article.xml revision 131483 
1214152Sed<articleinfo>
2214152Sed  <title>&os;/&arch; &release.current; Release Notes</title>
3214152Sed
4214152Sed  <corpauthor>The FreeBSD Project</corpauthor>
5222656Sed
6222656Sed  <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 131483 2004-07-02 20:49:56Z hrs $</pubdate>
7214152Sed
8214152Sed  <copyright>
9214152Sed    <year>2000</year>
10214152Sed    <year>2001</year>
11214152Sed    <year>2002</year>
12214152Sed    <year>2003</year>
13214152Sed    <year>2004</year>
14214152Sed    <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
15214152Sed  </copyright>
16214152Sed
17214152Sed  <abstract>
18214152Sed    <para>The release notes for &os; &release.current; contain a summary
19214152Sed      of
20214152Sed<![ %include.historic; [
21222656Sed      the changes made to the &os; base system since &release.prev;.
22214152Sed]]>
23214152Sed<![ %no.include.historic; [
24214152Sed      recent changes made to the &os; base system on the &release.branch;
25214152Sed      development branch.
26214152Sed]]>
27214152Sed      This document lists applicable security advisories that were issued since
28214152Sed      the last release, as well as significant changes to the &os;
29214152Sed      kernel and userland.
30      Some brief remarks on upgrading are also presented.</para>
31  </abstract>
32</articleinfo>
33
34<sect1 id="intro">
35  <title>Introduction</title>
36
37  <para>This document contains the release notes for &os;
38    &release.current; on the &arch.print; hardware platform.  It
39    describes recently added, changed, or deleted features of &os;.
40    It also provides some notes on upgrading
41    from previous versions of &os;.</para>
42
43<![ %release.type.snapshot [
44
45  <para>The &release.type; distribution to which these release notes
46    apply represents a point along the &release.branch; development
47    branch between &release.prev; and the future &release.next;.  Some
48    pre-built, binary &release.type; distributions along this branch
49    can be found at <ulink url="&release.url;"></ulink>.</para>
50
51]]>
52
53<![ %release.type.release [
54
55  <para>This distribution of &os; &release.current; is a
56    &release.type; distribution.  It can be found at <ulink
57    url="&release.url;"></ulink> or any of its mirrors.  More
58    information on obtaining this (or other) &release.type;
59    distributions of &os; can be found in the <ulink
60    url="&url.main;/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining
61    FreeBSD</quote> appendix</ulink> to the <ulink
62    url="&url.main;/doc/en_US.ISO8859-1/books/handbook/">FreeBSD
63    Handbook</ulink>.</para>
64
65]]>
66
67  <para>Users who are new to the &release.branch; series of &os;
68    &release.type;s should also read the <quote>Early Adopters Guide
69    to &os; &release.current;</quote>.  This document can generally be
70    found in the same location as the release notes (either as a part of a
71    &os; distribution or on the &os; Web site).  It contains important
72    information regarding the advantages and disadvantages of using
73    &os; &release.current;, as opposed to releases based on the &os;
74    4-STABLE development branch.</para>
75
76  <para>All users are encouraged to consult the release errata before
77    installing &os;.  The errata document is updated with
78    <quote>late-breaking</quote> information discovered late in the
79    release cycle or after the release.  Typically, it contains
80    information on known bugs, security advisories, and corrections to
81    documentation.  An up-to-date copy of the errata for &os;
82    &release.current; can be found on the &os; Web site.</para>
83
84</sect1>
85
86<sect1 id="new">
87  <title>What's New</title>
88
89  <para>This section describes
90<![ %include.historic; [
91      the most user-visible new or changed features in &os;
92      since &release.prev;.
93      In general, changes described here are unique to the &release.branch;
94      branch unless specifically marked as &merged; features.
95]]>
96<![ %no.include.historic; [
97      many of the user-visible new or changed features in &os;
98      since &release.prev;.  It includes items that are unique to the
99      &release.branch; branch, as well as some features that may have been
100      recently merged to
101      other branches (after &os; &release.prev.historic;).  The latter
102      items are marked as &merged;.
103]]>
104  </para>
105
106  <para>Typical release note items
107    document recent security advisories issued after
108    &release.prev.historic;,
109    new drivers or hardware support, new commands or options,
110    major bug fixes, or contributed software upgrades.  They may also
111    list changes to major ports/packages or release engineering
112    practices.  Clearly the release notes cannot list every single
113    change made to &os; between releases; this document focuses
114    primarily on security advisories, user-visible changes, and major
115    architectural improvements.</para>
116
117  <sect2 id="security">
118    <title>Security Advisories</title>
119
120    <para>A bug in &man.mksnap.ffs.8; has been fixed; it caused the creation of a
121      filesystem snapshot to reset the flags on the filesystem to
122      their default values.  The possible consequences depended on local
123      usage, but could include disabling extended access control lists
124      or enabling the use of setuid executables stored on an untrusted
125      filesystem.  This bug also affected the &man.dump.8;
126      <option>-L</option> option, which uses &man.mksnap.ffs.8;.  Note
127      that &man.mksnap.ffs.8; is normally only available to the
128      superuser and members of the <groupname>operator</groupname>
129      group.  For more information, see security advisory <ulink
130      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para>
131
132    <para>A bug with the System V Shared Memory interface
133      (specifically the &man.shmat.2; system call) has been fixed.
134      This bug can cause a shared memory segment to reference
135      unallocated kernel memory.  In turn, this can permit a local
136      attacker to gain unauthorized access to parts of kernel memory,
137      possibly resulting in disclosure of sensitive information,
138      bypass of access control mechanisms, or privilege escalation.
139      More details can be found in security advisory <ulink
140      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>.
141      &merged;</para>
142
143    <para>A programming error in the &man.jail.attach.2; system call
144      has been fixed.  This error could allow a process with superuser
145      privileges inside a &man.jail.8; environment to change its root
146      directory to that of a different jail, and thus gain full read
147      and write access to files and directories within the target
148      jail.  More information can be found in security advisory <ulink
149      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para>
150
151    <para>A potential low-bandwidth denial-of-service attack against
152      the &os; TCP stack has been prevented by limiting the number of
153      out-of-sequence TCP segments that can be held at one time.  More
154      details can be found in security advisory <ulink
155      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>.
156      &merged;</para>
157
158    <para>A bug in <application>OpenSSL</application>'s SSL/TLS
159      ChangeCipherSpec message processing could result in
160      a null pointer dereference, has been fixed.
161      This could allow a remote attacker to crash an
162      <application>OpenSSL</application>-using
163      application and cause a denial-of-service on the system.
164      More details can be found in security advisory <ulink
165      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc">FreeBSD-SA-04:05</ulink>.
166      &merged;</para>
167
168    <para>A programming error in the handling of some IPv6
169      socket options within the &man.setsockopt.2; system call
170      has been fixed.  This allows a local attacker to cause a
171      system panic, and may allow to gain unauthorized access to
172      parts of kernel memory, possibly resulting in disclosure
173      of sensitive information, bypass of access control
174      mechanisms, or privilege escalation.
175      More details can be found in security advisory <ulink
176      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc">FreeBSD-SA-04:06</ulink>.</para>
177
178    <para>Two programming errors in <application>CVS</application>
179      have been fixed.  They allow a server to overwrite arbitrary
180      files on the client, and a client to read arbitrary files
181      on the server when accessing remote CVS repositories.
