article.xml revision 111974
1<articleinfo> 2 <title>&os;/&arch; &release.current; Release Notes</title> 3 4 <corpauthor>The FreeBSD Project</corpauthor> 5 6 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 111974 2003-03-08 00:27:34Z bmah $</pubdate> 7 8 <copyright> 9 <year>2000</year> 10 <year>2001</year> 11 <year>2002</year> 12 <year>2003</year> 13 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 14 </copyright> 15 16 <abstract> 17 <para>The release notes for &os; &release.current; contain a summary 18 of 19<![ %include.historic; [ 20 the changes made to the &os; base system since &release.prev;. 21]]> 22<![ %no.include.historic; [ 23 recent changes made to the &os; base system on the &release.branch; 24 development branch. 25]]> 26 Both changes for kernel and userland are listed, as well as 27 applicable security advisories that were issued since the last 28 release. Some brief remarks on upgrading are also presented.</para> 29 </abstract> 30</articleinfo> 31 32<sect1 id="intro"> 33 <title>Introduction</title> 34 35 <para>This document contains the release notes for &os; 36 &release.current; on the &arch.print; hardware platform. It 37 describes recently added, changed, or deleted features of &os;. 38 It also provides some notes on upgrading 39 from previous versions of &os;.</para> 40 41<![ %release.type.snapshot [ 42 43 <para>The &release.type; distribution to which these release notes 44 apply represents a point along the &release.branch; development 45 branch between &release.prev; and the future &release.next;. Some 46 pre-built, binary &release.type; distributions along this branch 47 can be found at <ulink url="&release.url;"></ulink>.</para> 48 49]]> 50 51<![ %release.type.release [ 52 53 <para>This distribution of &os; &release.current; is a 54 &release.type; distribution. It can be found at <ulink 55 url="&release.url;"></ulink> or any of its mirrors. More 56 information on obtaining this (or other) &release.type; 57 distributions of &os; can be found in the <ulink 58 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining 59 FreeBSD</quote> appendix</ulink> to the <ulink 60 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 61 Handbook</ulink>.</para> 62 63]]> 64</sect1> 65 66<sect1 id="new"> 67 <title>What's New</title> 68 69 <para>This section describes 70<![ %include.historic; [ 71 the most user-visible new or changed features in &os; 72 since &release.prev;. 73 In general, changes described here are unique to the &release.branch; 74 branch unless specifically marked as &merged; features. 75]]> 76<![ %no.include.historic; [ 77 many of the user-visible new or changed features in &os; 78 since &release.prev;. It includes items that are unique to the 79 &release.branch; branch, as well as some features that may have been 80 recently merged to 81 other branches (after &os; &release.prev.historic;). The later 82 items are marked as &merged;. 83]]> 84 </para> 85 86 <para>Typical release note items 87 document new drivers or hardware support, new commands or options, 88 major bugfixes, or contributed software upgrades. Applicable security 89 advisories issued after &release.prev.historic; are also listed.</para> 90 91 <para>Many additional changes were made to &os; that are not listed 92 here for lack of space. For example, documentation was corrected 93 and improved, minor bugs were fixed, insecure coding practices 94 were audited and corrected, and source code was cleaned up.</para> 95 96 <sect2 id="security"> 97 <title>Security Advisories</title> 98 99 <para>A remotely exploitable vulnerability in 100 <application>CVS</application> has been corrected with the 101 import of version 1.11.5. More details can be found in security 102 advisory <ulink 103 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc">FreeBSD-SA-03:01</ulink>. 