article.xml revision 145270
1<articleinfo> 2 <title>&os;/&arch; &release.current; Release Notes</title> 3 4 <corpauthor>The &os; Project</corpauthor> 5 6 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 145270 2005-04-19 12:03:52Z hrs $</pubdate> 7 8 <copyright> 9 <year>2000</year> 10 <year>2001</year> 11 <year>2002</year> 12 <year>2003</year> 13 <year>2004</year> 14 <year>2005</year> 15 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder> 16 </copyright> 17 18 <legalnotice id="trademarks" role="trademarks"> 19 &tm-attrib.freebsd; 20 &tm-attrib.ibm; 21 &tm-attrib.ieee; 22 &tm-attrib.intel; 23 &tm-attrib.sparc; 24 &tm-attrib.general; 25 </legalnotice> 26 27 <abstract> 28 <para>The release notes for &os; &release.current; contain a summary 29 of the changes made to the &os; base system since &release.branch; is created. 30 This document lists applicable security advisories that were issued since 31 the last release, as well as significant changes to the &os; 32 kernel and userland. 33 Some brief remarks on upgrading are also presented.</para> 34 </abstract> 35</articleinfo> 36 37<sect1 id="intro"> 38 <title>Introduction</title> 39 40 <para>This document contains the release notes for &os; 41 &release.current; on the &arch.print; hardware platform. It 42 describes recently added, changed, or deleted features of &os;. 43 It also provides some notes on upgrading 44 from previous versions of &os;.</para> 45 46<![ %release.type.current [ 47 48 <para>The &release.type; distribution to which these release notes 49 apply represents the latest point along the &release.branch; development 50 branch since &release.branch; was created. Information regarding pre-built, binary 51 &release.type; distributions along this branch 52 can be found at <ulink url="&release.url;"></ulink>.</para> 53 54]]> 55 56<![ %release.type.snapshot [ 57 58 <para>The &release.type; distribution to which these release notes 59 apply represents a point along the &release.branch; development 60 branch between &release.prev; and the future &release.next;. 61 Information regarding 62 pre-built, binary &release.type; distributions along this branch 63 can be found at <ulink url="&release.url;"></ulink>.</para> 64 65]]> 66 67<![ %release.type.release [ 68 69 <para>This distribution of &os; &release.current; is a 70 &release.type; distribution. It can be found at <ulink 71 url="&release.url;"></ulink> or any of its mirrors. More 72 information on obtaining this (or other) &release.type; 73 distributions of &os; can be found in the <ulink 74 url="&url.books.handbook;/mirrors.html"><quote>Obtaining 75 &os;</quote> appendix</ulink> to the <ulink 76 url="&url.books.handbook;/">&os; 77 Handbook</ulink>.</para> 78 79]]> 80 81 <para>All users are encouraged to consult the release errata before 82 installing &os;. The errata document is updated with 83 <quote>late-breaking</quote> information discovered late in the 84 release cycle or after the release. Typically, it contains 85 information on known bugs, security advisories, and corrections to 86 documentation. An up-to-date copy of the errata for &os; 87 &release.current; can be found on the &os; Web site.</para> 88 89</sect1> 90 91<sect1 id="new"> 92 <title>What's New</title> 93 94 <para>This section describes 95 the most user-visible new or changed features in &os; 96 since &release.prev;. 97 In general, changes described here are unique to the &release.branch; 98 branch unless specifically marked as &merged; features. 99 </para> 100 101 <para>Typical release note items 102 document recent security advisories issued after 103 &release.prev.historic;, 104 new drivers or hardware support, new commands or options, 105 major bug fixes, or contributed software upgrades. They may also 106 list changes to major ports/packages or release engineering 107 practices. Clearly the release notes cannot list every single 108 change made to &os; between releases; this document focuses 109 primarily on security advisories, user-visible changes, and major 110 architectural improvements.</para> 111 112 <sect2 id="security"> 113 <title>Security Advisories</title> 114 115 <para>A bug in the &man.fetch.1; utility, which allows 116 a malicious HTTP server to cause arbitrary portions of the client's 117 memory to be overwritten, has been fixed. 118 For more information, see security advisory 119 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:16.fetch.asc">FreeBSD-SA-04:16.fetch</ulink>. 120 &merged;</para> 121 122 <para>A bug in &man.procfs.5; and &man.linprocfs.5; 123 which could allow a malicious local user to read parts of kernel 124 memory or perform a local 125 denial of service attack by causing a system panic, 126 has been fixed. 127 For more information, see security advisory 128 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc">FreeBSD-SA-04:17.procfs</ulink>. 129 &merged;</para> 130 131 <para>Two buffer overflows in the TELNET client program have been 132 corrected. They could have allowed a malicious TELNET server or 133 an active network attacker to cause &man.telnet.1; to execute 134 arbitrary code with the privileges of the user running it. 135 More information can be found in security advisory 136 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc">FreeBSD-SA-05:01.telnet</ulink>. 137 &merged;</para> 138 139 <para>A information disclosure vulnerability in the 140 &man.sendfile.2; system call, which could permit it to transmit 141 random parts of kernel memory, has been fixed. More details are 142 in security advisory 143 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc">FreeBSD-SA-05:02.sendfile</ulink>. 144 &merged;</para> 145 146 <para arch="amd64">A possible privilege escalation vulnerability on &os;/amd64 147 has been fixed. This allows unprivileged users to gain direct 148 access to some hardware which cannot be accessed 149 without the elevated privilege level. More details are in security advisory 150 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc">FreeBSD-SA-05:03.amd64</ulink>. 151 &merged;</para> 152 153 <para>An information leak vulnerability in the 154 <literal>SIOCGIFCONF</literal> &man.ioctl.2;, which leaked 12 155 bytes of kernel memory, has been fixed. More details are in security advisory 156 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc">FreeBSD-SA-05:04.ifconf</ulink>. 157 &merged;</para> 158 159 </sect2> 160 161 <sect2 id="kernel"> 162 <title>Kernel Changes</title> 163 164 <para arch="i386">Support for 80386 processors (the 165 <literal>I386_CPU</literal> kernel configuration option) has 166 been removed. Users running this class of CPU should use &os; 167 5.<replaceable>X</replaceable> or earlier.