article.xml revision 145112
1<articleinfo> 2 <title>&os;/&arch; &release.current; Release Notes</title> 3 4 <corpauthor>The &os; Project</corpauthor> 5 6 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 145112 2005-04-15 14:27:26Z simon $</pubdate> 7 8 <copyright> 9 <year>2000</year> 10 <year>2001</year> 11 <year>2002</year> 12 <year>2003</year> 13 <year>2004</year> 14 <year>2005</year> 15 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder> 16 </copyright> 17 18 <legalnotice id="trademarks" role="trademarks"> 19 &tm-attrib.freebsd; 20 &tm-attrib.ibm; 21 &tm-attrib.ieee; 22 &tm-attrib.intel; 23 &tm-attrib.sparc; 24 &tm-attrib.general; 25 </legalnotice> 26 27 <abstract> 28 <para>The release notes for &os; &release.current; contain a summary 29 of the changes made to the &os; base system since &release.branch; is created. 30 This document lists applicable security advisories that were issued since 31 the last release, as well as significant changes to the &os; 32 kernel and userland. 33 Some brief remarks on upgrading are also presented.</para> 34 </abstract> 35</articleinfo> 36 37<sect1 id="intro"> 38 <title>Introduction</title> 39 40 <para>This document contains the release notes for &os; 41 &release.current; on the &arch.print; hardware platform. It 42 describes recently added, changed, or deleted features of &os;. 43 It also provides some notes on upgrading 44 from previous versions of &os;.</para> 45 46<![ %release.type.current [ 47 48 <para>The &release.type; distribution to which these release notes 49 apply represents the latest point along the &release.branch; development 50 branch since &release.branch; was created. Information regarding pre-built, binary 51 &release.type; distributions along this branch 52 can be found at <ulink url="&release.url;"></ulink>.</para> 53 54]]> 55 56<![ %release.type.snapshot [ 57 58 <para>The &release.type; distribution to which these release notes 59 apply represents a point along the &release.branch; development 60 branch between &release.prev; and the future &release.next;. 61 Information regarding 62 pre-built, binary &release.type; distributions along this branch 63 can be found at <ulink url="&release.url;"></ulink>.</para> 64 65]]> 66 67<![ %release.type.release [ 68 69 <para>This distribution of &os; &release.current; is a 70 &release.type; distribution. It can be found at <ulink 71 url="&release.url;"></ulink> or any of its mirrors. More 72 information on obtaining this (or other) &release.type; 73 distributions of &os; can be found in the <ulink 74 url="&url.books.handbook;/mirrors.html"><quote>Obtaining 75 &os;</quote> appendix</ulink> to the <ulink 76 url="&url.books.handbook;/">&os; 77 Handbook</ulink>.</para> 78 79]]> 80 81 <para>All users are encouraged to consult the release errata before 82 installing &os;. The errata document is updated with 83 <quote>late-breaking</quote> information discovered late in the 84 release cycle or after the release. Typically, it contains 85 information on known bugs, security advisories, and corrections to 86 documentation. An up-to-date copy of the errata for &os; 87 &release.current; can be found on the &os; Web site.</para> 88 89</sect1> 90 91<sect1 id="new"> 92 <title>What's New</title> 93 94 <para>This section describes 95 the most user-visible new or changed features in &os; 96 since &release.prev;. 97 In general, changes described here are unique to the &release.branch; 98 branch unless specifically marked as &merged; features. 99 </para> 100 101 <para>Typical release note items 102 document recent security advisories issued after 103 &release.prev.historic;, 104 new drivers or hardware support, new commands or options, 105 major bug fixes, or contributed software upgrades. They may also 106 list changes to major ports/packages or release engineering 107 practices. Clearly the release notes cannot list every single 108 change made to &os; between releases; this document focuses 109 primarily on security advisories, user-visible changes, and major 110 architectural improvements.</para> 111 112 <sect2 id="security"> 113 <title>Security Advisories</title> 114 115 <para>A bug in the &man.fetch.1; utility, which allows 116 a malicious HTTP server to cause arbitrary portions of the client's 117 memory to be overwritten, has been fixed. 118 For more information, see security advisory 119 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:16.fetch.asc">FreeBSD-SA-04:16.fetch</ulink>. 120 &merged;</para> 121 122 <para>A bug in &man.procfs.5; and &man.linprocfs.5; 123 which could allow a malicious local user to read parts of kernel 124 memory or perform a local 125 denial of service attack by causing a system panic, 126 has been fixed. 127 For more information, see security advisory 128 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc">FreeBSD-SA-04:17.procfs</ulink>. 129 &merged;</para> 130 131 <para>Two buffer overflows in the TELNET client program have been 132 corrected. They could have allowed a malicious TELNET server or 133 an active network attacker to cause &man.telnet.1; to execute 134 arbitrary code with the privileges of the user running it. 135 More information can be found in security advisory 136 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc">FreeBSD-SA-05:01.telnet</ulink>. 137 &merged;</para> 138 139 <para>A information disclosure vulnerability in the 140 &man.sendfile.2; system call, which could permit it to transmit 141 random parts of kernel memory, has been fixed. More details are 142 in security advisory 143 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc">FreeBSD-SA-05:02.sendfile</ulink>. 144 &merged;</para> 145 146 <para>A possible privilege escalation vulnerability on &os;/amd64 147 has been fixed. This allows unprivileged users to gain direct 148 access to some hardware which cannot be accessed 149 without the elevated privilege level. More details are in security advisory 150 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc">FreeBSD-SA-05:03.amd64</ulink>. 151 &merged;</para> 152 153 <para>An information leak vulnerability in the 154 <literal>SIOCGIFCONF</literal> &man.ioctl.2;, which leaked 12 155 bytes of kernel memory, has been fixed. More details are in security advisory 156 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc">FreeBSD-SA-05:04.ifconf</ulink>. 