104 &merged;</para> 105 106 <para>A timing-based attack on <application>OpenSSL</application>, 107 which could allow a very powerful attacker access to plaintext 108 under certain circumstances, has been prevented via an upgrade 109 to <application>OpenSSL</application> 0.9.7. See security 110 advisory <ulink 111 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc">FreeBSD-SA-03:02</ulink> 112 for more details. &merged;</para> 113 114 <para>The security and performance of the 115 <quote>syncookies</quote> feature has been improved to increase 116 the resistance of a &os; host to SYN flood denial-of-service 117 attacks. More details are given in security advisory <ulink 118 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc">FreeBSD-SA-03:03</ulink>. &merged;</para> 119 120 <para>A remotely-exploitable buffer overflow vulnerability in 121 <application>sendmail</application> has been fixed by updating 122 <application>sendmail</application> to version 8.12.8. For more 123 details, see security advisory <ulink 124 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc">FreeBSD-SA-03:04</ulink>. 125 &merged;</para> 126 127 </sect2> 128 129 <sect2 id="kernel"> 130 <title>Kernel Changes</title> 131 132 <para arch="pc98">Support for the CanBe power management 133 controller has been added. &merged;</para> 134 135 <para>&man.devfs.5; is now mandatory; the 136 <literal>NODEVFS</literal> option has been removed from the set of 137 possible kernel configuration options.</para> 138 139 <para>A minor bug in the permissions handling of 140 <filename>/dev/tty</filename> has been fixed. As a result, 141 &man.ssh.1; can now be used after &man.su.1;.</para> 142 143 <para>A bug that caused &man.fstat.2; to return 144 <literal>0</literal> as the number of bytes available to read 145 from a TCP socket has been fixed.</para> 146 147 <para>A bug that caused &man.kqueue.2; to report 148 <literal>0</literal> as the number of bytes available to read 149 from a TCP socket has been fixed. The 150 <literal>NOTE_LOWAT</literal> flag for 151 <literal>EVFILT_READ</literal> has been fixed.</para> 152 153 <para>Linux emulation mode now supports IPv6.</para> 154 155 <!-- Above this line, sort kernel changes by manpage/keyword--> 156 157 <para>A second process scheduler, designed to be a general purpose 158 scheduler with many SMP benefits, has been added to the scheduler 159 framework. Exactly one scheduler must be specified in a kernel 160 configuration. The original scheduler may be selected using 161 <literal>options SCHED_4BSD</literal>. The newer 162 (experimental) scheduler can be selected by using 163 <literal>options SCHED_ULE</literal>.</para> 164 165 <sect3> 166 <title>Processor/Motherboard Support</title> 167 168 <para arch="i386">&os; now has rudimentary support for 169 HyperThreading (HTT). SMP kernels with the 170 <literal>HTT</literal> kernel option will detect and start up 171 the logical processors on HTT-capable machines. The logical 172 processors will be treated like additional physical processors 173 for the purposes of process scheduling. &merged;</para> 174 175 </sect3> 176 177 <sect3> 178 <title>Bootloader Changes</title> 179 180 <para arch="alpha">The alpha boot loader 181 (<filename>boot1</filename>) can now be called 182 <filename>boot</filename> for consistency with other 183 platforms.</para> 184 185 <para arch="i386,pc98">The two parts of the boot loader 186 (<filename>boot1</filename> and <filename>boot2</filename>) 187 have been combined into a single <filename>boot</filename> 188 file, to simplify programs that need to write or otherwise 189 manipulate the boot loader.</para> 190 191 <para arch="pc98">The PC98 bootloader now has support for 192 booting from SCSI MO media. &merged;</para> 193 194 <para>The <filename>/modules</filename> directory (once the 195 default location for modules on &os; 4.X) is no longer a 196 part of the default <varname>kern.module_path</varname>. 197 Third-party modules should be placed in 198 <filename>/boot/modules</filename>. 199 200 <note> 201 <para>Modules designed for use with &os; 4.X are likely to 202 panic and should be used with extreme caution).