xref: /freebsd-11.0-release/release/doc/en_US.ISO8859-1/relnotes/article.xml

<articleinfo>
  <title>&os;/&arch; &release.current; Release Notes</title>

  <corpauthor>The &os; Project</corpauthor>

  <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 147312 2005-06-12 08:55:59Z hrs $</pubdate>

  <copyright>
    <year>2000</year>
    <year>2001</year>
    <year>2002</year>
    <year>2003</year>
    <year>2004</year>
    <year>2005</year>
    <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
  </copyright>

  <legalnotice id="trademarks" role="trademarks">
    &tm-attrib.freebsd;
    &tm-attrib.ibm;
    &tm-attrib.ieee;
    &tm-attrib.intel;
    &tm-attrib.sparc;
    &tm-attrib.general;
  </legalnotice>

  <abstract>
    <para>The release notes for &os; &release.current; contain a summary
      of the changes made to the &os; base system since &release.branch; is created.
      This document lists applicable security advisories that were issued since
      the last release, as well as significant changes to the &os;
      kernel and userland.
      Some brief remarks on upgrading are also presented.</para>
  </abstract>
</articleinfo>

<sect1 id="intro">
  <title>Introduction</title>

  <para>This document contains the release notes for &os;
    &release.current; on the &arch.print; hardware platform.  It
    describes recently added, changed, or deleted features of &os;.
    It also provides some notes on upgrading
    from previous versions of &os;.</para>

<![ %release.type.current [

  <para>The &release.type; distribution to which these release notes
    apply represents the latest point along the &release.branch; development
    branch since &release.branch; was created.  Information regarding pre-built, binary
    &release.type; distributions along this branch
    can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.snapshot [

  <para>The &release.type; distribution to which these release notes
    apply represents a point along the &release.branch; development
    branch between &release.prev; and the future &release.next;.
    Information regarding
    pre-built, binary &release.type; distributions along this branch
    can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.release [

  <para>This distribution of &os; &release.current; is a
    &release.type; distribution.  It can be found at <ulink
    url="&release.url;"></ulink> or any of its mirrors.  More
    information on obtaining this (or other) &release.type;
    distributions of &os; can be found in the <ulink
    url="&url.books.handbook;/mirrors.html"><quote>Obtaining
    &os;</quote> appendix</ulink> to the <ulink
    url="&url.books.handbook;/">&os;
    Handbook</ulink>.</para>

]]>

  <para>All users are encouraged to consult the release errata before
    installing &os;.  The errata document is updated with
    <quote>late-breaking</quote> information discovered late in the
    release cycle or after the release.  Typically, it contains
    information on known bugs, security advisories, and corrections to
    documentation.  An up-to-date copy of the errata for &os;
    &release.current; can be found on the &os; Web site.</para>

</sect1>

<sect1 id="new">
  <title>What's New</title>

  <para>This section describes
    the most user-visible new or changed features in &os;
    since &release.prev;.
    In general, changes described here are unique to the &release.branch;
    branch unless specifically marked as &merged; features.
  </para>

  <para>Typical release note items
    document recent security advisories issued after
    &release.prev.historic;,
    new drivers or hardware support, new commands or options,
    major bug fixes, or contributed software upgrades.  They may also
    list changes to major ports/packages or release engineering
    practices.  Clearly the release notes cannot list every single
    change made to &os; between releases; this document focuses
    primarily on security advisories, user-visible changes, and major
    architectural improvements.</para>

  <sect2 id="security">
    <title>Security Advisories</title>

    <para>A bug in the &man.fetch.1; utility, which allows
      a malicious HTTP server to cause arbitrary portions of the client's
      memory to be overwritten, has been fixed.
      For more information, see security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:16.fetch.asc">FreeBSD-SA-04:16.fetch</ulink>.
      &merged;</para>

    <para>A bug in &man.procfs.5; and &man.linprocfs.5;
      which could allow a malicious local user to read parts of kernel
      memory or perform a local
      denial of service attack by causing a system panic,
      has been fixed.
      For more information, see security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc">FreeBSD-SA-04:17.procfs</ulink>.
      &merged;</para>

    <para>Two buffer overflows in the TELNET client program have been
      corrected.  They could have allowed a malicious TELNET server or
      an active network attacker to cause &man.telnet.1; to execute
      arbitrary code with the privileges of the user running it.
      More information can be found in security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc">FreeBSD-SA-05:01.telnet</ulink>.
      &merged;</para>

    <para>A information disclosure vulnerability in the
      &man.sendfile.2; system call, which could permit it to transmit
      random parts of kernel memory, has been fixed.  More details are
      in security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc">FreeBSD-SA-05:02.sendfile</ulink>.
      &merged;</para>

    <para arch="amd64">A possible privilege escalation vulnerability on &os;/amd64
      has been fixed.  This allows unprivileged users to gain direct
      access to some hardware which cannot be accessed
      without the elevated privilege level.  More details are in security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc">FreeBSD-SA-05:03.amd64</ulink>.
      &merged;</para>

    <para>An information leak vulnerability in the
      <literal>SIOCGIFCONF</literal> &man.ioctl.2;, which leaked 12
      bytes of kernel memory, has been fixed.  More details are in security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc">FreeBSD-SA-05:04.ifconf</ulink>.
      &merged;</para>

    <para>Several programming errors in &man.cvs.1;, which could
      potentially cause arbitrary code to be executed on CVS servers,
      have been corrected.  Further information can be found in
      security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc">FreeBSD-SA-05:05.cvs</ulink>.
      &merged;</para>

    <para>An error in the default permissions on the <filename
	class="devicefile">/dev/iir</filename> device node, which
      allowed unprivileged local users can send commands to the
      hardware supported by the &man.iir.4; driver, has been fixed.
      For more information, see security advisory
      <ulink url="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc">FreeBSD-SA-05:06.iir</ulink>.
      &merged;</para>

   <para>A bug in the validation of &man.i386.get.ldt.2; system call
     input arguments, which may allow kernel memory may be disclosed
     to the user process, has been fixed.  For more information, see
      security advisory
     <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc">FreeBSD-SA-05:07.ldt</ulink>.
     &merged;</para>

    <para>Several information disclosure vulnerabilities in various
      parts of the kernel have been fixed.  For more information, see
      security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc">FreeBSD-SA-05:08.kmem</ulink>.
      &merged;</para>

    <para arch="i386,amd64">Because of an information disclosure vulnerability on
      processors using Hyper-Threading Technology (HTT), the
      <varname>machdep.hyperthreading_allowed</varname> sysctl
      variable has been added.  It defaults to <literal>1</literal>
      (HTT enabled) on &os; CURRENT, and <literal>0</literal> (HTT
      disabled) on the 4-STABLE and 5-STABLE development branches and
      supported security fix branches.  More information can be found
      in security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc">FreeBSD-SA-05:09.htt</ulink>.
      &merged;</para>

    <para>A bug in the &man.tcpdump.1; utility which allows
      a malicious remote user to cause a denial-of-service
      by using specially crafted packets, has been fixed.
      For more information, see security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:10.tcpdump.asc">FreeBSD-SA-05:10.tcpdump</ulink>.
      &merged;</para>

    <para>Two problems in the &man.gzip.1; utility have been fixed.
      These may allow a local user to modify permissions
      of arbitrary files and overwrite arbitrary local
      files when uncompressing a file.
      For more information, see security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:11.gzip.asc">FreeBSD-SA-05:11.gzip</ulink>.
      &merged;</para>

    <para>A bug in <application>BIND 9</application> DNSSEC has been fixed.
      When DNSSEC is enabled, this bug may allow a remote attacker to inject
      a specially crafted packet which will cause &man.named.8; to terminate.
      For more information, see security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:12.bind9.asc">FreeBSD-SA-05:12.bind9</ulink>.
      &merged;</para>
  </sect2>

