article.xml revision 131483
1214152Sed<articleinfo> 2214152Sed <title>&os;/&arch; &release.current; Release Notes</title> 3214152Sed 4214152Sed <corpauthor>The FreeBSD Project</corpauthor> 5222656Sed 6222656Sed <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 131483 2004-07-02 20:49:56Z hrs $</pubdate> 7214152Sed 8214152Sed <copyright> 9214152Sed <year>2000</year> 10214152Sed <year>2001</year> 11214152Sed <year>2002</year> 12214152Sed <year>2003</year> 13214152Sed <year>2004</year> 14214152Sed <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 15214152Sed </copyright> 16214152Sed 17214152Sed <abstract> 18214152Sed <para>The release notes for &os; &release.current; contain a summary 19214152Sed of 20214152Sed<![ %include.historic; [ 21222656Sed the changes made to the &os; base system since &release.prev;. 22214152Sed]]> 23214152Sed<![ %no.include.historic; [ 24214152Sed recent changes made to the &os; base system on the &release.branch; 25214152Sed development branch. 26214152Sed]]> 27214152Sed This document lists applicable security advisories that were issued since 28214152Sed the last release, as well as significant changes to the &os; 29214152Sed kernel and userland. 30 Some brief remarks on upgrading are also presented.</para> 31 </abstract> 32</articleinfo> 33 34<sect1 id="intro"> 35 <title>Introduction</title> 36 37 <para>This document contains the release notes for &os; 38 &release.current; on the &arch.print; hardware platform. It 39 describes recently added, changed, or deleted features of &os;. 40 It also provides some notes on upgrading 41 from previous versions of &os;.</para> 42 43<![ %release.type.snapshot [ 44 45 <para>The &release.type; distribution to which these release notes 46 apply represents a point along the &release.branch; development 47 branch between &release.prev; and the future &release.next;. Some 48 pre-built, binary &release.type; distributions along this branch 49 can be found at <ulink url="&release.url;"></ulink>.</para> 50 51]]> 52 53<![ %release.type.release [ 54 55 <para>This distribution of &os; &release.current; is a 56 &release.type; distribution. It can be found at <ulink 57 url="&release.url;"></ulink> or any of its mirrors. More 58 information on obtaining this (or other) &release.type; 59 distributions of &os; can be found in the <ulink 60 url="&url.main;/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining 61 FreeBSD</quote> appendix</ulink> to the <ulink 62 url="&url.main;/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 63 Handbook</ulink>.</para> 64 65]]> 66 67 <para>Users who are new to the &release.branch; series of &os; 68 &release.type;s should also read the <quote>Early Adopters Guide 69 to &os; &release.current;</quote>. This document can generally be 70 found in the same location as the release notes (either as a part of a 71 &os; distribution or on the &os; Web site). It contains important 72 information regarding the advantages and disadvantages of using 73 &os; &release.current;, as opposed to releases based on the &os; 74 4-STABLE development branch.</para> 75 76 <para>All users are encouraged to consult the release errata before 77 installing &os;. The errata document is updated with 78 <quote>late-breaking</quote> information discovered late in the 79 release cycle or after the release. Typically, it contains 80 information on known bugs, security advisories, and corrections to 81 documentation. An up-to-date copy of the errata for &os; 82 &release.current; can be found on the &os; Web site.</para> 83 84</sect1> 85 86<sect1 id="new"> 87 <title>What's New</title> 88 89 <para>This section describes 90<![ %include.historic; [ 91 the most user-visible new or changed features in &os; 92 since &release.prev;. 93 In general, changes described here are unique to the &release.branch; 94 branch unless specifically marked as &merged; features. 95]]> 96<![ %no.include.historic; [ 97 many of the user-visible new or changed features in &os; 98 since &release.prev;. It includes items that are unique to the 99 &release.branch; branch, as well as some features that may have been 100 recently merged to 101 other branches (after &os; &release.prev.historic;). The latter 102 items are marked as &merged;. 103]]> 104 </para> 105 106 <para>Typical release note items 107 document recent security advisories issued after 108 &release.prev.historic;, 109 new drivers or hardware support, new commands or options, 110 major bug fixes, or contributed software upgrades. They may also 111 list changes to major ports/packages or release engineering 112 practices. Clearly the release notes cannot list every single 113 change made to &os; between releases; this document focuses 114 primarily on security advisories, user-visible changes, and major 115 architectural improvements.</para> 116 117 <sect2 id="security"> 118 <title>Security Advisories</title> 119 120 <para>A bug in &man.mksnap.ffs.8; has been fixed; it caused the creation of a 121 filesystem snapshot to reset the flags on the filesystem to 122 their default values. The possible consequences depended on local 123 usage, but could include disabling extended access control lists 124 or enabling the use of setuid executables stored on an untrusted 125 filesystem. This bug also affected the &man.dump.8; 126 <option>-L</option> option, which uses &man.mksnap.ffs.8;. Note 127 that &man.mksnap.ffs.8; is normally only available to the 128 superuser and members of the <groupname>operator</groupname> 129 group. For more information, see security advisory <ulink 130 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para> 131 132 <para>A bug with the System V Shared Memory interface 133 (specifically the &man.shmat.2; system call) has been fixed. 134 This bug can cause a shared memory segment to reference 135 unallocated kernel memory. In turn, this can permit a local 136 attacker to gain unauthorized access to parts of kernel memory, 137 possibly resulting in disclosure of sensitive information, 138 bypass of access control mechanisms, or privilege escalation. 139 More details can be found in security advisory <ulink 140 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>. 141 &merged;</para> 142 143 <para>A programming error in the &man.jail.attach.2; system call 144 has been fixed. This error could allow a process with superuser 145 privileges inside a &man.jail.8; environment to change its root 146 directory to that of a different jail, and thus gain full read 147 and write access to files and directories within the target 148 jail. More information can be found in security advisory <ulink 149 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para> 150 151 <para>A potential low-bandwidth denial-of-service attack against 152 the &os; TCP stack has been prevented by limiting the number of 153 out-of-sequence TCP segments that can be held at one time. More 154 details can be found in security advisory <ulink 155 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>. 156 &merged;</para> 157 158 <para>A bug in <application>OpenSSL</application>'s SSL/TLS 159 ChangeCipherSpec message processing could result in 160 a null pointer dereference, has been fixed. 161 This could allow a remote attacker to crash an 162 <application>OpenSSL</application>-using 163 application and cause a denial-of-service on the system. 164 More details can be found in security advisory <ulink 165 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc">FreeBSD-SA-04:05</ulink>. 