article.xml revision 108922
1<articleinfo> 2 <title>&os;/&arch; &release.current; Release Notes</title> 3 4 <corpauthor>The FreeBSD Project</corpauthor> 5 6 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 108922 2003-01-08 05:50:37Z bmah $</pubdate> 7 8 <copyright> 9 <year>2000</year> 10 <year>2001</year> 11 <year>2002</year> 12 <year>2003</year> 13 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 14 </copyright> 15 16 <abstract> 17 <para>The release notes for &os; &release.current; contain a summary 18 of 19<![ %include.historic; [ 20 the changes made to the &os; base system since &release.prev;. 21]]> 22<![ %no.include.historic; [ 23 recent changes made to the &os; base system on the &release.branch; 24 development branch. 25]]> 26 Both changes for kernel and userland are listed, as well as 27 applicable security advisories that were issued since the last 28 release. Some brief remarks on upgrading are also presented.</para> 29 </abstract> 30</articleinfo> 31 32<sect1> 33 <title>Introduction</title> 34 35 <para>This document contains the release notes for &os; 36 &release.current; on the &arch.print; hardware platform. It 37 describes recently added, changed, or deleted features of &os;. 38 It also provides some notes on upgrading 39 from previous versions of &os;.</para> 40 41<![ %release.type.snapshot [ 42 43 <para>The &release.type; distribution to which these release notes 44 apply represents a point along the &release.branch; development 45 branch between &release.prev; and the future &release.next;. Some 46 pre-built, binary &release.type; distributions along this branch 47 can be found at <ulink url="&release.url;"></ulink>.</para> 48 49]]> 50 51<![ %release.type.release [ 52 53 <para>This distribution of &os; &release.current; is a 54 &release.type; distribution. It can be found at <ulink 55 url="&release.url;"></ulink> or any of its mirrors. More 56 information on obtaining this (or other) &release.type; 57 distributions of &os; can be found in the <ulink 58 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining 59 FreeBSD</quote> appendix</ulink> to the <ulink 60 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 61 Handbook</ulink>.</para> 62 63]]> 64</sect1> 65 66<sect1> 67 <title>What's New</title> 68 69 <para>This section describes 70<![ %include.historic; [ 71 the most user-visible new or changed features in &os; 72 since &release.prev;. 73 In general, changes described here are unique to the &release.branch; 74 branch unless specifically marked as &merged; features. 75]]> 76<![ %no.include.historic; [ 77 many of the user-visible new or changed features in &os; 78 since &release.prev;. It includes items that are unique to the 79 &release.branch; branch, as well as some features that may have been 80 recently merged to 81 other branches (after &os; &release.prev.historic;). The later 82 items are marked as &merged;. 83]]> 84 </para> 85 86 <para>Typical release note items 87 document new drivers or hardware support, new commands or options, 88 major bugfixes, or contributed software upgrades. Applicable security 89 advisories issued after &release.prev.historic; are also listed.</para> 90 91 <para>Many additional changes were made to &os; that are not listed 92 here for lack of space. For example, documentation was corrected 93 and improved, minor bugs were fixed, insecure coding practices 94 were audited and corrected, and source code was cleaned up.</para> 95 96 <sect2 id="kernel"> 97 <title>Kernel Changes</title> 98 99 <para arch="i386,pc98">Execution of &man.a.out.5; format executables now 100 requires the <literal>COMPAT_AOUT</literal> option in the kernel 101 configuration or the loading of the <filename>aout.ko</filename> 102 kernel module.</para> 103 104 <para>&man.acct.2; has been changed to open the accounting file in 105 append mode, so that &man.accton.8; can be used to enable 106 accounting to an append-only file. &merged;</para> 107 108 <para arch="i386" role="historic">The &man.amdpm.4; driver has been added to 109 provide access to the system monitoring functions of the AMD 756 110 chipset. &merged;</para> 111 112 <para arch="i386,alpha,ia64" role="historic">The &man.agp.4; driver for AGP devices has been 113 added. &merged;</para> 114 115 <para arch="i386,pc98">Preliminary support for Bluetooth devices has 116 been added, in the form of a series of Netgraph modules (see 117 &man.ng.bluetooth.4;). Two modules provide device driver 118 support for Bluetooth adapters: The &man.ng.bt3c.4; driver 119 supports the 3Com/HP Bluetooth PCCARD adapters, while the 120 &man.ng.ubt.4; driver supports several USB Bluetooth adapters. 121 122 <note> 123 <para>Bluetooth support in &os; is a work in progress.</para> 124 </note> 125 126 </para> 127 128 <para>A new in-kernel cryptographic framework (see &man.crypto.4; 129 and &man.crypto.9;) has been imported from OpenBSD. It provides 130 a consistent interface to hardware and software implementations 131 of cryptographic algorithms for use by the kernel and access to 132 cryptographic hardware for user-mode applications. 133 Hardware device drivers are provided to support hifn-based cards 134 (&man.hifn.4;) and Broadcom-based cards (&man.ubsec.4;). &merged;</para> 135 136 <para>A new &man.ddb.4; command <command>show pcpu</command> lists 137 some of the per-CPU data.</para> 138 139 <para role="historic">Two new &man.ddb.4; commands, <command>hwatch</command> and 140 <command>dhwatch</command>, have been introduced. Analogous to 141 <command>watch</command> and <command>dwatch</command>, they 142 install hardware watchpoints (as opposed to software 143 watchpoints) if supported by the architecture. &merged;</para> 144 145 <para>A <filename>devctl</filename> device has been added to allow 146 userland programs to learn when devices come and go in the device 147 tree. This facility is primarily used 148 by the &man.devd.8; utility.</para> 149 150 <para>&man.devfs.5;, which allows entries in the 151 <filename>/dev</filename> directory to be built automatically 152 and supports more flexible attachment of devices, has been 153 largely reworked. &man.devfs.5; is now enabled by default and 154 can be disabled by the <literal>NODEVFS</literal> kernel 155 option. 156 A <quote>rule</quote> subsystem 157 permits the administrator to define certain properties of new device 158 nodes before they become visible to the userland. Both static (e.g. 159 <filename>/dev/speaker</filename>) and dynamic (e.g. 160 <filename>/dev/bpf*</filename>, some removable devices) nodes are 161 supported. Each &man.devfs.5; mount may have a different ruleset assigned to 162 it, permitting different policies to be implemented for things like 163 jails. Rules and rulesets are manipulated with the &man.devfs.8; 164 utility.</para> 165 166 <para>A new digi driver has been added to support PCI Xr-based and 167 ISA Xem Digiboard cards. A new &man.digictl.8; program is 168 (mainly) used to re-initialize cards that have external port 169 modules attached such as the PC/Xem. This driver replaces the older 170 dgm driver.</para> 171 172 <para>An &man.eaccess.2; system call has been added, similar to 173 &man.access.2; except that the former uses effective credentials 174 rather than real credentials.</para> 175 176 <para arch="sparc64">Support has been added for EBus-based 177 devices.</para> 178 179 <para arch="i386,pc98,powerpc">Initial support has been added for 180 FireWire devices (see &man.firewire.4;). &merged;</para> 181 182 <para arch="i386" role="historic">The &man.ichsmb.4; driver for the Intel 82801AA 183 (ICH) SMBus controller and compatibles has been 184 added. &merged;</para> 185 186 <para>Each &man.jail.2; environment can now run under its own 187 securelevel.</para> 188 189 <para>The tunable sysctl variables for &man.jail.2; have moved 190 from <varname>jail.*</varname> to the 191 <varname>security.*</varname> hierarchy. Other security-related 192 sysctl variables have moved from <varname>kern.security.*</varname> to 193 <varname>security.*</varname>.</para> 194 195 <para role="historic">The <varname>kern.maxvnodes</varname> limit now properly 196 limits the number of vnodes in use. Previously only vnodes with 197 no cached pages could be freed; this could allow the number of 198 vnodes to grow without limit on large-memory machines accessing 199 many small files. A <literal>vnlru</literal> kernel thread 200 helps to flush and reuse vnodes. &merged;</para> 201 202 <para role="historic">The kernel message buffer is now accessible by the 203 (machine-independent) <varname>kern.msgbuf</varname> sysctl 204 variable; &man.dmesg.8; no longer needs to be SGID 205 <groupname>kmem</groupname>. &merged;</para> 206 207 <para>The kernel environment is now dynamic, and can be changed 208 via the new &man.kenv.2; system call.</para> 209 210 <para role="historic">The &man.kqueue.2; event notification facility was added to 211 the &os; kernel. This is a new interface which is able to 212 replace &man.poll.2;/&man.select.2;, offering improved 213 performance, as well as the ability to report many different 214 types of events. Support for monitoring changes in sockets, 215 pipes, fifos, and files are present, as well as for signals and 216 processes. &merged;</para> 217 218 <para arch="i386,pc98" role="historic">A new <varname>KVA_SPACE</varname> kernel option 219 can be used to reconfigure the size of the kernel virtual 220 address space. &merged;</para> 221 222 <para>The labpc(4) driver has been removed due to 223 <quote>bitrot</quote>.</para> 224 225 <para>The loader and kernel linker now look for files named 226 <filename>linker.hints</filename> in each directory with KLDs 227 for a module name and version to KLD filename mapping. The new 228 &man.kldxref.8; utility is used to generate these files.</para> 229 230 <para role="historic">Linux emulation now supports the kernel functionality 231 required by the 232 <filename role="package">emulators/linux_base</filename> 233 (RedHat 7.X emulation) port. &merged;</para> 234 235 <para role="historic">Linux emulation now requires <literal>options 236 SYSVSEM</literal> in the kernel configuration. &merged;</para> 237 238 <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control 239 security facility, has been added as a kernel module. It 240 provides a drop-in security mechanism in addition to the 241 traditional UID-based security facilities, requiring no 242 additional configuration from the administrator. Work on this 243 feature was sponsored by DARPA and NAI Labs.</para> 244 245 <para>&os; now supports an extensible Mandatory Access Control 246 framework, the TrustedBSD MAC Framework. It permits loadable 247 kernel modules to link to the kernel at compile-time, boot-time, 248 or run-time to augment the system security policy. The 249 framework permits modules to express interest in a variety 250 of events, and also provides common security policy services 251 such as label storage. A variety of sample policy modules are 252 shipped in this release, including implementations of fixed 253 and floating label Biba integrity models, Multi-Level Security 254 (MLS) with compartments, and a number of augmented UNIX security 255 models including a file system firewall. This feature will 256 permit easier development and maintenance of local and vendor 257 security extensions. The extensibility service is enabled 258 by adding <literal>options MAC</literal> to the kernel 259 configuration. 260 261 <note> 262 <para>The MAC framework is considered an experimental 263 feature in this release, and is not enabled by default</para> 264 </note> 265 </para> 266 267 <para arch="ia64">Machine Check Architecture (MCA) records are now 268 collected at boot time and made available through the 269 <varname>hw.mca.*</varname> sysctl variables.</para> 270 271 <para role="historic">The <varname>maxusers</varname> kernel configuration 272 parameter is now a boot-time tunable variable. The kernel 273 parameters derived from <varname>maxusers</varname> are now also 274 tunables and can be overridden at boot-time. The 275 <varname>hz</varname> parameter is also now a 276 tunable. &merged;</para> 277 278 <para role="historic">Specifying a value of <literal>0</literal> for the 279 <varname>maxusers</varname> kernel configuration parameter will 280 now cause an appropriate value to be calculated at boot-time 281 (between 32 and 384, depending on the amount of memory present). 282 This value is now the default for all 283 <filename>GENERIC</filename> kernels. &merged;</para> 284 285 <para arch="alpha" role="historic">A <varname>MAXMEM</varname> kernel option, 286 along with the <varname>hw.physmem</varname> loader tunable, can 287 be used to artificially reduce the memory size of a machine for 288 testing (or other purposes). &merged;</para> 289 290 <para role="historic">The kernel configuration parameters 291 <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>, 292 <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>, 293 <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are 294 all loader tunables (<varname>kern.maxtsiz</varname>, 295 <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para> 296 297 <para>&man.mutex.9; profiling code has been added, enabled by the 298 <literal>MUTEX_PROFILING</literal> kernel configuration option. 299 It enables the <varname>debug.mutex.prof.*</varname> hierarchy 300 of sysctl variables.</para> 301 302 <para arch="i386,pc98" role="historic">The <literal>NCPU</literal>, 303 <literal>NAPIC</literal>, <literal>NBUS</literal>, and 304 <literal>NINTR</literal> kernel configuration options, 305 for configuring SMP kernels, have been removed. 306 <literal>NCPU</literal> is now set to a maximum of 16, 307 and the other, aforementioned options are now 308 dynamic. &merged;</para> 309 310 <para role="historic">A &man.nmdm.4; null-modem terminal driver has been added. 311 &merged;</para> 312 313 <para role="historic">The <literal>O_DIRECT</literal> flag has been added to 314 &man.open.2; and &man.fcntl.2;. Specifying this flag for open 315 files will attempt to minimize the cache effects of reading and 316 writing. &merged;</para> 317 318 <para role="historic">An &man.orm.4; device has been added to claim the option 319 ROMs in the ISA memory I/O space, to prevent other drivers from 320 mistakenly assigning addresses that conflict with these 321 ROMs. &merged;</para> 322 323 <para>The <literal>P1003_1B</literal> kernel option is no longer 324 used and has been removed.</para> 325 326 <para arch="i386,pc98">PECOFF (Win32 Execution file format) support has 327 been added.</para> 328 329 <para arch="pc98" role="historic">The pmc driver, which supports the power 330 management controller of the NEC PC-98NOTE, has been 331 added. &merged;</para> 332 333 <para role="historic">POSIX.1b Shared Memory Objects are now supported. The 334 implementation uses regular files, but automatically enables the 335 MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para> 336 337 <para role="historic">Replaced the <literal>PQ_*CACHE</literal> options with a 338 single <literal>PQ_CACHESIZE</literal> option to be set to the 339 cache size in kilobytes. The old options are still supported 340 for backwards compatibility. &merged;</para> 341 342 <para arch="i386,pc98" role="historic">The &man.puc.4; (PCI <quote>Universal</quote> 343 Communications) driver has been added, to help connect PCI-based 344 serial ports to the &man.sio.4; driver. &merged;</para> 345 346 <para>The &man.random.4; device has been rewritten to use the 347 <application>Yarrow</application> algorithm. It harvests 348 entropy from a variety of interrupt sources, including the 349 console devices, Ethernet and point-to-point network interfaces, 350 and mass-storage devices. Entropy from the &man.random.4; 351 device is now periodically saved to files in 352 <filename>/var/db/entropy</filename>, as well as at shutdown 353 time. The semantics of <filename>/dev/random</filename> have 354 changed; it never blocks waiting for entropy bits but generates 355 a stream of pseudo-random data and now behaves exactly as 356 <filename>/dev/urandom</filename>.</para> 357 358 <para>A new kernel option, <literal>options REGRESSION</literal>, 359 enables interfaces and functionality intended for use during 360 correctness and regression testing.</para> 361 362 <para><literal>RLIMIT_VMEM</literal> support has been added. This 363 feature defines a new resource limit that covers a process's 364 entire virtual memory space, including &man.mmap.2; space. This 365 limit can be configured in &man.login.conf.5; via the new 366 <varname>vmemoryuse</varname> variable. &merged;</para> 367 368 <para arch="sparc64">Support has been added for SBus-based 369 devices.</para> 370 371 <para arch="sparc64">The sab driver, which supports the Siemens 372 SAB82532 serial chip found on many newer Sparc Ultra machines, 373 has been added.</para> 374 375 <para>A bug in the &man.sendfile.2; system call, in which headers 376 counted against the size of the file to be sent, has been 377 fixed. &merged;</para> 378 379 <para role="historic">The &man.snp.4; device is no longer static and can now be 380 compiled as a module. &merged;</para> 381 382 <para arch="i386" role="historic">The &man.spic.4; driver, which provides access 383 to the Jog Dial device on some Sony laptops, has been 384 added. &man.moused.8; support for this device has also been 385 added. &merged;</para> 386 387 <para>The &man.syscons.4; driver now supports keyboard-controlled 388 pasting, by default bound to 389 <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para> 390 391 <para role="historic">Support for USB devices was added to the 392 <filename>GENERIC</filename> kernel and to the installation 393 programs to support USB devices out of the box. Note that SRM 394 does not support USB devices at the moment, so you must still 395 use an AT keyboard if you are not using a serial 396 console. &merged;</para> 397 398 <para>The uaudio driver, for USB audio devices, has been 399 added. &merged;</para> 400 401 <para arch="i386,pc98">The ubsa driver has been added to support 402 the Belkin F5U103 (and compatible) USB-to-serial adaptors.</para> 403 404 <para arch="i386,pc98" role="historic">The &man.umodem.4; driver for USB modems 405 has been added. Support is provided for the 3Com 5605 and 406 Metricom Ricochet GS wireless USB modems. &merged;</para> 407 408 <para arch="i386,pc98" role="historic">The &man.uscanner.4; driver for basic USB 409 scanner support using SANE has been added. See <ulink 410 url="http://www.mostang.com/sane/">the SANE home page</ulink> 411 for supported scanners. The HP ScanJet 4100C, 5200C and 6300C 412 are known to be working. &merged;</para> 413 414 <para>The &man.ucom.4; device driver has been added, to support USB 415 modems, serial devices, and other programs that need to look 416 like a tty. The related &man.uftdi.4;, &man.uplcom.4;, &man.uvscom.4; drivers provide specific 417 support for FTDI serial adapters, the Prolific PL-2303 serial adapter and the SUNTAC 418 Slipper U VS-10U, respectively. &merged;</para> 419 420 <para>To increase security, the <literal>UCONSOLE</literal> kernel 421 configuration option has been removed.</para> 422 423 <para arch="i386,pc98">The UserConfig boot-time kernel configuration 424 feature, usually used to enable, disable, or configure ISA 425 devices, has been removed. Its functionality has been replaced 426 by the kernel hints file in 427 <filename>/boot/device.hints</filename>.</para> 428 429 <para>The <literal>USER_LDT</literal> kernel option is now 430 activated by default.</para> 431 432 <para>The &man.uvisor.4; driver for connecting Handspring Visors via USB 433 has been added. &merged;</para> 434 435 <para>A VESA S3 linear framebuffer driver has been added.</para> 436 437 <para arch="i386" role="historic">The &man.viapm.4; driver for VIA SMBus 438 power management controllers has been added. &merged;</para> 439 440 <!-- Above this line, sort kernel changes by manpage/keyword--> 441 442 <para role="historic">Write combining for crashdumps has been implemented. This 443 feature is useful when write caching is disabled on both SCSI 444 and IDE disks, where large memory dumps could take up to an hour 445 to complete. &merged;</para> 446 447 <para>The kernel crashdump infrastructure has been revised, to 448 support new platforms and in general clean up the logic in the 449 code. One implication of this change is that the on-disk format 450 for kernel dumps has changed, and is now 451 byte-order-agnostic.</para> 452 453 <para>Extremely large swap areas (>67 GB) no longer panic the 454 system.</para> 455 456 <para arch="alpha">Support for threads under Linux emulation has 457 been added.</para> 458 459 <para role="historic">The <maketarget>buildkernel</maketarget> target now gets the 460 name of the configuration(s) to build from the 461 <varname>KERNCONF</varname> variable, not 462 <varname>KERNEL</varname>. It is no longer required, in some 463 cases, for a <maketarget>buildworld</maketarget> to precede a 464 <maketarget>buildkernel</maketarget>. (The 465 <maketarget>buildworld</maketarget> is still required when 466 upgrading across major releases, across 467 <application>binutil</application> updates and when 468 &man.config.8; changes version.) &merged;</para> 469 470 <para role="historic">The out-of-swap process termination code now begins killing 471 processes earlier to avoid deadlocks; it now also takes into 472 account the swap space used by processes when computing the 473 process sizes. &merged;</para> 474 475 <para>Linker sets are now self-contained; gensetdefs(8) is 476 unnecessary and has been removed.</para> 477 478 <para role="historic">Network device cloning has been implemented, and the 479 &man.gif.4; device has been modified to take advantage of it. 480 Thus, instead of specifying how many &man.gif.4; interfaces are 481 available in kernel configuration files, &man.ifconfig.8;'s 482 <option>create</option> option should be used when another device 483 instance is desired. &merged;</para> 484 485 <para>It is now possible to hardwire kernel environment variables 486 (such as tunables) at compile-time using &man.config.8;'s 487 <literal>ENV</literal> directive.</para> 488 489 <para>Idle zeroing of pages can be enabled with the 490 <varname>vm.idlezero_enable</varname> sysctl variable.</para> 491 492 <para arch="i386,pc98" role="historic">The load addresses of kernels are now exported 493 to the symbol table and various hard-coded constants have been 494 removed so that utilities such as &man.ps.1; can work with 495 kernels compiled at different addresses. &merged;</para> 496 497 <para role="historic">Coredumps of large processes (or of a large number of 498 processes) no longer lock up the machine for long periods of 499 time. &merged;</para> 500 501 <para>The &os; kernel scheduler now supports Kernel-Scheduled 502 Entities (KSEs), which provides support for multiple threads of 503 execution per process similar to Scheduler Activations. At this 504 point, the kernel has most of the changes needed to support 505 threading. The kernel scheduler can schedule multiple threads per 506 process, but only on a single CPU at a time. More information 507 can be found in &man.kse.2;. 508 509 <note> 510 <para>KSE is a work in progress.</para> 511 </note> 512 513 </para> 514 515 <para>The kernel now has support for multiple low-level console 516 devices. The new &man.conscontrol.8; utility helps to manage 517 the different consoles.</para> 518 519 <para arch="alpha">The console driver has gained support for 520 TGA-based display adapters.</para> 521 522 <para role="historic">The kernel on the installation CDs is now separated from the 523 <filename>mfsroot</filename> image. This permits the use of a 524 full kernel when installing from CD on machines that support CD 525 booting (instead of the stripped-down kernel used on 526 floppies). &merged;</para> 527 528 <para role="historic">The system load average computation now adds some jitter to 529 the timing of samples, in order to avoid synchronization with 530 processes that run periodically. &merged;</para> 531 532 <para role="historic">If a debugging kernel with modules is being built 533 (i.e. using <literal>makeoptions DEBUG=-g</literal>), the 534 modules will now be built with debugging support as well, for 535 completeness. A side effect of this change is that modules 536 built and installed with debugging kernels will now occupy more 537 space on disk than they did previously. &merged;</para> 538 539 <para role="historic">The kernel dump device can now be set via the 540 <varname>dumpdev</varname> loader tunable. As a result, it is 541 now possible to obtain crash dumps from panics during the late 542 stages of kernel initialization (before the system enters into 543 single-user mode). &merged;</para> 544 545 <para>The kernel memory allocator is now a slab memory allocator, 546 similar to that used in Solaris. This is a SMP-safe memory 547 allocator that has near-linear performance as the number of CPUs 548 increases. It also allows for reduced memory 549 fragmentation.</para> 550 551 <sect3> 552 <title>Processor/Motherboard Support</title> 553 554 <para>SMP support has been largely reworked, incorporating code 555 from BSD/OS 5.0. One of the main features of SMPng 556 (<quote>SMP Next Generation</quote>) is to allow more 557 processes to run in kernel, without the need for spin locks 558 that can dramatically reduce the efficiency of multiple 559 processors. Interrupt handlers now have contexts associated 560 with them that allow them to be blocked, which reduces the 561 need to lock out interrupts.</para> 562 563 <para arch="i386,pc98">Support for the 80386 processor has been 564 removed from the <filename>GENERIC</filename> kernel, as this 565 code seriously pessimizes performance on other IA32 566 processors. 567 The <literal>I386_CPU</literal> kernel option 568 to support the 80386 processor is now mutually exclusive with 569 support for other IA32 processors; this should slightly 570 improve performance on the 80386 due to the elimination of 571 runtime processor type checks. 572 Custom kernels that will run on the 80386 can 573 still be built by changing the CPU options in the kernel 574 configuration file to only include 575 <literal>I386_CPU</literal>.</para> 576 577 <para arch="alpha" role="historic">AlphaServer 1200 (<quote>Tincup</quote>) has 578 been tested and works OK. Currently it does not want to boot 579 from CD or floppy but a transplanted disk that was installed 580 on another Alpha works well. &merged;</para> 581 582 <para arch="alpha">The API UP1100 mainboard has been verified to 583 work.</para> 584 585 <para arch="alpha">The API CS20 1U high server has been verified 586 to work.</para> 587 588 <para arch="alpha">Support for AlphaServer 2100A 589 (<quote>Lynx</quote>) has been added.