article.xml revision 165798
1<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ 2<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN"> 3%articles.ent; 4 5<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> 6%release; 7 8<!-- Text constants which probably don't need to be changed.--> 9 10<!-- The marker for MFCs. --> 11<!ENTITY merged "[MERGED]"> 12 13<!-- Architecture names --> 14<!ENTITY arch.amd64 "amd64"> 15<!ENTITY arch.arm "arm"> 16<!ENTITY arch.i386 "i386"> 17<!ENTITY arch.ia64 "ia64"> 18<!ENTITY arch.pc98 "pc98"> 19<!ENTITY arch.powerpc "powerpc"> 20<!ENTITY arch.sparc64 "sparc64"> 21<!ENTITY arch.sun4v "sun4v"> 22 23<!ENTITY % include.historic "IGNORE"> 24<!ENTITY % no.include.historic "IGNORE"> 25]> 26 27<article> 28<articleinfo> 29 <title>&os; &release.current; Release Notes</title> 30 31 <corpauthor>The &os; Project</corpauthor> 32 33 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 165798 2007-01-05 10:13:01Z blackend $</pubdate> 34 35 <copyright> 36 <year>2000</year> 37 <year>2001</year> 38 <year>2002</year> 39 <year>2003</year> 40 <year>2004</year> 41 <year>2005</year> 42 <year>2006</year> 43 <year>2007</year> 44 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder> 45 </copyright> 46 47 <legalnotice id="trademarks" role="trademarks"> 48 &tm-attrib.freebsd; 49 &tm-attrib.ibm; 50 &tm-attrib.ieee; 51 &tm-attrib.intel; 52 &tm-attrib.sparc; 53 &tm-attrib.general; 54 </legalnotice> 55 56 <abstract> 57 <para>The release notes for &os; &release.current; contain a summary 58 of the changes made to the &os; base system on the 59 &release.branch; development line. 60 This document lists applicable security advisories that were issued since 61 the last release, as well as significant changes to the &os; 62 kernel and userland. 63 Some brief remarks on upgrading are also presented.</para> 64 </abstract> 65</articleinfo> 66 67<sect1 id="intro"> 68 <title>Introduction</title> 69 70 <para>This document contains the release notes for &os; 71 &release.current;. It 72 describes recently added, changed, or deleted features of &os;. 73 It also provides some notes on upgrading 74 from previous versions of &os;.</para> 75 76<![ %release.type.current [ 77 78 <para>The &release.type; distribution to which these release notes 79 apply represents the latest point along the &release.branch; development 80 branch since &release.branch; was created. Information regarding pre-built, binary 81 &release.type; distributions along this branch 82 can be found at <ulink url="&release.url;"></ulink>.</para> 83 84]]> 85 86<![ %release.type.snapshot [ 87 88 <para>The &release.type; distribution to which these release notes 89 apply represents a point along the &release.branch; development 90 branch between &release.prev; and the future &release.next;. 91 Information regarding 92 pre-built, binary &release.type; distributions along this branch 93 can be found at <ulink url="&release.url;"></ulink>.</para> 94 95]]> 96 97<![ %release.type.release [ 98 99 <para>This distribution of &os; &release.current; is a 100 &release.type; distribution. It can be found at <ulink 101 url="&release.url;"></ulink> or any of its mirrors. More 102 information on obtaining this (or other) &release.type; 103 distributions of &os; can be found in the <ulink 104 url="&url.books.handbook;/mirrors.html"><quote>Obtaining 105 &os;</quote> appendix</ulink> to the <ulink 106 url="&url.books.handbook;/">&os; 107 Handbook</ulink>.</para> 108 109]]> 110 111 <para>All users are encouraged to consult the release errata before 112 installing &os;. The errata document is updated with 113 <quote>late-breaking</quote> information discovered late in the 114 release cycle or after the release. Typically, it contains 115 information on known bugs, security advisories, and corrections to 116 documentation. An up-to-date copy of the errata for &os; 117 &release.current; can be found on the &os; Web site.</para> 118 119</sect1> 120 121<sect1 id="new"> 122 <title>What's New</title> 123 124 <para>This section describes 125 the most user-visible new or changed features in &os; 126 since &release.prev;. 127 In general, changes described here are unique to the &release.branch; 128 branch unless specifically marked as &merged; features. 129 </para> 130 131 <para>Typical release note items 132 document recent security advisories issued after 133 &release.prev;, 134 new drivers or hardware support, new commands or options, 135 major bug fixes, or contributed software upgrades. They may also 136 list changes to major ports/packages or release engineering 137 practices. Clearly the release notes cannot list every single 138 change made to &os; between releases; this document focuses 139 primarily on security advisories, user-visible changes, and major 140 architectural improvements.</para> 141 142 <sect2 id="security"> 143 <title>Security Advisories</title> 144 145 <para>A temporary file vulnerability in &man.texindex.1;, which 146 could allow a local attacker to overwrite files in the context 147 of a user running the &man.texindex.1; utility, has been fixed. 148 For more details see security advisory <ulink 149 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:01.texindex.asc">FreeBSD-SA-06:01.texindex</ulink>. &merged;</para> 150 151 <para>A temporary file vulnerability in the &man.ee.1; text 152 editor, which could allow a local attacker to overwrite files in 153 the context of a user running &man.ee.1;, has been fixed. For 154 more details see security advisory <ulink 155 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:02.ee.asc">FreeBSD-SA-06:02.ee</ulink>. &merged;</para> 156 157 <para>Several vulnerabilities in the &man.cpio.1; utility have 158 been corrected. For more 159 details see security advisory <ulink 160 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:03.cpio.asc">FreeBSD-SA-06:03.cpio</ulink>. &merged;</para> 161 162 <para>An error in &man.ipfw.4; IP fragment handling, which could 163 cause a crash, has been fixed. For more 164 details see security advisory <ulink 165 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:04.ipfw.asc">FreeBSD-SA-06:04.ipfw</ulink>. &merged;</para> 166 167 <para>A potential buffer overflow in the IEEE 802.11 scanning code 168 has been corrected. For more 169 details see security advisory <ulink 170 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:05.80211.asc">FreeBSD-SA-06:05.80211</ulink>. &merged;</para> 171 172 <para>Two instances in which portions of kernel memory could be 173 disclosed to users have been fixed. For more details see 174 security advisory <ulink 175 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:06.kmem.asc">FreeBSD-SA-06:06.kmem</ulink>. &merged;</para> 176 177 <para>A logic bug in the IP fragment handling in &man.pf.4;, which 178 could cause a crash under certain circumstances, has been fixed. 179 For more details see security advisory <ulink 180 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:07.pf.asc">FreeBSD-SA-06:07.pf</ulink>. &merged;</para> 181 182 <para>A logic bug in the NFS server code, which could cause a crash when 183 the server received a message with a zero-length payload, has been fixed. 184 For more details see security advisory <ulink 185 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:10.nfs.asc">FreeBSD-SA-06:10.nfs</ulink>. &merged;</para> 186 187 <para>A programming error in the &man.fast.ipsec.4; implementation 188 results in the sequence number associated with a Security 189 Association not being updated, allowing packets to unconditionally 190 pass sequence number verification checks, has been fixed. 191 For more details see security advisory <ulink 192 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:11.ipsec.asc">FreeBSD-SA-06:11.ipsec</ulink>. &merged;</para> 193 194 <para>A logic bug that could cause &man.opiepasswd.1; to allow an unprivileged 195 user to configure OPIE authentication for the root user under certain 196 circumstances, has been fixed. 197 For more details see security advisory <ulink 198 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:12.opie.asc">FreeBSD-SA-06:12.opie</ulink>. &merged;</para> 199 200 <para>An asynchronous signal handling vulnerability in &man.sendmail.8;, 201 which could allow a remote attacker to execute arbitrary code with the 202 privileges of the user running sendmail, typically root, has been fixed. 203 For more details see security advisory <ulink 204 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:13.sendmail.asc">FreeBSD-SA-06:13.sendmail</ulink>. &merged;</para> 205 206 <para>[&arch.amd64;, &arch.i386] An information disclosure issue found in the 207 &os; kernel running on 7th- and 8th-generation AMD processors 208 has been fixed. For more details see security advisory <ulink 209 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:14.fpu.asc">FreeBSD-SA-06:14.fpu</ulink>. &merged;</para> 210 211 <para>A bug in &man.ypserv.8;, which effectively disabled the 212 <filename>/var/yp/securenets</filename> access control mechanism, 213 has been corrected. More details are available in security 214 advisory 215 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:15.ypserv.asc">FreeBSD-SA-06:15.ypserv</ulink>. &merged;</para> 216 217 <para>A bug in the smbfs file system, which could allow an 218 attacker to escape out of &man.chroot.2 environments on an smbfs 219 mounted filesystem, has been fixed. For more details, see 220 security advisory 221 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc">FreeBSD-SA-06:16.smbfs</ulink>. &merged;</para> 222 223 <para>A potential denial of service problem in &man.sendmail.8; 224 caused by excessive recursion which leads to stack 225 exhaustion when attempting delivery of a malformed 226 MIME message, has been fixed. For more details, 227 see security advisory <ulink 228 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc">FreeBSD-SA-06:17.sendmail</ulink>. &merged;</para> 229 230 <para>A potential buffer overflow condition in &man.sppp.4; has 231 been corrected. For more details, see security advisory 232 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc">FreeBSD-SA-06:18.ppp</ulink>. &merged;</para> 233 234 <para>An OpenSSL bug related to validation of PKCS#1 v1.5 235 signatures has been fixed. For more details, see security 236 advisory 237 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:19.openssl.asc">FreeBSD-SA-06:19.openssl</ulink>. &merged;</para> 238 239 <para>A potential denial of service attack against &man.named.8; 240 has been fixed. For more details, see security advisory 241 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc">FreeBSD-SA-06:20.bind</ulink>. &merged;</para> 242 243 <para>Several programming errors have been fixed in &man.gzip.1;. 