166 &merged;</para> 167 168 <para>A programming error in the handling of some IPv6 169 socket options within the &man.setsockopt.2; system call 170 has been fixed. This allows a local attacker to cause a 171 system panic, and may allow to gain unauthorized access to 172 parts of kernel memory, possibly resulting in disclosure 173 of sensitive information, bypass of access control 174 mechanisms, or privilege escalation. 175 More details can be found in security advisory <ulink 176 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc">FreeBSD-SA-04:06</ulink>.</para> 177 178 <para>Two programming errors in <application>CVS</application> 179 have been fixed. They allow a server to overwrite arbitrary 180 files on the client, and a client to read arbitrary files 181 on the server when accessing remote CVS repositories. 182 More details can be found in security advisory <ulink 183 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc">FreeBSD-SA-04:07</ulink>. &merged;</para> 184 185 <para>A bugfix for <application>Heimdal</application> rectifies a 186 problem in which it would not perform adequate checking of 187 authentication across autonomous realms. For more information, 188 see security advisory <ulink 189 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:08.heimdal.asc">FreeBSD-SA-04:08</ulink>. &merged;</para> 190 191 <para>A programming error in <application>CVS</application> which 192 allow the malicious client to overwrite arbitrary portions of 193 the server's memory has been fixed. For more information, 194 see security advisory <ulink 195 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc">FreeBSD-SA-04:10</ulink>. &merged;</para> 196 197 <para>A potential cache consistency problem of 198 the implementation of the &man.msync.2; system call 199 involving the <literal>MS_INVALIDATE</literal> 200 operation has been fixed. However, as a side effect of closing 201 this security problem, the <literal>MS_INVALIDATE</literal> 202 flag no longer guarantees that all pages in the range are invalidated. 203 Users who require the old semantics of <literal>MS_INVALIDATE</literal> 204 and are not concerned with the security issue being fixed can set the 205 <varname>vm.old_msync</varname> sysctl to 1 which will revert to 206 the old (insecure) behavior. For more information, 207 see security advisory <ulink 208 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc">FreeBSD-SA-04:11</ulink>. &merged;</para> 209 210 <para>A programming error in the &man.jail.2; system call 211 which results in a failure to verify that an attempt 212 to manipulate routing tables originated from a non-jailed process 213 has been fixed. 214 For more information, see security advisory <ulink 215 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jail.asc">FreeBSD-SA-04:12</ulink>. &merged;</para> 216 217 </sect2> 218 219 <sect2 id="kernel"> 220 <title>Kernel Changes</title> 221 222 <para arch="i386">The &man.acpi.asus.4; driver has been added 223 to use ACPI-controlled hardware features such as hot keys and 224 LCD on ASUSTek laptops.</para> 225 226 <para arch="i386">The &man.acpi.toshiba.4; driver has been added 227 to use Toshiba's Hardware Control Interface to manipulate 228 certain hardware features on Toshiba laptops.</para> 229 230 <para arch="i386">The &man.acpi.toshiba.4; driver now supports 231 video output switching.</para> 232 233 <para>The &man.acpi.video.4; driver has been added to provide 234 control display switching and backlight brightness using the 235 ACPI Video Extensions.</para> 236 237 <para arch="i386">The &man.acpi.4; driver now supports 238 per-device sysctls (<varname>dev.root0.nexus0.acpi0.acpi_lid0.wake</varname>, 239 for instance) to allow users to set whether or not a given 240 device can wake the system.</para> 241 242 <para arch="i386">The &man.acpi.4; driver has been updated to 243 be disabled automatically when the machine has well-known broken BIOS. 244 This behavior can be disabled by setting a loader tunable 245 <varname>hint.acpi.0.disabled</varname> to <literal>0</literal>.</para> 246 247 <para arch="i386">The &man.ctau.4; driver has been added for Cronyx Tau 248 synchronous serial adapters. This driver was known for a long time as 249 <quote>ct</quote> in its previous life outside the &os; source tree. &merged; 250 251 <note> 252 <para>The driver name has changed, but the network interface still 253 has the <quote>ct</quote> name.</para> 254 </note> 255 </para> 256 257 <para arch="i386,pc98">The &man.cp.4; driver has been added for Cronyx Tau-PCI 258 synchronous serial adapters. 259 </para> 260 261 <para>&man.devfs.5; path rules now work correctly on 262 directories.</para> 263 264 <para arch="i386,pc98">The dgb (DigiBoard intelligent serial card) driver has been 265 removed due to breakage. Its replacement is the &man.digi.4; driver, 266 which supports all the hardware of the dgb driver.</para> 267 268 <para>The &man.getvfsent.3; API has been removed.</para> 269 270 <para arch="sparc64">The &man.hme.4; driver now natively supports 271 long frames, so it can be used for &man.vlan.4; with full Ethernet 272 MTU size.</para> 273 274 <para>&man.jail.2; now supports use of raw sockets from within a jail. 275 This feature is disabled by default, and controlled using the 276 <varname>security.jail.allow_raw_sockets</varname> sysctl.</para> 277 278 <para arch="amd64">Loadable kernel modules now work and are 279 enabled in the amd64 build.</para> 280 281 <para arch="i386">The loran (Loran-C receiver) driver has been removed due to 282 breakage and lack of maintainership.</para> 283 284 <para>A new kernel option <literal>MAC_STATIC</literal> which 285 disables internal MAC Framework synchronization protecting against 286 dynamic load and unload of MAC policies, has been added.</para> 287 288 <para>mballoc has been replaced with mbuma, an Mbuf and Cluster 289 allocator built on top of a number of extensions to the UMA framework. 290 Due to this change, the <varname>NMBCLUSTERS</varname> kernel option 291 is no longer used. The maximum number of the clusters is still 292 capped off according to <varname>maxusers</varname>, 293 but it can be made unlimited by setting the 294 <varname>kern.ipc.nmbclusters</varname> loader tunable to zero.</para> 295 296 <para>The midi driver, which supports serial port and several sound cards, 297 has been removed.</para> 298 299 <para>A bug in &man.mmap.2; that pages marked as <literal>PROT_NONE</literal> 300 may become readable under certain circumstances, has been fixed. &merged;</para> 301 302 <para>&man.nmdm.4; has been rewritten to improve the reliability.</para> 303 304 <para>The raid(4), RAIDframe disk driver from NetBSD has been removed. 305 This is currently non-functional, and would require some amount of work 306 to make it work under the &man.geom.4; API in 5-CURRENT.</para> 307 308 <para arch="sparc64">The &man.sab.4; now supports 309 <literal>BREAK_TO_DEBUGGER</literal> kernel option.</para> 310 311 <para arch="i386,pc98">The sx driver, which supports Specialix I/O8+ and I/O4+ 312 intelligent multiport serial controllers has been added.</para> 313 314 <para>A devclass level has been added to the dev sysctl tree, 315 in order to support per-class variables in addition to 316 per-device variables. This means that <varname>dev.foo0.bar</varname> 317 is now called <varname>dev.foo.0.bar</varname>, and it is 318 possible to to have <varname>dev.foo.bar</varname> as well.