</para> 168 169 <para>The kernel debugger &man.ddb.4; now supports a 170 <command>show alllocks</command> command, which dumps a list of processes 171 and threads currently holding sleep mutexes (and spin mutexes for 172 the current thread). &merged;</para> 173 174 <para>The &man.jail.8; feature now supports a new sysctl 175 <varname>security.jail.chflags_allowed</varname>, which controls the 176 behavior of &man.chflags.1; within a jail. 177 If set to <literal>0</literal> (the default), then a jailed <username>root</username> user is 178 treated as an unprivileged user; if set to <literal>1</literal>, then 179 a jailed root user is treated the same as an unjailed <username>root</username> user. &merged;</para> 180 181 <para arch="alpha,amd64,i386,sparc64">The loader tunable <varname>debug.mpsafevm</varname> 182 has been enabled by default. &merged;</para> 183 184 <para>&man.memguard.9;, a kernel memory allocator designed to help detect 185 <quote>tamper-after-free</quote> scenarios, has been added. 186 This must be explicitly enabled via <literal>options 187 DEBUG_MEMGUARD</literal>, plus small kernel modifications. It 188 is generally intended for use by kernel developers.</para> 189 190 <para>A number of bugs have been fixed in the ULE 191 scheduler. &merged;</para> 192 193 <para>Fine-grained locking to allow much of the VFS stack to run 194 without the Giant lock has been added. This is enabled by default 195 on the alpha, amd64, and i386 architectures, and can be disabled 196 by setting the loader tunable (and sysctl variable) 197 <varname>debug.mpsafevfs</varname> to 198 <literal>0</literal>.</para> 199 200 <para arch="i386">A bug in Inter-Processor Interrupt (IPI) 201 handling, which could cause SMP systems to crash under heavy 202 load, has been fixed. More details are contained in errata note 203 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:03.ipi.asc">FreeBSD-EN-05:03.ipi</ulink>. 204 &merged;</para> 205 206 <para>System V IPC objects (message queues, semaphores, and shared 207 memory) now have support for Mandatory Access Control policies, 208 notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and 209 &man.mac.test.4;.</para> 210 211 <para arch="i386">Memory allocation for legacy PCI bridges has 212 been limited to the top 32MB of RAM. Many older, legacy bridges 213 only allow allocation from this range. This change only applies 214 to devices which do not have their memory assigned by the BIOS. 215 This change fixes the <quote>bad Vcc</quote> error of CardBus 216 bridges (&man.pccbb.4;). &merged;</para> 217 218 <para>The &man.sysctl.3; MIBs beginning with <quote>debug</quote> 219 now require the kernel option <literal>options SYSCTL_DEBUG</literal>. 220 This option is disabled by default.</para> 221 222 <para>The generic &man.tty.4; driver interface has been added 223 and many device drivers including 224 &man.cx.4; (<literal>{tty,cua}x</literal>), 225 &man.cy.4; (<literal>{tty,cua}c</literal>), 226 &man.digi.4; (<literal>{tty,cua}D</literal>), 227 &man.rc.4; (<literal>{tty,cua}m</literal>), 228 &man.rp.4; (<literal>{tty,cua}R</literal>), 229 &man.sab.4; (<literal>{tty,cua}z</literal>), 230 &man.si.4; (<literal>{tty,cua}A</literal>), 231 &man.sio.4; (<literal>{tty,cua}d</literal>), 232 sx (<literal>{tty,cua}G</literal>), 233 &man.uart.4; (<literal>{tty,cua}u</literal>), 234 &man.ubser.4; (<literal>{tty,cua}y</literal>), 235 &man.ucom.4; (<literal>{tty,cua}U</literal>), and 236 &man.ucycom.4; (<literal>{tty,cua}y</literal>) 237 have been rewritten to use it. Note that <filename>/etc/remote</filename> 238 and <filename>/etc/ttys</filename> have been updated as well.</para> 239 240 <para>The &man.vkbd.4; driver has been added. This driver 241 provides a software loopback mechanism that can implement 242 a virtual AT keyboard similar to what the &man.pty.4; driver 243 does for terminals.</para> 244 245 <!-- Above this line, sort kernel changes by manpage/keyword--> 246 247 <para arch="i386,amd64,ia64">The default <varname>HZ</varname> 248 parameter (which controls various kernel timers) has been 249 increased from <literal>100</literal> to <literal>1000</literal> 250 on the i386 and ia64. It has been reduced from 251 <literal>1024</literal> to <literal>1000</literal> on the amd64 252 to reduce synchronization effects with other system 253 clocks.</para> 254 255 <para>The maximum length of shell commands has changed from 128 256 bytes to <varname>PAGE_SIZE</varname>. By default, this value 257 is either 4KB (i386, pc98, amd64, and powerpc) or 8KB (sparc64 258 and ia64). As a result, compatibility modules need to be 259 rebuilt to stay synchronized with data structure changes in the 260 kernel.</para> 261 262 <sect3 id="boot"> 263 <title>Boot Loader Changes</title> 264 265 <para arch="i386">A serial console-capable version of 266 <filename>boot0</filename> has been added. It can be written 267 to a disk using &man.boot0cfg.8; and specifying 268 <filename>/boot/boot0sio</filename> as the argument to the 269 <option>-b</option> option.</para> 270 271 <para arch="i386"><filename>cdboot</filename> now works around a 272 BIOS problem observed on some systems when booting from USB 273 CDROM drives.</para> 274 275 <para>The <command>autoboot</command> loader command 276 now supports the prompt parameter.</para> 277 278 <para>A loader menu option to set <varname>hint.atkbd.0.flags=0x1</varname> 279 has been added. This setting allows USB keyboards to work 280 if no PS/2 keyboard is attached.</para> 281 282 <para>The beastie boot menu has been disabled by default.</para> 283 284 <!-- Above this line, order boot loader changes by keyword--> 285 286 </sect3> 287 288 <sect3 id="proc"> 289 <title>Hardware Support</title> 290 291 <para arch="i386,amd64">The &man.acpi.4; driver now turns 292 the ACPI and PCI devices off or to a lower power state 293 when suspending, and back on again when resuming. 294 This behavior can be disabled by 295 setting the <varname>debug.acpi.do_powerstate</varname> and 296 <varname>hw.pci.do_powerstate</varname> sysctls to <literal>0</literal>.</para> 297 298 <para arch="i386,amd64">The acpi_ibm driver for IBM laptops 299 has been added.</para> 300 301 <para arch="i386,amd64">The &man.acpi.fujitsu.4; driver for handling 302 &man.acpi.4;-controlled buttons Fujitsu laptops has been added.</para> 303 304 <para arch="i386,amd64">The acpi_sony driver, 305 which supports the Sony Notebook Controller on various 306 Sony laptops has been added.</para> 307 308 <para arch="sparc64">The &man.auxio.4; driver has been to drive 309 some auxiliary I/O functions found on various SBus/EBus 310 &ultrasparc; models. &merged;</para> 311 312 <para arch="sparc64">The clkbrd driver has been added to support 313 the <literal>clock-board</literal> device frequently found on 314 Sun E<replaceable>xx</replaceable>00 servers.