157 &merged;</para> 158 159 </sect2> 160 161 <sect2 id="kernel"> 162 <title>Kernel Changes</title> 163 164 <para arch="i386">Support for 80386 processors (the 165 <literal>I386_CPU</literal> kernel configuration option) has 166 been removed. Users running this class of CPU should use &os; 167 5.<replaceable>X</replaceable> or earlier.</para> 168 169 <para>The kernel debugger &man.ddb.4; now supports a 170 <command>show alllocks</command> command, which dumps a list of processes 171 and threads currently holding sleep mutexes (and spin mutexes for 172 the current thread). &merged;</para> 173 174 <para>The &man.jail.8; feature now supports a new sysctl 175 <varname>security.jail.chflags_allowed</varname>, which controls the 176 behavior of &man.chflags.1; within a jail. 177 If set to <literal>0</literal> (the default), then a jailed <username>root</username> user is 178 treated as an unprivileged user; if set to <literal>1</literal>, then 179 a jailed root user is treated the same as an unjailed <username>root</username> user. &merged;</para> 180 181 <para arch="alpha,amd64,i386,sparc64">The loader tunable <varname>debug.mpsafevm</varname> 182 has been enabled by default. &merged;</para> 183 184 <para>&man.memguard.9;, a kernel memory allocator designed to help detect 185 <quote>tamper-after-free</quote> scenarios, has been added. 186 This must be explicitly enabled via <literal>options 187 DEBUG_MEMGUARD</literal>, plus small kernel modifications. It 188 is generally intended for use by kernel developers.</para> 189 190 <para>A number of bugs have been fixed in the ULE 191 scheduler. &merged;</para> 192 193 <para>Fine-grained locking to allow much of the VFS stack to run 194 without the Giant lock has been added. This is enabled by default 195 on the alpha, amd64, and i386 architectures, and can be disabled 196 by setting the loader tunable (and sysctl variable) 197 <varname>debug.mpsafevfs</varname> to 198 <literal>0</literal>.</para> 199 200 <para arch="i386">A bug in Inter-Processor Interrupt (IPI) 201 handling, which could cause SMP systems to crash under heavy 202 load, has been fixed. More details are contained in errata note 203 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:03.ipi.asc">FreeBSD-EN-05:03.ipi</ulink>. 204 &merged;</para> 205 206 <para>System V IPC objects (message queues, semaphores, and shared 207 memory) now have support for Mandatory Access Control policies, 208 notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and 209 &man.mac.test.4;.</para> 210 211 <para arch="i386">Memory allocation for legacy PCI bridges has 212 been limited to the top 32MB of RAM. Many older, legacy bridges 213 only allow allocation from this range. This change only applies 214 to devices which do not have their memory assigned by the BIOS. 215 This change fixes the <quote>bad Vcc</quote> error of CardBus 216 bridges (&man.pccbb.4;). &merged;</para> 217 218 <para>The &man.sysctl.3; MIBs beginning with <quote>debug</quote> 219 now require the kernel option <literal>options SYSCTL_DEBUG</literal>. 220 This option is disabled by default.</para> 221 222 <para>The generic &man.tty.4; driver interface has been added 223 and many device drivers including 224 &man.cx.4; (<literal>{tty,cua}x</literal>), 225 &man.cy.4; (<literal>{tty,cua}c</literal>), 226 &man.digi.4; (<literal>{tty,cua}D</literal>), 227 &man.rc.4; (<literal>{tty,cua}m</literal>), 228 &man.rp.4; (<literal>{tty,cua}R</literal>), 229 &man.sab.4; (<literal>{tty,cua}z</literal>), 230 &man.si.4; (<literal>{tty,cua}A</literal>), 231 &man.sio.4; (<literal>{tty,cua}d</literal>), 232 sx (<literal>{tty,cua}G</literal>), 233 &man.uart.4; (<literal>{tty,cua}u</literal>), 234 &man.ubser.4; (<literal>{tty,cua}y</literal>), 235 &man.ucom.4; (<literal>{tty,cua}U</literal>), and 236 &man.ucycom.4; (<literal>{tty,cua}y</literal>) 237 have been rewritten to use it. Note that <filename>/etc/remote</filename> 238 and <filename>/etc/ttys</filename> have been updated as well.</para> 239 240 <para>The &man.vkbd.4; driver has been added. This driver 241 provides a software loopback mechanism that can implement 242 a virtual AT keyboard similar to what the &man.pty.4; driver 243 does for terminals.</para> 244 245 <!-- Above this line, sort kernel changes by manpage/keyword--> 246 247 <para arch="i386,amd64,ia64">The default <varname>HZ</varname> 248 parameter (which controls various kernel timers) has been 249 increased from <literal>100</literal> to <literal>1000</literal> 250 on the i386 and ia64. It has been reduced from 251 <literal>1024</literal> to <literal>1000</literal> on the amd64 252 to reduce synchronization effects with other system 253 clocks.</para> 254 255 <para>The maximum length of shell commands has changed from 128 256 bytes to <varname>PAGE_SIZE</varname>. By default, this value 257 is either 4KB (i386, pc98, amd64, and powerpc) or 8KB (sparc64 258 and ia64). As a result, compatibility modules need to be 259 rebuilt to stay synchronized with data structure changes in the 260 kernel.</para> 261 262 <sect3 id="boot"> 263 <title>Boot Loader Changes</title> 264 265 <para arch="i386">A serial console-capable version of 266 <filename>boot0</filename> has been added. It can be written 267 to a disk using &man.boot0cfg.8; and specifying 268 <filename>/boot/boot0sio</filename> as the argument to the 269 <option>-b</option> option.</para> 270 271 <para arch="i386"><filename>cdboot</filename> now works around a 272 BIOS problem observed on some systems when booting from USB 273 CDROM drives.</para> 274 275 <para>The <command>autoboot</command> loader command 276 now supports the prompt parameter.</para> 277 278 <para>A loader menu option to set <varname>hint.atkbd.0.flags=0x1</varname> 279 has been added. This setting allows USB keyboards to work 280 if no PS/2 keyboard is attached.</para> 281 282 <para>The beastie boot menu has been disabled by default.</para> 283 284 <!-- Above this line, order boot loader changes by keyword--> 285 286 </sect3> 287 288 <sect3 id="proc"> 289 <title>Hardware Support</title> 290 291 <para arch="i386,amd64">The &man.acpi.4; driver now turns 292 the ACPI and PCI devices off or to a lower power state 293 when suspending, and back on again when resuming. 