xref: /freebsd-11.0-release/release/doc/en_US.ISO8859-1/relnotes/article.xml

<articleinfo>
  <title>&os;/&arch; &release.current; Release Notes</title>

  <corpauthor>The FreeBSD Project</corpauthor>

  <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 112634 2003-03-25 20:18:37Z olgeni $</pubdate>

  <copyright>
    <year>2000</year>
    <year>2001</year>
    <year>2002</year>
    <year>2003</year>
    <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
  </copyright>

  <abstract>
    <para>The release notes for &os; &release.current; contain a summary
      of
<![ %include.historic; [
      the changes made to the &os; base system since &release.prev;.
]]>
<![ %no.include.historic; [
      recent changes made to the &os; base system on the &release.branch;
      development branch.
]]>
      Both changes for kernel and userland are listed, as well as
      applicable security advisories that were issued since the last
      release.  Some brief remarks on upgrading are also presented.</para>
  </abstract>
</articleinfo>

<sect1 id="intro">
  <title>Introduction</title>

  <para>This document contains the release notes for &os;
    &release.current; on the &arch.print; hardware platform.  It
    describes recently added, changed, or deleted features of &os;.
    It also provides some notes on upgrading
    from previous versions of &os;.</para>

<![ %release.type.snapshot [

  <para>The &release.type; distribution to which these release notes
    apply represents a point along the &release.branch; development
    branch between &release.prev; and the future &release.next;.  Some
    pre-built, binary &release.type; distributions along this branch
    can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.release [

  <para>This distribution of &os; &release.current; is a
    &release.type; distribution.  It can be found at <ulink
    url="&release.url;"></ulink> or any of its mirrors.  More
    information on obtaining this (or other) &release.type;
    distributions of &os; can be found in the <ulink
    url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining
    FreeBSD</quote> appendix</ulink> to the <ulink
    url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD
    Handbook</ulink>.</para>

]]>
</sect1>

<sect1 id="new">
  <title>What's New</title>

  <para>This section describes
<![ %include.historic; [
      the most user-visible new or changed features in &os;
      since &release.prev;.
      In general, changes described here are unique to the &release.branch;
      branch unless specifically marked as &merged; features.
]]>
<![ %no.include.historic; [
      many of the user-visible new or changed features in &os;
      since &release.prev;.  It includes items that are unique to the
      &release.branch; branch, as well as some features that may have been
      recently merged to
      other branches (after &os; &release.prev.historic;).  The later
      items are marked as &merged;.
]]>
  </para>

  <para>Typical release note items
    document new drivers or hardware support, new commands or options,
    major bugfixes, or contributed software upgrades.  Applicable security
    advisories issued after &release.prev.historic; are also listed.</para>

  <para>Many additional changes were made to &os; that are not listed
    here for lack of space.  For example, documentation was corrected
    and improved, minor bugs were fixed, insecure coding practices
    were audited and corrected, and source code was cleaned up.</para>

  <sect2 id="security">
    <title>Security Advisories</title>

    <para>A remotely exploitable vulnerability in
      <application>CVS</application> has been corrected with the
      import of version 1.11.5.  More details can be found in security
      advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc">FreeBSD-SA-03:01</ulink>.
      &merged;</para>

    <para>A timing-based attack on <application>OpenSSL</application>,
      which could allow a very powerful attacker access to plaintext
      under certain circumstances, has been prevented via an upgrade
      to <application>OpenSSL</application> 0.9.7.  See security
      advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc">FreeBSD-SA-03:02</ulink>
      for more details. &merged;</para>

    <para>The security and performance of the
      <quote>syncookies</quote> feature has been improved to decrease
      the chance of an attacker being able to spoof connections.
      More details are given in security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc">FreeBSD-SA-03:03</ulink>. &merged;</para>

    <para>A remotely-exploitable buffer overflow vulnerability in
      <application>sendmail</application> has been fixed by updating
      <application>sendmail</application> to version 8.12.8.  For more
      details, see security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc">FreeBSD-SA-03:04</ulink>.
      &merged;</para>

