article.xml revision 167381
1<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ 2<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN"> 3%articles.ent; 4 5<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> 6%release; 7 8<!-- Text constants which probably don't need to be changed.--> 9 10<!-- The marker for MFCs. --> 11<!ENTITY merged "[MERGED]"> 12 13<!-- Architecture names --> 14<!ENTITY arch.amd64 "amd64"> 15<!ENTITY arch.arm "arm"> 16<!ENTITY arch.i386 "i386"> 17<!ENTITY arch.ia64 "ia64"> 18<!ENTITY arch.pc98 "pc98"> 19<!ENTITY arch.powerpc "powerpc"> 20<!ENTITY arch.sparc64 "sparc64"> 21<!ENTITY arch.sun4v "sun4v"> 22 23<!ENTITY % include.historic "IGNORE"> 24<!ENTITY % no.include.historic "IGNORE"> 25]> 26 27<article> 28<articleinfo> 29 <title>&os; &release.current; Release Notes</title> 30 31 <corpauthor>The &os; Project</corpauthor> 32 33 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 167381 2007-03-09 20:14:07Z bmah $</pubdate> 34 35 <copyright> 36 <year>2000</year> 37 <year>2001</year> 38 <year>2002</year> 39 <year>2003</year> 40 <year>2004</year> 41 <year>2005</year> 42 <year>2006</year> 43 <year>2007</year> 44 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder> 45 </copyright> 46 47 <legalnotice id="trademarks" role="trademarks"> 48 &tm-attrib.freebsd; 49 &tm-attrib.ibm; 50 &tm-attrib.ieee; 51 &tm-attrib.intel; 52 &tm-attrib.sparc; 53 &tm-attrib.general; 54 </legalnotice> 55 56 <abstract> 57 <para>The release notes for &os; &release.current; contain a summary 58 of the changes made to the &os; base system on the 59 &release.branch; development line. 60 This document lists applicable security advisories that were issued since 61 the last release, as well as significant changes to the &os; 62 kernel and userland. 63 Some brief remarks on upgrading are also presented.</para> 64 </abstract> 65</articleinfo> 66 67<sect1 id="intro"> 68 <title>Introduction</title> 69 70 <para>This document contains the release notes for &os; 71 &release.current;. It 72 describes recently added, changed, or deleted features of &os;. 73 It also provides some notes on upgrading 74 from previous versions of &os;.</para> 75 76<![ %release.type.current [ 77 78 <para>The &release.type; distribution to which these release notes 79 apply represents the latest point along the &release.branch; development 80 branch since &release.branch; was created. Information regarding pre-built, binary 81 &release.type; distributions along this branch 82 can be found at <ulink url="&release.url;"></ulink>.</para> 83 84]]> 85 86<![ %release.type.snapshot [ 87 88 <para>The &release.type; distribution to which these release notes 89 apply represents a point along the &release.branch; development 90 branch between &release.prev; and the future &release.next;. 91 Information regarding 92 pre-built, binary &release.type; distributions along this branch 93 can be found at <ulink url="&release.url;"></ulink>.</para> 94 95]]> 96 97<![ %release.type.release [ 98 99 <para>This distribution of &os; &release.current; is a 100 &release.type; distribution. It can be found at <ulink 101 url="&release.url;"></ulink> or any of its mirrors. More 102 information on obtaining this (or other) &release.type; 103 distributions of &os; can be found in the <ulink 104 url="&url.books.handbook;/mirrors.html"><quote>Obtaining 105 &os;</quote> appendix</ulink> to the <ulink 106 url="&url.books.handbook;/">&os; 107 Handbook</ulink>.</para> 108 109]]> 110 111 <para>All users are encouraged to consult the release errata before 112 installing &os;. The errata document is updated with 113 <quote>late-breaking</quote> information discovered late in the 114 release cycle or after the release. Typically, it contains 115 information on known bugs, security advisories, and corrections to 116 documentation. An up-to-date copy of the errata for &os; 117 &release.current; can be found on the &os; Web site.</para> 118 119</sect1> 120 121<sect1 id="new"> 122 <title>What's New</title> 123 124 <para>This section describes 125 the most user-visible new or changed features in &os; 126 since &release.prev;. 127 In general, changes described here are unique to the &release.branch; 128 branch unless specifically marked as &merged; features. 129 </para> 130 131 <para>Typical release note items 132 document recent security advisories issued after 133 &release.prev;, 134 new drivers or hardware support, new commands or options, 135 major bug fixes, or contributed software upgrades. They may also 136 list changes to major ports/packages or release engineering 137 practices. Clearly the release notes cannot list every single 138 change made to &os; between releases; this document focuses 139 primarily on security advisories, user-visible changes, and major 140 architectural improvements.</para> 141 142 <sect2 id="security"> 143 <title>Security Advisories</title> 144 145 <para>A temporary file vulnerability in &man.texindex.1;, which 146 could allow a local attacker to overwrite files in the context 147 of a user running the &man.texindex.1; utility, has been fixed. 148 For more details see security advisory <ulink 149 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:01.texindex.asc">FreeBSD-SA-06:01.texindex</ulink>. &merged;</para> 150 151 <para>A temporary file vulnerability in the &man.ee.1; text 152 editor, which could allow a local attacker to overwrite files in 153 the context of a user running &man.ee.1;, has been fixed. For 154 more details see security advisory <ulink 155 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:02.ee.asc">FreeBSD-SA-06:02.ee</ulink>. &merged;</para> 156 157 <para>Several vulnerabilities in the &man.cpio.1; utility have 158 been corrected. For more 159 details see security advisory <ulink 160 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:03.cpio.asc">FreeBSD-SA-06:03.cpio</ulink>. &merged;</para> 161 162 <para>An error in &man.ipfw.4; IP fragment handling, which could 163 cause a crash, has been fixed. For more 164 details see security advisory <ulink 165 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:04.ipfw.asc">FreeBSD-SA-06:04.ipfw</ulink>. &merged;</para> 166 167 <para>A potential buffer overflow in the IEEE 802.11 scanning code 168 has been corrected. For more 169 details see security advisory <ulink 170 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:05.80211.asc">FreeBSD-SA-06:05.80211</ulink>. &merged;</para> 171 172 <para>Two instances in which portions of kernel memory could be 173 disclosed to users have been fixed. For more details see 174 security advisory <ulink 175 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:06.kmem.asc">FreeBSD-SA-06:06.kmem</ulink>. &merged;</para> 176 177 <para>A logic bug in the IP fragment handling in &man.pf.4;, which 178 could cause a crash under certain circumstances, has been fixed. 179 For more details see security advisory <ulink 180 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:07.pf.asc">FreeBSD-SA-06:07.pf</ulink>. &merged;</para> 181 182 <para>A logic bug in the NFS server code, which could cause a crash when 183 the server received a message with a zero-length payload, has been fixed. 184 For more details see security advisory <ulink 185 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:10.nfs.asc">FreeBSD-SA-06:10.nfs</ulink>. &merged;</para> 186 187 <para>A programming error in the &man.fast.ipsec.4; implementation 188 results in the sequence number associated with a Security 189 Association not being updated, allowing packets to unconditionally 190 pass sequence number verification checks, has been fixed. 191 For more details see security advisory <ulink 192 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:11.ipsec.asc">FreeBSD-SA-06:11.ipsec</ulink>. &merged;</para> 193 194 <para>A logic bug that could cause &man.opiepasswd.1; to allow an unprivileged 195 user to configure OPIE authentication for the root user under certain 196 circumstances, has been fixed. 197 For more details see security advisory <ulink 198 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:12.opie.asc">FreeBSD-SA-06:12.opie</ulink>. &merged;</para> 199 200 <para>An asynchronous signal handling vulnerability in &man.sendmail.8;, 201 which could allow a remote attacker to execute arbitrary code with the 202 privileges of the user running sendmail, typically root, has been fixed. 203 For more details see security advisory <ulink 204 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:13.sendmail.asc">FreeBSD-SA-06:13.sendmail</ulink>. &merged;</para> 205 206 <para>[&arch.amd64;, &arch.i386] An information disclosure issue found in the 207 &os; kernel running on 7th- and 8th-generation AMD processors 208 has been fixed. For more details see security advisory <ulink 209 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:14.fpu.asc">FreeBSD-SA-06:14.fpu</ulink>. &merged;</para> 210 211 <para>A bug in &man.ypserv.8;, which effectively disabled the 212 <filename>/var/yp/securenets</filename> access control mechanism, 213 has been corrected. More details are available in security 214 advisory 215 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:15.ypserv.asc">FreeBSD-SA-06:15.ypserv</ulink>. &merged;</para> 216 217 <para>A bug in the smbfs file system, which could allow an 218 attacker to escape out of &man.chroot.2 environments on an smbfs 219 mounted filesystem, has been fixed. For more details, see 220 security advisory 221 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc">FreeBSD-SA-06:16.smbfs</ulink>. &merged;</para> 222 223 <para>A potential denial of service problem in &man.sendmail.8; 224 caused by excessive recursion which leads to stack 225 exhaustion when attempting delivery of a malformed 226 MIME message, has been fixed. For more details, 227 see security advisory <ulink 228 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc">FreeBSD-SA-06:17.sendmail</ulink>. &merged;</para> 229 230 <para>A potential buffer overflow condition in &man.sppp.4; has 231 been corrected. For more details, see security advisory 232 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc">FreeBSD-SA-06:18.ppp</ulink>. &merged;</para> 233 234 <para>An OpenSSL bug related to validation of PKCS#1 v1.5 235 signatures has been fixed. For more details, see security 236 advisory 237 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:19.openssl.asc">FreeBSD-SA-06:19.openssl</ulink>. &merged;</para> 238 239 <para>A potential denial of service attack against &man.named.8; 240 has been fixed. For more details, see security advisory 241 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc">FreeBSD-SA-06:20.bind</ulink>. &merged;</para> 242 243 <para>Several programming errors have been fixed in &man.gzip.1;. 