article.xml revision 128360
1<articleinfo> 2 <title>&os;/&arch; &release.current; Release Notes</title> 3 4 <corpauthor>The FreeBSD Project</corpauthor> 5 6 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 128360 2004-04-17 17:15:43Z hrs $</pubdate> 7 8 <copyright> 9 <year>2000</year> 10 <year>2001</year> 11 <year>2002</year> 12 <year>2003</year> 13 <year>2004</year> 14 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 15 </copyright> 16 17 <abstract> 18 <para>The release notes for &os; &release.current; contain a summary 19 of 20<![ %include.historic; [ 21 the changes made to the &os; base system since &release.prev;. 22]]> 23<![ %no.include.historic; [ 24 recent changes made to the &os; base system on the &release.branch; 25 development branch. 26]]> 27 This document lists applicable security advisories that were issued since 28 the last release, as well as significant changes to the &os; 29 kernel and userland. 30 Some brief remarks on upgrading are also presented.</para> 31 </abstract> 32</articleinfo> 33 34<sect1 id="intro"> 35 <title>Introduction</title> 36 37 <para>This document contains the release notes for &os; 38 &release.current; on the &arch.print; hardware platform. It 39 describes recently added, changed, or deleted features of &os;. 40 It also provides some notes on upgrading 41 from previous versions of &os;.</para> 42 43<![ %release.type.snapshot [ 44 45 <para>The &release.type; distribution to which these release notes 46 apply represents a point along the &release.branch; development 47 branch between &release.prev; and the future &release.next;. Some 48 pre-built, binary &release.type; distributions along this branch 49 can be found at <ulink url="&release.url;"></ulink>.</para> 50 51]]> 52 53<![ %release.type.release [ 54 55 <para>This distribution of &os; &release.current; is a 56 &release.type; distribution. It can be found at <ulink 57 url="&release.url;"></ulink> or any of its mirrors. More 58 information on obtaining this (or other) &release.type; 59 distributions of &os; can be found in the <ulink 60 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining 61 FreeBSD</quote> appendix</ulink> to the <ulink 62 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 63 Handbook</ulink>.</para> 64 65]]> 66 67 <para>Users who are new to the &release.branch; series of &os; 68 &release.type;s should also read the <quote>Early Adopters Guide 69 to &os; &release.current;</quote>. This document can generally be 70 found in the same location as the release notes (either as a part of a 71 &os; distribution or on the &os; Web site). It contains important 72 information regarding the advantages and disadvantages of using 73 &os; &release.current;, as opposed to releases based on the &os; 74 4-STABLE development branch.</para> 75 76 <para>All users are encouraged to consult the release errata before 77 installing &os;. The errata document is updated with 78 <quote>late-breaking</quote> information discovered late in the 79 release cycle or after the release. Typically, it contains 80 information on known bugs, security advisories, and corrections to 81 documentation. An up-to-date copy of the errata for &os; 82 &release.current; can be found on the &os; Web site.</para> 83 84</sect1> 85 86<sect1 id="new"> 87 <title>What's New</title> 88 89 <para>This section describes 90<![ %include.historic; [ 91 the most user-visible new or changed features in &os; 92 since &release.prev;. 93 In general, changes described here are unique to the &release.branch; 94 branch unless specifically marked as &merged; features. 95]]> 96<![ %no.include.historic; [ 97 many of the user-visible new or changed features in &os; 98 since &release.prev;. It includes items that are unique to the 99 &release.branch; branch, as well as some features that may have been 100 recently merged to 101 other branches (after &os; &release.prev.historic;). The latter 102 items are marked as &merged;. 103]]> 104 </para> 105 106 <para>Typical release note items 107 document recent security advisories issued after 108 &release.prev.historic;, 109 new drivers or hardware support, new commands or options, 110 major bug fixes, or contributed software upgrades. They may also 111 list changes to major ports/packages or release engineering 112 practices. Clearly the release notes cannot list every single 113 change made to &os; between releases; this document focuses 114 primarily on security advisories, user-visible changes, and major 115 architectural improvements.</para> 116 117 <sect2 id="security"> 118 <title>Security Advisories</title> 119 120 <para>A bug in &man.mksnap.ffs.8; has been fixed; it caused the creation of a 121 filesystem snapshot to reset the flags on the filesystem to 122 their default values. The possible consequences depended on local 123 usage, but could include disabling extended access control lists 124 or enabling the use of setuid executables stored on an untrusted 125 filesystem. This bug also affected the &man.dump.8; 126 <option>-L</option> option, which uses &man.mksnap.ffs.8;. Note 127 that &man.mksnap.ffs.8; is normally only available to the 128 superuser and members of the <groupname>operator</groupname> 129 group. For more information, see security advisory <ulink 130 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para> 131 132 <para>A bug with the System V Shared Memory interface 133 (specifically the &man.shmat.2; system call) has been fixed. 