article.xml revision 89446
1<articleinfo> 2 <title>&os;/&arch; &release.current; Release Notes</title> 3 4 <corpauthor>The FreeBSD Project</corpauthor> 5 6 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 89446 2002-01-17 05:56:39Z bmah $</pubdate> 7 8 <copyright> 9 <year>2000</year> 10 <year>2001</year> 11 <year>2002</year> 12 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 13 </copyright> 14 15 <abstract> 16 <para>The release notes for &os; &release.current; contain a summary 17 of the changes made in the &os; base system since &release.prev;. 18 Both changes for kernel and userland are listed, as well as 19 applicable security advisories that were issued since the last 20 release. Some brief remarks on upgrading are also presented.</para> 21 </abstract> 22</articleinfo> 23 24<sect1> 25 <title>Introduction</title> 26 27 <para>This document contains the release notes for &os; &release.current; on 28 the &arch.print; hardware platform. It describes new features of &os; 29 that have been added (or changed) since &release.prev;. It also 30 provides some notes on upgrading from previous versions of &os;.</para> 31 32<![ %release.type.snapshot [ 33 34 <para>The &release.type; distribution to which these release notes 35 apply represents a point along the &release.branch; development 36 branch between &release.prev; and the future &release.next;. Some pre-built, 37 binary &release.type; distributions along this branch can be found 38 at <ulink url="&release.url;"></ulink>.</para> 39 40]]> 41 42<![ %release.type.release [ 43 44 <para>This distribution of &os; &release.current; is a &release.type; 45 distribution. It can be found at <ulink 46 url="&release.url;"></ulink> or any of its mirrors. More 47 information on obtaining this (or other) &release.type; distributions of 48 &os; can be found in the <ulink 49 url="http://www.FreeBSD.org/handbook/mirrors.html"><quote>Obtaining 50 FreeBSD</quote> appendix</ulink> to the <ulink 51 url="http://www.FreeBSD.org/handbook/">FreeBSD Handbook</ulink>.</para> 52 53]]> 54</sect1> 55 56<sect1> 57 <title>What's New</title> 58 59 <para>This section describes the most user-visible new or changed 60 features in &os; since &release.prev;. Typical release note items 61 document new drivers or hardware support, new commands or options, 62 major bugfixes, or contributed software upgrades. Security 63 advisories issued after &release.prev; are also listed. In general, changes 64 described here are unique to the &release.branch; branch unless 65 specifically marked as &merged; features.</para> 66 67 <para>Many additional changes were made to &os; that are not listed 68 here for lack of space. For example, documentation was corrected 69 and improved, minor bugs were fixed, insecure coding practices were 70 audited and corrected, and source code was cleaned up.</para> 71 72 <sect2 id="kernel"> 73 <title>Kernel Changes</title> 74 75 <para>The &man.kqueue.2; event notification facility was added to 76 the &os; kernel. This is a new interface which is able to 77 replace &man.poll.2;/&man.select.2;, offering improved performance, 78 as well as the ability to report many different types of events. 79 Support for monitoring changes in sockets, pipes, fifos, and files 80 are present, as well as for signals and processes. &merged;</para> 81 82 <para>Support for USB devices was added to the 83 <filename>GENERIC</filename> kernel and to the installation 84 programs to support USB devices out of the box. Note that SRM 85 does not support USB devices at the moment, so you must still use 86 an AT keyboard if you are not using a serial console. &merged;</para> 87 88 <para>POSIX.1b Shared Memory Objects are now supported. The 89 implementation uses regular files, but automatically enables the 90 MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para> 91 92 <para>The &man.agp.4; driver for AGP devices has been added. &merged;</para> 93 94 <para>Replaced the <literal>PQ_*CACHE</literal> options with a 95 single <literal>PQ_CACHESIZE</literal> option to be set to 96 the cache size in kilobytes. The old options are still supported 97 for backwards compatibility. &merged;</para> 98 99 <para arch="i386">The <literal>NCPU</literal>, <literal>NAPIC</literal>, 100 <literal>NBUS</literal>, and <literal>NINTR</literal> kernel 101 configuration options, for configuring SMP kernels, have been 102 removed. <literal>NCPU</literal> is now set to a maximum of 16, 103 and the other, aforementioned options are now 104 dynamic. &merged;</para> 105 106 <para>&man.devfs.5;, which allows entries in the 107 <filename>/dev</filename> directory to be built automatically and 108 supports more flexible attachment of devices, has been largely 109 reworked. &man.devfs.5; is now enabled by default and can be 110 disabled by the <literal>NODEVFS</literal> kernel option.</para> 111 112 <para>Write combining for crashdumps has been implemented. This 113 feature is useful when write caching is disabled on both SCSI and 114 IDE disks, where large memory dumps could take up to an hour to 115 complete. &merged;</para> 116 117 <para>Extremely large swap areas (>67 GB) no longer panic the 118 system.</para> 119 120 <para arch="i386">The &man.ichsmb.4; driver for the Intel 82801AA 121 (ICH) SMBus controller and compatibles has been 122 added. &merged;</para> 123 124 <para arch="i386">The &man.uscanner.4; driver for basic USB scanner support 125 using SANE has been added. See <ulink 126 url="http://www.mostang.com/sane/">the SANE home page</ulink> for 127 supported scanners. The HP ScanJet 4100C, 5200C and 6300C are 128 known to be working.</para> 129 130 <para arch="i386">The umodem driver for USB modems has been added. 131 Support is provided for the 3Com 5605 and Metricom Ricochet GS 132 wireless USB modems.</para> 133 134 <para arch="alpha">Support for threads under Linux emulation has been 135 added.</para> 136 137 <para>A number of cleanups and enhancements have been applied to 138 the PCI subsystem.</para> 139 140 <para arch="i386">The &man.spic.4; driver, which provides access to the jog 141 dial device on some Sony laptops, has been added.</para> 142 143 <para arch="i386">PECOFF (Win32 Execution file format) support has been 144 added.</para> 145 146 <para>A VESA S3 linear framebuffer driver has been added.</para> 147 148 <para>The <maketarget>buildkernel</maketarget> target now gets the 149 name of the configuration(s) to build from the 150 <varname>KERNCONF</varname> variable, not 151 <varname>KERNEL</varname>. It is no longer required, in some 152 cases, for a <maketarget>buildworld</maketarget> to precede a 153 <maketarget>buildkernel</maketarget>. (The 154 <maketarget>buildworld</maketarget> is still required when 155 upgrading across major releases, across 156 <application>binutil</application> updates and when &man.config.8; 157 changes version.) &merged; 158 </para> 159 160 <para>The &man.random.4; device has been rewritten to use the 161 <application>Yarrow</application> algorithm. It harvests entropy 162 from a variety of interrupt sources, including the console 163 devices, Ethernet and point-to-point network interfaces, and 164 mass-storage devices. Entropy from the &man.random.4; device is 165 now periodically saved to files in 166 <filename>/var/db/entropy</filename>, as well as at 167 shutdown time. The semantics of <filename>/dev/random</filename> 168 have changed; it never blocks waiting for entropy bits but 169 generates a stream of pseudo-random data and now behaves exactly 170 as <filename>/dev/urandom</filename>.</para> 171 172 <para>The &man.syscons.4; driver now supports keyboard-controlled 173 pasting, by default bound to 174 <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para> 175 176 <para>The &man.labpc.4; driver has been removed due to 177 <quote>bitrot</quote>.</para> 178 179 <para>A new kernel option, <literal>options REGRESSION</literal>, 180 enables interfaces and functionality intended for use during 181 correctness and regression testing.</para> 182 183 <para>The <literal>USER_LDT</literal> kernel option is now 184 activated by default.</para> 185 186 <para>A new &man.ddb.4; command <command>show pcpu</command> lists 187 some of the per-CPU data.</para> 188 189 <para>A new digi driver has been added to support PCI Xr-based and ISA 190 Xem Digiboard cards. A new &man.digictl.8; program is (mainly) used to 191 re-initialize cards that have external port modules attached such as 192 the PC/Xem.</para> 193 194 <para>The dgm driver has been removed in favor of the digi driver.</para> 195 196 <para>The <literal>O_DIRECT</literal> flag has been added to 197 &man.open.2; and &man.fcntl.2;. Specifying this flag for open 198 files will attempt to minimize the cache effects of reading and 199 writing. &merged;</para> 200 201 <para>An &man.orm.4; device has been added to claim the option 202 ROMs in the ISA memory I/O space, to prevent other drivers from 203 mistakenly assigning addresses that conflict with these ROMs. &merged;</para> 204 205 <para>The out-of-swap process termination code now begins killing 206 processes earlier to avoid deadlocks; it now also takes into 207 account the swap space used by processes when computing the 208 process sizes. &merged;</para> 209 210 <para>Linker sets are now self-contained; &man.gensetdefs.8; is 211 unnecessary and has been removed.</para> 212 213 <para>Numerous SMP-friendly changes have been made to the kernel's 214 mbuf allocator.</para> 215 216 <para>Network device cloning has been implemented, and the &man.gif.4; 217 device has been modified to take advantage of it. 218 Thus, instead of specifying how many &man.gif.4; interfaces 219 are available in kernel configuration files, &man.ifconfig.8;'s 220 <option>create</option> option should be used when another device 221 instance is desired. &merged;</para> 222 223 <para>The kernel message buffer is now accessible by the 224 (machine-independent) <varname>kern.msgbuf</varname> sysctl 225 variable; &man.dmesg.8; no longer needs to be SGID 226 <groupname>kmem</groupname>.</para> 227 228 <para>Two new &man.ddb.4; commands, <command>hwatch</command> and 229 <command>dhwatch</command>, have been introduced. Analogous to 230 <command>watch</command> and <command>dwatch</command>, they install 231 hardware watchpoints (as opposed to software watchpoints) if supported 232 by the architecture. &merged;</para> 233 234 <para>A &man.nmdm.4; null-modem terminal driver has been added. 