article.xml revision 128360 
1<articleinfo>
2  <title>&os;/&arch; &release.current; Release Notes</title>
3
4  <corpauthor>The FreeBSD Project</corpauthor>
5
6  <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 128360 2004-04-17 17:15:43Z hrs $</pubdate>
7
8  <copyright>
9    <year>2000</year>
10    <year>2001</year>
11    <year>2002</year>
12    <year>2003</year>
13    <year>2004</year>
14    <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
15  </copyright>
16
17  <abstract>
18    <para>The release notes for &os; &release.current; contain a summary
19      of
20<![ %include.historic; [
21      the changes made to the &os; base system since &release.prev;.
22]]>
23<![ %no.include.historic; [
24      recent changes made to the &os; base system on the &release.branch;
25      development branch.
26]]>
27      This document lists applicable security advisories that were issued since
28      the last release, as well as significant changes to the &os;
29      kernel and userland.
30      Some brief remarks on upgrading are also presented.</para>
31  </abstract>
32</articleinfo>
33
34<sect1 id="intro">
35  <title>Introduction</title>
36
37  <para>This document contains the release notes for &os;
38    &release.current; on the &arch.print; hardware platform.  It
39    describes recently added, changed, or deleted features of &os;.
40    It also provides some notes on upgrading
41    from previous versions of &os;.</para>
42
43<![ %release.type.snapshot [
44
45  <para>The &release.type; distribution to which these release notes
46    apply represents a point along the &release.branch; development
47    branch between &release.prev; and the future &release.next;.  Some
48    pre-built, binary &release.type; distributions along this branch
49    can be found at <ulink url="&release.url;"></ulink>.</para>
50
51]]>
52
53<![ %release.type.release [
54
55  <para>This distribution of &os; &release.current; is a
56    &release.type; distribution.  It can be found at <ulink
57    url="&release.url;"></ulink> or any of its mirrors.  More
58    information on obtaining this (or other) &release.type;
59    distributions of &os; can be found in the <ulink
60    url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining
61    FreeBSD</quote> appendix</ulink> to the <ulink
62    url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD
63    Handbook</ulink>.</para>
64
65]]>
66
67  <para>Users who are new to the &release.branch; series of &os;
68    &release.type;s should also read the <quote>Early Adopters Guide
69    to &os; &release.current;</quote>.  This document can generally be
70    found in the same location as the release notes (either as a part of a
71    &os; distribution or on the &os; Web site).  It contains important
72    information regarding the advantages and disadvantages of using
73    &os; &release.current;, as opposed to releases based on the &os;
74    4-STABLE development branch.</para>
75
76  <para>All users are encouraged to consult the release errata before
77    installing &os;.  The errata document is updated with
78    <quote>late-breaking</quote> information discovered late in the
79    release cycle or after the release.  Typically, it contains
80    information on known bugs, security advisories, and corrections to
81    documentation.  An up-to-date copy of the errata for &os;
82    &release.current; can be found on the &os; Web site.</para>
83
84</sect1>
85
86<sect1 id="new">
87  <title>What's New</title>
88
89  <para>This section describes
90<![ %include.historic; [
91      the most user-visible new or changed features in &os;
92      since &release.prev;.
93      In general, changes described here are unique to the &release.branch;
94      branch unless specifically marked as &merged; features.
95]]>
96<![ %no.include.historic; [
97      many of the user-visible new or changed features in &os;
98      since &release.prev;.  It includes items that are unique to the
99      &release.branch; branch, as well as some features that may have been
100      recently merged to
101      other branches (after &os; &release.prev.historic;).  The latter
102      items are marked as &merged;.
103]]>
104  </para>
105
106  <para>Typical release note items
107    document recent security advisories issued after
108    &release.prev.historic;,
109    new drivers or hardware support, new commands or options,
110    major bug fixes, or contributed software upgrades.  They may also
111    list changes to major ports/packages or release engineering
112    practices.  Clearly the release notes cannot list every single
113    change made to &os; between releases; this document focuses
114    primarily on security advisories, user-visible changes, and major
115    architectural improvements.</para>
116
117  <sect2 id="security">
118    <title>Security Advisories</title>
119
120    <para>A bug in &man.mksnap.ffs.8; has been fixed; it caused the creation of a
121      filesystem snapshot to reset the flags on the filesystem to
122      their default values.  The possible consequences depended on local
123      usage, but could include disabling extended access control lists
124      or enabling the use of setuid executables stored on an untrusted
125      filesystem.  This bug also affected the &man.dump.8;
126      <option>-L</option> option, which uses &man.mksnap.ffs.8;.  Note
127      that &man.mksnap.ffs.8; is normally only available to the
128      superuser and members of the <groupname>operator</groupname>
129      group.  For more information, see security advisory <ulink
130      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para>
131
132    <para>A bug with the System V Shared Memory interface
133      (specifically the &man.shmat.2; system call) has been fixed.