</para> 319 320 <para>A sysctl <varname>kern.sched.name</varname> 321 which has the name of the scheduler currently in use, 322 has been added, and the <varname>kern.quantum</varname> sysctl 323 has been moved to <varname>kern.sched.quantum</varname> 324 for consistency.</para> 325 326 <para arch="alpha,amd64,i386">For the &man.uart.4; device 327 <varname>hw.uart.console</varname> and 328 <varname>hw.uart.dbgport</varname> environment variables 329 have been added. They can be used to select a serial console and 330 debug port respectively, as well as the attributes.</para> 331 332 <para>The &man.ubser.4; device driver has been added to support 333 BWCT console management serial adapters.</para> 334 335 <para>The ULE scheduler is now the default scheduler in the 336 <filename>GENERIC</filename> kernel. For the average user, 337 interactivity is reported to be better in many cases. This 338 means less <quote>skipping</quote> and <quote>jerking</quote> in 339 interactive applications while the machine is very busy. This 340 will not prevent problems due to overloaded disk subsystems, but 341 it does help with overloaded CPUs. On SMP machines, ULE has 342 per-CPU run queues which allow for CPU affinity, CPU binding, 343 and advanced HyperThreading support, as well as providing a 344 framework for more optimizations in the future. As fine-grained 345 kernel locking continues, the scheduler will be able to make 346 more efficient use of the available parallel resources.</para> 347 348 <!-- Above this line, sort kernel changes by manpage/keyword--> 349 350 <para>The device driver infrastructure (as well as many drivers) 351 have been updated. Among the changes: Many more drivers now use 352 automatically-assigned major numbers (instead of the old static 353 major numbers). Enhanced functions to support cloning of 354 pseudodevices. Several changes to the driver API, including a 355 new <varname>d_version</varname> field in <varname>struct 356 cdevsw</varname>. Note that third-party device drivers will 357 require recompiling after this change.</para> 358 359 <para>The pseudo-interface cloning has been updated and 360 the match function to allow creation of &man.stf.4; 361 interfaces named <devicename>stf0</devicename>, 362 <devicename>stf</devicename>, or <devicename>6to4</devicename>. 363 Note that this breaks backward compatibility; for example, 364 now <command>ifconfig stf</command> creates 365 the interface named <devicename>stf</devicename>, 366 not <devicename>stf0</devicename>, and does not print 367 <devicename>stf0</devicename> to stdout.</para> 368 369 <para>The kernel's file descriptor allocation code has been 370 updated, and is now derived from similar code in OpenBSD.</para> 371 372 <para arch="sparc64">On &os;/sparc64, <varname>time_t</varname> 373 has been changed from a 32-bit value to a 64-bit value. 374 375 <note> 376 <para>Since this change is not backward-compatible, 377 any programs which were built on an older system using 378 a 32-bit <varname>time_t</varname> and 379 call system routines for handling 380 <varname>time_t</varname> values, will have to be recompiled. 381 More detailed information and notice on upgrading from 382 the source can be found in 383 <filename>/usr/src/UPDATING.64BTT</filename>.</para> 384 </note> 385 </para> 386 387 <para arch="i386">It is now possible to compile the &os;/i386 388 kernel with the Intel C/C++ Compiler (as in the <filename 389 role="package">lang/icc</filename> port).</para> 390 391 <sect3 id="proc"> 392 <title>Platform-Specific Hardware Support</title> 393 394 <para arch="i386">The entropy device &man.random.4; now 395 supports a hardware random number generator (RNG) 396 in the VIA C3 Nehemiah (Stepping 3 and above) CPU.</para> 397 398 <para arch="i386">Several old drivers for ISA cards have been removed, 399 including 400 the asc driver for GI1904-based hand scanners, 401 the ctx driver for CORTEX-I Frame Grabber, 402 the gp driver for National Instruments AT-GPIB and AT-GPIB/TNT boards, 403 the gsc driver for the Genius GS-4500 hand scanner, 404 the le driver for DEC EtherWORKS II and III Ethernet controllers, 405 the rdp driver for RealTek RTL 8002-based pocket Ethernet adapters, 406 the spigot driver for the Creative Labs Video Spigot video-acquisition board, 407 the stl and stli drivers for Stallion Technologies multiport serial 408 controllers, and the wt driver for Archive/Wangtek cartridge tapes. 409 They are currently non-functional, and would require a considerable 410 amount of work to make them work under the new API in 5-CURRENT. 411 The userland support such as related ioctls and utilities including 412 sasc and sgsc has also been removed.</para> 413 414 <para>A new sysctl, <varname>kern.always_console_output</varname> 415 which makes outputs from the kernel go to the console despite 416 <varname>TIOCCONS</varname>.</para> 417 </sect3> 418 419 <sect3 id="boot"> 420 <title>Boot Loader Changes</title> 421 422 <para arch="i386">A serial console-capable version of 423 <filename>boot0</filename> has been added. It can be written 424 to a disk using &man.boot0cfg.8; and specifying 425 <filename>/boot/boot0sio</filename> as the argument to the 426 <option>-b</option> option.</para> 427 428 <para arch="i386"><filename>cdboot</filename> now works around a 429 BIOS problem observed on some systems when booting from USB 430 CDROM drives.</para> 431 432 <!-- Above this line, order boot loader changes by keyword--> 433 434 </sect3> 435 436 <sect3 id="net-if"> 437 <title>Network Interface Support</title> 438 439 <para arch="i386">The &man.arl.4; driver, which supports 440 Aironet Arlan 655 wireless adapters has been added. &merged;</para> 441 442 <para arch="sparc64">The &man.dc.4; driver now supports sparc64 443 Davicom cards that store their MAC address in 444 OpenFirmware.</para> 445 446 <para>A short hiccup in the &man.em.4; driver during parameter 447 reconfiguration, has been fixed. &merged;</para> 448 449 <para>The &man.fwip.4; driver, which supports IP over FireWire has been added. 450 Note that currently the broadcast channel number is hardwired and 451 MCAP for multicast channel allocation is not supported. 452 This driver is intended to conform to the RFC 2734 and RFC 3146 453 standard for IP over FireWire and eventually replace 454 the &man.fwe.4; driver.</para> 455 456 <para arch="i386,pc98">The hea (Efficient Networks, Inc. ENI-155p ATM adapter) 457 driver has been removed due to breakage. Its functionality 458 has been subsumed into the &man.en.4; driver.</para> 459 460 <para>&man.fxp.4; now uses the device sysctl tree such as 461 <varname>dev.fxp0</varname>, and those sysctls can be set 462 on a per-device basis.</para> 463 464 <para>The &man.ixgb.4; driver, which supports 465 Intel PRO/10GBE 10 gigabit Ethernet cards, has been 466 added. &merged;</para> 467 468 <para arch="i386">The lmc (LAN Media Corp. PCI WAN adapter) driver has been 469 removed due to breakage and lack of maintainership.</para> 470 471 <para arch="i386">&os; now provides a binary compatibility layer 472 for using µsoft.windows; NDIS drivers for network 473 adapters under &os;/i386. It includes a relocator/linker for 474 &windows; <filename>.SYS</filename> files to interface with 475 the &os; kernel and emulates various parts of the NDIS API 476 using native &os; kernel functions. This system supports PCI 477 and CardBus network devices, and is designed principally for 478 Ethernet and wireless network interfaces. 479 For more information, see the &man.ndis.4; and 480 &man.ndiscvt.8; manual pages.