article.xml revision 135436
1<articleinfo> 2 <title>&os;/&arch; &release.current; Release Notes</title> 3 4 <corpauthor>The &os; Project</corpauthor> 5 6 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 135436 2004-09-18 18:42:33Z bmah $</pubdate> 7 8 <copyright> 9 <year>2000</year> 10 <year>2001</year> 11 <year>2002</year> 12 <year>2003</year> 13 <year>2004</year> 14 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder> 15 </copyright> 16 17 <abstract> 18 <para>The release notes for &os; &release.current; contain a summary 19 of 20<![ %include.historic; [ 21 the changes made to the &os; base system since &release.prev;. 22]]> 23<![ %no.include.historic; [ 24 recent changes made to the &os; base system on the &release.branch; 25 development branch. 26]]> 27 This document lists applicable security advisories that were issued since 28 the last release, as well as significant changes to the &os; 29 kernel and userland. 30 Some brief remarks on upgrading are also presented.</para> 31 </abstract> 32</articleinfo> 33 34<sect1 id="intro"> 35 <title>Introduction</title> 36 37 <para>This document contains the release notes for &os; 38 &release.current; on the &arch.print; hardware platform. It 39 describes recently added, changed, or deleted features of &os;. 40 It also provides some notes on upgrading 41 from previous versions of &os;.</para> 42 43<![ %release.type.current [ 44 45 <para>The &release.type; distribution to which these release notes 46 apply represents the latest point along the &release.branch; development 47 branch since &release.branch; is created. Some pre-built, binary 48 &release.type; distributions along this branch 49 can be found at <ulink url="&release.url;"></ulink>.</para> 50 51]]> 52 53<![ %release.type.snapshot [ 54 55 <para>The &release.type; distribution to which these release notes 56 apply represents a point along the &release.branch; development 57 branch between &release.prev; and the future &release.next;. Some 58 pre-built, binary &release.type; distributions along this branch 59 can be found at <ulink url="&release.url;"></ulink>.</para> 60 61]]> 62 63<![ %release.type.release [ 64 65 <para>This distribution of &os; &release.current; is a 66 &release.type; distribution. It can be found at <ulink 67 url="&release.url;"></ulink> or any of its mirrors. More 68 information on obtaining this (or other) &release.type; 69 distributions of &os; can be found in the <ulink 70 url="&url.books.handbook;/mirrors.html"><quote>Obtaining 71 &os;</quote> appendix</ulink> to the <ulink 72 url="&url.books.handbook;/">&os; 73 Handbook</ulink>.</para> 74 75]]> 76 77 <para>All users are encouraged to consult the release errata before 78 installing &os;. The errata document is updated with 79 <quote>late-breaking</quote> information discovered late in the 80 release cycle or after the release. Typically, it contains 81 information on known bugs, security advisories, and corrections to 82 documentation. An up-to-date copy of the errata for &os; 83 &release.current; can be found on the &os; Web site.</para> 84 85</sect1> 86 87<sect1 id="new"> 88 <title>What's New</title> 89 90 <para>This section describes 91 the most user-visible new or changed features in &os; 92 since &release.prev;. 93 In general, changes described here are unique to the &release.branch; 94 branch unless specifically marked as &merged; features. 95 </para> 96 97 <para>Typical release note items 98 document recent security advisories issued after 99 &release.prev.historic;, 100 new drivers or hardware support, new commands or options, 101 major bug fixes, or contributed software upgrades. They may also 102 list changes to major ports/packages or release engineering 103 practices. Clearly the release notes cannot list every single 104 change made to &os; between releases; this document focuses 105 primarily on security advisories, user-visible changes, and major 106 architectural improvements.</para> 107 108 <sect2 id="security"> 109 <title>Security Advisories</title> 110 111 <para>A bug in &man.mksnap.ffs.8; has been fixed; it caused the creation of a 112 file system snapshot to reset the flags on the file system to 113 their default values. The possible consequences depended on local 114 usage, but could include disabling extended access control lists 115 or enabling the use of setuid executables stored on an untrusted 116 file system. This bug also affected the &man.dump.8; 117 <option>-L</option> option, which uses &man.mksnap.ffs.8;. Note 118 that &man.mksnap.ffs.8; is normally only available to the 119 superuser and members of the <groupname>operator</groupname> 120 group. For more information, see security advisory <ulink 121 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para> 122 123 <para>A bug with the System V Shared Memory interface 124 (specifically the &man.shmat.2; system call) has been fixed. 125 This bug can cause a shared memory segment to reference 126 unallocated kernel memory. In turn, this can permit a local 127 attacker to gain unauthorized access to parts of kernel memory, 128 possibly resulting in disclosure of sensitive information, 129 bypass of access control mechanisms, or privilege escalation. 130 More details can be found in security advisory <ulink 131 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>. 132 &merged;</para> 133 134 <para>A programming error in the &man.jail.attach.2; system call 135 has been fixed. This error could allow a process with superuser 136 privileges inside a &man.jail.8; environment to change its root 137 directory to that of a different jail, and thus gain full read 138 and write access to files and directories within the target 139 jail. More information can be found in security advisory <ulink 140 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para> 141 142 <para>A potential low-bandwidth denial-of-service attack against 143 the &os; TCP stack has been prevented by limiting the number of 144 out-of-sequence TCP segments that can be held at one time. More 145 details can be found in security advisory <ulink 146 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>. 147 &merged;</para> 148 149 <para>A bug in <application>OpenSSL</application>'s SSL/TLS 150 ChangeCipherSpec message processing could result in 151 a null pointer dereference, has been fixed. 152 This could allow a remote attacker to crash an 153 <application>OpenSSL</application>-using 154 application and cause a denial-of-service on the system. 155 More details can be found in security advisory <ulink 156 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc">FreeBSD-SA-04:05</ulink>. 157 &merged;</para> 158 159 <para>A programming error in the handling of some IPv6 160 socket options within the &man.setsockopt.2; system call 161 has been fixed. This allows a local attacker to cause a 162 system panic, and may allow to gain unauthorized access to 163 parts of kernel memory, possibly resulting in disclosure 164 of sensitive information, bypass of access control 165 mechanisms, or privilege escalation. 166 More details can be found in security advisory <ulink 167 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc">FreeBSD-SA-04:06</ulink>.</para> 168 169 <para>Two programming errors in <application>CVS</application> 170 have been fixed. They allow a server to overwrite arbitrary 171 files on the client, and a client to read arbitrary files 172 on the server when accessing remote CVS repositories. 173 More details can be found in security advisory <ulink 174 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc">FreeBSD-SA-04:07</ulink>. &merged;</para> 175 176 <para>A bugfix for <application>Heimdal</application> rectifies a 177 problem in which it would not perform adequate checking of 178 authentication across autonomous realms. For more information, 179 see security advisory <ulink 180 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:08.heimdal.asc">FreeBSD-SA-04:08</ulink>. &merged;</para> 181 182 <para>A programming error in <application>CVS</application> which 183 allow the malicious client to overwrite arbitrary portions of 184 the server's memory has been fixed. For more information, 185 see security advisory <ulink 186 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc">FreeBSD-SA-04:10</ulink>. &merged;</para> 187 188 <para>A potential cache consistency problem of 189 the implementation of the &man.msync.2; system call 190 involving the <literal>MS_INVALIDATE</literal> 191 operation has been fixed. However, as a side effect of closing 192 this security problem, the <literal>MS_INVALIDATE</literal> 193 flag no longer guarantees that all pages in the range are invalidated. 194 Users who require the old semantics of <literal>MS_INVALIDATE</literal> 195 and are not concerned with the security issue being fixed can set the 196 <varname>vm.old_msync</varname> sysctl to 1 which will revert to 197 the old (insecure) behavior. For more information, 198 see security advisory <ulink 199 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc">FreeBSD-SA-04:11</ulink>. &merged;</para> 200 201 <para>A programming error in the &man.jail.2; system call 202 which results in a failure to verify that an attempt 203 to manipulate routing tables originated from a non-jailed process 204 has been fixed. 205 For more information, see security advisory <ulink 206 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jail.asc">FreeBSD-SA-04:12</ulink>. &merged;</para> 207 208 <para>A programming error in the handling of some Linux system calls which 209 may result in memory locations being accessed without proper validation 210 has been fixed. 211 For more information, see security advisory <ulink 212 url="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:13.linux.asc">FreeBSD-SA-04:13</ulink>. &merged;</para> 213 214 </sect2> 215 216 <sect2 id="kernel"> 217 <title>Kernel Changes</title> 218 219 <para><literal>ADAPTIVE_MUTEXES</literal> has been added 220 and enabled by default. This changes the behavior 221 of blocking mutexes to spin if the thread that currently 222 owns the mutex is executing on another CPU. 223 This feature can be disabled explicitly by setting 224 a kernel option <varname>NO_ADAPTIVE_MUTEXES</varname>.</para> 225 226 <para>A kernel option <varname>ADAPTIVE_GIANT</varname>, which 227 causes the Giant lock to also be treated in 228 an adaptive fashion when adaptive mutexes are enabled, 229 has been added. This improves the performance of SMP machines 230 and is enabled by default on the i386.</para> 231 232 <para>The &man.bus.dma.9; interface now supports transparently honoring 233 the alignment and boundary constraints in the DMA tag 234 when loading buffers, and <function>bus_dmamap_load()</function> 235 will automatically use bounce buffers when needed. 