244 They could have the effect of causing a crash or an infinite 245 loop when decompressing files. More information can be found in 246 security advisory 247 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:21.gzip.asc">FreeBSD-SA-06:21.gzip</ulink>. &merged;</para> 248 249 <para>Several vulnerabilities have been fixed in OpenSSH. More 250 details can be found in security advisory 251 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:22.openssh.asc">FreeBSD-SA-06:22.openssh</ulink>. &merged;</para> 252 253 <para>Multiple errors in the OpenSSL &man.crypto.3; library have 254 been fixed. Potential effects are varied, and are documented in 255 more detail in security advisory 256 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc">FreeBSD-SA-06:23.openssl</ulink>. &merged;</para> 257 258 <para>A bug that could permit corrupt archives to cause an 259 infinite loop in &man.libarchive.3; and &man.tar.1; has been 260 fixed. More details are available in 261 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive.asc">FreeBSD-SA-06:24.libarchive</ulink>. &merged;</para> 262 263 <para>A bug that could allow users in 264 the <groupname>operator</groupname> group to read parts of kernel 265 memory has been corrected. For more details, consult security 266 advisory 267 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:25.kmem.asc">FreeBSD-SA-06:25.kmem</ulink>. &merged;</para> 268 269 </sect2> 270 271 <sect2 id="kernel"> 272 <title>Kernel Changes</title> 273 274 <para>&man.acpi.4; now has basic support for the HPET time counter.</para> 275 276 <para>The &man.acpi.ibm.4; driver now supports setting the fan control 277 mode to manual or automatic, and adjusting the fan speed if the 278 fan control mode is manual. To enable manual control of the fan speed, 279 the sysctl variable <varname>dev.acpi_ibm.<replaceable>0</replaceable>.fan</varname> 280 needs to be set to zero (manual). This should only be used with 281 extreme precaution, as disabling automatic fan control might 282 overheat the hardware and lead to permanent damage.</para> 283 284 <para>The &man.apm.4; suspend/resume support has been improved.</para> 285 286 <para>Security event auditing is now supported in the &os; kernel, 287 and is enabled by the <literal>AUDIT</literal> kernel 288 configuration option. More information can be found in the 289 &man.audit.4; manual page.</para> 290 291 <para>The <literal>options COMPAT_43</literal> kernel 292 configuration option has been deemed unnecessary and has been 293 removed from <filename>GENERIC</filename> and related kernel 294 configurations. This change may result in a small performance 295 increase for some workloads.</para> 296 297 <para>The &man.ddb.4; debugger now provides the <literal>show lock</literal> 298 command. If the argument has a valid lock class, 299 this displays various information about the lock and calls a 300 new function pointer in lock_class (lc_ddb_show) to dump class-specific 301 information about the lock as well (such as the owner of a mutex or 302 xlock'ed sx lock). &merged;</para> 303 304 <para>The &man.ddb.4; debugger now provides the <literal>show sleepq</literal> 305 command. This takes a wait channel as an argument and looks 306 for a sleep queue associated with that wait channel.</para> 307 308 <para><filename>DEFAULTS</filename> kernel configuration files 309 for each platform have been added. These files contain 310 directives that are implicitly included in all kernel 311 configurations, and generally include basic, mandatory 312 functionality for each platform. &merged;</para> 313 314 <para>A bug in file descriptor handling such that a simple 315 <literal>close(0); dup(fd)</literal> sequence does not return 316 descriptor <literal>0</literal> in some cases, has been fixed.</para> 317 318 <para>The &man.firmware.9; subsystem has been added. This 319 subsystem provides a mechanism 320 to load binary data into the kernel via a specially crafted module. 321 &merged;</para> 322 323 <para>The &man.gdb.1; remote debugging interface now supports 324 copying console messages to a remote debugger instance. 325 To enable this, set <literal>debug.gdbcons="1"</literal> 326 in <filename>loader.conf</filename>, enter <literal>boot -d; 327 gdb; step</literal> from the loader prompt, 328 then attach &man.gdb.1; from a remote machine. 329 The sysctl variable <varname>debug.gdbcons</varname> can be 330 used to turn on/off this functionality.</para> 331 332 <para>&man.hwpmc.4; and &man.pmcstat.8; now support profiling 333 of dynamically loaded kernel modules and 334 shared objects loaded with &man.dlopen.3;. 335 &man.pmcstat.8; can now log over a network socket 336 to a remote host.</para> 337 338 <para>Support for Kernel Scheduled Entities (KSE) is now a kernel 339 option (previously it was a mandatory feature in the kernel). 340 It is enabled in the GENERIC kernel (thus there is no change in 341 functionality) for all platforms except sun4v.</para> 342 343 <para>The &man.random.4; entropy device driver is now MPSAFE. 344 &merged;</para> 345 346 <para>&os; now supports concurrent &man.read.2;/&man.readv.2; 347 access to a file.</para> 348 349 <para>The experimental CORE process scheduler has been added, 350 enabled with the <literal>options SCHED_CORE</literal> kernel 351 configuration option. It is forked from the &man.sched.ule.4; 352 scheduler, but 353 with a different algorithm for detecting an interactive process. 354 More information can be found in the &man.sched.core.4; manual 355 page.</para> 356 357 <para>The <literal>SIGCHLD</literal> signal queuing has been 358 added. For each child process whose status has been changed, 359 a <literal>SIGCHLD</literal> instance is queued. If the signal is still pending, 360 and the process changed status several times, the signal information 361 is updated to reflect the latest process status. 362 There is a loader tunable <varname>kern.sigqueue.queue_sigchild</varname> 363 which can control the behavior, setting it to zero disables the 364 <literal>SIGCHLD</literal> queuing feature.</para> 365 366 <para>[&arch.amd64;, &arch.i386;] Instead of including all of physical 367 memory in a kernel crash dump, the kernel now defaults to dumping only pages that are 368 actively mapped into kernel virtual memory. A new 369 <varname>debug.minidump</varname> sysctl variable 370 can be used to turn off this behavior when set to zero. &merged;</para> 371 372 <para>A new sysctl variable <varname>kern.malloc_stats</varname> 373 has been added. This allows exporting of kernel malloc 374 statistics via a binary structure stream.</para> 375 376 <para>A new sysctl variable <varname>kern.forcesigexit</varname> 377 has been added. This forces a process 378 to sigexit if a trap signal is being held by the current thread or 379 ignored by the current process. It is enabled by default.</para> 380 381 <para>The pcvt(4) driver, an alternative to &man.syscons.4;, 382 has been removed, as it had fallen out of sync with the rest 383 of the kernel.</para> 384 385 <para>RedZone, a buffer corruption protection for the kernel &man.malloc.9; 386 facility has been implemented. This detects both buffer underflows and 387 overflows at runtime on &man.free.9; and &man.realloc.9;, 388 and prints backtraces from where memory was allocated and from where 389 it was freed. For more details, see the &man.redzone.9; manual page.</para> 390 391 <para>A new sysctl variable <varname>security.mac.biba.interfaces_equal</varname> 392 which makes all network interfaces be created with the label 393 <literal>biba/equal(equal-equal)</literal>, has been added. 394 This is useful where programs such as &man.dhclient.8; and &man.ppp.8;. 395 which initialize network interfaces do not have any labeling support. 396 This variable is set as <literal>0</literal> (disabled) by default. 397 &merged;</para> 398 399 <para>A new sysctl variable <varname>vm.zone_stats</varname> 400 has been added. This allows to export &man.uma.9; allocator 401 statistics via a binary structure stream.</para> 402 403 <para>The sysctl variable <varname>hw.pci.do_powerstate</varname> 404 has been changed from a boolean to a range. 405 <literal>0</literal> means no power management, 406 <literal>1</literal> means conservative power management which 407 any device class that has caused problems is added to the watch list, 408 <literal>2</literal> means aggressive power management where 409 any device class that is not fundamental to the system is added to the list, 410 and <literal>3</literal> means power them all down unconditionally. 411 The default is <literal>1</literal>.</para> 412 413 <para>[&arch.ia64;] The <filename>GENERIC</filename> kernel now enables 414 SMP support by default.</para> 415 416 <para>Sample kernel configuration files 417 <filename>src/sys/<replaceable>arch</replaceable>/conf/MAC</filename> 418 for the Mandatory Access Control framework have been added.</para> 419 420 <para><varname>POSIX_TIMERS</varname> support has been updated to 200112L.</para> 421 422 <para>An experimental support for POSIX message queue has been 423 implemented.</para> 424 425 <para>&os; now runs on the Xbox, whose architecture is nearly identical 426 to the i386. For details of the latest development, see 427 <ulink url="http://www.FreeBSD.org/platforms/xbox.html"></ulink>. 428 &merged; </para> 429 430 <sect3 id="boot"> 431 <title>Boot Loader Changes</title> 432 433 <para>A new option <option>-S</option>, 434 which allows setting the <filename>boot2</filename> 435 serial console speed in the <filename>/boot.config</filename> 436 file or on the <prompt>boot:</prompt> prompt line, 437 has been added.</para> 438 439 <para>[&arch.amd64;, &arch.i386;] A new loader tunable 440 <varname>comconsole_speed</varname> to change 441 the serial console speed has been added. 442 If the previous stage boot loader requested a serial console, 443 then the default speed is determined from the current serial port 444 speed. Otherwise it is set to 9600 or the value of 445 the <literal>BOOT_COMCONSOLE_SPEED</literal> kernel option. 446 &merged;</para> 447 448 <!-- Above this line, order boot loader changes by keyword--> 449 450 <para>[&arch.pc98;] A bootable CDROM loader has been implemented 451 for the pc98 platform. &merged;</para> 452 453 <para>[&arch.i386;] A bug in the i386 boot loader, which could 454 cause filesystem corruption if 455 a <filename>nextboot.conf</filename> file was used and landed 456 after cylinder 1023, has been fixed. &merged;</para> 457 458 </sect3> 459 460 <sect3 id="proc"> 461 <title>Hardware Support</title> 462 463 <para>The &man.amdsmb.4; driver has been added. It provides 464 support for the AMD-8111 SMBus 2.0 controller. &merged;</para> 465 466 <para>The &man.cardbus.4;, &man.pccard.4;, 467 &man.pccbb.4;, and &man.exca.4; drivers are now buildable 468 as kernel modules.</para> 469 470 <para>An &man.acpi.dock.4; driver has been added to provide 471 support for controlling laptop docking station functions via 472 ACPI.</para> 473 474 <para>The &man.acpi.thermal.4; driver now supports 475 passive cooling. &merged;</para> 476 477 <para>The &man.acpi.thermal.4; driver now supports overriding 478 the <literal>_PSV</literal>, <literal>_HOT</literal>, and 479 <literal>_CRT</literal> temperature values.</para> 480 481 <para>Support for the alpha architecture has been removed. Alpha 482 support will remain on the RELENG_5 and RELENG_6 codelines.</para> 483 484 <para>The &man.cardbus.4; driver now supports 485 <filename>/dev/cardbus<replaceable>%d</replaceable>.cis</filename>.</para> 486 487 <para>[&arch.i386, &arch.pc98;] The &man.ce.4; driver, 488 which supports Cronyx Tau-PCI/32 adapters, has been added. 