235 &merged;</para> 236 237 <para>The <varname>maxusers</varname> kernel configuration 238 parameter is now a boot-time tunable variable. The kernel 239 parameters derived from <varname>maxusers</varname> are now also 240 tunables and can be overridden at boot-time. The 241 <varname>hz</varname> parameter is also now a tunable. &merged;</para> 242 243 <para>Specifying a value of <literal>0</literal> for the 244 <varname>maxusers</varname> kernel configuration parameter will 245 now cause an appropriate value to be calculated at boot-time 246 (between 32 and 512, depending on the amount of memory present). 247 This value is now the default for all 248 <filename>GENERIC</filename> kernels. &merged;</para> 249 250 <para>It is now possible to hardwire kernel environment variables (such 251 as tuneables) at compile-time using &man.config.8;'s 252 <literal>ENV</literal> directive.</para> 253 254 <para>The loader and kernel linker now look for files named 255 <filename>linker.hints</filename> in each directory with KLDs for a 256 module name and version to KLD filename mapping. The new 257 &man.kldxref.8; utility is used to generate these files.</para> 258 259 <para>Idle zeroing of pages can be enabled with the 260 <varname>vm.zeroidle_enable</varname> sysctl variable.</para> 261 262 <para arch="i386">The load addresses of kernels are now exported to the 263 symbol table and various hard-coded constants have been removed so that 264 utilities such as &man.ps.1; can work with kernels compiled at 265 different addresses. &merged;</para> 266 267 <para arch="i386">A new <varname>KVA_SPACE</varname> kernel option 268 can be used to reconfigure the size of the kernel virtual address 269 space. &merged;</para> 270 271 <para>Coredumps of large processes (or of a large number of 272 processes) no longer lock up the machine for long periods of 273 time. &merged;</para> 274 275 <para>Each &man.jail.2; environment can now run under its own 276 securelevel.</para> 277 278 <para arch="alpha">A <varname>MAXMEM</varname> kernel option, 279 along with the <varname>hw.physmem</varname> environment variable, can be 280 used to artificially reduce the memory size of a machine for 281 testing (or other purposes). &merged;</para> 282 283 <para>An &man.eaccess.2; system call has been added, similar to 284 &man.access.2; except that the former uses effective credentials 285 rather than real credentials.</para> 286 287 <para arch="i386">The &man.amdpm.4; driver has been added to 288 provide access to the system monitoring functions of the AMD 756 289 chipset. &merged;</para> 290 291 <para>The kernel is now aware of the concept that there are 292 smaller units of scheduling than a process (but only one thread 293 per process is allowed at this time).</para> 294 295 <para>The kernel now has support for multiple low-level console 296 devices. The new &man.conscontrol.8; utility helps to manage the 297 different consoles.</para> 298 299 <para arch="alpha">The console driver has gained support for TGA-based 300 display adapters.</para> 301 302 <para>The kernel on the installation CDs is now separated from the 303 <filename>mfsroot</filename> image. This permits the use of a 304 full kernel when installing from CD on machines that support CD 305 booting (instead of the stripped-down kernel used on 306 floppies). &merged;</para> 307 308 <para arch="i386">The pmc driver, which supports the power 309 management controller of the NEC PC-98NOTE, has been 310 added. &merged;</para> 311 312 <para>The kernel configuration parameters 313 <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>, 314 <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>, 315 <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are 316 all loader tunables (<varname>kern.maxtsiz</varname>, 317 <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para> 318 319 <para>The system load average computation now adds some jitter to 320 the timing of samples, in order to avoid synchronization with 321 processes that run periodically. &merged;</para> 322 323 <para>Linux emulation now supports the kernel functionality 324 required by the 325 <port>emulators/linux_base-7</port> (RedHat 7.X emulation) 326 port. &merged;</para> 327 328 <para>If a debugging kernel with modules is being built 329 (i.e. using <literal>makeoptions DEBUG=-g</literal>), the modules 330 will now be built with debugging support as well, for 331 completeness. A side effect of this change is that modules built 332 and installed with debugging kernels will now occupy more space on 333 disk than they did previously. &merged;</para> 334 335 <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control 336 security facility, has been added as a kernel module. It provides 337 a drop-in security mechanism in addition to the traditional 338 UID-based security facilities, requiring no additional 339 configuration from the administrator. Work on this feature was 340 sponsored by DARPA and NAI Labs.</para> 341 342 <para>The tunable sysctl variables for &man.jail.2; have moved 343 from <varname>jail.*</varname> to the 344 <varname>security.*</varname> hierarchy. Other security-related 345 sysctl variables have moved from <varname>kern.security.*</varname> to 346 <varname>security.*</varname>.</para> 347 348 <para>The <varname>kern.maxvnodes</varname> limit now properly 349 limits the number of vnodes in use. Previously only vnodes with 350 no cached pages could be freed; this could allow the number of 351 vnodes to grow without limit on large-memory machines accessing 352 many small files. A <literal>vnlru</literal> kernel thread helps 353 to flush and reuse vnodes. &merged;</para> 354 355 <sect3> 356 <title>Processor/Motherboard Support</title> 357 358 <para>SMP support has been largely reworked, incorporating code 359 from BSD/OS 5.0. One of the main features of SMPng (<quote>SMP 360 Next Generation</quote>) is to allow more processes to run in 361 kernel, without the need for spin locks that can dramatically 362 reduce the efficiency of multiple processors. Interrupt 363 handlers now have contexts associated with them that allow them 364 to be blocked, which reduces the need to lock out 365 interrupts.</para> 366 367 <para arch="i386">Support for the 80386 processor has been 368 removed from the <filename>GENERIC</filename> kernel, as this 369 code seriously pessimizes performance on other IA32 370 processors.</para> 371 372 <para arch="i386">The <literal>I386_CPU</literal> kernel option 373 to support the 80386 processor is now mutually exclusive with 374 support for other IA32 processors; this should slightly improve 375 performance on the 80386 due to the elimination of runtime 376 processor type checks.</para> 377 378 <para arch="i386">Custom kernels that will run on the 80386 can 379 still be built by changing the cpu options in the kernel 380 configuration file to only include 381 <literal>I386_CPU</literal>.</para> 382 383 <para arch="alpha">AlphaServer 1200 (<quote>Tincup</quote>) has 384 been tested and works OK. Currently it does not want to boot 385 from CD or floppy but a transplanted disk that was installed on 386 another Alpha works well. &merged;</para> 387 388 <para arch="alpha">The API UP1100 mainboard has been verified to work.</para> 389 390 <para arch="alpha">The API CS20 1U high server has been verified to work.</para> 391 392 <para arch="alpha">The DEC3000 series support has been removed from the mfsroot 393 floppy image so that it fits on a 1.44 Mbyte floppy again. As the 394 DEC3000 is currently only usable diskless this should not cause 395 any problems.</para> 396 397 <para arch="alpha">Support for AlphaServer 2100A (<quote>Lynx</quote>) has been 398 added.</para> 399 400 <para arch="alpha">Kernel code has been added that allows older generation Alpha CPUs 401 (EV4 and EV5) to emulate instructions of the newer Alpha CPU 402 generations. This enables the use of binary-only programs like <application>Adobe 403 Acrobat 4</application> on EV4 and EV5.</para> 404 405 <para arch="alpha">SMP support for the Alpha is now operational.</para> 406 407 <para arch="i386">Detection for new processors, such as the 408 FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and Transmeta 409 Crusoe LongRun, has been added. &merged;</para> 410 411 <para arch="alpha">Support for the following hardware has been removed 412 from the installation kernel to make it fit on a 1.44MB floppy again: 413 Multia, NoName, PC64, EB64, Aspen Alpine, sa (SCSI tape), amr, parallel 414 port support, vx (3c590, 3c595), pcn (AMD Am79C97x PCI 10/100), 415 sf (Adaptec AIC-6915), sis (SiS 900/SiS 7016), ste (Sundance ST201 416 (D-Link DFE-550TX)), wb (Winbond W89C840F).</para> 417 418 <para arch="i386">Support for Streaming <acronym>SIMD</acronym> 419 Extensions (<acronym>SSE</acronym>) has been introduced. The 420 <literal>CPU_ENABLE_SSE</literal> kernel option controls whether 421 support is compiled into the kernel. &merged;</para> 422 </sect3> 423 424 <sect3> 425 <title>Bootloader Changes</title> 426 427 <para arch="i386">A new <filename>cdboot</filename> bootstrap utility for CDROMs provides 428 better compatability with some BIOS implementations that do not 429 completely implement the El Torito bootable CDROM standard. This 430 boot loader supports <quote>no emulation</quote> mode booting, 431 thus eliminating the need for an emulated floppy disk image on 432 a bootable CDROM. &merged;</para> 433 434 <para arch="i386">The i386 boot loader now has support for a 435 <literal>nullconsole</literal> 436 console type, for use on systems with neither a video console nor 437 a serial port. &merged;</para> 438 439 <para arch="i386">The &man.loader.8; now has optional support 440 (enabled at compile-time, off by default) for loading 441 <application>bzip2</application>-compressed kernels and 442 modules. &merged;</para> 443 444 <para arch="i386">Support for Intel's Wired for Management 2.0 (PXE) 445 was added to the &os; boot loader. Due to API differences, the 446 older PXE versions are not supported. This allow network booting 447 using DHCP. &merged;</para> 448 449 <!-- Above this line, order bootloader changes by keyword--> 450 451 <para arch="i386">The &os; boot loader now contains a workaround 452 to support CDROM booting on certain IBM BIOSs that expect the 453 first sector of the emulated floppy to contain a valid MS-DOS BPB 454 that they can modify. &merged;</para> 455 456 <para arch="i386">The &os; boot loader now supports a 457 <option>-p</option> flag to force the kernel to pause after each 458 line of output during the probing phase. &merged;</para> 459 460 <para arch="alpha,i386">The &os; boot loader is now capable of 461 booting from filesystems with block sizes larger than 8K. &merged;</para> 462 463 <para>The kernel and modules have been moved to the directory 464 <filename>/boot/kernel</filename>, so they can be easily 465 manipulated together. The boot loader has been updated to make 466 this change as seamless as possible.