article.xml revision 112634
12116Sjkh<articleinfo> 22116Sjkh <title>&os;/&arch; &release.current; Release Notes</title> 32116Sjkh 42116Sjkh <corpauthor>The FreeBSD Project</corpauthor> 52116Sjkh 62116Sjkh <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 112634 2003-03-25 20:18:37Z olgeni $</pubdate> 78870Srgrimes 82116Sjkh <copyright> 92116Sjkh <year>2000</year> 102116Sjkh <year>2001</year> 112116Sjkh <year>2002</year> 122116Sjkh <year>2003</year> 132116Sjkh <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 1450476Speter </copyright> 152116Sjkh 162116Sjkh <abstract> 172116Sjkh <para>The release notes for &os; &release.current; contain a summary 1887805Sphantom of 192116Sjkh<![ %include.historic; [ 20110566Smike the changes made to the &os; base system since &release.prev;. 21110566Smike]]> 222116Sjkh<![ %no.include.historic; [ 232116Sjkh recent changes made to the &os; base system on the &release.branch; 242116Sjkh development branch. 25106268Sarchie]]> 26106268Sarchie Both changes for kernel and userland are listed, as well as 27106268Sarchie applicable security advisories that were issued since the last 28106268Sarchie release. Some brief remarks on upgrading are also presented.</para> 29110566Smike </abstract> 30110566Smike</articleinfo> 31110566Smike 32110566Smike<sect1 id="intro"> 33110566Smike <title>Introduction</title> 34110566Smike 35128628Sdas <para>This document contains the release notes for &os; 36128628Sdas &release.current; on the &arch.print; hardware platform. It 37128628Sdas describes recently added, changed, or deleted features of &os;. 38110566Smike It also provides some notes on upgrading 39110566Smike from previous versions of &os;.</para> 40110566Smike 41110566Smike<![ %release.type.snapshot [ 42110566Smike 43110566Smike <para>The &release.type; distribution to which these release notes 442116Sjkh apply represents a point along the &release.branch; development 45126871Sbde branch between &release.prev; and the future &release.next;. Some 46126871Sbde pre-built, binary &release.type; distributions along this branch 47126871Sbde can be found at <ulink url="&release.url;"></ulink>.</para> 48126871Sbde 49110566Smike]]> 50110769Smike 51110769Smike<![ %release.type.release [ 52110769Smike 53110769Smike <para>This distribution of &os; &release.current; is a 54110769Smike &release.type; distribution. It can be found at <ulink 55110566Smike url="&release.url;"></ulink> or any of its mirrors. More 56110566Smike information on obtaining this (or other) &release.type; 57110566Smike distributions of &os; can be found in the <ulink 58110566Smike url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining 59110769Smike FreeBSD</quote> appendix</ulink> to the <ulink 60113077Sdas url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 61110769Smike Handbook</ulink>.</para> 62110769Smike 63110769Smike]]> 64110769Smike</sect1> 65110769Smike 66110769Smike<sect1 id="new"> 67110769Smike <title>What's New</title> 68110769Smike 69110769Smike <para>This section describes 70110769Smike<![ %include.historic; [ 71110769Smike the most user-visible new or changed features in &os; 72110769Smike since &release.prev;. 73110734Smike In general, changes described here are unique to the &release.branch; 74110566Smike branch unless specifically marked as &merged; features. 75110566Smike]]> 76110566Smike<![ %no.include.historic; [ 77128628Sdas many of the user-visible new or changed features in &os; 78110566Smike since &release.prev;. It includes items that are unique to the 792116Sjkh &release.branch; branch, as well as some features that may have been 802116Sjkh recently merged to 812116Sjkh other branches (after &os; &release.prev.historic;). The later 82128628Sdas items are marked as &merged;. 