article.xml revision 171839
1200110Snetchild<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ 2200110Snetchild<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN"> 3200110Snetchild%articles.ent; 4200110Snetchild 5200110Snetchild<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> 6200110Snetchild%release; 7200110Snetchild 8200110Snetchild<!-- Text constants which probably don't need to be changed.--> 9200110Snetchild 10200110Snetchild<!-- The marker for MFCs. --> 11200110Snetchild<!ENTITY merged "[MERGED]"> 12200110Snetchild 13200110Snetchild<!-- Architecture names --> 14200110Snetchild<!ENTITY arch.amd64 "amd64"> 15200110Snetchild<!ENTITY arch.arm "arm"> 16200110Snetchild<!ENTITY arch.i386 "i386"> 17200110Snetchild<!ENTITY arch.ia64 "ia64"> 18200110Snetchild<!ENTITY arch.pc98 "pc98"> 19200110Snetchild<!ENTITY arch.powerpc "powerpc"> 20200110Snetchild<!ENTITY arch.sparc64 "sparc64"> 21200110Snetchild<!ENTITY arch.sun4v "sun4v"> 22200110Snetchild 23200110Snetchild<!ENTITY % include.historic "IGNORE"> 24200110Snetchild<!ENTITY % no.include.historic "IGNORE"> 25200110Snetchild]> 26200110Snetchild 27200110Snetchild<article> 28200110Snetchild<articleinfo> 29200110Snetchild <title>&os; &release.current; Release Notes</title> 30200110Snetchild 31200110Snetchild <corpauthor>The &os; Project</corpauthor> 32200110Snetchild 33200110Snetchild <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 171839 2007-08-14 14:49:46Z delphij $</pubdate> 34200110Snetchild 35200110Snetchild <copyright> 36200110Snetchild <year>2000</year> 37200110Snetchild <year>2001</year> 38200110Snetchild <year>2002</year> 39200110Snetchild <year>2003</year> 40200110Snetchild <year>2004</year> 41200110Snetchild <year>2005</year> 42200110Snetchild <year>2006</year> 43200110Snetchild <year>2007</year> 44200110Snetchild <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder> 45200110Snetchild </copyright> 46200110Snetchild 47200110Snetchild <legalnotice id="trademarks" role="trademarks"> 48200110Snetchild &tm-attrib.freebsd; 49200110Snetchild &tm-attrib.ibm; 50200110Snetchild &tm-attrib.ieee; 51200110Snetchild &tm-attrib.intel; 52200110Snetchild &tm-attrib.sparc; 53200110Snetchild &tm-attrib.general; 54200110Snetchild </legalnotice> 55200110Snetchild 56200110Snetchild <abstract> 57200110Snetchild <para>The release notes for &os; &release.current; contain a summary 58200110Snetchild of the changes made to the &os; base system on the 59200110Snetchild &release.branch; development line. 60 This document lists applicable security advisories that were issued since 61 the last release, as well as significant changes to the &os; 62 kernel and userland. 63 Some brief remarks on upgrading are also presented.</para> 64 </abstract> 65</articleinfo> 66 67<sect1 id="intro"> 68 <title>Introduction</title> 69 70 <para>This document contains the release notes for &os; 71 &release.current;. It 72 describes recently added, changed, or deleted features of &os;. 73 It also provides some notes on upgrading 74 from previous versions of &os;.</para> 75 76<![ %release.type.current [ 77 78 <para>The &release.type; distribution to which these release notes 79 apply represents the latest point along the &release.branch; development 80 branch since &release.branch; was created. Information regarding pre-built, binary 81 &release.type; distributions along this branch 82 can be found at <ulink url="&release.url;"></ulink>.</para> 83 84]]> 85 86<![ %release.type.snapshot [ 87 88 <para>The &release.type; distribution to which these release notes 89 apply represents a point along the &release.branch; development 90 branch between &release.prev; and the future &release.next;. 91 Information regarding 92 pre-built, binary &release.type; distributions along this branch 93 can be found at <ulink url="&release.url;"></ulink>.</para> 94 95]]> 96 97<![ %release.type.release [ 98 99 <para>This distribution of &os; &release.current; is a 100 &release.type; distribution. It can be found at <ulink 101 url="&release.url;"></ulink> or any of its mirrors. More 102 information on obtaining this (or other) &release.type; 103 distributions of &os; can be found in the <ulink 104 url="&url.books.handbook;/mirrors.html"><quote>Obtaining 105 &os;</quote> appendix</ulink> to the <ulink 106 url="&url.books.handbook;/">&os; 107 Handbook</ulink>.</para> 108 109]]> 110 111 <para>All users are encouraged to consult the release errata before 112 installing &os;. The errata document is updated with 113 <quote>late-breaking</quote> information discovered late in the 114 release cycle or after the release. Typically, it contains 115 information on known bugs, security advisories, and corrections to 116 documentation. An up-to-date copy of the errata for &os; 117 &release.current; can be found on the &os; Web site.</para> 118 119</sect1> 120 121<sect1 id="new"> 122 <title>What's New</title> 123 124 <para>This section describes 125 the most user-visible new or changed features in &os; 126 since &release.prev;. 127 In general, changes described here are unique to the &release.branch; 128 branch unless specifically marked as &merged; features. 129 </para> 130 131 <para>Typical release note items 132 document recent security advisories issued after 133 &release.prev;, 134 new drivers or hardware support, new commands or options, 135 major bug fixes, or contributed software upgrades. They may also 136 list changes to major ports/packages or release engineering 137 practices. Clearly the release notes cannot list every single 138 change made to &os; between releases; this document focuses 139 primarily on security advisories, user-visible changes, and major 140 architectural improvements.</para> 141 142 <sect2 id="security"> 143 <title>Security Advisories</title> 144 145 <para>A temporary file vulnerability in &man.texindex.1;, which 146 could allow a local attacker to overwrite files in the context 147 of a user running the &man.texindex.1; utility, has been fixed. 148 For more details see security advisory <ulink 149 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:01.texindex.asc">FreeBSD-SA-06:01.texindex</ulink>. &merged;</para> 150 151 <para>A temporary file vulnerability in the &man.ee.1; text 152 editor, which could allow a local attacker to overwrite files in 153 the context of a user running &man.ee.1;, has been fixed. For 154 more details see security advisory <ulink 155 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:02.ee.asc">FreeBSD-SA-06:02.ee</ulink>. &merged;</para> 156 157 <para>Several vulnerabilities in the &man.cpio.1; utility have 158 been corrected. For more 159 details see security advisory <ulink 160 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:03.cpio.asc">FreeBSD-SA-06:03.cpio</ulink>. &merged;</para> 161 162 <para>An error in &man.ipfw.4; IP fragment handling, which could 163 cause a crash, has been fixed. For more 164 details see security advisory <ulink 165 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:04.ipfw.asc">FreeBSD-SA-06:04.ipfw</ulink>. &merged;</para> 166 167 <para>A potential buffer overflow in the IEEE 802.11 scanning code 168 has been corrected. For more 169 details see security advisory <ulink 170 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:05.80211.asc">FreeBSD-SA-06:05.80211</ulink>. &merged;</para> 171 172 <para>Two instances in which portions of kernel memory could be 173 disclosed to users have been fixed. For more details see 174 security advisory <ulink 175 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:06.kmem.asc">FreeBSD-SA-06:06.kmem</ulink>. &merged;</para> 176 177 <para>A logic bug in the IP fragment handling in &man.pf.4;, which 178 could cause a crash under certain circumstances, has been fixed. 179 For more details see security advisory <ulink 180 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:07.pf.asc">FreeBSD-SA-06:07.pf</ulink>. &merged;</para> 181 182 <para>A logic bug in the NFS server code, which could cause a crash when 183 the server received a message with a zero-length payload, has been fixed. 184 For more details see security advisory <ulink 185 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:10.nfs.asc">FreeBSD-SA-06:10.nfs</ulink>. &merged;</para> 186 187 <para>A programming error in the &man.fast.ipsec.4; implementation 188 results in the sequence number associated with a Security 189 Association not being updated, allowing packets to unconditionally 190 pass sequence number verification checks, has been fixed. 191 For more details see security advisory <ulink 192 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:11.ipsec.asc">FreeBSD-SA-06:11.ipsec</ulink>. &merged;</para> 193 194 <para>A logic bug that could cause &man.opiepasswd.1; to allow an unprivileged 195 user to configure OPIE authentication for the root user under certain 196 circumstances, has been fixed. 197 For more details see security advisory <ulink 198 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:12.opie.asc">FreeBSD-SA-06:12.opie</ulink>. &merged;</para> 199 200 <para>An asynchronous signal handling vulnerability in &man.sendmail.8;, 201 which could allow a remote attacker to execute arbitrary code with the 202 privileges of the user running sendmail, typically root, has been fixed. 203 For more details see security advisory <ulink 204 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:13.sendmail.asc">FreeBSD-SA-06:13.sendmail</ulink>. &merged;</para> 205 206 <para>[&arch.amd64;, &arch.i386;] An information disclosure issue found in the 207 &os; kernel running on 7th- and 8th-generation AMD processors 208 has been fixed. For more details see security advisory <ulink 209 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:14.fpu.asc">FreeBSD-SA-06:14.fpu</ulink>. &merged;</para> 210 211 <para>A bug in &man.ypserv.8;, which effectively disabled the 212 <filename>/var/yp/securenets</filename> access control mechanism, 213 has been corrected. More details are available in security 214 advisory 215 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:15.ypserv.asc">FreeBSD-SA-06:15.ypserv</ulink>. &merged;</para> 216 217 <para>A bug in the smbfs file system, which could allow an 218 attacker to escape out of &man.chroot.2 environments on an smbfs 219 mounted file system, has been fixed. For more details, see 220 security advisory 221 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc">FreeBSD-SA-06:16.smbfs</ulink>. &merged;</para> 222 223 <para>A potential denial of service problem in &man.sendmail.8; 224 caused by excessive recursion which leads to stack 225 exhaustion when attempting delivery of a malformed 226 MIME message, has been fixed. For more details, 227 see security advisory <ulink 228 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc">FreeBSD-SA-06:17.sendmail</ulink>. &merged;</para> 229 230 <para>A potential buffer overflow condition in &man.sppp.4; has 231 been corrected. For more details, see security advisory 232 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc">FreeBSD-SA-06:18.ppp</ulink>. &merged;</para> 233 234 <para>An OpenSSL bug related to validation of PKCS#1 v1.5 235 signatures has been fixed. For more details, see security 236 advisory 237 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:19.openssl.asc">FreeBSD-SA-06:19.openssl</ulink>. &merged;</para> 238 239 <para>A potential denial of service attack against &man.named.8; 240 has been fixed. For more details, see security advisory 241 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc">FreeBSD-SA-06:20.bind</ulink>. &merged;</para> 242 243 <para>Several programming errors have been fixed in &man.gzip.1;. 244 They could have the effect of causing a crash or an infinite 245 loop when decompressing files. More information can be found in 246 security advisory 247 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:21.gzip.asc">FreeBSD-SA-06:21.gzip</ulink>. &merged;</para> 248 249 <para>Several vulnerabilities have been fixed in OpenSSH. More 250 details can be found in security advisory 251 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:22.openssh.asc">FreeBSD-SA-06:22.openssh</ulink>. &merged;</para> 252 253 <para>Multiple errors in the OpenSSL &man.crypto.3; library have 254 been fixed. Potential effects are varied, and are documented in 255 more detail in security advisory 256 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc">FreeBSD-SA-06:23.openssl</ulink>. &merged;</para> 257 258 <para>A bug that could permit corrupt archives to cause an 259 infinite loop in &man.libarchive.3; and &man.tar.1; has been 260 fixed. More details are available in 261 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive.asc">FreeBSD-SA-06:24.libarchive</ulink>. &merged;</para> 262 263 <para>A bug that could allow users in 264 the <groupname>operator</groupname> group to read parts of kernel 265 memory has been corrected. For more details, consult security 266 advisory 267 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:25.kmem.asc">FreeBSD-SA-06:25.kmem</ulink>. &merged;</para> 268 269 <para>A bug in the <filename>jail</filename> startup script that 270 could permit privilege escalation via a symlink attack has been 271 fixed. More information is available in 272 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:01.jail.asc">FreeBSD-SA-07:01.jail</ulink>. &merged;</para> 273 274 <para>Two remote denials of service in BIND (one involving DNSSEC and 275 one involving recursive DNS queries) have been fixed. For more 276 information, see security advisory 277 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:02.bind.asc">FreeBSD-SA-07:02.bind</ulink>. &merged;</para> 278 279 <para>Processing of IPv6 type 0 Routing Headers is now 280 controlled by the <varname>net.inet6.ip6.rthdr0_allowed</varname> 281 sysctl variable, which defaults to <literal>0</literal> (off). 282 For more information, see security advisory 283 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:03.ipv6.asc">FreeBSD-SA-07:03.ipv6</ulink>. &merged;</para> 284 285 <para>A potential heap overflow in the &man.file.1; utility 286 (and the &man.libmagic.3; library on which it relies) has been 287 fixed. More details can be found in security advisory 288 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:04.file.asc">FreeBSD-SA-07:04.file</ulink>. &merged;</para> 289 290 <para>Problems with &man.libarchive.3; and &man.tar.1; handling 291 corrupted &man.tar.5; archive files have been fixed. More 292 details can be found in security advisory 293 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:05.libarchive.asc">FreeBSD-SA-07:05.libarchive</ulink>. &merged;</para> 294 295 <para>A buffer overflow in &man.tcpdump.1; has been corrected. 