244 They could have the effect of causing a crash or an infinite 245 loop when decompressing files. More information can be found in 246 security advisory 247 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:21.gzip.asc">FreeBSD-SA-06:21.gzip</ulink>. &merged;</para> 248 249 <para>Several vulnerabilities have been fixed in OpenSSH. More 250 details can be found in security advisory 251 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:22.openssh.asc">FreeBSD-SA-06:22.openssh</ulink>. &merged;</para> 252 253 <para>Multiple errors in the OpenSSL &man.crypto.3; library have 254 been fixed. Potential effects are varied, and are documented in 255 more detail in security advisory 256 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc">FreeBSD-SA-06:23.openssl</ulink>. &merged;</para> 257 258 <para>A bug that could permit corrupt archives to cause an 259 infinite loop in &man.libarchive.3; and &man.tar.1; has been 260 fixed. More details are available in 261 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive.asc">FreeBSD-SA-06:24.libarchive</ulink>. &merged;</para> 262 263 <para>A bug that could allow users in 264 the <groupname>operator</groupname> group to read parts of kernel 265 memory has been corrected. For more details, consult security 266 advisory 267 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:25.kmem.asc">FreeBSD-SA-06:25.kmem</ulink>. &merged;</para> 268 269 <para>A bug in the <filename>jail</filename> startup script that 270 could permit privilege escalation via a symlink attack has been 271 fixed. More information is available in 272 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:01.jail.asc">FreeBSD-SA-07:01.jail</ulink>. &merged;</para> 273 274 <para>Two remote denials of service in BIND (one involving DNSSEC and 275 one involving recursive DNS queries) have been fixed. For more 276 information, see security advisory 277 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:02.bind.asc">FreeBSD-SA-07:02.bind</ulink>. &merged;</para> 278 279 </sect2> 280 281 <sect2 id="kernel"> 282 <title>Kernel Changes</title> 283 284 <para>&man.acpi.4; now has basic support for the HPET time counter.</para> 285 286 <para>The &man.acpi.ibm.4; driver now supports setting the fan control 287 mode to manual or automatic, and adjusting the fan speed if the 288 fan control mode is manual. To enable manual control of the fan speed, 289 the sysctl variable <varname>dev.acpi_ibm.<replaceable>0</replaceable>.fan</varname> 290 needs to be set to zero (manual). This should only be used with 291 extreme precaution, as disabling automatic fan control might 292 overheat the hardware and lead to permanent damage.</para> 293 294 <para>The &man.apm.4; suspend/resume support has been improved.</para> 295 296 <para>Security event auditing is now supported in the &os; kernel, 297 and is enabled by the <literal>AUDIT</literal> kernel 298 configuration option. More information can be found in the 299 &man.audit.4; manual page.</para> 300 301 <para>The <literal>options COMPAT_43</literal> kernel 302 configuration option has been deemed unnecessary and has been 303 removed from <filename>GENERIC</filename> and related kernel 304 configurations. This change may result in a small performance 305 increase for some workloads.</para> 306 307 <para>The &man.ddb.4; debugger now provides the <literal>show lock</literal> 308 command. If the argument has a valid lock class, 309 this displays various information about the lock and calls a 310 new function pointer in lock_class (lc_ddb_show) to dump class-specific 311 information about the lock as well (such as the owner of a mutex or 312 xlock'ed sx lock). &merged;</para> 313 314 <para>The &man.ddb.4; debugger now provides the <literal>show sleepq</literal> 315 command. This takes a wait channel as an argument and looks 316 for a sleep queue associated with that wait channel.</para> 317 318 <para><filename>DEFAULTS</filename> kernel configuration files 319 for each platform have been added. These files contain 320 directives that are implicitly included in all kernel 321 configurations, and generally include basic, mandatory 322 functionality for each platform. &merged;</para> 323 324 <para>A bug in file descriptor handling such that a simple 325 <literal>close(0); dup(fd)</literal> sequence does not return 326 descriptor <literal>0</literal> in some cases, has been fixed.</para> 327 328 <para>The &man.firmware.9; subsystem has been added. This 329 subsystem provides a mechanism 330 to load binary data into the kernel via a specially crafted module. 331 &merged;</para> 332 333 <para>The &man.gdb.1; remote debugging interface now supports 334 copying console messages to a remote debugger instance. 335 To enable this, set <literal>debug.gdbcons="1"</literal> 336 in <filename>loader.conf</filename>, enter <literal>boot -d; 337 gdb; step</literal> from the loader prompt, 338 then attach &man.gdb.1; from a remote machine. 339 The sysctl variable <varname>debug.gdbcons</varname> can be 340 used to turn on/off this functionality.</para> 341 342 <para>&man.hwpmc.4; and &man.pmcstat.8; now support profiling 343 of dynamically loaded kernel modules and 344 shared objects loaded with &man.dlopen.3;. 345 &man.pmcstat.8; can now log over a network socket 346 to a remote host.</para> 347 348 <para>Support for Kernel Scheduled Entities (KSE) is now a kernel 349 option (previously it was a mandatory feature in the kernel). 350 It is enabled in the GENERIC kernel (thus there is no change in 351 functionality) for all platforms except sun4v.</para> 352 353 <para>The &man.random.4; entropy device driver is now MPSAFE. 354 &merged;</para> 355 356 <para>&os; now supports concurrent &man.read.2;/&man.readv.2; 357 access to a file.</para> 358 359 <para>The experimental CORE process scheduler has been added, 360 enabled with the <literal>options SCHED_CORE</literal> kernel 361 configuration option. It is forked from the &man.sched.ule.4; 362 scheduler, but 363 with a different algorithm for detecting an interactive process. 364 More information can be found in the &man.sched.core.4; manual 365 page.</para> 366 367 <para>The <literal>SIGCHLD</literal> signal queuing has been 368 added. For each child process whose status has been changed, 369 a <literal>SIGCHLD</literal> instance is queued. If the signal is still pending, 370 and the process changed status several times, the signal information 371 is updated to reflect the latest process status. 372 There is a loader tunable <varname>kern.sigqueue.queue_sigchild</varname> 373 which can control the behavior, setting it to zero disables the 374 <literal>SIGCHLD</literal> queuing feature.</para> 375 376 <para>[&arch.amd64;, &arch.i386;] Instead of including all of physical 377 memory in a kernel crash dump, the kernel now defaults to dumping only pages that are 378 actively mapped into kernel virtual memory. A new 379 <varname>debug.minidump</varname> sysctl variable 380 can be used to turn off this behavior when set to zero. &merged;</para> 381 382 <para>A new sysctl variable <varname>kern.malloc_stats</varname> 383 has been added. This allows exporting of kernel malloc 384 statistics via a binary structure stream.</para> 385 386 <para>A new sysctl variable <varname>kern.forcesigexit</varname> 387 has been added. This forces a process 388 to sigexit if a trap signal is being held by the current thread or 389 ignored by the current process. It is enabled by default.</para> 390 391 <para>The pcvt(4) driver, an alternative to &man.syscons.4;, 392 has been removed, as it had fallen out of sync with the rest 393 of the kernel.</para> 394 395 <para>RedZone, a buffer corruption protection for the kernel &man.malloc.9; 396 facility has been implemented. This detects both buffer underflows and 397 overflows at runtime on &man.free.9; and &man.realloc.9;, 398 and prints backtraces from where memory was allocated and from where 399 it was freed. For more details, see the &man.redzone.9; manual page.</para> 400 401 <para>A new sysctl variable <varname>security.mac.biba.interfaces_equal</varname> 402 which makes all network interfaces be created with the label 403 <literal>biba/equal(equal-equal)</literal>, has been added. 404 This is useful where programs such as &man.dhclient.8; and &man.ppp.8;. 405 which initialize network interfaces do not have any labeling support. 406 This variable is set as <literal>0</literal> (disabled) by default. 407 &merged;</para> 408 409 <para>A new sysctl variable <varname>vm.zone_stats</varname> 410 has been added. This allows to export &man.uma.9; allocator 411 statistics via a binary structure stream.</para> 412 413 <para>The sysctl variable <varname>hw.pci.do_powerstate</varname> 414 has been changed from a boolean to a range. 415 <literal>0</literal> means no power management, 416 <literal>1</literal> means conservative power management which 417 any device class that has caused problems is added to the watch list, 418 <literal>2</literal> means aggressive power management where 419 any device class that is not fundamental to the system is added to the list, 420 and <literal>3</literal> means power them all down unconditionally. 421 The default is <literal>1</literal>.</para> 422 423 <para>[&arch.ia64;] The <filename>GENERIC</filename> kernel now enables 424 SMP support by default.</para> 425 426 <para>Sample kernel configuration files 427 <filename>src/sys/<replaceable>arch</replaceable>/conf/MAC</filename> 428 for the Mandatory Access Control framework have been added.</para> 429 430 <para><varname>POSIX_TIMERS</varname> support has been updated to 200112L.</para> 431 432 <para>An experimental support for POSIX message queue has been 433 implemented.</para> 434 435 <para>&os; now runs on the Xbox, whose architecture is nearly identical 436 to the i386. For details of the latest development, see 437 <ulink url="http://www.FreeBSD.org/platforms/xbox.html"></ulink>. 438 &merged; </para> 439 440 <sect3 id="boot"> 441 <title>Boot Loader Changes</title> 442 443 <para>A new option <option>-S</option>, 444 which allows setting the <filename>boot2</filename> 445 serial console speed in the <filename>/boot.config</filename> 446 file or on the <prompt>boot:</prompt> prompt line, 447 has been added.</para> 448 449 <para>[&arch.amd64;, &arch.i386;] A new loader tunable 450 <varname>comconsole_speed</varname> to change 451 the serial console speed has been added. 452 If the previous stage boot loader requested a serial console, 453 then the default speed is determined from the current serial port 454 speed. Otherwise it is set to 9600 or the value of 455 the <literal>BOOT_COMCONSOLE_SPEED</literal> kernel option. 456 &merged;</para> 457 458 <!-- Above this line, order boot loader changes by keyword--> 459 460 <para>[&arch.pc98;] A bootable CDROM loader has been implemented 461 for the pc98 platform. &merged;</para> 462 463 <para>[&arch.i386;] A bug in the i386 boot loader, which could 464 cause filesystem corruption if 465 a <filename>nextboot.conf</filename> file was used and landed 466 after cylinder 1023, has been fixed. &merged;</para> 467 468 </sect3> 469 470 <sect3 id="proc"> 471 <title>Hardware Support</title> 472 473 <para>The &man.amdsmb.4; driver has been added. It provides 474 support for the AMD-8111 SMBus 2.0 controller. &merged;</para> 475 476 <para>The &man.cardbus.4;, &man.pccard.4;, 477 &man.pccbb.4;, and &man.exca.4; drivers are now buildable 478 as kernel modules.</para> 479 480 <para>An &man.acpi.dock.4; driver has been added to provide 481 support for controlling laptop docking station functions via 482 ACPI.</para> 483 484 <para>The &man.acpi.thermal.4; driver now supports 485 passive cooling. &merged;</para> 486 487 <para>The &man.acpi.thermal.4; driver now supports overriding 488 the <literal>_PSV</literal>, <literal>_HOT</literal>, and 489 <literal>_CRT</literal> temperature values.</para> 490 491 <para>Support for the alpha architecture has been removed. Alpha 492 support will remain on the RELENG_5 and RELENG_6 codelines.</para> 493 494 <para>The &man.cardbus.4; driver now supports 495 <filename>/dev/cardbus<replaceable>%d</replaceable>.cis</filename>.</para> 496 497 <para>[&arch.i386, &arch.pc98;] The &man.ce.4; driver, 498 which supports Cronyx Tau-PCI/32 adapters, has been added. 499 &merged;</para> 500 501 <para>The <literal>est</literal> &man.cpufreq.4; driver now supports 502 frequency control for the VIA C7-M family of processors.