134      This bug can cause a shared memory segment to reference
135      unallocated kernel memory.  In turn, this can permit a local
136      attacker to gain unauthorized access to parts of kernel memory,
137      possibly resulting in disclosure of sensitive information,
138      bypass of access control mechanisms, or privilege escalation.
139      More details can be found in security advisory <ulink
140      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>.
141      &merged;</para>
142
143    <para>A programming error in the &man.jail.attach.2; system call
144      has been fixed.  This error could allow a process with superuser
145      privileges inside a &man.jail.8; environment to change its root
146      directory to that of a different jail, and thus gain full read
147      and write access to files and directories within the target
148      jail.  More information can be found in security advisory <ulink
149      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para>
150
151    <para>A potential low-bandwidth denial-of-service attack against
152      the &os; TCP stack has been prevented by limiting the number of
153      out-of-sequence TCP segments that can be held at one time.  More
154      details can be found in security advisory <ulink
155      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>.
156      &merged;</para>
157
158    <para>A bug in <application>OpenSSL</application>'s SSL/TLS
159      ChangeCipherSpec message processing could result in
160      a null pointer dereference, has been fixed.
161      This could allow a remote attacker to crash an
162      <application>OpenSSL</application>-using
163      application and cause a denial-of-service on the system.
164      More details can be found in security advisory <ulink
165      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc">FreeBSD-SA-04:05</ulink>.
166      &merged;</para>
167
168    <para>A programming error in the handling of some IPv6
169      socket options within the &man.setsockopt.2; system call
170      has been fixed.  This allows a local attacker to cause a
171      system panic, and may allow to gain unauthorized access to
172      parts of kernel memory, possibly resulting in disclosure
173      of sensitive information, bypass of access control
174      mechanisms, or privilege escalation.
175      More details can be found in security advisory <ulink
176      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc">FreeBSD-SA-04:06</ulink>.</para>
177
178    <para>Two programming errors in <application>CVS</application>
179      have been fixed.  They allow a server to overwrite arbitrary
180      files on the client, and a client to read arbitrary files
181      on the server when accessing remote CVS repositories.
182      More details can be found in security advisory <ulink
183      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc">FreeBSD-SA-04:07</ulink>. &merged;</para>
184  </sect2>
185
186  <sect2 id="kernel">
187    <title>Kernel Changes</title>
188
189    <para arch="i386">The &man.acpi.toshiba.4; driver has been added
190      to use Toshiba's Hardware Control Interface to manipulate
191      certain hardware features on Toshiba laptops.</para>
192
193    <para arch="i386">The &man.acpi.toshiba.4; driver now supports
194      video output switching.</para>
195
196    <para>The &man.acpi.video.4; driver has been added to provide
197      control display switching and backlight brightness using the
198      ACPI Video Extensions.</para>
199
200    <para arch="i386">The &man.ctau.4; driver has been added for Cronyx-Tau
201      synchronous serial adapters. This driver was known for a long time as
202      <quote>ct</quote> in its previous life outside the &os; source tree. &merged;
203
204      <note>
205	<para>The driver name has changed, but the network interface still
206	  has the <quote>ct</quote> name.</para>
207      </note>
208    </para>
209
210    <para>&man.devfs.5; path rules now work correctly on
211      directories.</para>
212
213    <para arch="i386,pc98">The dgb (DigiBoard intelligent serial card) driver has been
214      removed due to breakage.  Its replacement is the &man.digi.4; driver,
215      which supports all the hardware of the dgb driver.</para>
216
217    <para>The &man.getvfsent.3; API has been removed.</para>
218
219    <para arch="i386">The loran (Loran-C receiver) driver has been removed due to
220      breakage and lack of maintainership.</para>
221
222    <para>The raid(4), RAIDframe disk driver from NetBSD has been removed.
