article.xml revision 127079
160786Sps<articleinfo> 2161475Sdelphij <title>&os;/&arch; &release.current; Release Notes</title> 360786Sps 460786Sps <corpauthor>The FreeBSD Project</corpauthor> 560786Sps 660786Sps <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 127079 2004-03-16 15:30:46Z hrs $</pubdate> 760786Sps 860786Sps <copyright> 960786Sps <year>2000</year> 1060786Sps <year>2001</year> 1160786Sps <year>2002</year> 1260786Sps <year>2003</year> 1360786Sps <year>2004</year> 1460786Sps <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 1560786Sps </copyright> 1660786Sps 1760786Sps <abstract> 1860786Sps <para>The release notes for &os; &release.current; contain a summary 1960786Sps of 2060786Sps<![ %include.historic; [ 2160786Sps the changes made to the &os; base system since &release.prev;. 2260786Sps]]> 2360786Sps<![ %no.include.historic; [ 2460786Sps recent changes made to the &os; base system on the &release.branch; 2560786Sps development branch. 2660786Sps]]> 2760786Sps This document lists applicable security advisories that were issued since 2860786Sps the last release, as well as significant changes to the &os; 2960786Sps kernel and userland. 3060786Sps Some brief remarks on upgrading are also presented.</para> 3160786Sps </abstract> 3260786Sps</articleinfo> 3360786Sps 3460786Sps<sect1 id="intro"> 3560786Sps <title>Introduction</title> 3660786Sps 3760786Sps <para>This document contains the release notes for &os; 3860786Sps &release.current; on the &arch.print; hardware platform. It 3960786Sps describes recently added, changed, or deleted features of &os;. 4060786Sps It also provides some notes on upgrading 4160786Sps from previous versions of &os;.</para> 4260786Sps 4360786Sps<![ %release.type.snapshot [ 4460786Sps 4560786Sps <para>The &release.type; distribution to which these release notes 4660786Sps apply represents a point along the &release.branch; development 4760786Sps branch between &release.prev; and the future &release.next;. Some 4860786Sps pre-built, binary &release.type; distributions along this branch 4960786Sps can be found at <ulink url="&release.url;"></ulink>.</para> 5060786Sps 5160786Sps]]> 5260786Sps 5360786Sps<![ %release.type.release [ 5460786Sps 5560786Sps <para>This distribution of &os; &release.current; is a 5660786Sps &release.type; distribution. It can be found at <ulink 5760786Sps url="&release.url;"></ulink> or any of its mirrors. More 5860786Sps information on obtaining this (or other) &release.type; 5960786Sps distributions of &os; can be found in the <ulink 6060786Sps url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining 6160786Sps FreeBSD</quote> appendix</ulink> to the <ulink 6260786Sps url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 6360786Sps Handbook</ulink>.</para> 6460786Sps 6560786Sps]]> 6660786Sps 6760786Sps <para>Users who are new to the &release.branch; series of &os; 6860786Sps &release.type;s should also read the <quote>Early Adopters Guide 6960786Sps to &os; &release.current;</quote>. This document can generally be 7060786Sps found in the same location as the release notes (either as a part of a 7160786Sps &os; distribution or on the &os; Web site). It contains important 7260786Sps information regarding the advantages and disadvantages of using 7360786Sps &os; &release.current;, as opposed to releases based on the &os; 7460786Sps 4-STABLE development branch.</para> 7560786Sps 7660786Sps <para>All users are encouraged to consult the release errata before 7760786Sps installing &os;. The errata document is updated with 7860786Sps <quote>late-breaking</quote> information discovered late in the 7960786Sps release cycle or after the release. Typically, it contains 8060786Sps information on known bugs, security advisories, and corrections to 8160786Sps documentation. An up-to-date copy of the errata for &os; 8260786Sps &release.current; can be found on the &os; Web site.</para> 8360786Sps 8460786Sps</sect1> 8560786Sps 8660786Sps<sect1 id="new"> 8760786Sps <title>What's New</title> 8860786Sps 8960786Sps <para>This section describes 9060786Sps<![ %include.historic; [ 9160786Sps the most user-visible new or changed features in &os; 9260786Sps since &release.prev;. 9360786Sps In general, changes described here are unique to the &release.branch; 9460786Sps branch unless specifically marked as &merged; features. 