489 &merged;</para> 490 491 <para>The <literal>est</literal> &man.cpufreq.4; driver now supports 492 frequency control for the VIA C7-M family of processors.</para> 493 494 <para>Support for the PadLock Security Co-processor in VIA C3, 495 Eden, and C7 496 processors has been added to the &man.crypto.9; subsystem. 497 More information can be found in the &man.padlock.4; manual 498 page. 499 &merged;</para> 500 501 <para>A bug which prevented the &man.ichsmb.4; kernel module 502 from unloading has been fixed.</para> 503 504 <para>[&arch.amd64;, &arch.i386;] Dual-core processors (such as the Intel 505 Core Duo) now have both cores available for use by 506 default in SMP-enabled kernels. &merged;</para> 507 508 <para>[&arch.amd64;, &arch.i386;] &man.ipmi.4;, an OpenIPMI compatible driver, 509 has been added. 510 OpenIPMI (Intelligent Platform Management Interface) is an open 511 standard designed to enable remote monitoring and control of server, 512 networking and telecommunication platforms. &merged;</para> 513 514 <para>The &man.kbdmux.4; driver has been integrated into &man.syscons.4; and 515 the <devicename>kbd</devicename> device driver. 516 By default &man.syscons.4; will look for the &man.kbdmux.4; 517 keyboard first, and then, if not found, look for any keyboard. 518 Switching to &man.kbdmux.4; can be done at boot time by loading 519 the <literal>kbdmux</literal> kernel module via &man.loader.8;, 520 or at runtime via &man.kldload.8; and releasing the active 521 keyboard. &merged;</para> 522 523 <para>[&arch.amd64;, &arch.i386;] The &man.kbdmux.4; driver is now included in the 524 <filename>GENERIC</filename> kernel by default. 525 Also, the <quote>Boot FreeBSD with USB keyboard</quote> 526 menu item in the boot loader menu has been removed 527 since this fixes USB keyboard probing problems. 528 &merged;</para> 529 530 <para>The &man.nfsmb.4; driver, which supports the NVIDIA nForce 531 2/3/4 SMBus 2.0 controller, has been added. &merged;</para> 532 533 <para>[&arch.ia64;] The loader tunable <varname>debug.mpsafevfs</varname> 534 is set to <literal>1</literal> by default.</para> 535 536 <para>The &man.sab.4; driver has been removed (it has been 537 superceded by the &man.scc.4; driver).</para> 538 539 <para>The &man.scc.4; driver has been added. 540 This provides generic support for serial communications 541 controllers and delegates the control over each channel 542 and mode to a subordinate driver such as &man.uart.4;.</para> 543 544 <para>[&arch.amd64;] The smbios(4) driver support for amd64 has been 545 added.</para> 546 547 <para>[&arch.sun4v;] &os; now has preliminary support for the Sun Microsystems 548 UltraSPARC-T1 architecture. &os;/sun4v has been demonstrated 549 to run on the Sun Fire T1000 and Sun Fire T2000 servers. 550 More information can be found on the 551 <ulink url="http://www.FreeBSD.org/platforms/sun4v.html">sun4v 552 Project</ulink> 553 page.</para> 554 555 <para>The tnt4882(4) driver, which supports the National Instruments 556 PCI-GPIB card, has been added.</para> 557 558 <para>[&arch.amd64;, &arch.i386;, &arch.ia64;, &arch.sparc64;] The &man.uart.4; driver has been included in the 559 <filename>GENERIC</filename> kernel by default. 560 When both &man.sio.4; and &man.uart.4; can handle a given serial port, 561 &man.sio.4; will claim it.</para> 562 563 <para>The &man.uart.4; driver now supports LOM (Lights Out Management) 564 and RSC (Remote System Control) devices as consoles.</para> 565 566 <para>[&arch.i386;] A new loader tunable 567 <varname>hw.apic.enable_extint</varname> has been added. 568 This tunable can be used to disable masking of the ExtINT pin on the first 569 I/O APIC. At least one chipset for the Intel Pentium III seems 570 to need this, even though all of the pins in the 8259As are masked. 571 The default is still to mask the ExtINT pin.</para> 572 573 <para>[&arch.i386;] Support has been improved for 574 so-called <quote>legacy-free</quote> hardware, in particular, 575 i386 systems without AT-style keyboard controllers such as the 576 Macbook Pro. &merged;</para> 577 578 <sect4 id="mm"> 579 <title>Multimedia Support</title> 580 581 <para>The &man.agp.4; driver now supports ATI AGP chipsets. 582 &merged;</para> 583 584 <para>The new midi(4) driver which is based on NetBSD's one 585 has been added. This supports &man.snd.cmi.4; and 586 &man.snd.emu10k1.4; drivers.</para> 587 588 <para>The &man.sound.4; driver now supports 589 wider range sampling rate, multiple precisions choice, 590 and 24/32 bit PCM format conversion. &merged;</para> 591 592 <para>The &man.snd.als4000.4; driver is now MPSAFE. &merged;</para> 593 594 <para>The &man.snd.atiixp.4; driver has been added. 595 This supports ATI IXP 200/300/400 series audio controllers. &merged;</para> 596 597 <para>The &man.snd.atiixp.4; driver now supports 598 suspend and resume features.</para> 599 600 <para>The &man.snd.cmi.4; driver is now MPSAFE.</para> 601 602 <para>The &man.snd.emu10kx.4; driver has been added. It 603 supports Creative SoundBlaster Live! and Audigy series sound 604 cards with optional pseudo-multichannel playback.</para> 605 606 <para>The &man.snd.envy24.4; driver has been added to support 607 the Envy24 series of audio chips.</para> 608 609 <para>The &man.snd.es137x.4; driver is now MPSAFE. &merged;</para> 610 611 <para>The &man.snd.ich.4; driver is now MPSAFE. &merged;</para> 612 613 <para>The &man.snd.solo.4; driver is now MPSAFE. &merged;</para> 614 615 <para>The &man.snd.via8233.4; driver is now MPSAFE. &merged;</para> 616 617 <para>The &man.snd.via82c686.4; driver is now MPSAFE. &merged;</para> 618 619 <para>[&arch.amd64;] The &man.speaker.4; driver now supports &os;/amd64. &merged;</para> 620 621 <para>The &man.uaudio.4; driver now supports 24/32 bit audio 622 formats and conversion.</para> 623 </sect4> 624 625 <sect4 id="net-if"> 626 <title>Network Interface Support</title> 627 628 <para>The &man.ath.4; driver has been updated to 629 HAL version 0.9.17.2. &merged;</para> 630 631 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;, &arch.sparc64;] 632 The &man.ath.4;, &man.ath.hal.4;, and 633 <literal>ath_rate_sample</literal> drivers have been 634 included in the <filename>GENERIC</filename> kernel by 635 default. &merged;</para> 636 637 <para>[&arch.amd64;, &arch.i386;] The &man.bce.4; driver, which supports Broadcom 638 NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet controllers, 639 has been added. For more details, see &man.bce.4;. &merged;</para> 640 641 <para>A bug which prevents the &man.bfe.4; driver from working 642 on a system with over 1GB RAM has been fixed. &merged;</para> 643 644 <para>The &man.bge.4; driver's Jumbo frame support is now MPSAFE.</para> 645 646 <para>The &man.bge.4; driver now supports big-endian 647 architectures such as sparc64.</para> 648 649 <para>The &man.bge.4; driver now supports &man.polling.4; mode. 650 &merged;</para> 651 652 <para>The &man.cm.4; driver is now MPSAFE.</para> 653 654 <para>The &man.dc.4; driver is now MPSAFE. &merged;</para> 655 656 <para>The &man.de.4; driver has been converted to the &man.bus.dma.9; 657 API and is now MPSAFE.</para> 658 659 <para>The &man.ed.4; driver is now MPSAFE.</para> 660 661 <para>The &man.el.4; driver has been removed due to lack of use.</para> 662 663 <para>The &man.em.4; driver now supports big-endian 664 architectures such as sparc64. &merged;</para> 665 666 <para>The &man.em.4; driver has been updated to 667 version 6.2.9 from Intel. Among other changes, it now supports 668 80003, 82571, 82571EB and 82572 based adapters, as well as 669 onboard-NICs on ICH8-based motherboards. &merged;</para> 670 671 <para>The &man.em.4; driver now includes 672 initial support for suspend and resume features.</para> 673 674 <para>The performance of the &man.em.4; driver has been improved 675 by using a fast interrupt handler and taskqueue 676 instead of ithread handler. This change can be disabled 677 by defining <literal>NO_EM_FASTINTR</literal> kernel option 678 for debugging purpose.</para> 679 680 <para>The &man.iwi.4; driver now supports big-endian 681 architectures such as sparc64.</para> 682 683 <para>A number of improvements and bugfixes have been made to the 684 functionality of the &man.iwi.4; driver. This driver now 685 requires the firmware image in the 686 <filename role="package">net/iwi-firmware-kmod</filename> 687 port/package; prior versions of this driver used the 688 <filename role="package">net/iwi-firmware</filename> 689 port/package. &merged;</para> 690 691 <para>The &man.le.4; driver, which supports AMD Am7900 LANCE 692 and Am79C9xx PCnet NICs, 693 has been added. While the &man.lnc.4; driver also supports these 694 NICs, this driver has several advantages over it such as 695 MPSAFE, ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI 696 variants. This driver is based on NetBSD's implementation. 697 &merged;</para> 698 699 <para>The &man.lge.4; driver is now MPSAFE. &merged;</para> 700 701 <para>The lnc(4) driver has been removed. The &man.le.4; and 702 &man.pcn.4; drivers support all devices that were supported 703 by lnc(4).</para> 704 705 <para>The &man.msk.4; driver has been added. It supports 706 network interfaces using the Marvell/SysKonnect Yukon II 707 Gigabit Ethernet controller.</para> 708 709 <para>The &man.my.4; driver is now MPSAFE. &merged;</para> 710 711 <para>The &man.my.4; driver now supports &man.altq.4;. &merged;</para> 712 713 <para>[&arch.amd64;, &arch.i386;] The &man.mxge.4; driver, 714 which supports Myricom Myri10GE 10 Gigabit Ethernet 715 adapters, has been added. For more details, see 716 &man.mxge.4;.</para> 717 718 <para>The &man.nfe.4; driver, an open-source driver for nForce 719 Ethernet devices, has been added, originally from 720 OpenBSD.</para> 721 722 <para>The &man.nve.4; driver has been updated to version 1.0-0310 723 (23-Nov-2005). It also now has &man.altq.4; support. &merged;</para> 724 725 <para>The &man.pcn.4; driver is now MPSAFE. &merged;</para> 726 727 <para>The &man.re.4; driver now supports the D-Link DGE-528(T) 728 Gigabit Ethernet card.</para> 729 730 <para>The &man.sf.4; driver is now MPSAFE. &merged;</para> 731 732 <para>The &man.sk.4; driver is now MPSAFE. &merged;</para> 733 734 <para>The &man.ste.4; driver is now MPSAFE. &merged;</para> 735 736 <para>The &man.stge.4; driver has been added. It supports the 737 Sundance/Tamarack TC9021 Gigabit Ethernet controller and was 738 ported from NetBSD. &merged;</para> 739 740 <para>The &man.ti.4; driver now supports big-endian 741 architectures such as sparc64.</para> 742 743 <para>The &man.ufoma.4; driver for 744 FOMA (third generation mobile phone system by NTT DoCoMo, Inc. 745 in Japan) has been added. 746 This should support other third generation mobile phones 747 since the driver is based on USB Implementation Guideline 748 from MCPC (Mobile Computing Promotion Consortium) in Japan.</para> 749 750 <para>The vgapci(4) driver has been added. This is a stub 751 device driver for VGA PCI devices and serves as a bus 752 so that other drivers such as drm(4), 753 &man.acpi.video.4;, and &man.agp.4; can attach to 754 it thus allowing multiple drivers for the same device.</para> 755 756 <para>The &man.wi.4; driver is now buildable as 757 a kernel module.