</para> 590 591 <para arch="alpha">Kernel code has been added that allows older 592 generation Alpha CPUs (EV4 and EV5) to emulate instructions of 593 the newer Alpha CPU generations. This enables the use of 594 binary-only programs like <application>Adobe Acrobat 595 4</application> on EV4 and EV5.</para> 596 597 <para arch="alpha">SMP support for the Alpha is now operational.</para> 598 599 <para arch="i386" role="historic">Detection for new processors, such as the 600 FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and 601 Transmeta Crusoe LongRun, has been added. &merged;</para> 602 603 <para arch="alpha">Support for the following hardware has been 604 removed from the installation kernel to make it fit on a 605 1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine, 606 sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595), 607 pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS 608 900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb 609 (Winbond W89C840F).</para> 610 611 <para arch="i386" role="historic">Support for Streaming <acronym>SIMD</acronym> 612 Extensions (<acronym>SSE</acronym>) has been introduced. The 613 <literal>CPU_ENABLE_SSE</literal> kernel option controls 614 whether support is compiled into the kernel. &merged;</para> 615 616 <para arch="i386" role="historic">The <literal>CPU_ATHLON_SSE_HACK</literal> 617 kernel option has been added, which attempts to enable the SSE 618 feature bit on newer Athlon CPUs if the BIOS has forgotten to 619 enable it. &merged;</para> 620 621 <para arch="sparc64">The UltraSPARC platform is now supported by 622 &os;. The following machines are supported to at least some 623 degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade 624 100. SMP is supported, and has been tested on the 625 Ultra 2, Ultra 60, Enterprise 220R, and 626 Enterprise 420R.</para> 627 628 <para arch="i386">On some systems, the BIOS does not activate 629 the I/O ports and memory of PC devices, thus making them 630 unusable. The <varname>hw.pci.enable_io_modes</varname> 631 sysctl/boot loader variable (which defaults to 632 <literal>1</literal>, for <quote>enabled</quote>) 633 forces &os; to enable these devices so that they can be 634 used.</para> 635 636 <para arch="alpha">Support for TurboChannel Alphas has been 637 removed.</para> 638 639 <para arch="i386">Support for the AMD Élan SC520 has been 640 added; this requires the <literal>CPU_ELAN</literal> option in 641 the kernel configuration file. &merged;</para> 642 643 <para arch="i386,pc98">The <literal>CPU_DISABLE_CMPXCHG</literal> 644 kernel configuration option has been added. Enabling this 645 option has been shown to dramatically improve performance on 646 VMWare client OS installs. 647 648 <note> 649 <para>This option is not compatible with 650 <literal>SMP</literal> kernels.</para> 651 </note> 652 653 </para> 654 655 </sect3> 656 657 <sect3> 658 <title>Bootloader Changes</title> 659 660 <para arch="i386" role="historic"><filename>boot2</filename> now supports a 661 <option>-n</option> option to disallow boot interruption by 662 keypresses. &merged;</para> 663 664 <para arch="i386" role="historic">A new <filename>cdboot</filename> bootstrap 665 utility for CDROMs provides better compatability with some 666 BIOS implementations that do not completely implement the El 667 Torito bootable CDROM standard. This boot loader supports 668 <quote>no emulation</quote> mode booting, thus eliminating the 669 need for an emulated floppy disk image on a bootable 670 CDROM. &merged;</para> 671 672 <para arch="i386,pc98" role="historic">The i386 boot loader now has support for a 673 <literal>nullconsole</literal> console type, for use on 674 systems with neither a video console nor a serial 675 port. &merged;</para> 676 677 <para arch="i386,pc98" role="historic">The &man.loader.8; now has optional support 678 (enabled at compile-time, off by default) for loading 679 <application>bzip2</application>-compressed kernels and 680 modules. &merged;</para> 681 682 <para arch="i386" role="historic">Support for Intel's Wired for Management 2.0 683 (PXE) was added to the &os; boot loader. Due to API 684 differences, the older PXE versions are not supported. This 685 allow network booting using DHCP. &merged;</para> 686 687 <!-- Above this line, order bootloader changes by keyword--> 688 689 <para arch="i386" role="historic">The &os; boot loader now contains a workaround 690 to support CDROM booting on certain IBM BIOSs that expect the 691 first sector of the emulated floppy to contain a valid MS-DOS 692 BPB that they can modify. &merged;</para> 693 694 <para arch="i386,pc98" role="historic">The &os; boot loader now supports a 695 <option>-p</option> flag to force the kernel to pause after 696 each line of output during the probing phase. &merged;</para> 697 698 <para arch="alpha,i386" role="historic">The &os; boot loader is now capable of 699 booting from filesystems with block sizes larger than 700 8K. &merged;</para> 701 702 <para>The kernel and modules have been moved to the directory 703 <filename>/boot/kernel</filename>, so they can be easily 704 manipulated together. The boot loader has been updated to 705 make this change as seamless as possible.</para> 706 </sect3> 707 708 <sect3> 709 <title>Network Interface Support</title> 710 711 <para role="historic">The &man.an.4; driver for Cisco Aironet cards now supports 712 Wired Equivalent Privacy (WEP) encryption, settable via 713 &man.ancontrol.8;. &merged;</para> 714 715 <para role="historic">The &man.an.4; driver now supports the Cisco Aironet 350 716 series of adaptors. &merged;</para> 717 718 <para role="historic">The &man.an.4; driver now supports <quote>monitor</quote> 719 mode, settable via the <option>-M</option> option to 720 &man.ancontrol.8;. &merged;</para> 721 722 <para role="historic">The &man.an.4; driver now supports Cisco LEAP, as well as 723 the <quote>Home</quote> WEP key. The Linux Aironet utilities 724 are now supported under emulation. &merged;</para> 725 726 <para arch="i386,pc98" role="historic">Generic support for ARCNET token-based 727 networks has been added. &merged;</para> 728 729 <para arch="i386,pc98" role="historic">The &man.bge.4; driver has been added to 730 support the Broadcom BCM570x family of Gigabit Ethernet 731 controllers, including the 3Com 3c996-T, the SysKonnect 732 SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on 733 Dell PowerEdge 2550 servers. Output TCP/IP checksum offload, 734 jumbo frames and VLAN tag insertion/stripping are supported, 735 as well as interrupt moderation. &merged;</para> 736 737 <para arch="i386" role="historic">The cm driver has been added to support SMC 738 COM90cx6 ARCNET network adapters. &merged;</para> 739 740 <para>The &man.dc.4; driver now supports NICs based on the Xircom 741 3201 and Conexant LANfinity RS7112 chips.</para> 742 743 <para role="historic">The &man.dc.4; driver now has support for 744 VLANs. &merged;</para> 745 746 <para role="historic">The &man.de.4; driver now performs round-robin arbitration 747 between the transmit and receive units of the 21143, instead 748 of giving priority to the receive unit. This gives a 749 10–15% performance improvement in the forwarding rate 750 under heavy load. &merged;</para> 751 752 <para arch="alpha">The &man.ed.4; driver is now supported.</para> 753 754 <para arch="i386,pc98" role="historic">Linksys Fast Ethernet PCCARD cards supported 755 by the &man.ed.4; driver now require the addition of flag 756 <literal>0x80000</literal> to their config line in 757 &man.pccard.conf.5;. This flag is not optional. These 758 Linksys cards will not be recognized without 759 it. &merged;</para> 760 761 <para role="historic">A bug in the &man.ed.4; driver that could cause panics 762 with very short packets and BPF or bridging active has been 763 fixed. &merged;</para> 764 765 <para role="historic">The &man.ed.4; driver now has support for D-Link DL10022 766 chips, necessary for the NetGear FA-410TX and other cards. As 767 a result, <literal>device miibus</literal> is required in 768 kernel configurations using the &man.ed.4; 769 driver. &merged;</para> 770 771 <para arch="i386">The &man.el.4; driver can now be loaded as a 772 module.</para> 773 774 <para arch="i386,pc98,ia64" role="historic">The &man.em.4; driver has been added to 775 support NICs based on the Intel 82542, 82543, 82544, 82545EM, 776 and 82546EB 777 Gigabit Ethernet controller chips. The driver has VLAN 778 support, and also supports 779 transmit/receive checksum offload and jumbo frames on 82543 780 and 82544-based adapters. &merged;</para> 781 782 <para role="historic">The &man.faith.4; device is now loadable, unloadable, and 783 clonable. &merged;</para> 784 785 <para arch="i386,pc98" role="historic">Support for Fujitsu MB86960A/MB86965A based 786 Ethernet PC-Cards has been added back in the &man.fe.4; 787 driver. &merged;</para> 788 789 <para arch="alpha" role="historic">The &man.fpa.4; driver now supports Digital's 790 DEFPA FDDI adaptors on the Alpha. &merged;</para> 791 792 <para role="historic">The &man.fxp.4; driver now requires a <literal>device 793 miibus</literal> entry in the kernel configuration 794 file. &merged;</para> 795 796 <para role="historic">The &man.fxp.4; driver now contains a workaround for PCI 797 protocol violations caused by defects in some systems based on 798 the Intel ICH2/ICH2-M chip. The workaround is to rewrite the 799 EEPROM on the interface to disable Dynamic Standby Mode; once 800 the EEPROM is rewritten, the system needs to be rebooted for 801 the new settings to take effect. &merged;</para> 802 803 <para role="historic">The &man.fxp.4; driver now supports Intel's loadable 804 microcode to implement receive-side interrupt coalescing and 805 packet bundling, on NICs that support these features. This 806 support can be activated by the use of the 807 <option>link0</option> option to 808 &man.ifconfig.8;. &merged;</para> 809 810 <para arch="sparc64">The gem driver has been added to support 811 the Sun GEM Gigabit Ethernet and ERI Fast Ethernet 812 adapters.</para> 813 814 <para role="historic">The &man.gx.4; driver has been added to support NICs based 815 on the Intel 82542 and 82543 Gigabit Ethernet controller 816 chips. Both fiber and copper variants of the cards are 817 supported. Both boards support VLAN tagging/insertion, and 818 the 82543 additionally supports TCP/IP checksum 819 offload. &merged;</para> 820 821 <para arch="sparc64">The hme driver has been added to support 822 the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra 823 series machines.</para> 824 825 <para>The &man.lmc.4; driver has been added to support LAN Media 826 Corp WAN adapters based on the DEC <quote>Tulip</quote> PCI 827 Fast Ethernet controller.</para> 828 829 <para role="historic">The &man.lge.4; driver has been added to support the Level 830 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This 831 device is used on some fiber optic GigE cards from SMC, D-Link 832 and Addtron. Jumbograms and TCP/IP checksum offload on 833 receive are supported, although hardware VLAN filtering is 834 not. &merged;</para> 835 836 <para role="historic">The my driver, which supports the Myson Fast Ethernet and 837 Gigabit Ethernet adapters, has been added. &merged;</para> 838 839 <para role="historic">Added the &man.nge.4; driver, which supports PCI Gigabit 840 Ethernet adapters based on the National Semiconductor DP83820 841 and DP83821 Gigabit Ethernet controller chips, including the 842 D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante 843 FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T. 844 This driver supports transmit and receive checksum 845 offloading. &merged;</para> 846 847 <para role="historic">The &man.pcn.4; driver, which supports the AMD PCnet/FAST, 848 PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and 849 HomePNA adapters, has been added. Although these cards are 850 already supported by the &man.lnc.4; driver, the &man.pcn.4; 851 driver runs these chips in 32-bit mode and uses the RX 852 alignment feature to achieve zero-copy receive. This driver 853 is also machine-independent, so it will work on the i386, 854 pc98 and Alpha platforms. The &man.lnc.4; driver is still needed 855 to support non-PCI cards. &merged;</para> 856 857 <para role="historic">The &man.ray.4; driver, which supports the Webgear Aviator 858 wireless network cards, has been committed. The operation of 859 &man.ray.4; interfaces can be modified by 860 &man.raycontrol.8;. &merged;</para> 861 862 <para arch="i386,pc98">The &man.rp.4; driver has been updated to 863 version 3.02 and can now be built as a module. &merged;</para> 864 865 <para arch="i386" role="historic">The sbni driver, for supporting the Granch 866 SBNI12 series of ISA and PCI point-to-point communications 867 interfaces, has been added. The <filename 868 role="package">sysutils/sbniconfig</filename> port in the &os; 869 Ports Collection can be used for configuring these 870 devices. &merged;</para> 871 872 <para role="historic">Added support for PCI Ethernet adapters based on the SiS 873 900 and SiS 7016 Fast Ethernet controller chips (for example, 874 as seen on the SiS 635 and 735 motherboard chipsets), as well 875 as the National Semiconductor DP83815 chipset (including the 876 NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4; 877 driver. This device has support for VLANs. &merged;</para> 878 879 <para arch="pc98" role="historic">The snc driver for the National Semiconductor 880 DP8393X (SONIC) Ethernet controller has been added. 881 Currently, this driver is only used on the PC-98 882 architecture. &merged;</para> 883 884 <para>The &man.stf.4; device is now clonable.</para> 885 886 <para role="historic">The &man.tap.4; driver, a virtual Ethernet device driver 887 for bridged configurations, has been added. This device is 888 clonable. &merged;</para> 889 890 <para role="historic">The &man.ti.4; driver now supports the Alteon AceNIC 891 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT 892 Gigabit cards. &merged;</para> 893 894 <para role="historic">The &man.ti.4; driver correctly masks VLAN tags. &merged;</para> 895 896 <para>The &man.tx.4; driver now supports true multicast 897 filtering.</para> 898 899 <para role="historic">The &man.txp.4; driver has been added to support NICs 900 based on the 3Com 3XP Typhoon/Sidewinder (3CR990) 901 chipset. &merged;</para> 902 903 <para role="historic">&man.vlan.4; devices are now loadable, unloadable, and 904 clonable. &merged;</para> 905 906 <para role="historic">The &man.wi.4; driver now has support for Prism II and 907 Prism 2.5-based NICs. 104/128-bit WEP now works on Prism 908 cards. &merged;</para> 909 910 <para role="historic">The &man.wi.4; driver now supports using a &os; host as 911 a wireless access point. This functionality can be enabled 912 using the <literal>mediaopt hostap</literal> option of 913 &man.ifconfig.8;. This feature requires a wireless 914 adapter based on the Prism II chipset. &merged;</para> 915 916 <para role="historic">The &man.wi.4; driver now has support for 917 <application>bsd-airtools</application>. &merged;</para> 918 919 <para role="historic">The xe driver can now be built as a 920 module. &merged;</para> 921 922 <para role="historic">The &man.xl.4; driver now supports the 3Com 3C556 and 923 3C556B MiniPCI adapters used on some laptops. &merged;</para> 924 925 <para role="historic">The &man.xl.4; driver now supports reception of VLAN 926 tagged frames (on the <quote>Cyclone</quote> or newer 927 chipsets). &merged;</para> 928 929 <para role="historic">The &man.xl.4; driver now supports send- and receive-side 930 TCP/IP checksum offloading for NICs implementing this feature, 931 such as the 3C905B, 3C905C, and 3C980C. &merged;</para> 932 933 <para role="historic">A bug in the &man.xl.4; driver, related to statistics 934 overflow interrupt handling, was causing slowdowns at medium 935 to high packet rates; this has been fixed. &merged;</para> 936 937 <para role="historic">The per-interface <varname>ifnet</varname> structure now 938 has the ability to indicate a set of capabilities supported by 939 a network interface, and which ones are enabled. 940 &man.ifconfig.8; has support for querying these 941 capabilities. &merged;</para> 942 943 <para role="historic">Performance with hosts having a large number of IP aliases 944 has been improved, by replacing the per-interface 945 <varname>if_inaddr</varname> linear list with a hash table. &merged;</para> 946 947 <para>Network devices now automatically appear as special files in 948 <filename>/dev/net</filename>. Interface hardware ioctls (not 949 protocol or routing) can be performed on these devices. The 950 <varname>SIOCGIFCONF</varname> ioctl may be performed on the 951 special <filename>/dev/network</filename> node.</para> 952 953 <para role="historic">Selected network drivers now implement a semi-polling 954 mode, which makes systems much more resilient to attacks and 955 overloads. To enable polling, the following options are 956 required in a kernel configuration file: 957 958 <programlisting>options DEVICE_POLLING 959options HZ=1000 # not compulsory but strongly recommended</programlisting> 960 961 The <varname>kern.polling.enable</varname> sysctl variable 962 will then activate polling mode; with the 963 <varname>kern.polling.user_frac</varname> sysctl indicating 964 the percentage of CPU time to be reserved for userland. The 965 devices initially supporting polling are &man.dc.4;, 966 &man.fxp.4;, &man.nge.4;, &man.rl.4;, and &man.sis.4;. More details can be found in 967 the &man.polling.4; manual page. &merged;</para> 968 969 <para arch="i386,pc98" role="historic">The packet-forwarding performance of certain 970 network drivers (specifically &man.dc.4; and &man.sis.4;) has 971 been enhanced by the elimination of unnecessary buffer 972 copies. &merged;</para> 973 974 <para><quote>Zero copy</quote> support has been added to the 975 networking stack. This feature can eliminate a copy of 976 network data between the kernel and userland, which is one of 977 the more significant bottlenecks in network throughput. 978 The send-side code should work with almost any network 979 adapter, while the receive-side code requires a network 980 adapter with an MTU of at least one memory page size (for 981 example, jumbo frames on Gigabit Ethernet). For more 982 information, see &man.zero.copy.9;.</para> 983 </sect3> 984 985 <sect3> 986 <title>Network Protocols</title> 987 988 <para role="historic">&man.accept.filter.9;, a kernel feature to reduce 989 overheads when accepting and reading new connections on 990 listening sockets, has been added. &merged;</para> 991 992 <para role="historic">The <literal>proxy</literal> modifier to &man.arp.8;'s 993 <option>-d</option> option has been renamed to 994 <literal>pub</literal>, for consistency with the 995 <option>-s</option> option. The <literal>only</literal> keyword 996 has been added to the <option>-s</option> and 997 <option>-S</option> flags, to be used in creating 998 <quote>proxy-only</quote> published entries. &merged;</para> 999 1000 <para role="historic">The read timeout feature of &man.bpf.4; now works more 1001 correctly with &man.select.2;/&man.poll.2;, and therefore with 1002 pthreads. &merged;</para> 1003 1004 <para role="historic">&man.bridge.4; and &man.dummynet.4; have received some 1005 enhancements and bug fixes, and are now loadable 1006 modules. &merged;</para> 1007 1008 <para role="historic">&man.bridge.4; now has better support for multiple, 1009 fully-independent bridging clusters, and is much more stable 1010 in the presence of dynamic attachments and detatchments. Full 1011 support for VLANs is also supported. &merged;</para> 1012 1013 <para>A <literal>FAST_IPSEC</literal> kernel option now allows 1014 the IPsec implementation to use the kernel &man.crypto.4; framework, 1015 along with its support for hardware cryptographic 1016 acceleration. 1017 <note> 1018 <para>The <literal>FAST_IPSEC</literal> and 1019 <literal>IPSEC</literal> options are mutually 1020 exclusive.</para> 1021 </note> 1022 1023 <note> 1024 <para>The <literal>FAST_IPSEC</literal> option is, at the 1025 moment, not compatible with IPv6 or the 1026 <literal>INET6</literal> option.</para> 1027 </note> 1028 1029 </para> 1030 1031 <para>A &man.gre.4; driver, which can encapsulate IP packets 1032 using GRE (RFC 1701) or minimal IP encapsulation for Mobile IP 1033 (RFC 2004), has been added. &merged;</para> 1034 1035 <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP 1036 RSTs generated due to packets sent to open and unopen ports 1037 are now limited by separate counters. Each rate limiting 1038 queue now has its own description.</para> 1039 1040 <para role="historic">ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can 1041 now RST TCP connections in the <literal>SYN_SENT</literal> 1042 state if the correct sequence numbers are sent back, as 1043 controlled by the 1044 <varname>net.inet.tcp.icmp_may_rst</varname> sysctl. &merged;</para> 1045 1046 <para>ICMP Source Quench messages are no longer generated for 1047 forwarded packets. The old behavior can be re-enabled with 1048 the <varname>net.inet.ip.sendsourcequench</varname> sysctl 1049 variable.</para> 1050 1051 <para>IP multicast now works on VLAN devices. Several other 1052 bugs in the VLAN code have also been fixed.</para> 1053 1054 <para role="historic">A bug in the IPsec processing for IPv4, which caused the 1055 inbound SPD checks to be ignored, has been fixed. &merged;</para> 1056 1057 <para role="historic">&man.ipfw.4; now filters correctly in the presence of ECN 1058 bits in TCP segments. &merged;</para> 1059 1060 <para>&man.ipfw.4; has been re-implemented (the new version is 1061 commonly referred to as <quote>IPFW2</quote>). It now uses 1062 variable-sized representation of rules in the kernel, similar 1063 to &man.bpf.4; instructions. Most of the externally-visible 1064 behavior (i.e. through &man.ipfw.8;) should be unchanged, 1065 although &man.ipfw.8; now supports <literal>or</literal> 1066 connectives between match fields. &merged;</para> 1067 1068 <para role="historic">A new ng_eiface netgraph module has been added, which 1069 appears as an Ethernet interface but delivers its Ethernet 1070 frames to a Netgraph hook. &merged;</para> 1071 1072 <para>A new &man.ng.device.4; netgraph node type has been added, 1073 which creates a device entry in <filename>/dev</filename>, to 1074 be used as the entry point to a networking graph.</para> 1075 1076 <para role="historic">A new &man.ng.etf.4; netgraph node allows Ethernet type 1077 packets to be filtered to different hooks depending on 1078 ethertype. &merged;</para> 1079 1080 <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph 1081 nodes, for operating on &man.gif.4; devices, have been 1082 added.</para> 1083 1084 <para>The &man.ng.ip.input.4; netgraph node, for queueing IP 1085 packets into the main IP input processing code, has been 1086 added.</para> 1087 1088 <para>A new &man.ng.l2tp.4; netgraph node type, which implements 1089 the encapsulation layer of the L2TP protocol as described in 1090 RFC 2661, has been added. &merged;</para> 1091 1092 <para role="historic">The &man.ng.mppc.4; and &man.ng.bridge.4; node types have 1093 been added to the &man.netgraph.4; subsystem. The 1094 &man.ng.ether.4; node is now dynamically loadable. 1095 Miscellaneous bug fixes and enhancements have also been 1096 made. &merged;</para> 1097 1098 <para role="historic">A new netgraph node type &man.ng.one2many.4; for 1099 multiplexing and demultiplexing packets over multiple links 1100 has been added. &merged;</para> 1101 1102 <para>A new ng_split node type has been added for splitting a 1103 bidirectional packet flow into two unidirectional flows.</para> 1104 1105 <para role="historic">A new sysctl 1106 <varname>net.inet.ip.check_interface</varname>, which is on by 1107 default, causes IP to verify that an incoming packet arrives 1108 on an interface that has an address matching the packet's 1109 destination address. &merged;</para> 1110 1111 <para role="historic">A new sysctl 1112 <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has 1113 been added to control the suppression of logging when ARP 1114 replies arrive on the wrong interface. &merged;</para> 1115 1116 <para role="historic">A new <literal>options RANDOM_IP_ID</literal> kernel 1117 option causes the ID field of IP packets to be randomized. 1118 This closes a minor information leak which allows a remote 1119 observer to determine the rate at which the machine is 1120 generating packets, since the default behavior is to increment 1121 a counter for each packet sent. &merged;</para> 1122 1123 <para arch="alpha">SLIP has been removed from the 1124 <filename>mfsroot</filename> floppy image.</para> 1125 1126 <para role="historic">TCP has received some bug fixes for its delayed ACK 1127 behavior. &merged;</para> 1128 1129 <para role="historic">TCP now supports the NewReno modification to the TCP Fast 1130 Recovery algorithm. This behavior can be controlled via the 1131 <varname>net.inet.tcp.newreno</varname> sysctl 1132 variable. &merged;</para> 1133 1134 <para role="historic">TCP now uses a more aggressive timeout for initial SYN 1135 segments; this allows initial connection attempts to be 1136 dropped much faster. &merged;</para> 1137 1138 <para role="historic">The <literal>TCP_COMPAT_42</literal> kernel option has 1139 been removed. &merged;</para> 1140 1141 <para role="historic">The <literal>TCP_RESTRICT_RST</literal> kernel option has 1142 been removed. Similar functionality can be achieved with the 1143 <varname>net.inet.tcp.blackhole</varname> sysctl 1144 variable. &merged;</para> 1145 1146 <para role="historic">TCP now has RFC 1323 extensions enabled by default in 1147 &man.rc.conf.5;. &merged;</para> 1148 1149 <para role="historic">RFC 1323 and RFC 1644 TCP extensions are now disabled for 1150 a connection in progress if no response has been received by 1151 the third SYN segment sent. This behavior tries to work 1152 around (very old) terminal servers with buggy VJ header 1153 compression implementations. &merged;</para> 1154 1155 <para role="historic">The TCP implementation no longer requires the allocation 1156 of a TCP template structure for each connection; this should 1157 reduce the buffer usage on large systems handling many 1158 connections. &merged;</para> 1159 1160 <para role="historic">TCP's default buffer sizes, controlled by the 1161 <varname>net.inet.tcp.sendspace</varname> and 1162 <varname>net.inet.tcp.recvspace</varname> sysctl variables, 1163 have been increased to 32K and 64K respectively. Previously, 1164 the default for both buffer sizes was 16K. To try to avoid 1165 increasing congestion, the default value for 1166 <varname>net.inet.tcp.local_slowstart_flightsize</varname> has 1167 been changed from infinity to 4. &merged; 1168 1169 <note> 1170 <para>On busy hosts, the new larger buffer sizes may require 1171 manually increasing the 1172 <varname>NMBCLUSTERS</varname> parameter, either in the 1173 kernel configuration file or via the 1174 <varname>kern.ipc.nmbclusters</varname> loader tunable. 