223      This is currently non-functional, and would require some amount of work
224      to make it work under the &man.geom.4; API in 5-CURRENT.</para>
225
226    <para arch="i386,pc98">The sx driver, which supports Specialix I/O8+ and I/O4+
227      intelligent multiport serial controllers has been added.</para>
228
229    <para arch="alpha,amd64,i386">For the &man.uart.4; device
230      <varname>hw.uart.console</varname> and
231      <varname>hw.uart.dbgport</varname> environment variables
232      have been added.  They can be used to select a serial console and
233      debug port respectively, as well as the attributes.</para>
234
235    <para>The &man.ubser.4; device driver has been added to support
236      BWCT console management serial adapters.</para>
237
238    <para>The ULE scheduler is now the default scheduler in the
239      <filename>GENERIC</filename> kernel.  For the average user,
240      interactivity is reported to be better in many cases.  This
241      means less <quote>skipping</quote> and <quote>jerking</quote> in
242      interactive applications while the machine is very busy.  This
243      will not prevent problems due to overloaded disk subsystems, but
244      it does help with overloaded CPUs.  On SMP machines, ULE has
245      per-CPU run queues which allow for CPU affinity, CPU binding,
246      and advanced HyperThreading support, as well as providing a
247      framework for more optimizations in the future.  As fine-grained
248      kernel locking continues, the scheduler will be able to make
249      more efficient use of the available parallel resources.</para>
250
251    <!-- Above this line, sort kernel changes by manpage/keyword-->
252
253    <para>The device driver infrastructure (as well as many drivers)
254      have been updated.  Among the changes: Many more drivers now use
255      automatically-assigned major numbers (instead of the old static
256      major numbers).  Enhanced functions to support cloning of
257      pseudodevices.  Several changes to the driver API, including a
258      new <varname>d_version</varname> field in <varname>struct
259      cdevsw</varname>.  Note that third-party device drivers will
260      require recompiling after this change.</para>
261
262    <para>The kernel's file descriptor allocation code has been
263      updated, and is now derived from similar code in OpenBSD.</para>
264
265    <para arch="sparc64">On &os;/sparc64, <varname>time_t</varname>
266      has been changed from a 32-bit value to a 64-bit value.
267
268      <note>
269	<para>Since this change is not backward-compatible,
270	  any programs which were built on an older system using
271	  a 32-bit <varname>time_t</varname> and
272	  call system routines for handling
273	  <varname>time_t</varname> values, will have to be recompiled.
274	  More detailed information and notice on upgrading from
275	  the source can be found in
276	  <filename>/usr/src/UPDATING.64BTT</filename>.</para>
277      </note>
278    </para>
279
280    <para arch="i386">It is now possible to compile the &os;/i386
281      kernel with the Intel C/C++ Compiler (as in the <filename
282      role="package">lang/icc</filename> port).</para>
283
284    <sect3 id="proc">
285      <title>Platform-Specific Hardware Support</title>
286
287      <para arch="i386">The entropy device &man.random.4; now
288        supports a hardware random number generator (RNG)
289        in the VIA C3 Nehemiah (Stepping 3 and above) CPU.</para>
290
291      <para arch="i386">Several old drivers for ISA cards have been removed,
292	including
293	the asc driver for GI1904-based hand scanners,
294	the ctx driver for CORTEX-I Frame Grabber,
295	the gp driver for National Instruments AT-GPIB and AT-GPIB/TNT boards,
296	the gsc driver for the Genius GS-4500 hand scanner,
297	the le driver for DEC EtherWORKS II and III ethernet controllers,
298	the rdp driver for RealTek RTL 8002-based pocket ethernet adapters,
299	the spigot driver for the Creative Labs Video Spigot video-acquisition board,
300	the stl and stli drivers for Stallion Technologies multiport serial
301	controllers, and the wt driver for Archive/Wangtek cartridge tapes.
302	They are currently non-functional, and would require a considerable
303	amount of work to make them work under the new API in 5-CURRENT.
304	The userland support such as related ioctls and utilities including
305	sasc and sgsc has also been removed.</para>
306    </sect3>
307
308    <sect3 id="boot">
309      <title>Boot Loader Changes</title>
310
311      <para arch="i386">A serial console-capable version of
312	<filename>boot0</filename> has been added.  It can be written
313	to a disk using &man.boot0cfg.8; and specifying
314	<filename>/boot/boot0sio</filename> as the argument to the
315	<option>-b</option> option.</para>
316
317      <para arch="i386"><filename>cdboot</filename> now works around a
318	BIOS problem observed on some systems when booting from USB
319	CDROM drives.</para>
320
321      <!-- Above this line, order boot loader changes by keyword-->
322
323    </sect3>
324
325    <sect3 id="net-if">
326      <title>Network Interface Support</title>
327
328      <para arch="i386">The &man.arl.4; driver, which supports
329	Aironet Arlan 655 wireless adapters has been added.</para>
330
331      <para arch="sparc64">The &man.dc.4; driver now supports sparc64
332	Davicom cards that store their MAC address in
333	OpenFirmware.</para>
334
335      <para arch="i386,pc98">The hea (Efficient Networks, Inc. ENI-155p ATM adapter)
336	driver has been removed due to breakage.  Its functionality
337	has been subsumed into the &man.en.4; driver.</para>
338
339      <para>A short hiccup in the &man.em.4; during parameter
340	reconfiguration, has been fixed.  &merged;</para>
341
342      <para arch="i386">The lmc (LAN Media Corp. PCI WAN adapter) driver has been
343	removed due to breakage and lack of maintainership.</para>
344
345      <para arch="i386">&os; now provides a binary compatibility layer
346	for using &microsoft.windows; NDIS drivers for network
347	adapters under &os;/i386.  It includes a relocator/linker for
348	&windows; <filename>.SYS</filename> files to interface with
349	the &os; kernel and emulates various parts of the NDIS API
350	using native &os; kernel functions.  This system supports PCI
351	and CardBus network devices, and is designed principally for
352	Ethernet and wireless network interfaces.
353	For more information, see the &man.ndis.4; and
354	&man.ndiscvt.8; manual pages.</para>
355
356      <para>The &man.ng.atmllc.4; Netgraph node type, which handles
357        RFC 1483 ATM LLC encapsulation, has been added.</para>
358
359      <para>The &man.ng.vlan.4; NetGraph node type, which supports
360        IEEE 802.1Q VLAN tagging has been added.  &merged;</para>
361
362      <para>A bug that prevents VLAN support in the &man.nge.4; driver
363        from working has been fixed.  &merged;</para>
364
365      <para>The &man.pci.4; bus resource and power management have
366	been updated.