296 More information can be found in security advisory 297 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:06.tcpdump.asc">FreeBSD-SA-07:06.tcpdump</ulink>. &merged;</para> 298 299 <para>A bug in &man.named.8;, which could result in an attacker 300 being able to poison a resolver's DNS cache, has been fixed. 301 More details are included in security advisory 302 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:07.bind.asc">FreeBSD-SA-07:07.bind</ulink>. &merged;</para> 303 304 </sect2> 305 306 <sect2 id="kernel"> 307 <title>Kernel Changes</title> 308 309 <para>&man.acpi.4; now has support for the HPET time counter. &merged;</para> 310 311 <para>The &man.acpi.ibm.4; driver now supports setting the fan control 312 mode to manual or automatic, and adjusting the fan speed if the 313 fan control mode is manual. To enable manual control of the fan speed, 314 the sysctl variable <varname>dev.acpi_ibm.<replaceable>0</replaceable>.fan</varname> 315 needs to be set to zero (manual). This should only be used with 316 extreme precaution, as disabling automatic fan control might 317 overheat the hardware and lead to permanent damage.</para> 318 319 <para>The &man.apm.4; suspend/resume support has been improved.</para> 320 321 <para>Security event auditing is now supported in the &os; kernel, 322 and is enabled by the <literal>AUDIT</literal> kernel 323 configuration option. The option is enabled in the 324 <filename>GENERIC</filename> kernel. More information can be found 325 in the &man.audit.4; manual page.</para> 326 327 <para>Support for the Camellia block cipher has been added to the 328 &os; kernel. It can now be specified as a cipher in IPsec. More 329 information on Camellia can be found in RFC 4132.</para> 330 331 <para>The <literal>options COMPAT_43</literal> kernel 332 configuration option has been deemed unnecessary and has been 333 removed from <filename>GENERIC</filename> and related kernel 334 configurations. This change may result in a small performance 335 increase for some workloads.</para> 336 337 <para>The dumb console driver (&man.dcons.4;) is now enabled in the 338 <filename>GENERIC</filename> kernel.</para> 339 340 <para>The &man.ddb.4; debugger now provides the <literal>show lock</literal> 341 command. If the argument has a valid lock class, 342 this displays various information about the lock and calls a 343 new function pointer in lock_class (lc_ddb_show) to dump class-specific 344 information about the lock as well (such as the owner of a mutex or 345 xlock'ed sx lock). &merged;</para> 346 347 <para>The &man.ddb.4; debugger now provides the <literal>show sleepq</literal> 348 command. This takes a wait channel as an argument and looks 349 for a sleep queue associated with that wait channel.</para> 350 351 <para><filename>DEFAULTS</filename> kernel configuration files 352 for each platform have been added. These files contain 353 directives that are implicitly included in all kernel 354 configurations, and generally include basic, mandatory 355 functionality for each platform. &merged;</para> 356 357 <para>A bug in file descriptor handling such that a simple 358 <literal>close(0); dup(fd)</literal> sequence does not return 359 descriptor <literal>0</literal> in some cases, has been fixed.</para> 360 361 <para>The &man.firmware.9; subsystem has been added. This 362 subsystem provides a mechanism 363 to load binary data into the kernel via a specially crafted module. 364 &merged;</para> 365 366 <para>The &man.gdb.1; remote debugging interface now supports 367 copying console messages to a remote debugger instance. 368 To enable this, set <literal>debug.gdbcons="1"</literal> 369 in <filename>loader.conf</filename>, enter <literal>boot -d; 370 gdb; step</literal> from the loader prompt, 371 then attach &man.gdb.1; from a remote machine. 372 The sysctl variable <varname>debug.gdbcons</varname> can be 373 used to turn on/off this functionality.</para> 374 375 <para>&man.hwpmc.4; and &man.pmcstat.8; now support profiling 376 of dynamically loaded kernel modules and 377 shared objects loaded with &man.dlopen.3;.</para> 378 379 <para>A new <varname>kern.hostuuid</varname> sysctl variable 380 has been added to hold a host's Universally Unique Identifier 381 (UUID). This UUID is computed or generated by a new 382 <filename>rc.d/hostid</filename> startup script and, where 383 possible, is saved to disk to be persistent across reboots.</para> 384 385 <para>The <option>INCLUDE_CONFIG_FILE</option> kernel configuration 386 option has been improved. The full configuration of a running kernel 387 can now be obtained via <command>sysctl -b kern.conftxt</command>. 388 It can also be extracted from a kernel file via 389 <command>config -x kernelfile</command>. To preserve the literal 390 kernel configuration with all the comments included, the 391 <option>-C</option> option of &man.config.8; can be used.</para> 392 393 <para>Support for Kernel Scheduled Entities (KSE) is now a kernel 394 option (previously it was a mandatory feature in the kernel). 395 It is enabled in the GENERIC kernel (thus there is no change in 396 functionality) for all platforms except &arch.sun4v;.</para> 397 398 <para>The Linux ABI support was enhanced to support emulation of 399 Linux 2.6.16. This is not enabled by default. To turn it on 400 the <varname>compat.linux.osrelease</varname> sysctl variable 401 has to be set to <literal>2.6.16</literal>. Note that this 402 support is still experimental.</para> 403 404 <para>Support for Message Signaled Interrupts (MSI) and Extended 405 Message Signaled Interrupts (MSI-X) has been added to the kernel's 406 PCI support code. &merged;</para> 407 408 <para>The &man.priv.9; kernel interface has been added. Its purpose 409 is checking the availability of privilege for threads and credentials. 410 Unlike the existing &man.suser.9; interface, &man.priv.9; exposes a 411 named privilege identifier to the privilege checking code, allowing 412 more complex policies regarding the granting of privilege to be 413 expressed.</para> 414 415 <para>The &man.random.4; entropy device driver is now MPSAFE. 416 &merged;</para> 417 418 <para>&os; now supports concurrent &man.read.2;/&man.readv.2; 419 access to a file.</para> 420 421 <para>The kernel's &man.sx.9; locks have been optimized to use 422 simple atomic operations for the common cases of obtaining and 423 releasing shared and exclusive locks. While this change is not 424 generally user-visible, it is the basis for some substantial 425 performance improvements.</para> 426 427 <para>The ULE process scheduler has been revised to improve its 428 behavior, in particular interactivity under load, for both 429 uniprocessor and multiprocessor machines. This 430 implementation has commonly been referred to as <quote>ULE 431 3.0</quote>. (ULE 3.0 was formerly known as SCHED_SMP, 432 which in turn was based on version 2.0 of the ULE scheduler. 433 ULE 2.0 was never a part of any &os; release, however it 434 was the subject of many development, testing, and 435 benchmarking efforts.)</para> 436 437 <para>The <literal>SIGCHLD</literal> signal queuing has been 438 added. For each child process whose status has been changed, 439 a <literal>SIGCHLD</literal> instance is queued. If the signal is still pending, 440 and the process changed status several times, the signal information 441 is updated to reflect the latest process status. 442 There is a loader tunable <varname>kern.sigqueue.queue_sigchild</varname> 443 which can control the behavior, setting it to zero disables the 444 <literal>SIGCHLD</literal> queuing feature.</para> 445 446 <para>[&arch.amd64;, &arch.i386;] Instead of including all of physical 447 memory in a kernel crash dump, the kernel now defaults to dumping only pages that are 448 actively mapped into kernel virtual memory. A new 449 <varname>debug.minidump</varname> sysctl variable 450 can be used to turn off this behavior when set to zero. &merged;</para> 451 452 <para>A new sysctl variable <varname>kern.malloc_stats</varname> 453 has been added. This allows exporting of kernel malloc 454 statistics via a binary structure stream.</para> 455 456 <para>A new sysctl variable <varname>kern.forcesigexit</varname> 457 has been added. This forces a process 458 to sigexit if a trap signal is being held by the current thread or 459 ignored by the current process. It is enabled by default.</para> 460 461 <para>The pcvt(4) driver, an alternative to &man.syscons.4;, 462 has been removed, as it had fallen out of sync with the rest 463 of the kernel.</para> 464 465 <para>RedZone, a buffer corruption protection for the kernel &man.malloc.9; 466 facility has been implemented. This detects both buffer underflows and 467 overflows at runtime on &man.free.9; and &man.realloc.9;, 468 and prints backtraces from where memory was allocated and from where 469 it was freed. For more details, see the &man.redzone.9; manual page.</para> 470 471 <para>A new sysctl variable <varname>security.mac.biba.interfaces_equal</varname> 472 which makes all network interfaces be created with the label 473 <literal>biba/equal(equal-equal)</literal>, has been added. 474 This is useful where programs such as &man.dhclient.8; and &man.ppp.8;. 475 which initialize network interfaces do not have any labeling support. 476 This variable is set as <literal>0</literal> (disabled) by default. 477 &merged;</para> 478 479 <para>A new loader tunable <varname>vm.kmem_size_min</varname> has been 480 added. This allows to specify a minimal size for 481 <varname>vm.kmem_size</varname>.</para> 482 483 <para>A new sysctl variable <varname>vm.zone_stats</varname> 484 has been added. This allows to export &man.uma.9; allocator 485 statistics via a binary structure stream.</para> 486 487 <para>The sysctl variable <varname>hw.pci.do_powerstate</varname> 488 has been split into two sysctl variables 489 <varname>hw.pci.do_powerstate_nodriver</varname> 490 and <varname>hw.pci.do_powerstate_resume</varname>. 491 Also, these variables have been changed from a boolean to a range. 492 <literal>0</literal> means no power management, 493 <literal>1</literal> means conservative power management which 494 any device class that has caused problems is added to the watch list, 495 <literal>2</literal> means aggressive power management where 496 any device class that is not fundamental to the system is added to the list, 497 and <literal>3</literal> means power them all down unconditionally. 498 The default values are <literal>0</literal> for 499 <varname>hw.pci.do_powerstate_nodriver</varname> and 500 <literal>1</literal> for <varname>hw.pci.do_powerstate_resume</varname>.</para> 501 502 <para>[&arch.ia64;] The <filename>GENERIC</filename> kernel now enables 503 SMP support by default.</para> 504 505 <para>Sample kernel configuration files 506 <filename>src/sys/<replaceable>arch</replaceable>/conf/MAC</filename> 507 for the Mandatory Access Control framework have been added.</para> 508 509 <para><varname>POSIX_TIMERS</varname> support has been updated to 200112L.</para> 510 511 <para>An experimental support for POSIX message queue has been 512 implemented.</para> 513 514 <para>&os; now runs on the Xbox, whose architecture is nearly identical 515 to the i386. For details of the latest development, see 516 <ulink url="http://www.FreeBSD.org/platforms/xbox.html"></ulink>. 517 &merged; </para> 518 519 <para>The locking strategy for UNIX domain sockets has been 520 revised to improve concurrency; this change has yielded 521 substantial performance improvements on various SMP workloads 522 (in particular, MySQL on 8-way &arch.amd64; systems) with little 523 or no measured overhead on UP systems.</para> 524 525 <para>Several minor but widespread changes to the Newbus API have 526 been made In order to support some on-going work with interrupt 527 filtering. Because this change also breaks the kernel ABI, all 528 third-party device drivers will need to be modified and 529 recompiled.</para> 530 531 <sect3 id="boot"> 532 <title>Boot Loader Changes</title> 533 534 <para>A new option <option>-S</option>, 535 which allows setting the <filename>boot2</filename> 536 serial console speed in the <filename>/boot.config</filename> 537 file or on the <prompt>boot:</prompt> prompt line, 538 has been added.</para> 539 540 <para>[&arch.amd64;, &arch.i386;] A new loader tunable 541 <varname>comconsole_speed</varname> to change 542 the serial console speed has been added. 543 If the previous stage boot loader requested a serial console, 544 then the default speed is determined from the current serial port 545 speed. Otherwise it is set to 9600 or the value of 546 the <literal>BOOT_COMCONSOLE_SPEED</literal> kernel option. 547 &merged;</para> 548 549 <para>[&arch.amd64;, &arch.i386;] &man.firewire.4; and &man.dcons.4; 550 support has been added to the boot loader. To enable it, 551 <literal>LOADER_FIREWIRE_SUPPORT=yes</literal> has to be added 552 to <filename>/etc/make.conf</filename> and the loader be rebuilt. 553 </para> 554 555 <!-- Above this line, order boot loader changes by keyword--> 556 557 <para>[&arch.pc98;] A bootable CDROM loader has been implemented 558 for the pc98 platform. &merged;</para> 559 560 <para>[&arch.pc98;] The <application>IPLware</application> support 561 in boot0.5 has been enhanced to support version 3.33.</para> 562 563 <para>[&arch.i386;] A bug in the i386 boot loader, which could 564 cause file system corruption if 565 a <filename>nextboot.conf</filename> file was used and landed 566 after cylinder 1023, has been fixed. &merged;</para> 567 568 </sect3> 569 570 <sect3 id="proc"> 571 <title>Hardware Support</title> 572 573 <para>The &man.amdsmb.4; driver has been added. It provides 574 support for the AMD-8111 SMBus 2.0 controller. &merged;</para> 575 576 <para>The &man.cardbus.4;, &man.pccard.4;, 577 &man.pccbb.4;, and &man.exca.4; drivers are now buildable 578 as kernel modules.</para> 579 580 <para>An &man.acpi.dock.4; driver has been added to provide 581 support for controlling laptop docking station functions via 582 ACPI. &merged;</para> 583 584 <para>The &man.acpi.thermal.4; driver now supports 585 passive cooling. &merged;</para> 586 587 <para>The &man.acpi.thermal.4; driver now supports overriding 588 the <literal>_PSV</literal>, <literal>_HOT</literal>, and 589 <literal>_CRT</literal> temperature values.</para> 590 591 <para>Support for the alpha architecture has been removed. Alpha 592 support will remain on the RELENG_5 and RELENG_6 codelines.</para> 593 594 <para>The &man.cardbus.4; driver now supports 595 <filename>/dev/cardbus<replaceable>%d</replaceable>.cis</filename>.</para> 596 597 <para>[&arch.i386;, &arch.pc98;] The &man.ce.4; driver, 598 which supports Cronyx Tau-PCI/32 adapters, has been added. 599 &merged;</para> 600 601 <para>The <literal>est</literal> &man.cpufreq.4; driver now supports 602 frequency control for the VIA C7-M family of processors.