article.xml revision 80900
1239676Srwatson<!-- 2239676Srwatson The "What's New" section of the release notes. Within 3239676Srwatson each subsection (i.e. kernel, security, userland), list 4239676Srwatson items in chronological order, unless necessary to keep 5239676Srwatson related items together, such as multiple release notes 6239676Srwatson pertaining to a single program or module. 7239676Srwatson 8239676Srwatson--> 9239676Srwatson 10239676Srwatson<sect1> 11239676Srwatson <sect1info> 12239676Srwatson <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 80900 2001-08-01 14:22:27Z dd $</pubdate> 13239676Srwatson </sect1info> 14239676Srwatson 15239676Srwatson <title>What's New</title> 16239676Srwatson 17239676Srwatson <para>This section describes the most user-visible new or changed 18239676Srwatson features in &os; since &release.prev;. All changes 19239676Srwatson described here are unique to the &release.branch; branch unless 20239676Srwatson specifically marked as &merged; features.</para> 21239676Srwatson 22239676Srwatson <para>Many additional changes were made to &os; that are not listed 23239676Srwatson here for lack of space. For example, documentation was corrected 24239676Srwatson and improved, minor bugs were fixed, insecure coding practices were 25239676Srwatson audited and corrected, and source code was cleaned up.</para> 26239676Srwatson 27239676Srwatson <para>The release notes items are organized into three different 28239676Srwatson sections. <xref linkend="kernel"> lists recent changes to the &os; 29239676Srwatson kernel. Security fixes, including those pertaining to security 30239676Srwatson advisories, are listed in <xref linkend="security">. Finally, <xref 31239676Srwatson linkend="userland"> covers changes to &os; userland applications 32239676Srwatson included in the base system.</para> 33239676Srwatson 34239676Srwatson <sect2 id="kernel"> 35245380Srwatson <title>Kernel Changes</title> 36239676Srwatson 37239676Srwatson <para>The &man.kqueue.2; event notification facility was added to 38239676Srwatson the &os; kernel. This is a new interface which is able to 39239676Srwatson replace &man.poll.2;/&man.select.2, offering improved performance, 40239676Srwatson as well as the ability to report many different types of events. 41239676Srwatson Support for monitoring changes in sockets, pipes, fifos, and files 42239676Srwatson are present, as well as for signals and processes. &merged;</para> 43239676Srwatson 44239676Srwatson <para arch="i386">Support for Intel's Wired for Management 2.0 (PXE) 45239676Srwatson was added to the FreeBSD boot loader. Due to API differences, the 46239676Srwatson older PXE versions are not supported. This allow network booting 47239676Srwatson using DHCP. &merged;</para> 48239676Srwatson 49239676Srwatson <para>Support for USB devices was added to the 50245380Srwatson <filename>GENERIC</filename> kernel and to the installation 51245380Srwatson programs to support USB devices out of the box. Note that SRM 52239676Srwatson does not support USB devices at the moment, so you must still use 53239676Srwatson an AT keyboard if you are not using a serial console. &merged;</para> 54239676Srwatson 55239676Srwatson <para>POSIX.1b Shared Memory Objects are now supported. The 56239676Srwatson implementation uses regular files, but automatically enables the 57239676Srwatson MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para> 58239676Srwatson 59239676Srwatson <para arch="i386">A driver for AGP hardware has been added. &merged;</para> 60239676Srwatson 61239676Srwatson <para>The kernel and modules have been moved to the directory 62239676Srwatson <filename>/boot/kernel</filename>, so they can be easily 63239676Srwatson manipulated together. The boot loader has been updated to make 64239676Srwatson this change as seamless as possible.</para> 65239676Srwatson 66239676Srwatson <para arch="i386">The i386 boot loader now has support for a 67239676Srwatson <literal>nullconsole</literal> 68239676Srwatson console type, for use on systems with neither a video console nor 69239676Srwatson a serial port. &merged;</para> 70239676Srwatson 71239676Srwatson <para>Replaced the <literal>PQ_*CACHE</literal> options with a 72239676Srwatson single <literal>PQ_CACHESIZE</literal> option to be set to 73239676Srwatson the cache size in kilobytes. The old options are still supported 74239676Srwatson for backwards compatibility. &merged;</para> 75239676Srwatson 76239676Srwatson <para arch="i386">The <literal>NCPU</literal>, <literal>NAPIC</literal>, 77239676Srwatson <literal>NBUS</literal>, and <literal>NINTR</literal> kernel 78239676Srwatson configuration options, for configuring SMP kernels, have been 79239676Srwatson removed. <literal>NCPU</literal> is now set to a maximum of 16, 80239676Srwatson and the other, aforementioned options are now 81239676Srwatson dynamic. &merged;</para> 82239676Srwatson 83239676Srwatson <para>&man.devfs.5;, which allows entries in the 84239676Srwatson <filename>/dev</filename> directory to be built automatically and 85239676Srwatson supports more flexible attachment of devices, has been largely 86239676Srwatson reworked. &man.devfs.5; is now enabled by default and can be 87239676Srwatson disabled by the <literal>NODEVFS</literal> kernel option.</para> 88240518Seadler 89239676Srwatson <para arch="i386">Preliminary Cardbus support under NEWCARD has been added. 90239676Srwatson This code supports the TI113X, TI12XX, TI125X, Ricoh 5C46/5C47, Topic 91239676Srwatson 95/97/100 and Cirrus Logic PD683X bridges. 16-bit PC Card support 92239676Srwatson is not yet functional.</para> 93239676Srwatson 94239676Srwatson <para>Write combining for crashdumps has been implemented. This 95239676Srwatson feature is useful when write caching is disabled on both SCSI and 96239676Srwatson IDE disks, where large memory dumps could take up to an hour to 97239676Srwatson complete. &merged;</para> 98239676Srwatson 99239676Srwatson <para>Extremely large swap areas (>67 GB) no longer panic the 100239676Srwatson system.</para> 101239676Srwatson 102239676Srwatson <para arch="i386">The &man.ichsmb.4; driver for the Intel 82801AA 103239676Srwatson (ICH) SMBus controller and compatibles has been 104239676Srwatson added. &merged;</para> 105239676Srwatson 106239676Srwatson <para arch="i386">The &man.uscanner.4; driver for basic USB scanner support 107239676Srwatson using SANE has been added. See <ulink 108239676Srwatson url="http://www.mostang.com/sane/">the SANE home page</ulink> for 109239676Srwatson supported scanners. The HP ScanJet 4100C, 5200C and 6300C are 110239676Srwatson known to be working.</para> 111239676Srwatson 112239676Srwatson <para arch="i386">The umodem driver for USB modems has been added. 113239676Srwatson Support is provided for the 3Com 5605 and Metricom Ricochet GS 114239676Srwatson wireless USB modems.</para> 115239676Srwatson 116239676Srwatson <para arch="alpha">Support for threads under Linux emulation has been 117239676Srwatson added.</para> 118239676Srwatson 119239676Srwatson <para arch="i386">The pccard driver and &man.pccardc.8; now support multiple 120239676Srwatson <quote>beep types</quote> upon card insertion and removal. &merged;</para> 121239676Srwatson 122239676Srwatson <para>A number of cleanups and enhancements have been applied to 123239676Srwatson the PCI subsystem. 124239676Srwatson <filename>/usr/share/misc/pci_vendors</filename> now contains a 125239676Srwatson vendor/device database, which can be used by 126239676Srwatson &man.pciconf.8;.</para> 127239676Srwatson 128239676Srwatson <para arch="i386">The &man.spic.4; driver, which provides access to the job 129239676Srwatson dial device on some Sony laptops, has been added.</para> 130239676Srwatson 131239676Srwatson <para arch="i386">PECOFF (WIN32 Execution file format) support has been 132239676Srwatson added.</para> 133239676Srwatson 134239676Srwatson <para>A VESA S3 linear framebuffer driver has been added.</para> 135239676Srwatson 136239676Srwatson <para>The <maketarget>buildkernel</maketarget> target now gets the 137239676Srwatson name of the configuration(s) to build from the 138239676Srwatson <varname>KERNCONF</varname> variable, not 139239676Srwatson <varname>KERNEL</varname>. It is no longer required, in some 140239676Srwatson cases, for a <maketarget>buildworld</maketarget> to precede a 141239676Srwatson <maketarget>buildkernel</maketarget>. (The 142239676Srwatson <maketarget>buildworld</maketarget> is still required when 143239676Srwatson upgrading across major releases, across 144239676Srwatson <application>binutil</application> upgrades and when &man.config.8; 145239676Srwatson changes version.) 146239676Srwatson </para> 147239676Srwatson 148239676Srwatson <para>The &man.random.4; device has been rewritten to use the 149239676Srwatson <application>Yarrow</application> algorithm. It harvests entropy 150239676Srwatson from a variety of interrupt sources, including the console 151239676Srwatson devices, Ethernet and point-to-point network interfaces, and 152239676Srwatson mass-storage devices. Entropy from the &man.random.4; device is 153239676Srwatson now periodically saved to files in 154239676Srwatson <filename>/var/db/entropy</filename>, as well as at 155239676Srwatson &man.shutdown.8; time.</para> 156239676Srwatson 157239676Srwatson <para>The &man.syscons.4; driver now supports keyboard-controlled 158239676Srwatson pasting, by default bound to 159239676Srwatson <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para> 160239676Srwatson 161239676Srwatson <para>The &man.labpc.4; driver has been removed due to 162239676Srwatson <quote>bitrot</quote>.</para> 163239676Srwatson 164239676Srwatson <para>A new kernel option, <literal>options REGRESSION</literal>, 165239676Srwatson enables interfaces and functionality intended for use during 166239676Srwatson correctness and regression testing.</para> 167239676Srwatson 168239676Srwatson <para>The <literal>USER_LDT</literal> kernel option is now 169239676Srwatson activated by default.</para> 170239676Srwatson 171239676Srwatson <para>A new &man.ddb.4; command <command>show pcpu</command> lists 172239676Srwatson some of the per-CPU data.</para> 173239676Srwatson 174239676Srwatson <para>A new digi driver has been added to support PCI Xr-based and ISA 175239676Srwatson Xem Digiboard cards. A new digictl program is (mainly) used to 176239676Srwatson re-initialise cards that have external port modules attached such as 177239676Srwatson the PC/Xem.</para> 178239676Srwatson 179239676Srwatson <para>The <literal>O_DIRECT</literal> flag has been added to 180239676Srwatson &man.open.2; and &man.fcntl.2;. Specifying this flag for open 181239676Srwatson files will attempt to minimize the cache effects of reading and 182239676Srwatson writing. &merged;</para> 183239676Srwatson 184239676Srwatson <para><literal>OLDCARD</literal> and &man.pccardd.8; now support 185239676Srwatson PCI cards.</para> 186239676Srwatson 187239676Srwatson <para>An &man.orm.4; device has been added to claim the option 188239676Srwatson ROMs in the ISA memory I/O space, to prevent other drivers from 189239676Srwatson mistakenly assigning addresses that conflict with these ROMs. &merged;</para> 190239676Srwatson 191239676Srwatson <para>The out-of-swap process termination code now begins killing 192239676Srwatson processes earlier to avoid deadlocks; it now also takes into 193239676Srwatson account the swap space used by processes when computing the 194239676Srwatson process sizes. &merged;</para> 195239676Srwatson 196239676Srwatson <para>Linker sets are now self-contained; &man.gensetdefs.8; is 197239676Srwatson unnecessary and has been removed.</para> 198239676Srwatson 199239676Srwatson <para>Numerous SMP-friendly changes have been made to the kernel's 200239676Srwatson mbuf allocator.</para> 201239676Srwatson 202239676Srwatson <para>The dgm driver has been removed in favor of the digi driver.