article.xml revision 105412
1<articleinfo> 2 <title>&os;/&arch; &release.current; Release Notes</title> 3 4 <corpauthor>The FreeBSD Project</corpauthor> 5 6 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 105412 2002-10-18 19:05:47Z bmah $</pubdate> 7 8 <copyright> 9 <year>2000</year> 10 <year>2001</year> 11 <year>2002</year> 12 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 13 </copyright> 14 15 <abstract> 16 <para>The release notes for &os; &release.current; contain a summary 17 of 18<![ %include.historic; [ 19 the changes made to the &os; base system since &release.prev;. 20]]> 21<![ %no.include.historic; [ 22 recent changes made to the &os; base system on the &release.branch; 23 development branch. 24]]> 25 Both changes for kernel and userland are listed, as well as 26 applicable security advisories that were issued since the last 27 release. Some brief remarks on upgrading are also presented.</para> 28 </abstract> 29</articleinfo> 30 31<sect1> 32 <title>Introduction</title> 33 34 <para>This document contains the release notes for &os; 35 &release.current; on the &arch.print; hardware platform. It 36 describes recently added, changed, or deleted features of &os;. 37 It also provides some notes on upgrading 38 from previous versions of &os;.</para> 39 40<![ %release.type.snapshot [ 41 42 <para>The &release.type; distribution to which these release notes 43 apply represents a point along the &release.branch; development 44 branch between &release.prev; and the future &release.next;. Some 45 pre-built, binary &release.type; distributions along this branch 46 can be found at <ulink url="&release.url;"></ulink>.</para> 47 48]]> 49 50<![ %release.type.release [ 51 52 <para>This distribution of &os; &release.current; is a 53 &release.type; distribution. It can be found at <ulink 54 url="&release.url;"></ulink> or any of its mirrors. More 55 information on obtaining this (or other) &release.type; 56 distributions of &os; can be found in the <ulink 57 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining 58 FreeBSD</quote> appendix</ulink> to the <ulink 59 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 60 Handbook</ulink>.</para> 61 62]]> 63</sect1> 64 65<sect1> 66 <title>What's New</title> 67 68 <para>This section describes 69<![ %include.historic; [ 70 the most user-visible new or changed features in &os; 71 since &release.prev;. 72 In general, changes described here are unique to the &release.branch; 73 branch unless specifically marked as &merged; features. 74]]> 75<![ %no.include.historic; [ 76 many of the user-visible new or changed features in &os; 77 since &release.prev;. It includes items that are unique to the 78 &release.branch; branch, as well as some features that may have been 79 recently merged to 80 other branches (after &os; &release.prev.historic;). The later 81 items are marked as &merged;. 82]]> 83 </para> 84 85 <para>Typical release note items 86 document new drivers or hardware support, new commands or options, 87 major bugfixes, or contributed software upgrades. Applicable security 88 advisories issued after &release.prev; are also listed.</para> 89 90 <para>Many additional changes were made to &os; that are not listed 91 here for lack of space. For example, documentation was corrected 92 and improved, minor bugs were fixed, insecure coding practices 93 were audited and corrected, and source code was cleaned up.</para> 94 95 <sect2 id="kernel"> 96 <title>Kernel Changes</title> 97 98 <para arch="i386">Execution of &man.a.out.5; format executables now 99 requires the <literal>COMPAT_AOUT</literal> option in the kernel 100 configuration or the loading of the <filename>aout.ko</filename> 101 kernel module.</para> 102 103 <para>&man.acct.2; has been changed to open the accounting file in 104 append mode, so that &man.accton.8; can be used to enable 105 accounting to an append-only file. &merged;</para> 106 107 <para arch="i386" role="historic">The &man.amdpm.4; driver has been added to 108 provide access to the system monitoring functions of the AMD 756 109 chipset. &merged;</para> 110 111 <para role="historic">The &man.agp.4; driver for AGP devices has been 112 added. &merged;</para> 113 114 <para>A new in-kernel cryptographic framework (see &man.crypto.4; 115 and &man.crypto.9;) has been imported from OpenBSD. It provides 116 a consistent interface to hardware and software implementations 117 of cryptographic algorithms for use by the kernel and access to 118 cryptographic hardware for user-mode applications. 119 Hardware device drivers are provided to support hifn-based cards 120 (&man.hifn.4;) and Broadcom-based cards (&man.ubsec.4;).</para> 121 122 <para>A new &man.ddb.4; command <command>show pcpu</command> lists 123 some of the per-CPU data.</para> 124 125 <para role="historic">Two new &man.ddb.4; commands, <command>hwatch</command> and 126 <command>dhwatch</command>, have been introduced. Analogous to 127 <command>watch</command> and <command>dwatch</command>, they 128 install hardware watchpoints (as opposed to software 129 watchpoints) if supported by the architecture. &merged;</para> 130 131 <para>&man.devfs.5;, which allows entries in the 132 <filename>/dev</filename> directory to be built automatically 133 and supports more flexible attachment of devices, has been 134 largely reworked. &man.devfs.5; is now enabled by default and 135 can be disabled by the <literal>NODEVFS</literal> kernel 136 option.</para> 137 138 <para>The &man.devfs.5; <quote>rule</quote> subsystem has been introduced. DEVFS rules 139 permit the administrator to define certain properties of new device 140 nodes before they become visible to the userland. Both static (e.g. 141 <filename>/dev/speaker</filename>) and dynamic (e.g. 142 <filename>/dev/bpf*</filename>, some removable devices) nodes are 143 supported. Each &man.devfs.5; mount may have a different ruleset assigned to 144 it, permitting different policies to be implemented for things like 145 jails. Rules and rulesets are manipulated with the &man.devfs.8; 146 utility.</para> 147 148 <para>The dgm driver has been removed in favor of the digi driver.</para> 149 150 <para>A new digi driver has been added to support PCI Xr-based and 151 ISA Xem Digiboard cards. A new &man.digictl.8; program is 152 (mainly) used to re-initialize cards that have external port 153 modules attached such as the PC/Xem.</para> 154 155 <para>An &man.eaccess.2; system call has been added, similar to 156 &man.access.2; except that the former uses effective credentials 157 rather than real credentials.</para> 158 159 <para arch="sparc64">Support has been added for EBus-based 160 devices.</para> 161 162 <para arch="i386,pc98,powerpc">Initial support has been added for 163 Firewire devices (see &man.firewire.4;).</para> 164 165 <para arch="i386" role="historic">The &man.ichsmb.4; driver for the Intel 82801AA 166 (ICH) SMBus controller and compatibles has been 167 added. &merged;</para> 168 169 <para>Each &man.jail.2; environment can now run under its own 170 securelevel.</para> 171 172 <para>The tunable sysctl variables for &man.jail.2; have moved 173 from <varname>jail.*</varname> to the 174 <varname>security.*</varname> hierarchy. Other security-related 175 sysctl variables have moved from <varname>kern.security.*</varname> to 176 <varname>security.*</varname>.</para> 177 178 <para role="historic">The <varname>kern.maxvnodes</varname> limit now properly 179 limits the number of vnodes in use. Previously only vnodes with 180 no cached pages could be freed; this could allow the number of 181 vnodes to grow without limit on large-memory machines accessing 182 many small files. A <literal>vnlru</literal> kernel thread 183 helps to flush and reuse vnodes. &merged;</para> 184 185 <para role="historic">The kernel message buffer is now accessible by the 186 (machine-independent) <varname>kern.msgbuf</varname> sysctl 187 variable; &man.dmesg.8; no longer needs to be SGID 188 <groupname>kmem</groupname>. &merged;</para> 189 190 <para>The kernel environment is now dynamic, and can be changed 191 via the new &man.kenv.2; system call.</para> 192 193 <para role="historic">The &man.kqueue.2; event notification facility was added to 194 the &os; kernel. This is a new interface which is able to 195 replace &man.poll.2;/&man.select.2;, offering improved 196 performance, as well as the ability to report many different 197 types of events. Support for monitoring changes in sockets, 198 pipes, fifos, and files are present, as well as for signals and 199 processes. &merged;</para> 200 201 <para arch="i386,pc98" role="historic">A new <varname>KVA_SPACE</varname> kernel option 202 can be used to reconfigure the size of the kernel virtual 203 address space. &merged;</para> 204 205 <para>The labpc(4) driver has been removed due to 206 <quote>bitrot</quote>.</para> 207 208 <para>The loader and kernel linker now look for files named 209 <filename>linker.hints</filename> in each directory with KLDs 210 for a module name and version to KLD filename mapping. The new 211 &man.kldxref.8; utility is used to generate these files.</para> 212 213 <para role="historic">Linux emulation now supports the kernel functionality 214 required by the 215 <filename role="package">emulators/linux_base</filename> 216 (RedHat 7.X emulation) port. &merged;</para> 217 218 <para role="historic">Linux emulation now requires <literal>options 219 SYSVSEM</literal> in the kernel configuration. &merged;</para> 220 221 <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control 222 security facility, has been added as a kernel module. It 223 provides a drop-in security mechanism in addition to the 224 traditional UID-based security facilities, requiring no 225 additional configuration from the administrator. Work on this 226 feature was sponsored by DARPA and NAI Labs.</para> 227 228 <para>&os; now supports an extensible Mandatory Access Control 229 framework, the TrustedBSD MAC Framework. It permits loadable 230 kernel modules to link to the kernel at compile-time, boot-time, 231 or run-time, and augment the system security policy. The 232 framework permits modules to express interest in a variety 233 of events, and also provides common security policy services 234 such as label storage. A variety of sample policy modules are 235 shipped in this release, including implementations of fixed 236 and floating label Biba integrity models, Multi-Level Security 237 (MLS) with compartments, and a number of augmented UNIX security 238 models including a file system firewall. This feature will 239 permit easier development and maintenance of local and vendor 240 security extensions. The extensibility service is enabled 241 by adding <literal>options MAC</literal> to the kernel 242 configuration. 243 244 <note> 245 <para>The MAC framework is considered an experimental 246 feature in this release, and is not enabled by default</para> 247 </note> 248 </para> 249 250 <para arch="ia64">Machine Check Architecture (MCA) records are now 251 collected at boot time and made available through the 252 <varname>hw.mca.*</varname> sysctl variables.</para> 253 254 <para role="historic">The <varname>maxusers</varname> kernel configuration 255 parameter is now a boot-time tunable variable. The kernel 256 parameters derived from <varname>maxusers</varname> are now also 257 tunables and can be overridden at boot-time. The 258 <varname>hz</varname> parameter is also now a 259 tunable. &merged;</para> 260 261 <para role="historic">Specifying a value of <literal>0</literal> for the 262 <varname>maxusers</varname> kernel configuration parameter will 263 now cause an appropriate value to be calculated at boot-time 264 (between 32 and 384, depending on the amount of memory present). 265 This value is now the default for all 266 <filename>GENERIC</filename> kernels. &merged;</para> 267 268 <para arch="alpha" role="historic">A <varname>MAXMEM</varname> kernel option, 269 along with the <varname>hw.physmem</varname> loader tunable, can 270 be used to artificially reduce the memory size of a machine for 271 testing (or other purposes). &merged;</para> 272 273 <para role="historic">The kernel configuration parameters 274 <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>, 275 <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>, 276 <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are 277 all loader tunables (<varname>kern.maxtsiz</varname>, 278 <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para> 279 280 <para>&man.mutex.9; profiling code has been added, enabled by the 281 <literal>MUTEX_PROFILING</literal> kernel configuration option. 282 It enables the <varname>debug.mutex.prof.*</varname> hierarchy 283 of sysctl variables.</para> 284 285 <para arch="i386,pc98" role="historic">The <literal>NCPU</literal>, 286 <literal>NAPIC</literal>, <literal>NBUS</literal>, and 287 <literal>NINTR</literal> kernel configuration options, 288 for configuring SMP kernels, have been removed. 289 <literal>NCPU</literal> is now set to a maximum of 16, 290 and the other, aforementioned options are now 291 dynamic. &merged;</para> 292 293 <para role="historic">A &man.nmdm.4; null-modem terminal driver has been added. 294 &merged;</para> 295 296 <para role="historic">The <literal>O_DIRECT</literal> flag has been added to 297 &man.open.2; and &man.fcntl.2;. Specifying this flag for open 298 files will attempt to minimize the cache effects of reading and 299 writing. &merged;</para> 300 301 <para role="historic">An &man.orm.4; device has been added to claim the option 302 ROMs in the ISA memory I/O space, to prevent other drivers from 303 mistakenly assigning addresses that conflict with these 304 ROMs. &merged;</para> 305 306 <para arch="i386,pc98">PECOFF (Win32 Execution file format) support has 307 been added.</para> 308 309 <para arch="pc98" role="historic">The pmc driver, which supports the power 310 management controller of the NEC PC-98NOTE, has been 311 added. &merged;</para> 312 313 <para role="historic">POSIX.1b Shared Memory Objects are now supported. The 314 implementation uses regular files, but automatically enables the 315 MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para> 316 317 <para role="historic">Replaced the <literal>PQ_*CACHE</literal> options with a 318 single <literal>PQ_CACHESIZE</literal> option to be set to the 319 cache size in kilobytes. The old options are still supported 320 for backwards compatibility. &merged;</para> 321 322 <para arch="i386" role="historic">The &man.puc.4; (PCI <quote>Universal</quote> 323 Communications) driver has been added, to help connect PCI-based 324 serial ports to the &man.sio.4; driver. &merged;</para> 325 326 <para>The &man.random.4; device has been rewritten to use the 327 <application>Yarrow</application> algorithm. It harvests 328 entropy from a variety of interrupt sources, including the 329 console devices, Ethernet and point-to-point network interfaces, 330 and mass-storage devices. Entropy from the &man.random.4; 331 device is now periodically saved to files in 332 <filename>/var/db/entropy</filename>, as well as at shutdown 333 time. The semantics of <filename>/dev/random</filename> have 334 changed; it never blocks waiting for entropy bits but generates 335 a stream of pseudo-random data and now behaves exactly as 336 <filename>/dev/urandom</filename>.</para> 337 338 <para>A new kernel option, <literal>options REGRESSION</literal>, 339 enables interfaces and functionality intended for use during 340 correctness and regression testing.</para> 341 342 <para><literal>RLIMIT_VMEM</literal> support has been added. This 343 feature defines a new resource limit that covers a process's 344 entire virtual memory space, including &man.mmap.2; space. This 345 limit can be configured in &man.login.conf.5; via the new 346 <varname>vmemoryuse</varname> variable. &merged;</para> 347 348 <para arch="sparc64">Support has been added for SBus-based 349 devices.</para> 350 351 <para arch="sparc64">The se driver, which supports the Siemens 352 SAB82532 serial chip found on many newer Sparc Ultra machines, 353 has been added.</para> 354 355 <para>A bug in the &man.sendfile.2; system call, in which headers 356 counted against the size of the file to be sent, has been 357 fixed. &merged;</para> 358 359 <para role="historic">The &man.snp.4; device is no longer static and can now be 360 compiled as a module. &merged;</para> 361 362 <para arch="i386" role="historic">The &man.spic.4; driver, which provides access 363 to the Jog Dial device on some Sony laptops, has been 364 added. &man.moused.8; support for this device has also been 365 added. &merged;</para> 366 367 <para>The &man.syscons.4; driver now supports keyboard-controlled 368 pasting, by default bound to 369 <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para> 370 371 <para role="historic">Support for USB devices was added to the 372 <filename>GENERIC</filename> kernel and to the installation 373 programs to support USB devices out of the box. Note that SRM 374 does not support USB devices at the moment, so you must still 375 use an AT keyboard if you are not using a serial 376 console. &merged;</para> 377 378 <para>The uaudio driver, for USB audio devices, has been 379 added. &merged;</para> 380 381 <para arch="i386">The ubsa driver has been added to support 382 the Belkin F5U103 (and compatible) USB-to-serial adaptors.</para> 383 384 <para arch="i386,pc98" role="historic">The &man.umodem.4; driver for USB modems 385 has been added. Support is provided for the 3Com 5605 and 386 Metricom Ricochet GS wireless USB modems. &merged;</para> 387 388 <para arch="i386,pc98" role="historic">The &man.uscanner.4; driver for basic USB 389 scanner support using SANE has been added. See <ulink 390 url="http://www.mostang.com/sane/">the SANE home page</ulink> 391 for supported scanners. The HP ScanJet 4100C, 5200C and 6300C 392 are known to be working. &merged;</para> 393 394 <para>The &man.ucom.4; device driver has been added, to support USB 395 modems, serial devices, and other programs that need to look 396 like a tty. The related &man.uplcom.4; and &man.uvscom.4; drivers provide specific 397 support for the Prolific PL-2303 serial adapter and the SUNTAC 398 Slipper U VS-10U, respectively. &merged;</para> 399 400 <para>To increase security, the <literal>UCONSOLE</literal> kernel 401 configuration option has been removed.</para> 402 403 <para arch="i386,pc98">The UserConfig boot-time kernel configuration 404 feature, usually used to enable, disable, or configure ISA 405 devices, has been removed. Its functionality has been replaced 406 by the kernel hints file in 407 <filename>/boot/device.hints</filename>.</para> 408 409 <para>The <literal>USER_LDT</literal> kernel option is now 410 activated by default.</para> 411 412 <para>The &man.uvisor.4; driver for connecting Handspring Visors via USB 413 has been added. &merged;</para> 414 415 <para>A VESA S3 linear framebuffer driver has been added.</para> 416 417 <para arch="i386" role="historic">The &man.viapm.4; driver for VIA SMBus 418 power management controllers has been added. &merged;</para> 419 420 <!-- Above this line, sort kernel changes by manpage/keyword--> 421 422 <para role="historic">Write combining for crashdumps has been implemented. This 423 feature is useful when write caching is disabled on both SCSI 424 and IDE disks, where large memory dumps could take up to an hour 425 to complete. &merged;</para> 426 427 <para>The kernel crashdump infrastructure has been revised, to 428 support new platforms and in general clean up the logic in the 429 code. One implication of this change is that the on-disk format 430 for kernel dumps has changed, and is now 431 byte-order-agnostic.</para> 432 433 <para>Extremely large swap areas (>67 GB) no longer panic the 434 system.</para> 435 436 <para arch="alpha">Support for threads under Linux emulation has 437 been added.</para> 438 439 <para role="historic">The <maketarget>buildkernel</maketarget> target now gets the 440 name of the configuration(s) to build from the 441 <varname>KERNCONF</varname> variable, not 442 <varname>KERNEL</varname>. It is no longer required, in some 443 cases, for a <maketarget>buildworld</maketarget> to precede a 444 <maketarget>buildkernel</maketarget>. (The 445 <maketarget>buildworld</maketarget> is still required when 446 upgrading across major releases, across 447 <application>binutil</application> updates and when 448 &man.config.8; changes version.) &merged;</para> 449 450 <para role="historic">The out-of-swap process termination code now begins killing 451 processes earlier to avoid deadlocks; it now also takes into 452 account the swap space used by processes when computing the 453 process sizes. &merged;</para> 454 455 <para>Linker sets are now self-contained; gensetdefs(8) is 456 unnecessary and has been removed.</para> 457 458 <para role="historic">Network device cloning has been implemented, and the 459 &man.gif.4; device has been modified to take advantage of it. 460 Thus, instead of specifying how many &man.gif.4; interfaces are 461 available in kernel configuration files, &man.ifconfig.8;'s 462 <option>create</option> option should be used when another device 463 instance is desired. &merged;</para> 464 465 <para>It is now possible to hardwire kernel environment variables 466 (such as tuneables) at compile-time using &man.config.8;'s 467 <literal>ENV</literal> directive.</para> 468 469 <para>Idle zeroing of pages can be enabled with the 470 <varname>vm.idlezero_enable</varname> sysctl variable.</para> 471 472 <para arch="i386,pc98" role="historic">The load addresses of kernels are now exported 473 to the symbol table and various hard-coded constants have been 474 removed so that utilities such as &man.ps.1; can work with 475 kernels compiled at different addresses. &merged;</para> 476 477 <para role="historic">Coredumps of large processes (or of a large number of 478 processes) no longer lock up the machine for long periods of 479 time. &merged;</para> 480 481 <para>The &os; kernel scheduler now supports Kernel-Scheduled 482 Entities (KSEs), which provides support for multiple threads of 483 execution per process similar to Scheduler Activations. At this 484 point, the kernel has most of the changes needed to support 485 threading. The kernel scheduler can schedule multiple threads per 486 process, but only on a single CPU at a time. More information 487 can be found in &man.kse.2;. 488 489 <note> 490 <para>KSE is a work in progress.</para> 491 </note> 492 493 </para> 494 495 <para>The kernel now has support for multiple low-level console 496 devices. The new &man.conscontrol.8; utility helps to manage 497 the different consoles.</para> 498 499 <para arch="alpha">The console driver has gained support for 500 TGA-based display adapters.</para> 501 502 <para role="historic">The kernel on the installation CDs is now separated from the 503 <filename>mfsroot</filename> image. This permits the use of a 504 full kernel when installing from CD on machines that support CD 505 booting (instead of the stripped-down kernel used on 506 floppies). &merged;</para> 507 508 <para role="historic">The system load average computation now adds some jitter to 509 the timing of samples, in order to avoid synchronization with 510 processes that run periodically. &merged;</para> 511 512 <para role="historic">If a debugging kernel with modules is being built 513 (i.e. using <literal>makeoptions DEBUG=-g</literal>), the 514 modules will now be built with debugging support as well, for 515 completeness. A side effect of this change is that modules 516 built and installed with debugging kernels will now occupy more 517 space on disk than they did previously. &merged;</para> 518 519 <para role="historic">The kernel dump device can now be set via the 520 <varname>dumpdev</varname> loader tunable. As a result, it is 521 now possible to obtain crash dumps from panics during the late 522 stages of kernel initialization (before the system enters into 523 single-user mode). &merged;</para> 524 525 <para>The kernel memory allocator is now a slab memory allocator, 526 similar to that used in Solaris. This is a SMP-safe memory 527 allocator that has near-linear performance as the number of CPUs 528 increases. It also allows for reduced memory 529 fragmentation.</para> 530 531 <sect3> 532 <title>Processor/Motherboard Support</title> 533 534 <para>SMP support has been largely reworked, incorporating code 535 from BSD/OS 5.0. One of the main features of SMPng 536 (<quote>SMP Next Generation</quote>) is to allow more 537 processes to run in kernel, without the need for spin locks 538 that can dramatically reduce the efficiency of multiple 539 processors. Interrupt handlers now have contexts associated 540 with them that allow them to be blocked, which reduces the 541 need to lock out interrupts.</para> 542 543 <para arch="i386,pc98">Support for the 80386 processor has been 544 removed from the <filename>GENERIC</filename> kernel, as this 545 code seriously pessimizes performance on other IA32 546 processors. 547 The <literal>I386_CPU</literal> kernel option 548 to support the 80386 processor is now mutually exclusive with 549 support for other IA32 processors; this should slightly 550 improve performance on the 80386 due to the elimination of 551 runtime processor type checks. 552 Custom kernels that will run on the 80386 can 553 still be built by changing the cpu options in the kernel 554 configuration file to only include 555 <literal>I386_CPU</literal>.