</para> 481 482 <para>The &man.ng.atmllc.4; Netgraph node type, which handles 483 RFC 1483 ATM LLC encapsulation, has been added.</para> 484 485 <para>The &man.ng.hub.4; Netgraph node type, which supports 486 a simple packet distribution that acts like an Ethernet hub 487 has been added. &merged;</para> 488 489 <para>The &man.ng.rfc1490.4; Netgraph node type now supports 490 Cisco style encapsulation which is often used alongside 491 RFC 1490 in frame relay links.</para> 492 493 <para>The &man.ng.sppp.4; Netgraph node type, which is a &man.netgraph.4 494 interface to the original &man.sppp.4 network module for synchronous 495 lines has been added.</para> 496 497 <para>A new Netgraph method to allow restoration of some 498 behavior lost in the change from 4.x style &man.ng.tee.4; 499 Netgraph nodes.</para> 500 501 <para>The &man.ng.vlan.4; Netgraph node type, which supports 502 IEEE 802.1Q VLAN tagging has been added. &merged;</para> 503 504 <para>A bug that prevents VLAN support in the &man.nge.4; driver 505 from working has been fixed. &merged;</para> 506 507 <para>The &man.pci.4; bus resource and power management have 508 been updated. 509 510 <note> 511 <para>Although the &man.pci.4; bus power state management 512 has been enabled, it may cause problems on some systems. 513 This can be disabled by setting the tunable 514 <varname>hw.pci.do_powerstate</varname> to 0.</para> 515 </note> 516 </para> 517 518 <para>Several bugs related to &man.polling.4; support 519 in the &man.rl.4; driver have been fixed. &merged;</para> 520 521 <para>Several bugs related to multicast and promiscuous mode 522 handling in the &man.sk.4; driver have been fixed.</para> 523 524 <para>The &man.ste.4; driver now supports &man.polling.4;. 525 &merged;</para> 526 527 <para>The &man.udav.4; driver has been added. It provides 528 support for USB Ethernet adapters based on the Davicom DM9601 529 chipset.</para> 530 531 <para>The &man.vr.4; driver now supports &man.polling.4;. &merged;</para> 532 533 <para>The hardware TX checksum support in the &man.xl.4; driver 534 has been disabled as it does not work correctly and slows down 535 the transmission rate. &merged;</para> 536 537 <para>The per-interface &man.polling.4; support has been 538 implemented. All of the network drivers that support &man.polling.4; 539 (&man.dc.4;, &man.fxp.4;, &man.em.4;, &man.nge.4;, &man.re.4;, 540 &man.rl.4;, &man.sis.4;, &man.ste.4;, and &man.vr.4;) 541 now also support this capability and it can be controlled 542 via &man.ifconfig.8;. &merged;</para> 543 </sect3> 544 545 <sect3 id="net-proto"> 546 <title>Network Protocols</title> 547 548 <para>The <literal>DA_OLD_QUIRKS</literal> kernel option, 549 which is for the CAM SCSI disk driver (&man.cam.4;) 550 has been removed. &merged;</para> 551 552 <para>The &man.gre.4; tunnel driver now supports WCCP version 553 2.</para> 554 555 <para>&man.ipfw.4; rules now support the <literal>versrcreach</literal> 556 option to verify that a valid route to the source address 557 of a packet exists in the routing table. 558 This option is very useful for routers with a complete view of 559 the Internet (BGP) in the routing table to reject packets with 560 spoofed or unroutable source addresses. For example, 561 562 <programlisting>deny ip from any to any not versrcreach</programlisting> 563 564 is equivalent to the following in Cisco IOS syntax: 565 566 <programlisting>ip verify unicast source reachable-via any</programlisting> 567 </para> 568 569 <para>&man.ipfw.4; now supports lookup tables. This feature is 570 useful for handling large sparse address sets. &merged;</para> 571 572 <para>A new sysctl <varname>net.inet.ip.process_options</varname> 573 to control the processing of IP options. When this sysctl 574 is set to <literal>0</literal> IP options are ignored and passed unmodified, 575 set to <literal>1</literal> all IP options are processed (default), 576 and set to <literal>2</literal> all packets with 577 IP options are rejected with ICMP filter prohibited message, 578 respectively.</para> 579 580 <para>Some bugs in the IPsec implementation from the KAME 581 Project have been fixed. These bugs were related to freeing 582 memory objects before all references to them were removed, and 583 could cause erratic behavior or kernel panics after flushing 584 the Security Policy Database (SPD).</para> 585 586 <para>The <literal>PFIL_HOOKS</literal> option is now enabled by 587 default in the <filename>GENERIC</filename> kernel. The most 588 notable effect of this change is to make 589 <application>IPFilter</application> work correctly when loaded 590 as a kernel module.</para> 591 592 <para>The link state change notification of Ethernet media 593 support has been added to the routing socket.</para> 594 595 <para>The following TCP features are now enabled by default: RFC 596 3042 (Limited Retransmit), RFC 3390 (increased initial 597 congestion window sizes), TCP bandwidth-delay product 598 limiting. More information can be found in &man.tcp.4;.</para> 599 600 <para>&os;'s TCP implementation now includes support for a 601 minimum MSS (settable via the 602 <varname>net.inet.tcp.minmss</varname> sysctl variable) and a 603 rate limit on connections that send many small TCP segments 604 within a short period of time (via the 605 <varname>net.inet.tcp.minmssoverload</varname> sysctl 606 variable). Connections exceeding this limit may be reset and 607 dropped. This feature provides protection against a class of 608 resource exhaustion attacks.</para> 609 610 <para>The TCP implementation now includes partial (output-only) 611 support for RFC 2385 (TCP-MD5) digest support. This feature, 612 enabled with the <literal>TCP_SIGNATURE</literal> and 613 <literal>FAST_IPSEC</literal> kernel options, is a TCP option 614 for authenticating TCP sessions. &man.setkey.8; now includes 615 support for the TCP-MD5 class of security associations. 616 &merged;</para> 617 618 <para>The TCP connection reset handling has been improved to 619 make several reset attacks as difficult as possible while 620 maintaining compatibility with the widest range of TCP stacks.</para> 621 622 <para>The implementation of RFC 1948 has been improved. 623 The time offset component of an ISN now includes random positive 624 increments between clock ticks so that ISNs will always 625 be increasing, no matter how quickly the port is recycled.</para> 626 627 <para>The random ephemeral port allocation, which come from OpenBSD 628 has been implemented. This is enabled by default and can be disabled 629 using the <varname>net.inet.ip.portrange.randomized</varname> 630 sysctl. &merged;</para> 631 632 <para>TCP Selective Acknowledgements (SACK) as described in RFC 633 2018 have been added. This improves TCP performance over 634 connections with heavy packet loss. SACK can be enabled with 635 the sysctl <varname>net.inet.tcp.sack.enable</varname>.</para> 636 637 <para>&man.udav.4; driver now supports promiscuous mode.</para> 638 639 </sect3> 640 641 <sect3 id="disks"> 642 <title>Disks and Storage</title> 643 644 <para>The &man.ata.4; driver now supports cardbus ATA/SATA 645 controllers.</para> 646 647 <para>A number of bugs in the &man.ata.4; driver have been 648 fixed. Most notably, master/slave device detection should 649 work better, and some problems with timeouts should be 650 resolved.</para> 651 652 <para>The &man.ata.4; driver now supports the Promise command 653 sequencer present on all modern Promise controllers 654 (PDC203** PDC206**). 