9560786Sps]]> 9660786Sps<![ %no.include.historic; [ 9760786Sps many of the user-visible new or changed features in &os; 9860786Sps since &release.prev;. It includes items that are unique to the 9960786Sps &release.branch; branch, as well as some features that may have been 10060786Sps recently merged to 10160786Sps other branches (after &os; &release.prev.historic;). The latter 10260786Sps items are marked as &merged;. 10360786Sps]]> 10460786Sps </para> 10560786Sps 10660786Sps <para>Typical release note items 10760786Sps document recent security advisories issued after 10860786Sps &release.prev.historic;, 10960786Sps new drivers or hardware support, new commands or options, 11060786Sps major bug fixes, or contributed software upgrades. They may also 11160786Sps list changes to major ports/packages or release engineering 11260786Sps practices. Clearly the release notes cannot list every single 11360786Sps change made to &os; between releases; this document focuses 11460786Sps primarily on security advisories, user-visible changes, and major 11560786Sps architectural improvements.</para> 11660786Sps 11760786Sps <sect2 id="security"> 11860786Sps <title>Security Advisories</title> 11960786Sps 12060786Sps <para>A bug in &man.mksnap.ffs.8; has been fixed; it caused the creation of a 12160786Sps filesystem snapshot to reset the flags on the filesystem to 12260786Sps their default values. The possible consequences depended on local 12360786Sps usage, but could include disabling extended access control lists 12460786Sps or enabling the use of setuid executables stored on an untrusted 12560786Sps filesystem. This bug also affected the &man.dump.8; 12660786Sps <option>-L</option> option, which uses &man.mksnap.ffs.8;. Note 12760786Sps that &man.mksnap.ffs.8; is normally only available to the 12860786Sps superuser and members of the <groupname>operator</groupname> 12960786Sps group. For more information, see security advisory <ulink 13060786Sps url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para> 13160786Sps 13260786Sps <para>A bug with the System V Shared Memory interface 13360786Sps (specifically the &man.shmat.2; system call) has been fixed. 13460786Sps This bug can cause a shared memory segment to reference 13560786Sps unallocated kernel memory. In turn, this can permit a local 13660786Sps attacker to gain unauthorized access to parts of kernel memory, 13760786Sps possibly resulting in disclosure of sensitive information, 13860786Sps bypass of access control mechanisms, or privilege escalation. 13960786Sps More details can be found in security advisory <ulink 14060786Sps url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>. 14160786Sps &merged;</para> 14260786Sps 14360786Sps <para>A programming error in the &man.jail.attach.2; system call 14460786Sps has been fixed. This error could allow a process with superuser 14560786Sps privileges inside a &man.jail.8; environment to change its root 14660786Sps directory to that of a different jail, and thus gain full read 14760786Sps and write access to files and directories within the target 14860786Sps jail. More information can be found in security advisory <ulink 14960786Sps url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para> 15060786Sps 15160786Sps <para>A potential low-bandwidth denial-of-service attack against 15260786Sps the &os; TCP stack has been prevented by limiting the number of 15360786Sps out-of-sequence TCP segments that can be held at one time. More 15460786Sps details can be found in security advisory <ulink 15560786Sps url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>. 15660786Sps &merged;</para> 15760786Sps 15860786Sps </sect2> 15960786Sps 16060786Sps <sect2 id="kernel"> 16160786Sps <title>Kernel Changes</title> 16260786Sps 16360786Sps <para arch="i386">The &man.acpi.toshiba.4; driver has been added 16460786Sps to use Toshiba's Hardware Control Interface to manipulate 16560786Sps certain hardware features on Toshiba laptops.</para> 16660786Sps 16760786Sps <para>The &man.acpi.video.4; driver has been added to provide 16860786Sps control display switching and backlight brightness using the 16960786Sps ACPI Video Extensions.</para> 17060786Sps 17160786Sps <para>&man.devfs.5; path rules now work correctly on 17260786Sps directories.</para> 17360786Sps 17460786Sps <para arch="i386,pc98">The dgb (DigiBoard intelligent serial card) driver has been 17560786Sps removed due to breakage. Its replacement is the &man.digi.4; driver, 17660786Sps which supports all the hardware of the dgb driver.