article.xml revision 169077
123353Sdfr<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ 223353Sdfr<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN"> 323353Sdfr%articles.ent; 423353Sdfr 523353Sdfr<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> 623353Sdfr%release; 723353Sdfr 823353Sdfr<!-- Text constants which probably don't need to be changed.--> 923353Sdfr 1023353Sdfr<!-- The marker for MFCs. --> 1123353Sdfr<!ENTITY merged "[MERGED]"> 1223353Sdfr 1323353Sdfr<!-- Architecture names --> 1423353Sdfr<!ENTITY arch.amd64 "amd64"> 1523353Sdfr<!ENTITY arch.arm "arm"> 1623353Sdfr<!ENTITY arch.i386 "i386"> 1723353Sdfr<!ENTITY arch.ia64 "ia64"> 1823353Sdfr<!ENTITY arch.pc98 "pc98"> 1923353Sdfr<!ENTITY arch.powerpc "powerpc"> 2023353Sdfr<!ENTITY arch.sparc64 "sparc64"> 2123353Sdfr<!ENTITY arch.sun4v "sun4v"> 2223353Sdfr 2323353Sdfr<!ENTITY % include.historic "IGNORE"> 2423353Sdfr<!ENTITY % no.include.historic "IGNORE"> 2523353Sdfr]> 2623353Sdfr 2723353Sdfr<article> 2823353Sdfr<articleinfo> 2950476Speter <title>&os; &release.current; Release Notes</title> 3023353Sdfr 31200042Strasz <corpauthor>The &os; Project</corpauthor> 32206622Suqs 3323353Sdfr <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 169077 2007-04-28 13:49:06Z bmah $</pubdate> 3423353Sdfr 3523353Sdfr <copyright> 3623353Sdfr <year>2000</year> 3723353Sdfr <year>2001</year> 3823353Sdfr <year>2002</year> 3984306Sru <year>2003</year> 4084306Sru <year>2004</year> 4123353Sdfr <year>2005</year> 42170323Skib <year>2006</year> 4323353Sdfr <year>2007</year> 4486691Sarr <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder> 4523353Sdfr </copyright> 4623353Sdfr 47108257Sru <legalnotice id="trademarks" role="trademarks"> 4823353Sdfr &tm-attrib.freebsd; 49108257Sru &tm-attrib.ibm; 5023353Sdfr &tm-attrib.ieee; 5123353Sdfr &tm-attrib.intel; 5223353Sdfr &tm-attrib.sparc; 5323353Sdfr &tm-attrib.general; 54115440Shmp </legalnotice> 55140931Sru 56115440Shmp <abstract> 57140931Sru <para>The release notes for &os; &release.current; contain a summary 58200042Strasz of the changes made to the &os; base system on the 59200042Strasz &release.branch; development line. 60115440Shmp This document lists applicable security advisories that were issued since 61140931Sru the last release, as well as significant changes to the &os; 62170323Skib kernel and userland. 63170323Skib Some brief remarks on upgrading are also presented.</para> 6423353Sdfr </abstract> 6523377Sdfr</articleinfo> 66170323Skib 67170323Skib<sect1 id="intro"> 68170323Skib <title>Introduction</title> 69170323Skib 70170323Skib <para>This document contains the release notes for &os; 71170323Skib &release.current;. It 72170323Skib describes recently added, changed, or deleted features of &os;. 73170323Skib It also provides some notes on upgrading 74170323Skib from previous versions of &os;.</para> 75129107Shmp 76170323Skib<![ %release.type.current [ 77129107Shmp 7823353Sdfr <para>The &release.type; distribution to which these release notes 7923353Sdfr apply represents the latest point along the &release.branch; development 8023353Sdfr branch since &release.branch; was created. Information regarding pre-built, binary 8123353Sdfr &release.type; distributions along this branch 8223353Sdfr can be found at <ulink url="&release.url;"></ulink>.</para> 8323353Sdfr 84108257Sru]]> 8551620Sdillon 8623353Sdfr<![ %release.type.snapshot [ 8751620Sdillon 8851620Sdillon <para>The &release.type; distribution to which these release notes 89108257Sru apply represents a point along the &release.branch; development 9051620Sdillon branch between &release.prev; and the future &release.next;. 91121382Shmp Information regarding 92121382Shmp pre-built, binary &release.type; distributions along this branch 93121382Shmp can be found at <ulink url="&release.url;"></ulink>.</para> 9451620Sdillon 9551620Sdillon]]> 9651620Sdillon 9723353Sdfr<![ %release.type.release [ 9823353Sdfr 9923353Sdfr <para>This distribution of &os; &release.current; is a 10023353Sdfr &release.type; distribution. It can be found at <ulink 10123353Sdfr url="&release.url;"></ulink> or any of its mirrors. More 10223353Sdfr information on obtaining this (or other) &release.type; 103147647Shmp distributions of &os; can be found in the <ulink 10434504Scharnier url="&url.books.handbook;/mirrors.html"><quote>Obtaining 105 &os;</quote> appendix</ulink> to the <ulink 106 url="&url.books.handbook;/">&os; 107 Handbook</ulink>.</para> 108 109]]> 110 111 <para>All users are encouraged to consult the release errata before 112 installing &os;. The errata document is updated with 113 <quote>late-breaking</quote> information discovered late in the 114 release cycle or after the release. Typically, it contains 115 information on known bugs, security advisories, and corrections to 116 documentation. An up-to-date copy of the errata for &os; 117 &release.current; can be found on the &os; Web site.</para> 118 119</sect1> 120 121<sect1 id="new"> 122 <title>What's New</title> 123 124 <para>This section describes 125 the most user-visible new or changed features in &os; 126 since &release.prev;. 127 In general, changes described here are unique to the &release.branch; 128 branch unless specifically marked as &merged; features. 129 </para> 130 131 <para>Typical release note items 132 document recent security advisories issued after 133 &release.prev;, 134 new drivers or hardware support, new commands or options, 135 major bug fixes, or contributed software upgrades. They may also 136 list changes to major ports/packages or release engineering 137 practices. Clearly the release notes cannot list every single 138 change made to &os; between releases; this document focuses 139 primarily on security advisories, user-visible changes, and major 140 architectural improvements.</para> 141 142 <sect2 id="security"> 143 <title>Security Advisories</title> 144 145 <para>A temporary file vulnerability in &man.texindex.1;, which 146 could allow a local attacker to overwrite files in the context 147 of a user running the &man.texindex.1; utility, has been fixed. 148 For more details see security advisory <ulink 149 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:01.texindex.asc">FreeBSD-SA-06:01.texindex</ulink>. &merged;</para> 150 151 <para>A temporary file vulnerability in the &man.ee.1; text 152 editor, which could allow a local attacker to overwrite files in 153 the context of a user running &man.ee.1;, has been fixed. For 154 more details see security advisory <ulink 155 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:02.ee.asc">FreeBSD-SA-06:02.ee</ulink>. &merged;</para> 156 157 <para>Several vulnerabilities in the &man.cpio.1; utility have 158 been corrected. For more 159 details see security advisory <ulink 160 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:03.cpio.asc">FreeBSD-SA-06:03.cpio</ulink>. &merged;</para> 161 162 <para>An error in &man.ipfw.4; IP fragment handling, which could 163 cause a crash, has been fixed. For more 164 details see security advisory <ulink 165 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:04.ipfw.asc">FreeBSD-SA-06:04.ipfw</ulink>. &merged;</para> 166 167 <para>A potential buffer overflow in the IEEE 802.11 scanning code 168 has been corrected. For more 169 details see security advisory <ulink 170 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:05.80211.asc">FreeBSD-SA-06:05.80211</ulink>. &merged;</para> 171 172 <para>Two instances in which portions of kernel memory could be 173 disclosed to users have been fixed. For more details see 174 security advisory <ulink 175 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:06.kmem.asc">FreeBSD-SA-06:06.kmem</ulink>. &merged;</para> 176 177 <para>A logic bug in the IP fragment handling in &man.pf.4;, which 178 could cause a crash under certain circumstances, has been fixed. 179 For more details see security advisory <ulink 180 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:07.pf.asc">FreeBSD-SA-06:07.pf</ulink>. &merged;</para> 181 182 <para>A logic bug in the NFS server code, which could cause a crash when 183 the server received a message with a zero-length payload, has been fixed. 184 For more details see security advisory <ulink 185 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:10.nfs.asc">FreeBSD-SA-06:10.nfs</ulink>. &merged;</para> 186 187 <para>A programming error in the &man.fast.ipsec.4; implementation 188 results in the sequence number associated with a Security 189 Association not being updated, allowing packets to unconditionally 190 pass sequence number verification checks, has been fixed. 191 For more details see security advisory <ulink 192 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:11.ipsec.asc">FreeBSD-SA-06:11.ipsec</ulink>. &merged;</para> 193 194 <para>A logic bug that could cause &man.opiepasswd.1; to allow an unprivileged 195 user to configure OPIE authentication for the root user under certain 196 circumstances, has been fixed. 197 For more details see security advisory <ulink 198 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:12.opie.asc">FreeBSD-SA-06:12.opie</ulink>. &merged;</para> 199 200 <para>An asynchronous signal handling vulnerability in &man.sendmail.8;, 201 which could allow a remote attacker to execute arbitrary code with the 202 privileges of the user running sendmail, typically root, has been fixed. 203 For more details see security advisory <ulink 204 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:13.sendmail.asc">FreeBSD-SA-06:13.sendmail</ulink>. &merged;</para> 205 206 <para>[&arch.amd64;, &arch.i386;] An information disclosure issue found in the 207 &os; kernel running on 7th- and 8th-generation AMD processors 208 has been fixed. For more details see security advisory <ulink 209 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:14.fpu.asc">FreeBSD-SA-06:14.fpu</ulink>. &merged;</para> 210 211 <para>A bug in &man.ypserv.8;, which effectively disabled the 212 <filename>/var/yp/securenets</filename> access control mechanism, 213 has been corrected. More details are available in security 214 advisory 215 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:15.ypserv.asc">FreeBSD-SA-06:15.ypserv</ulink>. &merged;</para> 216 217 <para>A bug in the smbfs file system, which could allow an 218 attacker to escape out of &man.chroot.2 environments on an smbfs 219 mounted file system, has been fixed. For more details, see 220 security advisory 221 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc">FreeBSD-SA-06:16.smbfs</ulink>. &merged;</para> 222 223 <para>A potential denial of service problem in &man.sendmail.8; 224 caused by excessive recursion which leads to stack 225 exhaustion when attempting delivery of a malformed 226 MIME message, has been fixed. For more details, 227 see security advisory <ulink 228 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc">FreeBSD-SA-06:17.sendmail</ulink>. &merged;</para> 229 230 <para>A potential buffer overflow condition in &man.sppp.4; has 231 been corrected. For more details, see security advisory 232 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc">FreeBSD-SA-06:18.ppp</ulink>. &merged;</para> 233 234 <para>An OpenSSL bug related to validation of PKCS#1 v1.5 235 signatures has been fixed. For more details, see security 236 advisory 237 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:19.openssl.asc">FreeBSD-SA-06:19.openssl</ulink>. &merged;</para> 238 239 <para>A potential denial of service attack against &man.named.8; 240 has been fixed. For more details, see security advisory 241 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc">FreeBSD-SA-06:20.bind</ulink>. &merged;</para> 242 243 <para>Several programming errors have been fixed in &man.gzip.1;. 244 They could have the effect of causing a crash or an infinite 245 loop when decompressing files. More information can be found in 246 security advisory 247 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:21.gzip.asc">FreeBSD-SA-06:21.gzip</ulink>. &merged;</para> 248 249 <para>Several vulnerabilities have been fixed in OpenSSH. More 250 details can be found in security advisory 251 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:22.openssh.asc">FreeBSD-SA-06:22.openssh</ulink>. &merged;</para> 252 253 <para>Multiple errors in the OpenSSL &man.crypto.3; library have 254 been fixed. Potential effects are varied, and are documented in 255 more detail in security advisory 256 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc">FreeBSD-SA-06:23.openssl</ulink>. &merged;</para> 257 258 <para>A bug that could permit corrupt archives to cause an 259 infinite loop in &man.libarchive.3; and &man.tar.1; has been 260 fixed. More details are available in 261 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive.asc">FreeBSD-SA-06:24.libarchive</ulink>. &merged;</para> 262 263 <para>A bug that could allow users in 264 the <groupname>operator</groupname> group to read parts of kernel 265 memory has been corrected. For more details, consult security 266 advisory 267 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:25.kmem.asc">FreeBSD-SA-06:25.kmem</ulink>. &merged;</para> 268 269 <para>A bug in the <filename>jail</filename> startup script that 270 could permit privilege escalation via a symlink attack has been 271 fixed. More information is available in 272 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:01.jail.asc">FreeBSD-SA-07:01.jail</ulink>. &merged;</para> 273 274 <para>Two remote denials of service in BIND (one involving DNSSEC and 275 one involving recursive DNS queries) have been fixed. For more 276 information, see security advisory 277 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:02.bind.asc">FreeBSD-SA-07:02.bind</ulink>. &merged;</para> 278 279 <para>Processing of IPv6 type 0 Routing Headers is now 280 controlled by the <varname>net.inet6.ip6.rthdr0_allowed</varname> 281 sysctl variable, which defaults to <literal>0</literal> (off). 