1175 <command>netstat -mb</command> can be used to monitor the 1176 state of mbuf clusters.</para> 1177 </note> 1178 </para> 1179 1180 <para role="historic">TCP now supports RFC 1948 (Defending Against Sequence 1181 Number Attacks). The 1182 <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl 1183 variable controls the reseeding of the secret data used in 1184 the RFC 1948 initial sequence number calculations. &merged;</para> 1185 1186 <para role="historic">The TCP implementation in &os; now implements a cache of 1187 outstanding, received SYN segments. Incoming SYN segments now 1188 cause entries to be placed in the cache until the TCP 1189 three-way handshake is complete, at which point, memory is 1190 allocated for the connection as usual. In addition, all TCP 1191 Initial Sequence Numbers (ISNs) are used as cookies, allowing 1192 entries in the cache to be dropped, but still have their 1193 corresponding ACKs accepted later. The combination of the 1194 so-called 1195 <quote>syncache</quote> and <quote>syncookies</quote> features 1196 makes a host much more resistant to TCP-based Denial of 1197 Service attacks. Work on this feature was sponsored by DARPA 1198 and NAI Labs. &merged;</para> 1199 1200 <para role="historic">A bug in the TCP implementation, which could cause 1201 connections to stall if a sender saw a zero-sized window, has 1202 been corrected. &merged;</para> 1203 1204 <para role="historic">The TCP implementation now properly ignores packets 1205 addressed to IP-layer broadcast addresses. &merged;</para> 1206 1207 <para>The ephemeral port range used for TCP and UDP has been 1208 changed to 49152–65535 (the old default was 1209 1024–5000). This increases the number of concurrent 1210 outgoing connections/streams.</para> 1211 1212 <para>The &man.tcp.4; protocol's retransmission timer can now be 1213 manipulated with two sysctl variables, 1214 <varname>net.inet.tcp.rexmit_min</varname> and 1215 <varname>net.inet.tcp.rexmit_slop</varname>. The default has 1216 been reduced from one second to 200ms (similar to the Linux default) 1217 in order to better handle hiccups over interactive connections and 1218 improve recovery over lossy fast connections such as wireless links.</para> 1219 1220 <para>The &man.tcp.4; protocol now has the ability to dynamically 1221 limit the send-side window to maximize bandwidth and minimize 1222 round trip times. The feature can be enabled via the 1223 <varname>net.inet.tcp.inflight_enable</varname> 1224 sysctl. &merged;</para> 1225 1226 </sect3> 1227 1228 <sect3> 1229 <title>Disks and Storage</title> 1230 1231 <para arch="i386" role="historic">Support for the Adaptec FSA family of PCI-SCSI 1232 RAID controllers has been added, in the form of the 1233 &man.aac.4; driver. This driver includes proper handling of 1234 commands initiated by the adapter, addition/removal of disk 1235 devices, crashdump functionality, and &man.ioctl.2; commands 1236 necessary for the management CLI, and is fully qualified and 1237 sanctioned by Adaptec. &merged;</para> 1238 1239 <para role="historic">The &man.ahc.4; driver has received numerous updates, 1240 bugfixes, and enhancements. Among various improvements are 1241 improved compatibility with chips in <quote>RAID Port</quote> 1242 mode and systems with AAA and/or ARO cards installed, as well 1243 as performance improvements. Some bugs were also fixed, 1244 including a rare hang on Ultra2/U160 1245 controllers. &merged;</para> 1246 1247 <para arch="i386">The &man.ahd.4; driver, which supports the Adaptec 1248 AIC7901, AIC7901A, and AIC7902 Ultra320 PCI-X SCSI Controller chips, has been 1249 added. &merged;</para> 1250 1251 <para arch="i386" role="historic">The &man.asr.4; driver, which provides support 1252 for the Adaptec SCSI RAID controller family, as well as the 1253 DPT SmartRAID V and VI families, has been 1254 added. &merged;</para> 1255 1256 <para arch="i386" role="historic">The &man.asr.4; driver now supports the 1257 Adaptec 2000S and 2005S Zero-Channel RAID 1258 controllers. &merged;</para> 1259 1260 <para role="historic">The &man.ata.4; driver now has support for ATA100 1261 controllers. In addition, it now supports the ServerWorks 1262 ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 1263 chipsets, and the Cyrix 5530. &merged;</para> 1264 1265 <para role="historic">To provide more flexible configuration, the various 1266 options for the &man.ata.4; driver are now boot loader 1267 tunables, rather than kernel configure-time 1268 options. &merged;</para> 1269 1270 <para role="historic">The &man.ata.4; driver now has support for tagged queuing, 1271 which is enabled by the <varname>hw.ata.tags</varname> loader 1272 tunable. &merged;</para> 1273 1274 <para role="historic">The &man.ata.4; driver now has support for ATA 1275 <quote>pseudo</quote> RAID controllers as the Promise Fasttrak 1276 and HighPoint HPT370 controllers. &merged;</para> 1277 1278 <para role="historic">The &man.ata.4; driver now supports a wider variety of SiS 1279 chipsets, as listed in the Hardware Notes. &merged;</para> 1280 1281 <para role="historic">The &man.ata.4; driver now has support for creating, 1282 deleting, querying, and rebuilding ATA RAIDs under control of 1283 &man.atacontrol.8;. &merged;</para> 1284 1285 <para role="historic">The BurnProof(TM) feature, for applicable ATAPI CD-ROM 1286 burners, is now supported. &merged;</para> 1287 1288 <para role="historic">The &man.ata.4; driver now has support for 48-bit 1289 addressing. Devices larger than 137GB are now 1290 supported. &merged;</para> 1291 1292 <para role="historic">The &man.ata.4; driver now contains fixes for some data 1293 corruption problems on systems using the VIA 82C686B 1294 Southbridge chip. &merged;</para> 1295 1296 <para>The &man.ata.4; driver (along with &man.burncd.8;) now 1297 supports writing to media in DVD+RW drives.</para> 1298 1299 <para>The &man.ata.4; driver now supports accessing ATA devices 1300 as SCSI devices via the CAM layer and drivers (&man.cd.4;, 1301 &man.da.4;, &man.st.4;, and &man.pass.4;). This feature requires 1302 <literal>device atapicam</literal> in the kernel 1303 configuration. More information can be found in 1304 &man.atapicam.4;. &merged;</para> 1305 1306 <para>The &man.ata.4; driver now has support for the Sil 0680 1307 and VIA 8233/8235 controllers. &merged;</para> 1308 1309 <para>The &man.ata.4; driver now has support for the Acard 1310 ATP850, ATP860, and ATP865 controllers.</para> 1311 1312 <para arch="pc98">The &man.ata.4; driver is now supported on the 1313 pc98 platform.</para> 1314 1315 <para role="historic">The &man.cd.4; driver now has support for write 1316 operations. This allows writing to DVD-RAM, PD and similar 1317 drives that probe as CD devices. Note that change affects 1318 only random-access writeable devices, not sequential-only 1319 writeable devices such as CD-R drives, which are supported by 1320 &man.cdrecord.1; (a part of 1321 <filename role="package">sysutils/cdrtools</filename> in the 1322 Ports Collection. &merged;</para> 1323 1324 <para>The &man.cd.4; driver now supports the same 1325 <literal>CDRIOCREADSPEED</literal> and 1326 <literal>CDRIOCWRITESPEED</literal> ioctls that the 1327 &man.acd.4; driver uses for setting the speed of CDROM 1328 access.</para> 1329 1330 <para>The &man.targ.4; driver has been rewritten and a new 1331 usermode has been added to <filename>/usr/share/examples/scsi_target</filename> that 1332 emulates a direct access device.</para> 1333 1334 <para arch="i386" role="historic">The &man.ciss.4; driver, for devices utilizing the 1335 Common Interface for SCSI-3 Support, has been added. This 1336 driver supports the Compaq SmartRAID 5* family of RAID 1337 controllers (5300, 532, 5i). &merged;</para> 1338 1339 <para>The &man.fdc.4; floppy disk driver has undergone a number of 1340 enhancements. Density selection for common settings is now 1341 automatic; the driver is also much more flexible in setting 1342 the densities of various subdevices.</para> 1343 1344 <para>The &man.geom.4; disk I/O request transformation framework 1345 has been added; this extensible framework is designed to 1346 support a wide variety of operations on I/O requests on their 1347 way from the upper kernel to the device drivers. 1348 1349 <note> 1350 <para>GEOM-enabled kernels no longer support 1351 <quote>compatability slices</quote>. This feature 1352 (supported on the i386 and pc98 only) allowed a user to 1353 refer to a disk partition without specifying an MBR slice 1354 (e.g. <filename>/dev/ad0a</filename>); the kernel would 1355 automatically find the first applicable &os; slice and use 1356 it. On GEOM-enabled kernels (the default), only the full partition names 1357 (e.g. <filename>/dev/ad0s1a</filename>) are allowed when 1358 referring to partitions within MBR slices. This 1359 change should affect very few users.</para> 1360 </note> 1361 1362 </para> 1363 1364 <para>A GEOM Based Disk Encryption module has been added. It 1365 provides denial of access to <quote>cold disks</quote>, with 1366 four different cryptographic barriers and up to four 1367 changeable pass-phrases. Much more information can be found 1368 in the &man.gbde.4; manual page. The &man.gbde.8; userland 1369 utility provides an operation and management interface to this 1370 module. This feature is not enabled by default; it requires 1371 <literal>options GEOM_BDE</literal> to be added to a kernel 1372 configuration file. 1373 1374 <note> 1375 <para>This feature should be considered experimental.</para> 1376 </note> 1377 1378 </para> 1379 1380 <para role="historic">The &man.ida.4; disk driver now has crashdump 1381 support. &merged;</para> 1382 1383 <para arch="i386" role="historic">The &man.iir.4; driver has been added to support the 1384 Intel Integrated RAID controllers, as well as prior ICP Vortex 1385 controllers.</para> 1386 1387 <para arch="alpha" role="historic">A bug that made certain CDROM drives fail to 1388 attach when connected to a SCSI card driven by &man.isp.4; has 1389 been fixed. &merged;</para> 1390 1391 <para>The &man.isp.4; driver is now proactive about discovering 1392 Fibre Channel topology changes.</para> 1393 1394 <para>The &man.isp.4; driver now supports target mode for Qlogic 1395 SCSI cards, including Ultra2 and Ultra3 and dual bus 1396 cards.</para> 1397 1398 <para role="historic">The &man.isp.4; driver now supports the Qlogic 2300 and 1399 2312 Optical Fibre Channel PCI cards. &merged;</para> 1400 1401 <para arch="i386,pc98">The &man.matcd.4; driver has been removed 1402 due to breakage and licensing issues. &merged;</para> 1403 1404 <para>&man.md.4;, the memory disk device, has had the 1405 functionality of &man.vn.4; incorporated into it. &man.md.4; 1406 devices can now be configured by &man.mdconfig.8;. &man.vn.4; 1407 has been removed. The Memory Filesystem (MFS) has also been 1408 removed.</para> 1409 1410 <para arch="i386,alpha,pc98,sparc64">The mpt driver, for 1411 supporting the LSI Logic Fusion/MP architecture Fiber Channel 1412 controllers, has been added. &merged;</para> 1413 1414 <para arch="i386" role="historic">The &man.mly.4; driver, for Mylex PCI to SCSI 1415 AccelRAID and eXtremeRAID controllers with firmware 6.X and 1416 later, has been added. &merged;</para> 1417 1418 <para arch="i386,pc98" role="historic">The ncv, nsp, and stg drivers have been ported 1419 from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja 1420 SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers. 1421 All three drivers can be built and loaded as 1422 modules. &merged;</para> 1423 1424 <para arch="powerpc">The ofw driver, a basic OpenFirmware disk 1425 driver, has been added.</para> 1426 1427 <para arch="i386">The &man.pst.4; driver, for supporting Promise 1428 SuperTrak ATA RAID controllers, has been 1429 added. &merged;</para> 1430 1431 <para>The RAIDframe disk driver has been imported from NetBSD. 1432 This driver provides software-based RAID 0, 1, 4, and 5 1433 capabilities, as well as other functionality. More 1434 information can be found in the &man.raid.4; driver manual 1435 page. The &man.raidctl.8; utility is used to configure and 1436 unconfigure disk arrays. This feature is not enabled by 1437 default, and requires <literal>device raidframe</literal> to 1438 be configured into a kernel. 1439 1440 <note> 1441 <para>This feature should be considered experimental.</para> 1442 </note> 1443 1444 </para> 1445 1446 <para>Some problems in &man.sa.4; error handling have been 1447 fixed, including the <quote>tape drive spinning indefinitely 1448 upon &man.mt.1; <option>stat</option></quote> problem.</para> 1449 1450 <para>The <varname>SCSI_DELAY</varname> configuration parameter 1451 can now be set at boot time and runtime via the 1452 <varname>kern.cam.scsi_delay</varname> tunable/sysctl.</para> 1453 1454 <para>The &man.trm.4; driver has been added to support SCSI adapters 1455 using the Tekram TRM-S1040 SCSI chipset. &merged;</para> 1456 1457 <para arch="i386" role="historic">The &man.twe.4; 3ware ATA RAID driver has 1458 added. &merged;</para> 1459 1460 <para role="historic">The &man.wd.4; compatibility devices were removed from the 1461 &man.ata.4; driver. &merged;</para> 1462 </sect3> 1463 1464 <sect3> 1465 <title>Filesystems</title> 1466 1467 <para>Support for named extended attributes has been added to the 1468 &os; kernel. This allows the kernel, and appropriately 1469 privileged userland processes, to tag files and directories 1470 with attribute data. Extended attributes were added to 1471 support the TrustedBSD Project, in particular ACLs, capability 1472 data, and mandatory access control labels (see 1473 <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for 1474 details).</para> 1475 1476 <para role="historic">Due to a licensing change, Soft Updates have been 1477 integrated into the main portion of the kernel source tree. 1478 As a consequence, Soft Updates are now available with the 1479 <filename>GENERIC</filename> kernel. &merged;</para> 1480 1481 <para>A filesystem snapshot capability has been added to FFS. 1482 Details can be found in 1483 <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> 1484 1485 <para>When running with Soft Updates, &man.statfs.2; and 1486 &man.df.1; will track the number of blocks and files that are 1487 committed to being freed.</para> 1488 1489 <para role="historic">A bug in FFS that could cause superblock corruption on 1490 very large filesystems has been corrected. &merged;</para> 1491 1492 <para role="historic">The ISO-9660 filesystem now has a hook that supports a 1493 loadable character conversion routine. The 1494 <filename role="package">sysutils/cd9660_unicode</filename> 1495 port contains a set of common conversions. &merged;</para> 1496 1497 <para>&man.kernfs.5; is obsolete and has been retired.</para> 1498 1499 <para role="historic">A bug in the NFS client that caused bogus access times with 1500 <literal>O_EXCL|O_CREAT</literal> opens was 1501 fixed. &merged;</para> 1502 1503 <para role="historic">A new NFS hash function (based on the Fowler/Noll/Vo hash 1504 algorithm) has been implemented to improve NFS performance by 1505 increasing the efficiency of the <varname>nfsnode</varname> 1506 hash tables. &merged;</para> 1507 1508 <para>Client-side NFS locks have been implemented.</para> 1509 1510 <para>The client-side and server-side of the NFS code in the 1511 kernel used to be intertwined in various complex ways. They 1512 have been split apart for ease of maintenance and further 1513 development.</para> 1514 1515 <para>Support for filesystem Access Control Lists (ACLs) has 1516 been introduced, allowing more fine-grained control of 1517 discretionary access control on files and directories. This 1518 support was integrated from the TrustedBSD Project. More 1519 details can be found in 1520 <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para> 1521 1522 <para role="historic">The directory layout preference algorithm for FFS 1523 (<literal>dirprefs</literal>) has been changed. Rather than 1524 scattering directory blocks across a disk, it attempts to 1525 group related directory blocks together. Operations 1526 traversing large directory hierarchies, such as the &os; Ports 1527 tree, have shown marked speedups. This change is transparent 1528 and automatic for new directories. &merged;</para> 1529 1530 <para arch="i386,pc98" role="historic">smbfs (CIFS) support in kernel has been added. 1531 The userland programs &man.smbutil.1; and &man.mount.smbfs.8; 1532 can be used to work with SMB shares. Note that 1533 &man.mount.smbfs.8; will automatically load the 1534 <filename>smbfs.ko</filename> module into the kernel, even if 1535 <literal>LIBMCHAIN</literal> and 1536 <literal>LIBICONV</literal> were not compiled into the kernel. 1537 &merged;</para> 1538 1539 <para>For consistency, the fdesc, fifo, null, msdos, portal, 1540 umap, and union filesystems have been renamed to fdescfs, 1541 fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where 1542 applicable, modules and mount_* programs have been renamed. 1543 Compatibility <quote>glue</quote> has been added to 1544 &man.mount.8; so that <literal>msdos</literal> filesystem 1545 entries in &man.fstab.5; will work without changes.</para> 1546 1547 <para>pseudofs, a pseudo-filesystem framework, has been added. 1548 &man.linprocfs.5; and &man.procfs.5; have been modified to use 1549 pseudofs.</para> 1550 1551 <para role="historic">A simple hash-based lookup optimization for large 1552 directories called <literal>dirhash</literal> has been added. 1553 Conditional on the 1554 <literal>UFS_DIRHASH</literal> kernel option (enabled by 1555 default in the <filename>GENERIC</filename> kernel), it 1556 improves the speed of operations on very large directories at 1557 the expense of some memory. &merged;</para> 1558 1559 <para role="historic">The virtual memory subsystem now backs UFS directory 1560 memory requirements by default (this behavior is controlled 1561 via the <varname>vfs.vmiodirenable</varname> sysctl 1562 variable). &merged;</para> 1563 1564 <para role="historic">A bug that prevented the root filesystem from being 1565 mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were 1566 always supported). &merged;</para> 1567 1568 <para role="historic">A number of bugs in the filesystem code, discovered 1569 through the use of the <application>fsx</application> 1570 filesystem test tool, have been fixed. Under certain 1571 circumstances (primarily related to use of NFS), these bugs 1572 could cause data corruption or kernel panics. &merged;</para> 1573 1574 <para>Network filesystems (such as NFS and smbfs filesystems) 1575 listed in <filename>/etc/fstab</filename> can now be properly 1576 mounted during startup initialization; their mounts are 1577 deferred until after the network is initialized.</para> 1578 1579 <para>Read-only support for the Universal Disk Format (UDF) has 1580 been added. This format is used on packet-written CD-RWs and 1581 most commercial DVD-Video disks. The &man.mount.udf.8; 1582 command can be used to mount these disks.</para> 1583 1584 <para>Basic support has been added for the UFS2 filesystem. 1585 Among the new features of UFS2: 1586 1587 <itemizedlist> 1588 <listitem> 1589 <para>The inode has been expanded to 256 bytes to make 1590 space for 64-bit block pointers.</para> 1591 </listitem> 1592 1593 <listitem> 1594 <para>A file-creation time field has been added.</para> 1595 </listitem> 1596 1597 <listitem> 1598 <para>A native extended attributes implementation has been 1599 added, permitting total attribute size stored on an inode 1600 to be up to twice the filesystem block size. This storage 1601 is used for Access Control Lists and MAC labels, but may 1602 also be used by other system extensions and user 1603 applications.</para> 1604 </listitem> 1605 </itemizedlist> 1606 1607 UFS1 remains the default on-disk format, although UFS2 can be 1608 selected as an option in &man.newfs.8; or via the partitioning 1609 screen in &man.sysinstall.8;. 64-bit platforms can boot from 1610 UFS2 root filesystems.</para> 1611 1612 <para>To support new features mentioned in this section, minor 1613 changes have been made to the format of the UFS1 superblock. 1614 These changes may create some compatability problems when a 1615 system older than &os; 4.7-RELEASE attempts to &man.mount.8; 1616 or &man.fsck.8; a local UFS1 filesystem created by &os; 1617 &release.current; or later. &os; 4.7-RELEASE and later are 1618 fully compatible. This situation typically arises on a 1619 dual-boot machine with multiple versions of &os; 1620 installed.</para> 1621 1622 </sect3> 1623 1624 <sect3> 1625 <title>PCCARD Support</title> 1626 1627 <para arch="i386,pc98" role="historic">The pccard driver and &man.pccardc.8; now 1628 support multiple <quote>beep types</quote> upon card insertion 1629 and removal. &merged;</para> 1630 1631 <para role="historic">On many modern hosts, PCCARD devices can be configured to 1632 route their interrupts via either the ISA or PCI interrupt 1633 paths. The &man.pcic.4; driver has been updated to support 1634 both interrupt paths (formerly, only routing via ISA was 1635 supported). &merged; In most cases, configuration of PCMCIA 1636 devices in laptops is simpler and more flexible. In addition, 1637 various Cardbus bridge PCI cards (such as those used by 1638 Orinoco PCI NICs) are now supported. Some hosts may 1639 experience problems, such as hangs or panics, with PCI 1640 interrupt routing; they can frequently be made to work by 1641 forcing the older-style ISA interrupt routing. The following 1642 lines, placed in <filename>/boot/loader.conf</filename>, may 1643 fix the problem:</para> 1644 1645 <programlisting role="historic">hw.pcic.intr_path="1" 1646 hw.pcic.irq="0"</programlisting> 1647 1648 <para role="historic">When installing &os; on such a system, typing the 1649 following lines to the boot loader may be helpful in starting 1650 up &os; for the first time:<para> 1651 1652 <screen role="historic"><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput> 1653<prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen> 1654 1655 <para arch="i386">Preliminary CardBus support with NEWCARD has 1656 been added. This code supports both 32-bit and 16-bit cards. 1657 All CardBus bridges are supported, as well as the TI-1030 1658 PCMCIA-PCI bridge. Other PCMCIA-PCI bridges and ISA bridges 1659 aren't supported yet.</para> 1660 1661 <para arch="i386">NEWCARD is now the default PCCARD/CardBus 1662 system in the <filename>GENERIC</filename> kernel.</para> 1663 1664 </sect3> 1665 1666 <sect3> 1667 <title>Multimedia Support</title> 1668 1669 <para arch="i386" role="historic">The &man.pcm.4; driver now supports the ESS 1670 Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media 1671 fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound 1672 card/chipsets, and has received some other updates. Separate 1673 drivers for the SoundBlaster 8 and SoundBlaster 16 now replace 1674 an older, unified driver. A driver for the CMedia 1675 CMI8338/CMI8738 sound chips has been added. A driver for the 1676 CS4281 sound chip has been added. A driver for the S3 1677 SonicVibes chipset has been added. &merged;</para> 1678 1679 <para arch="i386" role="historic">A driver for the Avance Logic ALS4000 has been 1680 added. &merged;</para> 1681 1682 <para arch="i386" role="historic">A driver for the ESS Maestro-3/Allegro has 1683 been added, however due to licensing restrictions, it cannot 1684 be compiled into the kernel. &merged; To use this driver, add 1685 the following line to 1686 <filename>/boot/loader.conf</filename>:</para> 1687 1688 <programlisting role="historic">snd_maestro3_load="YES"</programlisting> 1689 1690 <para arch="i386">The VT8233 audio controller now has its own 1691 driver to facilitate supporting all known revisions of the 1692 hardware. It is loadable at boot time by adding 1693 <literal>device pcm</literal> to the kernel configuration or 1694 by adding <literal>snd_via8233="YES"</literal> to 1695 <filename>/boot/loader.conf</filename>. Documentation to 1696 support this work was provided by VIA. &merged;</para> 1697 1698 <para role="historic">The &man.bktr.4; driver has been updated to 2.18. This 1699 update provides a number of new features. New tuner types 1700 have been added, and improvements to the KLD module and to 1701 memory allocation have been made. Bugs in &man.devfs.5; when 1702 unloading and reloading have been fixed. Support for new 1703 Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux) 1704 has been added. &merged;</para> 1705 1706 <para arch="i386,pc98" role="historic">The ufm driver, supporting the D-Link DSB-R100 1707 USB Radio, has been added. &merged;</para> 1708 1709 <para role="historic">When sound modules are built, one can now load all the 1710 drivers and infrastructure by <command>kldload 1711 snd</command>. &merged;</para> 1712 1713 <para>A new API has been added for sound cards with hardware 1714 volume control.</para> 1715 1716 <para arch="i386" role="historic">A driver for the Intel 443MX, 810, 815, and 1717 815E integrated sound devices has been added. &merged;</para> 1718 1719 <para arch="i386" role="historic">The via82c686 sound driver now supports the VIA 1720 VT8233. &merged;</para> 1721 1722 <para arch="i386" role="historic">The ich sound driver now support the SiS 1723 7012 chipset. &merged;</para> 1724 1725 <para arch="i386">The ich sound driver now provides rudimentary 1726 support for ich4 audio support. &merged;</para> 1727 1728 <para arch="i386">Drivers have been added to support the Direct 1729 Rendering Infrastructure, which can used to provide 3D 1730 acceleration within <application>XFree86</application>. Video 1731 cards supported include the 3Dlabs Oxygen GMX 2000 (gammadrm), 1732 AGP Matrox G200/G400/G450/G550 (mgadrm), 3dfx Voodoo 1733 3/4/5/Banshee (tdfxdrm), AGI ATI Rage 128 (r128drm), and AGP 1734 ATI Radeon (radeondrm).</para> 1735 1736 </sect3> 1737 1738 <sect3> 1739 <title>Contributed Software</title> 1740 1741 <para>The Forth Inspired Command Language 1742 (<application>FICL</application>) used in the boot loader has 1743 been updated to 3.02.</para> 1744 1745 <para>Support for Advanced Configuration and Power Interface 1746 (ACPI), a multi-vendor standard for configuration and power 1747 management, has been added. This functionality has been 1748 provided by the <application>Intel ACPI Component 1749 Architecture</application> project, as of the ACPI CA 20021118 1750 snapshot. Some backward compatability for applications using 1751 the older APM standard has been provided.