    <para>A bounds-checking bug in the XDR implementation, which could
      allow a remote attacker to cause a denial-of-service, has been
      fixed.  For more details see security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:05.xdr.asc">FreeBSD-SA-03:05</ulink>.
      &merged;</para>

    <para>Two recently-publicized flaws in
      <application>OpenSSL</application> have been corrected.  For
      more details, see security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:06.openssl.asc">FreeBSD-SA-03:06</ulink>.
      &merged;</para>

  </sect2>

  <sect2 id="kernel">
    <title>Kernel Changes</title>

    <para arch="pc98">Support for the CanBe power management
      controller has been added. &merged;</para>

    <para>&man.devfs.5; is now mandatory; the
      <literal>NODEVFS</literal> option has been removed from the set of
      possible kernel configuration options.</para>

    <para arch="i386,pc98">The DRM kernel modules have been updated to
      a snapshot from the DRI CVS repository, roughly equivalent to
      XFree86 4.3.0 but also including some additional
      bugfixes.</para>

    <para>A minor bug in the permissions handling of
      <filename>/dev/tty</filename> has been fixed.  As a result,
      &man.ssh.1; can now be used after &man.su.1;.</para>

    <para>A bug that caused &man.fstat.2; to return
      <literal>0</literal> as the number of bytes available to read
      from a TCP socket has been fixed.</para>

    <para>A bug that caused &man.kqueue.2; to report
      <literal>0</literal> as the number of bytes available to read
      from a TCP socket has been fixed.  The
      <literal>NOTE_LOWAT</literal> flag for
      <literal>EVFILT_READ</literal> has been fixed.</para>

    <para>Linux emulation mode now supports IPv6.</para>

    <!-- Above this line, sort kernel changes by manpage/keyword-->

    <para>A second process scheduler, designed to be a general purpose
      scheduler with many SMP benefits, has been added to the scheduler
      framework.  Exactly one scheduler must be specified in a kernel
      configuration.  The original scheduler may be selected using
      <literal>options&nbsp;SCHED_4BSD</literal>.  The newer
      (experimental) scheduler can be selected by using
      <literal>options&nbsp;SCHED_ULE</literal>.</para>

    <para>Device major numbers are now allocated dynamically by
      default.  This change greatly decreases the need for a static,
      centralized table of major number assignments to device drivers
      (a few drivers retain their old static major numbers for
      compatibility), and also reduces the possibility of running out
      of device major numbers.</para>

    <sect3>
      <title>Processor/Motherboard Support</title>

      <para arch="i386">&os; now has rudimentary support for
	HyperThreading (HTT).  SMP kernels with the
	<literal>HTT</literal> kernel option will detect and start up
	the logical processors on HTT-capable machines.  The logical
	processors will be treated like additional physical processors
	for the purposes of process scheduling. &merged;</para>

    </sect3>

    <sect3>
      <title>Bootloader Changes</title>

      <para arch="alpha">The alpha boot loader
        (<filename>boot1</filename>) can now be called
        <filename>boot</filename> for consistency with other
        platforms.</para>

      <para arch="i386,pc98">The two parts of the boot loader
        (<filename>boot1</filename> and <filename>boot2</filename>)
        have been combined into a single <filename>boot</filename>
        file, to simplify programs that need to write or otherwise
        manipulate the boot loader.</para>

      <para arch="pc98">The PC98 bootloader now has support for
        booting from SCSI MO media. &merged;</para>

      <para>The <filename>/modules</filename> directory (once the
        default location for modules on &os; 4.X) is no longer a
        part of the default <varname>kern.module_path</varname>.
        Third-party modules should be placed in
        <filename>/boot/modules</filename>.