</para> 315 316 <para>A framework for flexible processor speed control has been 317 added. It provides methods for various drivers to control CPU 318 power utilization by adjusting the processor speed. More 319 details can be found in the &man.cpufreq.4; manual page. &merged; 320 Currently supported drivers include ichss (Intel SpeedStep for ICH), 321 acpi_perf (ACPI CPU performance states), and acpi_throttle 322 (ACPI CPU throttling). The latter two drivers are contained 323 in the &man.acpi.4; driver. These can individually be disabled by setting device 324 hints such as <varname>hint.<replaceable>ichss</replaceable>.0.disabled="1"</varname>.</para> 325 326 <para arch="amd64,i386">The &man.hwpmc.4;, hardware performance 327 monitoring counter driver has been added. 328 This driver virtualizes the hardware performance monitoring 329 facilities in modern CPUs and provides support for using 330 these facilities from user level processes. For more details, 331 see manual pages of &man.hwpmc.4;, associated libraries, 332 and associated userland utilities.</para> 333 334 <para arch="i386">Support for the OLDCARD subsystem has 335 been removed. The NEWCARD system is now used for all PCCARD 336 device support.</para> 337 338 <para>The pcii driver has been added to support GPIB-PCIIA IEEE-488 339 cards. &merged;</para> 340 341 <para>The &man.atkbd.4; driver now supports a <literal>0x8</literal> 342 (bit 3) flag to disable testing the keyboard port during 343 the device probe as this can cause hangs on some machines, 344 specifically Compaq R3000Z series amd64 laptops.</para> 345 346 <para arch="i386">The &man.pbio.4; driver, 347 which supports direct access to 348 the Intel 8255A programmable peripheral interface (PPI) 349 chip running in mode 0 (simple I/O) has been added.</para> 350 351 <para>The &man.psm.4; driver now has improved support for 352 Synaptics Touchpad users. It now has better tracking of 353 slow-speed movement and support for various extra 354 buttons and dials. These features can be tuned with the 355 <varname>hw.psm.synaptics.<replaceable>*</replaceable></varname> 356 hierarchy of sysctl variables.</para> 357 358 <para arch="sparc64">The rtc driver has been added to support 359 the MC146818-compatible clock found on some &ultrasparc; II 360 and III models. &merged;</para> 361 362 <para arch="sparc64">The &man.uart.4; driver is now enabled in 363 the <filename>GENERIC</filename> kernel, and is now the 364 default driver for serial ports. The ofw_console and 365 &man.sab.4; drivers are now disabled in the 366 <filename>GENERIC</filename> kernel. &merged;</para> 367 368 <para>The &man.uplcom.4; driver now supports handling of the 369 <literal>CTS</literal> signal.</para> 370 371 <para>The &man.ehci.4; driver has been improved.</para> 372 373 <para arch="sparc64">The zs driver has been removed 374 in favor of the &man.uart.4; driver.</para> 375 376 <sect4 id="mm"> 377 <title>Multimedia Support</title> 378 379 <para arch="sparc64">The &man.snd.audiocs.4; driver has been 380 added to support the Crystal Semiconductor CS4231 audio 381 controller found on &ultrasparc; 382 workstations. &merged;</para> 383 384 <para>The &man.uaudio.4; driver now has some added 385 functionality, including volume control on more inputs and 386 recording capability on some devices.</para> 387 388 </sect4> 389 390 <sect4 id="net-if"> 391 <title>Network Interface Support</title> 392 393 <para>The &man.ath.4; driver has been updated to split the 394 transmit rate control algorithm into a separate module. 395 One of <literal>device ath_rate_onoe</literal>, 396 <literal>device ath_rate_amrr</literal>, or 397 <literal>device ath_rate_sample</literal> must be included in 398 the kernel configuration when using the &man.ath.4; 399 driver.</para> 400 401 <para>The &man.bge.4; driver now supports the &man.altq.4; 402 framework.</para> 403 404 <para>The &man.cdce.4; USB Communication Device Class Ethernet 405 driver has been added. &merged;</para> 406 407 <para>The &man.cp.4; driver is now MPSAFE. &merged;</para> 408 409 <para>The &man.ctau.4; driver is now MPSAFE. &merged;</para> 410 411 <para>The &man.cx.4; driver is now MPSAFE. &merged;</para> 412 413 <para>The &man.dc.4; driver now supports the &man.altq.4; framework.</para> 414 415 <para>The &man.ed.4; driver now supports the &man.altq.4; 416 framework. &merged;</para> 417 418 <para>In the &man.em.4; driver, hardware support for VLAN 419 tagging is now disabled by default due to some interactions 420 between this feature and promiscuous mode. &merged;</para> 421 422 <para>Ethernet flow control is now disabled by default in the 423 &man.fxp.4; driver, to prevent problems with a system panics 424 or is left in the kernel debugger. &merged;</para> 425 426 <para>The gx(4) driver has been removed because 427 it is no longer maintained actively and 428 the &man.em.4; driver supports all of the supported hardware.</para> 429 430 <para>The &man.hme.4; driver is now MPSAFE. &merged;</para> 431 432 <para>The &man.ipw.4; (for Intel PRO/Wireless 2100), 433 &man.iwi.4; (for Intel PRO/Wireless 2200BG/2225BG/2915ABG), 434 &man.ral.4; (for Ralink Technology RT2500), 435 and &man.ural.4; (for Ralink Technology RT2500USB) 436 drivers have been added.</para> 437 438 <para>The &man.ixgb.4; driver is now MPSAFE.</para> 439 440 <para arch="amd64">The &man.ndis.4; device driver wrapper now 441 supports &windows;/x86-64 binaries on amd64 442 systems. &merged;</para> 443 444 <para arch="i386,amd64">The nve driver, which supports the 445 nVidia nForce MCP Networking Adapter, has been added.</para> 446 447 <para>The &man.re.4; driver now supports the &man.altq.4; 448 framework. &merged;</para> 449 450 <para>The &man.sf.4; driver now has support for device polling 451 and &man.altq.4;. &merged;</para> 452 453 <para>Several programming errors in the &man.sk.4; driver have 454 been corrected. These bugs were particular to SMP systems, and 455 could cause panics, page faults, aborted SSH connections, or 456 corrupted file transfers. More details can be found in 457 errata note 458 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:02.sk.asc">FreeBSD-EN-05:02.sk</ulink>. 459 &merged;</para> 460 461 <para>The &man.sk.4; driver now has support for &man.altq.4;. 462 This driver also now supports jumbo frames on Yukon-based 463 interfaces. &merged;</para> 464 465 <para>The &man.vge.4; driver now has support for device polling 466 (&man.polling.4;).</para> 467 468 <para>Support for 802.11 devices in the &man.wlan.4; framework has been 469 greatly overhauled. In addition to architectural changes, 470 it includes completed 802.11g, WPA, 802.11i, 802.1x, 471 WME/WMM, AP-side power-saving, and plugin frameworks for 472 cryptography modules, authenticators, and access control. 