</para> 203 </note> 204 </para> 205 206 <!-- Above this line, order bootloader changes by keyword--> 207 208 </sect3> 209 210 <sect3> 211 <title>Network Interface Support</title> 212 213 <para>The cm driver now supports IPX. &merged;</para> 214 215 <para>A new wlan module provides 802.11 link-layer support. The 216 &man.wi.4; driver now uses this facility.</para> 217 218 <para arch="i386,alpha,pc98,sparc64">A timing bug in the 219 &man.xl.4; driver, which could cause a kernel panic (or other 220 problems) when configuring an interface, has been 221 fixed.</para> 222 223 </sect3> 224 225 <sect3> 226 <title>Network Protocols</title> 227 228 <para>&man.ipfw.4; <literal>skipto</literal> rules can once 229 again be used with the <literal>log</literal> keyword. 230 &man.ipfw.4; <literal>uid</literal> rules are once again 231 working.</para> 232 233 <para>It is now possible to build the 234 <literal>FAST_IPSEC</literal> and <literal>INET6</literal> 235 options into the same kernel. (They still cannot be used 236 together, however.)</para> 237 238 <para>A bug in TCP NewReno, which caused premature exit from 239 fast recovery when NewReno was enabled, has been 240 fixed. &merged;</para> 241 242 <para>TCP connections in the <literal>TIME_WAIT</literal> state 243 now use a special protocol control block that uses less space 244 than a full-blown TCP PCB. This allows some of the data 245 structures and resources used by such a connection to be freed 246 earlier.</para> 247 248 <para>It is now possible to specify the range of 249 <quote>privileged ports</quote> (TCP and UDP ports that 250 require superuser access to &man.bind.2; to). The range is 251 now specified with the 252 <varname>net.inet.ip.portrange.reservedlow</varname> and 253 <varname>net.inet.ip.portrange.reservedhigh</varname> sysctl 254 variables, defaulting to the traditional UNIX behavior. This 255 feature is intended to help network servers bind 256 to traditionally privileged ports without requiring superuser 257 access. &man.ip.4; has more details.</para> 258 259 <para>Some bugs in the non-blocking RPC code has been fixed. As 260 a result, &man.amd.8; users are now able to mount volumes from 261 a &release.current; server.</para> 262 263 <para>Support for XNS networking, which has not worked 264 correctly for almost seven years, has been removed.</para> 265 266 </sect3> 267 268 <sect3> 269 <title>Disks and Storage</title> 270 271 <para>The &man.aac.4; driver now runs free of the Giant kernel 272 lock. This change has given a nearly 20% performance speedup 273 on an SMP system running multiple I/O intensive loads.</para> 274 275 <para>The &man.ata.4; driver now supports all known SiS 276 chipsets. (More details can be found in the Hardware 277 Notes.)</para> 278 279 <para>A number of changes have been made to the &man.cd.4; 280 driver. The primary user-visible change is improved 281 compatability with ATAPI/USB/Firewire CDROM drives.</para> 282 283 <para>&man.geom.4; is now mandatory; the 284 <literal>NO_GEOM</literal> has been removed from the set of 285 kernel configuration options.</para> 286 287 <para>A bug in the &man.mly.4; driver that caused hangs has been 288 corrected.</para> 289 290 <para>Support has been added for volume labels on UFS and UFS2 291 filesystems. These labels are strings that can be used to 292 identify a volume, regardless of what device it appears on. 293 Labels can be set with the <option>-L</option> options to 294 &man.newfs.8; or &man.tunefs.8;. With the 295 <literal>GEOM_VOL</literal> module, volumes can be accessed 296 using their labels under <filename>/dev/vol</filename>.</para> 297 298 <para>The root filesystem can now be located on a &man.vinum.4; 299 volume. More information can be found in the &man.vinum.4; 300 manual page.</para> 301 302 <para arch="pc98">The wfd and wst drivers, which have been 303 broken for some time, have been removed.</para> 304 305 </sect3> 306 307 <sect3> 308 <title>Filesystems</title> 309 310 <para>NETNCP and Netware Filesystem Support (nwfs) are once 311 again working.