	<note>
	  <para>Modules designed for use with &os; 4.X are likely to
	    panic and should be used with extreme caution.</para>
	</note>
      </para>

      <!-- Above this line, order bootloader changes by keyword-->

    </sect3>

    <sect3>
      <title>Network Interface Support</title>

      <para>The cm driver now supports IPX. &merged;</para>

      <para>A new wlan module provides 802.11 link-layer support.  The
	&man.wi.4; driver now uses this facility.</para>

      <para arch="i386,alpha,pc98,sparc64">A timing bug in the
	&man.xl.4; driver, which could cause a kernel panic (or other
	problems) when configuring an interface, has been
	fixed.</para>

    </sect3>

    <sect3>
      <title>Network Protocols</title>

      <para>&man.ipfw.4; <literal>skipto</literal> rules can once
        again be used with the <literal>log</literal> keyword.
	&man.ipfw.4; <literal>uid</literal> rules are once again
        working.</para>

      <para>It is now possible to build the
        <literal>FAST_IPSEC</literal> and <literal>INET6</literal>
        options into the same kernel.  (They still cannot be used
        together, however.)</para>

      <para>A bug in TCP NewReno, which caused premature exit from
	fast recovery when NewReno was enabled, has been
	fixed. &merged;</para>

      <para>TCP now has support for the <quote>Limited
	Transmit</quote> mechanism proposed by RFC 3042.  This feature
	is intended to improve the effectiveness of TCP loss recovery
	in certain circumstances.  It is off by default but can be
	enabled with the <varname>net.inet.tcp.rfc3042</varname>
	sysctl variable.  More information can be found in
	&man.tcp.4;.</para>

      <para>TCP now has support for increased initial congestion
	window sizes as described in RFC 3390.  This feature can
	improve the throughput of short transfers, as well as
	high-bandwidth, large propagation-delay connections.  It is
	off by default but can be enabled with the
	<varname>net.inet.tcp.rfc3390</varname> sysctl variable.  More
	information can be found in &man.tcp.4;.</para>

      <para>The IP fragment reassembly code behaves more gracefully
	when receiving a large number of packet fragments (it is
	designed to be more resistant to fragment-based denial of
	service attacks). &merged;</para>

      <para>TCP connections in the <literal>TIME_WAIT</literal> state
	now use a special protocol control block that uses less space
	than a full-blown TCP PCB.  This allows some of the data
	structures and resources used by such a connection to be freed
	earlier.</para>

      <para>It is now possible to specify the range of
        <quote>privileged ports</quote> (TCP and UDP ports that
        require superuser access to &man.bind.2; to).  The range is
        now specified with the
        <varname>net.inet.ip.portrange.reservedlow</varname> and
        <varname>net.inet.ip.portrange.reservedhigh</varname> sysctl
        variables, defaulting to the traditional UNIX behavior.  This
        feature is intended to help network servers bind
        to traditionally privileged ports without requiring superuser
        access.  &man.ip.4; has more details.</para>

      <para>Some bugs in the non-blocking RPC code has been fixed.  As
	a result, &man.amd.8; users are now able to mount volumes from
	a &release.current; server.</para>

      <para>Support for XNS networking, which has not worked
	correctly for almost seven years, has been removed.</para>

    </sect3>

    <sect3>
      <title>Disks and Storage</title>

      <para>The &man.aac.4; driver now runs free of the Giant kernel
        lock.  This change has given a nearly 20% performance speedup
        on an SMP system running multiple I/O intensive loads.</para>

      <para>The &man.ata.4; driver now supports all known SiS
	chipsets.  (More details can be found in the Hardware
	Notes.)</para>

      <para>A number of changes have been made to the &man.cd.4;
        driver.  The primary user-visible change is improved
        compatibility with ATAPI/USB/Firewire CDROM drives.</para>

      <para>&man.geom.4; is now mandatory; the
        <literal>NO_GEOM</literal> has been removed from the set of
        kernel configuration options.</para>

      <para>A bug in the &man.mly.4; driver that caused hangs has been
	corrected.</para>

      <para>Support has been added for volume labels on UFS and UFS2
        filesystems.  These labels are strings that can be used to
        identify a volume, regardless of what device it appears on.
        Labels can be set with the <option>-L</option> options to
        &man.newfs.8; or &man.tunefs.8;.  With the
        <literal>GEOM_VOL</literal> module, volumes can be accessed
        using their labels under <filename>/dev/vol</filename>.</para>