282 For more information, see security advisory 283 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:03.ipv6.asc">FreeBSD-SA-07:03.ipv6</ulink>. &merged;</para> 284 </sect2> 285 286 <sect2 id="kernel"> 287 <title>Kernel Changes</title> 288 289 <para>&man.acpi.4; now has support for the HPET time counter. &merged;</para> 290 291 <para>The &man.acpi.ibm.4; driver now supports setting the fan control 292 mode to manual or automatic, and adjusting the fan speed if the 293 fan control mode is manual. To enable manual control of the fan speed, 294 the sysctl variable <varname>dev.acpi_ibm.<replaceable>0</replaceable>.fan</varname> 295 needs to be set to zero (manual). This should only be used with 296 extreme precaution, as disabling automatic fan control might 297 overheat the hardware and lead to permanent damage.</para> 298 299 <para>The &man.apm.4; suspend/resume support has been improved.</para> 300 301 <para>Security event auditing is now supported in the &os; kernel, 302 and is enabled by the <literal>AUDIT</literal> kernel 303 configuration option. More information can be found in the 304 &man.audit.4; manual page.</para> 305 306 <para>The <literal>options COMPAT_43</literal> kernel 307 configuration option has been deemed unnecessary and has been 308 removed from <filename>GENERIC</filename> and related kernel 309 configurations. This change may result in a small performance 310 increase for some workloads.</para> 311 312 <para>The &man.ddb.4; debugger now provides the <literal>show lock</literal> 313 command. If the argument has a valid lock class, 314 this displays various information about the lock and calls a 315 new function pointer in lock_class (lc_ddb_show) to dump class-specific 316 information about the lock as well (such as the owner of a mutex or 317 xlock'ed sx lock). &merged;</para> 318 319 <para>The &man.ddb.4; debugger now provides the <literal>show sleepq</literal> 320 command. This takes a wait channel as an argument and looks 321 for a sleep queue associated with that wait channel.</para> 322 323 <para><filename>DEFAULTS</filename> kernel configuration files 324 for each platform have been added. These files contain 325 directives that are implicitly included in all kernel 326 configurations, and generally include basic, mandatory 327 functionality for each platform. &merged;</para> 328 329 <para>A bug in file descriptor handling such that a simple 330 <literal>close(0); dup(fd)</literal> sequence does not return 331 descriptor <literal>0</literal> in some cases, has been fixed.</para> 332 333 <para>The &man.firmware.9; subsystem has been added. This 334 subsystem provides a mechanism 335 to load binary data into the kernel via a specially crafted module. 336 &merged;</para> 337 338 <para>The &man.gdb.1; remote debugging interface now supports 339 copying console messages to a remote debugger instance. 340 To enable this, set <literal>debug.gdbcons="1"</literal> 341 in <filename>loader.conf</filename>, enter <literal>boot -d; 342 gdb; step</literal> from the loader prompt, 343 then attach &man.gdb.1; from a remote machine. 344 The sysctl variable <varname>debug.gdbcons</varname> can be 345 used to turn on/off this functionality.</para> 346 347 <para>&man.hwpmc.4; and &man.pmcstat.8; now support profiling 348 of dynamically loaded kernel modules and 349 shared objects loaded with &man.dlopen.3;. 350 &man.pmcstat.8; can now log over a network socket 351 to a remote host.</para> 352 353 <para>A new <varname>kern.hostuuid</varname> sysctl variable 354 has been added to hold a host's Universally Unique Identifier 355 (UUID). This UUID is computed or generated by a new 356 <filename>rc.d/hostid</filename> startup script and, where 357 possible, is saved to disk to be persistent across reboots.</para> 358 359 <para>Support for Kernel Scheduled Entities (KSE) is now a kernel 360 option (previously it was a mandatory feature in the kernel). 361 It is enabled in the GENERIC kernel (thus there is no change in 362 functionality) for all platforms except &arch.sun4v;.</para> 363 364 <para>Support for Message Signaled Interrupts (MSI) has been added to 365 the &man.pci.4; driver. &merged;</para> 366 367 <para>The &man.priv.9; kernel interface has been added. Its purpose 368 is checking the availability of privilege for threads and credentials. 369 Unlike the existing &man.suser.9; interface, &man.priv.9; exposes a 370 named privilege identifier to the privilege checking code, allowing 371 more complex policies regarding the granting of privilege to be 372 expressed.</para> 373 374 <para>The &man.random.4; entropy device driver is now MPSAFE. 375 &merged;</para> 376 377 <para>&os; now supports concurrent &man.read.2;/&man.readv.2; 378 access to a file.</para> 379 380 <para>The kernel's &man.sx.9; locks have been optimized to use 381 simple atomic operations for the common cases of obtaining and 382 releasing shared and exclusive locks. While this change is not 383 generally user-visible, it is the basis for some substantial 384 performance improvements.</para> 385 386 <para>The ULE process scheduler has been revised to improve its 387 behavior, in particular interactivity under load. This 388 implementation can commonly be referred to as <quote>ULE 389 2.0</quote>.</para> 390 391 <para>The experimental CORE process scheduler has been added, 392 enabled with the <literal>options SCHED_CORE</literal> kernel 393 configuration option. It is forked from the &man.sched.ule.4; 394 scheduler, but 395 with a different algorithm for detecting an interactive process. 396 More information can be found in the &man.sched.core.4; manual 397 page.</para> 398 399 <para>The <literal>SIGCHLD</literal> signal queuing has been 400 added. For each child process whose status has been changed, 401 a <literal>SIGCHLD</literal> instance is queued. If the signal is still pending, 402 and the process changed status several times, the signal information 403 is updated to reflect the latest process status. 404 There is a loader tunable <varname>kern.sigqueue.queue_sigchild</varname> 405 which can control the behavior, setting it to zero disables the 406 <literal>SIGCHLD</literal> queuing feature.</para> 407 408 <para>[&arch.amd64;, &arch.i386;] Instead of including all of physical 409 memory in a kernel crash dump, the kernel now defaults to dumping only pages that are 410 actively mapped into kernel virtual memory. A new 411 <varname>debug.minidump</varname> sysctl variable 412 can be used to turn off this behavior when set to zero. &merged;</para> 413 414 <para>A new sysctl variable <varname>kern.malloc_stats</varname> 415 has been added. This allows exporting of kernel malloc 416 statistics via a binary structure stream.</para> 417 418 <para>A new sysctl variable <varname>kern.forcesigexit</varname> 419 has been added. This forces a process 420 to sigexit if a trap signal is being held by the current thread or 421 ignored by the current process. It is enabled by default.</para> 422 423 <para>The pcvt(4) driver, an alternative to &man.syscons.4;, 424 has been removed, as it had fallen out of sync with the rest 425 of the kernel.</para> 426 427 <para>RedZone, a buffer corruption protection for the kernel &man.malloc.9; 428 facility has been implemented. This detects both buffer underflows and 429 overflows at runtime on &man.free.9; and &man.realloc.9;, 430 and prints backtraces from where memory was allocated and from where 431 it was freed. For more details, see the &man.redzone.9; manual page.</para> 432 433 <para>A new sysctl variable <varname>security.mac.biba.interfaces_equal</varname> 434 which makes all network interfaces be created with the label 435 <literal>biba/equal(equal-equal)</literal>, has been added. 436 This is useful where programs such as &man.dhclient.8; and &man.ppp.8;. 437 which initialize network interfaces do not have any labeling support. 438 This variable is set as <literal>0</literal> (disabled) by default. 439 &merged;</para> 440 441 <para>A new sysctl variable <varname>vm.zone_stats</varname> 442 has been added. This allows to export &man.uma.9; allocator 443 statistics via a binary structure stream.</para> 444 445 <para>The sysctl variable <varname>hw.pci.do_powerstate</varname> 446 has been split into two sysctl variables 447 <varname>hw.pci.do_powerstate_nodriver</varname> 448 and <varname>hw.pci.do_powerstate_resume</varname>. 449 Also, these variables have been changed from a boolean to a range. 450 <literal>0</literal> means no power management, 451 <literal>1</literal> means conservative power management which 452 any device class that has caused problems is added to the watch list, 453 <literal>2</literal> means aggressive power management where 454 any device class that is not fundamental to the system is added to the list, 455 and <literal>3</literal> means power them all down unconditionally. 456 The default values are <literal>0</literal> for 457 <varname>hw.pci.do_powerstate_nodriver</varname> and 458 <literal>1</literal> for <varname>hw.pci.do_powerstate_resume</varname>.</para> 459 460 <para>[&arch.ia64;] The <filename>GENERIC</filename> kernel now enables 461 SMP support by default.</para> 462 463 <para>Sample kernel configuration files 464 <filename>src/sys/<replaceable>arch</replaceable>/conf/MAC</filename> 465 for the Mandatory Access Control framework have been added.</para> 466 467 <para><varname>POSIX_TIMERS</varname> support has been updated to 200112L.</para> 468 469 <para>An experimental support for POSIX message queue has been 470 implemented.</para> 471 472 <para>&os; now runs on the Xbox, whose architecture is nearly identical 473 to the i386. For details of the latest development, see 474 <ulink url="http://www.FreeBSD.org/platforms/xbox.html"></ulink>. 475 &merged; </para> 476 477 <para>The locking strategy for UNIX domain sockets has been 478 revised to improve concurrency; this change has yielded 479 substantial performance improvements on various SMP workloads 480 (in particular, MySQL on 8-way &arch.amd64; systems) with little 481 or no measured overhead on UP systems.</para> 482 483 <para>Several minor but widespread changes to the Newbus API have 484 been made In order to support some on-going work with interrupt 485 filtering. Because this change also breaks the kernel ABI, all 486 third-party device drivers will need to be modified and 487 recompiled.</para> 488 489 <sect3 id="boot"> 490 <title>Boot Loader Changes</title> 491 492 <para>A new option <option>-S</option>, 493 which allows setting the <filename>boot2</filename> 494 serial console speed in the <filename>/boot.config</filename> 495 file or on the <prompt>boot:</prompt> prompt line, 496 has been added.</para> 497 498 <para>[&arch.amd64;, &arch.i386;] A new loader tunable 499 <varname>comconsole_speed</varname> to change 500 the serial console speed has been added. 501 If the previous stage boot loader requested a serial console, 502 then the default speed is determined from the current serial port 503 speed. Otherwise it is set to 9600 or the value of 504 the <literal>BOOT_COMCONSOLE_SPEED</literal> kernel option. 505 &merged;</para> 506 507 <!-- Above this line, order boot loader changes by keyword--> 508 509 <para>[&arch.pc98;] A bootable CDROM loader has been implemented 510 for the pc98 platform. &merged;</para> 511 512 <para>[&arch.pc98;] The <application>IPLware</application> support 513 in boot0.5 has been enhanced to support version 3.33.</para> 514 515 <para>[&arch.i386;] A bug in the i386 boot loader, which could 516 cause file system corruption if 517 a <filename>nextboot.conf</filename> file was used and landed 518 after cylinder 1023, has been fixed. &merged;</para> 519 520 </sect3> 521 522 <sect3 id="proc"> 523 <title>Hardware Support</title> 524 525 <para>The &man.amdsmb.4; driver has been added. It provides 526 support for the AMD-8111 SMBus 2.0 controller. &merged;</para> 527 528 <para>The &man.cardbus.4;, &man.pccard.4;, 529 &man.pccbb.4;, and &man.exca.4; drivers are now buildable 530 as kernel modules.