  <sect2 id="kernel">
    <title>Kernel Changes</title>

    <para arch="i386">Support for 80386 processors (the
      <literal>I386_CPU</literal> kernel configuration option) has
      been removed.  Users running this class of CPU should use &os;
      5.<replaceable>X</replaceable> or earlier.</para>

    <para>The kernel debugger &man.ddb.4; now supports a
      <command>show alllocks</command> command, which dumps a list of processes
      and threads currently holding sleep mutexes (and spin mutexes for
      the current thread).  &merged;</para>

    <para>The &man.ichsmb.4; driver is now available as a loadable
      kernel module.</para>

    <para>The &man.jail.8; feature now supports a new sysctl
      <varname>security.jail.chflags_allowed</varname>, which controls the
      behavior of &man.chflags.1; within a jail.
      If set to <literal>0</literal> (the default), then a jailed <username>root</username> user is
      treated as an unprivileged user; if set to <literal>1</literal>, then
      a jailed root user is treated the same as an unjailed <username>root</username> user.  &merged;</para>

    <para>A sysctl <varname>security.jail.getfsstatroot_only</varname> has been
      renamed to <varname>security.jail.enforce_statfs</varname> and
      now supports the following policies:</para>

    <informaltable frame="none">
      <tgroup cols="2">
	<thead>
	  <row>
	    <entry>Value</entry>
	    <entry>Policy</entry>
	  </row>
	</thead>

	<tbody>
	  <row>
	    <entry>0</entry>
	    <entry>show all mount-points without any restrictions</entry>
	  </row>

	  <row>
	    <entry>1</entry>
	    <entry>show only mount-points below jail's chroot and show only part of the
	      mount-point's path (if jail's chroot directory is
	      <filename>/jails/foo</filename> and
	      mount-point is
	      <filename>/jails/foo/usr/home</filename>
	      only <filename>/usr/home</filename> will be shown)</entry>
	  </row>

	  <row>
	    <entry>2</entry>
	    <entry>show only mount-point where jail's chroot directory is placed.</entry>
	  </row>
	</tbody>
      </tgroup>
    </informaltable>

    <para arch="alpha,amd64,i386,sparc64">The loader tunable <varname>debug.mpsafevm</varname>
      has been enabled by default.  &merged;</para>

    <para>&man.memguard.9;, a kernel memory allocator designed to help detect
      <quote>tamper-after-free</quote> scenarios, has been added.
      This must be explicitly enabled via <literal>options
      DEBUG_MEMGUARD</literal>, plus small kernel modifications.  It
      is generally intended for use by kernel developers.</para>

    <para><varname>struct ifnet</varname> and network interface API
      have been changed.  Due to ABI incompatibility, all drivers
      not in the &os; base system need to be updated to use
      the new API and recompiled.</para>

    <para>A number of bugs have been fixed in the ULE
      scheduler. &merged;</para>

    <para>Fine-grained locking to allow much of the VFS stack to run
      without the Giant lock has been added.  This is enabled by default
      on the alpha, amd64, and i386 architectures, and can be disabled
      by setting the loader tunable (and sysctl variable)
      <varname>debug.mpsafevfs</varname> to
      <literal>0</literal>.</para>

    <para arch="i386">A bug in Inter-Processor Interrupt (IPI)
      handling, which could cause SMP systems to crash under heavy
      load, has been fixed.  More details are contained in errata note
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:03.ipi.asc">FreeBSD-EN-05:03.ipi</ulink>.
      &merged;</para>

    <para>System V IPC objects (message queues, semaphores, and shared
      memory) now have support for Mandatory Access Control policies,
      notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and
      &man.mac.test.4;.</para>

    <para arch="i386">Memory allocation for legacy PCI bridges has
      been limited to the top 32MB of RAM.  Many older, legacy bridges
      only allow allocation from this range.  This change only applies
      to devices which do not have their memory assigned by the BIOS.
      This change fixes the <quote>bad Vcc</quote> error of CardBus
      bridges (&man.pccbb.4;). &merged;</para>

    <para>The &man.sysctl.3; MIBs beginning with <quote>debug</quote>
      now require the kernel option <literal>options SYSCTL_DEBUG</literal>.
      This option is disabled by default.</para>

    <para>The generic &man.tty.4; driver interface has been added
      and many device drivers including
      &man.cx.4; (<literal>{tty,cua}x</literal>),
      &man.cy.4; (<literal>{tty,cua}c</literal>),
      &man.digi.4; (<literal>{tty,cua}D</literal>),
      &man.rc.4; (<literal>{tty,cua}m</literal>),
      &man.rp.4; (<literal>{tty,cua}R</literal>),
      &man.sab.4; (<literal>{tty,cua}z</literal>),
      &man.si.4; (<literal>{tty,cua}A</literal>),
      &man.sio.4; (<literal>{tty,cua}d</literal>),
      sx (<literal>{tty,cua}G</literal>),
      &man.uart.4; (<literal>{tty,cua}u</literal>),
      &man.ubser.4; (<literal>{tty,cua}y</literal>),
      &man.ucom.4; (<literal>{tty,cua}U</literal>), and
      &man.ucycom.4; (<literal>{tty,cua}y</literal>)
      have been rewritten to use it.  Note that <filename>/etc/remote</filename>
      and <filename>/etc/ttys</filename> have been updated as well.</para>

    <para>The &man.vkbd.4; driver has been added.  This driver
      provides a software loopback mechanism that can implement
      a virtual AT keyboard similar to what the &man.pty.4; driver
      does for terminals.</para>

    <!-- Above this line, sort kernel changes by manpage/keyword-->

    <para arch="i386,amd64">&os; always uses the local APIC timer
      even on uni-processor systems now.</para>

    <para arch="i386,amd64,ia64">The default <varname>HZ</varname>
      parameter (which controls various kernel timers) has been
      increased from <literal>100</literal> to <literal>1000</literal>
      on the i386 and ia64.  It has been reduced from
      <literal>1024</literal> to <literal>1000</literal> on the amd64
      to reduce synchronization effects with other system
      clocks.</para>

    <para>The maximum length of shell commands has changed from 128
      bytes to <varname>PAGE_SIZE</varname>.  By default, this value
      is either 4KB (i386, pc98, amd64, and powerpc) or 8KB (sparc64
      and ia64).  As a result, compatibility modules need to be
      rebuilt to stay synchronized with data structure changes in the
      kernel.</para>

    <para>A new tunable <varname>vm.blacklist</varname> has been added.
      This can hold a space or comma separated list of physical addresses.
      The pages containing these physical addresses will
      not be added to the free list and thus will effectively
      be ignored by the &os; VM system.  The physical addresses
      of any ignored pages are listed in the message buffer as well.</para>

    <sect3 id="boot">
      <title>Boot Loader Changes</title>

      <para arch="i386">A serial console-capable version of
	<filename>boot0</filename> has been added.  It can be written
	to a disk using &man.boot0cfg.8; and specifying
	<filename>/boot/boot0sio</filename> as the argument to the
	<option>-b</option> option.</para>

      <para arch="i386"><filename>cdboot</filename> now works around a
	BIOS problem observed on some systems when booting from USB
	CDROM drives.</para>

      <para>The <command>autoboot</command> loader command
	now supports the prompt parameter.</para>

      <para>The <command>autoboot</command> will now prevent the user
	from interrupting the boot process at all if the
	<varname>autoboot_delay</varname> variable is set to
	<literal>-1</literal>. &merged;</para>

      <para>A loader menu option to set <varname>hint.atkbd.0.flags=0x1</varname>
	has been added.  This setting allows USB keyboards to work
	if no PS/2 keyboard is attached.</para>

      <para>The beastie boot menu has been disabled by default.</para>

      <!-- Above this line, order boot loader changes by keyword-->

    </sect3>

    <sect3 id="proc">
      <title>Hardware Support</title>

      <para arch="i386,amd64">The &man.acpi.4; driver now turns
	the ACPI and PCI devices off or to a lower power state
	when suspending, and back on again when resuming.
	This behavior can be disabled by
	setting the <varname>debug.acpi.do_powerstate</varname> and
	<varname>hw.pci.do_powerstate</varname> sysctls to <literal>0</literal>.</para>