</para> 203239676Srwatson 204239676Srwatson <para>Network device cloning has been implemented, and the &man.gif.4; 205239676Srwatson device has been modified to take advantage of it. 206239676Srwatson Thus, instead of specifying how many &man.gif.4; interfaces 207239676Srwatson are available in kernel configuration files, &man.ifconfig.8;'s 208239676Srwatson <option>create</option> option should be used when another device 209239676Srwatson instance is desired. &merged;</para> 210239676Srwatson 211239676Srwatson <para>The kernel message buffer is now accessible by the 212239676Srwatson (machine-independent) <varname>kern.msgbuf</varname> sysctl 213239676Srwatson variable; &man.dmesg.8; no longer needs to be SGID 214239676Srwatson <groupname>kmem</groupname>.</para> 215239676Srwatson 216239676Srwatson <para>A simple hash-based lookup optimization for large directories 217239676Srwatson called <literal>dirhash</literal> has been added. Conditional on the 218239676Srwatson <literal>UFS_DIRHASH</literal> kernel option, it improves the speed of 219239676Srwatson operations on very large directories at the expense of some 220239676Srwatson memory.</para> 221239676Srwatson 222239676Srwatson <para>Two new &man.ddb.4; commands, <command>hwatch</command> and 223239676Srwatson <command>dhwatch</command>, have been introduced. Analogous to 224275429Sbrooks <command>watch</command> and <command>dwatch</command>, they install 225275429Sbrooks hardware watchpoints (as opposed to software watchpoints) if supported 226275429Sbrooks by the architecture. &merged;</para> 227239676Srwatson 228239676Srwatson <para arch="i386">Support for Streaming <acronym>SIMD</acronym> 229239676Srwatson Extensions (<acronym>SSE</acronym>) has been introduced. The 230239676Srwatson <literal>CPU_ENABLE_SSE</literal> kernel option controls whether 231239676Srwatson support is compiled into the kernel.</para> 232239676Srwatson 233239676Srwatson <sect3> 234239676Srwatson <title>Processor/Motherboard Support</title> 235239676Srwatson 236239676Srwatson <para>SMP support has been largely reworked, incorporating code 237239676Srwatson from BSD/OS 5.0. One of the main features of SMPng (<quote>SMP 238239676Srwatson Next Generation</quote>) is to allow more processes to run in 239239676Srwatson kernel, without the need for spin locks that can dramatically 240239676Srwatson reduce the efficiency of multiple processors. Interrupt 241239676Srwatson handlers now have contexts associated with them that allow them 242239676Srwatson to be blocked, which reduces the need to lock out 243239676Srwatson interrupts.</para> 244239676Srwatson 245239676Srwatson <para arch="i386">Support for the 80386 processor has been 246239676Srwatson removed from the <filename>GENERIC</filename> kernel, as this 247239676Srwatson code seriously pessimizes performance on other ia32 248239676Srwatson processors.</para> 249239676Srwatson 250239676Srwatson <para arch="i386">The <literal>I386_CPU</literal> kernel option 251239676Srwatson to support the 80386 processor is now mutually exclusive with 252239676Srwatson support for other ia32 processors; this should slightly improve 253239676Srwatson performance on the 80386 due to the elimination of runtime 254239676Srwatson processor type checks.</para> 255239676Srwatson 256239676Srwatson <para arch="i386">Custom kernels that will run on the 80386 can 257239676Srwatson still be built by changing the cpu options in the kernel 258239676Srwatson configuration file to only include 259239676Srwatson <literal>I386_CPU</literal>.</para> 260239676Srwatson 261239676Srwatson <para arch="alpha">AlphaServer 1200 (<quote>Tincup</quote>) has 262239676Srwatson been tested and works OK. Currently it does not want to boot 263239676Srwatson from CD or floppy but a transplanted disk that was installed on 264239676Srwatson another Alpha works well. &merged;</para> 265239676Srwatson 266239676Srwatson <para arch="alpha">The API UP1100 mainboard has been verified to work.</para> 267239676Srwatson 268239676Srwatson <para arch="alpha">The API CS20 1U high server has been verified to work.</para> 269239676Srwatson 270239676Srwatson <para arch="alpha">The DEC3000 series support has been removed from the mfsroot 271239676Srwatson floppy image so that it fits on a 1.44 Mbyte floppy again. As the 272239676Srwatson DEC3000 is currently only usable diskless this should not cause 273239676Srwatson any problems.</para> 274239676Srwatson 275239676Srwatson <para arch="alpha">Support for AlphaServer 2100A (<quote>Lynx</quote>) has been 276239676Srwatson added.</para> 277239676Srwatson 278239676Srwatson <para arch="alpha">Kernel code has been added that allows older generation Alpha CPUs 279239676Srwatson (EV4 and EV5) to emulate instructions of the newer Alpha CPU 280239676Srwatson generations. This enables the use of binary-only programs like Adobe 281239676Srwatson Acrobat 4 on EV4 and EV5.</para> 282239676Srwatson 283239676Srwatson <para arch="alpha">SMP support for the alpha is now operational.</para> 284239676Srwatson 285239676Srwatson <para arch="i386">Detection for new processors, such as the 286239676Srwatson FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and Transmeta 287239676Srwatson Crusoe LongRun, has been added. &merged;</para> 288239676Srwatson 289239676Srwatson </sect3> 290239676Srwatson 291239676Srwatson <sect3> 292239676Srwatson <title>Network Interface Support</title> 293239676Srwatson 294239676Srwatson <para>Added support for PCI Ethernet adapters based on the 295239676Srwatson National Semiconductor DP83815 chipset, including the NetGear 296239676Srwatson FA311-TX and FA312-TX, in the form of the &man.sis.4; driver.</para> 297239676Srwatson 298239676Srwatson <para>The &man.tap.4; driver, a virtual Ethernet device driver for 299239676Srwatson bridged configurations, has been added. &merged;</para> 300239676Srwatson 301239676Srwatson <para>The &man.ti.4; driver now supports the Alteon AceNIC 302239676Srwatson 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT Gigabit 303239676Srwatson cards. &merged;</para> 304239676Srwatson 305239676Srwatson <para>The &man.xl.4; driver now supports the 3Com 3C556 and 3C556B 306239676Srwatson MiniPCI adapters used on some laptops. &merged;</para> 307239676Srwatson 308239676Srwatson <para arch="alpha">The &man.ed.4; driver is now supported.</para> 309239676Srwatson 310239676Srwatson <para>The &man.pcn.4; driver, which supports the AMD PCnet/FAST, 311239676Srwatson PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and HomePNA 312239676Srwatson adapters, has been added. Although these cards are already 313239676Srwatson supported by the &man.lnc.4; driver, the &man.pcn.4; driver runs 314239676Srwatson these chips in 32-bit mode and uses the RX alignment feature to 315239676Srwatson achieve zero-copy receive. This driver is also 316239676Srwatson machine-independent, so it will work on both the i386 and alpha 317239676Srwatson platforms. The &man.lnc.4; driver is still needed to support non-PCI 318239676Srwatson cards. &merged;</para> 319239676Srwatson 320239676Srwatson <para>Support for Fujitsu MB86960A/MB86965A based Ethernet 321239676Srwatson PC-Cards is back. &merged;</para> 322239676Srwatson 323239676Srwatson <para arch="i386">The snc driver for the National Semiconductor 324239676Srwatson DP8393X (SONIC) Ethernet controller has been added. Currently, 325 this driver is only used on the PC-98 architecture. &merged;</para> 326 327 <para>The &man.an.4; driver for Cisco Aironet cards now supports 328 Wired Equivalent Privacy (WEP) encryption, settable via 329 &man.ancontrol.8;. &merged;</para> 330 331 <para arch="i386">The &man.el.4; driver can now be loaded as a 332 module.</para> 333 334 <para>The &man.ray.4; driver, which supports the Webgear Aviator 335 wireless network cards, has been committed. The operation of 336 &man.ray.4; interfaces can be modified by 337 &man.raycontrol.8;. &merged;</para> 338 339 <para arch="alpha">The &man.fpa.4; driver now supports Digital's 340 DEFPA FDDI adaptors on the Alpha.</para> 341 342 <para arch="i386">Linksys Fast Ethernet PCCARD cards supported by the 343 &man.ed.4; driver now require the addition of flag 344 <literal>0x80000</literal> to their config line in 345 &man.pccard.conf.5;. This flag is not optional. These Linksys 346 cards will not be recognized without it.</para> 347 348 <para>A bug in the &man.ed.4; driver that could cause panics with 349 very short packets and BPF or bridging active has been 350 fixed. &merged;</para> 351 352 <para>The &man.ed.4; driver now has support for D-Link 353 DL10022 chips, necessary for the NetGear FA-410TX and other 354 cards. As a result, <literal>device miibus</literal> is 355 required in kernel configurations using the &man.ed.4; 356 driver. &merged;</para> 357 358 <para>The &man.fxp.4; driver now requires a <literal>device 359 miibus</literal> entry in the kernel configuration file. &merged;</para> 360 361 <para>The &man.wx.4; driver now supports the Intel PRO1000-F and 362 PRO1000-T (10/100/1000) adapters. &merged;</para> 363 364 <para>Added the &man.nge.4; driver, which supports PCI Gigabit 365 Ethernet adapters based on the National Semiconductor DP83820 366 and DP83821 Gigabit Ethernet controller chips, including the 367 D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante 368 FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron 369 AEG320T. This driver supports transmit and receive checksum 370 offloading. &merged;</para> 371 372 <para>The &man.lge.4; driver has been added to support the Level 373 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This 374 device is used on some fiber optic GigE cards from SMC, D-Link 375 and Addtron. Jumbograms and TCP/IP checksum offload on receive 376 are supported, although hardware VLAN filtering is not. &merged;</para> 377 378 <para>The &man.xl.4; driver now supports reception of VLAN 379 tagged frames (on the <quote>Cyclone</quote> or newer 380 chipsets). &merged;</para> 381 382 <para>The &man.ti.4; driver correctly masks VLAN tags. &merged;</para> 383 384 <para>The &man.an.4; driver now supports the Cisco Aironet 350 385 series of adaptors.</para> 386 387 <para>The &man.txp.4; driver has been added to support NICs 388 based on the 3Com 3XP Typhoon/Sidewinder (3CR990) chipset. &merged;</para> 389 </sect3> 390 391 <sect3> 392 <title>Network Protocols</title> 393 394 <para>&man.accept.filter.9;, a kernel feature to reduce overheads 395 when accepting and reading new connections on listening sockets, 396 has been added. &merged;</para> 397 398 <para>The &man.ng.mppc.4; and &man.ng.bridge.4; node types have 399 been added to the netgraph subsystem. The &man.ng.ether.4; node 400 is now dynamically loadable. Miscellaneous bug fixes and 401 enhancements have also been made. &merged;</para> 402 403 <para>&man.netgraph.4; has received some updates and bugfixes.</para> 404 405 <para>A new netgraph node type &man.ng.one2many.4; for multiplexing 406 and demultiplexing packets over multiple links has been added. 407 &merged;</para> 408 409 <para arch="alpha">SLIP has been removed from the 410 <filename>mfsroot</filename> floppy image.</para> 411 412 <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP RSTs 413 generated due to packets sent to open and unopen ports are now 414 limited by separate counters. Each rate limiting queue now has 415 its own description.</para> 416 417 <para>ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can 418 now RST TCP connections in the <literal>SYN_SENT</literal> state 419 if the correct sequence numbers are sent back, as controlled by the 420 <varname>net.inet.tcp.icmp_may_rst</varname> 421 sysctl.</para> 422 423 <para>TCP has received some bug fixes for its delayed ACK 424 behavior. &merged;</para> 425 426 <para>TCP now supports the NewReno modification to the TCP Fast Recovery 427 algorithm. This behavior can be controlled via the 428 <varname>net.inet.tcp.newreno</varname> sysctl variable. &merged;</para> 429 430 <para>TCP now uses a more aggressive timeout for initial SYN segments; this 431 allows initial connection attempts to be dropped much 432 faster. &merged;</para> 433 434 <para>The <literal>TCP_COMPAT_42</literal> kernel option has 435 been removed.