</para> 556 557 <para arch="alpha" role="historic">AlphaServer 1200 (<quote>Tincup</quote>) has 558 been tested and works OK. Currently it does not want to boot 559 from CD or floppy but a transplanted disk that was installed 560 on another Alpha works well. &merged;</para> 561 562 <para arch="alpha">The API UP1100 mainboard has been verified to 563 work.</para> 564 565 <para arch="alpha">The API CS20 1U high server has been verified 566 to work.</para> 567 568 <para arch="alpha">Support for AlphaServer 2100A 569 (<quote>Lynx</quote>) has been added.</para> 570 571 <para arch="alpha">Kernel code has been added that allows older 572 generation Alpha CPUs (EV4 and EV5) to emulate instructions of 573 the newer Alpha CPU generations. This enables the use of 574 binary-only programs like <application>Adobe Acrobat 575 4</application> on EV4 and EV5.</para> 576 577 <para arch="alpha">SMP support for the Alpha is now operational.</para> 578 579 <para arch="i386" role="historic">Detection for new processors, such as the 580 FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and 581 Transmeta Crusoe LongRun, has been added. &merged;</para> 582 583 <para arch="alpha">Support for the following hardware has been 584 removed from the installation kernel to make it fit on a 585 1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine, 586 sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595), 587 pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS 588 900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb 589 (Winbond W89C840F).</para> 590 591 <para arch="i386" role="historic">Support for Streaming <acronym>SIMD</acronym> 592 Extensions (<acronym>SSE</acronym>) has been introduced. The 593 <literal>CPU_ENABLE_SSE</literal> kernel option controls 594 whether support is compiled into the kernel. &merged;</para> 595 596 <para arch="i386" role="historic">The <literal>CPU_ATHLON_SSE_HACK</literal> 597 kernel option has been added, which attempts to enable the SSE 598 feature bit on newer Athlon CPUs if the BIOS has forgotten to 599 enable it. &merged;</para> 600 601 <para arch="sparc64">The UltraSPARC platform is now supported by 602 &os;. The following machines are supported to at least some 603 degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade 604 100. SMP is supported, and has been tested on the 605 Ultra 2, Ultra 60, Enterprise 220R, and 606 Enterprise 420R.</para> 607 608 <para arch="i386">On some systems, the BIOS does not activate 609 the I/O ports and memory of PC devices, thus making them 610 unusable. The <varname>hw.pci.enable_io_modes</varname> 611 sysctl/boot loader variable (which defaults to 612 <literal>1</literal>, for <quote>enabled</quote>) 613 forces &os; to enable these devices so that they can be 614 used.</para> 615 616 <para arch="alpha">Support for TurboChannel Alphas has been 617 removed.</para> 618 619 <para arch="i386">Support for the AMD Élan SC520 has been 620 added; this requires the <literal>CPU_ELAN</literal> option in 621 the kernel configuration file. &merged;</para> 622 623 </sect3> 624 625 <sect3> 626 <title>Bootloader Changes</title> 627 628 <para arch="i386" role="historic"><filename>boot2</filename> now supports a 629 <option>-n</option> option to disallow boot interruption by 630 keypresses. &merged;</para> 631 632 <para arch="i386" role="historic">A new <filename>cdboot</filename> bootstrap 633 utility for CDROMs provides better compatability with some 634 BIOS implementations that do not completely implement the El 635 Torito bootable CDROM standard. This boot loader supports 636 <quote>no emulation</quote> mode booting, thus eliminating the 637 need for an emulated floppy disk image on a bootable 638 CDROM. &merged;</para> 639 640 <para arch="i386,pc98" role="historic">The i386 boot loader now has support for a 641 <literal>nullconsole</literal> console type, for use on 642 systems with neither a video console nor a serial 643 port. &merged;</para> 644 645 <para arch="i386,pc98" role="historic">The &man.loader.8; now has optional support 646 (enabled at compile-time, off by default) for loading 647 <application>bzip2</application>-compressed kernels and 648 modules. &merged;</para> 649 650 <para arch="i386" role="historic">Support for Intel's Wired for Management 2.0 651 (PXE) was added to the &os; boot loader. Due to API 652 differences, the older PXE versions are not supported. This 653 allow network booting using DHCP. &merged;</para> 654 655 <!-- Above this line, order bootloader changes by keyword--> 656 657 <para arch="i386" role="historic">The &os; boot loader now contains a workaround 658 to support CDROM booting on certain IBM BIOSs that expect the 659 first sector of the emulated floppy to contain a valid MS-DOS 660 BPB that they can modify. &merged;</para> 661 662 <para arch="i386,pc98" role="historic">The &os; boot loader now supports a 663 <option>-p</option> flag to force the kernel to pause after 664 each line of output during the probing phase. &merged;</para> 665 666 <para arch="alpha,i386" role="historic">The &os; boot loader is now capable of 667 booting from filesystems with block sizes larger than 668 8K. &merged;</para> 669 670 <para>The kernel and modules have been moved to the directory 671 <filename>/boot/kernel</filename>, so they can be easily 672 manipulated together. The boot loader has been updated to 673 make this change as seamless as possible.</para> 674 </sect3> 675 676 <sect3> 677 <title>Network Interface Support</title> 678 679 <para role="historic">The &man.an.4; driver for Cisco Aironet cards now supports 680 Wired Equivalent Privacy (WEP) encryption, settable via 681 &man.ancontrol.8;. &merged;</para> 682 683 <para role="historic">The &man.an.4; driver now supports the Cisco Aironet 350 684 series of adaptors. &merged;</para> 685 686 <para role="historic">The &man.an.4; driver now supports <quote>monitor</quote> 687 mode, settable via the <option>-M</option> option to 688 &man.ancontrol.8;. &merged;</para> 689 690 <para role="historic">The &man.an.4; driver now supports Cisco LEAP, as well as 691 the <quote>Home</quote> WEP key. The Linux Aironet utilities 692 are now supported under emulation. &merged;</para> 693 694 <para arch="i386,pc98" role="historic">Generic support for ARCNET token-based 695 networks has been added. &merged;</para> 696 697 <para arch="i386,pc98" role="historic">The &man.bge.4; driver has been added to 698 support the Broadcom BCM570x family of Gigabit Ethernet 699 controllers, including the 3Com 3c996-T, the SysKonnect 700 SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on 701 Dell PowerEdge 2550 servers. Output TCP/IP checksum offload, 702 jumbo frames and VLAN tag insertion/stripping are supported, 703 as well as interrupt moderation. &merged;</para> 704 705 <para arch="i386" role="historic">The cm driver has been added to support SMC 706 COM90cx6 ARCNET network adapters. &merged;</para> 707 708 <para>The &man.dc.4; driver now supports NICs based on the Xircom 709 3201 and Conexant LANfinity RS7112 chips.</para> 710 711 <para role="historic">The &man.dc.4; driver now has support for 712 VLANs. &merged;</para> 713 714 <para role="historic">The &man.de.4; driver now performs round-robin arbitration 715 between the transmit and receive units of the 21143, instead 716 of giving priority to the receive unit. This gives a 717 10–15% performance improvement in the forwarding rate 718 under heavy load. &merged;</para> 719 720 <para arch="alpha">The &man.ed.4; driver is now supported.</para> 721 722 <para arch="i386,pc98" role="historic">Linksys Fast Ethernet PCCARD cards supported 723 by the &man.ed.4; driver now require the addition of flag 724 <literal>0x80000</literal> to their config line in 725 &man.pccard.conf.5;. This flag is not optional. These 726 Linksys cards will not be recognized without 727 it. &merged;</para> 728 729 <para role="historic">A bug in the &man.ed.4; driver that could cause panics 730 with very short packets and BPF or bridging active has been 731 fixed. &merged;</para> 732 733 <para role="historic">The &man.ed.4; driver now has support for D-Link DL10022 734 chips, necessary for the NetGear FA-410TX and other cards. As 735 a result, <literal>device miibus</literal> is required in 736 kernel configurations using the &man.ed.4; 737 driver. &merged;</para> 738 739 <para arch="i386">The &man.el.4; driver can now be loaded as a 740 module.</para> 741 742 <para arch="i386,pc98,ia64" role="historic">The &man.em.4; driver has been added to 743 support NICs based on the Intel 82542, 82543, 82544, 82545EM, 744 and 82546EB 745 Gigabit Ethernet controller chips. The driver has VLAN 746 support, and also supports 747 transmit/receive checksum offload and jumbo frames on 82543 748 and 82544-based adapters. &merged;</para> 749 750 <para role="historic">The &man.faith.4; device is now loadable, unloadable, and 751 clonable. &merged;</para> 752 753 <para arch="i386,pc98" role="historic">Support for Fujitsu MB86960A/MB86965A based 754 Ethernet PC-Cards has been added back in the &man.fe.4; 755 driver. &merged;</para> 756 757 <para arch="alpha" role="historic">The &man.fpa.4; driver now supports Digital's 758 DEFPA FDDI adaptors on the Alpha. &merged;</para> 759 760 <para role="historic">The &man.fxp.4; driver now requires a <literal>device 761 miibus</literal> entry in the kernel configuration 762 file. &merged;</para> 763 764 <para role="historic">The &man.fxp.4; driver now contains a workaround for PCI 765 protocol violations caused by defects in some systems based on 766 the Intel ICH2/ICH2-M chip. The workaround is to rewrite the 767 EEPROM on the interface to disable Dynamic Standby Mode; once 768 the EEPROM is rewritten, the system needs to be rebooted for 769 the new settings to take effect. &merged;</para> 770 771 <para role="historic">The &man.fxp.4; driver now supports Intel's loadable 772 microcode to implement receive-side interrupt coalescing and 773 packet bundling, on NICs that support these features. This 774 support can be activated by the use of the 775 <option>link0</option> option to 776 &man.ifconfig.8;. &merged;</para> 777 778 <para arch="sparc64">The gem driver has been added to support 779 the Sun GEM Gigabit Ethernet and ERI Fast Ethernet 780 adapters.</para> 781 782 <para role="historic">The &man.gx.4; driver has been added to support NICs based 783 on the Intel 82542 and 82543 Gigabit Ethernet controller 784 chips. Both fiber and copper variants of the cards are 785 supported. Both boards support VLAN tagging/insertion, and 786 the 82543 additionally supports TCP/IP checksum 787 offload. &merged;</para> 788 789 <para arch="sparc64">The hme driver has been added to support 790 the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra 791 series machines.</para> 792 793 <para role="historic">The &man.lge.4; driver has been added to support the Level 794 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This 795 device is used on some fiber optic GigE cards from SMC, D-Link 796 and Addtron. Jumbograms and TCP/IP checksum offload on 797 receive are supported, although hardware VLAN filtering is 798 not. &merged;</para> 799 800 <para role="historic">The my driver, which supports the Myson Fast Ethernet and 801 Gigabit Ethernet adapters, has been added. &merged;</para> 802 803 <para role="historic">Added the &man.nge.4; driver, which supports PCI Gigabit 804 Ethernet adapters based on the National Semiconductor DP83820 805 and DP83821 Gigabit Ethernet controller chips, including the 806 D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante 807 FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T. 808 This driver supports transmit and receive checksum 809 offloading. &merged;</para> 810 811 <para role="historic">The &man.pcn.4; driver, which supports the AMD PCnet/FAST, 812 PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and 813 HomePNA adapters, has been added. Although these cards are 814 already supported by the &man.lnc.4; driver, the &man.pcn.4; 815 driver runs these chips in 32-bit mode and uses the RX 816 alignment feature to achieve zero-copy receive. This driver 817 is also machine-independent, so it will work on the i386, 818 pc98 and Alpha platforms. The &man.lnc.4; driver is still needed 819 to support non-PCI cards. &merged;</para> 820 821 <para role="historic">The &man.ray.4; driver, which supports the Webgear Aviator 822 wireless network cards, has been committed. The operation of 823 &man.ray.4; interfaces can be modified by 824 &man.raycontrol.8;. &merged;</para> 825 826 <para arch="i386,pc98">The &man.rp.4; driver has been updated to 827 version 3.02 and can now be built as a module. &merged;</para> 828 829 <para arch="i386" role="historic">The sbni driver, for supporting the Granch 830 SBNI12 series of ISA and PCI point-to-point communications 831 interfaces, has been added. The <filename 832 role="package">sysutils/sbniconfig</filename> port in the &os; 833 Ports Collection can be used for configuring these 834 devices. &merged;</para> 835 836 <para role="historic">Added support for PCI Ethernet adapters based on the SiS 837 900 and SiS 7016 Fast Ethernet controller chips (for example, 838 as seen on the SiS 635 and 735 motherboard chipsets), as well 839 as the National Semiconductor DP83815 chipset (including the 840 NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4; 841 driver. This device has support for VLANs. &merged;</para> 842 843 <para arch="pc98" role="historic">The snc driver for the National Semiconductor 844 DP8393X (SONIC) Ethernet controller has been added. 845 Currently, this driver is only used on the PC-98 846 architecture. &merged;</para> 847 848 <para>The &man.stf.4; device is now clonable.</para> 849 850 <para role="historic">The &man.tap.4; driver, a virtual Ethernet device driver 851 for bridged configurations, has been added. This device is 852 clonable. &merged;</para> 853 854 <para role="historic">The &man.ti.4; driver now supports the Alteon AceNIC 855 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT 856 Gigabit cards. &merged;</para> 857 858 <para role="historic">The &man.ti.4; driver correctly masks VLAN tags. &merged;</para> 859 860 <para>The &man.tx.4; driver now supports true multicast 861 filtering.</para> 862 863 <para role="historic">The &man.txp.4; driver has been added to support NICs 864 based on the 3Com 3XP Typhoon/Sidewinder (3CR990) 865 chipset. &merged;</para> 866 867 <para role="historic">&man.vlan.4; devices are now loadable, unloadable, and 868 clonable. &merged;</para> 869 870 <para role="historic">The &man.wi.4; driver now has support for Prism II and 871 Prism 2.5-based NICs. 104/128-bit WEP now works on Prism 872 cards. &merged;</para> 873 874 <para role="historic">The &man.wi.4; driver now supports using a &os; host as 875 a wireless access point. This functionality can be enabled 876 using the <literal>mediaopt hostap</literal> option of 877 &man.ifconfig.8;. This feature requires a wireless 878 adapter based on the Prism II chipset. &merged;</para> 879 880 <para role="historic">The &man.wi.4; driver now has support for 881 <application>bsd-airtools</application>. &merged;</para> 882 883 <para role="historic">The xe driver can now be built as a 884 module. &merged;</para> 885 886 <para role="historic">The &man.xl.4; driver now supports the 3Com 3C556 and 887 3C556B MiniPCI adapters used on some laptops. &merged;</para> 888 889 <para role="historic">The &man.xl.4; driver now supports reception of VLAN 890 tagged frames (on the <quote>Cyclone</quote> or newer 891 chipsets). &merged;</para> 892 893 <para role="historic">The &man.xl.4; driver now supports send- and receive-side 894 TCP/IP checksum offloading for NICs implementing this feature, 895 such as the 3C905B, 3C905C, and 3C980C. &merged;</para> 896 897 <para role="historic">A bug in the &man.xl.4; driver, related to statistics 898 overflow interrupt handling, was causing slowdowns at medium 899 to high packet rates; this has been fixed. &merged;</para> 900 901 <para role="historic">The per-interface <varname>ifnet</varname> structure now 902 has the ability to indicate a set of capabilities supported by 903 a network interface, and which ones are enabled. 904 &man.ifconfig.8; has support for querying these 905 capabilities. &merged;</para> 906 907 <para role="historic">Performance with hosts having a large number of IP aliases 908 has been improved, by replacing the per-interface 909 <varname>if_inaddr</varname> linear list with a hash table. &merged;</para> 910 911 <para>Network devices now automatically appear as special files in 912 <filename>/dev/net</filename>. Interface hardware ioctls (not 913 protocol or routing) can be performed on these devices. The 914 <varname>SIOCGIFCONF</varname> ioctl may be performed on the 915 special <filename>/dev/network</filename> node.</para> 916 917 <para role="historic">Selected network drivers now implement a semi-polling 918 mode, which makes systems much more resilient to attacks and 919 overloads. To enable polling, the following options are 920 required in a kernel configuration file: 921 922 <programlisting>options DEVICE_POLLING 923options HZ=1000 # not compulsory but strongly recommended</programlisting> 924 925 The <varname>kern.polling.enable</varname> sysctl variable 926 will then activate polling mode; with the 927 <varname>kern.polling.user_frac</varname> sysctl indicating 928 the percentage of CPU time to be reserved for userland. The 929 devices initially supporting polling are &man.dc.4;, 930 &man.fxp.4;, &man.rl.4;, and &man.sis.4;. More details can be found in 931 the &man.polling.4; manual page. &merged;</para> 932 933 <para arch="i386,pc98" role="historic">The packet-forwarding performance of certain 934 network drivers (specifically &man.dc.4; and &man.sis.4;) has 935 been enhanced by the elimination of unnecessary buffer 936 copies. &merged;</para> 937 938 <para><quote>Zero copy</quote> support has been added to the 939 networking stack. This feature can eliminate a copy of 940 network data between the kernel and userland, which is one of 941 the more significant bottlenecks in network throughput. 942 The send-side code should work with almost any network 943 adapter, while the receive-side code requires a network 944 adapter with an MTU of at least one memory page size (for 945 example, jumbo frames on Gigabit Ethernet). For more 946 information, see &man.zero.copy.9;.</para> 947 </sect3> 948 949 <sect3> 950 <title>Network Protocols</title> 951 952 <para role="historic">&man.accept.filter.9;, a kernel feature to reduce 953 overheads when accepting and reading new connections on 954 listening sockets, has been added. &merged;</para> 955 956 <para role="historic">The <literal>proxy</literal> modifier to &man.arp.8;'s 957 <option>-d</option> option has been renamed to 958 <literal>pub</literal>, for consistency with the 959 <option>-s</option> option. The <literal>only</literal> keyword 960 has been added to the <option>-s</option> and 961 <option>-S</option> flags, to be used in creating 962 <quote>proxy-only</quote> published entries. &merged;</para> 963 964 <para role="historic">The read timeout feature of &man.bpf.4; now works more 965 correctly with &man.select.2;/&man.poll.2;, and therefore with 966 pthreads. &merged;</para> 967 968 <para role="historic">&man.bridge.4; and &man.dummynet.4; have received some 969 enhancements and bug fixes, and are now loadable 970 modules. &merged;</para> 971 972 <para role="historic">&man.bridge.4; now has better support for multiple, 973 fully-independent bridging clusters, and is much more stable 974 in the presence of dynamic attachments and detatchments. Full 975 support for VLANs is also supported. &merged;</para> 976 977 <para>A &man.gre.4; driver, which can encapsulate IP packets 978 using GRE (RFC 1701) or minimal IP encapsulation for Mobile IP 979 (RFC 2004), has been added.</para> 980 981 <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP 982 RSTs generated due to packets sent to open and unopen ports 983 are now limited by separate counters. Each rate limiting 984 queue now has its own description.</para> 985 986 <para role="historic">ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can 987 now RST TCP connections in the <literal>SYN_SENT</literal> 988 state if the correct sequence numbers are sent back, as 989 controlled by the 990 <varname>net.inet.tcp.icmp_may_rst</varname> sysctl. &merged;</para> 991 992 <para>IP multicast now works on VLAN devices. Several other 993 bugs in the VLAN code have also been fixed.</para> 994 995 <para role="historic">A bug in the IPsec processing for IPv4, which caused the 996 inbound SPD checks to be ignored, has been fixed. &merged;</para> 997 998 <para role="historic">&man.ipfw.4; now filters correctly in the presence of ECN 999 bits in TCP segments. &merged;</para> 1000 1001 <para>&man.ipfw.4; has been re-implemented (the new version is 1002 commonly referred to as <quote>IPFW2</quote>). It now uses 1003 variable-sized representation of rules in the kernel, similar 1004 to &man.bpf.4; instructions. Most of the externally-visible 1005 behavior (i.e. through &man.ipfw.8;) should be unchanged., 1006 although &man.ipfw.8; now supports <literal>or</literal> 1007 connectives between match fields. &merged;</para> 1008 1009 <para role="historic">A new ng_eiface netgraph module has been added, which 1010 appears as an Ethernet interface but delivers its Ethernet 1011 frames to a Netgraph hook. &merged;</para> 1012 1013 <para>A new &man.ng.device.4; netgraph node type has been added, 1014 which creates a device entry in <filename>/dev</filename>, to 1015 be used as the entry point to a networking graph.</para> 1016 1017 <para role="historic">A new &man.ng.etf.4; netgraph node allows Ethernet type 1018 packets to be filtered to different hooks depending on 1019 ethertype. &merged;</para> 1020 1021 <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph 1022 nodes, for operating on &man.gif.4; devices, have been 1023 added.</para> 1024 1025 <para>The &man.ng.ip.input.4; netgraph node, for queueing IP 1026 packets into the main IP input processing code, has been 1027 added.</para> 1028 1029 <para>A new &man.ng.l2tp.4; netgraph node type, which implements 1030 the encapsulation layer of the L2TP protocol as described in 1031 RFC 2661, has been added. &merged;</para> 1032 1033 <para role="historic">The &man.ng.mppc.4; and &man.ng.bridge.4; node types have 1034 been added to the &man.netgraph.4; subsystem. The 1035 &man.ng.ether.4; node is now dynamically loadable. 1036 Miscellaneous bug fixes and enhancements have also been 1037 made. &merged;</para> 1038 1039 <para role="historic">A new netgraph node type &man.ng.one2many.4; for 1040 multiplexing and demultiplexing packets over multiple links 1041 has been added. &merged;</para> 1042 1043 <para>A new ng_split node type has been added for splitting a 1044 bidirectional packet flow into two unidirectional flows.</para> 1045 1046 <para role="historic">A new sysctl 1047 <varname>net.inet.ip.check_interface</varname>, which is on by 1048 default, causes IP to verify that an incoming packet arrives 1049 on an interface that has an address matching the packet's 1050 destination address. &merged;</para> 1051 1052 <para role="historic">A new sysctl 1053 <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has 1054 been added to control the suppression of logging when ARP 1055 replies arrive on the wrong interface. &merged;</para> 1056 1057 <para role="historic">A new <literal>options RANDOM_IP_ID</literal> kernel 1058 option causes the ID field of IP packets to be randomized. 1059 This closes a minor information leak which allows a remote 1060 observer to determine the rate at which the machine is 1061 generating packets, since the default behavior is to increment 1062 a counter for each packet sent. &merged;</para> 1063 1064 <para arch="alpha">SLIP has been removed from the 1065 <filename>mfsroot</filename> floppy image.</para> 1066 1067 <para role="historic">TCP has received some bug fixes for its delayed ACK 1068 behavior. &merged;</para> 1069 1070 <para role="historic">TCP now supports the NewReno modification to the TCP Fast 1071 Recovery algorithm. This behavior can be controlled via the 1072 <varname>net.inet.tcp.newreno</varname> sysctl 1073 variable. &merged;</para> 1074 1075 <para role="historic">TCP now uses a more aggressive timeout for initial SYN 1076 segments; this allows initial connection attempts to be 1077 dropped much faster. &merged;</para> 1078 1079 <para role="historic">The <literal>TCP_COMPAT_42</literal> kernel option has 1080 been removed. &merged;</para> 1081 1082 <para role="historic">The <literal>TCP_RESTRICT_RST</literal> kernel option has 1083 been removed. Similar functionality can be achieved with the 1084 <varname>net.inet.tcp.blackhole</varname> sysctl 1085 variable. &merged;</para> 1086 1087 <para role="historic">TCP now has RFC 1323 extensions enabled by default in 1088 &man.rc.conf.5;. &merged;</para> 1089 1090 <para role="historic">RFC 1323 and RFC 1644 TCP extensions are now disabled for 1091 a connection in progress if no response has been received by 1092 the third SYN segment sent. This behavior tries to work 1093 around (very old) terminal servers with buggy VJ header 1094 compression implementations. &merged;</para> 1095 1096 <para role="historic">The TCP implementation no longer requires the allocation 1097 of a TCP template structure for each connection; this should 1098 reduce the buffer usage on large systems handling many 1099 connections. &merged;</para> 1100 1101 <para role="historic">TCP's default buffer sizes, controlled by the 1102 <varname>net.inet.tcp.sendspace</varname> and 1103 <varname>net.inet.tcp.recvspace</varname> sysctl variables, 1104 have been increased to 32K and 64K respectively. Previously, 1105 the default for both buffer sizes was 16K. To try to avoid 1106 increasing congestion, the default value for 1107 <varname>net.inet.tcp.local_slowstart_flightsize</varname> has 1108 been changed from infinity to 4. &merged; 1109 1110 <note> 1111 <para>On busy hosts, the new larger buffer sizes may require 1112 manually increasing the 1113 <varname>NMBCLUSTERS</varname> parameter, either in the 1114 kernel configuration file or via the 1115 <varname>kern.ipc.nmbclusters</varname> loader tunable. 