</para> 467 </sect3> 468 469 <sect3> 470 <title>Network Interface Support</title> 471 472 <para>The &man.an.4; driver for Cisco Aironet cards now supports 473 Wired Equivalent Privacy (WEP) encryption, settable via 474 &man.ancontrol.8;. &merged;</para> 475 476 <para>The &man.an.4; driver now supports the Cisco Aironet 350 477 series of adaptors. &merged;</para> 478 479 <para>The &man.an.4; driver now supports <quote>monitor</quote> 480 mode, settable via the <option>-M</option> option to 481 &man.ancontrol.8;. &merged;</para> 482 483 <para arch="i386">The &man.bge.4; driver has been added to 484 support the Broadcom BCM570x family of Gigabit Ethernet 485 controllers, including the 3Com 3c996-T, the SysKonnect SK-9D21 486 and SK-9D41, and the built-in Gigabit Ethernet NICs on Dell 487 PowerEdge 2550 servers. Output TCP/IP checksum offload, jumbo frames 488 and VLAN tag insertion/stripping are supported, as well as 489 interrupt moderation. &merged;</para> 490 491 <para>The &man.dc.4; driver now supports NICs based on the Xircom 492 3201 and Conexant LANfinity RS7112 chips.</para> 493 494 <para>The &man.de.4; driver now performs round-robin arbitration 495 between the transmit and receive units of the 21143, instead of 496 giving priority to the receive unit. This gives a 10–15% 497 performance improvement in the forwarding rate under heavy 498 load. &merged;</para> 499 500 <para arch="alpha">The &man.ed.4; driver is now supported.</para> 501 502 <para arch="i386">Linksys Fast Ethernet PCCARD cards supported by the 503 &man.ed.4; driver now require the addition of flag 504 <literal>0x80000</literal> to their config line in 505 &man.pccard.conf.5;. This flag is not optional. These Linksys 506 cards will not be recognized without it. &merged;</para> 507 508 <para>A bug in the &man.ed.4; driver that could cause panics with 509 very short packets and BPF or bridging active has been 510 fixed. &merged;</para> 511 512 <para>The &man.ed.4; driver now has support for D-Link 513 DL10022 chips, necessary for the NetGear FA-410TX and other 514 cards. As a result, <literal>device miibus</literal> is 515 required in kernel configurations using the &man.ed.4; 516 driver. &merged;</para> 517 518 <para arch="i386">The &man.el.4; driver can now be loaded as a 519 module.</para> 520 521 <para arch="i386">The &man.em.4; driver has been added to 522 support NICs based on the Intel 82542, 82543, and 82544 Gigabit 523 Ethernet controller chips. The driver supports transmit/receive 524 checksum offload and jumbo frames on 82543 and 82544-based 525 adapters. &merged;</para> 526 527 <para>The &man.faith.4; device is now loadable, unloadable, and 528 clonable. &merged;</para> 529 530 <para arch="i386">Support for Fujitsu MB86960A/MB86965A based Ethernet 531 PC-Cards has been added back in the &man.fe.4; driver. &merged;</para> 532 533 <para arch="alpha">The &man.fpa.4; driver now supports Digital's 534 DEFPA FDDI adaptors on the Alpha.</para> 535 536 <para>The &man.fxp.4; driver now requires a <literal>device 537 miibus</literal> entry in the kernel configuration file. &merged;</para> 538 539 <para>The &man.fxp.4; driver now contains a workaround for 540 PCI protocol violations caused by defects in some systems based 541 on the Intel ICH2/ICH2-M chip. The workaround is to rewrite the 542 EEPROM on the interface to disable Dynamic Standby Mode; once 543 the EEPROM is rewritten, the system needs to be rebooted for the 544 new settings to take effect. &merged;</para> 545 546 <para>The &man.fxp.4; driver now supports Intel's loadable 547 microcode to implement receive-side interrupt coalescing and 548 packet bundling, on NICs that support these features. This 549 support can be activated by the use of the 550 <option>link0</option> option to &man.ifconfig.8;. &merged;</para> 551 552 <para>The &man.gx.4; driver has been added to support NICs based 553 on the Intel 82542 and 82543 Gigabit Ethernet controller chips. 554 Both fiber and copper variants of the cards are supported. Both 555 boards support VLAN tagging/insertion, and the 82543 additionally 556 supports TCP/IP checksum offload. &merged;</para> 557 558 <para>The &man.lge.4; driver has been added to support the Level 559 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This 560 device is used on some fiber optic GigE cards from SMC, D-Link 561 and Addtron. Jumbograms and TCP/IP checksum offload on receive 562 are supported, although hardware VLAN filtering is not. &merged;</para> 563 564 <para>Added the &man.nge.4; driver, which supports PCI Gigabit 565 Ethernet adapters based on the National Semiconductor DP83820 566 and DP83821 Gigabit Ethernet controller chips, including the 567 D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante 568 FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron 569 AEG320T. This driver supports transmit and receive checksum 570 offloading. &merged;</para> 571 572 <para>The &man.pcn.4; driver, which supports the AMD PCnet/FAST, 573 PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and HomePNA 574 adapters, has been added. Although these cards are already 575 supported by the &man.lnc.4; driver, the &man.pcn.4; driver runs 576 these chips in 32-bit mode and uses the RX alignment feature to 577 achieve zero-copy receive. This driver is also 578 machine-independent, so it will work on both the i386 and Alpha 579 platforms. The &man.lnc.4; driver is still needed to support non-PCI 580 cards. &merged;</para> 581 582 <para>The &man.ray.4; driver, which supports the Webgear Aviator 583 wireless network cards, has been committed. The operation of 584 &man.ray.4; interfaces can be modified by 585 &man.raycontrol.8;. &merged;</para> 586 587 <para arch="i386">The sbni driver, for supporting the Granch 588 SBNI12 series of ISA and PCI point-to-point communications 589 interfaces, has been added. The <port>sysutil/sbniconfig</port> 590 port in the &os; Ports Collection can be used for configuring 591 these devices. &merged;</para> 592 593 <para>Added support for PCI Ethernet adapters based on the 594 SiS 900 and SiS 7016 Fast Ethernet controller chips (for 595 example, as seen on the SiS 635 and 735 motherboard chipsets), as well as the 596 National Semiconductor DP83815 chipset (including the NetGear 597 FA311-TX and FA312-TX) in the form of the &man.sis.4; driver. 598 This device has support for VLANs. &merged;</para> 599 600 <para arch="i386">The snc driver for the National Semiconductor 601 DP8393X (SONIC) Ethernet controller has been added. Currently, 602 this driver is only used on the PC-98 architecture. &merged;</para> 603 604 <para>The &man.stf.4; device is now clonable.</para> 605 606 <para>The &man.tap.4; driver, a virtual Ethernet device driver for 607 bridged configurations, has been added. This device is 608 clonable. &merged;</para> 609 610 <para>The &man.ti.4; driver now supports the Alteon AceNIC 611 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT Gigabit 612 cards. &merged;</para> 613 614 <para>The &man.ti.4; driver correctly masks VLAN tags. &merged;</para> 615 616 <para>The &man.txp.4; driver has been added to support NICs 617 based on the 3Com 3XP Typhoon/Sidewinder (3CR990) chipset. &merged;</para> 618 619 <para>&man.vlan.4; devices are now loadable, unloadable, and 620 clonable. &merged;</para> 621 622 <para>The &man.xl.4; driver now supports the 3Com 3C556 and 3C556B 623 MiniPCI adapters used on some laptops. &merged;</para> 624 625 <para>The &man.xl.4; driver now supports reception of VLAN 626 tagged frames (on the <quote>Cyclone</quote> or newer 627 chipsets). &merged;</para> 628 629 <para>The &man.xl.4; driver now supports send- and receive-side TCP/IP 630 checksum offloading for NICs implementing this feature, such as 631 the 3C905B, 3C905C, and 3C980C. &merged;</para> 632 633 <para>A bug in the &man.xl.4; driver, related to statistics overflow 634 interrupt handling, was causing slowdowns at medium to high 635 packet rates; this has been fixed. &merged;</para> 636 637 <para>The per-interface <varname>ifnet</varname> structure now 638 has the ability to indicate a set of capabilities supported by a 639 network interface, and which ones are enabled. &man.ifconfig.8; 640 has support for querying these capabilities. &merged;</para> 641 642 <para>Performance with hosts having a large number of IP aliases 643 has been improved, by replacing the per-interface 644 <varname>if_inaddr</varname> linear list with a hash table. &merged;</para> 645 646 <para>Network devices now automatically appear as special files in 647 <filename>/dev/net</filename>. Interface hardware ioctls (not 648 protocol or routing) can be performed on these devices. The 649 <varname>SIOCGIFCONF</varname> ioctl may be performed on the 650 special <filename>/dev/network</filename> node.</para> 651 652 <para arch="i386">Selected network drivers now implement a 653 semi-polling mode, which makes systems much more resilient to 654 attacks and overloads. To enable polling, the following options 655 are required in a kernel configuration file: 656 657 <programlisting>options DEVICE_POLLING 658options HZ=1000 # not compulsory but strongly recommended</programlisting> 659 660 The <varname>kern.polling.enable</varname> sysctl variable 661 will then activate polling mode; with the 662 <varname>kern.polling.user_frac</varname> sysctl indicating the 663 percentage of CPU time to be reserved for userland. The devices 664 initially supporting polling are &man.dc.4;, &man.fxp.4;, and 665 &man.sis.4;.</para> 666 667 <para arch="i386">The packet-forwarding performance of certain 668 network drivers (specifically &man.dc.4; and &man.sis.4;) has 669 been enhanced by the elimination of unnecessary buffer 670 copies. &merged;</para> 671 </sect3> 672 673 <sect3> 674 <title>Network Protocols</title> 675 676 <para>&man.accept.filter.9;, a kernel feature to reduce overheads 677 when accepting and reading new connections on listening sockets, 678 has been added. &merged;</para> 679 680 <para>The <literal>proxy</literal> modifier to &man.arp.8;'s 681 <option>-d</option> option has been renamed to 682 <literal>pub</literal>, for consistency with the 683 <option>-s</option> option. The <literal>only</literal> keyword 684 has been added to the <option>-s</option> and 685 <option>-S</option> flags, to be used in creating 686 <quote>proxy-only</quote> published entries.