473 Note in particular that WEP now requires the 474 <filename>wlan_wep</filename> module to be loaded (or 475 compiled) into the kernel.</para> 476 477 <para>The &man.xl.4; driver now supports 478 &man.polling.4;.</para> 479 480 </sect4> 481 </sect3> 482 483 <sect3 id="net-proto"> 484 <title>Network Protocols</title> 485 486 <para>The MTU feedback in IPv6 has been disabled when the sender writes 487 data that must be fragmented. &merged;</para> 488 489 <para>The Common Address Redundancy Protocol (CARP) has 490 been implemented. CARP comes from OpenBSD and allows 491 multiple hosts to share an IP address, providing 492 high availability and load balancing. 493 For more information, see the &man.carp.4; manual page. &merged;</para> 494 495 <para>The &man.ipfw.4; <literal>IPDIVERT</literal> option is now 496 available as a kernel loadable module. 497 If this module is not loaded, &man.ipfw.4; will refuse to 498 install <literal>divert</literal> rules and &man.natd.8; 499 will return the error message <quote>protocol not supported</quote>.</para> 500 501 <para>The &man.ipfw.4; system can work with 502 <varname>debug.mpsafenet</varname>=<literal>1</literal> 503 (this tunable is <literal>1</literal> by default) 504 when the <literal>gid</literal>, <literal>jail</literal>, 505 and/or <literal>uid</literal> rule options are used. &merged;</para> 506 507 <para>The &man.ipfw.4; and &man.dummynet.4; system now 508 support IPv6.</para> 509 510 <para>&man.ipfw.8; now supports classification and tagging 511 of &man.altq.4; packets via a divert socket, 512 as well as the TCP data length.</para> 513 514 <para>The &man.ipfw.8; <literal>ipfw fwd</literal> rule now supports 515 the full packet destination manipulation when the kernel option 516 <literal>options IPFIREWALL_FORWARD_EXTENDED</literal> is specified 517 in addition to <literal>options IPFIRWALL_FORWARD</literal>. 518 This kernel option disables all restrictions to ensure proper 519 behavior for locally generated packets and allows redirection of 520 packets destined to locally configured IP addresses. 521 Note that &man.ipfw.8; rules have to be carefully crafted to 522 make sure that things like PMTU discovery do not break. &merged;</para> 523 524 <para>&man.ipnat.8; now allows redirect rules to 525 work for non-TCP/UDP packets. &merged;</para> 526 527 <para>Ongoing work is reducing the use of the Giant lock by the 528 network protocol stack and improving the locking 529 strategies.</para> 530 531 <para>A new &man.ng.ipfw.4; NetGraph node provides 532 a simple interface between the &man.ipfw.4; and &man.netgraph.4; 533 facilities.</para> 534 535 <para>A new &man.ng.netflow.4; NetGraph node allows a router 536 running &os; to do NetFlow version 5 exports. &merged;</para> 537 538 <para>The &man.sppp.4; driver now includes Frame Relay 539 support. &merged;</para> 540 541 <para>The &man.sppp.4; driver is now MPSAFE.</para> 542 543 <para>The new sysctl <varname>net.link.tap.user_open</varname> 544 has been implemented. This allows unprivileged access to 545 &man.tap.4; device nodes based on the file system permission.</para> 546 547 <para>A bug in TCP that sometimes caused RST packets to 548 be ignored if the receive window was zero bytes has been 549 fixed. &merged;</para> 550 551 <para>The <literal>RST</literal> 552 handling of the &os; TCP stack has been improved 553 to make reset attacks as difficult as possible while 554 maintaining compatibility with the widest range of TCP stacks. 555 The algorithm is as follows: For connections in the 556 <literal>ESTABLISHED</literal> 557 state, only resets with sequence numbers exactly matching 558 <varname>last_ack_sent</varname> will cause a reset; 559 all other segments will 560 be silently dropped. For connections in all other states, 561 a reset anywhere in the window will cause the connection 562 to be reset. All other segments will be silently dropped. 563 Note that this behavior technically violates the RFC 793 specification; 564 the conventional (but less secure) behavior can be restored 565 by setting a new sysctl <varname>net.inet.tcp.insecure_rst</varname> 566 to <literal>1</literal>. &merged;</para> 567 568 <para>Several bugs in the TCP SACK implementation have been 569 fixed. &merged;</para> 570 571 <para>RFC 1644 T/TCP support has been removed. This is because 572 the design is based on a weak security model that can easily 573 permit denial-of-service attacks. This TCP 574 extension has been considered a defective one in 575 a recent Internet Draft.</para> 576 577 <para>The KAME IPv4 IPsec implementation integrated 578 in &os; now supports TCP-MD5. &merged;</para> 579 580 <para>Random ephemeral port number allocation has led to some 581 problems with port reuse at high connection rates. This 582 feature is now disabled during periods of high connection 583 rates; whenever new connections are created faster than 584 <varname>net.inet.ip.portrange.randomcps</varname> per second, 585 port number randomization is disabled for the next 586 <varname>net.inet.ip.portrange.randomtime</varname> 587 seconds. The default values for these two sysctl variables 588 are <literal>10</literal> and <literal>45</literal>, 589 respectively. &merged;</para> 590 591 <para>Fine-grained locking has been applied to many of the data 592 structures in the IPX/SPX protocol stack. While not fully 593 MPSAFE at this point, it is generally safe to use IPX/SPX 594 without the Giant lock (in other words, the 595 <varname>debug.mpsafenet</varname> sysctl variable may be set 596 to <literal>1</literal>).</para> 597 598 <para>The Unix domain socket now supports 599 <literal>LOCAL_CREDS</literal> and 600 <literal>LOCAL_CONNWAIT</literal>. 601 The <literal>LOCAL_CREDS</literal> option provides 602 a mechanism for the receiver to receive the credentials 603 of the process as a &man.recvmsg.2; control message. 604 The <literal>LOCAL_CONNWAIT</literal> 605 option causes the &man.connect.2; function to block 606 until &man.accept.2; has been called on the listening socket. 607 For more details, see &man.unix.4; manual page.</para> 608 </sect3> 609 610 <sect3 id="disks"> 611 <title>Disks and Storage</title> 612 613 <para>The &man.amr.4; driver is now safe for use on systems 614 using &man.pae.4;. &merged;</para> 615 616 <para arch="i386,ia64">The &man.arcmsr.4; driver has been added. 