182      More details can be found in security advisory <ulink
183      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc">FreeBSD-SA-04:07</ulink>. &merged;</para>
184
185    <para>A bugfix for <application>Heimdal</application> rectifies a
186      problem in which it would not perform adequate checking of
187      authentication across autonomous realms.  For more information,
188      see security advisory <ulink
189      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:08.heimdal.asc">FreeBSD-SA-04:08</ulink>. &merged;</para>
190
191    <para>A programming error in <application>CVS</application> which
192      allow the malicious client to overwrite arbitrary portions of
193      the server's memory has been fixed.  For more information,
194      see security advisory <ulink
195      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc">FreeBSD-SA-04:10</ulink>. &merged;</para>
196
197    <para>A potential cache consistency problem of
198      the implementation of the &man.msync.2; system call
199      involving the <literal>MS_INVALIDATE</literal>
200      operation has been fixed.  However, as a side effect of closing
201      this security problem, the <literal>MS_INVALIDATE</literal>
202      flag no longer guarantees that all pages in the range are invalidated.
203      Users who require the old semantics of <literal>MS_INVALIDATE</literal>
204      and are not concerned with the security issue being fixed can set the
205      <varname>vm.old_msync</varname> sysctl to 1 which will revert to
206      the old (insecure) behavior.  For more information,
207      see security advisory <ulink
208      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc">FreeBSD-SA-04:11</ulink>. &merged;</para>
209
210    <para>A programming error in the &man.jail.2; system call
211      which results in a failure to verify that an attempt
212      to manipulate routing tables originated from a non-jailed process
213      has been fixed.
214      For more information, see security advisory <ulink
215      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jail.asc">FreeBSD-SA-04:12</ulink>. &merged;</para>
216
217  </sect2>
218
219  <sect2 id="kernel">
220    <title>Kernel Changes</title>
221
222    <para arch="i386">The &man.acpi.asus.4; driver has been added
223      to use ACPI-controlled hardware features  such as hot keys and
224      LCD on ASUSTek laptops.</para>
225
226    <para arch="i386">The &man.acpi.toshiba.4; driver has been added
227      to use Toshiba's Hardware Control Interface to manipulate
228      certain hardware features on Toshiba laptops.</para>
229
230    <para arch="i386">The &man.acpi.toshiba.4; driver now supports
231      video output switching.</para>
232
233    <para>The &man.acpi.video.4; driver has been added to provide
234      control display switching and backlight brightness using the
235      ACPI Video Extensions.</para>
236
237    <para arch="i386">The &man.acpi.4; driver now supports
238      per-device sysctls (<varname>dev.root0.nexus0.acpi0.acpi_lid0.wake</varname>,
239      for instance) to allow users to set whether or not a given
240      device can wake the system.</para>
241
242    <para arch="i386">The &man.acpi.4; driver has been updated to
243      be disabled automatically when the machine has well-known broken BIOS.
244      This behavior can be disabled by setting a loader tunable
245      <varname>hint.acpi.0.disabled</varname> to <literal>0</literal>.</para>
246
247    <para arch="i386">The &man.ctau.4; driver has been added for Cronyx Tau
248      synchronous serial adapters. This driver was known for a long time as
249      <quote>ct</quote> in its previous life outside the &os; source tree. &merged;
250
251      <note>
252	<para>The driver name has changed, but the network interface still
253	  has the <quote>ct</quote> name.</para>
254      </note>
255    </para>
256
257    <para arch="i386,pc98">The &man.cp.4; driver has been added for Cronyx Tau-PCI
258      synchronous serial adapters.
259    </para>
260
261    <para>&man.devfs.5; path rules now work correctly on
262      directories.</para>
263
264    <para arch="i386,pc98">The dgb (DigiBoard intelligent serial card) driver has been
265      removed due to breakage.  Its replacement is the &man.digi.4; driver,
266      which supports all the hardware of the dgb driver.</para>
267
268    <para>The &man.getvfsent.3; API has been removed.</para>
269
270    <para arch="sparc64">The &man.hme.4; driver now natively supports
271      long frames, so it can be used for &man.vlan.4; with full Ethernet
272      MTU size.</para>
273
274    <para>&man.jail.2; now supports use of raw sockets from within a jail.
275      This feature is disabled by default, and controlled using the
276      <varname>security.jail.allow_raw_sockets</varname> sysctl.</para>
277
278    <para arch="amd64">Loadable kernel modules now work and are
279      enabled in the amd64 build.</para>
280
281    <para arch="i386">The loran (Loran-C receiver) driver has been removed due to
282      breakage and lack of maintainership.</para>
283
284    <para>A new kernel option <literal>MAC_STATIC</literal> which
285      disables internal MAC Framework synchronization protecting against
286      dynamic load and unload of MAC policies, has been added.</para>
287
288    <para>mballoc has been replaced with mbuma, an Mbuf and Cluster
289      allocator built on top of a number of extensions to the UMA framework.
290      Due to this change, the <varname>NMBCLUSTERS</varname> kernel option
291      is no longer used.  The maximum number of the clusters is still
292      capped off according to <varname>maxusers</varname>,
293      but it can be made unlimited by setting the
294      <varname>kern.ipc.nmbclusters</varname> loader tunable to zero.</para>
295
296    <para>The midi driver, which supports serial port and several sound cards,
297      has been removed.</para>
298
299    <para>A bug in &man.mmap.2; that pages marked as <literal>PROT_NONE</literal>
300      may become readable under certain circumstances, has been fixed.  &merged;</para>
301
302    <para>&man.nmdm.4; has been rewritten to improve the reliability.</para>
303
304    <para>The raid(4), RAIDframe disk driver from NetBSD has been removed.
305      This is currently non-functional, and would require some amount of work
306      to make it work under the &man.geom.4; API in 5-CURRENT.</para>
307
308    <para arch="sparc64">The &man.sab.4; now supports
309      <literal>BREAK_TO_DEBUGGER</literal> kernel option.</para>
310
311    <para arch="i386,pc98">The sx driver, which supports Specialix I/O8+ and I/O4+
312      intelligent multiport serial controllers has been added.</para>
313
314    <para>A devclass level has been added to the dev sysctl tree,
315      in order to support per-class variables in addition to
316      per-device variables.  This means that <varname>dev.foo0.bar</varname>
317      is now called <varname>dev.foo.0.bar</varname>, and it is
318      possible to to have <varname>dev.foo.bar</varname> as well.</para>
319
320    <para>A sysctl <varname>kern.sched.name</varname>
321      which has the name of the scheduler currently in use,
322      has been added, and the <varname>kern.quantum</varname> sysctl
323      has been moved to <varname>kern.sched.quantum</varname>
324      for consistency.</para>
325
326    <para arch="alpha,amd64,i386">For the &man.uart.4; device
327      <varname>hw.uart.console</varname> and
328      <varname>hw.uart.dbgport</varname> environment variables
329      have been added.  They can be used to select a serial console and
330      debug port respectively, as well as the attributes.</para>
331
332    <para>The &man.ubser.4; device driver has been added to support
333      BWCT console management serial adapters.</para>
334
335    <para>The ULE scheduler is now the default scheduler in the
336      <filename>GENERIC</filename> kernel.  For the average user,
337      interactivity is reported to be better in many cases.  This
338      means less <quote>skipping</quote> and <quote>jerking</quote> in
339      interactive applications while the machine is very busy.  This
340      will not prevent problems due to overloaded disk subsystems, but
341      it does help with overloaded CPUs.  On SMP machines, ULE has
342      per-CPU run queues which allow for CPU affinity, CPU binding,
343      and advanced HyperThreading support, as well as providing a
344      framework for more optimizations in the future.  As fine-grained
345      kernel locking continues, the scheduler will be able to make
346      more efficient use of the available parallel resources.</para>
347
348    <!-- Above this line, sort kernel changes by manpage/keyword-->
349
350    <para>The device driver infrastructure (as well as many drivers)
351      have been updated.  Among the changes: Many more drivers now use
352      automatically-assigned major numbers (instead of the old static
353      major numbers).  Enhanced functions to support cloning of
354      pseudodevices.  Several changes to the driver API, including a
355      new <varname>d_version</varname> field in <varname>struct
356      cdevsw</varname>.  Note that third-party device drivers will
357      require recompiling after this change.</para>
358
359    <para>The pseudo-interface cloning has been updated and
360      the match function to allow creation of &man.stf.4;
361      interfaces named <devicename>stf0</devicename>,
362      <devicename>stf</devicename>, or <devicename>6to4</devicename>.