</para> 531 532 <para>An &man.acpi.dock.4; driver has been added to provide 533 support for controlling laptop docking station functions via 534 ACPI. &merged;</para> 535 536 <para>The &man.acpi.thermal.4; driver now supports 537 passive cooling. &merged;</para> 538 539 <para>The &man.acpi.thermal.4; driver now supports overriding 540 the <literal>_PSV</literal>, <literal>_HOT</literal>, and 541 <literal>_CRT</literal> temperature values.</para> 542 543 <para>Support for the alpha architecture has been removed. Alpha 544 support will remain on the RELENG_5 and RELENG_6 codelines.</para> 545 546 <para>The &man.cardbus.4; driver now supports 547 <filename>/dev/cardbus<replaceable>%d</replaceable>.cis</filename>.</para> 548 549 <para>[&arch.i386;, &arch.pc98;] The &man.ce.4; driver, 550 which supports Cronyx Tau-PCI/32 adapters, has been added. 551 &merged;</para> 552 553 <para>The <literal>est</literal> &man.cpufreq.4; driver now supports 554 frequency control for the VIA C7-M family of processors.</para> 555 556 <para>Support for the PadLock Security Co-processor in VIA C3, 557 Eden, and C7 558 processors has been added to the &man.crypto.9; subsystem. 559 More information can be found in the &man.padlock.4; manual 560 page. 561 &merged;</para> 562 563 <para>icee(4), a generic I2C EEPROM driver, has been added.</para> 564 565 <para>A bug which prevented the &man.ichsmb.4; kernel module 566 from unloading has been fixed.</para> 567 568 <para>[&arch.amd64;, &arch.i386;] Dual-core processors (such as the Intel 569 Core Duo) now have both cores available for use by 570 default in SMP-enabled kernels. &merged;</para> 571 572 <para>[&arch.amd64;, &arch.i386;] &man.ipmi.4;, an OpenIPMI compatible driver, 573 has been added. 574 OpenIPMI (Intelligent Platform Management Interface) is an open 575 standard designed to enable remote monitoring and control of server, 576 networking and telecommunication platforms. &merged;</para> 577 578 <para>The &man.kbdmux.4; driver has been integrated into &man.syscons.4; and 579 the <devicename>kbd</devicename> device driver. 580 By default &man.syscons.4; will look for the &man.kbdmux.4; 581 keyboard first, and then, if not found, look for any keyboard. 582 Switching to &man.kbdmux.4; can be done at boot time by loading 583 the <literal>kbdmux</literal> kernel module via &man.loader.8;, 584 or at runtime via &man.kldload.8; and releasing the active 585 keyboard. &merged;</para> 586 587 <para>[&arch.amd64;, &arch.i386;] The &man.kbdmux.4; driver is now included in the 588 <filename>GENERIC</filename> kernel by default. 589 Also, the <quote>Boot FreeBSD with USB keyboard</quote> 590 menu item in the boot loader menu has been removed 591 since this fixes USB keyboard probing problems. 592 &merged;</para> 593 594 <para>The &man.nfsmb.4; driver, which supports the NVIDIA nForce 595 2/3/4 SMBus 2.0 controller, has been added. &merged;</para> 596 597 <para>[&arch.ia64;, &arch.powerpc;] The loader tunable <varname>debug.mpsafevfs</varname> 598 is set to <literal>1</literal> by default.</para> 599 600 <para>The &man.sab.4; driver has been removed (it has been 601 superceded by the &man.scc.4; driver).</para> 602 603 <para>The &man.scc.4; driver has been added. 604 This provides generic support for serial communications 605 controllers and delegates the control over each channel 606 and mode to a subordinate driver such as &man.uart.4;.</para> 607 608 <para>[&arch.amd64;] The smbios(4) driver support for amd64 has been 609 added.</para> 610 611 <para>[&arch.sun4v;] &os; now has preliminary support for the Sun Microsystems 612 UltraSPARC-T1 architecture. &os;/sun4v has been demonstrated 613 to run on the Sun Fire T1000 and Sun Fire T2000 servers. 614 More information can be found on the 615 <ulink url="http://www.FreeBSD.org/platforms/sun4v.html">sun4v 616 Project</ulink> 617 page.</para> 618 619 <para>The tnt4882(4) driver, which supports the National Instruments 620 PCI-GPIB card, has been added.</para> 621 622 <para>[&arch.amd64;, &arch.i386;, &arch.ia64;, &arch.sparc64;] The &man.uart.4; driver has been included in the 623 <filename>GENERIC</filename> kernel by default. 624 When both &man.sio.4; and &man.uart.4; can handle a given serial port, 625 &man.sio.4; will claim it.</para> 626 627 <para>The &man.uart.4; driver now supports LOM (Lights Out Management) 628 and RSC (Remote System Control) devices as consoles.</para> 629 630 <para>The zs driver has been removed. Its functionality 631 has been superceded by that of the &man.uart.4; driver.</para> 632 633 <para>[&arch.i386;] A new loader tunable 634 <varname>hw.apic.enable_extint</varname> has been added. 635 This tunable can be used to disable masking of the ExtINT pin on the first 636 I/O APIC. At least one chipset for the Intel Pentium III seems 637 to need this, even though all of the pins in the 8259As are masked. 638 The default is still to mask the ExtINT pin.</para> 639 640 <para>[&arch.i386;] Support has been improved for 641 so-called <quote>legacy-free</quote> hardware, in particular, 642 i386 systems without AT-style keyboard controllers such as the 643 Macbook Pro. &merged;</para> 644 645 <sect4 id="mm"> 646 <title>Multimedia Support</title> 647 648 <para>The &man.agp.4; driver now supports ATI AGP chipsets. 649 &merged;</para> 650 651 <para>The new midi(4) driver which is based on NetBSD's one 652 has been added. This supports &man.snd.cmi.4; and 653 &man.snd.emu10k1.4; drivers.</para> 654 655 <para>The &man.sound.4; driver now supports 656 wider range sampling rate, multiple precisions choice, 657 and 24/32 bit PCM format conversion. &merged;</para> 658 659 <para>The &man.snd.als4000.4; driver is now MPSAFE. &merged;</para> 660 661 <para>The &man.snd.atiixp.4; driver has been added. 662 This supports ATI IXP 200/300/400 series audio controllers. &merged;</para> 663 664 <para>The &man.snd.atiixp.4; driver now supports 665 suspend and resume features.</para> 666 667 <para>The &man.snd.cmi.4; driver is now MPSAFE.</para> 668 669 <para>The &man.snd.emu10kx.4; driver has been added. It 670 supports Creative SoundBlaster Live! and Audigy series sound 671 cards with optional pseudo-multichannel playback.</para> 672 673 <para>The &man.snd.envy24.4; driver has been added to support 674 the Envy24 series of audio chips.</para> 675 676 <para>The &man.snd.envy24ht.4; driver has been added to support 677 the VIA Envy24HT series of audio chips.</para> 678 679 <para>The &man.snd.es137x.4; driver is now MPSAFE. &merged;</para> 680 681 <para>The &man.snd.ich.4; driver is now MPSAFE. &merged;</para> 682 683 <para>The &man.snd.hda.4; driver has been added. It supports 684 devices that conform to revision 1.0 of the Intel High Definition 685 Audio specification.</para> 686 687 <para>The &man.snd.solo.4; driver is now MPSAFE. &merged;</para> 688 689 <para>The &man.snd.spicds.4; driver has been added to support 690 I2S SPI audio codec chips.</para> 691 692 <para>The &man.snd.via8233.4; driver is now MPSAFE. &merged;</para> 693 694 <para>The &man.snd.via82c686.4; driver is now MPSAFE. &merged;</para> 695 696 <para>[&arch.amd64;] The &man.speaker.4; driver now supports &os;/amd64. &merged;</para> 697 698 <para>The &man.uaudio.4; driver now supports 24/32 bit audio 699 formats and conversion.</para> 700 </sect4> 701 702 <sect4 id="net-if"> 703 <title>Network Interface Support</title> 704 705 <para>The &man.ath.4; driver has been updated to 706 HAL version 0.9.20.3. &merged;</para> 707 708 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;, &arch.sparc64;] 709 The &man.ath.4;, &man.ath.hal.4;, and 710 <literal>ath_rate_sample</literal> drivers have been 711 included in the <filename>GENERIC</filename> kernel by 712 default. &merged;</para> 713 714 <para>[&arch.amd64;, &arch.i386;] The &man.bce.4; driver, which supports Broadcom 715 NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet controllers, 716 has been added. For more details, see &man.bce.4;. &merged;</para> 717 718 <para>A bug which prevents the &man.bfe.4; driver from working 719 on a system with over 1GB RAM has been fixed. &merged;</para> 720 721 <para>The &man.bge.4; driver's Jumbo frame support is now MPSAFE.</para> 722 723 <para>The &man.bge.4; driver now supports big-endian 724 architectures such as sparc64.</para> 725 726 <para>The &man.bge.4; driver now supports &man.polling.4; mode. 727 &merged;</para> 728 729 <para>The &man.cm.4; driver is now MPSAFE.</para> 730 731 <para>The &man.cxgb.4; driver has been added. It provides support for 732 10 Gigabit Ethernet adapters based on the Chelsio T3 and T3B chipsets. 733 </para> 734 735 <para>The &man.dc.4; driver is now MPSAFE. &merged;</para> 736 737 <para>The &man.de.4; driver has been converted to the &man.bus.dma.9; 738 API and is now MPSAFE.</para> 739 740 <para>The &man.ed.4; driver is now MPSAFE.</para> 741 742 <para>The &man.el.4; driver has been removed due to lack of use.</para> 743 744 <para>The &man.em.4; driver now supports big-endian 745 architectures such as sparc64. &merged;</para> 746 747 <para>The &man.em.4; driver has been updated to 748 version 6.2.9 from Intel. Among other changes, it now supports 749 80003, 82571, 82571EB and 82572 based adapters, as well as 750 onboard-NICs on ICH8-based motherboards. &merged;</para> 751 752 <para>The &man.em.4; driver now includes 753 initial support for suspend and resume features.</para> 754 755 <para>The performance of the &man.em.4; driver has been improved 756 by using a fast interrupt handler and taskqueue 757 instead of ithread handler. This change can be disabled 758 by defining <literal>NO_EM_FASTINTR</literal> kernel option 759 for debugging purpose.</para> 760 761 <para>The firmware images needed by the &man.ipw.4; driver are now 762 part of the &os; base system. For the loaded firmware to work the 763 license at <filename>/usr/share/doc/legal/intel_ipw/LICENSE</filename> 764 must be agreed to and <literal>legal.intel_ipw.license_ack=1</literal> 765 has to be added to <filename>/boot/loader.conf</filename>. 766 Prior versions of the driver used the firmware image in the 767 <filename role="package">net/ipw-firmware-kmod</filename> 768 port/package or the 769 <filename role="package">net/ipw-firmware</filename> 770 port/package. &merged;</para> 771 772 <para>The &man.iwi.4; driver now supports big-endian 773 architectures such as sparc64.</para> 774 775 <para>A number of improvements and bugfixes have been made to the 776 functionality of the &man.iwi.4; driver. &merged;</para> 777 778 <para>The firmware images needed by the &man.iwi.4; driver are now 779 part of the &os; base system. For the loaded firmware to work the 780 license at <filename>/usr/share/doc/legal/intel_iwi/LICENSE</filename> 781 must be agreed to and <literal>legal.intel_iwi.license_ack=1</literal> 782 has to be added to <filename>/boot/loader.conf</filename>. 783 Prior versions of the driver used the firmware image in the 784 <filename role="package">net/iwi-firmware-kmod</filename> 785 port/package or the 786 <filename role="package">net/iwi-firmware</filename> 787 port/package. &merged;</para> 788 789 <para>The &man.le.4; driver, which supports AMD Am7900 LANCE 790 and Am79C9xx PCnet NICs, 791 has been added. While the &man.lnc.4; driver also supports these 792 NICs, this driver has several advantages over it such as 793 MPSAFE, ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI 794 variants. This driver is based on NetBSD's implementation. 795 &merged;</para> 796 797 <para>The &man.lge.4; driver is now MPSAFE. &merged;</para> 798 799 <para>The lnc(4) driver has been removed. The &man.le.4; and 800 &man.pcn.4; drivers support all devices that were supported 801 by lnc(4).</para> 802 803 <para>The &man.msk.4; driver has been added. It supports 804 network interfaces using the Marvell/SysKonnect Yukon II 805 Gigabit Ethernet controller. &merged;</para> 806 807 <para>The &man.my.4; driver is now MPSAFE. &merged;</para> 808 809 <para>The &man.my.4; driver now supports &man.altq.4;. &merged;</para> 810 811 <para>[&arch.amd64;, &arch.i386;] The &man.mxge.4; driver, 812 which supports Myricom Myri10GE 10 Gigabit Ethernet 813 adapters, has been added. For more details, see 814 &man.mxge.4;.</para> 815 816 <para>The &man.nfe.4; driver, an open-source driver for nForce 817 Ethernet devices, has been added, originally from 818 OpenBSD.</para> 819 820 <para>[&arch.arm;] The &man.npe.4; driver, which supports the 821 Intel XScale Network Processing Engine, has been 822 added. &merged;</para> 823 824 <para>The &man.nve.4; driver has been updated to version 1.0-0310 825 (23-Nov-2005). It also now has &man.altq.4; support. &merged;</para> 826 827 <para>The &man.pcn.4; driver is now MPSAFE. &merged;</para> 828 829 <para>The &man.re.4; driver now supports the D-Link DGE-528(T) 830 Gigabit Ethernet card.