160 <filename>/etc/rc.syscons</filename>. &merged;</para> 3161 3162 <para role="historic">&man.sysctl.8; now supports a <option>-N</option> option to 3163 print out variable names only. &merged;</para> 3164 3165 <para role="historic">&man.sysctl.8; has replaced the <option>-A</option> and 3166 <option>-X</option> options with <option>-ao</option> and 3167 <option>-ax</option> respectively; the former options are now 3168 deprecated. The <option>-w</option> option is deprecated as 3169 well; it is not needed to determine the user's 3170 intentions. &merged;</para> 3171 3172 <para role="historic">&man.sysctl.8; now supports a <option>-e</option> option to 3173 separate variable names and values by <literal>=</literal> 3174 rather than <literal>:</literal>. This feature is useful for 3175 producing output that can be fed back to 3176 &man.sysctl.8;. &merged;</para> 3177 3178 <para>&man.sysctl.8; now accepts a <option>-d</option> flag to print 3179 the descriptions of variables.</para> 3180 3181 <para role="historic">&man.sysinstall.8; now properly preserves 3182 <filename>/etc/mail</filename> during a binary 3183 upgrade. &merged;</para> 3184 3185 <para role="historic">&man.sysinstall.8; now uses some more intuitive defaults 3186 thanks to some new dialog support functions. &merged;</para> 3187 3188 <para>The default root partition in &man.sysinstall.8; is now 3189 100MB on the i386 and pc98, 120MB on the Alpha.</para> 3190 3191 <para>&man.sysinstall.8; now lives in 3192 <filename>/usr/sbin</filename>, which simplifies the 3193 installation process. The &man.sysinstall.8; manpage is also 3194 installed in a more consistent fashion now.</para> 3195 3196 <para role="historic">&man.sysinstall.8; now has the ability to load KLDs as a 3197 part of the installation. &merged;</para> 3198 3199 <para role="historic">When run from the installation media, &man.sysinstall.8; 3200 will automatically load any device drivers found in the 3201 <filename>/stand/modules</filename> directory of the 3202 <literal>mfsroot</literal> floppy or filesystem image. Note 3203 that any drivers so loaded will not appear in the kernel's boot 3204 messages; the &man.sysinstall.8; debugging screen will provide 3205 additional information. &merged;</para> 3206 3207 <para role="historic">&man.sysinstall.8; now enables Soft Updates by default on 3208 all filesystems it creates, except for the root 3209 filesystem. &merged;</para> 3210 3211 <para role="historic">&man.sysinstall.8; has received updates for its 3212 <quote>auto</quote> partitioning mode which provide more 3213 reasonable defaults for the sizes of partitions that are 3214 created; auto-sized partitions can now also recover the space 3215 that becomes available when other partitions are 3216 deleted. &merged;</para> 3217 3218 <para>&man.sysinstall.8; no longer mounts the &man.procfs.5; 3219 filesystem by default on new installs.</para> 3220 3221 <para role="historic">&man.sysinstall.8; now has rudimentary support for 3222 retrieving packages from the correct volume of a multiple-volume 3223 installation (such as a multi-CD distribution). &merged;</para> 3224 3225 <para role="historic">&man.syslogd.8; can take a <option>-n</option> option to 3226 disable DNS queries for every request. &merged;</para> 3227 3228 <para role="historic">&man.syslogd.8; now supports a 3229 <literal>LOG_CONSOLE</literal> facility (disabled by default), 3230 which can be used to log <filename>/dev/console</filename> 3231 output. &merged;</para> 3232 3233 <para role="historic">&man.syslogd.8; now has the ability to bind to a specific 3234 address (as opposed to using every available one) via the 3235 <option>-b</option> option. &merged;</para> 3236 3237 <para role="historic">&man.syslogd.8; now accepts a <option>-c</option> flag to 3238 disable repeated line compression. &merged;</para> 3239 3240 <para>&man.tabs.1;, a utility to set terminal tab stops, has been 3241 added.</para> 3242 3243 <para role="historic">&man.tail.1; now has the ability to work on files longer 3244 than 2GB. &merged;</para> 3245 3246 <para role="historic">&man.tar.1; now supports the <varname>TAR_RSH</varname> 3247 variable, principally to enable the use of &man.ssh.1; as a 3248 transport. &merged;</para> 3249 3250 <para role="historic">&man.telnet.1; now does autologin and encryption by default; 3251 a new <option>-y</option> option turns off encryption. &merged;</para> 3252 3253 <para role="historic">&man.telnet.1; now supports a <option>-u</option> flag to 3254 allow connections to UNIX-domain (<literal>AF_UNIX</literal>) 3255 sockets. &merged;</para> 3256 3257 <para role="historic">&man.tftp.1; and &man.tftpd.8; now support IPv6. &merged;</para> 3258 3259 <para role="historic">&man.tftpd.8; now takes the <option>-c</option> and 3260 <option>-C</option> options, which allow the server to 3261 &man.chroot.2; based on the IP address of the connecting client. 3262 &man.tftp.1; and &man.tftpd.8; can now transfer files larger 3263 than 65535 blocks. &merged;</para> 3264 3265 <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval 3266 and Transfer Size Options); this feature is required by some 3267 firmware like EFI boot managers (at least on HP i2000 Itanium 3268 servers) in order to boot an image using 3269 <application>TFTP</application>.</para> 3270 3271 <para arch="alpha">&man.timed.8; now works on the alpha.</para> 3272 3273 <para>A version of Transport Independent RPC 3274 (<application>TI-RPC</application>) has been imported.</para> 3275 3276 <para role="historic">&man.tmpnam.3; will now use the <envar>TMPDIR</envar> 3277 environment variable, if set, to specify the location of 3278 temporary files. &merged;</para> 3279 3280 <para>&man.tip.1; has been updated from 3281 <application>OpenBSD</application>, and has the ability to act 3282 as a &man.cu.1; substitute.</para> 3283 3284 <para>&man.top.1; will now use the full width of its tty.</para> 3285 3286 <para>&man.touch.1; now takes a <option>-h</option> option to 3287 operate on a symbolic link, rather than what the link points 3288 to.