      <para arch="i386,amd64">The &man.acpi.ibm.4; driver for IBM laptops
	has been added.</para>

      <para arch="i386,amd64">The &man.acpi.ibm.4; driver has been
	improved to support hotkeys and reading fan status and thermal
	sensors.</para>

      <para arch="i386,amd64">The &man.acpi.fujitsu.4; driver for handling
        &man.acpi.4;-controlled buttons Fujitsu laptops has been added.</para>

      <para arch="i386,amd64">The acpi_sony driver,
	which supports the Sony Notebook Controller on various
	Sony laptops has been added.</para>

      <para>The &man.atkbdc.4;, &man.atkbd.4;, and &man.psm.4;
	drivers have been rewritten in more bus-independent way,
	and now support EBus found on sparc64 platform.</para>

      <para arch="sparc64">The following device drivers have been
	added and enabled by default:
	&man.atkbdc.4;,
	&man.atkbd.4;,
	creator(4),
	machfb(4),
	&man.syscons.4;,
	&man.ohci.4;,
	&man.psm.4;,
	&man.ukbd.4;,
	&man.ums.4;,
	and &man.usb.4;.</para>

      <para arch="sparc64">The &man.auxio.4; driver has been to drive
	some auxiliary I/O functions found on various SBus/EBus
	&ultrasparc; models. &merged;</para>

      <para arch="sparc64">The clkbrd driver has been added to support
	the <literal>clock-board</literal> device frequently found on
	Sun E<replaceable>xx</replaceable>00 servers.</para>

      <para>A framework for flexible processor speed control has been
	added.  It provides methods for various drivers to control CPU
	power utilization by adjusting the processor speed.  More
	details can be found in the &man.cpufreq.4; manual page. &merged;
	Currently supported drivers include ichss (Intel SpeedStep for ICH),
	acpi_perf (ACPI CPU performance states), and acpi_throttle
	(ACPI CPU throttling).  The latter two drivers are contained
	in the &man.acpi.4; driver.  These can individually be disabled by setting device
	hints such as <varname>hint.<replaceable>ichss</replaceable>.0.disabled="1"</varname>.</para>

      <para>The &man.hwpmc.4; hardware performance
	monitoring counter driver has been added.
	This driver virtualizes the hardware performance monitoring
	facilities in modern CPUs and provides support for using
	these facilities from user level processes.  For more details,
	see manual pages of &man.hwpmc.4;, associated libraries,
	and associated userland utilities.</para>

      <para arch="i386">Support for the OLDCARD subsystem has
	been removed.  The NEWCARD system is now used for all PCCARD
	device support.</para>

      <para>The pcii driver has been added to support GPIB-PCIIA IEEE-488
	cards. &merged;</para>

      <para>The &man.atkbd.4; driver now supports a <literal>0x8</literal>
	(bit 3) flag to disable testing the keyboard port during
	the device probe as this can cause hangs on some machines,
	specifically Compaq R3000Z series amd64 laptops.</para>

      <para arch="i386">The &man.pbio.4; driver,
	which supports direct access to
	the Intel 8255A programmable peripheral interface (PPI)
	chip running in mode 0 (simple I/O) has been added.</para>

      <para>The &man.psm.4; driver now has improved support for
	Synaptics Touchpad users.  It now has better tracking of
	slow-speed movement and support for various extra
	buttons and dials.  These features can be tuned with the
	<varname>hw.psm.synaptics.<replaceable>*</replaceable></varname>
	hierarchy of sysctl variables.</para>

      <para arch="sparc64">The rtc driver has been added to support
	the MC146818-compatible clock found on some &ultrasparc; II
	and III models. &merged;</para>

      <para arch="i386">The &man.syscons.4; driver now supports VESA
	(15, 16, 24, and 32 bit) modes.  To enable this feature, two
	kernel options <literal>SC_PIXEL_MODE</literal> and
	<literal>VESA</literal> (or corresponding kernel module)
	are needed.</para>

      <para arch="sparc64">The &man.uart.4; driver is now enabled in
	the <filename>GENERIC</filename> kernel, and is now the
	default driver for serial ports.  The ofw_console and
	&man.sab.4; drivers are now disabled in the
	<filename>GENERIC</filename> kernel. &merged;</para>

      <para>The &man.uftdi.4; driver now supports the FTDI FT2232C
	chip.</para>

      <para>The &man.uplcom.4; driver now supports handling of the
	<literal>CTS</literal> signal.</para>

      <para>The &man.ehci.4; driver has been improved.</para>

      <para arch="sparc64">The zs driver has been removed
	in favor of the &man.uart.4; driver.</para>

      <sect4 id="mm">
	<title>Multimedia Support</title>

	<para arch="sparc64">The &man.snd.audiocs.4; driver has been
	  added to support the Crystal Semiconductor CS4231 audio
	  controller found on &ultrasparc;
	  workstations. &merged;</para>

	<para>The &man.uaudio.4; driver now has some added
	  functionality, including volume control on more inputs and
	  recording capability on some devices. &merged;</para>

      </sect4>

      <sect4 id="net-if">
	<title>Network Interface Support</title>

	<para>The &man.ath.4; driver has been updated to split the
	  transmit rate control algorithm into a separate module.
	  One of <literal>device ath_rate_onoe</literal>,
	  <literal>device ath_rate_amrr</literal>, or
	  <literal>device ath_rate_sample</literal> must be included in
	  the kernel configuration when using the &man.ath.4;
	  driver.</para>

	<para>The &man.bge.4; driver now supports the &man.altq.4;
	  framework, as well as the BCM5714, 5721, 5750, 5751, 5751M and 5789
	  chips. &merged;</para>

	<para>The &man.cdce.4; USB Communication Device Class Ethernet
	  driver has been added. &merged;</para>

	<para>The &man.cp.4; driver is now MPSAFE. &merged;</para>

	<para>The &man.ctau.4; driver is now MPSAFE. &merged;</para>

	<para>The &man.cx.4; driver is now MPSAFE. &merged;</para>

	<para>The &man.dc.4; driver now supports the &man.altq.4;
	  framework. &merged;</para>

	<para>The &man.ed.4; driver now supports the &man.altq.4;
	  framework.  &merged;</para>

	<para>In the &man.em.4; driver, hardware support for VLAN
	  tagging is now disabled by default due to some interactions
	  between this feature and promiscuous mode. &merged;</para>

	<para>Ethernet flow control is now disabled by default in the
	  &man.fxp.4; driver, to prevent problems with a system panics
	  or is left in the kernel debugger. &merged;</para>

	<para>The gx(4) driver has been removed because
	  it is no longer maintained actively and
	  the &man.em.4; driver supports all of the supported hardware.</para>

	<para>The &man.hme.4; driver is now MPSAFE. &merged;</para>

	<para>The &man.ipw.4; (for Intel PRO/Wireless 2100),
	  &man.iwi.4; (for Intel PRO/Wireless 2200BG/2225BG/2915ABG),
	  &man.ral.4; (for Ralink Technology RT2500),
	  and &man.ural.4; (for Ralink Technology RT2500USB)
	  drivers have been added.</para>

	<para>The &man.ixgb.4; driver is now MPSAFE. &merged;</para>

	<para>The musycc driver, for the LanMedia LMC1504 T1/E1
	  network interface card, has been removed due to
	  disuse.</para>

	<para arch="i386,amd64">Drivers using the &man.ndis.4; device
	  driver wrapper mechanism are now built and loaded
	  differently.  The &man.ndis.4; driver can now be pre-built
	  as module or statically compiled into a kernel.  Individual
	  drivers can now be built with the &man.ndisgen.8; utility;
	  the result is a kernel module that can be loaded into a
	  running kernel using &man.kldload.8;. &merged;</para>

	<para arch="amd64">The &man.ndis.4; device driver wrapper now
	  supports &windows;/x86-64 binaries on amd64
	  systems. &merged;</para>