</para> 758 759 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] The &man.wlan.wep.4;, 760 &man.wlan.ccmp.4;, and &man.wlan.tkip.4; drivers 761 have been included in the <filename>GENERIC</filename> 762 kernel by default.</para> 763 764 <para>The network interface groups feature has been imported 765 from OpenBSD. This feature allows an administrator to, for 766 example, apply firewall rules to an entire group of 767 interfaces. More information can be found in 768 &man.ifconfig.8;.</para> 769 770 </sect4> 771 </sect3> 772 773 <sect3 id="net-proto"> 774 <title>Network Protocols</title> 775 776 <para>The &man.arp.4; retransmission algorithm has been 777 rewritten so that ARP requests are retransmitted without 778 suppression, while there is demand for such ARP entry. 779 Due to this change, a sysctl variable 780 <varname>net.link.ether.inet.host_down_time</varname> 781 has been removed. &merged;</para> 782 783 <para>The &man.arp.4; protocol now supports a sysctl variable 784 <varname>net.link.ether.inet.log_arp_permanent_modify</varname> 785 to suppress logging of attempts to modify 786 permanent ARP entries. &merged;</para> 787 788 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] An experimental BPF Just-In-Time compiler 789 has been implemented for both &man.bpf.4; and &man.ng.bpf.4;. 790 To enable this, the 791 <literal>options BPF_JITTER</literal> kernel option is needed. 792 The <varname>net.bpf_jitter.enable</varname> 793 can be used to disable this feature.</para> 794 795 <para>Multiple copies of a packet received via different 796 &man.bpf.4; listeners now all have identical 797 timestamps. &merged;</para> 798 799 <para>The bridge(4) driver has been removed from the tree. Its 800 functionality has been completely replaced by 801 &man.if.bridge.4;.</para> 802 803 <para>The &man.enc.4; IPsec filtering pseudo-device has been 804 added. It allows firewall packages using the &man.pfil.9; 805 framework to examine (and filter) IPsec traffic before 806 outbound encryption and after inbound decryption. &merged;</para> 807 808 <para>The &man.gre.4; driver, which is for GRE encapsulation 809 found in RFC 1701 and RFC 1702, now supports IPv6 over GRE.</para> 810 811 <para>The &man.if.bridge.4; driver now supports 812 creating SPAN ports, which transmit a copy of every frame 813 received by the bridge. This feature can be enabled 814 by using &man.ifconfig.8;. &merged;</para> 815 816 <para>The &man.if.bridge.4; driver now supports 817 RFC 3378 EtherIP. This change makes it possible to 818 add &man.gif.4; interfaces to bridges, which will then 819 send and receive IP protocol 97 packets. 820 Packets are Ethernet frames with an EtherIP header prepended. 821 &merged;</para> 822 823 <para>The &man.if.bridge.4; driver now supports RSTP, the Rapid 824 Spanning Tree Protocol (802.1w).</para> 825 826 <para>A hard-coded limit on the number of IPv4 multicast group 827 memberships (formerly 20) has been removed.</para> 828 829 <para>The path MTU discovery for multicast packets in the &os; 830 IPv6 stack has been disabled by default. 831 Path MTU notification from a large number of multicast routers 832 can be a kind of distributed Denial-of-Service attack to a router. 833 This feature can be re-enabled by using a new sysctl variable 834 <varname>net.inet6.ip6.mcast_pmtu</varname>. &merged;</para> 835 836 <para>IPv6 link-local addresses are now enabled only 837 if <varname>ipv6_enable</varname> is set in &man.rc.conf.5;. 838 &merged;</para> 839 840 <para>The &man.ipfw.4; IP packet filter now supports IPv6. &merged;</para> 841 842 <para>The &man.ipfw.4; firewall system now supports 843 a <literal>tablearg</literal> feature, which allows 844 values obtained from a table lookup to be used as part of a 845 rule. &merged; 846 This feature can be used to optimize some rulesets 847 or to implement policy-based routing inside a firewall. 848 For example, the following rules will throw different 849 packets to different pipes:</para> 850 851 <programlisting>pipe 1000 config bw 1000Kbyte/s 852pipe 4000 config bw 4000Kbyte/s 853table 1 add x.x.x.x 1000 854table 1 add x.x.x.y 4000 855pipe tablearg ip from table(1) to any</programlisting> 856 857 <para>The &man.ipfw.4; packet filter now supports 858 <literal>tag</literal> and <literal>untag</literal> rule keywords. 859 When a packet matches a rule with the <literal>tag</literal> 860 keyword, the numeric tag for the given number in the range 861 from 0 to 65535 will be attached to the packet. 862 The tag acts as an internal marker (it is not sent out over 863 the wire) that can be used to identify these packets later on, 864 for example, by using <literal>tagged</literal> 865 rule option. For more details, see &man.ipfw.8;. &merged;</para> 866 867 <para>The <literal>IPFIREWALL_FORWARD_EXTENDED</literal> kernel 868 option has been removed. This option was used to permit 869 &man.ipfw.4; to redirect packets with local destinations. 870 This behavior is now always enabled when 871 the <literal>IPFIREWALL_FORWARD</literal> kernel option is 872 enabled. &merged;</para> 873 874 <para>The ip6fw(8) packet filter has been removed. Since &man.ipfw.4; has gained 875 IPv6 support, it should be used instead. Please note that some rules might need 876 to be adjusted.</para> 877 878 <para>The &man.natm.4;, Native Mode ATM protocol layer is now MPSAFE.</para> 879 880 <para>The &man.ng.ether.4; Netgraph node no longer overwrites 881 the MAC address of outgoing frames by default. &merged;</para> 882 883 <para>The &man.ng.iface.4; Netgraph node now supports &man.altq.4;. 884 &merged;</para> 885 886 <para>The &man.ng.tag.4; Netgraph node has been added to 887 support the manipulation of mbuf tags attached to data in the 888 kernel. &merged;</para> 889 890 <para>A bug has been fixed in which NFS over TCP would not reconnect 891 when the server sent a FIN. This problem had occurred 892 with Solaris NFS servers. &merged;</para> 893 894 <para>The default retransmit timer for NFS over TCP is now 60 seconds. 895 This change prevents the unnecessary retransmission of 896 non-idempotent NFS requests. The <varname>nfs_access_cache</varname> 897 variable in &man.rc.conf.5; has also been changed to 60.</para> 898 899 <para>The default minimum number of nfsiod kernel threads 900 (&man.sysctl.8; variable <varname>vfs.nfs.iodmin</varname>) 901 has been changed from 4 to 0.</para> 902 903 <para>The sysctl variables <varname>net.inet.ip.portrange.reservedhigh</varname> 904 and <varname>net.inet.ip.portrange.reservedlow</varname> 905 can be used with IPv6 now. &merged;</para> 906 907 <para>A new sysctl variable <varname>net.inet.icmp.reply_from_interface</varname> 908 has been added. This allows the &man.icmp.4; 909 reply to non-local packets to be generated with 910 the IP address the packet came through in. 911 This is useful for routers to show in &man.traceroute.8; 912 the actual path a packet has taken instead of 913 the possibly different return path.</para> 914 915 <para>A new sysctl variable <varname>net.inet.icmp.quotelen</varname> 916 has been added. This allows to change length of 917 the quotation of the original packet in an ICMP reply. 918 The minimum of 8 bytes is internally enforced. 919 The maximum quotation is the remaining space in the 920 reply mbuf. This option is added in response to the 921 issues raised in I-D 922 <filename>draft-gont-icmp-payload-00.txt</filename>.</para> 923 924 <para>The &man.icmp.4; now always quotes the entire TCP header 925 when responding and allocate an mbuf cluster if needed. 926 This change fixes the TCP issues raised in I-D 927 <filename>draft-gont-icmp-payload-00.txt</filename>.</para> 928 929 <para>A new socket option <literal>IP_MINTTL</literal> has been added. 930 This may be used to set the minimum acceptable 931 TTL a packet must have when received on a socket. 932 All packets with a lower TTL are silently dropped. 933 This works on already connected/connecting and 934 listening sockets for RAW, UDP, and TCP. This option 935 is only really useful when set to <literal>255</literal>, preventing packets 936 from outside the directly connected networks reaching 937 local listeners on sockets. Also, this option allows 938 userland implementation of <quote>The Generalized TTL 939 Security Mechanism (GTSM)</quote> found in RFC 3682.</para> 940 941 <para>The kernel &man.ppp.4; driver now supports IPv6.</para> 942 943 <para>Stealth forwarding now supports IPv6 as well as IPv4. 944 This behavior can be controlled by using a new sysctl variable 945 <varname>net.inet6.ip6.stealth</varname>.</para> 946 947 <para>Support has been added for the Stream Control Transmission 948 Protocol (SCTP). SCTP implements a reliable, message-oriented 949 transport protocol, and is defined in RFC 3268. It is enabled 950 in &os; with the <literal>SCTP</literal> kernel option.</para> 951 952 <para>The <literal>IPV6_V6ONLY</literal> socket option 953 now works for UDP.</para> 954 955 <para>The TCP bandwidth-delay product limiting feature has 956 been disabled when the RTT is below a certain threshold. 957 This optimization does not make sense on a LAN, as it has 958 trouble figuring out the maximal bandwidth due to the coarse 959 tick granularity. A new sysctl variable 960 <varname>net.inet.tcp.inflight.rttthresh</varname> specifies 961 the threshold in milliseconds below which this feature 962 will disengage. It defaults to 10ms. &merged;</para> 963 964 <para>The &os; network stack now has support for TCP 965 Segmentation Offload (TSO). TSO reduces the overhead of 966 sending bulk TCP data by allowing a network interface to 967 convert a large data transfer into multiple TCP segments to be 968 sent on the network. This functionality can be enabled or 969 disabled on a per-interface basis with 970 the <literal>tso</literal> and <literal>-tso</literal> flags 971 to &man.ifconfig.8;. Network interfaces and drivers 972 supporting TSO currently include &man.em.4; and 973 &man.mxge.4;.</para> 974 975 <para>Support for &man.kqueue.2; operations has been added to 976 the &man.tun.4; driver. &merged;</para> 977 978 </sect3> 979 980 <sect3 id="disks"> 981 <title>Disks and Storage</title> 982 983 <para>The &man.aac.4; driver now supports the Adaptec 2610SA SATA-RAID 984 controller in some Hewlett-Packard machines.</para> 985 986 <para>The performance of the &man.amr.4; driver has been improved; 987 it also now supports full 64-bit DMA. While this feature is 988 enabled by default, this can be forced off by setting the 989 <varname>hw.amr.force_sg32</varname> loader tunable for 990 debugging purpose. 991 &merged;</para> 992 993 <para>The &man.amr.4; driver now supports the &man.ioctl.2; requests 994 necessary for the Linux LSI MegaRaid tools in &os;'s Linux emulation 995 environment. 996 &merged;</para> 997 998 <para>The &man.arcmsr.4; driver has been updated to version 999 1.20.00.13. &merged;</para> 1000 1001 <para>The &man.ata.4; driver now supports a workaround 1002 for some controllers whose DMA does not work properly 1003 in 48bit mode. For affected controllers, 1004 PIO mode will be used for access to areas beyond 137GB. 1005 &merged;</para> 1006 1007 <para>The &man.ata.4; driver now supports the ITE IT8211F IDE controller, 1008 and the Promise PDC40718 and PDC40719 chip found in Promise 1009 Fasttrak TX4300. 