</para> 687 688 <para>&man.bridge.4; and &man.dummynet.4; have received some 689 enhancements and bug fixes, and are now loadable 690 modules. &merged;</para> 691 692 <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP RSTs 693 generated due to packets sent to open and unopen ports are now 694 limited by separate counters. Each rate limiting queue now has 695 its own description.</para> 696 697 <para>ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can 698 now RST TCP connections in the <literal>SYN_SENT</literal> state 699 if the correct sequence numbers are sent back, as controlled by the 700 <varname>net.inet.tcp.icmp_may_rst</varname> 701 sysctl.</para> 702 703 <para>IP multicast now works on VLAN devices. Several other 704 bugs in the VLAN code have also been fixed.</para> 705 706 <para>&man.ipfw.4; now filters correctly in the presence of ECN bits in TCP 707 segments. &merged;</para> 708 709 <para>&man.netgraph.4; has received some updates and bugfixes.</para> 710 711 <para>A new &man.ng.eth.4; netgraph node allows Ethernet type 712 packets to be filtered to different hooks depending on 713 ethertype.</para> 714 715 <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph 716 nodes, for operating on &man.gif.4; devices, have been 717 added.</para> 718 719 <para>The &man.ng.ip.input.4; netgraph node, for queueing IP 720 packets into the main IP input processing code, has been 721 added.</para> 722 723 <para>The &man.ng.mppc.4; and &man.ng.bridge.4; node types have 724 been added to the &man.netgraph.4; subsystem. The &man.ng.ether.4; node 725 is now dynamically loadable. Miscellaneous bug fixes and 726 enhancements have also been made. &merged;</para> 727 728 <para>A new netgraph node type &man.ng.one2many.4; for multiplexing 729 and demultiplexing packets over multiple links has been added. 730 &merged;</para> 731 732 <para>A new sysctl <varname>net.inet.ip.check_interface</varname>, 733 which is on by default, causes IP to verify that an incoming 734 packet arrives on an interface that has an address matching the 735 packet's destination address. &merged;</para> 736 737 <para>A new sysctl 738 <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has 739 been added to control the suppression of logging when ARP replies 740 arrive on the wrong interface. &merged;</para> 741 742 <para>A new <literal>options RANDOM_IP_ID</literal> kernel 743 option causes the ID field of IP packets to be randomized. This 744 closes a minor information leak which allows a remote observer 745 to determine the rate at which the machine is generating 746 packets, since the default behavior is to increment a counter 747 for each packet sent. &merged;</para> 748 749 <para arch="alpha">SLIP has been removed from the 750 <filename>mfsroot</filename> floppy image.</para> 751 752 <para>TCP has received some bug fixes for its delayed ACK 753 behavior. &merged;</para> 754 755 <para>TCP now supports the NewReno modification to the TCP Fast Recovery 756 algorithm. This behavior can be controlled via the 757 <varname>net.inet.tcp.newreno</varname> sysctl variable. &merged;</para> 758 759 <para>TCP now uses a more aggressive timeout for initial SYN segments; this 760 allows initial connection attempts to be dropped much 761 faster. &merged;</para> 762 763 <para>The <literal>TCP_COMPAT_42</literal> kernel option has 764 been removed.</para> 765 766 <para>The <literal>TCP_RESTRICT_RST</literal> kernel option has 767 been removed. Similar functionality can be achieved with the 768 <varname>net.inet.tcp.blackhole</varname> sysctl 769 variable. &merged;</para> 770 771 <para>TCP now has RFC 1323 extensions enabled by default in 772 &man.rc.conf.5;. &merged;</para> 773 774 <para>RFC 1323 and RFC 1644 TCP extensions are now disabled for a 775 connection in progress if no response has been received by the 776 third SYN segment sent. This behavior tries to work around 777 (very old) terminal servers with buggy VJ header compression 778 implementations. &merged;</para> 779 780 <para>The TCP implementation no longer requires the 781 allocation of a TCP template structure for each connection; this 782 should reduce the buffer usage on large systems handling many 783 connections. &merged;</para> 784 785 <para>TCP's default buffer sizes, controlled by the 786 <varname>net.inet.tcp.sendspace</varname> and 787 <varname>net.inet.tcp.recvspace</varname> sysctl variables, have 788 been increased to 32K and 64K respectively. Previously, the 789 default for both buffer sizes was 16K. To try to avoid 790 increasing congestion, the default value for 791 <varname>net.inet.tcp.local_slowstart_flightsize</varname> has 792 been changed from infinity to 4. &merged;</para> 793 794 <para>TCP now supports RFC 1948 (Defending Against Sequence 795 Number Attacks). This functionality is controlled by the 796 <varname>net.inet.tcp.strict_rfc1948</varname> and 797 <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl 798 variables. &merged;</para> 799 800 <para>The TCP implementation in &os; now implements a cache of 801 outstanding, received SYN segments. Incoming SYN segments now 802 cause entries to be placed in the cache until the TCP three-way 803 handshake is complete, at which point, memory is allocated for 804 the connection as usual. In addition, all TCP Initial Sequence 805 Numbers (ISNs) are used as cookies, allowing entries in the 806 cache to be dropped, but still have their corresponding ACKs 807 accepted later. The combination of the so-called 808 <quote>syncache</quote> and <quote>syncookies</quote> features 809 makes a host much more resistant to 810 TCP-based Denial of Service attacks. Work on this feature was 811 sponsored by DARPA and NAI Labs. &merged;</para> 812 813 <para>A bug in the TCP implementation, which could cause 814 connections to stall if a sender saw a zero-sized window, has 815 been corrected. &merged;</para> 816 </sect3> 817 818 <sect3> 819 <title>Disks and Storage</title> 820 821 <para arch="i386">Support for the Adaptec FSA family of PCI-SCSI 822 RAID controllers has been added, in the form of the &man.aac.4; 823 driver. &merged;</para> 824 825 <para arch="i386">The &man.aac.4; driver now supports the Adaptec 826 SCSI RAID 5400S controller. &merged;</para> 827 828 <para arch="i386">The &man.aac.4; driver has been updated to 829 include proper handling of commands initiated by the adapter, 830 addition/removal of disk devices, crashdump functionality, and 831 &man.ioctl.2; command necessary for the management 832 CLI. &merged;</para> 833 834 <para>The &man.ahc.4; driver has received numerous updates, 835 bugfixes, and enhancements. Among various improvements are 836 improved compatibility with chips in <quote>RAID Port</quote> mode 837 and systems with AAA and/or ARO cards installed, as well as 838 performance improvements. Some bugs were also fixed, including a 839 rare hang on Ultra2/U160 controllers. &merged;</para> 840 841 <para arch="i386">The &man.asr.4; driver, which provides support 842 for the Adaptec SCSI RAID controller family, as well as the DPT 843 SmartRAID V and VI families, has been added. &merged;</para> 844 845 <para arch="i386">The &man.asr.4; driver now supports the Adaptec 846 2000S and 2005S Zero-Channel RAID controllers. &merged;</para> 847 848 <para>The &man.ata.4; driver now has support for ATA100 849 controllers. In addition, it now supports the ServerWorks ROSB4 850 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 chipsets, and 851 the Cyrix 5530. &merged;</para> 852 853 <para>To provide more flexible configuration, the various options for the 854 &man.ata.4; driver are now boot loader tunables, rather than kernel 855 configure-time options. &merged;</para> 856 857 <para>The &man.ata.4; driver now has support for tagged queuing, 858 which is enabled by the <varname>hw.ata.tags</varname> loader 859 tunable. &merged;</para> 860 861 <para>The &man.ata.4; driver now has support for ATA 862 <quote>pseudo</quote> RAID controllers as the Promise Fasttrak and 863 HighPoint HPT370 controllers. &merged;</para> 864 865 <para>The &man.ata.4; driver now supports a wider variety of SiS 866 chipsets, as listed in the Hardware Notes. &merged;</para> 867 868 <para>The BurnProof(TM) feature, for applicable ATAPI CD-ROM burners, is now 869 supported. &merged;</para> 870 871 <para>The &man.ata.4; driver now has support for 48-bit 872 addressing. Devices larger than 137GB are now 873 supported. &merged;</para> 874 875 <para>The &man.ata.4; driver now contains fixes for some data 876 corruption problems on systems using the VIA 82C686B Southbridge 877 chip. &merged;</para> 878 879 <para>The CAM error recovery code has been updated.</para> 880 881 <para>The &man.cd.4; driver now has support for write operations. 882 This allows writing to DVD-RAM, PD and similar drives that probe 883 as CD devices. Note that change affects only random-access 884 writeable devices, not sequential-only writeable devices such as 885 CD-R drives, which are supported by &man.cdrecord.1; (a part of 886 <port>sysutils/cdrtools</port> in the Ports Collection. &merged;</para> 887 888 <para arch="i386">The ciss driver, for devices utilizing the Common 889 Interface for SCSI-3 Support, has been added. This driver 890 supports the Compaq SmartRAID 5* family of RAID controllers 891 (5300, 532, 5i). &merged;</para> 892 893 <para>The &man.fdc.4; floppy disk has undergone a number of 894 enhancements. Density selection for common settings is now 895 automatic; the driver is also much more flexible in setting the 896 densities of various subdevices.</para> 897 898 <para>The ida disk driver now has crashdump support. &merged;</para> 899 900 <para arch="alpha">A bug that made certain CDROM drives fail to 901 attach when connected to a SCSI card driven by &man.isp.4; has 902 been fixed. &merged;</para> 903 904 <para>The &man.isp.4; driver is now proactive about discovering 905 Fibre Channel topology changes.</para> 906 907 <para>The &man.isp.4; driver now supports target mode for Qlogic 908 SCSI cards, including Ultra2 and Ultra3 and dual bus cards.</para> 909 910 <para>The &man.isp.4; driver now supports the Qlogic 2300 and 911 2312 Optical Fibre Channel PCI cards. &merged;</para> 912 913 <para>&man.md.4;, the memory disk device, has had the 914 functionality of &man.vn.4; incorporated into it. &man.md.4; 915 devices can now be configured by &man.mdconfig.8;. &man.vn.4; has 916 been removed. The Memory Filesystem (MFS) has also been 917 removed.