</para> 831 832 <para>The &man.sf.4; driver is now MPSAFE. &merged;</para> 833 834 <para>The &man.sk.4; driver is now MPSAFE. &merged;</para> 835 836 <para>The &man.ste.4; driver is now MPSAFE. &merged;</para> 837 838 <para>The &man.stge.4; driver has been added. It supports the 839 Sundance/Tamarack TC9021 Gigabit Ethernet controller and was 840 ported from NetBSD. &merged;</para> 841 842 <para>The &man.ti.4; driver now supports big-endian 843 architectures such as sparc64.</para> 844 845 <para>The &man.ufoma.4; driver for 846 FOMA (third generation mobile phone system by NTT DoCoMo, Inc. 847 in Japan) has been added. 848 This should support other third generation mobile phones 849 since the driver is based on USB Implementation Guideline 850 from MCPC (Mobile Computing Promotion Consortium) in Japan.</para> 851 852 <para>The vgapci(4) driver has been added. This is a stub 853 device driver for VGA PCI devices and serves as a bus 854 so that other drivers such as drm(4), 855 &man.acpi.video.4;, and &man.agp.4; can attach to 856 it thus allowing multiple drivers for the same device.</para> 857 858 <para>The &man.vge.4; driver now supports &man.altq.4;. &merged;</para> 859 860 <para>The &man.wi.4; driver is now buildable as 861 a kernel module.</para> 862 863 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] The &man.wlan.wep.4;, 864 &man.wlan.ccmp.4;, and &man.wlan.tkip.4; drivers 865 have been included in the <filename>GENERIC</filename> 866 kernel by default.</para> 867 868 <para>The network interface groups feature has been imported 869 from OpenBSD. This feature allows an administrator to, for 870 example, apply firewall rules to an entire group of 871 interfaces. More information can be found in 872 &man.ifconfig.8;.</para> 873 874 <para>The 802.11 protocol stack now has support for 900 MHz 875 cards, as well as quarter- and half-channel support 876 for 802.11a. &merged;</para> 877 878 </sect4> 879 </sect3> 880 881 <sect3 id="net-proto"> 882 <title>Network Protocols</title> 883 884 <para>The &man.arp.4; retransmission algorithm has been 885 rewritten so that ARP requests are retransmitted without 886 suppression, while there is demand for such ARP entry. 887 Due to this change, a sysctl variable 888 <varname>net.link.ether.inet.host_down_time</varname> 889 has been removed. &merged;</para> 890 891 <para>The &man.arp.4; protocol now supports a sysctl variable 892 <varname>net.link.ether.inet.log_arp_permanent_modify</varname> 893 to suppress logging of attempts to modify 894 permanent ARP entries. &merged;</para> 895 896 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] An experimental BPF Just-In-Time compiler 897 has been implemented for both &man.bpf.4; and &man.ng.bpf.4;. 898 To enable this, the 899 <literal>options BPF_JITTER</literal> kernel option is needed. 900 The <varname>net.bpf_jitter.enable</varname> 901 can be used to disable this feature.</para> 902 903 <para>Multiple copies of a packet received via different 904 &man.bpf.4; listeners now all have identical 905 timestamps. &merged;</para> 906 907 <para>The &man.bpf.4; device now supports several new 908 &man.ioctl.2; calls to allow examining inbound vs. outbound 909 packets, as well as packets that have been injected onto the 910 network.</para> 911 912 <para>The bridge(4) driver has been removed from the tree. Its 913 functionality has been completely replaced by 914 &man.if.bridge.4;.</para> 915 916 <para>The &man.enc.4; IPsec filtering pseudo-device has been 917 added. It allows firewall packages using the &man.pfil.9; 918 framework to examine (and filter) IPsec traffic before 919 outbound encryption and after inbound decryption. &merged;</para> 920 921 <para>The &man.gre.4; driver, which is for GRE encapsulation 922 found in RFC 1701 and RFC 1702, now supports IPv6 over GRE.</para> 923 924 <para>The &man.if.bridge.4; driver now supports 925 creating SPAN ports, which transmit a copy of every frame 926 received by the bridge. This feature can be enabled 927 by using &man.ifconfig.8;. &merged;</para> 928 929 <para>The &man.if.bridge.4; driver now supports 930 RFC 3378 EtherIP. This change makes it possible to 931 add &man.gif.4; interfaces to bridges, which will then 932 send and receive IP protocol 97 packets. 933 Packets are Ethernet frames with an EtherIP header prepended. 934 &merged;</para> 935 936 <para>The &man.if.bridge.4; driver now supports RSTP, the Rapid 937 Spanning Tree Protocol (802.1w). &merged;</para> 938 939 <para>A hard-coded limit on the number of IPv4 multicast group 940 memberships (formerly 20) has been removed.</para> 941 942 <para>The path MTU discovery for multicast packets in the &os; 943 IPv6 stack has been disabled by default. 944 Path MTU notification from a large number of multicast routers 945 can be a kind of distributed Denial-of-Service attack to a router. 946 This feature can be re-enabled by using a new sysctl variable 947 <varname>net.inet6.ip6.mcast_pmtu</varname>. &merged;</para> 948 949 <para>IPv6 multicast forwarding is now dynamically loadable, via 950 the <filename>ip_mroute.ko</filename> module.</para> 951 952 <para>IPv6 link-local addresses are now enabled only 953 if <varname>ipv6_enable</varname> is set in &man.rc.conf.5;. 954 &merged;</para> 955 956 <para>The &man.ipfw.4; IP packet filter now supports IPv6. &merged;</para> 957 958 <para>The &man.ipfw.4; firewall system now supports 959 a <literal>tablearg</literal> feature, which allows 960 values obtained from a table lookup to be used as part of a 961 rule. &merged; 962 This feature can be used to optimize some rulesets 963 or to implement policy-based routing inside a firewall. 964 For example, the following rules will throw different 965 packets to different pipes:</para> 966 967 <programlisting>pipe 1000 config bw 1000Kbyte/s 968pipe 4000 config bw 4000Kbyte/s 969table 1 add x.x.x.x 1000 970table 1 add x.x.x.y 4000 971pipe tablearg ip from table(1) to any</programlisting> 972 973 <para>The &man.ipfw.4; packet filter now supports 974 <literal>tag</literal> and <literal>untag</literal> rule keywords. 975 When a packet matches a rule with the <literal>tag</literal> 976 keyword, the numeric tag for the given number in the range 977 from 0 to 65535 will be attached to the packet. 978 The tag acts as an internal marker (it is not sent out over 979 the wire) that can be used to identify these packets later on, 980 for example, by using <literal>tagged</literal> 981 rule option. For more details, see &man.ipfw.8;. &merged;</para> 982 983 <para>The <literal>IPFIREWALL_FORWARD_EXTENDED</literal> kernel 984 option has been removed. This option was used to permit 985 &man.ipfw.4; to redirect packets with local destinations. 986 This behavior is now always enabled when 987 the <literal>IPFIREWALL_FORWARD</literal> kernel option is 988 enabled. &merged;</para> 989 990 <para>The ip6fw(8) packet filter has been removed. Since &man.ipfw.4; has gained 991 IPv6 support, it should be used instead. Please note that some rules might need 992 to be adjusted.</para> 993 994 <para>The &man.lagg.4; driver, ported from OpenBSD and NetBSD, 995 has been added to support a variety of protocols and algorithms 996 for link aggregation, failover, and fault tolerance.</para> 997 998 <para>The &man.natm.4;, Native Mode ATM protocol layer is now MPSAFE.</para> 999 1000 <para>A new &man.ng.deflate.4; Netgraph node type has been 1001 added. It implements Deflate PPP compression. &merged;</para> 1002 1003 <para>The &man.ng.ether.4; Netgraph node no longer overwrites 1004 the MAC address of outgoing frames by default. &merged;</para> 1005 1006 <para>The &man.ng.iface.4; Netgraph node now supports &man.altq.4;. 1007 &merged;</para> 1008 1009 <para>A new &man.ng.pred1.4; Netgraph node type has been added 1010 to implement Predictor-1 PPP compression. &merged;</para> 1011 1012 <para>The &man.ng.tag.4; Netgraph node has been added to 1013 support the manipulation of mbuf tags attached to data in the 1014 kernel. &merged;</para> 1015 1016 <para>A bug has been fixed in which NFS over TCP would not reconnect 1017 when the server sent a FIN. This problem had occurred 1018 with Solaris NFS servers. &merged;</para> 1019 1020 <para>The default retransmit timer for NFS over TCP is now 60 seconds. 1021 This change prevents the unnecessary retransmission of 1022 non-idempotent NFS requests. The <varname>nfs_access_cache</varname> 1023 variable in &man.rc.conf.5; has also been changed to 60.</para> 1024 1025 <para>The default minimum number of nfsiod kernel threads 1026 (&man.sysctl.8; variable <varname>vfs.nfs.iodmin</varname>) 1027 has been changed from 4 to 0.</para> 1028 1029 <para>The sysctl variables <varname>net.inet.ip.portrange.reservedhigh</varname> 1030 and <varname>net.inet.ip.portrange.reservedlow</varname> 1031 can be used with IPv6 now. &merged;</para> 1032 1033 <para>A new sysctl variable <varname>net.inet.icmp.reply_from_interface</varname> 1034 has been added. This allows the &man.icmp.4; 1035 reply to non-local packets to be generated with 1036 the IP address the packet came through in. 1037 This is useful for routers to show in &man.traceroute.8; 1038 the actual path a packet has taken instead of 1039 the possibly different return path.</para> 1040 1041 <para>A new sysctl variable <varname>net.inet.icmp.quotelen</varname> 1042 has been added. This allows to change length of 1043 the quotation of the original packet in an ICMP reply. 1044 The minimum of 8 bytes is internally enforced. 1045 The maximum quotation is the remaining space in the 1046 reply mbuf. This option is added in response to the 1047 issues raised in I-D 1048 <filename>draft-gont-icmp-payload-00.txt</filename>.</para> 1049 1050 <para>The &man.icmp.4; now always quotes the entire TCP header 1051 when responding and allocate an mbuf cluster if needed. 1052 This change fixes the TCP issues raised in I-D 1053 <filename>draft-gont-icmp-payload-00.txt</filename>.</para> 1054 1055 <para>A new socket option <literal>IP_MINTTL</literal> has been added. 1056 This may be used to set the minimum acceptable 1057 TTL a packet must have when received on a socket. 1058 All packets with a lower TTL are silently dropped. 1059 This works on already connected/connecting and 1060 listening sockets for RAW, UDP, and TCP. This option 1061 is only really useful when set to <literal>255</literal>, preventing packets 1062 from outside the directly connected networks reaching 1063 local listeners on sockets. Also, this option allows 1064 userland implementation of <quote>The Generalized TTL 1065 Security Mechanism (GTSM)</quote> found in RFC 3682.</para> 1066 1067 <para>The kernel &man.ppp.4; driver now supports IPv6.</para> 1068 1069 <para>Stealth forwarding now supports IPv6 as well as IPv4. 1070 This behavior can be controlled by using a new sysctl variable 1071 <varname>net.inet6.ip6.stealth</varname>.</para> 1072 1073 <para>The <literal>PIM</literal> kernel option has been removed. 1074 The corresponding code is now included in the 1075 <literal>MROUTING</literal> kernel option.</para> 1076 1077 <para>Support has been added for the Stream Control Transmission 1078 Protocol (SCTP). SCTP implements a reliable, message-oriented 1079 transport protocol, and is defined in RFC 3268. It is enabled 1080 in &os; with the <literal>SCTP</literal> kernel option.</para> 1081 1082 <para>The <literal>IPV6_V6ONLY</literal> socket option 1083 now works for UDP.</para> 1084 1085 <para>The <literal>TCP_DROP_SYNFIN</literal> kernel option is now 1086 included in the kernel by default. The 1087 <varname>net.inet.tcp.drop_synfin</varname> sysctl variable still 1088 defaults to <literal>0</literal>.</para> 1089 1090 <para>The TCP bandwidth-delay product limiting feature has 1091 been disabled when the RTT is below a certain threshold. 1092 This optimization does not make sense on a LAN, as it has 1093 trouble figuring out the maximal bandwidth due to the coarse 1094 tick granularity. A new sysctl variable 1095 <varname>net.inet.tcp.inflight.rttthresh</varname> specifies 1096 the threshold in milliseconds below which this feature 1097 will disengage. It defaults to 10ms. &merged;</para> 1098 1099 <para>The &os; network stack now has support for TCP 1100 Segmentation Offload (TSO). TSO reduces the overhead of 1101 sending bulk TCP data by allowing a network interface to 1102 convert a large data transfer into multiple TCP segments to be 1103 sent on the network. This functionality can be enabled or 1104 disabled on a per-interface basis with 1105 the <literal>tso</literal> and <literal>-tso</literal> flags 1106 to &man.ifconfig.8;. Network interfaces and drivers 1107 supporting TSO currently include &man.em.4;, 1108 &man.mxge.4; and &man.cxgb.4;.