</para> 17760786Sps 17860786Sps <para arch="i386">The loran (Loran-C receiver) driver has been removed due to 17960786Sps breakage and lack of maintainership.</para> 18060786Sps 18160786Sps <para>The raid(4), RAIDframe disk driver from NetBSD has been removed. 18260786Sps This is currently non-functional, and would require some amount of work 18360786Sps to make it work under the &man.geom.4; API in 5-CURRENT.</para> 18460786Sps 18560786Sps <para>The &man.ubser.4; device driver has been added to support 18660786Sps BWCT console management serial adapters.</para> 18760786Sps 18860786Sps <para>The ULE scheduler is now the default scheduler in the 18960786Sps <filename>GENERIC</filename> kernel. For the average user, 19060786Sps interactivity is reported to be better in many cases. This 19160786Sps means less <quote>skipping</quote> and <quote>jerking</quote> in 19260786Sps interactive applications while the machine is very busy. This 19360786Sps will not prevent problems due to overloaded disk subsystems, but 19460786Sps it does help with overloaded CPUs. On SMP machines, ULE has 19560786Sps per-CPU run queues which allow for CPU affinity, CPU binding, 19660786Sps and advanced HyperThreading support, as well as providing a 19760786Sps framework for more optimizations in the future. As fine-grained 19860786Sps kernel locking continues, the scheduler will be able to make 19960786Sps more efficient use of the available parallel resources.</para> 20060786Sps 20160786Sps <!-- Above this line, sort kernel changes by manpage/keyword--> 20260786Sps 20360786Sps <para>The device driver infrastructure (as well as many drivers) 20460786Sps have been updated. Among the changes: Many more drivers now use 20560786Sps automatically-assigned major numbers (instead of the old static 20660786Sps major numbers). Enhanced functions to support cloning of 20760786Sps pseudodevices. Several changes to the driver API, including a 20860786Sps new <varname>d_version</varname> field in <varname>struct 20960786Sps cdevsw</varname>. Note that third-party device drivers will 21060786Sps require recompiling after this change.</para> 21160786Sps 21260786Sps <para>The kernel's file descriptor allocation code has been 21360786Sps updated, and is now derived from similar code in OpenBSD.</para> 21460786Sps 21560786Sps <para arch="sparc64">On &os;/sparc64, <varname>time_t</varname> 21660786Sps has been changed from a 32-bit value to a 64-bit value. 21760786Sps 21860786Sps <note> 21960786Sps <para>Since this change is not backward-compatible, 22060786Sps any programs which were built on an older system using 22160786Sps a 32-bit <varname>time_t</varname> and 22260786Sps call system routines for handling 22360786Sps <varname>time_t</varname> values, will have to be recompiled. 22460786Sps More detailed information and notice on upgrading from 22560786Sps the source can be found in 22660786Sps <filename>/usr/src/UPDATING.64BTT</filename>.</para> 22760786Sps </note> 22860786Sps </para> 22960786Sps 23060786Sps <para arch="i386">It is now possible to compile the &os;/i386 23160786Sps kernel with the Intel C/C++ Compiler (as in the <filename 23260786Sps role="package">lang/icc</filename> port).</para> 23360786Sps 23460786Sps <sect3 id="proc"> 23560786Sps <title>Platform-Specific Hardware Support</title> 23660786Sps 23760786Sps <para arch="i386">Several old drivers for ISA cards have been removed, 23860786Sps including 23960786Sps the asc driver for GI1904-based hand scanners, 24060786Sps the ctx driver for CORTEX-I Frame Grabber, 24160786Sps the gp driver for National Instruments AT-GPIB and AT-GPIB/TNT boards, 24260786Sps the gsc driver for the Genius GS-4500 hand scanner, 24360786Sps the le driver for DEC EtherWORKS II and III ethernet controllers, 24460786Sps the rdp driver for RealTek RTL 8002-based pocket ethernet adapters, 24560786Sps the spigot driver for the Creative Labs Video Spigot video-acquisition board, 24660786Sps the stl and stli drivers for Stallion Technologies multiport serial 24760786Sps controllers, and the wt driver for Archive/Wangtek cartridge tapes. 24860786Sps They are currently non-functional, and would require a considerable 24960786Sps amount of work to make them work under the new API in 5-CURRENT. 25060786Sps The userland support such as related ioctls and utilities including 25160786Sps sasc and sgsc has also been removed.