</para> 3289 3290 <para>&man.tr.1; now has basic support for equivalence classes 3291 for locales that support them. &merged;</para> 3292 3293 <para>&man.tr.1; now supports a <option>-C</option> flag to 3294 complement the set of characters specified by the first string 3295 argument.</para> 3296 3297 <para role="historic">The &man.truncate.1; utility, which truncates or extends the 3298 length of files, has been added. &merged;</para> 3299 3300 <para role="historic">Ukrainian language support has been added to the &os; 3301 console. &merged;</para> 3302 3303 <para><application>UUCP</application> has been removed from the 3304 base system. It can be found in the Ports Collection, in 3305 <filename role="package">net/freebsd-uucp</filename>.</para> 3306 3307 <para>&man.unexpand.1; now supports a <option>-t</option> to 3308 specify tabstops analogous to &man.expand.1;. &merged;</para> 3309 3310 <para role="historic">&man.units.1; has received some updates and 3311 bugfixes. &merged;</para> 3312 3313 <para>&man.usbdevs.8; now supports a <option>-d</option> flag to 3314 show the device driver associated with each device.</para> 3315 3316 <para role="historic">The &man.usbhidctl.1; utility has been added to manipulate 3317 USB Human Interface Devices. &merged;</para> 3318 3319 <para role="historic">&man.uuencode.1; and &man.uudecode.1; now accept a <option>-o</option> option to 3320 set their output files. &man.uuencode.1; can now be made to do base64 encoding 3321 when given the <option>-m</option> flag, while &man.uudecode.1; 3322 can now automatically decode base64 files. &merged;</para> 3323 3324 <para>The base64 capabilities of &man.uuencode.1; and 3325 &man.uudecode.1; can now be automatically enabled by invoking 3326 these utilities as &man.b64encode.1; and &man.b64decode.1; 3327 respectively.</para> 3328 3329 <para>The &man.uuidgen.1; utility has been added. It uses the new 3330 &man.uuidgen.2; system call to generate one or more Universally 3331 Unique Identifiers compatible with OSF/DCE 1.1 version 1 3332 UUIDs.</para> 3333 3334 <para role="historic">&man.vidcontrol.1; now accepts a <option>-g</option> 3335 parameter to select custom text geometry in the 3336 <literal>VESA_800x600</literal> raster text mode. &merged;</para> 3337 3338 <para role="historic">&man.vidcontrol.1; now allows the user to omit the font size 3339 specification when loading a font, and has some better 3340 error-handling. &merged;</para> 3341 3342 <para role="historic">&man.vidcontrol.1; now supports a <option>-p</option> option 3343 to take a snapshot of a &man.syscons.4; video buffer. These 3344 snapshots can be manipulated by the 3345 <filename role="package">graphics/scr2png</filename> utility in 3346 the Ports Collection. &merged;</para> 3347 3348 <para role="historic">&man.vidcontrol.1; now supports a <option>-C</option> option 3349 to clear the history buffer for a given tty, as well as a 3350 <option>-h</option> option to set the size of the history 3351 buffer. &merged;</para> 3352 3353 <para>&man.vidcontrol.1; now accepts a <option>-S</option> to 3354 allow the user to disable VTY switching.</para> 3355 3356 <para>The default stripe size in &man.vinum.8; has been changed 3357 from 256KB to 279KB, to spread out superblocks more evenly 3358 between stripes.</para> 3359 3360 <para role="historic">&man.wall.1; now supports a <option>-g</option> flag to 3361 write a message to all users of a given group. &merged;</para> 3362 3363 <para role="historic">&man.watch.8; now takes a <option>-f</option> option to 3364 specify a &man.snp.4; device to use. &merged;</para> 3365 3366 <para>&man.wc.1; now supports a <option>-m</option> flag to 3367 count characters, rather than bytes.</para> 3368 3369 <para>&man.whereis.1;, formerly a Perl script, has been 3370 rewritten in C. It now supports a <option>-x</option> flag to 3371 suppress the run of &man.locate.1;, and a <option>-q</option> 3372 flag suppresses the leading name of the query.</para> 3373 3374 <para>&man.whereis.1; now supports a <option>-a</option> flag 3375 to report all matches instead of only the first of each 3376 requested type.</para> 3377 3378 <para>&man.which.1; is now a C program, rather than a Perl 3379 script.</para> 3380 3381 <para>&man.who.1; now has a number of new options: 3382 <option>-H</option> shows column headings; <option>-T</option> 3383 shows &man.mesg.1; state; <option>-m</option> is an equivalent 3384 to <option>am i</option>; <option>-u</option> shows idle time; 3385 <option>-q</option> to list names in columns. &merged;</para> 3386 3387 <para role="historic">&man.whois.1; now directs queries for IP addresses to ARIN. 3388 If a query to ARIN references APNIC or RIPE, the appropriate 3389 server will also be queried, provided that the 3390 <option>-Q</option> option is not specified. &merged;</para> 3391 3392 <para role="historic">&man.whois.1; supports a <option>-c</option> option to 3393 specify a country code to help direct queries towards a 3394 particular whois server. &merged;</para> 3395 3396 <para>&man.wicontrol.8; now supports a <option>-l</option> to list 3397 the stations associated in <literal>hostap</literal> mode and a 3398 <option>-L</option> to list available access points.