</para> 1109 1110 <para>&os; now supports auto-sizing of TCP socket buffers. This 1111 allows the socket buffer sizes to adapt dynamically to network 1112 conditions, rather than being set statically. The behavior of 1113 this feature can be controlled using 1114 the <varname>net.inet.tcp.sendbuf_*</varname> 1115 and <varname>net.inet.tcp.recvbuf_*</varname> sysctl 1116 variables.</para> 1117 1118 <para>The <varname>net.link.tap.up_on_open</varname> sysctl variable 1119 has been added to the &man.tap.4; driver. If enabled, new tap 1120 devices will marked <literal>up</literal> upon creation. &merged; 1121 </para> 1122 1123 <para>Support for &man.kqueue.2; operations has been added to 1124 the &man.tun.4; driver. &merged;</para> 1125 1126 </sect3> 1127 1128 <sect3 id="disks"> 1129 <title>Disks and Storage</title> 1130 1131 <para>The &man.aac.4; driver now supports the Adaptec 2610SA SATA-RAID 1132 controller in some Hewlett-Packard machines.</para> 1133 1134 <para>The performance of the &man.amr.4; driver has been improved; 1135 it also now supports full 64-bit DMA. While this feature is 1136 enabled by default, this can be forced off by setting the 1137 <varname>hw.amr.force_sg32</varname> loader tunable for 1138 debugging purpose. 1139 &merged;</para> 1140 1141 <para>The &man.amr.4; driver now supports the &man.ioctl.2; requests 1142 necessary for the Linux LSI MegaRaid tools in &os;'s Linux emulation 1143 environment. 1144 &merged;</para> 1145 1146 <para>The &man.arcmsr.4; driver has been updated to version 1147 1.20.00.13. &merged;</para> 1148 1149 <para>The &man.ahc.4; driver is now MPSAFE.</para> 1150 1151 <para>The &man.ahd.4; driver is now MPSAFE.</para> 1152 1153 <para>The &man.ata.4; driver now supports a workaround 1154 for some controllers whose DMA does not work properly 1155 in 48bit mode. For affected controllers, 1156 PIO mode will be used for access to areas beyond 137GB. 1157 &merged;</para> 1158 1159 <para>The &man.ata.4; driver now supports the ITE IT8211F IDE controller, 1160 and the Promise PDC40718 and PDC40719 chip found in Promise 1161 Fasttrak TX4300. 1162 &merged;</para> 1163 1164 <para>The &man.ata.4; driver now supports DMA for kernel crash dumps, 1165 as well as crash dumping to an &man.ataraid.4; device. 1166 &merged;</para> 1167 1168 <para>The &man.ata.4; driver now supports USB mass storage class 1169 devices. To enable it, a line <literal>device atausb</literal> 1170 in the kernel configuration file or loading the 1171 <filename>atausb</filename> kernel module is needed. 1172 Note that this functionality cannot coexist with the 1173 &man.umass.4; driver. &merged;</para> 1174 1175 <para>The &man.ataraid.4; driver now supports 1176 JMicron ATA RAID metadata. &merged;</para> 1177 1178 <para>The CAM subsystem is now MPSAFE.</para> 1179 1180 <para>The <literal>GEOM_LABEL</literal> class now supports 1181 Ext2FS, NTFS, and ReiserFS. &merged;</para> 1182 1183 <para>The <literal>GEOM_MIRROR</literal> class now supports 1184 kernel crash dumps to the GEOM providers. 1185 &merged;</para> 1186 1187 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal> 1188 classes now support sysctl variables 1189 <varname>kern.geom.mirror.disconnect_on_failure</varname> 1190 and 1191 <varname>kern.geom.graid3.disconnect_on_failure</varname> 1192 to control whether failed components will be disconnected or not. 1193 The default value is <literal>1</literal> to preserve the current 1194 behavior, and if it is set to <literal>0</literal> such components 1195 are not disconnected and the kernel will try to still use them 1196 (only the first error will be logged). 1197 This is helpful for the case of multiple broken components (in 1198 different places), so actually all data is available. 1199 The broken components will be visible in <command>gmirror list</command> 1200 or <command>graid3 list</command> output with flag 1201 <literal>BROKEN</literal>. 1202 &merged;</para> 1203 1204 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal> 1205 classes now use parallel I/O requests for synchronization 1206 to improve the performance. New sysctl variables 1207 <varname>kern.geom.mirror.sync_requests</varname> and 1208 <varname>kern.geom.raid3.sync_requests</varname> 1209 define how many parallel I/O requests should be used. 1210 Also, the sysctl variables 1211 <varname>kern.geom.mirror.reqs_per_sync</varname>, 1212 <varname>kern.geom.mirror.syncs_per_sec</varname>, 1213 <varname>kern.geom.raid3.reqs_per_sync</varname>, and 1214 <varname>kern.geom.raid3.syncs_per_sec</varname> 1215 are deprecated and have been removed. 1216 &merged;</para> 1217 1218 <para>A new GEOM_MULTIPATH class has been added to support 1219 multiple access paths to disk devices. The &man.gmultipath.8; 1220 utility has been added to control the behavior of disk devices 1221 using this feature.</para> 1222 1223 <para>A new GEOM class <literal>GEOM_ZERO</literal> has been added. 1224 It creates a very huge provider (41PB) <filename>/dev/gzero</filename> 1225 and is mainly useful for performance testing. 1226 On <literal>BIO_READ</literal> request it zero-fills 1227 <varname>bio_data</varname> and on <literal>BIO_WRITE</literal> 1228 it does nothing. 1229 &merged;</para> 1230 1231 <para>The GEOM class kernel module <filename>g_md.ko</filename> 1232 has been renamed to <filename>geom_md.ko</filename> 1233 for consistency.</para> 1234 1235 <para>[&arch.amd64;, &arch.i386;] The &man.hptmv.4; driver has been updated and now supports 1236 amd64 as well as PAE.</para> 1237 1238 <para>The &man.mfi.4; driver, which supports 1239 the LSI MegaRAID SAS controller family, has been added. 1240 &merged;</para> 1241 1242 <para>The &man.mpt.4; driver has been updated to support 1243 various new features such as RAID volume and RAID member 1244 state/settings reporting, periodic volume re-synchronization 1245 status reporting, and sysctl variables for volume 1246 re-synchronization rate, volume member write cache status, 1247 and volume transaction queue depth.</para> 1248 1249 <para>The &man.mpt.4; driver now supports SAS HBA (partially), 1250 64-bit PCI, and large data transfer.</para> 1251 1252 <para>The &man.twa.4; driver has been updated to the 9.3.0.1 1253 release on the 3ware Web site. &merged;</para> 1254 1255 <para>A new GEOM-based disk encryption facility, GEOM_ELI, has been 1256 added. It uses the &man.crypto.9; framework for hardware acceleration 1257 and supports different cryptographic algorithms. See &man.geli.8; for 1258 more information. &merged;</para> 1259 1260 <para>The &man.geli.8; disk encryption system now supports loading keyfiles before the root 1261 file system is mounted. &merged; 1262 For example, the following entries 1263 can be used in <filename>/boot/loader.conf</filename> to enable 1264 it:</para> 1265 1266 <programlisting>geli_da0_keyfile0_load="YES" 1267geli_da0_keyfile0_type="da0:geli_keyfile0" 1268geli_da0_keyfile0_name="/boot/keys/da0.key0" 1269geli_da0_keyfile1_load="YES" 1270geli_da0_keyfile1_type="da0:geli_keyfile1" 1271geli_da0_keyfile1_name="/boot/keys/da0.key1" 1272geli_da0_keyfile2_load="YES" 1273geli_da0_keyfile2_type="da0:geli_keyfile2" 1274geli_da0_keyfile2_name="/boot/keys/da0.key2" 1275 1276geli_da1s3a_keyfile0_load="YES" 1277geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0" 1278geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"</programlisting> 1279 1280 <para>&man.geli.8; is now able to perform data integrity 1281 verification (data authentication) of encrypted data stored on 1282 disk. Note that the encryption algorithm is now specified to 1283 the &man.geli.8; control program using the <option>-e</option> 1284 option; the <option>-a</option> option is now used to specify 1285 the authentication algorithm. &merged;</para> 1286 1287 <para>The sg driver, which emulates a significant 1288 subset of the Linux SCSI SG passthrough device API, has 1289 been added. It is 1290 intended to allow programs running under Linux emulation 1291 (as well as native &os; applications) to access the 1292 <filename>/dev/sg<replaceable>*</replaceable></filename> 1293 devices supported by Linux. &merged;</para> 1294 1295 <para>The &man.umass.4; driver now supports 1296 <literal>PLAY_MSF</literal>, 1297 <literal>PLAY_TRACK</literal>, 1298 <literal>PLAY_TRACK_REL</literal>, 1299 <literal>PAUSE</literal>, 1300 <literal>PLAY_12</literal> commands so that 1301 the &man.cdcontrol.1; utility can handle a USB CD drive.</para> 1302 </sect3> 1303 1304 <sect3 id="fs"> 1305 <title>File Systems</title> 1306 1307 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] The &man.linsysfs.5; 1308 pseudo-file system driver has been added. 1309 It provides a subset of the 1310 Linux <filename>sys</filename> file system, and is required for 1311 the correct operation of some Linux binaries (such as the LSI 1312 MegaRAID SAS utility). &merged;</para> 1313 1314 <para>A part of the FreeBSD NFS subsystem (the interface with 1315 the protocol stack and callouts, the NFS client side) is now MPSAFE.</para> 1316 1317 <para>The &man.pseudofs.9; pseudo file system construction kit and 1318 all of its consumers (&man.procfs.5;, &man.linprocfs.5; and 1319 &man.linsysfs.5;), are now MPSAFE.</para> 1320 1321 <para>The unionfs file system has been re-implemented. This 1322 version solves many crashing and locking issues compared to 1323 the previous implementation. It also adds 1324 new <quote>transparent</quote> and <quote>masquerade</quote> 1325 modes for automatically creating files in the upper file system 1326 layer of unions. More information can be found in the 1327 &man.mount.unionfs.8; manual page. &merged;</para> 1328 1329 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] Support for Sun's ZFS has been 1330 added. More information about this file system can be found 1331 in the &man.zfs.8; manual page or 1332 on the <ulink url="http://www.opensolaris.org/os/community/zfs/"> 1333 OpenSolaris ZFS page</ulink>.</para> 1334 1335 <para>Initial (read-only) support for SGI's XFS file system has been 1336 added.</para> 1337 </sect3> 1338 </sect2> 1339 1340 <sect2 id="userland"> 1341 <title>Userland Changes</title> 1342 1343 <para>The addr2ascii() and ascii2addr() library calls, originally 1344 introduced by the INRIA IPv6 implementation, have been removed 1345 from <filename>libc</filename>. They have no consumers in the 1346 &os; base system. In a related change, support 1347 for <literal>AF_LINK</literal> addresses has been added to 1348 &man.getnameinfo.3;.</para> 1349 1350 <para>Padding of <varname>ai_addrlen</varname> 1351 in <varname>struct addrinfo</varname> has been removed, 1352 which was originally for the ABI compatibility. 1353 For example, this change breaks the ABI compatibility of the 1354 &man.getaddrinfo.3; function on 64-bit architectures, including 1355 &os;/amd64, &os;/ia64, and &os;/sparc64.</para> 1356 1357 <para>The &man.asf.8; utility has been revised and extended. Now 1358 it can operate via several interfaces including &man.kvm.3;, 1359 which supports not only live systems, but also kernel crash dumps. 1360 &merged;</para> 1361 1362 <para>The &man.arp.8; utility now allows the <option>-i</option> 1363 option together with the <option>-d</option> and <option>-a</option> options 1364 to allow all entries for a given interface to be removed. &merged;</para> 1365 1366 <para>The OpenBSM userland tools, including &man.audit.8;, 1367 &man.auditd.8;, 1368 &man.auditreduce.1;, and 1369 &man.praudit.1;, have been added. &merged;</para> 1370 1371 <para>The &man.bsdiff.1; and &man.bspatch.1; utilities 1372 have been added. These are tools for constructing and 1373 applying binary patches. &merged;</para> 1374 1375 <para>The &man.bsnmpd.1; utility now supports the Host Resources 1376 MIB described in RFC 2790. &merged;</para> 1377 1378 <para>&man.cached.8; has been added. It is a daemon that caches 1379 the results of nsswitch lookups (such as those to the password, 1380 group, and services databases) for improved performance.</para> 1381 1382 <para>The &man.cmp.1; utility now supports an <option>-h</option> 1383 flag to compare the symbolic link itself rather than the 1384 file that the link points to. &merged;</para> 1385 1386 <para>The &man.config.8; utility now supports the <literal>nocpu</literal> 1387 directive, which cancels the effect of a 1388 previous <literal>cpu</literal> directive. &merged;</para> 1389 1390 <para>The &man.config.8; utility now reads <filename>DEFAULTS</filename> 1391 kernel configuration file if it exists in the current directory 1392 before the specified configuration file. &merged;</para> 1393 1394 <para>The &man.cp.1; utility now supports a <option>-l</option> 1395 option, which causes it to create hardlinks to the source files 1396 instead of copying them. &merged;</para> 1397 1398 <para>The &man.csh.1; utility now supports NLS catalogs. 1399 Note that this requires installing 1400 the <filename role="package">shells/tcsh_nls</filename> port. 1401 &merged;</para> 1402 1403 <para>The &man.csup.1; utility has been imported. 