</para> 918 919 <para arch="i386">The &man.mly.4; driver, for Mylex PCI to SCSI 920 AccelRAID and eXtremeRAID controllers with firmware 6.X and 921 later, has been added. &merged;</para> 922 923 <para arch="i386">The ncv, nsp, and stg drivers have 924 been ported from NetBSD/pc98. They support the NCR 53C50 / 925 Workbit Ninja SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI 926 controllers. All three drivers can be built and loaded as 927 modules. &merged;</para> 928 929 <para>Some problems in &man.sa.4; error handling have been 930 fixed, including the <quote>tape drive spinning indefinitely 931 upon &man.mt.1; <option>stat</option></quote> problem.</para> 932 933 <para arch="i386">The &man.twe.4; 3ware ATA RAID driver has added. &merged;</para> 934 935 <para>The &man.vinum.4; volume manager has received some bug fixes and 936 enhancements.</para> 937 938 <para>The &man.wd.4; compatibility devices were removed from the 939 &man.ata.4; driver. &merged;</para> 940 </sect3> 941 942 <sect3> 943 <title>Filesystems</title> 944 945 <para>Support for named extended attributes was added to the &os; 946 kernel. This allows the kernel, and appropriately privileged 947 userland processes, to tag files and directories with attribute 948 data. Extended attributes were added to support the TrustedBSD 949 Project, in particular ACLs, capability data, and mandatory access 950 control labels (see 951 <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for 952 details).</para> 953 954 <para>Due to a licensing change, softupdates have been integrated 955 into the main portion of the kernel source tree. As a 956 consequence, softupdates are now available with the 957 <filename>GENERIC</filename> kernel. &merged;</para> 958 959 <para>A filesystem snapshot capability has been added to FFS. 960 Details can be found in 961 <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> 962 963 <para>Softupdates for FFS have received some bug fixes and 964 enhancements.</para> 965 966 <para>When running with softupdates, &man.statfs.2; and 967 &man.df.1; will track the number of blocks and files that are 968 committed to being freed.</para> 969 970 <para>A bug in FFS that could cause superblock corruption on very large 971 filesystems has been corrected. &merged;</para> 972 973 <para>The Inode Filesystem (IFS) has been added; more information 974 can be found in 975 <filename>/usr/src/sys/ufs/ifs/README</filename>.</para> 976 977 <para>The ISO-9660 filesystem now has a hook that supports a loadable 978 character conversion routine. The 979 <port>sysutils/cd9660_unicode</port> port 980 contains a set of common conversions.</para> 981 982 <para>&man.kernfs.5; is obsolete and has been retired.</para> 983 984 <para>A bug in the NFS client that caused bogus access times with 985 <literal>O_EXCL|O_CREAT</literal> opens was fixed. &merged;</para> 986 987 <para>A new NFS hash function (based on the Fowler/Noll/Vo hash 988 algorithm) has been implemented to improve NFS performance by 989 increasing the efficiency of the <varname>nfsnode</varname> hash 990 tables. &merged;</para> 991 992 <para>Client-side NFS locks have been implemented.</para> 993 994 <para>The client-side and server-side of the NFS code in the 995 kernel used to be intertwined in various complex ways. They 996 have been split apart for ease of maintenance and further 997 development.</para> 998 999 <para>Support for file system Access Control Lists (ACLs) has been 1000 introduced, allowing more fine-grained control of discretionary 1001 access control on files and directories. This support was 1002 integrated from the TrustedBSD Project. More details can be found in 1003 <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para> 1004 1005 <para>The directory layout preference algorithm for FFS 1006 (<literal>dirprefs</literal>) has been changed. Rather than 1007 scattering directory blocks across a disk, it attempts to group 1008 related directory blocks together. Operations traversing large 1009 directory hierarchies, such as the &os; Ports tree, have shown 1010 marked speedups. This change is transparent and automatic for 1011 new directories. &merged;</para> 1012 1013 <para arch="i386">smbfs (CIFS) support in kernel has been added. 1014 The userland programs &man.smbutil.1; and &man.mount.smbfs.8; 1015 can be used to work with SMB shares. Note that 1016 &man.mount.smbfs.8; will automatically load the <filename>smbfs.ko</filename> 1017 module into the kernel, even if <literal>LIBMCHAIN</literal> and 1018 <literal>LIBICONV</literal> were not compiled into the kernel. 1019 &merged;</para> 1020 1021 <para>For consistency, the fdesc, fifo, null, msdos, portal, 1022 umap, and union filesystems have been renamed to fdescfs, 1023 fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where 1024 applicable, modules and mount_* programs have been 1025 renamed. Compatibility <quote>glue</quote> has been added to 1026 &man.mount.8; so that <literal>msdos</literal> filesystem 1027 entries in &man.fstab.5; will work without changes.</para> 1028 1029 <para>pseudofs, a pseudo-filesystem framework, has been added. 1030 &man.linprocfs.5; and &man.procfs.5; have been modified to use pseudofs.</para> 1031 1032 <para>A simple hash-based lookup optimization for large directories 1033 called <literal>dirhash</literal> has been added. Conditional on the 1034 <literal>UFS_DIRHASH</literal> kernel option (enabled by default 1035 in the <filename>GENERIC</filename> kernel), it improves the speed 1036 of operations on very large directories at the expense of some 1037 memory. &merged;</para> 1038 1039 <para>The virtual memory subsystem now backs UFS directory 1040 memory requirements by default (this behavior is controlled via 1041 the <varname>vfs.vmiodirenable</varname> sysctl variable). &merged;</para> 1042 1043 <para>A bug that prevented the root filesystem from being 1044 mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were 1045 always supported). &merged;</para> 1046 1047 <para>A number of bugs in the filesystem code, discovered 1048 through the use of the <application>fsx</application> filesystem test tool, have been fixed. 1049 Under certain circumstances (primarily related to use of NFS), 1050 these bugs could cause data corruption or kernel panics. &merged;</para> 1051 1052 <para>Network filesystems (such as NFS and smbfs filesystems) 1053 listed in <filename>/etc/fstab</filename> can now be properly 1054 mounted during startup initialization; their mounts are deferred 1055 until after the network is initialized.</para> 1056 </sect3> 1057 1058 <sect3> 1059 <title>PCCARD Support</title> 1060 1061 <para arch="i386">The pccard driver and &man.pccardc.8; now support multiple 1062 <quote>beep types</quote> upon card insertion and removal. &merged;</para> 1063 1064 <para>On many modern hosts, PCCARD devices can be configured to 1065 route their interrupts via either the ISA or PCI interrupt paths. 1066 The &man.pcic.4; driver has been updated to support both interrupt 1067 paths (formerly, only routing via ISA was supported). &merged; In most 1068 cases, configuration of PCMCIA devices in laptops is simpler and 1069 more flexible. In addition, various Cardbus bridge PCI cards 1070 (such as those used by Orinoco PCI NICs) are now supported. Some 1071 hosts may experience problems, such as hangs or panics, with PCI 1072 interrupt routing; they can frequently be made to work by forcing 1073 the older-style ISA interrupt routing. The following lines, 1074 placed in <filename>/boot/loader.conf</filename>, may fix the 1075 problem:</para> 1076 1077 <programlisting>hw.pcic.intr_path="1" 1078 hw.pcic.irq="0"</programlisting> 1079 1080 <para>When installing &os; on such a system, typing the following 1081 lines to the boot loader may be helpful in starting up &os; for 1082 the first time:<para> 1083 1084 <screen><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput> 1085<prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen> 1086 1087 <para arch="i386">Preliminary Cardbus support under NEWCARD has been added. 1088 This code supports the TI113X, TI12XX, TI125X, Ricoh 5C46/5C47, Topic 1089 95/97/100 and Cirrus Logic PD683X bridges. 16-bit PC Card support 1090 is not yet functional.</para> 1091 </sect3> 1092 1093 <sect3> 1094 <title>Multimedia Support</title> 1095 1096 <para arch="i386">The &man.pcm.4; driver now supports the ESS Solo 1, 1097 Maestro-1, Maestro-2, and Maestro-2e; Forte Media fm801, ESS 1098 Maestro-2e, and VIA Technologies VT82C686A sound card/chipsets, 1099 and has received some other updates. 1100 Separate drivers for the SoundBlaster 8 and SoundBlaster 16 now 1101 replace an older, unified driver. A driver for the CMedia 1102 CMI8338/CMI8738 sound chips has been added. A driver for the 1103 CS4281 sound chip has been added. A driver for the S3 1104 SonicVibes chipset has been added. &merged;</para> 1105 1106 <para arch="i386">A driver for the Avance Logic ALS4000 has 1107 been added. &merged;</para> 1108 1109 <para arch="i386">A driver for the 1110 ESS Maestro-3/Allegro has been added, however due to licensing 1111 restrictions, it cannot be compiled into the kernel. &merged; To 1112 use this driver, add the following line to 1113 <filename>/boot/loader.conf</filename>:</para> 1114 1115 <programlisting>snd_maestro3_load="YES"</programlisting> 1116 1117 <para>The &man.bktr.4; driver has been updated to 2.18. This 1118 update provides a number of new features. New tuner 1119 types have been added, and improvements to the KLD module and to 1120 memory allocation have been made. Bugs in &man.devfs.5; when 1121 unloading and reloading have been fixed. 1122 Support for new Hauppauge Model 44xxx WinTV Cards (the ones with 1123 no audio mux) has been added.</para> 1124 1125 <para>When sound modules are built, one can now load all the 1126 drivers and infrastructure by <command>kldload 1127 snd</command>.</para> 1128 1129 <para>A new API has been added for sound cards with hardware 1130 volume control.</para> 1131 1132 <para arch="i386">A driver for the Intel 443MX, 810, 815, and 815E 1133 integrated sound devices has been added.</para> 1134 1135 </sect3> 1136 1137 <sect3> 1138 <title>Contributed Software</title> 1139 1140 <para>The Forth Inspired Command Language 1141 (<application>FICL</application>) used in the boot loader has 1142 been updated to 2.05.