617 It supports the Areca ARC-11<replaceable>xx</replaceable> and 618 ARC-12<replaceable>xx</replaceable> series of SATA RAID 619 controllers. &merged;</para> 620 621 <para>The SHSEC GEOM class has been added. It provides for the 622 sharing of a secret between multiple GEOM providers. All of 623 these providers must be present in order to reveal the 624 secret. This feature is controlled by the &man.gshsec.8; 625 utility. &merged;</para> 626 627 <para>The &man.hptmv.4; driver, which supports the HighPoint 628 RocketRAID 182x series, has been added. &merged;</para> 629 630 <para>The &man.ips.4; driver now support kernel crash dumps 631 on some modern ServeRAID models. &merged;</para> 632 633 <para>The &man.matcd.4; driver has been removed. &merged;</para> 634 635 <para>The default SCSI boot-time probe delay in the 636 <filename>GENERIC</filename> kernel has been reduced from 637 fifteen seconds to five seconds.</para> 638 639 <para>The old vinum(4) subsystem has been removed 640 in favor of the new &man.geom.4;-based version.</para> 641 642 <para>The &man.twa.4; driver has been updated to 643 the 9.2 release (for &os; 5.2.1) distributed from 644 the 3ware website.</para> 645 646 <para arch="pc98">The &man.wd.4; driver has been removed. The 647 &man.ata.4; driver has been found to work well enough on the 648 pc98 platform that there is no need for the older &man.wd.4; 649 driver.</para> 650 651 <para>Information about newly-mounted cd9660 file systems (such 652 as the presence of RockRidge extensions) is now only printed 653 if the kernel was booted in verbose mode. This change was 654 made to reduce the amount of (generally unnecessary) kernel 655 log messages. &merged;</para> 656 657 </sect3> 658 659 <sect3 id="fs"> 660 <title>File Systems</title> 661 662 <para>Recomputing the summary information for 663 <quote>dirty</quote> UFS and UFS2 file systems is no longer 664 done at mount time, but is now done by background 665 &man.fsck.8;. This change improves the startup speed when 666 mounting large file systems after a crash. The prior behavior 667 can be restored by setting the 668 <varname>vfs.ffs.compute_summary_at_mount</varname> sysctl 669 variable to a non-zero value. &merged;</para> 670 671 <para>A kernel panic in the NFS server has been fixed. More 672 details can be found in errata note 673 <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:01.nfs.asc">FreeBSD-EN-05:01.nfs</ulink>. 674 &merged;</para> 675 676 </sect3> 677 678 <sect3> 679 <title>Contributed Software</title> 680 681 <para><application>ACPI-CA</application> has been updated from 682 20040527 to 20041119. &merged;</para> 683 684 </sect3> 685 </sect2> 686 687 <sect2 id="userland"> 688 <title>Userland Changes</title> 689 690 <para>The &man.burncd.8; utility now allows commands (such as 691 <command>eject</command>) to take place after fixating a 692 disk.</para> 693 694 <para arch="amd64">The machine-specific optimized version of 695 &man.bcmp.3;, &man.bcopy.3;, &man.bzero.3;, &man.memcmp.3;, 696 &man.memcpy.3;, &man.memmove.3;, &man.memset.3;, &man.strcat.3; 697 and &man.strcpy.3; have been implemented.</para> 698 699 <para>The &man.ftpd.8; program now uses the <literal>212</literal> 700 and <literal>213</literal> status codes for directory 701 and file status correctly (<literal>211</literal> was used in 702 the previous versions). This behavior is described in RFC 959. 703 &merged;</para> 704 705 <para>The <literal>create</literal> command of the &man.gpt.8; 706 utility now supports a <option>-f</option> command-line flag to 707 force creation of a GPT even when there is an MBR record on a 708 disk. &merged;</para> 709 710 <para>The &man.getaddrinfo.3; function now queries <literal>A</literal> 711 DNS resource records before <literal>AAAA</literal> records 712 when <literal>AF_UNSPEC</literal> is specified. 713 Some broken DNS servers return <literal>NXDOMAIN</literal> 714 against non-existent <literal>AAAA</literal> queries, 715 even when it should return <literal>NOERROR</literal> 716 with empty return records. This is a problem for an IPv4/IPv6 dual 717 stack node because the <literal>NXDOMAIN</literal> returned 718 by the first query of an <literal>AAAA</literal> record makes 719 the querying server stop attempting to resolve the <literal>A</literal> 720 record if any. Also, this behavior has been recognized as a potential 721 denial-of-service attack (see <ulink url="http://www.kb.cert.org/vuls/id/714121"></ulink> 722 for more details). 723 Note that although the query order has been changed, 724 the returned result still includes 725 <literal>AF_INET6</literal> records before 726 <literal>AF_INET</literal> records. &merged;</para> 727 728 <para>The &man.getservent.3;, &man.getservbyname.3;, and 729 &man.getservbyport.3; functions are now MPSAFE.</para> 730 731 <para>The gvinum(8) utility now supports 732 <command>checkparity</command>, 733 <command>rebuildparity</command>, and 734 <command>setstate</command> 735 subcommands. &merged;</para> 736 737 <para>The &man.ifconfig.8; utility has been restructured. It is 738 now more modular and flexible with respect to supporting 739 interface-specific functionality. The 802.11 support has been 740 updated to support recent changes to the 802.11 subsystem and 741 drivers.</para> 742 743 <para>Support for abbreviated forms of a number of &man.ipfw.8; 744 options has been deprecated. Warnings are printed to stderr 745 indicating the correct full form when one of these abbreviations 746 is detected.</para> 747 748 <para>The on-disk format of <literal>LC_CTYPE</literal> files has 749 been changed to be machine-independent.</para> 750 751 <para>The &man.mixer.8; utility now supports <option>-S</option> 752 option. This is the same as the <option>-s</option> option 753 but does not output mixing field separators.</para> 754 755 <para>A bug in the <filename>libalias</filename> library 756 which causes a core dump when the <option>-reverse</option> 757 option is specified in &man.natd.8; has been fixed.</para> 758 759 <para>The <filename>libarchive</filename> library (as well as the 760 &man.tar.1; command that uses it) now has support for reading ISO 761 images (with optional RockRidge extensions) and ZIP archives 762 (with <literal>deflate</literal> and <literal>none</literal> 763 compression). &merged;</para> 764 765 <para>The <filename>libarchive</filename> library now supports 766 handling a ZIP archive entry with more than 4GB compressed size (ZIP64 767 extension) and Unix extension.</para> 768 769 <para>The <filename>libgpib</filename> library has been added to 770 give userland access to GPIB devices (using the the pcii driver) 771 via the 772 <function>ib<replaceable>foo</replaceable></function> 773 API. &merged;</para> 774 775 <para>The default stack sizes in <filename>libpthread</filename>, 776 <filename>libthr</filename>, 777 and <filename>libc_r</filename> have been increased. On 32-bit 778 platforms, the main thread receives a 2MB stack size by default, 779 with other threads receiving a 1MB stack size by default. On 780 64-bit platforms, the default stack sizes are 4MB and 2MB 781 respectively.