1404 This is an implementation of a CVSup-compatible client written 1405 in the C language. Note that it currently supports checkout mode 1406 only. &merged;</para> 1407 1408 <para>The &man.dhclient.8; program now sends the host's name in 1409 DHCP requests if it is not specified in the configuration 1410 file. &merged;</para> 1411 1412 <para>The &man.devd.8; utility now supports a <option>-f</option> option 1413 to specify a configuration file. &merged;</para> 1414 1415 <para>The &man.du.1; program now supports a <option>-n</option> 1416 flag, which causes it to ignore files and directories with 1417 the <literal>nodump</literal> flag set. &merged;</para> 1418 1419 <para>The &man.dump.8; and &man.restore.8; programs now attempt to 1420 save and restore extended attribute information on files.</para> 1421 1422 <para>The &man.fsdb.8; utility now supports changing the birth 1423 time of files on UFS2 file systems using the new 1424 <literal>btime</literal> command. &merged;</para> 1425 1426 <para>The &man.fsdb.8; program now supports 1427 a <literal>findblk</literal> command, which finds the inode(s) 1428 owning a specific disk block. &merged;</para> 1429 1430 <para>The &man.find.1; program now supports <option>-Btime</option> 1431 and other related primaries, which can be used to create expressions 1432 based on a file's creation time. &merged;</para> 1433 1434 <para>T/TCP support in &man.finger.1; (and the <option>-T</option> 1435 flag used to enable it) has been removed.</para> 1436 1437 <para>A bug in the &man.find.1; program which prevents 1438 numeric arguments for <option>-user</option> and 1439 <option>-group</option> from working as expected 1440 has been fixed.</para> 1441 1442 <para>The &man.freebsd-update.8; utility, a tool for managing 1443 binary updates to the &os; base system, has been added. &merged;</para> 1444 1445 <para>The &man.ftpd.8; utility now creates a PID file 1446 <filename>/var/run/ftpd.pid</filename> even when 1447 no <option>-p</option> option is specified. &merged;</para> 1448 1449 <para>The &man.ftpd.8; utility now has support for RFC2389 (FEAT) 1450 and rudimentary support for RFC2640 (UTF8). The RFC2640 support 1451 is optional and can be enabled using the new <option>-8</option> 1452 flag. More information can be found in the &man.ftpd.8; manual 1453 page.</para> 1454 1455 <para>The &man.gbde.8; utility now supports 1456 <option>-k</option> and <option>-K</option> options 1457 to specify a key file in addition to a passphrase.</para> 1458 1459 <para>The &man.getfacl.1; utility now supports 1460 a <option>-q</option> flag to suppress the per-file header 1461 comment listing the file name, owner, and group. 1462 &merged;</para> 1463 1464 <para>The &man.getent.1; utility has been imported from NetBSD. 1465 It retrieves and displays information from an administrative 1466 database (such as <filename>hosts</filename>) using the lookup 1467 order specified in &man.nsswitch.conf.5;. &merged;</para> 1468 1469 <para>The &man.gpt.8; utility now supports setting GPT partition labels.</para> 1470 1471 <para>The &man.gvinum.8; utility now supports commands 1472 to rename objects and to move a subdisk from 1473 one drive to another. &merged;</para> 1474 1475 <para>The &man.gvinum.8; utility now supports the 1476 <command>resetconfig</command> sub-command.</para> 1477 1478 <para>An implementation of Generic Security Service API (GSS-API) 1479 version 2 and its C binding described in RFC2743 and RFC2744 1480 has been added. This is a new extensible GSS-API layer which 1481 can support GSS-API plugins, similar the the Solaris 1482 implementation, and the Kerberos 5 GSS mechanism has 1483 been rewritten as a plugin library for the new implementation.</para> 1484 1485 <para>The &man.hccontrol.8; utility now supports HCI node 1486 autodetection.</para> 1487 1488 <para>The &man.id.1; utility now prints the effective user 1489 ID after the group ID.</para> 1490 1491 <para>The &man.id.1; utility now supports a <option>-A</option> 1492 flag to print process audit properties, including the audit user 1493 id. &merged;</para> 1494 1495 <para>The &man.ifconfig.8; utility now supports 1496 a <option>-k</option> flag to allow printing 1497 potentially sensitive keying material to standard output. 1498 This sensitive information will not be printed by default. 1499 &merged;</para> 1500 1501 <para>The &man.ifconfig.8; utility now supports a <option>-tunnel</option> 1502 parameter, which is just an alias for <option>deletetunnel</option>, 1503 yet is more convenient and easier to type. &merged;</para> 1504 1505 <para>The <option>-vlandev</option> parameter to &man.ifconfig.8; 1506 no longer requires a network interface as its argument. The 1507 argument still is supported for backward compatibility, but 1508 is now deprecated and its use is discouraged. &merged;</para> 1509 1510 <para>The &man.iostat.8; utility now supports 1511 a <option>-x</option> flag (inspired by Solaris) to print 1512 extended disk statistics. If the new <option>-z</option> flag is 1513 also specified, no output is made for disks with no 1514 activity. &merged;</para> 1515 1516 <para>The &man.ipfwpcap.8; utility has been added; it captures 1517 packets on a &man.divert.4; socket and writes them as 1518 &man.pcap.3; (also known as &man.tcpdump.1;) format data to a 1519 file or pipe.</para> 1520 1521 <para>The &man.jail.8; utility supports a <option>-J 1522 <replaceable>jid_file</replaceable></option> option to 1523 write out a JidFile, similar to a PidFile, containing 1524 the jailid, path, hostname, IP and the command used to start 1525 the jail. &merged;</para> 1526 1527 <para>The &man.jail.8; program now supports a <option>-s</option> 1528 option to specify a jail's securelevel. &merged;</para> 1529 1530 <para>The &man.jexec.8; utility now supports <option>-u</option> 1531 and <option>-U</option> flags to specify username credentials 1532 under which a command should be executed. &merged;</para> 1533 1534 <para>The &man.kdump.1; program now supports a <option>-H</option> 1535 flag, which causes kdump to print an additional field holding 1536 the threadid. &merged;</para> 1537 1538 <para>The &man.kdump.1; program now supports a <option>-s</option> 1539 flag to suppress the display of I/O data. &merged;</para> 1540 1541 <para>The &man.kdump.1; program now supports printing 1542 flags in a system call argument by using symbol names.</para> 1543 1544 <para>The &man.kenv.1; utility now supports a <option>-q</option> 1545 flag to suppress warnings.</para> 1546 1547 <para>&man.kgdb.1; now supports a <option>-w</option> 1548 option to open kmem-based targets in read-write mode. 1549 This allows one to use kgdb on <filename>/dev/mem</filename> 1550 and be able to patch memory on a live system.</para> 1551 1552 <para>The &man.lastcomm.1; utility now supports a <option>-X</option> 1553 flag to export accounting data in a text format.</para> 1554 1555 <para>The &man.libarchive.3; library now supports 1556 POSIX.1e-style Extended Attributes.</para> 1557 1558 <para>The &man.libarchive.3; library now contains support for 1559 &man.ar.1;-style archives.</para> 1560 1561 <para>The <application>libc</application> library now includes 1562 initial implementation of symbol maps and symbol version 1563 definitions.</para> 1564 1565 <para>The <application>libedit</application> library has been 1566 updated from the NetBSD source tree as of August 2005.</para> 1567 1568 <para>The <application>libm</application> library now includes 1569 initial implementation of symbol maps and symbol version 1570 definitions.</para> 1571 1572 <para>The &man.libmemstat.3; library has been added. 1573 This is for use by debugging and monitoring applications 1574 in tracking kernel memory statistics. It provides an 1575 abstracted interface to &man.uma.9; and &man.malloc.9; 1576 statistics, wrapped around the binary stream sysctl variables 1577 for the allocators. &merged;</para> 1578 1579 <para>The &man.ln.1; utility now supports 1580 an <option>-F</option> flag, which deletes existing 1581 empty directories when creating symbolic links. 1582 &merged;</para> 1583 1584 <para>The &man.locate.1; utility now supports 1585 a <option>-0</option> flag to make this utility 1586 interoperable with &man.xargs.1;'s <option>-0</option> flag. 1587 &merged;</para> 1588 1589 <para>The &man.logger.1; utility now supports 1590 a <option>-P</option>, which specifies the port to which syslog 1591 messages should be sent. &merged;</para> 1592 1593 <para>The &man.ls.1; utility now supports 1594 an <option>-I</option> flag to disable the automatic 1595 <option>-A</option> flag for the superuser. &merged;</para> 1596 1597 <para>The &man.ls.1; utility now supports 1598 an <option>-U</option> flag to use the file creation 1599 time for sorting. &merged;</para> 1600 1601 <para>A new &man.malloc.3; implementation has been introduced. 1602 This implementation, sometimes referred to 1603 as <quote>jemalloc</quote>, was designed to improve the 1604 performance of multi-threaded programs, particularly on SMP 1605 systems, while preserving the performance of single-threaded 1606 programs. Due to the use of different algorithms and data 1607 structures, jemalloc may expose some previously-unknown bugs in 1608 userland code, although most of the &os; base system and common 1609 ports have been tested and/or fixed.</para> 1610 1611 <para>The &man.mdconfig.8; utility now supports producing 1612 device listings formatted as XML. Currently, the 1613 <command>list</command> and <command>query</command> 1614 sub-commands support this feature.</para> 1615 1616 <para>The &man.mdconfig.8; utility's <option>-u</option> option 1617 now supports specifying multiple devices separated 1618 by comma character.</para> 1619 1620 <para>The &man.mdmfs.8; utility now supports a <option>-P</option> flag 1621 to allow skipping the &man.newfs.8; process 1622 when using a vnode-backed disk.</para> 1623 1624 <para>The &man.mdmfs.8; utility now supports a <option>-E</option> flag 1625 to allow to specify location of the &man.mdconfig.8; 1626 utility instead of using the default one 1627 (<filename>/sbin/mdconfig</filename>).</para> 1628 1629 <para>A new function &man.memmem.3; has been implemented in 1630 <filename>libc</filename>. This is the binary equivalent to 1631 &man.strstr.3; and found in <filename>glibc</filename>.</para> 1632 1633 <para>The &man.mergemaster.8; utility now supports 1634 an <option>-A</option> option to explicitly specify 1635 an architecture to pass through to the underlying makefiles. 1636 &merged;</para> 1637 1638 <para>The &man.mount.8; <literal>nodev</literal> option has 1639 been removed.</para> 1640 1641 <para>The &man.mount.8; utility now supports &man.mqueuefs.5;.</para> 1642 1643 <para>A bug which prevents the &man.mount.8; utility from converting 1644 a read-only mount to read-write via <command>mount -u -o rw</command>, 1645 has been fixed.</para> 1646 1647 <para>The &man.mount.8; utility now supports a 1648 <literal>late</literal> keyword in &man.fstab.5;, along with a 1649 corresponding <option>-l</option> command-line option to specify 1650 that these <quote>late</quote> file systems should be 1651 mounted. &merged;</para> 1652 1653 <para>The &man.moused.8; daemon now supports an <option>-H</option> flag 1654 to enable horizontal virtual scrolling similar to the 1655 <option>-V</option> flag for vertical virtual scrolling. 1656 &merged;</para> 1657 1658 <para>The mrouted(8) multicast routing daemon has been removed 1659 from the &os; base system. It implements the DVMRP multicast 1660 routing protocol, which has largely been replaced by PIM in many 1661 multicast installations. The related map-mbone(8) and mrinfo(8) 1662 utilities have also been removed. These programs are now 1663 available in the &os; Ports Collection 1664 as <filename role="package">net/mrouted</filename>.</para> 1665 1666 <para>The &man.netstat.1; utility now supports an 1667 <option>-h</option> flag for interface stats mode, 1668 which prints all interface statistics in human readable form. &merged;</para> 1669 1670 <para>The &man.netstat.1; utility now supports 1671 printing &man.ipsec.4; protocol statistics if the 1672 kernel was compiled with <literal>FAST_IPSEC</literal> 1673 rather than the KAME IPSEC stack. 1674 Note that the output of <command>netstat -s -p ipsec</command> 1675 differs depending on which stack is compiled into 1676 the kernel since they each keep different statistics. &merged;</para> 1677 1678 <para>The <filename>/etc/nsswitch.conf</filename> file is now 1679 installed statically instead of being generated on every 1680 reboot.</para> 1681 1682 <para>The objformat(1) utility and getobjformat(3) library (the 1683 last remnants of a.out object file support) have been removed.