</para> 1143 1144 <para>Support for Advanced Configuration and Power Interface 1145 (ACPI), a multi-vendor standard for configuration and power 1146 management, has been added. This functionality has been 1147 provided by the <application>Intel ACPI Component 1148 Architecture</application> project, updated to the ACPI CA 1149 20011120 snapshot. Some backward compatability for 1150 applications using the older APM standard has been provided.</para> 1151 1152 <sect4> 1153 <title>IPFilter</title> 1154 1155 <para><application>IPFilter</application> has been updated to 1156 3.4.20. &merged;</para> 1157 1158 <para><application>IPFilter</application> now supports 1159 IPv6. &merged;</para> 1160 1161 </sect4> 1162 1163 <sect4 arch="i386"> 1164 <title>isdn4bsd</title> 1165 1166 <para><application>isdn4bsd</application> has been updated to 1167 version 1.0.1. As a result of this update, users of the 1168 &man.i4bisppp.4; (kernel PPP over ISDN) driver 1169 <emphasis>must</emphasis> now use &man.ispppcontrol.8; instead 1170 of &man.spppcontrol.8; to configure and control these 1171 network interfaces. &merged;</para> 1172 1173 <para>The &man.ifpi.4; driver for supporting the AVM 1174 Fritz!Card PCI version 2 controller has been added.</para> 1175 1176 <para>The &man.ihfc.4; driver for supporting Cologne Chip 1177 Designs HFC devices under <application>isdn4bsd</application> 1178 has been added. &merged;</para> 1179 1180 <para>The &man.itjc.4; driver for supporting NETjet-S / Teles 1181 PCI-TJ devices under <application>isdn4bsd</application> has 1182 been added. &merged;</para> 1183 1184 <para>Experimental support for the Eicon.Diehl DIVA 2.0 and 1185 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; 1186 <application>isdn4bsd</application> driver. &merged;</para> 1187 1188 <para>The &man.isic.4; driver now supports the Compaq Microcom 1189 610 ISDN ISA PnP card. &merged;</para> 1190 1191 <para>Active CAPI-based ISDN cards manufactured by AVM are now 1192 supported using the &man.i4bcapi.4; and the &man.iavc.4; driver. The 1193 supported cards are the AVM B1 PCI and AVM B1 ISA Basic Rate 1194 cards and the AVM T1 Primary Rate cards. &merged;</para> 1195 1196 <para>A new <literal>maxconnecttime</literal> keyword is now 1197 accepted in &man.isdnd.rc.5; files to limit the time a 1198 connection may remain open. &merged;</para> 1199 1200 <para>&man.isdnphone.8; now supports a <option>-k</option> option for 1201 sending messages via the keypad facility to a PBX or exchange 1202 office. &merged;</para> 1203 </sect4> 1204 1205 <sect4 id="kame-kernel"> 1206 <title>KAME</title> 1207 1208 <para>The IPv6 stack is now based on a snapshot based on the KAME 1209 Project's IPv6 snapshot as of 28 May, 2001. Most of the 1210 items listed in this section are a result of this import. 1211 <xref linkend="kame-userland"> lists userland updates to the 1212 KAME IPv6 stack. &merged;</para> 1213 1214 <para>&man.gif.4; is now based on RFC 2893, rather than RFC 1215 1933. The <literal>IFF_LINK2</literal> interface flag can 1216 be used to control ingress filtering. &merged;</para> 1217 1218 <para><application>IPSec</application> has received some 1219 enhancements, including the ability to use the Rijndael and 1220 SHA2 algorithms. IPSec RC5 support has been removed due to 1221 patent issues. &merged;</para> 1222 1223 <para>&man.stf.4; now conforms to RFC 3056; the 1224 <literal>IFF_LINK2</literal> interface flag can be used to 1225 control ingress filtering. &merged;</para> 1226 1227 <para>IPv6 has better checking of illegal addresses (such as 1228 loopback addresses) on physical networks. &merged;</para> 1229 1230 <para>The <varname>IPV6_V6ONLY</varname> socket option is 1231 now completely supported. The kernel's default behavior 1232 with respect to this option is controlled by the 1233 <varname>net.inet6.ip6.v6only</varname> sysctl 1234 variable. &merged;</para> 1235 1236 <para>RFC 3041 (Privacy Extensions for Stateless Address 1237 Autoconfiguration) is now supported. It can be enabled via 1238 the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl 1239 variable. &merged;</para> 1240 </sect4> 1241 </sect3> 1242 </sect2> 1243 <sect2 id="security"> 1244 <title>Security-Related Changes</title> 1245 1246 <para>&man.sysinstall.8; now allows the user to select one of two 1247 <quote>security profiles</quote> at install-time. These profiles enable 1248 different levels of system security by enabling or disabling 1249 various system services in &man.rc.conf.5; on new 1250 installs. &merged;</para> 1251 1252 <para>A bug in which malformed ELF executable images can hang the 1253 system has been fixed (see security advisory 1254 FreeBSD-SA-00:41). &merged;</para> 1255 1256 <para>A security hole in Linux emulation was fixed (see security 1257 advisory FreeBSD-SA-00:42). &merged;</para> 1258 1259 <para>String-handling library calls in many programs were fixed to 1260 reduce the possibility of buffer overflow-related exploits. 1261 &merged;</para> 1262 1263 <para>TCP now uses stronger randomness in choosing its initial sequence 1264 numbers (see security advisory FreeBSD-SA-00:52). &merged;</para> 1265 1266 <para>Several buffer overflows in &man.tcpdump.1; were corrected 1267 (see security advisory FreeBSD-SA-00:61). &merged;</para> 1268 1269 <para>A security hole in &man.top.1; was corrected (see security advisory 1270 FreeBSD-SA-00:62). &merged;</para> 1271 1272 <para>A potential security hole caused by an off-by-one-error in 1273 &man.gethostbyname.3; has been fixed (see security advisory 1274 FreeBSD-SA-00:63). &merged;</para> 1275 1276 <para>A potential buffer overflow in the &man.ncurses.3; library, 1277 which could cause arbitrary code to be run from within 1278 &man.systat.1;, has been corrected (see security advisory 1279 FreeBSD-SA-00:68). &merged;</para> 1280 1281 <para>A vulnerability in &man.telnetd.8; that could cause it to 1282 consume large amounts of server resources has been fixed (see 1283 security advisory FreeBSD-SA-00:69). &merged;</para> 1284 1285 <para>The <literal>nat deny_incoming</literal> command in 1286 &man.ppp.8; now works correctly (see security advisory 1287 FreeBSD-SA-00:70). &merged;</para> 1288 1289 <para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files 1290 that could allow overwriting of arbitrary user-writable files has 1291 been closed (see security advisory FreeBSD-SA-00:76). &merged;</para> 1292 1293 <para>The &man.ssh.1; binary is no longer SUID root by 1294 default. &merged;</para> 1295 1296 <para>Some fixes were applied to the Kerberos 1297 IV implementation related to environment variables, a 1298 possible buffer overrun, and overwriting ticket files. &merged;</para> 1299 1300 <para>&man.telnet.1; now does a better job of sanitizing its 1301 environment. &merged;</para> 1302 1303 <para>Several vulnerabilities in &man.procfs.5; were fixed (see 1304 security advisory FreeBSD-SA-00:77). &merged;</para> 1305 1306 <para>A bug in <application>OpenSSH</application> in which a 1307 server was unable to disable &man.ssh-agent.1; or 1308 <literal>X11Forwarding</literal> was fixed (see security advisory 1309 FreeBSD-SA-01:01). &merged;</para> 1310 1311 <para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP 1312 segments could incorrectly be treated as being part of an 1313 <literal>established</literal> connection has been fixed (see 1314 security advisory FreeBSD-SA-01:08). &merged;</para> 1315 1316 <para>A bug in &man.crontab.1; that could allow users to read any 1317 file on the system in valid &man.crontab.5; syntax has been fixed 1318 (see security advisory FreeBSD-SA-01:09). &merged;</para> 1319 1320 <para>A vulnerability in &man.inetd.8; that could allow 1321 read-access to the initial 16 bytes of 1322 <groupname>wheel</groupname>-accessible files has been fixed (see security 1323 advisory FreeBSD-SA-01:11). &merged;</para> 1324 1325 <para>A bug in &man.periodic.8; that used insecure temporary files has been 1326 corrected (see security advisory FreeBSD-SA-01:12). &merged;</para> 1327 1328 <para>A bug in &man.sort.1; in which an attacker might be able to 1329 cause it to abort processing has been fixed (see security advisory 1330 FreeBSD-SA-01:13). &merged;</para> 1331 1332 <para><application>OpenSSH</application> now has code to prevent 1333 (instead of just mitigating through connection limits) an attack 1334 that can lead to guessing the server key (not host key) by 1335 regenerating the server key when an RSA failure is detected (see 1336 security advisory FreeBSD-SA-01:24). &merged;</para> 1337 1338 <para>A number of programs have had output formatting strings 1339 corrected so as to reduce the risk of vulnerabilities. &merged;</para> 1340 1341 <para>A number of programs that use temporary files now do so more 1342 securely. &merged;</para> 1343 1344 <para>A bug in ICMP that could cause an attacker to disrupt TCP and UDP 1345 <quote>sessions</quote> has been corrected. &merged;</para> 1346 1347 <para>A bug in &man.timed.8;, which caused it to crash if send 1348 certain malformed packets, has been corrected (see security 1349 advisory FreeBSD-SA-01:28). &merged;</para> 1350 1351 <para>A bug in &man.rwhod.8;, which caused it to crash if send 1352 certain malformed packets, has been corrected (see security 1353 advisory FreeBSD-SA-01:29). &merged;</para> 1354 1355 <para>A security hole in &os;'s FFS and EXT2FS implementations, 1356 which allowed a race condition that could cause users to have 1357 unauthorized access to data, has been fixed (see security advisory 1358 FreeBSD-SA-01:30). &merged;</para> 1359 1360 <para>A remotely-exploitable vulnerability in &man.ntpd.8; has 1361 been closed (see security advisory FreeBSD-SA-01:31). &merged;</para> 1362 1363 <para>A security hole in <application>IPFilter</application>'s 1364 fragment cache has been closed (see 1365 security advisory FreeBSD-SA-01:32). &merged;</para> 1366 1367 <para>Buffer overflows in &man.glob.3;, which could cause 1368 arbitrary code to be run on an FTP server, have been closed. In 1369 addition, to prevent some forms of DOS attacks, &man.glob.3; 1370 allows specification of a limit on the number of pathname matches 1371 it will return. &man.ftpd.8; now uses this feature (see security 1372 advisory FreeBSD-SA-01:33). &merged;</para> 1373 1374 <para>Initial sequence numbers in TCP are more thoroughly 1375 randomized (see security advisory FreeBSD-SA-01:39). Due to some 1376 possible compatibility issues, the behavior of this security fix 1377 can be enabled or disabled via the 1378 <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl 1379 variable.