1010 &merged;</para> 1011 1012 <para>The &man.ata.4; driver now supports DMA for kernel crash dumps, 1013 as well as crash dumping to an &man.ataraid.4; device. 1014 &merged;</para> 1015 1016 <para>The &man.ata.4; driver now supports USB mass storage class 1017 devices. To enable it, a line <literal>device atausb</literal> 1018 in the kernel configuration file or loading the 1019 <filename>atausb</filename> kernel module is needed. 1020 Note that this functionality cannot coexist with the 1021 &man.umass.4; driver. &merged;</para> 1022 1023 <para>The &man.ataraid.4; driver now supports 1024 JMicron ATA RAID metadata. &merged;</para> 1025 1026 <para>The <literal>GEOM_LABEL</literal> class now supports 1027 Ext2FS, NTFS, and ReiserFS. &merged;</para> 1028 1029 <para>The <literal>GEOM_MIRROR</literal> class now supports 1030 kernel crash dumps to the GEOM providers. 1031 &merged;</para> 1032 1033 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal> 1034 classes now support sysctl variables 1035 <varname>kern.geom.mirror.disconnect_on_failure</varname> 1036 and 1037 <varname>kern.geom.graid3.disconnect_on_failure</varname> 1038 to control whether failed components will be disconnected or not. 1039 The default value is <literal>1</literal> to preserve the current 1040 behavior, and if it is set to <literal>0</literal> such components 1041 are not disconnected and the kernel will try to still use them 1042 (only the first error will be logged). 1043 This is helpful for the case of multiple broken components (in 1044 different places), so actually all data is available. 1045 The broken components will be visible in <command>gmirror list</command> 1046 or <command>graid3 list</command> output with flag 1047 <literal>BROKEN</literal>. 1048 &merged;</para> 1049 1050 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal> 1051 classes now use parallel I/O requests for synchronization 1052 to improve the performance. New sysctl variables 1053 <varname>kern.geom.mirror.sync_requests</varname> and 1054 <varname>kern.geom.raid3.sync_requests</varname> 1055 define how many parallel I/O requests should be used. 1056 Also, the sysctl variables 1057 <varname>kern.geom.mirror.reqs_per_sync</varname>, 1058 <varname>kern.geom.mirror.syncs_per_sec</varname>, 1059 <varname>kern.geom.raid3.reqs_per_sync</varname>, and 1060 <varname>kern.geom.raid3.syncs_per_sec</varname> 1061 are deprecated and have been removed. 1062 &merged;</para> 1063 1064 <para>A new GEOM class <literal>GEOM_ZERO</literal> has been added. 1065 It creates a very huge provider (41PB) <filename>/dev/gzero</filename> 1066 and is mainly useful for performance testing. 1067 On <literal>BIO_READ</literal> request it zero-fills 1068 <varname>bio_data</varname> and on <literal>BIO_WRITE</literal> 1069 it does nothing. 1070 &merged;</para> 1071 1072 <para>The GEOM class kernel module <filename>g_md.ko</filename> 1073 has been renamed to <filename>geom_md.ko</filename> 1074 for consistency.</para> 1075 1076 <para>[&arch.amd64;, &arch.i386;] The &man.hptmv.4; driver has been updated and now supports 1077 amd64 as well as PAE.</para> 1078 1079 <para>The &man.mfi.4; driver, which supports 1080 the LSI MegaRAID SAS controller family, has been added. 1081 &merged;</para> 1082 1083 <para>The &man.mpt.4; driver has been updated to support 1084 various new features such as RAID volume and RAID member 1085 state/settings reporting, periodic volume re-synchronization 1086 status reporting, and sysctl variables for volume 1087 re-synchronization rate, volume member write cache status, 1088 and volume transaction queue depth.</para> 1089 1090 <para>The &man.mpt.4; driver now supports SAS HBA (partially), 1091 64-bit PCI, and large data transfer.</para> 1092 1093 <para>The &man.twa.4; driver has been updated to the 9.3.0.1 1094 release on the 3ware Web site. &merged;</para> 1095 1096 <para>A new GEOM-based disk encryption facility, GEOM_ELI, has been 1097 added. It uses the &man.crypto.9; framework for hardware acceleration 1098 and supports different cryptographic algorithms. See &man.geli.8; for 1099 more information. &merged;</para> 1100 1101 <para>The &man.geli.8; disk encryption system now supports loading keyfiles before the root 1102 file system is mounted. &merged; 1103 For example, the following entries 1104 can be used in <filename>/boot/loader.conf</filename> to enable 1105 it:</para> 1106 1107 <programlisting>geli_da0_keyfile0_load="YES" 1108geli_da0_keyfile0_type="da0:geli_keyfile0" 1109geli_da0_keyfile0_name="/boot/keys/da0.key0" 1110geli_da0_keyfile1_load="YES" 1111geli_da0_keyfile1_type="da0:geli_keyfile1" 1112geli_da0_keyfile1_name="/boot/keys/da0.key1" 1113geli_da0_keyfile2_load="YES" 1114geli_da0_keyfile2_type="da0:geli_keyfile2" 1115geli_da0_keyfile2_name="/boot/keys/da0.key2" 1116 1117geli_da1s3a_keyfile0_load="YES" 1118geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0" 1119geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"</programlisting> 1120 1121 <para>&man.geli.8; is now able to perform data integrity 1122 verification (data authentication) of encrypted data stored on 1123 disk. Note that the encryption algorithm is now specified to 1124 the &man.geli.8; control program using the <option>-e</option> 1125 option; the <option>-a</option> option is now used to specify 1126 the authentication algorithm. &merged;</para> 1127 1128 <para>The &man.umass.4; driver now supports 1129 <literal>PLAY_MSF</literal>, 1130 <literal>PLAY_TRACK</literal>, 1131 <literal>PLAY_TRACK_REL</literal>, 1132 <literal>PAUSE</literal>, 1133 <literal>PLAY_12</literal> commands so that 1134 the &man.cdcontrol.1; utility can handle a USB CD drive.</para> 1135 </sect3> 1136 1137 <sect3 id="fs"> 1138 <title>File Systems</title> 1139 1140 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] The &man.linsysfs.5; 1141 pseudo-filesystem driver has been added. 1142 It provides a subset of the 1143 Linux <filename>sys</filename> filesystem, and is required for 1144 the correct operation of some Linux binaries (such as the LSI 1145 MegaRAID SAS utility). &merged;</para> 1146 1147 <para>A part of the FreeBSD NFS subsystem (the interface with 1148 the protocol stack and callouts, the NFS client side) is now MPSAFE.</para> 1149 1150 <para>Initial (read-only) support for SGI's XFS filesystem has been 1151 added.</para> 1152 </sect3> 1153 </sect2> 1154 1155 <sect2 id="userland"> 1156 <title>Userland Changes</title> 1157 1158 <para>Padding of <varname>ai_addrlen</varname> 1159 in <varname>struct addrinfo</varname> has been removed, 1160 which was originally for the ABI compatibility. 1161 For example, this change breaks the ABI compatibility of the 1162 &man.getaddrinfo.3; function on 64-bit architectures, including 1163 &os;/amd64, &os;/ia64, and &os;/sparc64.</para> 1164 1165 <para>The &man.asf.8; utility has been revised and extended. Now 1166 it can operate via several interfaces including &man.kvm.3;, 1167 which supports not only live systems, but also kernel crash dumps. 1168 &merged;</para> 1169 1170 <para>The &man.arp.8; utility now allows the <option>-i</option> 1171 option together with the <option>-d</option> and <option>-a</option> options 1172 to allow all entries for a given interface to be removed.</para> 1173 1174 <para>The OpenBSM userland tools, including &man.audit.8;, 1175 &man.auditd.8;, 1176 &man.auditreduce.1;, and 1177 &man.praudit.1;, have been added. &merged;</para> 1178 1179 <para>The &man.bsdiff.1; and &man.bspatch.1; utilities 1180 have been added. These are tools for constructing and 1181 applying binary patches. &merged;</para> 1182 1183 <para>The &man.bsnmpd.1; utility now supports the Host Resources 1184 MIB described in RFC 2790. &merged;</para> 1185 1186 <para>&man.cached.8; has been added. It is a daemon that caches 1187 the results of nsswitch lookups (such as those to the password, 1188 group, and services databases) for improved performance.</para> 1189 1190 <para>The &man.cmp.1; utility now supports an <option>-h</option> 1191 flag to compare the symbolic link itself rather than the 1192 file that the link points to. &merged;</para> 1193 1194 <para>The &man.config.8; utility now supports the <literal>nocpu</literal> 1195 directive, which cancels the effect of a 1196 previous <literal>cpu</literal> directive. &merged;</para> 1197 1198 <para>The &man.config.8; utility now reads <filename>DEFAULTS</filename> 1199 kernel configuration file if it exists in the current directory 1200 before the specified configuration file. &merged;</para> 1201 1202 <para>The &man.cp.1; utility now supports a <option>-l</option> 1203 option, which causes it to create hardlinks to the source files 1204 instead of copying them. &merged;</para> 1205 1206 <para>The &man.csh.1; utility now supports NLS catalogs. 1207 Note that this requires installing 1208 the <filename role="package">shells/tcsh_nls</filename> port. 1209 &merged;</para> 1210 1211 <para>The &man.csup.1; utility has been imported. 1212 This is an implementation of a CVSup-compatible client written 1213 in the C language. Note that it currently supports checkout mode 1214 only. &merged;</para> 1215 1216 <para>The &man.dhclient.8; program now sends the host's name in 1217 DHCP requests if it is not specified in the configuration 1218 file. &merged;</para> 1219 1220 <para>The &man.devd.8; utility now supports a <option>-f</option> option 1221 to specify a configuration file. &merged;</para> 1222 1223 <para>The &man.du.1; program now supports a <option>-n</option> 1224 flag, which causes it to ignore files and directories with 1225 the <literal>nodump</literal> flag set. &merged;</para> 1226 1227 <para>The &man.fsdb.8; utility now supports changing the birth 1228 time of files on UFS2 file systems using the new 1229 <literal>btime</literal> command. &merged;</para> 1230 1231 <para>The &man.fsdb.8; program now supports 1232 a <literal>findblk</literal> command, which finds the inode(s) 1233 owning a specific disk block. &merged;</para> 1234 1235 <para>The &man.find.1; program now supports <option>-Btime</option> 1236 and other related primaries, which can be used to create expressions 1237 based on a file's creation time. &merged;</para> 1238 1239 <para>A bug in the &man.find.1; program which prevents 1240 numeric arguments for <option>-user</option> and 1241 <option>-group</option> from working as expected 1242 has been fixed.</para> 1243 1244 <para>The &man.freebsd-update.8; utility, a tool for managing 1245 binary updates to the &os; base system, has been added. &merged;</para> 1246 1247 <para>The &man.ftpd.8; utility now creates a PID file 1248 <filename>/var/run/ftpd.pid</filename> even when 1249 no <option>-p</option> option is specified. &merged;</para> 1250 1251 <para>The &man.gbde.8; utility now supports 1252 <option>-k</option> and <option>-K</option> options 1253 to specify a key file in addition to a passphrase.</para> 1254 1255 <para>The &man.getfacl.1; utility now supports 1256 a <option>-q</option> flag to suppress the per-file header 1257 comment listing the file name, owner, and group. 1258 &merged;</para> 1259 1260 <para>The &man.getent.1; utility has been imported from NetBSD. 