832116Sjkh]]> 842116Sjkh </para> 852116Sjkh 862116Sjkh <para>Typical release note items 872116Sjkh document new drivers or hardware support, new commands or options, 882116Sjkh major bugfixes, or contributed software upgrades. Applicable security 892116Sjkh advisories issued after &release.prev.historic; are also listed.</para> 902116Sjkh 912116Sjkh <para>Many additional changes were made to &os; that are not listed 922116Sjkh here for lack of space. For example, documentation was corrected 932116Sjkh and improved, minor bugs were fixed, insecure coding practices 942116Sjkh were audited and corrected, and source code was cleaned up.</para> 952116Sjkh 962116Sjkh <sect2 id="security"> 972116Sjkh <title>Security Advisories</title> 982116Sjkh 99128628Sdas <para>A remotely exploitable vulnerability in 1002116Sjkh <application>CVS</application> has been corrected with the 101128628Sdas import of version 1.11.5. More details can be found in security 1022116Sjkh advisory <ulink 1032116Sjkh url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc">FreeBSD-SA-03:01</ulink>. 1042116Sjkh &merged;</para> 1058870Srgrimes 1062116Sjkh <para>A timing-based attack on <application>OpenSSL</application>, 1078870Srgrimes which could allow a very powerful attacker access to plaintext 1088870Srgrimes under certain circumstances, has been prevented via an upgrade 1092116Sjkh to <application>OpenSSL</application> 0.9.7. See security 1102116Sjkh advisory <ulink 1112116Sjkh url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc">FreeBSD-SA-03:02</ulink> 1122116Sjkh for more details. &merged;</para> 1138870Srgrimes 1142116Sjkh <para>The security and performance of the 1152116Sjkh <quote>syncookies</quote> feature has been improved to decrease 1162116Sjkh the chance of an attacker being able to spoof connections. 1172116Sjkh More details are given in security advisory <ulink 1182116Sjkh url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc">FreeBSD-SA-03:03</ulink>. &merged;</para> 1192116Sjkh 1202116Sjkh <para>A remotely-exploitable buffer overflow vulnerability in 12158647Sobrien <application>sendmail</application> has been fixed by updating 12258647Sobrien <application>sendmail</application> to version 8.12.8. For more 12328971Sbde details, see security advisory <ulink 1242116Sjkh url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc">FreeBSD-SA-03:04</ulink>. 1252116Sjkh &merged;</para> 1262116Sjkh 1272116Sjkh <para>A bounds-checking bug in the XDR implementation, which could 1282116Sjkh allow a remote attacker to cause a denial-of-service, has been 1292116Sjkh fixed. For more details see security advisory <ulink 1302116Sjkh url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:05.xdr.asc">FreeBSD-SA-03:05</ulink>. 13128971Sbde &merged;</para> 1322116Sjkh 133128628Sdas <para>Two recently-publicized flaws in 134128628Sdas <application>OpenSSL</application> have been corrected. For 135104280Sbde more details, see security advisory <ulink 136104281Sbde url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:06.openssl.asc">FreeBSD-SA-03:06</ulink>. 137104280Sbde &merged;</para> 138104280Sbde 1392116Sjkh </sect2> 140104280Sbde 1412116Sjkh <sect2 id="kernel"> 142128627Sdas <title>Kernel Changes</title> 1432116Sjkh 1442116Sjkh <para arch="pc98">Support for the CanBe power management 1452116Sjkh controller has been added. &merged;</para> 1462116Sjkh 1472116Sjkh <para>&man.devfs.5; is now mandatory; the 1482116Sjkh <literal>NODEVFS</literal> option has been removed from the set of 1492116Sjkh possible kernel configuration options.</para> 1502116Sjkh 151128628Sdas <para arch="i386,pc98">The DRM kernel modules have been updated to 1522116Sjkh a snapshot from the DRI CVS repository, roughly equivalent to 15393197Sbde XFree86 4.3.0 but also including some additional 1542116Sjkh bugfixes.</para> 155104280Sbde 156104280Sbde <para>A minor bug in the permissions handling of 157104280Sbde <filename>/dev/tty</filename> has been fixed. As a result, 158104280Sbde &man.ssh.1; can now be used after &man.su.1;.