294 This behavior can be disabled by 295 setting the <varname>debug.acpi.do_powerstate</varname> and 296 <varname>hw.pci.do_powerstate</varname> sysctls to <literal>0</literal>.</para> 297 298 <para arch="i386,amd64">The acpi_ibm driver for IBM laptops 299 has been added.</para> 300 301 <para arch="i386,amd64">The &man.acpi.fujitsu.4; driver for handling 302 &man.acpi.4;-controlled buttons Fujitsu laptops has been added.</para> 303 304 <para arch="i386,amd64">The acpi_sony driver, 305 which supports the Sony Notebook Controller on various 306 Sony laptops has been added.</para> 307 308 <para arch="sparc64">The &man.auxio.4; driver has been to drive 309 some auxiliary I/O functions found on various SBus/EBus 310 &ultrasparc; models. &merged;</para> 311 312 <para arch="sparc64">The clkbrd driver has been added to support 313 the <literal>clock-board</literal> device frequently found on 314 Sun E<replaceable>xx</replaceable>00 servers.</para> 315 316 <para>A framework for flexible processor speed control has been 317 added. It provides methods for various drivers to control CPU 318 power utilization by adjusting the processor speed. More 319 details can be found in the &man.cpufreq.4; manual page. &merged; 320 Currently supported drivers include ichss (Intel SpeedStep for ICH), 321 acpi_perf (ACPI CPU performance states), and acpi_throttle 322 (ACPI CPU throttling). The latter two drivers are contained 323 in the &man.acpi.4; driver. These can individually be disabled by setting device 324 hints such as <varname>hint.<replaceable>ichss</replaceable>.0.disabled="1"</varname>.</para> 325 326 <para arch="i386">Support for the OLDCARD subsystem has 327 been removed. The NEWCARD system is now used for all PCCARD 328 device support.</para> 329 330 <para>The pcii driver has been added to support GPIB-PCIIA IEEE-488 331 cards. &merged;</para> 332 333 <para>The &man.atkbd.4; driver now supports a <literal>0x8</literal> 334 (bit 3) flag to disable testing the keyboard port during 335 the device probe as this can cause hangs on some machines, 336 specifically Compaq R3000Z series amd64 laptops.</para> 337 338 <para arch="i386">The &man.pbio.4; driver, 339 which supports direct access to 340 the Intel 8255A programmable peripheral interface (PPI) 341 chip running in mode 0 (simple I/O) has been added.</para> 342 343 <para>The &man.psm.4; driver now has improved support for 344 Synaptics Touchpad users. It now has better tracking of 345 slow-speed movement and support for various extra 346 buttons and dials. These features can be tuned with the 347 <varname>hw.psm.synaptics.<replaceable>*</replaceable></varname> 348 hierarchy of sysctl variables.</para> 349 350 <para arch="sparc64">The rtc driver has been added to support 351 the MC146818-compatible clock found on some &ultrasparc; II 352 and III models. &merged;</para> 353 354 <para arch="sparc64">The &man.uart.4; driver is now enabled in 355 the <filename>GENERIC</filename> kernel, and is now the 356 default driver for serial ports. The ofw_console and 357 &man.sab.4; drivers are now disabled in the 358 <filename>GENERIC</filename> kernel. &merged;</para> 359 360 <para>The &man.uplcom.4; driver now supports handling of the 361 <literal>CTS</literal> signal.</para> 362 363 <para>The &man.ehci.4; driver has been improved.</para> 364 365 <para arch="sparc64">The zs driver has been removed 366 in favor of the &man.uart.4; driver.</para> 367 368 <sect4 id="mm"> 369 <title>Multimedia Support</title> 370 371 <para arch="sparc64">The &man.snd.audiocs.4; driver has been 372 added to support the Crystal Semiconductor CS4231 audio 373 controller found on &ultrasparc; 374 workstations. &merged;</para> 375 376 <para>The &man.uaudio.4; driver now has some added 377 functionality, including volume control on more inputs and 378 recording capability on some devices.</para> 379 380 </sect4> 381 382 <sect4 id="net-if"> 383 <title>Network Interface Support</title> 384 385 <para>The &man.ath.4; driver has been updated to split the 386 transmit rate control algorithm into a separate module. 387 One of <literal>device ath_rate_onoe</literal>, 388 <literal>device ath_rate_amrr</literal>, or 389 <literal>device ath_rate_sample</literal> must be included in 390 the kernel configuration when using the &man.ath.4; 391 driver.</para> 392 393 <para>The &man.bge.4; driver now supports the &man.altq.4; 394 framework.</para> 395 396 <para>The &man.cdce.4; USB Communication Device Class Ethernet 397 driver has been added. &merged;</para> 398 399 <para>The &man.cp.4; driver is now MPSAFE. &merged;</para> 400 401 <para>The &man.ctau.4; driver is now MPSAFE. &merged;</para> 402 403 <para>The &man.cx.4; driver is now MPSAFE. &merged;</para> 404 405 <para>The &man.dc.4; driver now supports the &man.altq.4; framework.</para> 406 407 <para>The &man.ed.4; driver now supports the &man.altq.4; 408 framework. &merged;</para> 409 410 <para>In the &man.em.4; driver, hardware support for VLAN 411 tagging is now disabled by default due to some interactions 412 between this feature and promiscuous mode. &merged;</para> 413 414 <para>Ethernet flow control is now disabled by default in the 415 &man.fxp.4; driver, to prevent problems with a system panics 416 or is left in the kernel debugger. &merged;</para> 417 418 <para>The gx(4) driver has been removed because 419 it is no longer maintained actively and 420 the &man.em.4; driver supports all of the supported hardware.</para> 421 422 <para>The &man.hme.4; driver is now MPSAFE. &merged;</para> 423 424 <para>The &man.ixgb.4; driver is now MPSAFE.</para> 425 426 <para arch="amd64">The &man.ndis.4; device driver wrapper now 427 supports &windows;/x86-64 binaries on amd64 428 systems. &merged;</para> 429 430 <para arch="i386,amd64">The nve driver, which supports the 431 nVidia nForce MCP Networking Adapter, has been added.</para> 432 433 <para>The &man.re.4; driver now supports the &man.altq.4; 434 framework. &merged;</para> 435 436 <para>The &man.sf.4; driver now has support for device polling 437 and &man.altq.4;. &merged;</para> 438 439 <para>Several programming errors in the &man.sk.4; driver have 440 been corrected. These bugs were particular to SMP systems, and 441 could cause panics, page faults, aborted SSH connections, or 442 corrupted file transfers. More details can be found in 443 errata note 444 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:02.sk.asc">FreeBSD-EN-05:02.sk</ulink>. 