</para> 436 437 <para>The <literal>TCP_RESTRICT_RST</literal> kernel option has 438 been removed. Similar functionality can be achieved with the 439 <varname>net.inet.tcp.blackhole</varname> sysctl 440 variable. &merged;</para> 441 442 <para>TCP now has RFC 1323 extensions enabled by default in 443 &man.rc.conf.5;. &merged;</para> 444 445 <para>RFC 1323 and RFC 1644 TCP extensions are now disabled for a 446 connection in progress if no response has been received by the 447 third SYN segment sent. This behavior tries to work around 448 (very old) terminal servers with buggy VJ header compression 449 implementations. &merged;</para> 450 451 <para>The TCP implementation no longer requires the 452 allocation of a TCP template structure for each connection; this 453 should reduce the buffer usage on large systems handling many 454 connections. &merged;</para> 455 456 <para>TCP's default buffer sizes, controlled by the 457 <varname>net.inet.tcp.sendspace</varname> and 458 <varname>net.inet.tcp.recvspace</varname> sysctl variables, have 459 been increased to 32K and 64K respectively.</para> 460 461 <para>A new sysctl <varname>net.inet.ip.check_interface</varname>, 462 which is on by default, causes IP to verify that an incoming 463 packet arrives on an interface that has an address matching the 464 packet's destination address. &merged;</para> 465 466 <para>A new sysctl 467 <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has 468 been added to control the suppression of logging when ARP replies 469 arrive on the wrong interface. &merged;</para> 470 471 <para>The <literal>proxy</literal> modifier to &man.arp.8;'s 472 <option>-d</option> option has been renamed to 473 <literal>pub</literal>, for consistency with the 474 <option>-s</option> option. The <literal>only</literal> keyword 475 has been added to the <option>-s</option> and 476 <option>-S</option> flags, to be used in creating 477 <quote>proxy-only</quote> published entries.</para> 478 479 <para>&man.ipfw.8; now filters correctly in the presence of ECN bits in TCP 480 segments. &merged;</para> 481 482 <para>&man.ipfw.8; will now avoid the display of dynamic 483 firewall rules unless the <option>-d</option> flag is passed to 484 it. The <option>-e</option> lists expired dynamic rules.</para> 485 486 <para>&man.bridge.4; and &man.dummynet.4; have received some 487 enhancements and bug fixes.</para> 488 489 <para>&man.ipfw.8; has a new feature (<literal>me</literal>) that 490 allows for packet matching on interfaces with dynamically-changing 491 IP addresses. &merged;</para> 492 493 <para>&man.ip6fw.8; now has the ability to use a preprocessor 494 and use the <option>-q</option> (quiet) flag when reading from a 495 file. &merged;</para> 496 497 <para>A new <literal>options RANDOM_IP_ID</literal> kernel 498 option causes the ID field of IP packets to be randomized. This 499 closes a minor information leak which allows a remote observer 500 to determine the rate at which the machine is generating 501 packets, since the default behaviour is to increment a counter 502 for each packet sent. &merged;</para> 503 504 <para>IP multicast now works on VLAN devices. Several other 505 bugs in the VLAN code have also been fixed.</para> 506 507 </sect3> 508 509 <sect3> 510 <title>Disks and Storage</title> 511 512 <para arch="i386">The &man.twe.4; 3ware ATA RAID driver has added. &merged;</para> 513 514 <para>The &man.ata.4; driver now has support for ATA100 515 controllers. In addition, it now supports the ServerWorks ROSB4 516 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 chipsets, and 517 the Cyrix 5530. &merged;</para> 518 519 <para>To provide more flexible configuration, the various options for the 520 &man.ata.4; driver are now boot loader tunables, rather than kernel 521 configure-time options. &merged;</para> 522 523 <para>The &man.ata.4; driver now has support for tagged queuing, 524 which is enabled by the <literal>hw.ata.tags</literal> loader 525 tunable. &merged;</para> 526 527 <para>The &man.ata.4; driver now has support for ATA 528 <quote>pseudo</quote> RAID controllers as the Promise Fasttrak and 529 HighPoint HPT370 controllers. &merged;</para> 530 531 <para arch="i386">The &man.mly.4; driver, for Mylex PCI to SCSI 532 AccelRAID and eXtremeRAID controllers with firmware 6.X and 533 later, has been added. &merged;</para> 534 535 <para arch="i386">The &man.asr.4; driver, which provides support 536 for the Adaptec SCSI RAID controller family, as well as the DPT 537 SmartRAID V and VI families, has been added. &merged;</para> 538 539 <para arch="i386">Support for the Adaptec FSA family of PCI-SCSI 540 RAID controllers has been added, in the form of the &man.aac.4; 541 driver.</para> 542 543 <para>The &man.ahc.4; driver has received numerous updates, 544 bugfixes, and enhancements. Among various improvements are 545 improved compatibility with chips in <quote>RAID Port</quote> mode 546 and systems with AAA and/or ARO cards installed, as well as 547 performance improvements. Some bugs were also fixed, including a 548 rare hang on Ultra2/U160 controllers. &merged;</para> 549 550 <para arch="i386">The ncv, nsp, and stg drivers have 551 been ported from NetBSD/pc98. They support the NCR 53C50 / 552 Workbit Ninja SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI 553 controllers. &merged;</para> 554 555 <para>The &man.cd.4; driver now has support for write operations. 556 This allows writing to DVD-RAM, PD and similar drives that probe 557 as CD devices. Note that change affects only random-access 558 writeable devices, not sequential-only writeable devices such as 559 CD-R drives, which are supported by &man.cdrecord.1; in the Ports 560 Collection. &merged;</para> 561 562 <para>The &man.vinum.4; volume manager has received some bug fixes and 563 enhancements.</para> 564 565 <para>&man.md.4;, the memory disk device, has had the 566 functionality of &man.vn.4; incorporated into it. &man.md.4; 567 devices can now be configured by &man.mdconfig.8;. &man.vn.4; has 568 been removed. The Memory Filesystem (MFS) has also been 569 removed.</para> 570 571 <para>BurnProof(TM) support, for applicable ATAPI CD-ROM burners, is now 572 supported. &merged;</para> 573 574 <para arch="alpha">A bug that made certain CDROM drives fail to 575 attach when connected to a SCSI card driven by &man.isp.4; has 576 been fixed. &merged;</para> 577 578 <para>The &man.isp.4; driver is now proactive about discovering 579 Fibre Channel topology changes.</para> 580 581 <para>The &man.isp.4; driver now supports target mode for Qlogic 582 SCSI cards, including Ultra2 and Ultra3 and dual bus cards.</para> 583 584 <para>The ida disk driver now has crashdump support. &merged;</para> 585 586 <para>The CAM error recovery code has been updated.</para> 587 588 <para>Some problems in &man.sa.4; error handling have been 589 fixed, including the <quote>tape drive spinning indefinitely 590 upon mt stat</quote> problem.</para> 591 592 </sect3> 593 594 <sect3> 595 <title>Filesystems</title> 596 597 <para>Support for named extended attributes was added to the &os; 598 kernel. This allows the kernel, and appropriately privileged 599 userland processes, to tag files and directories with attribute 600 data. Extended attributes were added to support the TrustedBSD 601 Project, in particular ACLs, capability data, and mandatory access 602 control labels (see 603 <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for 604 details).</para> 605 606 <para>Due to a licensing change, softupdates have been integrated 607 into the main portion of the kernel source tree. As a 608 consequence, softupdates are now available with the 609 <filename>GENERIC</filename> kernel. &merged;</para> 610 611 <para>A filesystem snapshot capability has been added to FFS. 612 Details can be found in 613 <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> 614 615 <para>Softupdates for FFS have received some bug fixes and 616 enhancements.</para> 617 618 <para>When running with softupdates, &man.statfs.2; and 619 &man.df.1; will track the number of blocks and files that are 620 committed to being freed.</para> 621 622 <para>A bug in FFS that could cause superblock corruption on very large 623 filesystems has been corrected. &merged;</para> 624 625 <para>The Inode Filesystem (IFS) has been added; more information 626 can be found in 627 <filename>/usr/src/sys/ufs/ifs/README</filename>.</para> 628 629 <para>The ISO-9660 filesystem now has a hook that supports a loadable 630 character conversion routine. The 631 <filename>sysutils/cd9660_unicode</filename> port 632 contains a set of common conversions.</para> 633 634 <para>&man.kernfs.5; is obsolete and has been retired.</para> 635 636 <para>A bug in the NFS client that caused bogus access times with 637 <literal>O_EXCL|O_CREAT</literal> opens was fixed. &merged;</para> 638 639 <para>A new NFS hash function (based on the Fowler/Noll/Vo hash 640 algorithm) has been implemented to improve NFS performance by 641 increasing the efficiency of the <varname>nfsnode</varname> hash 642 tables. &merged;</para> 643 644 <para>Client-side NFS locks have been implemented.</para> 645 646 <para>Support for file system Access Control Lists (ACLs) has been 647 introduced, allowing more fine-grained control of discretionary 648 access control on files and directories. This support was 649 integrated from the TrustedBSD Project. More details can be found in 650 <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para> 651 652 <para>The directory layout preference algorithm for FFS has been 653 changed to improve its speed on large filesystems.</para> 654 655 <para arch="i386">smbfs (CIFS) support in kernel has been added. 656 The corresponding userland filesystem mount utility can be found 657 in the <filename>net/smbfs</filename> port in the &os; Ports 658 Collection. &merged;</para> 659 660 <para>For consistency, the fdesc, fifo, null, msdos, portal, 661 umap, and union filesystems have been renamed to fdescfs, 662 fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where 663 applicable, modules and mount_* programs have been 664 renamed. Compatability <quote>glue</quote> has been added to 665 &man.mount.8; so that <literal>msdos</literal> filesystem 666 entries in &man.fstab.5; will work without changes.</para> 667 668 <para>pseudofs, a pseudo-filesystem framework, has been added. 669 &man.linprocfs.5; has been modified to use pseudofs.</para> 670 671 </sect3> 672 673 <sect3> 674 <title>Multimedia Support</title> 675 676 <para arch="i386">The &man.pcm.4; driver now supports the ESS Solo 1, 677 Maestro-1, Maestro-2, and Maestro-2e; Forte Media fm801, ESS 678 Maestro-2e, and VIA Technologies VT82C686A sound card/chipsets, 679 and has received some other updates. 680 Separate drivers for the SoundBlaster 8 and Soundblaster 16 now 681 replace an older, unified driver. A driver for the CMedia 682 CMI8338/CMI8738 sound chips has been added. A driver for the 683 CS4281 sound chip has been added. A driver for the S3 684 Sonicvobes chipset has been added. &merged;</para> 685 686 <para arch="i386">A driver for the Advance Logic ALS4000 has 687 been added. &merged;</para> 688 689 <para arch="i386">A driver for the 690 ESS Maestro-3/Allegro has been added, however due to licensing 691 restrictions, it cannot be compiled into the kernel. &merged; To 692 use this driver, add the following line to 693 <filename>/boot/loader.conf</filename>:</para> 694 695 <programlisting>snd_maestro3_load="YES"</programlisting> 696 697 <para>The &man.bktr.4; driver has been updated to 2.18. This 698 update provides a number of new features: New tuner 699 types have been added, and improvements to the KLD module and to 700 memory allocation have been made. Bugs in &man.devfs.5; when 701 unloading and reloading have been fixed. 702 Support for new Hauppauge Model 44xxx WinTV Cards (the ones with 703 no audio mux) has been added.</para> 704 705 <para>When sound modules are built, one can now load all the 706 drivers and infrastructure by <command>kldload 707 snd</command>.