</para> 25260786Sps </sect3> 25360786Sps 25460786Sps <sect3 id="boot"> 25560786Sps <title>Boot Loader Changes</title> 25660786Sps 25760786Sps <para arch="i386">A serial console-capable version of 25860786Sps <filename>boot0</filename> has been added. It can be written 25960786Sps to a disk using &man.boot0cfg.8; and specifying 26060786Sps <filename>/boot/boot0sio</filename> as the argument to the 26160786Sps <option>-b</option> option.</para> 26260786Sps 26360786Sps <para arch="i386"><filename>cdboot</filename> now works around a 26460786Sps BIOS problem observed on some systems when booting from USB 26560786Sps CDROM drives.</para> 26660786Sps 26760786Sps <!-- Above this line, order boot loader changes by keyword--> 26860786Sps 26960786Sps </sect3> 27060786Sps 27160786Sps <sect3 id="net-if"> 27260786Sps <title>Network Interface Support</title> 27360786Sps 27460786Sps <para arch="i386">The &man.arl.4; driver, which supports 27560786Sps Aironet Arlan 655 wireless adapters has been added.</para> 27660786Sps 27760786Sps <para arch="sparc64">The &man.dc.4; driver now supports sparc64 27860786Sps Davicom cards that store their MAC address in 27960786Sps OpenFirmware.</para> 28060786Sps 28160786Sps <para arch="i386,pc98">The hea (Efficient Networks, Inc. ENI-155p ATM adapter) 28260786Sps driver has been removed due to breakage. Its functionality 28360786Sps has been subsumed into the &man.en.4; driver.</para> 28460786Sps 28560786Sps <para>A short hiccup in the &man.em.4; during parameter 28660786Sps reconfiguration, has been fixed. &merged;</para> 28760786Sps 28860786Sps <para arch="i386">The lmc (LAN Media Corp. PCI WAN adapter) driver has been 28960786Sps removed due to breakage and lack of maintainership.</para> 29060786Sps 29160786Sps <para arch="i386">&os; now provides a binary compatibility layer 29260786Sps for using µsoft.windows; NDIS drivers for network 29360786Sps adapters under &os;/i386. It includes a relocator/linker for 29460786Sps &windows; <filename>.SYS</filename> files to interface with 29560786Sps the &os; kernel and emulates various parts of the NDIS API 29660786Sps using native &os; kernel functions. This system supports PCI 29760786Sps and CardBus network devices, and is designed principally for 29860786Sps Ethernet and wireless network interfaces. 29960786Sps For more information, see the &man.ndis.4; and 30060786Sps &man.ndiscvt.8; manual pages.</para> 30160786Sps 30260786Sps <para>The &man.ng.atmllc.4; Netgraph node type, which handles 30360786Sps RFC 1483 ATM LLC encapsulation, has been added.</para> 30460786Sps 30560786Sps <para>The &man.ng.vlan.4; NetGraph node type, which supports 30660786Sps IEEE 802.1Q VLAN tagging has been added. &merged;</para> 30760786Sps 30860786Sps <para>Several bugs related to multicast and promiscuous mode 30960786Sps handling in the &man.sk.4; driver have been fixed.</para> 31060786Sps 31160786Sps <para>The &man.udav.4; driver has been added. It provides 31260786Sps support for USB Ethernet adapters based on the Davicom DM9601 31360786Sps chipset.</para> 31460786Sps 31560786Sps </sect3> 31660786Sps 31760786Sps <sect3 id="net-proto"> 31860786Sps <title>Network Protocols</title> 31960786Sps 32060786Sps <para>The &man.gre.4; tunnel driver now supports WCCP version 32160786Sps 2.</para> 32260786Sps 32360786Sps <para>Some bugs in the IPsec implementation from the KAME 32460786Sps Project have been fixed. These bugs were related to freeing 32560786Sps memory objects before all references to them were removed, and 32660786Sps could cause erratic behavior or kernel panics after flushing 32760786Sps the Security Policy Database (SPD).</para> 32860786Sps 32960786Sps <para>The <literal>PFIL_HOOKS</literal> option is now enabled by 33060786Sps default in the <filename>GENERIC</filename> kernel. The most 33160786Sps notable effect of this change is to make 33260786Sps <application>IPFilter</application> work correctly when loaded 33360786Sps as a kernel module.</para> 33460786Sps 33560786Sps <para>The following TCP features are now enabled by default: RFC 33660786Sps 3042 (Limited Retransmit), RFC 3390 (increased initial 33760786Sps congestion window sizes), TCP bandwidth-delay product 33860786Sps limiting. More information can be found in &man.tcp.4;.