445 &merged;</para> 446 447 <para>The &man.sk.4; driver now has support for &man.altq.4;. 448 This driver also now supports jumbo frames on Yukon-based 449 interfaces. &merged;</para> 450 451 <para>The &man.vge.4; driver now has support for device polling 452 (&man.polling.4;).</para> 453 454 <para>Support for 802.11 devices in the &man.wlan.4; framework has been 455 greatly overhauled. In addition to architectural changes, 456 it includes completed 802.11g, WPA, 802.11i, 802.1x, 457 WME/WMM, AP-side power-saving, and plugin frameworks for 458 cryptography modules, authenticators, and access control. 459 Note in particular that WEP now requires the 460 <filename>wlan_wep</filename> module to be loaded (or 461 compiled) into the kernel.</para> 462 463 <para>The &man.xl.4; driver now supports 464 &man.polling.4;.</para> 465 466 </sect4> 467 </sect3> 468 469 <sect3 id="net-proto"> 470 <title>Network Protocols</title> 471 472 <para>The MTU feedback in IPv6 has been disabled when the sender writes 473 data that must be fragmented. &merged;</para> 474 475 <para>The Common Address Redundancy Protocol (CARP) has 476 been implemented. CARP comes from OpenBSD and allows 477 multiple hosts to share an IP address, providing 478 high availability and load balancing. 479 For more information, see the &man.carp.4; manual page. &merged;</para> 480 481 <para>The &man.ipfw.4; <literal>IPDIVERT</literal> option is now 482 available as a kernel loadable module. 483 If this module is not loaded, &man.ipfw.4; will refuse to 484 install <literal>divert</literal> rules and &man.natd.8; 485 will return the error message <quote>protocol not supported</quote>.</para> 486 487 <para>The &man.ipfw.4; system can work with 488 <varname>debug.mpsafenet</varname>=<literal>1</literal> 489 (this tunable is <literal>1</literal> by default) 490 when the <literal>gid</literal>, <literal>jail</literal>, 491 and/or <literal>uid</literal> rule options are used. &merged;</para> 492 493 <para>&man.ipfw.8; now supports classification and tagging 494 of &man.altq.4; packets via a divert socket, 495 as well as the TCP data length.</para> 496 497 <para>The &man.ipfw.8; <literal>ipfw fwd</literal> rule now supports 498 the full packet destination manipulation when the kernel option 499 <literal>options IPFIREWALL_FORWARD_EXTENDED</literal> is specified 500 in addition to <literal>options IPFIRWALL_FORWARD</literal>. 501 This kernel option disables all restrictions to ensure proper 502 behavior for locally generated packets and allows redirection of 503 packets destined to locally configured IP addresses. 504 Note that &man.ipfw.8; rules have to be carefully crafted to 505 make sure that things like PMTU discovery do not break. &merged;</para> 506 507 <para>&man.ipnat.8; now allows redirect rules to 508 work for non-TCP/UDP packets. &merged;</para> 509 510 <para>Ongoing work is reducing the use of the Giant lock by the 511 network protocol stack and improving the locking 512 strategies.</para> 513 514 <para>A new &man.ng.ipfw.4; NetGraph node provides 515 a simple interface between the &man.ipfw.4; and &man.netgraph.4; 516 facilities.</para> 517 518 <para>A new &man.ng.netflow.4; NetGraph node allows a router 519 running &os; to do NetFlow version 5 exports. &merged;</para> 520 521 <para>The &man.sppp.4; driver now includes Frame Relay 522 support. &merged;</para> 523 524 <para>The &man.sppp.4; driver is now MPSAFE.</para> 525 526 <para>A bug in TCP that sometimes caused RST packets to 527 be ignored if the receive window was zero bytes has been 528 fixed. &merged;</para> 529 530 <para>The <literal>RST</literal> 531 handling of the &os; TCP stack has been improved 532 to make reset attacks as difficult as possible while 533 maintaining compatibility with the widest range of TCP stacks. 534 The algorithm is as follows: For connections in the 535 <literal>ESTABLISHED</literal> 536 state, only resets with sequence numbers exactly matching 537 <varname>last_ack_sent</varname> will cause a reset; 538 all other segments will 539 be silently dropped. For connections in all other states, 540 a reset anywhere in the window will cause the connection 541 to be reset. All other segments will be silently dropped. 542 Note that this behavior technically violates the RFC 793 specification; 543 the conventional (but less secure) behavior can be restored 544 by setting a new sysctl <varname>net.inet.tcp.insecure_rst</varname> 545 to <literal>1</literal>. &merged;</para> 546 547 <para>Several bugs in the TCP SACK implementation have been 548 fixed. &merged;</para> 549 550 <para>RFC 1644 T/TCP support has been removed. This is because 551 the design is based on a weak security model that can easily 552 permit denial-of-service attacks. This TCP 553 extension has been considered a defective one in 554 a recent Internet Draft.</para> 555 556 <para>The KAME IPv4 IPsec implementation integrated 557 in &os; now supports TCP-MD5. &merged;</para> 558 559 <para>Random ephemeral port number allocation has led to some 560 problems with port reuse at high connection rates. This 561 feature is now disabled during periods of high connection 562 rates; whenever new connections are created faster than 563 <varname>net.inet.ip.portrange.randomcps</varname> per second, 564 port number randomization is disabled for the next 565 <varname>net.inet.ip.portrange.randomtime</varname> 566 seconds. The default values for these two sysctl variables 567 are <literal>10</literal> and <literal>45</literal>, 568 respectively. &merged;</para> 569 570 <para>Fine-grained locking has been applied to many of the data 571 structures in the IPX/SPX protocol stack. While not fully 572 MPSAFE at this point, it is generally safe to use IPX/SPX 573 without the Giant lock (in other words, the 574 <varname>debug.mpsafenet</varname> sysctl variable may be set 575 to <literal>1</literal>).</para> 576 577 </sect3> 578 579 <sect3 id="disks"> 580 <title>Disks and Storage</title> 581 582 <para>The &man.amr.4; driver is now safe for use on systems 583 using &man.pae.4;. &merged;</para> 584 585 <para arch="i386,ia64">The &man.arcmsr.4; driver has been added. 