363      Note that this breaks backward compatibility; for example,
364      now <command>ifconfig stf</command> creates
365      the interface named <devicename>stf</devicename>,
366      not <devicename>stf0</devicename>, and does not print
367      <devicename>stf0</devicename> to stdout.</para>
368
369    <para>The kernel's file descriptor allocation code has been
370      updated, and is now derived from similar code in OpenBSD.</para>
371
372    <para arch="sparc64">On &os;/sparc64, <varname>time_t</varname>
373      has been changed from a 32-bit value to a 64-bit value.
374
375      <note>
376	<para>Since this change is not backward-compatible,
377	  any programs which were built on an older system using
378	  a 32-bit <varname>time_t</varname> and
379	  call system routines for handling
380	  <varname>time_t</varname> values, will have to be recompiled.
381	  More detailed information and notice on upgrading from
382	  the source can be found in
383	  <filename>/usr/src/UPDATING.64BTT</filename>.</para>
384      </note>
385    </para>
386
387    <para arch="i386">It is now possible to compile the &os;/i386
388      kernel with the Intel C/C++ Compiler (as in the <filename
389      role="package">lang/icc</filename> port).</para>
390
391    <sect3 id="proc">
392      <title>Platform-Specific Hardware Support</title>
393
394      <para arch="i386">The entropy device &man.random.4; now
395        supports a hardware random number generator (RNG)
396        in the VIA C3 Nehemiah (Stepping 3 and above) CPU.</para>
397
398      <para arch="i386">Several old drivers for ISA cards have been removed,
399	including
400	the asc driver for GI1904-based hand scanners,
401	the ctx driver for CORTEX-I Frame Grabber,
402	the gp driver for National Instruments AT-GPIB and AT-GPIB/TNT boards,
403	the gsc driver for the Genius GS-4500 hand scanner,
404	the le driver for DEC EtherWORKS II and III Ethernet controllers,
405	the rdp driver for RealTek RTL 8002-based pocket Ethernet adapters,
406	the spigot driver for the Creative Labs Video Spigot video-acquisition board,
407	the stl and stli drivers for Stallion Technologies multiport serial
408	controllers, and the wt driver for Archive/Wangtek cartridge tapes.
409	They are currently non-functional, and would require a considerable
410	amount of work to make them work under the new API in 5-CURRENT.
411	The userland support such as related ioctls and utilities including
412	sasc and sgsc has also been removed.</para>
413
414      <para>A new sysctl, <varname>kern.always_console_output</varname>
415	which makes outputs from the kernel go to the console despite
416	<varname>TIOCCONS</varname>.</para>
417    </sect3>
418
419    <sect3 id="boot">
420      <title>Boot Loader Changes</title>
421
422      <para arch="i386">A serial console-capable version of
423	<filename>boot0</filename> has been added.  It can be written
424	to a disk using &man.boot0cfg.8; and specifying
425	<filename>/boot/boot0sio</filename> as the argument to the
426	<option>-b</option> option.</para>
427
428      <para arch="i386"><filename>cdboot</filename> now works around a
429	BIOS problem observed on some systems when booting from USB
430	CDROM drives.</para>
431
432      <!-- Above this line, order boot loader changes by keyword-->
433
434    </sect3>
435
436    <sect3 id="net-if">
437      <title>Network Interface Support</title>
438
439      <para arch="i386">The &man.arl.4; driver, which supports
440	Aironet Arlan 655 wireless adapters has been added. &merged;</para>
441
442      <para arch="sparc64">The &man.dc.4; driver now supports sparc64
443	Davicom cards that store their MAC address in
444	OpenFirmware.</para>
445
446      <para>A short hiccup in the &man.em.4; driver during parameter
447	reconfiguration, has been fixed.  &merged;</para>
448
449      <para>The &man.fwip.4; driver, which supports IP over FireWire has been added.
450	Note that currently the broadcast channel number is hardwired and
451	MCAP for multicast channel allocation is not supported.
452	This driver is intended to conform to the RFC 2734 and RFC 3146
453	standard for IP over FireWire and eventually replace
454	the &man.fwe.4; driver.</para>
455
456      <para arch="i386,pc98">The hea (Efficient Networks, Inc. ENI-155p ATM adapter)
457	driver has been removed due to breakage.  Its functionality
458	has been subsumed into the &man.en.4; driver.</para>
459
460      <para>&man.fxp.4; now uses the device sysctl tree such as
461	<varname>dev.fxp0</varname>, and those sysctls can be set
462	on a per-device basis.</para>
463
464      <para>The &man.ixgb.4; driver, which supports
465        Intel PRO/10GBE 10 gigabit Ethernet cards, has been
466        added. &merged;</para>
467
468      <para arch="i386">The lmc (LAN Media Corp. PCI WAN adapter) driver has been
469	removed due to breakage and lack of maintainership.</para>
470
471      <para arch="i386">&os; now provides a binary compatibility layer
472	for using &microsoft.windows; NDIS drivers for network
473	adapters under &os;/i386.  It includes a relocator/linker for
474	&windows; <filename>.SYS</filename> files to interface with
475	the &os; kernel and emulates various parts of the NDIS API
476	using native &os; kernel functions.  This system supports PCI
477	and CardBus network devices, and is designed principally for
478	Ethernet and wireless network interfaces.
479	For more information, see the &man.ndis.4; and
480	&man.ndiscvt.8; manual pages.</para>
481
482      <para>The &man.ng.atmllc.4; Netgraph node type, which handles
483        RFC 1483 ATM LLC encapsulation, has been added.</para>
484
485      <para>The &man.ng.hub.4; Netgraph node type, which supports
486        a simple packet distribution that acts like an Ethernet hub
487        has been added.  &merged;</para>
488
489      <para>The &man.ng.rfc1490.4; Netgraph node type now supports
490	Cisco style encapsulation which is often used alongside
491	RFC 1490 in frame relay links.</para>
492
493      <para>The &man.ng.sppp.4; Netgraph node type, which is a &man.netgraph.4
494	interface to the original &man.sppp.4 network module for synchronous
495	lines has been added.</para>
496
497      <para>A new Netgraph method to allow restoration of some
498	behavior lost in the change from 4.x style &man.ng.tee.4;
499	Netgraph nodes.</para>
500
501      <para>The &man.ng.vlan.4; Netgraph node type, which supports
502        IEEE 802.1Q VLAN tagging has been added.  &merged;</para>
503
504      <para>A bug that prevents VLAN support in the &man.nge.4; driver
505        from working has been fixed.  &merged;</para>
506
507      <para>The &man.pci.4; bus resource and power management have
508	been updated.
