article.xml revision 113353 
1<articleinfo>
2  <title>&os;/&arch; &release.current; Release Notes</title>
3
4  <corpauthor>The FreeBSD Project</corpauthor>
5
6  <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 113353 2003-04-11 02:53:49Z jake $</pubdate>
7
8  <copyright>
9    <year>2000</year>
10    <year>2001</year>
11    <year>2002</year>
12    <year>2003</year>
13    <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
14  </copyright>
15
16  <abstract>
17    <para>The release notes for &os; &release.current; contain a summary
18      of
19<![ %include.historic; [
20      the changes made to the &os; base system since &release.prev;.
21]]>
22<![ %no.include.historic; [
23      recent changes made to the &os; base system on the &release.branch;
24      development branch.
25]]>
26      Both changes for kernel and userland are listed, as well as
27      applicable security advisories that were issued since the last
28      release.  Some brief remarks on upgrading are also presented.</para>
29  </abstract>
30</articleinfo>
31
32<sect1 id="intro">
33  <title>Introduction</title>
34
35  <para>This document contains the release notes for &os;
36    &release.current; on the &arch.print; hardware platform.  It
37    describes recently added, changed, or deleted features of &os;.
38    It also provides some notes on upgrading
39    from previous versions of &os;.</para>
40
41<![ %release.type.snapshot [
42
43  <para>The &release.type; distribution to which these release notes
44    apply represents a point along the &release.branch; development
45    branch between &release.prev; and the future &release.next;.  Some
46    pre-built, binary &release.type; distributions along this branch
47    can be found at <ulink url="&release.url;"></ulink>.</para>
48
49]]>
50
51<![ %release.type.release [
52
53  <para>This distribution of &os; &release.current; is a
54    &release.type; distribution.  It can be found at <ulink
55    url="&release.url;"></ulink> or any of its mirrors.  More
56    information on obtaining this (or other) &release.type;
57    distributions of &os; can be found in the <ulink
58    url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining
59    FreeBSD</quote> appendix</ulink> to the <ulink
60    url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD
61    Handbook</ulink>.</para>
62
63]]>
64</sect1>
65
66<sect1 id="new">
67  <title>What's New</title>
68
69  <para>This section describes
70<![ %include.historic; [
71      the most user-visible new or changed features in &os;
72      since &release.prev;.
73      In general, changes described here are unique to the &release.branch;
74      branch unless specifically marked as &merged; features.
75]]>
76<![ %no.include.historic; [
77      many of the user-visible new or changed features in &os;
78      since &release.prev;.  It includes items that are unique to the
79      &release.branch; branch, as well as some features that may have been
80      recently merged to
81      other branches (after &os; &release.prev.historic;).  The later
82      items are marked as &merged;.
83]]>
84  </para>
85
86  <para>Typical release note items
87    document new drivers or hardware support, new commands or options,
88    major bug fixes, or contributed software upgrades.  Applicable security
89    advisories issued after &release.prev.historic; are also listed.</para>
90
91  <para>Many additional changes were made to &os; that are not listed
92    here for lack of space.  For example, documentation was corrected
93    and improved, minor bugs were fixed, insecure coding practices
94    were audited and corrected, and source code was cleaned up.</para>
95
96  <sect2 id="security">
97    <title>Security Advisories</title>
98
99    <para>A remotely exploitable vulnerability in
100      <application>CVS</application> has been corrected with the
101      import of version 1.11.5.  More details can be found in security
102      advisory <ulink
103      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc">FreeBSD-SA-03:01</ulink>.
104      &merged;</para>
105
106    <para>A timing-based attack on <application>OpenSSL</application>,
107      which could allow a very powerful attacker access to plaintext
108      under certain circumstances, has been prevented via an upgrade
109      to <application>OpenSSL</application> 0.9.7.  See security
110      advisory <ulink
111      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc">FreeBSD-SA-03:02</ulink>
112      for more details. &merged;</para>
113
114    <para>The security and performance of the
115      <quote>syncookies</quote> feature has been improved to decrease
116      the chance of an attacker being able to spoof connections.