</para> 1752 1753 <sect4> 1754 <title>IPFilter</title> 1755 1756 <para><application>IPFilter</application> has been updated to 1757 3.4.29. &merged;</para> 1758 1759 <para role="historic"><application>IPFilter</application> now supports 1760 IPv6. &merged;</para> 1761 1762 </sect4> 1763 1764 <sect4 arch="i386"> 1765 <title>isdn4bsd</title> 1766 1767 <para><application>isdn4bsd</application> has been updated to 1768 version 1.0.2.</para> 1769 1770 <para role="historic">The &man.ifpi.4; driver for supporting the AVM 1771 Fritz!Card PCI controller has been added. &merged;</para> 1772 1773 <para role="historic">The &man.ifpi2.4; driver for supporting the AVM 1774 Fritz!Card PCI version 2 controller has been added. &merged;</para> 1775 1776 <para role="historic">The &man.ihfc.4; driver for supporting Cologne Chip 1777 Designs HFC devices under 1778 <application>isdn4bsd</application> has been 1779 added. &merged;</para> 1780 1781 <para role="historic">The &man.itjc.4; driver for supporting NETjet-S / Teles 1782 PCI-TJ devices under <application>isdn4bsd</application> has 1783 been added. &merged;</para> 1784 1785 <para role="historic">Experimental support for the Eicon.Diehl DIVA 2.0 and 1786 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; 1787 <application>isdn4bsd</application> driver. &merged;</para> 1788 1789 <para role="historic">The &man.isic.4; driver now supports the Compaq Microcom 1790 610 ISDN ISA PnP card. &merged;</para> 1791 1792 <para role="historic">Active CAPI-based ISDN cards manufactured by AVM are now 1793 supported using the &man.i4bcapi.4; and the &man.iavc.4; 1794 driver. The supported cards are the AVM B1 PCI and AVM B1 1795 ISA Basic Rate cards and the AVM T1 Primary Rate 1796 cards. &merged;</para> 1797 1798 <para role="historic">A new <literal>maxconnecttime</literal> keyword is now 1799 accepted in &man.isdnd.rc.5; files to limit the time a 1800 connection may remain open. &merged;</para> 1801 1802 <para role="historic">&man.isdnphone.8; now supports a <option>-k</option> 1803 option for sending messages via the keypad facility to a PBX 1804 or exchange office. &merged;</para> 1805 1806 <para><application>isdn4bsd</application> now supports Q.931 1807 subaddressing.</para> 1808 1809 </sect4> 1810 1811 <sect4 id="kame-kernel"> 1812 <title>KAME</title> 1813 1814 <para role="historic">The IPv6 stack is now based on a snapshot based on the 1815 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of 1816 the items listed in this section are a result of this 1817 import. <xref linkend="kame-userland"> lists userland 1818 updates to the KAME IPv6 stack. &merged;</para> 1819 1820 <para role="historic">&man.gif.4; is now based on RFC 2893, rather than RFC 1821 1933. The <literal>IFF_LINK2</literal> interface flag can 1822 be used to control ingress filtering. &merged;</para> 1823 1824 <para role="historic"><application>IPsec</application> has received some 1825 enhancements, including the ability to use the Rijndael and 1826 SHA2 algorithms. IPsec RC5 support has been removed due to 1827 patent issues. &merged;</para> 1828 1829 <para role="historic">&man.stf.4; now conforms to RFC 3056; the 1830 <literal>IFF_LINK2</literal> interface flag can be used to 1831 control ingress filtering. &merged;</para> 1832 1833 <para role="historic">IPv6 has better checking of illegal addresses (such as 1834 loopback addresses) on physical networks. &merged;</para> 1835 1836 <para role="historic">The <varname>IPV6_V6ONLY</varname> socket option is now 1837 completely supported. The kernel's default behavior with 1838 respect to this option is controlled by the 1839 <varname>net.inet6.ip6.v6only</varname> sysctl 1840 variable. &merged;</para> 1841 1842 <para role="historic">RFC 3041 (Privacy Extensions for Stateless Address 1843 Autoconfiguration) is now supported. It can be enabled via 1844 the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl 1845 variable. &merged;</para> 1846 </sect4> 1847 </sect3> 1848 </sect2> 1849 1850 <sect2 id="security"> 1851 <title>Security-Related Changes</title> 1852 1853 <para role="historic">&man.sysinstall.8; now allows the user to select one of two 1854 <quote>security profiles</quote> at install-time. These 1855 profiles enable different levels of system security by enabling 1856 or disabling various system services in &man.rc.conf.5; on new 1857 installs. &merged;</para> 1858 1859 <para role="historic">A bug in which malformed ELF executable images can hang the 1860 system has been fixed (see security advisory 1861 FreeBSD-SA-00:41). &merged;</para> 1862 1863 <para role="historic">A security hole in Linux emulation was fixed (see security 1864 advisory FreeBSD-SA-00:42). &merged;</para> 1865 1866 <para role="historic">String-handling library calls in many programs were fixed to 1867 reduce the possibility of buffer overflow-related exploits. 1868 &merged;</para> 1869 1870 <para role="historic">TCP now uses stronger randomness in choosing its initial 1871 sequence numbers (see security advisory 1872 FreeBSD-SA-00:52). &merged;</para> 1873 1874 <para role="historic">Several buffer overflows in &man.tcpdump.1; were corrected 1875 (see security advisory FreeBSD-SA-00:61). &merged;</para> 1876 1877 <para role="historic">A security hole in &man.top.1; was corrected (see security 1878 advisory FreeBSD-SA-00:62). &merged;</para> 1879 1880 <para role="historic">A potential security hole caused by an off-by-one-error in 1881 &man.gethostbyname.3; has been fixed (see security advisory 1882 FreeBSD-SA-00:63). &merged;</para> 1883 1884 <para role="historic">A potential buffer overflow in the &man.ncurses.3; library, 1885 which could cause arbitrary code to be run from within 1886 &man.systat.1;, has been corrected (see security advisory 1887 FreeBSD-SA-00:68). &merged;</para> 1888 1889 <para role="historic">A vulnerability in &man.telnetd.8; that could cause it to 1890 consume large amounts of server resources has been fixed (see 1891 security advisory FreeBSD-SA-00:69). &merged;</para> 1892 1893 <para role="historic">The <literal>nat deny_incoming</literal> command in 1894 &man.ppp.8; now works correctly (see security advisory 1895 FreeBSD-SA-00:70). &merged;</para> 1896 1897 <para role="historic">A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files 1898 that could allow overwriting of arbitrary user-writable files 1899 has been closed (see security advisory 1900 FreeBSD-SA-00:76). &merged;</para> 1901 1902 <para role="historic">The &man.ssh.1; binary is no longer SUID root by 1903 default. &merged;</para> 1904 1905 <para role="historic">Some fixes were applied to the Kerberos IV implementation 1906 related to environment variables, a possible buffer overrun, and 1907 overwriting ticket files. &merged;</para> 1908 1909 <para role="historic">&man.telnet.1; now does a better job of sanitizing its 1910 environment. &merged;</para> 1911 1912 <para role="historic">Several vulnerabilities in &man.procfs.5; were fixed (see 1913 security advisory FreeBSD-SA-00:77). &merged;</para> 1914 1915 <para role="historic">A bug in <application>OpenSSH</application> in which a 1916 server was unable to disable &man.ssh-agent.1; or 1917 <literal>X11Forwarding</literal> was fixed (see security 1918 advisory FreeBSD-SA-01:01). &merged;</para> 1919 1920 <para role="historic">A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP 1921 segments could incorrectly be treated as being part of an 1922 <literal>established</literal> connection has been fixed (see 1923 security advisory FreeBSD-SA-01:08). &merged;</para> 1924 1925 <para role="historic">A bug in &man.crontab.1; that could allow users to read any 1926 file on the system in valid &man.crontab.5; syntax has been 1927 fixed (see security advisory FreeBSD-SA-01:09). &merged;</para> 1928 1929 <para role="historic">A vulnerability in &man.inetd.8; that could allow 1930 read-access to the initial 16 bytes of 1931 <groupname>wheel</groupname>-accessible files has been fixed 1932 (see security advisory FreeBSD-SA-01:11). &merged;</para> 1933 1934 <para role="historic">A bug in &man.periodic.8; that used insecure temporary files 1935 has been corrected (see security advisory 1936 FreeBSD-SA-01:12). &merged;</para> 1937 1938 <para role="historic"><application>OpenSSH</application> now has code to prevent 1939 (instead of just mitigating through connection limits) an attack 1940 that can lead to guessing the server key (not host key) by 1941 regenerating the server key when an RSA failure is detected (see 1942 security advisory FreeBSD-SA-01:24). &merged;</para> 1943 1944 <para role="historic">A number of programs have had output formatting strings 1945 corrected so as to reduce the risk of 1946 vulnerabilities. &merged;</para> 1947 1948 <para role="historic">A number of programs that use temporary files now do so more 1949 securely. &merged;</para> 1950 1951 <para role="historic">A bug in ICMP that could cause an attacker to disrupt TCP and UDP 1952 <quote>sessions</quote> has been corrected. &merged;</para> 1953 1954 <para role="historic">A bug in &man.timed.8;, which caused it to crash if send 1955 certain malformed packets, has been corrected (see security 1956 advisory FreeBSD-SA-01:28). &merged;</para> 1957 1958 <para role="historic">A bug in &man.rwhod.8;, which caused it to crash if send 1959 certain malformed packets, has been corrected (see security 1960 advisory FreeBSD-SA-01:29). &merged;</para> 1961 1962 <para role="historic">A security hole in &os;'s FFS and EXT2FS implementations, 1963 which allowed a race condition that could cause users to have 1964 unauthorized access to data, has been fixed (see security 1965 advisory FreeBSD-SA-01:30). &merged;</para> 1966 1967 <para role="historic">A remotely-exploitable vulnerability in &man.ntpd.8; has 1968 been closed (see security advisory 1969 FreeBSD-SA-01:31). &merged;</para> 1970 1971 <para role="historic">A security hole in <application>IPFilter</application>'s 1972 fragment cache has been closed (see security advisory 1973 FreeBSD-SA-01:32). &merged;</para> 1974 1975 <para role="historic">Buffer overflows in &man.glob.3;, which could cause 1976 arbitrary code to be run on an FTP server, have been closed. In 1977 addition, to prevent some forms of DOS attacks, &man.glob.3; 1978 allows specification of a limit on the number of pathname 1979 matches it will return. &man.ftpd.8; now uses this feature (see 1980 security advisory FreeBSD-SA-01:33). &merged;</para> 1981 1982 <para role="historic">Initial sequence numbers in TCP are more thoroughly 1983 randomized (see security advisory FreeBSD-SA-01:39). Due to 1984 some possible compatibility issues, the behavior of this 1985 security fix can be enabled or disabled via the 1986 <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl 1987 variable.&merged;</para> 1988 1989 <para role="historic">A vulnerability in the &man.fts.3; routines (used by 1990 applications for recursively traversing a filesystem) could 1991 allow a program to operate on files outside the intended 1992 directory hierarchy. This bug has been fixed (see security 1993 advisory FreeBSD-SA-01:40). &merged;</para> 1994 1995 <para role="historic"><application>OpenSSH</application> now switches to the 1996 user's UID before attempting to unlink the authentication 1997 forwarding file, nullifying the effects of a race.</para> 1998 1999 <para role="historic">A flaw allowed some signal handlers to remain in effect in a 2000 child process after being exec-ed from its parent. This allowed 2001 an attacker to execute arbitrary code in the context of a setuid 2002 binary. This flaw has been corrected (see security advisory 2003 FreeBSD-SA-01:42). &merged;</para> 2004 2005 <para role="historic">A remote buffer overflow in &man.tcpdump.1; has been fixed 2006 (see security advisory FreeBSD-SA-01:48). &merged;</para> 2007 2008 <para role="historic">A remote buffer overflow in &man.telnetd.8; has been fixed 2009 (see security advisory FreeBSD-SA-01:49). &merged;</para> 2010 2011 <para role="historic">The new <varname>net.inet.ip.maxfragpackets</varname> and 2012 <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables 2013 limit the amount of memory that can be consumed by IPv4 and IPv6 2014 packet fragments, which defends against some denial of service 2015 attacks (see security advisory 2016 FreeBSD-SA-01:52). &merged;</para> 2017 2018 <para role="historic">All services in <filename>inetd.conf</filename> are now 2019 disabled by default for new installations. &man.sysinstall.8; 2020 gives the option of enabling or disabling &man.inetd.8; on new 2021 installations, as well as editing 2022 <filename>inetd.conf</filename>. &merged;</para> 2023 2024 <para role="historic">A flaw in the implementation of the &man.ipfw.8; 2025 <literal>me</literal> rules on point-to-point links has been 2026 corrected. Formerly, <literal>me</literal> filter rules would 2027 match the remote IP address of a point-to-point interface in 2028 addition to the intended local IP address (see security advisory 2029 FreeBSD-SA-01:53). &merged;</para> 2030 2031 <para role="historic">A vulnerability in &man.procfs.5;, which could allow a 2032 process to read sensitive information from another process's 2033 memory space, has been closed (see security advisory 2034 FreeBSD-SA-01:55). &merged;</para> 2035 2036 <para role="historic">The <literal>PARANOID</literal> hostname checking in 2037 <application>tcp_wrappers</application> now works as advertised 2038 (see security advisory FreeBSD-SA-01:56). &merged;</para> 2039 2040 <para role="historic">A local root exploit in &man.sendmail.8; has been closed 2041 (see security advisory FreeBSD-SA-01:57). &merged;</para> 2042 2043 <para role="historic">A remote root vulnerability in &man.lpd.8; has been closed 2044 (see security advisory FreeBSD-SA-01:58). &merged;</para> 2045 2046 <para role="historic">A race condition in &man.rmuser.8; that briefly exposed a 2047 world-readable <filename>/etc/master.passwd</filename> has been 2048 fixed (see security advisory FreeBSD-SA-01:59). &merged;</para> 2049 2050 <para role="historic">A vulnerability in <application>UUCP</application> has been 2051 closed (see security advisory FreeBSD-SA-01:62). All 2052 non-<username>root</username>-owned binaries in standard system 2053 paths now have the <literal>schg</literal> flag set to prevent 2054 exploit vectors when run by &man.cron.8;, by 2055 <username>root</username>, or by a user other then the one owning 2056 the binary. In addition, &man.uustat.1; is now run via 2057 <filename>/etc/periodic/daily/410.status-uucp</filename> as 2058 <username>uucp</username>, not <username>root</username>. In 2059 &os; -CURRENT, <application>UUCP</application> has since been 2060 moved to the Ports Collection and no longer a part of the base 2061 system. &merged;</para> 2062 2063 <para role="historic">A security hole in the form of a buffer overflow in the 2064 &man.semop.2; system call has been closed. &merged;</para> 2065 2066 <para role="historic">A security hole in <application>OpenSSH</application>, which 2067 could allow users to execute code with arbitrary privileges if 2068 <literal>UseLogin yes</literal> was set, has been closed. Note 2069 that the default value of this setting is 2070 <literal>UseLogin no</literal>. (See security advisory 2071 FreeBSD-SA-01:63.) &merged;</para> 2072 2073 <para role="historic">The use of an insecure temporary directory by 2074 &man.pkg.add.1; could permit a local attacker to modify the 2075 contents of binary packages while they were being installed. 2076 This hole has been closed. (See security advisory 2077 FreeBSD-SA-02:01.) &merged;</para> 2078 2079 <para role="historic">A race condition in &man.pw.8;, which could expose the 2080 contents of <filename>/etc/master.passwd</filename>, has been 2081 eliminated. (See security advisory FreeBSD-SA-02:02.) 2082 &merged;</para> 2083 2084 <para role="historic">A bug in &man.k5su.8; could have allowed a process that had 2085 given up superuser privileges to regain them. This bug has been 2086 fixed. (See security advisory FreeBSD-SA-02:07.) 2087 &merged;</para> 2088 2089 <para role="historic">An <quote>off-by-one</quote> bug has been fixed in 2090 <application>OpenSSH</application>'s multiplexing code. This bug 2091 could have allowed an authenticated remote user to cause 2092 &man.sshd.8; to execute arbitrary code with superuser 2093 privileges, or allowed a malicious SSH server to execute arbitrary 2094 code on the client system with the privileges of the client user. (See security 2095 advisory FreeBSD-SA-02:13.) 2096 &merged;</para> 2097 2098 <para role="historic">A programming error in <application>zlib</application> could 2099 result in attempts to free memory multiple times. The 2100 &man.malloc.3;/&man.free.3; routines used in &os; are not 2101 vulnerable to this error, but applications receiving 2102 specially-crafted blocks of invalid compressed data could 2103 be made to function incorrectly or abort. This 2104 <application>zlib</application> bug has been fixed. For a 2105 workaround and solutions, see security advisory FreeBSD-SA-02:18. 2106 &merged;</para> 2107 2108 <para role="historic">Bugs in the TCP SYN cache (<quote>syncache</quote>) and SYN 2109 cookie (<quote>syncookie</quote>) implementations, which could 2110 cause legitimate TCP/IP traffic to crash a machine, have been 2111 fixed. For a workaround and patches, see security advisory 2112 FreeBSD-SA-02:20. 2113 &merged;</para> 2114 2115 <para role="historic">A routing table memory leak, which could allow a remote 2116 attacker to exhaust the memory of a target machine, has been 2117 fixed. A workaround and patches can be found in security 2118 advisory FreeBSD-SA-02:21. 2119 &merged;</para> 2120 2121 <para role="historic">A bug with memory-mapped I/O, which could cause a system 2122 crash, has been fixed. For more information about a solution, 2123 see security advisory 2124 FreeBSD-SA-02:22. 2125 &merged;</para> 2126 2127 <para role="historic">A security hole, in which SUID programs could be made to 2128 read from or write to inappropriate files through manipulation 2129 of their standard I/O file descriptors, has been fixed. 2130 Information regarding a solution can be found in security 2131 advisory 2132 FreeBSD-SA-02:23. 2133 &merged;</para> 2134 2135 <para role="historic">Some unexpected behavior could be allowed with &man.k5su.8; 2136 because it does not require that an invoking user be a member of 2137 the <groupname>wheel</groupname> group when attempting to become 2138 the superuser (this is the case with &man.su.1;). To avoid this 2139 situation, &man.k5su.8; is now installed non-SUID by default 2140 (effectively disabling it). More information can be found in 2141 security advisory 2142 FreeBSD-SA-02:24. 2143 &merged;</para> 2144 2145 <para role="historic">Multiple vulnerabilities were found in the &man.bzip2.1; 2146 utility, which could allow files to be overwritten without 2147 warning or allow local users unintended access to files. These 2148 problems have been corrected with a new import of 2149 <application>bzip2</application>. For more information, see 2150 security advisory 2151 FreeBSD-SA-02:25. 2152 &merged;</para> 2153 2154 <para role="historic">A bug has been fixed in the implementation of the TCP SYN 2155 cache (<quote>syncache</quote>), which could allow a remote 2156 attacker to deny access to a service when accept filters 2157 (see &man.accept.filter.9;) were in use. This bug has been 2158 fixed; for more information, see security advisory 2159 FreeBSD-SA-02:26. 2160 &merged;</para> 2161 2162 <para role="historic">Due to a bug in &man.rc.8;'s use of shell globbing, users 2163 may be able to remove the contents of arbitrary files if 2164 <filename>/tmp/.X11-unix</filename> does not exist and the 2165 system can be made to reboot. This bug has been corrected (see 2166 security advisory 2167 FreeBSD-SA-02:27. 2168 &merged;</para> 2169 2170 <para>A buffer overflow in the resolver, which could be exploited 2171 by a malicious domain name server or an attacker forging DNS 2172 messages, has been fixed. See security advisory <ulink 2173 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:28.resolv.asc">FreeBSD-SA-02:28</ulink> 2174 for more details. &merged;</para> 2175 2176 <para>A buffer overflow in &man.tcpdump.1;, which could be triggered by 2177 badly-formed NFS packets, has been fixed. See security advisory 2178 <ulink 2179 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:29.tcpdump.asc">FreeBSD-SA-02:29</ulink> 2180 for more details. &merged;</para> 2181 2182 <para>&man.ktrace.1; can no longer trace the operation of formerly 2183 privileged processes; this prevents the leakage of sensitive 2184 information that the process could have obtained before 2185 abandoning its privileges. For a discussion of this issue, see 2186 security advisory 2187 <ulink 2188 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:30.ktrace.asc">FreeBSD-SA-02:30</ulink> 2189 for more details. &merged;</para> 2190 2191 <para>A race condition in &man.pppd.8;, which could be used to 2192 change the permissions of an arbitrary file, has been corrected. 2193 For more information, see security advisory <ulink 2194 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:32.pppd.asc">FreeBSD-SA-02:32</ulink>. 2195 &merged;</para> 2196 2197 <para>Multiple buffer overflows in 2198 <application>OpenSSL</application> have been corrected, by way 2199 of an upgrade to the base system version of 2200 <application>OpenSSL</application>. More details can be found 2201 in security advisory <ulink 2202 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc">FreeBSD-SA-02:33</ulink>. 2203 &merged;</para> 2204 2205 <para>A heap buffer overflow in the XDR decoder has been fixed. 2206 For more details, see security advisory <ulink 2207 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:34.rpc.asc">FreeBSD-SA-02:34</ulink>. 2208 &merged;</para> 2209 2210 <para>A bug that could allow local users to read and write 2211 arbitrary blocks on an FFS filesystem has been corrected. More 2212 details can be found in security advisory <ulink 2213 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:35.ffs.asc">FreeBSD-SA-02:35</ulink>. 2214 &merged;</para> 2215 2216 <para>A bug in the NFS server code, which could allow a remote 2217 denial of service attack, has been fixed. Security advisory <ulink 2218 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:36.nfs.asc">FreeBSD-SA-02:36</ulink> 2219 has more details. &merged;</para> 2220 2221 <para>A bug that could allow local users to panic a system using 2222 the &man.kqueue.2; mechanism has been fixed. More information 2223 is contained in security advisory <ulink 2224 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:37.kqueue.asc">FreeBSD-SA-02:37</ulink>. 2225 &merged;</para> 2226 2227 <para>Several bounds-checking bugs in system calls, which could 2228 result in some system calls returning a large portion of kernel 2229 memory, have been fixed. More information can be found in 2230 security advisory <ulink 2231 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:38.signed-error.asc">FreeBSD-SA-02:38</ulink>. 2232 &merged;</para> 2233 2234 <para>A bug that could allow applications using 2235 <filename>libkvm</filename> to leak sensitive file descriptors 2236 has been corrected. (See security advisory <ulink 2237 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc">FreeBSD-SA-02:39</ulink> 2238 for more details.) 2239 &merged;</para> 2240 2241 <para>Buffer overflows in kadmind(8) and k5admin have been 2242 corrected. More details can be found in security advisory <ulink 2243 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:40.kadmind.asc">FreeBSD-SA-02:40</ulink>. 2244 &merged;</para> 2245 2246 <para>Errors in &man.smrsh.8;, which could allow users to circumvent 2247 restrictions on what programs can be executed, have been fixed. 2248 See <ulink 2249 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:41.smrsh.asc">FreeBSD-SA-02:41</ulink> 2250 for details. 2251 &merged;</para> 2252 2253 <para>Buffer overflows in the DNS &man.resolver.3;, which could 2254 cause some applications to fail, have been corrected. More 2255 details are in <ulink 2256 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:42.resolv.asc">FreeBSD-SA-02:42</ulink>. 2257 &merged;</para> 2258 2259 <para>Multiple vulnerabilities in <application>BIND</application> 2260 have been fixed, as described in <ulink 2261 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:43.bind.asc">FreeBSD-SA-02:43</ulink>. 2262 &merged;</para> 2263 2264 <para>A file descriptor leak in the &man.fpathconf.2; system call, 2265 which could allow a local user to crash the system or 2266 cause a privilege escalation, has been fixed. More details can 2267 be found in security advisory <ulink 2268 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc">FreeBSD-SA-02:44</ulink>. 2269 &merged;</para> 2270 2271 </sect2> 2272 2273 <sect2 id="userland"> 2274 <title>Userland Changes</title> 2275 2276 <para>Support for creating &man.a.out.5; format executables with 2277 the base system compiler toolchain has been removed.</para> 2278 2279 <para>&man.adduser.8; and &man.rmuser.8; are now &man.sh.1; 2280 scripts, rather than Perl scripts.</para> 2281 2282 <para role="historic">If the first argument to &man.ancontrol.8; or 2283 &man.wicontrol.8; doesn't start with a <literal>-</literal>, it 2284 is assumed to be an interface. &merged;</para> 2285 2286 <para role="historic">&man.apmd.8; now has the ability to monitor battery levels 2287 and execute commands based on percentage or minutes of battery 2288 life remaining via the <literal>apm_battery</literal> 2289 configuration directive. See the commented-out examples in 2290 <filename>/etc/apmd.conf</filename> for the 2291 syntax. &merged;</para> 2292 2293 <para role="historic">&man.arp.8; now prints the applicable interface name for 2294 each ARP entry. &merged;</para> 2295 2296 <para>&man.arp.8; now prints <literal>[fddi]</literal> or 2297 <literal>[atm]</literal> tags for addresses on interfaces of 2298 those types.</para> 2299 2300 <para>The &man.asa.1; utility, to interpret FORTRAN 2301 carriage-control characters, has been added.</para> 2302 2303 <para>&man.at.1; now supports the <option>-r</option> command-line 2304 option to remove jobs and the <option>-t</option> option to 2305 specify times in POSIX time format.</para> 2306 2307 <para role="historic">&man.atacontrol.8; has been added to control various aspects 2308 of the &man.ata.4; driver. &merged;</para> 2309 2310 <para>The system &man.awk.1; now refers to 2311 <application>BWK awk</application>.</para> 2312 2313 <para>&man.basename.1; now accept <option>-a</option> and 2314 <option>-s</option> flags, which allow it to perform the 2315 &man.basename.3; function on multiple files.