509
510	<note>
511	  <para>Although the &man.pci.4; bus power state management
512	    has been enabled, it may cause problems on some systems.
513	    This can be disabled by setting the tunable
514	    <varname>hw.pci.do_powerstate</varname> to 0.</para>
515	</note>
516      </para>
517
518      <para>Several bugs related to &man.polling.4; support
519        in the &man.rl.4; driver have been fixed.  &merged;</para>
520
521      <para>Several bugs related to multicast and promiscuous mode
522	handling in the &man.sk.4; driver have been fixed.</para>
523
524      <para>The &man.ste.4; driver now supports &man.polling.4;.
525        &merged;</para>
526
527      <para>The &man.udav.4; driver has been added.  It provides
528	support for USB Ethernet adapters based on the Davicom DM9601
529	chipset.</para>
530
531      <para>The &man.vr.4; driver now supports &man.polling.4;.  &merged;</para>
532
533      <para>The hardware TX checksum support in the &man.xl.4; driver
534	has been disabled as it does not work correctly and slows down
535	the transmission rate.  &merged;</para>
536
537      <para>The per-interface &man.polling.4; support has been
538	implemented.  All of the network drivers that support &man.polling.4;
539	(&man.dc.4;, &man.fxp.4;, &man.em.4;, &man.nge.4;, &man.re.4;,
540	&man.rl.4;, &man.sis.4;, &man.ste.4;, and &man.vr.4;)
541	now also support this capability and it can be controlled
542	via &man.ifconfig.8;.  &merged;</para>
543    </sect3>
544
545    <sect3 id="net-proto">
546      <title>Network Protocols</title>
547
548      <para>The <literal>DA_OLD_QUIRKS</literal> kernel option,
549	which is for the CAM SCSI disk driver (&man.cam.4;)
550	has been removed.  &merged;</para>
551
552      <para>The &man.gre.4; tunnel driver now supports WCCP version
553	2.</para>
554
555      <para>&man.ipfw.4; rules now support the <literal>versrcreach</literal>
556        option to verify that a valid route to the source address
557	of a packet exists in the routing table.
558	This option is very useful for routers with a complete view of
559	the Internet (BGP) in the routing table to reject packets with
560	spoofed or unroutable source addresses.  For example,
561
562	<programlisting>deny ip from any to any not versrcreach</programlisting>
563
564	is equivalent to the following in Cisco IOS syntax:
565
566	<programlisting>ip verify unicast source reachable-via any</programlisting>
567      </para>
568
569      <para>&man.ipfw.4; now supports lookup tables.  This feature is
570        useful for handling large sparse address sets. &merged;</para>
571
572      <para>A new sysctl <varname>net.inet.ip.process_options</varname>
573	to control the processing of IP options.  When this sysctl
574	is set to <literal>0</literal> IP options are ignored and passed unmodified,
575	set to <literal>1</literal> all IP options are processed (default),
576	and set to <literal>2</literal> all packets with
577	IP options are rejected with ICMP filter prohibited message,
578	respectively.</para>
579
580      <para>Some bugs in the IPsec implementation from the KAME
581	Project have been fixed.  These bugs were related to freeing
582	memory objects before all references to them were removed, and
583	could cause erratic behavior or kernel panics after flushing
584	the Security Policy Database (SPD).</para>
585
586      <para>The <literal>PFIL_HOOKS</literal> option is now enabled by
587	default in the <filename>GENERIC</filename> kernel.  The most
588	notable effect of this change is to make
589	<application>IPFilter</application> work correctly when loaded
590	as a kernel module.</para>
591
592      <para>The link state change notification of Ethernet media
593	support has been added to the routing socket.</para>
594
595      <para>The following TCP features are now enabled by default: RFC
596	3042 (Limited Retransmit), RFC 3390 (increased initial
597	congestion window sizes), TCP bandwidth-delay product
598	limiting.  More information can be found in &man.tcp.4;.</para>
599
600      <para>&os;'s TCP implementation now includes support for a
601	minimum MSS (settable via the
602	<varname>net.inet.tcp.minmss</varname> sysctl variable) and a
603	rate limit on connections that send many small TCP segments
604	within a short period of time (via the
605	<varname>net.inet.tcp.minmssoverload</varname> sysctl
606	variable).  Connections exceeding this limit may be reset and
607	dropped.  This feature provides protection against a class of
608	resource exhaustion attacks.</para>
609
610      <para>The TCP implementation now includes partial (output-only)
611	support for RFC 2385 (TCP-MD5) digest support.  This feature,
612	enabled with the <literal>TCP_SIGNATURE</literal> and
613	<literal>FAST_IPSEC</literal> kernel options, is a TCP option
614	for authenticating TCP sessions.  &man.setkey.8; now includes
615	support for the TCP-MD5 class of security associations.
616	&merged;</para>
617
618      <para>The TCP connection reset handling has been improved to
619        make several reset attacks as difficult as possible while
620	maintaining compatibility with the widest range of TCP stacks.</para>
621
622      <para>The implementation of RFC 1948 has been improved.
623	The time offset component of an ISN now includes random positive
624	increments between clock ticks so that ISNs will always
625	be increasing, no matter how quickly the port is recycled.</para>
626
627      <para>The random ephemeral port allocation, which come from OpenBSD
628	has been implemented.  This is enabled by default and can be disabled
629	using the <varname>net.inet.ip.portrange.randomized</varname>
630	sysctl.  &merged;</para>
631
632      <para>TCP Selective Acknowledgements (SACK) as described in RFC
633        2018 have been added.  This improves TCP performance over
634        connections with heavy packet loss.  SACK can be enabled with
635        the sysctl <varname>net.inet.tcp.sack.enable</varname>.</para>
636
637      <para>&man.udav.4; driver now supports promiscuous mode.</para>
638
639    </sect3>
640
641    <sect3 id="disks">
642      <title>Disks and Storage</title>
643
644      <para>The &man.ata.4; driver now supports cardbus ATA/SATA
645        controllers.</para>
646
647      <para>A number of bugs in the &man.ata.4; driver have been
648	fixed.  Most notably, master/slave device detection should
649	work better, and some problems with timeouts should be
650	resolved.</para>
651
652      <para>The &man.ata.4; driver now supports the Promise command
653	sequencer present on all modern Promise controllers
654	(PDC203** PDC206**).
655
656	<note>
657	  <para>This also adds preliminary support for the
658	    Promise SX4/SX4000 as a <quote>normal</quote> Promise ATA
659	    controller; ATA RAID's are supported though
660	    but only RAID0, RAID1 and RAID0+1.</para>
661	</note>
662      </para>
663
664      <para arch="pc98">A bug of the automatic density selection code
665	in the &man.fd.4; driver has been fixed.</para>
666
667      <para>The &man.ips.4; driver now supports the recent
668	Adaptec ServeRAID series SCSI controller cards.</para>
669
670      <para arch="sparc64">A bug in the &man.isp.4; driver
671        which prevents the cards on SBus from working correctly,
672	has been fixed.</para>
673
674      <para arch="i386">The &man.twa.4; driver, which supports
675	3ware's 9000 series PATA/SATA RAID controllers has been added.  &merged;</para>
676
677      <para>The &man.umass.4; driver now supports the missing
678	ATAPI MMC commands and handles the timeout properly.  &merged;</para>
679
680      <para>The &man.vinum.4; volume manager, has been updated to use
681        &man.geom.4;, the 5.x disk I/O request transformation framework.