</para> 3399 3400 <para>&man.xargs.1; now supports a <option>-I</option> 3401 <replaceable>replstr</replaceable> option that allows the user 3402 to tell &man.xargs.1; to insert the data read from standard 3403 input at specific points in the command line arguments rather 3404 than at the end. (A &os;-specific <option>-J</option> option is 3405 similar, but is now deprecated in favor of the more portable 3406 <option>-I</option> option.) &merged;</para> 3407 3408 <para>&man.xargs.1; now supports a <option>-L</option> option to 3409 force its utility argument to be called after some number of 3410 lines. &merged;</para> 3411 3412 <para role="historic">The compiler chain now uses the FSF-supplied C/C++ runtime 3413 initialization code. This change brings about better 3414 compatibility with code generated from the various egcs and gcc 3415 ports, as well as the stock public FSF source. &merged;</para> 3416 3417 <para role="historic">The threads library has gained some signal handling changes, 3418 bug fixes, and performance enhancements (including zero system 3419 call thread switching). &man.gdb.1; thread support has been 3420 updated to match these changes. &merged;</para> 3421 3422 <para role="historic">Significant additions have been made to internationalization 3423 support; &os; now has complete locale support for the 3424 <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, 3425 and <literal>LC_MESSAGES</literal> categories. A number of 3426 applications have been updated to take advantage of this 3427 support. &merged;</para> 3428 3429 <para role="historic">Locale names have been changed to improve compatibility with 3430 the names used by X11R6, as well as a number of other UNIX 3431 versions. As an example, the 3432 <literal>en_US.ISO_8859-1</literal> locale name has been changed 3433 to 3434 <literal>en_US.ISO8859-1</literal>. Entries in 3435 <filename>/etc/locale.alias</filename> provide backward 3436 compatibility. &merged;</para> 3437 3438 <para role="historic"><filename>/usr/src/share/examples/BSD_daemon/</filename> now 3439 contains a scalable Beastie graphic. &merged;</para> 3440 3441 <para role="historic">As part of an ongoing process, many manual pages were 3442 improved, both in terms of their formatting markup and in their 3443 content. &merged;</para> 3444 3445 <para>A number of utilities and libraries were enhanced to improve 3446 their conformance with the Single UNIX Specification (SUSv3) and 3447 IEEE Std 1003.1-2001 (<quote>POSIX.1</quote>). Specific 3448 features added have been listed in the release notes for each 3449 utility. The standards conformance of each utility or library 3450 function is generally listed in its manual page.</para> 3451 3452 <sect3> 3453 <title>Contributed Software</title> 3454 3455 <para><application>am-utils</application> has been updated to 3456 6.0.7.</para> 3457 3458 <para>A 10 February 2002 snapshot of <application>awk</application> from Bell Labs (variously 3459 known as <quote>BWK awk</quote> or <quote>The One True 3460 AWK</quote>) has been imported. It is available as 3461 <command>awk</command> or 3462 <command>nawk</command>.</para> 3463 3464 <para role="historic"><application>bc</application> has been updated from 1.04 to 3465 1.06. &merged;</para> 3466 3467 <para role="historic">The ISC library from the <application>BIND</application> 3468 distribution is now built as 3469 <filename>libisc</filename>. &merged;</para> 3470 3471 <para role="historic"><application>BIND</application> is now built with the 3472 <literal>NOADDITIONAL</literal> flag, which causes 3473 &man.named.8; to operate in a more consistent fashion for 3474 certain common misconfigurations. &merged;</para> 3475 3476 <para><application>BIND</application> has been updated to 3477 8.3.3. &merged;</para> 3478 3479 <para><application>Binutils</application> has been updated to 3480 2.12.1 (specifically, a post-release snapshot from 22 June 2002).</para> 3481 3482 <para role="historic"><application>bzip2</application> 1.0.2 has been imported; 3483 this brings the &man.bzip2.1; program and the 3484 <filename>libbz2</filename> library to the base 3485 system. &merged;</para> 3486 3487 <para role="historic">The &man.ee.1; <application>Easy Editor</application> has 3488 been updated to 1.4.2. &merged;</para> 3489 3490 <para><application>file</application> has been updated to 3491 3.37.</para> 3492 3493 <para><application>gcc</application> has been updated to 3494 a snapshot of <application>gcc</application> 3.1. 3495 <warning> 3496 <para>The integration of <application>gcc</application> is 3497 very new. Some applications and programs in the base 3498 system require fixes or compiler flags to build 3499 correctly. Work to address these problems is ongoing.</para> 3500 </warning> 3501 </para> 3502 3503 <para role="historic">&man.gcc.1; now uses a unified <filename>libgcc</filename> 3504 rather than a separate one for threaded and non-threaded 3505 programs. <filename>/usr/lib/libgcc_r.a</filename> can be 3506 removed. &merged;</para> 3507 3508 <para role="historic">&man.gcc.1; now supports the environment variable 3509 <envar>GCC_OPTIONS</envar>, which can hold a set of default 3510 options for <application>GCC</application>. &merged;</para> 3511 3512 <para><application>gdb</application> has been updated to a 3513 snapshot of <application>gdb</application> 5.2 from 27 June 3514 2002.</para> 3515 3516 <para role="historic"><application>GNATS</application> has been updated to 3517 3.113. &merged;</para> 3518 3519 <para><application>gperf</application> has been updated to 3520 2.7.2.</para> 3521 3522 <para role="historic"><application>groff</application> and its related utilities 3523 have been updated to FSF version 1.17.2. This import brings 3524 in a new &man.mdoc.7; macro package (sometimes referred to as 3525 <literal>mdocNG</literal>), which removes many of the 3526 limitations of its predecessor. &merged;</para> 3527 3528 <para role="historic"><application>Heimdal Kerberos</application> has been updated to 3529 0.4e. &merged;</para> 3530 3531 <para role="historic">The version of <application>IPFilter</application> 3532 provided with &os; now includes the &man.ipfs.8; program, 3533 which allows state information created for NAT entries and 3534 stateful rules to be saved to disk and restored after a 3535 reboot. Boot-time configuration of these features is 3536 supported by &man.rc.conf.5;. &merged;</para> 3537 3538 <para role="historic">The <application>ISC DHCP</application> client has been 3539 updated to 3.0.1RC8. &merged;</para> 3540 3541 <para role="historic"><application>Kerberos IV</application> has been updated to 3542 1.0.5. &merged;</para> 3543 3544 <para>The &man.more.1; command has been replaced by 3545 &man.less.1;, although it can still be run as 3546 <command>more</command>. &merged; Version 371 of 3547 <application>less</application> has been imported.