134 This bug can cause a shared memory segment to reference 135 unallocated kernel memory. In turn, this can permit a local 136 attacker to gain unauthorized access to parts of kernel memory, 137 possibly resulting in disclosure of sensitive information, 138 bypass of access control mechanisms, or privilege escalation. 139 More details can be found in security advisory <ulink 140 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>. 141 &merged;</para> 142 143 <para>A programming error in the &man.jail.attach.2; system call 144 has been fixed. This error could allow a process with superuser 145 privileges inside a &man.jail.8; environment to change its root 146 directory to that of a different jail, and thus gain full read 147 and write access to files and directories within the target 148 jail. More information can be found in security advisory <ulink 149 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para> 150 151 <para>A potential low-bandwidth denial-of-service attack against 152 the &os; TCP stack has been prevented by limiting the number of 153 out-of-sequence TCP segments that can be held at one time. More 154 details can be found in security advisory <ulink 155 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>. 156 &merged;</para> 157 158 <para>A bug in <application>OpenSSL</application>'s SSL/TLS 159 ChangeCipherSpec message processing could result in 160 a null pointer dereference, has been fixed. 161 This could allow a remote attacker to crash an 162 <application>OpenSSL</application>-using 163 application and cause a denial-of-service on the system. 164 More details can be found in security advisory <ulink 165 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc">FreeBSD-SA-04:05</ulink>. 166 &merged;</para> 167 168 <para>A programming error in the handling of some IPv6 169 socket options within the &man.setsockopt.2; system call 170 has been fixed. This allows a local attacker to cause a 171 system panic, and may allow to gain unauthorized access to 172 parts of kernel memory, possibly resulting in disclosure 173 of sensitive information, bypass of access control 174 mechanisms, or privilege escalation. 175 More details can be found in security advisory <ulink 176 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc">FreeBSD-SA-04:06</ulink>.</para> 177 178 <para>Two programming errors in <application>CVS</application> 179 have been fixed. They allow a server to overwrite arbitrary 180 files on the client, and a client to read arbitrary files 181 on the server when accessing remote CVS repositories. 182 More details can be found in security advisory <ulink 183 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc">FreeBSD-SA-04:07</ulink>. &merged;</para> 184 </sect2> 185 186 <sect2 id="kernel"> 187 <title>Kernel Changes</title> 188 189 <para arch="i386">The &man.acpi.toshiba.4; driver has been added 190 to use Toshiba's Hardware Control Interface to manipulate 191 certain hardware features on Toshiba laptops.</para> 192 193 <para arch="i386">The &man.acpi.toshiba.4; driver now supports 194 video output switching.</para> 195 196 <para>The &man.acpi.video.4; driver has been added to provide 197 control display switching and backlight brightness using the 198 ACPI Video Extensions.</para> 199 200 <para arch="i386">The &man.ctau.4; driver has been added for Cronyx-Tau 201 synchronous serial adapters. This driver was known for a long time as 202 <quote>ct</quote> in its previous life outside the &os; source tree. &merged; 203 204 <note> 205 <para>The driver name has changed, but the network interface still 206 has the <quote>ct</quote> name.</para> 207 </note> 208 </para> 209 210 <para>&man.devfs.5; path rules now work correctly on 211 directories.</para> 212 213 <para arch="i386,pc98">The dgb (DigiBoard intelligent serial card) driver has been 214 removed due to breakage. Its replacement is the &man.digi.4; driver, 215 which supports all the hardware of the dgb driver.</para> 216 217 <para>The &man.getvfsent.3; API has been removed.</para> 218 219 <para arch="i386">The loran (Loran-C receiver) driver has been removed due to 220 breakage and lack of maintainership.</para> 221 222 <para>The raid(4), RAIDframe disk driver from NetBSD has been removed. 223 This is currently non-functional, and would require some amount of work 224 to make it work under the &man.geom.4; API in 5-CURRENT.</para> 225 226 <para arch="i386,pc98">The sx driver, which supports Specialix I/O8+ and I/O4+ 227 intelligent multiport serial controllers has been added.