236 In addition, a set of sysctls <varname>hw.busdma.*</varname> 237 for &man.bus.dma.9; statistics has been added.</para> 238 239 <para>The &man.contigmalloc.9; function has been reimplemented 240 with an algorithm which stands a greatly-improved chance of working 241 despite pressure from running programs. The old algorithm can be used 242 by setting a sysctl <varname>vm.old_contigmalloc</varname>. More details 243 can be found in the &man.contigmalloc.9; manual page.</para> 244 245 <para>The &man.devfs.5; path rules now work correctly on 246 directories.</para> 247 248 <para>The &man.getvfsent.3; API has been removed.</para> 249 250 <para>The <varname>hw.pci.allow_unsupported_io_range</varname> 251 loader tunable has been removed.</para> 252 253 <para>&man.jail.2; now supports the use of raw sockets from within a jail. 254 This feature is disabled by default, and controlled by using the 255 <varname>security.jail.allow_raw_sockets</varname> sysctl.</para> 256 257 <para>&man.kqueue.2; now supports a new filter 258 <literal>EVFILT_FS</literal> to be used to signal generic file system 259 events to the user space. Currently, mount, unmount, and up/down 260 status of NFS are signaled.</para> 261 262 <para>KDB, a new debugger framework, has been added. 263 This consists of a new GDB backend, which has been rewritten to support 264 threading, run-length encoding compression, and so on, and 265 the frontend that provides a framework in which multiple, different 266 debugger backends can be configured and which provides 267 basic services to those backends. 268 The following options has been changed:</para> 269 270 <itemizedlist> 271 <listitem> 272 <para>KDB is enabled by default 273 via the kernel options <literal>options KDB</literal>, 274 <literal>options GDB</literal>, and <literal>options DDB</literal>. 275 Both <literal>DDB</literal> and 276 <literal>GDB</literal> specify which KDB backends to include.</para> 277 </listitem> 278 279 <listitem> 280 <para><literal>WITNESS_DDB</literal> has been renamed to 281 <literal>WITNESS_KDB</literal>.</para> 282 </listitem> 283 284 <listitem> 285 <para><literal>DDB_TRACE</literal> has been renamed to 286 <literal>KDB_TRACE</literal>.</para> 287 </listitem> 288 289 <listitem> 290 <para><literal>DDB_UNATTENDED</literal> has been renamed to 291 <literal>KDB_UNATTENDED</literal>.</para> 292 </listitem> 293 294 <listitem> 295 <para><literal>SC_HISTORY_DDBKEY</literal> has been renamed to 296 <literal>SC_HISTORY_KDBKEY</literal>.</para> 297 </listitem> 298 299 <listitem> 300 <para><literal>DDB_NOKLDSYM</literal> has been removed. 301 The new DDB backend supports pre-linker symbol 302 lookups as well as KLD symbol lookups at the same time.</para> 303 </listitem> 304 305 <listitem> 306 <para><literal>GDB_REMOTE_CHAT</literal> has been removed. 307 The GDB protocol hacks to allow this are &os; specific. 308 At the same time, the GDB protocol has packets for console 309 output.</para> 310 </listitem> 311 </itemizedlist> 312 313 <para>KDB also serves as the single point of contact for any and 314 all code that wants to make use of the debugger functions, 315 such as entering the debugger or handling of the 316 alternate break sequence. 317 For this purpose, the frontend has been made non-optional. 318 All debugger requests are forwarded or handed over to the current 319 backend, if applicable. 320 Selection of the current backend is done by the 321 <varname>debug.kdb.current</varname> sysctl. 322 A list of configured backends can be obtained with the 323 <varname>debug.kdb.available</varname> sysctl. 324 One can enter the debugger by writing to the 325 <varname>debug.kdb.enter</varname> sysctl.</para> 326 327 <para>A new sysctl <varname>debug.kdb.stop_cpus</varname> has been 328 added. This controls whether or not IPI (Inter Processor Interrupts) 329 to other CPUs will be delivered when entering the debugger, 330 in order to stop them while in the debugger.</para> 331 332 <para arch="amd64">Loadable kernel modules now work and are 333 enabled in the amd64 build.</para> 334 335 <para arch="amd64">Preliminary support for running 32-bit 336 Linux binaries on amd64 has been added. This feature is enabled with the 337 <literal>COMPAT_LINUX32</literal> kernel option.</para> 338 339 <para>A new kernel option <literal>MAC_STATIC</literal> which 340 disables internal MAC Framework synchronization protecting against 341 dynamic load and unload of MAC policies, has been added.</para> 342 343 <para>The &man.mac.bsdextended.4; policy now supports to match and 344 apply on a first rule only in place of all rules match. 345 This feature can be enabled by setting a new sysctl 346 <varname>mac_bsdextended_firstmatch_enabled</varname>.</para> 347 348 <para>The &man.mac.bsdextended.4; policy can now log 349 failed attempts to syslog's <literal>AUTHPRIV</literal> facility. 350 This feature can be enabled by setting a new sysctl 351 <varname>mac_bsdextended_logging</varname>.</para> 352 353 <para>mballoc has been replaced with mbuma, an Mbuf and Cluster 354 allocator built on top of a number of extensions to the UMA framework. 355 Due to this change, the <literal>NMBCLUSTERS</literal> kernel option 356 is no longer used. The maximum number of the clusters is still 357 capped off according to <literal>maxusers</literal>, 358 but it can be made unlimited by setting the 359 <varname>kern.ipc.nmbclusters</varname> loader tunable to zero.</para> 360 361 <para><filename>/dev/kmem</filename>, <filename>/dev/mem</filename>, 362 and <filename>/dev/io</filename> are also provided as kernel 363 loadable modules now.</para> 364 365 <para>A bug in &man.mmap.2; that pages marked as <literal>PROT_NONE</literal> 366 may become readable under certain circumstances, has been fixed. &merged;</para> 367 368 <para arch="i386,pc98">A new kernel option <literal>MP_WATCHDOG</literal> 369 has been added; it 370 allows one of the logical CPUs on a system to be used as a dedicated 371 watchdog to cause a drop to the debugger and/or generate an NMI 372 to the boot processor if the kernel ceases to respond. 373 Several sysctls are available to enable the watchdog running out of the 374 processor's idle thread; a callout is launched to reset a timer 375 in the watchdog. If the callout fails to reset the timer for ten seconds, 376 the timeout process will take place. The <varname>debug.watchdog_cpu</varname> 377 sysctl allows to select which CPU will run the watchdog.</para> 378 379 <para arch="i386,pc98">A sysctl <varname>debug.leak_schedlock</varname> 380 has been added. This causes a sysctl handler that incorrectly leaks 381 the holding sched lock, to spin the lock 382 in order to trigger the watchdog provided by the 383 <literal>MP_WATCHDOG</literal> option.</para> 384 385 <para>A new loader tunable <varname>debug.mpsafenet</varname> has been 386 added and enabled by default. This causes the &os; network stack 387 to operate without the Giant lock, resulting in performance 388 improvement by increasing parallelism and decreasing latency 389 in network processing. Note that enabling one of the &man.ng.tty.4; 390 Netgraph node type, KAME IPsec, and IPX/SPX subsystem results in a boot-time 391 restoration of Giant-enabled network operation, or run-time 392 warning on dynamic load as these components require Giant lock 393 for correct operation.</para> 394 395 <para>A new kernel option <varname>NET_WITH_GIANT</varname> has been 396 added. This restores the default value of debug.mpsafenet to 397 <literal>0</literal>, and is intended for use on systems compiled with 398 known unsafe components, or where a more conservative configuration is 399 desired.</para> 400 401 <para>A new loader tunable <varname>debug.mpsafevm</varname> has been 402 added. This currently results in almost 403 Giant-free execution of zero-fill page faults.</para> 404 405 <para arch="i386,amd64">A loader tunable <varname>debug.mpsafevm</varname> 406 has been enabled by default.</para> 407 408 <para arch="alpha,amd64,i386">A new kernel option 409 <literal>PREEMPTION</literal> has been added. 410 This allows the threads that are in the kernel to be preempted 411 by higher priority threads. It helps with interactivity and 412 allows interrupt threads to run sooner rather than waiting.</para> 413 414 <para>A devclass level has been added to the dev sysctl tree, 415 in order to support per-class variables in addition to 416 per-device variables. This means that <varname>dev.foo0.bar</varname> 417 is now called <varname>dev.foo.0.bar</varname>, and it is 418 possible to to have <varname>dev.foo.bar</varname> as well.</para> 419 420 <para>A new sysctl, <varname>kern.always_console_output</varname>, 421 has been added. It makes output from the kernel go to the console despite 422 the use of <varname>TIOCCONS</varname>.</para> 423 424 <para>A sysctl <varname>kern.sched.name</varname> 425 which has the name of the scheduler currently in use, 426 has been added, and the <varname>kern.quantum</varname> sysctl 427 has been moved to <varname>kern.sched.quantum</varname> 428 for consistency.</para> 429 430 <para>The &man.pci.4; bus resource and power management have 431 been updated. 432 433 <note> 434 <para>Although the &man.pci.4; bus power state management 435 has been enabled by default, it may cause problems on some systems. 436 This can be disabled by setting the tunable 437 <varname>hw.pci.do_powerstate</varname> to 438 <literal>0</literal>.</para> 439 </note> 440 </para> 441 442 <para>The ULE scheduler has been added as an additional scheduler. 443 Note that the conventional one, which is called 4BSD, is still used 444 as the default scheduler in <filename>GENERIC</filename> kernel. 445 For the average user, 446 interactivity is reported to be better in many cases. This 447 means less <quote>skipping</quote> and <quote>jerking</quote> in 448 interactive applications while the machine is very busy. This 449 will not prevent problems due to overloaded disk subsystems, but 450 it does help with overloaded CPUs. On SMP machines, ULE has 451 per-CPU run queues which allow for CPU affinity, CPU binding, 452 and advanced HyperThreading support, as well as providing a 453 framework for more optimizations in the future. As fine-grained 454 kernel locking continues, the scheduler will be able to make 455 more efficient use of the available parallel resources.</para> 456 457 <para>A linear search algorithm used in 458 &man.vm.map.findspace.9; has been replaced with 459 an O(log n) algorithm built into the map entry splay tree. 460 This significantly reduces the overhead in &man.vm.map.findspace.9; 461 for applications that &man.mmap.2; many hundreds or thousands 462 of regions.</para> 463 464 <para>The loader tunables <varname>debug.witness_*</varname> 465 have been renamed to <varname>debug.witness.*</varname>.