</para> 503 504 <para>Support for the PadLock Security Co-processor in VIA C3, 505 Eden, and C7 506 processors has been added to the &man.crypto.9; subsystem. 507 More information can be found in the &man.padlock.4; manual 508 page. 509 &merged;</para> 510 511 <para>A bug which prevented the &man.ichsmb.4; kernel module 512 from unloading has been fixed.</para> 513 514 <para>[&arch.amd64;, &arch.i386;] Dual-core processors (such as the Intel 515 Core Duo) now have both cores available for use by 516 default in SMP-enabled kernels. &merged;</para> 517 518 <para>[&arch.amd64;, &arch.i386;] &man.ipmi.4;, an OpenIPMI compatible driver, 519 has been added. 520 OpenIPMI (Intelligent Platform Management Interface) is an open 521 standard designed to enable remote monitoring and control of server, 522 networking and telecommunication platforms. &merged;</para> 523 524 <para>The &man.kbdmux.4; driver has been integrated into &man.syscons.4; and 525 the <devicename>kbd</devicename> device driver. 526 By default &man.syscons.4; will look for the &man.kbdmux.4; 527 keyboard first, and then, if not found, look for any keyboard. 528 Switching to &man.kbdmux.4; can be done at boot time by loading 529 the <literal>kbdmux</literal> kernel module via &man.loader.8;, 530 or at runtime via &man.kldload.8; and releasing the active 531 keyboard. &merged;</para> 532 533 <para>[&arch.amd64;, &arch.i386;] The &man.kbdmux.4; driver is now included in the 534 <filename>GENERIC</filename> kernel by default. 535 Also, the <quote>Boot FreeBSD with USB keyboard</quote> 536 menu item in the boot loader menu has been removed 537 since this fixes USB keyboard probing problems. 538 &merged;</para> 539 540 <para>The &man.nfsmb.4; driver, which supports the NVIDIA nForce 541 2/3/4 SMBus 2.0 controller, has been added. &merged;</para> 542 543 <para>[&arch.ia64;] The loader tunable <varname>debug.mpsafevfs</varname> 544 is set to <literal>1</literal> by default.</para> 545 546 <para>The &man.sab.4; driver has been removed (it has been 547 superceded by the &man.scc.4; driver).</para> 548 549 <para>The &man.scc.4; driver has been added. 550 This provides generic support for serial communications 551 controllers and delegates the control over each channel 552 and mode to a subordinate driver such as &man.uart.4;.</para> 553 554 <para>[&arch.amd64;] The smbios(4) driver support for amd64 has been 555 added.</para> 556 557 <para>[&arch.sun4v;] &os; now has preliminary support for the Sun Microsystems 558 UltraSPARC-T1 architecture. &os;/sun4v has been demonstrated 559 to run on the Sun Fire T1000 and Sun Fire T2000 servers. 560 More information can be found on the 561 <ulink url="http://www.FreeBSD.org/platforms/sun4v.html">sun4v 562 Project</ulink> 563 page.</para> 564 565 <para>The tnt4882(4) driver, which supports the National Instruments 566 PCI-GPIB card, has been added.</para> 567 568 <para>[&arch.amd64;, &arch.i386;, &arch.ia64;, &arch.sparc64;] The &man.uart.4; driver has been included in the 569 <filename>GENERIC</filename> kernel by default. 570 When both &man.sio.4; and &man.uart.4; can handle a given serial port, 571 &man.sio.4; will claim it.</para> 572 573 <para>The &man.uart.4; driver now supports LOM (Lights Out Management) 574 and RSC (Remote System Control) devices as consoles.</para> 575 576 <para>[&arch.i386;] A new loader tunable 577 <varname>hw.apic.enable_extint</varname> has been added. 578 This tunable can be used to disable masking of the ExtINT pin on the first 579 I/O APIC. At least one chipset for the Intel Pentium III seems 580 to need this, even though all of the pins in the 8259As are masked. 581 The default is still to mask the ExtINT pin.</para> 582 583 <para>[&arch.i386;] Support has been improved for 584 so-called <quote>legacy-free</quote> hardware, in particular, 585 i386 systems without AT-style keyboard controllers such as the 586 Macbook Pro. &merged;</para> 587 588 <sect4 id="mm"> 589 <title>Multimedia Support</title> 590 591 <para>The &man.agp.4; driver now supports ATI AGP chipsets. 592 &merged;</para> 593 594 <para>The new midi(4) driver which is based on NetBSD's one 595 has been added. This supports &man.snd.cmi.4; and 596 &man.snd.emu10k1.4; drivers.</para> 597 598 <para>The &man.sound.4; driver now supports 599 wider range sampling rate, multiple precisions choice, 600 and 24/32 bit PCM format conversion. &merged;</para> 601 602 <para>The &man.snd.als4000.4; driver is now MPSAFE. &merged;</para> 603 604 <para>The &man.snd.atiixp.4; driver has been added. 605 This supports ATI IXP 200/300/400 series audio controllers. &merged;</para> 606 607 <para>The &man.snd.atiixp.4; driver now supports 608 suspend and resume features.</para> 609 610 <para>The &man.snd.cmi.4; driver is now MPSAFE.</para> 611 612 <para>The &man.snd.emu10kx.4; driver has been added. It 613 supports Creative SoundBlaster Live! and Audigy series sound 614 cards with optional pseudo-multichannel playback.</para> 615 616 <para>The &man.snd.envy24.4; driver has been added to support 617 the Envy24 series of audio chips.</para> 618 619 <para>The &man.snd.es137x.4; driver is now MPSAFE. &merged;</para> 620 621 <para>The &man.snd.ich.4; driver is now MPSAFE. &merged;</para> 622 623 <para>The &man.snd.solo.4; driver is now MPSAFE. &merged;</para> 624 625 <para>The &man.snd.via8233.4; driver is now MPSAFE. &merged;</para> 626 627 <para>The &man.snd.via82c686.4; driver is now MPSAFE. &merged;</para> 628 629 <para>[&arch.amd64;] The &man.speaker.4; driver now supports &os;/amd64. &merged;</para> 630 631 <para>The &man.uaudio.4; driver now supports 24/32 bit audio 632 formats and conversion.</para> 633 </sect4> 634 635 <sect4 id="net-if"> 636 <title>Network Interface Support</title> 637 638 <para>The &man.ath.4; driver has been updated to 639 HAL version 0.9.17.2. &merged;</para> 640 641 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;, &arch.sparc64;] 642 The &man.ath.4;, &man.ath.hal.4;, and 643 <literal>ath_rate_sample</literal> drivers have been 644 included in the <filename>GENERIC</filename> kernel by 645 default. &merged;</para> 646 647 <para>[&arch.amd64;, &arch.i386;] The &man.bce.4; driver, which supports Broadcom 648 NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet controllers, 649 has been added. For more details, see &man.bce.4;. &merged;</para> 650 651 <para>A bug which prevents the &man.bfe.4; driver from working 652 on a system with over 1GB RAM has been fixed. &merged;</para> 653 654 <para>The &man.bge.4; driver's Jumbo frame support is now MPSAFE.</para> 655 656 <para>The &man.bge.4; driver now supports big-endian 657 architectures such as sparc64.</para> 658 659 <para>The &man.bge.4; driver now supports &man.polling.4; mode. 660 &merged;</para> 661 662 <para>The &man.cm.4; driver is now MPSAFE.</para> 663 664 <para>The &man.dc.4; driver is now MPSAFE. &merged;</para> 665 666 <para>The &man.de.4; driver has been converted to the &man.bus.dma.9; 667 API and is now MPSAFE.</para> 668 669 <para>The &man.ed.4; driver is now MPSAFE.</para> 670 671 <para>The &man.el.4; driver has been removed due to lack of use.</para> 672 673 <para>The &man.em.4; driver now supports big-endian 674 architectures such as sparc64. &merged;</para> 675 676 <para>The &man.em.4; driver has been updated to 677 version 6.2.9 from Intel. Among other changes, it now supports 678 80003, 82571, 82571EB and 82572 based adapters, as well as 679 onboard-NICs on ICH8-based motherboards. &merged;</para> 680 681 <para>The &man.em.4; driver now includes 682 initial support for suspend and resume features.</para> 683 684 <para>The performance of the &man.em.4; driver has been improved 685 by using a fast interrupt handler and taskqueue 686 instead of ithread handler. This change can be disabled 687 by defining <literal>NO_EM_FASTINTR</literal> kernel option 688 for debugging purpose.</para> 689 690 <para>The &man.iwi.4; driver now supports big-endian 691 architectures such as sparc64.</para> 692 693 <para>A number of improvements and bugfixes have been made to the 694 functionality of the &man.iwi.4; driver. This driver now 695 requires the firmware image in the 696 <filename role="package">net/iwi-firmware-kmod</filename> 697 port/package; prior versions of this driver used the 698 <filename role="package">net/iwi-firmware</filename> 699 port/package. &merged;</para> 700 701 <para>The &man.le.4; driver, which supports AMD Am7900 LANCE 702 and Am79C9xx PCnet NICs, 703 has been added. While the &man.lnc.4; driver also supports these 704 NICs, this driver has several advantages over it such as 705 MPSAFE, ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI 706 variants. This driver is based on NetBSD's implementation. 707 &merged;</para> 708 709 <para>The &man.lge.4; driver is now MPSAFE. &merged;</para> 710 711 <para>The lnc(4) driver has been removed. The &man.le.4; and 712 &man.pcn.4; drivers support all devices that were supported 713 by lnc(4).</para> 714 715 <para>The &man.msk.4; driver has been added. It supports 716 network interfaces using the Marvell/SysKonnect Yukon II 717 Gigabit Ethernet controller.</para> 718 719 <para>The &man.my.4; driver is now MPSAFE. &merged;</para> 720 721 <para>The &man.my.4; driver now supports &man.altq.4;. &merged;</para> 722 723 <para>[&arch.amd64;, &arch.i386;] The &man.mxge.4; driver, 724 which supports Myricom Myri10GE 10 Gigabit Ethernet 725 adapters, has been added. For more details, see 726 &man.mxge.4;.</para> 727 728 <para>The &man.nfe.4; driver, an open-source driver for nForce 729 Ethernet devices, has been added, originally from 730 OpenBSD.</para> 731 732 <para>The &man.nve.4; driver has been updated to version 1.0-0310 733 (23-Nov-2005). It also now has &man.altq.4; support. &merged;</para> 734 735 <para>The &man.pcn.4; driver is now MPSAFE. &merged;</para> 736 737 <para>The &man.re.4; driver now supports the D-Link DGE-528(T) 738 Gigabit Ethernet card.</para> 739 740 <para>The &man.sf.4; driver is now MPSAFE. &merged;</para> 741 742 <para>The &man.sk.4; driver is now MPSAFE. &merged;</para> 743 744 <para>The &man.ste.4; driver is now MPSAFE. &merged;</para> 745 746 <para>The &man.stge.4; driver has been added. It supports the 747 Sundance/Tamarack TC9021 Gigabit Ethernet controller and was 748 ported from NetBSD. &merged;</para> 749 750 <para>The &man.ti.4; driver now supports big-endian 751 architectures such as sparc64.</para> 752 753 <para>The &man.ufoma.4; driver for 754 FOMA (third generation mobile phone system by NTT DoCoMo, Inc. 755 in Japan) has been added. 756 This should support other third generation mobile phones 757 since the driver is based on USB Implementation Guideline 758 from MCPC (Mobile Computing Promotion Consortium) in Japan.</para> 759 760 <para>The vgapci(4) driver has been added. This is a stub 761 device driver for VGA PCI devices and serves as a bus 762 so that other drivers such as drm(4), 763 &man.acpi.video.4;, and &man.agp.4; can attach to 764 it thus allowing multiple drivers for the same device.</para> 765 766 <para>The &man.wi.4; driver is now buildable as 767 a kernel module.</para> 768 769 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] The &man.wlan.wep.4;, 770 &man.wlan.ccmp.4;, and &man.wlan.tkip.4; drivers 771 have been included in the <filename>GENERIC</filename> 772 kernel by default.</para> 773 774 <para>The network interface groups feature has been imported 775 from OpenBSD. This feature allows an administrator to, for 776 example, apply firewall rules to an entire group of 777 interfaces. More information can be found in 778 &man.ifconfig.8;.