</para> 2316 2317 <para>&man.biff.1; now accepts a <option>b</option> argument to 2318 enable <quote>bell notification</quote> of new mail (which does 2319 not disturb the terminal contents as <command>biff y</command> 2320 would). &merged;</para> 2321 2322 <para>&man.biff.1; now uses the first terminal associated with the 2323 standard input, standard output or standard error file 2324 descriptor, in that order. Thus, it is possible to use the 2325 redirection facilities of a shell (<command>biff n < 2326 /dev/ttyp1</command>) to toggle the notification for other 2327 terminals.</para> 2328 2329 <para arch="pc98" role="historic">&man.boot98cfg.8;, a PC-98 boot manager 2330 installation and configuration utility, has been 2331 added. &merged;</para> 2332 2333 <para role="historic">&man.burncd.8; now supports a <option>-m</option> option for 2334 multisession mode (the default behavior now is to close disks as 2335 single-session). A <option>-l</option> option to take a list of 2336 image files from a filename was also added; 2337 <filename>-</filename> can be used as a filename for 2338 <literal>stdin</literal>. &merged;</para> 2339 2340 <para>&man.burncd.8; now supports Disk At Once (DAO) mode, 2341 selectable via the <option>-d</option> flag. &merged;</para> 2342 2343 <para>&man.burncd.8; now has the ability to write VCDs/SVCDs. &merged;</para> 2344 2345 <para>&man.burncd.8; now accepts a value of <literal>max</literal> 2346 for its <option>-s</option> option to set the drive's maximum 2347 write speed. &merged;</para> 2348 2349 <para>&man.bzgrep.1;, &man.bzegrep.1;, and &man.bzfgrep.1; 2350 have been added to perform &man.grep.1;-type operations on 2351 &man.bzip2.1;-compressed files.</para> 2352 2353 <para role="historic">&man.c89.1; has been converted from a shell script to a 2354 binary executable, fixing some minor bugs. &merged;</para> 2355 2356 <para>&man.calendar.1; now takes a <option>-W</option> option, 2357 which operates similar to <option>-A</option> but without 2358 special treatment at weekends, and a <option>-F</option> option 2359 to change the notion of <quote>Friday</quote>.</para> 2360 2361 <para arch="i386,pc98" role="historic">A minimalized version of &man.camcontrol.8; is 2362 now available on the installation floppy. This allows it to 2363 rescan for devices that have been connected after booting, or to 2364 show the devices attached to SCSI busses (e. g. from within the 2365 <quote>emergency holographic shell</quote>). &merged;</para> 2366 2367 <para role="historic">&man.cat.1; now has the ability to read from UNIX-domain 2368 sockets. &merged;</para> 2369 2370 <para>&man.catman.1; is now a C program, instead of a 2371 Perl script.</para> 2372 2373 <para role="historic">&man.cdcontrol.1; now supports a <literal>cdid</literal> 2374 command, which calculates and displays the CD serial number, 2375 using the same algorithm used by the CDDB 2376 database. &merged;</para> 2377 2378 <para role="historic">&man.cdcontrol.1; now uses the <envar>CDROM</envar> 2379 environment variable to pick a default device. &merged;</para> 2380 2381 <para role="historic">&man.cdcontrol.1; now supports <literal>next</literal> and 2382 <literal>prev</literal> commands to skip forwards or backwards a 2383 specified number of tracks while playing an audio 2384 CD. &merged;</para> 2385 2386 <para>&man.cdcontrol.1; now supports a 2387 <literal>speed</literal> command to set the maximum speed to be 2388 used by the drive (the maximum possible speed can be selected 2389 setting the speed to <literal>max</literal>). &merged;</para> 2390 2391 <para>A &man.check.utility.compat.3; library function has been 2392 added to <filename>libc</filename>, to determine 2393 whether certain &os; base system utilities should behave in &os; 4-compatible mode 2394 or in a <quote>standard</quote> mode (default standard). The 2395 configuration is done &man.malloc.3;-style, with either an 2396 environment variable or a symbolic link.</para> 2397 2398 <para>&man.chflags.1; has moved from <filename>/usr/bin</filename> 2399 to <filename>/bin</filename>.</para> 2400 2401 <para role="historic">&man.chio.1; now has the ability to specify elements by 2402 volume tag instead of by their physical location as well as the 2403 ability to return an element to its previous 2404 location. &merged;</para> 2405 2406 <para>&man.chmod.1; now supports a <option>-h</option> for 2407 changing the mode of a symbolic link.</para> 2408 2409 <para>&man.chmod.1; now also, when the mode is modified, prints 2410 the old and new modes if the <option>-v</option> option is 2411 specified more than once.</para> 2412 2413 <para role="historic">&man.chown.8; now correctly follows symbolic links named as 2414 command line arguments if run without 2415 <option>-R</option>. &merged;</para> 2416 2417 <para>&man.chown.8; no longer takes <literal>.</literal> as a 2418 user/group delimeter. This change was made to support usernames 2419 containing a <literal>.</literal> character.</para> 2420 2421 <para>Use of the <literal>CSMG_*</literal> macros no longer 2422 require inclusion of 2423 <filename><sys/param.h></filename></para> 2424 2425 <para role="historic">&man.col.1; now takes a <option>-p</option> flag to force 2426 unknown control sequences to be passed through 2427 unchanged. &merged;</para> 2428 2429 <para role="historic">The <filename>compat3x</filename> distribution has been 2430 updated to include libraries present in &os; 2431 3.5.1-RELEASE. &merged;</para> 2432 2433 <para>A <filename>compat4x</filename> distribution has been added 2434 for compatibility with &os; 4-STABLE. It includes a subset of 2435 the libraries distributed with &os; 4.7-RELEASE.</para> 2436 2437 <para role="historic">&man.config.8; is now better about converting various 2438 warnings that should have been errors into actual fatal errors 2439 with an exit code. This ensures that <literal>make 2440 buildkernel</literal> doesn't quietly ignore them and build a 2441 bogus kernel without a human to read the errors. &merged;</para> 2442 2443 <para role="historic">A number of buffer overflows in &man.config.8; have been 2444 fixed. &merged;</para> 2445 2446 <para>&man.cp.1; now takes a (nonstandard) <option>-n</option> 2447 option to automatically answer <quote>no</quote> when it would 2448 ask to overwrite a file. &merged;</para> 2449 2450 <para>A new &man.csplit.1; utility, which splits files based on 2451 context, has been added.</para> 2452 2453 <para role="historic">&man.ctags.1; no longer creates a corrupt tags file if the 2454 source file used <literal>//</literal> (C++-style) 2455 comments. &merged;</para> 2456 2457 <para>&man.ctags.1; now creates tags for typedefs, structs, 2458 unions, and enums by default (implying the <option>-t</option> 2459 option). The new <option>-T</option> reverts to the old 2460 behavior.</para> 2461 2462 <para>The &man.daemon.8; program, a command-line interface to 2463 &man.daemon.3;, has been added. It detaches itself from its 2464 controlling terminal and executes a program specified on the 2465 command line. This allows the user to run an arbitrary program 2466 as if it were written to be a daemon. &merged;</para> 2467 2468 <para>The &man.devd.8; utility, a userland daemon that can run 2469 arbitrary commands when devices come and go in the device tree, 2470 has been added. This program is a generalization of some of the 2471 functionality of &man.pccardd.8;. 2472 2473 <note> 2474 <para>&man.devd.8; is a work in progress.</para> 2475 </note> 2476 2477 </para> 2478 2479 <para>&man.devinfo.8;, a simple tool to print the device tree and resource 2480 usage by devices, has been added.</para> 2481 2482 <para role="historic">&man.df.1; now takes a <option>-l</option> option to only 2483 display information about locally-mounted 2484 filesystems. &merged;</para> 2485 2486 <para role="historic">&man.disklabel.8; now supports partition sizes expressed in 2487 kilobytes, megabytes, or gigabytes, in addition to 2488 sectors. &merged;</para> 2489 2490 <para>diskpart(8) has been declared obsolete, and has been 2491 removed.</para> 2492 2493 <para role="historic">&man.dmesg.8; now has a <option>-a</option> option to show 2494 the entire message buffer, including &man.syslogd.8; records and 2495 <filename>/dev/console</filename> output. &merged;</para> 2496 2497 <para role="historic">&man.du.1; now takes a <option>-I</option> command-line flag 2498 to ignore/skip files and subdirectories matching a specified 2499 shell-glob mask. &merged;</para> 2500 2501 <para role="historic">&man.dump.8; now supports inheritance of the 2502 <literal>nodump</literal> flag down a hierarchy. &merged;</para> 2503 2504 <para>&man.dump.8; now supports a <option>-L</option> flag for 2505 dumping live UFS and UFS2 filesystems safely. To obtain a 2506 consistent dump image, &man.dump.8; takes a snapshot of the 2507 filesystem and performs the dump on the snapshot. The snapshot 2508 is removed when the dump is complete.</para> 2509 2510 <para role="historic">The <option>-T</option> option to &man.dump.8; no longer 2511 swallows an extra argument. &merged;</para> 2512 2513 <para role="historic">&man.dump.8; has a new <option>-D</option> option, allowing 2514 the path to the <filename>/etc/dumpdates</filename> file to be 2515 changed. &merged;</para> 2516 2517 <para role="historic">&man.dump.8; now supplies progress information in its 2518 process title, useful for monitoring automated 2519 backups. &merged;</para> 2520 2521 <para>&man.dump.8; now supports a new <option>-S</option> flag to allow 2522 it to just print out the dump size estimates and exit. &merged;</para> 2523 2524 <para role="historic">&man.edquota.8; now takes a <option>-f</option> option to 2525 allow limiting the prototype quota distribution (specified with 2526 <option>-p</option>) to a single filesystem. &merged;</para> 2527 2528 <para role="historic"><filename>/etc/rc.firewall</filename> and 2529 <filename>/etc/rc.firewall6</filename> will no longer add their own 2530 hardcoded rules in the cases of a rules file in the 2531 <varname>firewall_type</varname> variable or a non-existent 2532 firewall type. (The motivation for this change is to avoid 2533 acting on assumptions about a site's firewall policies.) In 2534 addition, the <literal>closed</literal> firewall type now works 2535 as documented in the &man.rc.firewall.8; manual page. &merged;</para> 2536 2537 <para role="historic">The functionality of <filename>/etc/security</filename> has 2538 been been moved into a set of scripts under the &man.periodic.8; 2539 framework, to make local customization easier and more 2540 maintainable. These scripts now reside in 2541 <filename>/etc/periodic/security/</filename>. &merged;</para> 2542 2543 <para>&man.expr.1; is now compliant with POSIX.2-1992 (and thus 2544 also with POSIX.1-2001). Some program depend on the old, 2545 historic behavior and do not properly protect their arguments to 2546 keep them from being misinterpreted as command-line options. 2547 (the <filename role="package">devel/libtool</filename> 2548 port/package, used by many GNU programs, is a notable example). 2549 The old behavior can be requested by enabling compatibility mode 2550 for &man.expr.1; as described in 2551 &man.check.utility.compat.3;.</para> 2552 2553 <para>&man.fbtab.5; now accepts glob matching patterns for target 2554 devices, not just individual devices and directories.</para> 2555 2556 <para arch="i386,pc98">&man.fdisk.8; no longer attempts to search for a 2557 device if none has been specified on the command line, but 2558 instead tries to figure out the default device name from the 2559 root device.</para> 2560 2561 <para>&man.fdread.1;, a program to read data from floppy disks, 2562 has been added. It is a counterpart to &man.fdwrite.1; and is 2563 designed to provide a means of recovering at least some data 2564 from bad media, and to obviate the need for a complex invocation of 2565 &man.dd.1;.</para> 2566 2567 <para role="historic">&man.find.1; now takes the <option>-empty</option> flag, 2568 which returns true if a file or directory is 2569 empty. &merged;</para> 2570 2571 <para role="historic">&man.find.1; now takes the <option>-iname</option> and 2572 <option>-ipath</option> primaries for case-insensitive matches, 2573 and the <option>-regexp</option> and <option>-iregexp</option> 2574 primaries for regular-expression matches. The 2575 <option>-E</option> flag now enables extended regular 2576 expressions. &merged;</para> 2577 2578 <para role="historic">&man.find.1; now has the <option>-anewer</option>, 2579 <option>-cnewer</option>, <option>-mnewer</option>, 2580 <option>-okdir</option>, and <option>-newer[acm][acmt]</option> 2581 primaries for comparisons of file timestamps. The latter 2582 primaries can be specified with various units of 2583 time. &merged;</para> 2584 2585 <para role="historic">&man.finger.1; now has the ability to support fingering 2586 aliases, via the &man.finger.conf.5; file. &merged;</para> 2587 2588 <para>&man.finger.1; now has support for a 2589 <filename>.pubkey</filename> file. &merged;</para> 2590 2591 <para>&man.finger.1; now supports a <option>-g</option> flag to 2592 restrict the printing of GECOS information to the user's full 2593 name only. &merged;</para> 2594 2595 <para>&man.finger.1; now supports the <option>-4</option> and 2596 <option>-6</option> flags to specify an address family for 2597 remote queries. &merged;</para> 2598 2599 <para role="historic">&man.fmt.1; has been rewritten; the rewrite fixes a number 2600 of bugs compared to its prior behavior. &merged;</para> 2601 2602 <para role="historic">&man.fmtcheck.3;, a function for checking consistency of 2603 format string arguments, has been added. &merged;</para> 2604 2605 <para>&man.fold.1; now supports a <option>-b</option> flag to 2606 break at byte positions and a <option>-s</option> flag to break at 2607 word boundaries. &merged;</para> 2608 2609 <para role="historic">&man.fsdb.8; now supports a <literal>blocks</literal> 2610 command to list the blocks allocated by a particular 2611 inode. &merged;</para> 2612 2613 <para>&man.fsck.8; wrappers have been imported; this feature 2614 provides infrastructure for &man.fsck.8; to work on different 2615 types of filesystems (analogous to &man.mount.8;).</para> 2616 2617 <para>The behavior of &man.fsck.8; when dealing with various 2618 passes (a la <filename>/etc/fstab</filename>) has been modified 2619 to accommodate multiple-disk filesystems.</para> 2620 2621 <para>&man.fsck.8; now has support for foreground 2622 (<option>-F</option>) and background (<option>-B</option>) 2623 checks. Traditionally, &man.fsck.8; is invoked before the 2624 filesystems are mounted and all checks are done to completion at 2625 that time. If background checking is available, &man.fsck.8; is 2626 invoked twice. It is first invoked at the traditional time, 2627 before the filesystems are mounted, with the <option>-F</option> 2628 flag to do checking on all the filesystems that cannot do 2629 background checking. It is then invoked a second time, after 2630 the system has completed going multiuser, with the 2631 <option>-B</option> flag to do checking on all the filesystems 2632 that can do background checking. Unlike the foreground 2633 checking, the background checking is started asynchronously so 2634 that other system activity can proceed even on the filesystems 2635 that are being checked. Boot-time enabling of this feature is 2636 controlled by the 2637 <varname>background_fsck</varname> option in &man.rc.conf.5;.</para> 2638 2639 <para role="historic">Shortly after the receipt of a <literal>SIGINFO</literal> 2640 signal (normally control-T from the controlling tty), 2641 &man.fsck.ffs.8; will now output a line indicating the current 2642 phase number and progress information relevant to the current 2643 phase. &merged;</para> 2644 2645 <para>&man.fsck.ffs.8; now supports background filesystem checks 2646 to mounted FFS filesystems with the <option>-B</option> option 2647 (Soft Updates must be enabled on these filesystems). The 2648 <option>-F</option> flag now determines whether a specified 2649 filesystem needs foreground checking.</para> 2650 2651 <para role="historic">A new &man.fsck.msdosfs.8; utility has been added to check 2652 the consistency of MS-DOS filesystems. &merged;</para> 2653 2654 <para role="historic">&man.ftpd.8; now supports a <option>-r</option> flag for 2655 read-only mode and a <option>-E</option> flag to disable 2656 <literal>EPSV</literal>. It also has some fixes to reduce 2657 information leakage and the ability to specify compile-time port 2658 ranges. &merged;</para> 2659 2660 <para>&man.ftpd.8; now supports the <option>-m</option> option 2661 to permit guest users to modify existing files if allowed 2662 by filesystem permissions. 2663 In particular, this enables guest users to resume uploads. 2664 &merged;</para> 2665 2666 <para>&man.ftpd.8; now supports the <option>-M</option> option 2667 to prevent guest users from creating directories. 2668 &merged;</para> 2669 2670 <para>&man.ftpd.8; now supports <option>-o</option> and 2671 <option>-O</option> options to disable the 2672 <literal>RETR</literal> command; the former for everybody, and 2673 the latter only for guest users. Coupled with 2674 <option>-A</option> and appropriate file permissions, these can 2675 be used to create a relatively safe anonymous FTP drop box for 2676 others to upload to. &merged;</para> 2677 2678 <para>&man.ftpd.8; now supports the <option>-W</option> option 2679 to disable logging FTP sessions to &man.wtmp.5;. &merged;</para> 2680 2681 <para>The &man.fwcontrol.8; utility has been added to help users 2682 access and control the FireWire subsystem. &merged;</para> 2683 2684 <para arch="i386,pc98" role="historic">&man.gdb.1; now supports hardware 2685 watchpoints (using the kernel's debug register + support that 2686 has been introduced in &os; 4.0). &merged;</para> 2687 2688 <para>The &man.getconf.1; utility has been added. It prints the 2689 values of POSIX or X/Open path or system configuration 2690 variables. &merged;</para> 2691 2692 <para role="historic">The &man.getprogname.3; and &man.setprogname.3; library 2693 functions have been added to manipulate the name of the current 2694 program. They are used by error-reporting routines to produce 2695 consistent output. &merged;</para> 2696 2697 <para>gifconfig(8) is obsolete and has been removed. Its 2698 functionality is now handled by the <option>tunnel</option> and 2699 <option>deletetunnel</option> commands of 2700 &man.ifconfig.8;.</para> 2701 2702 <para>&man.gprof.1; now has a <option>-K</option> option to enable 2703 dynamic symbol resolution from the currently-running kernel. 2704 With this change, properly-compiled KLD modules are now able to 2705 be profiled.</para> 2706 2707 <para arch="ia64">The gpt tool for manipulating EFI GPT 2708 partitions has been added.</para> 2709 2710 <para role="historic">&man.growfs.8;, a utility for growing FFS filesystems, has 2711 been added. &man.ffsinfo.8;, a utility for dump all the 2712 meta-information of an existing filesystem, has also been 2713 added. &merged;</para> 2714 2715 <para role="historic">The &man.groups.1; and &man.whoami.1; shell scripts are now 2716 unnecessary; their functionality has been completely folded into 2717 &man.id.1;. &merged;</para> 2718 2719 <para>The ibcs(8), linux(8), osf1(8), and 2720 svr4(8) scripts, whose sole purpose was to load emulation 2721 kernel modules, have been removed. The kernel module system 2722 will automatically load them as needed to fulfill 2723 dependencies.</para> 2724 2725 <para role="historic">&man.indent.1; has gained some new formatting 2726 options. &merged;</para> 2727 2728 <para role="historic">&man.ifconfig.8; can set the link-layer address of 2729 an interface using the <option>link</option> parameter. 2730 &merged;</para> 2731 2732 <para role="historic">&man.ifconfig.8; can now accept addresses in slash/CIDR 2733 notation. &merged;</para> 2734 2735 <para role="historic">&man.ifconfig.8; now has support for setting parameters for 2736 IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4; 2737 devices are supported, and partial support is provided for 2738 &man.awi.4; devices. &merged;</para> 2739 2740 <para role="historic">&man.ifconfig.8; no longer displays the list of supported 2741 media by default. Instead it displays it when the 2742 <option>-m</option> flag is given. &merged;</para> 2743 2744 <para>&man.ifconfig.8; now has the ability to set promiscuous mode 2745 on an interface, via the new <option>promisc</option> 2746 flag. &merged;</para> 2747 2748 <para>&man.ifconfig.8; now supports a <literal>monitor</literal> 2749 interface flag, which blocks transmission of packets on that 2750 interface. This feature is useful for monitoring network traffic 2751 without interacting with the network in question.</para> 2752 2753 <para role="historic">The syntax of &man.inetd.8;'s support for &man.faithd.8; is 2754 now compatible with that of other BSDs. &merged;</para> 2755 2756 <para role="historic">The <literal>ident</literal> protocol support in 2757 &man.inetd.8; has been cleaned up and updated. &merged;</para> 2758 2759 <para role="historic">&man.inetd.8; now has the ability to manage UNIX-domain 2760 sockets. &merged;</para> 2761 2762 <para>By default, &man.inetd.8; is no longer run by &man.rc.8; at 2763 boot-time, although &man.sysinstall.8; gives the option of 2764 enabling it during binary installations. &man.inetd.8; can also 2765 be enabled by adding the following line to 2766 <filename>/etc/rc.conf</filename>:</para> 2767 2768 <programlisting>inetd_enable="YES"</programlisting> 2769 2770 <para>&man.inetd.8; now has the capability for limiting the 2771 maximum number of simultaneous invocations of each service from 2772 a single IP address. &merged;</para> 2773 2774 <para role="historic">&man.install.1; has a number of new features, including the 2775 <option>-b</option> and <option>-B</option> options for backing up 2776 existing target files and the <option>-S</option> option for 2777 <quote>safe</quote> (atomic copy) operation. The 2778 <option>-c</option> (copy) flag is now the default, and the 2779 <option>-D</option> (debugging) flag has been withdrawn. 2780 &man.install.1; now issues a warning if <option>-d</option> 2781 (create directories) and <option>-C</option> (copy changed files 2782 only) are used together. &merged;</para> 2783 2784 <para role="historic">IP Filter is now supported by the &man.rc.conf.5; boot-time 2785 configuration and initialization. &merged;</para> 2786 2787 <para role="historic">&man.ipfstat.8; now supports the <option>-t</option> option 2788 to turn on a &man.top.1;-like display. &merged;</para> 2789 2790 <para role="historic">&man.ipfw.8; will now avoid the display of dynamic firewall 2791 rules unless the <option>-d</option> flag is passed to it. The 2792 <option>-e</option> option lists expired dynamic 2793 rules. &merged;</para> 2794 2795 <para role="historic">&man.ipfw.8; has a new feature (<literal>me</literal>) that 2796 allows for packet matching on interfaces with 2797 dynamically-changing IP addresses. &merged;</para> 2798 2799 <para role="historic">&man.ipfw.8; has a new <literal>limit</literal> type of 2800 firewall rule, which limits the number of sessions between 2801 address pairs. &merged;</para> 2802 2803 <para>&man.ipfw.8; filter rules can now match on the value of the 2804 IPv4 precedence field.</para> 2805 2806 <para role="historic">&man.ip6fw.8; now has the ability to use a preprocessor and 2807 use the <option>-q</option> (quiet) flag when reading from a 2808 file. &merged;</para> 2809 2810 <para role="historic">&man.ispppcontrol.8; has been deleted, and its functionality 2811 has been folded into &man.spppcontrol.8;. &merged;</para> 2812 2813 <para role="historic">&man.k5su.8; is no longer installed SUID 2814 <username>root</username> by default. Users requiring this 2815 feature can either manually change the permissions on the 2816 &man.k5su.8; executable or add 2817 <literal>ENABLE_SUID_K5SU=yes</literal> to 2818 <filename>/etc/make.conf</filename> before a source 2819 upgrade. &merged;</para> 2820 2821 <para>&man.kbdmap.1; and &man.vidfont.1; have been converted from 2822 Perl to C.</para> 2823 2824 <para role="historic">&man.kenv.1;, a command to dump the kernel environment, has 2825 been added. &merged;</para> 2826 2827 <para>&man.kenv.1; now has the ability to set or delete kernel 2828 environment variables.</para> 2829 2830 <para role="historic">&man.keyinfo.1; is now a C program, rather than a Perl 2831 script. &merged;</para> 2832 2833 <para>The kget(8) utility has been removed (it was only 2834 useful for UserConfig, which is not present in &os; 2835 &release.current;).</para> 2836 2837 <para role="historic">&man.killall.1; is now a C program, rather than a Perl 2838 script. As a result, its <option>-m</option> option now uses 2839 the regular expression syntax of &man.regex.3;, rather than that 2840 of Perl. &merged;</para> 2841 2842 <para>&man.killall.1; no longer tries to kill zombie processes 2843 unless the <option>-z</option> flag is specified.</para> 2844 2845 <para role="historic">The &man.kldconfig.8; utility has been added to make it 2846 easier to manipulate the kernel module search 2847 path. &merged;</para> 2848 2849 <para>&man.ktrdump.8;, a utility to dump the ktr trace buffer from 2850 userland, has been added.</para> 2851 2852 <para role="historic">&man.last.1; now implements a <option>-d</option> that 2853 provides a <quote>snapshot</quote> of who was logged in at a 2854 particular date and time. &merged;</para> 2855 2856 <para role="historic">&man.last.1; now supports a <option>-y</option> flag, which 2857 causes the year to be included in the session start time. &merged;</para> 2858 2859 <para role="historic">The &man.lastlogin.8; utility, which prints the last login 2860 time of each user, has been imported from 2861 NetBSD. &merged;</para> 2862 2863 <para role="historic">&man.ldconfig.8; now checks directory ownerships and 2864 permissions for greater security; these checks can be disabled 2865 with the <option>-i</option> flag. &merged;</para> 2866 2867 <para role="historic">&man.ldd.1; can now be used on shared libraries, in addition 2868 to executables. &merged;</para> 2869 2870 <para>&man.ldd.1; now supports a <option>-a</option> flag to list 2871 all the objects that are needed by each loaded object.</para> 2872 2873 <para><filename>libc</filename> is now thread-safe by default; 2874 <filename>libc_r</filename> contains only thread 2875 functions.</para> 2876 2877 <para role="historic"><filename>libcrypt</filename> and 2878 <filename>libdescrypt</filename> have been unified to provide a 2879 configurable password authentication hash library. Both the md5 2880 and des hash methods are provided unless the des hash is 2881 specifically compiled out. &merged;</para> 2882 2883 <para role="historic"><filename>libcrypt</filename> now has support for Blowfish 2884 password hashing. &merged;</para> 2885 2886 <para arch="i386" role="historic"><filename>libdisk</filename> can now do 2887 install-time configuration of the <filename>boot0</filename> 2888 boot loader. &merged;</para> 2889 2890 <para role="historic"><filename>libstand</filename> now has support for 2891 filesystems containing 2892 <application>bzip2</application>-compressed 2893 files. &merged;</para> 2894 2895 <para><filename>libstand</filename> now has support for 2896 overwriting the contents of a file on a UFS filesystem (it 2897 cannot expand or truncate files because the filesystem may be 2898 dirty or inconsistent).