367
368	<note>
369	  <para>Although the &man.pci.4; bus power state management
370	    has been enabled, it may cause problems on some systems.
371	    This can be disabled by setting the tunable
372	    <varname>hw.pci.do_powerstate</varname> to 0.</para>
373	</note>
374      </para>
375
376      <para>Several bugs related to &man.polling.4; support
377        in the &man.rl.4; driver have been fixed.  &merged;</para>
378
379      <para>Several bugs related to multicast and promiscuous mode
380	handling in the &man.sk.4; driver have been fixed.</para>
381
382      <para>The &man.ste.4; driver now supports &man.polling.4;.
383        &merged;</para>
384
385      <para>The &man.udav.4; driver has been added.  It provides
386	support for USB Ethernet adapters based on the Davicom DM9601
387	chipset.</para>
388
389      <para>The &man.vr.4; driver now supports &man.polling.4;.</para>
390
391      <para>The hardware TX checksum support in the &man.xl.4; driver
392	has been disabled as it does not work correctly and slows down
393	the transmission rate.  &merged;</para>
394
395      <para>The per-interface &man.polling.4; support has been
396	implemented.  All of the network drivers that support &man.polling.4;
397	(&man.dc.4;, &man.fxp.4;, &man.em.4;, &man.nge.4;, &man.re.4;,
398	&man.rl.4;, &man.sis.4;, &man.ste.4;, and &man.vr.4;)
399	now also support this capability and it can be controlled
400	via &man.ifconfig.8;.</para>
401    </sect3>
402
403    <sect3 id="net-proto">
404      <title>Network Protocols</title>
405
406      <para>The &man.gre.4; tunnel driver now supports WCCP version
407	2.</para>
408
409      <para>Some bugs in the IPsec implementation from the KAME
410	Project have been fixed.  These bugs were related to freeing
411	memory objects before all references to them were removed, and
412	could cause erratic behavior or kernel panics after flushing
413	the Security Policy Database (SPD).</para>
414
415      <para>The <literal>PFIL_HOOKS</literal> option is now enabled by
416	default in the <filename>GENERIC</filename> kernel.  The most
417	notable effect of this change is to make
418	<application>IPFilter</application> work correctly when loaded
419	as a kernel module.</para>
420
421      <para>The following TCP features are now enabled by default: RFC
422	3042 (Limited Retransmit), RFC 3390 (increased initial
423	congestion window sizes), TCP bandwidth-delay product
424	limiting.  More information can be found in &man.tcp.4;.</para>
425
426      <para>&os;'s TCP implementation now includes support for a
427	minimum MSS (settable via the
428	<varname>net.inet.tcp.minmss</varname> sysctl variable) and a
429	rate limit on connections that send many small TCP segments
430	within a short period of time (via the
431	<varname>net.inet.tcp.minmssoverload</varname> sysctl
432	variable).  Connections exceeding this limit may be reset and
433	dropped.  This feature provides protection against a class of
434	resource exhaustion attacks.</para>
435
436      <para>The TCP implementation now includes partial (output-only)
437	support for RFC 2385 (TCP-MD5) digest support.  This feature,
438	enabled with the <literal>TCP_SIGNATURE</literal> and
439	<literal>FAST_IPSEC</literal> kernel options, is a TCP option
440	for authenticating TCP sessions.  &man.setkey.8; now includes
441	support for the TCP-MD5 class of security associations.
442	&merged;</para>
443    </sect3>
444
445    <sect3 id="disks">
446      <title>Disks and Storage</title>
447
448      <para>The &man.ata.4; driver now supports cardbus ATA/SATA
449        controllers.</para>
450
451      <para>A number of bugs in the &man.ata.4; driver have been
452	fixed.  Most notably, master/slave device detection should
453	work better, and some problems with timeouts should be
454	resolved.</para>
455
456      <para>The &man.ata.4; driver now supports the Promise command
457	sequencer present on all modern Promise controllers
458	(PDC203** PDC206**).