</para> 159104280Sbde 160104280Sbde <para>A bug that caused &man.fstat.2; to return 161104280Sbde <literal>0</literal> as the number of bytes available to read 16293197Sbde from a TCP socket has been fixed.</para> 1632116Sjkh 1642116Sjkh <para>A bug that caused &man.kqueue.2; to report 1652116Sjkh <literal>0</literal> as the number of bytes available to read 166110769Smike from a TCP socket has been fixed. The 167110769Smike <literal>NOTE_LOWAT</literal> flag for 168110769Smike <literal>EVFILT_READ</literal> has been fixed.</para> 169110769Smike 170110566Smike <para>Linux emulation mode now supports IPv6.</para> 17192917Sobrien 17292917Sobrien <!-- Above this line, sort kernel changes by manpage/keyword--> 17392917Sobrien 17492917Sobrien <para>A second process scheduler, designed to be a general purpose 17592917Sobrien scheduler with many SMP benefits, has been added to the scheduler 17692917Sobrien framework. Exactly one scheduler must be specified in a kernel 17792917Sobrien configuration. The original scheduler may be selected using 1782116Sjkh <literal>options SCHED_4BSD</literal>. The newer 17992917Sobrien (experimental) scheduler can be selected by using 18092917Sobrien <literal>options SCHED_ULE</literal>.</para> 18192917Sobrien 1822116Sjkh <para>Device major numbers are now allocated dynamically by 18392917Sobrien default. This change greatly decreases the need for a static, 184104280Sbde centralized table of major number assignments to device drivers 18592917Sobrien (a few drivers retain their old static major numbers for 18692917Sobrien compatibility), and also reduces the possibility of running out 18792917Sobrien of device major numbers.</para> 188104280Sbde 1892116Sjkh <sect3> 19092917Sobrien <title>Processor/Motherboard Support</title> 19192917Sobrien 1922116Sjkh <para arch="i386">&os; now has rudimentary support for 19392917Sobrien HyperThreading (HTT). SMP kernels with the 19492917Sobrien <literal>HTT</literal> kernel option will detect and start up 19592917Sobrien the logical processors on HTT-capable machines. The logical 19692917Sobrien processors will be treated like additional physical processors 1972116Sjkh for the purposes of process scheduling. &merged;</para> 198104280Sbde 199104280Sbde </sect3> 200104280Sbde 201104280Sbde <sect3> 202128628Sdas <title>Bootloader Changes</title> 203128628Sdas 204128628Sdas <para arch="alpha">The alpha boot loader 205128628Sdas (<filename>boot1</filename>) can now be called 206128628Sdas <filename>boot</filename> for consistency with other 20792917Sobrien platforms.</para> 208104280Sbde 209128628Sdas <para arch="i386,pc98">The two parts of the boot loader 21092917Sobrien (<filename>boot1</filename> and <filename>boot2</filename>) 211128628Sdas have been combined into a single <filename>boot</filename> 212128628Sdas file, to simplify programs that need to write or otherwise 213128628Sdas manipulate the boot loader.</para> 214128628Sdas 215128628Sdas <para arch="pc98">The PC98 bootloader now has support for 216128628Sdas booting from SCSI MO media. &merged;</para> 217128628Sdas 218128628Sdas <para>The <filename>/modules</filename> directory (once the 219128628Sdas default location for modules on &os; 4.X) is no longer a 220128628Sdas part of the default <varname>kern.module_path</varname>. 22192917Sobrien Third-party modules should be placed in 22292917Sobrien <filename>/boot/modules</filename>. 22392917Sobrien 224128628Sdas <note> 22592917Sobrien <para>Modules designed for use with &os; 4.X are likely to 22692917Sobrien panic and should be used with extreme caution.</para> 22792917Sobrien </note> 2282116Sjkh </para> 229128628Sdas 230128628Sdas <!-- Above this line, order bootloader changes by keyword--> 23128971Sbde 232128628Sdas </sect3> 2332116Sjkh 234128628Sdas <sect3> 235104280Sbde <title>Network Interface Support</title> 23692917Sobrien 237128628Sdas <para>The cm driver now supports IPX. &merged;</para> 238128628Sdas 2392116Sjkh <para>A new wlan module provides 802.11 link-layer support. The 2402116Sjkh &man.wi.4; driver now uses this facility.