</para> 312 313 <para>Bugs that could cause the unmounting of a smbfs share to 314 fail or cause a kernel panic have been fixed.</para> 315 316 </sect3> 317 318 <sect3> 319 <title>PCCARD Support</title> 320 321 <para></para> 322 </sect3> 323 324 <sect3> 325 <title>Multimedia Support</title> 326 327 <para></para> 328 </sect3> 329 330 <sect3> 331 <title>Contributed Software</title> 332 333 <para><application>IPFilter</application> has been updated to 334 3.4.31. &merged;</para> 335 336 </sect3> 337 </sect2> 338 339 <sect2 id="userland"> 340 <title>Userland Changes</title> 341 342 <para>&man.adduser.8; now correctly handles setting user passwords 343 containing special shell characters.</para> 344 345 <para arch="alpha,i386">The <filename>compat4x</filename> 346 distribution now includes the 347 <filename>libcrypto.so.2</filename>, 348 <filename>libgmp.so.3</filename>, and 349 <filename>libssl.so.2</filename> libraries from &os; 350 4.7-RELEASE.</para> 351 352 <para>&man.config.8; now implements a <literal>nodevice</literal> 353 kernel configuration file directive that cancels the effect of a 354 <literal>device</literal> directive. The new 355 <literal>nooption</literal> and <literal>nomakeoption</literal> 356 directives cancel prior <literal>option</literal> and 357 <literal>makeoption</literal> directives, respectively.</para> 358 359 <para>The <option>-N</option> and <option>-W</option> flags to 360 &man.disklabel.8; have been retired.</para> 361 362 <para>&man.disklabel.8; is now only built for architectures where 363 it is useful (i386, pc98, alpha, and ia64).</para> 364 365 <para>The <option>-s</option> to &man.disklabel.8; has been 366 removed because the i386 boot loader now resides in a single 367 file.</para> 368 369 <para>&man.dump.8; now supports caching of disk blocks with the 370 <option>-C</option> option. This can improve dump performance 371 at the cost of possibly missing filesystem updates that occur 372 between passes.</para> 373 374 <para>&man.dumpfs.8; now supports a <option>-m</option> flag to 375 print file system parameters in the form of a &man.newfs.8; 376 command.</para> 377 378 <para>&man.elfdump.1;, a utility to display information about &man.elf.5; 379 format executable files, has been added.</para> 380 381 <para>&man.fetch.1; uses the <filename>.netrc</filename> support 382 in &man.fetch.3; and also supports a <option>-N</option> to 383 specify an alternate <filename>.netrc</filename> file.</para> 384 385 <para>&man.fetch.3; now has support for 386 <filename>.netrc</filename> files (see &man.ftp.1; for more 387 details).</para> 388 389 <para>&man.ftpd.8; now supports a <option>-h</option> option to 390 disable printing any host-specific information, such as the 391 &man.ftpd.8; version or hostname, in server messages. 392 &merged;</para> 393 394 <para>&man.ftpd.8; now supports a <option>-P</option> option to 395 specify a port on which to listen in daemon mode. The default 396 data port number is now set to be one less than the control port 397 number, rather than being hard-coded. &merged;</para> 398 399 <para>&man.ftpd.8; now supports an extended format of the 400 <filename>/etc/ftpchroot</filename> file. Please refer 401 to the &man.ftpchroot.5; manpage, which is now available, 402 for details. &merged;</para> 403 404 <para>&man.ftpd.8; now supports login directory pathnames 405 that specify simultaneously a directory for &man.chroot.2; 406 and that to change to in the chrooted environment. The 407 <literal>/./</literal> separator is used for 408 this purpose, like in other FTP daemons having this feature. 409 It may be used in both &man.ftpchroot.5; and &man.passwd.5;. 