1116 <command>netstat -mb</command> can be used to monitor the 1117 state of mbuf clusters.</para> 1118 </note> 1119 </para> 1120 1121 <para role="historic">TCP now supports RFC 1948 (Defending Against Sequence 1122 Number Attacks). The 1123 <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl 1124 variable controls the reseeding of the secret data used in 1125 the RFC 1948 initial sequence number calculations. &merged;</para> 1126 1127 <para role="historic">The TCP implementation in &os; now implements a cache of 1128 outstanding, received SYN segments. Incoming SYN segments now 1129 cause entries to be placed in the cache until the TCP 1130 three-way handshake is complete, at which point, memory is 1131 allocated for the connection as usual. In addition, all TCP 1132 Initial Sequence Numbers (ISNs) are used as cookies, allowing 1133 entries in the cache to be dropped, but still have their 1134 corresponding ACKs accepted later. The combination of the 1135 so-called 1136 <quote>syncache</quote> and <quote>syncookies</quote> features 1137 makes a host much more resistant to TCP-based Denial of 1138 Service attacks. Work on this feature was sponsored by DARPA 1139 and NAI Labs. &merged;</para> 1140 1141 <para role="historic">A bug in the TCP implementation, which could cause 1142 connections to stall if a sender saw a zero-sized window, has 1143 been corrected. &merged;</para> 1144 1145 <para role="historic">The TCP implementation now properly ignores packets 1146 addressed to IP-layer broadcast addresses. &merged;</para> 1147 1148 <para>The ephemeral port range used for TCP and UDP has been 1149 changed to 49152–65535 (the old default was 1150 1024–5000). This increases the number of concurrent 1151 outgoing connections/streams.</para> 1152 1153 <para>The &man.tcp.4; protocol's retransmission timer can now be 1154 manipulated with two sysctl variables, 1155 <varname>net.inet.tcp.rexmit_min</varname> and 1156 <varname>net.inet.tcp.rexmit_slop</varname>. The default has 1157 been reduced from one second to 200ms (similar to the Linux default) 1158 in order to better handle hicups over interactive connections and 1159 improve recovery over lossy fast connections such as wireless links.</para> 1160 1161 <para>The &man.tcp.4; protocol now has the ability to dynamically 1162 limit the send-side window to maximize bandwidth and minimize 1163 round trip times. The feature can be enabled via the 1164 <varname>net.inet.tcp.inflight_enable</varname> 1165 sysctl. &merged;</para> 1166 1167 </sect3> 1168 1169 <sect3> 1170 <title>Disks and Storage</title> 1171 1172 <para arch="i386" role="historic">Support for the Adaptec FSA family of PCI-SCSI 1173 RAID controllers has been added, in the form of the 1174 &man.aac.4; driver. This driver includes proper handling of 1175 commands initiated by the adapter, addition/removal of disk 1176 devices, crashdump functionality, and &man.ioctl.2; commands 1177 necessary for the management CLI, and is fully qualified and 1178 sanctioned by Adaptec. &merged;</para> 1179 1180 <para role="historic">The &man.ahc.4; driver has received numerous updates, 1181 bugfixes, and enhancements. Among various improvements are 1182 improved compatibility with chips in <quote>RAID Port</quote> 1183 mode and systems with AAA and/or ARO cards installed, as well 1184 as performance improvements. Some bugs were also fixed, 1185 including a rare hang on Ultra2/U160 1186 controllers. &merged;</para> 1187 1188 <para arch="i386">The &man.ahd.4; driver, which supports the Adaptec 1189 AIC7901, AIC7901A, and AIC7902 Ultra320 PCI-X SCSI Controller chips, has been 1190 added. &merged;</para> 1191 1192 <para arch="i386" role="historic">The &man.asr.4; driver, which provides support 1193 for the Adaptec SCSI RAID controller family, as well as the 1194 DPT SmartRAID V and VI families, has been 1195 added. &merged;</para> 1196 1197 <para arch="i386" role="historic">The &man.asr.4; driver now supports the 1198 Adaptec 2000S and 2005S Zero-Channel RAID 1199 controllers. &merged;</para> 1200 1201 <para role="historic">The &man.ata.4; driver now has support for ATA100 1202 controllers. In addition, it now supports the ServerWorks 1203 ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 1204 chipsets, and the Cyrix 5530. &merged;</para> 1205 1206 <para role="historic">To provide more flexible configuration, the various 1207 options for the &man.ata.4; driver are now boot loader 1208 tunables, rather than kernel configure-time 1209 options. &merged;</para> 1210 1211 <para role="historic">The &man.ata.4; driver now has support for tagged queuing, 1212 which is enabled by the <varname>hw.ata.tags</varname> loader 1213 tunable. &merged;</para> 1214 1215 <para role="historic">The &man.ata.4; driver now has support for ATA 1216 <quote>pseudo</quote> RAID controllers as the Promise Fasttrak 1217 and HighPoint HPT370 controllers. &merged;</para> 1218 1219 <para role="historic">The &man.ata.4; driver now supports a wider variety of SiS 1220 chipsets, as listed in the Hardware Notes. &merged;</para> 1221 1222 <para role="historic">The &man.ata.4; driver now has support for creating, 1223 deleting, querying, and rebuilding ATA RAIDs under control of 1224 &man.atacontrol.8;. &merged;</para> 1225 1226 <para role="historic">The BurnProof(TM) feature, for applicable ATAPI CD-ROM 1227 burners, is now supported. &merged;</para> 1228 1229 <para role="historic">The &man.ata.4; driver now has support for 48-bit 1230 addressing. Devices larger than 137GB are now 1231 supported. &merged;</para> 1232 1233 <para role="historic">The &man.ata.4; driver now contains fixes for some data 1234 corruption problems on systems using the VIA 82C686B 1235 Southbridge chip. &merged;</para> 1236 1237 <para>The &man.ata.4; driver (along with &man.burncd.8;) now 1238 supports writing to media in DVD+RW drives.</para> 1239 1240 <para>The &man.ata.4; driver now supports accessing ATA devices 1241 as SCSI devices via the CAM layer and drivers (&man.cd.4;, 1242 &man.da.4;, &man.st.4;, and &man.pass.4;). This feature requires 1243 <literal>device atapicam</literal> in the kernel 1244 configuration.</para> 1245 1246 <para>The &man.ata.4; driver now has support for the Sil 0680 1247 and VIA 8233/8235 controllers. &merged;</para> 1248 1249 <para role="historic">The &man.cd.4; driver now has support for write 1250 operations. This allows writing to DVD-RAM, PD and similar 1251 drives that probe as CD devices. Note that change affects 1252 only random-access writeable devices, not sequential-only 1253 writeable devices such as CD-R drives, which are supported by 1254 &man.cdrecord.1; (a part of 1255 <filename role="package">sysutils/cdrtools</filename> in the 1256 Ports Collection. &merged;</para> 1257 1258 <para arch="i386" role="historic">The ciss driver, for devices utilizing the 1259 Common Interface for SCSI-3 Support, has been added. This 1260 driver supports the Compaq SmartRAID 5* family of RAID 1261 controllers (5300, 532, 5i). &merged;</para> 1262 1263 <para>The &man.fdc.4; floppy disk has undergone a number of 1264 enhancements. Density selection for common settings is now 1265 automatic; the driver is also much more flexible in setting 1266 the densities of various subdevices.</para> 1267 1268 <para>The &man.geom.4; disk I/O request transformation framework 1269 has been added; this extensible framework is designed to 1270 support a wide variety of operations on I/O requests on their 1271 way from the upper kernel to the device drivers.</para> 1272 1273 <para role="historic">The ida disk driver now has crashdump 1274 support. &merged;</para> 1275 1276 <para arch="i386" role="historic">The iir driver has been added to support the 1277 Intel Integrated RAID controllers, as well as prior ICP Vortex 1278 controllers.</para> 1279 1280 <para arch="alpha" role="historic">A bug that made certain CDROM drives fail to 1281 attach when connected to a SCSI card driven by &man.isp.4; has 1282 been fixed. &merged;</para> 1283 1284 <para>The &man.isp.4; driver is now proactive about discovering 1285 Fibre Channel topology changes.</para> 1286 1287 <para>The &man.isp.4; driver now supports target mode for Qlogic 1288 SCSI cards, including Ultra2 and Ultra3 and dual bus 1289 cards.</para> 1290 1291 <para role="historic">The &man.isp.4; driver now supports the Qlogic 2300 and 1292 2312 Optical Fibre Channel PCI cards. &merged;</para> 1293 1294 <para arch="i386,pc98">The &man.matcd.4; driver has been removed 1295 due to breakage and licensing issues. &merged;</para> 1296 1297 <para>&man.md.4;, the memory disk device, has had the 1298 functionality of &man.vn.4; incorporated into it. &man.md.4; 1299 devices can now be configured by &man.mdconfig.8;. &man.vn.4; 1300 has been removed. The Memory Filesystem (MFS) has also been 1301 removed.</para> 1302 1303 <para arch="i386,alpha,pc98,sparc64">The mpt driver, for 1304 supporting the LSI Logic Fusion/MP architecture Fiber Channel 1305 controllers, has been added. &merged;</para> 1306 1307 <para arch="i386" role="historic">The &man.mly.4; driver, for Mylex PCI to SCSI 1308 AccelRAID and eXtremeRAID controllers with firmware 6.X and 1309 later, has been added. &merged;</para> 1310 1311 <para arch="i386,pc98" role="historic">The ncv, nsp, and stg drivers have been ported 1312 from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja 1313 SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers. 1314 All three drivers can be built and loaded as 1315 modules. &merged;</para> 1316 1317 <para arch="powerpc">The ofw driver, a basic OpenFirmware disk 1318 driver, has been added.</para> 1319 1320 <para arch="i386">The pst driver, for supporting Promise 1321 SuperTrak ATA RAID controllers, has been 1322 added. &merged;</para> 1323 1324 <para>Some problems in &man.sa.4; error handling have been 1325 fixed, including the <quote>tape drive spinning indefinitely 1326 upon &man.mt.1; <option>stat</option></quote> problem.</para> 1327 1328 <para>The <varname>SCSI_DELAY</varname> configuration parameter 1329 can now be set at boot time and runtime via the 1330 <varname>kern.cam.scsi_delay</varname> tunable/sysctl.</para> 1331 1332 <para>The trm driver has been added to support SCSI adapters 1333 using the Tekram TRM-S1040 SCSI chipset.</para> 1334 1335 <para arch="i386" role="historic">The &man.twe.4; 3ware ATA RAID driver has 1336 added. &merged;</para> 1337 1338 <para role="historic">The &man.wd.4; compatibility devices were removed from the 1339 &man.ata.4; driver. &merged;</para> 1340 </sect3> 1341 1342 <sect3> 1343 <title>Filesystems</title> 1344 1345 <para>Support for named extended attributes was added to the 1346 &os; kernel. This allows the kernel, and appropriately 1347 privileged userland processes, to tag files and directories 1348 with attribute data. Extended attributes were added to 1349 support the TrustedBSD Project, in particular ACLs, capability 1350 data, and mandatory access control labels (see 1351 <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for 1352 details).</para> 1353 1354 <para role="historic">Due to a licensing change, softupdates have been 1355 integrated into the main portion of the kernel source tree. 1356 As a consequence, softupdates are now available with the 1357 <filename>GENERIC</filename> kernel. &merged;</para> 1358 1359 <para>A filesystem snapshot capability has been added to FFS. 1360 Details can be found in 1361 <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> 1362 1363<!-- The following note needs to be made more specific or eliminated. --> 1364 <para>Softupdates for FFS have received some bug fixes and 1365 enhancements.</para> 1366 1367 <para>When running with softupdates, &man.statfs.2; and 1368 &man.df.1; will track the number of blocks and files that are 1369 committed to being freed.</para> 1370 1371 <para role="historic">A bug in FFS that could cause superblock corruption on 1372 very large filesystems has been corrected. &merged;</para> 1373 1374 <para role="historic">The ISO-9660 filesystem now has a hook that supports a 1375 loadable character conversion routine. The 1376 <filename role="package">sysutils/cd9660_unicode</filename> 1377 port contains a set of common conversions. &merged;</para> 1378 1379 <para>&man.kernfs.5; is obsolete and has been retired.</para> 1380 1381 <para role="historic">A bug in the NFS client that caused bogus access times with 1382 <literal>O_EXCL|O_CREAT</literal> opens was 1383 fixed. &merged;</para> 1384 1385 <para role="historic">A new NFS hash function (based on the Fowler/Noll/Vo hash 1386 algorithm) has been implemented to improve NFS performance by 1387 increasing the efficiency of the <varname>nfsnode</varname> 1388 hash tables. &merged;</para> 1389 1390 <para>Client-side NFS locks have been implemented.</para> 1391 1392 <para>The client-side and server-side of the NFS code in the 1393 kernel used to be intertwined in various complex ways. They 1394 have been split apart for ease of maintenance and further 1395 development.</para> 1396 1397 <para>Support for filesystem Access Control Lists (ACLs) has 1398 been introduced, allowing more fine-grained control of 1399 discretionary access control on files and directories. This 1400 support was integrated from the TrustedBSD Project. More 1401 details can be found in 1402 <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para> 1403 1404 <para role="historic">The directory layout preference algorithm for FFS 1405 (<literal>dirprefs</literal>) has been changed. Rather than 1406 scattering directory blocks across a disk, it attempts to 1407 group related directory blocks together. Operations 1408 traversing large directory hierarchies, such as the &os; Ports 1409 tree, have shown marked speedups. This change is transparent 1410 and automatic for new directories. &merged;</para> 1411 1412 <para arch="i386,pc98" role="historic">smbfs (CIFS) support in kernel has been added. 1413 The userland programs &man.smbutil.1; and &man.mount.smbfs.8; 1414 can be used to work with SMB shares. Note that 1415 &man.mount.smbfs.8; will automatically load the 1416 <filename>smbfs.ko</filename> module into the kernel, even if 1417 <literal>LIBMCHAIN</literal> and 1418 <literal>LIBICONV</literal> were not compiled into the kernel. 1419 &merged;</para> 1420 1421 <para>For consistency, the fdesc, fifo, null, msdos, portal, 1422 umap, and union filesystems have been renamed to fdescfs, 1423 fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where 1424 applicable, modules and mount_* programs have been renamed. 1425 Compatibility <quote>glue</quote> has been added to 1426 &man.mount.8; so that <literal>msdos</literal> filesystem 1427 entries in &man.fstab.5; will work without changes.</para> 1428 1429 <para>pseudofs, a pseudo-filesystem framework, has been added. 1430 &man.linprocfs.5; and &man.procfs.5; have been modified to use 1431 pseudofs.</para> 1432 1433 <para role="historic">A simple hash-based lookup optimization for large 1434 directories called <literal>dirhash</literal> has been added. 1435 Conditional on the 1436 <literal>UFS_DIRHASH</literal> kernel option (enabled by 1437 default in the <filename>GENERIC</filename> kernel), it 1438 improves the speed of operations on very large directories at 1439 the expense of some memory. &merged;</para> 1440 1441 <para role="historic">The virtual memory subsystem now backs UFS directory 1442 memory requirements by default (this behavior is controlled 1443 via the <varname>vfs.vmiodirenable</varname> sysctl 1444 variable). &merged;</para> 1445 1446 <para role="historic">A bug that prevented the root filesystem from being 1447 mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were 1448 always supported). &merged;</para> 1449 1450 <para role="historic">A number of bugs in the filesystem code, discovered 1451 through the use of the <application>fsx</application> 1452 filesystem test tool, have been fixed. Under certain 1453 circumstances (primarily related to use of NFS), these bugs 1454 could cause data corruption or kernel panics. &merged;</para> 1455 1456 <para>Network filesystems (such as NFS and smbfs filesystems) 1457 listed in <filename>/etc/fstab</filename> can now be properly 1458 mounted during startup initialization; their mounts are 1459 deferred until after the network is initialized.</para> 1460 1461 <para>Read-only support for the Universal Disk Format (UDF) has 1462 been added. This format is used on packet-written CD-RWs and 1463 most commercial DVD-Video disks. The &man.mount.udf.8; 1464 command can be used to mount these disks.</para> 1465 1466 <para>Basic support has been added for the UFS2 filesystem. 1467 Among its features: 1468 1469 <itemizedlist> 1470 <listitem> 1471 <para>The inode has been expanded to 256 bytes to make 1472 space for 64-bit block pointers.</para> 1473 </listitem> 1474 1475 <listitem> 1476 <para>A file-creation time field has been added.</para> 1477 </listitem> 1478 1479 <listitem> 1480 <para>A native extended attributes implementation has been 1481 added, permitting total attribute size stored on an inode 1482 to be up to twice the filesystem block size. This storage 1483 is used for Access Control Lists and MAC labels, but may 1484 also be used by other system extensions and user 1485 applications.</para> 1486 </listitem> 1487 </itemizedlist> 1488 1489 </para> 1490 1491 </sect3> 1492 1493 <sect3> 1494 <title>PCCARD Support</title> 1495 1496 <para arch="i386,pc98" role="historic">The pccard driver and &man.pccardc.8; now 1497 support multiple <quote>beep types</quote> upon card insertion 1498 and removal. &merged;</para> 1499 1500 <para role="historic">On many modern hosts, PCCARD devices can be configured to 1501 route their interrupts via either the ISA or PCI interrupt 1502 paths. The &man.pcic.4; driver has been updated to support 1503 both interrupt paths (formerly, only routing via ISA was 1504 supported). &merged; In most cases, configuration of PCMCIA 1505 devices in laptops is simpler and more flexible. In addition, 1506 various Cardbus bridge PCI cards (such as those used by 1507 Orinoco PCI NICs) are now supported. Some hosts may 1508 experience problems, such as hangs or panics, with PCI 1509 interrupt routing; they can frequently be made to work by 1510 forcing the older-style ISA interrupt routing. The following 1511 lines, placed in <filename>/boot/loader.conf</filename>, may 1512 fix the problem:</para> 1513 1514 <programlisting role="historic">hw.pcic.intr_path="1" 1515 hw.pcic.irq="0"</programlisting> 1516 1517 <para role="historic">When installing &os; on such a system, typing the 1518 following lines to the boot loader may be helpful in starting 1519 up &os; for the first time:<para> 1520 1521 <screen role="historic"><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput> 1522<prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen> 1523 1524 <para arch="i386">Preliminary Cardbus support under NEWCARD has 1525 been added. This code supports the TI113X, TI12XX, TI125X, 1526 Ricoh 5C46/5C47, Topic 95/97/100 and Cirrus Logic PD683X 1527 bridges. 16-bit PC Card support is not yet functional.</para> 1528 1529 <para arch="i386">NEWCARD is now the default pccard/cardbus 1530 system in the <filename>GENERIC</filename> kernel.</para> 1531 1532 </sect3> 1533 1534 <sect3> 1535 <title>Multimedia Support</title> 1536 1537 <para arch="i386" role="historic">The &man.pcm.4; driver now supports the ESS 1538 Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media 1539 fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound 1540 card/chipsets, and has received some other updates. Separate 1541 drivers for the SoundBlaster 8 and SoundBlaster 16 now replace 1542 an older, unified driver. A driver for the CMedia 1543 CMI8338/CMI8738 sound chips has been added. A driver for the 1544 CS4281 sound chip has been added. A driver for the S3 1545 SonicVibes chipset has been added. &merged;</para> 1546 1547 <para arch="i386" role="historic">A driver for the Avance Logic ALS4000 has been 1548 added. &merged;</para> 1549 1550 <para arch="i386" role="historic">A driver for the ESS Maestro-3/Allegro has 1551 been added, however due to licensing restrictions, it cannot 1552 be compiled into the kernel. &merged; To use this driver, add 1553 the following line to 1554 <filename>/boot/loader.conf</filename>:</para> 1555 1556 <programlisting role="historic">snd_maestro3_load="YES"</programlisting> 1557 1558 <para arch="i386">The VT8233 audio controller now has its own 1559 driver to facilitate supporting all known revisions of the 1560 hardware. It is loadable at boot time by adding 1561 <literal>device pcm</literal> to the kernel configuration or 1562 by adding <literal>snd_via8233="YES"</literal> to 1563 <filename>/boot/loader.conf</filename>. Documentation to 1564 support this work was provided by VIA. &merged;</para> 1565 1566 <para role="historic">The &man.bktr.4; driver has been updated to 2.18. This 1567 update provides a number of new features. New tuner types 1568 have been added, and improvements to the KLD module and to 1569 memory allocation have been made. Bugs in &man.devfs.5; when 1570 unloading and reloading have been fixed. Support for new 1571 Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux) 1572 has been added. &merged;</para> 1573 1574 <para arch="i386,pc98" role="historic">The ufm driver, supporting the D-Link DSB-R100 1575 USB Radio, has been added. &merged;</para> 1576 1577 <para role="historic">When sound modules are built, one can now load all the 1578 drivers and infrastructure by <command>kldload 1579 snd</command>. &merged;</para> 1580 1581 <para>A new API has been added for sound cards with hardware 1582 volume control.</para> 1583 1584 <para arch="i386" role="historic">A driver for the Intel 443MX, 810, 815, and 1585 815E integrated sound devices has been added. &merged;</para> 1586 1587 <para arch="i386" role="historic">The via82c686 sound driver now supports the VIA 1588 VT8233. &merged;</para> 1589 1590 <para arch="i386" role="historic">The ich sound driver now support the SiS 1591 7012 chipset. &merged;</para> 1592 1593 <para arch="i386">The ich sound driver now provides rudimentary 1594 support for ich4 audio support. &merged;</para> 1595 1596 <para arch="i386">Drivers have been added to support the Direct 1597 Rendering Infrastructure, which can used to provide 3D 1598 acceleration within <application>XFree86</application>. Video 1599 cards supported include the 3Dlabs Oxygen GMX 2000 (gammadrm), 1600 AGP Matrox G200/G400/G450/G550 (mgadrm), 3dfx Voodoo 1601 3/4/5/Banshee (tdfxdrm), AGI ATI Rage 128 (r128drm), and AGP 1602 ATI Radeon (radeondrm).</para> 1603 1604 </sect3> 1605 1606 <sect3> 1607 <title>Contributed Software</title> 1608 1609 <para>The Forth Inspired Command Language 1610 (<application>FICL</application>) used in the boot loader has 1611 been updated to 3.02.</para> 1612 1613 <para>Support for Advanced Configuration and Power Interface 1614 (ACPI), a multi-vendor standard for configuration and power 1615 management, has been added. This functionality has been 1616 provided by the <application>Intel ACPI Component 1617 Architecture</application> project, as of the ACPI CA 20020815 1618 snapshot. Some backward compatability for applications using 1619 the older APM standard has been provided.</para> 1620 1621 <sect4> 1622 <title>IPFilter</title> 1623 1624 <para><application>IPFilter</application> has been updated to 1625 3.4.29. &merged;</para> 1626 1627 <para role="historic"><application>IPFilter</application> now supports 1628 IPv6. &merged;</para> 1629 1630 </sect4> 1631 1632 <sect4 arch="i386"> 1633 <title>isdn4bsd</title> 1634 1635 <para><application>isdn4bsd</application> has been updated to 1636 version 1.0.2.