</para> 33960786Sps 34060786Sps <para>&os;'s TCP implementation now includes support for a 34160786Sps minimum MSS (settable via the 34260786Sps <varname>net.inet.tcp.minmss</varname> sysctl variable) and a 34360786Sps rate limit on connections that send many small TCP segments 34460786Sps within a short period of time (via the 34560786Sps <varname>net.inet.tcp.minmssoverload</varname> sysctl 34660786Sps variable). Connections exceeding this limit may be reset and 34760786Sps dropped. This feature provides protection against a class of 34860786Sps resource exhaustion attacks.</para> 34960786Sps 35060786Sps <para>The TCP implementation now includes partial (output-only) 35160786Sps support for RFC 2385 (TCP-MD5) digest support. This feature, 35260786Sps enabled with the <literal>TCP_SIGNATURE</literal> and 35360786Sps <literal>FAST_IPSEC</literal> kernel options, is a TCP option 35460786Sps for authenticating TCP sessions. &man.setkey.8; now includes 35560786Sps support for the TCP-MD5 class of security associations. 35660786Sps &merged;</para> 35760786Sps </sect3> 35860786Sps 35960786Sps <sect3 id="disks"> 36060786Sps <title>Disks and Storage</title> 36160786Sps 36260786Sps <para>The &man.ata.4; driver now supports cardbus ATA/SATA 36360786Sps controllers.</para> 36460786Sps 36560786Sps <para>A number of bugs in the &man.ata.4; driver have been 36660786Sps fixed. Most notably, master/slave device detection should 36760786Sps work better, and some problems with timeouts should be 36860786Sps resolved.</para> 36960786Sps 37060786Sps <para>The &man.umass.4; driver now supports the missing 37160786Sps ATAPI MMC commands and handles the timeout properly.</para> 37260786Sps </sect3> 37360786Sps 37460786Sps <sect3 id="fs"> 37560786Sps <title>File Systems</title> 37660786Sps 37760786Sps <para>The EXT2FS file system code now includes partial support 37860786Sps for large (> 4GB) files. This support is partial in that 37960786Sps it will refuse to create large files on filesystems that have 38060786Sps not been upgraded to <literal>EXT2_DYN_REV</literal> or that 38160786Sps don not have the 38260786Sps <literal>EXT2_FEATURE_RO_COMPAT_LARGE_FILE</literal> flag set 38360786Sps in the superblock.</para> 38460786Sps 38560786Sps <para>A bug in GEOM that could result in I/O hangs in some rare 38660786Sps cases has been fixed.</para> 38760786Sps 38860786Sps <para>A new geom_concat class has been added to concatenate 38960786Sps multiple disks to appear as a single larger disk. The 39060786Sps &man.gconcat.8; utility is used for configurating concatenated 39160786Sps disks.</para> 39260786Sps 39360786Sps <para>A panic in the NFSv4 client has been fixed; this occurred 39460786Sps when attempting operations against an NFSv3/NFSv2-only 39560786Sps server.</para> 39660786Sps 39760786Sps <para>The SMBFS client now has support for SMB request signing, 39860786Sps which prevents <quote>man in the middle</quote> attacks and is 39960786Sps required in order to connect to Windows 2003 servers in their 40060786Sps default configuration. As signing each message imposes a 40160786Sps significant performance penalty, this feature is only enabled 40260786Sps if the server requires it; this may eventually become an 40360786Sps option to &man.mount.smbfs.8;.</para> 40460786Sps 40560786Sps <para>A support for gbde-enabled swap devices has been added. 40660786Sps When <varname>gbde_swap_enable</varname> is specified 40760786Sps in &man.rc.conf.5;, a swap device named 40860786Sps <filename>/dev/foo.bde</filename> in &man.fstab.5; 40960786Sps is automatically attached at boot time with the device 41060786Sps <filename>/dev/foo</filename> and a random key, which 41160786Sps generated by computing the MD5 checksum of 512 bytes read 41260786Sps from <filename>/dev/random</filename>. 41360786Sps Note that this prevents recovery of kernel dumps.</para> 41460786Sps 41560786Sps </sect3> 41660786Sps 41760786Sps <sect3 id="mm"> 41860786Sps <title>Multimedia Support</title> 41960786Sps 42060786Sps <para>The meteor (video capture) driver has been removed due to 42160786Sps breakage and lack of maintainership.</para> 42260786Sps 42360786Sps </sect3> 42460786Sps 42560786Sps </sect2> 42660786Sps 42760786Sps <sect2 id="userland"> 42860786Sps <title>Userland Changes</title> 42960786Sps 43060786Sps <para>&man.indent.1; now supports a <option>-ldi</option> option 43160786Sps to control indentation of local variables. A number of other 43260786Sps tunings were made to this utility.</para> 43360786Sps 43460786Sps <para>&man.ifconfig.8; now supports renaming of network interfaces 43560786Sps at run-time using the <option>name</option> parameter.