</para> 779 780 </sect4> 781 </sect3> 782 783 <sect3 id="net-proto"> 784 <title>Network Protocols</title> 785 786 <para>The &man.arp.4; retransmission algorithm has been 787 rewritten so that ARP requests are retransmitted without 788 suppression, while there is demand for such ARP entry. 789 Due to this change, a sysctl variable 790 <varname>net.link.ether.inet.host_down_time</varname> 791 has been removed. &merged;</para> 792 793 <para>The &man.arp.4; protocol now supports a sysctl variable 794 <varname>net.link.ether.inet.log_arp_permanent_modify</varname> 795 to suppress logging of attempts to modify 796 permanent ARP entries. &merged;</para> 797 798 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] An experimental BPF Just-In-Time compiler 799 has been implemented for both &man.bpf.4; and &man.ng.bpf.4;. 800 To enable this, the 801 <literal>options BPF_JITTER</literal> kernel option is needed. 802 The <varname>net.bpf_jitter.enable</varname> 803 can be used to disable this feature.</para> 804 805 <para>Multiple copies of a packet received via different 806 &man.bpf.4; listeners now all have identical 807 timestamps. &merged;</para> 808 809 <para>The bridge(4) driver has been removed from the tree. Its 810 functionality has been completely replaced by 811 &man.if.bridge.4;.</para> 812 813 <para>The &man.enc.4; IPsec filtering pseudo-device has been 814 added. It allows firewall packages using the &man.pfil.9; 815 framework to examine (and filter) IPsec traffic before 816 outbound encryption and after inbound decryption. &merged;</para> 817 818 <para>The &man.gre.4; driver, which is for GRE encapsulation 819 found in RFC 1701 and RFC 1702, now supports IPv6 over GRE.</para> 820 821 <para>The &man.if.bridge.4; driver now supports 822 creating SPAN ports, which transmit a copy of every frame 823 received by the bridge. This feature can be enabled 824 by using &man.ifconfig.8;. &merged;</para> 825 826 <para>The &man.if.bridge.4; driver now supports 827 RFC 3378 EtherIP. This change makes it possible to 828 add &man.gif.4; interfaces to bridges, which will then 829 send and receive IP protocol 97 packets. 830 Packets are Ethernet frames with an EtherIP header prepended. 831 &merged;</para> 832 833 <para>The &man.if.bridge.4; driver now supports RSTP, the Rapid 834 Spanning Tree Protocol (802.1w).</para> 835 836 <para>A hard-coded limit on the number of IPv4 multicast group 837 memberships (formerly 20) has been removed.</para> 838 839 <para>The path MTU discovery for multicast packets in the &os; 840 IPv6 stack has been disabled by default. 841 Path MTU notification from a large number of multicast routers 842 can be a kind of distributed Denial-of-Service attack to a router. 843 This feature can be re-enabled by using a new sysctl variable 844 <varname>net.inet6.ip6.mcast_pmtu</varname>. &merged;</para> 845 846 <para>IPv6 link-local addresses are now enabled only 847 if <varname>ipv6_enable</varname> is set in &man.rc.conf.5;. 848 &merged;</para> 849 850 <para>The &man.ipfw.4; IP packet filter now supports IPv6. &merged;</para> 851 852 <para>The &man.ipfw.4; firewall system now supports 853 a <literal>tablearg</literal> feature, which allows 854 values obtained from a table lookup to be used as part of a 855 rule. &merged; 856 This feature can be used to optimize some rulesets 857 or to implement policy-based routing inside a firewall. 858 For example, the following rules will throw different 859 packets to different pipes:</para> 860 861 <programlisting>pipe 1000 config bw 1000Kbyte/s 862pipe 4000 config bw 4000Kbyte/s 863table 1 add x.x.x.x 1000 864table 1 add x.x.x.y 4000 865pipe tablearg ip from table(1) to any</programlisting> 866 867 <para>The &man.ipfw.4; packet filter now supports 868 <literal>tag</literal> and <literal>untag</literal> rule keywords. 869 When a packet matches a rule with the <literal>tag</literal> 870 keyword, the numeric tag for the given number in the range 871 from 0 to 65535 will be attached to the packet. 872 The tag acts as an internal marker (it is not sent out over 873 the wire) that can be used to identify these packets later on, 874 for example, by using <literal>tagged</literal> 875 rule option. For more details, see &man.ipfw.8;. &merged;</para> 876 877 <para>The <literal>IPFIREWALL_FORWARD_EXTENDED</literal> kernel 878 option has been removed. This option was used to permit 879 &man.ipfw.4; to redirect packets with local destinations. 880 This behavior is now always enabled when 881 the <literal>IPFIREWALL_FORWARD</literal> kernel option is 882 enabled. &merged;</para> 883 884 <para>The ip6fw(8) packet filter has been removed. Since &man.ipfw.4; has gained 885 IPv6 support, it should be used instead. Please note that some rules might need 886 to be adjusted.</para> 887 888 <para>The &man.natm.4;, Native Mode ATM protocol layer is now MPSAFE.</para> 889 890 <para>The &man.ng.ether.4; Netgraph node no longer overwrites 891 the MAC address of outgoing frames by default. &merged;</para> 892 893 <para>The &man.ng.iface.4; Netgraph node now supports &man.altq.4;. 894 &merged;</para> 895 896 <para>The &man.ng.tag.4; Netgraph node has been added to 897 support the manipulation of mbuf tags attached to data in the 898 kernel. &merged;</para> 899 900 <para>A bug has been fixed in which NFS over TCP would not reconnect 901 when the server sent a FIN. This problem had occurred 902 with Solaris NFS servers. &merged;</para> 903 904 <para>The default retransmit timer for NFS over TCP is now 60 seconds. 905 This change prevents the unnecessary retransmission of 906 non-idempotent NFS requests. The <varname>nfs_access_cache</varname> 907 variable in &man.rc.conf.5; has also been changed to 60.</para> 908 909 <para>The default minimum number of nfsiod kernel threads 910 (&man.sysctl.8; variable <varname>vfs.nfs.iodmin</varname>) 911 has been changed from 4 to 0.</para> 912 913 <para>The sysctl variables <varname>net.inet.ip.portrange.reservedhigh</varname> 914 and <varname>net.inet.ip.portrange.reservedlow</varname> 915 can be used with IPv6 now. &merged;</para> 916 917 <para>A new sysctl variable <varname>net.inet.icmp.reply_from_interface</varname> 918 has been added. This allows the &man.icmp.4; 919 reply to non-local packets to be generated with 920 the IP address the packet came through in. 921 This is useful for routers to show in &man.traceroute.8; 922 the actual path a packet has taken instead of 923 the possibly different return path.</para> 924 925 <para>A new sysctl variable <varname>net.inet.icmp.quotelen</varname> 926 has been added. This allows to change length of 927 the quotation of the original packet in an ICMP reply. 928 The minimum of 8 bytes is internally enforced. 929 The maximum quotation is the remaining space in the 930 reply mbuf. This option is added in response to the 931 issues raised in I-D 932 <filename>draft-gont-icmp-payload-00.txt</filename>.</para> 933 934 <para>The &man.icmp.4; now always quotes the entire TCP header 935 when responding and allocate an mbuf cluster if needed. 936 This change fixes the TCP issues raised in I-D 937 <filename>draft-gont-icmp-payload-00.txt</filename>.</para> 938 939 <para>A new socket option <literal>IP_MINTTL</literal> has been added. 940 This may be used to set the minimum acceptable 941 TTL a packet must have when received on a socket. 942 All packets with a lower TTL are silently dropped. 943 This works on already connected/connecting and 944 listening sockets for RAW, UDP, and TCP. This option 945 is only really useful when set to <literal>255</literal>, preventing packets 946 from outside the directly connected networks reaching 947 local listeners on sockets. Also, this option allows 948 userland implementation of <quote>The Generalized TTL 949 Security Mechanism (GTSM)</quote> found in RFC 3682.</para> 950 951 <para>The kernel &man.ppp.4; driver now supports IPv6.</para> 952 953 <para>Stealth forwarding now supports IPv6 as well as IPv4. 954 This behavior can be controlled by using a new sysctl variable 955 <varname>net.inet6.ip6.stealth</varname>.</para> 956 957 <para>Support has been added for the Stream Control Transmission 958 Protocol (SCTP). SCTP implements a reliable, message-oriented 959 transport protocol, and is defined in RFC 3268. It is enabled 960 in &os; with the <literal>SCTP</literal> kernel option.</para> 961 962 <para>The <literal>IPV6_V6ONLY</literal> socket option 963 now works for UDP.</para> 964 965 <para>The TCP bandwidth-delay product limiting feature has 966 been disabled when the RTT is below a certain threshold. 967 This optimization does not make sense on a LAN, as it has 968 trouble figuring out the maximal bandwidth due to the coarse 969 tick granularity. A new sysctl variable 970 <varname>net.inet.tcp.inflight.rttthresh</varname> specifies 971 the threshold in milliseconds below which this feature 972 will disengage. It defaults to 10ms. &merged;</para> 973 974 <para>The &os; network stack now has support for TCP 975 Segmentation Offload (TSO). TSO reduces the overhead of 976 sending bulk TCP data by allowing a network interface to 977 convert a large data transfer into multiple TCP segments to be 978 sent on the network. This functionality can be enabled or 979 disabled on a per-interface basis with 980 the <literal>tso</literal> and <literal>-tso</literal> flags 981 to &man.ifconfig.8;. Network interfaces and drivers 982 supporting TSO currently include &man.em.4; and 983 &man.mxge.4;.</para> 984 985 <para>&os; now supports auto-sizing of TCP socket buffers. This 986 allows the socket buffer sizes to adapt dynamically to network 987 conditions, rather than being set statically. The behavior of 988 this feature can be controlled using 989 the <varname>net.inet.tcp.sendbuf_*</varname> 990 and <varname>net.inet.tcp.recvbuf_*</varname> sysctl 991 variables.</para> 992 993 <para>Support for &man.kqueue.2; operations has been added to 994 the &man.tun.4; driver. &merged;</para> 995 996 </sect3> 997 998 <sect3 id="disks"> 999 <title>Disks and Storage</title> 1000 1001 <para>The &man.aac.4; driver now supports the Adaptec 2610SA SATA-RAID 1002 controller in some Hewlett-Packard machines.</para> 1003 1004 <para>The performance of the &man.amr.4; driver has been improved; 1005 it also now supports full 64-bit DMA. While this feature is 1006 enabled by default, this can be forced off by setting the 1007 <varname>hw.amr.force_sg32</varname> loader tunable for 1008 debugging purpose. 1009 &merged;</para> 1010 1011 <para>The &man.amr.4; driver now supports the &man.ioctl.2; requests 1012 necessary for the Linux LSI MegaRaid tools in &os;'s Linux emulation 1013 environment. 1014 &merged;</para> 1015 1016 <para>The &man.arcmsr.4; driver has been updated to version 1017 1.20.00.13. &merged;</para> 1018 1019 <para>The &man.ata.4; driver now supports a workaround 1020 for some controllers whose DMA does not work properly 1021 in 48bit mode. For affected controllers, 1022 PIO mode will be used for access to areas beyond 137GB. 1023 &merged;</para> 1024 1025 <para>The &man.ata.4; driver now supports the ITE IT8211F IDE controller, 1026 and the Promise PDC40718 and PDC40719 chip found in Promise 1027 Fasttrak TX4300. 1028 &merged;</para> 1029 1030 <para>The &man.ata.4; driver now supports DMA for kernel crash dumps, 1031 as well as crash dumping to an &man.ataraid.4; device. 1032 &merged;</para> 1033 1034 <para>The &man.ata.4; driver now supports USB mass storage class 1035 devices. To enable it, a line <literal>device atausb</literal> 1036 in the kernel configuration file or loading the 1037 <filename>atausb</filename> kernel module is needed. 