117      More details are given in security advisory <ulink
118      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:03.syncookies.asc">FreeBSD-SA-03:03</ulink>. &merged;</para>
119
120    <para>Remotely-exploitable buffer overflow vulnerabilities in
121      <application>sendmail</application> have been fixed by updating
122      <application>sendmail</application>.  For more
123      details, see security advisory <ulink
124      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc">FreeBSD-SA-03:04</ulink>
125      and <ulink
126      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc">FreeBSD-SA-03:07</ulink>.
127      &merged;</para>
128
129    <para>A bounds-checking bug in the XDR implementation, which could
130      allow a remote attacker to cause a denial-of-service, has been
131      fixed.  For more details see security advisory <ulink
132      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:05.xdr.asc">FreeBSD-SA-03:05</ulink>.
133      &merged;</para>
134
135    <para>Two recently-publicized flaws in
136      <application>OpenSSL</application> have been corrected.  For
137      more details, see security advisory <ulink
138      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:06.openssl.asc">FreeBSD-SA-03:06</ulink>.
139      &merged;</para>
140
141  </sect2>
142
143  <sect2 id="kernel">
144    <title>Kernel Changes</title>
145
146    <para arch="pc98">Support for the CanBe power management
147      controller has been added. &merged;</para>
148
149    <para>&man.devfs.5; is now mandatory; the
150      <literal>NODEVFS</literal> option has been removed from the set of
151      possible kernel configuration options.</para>
152
153    <para arch="i386,pc98">The DRM kernel modules have been updated to
154      a snapshot from the DRI CVS repository, roughly equivalent to
155      XFree86 4.3.0 but also including some additional
156      bug fixes.</para>
157
158    <para>A minor bug in the permissions handling of
159      <filename>/dev/tty</filename> has been fixed.  As a result,
160      &man.ssh.1; can now be used after &man.su.1;.</para>
161
162    <para>A bug that caused &man.fstat.2; to return
163      <literal>0</literal> as the number of bytes available to read
164      from a TCP socket has been fixed.</para>
165
166    <para>A bug that caused &man.kqueue.2; to report
167      <literal>0</literal> as the number of bytes available to read
168      from a TCP socket has been fixed.  The
169      <literal>NOTE_LOWAT</literal> flag for
170      <literal>EVFILT_READ</literal> has been fixed.</para>
171
172    <para>Linux emulation mode now supports IPv6.</para>
173
174    <!-- Above this line, sort kernel changes by manpage/keyword-->
175
176    <para>A second process scheduler, designed to be a general purpose
177      scheduler with many SMP benefits, has been added to the scheduler
178      framework.  Exactly one scheduler must be specified in a kernel
179      configuration.  The original scheduler may be selected using
180      <literal>options&nbsp;SCHED_4BSD</literal>.  The newer
181      (experimental) scheduler can be selected by using
182      <literal>options&nbsp;SCHED_ULE</literal>.</para>
183
184    <para>Device major numbers are now allocated dynamically by
185      default.  This change greatly decreases the need for a static,
186      centralized table of major number assignments to device drivers
187      (a few drivers retain their old static major numbers for
188      compatibility), and also reduces the possibility of running out
189      of device major numbers.</para>
190
191    <sect3>
192      <title>Processor/Motherboard Support</title>
193
194      <para arch="i386">&os; now has rudimentary support for
195	HyperThreading (HTT).  SMP kernels with the
196	<literal>HTT</literal> kernel option will detect and start up
197	the logical processors on HTT-capable machines.  The logical
198	processors will be treated like additional physical processors
199	for the purposes of process scheduling. &merged;</para>
200
201      <para arch="i386">Support for the Physical Address Extensions
202	(PAE) capability on Intel Pentium Pro and higher processors
203	has been added.  This allows the use of up to 64GB of RAM in a
204	machine, although the amount of memory usable by any single
205	process (or the &os; kernel) is unchanged.  For more
206	information, see the &man.pae.4; manual page.  Work on this
207	feature was sponsored by DARPA and Network Associates
208	Laboratories.</para>
209
210    </sect3>
211
212    <sect3>
213      <title>Bootloader Changes</title>
214
215      <para arch="alpha">The alpha boot loader
216        (<filename>boot1</filename>) can now be called
217        <filename>boot</filename> for consistency with other
218        platforms.</para>
219
220      <para arch="i386,pc98">The two parts of the boot loader
221        (<filename>boot1</filename> and <filename>boot2</filename>)
222        have been combined into a single <filename>boot</filename>
223        file, to simplify programs that need to write or otherwise
224        manipulate the boot loader.</para>
225
226      <para arch="pc98">The PC98 bootloader now has support for
227        booting from SCSI MO media. &merged;</para>
228
229      <para>The <filename>/modules</filename> directory (once the
230        default location for modules on &os; 4.X) is no longer a
231        part of the default <varname>kern.module_path</varname>.