      <para>The root filesystem can now be located on a &man.vinum.4;
	volume.  More information can be found in the &man.vinum.4;
	manual page.</para>

      <para arch="pc98">The wfd and wst drivers, which have been
        broken for some time, have been removed.</para>

    </sect3>

    <sect3>
      <title>Filesystems</title>

      <para>NETNCP and Netware Filesystem Support (nwfs) are once
	again working.</para>

      <para>Bugs that could cause the unmounting of a smbfs share to
	fail or cause a kernel panic have been fixed.</para>

    </sect3>

    <sect3>
      <title>PCCARD Support</title>

      <para></para>
    </sect3>

    <sect3>
      <title>Multimedia Support</title>

      <para></para>
    </sect3>

    <sect3>
      <title>Contributed Software</title>

      <para><application>IPFilter</application> has been updated to
	3.4.31. &merged;</para>

    </sect3>
  </sect2>

  <sect2 id="userland">
    <title>Userland Changes</title>

    <para>&man.adduser.8; now correctly handles setting user passwords
      containing special shell characters.</para>

    <para arch="alpha,i386">The <filename>compat4x</filename>
      distribution now includes the
      <filename>libcrypto.so.2</filename>,
      <filename>libgmp.so.3</filename>, and
      <filename>libssl.so.2</filename> libraries from &os;
      4.7-RELEASE.</para>

    <para>&man.config.8; now implements a <literal>nodevice</literal>
      kernel configuration file directive that cancels the effect of a
      <literal>device</literal> directive.  The new
      <literal>nooption</literal> and <literal>nomakeoption</literal>
      directives cancel prior <literal>option</literal> and
      <literal>makeoption</literal> directives, respectively.</para>

    <para>The <option>-N</option> and <option>-W</option> flags to
      &man.disklabel.8; have been retired.</para>

    <para>&man.disklabel.8; is now only built for architectures where
      it is useful (i386, pc98, alpha, and ia64).</para>

    <para>The <option>-s</option> to &man.disklabel.8; has been
      removed because the i386 boot loader now resides in a single
      file.</para>

    <para>&man.dump.8; now supports caching of disk blocks with the
      <option>-C</option> option.  This can improve dump performance
      at the cost of possibly missing filesystem updates that occur
      between passes.</para>

    <para>&man.dumpfs.8; now supports a <option>-m</option> flag to
      print file system parameters in the form of a &man.newfs.8;
      command.</para>

    <para>&man.elfdump.1;, a utility to display information about &man.elf.5;
      format executable files, has been added.</para>

    <para>&man.fetch.1; uses the <filename>.netrc</filename> support
      in &man.fetch.3; and also supports a <option>-N</option> to
      specify an alternate <filename>.netrc</filename> file.</para>

    <para>&man.fetch.3; now has support for
      <filename>.netrc</filename> files (see &man.ftp.1; for more
      details).</para>

    <para>&man.ftpd.8; now supports a <option>-h</option> option to
      disable printing any host-specific information, such as the
      &man.ftpd.8; version or hostname, in server messages.
      &merged;</para>

    <para>&man.ftpd.8; now supports a <option>-P</option> option to
      specify a port on which to listen in daemon mode.  The default
      data port number is now set to be one less than the control port
      number, rather than being hard-coded. &merged;</para>

    <para>&man.ftpd.8; now supports an extended format of the
      <filename>/etc/ftpchroot</filename> file.  Please refer
      to the &man.ftpchroot.5; manpage, which is now available,
      for details. &merged;</para>

    <para>&man.ftpd.8; now supports login directory pathnames
      that specify simultaneously a directory for &man.chroot.2;
      and that to change to in the chrooted environment.  The
      <literal>/./</literal> separator is used for
      this purpose, like in other FTP daemons having this feature.
      It may be used in both &man.ftpchroot.5; and &man.passwd.5;.
      &merged;</para>

    <para>&man.fwcontrol.8; now supports <option>-R</option> and
      <option>-S</option> options for receiving and sending DV
      streams. &merged;</para>