</para> 466 467 <!-- Above this line, sort kernel changes by manpage/keyword--> 468 469 <para>The &os; dynamic and static linker now support Thread Local Storage (TLS), 470 a <application>GCC</application> feature which supports 471 a <literal>__thread</literal> modifier 472 to the declaration of global and static variables. 473 This extra modifier means that the variable's value is 474 thread-local; one thread changing its value will not 475 affect the value of the variable in any other thread.</para> 476 477 <para>The kernel's file descriptor allocation code has been 478 updated, and is now derived from similar code in OpenBSD.</para> 479 480 <para arch="sparc64">On &os;/sparc64, <varname>time_t</varname> 481 has been changed from a 32-bit value to a 64-bit value. 482 483 <note> 484 <para>Since this change is not backward-compatible, 485 any programs which were built on an older system using 486 a 32-bit <varname>time_t</varname> and 487 call system routines for handling 488 <varname>time_t</varname> values, will have to be recompiled. 489 More detailed information and notice on upgrading from 490 the source can be found in 491 <filename>/usr/src/UPDATING.64BTT</filename>.</para> 492 </note> 493 </para> 494 495 <para arch="i386">It is now possible to compile the &os;/i386 496 kernel with the Intel C/C++ Compiler (as in the <filename 497 role="package">lang/icc</filename> port).</para> 498 499 <sect3 id="boot"> 500 <title>Boot Loader Changes</title> 501 502 <para arch="i386">A serial console-capable version of 503 <filename>boot0</filename> has been added. It can be written 504 to a disk using &man.boot0cfg.8; and specifying 505 <filename>/boot/boot0sio</filename> as the argument to the 506 <option>-b</option> option.</para> 507 508 <para arch="i386"><filename>cdboot</filename> now works around a 509 BIOS problem observed on some systems when booting from USB 510 CDROM drives.</para> 511 512 <!-- Above this line, order boot loader changes by keyword--> 513 514 </sect3> 515 516 <sect3 id="proc"> 517 <title>Hardware Support</title> 518 519 <para arch="i386">The &man.acpi.asus.4; driver has been added 520 to use ACPI-controlled hardware features, such as hot keys and 521 LEDs on ASUSTek laptops.</para> 522 523 <para arch="i386">The &man.acpi.panasonic.4; driver has been added 524 to support hot keys of Panasonic laptops. It now supports 525 Let's note (or Toughbook, outside Japan) CF-R1N, CF-R2A, and 526 CF-R3.</para> 527 528 <para arch="i386">The &man.acpi.toshiba.4; driver has been added 529 to use Toshiba's Hardware Control Interface to manipulate 530 certain hardware features on Toshiba laptops, such as 531 video output switching.</para> 532 533 <para>The &man.acpi.video.4; driver has been added to provide 534 control display switching and backlight brightness using the 535 ACPI Video Extensions.</para> 536 537 <para arch="i386">The &man.acpi.4; driver now supports 538 per-device sysctls (<varname>dev.root0.nexus0.acpi0.acpi_lid0.wake</varname>, 539 for instance) to allow users to set whether or not a given 540 device can wake the system.</para> 541 542 <para arch="i386">The &man.acpi.4; driver will now 543 be disabled automatically when the machine has a well-known broken BIOS. 544 This behavior can be overridden by setting the loader tunable 545 <varname>hint.acpi.0.disabled</varname> to <literal>0</literal>.</para> 546 547 <para arch="amd64">The &man.agp.4; driver now supports the AMD64 graphics 548 aperture relocation table (GART).</para> 549 550 <para arch="i386">The &man.ctau.4; driver has been added for Cronyx Tau 551 synchronous serial adapters. This driver was known for a long time as 552 <quote>ct</quote> in its previous life outside the &os; source tree. &merged; 553 554 <note> 555 <para>The driver name has changed, but the network interface still 556 has the <devicename>ct</devicename> name.</para> 557 </note> 558 </para> 559 560 <para arch="i386,pc98">The &man.cp.4; driver has been added for Cronyx Tau-PCI 561 synchronous serial adapters.</para> 562 563 <para arch="i386,pc98">The <devicename>dgb</devicename> 564 (DigiBoard intelligent serial card) driver has been 565 removed due to breakage. Its replacement is the &man.digi.4; driver, 566 which supports all the hardware of the <devicename>dgb</devicename> 567 driver.</para> 568 569 <para>The &man.nmdm.4; driver has been rewritten to improve its reliability.</para> 570 571 <para>The <devicename>raid(4)</devicename> driver 572 (RAIDframe disk driver from NetBSD) has been removed. 573 It is currently non-functional, and would require some amount of work 574 to make it work under the &man.geom.4; API in 5-CURRENT.</para> 575 576 <para>An entry of the &man.pcic.4; driver has been removed from a 577 kernel configuration file for <filename>GENERIC</filename> kernel because 578 this is no longer maintained. The entry had actually 579 been commented out for a long time.</para> 580 581 <para arch="i386">The &man.psm.4; driver and &man.moused.8; 582 now support the Synaptics TouchPad.</para> 583 584 <para arch="i386">The entropy device &man.random.4; now 585 supports a hardware random number generator (RNG) 586 in the VIA C3 Nehemiah (Stepping 3 and above) CPU.</para> 587 588 <para arch="sparc64">The &man.sab.4; driver now supports the 589 <literal>BREAK_TO_DEBUGGER</literal> kernel option.</para> 590 591 <para arch="i386,pc98">The <devicename>sx</devicename> driver, 592 which supports Specialix I/O8+ and I/O4+ 593 intelligent multiport serial controllers, has been added.</para> 594 595 <para arch="alpha,amd64,i386">For the &man.uart.4; device, 596 the <varname>hw.uart.console</varname> and 597 <varname>hw.uart.dbgport</varname> kernel environment variables 598 have been added. They can be used to select a serial console and 599 debug port respectively, as well as the attributes.</para> 600 601 <para>The &man.ubser.4; device driver has been added to support 602 BWCT console management serial adapters.</para> 603 604 <para>&man.ucycom.4; driver has been added for 605 the Cypress CY7C637xx and CY7C640/1xx families of USB to RS232 bridges, 606 such as the one found in the DeLorme Earthmate USB GPS 607 receiver (which is the only device currently supported by this driver). 608 This driver is not complete because there is no support yet for flow 609 control and output.</para> 610 611 <para arch="i386">Several old drivers for ISA cards have been removed, 612 including 613 the <devicename>asc</devicename> driver for GI1904-based hand scanners, 614 the <devicename>ctx</devicename> driver for CORTEX-I Frame Grabber, 615 the <devicename>gp</devicename> driver for National Instruments AT-GPIB and AT-GPIB/TNT boards, 616 the <devicename>gsc</devicename> driver for the Genius GS-4500 hand scanner, 617 the <devicename>le</devicename> driver for DEC EtherWORKS II and III Ethernet controllers, 618 the <devicename>rdp</devicename> driver for RealTek RTL 8002-based pocket Ethernet adapters, 619 the <devicename>spigot</devicename> driver for the Creative Labs Video Spigot video-acquisition board, 620 the <devicename>stl</devicename> and 621 <devicename>stli</devicename> drivers for Stallion Technologies multiport serial 622 controllers, and the <devicename>wt</devicename> driver for Archive/Wangtek cartridge tapes. 623 They are currently non-functional, and would require a considerable 624 amount of work to make them work under the new API in 5-CURRENT. 625 The userland support such as related ioctls and utilities including 626 <devicename>sasc</devicename> and <devicename>sgsc</devicename> 627 has also been removed.</para> 628 629 <para>The device driver infrastructure (as well as many drivers) 630 have been updated. Among the changes: Many more drivers now use 631 automatically-assigned major numbers (instead of the old static 632 major numbers). Enhanced functions to support cloning of 633 pseudo-devices. Several changes to the driver API, including a 634 new <varname>d_version</varname> field in <varname>struct 635 cdevsw</varname>. Note that third-party device drivers will 636 require recompiling after this change.</para> 637 638 <sect4 id="mm"> 639 <title>Multimedia Support</title> 640 641 <para>The <devicename>meteor</devicename> (video capture) 642 driver has been removed due to 643 breakage and lack of maintainership.</para> 644 645 <para>The Direct Rendering Manager (DRM) code has been updated 646 from the DRI Project CVS tree as of 26 May, 2004. This update 647 includes new PCI IDs and a new packet for Radeon.</para> 648 649 <para>The drivers for various sound cards has been reorganized; 650 <literal>device sound</literal> is the generic sound driver, 651 and <literal>device snd_*</literal> are device-specific sound drivers now. 652 The <devicename>midi</devicename> driver, which supports serial port 653 and several sound cards, has been removed. 654 More details can be found in related manual pages: 655 &man.sound.4;, &man.snd.ad1816.4;, &man.snd.als4000.4;, &man.snd.cmi.4;, 656 &man.snd.cs4281.4;, &man.snd.csa.4;, &man.snd.ds1.4;, &man.snd.emu10k1.4;, 657 &man.snd.es137x.4;, &man.snd.gusc.4;, &man.snd.maestro3.4;, 658 &man.snd.sbc.4;, &man.snd.solo.4;, and &man.snd.uaudio.4;.</para> 659 660 <para>The &man.sound.4; (formerly &man.pcm.4;) driver has been modified to read 661 <filename>/boot/device.hints</filename> on startup, to allow setting 662 of default values for mixer channels. 663 Note that currently the device driver's name used in 664 <filename>/boot/device.hints</filename> is still <literal>pcm</literal>. 665 More detailed information and examples can be found in the &man.sound.4; 666 manual page.</para> 667 </sect4> 668 669 <sect4 id="net-if"> 670 <title>Network Interface Support</title> 671 672 <para arch="i386">The &man.arl.4; driver, which supports 673 Aironet Arlan 655 wireless adapters has been added. &merged;</para> 674 675 <para arch="sparc64">The &man.dc.4; driver now supports sparc64 676 Davicom cards that store their MAC address in 677 Open Firmware.</para> 678 679 <para>A short hiccup in the &man.em.4; driver during parameter 680 reconfiguration, has been fixed. &merged;</para> 681 682 <para>The &man.fwip.4; driver, which supports IP over FireWire has been added. 683 Note that currently the broadcast channel number is hardwired and 684 MCAP for multicast channel allocation is not supported. 685 This driver is intended to conform to the RFC 2734 and RFC 3146 686 standard for IP over FireWire and eventually replace 687 the &man.fwe.4; driver.</para> 688 689 <para>&man.fxp.4; now uses the device sysctl tree such as 690 <varname>dev.fxp0</varname>, and those sysctls can be set 691 on a per-device basis.</para> 692 693 <para>&man.fxp.4; now provides actual control over its capability 694 to receive extended Ethernet frames, indicated by the 695 <literal>VLAN_MTU</literal> interface capability. 