232        Third-party modules should be placed in
233        <filename>/boot/modules</filename>.
234
235	<note>
236	  <para>Modules designed for use with &os; 4.X are likely to
237	    panic and should be used with extreme caution.</para>
238	</note>
239      </para>
240
241      <!-- Above this line, order bootloader changes by keyword-->
242
243    </sect3>
244
245    <sect3>
246      <title>Network Interface Support</title>
247
248      <para>The cm driver now supports IPX. &merged;</para>
249
250      <para>A new &man.wlan.4; module provides 802.11 link-layer support.  The
251	&man.wi.4; driver now uses this facility.</para>
252
253      <para arch="i386,alpha,pc98,sparc64">A timing bug in the
254	&man.xl.4; driver, which could cause a kernel panic (or other
255	problems) when configuring an interface, has been
256	fixed.</para>
257
258    </sect3>
259
260    <sect3>
261      <title>Network Protocols</title>
262
263      <para>&man.ipfw.4; <literal>skipto</literal> rules can once
264        again be used with the <literal>log</literal> keyword.
265	&man.ipfw.4; <literal>uid</literal> rules are once again
266        working.</para>
267
268      <para>It is now possible to build the
269        <literal>FAST_IPSEC</literal> and <literal>INET6</literal>
270        options into the same kernel.  (They still cannot be used
271        together, however.)</para>
272
273      <para>A bug in TCP NewReno, which caused premature exit from
274	fast recovery when NewReno was enabled, has been
275	fixed. &merged;</para>
276
277      <para>TCP now has support for the <quote>Limited
278	Transmit</quote> mechanism proposed by RFC 3042.  This feature
279	is intended to improve the effectiveness of TCP loss recovery
280	in certain circumstances.  It is off by default but can be
281	enabled with the <varname>net.inet.tcp.rfc3042</varname>
282	sysctl variable.  More information can be found in
283	&man.tcp.4;.</para>
284
285      <para>TCP now has support for increased initial congestion
286	window sizes as described in RFC 3390.  This feature can
287	improve the throughput of short transfers, as well as
288	high-bandwidth, large propagation-delay connections.  It is
289	off by default but can be enabled with the
290	<varname>net.inet.tcp.rfc3390</varname> sysctl variable.  More
291	information can be found in &man.tcp.4;.</para>
292
293      <para>The IP fragment reassembly code behaves more gracefully
294	when receiving a large number of packet fragments (it is
295	designed to be more resistant to fragment-based denial of
296	service attacks). &merged;</para>
297
298      <para>TCP connections in the <literal>TIME_WAIT</literal> state
299	now use a special protocol control block that uses less space
300	than a full-blown TCP PCB.  This allows some of the data
301	structures and resources used by such a connection to be freed
302	earlier.</para>
303
304      <para>It is now possible to specify the range of
305        <quote>privileged ports</quote> (TCP and UDP ports that
306        require superuser access to &man.bind.2; to).  The range is
307        now specified with the
308        <varname>net.inet.ip.portrange.reservedlow</varname> and
309        <varname>net.inet.ip.portrange.reservedhigh</varname> sysctl
310        variables, defaulting to the traditional UNIX behavior.  This
311        feature is intended to help network servers bind
312        to traditionally privileged ports without requiring superuser
313        access.  &man.ip.4; has more details.</para>
314
315      <para>Some bugs in the non-blocking RPC code has been fixed.  As
316	a result, &man.amd.8; users are now able to mount volumes from
317	a &release.current; server.</para>
318
319      <para>Support for XNS networking, which has not worked
320	correctly for almost seven years, has been removed.</para>
321
322    </sect3>
323
324    <sect3>
325      <title>Disks and Storage</title>
326
327      <para>The &man.aac.4; driver now runs free of the Giant kernel
328        lock.  This change has given a nearly 20% performance speedup
329        on an SMP system running multiple I/O intensive loads.</para>
330
331      <para>The &man.ata.4; driver now supports all known SiS
332	chipsets.  (More details can be found in the Hardware
333	Notes.)</para>
334
335      <para>A number of changes have been made to the &man.cd.4;
336        driver.  The primary user-visible change is improved
337        compatibility with ATAPI/USB/Firewire CDROM drives.</para>
338
339      <para>&man.geom.4; is now mandatory; the
340        <literal>NO_GEOM</literal> has been removed from the set of
341        kernel configuration options.</para>
342
343      <para>A bug in the &man.mly.4; driver that caused hangs has been
344	corrected.</para>
345
346      <para>Support has been added for volume labels on UFS and UFS2
347        filesystems.  These labels are strings that can be used to
348        identify a volume, regardless of what device it appears on.