1038 Note that this functionality cannot coexist with the 1039 &man.umass.4; driver. &merged;</para> 1040 1041 <para>The &man.ataraid.4; driver now supports 1042 JMicron ATA RAID metadata. &merged;</para> 1043 1044 <para>The <literal>GEOM_LABEL</literal> class now supports 1045 Ext2FS, NTFS, and ReiserFS. &merged;</para> 1046 1047 <para>The <literal>GEOM_MIRROR</literal> class now supports 1048 kernel crash dumps to the GEOM providers. 1049 &merged;</para> 1050 1051 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal> 1052 classes now support sysctl variables 1053 <varname>kern.geom.mirror.disconnect_on_failure</varname> 1054 and 1055 <varname>kern.geom.graid3.disconnect_on_failure</varname> 1056 to control whether failed components will be disconnected or not. 1057 The default value is <literal>1</literal> to preserve the current 1058 behavior, and if it is set to <literal>0</literal> such components 1059 are not disconnected and the kernel will try to still use them 1060 (only the first error will be logged). 1061 This is helpful for the case of multiple broken components (in 1062 different places), so actually all data is available. 1063 The broken components will be visible in <command>gmirror list</command> 1064 or <command>graid3 list</command> output with flag 1065 <literal>BROKEN</literal>. 1066 &merged;</para> 1067 1068 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal> 1069 classes now use parallel I/O requests for synchronization 1070 to improve the performance. New sysctl variables 1071 <varname>kern.geom.mirror.sync_requests</varname> and 1072 <varname>kern.geom.raid3.sync_requests</varname> 1073 define how many parallel I/O requests should be used. 1074 Also, the sysctl variables 1075 <varname>kern.geom.mirror.reqs_per_sync</varname>, 1076 <varname>kern.geom.mirror.syncs_per_sec</varname>, 1077 <varname>kern.geom.raid3.reqs_per_sync</varname>, and 1078 <varname>kern.geom.raid3.syncs_per_sec</varname> 1079 are deprecated and have been removed. 1080 &merged;</para> 1081 1082 <para>A new GEOM_MULTIPATH class has been added to support 1083 multiple access paths to disk devices. The &man.gmultipath.8; 1084 utility has been added to control the behavior of disk devices 1085 using this feature.</para> 1086 1087 <para>A new GEOM class <literal>GEOM_ZERO</literal> has been added. 1088 It creates a very huge provider (41PB) <filename>/dev/gzero</filename> 1089 and is mainly useful for performance testing. 1090 On <literal>BIO_READ</literal> request it zero-fills 1091 <varname>bio_data</varname> and on <literal>BIO_WRITE</literal> 1092 it does nothing. 1093 &merged;</para> 1094 1095 <para>The GEOM class kernel module <filename>g_md.ko</filename> 1096 has been renamed to <filename>geom_md.ko</filename> 1097 for consistency.</para> 1098 1099 <para>[&arch.amd64;, &arch.i386;] The &man.hptmv.4; driver has been updated and now supports 1100 amd64 as well as PAE.</para> 1101 1102 <para>The &man.mfi.4; driver, which supports 1103 the LSI MegaRAID SAS controller family, has been added. 1104 &merged;</para> 1105 1106 <para>The &man.mpt.4; driver has been updated to support 1107 various new features such as RAID volume and RAID member 1108 state/settings reporting, periodic volume re-synchronization 1109 status reporting, and sysctl variables for volume 1110 re-synchronization rate, volume member write cache status, 1111 and volume transaction queue depth.</para> 1112 1113 <para>The &man.mpt.4; driver now supports SAS HBA (partially), 1114 64-bit PCI, and large data transfer.</para> 1115 1116 <para>The &man.twa.4; driver has been updated to the 9.3.0.1 1117 release on the 3ware Web site. &merged;</para> 1118 1119 <para>A new GEOM-based disk encryption facility, GEOM_ELI, has been 1120 added. It uses the &man.crypto.9; framework for hardware acceleration 1121 and supports different cryptographic algorithms. See &man.geli.8; for 1122 more information. &merged;</para> 1123 1124 <para>The &man.geli.8; disk encryption system now supports loading keyfiles before the root 1125 file system is mounted. &merged; 1126 For example, the following entries 1127 can be used in <filename>/boot/loader.conf</filename> to enable 1128 it:</para> 1129 1130 <programlisting>geli_da0_keyfile0_load="YES" 1131geli_da0_keyfile0_type="da0:geli_keyfile0" 1132geli_da0_keyfile0_name="/boot/keys/da0.key0" 1133geli_da0_keyfile1_load="YES" 1134geli_da0_keyfile1_type="da0:geli_keyfile1" 1135geli_da0_keyfile1_name="/boot/keys/da0.key1" 1136geli_da0_keyfile2_load="YES" 1137geli_da0_keyfile2_type="da0:geli_keyfile2" 1138geli_da0_keyfile2_name="/boot/keys/da0.key2" 1139 1140geli_da1s3a_keyfile0_load="YES" 1141geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0" 1142geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"</programlisting> 1143 1144 <para>&man.geli.8; is now able to perform data integrity 1145 verification (data authentication) of encrypted data stored on 1146 disk. Note that the encryption algorithm is now specified to 1147 the &man.geli.8; control program using the <option>-e</option> 1148 option; the <option>-a</option> option is now used to specify 1149 the authentication algorithm. &merged;</para> 1150 1151 <para>The &man.umass.4; driver now supports 1152 <literal>PLAY_MSF</literal>, 1153 <literal>PLAY_TRACK</literal>, 1154 <literal>PLAY_TRACK_REL</literal>, 1155 <literal>PAUSE</literal>, 1156 <literal>PLAY_12</literal> commands so that 1157 the &man.cdcontrol.1; utility can handle a USB CD drive.</para> 1158 </sect3> 1159 1160 <sect3 id="fs"> 1161 <title>File Systems</title> 1162 1163 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] The &man.linsysfs.5; 1164 pseudo-filesystem driver has been added. 1165 It provides a subset of the 1166 Linux <filename>sys</filename> filesystem, and is required for 1167 the correct operation of some Linux binaries (such as the LSI 1168 MegaRAID SAS utility). &merged;</para> 1169 1170 <para>A part of the FreeBSD NFS subsystem (the interface with 1171 the protocol stack and callouts, the NFS client side) is now MPSAFE.</para> 1172 1173 <para>Initial (read-only) support for SGI's XFS filesystem has been 1174 added.</para> 1175 1176 <para>The unionfs file system has been re-implemented. This 1177 version solves many crashing and locking issues compared to 1178 the previous implementation. It also adds 1179 new <quote>transparent</quote> and <quote>masquerade</quote> 1180 modes for automatically creating files in the upper file system 1181 layer of unions. More information can be found in the 1182 &man.mount.unionfs.8; manual page. &merged;</para> 1183 1184 </sect3> 1185 </sect2> 1186 1187 <sect2 id="userland"> 1188 <title>Userland Changes</title> 1189 1190 <para>The addr2ascii() and ascii2addr() library calls, originally 1191 introduced by the INRIA IPv6 implementation, have been removed 1192 from <filename>libc</filename>. They have no consumers in the 1193 &os; base system. In a related change, support 1194 for <literal>AF_LINK</literal> addresses has been added to 1195 &man.getnameinfo.3;.</para> 1196 1197 <para>Padding of <varname>ai_addrlen</varname> 1198 in <varname>struct addrinfo</varname> has been removed, 1199 which was originally for the ABI compatibility. 1200 For example, this change breaks the ABI compatibility of the 1201 &man.getaddrinfo.3; function on 64-bit architectures, including 1202 &os;/amd64, &os;/ia64, and &os;/sparc64.</para> 1203 1204 <para>The &man.asf.8; utility has been revised and extended. Now 1205 it can operate via several interfaces including &man.kvm.3;, 1206 which supports not only live systems, but also kernel crash dumps. 1207 &merged;</para> 1208 1209 <para>The &man.arp.8; utility now allows the <option>-i</option> 1210 option together with the <option>-d</option> and <option>-a</option> options 1211 to allow all entries for a given interface to be removed.</para> 1212 1213 <para>The OpenBSM userland tools, including &man.audit.8;, 1214 &man.auditd.8;, 1215 &man.auditreduce.1;, and 1216 &man.praudit.1;, have been added. &merged;</para> 1217 1218 <para>The &man.bsdiff.1; and &man.bspatch.1; utilities 1219 have been added. These are tools for constructing and 1220 applying binary patches. &merged;</para> 1221 1222 <para>The &man.bsnmpd.1; utility now supports the Host Resources 1223 MIB described in RFC 2790. &merged;</para> 1224 1225 <para>&man.cached.8; has been added. It is a daemon that caches 1226 the results of nsswitch lookups (such as those to the password, 1227 group, and services databases) for improved performance.</para> 1228 1229 <para>The &man.cmp.1; utility now supports an <option>-h</option> 1230 flag to compare the symbolic link itself rather than the 1231 file that the link points to. &merged;</para> 1232 1233 <para>The &man.config.8; utility now supports the <literal>nocpu</literal> 1234 directive, which cancels the effect of a 1235 previous <literal>cpu</literal> directive. &merged;</para> 1236 1237 <para>The &man.config.8; utility now reads <filename>DEFAULTS</filename> 1238 kernel configuration file if it exists in the current directory 1239 before the specified configuration file. &merged;</para> 1240 1241 <para>The &man.cp.1; utility now supports a <option>-l</option> 1242 option, which causes it to create hardlinks to the source files 1243 instead of copying them. &merged;</para> 1244 1245 <para>The &man.csh.1; utility now supports NLS catalogs. 1246 Note that this requires installing 1247 the <filename role="package">shells/tcsh_nls</filename> port. 1248 &merged;</para> 1249 1250 <para>The &man.csup.1; utility has been imported. 1251 This is an implementation of a CVSup-compatible client written 1252 in the C language. Note that it currently supports checkout mode 1253 only. &merged;</para> 1254 1255 <para>The &man.dhclient.8; program now sends the host's name in 1256 DHCP requests if it is not specified in the configuration 1257 file. &merged;</para> 1258 1259 <para>The &man.devd.8; utility now supports a <option>-f</option> option 1260 to specify a configuration file. &merged;</para> 1261 1262 <para>The &man.du.1; program now supports a <option>-n</option> 1263 flag, which causes it to ignore files and directories with 1264 the <literal>nodump</literal> flag set. &merged;</para> 1265 1266 <para>The &man.dump.8; and &man.restore.8; programs now attempt to 1267 save and restore extended attribute information on files.</para> 1268 1269 <para>The &man.fsdb.8; utility now supports changing the birth 1270 time of files on UFS2 file systems using the new 1271 <literal>btime</literal> command. &merged;</para> 1272 1273 <para>The &man.fsdb.8; program now supports 1274 a <literal>findblk</literal> command, which finds the inode(s) 1275 owning a specific disk block. &merged;</para> 1276 1277 <para>The &man.find.1; program now supports <option>-Btime</option> 1278 and other related primaries, which can be used to create expressions 1279 based on a file's creation time. &merged;</para> 1280 1281 <para>A bug in the &man.find.1; program which prevents 1282 numeric arguments for <option>-user</option> and 1283 <option>-group</option> from working as expected 1284 has been fixed.</para> 1285 1286 <para>The &man.freebsd-update.8; utility, a tool for managing 1287 binary updates to the &os; base system, has been added. &merged;</para> 1288 1289 <para>The &man.ftpd.8; utility now creates a PID file 1290 <filename>/var/run/ftpd.pid</filename> even when 1291 no <option>-p</option> option is specified. &merged;</para> 1292 1293 <para>The &man.gbde.8; utility now supports 1294 <option>-k</option> and <option>-K</option> options 1295 to specify a key file in addition to a passphrase.