</para> 2899 2900 <para role="historic"><filename>libstand</filename> now has support for loading 2901 large kernels and modules split across several physical 2902 media. &merged;</para> 2903 2904 <para role="historic">The default TCP port range used by 2905 <filename>libfetch</filename> for passive FTP retrievals has 2906 changed; this affects the behavior of &man.fetch.1;, which has 2907 gained the <option>-U</option> option to restore the old 2908 behavior. &merged;</para> 2909 2910 <para role="historic"><filename>libfetch</filename> now has support for an 2911 authentication callback. &merged;</para> 2912 2913 <para role="historic"><filename>libfetch</filename> now has support for a 2914 <envar>HTTP_USER_AGENT</envar> environment 2915 variable. &merged;</para> 2916 2917 <para><filename>libgmp</filename> has been superceded by 2918 <filename>libmp</filename>. 2919 2920 <para>The functions from <filename>libposix1e</filename> have been 2921 integrated into <filename>libc</filename>.</para> 2922 2923 <para role="historic"><filename>libusb</filename> has been renamed as 2924 <filename>libusbhid</filename>, following NetBSD's naming 2925 conventions. &merged;</para> 2926 2927 <para role="historic">&man.ln.1; now takes an <option>-i</option> option to 2928 request user confirmation before overwriting an existing 2929 file. &merged;</para> 2930 2931 <para role="historic">&man.ln.1; now takes a <option>-h</option> flag to avoid 2932 following a target that is a link, with a <option>-n</option> 2933 flag for compatibility with other 2934 implementations. &merged;</para> 2935 2936 <para>&man.lock.1; now accepts a <option>-v</option> to disable 2937 switching VTYs while the current terminal is locked. This permits 2938 locking the entire console from a single terminal. &merged;</para> 2939 2940 <para role="historic">&man.logger.1; can now send messages directly to a remote 2941 syslog. &merged;</para> 2942 2943 <para role="historic">&man.login.1; now exports environment variables set by 2944 <application>PAM</application> modules. &merged;</para> 2945 2946 <para>&man.lpc.8; has been improved; <command>lpc clean</command> 2947 is now somewhat safer, and a new <command>lpc tclean</command> 2948 command has been added to check to see what files would be 2949 removed by <command>lpc clean</command>. <command>lpc 2950 topq</command> has been reimplemented, and now allows for a much 2951 more flexible specification of which jobs should be moved (such 2952 as a range of job numbers, or a hostname). An <command>lpc 2953 bottomq</command> command has been added to move jobs to the 2954 bottom of a print queue, and a new <command>lpc 2955 setstatus</command> command can be used to set a printer's 2956 status message. &merged;</para> 2957 2958 <para role="historic">&man.lpd.8; now takes two new options: <option>-c</option> 2959 will log all connection errors to &man.syslogd.8;, while 2960 <option>-W</option> will allow connections from non-reserved 2961 ports. &merged;</para> 2962 2963 <para role="historic">&man.lpd.8; now has some support for 2964 <literal>o</literal>-type print-file actions in its control 2965 files, which allows printing of PostScript files generated by 2966 <application>MacOS</application> 10.1. &merged;</para> 2967 2968 <para role="historic">&man.lpd.8; now recognizes the <option>-s</option> flag as 2969 the preferred synonym for <option>-p</option> (these flags 2970 cause &man.lpd.8; not to open a socket for network print 2971 jobs). &merged;</para> 2972 2973 <para role="historic">&man.lpd.8; now implements a new <literal>rc</literal> 2974 printcap option. When specified in a print queue for a remote 2975 host, boolean option causes &man.lpd.8; to resend the data file 2976 for each copy the user requested via <command>lpr 2977 -#<replaceable>n</replaceable></command>. &merged;</para> 2978 2979 <para role="historic">Catching up with most other network utilities in the base 2980 system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and 2981 &man.logger.1; are now all IPv6-capable. &merged;</para> 2982 2983 <para role="historic"><command>lprm -</command> now works for remote printer 2984 queues. &merged;</para> 2985 2986 <para role="historic">&man.ls.1; can produce colorized listings with the 2987 <option>-G</option> flag (and appropriate terminal support). 2988 The <envar>CLICOLOR</envar> environment variable can be set to 2989 enable colorized listings by default. &merged;</para> 2990 2991 <para role="historic">&man.ls.1; now accepts a <option>-h</option> flag, which 2992 when combined with the <option>-l</option> flag, causes file 2993 sizes to be printed with unit suffixes, such that the number of 2994 digits printed is fewer than four. &merged;</para> 2995 2996 <para>The &man.ls.1; program now supports a <option>-m</option> 2997 flag to list files across a page, a <option>-p</option> flag to 2998 force printing of a <literal>/</literal> after directories, and 2999 a <option>-x</option> flag to sort filenames across a 3000 page. &merged;</para> 3001 3002 <para role="historic">&man.m4.1; now accepts a <option>-s</option> flag to cause 3003 it to emit <literal>#line</literal> directives for use by 3004 &man.cpp.1;. &merged;</para> 3005 3006 <para role="historic">&man.mail.1; now takes a <option>-E</option> flag to avoid 3007 sending messages with empty bodies. &merged;</para> 3008 3009 <para role="historic">&man.make.1; has gained the <literal>:C///</literal> 3010 (regular expression substitution), <literal>:L</literal> 3011 (lowercase), and <literal>:U</literal> (uppercase) variable 3012 modifiers. These were added to reduce the differences between 3013 the &os; and OpenBSD/NetBSD &man.make.1; programs. 3014 &merged;</para> 3015 3016 <para role="historic">Bugs in &man.make.1;, among which include broken null suffix 3017 behavior, bad assumptions about current directory permissions, 3018 and potential buffer overflows, have been fixed. &merged;</para> 3019 3020 <para role="historic">The new <varname>CPUTYPE</varname> 3021 <filename>make.conf</filename> variable controls the compilation 3022 of processor-specific optimizations in various pieces of code 3023 such as <application>OpenSSL</application>. &merged;</para> 3024 3025 <para role="historic">The &os; <filename>Makefile</filename> infrastructure now 3026 supports the <varname>WARNS</varname> directive from NetBSD. 3027 This directive controls the addition of compiler warning flags 3028 to <varname>CFLAGS</varname> in a relatively compiler-neutral 3029 manner. &merged;</para> 3030 3031 <para>&man.makewhatis.1; is now a C program, instead of a 3032 Perl script.</para> 3033 3034 <para>&man.man.1; is no longer installed SUID 3035 <username>man</username>, in order to reduce vulnerabilities 3036 associated with generating <quote>catpages</quote> (preformatted 3037 manual pages cached for repeated viewing). As a result, 3038 &man.man.1; can no longer create system catpages on a regular 3039 user's behalf. It is still able to do so if the user has write 3040 permissions to the directory holding catpages (e.g. a user's own 3041 manpages) or if the running user is 3042 <username>root</username>.</para> 3043 3044 <para arch="ia64">The mca utility, for decoding machine check 3045 records, has been added.</para> 3046 3047 <para>The &man.mdmfs.8; command has been added; it is a wrapper 3048 around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and 3049 &man.mount.8; that mimics the command line option set of the 3050 deprecated &man.mount.mfs.8;.</para> 3051 3052 <para role="historic">&man.mergemaster.8; now sources an 3053 <filename>/etc/mergemaster.rc</filename> file and also prompts 3054 the user to run recommended commands (such as 3055 <command>newaliases</command>) as needed. &merged;</para> 3056 3057 <para role="historic">&man.mergemaster.8; now supports two new flags. 3058 The <option>-p</option> flag enables a 3059 <quote>pre-<literal>buildworld</literal></quote> mode to files 3060 known to be essential to the success of the 3061 <literal>buildworld</literal> and 3062 <literal>installworld</literal> system updating steps. The 3063 <option>-C</option> flag, used after a successful 3064 &man.mergemaster.8; run, compares options in 3065 <filename>/etc/rc.conf</filename> to the default options in 3066 <filename>/etc/defaults/rc.conf</filename>. &merged;</para> 3067 3068 <para>&man.mesg.1; now conforms to SUSv3. Among other things, it 3069 now uses the first terminal associated with the standard input, 3070 standard output or standard error file descriptor, in that order. 3071 Thus, it is possible to use the redirection facilities of a shell 3072 (<command>mesg n < /dev/ttyp1</command>) to control write access 3073 for other terminals.</para> 3074 3075 <para role="historic">mk_cmds(1) and the associated 3076 <filename>libss</filename> have been removed; they have been 3077 unused for quite some time. &merged;</para> 3078 3079 <para>&man.mountd.8; and &man.nfsd.8; have moved from 3080 <filename>/sbin</filename> to <filename>/usr/sbin</filename>.</para> 3081 3082 <para role="historic">&man.moused.8; now takes a <option>-a</option> option to 3083 control mouse acceleration. &merged;</para> 3084 3085 <para role="historic">&man.mtree.8; now includes support for a file that lists 3086 pathnames to be excluded when creating and verifying prototypes. 3087 This makes it easier to use &man.mtree.8; as a part of an 3088 intrusion-detection system. &merged;</para> 3089 3090 <para>&man.mv.1; now takes a (nonstandard) <option>-n</option> option to 3091 automatically answer <quote>no</quote> when it would ask to 3092 overwrite a file. &merged;</para> 3093 3094 <para role="historic">&man.natd.8; now supports a 3095 <option>-log_ipfw_denied</option> option to log packets that 3096 cannot be re-injected because they are blocked by &man.ipfw.8; 3097 rules. &merged;</para> 3098 3099 <para role="historic">The <quote>in use</quote> percentage metric displayed by 3100 &man.netstat.1; now really reflects the percentage of network 3101 mbufs used. &merged;</para> 3102 3103 <para role="historic">&man.netstat.1; now has a <option>-W</option> flag that 3104 tells it not to truncate addresses, even if they're too long for 3105 the column they're printed in. &merged;</para> 3106 3107 <para role="historic">&man.netstat.1; now keeps track of input and output packets 3108 on a per-address basis for each interface. &merged;</para> 3109 3110 <para role="historic">&man.netstat.1; now has a <option>-z</option> flag to reset 3111 statistics. &merged;</para> 3112 3113 <para role="historic">&man.netstat.1; now has a <option>-S</option> flag to print 3114 address numerically but port names symbolically. &merged;</para> 3115 3116 <para role="historic">&man.newfs.8; now implements write combining, which can make 3117 creation of new filesystems up to seven times 3118 faster. &merged;</para> 3119 3120 <para role="historic">&man.newfs.8; now takes a <option>-U</option> option to 3121 enable Soft Updates on a new filesystem. &merged;</para> 3122 3123 <para role="historic">The default number of cylinders per group in &man.newfs.8; 3124 is now computed to be the maximum allowable given the current 3125 filesystem parameters. It can be overridden with the 3126 <option>-c</option> option. Formerly, the default was fixed at 3127 16. This change leads to better &man.fsck.8; performance and 3128 reduced fragmentation. &merged;</para> 3129 3130 <para role="historic"><anchor id="newfs-block-frag-sizes">The default block and 3131 fragment sizes for new filesystems created by &man.newfs.8; are 3132 now 16384 and 2048 bytes, respectively (the old defaults were 3133 8192 and 1024 bytes). This change generally provides increased 3134 performance, at the expense of some wasted disk 3135 space. &merged;</para> 3136 3137 <para>A number of archaic features of &man.newfs.8; have been 3138 removed; these implemented tuning features that are essentially 3139 useless on modern hard disks. These features were controlled by 3140 the <option>-O</option>, <option>-d</option>, 3141 <option>-k</option>, <option>-l</option>, <option>-n</option>, 3142 <option>-p</option>, <option>-r</option>, <option>-t</option>, 3143 and <option>-x</option> flags.</para> 3144 3145 <para>&man.newfs.8; now supports a <option>-O</option> flag to 3146 select the creation of UFS1 or UFS2 filesystems.</para> 3147 3148 <para>The &man.newgrp.1; utility to change to a new group has been 3149 added.</para> 3150 3151 <para>&man.newsyslog.8; now compresses log files 3152 using &man.bzip2.1; by default. (The former behavior of using 3153 &man.gzip.1; can be specified in 3154 <filename>/etc/newsyslog.conf</filename>.)</para> 3155 3156 <para>The &man.nextboot.8; utility has been added to specify an 3157 alternate kernel and/or boot flags to be used the next time the 3158 machine is booted. A previous incarnation of this feature 3159 first appeared in &os; 2.2.</para> 3160 3161 <para><application>NFS</application> now works over IPv6.</para> 3162 3163 <para role="historic">&man.ngctl.8; now supports a <option>write</option> command 3164 to send a data packet down a given hook. &merged;</para> 3165 3166 <para>&man.nice.1; now uses the <option>-n</option> option to 3167 specify the <quote>niceness</quote> of the utility being 3168 run. &merged;</para> 3169 3170 <para role="historic">&man.nl.1;, a line numbering filter program, has been 3171 added. &merged;</para> 3172 3173 <para><application>nsswitch</application> support has been merged 3174 from NetBSD. By creating an &man.nsswitch.conf.5; file, &os; 3175 can be configured so that various databases such as 3176 &man.passwd.5; and &man.group.5; can be looked up using flat 3177 files, NIS, or Hesiod. If <filename>/etc/nsswitch.conf</filename> 3178 does not exist, it will be automatically generated from an existing 3179 <filename>/etc/hosts.conf</filename> at system startup time. The 3180 <filename>/etc/hosts.conf</filename> file may be used by old 3181 executables; it will be automatically generated from 3182 an existing <filename>/etc/nsswitch.conf</filename> during 3183 system startup if it exists.</para> 3184 3185 <para>&man.od.1; now supports the <option>-A</option> option to 3186 specify the input address base, the <option>-N</option> option to 3187 specify the number of bytes to dump, the <option>-j</option> 3188 option to specify the number of bytes to skip, the 3189 <option>-s</option> option to output signed decimal shorts, and 3190 the <option>-t</option> option to specify output type. &merged;</para> 3191 3192 <para arch="sparc64">The &man.ofwdump.8; utility has been added to 3193 examine the OpenFirmware device tree.</para> 3194 3195 <para><application>PAM</application> support has been added for 3196 account management and sessions.</para> 3197 3198 <para><application>PAM</application> configuration is now 3199 specified by files in <filename>/etc/pam.d/</filename>, rather 3200 than a single <filename>/etc/pam.conf</filename> file. 3201 <filename>/etc/pam.d/README</filename> has more details.</para> 3202 3203 <para>A &man.pam.echo.8; echo service module has been added.</para> 3204 3205 <para>A &man.pam.exec.8; program execution service module has been 3206 added.</para> 3207 3208 <para>A &man.pam.ftp.8; module has been added to allow 3209 authentication of anonymous FTP users.</para> 3210 3211 <para>A &man.pam.ftpusers.8; module has been added to perform 3212 checks against the &man.ftpusers.5; file.</para> 3213 3214 <para>A &man.pam.ksu.8; module has been added to do Kerberos 5 3215 authentication and <filename>$HOME/.k5login</filename> 3216 authorization for &man.su.1;.</para> 3217 3218 <para>A &man.pam.lastlog.8; module has been added to record 3219 sessions in the &man.utmp.5;, &man.wtmp.5;, and &man.lastlog.5; 3220 databases.</para> 3221 3222 <para>A &man.pam.login.access.8; module has been added, to allow 3223 checking against <filename>/etc/login.access</filename>.</para> 3224 3225 <para>The &man.pam.nologin.8; module, which can disallow logins 3226 using &man.nologin.5;, has been added.</para> 3227 3228 <para>The &man.pam.opie.8; and &man.pam.opieaccess.8; modules have 3229 been added to control authentication via &man.opie.4;. &merged;</para> 3230 3231 <para>A &man.pam.passwdqc.8; module has been added, to check the 3232 quality of passwords submitted during password changes.</para> 3233 3234 <para>A &man.pam.rhosts.8; module has been added to support 3235 &man.rhosts.5; authentication.</para> 3236 3237 <para>The &man.pam.rootok.8; module, which can be used to 3238 authenticate only the superuser, has been added.</para> 3239 3240 <para>A &man.pam.securetty.8; module has been added to check the 3241 <quote>security</quote> of a TTY, as listed in &man.ttys.5;.</para> 3242 3243 <para>A &man.pam.self.8; module, which allows self-authentication 3244 of a user, has been added.</para> 3245 3246 <para role="historic">A &man.pam.ssh.8; module has been added to allow the use of 3247 SSH passphrases and keypairs for authentication. This module 3248 also handles session management by invoking 3249 &man.ssh-agent.1;. &merged;</para> 3250 3251 <para>A &man.pam.wheel.8; module has been added to permit 3252 authentication to members of a group, which defaults to 3253 <groupname>wheel</groupname>.</para> 3254 3255 <para role="historic">&man.passwd.1; and &man.pw.8; now select the password hash 3256 algorithm at run time. See the <literal>passwd_format</literal> 3257 attribute in 3258 <filename>/etc/login.conf</filename>. &merged;</para> 3259 3260 <para role="historic">&man.patch.1; now accepts a <option>-i</option> command-line 3261 flag to read a patch from a file, rather than standard 3262 input. &merged;</para> 3263 3264 <para>The &man.pathchk.1; utility, which checks pathnames for 3265 validity or portability between POSIX systems, has been 3266 added. &merged;</para> 3267 3268 <para role="historic">&man.pax.1; has received a number of enhancements, including 3269 &man.cpio.1; functionality, &man.tar.1; compatibility 3270 enhancements, <option>-z</option> and <option>-Z</option> flags 3271 for &man.gzip.1; and &man.compress.1; functionality, and a 3272 number of bug fixes. &merged;</para> 3273 3274 <para role="historic">&man.pciconf.8; now supports a <option>-v</option> option to 3275 display the vendor/device information of configured devices, in 3276 conjunction with the <option>-l</option> option. The default 3277 vendor/device database can be found at 3278 <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para> 3279 3280 <para role="historic">The behavior of &man.periodic.8; is now controlled by 3281 <filename>/etc/defaults/periodic.conf</filename> and 3282 <filename>/etc/periodic.conf</filename>. &merged;</para> 3283 3284 <para role="historic">&man.ping.8; now supports a <option>-m</option> option to 3285 set the TTL of outgoing packets. &merged;</para> 3286 3287 <para role="historic">&man.ping.8; now supports a <option>-A</option> option to 3288 beep when packets are lost. &merged;</para> 3289 3290 <para>&man.ping.8; now supports a <option>-o</option> flag to exit 3291 after receiving a reply.</para> 3292 3293 <para role="historic">Userland &man.ppp.8; has received a number of updates and 3294 bug fixes. &merged;</para> 3295 3296 <para role="historic">&man.ppp.8; has gained the <literal>tcpmssfixup</literal> 3297 option, which adjusts outgoing and incoming TCP SYN packets so 3298 that the maximum receive segment size is no larger than allowed 3299 by the interface MTU. &merged;</para> 3300 3301 <para role="historic">&man.ppp.8; now supports IPv6. &merged;</para> 3302 3303 <para role="historic">&man.pppd.8; (the control program for kernel-level PPP) is 3304 now installed mode <literal>4550</literal> and 3305 <username>root</username><literal>:</literal><groupname>dialer</groupname>, 3306 rather than mode <literal>4555</literal> (in other words, it is 3307 no longer world-executable). Users of &man.pppd.8; may need to 3308 change their group settings. &merged;</para> 3309 3310 <para role="historic">&man.pr.1; now supports the <option>-f</option> and 3311 <option>-p</option> flags to pause output going to a 3312 terminal. &merged;</para> 3313 3314 <para>prefix(8) is obsolete and has been removed. Its 3315 functionality is provided by the <option>eui64</option> command 3316 to &man.ifconfig.8;.</para> 3317 3318 <para role="historic">The <option>-W</option> option to &man.ps.1; (to extract 3319 information from a specified swap device) has been useless for 3320 some time; it has been removed. &merged;</para> 3321 3322 <para>The &man.pselect.3; library function (introduced by POSIX.1 3323 as a slightly stronger version of &man.select.2;) has been 3324 added.</para> 3325 3326 <para role="historic">&man.pwd.1; can now double as &man.realpath.1;, a program to 3327 resolve pathnames to their underlying physical 3328 paths. &merged;</para> 3329 3330 <para>&man.pwd.1; now supports the <option>-L</option> flag to 3331 print the logical current working directory. &merged;</para> 3332 3333 <para>&man.quota.1; now takes a <option>-l</option> flag to 3334 suppress quote checks on NFS filesystems.</para> 3335 3336 <para>The pseudo-random number generator implemented by 3337 &man.rand.3; has been improved to provide less biased 3338 results.</para> 3339 3340 <para role="historic">&man.rc.8; now has a framework for handling dependencies 3341 between &man.rc.conf.5; variables. &merged;</para> 3342 3343 <para role="historic">&man.rc.8; now deletes all non-directory files in 3344 <filename>/var/run</filename> and 3345 <filename>/var/spool/lock</filename> at boot 3346 time. &merged;</para> 3347 3348 <para>&man.rcmd.3; now supports the use of the 3349 <envar>RSH</envar> environment variable to specify a program to 3350 use other than &man.rsh.1; for remote execution. As a result, 3351 programs such as &man.dump.8; can use &man.ssh.1; for remote 3352 transport.</para> 3353 3354 <para>&man.rdist.1; has been retired from the base system, but is 3355 still available from &os; Ports Collection as 3356 <filename role="package">net/44bsd-rdist</filename>.</para> 3357 3358 <para role="historic">&man.reboot.8; now takes a <option>-k</option> to specify 3359 the next kernel to boot. &merged;</para> 3360 3361 <para>The &man.renice.8; command implements a <option>-n</option> 3362 option, which specifies an increment to be applied to the 3363 priority of a process. &merged;</para> 3364 3365 <para role="historic">The &man.resolver.3; in &os; now implements EDNS0 support, 3366 which will be necessary when working with IPv6 transport-ready 3367 resolvers/DNS servers. &merged;</para> 3368 3369 <para role="historic">The &man.rfork.thread.3; library call has been added as a 3370 helper function to &man.rfork.2;. Using this function should 3371 avoid the need to implement complex stack swap 3372 code. &merged;</para> 3373 3374 <para role="historic">The <option>-v</option> option to &man.rm.1; now displays 3375 the entire pathname of a file being removed. &merged;</para> 3376 3377 <para role="historic">&man.route.8; is now more verbose when changing indirect 3378 routes, in the case of a gateway route that is the same route as 3379 the one being modified. &merged;</para> 3380 3381 <para role="historic">&man.route.8; now uses 3382 <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal> 3383 syntax instead of 3384 <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal> 3385 syntax, for compatibility with &man.netstat.1;. &merged;</para> 3386 3387 <para role="historic">&man.route.8; can now create <quote>proxy only</quote> 3388 published ARP entries. &merged;</para> 3389 3390 <para role="historic">The &man.route.8; <option>add</option> command now supports 3391 the <option>-ifp</option> and <option>-ifa</option> 3392 modifiers. &merged;</para> 3393 3394 <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para> 3395 3396 <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename> 3397 (as on NetBSD), not 3398 <filename>/usr/libexec/cpp</filename>.</para> 3399 3400 <para>&man.rpc.lockd.8; has been imported from NetBSD. This 3401 daemon provides support for servicing client NFS locks.</para> 3402 3403 <para role="historic">The performance of the ELF dynamic linker &man.rtld.1; has 3404 been improved. &merged;</para> 3405 3406 <para role="historic">RSA Security has waived all patent rights to the 3407 <application>RSA</application> algorithm. As a result, the 3408 native <application>OpenSSL</application> implementation of the 3409 RSA algorithm is now activated by default, and the <filename 3410 role="package">security/rsaref</filename> port and the 3411 <filename>librsaUSA</filename> and 3412 <filename>librsaINTL</filename> libraries are no longer required 3413 for USA and non-USA residents respectively. &merged;</para> 3414 3415 <para>&man.rtld.1; will now print the names of all objects that 3416 cause each object to be loaded, if the 3417 <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment 3418 variable is defined.</para> 3419 3420 <para role="historic">&man.savecore.8; now supports a <option>-k</option> option 3421 to prevent clearing a crash dump after saving it. It also 3422 attempts to avoid writing large stretches of zeros to crash dump 3423 files to save space and time. &merged;</para> 3424 3425 <para role="historic">&man.savecore.8; now works correctly on machines with 2 GB 3426 or more of RAM. &merged;</para> 3427 3428 <para role="historic">&man.sed.1; now takes a <option>-E</option> option for 3429 extended regular expression support. &merged;</para> 3430 3431 <para>&man.sed.1; now takes a <option>-i</option> option to enable 3432 in-place editing of files. &merged;</para> 3433 3434 <para role="historic">&man.send-pr.1; now takes a <option>-a</option> option to 3435 include a file into the <literal>Fix:</literal> section of a 3436 problem report. &merged;</para> 3437 3438 <para>The &man.setfacl.1; and &man.getfacl.1; commands have been 3439 added to manage filesystem Access Control Lists.</para> 3440 3441 <para role="historic">&man.setproctitle.3; has been moved from 3442 <filename>libutil</filename> to 3443 <filename>libc</filename>. &merged;</para> 3444 3445 <para role="historic">&man.sh.1; now implements <command>test</command> as a 3446 built-in command for improved efficiency. &merged;</para> 3447 3448 <para>&man.sh.1; no longer implements <command>printf</command> as 3449 a built-in command because it was considered less valuable 3450 compared to the other built-in commands (this functionality is, 3451 of course, still available through the &man.printf.1; 3452 executable).