</para> 228 229 <para arch="alpha,amd64,i386">For the &man.uart.4; device 230 <varname>hw.uart.console</varname> and 231 <varname>hw.uart.dbgport</varname> environment variables 232 have been added. They can be used to select a serial console and 233 debug port respectively, as well as the attributes.</para> 234 235 <para>The &man.ubser.4; device driver has been added to support 236 BWCT console management serial adapters.</para> 237 238 <para>The ULE scheduler is now the default scheduler in the 239 <filename>GENERIC</filename> kernel. For the average user, 240 interactivity is reported to be better in many cases. This 241 means less <quote>skipping</quote> and <quote>jerking</quote> in 242 interactive applications while the machine is very busy. This 243 will not prevent problems due to overloaded disk subsystems, but 244 it does help with overloaded CPUs. On SMP machines, ULE has 245 per-CPU run queues which allow for CPU affinity, CPU binding, 246 and advanced HyperThreading support, as well as providing a 247 framework for more optimizations in the future. As fine-grained 248 kernel locking continues, the scheduler will be able to make 249 more efficient use of the available parallel resources.</para> 250 251 <!-- Above this line, sort kernel changes by manpage/keyword--> 252 253 <para>The device driver infrastructure (as well as many drivers) 254 have been updated. Among the changes: Many more drivers now use 255 automatically-assigned major numbers (instead of the old static 256 major numbers). Enhanced functions to support cloning of 257 pseudodevices. Several changes to the driver API, including a 258 new <varname>d_version</varname> field in <varname>struct 259 cdevsw</varname>. Note that third-party device drivers will 260 require recompiling after this change.</para> 261 262 <para>The kernel's file descriptor allocation code has been 263 updated, and is now derived from similar code in OpenBSD.</para> 264 265 <para arch="sparc64">On &os;/sparc64, <varname>time_t</varname> 266 has been changed from a 32-bit value to a 64-bit value. 267 268 <note> 269 <para>Since this change is not backward-compatible, 270 any programs which were built on an older system using 271 a 32-bit <varname>time_t</varname> and 272 call system routines for handling 273 <varname>time_t</varname> values, will have to be recompiled. 274 More detailed information and notice on upgrading from 275 the source can be found in 276 <filename>/usr/src/UPDATING.64BTT</filename>.</para> 277 </note> 278 </para> 279 280 <para arch="i386">It is now possible to compile the &os;/i386 281 kernel with the Intel C/C++ Compiler (as in the <filename 282 role="package">lang/icc</filename> port).</para> 283 284 <sect3 id="proc"> 285 <title>Platform-Specific Hardware Support</title> 286 287 <para arch="i386">The entropy device &man.random.4; now 288 supports a hardware random number generator (RNG) 289 in the VIA C3 Nehemiah (Stepping 3 and above) CPU.</para> 290 291 <para arch="i386">Several old drivers for ISA cards have been removed, 292 including 293 the asc driver for GI1904-based hand scanners, 294 the ctx driver for CORTEX-I Frame Grabber, 295 the gp driver for National Instruments AT-GPIB and AT-GPIB/TNT boards, 296 the gsc driver for the Genius GS-4500 hand scanner, 297 the le driver for DEC EtherWORKS II and III ethernet controllers, 298 the rdp driver for RealTek RTL 8002-based pocket ethernet adapters, 299 the spigot driver for the Creative Labs Video Spigot video-acquisition board, 300 the stl and stli drivers for Stallion Technologies multiport serial 301 controllers, and the wt driver for Archive/Wangtek cartridge tapes. 302 They are currently non-functional, and would require a considerable 303 amount of work to make them work under the new API in 5-CURRENT. 304 The userland support such as related ioctls and utilities including 305 sasc and sgsc has also been removed.</para> 306 </sect3> 307 308 <sect3 id="boot"> 309 <title>Boot Loader Changes</title> 310 311 <para arch="i386">A serial console-capable version of 312 <filename>boot0</filename> has been added. It can be written 313 to a disk using &man.boot0cfg.8; and specifying 314 <filename>/boot/boot0sio</filename> as the argument to the 315 <option>-b</option> option.</para> 316 317 <para arch="i386"><filename>cdboot</filename> now works around a 318 BIOS problem observed on some systems when booting from USB 319 CDROM drives.</para> 320 321 <!-- Above this line, order boot loader changes by keyword--> 322 323 </sect3> 324 325 <sect3 id="net-if"> 326 <title>Network Interface Support</title> 327 328 <para arch="i386">The &man.arl.4; driver, which supports 329 Aironet Arlan 655 wireless adapters has been added.</para> 330 331 <para arch="sparc64">The &man.dc.4; driver now supports sparc64 332 Davicom cards that store their MAC address in 333 OpenFirmware.</para> 334 335 <para arch="i386,pc98">The hea (Efficient Networks, Inc. ENI-155p ATM adapter) 336 driver has been removed due to breakage. Its functionality 337 has been subsumed into the &man.en.4; driver.