410 &merged;</para> 411 412 <para>&man.fwcontrol.8; now supports <option>-R</option> and 413 <option>-S</option> options for receiving and sending DV 414 streams. &merged;</para> 415 416 <para>&man.ipfw.8; now supports <literal>enable</literal> and 417 <literal>disable</literal> commands to control various aspects 418 of the operation of &man.ipfw.4; (including enabling and 419 disabling the firewall itself). These provide a more convenient 420 and visible interface than the existing sysctl 421 variables. &merged;</para> 422 423 <para>&man.kenv.1; has been moved from 424 <filename>/usr/bin</filename> to <filename>/bin</filename> to 425 make it available at times during system startup when only the 426 root filesystem is mounted.</para> 427 428 <para>The MAKEDEV script is now unnecessary, due to the mandatory 429 presence of &man.devfs.5;, and has been removed.</para> 430 431 <para>The &man.libgeom.3; library has been added to allow some 432 userland access to the &man.geom.4; subsystem.</para> 433 434 <para>The mac_portacl MAC policy module has been added. It 435 provides a simple ACL mechanism to permit users and groups to 436 bind ports for TCP or UDP, and is intended to be used in 437 conjunction with the recently-added 438 <varname>net.inet.ip.portrange.reservedhigh</varname> sysctl. 439 440 <para>The &man.mksnap.ffs.8; program has been added to allow 441 easier creation of FFS snapshots. It is a 442 SUID-<username>root</username> executable designed for use by 443 members of the <groupname>operator</groupname>group.</para> 444 445 <para>&man.mount.nfs.8; now supports a <option>-c</option> flag to 446 avoid doing a &man.connect.2; for UDP mount points. This option 447 must be used if the server does not reply to requests from the 448 standard NFS port number 2049 or if it replies to requests using 449 a different IP address (which can occur if the server is 450 multi-homed). Setting the 451 <varname>vfs.nfs.nfs_ip_paranoia</varname> sysctl to 452 <literal>0</literal> will make this option the 453 default. &merged;</para> 454 455 <para>&man.newsyslog.8; now supports a <literal>W</literal> flag 456 to force previously-started compression jobs for an entry (or 457 group of entries specified with the <literal>G</literal> flag) 458 to finish before beginning a new one. This feature is designed 459 to prevent system overloads caused by starting several 460 compression jobs on big files simultaneously. &merged;</para> 461 462 <para>&man.pam.ssh.8; has been rewritten. One side effect of the 463 rewrite is that it now starts a separate instance of 464 &man.ssh-agent.1; for each session instead of trying to connect 465 each session to the agent started by the first session.</para> 466 467 <para>&man.ping.8; now supports a <option>-D</option> flag to set 468 the <quote>Don't Fragment</quote> bit on outgoing packets.</para> 469 470 <para>&man.ping.8; now supports a <option>-M</option> option to use 471 ICMP mask request or timestamp request messages instead of ICMP echo requests.</para> 472 473 <para>&man.ping.8; now supports a <option>-z</option> flag to set 474 the Type of Service bits in outgoing packets.</para> 475 476 <para>&man.pw.8; can now add a user whose name ends with a 477 <literal>$</literal> character; this change is intended to help 478 administration of <application>Samba</application> 479 services. &merged;</para> 480 481 <para>A bug in &man.rand.3; that could cause a sequence to remain 482 stuck at <literal>0</literal> has been fixed. (&man.rand.3; 483 remains unsuitable for all but trivial uses.)</para> 484 485 <para>&man.sem.open.3; now correctly handles multiple opens of the 486 same semaphore; as a result, &man.sem.close.3; no longer crashes 487 calling programs.</para> 488 489 <para>The seeding algorithm used by &man.srandom.3; has been 490 strengthened.</para> 491 492 <para arch="sparc64">The sunlabel utility, a program analogous to 493 &man.disklabel.8; that works on Sun disk labels, has been 494 added.</para> 495 496 <para>The &man.swapoff.8; command has been added to disable paging 497 and swapping on a device. A related &man.swapctl.8; command has 498 been added to provide an interface to &man.swapon.8; and 499 &man.swapoff.8; similar to other BSDs. 500 501 <note> 502 <para>The &man.swapoff.8; feature should be considered 503 experimental.