586 It supports the Areca ARC-11<replaceable>xx</replaceable> and 587 ARC-12<replaceable>xx</replaceable> series of SATA RAID 588 controllers. &merged;</para> 589 590 <para>The SHSEC GEOM class has been added. It provides for the 591 sharing of a secret between multiple GEOM providers. All of 592 these providers must be present in order to reveal the 593 secret. This feature is controlled by the &man.gshsec.8; 594 utility. &merged;</para> 595 596 <para>The &man.hptmv.4; driver, which supports the HighPoint 597 RocketRAID 182x series, has been added. &merged;</para> 598 599 <para>The &man.ips.4; driver now support kernel crash dumps 600 on some modern ServeRAID models. &merged;</para> 601 602 <para>The &man.matcd.4; driver has been removed. &merged;</para> 603 604 <para>The default SCSI boot-time probe delay in the 605 <filename>GENERIC</filename> kernel has been reduced from 606 fifteen seconds to five seconds.</para> 607 608 <para>The old vinum(4) subsystem has been removed 609 in favor of the new &man.geom.4;-based version.</para> 610 611 <para arch="pc98">The &man.wd.4; driver has been removed. The 612 &man.ata.4; driver has been found to work well enough on the 613 pc98 platform that there is no need for the older &man.wd.4; 614 driver.</para> 615 616 <para>Information about newly-mounted cd9660 file systems (such 617 as the presence of RockRidge extensions) is now only printed 618 if the kernel was booted in verbose mode. This change was 619 made to reduce the amount of (generally unnecessary) kernel 620 log messages. &merged;</para> 621 622 </sect3> 623 624 <sect3 id="fs"> 625 <title>File Systems</title> 626 627 <para>Recomputing the summary information for 628 <quote>dirty</quote> UFS and UFS2 file systems is no longer 629 done at mount time, but is now done by background 630 &man.fsck.8;. This change improves the startup speed when 631 mounting large file systems after a crash. The prior behavior 632 can be restored by setting the 633 <varname>vfs.ffs.compute_summary_at_mount</varname> sysctl 634 variable to a non-zero value. &merged;</para> 635 636 <para>A kernel panic in the NFS server has been fixed. More 637 details can be found in errata note 638 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:01.nfs.asc">FreeBSD-EN-05:01.nfs</ulink>. 639 &merged;</para> 640 641 </sect3> 642 643 <sect3> 644 <title>Contributed Software</title> 645 646 <para><application>ACPI-CA</application> has been updated from 647 20040527 to 20041119. &merged;</para> 648 649 </sect3> 650 </sect2> 651 652 <sect2 id="userland"> 653 <title>Userland Changes</title> 654 655 <para>The &man.burncd.8; utility now allows commands (such as 656 <command>eject</command>) to take place after fixating a 657 disk.</para> 658 659 <para>The &man.ftpd.8; program now uses the <literal>212</literal> 660 and <literal>213</literal> status codes for directory 661 and file status correctly (<literal>211</literal> was used in 662 the previous versions). This behavior is described in RFC 959. 663 &merged;</para> 664 665 <para>The <literal>create</literal> command of the &man.gpt.8; 666 utility now supports a <option>-f</option> command-line flag to 667 force creation of a GPT even when there is an MBR record on a 668 disk. &merged;</para> 669 670 <para>The &man.getaddrinfo.3; function now queries <literal>A</literal> 671 DNS resource records before <literal>AAAA</literal> records 672 when <literal>AF_UNSPEC</literal> is specified. 673 Some broken DNS servers return <literal>NXDOMAIN</literal> 674 against non-existent <literal>AAAA</literal> queries, 675 even when it should return <literal>NOERROR</literal> 676 with empty return records. This is a problem for an IPv4/IPv6 dual 677 stack node because the <literal>NXDOMAIN</literal> returned 678 by the first query of an <literal>AAAA</literal> record makes 679 the querying server stop attempting to resolve the <literal>A</literal> 680 record if any. Also, this behavior has been recognized as a potential 681 denial-of-service attack (see <ulink url="http://www.kb.cert.org/vuls/id/714121"></ulink> 682 for more details). 683 Note that although the query order has been changed, 684 the returned result still includes 685 <literal>AF_INET6</literal> records before 686 <literal>AF_INET</literal> records. &merged;</para> 687 688 <para>The gvinum(8) utility now supports 689 <command>checkparity</command>, 690 <command>rebuildparity</command>, and 691 <command>setstate</command> 692 subcommands. &merged;</para> 693 694 <para>The &man.ifconfig.8; utility has been restructured. It is 695 now more modular and flexible with respect to supporting 696 interface-specific functionality. The 802.11 support has been 697 updated to support recent changes to the 802.11 subsystem and 698 drivers.</para> 699 700 <para>Support for abbreviated forms of a number of &man.ipfw.8; 701 options has been deprecated. Warnings are printed to stderr 702 indicating the correct full form when one of these abbreviations 703 is detected.</para> 704 705 <para>The on-disk format of <literal>LC_CTYPE</literal> files has 706 been changed to be machine-independent.</para> 707 708 <para>A bug in the <filename>libalias</filename> library 709 which causes a core dump when the <option>-reverse</option> 710 option is specified in &man.natd.8; has been fixed.</para> 711 712 <para>The <filename>libarchive</filename> library (as well as the 713 &man.tar.1; command that uses it) now has support for reading ISO 714 images (with optional RockRidge extensions) and ZIP archives 715 (with <literal>deflate</literal> and <literal>none</literal> 716 compression). &merged;</para> 717 718 <para>The <filename>libarchive</filename> library now supports 719 handling a ZIP archive entry with more than 4GB compressed size (ZIP64 720 extension) and Unix extension.</para> 721 722 <para>The <filename>libgpib</filename> library has been added to 723 give userland access to GPIB devices (using the the pcii driver) 724 via the 725 <function>ib<replaceable>foo</replaceable></function> 726 API. &merged;</para> 727 728 <para>The default stack sizes in <filename>libpthread</filename>, 729 <filename>libthr</filename>, 730 and <filename>libc_r</filename> have been increased. On 32-bit 731 platforms, the main thread receives a 2MB stack size by default, 732 with other threads receiving a 1MB stack size by default. On 733 64-bit platforms, the default stack sizes are 4MB and 2MB 734 respectively.