349        Labels can be set with the <option>-L</option> options to
350        &man.newfs.8; or &man.tunefs.8;.  With the
351        <literal>GEOM_VOL</literal> module, volumes can be accessed
352        using their labels under <filename>/dev/vol</filename>.</para>
353
354      <para>The root filesystem can now be located on a &man.vinum.4;
355	volume.  More information can be found in the &man.vinum.4;
356	manual page.</para>
357
358      <para arch="pc98">The wfd and wst drivers, which have been
359        broken for some time, have been removed.</para>
360
361    </sect3>
362
363    <sect3>
364      <title>Filesystems</title>
365
366      <para>NETNCP and Netware Filesystem Support (nwfs) are once
367	again working.</para>
368
369      <para>Bugs that could cause the unmounting of a smbfs share to
370	fail or cause a kernel panic have been fixed.</para>
371
372    </sect3>
373
374    <sect3>
375      <title>PCCARD Support</title>
376
377      <para></para>
378    </sect3>
379
380    <sect3>
381      <title>Multimedia Support</title>
382
383      <para></para>
384    </sect3>
385
386    <sect3>
387      <title>Contributed Software</title>
388
389      <para><application>IPFilter</application> has been updated to
390	3.4.31. &merged;</para>
391
392    </sect3>
393  </sect2>
394
395  <sect2 id="userland">
396    <title>Userland Changes</title>
397
398    <para>&man.adduser.8; now correctly handles setting user passwords
399      containing special shell characters.</para>
400
401    <para>&man.adduser.8; now supports a <option>-g</option> option to
402      set a user's default login group.</para>
403
404    <para arch="alpha,i386">The <filename>compat4x</filename>
405      distribution now includes the
406      <filename>libcrypto.so.2</filename>,
407      <filename>libgmp.so.3</filename>, and
408      <filename>libssl.so.2</filename> libraries from &os;
409      4.7-RELEASE.</para>
410
411    <para>&man.config.8; now implements a <literal>nodevice</literal>
412      kernel configuration file directive that cancels the effect of a
413      <literal>device</literal> directive.  The new
414      <literal>nooption</literal> and <literal>nomakeoption</literal>
415      directives cancel prior <literal>option</literal> and
416      <literal>makeoption</literal> directives, respectively.</para>
417
418    <para>The &man.diskinfo.8; utility has been added to show
419      information about a disk device and optionally to run a naive
420      performance test.</para>
421
422    <para>The <option>-N</option> and <option>-W</option> flags to
423      &man.disklabel.8; have been retired.</para>
424
425    <para>&man.disklabel.8; is now only built for architectures where
426      it is useful (i386, pc98, alpha, and ia64).</para>
427
428    <para>The <option>-s</option> to &man.disklabel.8; has been
429      removed because the i386 boot loader now resides in a single
430      file.</para>
431
432    <para>&man.dump.8; now supports caching of disk blocks with the
433      <option>-C</option> option.  This can improve dump performance
434      at the cost of possibly missing filesystem updates that occur
435      between passes.</para>
436
437    <para>&man.dumpfs.8; now supports a <option>-m</option> flag to
438      print file system parameters in the form of a &man.newfs.8;
439      command.</para>
440
441    <para>&man.elfdump.1;, a utility to display information about &man.elf.5;
442      format executable files, has been added.</para>
443
444    <para>&man.fetch.1; uses the <filename>.netrc</filename> support
445      in &man.fetch.3; and also supports a <option>-N</option> to
446      specify an alternate <filename>.netrc</filename> file.</para>
447
448    <para>&man.fetch.3; now has support for
449      <filename>.netrc</filename> files (see &man.ftp.1; for more
450      details).</para>
451
452    <para>&man.ftpd.8; now supports a <option>-h</option> option to
453      disable printing any host-specific information, such as the
454      &man.ftpd.8; version or hostname, in server messages.