655 656 <note> 657 <para>This also adds preliminary support for the 658 Promise SX4/SX4000 as a <quote>normal</quote> Promise ATA 659 controller; ATA RAID's are supported though 660 but only RAID0, RAID1 and RAID0+1.</para> 661 </note> 662 </para> 663 664 <para arch="pc98">A bug of the automatic density selection code 665 in the &man.fd.4; driver has been fixed.</para> 666 667 <para>The &man.ips.4; driver now supports the recent 668 Adaptec ServeRAID series SCSI controller cards.</para> 669 670 <para arch="sparc64">A bug in the &man.isp.4; driver 671 which prevents the cards on SBus from working correctly, 672 has been fixed.</para> 673 674 <para arch="i386">The &man.twa.4; driver, which supports 675 3ware's 9000 series PATA/SATA RAID controllers has been added. &merged;</para> 676 677 <para>The &man.umass.4; driver now supports the missing 678 ATAPI MMC commands and handles the timeout properly. &merged;</para> 679 680 <para>The &man.vinum.4; volume manager, has been updated to use 681 &man.geom.4;, the 5.x disk I/O request transformation framework. 682 A gvinum userland tool has been added.</para> 683 684 <para arch="sparc64">The &man.esp.4; device driver has been 685 ported from NetBSD to support the SBus SCSI card in Sun Ultra 686 1e and 2 machines.</para> 687 688 <para>Support for LSI-type software RAID has been added.</para> 689 690 </sect3> 691 692 <sect3 id="fs"> 693 <title>File Systems</title> 694 695 <para>The EXT2FS file system code now includes partial support 696 for large (> 4GB) files. This support is partial in that 697 it will refuse to create large files on filesystems that have 698 not been upgraded to <literal>EXT2_DYN_REV</literal> or that 699 do not have the 700 <literal>EXT2_FEATURE_RO_COMPAT_LARGE_FILE</literal> flag set 701 in the superblock.</para> 702 703 <para>A bug in GEOM that could result in I/O hangs in some rare 704 cases has been fixed.</para> 705 706 <para>A new <literal>GEOM_CONCAT</literal> 707 class has been added to concatenate 708 multiple disks to appear as a single larger disk.</para> 709 710 <para>A new <literal>GEOM_NOP</literal> class for various 711 testing purposes has been added.</para> 712 713 <para>A new <literal>GEOM_STRIPE</literal> 714 class which implements RAID0 transformation has been added.</para> 715 716 <para>GEOM Gate, which consists of a new <literal>GEOM_GATE</literal> 717 class and several GEOM Gate userland utilities 718 (&man.ggatel.8;, &man.ggatec.8;, 719 and &man.ggated.8;) has been added. It supports exporting 720 devices including not GEOM-aware ones through network.</para> 721 722 <para>A new <literal>GEOM_LABEL</literal> 723 class to detect volume labels on various file systems, 724 such as UFS, MSDOSFS (FAT12, FAT16, FAT32), and ISO9660, 725 has been added.</para> 726 727 <para>A new kernel option <literal>GEOM_GPT</literal> 728 which supports the ability to have a large 729 number of partitions on a single disk, has been added into 730 <filename>GENERIC</filename> by default.</para> 731 732 <para>A new <literal>GEOM_VINUM</literal> class to support 733 cooperation between &man.vinum.4; and &man.geom.4;, 734 has been added.</para> 735 736 <para>A panic in the NFSv4 client has been fixed; this occurred 737 when attempting operations against an NFSv3/NFSv2-only 738 server.</para> 739 740 <para>The SMBFS client now has support for SMB request signing, 741 which prevents <quote>man in the middle</quote> attacks and is 742 required in order to connect to Windows 2003 servers in their 743 default configuration. As signing each message imposes a 744 significant performance penalty, this feature is only enabled 745 if the server requires it; this may eventually become an 746 option to &man.mount.smbfs.8;.</para> 747 </sect3> 748 749 <sect3 id="mm"> 750 <title>Multimedia Support</title> 751 752 <para>The meteor (video capture) driver has been removed due to 753 breakage and lack of maintainership.</para> 754 755 <para>The Direct Rendering Manager (DRM) code has been updated 756 from the DRI Project CVS tree as of 2004-05-26. This update 757 includes new PCI IDs and a new packet for Radeon.</para> 758 759 </sect3> 760 761 <sect3> 762 <title>Contributed Software</title> 763 764 <para><application>ALTQ framework</application> 765 has been imported from the KAME snapshot as of 20040607. 766 This import breaks ABI compatibility of 767 <varname>struct ifnet</varname>.</para> 768 769 <para><application>IPFilter</application> has been updated 770 from version 3.4.31 to version 3.4.35.</para> 771 772 <para arch="ia64">An ia64 stack unwinder, 773 <application>Unwind Express (libuwx)</application> 774 by Hewlett-Packard has been imported for use in the kernel.</para> 775 </sect3> 776 </sect2> 777 778 <sect2 id="userland"> 779 <title>Userland Changes</title> 780 781 <para>&man.bsdlabel.8; now supports a <option>-f</option> option 782 to work on files instead of disk partitions.</para> 783 784 <para>The <command>bthidcontrol</command> command and the 785 <command>bthidd</command> command, which support Bluetooth 786 HID (Human Interface Device), have been added.</para> 787 788 <para>&man.conscontrol.8; now supports 789 <literal>set</literal> and <literal>unset</literal> 790 commands which set/unset the virtual console. 791 <literal>unset</literal> makes outputs from the system, such as 792 the kernel &man.printf.9;, always go out to the real 793 main console. This is an interface to the tty ioctl 794 <varname>TIOCCONS</varname>.</para> 795 796 <para>The &man.cron.8 daemon now accepts two new options, 797 <option>-j</option> and <option>-J</option>, to enable 798 time jitter for jobs to run as unprivileged users and the 799 superuser, respectively. Time jitter means that &man.cron.8 800 will sleep for a small random period of time in the specified 801 range before executing a job. This feature is intended to 802 smooth load peaks appearing when a lot of jobs are scheduled 803 for a particular moment. &merged;</para> 804 805 <para>&man.cut.1; <option>-c</option>, 806 <option>-d</option>, and <option>-f</option> 807 now work correctly in locales with multibyte characters.</para> 808 809 <para>&man.daemon.8; now supports a <option>-p</option> 810 option to create a PID file.</para> 811 812 <para>&man.df.1; now supports a <option>-c</option> option to display 813 a grand total of statistics for file systems.</para> 814 815 <para>The <command>doscmd</command> utility has been 816 removed from the &os; base system, and has been available 817 in the &os; Ports Collection instead.</para> 818 819 <para>&man.dump.8; and &man.restore.8; now support 820 a <option>-P</option> option to specify backup methods 821 other than files and tapes. The argument is passed to 822 a normal &man.sh.1; pipeline with either 823 <varname>$DUMP_VOLUME</varname> or <varname>$RESTORE_VOLUME</varname> 824 defined in the environment, respectively. 825 For more information, see &man.dump.8; and &man.restore.8;.</para> 826 827 <para>The &man.eeprom.8; utility to display and 828 modify system configurations stored in EEPROM or NVRAM 829 has been added. The current implementation supports 830 systems equipped with Open Firmware.</para> 831 832 <para arch="pc98">The &man.fdcontrol.8;, &man.fdformat.1;, and 833 &man.fdread.1; utilities now work on &os;/pc98.</para> 834 835 <para>The &man.find.1; utility now supports a <option>-acl</option> 836 primary to locate files with &man.acl.3;.