</para> 708 709 <para>A new API has been added for sound cards with hardware 710 volume control.</para> 711 712 <para arch="i386">A driver for the Intel 443MX, 810, 815, and 815E 713 integrated sound devices has been added.</para> 714 715 </sect3> 716 717 <sect3> 718 <title>Contributed Software</title> 719 720 <para><application>IPFilter</application> has been updated to 721 3.4.20. &merged;</para> 722 723 <para>The Forth Inspired Command Language 724 (<application>FICL</application>) used in the boot loader has 725 been updated to 2.05.</para> 726 727 <para>ACPI support has been merged in from the 728 <application>Intel ACPI</application> 729 project, and updated to the ACPI CA 20010518 release.</para> 730 731 <sect4 arch="i386"> 732 <title>isdn4bsd</title> 733 734 <para><application>isdn4bsd</application> has been updated to 735 version 0.96.00.</para> 736 737 <para>The &man.ihfc.4; driver for supporting Cologne Chip 738 Designs HFC devices under <application>isdn4bsd</application> 739 has been added.</para> 740 741 <para>The &man.itjc.4; driver for supporting NETjet-S / Teles 742 PCI-TJ devices under <application>isdn4bsd</application> has 743 been added.</para> 744 745 <para>Experimental support for the Eicon.Diehl DIVA 2.0 and 746 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; 747 <application>isdn4bsd</application> driver.</para> 748 749 <para>Active CAPI-based ISDN cards manufacured by AVM are now 750 supported using the &man.i4bcapi.4; and the &man.iavc.4; driver. The 751 supported cards are the AVM B1 PCI and AVM B1 ISA Basic Rate 752 cards and the AVM T1 Primary Rate cards.</para> 753 754 <para>A new <literal>maxconnecttime</literal> keyword is now 755 accepted in &man.isdnd.rc.5; files to limit the time a 756 connection may remain open.</para> 757 </sect4> 758 759 <sect4 id="kame-kernel"> 760 <title>KAME</title> 761 762 <para>The IPv6 stack is now based on a snapshot based on the KAME 763 Project's IPv6 snapshot as of 28 May, 2001. Most of the 764 items listed in this section are a result of this import. 765 <xref linkend="kame-userland"> lists userland updates to the 766 KAME IPv6 stack. &merged;</para> 767 768 <para>&man.gif.4; is now based on RFC 2893, rather than RFC 769 1933. The <literal>IFF_LINK2</literal> interface flag can 770 be used to control ingress filtering. &merged;</para> 771 772 <para><application>IPSec</application> has received some 773 enhancements, including the ability to use the Rijndael and 774 SHA2 algorithms. IPSec RC5 support has been removed due to 775 patent issues. &merged;</para> 776 777 <para>&man.stf.4; now conforms to RFC 3056; the 778 <literal>IFF_LINK2</literal> interface flag can be used to 779 control ingress filtering. &merged;</para> 780 781 <para>IPv6 has better checking of illegal addresses (such as 782 loopback addresses) on physical networks. &merged;</para> 783 784 <para>The <varname>IPV6_V6ONLY</varname> socket option is 785 now completely supported. The kernel's default behavior 786 with respect to this option is controlled by the 787 <varname>net.inet6.ip6.v6only</varname> sysctl 788 variable. &merged;</para> 789 790 <para>RFC 3041 (Privacy Extensions for Stateless Address 791 Autoconfiguration) is now supported. It can be enabled via 792 the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl 793 variable. &merged;</para> 794 </sect4> 795 </sect3> 796 </sect2> 797 <sect2 id="security"> 798 <title>Security Fixes</title> 799 800 <para>&man.sysinstall.8; now allows the user to select one of three 801 <quote>security profiles</quote> at install-time. These profiles enable 802 different levels of system security by enabling or disabling 803 various system services in &man.rc.conf.5; on new 804 installs. &merged;</para> 805 806 <para>A bug in which malformed ELF executable images can hang the 807 system has been fixed (see security advisory 808 FreeBSD-SA-00:41). &merged;</para> 809 810 <para>A security hole in Linux emulation was fixed (see security 811 advisory FreeBSD-SA-00:42). &merged;</para> 812 813 <para>&man.rlogind.8;, &man.rshd.8;, and &man.fingerd.8; are now 814 disabled by default in <filename>/etc/inetd.conf</filename>. This 815 only affects new installations. &merged;</para> 816 817 <para>String-handling library calls in many programs were fixed to 818 reduce the possibility of buffer overflow-related exploits. 819 &merged;</para> 820 821 <para>TCP now uses stronger randomness in choosing its initial sequence 822 numbers (see security advisory FreeBSD-SA-00:52). &merged;</para> 823 824 <para>Several buffer overflows in &man.tcpdump.1; were corrected 825 (see security advisory FreeBSD-SA-00:61). &merged;</para> 826 827 <para>A security hole in &man.top.1; was corrected (see security advisory 828 FreeBSD-SA-00:62). &merged;</para> 829 830 <para>A potential security hole caused by an off-by-one-error in 831 &man.gethostbyname.3; has been fixed (see security advisory 832 FreeBSD-SA-00:63). &merged;</para> 833 834 <para>A potential buffer overflow in the &man.ncurses.3; library, 835 which could cause arbitrary code to be run from within 836 &man.systat.1;, has been corrected (see security advisory 837 FreeBSD-SA-00:68). &merged;</para> 838 839 <para>A vulnerability in &man.telnetd.8; that could cause it to 840 consume large amounts of server resources has been fixed (see 841 security advisory FreeBSD-SA-00:69). &merged;</para> 842 843 <para>The <literal>nat deny_incoming</literal> command in 844 &man.ppp.8; now works correctly (see security advisory 845 FreeBSD-SA-00:70). &merged;</para> 846 847 <para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files 848 that could allow overwriting of arbitrary user-writable files has 849 been closed (see security advisory FreeBSD-SA-00:76). &merged;</para> 850 851 <para>The &man.ssh.1; binary is no longer SUID root by 852 default.</para> 853 854 <para>Some fixes were applied to the Kerberos 855 IV implementation related to environment variables, a 856 possible buffer overrun, and overwriting ticket files. &merged;</para> 857 858 <para>&man.telnet.1; now does a better job of sanitizing its 859 environment. &merged;</para> 860 861 <para>Several vulnerabilities in &man.procfs.5; were fixed (see 862 security advisory FreeBSD-SA-00:77). &merged;</para> 863 864 <para>A bug in <application>OpenSSH</application> in which a 865 server was unable to disable &man.ssh-agent.1; or 866 <literal>X11Forwarding</literal> was fixed (see security advisory 867 FreeBSD-SA-01:01). &merged;</para> 868 869 <para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP 870 segments could incorrectly be treated as being part of an 871 <literal>established</literal> connection has been fixed (see 872 security advisory FreeBSD-SA-01:08). &merged;</para> 873 874 <para>A bug in &man.crontab.1; that could allow users to read any 875 file on the system in valid &man.crontab.5; syntax has been fixed 876 (see security advisory FreeBSD-SA-01:09). &merged;</para> 877 878 <para>A vulnerability in &man.inetd.8; that could allow 879 read-access to the initial 16 bytes of 880 <groupname>wheel</groupname>-accessible files has been fixed (see security 881 advisory FreeBSD-SA-01:11). &merged;</para> 882 883 <para>A bug in &man.periodic.8; that used insecure temporary files has been 884 corrected (see security advisory FreeBSD-SA-01:12). &merged;</para> 885 886 <para>A bug in &man.sort.1; in which an attacker might be able to 887 cause it to abort processing has been fixed (see security advisory 888 FreeBSD-SA-01:13). &merged;</para> 889 890 <para>To fix a remotely-exploitable buffer overflow, 891 <application>BIND</application> has been updated 892 to 8.2.3 (see security advisory FreeBSD-SA-01:18). &merged;</para> 893 894 <para><application>OpenSSH</application> now has code to prevent 895 (instead of just mitigating through connection limits) an attack 896 that can lead to guessing the server key (not host key) by 897 regenerating the server key when an RSA failure is detected (see 898 security advisory FreeBSD-SA-01:24). &merged;</para> 899 900 <para>A number of programs have had output formatting strings 901 corrected so as to reduce the risk of vulnerabilities. &merged;</para> 902 903 <para>A number of programs that use temporary files now do so more 904 securely. &merged;</para> 905 906 <para>A bug in ICMP that could cause an attacker to disrupt TCP and UDP 907 <quote>sessions</quote> has been corrected. &merged;</para> 908 909 <para>A bug in &man.timed.8;, which caused it to crash if send 910 certain malformed packets, has been corrected (see security 911 advisory FreeBSD-SA-01:28). &merged;</para> 912 913 <para>A bug in &man.rwhod.8;, which caused it to crash if send 914 certain malformed packets, has been corrected (see security 915 advisory FreeBSD-SA-01:29). &merged;</para> 916 917 <para>A security hole in FreeBSD's FFS and EXT2FS implementations, 918 which allowed a race condition that could cause users to have 919 unauthorized access to data, has been fixed (see security advisory 920 FreeBSD-SA-01:30). &merged;</para> 921 922 <para>A remotely-exploitable vulnerability in &man.ntpd.8; has 923 been closed (see security advisory FreeBSD-SA-01:31). &merged;</para> 924 925 <para>A security hole in <application>IPFilter</application>'s 926 fragment cache has been closed (see 927 security advisory FreeBSD-SA-01:32). &merged;</para> 928 929 <para>Buffer overflows in &man.glob.3;, which could cause 930 arbitrary code to be run on an FTP server, have been closed. In 931 addition, to prevent some forms of DOS attacks, &man.glob.3; 932 allows specification of a limit on the number of pathname matches 933 it will return. &man.ftpd.8; now uses this feature (see security 934 advisory FreeBSD-SA-01:33). &merged;</para> 935 936 <para>Initial sequence numbers in TCP are more thoroughly 937 randomized (see security advisory FreeBSD-SA-01:39). Due to some 938 possible compatability issues, the behavior of this security fix 939 can be enabled or disabled via the 940 <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl 941 variable.&merged;</para> 942 943 <para>The new <varname>net.inet.ip.maxfragpackets</varname> 944 and <varname>net.inet.ip.maxfragpackets</varname> sysctl 945 variables limit the amount of memory that can be consumed by IPv4 946 and IPv6 packet fragments, which defends against some denial of service 947 attacks. &merged;</para> 948 949 <para>A vulnerability in the &man.fts.3; routines (used by 950 applications for recursively traversing a filesystem) could 951 allow a program to operate on files outside the intended directory 952 hierarchy. This bug has been fixed (see security advisory 953 FreeBSD-SA-01:40). &merged;</para> 954 955 <para>&os;'s TCP implementation has been made more resistant to 956 SYN floods, by eliminating the RST segment normally sent when 957 removing a connection from the listen queue.</para> 958 959 <para><application>OpenSSH</application> now switches to the 960 user's UID before attempting to unlink the authentication 961 forwarding file, nullifying the effects of a race.</para> 962 963 <para>A flaw allowed some signal handlers to remain in effect in a 964 child process after being exec-ed from its parent. This allowed 965 an attacker to execute arbitrary code in the context of a setuid 966 binary. This flaw has been corrected (see security advisory 967 FreeBSD-SA-01:42). &merged;</para> 968 969 <para>A remote buffer overflow in &man.tcpdump.1; has been fixed 970 (see security advisory FreeBSD-SA-01:48). &merged;</para> 971 972 <para>A remote buffer overflow in &man.telnetd.8; has been 973 fixed (see security advisory FreeBSD-SA-01:49). &merged;</para> 974 </sect2> 975 <sect2 id="userland"> 976 <title>Userland Changes</title> 977 978 <para>&man.cdcontrol.1; now supports a <literal>cdid</literal> 979 command, which calculates and displays the CD serial number, using 980 the same algorithm used by the CDDB database. &merged;</para> 981 982 <para>&man.mtree.8; now includes support for a file that lists 983 pathnames to be excluded when creating and verifying prototypes. 