</para> 1637 1638 <para role="historic">The &man.ifpi.4; driver for supporting the AVM 1639 Fritz!Card PCI controller has been added. &merged;</para> 1640 1641 <para role="historic">The &man.ifpi2.4; driver for supporting the AVM 1642 Fritz!Card PCI version 2 controller has been added. &merged;</para> 1643 1644 <para role="historic">The &man.ihfc.4; driver for supporting Cologne Chip 1645 Designs HFC devices under 1646 <application>isdn4bsd</application> has been 1647 added. &merged;</para> 1648 1649 <para role="historic">The &man.itjc.4; driver for supporting NETjet-S / Teles 1650 PCI-TJ devices under <application>isdn4bsd</application> has 1651 been added. &merged;</para> 1652 1653 <para role="historic">Experimental support for the Eicon.Diehl DIVA 2.0 and 1654 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; 1655 <application>isdn4bsd</application> driver. &merged;</para> 1656 1657 <para role="historic">The &man.isic.4; driver now supports the Compaq Microcom 1658 610 ISDN ISA PnP card. &merged;</para> 1659 1660 <para role="historic">Active CAPI-based ISDN cards manufactured by AVM are now 1661 supported using the &man.i4bcapi.4; and the &man.iavc.4; 1662 driver. The supported cards are the AVM B1 PCI and AVM B1 1663 ISA Basic Rate cards and the AVM T1 Primary Rate 1664 cards. &merged;</para> 1665 1666 <para role="historic">A new <literal>maxconnecttime</literal> keyword is now 1667 accepted in &man.isdnd.rc.5; files to limit the time a 1668 connection may remain open. &merged;</para> 1669 1670 <para role="historic">&man.isdnphone.8; now supports a <option>-k</option> 1671 option for sending messages via the keypad facility to a PBX 1672 or exchange office. &merged;</para> 1673 1674 <para><application>isdn4bsd</application> now supports Q.931 1675 subaddressing.</para> 1676 1677 </sect4> 1678 1679 <sect4 id="kame-kernel"> 1680 <title>KAME</title> 1681 1682 <para role="historic">The IPv6 stack is now based on a snapshot based on the 1683 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of 1684 the items listed in this section are a result of this 1685 import. <xref linkend="kame-userland"> lists userland 1686 updates to the KAME IPv6 stack. &merged;</para> 1687 1688 <para role="historic">&man.gif.4; is now based on RFC 2893, rather than RFC 1689 1933. The <literal>IFF_LINK2</literal> interface flag can 1690 be used to control ingress filtering. &merged;</para> 1691 1692 <para role="historic"><application>IPsec</application> has received some 1693 enhancements, including the ability to use the Rijndael and 1694 SHA2 algorithms. IPsec RC5 support has been removed due to 1695 patent issues. &merged;</para> 1696 1697 <para role="historic">&man.stf.4; now conforms to RFC 3056; the 1698 <literal>IFF_LINK2</literal> interface flag can be used to 1699 control ingress filtering. &merged;</para> 1700 1701 <para role="historic">IPv6 has better checking of illegal addresses (such as 1702 loopback addresses) on physical networks. &merged;</para> 1703 1704 <para role="historic">The <varname>IPV6_V6ONLY</varname> socket option is now 1705 completely supported. The kernel's default behavior with 1706 respect to this option is controlled by the 1707 <varname>net.inet6.ip6.v6only</varname> sysctl 1708 variable. &merged;</para> 1709 1710 <para role="historic">RFC 3041 (Privacy Extensions for Stateless Address 1711 Autoconfiguration) is now supported. It can be enabled via 1712 the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl 1713 variable. &merged;</para> 1714 </sect4> 1715 </sect3> 1716 </sect2> 1717 1718 <sect2 id="security"> 1719 <title>Security-Related Changes</title> 1720 1721 <para role="historic">&man.sysinstall.8; now allows the user to select one of two 1722 <quote>security profiles</quote> at install-time. These 1723 profiles enable different levels of system security by enabling 1724 or disabling various system services in &man.rc.conf.5; on new 1725 installs. &merged;</para> 1726 1727 <para>A bug in which malformed ELF executable images can hang the 1728 system has been fixed (see security advisory 1729 FreeBSD-SA-00:41). &merged;</para> 1730 1731 <para>A security hole in Linux emulation was fixed (see security 1732 advisory FreeBSD-SA-00:42). &merged;</para> 1733 1734 <para role="historic">String-handling library calls in many programs were fixed to 1735 reduce the possibility of buffer overflow-related exploits. 1736 &merged;</para> 1737 1738 <para>TCP now uses stronger randomness in choosing its initial 1739 sequence numbers (see security advisory 1740 FreeBSD-SA-00:52). &merged;</para> 1741 1742 <para>Several buffer overflows in &man.tcpdump.1; were corrected 1743 (see security advisory FreeBSD-SA-00:61). &merged;</para> 1744 1745 <para>A security hole in &man.top.1; was corrected (see security 1746 advisory FreeBSD-SA-00:62). &merged;</para> 1747 1748 <para>A potential security hole caused by an off-by-one-error in 1749 &man.gethostbyname.3; has been fixed (see security advisory 1750 FreeBSD-SA-00:63). &merged;</para> 1751 1752 <para>A potential buffer overflow in the &man.ncurses.3; library, 1753 which could cause arbitrary code to be run from within 1754 &man.systat.1;, has been corrected (see security advisory 1755 FreeBSD-SA-00:68). &merged;</para> 1756 1757 <para>A vulnerability in &man.telnetd.8; that could cause it to 1758 consume large amounts of server resources has been fixed (see 1759 security advisory FreeBSD-SA-00:69). &merged;</para> 1760 1761 <para>The <literal>nat deny_incoming</literal> command in 1762 &man.ppp.8; now works correctly (see security advisory 1763 FreeBSD-SA-00:70). &merged;</para> 1764 1765 <para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files 1766 that could allow overwriting of arbitrary user-writable files 1767 has been closed (see security advisory 1768 FreeBSD-SA-00:76). &merged;</para> 1769 1770 <para role="historic">The &man.ssh.1; binary is no longer SUID root by 1771 default. &merged;</para> 1772 1773 <para role="historic">Some fixes were applied to the Kerberos IV implementation 1774 related to environment variables, a possible buffer overrun, and 1775 overwriting ticket files. &merged;</para> 1776 1777 <para role="historic">&man.telnet.1; now does a better job of sanitizing its 1778 environment. &merged;</para> 1779 1780 <para>Several vulnerabilities in &man.procfs.5; were fixed (see 1781 security advisory FreeBSD-SA-00:77). &merged;</para> 1782 1783 <para>A bug in <application>OpenSSH</application> in which a 1784 server was unable to disable &man.ssh-agent.1; or 1785 <literal>X11Forwarding</literal> was fixed (see security 1786 advisory FreeBSD-SA-01:01). &merged;</para> 1787 1788 <para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP 1789 segments could incorrectly be treated as being part of an 1790 <literal>established</literal> connection has been fixed (see 1791 security advisory FreeBSD-SA-01:08). &merged;</para> 1792 1793 <para>A bug in &man.crontab.1; that could allow users to read any 1794 file on the system in valid &man.crontab.5; syntax has been 1795 fixed (see security advisory FreeBSD-SA-01:09). &merged;</para> 1796 1797 <para>A vulnerability in &man.inetd.8; that could allow 1798 read-access to the initial 16 bytes of 1799 <groupname>wheel</groupname>-accessible files has been fixed 1800 (see security advisory FreeBSD-SA-01:11). &merged;</para> 1801 1802 <para>A bug in &man.periodic.8; that used insecure temporary files 1803 has been corrected (see security advisory 1804 FreeBSD-SA-01:12). &merged;</para> 1805 1806 <para><application>OpenSSH</application> now has code to prevent 1807 (instead of just mitigating through connection limits) an attack 1808 that can lead to guessing the server key (not host key) by 1809 regenerating the server key when an RSA failure is detected (see 1810 security advisory FreeBSD-SA-01:24). &merged;</para> 1811 1812 <para role="historic">A number of programs have had output formatting strings 1813 corrected so as to reduce the risk of 1814 vulnerabilities. &merged;</para> 1815 1816 <para role="historic">A number of programs that use temporary files now do so more 1817 securely. &merged;</para> 1818 1819 <para role="historic">A bug in ICMP that could cause an attacker to disrupt TCP and UDP 1820 <quote>sessions</quote> has been corrected. &merged;</para> 1821 1822 <para>A bug in &man.timed.8;, which caused it to crash if send 1823 certain malformed packets, has been corrected (see security 1824 advisory FreeBSD-SA-01:28). &merged;</para> 1825 1826 <para>A bug in &man.rwhod.8;, which caused it to crash if send 1827 certain malformed packets, has been corrected (see security 1828 advisory FreeBSD-SA-01:29). &merged;</para> 1829 1830 <para>A security hole in &os;'s FFS and EXT2FS implementations, 1831 which allowed a race condition that could cause users to have 1832 unauthorized access to data, has been fixed (see security 1833 advisory FreeBSD-SA-01:30). &merged;</para> 1834 1835 <para>A remotely-exploitable vulnerability in &man.ntpd.8; has 1836 been closed (see security advisory 1837 FreeBSD-SA-01:31). &merged;</para> 1838 1839 <para>A security hole in <application>IPFilter</application>'s 1840 fragment cache has been closed (see security advisory 1841 FreeBSD-SA-01:32). &merged;</para> 1842 1843 <para>Buffer overflows in &man.glob.3;, which could cause 1844 arbitrary code to be run on an FTP server, have been closed. In 1845 addition, to prevent some forms of DOS attacks, &man.glob.3; 1846 allows specification of a limit on the number of pathname 1847 matches it will return. &man.ftpd.8; now uses this feature (see 1848 security advisory FreeBSD-SA-01:33). &merged;</para> 1849 1850 <para>Initial sequence numbers in TCP are more thoroughly 1851 randomized (see security advisory FreeBSD-SA-01:39). Due to 1852 some possible compatibility issues, the behavior of this 1853 security fix can be enabled or disabled via the 1854 <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl 1855 variable.&merged;</para> 1856 1857 <para>A vulnerability in the &man.fts.3; routines (used by 1858 applications for recursively traversing a filesystem) could 1859 allow a program to operate on files outside the intended 1860 directory hierarchy. This bug has been fixed (see security 1861 advisory FreeBSD-SA-01:40). &merged;</para> 1862 1863 <para role="historic"><application>OpenSSH</application> now switches to the 1864 user's UID before attempting to unlink the authentication 1865 forwarding file, nullifying the effects of a race.</para> 1866 1867 <para>A flaw allowed some signal handlers to remain in effect in a 1868 child process after being exec-ed from its parent. This allowed 1869 an attacker to execute arbitrary code in the context of a setuid 1870 binary. This flaw has been corrected (see security advisory 1871 FreeBSD-SA-01:42). &merged;</para> 1872 1873 <para>A remote buffer overflow in &man.tcpdump.1; has been fixed 1874 (see security advisory FreeBSD-SA-01:48). &merged;</para> 1875 1876 <para>A remote buffer overflow in &man.telnetd.8; has been fixed 1877 (see security advisory FreeBSD-SA-01:49). &merged;</para> 1878 1879 <para>The new <varname>net.inet.ip.maxfragpackets</varname> and 1880 <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables 1881 limit the amount of memory that can be consumed by IPv4 and IPv6 1882 packet fragments, which defends against some denial of service 1883 attacks (see security advisory 1884 FreeBSD-SA-01:52). &merged;</para> 1885 1886 <para role="historic">All services in <filename>inetd.conf</filename> are now 1887 disabled by default for new installations. &man.sysinstall.8; 1888 gives the option of enabling or disabling &man.inetd.8; on new 1889 installations, as well as editing 1890 <filename>inetd.conf</filename>. &merged;</para> 1891 1892 <para>A flaw in the implementation of the &man.ipfw.8; 1893 <literal>me</literal> rules on point-to-point links has been 1894 corrected. Formerly, <literal>me</literal> filter rules would 1895 match the remote IP address of a point-to-point interface in 1896 addition to the intended local IP address (see security advisory 1897 FreeBSD-SA-01:53). &merged;</para> 1898 1899 <para>A vulnerability in &man.procfs.5;, which could allow a 1900 process to read sensitive information from another process's 1901 memory space, has been closed (see security advisory 1902 FreeBSD-SA-01:55). &merged;</para> 1903 1904 <para>The <literal>PARANOID</literal> hostname checking in 1905 <application>tcp_wrappers</application> now works as advertised 1906 (see security advisory FreeBSD-SA-01:56). &merged;</para> 1907 1908 <para>A local root exploit in &man.sendmail.8; has been closed 1909 (see security advisory FreeBSD-SA-01:57). &merged;</para> 1910 1911 <para>A remote root vulnerability in &man.lpd.8; has been closed 1912 (see security advisory FreeBSD-SA-01:58). &merged;</para> 1913 1914 <para>A race condition in &man.rmuser.8; that briefly exposed a 1915 world-readable <filename>/etc/master.passwd</filename> has been 1916 fixed (see security advisory FreeBSD-SA-01:59). &merged;</para> 1917 1918 <para>A vulnerability in <application>UUCP</application> has been 1919 closed (see security advisory FreeBSD-SA-01:62). All 1920 non-<username>root</username>-owned binaries in standard system 1921 paths now have the <literal>schg</literal> flag set to prevent 1922 exploit vectors when run by &man.cron.8;, by 1923 <username>root</username>, or by a user other then the one owning 1924 the binary. In addition, &man.uustat.1; is now run via 1925 <filename>/etc/periodic/daily/410.status-uucp</filename> as 1926 <username>uucp</username>, not <username>root</username>. In 1927 &os; -CURRENT, <application>UUCP</application> has since been 1928 moved to the Ports Collection and no longer a part of the base 1929 system. &merged;</para> 1930 1931 <para role="historic">A security hole in the form of a buffer overflow in the 1932 &man.semop.2; system call has been closed. &merged;</para> 1933 1934 <para>A security hole in <application>OpenSSH</application>, which 1935 could allow users to execute code with arbitrary privileges if 1936 <literal>UseLogin yes</literal> was set, has been closed. Note 1937 that the default value of this setting is 1938 <literal>UseLogin no</literal>. (See security advisory 1939 FreeBSD-SA-01:63.) &merged;</para> 1940 1941 <para>The use of an insecure temporary directory by 1942 &man.pkg.add.1; could permit a local attacker to modify the 1943 contents of binary packages while they were being installed. 1944 This hole has been closed. (See security advisory 1945 FreeBSD-SA-02:01.) &merged;</para> 1946 1947 <para>A race condition in &man.pw.8;, which could expose the 1948 contents of <filename>/etc/master.passwd</filename>, has been 1949 eliminated. (See security advisory FreeBSD-SA-02:02.) 1950 &merged;</para> 1951 1952 <para>A bug in &man.k5su.8; could have allowed a process that had 1953 given up superuser privileges to regain them. This bug has been 1954 fixed. (See security advisory FreeBSD-SA-02:07.) 1955 &merged;</para> 1956 1957 <para>An <quote>off-by-one</quote> bug has been fixed in 1958 <application>OpenSSH</application>'s multiplexing code. This bug 1959 could have allowed an authenticated remote user to cause 1960 &man.sshd.8; to execute arbitrary code with superuser 1961 privileges, or allowed a malicious SSH server to execute arbitrary 1962 code on the client system with the privileges of the client user. (See security 1963 advisory <ulink 1964 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.) 1965 &merged;</para> 1966 1967 <para>A programming error in <application>zlib</application> could 1968 result in attempts to free memory multiple times. The 1969 &man.malloc.3;/&man.free.3; routines used in &os; are not 1970 vulnerable to this error, but applications receiving 1971 specially-crafted blocks of invalid compressed data could 1972 be made to function incorrectly or abort. This 1973 <application>zlib</application> bug has been fixed. For a 1974 workaround and solutions, see security advisory <ulink 1975 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.v1.2.asc">FreeBSD-SA-02:18</ulink>. 1976 &merged;</para> 1977 1978 <para>Bugs in the TCP SYN cache (<quote>syncache</quote>) and SYN 1979 cookie (<quote>syncookie</quote>) implementations, which could 1980 cause legitimate TCP/IP traffic to crash a machine, have been 1981 fixed. For a workaround and patches, see security advisory 1982 <ulink 1983 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc">FreeBSD-SA-02:20</ulink>. 1984 &merged;</para> 1985 1986 <para>A routing table memory leak, which could allow a remote 1987 attacker to exhaust the memory of a target machine, has been 1988 fixed. A workaround and patches can be found in security 1989 advisory <ulink 1990 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc">FreeBSD-SA-02:21</ulink>. 1991 &merged;</para> 1992 1993 <para>A bug with memory-mapped I/O, which could cause a system 1994 crash, has been fixed. For more information about a solution, 1995 see security advisory <ulink 1996 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc">FreeBSD-SA-02:22</ulink>. 1997 &merged;</para> 1998 1999 <para>A security hole, in which SUID programs could be made to 2000 read from or write to inappropriate files through manipulation 2001 of their standard I/O file descriptors, has been fixed. 2002 Information regarding a solution can be found in security 2003 advisory <ulink 2004 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc">FreeBSD-SA-02:23</ulink>. 2005 &merged;</para> 2006 2007 <para>Some unexpected behavior could be allowed with &man.k5su.8; 2008 because it does not require that an invoking user be a member of 2009 the <groupname>wheel</groupname> group when attempting to become 2010 the superuser (this is the case with &man.su.1;). To avoid this 2011 situation, &man.k5su.8; is now installed non-SUID by default 2012 (effectively disabling it). More information can be found in 2013 security advisory <ulink 2014 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc">FreeBSD-SA-02:24</ulink>. 2015 &merged;</para> 2016 2017 <para>Multiple vulnerabilities were found in the &man.bzip2.1; 2018 utility, which could allow files to be overwritten without 2019 warning or allow local users unintended access to files. These 2020 problems have been corrected with a new import of 2021 <application>bzip2</application>. For more information, see 2022 security advisory <ulink 2023 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc">FreeBSD-SA-02:25</ulink>. 2024 &merged;</para> 2025 2026 <para>A bug has been fixed in the implementation of the TCP SYN 2027 cache (<quote>syncache</quote>), which could allow a remote 2028 attacker to deny access to a service when accept filters 2029 (see &man.accept.filter.9;) were in use. This bug has been 2030 fixed; for more information, see security advisory <ulink 2031 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:26.accept.asc">FreeBSD-SA-02:26</ulink>. 2032 &merged;</para> 2033 2034 <para>Due to a bug in &man.rc.8;'s use of shell globbing, users 2035 may be able to remove the contents of arbitrary files if 2036 <filename>/tmp/.X11-unix</filename> does not exist and the 2037 system can be made to reboot. This bug has been corrected (see 2038 security advisory <ulink 2039 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc">FreeBSD-SA-02:27</ulink>). 2040 &merged;</para> 2041 2042 <para>A buffer overflow in the resolver, which could be exploited 2043 by a malicious domain name server or an attacker forging DNS 2044 messages, has been fixed. See security advisory <ulink 2045 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:28.resolv.asc">FreeBSD-SA-02:28</ulink> 2046 for more details. &merged;</para> 2047 2048 <para>A buffer overflow in &man.tcpdump.1;, which could be triggered by 2049 badly-formed NFS packets, has been fixed. See security advisory 2050 <ulink 2051 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:29.tcpdump.asc">FreeBSD-SA-02:29</ulink> 2052 for more details. &merged;</para> 2053 2054 <para>&man.ktrace.1; can no longer trace the operation of formerly 2055 privileged processes; this prevents the leakage of sensitive 2056 information that the process could have obtained before 2057 abandoning its privileges. For a discussion of this issue, see 2058 security advisory 2059 <ulink 2060 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:30.ktrace.asc">FreeBSD-SA-02:30</ulink> 2061 for more details. &merged;</para> 2062 2063 <para>A race condition in &man.pppd.8;, which could be used to 2064 change the permissions of an arbitrary file, has been corrected. 2065 For more information, see security advisory <ulink 2066 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:32.pppd.asc">FreeBSD-SA-02:32</ulink>. 2067 &merged;</para> 2068 2069 <para>Multiple buffer overflows in 2070 <application>OpenSSL</application> have been corrected, by way 2071 of an upgrade to the base system version of 2072 <application>OpenSSL</application>. More details can be found 2073 in security advisory <ulink 2074 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc">FreeBSD-SA-02:33</ulink>. 2075 &merged;</para> 2076 2077 <para>A heap buffer overflow in the XDR decoder has been fixed. 2078 For more details, see security advisory <ulink 2079 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:34.rpc.asc">FreeBSD-SA-02:34</ulink>. 2080 &merged;</para> 2081 2082 <para>A bug that could allow local users to read and write 2083 arbitrary blocks on an FFS filesystem has been corrected. More 2084 details can be found in security advisory <ulink 2085 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:35.ffs.asc">FreeBSD-SA-02:35</ulink>. 2086 &merged;</para> 2087 2088 <para>A bug in the NFS server code, which could allow a remote 2089 denial of service attack, has been fixed. Security advisory <ulink 2090 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:36.nfs.asc">FreeBSD-SA-02:36</ulink> 2091 has more details. &merged;</para> 2092 2093 <para>A bug that could allow local users to panic a system using 2094 the &man.kqueue.2; mechanism has been fixed. More information 2095 is contained in security advisory <ulink 2096 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:37.kqueue.asc">FreeBSD-SA-02:37</ulink>. 2097 &merged;</para> 2098 2099 <para>Several bounds-checking bugs in system calls, which could 2100 result in some system calls returning a large portion of kernel 2101 memory, have been fixed. More information can be found in 2102 security advisory <ulink 2103 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:38.signed-error.asc">FreeBSD-SA-02:38</ulink>. 2104 &merged;</para> 2105 2106 <para>A bug that could allow applications using 2107 <filename>libkvm</filename> to leak sensitive file descriptors 2108 has been corrected. (See security advisory <ulink 2109 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc">FreeBSD-SA-02:39</ulink> 2110 for more details.) 2111 &merged;</para> 2112 2113 </sect2> 2114 2115 <sect2 id="userland"> 2116 <title>Userland Changes</title> 2117 2118 <para>Support for &man.a.out.5; format executables in the compiler 2119 toolchain has been largely removed. 2120 <note> 2121 <para>This is a work in progress. Eventually, &man.a.out.5; 2122 support will resurface in a series of ports/packages.</para> 2123 </note> 2124 </para> 2125 2126 <para role="historic">If the first argument to &man.ancontrol.8; or 2127 &man.wicontrol.8; doesn't start with a <literal>-</literal>, it 2128 is assumed to be an interface. &merged;</para> 2129 2130 <para role="historic">&man.apmd.8; now has the ability to monitor battery levels 2131 and execute commands based on percentage or minutes of battery 2132 life remaining via the <literal>apm_battery</literal> 2133 configuration directive. See the commented-out examples in 2134 <filename>/etc/apmd.conf</filename> for the 2135 syntax. &merged;</para> 2136 2137 <para role="historic">&man.arp.8; now prints the applicable interface name for 2138 each ARP entry. &merged;</para> 2139 2140 <para>&man.arp.8; now prints <literal>[fddi]</literal> or 2141 <literal>[atm]</literal> tags for addresses on interfaces of 2142 those types.</para> 2143 2144 <para>The &man.asa.1; utility, to interpret FORTRAN 2145 carriage-control characters, has been added.</para> 2146 2147 <para>&man.at.1; now supports the <option>-r</option> command-line 2148 option to remove jobs and the <option>-t</option> option to 2149 specify times in POSIX time format.</para> 2150 2151 <para role="historic">&man.atacontrol.8; has been added to control various aspects 2152 of the &man.ata.4; driver. &merged;</para> 2153 2154 <para>The system &man.awk.1; now refers to 2155 <application>BWK awk</application>.</para> 2156 2157 <para>&man.basename.1; now accept <option>-a</option> and 2158 <option>-s</option> flags, which allow it to perform the 2159 &man.basename.3; function on multiple files.</para> 2160 2161 <para>&man.biff.1; now accepts a <option>b</option> argument to 2162 enable <quote>bell notification</quote> of new mail (which does 2163 not disturb the terminal contents as <command>biff y</command> 2164 would). &merged;</para> 2165 2166 <para>&man.biff.1; now uses the first terminal associated with the 2167 standard input, standard output or standard error file 2168 descriptor, in that order. Thus, it is possible to use the 2169 redirection facilities of a shell (<command>biff n < 2170 /dev/ttyp1</command>) to toggle the notification for other 2171 terminals.</para> 2172 2173 <para arch="pc98" role="historic">&man.boot98cfg.8;, a PC-98 boot manager 2174 installation and configuration utility, has been 2175 added. &merged;</para> 2176 2177 <para role="historic">&man.burncd.8; now supports a <option>-m</option> option for 2178 multisession mode (the default behavior now is to close disks as 2179 single-session). A <option>-l</option> option to take a list of 2180 image files from a filename was also added; 2181 <filename>-</filename> can be used as a filename for 2182 <literal>stdin</literal>. &merged;</para> 2183 2184 <para>&man.burncd.8; now supports Disk At Once (DAO) mode, 2185 selectable via the <option>-d</option> flag.