1261 It retrieves and displays information from an administrative 1262 database (such as <filename>hosts</filename>) using the lookup 1263 order specified in &man.nsswitch.conf.5;. &merged;</para> 1264 1265 <para>The &man.gpt.8; utility now supports setting GPT partition labels.</para> 1266 1267 <para>The &man.gvinum.8; utility now supports commands 1268 to rename objects and to move a subdisk from 1269 one drive to another. &merged;</para> 1270 1271 <para>The &man.gvinum.8; utility now supports the 1272 <command>resetconfig</command> sub-command.</para> 1273 1274 <para>An implementation of Generic Security Service API (GSS-API) 1275 version 2 and its C binding described in RFC2743 and RFC2744 1276 has been added. This is a new extensible GSS-API layer which 1277 can support GSS-API plugins, similar the the Solaris 1278 implementation, and the Kerberos 5 GSS mechanism has 1279 been rewritten as a plugin library for the new implementation.</para> 1280 1281 <para>The &man.hccontrol.8; utility now supports HCI node 1282 autodetection.</para> 1283 1284 <para>The &man.id.1; utility now prints the effective user 1285 ID after the group ID.</para> 1286 1287 <para>The &man.id.1; utility now supports a <option>-A</option> 1288 flag to print process audit properties, including the audit user 1289 id. &merged;</para> 1290 1291 <para>The &man.ifconfig.8; utility now supports 1292 a <option>-k</option> flag to allow printing 1293 potentially sensitive keying material to standard output. 1294 This sensitive information will not be printed by default.</para> 1295 1296 <para>The &man.ifconfig.8; utility now supports a <option>-tunnel</option> 1297 parameter, which is just an alias for <option>deletetunnel</option>, 1298 yet is more convenient and easier to type.</para> 1299 1300 <para>The <option>-vlandev</option> parameter to &man.ifconfig.8; 1301 no longer requires a network interface as its argument. The 1302 argument still is supported for backward compatibility, but 1303 is now deprecated and its use is discouraged.</para> 1304 1305 <para>The &man.iostat.8; utility now supports 1306 a <option>-x</option> flag (inspired by Solaris) to print 1307 extended disk statistics. If the new <option>-z</option> flag is 1308 also specified, no output is made for disks with no 1309 activity. &merged;</para> 1310 1311 <para>The &man.ipfwpcap.8; utility has been added; it captures 1312 packets on a &man.divert.4; socket and writes them as 1313 &man.pcap.3; (also known as &man.tcpdump.1;) format data to a 1314 file or pipe.</para> 1315 1316 <para>The &man.jail.8; utility supports a <option>-J 1317 <replaceable>jid_file</replaceable></option> option to 1318 write out a JidFile, similar to a PidFile, containing 1319 the jailid, path, hostname, IP and the command used to start 1320 the jail. &merged;</para> 1321 1322 <para>The &man.jail.8; program now supports a <option>-s</option> 1323 option to specify a jail's securelevel. &merged;</para> 1324 1325 <para>The &man.jexec.8; utility now supports <option>-u</option> 1326 and <option>-U</option> flags to specify username credentials 1327 under which a command should be executed. &merged;</para> 1328 1329 <para>The &man.kdump.1; program now supports a <option>-H</option> 1330 flag, which causes kdump to print an additional field holding 1331 the threadid. &merged;</para> 1332 1333 <para>The &man.kdump.1; program now supports a <option>-s</option> 1334 flag to suppress the display of I/O data. &merged;</para> 1335 1336 <para>The &man.kdump.1; program now supports printing 1337 flags in a system call argument by using symbol names.</para> 1338 1339 <para>The &man.kenv.1; utility now supports a <option>-q</option> 1340 flag to suppress warnings.</para> 1341 1342 <para>&man.kgdb.1; now supports a <option>-w</option> 1343 option to open kmem-based targets in read-write mode. 1344 This allows one to use kgdb on <filename>/dev/mem</filename> 1345 and be able to patch memory on a live system.</para> 1346 1347 <para>The &man.libarchive.3; library now supports 1348 POSIX.1e-style Extended Attributes.</para> 1349 1350 <para>The <application>libc</application> library now includes 1351 initial implementation of symbol maps and symbol version 1352 definitions.</para> 1353 1354 <para>The <application>libedit</application> library has been 1355 updated from the NetBSD source tree as of August 2005.</para> 1356 1357 <para>The <application>libm</application> library now includes 1358 initial implementation of symbol maps and symbol version 1359 definitions.</para> 1360 1361 <para>The &man.libmemstat.3; library has been added. 1362 This is for use by debugging and monitoring applications 1363 in tracking kernel memory statistics. It provides an 1364 abstracted interface to &man.uma.9; and &man.malloc.9; 1365 statistics, wrapped around the binary stream sysctl variables 1366 for the allocators. &merged;</para> 1367 1368 <para>The &man.ln.1; utility now supports 1369 an <option>-F</option> flag, which deletes existing 1370 empty directories when creating symbolic links. 1371 &merged;</para> 1372 1373 <para>The &man.locate.1; utility now supports 1374 a <option>-0</option> flag to make this utility 1375 interoperable with &man.xargs.1;'s <option>-0</option> flag. 1376 &merged;</para> 1377 1378 <para>The &man.logger.1; utility now supports 1379 a <option>-P</option>, which specifies the port to which syslog 1380 messages should be sent. &merged;</para> 1381 1382 <para>The &man.ls.1; utility now supports 1383 an <option>-I</option> flag to disable the automatic 1384 <option>-A</option> flag for the superuser. &merged;</para> 1385 1386 <para>The &man.ls.1; utility now supports 1387 an <option>-U</option> flag to use the file creation 1388 time for sorting. &merged;</para> 1389 1390 <para>A new &man.malloc.3; implementation has been introduced. 1391 This implementation, sometimes referred to 1392 as <quote>jemalloc</quote>, was designed to improve the 1393 performance of multi-threaded programs, particularly on SMP 1394 systems, while preserving the performance of single-threaded 1395 programs. Due to the use of different algorithms and data 1396 structures, jemalloc may expose some previously-unknown bugs in 1397 userland code, although most of the &os; base system and common 1398 ports have been tested and/or fixed.</para> 1399 1400 <para>The &man.mdconfig.8; utility now supports producing 1401 device listings formatted as XML. Currently, the 1402 <command>list</command> and <command>query</command> 1403 sub-commands support this feature.</para> 1404 1405 <para>The &man.mdconfig.8; utility's <option>-u</option> option 1406 now supports specifying multiple devices separated 1407 by comma character.</para> 1408 1409 <para>The &man.mdmfs.8; utility now supports a <option>-P</option> flag 1410 to allow skipping the &man.newfs.8; process 1411 when using a vnode-backed disk.</para> 1412 1413 <para>The &man.mdmfs.8; utility now supports a <option>-E</option> flag 1414 to allow to specify location of the &man.mdconfig.8; 1415 utility instead of using the default one 1416 (<filename>/sbin/mdconfig</filename>).</para> 1417 1418 <para>A new function &man.memmem.3; has been implemented in 1419 <filename>libc</filename>. This is the binary equivalent to 1420 &man.strstr.3; and found in <filename>glibc</filename>.</para> 1421 1422 <para>The &man.mergemaster.8; utility now supports 1423 an <option>-A</option> option to explicitly specify 1424 an architecture to pass through to the underlying makefiles. 1425 &merged;</para> 1426 1427 <para>The &man.mount.8; <literal>nodev</literal> option has 1428 been removed.</para> 1429 1430 <para>The &man.mount.8; utility now supports &man.mqueuefs.5;.</para> 1431 1432 <para>A bug which prevents the &man.mount.8; utility from converting 1433 a read-only mount to read-write via <command>mount -u -o rw</command>, 1434 has been fixed.</para> 1435 1436 <para>The &man.mount.8; utility now supports a 1437 <literal>late</literal> keyword in &man.fstab.5;, along with a 1438 corresponding <option>-l</option> command-line option to specify 1439 that these <quote>late</quote> file systems should be 1440 mounted. &merged;</para> 1441 1442 <para>The &man.moused.8; daemon now supports an <option>-H</option> flag 1443 to enable horizontal virtual scrolling similar to the 1444 <option>-V</option> flag for vertical virtual scrolling. 1445 &merged;</para> 1446 1447 <para>The mrouted(8) multicast routing daemon has been removed 1448 from the &os; base system. It implements the DVMRP multicast 1449 routing protocol, which has largely been replaced by PIM in many 1450 multicast installations. The related map-mbone(8) and mrinfo(8) 1451 utilities have also been removed. These programs are now 1452 available in the &os; Ports Collection 1453 as <filename role="package">net/mrouted</filename>.</para> 1454 1455 <para>The &man.netstat.1; utility now supports an 1456 <option>-h</option> flag for interface stats mode, 1457 which prints all interface statistics in human readable form. &merged;</para> 1458 1459 <para>The &man.netstat.1; utility now supports 1460 printing &man.ipsec.4; protocol statistics if the 1461 kernel was compiled with <literal>FAST_IPSEC</literal> 1462 rather than the KAME IPSEC stack. 1463 Note that the output of <command>netstat -s -p ipsec</command> 1464 differs depending on which stack is compiled into 1465 the kernel since they each keep different statistics. &merged;</para> 1466 1467 <para>The <filename>/etc/nsswitch.conf</filename> file is now 1468 installed statically instead of being generated on every 1469 reboot.</para> 1470 1471 <para>The &man.periodic.8; daily script now supports 1472 display of the status of &man.gmirror.8;, &man.graid3.8;, 1473 &man.gstripe.8;, and &man.gconcat.8; devices. 1474 Note that these are disabled by default. &merged;</para> 1475 1476 <para>A new function, &man.pidfile.3;, which provides reliable 1477 pidfiles handling, has been implemented in 1478 <filename>libutil</filename>. &merged;</para> 1479 1480 <para>The &man.ping.8; utility now supports a <quote>sweeping 1481 ping</quote> in which &man.icmp.4; payload of 1482 packets being sent is increased with given step. 1483 This is useful for testing problematic channels, MTU issues 1484 or traffic policing functions in networks. &merged;</para> 1485 1486 <para>The &man.ping.8; command now supports a <option>-W</option> 1487 option to specify the maximum time to wait for an echo reply. 1488 &merged;</para> 1489 1490 <para>The &man.pkill.1; utility now supports a 1491 <option>-F</option> option which allows to 1492 restrict matches to a process whose PID is stored in the 1493 pidfile file. When another new option <option>-L</option> 1494 is also specified, the pidfile file must be locked with the 1495 &man.flock.2; syscall or created with &man.pidfile.3;.</para> 1496 1497 <para>The &man.pkill.1; utility now supports a 1498 <option>-I</option> flag which works like <option>-i</option> 1499 of &man.rm.1;. When this flag is specified, &man.pkill.1; 1500 will ask for confirmation before sending a signal to 1501 each matching process.