984 This makes it easier to use &man.mtree.8; as a part of an 985 intrusion-detection system. &merged;</para> 986 987 <para>&man.ls.1; can produce colorized listings with the 988 <option>-G</option> flag (and appropriate terminal 989 support). &merged;</para> 990 991 <para>&man.sysinstall.8; now properly preserves 992 <filename>/etc/mail</filename> during a binary upgrade. &merged;</para> 993 994 <para>The &man.truncate.1; utility, which truncates or extends the length 995 of files, has been added. &merged;</para> 996 997 <para>&man.syslogd.8; can take a <option>-n</option> option to 998 disable DNS queries for every request. &merged;</para> 999 1000 <para>&man.kenv.1;, a command to dump the kernel environment, has 1001 been added. &merged;</para> 1002 1003 <para>The behavior of &man.periodic.8; is now controlled by 1004 <filename>/etc/defaults/periodic.conf</filename> and 1005 <filename>/etc/periodic.conf</filename>. &merged;</para> 1006 1007 <para arch="i386">&man.boot98cfg.8;, a PC-98 boot manager installation and 1008 configuration utility, has been added. &merged;</para> 1009 1010 <para>&man.logger.1; can now send messages directly to a remote 1011 syslog. &merged;</para> 1012 1013 <para arch="i386">&man.gdb.1; now supports hardware watchpoints (using the 1014 kernel's debug register + support that has been introduced in 1015 &os; 4.0). &merged;</para> 1016 1017 <para>&man.which.1; is now a C program, rather than a Perl 1018 script.</para> 1019 1020 <para>&man.killall.1; is now a C program, rather than a Perl 1021 script. As a result, its <option>-m</option> option now uses the 1022 regular expression syntax of &man.regex.3;, rather than that of 1023 &man.perl.1;. &merged;</para> 1024 1025 <para>&man.killall.1; now allows non-root users to kill SUID root 1026 processes that they started, the same as the Perl version did.</para> 1027 1028 <para>&man.finger.1; now has the ability to support fingering 1029 aliases, via the &man.finger.conf.5; file. &merged;</para> 1030 1031 <para>&man.finger.1; now has support for a 1032 <filename>.pubkey</filename> file.</para> 1033 1034 <para>nsswitch support has been merged from NetBSD. By creating 1035 an &man.nsswitch.conf.5; file, FreeBSD can be configured so that 1036 various databases such as &man.passwd.5; and &man.group.5; can be 1037 looked up using flat files, NIS, or Hesiod. The old 1038 <filename>hosts.conf</filename> file is no longer used.</para> 1039 1040 <para>RSA Security has waived all patent rights to the RSA 1041 algorithm. As a 1042 result, the native <application>OpenSSL</application> 1043 implementation of the RSA algorithm is now activated by default, 1044 and the <filename>rsaref</filename> port and 1045 <filename>librsaUSA</filename> are no longer required for USA 1046 residents. &merged;</para> 1047 1048 <para>&man.ifconfig.8; command can set the link-layer address 1049 of an interface. &merged;</para> 1050 1051 <para>&man.ifconfig.8; can now accept addresses in slash/CIDR 1052 notation. &merged;</para> 1053 1054 <para>&man.ifconfig.8; now has support for setting parameters for 1055 IEEE 802.11 wireless network devices. &man.wi.4; and 1056 &man.an.4; devices are supported, and partial support is provided 1057 for &man.awi.4; devices. &merged;</para> 1058 1059 <para>&man.ifconfig.8; no longer displays the list of supported 1060 media by default. Instead it displays it when the 1061 <option>-m</option> is given. &merged;</para> 1062 1063 <para>&man.setproctitle.3; has been moved from 1064 <filename>libutil</filename> to 1065 <filename>libc</filename>. &merged;</para> 1066 1067 <para>&man.chio.1; now has the ability to specify elements by 1068 volume tag instead of by their physical location as well as the 1069 ability to return an element to its previous location. &merged;</para> 1070 1071 <para>&man.sed.1; now takes a <option>-E</option> option for 1072 extended regular expression support. &merged;</para> 1073 1074 <para>&man.ln.1; now takes an <option>-i</option> option to 1075 request user confirmation before overwriting an existing 1076 file. &merged;</para> 1077 1078 <para>&man.ln.1; now takes a <option>-h</option> flag to avoid 1079 following a target that is a link, with a <option>-n</option> flag 1080 for compatability with other implementations. &merged;</para> 1081 1082 <para>Userland &man.ppp.8; has received a number of updates and 1083 bug fixes. &merged;</para> 1084 1085 <para>&man.make.1; has gained the <literal>:C///</literal> 1086 (regular expression substitution), <literal>:L</literal> 1087 (lowercase), and <literal>:U</literal> (uppercase) variable 1088 modifiers. These were added to reduce the differences between the 1089 &os; and 1090 OpenBSD/NetBSD 1091 &man.make.1 programs. &merged; </para> 1092 1093 <para>Bugs in &man.make.1;, among which include broken null suffix 1094 behavior, bad assumptions about current directory permissions, and 1095 potential buffer overflows, have been fixed. &merged;</para> 1096 1097 <para>The &os; <filename>Makefile</filename> infrastructure now 1098 supports the <varname>WARNS</varname> directive from NetBSD. This 1099 directive controls the addition of compiler warning flags to 1100 <varname>CFLAGS</varname> in a relatively compiler-neutral 1101 manner.</para> 1102 1103 <para>&man.fsck.8; wrappers have been imported; this feature 1104 provides infrastructure for &man.fsck.8; to work on different 1105 types of filesystems (analogous to &man.mount.8;).</para> 1106 1107 <para>The behavior of &man.fsck.8; when dealing with various 1108 passes (a la <filename>/etc/fstab</filename>) has been modified to 1109 accomodate multiple-disk filesystems.</para> 1110 1111 <para>&man.style.perl.7;, a style guide for Perl code in the &os; 1112 base system, has been added.</para> 1113 1114 <para>The <quote>in use</quote> percentage metric displayed by 1115 &man.netstat.1; now really reflects the percentage of network 1116 mbufs used. &merged;</para> 1117 1118 <para>&man.netstat.1; now has a <option>-W</option> flag that 1119 tells it not to truncate addresses, even if they're too long for 1120 the column they're printed in. &merged;</para> 1121 1122 <para>&man.netstat.1; now keeps track of input and output packets 1123 on a per-address basis for each interface. &merged;</para> 1124 1125 <para>&man.netstat.1; now has a <option>-z</option> flag to reset 1126 statistics.</para> 1127 1128 <para>&man.sockstat.1; now has <option>-c</option> and 1129 <option>-l</option> flags for listing connected and listening 1130 sockets, respectively. &merged;</para> 1131 1132 <para>&man.mergemaster.8; has gained some new features, has been 1133 cleaned up somewhat, and is now more cross-platform friendly.</para> 1134 1135 <para>&man.mergemaster.8; now sources an 1136 <filename>/etc/mergemaster.rc</filename> file and also prompts the 1137 user to run recommended commands (such as 1138 <command>newaliases</command>) as needed. &merged;</para> 1139 1140 <para>The compiler chain now uses the FSF-supplied C/C++ runtime 1141 initialization code. This change brings about better 1142 compatibility with code generated from the various egcs and gcc 1143 ports, as well as the stock public FSF source. &merged;</para> 1144 1145 <para>The threads library has gained some signal handling changes, 1146 bug fixes, and performance enhancements (including zero system 1147 call thread switching). &man.gdb.1; thread support has been 1148 updated to match these changes. &merged;</para> 1149 1150 <para>&man.chflags.1; has moved from <filename>/usr/bin</filename> 1151 to <filename>/bin</filename>.</para> 1152 1153 <para>Use of the <literal>CSMG_*</literal> macros no longer 1154 require inclusion of 1155 <filename><sys/param.h></filename></para> 1156 1157 <para>IP Filter is now supported by the 1158 &man.rc.conf.5; boot-time configuration and 1159 initialization. &merged;</para> 1160 1161 <para>The &man.lastlogin.8; utility, which prints the last login 1162 time of each user, has been imported from 1163 NetBSD. &merged;</para> 1164 1165 <para>&man.last.1; now implements a <option>-d</option> that 1166 provides a <quote>snapshot</quote> of who was logged in at a 1167 particular date and time. &merged;</para> 1168 1169 <para>&man.newfs.8; now implements write combining, which can make 1170 creation of new filesystems up to seven times 1171 faster. &merged;</para> 1172 1173 <para>&man.newfs.8; now takes a <option>-U</option> option to 1174 enable softupdates on a new filesystem. &merged;</para> 1175 1176 <para>The default number of cylinders per group in &man.newfs.8; 1177 is now 22, up from 16.</para> 1178 1179 <para>A number of buffer overflows in &man.config.8; have been 1180 fixed. &merged;</para> 1181 1182 <para>&man.pwd.1; can now double as &man.realpath.1;, a program to 1183 resolve pathnames to their underlying physical paths. &merged;</para> 1184 1185 <para>&man.stty.1; now has support for an 1186 <literal>erase2</literal> control character, so that, for example, 1187 both the <keycap>Delete</keycap> and <keycap>Backspace</keycap> 1188 keys can be used to erase characters. &merged;</para> 1189 1190 <para>The &man.ibcs2.8;, &man.linux.8;, &man.osf1.8;, and &man.svr4.8; 1191 scripts, whose sole purpose was to load emulation 1192 kernel modules, have been removed. The kernel module system will 1193 automatically load them as needed to fulfill dependencies.</para> 1194 1195 <para>&man.top.1; will now use the full width of its tty.</para> 1196 1197 <para>&man.growfs.8;, a utility for growing FFS filesystems, has 1198 been added. &man.ffsinfo.8;, a utility for dump all the 1199 meta-information of an existing filesystem, has also been 1200 added. &merged;</para> 1201 1202 <para>&man.indent.1; has gained some new formatting 1203 options. &merged;</para> 1204 1205 <para>&man.sysinstall.8; now uses some more intuitive defaults 1206 thanks to some new dialog support functions. &merged;</para> 1207 1208 <para>The default root partition in &man.sysinstall.8; is now 1209 100MB on the i386 and 120MB on the alpha.</para> 1210 1211 <para>&man.xargs.1; gained a <option>-J</option> option which allows 1212 the user to specify exactly where in the command line the input should 1213 be retrofitted. &merged;</para> 1214 1215 <para>Shortly after the receipt of a <literal>SIGINFO</literal> 1216 signal (normally control-T from the controlling tty), &man.fsck.ffs.8; 1217 will now output a line indicating the current phase number and 1218 progress information relevant to the current phase. &merged;</para> 1219 1220 <para>&man.fsck.ffs.8; now supports background filesystem checks 1221 to mounted FFS filesystems with the <option>-B</option> option 1222 (softupdates must be enabled on these filesystems). The 1223 <option>-F</option> flag now determines whether a specified 1224 filesystem needs foreground checking.</para> 1225 1226 <para>&man.fsck.8; now has support for foreground 1227 (<option>-F</option>) and background (<option>-B</option>) checks. 1228 Traditionally, &man.fsck.8; is invoked before the filesystems are 1229 mounted and all checks are done to completion at that time. If 1230 background checking is available, &man.fsck.8; is invoked twice. 1231 It is first invoked at the traditional time, before the 1232 filesystems are mounted, with the <option>-F</option> flag to do 1233 checking on all the filesystems that cannot do background 1234 checking. It is then invoked a second time, after the system has 1235 completed going multiuser, with the <option>-B</option> flag to do 1236 checking on all the filesystems that can do background checking. 1237 Unlike the foreground checking, the background checking is started 1238 asynchronously so that other system activity can proceed even on 1239 the filesystems that are being checked. Boot-time enabling of 1240 this feature is controlled by the 1241 <varname>background_fsck</varname> option in &man.rc.conf.5;.</para> 1242 1243 <para>A new &man.fsck.msdosfs.8; utility has been added to check 1244 the consistency of MS-DOS filesystems.