696 It can be toggled from userland with the aid of the 697 <option>vlanmtu</option> and <option>-vlanmtu</option> options 698 to &man.ifconfig.8;.</para> 699 700 <para arch="i386,pc98">The <devicename>hea</devicename> 701 (Efficient Networks, Inc. ENI-155p ATM adapter) 702 driver has been removed due to breakage. Its functionality 703 has been subsumed into the &man.en.4; driver.</para> 704 705 <para>The &man.hme.4; driver now natively supports 706 long frames, so it can be used for &man.vlan.4; with full Ethernet 707 MTU size.</para> 708 709 <para>The &man.hme.4; driver now supports 710 TCP/UDP Transmit/Receive checksum offload. 711 Since &man.hme.4; does not compensate the checksum 712 for UDP datagram which can yield to <literal>0x0</literal>, 713 UDP transmit checksum offload is disabled by default. 714 This can be reactivated by setting the special link 715 option <option>link0</option> with &man.ifconfig.8;.</para> 716 717 <para>The &man.ixgb.4; driver, which supports 718 Intel PRO/10GBE 10 Gigabit Ethernet cards, has been 719 added. &merged;</para> 720 721 <para arch="i386">The <devicename>lmc</devicename> 722 (LAN Media Corp. PCI WAN adapter) driver has been 723 removed due to breakage and lack of maintainership.</para> 724 725 <para arch="i386">The <devicename>loran</devicename> 726 (Loran-C receiver) driver has been removed due to 727 breakage and lack of maintainership.</para> 728 729 <para arch="i386">&os; now provides a binary compatibility layer 730 for using µsoft.windows; NDIS drivers for network 731 adapters under &os;/i386. It includes a relocator/linker for 732 &windows; <filename>.SYS</filename> files to interface with 733 the &os; kernel and emulates various parts of the NDIS API 734 using native &os; kernel functions. This system supports PCI 735 (&man.pci.4;) and CardBus (&man.cardbus.4;) network devices, 736 and is designed principally for 737 Ethernet and wireless network interfaces. 738 For more information, see the &man.ndis.4; and 739 &man.ndiscvt.8; manual pages.</para> 740 741 <para>A bug that prevents VLAN support in the &man.nge.4; driver 742 from working has been fixed. &merged;</para> 743 744 <para>Several bugs related to &man.polling.4; support 745 in the &man.rl.4; driver have been fixed. &merged;</para> 746 747 <para>Several bugs related to multicast and promiscuous mode 748 handling in the &man.sk.4; driver have been fixed.</para> 749 750 <para>The &man.ste.4; driver now supports &man.polling.4;. 751 &merged;</para> 752 753 <para>The &man.udav.4; driver has been added. It provides 754 support for USB Ethernet adapters based on the Davicom DM9601 755 chipset.</para> 756 757 <para>&man.vge.4; driver, which supports 758 the VIA Networking Technologies 759 VT6122 Gigabit Ethernet chip and integrated 10/100/1000 copper PHY, 760 has been added.</para> 761 762 <para>The &man.vr.4; driver now supports &man.polling.4;. &merged;</para> 763 764 <para>The hardware TX checksum support in the &man.xl.4; driver 765 has been disabled as it does not work correctly and slows down 766 the transmission rate. &merged;</para> 767 768 <para>Interface &man.polling.4; support 769 can now be enabled on a per-interface basis. All of the network drivers that support &man.polling.4; 770 (&man.dc.4;, &man.fxp.4;, &man.em.4;, &man.nge.4;, &man.re.4;, 771 &man.rl.4;, &man.sis.4;, &man.ste.4;, and &man.vr.4;) 772 now also support this capability and it can be controlled 773 via &man.ifconfig.8;. &merged;</para> 774 </sect4> 775 </sect3> 776 777 <sect3 id="net-proto"> 778 <title>Network Protocols</title> 779 780 <para>The &man.gre.4; tunnel driver now supports WCCP version 781 2.</para> 782 783 <para>&man.ipfw.4; rules now support the <literal>versrcreach</literal> 784 option to verify that a valid route to the source address 785 of a packet exists in the routing table. 786 This option is very useful for routers with a complete view of 787 the Internet (BGP) in the routing table to reject packets with 788 spoofed or unroutable source addresses. For example, 789 790 <programlisting>deny ip from any to any not versrcreach</programlisting> 791 792 is equivalent to the following in Cisco IOS syntax: 793 794 <programlisting>ip verify unicast source reachable-via any</programlisting> 795 </para> 796 797 <para>&man.ipfw.4; rules now support the <literal>antispoof</literal> 798 option to verify if incoming packet's source address belongs to 799 a directly connected network. If the network is directly 800 connected, then the interface the packet came on in is compared to 801 the interface the network is connected to. When incoming interface 802 and directly connected interface are not the same, the packet does 803 not match. For example: 804 805 <programlisting>deny ip from any to any not antispoof in</programlisting> 806 </para> 807 808 <para>&man.ipfw.4; rules now support the <literal>jail</literal> 809 option to associate the rule with a specific prison ID. 810 For example: 811 812 <programlisting>count ip from any to any jail 2</programlisting> 813 814 Note that this rule currently applies for TCP and UDP packets only. 815 </para> 816 817 <para>&man.ipfw.4; now supports lookup tables. This feature is 818 useful for handling large sparse address sets. &merged;</para> 819 820 <para>The &man.ipfw.4; <literal>forward</literal> rule has to be compiled 821 into the kernel with a kernel option <literal>IPFIREWALL_FORWARD</literal> 822 to enable it.</para> 823 824 <para>A new sysctl <varname>net.inet.ip.process_options</varname> 825 to control the processing of IP options. When this sysctl 826 is set to <literal>0</literal> IP options are ignored and passed unmodified, 827 set to <literal>1</literal> all IP options are processed (default), 828 and set to <literal>2</literal> all packets with 829 IP options are rejected with an ICMP filter prohibited message, 830 respectively.</para> 831 832 <para>Some bugs in the IPsec implementation from the KAME 833 Project have been fixed. These bugs were related to freeing 834 memory objects before all references to them were removed, and 835 could cause erratic behavior or kernel panics after flushing 836 the Security Policy Database (SPD).</para> 837 838 <para>&man.natd.8; now supports multiple instances via 839 a new option <option>globalports</option>. 840 This allows &man.natd.8; to be bound to 841 different network interfaces and sharing of load.</para> 842 843 <para>The &man.ng.atmllc.4; Netgraph node type, which handles 844 RFC 1483 ATM LLC encapsulation, has been added.</para> 845 846 <para>The &man.ng.hub.4; Netgraph node type, which supports 847 a simple packet distribution that acts like an Ethernet hub, 848 has been added. &merged;</para> 849 850 <para>The &man.ng.rfc1490.4; Netgraph node type now supports 851 Cisco style encapsulation, which is often used alongside 852 RFC 1490 in frame relay links.</para> 853 854 <para>The &man.ng.sppp.4; Netgraph node type, which is a &man.netgraph.4 855 interface to the original &man.sppp.4 network module for synchronous 856 lines, has been added.</para> 857 858 <para>A new Netgraph method has been added to restore some 859 behavior lost in the change from 4.<replaceable>X</replaceable> style &man.ng.tee.4; 860 Netgraph nodes.</para> 861 862 <para>The &man.ng.vlan.4; Netgraph node type, which supports 863 IEEE 802.1Q VLAN tagging, has been added. &merged;</para> 864 865 <para><literal>PFIL_HOOKS</literal> support is now always 866 compiled into the kernel, and the associated kernel compile 867 options have been removed. All of the packet filter subsystems 868 that &os; supports now use the <literal>PFIL_HOOKS</literal> 869 framework.</para> 870 871 <para>The link state change notification of Ethernet media 872 support has been added to the routing socket.</para> 873 874 <para>Link Quality Monitoring (LQM) support in &man.ppp.8; 875 has been reimplemented. LQM, which is described 876 in RFC 1989, allows PPP to keep track of the quality 877 of a running connection. &merged;</para> 878 879 <para>The pseudo-interface cloning has been updated and 880 the match function to allow creation of &man.stf.4; 881 interfaces named <devicename>stf0</devicename>, 882 <devicename>stf</devicename>, or <devicename>6to4</devicename>. 883 Note that this breaks backward compatibility; for example, 884 <command>ifconfig stf</command> now creates 885 the interface named <devicename>stf</devicename>, 886 not <devicename>stf0</devicename>, and does not print 887 <devicename>stf0</devicename> to stdout.</para> 888 889 <para>The following TCP features are now enabled by default: RFC 890 3042 (Limited Retransmit), RFC 3390 (increased initial 891 congestion window sizes), TCP bandwidth-delay product 892 limiting. A set of sysctls <varname>net.inet.tcp.rfc3042</varname>, 893 <varname>net.inet.tcp.rfc3390</varname>, and 894 <varname>net.inet.tcp.inflight.enable</varname> 895 for these features are available. 896 More information can be found in &man.tcp.4;.</para> 897 898 <para>&os;'s TCP implementation now includes support for a 899 minimum MSS (settable via the 900 <varname>net.inet.tcp.minmss</varname> sysctl variable) and a 901 rate limit on connections that send many small TCP segments 902 within a short period of time (via the 903 <varname>net.inet.tcp.minmssoverload</varname> sysctl 904 variable). Connections exceeding this limit may be reset and 905 dropped. This feature provides protection against a class of 906 resource exhaustion attacks.</para> 907 908 <para>The TCP implementation now includes partial (output-only) 909 support for RFC 2385 (TCP-MD5) digest support. This feature, 910 enabled with the <literal>TCP_SIGNATURE</literal> and 911 <literal>FAST_IPSEC</literal> kernel options, is a TCP option 912 for authenticating TCP sessions. &man.setkey.8; now includes 913 support for the TCP-MD5 class of security associations. 914 &merged;</para> 915 916 <para>The TCP connection reset handling has been improved to 917 make several reset attacks as difficult as possible while 918 maintaining compatibility with the widest range of TCP stacks.</para> 919 920 <para>The implementation of RFC 1948 has been improved. 921 The time offset component of an Initial Sequence Number (ISN) 922 now includes random positive 923 increments between clock ticks so that ISNs will always 924 be increasing, no matter how quickly the port is recycled.</para> 925 926 <para>The random ephemeral port allocation, which come from OpenBSD 927 has been implemented. This is enabled by default and can be disabled 928 by using the <varname>net.inet.ip.portrange.randomized</varname> 929 sysctl. &merged;</para> 930 931 <para>TCP Selective Acknowledgements (SACK) as described in RFC 932 2018 have been added. This improves TCP performance over 933 connections with heavy packet loss. SACK can be enabled with 934 the sysctl <varname>net.inet.tcp.sack.enable</varname>.