</para> 2412116Sjkh 2422116Sjkh <para arch="i386,alpha,pc98,sparc64">A timing bug in the 243128628Sdas &man.xl.4; driver, which could cause a kernel panic (or other 24492917Sobrien problems) when configuring an interface, has been 245128628Sdas fixed.</para> 2462116Sjkh 2472116Sjkh </sect3> 2482116Sjkh 2492116Sjkh <sect3> 2502116Sjkh <title>Network Protocols</title> 25192917Sobrien 25292917Sobrien <para>&man.ipfw.4; <literal>skipto</literal> rules can once 253128628Sdas again be used with the <literal>log</literal> keyword. 254128628Sdas &man.ipfw.4; <literal>uid</literal> rules are once again 255128628Sdas working.</para> 256128628Sdas 257128628Sdas <para>It is now possible to build the 258128628Sdas <literal>FAST_IPSEC</literal> and <literal>INET6</literal> 259128628Sdas options into the same kernel. (They still cannot be used 260128628Sdas together, however.)</para> 261128628Sdas 262111546Simp <para>A bug in TCP NewReno, which caused premature exit from 2632116Sjkh fast recovery when NewReno was enabled, has been 2642116Sjkh fixed. &merged;</para> 265128628Sdas 26692917Sobrien <para>TCP now has support for the <quote>Limited 26792917Sobrien Transmit</quote> mechanism proposed by RFC 3042. This feature 26892917Sobrien is intended to improve the effectiveness of TCP loss recovery 26992917Sobrien in certain circumstances. It is off by default but can be 27092917Sobrien enabled with the <varname>net.inet.tcp.rfc3042</varname> 27192917Sobrien sysctl variable. More information can be found in 27292917Sobrien &man.tcp.4;.</para> 2732116Sjkh 27492917Sobrien <para>TCP now has support for increased initial congestion 27592917Sobrien window sizes as described in RFC 3390. This feature can 27692917Sobrien improve the throughput of short transfers, as well as 2772116Sjkh high-bandwidth, large propagation-delay connections. It is 27892917Sobrien off by default but can be enabled with the 279128628Sdas <varname>net.inet.tcp.rfc3390</varname> sysctl variable. More 280104280Sbde information can be found in &man.tcp.4;.</para> 281128628Sdas 28292917Sobrien <para>The IP fragment reassembly code behaves more gracefully 283128628Sdas when receiving a large number of packet fragments (it is 284128628Sdas designed to be more resistant to fragment-based denial of 28592917Sobrien service attacks). &merged;</para> 286104280Sbde 2872116Sjkh <para>TCP connections in the <literal>TIME_WAIT</literal> state 28892917Sobrien now use a special protocol control block that uses less space 28992917Sobrien than a full-blown TCP PCB. This allows some of the data 2902116Sjkh structures and resources used by such a connection to be freed 29192917Sobrien earlier.</para> 29292917Sobrien 29392917Sobrien <para>It is now possible to specify the range of 29492917Sobrien <quote>privileged ports</quote> (TCP and UDP ports that 2952116Sjkh require superuser access to &man.bind.2; to). The range is 29692917Sobrien now specified with the 297104280Sbde <varname>net.inet.ip.portrange.reservedlow</varname> and 298104280Sbde <varname>net.inet.ip.portrange.reservedhigh</varname> sysctl 29992917Sobrien variables, defaulting to the traditional UNIX behavior. This 3002116Sjkh feature is intended to help network servers bind 30192917Sobrien to traditionally privileged ports without requiring superuser 30292917Sobrien access. &man.ip.4; has more details.</para> 30392917Sobrien 304104280Sbde <para>Some bugs in the non-blocking RPC code has been fixed. As 305104280Sbde a result, &man.amd.8; users are now able to mount volumes from 306128628Sdas a &release.current; server.</para> 30792917Sobrien 30892917Sobrien <para>Support for XNS networking, which has not worked 30992917Sobrien correctly for almost seven years, has been removed.