	<para arch="i386,amd64">The &man.nve.4; driver, which supports the
	  nVidia nForce MCP Networking Adapter, has been added.</para>

	<para>The &man.re.4; driver now supports the &man.altq.4;
	  framework.  &merged;</para>

	<para>The &man.sf.4; driver now has support for device polling
	  and &man.altq.4;. &merged;</para>

	<para>Several programming errors in the &man.sk.4; driver have
	  been corrected.  These bugs were particular to SMP systems, and
	  could cause panics, page faults, aborted SSH connections, or
	  corrupted file transfers.  More details can be found in
	  errata note
	  <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:02.sk.asc">FreeBSD-EN-05:02.sk</ulink>.
	  &merged;</para>

	<para>The &man.sk.4; driver now has support for &man.altq.4;.
	  This driver also now supports jumbo frames on Yukon-based
	  interfaces. &merged;</para>

	<para>The &man.vge.4; driver now has support for device polling
	  (&man.polling.4;).</para>

	<para>Support for 802.11 devices in the &man.wlan.4; framework has been
	  greatly overhauled.  In addition to architectural changes,
	  it includes completed 802.11g, WPA, 802.11i, 802.1x,
	  WME/WMM, AP-side power-saving, and plugin frameworks for
	  cryptography modules, authenticators, and access control.
	  Note in particular that WEP now requires the
	  <filename>wlan_wep</filename> module to be loaded (or
	  compiled) into the kernel.</para>

	<para>The &man.xl.4; driver now supports
	  &man.polling.4;. &merged;</para>

      </sect4>
    </sect3>

    <sect3 id="net-proto">
      <title>Network Protocols</title>

      <para>The MTU feedback in IPv6 has been disabled when the sender writes
	data that must be fragmented.  &merged;</para>

      <para>The Common Address Redundancy Protocol (CARP) has
	been implemented.  CARP comes from OpenBSD and allows
	multiple hosts to share an IP address, providing
	high availability and load balancing.
	For more information, see the &man.carp.4; manual page.  &merged;</para>

      <para>The &man.if.bridge.4; network bridging implementation,
	originally from NetBSD, has been added.  It supports the IEEE
	802.1D Spanning Tree Protocol, individual interface devices
	for each bridge, and filtering of bridged packets.
	The &man.ifconfig.8; utility now supports to configure
	&man.if.bridge.4;.</para>

      <para>The &man.ipfw.4; <literal>IPDIVERT</literal> option is now
	available as a kernel loadable module.
	If this module is not loaded, &man.ipfw.4; will refuse to
	install <literal>divert</literal> rules and &man.natd.8;
	will return the error message <quote>protocol not supported</quote>.</para>

      <para>The &man.ipfw.4; system can work with
	<varname>debug.mpsafenet</varname>=<literal>1</literal>
	(this tunable is <literal>1</literal> by default)
	when the <literal>gid</literal>, <literal>jail</literal>,
	and/or <literal>uid</literal> rule options are used.  &merged;</para>

      <para>The &man.ipfw.4; and &man.dummynet.4; systems now
	support IPv6.</para>

      <para>&man.ipfw.8; now supports classification and tagging
	of &man.altq.4; packets via a divert socket,
	as well as the TCP data length.</para>

      <para>The &man.ipfw.8; <literal>ipfw fwd</literal> rule now supports
	the full packet destination manipulation when the kernel option
	<literal>options IPFIREWALL_FORWARD_EXTENDED</literal> is specified
	in addition to <literal>options IPFIRWALL_FORWARD</literal>.
	This kernel option disables all restrictions to ensure proper
	behavior for locally generated packets and allows redirection of
	packets destined to locally configured IP addresses.
	Note that &man.ipfw.8; rules have to be carefully crafted to
	make sure that things like PMTU discovery do not break. &merged;</para>

      <para>The &man.ipfw.8; now supports IPv4 only rules.</para>

      <para>&man.ipnat.8; now allows redirect rules to
	work for non-TCP/UDP packets.  &merged;</para>

      <para>Ongoing work is reducing the use of the Giant lock by the
	network protocol stack and improving the locking
	strategies.</para>

      <para>The <filename>libalias</filename> library can now be built
        as a kernel module.</para>

      <para>The link state change notifications of network interface
	are sent to <filename>/dev/devctl</filename> now.</para>

      <para>A new &man.ng.ipfw.4; NetGraph node provides
	a simple interface between the &man.ipfw.4; and &man.netgraph.4;
	facilities.</para>

      <para>A new &man.ng.nat.4; NetGraph node has been added to
	perform NAT functions.</para>

      <para>A new &man.ng.netflow.4; NetGraph node allows a router
	running &os; to do NetFlow version 5 exports. &merged;</para>

      <para>A new &man.ng.tcpmss.4; NetGraph node has been added.
	This supports altering MSS options of TCP packets.</para>

      <para>The &man.sppp.4; driver now includes Frame Relay
	support. &merged;</para>

      <para>The &man.sppp.4; driver is now MPSAFE.</para>

      <para>The new sysctl <varname>net.link.tap.user_open</varname>
	has been implemented.  This allows unprivileged access to
	&man.tap.4; device nodes based on file system permissions.</para>

      <para>A bug in TCP that sometimes caused RST packets to
	be ignored if the receive window was zero bytes has been
	fixed. &merged;</para>

      <para>The <literal>RST</literal>
	handling of the &os; TCP stack has been improved
	to make reset attacks as difficult as possible while
	maintaining compatibility with the widest range of TCP stacks.
	The algorithm is as follows:  For connections in the
	<literal>ESTABLISHED</literal>
	state, only resets with sequence numbers exactly matching
	<varname>last_ack_sent</varname> will cause a reset;
	all other segments will
	be silently dropped. For connections in all other states,
	a reset anywhere in the window will cause the connection
	to be reset.  All other segments will be silently dropped.
	Note that this behavior technically violates the RFC 793 specification;
	the conventional (but less secure) behavior can be restored
	by setting a new sysctl <varname>net.inet.tcp.insecure_rst</varname>
	to <literal>1</literal>.  &merged;</para>

      <para>Several bugs in the TCP SACK implementation have been
	fixed. &merged;</para>

      <para>RFC 1644 T/TCP support has been removed.  This is because
	the design is based on a weak security model that can easily
	permit denial-of-service attacks.  This TCP
	extension has been considered a defective one in
	a recent Internet Draft.</para>

      <para>The KAME IPv4 IPsec implementation integrated
	in &os; now supports TCP-MD5.  &merged;</para>

      <para>Random ephemeral port number allocation has led to some
        problems with port reuse at high connection rates.  This
        feature is now disabled during periods of high connection
        rates; whenever new connections are created faster than
        <varname>net.inet.ip.portrange.randomcps</varname> per second,
        port number randomization is disabled for the next
        <varname>net.inet.ip.portrange.randomtime</varname>
        seconds.  The default values for these two sysctl variables
        are <literal>10</literal> and <literal>45</literal>,
        respectively. &merged;</para>

      <para>Fine-grained locking has been applied to many of the data
	structures in the IPX/SPX protocol stack.  While not fully
	MPSAFE at this point, it is generally safe to use IPX/SPX
	without the Giant lock (in other words, the
	<varname>debug.mpsafenet</varname> sysctl variable may be set
	to <literal>1</literal>).</para>

      <para>Unix domain sockets now support the
	<literal>LOCAL_CREDS</literal> and
	<literal>LOCAL_CONNWAIT</literal> options.
	The <literal>LOCAL_CREDS</literal> option provides
	a mechanism for the receiver to receive the credentials
	of the process as a &man.recvmsg.2; control message.
	The <literal>LOCAL_CONNWAIT</literal>
	option causes the &man.connect.2; function to block
	until &man.accept.2; has been called on the listening socket.
	For more details, see the &man.unix.4; manual page.</para>
    </sect3>

    <sect3 id="disks">
      <title>Disks and Storage</title>

      <para>The &man.amr.4; driver is now safe for use on systems
	using &man.pae.4;. &merged;</para>