</para> 1296 1297 <para>The &man.getfacl.1; utility now supports 1298 a <option>-q</option> flag to suppress the per-file header 1299 comment listing the file name, owner, and group. 1300 &merged;</para> 1301 1302 <para>The &man.getent.1; utility has been imported from NetBSD. 1303 It retrieves and displays information from an administrative 1304 database (such as <filename>hosts</filename>) using the lookup 1305 order specified in &man.nsswitch.conf.5;. &merged;</para> 1306 1307 <para>The &man.gpt.8; utility now supports setting GPT partition labels.</para> 1308 1309 <para>The &man.gvinum.8; utility now supports commands 1310 to rename objects and to move a subdisk from 1311 one drive to another. &merged;</para> 1312 1313 <para>The &man.gvinum.8; utility now supports the 1314 <command>resetconfig</command> sub-command.</para> 1315 1316 <para>An implementation of Generic Security Service API (GSS-API) 1317 version 2 and its C binding described in RFC2743 and RFC2744 1318 has been added. This is a new extensible GSS-API layer which 1319 can support GSS-API plugins, similar the the Solaris 1320 implementation, and the Kerberos 5 GSS mechanism has 1321 been rewritten as a plugin library for the new implementation.</para> 1322 1323 <para>The &man.hccontrol.8; utility now supports HCI node 1324 autodetection.</para> 1325 1326 <para>The &man.id.1; utility now prints the effective user 1327 ID after the group ID.</para> 1328 1329 <para>The &man.id.1; utility now supports a <option>-A</option> 1330 flag to print process audit properties, including the audit user 1331 id. &merged;</para> 1332 1333 <para>The &man.ifconfig.8; utility now supports 1334 a <option>-k</option> flag to allow printing 1335 potentially sensitive keying material to standard output. 1336 This sensitive information will not be printed by default.</para> 1337 1338 <para>The &man.ifconfig.8; utility now supports a <option>-tunnel</option> 1339 parameter, which is just an alias for <option>deletetunnel</option>, 1340 yet is more convenient and easier to type.</para> 1341 1342 <para>The <option>-vlandev</option> parameter to &man.ifconfig.8; 1343 no longer requires a network interface as its argument. The 1344 argument still is supported for backward compatibility, but 1345 is now deprecated and its use is discouraged.</para> 1346 1347 <para>The &man.iostat.8; utility now supports 1348 a <option>-x</option> flag (inspired by Solaris) to print 1349 extended disk statistics. If the new <option>-z</option> flag is 1350 also specified, no output is made for disks with no 1351 activity. &merged;</para> 1352 1353 <para>The &man.ipfwpcap.8; utility has been added; it captures 1354 packets on a &man.divert.4; socket and writes them as 1355 &man.pcap.3; (also known as &man.tcpdump.1;) format data to a 1356 file or pipe.</para> 1357 1358 <para>The &man.jail.8; utility supports a <option>-J 1359 <replaceable>jid_file</replaceable></option> option to 1360 write out a JidFile, similar to a PidFile, containing 1361 the jailid, path, hostname, IP and the command used to start 1362 the jail. &merged;</para> 1363 1364 <para>The &man.jail.8; program now supports a <option>-s</option> 1365 option to specify a jail's securelevel. &merged;</para> 1366 1367 <para>The &man.jexec.8; utility now supports <option>-u</option> 1368 and <option>-U</option> flags to specify username credentials 1369 under which a command should be executed. &merged;</para> 1370 1371 <para>The &man.kdump.1; program now supports a <option>-H</option> 1372 flag, which causes kdump to print an additional field holding 1373 the threadid. &merged;</para> 1374 1375 <para>The &man.kdump.1; program now supports a <option>-s</option> 1376 flag to suppress the display of I/O data. &merged;</para> 1377 1378 <para>The &man.kdump.1; program now supports printing 1379 flags in a system call argument by using symbol names.</para> 1380 1381 <para>The &man.kenv.1; utility now supports a <option>-q</option> 1382 flag to suppress warnings.</para> 1383 1384 <para>&man.kgdb.1; now supports a <option>-w</option> 1385 option to open kmem-based targets in read-write mode. 1386 This allows one to use kgdb on <filename>/dev/mem</filename> 1387 and be able to patch memory on a live system.</para> 1388 1389 <para>The &man.libarchive.3; library now supports 1390 POSIX.1e-style Extended Attributes.</para> 1391 1392 <para>The <application>libc</application> library now includes 1393 initial implementation of symbol maps and symbol version 1394 definitions.</para> 1395 1396 <para>The <application>libedit</application> library has been 1397 updated from the NetBSD source tree as of August 2005.</para> 1398 1399 <para>The <application>libm</application> library now includes 1400 initial implementation of symbol maps and symbol version 1401 definitions.</para> 1402 1403 <para>The &man.libmemstat.3; library has been added. 1404 This is for use by debugging and monitoring applications 1405 in tracking kernel memory statistics. It provides an 1406 abstracted interface to &man.uma.9; and &man.malloc.9; 1407 statistics, wrapped around the binary stream sysctl variables 1408 for the allocators. &merged;</para> 1409 1410 <para>The &man.ln.1; utility now supports 1411 an <option>-F</option> flag, which deletes existing 1412 empty directories when creating symbolic links. 1413 &merged;</para> 1414 1415 <para>The &man.locate.1; utility now supports 1416 a <option>-0</option> flag to make this utility 1417 interoperable with &man.xargs.1;'s <option>-0</option> flag. 1418 &merged;</para> 1419 1420 <para>The &man.logger.1; utility now supports 1421 a <option>-P</option>, which specifies the port to which syslog 1422 messages should be sent. &merged;</para> 1423 1424 <para>The &man.ls.1; utility now supports 1425 an <option>-I</option> flag to disable the automatic 1426 <option>-A</option> flag for the superuser. &merged;</para> 1427 1428 <para>The &man.ls.1; utility now supports 1429 an <option>-U</option> flag to use the file creation 1430 time for sorting. &merged;</para> 1431 1432 <para>A new &man.malloc.3; implementation has been introduced. 1433 This implementation, sometimes referred to 1434 as <quote>jemalloc</quote>, was designed to improve the 1435 performance of multi-threaded programs, particularly on SMP 1436 systems, while preserving the performance of single-threaded 1437 programs. Due to the use of different algorithms and data 1438 structures, jemalloc may expose some previously-unknown bugs in 1439 userland code, although most of the &os; base system and common 1440 ports have been tested and/or fixed.</para> 1441 1442 <para>The &man.mdconfig.8; utility now supports producing 1443 device listings formatted as XML. Currently, the 1444 <command>list</command> and <command>query</command> 1445 sub-commands support this feature.</para> 1446 1447 <para>The &man.mdconfig.8; utility's <option>-u</option> option 1448 now supports specifying multiple devices separated 1449 by comma character.</para> 1450 1451 <para>The &man.mdmfs.8; utility now supports a <option>-P</option> flag 1452 to allow skipping the &man.newfs.8; process 1453 when using a vnode-backed disk.</para> 1454 1455 <para>The &man.mdmfs.8; utility now supports a <option>-E</option> flag 1456 to allow to specify location of the &man.mdconfig.8; 1457 utility instead of using the default one 1458 (<filename>/sbin/mdconfig</filename>).</para> 1459 1460 <para>A new function &man.memmem.3; has been implemented in 1461 <filename>libc</filename>. This is the binary equivalent to 1462 &man.strstr.3; and found in <filename>glibc</filename>.</para> 1463 1464 <para>The &man.mergemaster.8; utility now supports 1465 an <option>-A</option> option to explicitly specify 1466 an architecture to pass through to the underlying makefiles. 1467 &merged;</para> 1468 1469 <para>The &man.mount.8; <literal>nodev</literal> option has 1470 been removed.</para> 1471 1472 <para>The &man.mount.8; utility now supports &man.mqueuefs.5;.</para> 1473 1474 <para>A bug which prevents the &man.mount.8; utility from converting 1475 a read-only mount to read-write via <command>mount -u -o rw</command>, 1476 has been fixed.</para> 1477 1478 <para>The &man.mount.8; utility now supports a 1479 <literal>late</literal> keyword in &man.fstab.5;, along with a 1480 corresponding <option>-l</option> command-line option to specify 1481 that these <quote>late</quote> file systems should be 1482 mounted. &merged;</para> 1483 1484 <para>The &man.moused.8; daemon now supports an <option>-H</option> flag 1485 to enable horizontal virtual scrolling similar to the 1486 <option>-V</option> flag for vertical virtual scrolling. 1487 &merged;</para> 1488 1489 <para>The mrouted(8) multicast routing daemon has been removed 1490 from the &os; base system. It implements the DVMRP multicast 1491 routing protocol, which has largely been replaced by PIM in many 1492 multicast installations. The related map-mbone(8) and mrinfo(8) 1493 utilities have also been removed. These programs are now 1494 available in the &os; Ports Collection 1495 as <filename role="package">net/mrouted</filename>.</para> 1496 1497 <para>The &man.netstat.1; utility now supports an 1498 <option>-h</option> flag for interface stats mode, 1499 which prints all interface statistics in human readable form. &merged;</para> 1500 1501 <para>The &man.netstat.1; utility now supports 1502 printing &man.ipsec.4; protocol statistics if the 1503 kernel was compiled with <literal>FAST_IPSEC</literal> 1504 rather than the KAME IPSEC stack. 1505 Note that the output of <command>netstat -s -p ipsec</command> 1506 differs depending on which stack is compiled into 1507 the kernel since they each keep different statistics. &merged;</para> 1508 1509 <para>The <filename>/etc/nsswitch.conf</filename> file is now 1510 installed statically instead of being generated on every 1511 reboot.</para> 1512 1513 <para>The objformat(1) utility and getobjformat(3) library (the 1514 last remnants of a.out object file support) have been removed.</para> 1515 1516 <para>The &man.periodic.8; daily script now supports 1517 display of the status of &man.gmirror.8;, &man.graid3.8;, 1518 &man.gstripe.8;, and &man.gconcat.8; devices. 1519 Note that these are disabled by default. &merged;</para> 1520 1521 <para>A new function, &man.pidfile.3;, which provides reliable 1522 pidfiles handling, has been implemented in 1523 <filename>libutil</filename>. &merged;</para> 1524 1525 <para>The &man.ping.8; utility now supports a <quote>sweeping 1526 ping</quote> in which &man.icmp.4; payload of 1527 packets being sent is increased with given step. 1528 This is useful for testing problematic channels, MTU issues 1529 or traffic policing functions in networks. &merged;</para> 1530 1531 <para>The &man.ping.8; command now supports a <option>-W</option> 1532 option to specify the maximum time to wait for an echo reply. 1533 &merged;</para> 1534 1535 <para>The &man.pkill.1; utility now supports a 1536 <option>-F</option> option which allows to 1537 restrict matches to a process whose PID is stored in the 1538 pidfile file. When another new option <option>-L</option> 1539 is also specified, the pidfile file must be locked with the 1540 &man.flock.2; syscall or created with &man.pidfile.3;.