</para> 935 </sect3> 936 937 <sect3 id="disks"> 938 <title>Disks and Storage</title> 939 940 <para>The &man.ata.4; driver now supports &man.cardbus.4; ATA/SATA 941 controllers.</para> 942 943 <para>A number of bugs in the &man.ata.4; driver have been 944 fixed. Most notably, master/slave device detection should 945 work better, and some problems with timeouts should be 946 resolved.</para> 947 948 <para>The &man.ata.4; driver now supports the Promise command 949 sequencer present on all modern Promise controllers 950 (PDC203** PDC206**). 951 952 <note> 953 <para>This also adds preliminary support for the 954 Promise SX4/SX4000 as a <quote>normal</quote> Promise ATA 955 controller; ATA RAID's are supported though 956 but only RAID0, RAID1 and RAID0+1.</para> 957 </note> 958 </para> 959 960 <para>The <literal>DA_OLD_QUIRKS</literal> kernel option, 961 which is for the CAM SCSI disk driver (&man.cam.4;), 962 has been removed. &merged;</para> 963 964 <para arch="pc98">A bug of the automatic density selection code 965 in the &man.fd.4; driver has been fixed.</para> 966 967 <para>A bug in &man.geom.4; that could result in I/O hangs in some rare 968 cases has been fixed.</para> 969 970 <para>A new <literal>GEOM_CONCAT</literal> 971 &man.geom.4; class has been added to concatenate 972 multiple disks to appear as a single larger disk.</para> 973 974 <para>A new <literal>GEOM_NOP</literal> &man.geom.4; class for various 975 testing purposes has been added.</para> 976 977 <para>A new <literal>GEOM_RAID3</literal> &man.geom.4; class for 978 RAID3 transformation and &man.graid3.8; userland utility 979 have been added.</para> 980 981 <para>A new <literal>GEOM_STRIPE</literal> 982 &man.geom.4; class which implements RAID0 transformation has been added. 983 This class has two modes: <quote>fast</quote> and 984 <quote>economic</quote>. In fast mode, 985 when very small stripe size is used, only one I/O request 986 will be sent to every disk in a stripe; it performs about 10 987 times faster for small stripe sizes than economic 988 mode and other RAID0 implementations. 989 While fast mode is used by default, 990 it consumes more memory than 991 economic mode, which sends requests each time. 992 Economic mode can be enabled by setting a loader tunable 993 <varname>kern.geom.stripe.fast</varname> to 0. 994 It is also possible to specify the maximum memory 995 that fast mode can consume, 996 by setting the loader tunable 997 <varname>kern.geom.stripe.maxmem</varname>.</para> 998 999 <para>GEOM Gate, which consists of a new <literal>GEOM_GATE</literal> 1000 &man.geom.4; class and several GEOM Gate userland utilities 1001 (&man.ggatel.8;, &man.ggatec.8;, 1002 and &man.ggated.8;) has been added. It supports exporting 1003 devices, including non &man.geom.4;-aware devices, 1004 through the network.</para> 1005 1006 <para>A new <literal>GEOM_LABEL</literal> 1007 &man.geom.4; class to detect volume labels on various file systems, 1008 such as UFS, MSDOSFS (FAT12, FAT16, FAT32), and ISO9660, 1009 has been added.</para> 1010 1011 <para>A new <literal>GEOM_GPT</literal> &man.geom.4; class, 1012 which supports GUID Partition Table (GPT) partitions 1013 and the ability to have a large 1014 number of partitions on a single disk, has been added into 1015 <filename>GENERIC</filename> by default.</para> 1016 1017 <para>A new <literal>GEOM_MIRROR</literal> &man.geom.4; class to support 1018 which supports RAID1 functionality, has been added. 1019 The &man.gmirror.8; utility can be used for control 1020 of this class.</para> 1021 1022 <para>A new <literal>GEOM_UZIP</literal> &man.geom.4; class to implement 1023 read-only compressed disks has been added. 1024 This currently supports cloop V2.0 disk compression format.</para> 1025 1026 <para>A new <literal>GEOM_VINUM</literal> &man.geom.4; class to support 1027 cooperation between &man.vinum.4; and &man.geom.4; 1028 has been added.</para> 1029 1030 <para>The &man.ips.4; driver now supports the recent 1031 Adaptec ServeRAID series SCSI controller cards.</para> 1032 1033 <para arch="sparc64">A bug in the &man.isp.4; driver 1034 which prevents the cards on SBus from working correctly, 1035 has been fixed.</para> 1036 1037 <para arch="i386">The &man.twa.4; driver, which supports 1038 3ware's 9000 series PATA/SATA RAID controllers has been added. &merged;</para> 1039 1040 <para>The &man.umass.4; driver now supports the missing 1041 ATAPI MMC commands and handles the timeout properly. &merged;</para> 1042 1043 <para>The &man.vinum.4; volume manager, has been updated to use 1044 &man.geom.4;, the 5.x disk I/O request transformation framework. 1045 A <command>gvinum</command> userland utility has been added.</para> 1046 1047 <para arch="sparc64">The &man.esp.4; device driver has been 1048 ported from NetBSD to support the SBus SCSI card in Sun Ultra 1049 1e and 2 machines.</para> 1050 1051 <para>Support for LSI-type software RAID has been added.</para> 1052 1053 </sect3> 1054 1055 <sect3 id="fs"> 1056 <title>File Systems</title> 1057 1058 <para>The autofs(9) file system and the userland library 1059 &man.libautofs.3; have been added.</para> 1060 1061 <para>The EXT2FS file system code now includes partial support 1062 for large (> 4GB) files. This support is partial in that 1063 it will refuse to create large files on file systems that have 1064 not been upgraded to <literal>EXT2_DYN_REV</literal> or that 1065 do not have the 1066 <literal>EXT2_FEATURE_RO_COMPAT_LARGE_FILE</literal> flag set 1067 in the superblock.</para> 1068 1069 <para>A panic in the NFSv4 client has been fixed; this occurred 1070 when attempting operations against an NFSv3/NFSv2-only 1071 server.</para> 1072 1073 <para>The <literal>MSDOSFS_LARGE</literal> kernel option 1074 has been added to support FAT32 file systems bigger 1075 than 128GB. This option is disabled by default. It 1076 uses at least 32 bytes of kernel memory for 1077 each file on disk; furthermore it is only safe to use in certain 1078 controlled situations, such as read-only mount 1079 with less than 1 million files and so on. 1080 Exporting these large file systems 1081 over NFS is not supported.</para> 1082 1083 <para>The SMBFS client now has support for SMB request signing, 1084 which prevents <quote>man in the middle</quote> attacks and is 1085 required in order to connect to Windows 2003 servers in their 1086 default configuration. As signing each message imposes a 1087 significant performance penalty, this feature is only enabled 1088 if the server requires it; this may eventually become an 1089 option to &man.mount.smbfs.8;.</para> 1090 </sect3> 1091 1092 <sect3> 1093 <title>Contributed Software</title> 1094 1095 <para>The <application>ALTQ framework</application> 1096 has been imported from a KAME snapshot as of 7 June, 2004. 1097 This import breaks ABI compatibility of 1098 <varname>struct ifnet</varname> and requires all network 1099 drives to be recompiled. 1100 Additionally some of the networking drivers have been 1101 modified to support the ALTQ framework. 1102 Updated drivers are &man.bfe.4;, &man.em.4;, &man.fxp.4;, 1103 &man.em.4;, &man.lnc.4;, &man.tun.4;, &man.de.4;, 1104 &man.rl.4;, &man.sis.4;, and &man.xl.4;.</para> 1105 1106 <para><application>IPFilter</application> has been updated 1107 from version 3.4.31 to version 3.4.35 &merged;.</para> 1108 1109 <para arch="ia64">An ia64 stack unwinder, 1110 <application>Unwind Express (libuwx)</application> 1111 by Hewlett-Packard has been imported for use in the kernel.</para> 1112 </sect3> 1113 </sect2> 1114 1115 <sect2 id="userland"> 1116 <title>Userland Changes</title> 1117 1118 <para>&man.acpidump.8; now supports SSDT tables. Dumping or 1119 disassembling the DSDT will now include the contents if 1120 there are any SSDT table as well.</para> 1121 1122 <para>&man.bsdlabel.8; now supports a <option>-f</option> option 1123 to work on files instead of disk partitions.</para> 1124 1125 <para>&man.bsdtar.1; is now the default &man.tar.1; utility in the &os; 1126 base system. <filename>/usr/bin/tar</filename> 1127 has been a symlink pointing to 1128 <filename>/usr/bin/bsdtar</filename> by default. 1129 To return to using <filename>/usr/bin/gtar</filename> by 1130 default, the <varname>WITH_GTAR</varname> 1131 make variable can be used.</para> 1132 1133 <para>The <command>bthidcontrol</command> and 1134 <command>bthidd</command> commands, which support Bluetooth 1135 HIDs (Human Interface Devices), have been added.</para> 1136 1137 <para>&man.col.1;, &man.colcrt.1;, &man.colrm.1;, 1138 &man.column.1;, &man.fmt.1;, &man.join.1;, &man.rev.1;, 1139 &man.tr.1;, and &man.ul.1; now support multibyte characters.</para> 1140 1141 <para>&man.conscontrol.8; now supports 1142 <literal>set</literal> and <literal>unset</literal> 1143 commands which set/unset the virtual console. 1144 <literal>unset</literal> makes outputs from the system, such as 1145 the kernel &man.printf.9;, always go out to the real 1146 main console. This is an interface to the tty ioctl 1147 <literal>TIOCCONS</literal>.</para> 1148 1149 <para>The &man.cron.8 daemon now accepts two new options, 1150 <option>-j</option> and <option>-J</option>, to enable 1151 time jitter for jobs to run as unprivileged users and the 1152 superuser, respectively. Time jitter means that &man.cron.8 1153 will sleep for a small random period of time in the specified 1154 range before executing a job. This feature is intended to 1155 smooth load peaks appearing when a lot of jobs are scheduled 1156 for a particular moment. &merged;</para> 1157 1158 <para>A bug that prevents &man.crontab.1 with the <option>-e</option> 1159 option from properly prompting the user to re-edit the entries written in 1160 the incorrect format, has been fixed.</para> 1161 1162 <para>&man.cut.1; <option>-c</option>, 1163 <option>-d</option>, and <option>-f</option> 1164 now work correctly in locales with multibyte characters.</para> 1165 1166 <para>&man.cvs.1; now supports <option>iso8601</option> 1167 option keyword to print dates in ISO 8601 format.</para> 1168 1169 <para>&man.daemon.8; now supports a <option>-p</option> 1170 option to create a PID file.</para> 1171 1172 <para>&man.dd.1; now supports a <option>fillchar</option> option 1173 to specify an alternative padding character when using a conversion 1174 mode, or when using <option>noerror</option> with 1175 <option>sync</option> and an input error occurs.</para> 1176 1177 <para>&man.df.1; now supports a <option>-c</option> option to display 1178 a grand total of statistics for file systems.</para> 1179 1180 <para>A bug in &man.df.1;, which can print invalid information 1181 when a <option>-t</option> option is specified and 1182 a mount point is not accessible by the calling user, 1183 has been fixed.