    <para>&man.ipfw.8; now supports <literal>enable</literal> and
      <literal>disable</literal> commands to control various aspects
      of the operation of &man.ipfw.4; (including enabling and
      disabling the firewall itself).  These provide a more convenient
      and visible interface than the existing sysctl
      variables. &merged;</para>

    <para>&man.kenv.1; has been moved from
      <filename>/usr/bin</filename> to <filename>/bin</filename> to
      make it available at times during system startup when only the
      root filesystem is mounted.</para>

    <para>The MAKEDEV script is now unnecessary, due to the mandatory
      presence of &man.devfs.5;, and has been removed.</para>

    <para>The &man.libgeom.3; library has been added to allow some
      userland access to the &man.geom.4; subsystem.</para>

    <para>The mac_portacl MAC policy module has been added.  It
      provides a simple ACL mechanism to permit users and groups to
      bind ports for TCP or UDP, and is intended to be used in
      conjunction with the recently-added
      <varname>net.inet.ip.portrange.reservedhigh</varname> sysctl.</para>

    <para>The &man.mksnap.ffs.8; program has been added to allow
      easier creation of FFS snapshots.  It is a
      SUID-<username>root</username> executable designed for use by
      members of the <groupname>operator</groupname>group.</para>

    <para>&man.mount.nfs.8; now supports a <option>-c</option> flag to
      avoid doing a &man.connect.2; for UDP mount points.  This option
      must be used if the server does not reply to requests from the
      standard NFS port number 2049 or if it replies to requests using
      a different IP address (which can occur if the server is
      multi-homed).  Setting the
      <varname>vfs.nfs.nfs_ip_paranoia</varname> sysctl to
      <literal>0</literal> will make this option the
      default. &merged;</para>

    <para>&man.newsyslog.8; now supports a <literal>W</literal> flag
      to force previously-started compression jobs for an entry (or
      group of entries specified with the <literal>G</literal> flag)
      to finish before beginning a new one.  This feature is designed
      to prevent system overloads caused by starting several
      compression jobs on big files simultaneously. &merged;</para>

    <para>&man.pam.ssh.8; has been rewritten.  One side effect of the
      rewrite is that it now starts a separate instance of
      &man.ssh-agent.1; for each session instead of trying to connect
      each session to the agent started by the first session.</para>

    <para>&man.ping.8; now supports a <option>-D</option> flag to set
      the <quote>Don't Fragment</quote> bit on outgoing packets.</para>

    <para>&man.ping.8; now supports a <option>-M</option> option to use
      ICMP mask request or timestamp request messages instead of ICMP echo requests.</para>

    <para>&man.ping.8; now supports a <option>-z</option> flag to set
      the Type of Service bits in outgoing packets.</para>

    <para>&man.pw.8; can now add a user whose name ends with a
      <literal>$</literal> character; this change is intended to help
      administration of <application>Samba</application>
      services. &merged;</para>

    <para>A bug in &man.rand.3; that could cause a sequence to remain
      stuck at <literal>0</literal> has been fixed.  (&man.rand.3;
      remains unsuitable for all but trivial uses.)</para>

    <para>&man.sem.open.3; now correctly handles multiple opens of the
      same semaphore; as a result, &man.sem.close.3; no longer crashes
      calling programs.</para>

    <para>The seeding algorithm used by &man.srandom.3; has been
      strengthened.</para>

    <para arch="sparc64">The sunlabel utility, a program analogous to
      &man.disklabel.8; that works on Sun disk labels, has been
      added.</para>

    <para>The &man.swapoff.8; command has been added to disable paging
      and swapping on a device.  A related &man.swapctl.8; command has
      been added to provide an interface to &man.swapon.8; and
      &man.swapoff.8; similar to other BSDs.