</para> 504 </note> 505 </para> 506 507 <para>&man.syslogd.8; now allows multiple hosts or programs to be 508 named in host or program specifications in &man.syslog.conf.5; 509 files.</para> 510 511 <para>&man.systat.1; now includes an <option>-ifstat</option> 512 display mode that displays the network traffic going through 513 active intrfaces on the system.</para> 514 515 <para>&man.xargs.1; now supports a <option>-P</option> option to 516 execute multiple copies of the same utility in parallel.</para> 517 518 <sect3> 519 <title>Contributed Software</title> 520 521 <para><application>awk</application> from Bell Labs has been 522 updated to a 13 December 2002 snapshot.</para> 523 524 <para><application>BIND</application> has been updated to 525 version 8.3.4. &merged;</para> 526 527 <para>All of the <application>bzip2</application> suite of 528 applications is now installed in the base system (in 529 particular, <command>bzip2recover</command> is now built and 530 installed. &merged;</para> 531 532 <para><application>CVS</application> has been updated to 533 1.11.5. &merged;</para> 534 535 <para><application>FILE</application> has been updated to 536 3.41.</para> 537 538 <para><application>GCC</application> has been updated to 539 3.2.2 (release version).</para> 540 541 <para>The <application>ISC DHCP</application> client has been 542 updated to 3.0.1RC11. &merged;</para> 543 544 <para><application>libpcap</application> now has support for 545 selecting among multiple data link types on an 546 interface.</para> 547 548 <para><application>OpenPAM</application> has been updated to the 549 <quote>Daffodil</quote> release.</para> 550 551 <para><application>OpenSSL</application> has been updated to 552 release 0.9.7a. Among other features, this release includes 553 support for AES and takes advantage of &man.crypto.4; 554 devices. &merged;</para> 555 556 <para><application>sendmail</application> has been updated to 557 version 8.12.8. &merged;</para> 558 559 <para>&man.tcpdump.1; has been updated to version 3.7.2. &merged; 560 It also now supports a <option>-L</option> flag to 561 list the data link types available on an interface and a 562 <option>-y</option> option to specify the data link type to use while 563 capturing packets.</para> 564 565 </sect3> 566 567 <sect3> 568 <title>Ports/Packages Collection Infrastructure</title> 569 570 <para>The one-line <filename>pkg-comment</filename> files have 571 been eliminated from each port skeleton; their contents have 572 been moved into each port's <filename>Makefile</filename>. 573 This change reduces the disk space and inodes used by the 574 ports tree. &merged;</para> 575 576 </sect3> 577 </sect2> 578 579 <sect2> 580 <title>Release Engineering and Integration</title> 581 582 <para>&man.sysinstall.8; once again supports installing individual 583 components of <application>XFree86</application>. Supporting 584 changes (not user-visible) generalize the concept of installing 585 parts of distributions as packages.</para> 586 587 </sect2> 588 589 <sect2> 590 <title>Documentation</title> 591 592 <para></para> 593 </sect2> 594 595</sect1> 596 597<sect1 id="upgrade"> 598 <title>Upgrading from previous releases of &os;</title> 599 600 <para>Users with existing &os; systems are 601 <emphasis>highly</emphasis> encouraged to read the <quote>Early 602 Adopter's Guide to &os; 5.0</quote>. This document generally has 603 the filename <filename>EARLY.TXT</filename> on the distribution 604 media, or any other place that the release notes can be found. It 605 offers some notes on upgrading, but more importantly, also 606 discusses some of the relative merits of upgrading to &os; 607 5.<replaceable>X</replaceable> versus running &os; 608 4.<replaceable>X</replaceable>.</para> 609 610 <important> 611 <para>Upgrading &os; should, of course, only be attempted after 612 backing up <emphasis>all</emphasis> data and configuration 613 files.</para> 614 </important> 615</sect1> 616