</para> 1184 1185 <para>The <command>doscmd</command> utility has been 1186 removed from the &os; base system. It is now available 1187 via the <filename role="package">emulators/doscmd</filename> 1188 port in the &os; Ports Collection.</para> 1189 1190 <para>&man.dump.8; and &man.restore.8; now support 1191 a <option>-P</option> option to specify backup methods 1192 other than files and tapes. The argument is passed to 1193 a normal &man.sh.1; pipeline with either the 1194 <varname>$DUMP_VOLUME</varname> or <varname>$RESTORE_VOLUME</varname> 1195 environment variable defined, respectively. 1196 For more information, see &man.dump.8; and &man.restore.8;.</para> 1197 1198 <para>The &man.eeprom.8; utility to display and 1199 modify system configurations stored in EEPROM or NVRAM 1200 has been added. The current implementation supports 1201 systems equipped with Open Firmware.</para> 1202 1203 <para arch="pc98">The &man.fdcontrol.8;, &man.fdformat.1;, and 1204 &man.fdread.1; utilities now work on &os;/pc98.</para> 1205 1206 <para>&man.fgetwln.3; function, a wide character version of 1207 &man.fgetln.3; has been added.</para> 1208 1209 <para>The &man.find.1; utility now supports a <option>-acl</option> 1210 primary to locate files with &man.acl.3;.</para> 1211 1212 <para>The &man.find.1; utility now supports a new primary 1213 <option>-depth <replaceable>n</replaceable></option> 1214 which tests whether the depth of the current file relative 1215 to the starting point of the traversal is <replaceable>n</replaceable>. 1216 &merged;</para> 1217 1218 <para>&man.ftpd.8; now opens a socket for a data transfer 1219 in active mode using effective UID of the current user, 1220 not <username>root</username>. This is useful for matching anonymous FTP data 1221 traffic with a single &man.ipfw.8; rule with <literal>uid</literal>.</para> 1222 1223 <para>The &man.ftw.3; and &man.nftw.3; functions have been implemented. 1224 These are used to traverse a directory hierarchy.</para> 1225 1226 <para>The &man.geom.8; utility for operating on &man.geom.4; classes 1227 from the userland has been added.</para> 1228 1229 <para>&man.gpt.8;, a GUID partition table maintenance utility, 1230 now supports a <option>remove</option> command. Its 1231 <option>add</option> command now supports a <option>-i</option> option, 1232 which allows the user to specify 1233 the partition number of a new partition.</para> 1234 1235 <para>The &man.id.1; now supports a <option>-M</option> option 1236 to print the MAC label of the current process.</para> 1237 1238 <para>&man.ifconfig.8; now supports renaming of network interfaces 1239 at run-time using the <option>name</option> parameter.</para> 1240 1241 <para>&man.ifconfig.8; now prints the &man.polling.4; status 1242 on the interface. &merged;</para> 1243 1244 <para>&man.ifconfig.8; now provides the 1245 <option>vlanmtu</option> and <option>-vlanmtu</option> options, 1246 which control the capability of some Ethernet interfaces 1247 to receive extended frames (i.e. frames containing more than 1248 1500 bytes of payload).</para> 1249 1250 <para>&man.ifconfig.8; now provides the 1251 <option>vlanhwtag</option> and <option>-vlanhwtag</option> options, 1252 which control the capability of some Ethernet interfaces 1253 to process VLAN tags in the hardware.</para> 1254 1255 <para>&man.indent.1; now supports a <option>-ldi</option> option 1256 to control indentation of local variables. A number of other 1257 tunings were made to this utility.</para> 1258 1259 <para>&man.indent.1; now supports <option>-fbs</option> and 1260 <option>-ut</option> for function declarations 1261 with the opening brace on the same line as the declaration 1262 of arguments all spaces and no tabs in order 1263 to fix problem when non-8 space tabs are used.</para> 1264 1265 <para>&man.ip6fw.8; now supports a <option>-n</option> flag to 1266 stop it from making any changes to the rules in the kernel</para> 1267 1268 <para>&man.ipcs.1; now supports a <option>-u</option> option to 1269 display information about IPC mechanisms owned by the specified 1270 user.</para> 1271 1272 <para>&man.ipfw.8; now supports a <option>-b</option> flag to 1273 print only the action and comment for each rule, thus omitting 1274 the rule body.</para> 1275 1276 <para>&man.jail.8; now supports a <option>-U</option> option to 1277 run command as a user which exists only in the &man.jail.2; 1278 environment.</para> 1279 1280 <para>&man.jail.8; now supports a <option>-l</option> option to 1281 clean the environment. All environment variables are discarded 1282 except for <varname>HOME</varname>, <varname>SHELL</varname>, 1283 <varname>PATH</varname>, <varname>TERM</varname>, and 1284 <varname>USER</varname> before running the jailed program under 1285 specific user's credentials. This behavior is similar to that 1286 provided by the &man.su.1; <option>-l</option> 1287 option.</para> 1288 1289 <para>&man.kgdb.1;, a kernel debugging utility which uses 1290 <application>libgdb</application> 1291 and understands kernel threads, kernel modules, and &man.kvm.3;, 1292 has been added.</para> 1293 1294 <para>&man.killall.1; now supports a <option>-e</option> flag to 1295 make the <option>-u</option> operate on effective, rather than 1296 real, user IDs. &merged;</para> 1297 1298 <para>&man.libalias.3; now has support (and a new API) for 1299 multiple aliasing instances in a single process. The existing 1300 API has been reimplemented in terms of the new one to preserve 1301 compatibility.</para> 1302 1303 <para>A <application>libarchive</application> library for manipulation 1304 of compressed and uncompressed archive files has been 1305 added. More details can be found in &man.libarchive.3;.</para> 1306 1307 <para arch="pc98"><application>libdisk</application> now uses the 1308 correct PC98 disk partition value for &os;. This permits the 1309 &man.sysinstall.8; disk partition editor to correctly create a 1310 single &os; partition covering the entire disk. &merged;</para> 1311 1312 <para><application>libdisk</application> now uses 1313 <varname>d_addr_t</varname> for disk addresses. 1314 This allows &man.sysinstall.8; to properly handle disks 1315 and file systems more than 1 TB.</para> 1316 1317 <para arch="i386,pc98,amd64,ia64">The library formerly known as 1318 <application>libkse</application> has been renamed 1319 <application>libpthread</application> and is now the default threading 1320 library on the i386, amd64, and ia64 platforms. 1321 <application>GCC</application>'s <option>-pthread</option> 1322 option has been changed to use <application>libpthread</application> 1323 rather than <application>libc_r</application>. 1324 1325 <note> 1326 <para>Users with older binaries (for example, ports compiled 1327 before this change was made) should use &man.libmap.conf.5; 1328 to map <application>libc_r</application> and/or 1329 <application>libkse</application> to 1330 <application>libpthread</application>.</para> 1331 </note> 1332 1333 <note> 1334 <para>Users with NVIDIA-supplied drivers and libraries may 1335 need to use a &man.libmap.conf.5; that maps 1336 <application>libpthread</application> references to the older 1337 <application>libc_r</application> since these drivers and 1338 utilities do not work with 1339 <application>libpthread</application>.</para> 1340 </note> 1341 </para> 1342 1343 <para><application>libpthread</application> now supports 1344 a <varname>LIBPTHREAD_SYSTEM_SCOPE</varname> environment 1345 variable to force 1:1 mode (using system scope threads). Note that 1346 building <application>libpthread</application> with 1347 <option>-DSYSTEM_SCOPE_ONLY</option> flag also forces 1:1 mode, 1348 and that this option is set by default for architectures that do not 1349 support M:N mode yet. 1350 In addition, a <varname>LIBPTHREAD_PROCESS_SCOPE</varname> environment 1351 variable can be used to force M:N mode (using process scope 1352 threads). For example:</para> 1353 1354 <screen>&prompt.user; <userinput>LIBPTHREAD_SYSTEM_SCOPE=yes <replaceable>threaded_app</replaceable></userinput></screen> 1355 1356 <para>forces the application <replaceable>threaded_app</replaceable> to use 1357 system scope threads, and</para> 1358 1359 <screen>&prompt.user; <userinput>LIBPTHREAD_PROCESS_SCOPE=yes <replaceable>threaded_app</replaceable></userinput></screen> 1360 1361 <para>forces it to use process scope threads, respectively.</para> 1362 1363 <para>A bug in the <option>-d</option> option of &man.look.1; 1364 has been fixed. Also, &man.look.1; now works correctly in 1365 locales with multibyte characters.</para> 1366 1367 <para>&man.ls.1; now treat filenames as multibyte character strings 1368 according to the current <varname>LC_CTYPE</varname> 1369 when determining which characters are printable.</para> 1370 1371 <para>&man.make.1; now supports the new <literal>.warning</literal> 1372 directive.</para> 1373 1374 <para>&man.make.1; now supports the POSIX-compatible 1375 <literal>+</literal> flag in <filename>Makefile</filename> command lines, 1376 which causes a line to be executed even when <option>-n</option> 1377 is specified. This is useful for calls to submakes, for example.</para> 1378 1379 <para>&man.make.1; now puts variable assignments from 1380 the command line into the <varname>MAKEFLAGS</varname> 1381 variable as required by POSIX. This causes such variables 1382 to be pushed into all sub-makes called by the &man.make.1; 1383 (except when the <varname>MAKEFLAGS</varname> 1384 variable is explicitly changed in the sub-make's environment). 1385 This makes them also mostly un-overrideable 1386 in sub-makes except on the sub-make's command line.</para> 1387 1388 <para arch="i386">The &man.mkuzip.8;, which is a non-GPL 1389 utility to compress file system images for use with 1390 <literal>GEOM_UZIP</literal> &man.geom.4; module, 1391 has been added.</para> 1392 1393 <para>The &man.nearbyint.3; and 1394 &man.nearbyintf.3; C99 functions 1395 have been implemented.</para> 1396 1397 <para>The <filename>tgmath.h</filename> C99 header has 1398 been implemented. This provides 1399 type-generic macros for the <filename>math.h</filename> 1400 and <filename>complex.h</filename> functions that have 1401 float, double and long double implementations.</para> 1402 1403 <para>The GNU extensions of &man.mbsnrtowcs.3; 1404 and &man.wcsnrtombs.3; have been implemented.</para> 1405 1406 <para>&man.newsyslog.8; now allows the users to set 1407 a debugging option via the <filename>newsyslog.conf</filename> 1408 file.</para> 1409 1410 <para>&man.newsyslog.8; now uses a new order when processing 1411 files to rotate. It first rotates all files that need 1412 to be rotated, then sends a single signal to each process 1413 which needs to be signaled, and finally compresses 1414 all the files that were rotated.