</para> 31092917Sobrien 311128628Sdas </sect3> 3122116Sjkh 3132116Sjkh <sect3> 3142116Sjkh <title>Disks and Storage</title> 3152116Sjkh 316128628Sdas <para>The &man.aac.4; driver now runs free of the Giant kernel 31792917Sobrien lock. This change has given a nearly 20% performance speedup 318128628Sdas on an SMP system running multiple I/O intensive loads.</para> 319128628Sdas 320128628Sdas <para>The &man.ata.4; driver now supports all known SiS 321128628Sdas chipsets. (More details can be found in the Hardware 322128628Sdas Notes.)</para> 323128628Sdas 324128628Sdas <para>A number of changes have been made to the &man.cd.4; 325128628Sdas driver. The primary user-visible change is improved 326128628Sdas compatibility with ATAPI/USB/Firewire CDROM drives.</para> 3272116Sjkh 3282116Sjkh <para>&man.geom.4; is now mandatory; the 3292116Sjkh <literal>NO_GEOM</literal> has been removed from the set of 3302116Sjkh kernel configuration options.</para> 3312116Sjkh 3322116Sjkh <para>A bug in the &man.mly.4; driver that caused hangs has been 33392917Sobrien corrected.</para> 33492917Sobrien 335128628Sdas <para>Support has been added for volume labels on UFS and UFS2 336128628Sdas filesystems. These labels are strings that can be used to 337128628Sdas identify a volume, regardless of what device it appears on. 338128628Sdas Labels can be set with the <option>-L</option> options to 339128628Sdas &man.newfs.8; or &man.tunefs.8;. With the 340111546Simp <literal>GEOM_VOL</literal> module, volumes can be accessed 3412116Sjkh using their labels under <filename>/dev/vol</filename>.</para> 342121418Sdes 343121418Sdes <para>The root filesystem can now be located on a &man.vinum.4; 344121418Sdes volume. More information can be found in the &man.vinum.4; 345128628Sdas manual page.</para> 346121418Sdes 347121418Sdes <para arch="pc98">The wfd and wst drivers, which have been 348121418Sdes broken for some time, have been removed.</para> 349121418Sdes 350121418Sdes </sect3> 351121418Sdes 352121418Sdes <sect3> 353121418Sdes <title>Filesystems</title> 354121418Sdes 355121418Sdes <para>NETNCP and Netware Filesystem Support (nwfs) are once 356121418Sdes again working.</para> 357121418Sdes 358121418Sdes <para>Bugs that could cause the unmounting of a smbfs share to 359121418Sdes fail or cause a kernel panic have been fixed.</para> 360121418Sdes 361121418Sdes </sect3> 362121418Sdes 363121418Sdes <sect3> 364121418Sdes <title>PCCARD Support</title> 365121418Sdes 366121418Sdes <para></para> 367121418Sdes </sect3> 368121418Sdes 369121418Sdes <sect3> 370121418Sdes <title>Multimedia Support</title> 371121418Sdes 372121418Sdes <para></para> 373121418Sdes </sect3> 374121418Sdes 375121418Sdes <sect3> 376121418Sdes <title>Contributed Software</title> 377121418Sdes 378121418Sdes <para><application>IPFilter</application> has been updated to 379121418Sdes 3.4.31. &merged;</para> 380121418Sdes 381121418Sdes </sect3> 382121418Sdes </sect2> 383121418Sdes 384121418Sdes <sect2 id="userland"> 385121418Sdes <title>Userland Changes</title> 386121418Sdes 387121418Sdes <para>&man.adduser.8; now correctly handles setting user passwords 388121418Sdes containing special shell characters.</para> 389121418Sdes 390121418Sdes <para arch="alpha,i386">The <filename>compat4x</filename> 391121418Sdes distribution now includes the 392121418Sdes <filename>libcrypto.so.2</filename>, 393121418Sdes <filename>libgmp.so.3</filename>, and 394121418Sdes <filename>libssl.so.2</filename> libraries from &os; 395121418Sdes 4.7-RELEASE.</para> 396121418Sdes 397121418Sdes <para>&man.config.8; now implements a <literal>nodevice</literal> 398121418Sdes kernel configuration file directive that cancels the effect of a 399121418Sdes <literal>device</literal> directive. The new 400121418Sdes <literal>nooption</literal> and <literal>nomakeoption</literal> 401121418Sdes directives cancel prior <literal>option</literal> and 402121418Sdes <literal>makeoption</literal> directives, respectively.