</para> 1541 1542 <para>The &man.pkill.1; utility now supports a 1543 <option>-I</option> flag which works like <option>-i</option> 1544 of &man.rm.1;. When this flag is specified, &man.pkill.1; 1545 will ask for confirmation before sending a signal to 1546 each matching process.</para> 1547 1548 <para>The &man.pkill.1; utility (also known as &man.pgrep.1;) has 1549 been moved from <filename>/usr/bin</filename> 1550 to <filename>/bin</filename> so that it can be used by startup 1551 scripts. Symbolic links from its former location have been 1552 created for backward compatibility. &merged;</para> 1553 1554 <para>The &man.powerd.8; program now supports a 1555 <option>-P</option> option, which specifies a pidfile to use.</para> 1556 1557 <para>An extensible implementation of &man.printf.3;, compatible 1558 with GLIBC, has been added to <filename>libc</filename>. It is 1559 only used if the environment variable 1560 <varname>USE_XPRINTF</varname> is defined, one of the extension 1561 functions is called, or the global variable 1562 <varname>__use_xprintf</varname> is set to a value greater than 1563 <literal>0</literal>. Five extensions are currently supported: 1564 <literal>%H</literal> (hex dump), 1565 <literal>%T</literal> (<varname>time_t</varname> and 1566 time-related structures), 1567 <literal>%M</literal> (errno message), 1568 <literal>%Q</literal> (double-quoted, escaped string), 1569 <literal>%V</literal> (&man.strvis.3;-format string), 1570 &merged;</para> 1571 1572 <para>The DNS resolver library in &os;'s <application>libc</application> 1573 has been updated to that from BIND 9.3.3. &merged;</para> 1574 1575 <para>The &man.rfcomm.sppd.1; program now supports service names 1576 in addition to <option>-c</option> option with channel number. 1577 The supported names are: DUN (Dial-Up Networking), FAX (Fax), 1578 LAN (LAN Access Using PPP), and SP (Serial Port). &merged;</para> 1579 1580 <para>The &man.rpcgen.1; utility now generates headers and stub files 1581 that can be used with ANSI C compilers by default.</para> 1582 1583 <para>The &man.rtld.1; runtime linker now supports ELF symbol versioning 1584 using GNU semantics. This implementation aims to be compatible 1585 with symbol versioning support as implemented by GNU libc and 1586 documented in <ulink url="http://people.redhat.com/~drepper/symbol-versioning"></ulink> 1587 and LSB 3.0. Also, <function>dlvsym()</function> 1588 function has been added to 1589 allow lookups for a specific version of a given symbol.</para> 1590 1591 <para>A bug in the &man.sed.1; utility which can cause 1592 incorrect calculation of pattern space length in some cases 1593 has been fixed.</para> 1594 1595 <para>The &man.sh.1; utility now supports a <literal>times</literal> 1596 built-in command. &merged;</para> 1597 1598 <para>The &man.snapinfo.8; utility, which shows snapshot locations 1599 on UFS filesystems, has been added. &merged;</para> 1600 1601 <para>The &man.sockstat.1; utility, which shows connected and 1602 listening network sockets, now supports a new <option>-P</option> 1603 command-line option, which can be used to filter displayed sockets 1604 by protocol name (as listed in &man.protocols.5;).</para> 1605 1606 <para>The &man.strtonum.3; library function has been implemented 1607 based on OpenBSD's implementation. This is an improved version of 1608 &man.strtoll.3;. &merged;</para> 1609 1610 <para>The &man.sysctl.8; utility now supports a <option>-q</option> 1611 flag to suppress a limited set of warnings and errors.</para> 1612 1613 <para>The &man.tail.1; utility now supports a <option>-q</option> 1614 flag to suppress header lines when multiple files are 1615 specified. &merged;</para> 1616 1617 <para>The version of tcpslice in the &os; base system has been 1618 removed due to obsolescence. A more up-to-date version can be 1619 found in the Ports Collection 1620 as <filename role="package">net/tcpslice</filename>.</para> 1621 1622 <para>The &man.time.1; utility now prints the time that a given 1623 command has been running if sent a <literal>SIGINFO</literal> signal.</para> 1624 1625 <para>The &man.traceroute.8; program now supports 1626 a <option>-D</option> flag, which causes it to display the 1627 differences between the sent and received 1628 packets. &merged;</para> 1629 1630 <para>The &man.traceroute.8; utility now supports 1631 a <option>-e</option> option, which sets a fixed destination 1632 port for probe packets. This can be useful for tracing behind 1633 packet-filtering firewalls. &merged;</para> 1634 1635 <para>&man.traceroute.8; now decodes the complete set of ICMP 1636 unreachable messages in its output. &merged;</para> 1637 1638 <para>The &man.truss.1; utility now supports an <option>-s</option> 1639 flag for the same functionality as the strace utility 1640 (<filename role="package">devel/strace</filename>).</para> 1641 1642 <para>[&arch.powerpc;] The &man.truss.1; utility now supports &os;/powerpc.</para> 1643 1644 <para>The usbd(8) utility has been removed. 1645 The &man.devd.8; utility and its configuration 1646 file now support functionality which is equivalent to it.</para> 1647 1648 <para>The vnconfig(8) utility, which was long ago replaced by 1649 &man.mdconfig.8;, has been removed.</para> 1650 1651 <para>The &man.xargs.1; utility now supports a <option>-r</option> 1652 flag which makes the command execution when the standard input 1653 does not contain any non-whitespace-characters. &merged;</para> 1654 1655 <para>The shared library version number of all libraries has 1656 been updated due to some possible ABI changes. The libraries 1657 include: snmp_<replaceable>*</replaceable>, libdialog, libg2c, libobjc, 1658 libreadline, libregex, libstdc++, libkrb5, libalias, libarchive, 1659 libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt, 1660 libdevstat, libedit, libexpat, libfetch, libftpio, libgpib, 1661 libipsec, libkiconv, libmagic, libmp, libncp, libncurses, 1662 libnetgraph, libngatm, libopie, libpam, libpthread, libradius, 1663 libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw, 1664 libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto, 1665 libssh, and libssl.</para> 1666 1667 <para>The <function>wcsdup()</function> function has been 1668 implemented. This function is popular in Microsoft and GNU 1669 systems.</para> 1670 1671 <para>The compiler toolchain is now capable of generating 1672 executables for systems using the ARM processor. &merged;</para> 1673 1674 <sect3 id="rc-scripts"> 1675 <title><filename>/etc/rc.d</filename> Scripts</title> 1676 1677 <para>The <filename>auditd</filename> script for 1678 OpenBSM &man.auditd.8; has been added. &merged;</para> 1679 1680 <para>The <filename>bluetooth</filename> script 1681 has been added. This script will be called from 1682 &man.devd.8; in response to device attachment/detachment 1683 events and to stop/start particular device without unplugging 1684 it by hand. The configuration parameters are in 1685 <filename>/etc/defaults/bluetooth.device.conf</filename>, 1686 and can be overridden by using 1687 <filename>/etc/bluetooth/<replaceable>$device</replaceable>.conf</filename> 1688 (where <replaceable>$device</replaceable> is <devicename>ubt0</devicename>, 1689 <devicename>btcc0</devicename>, and so on.) 1690 For more details, see &man.bluetooth.conf.5;. &merged;</para> 1691 1692 <para>The <filename>ftpd</filename> script for 1693 stand-alone &man.ftpd.8; has been added.</para> 1694 1695 <para>The <filename>gbde_swap</filename> script has 1696 been removed in favor a new <filename>encswap</filename> 1697 script which also supports &man.geli.8; for swap 1698 encryption.</para> 1699 1700 <para>The <filename>geli</filename> and <filename>geli2</filename> 1701 scripts has been added for &man.geli.8; device 1702 configuration on boot.</para> 1703 1704 <para>The <filename>ike</filename> script for 1705 IPsec IKE daemon has been removed because no such daemon 1706 is included in the base system.</para> 1707 1708 <para>The <filename>hcsecd</filename> and 1709 <filename>sdpd</filename> scripts have been added 1710 for &man.hcsecd.8; and &man.sdpd.8; daemons. 1711 These daemons can run even if no Bluetooth devices 1712 are attached to the system, but both daemons depend on 1713 Bluetooth socket layer and thus disabled by default. 1714 Bluetooth sockets layer must be either loaded 1715 as a module or compiled into kernel before the daemons can run. 1716 &merged;</para> 1717 1718 <para>The <filename>hostapd</filename> script for 1719 &man.hostapd.8; has been added. &merged;</para> 1720 1721 <para>The <filename>mdconfig</filename> script to 1722 handle vnode backed &man.md.4; devices has been added. 1723 This is a replacement of the <filename>ramdisk</filename> 1724 script, and all of variables in <varname>ramdisk_*</varname> 1725 have been changed to <varname>mdconfig_*</varname>. 1726 Also, two new &man.rc.conf.5; variables 1727 <varname>mdconfig_<replaceable>*</replaceable>_files</varname> 1728 and 1729 <varname>mdconfig_<replaceable>*</replaceable>_cmd</varname> 1730 have been added. For example:</para> 1731 1732 <programlisting>mdconfig_md0="-t malloc -s 10m" 1733mdconfig_md1="-t vnode -f /var/foo.img"</programlisting> 1734 1735 <para>The <filename>netif</filename> script now supports 1736 <varname>ipv4_addrs_<replaceable>ifn</replaceable></varname> 1737 variables, 1738 which add one or more IPv4 address from a ranged list in 1739 CIDR notation. &merged; For example:</para> 1740 1741 <programlisting>ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"</programlisting> 1742 1743 <para>The <filename>rcconf.sh</filename> script in <filename>/etc/rc.d</filename> 1744 has been removed and a variable <varname>early_late_divider</varname>, 1745 which designates the script to separate the early and late stages 1746 of the boot process, has been added.</para> 1747 1748 <para>The <filename>rc.initdiskless</filename> script now uses &man.tar.1; 1749 instead of &man.pax.1; because &man.pax.1; needs a writable 1750 temporary directory that may not be available when this script 1751 runs.</para> 1752 1753 <para>The <filename>pccard</filename> script has been removed 1754 since OLDCARD is deprecated.</para> 1755 1756 <para>The <filename>ppp-user</filename> script has been renamed to 1757 <filename>ppp</filename>. &merged;</para> 1758 1759 <para>The <varname>removable_interfaces</varname> variable 1760 has been removed.</para> 1761 1762 <para>A new keyword <literal>NOAUTO</literal> in 1763 <varname>ifconfig_<replaceable>ifn</replaceable></varname> 1764 has been added. This prevents configuration of an interface 1765 at boot time or via <filename>/etc/pccard_ether</filename>, 1766 and allows <filename>/etc/rc.d/netif</filename> 1767 to be used to start and stop an interface 1768 on a purely manual basis.</para> 1769 </sect3> 1770 </sect2> 1771 1772 <sect2 id="contrib"> 1773 <title>Contributed Software</title> 1774 1775 <para><application>Intel ACPI-CA</application> 1776 has been updated to 20051021.</para> 1777 1778 <para><application>BIND</application> has been updated from 9.3.1 1779 to 9.3.4. &merged;</para> 1780 1781 <para><application>BSNMPD</application> has been updated from 1782 1.11 to 1.12.</para> 1783 1784 <para><application>DRM</application> has 1785 been updated to a snapshot from DRI CVS as of 20060517. 1786 &merged;</para> 1787 1788 <para><application>FILE</application> has been updated from 4.12 1789 to 4.17.</para> 1790 1791 <para>The GNU version of <application>gzip</application> has been 1792 replaced with a modified version of gzip ported from NetBSD. 