</para> 1684 1685 <para>The &man.periodic.8; daily script now supports 1686 display of the status of &man.gmirror.8;, &man.graid3.8;, 1687 &man.gstripe.8;, and &man.gconcat.8; devices. 1688 Note that these are disabled by default. &merged;</para> 1689 1690 <para>A new function, &man.pidfile.3;, which provides reliable 1691 pidfiles handling, has been implemented in 1692 <filename>libutil</filename>. &merged;</para> 1693 1694 <para>The &man.ping.8; utility now supports a <quote>sweeping 1695 ping</quote> in which &man.icmp.4; payload of 1696 packets being sent is increased with given step. 1697 This is useful for testing problematic channels, MTU issues 1698 or traffic policing functions in networks. &merged;</para> 1699 1700 <para>The &man.ping.8; command now supports a <option>-W</option> 1701 option to specify the maximum time to wait for an echo reply. 1702 &merged;</para> 1703 1704 <para>The &man.pkill.1; utility now supports a 1705 <option>-F</option> option which allows to 1706 restrict matches to a process whose PID is stored in the 1707 pidfile file. When another new option <option>-L</option> 1708 is also specified, the pidfile file must be locked with the 1709 &man.flock.2; syscall or created with &man.pidfile.3;.</para> 1710 1711 <para>The &man.pkill.1; utility now supports a 1712 <option>-I</option> flag which works like <option>-i</option> 1713 of &man.rm.1;. When this flag is specified, &man.pkill.1; 1714 will ask for confirmation before sending a signal to 1715 each matching process.</para> 1716 1717 <para>The &man.pkill.1; utility (also known as &man.pgrep.1;) has 1718 been moved from <filename>/usr/bin</filename> 1719 to <filename>/bin</filename> so that it can be used by startup 1720 scripts. Symbolic links from its former location have been 1721 created for backward compatibility. &merged;</para> 1722 1723 <para>The &man.powerd.8; program now supports a 1724 <option>-P</option> option, which specifies a pidfile to use.</para> 1725 1726 <para>An extensible implementation of &man.printf.3;, compatible 1727 with GLIBC, has been added to <filename>libc</filename>. It is 1728 only used if the environment variable 1729 <varname>USE_XPRINTF</varname> is defined, one of the extension 1730 functions is called, or the global variable 1731 <varname>__use_xprintf</varname> is set to a value greater than 1732 <literal>0</literal>. Five extensions are currently supported: 1733 <literal>%H</literal> (hex dump), 1734 <literal>%T</literal> (<varname>time_t</varname> and 1735 time-related structures), 1736 <literal>%M</literal> (errno message), 1737 <literal>%Q</literal> (double-quoted, escaped string), 1738 <literal>%V</literal> (&man.strvis.3;-format string), 1739 &merged;</para> 1740 1741 <para>The DNS resolver library in &os;'s <application>libc</application> 1742 has been updated to that from BIND 9.3.3. &merged;</para> 1743 1744 <para>The &man.rfcomm.sppd.1; program now supports service names 1745 in addition to <option>-c</option> option with channel number. 1746 The supported names are: DUN (Dial-Up Networking), FAX (Fax), 1747 LAN (LAN Access Using PPP), and SP (Serial Port). &merged;</para> 1748 1749 <para>The &man.rpcgen.1; utility now generates headers and stub files 1750 that can be used with ANSI C compilers by default.</para> 1751 1752 <para>The &man.rtld.1; runtime linker now supports ELF symbol versioning 1753 using GNU semantics. This implementation aims to be compatible 1754 with symbol versioning support as implemented by GNU libc and 1755 documented in <ulink url="http://people.redhat.com/~drepper/symbol-versioning"></ulink> 1756 and LSB 3.0. Also, <function>dlvsym()</function> 1757 function has been added to 1758 allow lookups for a specific version of a given symbol.</para> 1759 1760 <para>The &man.rpc.lockd.8; and &man.rpc.statd.8; programs now 1761 accept <option>-p</option> options to indicate which port they 1762 should bind to. &merged;</para> 1763 1764 <para>A bug in the &man.sed.1; utility which can cause 1765 incorrect calculation of pattern space length in some cases 1766 has been fixed.</para> 1767 1768 <para>The <option>-h</option> flag to &man.setfacl.1; now properly 1769 sets the ACL on a symbolic link, not the link target.</para> 1770 1771 <para>The &man.sh.1; utility now supports a <literal>times</literal> 1772 built-in command. &merged;</para> 1773 1774 <para>The &man.snapinfo.8; utility, which shows snapshot locations 1775 on UFS file systems, has been added. &merged;</para> 1776 1777 <para>The &man.sockstat.1; utility, which shows connected and 1778 listening network sockets, now supports a new <option>-P</option> 1779 command-line option, which can be used to filter displayed sockets 1780 by protocol name (as listed in &man.protocols.5;).</para> 1781 1782 <para>The &man.strtonum.3; library function has been implemented 1783 based on OpenBSD's implementation. This is an improved version of 1784 &man.strtoll.3;. &merged;</para> 1785 1786 <para>The &man.sysctl.8; utility now supports a <option>-q</option> 1787 flag to suppress a limited set of warnings and errors.</para> 1788 1789 <para>The &man.tail.1; utility now supports a <option>-q</option> 1790 flag to suppress header lines when multiple files are 1791 specified. &merged;</para> 1792 1793 <para>The version of tcpslice in the &os; base system has been 1794 removed due to obsolescence. A more up-to-date version can be 1795 found in the Ports Collection 1796 as <filename role="package">net/tcpslice</filename>.</para> 1797 1798 <para>The &man.time.1; utility now prints the time that a given 1799 command has been running if sent a <literal>SIGINFO</literal> signal.</para> 1800 1801 <para>The &man.top.1; program now supports a <option>-a</option> 1802 flag to display process titles from their argument vectors; 1803 this feature is useful for watching processes that change their 1804 titles via &man.setproctitle.3;.</para> 1805 1806 <para>The &man.traceroute.8; program now supports 1807 a <option>-D</option> flag, which causes it to display the 1808 differences between the sent and received 1809 packets. &merged;</para> 1810 1811 <para>The &man.traceroute.8; utility now supports 1812 a <option>-e</option> option, which sets a fixed destination 1813 port for probe packets. This can be useful for tracing behind 1814 packet-filtering firewalls. &merged;</para> 1815 1816 <para>&man.traceroute.8; now decodes the complete set of ICMP 1817 unreachable messages in its output. &merged;</para> 1818 1819 <para>The &man.truss.1; utility now supports an <option>-s</option> 1820 flag for the same functionality as the strace utility 1821 (<filename role="package">devel/strace</filename>).</para> 1822 1823 <para>The &man.truss.1; utility no longer depends on the availability 1824 of the &man.procfs.5; file system; it uses the &man.ptrace.2; 1825 interface instead for controlling a traced process.</para> 1826 1827 <para>[&arch.powerpc;] The &man.truss.1; utility now supports &os;/powerpc.</para> 1828 1829 <para>The usbd(8) utility has been removed. 1830 The &man.devd.8; utility and its configuration 1831 file now support functionality which is equivalent to it.</para> 1832 1833 <para>The &man.uuidgen.1; utility has been moved from 1834 <filename>/usr/bin</filename> to <filename>/bin</filename>.</para> 1835 1836 <para>The vnconfig(8) utility, which was long ago replaced by 1837 &man.mdconfig.8;, has been removed.</para> 1838 1839 <para>The &man.xargs.1; utility now supports a <option>-r</option> 1840 flag which makes the command execution when the standard input 1841 does not contain any non-whitespace-characters. &merged;</para> 1842 1843 <para>The shared library version number of all libraries has 1844 been updated due to some possible ABI changes. The libraries 1845 include: snmp_<replaceable>*</replaceable>, libdialog, libg2c, libobjc, 1846 libreadline, libregex, libstdc++, libkrb5, libalias, libarchive, 1847 libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt, 1848 libdevstat, libedit, libexpat, libfetch, libftpio, libgpib, 1849 libipsec, libkiconv, libmagic, libmp, libncp, libncurses, 1850 libnetgraph, libngatm, libopie, libpam, libpthread, libradius, 1851 libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw, 1852 libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto, 1853 libssh, and libssl.</para> 1854 1855 <para>The <function>wcsdup()</function> function has been 1856 implemented. This function is popular in Microsoft and GNU 1857 systems.</para> 1858 1859 <para>The &man.wpa.passphrase.8; utility has been added. It 1860 generates a 256-bit pre-shared WPA key from an ASCII 1861 passphrase. &merged;</para> 1862 1863 <para>The compiler toolchain is now capable of generating 1864 executables for systems using the ARM processor. &merged;</para> 1865 1866 <sect3 id="rc-scripts"> 1867 <title><filename>/etc/rc.d</filename> Scripts</title> 1868 1869 <para>The <filename>auditd</filename> script for 1870 OpenBSM &man.auditd.8; has been added. &merged;</para> 1871 1872 <para>The <filename>bluetooth</filename> script 1873 has been added. This script will be called from 1874 &man.devd.8; in response to device attachment/detachment 1875 events and to stop/start particular device without unplugging 1876 it by hand. The configuration parameters are in 1877 <filename>/etc/defaults/bluetooth.device.conf</filename>, 1878 and can be overridden by using 1879 <filename>/etc/bluetooth/<replaceable>$device</replaceable>.conf</filename> 1880 (where <replaceable>$device</replaceable> is <devicename>ubt0</devicename>, 1881 <devicename>btcc0</devicename>, and so on.) 1882 For more details, see &man.bluetooth.conf.5;. &merged;</para> 1883 1884 <para>The <filename>ftpd</filename> script for 1885 stand-alone &man.ftpd.8; has been added.</para> 1886 1887 <para>The <filename>gbde_swap</filename> script has 1888 been removed in favor a new <filename>encswap</filename> 1889 script which also supports &man.geli.8; for swap 1890 encryption.</para> 1891 1892 <para>The <filename>geli</filename> and <filename>geli2</filename> 1893 scripts has been added for &man.geli.8; device 1894 configuration on boot.</para> 1895 1896 <para>The <filename>ike</filename> script for 1897 IPsec IKE daemon has been removed because no such daemon 1898 is included in the base system.</para> 1899 1900 <para>The <filename>hcsecd</filename> and 1901 <filename>sdpd</filename> scripts have been added 1902 for &man.hcsecd.8; and &man.sdpd.8; daemons. 1903 These daemons can run even if no Bluetooth devices 1904 are attached to the system, but both daemons depend on 1905 Bluetooth socket layer and thus disabled by default. 1906 Bluetooth sockets layer must be either loaded 1907 as a module or compiled into kernel before the daemons can run. 1908 &merged;</para> 1909 1910 <para>The <filename>hostapd</filename> script for 1911 &man.hostapd.8; has been added. &merged;</para> 1912 1913 <para>The <filename>mdconfig</filename> script to 1914 handle vnode backed &man.md.4; devices has been added. 1915 This is a replacement of the <filename>ramdisk</filename> 1916 script, and all of variables in <varname>ramdisk_*</varname> 1917 have been changed to <varname>mdconfig_*</varname>. 1918 Also, two new &man.rc.conf.5; variables 1919 <varname>mdconfig_<replaceable>*</replaceable>_files</varname> 1920 and 1921 <varname>mdconfig_<replaceable>*</replaceable>_cmd</varname> 1922 have been added. For example:</para> 1923 1924 <programlisting>mdconfig_md0="-t malloc -s 10m" 1925mdconfig_md1="-t vnode -f /var/foo.img"</programlisting> 1926 1927 <para>The <filename>netif</filename> script now supports 1928 <varname>ipv4_addrs_<replaceable>ifn</replaceable></varname> 1929 variables, 1930 which add one or more IPv4 address from a ranged list in 1931 CIDR notation. &merged; For example:</para> 1932 1933 <programlisting>ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"</programlisting> 1934 1935 <para>The <filename>rcconf.sh</filename> script in <filename>/etc/rc.d</filename> 1936 has been removed and a variable <varname>early_late_divider</varname>, 1937 which designates the script to separate the early and late stages 1938 of the boot process, has been added.</para> 1939 1940 <para>The <filename>rc.initdiskless</filename> script now uses &man.tar.1; 1941 instead of &man.pax.1; because &man.pax.1; needs a writable 1942 temporary directory that may not be available when this script 1943 runs.</para> 1944 1945 <para>The <filename>pccard</filename> script has been removed 1946 since OLDCARD is deprecated.</para> 1947 1948 <para>The <filename>ppp-user</filename> script has been renamed to 1949 <filename>ppp</filename>. &merged;</para> 1950 1951 <para>The <varname>removable_interfaces</varname> variable 1952 has been removed.</para> 1953 1954 <para>A new keyword <literal>NOAUTO</literal> in 1955 <varname>ifconfig_<replaceable>ifn</replaceable></varname> 1956 has been added. This prevents configuration of an interface 1957 at boot time or via <filename>/etc/pccard_ether</filename>, 1958 and allows <filename>/etc/rc.d/netif</filename> 1959 to be used to start and stop an interface 1960 on a purely manual basis.