</para> 837 838 <para>The &man.find.1; utility now supports a new primary 839 <option>-depth <replaceable>n</replaceable></option> 840 which tests whether the depth of the current file relative 841 to the starting point of the traversal is <replaceable>n</replaceable>. 842 &merged;</para> 843 844 <para>The &man.geom.8; utility for operating on GEOM classes 845 from the userland has been added.</para> 846 847 <para>The &man.id.1; now supports a <option>-M</option> option 848 to print the MAC label of the current process.</para> 849 850 <para>&man.indent.1; now supports a <option>-ldi</option> option 851 to control indentation of local variables. A number of other 852 tunings were made to this utility.</para> 853 854 <para>&man.indent.1; now supports <option>-fbs</option> and 855 <option>-ut</option> for function declarations 856 with the opening brace on the same line as the declaration 857 of arguments all spaces and no tabs in order 858 to fix problem when non-8 space tabs are used.</para> 859 860 <para>&man.ifconfig.8; now supports renaming of network interfaces 861 at run-time using the <option>name</option> parameter.</para> 862 863 <para>&man.ifconfig.8; now prints the &man.polling.4; status 864 on the interface. &merged;</para> 865 866 <para>&man.ip6fw.8; now supports a <option>-n</option> flag to 867 stop it from making any changes to the rules in the kernel</para> 868 869 <para>&man.ipcs.1; now supports a <option>-u</option> option to 870 display information about IPC mechanisms owned by the specified 871 user.</para> 872 873 <para>&man.ipfw.8; now supports a <option>-b</option> flag to 874 print only the action and comment for each rule, thus omitting 875 the rule body.</para> 876 877 <para>&man.jail.8; now supports a <option>-U</option> option to 878 run command as a user which exists only in the &man.jail.2; 879 environment.</para> 880 881 <para>&man.killall.1; now supports a <option>-e</option> flag to 882 make the <option>-u</option> operate on effective, rather than 883 real, user IDs. &merged;</para> 884 885 <para>&man.libalias.3; now has support (and a new API) for 886 multiple aliasing instances in a single process. The existing 887 API has been reimplemented in terms of the new one to preserve 888 compatibility.</para> 889 890 <para>A <filename>libarchive</filename> library for manipulation 891 of compressed and uncompressed archive files has been 892 added. More details can be found in &man.libarchive.3;.</para> 893 894 <para arch="pc98"><filename>libdisk</filename> now uses the 895 correct PC98 disk partition value for &os;. This permits the 896 &man.sysinstall.8; disk partition editor to correctly create a 897 single &os; partition covering the entire disk. &merged;</para> 898 899 <para><filename>libdisk</filename> now uses 900 <varname>d_addr_t</varname> for disk addresses. 901 This allows &man.sysinstall.8; to properly handle disks 902 and filesystems more than 1 TB.</para> 903 904 <para arch="i386,pc98,amd64,ia64">The library formerly known as 905 <filename>libkse</filename> has been renamed 906 <filename>libpthread</filename> and is now the default threading 907 library on the i386, amd64, and ia64 platforms. 908 <application>GCC</application>'s <option>-pthread</option> 909 option has been changed to use <filename>libpthread</filename> 910 rather than <filename>libc_r</filename>. 911 912 <note> 913 <para>Users with older binaries (for example, ports compiled 914 before this change was made) should use &man.libmap.conf.5; 915 to map <filename>libc_r</filename> and/or 916 <filename>libkse</filename> to 917 <filename>libpthread</filename>.</para> 918 </note> 919 920 <note> 921 <para>Users with NVIDIA-supplied drivers and libraries may 922 need to use a &man.libmap.conf.5; that maps 923 <filename>libpthread</filename> references to the older 924 <filename>libc_r</filename> since these drivers and 925 utilities do not work with 926 <filename>libpthread</filename>.</para> 927 </note> 928 </para> 929 930 <para>&man.ls.1; now treat filenames as multibyte character strings 931 according to the current <varname>LC_CTYPE</varname> 932 when determining which characters are printable.</para> 933 934 <para>&man.make.1; now supports the new <literal>.warning</literal> 935 directive.</para> 936 937 <para>&man.newsyslog.8; now allows the users to set 938 a debugging option via the <filename>newsyslog.conf</filename> 939 file.</para> 940 941 <para>&man.newsyslog.8; now uses a new order when processing 942 files to rotate. The order first rotate all files that need 943 to be rotated, and then send a single signal to each process 944 which needs to be signaled, and finally it will compress 945 all the files which were rotated.</para> 946 947 <para>Initial support for UTF-8 versions of all the currently 948 supported system locales has been added. This is primarily 949 for the benefit of the <filename role="package">misc/utf8locale</filename> 950 port.</para> 951 952 <para>An Israel Hebrew locale <literal>he_IL.UTF-8</literal> 953 has been added.</para> 954 955 <para>The &man.logins.1; utility has been added to display 956 information about user and system accounts.</para> 957 958 <para>&man.mountd.8; now supports the <option>-p</option> option, 959 which allows users to specify a known port for use 960 in firewall rulesets.</para> 961 962 <para>&man.netstat.1; now displays the multicast group 963 memberships present in the system.</para> 964 965 <para>&man.newfs.8; and &man.mdmfs.8; now support a 966 <option>-l</option> flag to enable them to set the MAC 967 multilabel flag on new filesystems without requiring the use of 968 &man.tunefs.8;.</para> 969 970 <para>&man.nologin.8; now reports login attempts via 971 &man.syslogd.8;.</para> 972 973 <para>&man.nologin.8; has been moved from <filename>/sbin/nologin</filename> 974 to <filename>/usr/sbin/nologin</filename>, and 975 <filename>/sbin/nologin</filename> remains as a symbolic link 976 for backward compatibility.</para> 977 978 <para>A bugfix has been applied to NSS support, which fixes 979 problems when using third-party NSS modules (such as <filename 980 role="package">net/nss_ldap</filename>) and groups with large 981 membership lists.</para> 982 983 <para>The &man.pgrep.1; and &man.pkill.1; commands, which come from NetBSD, 984 have been added. They also support a <option>-M</option> option 985 to extract values associated with the name list from the 986 specified core instead of the default <filename>/dev/kmem</filename>, 987 and a <option>-N</option> option to extract the name list from 988 the specified system instead of the default kernel.</para> 989 990 <para>&man.ps.1; compatibility with POSIX/SUSv3 has been improved. 991 The changes include <option>-p</option> for a list of process IDs, 992 <option>-t</option> for a list of terminal names, 993 <option>-A</option> which is equivalent to <option>-ax</option>, 994 <option>-G</option> for a list of group IDs, 995 <option>-X</option> which is the opposite of <option>-x</option>, 996 and some minor improvements. For more information, see &man.ps.1;. 997 &merged;</para> 998 999 <para>&man.ps.1; now supports a <option>-O emul</option> 1000 format option, which prints the name of the system call emulation 1001 environment the process is in.</para> 1002 1003 <para>&man.pw.8; now supports a <option>-H</option> option, which 1004 accepts an encrypted password on a file descriptor. &merged;</para> 1005 1006 <para>A bug in &man.rarpd.8; that prevents it from working properly 1007 when a interface has more than one IP address has been fixed. 