      <para arch="i386,ia64">The &man.arcmsr.4; driver has been added.
	It supports the Areca ARC-11<replaceable>xx</replaceable> and
	ARC-12<replaceable>xx</replaceable> series of SATA RAID
	controllers.  &merged;</para>

      <para>The &man.ata.4; family of drivers has been overhauled and
	updated.  It has been split into modules that can be loaded
	and unloaded independently (the <filename>atapci</filename>
	and <filename>ata</filename> modules are prerequesites for the
	device subdrivers, which are <filename>atadisk</filename>,
	<filename>atapicd</filename>, <filename>atapifd</filename>,
	<filename>atapist</filename>, and
	<filename>ataraid</filename>).  On supported SATA controllers,
	devices can be hot inserted/removed.  ATA RAID support has
	been rewritten and supports a number of new metadata formats.
	The <filename>atapicd</filename> driver no longer supports CD
	changers.  This update has been referred to as <quote>ATA
	mkIII</quote>.</para>

      <para>The SHSEC GEOM class has been added.  It provides for the
	sharing of a secret between multiple GEOM providers.  All of
	these providers must be present in order to reveal the
	secret.  This feature is controlled by the &man.gshsec.8;
	utility. &merged;</para>

      <para>The &man.hptmv.4; driver, which supports the HighPoint
	RocketRAID 182x series, has been added. &merged;</para>

      <para>The &man.ips.4; driver now support kernel crash dumps
	on some modern ServeRAID models.  &merged;</para>

      <para>The &man.matcd.4; driver has been removed. &merged;</para>

      <para>The default SCSI boot-time probe delay in the
	<filename>GENERIC</filename> kernel has been reduced from
	fifteen seconds to five seconds.</para>

      <para>The old vinum(4) subsystem has been removed
	in favor of the new &man.geom.4;-based version.</para>

      <para>The &man.twa.4; driver has been updated to
	the 9.2 release (for &os; 5.2.1) distributed from
	the 3ware website.</para>

      <para arch="pc98">The &man.wd.4; driver has been removed.  The
	&man.ata.4; driver has been found to work well enough on the
	pc98 platform that there is no need for the older &man.wd.4;
	driver.</para>

      <para>Information about newly-mounted cd9660 file systems (such
	as the presence of RockRidge extensions) is now only printed
	if the kernel was booted in verbose mode.  This change was
	made to reduce the amount of (generally unnecessary) kernel
	log messages. &merged;</para>

    </sect3>

    <sect3 id="fs">
      <title>File Systems</title>

      <para>Recomputing the summary information for
	<quote>dirty</quote> UFS and UFS2 file systems is no longer
	done at mount time, but is now done by background
	&man.fsck.8;.  This change improves the startup speed when
	mounting large file systems after a crash.  The prior behavior
	can be restored by setting the
	<varname>vfs.ffs.compute_summary_at_mount</varname> sysctl
	variable to a non-zero value.  &merged;</para>

      <para>A kernel panic in the NFS server has been fixed.  More
	details can be found in errata note
	<ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:01.nfs.asc">FreeBSD-EN-05:01.nfs</ulink>.
	&merged;</para>

      <para arch="i386,pc98">Read-only support for ReiserFS version 3 has been
	added.  See &man.mount.reiserfs.8; for details.</para>

    </sect3>

    <sect3>
      <title>Contributed Software</title>

      <para><application>ACPI-CA</application> has been updated from
	20040527 to 20041119. &merged;</para>

    </sect3>
  </sect2>

  <sect2 id="userland">
    <title>Userland Changes</title>

    <para>The &man.burncd.8; utility now allows commands (such as
      <command>eject</command>) to take place after fixating a
      disk.</para>

    <para arch="amd64">Machine-specific optimized versions of
      &man.bcmp.3;, &man.bcopy.3;, &man.bzero.3;, &man.memcmp.3;,
      &man.memcpy.3;, &man.memmove.3;, &man.memset.3;, &man.strcat.3;
      and &man.strcpy.3; have been implemented.  Several mathematics
      functions such as &man.ceill.3; and &man.sqrtf.3; are also
      replaced with the optimized versions.</para>

    <para>The &man.chflags.1; utility now supports the
      <option>-h</option> flag, which supports changing flags on
      symbolic links.</para>

    <para>The &man.ftpd.8; program now uses the <literal>212</literal>
      and <literal>213</literal> status codes for directory
      and file status correctly (<literal>211</literal> was used in
      the previous versions).  This behavior is described in RFC 959.
      &merged;</para>

    <para>The <literal>create</literal> command of the &man.gpt.8;
      utility now supports a <option>-f</option> command-line flag to
      force creation of a GPT even when there is an MBR record on a
      disk. &merged;</para>

    <para>The &man.getaddrinfo.3; function now queries <literal>A</literal>
      DNS resource records before <literal>AAAA</literal> records
      when <literal>AF_UNSPEC</literal> is specified.
      Some broken DNS servers return <literal>NXDOMAIN</literal>
      against non-existent <literal>AAAA</literal> queries,
      even when it should return <literal>NOERROR</literal>
      with empty return records.  This is a problem for an IPv4/IPv6 dual
      stack node because the <literal>NXDOMAIN</literal> returned
      by the first query of an <literal>AAAA</literal> record makes
      the querying server stop attempting to resolve the <literal>A</literal>
      record if any.  Also, this behavior has been recognized as a potential
      denial-of-service attack (see <ulink url="http://www.kb.cert.org/vuls/id/714121"></ulink>
      for more details).
      Note that although the query order has been changed,
      the returned result still includes
      <literal>AF_INET6</literal> records before
      <literal>AF_INET</literal> records.  &merged;</para>

    <para>The &man.gethostbyname.3;, &man.gethostbyname2.3;, and
      &man.gethostbyaddr.3; functions are now thread-safe. &merged;</para>

    <para>The &man.getnetent.3;, &man.getnetbyname.3;, and
      &man.getnetbyaddr.3; functions are now thread-safe. &merged;</para>

    <para>The &man.getprotoent.3;, &man.getprotobyname.3;, and
      &man.getprotobynumber.3; functions are now thread-safe. &merged;</para>

    <para>The &man.getservent.3;, &man.getservbyname.3;, and
      &man.getservbyport.3; functions are now thread-safe. &merged;</para>

    <para>For conformation to IEEE Std 1003.1-2001
      (also known as POSIX 2001), the <varname>n_net</varname>
      of <varname>struct netent</varname> and the first argument
      of &man.getnetbyaddr.3; has been changed to an uint32_t.
      Due to these changes the ABI on 64-bit platforms becomes
      incompatible with previous releases of &os; and
      the major version number of libpcap has been bumped.
      If you upgrade &os; for 64-bit platforms, note that all of
      the userland programs which use &man.getnetbyaddr.3;,
      &man.getnetbyname.3;, &man.getnetent.3; and/or
      <application>libpcap</application> have to be recompiled.</para>

    <para>The gvinum(8) utility now supports
      <command>checkparity</command>,
      <command>rebuildparity</command>, and
      <command>setstate</command>
      subcommands.  &merged;</para>

    <para>The &man.ifconfig.8; utility has been restructured.  It is
      now more modular and flexible with respect to supporting
      interface-specific functionality.  The 802.11 support has been
      updated to support recent changes to the 802.11 subsystem and
      drivers.</para>

    <para>Support for abbreviated forms of a number of &man.ipfw.8;
      options has been deprecated.  Warnings are printed to stderr
      indicating the correct full form when one of these abbreviations
      is detected.</para>

    <para>The &man.kldstat.8; utility now supports a
      <option>-m</option> option to return the status of a specific
      kernel module. &merged;</para>

    <para>The on-disk format of <literal>LC_CTYPE</literal> files has
      been changed to be machine-independent.</para>

    <para>The &man.mixer.8; utility now supports the <option>-S</option>
      option.  This is the same as the <option>-s</option> option
      but does not output mixing field separators.</para>