</para> 403121418Sdes 404121418Sdes <para>The <option>-N</option> and <option>-W</option> flags to 405121418Sdes &man.disklabel.8; have been retired.</para> 406121418Sdes 407121418Sdes <para>&man.disklabel.8; is now only built for architectures where 408121418Sdes it is useful (i386, pc98, alpha, and ia64).</para> 409121418Sdes 410128628Sdas <para>The <option>-s</option> to &man.disklabel.8; has been 4112116Sjkh removed because the i386 boot loader now resides in a single 4122116Sjkh file.</para> 41387805Sphantom 414 <para>&man.dump.8; now supports caching of disk blocks with the 415 <option>-C</option> option. This can improve dump performance 416 at the cost of possibly missing filesystem updates that occur 417 between passes.</para> 418 419 <para>&man.dumpfs.8; now supports a <option>-m</option> flag to 420 print file system parameters in the form of a &man.newfs.8; 421 command.</para> 422 423 <para>&man.elfdump.1;, a utility to display information about &man.elf.5; 424 format executable files, has been added.</para> 425 426 <para>&man.fetch.1; uses the <filename>.netrc</filename> support 427 in &man.fetch.3; and also supports a <option>-N</option> to 428 specify an alternate <filename>.netrc</filename> file.</para> 429 430 <para>&man.fetch.3; now has support for 431 <filename>.netrc</filename> files (see &man.ftp.1; for more 432 details).</para> 433 434 <para>&man.ftpd.8; now supports a <option>-h</option> option to 435 disable printing any host-specific information, such as the 436 &man.ftpd.8; version or hostname, in server messages. 437 &merged;</para> 438 439 <para>&man.ftpd.8; now supports a <option>-P</option> option to 440 specify a port on which to listen in daemon mode. The default 441 data port number is now set to be one less than the control port 442 number, rather than being hard-coded. &merged;</para> 443 444 <para>&man.ftpd.8; now supports an extended format of the 445 <filename>/etc/ftpchroot</filename> file. Please refer 446 to the &man.ftpchroot.5; manpage, which is now available, 447 for details. &merged;</para> 448 449 <para>&man.ftpd.8; now supports login directory pathnames 450 that specify simultaneously a directory for &man.chroot.2; 451 and that to change to in the chrooted environment. The 452 <literal>/./</literal> separator is used for 453 this purpose, like in other FTP daemons having this feature. 454 It may be used in both &man.ftpchroot.5; and &man.passwd.5;. 455 &merged;</para> 456 457 <para>&man.fwcontrol.8; now supports <option>-R</option> and 458 <option>-S</option> options for receiving and sending DV 459 streams. &merged;</para> 460 461 <para>&man.ipfw.8; now supports <literal>enable</literal> and 462 <literal>disable</literal> commands to control various aspects 463 of the operation of &man.ipfw.4; (including enabling and 464 disabling the firewall itself). These provide a more convenient 465 and visible interface than the existing sysctl 466 variables. &merged;</para> 467 468 <para>&man.kenv.1; has been moved from 469 <filename>/usr/bin</filename> to <filename>/bin</filename> to 470 make it available at times during system startup when only the 471 root filesystem is mounted.</para> 472 473 <para>The MAKEDEV script is now unnecessary, due to the mandatory 474 presence of &man.devfs.5;, and has been removed.</para> 475 476 <para>The &man.libgeom.3; library has been added to allow some 477 userland access to the &man.geom.4; subsystem.</para> 478 479 <para>The mac_portacl MAC policy module has been added. It 480 provides a simple ACL mechanism to permit users and groups to 481 bind ports for TCP or UDP, and is intended to be used in 482 conjunction with the recently-added 483 <varname>net.inet.ip.portrange.reservedhigh</varname> sysctl.