</para> 2186 2187 <para>&man.burncd.8; now has the ability to write VCDs/SVCDs.</para> 2188 2189 <para>&man.bzgrep.1;, &man.bzegrep.1;, and &man.bzfgrep.1; 2190 have been added to perform &man.grep.1;-type operations on 2191 &man.bzip2.1;-compressed files.</para> 2192 2193 <para role="historic">&man.c89.1; has been converted from a shell script to a 2194 binary executable, fixing some minor bugs. &merged;</para> 2195 2196 <para>&man.calendar.1; now takes a <option>-W</option> option, 2197 which operates similar to <option>-A</option> but without 2198 special treatment at weekends, and a <option>-F</option>option 2199 to change the notion of <quote>Friday</quote>.</para> 2200 2201 <para arch="i386,pc98" role="historic">A minimalized version of &man.camcontrol.8; is 2202 now available on the installation floppy. This allows it to 2203 rescan for devices that have been connected after booting, or to 2204 show the devices attached to SCSI busses (e. g. from within the 2205 <quote>emergency holographic shell</quote>). &merged;</para> 2206 2207 <para role="historic">&man.cat.1; now has the ability to read from UNIX-domain 2208 sockets. &merged;</para> 2209 2210 <para>&man.catman.1; is now a C program, instead of a 2211 Perl script.</para> 2212 2213 <para role="historic">&man.cdcontrol.1; now supports a <literal>cdid</literal> 2214 command, which calculates and displays the CD serial number, 2215 using the same algorithm used by the CDDB 2216 database. &merged;</para> 2217 2218 <para role="historic">&man.cdcontrol.1; now uses the <envar>CDROM</envar> 2219 environment variable to pick a default device. &merged;</para> 2220 2221 <para role="historic">&man.cdcontrol.1; now supports <literal>next</literal> and 2222 <literal>prev</literal> commands to skip forwards or backwards a 2223 specified number of tracks while playing an audio 2224 CD. &merged;</para> 2225 2226 <para>On ATAPI CDROM drives, &man.cdcontrol.1; now supports a 2227 <literal>speed</literal> command to set the maximum speed to be 2228 used by the drive. &merged;</para> 2229 2230 <para>&man.chflags.1; has moved from <filename>/usr/bin</filename> 2231 to <filename>/bin</filename>.</para> 2232 2233 <para role="historic">&man.chio.1; now has the ability to specify elements by 2234 volume tag instead of by their physical location as well as the 2235 ability to return an element to its previous 2236 location. &merged;</para> 2237 2238 <para>&man.chmod.1; now supports a <option>-h</option> for 2239 changing the mode of a symbolic link.</para> 2240 2241 <para>&man.chmod.1; now also, when the mode is modified, prints 2242 the old and new modes if the <option>-v</option> option is 2243 specified more than once.</para> 2244 2245 <para role="historic">&man.chown.8; now correctly follows symbolic links named as 2246 command line arguments if run without 2247 <option>-R</option>. &merged;</para> 2248 2249 <para>&man.chown.8; no longer takes <literal>.</literal> as a 2250 user/group delimeter. This change was made to support usernames 2251 containing a <literal>.</literal>.</para> 2252 2253 <para>Use of the <literal>CSMG_*</literal> macros no longer 2254 require inclusion of 2255 <filename><sys/param.h></filename></para> 2256 2257 <para role="historic">&man.col.1; now takes a <option>-p</option> flag to force 2258 unknown control sequences to be passed through 2259 unchanged. &merged;</para> 2260 2261 <para role="historic">The <filename>compat3x</filename> distribution has been 2262 updated to include libraries present in &os; 2263 3.5.1-RELEASE. &merged;</para> 2264 2265 <para>A <filename>compat4x</filename> distribution has been added 2266 for compatibility with &os; 4-STABLE.</para> 2267 2268 <para role="historic">&man.config.8; is now better about converting various 2269 warnings that should have been errors into actual fatal errors 2270 with an exit code. This ensures that <literal>make 2271 buildkernel</literal> doesn't quietly ignore them and build a 2272 bogus kernel without a human to read the errors. &merged;</para> 2273 2274 <para role="historic">A number of buffer overflows in &man.config.8; have been 2275 fixed. &merged;</para> 2276 2277 <para>&man.cp.1; now takes a (nonstandard) <option>-n</option> 2278 option to automatically answer <quote>no</quote> when it would 2279 ask to overwrite a file. &merged;</para> 2280 2281 <para>A new &man.csplit.1; utility, which splits files based on 2282 context, has been added.</para> 2283 2284 <para role="historic">&man.ctags.1; no longer creates a corrupt tags file if the 2285 source file used <literal>//</literal> (C++-style) 2286 comments. &merged;</para> 2287 2288 <para>&man.ctags.1; now creates tags for typedefs, structs, 2289 unions, and enums by default (implying the <option>-t</option> 2290 option). The new <option>-T</option> reverts to the old 2291 behavior.</para> 2292 2293 <para>The &man.daemon.8; program, a command-line interface to 2294 &man.daemon.3;, has been added. It detaches itself from its 2295 controlling terminal and executes a program specified on the 2296 command line. This allows the user to run an arbitrary program 2297 as if it were written to be a daemon. &merged;</para> 2298 2299 <para>&man.devinfo.8;, a simple tool to print the device tree and resource 2300 usage by devices, has been added.</para> 2301 2302 <para role="historic">&man.df.1; now takes a <option>-l</option> option to only 2303 display information about locally-mounted 2304 filesystems. &merged;</para> 2305 2306 <para role="historic">&man.disklabel.8; now supports partition sizes expressed in 2307 kilobytes, megabytes, or gigabytes, in addition to 2308 sectors. &merged;</para> 2309 2310 <para>diskpart(8) has been declared obsolete, and has been 2311 removed.</para> 2312 2313 <para role="historic">&man.dmesg.8; now has a <option>-a</option> option to show 2314 the entire message buffer, including &man.syslogd.8; records and 2315 <filename>/dev/console</filename> output. &merged;</para> 2316 2317 <para role="historic">&man.du.1; now takes a <option>-I</option> command-line flag 2318 to ignore/skip files and subdirectories matching a specified 2319 shell-glob mask. &merged;</para> 2320 2321 <para role="historic">&man.dump.8; now supports inheritance of the 2322 <literal>nodump</literal> flag down a hierarchy. &merged;</para> 2323 2324 <para role="historic">The <option>-T</option> option to &man.dump.8; no longer 2325 swallows an extra argument. &merged;</para> 2326 2327 <para role="historic">&man.dump.8; has a new <option>-D</option> option, allowing 2328 the path to the <filename>/etc/dumpdates</filename> file to be 2329 changed. &merged;</para> 2330 2331 <para role="historic">&man.dump.8; now supplies progress information in its 2332 process title, useful for monitoring automated 2333 backups. &merged;</para> 2334 2335 <para>&man.dump.8; now supports a new <option>-S</option> flag to allow 2336 it to just print out the dump size estimates and exit. &merged;</para> 2337 2338 <para role="historic">&man.edquota.8; now takes a <option>-f</option> option to 2339 allow limiting the prototype quota distribution (specified with 2340 <option>-p</option>) to a single filesystem. &merged;</para> 2341 2342 <para role="historic"><filename>/etc/rc.firewall</filename> and 2343 <filename>/etc/rc.firewall6</filename> will no longer add their own 2344 hardcoded rules in the cases of a rules file in the 2345 <varname>firewall_type</varname> variable or a non-existent 2346 firewall type. (The motivation for this change is to avoid 2347 acting on assumptions about a site's firewall policies.) In 2348 addition, the <literal>closed</literal> firewall type now works 2349 as documented in the &man.rc.firewall.8; manual page. &merged;</para> 2350 2351 <para role="historic">The functionality of <filename>/etc/security</filename> has 2352 been been moved into a set of scripts under the &man.periodic.8; 2353 framework, to make local customization easier and more 2354 maintainable. These scripts now reside in 2355 <filename>/etc/periodic/security/</filename>. &merged;</para> 2356 2357 <para>&man.expr.1; is now compliant with the POSIX Utility Syntax 2358 Guidelines. Some programs depend on the old, historic behavior 2359 (the <filename role="package">devel/libtool</filename> 2360 port/package was/is a notable example). In these situations, 2361 the <envar>EXPR_COMPAT</envar> environment variable can be 2362 defined, which causes &man.expr.1; to behave more like previous 2363 versions.</para> 2364 2365 <para>&man.fbtab.5; now accepts glob matching patterns for target 2366 devices, not just individual devices and directories.</para> 2367 2368 <para arch="i386">&man.fdisk.8; no longer attempts to search for a 2369 device if none has been specified on the command line, but 2370 instead tries to figure out the default device name from the 2371 root device.</para> 2372 2373 <para>&man.fdread.1;, a program to read data from floppy disks, 2374 has been added. It is a counterpart to &man.fdwrite.1; and is 2375 designed to provide a means of recovering at least some data 2376 from bad media, and to obviate for a complex invocation of 2377 &man.dd.1;.</para> 2378 2379 <para role="historic">&man.find.1; now takes the <option>-empty</option> flag, 2380 which returns true if a file or directory is 2381 empty. &merged;</para> 2382 2383 <para role="historic">&man.find.1; now takes the <option>-iname</option> and 2384 <option>-ipath</option> primaries for case-insensitive matches, 2385 and the <option>-regexp</option> and <option>-iregexp</option> 2386 primaries for regular-expression matches. The 2387 <option>-E</option> flag now enables extended regular 2388 expressions. &merged;</para> 2389 2390 <para role="historic">&man.find.1; now has the <option>-anewer</option>, 2391 <option>-cnewer</option>, <option>-mnewer</option>, 2392 <option>-okdir</option>, and <option>-newer[acm][acmt]</option> 2393 primaries for comparisons of file timestamps. The latter 2394 primaries can be specified with various units of 2395 time. &merged;</para> 2396 2397 <para role="historic">&man.finger.1; now has the ability to support fingering 2398 aliases, via the &man.finger.conf.5; file. &merged;</para> 2399 2400 <para>&man.finger.1; now has support for a 2401 <filename>.pubkey</filename> file. &merged;</para> 2402 2403 <para>&man.finger.1; now supports a <option>-g</option> flag to 2404 restrict the printing of GECOS information to the user's full 2405 name only. &merged;</para> 2406 2407 <para>&man.finger.1; now supports the <option>-4</option> and 2408 <option>-6</option> flags to specify an address family for 2409 remote queries. &merged;</para> 2410 2411 <para role="historic">&man.fmt.1; has been rewritten; the rewrite fixes a number 2412 of bugs compared to its prior behavior. &merged;</para> 2413 2414 <para role="historic">&man.fmtcheck.3;, a function for checking consistency of 2415 format string arguments, has been added. &merged;</para> 2416 2417 <para>&man.fold.1; now supports a <option>-b</option> flag to 2418 break at byte positions and a <option>-s</option> flag to break at 2419 word boundaries. &merged;</para> 2420 2421 <para role="historic">&man.fsdb.8; now supports a <literal>blocks</literal> 2422 command to list the blocks allocated by a particular 2423 inode. &merged;</para> 2424 2425 <para>&man.fsck.8; wrappers have been imported; this feature 2426 provides infrastructure for &man.fsck.8; to work on different 2427 types of filesystems (analogous to &man.mount.8;).</para> 2428 2429 <para>The behavior of &man.fsck.8; when dealing with various 2430 passes (a la <filename>/etc/fstab</filename>) has been modified 2431 to accommodate multiple-disk filesystems.</para> 2432 2433 <para>&man.fsck.8; now has support for foreground 2434 (<option>-F</option>) and background (<option>-B</option>) 2435 checks. Traditionally, &man.fsck.8; is invoked before the 2436 filesystems are mounted and all checks are done to completion at 2437 that time. If background checking is available, &man.fsck.8; is 2438 invoked twice. It is first invoked at the traditional time, 2439 before the filesystems are mounted, with the <option>-F</option> 2440 flag to do checking on all the filesystems that cannot do 2441 background checking. It is then invoked a second time, after 2442 the system has completed going multiuser, with the 2443 <option>-B</option> flag to do checking on all the filesystems 2444 that can do background checking. Unlike the foreground 2445 checking, the background checking is started asynchronously so 2446 that other system activity can proceed even on the filesystems 2447 that are being checked. Boot-time enabling of this feature is 2448 controlled by the 2449 <varname>background_fsck</varname> option in &man.rc.conf.5;.</para> 2450 2451 <para role="historic">Shortly after the receipt of a <literal>SIGINFO</literal> 2452 signal (normally control-T from the controlling tty), 2453 &man.fsck.ffs.8; will now output a line indicating the current 2454 phase number and progress information relevant to the current 2455 phase. &merged;</para> 2456 2457 <para>&man.fsck.ffs.8; now supports background filesystem checks 2458 to mounted FFS filesystems with the <option>-B</option> option 2459 (softupdates must be enabled on these filesystems). The 2460 <option>-F</option> flag now determines whether a specified 2461 filesystem needs foreground checking.</para> 2462 2463 <para role="historic">A new &man.fsck.msdosfs.8; utility has been added to check 2464 the consistency of MS-DOS filesystems. &merged;</para> 2465 2466 <para role="historic">&man.ftpd.8; now supports a <option>-r</option> flag for 2467 read-only mode and a <option>-E</option> flag to disable 2468 <literal>EPSV</literal>. It also has some fixes to reduce 2469 information leakage and the ability to specify compile-time port 2470 ranges. &merged;</para> 2471 2472 <para>&man.ftpd.8; now supports the <option>-m</option> option 2473 to permit guest users to modify existing files if allowed 2474 by filesystem permissions. 2475 In particular, this enables guest users to resume uploads. 2476 &merged;</para> 2477 2478 <para>&man.ftpd.8; now supports the <option>-M</option> option 2479 to prevent guest users from creating directories. 2480 &merged;</para> 2481 2482 <para>&man.ftpd.8; now supports <option>-o</option> and 2483 <option>-O</option> options to disable the 2484 <literal>RETR</literal> command; the former for everybody, and 2485 the latter only for guest users. Coupled with 2486 <option>-A</option> and appropriate file permissions, these can 2487 be used to create a relatively safe anonymous FTP drop box for 2488 others to upload to. &merged;</para> 2489 2490 <para>&man.ftpd.8; now supports the <option>-W</option> option 2491 to disable logging FTP sessions to &man.wtmp.5;. &merged;</para> 2492 2493 <para arch="i386,pc98" role="historic">&man.gdb.1; now supports hardware 2494 watchpoints (using the kernel's debug register + support that 2495 has been introduced in &os; 4.0). &merged;</para> 2496 2497 <para role="historic">The &man.getprogname.3; and &man.setprogname.3; library 2498 functions have been added to manipulate the name of the current 2499 program. They are used by error-reporting routines to produce 2500 consistent output. &merged;</para> 2501 2502 <para>gifconfig(8) is obsolete and has been removed. Its 2503 functionality is now handled by the <option>tunnel</option> and 2504 <option>deletetunnel</option> commands of 2505 &man.ifconfig.8;.</para> 2506 2507 <para>&man.gprof.1; now has a <option>-K</option> option to enable 2508 dynamic symbol resolution from the currently-running kernel. 2509 With this change, properly-compiled KLD modules are now able to 2510 be profiled.</para> 2511 2512 <para arch="ia64">The gpt tool for manipulating EFI GPT 2513 partitions has been added.</para> 2514 2515 <para role="historic">&man.growfs.8;, a utility for growing FFS filesystems, has 2516 been added. &man.ffsinfo.8;, a utility for dump all the 2517 meta-information of an existing filesystem, has also been 2518 added. &merged;</para> 2519 2520 <para role="historic">The &man.groups.1; and &man.whoami.1; shell scripts are now 2521 unnecessary; their functionality has been completely folded into 2522 &man.id.1;. &merged;</para> 2523 2524 <para>The ibcs(8), linux(8), osf1(8), and 2525 svr4(8) scripts, whose sole purpose was to load emulation 2526 kernel modules, have been removed. The kernel module system 2527 will automatically load them as needed to fulfill 2528 dependencies.</para> 2529 2530 <para role="historic">&man.indent.1; has gained some new formatting 2531 options. &merged;</para> 2532 2533 <para role="historic">&man.ifconfig.8; can set the link-layer address of 2534 an interface using the <option>link</option> parameter. 2535 &merged;</para> 2536 2537 <para role="historic">&man.ifconfig.8; can now accept addresses in slash/CIDR 2538 notation. &merged;</para> 2539 2540 <para role="historic">&man.ifconfig.8; now has support for setting parameters for 2541 IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4; 2542 devices are supported, and partial support is provided for 2543 &man.awi.4; devices. &merged;</para> 2544 2545 <para role="historic">&man.ifconfig.8; no longer displays the list of supported 2546 media by default. Instead it displays it when the 2547 <option>-m</option> flag is given. &merged;</para> 2548 2549 <para>&man.ifconfig.8; now has the ability to set promiscuous mode 2550 on an interface, via the new <option>promisc</option> 2551 flag. &merged;</para> 2552 2553 <para role="historic">The syntax of &man.inetd.8;'s support for &man.faithd.8; is 2554 now compatible with that of other BSDs. &merged;</para> 2555 2556 <para role="historic">The <literal>ident</literal> protocol support in 2557 &man.inetd.8; has been cleaned up and updated. &merged;</para> 2558 2559 <para role="historic">&man.inetd.8; now has the ability to manage UNIX-domain 2560 sockets. &merged;</para> 2561 2562 <para>By default, &man.inetd.8; is no longer run by &man.rc.8; at 2563 boot-time, although &man.sysinstall.8; gives the option of 2564 enabling it during binary installations. &man.inetd.8; can also 2565 be enabled by adding the following line to 2566 <filename>/etc/rc.conf</filename>:</para> 2567 2568 <programlisting>inetd_enable="YES"</programlisting> 2569 2570 <para>&man.inetd.8; now has the capability for limiting the 2571 maximum number of simultaneous invocations of each service from 2572 a single IP address. &merged;</para> 2573 2574 <para role="historic">&man.install.1; has a number of new features, including the 2575 <option>-b</option> and <option>-B</option> options for backing up 2576 existing target files and the <option>-S</option> option for 2577 <quote>safe</quote> (atomic copy) operation. The 2578 <option>-c</option> (copy) flag is now the default, and the 2579 <option>-D</option> (debugging) flag has been withdrawn. 2580 &man.install.1; now issues a warning if <option>-d</option> 2581 (create directories) and <option>-C</option> (copy changed files 2582 only) are used together. &merged;</para> 2583 2584 <para role="historic">IP Filter is now supported by the &man.rc.conf.5; boot-time 2585 configuration and initialization. &merged;</para> 2586 2587 <para role="historic">&man.ipfstat.8; now supports the <option>-t</option> option 2588 to turn on a &man.top.1;-like display. &merged;</para> 2589 2590 <para role="historic">&man.ipfw.8; will now avoid the display of dynamic firewall 2591 rules unless the <option>-d</option> flag is passed to it. The 2592 <option>-e</option> option lists expired dynamic 2593 rules. &merged;</para> 2594 2595 <para role="historic">&man.ipfw.8; has a new feature (<literal>me</literal>) that 2596 allows for packet matching on interfaces with 2597 dynamically-changing IP addresses. &merged;</para> 2598 2599 <para role="historic">&man.ipfw.8; has a new <literal>limit</literal> type of 2600 firewall rule, which limits the number of sessions between 2601 address pairs. &merged;</para> 2602 2603 <para>&man.ipfw.8; filter rules can now match on the value of the 2604 IPv4 precedence field.</para> 2605 2606 <para role="historic">&man.ip6fw.8; now has the ability to use a preprocessor and 2607 use the <option>-q</option> (quiet) flag when reading from a 2608 file. &merged;</para> 2609 2610 <para role="historic">&man.ispppcontrol.8; has been deleted, and its functionality 2611 has been folded into &man.spppcontrol.8;. &merged;</para> 2612 2613 <para role="historic">&man.k5su.8; is no longer installed SUID 2614 <username>root</username> by default. Users requiring this 2615 feature can either manually change the permissions on the 2616 &man.k5su.8; executable or add 2617 <literal>ENABLE_SUID_K5SU=yes</literal> to 2618 <filename>/etc/make.conf</filename> before a source 2619 upgrade. &merged;</para> 2620 2621 <para>&man.kbdmap.1; and &man.vidfont.1; have been converted from 2622 Perl to C.</para> 2623 2624 <para role="historic">&man.kenv.1;, a command to dump the kernel environment, has 2625 been added. &merged;</para> 2626 2627 <para>&man.kenv.1; now has the ability to set or delete kernel 2628 environment variables.</para> 2629 2630 <para role="historic">&man.keyinfo.1; is now a C program, rather than a Perl 2631 script. &merged;</para> 2632 2633 <para>The kget(8) utility has been removed (it was only 2634 useful for UserConfig, which is not present in &os; 2635 &release.current;).</para> 2636 2637 <para role="historic">&man.killall.1; is now a C program, rather than a Perl 2638 script. As a result, its <option>-m</option> option now uses 2639 the regular expression syntax of &man.regex.3;, rather than that 2640 of Perl. &merged;</para> 2641 2642 <para>&man.killall.1; no longer tries to kill zombie processes 2643 unless the <option>-z</option> flag is specified.</para> 2644 2645 <para role="historic">The &man.kldconfig.8; utility has been added to make it 2646 easier to manipulate the kernel module search 2647 path. &merged;</para> 2648 2649 <para>ktrdump, a utility to dump the ktr trace buffer from 2650 userland, has been added.</para> 2651 2652 <para role="historic">&man.last.1; now implements a <option>-d</option> that 2653 provides a <quote>snapshot</quote> of who was logged in at a 2654 particular date and time. &merged;</para> 2655 2656 <para role="historic">&man.last.1; now supports a <option>-y</option> flag, which 2657 causes the year to be included in the session start time. &merged;</para> 2658 2659 <para role="historic">The &man.lastlogin.8; utility, which prints the last login 2660 time of each user, has been imported from 2661 NetBSD. &merged;</para> 2662 2663 <para role="historic">&man.ldconfig.8; now checks directory ownerships and 2664 permissions for greater security; these checks can be disabled 2665 with the <option>-i</option> flag. &merged;</para> 2666 2667 <para role="historic">&man.ldd.1; can now be used on shared libraries, in addition 2668 to executables. &merged;</para> 2669 2670 <para>&man.ldd.1; now supports a <option>-a</option> flag to list 2671 all the objects that are needed by each loaded object.</para> 2672 2673 <para><filename>libc</filename> is now thread-safe by default; 2674 <filename>libc_r</filename> contains only thread 2675 functions.</para> 2676 2677 <para role="historic"><filename>libcrypt</filename> and 2678 <filename>libdescrypt</filename> have been unified to provide a 2679 configurable password authentication hash library. Both the md5 2680 and des hash methods are provided unless the des hash is 2681 specifically compiled out. &merged;</para> 2682 2683 <para role="historic"><filename>libcrypt</filename> now has support for Blowfish 2684 password hashing. &merged;</para> 2685 2686 <para arch="i386" role="historic"><filename>libdisk</filename> can now do 2687 install-time configuration of the <filename>boot0</filename> 2688 boot loader. &merged;</para> 2689 2690 <para role="historic"><filename>libstand</filename> now has support for 2691 filesystems containing 2692 <application>bzip2</application>-compressed 2693 files. &merged;</para> 2694 2695 <para><filename>libstand</filename> now has support for 2696 overwriting the contents of a file on a UFS filesystem (it 2697 cannot expand or truncate files because the filesystem may be 2698 dirty or inconsistent).</para> 2699 2700 <para role="historic"><filename>libstand</filename> now has support for loading 2701 large kernels and modules split across several physical 2702 media. &merged;</para> 2703 2704 <para role="historic">The default TCP port range used by 2705 <filename>libfetch</filename> for passive FTP retrievals has 2706 changed; this affects the behavior of &man.fetch.1;, which has 2707 gained the <option>-U</option> option to restore the old 2708 behavior. &merged;</para> 2709 2710 <para role="historic"><filename>libfetch</filename> now has support for an 2711 authentication callback. &merged;</para> 2712 2713 <para role="historic"><filename>libfetch</filename> now has support for a 2714 <envar>HTTP_USER_AGENT</envar> environment 2715 variable. &merged;</para> 2716 2717 <para><filename>libgmp</filename> has been superceded by 2718 <filename>libmp</filename>. 2719 2720 <para>The functions from <filename>libposix1e</filename> have been 2721 integrated into <filename>libc</filename>.