</para> 3548 3549 <para><application>libpcap</application> has been updated to 3550 0.7.1. &merged;</para> 3551 3552 <para><application>libreadline</application> has been updated to 3553 4.2.</para> 3554 3555 <para><application>libz</application> has been updated to 3556 1.1.4.</para> 3557 3558 <para><application>lint</application> has been updated to 3559 snapshot of NetBSD &man.lint.1; as of 19 July 2002.</para> 3560 3561 <para><application>lukemftp</application> 1.6 beta 2 (the FTP client from 3562 NetBSD) has replaced the &os; &man.ftp.1; program. Among its 3563 new features are more automation methods, better standards 3564 compliance, transfer rate throttling, and a customizable 3565 command-line prompt. Some environment variables and 3566 command-line arguments have changed.</para> 3567 3568 <para>The FTP daemon from NetBSD, otherwise known as 3569 <application>lukemftpd</application> 1.2 beta 1, has been imported and is 3570 available as &man.lukemftpd.8;. &merged;</para> 3571 3572 <para>&man.m4.1; has been imported from OpenBSD, as of 26 April 3573 2002. &merged;</para> 3574 3575 <para><application>ncurses</application> has been updated to 3576 5.2-20020615.</para> 3577 3578 <para role="historic">The <application>NTP</application> suite of programs has 3579 been updated to 4.1.0. &merged;</para> 3580 3581 <para><application>OpenPAM</application> 3582 (<quote>Citronella</quote> release) has been imported, 3583 replacing 3584 <application>Linux-PAM</application>.</para> 3585 3586 <para>The <application>OPIE</application> one-time-password 3587 suite has been updated to 2.4. It has completely 3588 replaced the functionality of 3589 <application>S/Key</application>. &merged;</para> 3590 3591 <para><application>Perl</application> has been removed from the 3592 &os; base system. It can still be installed from the &os; 3593 Ports Collection or as a binary package; moving it out of the 3594 base system will make future upgrades and maintenence easier. 3595 To reduce the dependence of the base system on 3596 Perl, many utilities have been 3597 rewritten as shell scripts or C programs (specific notes are 3598 made for each affected utility). 3599 <filename>/usr/bin/perl</filename> is now a 3600 <quote>wrapper</quote> program, so that programs expecting to 3601 find a Perl interpreter there will 3602 be able to function correctly. 3603 3604 <warning> 3605 <para>The Perl removal and 3606 package integration work is ongoing.</para> 3607 </warning> 3608 3609 </para> 3610 3611 <para><application>GNU ptx</application> has been removed from 3612 the base system. It is not used anywhere in the base system, 3613 and has not been recently updated or maintained. Users 3614 requiring its functionality can install this utility as a part 3615 of the <filename role="package">textproc/textutils</filename> 3616 port.</para> 3617 3618 <para>The <literal>rc.d</literal> framework from NetBSD has been 3619 imported. It breaks down the system startup functionality 3620 into a number of small, <quote>task-oriented</quote> scripts 3621 in <filename>/etc/rc.d</filename>, with dynamic-determined 3622 ordering of startup scripts performed at boot-time. 3623 3624 <note> 3625 <para>This feature is currently disabled by default. It can 3626 be enabled by setting <literal>rc_ng="YES"</literal> in 3627 <filename>/etc/rc.conf</filename>.</para> 3628 </note> 3629 3630 </para> 3631 3632 <para role="historic">&man.routed.8; has been updated to version 3633 2.22. &merged;</para> 3634 3635 <para arch="i386,pc98">Version 1.4.5 of the 3636 <application>smbfs</application> userland utilities have been 3637 imported.</para> 3638 3639 <para><application>GNU sort</application> has been updated to 3640 the version from <application>GNU textutils 3641 2.0.21</application>.</para> 3642 3643 <para>&man.stat.1; from <application>NetBSD</application>, as of 3644 5 June 2002 has, been imported.</para> 3645 3646 <para><application>GNU tar</application> has been updated to 3647 1.13.25. &merged;</para> 3648 3649 <para><application>tcpdump</application> has been updated to 3650 3.7.1. &merged;</para> 3651 3652 <para>The &man.csh.1; shell has been replaced by &man.tcsh.1;, 3653 although it can still be run as <command>csh</command>. 3654 <application>tcsh</application> has been updated to version 3655 6.12. &merged;</para> 3656 3657 <para>The contributed version of 3658 <application>tcp_wrappers</application> now includes the 3659 &man.tcpd.8; helper daemon. While not strictly necessary in a 3660 standard &os; installation (because &man.inetd.8; already 3661 incorporates this functionality), this may be useful for 3662 &man.inetd.8; replacements such as 3663 <application>xinetd</application>.</para> 3664 3665 <para><application>texinfo</application> has been updated to 3666 4.2. &merged;</para> 3667 3668 <para><application>top</application> has been updated to version 3669 3.5b12. &merged;</para> 3670 3671 <para><application>traceroute</application> has been updated to 3672 LBL version 1.4a12.</para> 3673 3674 <para role="historic">&man.traceroute.8; now takes its default maximum TTL value 3675 from the <varname>net.inet.ip.ttl</varname> sysctl 3676 variable. &merged;</para> 3677 3678 <para role="historic">The timezone database has been updated to the 3679 <filename>tzdata2002c</filename> release. &merged;</para> 3680 3681 <sect4> 3682 <title>CVS</title> 3683 3684 <para role="historic"><application>cvs</application> has been updated to 3685 1.11.1p1. &merged;</para> 3686 3687 <para role="historic">The default value for &man.cvs.1;'s 3688 <envar>CVS_RSH</envar> variable is now 3689 <literal>ssh</literal>, rather than 3690 <literal>rsh</literal>. &merged;</para> 3691 3692 <para role="historic">&man.cvs.1; now supports a <option>-T</option> option to 3693 update a sandbox's <filename>CVS/Template</filename> file 3694 from the repository. &merged;</para> 3695 3696 <para role="historic">&man.cvs.1; <literal>diff</literal> now supports the 3697 <option>-j</option> option to perform differences against a 3698 revision relative to a branch tag. &merged;</para> 3699 </sect4> 3700 3701 <sect4> 3702 <title>CVSup</title> 3703 3704 <para