</para> 338 339 <para>A short hiccup in the &man.em.4; during parameter 340 reconfiguration, has been fixed. &merged;</para> 341 342 <para arch="i386">The lmc (LAN Media Corp. PCI WAN adapter) driver has been 343 removed due to breakage and lack of maintainership.</para> 344 345 <para arch="i386">&os; now provides a binary compatibility layer 346 for using µsoft.windows; NDIS drivers for network 347 adapters under &os;/i386. It includes a relocator/linker for 348 &windows; <filename>.SYS</filename> files to interface with 349 the &os; kernel and emulates various parts of the NDIS API 350 using native &os; kernel functions. This system supports PCI 351 and CardBus network devices, and is designed principally for 352 Ethernet and wireless network interfaces. 353 For more information, see the &man.ndis.4; and 354 &man.ndiscvt.8; manual pages.</para> 355 356 <para>The &man.ng.atmllc.4; Netgraph node type, which handles 357 RFC 1483 ATM LLC encapsulation, has been added.</para> 358 359 <para>The &man.ng.vlan.4; NetGraph node type, which supports 360 IEEE 802.1Q VLAN tagging has been added. &merged;</para> 361 362 <para>A bug that prevents VLAN support in the &man.nge.4; driver 363 from working has been fixed. &merged;</para> 364 365 <para>The &man.pci.4; bus resource and power management have 366 been updated. 367 368 <note> 369 <para>Although the &man.pci.4; bus power state management 370 has been enabled, it may cause problems on some systems. 371 This can be disabled by setting the tunable 372 <varname>hw.pci.do_powerstate</varname> to 0.</para> 373 </note> 374 </para> 375 376 <para>Several bugs related to &man.polling.4; support 377 in the &man.rl.4; driver have been fixed. &merged;</para> 378 379 <para>Several bugs related to multicast and promiscuous mode 380 handling in the &man.sk.4; driver have been fixed.</para> 381 382 <para>The &man.ste.4; driver now supports &man.polling.4;. 383 &merged;</para> 384 385 <para>The &man.udav.4; driver has been added. It provides 386 support for USB Ethernet adapters based on the Davicom DM9601 387 chipset.</para> 388 389 <para>The &man.vr.4; driver now supports &man.polling.4;.</para> 390 391 <para>The hardware TX checksum support in the &man.xl.4; driver 392 has been disabled as it does not work correctly and slows down 393 the transmission rate. &merged;</para> 394 395 <para>The per-interface &man.polling.4; support has been 396 implemented. All of the network drivers that support &man.polling.4; 397 (&man.dc.4;, &man.fxp.4;, &man.em.4;, &man.nge.4;, &man.re.4;, 398 &man.rl.4;, &man.sis.4;, &man.ste.4;, and &man.vr.4;) 399 now also support this capability and it can be controlled 400 via &man.ifconfig.8;.</para> 401 </sect3> 402 403 <sect3 id="net-proto"> 404 <title>Network Protocols</title> 405 406 <para>The &man.gre.4; tunnel driver now supports WCCP version 407 2.</para> 408 409 <para>Some bugs in the IPsec implementation from the KAME 410 Project have been fixed. These bugs were related to freeing 411 memory objects before all references to them were removed, and 412 could cause erratic behavior or kernel panics after flushing 413 the Security Policy Database (SPD).</para> 414 415 <para>The <literal>PFIL_HOOKS</literal> option is now enabled by 416 default in the <filename>GENERIC</filename> kernel. The most 417 notable effect of this change is to make 418 <application>IPFilter</application> work correctly when loaded 419 as a kernel module.</para> 420 421 <para>The following TCP features are now enabled by default: RFC 422 3042 (Limited Retransmit), RFC 3390 (increased initial 423 congestion window sizes), TCP bandwidth-delay product 424 limiting. More information can be found in &man.tcp.4;.</para> 425 426 <para>&os;'s TCP implementation now includes support for a 427 minimum MSS (settable via the 428 <varname>net.inet.tcp.minmss</varname> sysctl variable) and a 429 rate limit on connections that send many small TCP segments 430 within a short period of time (via the 431 <varname>net.inet.tcp.minmssoverload</varname> sysctl 432 variable). Connections exceeding this limit may be reset and 433 dropped. This feature provides protection against a class of 434 resource exhaustion attacks.</para> 435 436 <para>The TCP implementation now includes partial (output-only) 437 support for RFC 2385 (TCP-MD5) digest support. This feature, 438 enabled with the <literal>TCP_SIGNATURE</literal> and 439 <literal>FAST_IPSEC</literal> kernel options, is a TCP option 440 for authenticating TCP sessions. &man.setkey.8; now includes 441 support for the TCP-MD5 class of security associations. 442 &merged;</para> 443 </sect3> 444 445 <sect3 id="disks"> 446 <title>Disks and Storage</title> 447 448 <para>The &man.ata.4; driver now supports cardbus ATA/SATA 449 controllers.</para> 450 451 <para>A number of bugs in the &man.ata.4; driver have been 452 fixed. Most notably, master/slave device detection should 453 work better, and some problems with timeouts should be 454 resolved.