</para> 2722 2723 <para role="historic"><filename>libusb</filename> has been renamed as 2724 <filename>libusbhid</filename>, following NetBSD's naming 2725 conventions. &merged;</para> 2726 2727 <para role="historic">&man.ln.1; now takes an <option>-i</option> option to 2728 request user confirmation before overwriting an existing 2729 file. &merged;</para> 2730 2731 <para role="historic">&man.ln.1; now takes a <option>-h</option> flag to avoid 2732 following a target that is a link, with a <option>-n</option> 2733 flag for compatibility with other 2734 implementations. &merged;</para> 2735 2736 <para>&man.lock.1; now accepts a <option>-v</option> to disable 2737 switching VTYs while the current terminal is locked. This permits 2738 locking the entire console from a single terminal. &merged;</para> 2739 2740 <para role="historic">&man.logger.1; can now send messages directly to a remote 2741 syslog. &merged;</para> 2742 2743 <para role="historic">&man.login.1; now exports environment variables set by 2744 <application>PAM</application> modules. &merged;</para> 2745 2746 <para role="historic">&man.lpc.8; has been improved; <command>lpc clean</command> 2747 is now somewhat safer, and a new <command>lpc tclean</command> 2748 command has been added to check to see what files would be 2749 removed by <command>lpc clean</command>. &merged;</para> 2750 2751 <para role="historic">&man.lpd.8; now takes two new options: <option>-c</option> 2752 will log all connection errors to &man.syslogd.8;, while 2753 <option>-W</option> will allow connections from non-reserved 2754 ports. &merged;</para> 2755 2756 <para role="historic">&man.lpd.8; now has some support for 2757 <literal>o</literal>-type print-file actions in its control 2758 files, which allows printing of PostScript files generated by 2759 <application>MacOS</application> 10.1. &merged;</para> 2760 2761 <para role="historic">&man.lpd.8; now recognizes the <option>-s</option> flag as 2762 the preferred synonym for <option>-p</option> (these flags 2763 cause &man.lpd.8; not to open a socket for network print 2764 jobs). &merged;</para> 2765 2766 <para role="historic">&man.lpd.8; now implements a new <literal>rc</literal> 2767 printcap option. When specified in a print queue for a remote 2768 host, boolean option causes &man.lpd.8; to resend the data file 2769 for each copy the user requested via <command>lpr 2770 -#<replaceable>n</replaceable></command>. &merged;</para> 2771 2772 <para role="historic">Catching up with most other network utilities in the base 2773 system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and 2774 &man.logger.1; are now all IPv6-capable. &merged;</para> 2775 2776 <para role="historic"><command>lprm -</command> now works for remote printer 2777 queues. &merged;</para> 2778 2779 <para role="historic">&man.ls.1; can produce colorized listings with the 2780 <option>-G</option> flag (and appropriate terminal support). 2781 The <envar>CLICOLOR</envar> environment variable can be set to 2782 enable colorized listings by default. &merged;</para> 2783 2784 <para role="historic">&man.ls.1; now accepts a <option>-h</option> flag, which 2785 when combined with the <option>-l</option> flag, causes file 2786 sizes to be printed with unit suffixes, such that the number of 2787 digits printed is fewer than four. &merged;</para> 2788 2789 <para>The &man.ls.1; program now supports a <option>-m</option> 2790 flag to list files across a page, a <option>-p</option> flag to 2791 force printing of a <literal>/</literal> after directories, and 2792 a <option>-x</option> flag to sort filenames across a 2793 page. &merged;</para> 2794 2795 <para role="historic">&man.m4.1; now accepts a <option>-s</option> flag to cause 2796 it to emit <literal>#line</literal> directives for use by 2797 &man.cpp.1;. &merged;</para> 2798 2799 <para role="historic">&man.mail.1; now takes a <option>-E</option> flag to avoid 2800 sending messages with empty bodies. &merged;</para> 2801 2802 <para role="historic">&man.make.1; has gained the <literal>:C///</literal> 2803 (regular expression substitution), <literal>:L</literal> 2804 (lowercase), and <literal>:U</literal> (uppercase) variable 2805 modifiers. These were added to reduce the differences between 2806 the &os; and OpenBSD/NetBSD &man.make.1; programs. 2807 &merged;</para> 2808 2809 <para role="historic">Bugs in &man.make.1;, among which include broken null suffix 2810 behavior, bad assumptions about current directory permissions, 2811 and potential buffer overflows, have been fixed. &merged;</para> 2812 2813 <para role="historic">The new <varname>CPUTYPE</varname> 2814 <filename>make.conf</filename> variable controls the compilation 2815 of processor-specific optimizations in various pieces of code 2816 such as <application>OpenSSL</application>. &merged;</para> 2817 2818 <para role="historic">The &os; <filename>Makefile</filename> infrastructure now 2819 supports the <varname>WARNS</varname> directive from NetBSD. 2820 This directive controls the addition of compiler warning flags 2821 to <varname>CFLAGS</varname> in a relatively compiler-neutral 2822 manner. &merged;</para> 2823 2824 <para>&man.makewhatis.1; is now a C program, instead of a 2825 Perl script.</para> 2826 2827 <para>&man.man.1; is no longer installed SUID 2828 <username>man</username>, in order to reduce vulnerabilities 2829 associated with generating <quote>catpages</quote> (preformatted 2830 manual pages cached for repeated viewing). As a result, 2831 &man.man.1; can no longer create system catpages on a regular 2832 user's behalf. It is still able to do so if the user has write 2833 permissions to the directory holding catpages (e.g. a user's own 2834 manpages) or if the running user is 2835 <username>root</username>.</para> 2836 2837 <para arch="ia64">The mca utility, for decoding machine check 2838 records, has been added.</para> 2839 2840 <para>The &man.mdmfs.8; command has been added; it is a wrapper 2841 around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and 2842 &man.mount.8; that mimics the command line option set of the 2843 deprecated &man.mount.mfs.8;.</para> 2844 2845 <para role="historic">&man.mergemaster.8; now sources an 2846 <filename>/etc/mergemaster.rc</filename> file and also prompts 2847 the user to run recommended commands (such as 2848 <command>newaliases</command>) as needed. &merged;</para> 2849 2850 <para role="historic">&man.mergemaster.8; now supports two new flags. 2851 The <option>-p</option> flag enables a 2852 <quote>pre-<literal>buildworld</literal></quote> mode to files 2853 known to be essential to the success of the 2854 <literal>buildworld</literal> and 2855 <literal>installworld</literal> system updating steps. The 2856 <option>-C</option> flag, used after a successful 2857 &man.mergemaster.8; run, compares options in 2858 <filename>/etc/rc.conf</filename> to the default options in 2859 <filename>/etc/defaults/rc.conf</filename>. &merged;</para> 2860 2861 <para>&man.mesg.1; now conforms to SUSv3. Among other things, it 2862 now uses the first terminal associated with the standard input, 2863 standard output or standard error file descriptor, in that order. 2864 Thus, it is possible to use the redirection facilities of a shell 2865 (<command>mesg n < /dev/ttyp1</command>) to control write access 2866 for other terminals.</para> 2867 2868 <para role="historic">mk_cmds(1) and the associated 2869 <filename>libss</filename> have been removed; they have been 2870 unused for quite some time. &merged;</para> 2871 2872 <para>&man.mountd.8; and &man.nfsd.8; have moved from 2873 <filename>/sbin</filename> to <filename>/usr/sbin</filename>.</para> 2874 2875 <para role="historic">&man.moused.8; now takes a <option>-a</option> option to 2876 control mouse acceleration. &merged;</para> 2877 2878 <para role="historic">&man.mtree.8; now includes support for a file that lists 2879 pathnames to be excluded when creating and verifying prototypes. 2880 This makes it easier to use &man.mtree.8; as a part of an 2881 intrusion-detection system. &merged;</para> 2882 2883 <para>&man.mv.1; now takes a (nonstandard) <option>-n</option> option to 2884 automatically answer <quote>no</quote> when it would ask to 2885 overwrite a file. &merged;</para> 2886 2887 <para role="historic">&man.natd.8; now supports a 2888 <option>-log_ipfw_denied</option> option to log packets that 2889 cannot be re-injected because they are blocked by &man.ipfw.8; 2890 rules. &merged;</para> 2891 2892 <para role="historic">The <quote>in use</quote> percentage metric displayed by 2893 &man.netstat.1; now really reflects the percentage of network 2894 mbufs used. &merged;</para> 2895 2896 <para role="historic">&man.netstat.1; now has a <option>-W</option> flag that 2897 tells it not to truncate addresses, even if they're too long for 2898 the column they're printed in. &merged;</para> 2899 2900 <para role="historic">&man.netstat.1; now keeps track of input and output packets 2901 on a per-address basis for each interface. &merged;</para> 2902 2903 <para role="historic">&man.netstat.1; now has a <option>-z</option> flag to reset 2904 statistics. &merged;</para> 2905 2906 <para role="historic">&man.netstat.1; now has a <option>-S</option> flag to print 2907 address numerically but port names symbolically. &merged;</para> 2908 2909 <para role="historic">&man.newfs.8; now implements write combining, which can make 2910 creation of new filesystems up to seven times 2911 faster. &merged;</para> 2912 2913 <para role="historic">&man.newfs.8; now takes a <option>-U</option> option to 2914 enable softupdates on a new filesystem. &merged;</para> 2915 2916 <para role="historic">The default number of cylinders per group in &man.newfs.8; 2917 is now computed to be the maximum allowable given the current 2918 filesystem parameters. It can be overridden with the 2919 <option>-c</option> option. Formerly, the default was fixed at 2920 16. This change leads to better &man.fsck.8; performance and 2921 reduced fragmentation. &merged;</para> 2922 2923 <para role="historic"><anchor id="newfs-block-frag-sizes">The default block and 2924 fragment sizes for new filesystems created by &man.newfs.8; are 2925 now 16384 and 2048 bytes, respectively (the old defaults were 2926 8192 and 1024 bytes). This change generally provides increased 2927 performance, at the expense of some wasted disk 2928 space. &merged;</para> 2929 2930 <para>A number of archaic features of &man.newfs.8; have been 2931 removed; these implement tuning features that are essentially 2932 useless on modern hard disks. These features were controlled by 2933 the <option>-O</option>, <option>-d</option>, 2934 <option>-k</option>, <option>-l</option>, <option>-n</option>, 2935 <option>-p</option>, <option>-r</option>, <option>-t</option>, 2936 and <option>-x</option> flags.</para> 2937 2938 <para>&man.newfs.8; now supports a <option>-O</option> flag to 2939 select the creation of UFS1 or UFS2 filesystems.</para> 2940 2941 <para>The &man.newgrp.1; utility to change to a new group has been 2942 added.</para> 2943 2944 <para>&man.newsyslog.8; now compresses log files 2945 using &man.bzip2.1; by default. (The former behavior of using 2946 &man.gzip.1; can be specified in 2947 <filename>/etc/newsyslog.conf</filename>.)</para> 2948 2949 <para><application>NFS</application> now works over IPv6.</para> 2950 2951 <para role="historic">&man.ngctl.8; now supports a <option>write</option> command 2952 to send a data packet down a given hook. &merged;</para> 2953 2954 <para>&man.nice.1; now uses the <option>-n</option> option to 2955 specify the <quote>niceness</quote> of the utility being 2956 run. &merged;</para> 2957 2958 <para role="historic">&man.nl.1;, a line numbering filter program, has been 2959 added. &merged;</para> 2960 2961 <para><application>nsswitch</application> support has been merged 2962 from NetBSD. By creating an &man.nsswitch.conf.5; file, &os; 2963 can be configured so that various databases such as 2964 &man.passwd.5; and &man.group.5; can be looked up using flat 2965 files, NIS, or Hesiod. The old 2966 <filename>hosts.conf</filename> file is no longer used.</para> 2967 2968 <para>&man.od.1; now supports the <option>-A</option> option to 2969 specify the input address base, the <option>-N</option> option to 2970 specify the number of bytes to dump, the <option>-j</option> 2971 option to specify the number of bytes to skip, the 2972 <option>-s</option> option to output signed decimal shorts, and 2973 the <option>-t</option> option to specify output type. &merged;</para> 2974 2975 <para><application>PAM</application> support has been added for 2976 account management and sessions.</para> 2977 2978 <para><application>PAM</application> configuration is now 2979 specified by files in <filename>/etc/pam.d/</filename>, rather 2980 than a single <filename>/etc/pam.conf</filename> file. 2981 <filename>/etc/pam.d/README</filename> has more details.</para> 2982 2983 <para>A &man.pam.echo.8; echo service module has been added.</para> 2984 2985 <para>A &man.pam.exec.8; program execution service module has been 2986 added.</para> 2987 2988 <para>A &man.pam.ftp.8; module has been added to allow 2989 authentication of anonymous FTP users.</para> 2990 2991 <para>A &man.pam.ftpusers.8; module has been added to perform 2992 checks against the &man.ftpusers.5; file.</para> 2993 2994 <para>A &man.pam.ksu.8; module has been added to do Kerberos 5 2995 authentication and <filename>$HOME/.k5login</filename> 2996 authorization for &man.su.1;.</para> 2997 2998 <para>A &man.pam.lastlog.8; module has been added to record 2999 sessions in the &man.utmp.5;, &man.wtmp.5;, and &man.lastlog.5; 3000 databases.</para> 3001 3002 <para>A &man.pam.login.access.8; module has been added, to allow 3003 checking against <filename>/etc/login.access</filename>.</para> 3004 3005 <para>The &man.pam.nologin.8; module, which can disallow logins 3006 using &man.nologin.5;, has been added.</para> 3007 3008 <para>The &man.pam.opie.8; and &man.pam.opieaccess.8; modules have 3009 been added to control authentication via &man.opie.4;. &merged;</para> 3010 3011 <para>A &man.pam.passwdqc.8; module has been added, to check the 3012 quality of passwords submitted during password changes.</para> 3013 3014 <para>A &man.pam.rhosts.8; module has been added to support 3015 &man.rhosts.5; authentication.</para> 3016 3017 <para>The &man.pam.rootok.8; module, which can be used to 3018 authenticate only the superuser, has been added.</para> 3019 3020 <para>A &man.pam.securetty.8; module has been added to check the 3021 <quote>security</quote> of a TTY, as listed in &man.ttys.5;.</para> 3022 3023 <para>A &man.pam.self.8; module, which allows self-authentication 3024 of a user, has been added.</para> 3025 3026 <para role="historic">A &man.pam.ssh.8; module has been added to allow the use of 3027 SSH passphrases and keypairs for authentication. This module 3028 also handles session management by invoking 3029 &man.ssh-agent.1;. &merged;</para> 3030 3031 <para>A &man.pam.wheel.8; module has been added to permit 3032 authentication to members of a group, which defaults to 3033 <groupname>wheel</groupname>.</para> 3034 3035 <para role="historic">&man.passwd.1; and &man.pw.8; now select the password hash 3036 algorithm at run time. See the <literal>passwd_format</literal> 3037 attribute in 3038 <filename>/etc/login.conf</filename>. &merged;</para> 3039 3040 <para role="historic">&man.patch.1; now accepts a <option>-i</option> command-line 3041 flag to read a patch from a file, rather than standard 3042 input. &merged;</para> 3043 3044 <para>The &man.pathchk.1; utility, which checks pathnames for 3045 validity or portability between POSIX systems, has been 3046 added.</para> 3047 3048 <para role="historic">&man.pax.1; has received a number of enhancements, including 3049 &man.cpio.1; functionality, &man.tar.1; compatibility 3050 enhancements, <option>-z</option> and <option>-Z</option> flags 3051 for &man.gzip.1; and &man.compress.1; functionality, and a 3052 number of bug fixes. &merged;</para> 3053 3054 <para role="historic">&man.pciconf.8; now supports a <option>-v</option> option to 3055 display the vendor/device information of configured devices, in 3056 conjunction with the <option>-l</option> option. The default 3057 vendor/device database can be found at 3058 <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para> 3059 3060 <para role="historic">The behavior of &man.periodic.8; is now controlled by 3061 <filename>/etc/defaults/periodic.conf</filename> and 3062 <filename>/etc/periodic.conf</filename>. &merged;</para> 3063 3064 <para role="historic">&man.ping.8; now supports a <option>-m</option> option to 3065 set the TTL of outgoing packets. &merged;</para> 3066 3067 <para role="historic">&man.ping.8; now supports a <option>-A</option> option to 3068 beep when packets are lost. &merged;</para> 3069 3070 <para role="historic">Userland &man.ppp.8; has received a number of updates and 3071 bug fixes. &merged;</para> 3072 3073 <para role="historic">&man.ppp.8; has gained the <literal>tcpmssfixup</literal> 3074 option, which adjusts outgoing and incoming TCP SYN packets so 3075 that the maximum receive segment size is no larger than allowed 3076 by the interface MTU. &merged;</para> 3077 3078 <para role="historic">&man.ppp.8; now supports IPv6. &merged;</para> 3079 3080 <para role="historic">&man.pppd.8; (the control program for kernel-level PPP) is 3081 now installed mode <literal>4550</literal> and 3082 <username>root</username><literal>:</literal><groupname>dialer</groupname>, 3083 rather than mode <literal>4555</literal> (in other words, it is 3084 no longer world-executable). Users of &man.pppd.8; may need to 3085 change their group settings. &merged;</para> 3086 3087 <para role="historic">&man.pr.1; now supports the <option>-f</option> and 3088 <option>-p</option> flags to pause output going to a 3089 terminal. &merged;</para> 3090 3091 <para>prefix(8) is obsolete and has been removed. Its 3092 functionality is provided by the <option>eui64</option> command 3093 to &man.ifconfig.8;.</para> 3094 3095 <para role="historic">The <option>-W</option> option to &man.ps.1; (to extract 3096 information from a specified swap device) has been useless for 3097 some time; it has been removed. &merged;</para> 3098 3099 <para>The &man.pselect.3; library function (introduced by POSIX.1 3100 as a slightly stronger version of &man.select.2;) has been 3101 added.</para> 3102 3103 <para role="historic">&man.pwd.1; can now double as &man.realpath.1;, a program to 3104 resolve pathnames to their underlying physical 3105 paths. &merged;</para> 3106 3107 <para>&man.pwd.1; now supports the <option>-L</option> flag to 3108 print the logical current working directory. &merged;</para> 3109 3110 <para>The pseudo-random number generator implemented by 3111 &man.rand.3; has been improved to provide less biased 3112 results.</para> 3113 3114 <para role="historic">&man.rc.8; now has an framework for handling dependencies 3115 between &man.rc.conf.5; variables. &merged;</para> 3116 3117 <para role="historic">&man.rc.8; now deletes all non-directory files in 3118 <filename>/var/run</filename> and 3119 <filename>/var/spool/lock</filename> at boot 3120 time. &merged;</para> 3121 3122 <para>&man.rcmd.3; now supports the use of the 3123 <envar>RSH</envar> environment variable to specify a program to 3124 use other than &man.rsh.1; for remote execution. As a result, 3125 programs such as &man.dump.8;, can use &man.ssh.1; for remote 3126 transport.</para> 3127 3128 <para>&man.rdist.1; has been retired from the base system, but is 3129 still available from &os; Ports Collection as 3130 <filename role="package">net/44bsd-rdist</filename>.</para> 3131 3132 <para role="historic">&man.reboot.8; now takes a <option>-k</option> to specify 3133 the next kernel to boot. &merged;</para> 3134 3135 <para>The &man.renice.8; command implements a <option>-n</option> 3136 option, which specifies an increment to be applied to the 3137 priority of a process. &merged;</para> 3138 3139 <para role="historic">The &man.resolver.3; in &os; now implements EDNS0 support, 3140 which will be necessary when working with IPv6 transport-ready 3141 resolvers/DNS servers. &merged;</para> 3142 3143 <para role="historic">The &man.rfork.thread.3; library call has been added as a 3144 helper function to &man.rfork.2;. Using this function should 3145 avoid the need to implement complex stack swap 3146 code. &merged;</para> 3147 3148 <para role="historic">The <option>-v</option> option to &man.rm.1; now displays 3149 the entire pathname of a file being removed. &merged;</para> 3150 3151 <para role="historic">&man.route.8; is now more verbose when changing indirect 3152 routes, in the case of a gateway route that is the same route as 3153 the one being modified. &merged;</para> 3154 3155 <para role="historic">&man.route.8; now uses 3156 <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal> 3157 syntax instead of 3158 <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal> 3159 syntax, for compatibility with &man.netstat.1;. &merged;</para> 3160 3161 <para role="historic">&man.route.8; can now create <quote>proxy only</quote> 3162 published ARP entries. &merged;</para> 3163 3164 <para role="historic">The &man.route.8; <option>add</option> command now supports 3165 the <option>-ifp</option> and <option>-ifa</option> 3166 modifiers. &merged;</para> 3167 3168 <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para> 3169 3170 <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename> 3171 (as on NetBSD), not 3172 <filename>/usr/libexec/cpp</filename>.</para> 3173 3174 <para>&man.rpc.lockd.8; has been imported from NetBSD. This 3175 daemon provides support for servicing client NFS locks.</para> 3176 3177 <para role="historic">The performance of the ELF dynamic linker &man.rtld.1; has 3178 been improved. &merged;</para> 3179 3180 <para role="historic">RSA Security has waived all patent rights to the 3181 <application>RSA</application> algorithm. As a result, the 3182 native <application>OpenSSL</application> implementation of the 3183 RSA algorithm is now activated by default, and the <filename 3184 role="package">security/rsaref</filename> port and the 3185 <filename>librsaUSA</filename> and 3186 <filename>librsaINTL</filename> libraries are no longer required 3187 for USA and non-USA residents respectively. &merged;</para> 3188 3189 <para>&man.rtld.1; will now print the names of all objects that 3190 cause each object to be loaded, if the 3191 <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment 3192 variable is defined.</para> 3193 3194 <para role="historic">&man.savecore.8; now supports a <option>-k</option> option 3195 to prevent clearing a crash dump after saving it. It also 3196 attempts to avoid writing large stretches of zeros to crash dump 3197 files to save space and time. &merged;</para> 3198 3199 <para role="historic">&man.savecore.8; now works correctly on machines with 2 GB 3200 or more of RAM. &merged;</para> 3201 3202 <para role="historic">&man.sed.1; now takes a <option>-E</option> option for 3203 extended regular expression support. &merged;</para> 3204 3205 <para>&man.sed.1; now takes a <option>-i</option> option to enable 3206 in-place editing of files. &merged;</para> 3207 3208 <para role="historic">&man.send-pr.1; now takes a <option>-a</option> option to 3209 include a file into the <literal>Fix:</literal> section of a 3210 problem report. &merged;</para> 3211 3212 <para>The &man.setfacl.1; and &man.getfacl.1; commands have been 3213 added to manage filesystem Access Control Lists.</para> 3214 3215 <para role="historic">&man.setproctitle.3; has been moved from 3216 <filename>libutil</filename> to 3217 <filename>libc</filename>. &merged;</para> 3218 3219 <para role="historic">&man.sh.1; now implements <command>test</command> as a 3220 built-in command for improved efficiency. &merged;</para> 3221 3222 <para>&man.sh.1; no longer implements <command>printf</command> as 3223 a built-in command because it was considered less valuable 3224 compared to the other built-in commands (this functionality is, 3225 of course, still available through the &man.printf.1; 3226 executable).</para> 3227 3228 <para>&man.sh.1; now supports a <option>-C</option> option to 3229 prevent existing regular files from being overwritten by output 3230 redirection, and a <option>-u</option> to give an error if an 3231 unset variable is expanded. &merged;</para> 3232 3233 <para>The &man.sh.1; built-in <command>cd</command> command now 3234 supports <option>-L</option> and <option>-P</option> flags to 3235 invoke logical or physical modes of operation, respectively. 3236 Logical mode is the default, but the default can be changed with 3237 the <varname>physical</varname> &man.sh.1; option. &merged;</para> 3238 3239 <para>The &man.sh.1; built-in <command>jobs</command> command now 3240 supports a <option>-s</option> flag to output PIDs only and a 3241 <option>-l</option> flag to add PIDs to the output. &merged;</para> 3242 3243 <para>&man.sh.1; now supports a <command>bind</command> built-in 3244 command, which allows the key bindings for the shell's line editor 3245 to be changed.</para> 3246 3247 <para>The &man.sh.1; built-in <command>export</command> and 3248 <command>readonly</command> commands now support a 3249 <option>-p</option> flag to print their output in 3250 <quote>portable</quote> format. &merged;</para> 3251 3252 <para>&man.sh.1; no longer accepts invalid constructs as 3253 <command><replaceable>command</replaceable> & && 3254 <replaceable>command</replaceable></command>, <command>&& 3255 <replaceable>command</replaceable></command>, or <command>|| 3256 <replaceable>command</replaceable></command>. &merged;</para> 3257 3258 <para role="historic">&man.sockstat.1; now has <option>-c</option> and 3259 <option>-l</option> flags for listing connected and listening 3260 sockets, respectively. &merged;</para> 3261 3262 <para>&man.spkrtest.8; is now a &man.sh.1; script, rather than a 3263 Perl script.