682	A gvinum userland tool has been added.</para>
683
684      <para arch="sparc64">The &man.esp.4; device driver has been
685        ported from NetBSD to support the SBus SCSI card in Sun Ultra
686        1e and 2 machines.</para>
687
688      <para>Support for LSI-type software RAID has been added.</para>
689
690    </sect3>
691
692    <sect3 id="fs">
693      <title>File Systems</title>
694
695      <para>The EXT2FS file system code now includes partial support
696	for large (&gt; 4GB) files.  This support is partial in that
697	it will refuse to create large files on filesystems that have
698	not been upgraded to <literal>EXT2_DYN_REV</literal> or that
699	do not have the
700	<literal>EXT2_FEATURE_RO_COMPAT_LARGE_FILE</literal> flag set
701	in the superblock.</para>
702
703      <para>A bug in GEOM that could result in I/O hangs in some rare
704	cases has been fixed.</para>
705
706      <para>A new <literal>GEOM_CONCAT</literal>
707	class has been added to concatenate
708        multiple disks to appear as a single larger disk.</para>
709
710      <para>A new <literal>GEOM_NOP</literal> class for various
711	testing purposes has been added.</para>
712
713      <para>A new <literal>GEOM_STRIPE</literal>
714	class which implements RAID0 transformation has been added.</para>
715
716      <para>GEOM Gate, which consists of a new <literal>GEOM_GATE</literal>
717	class and several GEOM Gate userland utilities
718	(&man.ggatel.8;, &man.ggatec.8;,
719	and &man.ggated.8;) has been added.  It supports exporting
720	devices including not GEOM-aware ones through network.</para>
721
722      <para>A new <literal>GEOM_LABEL</literal>
723	class to detect volume labels on various file systems,
724	such as UFS, MSDOSFS (FAT12, FAT16, FAT32), and ISO9660,
725	has been added.</para>
726
727      <para>A new kernel option <literal>GEOM_GPT</literal>
728	which supports the ability to have a large
729	number of partitions on a single disk, has been added into
730	<filename>GENERIC</filename> by default.</para>
731
732      <para>A new <literal>GEOM_VINUM</literal> class to support
733	cooperation between &man.vinum.4; and &man.geom.4;,
734	has been added.</para>
735
736      <para>A panic in the NFSv4 client has been fixed; this occurred
737	when attempting operations against an NFSv3/NFSv2-only
738	server.</para>
739
740      <para>The SMBFS client now has support for SMB request signing,
741	which prevents <quote>man in the middle</quote> attacks and is
742	required in order to connect to Windows 2003 servers in their
743	default configuration.  As signing each message imposes a
744	significant performance penalty, this feature is only enabled
745	if the server requires it; this may eventually become an
746	option to &man.mount.smbfs.8;.</para>
747    </sect3>
748
749    <sect3 id="mm">
750      <title>Multimedia Support</title>
751
752      <para>The meteor (video capture) driver has been removed due to
753	breakage and lack of maintainership.</para>
754
755      <para>The Direct Rendering Manager (DRM) code has been updated
756        from the DRI Project CVS tree as of 2004-05-26.  This update
757        includes new PCI IDs and a new packet for Radeon.</para>
758
759    </sect3>
760
761    <sect3>
762      <title>Contributed Software</title>
763
764      <para><application>ALTQ framework</application>
765	has been imported from the KAME snapshot as of 20040607.
766	This import breaks ABI compatibility of
767	<varname>struct ifnet</varname>.</para>
768
769      <para><application>IPFilter</application> has been updated
770	from version 3.4.31 to version 3.4.35.</para>
771
772      <para arch="ia64">An ia64 stack unwinder,
773	<application>Unwind Express (libuwx)</application>
774	by Hewlett-Packard has been imported for use in the kernel.</para>
775    </sect3>
776  </sect2>
777
778  <sect2 id="userland">
779    <title>Userland Changes</title>
780
781    <para>&man.bsdlabel.8; now supports a <option>-f</option> option
782      to work on files instead of disk partitions.</para>
783
784    <para>The <command>bthidcontrol</command> command and the
785      <command>bthidd</command> command, which support Bluetooth
786      HID (Human Interface Device), have been added.</para>
787
788    <para>&man.conscontrol.8; now supports
789      <literal>set</literal> and <literal>unset</literal>
790      commands which set/unset the virtual console.
791      <literal>unset</literal> makes outputs from the system, such as
792      the kernel &man.printf.9;, always go out to the real
793      main console.  This is an interface to the tty ioctl
794      <varname>TIOCCONS</varname>.</para>
795
796    <para>The &man.cron.8 daemon now accepts two new options,
797      <option>-j</option> and <option>-J</option>, to enable
798      time jitter for jobs to run as unprivileged users and the
799      superuser, respectively.  Time jitter means that &man.cron.8
800      will sleep for a small random period of time in the specified
801      range before executing a job.  This feature is intended to
802      smooth load peaks appearing when a lot of jobs are scheduled
803      for a particular moment. &merged;</para>
804
805    <para>&man.cut.1; <option>-c</option>,
806      <option>-d</option>, and <option>-f</option>
807      now work correctly in locales with multibyte characters.</para>
808
809    <para>&man.daemon.8; now supports a <option>-p</option>
810      option to create a PID file.</para>
811
812    <para>&man.df.1; now supports a <option>-c</option> option to display
813      a grand total of statistics for file systems.</para>
814
815    <para>The <command>doscmd</command> utility has been
816      removed from the &os; base system, and has been available
817      in the &os; Ports Collection instead.</para>
818
819    <para>&man.dump.8; and &man.restore.8; now support
820      a <option>-P</option> option to specify backup methods
821      other than files and tapes.  The argument is passed to
822      a normal &man.sh.1; pipeline with either
823      <varname>$DUMP_VOLUME</varname> or <varname>$RESTORE_VOLUME</varname>
824      defined in the environment, respectively.
825      For more information, see &man.dump.8; and &man.restore.8;.</para>
826
827    <para>The &man.eeprom.8; utility to display and
828      modify system configurations stored in EEPROM or NVRAM
829      has been added.  The current implementation supports
830      systems equipped with Open Firmware.</para>
831
832    <para arch="pc98">The &man.fdcontrol.8;, &man.fdformat.1;, and
833      &man.fdread.1; utilities now work on &os;/pc98.</para>
834
835    <para>The &man.find.1; utility now supports a <option>-acl</option>
836      primary to locate files with &man.acl.3;.</para>
837
838    <para>The &man.find.1; utility now supports a new primary
839      <option>-depth <replaceable>n</replaceable></option>
840      which tests whether the depth of the current file relative
841      to the starting point of the traversal is <replaceable>n</replaceable>.