role="historic"><application>CVSup</application>, a frequently used 3705 utility in the &os; Ports Collection, was formerly 3706 installable using several ports and packages. The 3707 <filename role="package">net/cvsup-bin</filename> and 3708 <filename role="package">net/cvsupd-bin</filename> 3709 ports/packages are no longer necessary or available; the 3710 <filename role="package">net/cvsup</filename> port should be 3711 used instead. &merged;</para> 3712 3713 <para role="historic"><application>CVSup</application> has been updated to 3714 16.1_3, which is available in the &os; Ports Collection as 3715 <filename role="package">net/cvsup</filename>. This update 3716 fixes a long-standing (but only recently encountered) bug 3717 which affects the timestamps on all files after Sun Sep 9 3718 01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX 3719 epoch). &merged;</para> 3720 </sect4> 3721 3722 <sect4 id="kame-userland"> 3723 <title>KAME</title> 3724 3725 <para role="historic">The IPv6 stack is now based on a snapshot based on the 3726 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of 3727 the items listed in this section are a result of this 3728 import. 3729 <xref linkend="kame-kernel"> lists kernel updates to the 3730 KAME IPv6 stack. &merged;</para> 3731 3732 <para role="historic">&man.faithd.8; now supports a configuration file for 3733 access control. &merged;</para> 3734 3735 <para role="historic">&man.ifconfig.8; can now perform the functions of 3736 gifconfig(8). &merged;</para> 3737 3738 <para role="historic">&man.ifconfig.8; can now perform the functions of 3739 prefix(8). &merged;</para> 3740 3741 <para role="historic">&man.ndp.8; now implements garbage collection for stale 3742 NDP entries, as described in RFC 2461 (Neighbor Discovery 3743 for IP Version 6 (IPv6)). &merged;</para> 3744 3745 <para role="historic">pim6dd(8) and pim6sd(8) have been removed due 3746 to restrictive licensing conditions. These programs are 3747 available in the ports collection as 3748 <filename role="package">net/pim6dd</filename> and 3749 <filename role="package">net/pim6sd</filename>. &merged;</para> 3750 3751 <para role="historic">&man.route6d.8; now supports an <option>-n</option> flag 3752 to avoid updating the kernel forwarding 3753 table. &merged;</para> 3754 3755 <para role="historic">The <option>-R</option> (router renumbering) option to 3756 &man.rtadvd.8; is currently ignored. &merged;</para> 3757 </sect4> 3758 3759 <sect4> 3760 <title>OpenSSH</title> 3761 3762 <para role="historic"><application>OpenSSH</application> has been updated to 3763 2.9, which provides support for the SSH2 protocol (now the 3764 default) and DSA keys. &man.ssh-add.1; and 3765 &man.ssh-agent.1; can now handle DSA keys, with support for 3766 authentication forwarding. 3767 <application>OpenSSH</application> users in the USA no 3768 longer need to rely on the restrictively-licensed RSAREF 3769 toolkit which is required to handle RSA keys. Among other 3770 new features: A client and server for &man.sftp.1; has been added. 3771 &man.scp.1; can now handle files larger than 2 GBytes. A 3772 limit on the number of outstanding, unauthenticated 3773 connections in &man.sshd.8; has been added. Support has 3774 been added for the Rijndael encryption algorithm. Rekeying 3775 of existing sessions is now supported, and an experimental 3776 <application>SOCKS4</application> proxy has been added to 3777 &man.ssh.1;. &merged;</para> 3778 3779 <para><application>OpenSSH</application> has been updated to 3780 version 3.1. &merged; Among the changes: 3781 <itemizedlist> 3782 <listitem> 3783 <para>The <filename>*2</filename> files are obsolete 3784 (for example, 3785 <filename>~/.ssh/known_hosts</filename> can hold the 3786 contents of 3787 <filename>~/.ssh/known_hosts2</filename>).</para> 3788 </listitem> 3789 <listitem> 3790 <para>&man.ssh-keygen.1; can import and export keys using 3791 the SECSH Public Key File Format, for key exchange 3792 with several commercial SSH implementations.</para> 3793 </listitem> 3794 <listitem> 3795 <para>&man.ssh-add.1; now adds all three default keys.</para> 3796 </listitem> 3797 <listitem> 3798 <para>&man.ssh-keygen.1; no longer defaults to a 3799 specific key type; one must be specified with the 3800 <option>-t</option> option.</para> 3801 </listitem> 3802 </itemizedlist> 3803 </para> 3804 3805 <para><application>OpenSSH</application> has been updated to 3806 3.4p1. &merged; The main changes are: 3807 <itemizedlist> 3808 <listitem> 3809 <para>A <quote>privilege separation</quote> feature, 3810 which uses unprivileged processes to contain and 3811 restrict the effects of future compromises or 3812 programming errors.</para> 3813 </listitem> 3814 3815 <listitem> 3816 <para>Several bugfixes, including closure of a 3817 security hole that could lead to an integer overflow 3818 and undesired privilege escalation.</para> 3819 </listitem> 3820 </itemizedlist> 3821 </para> 3822 3823 <para role="historic"><application>OpenSSH</application> can now authenticate 3824 using <application>OPIE</application> passwords. &merged;</para> 3825 3826 <para role="historic"><application>PAM</application> support for 3827 <application>OpenSSH</application> has been added. &merged;</para> 3828 3829 <para role="historic">A long-standing bug in 3830 <application>OpenSSH</application>, which sometimes resulted 3831 in a dropped session when an X11-forwarded client was 3832 closed, was fixed. &merged;</para> 3833 3834 <para role="historic"><application>Kerberos</application> compatibility has 3835 been added to 3836 <application>OpenSSH</application>. &merged;</para> 3837 3838 <para role="historic"><application>OpenSSH</application> has been modified to 3839 be more resistant to traffic analysis by requiring that 3840 <quote>non-echoed</quote> characters are still echoed back 3841 in a null packet, as well as by padding passwords sent so as 3842 not to hint at password lengths. &merged;</para> 3843 3844 <para role="historic">&man.sshd.8; is now enabled by default on new 3845 installs. &merged;</para> 3846 3847 <para