</para> 43660786Sps 43760786Sps <para>&man.ifconfig.8; now prints the &man.polling.4; status 43860786Sps on the interface. &merged;</para> 43960786Sps 44060786Sps <para>&man.ip6fw.8; now supports a <option>-n</option> flag to 44160786Sps stop it from making any changes to the rules in the kernel</para> 44260786Sps 44360786Sps <para>&man.ipfw.8; now supports a <option>-b</option> flag to 44460786Sps print only the action and comment for each rule, thus omitting 44560786Sps the rule body.</para> 44660786Sps 44760786Sps <para>&man.killall.1; now supports a <option>-e</option> flag to 44860786Sps make the <option>-u</option> operate on effective, rather than 44960786Sps real, user ids. &merged;</para> 45060786Sps 45160786Sps <para>&man.libalias.3; now has support (and a new API) for 45260786Sps multiple aliasing instances in a single process. The existing 45360786Sps API has been reimplemented in terms of the new one to preserve 45460786Sps compatibility.</para> 45560786Sps 45660786Sps <para>A <filename>libarchive</filename> library for manipulation 45760786Sps of compressed and uncompressed archive files has been 45860786Sps added. More details can be found in &man.libarchive.3;.</para> 45960786Sps 46060786Sps <para arch="pc98"><filename>libdisk</filename> now uses the 46160786Sps correct PC98 disk partition value for &os;. This permits the 46260786Sps &man.sysinstall.8; disk partition editor to correctly create a 46360786Sps single &os; partition covering the entire disk. &merged;</para> 46460786Sps 46560786Sps <para arch="i386,pc98,amd64,ia64">The library formerly known as 46660786Sps <filename>libkse</filename> has been renamed 46760786Sps <filename>libpthread</filename> and is now the default threading 46860786Sps library on the i386, amd64, and ia64 platforms. 46960786Sps <application>GCC</application>'s <option>-pthread</option> 47060786Sps option has been changed to use <filename>libpthread</filename> 47160786Sps rather than <filename>libc_r</filename>. 47260786Sps 47360786Sps <note> 47460786Sps <para>Users with older binaries (for example, ports compiled 47560786Sps before this change was made) should use &man.libmap.conf.5; 47660786Sps to map <filename>libc_r</filename> and/or 47760786Sps <filename>libkse</filename> to 47860786Sps <filename>libpthread</filename>.</para> 47960786Sps </note> 48060786Sps 48160786Sps <note> 48260786Sps <para>Users with NVIDIA-supplied drivers and libraries may 48360786Sps need to use a &man.libmap.conf.5; that maps 48460786Sps <filename>libpthread</filename> references to the older 48560786Sps <filename>libc_r</filename> since these drivers and 48660786Sps utilities do not work with 48760786Sps <filename>libpthread</filename>.</para> 48860786Sps </note> 48960786Sps <para> 49060786Sps 49160786Sps <para>The &man.logins.1; utility has been added to display 49260786Sps information about user and system accounts.</para> 49360786Sps 49460786Sps <para>&man.mountd.8; now supports the <option>-p</option> option, 49560786Sps which allows users to specify a known port for use 49660786Sps in firewall rulesets.</para> 49760786Sps 49860786Sps <para>&man.newfs.8; and &man.mdmfs.8; now support a 49960786Sps <option>-l</option> flag to enable them to set the MAC 50060786Sps multilabel flag on new filesystems without requiring the use of 50160786Sps &man.tunefs.8;.</para> 50260786Sps 50360786Sps <para>&man.nologin.8; now reports login attempts via 50460786Sps &man.syslogd.8;.</para> 50560786Sps 50660786Sps <para>&man.nologin.8; has been moved from <filename>/sbin/nologin</filename> 50760786Sps to <filename>/usr/sbin/nologin</filename>, and 50860786Sps <filename>/sbin/nologin</filename> remains as a symbolic link 50960786Sps for backward compatibility.</para> 51060786Sps 51160786Sps <para>A bugfix has been applied to NSS support, which fixes 51260786Sps problems when using third-party NSS modules (such as <filename 51360786Sps role="package">net/nss_ldap</filename>) and groups with large 51460786Sps membership lists.</para> 51560786Sps 51660786Sps <para>&man.pw.8; now supports a <option>-H</option> option, which 51760786Sps accepts an encrypted password on a file descriptor. &merged;</para> 51860786Sps 51960786Sps <para>The configuration files used by the &man.resolver.3; now 52060786Sps support the <literal>timeout:</literal> and 52160786Sps <literal>attempts:</literal> keywords.