</para> 603 604 <para>Support for the PadLock Security Co-processor in VIA C3, 605 Eden, and C7 606 processors has been added to the &man.crypto.9; subsystem. 607 More information can be found in the &man.padlock.4; manual 608 page. 609 &merged;</para> 610 611 <para>The &man.firewire.4; code is now MPSAFE.</para> 612 613 <para>icee(4), a generic I2C EEPROM driver, has been added.</para> 614 615 <para>A bug which prevented the &man.ichsmb.4; kernel module 616 from unloading has been fixed.</para> 617 618 <para>[&arch.amd64;, &arch.i386;] Dual-core processors (such as the Intel 619 Core Duo) now have both cores available for use by 620 default in SMP-enabled kernels. &merged;</para> 621 622 <para>[&arch.amd64;, &arch.i386;] &man.ipmi.4;, an OpenIPMI compatible driver, 623 has been added. 624 OpenIPMI (Intelligent Platform Management Interface) is an open 625 standard designed to enable remote monitoring and control of server, 626 networking and telecommunication platforms. &merged;</para> 627 628 <para>The &man.kbdmux.4; driver has been integrated into &man.syscons.4; and 629 the <devicename>kbd</devicename> device driver. 630 By default &man.syscons.4; will look for the &man.kbdmux.4; 631 keyboard first, and then, if not found, look for any keyboard. 632 Switching to &man.kbdmux.4; can be done at boot time by loading 633 the <literal>kbdmux</literal> kernel module via &man.loader.8;, 634 or at runtime via &man.kldload.8; and releasing the active 635 keyboard. &merged;</para> 636 637 <para>[&arch.amd64;, &arch.i386;] The &man.kbdmux.4; driver is now included in the 638 <filename>GENERIC</filename> kernel by default. 639 Also, the <quote>Boot FreeBSD with USB keyboard</quote> 640 menu item in the boot loader menu has been removed 641 since this fixes USB keyboard probing problems. 642 &merged;</para> 643 644 <para>The &man.nfsmb.4; driver, which supports the NVIDIA nForce 645 2/3/4 SMBus 2.0 controller, has been added. &merged;</para> 646 647 <para>[&arch.ia64;, &arch.powerpc;] The loader tunable <varname>debug.mpsafevfs</varname> 648 is set to <literal>1</literal> by default.</para> 649 650 <para>The &man.sab.4; driver has been removed (it has been 651 superceded by the &man.scc.4; driver).</para> 652 653 <para>The &man.scc.4; driver has been added. 654 This provides generic support for serial communications 655 controllers and delegates the control over each channel 656 and mode to a subordinate driver such as &man.uart.4;.</para> 657 658 <para>[&arch.amd64;] The smbios(4) driver support for amd64 has been 659 added.</para> 660 661 <para>[&arch.sun4v;] &os; now has preliminary support for the Sun Microsystems 662 UltraSPARC-T1 architecture. &os;/sun4v has been demonstrated 663 to run on the Sun Fire T1000 and Sun Fire T2000 servers. 664 More information can be found on the 665 <ulink url="http://www.FreeBSD.org/platforms/sun4v.html">sun4v 666 Project</ulink> 667 page.</para> 668 669 <para>The tnt4882(4) driver, which supports the National Instruments 670 PCI-GPIB card, has been added.</para> 671 672 <para>[&arch.amd64;, &arch.i386;, &arch.ia64;, &arch.sparc64;] The &man.uart.4; driver has been included in the 673 <filename>GENERIC</filename> kernel by default. 674 When both &man.sio.4; and &man.uart.4; can handle a given serial port, 675 &man.sio.4; will claim it.</para> 676 677 <para>The &man.uark.4; driver, which supports the Arkmicro 678 Technologies ARK3116-based USB serial adapter, has been 679 added.</para> 680 681 <para>The &man.uart.4; driver now supports LOM (Lights Out Management) 682 and RSC (Remote System Control) devices as consoles.</para> 683 684 <para>The zs driver has been removed. Its functionality 685 has been superceded by that of the &man.uart.4; driver.</para> 686 687 <para>[&arch.i386;] A new loader tunable 688 <varname>hw.apic.enable_extint</varname> has been added. 689 This tunable can be used to disable masking of the ExtINT pin on the first 690 I/O APIC. At least one chipset for the Intel Pentium III seems 691 to need this, even though all of the pins in the 8259As are masked. 692 The default is still to mask the ExtINT pin.</para> 693 694 <para>[&arch.i386;] Support has been improved for 695 so-called <quote>legacy-free</quote> hardware, in particular, 696 i386 systems without AT-style keyboard controllers such as the 697 Macbook Pro. &merged;</para> 698 699 <sect4 id="mm"> 700 <title>Multimedia Support</title> 701 702 <para>The &man.agp.4; driver now supports ATI AGP chipsets. 703 &merged;</para> 704 705 <para>The new midi(4) driver which is based on NetBSD's one 706 has been added. This supports &man.snd.cmi.4; and 707 &man.snd.emu10k1.4; drivers.</para> 708 709 <para>The &man.sound.4; driver now supports 710 wider range sampling rate, multiple precisions choice, 711 and 24/32 bit PCM format conversion. &merged;</para> 712 713 <para>The &man.snd.als4000.4; driver is now MPSAFE. &merged;</para> 714 715 <para>The &man.snd.atiixp.4; driver has been added. 716 This supports ATI IXP 200/300/400 series audio controllers. &merged;</para> 717 718 <para>The &man.snd.atiixp.4; driver now supports 719 suspend and resume features. &merged;</para> 720 721 <para>The &man.snd.cmi.4; driver is now MPSAFE.</para> 722 723 <para>The &man.snd.emu10kx.4; driver has been added. It 724 supports Creative SoundBlaster Live! and Audigy series sound 725 cards with optional pseudo-multichannel playback.</para> 726 727 <para>The &man.snd.envy24.4; driver has been added to support 728 the Envy24 series of audio chips.</para> 729 730 <para>The &man.snd.envy24ht.4; driver has been added to support 731 the VIA Envy24HT series of audio chips.</para> 732 733 <para>The &man.snd.es137x.4; driver is now MPSAFE. &merged;</para> 734 735 <para>The &man.snd.ich.4; driver is now MPSAFE. &merged;</para> 736 737 <para>The &man.snd.hda.4; driver has been added. It supports 738 devices that conform to revision 1.0 of the Intel High Definition 739 Audio specification.</para> 740 741 <para>The &man.snd.solo.4; driver is now MPSAFE. &merged;</para> 742 743 <para>The &man.snd.spicds.4; driver has been added to support 744 I2S SPI audio codec chips.</para> 745 746 <para>The &man.snd.via8233.4; driver is now MPSAFE. &merged;</para> 747 748 <para>The &man.snd.via82c686.4; driver is now MPSAFE. &merged;</para> 749 750 <para>[&arch.amd64;] The &man.speaker.4; driver now supports &os;/amd64. &merged;</para> 751 752 <para>The &man.uaudio.4; driver now supports 24/32 bit audio 753 formats and conversion.</para> 754 </sect4> 755 756 <sect4 id="net-if"> 757 <title>Network Interface Support</title> 758 759 <para>The &man.ath.4; driver has been updated to 760 HAL version 0.9.20.3. &merged;</para> 761 762 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;, &arch.sparc64;] 763 The &man.ath.4;, &man.ath.hal.4;, and 764 <literal>ath_rate_sample</literal> drivers have been 765 included in the <filename>GENERIC</filename> kernel by 766 default. &merged;</para> 767 768 <para>The &man.axe.4; driver now supports &man.altq.4;. &merged;</para> 769 770 <para>[&arch.amd64;, &arch.i386;] The &man.bce.4; driver, which supports Broadcom 771 NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet controllers, 772 has been added. For more details, see &man.bce.4;. &merged;</para> 773 774 <para>A bug which prevents the &man.bfe.4; driver from working 775 on a system with over 1GB RAM has been fixed. &merged;</para> 776 777 <para>The &man.bge.4; driver's Jumbo frame support is now MPSAFE.</para> 778 779 <para>The &man.bge.4; driver now supports big-endian 780 architectures such as sparc64.</para> 781 782 <para>The &man.bge.4; driver now supports &man.polling.4; mode. 783 &merged;</para> 784 785 <para>The &man.cm.4; driver is now MPSAFE.</para> 786 787 <para>The &man.cxgb.4; driver has been added. It provides support for 788 10 Gigabit Ethernet adapters based on the Chelsio T3 and T3B chipsets. 789 </para> 790 791 <para>The &man.dc.4; driver is now MPSAFE. &merged;</para> 792 793 <para>The &man.de.4; driver has been converted to the &man.bus.dma.9; 794 API and is now MPSAFE.</para> 795 796 <para>The &man.ed.4; driver is now MPSAFE.</para> 797 798 <para>The &man.edsc.4; driver, which provides Ethernet discard network 799 interfaces, has been added. &merged;</para> 800 801 <para>The &man.el.4; driver has been removed due to lack of use.</para> 802 803 <para>The &man.em.4; driver now supports big-endian 804 architectures such as sparc64. &merged;</para> 805 806 <para>The &man.em.4; driver has been updated to 807 version 6.5.0 from Intel. Among other changes, it now supports 808 80003, 82571, 82571EB, 82572 and 82575 based adapters, as well as 809 onboard-NICs on ICH8-based motherboards. &merged;</para> 810 811 <para>The &man.em.4; driver now includes 812 initial support for suspend and resume features.</para> 813 814 <para>The performance of the &man.em.4; driver has been improved 815 by using a fast interrupt handler and taskqueue 816 instead of ithread handler. This change can be disabled 817 by defining <literal>NO_EM_FASTINTR</literal> kernel option 818 for debugging purpose.</para> 819 820 <para>The IP over FireWire (&man.fwip.4;) driver is now enabled in 821 the <filename>GENERIC</filename> kernel.</para> 822 823 <para>The &man.gem.4; driver now supports &man.altq.4;.</para> 824 825 <para>The firmware images needed by the &man.ipw.4; driver are now 826 part of the &os; base system. For the loaded firmware to work the 827 license at <filename>/usr/share/doc/legal/intel_ipw/LICENSE</filename> 828 must be agreed to and <literal>legal.intel_ipw.license_ack=1</literal> 829 has to be added to <filename>/boot/loader.conf</filename>. 830 Prior versions of the driver used the firmware image in the 831 <filename role="package">net/ipw-firmware-kmod</filename> 832 port/package or the 833 <filename role="package">net/ipw-firmware</filename> 834 port/package. &merged;</para> 835 836 <para>The &man.iwi.4; driver now supports big-endian 837 architectures such as sparc64.</para> 838 839 <para>A number of improvements and bugfixes have been made to the 840 functionality of the &man.iwi.4; driver. &merged;</para> 841 842 <para>The firmware images needed by the &man.iwi.4; driver are now 843 part of the &os; base system. For the loaded firmware to work the 844 license at <filename>/usr/share/doc/legal/intel_iwi/LICENSE</filename> 845 must be agreed to and <literal>legal.intel_iwi.license_ack=1</literal> 846 has to be added to <filename>/boot/loader.conf</filename>. 847 Prior versions of the driver used the firmware image in the 848 <filename role="package">net/iwi-firmware-kmod</filename> 849 port/package or the 850 <filename role="package">net/iwi-firmware</filename> 851 port/package. &merged;</para> 852 853 <para>The ixgbe driver, which supports the Intel 10G PCI-Express 854 adapter (82598), has been added.</para> 855 856 <para>The &man.le.4; driver, which supports AMD Am7900 LANCE 857 and Am79C9xx PCnet NICs, 858 has been added. While the &man.lnc.4; driver also supports these 859 NICs, this driver has several advantages over it such as 860 MPSAFE, ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI 861 variants. This driver is based on NetBSD's implementation. 862 &merged;</para> 863 864 <para>The &man.lge.4; driver is now MPSAFE. &merged;</para> 865 866 <para>The lnc(4) driver has been removed. The &man.le.4; and 867 &man.pcn.4; drivers support all devices that were supported 868 by lnc(4).</para> 869 870 <para>The &man.msk.4; driver has been added. It supports 871 network interfaces using the Marvell/SysKonnect Yukon II 872 Gigabit Ethernet controller. &merged;</para> 873 874 <para>The &man.my.4; driver is now MPSAFE. &merged;</para> 875 876 <para>The &man.my.4; driver now supports &man.altq.4;. &merged;</para> 877 878 <para>[&arch.amd64;, &arch.i386;] The &man.mxge.4; driver, 879 which supports Myricom Myri10GE 10 Gigabit Ethernet 880 adapters, has been added. For more details, see 881 &man.mxge.4;. &merged;</para> 882 883 <para>[&arch.amd64;, &arch.i386;] The &man.nfe.4; driver, an open-source driver for nForce 884 Ethernet devices, has been added, originally from 885 OpenBSD. This driver has replaced the &man.nve.4; driver in 886 the <filename>GENERIC</filename> kernel.</para> 887 888 <para>[&arch.arm;] The &man.npe.4; driver, which supports the 889 Intel XScale Network Processing Engine, has been 890 added. &merged;</para> 891 892 <para>The &man.nve.4; driver has been updated to version 1.0-0310 893 (23-Nov-2005). It also now has &man.altq.4; support. &merged;</para> 894 895 <para>The &man.nxge.4; driver, which supports the Neterion 896 Xframe 10 Gigabit Ethernet adapter, has been added.</para> 897 898 <para>The &man.pcn.4; driver is now MPSAFE. &merged;</para> 899 900 <para>The &man.re.4; driver now supports the D-Link DGE-528(T) 901 Gigabit Ethernet card.</para> 902 903 <para>The &man.rum.4; driver has been added. It supports 904 WLAN adapters based on the Ralink RT2501USB and RT2601USB 905 chipsets.</para> 906 907 <para>The &man.sf.4; driver is now MPSAFE. &merged;</para> 908 909 <para>The &man.sk.4; driver is now MPSAFE. &merged;</para> 910 911 <para>The &man.ste.4; driver is now MPSAFE. &merged;</para> 912 913 <para>The &man.stge.4; driver has been added. It supports the 914 Sundance/Tamarack TC9021 Gigabit Ethernet controller and was 915 ported from NetBSD. &merged;</para> 916 917 <para>The &man.ti.4; driver now supports big-endian 918 architectures such as sparc64.</para> 919 920 <para>The &man.ufoma.4; driver for 921 FOMA (third generation mobile phone system by NTT DoCoMo, Inc. 922 in Japan) has been added. 923 This should support other third generation mobile phones 924 since the driver is based on USB Implementation Guideline 925 from MCPC (Mobile Computing Promotion Consortium) in Japan.</para> 926 927 <para>The vgapci(4) driver has been added. This is a stub 928 device driver for VGA PCI devices and serves as a bus 929 so that other drivers such as drm(4), 930 &man.acpi.video.4;, and &man.agp.4; can attach to 931 it thus allowing multiple drivers for the same device.</para> 932 933 <para>The &man.vge.4; driver now supports &man.altq.4;. &merged;</para> 934 935 <para>The &man.wi.4; driver is now buildable as 936 a kernel module.</para> 937 938 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] The &man.wlan.wep.4;, 939 &man.wlan.ccmp.4;, and &man.wlan.tkip.4; drivers 940 have been included in the <filename>GENERIC</filename> 941 kernel by default.</para> 942 943 <para>The network interface groups feature has been imported 944 from OpenBSD. This feature allows an administrator to, for 945 example, apply firewall rules to an entire group of 946 interfaces. More information can be found in 947 &man.ifconfig.8;.