</para> 3453 3454 <para>&man.sh.1; now supports a <option>-C</option> option to 3455 prevent existing regular files from being overwritten by output 3456 redirection, and a <option>-u</option> to give an error if an 3457 unset variable is expanded. &merged;</para> 3458 3459 <para>The &man.sh.1; built-in <command>cd</command> command now 3460 supports <option>-L</option> and <option>-P</option> flags to 3461 invoke logical or physical modes of operation, respectively. 3462 Logical mode is the default, but the default can be changed with 3463 the <varname>physical</varname> &man.sh.1; option. &merged;</para> 3464 3465 <para>The &man.sh.1; built-in <command>jobs</command> command now 3466 supports a <option>-s</option> flag to output PIDs only and a 3467 <option>-l</option> flag to add PIDs to the output. &merged;</para> 3468 3469 <para>&man.sh.1; now supports a <command>bind</command> built-in 3470 command, which allows the key bindings for the shell's line editor 3471 to be changed.</para> 3472 3473 <para>The &man.sh.1; built-in <command>export</command> and 3474 <command>readonly</command> commands now support a 3475 <option>-p</option> flag to print their output in 3476 <quote>portable</quote> format. &merged;</para> 3477 3478 <para>&man.sh.1; no longer accepts invalid constructs as 3479 <command><replaceable>command</replaceable> & && 3480 <replaceable>command</replaceable></command>, <command>&& 3481 <replaceable>command</replaceable></command>, or <command>|| 3482 <replaceable>command</replaceable></command>. &merged;</para> 3483 3484 <para role="historic">&man.sockstat.1; now has <option>-c</option> and 3485 <option>-l</option> flags for listing connected and listening 3486 sockets, respectively. &merged;</para> 3487 3488 <para>&man.spkrtest.8; is now a &man.sh.1; script, rather than a 3489 Perl script.</para> 3490 3491 <para role="historic">&man.split.1; now has the ability to split a file longer 3492 than 2GB. &merged;</para> 3493 3494 <para>&man.split.1; now supports a <option>-a</option> option to 3495 specify the number of letters to use for the suffix of split 3496 files. &merged;</para> 3497 3498 <para>In preparation for meeting SUSv2/POSIX 3499 <filename><sys/select.h></filename> requirements, 3500 <literal>struct selinfo</literal> and related functions have been 3501 moved to <filename><sys/selinfo.h></filename>.</para> 3502 3503 <para role="historic">The &man.strnstr.3; and &man.strcasestr.3; variants of 3504 &man.strstr.3; have been implemented. &merged;</para> 3505 3506 <para role="historic">&man.stty.1; now has support for an 3507 <literal>erase2</literal> control character, so that, for 3508 example, both the <keycap>Delete</keycap> and 3509 <keycap>Backspace</keycap> keys can be used to erase 3510 characters. &merged;</para> 3511 3512 <para>&man.su.1; now uses <application>PAM</application> for 3513 authentication.</para> 3514 3515 <para>The &man.swapoff.8; command has been added to disable paging 3516 and swapping on a device. A related &man.swapctl.8; command has 3517 been added to provide an interface to &man.swapon.8; and 3518 &man.swapoff.8; similar to other BSDs. 3519 3520 <note> 3521 <para>The &man.swapoff.8; feature should be considered 3522 experimental.</para> 3523 </note> 3524 </para> 3525 3526 <para role="historic">Boot-time &man.syscons.4; configuration was moved to a 3527 machine-independent 3528 <filename>/etc/rc.syscons</filename>. &merged;</para> 3529 3530 <para role="historic">&man.sysctl.8; now supports a <option>-N</option> option to 3531 print out variable names only. &merged;</para> 3532 3533 <para role="historic">&man.sysctl.8; has replaced the <option>-A</option> and 3534 <option>-X</option> options with <option>-ao</option> and 3535 <option>-ax</option> respectively; the former options are now 3536 deprecated. The <option>-w</option> option is deprecated as 3537 well; it is not needed to determine the user's 3538 intentions. &merged;</para> 3539 3540 <para role="historic">&man.sysctl.8; now supports a <option>-e</option> option to 3541 separate variable names and values by <literal>=</literal> 3542 rather than <literal>:</literal>. This feature is useful for 3543 producing output that can be fed back to 3544 &man.sysctl.8;. &merged;</para> 3545 3546 <para>&man.sysctl.8; now accepts a <option>-d</option> flag to print 3547 the descriptions of variables.</para> 3548 3549 <para role="historic">&man.sysinstall.8; now properly preserves 3550 <filename>/etc/mail</filename> during a binary 3551 upgrade. &merged;</para> 3552 3553 <para role="historic">&man.sysinstall.8; now uses some more intuitive defaults 3554 thanks to some new dialog support functions. &merged;</para> 3555 3556 <para>The default root partition in &man.sysinstall.8; is now 3557 100MB on the i386 and pc98, 120MB on the Alpha.</para> 3558 3559 <para>&man.sysinstall.8; now lives in 3560 <filename>/usr/sbin</filename>, which simplifies the 3561 installation process. The &man.sysinstall.8; manpage is also 3562 installed in a more consistent fashion now.</para> 3563 3564 <para role="historic">&man.sysinstall.8; now has the ability to load KLDs as a 3565 part of the installation. &merged;</para> 3566 3567 <para role="historic">When run from the installation media, &man.sysinstall.8; 3568 will automatically load any device drivers found in the 3569 <filename>/stand/modules</filename> directory of the 3570 <literal>mfsroot</literal> floppy or filesystem image. Note 3571 that any drivers so loaded will not appear in the kernel's boot 3572 messages; the &man.sysinstall.8; debugging screen will provide 3573 additional information. &merged;</para> 3574 3575 <para role="historic">&man.sysinstall.8; now enables Soft Updates by default on 3576 all filesystems it creates, except for the root 3577 filesystem. &merged;</para> 3578 3579 <para role="historic">&man.sysinstall.8; has received updates for its 3580 <quote>auto</quote> partitioning mode which provide more 3581 reasonable defaults for the sizes of partitions that are 3582 created; auto-sized partitions can now also recover the space 3583 that becomes available when other partitions are 3584 deleted. &merged;</para> 3585 3586 <para>&man.sysinstall.8; no longer mounts the &man.procfs.5; 3587 filesystem by default on new installs. This change was made to 3588 improve security, but &man.procfs.5; can still be mounted 3589 manually or via an appropriate line in the &man.fstab.5; 3590 file.</para> 3591 3592 <para role="historic">&man.sysinstall.8; now has rudimentary support for 3593 retrieving packages from the correct volume of a multiple-volume 3594 installation (such as a multi-CD distribution). &merged;</para> 3595 3596 <para role="historic">&man.syslogd.8; can take a <option>-n</option> option to 3597 disable DNS queries for every request. &merged;</para> 3598 3599 <para role="historic">&man.syslogd.8; now supports a 3600 <literal>LOG_CONSOLE</literal> facility (disabled by default), 3601 which can be used to log <filename>/dev/console</filename> 3602 output. &merged;</para> 3603 3604 <para role="historic">&man.syslogd.8; now has the ability to bind to a specific 3605 address (as opposed to using every available one) via the 3606 <option>-b</option> option. &merged;</para> 3607 3608 <para role="historic">&man.syslogd.8; now accepts a <option>-c</option> flag to 3609 disable repeated line compression. &merged;</para> 3610 3611 <para>&man.tabs.1;, a utility to set terminal tab stops, has been 3612 added.</para> 3613 3614 <para role="historic">&man.tail.1; now has the ability to work on files longer 3615 than 2GB. &merged;</para> 3616 3617 <para role="historic">&man.tar.1; now supports the <varname>TAR_RSH</varname> 3618 variable, principally to enable the use of &man.ssh.1; as a 3619 transport. &merged;</para> 3620 3621 <para role="historic">&man.telnet.1; now does autologin and encryption by default; 3622 a new <option>-y</option> option turns off encryption. &merged;</para> 3623 3624 <para role="historic">&man.telnet.1; now supports a <option>-u</option> flag to 3625 allow connections to UNIX-domain (<literal>AF_UNIX</literal>) 3626 sockets. &merged;</para> 3627 3628 <para>The &man.termcap.5; database now uses the 3629 <literal>xterm</literal> terminal type from 3630 <application>XFree86</application>. As a result, &man.xterm.1; 3631 now supports color by default and the common workaround of 3632 setting <varname>TERM</varname> to <literal>xterm-color</literal> 3633 is no longer necessary. Use of the 3634 <literal>xterm-color</literal> terminal type may result in 3635 (benign) warnings from applications.</para> 3636 3637 <para role="historic">&man.tftp.1; and &man.tftpd.8; now support IPv6. &merged;</para> 3638 3639 <para role="historic">&man.tftpd.8; now takes the <option>-c</option> and 3640 <option>-C</option> options, which allow the server to 3641 &man.chroot.2; based on the IP address of the connecting client. 3642 &man.tftp.1; and &man.tftpd.8; can now transfer files larger 3643 than 65535 blocks. &merged;</para> 3644 3645 <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval 3646 and Transfer Size Options); this feature is required by some 3647 firmware like EFI boot managers (at least on HP i2000 Itanium 3648 servers) in order to boot an image using 3649 <application>TFTP</application>.</para> 3650 3651 <para arch="alpha">&man.timed.8; now works on the alpha.</para> 3652 3653 <para>A version of Transport Independent RPC 3654 (<application>TI-RPC</application>) has been imported.</para> 3655 3656 <para role="historic">&man.tmpnam.3; will now use the <envar>TMPDIR</envar> 3657 environment variable, if set, to specify the location of 3658 temporary files. &merged;</para> 3659 3660 <para>&man.tip.1; has been updated from 3661 <application>OpenBSD</application>, and has the ability to act 3662 as a &man.cu.1; substitute.</para> 3663 3664 <para>&man.top.1; will now use the full width of its tty.</para> 3665 3666 <para>&man.touch.1; now takes a <option>-h</option> option to 3667 operate on a symbolic link, rather than what the link points 3668 to.</para> 3669 3670 <para>&man.tr.1; now has basic support for equivalence classes 3671 for locales that support them. &merged;</para> 3672 3673 <para>&man.tr.1; now supports a <option>-C</option> flag to 3674 complement the set of characters specified by the first string 3675 argument.</para> 3676 3677 <para role="historic">The &man.truncate.1; utility, which truncates or extends the 3678 length of files, has been added. &merged;</para> 3679 3680 <para>&man.tunefs.8; now supports the <option>-a</option> and 3681 <option>-l</option> flags to enable and disable the 3682 <literal>FS_ACLS</literal> and <literal>FS_MULTILABEL</literal> 3683 administrative flags on UFS file system.</para> 3684 3685 <para>A &man.ugidfw.8; utility has been added to manage the 3686 rulesets provided by the <literal>mac_bsdextended</literal> 3687 Mandatory Access Control policy, similar to &man.ipfw.8;.</para> 3688 3689 <para role="historic">Ukrainian language support has been added to the &os; 3690 console. &merged;</para> 3691 3692 <para><application>UUCP</application> has been removed from the 3693 base system. It can be found in the Ports Collection, in 3694 <filename role="package">net/freebsd-uucp</filename>.</para> 3695 3696 <para>&man.unexpand.1; now supports a <option>-t</option> to 3697 specify tabstops analogous to &man.expand.1;. &merged;</para> 3698 3699 <para role="historic">&man.units.1; has received some updates and 3700 bugfixes. &merged;</para> 3701 3702 <para>&man.usbdevs.8; now supports a <option>-d</option> flag to 3703 show the device driver associated with each device.</para> 3704 3705 <para role="historic">The &man.usbhidctl.1; utility has been added to manipulate 3706 USB Human Interface Devices. &merged;</para> 3707 3708 <para role="historic">&man.uuencode.1; and &man.uudecode.1; now accept a <option>-o</option> option to 3709 set their output files. &man.uuencode.1; can now be made to do base64 encoding 3710 when given the <option>-m</option> flag, while &man.uudecode.1; 3711 can now automatically decode base64 files. &merged;</para> 3712 3713 <para>The base64 capabilities of &man.uuencode.1; and 3714 &man.uudecode.1; can now be automatically enabled by invoking 3715 these utilities as &man.b64encode.1; and &man.b64decode.1; 3716 respectively. &merged;</para> 3717 3718 <para>Functions to implement and manipulate OSF/DCE 1.1-compliant 3719 UUIDs have been added to <filename>libc</filename>. More 3720 information can be found in &man.uuid.3;.</para> 3721 3722 <para>The &man.uuidgen.1; utility has been added. It uses the new 3723 &man.uuidgen.2; system call to generate one or more Universally 3724 Unique Identifiers compatible with OSF/DCE 1.1 version 1 3725 UUIDs.</para> 3726 3727 <para role="historic">&man.vidcontrol.1; now accepts a <option>-g</option> 3728 parameter to select custom text geometry in the 3729 <literal>VESA_800x600</literal> raster text mode. &merged;</para> 3730 3731 <para role="historic">&man.vidcontrol.1; now allows the user to omit the font size 3732 specification when loading a font, and has some better 3733 error-handling. &merged;</para> 3734 3735 <para role="historic">&man.vidcontrol.1; now supports a <option>-p</option> option 3736 to take a snapshot of a &man.syscons.4; video buffer. These 3737 snapshots can be manipulated by the 3738 <filename role="package">graphics/scr2png</filename> utility in 3739 the Ports Collection. &merged;</para> 3740 3741 <para role="historic">&man.vidcontrol.1; now supports a <option>-C</option> option 3742 to clear the history buffer for a given tty, as well as a 3743 <option>-h</option> option to set the size of the history 3744 buffer. &merged;</para> 3745 3746 <para>&man.vidcontrol.1; now accepts a <option>-S</option> to 3747 allow the user to disable VTY switching. &merged;</para> 3748 3749 <para>The default stripe size in &man.vinum.8; has been changed 3750 from 256KB to 279KB, to spread out superblocks more evenly 3751 between stripes.</para> 3752 3753 <para role="historic">&man.wall.1; now supports a <option>-g</option> flag to 3754 write a message to all users of a given group. &merged;</para> 3755 3756 <para role="historic">&man.watch.8; now takes a <option>-f</option> option to 3757 specify a &man.snp.4; device to use. &merged;</para> 3758 3759 <para>&man.wc.1; now supports a <option>-m</option> flag to 3760 count characters, rather than bytes.</para> 3761 3762 <para>&man.whereis.1;, formerly a Perl script, has been 3763 rewritten in C. It now supports a <option>-x</option> flag to 3764 suppress the run of &man.locate.1;, and a <option>-q</option> 3765 flag suppresses the leading name of the query.</para> 3766 3767 <para>&man.whereis.1; now supports a <option>-a</option> flag 3768 to report all matches instead of only the first of each 3769 requested type.</para> 3770 3771 <para>&man.which.1; is now a C program, rather than a Perl 3772 script.</para> 3773 3774 <para>&man.who.1; now has a number of new options: 3775 <option>-H</option> shows column headings; <option>-T</option> 3776 shows &man.mesg.1; state; <option>-m</option> is an equivalent 3777 to <option>am i</option>; <option>-u</option> shows idle time; 3778 <option>-q</option> to list names in columns. &merged;</para> 3779 3780 <para role="historic">&man.whois.1; now directs queries for IP addresses to ARIN. 3781 If a query to ARIN references APNIC or RIPE, the appropriate 3782 server will also be queried, provided that the 3783 <option>-Q</option> option is not specified. &merged;</para> 3784 3785 <para role="historic">&man.whois.1; supports a <option>-c</option> option to 3786 specify a country code to help direct queries towards a 3787 particular whois server. &merged;</para> 3788 3789 <para>&man.wicontrol.8; now supports a <option>-l</option> to list 3790 the stations associated in <literal>hostap</literal> mode and a 3791 <option>-L</option> to list available access points.</para> 3792 3793 <para>&man.xargs.1; now supports a <option>-I</option> 3794 <replaceable>replstr</replaceable> option that allows the user 3795 to tell &man.xargs.1; to insert the data read from standard 3796 input at specific points in the command line arguments rather 3797 than at the end. (A &os;-specific <option>-J</option> option is 3798 similar.) &merged;</para> 3799 3800 <para>&man.xargs.1; now supports a <option>-L</option> option to 3801 force its utility argument to be called after some number of 3802 lines. &merged;</para> 3803 3804 <para>&man.xargs.1; now supports a <option>-P</option> option to 3805 execute multiple copies of the same utility in parallel.</para> 3806 3807 <para role="historic">The compiler chain now uses the FSF-supplied C/C++ runtime 3808 initialization code. This change brings about better 3809 compatibility with code generated from the various egcs and gcc 3810 ports, as well as the stock public FSF source. &merged;</para> 3811 3812 <para role="historic">The threads library has gained some signal handling changes, 3813 bug fixes, and performance enhancements (including zero system 3814 call thread switching). &man.gdb.1; thread support has been 3815 updated to match these changes. &merged;</para> 3816 3817 <para role="historic">Significant additions have been made to internationalization 3818 support; &os; now has complete locale support for the 3819 <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, 3820 and <literal>LC_MESSAGES</literal> categories. A number of 3821 applications have been updated to take advantage of this 3822 support. &merged;</para> 3823 3824 <para role="historic">Locale names have been changed to improve compatibility with 3825 the names used by X11R6, as well as a number of other UNIX 3826 versions. As an example, the 3827 <literal>en_US.ISO_8859-1</literal> locale name has been changed 3828 to 3829 <literal>en_US.ISO8859-1</literal>. Entries in 3830 <filename>/etc/locale.alias</filename> provide backward 3831 compatibility. &merged;</para> 3832 3833 <para>Various routines in the C library now have support for 3834 <quote>wide</quote> characters. Among these are 3835 character class functions such as &man.wctype.3;, wide character 3836 I/O functions such as &man.getwc.3;, formatted I/O functions 3837 such as &man.wprintf.3; and &man.wscanf.3;. Conversion 3838 functions to &man.multibyte.3; characters are also supported.</para> 3839 3840 <para role="historic"><filename>/usr/src/share/examples/BSD_daemon/</filename> now 3841 contains a scalable Beastie graphic. &merged;</para> 3842 3843 <para role="historic">As part of an ongoing process, many manual pages were 3844 improved, both in terms of their formatting markup and in their 3845 content. &merged;</para> 3846 3847 <para>A number of utilities and libraries were enhanced to improve 3848 their conformance with the Single UNIX Specification (SUSv3) and 3849 IEEE Std 1003.1-2001 (<quote>POSIX.1</quote>). Specific 3850 features added have been listed in the release notes for each 3851 utility. The standards conformance of each utility or library 3852 function is generally listed in its manual page.</para> 3853 3854 <para>A number of traditional BSD games have been removed from the base system; 3855 they are now available in the <filename 3856 role="package">games/freebsd-games</filename> port. 3857 These include: adventure(6), arithmetic(6), atc(6), 3858 backgammon(6), battlestar(6), bs(6), canfield(6), cribbage(6), 3859 fish(6), hack(6), hangman(6), larn(6), mille(6), phantasia(6), 3860 piano(6), pig(6), quiz(6), rain(6), robots(6), rogue(6), 3861 sail(6), snake(6), trek(6), wargames(6), worm(6), worms(6), and 3862 wump(6). dm(8), which was used to control access to games, is 3863 no longer necessary, and has also been removed. The 3864 <quote>utility-like</quote> games, as well as &man.fortune.6;, 3865 remain.</para> 3866 3867 <sect3> 3868 <title>Contributed Software</title> 3869 3870 <para><application>am-utils</application> has been updated to 3871 6.0.7.</para> 3872 3873 <para>A 13 December 2002 snapshot of <application>awk</application> from Bell Labs (variously 3874 known as <quote>BWK awk</quote> or <quote>The One True 3875 AWK</quote>) has been imported. It is available as 3876 <command>awk</command> or 3877 <command>nawk</command>.</para> 3878 3879 <para role="historic"><application>bc</application> has been updated from 1.04 to 3880 1.06. &merged;</para> 3881 3882 <para role="historic">The ISC library from the <application>BIND</application> 3883 distribution is now built as 3884 <filename>libisc</filename>. &merged;</para> 3885 3886 <para role="historic"><application>BIND</application> is now built with the 3887 <literal>NOADDITIONAL</literal> flag, which causes 3888 &man.named.8; to operate in a more consistent fashion for 3889 certain common misconfigurations. &merged;</para> 3890 3891 <para><application>BIND</application> has been updated to 3892 8.3.3. &merged;</para> 3893 3894 <para><application>Binutils</application> has been updated to 3895 a pre-release snapshot of 2.13.2 from 27 October 2002.</para> 3896 3897 <para role="historic"><application>bzip2</application> 1.0.2 has been imported; 3898 this brings the &man.bzip2.1; program and the 3899 <filename>libbz2</filename> library to the base 3900 system. &merged;</para> 3901 3902 <para>All of the <application>bzip2</application> suite of 3903 applications is now installed in the base system (in 3904 particular, <command>bzip2recover</command> is now built and 3905 installed. &merged;</para> 3906 3907 <para role="historic">The &man.ee.1; <application>Easy Editor</application> has 3908 been updated to 1.4.2. &merged;</para> 3909 3910 <para><application>file</application> has been updated to 3911 3.39.</para> 3912 3913 <para><application>gcc</application> has been updated to 3914 <application>gcc</application> 3.2.1 (released version). 3915 <warning> 3916 <para>The C++ ABI from <application>gcc</application> 3917 3.2.1 is not compatible with 3918 previous versions.</para> 3919 </warning> 3920 </para> 3921 3922 <para role="historic">&man.gcc.1; now uses a unified <filename>libgcc</filename> 3923 rather than a separate one for threaded and non-threaded 3924 programs. <filename>/usr/lib/libgcc_r.a</filename> can be 3925 removed. &merged;</para> 3926 3927 <para role="historic">&man.gcc.1; now supports the environment variable 3928 <envar>GCC_OPTIONS</envar>, which can hold a set of default 3929 options for <application>GCC</application>. &merged;</para> 3930 3931 <para><application>gdb</application> has been updated to version 3932 5.2.1.</para> 3933 3934 <para role="historic"><application>GNATS</application> has been updated to 3935 3.113. &merged;</para> 3936 3937 <para><application>gperf</application> has been updated to 3938 2.7.2.</para> 3939 3940 <para><application>groff</application> and its related utilities 3941 have been updated to FSF version 1.18.1.</para> 3942 3943 <para><application>Heimdal Kerberos</application> has been updated to 3944 0.5.1. &merged;</para> 3945 3946 <para role="historic">The version of <application>IPFilter</application> 3947 provided with &os; now includes the &man.ipfs.8; program, 3948 which allows state information created for NAT entries and 3949 stateful rules to be saved to disk and restored after a 3950 reboot. Boot-time configuration of these features is 3951 supported by &man.rc.conf.5;. &merged;</para> 3952 3953 <para>The <application>ISC DHCP</application> client has been 3954 updated to 3.0.1RC9.</para> 3955 3956 <para role="historic"><application>Kerberos IV</application> has been updated to 3957 1.0.5. &merged;</para> 3958 3959 <para>The &man.more.1; command has been replaced by 3960 &man.less.1;, although it can still be run as 3961 <command>more</command>. &merged; Version 371 of 3962 <application>less</application> has been imported.</para> 3963 3964 <para>An XML processing library, named 3965 <filename>libbsdxml</filename>, has been added for the benefit 3966 of XML-using utilities in the base system. It is based almost 3967 entirely on an import of <application>expat</application> 3968 1.95.5, but is installed under a different name to avoid 3969 conflicts with any versions of 3970 <application>expat</application> installed from the Ports 3971 Collection.</para> 3972 3973 <para><application>libpcap</application> has been updated to 3974 0.7.1. &merged;</para> 3975 3976 <para><application>libreadline</application> has been updated to 3977 4.2.</para> 3978 3979 <para><application>libz</application> has been updated to 3980 1.1.4.</para> 3981 3982 <para><application>lint</application> has been updated to 3983 snapshot of NetBSD &man.lint.1; as of 19 July 2002.</para> 3984 3985 <para><application>lukemftp</application> 1.6 beta 2 (the FTP client from 3986 NetBSD) has replaced the &os; &man.ftp.1; program. Among its 3987 new features are more automation methods, better standards 3988 compliance, transfer rate throttling, and a customizable 3989 command-line prompt. Some environment variables and 3990 command-line arguments have changed.</para> 3991 3992 <para>&man.m4.1; has been imported from OpenBSD, as of 26 April 3993 2002. &merged;</para> 3994 3995 <para><application>ncurses</application> has been updated to 3996 5.2-20020615.</para> 3997 3998 <para>The <application>NTP</application> suite of programs has 3999 been updated to 4.1.1b.</para> 4000 4001 <para><application>OpenPAM</application> 4002 (<quote>Daffodil</quote> release) has been imported, 4003 replacing 4004 <application>Linux-PAM</application>.</para> 4005 4006 <para>The <application>OPIE</application> one-time-password 4007 suite has been updated to 2.4. It has completely 4008 replaced the functionality of 4009 <application>S/Key</application>. &merged;</para> 4010 4011 <para><application>Perl</application> has been removed from the 4012 &os; base system. It can be installed from the &os; 4013 Ports Collection, as a binary package, or via the <guimenuitem>Perl 4014 distribution</guimenuitem> item in &man.sysinstall.8;'s 4015 distribution menu. 4016 Moving Perl out of the 4017 base system will make future upgrades and maintenence easier. 4018 To reduce the dependence of the base system on 4019 Perl, many utilities have been 4020 rewritten as shell scripts or C programs (specific notes are 4021 made for each affected utility). 4022 4023 <note> 4024 <para>The Perl script removal work is ongoing.</para> 4025 </note> 4026 4027 <note> 4028 <para>Most of the distribution sets in &man.sysinstall.8; 4029 include the new Perl distribution. This change will 4030 therefore be transparent to most users, with the exception 4031 that updating Perl will be done separately from the base 4032 system.