455      &merged;</para>
456
457    <para>&man.ftpd.8; now supports a <option>-P</option> option to
458      specify a port on which to listen in daemon mode.  The default
459      data port number is now set to be one less than the control port
460      number, rather than being hard-coded. &merged;</para>
461
462    <para>&man.ftpd.8; now supports an extended format of the
463      <filename>/etc/ftpchroot</filename> file.  Please refer
464      to the &man.ftpchroot.5; manpage, which is now available,
465      for details. &merged;</para>
466
467    <para>&man.ftpd.8; now supports login directory pathnames
468      that specify simultaneously a directory for &man.chroot.2;
469      and that to change to in the chrooted environment.  The
470      <literal>/./</literal> separator is used for
471      this purpose, like in other FTP daemons having this feature.
472      It may be used in both &man.ftpchroot.5; and &man.passwd.5;.
473      &merged;</para>
474
475    <para>&man.fwcontrol.8; now supports <option>-R</option> and
476      <option>-S</option> options for receiving and sending DV
477      streams. &merged;</para>
478
479    <para>The &man.gstat.8; utility has been added to show the disk
480      activity inside the &man.geom.4; subsystem.</para>
481
482    <para>&man.ipfw.8; now supports <literal>enable</literal> and
483      <literal>disable</literal> commands to control various aspects
484      of the operation of &man.ipfw.4; (including enabling and
485      disabling the firewall itself).  These provide a more convenient
486      and visible interface than the existing sysctl
487      variables. &merged;</para>
488
489    <para>&man.jail.8; now supports a <option>-i</option> flag to
490      output an identifier for a newly-created jail.</para>
491
492    <para>The &man.jexec.8; utility has been added to execute a
493      command inside an existing jail.</para>
494
495    <para>The &man.jls.8; utility has been added to list existing
496      jails.</para>
497
498    <para>&man.kenv.1; has been moved from
499      <filename>/usr/bin</filename> to <filename>/bin</filename> to
500      make it available at times during system startup when only the
501      root filesystem is mounted.</para>
502
503    <para>&man.killall.1; now supports a <option>-j</option> option to
504      kill all processes inside a jail.</para>
505
506    <para>The &man.libgeom.3; library has been added to allow some
507      userland access to the &man.geom.4; subsystem.</para>
508
509    <para>The mac_portacl MAC policy module has been added.  It
510      provides a simple ACL mechanism to permit users and groups to
511      bind ports for TCP or UDP, and is intended to be used in
512      conjunction with the recently-added
513      <varname>net.inet.ip.portrange.reservedhigh</varname> sysctl.</para>
514
515    <para>The MAKEDEV script is now unnecessary, due to the mandatory
516      presence of &man.devfs.5;, and has been removed.</para>
517
518    <para>The &man.mksnap.ffs.8; program has been added to allow
519      easier creation of FFS snapshots.  It is a
520      SUID-<username>root</username> executable designed for use by
521      members of the <groupname>operator</groupname>group.</para>
522
523    <para>&man.mount.8; and &man.umount.8; now accept a
524      <option>-F</option> option to specify an alternate &man.fstab.5;
525      file.</para>
526
527    <para>&man.mount.nfs.8; now supports a <option>-c</option> flag to
528      avoid doing a &man.connect.2; for UDP mount points.  This option
529      must be used if the server does not reply to requests from the
530      standard NFS port number 2049 or if it replies to requests using
531      a different IP address (which can occur if the server is
532      multi-homed).  Setting the
533      <varname>vfs.nfs.nfs_ip_paranoia</varname> sysctl to