</para> 1245 1246 <para>Catching up with most other network utilities in the base 1247 system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and 1248 &man.logger.1; are now all IPv6-capable. &merged;</para> 1249 1250 <para arch="i386"><filename>libdisk</filename> can now do 1251 install-time configuration of the &arch; <filename>boot0</filename> 1252 boot loader. &merged;</para> 1253 1254 <para>The <option>-v</option> option to &man.rm.1; now displays 1255 the entire pathname of a file being removed.</para> 1256 1257 <para>&man.lpr.1;, &man.lpq.1;, and &man.lpd.8; have received a 1258 few minor enhancements. &merged;</para> 1259 1260 <para>&man.lpd.8; now takes two new options: <option>-c</option> 1261 will log all connection errors to &man.syslogd.8;, while 1262 <option>-W</option> will allow connections from non-reserved 1263 ports. &merged;</para> 1264 1265 <para>&man.lpc.8; has been improved; <command>lpc clean</command> 1266 is now somewhat safer, and a new <command>lpc tclean</command> 1267 command has been added to check to see what files would be removed 1268 by <command>lpc clean</command>. &merged;</para> 1269 1270 <para>If the first argument to &man.ancontrol.8; or 1271 &man.wicontrol.8; doesn't start with a <literal>-</literal>, it is 1272 assumed to be an interface.</para> 1273 1274 <para>&man.rdist.1; has been retired.</para> 1275 1276 <para>&man.ppp.8; has gained the <literal>tcpmssfixup</literal> 1277 option, which adjusts outgoing and incoming TCP SYN packets so that the maximum 1278 receive segment size is no larger than allowed by the interface 1279 MTU. &merged;</para> 1280 1281 <para><filename>libcrypt</filename> and 1282 <filename>libdescrypt</filename> have been unified to provide a 1283 configurable password authentication hash library. Both the md5 1284 and des hash methods are provided unless the des hash is 1285 specifically compiled out. &merged;</para> 1286 1287 <para>&man.passwd.1; and &man.pw.8; now select the password hash 1288 algorithm at run time. See the <literal>passwd_format</literal> 1289 attribute in <filename>/etc/login.conf</filename>.</para> 1290 1291 <para>In preparation for meeting SUSv2/POSIX 1292 <filename><sys/select.h></filename> requirements, 1293 <literal>struct selinfo</literal> and related functions have been 1294 moved to <filename><sys/selinfo.h></filename>.</para> 1295 1296 <para>&man.syslogd.8; now supports a <literal>LOG_CONSOLE</literal> 1297 facility (disabled by 1298 default), which can be used to log <filename>/dev/console</filename> 1299 output. &merged;</para> 1300 1301 <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename> 1302 (as on NetBSD), not <filename>/usr/libexec/cpp</filename>.</para> 1303 1304 <para>Boot-time &man.syscons.4; configuration was moved to a 1305 machine-independent <filename>/etc/rc.syscons</filename>. &merged;</para> 1306 1307 <para>&man.burncd.8; now supports a <option>-m</option> option for 1308 multisession mode (the default behavior now is to close disks as 1309 single-session). A <option>-l</option> option to take a list of 1310 image files from a filename was also added; <filename>-</filename> 1311 can be used as a filename for <literal>stdin</literal>. &merged;</para> 1312 1313 <para>&man.dmesg.8; now has a <option>-a</option> option to show 1314 the entire message buffer, including &man.syslogd.8; records and 1315 <filename>/dev/console</filename> output. &merged;</para> 1316 1317 <para>&man.cdcontrol.1; now uses the <literal>CDROM</literal> 1318 environment variable to pick a default device. &merged;</para> 1319 1320 <para>&man.cdcontrol.1; now supports <literal>next</literal> and 1321 <literal>prev</literal> commands to skip forwards or backwards a 1322 specified number of tracks while playing an audio CD.</para> 1323 1324 <para>&man.sysctl.8; now supports a <option>-N</option> option to 1325 print out variable names only.</para> 1326 1327 <para>&man.sysctl.8; has replaced the <option>-A</option> and 1328 <option>-X</option> options with <option>-ao</option> and 1329 <option>-ax</option> respectively; the former options are now 1330 deprecated. The <option>-w</option> is deprecated as well; it is 1331 not needed to determine the user's intentions.</para> 1332 1333 <para>&man.sysinstall.8; now lives in <filename>/usr/sbin</filename>, 1334 which simplifies the installation process. The &man.sysinstall.8; 1335 manpage is also installed in a more consistent fashion now.</para> 1336 1337 <para>&man.config.8; is now better about converting various 1338 warnings that should 1339 have been errors into actual fatal errors with an exit code. This 1340 ensures that <literal>make buildkernel</literal> 1341 doesn't quietly ignore them and 1342 build a bogus kernel without a human to read the errors. &merged;</para> 1343 1344 <para><filename>libc</filename> is now thread-safe by default; 1345 <filename>libc_r</filename> contains only thread functions.</para> 1346 1347 <para>&man.find.1; now takes the <option>-empty</option> flag, 1348 which returns true if a file or directory is empty. &merged;</para> 1349 1350 <para>&man.find.1; now takes the <option>-iname</option> and 1351 <option>-ipath</option> primaries for case-insensitive matches, 1352 and the <option>-regexp</option> and <option>-iregexp</option> 1353 primaries for regular-expression matches. The <option>-E</option> 1354 flag now enables extended regular expressions. &merged;</para> 1355 1356 <para>&man.find.1; now has the <option>-anewer</option>, 1357 <option>-cnewer</option>, <option>-mnewer</option>, 1358 <option>-okdir</option>, and <option>-newer[acm][acmt]</option> 1359 primaries for comparisons of file timestamps. &merged;</para> 1360 1361 <para>&man.tftpd.8; now takes the <option>-c</option> and 1362 <option>-C</option> options, which allow the server to 1363 &man.chroot.2; based on the IP address of the connecting client. 1364 &man.tftp.1; and &man.tftpd.8; can now transfer files larger than 1365 65535 blocks. &merged;</para> 1366 1367 <para>&man.vidcontrol.1; now accepts a <option>-g</option> 1368 parameter to select custom text geometry in the 1369 <literal>VESA_800x600</literal> raster text mode. &merged;</para> 1370 1371 <para>&man.ldconfig.8; now checks directory ownerships and 1372 permissions for greater security; these checks can be disabled 1373 with the <option>-i</option> flag. &merged;</para> 1374 1375 <para>The &man.rfork.thread.3; library call has been added as a 1376 helper function to &man.rfork.2;. Using this function should 1377 avoid the need to implement complex stack swap 1378 code. &merged;</para> 1379 1380 <para>Significant additions have been made to internationalization 1381 support; &os; now has complete locale support for the 1382 <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, and 1383 <literal>LC_MESSAGES</literal> categories. A number of 1384 applications have been updated to take advantage of this 1385 support.</para> 1386 1387 <para>Locale names have been changed to improve compatability with 1388 the names used by X11R6, as well as a number of other UNIX 1389 versions. As an example, the <literal>en_US.ISO_8859-1</literal> 1390 locale name has been changed to 1391 <literal>en_US.ISO8859-1</literal>. Entries in 1392 <filename>/etc/locale.alias</filename> provide backward 1393 compatability.</para> 1394 1395 <para>A <filename>compat4x</filename> distribution has been added 1396 for compatibility with &os; 4-STABLE.</para> 1397 1398 <para>The 1399 <filename>compat3x</filename> distribution has been updated to 1400 include libraries present in &os; 3.5.1-RELEASE. &merged;</para> 1401 1402 <para>&man.savecore.8; now supports a <option>-k</option> option 1403 to prevent clearing a crash dump after saving it. It also 1404 attempts to avoid writing large stretches of zeros to crash dump 1405 files to save space and time. &merged;</para> 1406 1407 <para>&man.savecore.8; now works correctly on machines with 2 GB 1408 or more of RAM. &merged;</para> 1409 1410 <para>&man.tar.1; now supports the <varname>TAR_RSH</varname> 1411 variable, principally to enable the use of &man.ssh.1; as a 1412 transport. &merged;</para> 1413 1414 <para>&man.disklabel.8; now supports partition sizes expressed in 1415 kilobytes, megabytes, or gigabytes, in addition to sectors. &merged;</para> 1416 1417 <para>The pseudo-random number generator implemented by 1418 &man.rand.3; has been improved to provide less biased results.</para> 1419 1420 <para>&man.login.1; now exports environment variables set by 1421 <application>PAM</application> modules. &merged;</para> 1422 1423 <para><application>PAM</application> support has been added for 1424 account management and sessions.</para> 1425 1426 <para>&man.su.1; now uses <application>PAM</application> for 1427 authentication.</para> 1428 1429 <para>&man.wall.1; now supports a <option>-g</option> flag to 1430 write a message to all users of a given group.</para> 1431 1432 <para>The new <varname>CPUTYPE</varname> 1433 <filename>make.conf</filename> variable controls the compilation 1434 of processor-specific optimizations in various pieces of code such 1435 as <application>OpenSSL</application>. &merged;</para> 1436 1437 <para>The default value for &man.cvs.1;'s 1438 <varname>CVS_RSH</varname> variable is now <literal>ssh</literal>, 1439 rather than <literal>rsh</literal>. &merged;</para> 1440 1441 <para>&man.ipfstat.8; now supports the <option>-t</option> option 1442 to turn on a &man.top.1;-like display. &merged;</para> 1443 1444 <para><filename>/usr/src/share/examples/BSD_daemon/</filename> now 1445 contains a scalable Beastie graphic. &merged;</para> 1446 1447 <para>&man.dump.8; now supports inheritance of the 1448 <literal>nodump</literal> flag down a hierarchy. &merged;</para> 1449 1450 <para>The <option>-T</option> to &man.dump.8; no longer swallows 1451 an extra argument. &merged;</para> 1452 1453 <para>&man.dump.8; has a new <option>-D</option> option, allowing 1454 the path to the <filename>/etc/dumpdates</filename> file to be 1455 changed. &merged;</para> 1456 1457 <para>&man.split.1; now has the ability to split a file longer 1458 than 2GB. &merged;</para> 1459 1460 <para>&man.tail.1; now has the ability to work on files longer 1461 than 2GB. &merged;</para> 1462 1463 <para>&man.units.1; has received some updates and bugfixes. &merged;</para> 1464 1465 <para>As part of an ongoing process, many manual pages were 1466 improved, both in terms of their formatting markup and in their 1467 content. &merged;</para> 1468 1469 <para><command>lprm -</command> now works for remote printer 1470 queues. &merged;</para> 1471 1472 <para>&man.ftpd.8; now supports a <option>-r</option> flag for 1473 read-only mode and a <option>-E</option> flag to disable 1474 <literal>EPSV</literal>. It also has some fixes to reduce 1475 information leakage and the ability to specify compile-time port 1476 ranges. &merged;</para> 1477 1478 <para>&man.ping.8; now supports a <option>-m</option> option to 1479 set the TTL of outgoing packets. &merged;</para> 1480 1481 <para>&man.ping.8; now supports a <option>-A</option> option to 1482 beep when packets are lost.</para> 1483 1484 <para>A version of Transport Independent RPC 1485 (<application>TI-RPC</application>) has been imported.</para> 1486 1487 <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para> 1488 1489 <para>NFS now works over IPv6.</para> 1490 1491 <para>&man.rpc.lockd.8; has been imported from NetBSD.</para> 1492 1493 <para>&man.rc.8; now has an framework for handling dependencies between 1494 &man.rc.conf.5; variables. &merged;</para> 1495 1496 <para>&man.rc.8; now deletes all non-directory files in 1497 <filename>/var/run</filename> and 1498 <filename>/var/spool/lock</filename> at boot time.</para> 1499 1500 <para>The &man.setfacl.1; and &man.getfacl.1; commands have been 1501 added to manage file system Access Control Lists.</para> 1502 1503 <para>The default TCP port range used by 1504 <filename>libfetch</filename> for passive FTP retrievals has 1505 changed; this affects the behavior of &man.fetch.1;, which has 1506 gained the <option>-U</option> option to restore the old 1507 behavior. &merged;</para> 1508 1509 <para><filename>libfetch</filename> now has support for an 1510 authentication callback.