459
460	<note>
461	  <para>This also adds preliminary support for the
462	    Promise SX4/SX4000 as a <quote>normal</quote> Promise ATA
463	    controller; ATA RAID's are supported though
464	    but only RAID0, RAID1 and RAID0+1.</para>
465	</note>
466      </para>
467
468      <para arch="pc98">A bug of the automatic density selection code
469	in the &man.fd.4; driver has been fixed.</para>
470
471      <para>The &man.ips.4; driver now supports the recent
472	Adaptec ServeRAID series SCSI controller cards.</para>
473
474      <para arch="sparc64">A bug in the &man.isp.4; driver
475        which prevents the cards on SBus from working correctly,
476	has been fixed.</para>
477
478      <para arch="i386">The &man.twa.4; driver, which supports
479	3ware's 9000 series PATA/SATA RAID controllers has been added.  &merged;</para>
480
481      <para>The &man.umass.4; driver now supports the missing
482	ATAPI MMC commands and handles the timeout properly.  &merged;</para>
483    </sect3>
484
485    <sect3 id="fs">
486      <title>File Systems</title>
487
488      <para>The EXT2FS file system code now includes partial support
489	for large (&gt; 4GB) files.  This support is partial in that
490	it will refuse to create large files on filesystems that have
491	not been upgraded to <literal>EXT2_DYN_REV</literal> or that
492	do not have the
493	<literal>EXT2_FEATURE_RO_COMPAT_LARGE_FILE</literal> flag set
494	in the superblock.</para>
495
496      <para>A bug in GEOM that could result in I/O hangs in some rare
497	cases has been fixed.</para>
498
499      <para>A new geom_concat class has been added to concatenate
500        multiple disks to appear as a single larger disk.  The
501        &man.gconcat.8; utility is used for configurating concatenated
502        disks.</para>
503
504      <para>A panic in the NFSv4 client has been fixed; this occurred
505	when attempting operations against an NFSv3/NFSv2-only
506	server.</para>
507
508      <para>The SMBFS client now has support for SMB request signing,
509	which prevents <quote>man in the middle</quote> attacks and is
510	required in order to connect to Windows 2003 servers in their
511	default configuration.  As signing each message imposes a
512	significant performance penalty, this feature is only enabled
513	if the server requires it; this may eventually become an
514	option to &man.mount.smbfs.8;.</para>
515    </sect3>
516
517    <sect3 id="mm">
518      <title>Multimedia Support</title>
519
520      <para>The meteor (video capture) driver has been removed due to
521	breakage and lack of maintainership.</para>
522
523    </sect3>
524
525  </sect2>
526
527  <sect2 id="userland">
528    <title>Userland Changes</title>
529
530    <para>&man.bsdlabel.8; now supports a <option>-f</option> option
531      to work on files instead of disk partitions.</para>
532
533    <para>The <command>bthidcontrol</command> command and the
534      <command>bthidd</command> command, which support Bluetooth
535      HID (Human Interface Device), have been added.</para>
536
537    <para>The <command>doscmd</command> utility has been
538      removed from the &os; base system, and has been available
539      in the &os; Ports Collection instead.</para>
540
541    <para>&man.dump.8; and &man.restore.8; now support
542      a <option>-P</option> option to specify backup methods
543      other than files and tapes.  The argument is passed to
544      a normal &man.sh.1; pipeline with either
545      <varname>$DUMP_VOLUME</varname> or <varname>$RESTORE_VOLUME</varname>
546      defined in the environment, respectively.
547      For more information, see &man.dump.8; and &man.restore.8;.</para>
548
549    <para arch="pc98">The &man.fdcontrol.8;, &man.fdformat.1;, and
550      &man.fdread.1; utilities now work on &os;/pc98.</para>
551
552    <para>The &man.find.1; now supports a option
553      <option>-acl</option> to locate files with &man.acl.3;.</para>
554
555    <para>&man.indent.1; now supports a <option>-ldi</option> option
556      to control indentation of local variables.  A number of other
557      tunings were made to this utility.</para>
558
559    <para>&man.ifconfig.8; now supports renaming of network interfaces
560      at run-time using the <option>name</option> parameter.</para>
561
562    <para>&man.ifconfig.8; now prints the &man.polling.4; status
563      on the interface.  &merged;</para>
564
565    <para>&man.ip6fw.8; now supports a <option>-n</option> flag to
566      stop it from making any changes to the rules in the kernel</para>
567
568    <para>&man.ipcs.1; now supports a <option>-u</option> option to
569      display information about IPC mechanisms owned by the specified
570      user.</para>
571
572    <para>&man.ipfw.8; now supports a <option>-b</option> flag to
573      print only the action and comment for each rule, thus omitting
574      the rule body.</para>
575
576    <para>&man.killall.1; now supports a <option>-e</option> flag to
577      make the <option>-u</option> operate on effective, rather than
578      real, user ids. &merged;</para>
579
580    <para>&man.libalias.3; now has support (and a new API) for
581      multiple aliasing instances in a single process.  The existing
582      API has been reimplemented in terms of the new one to preserve
583      compatibility.</para>
584
585    <para>A <filename>libarchive</filename> library for manipulation
586      of compressed and uncompressed archive files has been
587      added.  More details can be found in &man.libarchive.3;.</para>
588
589    <para arch="pc98"><filename>libdisk</filename> now uses the
590      correct PC98 disk partition value for &os;.  This permits the
591      &man.sysinstall.8; disk partition editor to correctly create a
592      single &os; partition covering the entire disk. &merged;</para>
593
594    <para><filename>libdisk</filename> now uses
595      <varname>d_addr_t</varname> for disk addresses.