role="historic">&man.sshd.8; <literal>X11Forwarding</literal> is now 3848 turned on by default on the server (any risk is to the 3849 client, where it is already disabled by 3850 default). &merged;</para> 3851 3852 <para role="historic">In <filename>/etc/ssh/sshd_config</filename>, the 3853 <literal>ConnectionsPerPeriod</literal> parameter has been 3854 deprecated in favor of 3855 <literal>MaxStartups</literal>. &merged;</para> 3856 3857 <para role="historic"><application>OpenSSH</application> now has a 3858 <literal>VersionAddendum</literal> configuration setting for 3859 &man.sshd.8; to allow changing the part of the 3860 <application>OpenSSH</application> version string after the 3861 main version number. &merged;</para> 3862 </sect4> 3863 3864 <sect4> 3865 <title>OpenSSL</title> 3866 3867 <para><application>OpenSSL</application> has been updated to 3868 0.9.6g. &merged;</para> 3869 3870 <para role="historic"><application>OpenSSL</application> now has support for 3871 machine-dependent ASM optimizations, activated by the new 3872 <varname>MACHINE_CPU</varname> and/or 3873 <varname>CPUTYPE</varname> 3874 <filename>make.conf</filename> variables. &merged;</para> 3875 </sect4> 3876 3877 <sect4> 3878 <title>sendmail</title> 3879 3880 <para><application>sendmail</application> has been updated 3881 from version 8.9.3 to version 8.12.5. Important changes 3882 include: &man.sendmail.8; is no longer installed as a 3883 set-user-ID <username>root</username> binary (now set-group-ID <groupname>smmsp</groupname>); new 3884 default file locations (see 3885 <filename>/usr/src/contrib/sendmail/cf/README</filename>); 3886 &man.newaliases.1; is limited to <username>root</username> 3887 and trusted users; STARTTLS encryption; and the MSA port 3888 (587) is turned on by default. See 3889 <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> 3890 for more information. &merged;</para> 3891 3892 <para role="historic">&man.mail.local.8; is no longer installed as a 3893 set-user-ID binary. If you are using a 3894 <filename>/etc/mail/sendmail.cf</filename> from the default 3895 <filename>sendmail.cf</filename> included with &os; any time 3896 after 3.1.0, you are fine. If you are using a 3897 hand-configured <filename>sendmail.cf</filename> and 3898 <command>mail.local</command> for delivery, check to make sure the 3899 <literal>F=S</literal> flag is set on the 3900 <literal>Mlocal</literal> line. Those with 3901 <filename>.mc</filename> files who need to add the flag can 3902 do so by adding the following line to their 3903 <filename>.mc</filename> file and regenerating the 3904 <filename>sendmail.cf</filename> file:</para> 3905 3906 <programlisting role="historic">MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting> 3907 3908 <para role="historic">Note that <literal>FEATURE(`local_lmtp')</literal> already 3909 does this. &merged;</para> 3910 3911 <para role="historic">The default <filename>/etc/mail/sendmail.cf</filename> 3912 disables the SMTP <literal>EXPN</literal> and 3913 <literal>VRFY</literal> commands. &merged;</para> 3914 3915 <para role="historic">&man.vacation.1; has been updated to use the version 3916 included with <application>sendmail</application>. &merged;</para> 3917 3918 <para role="historic">The <application>sendmail</application> configuration 3919 building tools are installed in 3920 <filename>/usr/share/sendmail/cf/</filename>. &merged;</para> 3921 3922 <para role="historic">New <filename>make.conf</filename> options: 3923 <varname>SENDMAIL_MC</varname> and 3924 <varname>SENDMAIL_ADDITIONAL_MC</varname>. See 3925 <filename>/usr/share/examples/etc/make.conf</filename> for more 3926 information. &merged;</para> 3927 3928 <para role="historic"><filename>/etc/mail/Makefile</filename> now supports: 3929 the new <varname>SENDMAIL_MC</varname> 3930 <filename>make.conf</filename> option; the ability to build 3931 <filename>.cf</filename> files from 3932 <filename>.mc</filename> files; generalized map rebuilding; 3933 rebuilding the aliases file; and the ability to stop, start, 3934 and restart 3935 <application>sendmail</application>. &merged;</para> 3936 3937 <para role="historic">The <username>smmsp</username> and 3938 <username>mailnull</username> users have been added to 3939 <filename>/etc/master.passwd</filename>. In the absence of a 3940 <literal>confDEF_USER_ID</literal> setting, by default, 3941 <application>sendmail</application> will use the 3942 <username>mailnull</username> user for extra security. 3943 Previously, if the <username>mailnull</username> user did 3944 not exist, the <username>daemon</username> user was used. 3945 This change may generate some permissions issues when 3946 mailing to files or to programs (such as <filename 3947 role="package">mail/majordomo</filename>). &merged; The 3948 previous behavior can be restored by adding the following 3949 line to a system's 3950 <filename><replaceable>*</replaceable>.mc</filename> 3951 configuration file: 3952 3953 <programlisting>define(`confDEF_USER_ID', `daemon')</programlisting> 3954 </para> 3955 3956 <para role="historic">Beginning with the import of 3957 <application>sendmail</application> 8.12.2, multiple 3958 <application>sendmail</application> daemons (some required 3959 to handle outgoing mail) are started by &man.rc.8;, even if 3960 the <varname>sendmail_enable</varname> variable is set to 3961 <literal>NO</literal>. To completely disable 3962 <application>sendmail</application>, 3963 <varname>sendmail_enable</varname> must be set to 3964 <literal>NONE</literal>. Alternatively, for systems using a 3965 different MTA, the <varname>mta_start_script</varname> variable can 3966 be used to point to a different startup script (more details 3967 can be found in &man.rc.sendmail.8;). &merged;</para> 3968 3969 <para>By default, &man.rc.8; no longer enables 3970 <application>sendmail</application> for inbound SMTP 3971 connections. Note that &man.sysinstall.8; may override this 3972 default for a binary installation, based on what security 3973 profile is selected. This functionality can also be 3974 manually enabled by adding the following line to 3975 <filename>/etc/rc.conf</filename>:</para> 3976 3977 <programlisting>sendmail_enable="YES"</programlisting> 3978 3979 <para>The permissions for <application>sendmail</application> 3980 alias and map databases built via 3981 <filename>/etc/mail/Makefile</filename> now default to mode 3982 0640 to protect against a file locking local denial of service. 