</para> 1511 1512 <para><filename>libfetch</filename> now has support for a 1513 <varname>HTTP_USER_AGENT</varname> environment variable. &merged;</para> 1514 1515 <para>&man.atacontrol.8; has been added to control various aspects 1516 of the &man.ata.4; driver.</para> 1517 1518 <para><filename>libcrypt</filename> now has support for Blowfish 1519 password hashing. &merged;</para> 1520 1521 <para>The functions from <filename>libposix1e</filename> have been 1522 integrated into <filename>libc</filename>.</para> 1523 1524 <para>&man.vidcontrol.1; now allows the user to omit the font size 1525 specification when loading a font, and has some better 1526 error-handling. &merged;</para> 1527 1528 <para>&man.vidcontrol.1; now supports a <option>-p</option> to 1529 take a snapshot of a &man.syscons.4; video buffer. These 1530 snapshots can be manipulated by some of the 1531 <filename>scr2*</filename> utilities in the Ports 1532 Collection. &merged;</para> 1533 1534 <para>&man.vidcontrol.1; now supports a <option>-C</option> option 1535 to clear the history buffer for a given tty. &merged;</para> 1536 1537 <para>devinfo, a simple tool to print the device tree and resource usage by 1538 devices, has been added.</para> 1539 1540 <para>&man.fmtcheck.3;, a function for checking consistency of 1541 format string arguments, has been added.</para> 1542 1543 <para>&man.nl.1;, a line numbering filter program, has been added.</para> 1544 1545 <para>&man.c89.1; has been converted from a shell script to a 1546 binary executable, fixing some minor bugs. &merged;</para> 1547 1548 <para>&man.pax.1; has received a number of enhancements, including 1549 &man.cpio.1; functionality, &man.tar.1; compatability 1550 enhancements, <option>-z</option> and <option>-Z</option> flags 1551 for &man.gzip.1; and &man.compress.1; functionality, and a number 1552 of bug fixes.</para> 1553 1554 <para>Ukranian language support has been added to the &os; 1555 console. &merged;</para> 1556 1557 <para>The performance of the ELF dynamic linker &man.rtld.1; has 1558 been improved. &merged;</para> 1559 1560 <para>&man.fdread.1;, a program to read data from floppy disks, 1561 has been added. It is a counterpart to &man.fdwrite.1; and is 1562 designed to provide a means of recovering at least some data from 1563 bad media, and to obviate for a complex invocation of 1564 &man.dd.1;.</para> 1565 1566 <para>&man.xargs.1; now supports a <option>-J</option> 1567 <replaceable>replstr</replaceable> option that allows the user to 1568 tell &man.xargs.1; to insert the data read from standard input at 1569 a specific point in the command line arguments rather than at the 1570 end.</para> 1571 1572 <para>&man.apmd.8; now supports monitoring of the battery state via the 1573 <literal>apm_battery</literal> configuration directive.</para> 1574 1575 <para>&man.telnet.1; now does autologin and encryption by default; 1576 a new <option>-y</option> option turns off encryption.</para> 1577 1578 <para>&man.telnet.1; now supports a <option>-u</option> flag to 1579 allow connections to UNIX-domain (<literal>AF_UNIX</literal>) 1580 sockets. &merged;</para> 1581 1582 <para>The default stripe size in &man.vinum.8; has been changed 1583 from 256KB to 279KB, to spread out superblocks more evenly between 1584 stripes.</para> 1585 1586 <para>&man.chown.8; now correctly follows symbolic links named as 1587 command line arguments if run without <option>-R</option>.</para> 1588 1589 <para>&man.chown.8; no longer takes <literal>.</literal> as a 1590 user/group delimeter. This change was made to support usernames 1591 containing a <literal>.</literal>.</para> 1592 1593 <para>&man.chmod.1; now supports a <option>-h</option> for 1594 changing the mode of a symbolic link.</para> 1595 1596 <para>&man.install.1; has a number of new features, including the 1597 <option>-b</option> and <option>-B</option> options for backing up 1598 existing target files and the <option>-S</option> option for 1599 <quote>safe</quote> (atomic copy) operation. The 1600 <option>-c</option> (copy) flag is now the default, and the 1601 <option>-D</option> (debugging) flag has been withdrawn. 1602 &man.install.1; now issues a warning if <option>-d</option> 1603 (create directories) and <option>-C</option> (copy changed files 1604 only) are used together. &merged;</para> 1605 1606 <para>&man.whois.1; now directs queries for IP addresses to 1607 ARIN. &merged; If a query to ARIN references APNIC or RIPE, the 1608 appropriate server will also be queried, provided that the 1609 <option>-Q</option> is not specified.</para> 1610 1611 <para>A new utility &man.diskcheckd.8; has been added; it is a 1612 daemon which runs in the background, reading entire disks to find 1613 any read errors on those disks. Its behavior at startup time can 1614 be controlled by the <varname>diskcheckd_enable</varname> variable 1615 in &man.rc.conf.5;.</para> 1616 1617 <para>&man.fmt.1; has been rewritten; the rewrite fixes a number 1618 of bugs compared to its prior behavior.</para> 1619 1620 <para>&man.df.1; now takes a <option>-l</option> option to only 1621 display information about locally-mounted filesystems. &merged;</para> 1622 1623 <para>The syntax of &man.inetd.8;'s support for &man.faithd.8; is 1624 now compatable with that of other BSDs. &merged;</para> 1625 1626 <para>The <literal>ident</literal> protocol support in &man.inetd.8; has 1627 been cleaned up and updated. &merged;</para> 1628 1629 <para>&man.inetd.8; now has the ability to manage UNIX-domain 1630 sockets. &merged;</para> 1631 1632 <para>&man.du.1; now takes a <option>-I</option> command-line flag 1633 to ignore/skip files and subdirectories matching a specified 1634 shell-glob mask. &merged;</para> 1635 1636 <para>The &man.resolver.3; in &os; now implements EDNS0 support, 1637 which will be necessary when working with IPv6 transport-ready 1638 resolvers/DNS servers. &merged;</para> 1639 1640 <para>&man.col.1; now takes a <option>-p</option> to force unknown 1641 control sequences to be passed through unchanged.</para> 1642 1643 <para>The &man.mdmfs.8; command has been added; it is a wrapper 1644 around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and 1645 &man.mount.8; that mimics the command line option set of the 1646 deprecated &man.mount.mfs.8;.</para> 1647 1648 <para>The &man.getprogname.3; and &man.setprogname.3; library 1649 functions have been added to manipulate the name of the current 1650 program. They are used by error-reporting routines to produce 1651 consistent output. &merged;</para> 1652 1653 <para>The &man.kldconfig.8; utility has been added to make it easier to 1654 manipulate the kernel module search path.</para> 1655 1656 <para>&man.moused.8; now takes a <option>-a</option> to control 1657 mouse acceleration.</para> 1658 1659 <para arch="i386">&man.fdisk.8; no longer attempts to search for 1660 a device if none has been specified on the command line, but 1661 instead tries to figure out the default device name from the 1662 root device.</para> 1663 1664 <para>&man.mail.1; now takes a <option>-E</option> flag to avoid 1665 sending messages with empty bodies. &merged;</para> 1666 1667 <para>&man.route.8; is now more verbose when changing indirect 1668 routes, in the case of a gateway route that is the same route as 1669 the one being modified.</para> 1670 1671 <para>&man.route.8; now uses 1672 <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal> 1673 syntax instead of 1674 <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal> 1675 syntax, for compatability with &man.netstat.1;.</para> 1676 1677 <para>&man.route.8; can now create <quote>proxy only</quote> 1678 published ARP entries.</para> 1679 1680 <sect3> 1681 <title>Contributed Software</title> 1682 1683 <para><application>bc</application> has been updated from 1.04 to 1684 1.06. &merged;</para> 1685 1686 <para>The ISC library from the <application>BIND</application> 1687 distribution is now built as 1688 <filename>libisc</filename>. &merged;</para> 1689 1690 <para><application>BIND</application> is now built with the 1691 <literal>NOADDITIONAL</literal> flag, which causes &man.named.8; 1692 to operate in a more consistent fashion for certain common 1693 misconfigurations. &merged;</para> 1694 1695 <para><application>BIND</application> has been updated to 1696 8.2.4-REL.</para> 1697 1698 <para><application>Binutils</application> have been upgraded a 1699 snapshot from 19 July 2001 on the 2.11 development branch.</para> 1700 1701 <para><application>bzip2</application> 1.0.1 has been imported; this 1702 brings the &man.bzip2.1; program and the <filename>libbz2</filename> 1703 library to the base system. &merged;</para> 1704 1705 <para><application>cvs</application> has been updated to 1706 1.11. &merged;</para> 1707 1708 <para>The &man.ee.1; <application>Easy Editor</application> has 1709 been updated to 1.4.2. &merged;</para> 1710 1711 <para><application>file</application> has been updated to 3.36.</para> 1712 1713 <para>&man.awk.1;, in the form of 1714 <application>gawk</application>, has been upgraded from 3.0.4 to 3.0.6. 1715 This fixes a number of non-critical bugs and includes a few 1716 performance tweaks. &merged;</para> 1717 1718 <para><application>gcc</application> has been updated to 2.95.3. &merged;</para> 1719 1720 <para>&man.gcc.1; now uses a unified <filename>libgcc</filename> 1721 rather than a separate one for threaded and non-threaded programs. 1722 <filename>/usr/lib/libgcc_r.a</filename> can be removed. 1723 &merged;</para> 1724 1725 <para>&man.gcc.1; now supports the environment variable 1726 <varname>GCC_OPTIONS</varname>, which can hold a set of default 1727 options for <application>GCC</application>.</para> 1728 1729 <para><application>GNATS</application> has been updated to 1730 3.113.</para> 1731 1732 <para><application>gperf</application> has been updated to 2.7.2.</para> 1733 1734 <para><application>groff</application> and its related utilities 1735 have been updated to FSF version 1.17.2. This import brings in a 1736 new &man.mdoc.7; macro package (sometimes referred to as 1737 <literal>mdocNG</literal>), which removes many of the 1738 limitations of its predecessor. &merged;</para> 1739 1740 <para><application>Heimdal</application> has been updated to 1741 0.3f.</para> 1742 1743 <para>The <application>ISC DHCP</application> client has been 1744 updated to 2.0pl5. &merged;</para> 1745 1746 <para><application>Kerberos IV</application> has been updated to 1747 1.0.5. &merged;</para> 1748 1749 <para>The &man.more.1; command has been replaced by &man.less.1;, 1750 although it can still be run as 1751 <command>more</command>. <application>less</application> has 1752 been imported at 3.5.8. &merged;</para> 1753 1754 <para><application>libpcap</application> has been updated to 1755 0.6.2. &merged;</para> 1756 1757 <para><application>libreadline</application> has been upgraded to 1758 4.2.</para> 1759 1760 <para><application>Linux-PAM</application> has been updated to 1761 0.75. &merged;</para> 1762 1763 <para>A number of new <application>Linux-PAM</application> modules 1764 have been added, including: <filename>pam_ftp</filename>, 1765 <filename>pam_krb5</filename>, 1766 <filename>pam_nologin</filename>, 1767 <filename>pam_rootok</filename>, 1768 <filename>pam_securetty</filename>, 1769 <filename>pam_wheel</filename>.</para> 1770 1771 <para><application>ncurses</application> has been updated to 1772 5.2-20010512.</para> 1773 1774 <para>The <application>OPIE</application> one-time-password suite 1775 has been updated to 2.32. &merged; It has completely replaced 1776 the functionality of <application>S/Key</application>.</para> 1777 1778 <para><application>Perl</application> has been updated to version 1779 5.6.0.</para> 1780 1781 <para>&man.routed.8; has been updated to version 2.22. &merged;</para> 1782 1783 <para><application>tcpdump</application> has been updated to 1784 3.6.3. &merged;</para> 1785 1786 <para>The &man.csh.1; shell has been replaced by &man.tcsh.1;, 1787 although it can still be run as <command>csh</command>. 