</para> 455 456 <para>The &man.ata.4; driver now supports the Promise command 457 sequencer present on all modern Promise controllers 458 (PDC203** PDC206**). 459 460 <note> 461 <para>This also adds preliminary support for the 462 Promise SX4/SX4000 as a <quote>normal</quote> Promise ATA 463 controller; ATA RAID's are supported though 464 but only RAID0, RAID1 and RAID0+1.</para> 465 </note> 466 </para> 467 468 <para arch="pc98">A bug of the automatic density selection code 469 in the &man.fd.4; driver has been fixed.</para> 470 471 <para>The &man.ips.4; driver now supports the recent 472 Adaptec ServeRAID series SCSI controller cards.</para> 473 474 <para arch="sparc64">A bug in the &man.isp.4; driver 475 which prevents the cards on SBus from working correctly, 476 has been fixed.</para> 477 478 <para arch="i386">The &man.twa.4; driver, which supports 479 3ware's 9000 series PATA/SATA RAID controllers has been added. &merged;</para> 480 481 <para>The &man.umass.4; driver now supports the missing 482 ATAPI MMC commands and handles the timeout properly. &merged;</para> 483 </sect3> 484 485 <sect3 id="fs"> 486 <title>File Systems</title> 487 488 <para>The EXT2FS file system code now includes partial support 489 for large (> 4GB) files. This support is partial in that 490 it will refuse to create large files on filesystems that have 491 not been upgraded to <literal>EXT2_DYN_REV</literal> or that 492 do not have the 493 <literal>EXT2_FEATURE_RO_COMPAT_LARGE_FILE</literal> flag set 494 in the superblock.</para> 495 496 <para>A bug in GEOM that could result in I/O hangs in some rare 497 cases has been fixed.</para> 498 499 <para>A new geom_concat class has been added to concatenate 500 multiple disks to appear as a single larger disk. The 501 &man.gconcat.8; utility is used for configurating concatenated 502 disks.</para> 503 504 <para>A panic in the NFSv4 client has been fixed; this occurred 505 when attempting operations against an NFSv3/NFSv2-only 506 server.</para> 507 508 <para>The SMBFS client now has support for SMB request signing, 509 which prevents <quote>man in the middle</quote> attacks and is 510 required in order to connect to Windows 2003 servers in their 511 default configuration. As signing each message imposes a 512 significant performance penalty, this feature is only enabled 513 if the server requires it; this may eventually become an 514 option to &man.mount.smbfs.8;.</para> 515 </sect3> 516 517 <sect3 id="mm"> 518 <title>Multimedia Support</title> 519 520 <para>The meteor (video capture) driver has been removed due to 521 breakage and lack of maintainership.</para> 522 523 </sect3> 524 525 </sect2> 526 527 <sect2 id="userland"> 528 <title>Userland Changes</title> 529 530 <para>&man.bsdlabel.8; now supports a <option>-f</option> option 531 to work on files instead of disk partitions.</para> 532 533 <para>The <command>bthidcontrol</command> command and the 534 <command>bthidd</command> command, which support Bluetooth 535 HID (Human Interface Device), have been added.</para> 536 537 <para>The <command>doscmd</command> utility has been 538 removed from the &os; base system, and has been available 539 in the &os; Ports Collection instead.</para> 540 541 <para>&man.dump.8; and &man.restore.8; now support 542 a <option>-P</option> option to specify backup methods 543 other than files and tapes. The argument is passed to 544 a normal &man.sh.1; pipeline with either 545 <varname>$DUMP_VOLUME</varname> or <varname>$RESTORE_VOLUME</varname> 546 defined in the environment, respectively. 547 For more information, see &man.dump.8; and &man.restore.8;.</para> 548 549 <para arch="pc98">The &man.fdcontrol.8;, &man.fdformat.1;, and 550 &man.fdread.1; utilities now work on &os;/pc98.</para> 551 552 <para>The &man.find.1; now supports a option 553 <option>-acl</option> to locate files with &man.acl.3;.</para> 554 555 <para>&man.indent.1; now supports a <option>-ldi</option> option 556 to control indentation of local variables. A number of other 557 tunings were made to this utility.</para> 558 559 <para>&man.ifconfig.8; now supports renaming of network interfaces 560 at run-time using the <option>name</option> parameter.</para> 561 562 <para>&man.ifconfig.8; now prints the &man.polling.4; status 563 on the interface. &merged;</para> 564 565 <para>&man.ip6fw.8; now supports a <option>-n</option> flag to 566 stop it from making any changes to the rules in the kernel</para> 567 568 <para>&man.ipcs.1; now supports a <option>-u</option> option to 569 display information about IPC mechanisms owned by the specified 570 user.</para> 571 572 <para>&man.ipfw.8; now supports a <option>-b</option> flag to 573 print only the action and comment for each rule, thus omitting 574 the rule body.</para> 575 576 <para>&man.killall.1; now supports a <option>-e</option> flag to 577 make the <option>-u</option> operate on effective, rather than 578 real, user ids. &merged;</para> 579 580 <para>&man.libalias.3; now has support (and a new API) for 581 multiple aliasing instances in a single process. The existing 582 API has been reimplemented in terms of the new one to preserve 583 compatibility.