</para> 52260786Sps 52360786Sps <para>The &man.resolver.3; and associated interfaces are now much 52460786Sps more reentrant and thread-safe. Multiple DNS lookups can now be 52560786Sps run at the same time, showing major improvements in the 52660786Sps performance of some multi-threaded applications. Some 52760786Sps multi-threaded programs need to be recompiled; examples from the 52860786Sps Ports Collection are <filename 52960786Sps role="package">www/mozilla</filename> and variants, <filename 53060786Sps role="package">mail/evolution</filename>, <filename 53160786Sps role="package">devel/gnomevfs</filename>, and <filename 53260786Sps role="package">devel/gnomevfs2</filename>.</para> 53360786Sps 53460786Sps <para>&man.savecore.8; now works correctly for dump files larger 53560786Sps than 2GB.</para> 53660786Sps 53760786Sps <para>A bug in &man.script.1; has been fixed so that it now works 53860786Sps correctly if its stdin is closed. This fix prevents a 53960786Sps potentially dangerous interaction with the <filename 54060786Sps role="package">sysutils/portupgrade</filename> package; if it was 54160786Sps run non-interactively, it could remove all out-of-date 54260786Sps ports without reinstalling them.</para> 54360786Sps 54460786Sps <para>The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon 54560786Sps has been added.</para> 54660786Sps 54760786Sps <para>Many userland utilities in the base system (mostly GNU 54860786Sps contributed utilities) now use the system version of 54960786Sps &man.getopt.long.3;, rather than the GNU version.</para> 55060786Sps 55160786Sps </sect2> 55260786Sps 55360786Sps <sect2 id="contrib"> 55460786Sps <title>Contributed Software</title> 55560786Sps 55660786Sps <para>The <application>ACPI-CA</application> code has been updated 55760786Sps from the 20030619 snapshot to the 20040220 snapshot.</para> 55860786Sps 55960786Sps <para><application>awk</application> from Bell Labs has been 56060786Sps updated from the 29 July 2003 release to the 7 February 2004 56160786Sps release.</para> 56260786Sps 56360786Sps <para>Security improvements from <application>CVS</application> 56460786Sps 1.11.10 and 1.11.11 have been backported. Specifically, certain 56560786Sps malformed module requests are now rejected, and when using 56660786Sps <command>cvs pserver</command> mode, attempts to authenticate as 56760786Sps <username>root</username> are rejected and recorded via 56860786Sps &man.syslog.3;.</para> 56960786Sps 57060786Sps <para><application>gdtoa</application> (a library that performs 57160786Sps conversions of numbers between binary and decimal form) has been 57260786Sps updated from version 20030324 to version 20040118.</para> 57360786Sps 57460786Sps <para><application>GNU grep</application> has been updated from 57560786Sps 2.4d to 2.4.2.</para> 57660786Sps 57760786Sps <para><application>GNU readline</application> 4.3 has been updated 57860786Sps with official patches 001 through 005.</para> 57960786Sps 58060786Sps <para>The <application>GNU regex</application> library has been 58160786Sps updated to the version included with <application>GNU 58260786Sps grep</application> 2.4.2.</para> 58360786Sps 58460786Sps <para>The <application>GNU tar</application> implementation in the 58560786Sps base system is now called <filename>gtar</filename>, with 58660786Sps <filename>tar</filename> being a link to 58760786Sps <filename>gtar</filename>.</para> 58860786Sps 58960786Sps <para><application>OpenPAM</application> has been updated from the 59060786Sps Dogwood release to the Eelgrass release.</para> 59160786Sps 59260786Sps <para><application>OpenSSH</application> has been updated from 59360786Sps 3.6.1p1 to 3.8p1. 59460786Sps 59560786Sps <note> 59660786Sps <para>The configuration defaults for &man.sshd.8; have been 59763128Sps changed. SSH protocol version 1 is no longer enabled by 59863128Sps default. In addition, password authentication over SSH is 59963128Sps disabled by default if PAM is enabled.</para> 60063128Sps </note> 60163128Sps 60263128Sps </para> 60389019Sps 60489019Sps <para><application>pf</application>, OpenBSD's packet filter as of 60589019Sps OpenBSD 3.4, has been imported into &os; source tree and is now installed 60689019Sps by default. A new user <username>proxy</username>, and two new 60789019Sps groups <username>authpf</username> and <username>proxy</username>, 60889019Sps which <application>pf</application> needs, are added as well. 60989019Sps 61089019Sps <note> 61189019Sps <para>On upgrading from the source, these user accounts must be 61289019Sps added in advance. The <varname>NO_PF</varname> variable 61389019Sps in <filename>make.conf</filename> can be used to prevent 61489019Sps <application>pf</application> from building.