</para> 735 736 <para>The <filename>libxpg4</filename> library has been removed 737 because all of its functionality was long ago merged into 738 <filename>libc</filename>. 739 All binaries linked with <filename>libxpg4</filename> 740 must be recompiled or use &man.libmap.conf.5;. 741 Note that the &os; base system has no such binaries.</para> 742 743 <para>The &man.lpd.8; program now checks to make sure the data 744 file has been completely transfered before starting to 745 print it when a data file received from some other host. 746 Some implementations of &man.lpr.1; send the control file 747 for a print job before sending the matching data files, 748 which can cause problems if the receiving host is 749 a busy print-server. &merged;</para> 750 751 <para>A number of new functions have been implemented in the 752 &man.math.3; library. These include &man.ceill.3;, 753 &man.floorl.3;, &man.ilogbl.3;, &man.fma.3; and variants, 754 &man.lrint.3; and variants, and &man.lround.3; and 755 variants. &merged;</para> 756 757 <para>The &man.mknod.8; utility is now deprecated. 758 Device nodes have been managed by the &man.devfs.5; device file 759 system since &os; 5.0.</para> 760 761 <para arch="i386">The &man.mkuzip.8; utility, which 762 compresses file system images for use with 763 <literal>GEOM_UZIP</literal> &man.geom.4; module, 764 has been added. &merged;</para> 765 766 <para>The &man.moused.8; daemon now supports <quote>virtual 767 scrolling</quote>, in which mouse motions made while holding 768 down the middle mouse button are interpreted as scrolling. This 769 feature is enabled with the <option>-V</option> 770 flag. &merged;</para> 771 772 <para>A separate directory has been added for &man.named.8; 773 dynamic zones which is owned by the <username>bind</username> user 774 (for creation of the zone journal file). 775 For more detail, see an example dynamic zone in the sample 776 &man.named.conf.5;. &merged;</para> 777 778 <para>The &man.ncal.1; utility now supports a <option>-m</option> 779 flag to generate a calendar for a specified month in the current 780 year. &merged;</para> 781 782 <para>The &man.newfs.8; utility now supports a <option>-n</option> 783 flag to suppress the creation of a <filename>.snap</filename> 784 directory on new file systems. This feature is intended for use 785 on memory or vnode file systems that will not require snapshot 786 support. &merged;</para> 787 788 <para>The &man.newfs.8; utility now emits a warning when creating 789 a UFS or UFS2 file system that cannot support snapshots. This 790 situation can occur in the case of very large file systems with 791 small block sizes. &merged;</para> 792 793 <para>The &man.newsyslog.8; utility now supports 794 a <option>-d</option> option to specify an alternate root for log files 795 similar to <varname>DESTDIR</varname> in the BSD make process. 796 This only affects log file paths, not configuration file (<option>-f</option>) 797 or archive directory (<option>-a</option>) paths.</para> 798 799 <para>The &man.newsyslog.8; utility now supports a 800 <option>-N</option> that causes it not to rotate any files.</para> 801 802 <para>The <literal>NO_NIS</literal> compile-time knob for userland 803 has been added. As its name implies, enabling this 804 <filename>Makefile</filename> variable will cause NIS support to 805 be excluded from various programs and will cause the NIS 806 utilities to not be built. &merged;</para> 807 808 <para>For years, &os; has used <filename>Makefile</filename> 809 variables of the form 810 <varname>NO<replaceable>FOO</replaceable></varname> and 811 <varname>NO_<replaceable>FOO</replaceable></varname>. For 812 consistency, those variables using the former naming convention 813 have been converted to the 814 <varname>NO_<replaceable>FOO</replaceable></varname> form. The 815 file <filename>/usr/share/mk/bsd.compat.mk</filename> has a 816 complete list of these variables; it also implements some 817 temporary backward compatibility for the old names.</para> 818 819 <para>The &man.periodic.8; security output now supports the display of 820 information about blocked packet counts from &man.pf.4;. &merged;</para> 821 822 <para>The &man.pgrep.1; now supports an <option>-S</option> option 823 which allows to match system processes (kernel threads).</para> 824 825 <para>The &man.pgrep.1; and &man.pkill.1; now support an 826 <option>-F</option> option which allows to use file where PID is stored 827 for matching.</para> 828 829 <para>The &man.pgrep.1; and &man.pkill.1; now support an 830 <option>-i</option> option to ignore case in the process match.</para> 831 832 <para>The &man.pgrep.1; and &man.pkill.1; now support an 833 <option>-j</option> option which allows to match processes 834 based on its &man.jail.2; ID.</para> 835 836 <para>The &man.pgrep.1; and &man.pkill.1; now support an 837 <option>-o</option> option which allows to match oldest 838 (least recently started) of the matching processes.</para> 839 840 <para>The &man.powerd.8; program for managing power consumption has been 841 added.</para> 842 843 <para>The &man.ppp.8; program now implements an 844 <option>echo</option> parameter, which allows LCP ECHOs to be 845 enabled independently of LQR reports. Older versions of 846 &man.ppp.8; would revert to LCP ECHO mode on negotiation 847 failure. It is now necessary to specify <command>enable 848 echo</command> to get this behavior. &merged;</para> 849 850 <para>The <option>disable NAS-IP-Address</option> and 851 <option>disable NAS-Identifier</option> options, 852 which support pre-RFC 2865 RADIUS servers 853 have been added to the &man.ppp.8; program.</para> 854 855 <para>Two bugs in the &man.pppd.8; program have been fixed. 856 They may result in an incorrect CBCP response, 857 which violates the Microsoft PPP Callback Control Protocol 858 section 3.2. &merged;</para> 859 860 <para>The &man.ps.1; now supports a <literal>jid</literal> 861 keyword in the <option>-o</option> option. It displays 862 &man.jail.2; ID of each process.</para> 863 864 <para>The &man.pstat.8; now supports a <option>-h</option> option 865 to print swap sizes with SI prefixes such as K, M, and G, 866 which are used to form binary multiples.