534      <literal>0</literal> will make this option the
535      default. &merged;</para>
536
537    <para>&man.newsyslog.8; now supports a <literal>W</literal> flag
538      to force previously-started compression jobs for an entry (or
539      group of entries specified with the <literal>G</literal> flag)
540      to finish before beginning a new one.  This feature is designed
541      to prevent system overloads caused by starting several
542      compression jobs on big files simultaneously. &merged;</para>
543
544    <para>&man.pam.ssh.8; has been rewritten.  One side effect of the
545      rewrite is that it now starts a separate instance of
546      &man.ssh-agent.1; for each session instead of trying to connect
547      each session to the agent started by the first session.</para>
548
549    <para>&man.ping.8; now supports a <option>-D</option> flag to set
550      the <quote>Don't Fragment</quote> bit on outgoing packets.</para>
551
552    <para>&man.ping.8; now supports a <option>-M</option> option to use
553      ICMP mask request or timestamp request messages instead of ICMP
554      echo requests.</para>
555
556    <para>&man.ping.8; now supports a <option>-z</option> flag to set
557      the Type of Service bits in outgoing packets.</para>
558
559    <para>&man.pw.8; can now add a user whose name ends with a
560      <literal>$</literal> character; this change is intended to help
561      administration of <application>Samba</application>
562      services. &merged;</para>
563
564    <para>A bug in &man.rand.3; that could cause a sequence to remain
565      stuck at <literal>0</literal> has been fixed.  (&man.rand.3;
566      remains unsuitable for all but trivial uses.)</para>
567
568    <para>&man.rtld.1; now has support for the dynamic mapping of
569      shared object dependencies.  More information can be found in
570      &man.libmap.conf.5;.  This is an optional feature, disabled by
571      default.</para>
572
573    <para>&man.sem.open.3; now correctly handles multiple opens of the
574      same semaphore; as a result, &man.sem.close.3; no longer crashes
575      calling programs.</para>
576
577    <para>The seeding algorithm used by &man.srandom.3; has been
578      strengthened.</para>
579
580    <para arch="sparc64">The sunlabel utility, a program analogous to
581      &man.disklabel.8; that works on Sun disk labels, has been
582      added.</para>
583
584    <para>The &man.swapoff.8; command has been added to disable paging
585      and swapping on a device.  A related &man.swapctl.8; command has
586      been added to provide an interface to &man.swapon.8; and
587      &man.swapoff.8; similar to other BSDs.
588
589      <note>
590        <para>The &man.swapoff.8; feature should be considered
591	  experimental.</para>
592      </note>
593    </para>
594
595    <para>&man.syslogd.8; now allows multiple hosts or programs to be
596      named in host or program specifications in &man.syslog.conf.5;
597      files.</para>
598
599    <para>&man.systat.1; now includes an <option>-ifstat</option>
600      display mode that displays the network traffic going through
601      active interfaces on the system.</para>
602
603    <para>&man.xargs.1; now supports a <option>-P</option> option to
604      execute multiple copies of the same utility in parallel.</para>
605
606    <para>A 1:1 threading package (where for every pthread in an
607      application there is one KSE and thread) has been implemented.
608      Under this model, the kernel handles all thread scheduling
609      decisions and all signal delivery.  This uses some of the common
610      KSE code, and is a restricted case of the M:N threading work
611      still in progress.  The <filename>libthr</filename> library
612      implementing the userland portion of this functionality is a
613      drop-in replacement for the <filename>libc_r</filename> library.