842      &merged;</para>
843
844    <para>The &man.geom.8; utility for operating on GEOM classes
845      from the userland has been added.</para>
846
847    <para>The &man.id.1; now supports a <option>-M</option> option
848      to print the MAC label of the current process.</para>
849
850    <para>&man.indent.1; now supports a <option>-ldi</option> option
851      to control indentation of local variables.  A number of other
852      tunings were made to this utility.</para>
853
854    <para>&man.indent.1; now supports <option>-fbs</option> and
855      <option>-ut</option> for function declarations
856      with the opening brace on the same line as the declaration
857      of arguments all spaces and no tabs in order
858      to fix problem when non-8 space tabs are used.</para>
859
860    <para>&man.ifconfig.8; now supports renaming of network interfaces
861      at run-time using the <option>name</option> parameter.</para>
862
863    <para>&man.ifconfig.8; now prints the &man.polling.4; status
864      on the interface.  &merged;</para>
865
866    <para>&man.ip6fw.8; now supports a <option>-n</option> flag to
867      stop it from making any changes to the rules in the kernel</para>
868
869    <para>&man.ipcs.1; now supports a <option>-u</option> option to
870      display information about IPC mechanisms owned by the specified
871      user.</para>
872
873    <para>&man.ipfw.8; now supports a <option>-b</option> flag to
874      print only the action and comment for each rule, thus omitting
875      the rule body.</para>
876
877    <para>&man.jail.8; now supports a <option>-U</option> option to
878      run command as a user which exists only in the &man.jail.2;
879      environment.</para>
880
881    <para>&man.killall.1; now supports a <option>-e</option> flag to
882      make the <option>-u</option> operate on effective, rather than
883      real, user IDs. &merged;</para>
884
885    <para>&man.libalias.3; now has support (and a new API) for
886      multiple aliasing instances in a single process.  The existing
887      API has been reimplemented in terms of the new one to preserve
888      compatibility.</para>
889
890    <para>A <filename>libarchive</filename> library for manipulation
891      of compressed and uncompressed archive files has been
892      added.  More details can be found in &man.libarchive.3;.</para>
893
894    <para arch="pc98"><filename>libdisk</filename> now uses the
895      correct PC98 disk partition value for &os;.  This permits the
896      &man.sysinstall.8; disk partition editor to correctly create a
897      single &os; partition covering the entire disk. &merged;</para>
898
899    <para><filename>libdisk</filename> now uses
900      <varname>d_addr_t</varname> for disk addresses.
901      This allows &man.sysinstall.8; to properly handle disks
902      and filesystems more than 1 TB.</para>
903
904    <para arch="i386,pc98,amd64,ia64">The library formerly known as
905      <filename>libkse</filename> has been renamed
906      <filename>libpthread</filename> and is now the default threading
907      library on the i386, amd64, and ia64 platforms.
908      <application>GCC</application>'s <option>-pthread</option>
909      option has been changed to use <filename>libpthread</filename>
910      rather than <filename>libc_r</filename>.
911
912      <note>
913	<para>Users with older binaries (for example, ports compiled
914	  before this change was made) should use &man.libmap.conf.5;
915	  to map <filename>libc_r</filename> and/or
916	  <filename>libkse</filename> to
917	  <filename>libpthread</filename>.</para>
918      </note>
919
920      <note>
921	<para>Users with NVIDIA-supplied drivers and libraries may
922	  need to use a &man.libmap.conf.5; that maps
923	  <filename>libpthread</filename> references to the older
924	  <filename>libc_r</filename> since these drivers and
925	  utilities do not work with
926	  <filename>libpthread</filename>.</para>
927      </note>
928    </para>
929
930    <para>&man.ls.1; now treat filenames as multibyte character strings
931      according to the current <varname>LC_CTYPE</varname>
932      when determining which characters are printable.</para>
933
934    <para>&man.make.1; now supports the new <literal>.warning</literal>
935      directive.</para>
936
937    <para>&man.newsyslog.8; now allows the users to set
938      a debugging option via the <filename>newsyslog.conf</filename>
939      file.</para>
940
941    <para>&man.newsyslog.8; now uses a new order when processing
942      files to rotate.  The order first rotate all files that need
943      to be rotated, and then send a single signal to each process
944      which needs to be signaled, and finally it will compress
945      all the files which were rotated.</para>
946
947    <para>Initial support for UTF-8 versions of all the currently
948      supported system locales has been added.  This is primarily
949      for the benefit of the <filename role="package">misc/utf8locale</filename>
950      port.</para>
951
952    <para>An Israel Hebrew locale <literal>he_IL.UTF-8</literal>
953      has been added.</para>
954
955    <para>The &man.logins.1; utility has been added to display
956      information about user and system accounts.</para>
957
958    <para>&man.mountd.8; now supports the <option>-p</option> option,
959       which allows users to specify a known port for use
960       in firewall rulesets.</para>
961
962    <para>&man.netstat.1; now displays the multicast group
963      memberships present in the system.</para>
964
965    <para>&man.newfs.8; and &man.mdmfs.8; now support a
966      <option>-l</option> flag to enable them to set the MAC
967      multilabel flag on new filesystems without requiring the use of
968      &man.tunefs.8;.</para>
969
970    <para>&man.nologin.8; now reports login attempts via
971       &man.syslogd.8;.</para>
972
973    <para>&man.nologin.8; has been moved from <filename>/sbin/nologin</filename>
974       to <filename>/usr/sbin/nologin</filename>, and
975       <filename>/sbin/nologin</filename> remains as a symbolic link
976       for backward compatibility.</para>
977
978    <para>A bugfix has been applied to NSS support, which fixes
979      problems when using third-party NSS modules (such as <filename
980      role="package">net/nss_ldap</filename>) and groups with large
981      membership lists.</para>
982
983    <para>The &man.pgrep.1; and &man.pkill.1; commands, which come from NetBSD,
984      have been added.  They also support a <option>-M</option> option
985      to extract values associated with the name list from the
986      specified core instead of the default <filename>/dev/kmem</filename>,
987      and a <option>-N</option> option to extract the name list from
988      the specified system instead of the default kernel.</para>
989
990    <para>&man.ps.1; compatibility with POSIX/SUSv3 has been improved.
991      The changes include <option>-p</option> for a list of process IDs,
992      <option>-t</option> for a list of terminal names,
993      <option>-A</option> which is equivalent to <option>-ax</option>,
994      <option>-G</option> for a list of group IDs,
995      <option>-X</option> which is the opposite of <option>-x</option>,
996      and some minor improvements.  For more information, see &man.ps.1;.
997      &merged;</para>
998
999    <para>&man.ps.1; now supports a <option>-O emul</option>
1000      format option, which prints the name of the system call emulation
1001      environment the process is in.</para>
1002
1003    <para>&man.pw.8; now supports a <option>-H</option> option, which
1004      accepts an encrypted password on a file descriptor. &merged;</para>
1005
1006    <para>A bug in &man.rarpd.8; that prevents it from working properly
1007      when a interface has more than one IP address has been fixed.