</para> 948 949 <para>The 802.11 protocol stack has been significantly reworked. 950 Among the new features are support for background scanning 951 and roaming between APs, as well as support that will be 952 required by 802.11n-capable devices.</para> 953 954 <para>The 802.11 protocol stack now has support for 900 MHz 955 cards, as well as quarter- and half-channel support 956 for 802.11a. &merged;</para> 957 958 <para>The &os; network stack now runs entirely free of the 959 Giant kernel lock, and relies solely on the kernel's 960 fine-grained locking primitives to manage parallelism. This 961 significantly improves the network stack's performance on 962 multi-processor systems; uni-processor systems could also 963 see performance gains. 964 ISDN4BSD, &man.ng.h4.4;, and netatm have been temporarily 965 disconnected from the build. These modules all require 966 the Giant kernel lock for their operation; disconnecting 967 them allows the removal of the NET_NEEDS_GIANT compatability 968 shim. It is planned to convert 969 these modules to fine-grained kernel locking and re-connect 970 them for &os; 7.1-RELEASE.</para> 971 </sect4> 972 </sect3> 973 974 <sect3 id="net-proto"> 975 <title>Network Protocols</title> 976 977 <para>The &man.arp.4; retransmission algorithm has been 978 rewritten so that ARP requests are retransmitted without 979 suppression, while there is demand for such ARP entry. 980 Due to this change, a sysctl variable 981 <varname>net.link.ether.inet.host_down_time</varname> 982 has been removed. &merged;</para> 983 984 <para>The &man.arp.4; protocol now supports a sysctl variable 985 <varname>net.link.ether.inet.log_arp_permanent_modify</varname> 986 to suppress logging of attempts to modify 987 permanent ARP entries. &merged;</para> 988 989 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] An experimental BPF Just-In-Time compiler 990 has been implemented for both &man.bpf.4; and &man.ng.bpf.4;. 991 To enable this, the 992 <literal>options BPF_JITTER</literal> kernel option is needed. 993 The <varname>net.bpf_jitter.enable</varname> 994 can be used to disable this feature.</para> 995 996 <para>Multiple copies of a packet received via different 997 &man.bpf.4; listeners now all have identical 998 timestamps. &merged;</para> 999 1000 <para>The &man.bpf.4; device now supports several new 1001 &man.ioctl.2; calls to allow examining inbound vs. outbound 1002 packets, as well as packets that have been injected onto the 1003 network.</para> 1004 1005 <para>The bridge(4) driver has been removed from the tree. Its 1006 functionality has been completely replaced by 1007 &man.if.bridge.4;.</para> 1008 1009 <para>The &man.enc.4; IPsec filtering pseudo-device has been 1010 added. It allows firewall packages using the &man.pfil.9; 1011 framework to examine (and filter) IPsec traffic before 1012 outbound encryption and after inbound decryption. &merged;</para> 1013 1014 <para>The &man.gre.4; driver, which is for GRE encapsulation 1015 found in RFC 1701 and RFC 1702, now supports IPv6 over GRE.</para> 1016 1017 <para>The &man.if.bridge.4; driver now supports 1018 creating SPAN ports, which transmit a copy of every frame 1019 received by the bridge. This feature can be enabled 1020 by using &man.ifconfig.8;. &merged;</para> 1021 1022 <para>The &man.if.bridge.4; driver now supports 1023 RFC 3378 EtherIP. This change makes it possible to 1024 add &man.gif.4; interfaces to bridges, which will then 1025 send and receive IP protocol 97 packets. 1026 Packets are Ethernet frames with an EtherIP header prepended. 1027 &merged;</para> 1028 1029 <para>The &man.if.bridge.4; driver now supports RSTP, the Rapid 1030 Spanning Tree Protocol (802.1w). &merged;</para> 1031 1032 <para>The &man.if.bridge.4; driver now supports a 1033 <literal>private</literal> flag on bridge ports; 1034 no private port on a bridge can communicate with any 1035 other private port. This functionlity is useful in 1036 scenarios such as number of customers VLANs bridged 1037 with a server network; it might be desirable to prevent 1038 the customer VLANs from communicating with each other 1039 but allow all of them to access the server network. The 1040 private flag on a bridge port can be set or cleared via 1041 &man.ifconfig.8;.</para> 1042 1043 <para>A hard-coded limit on the number of IPv4 multicast group 1044 memberships (formerly 20) has been removed.</para> 1045 1046 <para>The path MTU discovery for multicast packets in the &os; 1047 IPv6 stack has been disabled by default. 1048 Path MTU notification from a large number of multicast routers 1049 can be a kind of distributed Denial-of-Service attack to a router. 1050 This feature can be re-enabled by using a new sysctl variable 1051 <varname>net.inet6.ip6.mcast_pmtu</varname>. &merged;</para> 1052 1053 <para>IPv6 multicast forwarding is now dynamically loadable, via 1054 the <filename>ip_mroute.ko</filename> module.</para> 1055 1056 <para>IPv6 link-local addresses are now enabled only 1057 if <varname>ipv6_enable</varname> is set in &man.rc.conf.5;. 1058 &merged;</para> 1059 1060 <para>The &man.ipfw.4; IP packet filter now supports IPv6. &merged;</para> 1061 1062 <para>The &man.ipfw.4; firewall system now supports 1063 a <literal>tablearg</literal> feature, which allows 1064 values obtained from a table lookup to be used as part of a 1065 rule. &merged; 1066 This feature can be used to optimize some rulesets 1067 or to implement policy-based routing inside a firewall. 1068 For example, the following rules will throw different 1069 packets to different pipes:</para> 1070 1071 <programlisting>pipe 1000 config bw 1000Kbyte/s 1072pipe 4000 config bw 4000Kbyte/s 1073table 1 add x.x.x.x 1000 1074table 1 add x.x.x.y 4000 1075pipe tablearg ip from table(1) to any</programlisting> 1076 1077 <para>The &man.ipfw.4; packet filter now supports 1078 <literal>tag</literal> and <literal>untag</literal> rule keywords. 1079 When a packet matches a rule with the <literal>tag</literal> 1080 keyword, the numeric tag for the given number in the range 1081 from 0 to 65535 will be attached to the packet. 1082 The tag acts as an internal marker (it is not sent out over 1083 the wire) that can be used to identify these packets later on, 1084 for example, by using <literal>tagged</literal> 1085 rule option. For more details, see &man.ipfw.8;. &merged;</para> 1086 1087 <para>The &man.ipfw.4; packet filter now supports filtering on 1088 Routing Header Type 0 and Mobile IPv6 Routing Header Type 2 1089 in addition to filtering on the non-differentiated presence 1090 of any Routing Header.</para> 1091 1092 <para>The <literal>IPFIREWALL_FORWARD_EXTENDED</literal> kernel 1093 option has been removed. This option was used to permit 1094 &man.ipfw.4; to redirect packets with local destinations. 1095 This behavior is now always enabled when 1096 the <literal>IPFIREWALL_FORWARD</literal> kernel option is 1097 enabled. &merged;</para> 1098 1099 <para>The ip6fw(8) packet filter has been removed. Since &man.ipfw.4; has gained 1100 IPv6 support, it should be used instead. Please note that some rules might need 1101 to be adjusted.</para> 1102 1103 <para>The KAME IPsec implementation has been removed. In its 1104 place, <literal>FAST_IPSEC</literal> is now the only IPsec 1105 implementation supported by the &os; kernel. The 1106 <literal>IPSEC</literal> kernel configuration option, which 1107 formerly enabled KAME IPsec, now enables 1108 <literal>FAST_IPSEC</literal>. <literal>FAST_IPSEC</literal> 1109 now supports both IPv4 and IPv6, uses fine-grained kernel 1110 locking, and supports hardware cryptographic 1111 acceleration.</para> 1112 1113 <para>Support for tunneling IPX over IP has been removed.</para> 1114 1115 <para>The &man.lagg.4; driver, ported from OpenBSD and NetBSD, 1116 has been added to support a variety of protocols and algorithms 1117 for link aggregation, failover, and fault tolerance. &merged;</para> 1118 1119 <para>The &man.natm.4;, Native Mode ATM protocol layer is now MPSAFE.</para> 1120 1121 <para>The &man.ng.car.4; Netgraph node has been added. It implements 1122 various traffic shaping and rate limiting algorithms.</para> 1123 1124 <para>A new &man.ng.deflate.4; Netgraph node type has been 1125 added. It implements Deflate PPP compression. &merged;</para> 1126 1127 <para>The &man.ng.ether.4; Netgraph node no longer overwrites 1128 the MAC address of outgoing frames by default. &merged;</para> 1129 1130 <para>The &man.ng.iface.4; Netgraph node now supports &man.altq.4;. 1131 &merged;</para> 1132 1133 <para>A new &man.ng.pred1.4; Netgraph node type has been added 1134 to implement Predictor-1 PPP compression. &merged;</para> 1135 1136 <para>The &man.ng.tag.4; Netgraph node has been added to 1137 support the manipulation of mbuf tags attached to data in the 1138 kernel. &merged;</para> 1139 1140 <para>A bug has been fixed in which NFS over TCP would not reconnect 1141 when the server sent a FIN. This problem had occurred 1142 with Solaris NFS servers. &merged;</para> 1143 1144 <para>The default retransmit timer for NFS over TCP is now 60 seconds. 1145 This change prevents the unnecessary retransmission of 1146 non-idempotent NFS requests. The <varname>nfs_access_cache</varname> 1147 variable in &man.rc.conf.5; has also been changed to 60.</para> 1148 1149 <para>The default minimum number of nfsiod kernel threads 1150 (&man.sysctl.8; variable <varname>vfs.nfs.iodmin</varname>) 1151 has been changed from 4 to 0.</para> 1152 1153 <para>The sysctl variables <varname>net.inet.ip.portrange.reservedhigh</varname> 1154 and <varname>net.inet.ip.portrange.reservedlow</varname> 1155 can be used with IPv6 now. &merged;</para> 1156 1157 <para>A new sysctl variable <varname>net.inet.icmp.reply_from_interface</varname> 1158 has been added. This allows the &man.icmp.4; 1159 reply to non-local packets to be generated with 1160 the IP address the packet came through in. 1161 This is useful for routers to show in &man.traceroute.8; 1162 the actual path a packet has taken instead of 1163 the possibly different return path.</para> 1164 1165 <para>A new sysctl variable <varname>net.inet.icmp.quotelen</varname> 1166 has been added. This allows to change length of 1167 the quotation of the original packet in an ICMP reply. 1168 The minimum of 8 bytes is internally enforced. 1169 The maximum quotation is the remaining space in the 1170 reply mbuf. This option is added in response to the 1171 issues raised in I-D 1172 <filename>draft-gont-icmp-payload-00.txt</filename>.</para> 1173 1174 <para>The &man.icmp.4; now always quotes the entire TCP header 1175 when responding and allocate an mbuf cluster if needed. 1176 This change fixes the TCP issues raised in I-D 1177 <filename>draft-gont-icmp-payload-00.txt</filename>.</para> 1178 1179 <para>A new socket option <literal>IP_MINTTL</literal> has been added. 1180 This may be used to set the minimum acceptable 1181 TTL a packet must have when received on a socket. 1182 All packets with a lower TTL are silently dropped. 1183 This works on already connected/connecting and 1184 listening sockets for RAW, UDP, and TCP. This option 1185 is only really useful when set to <literal>255</literal>, preventing packets 1186 from outside the directly connected networks reaching 1187 local listeners on sockets. Also, this option allows 1188 userland implementation of <quote>The Generalized TTL 1189 Security Mechanism (GTSM)</quote> found in RFC 3682.</para> 1190 1191 <para>The kernel &man.ppp.4; driver now supports IPv6.</para> 1192 1193 <para>Stealth forwarding now supports IPv6 as well as IPv4. 1194 This behavior can be controlled by using a new sysctl variable 1195 <varname>net.inet6.ip6.stealth</varname>.</para> 1196 1197 <para>The <literal>PIM</literal> kernel option has been removed. 1198 The corresponding code is now included in the 1199 <literal>MROUTING</literal> kernel option.</para> 1200 1201 <para>Support has been added for the RFC 3678 Source-Specific 1202 Multicast (SSM) socket API. More details can be found in 1203 the &man.sourcefilter.3; manual page.</para> 1204 1205 <para>Support has been added for the Stream Control Transmission 1206 Protocol (SCTP). SCTP implements a reliable, message-oriented 1207 transport protocol, and is defined in RFC 4960. It is enabled 1208 in &os; with the <literal>SCTP</literal> kernel option and is 1209 part of the <filename>GENERIC</filename> kernel. More 1210 information can be found in the &man.sctp.4; manual page.</para> 1211 1212 <para>The <literal>IPV6_V6ONLY</literal> socket option 1213 now works for UDP.</para> 1214 1215 <para>The <literal>TCP_DROP_SYNFIN</literal> kernel option is now 1216 included in the kernel by default. The 1217 <varname>net.inet.tcp.drop_synfin</varname> sysctl variable still 1218 defaults to <literal>0</literal>.</para> 1219 1220 <para>The TCP bandwidth-delay product limiting feature has 1221 been disabled when the RTT is below a certain threshold. 1222 This optimization does not make sense on a LAN, as it has 1223 trouble figuring out the maximal bandwidth due to the coarse 1224 tick granularity. A new sysctl variable 1225 <varname>net.inet.tcp.inflight.rttthresh</varname> specifies 1226 the threshold in milliseconds below which this feature 1227 will disengage. It defaults to 10ms. &merged;</para> 1228 1229 <para>The &os; network stack now has support for TCP 1230 Segmentation Offload (TSO). TSO reduces the overhead of 1231 sending bulk TCP data by allowing a network interface to 1232 convert a large data transfer into multiple TCP segments to be 1233 sent on the network. This functionality can be enabled or 1234 disabled on a per-interface basis with 1235 the <literal>tso</literal> and <literal>-tso</literal> flags 1236 to &man.ifconfig.8;. Network interfaces and drivers 1237 supporting TSO currently include &man.em.4;, 1238 &man.mxge.4; and &man.cxgb.4;.</para> 1239 1240 <para>&os; now supports auto-sizing of TCP socket buffers. This 1241 allows the socket buffer sizes to adapt dynamically to network 1242 conditions, rather than being set statically. The behavior of 1243 this feature can be controlled using 1244 the <varname>net.inet.tcp.sendbuf_*</varname> 1245 and <varname>net.inet.tcp.recvbuf_*</varname> sysctl 1246 variables.</para> 1247 1248 <para>The <varname>net.link.tap.up_on_open</varname> sysctl variable 1249 has been added to the &man.tap.4; driver. If enabled, new tap 1250 devices will marked <literal>up</literal> upon creation. &merged; 1251 </para> 1252 1253 <para>Support for &man.kqueue.2; operations has been added to 1254 the &man.tun.4; driver. &merged;</para> 1255 1256 </sect3> 1257 1258 <sect3 id="disks"> 1259 <title>Disks and Storage</title> 1260 1261 <para>The &man.aac.4; driver now supports the Adaptec 2610SA SATA-RAID 1262 controller in some Hewlett-Packard machines.