614      Note that <filename>libthr</filename> is not (at this time)
615      built by default.</para>
616
617    <sect3>
618      <title>Contributed Software</title>
619
620      <para><application>awk</application> from Bell Labs has been
621	updated to a 14 March 2003 snapshot.</para>
622
623      <para><application>BIND</application> has been updated to
624        version 8.3.4. &merged;</para>
625
626      <para>All of the <application>bzip2</application> suite of
627        applications is now installed in the base system (in
628        particular, <command>bzip2recover</command> is now built and
629        installed). &merged;</para>
630
631      <para><application>CVS</application> has been updated to
632	1.11.5. &merged;</para>
633
634      <para><application>FILE</application> has been updated to
635	3.41. &merged;</para>
636
637      <para><application>GCC</application> has been updated to
638	3.2.2 (release version).</para>
639
640      <para>The <application>ISC DHCP</application> client has been
641	updated to 3.0.1RC11. &merged;</para>
642
643      <para>The <application>ISC DHCP</application> client now
644	includes the &man.omshell.1; utility and the &man.dhcpctl.3;
645	library for run-time control of the client.</para>
646
647      <para><application>Kerberos IV</application> support (in the
648	form of <application>KTH eBones</application>) has been
649	removed.  Users requiring this functionality can still get it
650	from the <filename role="port">security/krb4</filename> port
651	(or package).  Kerberos IV compatibility mode for Kerberos 5
652	has been removed, and the
653	<literal>k5<replaceable>program</replaceable></literal>
654	userland utilities have been renamed to
655	<literal>k<replaceable>program</replaceable></literal>.</para>
656
657      <para><application>libpcap</application> now has support for
658	selecting among multiple data link types on an
659	interface.</para>
660
661      <para><application>OpenPAM</application> has been updated to the
662        <quote>Daffodil</quote> release.</para>
663
664      <para><application>OpenSSL</application> has been updated to
665        release 0.9.7a.  Among other features, this release includes
666        support for AES and takes advantage of &man.crypto.4;
667        devices. &merged;</para>
668
669      <para><application>sendmail</application> has been updated to
670        version 8.12.9. &merged;</para>
671
672      <para>&man.tcpdump.1; has been updated to version 3.7.2.  &merged;
673	It also now supports a <option>-L</option> flag to
674	list the data link types available on an interface and a
675	<option>-y</option> option to specify the data link type to use while
676	capturing packets.</para>
677
678    </sect3>
679
680    <sect3>
681      <title>Ports/Packages Collection Infrastructure</title>
682
683      <para>The one-line <filename>pkg-comment</filename> files have
684        been eliminated from each port skeleton; their contents have
685        been moved into each port's <filename>Makefile</filename>.
686        This change reduces the disk space and inodes used by the
687        ports tree. &merged;</para>
688
689    </sect3>
690  </sect2>
691
692  <sect2>
693    <title>Release Engineering and Integration</title>
694
695    <para>The supported release of <application>GNOME</application>
696      has been updated to 2.2. &merged;</para>
697
698    <para>The supported release of <application>KDE</application>
699      has been updated to 3.1. &merged;</para>
700
701    <para>&man.sysinstall.8; once again supports installing individual
702      components of <application>XFree86</application>.  Supporting
703      changes (not user-visible) generalize the concept of installing
704      parts of distributions as packages.</para>
705
706    <para>The supported release of <application>XFree86</application>
707      has been updated to 4.3.0. &merged;</para>
708
709  </sect2>
710
711  <sect2>
712    <title>Documentation</title>
713
714    <para></para>
715  </sect2>
716
717</sect1>
718
719<sect1 id="upgrade">
720  <title>Upgrading from previous releases of &os;</title>
721
722  <para>Users with existing &os; systems are
723    <emphasis>highly</emphasis> encouraged to read the <quote>Early
724    Adopter's Guide to &os; 5.0</quote>.  This document generally has
725    the filename <filename>EARLY.TXT</filename> on the distribution
726    media, or any other place that the release notes can be found.  It
727    offers some notes on upgrading, but more importantly, also
728    discusses some of the relative merits of upgrading to &os;
729    5.<replaceable>X</replaceable> versus running &os;
730    4.<replaceable>X</replaceable>.</para>
731
732  <important>
733    <para>Upgrading &os; should, of course, only be attempted after
734      backing up <emphasis>all</emphasis> data and configuration
735      files.</para>
736  </important>
737</sect1>
738