</para> 484 485 <para>The &man.mksnap.ffs.8; program has been added to allow 486 easier creation of FFS snapshots. It is a 487 SUID-<username>root</username> executable designed for use by 488 members of the <groupname>operator</groupname>group.</para> 489 490 <para>&man.mount.nfs.8; now supports a <option>-c</option> flag to 491 avoid doing a &man.connect.2; for UDP mount points. This option 492 must be used if the server does not reply to requests from the 493 standard NFS port number 2049 or if it replies to requests using 494 a different IP address (which can occur if the server is 495 multi-homed). Setting the 496 <varname>vfs.nfs.nfs_ip_paranoia</varname> sysctl to 497 <literal>0</literal> will make this option the 498 default. &merged;</para> 499 500 <para>&man.newsyslog.8; now supports a <literal>W</literal> flag 501 to force previously-started compression jobs for an entry (or 502 group of entries specified with the <literal>G</literal> flag) 503 to finish before beginning a new one. This feature is designed 504 to prevent system overloads caused by starting several 505 compression jobs on big files simultaneously. &merged;</para> 506 507 <para>&man.pam.ssh.8; has been rewritten. One side effect of the 508 rewrite is that it now starts a separate instance of 509 &man.ssh-agent.1; for each session instead of trying to connect 510 each session to the agent started by the first session.</para> 511 512 <para>&man.ping.8; now supports a <option>-D</option> flag to set 513 the <quote>Don't Fragment</quote> bit on outgoing packets.</para> 514 515 <para>&man.ping.8; now supports a <option>-M</option> option to use 516 ICMP mask request or timestamp request messages instead of ICMP echo requests.</para> 517 518 <para>&man.ping.8; now supports a <option>-z</option> flag to set 519 the Type of Service bits in outgoing packets.</para> 520 521 <para>&man.pw.8; can now add a user whose name ends with a 522 <literal>$</literal> character; this change is intended to help 523 administration of <application>Samba</application> 524 services. &merged;</para> 525 526 <para>A bug in &man.rand.3; that could cause a sequence to remain 527 stuck at <literal>0</literal> has been fixed. (&man.rand.3; 528 remains unsuitable for all but trivial uses.)</para> 529 530 <para>&man.sem.open.3; now correctly handles multiple opens of the 531 same semaphore; as a result, &man.sem.close.3; no longer crashes 532 calling programs.</para> 533 534 <para>The seeding algorithm used by &man.srandom.3; has been 535 strengthened.</para> 536 537 <para arch="sparc64">The sunlabel utility, a program analogous to 538 &man.disklabel.8; that works on Sun disk labels, has been 539 added.</para> 540 541 <para>The &man.swapoff.8; command has been added to disable paging 542 and swapping on a device. A related &man.swapctl.8; command has 543 been added to provide an interface to &man.swapon.8; and 544 &man.swapoff.8; similar to other BSDs. 545 546 <note> 547 <para>The &man.swapoff.8; feature should be considered 548 experimental.</para> 549 </note> 550 </para> 551 552 <para>&man.syslogd.8; now allows multiple hosts or programs to be 553 named in host or program specifications in &man.syslog.conf.5; 554 files.</para> 555 556 <para>&man.systat.1; now includes an <option>-ifstat</option> 557 display mode that displays the network traffic going through 558 active intrfaces on the system.</para> 559 560 <para>&man.xargs.1; now supports a <option>-P</option> option to 561 execute multiple copies of the same utility in parallel.</para> 562 563 <sect3> 564 <title>Contributed Software</title> 565 566 <para><application>awk</application> from Bell Labs has been 567 updated to a 14 March 2003 snapshot.