</para> 1263 1264 <para>The performance of the &man.amr.4; driver has been improved; 1265 it also now supports full 64-bit DMA. While this feature is 1266 enabled by default, this can be forced off by setting the 1267 <varname>hw.amr.force_sg32</varname> loader tunable for 1268 debugging purpose. 1269 &merged;</para> 1270 1271 <para>The &man.amr.4; driver now supports the &man.ioctl.2; requests 1272 necessary for the Linux LSI MegaRaid tools in &os;'s Linux emulation 1273 environment. 1274 &merged;</para> 1275 1276 <para>The &man.arcmsr.4; driver has been updated to version 1277 1.20.00.13. &merged;</para> 1278 1279 <para>The &man.ahc.4; driver is now MPSAFE.</para> 1280 1281 <para>The &man.ahd.4; driver is now MPSAFE.</para> 1282 1283 <para>The &man.ata.4; driver now supports a workaround 1284 for some controllers whose DMA does not work properly 1285 in 48bit mode. For affected controllers, 1286 PIO mode will be used for access to areas beyond 137GB. 1287 &merged;</para> 1288 1289 <para>The &man.ata.4; driver now supports the ITE IT8211F IDE controller, 1290 and the Promise PDC40718 and PDC40719 chip found in Promise 1291 Fasttrak TX4300. 1292 &merged;</para> 1293 1294 <para>The &man.ata.4; driver now supports DMA for kernel crash dumps, 1295 as well as crash dumping to an &man.ataraid.4; device. 1296 &merged;</para> 1297 1298 <para>The &man.ata.4; driver now supports USB mass storage class 1299 devices. To enable it, a line <literal>device atausb</literal> 1300 in the kernel configuration file or loading the 1301 <filename>atausb</filename> kernel module is needed. 1302 Note that this functionality cannot coexist with the 1303 &man.umass.4; driver. &merged;</para> 1304 1305 <para>The &man.ataraid.4; driver now supports 1306 JMicron ATA RAID metadata. &merged;</para> 1307 1308 <para>The CAM subsystem is now MPSAFE.</para> 1309 1310 <para>The &man.ciss.4; driver is now MPSAFE.</para> 1311 1312 <para>A new <literal>GEOM_JOURNAL</literal> class has been added 1313 to the GEOM storage transformation system. It supports 1314 block-level journaling operations, which can be used by file 1315 system modules to perform file system journaling and to keep 1316 file systems in a consistent state. (Currently, only UFS file 1317 systems are supported.) Its operation can be controlled using 1318 the &man.gjournal.8; utility.</para> 1319 1320 <para>The <literal>GEOM_LABEL</literal> class now supports 1321 Ext2FS, NTFS, and ReiserFS. &merged;</para> 1322 1323 <para>The <literal>GEOM_MIRROR</literal> class now supports 1324 kernel crash dumps to the GEOM providers. 1325 &merged;</para> 1326 1327 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal> 1328 classes now support sysctl variables 1329 <varname>kern.geom.mirror.disconnect_on_failure</varname> 1330 and 1331 <varname>kern.geom.graid3.disconnect_on_failure</varname> 1332 to control whether failed components will be disconnected or not. 1333 The default value is <literal>1</literal> to preserve the current 1334 behavior, and if it is set to <literal>0</literal> such components 1335 are not disconnected and the kernel will try to still use them 1336 (only the first error will be logged). 1337 This is helpful for the case of multiple broken components (in 1338 different places), so actually all data is available. 1339 The broken components will be visible in <command>gmirror list</command> 1340 or <command>graid3 list</command> output with flag 1341 <literal>BROKEN</literal>. 1342 &merged;</para> 1343 1344 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal> 1345 classes now use parallel I/O requests for synchronization 1346 to improve the performance. New sysctl variables 1347 <varname>kern.geom.mirror.sync_requests</varname> and 1348 <varname>kern.geom.raid3.sync_requests</varname> 1349 define how many parallel I/O requests should be used. 1350 Also, the sysctl variables 1351 <varname>kern.geom.mirror.reqs_per_sync</varname>, 1352 <varname>kern.geom.mirror.syncs_per_sec</varname>, 1353 <varname>kern.geom.raid3.reqs_per_sync</varname>, and 1354 <varname>kern.geom.raid3.syncs_per_sec</varname> 1355 are deprecated and have been removed. 1356 &merged;</para> 1357 1358 <para>A new GEOM_MULTIPATH class has been added to support 1359 multiple access paths to disk devices. The &man.gmultipath.8; 1360 utility has been added to control the behavior of disk devices 1361 using this feature.</para> 1362 1363 <para>A new GEOM class <literal>GEOM_ZERO</literal> has been added. 1364 It creates a very huge provider (41PB) <filename>/dev/gzero</filename> 1365 and is mainly useful for performance testing. 1366 On <literal>BIO_READ</literal> request it zero-fills 1367 <varname>bio_data</varname> and on <literal>BIO_WRITE</literal> 1368 it does nothing. 1369 &merged;</para> 1370 1371 <para>The GEOM class kernel module <filename>g_md.ko</filename> 1372 has been renamed to <filename>geom_md.ko</filename> 1373 for consistency.</para> 1374 1375 <para>[&arch.amd64;, &arch.i386;] The &man.hptiop.4; driver has been added. 1376 It supports the Highpoint RocketRAID 3xxx series of controllers.</para> 1377 1378 <para>[&arch.amd64;, &arch.i386;] The &man.hptmv.4; driver has been updated and now supports 1379 amd64 as well as PAE.</para> 1380 1381 <para>The &man.isp.4; driver is now MPSAFE.</para> 1382 1383 <para>The &man.mfi.4; driver, which supports 1384 the LSI MegaRAID SAS controller family, has been added. 1385 &merged;</para> 1386 1387 <para>The &man.mpt.4; driver has been updated to support 1388 various new features such as RAID volume and RAID member 1389 state/settings reporting, periodic volume re-synchronization 1390 status reporting, and sysctl variables for volume 1391 re-synchronization rate, volume member write cache status, 1392 and volume transaction queue depth. &merged;</para> 1393 1394 <para>The &man.mpt.4; driver now supports SAS HBA (partially), 1395 64-bit PCI, and large data transfer. &merged;</para> 1396 1397 <para>The &man.mpt.4; driver is now MPSAFE.</para> 1398 1399 <para>[&arch.amd64;, &arch.i386;] Experimental support for the 1400 TMPFS file system has been added. TMPFS is an efficient 1401 memory file system originally developed for the NetBSD project 1402 during the Google Summer of Code. More information can be 1403 found in the &man.tmpfs.5; manual page.</para> 1404 1405 <para>The &man.twa.4; driver has been updated to the 3.70.03.007 1406 release on the 3ware Web site. It now supports AMCC's 3ware 1407 9650 series of SATA controllers. &merged;</para> 1408 1409 <para>A new GEOM-based disk encryption facility, GEOM_ELI, has been 1410 added. It uses the &man.crypto.9; framework for hardware acceleration 1411 and supports different cryptographic algorithms. See &man.geli.8; for 1412 more information. &merged;</para> 1413 1414 <para>The &man.geli.8; disk encryption system now supports loading keyfiles before the root 1415 file system is mounted. &merged; 1416 For example, the following entries 1417 can be used in <filename>/boot/loader.conf</filename> to enable 1418 it:</para> 1419 1420 <programlisting>geli_da0_keyfile0_load="YES" 1421geli_da0_keyfile0_type="da0:geli_keyfile0" 1422geli_da0_keyfile0_name="/boot/keys/da0.key0" 1423geli_da0_keyfile1_load="YES" 1424geli_da0_keyfile1_type="da0:geli_keyfile1" 1425geli_da0_keyfile1_name="/boot/keys/da0.key1" 1426geli_da0_keyfile2_load="YES" 1427geli_da0_keyfile2_type="da0:geli_keyfile2" 1428geli_da0_keyfile2_name="/boot/keys/da0.key2" 1429 1430geli_da1s3a_keyfile0_load="YES" 1431geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0" 1432geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"</programlisting> 1433 1434 <para>&man.geli.8; is now able to perform data integrity 1435 verification (data authentication) of encrypted data stored on 1436 disk. Note that the encryption algorithm is now specified to 1437 the &man.geli.8; control program using the <option>-e</option> 1438 option; the <option>-a</option> option is now used to specify 1439 the authentication algorithm. &merged;</para> 1440 1441 <para>The &man.iscsi.initiator.4; driver, a kernel driver for 1442 the Internet SCSI (iSCSI) protocol, has been added. This 1443 driver allows access to remote SCSI devices over TCP/IP 1444 networks. The &man.iscontrol.8; userland utility is used 1445 to control the operation of the driver.</para> 1446 1447 <para>The scsi_sg driver, which emulates a significant 1448 subset of the Linux SCSI SG passthrough device API, has 1449 been added. It is 1450 intended to allow programs running under Linux emulation 1451 (as well as native &os; applications) to access the 1452 <filename>/dev/sg<replaceable>*</replaceable></filename> 1453 devices supported by Linux. &merged;</para> 1454 1455 <para>The &man.umass.4; driver now supports 1456 <literal>PLAY_MSF</literal>, 1457 <literal>PLAY_TRACK</literal>, 1458 <literal>PLAY_TRACK_REL</literal>, 1459 <literal>PAUSE</literal>, 1460 <literal>PLAY_12</literal> commands so that 1461 the &man.cdcontrol.1; utility can handle a USB CD drive.</para> 1462 </sect3> 1463 1464 <sect3 id="fs"> 1465 <title>File Systems</title> 1466 1467 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] The &man.linsysfs.5; 1468 pseudo-file system driver has been added. 1469 It provides a subset of the 1470 Linux <filename>sys</filename> file system, and is required for 1471 the correct operation of some Linux binaries (such as the LSI 1472 MegaRAID SAS utility). &merged;</para> 1473 1474 <para>A part of the FreeBSD NFS subsystem (the interface with 1475 the protocol stack and callouts, the NFS client side) is now MPSAFE.</para> 1476 1477 <para>The &man.pseudofs.9; pseudo file system construction kit and 1478 all of its consumers (&man.procfs.5;, &man.linprocfs.5; and 1479 &man.linsysfs.5;), are now MPSAFE.</para> 1480 1481 <para>The unionfs file system has been re-implemented. This 1482 version solves many crashing and locking issues compared to 1483 the previous implementation. It also adds 1484 new <quote>transparent</quote> and <quote>masquerade</quote> 1485 modes for automatically creating files in the upper file system 1486 layer of unions. More information can be found in the 1487 &man.mount.unionfs.8; manual page. &merged;</para> 1488 1489 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] Support for Sun's ZFS has been 1490 added. More information about this file system can be found 1491 in the &man.zfs.8; manual page or 1492 on the <ulink url="http://www.opensolaris.org/os/community/zfs/"> 1493 OpenSolaris ZFS page</ulink>.</para> 1494 1495 <para>Initial (read-only) support for SGI's XFS file system has been 1496 added.</para> 1497 </sect3> 1498 </sect2> 1499 1500 <sect2 id="userland"> 1501 <title>Userland Changes</title> 1502 1503 <para>The addr2ascii() and ascii2addr() library calls, originally 1504 introduced by the INRIA IPv6 implementation, have been removed 1505 from <filename>libc</filename>. They have no consumers in the 1506 &os; base system. In a related change, support 1507 for <literal>AF_LINK</literal> addresses has been added to 1508 &man.getnameinfo.3;.</para> 1509 1510 <para>Padding of <varname>ai_addrlen</varname> 1511 in <varname>struct addrinfo</varname> has been removed, 1512 which was originally for the ABI compatibility. 1513 For example, this change breaks the ABI compatibility of the 1514 &man.getaddrinfo.3; function on 64-bit architectures, including 1515 &os;/amd64, &os;/ia64, and &os;/sparc64.</para> 1516 1517 <para>The &man.asf.8; utility has been revised and extended. Now 1518 it can operate via several interfaces including &man.kvm.3;, 1519 which supports not only live systems, but also kernel crash dumps. 1520 &merged;</para> 1521 1522 <para>The &man.arp.8; utility now allows the <option>-i</option> 1523 option together with the <option>-d</option> and <option>-a</option> options 1524 to allow all entries for a given interface to be removed. &merged;</para> 1525 1526 <para>The &man.atrun.8; utility has gained PAM support. Before 1527 running a job for a user account, it will check the account 1528 status with PAM and refuse to run the job if the account is 1529 unavailable. The default definition of an unavailable account 1530 includes those expired and administratively locked out with 1531 &man.pw.8;.</para> 1532 1533 <para>The OpenBSM userland tools, including &man.audit.8;, 1534 &man.auditd.8;, 1535 &man.auditreduce.1;, and 1536 &man.praudit.1;, have been added. &merged;</para> 1537 1538 <para>The &man.bsdiff.1; and &man.bspatch.1; utilities 1539 have been added. These are tools for constructing and 1540 applying binary patches. &merged;</para> 1541 1542 <para>The &man.bsnmpd.1; utility now supports the Host Resources 1543 MIB described in RFC 2790. &merged;</para> 1544 1545 <para>&man.cached.8; has been added. It is a daemon that caches 1546 the results of nsswitch lookups (such as those to the password, 1547 group, and services databases) for improved performance.</para> 1548 1549 <para>The &man.cmp.1; utility now supports an <option>-h</option> 1550 flag to compare the symbolic link itself rather than the 1551 file that the link points to. &merged;</para> 1552 1553 <para>The &man.config.8; utility now supports the <literal>nocpu</literal> 1554 directive, which cancels the effect of a 1555 previous <literal>cpu</literal> directive. &merged;</para> 1556 1557 <para>The &man.config.8; utility now reads <filename>DEFAULTS</filename> 1558 kernel configuration file if it exists in the current directory 1559 before the specified configuration file. &merged;</para> 1560 1561 <para>The &man.cp.1; utility now supports a <option>-l</option> 1562 option, which causes it to create hardlinks to the source files 1563 instead of copying them. &merged;</para> 1564 1565 <para>The &man.cron.8; daemon has gained PAM support. Before 1566 running a command from account's private &man.crontab.5; file, 1567 it will check the account status with PAM and skip the command 1568 if the account is unavailable. The default definition of an 1569 unavailable account includes those expired and administratively 1570 locked out with &man.pw.8;. In addition, &man.cron.8; will 1571 skip commands from private &man.crontab.5; files if a 1572 &man.nologin.5; file exists, unless the &man.crontab.5; owner's 1573 login class is exempt from &man.nologin.5; restriction. 1574 Commands from the system file <filename>/etc/crontab</filename> 1575 are not subject to the PAM check.</para> 1576 1577 <para>The &man.csh.1; utility now supports NLS catalogs. 1578 Note that this requires installing 1579 the <filename role="package">shells/tcsh_nls</filename> port. 1580 &merged;</para> 1581 1582 <para>The &man.csup.1; utility has been imported. 