1008      &merged;</para>
1009
1010    <para>The configuration files used by the &man.resolver.3; now
1011      support the <literal>timeout:</literal> and
1012      <literal>attempts:</literal> keywords.</para>
1013
1014    <para>The &man.resolver.3; and associated interfaces are now much
1015      more reentrant and thread-safe.  Multiple DNS lookups can now be
1016      run at the same time, showing major improvements in the
1017      performance of some multi-threaded applications.  Some
1018      multi-threaded programs need to be recompiled; examples from the
1019      Ports Collection are <filename
1020      role="package">www/mozilla</filename> and variants, <filename
1021      role="package">mail/evolution</filename>, <filename
1022      role="package">devel/gnomevfs</filename>, and <filename
1023      role="package">devel/gnomevfs2</filename>.</para>
1024
1025    <para>&man.rmdir.1; now supports a <option>-v</option> flag,
1026      which makes it verbose.</para>
1027
1028    <para>&man.savecore.8; now works correctly for dump files larger
1029      than 2GB.</para>
1030
1031    <para>A bug in &man.script.1; has been fixed so that it now works
1032      correctly if its stdin is closed.  This fix prevents a
1033      potentially dangerous interaction with the <filename
1034      role="package">sysutils/portupgrade</filename> package; if it was
1035      run non-interactively, it could remove all out-of-date
1036      ports without reinstalling them.</para>
1037
1038    <para>The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon
1039      has been added.</para>
1040
1041    <para>&man.sha1.1; and &man.rmd160.1; utility have been added.
1042      &merged;</para>
1043
1044    <para>&man.smbmsg.8;, a small utility to send/receive SMBus messages
1045      has been added.</para>
1046
1047    <para arch="sparc64">&man.sunlabel.8; now supports two new flags:
1048      <option>-c</option> to calculate all partition sizes
1049      in cylinders as opposed to sectors, and
1050      <option>-h</option> to print the label in human readable
1051      size/offset format.</para>
1052
1053    <para>&man.talk.1; now use <hostid>localhost</hostid>
1054      as a default machine name in &man.talkd.8;
1055      request packets, when the destination and source are local.
1056      This makes &man.talk.1; dependent on a valid host entry
1057      for <hostid>localhost</hostid> in <filename>/etc/hosts</filename>
1058      or the DNS.</para>
1059
1060    <para>&man.tftpd.8; now supports two new options:
1061      a <option>-w</option> option allows new files to be created,
1062      and a <option>-U</option> option allows the umask to be set.</para>
1063
1064    <para>&man.top.1; now supports to display the current amount
1065      of I/O.  This feature can be enabled by hitting <quote>m</quote>
1066      or passing the command line option <option>-m io</option>.</para>
1067
1068    <para arch="amd64">&man.truss.1; now includes early support
1069      for &os;/amd64.</para>
1070
1071    <para>Many userland utilities in the base system (mostly GNU
1072      contributed utilities) now use the system version of
1073      &man.getopt.long.3;, rather than the GNU version.</para>
1074
1075    <sect3 id="rc-scripts">
1076      <title><filename>/etc/rc.d</filename> Scripts</title>
1077
1078      <para>The <filename>diskless</filename> script has been
1079	split out into <filename>hostname</filename>,
1080        <filename>resolve</filename>, <filename>tmp</filename>, and
1081        <filename>var</filename> scripts.</para>
1082
1083      <para>The <filename>gbde_swap</filename> script, which supports
1084	gbde-enabled swap devices has been added.
1085	When the <varname>gbde_swap_enable</varname> variable is specified
1086	in &man.rc.conf.5;, a swap device named
1087	<filename>/dev/<replaceable>foo.bde</replaceable></filename>
1088	in &man.fstab.5;
1089	is automatically attached at boot time with the device
1090	<filename>/dev/<replaceable>foo</replaceable></filename>
1091	and a random key, which
1092	generated by computing the MD5 checksum of 512 bytes read
1093	from <filename>/dev/random</filename>.
1094	Note that this prevents recovery of kernel dumps.</para>
1095
1096      <para>The <varname>ip6addrctl_enable</varname> and
1097	<varname>ip6addrctl_verbose</varname> have been added.
1098	When <varname>ip6addrctl_enable</varname> is set
1099	to <literal>YES</literal>,
1100	the address selection policy is installed into the kernel.
1101	If there is <filename>/etc/ip6addrctl.conf</filename>
1102	it will be used, otherwise a default policy will be installed.
1103	The default policy is one described in RFC 3484 when
1104	<varname>ipv6_enable</varname> is set to <literal>YES</literal>.
1105	Otherwise, the priority policy for IPv4 address will be used
1106	as a default policy.</para>
1107
1108      <para>The <filename>mixer</filename> script has been added.
1109	It saves the current settings of all audio mixers present
1110	in the system on shutdown and restores the settings on boot.</para>
1111
1112      <para>The <filename>pf</filename> and <filename>pflog</filename>
1113        scripts for &man.pf.4; has been added.</para>
1114    </sect3>
1115  </sect2>
1116
1117  <sect2 id="contrib">
1118    <title>Contributed Software</title>
1119
1120    <para>The <application>ACPI-CA</application> code has been updated
1121      from the 20030619 snapshot to the 20040527 snapshot.</para>
1122
1123    <para><application>awk</application> from Bell Labs has been
1124      updated from the 29 July 2003 release to the 7 February 2004
1125      release.</para>
1126
1127    <para><application>Binutils</application> have been updated to
1128      a 23 May 2004 snapshot from the FSF 2.15 branch.</para>
1129
1130    <para><application>CVS</application> has been updated from
1131      version 1.11.15 to version 1.11.17.  &merged;</para>
1132
1133    <para><application>gdtoa</application> (a library that performs
1134      conversions of numbers between binary and decimal form) has been
1135      updated from version 20030324 to version 20040118.</para>
1136
1137    <para><application>GDB</application> has been updated to version
1138      6.1.1.</para>
1139
1140    <para><application>GNU grep</application> has been updated from
1141      2.4d to 2.4.2.</para>
1142
1143    <para><application>less</application> has been updated from
1144      version 371 to version 381.</para>
1145
1146    <para><application>GNU readline</application> 4.3 has been updated
1147      with official patches 001 through 005.</para>
1148
1149    <para>The <application>GNU regex</application> library has been
1150      updated to the version included with <application>GNU
1151      grep</application> 2.4.2.</para>
1152
1153    <para><application>GNU sort</application> has been updated from
1154      textutils 2.1 to coreutils 5.2.1.</para>
1155
1156    <para>The <application>GNU tar</application> implementation in the
1157      base system is now called <filename>gtar</filename>, with
1158      <filename>tar</filename> being a link to
1159      <filename>gtar</filename>.</para>
1160
1161    <para><application>Heimdal Kerberos</application> has been
1162       updated from 0.6 to 0.6.1.
1163
1164    <para>The <application>ISC DHCP</application> client has been
1165       updated from 3.0.1 RC10 to 3.0.1 RC14.</para>
1166
1167    <para><application>libpcap</application> has been updated from
1168      version 0.7.1 to version 0.8.3.</para>
1169
1170    <para><application>lukemftp</application>
1171      has been updated from a snapshot as of
1172      November 3, 2003 to one as of April 26, 2004.</para>
1173
1174    <para><application>OpenPAM</application> has been updated from the
1175      Dogwood release to the Eelgrass release.</para>
1176
1177    <para><application>OpenSSH</application> has been updated from
1178      3.6.1p1 to 3.8.1p1.