</para> 782 783 <para>The <filename>libxpg4</filename> library has been removed 784 because all of its functionality was long ago merged into 785 <filename>libc</filename>. 786 All binaries linked with <filename>libxpg4</filename> 787 must be recompiled or use &man.libmap.conf.5;. 788 Note that the &os; base system has no such binaries.</para> 789 790 <para>The &man.lpd.8; program now checks to make sure the data 791 file has been completely transfered before starting to 792 print it when a data file received from some other host. 793 Some implementations of &man.lpr.1; send the control file 794 for a print job before sending the matching data files, 795 which can cause problems if the receiving host is 796 a busy print-server. &merged;</para> 797 798 <para>A number of new functions have been implemented in the 799 &man.math.3; library. These include &man.ceill.3;, 800 &man.floorl.3;, &man.ilogbl.3;, &man.fma.3; and variants, 801 &man.lrint.3; and variants, and &man.lround.3; and 802 variants. &merged;</para> 803 804 <para>The &man.mknod.8; utility is now deprecated. 805 Device nodes have been managed by the &man.devfs.5; device file 806 system since &os; 5.0.</para> 807 808 <para arch="i386">The &man.mkuzip.8; utility, which 809 compresses file system images for use with 810 <literal>GEOM_UZIP</literal> &man.geom.4; module, 811 has been added. &merged;</para> 812 813 <para>The &man.moused.8; daemon now supports <quote>virtual 814 scrolling</quote>, in which mouse motions made while holding 815 down the middle mouse button are interpreted as scrolling. This 816 feature is enabled with the <option>-V</option> 817 flag. &merged;</para> 818 819 <para>A separate directory has been added for &man.named.8; 820 dynamic zones which is owned by the <username>bind</username> user 821 (for creation of the zone journal file). 822 For more detail, see an example dynamic zone in the sample 823 &man.named.conf.5;. &merged;</para> 824 825 <para>The &man.ncal.1; utility now supports a <option>-m</option> 826 flag to generate a calendar for a specified month in the current 827 year. &merged;</para> 828 829 <para>The &man.newfs.8; utility now supports a <option>-n</option> 830 flag to suppress the creation of a <filename>.snap</filename> 831 directory on new file systems. This feature is intended for use 832 on memory or vnode file systems that will not require snapshot 833 support. &merged;</para> 834 835 <para>The &man.newfs.8; utility now emits a warning when creating 836 a UFS or UFS2 file system that cannot support snapshots. This 837 situation can occur in the case of very large file systems with 838 small block sizes. &merged;</para> 839 840 <para>The &man.newsyslog.8; utility now supports 841 a <option>-d</option> option to specify an alternate root for log files 842 similar to <varname>DESTDIR</varname> in the BSD make process. 843 This only affects log file paths, not configuration file (<option>-f</option>) 844 or archive directory (<option>-a</option>) paths.</para> 845 846 <para>The &man.newsyslog.8; utility now supports a 847 <option>-N</option> that causes it not to rotate any files.</para> 848 849 <para>The <literal>NO_NIS</literal> compile-time knob for userland 850 has been added. As its name implies, enabling this 851 <filename>Makefile</filename> variable will cause NIS support to 852 be excluded from various programs and will cause the NIS 853 utilities to not be built. &merged;</para> 854 855 <para>For years, &os; has used <filename>Makefile</filename> 856 variables of the form 857 <varname>NO<replaceable>FOO</replaceable></varname> and 858 <varname>NO_<replaceable>FOO</replaceable></varname>. For 859 consistency, those variables using the former naming convention 860 have been converted to the 861 <varname>NO_<replaceable>FOO</replaceable></varname> form. The 862 file <filename>/usr/share/mk/bsd.compat.mk</filename> has a 863 complete list of these variables; it also implements some 864 temporary backward compatibility for the old names.</para> 865 866 <para>The &man.periodic.8; security output now supports the display of 867 information about blocked packet counts from &man.pf.4;. &merged;</para> 868 869 <para>The &man.pgrep.1; now supports an <option>-S</option> option 870 which allows to match system processes (kernel threads).</para> 871 872 <para>The &man.pgrep.1; and &man.pkill.1; now support an 873 <option>-F</option> option which allows to use file where PID is stored 874 for matching.</para> 875 876 <para>The &man.pgrep.1; and &man.pkill.1; now support an 877 <option>-i</option> option to ignore case in the process match.</para> 878 879 <para>The &man.pgrep.1; and &man.pkill.1; now support an 880 <option>-j</option> option which allows to match processes 881 based on its &man.jail.2; ID.</para> 882 883 <para>The &man.pgrep.1; and &man.pkill.1; now support an 884 <option>-o</option> option which allows to match oldest 885 (least recently started) of the matching processes.</para> 886 887 <para>The &man.powerd.8; program for managing power consumption has been 888 added.</para> 889 890 <para>The &man.ppp.8; program now implements an 891 <option>echo</option> parameter, which allows LCP ECHOs to be 892 enabled independently of LQR reports. Older versions of 893 &man.ppp.8; would revert to LCP ECHO mode on negotiation 894 failure. It is now necessary to specify <command>enable 895 echo</command> to get this behavior. &merged;</para> 896 897 <para>The <option>disable NAS-IP-Address</option> and 898 <option>disable NAS-Identifier</option> options, 899 which support pre-RFC 2865 RADIUS servers 900 have been added to the &man.ppp.8; program.</para> 901 902 <para>Two bugs in the &man.pppd.8; program have been fixed. 903 They may result in an incorrect CBCP response, 904 which violates the Microsoft PPP Callback Control Protocol 905 section 3.2. &merged;</para> 906 907 <para>The &man.ps.1; now supports a <literal>jid</literal> 908 keyword in the <option>-o</option> option. It displays 909 &man.jail.2; ID of each process.</para> 910 911 <para>The &man.pstat.8; now supports a <option>-h</option> option 912 to print swap sizes with SI prefixes such as K, M, and G, 913 which are used to form binary multiples.</para> 914 915 <para>The &man.rescue.8; utilities in the <filename>/rescue</filename> 916 directory now include &man.bsdtar.1; instead of GNU tar.</para> 917 918 <para>The &man.restore.8; utility has regained the ability to read 919 &os; version 1 dump tapes.