1008 &merged;</para> 1009 1010 <para>The configuration files used by the &man.resolver.3; now 1011 support the <literal>timeout:</literal> and 1012 <literal>attempts:</literal> keywords.</para> 1013 1014 <para>The &man.resolver.3; and associated interfaces are now much 1015 more reentrant and thread-safe. Multiple DNS lookups can now be 1016 run at the same time, showing major improvements in the 1017 performance of some multi-threaded applications. Some 1018 multi-threaded programs need to be recompiled; examples from the 1019 Ports Collection are <filename 1020 role="package">www/mozilla</filename> and variants, <filename 1021 role="package">mail/evolution</filename>, <filename 1022 role="package">devel/gnomevfs</filename>, and <filename 1023 role="package">devel/gnomevfs2</filename>.</para> 1024 1025 <para>&man.rmdir.1; now supports a <option>-v</option> flag, 1026 which makes it verbose.</para> 1027 1028 <para>&man.savecore.8; now works correctly for dump files larger 1029 than 2GB.</para> 1030 1031 <para>A bug in &man.script.1; has been fixed so that it now works 1032 correctly if its stdin is closed. This fix prevents a 1033 potentially dangerous interaction with the <filename 1034 role="package">sysutils/portupgrade</filename> package; if it was 1035 run non-interactively, it could remove all out-of-date 1036 ports without reinstalling them.</para> 1037 1038 <para>The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon 1039 has been added.</para> 1040 1041 <para>&man.sha1.1; and &man.rmd160.1; utility have been added. 1042 &merged;</para> 1043 1044 <para>&man.smbmsg.8;, a small utility to send/receive SMBus messages 1045 has been added.</para> 1046 1047 <para arch="sparc64">&man.sunlabel.8; now supports two new flags: 1048 <option>-c</option> to calculate all partition sizes 1049 in cylinders as opposed to sectors, and 1050 <option>-h</option> to print the label in human readable 1051 size/offset format.</para> 1052 1053 <para>&man.talk.1; now use <hostid>localhost</hostid> 1054 as a default machine name in &man.talkd.8; 1055 request packets, when the destination and source are local. 1056 This makes &man.talk.1; dependent on a valid host entry 1057 for <hostid>localhost</hostid> in <filename>/etc/hosts</filename> 1058 or the DNS.</para> 1059 1060 <para>&man.tftpd.8; now supports two new options: 1061 a <option>-w</option> option allows new files to be created, 1062 and a <option>-U</option> option allows the umask to be set.</para> 1063 1064 <para>&man.top.1; now supports to display the current amount 1065 of I/O. This feature can be enabled by hitting <quote>m</quote> 1066 or passing the command line option <option>-m io</option>.</para> 1067 1068 <para arch="amd64">&man.truss.1; now includes early support 1069 for &os;/amd64.</para> 1070 1071 <para>Many userland utilities in the base system (mostly GNU 1072 contributed utilities) now use the system version of 1073 &man.getopt.long.3;, rather than the GNU version.</para> 1074 1075 <sect3 id="rc-scripts"> 1076 <title><filename>/etc/rc.d</filename> Scripts</title> 1077 1078 <para>The <filename>diskless</filename> script has been 1079 split out into <filename>hostname</filename>, 1080 <filename>resolve</filename>, <filename>tmp</filename>, and 1081 <filename>var</filename> scripts.</para> 1082 1083 <para>The <filename>gbde_swap</filename> script, which supports 1084 gbde-enabled swap devices has been added. 1085 When the <varname>gbde_swap_enable</varname> variable is specified 1086 in &man.rc.conf.5;, a swap device named 1087 <filename>/dev/<replaceable>foo.bde</replaceable></filename> 1088 in &man.fstab.5; 1089 is automatically attached at boot time with the device 1090 <filename>/dev/<replaceable>foo</replaceable></filename> 1091 and a random key, which 1092 generated by computing the MD5 checksum of 512 bytes read 1093 from <filename>/dev/random</filename>. 1094 Note that this prevents recovery of kernel dumps.</para> 1095 1096 <para>The <varname>ip6addrctl_enable</varname> and 1097 <varname>ip6addrctl_verbose</varname> have been added. 1098 When <varname>ip6addrctl_enable</varname> is set 1099 to <literal>YES</literal>, 1100 the address selection policy is installed into the kernel. 1101 If there is <filename>/etc/ip6addrctl.conf</filename> 1102 it will be used, otherwise a default policy will be installed. 1103 The default policy is one described in RFC 3484 when 1104 <varname>ipv6_enable</varname> is set to <literal>YES</literal>. 1105 Otherwise, the priority policy for IPv4 address will be used 1106 as a default policy.</para> 1107 1108 <para>The <filename>mixer</filename> script has been added. 1109 It saves the current settings of all audio mixers present 1110 in the system on shutdown and restores the settings on boot.</para> 1111 1112 <para>The <filename>pf</filename> and <filename>pflog</filename> 1113 scripts for &man.pf.4; has been added.</para> 1114 </sect3> 1115 </sect2> 1116 1117 <sect2 id="contrib"> 1118 <title>Contributed Software</title> 1119 1120 <para>The <application>ACPI-CA</application> code has been updated 1121 from the 20030619 snapshot to the 20040527 snapshot.</para> 1122 1123 <para><application>awk</application> from Bell Labs has been 1124 updated from the 29 July 2003 release to the 7 February 2004 1125 release.</para> 1126 1127 <para><application>Binutils</application> have been updated to 1128 a 23 May 2004 snapshot from the FSF 2.15 branch.</para> 1129 1130 <para><application>CVS</application> has been updated from 1131 version 1.11.15 to version 1.11.17. &merged;</para> 1132 1133 <para><application>gdtoa</application> (a library that performs 1134 conversions of numbers between binary and decimal form) has been 1135 updated from version 20030324 to version 20040118.</para> 1136 1137 <para><application>GDB</application> has been updated to version 1138 6.1.1.</para> 1139 1140 <para><application>GNU grep</application> has been updated from 1141 2.4d to 2.4.2.</para> 1142 1143 <para><application>less</application> has been updated from 1144 version 371 to version 381.</para> 1145 1146 <para><application>GNU readline</application> 4.3 has been updated 1147 with official patches 001 through 005.</para> 1148 1149 <para>The <application>GNU regex</application> library has been 1150 updated to the version included with <application>GNU 1151 grep</application> 2.4.2.</para> 1152 1153 <para><application>GNU sort</application> has been updated from 1154 textutils 2.1 to coreutils 5.2.1.</para> 1155 1156 <para>The <application>GNU tar</application> implementation in the 1157 base system is now called <filename>gtar</filename>, with 1158 <filename>tar</filename> being a link to 1159 <filename>gtar</filename>.</para> 1160 1161 <para><application>Heimdal Kerberos</application> has been 1162 updated from 0.6 to 0.6.1. 1163 1164 <para>The <application>ISC DHCP</application> client has been 1165 updated from 3.0.1 RC10 to 3.0.1 RC14.</para> 1166 1167 <para><application>libpcap</application> has been updated from 1168 version 0.7.1 to version 0.8.3.</para> 1169 1170 <para><application>lukemftp</application> 1171 has been updated from a snapshot as of 1172 November 3, 2003 to one as of April 26, 2004.</para> 1173 1174 <para><application>OpenPAM</application> has been updated from the 1175 Dogwood release to the Eelgrass release.</para> 1176 1177 <para><application>OpenSSH</application> has been updated from 1178 3.6.1p1 to 3.8.1p1. 1179 1180 <note> 1181 <para>The configuration defaults for &man.sshd.8; have been 1182 changed. SSH protocol version 1 is no longer enabled by 1183 default. In addition, password authentication over SSH is 1184 disabled by default if PAM is enabled.