</para> 1415 1416 <para>A &man.nextwctype.3; function to iterate over all characters 1417 in a particular character class 1418 has been added.</para> 1419 1420 <para>Initial support for UTF-8 versions of all the currently 1421 supported system locales has been added. This is primarily 1422 for the benefit of the <filename role="package">misc/utf8locale</filename> 1423 port.</para> 1424 1425 <para>An Israel Hebrew locale <literal>he_IL.UTF-8</literal> 1426 has been added.</para> 1427 1428 <para>The &man.logins.1; utility has been added to display 1429 information about user and system accounts.</para> 1430 1431 <para>&man.mountd.8; now supports the <option>-p</option> option, 1432 which allows users to specify a known port for use 1433 in firewall rulesets.</para> 1434 1435 <para>&man.netstat.1; now displays the multicast group 1436 memberships present in the system.</para> 1437 1438 <para>&man.newfs.8; and &man.mdmfs.8; now support a 1439 <option>-l</option> flag to enable them to set the MAC 1440 multilabel flag on new file systems without requiring the use of 1441 &man.tunefs.8;.</para> 1442 1443 <para>&man.nologin.8; now reports login attempts via 1444 &man.syslogd.8;.</para> 1445 1446 <para>&man.nologin.8; has been moved from <filename>/sbin/nologin</filename> 1447 to <filename>/usr/sbin/nologin</filename>. 1448 <filename>/sbin/nologin</filename> remains as a symbolic link 1449 for backward compatibility.</para> 1450 1451 <para>A bugfix has been applied to NSS support, which fixes 1452 problems when using third-party NSS modules (such as <filename 1453 role="package">net/nss_ldap</filename>) and groups with large 1454 membership lists.</para> 1455 1456 <para>&man.od.1; now has POSIX-style support for multibyte 1457 characters.</para> 1458 1459 <para>&man.patch.1; has been replaced with a BSD-licensed version 1460 from OpenBSD. This includes a <option>--posix</option> option 1461 for strict POSIX conformance.</para> 1462 1463 <para>The &man.pgrep.1; and &man.pkill.1; commands, which come from NetBSD, 1464 have been added. They also support a <option>-M</option> option 1465 to extract values associated with the name list from the 1466 specified core instead of the default <filename>/dev/kmem</filename>, 1467 and a <option>-N</option> option to extract the name list from 1468 the specified system instead of the default kernel.</para> 1469 1470 <para>&man.ppp.8; now supports a <quote>set rad_alive 1471 <replaceable>N</replaceable></quote> command 1472 to enable periodic RADIUS accounting information 1473 being sent to the RADIUS server. &merged;</para> 1474 1475 <para>&man.ppp.8; now supports a 1476 <quote>set pppoe [standard|3Com]</quote> command 1477 to configure the operating mode of an underlying 1478 &man.ng.pppoe.4; Netgraph node.</para> 1479 1480 <para>&man.ps.1; compatibility with POSIX/SUSv3 has been improved. 1481 The changes include <option>-p</option> for a list of process IDs, 1482 <option>-t</option> for a list of terminal names, 1483 <option>-A</option> which is equivalent to <option>-ax</option>, 1484 <option>-G</option> for a list of group IDs, 1485 <option>-X</option> which is the opposite of <option>-x</option>, 1486 and some minor improvements. For more information, see &man.ps.1;. 1487 &merged;</para> 1488 1489 <para>&man.ps.1; now supports a <option>-O emul</option> 1490 format option, which prints the name of the system call emulation 1491 environment the process is in.</para> 1492 1493 <para>&man.pw.8; now supports a <option>-H</option> option, which 1494 accepts an encrypted password on a file descriptor. &merged;</para> 1495 1496 <para>A bug in &man.rarpd.8; that prevents it from working properly 1497 when a interface has more than one IP address has been fixed. 1498 &merged;</para> 1499 1500 <para>&man.regex.3; now supports regular expression matching aware 1501 of multibyte characters.</para> 1502 1503 <para>The configuration files used by the &man.resolver.3; now 1504 support the <literal>timeout:</literal> and 1505 <literal>attempts:</literal> keywords.</para> 1506 1507 <para>The &man.resolver.3; and associated interfaces are now much 1508 more reentrant and thread-safe. Multiple DNS lookups can now be 1509 run at the same time, showing major improvements in the 1510 performance of some multi-threaded applications. Some 1511 multi-threaded programs need to be recompiled; examples from the 1512 Ports Collection are <filename 1513 role="package">www/mozilla</filename> and variants, <filename 1514 role="package">mail/evolution</filename>, <filename 1515 role="package">devel/gnomevfs</filename>, and <filename 1516 role="package">devel/gnomevfs2</filename>.</para> 1517 1518 <para>&man.rmdir.1; now supports a <option>-v</option> flag, 1519 which makes it verbose.</para> 1520 1521 <para>&man.savecore.8; now works correctly for dump files larger 1522 than 2GB.</para> 1523 1524 <para>A bug in &man.script.1; has been fixed so that it now works 1525 correctly if the standard input is closed. This fix prevents a 1526 potentially dangerous interaction with the <filename 1527 role="package">sysutils/portupgrade</filename> package; if it was 1528 run non-interactively, it could remove all out-of-date 1529 ports without reinstalling them.</para> 1530 1531 <para>The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon 1532 has been added.</para> 1533 1534 <para>&man.sed.1; <literal>y</literal> (translate) command 1535 now supports multibyte characters.</para> 1536 1537 <para>The &man.sha1.1; and &man.rmd160.1; utilities have been added. 1538 Similar to &man.md5.1;, they calculate a message digest of their 1539 inputs. 1540 &merged;</para> 1541 1542 <para>&man.smbmsg.8;, a small utility to send/receive SMBus messages, 1543 has been added.</para> 1544 1545 <para arch="sparc64">&man.sunlabel.8; now supports two new flags: 1546 <option>-c</option> to calculate all partition sizes 1547 in cylinders as opposed to sectors, and 1548 <option>-h</option> to print the label in human readable 1549 size/offset format.</para> 1550 1551 <para>&man.talk.1; now use <hostid>localhost</hostid> 1552 as a default machine name in &man.talkd.8; 1553 request packets, when the destination and source are local. 1554 This makes &man.talk.1; dependent on a valid host entry 1555 for <hostid>localhost</hostid> in <filename>/etc/hosts</filename> 1556 or the DNS.</para> 1557 1558 <para>&man.tftpd.8; now supports two new options: 1559 a <option>-w</option> option allows new files to be created, 1560 and a <option>-U</option> option allows the umask to be set.</para> 1561 1562 <para>&man.top.1; now supports to display the current amount 1563 of I/O. This feature can be enabled by hitting <quote>m</quote> 1564 or passing the command line option <option>-m io</option>.</para> 1565 1566 <para arch="amd64">&man.truss.1; now includes early support 1567 for &os;/amd64.</para> 1568 1569 <para>Many userland utilities in the base system (mostly GNU 1570 contributed utilities) now use the system version of 1571 &man.getopt.long.3;, rather than the GNU version.</para> 1572 1573 <sect3 id="rc-scripts"> 1574 <title><filename>/etc/rc.d</filename> Scripts</title> 1575 1576 <para>The <filename>diskless</filename> script has been 1577 split out into <filename>hostname</filename>, 1578 <filename>resolve</filename>, <filename>tmp</filename>, and 1579 <filename>var</filename> scripts.</para> 1580 1581 <para>The <filename>gbde_swap</filename> script, which supports 1582 gbde-enabled swap devices has been added. 1583 When the <varname>gbde_swap_enable</varname> variable is specified 1584 in &man.rc.conf.5;, a swap device named 1585 <filename>/dev/<replaceable>foo.bde</replaceable></filename> 1586 in &man.fstab.5; 1587 is automatically attached at boot time with the device 1588 <filename>/dev/<replaceable>foo</replaceable></filename> 1589 and a random key, which 1590 generated by computing the MD5 checksum of 512 bytes read 1591 from <filename>/dev/random</filename>. 1592 Note that this prevents recovery of kernel dumps.</para> 1593 1594 <para>The <varname>ip6addrctl_enable</varname> and 1595 <varname>ip6addrctl_verbose</varname> have been added. 1596 When <varname>ip6addrctl_enable</varname> is set 1597 to <literal>YES</literal>, 1598 the address selection policy is installed into the kernel. 1599 If there is <filename>/etc/ip6addrctl.conf</filename> 1600 it will be used, otherwise a default policy will be installed. 1601 The default policy is one described in RFC 3484 when 1602 <varname>ipv6_enable</varname> is set to <literal>YES</literal>. 1603 Otherwise, the priority policy for IPv4 address will be used 1604 as a default policy.</para> 1605 1606 <para>The <filename>mixer</filename> script has been added. 1607 It saves the current settings of all audio mixers present 1608 in the system on shutdown and restores the settings on boot.</para> 1609 1610 <para>The <filename>pf</filename> and <filename>pflog</filename> 1611 scripts for &man.pf.4; has been added.</para> 1612 </sect3> 1613 </sect2> 1614 1615 <sect2 id="contrib"> 1616 <title>Contributed Software</title> 1617 1618 <para>The <application>ACPI-CA</application> code has been updated 1619 from the 20030619 snapshot to the 20040527 snapshot.</para> 1620 1621 <para>The <application>AMD (am-utils)</application> has been updated 1622 from version 6.0.9 to version 6.0.10p1.</para> 1623 1624 <para><application>awk</application> from Bell Labs has been 1625 updated from the 29 July 2003 release to the 7 February 2004 1626 release.</para> 1627 1628 <para><application>Binutils</application> have been updated to 1629 a 23 May 2004 snapshot from the FSF 2.15 branch.</para> 1630 1631 <para><application>CVS</application> has been updated from 1632 version 1.11.15 to version 1.11.17. &merged;</para> 1633 1634 <para>The <application>FILE</application> has been 1635 updated from version 3.41 to version 4.10.</para> 1636 1637 <para><application>gdtoa</application> (a library that performs 1638 conversions of numbers between binary and decimal form) has been 1639 updated from version 20030324 to version 20040118.</para> 1640 1641 <para><application>GDB</application> has been updated to version 1642 6.1.1.</para> 1643 1644 <para><application>GNU GCC</application> has been updated from 1645 3.3.3-prerelease as of 6 November, 2003 to 3.4.2-prerelease as of 28 July, 2004.</para> 1646 1647 <para><application>GNU grep</application> has been updated from 1648 version 2.4d to version 2.5.1.</para> 1649 1650 <para><application>less</application> has been updated from 1651 version 371 to version 381.</para> 1652 1653 <para><application>GNU readline</application> 4.3 has been updated 1654 with official patches 001 through 005.