</para> 1961 </sect3> 1962 </sect2> 1963 1964 <sect2 id="contrib"> 1965 <title>Contributed Software</title> 1966 1967 <para><application>Intel ACPI-CA</application> 1968 has been updated to 20070320.</para> 1969 1970 <para><application>BIND</application> has been updated from 9.3.1 1971 to 9.3.4. &merged;</para> 1972 1973 <para><application>BSNMPD</application> has been updated from 1974 1.11 to 1.12.</para> 1975 1976 <para><application>BZIP2</application> has been updated from 1977 1.0.3 to 1.0.4.</para> 1978 1979 <para><application>DRM</application> has 1980 been updated to a snapshot from DRI CVS as of 20060517. 1981 &merged;</para> 1982 1983 <para>The Forth Inspired Command Language (<application>FICL</application>) 1984 used in the boot loader has been updated to 3.03.</para> 1985 1986 <para><application>FILE</application> has been updated from 4.12 1987 to 4.17.</para> 1988 1989 <para>The GNU version of <application>gzip</application> has been 1990 replaced with a modified version of gzip ported from NetBSD. 1991 &merged;</para> 1992 1993 <para><application>netcat</application> has been updated from the 1994 version in a 4 February 2005 OpenBSD snapshot to the version 1995 included in OpenBSD 4.1.</para> 1996 1997 <para><application>GCC</application> has been updated from 3.4.4 1998 to 3.4.6. &merged;</para> 1999 2000 <para><application>GNU Readline library</application> has been 2001 updated from 5.0 to 5.2 patch 2. &merged;</para> 2002 2003 <para><application>GNU Troff</application> 2004 has been updated from version 1.19 to version 1.19.2. 2005 &merged;</para> 2006 2007 <para><application>IPFilter</application> has been updated from 2008 4.1.8 to 4.1.13. &merged;</para> 2009 2010 <para><application>less</application> has been updated from v381 2011 to v394. &merged;</para> 2012 2013 <para><application>libpcap</application> has been updated from 2014 0.9.1 to 0.9.4. &merged;</para> 2015 2016 <para><application>lukemftpd</application> has been updated from a 2017 snapshot from NetBSD as of 9 August 2004 to a snapshot from 2018 NetBSD as of 31 August 2006. &merged;</para> 2019 2020 <para><application>OpenSSH</application> has been updated from 2021 4.2p1 to 4.5p1. &merged;</para> 2022 2023 <para><application>OpenSSL</application> has been updated from 2024 0.9.7e to 0.9.8e.</para> 2025 2026 <para><application>ncurses</application> has been updated from 2027 5.2-20020615 to 5.6-20061217. ncurses now also has wide 2028 character support. &merged;</para> 2029 2030 <para><application>hostapd</application> 2031 has been updated from version 0.3.9 to version 0.4.8. 2032 &merged;</para> 2033 2034 <para><application>sendmail</application> has been updated from 2035 8.13.4 to 8.14.1. &merged;</para> 2036 2037 <para><application>tcpdump</application> has been updated from 2038 3.9.1 to 3.9.4. &merged;</para> 2039 2040 <para>The timezone database has been updated from the 2041 <application>tzdata2005l</application> release to the 2042 <application>tzdata2006n</application> release. &merged;</para> 2043 2044 <para><application>tip</application> has been updated to a 2045 snapshot from OpenBSD as of 20060831.</para> 2046 2047 <para>TrustedBSD <application>OpenBSM</application>, 2048 version 1.0 alpha 14, an implementation of the documented Sun Basic 2049 Security Module (BSM) Audit API and file format, as well as local 2050 extensions to support the Mac OS X and &os; operating systems 2051 has been added. This also includes command line tools for audit 2052 trail reduction and conversion to text and XML, as well as 2053 documentation of the commands, file format, and APIs. 2054 For this functionality, the <literal>AUDIT</literal> kernel option, 2055 <filename>/var/audit</filename> directory, and 2056 <literal>audit</literal> group have been added. &merged;</para> 2057 2058 <para><application>WPA Supplicant</application> 2059 has been updated from version 0.3.9 to version 0.4.8. 2060 &merged;</para> 2061 2062 <para><application>zlib</application> 2063 has been updated from version 1.2.2 to version 1.2.3. &merged;</para> 2064 </sect2> 2065 2066 <sect2 id="ports"> 2067 <title>Ports/Packages Collection Infrastructure</title> 2068 2069 <para>&man.pkg.add.1; now supports an <option>-F</option> 2070 flag to disable checking whether the same package is already 2071 installed or not. &merged;</para> 2072 2073 <para>The &man.pkg.add.1; program now supports an <option>-P</option> 2074 flag, which is the same as the <option>-p</option> flag 2075 except that the given prefix is also used recursively for the 2076 dependency packages if any. &merged;</para> 2077 2078 <para>The &man.pkg.add.1; and &man.pkg.create.1; utilities now support 2079 a <option>-K</option> flag to save packages to the current directory 2080 (or <varname>PKGDIR</varname> if defined) by default. 2081 &merged;</para> 2082 2083 <para>The &man.pkg.create.1; program now supports an <option>-x</option> 2084 flag to support basic regular expressions for package name, 2085 an <option>-E</option> flag for extended regular 2086 expressions, and a <option>-G</option> for exact matching. &merged;</para> 2087 2088 <para>The &man.pkg.version.1; utility now supports an <option>-o</option> 2089 flag to show the origin recorded on package generation 2090 instead of the package name, and an <option>-O</option> flag 2091 to list packages with a specific registered origin. 2092 &merged;</para> 2093 2094 <para>The &man.portsnap.8; utility (<filename>sysutils/portsnap</filename>) 2095 has been added into the &os; base system. This is a secure, 2096 easy to use, fast, lightweight, and generally good way for 2097 users to keep their ports trees up to date. &merged;</para> 2098 2099 <para>A incorrect handling of <varname>HTTP_PROXY_AUTH</varname> 2100 in the &man.portsnap.8; utility has been fixed. &merged;</para> 2101 2102 <para>The startup scripts from the <varname>local_startup</varname> 2103 directory now evaluated by using &man.rcorder.8; with scripts 2104 in the base system. &merged;</para> 2105 2106 <para>The suffix of startup scripts from the Ports Collection 2107 has been removed. This means <filename>foo.sh</filename> 2108 is renamed to <filename>foo</filename>, and now 2109 scripts whose name is something like 2110 <filename>foo.ORG</filename> will also be invoked. 2111 You are recommended to reinstall packages which install 2112 such scripts and remove extra files in the 2113 <varname>local_startup</varname> directory. &merged;</para> 2114 2115 <para>New <filename>rc.conf</filename> variables, 2116 <varname>ldconfig_local_dirs</varname> and 2117 <varname>ldconfig_local32_dirs</varname> have been added. 2118 These hold lists of local &man.ldconfig.8; directories. 2119 &merged;</para> 2120 2121 <para>The <command>@cwd</command> command in 2122 <filename>pkg-plist</filename> now allows 2123 the case where no directory argument is given. If no 2124 directory argument is given, it will set current 2125 working directory to the first prefix given by the 2126 <command>@cwd</command> command. &merged;</para> 2127 </sect2> 2128 2129 <sect2 id="releng"> 2130 <title>Release Engineering and Integration</title> 2131 2132 <para>The default partition sizing algorithm of the 2133 &man.sysinstall.8; utility has been changed.</para> 2134 2135 <itemizedlist> 2136 <listitem> 2137 <para>On systems where the disk capacity is larger than (3 * RAMsize + 10GB), 2138 the default sizes will now be as follows:</para> 2139 2140 <informaltable frame="none" pgwide="0"> 2141 <tgroup cols="2"> 2142 <colspec colwidth="1*"> 2143 <colspec colwidth="2*"> 2144 <thead> 2145 <row> 2146 <entry>Partition</entry> 2147 <entry>Size</entry> 2148 </row> 2149 </thead> 2150 2151 <tbody> 2152 <row><entry>swap</entry><entry>RAMsize * 2</entry></row> 2153 <row><entry><filename>/</filename></entry><entry>512 MB</entry></row> 2154 <row><entry><filename>/tmp</filename></entry><entry>512 MB</entry></row> 2155 <row><entry><filename>/var</filename></entry><entry>1024 MB + RAMsize</entry></row> 2156 <row><entry><filename>/usr</filename></entry><entry>the rest (8GB or more)</entry></row> 2157 </tbody> 2158 </tgroup> 2159 </informaltable> 2160 </listitem> 2161 2162 <listitem> 2163 <para>On systems where the disk capacity is larger than 2164 (RAMsize / 8 + 2 GB), the default sizes will be 2165 in the following ranges, with space allocated 2166 proportionally:</para> 2167 2168 <informaltable frame="none" pgwide="0"> 2169 <tgroup cols="2"> 2170 <colspec colwidth="1*"> 2171 <colspec colwidth="2*"> 2172 <thead> 2173 <row> 2174 <entry>Partition</entry> 2175 <entry>Size</entry> 2176 </row> 2177 </thead> 2178 2179 <tbody> 2180 <row><entry>swap</entry><entry>from RAMsize / 8 to RAMsize * 2</entry></row> 2181 <row><entry><filename>/</filename></entry><entry>from 256MB to 512MB</entry></row> 2182 <row><entry><filename>/tmp</filename></entry><entry>from 128MB to 512MB</entry></row> 2183 <row><entry><filename>/var</filename></entry><entry>from 128MB to 1024MB</entry></row> 2184 <row><entry><filename>/usr</filename></entry><entry>from 1536MB to 8192MB</entry></row> 2185 </tbody> 2186 </tgroup> 2187 </informaltable> 2188 </listitem> 2189 2190 <listitem> 2191 <para>On systems with even less disk space, the existing behavior is not 2192 changed.</para> 2193 </listitem> 2194 </itemizedlist> 2195 2196 <para>The &man.sysinstall.8; utility now displays the running &os; 2197 version in menu titles. &merged;</para> 2198 2199 <para>A new <literal>showconfig</literal> 2200 target has been added in <filename>src/Makefile</filename> 2201 to show the build configuration of the &os; source tree.</para> 2202 2203 <para>A <filename>/media</filename> directory has been 2204 added to contain mount points for removable media 2205 such as CDROMs, floppy disks, USB drives, and so on. &merged;</para> 2206 2207 <para>The <filename>src.conf</filename> file, which 2208 contains settings that will apply to every build involving 2209 the &os; source tree, has been added. 2210 For details, see &man.build.7; and &man.src.conf.5;.</para> 2211 2212 <para>The supported version of 2213 the <application>GNOME</application> desktop environment 2214 (<filename role="package">x11/gnome2</filename>) has been 2215 updated from 2.10.2 to 2.18.0. As a part of this update, the 2216 default prefix for <application>GNOME</application> (and some 2217 related programs) has moved from 2218 <filename>/usr/X11R6</filename> 2219 to <filename>/usr/local</filename>. &merged;</para> 2220 2221 <para>The supported version of 2222 the <application>KDE</application> desktop environment 2223 (<filename role="package">x11/kde3</filename>) has been 2224 updated from 3.4.2 to 3.5.6. &merged;</para> 2225 2226 <para>[&arch.amd64;, &arch.i386;] The supported Linux emulation now uses the 2227 libraries in the 2228 <filename role="package">emulators/linux_base-fc4</filename> 2229 package. &merged;</para> 2230 2231 <para>The supported version of 2232 the <application>Perl</application> interpreter 2233 (<filename role="package">lang/perl5.8</filename>) has been updated 2234 from 5.8.7 to 5.8.8. &merged;</para> 2235 2236 <para>The supported version of 2237 the <application>&xorg;</application> windowing system 2238 (<filename role="package">x11/xorg</filename>) has been updated 2239 from 6.8.2 to 6.9.0. &merged;</para> 2240 2241 <para>[&arch.pc98;] &os;/pc98 release CDROMs are now 2242 bootable on systems with some supported SCSI adapters. 2243 &merged;</para> 2244 </sect2> 2245 2246 <sect2 id="doc"> 2247 <title>Documentation</title> 2248 2249 <para>Documentation of existing functionality has been improved by 2250 the addition of the following manual pages: 2251 &man.acpi.sony.4;, &man.device.get.sysctl.9;, 2252 &man.ext2fs.5;, 2253 &man.mca.8;, 2254 &man.nanobsd.8;, 2255 &man.snd.mss.4;, &man.snd.t4dwave.4;, 2256 &man.sysctl.9;.</para> 2257 2258 <para>The manual pages for <application>NTP</application> 2259 have been updated to 4.2.0, to match the version of 2260 code actually included in &os;. &merged;</para> 2261 2262 <para>Initial support for kernel subsystem API documentation generating 2263 framework using <filename role="package">devel/doxygen</filename> 2264 has been added into <filename>src/sys/doc/subsys</filename>. 2265 To generate the API document, type <command>make doxygen</command> 2266 in <filename>src/</filename> directory.</para> 2267 </sect2> 2268</sect1> 2269 2270<sect1 id="upgrade"> 2271 <title>Upgrading from previous releases of &os;</title> 2272 2273 <para></para> 2274 2275 <important> 2276 <para>Upgrading &os; should, of course, only be attempted after 2277 backing up <emphasis>all</emphasis> data and configuration 2278 files.</para> 2279 </important> 2280</sect1> 2281</article> 2282