1788 <application>tcsh</application> has been updated to version 1789 6.10. &merged;</para> 1790 1791 <para>&man.traceroute.8; now takes its default maximum TTL value 1792 from the <varname>net.inet.ip.ttl</varname> sysctl 1793 variable. &merged;</para> 1794 1795 <sect4 id="kame-userland"> 1796 <title>KAME</title> 1797 1798 <para>The IPv6 stack is now based on a snapshot based on the KAME 1799 Project's IPv6 snapshot as of 28 May, 2001. Most of the 1800 items listed in this section are a result of this import. 1801 <xref linkend="kame-kernel"> lists kernel updates to the KAME 1802 IPv6 stack. &merged;</para> 1803 1804 <para>&man.faithd.8; now supports a configuration file for 1805 access control. &merged;</para> 1806 1807 <para>&man.ifconfig.8; can now perform the functions of 1808 &man.gifconfig.8;. &merged;</para> 1809 1810 <para>&man.ifconfig.8; can now perform the functions of 1811 &man.prefix.8;. &man.prefix.8; is now a shell script for 1812 partial backwards compatability. &merged;</para> 1813 1814 <para>&man.ndp.8; now implements garbage collection for stale 1815 NDP entries, as described in RFC 2461 (Neighbor Discovery for 1816 IP Version 6 (IPv6)). &merged;</para> 1817 1818 <para>&man.pim6dd.8; and &man.pim6sd.8; have been removed due to 1819 restrictive licensing conditions. These programs are available 1820 in the ports collection as <filename>net/pim6dd</filename> and 1821 <filename>net/pim6dd</filename>. &merged;</para> 1822 1823 <para>&man.route6d.8; now supports a <option>-n</option> flag 1824 to avoid updating the kernel forwarding table. &merged;</para> 1825 1826 <para>The <option>-R</option> (router renumbering) option to 1827 &man.rtadvd.8; is currently ignored. &merged;</para> 1828 </sect4> 1829 1830 <sect4> 1831 <title>OpenSSH</title> 1832 1833 <para><application>OpenSSH</application> has been upgraded to 1834 2.1.0, which provides support for the SSH2 protocol, including DSA 1835 keys. Therefore, <application>OpenSSH</application> users in the 1836 US no longer need to rely on the restrictively-licensed 1837 RSAREF toolkit which is required to 1838 handle RSA keys. <application>OpenSSH</application> 2.1 interoperates well with other SSH2 1839 clients and servers, including the <filename>ssh2</filename> port. 1840 See the <ulink url="http://www.openssh.com/">OpenSSH Web 1841 site</ulink> for more details. &merged;</para> 1842 1843 <para><application>OpenSSH</application> can now authenticate 1844 using OPIE passwords in SSH1 mode. Support is not yet available 1845 in SSH2 mode. &merged;</para> 1846 1847 <para><application>OpenSSH</application> has been upgraded to 1848 2.2.0. &man.ssh-add.1; and &man.ssh-agent.1; can now handle DSA 1849 keys. A server for sftp, interoperable with ssh.com 1850 clients and others has been added. &man.scp.1; can now handle 1851 files larger than 2 GBytes. Interoperability with other SSH2 1852 clients/servers has been improved. A new feature to limit the 1853 number of outstanding unauthenticated ssh connections in 1854 &man.sshd.8; has been added. &merged;</para> 1855 1856 <para><application>OpenSSH</application> has been upgraded to 1857 2.3.0. This version adds support for the Rijndael encryption 1858 algorithm. &merged;</para> 1859 1860 <para><application>PAM</application> support for 1861 <application>OpenSSH</application> has been added.</para> 1862 1863 <para>A long-standing bug in <application>OpenSSH</application>, 1864 which sometimes resulted in a dropped session when an 1865 X11-forwarded client was closed, was fixed.</para> 1866 1867 <para><application>Kerberos</application> compatability has been 1868 added to <application>OpenSSH</application>. &merged;</para> 1869 1870 <para><application>OpenSSH</application> has been modified to be 1871 more resistant to traffic analysis by requiring that 1872 <quote>non-echoed</quote> characters are still echoed back in a 1873 null packet, as well as by padding passwords sent so as not to 1874 hint at password lengths. &merged;</para> 1875 1876 <para>&man.sshd.8; is now enabled by default on new 1877 installs. &merged;</para> 1878 1879 <para>&man.sshd.8; <literal>X11Forwarding</literal> is now turned 1880 on by default on the server (any risk is to the client, where it 1881 is already disabled by default).</para> 1882 1883 <para>In <filename>/etc/ssh/sshd_config</filename>, the 1884 <literal>ConnectionsPerPeriod</literal> parameter has been 1885 deprecated in favor of <literal>MaxStartups</literal>.</para> 1886 1887 <para><application>OpenSSH</application> now has a 1888 <literal>VersionAddendum</literal> configuration setting for 1889 &man.sshd.8; to allow changing the part of the 1890 <application>OpenSSH</application> version string after the 1891 main version number.</para> 1892 1893 <para><application>OpenSSH</application> has been updated to 1894 version 2.9, which adds two new programs, &man.sftp.1; and 1895 &man.ssh-keyscan.1;. Among the various enhancements: The 1896 default protocol is now v2, rekeying of existing SSH sessions 1897 is now supported, and an experimental 1898 <application>SOCKS4</application> proxy has been added to 1899 &man.ssh.1;.</para> 1900 </sect4> 1901 1902 <sect4> 1903 <title>OpenSSL</title> 1904 1905 <para><application>OpenSSL</application> has been upgraded to 1906 0.9.6b.</para> 1907 1908 <para><application>OpenSSL</application> now has support for 1909 machine-dependent ASM optimizations, activated by the new 1910 <varname>MACHINE_CPU</varname> and/or <varname>CPUTYPE</varname> 1911 <filename>make.conf</filename> variables. &merged;</para> 1912 </sect4> 1913 1914 <sect4> 1915 <title>sendmail</title> 1916 1917 <para><application>sendmail</application> has been upgraded from 1918 version 8.9.3 to version 8.11.5. Important changes include: new 1919 default file locations (see 1920 <filename>/usr/src/contrib/sendmail/cf/README</filename>); 1921 &man.newaliases.1; is limited to <username>root</username> and 1922 trusted users; STARTTLS encryption; and the MSA port (587) is 1923 turned on by default. See 1924 <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> for 1925 more information. &merged;</para> 1926 1927 <para>&man.mail.local.8; is no longer installed as a SUID binary. 1928 If you are using a <filename>/etc/mail/sendmail.cf</filename> from 1929 the default <filename>sendmail.cf</filename> included with &os; 1930 any time after 3.1.0, you are fine. If you are using a 1931 hand-configured <filename>sendmail.cf</filename> and 1932 <command>mail.local</command> for delivery, check to make sure the 1933 <literal>F=S</literal> flag is set on the 1934 <literal>Mlocal</literal> line. Those with 1935 <filename>.mc</filename> files who need to add the flag can do so 1936 by adding the following line to their <filename>.mc</filename> 1937 file and regenerating the <filename>sendmail.cf</filename> 1938 file:</para> 1939 1940 <programlisting>MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting> 1941 1942 <para>Note that <literal>FEATURE(`local_lmtp')</literal> already 1943 does this. &merged;</para> 1944 1945 <para>The default <filename>/etc/mail/sendmail.cf</filename> 1946 disables the SMTP <literal>EXPN</literal> and 1947 <literal>VRFY</literal> commands. &merged;</para> 1948 1949 <para>&man.vacation.1; has been updated to use the version included with 1950 <application>sendmail</application>. &merged;</para> 1951 1952 <para>The <application>sendmail</application> configuration 1953 building tools are installed in 1954 <filename>/usr/share/sendmail/cf/</filename>. &merged;</para> 1955 1956 <para>New <filename>make.conf</filename> options: 1957 <varname>SENDMAIL_MC</varname> and 1958 <varname>SENDMAIL_ADDITIONAL_MC</varname>. See 1959 <filename>/etc/defaults/make.conf</filename> for more 1960 information. &merged;</para> 1961 1962 <para><filename>/etc/mail/Makefile</filename> now supports: the 1963 new <varname>SENDMAIL_MC</varname> <filename>make.conf</filename> 1964 option; the ability to build <filename>.cf</filename> files from 1965 <filename>.mc</filename> files; generalized map rebuilding; 1966 rebuilding the aliases file; and the ability to stop, start, and 1967 restart <application>sendmail</application>. &merged;</para> 1968 </sect4> 1969 </sect3> 1970 1971 <sect3> 1972 <title>Ports/Packages Collection</title> 1973 1974 <para>Version numbers of installed packages have a new 1975 (backward-compatible) syntax, which supports the 1976 <varname>PORTREVISION</varname> and <varname>PORTEPOCH</varname> 1977 variables in Ports Collection <filename>Makefile</filename>s. 1978 These changes help keep track of changes in the ports collection 1979 entries such as security patches or &os;-specific updates, which 1980 aren't reflected in the original, third-party software 1981 distributions. &man.pkg.version.1; can now compare these 1982 new-style version numbers. &merged;</para> 1983 1984 <para>To improve performance and disk utilization, the <quote>ports 1985 skeletons</quote> in the FreeBSD Ports Collection have been restructured. 1986 Installed ports and packages should not be affected. &merged;</para> 1987 1988 <para>All packages and ports now contain an <quote>origin</quote> 1989 directive, which makes it easier for programs such as 1990 &man.pkg.version.1; to determine the directory from which a 1991 package was built. &merged;</para> 1992 1993 <para>&man.pkg.update.1;, a utility to update installed packages 1994 and update their dependencies, has been added. &merged;</para> 1995 1996 <para>&man.pkg.info.1; now supports globbing against names of 1997 installed packages. The <option>-G</option> option disables this 1998 behavior, and the <option>-x</option> option causes regular 1999 expression matching instead of shell globbing. &merged;</para> 2000 2001 <para>&man.pkg.info.1; can now accept a <option>-g</option> flag for 2002 verifying an installed package against its recorded checksums (to 2003 see if it's been modified post-installation). Naturally, this 2004 mechanism is only as secure as the contents of 2005 <filename>/var/db/pkg</filename> if it's to be used for auditing 2006 purposes. &merged;</para> 2007 2008 <para>&man.pkg.create.1; and &man.pkg.add.1; can now work with 2009 packages that have been compressed using 2010 &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT 2011 environment variable to determine a mirror site for new 2012 packages. &merged;</para> 2013 2014 <para>&man.pkg.create.1; now records dependencies in dependency 2015 order rather than in the order specified on the command line. 2016 This improves the functioning of <command>pkg_add 2017 -r</command>. &merged;</para> 2018 2019 <para>&man.pkg.version.1; now has a version number comparison 2020 routine that corresponds to the Porters Handbook. It also has a 2021 <option>-t</option> option for testing address comparisons. 2022 &merged;</para> 2023 2024 <para>&man.pkg.version.1; now takes a <option>-s</option> flag 2025 to limit its operation to ports/packages matching a given 2026 string. &merged;</para> 2027 2028 <para>When requested to delete multiple packages, 2029 &man.pkg.delete.1; will now attempt to remove them in dependency 2030 order rather than the order specified on the command 2031 line. &merged;</para> 2032 2033 <para>&man.pkg.delete.1; now can perform glob/regexp matching of 2034 package names. In addition, it supports a <option>-a</option> 2035 option for removing all packages and a <option>-i</option> option 2036 for &man.rm.1;-style interactive confirmation. &merged;</para> 2037 2038 <para>&man.pkg.sign.1; and &man.pkg.check.1; have been added to 2039 digitally sign and verify the signatures on binary package 2040 files. &merged;</para> 2041 2042 <para><application>BSDPAN</application>, a collection of modules 2043 that provides tighter integration of 2044 <application>Perl</application> into the &os; Ports 2045 Collection, has been added.</para> 2046 </sect3> 2047 </sect2> 2048</sect1> 2049