1583 This is an implementation of a CVSup-compatible client written 1584 in the C language. Note that it currently supports checkout mode 1585 only. &merged;</para> 1586 1587 <para>The &man.dhclient.8; program now supports the Classless Static 1588 Route option as described in RFC 3442.</para> 1589 1590 <para>The &man.dhclient.8; program now sends the host's name in 1591 DHCP requests if it is not specified in the configuration 1592 file. &merged;</para> 1593 1594 <para>The &man.devd.8; utility now supports a <option>-f</option> option 1595 to specify a configuration file. &merged;</para> 1596 1597 <para>The &man.du.1; program now supports a <option>-n</option> 1598 flag, which causes it to ignore files and directories with 1599 the <literal>nodump</literal> flag set. &merged;</para> 1600 1601 <para>The &man.dump.8; and &man.restore.8; programs now attempt to 1602 save and restore extended attribute information on files.</para> 1603 1604 <para>The &man.fdisk.8; program now supports a <option>-p</option> 1605 flag to print the slice table in fdisk configuration format.</para> 1606 1607 <para>The &man.fsdb.8; utility now supports changing the birth 1608 time of files on UFS2 file systems using the new 1609 <literal>btime</literal> command. &merged;</para> 1610 1611 <para>The &man.fsdb.8; program now supports 1612 a <literal>findblk</literal> command, which finds the inode(s) 1613 owning a specific disk block. &merged;</para> 1614 1615 <para>The &man.find.1; program now supports <option>-Btime</option> 1616 and other related primaries, which can be used to create expressions 1617 based on a file's creation time. &merged;</para> 1618 1619 <para>T/TCP support in &man.finger.1; (and the <option>-T</option> 1620 flag used to enable it) has been removed.</para> 1621 1622 <para>A bug in the &man.find.1; program which prevents 1623 numeric arguments for <option>-user</option> and 1624 <option>-group</option> from working as expected 1625 has been fixed.</para> 1626 1627 <para>The &man.freebsd-update.8; utility, a tool for managing 1628 binary updates to the &os; base system, has been added. &merged;</para> 1629 1630 <para>The &man.ftpd.8; utility now creates a PID file 1631 <filename>/var/run/ftpd.pid</filename> even when 1632 no <option>-p</option> option is specified. &merged;</para> 1633 1634 <para>The &man.ftpd.8; utility now has support for RFC2389 (FEAT) 1635 and rudimentary support for RFC2640 (UTF8). The RFC2640 support 1636 is optional and can be enabled using the new <option>-8</option> 1637 flag. More information can be found in the &man.ftpd.8; manual 1638 page. &merged;</para> 1639 1640 <para>The &man.gcc.1; SSP (Stack-Smashing Protector) support is now 1641 enabled by default.</para> 1642 1643 <para>The &man.gbde.8; utility now supports 1644 <option>-k</option> and <option>-K</option> options 1645 to specify a key file in addition to a passphrase.</para> 1646 1647 <para>The &man.getfacl.1; utility now supports 1648 a <option>-q</option> flag to suppress the per-file header 1649 comment listing the file name, owner, and group. 1650 &merged;</para> 1651 1652 <para>The &man.getent.1; utility has been imported from NetBSD. 1653 It retrieves and displays information from an administrative 1654 database (such as <filename>hosts</filename>) using the lookup 1655 order specified in &man.nsswitch.conf.5;. &merged;</para> 1656 1657 <para>The &man.gpt.8; utility now supports setting GPT partition labels.</para> 1658 1659 <para>The &man.gvinum.8; utility now supports commands 1660 to rename objects and to move a subdisk from 1661 one drive to another. &merged;</para> 1662 1663 <para>The &man.gvinum.8; utility now supports the 1664 <command>resetconfig</command> sub-command.</para> 1665 1666 <para>An implementation of Generic Security Service API (GSS-API) 1667 version 2 and its C binding described in RFC2743 and RFC2744 1668 has been added. This is a new extensible GSS-API layer which 1669 can support GSS-API plugins, similar the the Solaris 1670 implementation, and the Kerberos 5 GSS mechanism has 1671 been rewritten as a plugin library for the new implementation.</para> 1672 1673 <para>The &man.hccontrol.8; utility now supports HCI node 1674 autodetection.</para> 1675 1676 <para>The &man.id.1; utility now prints the effective user 1677 ID after the group ID.</para> 1678 1679 <para>The &man.id.1; utility now supports a <option>-A</option> 1680 flag to print process audit properties, including the audit user 1681 id. &merged;</para> 1682 1683 <para>The &man.ifconfig.8; utility now supports 1684 a <option>-k</option> flag to allow printing 1685 potentially sensitive keying material to standard output. 1686 This sensitive information will not be printed by default. 1687 &merged;</para> 1688 1689 <para>The &man.ifconfig.8; utility now supports a <option>-tunnel</option> 1690 parameter, which is just an alias for <option>deletetunnel</option>, 1691 yet is more convenient and easier to type. &merged;</para> 1692 1693 <para>The <option>-vlandev</option> parameter to &man.ifconfig.8; 1694 no longer requires a network interface as its argument. The 1695 argument still is supported for backward compatibility, but 1696 is now deprecated and its use is discouraged. &merged;</para> 1697 1698 <para>The &man.iostat.8; utility now supports 1699 a <option>-x</option> flag (inspired by Solaris) to print 1700 extended disk statistics. If the new <option>-z</option> flag is 1701 also specified, no output is made for disks with no 1702 activity. &merged;</para> 1703 1704 <para>The &man.ipfwpcap.8; utility has been added; it captures 1705 packets on a &man.divert.4; socket and writes them as 1706 &man.pcap.3; (also known as &man.tcpdump.1;) format data to a 1707 file or pipe.</para> 1708 1709 <para>The &man.jail.8; utility supports a <option>-J 1710 <replaceable>jid_file</replaceable></option> option to 1711 write out a JidFile, similar to a PidFile, containing 1712 the jailid, path, hostname, IP and the command used to start 1713 the jail. &merged;</para> 1714 1715 <para>The &man.jail.8; program now supports a <option>-s</option> 1716 option to specify a jail's securelevel. &merged;</para> 1717 1718 <para>The &man.jexec.8; utility now supports <option>-u</option> 1719 and <option>-U</option> flags to specify username credentials 1720 under which a command should be executed. &merged;</para> 1721 1722 <para>The &man.kdump.1; program now supports a <option>-H</option> 1723 flag, which causes kdump to print an additional field holding 1724 the threadid. &merged;</para> 1725 1726 <para>The &man.kdump.1; program now supports a <option>-s</option> 1727 flag to suppress the display of I/O data. &merged;</para> 1728 1729 <para>The &man.kdump.1; program now supports printing 1730 flags in a system call argument by using symbol names.</para> 1731 1732 <para>The &man.kenv.1; utility now supports a <option>-q</option> 1733 flag to suppress warnings.</para> 1734 1735 <para>&man.kgdb.1; now supports a <option>-w</option> 1736 option to open kmem-based targets in read-write mode. 1737 This allows one to use kgdb on <filename>/dev/mem</filename> 1738 and be able to patch memory on a live system.</para> 1739 1740 <para>The &man.libarchive.3; library now supports 1741 POSIX.1e-style Extended Attributes.</para> 1742 1743 <para>The &man.libarchive.3; library now contains support for 1744 &man.ar.1;-style archives.</para> 1745 1746 <para>The <application>libc</application> library now includes 1747 initial implementation of symbol maps and symbol version 1748 definitions.</para> 1749 1750 <para>The <application>libedit</application> library has been 1751 updated from the NetBSD source tree as of August 2005.</para> 1752 1753 <para>The <application>libm</application> library now includes 1754 initial implementation of symbol maps and symbol version 1755 definitions.</para> 1756 1757 <para>The &man.libmemstat.3; library has been added. 1758 This is for use by debugging and monitoring applications 1759 in tracking kernel memory statistics. It provides an 1760 abstracted interface to &man.uma.9; and &man.malloc.9; 1761 statistics, wrapped around the binary stream sysctl variables 1762 for the allocators. &merged;</para> 1763 1764 <para>The &man.ln.1; utility now supports 1765 an <option>-F</option> flag, which deletes existing 1766 empty directories when creating symbolic links. 1767 &merged;</para> 1768 1769 <para>The &man.locate.1; utility now supports 1770 a <option>-0</option> flag to make this utility 1771 interoperable with &man.xargs.1;'s <option>-0</option> flag. 1772 &merged;</para> 1773 1774 <para>The &man.logger.1; utility now supports 1775 a <option>-P</option>, which specifies the port to which syslog 1776 messages should be sent. &merged;</para> 1777 1778 <para>The &man.ls.1; utility now supports 1779 an <option>-I</option> flag to disable the automatic 1780 <option>-A</option> flag for the superuser. &merged;</para> 1781 1782 <para>The &man.ls.1; utility now supports 1783 an <option>-U</option> flag to use the file creation 1784 time for sorting. &merged;</para> 1785 1786 <para>A new &man.malloc.3; implementation has been introduced. 1787 This implementation, sometimes referred to 1788 as <quote>jemalloc</quote>, was designed to improve the 1789 performance of multi-threaded programs, particularly on SMP 1790 systems, while preserving the performance of single-threaded 1791 programs. Due to the use of different algorithms and data 1792 structures, jemalloc may expose some previously-unknown bugs in 1793 userland code, although most of the &os; base system and common 1794 ports have been tested and/or fixed. Note that jemalloc uses 1795 &man.mmap.2; to obtain memory and only uses &man.sbrk.2; under 1796 limited circumstances (and then only for 32-bit architectures). 1797 As a result, the <literal>datasize</literal> resource limit 1798 has little practical effect for typical applications. The 1799 <literal>vmemoryuse</literal> resource limit, however, can be 1800 used to bound the total virtual memory used by a process, as 1801 described in &man.limits.1;.</para> 1802 1803 <para>The &man.mdconfig.8; utility now supports producing 1804 device listings formatted as XML. Currently, the 1805 <command>list</command> and <command>query</command> 1806 sub-commands support this feature.</para> 1807 1808 <para>The &man.mdconfig.8; utility's <option>-u</option> option 1809 now supports specifying multiple devices separated 1810 by comma character.</para> 1811 1812 <para>The &man.mdmfs.8; utility now supports a <option>-P</option> flag 1813 to allow skipping the &man.newfs.8; process 1814 when using a vnode-backed disk.</para> 1815 1816 <para>The &man.mdmfs.8; utility now supports a <option>-E</option> flag 1817 to allow to specify location of the &man.mdconfig.8; 1818 utility instead of using the default one 1819 (<filename>/sbin/mdconfig</filename>).</para> 1820 1821 <para>A new function &man.memmem.3; has been implemented in 1822 <filename>libc</filename>. This is the binary equivalent to 1823 &man.strstr.3; and found in <filename>glibc</filename>.</para> 1824 1825 <para>The &man.mergemaster.8; utility now supports 1826 an <option>-A</option> option to explicitly specify 1827 an architecture to pass through to the underlying makefiles. 1828 &merged;</para> 1829 1830 <para>The &man.mount.8; <literal>nodev</literal> option has 1831 been removed.</para> 1832 1833 <para>The &man.mount.8; utility now supports &man.mqueuefs.5;.</para> 1834 1835 <para>A bug which prevents the &man.mount.8; utility from converting 1836 a read-only mount to read-write via <command>mount -u -o rw</command>, 1837 has been fixed.</para> 1838 1839 <para>The &man.mount.8; utility now supports a 1840 <literal>late</literal> keyword in &man.fstab.5;, along with a 1841 corresponding <option>-l</option> command-line option to specify 1842 that these <quote>late</quote> file systems should be 1843 mounted. &merged;</para> 1844 1845 <para>The &man.moused.8; daemon now supports an <option>-H</option> flag 1846 to enable horizontal virtual scrolling similar to the 1847 <option>-V</option> flag for vertical virtual scrolling. 1848 &merged;</para> 1849 1850 <para>The mrouted(8) multicast routing daemon has been removed 1851 from the &os; base system. It implements the DVMRP multicast 1852 routing protocol, which has largely been replaced by PIM in many 1853 multicast installations. The related map-mbone(8) and mrinfo(8) 1854 utilities have also been removed. These programs are now 1855 available in the &os; Ports Collection 1856 as <filename role="package">net/mrouted</filename>.</para> 1857 1858 <para>The &man.netstat.1; utility now supports an 1859 <option>-h</option> flag for interface stats mode, 1860 which prints all interface statistics in human readable form. &merged;</para> 1861 1862 <para>The &man.netstat.1; utility now supports 1863 printing &man.ipsec.4; protocol statistics. 1864 Note that the output of <command>netstat -s -p ipsec</command> 1865 differs depending on which stack is compiled into 1866 the kernel since they each keep different statistics. &merged;</para> 1867 1868 <para>The &man.netstat.1; utility now supports printing 1869 &man.sctp.4; protocol statistics.</para> 1870 1871 <para>The <filename>/etc/nsswitch.conf</filename> file is now 1872 installed statically instead of being generated on every 1873 reboot.</para> 1874 1875 <para>The objformat(1) utility and getobjformat(3) library (the 1876 last remnants of a.out object file support) have been removed.</para> 1877 1878 <para>The &man.pam.nologin.8; module no longer provides a 1879 an authentication function; instead it now provides an account 1880 management function. Third-party files in 1881 <filename>/usr/local/etc/pam.d</filename> may 1882 need manual editing; specifically, lines in these files of 1883 the form: 1884 1885 <screen>auth required pam_nologin.so no_warn</screen></para> 1886 1887 <para>These lines need to have the word <literal>auth</literal> 1888 replaced with the word <literal>account</literal>.</para> 1889 1890 <para>The &man.periodic.8; daily script now supports 1891 display of the status of &man.gmirror.8;, &man.graid3.8;, 1892 &man.gstripe.8;, and &man.gconcat.8; devices. 1893 Note that these are disabled by default. &merged;</para> 1894 1895 <para>A new function, &man.pidfile.3;, which provides reliable 1896 pidfiles handling, has been implemented in 1897 <filename>libutil</filename>. &merged;</para> 1898 1899 <para>The &man.ping.8; utility now supports a <quote>sweeping 1900 ping</quote> in which &man.icmp.4; payload of 1901 packets being sent is increased with given step. 1902 This is useful for testing problematic channels, MTU issues 1903 or traffic policing functions in networks. &merged;</para> 1904 1905 <para>The &man.ping.8; command now supports a <option>-W</option> 1906 option to specify the maximum time to wait for an echo reply. 