596      This allows &man.sysinstall.8; to properly handle disks
597      and filesystems more than 1 TB.</para>
598
599    <para arch="i386,pc98,amd64,ia64">The library formerly known as
600      <filename>libkse</filename> has been renamed
601      <filename>libpthread</filename> and is now the default threading
602      library on the i386, amd64, and ia64 platforms.
603      <application>GCC</application>'s <option>-pthread</option>
604      option has been changed to use <filename>libpthread</filename>
605      rather than <filename>libc_r</filename>.
606
607      <note>
608	<para>Users with older binaries (for example, ports compiled
609	  before this change was made) should use &man.libmap.conf.5;
610	  to map <filename>libc_r</filename> and/or
611	  <filename>libkse</filename> to
612	  <filename>libpthread</filename>.</para>
613      </note>
614
615      <note>
616	<para>Users with NVIDIA-supplied drivers and libraries may
617	  need to use a &man.libmap.conf.5; that maps
618	  <filename>libpthread</filename> references to the older
619	  <filename>libc_r</filename> since these drivers and
620	  utilities do not work with
621	  <filename>libpthread</filename>.</para>
622      </note>
623    </para>
624
625    <para>&man.make.1; now supports the new <literal>.warning</literal>
626      directive.</para>
627
628    <para>Initial support for UTF-8 versions of all the currently
629      supported system locales has been added.  This is primarily
630      for the benefit of the <filename role="package">misc/utf8locale</filename>
631      port.</para>
632
633    <para>The &man.logins.1; utility has been added to display
634      information about user and system accounts.</para>
635
636    <para>&man.mountd.8; now supports the <option>-p</option> option,
637       which allows users to specify a known port for use
638       in firewall rulesets.</para>
639
640    <para>&man.netstat.1; now displays the multicast group
641      memberships present in the system.</para>
642
643    <para>&man.newfs.8; and &man.mdmfs.8; now support a
644      <option>-l</option> flag to enable them to set the MAC
645      multilabel flag on new filesystems without requiring the use of
646      &man.tunefs.8;.</para>
647
648    <para>&man.nologin.8; now reports login attempts via
649       &man.syslogd.8;.</para>
650
651    <para>&man.nologin.8; has been moved from <filename>/sbin/nologin</filename>
652       to <filename>/usr/sbin/nologin</filename>, and
653       <filename>/sbin/nologin</filename> remains as a symbolic link
654       for backward compatibility.</para>
655
656    <para>A bugfix has been applied to NSS support, which fixes
657      problems when using third-party NSS modules (such as <filename
658      role="package">net/nss_ldap</filename>) and groups with large
659      membership lists.</para>
660
661    <para>The &man.pgrep.1; and &man.pkill.1; commands, which come from NetBSD,
662      have been added.  They also support a <option>-M</option> option
663      to extract values associated with the name list from the
664      specified core instead of the default <filename>/dev/kmem</filename>,
665      and a <option>-N</option> option to extract the name list from
666      the specified system instead of the default kernel.</para>
667
668    <para>&man.ps.1; compatibility with POSIX/SUSv3 has been improved.
669      The changes include <option>-p</option> for a list of process IDs,
670      <option>-t</option> for a list of terminal names,
671      <option>-A</option> which is equivalent to <option>-ax</option>,
672      <option>-G</option> for a list of group IDs,
673      <option>-X</option> which is the opposite of <option>-x</option>,
674      and some minor improvements.  For more information, see &man.ps.1;.