</para> 568 569 <para><application>BIND</application> has been updated to 570 version 8.3.4. &merged;</para> 571 572 <para>All of the <application>bzip2</application> suite of 573 applications is now installed in the base system (in 574 particular, <command>bzip2recover</command> is now built and 575 installed). &merged;</para> 576 577 <para><application>CVS</application> has been updated to 578 1.11.5. &merged;</para> 579 580 <para><application>FILE</application> has been updated to 581 3.41. &merged;</para> 582 583 <para><application>GCC</application> has been updated to 584 3.2.2 (release version).</para> 585 586 <para>The <application>ISC DHCP</application> client has been 587 updated to 3.0.1RC11. &merged;</para> 588 589 <para><application>Kerberos IV</application> support (in the 590 form of <application>KTH eBones</application>) has been 591 removed. Users requiring this functionality can still get it 592 from the <filename role="port">security/krb4</filename> port 593 (or package). Kerberos IV compatibility mode for Kerberos 5 594 has been removed, and the 595 <literal>k5<replaceable>program</replaceable></literal> 596 userland utilities have been renamed to 597 <literal>k<replaceable>program</replaceable></literal>.</para> 598 599 <para><application>libpcap</application> now has support for 600 selecting among multiple data link types on an 601 interface.</para> 602 603 <para><application>OpenPAM</application> has been updated to the 604 <quote>Daffodil</quote> release.</para> 605 606 <para><application>OpenSSL</application> has been updated to 607 release 0.9.7a. Among other features, this release includes 608 support for AES and takes advantage of &man.crypto.4; 609 devices. &merged;</para> 610 611 <para><application>sendmail</application> has been updated to 612 version 8.12.8. &merged;</para> 613 614 <para>&man.tcpdump.1; has been updated to version 3.7.2. &merged; 615 It also now supports a <option>-L</option> flag to 616 list the data link types available on an interface and a 617 <option>-y</option> option to specify the data link type to use while 618 capturing packets.</para> 619 620 </sect3> 621 622 <sect3> 623 <title>Ports/Packages Collection Infrastructure</title> 624 625 <para>The one-line <filename>pkg-comment</filename> files have 626 been eliminated from each port skeleton; their contents have 627 been moved into each port's <filename>Makefile</filename>. 628 This change reduces the disk space and inodes used by the 629 ports tree. &merged;</para> 630 631 </sect3> 632 </sect2> 633 634 <sect2> 635 <title>Release Engineering and Integration</title> 636 637 <para>The supported release of <application>GNOME</application> 638 has been updated to 2.2. &merged;</para> 639 640 <para>The supported release of <application>KDE</application> 641 has been updated to 3.1. &merged;</para> 642 643 <para>&man.sysinstall.8; once again supports installing individual 644 components of <application>XFree86</application>. Supporting 645 changes (not user-visible) generalize the concept of installing 646 parts of distributions as packages.</para> 647 648 <para>The supported release of <application>XFree86</application> 649 has been updated to 4.3.0. &merged;</para> 650 651 </sect2> 652 653 <sect2> 654 <title>Documentation</title> 655 656 <para></para> 657 </sect2> 658 659</sect1> 660 661<sect1 id="upgrade"> 662 <title>Upgrading from previous releases of &os;</title> 663 664 <para>Users with existing &os; systems are 665 <emphasis>highly</emphasis> encouraged to read the <quote>Early 666 Adopter's Guide to &os; 5.0</quote>. This document generally has 667 the filename <filename>EARLY.TXT</filename> on the distribution 668 media, or any other place that the release notes can be found. It 669 offers some notes on upgrading, but more importantly, also 670 discusses some of the relative merits of upgrading to &os; 671 5.<replaceable>X</replaceable> versus running &os; 672 4.<replaceable>X</replaceable>.</para> 673 674 <important> 675 <para>Upgrading &os; should, of course, only be attempted after 676 backing up <emphasis>all</emphasis> data and configuration 677 files.</para> 678 </important> 679</sect1> 680