</para> 920 921 <para>A bug of the &man.rexecd.8; utility which results in 922 it behaving as if the <option>-i</option> option is always 923 specified has been fixed. &merged;</para> 924 925 <para>The &man.rm.1; utility now supports an <option>-I</option> 926 option that asks for confirmation (once) if recursively 927 removing directories or if more than 3 files are listed in the 928 command line. &merged;</para> 929 930 <para>The &man.rm.1; utility now suppresses diagnostic messages 931 when it attempts to remove a non-existent directory 932 with the <option>-r</option> and <option>-f</option> options 933 specified. This behavior is required by 934 Version 3 of the Single UNIX Specification (SUSv3).</para> 935 936 <para>The following ISO/IEC 9899:1999 standard functions 937 have been implemented: <function>roundl()</function>, 938 <function>lroundl()</function>, <function>llroundl()</function>, 939 <function>truncl()</function>, and <function>floorl()</function>.</para> 940 941 <para>An &man.rpmatch.3; library function has been added to check 942 a string for being an affirmative or negative response in the 943 current locale.</para> 944 945 <para>The &man.rtld.1; dynamic linker now supports specifying 946 library replacements via the <varname>LD_LIBMAP</varname> 947 environment variable. This variable will override the entries 948 in &man.libmap.conf.5;. &merged;</para> 949 950 <para>The rune(3) non-standard multibyte and wide character support 951 interface has been removed.</para> 952 953 <para>The &man.strftime.3; function now supports some GNU extensions 954 such as <literal>-</literal> (no padding), 955 <literal>_</literal> (use space as padding), 956 and <literal>0</literal> (zero padding). &merged;</para> 957 958 <para>The &man.syslog.3; function is now thread-safe. &merged;</para> 959 960 <para>The &man.syslogd.8; utility now opens an additional domain 961 socket (<filename>/var/run/logpriv</filename> by default), 962 with <literal>0600</literal> permissions to be used 963 by privileged programs. This prevents privileged 964 programs from locking when the domain sockets 965 run out of buffer space due to a 966 local denial-of-service attack. &merged;</para> 967 968 <para>The &man.syslogd.8; now supports <option>-S</option> option 969 which allows to change the pathname of the privileged 970 socket. This is useful when you do not want the daemon 971 to receive any messages from the local sockets 972 (<filename>/var/run/log</filename> and 973 <filename>/var/run/logpriv</filename> are used by default). 974 &merged;</para> 975 976 <para>The &man.syslogd.8; utility now allows 977 <literal>:</literal> and <literal>%</literal> 978 characters in the hostname specifications. 979 These characters are used in IPv6 addresses and scope IDs.</para> 980 981 <para>The &man.systat.1; <option>-netstat</option> display is now 982 IPv6-aware. &merged;</para> 983 984 <para>The <option>-f</option> option of &man.tail.1; utility 985 now supports more than one file at a time. &merged;</para> 986 987 <para>The &man.telnet.1; and &man.telnetd.8; programs now support 988 the <option>-S</option> option for specifying a numeric TOS 989 byte.</para> 990 991 <para>Prepending a <literal>+</literal> character to port numbers 992 passed to &man.telnet.1; program will now disable option 993 negotiation and allow the transfer of characters with the high 994 bit set. This feature is intended to support the fairly common 995 use of &man.telnet.1; as a protocol tester.</para> 996 997 <para>The &man.tcpdrop.8; command, which closes a selected TCP 998 connection, has been added. It was obtained from 999 OpenBSD. &merged;</para> 1000 1001 <para>&man.whois.1; now supports 1002 a <option>-k</option> flag 1003 for querying <hostid role="fqdn">whois.krnic.net</hostid> 1004 (the National Internet Development Agency of Korea), 1005 which holds details of IP address allocations within 1006 Korea. &merged;</para> 1007 1008 <para>The <option>-I</option> option of the &man.xargs.1; command 1009 has been changed to conform to IEEE Std 1003.1-2004. 1010 The standard requires that the constructed 1011 arguments cannot grow larger than 255 bytes.</para> 1012 1013 <para>A bug, which caused the last line of configuration files such as &man.hosts.5;, 1014 &man.services.5;, and so on to be ignored if it did not end in a newline character, 1015 has been fixed. &merged;</para> 1016 1017 <sect3 id="rc-scripts"> 1018 <title><filename>/etc/rc.d</filename> Scripts</title> 1019 1020 <para>The <filename>rc.d/bsnmpd</filename> startup script 1021 for &man.bsnmpd.1; has been added.</para> 1022 1023 <para>&man.rc.conf.5; now supports changes of network interface names 1024 at boot time. &merged; For example:</para> 1025 1026 <programlisting>ifconfig_fxp0_name="net0" 1027ifconfig_net0="inet 10.0.0.1/16"</programlisting> 1028 1029 <para>The <filename>rc.d/moused</filename> script now 1030 starts/stops/checks a specific device when 1031 the device name is given as the second argument to the script:</para> 1032 1033 <screen>&prompt.root; /etc/rc.d/moused start ums0</screen> 1034 1035 <para>To use different &man.rc.conf.5; knobs with different 1036 mice, use the device name as part of the knob. 1037 For example, if the mouse device is <filename>/dev/ums0</filename> 1038 the following lines can be used:</para> 1039 1040 <programlisting>moused_ums0_enable=yes 1041moused_ums0_flags="-z 4" 1042moused_ums0_port="/dev/ums0"</programlisting> 1043 1044 <para>&man.rc.conf.5; now supports the <varname>tmpmfs_flags</varname> 1045 and <varname>varmfs_flags</varname> variables. 1046 These can be used to pass extra options to the &man.mdmfs.8; utility, 1047 to customize the finer details of the &man.md.4; file system creation, 1048 such as to turn on/off softupdates, to specify a default owner 1049 for the file system, and so on. &merged;</para> 1050 1051 </sect3> 1052 </sect2> 1053 1054 <sect2 id="contrib"> 1055 <title>Contributed Software</title> 1056 1057 <para><application>BIND</application> has been updated from version 1058 9.3.0 to version 9.3.1. &merged;</para> 1059 1060 <para><application>FILE</application> has been updated from 4.10 1061 to 4.12.</para> 1062 1063 <para><application>GNU readline</application> has been updated from 1064 version 4.3 to version 5.0.</para> 1065 1066 <para><application>Heimdal</application> has been updated from 1067 0.6.1 to 0.6.3. &merged;</para> 1068 1069 <para><application>lukemftp</application> has been updated from a 1070 26 April 2004 snapshot from OpenBSD's sources to a snapshot as 1071 of 19 February 2005.</para> 1072 1073 <para>A snapshot of <application>netcat</application> from OpenBSD 1074 as of 4 February 2005 has been added. More information can be 1075 found in the &man.nc.1; manual page. &merged;</para> 1076 1077 <para><application>OpenPAM</application> has been updated from the 1078 Eelgrass release to the Feterita release.