1907 &merged;</para> 1908 1909 <para>The &man.pkill.1; utility now supports a 1910 <option>-F</option> option which allows to 1911 restrict matches to a process whose PID is stored in the 1912 pidfile file. When another new option <option>-L</option> 1913 is also specified, the pidfile file must be locked with the 1914 &man.flock.2; syscall or created with &man.pidfile.3;.</para> 1915 1916 <para>The &man.pkill.1; utility now supports a 1917 <option>-I</option> flag which works like <option>-i</option> 1918 of &man.rm.1;. When this flag is specified, &man.pkill.1; 1919 will ask for confirmation before sending a signal to 1920 each matching process.</para> 1921 1922 <para>The &man.pkill.1; utility (also known as &man.pgrep.1;) has 1923 been moved from <filename>/usr/bin</filename> 1924 to <filename>/bin</filename> so that it can be used by startup 1925 scripts. Symbolic links from its former location have been 1926 created for backward compatibility. &merged;</para> 1927 1928 <para>The &man.pmcstat.8; program has seen several enhancements: 1929 It can now log over a network socket to a remote host. The 1930 <option>-c</option> now takes a comma-seperated list of CPUs 1931 to configure for PMC allocation. The <option>-t</option> option 1932 has been enhanced to take a regular expression for selecting 1933 processes based on their command names. &man.pmcstat.8; now 1934 allocates system PMCs on all CPUs by default, not just CPU 0.</para> 1935 1936 <para>The &man.powerd.8; program now supports a 1937 <option>-P</option> option, which specifies a pidfile to use.</para> 1938 1939 <para>An extensible implementation of &man.printf.3;, compatible 1940 with GLIBC, has been added to <filename>libc</filename>. It is 1941 only used if the environment variable 1942 <varname>USE_XPRINTF</varname> is defined, one of the extension 1943 functions is called, or the global variable 1944 <varname>__use_xprintf</varname> is set to a value greater than 1945 <literal>0</literal>. Five extensions are currently supported: 1946 <literal>%H</literal> (hex dump), 1947 <literal>%T</literal> (<varname>time_t</varname> and 1948 time-related structures), 1949 <literal>%M</literal> (errno message), 1950 <literal>%Q</literal> (double-quoted, escaped string), 1951 <literal>%V</literal> (&man.strvis.3;-format string), 1952 &merged;</para> 1953 1954 <para>The &man.pw.8; program now supports a <option>-M</option> 1955 option to set the permissions of a user's newly created home 1956 directory. &merged;</para> 1957 1958 <para>The DNS resolver library in &os;'s <application>libc</application> 1959 has been updated to that from BIND 9.4.1.</para> 1960 1961 <para>The &man.rfcomm.sppd.1; program now supports service names 1962 in addition to <option>-c</option> option with channel number. 1963 The supported names are: DUN (Dial-Up Networking), FAX (Fax), 1964 LAN (LAN Access Using PPP), and SP (Serial Port). &merged;</para> 1965 1966 <para>The &man.rpcbind.8; program can now bind its TCP listening 1967 socket to an IP address other than INADDR_ANY using the 1968 <option>-h</option> flag. The new <option>-6</option> flag allows 1969 it to bind to IPv6 addresses only.</para> 1970 1971 <para>The &man.rpcgen.1; utility now generates headers and stub files 1972 that can be used with ANSI C compilers by default.</para> 1973 1974 <para>The &man.rpc.lockd.8; and &man.rpc.statd.8; programs now 1975 accept <option>-p</option> options to indicate which port they 1976 should bind to. &merged;</para> 1977 1978 <para>The &man.rtld.1; runtime linker now supports ELF symbol versioning 1979 using GNU semantics. This implementation aims to be compatible 1980 with symbol versioning support as implemented by GNU libc and 1981 documented in <ulink url="http://people.redhat.com/~drepper/symbol-versioning"></ulink> 1982 and LSB 3.0. Also, <function>dlvsym()</function> 1983 function has been added to 1984 allow lookups for a specific version of a given symbol.</para> 1985 1986 <para>The &man.sa.8; utility now supports <option>-U</option> 1987 and <option>-P</option> flags. They can be used to specify 1988 the per-user and per-process summary file location, 1989 respectively.</para> 1990 1991 <para>A bug in the &man.sed.1; utility which can cause 1992 incorrect calculation of pattern space length in some cases 1993 has been fixed.</para> 1994 1995 <para>The &man.sed.1; utility now supports case-insensitive 1996 pattern matching; this feature can be enabled by using 1997 the <literal>I</literal> flag after the closing delimiter for a 1998 regular expression.</para> 1999 2000 <para>The behavior of the &man.setenv.3; family of library calls 2001 has been changed from the historic BSD API to the 2002 behavior mandated by POSIX. As a result, several base system 2003 utility that relied on the old API have been updated to track 2004 this change.</para> 2005 2006 <para>The <option>-h</option> flag to &man.setfacl.1; now properly 2007 sets the ACL on a symbolic link, not the link target.</para> 2008 2009 <para>The &man.sh.1; utility now supports a <literal>times</literal> 2010 built-in command. &merged;</para> 2011 2012 <para>The &man.snapinfo.8; utility, which shows snapshot locations 2013 on UFS file systems, has been added. &merged;</para> 2014 2015 <para>The &man.sockstat.1; utility, which shows connected and 2016 listening network sockets, now supports a new <option>-P</option> 2017 command-line option, which can be used to filter displayed sockets 2018 by protocol name (as listed in &man.protocols.5;).</para> 2019 2020 <para>The &man.strtonum.3; library function has been implemented 2021 based on OpenBSD's implementation. This is an improved version of 2022 &man.strtoll.3;. &merged;</para> 2023 2024 <para>The &man.sysctl.8; utility now supports a <option>-q</option> 2025 flag to suppress a limited set of warnings and errors.</para> 2026 2027 <para>The &man.tail.1; utility now supports a <option>-q</option> 2028 flag to suppress header lines when multiple files are 2029 specified. &merged;</para> 2030 2031 <para>The version of tcpslice in the &os; base system has been 2032 removed due to obsolescence. A more up-to-date version can be 2033 found in the Ports Collection 2034 as <filename role="package">net/tcpslice</filename>.</para> 2035 2036 <para>The &man.time.1; utility now prints the time that a given 2037 command has been running if sent a <literal>SIGINFO</literal> signal.</para> 2038 2039 <para>The &man.top.1; program now supports a <option>-a</option> 2040 flag to display process titles from their argument vectors; 2041 this feature is useful for watching processes that change their 2042 titles via &man.setproctitle.3;.</para> 2043 2044 <para>The &man.top.1; program now supports a <option>-j</option> 2045 flag to display the &man.jail.8; ID for each process. &merged;</para> 2046 2047 <para>The &man.touch.1; utility now supports a <option>-A</option> 2048 flag that allows the access and modification times of a file to be 2049 adjusted by a specified value. &merged;</para> 2050 2051 <para>The &man.traceroute.8; program now supports 2052 a <option>-D</option> flag, which causes it to display the 2053 differences between the sent and received 2054 packets. &merged;</para> 2055 2056 <para>The &man.traceroute.8; utility now supports 2057 a <option>-e</option> option, which sets a fixed destination 2058 port for probe packets. This can be useful for tracing behind 2059 packet-filtering firewalls. &merged;</para> 2060 2061 <para>&man.traceroute.8; now decodes the complete set of ICMP 2062 unreachable messages in its output. &merged;</para> 2063 2064 <para>The &man.truss.1; utility now supports an <option>-s</option> 2065 flag for the same functionality as the strace utility 2066 (<filename role="package">devel/strace</filename>).</para> 2067 2068 <para>The &man.truss.1; utility no longer depends on the availability 2069 of the &man.procfs.5; file system; it uses the &man.ptrace.2; 2070 interface instead for controlling a traced process.</para> 2071 2072 <para>[&arch.powerpc;] The &man.truss.1; utility now supports &os;/powerpc.</para> 2073 2074 <para>The usbd(8) utility has been removed. 2075 The &man.devd.8; utility and its configuration 2076 file now support functionality which is equivalent to it.</para> 2077 2078 <para>The &man.uuidgen.1; utility has been moved from 2079 <filename>/usr/bin</filename> to <filename>/bin</filename>.</para> 2080 2081 <para>The vnconfig(8) utility, which was long ago replaced by 2082 &man.mdconfig.8;, has been removed.</para> 2083 2084 <para>The wicontrol(8) utility has been removed. Configuration 2085 functions for &man.wi.4; interfaces should be performed using 2086 &man.ifconfig.8;.</para> 2087 2088 <para>The &man.xargs.1; utility now supports a <option>-r</option> 2089 flag which makes the command execution when the standard input 2090 does not contain any non-whitespace-characters. &merged;</para> 2091 2092 <para>The shared library version number of all libraries has 2093 been updated due to some possible ABI changes. The libraries 2094 include: snmp_<replaceable>*</replaceable>, libdialog, libg2c, libobjc, 2095 libreadline, libregex, libstdc++, libkrb5, libalias, libarchive, 2096 libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt, 2097 libdevstat, libedit, libexpat, libfetch, libftpio, libgpib, 2098 libipsec, libkiconv, libmagic, libmp, libncp, libncurses, 2099 libnetgraph, libngatm, libopie, libpam, libpthread, libradius, 2100 libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw, 2101 libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto, 2102 libssh, and libssl.</para> 2103 2104 <para>The <function>wcsdup()</function> function has been 2105 implemented. This function is popular in Microsoft and GNU 2106 systems.</para> 2107 2108 <para>The &man.wlandebug.8; utility has been added to the main 2109 &os; source tree (it previously lived in a tools area). It 2110 provides control over a number of types of debugging output 2111 in the &man.wlan.4; module and related drivers, and can be 2112 useful for debugging wireless issues.</para> 2113 2114 <para>The &man.wpa.passphrase.8; utility has been added. It 2115 generates a 256-bit pre-shared WPA key from an ASCII 2116 passphrase. &merged;</para> 2117 2118 <para>The compiler toolchain is now capable of generating 2119 executables for systems using the ARM processor. &merged;</para> 2120 2121 <sect3 id="rc-scripts"> 2122 <title><filename>/etc/rc.d</filename> Scripts</title> 2123 2124 <para>The <filename>auditd</filename> script for 2125 OpenBSM &man.auditd.8; has been added. &merged;</para> 2126 2127 <para>The <filename>bluetooth</filename> script 2128 has been added. This script will be called from 2129 &man.devd.8; in response to device attachment/detachment 2130 events and to stop/start particular device without unplugging 2131 it by hand. The configuration parameters are in 2132 <filename>/etc/defaults/bluetooth.device.conf</filename>, 2133 and can be overridden by using 2134 <filename>/etc/bluetooth/<replaceable>$device</replaceable>.conf</filename> 2135 (where <replaceable>$device</replaceable> is <devicename>ubt0</devicename>, 2136 <devicename>btcc0</devicename>, and so on.) 2137 For more details, see &man.bluetooth.conf.5;. &merged;</para> 2138 2139 <para>The <filename>ftpd</filename> script for 2140 stand-alone &man.ftpd.8; has been added.</para> 2141 2142 <para>The <filename>gbde_swap</filename> script has 2143 been removed in favor a new <filename>encswap</filename> 2144 script which also supports &man.geli.8; for swap 2145 encryption.</para> 2146 2147 <para>The <filename>geli</filename> and <filename>geli2</filename> 2148 scripts has been added for &man.geli.8; device 2149 configuration on boot.</para> 2150 2151 <para>The <filename>ike</filename> script for 2152 IPsec IKE daemon has been removed because no such daemon 2153 is included in the base system.</para> 2154 2155 <para>The <filename>hcsecd</filename> and 2156 <filename>sdpd</filename> scripts have been added 2157 for &man.hcsecd.8; and &man.sdpd.8; daemons. 2158 These daemons can run even if no Bluetooth devices 2159 are attached to the system, but both daemons depend on 2160 Bluetooth socket layer and thus disabled by default. 2161 Bluetooth sockets layer must be either loaded 2162 as a module or compiled into kernel before the daemons can run. 2163 &merged;</para> 2164 2165 <para>The <filename>hostapd</filename> script for 2166 &man.hostapd.8; has been added. &merged;</para> 2167 2168 <para>The <filename>mdconfig</filename> script to 2169 handle vnode backed &man.md.4; devices has been added. 2170 This is a replacement of the <filename>ramdisk</filename> 2171 script, and all of variables in <varname>ramdisk_*</varname> 2172 have been changed to <varname>mdconfig_*</varname>. 2173 Also, two new &man.rc.conf.5; variables 2174 <varname>mdconfig_<replaceable>*</replaceable>_files</varname> 2175 and 2176 <varname>mdconfig_<replaceable>*</replaceable>_cmd</varname> 2177 have been added. For example:</para> 2178 2179 <programlisting>mdconfig_md0="-t malloc -s 10m" 2180mdconfig_md1="-t vnode -f /var/foo.img"</programlisting> 2181 2182 <para>The <filename>netif</filename> script now supports 2183 <varname>ipv4_addrs_<replaceable>ifn</replaceable></varname> 2184 variables, 2185 which add one or more IPv4 address from a ranged list in 2186 CIDR notation. &merged; For example:</para> 2187 2188 <programlisting>ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"</programlisting> 2189 2190 <para>The <filename>rcconf.sh</filename> script in <filename>/etc/rc.d</filename> 2191 has been removed and a variable <varname>early_late_divider</varname>, 2192 which designates the script to separate the early and late stages 2193 of the boot process, has been added.</para> 2194 2195 <para>The <filename>rc.initdiskless</filename> script now uses &man.tar.1; 2196 instead of &man.pax.1; because &man.pax.1; needs a writable 2197 temporary directory that may not be available when this script 2198 runs.</para> 2199 2200 <para>The <filename>pccard</filename> script has been removed 2201 since OLDCARD is deprecated.</para> 2202 2203 <para>The <filename>ppp-user</filename> script has been renamed to 2204 <filename>ppp</filename>. &merged;</para> 2205 2206 <para>The <filename>sendmail</filename> script no longer rebuilds 2207 the aliases database if it is missing or older than the aliases 2208 file. If desired, set the new rc.conf option 2209 <varname>sendmail_rebuild_aliases</varname> to "YES" to restore 2210 that functionality.</para> 2211 2212 <para>The <varname>removable_interfaces</varname> variable 2213 has been removed.