</para> 584 585 <para>A <filename>libarchive</filename> library for manipulation 586 of compressed and uncompressed archive files has been 587 added. More details can be found in &man.libarchive.3;.</para> 588 589 <para arch="pc98"><filename>libdisk</filename> now uses the 590 correct PC98 disk partition value for &os;. This permits the 591 &man.sysinstall.8; disk partition editor to correctly create a 592 single &os; partition covering the entire disk. &merged;</para> 593 594 <para><filename>libdisk</filename> now uses 595 <varname>d_addr_t</varname> for disk addresses. 596 This allows &man.sysinstall.8; to properly handle disks 597 and filesystems more than 1 TB.</para> 598 599 <para arch="i386,pc98,amd64,ia64">The library formerly known as 600 <filename>libkse</filename> has been renamed 601 <filename>libpthread</filename> and is now the default threading 602 library on the i386, amd64, and ia64 platforms. 603 <application>GCC</application>'s <option>-pthread</option> 604 option has been changed to use <filename>libpthread</filename> 605 rather than <filename>libc_r</filename>. 606 607 <note> 608 <para>Users with older binaries (for example, ports compiled 609 before this change was made) should use &man.libmap.conf.5; 610 to map <filename>libc_r</filename> and/or 611 <filename>libkse</filename> to 612 <filename>libpthread</filename>.</para> 613 </note> 614 615 <note> 616 <para>Users with NVIDIA-supplied drivers and libraries may 617 need to use a &man.libmap.conf.5; that maps 618 <filename>libpthread</filename> references to the older 619 <filename>libc_r</filename> since these drivers and 620 utilities do not work with 621 <filename>libpthread</filename>.</para> 622 </note> 623 </para> 624 625 <para>&man.make.1; now supports the new <literal>.warning</literal> 626 directive.</para> 627 628 <para>Initial support for UTF-8 versions of all the currently 629 supported system locales has been added. This is primarily 630 for the benefit of the <filename role="package">misc/utf8locale</filename> 631 port.</para> 632 633 <para>The &man.logins.1; utility has been added to display 634 information about user and system accounts.</para> 635 636 <para>&man.mountd.8; now supports the <option>-p</option> option, 637 which allows users to specify a known port for use 638 in firewall rulesets.</para> 639 640 <para>&man.netstat.1; now displays the multicast group 641 memberships present in the system.</para> 642 643 <para>&man.newfs.8; and &man.mdmfs.8; now support a 644 <option>-l</option> flag to enable them to set the MAC 645 multilabel flag on new filesystems without requiring the use of 646 &man.tunefs.8;.</para> 647 648 <para>&man.nologin.8; now reports login attempts via 649 &man.syslogd.8;.</para> 650 651 <para>&man.nologin.8; has been moved from <filename>/sbin/nologin</filename> 652 to <filename>/usr/sbin/nologin</filename>, and 653 <filename>/sbin/nologin</filename> remains as a symbolic link 654 for backward compatibility.</para> 655 656 <para>A bugfix has been applied to NSS support, which fixes 657 problems when using third-party NSS modules (such as <filename 658 role="package">net/nss_ldap</filename>) and groups with large 659 membership lists.</para> 660 661 <para>The &man.pgrep.1; and &man.pkill.1; commands, which come from NetBSD, 662 have been added. They also support a <option>-M</option> option 663 to extract values associated with the name list from the 664 specified core instead of the default <filename>/dev/kmem</filename>, 665 and a <option>-N</option> option to extract the name list from 666 the specified system instead of the default kernel.</para> 667 668 <para>&man.ps.1; compatibility with POSIX/SUSv3 has been improved. 669 The changes include <option>-p</option> for a list of process IDs, 670 <option>-t</option> for a list of terminal names, 671 <option>-A</option> which is equivalent to <option>-ax</option>, 672 <option>-G</option> for a list of group IDs, 673 <option>-X</option> which is the opposite of <option>-x</option>, 674 and some minor improvements. For more information, see &man.ps.1;. 675 &merged;</para> 676 677 <para>&man.pw.8; now supports a <option>-H</option> option, which 678 accepts an encrypted password on a file descriptor. &merged;</para> 679 680 <para>The configuration files used by the &man.resolver.3; now 681 support the <literal>timeout:</literal> and 682 <literal>attempts:</literal> keywords.</para> 683 684 <para>The &man.resolver.3; and associated interfaces are now much 685 more reentrant and thread-safe. Multiple DNS lookups can now be 686 run at the same time, showing major improvements in the 687 performance of some multi-threaded applications. Some 688 multi-threaded programs need to be recompiled; examples from the 689 Ports Collection are <filename 690 role="package">www/mozilla</filename> and variants, <filename 691 role="package">mail/evolution</filename>, <filename 692 role="package">devel/gnomevfs</filename>, and <filename 693 role="package">devel/gnomevfs2</filename>.