675      &merged;</para>
676
677    <para>&man.pw.8; now supports a <option>-H</option> option, which
678      accepts an encrypted password on a file descriptor. &merged;</para>
679
680    <para>The configuration files used by the &man.resolver.3; now
681      support the <literal>timeout:</literal> and
682      <literal>attempts:</literal> keywords.</para>
683
684    <para>The &man.resolver.3; and associated interfaces are now much
685      more reentrant and thread-safe.  Multiple DNS lookups can now be
686      run at the same time, showing major improvements in the
687      performance of some multi-threaded applications.  Some
688      multi-threaded programs need to be recompiled; examples from the
689      Ports Collection are <filename
690      role="package">www/mozilla</filename> and variants, <filename
691      role="package">mail/evolution</filename>, <filename
692      role="package">devel/gnomevfs</filename>, and <filename
693      role="package">devel/gnomevfs2</filename>.</para>
694
695    <para>&man.rmdir.1; now supports a <option>-v</option> flag,
696      which makes it verbose.</para>
697
698    <para>&man.savecore.8; now works correctly for dump files larger
699      than 2GB.</para>
700
701    <para>A bug in &man.script.1; has been fixed so that it now works
702      correctly if its stdin is closed.  This fix prevents a
703      potentially dangerous interaction with the <filename
704      role="package">sysutils/portupgrade</filename> package; if it was
705      run non-interactively, it could remove all out-of-date
706      ports without reinstalling them.</para>
707
708    <para>The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon
709      has been added.</para>
710
711    <para>Many userland utilities in the base system (mostly GNU
712      contributed utilities) now use the system version of
713      &man.getopt.long.3;, rather than the GNU version.</para>
714
715    <sect3 id="rc-scripts">
716      <title><filename>/etc/rc.d</filename> Scripts</title>
717
718      <para>The <filename>diskless</filename> script has been
719	split out into <filename>hostname</filename>,
720        <filename>resolve</filename>, <filename>tmp</filename>, and
721        <filename>var</filename> scripts.</para>
722
723      <para>The <filename>gbde_swap</filename> script, which supports
724	gbde-enabled swap devices has been added.
725	When the <varname>gbde_swap_enable</varname> variable is specified
726	in &man.rc.conf.5;, a swap device named
727	<filename>/dev/<replaceable>foo.bde</replaceable></filename>
728	in &man.fstab.5;
729	is automatically attached at boot time with the device
730	<filename>/dev/<replaceable>foo</replaceable></filename>
731	and a random key, which
732	generated by computing the MD5 checksum of 512 bytes read
733	from <filename>/dev/random</filename>.
734	Note that this prevents recovery of kernel dumps.</para>
735
736      <para>The <filename>mixer</filename> script has been added.
737	It saves the current settings of all audio mixers present
738	in the system on shutdown and restores the settings on boot.</para>
739
740      <para>The <filename>pf</filename> and <filename>pflog</filename>
741        scripts for &man.pf.4; has been added.</para>
742    </sect3>
743  </sect2>
744
745  <sect2 id="contrib">
746    <title>Contributed Software</title>
747
748    <para>The <application>ACPI-CA</application> code has been updated
749      from the 20030619 snapshot to the 20040402 snapshot.</para>
750
751    <para><application>awk</application> from Bell Labs has been
752      updated from the 29 July 2003 release to the 7 February 2004
753      release.</para>
754
755    <para><application>CVS</application> has been updated from
756      version 1.11.10 to version 1.11.15.</para>
757
758    <para><application>gdtoa</application> (a library that performs
759      conversions of numbers between binary and decimal form) has been
760      updated from version 20030324 to version 20040118.</para>
761
762    <para><application>GNU grep</application> has been updated from
763      2.4d to 2.4.2.</para>
764
765    <para><application>GNU readline</application> 4.3 has been updated
766      with official patches 001 through 005.</para>
767
768    <para>The <application>GNU regex</application> library has been
769      updated to the version included with <application>GNU
770      grep</application> 2.4.2.</para>
771
772    <para>The <application>GNU tar</application> implementation in the
773      base system is now called <filename>gtar</filename>, with
774      <filename>tar</filename> being a link to
775      <filename>gtar</filename>.</para>
776
777    <para><application>Heimdal Kerberos</application> has been
778       updated from 0.6 to 0.6.1.
779
780    <para><application>libpcap</application> has been updated from
781      version 0.7.1 to version 0.8.3.</para>
782
783    <para><application>OpenPAM</application> has been updated from the
784      Dogwood release to the Eelgrass release.</para>
785
786    <para><application>OpenSSH</application> has been updated from
787      3.6.1p1 to 3.8p1.
788
789      <note>
790	<para>The configuration defaults for &man.sshd.8; have been
791	  changed.  SSH protocol version 1 is no longer enabled by
792	  default.  In addition, password authentication over SSH is
793	  disabled by default if PAM is enabled.</para>
794      </note>
795
796      </para>
797
798    <para><application>OpenSSL</application> has been updated from
799      0.9.7c to 0.9.7d.  &merged;</para>
800
801    <para><application>pf</application>, OpenBSD's packet filter as of
802      OpenBSD 3.4, has been imported into &os; source tree and is now installed
803      by default.  A new user <username>proxy</username>, and two new
804      groups <username>authpf</username> and <username>proxy</username>,
805      which <application>pf</application> needs, are added as well.
806
807      <note>
808	<para>On upgrading from the source, these user accounts must be
809	  added in advance.  The <varname>NO_PF</varname> variable
810	  in <filename>make.conf</filename> can be used to prevent
811	  <application>pf</application> from building.</para>
812      </note>
813
814    <para>Several userland utilities of OpenBSD's
815      <application>pf</application> have been imported.