</para> 1502 1503 <para>The &man.pkill.1; utility (also known as &man.pgrep.1;) has 1504 been moved from <filename>/usr/bin</filename> 1505 to <filename>/bin</filename> so that it can be used by startup 1506 scripts. Symbolic links from its former location have been 1507 created for backward compatibility. &merged;</para> 1508 1509 <para>The &man.powerd.8; program now supports a 1510 <option>-P</option> option, which specifies a pidfile to use.</para> 1511 1512 <para>An extensible implementation of &man.printf.3;, compatible 1513 with GLIBC, has been added to <filename>libc</filename>. It is 1514 only used if the environment variable 1515 <varname>USE_XPRINTF</varname> is defined, one of the extension 1516 functions is called, or the global variable 1517 <varname>__use_xprintf</varname> is set to a value greater than 1518 <literal>0</literal>. Five extensions are currently supported: 1519 <literal>%H</literal> (hex dump), 1520 <literal>%T</literal> (<varname>time_t</varname> and 1521 time-related structures), 1522 <literal>%M</literal> (errno message), 1523 <literal>%Q</literal> (double-quoted, escaped string), 1524 <literal>%V</literal> (&man.strvis.3;-format string), 1525 &merged;</para> 1526 1527 <para>The DNS resolver library in &os;'s <application>libc</application> 1528 has been updated to that from BIND 9.3.3. &merged;</para> 1529 1530 <para>The &man.rfcomm.sppd.1; program now supports service names 1531 in addition to <option>-c</option> option with channel number. 1532 The supported names are: DUN (Dial-Up Networking), FAX (Fax), 1533 LAN (LAN Access Using PPP), and SP (Serial Port). &merged;</para> 1534 1535 <para>The &man.rpcgen.1; utility now generates headers and stub files 1536 that can be used with ANSI C compilers by default.</para> 1537 1538 <para>The &man.rtld.1; runtime linker now supports ELF symbol versioning 1539 using GNU semantics. This implementation aims to be compatible 1540 with symbol versioning support as implemented by GNU libc and 1541 documented in <ulink url="http://people.redhat.com/~drepper/symbol-versioning"></ulink> 1542 and LSB 3.0. Also, <function>dlvsym()</function> 1543 function has been added to 1544 allow lookups for a specific version of a given symbol.</para> 1545 1546 <para>A bug in the &man.sed.1; utility which can cause 1547 incorrect calculation of pattern space length in some cases 1548 has been fixed.</para> 1549 1550 <para>The &man.sh.1; utility now supports a <literal>times</literal> 1551 built-in command. &merged;</para> 1552 1553 <para>The &man.snapinfo.8; utility, which shows snapshot locations 1554 on UFS filesystems, has been added. &merged;</para> 1555 1556 <para>The &man.sockstat.1; utility, which shows connected and 1557 listening network sockets, now supports a new <option>-P</option> 1558 command-line option, which can be used to filter displayed sockets 1559 by protocol name (as listed in &man.protocols.5;).</para> 1560 1561 <para>The &man.strtonum.3; library function has been implemented 1562 based on OpenBSD's implementation. This is an improved version of 1563 &man.strtoll.3;. &merged;</para> 1564 1565 <para>The &man.sysctl.8; utility now supports a <option>-q</option> 1566 flag to suppress a limited set of warnings and errors.</para> 1567 1568 <para>The &man.tail.1; utility now supports a <option>-q</option> 1569 flag to suppress header lines when multiple files are 1570 specified. &merged;</para> 1571 1572 <para>The version of tcpslice in the &os; base system has been 1573 removed due to obsolescence. A more up-to-date version can be 1574 found in the Ports Collection 1575 as <filename role="package">net/tcpslice</filename>.</para> 1576 1577 <para>The &man.time.1; utility now prints the time that a given 1578 command has been running if sent a <literal>SIGINFO</literal> signal.</para> 1579 1580 <para>The &man.traceroute.8; program now supports 1581 a <option>-D</option> flag, which causes it to display the 1582 differences between the sent and received 1583 packets. &merged;</para> 1584 1585 <para>The &man.traceroute.8; utility now supports 1586 a <option>-e</option> option, which sets a fixed destination 1587 port for probe packets. This can be useful for tracing behind 1588 packet-filtering firewalls. &merged;</para> 1589 1590 <para>&man.traceroute.8; now decodes the complete set of ICMP 1591 unreachable messages in its output. &merged;</para> 1592 1593 <para>The &man.truss.1; utility now supports an <option>-s</option> 1594 flag for the same functionality as the strace utility 1595 (<filename role="package">devel/strace</filename>).</para> 1596 1597 <para>[&arch.powerpc;] The &man.truss.1; utility now supports &os;/powerpc.</para> 1598 1599 <para>The usbd(8) utility has been removed. 1600 The &man.devd.8; utility and its configuration 1601 file now support functionality which is equivalent to it.</para> 1602 1603 <para>The &man.xargs.1; utility now supports a <option>-r</option> 1604 flag which makes the command execution when the standard input 1605 does not contain any non-whitespace-characters. &merged;</para> 1606 1607 <para>The shared library version number of all libraries has 1608 been updated due to some possible ABI changes. The libraries 1609 include: snmp_<replaceable>*</replaceable>, libdialog, libg2c, libobjc, 1610 libreadline, libregex, libstdc++, libkrb5, libalias, libarchive, 1611 libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt, 1612 libdevstat, libedit, libexpat, libfetch, libftpio, libgpib, 1613 libipsec, libkiconv, libmagic, libmp, libncp, libncurses, 1614 libnetgraph, libngatm, libopie, libpam, libpthread, libradius, 1615 libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw, 1616 libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto, 1617 libssh, and libssl.</para> 1618 1619 <para>The <function>wcsdup()</function> function has been 1620 implemented. This function is popular in Microsoft and GNU 1621 systems.</para> 1622 1623 <para>The compiler toolchain is now capable of generating 1624 executables for systems using the ARM processor. &merged;</para> 1625 1626 <sect3 id="rc-scripts"> 1627 <title><filename>/etc/rc.d</filename> Scripts</title> 1628 1629 <para>The <filename>auditd</filename> script for 1630 OpenBSM &man.auditd.8; has been added. &merged;</para> 1631 1632 <para>The <filename>bluetooth</filename> script 1633 has been added. This script will be called from 1634 &man.devd.8; in response to device attachment/detachment 1635 events and to stop/start particular device without unplugging 1636 it by hand. The configuration parameters are in 1637 <filename>/etc/defaults/bluetooth.device.conf</filename>, 1638 and can be overridden by using 1639 <filename>/etc/bluetooth/<replaceable>$device</replaceable>.conf</filename> 1640 (where <replaceable>$device</replaceable> is <devicename>ubt0</devicename>, 1641 <devicename>btcc0</devicename>, and so on.) 1642 For more details, see &man.bluetooth.conf.5;. &merged;</para> 1643 1644 <para>The <filename>ftpd</filename> script for 1645 stand-alone &man.ftpd.8; has been added.</para> 1646 1647 <para>The <filename>gbde_swap</filename> script has 1648 been removed in favor a new <filename>encswap</filename> 1649 script which also supports &man.geli.8; for swap 1650 encryption.</para> 1651 1652 <para>The <filename>geli</filename> and <filename>geli2</filename> 1653 scripts has been added for &man.geli.8; device 1654 configuration on boot.</para> 1655 1656 <para>The <filename>ike</filename> script for 1657 IPsec IKE daemon has been removed because no such daemon 1658 is included in the base system.</para> 1659 1660 <para>The <filename>hcsecd</filename> and 1661 <filename>sdpd</filename> scripts have been added 1662 for &man.hcsecd.8; and &man.sdpd.8; daemons. 1663 These daemons can run even if no Bluetooth devices 1664 are attached to the system, but both daemons depend on 1665 Bluetooth socket layer and thus disabled by default. 1666 Bluetooth sockets layer must be either loaded 1667 as a module or compiled into kernel before the daemons can run. 1668 &merged;</para> 1669 1670 <para>The <filename>hostapd</filename> script for 1671 &man.hostapd.8; has been added. &merged;</para> 1672 1673 <para>The <filename>mdconfig</filename> script to 1674 handle vnode backed &man.md.4; devices has been added. 1675 This is a replacement of the <filename>ramdisk</filename> 1676 script, and all of variables in <varname>ramdisk_*</varname> 1677 have been changed to <varname>mdconfig_*</varname>. 1678 Also, two new &man.rc.conf.5; variables 1679 <varname>mdconfig_<replaceable>*</replaceable>_files</varname> 1680 and 1681 <varname>mdconfig_<replaceable>*</replaceable>_cmd</varname> 1682 have been added. For example:</para> 1683 1684 <programlisting>mdconfig_md0="-t malloc -s 10m" 1685mdconfig_md1="-t vnode -f /var/foo.img"</programlisting> 1686 1687 <para>The <filename>netif</filename> script now supports 1688 <varname>ipv4_addrs_<replaceable>ifn</replaceable></varname> 1689 variables, 1690 which add one or more IPv4 address from a ranged list in 1691 CIDR notation. &merged; For example:</para> 1692 1693 <programlisting>ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"</programlisting> 1694 1695 <para>The <filename>rcconf.sh</filename> script in <filename>/etc/rc.d</filename> 1696 has been removed and a variable <varname>early_late_divider</varname>, 1697 which designates the script to separate the early and late stages 1698 of the boot process, has been added.</para> 1699 1700 <para>The <filename>rc.initdiskless</filename> script now uses &man.tar.1; 1701 instead of &man.pax.1; because &man.pax.1; needs a writable 1702 temporary directory that may not be available when this script 1703 runs.</para> 1704 1705 <para>The <filename>pccard</filename> script has been removed 1706 since OLDCARD is deprecated.</para> 1707 1708 <para>The <filename>ppp-user</filename> script has been renamed to 1709 <filename>ppp</filename>. &merged;</para> 1710 1711 <para>The <varname>removable_interfaces</varname> variable 1712 has been removed.</para> 1713 1714 <para>A new keyword <literal>NOAUTO</literal> in 1715 <varname>ifconfig_<replaceable>ifn</replaceable></varname> 1716 has been added. This prevents configuration of an interface 1717 at boot time or via <filename>/etc/pccard_ether</filename>, 1718 and allows <filename>/etc/rc.d/netif</filename> 1719 to be used to start and stop an interface 1720 on a purely manual basis.</para> 1721 </sect3> 1722 </sect2> 1723 1724 <sect2 id="contrib"> 1725 <title>Contributed Software</title> 1726 1727 <para><application>Intel ACPI-CA</application> 1728 has been updated to 20051021.</para> 1729 1730 <para><application>BIND</application> has been updated from 9.3.1 1731 to 9.3.3. &merged;</para> 1732 1733 <para><application>BSNMPD</application> has been updated from 1734 1.11 to 1.12.</para> 1735 1736 <para><application>DRM</application> has 1737 been updated to a snapshot from DRI CVS as of 20060517. 1738 &merged;</para> 1739 1740 <para><application>FILE</application> has been updated from 4.12 1741 to 4.17.</para> 1742 1743 <para><application>netcat</application> has been updated from the 1744 version in a 4 February 2005 OpenBSD snapshot to the version 1745 included in OpenBSD 3.9. &merged;</para> 1746 1747 <para><application>GCC</application> has been updated from 3.4.4 1748 to 3.4.6. &merged;</para> 1749 1750 <para><application>GNU Readline library</application> has been 1751 updated from 5.0 to 5.1.