</para> 867 868 <para>The &man.rescue.8; utilities in the <filename>/rescue</filename> 869 directory now include &man.bsdtar.1; instead of GNU tar.</para> 870 871 <para>The &man.restore.8; utility has regained the ability to read 872 &os; version 1 dump tapes.</para> 873 874 <para>A bug of the &man.rexecd.8; utility which results in 875 it behaving as if the <option>-i</option> option is always 876 specified has been fixed. &merged;</para> 877 878 <para>The &man.rm.1; utility now supports an <option>-I</option> 879 option that asks for confirmation (once) if recursively 880 removing directories or if more than 3 files are listed in the 881 command line. &merged;</para> 882 883 <para>The &man.rm.1; utility now suppresses diagnostic messages 884 when it attempts to remove a non-existent directory 885 with the <option>-r</option> and <option>-f</option> options 886 specified. This behavior is required by 887 Version 3 of the Single UNIX Specification (SUSv3).</para> 888 889 <para>An &man.rpmatch.3; library function has been added to check 890 a string for being an affirmative or negative response in the 891 current locale.</para> 892 893 <para>The &man.rtld.1; dynamic linker now supports specifying 894 library replacements via the <varname>LD_LIBMAP</varname> 895 environment variable. This variable will override the entries 896 in &man.libmap.conf.5;. &merged;</para> 897 898 <para>The rune(3) non-standard multibyte and wide character support 899 interface has been removed.</para> 900 901 <para>The &man.strftime.3; function now supports some GNU extensions 902 such as <literal>-</literal> (no padding), 903 <literal>_</literal> (use space as padding), 904 and <literal>0</literal> (zero padding). &merged;</para> 905 906 <para>The &man.syslog.3; function is now thread-safe. &merged;</para> 907 908 <para>The &man.syslogd.8; utility now opens an additional domain 909 socket (<filename>/var/run/logpriv</filename> by default), 910 with <literal>0600</literal> permissions to be used 911 by privileged programs. This prevents privileged 912 programs from locking when the domain sockets 913 run out of buffer space due to a 914 local denial-of-service attack. &merged;</para> 915 916 <para>The &man.syslogd.8; utility now allows 917 <literal>:</literal> and <literal>%</literal> 918 characters in the hostname specifications. 919 These characters are used in IPv6 addresses and scope IDs.</para> 920 921 <para>The &man.systat.1; <option>-netstat</option> display is now 922 IPv6-aware. &merged;</para> 923 924 <para>The <option>-f</option> option of &man.tail.1; utility 925 now supports more than one file at a time. &merged;</para> 926 927 <para>The &man.telnet.1; and &man.telnetd.8; programs now support 928 the <option>-S</option> option for specifying a numeric TOS 929 byte.</para> 930 931 <para>Prepending a <literal>+</literal> character to port numbers 932 passed to &man.telnet.1; program will now disable option 933 negotiation and allow the transfer of characters with the high 934 bit set. This feature is intended to support the fairly common 935 use of &man.telnet.1; as a protocol tester.</para> 936 937 <para>The &man.tcpdrop.8; command, which closes a selected TCP 938 connection, has been added. It was obtained from 939 OpenBSD. &merged;</para> 940 941 <para>&man.whois.1; now supports 942 a <option>-k</option> flag 943 for querying <hostid role="fqdn">whois.krnic.net</hostid> 944 (the National Internet Development Agency of Korea), 945 which holds details of IP address allocations within 946 Korea. &merged;</para> 947 948 <para>The <option>-I</option> option of the &man.xargs.1; command 949 has been changed to conform to IEEE Std 1003.1-2004. 950 The standard requires that the constructed 951 arguments cannot grow larger than 255 bytes.</para> 952 953 <para>A bug, which caused the last line of configuration files such as &man.hosts.5;, 954 &man.services.5;, and so on to be ignored if it did not end in a newline character, 955 has been fixed. &merged;</para> 956 957 <sect3 id="rc-scripts"> 958 <title><filename>/etc/rc.d</filename> Scripts</title> 959 960 <para>&man.rc.conf.5; now supports changes of network interface names 961 at boot time. &merged; For example:</para> 962 963 <programlisting>ifconfig_fxp0_name="net0" 964ifconfig_net0="inet 10.0.0.1/16"</programlisting> 965 966 <para>The <filename>rc.d/moused</filename> script now 967 starts/stops/checks a specific device when 968 the device name is given as the second argument to the script:</para> 969 970 <screen>&prompt.root; /etc/rc.d/moused start ums0</screen> 971 972 <para>To use different &man.rc.conf.5; knobs with different 973 mice, use the device name as part of the knob. 974 For example, if the mouse device is <filename>/dev/ums0</filename> 975 the following lines can be used:</para> 976 977 <programlisting>moused_ums0_enable=yes 978moused_ums0_flags="-z 4" 979moused_ums0_port="/dev/ums0"</programlisting> 980 981 <para>&man.rc.conf.5; now supports the <varname>tmpmfs_flags</varname> 982 and <varname>varmfs_flags</varname> variables. 983 These can be used to pass extra options to the &man.mdmfs.8; utility, 984 to customize the finer details of the &man.md.4; file system creation, 985 such as to turn on/off softupdates, to specify a default owner 986 for the file system, and so on. &merged;</para> 987 988 </sect3> 989 </sect2> 990 991 <sect2 id="contrib"> 992 <title>Contributed Software</title> 993 994 <para><application>BIND</application> has been updated from version 995 9.3.0 to version 9.3.1. &merged;</para> 996 997 <para><application>FILE</application> has been updated from 4.10 998 to 4.12.</para> 999 1000 <para><application>GNU readline</application> has been updated from 1001 version 4.3 to version 5.0.</para> 1002 1003 <para><application>Heimdal</application> has been updated from 1004 0.6.1 to 0.6.3. &merged;</para> 1005 1006 <para><application>lukemftp</application> has been updated from a 1007 26 April 2004 snapshot from OpenBSD's sources to a snapshot as 1008 of 19 February 2005.</para> 1009 1010 <para>A snapshot of <application>netcat</application> from OpenBSD 1011 as of 4 February 2005 has been added. More information can be 1012 found in the &man.nc.1; manual page. &merged;</para> 1013 1014 <para><application>OpenPAM</application> has been updated from the 1015 Eelgrass release to the Feterita release.