</para> 3264 3265 <para role="historic">&man.split.1; now has the ability to split a file longer 3266 than 2GB. &merged;</para> 3267 3268 <para>&man.split.1; now supports a <option>-a</option> option to 3269 specify the number of letters to use for the suffix of split 3270 files. &merged;</para> 3271 3272 <para>In preparation for meeting SUSv2/POSIX 3273 <filename><sys/select.h></filename> requirements, 3274 <literal>struct selinfo</literal> and related functions have been 3275 moved to <filename><sys/selinfo.h></filename>.</para> 3276 3277 <para role="historic">The &man.strnstr.3; and &man.strcasestr.3; variants of 3278 &man.strstr.3; have been implemented. &merged;</para> 3279 3280 <para role="historic">&man.stty.1; now has support for an 3281 <literal>erase2</literal> control character, so that, for 3282 example, both the <keycap>Delete</keycap> and 3283 <keycap>Backspace</keycap> keys can be used to erase 3284 characters. &merged;</para> 3285 3286 <para>&man.su.1; now uses <application>PAM</application> for 3287 authentication.</para> 3288 3289 <para role="historic">Boot-time &man.syscons.4; configuration was moved to a 3290 machine-independent 3291 <filename>/etc/rc.syscons</filename>. &merged;</para> 3292 3293 <para role="historic">&man.sysctl.8; now supports a <option>-N</option> option to 3294 print out variable names only. &merged;</para> 3295 3296 <para role="historic">&man.sysctl.8; has replaced the <option>-A</option> and 3297 <option>-X</option> options with <option>-ao</option> and 3298 <option>-ax</option> respectively; the former options are now 3299 deprecated. The <option>-w</option> option is deprecated as 3300 well; it is not needed to determine the user's 3301 intentions. &merged;</para> 3302 3303 <para role="historic">&man.sysctl.8; now supports a <option>-e</option> option to 3304 separate variable names and values by <literal>=</literal> 3305 rather than <literal>:</literal>. This feature is useful for 3306 producing output that can be fed back to 3307 &man.sysctl.8;. &merged;</para> 3308 3309 <para>&man.sysctl.8; now accepts a <option>-d</option> flag to print 3310 the descriptions of variables.</para> 3311 3312 <para role="historic">&man.sysinstall.8; now properly preserves 3313 <filename>/etc/mail</filename> during a binary 3314 upgrade. &merged;</para> 3315 3316 <para role="historic">&man.sysinstall.8; now uses some more intuitive defaults 3317 thanks to some new dialog support functions. &merged;</para> 3318 3319 <para>The default root partition in &man.sysinstall.8; is now 3320 100MB on the i386 and pc98, 120MB on the Alpha.</para> 3321 3322 <para>&man.sysinstall.8; now lives in 3323 <filename>/usr/sbin</filename>, which simplifies the 3324 installation process. The &man.sysinstall.8; manpage is also 3325 installed in a more consistent fashion now.</para> 3326 3327 <para role="historic">&man.sysinstall.8; now has the ability to load KLDs as a 3328 part of the installation. &merged;</para> 3329 3330 <para role="historic">When run from the installation media, &man.sysinstall.8; 3331 will automatically load any device drivers found in the 3332 <filename>/stand/modules</filename> directory of the 3333 <literal>mfsroot</literal> floppy or filesystem image. Note 3334 that any drivers so loaded will not appear in the kernel's boot 3335 messages; the &man.sysinstall.8; debugging screen will provide 3336 additional information. &merged;</para> 3337 3338 <para role="historic">&man.sysinstall.8; now enables Soft Updates by default on 3339 all filesystems it creates, except for the root 3340 filesystem. &merged;</para> 3341 3342 <para role="historic">&man.sysinstall.8; has received updates for its 3343 <quote>auto</quote> partitioning mode which provide more 3344 reasonable defaults for the sizes of partitions that are 3345 created; auto-sized partitions can now also recover the space 3346 that becomes available when other partitions are 3347 deleted. &merged;</para> 3348 3349 <para>&man.sysinstall.8; no longer mounts the &man.procfs.5; 3350 filesystem by default on new installs.</para> 3351 3352 <para role="historic">&man.sysinstall.8; now has rudimentary support for 3353 retrieving packages from the correct volume of a multiple-volume 3354 installation (such as a multi-CD distribution). &merged;</para> 3355 3356 <para role="historic">&man.syslogd.8; can take a <option>-n</option> option to 3357 disable DNS queries for every request. &merged;</para> 3358 3359 <para role="historic">&man.syslogd.8; now supports a 3360 <literal>LOG_CONSOLE</literal> facility (disabled by default), 3361 which can be used to log <filename>/dev/console</filename> 3362 output. &merged;</para> 3363 3364 <para role="historic">&man.syslogd.8; now has the ability to bind to a specific 3365 address (as opposed to using every available one) via the 3366 <option>-b</option> option. &merged;</para> 3367 3368 <para role="historic">&man.syslogd.8; now accepts a <option>-c</option> flag to 3369 disable repeated line compression. &merged;</para> 3370 3371 <para>&man.tabs.1;, a utility to set terminal tab stops, has been 3372 added.</para> 3373 3374 <para role="historic">&man.tail.1; now has the ability to work on files longer 3375 than 2GB. &merged;</para> 3376 3377 <para role="historic">&man.tar.1; now supports the <varname>TAR_RSH</varname> 3378 variable, principally to enable the use of &man.ssh.1; as a 3379 transport. &merged;</para> 3380 3381 <para role="historic">&man.telnet.1; now does autologin and encryption by default; 3382 a new <option>-y</option> option turns off encryption. &merged;</para> 3383 3384 <para role="historic">&man.telnet.1; now supports a <option>-u</option> flag to 3385 allow connections to UNIX-domain (<literal>AF_UNIX</literal>) 3386 sockets. &merged;</para> 3387 3388 <para>The &man.termcap.5; database now uses the 3389 <literal>xterm</literal> terminal type from 3390 <application>XFree86</application>. As a result, &man.xterm.1; 3391 now supports color by default and the common workaround of 3392 setting <varname>TERM</varname> to <literal>xterm-color</literal> 3393 is no longer necessary. Use of the 3394 <literal>xterm-color</literal> terminal type may result in 3395 (benign) warnings from applications.</para> 3396 3397 <para role="historic">&man.tftp.1; and &man.tftpd.8; now support IPv6. &merged;</para> 3398 3399 <para role="historic">&man.tftpd.8; now takes the <option>-c</option> and 3400 <option>-C</option> options, which allow the server to 3401 &man.chroot.2; based on the IP address of the connecting client. 3402 &man.tftp.1; and &man.tftpd.8; can now transfer files larger 3403 than 65535 blocks. &merged;</para> 3404 3405 <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval 3406 and Transfer Size Options); this feature is required by some 3407 firmware like EFI boot managers (at least on HP i2000 Itanium 3408 servers) in order to boot an image using 3409 <application>TFTP</application>.</para> 3410 3411 <para arch="alpha">&man.timed.8; now works on the alpha.</para> 3412 3413 <para>A version of Transport Independent RPC 3414 (<application>TI-RPC</application>) has been imported.</para> 3415 3416 <para role="historic">&man.tmpnam.3; will now use the <envar>TMPDIR</envar> 3417 environment variable, if set, to specify the location of 3418 temporary files. &merged;</para> 3419 3420 <para>&man.tip.1; has been updated from 3421 <application>OpenBSD</application>, and has the ability to act 3422 as a &man.cu.1; substitute.</para> 3423 3424 <para>&man.top.1; will now use the full width of its tty.</para> 3425 3426 <para>&man.touch.1; now takes a <option>-h</option> option to 3427 operate on a symbolic link, rather than what the link points 3428 to.</para> 3429 3430 <para>&man.tr.1; now has basic support for equivalence classes 3431 for locales that support them. &merged;</para> 3432 3433 <para>&man.tr.1; now supports a <option>-C</option> flag to 3434 complement the set of characters specified by the first string 3435 argument.</para> 3436 3437 <para role="historic">The &man.truncate.1; utility, which truncates or extends the 3438 length of files, has been added. &merged;</para> 3439 3440 <para role="historic">Ukrainian language support has been added to the &os; 3441 console. &merged;</para> 3442 3443 <para><application>UUCP</application> has been removed from the 3444 base system. It can be found in the Ports Collection, in 3445 <filename role="package">net/freebsd-uucp</filename>.</para> 3446 3447 <para>&man.unexpand.1; now supports a <option>-t</option> to 3448 specify tabstops analogous to &man.expand.1;. &merged;</para> 3449 3450 <para role="historic">&man.units.1; has received some updates and 3451 bugfixes. &merged;</para> 3452 3453 <para>&man.usbdevs.8; now supports a <option>-d</option> flag to 3454 show the device driver associated with each device.</para> 3455 3456 <para role="historic">The &man.usbhidctl.1; utility has been added to manipulate 3457 USB Human Interface Devices. &merged;</para> 3458 3459 <para role="historic">&man.uuencode.1; and &man.uudecode.1; now accept a <option>-o</option> option to 3460 set their output files. &man.uuencode.1; can now be made to do base64 encoding 3461 when given the <option>-m</option> flag, while &man.uudecode.1; 3462 can now automatically decode base64 files. &merged;</para> 3463 3464 <para>The base64 capabilities of &man.uuencode.1; and 3465 &man.uudecode.1; can now be automatically enabled by invoking 3466 these utilities as &man.b64encode.1; and &man.b64decode.1; 3467 respectively.</para> 3468 3469 <para>The &man.uuidgen.1; utility has been added. It uses the new 3470 &man.uuidgen.2; system call to generate one or more Universally 3471 Unique Identifiers compatible with OSF/DCE 1.1 version 1 3472 UUIDs.</para> 3473 3474 <para role="historic">&man.vidcontrol.1; now accepts a <option>-g</option> 3475 parameter to select custom text geometry in the 3476 <literal>VESA_800x600</literal> raster text mode. &merged;</para> 3477 3478 <para role="historic">&man.vidcontrol.1; now allows the user to omit the font size 3479 specification when loading a font, and has some better 3480 error-handling. &merged;</para> 3481 3482 <para role="historic">&man.vidcontrol.1; now supports a <option>-p</option> option 3483 to take a snapshot of a &man.syscons.4; video buffer. These 3484 snapshots can be manipulated by the 3485 <filename role="package">graphics/scr2png</filename> utility in 3486 the Ports Collection. &merged;</para> 3487 3488 <para role="historic">&man.vidcontrol.1; now supports a <option>-C</option> option 3489 to clear the history buffer for a given tty, as well as a 3490 <option>-h</option> option to set the size of the history 3491 buffer. &merged;</para> 3492 3493 <para>&man.vidcontrol.1; now accepts a <option>-S</option> to 3494 allow the user to disable VTY switching. &merged;</para> 3495 3496 <para>The default stripe size in &man.vinum.8; has been changed 3497 from 256KB to 279KB, to spread out superblocks more evenly 3498 between stripes.</para> 3499 3500 <para role="historic">&man.wall.1; now supports a <option>-g</option> flag to 3501 write a message to all users of a given group. &merged;</para> 3502 3503 <para role="historic">&man.watch.8; now takes a <option>-f</option> option to 3504 specify a &man.snp.4; device to use. &merged;</para> 3505 3506 <para>&man.wc.1; now supports a <option>-m</option> flag to 3507 count characters, rather than bytes.</para> 3508 3509 <para>&man.whereis.1;, formerly a Perl script, has been 3510 rewritten in C. It now supports a <option>-x</option> flag to 3511 suppress the run of &man.locate.1;, and a <option>-q</option> 3512 flag suppresses the leading name of the query.</para> 3513 3514 <para>&man.whereis.1; now supports a <option>-a</option> flag 3515 to report all matches instead of only the first of each 3516 requested type.</para> 3517 3518 <para>&man.which.1; is now a C program, rather than a Perl 3519 script.</para> 3520 3521 <para>&man.who.1; now has a number of new options: 3522 <option>-H</option> shows column headings; <option>-T</option> 3523 shows &man.mesg.1; state; <option>-m</option> is an equivalent 3524 to <option>am i</option>; <option>-u</option> shows idle time; 3525 <option>-q</option> to list names in columns. &merged;</para> 3526 3527 <para role="historic">&man.whois.1; now directs queries for IP addresses to ARIN. 3528 If a query to ARIN references APNIC or RIPE, the appropriate 3529 server will also be queried, provided that the 3530 <option>-Q</option> option is not specified. &merged;</para> 3531 3532 <para role="historic">&man.whois.1; supports a <option>-c</option> option to 3533 specify a country code to help direct queries towards a 3534 particular whois server. &merged;</para> 3535 3536 <para>&man.wicontrol.8; now supports a <option>-l</option> to list 3537 the stations associated in <literal>hostap</literal> mode and a 3538 <option>-L</option> to list available access points.</para> 3539 3540 <para>&man.xargs.1; now supports a <option>-I</option> 3541 <replaceable>replstr</replaceable> option that allows the user 3542 to tell &man.xargs.1; to insert the data read from standard 3543 input at specific points in the command line arguments rather 3544 than at the end. (A &os;-specific <option>-J</option> option is 3545 similar.) &merged;</para> 3546 3547 <para>&man.xargs.1; now supports a <option>-L</option> option to 3548 force its utility argument to be called after some number of 3549 lines. &merged;</para> 3550 3551 <para role="historic">The compiler chain now uses the FSF-supplied C/C++ runtime 3552 initialization code. This change brings about better 3553 compatibility with code generated from the various egcs and gcc 3554 ports, as well as the stock public FSF source. &merged;</para> 3555 3556 <para role="historic">The threads library has gained some signal handling changes, 3557 bug fixes, and performance enhancements (including zero system 3558 call thread switching). &man.gdb.1; thread support has been 3559 updated to match these changes. &merged;</para> 3560 3561 <para role="historic">Significant additions have been made to internationalization 3562 support; &os; now has complete locale support for the 3563 <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, 3564 and <literal>LC_MESSAGES</literal> categories. A number of 3565 applications have been updated to take advantage of this 3566 support. &merged;</para> 3567 3568 <para role="historic">Locale names have been changed to improve compatibility with 3569 the names used by X11R6, as well as a number of other UNIX 3570 versions. As an example, the 3571 <literal>en_US.ISO_8859-1</literal> locale name has been changed 3572 to 3573 <literal>en_US.ISO8859-1</literal>. Entries in 3574 <filename>/etc/locale.alias</filename> provide backward 3575 compatibility. &merged;</para> 3576 3577 <para role="historic"><filename>/usr/src/share/examples/BSD_daemon/</filename> now 3578 contains a scalable Beastie graphic. &merged;</para> 3579 3580 <para role="historic">As part of an ongoing process, many manual pages were 3581 improved, both in terms of their formatting markup and in their 3582 content. &merged;</para> 3583 3584 <para>A number of utilities and libraries were enhanced to improve 3585 their conformance with the Single UNIX Specification (SUSv3) and 3586 IEEE Std 1003.1-2001 (<quote>POSIX.1</quote>). Specific 3587 features added have been listed in the release notes for each 3588 utility. The standards conformance of each utility or library 3589 function is generally listed in its manual page.</para> 3590 3591 <sect3> 3592 <title>Contributed Software</title> 3593 3594 <para><application>am-utils</application> has been updated to 3595 6.0.7.</para> 3596 3597 <para>A 10 February 2002 snapshot of <application>awk</application> from Bell Labs (variously 3598 known as <quote>BWK awk</quote> or <quote>The One True 3599 AWK</quote>) has been imported. It is available as 3600 <command>awk</command> or 3601 <command>nawk</command>.</para> 3602 3603 <para role="historic"><application>bc</application> has been updated from 1.04 to 3604 1.06. &merged;</para> 3605 3606 <para role="historic">The ISC library from the <application>BIND</application> 3607 distribution is now built as 3608 <filename>libisc</filename>. &merged;</para> 3609 3610 <para role="historic"><application>BIND</application> is now built with the 3611 <literal>NOADDITIONAL</literal> flag, which causes 3612 &man.named.8; to operate in a more consistent fashion for 3613 certain common misconfigurations. &merged;</para> 3614 3615 <para><application>BIND</application> has been updated to 3616 8.3.3. &merged;</para> 3617 3618 <para><application>Binutils</application> has been updated to 3619 a pre-release snapshot of 2.13.1 from 11 October 2002.</para> 3620 3621 <para role="historic"><application>bzip2</application> 1.0.2 has been imported; 3622 this brings the &man.bzip2.1; program and the 3623 <filename>libbz2</filename> library to the base 3624 system. &merged;</para> 3625 3626 <para role="historic">The &man.ee.1; <application>Easy Editor</application> has 3627 been updated to 1.4.2. &merged;</para> 3628 3629 <para><application>file</application> has been updated to 3630 3.39.</para> 3631 3632 <para><application>gcc</application> has been updated to 3633 a pre-release snapshot of <application>gcc</application> 3634 3.2.1, from 9 October 2002. 3635 <warning> 3636 <para>The C++ ABI from <application>gcc</application> 3637 3.2.<replaceable>X</replaceable> is not compatible with 3638 previous versions.</para> 3639 </warning> 3640 </para> 3641 3642 <para role="historic">&man.gcc.1; now uses a unified <filename>libgcc</filename> 3643 rather than a separate one for threaded and non-threaded 3644 programs. <filename>/usr/lib/libgcc_r.a</filename> can be 3645 removed. &merged;</para> 3646 3647 <para role="historic">&man.gcc.1; now supports the environment variable 3648 <envar>GCC_OPTIONS</envar>, which can hold a set of default 3649 options for <application>GCC</application>. &merged;</para> 3650 3651 <para><application>gdb</application> has been updated to version 3652 5.2.1.</para> 3653 3654 <para role="historic"><application>GNATS</application> has been updated to 3655 3.113. &merged;</para> 3656 3657 <para><application>gperf</application> has been updated to 3658 2.7.2.</para> 3659 3660 <para><application>groff</application> and its related utilities 3661 have been updated to FSF version 1.18.1.</para> 3662 3663 <para><application>Heimdal Kerberos</application> has been updated to 3664 a pre-0.5 snapshot from 16 September 2002.</para> 3665 3666 <para role="historic">The version of <application>IPFilter</application> 3667 provided with &os; now includes the &man.ipfs.8; program, 3668 which allows state information created for NAT entries and 3669 stateful rules to be saved to disk and restored after a 3670 reboot. Boot-time configuration of these features is 3671 supported by &man.rc.conf.5;. &merged;</para> 3672 3673 <para>The <application>ISC DHCP</application> client has been 3674 updated to 3.0.1RC9.</para> 3675 3676 <para role="historic"><application>Kerberos IV</application> has been updated to 3677 1.0.5. &merged;</para> 3678 3679 <para>The &man.more.1; command has been replaced by 3680 &man.less.1;, although it can still be run as 3681 <command>more</command>. &merged; Version 371 of 3682 <application>less</application> has been imported.</para> 3683 3684 <para>An XML processing library, named 3685 <filename>libbsdxml</filename>, has been added for the benefit 3686 of XML-using utilities in the base system. It is based almost 3687 entirely on an import of <application>expat</application> 3688 1.95.5, but is installed under a different name to avoid 3689 conflicts with any versions of 3690 <application>expat</application> installed from the Ports 3691 Collection.</para> 3692 3693 <para><application>libpcap</application> has been updated to 3694 0.7.1. &merged;</para> 3695 3696 <para><application>libreadline</application> has been updated to 3697 4.2.</para> 3698 3699 <para><application>libz</application> has been updated to 3700 1.1.4.</para> 3701 3702 <para><application>lint</application> has been updated to 3703 snapshot of NetBSD &man.lint.1; as of 19 July 2002.</para> 3704 3705 <para><application>lukemftp</application> 1.6 beta 2 (the FTP client from 3706 NetBSD) has replaced the &os; &man.ftp.1; program. Among its 3707 new features are more automation methods, better standards 3708 compliance, transfer rate throttling, and a customizable 3709 command-line prompt. Some environment variables and 3710 command-line arguments have changed.</para> 3711 3712 <para>The FTP daemon from NetBSD, otherwise known as 3713 <application>lukemftpd</application> 1.2 beta 1, has been imported and is 3714 available as &man.lukemftpd.8;. &merged;</para> 3715 3716 <para>&man.m4.1; has been imported from OpenBSD, as of 26 April 3717 2002. &merged;</para> 3718 3719 <para><application>ncurses</application> has been updated to 3720 5.2-20020615.</para> 3721 3722 <para role="historic">The <application>NTP</application> suite of programs has 3723 been updated to 4.1.0. &merged;</para> 3724 3725 <para><application>OpenPAM</application> 3726 (<quote>Citronella</quote> release) has been imported, 3727 replacing 3728 <application>Linux-PAM</application>.</para> 3729 3730 <para>The <application>OPIE</application> one-time-password 3731 suite has been updated to 2.4. It has completely 3732 replaced the functionality of 3733 <application>S/Key</application>. &merged;</para> 3734 3735 <para><application>Perl</application> has been removed from the 3736 &os; base system. It can still be installed from the &os; 3737 Ports Collection or as a binary package; moving it out of the 3738 base system will make future upgrades and maintenence easier. 3739 To reduce the dependence of the base system on 3740 Perl, many utilities have been 3741 rewritten as shell scripts or C programs (specific notes are 3742 made for each affected utility). 3743 <filename>/usr/bin/perl</filename> is now a 3744 <quote>wrapper</quote> program, so that programs expecting to 3745 find a Perl interpreter there will 3746 be able to function correctly. 3747 3748 <warning> 3749 <para>The Perl removal and 3750 package integration work is ongoing.</para> 3751 </warning> 3752 3753 </para> 3754 3755 <para><application>GNU ptx</application> has been removed from 3756 the base system. It is not used anywhere in the base system, 3757 and has not been recently updated or maintained. Users 3758 requiring its functionality can install this utility as a part 3759 of the <filename role="package">textproc/textutils</filename> 3760 port.</para> 3761 3762 <para>The <literal>rc.d</literal> framework from NetBSD has been 3763 imported. It breaks down the system startup functionality 3764 into a number of small, <quote>task-oriented</quote> scripts 3765 in <filename>/etc/rc.d</filename>, with dynamic-determined 3766 ordering of startup scripts performed at boot-time.</para> 3767 3768 <para role="historic">&man.routed.8; has been updated to version 3769 2.22. &merged;</para> 3770 3771 <para arch="i386,pc98">Version 1.4.5 of the 3772 <application>smbfs</application> userland utilities has been 3773 imported. &merged;</para> 3774 3775 <para><application>GNU sort</application> has been updated to 3776 the version from <application>GNU textutils 3777 2.0.21</application>.</para> 3778 3779 <para>&man.stat.1; from <application>NetBSD</application>, as of 3780 5 June 2002 has, been imported.</para> 3781 3782 <para><application>GNU tar</application> has been updated to 3783 1.13.25. &merged;</para> 3784 3785 <para><application>tcpdump</application> has been updated to 3786 3.7.1. &merged;</para> 3787 3788 <para>The &man.csh.1; shell has been replaced by &man.tcsh.1;, 3789 although it can still be run as <command>csh</command>. 3790 <application>tcsh</application> has been updated to version 3791 6.12. &merged;</para> 3792 3793 <para>The contributed version of 3794 <application>tcp_wrappers</application> now includes the 3795 &man.tcpd.8; helper daemon. While not strictly necessary in a 3796 standard &os; installation (because &man.inetd.8; already 3797 incorporates this functionality), this may be useful for 3798 &man.inetd.8; replacements such as 3799 <application>xinetd</application>. &merged;</para> 3800 3801 <para><application>texinfo</application> has been updated to 3802 4.2. &merged;</para> 3803 3804 <para><application>top</application> has been updated to version 3805 3.5b12. &merged;</para> 3806 3807 <para><application>traceroute</application> has been updated to 3808 LBL version 1.4a12.