</para> 1079 1080 <para><application>OpenSSH</application> has been updated from 3.8p1 1081 to 3.9p1.</para> 1082 1083 <para><application>OpenSSL</application> has been updated from 1084 0.9.7d to 0.9.7e. &merged;</para> 1085 1086 <para><application>sendmail</application> has been updated from 1087 version 8.13.1 to version 8.13.3. &merged;</para> 1088 1089 <para>The timezone database has been updated from the 1090 <application>tzdata2004e</application> release to the 1091 <application>tzdata2004g</application> release. &merged;</para> 1092 1093 </sect2> 1094 1095 <sect2 id="ports"> 1096 <title>Ports/Packages Collection Infrastructure</title> 1097 1098 <para>The &man.pkg.version.1; utility now supports a 1099 <option>-q</option> flag to suppress the output of the port 1100 version comparison characters <literal><</literal>, 1101 <literal>=</literal>, and <literal>></literal>.</para> 1102 1103 <para>The 1104 <filename>ports/INDEX<replaceable>*</replaceable></filename> 1105 files, which kept an index of all of the entries in the ports 1106 collection, have been removed from the CVS repository. &merged; 1107 These files were generated only infrequently, and therefore were 1108 usually out-of-date and inaccurate. Users requiring an index 1109 file (such as for use by programs such as &man.portupgrade.1;) 1110 have two alternatives for obtaining a copy:</para> 1111 1112 <itemizedlist> 1113 <listitem> 1114 <para>Build an index file based on the current ports tree by 1115 running <command>make index</command> from the top of the 1116 <filename>ports/</filename> tree.</para> 1117 </listitem> 1118 1119 <listitem> 1120 <para>Fetch an index file over the network by running 1121 <command>make fetchindex</command> from the top of the 1122 <filename>ports/</filename> tree. This index file will 1123 (typically) be accurate to within a day.</para> 1124 </listitem> 1125 </itemizedlist> 1126 1127 </sect2> 1128 1129 <sect2 id="releng"> 1130 <title>Release Engineering and Integration</title> 1131 1132 <para>In prior &os; releases, the <filename>disc1</filename> 1133 CD-ROM (or ISO image) was a bootable installation disk 1134 containing the base system, ports tree, and common packages. 1135 The <filename>disc2</filename> CD-ROM (or ISO image) was a 1136 bootable <quote>fix it</quote> disk with a live filesystem, to 1137 be used for making emergency repairs. This layout has now 1138 changed. For all architectures except ia64, the 1139 <filename>disc1</filename> image now contains the base system 1140 distribution files, ports tree, and the live filesystem, making 1141 it suitable for both an initial installation and repair 1142 purposes. (On the ia64, the live filesystem is on a separate 1143 disk due to its size.) Packages appear on separate 1144 disks; in particular, the <filename>disc2</filename> image 1145 contains commonly packages such as desktop environments. 1146 Documents from the &os; Documentation Project also appear on 1147 <filename>disc2</filename>. &merged;</para> 1148 1149 <para>The supported version of the 1150 <application>GNOME</application> desktop environment has been 1151 updated from 2.6.2 to 2.10. More information about 1152 running <application>GNOME</application> on &os; can be found on 1153 the <ulink url="&url.base;/gnome/">FreeBSD GNOME Project</ulink> 1154 Web page. &merged; 1155 1156 <note> 1157 <para>Users of older versions of the 1158 <application>GNOME</application> desktop 1159 (<filename role="package">x11/gnome2</filename>) 1160 must take particular care in upgrading. Simply upgrading it 1161 from the &os; Ports Collection with &man.portupgrade.1; 1162 (<filename role="package">sysutils/portupgrade</filename>) 1163 will cause serious problems. 1164 <application>GNOME</application> desktop users should read 1165 the instructions carefully at 1166 <ulink url="&url.base;/gnome/docs/faq210.html"></ulink> 1167 and use the 1168 <ulink url="&url.base;/gnome/gnome_upgrade.sh"><filename>gnome_upgrade.sh</filename></ulink> 1169 script to properly upgrade to 1170 <application>GNOME</application> 2.10.</para> 1171 </note> 1172 </para> 1173 1174 <para>The supported version of the <application>KDE</application> 1175 desktop environment has been updated from 3.3.0 to 1176 3.4.0. More information regarding running 1177 <application>KDE</application> on &os; can be found on the 1178 <ulink url="http://freebsd.kde.org/">KDE on FreeBSD</ulink> Web 1179 page. &merged; 1180 1181 <note> 1182 <para>Users of older versions of 1183 <application>KDE</application> should follow the upgrading 1184 procedure documented on the 1185 <ulink url="http://freebsd.kde.org/">KDE on FreeBSD</ulink> Web 1186 page or in <filename>ports/UPDATING</filename>.</para> 1187 </note> 1188 </para> 1189 1190 <para>The supported version of <application>Xorg</application> has 1191 been updated from 6.7.0 to 6.8.2. &merged;</para> 1192 1193 </sect2> 1194 1195 <sect2 id="doc"> 1196 <title>Documentation</title> 1197 1198 <para>The &man.sched.4bsd.4; and &man.sched.ule.4; manual pages 1199 have been added. These explain the kernel options SCHED_4BSD 1200 and SCHED_ULE and some sysctls applicable.</para> 1201 1202 <para>The &man.ataraid.4; manual page 1203 have been added. This explain the &man.ata.4; software 1204 RAID driver.</para> 1205 1206 <para>Manual pages in the base system have received a number of 1207 cleanups, both for content and presentation. Cross-references 1208 are more correct and consistent, standard section headings are 1209 now used throughout, and markup has been cleaned up.</para> 1210 1211 <para>The following manual pages, which were derived from RFCs 1212 and possibly violate the IETF's copyrights, have been replaced: 1213 &man.gai.strerror.3;, 1214 &man.getaddrinfo.3;, 1215 &man.getnameinfo.3;, 1216 &man.inet6.opt.init.3;, 1217 &man.inet6.option.space.3;, 1218 &man.inet6.rth.space.3;, 1219 &man.inet6.rthdr.space.3;, 1220 &man.icmp6.4;, and 1221 &man.ip6.4;. &merged;</para> 1222 1223 </sect2> 1224</sect1> 1225 1226<sect1 id="upgrade"> 1227 <title>Upgrading from previous releases of &os;</title> 1228 1229 <para>Source upgrades to &os; &release.current; are only supported 1230 from &os; 5.3-RELEASE or later. Users of older systems wanting to 1231 upgrade &release.current; will need to update to &os; 5.3 or newer 1232 first, then to &os; &release.current;.</para> 1233 1234 <important> 1235 <para>Upgrading &os; should, of course, only be attempted after 1236 backing up <emphasis>all</emphasis> data and configuration 1237 files.</para> 1238 </important> 1239</sect1> 1240