</para> 694 695 <para>&man.rmdir.1; now supports a <option>-v</option> flag, 696 which makes it verbose.</para> 697 698 <para>&man.savecore.8; now works correctly for dump files larger 699 than 2GB.</para> 700 701 <para>A bug in &man.script.1; has been fixed so that it now works 702 correctly if its stdin is closed. This fix prevents a 703 potentially dangerous interaction with the <filename 704 role="package">sysutils/portupgrade</filename> package; if it was 705 run non-interactively, it could remove all out-of-date 706 ports without reinstalling them.</para> 707 708 <para>The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon 709 has been added.</para> 710 711 <para>Many userland utilities in the base system (mostly GNU 712 contributed utilities) now use the system version of 713 &man.getopt.long.3;, rather than the GNU version.</para> 714 715 <sect3 id="rc-scripts"> 716 <title><filename>/etc/rc.d</filename> Scripts</title> 717 718 <para>The <filename>diskless</filename> script has been 719 split out into <filename>hostname</filename>, 720 <filename>resolve</filename>, <filename>tmp</filename>, and 721 <filename>var</filename> scripts.</para> 722 723 <para>The <filename>gbde_swap</filename> script, which supports 724 gbde-enabled swap devices has been added. 725 When the <varname>gbde_swap_enable</varname> variable is specified 726 in &man.rc.conf.5;, a swap device named 727 <filename>/dev/<replaceable>foo.bde</replaceable></filename> 728 in &man.fstab.5; 729 is automatically attached at boot time with the device 730 <filename>/dev/<replaceable>foo</replaceable></filename> 731 and a random key, which 732 generated by computing the MD5 checksum of 512 bytes read 733 from <filename>/dev/random</filename>. 734 Note that this prevents recovery of kernel dumps.</para> 735 736 <para>The <filename>mixer</filename> script has been added. 737 It saves the current settings of all audio mixers present 738 in the system on shutdown and restores the settings on boot.</para> 739 740 <para>The <filename>pf</filename> and <filename>pflog</filename> 741 scripts for &man.pf.4; has been added.</para> 742 </sect3> 743 </sect2> 744 745 <sect2 id="contrib"> 746 <title>Contributed Software</title> 747 748 <para>The <application>ACPI-CA</application> code has been updated 749 from the 20030619 snapshot to the 20040402 snapshot.</para> 750 751 <para><application>awk</application> from Bell Labs has been 752 updated from the 29 July 2003 release to the 7 February 2004 753 release.</para> 754 755 <para><application>CVS</application> has been updated from 756 version 1.11.10 to version 1.11.15.</para> 757 758 <para><application>gdtoa</application> (a library that performs 759 conversions of numbers between binary and decimal form) has been 760 updated from version 20030324 to version 20040118.</para> 761 762 <para><application>GNU grep</application> has been updated from 763 2.4d to 2.4.2.</para> 764 765 <para><application>GNU readline</application> 4.3 has been updated 766 with official patches 001 through 005.</para> 767 768 <para>The <application>GNU regex</application> library has been 769 updated to the version included with <application>GNU 770 grep</application> 2.4.2.</para> 771 772 <para>The <application>GNU tar</application> implementation in the 773 base system is now called <filename>gtar</filename>, with 774 <filename>tar</filename> being a link to 775 <filename>gtar</filename>.</para> 776 777 <para><application>Heimdal Kerberos</application> has been 778 updated from 0.6 to 0.6.1. 779 780 <para><application>libpcap</application> has been updated from 781 version 0.7.1 to version 0.8.3.</para> 782 783 <para><application>OpenPAM</application> has been updated from the 784 Dogwood release to the Eelgrass release.</para> 785 786 <para><application>OpenSSH</application> has been updated from 787 3.6.1p1 to 3.8p1. 788 789 <note> 790 <para>The configuration defaults for &man.sshd.8; have been 791 changed. SSH protocol version 1 is no longer enabled by 792 default. In addition, password authentication over SSH is 793 disabled by default if PAM is enabled.</para> 794 </note> 795 796 </para> 797 798 <para><application>OpenSSL</application> has been updated from 799 0.9.7c to 0.9.7d. &merged;</para> 800 801 <para><application>pf</application>, OpenBSD's packet filter as of 802 OpenBSD 3.4, has been imported into &os; source tree and is now installed 803 by default. A new user <username>proxy</username>, and two new 804 groups <username>authpf</username> and <username>proxy</username>, 805 which <application>pf</application> needs, are added as well. 806 807 <note> 808 <para>On upgrading from the source, these user accounts must be 809 added in advance. The <varname>NO_PF</varname> variable 810 in <filename>make.conf</filename> can be used to prevent 811 <application>pf</application> from building.