</para> 1655 1656 <para>The <application>GNU regex</application> library has been 1657 updated to the version included with <application>GNU 1658 grep</application> 2.5.1.</para> 1659 1660 <para><application>GNU sort</application> has been updated from 1661 textutils 2.1 to a coreutils snapshot as of 12 August, 2004.</para> 1662 1663 <para>The <application>GNU tar</application> implementation in the 1664 base system is now called <filename>gtar</filename>.</para> 1665 1666 <para><application>Heimdal Kerberos</application> has been 1667 updated from version 0.6 to version 0.6.1.</para> 1668 1669 <para>The <application>ISC DHCP</application> client has been 1670 updated from version 3.0.1 RC10 to version 3.0.1.</para> 1671 1672 <para><application>libpcap</application> has been updated from 1673 version 0.7.1 to version 0.8.3.</para> 1674 1675 <para><application>lukemftp</application> 1676 has been updated from a snapshot as of 1677 3 November, 2003 to one as of 9 August, 2004.</para> 1678 1679 <para><application>NTP</application> 1680 has been updated from version 4.1.1a to version 4.2.0.</para> 1681 1682 <para><application>OpenPAM</application> has been updated from the 1683 Dogwood release to the Eelgrass release.</para> 1684 1685 <para><application>OpenSSH</application> has been updated from 1686 version 3.6.1p1 to version 3.8.1p1. 1687 1688 <note> 1689 <para>The configuration defaults for &man.sshd.8; have been 1690 changed. SSH protocol version 1 is no longer enabled by 1691 default. In addition, password authentication over SSH is 1692 disabled by default if PAM is enabled.</para> 1693 </note> 1694 </para> 1695 1696 <para><application>OpenSSL</application> has been updated from 1697 version 0.9.7c to version 0.9.7d. &merged;</para> 1698 1699 <para><application>OpenSSL</application> VIA C3 Nehemiah 1700 PadLock ACE (Advanced Cryptography Engine) crypto support, 1701 which provides Advanced Encryption Standard (AES) encryption, 1702 has been imported from a prerelease version 1703 of <application>OpenSSL</application>.</para> 1704 1705 <para><application>pf</application>, OpenBSD's packet filter as of 1706 OpenBSD 3.5-stable, has been imported into &os; source tree and is now installed 1707 by default. Two new users (<username>proxy</username> and 1708 <username>_pflogd</username>) and three new 1709 groups (<username>authpf</username>, <username>proxy</username>, 1710 and <username>_pflogd</username>), 1711 which <application>pf</application> needs, have been added as well.</para> 1712 1713 <note> 1714 <para>On upgrading from source, these user accounts must be 1715 added in advance. <literal>mergemaster -p</literal> can be 1716 used to assist in creating the proper entries in the 1717 &man.passwd.5; and &man.group.5; files. 1718 The <varname>NO_PF</varname> variable 1719 in <filename>make.conf</filename> can be used to prevent 1720 <application>pf</application> from building.</para> 1721 </note> 1722 1723 <para>Several userland utilities of OpenBSD's 1724 <application>pf</application> have been imported. 1725 &man.ftp-proxy.8; is an ftp proxy for &man.pf.4;, 1726 &man.pfctl.8; is an equivalent to &man.ipf.8;, 1727 &man.pflogd.8; is a daemon logging packets via <literal>if_pflog</literal> 1728 in &man.pcap.3; format, and 1729 &man.authpf.8; is an authentication shell 1730 to modify &man.pf.4; rulesets.</para> 1731 1732 <para><application>routed</application> has been updated from 1733 release 2.22 to release 2.27 from rhyolite.com. Note that for 1734 users relying on RIP's MD5 authentication feature, 1735 &man.routed.8; routed is now incompatible with previous versions 1736 of &os;; however it is now compatible with implementations from 1737 Sun, Cisco and other vendors.</para> 1738 1739 <para><application>sendmail</application> has been updated from 1740 version 8.12.10 to version 8.13.1. &merged;</para> 1741 1742 <para><application>tcpdump</application> has been updated from 1743 version 3.7.1 to version 3.8.3.</para> 1744 1745 <para><application>tcsh</application> has been updated from 1746 version 6.11 to version 6.13.00.</para> 1747 1748 <para>The timezone database has been updated from 1749 <filename>tzdata2003a</filename> to 1750 <filename>tzdata2004a</filename>.</para> 1751 1752 <para><application>zlib</application> has been updated 1753 from version 1.1.4 to version 1.2.1.</para> 1754 </sect2> 1755 1756 <sect2 id="ports"> 1757 <title>Ports/Packages Collection Infrastructure</title> 1758 1759 <para>Most of startup/shutdown scripts installed by 1760 various ports now use the new &man.rc.8; framework 1761 introduced in &os; 5.<replaceable>X</replaceable>, while some ports still use the 1762 old-style scripts. On startup, the new &man.rc.8; style scripts 1763 are executed first and then the old-style scripts. 1764 On shutdown, exactly the reverse happens.</para> 1765 1766 <para>The <literal>SIZE</literal> attribute for distfiles, 1767 which can be used for checking file sizes before fetching, 1768 has been added and enabled by default. 1769 <varname>DISABLE_SIZE</varname> is a user control knob 1770 to disable the distfile size checking. This is especially 1771 useful on old &os; versions which did not have &man.fetch.1; 1772 support for this, and for some FTP proxies which always 1773 report incorrect or bogus sizes.</para> 1774 1775 <para>Two new files have been added to the ports tree to track 1776 note-worthy changes: <filename>ports/CHANGES</filename> lists 1777 major changes to the Ports Collection and its infrastructure. 1778 <filename>ports/UPDATING</filename> describes some potential 1779 pitfalls that can be encountered when updating certain ports, 1780 analogous to <filename>src/UPDATING</filename> for the base 1781 system.</para> 1782 1783 <para>The version number parsing code has been rewritten in the 1784 system <filename>pkg_*</filename> tools, restoring compatibility 1785 with 4.x and 1786 <filename role="package">sysutils/portupgrade</filename>.</para> 1787 1788 <para>The package tools can now match packages with relational 1789 operators and csh-style <literal>{...}</literal> 1790 choices. For example:</para> 1791 1792 <screen>&prompt.root; <userinput>pkg_info -I 'docbook>=3.0'</userinput></screen> 1793 1794 <para>will list (all) docbook DTDs with at least version 3.0. 1795 Additional command line options have also been added to aid 1796 pattern matching.</para> 1797 1798 <para>The package tools have improved handling of corrupt package 1799 databases.</para> 1800 1801 <para>&man.pkg.create.1; now supports a <option>-S</option> 1802 option to make all <literal>@cwd</literal> be prefixed 1803 during package creation.</para> 1804 1805 <para>&man.pkg.info.1; now supports a <option>-j</option> 1806 option to show the requirements script for each package.</para> 1807 </sect2> 1808 1809 <sect2 id="releng"> 1810 <title>Release Engineering and Integration</title> 1811 1812 <para arch="i386,pc98">The building process for boot floppy images 1813 has been completely overhauled. The most significant change is 1814 that the loader now boots a stock <filename>GENERIC</filename> 1815 kernel split across multiple disks (two at the time of this 1816 writing). This greatly improves installations that begin with a 1817 boot from floppy disk, because they now use exactly the same 1818 kernel (and thus support the same hardware) as CDROM 1819 installations. The stripped-down <filename>MFSROOT</filename> 1820 kernel is no longer needed, and the <filename>mfsroot</filename> 1821 image no longer requires kernel modules. The 1822 <filename>boot.flp</filename> and 1823 <filename>driver.flp</filename> images are also obsolete and no 1824 longer built.</para> 1825 1826 <para>&os; cryptography support is no longer an optional component 1827 of releases, and the <literal>crypto</literal> release distribution 1828 is now part of <literal>base</literal>. 1829 Note that the <option>-DNOCRYPT</option> build option still 1830 exists for anyone who really wants to build non-cryptographic 1831 binaries. </para> 1832 1833 <para>The supported release of <application>GNOME</application> 1834 has been updated from version 2.4 to version 2.6.2. 1835 1836 <note> 1837 <para>If you are using the older <application>GNOME</application> 1838 desktop itself (<filename role="package">x11/gnome2</filename>), simply upgrading it from the &os; Ports Collection 1839 with 1840 &man.portupgrade.1; 1841 (<filename role="package">sysutils/portupgrade</filename>) 1842 will cause serious problems. 1843 If you are a <application>GNOME</application> desktop user, 1844 please read the instructions carefully at 1845 <ulink url="&url.base;/gnome/docs/faq26.html"></ulink>, 1846 and use the <filename>gnome_upgrade.sh</filename> script to 1847 properly upgrade to <application>GNOME</application> 2.6.</para> 1848 1849 <para>Note that if you are just a casual user of some of the 1850 <application>GNOME</application> libraries, 1851 &man.portupgrade.1; should be sufficient 1852 to update your ports.</para> 1853 </note> 1854 </para> 1855 1856 <para>The supported release of <application>KDE</application> 1857 has been updated from version 3.1.4 to version 3.3.0.</para> 1858 1859 <para>The <filename role="package">security/portaudit</filename> utility 1860 has been added to the &os; Ports Collection. This utility will read a database 1861 containing known ports vulnerabilities and report them to the 1862 administrator.</para> 1863 1864 <para>&os; now uses <application>Xorg</application> instead of 1865 <application>XFree86</application> as the default X Window System. 1866 The supported release is <application>Xorg</application> X11R6.7.0. 1867 Note that <application>XFree86</application> is also available in the &os; 1868 Ports Collection (<filename role="package">x11/XFree86-4</filename>).</para> 1869 </sect2> 1870 1871 <sect2 id="doc"> 1872 <title>Documentation</title> 1873 1874 <para></para> 1875 1876 </sect2> 1877</sect1> 1878 1879<sect1 id="upgrade"> 1880 <title>Upgrading from previous releases of &os;</title> 1881 1882 <para>Users with existing &os; systems are 1883 <emphasis>highly</emphasis> encouraged to read the <quote>Early 1884 Adopter's Guide to &os; &release.current;</quote>. This document generally has 1885 the filename <filename>EARLY.TXT</filename> on the distribution 1886 media, or any other place that the release notes can be found. It 1887 offers some notes on upgrading, but more importantly, also 1888 discusses some of the relative merits of upgrading to &os; 1889 5.<replaceable>X</replaceable> versus running &os; 1890 4.<replaceable>X</replaceable>.</para> 1891 1892 <important> 1893 <para>Upgrading &os; should, of course, only be attempted after 1894 backing up <emphasis>all</emphasis> data and configuration 1895 files.</para> 1896 </important> 1897</sect1> 1898