&merged;</para> 1380 1381 <para>A vulnerability in the &man.fts.3; routines (used by 1382 applications for recursively traversing a filesystem) could 1383 allow a program to operate on files outside the intended directory 1384 hierarchy. This bug has been fixed (see security advisory 1385 FreeBSD-SA-01:40). &merged;</para> 1386 1387 <para>&os;'s TCP implementation has been made more resistant to 1388 SYN floods, by eliminating the RST segment normally sent when 1389 removing a connection from the listen queue.</para> 1390 1391 <para><application>OpenSSH</application> now switches to the 1392 user's UID before attempting to unlink the authentication 1393 forwarding file, nullifying the effects of a race.</para> 1394 1395 <para>A flaw allowed some signal handlers to remain in effect in a 1396 child process after being exec-ed from its parent. This allowed 1397 an attacker to execute arbitrary code in the context of a setuid 1398 binary. This flaw has been corrected (see security advisory 1399 FreeBSD-SA-01:42). &merged;</para> 1400 1401 <para>A remote buffer overflow in &man.tcpdump.1; has been fixed 1402 (see security advisory FreeBSD-SA-01:48). &merged;</para> 1403 1404 <para>A remote buffer overflow in &man.telnetd.8; has been 1405 fixed (see security advisory FreeBSD-SA-01:49). &merged;</para> 1406 1407 <para>The new <varname>net.inet.ip.maxfragpackets</varname> 1408 and <varname>net.inet.ip6.maxfragpackets</varname> sysctl 1409 variables limit the amount of memory that can be consumed by IPv4 1410 and IPv6 packet fragments, which defends against some denial of service 1411 attacks (see security advisory FreeBSD-SA-01:52). &merged;</para> 1412 1413 <para>All services in <filename>inetd.conf</filename> are now 1414 disabled by default for new installations. &man.sysinstall.8; 1415 gives the option of enabling or disabling &man.inetd.8; on new 1416 installations, as well as editing 1417 <filename>inetd.conf</filename>. &merged;</para> 1418 1419 <para>A flaw in the implementation of the &man.ipfw.8; 1420 <literal>me</literal> rules on point-to-point links has been 1421 corrected. Formerly, <literal>me</literal> filter rules would 1422 match the remote IP address of a point-to-point interface in 1423 addition to the intended local IP address (see security advisory 1424 FreeBSD-SA-01:53). &merged;</para> 1425 1426 <para>A vulnerability in &man.procfs.5;, which could allow a 1427 process to read sensitive information from another process's 1428 memory space, has been closed (see security advisory 1429 FreeBSD-SA-01:55). &merged;</para> 1430 1431 <para>The <literal>PARANOID</literal> hostname checking in 1432 <application>tcp_wrappers</application> now works as advertised 1433 (see security advisory FreeBSD-SA-01:56). &merged;</para> 1434 1435 <para>A local root exploit in &man.sendmail.8; has been closed 1436 (see security advisory FreeBSD-SA-01:57). &merged;</para> 1437 1438 <para>A remote root vulnerability in &man.lpd.8; has been closed 1439 (see security advisory FreeBSD-SA-01:58). &merged;</para> 1440 1441 <para>A race condition in &man.rmuser.8; that briefly exposed a 1442 world-readable <filename>/etc/master.passwd</filename> has been 1443 fixed (see security advisory FreeBSD-SA-01:59). &merged;</para> 1444 1445 <para>A vulnerability in <application>UUCP</application> has been 1446 closed (see security advisory FreeBSD-SA-01:62). 1447 All non-<username>root</username>-owned binaries in standard 1448 system paths now have the <literal>schg</literal> flag set to 1449 prevent exploit vectors when run by &man.cron.8;, by 1450 <username>root</username>, or by a user other then the one owning 1451 the binary. In addition, &man.uustat.1; is now run via 1452 <filename>/etc/periodic/daily/410.status-uucp</filename> as 1453 <username>uucp</username>, not <username>root</username>. 1454 In &os; -CURRENT, <application>UUCP</application> has since been moved 1455 to the Ports Collection and no longer a part of the base 1456 system. &merged;</para> 1457 1458 <para>A security hole in the form of a buffer overflow in the 1459 &man.semop.2; system call has been closed. &merged;</para> 1460 1461 <para>A security hole in <application>OpenSSH</application>, 1462 which could allow users to execute code with arbitrary privileges 1463 if <literal>UseLogin yes</literal> was set, has been 1464 closed. Note that the default value of this setting is 1465 <literal>UseLogin no</literal>. (See security advisory 1466 FreeBSD-SA-01:63.) &merged;</para> 1467 1468 <para>The use of an insecure temporary directory by 1469 &man.pkg.add.1; could permit a local attacker to modify the 1470 contents of binary packages while they were being installed. 1471 This hole has been closed. (See security advisory 1472 FreeBSD-SA-02:01.) &merged;</para> 1473 1474 <para>A race condition in &man.pw.8;, which could expose the 1475 contents of <filename>/etc/master.passwd</filename>, has been 1476 eliminated. (See security advisory FreeBSD-SA-02:02.) &merged;</para> 1477 </sect2> 1478 <sect2 id="userland"> 1479 <title>Userland Changes</title> 1480 1481 <para>If the first argument to &man.ancontrol.8; or 1482 &man.wicontrol.8; doesn't start with a <literal>-</literal>, it is 1483 assumed to be an interface.</para> 1484 1485 <para>&man.apmd.8; now has the ability to monitor battery levels and 1486 execute commands based on percentage or minutes of battery life 1487 remaining via the <literal>apm_battery</literal> configuration 1488 directive. See the commented-out examples in 1489 <filename>/etc/apmd.conf</filename> for the syntax. &merged;</para> 1490 1491 <para>&man.arp.8; now prints the applicable interface name for 1492 each ARP entry. &merged</para> 1493 1494 <para>&man.arp.8; now prints <literal>[fddi]</literal> or 1495 <literal>[atm]</literal> tags for addresses on interfaces of those 1496 types.</para> 1497 1498 <para>&man.atacontrol.8; has been added to control various aspects 1499 of the &man.ata.4; driver.</para> 1500 1501 <para arch="i386">&man.boot98cfg.8;, a PC-98 boot manager installation and 1502 configuration utility, has been added. &merged;</para> 1503 1504 <para>&man.burncd.8; now supports a <option>-m</option> option for 1505 multisession mode (the default behavior now is to close disks as 1506 single-session). A <option>-l</option> option to take a list of 1507 image files from a filename was also added; <filename>-</filename> 1508 can be used as a filename for <literal>stdin</literal>. &merged;</para> 1509 1510 <para>&man.burncd.8; now supports Disk At Once (DAO) mode, 1511 selectable via the <option>-d</option> flag.</para> 1512 1513 <para>&man.burncd.8; now has the ability to write VCDs/SVCDs.</para> 1514 1515 <para>&man.c89.1; has been converted from a shell script to a 1516 binary executable, fixing some minor bugs. &merged;</para> 1517 1518 <para>&man.cat.1; now has the ability to read from UNIX-domain 1519 sockets. &merged;</para> 1520 1521 <para>&man.cdcontrol.1; now supports a <literal>cdid</literal> 1522 command, which calculates and displays the CD serial number, using 1523 the same algorithm used by the CDDB database. &merged;</para> 1524 1525 <para>&man.cdcontrol.1; now uses the <envar>CDROM</envar> 1526 environment variable to pick a default device. &merged;</para> 1527 1528 <para>&man.cdcontrol.1; now supports <literal>next</literal> and 1529 <literal>prev</literal> commands to skip forwards or backwards a 1530 specified number of tracks while playing an audio CD. &merged;</para> 1531 1532 <para>&man.chflags.1; has moved from <filename>/usr/bin</filename> 1533 to <filename>/bin</filename>.</para> 1534 1535 <para>&man.chio.1; now has the ability to specify elements by 1536 volume tag instead of by their physical location as well as the 1537 ability to return an element to its previous location. &merged;</para> 1538 1539 <para>&man.chmod.1; now supports a <option>-h</option> for 1540 changing the mode of a symbolic link.</para> 1541 1542 <para>&man.chown.8; now correctly follows symbolic links named as 1543 command line arguments if run without <option>-R</option>.</para> 1544 1545 <para>&man.chown.8; no longer takes <literal>.</literal> as a 1546 user/group delimeter. This change was made to support usernames 1547 containing a <literal>.</literal>.</para> 1548 1549 <para>Use of the <literal>CSMG_*</literal> macros no longer 1550 require inclusion of 1551 <filename><sys/param.h></filename></para> 1552 1553 <para>&man.col.1; now takes a <option>-p</option> flag to force unknown 1554 control sequences to be passed through unchanged. &merged;</para> 1555 1556 <para>The 1557 <filename>compat3x</filename> distribution has been updated to 1558 include libraries present in &os; 3.5.1-RELEASE. &merged;</para> 1559 1560 <para>A <filename>compat4x</filename> distribution has been added 1561 for compatibility with &os; 4-STABLE.</para> 1562 1563 <para>&man.config.8; is now better about converting various 1564 warnings that should 1565 have been errors into actual fatal errors with an exit code. This 1566 ensures that <literal>make buildkernel</literal> 1567 doesn't quietly ignore them and 1568 build a bogus kernel without a human to read the errors. &merged;</para> 1569 1570 <para>A number of buffer overflows in &man.config.8; have been 1571 fixed. &merged;</para> 1572 1573 <para>The &man.daemon.8; program, a command-line interface to 1574 &man.daemon.3;, has been added. It detaches itself from its 1575 controlling terminal and executes a program specified on the command 1576 line. This allows the user to run an arbitrary program as if it were 1577 written to be a daemon.</para> 1578 1579 <para>devinfo, a simple tool to print the device tree and resource usage by 1580 devices, has been added.</para> 1581 1582 <para>&man.df.1; now takes a <option>-l</option> option to only 1583 display information about locally-mounted filesystems. &merged;</para> 1584 1585 <para>&man.disklabel.8; now supports partition sizes expressed in 1586 kilobytes, megabytes, or gigabytes, in addition to sectors. &merged;</para> 1587 1588 <para>&man.dmesg.8; now has a <option>-a</option> option to show 1589 the entire message buffer, including &man.syslogd.8; records and 1590 <filename>/dev/console</filename> output. &merged;</para> 1591 1592 <para>&man.du.1; now takes a <option>-I</option> command-line flag 1593 to ignore/skip files and subdirectories matching a specified 1594 shell-glob mask. &merged;</para> 1595 1596 <para>&man.dump.8; now supports inheritance of the 1597 <literal>nodump</literal> flag down a hierarchy. &merged;</para> 1598 1599 <para>The <option>-T</option> option to &man.dump.8; no longer swallows 1600 an extra argument. &merged;</para> 1601 1602 <para>&man.dump.8; has a new <option>-D</option> option, allowing 1603 the path to the <filename>/etc/dumpdates</filename> file to be 1604 changed. &merged;</para> 1605 1606 <para>&man.edquota.8; now takes a <option>-f</option> option to 1607 allow limiting the prototype quota distribution (specified with 1608 <option>-p</option>) to a single filesystem. &merged;</para> 1609 1610 <para>&man.fbtab.5; now accepts glob matching patterns for target 1611 devices, not just individual devices and directories.