</para> 1016 1017 <para><application>OpenSSH</application> has been updated from 3.8p1 1018 to 3.9p1.</para> 1019 1020 <para><application>OpenSSL</application> has been updated from 1021 0.9.7d to 0.9.7e. &merged;</para> 1022 1023 <para><application>sendmail</application> has been updated from 1024 version 8.13.1 to version 8.13.3. &merged;</para> 1025 1026 <para>The timezone database has been updated from the 1027 <application>tzdata2004e</application> release to the 1028 <application>tzdata2004g</application> release. &merged;</para> 1029 1030 </sect2> 1031 1032 <sect2 id="ports"> 1033 <title>Ports/Packages Collection Infrastructure</title> 1034 1035 <para>The &man.pkg.version.1; utility now supports a 1036 <option>-q</option> flag to suppress the output of the port 1037 version comparison characters <literal><</literal>, 1038 <literal>=</literal>, and <literal>></literal>.</para> 1039 1040 <para>The 1041 <filename>ports/INDEX<replaceable>*</replaceable></filename> 1042 files, which kept an index of all of the entries in the ports 1043 collection, have been removed from the CVS repository. &merged; 1044 These files were generated only infrequently, and therefore were 1045 usually out-of-date and inaccurate. Users requiring an index 1046 file (such as for use by programs such as &man.portupgrade.1;) 1047 have two alternatives for obtaining a copy:</para> 1048 1049 <itemizedlist> 1050 <listitem> 1051 <para>Build an index file based on the current ports tree by 1052 running <command>make index</command> from the top of the 1053 <filename>ports/</filename> tree.</para> 1054 </listitem> 1055 1056 <listitem> 1057 <para>Fetch an index file over the network by running 1058 <command>make fetchindex</command> from the top of the 1059 <filename>ports/</filename> tree. This index file will 1060 (typically) be accurate to within a day.</para> 1061 </listitem> 1062 </itemizedlist> 1063 1064 </sect2> 1065 1066 <sect2 id="releng"> 1067 <title>Release Engineering and Integration</title> 1068 1069 <para>In prior &os; releases, the <filename>disc1</filename> 1070 CD-ROM (or ISO image) was a bootable installation disk 1071 containing the base system, ports tree, and common packages. 1072 The <filename>disc2</filename> CD-ROM (or ISO image) was a 1073 bootable <quote>fix it</quote> disk with a live filesystem, to 1074 be used for making emergency repairs. This layout has now 1075 changed. For all architectures except ia64, the 1076 <filename>disc1</filename> image now contains the base system 1077 distribution files, ports tree, and the live filesystem, making 1078 it suitable for both an initial installation and repair 1079 purposes. (On the ia64, the live filesystem is on a separate 1080 disk due to its size.) Packages appear on separate 1081 disks; in particular, the <filename>disc2</filename> image 1082 contains commonly packages such as desktop environments. 1083 Documents from the &os; Documentation Project also appear on 1084 <filename>disc2</filename>. &merged;</para> 1085 1086 <para>The supported version of the 1087 <application>GNOME</application> desktop environment has been 1088 updated from 2.6.2 to 2.10. More information about 1089 running <application>GNOME</application> on &os; can be found on 1090 the <ulink url="&url.base;/gnome/">FreeBSD GNOME Project</ulink> 1091 Web page. &merged; 1092 1093 <note> 1094 <para>Users of older versions of the 1095 <application>GNOME</application> desktop 1096 (<filename role="package">x11/gnome2</filename>) 1097 must take particular care in upgrading. Simply upgrading it 1098 from the &os; Ports Collection with &man.portupgrade.1; 1099 (<filename role="package">sysutils/portupgrade</filename>) 1100 will cause serious problems. 1101 <application>GNOME</application> desktop users should read 1102 the instructions carefully at 1103 <ulink url="&url.base;/gnome/docs/faq210.html"></ulink> 1104 and use the 1105 <ulink url="&url.base;/gnome/gnome_upgrade.sh"><filename>gnome_upgrade.sh</filename></ulink> 1106 script to properly upgrade to 1107 <application>GNOME</application> 2.10.</para> 1108 </note> 1109 </para> 1110 1111 <para>The supported version of the <application>KDE</application> 1112 desktop environment has been updated from 3.3.0 to 1113 3.4.0. More information regarding running 1114 <application>KDE</application> on &os; can be found on the 1115 <ulink url="http://freebsd.kde.org/">KDE on FreeBSD</ulink> Web 1116 page. &merged; 1117 1118 <note> 1119 <para>Users of older versions of 1120 <application>KDE</application> should follow the upgrading 1121 procedure documented on the 1122 <ulink url="http://freebsd.kde.org/">KDE on FreeBSD</ulink> Web 1123 page or in <filename>ports/UPDATING</filename>.</para> 1124 </note> 1125 </para> 1126 1127 <para>The supported version of <application>Xorg</application> has 1128 been updated from 6.7.0 to 6.8.2. &merged;</para> 1129 1130 </sect2> 1131 1132 <sect2 id="doc"> 1133 <title>Documentation</title> 1134 1135 <para>Manual pages in the base system have received a number of 1136 cleanups, both for content and presentation. Cross-references 1137 are more correct and consistent, standard section headings are 1138 now used throughout, and markup has been cleaned up.</para> 1139 1140 <para>The following manual pages, which were derived from RFCs 1141 and possibly violate the IETF's copyrights, have been replaced: 1142 &man.gai.strerror.3;, 1143 &man.getaddrinfo.3;, 1144 &man.getnameinfo.3;, 1145 &man.inet6.opt.init.3;, 1146 &man.inet6.option.space.3;, 1147 &man.inet6.rth.space.3;, 1148 &man.inet6.rthdr.space.3;, 1149 &man.icmp6.4;, and 1150 &man.ip6.4;. &merged;</para> 1151 1152 </sect2> 1153</sect1> 1154 1155<sect1 id="upgrade"> 1156 <title>Upgrading from previous releases of &os;</title> 1157 1158 <para>Source upgrades to &os; &release.current; are only supported 1159 from &os; 5.3-RELEASE or later. Users of older systems wanting to 1160 upgrade &release.current; will need to update to &os; 5.3 or newer 1161 first, then to &os; &release.current;.</para> 1162 1163 <important> 1164 <para>Upgrading &os; should, of course, only be attempted after 1165 backing up <emphasis>all</emphasis> data and configuration 1166 files.</para> 1167 </important> 1168</sect1> 1169