      <note>
        <para>The &man.swapoff.8; feature should be considered
	  experimental.</para>
      </note>
    </para>

    <para>&man.syslogd.8; now allows multiple hosts or programs to be
      named in host or program specifications in &man.syslog.conf.5;
      files.</para>

    <para>&man.systat.1; now includes an <option>-ifstat</option>
      display mode that displays the network traffic going through
      active intrfaces on the system.</para>

    <para>&man.xargs.1; now supports a <option>-P</option> option to
      execute multiple copies of the same utility in parallel.</para>

    <sect3>
      <title>Contributed Software</title>

      <para><application>awk</application> from Bell Labs has been
	updated to a 14 March 2003 snapshot.</para>

      <para><application>BIND</application> has been updated to
        version 8.3.4. &merged;</para>

      <para>All of the <application>bzip2</application> suite of
        applications is now installed in the base system (in
        particular, <command>bzip2recover</command> is now built and
        installed). &merged;</para>

      <para><application>CVS</application> has been updated to
	1.11.5. &merged;</para>

      <para><application>FILE</application> has been updated to
	3.41. &merged;</para>

      <para><application>GCC</application> has been updated to
	3.2.2 (release version).</para>

      <para>The <application>ISC DHCP</application> client has been
	updated to 3.0.1RC11. &merged;</para>

      <para><application>Kerberos IV</application> support (in the
	form of <application>KTH eBones</application>) has been
	removed.  Users requiring this functionality can still get it
	from the <filename role="port">security/krb4</filename> port
	(or package).  Kerberos IV compatibility mode for Kerberos 5
	has been removed, and the
	<literal>k5<replaceable>program</replaceable></literal>
	userland utilities have been renamed to
	<literal>k<replaceable>program</replaceable></literal>.</para>

      <para><application>libpcap</application> now has support for
	selecting among multiple data link types on an
	interface.</para>

      <para><application>OpenPAM</application> has been updated to the
        <quote>Daffodil</quote> release.</para>

      <para><application>OpenSSL</application> has been updated to
        release 0.9.7a.  Among other features, this release includes
        support for AES and takes advantage of &man.crypto.4;
        devices. &merged;</para>

      <para><application>sendmail</application> has been updated to
        version 8.12.8. &merged;</para>

      <para>&man.tcpdump.1; has been updated to version 3.7.2.  &merged;
	It also now supports a <option>-L</option> flag to
	list the data link types available on an interface and a
	<option>-y</option> option to specify the data link type to use while
	capturing packets.</para>

    </sect3>

    <sect3>
      <title>Ports/Packages Collection Infrastructure</title>

      <para>The one-line <filename>pkg-comment</filename> files have
        been eliminated from each port skeleton; their contents have
        been moved into each port's <filename>Makefile</filename>.
        This change reduces the disk space and inodes used by the
        ports tree. &merged;</para>

    </sect3>
  </sect2>

  <sect2>
    <title>Release Engineering and Integration</title>

    <para>The supported release of <application>GNOME</application>
      has been updated to 2.2. &merged;</para>

    <para>The supported release of <application>KDE</application>
      has been updated to 3.1. &merged;</para>

    <para>&man.sysinstall.8; once again supports installing individual
      components of <application>XFree86</application>.  Supporting
      changes (not user-visible) generalize the concept of installing
      parts of distributions as packages.</para>

    <para>The supported release of <application>XFree86</application>
      has been updated to 4.3.0. &merged;</para>

  </sect2>

  <sect2>
    <title>Documentation</title>

    <para></para>
  </sect2>

</sect1>

<sect1 id="upgrade">
  <title>Upgrading from previous releases of &os;</title>

  <para>Users with existing &os; systems are
    <emphasis>highly</emphasis> encouraged to read the <quote>Early
    Adopter's Guide to &os; 5.0</quote>.  This document generally has
    the filename <filename>EARLY.TXT</filename> on the distribution
    media, or any other place that the release notes can be found.  It
    offers some notes on upgrading, but more importantly, also
    discusses some of the relative merits of upgrading to &os;
    5.<replaceable>X</replaceable> versus running &os;
    4.<replaceable>X</replaceable>.</para>

  <important>
    <para>Upgrading &os; should, of course, only be attempted after
      backing up <emphasis>all</emphasis> data and configuration
      files.</para>
  </important>
</sect1>