</para> 812 </note> 813 814 <para>Several userland utilities of OpenBSD's 815 <application>pf</application> have been imported. 816 <filename>libexec/ftp-proxy</filename> is an ftp proxy for 817 <application>pf</application>, 818 <filename>sbin/pfctl</filename> is an equivalent to 819 <filename>sbin/ipf</filename>, 820 <filename>sbin/pflogd</filename> 821 is a daemon logging packets via <literal>if_pflog</literal> 822 in pcap format, and 823 <filename>usr.sbin/authpf</filename> is an authentication shell 824 to modify pf rulesets.</para> 825 826 <para><application>routed</application> has been updated from 827 release 2.22 to release 2.27 from rhyolite.com. Note that for 828 users relying on RIP's MD5 authentication feature, 829 &man.routed.8; routed is now incompatible with previous versions 830 of &os;; however it is now compatible with implementations from 831 Sun, Cisco and other vendors.</para> 832 833 <para><application>sendmail</application> has been updated from 834 version 8.12.10 to version 8.12.11. &merged;</para> 835 836 <para><application>tcpdump</application> has been updated from 837 version 3.7.1 to version 3.8.3.</para> 838 </sect2> 839 840 <sect2 id="ports"> 841 <title>Ports/Packages Collection Infrastructure</title> 842 843 <para>The <literal>SIZE</literal> attribute for distfiles, 844 which can be used for checking file sizes before fetching, 845 has been added and enabled by default. 846 <varname>DISABLE_SIZE</varname> is a user control knob 847 to disable the distfile size checking. This is especially 848 useful on old &os; versions which didn't have &man.fetch.1; 849 support for this, and for some FTP proxies which always 850 report incorrect or bogus sizes.</para> 851 852 <para>Two new files have been added to the ports tree to track 853 note-worthy changes: <filename>ports/CHANGES</filename> lists 854 major changes to the Ports Collection and its infrastructure. 855 <filename>ports/UPDATING</filename> describes some potential 856 pitfalls that can be encountered when updating certain ports, 857 analogous to <filename>src/UPDATING</filename> for the base 858 system.</para> 859 860 </sect2> 861 862 <sect2 id="releng"> 863 <title>Release Engineering and Integration</title> 864 865 <para arch="i386,pc98">The building process for boot floppy images 866 has been completely overhauled. The most significant change is 867 that the loader now boots a stock <filename>GENERIC</filename> 868 kernel split across multiple disks (two at the time of this 869 writing). This greatly improves installations that begin with a 870 boot from floppy disk, because they now use exactly the same 871 kernel (and thus support the same hardware) as CDROM 872 installations. The stripped-down <filename>MFSROOT</filename> 873 kernel is no longer needed, and the <filename>mfsroot</filename> 874 image no longer requires kernel modules. The 875 <filename>boot.flp</filename> and 876 <filename>driver.flp</filename> images are also obsolete and no 877 longer built.</para> 878 879 <para>The supported release of <application>GNOME</application> 880 has been updated from 2.4 to 2.6. 881 882 <note> 883 <para>If you are using the older <application>GNOME</application> 884 desktop itself (<filename role="package">x11/gnome2</filename>), simply upgrading it from the &os; Ports Collection 885 with 886 &man.portupgrade.1; 887 (<filename role="package">sysutils/portupgrade</filename>) 888 will cause serious problems. 889 If you are a <application>GNOME</application> desktop user, 890 please read the instructions carefully at 891 <ulink url="http://www.FreeBSD.org/gnome/docs/faq26.html"></ulink>, 892 and use the <filename>gnome_upgrade.sh</filename> script to 893 properly upgrade to <application>GNOME</application> 2.6.</para> 894 895 <para>Note that if you are just a casual user of some of the 896 <application>GNOME</application> libraries, 897 &man.portupgrade.1; should be sufficient 898 to update your ports.</para> 899 </note> 900 </para> 901 902 <para>The supported release of <application>KDE</application> 903 has been updated from 3.1.4 to 3.2.1.</para> 904 </sect2> 905 906 <sect2 id="doc"> 907 <title>Documentation</title> 908 909 <para></para> 910 911 </sect2> 912 913</sect1> 914 915<sect1 id="upgrade"> 916 <title>Upgrading from previous releases of &os;</title> 917 918 <para>Users with existing &os; systems are 919 <emphasis>highly</emphasis> encouraged to read the <quote>Early 920 Adopter's Guide to &os; &release.current;</quote>. This document generally has 921 the filename <filename>EARLY.TXT</filename> on the distribution 922 media, or any other place that the release notes can be found. It 923 offers some notes on upgrading, but more importantly, also 924 discusses some of the relative merits of upgrading to &os; 925 5.<replaceable>X</replaceable> versus running &os; 926 4.<replaceable>X</replaceable>.</para> 927 928 <important> 929 <para>Upgrading &os; should, of course, only be attempted after 930 backing up <emphasis>all</emphasis> data and configuration 931 files.</para> 932 </important> 933</sect1> 934