</para> 1185 </note> 1186 </para> 1187 1188 <para><application>OpenSSL</application> has been updated from 1189 0.9.7c to 0.9.7d. &merged;</para> 1190 1191 <para><application>pf</application>, OpenBSD's packet filter as of 1192 OpenBSD 3.5, has been imported into &os; source tree and is now installed 1193 by default. A new user <username>proxy</username>, and two new 1194 groups <username>authpf</username> and <username>proxy</username>, 1195 which <application>pf</application> needs, are added as well. 1196 1197 <note> 1198 <para>On upgrading from the source, these user accounts must be 1199 added in advance. The <varname>NO_PF</varname> variable 1200 in <filename>make.conf</filename> can be used to prevent 1201 <application>pf</application> from building.</para> 1202 </note> 1203 1204 <para>Several userland utilities of OpenBSD's 1205 <application>pf</application> have been imported. 1206 <filename>libexec/ftp-proxy</filename> is an ftp proxy for 1207 <application>pf</application>, 1208 <filename>sbin/pfctl</filename> is an equivalent to 1209 <filename>sbin/ipf</filename>, 1210 <filename>sbin/pflogd</filename> 1211 is a daemon logging packets via <literal>if_pflog</literal> 1212 in pcap format, and 1213 <filename>usr.sbin/authpf</filename> is an authentication shell 1214 to modify pf rulesets.</para> 1215 1216 <para><application>routed</application> has been updated from 1217 release 2.22 to release 2.27 from rhyolite.com. Note that for 1218 users relying on RIP's MD5 authentication feature, 1219 &man.routed.8; routed is now incompatible with previous versions 1220 of &os;; however it is now compatible with implementations from 1221 Sun, Cisco and other vendors.</para> 1222 1223 <para><application>sendmail</application> has been updated from 1224 version 8.12.10 to version 8.12.11. &merged;</para> 1225 1226 <para><application>tcpdump</application> has been updated from 1227 version 3.7.1 to version 3.8.3.</para> 1228 1229 <para>The timezone database has been updated from 1230 <filename>tzdata2003a</filename> to 1231 <filename>tzdata2004a</filename>.</para> 1232 1233 <para><application>zlib</application> has been updated to 1234 from version 1.1.4 to version 1.2.1.</para> 1235 </sect2> 1236 1237 <sect2 id="ports"> 1238 <title>Ports/Packages Collection Infrastructure</title> 1239 1240 <para>The <literal>SIZE</literal> attribute for distfiles, 1241 which can be used for checking file sizes before fetching, 1242 has been added and enabled by default. 1243 <varname>DISABLE_SIZE</varname> is a user control knob 1244 to disable the distfile size checking. This is especially 1245 useful on old &os; versions which did not have &man.fetch.1; 1246 support for this, and for some FTP proxies which always 1247 report incorrect or bogus sizes.</para> 1248 1249 <para>Two new files have been added to the ports tree to track 1250 note-worthy changes: <filename>ports/CHANGES</filename> lists 1251 major changes to the Ports Collection and its infrastructure. 1252 <filename>ports/UPDATING</filename> describes some potential 1253 pitfalls that can be encountered when updating certain ports, 1254 analogous to <filename>src/UPDATING</filename> for the base 1255 system.</para> 1256 1257 <para>The version number parsing code has been rewritten in the 1258 system pkg tools, restoring compatibility with 4.x and 1259 portupgrade.</para> 1260 1261 <para>The package tools can now match packages with relational 1262 operators and csh-style {...} choices, e.g.:</para> 1263 1264 <screen>&prompt.root; <userinput>pkg_info -I 'docbook>=3.0'</userinput></screen> 1265 1266 <para>will list (all) docbook DTDs with at least version 3.0. 1267 Additional command line options have also been added to aid 1268 pattern matching.</para> 1269 1270 <para>The package tools have improved handling of corrupt package 1271 databases.</para> 1272 1273 <para>&man.pkg.create.1; now supports a <option>-S</option> 1274 option to make all <literal>@cwd</literal> be prefixed 1275 during package creation.</para> 1276 1277 <para>&man.pkg.info.1; now supports a <option>-j</option> 1278 option to show the requirements script for each package.</para> 1279 </sect2> 1280 1281 <sect2 id="releng"> 1282 <title>Release Engineering and Integration</title> 1283 1284 <para arch="i386,pc98">The building process for boot floppy images 1285 has been completely overhauled. The most significant change is 1286 that the loader now boots a stock <filename>GENERIC</filename> 1287 kernel split across multiple disks (two at the time of this 1288 writing). This greatly improves installations that begin with a 1289 boot from floppy disk, because they now use exactly the same 1290 kernel (and thus support the same hardware) as CDROM 1291 installations. The stripped-down <filename>MFSROOT</filename> 1292 kernel is no longer needed, and the <filename>mfsroot</filename> 1293 image no longer requires kernel modules. The 1294 <filename>boot.flp</filename> and 1295 <filename>driver.flp</filename> images are also obsolete and no 1296 longer built.</para> 1297 1298 <para>The supported release of <application>GNOME</application> 1299 has been updated from 2.4 to 2.6. 1300 1301 <note> 1302 <para>If you are using the older <application>GNOME</application> 1303 desktop itself (<filename role="package">x11/gnome2</filename>), simply upgrading it from the &os; Ports Collection 1304 with 1305 &man.portupgrade.1; 1306 (<filename role="package">sysutils/portupgrade</filename>) 1307 will cause serious problems. 1308 If you are a <application>GNOME</application> desktop user, 1309 please read the instructions carefully at 1310 <ulink url="&url.main;/gnome/docs/faq26.html"></ulink>, 1311 and use the <filename>gnome_upgrade.sh</filename> script to 1312 properly upgrade to <application>GNOME</application> 2.6.</para> 1313 1314 <para>Note that if you are just a casual user of some of the 1315 <application>GNOME</application> libraries, 1316 &man.portupgrade.1; should be sufficient 1317 to update your ports.</para> 1318 </note> 1319 </para> 1320 1321 <para>The supported release of <application>KDE</application> 1322 has been updated from 3.1.4 to 3.2.3.</para> 1323 1324 <para>The <filename role="package">security/portaudit</filename> utility 1325 now exists in the ports collection. This utility will read a database 1326 containing known ports vulnerabilities and report them to the 1327 administrator.</para> 1328 </sect2> 1329 1330 <sect2 id="doc"> 1331 <title>Documentation</title> 1332 1333 <para></para> 1334 1335 </sect2> 1336</sect1> 1337 1338<sect1 id="upgrade"> 1339 <title>Upgrading from previous releases of &os;</title> 1340 1341 <para>Users with existing &os; systems are 1342 <emphasis>highly</emphasis> encouraged to read the <quote>Early 1343 Adopter's Guide to &os; &release.current;</quote>. This document generally has 1344 the filename <filename>EARLY.TXT</filename> on the distribution 1345 media, or any other place that the release notes can be found. It 1346 offers some notes on upgrading, but more importantly, also 1347 discusses some of the relative merits of upgrading to &os; 1348 5.<replaceable>X</replaceable> versus running &os; 1349 4.<replaceable>X</replaceable>.</para> 1350 1351 <important> 1352 <para>Upgrading &os; should, of course, only be attempted after 1353 backing up <emphasis>all</emphasis> data and configuration 1354 files.</para> 1355 </important> 1356</sect1> 1357