    <para>A bug in the <filename>libalias</filename> library
      which causes a core dump when the <option>-reverse</option>
      option is specified in &man.natd.8; has been fixed.</para>

    <para>The <filename>libarchive</filename> library (as well as the
      &man.tar.1; command that uses it) now has support for reading ISO
      images (with optional RockRidge extensions) and ZIP archives
      (with <literal>deflate</literal> and <literal>none</literal>
      compression). &merged;</para>

    <para>The <filename>libarchive</filename> library now supports
      handling a ZIP archive entry with more than 4GB compressed size (ZIP64
      extension) and Unix extension.</para>

    <para>The <filename>libgpib</filename> library has been added to
      give userland access to GPIB devices (using the the pcii driver)
      via the
      <function>ib<replaceable>foo</replaceable></function>
      API. &merged;</para>

    <para>The default stack sizes in <filename>libpthread</filename>,
      <filename>libthr</filename>,
      and <filename>libc_r</filename> have been increased.  On 32-bit
      platforms, the main thread receives a 2MB stack size by default,
      with other threads receiving a 1MB stack size by default.  On
      64-bit platforms, the default stack sizes are 4MB and 2MB
      respectively. &merged;</para>

    <para>The <filename>libxpg4</filename> library has been removed
      because all of its functionality was long ago merged into
      <filename>libc</filename>.
      All binaries linked with <filename>libxpg4</filename>
      must be recompiled or use &man.libmap.conf.5;.
      Note that the &os; base system has no such binaries.</para>

    <para>The &man.lpd.8; program now checks to make sure the data
      file has been completely transfered before starting to
      print it when a data file received from some other host.
      Some implementations of &man.lpr.1; send the control file
      for a print job before sending the matching data files,
      which can cause problems if the receiving host is
      a busy print-server.  &merged;</para>

    <para>A number of new functions have been implemented in the
      &man.math.3; library.  These include &man.ceill.3;,
      &man.floorl.3;, &man.ilogbl.3;, &man.fma.3; and variants,
      &man.lrint.3; and variants, and &man.lround.3; and
      variants. &merged;</para>

    <para>The &man.mknod.8; utility is now deprecated.
      Device nodes have been managed by the &man.devfs.5; device file
      system since &os; 5.0.</para>

    <para arch="i386">The &man.mkuzip.8; utility, which
      compresses file system images for use with
      <literal>GEOM_UZIP</literal> &man.geom.4; module,
      has been added. &merged;</para>

    <para>The &man.moused.8; daemon now supports <quote>virtual
      scrolling</quote>, in which mouse motions made while holding
      down the middle mouse button are interpreted as scrolling.  This
      feature is enabled with the <option>-V</option>
      flag. &merged;</para>

    <para>A separate directory has been added for &man.named.8;
      dynamic zones which is owned by the <username>bind</username> user
      (for creation of the zone journal file).
      For more detail, see an example dynamic zone in the sample
      &man.named.conf.5;.  &merged;</para>

    <para>The &man.ncal.1; utility now supports a <option>-m</option>
      flag to generate a calendar for a specified month in the current
      year. &merged;</para>

    <para>The &man.newfs.8; utility now supports a <option>-n</option>
      flag to suppress the creation of a <filename>.snap</filename>
      directory on new file systems.  This feature is intended for use
      on memory or vnode file systems that will not require snapshot
      support. &merged;</para>

    <para>The &man.newfs.8; utility now emits a warning when creating
      a UFS or UFS2 file system that cannot support snapshots.  This
      situation can occur in the case of very large file systems with
      small block sizes. &merged;</para>

    <para>The &man.newsyslog.8; utility now supports
	a <option>-d</option> option to specify an alternate root for log files
	similar to <varname>DESTDIR</varname> in the BSD make process.
	This only affects log file paths, not configuration file (<option>-f</option>)
	or archive directory (<option>-a</option>) paths.</para>

    <para>The &man.newsyslog.8; utility now supports a
      <option>-N</option> that causes it not to rotate any files.</para>

    <para>The <literal>NO_NIS</literal> compile-time knob for userland
      has been added.  As its name implies, enabling this
      <filename>Makefile</filename> variable will cause NIS support to
      be excluded from various programs and will cause the NIS
      utilities to not be built. &merged;</para>

    <para>For years, &os; has used <filename>Makefile</filename>
      variables of the form
      <varname>NO<replaceable>FOO</replaceable></varname> and
      <varname>NO_<replaceable>FOO</replaceable></varname>.  For
      consistency, those variables using the former naming convention
      have been converted to the
      <varname>NO_<replaceable>FOO</replaceable></varname> form.  The
      file <filename>/usr/share/mk/bsd.compat.mk</filename> has a
      complete list of these variables; it also implements some
      temporary backward compatibility for the old names.</para>

    <para>The &man.periodic.8; security output now supports the display of
      information about blocked packet counts from &man.pf.4;.  &merged;</para>

    <para>The &man.pgrep.1; now supports an <option>-S</option> option
      which allows to match system processes (kernel threads).</para>

    <para>The &man.pgrep.1; and &man.pkill.1; now support an
      <option>-F</option> option which allows to use file where PID is stored
      for matching.</para>

    <para>The &man.pgrep.1; and &man.pkill.1; now support an
      <option>-i</option> option to ignore case in the process match.</para>

    <para>The &man.pgrep.1; and &man.pkill.1; now support an
      <option>-j</option> option which allows to match processes
      based on its &man.jail.2; ID.</para>

    <para>The &man.pgrep.1; and &man.pkill.1; now support an
      <option>-o</option> option which allows to match oldest
      (least recently started) of the matching processes.</para>

    <para>The &man.powerd.8; program for managing power consumption has been
      added.</para>

    <para>The &man.ppp.8; program now implements an
      <option>echo</option> parameter, which allows LCP ECHOs to be
      enabled independently of LQR reports.  Older versions of
      &man.ppp.8; would revert to LCP ECHO mode on negotiation
      failure.  It is now necessary to specify <command>enable
      echo</command> to get this behavior. &merged;</para>

    <para>The <option>disable NAS-IP-Address</option> and
      <option>disable NAS-Identifier</option> options,
      which support pre-RFC 2865 RADIUS servers
      have been added to the &man.ppp.8; program.</para>

    <para>Two bugs in the &man.pppd.8; program have been fixed.
      They may result in an incorrect CBCP response,
      which violates the Microsoft PPP Callback Control Protocol
      section 3.2.  &merged;</para>

    <para>The &man.ps.1; now supports a <literal>jid</literal>
      keyword in the <option>-o</option> option.  It displays
      &man.jail.2; ID of each process.</para>

    <para>The &man.pstat.8; now supports a <option>-h</option> option
      to print swap sizes with SI prefixes such as K, M, and G,
      which are used to form binary multiples.</para>

    <para>The &man.rescue.8; utilities in the <filename>/rescue</filename>
      directory now include &man.bsdtar.1; instead of GNU tar.</para>

    <para>The &man.restore.8; utility has regained the ability to read
      &os; version 1 dump tapes. &merged;</para>

    <para>A bug of the &man.rexecd.8; utility which results in
      it behaving as if the <option>-i</option> option is always
      specified has been fixed.  &merged;</para>

    <para>The &man.rexecd.8; utility has been removed.
      There are no rexec clients in the &os; tree, and the client
      function &man.rexec.3; is present only in
      <application>libcompat</application>.</para>

    <para>The &man.rm.1; utility now supports an <option>-I</option>
      option that asks for confirmation (once) if recursively
      removing directories or if more than 3 files are listed in the
      command line. &merged;</para>

    <para>The &man.rm.1; utility now suppresses diagnostic messages
      when it attempts to remove a non-existent directory
      with the <option>-r</option> and <option>-f</option> options
      specified.  This behavior is required by
      Version 3 of the Single UNIX Specification (SUSv3).</para>