</para> 3809 3810 <para role="historic">&man.traceroute.8; now takes its default maximum TTL value 3811 from the <varname>net.inet.ip.ttl</varname> sysctl 3812 variable. &merged;</para> 3813 3814 <para role="historic">The timezone database has been updated to the 3815 <filename>tzdata2002c</filename> release. &merged;</para> 3816 3817 <sect4> 3818 <title>CVS</title> 3819 3820 <para><application>cvs</application> has been updated to 3821 1.11.2. &merged;</para> 3822 3823 <para role="historic">The default value for &man.cvs.1;'s 3824 <envar>CVS_RSH</envar> variable is now 3825 <literal>ssh</literal>, rather than 3826 <literal>rsh</literal>. &merged;</para> 3827 3828 <para role="historic">&man.cvs.1; now supports a <option>-T</option> option to 3829 update a sandbox's <filename>CVS/Template</filename> file 3830 from the repository. &merged;</para> 3831 3832 <para role="historic">&man.cvs.1; <literal>diff</literal> now supports the 3833 <option>-j</option> option to perform differences against a 3834 revision relative to a branch tag. &merged;</para> 3835 </sect4> 3836 3837 <sect4> 3838 <title>CVSup</title> 3839 3840 <para role="historic"><application>CVSup</application>, a frequently used 3841 utility in the &os; Ports Collection, was formerly 3842 installable using several ports and packages. The 3843 <filename role="package">net/cvsup-bin</filename> and 3844 <filename role="package">net/cvsupd-bin</filename> 3845 ports/packages are no longer necessary or available; the 3846 <filename role="package">net/cvsup</filename> port should be 3847 used instead. &merged;</para> 3848 3849 <para role="historic"><application>CVSup</application> has been updated to 3850 16.1_3, which is available in the &os; Ports Collection as 3851 <filename role="package">net/cvsup</filename>. This update 3852 fixes a long-standing (but only recently encountered) bug 3853 which affects the timestamps on all files after Sun Sep 9 3854 01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX 3855 epoch). &merged;</para> 3856 </sect4> 3857 3858 <sect4 id="kame-userland"> 3859 <title>KAME</title> 3860 3861 <para role="historic">The IPv6 stack is now based on a snapshot based on the 3862 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of 3863 the items listed in this section are a result of this 3864 import. 3865 <xref linkend="kame-kernel"> lists kernel updates to the 3866 KAME IPv6 stack. &merged;</para> 3867 3868 <para role="historic">&man.faithd.8; now supports a configuration file for 3869 access control. &merged;</para> 3870 3871 <para role="historic">&man.ifconfig.8; can now perform the functions of 3872 gifconfig(8). &merged;</para> 3873 3874 <para role="historic">&man.ifconfig.8; can now perform the functions of 3875 prefix(8). &merged;</para> 3876 3877 <para role="historic">&man.ndp.8; now implements garbage collection for stale 3878 NDP entries, as described in RFC 2461 (Neighbor Discovery 3879 for IP Version 6 (IPv6)). &merged;</para> 3880 3881 <para role="historic">pim6dd(8) and pim6sd(8) have been removed due 3882 to restrictive licensing conditions. These programs are 3883 available in the ports collection as 3884 <filename role="package">net/pim6dd</filename> and 3885 <filename role="package">net/pim6sd</filename>. &merged;</para> 3886 3887 <para role="historic">&man.route6d.8; now supports an <option>-n</option> flag 3888 to avoid updating the kernel forwarding 3889 table. &merged;</para> 3890 3891 <para role="historic">The <option>-R</option> (router renumbering) option to 3892 &man.rtadvd.8; is currently ignored. &merged;</para> 3893 </sect4> 3894 3895 <sect4> 3896 <title>OpenSSH</title> 3897 3898 <para role="historic"><application>OpenSSH</application> has been updated to 3899 2.9, which provides support for the SSH2 protocol (now the 3900 default) and DSA keys. &man.ssh-add.1; and 3901 &man.ssh-agent.1; can now handle DSA keys, with support for 3902 authentication forwarding. 3903 <application>OpenSSH</application> users in the USA no 3904 longer need to rely on the restrictively-licensed RSAREF 3905 toolkit which is required to handle RSA keys. Among other 3906 new features: A client and server for &man.sftp.1; has been added. 3907 &man.scp.1; can now handle files larger than 2 GBytes. A 3908 limit on the number of outstanding, unauthenticated 3909 connections in &man.sshd.8; has been added. Support has 3910 been added for the Rijndael encryption algorithm. Rekeying 3911 of existing sessions is now supported, and an experimental 3912 <application>SOCKS4</application> proxy has been added to 3913 &man.ssh.1;. &merged;</para> 3914 3915 <para><application>OpenSSH</application> has been updated to 3916 version 3.1. &merged; Among the changes: 3917 <itemizedlist> 3918 <listitem> 3919 <para>The <filename>*2</filename> files are obsolete 3920 (for example, 3921 <filename>~/.ssh/known_hosts</filename> can hold the 3922 contents of 3923 <filename>~/.ssh/known_hosts2</filename>).</para> 3924 </listitem> 3925 <listitem> 3926 <para>&man.ssh-keygen.1; can import and export keys using 3927 the SECSH Public Key File Format, for key exchange 3928 with several commercial SSH implementations.</para> 3929 </listitem> 3930 <listitem> 3931 <para>&man.ssh-add.1; now adds all three default keys.</para> 3932 </listitem> 3933 <listitem> 3934 <para>&man.ssh-keygen.1; no longer defaults to a 3935 specific key type; one must be specified with the 3936 <option>-t</option> option.</para> 3937 </listitem> 3938 </itemizedlist> 3939 </para> 3940 3941 <para><application>OpenSSH</application> has been updated to 3942 3.4p1. &merged; The main changes are: 3943 <itemizedlist> 3944 <listitem> 3945 <para>A <quote>privilege separation</quote> feature, 3946 which uses unprivileged processes to contain and 3947 restrict the effects of future compromises or 3948 programming errors.</para> 3949 </listitem> 3950 3951 <listitem> 3952 <para>Several bugfixes, including closure of a 3953 security hole that could lead to an integer overflow 3954 and undesired privilege escalation.</para> 3955 </listitem> 3956 </itemizedlist> 3957 </para> 3958 3959 <para role="historic"><application>OpenSSH</application> can now authenticate 3960 using <application>OPIE</application> passwords. &merged;</para> 3961 3962 <para role="historic"><application>PAM</application> support for 3963 <application>OpenSSH</application> has been added. &merged;</para> 3964 3965 <para role="historic">A long-standing bug in 3966 <application>OpenSSH</application>, which sometimes resulted 3967 in a dropped session when an X11-forwarded client was 3968 closed, was fixed. &merged;</para> 3969 3970 <para role="historic"><application>Kerberos</application> compatibility has 3971 been added to 3972 <application>OpenSSH</application>. &merged;</para> 3973 3974 <para role="historic"><application>OpenSSH</application> has been modified to 3975 be more resistant to traffic analysis by requiring that 3976 <quote>non-echoed</quote> characters are still echoed back 3977 in a null packet, as well as by padding passwords sent so as 3978 not to hint at password lengths. &merged;</para> 3979 3980 <para role="historic">&man.sshd.8; is now enabled by default on new 3981 installs. &merged;</para> 3982 3983 <para role="historic">&man.sshd.8; <literal>X11Forwarding</literal> is now 3984 turned on by default on the server (any risk is to the 3985 client, where it is already disabled by 3986 default). &merged;</para> 3987 3988 <para role="historic">In <filename>/etc/ssh/sshd_config</filename>, the 3989 <literal>ConnectionsPerPeriod</literal> parameter has been 3990 deprecated in favor of 3991 <literal>MaxStartups</literal>. &merged;</para> 3992 3993 <para role="historic"><application>OpenSSH</application> now has a 3994 <literal>VersionAddendum</literal> configuration setting for 3995 &man.sshd.8; to allow changing the part of the 3996 <application>OpenSSH</application> version string after the 3997 main version number. &merged;</para> 3998 </sect4> 3999 4000 <sect4> 4001 <title>OpenSSL</title> 4002 4003 <para><application>OpenSSL</application> has been updated to 4004 0.9.6g. &merged;</para> 4005 4006 <para role="historic"><application>OpenSSL</application> now has support for 4007 machine-dependent ASM optimizations, activated by the new 4008 <varname>MACHINE_CPU</varname> and/or 4009 <varname>CPUTYPE</varname> 4010 <filename>make.conf</filename> variables. &merged;</para> 4011 </sect4> 4012 4013 <sect4> 4014 <title>sendmail</title> 4015 4016 <para><application>sendmail</application> has been updated 4017 from version 8.9.3 to version 8.12.6. Important changes 4018 include: &man.sendmail.8; is no longer installed as a 4019 set-user-ID <username>root</username> binary (now set-group-ID <groupname>smmsp</groupname>); new 4020 default file locations (see 4021 <filename>/usr/src/contrib/sendmail/cf/README</filename>); 4022 &man.newaliases.1; is limited to <username>root</username> 4023 and trusted users; STARTTLS encryption; and the MSA port 4024 (587) is turned on by default. See 4025 <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> 4026 for more information. &merged;</para> 4027 4028 <para role="historic">&man.mail.local.8; is no longer installed as a 4029 set-user-ID binary. If you are using a 4030 <filename>/etc/mail/sendmail.cf</filename> from the default 4031 <filename>sendmail.cf</filename> included with &os; any time 4032 after 3.1.0, you are fine. If you are using a 4033 hand-configured <filename>sendmail.cf</filename> and 4034 <command>mail.local</command> for delivery, check to make sure the 4035 <literal>F=S</literal> flag is set on the 4036 <literal>Mlocal</literal> line. Those with 4037 <filename>.mc</filename> files who need to add the flag can 4038 do so by adding the following line to their 4039 <filename>.mc</filename> file and regenerating the 4040 <filename>sendmail.cf</filename> file:</para> 4041 4042 <programlisting role="historic">MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting> 4043 4044 <para role="historic">Note that <literal>FEATURE(`local_lmtp')</literal> already 4045 does this. &merged;</para> 4046 4047 <para role="historic">The default <filename>/etc/mail/sendmail.cf</filename> 4048 disables the SMTP <literal>EXPN</literal> and 4049 <literal>VRFY</literal> commands. &merged;</para> 4050 4051 <para role="historic">&man.vacation.1; has been updated to use the version 4052 included with <application>sendmail</application>. &merged;</para> 4053 4054 <para role="historic">The <application>sendmail</application> configuration 4055 building tools are installed in 4056 <filename>/usr/share/sendmail/cf/</filename>. &merged;</para> 4057 4058 <para role="historic">New <filename>make.conf</filename> options: 4059 <varname>SENDMAIL_MC</varname> and 4060 <varname>SENDMAIL_ADDITIONAL_MC</varname>. See 4061 <filename>/usr/share/examples/etc/make.conf</filename> for more 4062 information. &merged;</para> 4063 4064 <para role="historic"><filename>/etc/mail/Makefile</filename> now supports: 4065 the new <varname>SENDMAIL_MC</varname> 4066 <filename>make.conf</filename> option; the ability to build 4067 <filename>.cf</filename> files from 4068 <filename>.mc</filename> files; generalized map rebuilding; 4069 rebuilding the aliases file; and the ability to stop, start, 4070 and restart 4071 <application>sendmail</application>. &merged;</para> 4072 4073 <para role="historic">The <username>smmsp</username> and 4074 <username>mailnull</username> users have been added to 4075 <filename>/etc/master.passwd</filename>. In the absence of a 4076 <literal>confDEF_USER_ID</literal> setting, by default, 4077 <application>sendmail</application> will use the 4078 <username>mailnull</username> user for extra security. 4079 Previously, if the <username>mailnull</username> user did 4080 not exist, the <username>daemon</username> user was used. 4081 This change may generate some permissions issues when 4082 mailing to files or to programs (such as <filename 4083 role="package">mail/majordomo</filename>). &merged; The 4084 previous behavior can be restored by adding the following 4085 line to a system's 4086 <filename><replaceable>*</replaceable>.mc</filename> 4087 configuration file: 4088 4089 <programlisting>define(`confDEF_USER_ID', `daemon')</programlisting> 4090 </para> 4091 4092 <para role="historic">Beginning with the import of 4093 <application>sendmail</application> 8.12.2, multiple 4094 <application>sendmail</application> daemons (some required 4095 to handle outgoing mail) are started by &man.rc.8;, even if 4096 the <varname>sendmail_enable</varname> variable is set to 4097 <literal>NO</literal>. To completely disable 4098 <application>sendmail</application>, 4099 <varname>sendmail_enable</varname> must be set to 4100 <literal>NONE</literal>. Alternatively, for systems using a 4101 different MTA, the <varname>mta_start_script</varname> variable can 4102 be used to point to a different startup script (more details 4103 can be found in &man.rc.sendmail.8;). &merged;</para> 4104 4105 <para>By default, &man.rc.8; no longer enables 4106 <application>sendmail</application> for inbound SMTP 4107 connections. Note that &man.sysinstall.8; may override this 4108 default for a binary installation, based on what security 4109 profile is selected. This functionality can also be 4110 manually enabled by adding the following line to 4111 <filename>/etc/rc.conf</filename>:</para> 4112 4113 <programlisting>sendmail_enable="YES"</programlisting> 4114 4115 <para>The permissions for <application>sendmail</application> 4116 alias and map databases built via 4117 <filename>/etc/mail/Makefile</filename> now default to mode 4118 0640 to protect against a file locking local denial of service. 4119 It can be changed by setting the new 4120 <varname>SENDMAIL_MAP_PERMS</varname> 4121 <filename>make.conf</filename> option. &merged;</para> 4122 4123 <para>The permissions for the <application>sendmail</application> 4124 statistics file, <filename>/var/log/sendmail.st</filename>, have 4125 been changed from mode 0644 to mode 0640 to protect against 4126 a file locking local denial of service. &merged;</para> 4127 4128 </sect4> 4129 </sect3> 4130 4131 <sect3> 4132 <title>Ports/Packages Collection Infrastructure</title> 4133 4134 <para><application>BSDPAN</application>, a collection of modules 4135 that provides tighter integration of 4136 <application>Perl</application> into the &os; Ports 4137 Collection, has been added.</para> 4138 4139 <para role="historic">&man.pkg.create.1; and &man.pkg.add.1; can now work with 4140 packages that have been compressed using 4141 &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT 4142 environment variable to determine a mirror site for new 4143 packages. &merged;</para> 4144 4145 <para role="historic">&man.pkg.create.1; now records dependencies in dependency 4146 order rather than in the order specified on the command line. 4147 This improves the functioning of <command>pkg_add 4148 -r</command>. &merged;</para> 4149 4150 <para role="historic">&man.pkg.create.1; now supports a <option>-b</option> to 4151 create a package file from a locally-installed 4152 package. &merged;</para> 4153 4154 <para role="historic">When requested to delete multiple packages, 4155 &man.pkg.delete.1; will now attempt to remove them in 4156 dependency order rather than the order specified on the 4157 command line. &merged;</para> 4158 4159 <para role="historic">&man.pkg.delete.1; now can perform glob/regexp matching of 4160 package names. In addition, it supports a <option>-a</option> 4161 option for removing all packages and a <option>-i</option> 4162 option for &man.rm.1;-style interactive 4163 confirmation. &merged;</para> 4164 4165 <para role="historic">&man.pkg.delete.1; now supports a <option>-r</option> 4166 option for recursive package removal. &merged;</para> 4167 4168 <para role="historic">&man.pkg.info.1; now supports globbing against names of 4169 installed packages. The <option>-G</option> option disables 4170 this behavior, and the <option>-x</option> option causes 4171 regular expression matching instead of shell 4172 globbing. &merged;</para> 4173 4174 <para role="historic">&man.pkg.info.1; can now accept a <option>-g</option> flag 4175 for verifying an installed package against its recorded 4176 checksums (to see if it's been modified post-installation). 4177 Naturally, this mechanism is only as secure as the contents of 4178 <filename>/var/db/pkg</filename> if it's to be used for auditing 4179 purposes. &merged;</para> 4180 4181 <para role="historic">&man.pkg.sign.1; and &man.pkg.check.1; have been added to 4182 digitally sign and verify the signatures on binary package 4183 files. &merged;</para> 4184 4185 <para>For some time, &os; 5.0-CURRENT (as well as some 4.X 4186 releases) included a pkg_update(1) utility to update installed 4187 packages, as well as their dependencies. This utility has 4188 been removed; a superset of its functionality can be found in 4189 the <filename role="package">sysutils/portupgrade</filename> 4190 port.</para> 4191 4192 <para role="historic">&man.pkg.version.1; now has a version number comparison 4193 routine that corresponds to the Porters Handbook. It also has 4194 a <option>-t</option> option for testing address comparisons. 4195 &merged;</para> 4196 4197 <para role="historic">&man.pkg.version.1; now takes a <option>-s</option> flag 4198 to limit its operation to ports/packages matching a given 4199 string. &merged;</para> 4200 4201 <para>&man.pkg.version.1;, formerly a Perl script, has been 4202 rewritten in C.</para> 4203 4204 <para role="historic">Version numbers of installed packages have a new 4205 (backward-compatible) syntax, which supports the 4206 <varname>PORTREVISION</varname> and 4207 <varname>PORTEPOCH</varname> variables in Ports Collection 4208 <filename>Makefile</filename>s. These changes help keep track 4209 of changes in the ports collection entries such as security 4210 patches or &os;-specific updates, which aren't reflected in 4211 the original, third-party software distributions. 4212 &man.pkg.version.1; can now compare these new-style version 4213 numbers. &merged;</para> 4214 4215 <para role="historic">To improve performance and disk utilization, the 4216 <quote>ports skeletons</quote> in the &os; Ports Collection 4217 have been restructured. Installed ports and packages should 4218 not be affected. &merged;</para> 4219 4220 <para role="historic">All packages and ports now contain an 4221 <quote>origin</quote> directive, which makes it easier for 4222 programs such as &man.pkg.version.1; to determine the 4223 directory from which a package was built. &merged;</para> 4224 4225 <para>The Ports Collection infrastructure now uses 4226 <application>XFree86</application> 4.2.1 as the default version 4227 of the X Window System for the purposes of satisfying 4228 dependencies. To return to using 4229 <application>XFree86</application> 3.3.6, add the following line 4230 to <filename>/etc/make.conf</filename>: &merged;</para> 4231 4232 <programlisting>XFREE86_VERSION=3</programlisting> 4233 4234 <para>The libraries installed by the <filename 4235 role="package">emulators/linux_base</filename> port (required 4236 for Linux emulation) have been updated; they now correspond to 4237 those included with <application>Red Hat Linux</application> 4238 7.1. &merged;</para> 4239 4240 <para>By default, packages generated by the Ports Collection (as 4241 well as the packages on the FTP sites) are now compressed 4242 using &man.bzip2.1;, rather than &man.gzip.1;. (Thus, they 4243 now have a <filename>.tbz</filename> extension, rather than a 4244 <filename>.tgz</filename> extension.) The package 4245 tools have been updated to handle the new format. &merged;</para> 4246 </sect3> 4247 </sect2> 4248 4249 <sect2> 4250 <title>Release Engineering and Integration</title> 4251 4252 <para>The <filename>bin</filename> distribution has been renamed 4253 <filename>base</filename>, in order to make creation of combined 4254 install/recovery disks easier.</para> 4255 4256 <para arch="i386">ISO images and CDROMs now use the 4257 <filename>cdboot</filename> boot loader by default. This 4258 eliminates the need for an emulated floppy disk image on 4259 a bootable CDROM and allows for a full 4260 <filename>GENERIC</filename> kernel to be used for CDROM 4261 installations, at the expense of compatability with some old 4262 BIOSs.</para> 4263 4264 <para arch="i386,pc98,alpha" role="historic"><application>XFree86</application> 4.2.0 4265 is now the default version of the X Window System supported by 4266 &man.sysinstall.8;. It installs 4267 <application>XFree86</application> as a set of standard binary 4268 packages, so the usual package utilities such as 4269 &man.pkg.info.1; can be used to examine/manipulate its 4270 components. &merged;</para> 4271 4272 <para>It is now possible to make releases of &os; 4273 5-CURRENT on a &os; 4-STABLE host and vice versa. Cross-architecture 4274 (building a release for a target architecture on a host of a 4275 different architecture) releases are also possible. See 4276 &man.release.7; for details. &merged;</para> 4277 4278 <para>A third <filename>drivers.flp</filename> floppy has been 4279 added to floppy releases. It holds loadable modules 4280 containing drivers that do not fit in the kernel on the 4281 <filename>kern.flp</filename> disk or in the 4282 <filename>mfsroot.flp</filename> image.</para> 4283 </sect2> 4284 4285 <sect2> 4286 <title>Documentation</title> 4287 4288 <para>A number of formerly-encumbered documents from the 4.4 BSD 4289 Programmer's Supplementary Documents have been restored to 4290 <filename>/usr/share/doc/psd</filename>. These include:</para> 4291 4292 <itemizedlist> 4293 <listitem> 4294 <para><emphasis>The UNIX Time-Sharing System</emphasis> 4295 (<filename>01.cacm</filename>)</para> 4296 </listitem> 4297 4298 <listitem> 4299 <para><emphasis>UNIX Implementation</emphasis> 4300 (<filename>02.implement</filename>)</para> 4301 </listitem> 4302 4303 <listitem> 4304 <para><emphasis>The UNIX I/O System</emphasis> 4305 (<filename>03.iosys</filename>)</para> 4306 </listitem> 4307 4308 <listitem> 4309 <para><emphasis>UNIX Programming — Second Edition</emphasis> 4310 (<filename>04.uprog</filename>)</para> 4311 </listitem> 4312 4313 <listitem> 4314 <para><emphasis>The C Programming Language — Reference Manual</emphasis> 4315 (<filename>06.Clang</filename>)</para> 4316 </listitem> 4317 4318 <listitem> 4319 <para><emphasis>Yacc: Yet Another Compiler-Compiler</emphasis> 4320 (<filename>15.yacc</filename>)</para> 4321 </listitem> 4322 4323 <listitem> 4324 <para><emphasis>Lex — A Lexical Analyzer Generator</emphasis> 4325 (<filename>16.lex</filename>)</para> 4326 </listitem> 4327 4328 <listitem> 4329 <para><emphasis>The M4 Macro Processor</emphasis> 4330 (<filename>17.m4</filename>)</para> 4331 </listitem> 4332 </itemizedlist> 4333 4334 <para>Several formerly-encumbered documents from the 4.4 BSD 4335 User's Supplementary Documents have been restored to 4336 <filename>/usr/share/doc/usd</filename>. They include:</para> 4337 4338 <itemizedlist> 4339 <listitem> 4340 <para><emphasis>NROFF/TROFF User's Manual</emphasis> 4341 (<filename>21.troff</filename>)</para> 4342 </listitem> 4343 4344 <listitem> 4345 <para><emphasis>A TROFF Tutorial</emphasis> 4346 (<filename>22.trofftut</filename>)</para> 4347 </listitem> 4348 </itemizedlist> 4349 </sect2> 4350 4351</sect1> 4352 4353<sect1> 4354 <title>Upgrading from previous releases of &os;</title> 4355 4356 <para>If you're upgrading from a previous release of &os;, you 4357 generally will have three options: 4358 4359 <itemizedlist> 4360 <listitem> 4361 <para>Using the binary upgrade option of &man.sysinstall.8;. 4362 This option is perhaps the quickest, although it presumes 4363 that your installation of &os; uses no special compilation 4364 options.</para> 4365 </listitem> 4366 <listitem> 4367 <para>Performing a complete reinstall of &os;. Technically, 4368 this is not an upgrading method, and in any case is usually less 4369 convenient than a binary upgrade, in that it requires you to 4370 manually backup and restore the contents of 4371 <filename>/etc</filename>. However, it may be useful in 4372 cases where you want (or need) to change the partitioning of 4373 your disks. 4374 </listitem> 4375 <listitem> 4376 <para>From source code in <filename>/usr/src</filename>. This 4377 route is more flexible, but requires more disk space, time, 4378 and technical expertise. More information can be found 4379 in the <ulink 4380 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html"><quote>Using 4381 <command>make world</command></quote></ulink> section of the <ulink 4382 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 4383 Handbook</ulink>. Upgrading from very old 4384 versions of &os; may be problematic; in cases like this, it 4385 is usually more effective to perform a binary upgrade or a 4386 complete reinstall.</para> 4387 </listitem> 4388 </itemizedlist> 4389 </para> 4390 4391 <para>Please read the <filename>INSTALL.TXT</filename> file for more 4392 information, preferably <emphasis>before</emphasis> beginning an 4393 upgrade. If you are upgrading from source, please be sure to read 4394 <filename>/usr/src/UPDATING</filename> as well.</para> 4395 4396 <para>Finally, if you want to use one of various means to track the 4397 -STABLE or -CURRENT branches of &os;, please be sure to consult 4398 the <ulink 4399 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html"><quote>-CURRENT 4400 vs. -STABLE</quote></ulink> section of the <ulink 4401 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 4402 Handbook</ulink>.</para> 4403 4404 <important> 4405 <para>Upgrading &os; should, of course, only be attempted after 4406 backing up <emphasis>all</emphasis> data and configuration 4407 files.</para> 4408 </important> 4409</sect1> 4410