3983 It can be changed by setting the new 3984 <varname>SENDMAIL_MAP_PERMS</varname> 3985 <filename>make.conf</filename> option. &merged;</para> 3986 3987 <para>The permissions for the <application>sendmail</application> 3988 statistics file, <filename>/var/log/sendmail.st</filename>, have 3989 been changed from mode 0644 to mode 0640 to protect against 3990 a file locking local denial of service. &merged;</para> 3991 3992 </sect4> 3993 </sect3> 3994 3995 <sect3> 3996 <title>Ports/Packages Collection Infrastructure</title> 3997 3998 <para><application>BSDPAN</application>, a collection of modules 3999 that provides tighter integration of 4000 <application>Perl</application> into the &os; Ports 4001 Collection, has been added.</para> 4002 4003 <para role="historic">&man.pkg.create.1; and &man.pkg.add.1; can now work with 4004 packages that have been compressed using 4005 &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT 4006 environment variable to determine a mirror site for new 4007 packages. &merged;</para> 4008 4009 <para role="historic">&man.pkg.create.1; now records dependencies in dependency 4010 order rather than in the order specified on the command line. 4011 This improves the functioning of <command>pkg_add 4012 -r</command>. &merged;</para> 4013 4014 <para role="historic">&man.pkg.create.1; now supports a <option>-b</option> to 4015 create a package file from a locally-installed 4016 package. &merged;</para> 4017 4018 <para role="historic">When requested to delete multiple packages, 4019 &man.pkg.delete.1; will now attempt to remove them in 4020 dependency order rather than the order specified on the 4021 command line. &merged;</para> 4022 4023 <para role="historic">&man.pkg.delete.1; now can perform glob/regexp matching of 4024 package names. In addition, it supports a <option>-a</option> 4025 option for removing all packages and a <option>-i</option> 4026 option for &man.rm.1;-style interactive 4027 confirmation. &merged;</para> 4028 4029 <para role="historic">&man.pkg.delete.1; now supports a <option>-r</option> 4030 option for recursive package removal. &merged;</para> 4031 4032 <para role="historic">&man.pkg.info.1; now supports globbing against names of 4033 installed packages. The <option>-G</option> option disables 4034 this behavior, and the <option>-x</option> option causes 4035 regular expression matching instead of shell 4036 globbing. &merged;</para> 4037 4038 <para role="historic">&man.pkg.info.1; can now accept a <option>-g</option> flag 4039 for verifying an installed package against its recorded 4040 checksums (to see if it's been modified post-installation). 4041 Naturally, this mechanism is only as secure as the contents of 4042 <filename>/var/db/pkg</filename> if it's to be used for auditing 4043 purposes. &merged;</para> 4044 4045 <para role="historic">&man.pkg.sign.1; and &man.pkg.check.1; have been added to 4046 digitally sign and verify the signatures on binary package 4047 files. &merged;</para> 4048 4049 <para>For some time, &os; 5.0-CURRENT (as well as some 4.X 4050 releases) included a pkg_update(1) utility to update installed 4051 packages, as well as their dependencies. This utility has 4052 been removed; a superset of its functionality can be found in 4053 the <filename role="package">sysutils/portupgrade</filename> 4054 port.</para> 4055 4056 <para role="historic">&man.pkg.version.1; now has a version number comparison 4057 routine that corresponds to the Porters Handbook. It also has 4058 a <option>-t</option> option for testing address comparisons. 4059 &merged;</para> 4060 4061 <para role="historic">&man.pkg.version.1; now takes a <option>-s</option> flag 4062 to limit its operation to ports/packages matching a given 4063 string. &merged;</para> 4064 4065 <para>&man.pkg.version.1;, formerly a Perl script, has been 4066 rewritten in C.</para> 4067 4068 <para role="historic">Version numbers of installed packages have a new 4069 (backward-compatible) syntax, which supports the 4070 <varname>PORTREVISION</varname> and 4071 <varname>PORTEPOCH</varname> variables in Ports Collection 4072 <filename>Makefile</filename>s. These changes help keep track 4073 of changes in the ports collection entries such as security 4074 patches or &os;-specific updates, which aren't reflected in 4075 the original, third-party software distributions. 4076 &man.pkg.version.1; can now compare these new-style version 4077 numbers. &merged;</para> 4078 4079 <para role="historic">To improve performance and disk utilization, the 4080 <quote>ports skeletons</quote> in the &os; Ports Collection 4081 have been restructured. Installed ports and packages should 4082 not be affected. &merged;</para> 4083 4084 <para role="historic">All packages and ports now contain an 4085 <quote>origin</quote> directive, which makes it easier for 4086 programs such as &man.pkg.version.1; to determine the 4087 directory from which a package was built. &merged;</para> 4088 4089 <para role="historic">The Ports Collection infrastructure now uses 4090 <application>XFree86</application> 4.2.0 as the default version 4091 of the X Window System for the purposes of satisfying 4092 dependencies. To return to using 4093 <application>XFree86</application> 3.3.6, add the following line 4094 to <filename>/etc/make.conf</filename>: &merged;</para> 4095 4096 <programlisting role="historic">XFREE86_VERSION=3</programlisting> 4097 4098 <para>The libraries installed by the <filename 4099 role="package">emulators/linux_base</filename> port (required 4100 for Linux emulation) have been updated; they now correspond to 4101 those included with <application>Red Hat Linux</application> 4102 7.1.