1179
1180      <note>
1181	<para>The configuration defaults for &man.sshd.8; have been
1182	  changed.  SSH protocol version 1 is no longer enabled by
1183	  default.  In addition, password authentication over SSH is
1184	  disabled by default if PAM is enabled.</para>
1185      </note>
1186      </para>
1187
1188    <para><application>OpenSSL</application> has been updated from
1189      0.9.7c to 0.9.7d.  &merged;</para>
1190
1191    <para><application>pf</application>, OpenBSD's packet filter as of
1192      OpenBSD 3.5, has been imported into &os; source tree and is now installed
1193      by default.  A new user <username>proxy</username>, and two new
1194      groups <username>authpf</username> and <username>proxy</username>,
1195      which <application>pf</application> needs, are added as well.
1196
1197      <note>
1198	<para>On upgrading from the source, these user accounts must be
1199	  added in advance.  The <varname>NO_PF</varname> variable
1200	  in <filename>make.conf</filename> can be used to prevent
1201	  <application>pf</application> from building.</para>
1202      </note>
1203
1204    <para>Several userland utilities of OpenBSD's
1205      <application>pf</application> have been imported.
1206      <filename>libexec/ftp-proxy</filename> is an ftp proxy for
1207      <application>pf</application>,
1208      <filename>sbin/pfctl</filename> is an equivalent to
1209      <filename>sbin/ipf</filename>,
1210      <filename>sbin/pflogd</filename>
1211      is a daemon logging packets via <literal>if_pflog</literal>
1212      in pcap format, and
1213      <filename>usr.sbin/authpf</filename> is an authentication shell
1214      to modify pf rulesets.</para>
1215
1216    <para><application>routed</application> has been updated from
1217      release 2.22 to release 2.27 from rhyolite.com.  Note that for
1218      users relying on RIP's MD5 authentication feature,
1219      &man.routed.8; routed is now incompatible with previous versions
1220      of &os;; however it is now compatible with implementations from
1221      Sun, Cisco and other vendors.</para>
1222
1223    <para><application>sendmail</application> has been updated from
1224      version 8.12.10 to version 8.12.11. &merged;</para>
1225
1226    <para><application>tcpdump</application> has been updated from
1227      version 3.7.1 to version 3.8.3.</para>
1228
1229    <para>The timezone database has been updated from
1230      <filename>tzdata2003a</filename> to
1231      <filename>tzdata2004a</filename>.</para>
1232
1233    <para><application>zlib</application> has been updated to
1234      from version 1.1.4 to version 1.2.1.</para>
1235  </sect2>
1236
1237  <sect2 id="ports">
1238    <title>Ports/Packages Collection Infrastructure</title>
1239
1240    <para>The <literal>SIZE</literal> attribute for distfiles,
1241      which can be used for checking file sizes before fetching,
1242      has been added and enabled by default.
1243      <varname>DISABLE_SIZE</varname> is a user control knob
1244      to disable the distfile size checking.  This is especially
1245      useful on old &os; versions which did not have &man.fetch.1;
1246      support for this, and for some FTP proxies which always
1247      report incorrect or bogus sizes.</para>
1248
1249    <para>Two new files have been added to the ports tree to track
1250      note-worthy changes:  <filename>ports/CHANGES</filename> lists
1251      major changes to the Ports Collection and its infrastructure.
1252      <filename>ports/UPDATING</filename> describes some potential
1253      pitfalls that can be encountered when updating certain ports,
1254      analogous to <filename>src/UPDATING</filename> for the base
1255      system.</para>
1256
1257    <para>The version number parsing code has been rewritten in the
1258      system pkg tools, restoring compatibility with 4.x and
1259      portupgrade.</para>
1260
1261    <para>The package tools can now match packages with relational
1262      operators and csh-style {...} choices, e.g.:</para>
1263
1264    <screen>&prompt.root; <userinput>pkg_info -I 'docbook>=3.0'</userinput></screen>
1265
1266    <para>will list (all) docbook DTDs with at least version 3.0.
1267      Additional command line options have also been added to aid
1268      pattern matching.</para>
1269
1270    <para>The package tools have improved handling of corrupt package
1271      databases.</para>
1272
1273    <para>&man.pkg.create.1; now supports a <option>-S</option>
1274      option to make all <literal>@cwd</literal> be prefixed
1275      during package creation.</para>
1276
1277    <para>&man.pkg.info.1; now supports a <option>-j</option>
1278      option to show the requirements script for each package.</para>
1279  </sect2>
1280
1281  <sect2 id="releng">
1282    <title>Release Engineering and Integration</title>
1283
1284    <para arch="i386,pc98">The building process for boot floppy images
1285      has been completely overhauled.  The most significant change is
1286      that the loader now boots a stock <filename>GENERIC</filename>
1287      kernel split across multiple disks (two at the time of this
1288      writing).  This greatly improves installations that begin with a
1289      boot from floppy disk, because they now use exactly the same
1290      kernel (and thus support the same hardware) as CDROM
1291      installations.  The stripped-down <filename>MFSROOT</filename>
1292      kernel is no longer needed, and the <filename>mfsroot</filename>
1293      image no longer requires kernel modules.  The
1294      <filename>boot.flp</filename> and
1295      <filename>driver.flp</filename> images are also obsolete and no
1296      longer built.</para>
1297
1298    <para>The supported release of <application>GNOME</application>
1299      has been updated from 2.4 to 2.6.
1300
1301      <note>
1302	<para>If you are using the older <application>GNOME</application>
1303	  desktop itself (<filename role="package">x11/gnome2</filename>), simply upgrading it from the &os; Ports Collection
1304	  with
1305	  &man.portupgrade.1;
1306	  (<filename role="package">sysutils/portupgrade</filename>)
1307	  will cause serious problems.
1308	  If you are a <application>GNOME</application> desktop user,
1309	  please read the instructions carefully at
1310	  <ulink url="&url.main;/gnome/docs/faq26.html"></ulink>,
1311	  and use the <filename>gnome_upgrade.sh</filename> script to
1312	  properly upgrade to <application>GNOME</application> 2.6.</para>
1313
1314	<para>Note that if you are just a casual user of some of the
1315	  <application>GNOME</application> libraries,
1316	  &man.portupgrade.1; should be sufficient
1317	  to update your ports.</para>
1318      </note>
1319    </para>
1320
1321    <para>The supported release of <application>KDE</application>
1322      has been updated from 3.1.4 to 3.2.3.</para>
1323
1324    <para>The <filename role="package">security/portaudit</filename> utility
1325      now exists in the ports collection.  This utility will read a database
1326      containing known ports vulnerabilities and report them to the
1327      administrator.</para>
1328  </sect2>
1329
1330  <sect2 id="doc">
1331    <title>Documentation</title>
1332
1333    <para></para>
1334
1335  </sect2>
1336</sect1>
1337
1338<sect1 id="upgrade">
1339  <title>Upgrading from previous releases of &os;</title>
1340
1341  <para>Users with existing &os; systems are
1342    <emphasis>highly</emphasis> encouraged to read the <quote>Early
1343    Adopter's Guide to &os; &release.current;</quote>.  This document generally has
1344    the filename <filename>EARLY.TXT</filename> on the distribution
1345    media, or any other place that the release notes can be found.  It
1346    offers some notes on upgrading, but more importantly, also
1347    discusses some of the relative merits of upgrading to &os;
1348    5.<replaceable>X</replaceable> versus running &os;
1349    4.<replaceable>X</replaceable>.</para>
1350
1351  <important>
1352    <para>Upgrading &os; should, of course, only be attempted after
1353      backing up <emphasis>all</emphasis> data and configuration
1354      files.</para>
1355  </important>
1356</sect1>
1357