</para> 2214 2215 <para>A new keyword <literal>NOAUTO</literal> in 2216 <varname>ifconfig_<replaceable>ifn</replaceable></varname> 2217 has been added. This prevents configuration of an interface 2218 at boot time or via <filename>/etc/pccard_ether</filename>, 2219 and allows <filename>/etc/rc.d/netif</filename> 2220 to be used to start and stop an interface 2221 on a purely manual basis.</para> 2222 </sect3> 2223 </sect2> 2224 2225 <sect2 id="contrib"> 2226 <title>Contributed Software</title> 2227 2228 <para><application>Intel ACPI-CA</application> 2229 has been updated to 20070320.</para> 2230 2231 <para><application>awk</application> has been updated from the 24 2232 April 2005 release to the 1 May 2007 release.</para> 2233 2234 <para><application>BIND</application> has been updated from 9.3.1 2235 to 9.4.1-p1.</para> 2236 2237 <para><application>BSNMPD</application> has been updated from 2238 1.11 to 1.12.</para> 2239 2240 <para><application>BZIP2</application> has been updated from 2241 1.0.3 to 1.0.4. 2242 &merged;</para> 2243 2244 <para>GNU <application>Diffutils</application> has been updated 2245 from 2.7 to 2.8.7. 2246 &merged;</para> 2247 2248 <para><application>DRM</application> has 2249 been updated to a snapshot from DRI CVS as of 20060517. 2250 &merged;</para> 2251 2252 <para>The Forth Inspired Command Language (<application>FICL</application>) 2253 used in the boot loader has been updated to 3.03.</para> 2254 2255 <para><application>FILE</application> has been updated from 4.12 2256 to 4.21.</para> 2257 2258 <para>The GNU version of <application>gzip</application> has been 2259 replaced with a modified version of gzip ported from NetBSD. 2260 &merged;</para> 2261 2262 <para><application>netcat</application> has been updated from the 2263 version in a 4 February 2005 OpenBSD snapshot to the version 2264 included in OpenBSD 4.1. &merged;</para> 2265 2266 <para><application>GCC</application> has been updated from 3.4.4 2267 to 4.2.1.</para> 2268 2269 <para><application>GNU Readline library</application> has been 2270 updated from 5.0 to 5.2 patch 2. &merged;</para> 2271 2272 <para><application>GNU Troff</application> 2273 has been updated from version 1.19 to version 1.19.2. 2274 &merged;</para> 2275 2276 <para><application>IPFilter</application> has been updated from 2277 4.1.8 to 4.1.23.</para> 2278 2279 <para><application>less</application> has been updated from v381 2280 to v406. &merged;</para> 2281 2282 <para><application>libpcap</application> has been updated from 2283 0.9.1 to 0.9.4. &merged;</para> 2284 2285 <para><application>lukemftpd</application> has been updated from a 2286 snapshot from NetBSD as of 9 August 2004 to a snapshot from 2287 NetBSD as of 31 August 2006. &merged;</para> 2288 2289 <para><application>OpenSSH</application> has been updated from 2290 4.2p1 to 4.5p1. &merged;</para> 2291 2292 <para><application>OpenSSL</application> has been updated from 2293 0.9.7e to 0.9.8e.</para> 2294 2295 <para><application>ncurses</application> has been updated from 2296 5.2-20020615 to 5.6-20061217. ncurses now also has wide 2297 character support. &merged;</para> 2298 2299 <para><application>hostapd</application> 2300 has been updated from version 0.3.9 to version 0.5.8. 2301 </para> 2302 2303 <para><application>PF</application> has been updated from OpenBSD 2304 version 3.7 to OpenBSD version 4.1.</para> 2305 2306 <para><application>sendmail</application> has been updated from 2307 8.13.4 to 8.14.1. &merged;</para> 2308 2309 <para><application>tcpdump</application> has been updated from 2310 3.9.1 to 3.9.4. &merged;</para> 2311 2312 <para>The timezone database has been updated from the 2313 <application>tzdata2005l</application> release to the 2314 <application>tzdata2006n</application> release. &merged;</para> 2315 2316 <para><application>tip</application> has been updated to a 2317 snapshot from OpenBSD as of 20060831.</para> 2318 2319 <para>TrustedBSD <application>OpenBSM</application>, 2320 version 1.0 alpha 15, an implementation of the documented Sun Basic 2321 Security Module (BSM) Audit API and file format, as well as local 2322 extensions to support the Mac OS X and &os; operating systems 2323 has been added. This also includes command line tools for audit 2324 trail reduction and conversion to text and XML, as well as 2325 documentation of the commands, file format, and APIs. 2326 For this functionality, the <literal>AUDIT</literal> kernel option, 2327 <filename>/var/audit</filename> directory, and 2328 <literal>audit</literal> group have been added. &merged;</para> 2329 2330 <para><application>WPA Supplicant</application> 2331 has been updated from version 0.3.9 to version 0.5.8. 2332 </para> 2333 2334 <para><application>zlib</application> 2335 has been updated from version 1.2.2 to version 1.2.3. &merged;</para> 2336 </sect2> 2337 2338 <sect2 id="ports"> 2339 <title>Ports/Packages Collection Infrastructure</title> 2340 2341 <para>&man.pkg.add.1; now supports an <option>-F</option> 2342 flag to disable checking whether the same package is already 2343 installed or not. &merged;</para> 2344 2345 <para>The &man.pkg.add.1; program now supports an <option>-P</option> 2346 flag, which is the same as the <option>-p</option> flag 2347 except that the given prefix is also used recursively for the 2348 dependency packages if any. &merged;</para> 2349 2350 <para>The &man.pkg.add.1; and &man.pkg.create.1; utilities now support 2351 a <option>-K</option> flag to save packages to the current directory 2352 (or <varname>PKGDIR</varname> if defined) by default. 2353 &merged;</para> 2354 2355 <para>The &man.pkg.create.1; program now supports an <option>-x</option> 2356 flag to support basic regular expressions for package name, 2357 an <option>-E</option> flag for extended regular 2358 expressions, and a <option>-G</option> for exact matching. &merged;</para> 2359 2360 <para>The &man.pkg.version.1; utility now supports an <option>-o</option> 2361 flag to show the origin recorded on package generation 2362 instead of the package name, and an <option>-O</option> flag 2363 to list packages with a specific registered origin. 2364 &merged;</para> 2365 2366 <para>The &man.portsnap.8; utility (<filename>sysutils/portsnap</filename>) 2367 has been added into the &os; base system. This is a secure, 2368 easy to use, fast, lightweight, and generally good way for 2369 users to keep their ports trees up to date. &merged;</para> 2370 2371 <para>A incorrect handling of <varname>HTTP_PROXY_AUTH</varname> 2372 in the &man.portsnap.8; utility has been fixed. &merged;</para> 2373 2374 <para>The startup scripts from the <varname>local_startup</varname> 2375 directory now evaluated by using &man.rcorder.8; with scripts 2376 in the base system. &merged;</para> 2377 2378 <para>The suffix of startup scripts from the Ports Collection 2379 has been removed. This means <filename>foo.sh</filename> 2380 is renamed to <filename>foo</filename>, and now 2381 scripts whose name is something like 2382 <filename>foo.ORG</filename> will also be invoked. 2383 You are recommended to reinstall packages which install 2384 such scripts and remove extra files in the 2385 <varname>local_startup</varname> directory. &merged;</para> 2386 2387 <para>New <filename>rc.conf</filename> variables, 2388 <varname>ldconfig_local_dirs</varname> and 2389 <varname>ldconfig_local32_dirs</varname> have been added. 2390 These hold lists of local &man.ldconfig.8; directories. 2391 &merged;</para> 2392 2393 <para>The <command>@cwd</command> command in 2394 <filename>pkg-plist</filename> now allows 2395 the case where no directory argument is given. If no 2396 directory argument is given, it will set current 2397 working directory to the first prefix given by the 2398 <command>@cwd</command> command. &merged;</para> 2399 </sect2> 2400 2401 <sect2 id="releng"> 2402 <title>Release Engineering and Integration</title> 2403 2404 <para>The default partition sizing algorithm of the 2405 &man.sysinstall.8; utility has been changed.</para> 2406 2407 <itemizedlist> 2408 <listitem> 2409 <para>On systems where the disk capacity is larger than (3 * RAMsize + 10GB), 2410 the default sizes will now be as follows:</para> 2411 2412 <informaltable frame="none" pgwide="0"> 2413 <tgroup cols="2"> 2414 <colspec colwidth="1*"> 2415 <colspec colwidth="2*"> 2416 <thead> 2417 <row> 2418 <entry>Partition</entry> 2419 <entry>Size</entry> 2420 </row> 2421 </thead> 2422 2423 <tbody> 2424 <row><entry>swap</entry><entry>RAMsize * 2</entry></row> 2425 <row><entry><filename>/</filename></entry><entry>512 MB</entry></row> 2426 <row><entry><filename>/tmp</filename></entry><entry>512 MB</entry></row> 2427 <row><entry><filename>/var</filename></entry><entry>1024 MB + RAMsize</entry></row> 2428 <row><entry><filename>/usr</filename></entry><entry>the rest (8GB or more)</entry></row> 2429 </tbody> 2430 </tgroup> 2431 </informaltable> 2432 </listitem> 2433 2434 <listitem> 2435 <para>On systems where the disk capacity is larger than 2436 (RAMsize / 8 + 2 GB), the default sizes will be 2437 in the following ranges, with space allocated 2438 proportionally:</para> 2439 2440 <informaltable frame="none" pgwide="0"> 2441 <tgroup cols="2"> 2442 <colspec colwidth="1*"> 2443 <colspec colwidth="2*"> 2444 <thead> 2445 <row> 2446 <entry>Partition</entry> 2447 <entry>Size</entry> 2448 </row> 2449 </thead> 2450 2451 <tbody> 2452 <row><entry>swap</entry><entry>from RAMsize / 8 to RAMsize * 2</entry></row> 2453 <row><entry><filename>/</filename></entry><entry>from 256MB to 512MB</entry></row> 2454 <row><entry><filename>/tmp</filename></entry><entry>from 128MB to 512MB</entry></row> 2455 <row><entry><filename>/var</filename></entry><entry>from 128MB to 1024MB</entry></row> 2456 <row><entry><filename>/usr</filename></entry><entry>from 1536MB to 8192MB</entry></row> 2457 </tbody> 2458 </tgroup> 2459 </informaltable> 2460 </listitem> 2461 2462 <listitem> 2463 <para>On systems with even less disk space, the existing behavior is not 2464 changed.</para> 2465 </listitem> 2466 </itemizedlist> 2467 2468 <para>The &man.sysinstall.8; utility now displays the running &os; 2469 version in menu titles. &merged;</para> 2470 2471 <para>A new <literal>showconfig</literal> 2472 target has been added in <filename>src/Makefile</filename> 2473 to show the build configuration of the &os; source tree.</para> 2474 2475 <para>A <filename>/media</filename> directory has been 2476 added to contain mount points for removable media 2477 such as CDROMs, floppy disks, USB drives, and so on. &merged;</para> 2478 2479 <para>The <filename>src.conf</filename> file, which 2480 contains settings that will apply to every build involving 2481 the &os; source tree, has been added. 2482 For details, see &man.build.7; and &man.src.conf.5;.</para> 2483 2484 <para>The supported version of 2485 the <application>GNOME</application> desktop environment 2486 (<filename role="package">x11/gnome2</filename>) has been 2487 updated from 2.10.2 to 2.18.0. As a part of this update, the 2488 default prefix for <application>GNOME</application> (and some 2489 related programs) has moved from 2490 <filename>/usr/X11R6</filename> 2491 to <filename>/usr/local</filename>. &merged;</para> 2492 2493 <para>The supported version of 2494 the <application>KDE</application> desktop environment 2495 (<filename role="package">x11/kde3</filename>) has been 2496 updated from 3.4.2 to 3.5.7. &merged;</para> 2497 2498 <para>[&arch.amd64;, &arch.i386;] The supported Linux emulation now uses the 2499 libraries in the 2500 <filename role="package">emulators/linux_base-fc4</filename> 2501 package. &merged;</para> 2502 2503 <para>The supported version of 2504 the <application>Perl</application> interpreter 2505 (<filename role="package">lang/perl5.8</filename>) has been updated 2506 from 5.8.7 to 5.8.8. &merged;</para> 2507 2508 <para>The supported version of 2509 the <application>&xorg;</application> windowing system 2510 (<filename role="package">x11/xorg</filename>) has been updated 2511 from 6.8.2 to 7.2.0. &merged;</para> 2512 2513 <para>The default value of <varname>X11BASE</varname> has been changed 2514 from <filename>/usr/X11R6</filename> to <filename>/usr/local</filename>, 2515 the default value of <varname>LOCALBASE</varname>. &merged;</para> 2516 2517 <para>[&arch.pc98;] &os;/pc98 release CDROMs are now 2518 bootable on systems with some supported SCSI adapters. 2519 &merged;</para> 2520 </sect2> 2521 2522 <sect2 id="doc"> 2523 <title>Documentation</title> 2524 2525 <para>Documentation of existing functionality has been improved by 2526 the addition of the following manual pages: 2527 &man.acpi.sony.4;, &man.device.get.sysctl.9;, 2528 &man.ext2fs.5;, 2529 &man.mca.8;, 2530 &man.nanobsd.8;, 2531 &man.snd.mss.4;, &man.snd.t4dwave.4;, 2532 &man.sysctl.9;.</para> 2533 2534 <para>The manual pages for <application>NTP</application> 2535 have been updated to 4.2.0, to match the version of 2536 code actually included in &os;. &merged;</para> 2537 2538 <para>Initial support for kernel subsystem API documentation generating 2539 framework using <filename role="package">devel/doxygen</filename> 2540 has been added into <filename>src/sys/doc/subsys</filename>. 2541 To generate the API document, type <command>make doxygen</command> 2542 in <filename>src/</filename> directory.</para> 2543 </sect2> 2544</sect1> 2545 2546<sect1 id="upgrade"> 2547 <title>Upgrading from previous releases of &os;</title> 2548 2549 <para>[&arch.i386;, &arch.amd64;] Beginning with &os; 6.2-RELEASE, 2550 binary upgrades between RELEASE versions (and snapshots of the 2551 various security branches) are supported using the 2552 &man.freebsd-update.8; utility. The binary upgrade procedure will 2553 update unmodified userland utilities, as well as unmodified GENERIC or 2554 SMP kernels distributed as a part of an official &os; release. 2555 The &man.freebsd-update.8; utility requires that the host being 2556 upgraded have Internet connectivity.</para> 2557 2558 <para>An older form of binary upgrade is supported through the 2559 <command>Upgrade</command> option from the main &man.sysinstall.8; 2560 menu on CDROM distribution media. This type of binary upgrade 2561 may be useful on non-&arch.i386;, non-&arch.amd64; machines 2562 or on systems with no Internet connectivity.</para> 2563 2564 <para>Source-based upgrades (those based on recompiling the &os; 2565 base system from source code) from previous versions are 2566 supported, according to the instructions in 2567 <filename>/usr/src/UPDATING</filename>.</para> 2568 2569 <important> 2570 <para>Upgrading &os; should, of course, only be attempted after 2571 backing up <emphasis>all</emphasis> data and configuration 2572 files.</para> 2573 </important> 2574</sect1> 2575</article> 2576