</para> 4103 </sect3> 4104 </sect2> 4105 4106 <sect2> 4107 <title>Release Engineering and Integration</title> 4108 4109 <para>The <filename>bin</filename> distribution has been renamed 4110 <filename>base</filename>, in order to make creation of combined 4111 install/recovery disks easier.</para> 4112 4113 <para arch="i386">ISO images and CDROMs now use the 4114 <filename>cdboot</filename> boot loader by default. This 4115 eliminates the need for an emulated floppy disk image on 4116 a bootable CDROM and allows for a full 4117 <filename>GENERIC</filename> kernel to be used for CDROM 4118 installations, at the expense of compatability with some old 4119 BIOSs.</para> 4120 4121 <para arch="i386,pc98,alpha" role="historic"><application>XFree86</application> 4.2.0 4122 is now the default version of the X Window System supported by 4123 &man.sysinstall.8;. It installs 4124 <application>XFree86</application> as a set of standard binary 4125 packages, so the usual package utilities such as 4126 &man.pkg.info.1; can be used to examine/manipulate its 4127 components. &merged;</para> 4128 4129 <para>It is now possible to make releases of &os; 4130 5-CURRENT on a &os; 4-STABLE host and vice versa. Cross-architecture 4131 (building a release for a target architecture on a host of a 4132 different architecture) releases are also possible. See 4133 &man.release.7; for details. &merged;</para> 4134 4135 <para>A third <filename>drivers.flp</filename> floppy has been 4136 added to floppy releases. It holds loadable modules 4137 containing drivers that do not fit in the kernel on the 4138 <filename>kern.flp</filename> disk or in the 4139 <filename>mfsroot.flp</filename> image.</para> 4140 </sect2> 4141 4142 <sect2> 4143 <title>Documentation</title> 4144 4145 <para>A number of formerly-encumbered documents from the 4.4 BSD 4146 Programmer's Supplementary Documents have been restored to 4147 <filename>/usr/share/doc/psd</filename>. These include:</para> 4148 4149 <itemizedlist> 4150 <listitem> 4151 <para><emphasis>The UNIX Time-Sharing System</emphasis> 4152 (<filename>01.cacm</filename>)</para> 4153 </listitem> 4154 4155 <listitem> 4156 <para><emphasis>UNIX Implementation</emphasis> 4157 (<filename>02.implement</filename>)</para> 4158 </listitem> 4159 4160 <listitem> 4161 <para><emphasis>The UNIX I/O System</emphasis> 4162 (<filename>03.iosys</filename>)</para> 4163 </listitem> 4164 4165 <listitem> 4166 <para><emphasis>UNIX Programming — Second Edition</emphasis> 4167 (<filename>04.uprog</filename>)</para> 4168 </listitem> 4169 4170 <listitem> 4171 <para><emphasis>The C Programming Language — Reference Manual</emphasis> 4172 (<filename>06.Clang</filename>)</para> 4173 </listitem> 4174 4175 <listitem> 4176 <para><emphasis>Yacc: Yet Another Compiler-Compiler</emphasis> 4177 (<filename>15.yacc</filename>)</para> 4178 </listitem> 4179 4180 <listitem> 4181 <para><emphasis>Lex — A Lexical Analyzer Generator</emphasis> 4182 (<filename>16.lex</filename>)</para> 4183 </listitem> 4184 4185 <listitem> 4186 <para><emphasis>The M4 Macro Processor</emphasis> 4187 (<filename>17.m4</filename>)</para> 4188 </listitem> 4189 </itemizedlist> 4190 4191 <para>Several formerly-encumbered documents from the 4.4 BSD 4192 User's Supplementary Documents have been restored to 4193 <filename>/usr/share/doc/usd</filename>. They include:</para> 4194 4195 <itemizedlist> 4196 <listitem> 4197 <para><emphasis>NROFF/TROFF User's Manual</emphasis> 4198 (<filename>21.troff</filename>)</para> 4199 </listitem> 4200 4201 <listitem> 4202 <para><emphasis>A TROFF Tutorial</emphasis> 4203 (<filename>22.trofftut</filename>)</para> 4204 </listitem> 4205 </itemizedlist> 4206 </sect2> 4207 4208</sect1> 4209 4210<sect1> 4211 <title>Upgrading from previous releases of &os;</title> 4212 4213 <para>If you're upgrading from a previous release of &os;, you 4214 generally will have three options: 4215 4216 <itemizedlist> 4217 <listitem> 4218 <para>Using the binary upgrade option of &man.sysinstall.8;. 4219 This option is perhaps the quickest, although it presumes 4220 that your installation of &os; uses no special compilation 4221 options.</para> 4222 </listitem> 4223 <listitem> 4224 <para>Performing a complete reinstall of &os;. Technically, 4225 this is not an upgrading method, and in any case is usually less 4226 convenient than a binary upgrade, in that it requires you to 4227 manually backup and restore the contents of 4228 <filename>/etc</filename>. However, it may be useful in 4229 cases where you want (or need) to change the partitioning of 4230 your disks. 4231 </listitem> 4232 <listitem> 4233 <para>From source code in <filename>/usr/src</filename>. This 4234 route is more flexible, but requires more disk space, time, 4235 and technical expertise. More information can be found 4236 in the <ulink 4237 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html"><quote>Using 4238 <command>make world</command></quote></ulink> section of the <ulink 4239 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 4240 Handbook</ulink>. Upgrading from very old 4241 versions of &os; may be problematic; in cases like this, it 4242 is usually more effective to perform a binary upgrade or a 4243 complete reinstall.</para> 4244 </listitem> 4245 </itemizedlist> 4246 </para> 4247 4248 <para>Please read the <filename>INSTALL.TXT</filename> file for more 4249 information, preferably <emphasis>before</emphasis> beginning an 4250 upgrade. If you are upgrading from source, please be sure to read 4251 <filename>/usr/src/UPDATING</filename> as well.</para> 4252 4253 <para>Finally, if you want to use one of various means to track the 4254 -STABLE or -CURRENT branches of &os;, please be sure to consult 4255 the <ulink 4256 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html"><quote>-CURRENT 4257 vs. -STABLE</quote></ulink> section of the <ulink 4258 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 4259 Handbook</ulink>.</para> 4260 4261 <important> 4262 <para>Upgrading &os; should, of course, only be attempted after 4263 backing up <emphasis>all</emphasis> data and configuration 4264 files.</para> 4265 </important> 4266</sect1> 4267