</para> 61589019Sps </note> 61689019Sps 61789019Sps <para>Several userland utilities of OpenBSD's 61889019Sps <application>pf</application> have been imported. 61989019Sps <filename>libexec/ftp-proxy</filename> is an ftp proxy for 62089019Sps <application>pf</application>, 62189019Sps <filename>sbin/pfctl</filename> is an equivalent to 62289019Sps <filename>sbin/ipf</filename>, 62389019Sps <filename>sbin/pflogd</filename> 62489019Sps is a daemon logging packets via <literal>if_pflog</literal> 62589019Sps in pcap format, and 62689019Sps <filename>usr.sbin/authpf</filename> is an authentication shell 627128345Stjr to modify pf rulesets.</para> 628128345Stjr 629128345Stjr <para><application>routed</application> has been updated from 630128345Stjr release 2.22 to release 2.27 from rhyolite.com. Note that for 631128345Stjr users relying on RIP's MD5 authentication feature, 632128345Stjr &man.routed.8; routed is now incompatible with previous versions 633128345Stjr of &os;; however it is now compatible with implementations from 634128345Stjr Sun, Cisco and other vendors.</para> 635128345Stjr 636128345Stjr <para><application>sendmail</application> has been updated from 637128345Stjr version 8.12.10 to version 8.12.11. &merged;</para> 638128345Stjr 639128345Stjr </sect2> 640128345Stjr 641128345Stjr <sect2 id="ports"> 642128345Stjr <title>Ports/Packages Collection Infrastructure</title> 643128345Stjr 644128345Stjr <para>The <literal>SIZE</literal> attribute for distfiles, 645128345Stjr which can be used for checking file sizes before fetching, 646128345Stjr has been added and enabled by default. 647161475Sdelphij <varname>DISABLE_SIZE</varname> is a user control knob 648161475Sdelphij to disable the distfile size checking. This is especially 649161475Sdelphij useful on old &os; versions which didn't have &man.fetch.1; 650161475Sdelphij support for this, and for some FTP proxies which always 651161475Sdelphij report incorrect or bogus sizes.</para> 652161475Sdelphij </sect2> 653161475Sdelphij 654161475Sdelphij <sect2 id="releng"> 655161475Sdelphij <title>Release Engineering and Integration</title> 656161475Sdelphij 657161475Sdelphij <para arch="i386,pc98">The building process for boot floppy images 658161475Sdelphij has been completely overhauled. The most significant change is 659161475Sdelphij that the loader now boots a stock <filename>GENERIC</filename> 660161475Sdelphij kernel split across multiple disks (two at the time of this 661161475Sdelphij writing). This greatly improves installations that begin with a 662161475Sdelphij boot from floppy disk, because they now use exactly the same 663161475Sdelphij kernel (and thus support the same hardware) as CDROM 664161475Sdelphij installations. The stripped-down <filename>MFSROOT</filename> 665161475Sdelphij kernel is no longer needed, and the <filename>mfsroot</filename> 666161475Sdelphij image no longer requires kernel modules. The 667161475Sdelphij <filename>boot.flp</filename> and 668161475Sdelphij <filename>driver.flp</filename> images are also obsolete and no 669161475Sdelphij longer built.</para> 670161475Sdelphij 67160786Sps </sect2> 67260786Sps 673161475Sdelphij <sect2 id="doc"> 674 <title>Documentation</title> 675 676 <para></para> 677 678 </sect2> 679 680</sect1> 681 682<sect1 id="upgrade"> 683 <title>Upgrading from previous releases of &os;</title> 684 685 <para>Users with existing &os; systems are 686 <emphasis>highly</emphasis> encouraged to read the <quote>Early 687 Adopter's Guide to &os; &release.current;</quote>. This document generally has 688 the filename <filename>EARLY.TXT</filename> on the distribution 689 media, or any other place that the release notes can be found. It 690 offers some notes on upgrading, but more importantly, also 691 discusses some of the relative merits of upgrading to &os; 692 5.<replaceable>X</replaceable> versus running &os; 693 4.<replaceable>X</replaceable>.</para> 694 695 <important> 696 <para>Upgrading &os; should, of course, only be attempted after 697 backing up <emphasis>all</emphasis> data and configuration 698 files.</para> 699 </important> 700</sect1> 701