    <para>The following ISO/IEC 9899:1999 standard functions
      have been implemented: <function>roundl()</function>,
      <function>lroundl()</function>, <function>llroundl()</function>,
      <function>truncl()</function>, and <function>floorl()</function>.</para>

    <para>An &man.rpmatch.3; library function has been added to check
      a string for being an affirmative or negative response in the
      current locale.</para>

    <para>The &man.rtld.1; dynamic linker now supports specifying
      library replacements via the <varname>LD_LIBMAP</varname>
      environment variable.  This variable will override the entries
      in &man.libmap.conf.5;. &merged;</para>

    <para>The rune(3) non-standard multibyte and wide character support
      interface has been removed.</para>

    <para>&man.sed.1; now supports a <option>-l</option> option to
      make its output line-buffered. &merged;</para>

    <para>The &man.strftime.3; function now supports some GNU extensions
      such as <literal>-</literal> (no padding),
      <literal>_</literal> (use space as padding),
      and <literal>0</literal> (zero padding). &merged;</para>

    <para>The &man.syslog.3; function is now thread-safe. &merged;</para>

    <para>The &man.syslogd.8; utility now opens an additional domain
      socket (<filename>/var/run/logpriv</filename> by default),
      with <literal>0600</literal> permissions to be used
      by privileged programs.  This prevents privileged
      programs from locking when the domain sockets
      run out of buffer space due to a
      local denial-of-service attack. &merged;</para>

    <para>The &man.syslogd.8; now supports the <option>-S</option> option,
      which allows to change the pathname of the privileged
      socket.  This is useful for preventing the daemon
      from receiving any messages from the local sockets
      (<filename>/var/run/log</filename> and
      <filename>/var/run/logpriv</filename> are used by default).
      &merged;</para>

    <para>The &man.syslogd.8; utility now allows
      <literal>:</literal> and <literal>%</literal>
      characters in the hostname specifications.
      These characters are used in IPv6 addresses and scope IDs. &merged;</para>

    <para>The &man.systat.1; <option>-netstat</option> display is now
      IPv6-aware. &merged;</para>

    <para>The <option>-f</option> option of &man.tail.1; utility
      now supports more than one file at a time. &merged;</para>

    <para>The &man.telnet.1; and &man.telnetd.8; programs now support
      the <option>-S</option> option for specifying a numeric TOS
      byte.</para>

    <para>Prepending a <literal>+</literal> character to port numbers
      passed to &man.telnet.1; program will now disable option
      negotiation and allow the transfer of characters with the high
      bit set.  This feature is intended to support the fairly common
      use of &man.telnet.1; as a protocol tester.</para>

    <para>The &man.tcpdrop.8; command, which closes a selected TCP
      connection, has been added.  It was obtained from
      OpenBSD. &merged;</para>

    <para>&man.what.1; now support a <option>-q</option> flag, which
      causes it to print matching text, but not format it.</para>

    <para>&man.whois.1; now supports
      a <option>-k</option> flag
      for querying <hostid role="fqdn">whois.krnic.net</hostid>
      (the National Internet Development Agency of Korea),
      which holds details of IP address allocations within
      Korea. &merged;</para>

    <para>The <option>-I</option> option of the &man.xargs.1; command
      has been changed to conform to IEEE Std 1003.1-2004.
      The standard requires that the constructed
      arguments cannot grow larger than 255 bytes.</para>

    <para>A bug, which caused the last line of configuration files such as &man.hosts.5;,
      &man.services.5;, and so on to be ignored if it did not end in a newline character,
      has been fixed. &merged;</para>

    <para>A new system user/group <username>_dhcp</username>
      has been added to support &man.dhclient.8; from OpenBSD.</para>

    <sect3 id="rc-scripts">
      <title><filename>/etc/rc.d</filename> Scripts</title>

      <para>The <filename>rc.d/bsnmpd</filename> startup script
	for &man.bsnmpd.1; has been added.</para>

      <para>&man.rc.conf.5; now supports changes of network interface names
	at boot time. &merged;  For example:</para>

      <programlisting>ifconfig_fxp0_name="net0"
ifconfig_net0="inet 10.0.0.1/16"</programlisting>

      <para>The <filename>rc.d/moused</filename> script now
	starts/stops/checks a specific device when
	the device name is given as the second argument to the script:</para>

      <screen>&prompt.root; /etc/rc.d/moused start ums0</screen>

      <para>To use different &man.rc.conf.5; knobs with different
	mice, use the device name as part of the knob.
	For example, if the mouse device is <filename>/dev/ums0</filename>
	the following lines can be used:</para>

	<programlisting>moused_ums0_enable=yes
moused_ums0_flags="-z 4"
moused_ums0_port="/dev/ums0"</programlisting>

      <para>&man.rc.conf.5; now supports the <varname>tmpmfs_flags</varname>
	and <varname>varmfs_flags</varname> variables.
	These can be used to pass extra options to the &man.mdmfs.8; utility,
	to customize the finer details of the &man.md.4; file system creation,
	such as to turn on/off softupdates, to specify a default owner
	for the file system, and so on. &merged;</para>

      <para>The following scripts have been removed because
	they were NetBSD specific and never used in &os;:
	<filename>altqd</filename>,
	<filename>dhcpd</filename>,
	<filename>dhcrelay</filename>,
	<filename>downinterfaces</filename>,
	<filename>gated</filename>,
	<filename>ifwatchd</filename>,
	<filename>kdc</filename>,
	<filename>lkm1</filename>,
	<filename>lkm2</filename>,
	<filename>lkm3</filename>,
	<filename>mixerctl</filename>,
	<filename>mopd</filename>,
	<filename>mountall</filename>,
	<filename>ndbootd</filename>,
	<filename>network</filename>,
	<filename>poffd</filename>,
	<filename>postfix</filename>,
	<filename>ppp</filename>,
	<filename>racoon</filename>,
	<filename>raidframe</filename>,
	<filename>rbootd</filename>,
	<filename>rtsold</filename>,
	<filename>screenblank</filename>,
	<filename>swap2</filename>,
	<filename>sysdb</filename>,
	<filename>wscons</filename>,
	<filename>xdm</filename>, and
	<filename>xfs</filename></para>
    </sect3>
  </sect2>

  <sect2 id="contrib">
    <title>Contributed Software</title>

    <para><application>awk</application> has been updated from the 7
      February 2004 release to the 24 April 2005 release.</para>

    <para><application>BIND</application> has been updated from version
      9.3.0 to version 9.3.1.  &merged;</para>

    <para><application>bsnmp</application> has been updated from 1.7
      to 1.10.</para>

    <para><application>bzip2</application> has been updated from 1.0.2
      to 1.0.3.</para>

    <para><application>OpenBSD dhclient</application> as of OpenBSD 3.7
      has been imported.</para>

    <para><application>FILE</application> has been updated from 4.10
      to 4.12.</para>

    <para><application>GNU GCC</application> has been updated from
      from 3.4.2-prerelease as of 28 July, 2004 to 3.4.4.</para>

    <para>A number of bug fixes and performance enhancements have been
      added to <application>GNU grep</application> in the form of
      patches from Fedora's grep-2.5.1-48 source RPM.</para>

    <para><application>GNU readline</application> has been updated from
      version 4.3 to version 5.0.</para>

    <para><application>IPFilter</application> has been updated from
      3.4.35 to 4.1.18.</para>

    <para><application>Heimdal</application> has been updated from
      0.6.1 to 0.6.3. &merged;</para>

    <para>The <application>hostapd</application>
      v0.3.7 has been imported.  This is a user space IEEE
      802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
      Authenticator and RADIUS authentication server.
      For more details, see &man.hostapd.8;.</para>

    <para><application>libpcap</application> has been updated from
      v0.8.3 to v0.9.1 (alpha 096).</para>

    <para><application>libregex</application> has been updated from a
      snapshot from <application>GNU grep</application> 2.5.1 to a
      snapshot from the <literal>fedora-glibc-2_3_4-21</literal> tag
      in the <application>glibc</application> CVS repository.</para>