</para> 4033 </note> 4034 4035 </para> 4036 4037 <para><application>GNU ptx</application> has been removed from 4038 the base system. It is not used anywhere in the base system, 4039 and has not been recently updated or maintained. Users 4040 requiring its functionality can install this utility as a part 4041 of the <filename role="package">textproc/textutils</filename> 4042 port.</para> 4043 4044 <para>The <literal>rc.d</literal> framework from NetBSD has been 4045 imported. It breaks down the system startup functionality 4046 into a number of small, <quote>task-oriented</quote> scripts 4047 in <filename>/etc/rc.d</filename>, with dynamic-determined 4048 ordering of startup scripts performed at boot-time.</para> 4049 4050 <para role="historic">&man.routed.8; has been updated to version 4051 2.22. &merged;</para> 4052 4053 <para arch="i386,pc98">Version 1.4.5 of the 4054 <application>smbfs</application> userland utilities has been 4055 imported. &merged;</para> 4056 4057 <para><application>GNU sort</application> has been updated to 4058 the version from <application>GNU textutils 4059 2.0.21</application>.</para> 4060 4061 <para>&man.stat.1; from <application>NetBSD</application>, as of 4062 5 June 2002 has, been imported.</para> 4063 4064 <para><application>GNU tar</application> has been updated to 4065 1.13.25. &merged;</para> 4066 4067 <para><application>tcpdump</application> has been updated to 4068 3.7.1. &merged;</para> 4069 4070 <para>The &man.csh.1; shell has been replaced by &man.tcsh.1;, 4071 although it can still be run as <command>csh</command>. 4072 <application>tcsh</application> has been updated to version 4073 6.12. &merged;</para> 4074 4075 <para>The contributed version of 4076 <application>tcp_wrappers</application> now includes the 4077 &man.tcpd.8; helper daemon. While not strictly necessary in a 4078 standard &os; installation (because &man.inetd.8; already 4079 incorporates this functionality), this may be useful for 4080 &man.inetd.8; replacements such as 4081 <application>xinetd</application>. &merged;</para> 4082 4083 <para><application>texinfo</application> has been updated to 4084 4.2. &merged;</para> 4085 4086 <para><application>top</application> has been updated to version 4087 3.5b12. &merged;</para> 4088 4089 <para><application>traceroute</application> has been updated to 4090 LBL version 1.4a12.</para> 4091 4092 <para role="historic">&man.traceroute.8; now takes its default maximum TTL value 4093 from the <varname>net.inet.ip.ttl</varname> sysctl 4094 variable. &merged;</para> 4095 4096 <para>The timezone database has been updated to the 4097 <filename>tzdata2002d</filename> release. &merged;</para> 4098 4099 <sect4> 4100 <title>CVS</title> 4101 4102 <para><application>cvs</application> has been updated to 4103 a snapshot of 1.11.2.1, as of 1 December 2002. &merged;</para> 4104 4105 <para role="historic">The default value for &man.cvs.1;'s 4106 <envar>CVS_RSH</envar> variable is now 4107 <literal>ssh</literal>, rather than 4108 <literal>rsh</literal>. &merged;</para> 4109 4110 <para role="historic">&man.cvs.1; now supports a <option>-T</option> option to 4111 update a sandbox's <filename>CVS/Template</filename> file 4112 from the repository. &merged;</para> 4113 4114 <para role="historic">&man.cvs.1; <literal>diff</literal> now supports the 4115 <option>-j</option> option to perform differences against a 4116 revision relative to a branch tag. &merged;</para> 4117 </sect4> 4118 4119 <sect4> 4120 <title>CVSup</title> 4121 4122 <para role="historic"><application>CVSup</application>, a frequently used 4123 utility in the &os; Ports Collection, was formerly 4124 installable using several ports and packages. The 4125 <filename role="package">net/cvsup-bin</filename> and 4126 <filename role="package">net/cvsupd-bin</filename> 4127 ports/packages are no longer necessary or available; the 4128 <filename role="package">net/cvsup</filename> port should be 4129 used instead. &merged;</para> 4130 4131 <para role="historic"><application>CVSup</application> has been updated to 4132 16.1_3, which is available in the &os; Ports Collection as 4133 <filename role="package">net/cvsup</filename>. This update 4134 fixes a long-standing (but only recently encountered) bug 4135 which affects the timestamps on all files after Sun Sep 9 4136 01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX 4137 epoch). &merged;</para> 4138 </sect4> 4139 4140 <sect4 id="kame-userland"> 4141 <title>KAME</title> 4142 4143 <para role="historic">The IPv6 stack is now based on a snapshot based on the 4144 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of 4145 the items listed in this section are a result of this 4146 import. 4147 <xref linkend="kame-kernel"> lists kernel updates to the 4148 KAME IPv6 stack. &merged;</para> 4149 4150 <para role="historic">&man.faithd.8; now supports a configuration file for 4151 access control. &merged;</para> 4152 4153 <para role="historic">&man.ifconfig.8; can now perform the functions of 4154 gifconfig(8). &merged;</para> 4155 4156 <para role="historic">&man.ifconfig.8; can now perform the functions of 4157 prefix(8). &merged;</para> 4158 4159 <para role="historic">&man.ndp.8; now implements garbage collection for stale 4160 NDP entries, as described in RFC 2461 (Neighbor Discovery 4161 for IP Version 6 (IPv6)). &merged;</para> 4162 4163 <para role="historic">pim6dd(8) and pim6sd(8) have been removed due 4164 to restrictive licensing conditions. These programs are 4165 available in the ports collection as 4166 <filename role="package">net/pim6dd</filename> and 4167 <filename role="package">net/pim6sd</filename>. &merged;</para> 4168 4169 <para role="historic">&man.route6d.8; now supports an <option>-n</option> flag 4170 to avoid updating the kernel forwarding 4171 table. &merged;</para> 4172 4173 <para role="historic">The <option>-R</option> (router renumbering) option to 4174 &man.rtadvd.8; is currently ignored. &merged;</para> 4175 </sect4> 4176 4177 <sect4> 4178 <title>OpenSSH</title> 4179 4180 <para role="historic"><application>OpenSSH</application> has been updated to 4181 2.9, which provides support for the SSH2 protocol (now the 4182 default) and DSA keys. &man.ssh-add.1; and 4183 &man.ssh-agent.1; can now handle DSA keys, with support for 4184 authentication forwarding. 4185 <application>OpenSSH</application> users in the USA no 4186 longer need to rely on the restrictively-licensed RSAREF 4187 toolkit which is required to handle RSA keys. Among other 4188 new features: A client and server for &man.sftp.1; has been added. 4189 &man.scp.1; can now handle files larger than 2 GBytes. A 4190 limit on the number of outstanding, unauthenticated 4191 connections in &man.sshd.8; has been added. Support has 4192 been added for the Rijndael encryption algorithm. Rekeying 4193 of existing sessions is now supported, and an experimental 4194 <application>SOCKS4</application> proxy has been added to 4195 &man.ssh.1;. &merged;</para> 4196 4197 <para><application>OpenSSH</application> has been updated to 4198 version 3.4p1. &merged; Among the changes: 4199 <itemizedlist> 4200 <listitem> 4201 <para>The <filename>*2</filename> files are obsolete 4202 (for example, 4203 <filename>~/.ssh/known_hosts</filename> can hold the 4204 contents of 4205 <filename>~/.ssh/known_hosts2</filename>).</para> 4206 </listitem> 4207 <listitem> 4208 <para>&man.ssh-keygen.1; can import and export keys using 4209 the SECSH Public Key File Format, for key exchange 4210 with several commercial SSH implementations.</para> 4211 </listitem> 4212 <listitem> 4213 <para>&man.ssh-add.1; now adds all three default keys.</para> 4214 </listitem> 4215 <listitem> 4216 <para>&man.ssh-keygen.1; no longer defaults to a 4217 specific key type; one must be specified with the 4218 <option>-t</option> option.</para> 4219 </listitem> 4220 <listitem> 4221 <para>A <quote>privilege separation</quote> feature, 4222 which uses unprivileged processes to contain and 4223 restrict the effects of future compromises or 4224 programming errors.</para> 4225 </listitem> 4226 4227 <listitem> 4228 <para>Several bugfixes, including closure of a 4229 security hole that could lead to an integer overflow 4230 and undesired privilege escalation.</para> 4231 </listitem> 4232 </itemizedlist> 4233 </para> 4234 4235 <para role="historic"><application>OpenSSH</application> can now authenticate 4236 using <application>OPIE</application> passwords. &merged;</para> 4237 4238 <para role="historic"><application>PAM</application> support for 4239 <application>OpenSSH</application> has been added. &merged;</para> 4240 4241 <para role="historic">A long-standing bug in 4242 <application>OpenSSH</application>, which sometimes resulted 4243 in a dropped session when an X11-forwarded client was 4244 closed, was fixed. &merged;</para> 4245 4246 <para role="historic"><application>Kerberos</application> compatibility has 4247 been added to 4248 <application>OpenSSH</application>. &merged;</para> 4249 4250 <para role="historic"><application>OpenSSH</application> has been modified to 4251 be more resistant to traffic analysis by requiring that 4252 <quote>non-echoed</quote> characters are still echoed back 4253 in a null packet, as well as by padding passwords sent so as 4254 not to hint at password lengths. &merged;</para> 4255 4256 <para role="historic">&man.sshd.8; is now enabled by default on new 4257 installs. &merged;</para> 4258 4259 <para role="historic">&man.sshd.8; <literal>X11Forwarding</literal> is now 4260 turned on by default on the server (any risk is to the 4261 client, where it is already disabled by 4262 default). &merged;</para> 4263 4264 <para role="historic">In <filename>/etc/ssh/sshd_config</filename>, the 4265 <literal>ConnectionsPerPeriod</literal> parameter has been 4266 deprecated in favor of 4267 <literal>MaxStartups</literal>. &merged;</para> 4268 4269 <para role="historic"><application>OpenSSH</application> now has a 4270 <literal>VersionAddendum</literal> configuration setting for 4271 &man.sshd.8; to allow changing the part of the 4272 <application>OpenSSH</application> version string after the 4273 main version number. &merged;</para> 4274 </sect4> 4275 4276 <sect4> 4277 <title>OpenSSL</title> 4278 4279 <para><application>OpenSSL</application> has been updated to 4280 0.9.6g. &merged;</para> 4281 4282 <para role="historic"><application>OpenSSL</application> now has support for 4283 machine-dependent ASM optimizations, activated by the new 4284 <varname>MACHINE_CPU</varname> and/or 4285 <varname>CPUTYPE</varname> 4286 <filename>make.conf</filename> variables. &merged;</para> 4287 </sect4> 4288 4289 <sect4> 4290 <title>sendmail</title> 4291 4292 <para><application>sendmail</application> has been updated 4293 from version 8.9.3 to version 8.12.6. Important changes 4294 include: &man.sendmail.8; is no longer installed as a 4295 set-user-ID <username>root</username> binary (now set-group-ID <groupname>smmsp</groupname>); new 4296 default file locations (see 4297 <filename>/usr/src/contrib/sendmail/cf/README</filename>); 4298 &man.newaliases.1; is limited to <username>root</username> 4299 and trusted users; STARTTLS encryption; and the MSA port 4300 (587) is turned on by default. See 4301 <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> 4302 for more information. &merged;</para> 4303 4304 <para role="historic">&man.mail.local.8; is no longer installed as a 4305 set-user-ID binary. If you are using a 4306 <filename>/etc/mail/sendmail.cf</filename> from the default 4307 <filename>sendmail.cf</filename> included with &os; any time 4308 after 3.1.0, you are fine. If you are using a 4309 hand-configured <filename>sendmail.cf</filename> and 4310 <command>mail.local</command> for delivery, check to make sure the 4311 <literal>F=S</literal> flag is set on the 4312 <literal>Mlocal</literal> line. Those with 4313 <filename>.mc</filename> files who need to add the flag can 4314 do so by adding the following line to their 4315 <filename>.mc</filename> file and regenerating the 4316 <filename>sendmail.cf</filename> file:</para> 4317 4318 <programlisting role="historic">MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting> 4319 4320 <para role="historic">Note that <literal>FEATURE(`local_lmtp')</literal> already 4321 does this. &merged;</para> 4322 4323 <para role="historic">The default <filename>/etc/mail/sendmail.cf</filename> 4324 disables the SMTP <literal>EXPN</literal> and 4325 <literal>VRFY</literal> commands. &merged;</para> 4326 4327 <para role="historic">&man.vacation.1; has been updated to use the version 4328 included with <application>sendmail</application>. &merged;</para> 4329 4330 <para role="historic">The <application>sendmail</application> configuration 4331 building tools are installed in 4332 <filename>/usr/share/sendmail/cf/</filename>. &merged;</para> 4333 4334 <para role="historic">New <filename>make.conf</filename> options: 4335 <varname>SENDMAIL_MC</varname> and 4336 <varname>SENDMAIL_ADDITIONAL_MC</varname>. See 4337 <filename>/usr/share/examples/etc/make.conf</filename> for more 4338 information. &merged;</para> 4339 4340 <para role="historic"><filename>/etc/mail/Makefile</filename> now supports: 4341 the new <varname>SENDMAIL_MC</varname> 4342 <filename>make.conf</filename> option; the ability to build 4343 <filename>.cf</filename> files from 4344 <filename>.mc</filename> files; generalized map rebuilding; 4345 rebuilding the aliases file; and the ability to stop, start, 4346 and restart 4347 <application>sendmail</application>. &merged;</para> 4348 4349 <para role="historic">The <username>smmsp</username> and 4350 <username>mailnull</username> users have been added to 4351 <filename>/etc/master.passwd</filename>. In the absence of a 4352 <literal>confDEF_USER_ID</literal> setting, by default, 4353 <application>sendmail</application> will use the 4354 <username>mailnull</username> user for extra security. 4355 Previously, if the <username>mailnull</username> user did 4356 not exist, the <username>daemon</username> user was used. 4357 This change may generate some permissions issues when 4358 mailing to files or to programs (such as <filename 4359 role="package">mail/majordomo</filename>). &merged; The 4360 previous behavior can be restored by adding the following 4361 line to a system's 4362 <filename><replaceable>*</replaceable>.mc</filename> 4363 configuration file: 4364 4365 <programlisting>define(`confDEF_USER_ID', `daemon')</programlisting> 4366 </para> 4367 4368 <para role="historic">Beginning with the import of 4369 <application>sendmail</application> 8.12.2, multiple 4370 <application>sendmail</application> daemons (some required 4371 to handle outgoing mail) are started by &man.rc.8;, even if 4372 the <varname>sendmail_enable</varname> variable is set to 4373 <literal>NO</literal>. To completely disable 4374 <application>sendmail</application>, 4375 <varname>sendmail_enable</varname> must be set to 4376 <literal>NONE</literal>. Alternatively, for systems using a 4377 different MTA, the <varname>mta_start_script</varname> variable can 4378 be used to point to a different startup script (more details 4379 can be found in &man.rc.sendmail.8;). &merged;</para> 4380 4381 <para>By default, &man.rc.8; no longer enables 4382 <application>sendmail</application> for inbound SMTP 4383 connections. Note that &man.sysinstall.8; may override this 4384 default for a binary installation, based on what security 4385 profile is selected. This functionality can also be 4386 manually enabled by adding the following line to 4387 <filename>/etc/rc.conf</filename>:</para> 4388 4389 <programlisting>sendmail_enable="YES"</programlisting> 4390 4391 <para>The permissions for <application>sendmail</application> 4392 alias and map databases built via 4393 <filename>/etc/mail/Makefile</filename> now default to mode 4394 0640 to protect against a file locking local denial of service. 4395 It can be changed by setting the new 4396 <varname>SENDMAIL_MAP_PERMS</varname> 4397 <filename>make.conf</filename> option. &merged;</para> 4398 4399 <para>The permissions for the <application>sendmail</application> 4400 statistics file, <filename>/var/log/sendmail.st</filename>, have 4401 been changed from mode 0644 to mode 0640 to protect against 4402 a file locking local denial of service. &merged;</para> 4403 4404 </sect4> 4405 </sect3> 4406 4407 <sect3> 4408 <title>Ports/Packages Collection Infrastructure</title> 4409 4410 <para><application>BSDPAN</application>, a collection of modules 4411 that provides tighter integration of 4412 <application>Perl</application> into the &os; Ports 4413 Collection, has been added.</para> 4414 4415 <para role="historic">&man.pkg.create.1; and &man.pkg.add.1; can now work with 4416 packages that have been compressed using 4417 &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT 4418 environment variable to determine a mirror site for new 4419 packages. &merged;</para> 4420 4421 <para role="historic">&man.pkg.create.1; now records dependencies in dependency 4422 order rather than in the order specified on the command line. 4423 This improves the functioning of <command>pkg_add 4424 -r</command>. &merged;</para> 4425 4426 <para role="historic">&man.pkg.create.1; now supports a <option>-b</option> to 4427 create a package file from a locally-installed 4428 package. &merged;</para> 4429 4430 <para role="historic">When requested to delete multiple packages, 4431 &man.pkg.delete.1; will now attempt to remove them in 4432 dependency order rather than the order specified on the 4433 command line. &merged;</para> 4434 4435 <para role="historic">&man.pkg.delete.1; now can perform glob/regexp matching of 4436 package names. In addition, it supports a <option>-a</option> 4437 option for removing all packages and a <option>-i</option> 4438 option for &man.rm.1;-style interactive 4439 confirmation. &merged;</para> 4440 4441 <para role="historic">&man.pkg.delete.1; now supports a <option>-r</option> 4442 option for recursive package removal. &merged;</para> 4443 4444 <para role="historic">&man.pkg.info.1; now supports globbing against names of 4445 installed packages. The <option>-G</option> option disables 4446 this behavior, and the <option>-x</option> option causes 4447 regular expression matching instead of shell 4448 globbing. &merged;</para> 4449 4450 <para role="historic">&man.pkg.info.1; can now accept a <option>-g</option> flag 4451 for verifying an installed package against its recorded 4452 checksums (to see if it's been modified post-installation). 4453 Naturally, this mechanism is only as secure as the contents of 4454 <filename>/var/db/pkg</filename> if it's to be used for auditing 4455 purposes. &merged;</para> 4456 4457 <para role="historic">&man.pkg.sign.1; and &man.pkg.check.1; have been added to 4458 digitally sign and verify the signatures on binary package 4459 files. &merged;</para> 4460 4461 <para>For some time, &os; 5.0-CURRENT (as well as some 4.X 4462 releases) included a pkg_update(1) utility to update installed 4463 packages, as well as their dependencies. This utility has 4464 been removed; a superset of its functionality can be found in 4465 the <filename role="package">sysutils/portupgrade</filename> 4466 port.</para> 4467 4468 <para role="historic">&man.pkg.version.1; now has a version number comparison 4469 routine that corresponds to the Porters Handbook. It also has 4470 a <option>-t</option> option for testing address comparisons. 4471 &merged;</para> 4472 4473 <para role="historic">&man.pkg.version.1; now takes a <option>-s</option> flag 4474 to limit its operation to ports/packages matching a given 4475 string. &merged;</para> 4476 4477 <para>&man.pkg.version.1;, formerly a Perl script, has been 4478 rewritten in C. The <option>-c</option>, frequently misused, 4479 has been removed. The <filename 4480 role="package">sysutils/portupgrade</filename> port provides a 4481 supported and safer alternative.</para> 4482 4483 <para role="historic">Version numbers of installed packages have a new 4484 (backward-compatible) syntax, which supports the 4485 <varname>PORTREVISION</varname> and 4486 <varname>PORTEPOCH</varname> variables in Ports Collection 4487 <filename>Makefile</filename>s. These changes help keep track 4488 of changes in the ports collection entries such as security 4489 patches or &os;-specific updates, which aren't reflected in 4490 the original, third-party software distributions. 4491 &man.pkg.version.1; can now compare these new-style version 4492 numbers. &merged;</para> 4493 4494 <para role="historic">To improve performance and disk utilization, the 4495 <quote>ports skeletons</quote> in the &os; Ports Collection 4496 have been restructured. Installed ports and packages should 4497 not be affected. &merged;</para> 4498 4499 <para role="historic">All packages and ports now contain an 4500 <quote>origin</quote> directive, which makes it easier for 4501 programs such as &man.pkg.version.1; to determine the 4502 directory from which a package was built. &merged;</para> 4503 4504 <para>The Ports Collection infrastructure now uses 4505 <application>XFree86</application> 4.2.1 as the default version 4506 of the X Window System for the purposes of satisfying 4507 dependencies. To return to using 4508 <application>XFree86</application> 3.3.6, add the following line 4509 to <filename>/etc/make.conf</filename>: &merged;</para> 4510 4511 <programlisting>XFREE86_VERSION=3</programlisting> 4512 4513 <para>The libraries installed by the <filename 4514 role="package">emulators/linux_base</filename> port (required 4515 for Linux emulation) have been updated; they now correspond to 4516 those included with <application>Red Hat Linux</application> 4517 7.1. &merged;</para> 4518 4519 <para>By default, packages generated by the Ports Collection (as 4520 well as the packages on the FTP sites) are now compressed 4521 using &man.bzip2.1;, rather than &man.gzip.1;. (Thus, they 4522 now have a <filename>.tbz</filename> extension, rather than a 4523 <filename>.tgz</filename> extension.) The package 4524 tools have been updated to handle the new format.</para> 4525 4526 <para>The Ports Collection now maintains a separate index file 4527 (<filename>/usr/ports/INDEX-5</filename>) for use with &os; 4528 &release.branch;. A major motivation for a separate index 4529 file is to cope with dependencies (such as <filename 4530 role="package">lang/perl5</filename>) that exist in &os; 4531 &release.branch; but not &os; 4-STABLE. The index file for 4532 each package set is still called 4533 <filename>INDEX</filename>.</para> 4534 4535 </sect3> 4536 </sect2> 4537 4538 <sect2> 4539 <title>Release Engineering and Integration</title> 4540 4541 <para>The <filename>bin</filename> distribution has been renamed 4542 <filename>base</filename>, in order to make creation of combined 4543 install/recovery disks easier.</para> 4544 4545 <para arch="i386">ISO images and CDROMs now use the 4546 <filename>cdboot</filename> boot loader by default. This 4547 eliminates the need for an emulated floppy disk image on 4548 a bootable CDROM and allows for a full 4549 <filename>GENERIC</filename> kernel to be used for CDROM 4550 installations, at the expense of compatability with some old 4551 BIOSs.</para> 4552 4553 <para arch="i386,pc98,alpha" role="historic"><application>XFree86</application> 4.2.0 4554 is now the default version of the X Window System supported by 4555 &man.sysinstall.8;. It installs 4556 <application>XFree86</application> as a set of standard binary 4557 packages, so the usual package utilities such as 4558 &man.pkg.info.1; can be used to examine/manipulate its 4559 components. &merged;</para> 4560 4561 <para>It is now possible to make releases of &os; 4562 5-CURRENT on a &os; 4-STABLE host and vice versa. Cross-architecture 4563 (building a release for a target architecture on a host of a 4564 different architecture) releases are also possible. See 4565 &man.release.7; for details. &merged;</para> 4566 4567 <para>A third <filename>drivers.flp</filename> floppy has been 4568 added to floppy releases. It holds loadable modules 4569 containing drivers that do not fit in the kernel on the 4570 <filename>kern.flp</filename> disk or in the 4571 <filename>mfsroot.flp</filename> image.</para> 4572 </sect2> 4573 4574 <sect2> 4575 <title>Documentation</title> 4576 4577 <para>A number of formerly-encumbered documents from the 4.4 BSD 4578 Programmer's Supplementary Documents have been restored to 4579 <filename>/usr/share/doc/psd</filename>. These include:</para> 4580 4581 <itemizedlist> 4582 <listitem> 4583 <para><emphasis>The UNIX Time-Sharing System</emphasis> 4584 (<filename>01.cacm</filename>)</para> 4585 </listitem> 4586 4587 <listitem> 4588 <para><emphasis>UNIX Implementation</emphasis> 4589 (<filename>02.implement</filename>)</para> 4590 </listitem> 4591 4592 <listitem> 4593 <para><emphasis>The UNIX I/O System</emphasis> 4594 (<filename>03.iosys</filename>)</para> 4595 </listitem> 4596 4597 <listitem> 4598 <para><emphasis>UNIX Programming — Second Edition</emphasis> 4599 (<filename>04.uprog</filename>)</para> 4600 </listitem> 4601 4602 <listitem> 4603 <para><emphasis>The C Programming Language — Reference Manual</emphasis> 4604 (<filename>06.Clang</filename>)</para> 4605 </listitem> 4606 4607 <listitem> 4608 <para><emphasis>Yacc: Yet Another Compiler-Compiler</emphasis> 4609 (<filename>15.yacc</filename>)</para> 4610 </listitem> 4611 4612 <listitem> 4613 <para><emphasis>Lex — A Lexical Analyzer Generator</emphasis> 4614 (<filename>16.lex</filename>)</para> 4615 </listitem> 4616 4617 <listitem> 4618 <para><emphasis>The M4 Macro Processor</emphasis> 4619 (<filename>17.m4</filename>)</para> 4620 </listitem> 4621 </itemizedlist> 4622 4623 <para>Several formerly-encumbered documents from the 4.4 BSD 4624 User's Supplementary Documents have been restored to 4625 <filename>/usr/share/doc/usd</filename>. They include:</para> 4626 4627 <itemizedlist> 4628 <listitem> 4629 <para><emphasis>NROFF/TROFF User's Manual</emphasis> 4630 (<filename>21.troff</filename>)</para> 4631 </listitem> 4632 4633 <listitem> 4634 <para><emphasis>A TROFF Tutorial</emphasis> 4635 (<filename>22.trofftut</filename>)</para> 4636 </listitem> 4637 </itemizedlist> 4638 </sect2> 4639 4640</sect1> 4641 4642<sect1> 4643 <title>Upgrading from previous releases of &os;</title> 4644 4645 <para>Users with existing &os; systems are 4646 <emphasis>highly</emphasis> encouraged to read the <quote>Early 4647 Adopter's Guide to &os; 5.0</quote>. This document generally has 4648 the filename <filename>EARLY.TXT</filename> on the distribution 4649 media, or any other place that the release notes can be found. It 4650 offers some notes on upgrading, but more importantly, also 4651 discusses some of the relative merits of upgrading to &os; 4652 5.<replaceable>X</replaceable> versus running &os; 4653 4.<replaceable>X</replaceable>.</para> 4654 4655 <important> 4656 <para>Upgrading &os; should, of course, only be attempted after 4657 backing up <emphasis>all</emphasis> data and configuration 4658 files.</para> 4659 </important> 4660</sect1> 4661