1793 &merged;</para> 1794 1795 <para><application>netcat</application> has been updated from the 1796 version in a 4 February 2005 OpenBSD snapshot to the version 1797 included in OpenBSD 3.9. &merged;</para> 1798 1799 <para><application>GCC</application> has been updated from 3.4.4 1800 to 3.4.6. &merged;</para> 1801 1802 <para><application>GNU Readline library</application> has been 1803 updated from 5.0 to 5.2 patch 1.</para> 1804 1805 <para><application>GNU Troff</application> 1806 has been updated from version 1.19 to version 1.19.2. 1807 &merged;</para> 1808 1809 <para><application>IPFilter</application> has been updated from 1810 4.1.8 to 4.1.13. &merged;</para> 1811 1812 <para><application>less</application> has been updated from v381 1813 to v394. &merged;</para> 1814 1815 <para><application>libpcap</application> has been updated from 1816 0.9.1 to 0.9.4. &merged;</para> 1817 1818 <para><application>lukemftpd</application> has been updated from a 1819 snapshot from NetBSD as of 9 August 2004 to a snapshot from 1820 NetBSD as of 31 August 2006. &merged;</para> 1821 1822 <para><application>OpenSSH</application> has been updated from 1823 4.2p1 to 4.5p1. &merged;</para> 1824 1825 <para><application>OpenSSL</application> has been updated from 1826 0.9.7e to 0.9.8d.</para> 1827 1828 <para><application>ncurses</application> has been updated from 1829 5.2-20010512 to 5.6-20061217. ncurses now also has wide 1830 character support.</para> 1831 1832 <para><application>hostapd</application> 1833 has been updated from version 0.3.9 to version 0.4.8. 1834 &merged;</para> 1835 1836 <para><application>sendmail</application> has been updated from 1837 8.13.4 to 8.13.8. &merged;</para> 1838 1839 <para><application>tcpdump</application> has been updated from 1840 3.9.1 to 3.9.4. &merged;</para> 1841 1842 <para>The timezone database has been updated from the 1843 <application>tzdata2005l</application> release to the 1844 <application>tzdata2006n</application> release. &merged;</para> 1845 1846 <para><application>tip</application> has been updated to a 1847 snapshot from OpenBSD as of 20060831.</para> 1848 1849 <para>TrustedBSD <application>OpenBSM</application>, 1850 version 1.0 alpha 12, an implementation of the documented Sun Basic 1851 Security Module (BSM) Audit API and file format, as well as local 1852 extensions to support the Mac OS X and &os; operating systems 1853 has been added. This also includes command line tools for audit 1854 trail reduction and conversion to text, as well as documentation 1855 of the commands, file format, and APIs. 1856 For this functionality, the <literal>AUDIT</literal> kernel option, 1857 <filename>/var/audit</filename> directory, and 1858 <literal>audit</literal> group have been added. &merged;</para> 1859 1860 <para><application>WPA Supplicant</application> 1861 has been updated from version 0.3.9 to version 0.4.8. 1862 &merged;</para> 1863 1864 <para><application>zlib</application> 1865 has been updated from version 1.2.2 to version 1.2.3. &merged;</para> 1866 </sect2> 1867 1868 <sect2 id="ports"> 1869 <title>Ports/Packages Collection Infrastructure</title> 1870 1871 <para>&man.pkg.add.1; now supports an <option>-F</option> 1872 flag to disable checking whether the same package is already 1873 installed or not. &merged;</para> 1874 1875 <para>The &man.pkg.add.1; program now supports an <option>-P</option> 1876 flag, which is the same as the <option>-p</option> flag 1877 except that the given prefix is also used recursively for the 1878 dependency packages if any. &merged;</para> 1879 1880 <para>The &man.pkg.add.1; and &man.pkg.create.1; utilities now support 1881 a <option>-K</option> flag to save packages to the current directory 1882 (or <varname>PKGDIR</varname> if defined) by default. 1883 &merged;</para> 1884 1885 <para>The &man.pkg.create.1; program now supports an <option>-x</option> 1886 flag to support basic regular expressions for package name, 1887 an <option>-E</option> flag for extended regular 1888 expressions, and a <option>-G</option> for exact matching. &merged;</para> 1889 1890 <para>The &man.pkg.version.1; utility now supports an <option>-o</option> 1891 flag to show the origin recorded on package generation 1892 instead of the package name, and an <option>-O</option> flag 1893 to list packages with a specific registered origin. 1894 &merged;</para> 1895 1896 <para>The &man.portsnap.8; utility (<filename>sysutils/portsnap</filename>) 1897 has been added into the &os; base system. This is a secure, 1898 easy to use, fast, lightweight, and generally good way for 1899 users to keep their ports trees up to date. &merged;</para> 1900 1901 <para>A incorrect handling of <varname>HTTP_PROXY_AUTH</varname> 1902 in the &man.portsnap.8; utility has been fixed. &merged;</para> 1903 1904 <para>The startup scripts from the <varname>local_startup</varname> 1905 directory now evaluated by using &man.rcorder.8; with scripts 1906 in the base system. &merged;</para> 1907 1908 <para>The suffix of startup scripts from the Ports Collection 1909 has been removed. This means <filename>foo.sh</filename> 1910 is renamed to <filename>foo</filename>, and now 1911 scripts whose name is something like 1912 <filename>foo.ORG</filename> will also be invoked. 1913 You are recommended to reinstall packages which install 1914 such scripts and remove extra files in the 1915 <varname>local_startup</varname> directory. &merged;</para> 1916 1917 <para>New <filename>rc.conf</filename> variables, 1918 <varname>ldconfig_local_dirs</varname> and 1919 <varname>ldconfig_local32_dirs</varname> have been added. 1920 These hold lists of local &man.ldconfig.8; directories. 1921 &merged;</para> 1922 1923 <para>The <command>@cwd</command> command in 1924 <filename>pkg-plist</filename> now allows 1925 the case where no directory argument is given. If no 1926 directory argument is given, it will set current 1927 working directory to the first prefix given by the 1928 <command>@cwd</command> command. &merged;</para> 1929 </sect2> 1930 1931 <sect2 id="releng"> 1932 <title>Release Engineering and Integration</title> 1933 1934 <para>The default partition sizing algorithm of the 1935 &man.sysinstall.8; utility has been changed.</para> 1936 1937 <itemizedlist> 1938 <listitem> 1939 <para>On systems where the disk capacity is larger than (3 * RAMsize + 10GB), 1940 the default sizes will now be as follows:</para> 1941 1942 <informaltable frame="none" pgwide="0"> 1943 <tgroup cols="2"> 1944 <colspec colwidth="1*"> 1945 <colspec colwidth="2*"> 1946 <thead> 1947 <row> 1948 <entry>Partition</entry> 1949 <entry>Size</entry> 1950 </row> 1951 </thead> 1952 1953 <tbody> 1954 <row><entry>swap</entry><entry>RAMsize * 2</entry></row> 1955 <row><entry><filename>/</filename></entry><entry>512 MB</entry></row> 1956 <row><entry><filename>/tmp</filename></entry><entry>512 MB</entry></row> 1957 <row><entry><filename>/var</filename></entry><entry>1024 MB + RAMsize</entry></row> 1958 <row><entry><filename>/usr</filename></entry><entry>the rest (8GB or more)</entry></row> 1959 </tbody> 1960 </tgroup> 1961 </informaltable> 1962 </listitem> 1963 1964 <listitem> 1965 <para>On systems where the disk capacity is larger than 1966 (RAMsize / 8 + 2 GB), the default sizes will be 1967 in the following ranges, with space allocated 1968 proportionally:</para> 1969 1970 <informaltable frame="none" pgwide="0"> 1971 <tgroup cols="2"> 1972 <colspec colwidth="1*"> 1973 <colspec colwidth="2*"> 1974 <thead> 1975 <row> 1976 <entry>Partition</entry> 1977 <entry>Size</entry> 1978 </row> 1979 </thead> 1980 1981 <tbody> 1982 <row><entry>swap</entry><entry>from RAMsize / 8 to RAMsize * 2</entry></row> 1983 <row><entry><filename>/</filename></entry><entry>from 256MB to 512MB</entry></row> 1984 <row><entry><filename>/tmp</filename></entry><entry>from 128MB to 512MB</entry></row> 1985 <row><entry><filename>/var</filename></entry><entry>from 128MB to 1024MB</entry></row> 1986 <row><entry><filename>/usr</filename></entry><entry>from 1536MB to 8192MB</entry></row> 1987 </tbody> 1988 </tgroup> 1989 </informaltable> 1990 </listitem> 1991 1992 <listitem> 1993 <para>On systems with even less disk space, the existing behavior is not 1994 changed.</para> 1995 </listitem> 1996 </itemizedlist> 1997 1998 <para>The &man.sysinstall.8; utility now displays the running &os; 1999 version in menu titles. &merged;</para> 2000 2001 <para>A new <literal>showconfig</literal> 2002 target has been added in <filename>src/Makefile</filename> 2003 to show the build configuration of the &os; source tree.</para> 2004 2005 <para>A <filename>/media</filename> directory has been 2006 added to contain mount points for removable media 2007 such as CDROMs, floppy disks, USB drives, and so on. &merged;</para> 2008 2009 <para>The <filename>src.conf</filename> file, which 2010 contains settings that will apply to every build involving 2011 the &os; source tree, has been added. 2012 For details, see &man.build.7; and &man.src.conf.5;.</para> 2013 2014 <para>The supported version of 2015 the <application>GNOME</application> desktop environment 2016 (<filename role="package">x11/gnome2</filename>) has been 2017 updated from 2.10.2 to 2.16.1. As a part of this update, the 2018 default prefix for <application>GNOME</application> (and some 2019 related programs) has moved from 2020 <filename>/usr/X11R6</filename> 2021 to <filename>/usr/local</filename>. &merged;</para> 2022 2023 <para>The supported version of 2024 the <application>KDE</application> desktop environment 2025 (<filename role="package">x11/kde3</filename>) has been 2026 updated from 3.4.2 to 3.5.4. &merged;</para> 2027 2028 <para>[&arch.amd64;, &arch.i386;] The supported Linux emulation now uses the 2029 libraries in the 2030 <filename role="package">emulators/linux_base-fc4</filename> 2031 package. &merged;</para> 2032 2033 <para>The supported version of 2034 the <application>Perl</application> interpreter 2035 (<filename role="package">lang/perl5.8</filename>) has been updated 2036 from 5.8.7 to 5.8.8. &merged;</para> 2037 2038 <para>The supported version of 2039 the <application>&xorg;</application> windowing system 2040 (<filename role="package">x11/xorg</filename>) has been updated 2041 from 6.8.2 to 6.9.0. &merged;</para> 2042 2043 <para>[&arch.pc98;] &os;/pc98 release CDROMs are now 2044 bootable on systems with some supported SCSI adapters. 2045 &merged;</para> 2046 </sect2> 2047 2048 <sect2 id="doc"> 2049 <title>Documentation</title> 2050 2051 <para>Documentation of existing functionality has been improved by 2052 the addition of the following manual pages: 2053 &man.acpi.sony.4;, &man.device.get.sysctl.9;, 2054 &man.ext2fs.5;, 2055 &man.mca.8;, 2056 &man.nanobsd.8;, 2057 &man.snd.mss.4;, &man.snd.t4dwave.4;, 2058 &man.sysctl.9;.</para> 2059 2060 <para>The manual pages for <application>NTP</application> 2061 have been updated to 4.2.0, to match the version of 2062 code actually included in &os;. &merged;</para> 2063 2064 <para>Initial support for kernel subsystem API documentation generating 2065 framework using <filename role="package">devel/doxygen</filename> 2066 has been added into <filename>src/sys/doc/subsys</filename>. 2067 To generate the API document, type <command>make doxygen</command> 2068 in <filename>src/</filename> directory.</para> 2069 </sect2> 2070</sect1> 2071 2072<sect1 id="upgrade"> 2073 <title>Upgrading from previous releases of &os;</title> 2074 2075 <para></para> 2076 2077 <important> 2078 <para>Upgrading &os; should, of course, only be attempted after 2079 backing up <emphasis>all</emphasis> data and configuration 2080 files.</para> 2081 </important> 2082</sect1> 2083</article> 2084