    <para><application>libz</application> has been updated from 1.2.1
      to 1.2.2.</para>

    <para><application>lukemftp</application> has been updated from a
      26 April 2004 snapshot from OpenBSD's sources to a snapshot as
      of 16 May 2005.</para>

    <para>A snapshot of <application>netcat</application> from OpenBSD
      as of 4 February 2005 has been added.  More information can be
      found in the &man.nc.1; manual page. &merged;</para>

    <para><application>NgATM</application> has been updated from 1.0
      to 1.2.</para>

    <para><application>OpenPAM</application> has been updated from the
      Eelgrass release to the Feterita release.</para>

    <para><application>OpenSSH</application> has been updated from 3.8p1
      to 4.1p1.</para>

    <para><application>OpenSSL</application> has been updated from
      0.9.7d to 0.9.7e. &merged;</para>

    <para><application>pf</application> has been updated from the
      version included with <application>OpenBSD</application> 3.5 to
      the version included with <application>OpenBSD</application>
      3.7.</para>

    <para><application>sendmail</application> has been updated from
      version 8.13.1 to version 8.13.3. &merged;</para>

    <para><application>sendmail</application> has been updated from
      version 8.13.3 to version 8.13.4.</para>

    <para><application>TCPDUMP</application> has been updated from
      v3.8.3 to v3.9.1 (alpha 096).</para>

    <para><application>tcsh</application> has been updated from
      6.13.00 to 6.14.00.</para>

    <para><application>texinfo</application> has been updated from 4.6
      to 4.8.</para>

    <para>The timezone database has been updated from the
      <application>tzdata2004e</application> release to the
      <application>tzdata2004g</application> release. &merged;</para>

    <para>The <application>WPA Supplicant</application>
      v0.3.8 has been imported.  This provides WPA Supplicant
      component of WPA/IEEE 802.11i features.
      For more details, see &man.wpa.supplicant.8;.</para>

  </sect2>

  <sect2 id="ports">
    <title>Ports/Packages Collection Infrastructure</title>

    <para>The &man.pkg.create.1; utility now supports a
      <option>-R</option> flag.  When creating a package file
      from the locally installed package, it creates package
      files for all packages on which that locally installed
      package depends if this flag is specified.</para>

    <para>The &man.pkg.version.1; utility now supports a
      <option>-q</option> flag to suppress the output of the port
      version comparison characters <literal>&lt;</literal>,
      <literal>=</literal>, and <literal>&gt;</literal>.</para>

    <para>The &man.pkg.version.1; utility now supports a
      <option>-I</option> flag, which causes only the
      <filename>INDEX</filename> file to be used for determining if a
      package is out of date.</para>

    <para>The
      <filename>ports/INDEX<replaceable>*</replaceable></filename>
      files, which kept an index of all of the entries in the ports
      collection, have been removed from the CVS repository. &merged;
      These files were generated only infrequently, and therefore were
      usually out-of-date and inaccurate.  Users requiring an index
      file (such as for use by programs such as &man.portupgrade.1;)
      have two alternatives for obtaining a copy:</para>

    <itemizedlist>
      <listitem>
	<para>Build an index file based on the current ports tree by
	  running <command>make index</command> from the top of the
	  <filename>ports/</filename> tree.</para>
      </listitem>

      <listitem>
	<para>Fetch an index file over the network by running
	  <command>make fetchindex</command> from the top of the
	  <filename>ports/</filename> tree.  This index file will
	  (typically) be accurate to within a day.</para>
      </listitem>
    </itemizedlist>

  </sect2>

  <sect2 id="releng">
    <title>Release Engineering and Integration</title>

    <para>In prior &os; releases, the <filename>disc1</filename>
      CD-ROM (or ISO image) was a bootable installation disk
      containing the base system, ports tree, and common packages.
      The <filename>disc2</filename> CD-ROM (or ISO image) was a
      bootable <quote>fix it</quote> disk with a live filesystem, to
      be used for making emergency repairs.  This layout has now
      changed.  For all architectures except ia64, the
      <filename>disc1</filename> image now contains the base system
      distribution files, ports tree, and the live filesystem, making
      it suitable for both an initial installation and repair
      purposes.  (On the ia64, the live filesystem is on a separate
      disk due to its size.)  Packages appear on separate
      disks; in particular, the <filename>disc2</filename> image
      contains commonly packages such as desktop environments.
      Documents from the &os; Documentation Project also appear on
      <filename>disc2</filename>.  &merged;</para>

    <para>The supported version of the
      <application>GNOME</application> desktop environment has been
      updated from 2.6.2 to 2.10.  More information about
      running <application>GNOME</application> on &os; can be found on
      the <ulink url="&url.base;/gnome/">FreeBSD GNOME Project</ulink>
      Web page. &merged;

      <note>
	<para>Users of older versions of the
	  <application>GNOME</application> desktop
	  (<filename role="package">x11/gnome2</filename>)
	  must take particular care in upgrading.  Simply upgrading it
	  from the &os; Ports Collection with &man.portupgrade.1;
	  (<filename role="package">sysutils/portupgrade</filename>)
	  will cause serious problems.
	  <application>GNOME</application> desktop users should read
	  the instructions carefully at
	  <ulink url="&url.base;/gnome/docs/faq210.html"></ulink>
	  and use the
	  <ulink url="&url.base;/gnome/gnome_upgrade.sh"><filename>gnome_upgrade.sh</filename></ulink>
	  script to properly upgrade to
	  <application>GNOME</application> 2.10.</para>
	</note>
      </para>

    <para>The supported version of the <application>KDE</application>
      desktop environment has been updated from 3.3.0 to
      3.4.0.  More information regarding running
      <application>KDE</application> on &os; can be found on the
      <ulink url="http://freebsd.kde.org/">KDE on FreeBSD</ulink> Web
      page. &merged;

      <note>
	<para>Users of older versions of
	  <application>KDE</application> should follow the upgrading
	  procedure documented on the
	  <ulink url="http://freebsd.kde.org/">KDE on FreeBSD</ulink> Web
	  page or in <filename>ports/UPDATING</filename>.</para>
	</note>
      </para>

    <para>The supported version of <application>Xorg</application> has
      been updated from 6.7.0 to 6.8.2. &merged;</para>

  </sect2>

  <sect2 id="doc">
    <title>Documentation</title>

    <para>Documentation of existing functionality has been improved by
      the addition of the following manual pages: &man.ataraid.4;,
      &man.devfs.conf.5, &man.devfs.rules.5,
      &man.pthread.atfork.3;
      &man.sched.4bsd.4;, &man.sched.ule.4;, &man.snd.fm801.4;,
      &man.snd.neomagic.4;, &man.snd.via8233.4;, &man.snd.via82c686.4;,
      and &man.snd.vibes.4;.</para>

    <para>Manual pages in the base system have received a number of
      cleanups, both for content and presentation.  Cross-references
      are more correct and consistent, standard section headings are
      now used throughout, and markup has been cleaned up.</para>

    <para>The following manual pages, which were derived from RFCs
      and possibly violate the IETF's copyrights, have been replaced:
      &man.gai.strerror.3;,
      &man.getaddrinfo.3;,
      &man.getnameinfo.3;,
      &man.inet6.opt.init.3;,
      &man.inet6.option.space.3;,
      &man.inet6.rth.space.3;,
      &man.inet6.rthdr.space.3;,
      &man.icmp6.4;, and
      &man.ip6.4;.  &merged;</para>

  </sect2>
</sect1>

<sect1 id="upgrade">
  <title>Upgrading from previous releases of &os;</title>

  <para>Source upgrades to &os; &release.current; are only supported
    from &os; 5.3-RELEASE or later.  Users of older systems wanting to
    upgrade &release.current; will need to update to &os; 5.3 or newer
    first, then to &os; &release.current;.</para>

  <important>
    <para>Upgrading &os; should, of course, only be attempted after
      backing up <emphasis>all</emphasis> data and configuration
      files.</para>
  </important>
</sect1>