</para> 1752 1753 <para><application>GNU Troff</application> 1754 has been updated from version 1.19 to version 1.19.2. 1755 &merged;</para> 1756 1757 <para><application>IPFilter</application> has been updated from 1758 4.1.8 to 4.1.13. &merged;</para> 1759 1760 <para><application>less</application> has been updated from v381 1761 to v394. &merged;</para> 1762 1763 <para><application>libpcap</application> has been updated from 1764 0.9.1 to 0.9.4. &merged;</para> 1765 1766 <para><application>lukemftpd</application> has been updated from a 1767 snapshot from NetBSD as of 9 August 2004 to a snapshot from 1768 NetBSD as of 31 August 2006. &merged;</para> 1769 1770 <para><application>OpenSSH</application> has been updated from 1771 4.2p1 to 4.5p1. &merged;</para> 1772 1773 <para><application>OpenSSL</application> has been updated from 1774 0.9.7e to 0.9.8d.</para> 1775 1776 <para><application>hostapd</application> 1777 has been updated from version 0.3.9 to version 0.4.8. 1778 &merged;</para> 1779 1780 <para><application>sendmail</application> has been updated from 1781 8.13.4 to 8.13.8. &merged;</para> 1782 1783 <para><application>tcpdump</application> has been updated from 1784 3.9.1 to 3.9.4. &merged;</para> 1785 1786 <para>The timezone database has been updated from the 1787 <application>tzdata2005l</application> release to the 1788 <application>tzdata2006n</application> release. &merged;</para> 1789 1790 <para><application>tip</application> has been updated to a 1791 snapshot from OpenBSD as of 20060831.</para> 1792 1793 <para>TrustedBSD <application>OpenBSM</application>, 1794 version 1.0 alpha 12, an implementation of the documented Sun Basic 1795 Security Module (BSM) Audit API and file format, as well as local 1796 extensions to support the Mac OS X and &os; operating systems 1797 has been added. This also includes command line tools for audit 1798 trail reduction and conversion to text, as well as documentation 1799 of the commands, file format, and APIs. 1800 For this functionality, the <literal>AUDIT</literal> kernel option, 1801 <filename>/var/audit</filename> directory, and 1802 <literal>audit</literal> group have been added. &merged;</para> 1803 1804 <para><application>WPA Supplicant</application> 1805 has been updated from version 0.3.9 to version 0.4.8. 1806 &merged;</para> 1807 1808 <para><application>zlib</application> 1809 has been updated from version 1.2.2 to version 1.2.3. &merged;</para> 1810 </sect2> 1811 1812 <sect2 id="ports"> 1813 <title>Ports/Packages Collection Infrastructure</title> 1814 1815 <para>&man.pkg.add.1; now supports an <option>-F</option> 1816 flag to disable checking whether the same package is already 1817 installed or not. &merged;</para> 1818 1819 <para>The &man.pkg.add.1; program now supports an <option>-P</option> 1820 flag, which is the same as the <option>-p</option> flag 1821 except that the given prefix is also used recursively for the 1822 dependency packages if any. &merged;</para> 1823 1824 <para>The &man.pkg.add.1; and &man.pkg.create.1; utilities now support 1825 a <option>-K</option> flag to save packages to the current directory 1826 (or <varname>PKGDIR</varname> if defined) by default. 1827 &merged;</para> 1828 1829 <para>The &man.pkg.create.1; program now supports an <option>-x</option> 1830 flag to support basic regular expressions for package name, 1831 an <option>-E</option> flag for extended regular 1832 expressions, and a <option>-G</option> for exact matching. &merged;</para> 1833 1834 <para>The &man.pkg.version.1; utility now supports an <option>-o</option> 1835 flag to show the origin recorded on package generation 1836 instead of the package name, and an <option>-O</option> flag 1837 to list packages with a specific registered origin. 1838 &merged;</para> 1839 1840 <para>The &man.portsnap.8; utility (<filename>sysutils/portsnap</filename>) 1841 has been added into the &os; base system. This is a secure, 1842 easy to use, fast, lightweight, and generally good way for 1843 users to keep their ports trees up to date. &merged;</para> 1844 1845 <para>A incorrect handling of <varname>HTTP_PROXY_AUTH</varname> 1846 in the &man.portsnap.8; utility has been fixed. &merged;</para> 1847 1848 <para>The startup scripts from the <varname>local_startup</varname> 1849 directory now evaluated by using &man.rcorder.8; with scripts 1850 in the base system. &merged;</para> 1851 1852 <para>The suffix of startup scripts from the Ports Collection 1853 has been removed. This means <filename>foo.sh</filename> 1854 is renamed to <filename>foo</filename>, and now 1855 scripts whose name is something like 1856 <filename>foo.ORG</filename> will also be invoked. 1857 You are recommended to reinstall packages which install 1858 such scripts and remove extra files in the 1859 <varname>local_startup</varname> directory. &merged;</para> 1860 1861 <para>New <filename>rc.conf</filename> variables, 1862 <varname>ldconfig_local_dirs</varname> and 1863 <varname>ldconfig_local32_dirs</varname> have been added. 1864 These hold lists of local &man.ldconfig.8; directories. 1865 &merged;</para> 1866 1867 <para>The <command>@cwd</command> command in 1868 <filename>pkg-plist</filename> now allows 1869 the case where no directory argument is given. If no 1870 directory argument is given, it will set current 1871 working directory to the first prefix given by the 1872 <command>@cwd</command> command. &merged;</para> 1873 </sect2> 1874 1875 <sect2 id="releng"> 1876 <title>Release Engineering and Integration</title> 1877 1878 <para>The default partition sizing algorithm of the 1879 &man.sysinstall.8; utility has been changed.</para> 1880 1881 <itemizedlist> 1882 <listitem> 1883 <para>On systems where the disk capacity is larger than (3 * RAMsize + 10GB), 1884 the default sizes will now be as follows:</para> 1885 1886 <informaltable frame="none" pgwide="0"> 1887 <tgroup cols="2"> 1888 <colspec colwidth="1*"> 1889 <colspec colwidth="2*"> 1890 <thead> 1891 <row> 1892 <entry>Partition</entry> 1893 <entry>Size</entry> 1894 </row> 1895 </thead> 1896 1897 <tbody> 1898 <row><entry>swap</entry><entry>RAMsize * 2</entry></row> 1899 <row><entry><filename>/</filename></entry><entry>512 MB</entry></row> 1900 <row><entry><filename>/tmp</filename></entry><entry>512 MB</entry></row> 1901 <row><entry><filename>/var</filename></entry><entry>1024 MB + RAMsize</entry></row> 1902 <row><entry><filename>/usr</filename></entry><entry>the rest (8GB or more)</entry></row> 1903 </tbody> 1904 </tgroup> 1905 </informaltable> 1906 </listitem> 1907 1908 <listitem> 1909 <para>On systems where the disk capacity is larger than 1910 (RAMsize / 8 + 2 GB), the default sizes will be 1911 in the following ranges, with space allocated 1912 proportionally:</para> 1913 1914 <informaltable frame="none" pgwide="0"> 1915 <tgroup cols="2"> 1916 <colspec colwidth="1*"> 1917 <colspec colwidth="2*"> 1918 <thead> 1919 <row> 1920 <entry>Partition</entry> 1921 <entry>Size</entry> 1922 </row> 1923 </thead> 1924 1925 <tbody> 1926 <row><entry>swap</entry><entry>from RAMsize / 8 to RAMsize * 2</entry></row> 1927 <row><entry><filename>/</filename></entry><entry>from 256MB to 512MB</entry></row> 1928 <row><entry><filename>/tmp</filename></entry><entry>from 128MB to 512MB</entry></row> 1929 <row><entry><filename>/var</filename></entry><entry>from 128MB to 1024MB</entry></row> 1930 <row><entry><filename>/usr</filename></entry><entry>from 1536MB to 8192MB</entry></row> 1931 </tbody> 1932 </tgroup> 1933 </informaltable> 1934 </listitem> 1935 1936 <listitem> 1937 <para>On systems with even less disk space, the existing behavior is not 1938 changed.</para> 1939 </listitem> 1940 </itemizedlist> 1941 1942 <para>The &man.sysinstall.8; utility now displays the running &os; 1943 version in menu titles. &merged;</para> 1944 1945 <para>A new <literal>showconfig</literal> 1946 target has been added in <filename>src/Makefile</filename> 1947 to show the build configuration of the &os; source tree.</para> 1948 1949 <para>A <filename>/media</filename> directory has been 1950 added to contain mount points for removable media 1951 such as CDROMs, floppy disks, USB drives, and so on. &merged;</para> 1952 1953 <para>The <filename>src.conf</filename> file, which 1954 contains settings that will apply to every build involving 1955 the &os; source tree, has been added. 1956 For details, see &man.build.7; and &man.src.conf.5;.</para> 1957 1958 <para>The supported version of 1959 the <application>GNOME</application> desktop environment 1960 (<filename role="package">x11/gnome2</filename>) has been 1961 updated from 2.10.2 to 2.16.1. As a part of this update, the 1962 default prefix for <application>GNOME</application> (and some 1963 related programs) has moved from 1964 <filename>/usr/X11R6</filename> 1965 to <filename>/usr/local</filename>. &merged;</para> 1966 1967 <para>The supported version of 1968 the <application>KDE</application> desktop environment 1969 (<filename role="package">x11/kde3</filename>) has been 1970 updated from 3.4.2 to 3.5.4. &merged;</para> 1971 1972 <para>[&arch.amd64;, &arch.i386;] The supported Linux emulation now uses the 1973 libraries in the 1974 <filename role="package">emulators/linux_base-fc4</filename> 1975 package. &merged;</para> 1976 1977 <para>The supported version of 1978 the <application>Perl</application> interpreter 1979 (<filename role="package">lang/perl5.8</filename>) has been updated 1980 from 5.8.7 to 5.8.8. &merged;</para> 1981 1982 <para>The supported version of 1983 the <application>&xorg;</application> windowing system 1984 (<filename role="package">x11/xorg</filename>) has been updated 1985 from 6.8.2 to 6.9.0. &merged;</para> 1986 1987 <para>[&arch.pc98;] &os;/pc98 release CDROMs are now 1988 bootable on systems with some supported SCSI adapters. 1989 &merged;</para> 1990 </sect2> 1991 1992 <sect2 id="doc"> 1993 <title>Documentation</title> 1994 1995 <para>Documentation of existing functionality has been improved by 1996 the addition of the following manual pages: 1997 &man.acpi.sony.4;, &man.device.get.sysctl.9;, 1998 &man.ext2fs.5;, 1999 &man.mca.8;, 2000 &man.nanobsd.8;, 2001 &man.snd.mss.4;, &man.snd.t4dwave.4;, 2002 &man.sysctl.9;.</para> 2003 2004 <para>The manual pages for <application>NTP</application> 2005 have been updated to 4.2.0, to match the version of 2006 code actually included in &os;. &merged;</para> 2007 2008 <para>Initial support for kernel subsystem API documentation generating 2009 framework using <filename role="package">devel/doxygen</filename> 2010 has been added into <filename>src/sys/doc/subsys</filename>. 2011 To generate the API document, type <command>make doxygen</command> 2012 in <filename>src/</filename> directory.</para> 2013 </sect2> 2014</sect1> 2015 2016<sect1 id="upgrade"> 2017 <title>Upgrading from previous releases of &os;</title> 2018 2019 <para></para> 2020 2021 <important> 2022 <para>Upgrading &os; should, of course, only be attempted after 2023 backing up <emphasis>all</emphasis> data and configuration 2024 files.</para> 2025 </important> 2026</sect1> 2027</article> 2028