816      <filename>libexec/ftp-proxy</filename> is an ftp proxy for
817      <application>pf</application>,
818      <filename>sbin/pfctl</filename> is an equivalent to
819      <filename>sbin/ipf</filename>,
820      <filename>sbin/pflogd</filename>
821      is a daemon logging packets via <literal>if_pflog</literal>
822      in pcap format, and
823      <filename>usr.sbin/authpf</filename> is an authentication shell
824      to modify pf rulesets.</para>
825
826    <para><application>routed</application> has been updated from
827      release 2.22 to release 2.27 from rhyolite.com.  Note that for
828      users relying on RIP's MD5 authentication feature,
829      &man.routed.8; routed is now incompatible with previous versions
830      of &os;; however it is now compatible with implementations from
831      Sun, Cisco and other vendors.</para>
832
833    <para><application>sendmail</application> has been updated from
834      version 8.12.10 to version 8.12.11. &merged;</para>
835
836    <para><application>tcpdump</application> has been updated from
837      version 3.7.1 to version 3.8.3.</para>
838  </sect2>
839
840  <sect2 id="ports">
841    <title>Ports/Packages Collection Infrastructure</title>
842
843    <para>The <literal>SIZE</literal> attribute for distfiles,
844      which can be used for checking file sizes before fetching,
845      has been added and enabled by default.
846      <varname>DISABLE_SIZE</varname> is a user control knob
847      to disable the distfile size checking.  This is especially
848      useful on old &os; versions which didn't have &man.fetch.1;
849      support for this, and for some FTP proxies which always
850      report incorrect or bogus sizes.</para>
851
852    <para>Two new files have been added to the ports tree to track
853      note-worthy changes:  <filename>ports/CHANGES</filename> lists
854      major changes to the Ports Collection and its infrastructure.
855      <filename>ports/UPDATING</filename> describes some potential
856      pitfalls that can be encountered when updating certain ports,
857      analogous to <filename>src/UPDATING</filename> for the base
858      system.</para>
859
860  </sect2>
861
862  <sect2 id="releng">
863    <title>Release Engineering and Integration</title>
864
865    <para arch="i386,pc98">The building process for boot floppy images
866      has been completely overhauled.  The most significant change is
867      that the loader now boots a stock <filename>GENERIC</filename>
868      kernel split across multiple disks (two at the time of this
869      writing).  This greatly improves installations that begin with a
870      boot from floppy disk, because they now use exactly the same
871      kernel (and thus support the same hardware) as CDROM
872      installations.  The stripped-down <filename>MFSROOT</filename>
873      kernel is no longer needed, and the <filename>mfsroot</filename>
874      image no longer requires kernel modules.  The
875      <filename>boot.flp</filename> and
876      <filename>driver.flp</filename> images are also obsolete and no
877      longer built.</para>
878
879    <para>The supported release of <application>GNOME</application>
880      has been updated from 2.4 to 2.6.
881
882      <note>
883	<para>If you are using the older <application>GNOME</application>
884	  desktop itself (<filename role="package">x11/gnome2</filename>), simply upgrading it from the &os; Ports Collection
885	  with
886	  &man.portupgrade.1;
887	  (<filename role="package">sysutils/portupgrade</filename>)
888	  will cause serious problems.
889	  If you are a <application>GNOME</application> desktop user,
890	  please read the instructions carefully at
891	  <ulink url="http://www.FreeBSD.org/gnome/docs/faq26.html"></ulink>,
892	  and use the <filename>gnome_upgrade.sh</filename> script to
893	  properly upgrade to <application>GNOME</application> 2.6.</para>
894
895	<para>Note that if you are just a casual user of some of the
896	  <application>GNOME</application> libraries,
897	  &man.portupgrade.1; should be sufficient
898	  to update your ports.</para>
899      </note>
900    </para>
901
902    <para>The supported release of <application>KDE</application>
903      has been updated from 3.1.4 to 3.2.1.</para>
904  </sect2>
905
906  <sect2 id="doc">
907    <title>Documentation</title>
908
909    <para></para>
910
911  </sect2>
912
913</sect1>
914
915<sect1 id="upgrade">
916  <title>Upgrading from previous releases of &os;</title>
917
918  <para>Users with existing &os; systems are
919    <emphasis>highly</emphasis> encouraged to read the <quote>Early
920    Adopter's Guide to &os; &release.current;</quote>.  This document generally has
921    the filename <filename>EARLY.TXT</filename> on the distribution
922    media, or any other place that the release notes can be found.  It
923    offers some notes on upgrading, but more importantly, also
924    discusses some of the relative merits of upgrading to &os;
925    5.<replaceable>X</replaceable> versus running &os;
926    4.<replaceable>X</replaceable>.</para>
927
928  <important>
929    <para>Upgrading &os; should, of course, only be attempted after
930      backing up <emphasis>all</emphasis> data and configuration
931      files.</para>
932  </important>
933</sect1>
934