</para> 1612 1613 <para arch="i386">&man.fdisk.8; no longer attempts to search for 1614 a device if none has been specified on the command line, but 1615 instead tries to figure out the default device name from the 1616 root device.</para> 1617 1618 <para>&man.fdread.1;, a program to read data from floppy disks, 1619 has been added. It is a counterpart to &man.fdwrite.1; and is 1620 designed to provide a means of recovering at least some data from 1621 bad media, and to obviate for a complex invocation of 1622 &man.dd.1;.</para> 1623 1624 <para>&man.find.1; now takes the <option>-empty</option> flag, 1625 which returns true if a file or directory is empty. &merged;</para> 1626 1627 <para>&man.find.1; now takes the <option>-iname</option> and 1628 <option>-ipath</option> primaries for case-insensitive matches, 1629 and the <option>-regexp</option> and <option>-iregexp</option> 1630 primaries for regular-expression matches. The <option>-E</option> 1631 flag now enables extended regular expressions. &merged;</para> 1632 1633 <para>&man.find.1; now has the <option>-anewer</option>, 1634 <option>-cnewer</option>, <option>-mnewer</option>, 1635 <option>-okdir</option>, and <option>-newer[acm][acmt]</option> 1636 primaries for comparisons of file timestamps. The latter 1637 primaries can be specified with various units of time. &merged;</para> 1638 1639 <para>&man.finger.1; now has the ability to support fingering 1640 aliases, via the &man.finger.conf.5; file. &merged;</para> 1641 1642 <para>&man.finger.1; now has support for a 1643 <filename>.pubkey</filename> file.</para> 1644 1645 <para>&man.fmt.1; has been rewritten; the rewrite fixes a number 1646 of bugs compared to its prior behavior. &merged;</para> 1647 1648 <para>&man.fmtcheck.3;, a function for checking consistency of 1649 format string arguments, has been added. &merged;</para> 1650 1651 <para>&man.fsck.8; wrappers have been imported; this feature 1652 provides infrastructure for &man.fsck.8; to work on different 1653 types of filesystems (analogous to &man.mount.8;).</para> 1654 1655 <para>The behavior of &man.fsck.8; when dealing with various 1656 passes (a la <filename>/etc/fstab</filename>) has been modified to 1657 accommodate multiple-disk filesystems.</para> 1658 1659 <para>&man.fsck.8; now has support for foreground 1660 (<option>-F</option>) and background (<option>-B</option>) checks. 1661 Traditionally, &man.fsck.8; is invoked before the filesystems are 1662 mounted and all checks are done to completion at that time. If 1663 background checking is available, &man.fsck.8; is invoked twice. 1664 It is first invoked at the traditional time, before the 1665 filesystems are mounted, with the <option>-F</option> flag to do 1666 checking on all the filesystems that cannot do background 1667 checking. It is then invoked a second time, after the system has 1668 completed going multiuser, with the <option>-B</option> flag to do 1669 checking on all the filesystems that can do background checking. 1670 Unlike the foreground checking, the background checking is started 1671 asynchronously so that other system activity can proceed even on 1672 the filesystems that are being checked. Boot-time enabling of 1673 this feature is controlled by the 1674 <varname>background_fsck</varname> option in &man.rc.conf.5;.</para> 1675 1676 <para>Shortly after the receipt of a <literal>SIGINFO</literal> 1677 signal (normally control-T from the controlling tty), &man.fsck.ffs.8; 1678 will now output a line indicating the current phase number and 1679 progress information relevant to the current phase. &merged;</para> 1680 1681 <para>&man.fsck.ffs.8; now supports background filesystem checks 1682 to mounted FFS filesystems with the <option>-B</option> option 1683 (softupdates must be enabled on these filesystems). The 1684 <option>-F</option> flag now determines whether a specified 1685 filesystem needs foreground checking.</para> 1686 1687 <para>A new &man.fsck.msdosfs.8; utility has been added to check 1688 the consistency of MS-DOS filesystems. &merged;</para> 1689 1690 <para>&man.ftpd.8; now supports a <option>-r</option> flag for 1691 read-only mode and a <option>-E</option> flag to disable 1692 <literal>EPSV</literal>. It also has some fixes to reduce 1693 information leakage and the ability to specify compile-time port 1694 ranges. &merged;</para> 1695 1696 <para>&man.ftpd.8; now supports <option>-o</option> and 1697 <option>-O</option> options to disable the <literal>RETR</literal> 1698 command; the former for everybody, and the latter only for guest users. 1699 Coupled with <option>-A</option> and appropriate file permissions, 1700 these can be used to create a relatively safe anonymous FTP drop box 1701 for others to upload to.</para> 1702 1703 <para arch="i386">&man.gdb.1; now supports hardware watchpoints (using the 1704 kernel's debug register + support that has been introduced in 1705 &os; 4.0). &merged;</para> 1706 1707 <para>The &man.getprogname.3; and &man.setprogname.3; library 1708 functions have been added to manipulate the name of the current 1709 program. They are used by error-reporting routines to produce 1710 consistent output. &merged;</para> 1711 1712 <para>&man.gprof.1; now has a <option>-K</option> option to enable 1713 dynamic symbol resolution from the currently-running kernel. With 1714 this change, properly-compiled KLD modules are now able to be 1715 profiled.</para> 1716 1717 <para>&man.growfs.8;, a utility for growing FFS filesystems, has 1718 been added. &man.ffsinfo.8;, a utility for dump all the 1719 meta-information of an existing filesystem, has also been 1720 added. &merged;</para> 1721 1722 <para>The &man.groups.1; and &man.whoami.1; shell scripts are now 1723 unnecessary; their functionality has been completely folded into 1724 &man.id.1;. &merged;</para> 1725 1726 <para>The &man.ibcs2.8;, &man.linux.8;, &man.osf1.8;, and &man.svr4.8; 1727 scripts, whose sole purpose was to load emulation 1728 kernel modules, have been removed. The kernel module system will 1729 automatically load them as needed to fulfill dependencies.</para> 1730 1731 <para>&man.indent.1; has gained some new formatting 1732 options. &merged;</para> 1733 1734 <para>&man.ifconfig.8; command can set the link-layer address 1735 of an interface using the <option>lladdr</option> parameter. 1736 &merged;</para> 1737 1738 <para>&man.ifconfig.8; can now accept addresses in slash/CIDR 1739 notation. &merged;</para> 1740 1741 <para>&man.ifconfig.8; now has support for setting parameters for 1742 IEEE 802.11 wireless network devices. &man.wi.4; and 1743 &man.an.4; devices are supported, and partial support is provided 1744 for &man.awi.4; devices. &merged;</para> 1745 1746 <para>&man.ifconfig.8; no longer displays the list of supported 1747 media by default. Instead it displays it when the 1748 <option>-m</option> flag is given. &merged;</para> 1749 1750 <para>The syntax of &man.inetd.8;'s support for &man.faithd.8; is 1751 now compatible with that of other BSDs. &merged;</para> 1752 1753 <para>The <literal>ident</literal> protocol support in &man.inetd.8; has 1754 been cleaned up and updated. &merged;</para> 1755 1756 <para>&man.inetd.8; now has the ability to manage UNIX-domain 1757 sockets. &merged;</para> 1758 1759 <para>&man.install.1; has a number of new features, including the 1760 <option>-b</option> and <option>-B</option> options for backing up 1761 existing target files and the <option>-S</option> option for 1762 <quote>safe</quote> (atomic copy) operation. The 1763 <option>-c</option> (copy) flag is now the default, and the 1764 <option>-D</option> (debugging) flag has been withdrawn. 1765 &man.install.1; now issues a warning if <option>-d</option> 1766 (create directories) and <option>-C</option> (copy changed files 1767 only) are used together. &merged;</para> 1768 1769 <para>IP Filter is now supported by the 1770 &man.rc.conf.5; boot-time configuration and 1771 initialization. &merged;</para> 1772 1773 <para>&man.ipfstat.8; now supports the <option>-t</option> option 1774 to turn on a &man.top.1;-like display. &merged;</para> 1775 1776 <para>&man.ipfw.8; will now avoid the display of dynamic 1777 firewall rules unless the <option>-d</option> flag is passed to 1778 it. The <option>-e</option> option lists expired dynamic 1779 rules. &merged;</para> 1780 1781 <para>&man.ipfw.8; has a new feature (<literal>me</literal>) that 1782 allows for packet matching on interfaces with dynamically-changing 1783 IP addresses. &merged;</para> 1784 1785 <para>&man.ipfw.8; has a new <literal>limit</literal> type of 1786 firewall rule, which limits the number of sessions between address 1787 pairs. &merged;</para> 1788 1789 <para>&man.ipfw.8; filter rules can now match on the value of the 1790 IPv4 precedence field.</para> 1791 1792 <para>&man.ip6fw.8; now has the ability to use a preprocessor 1793 and use the <option>-q</option> (quiet) flag when reading from a 1794 file. &merged;</para> 1795 1796 <para>&man.kenv.1;, a command to dump the kernel environment, has 1797 been added. &merged;</para> 1798 1799 <para>&man.keyinfo.1; is now a C program, rather than a Perl 1800 script. &merged;</para> 1801 1802 <para>&man.killall.1; is now a C program, rather than a Perl 1803 script. As a result, its <option>-m</option> option now uses the 1804 regular expression syntax of &man.regex.3;, rather than that of 1805 &man.perl.1;. &merged;</para> 1806 1807 <para>&man.killall.1; now allows non-root users to kill SUID root 1808 processes that they started, the same as the Perl version did.</para> 1809 1810 <para>The &man.kldconfig.8; utility has been added to make it easier to 1811 manipulate the kernel module search path. &merged;</para> 1812 1813 <para>&man.last.1; now implements a <option>-d</option> that 1814 provides a <quote>snapshot</quote> of who was logged in at a 1815 particular date and time. &merged;</para> 1816 1817 <para>The &man.lastlogin.8; utility, which prints the last login 1818 time of each user, has been imported from 1819 NetBSD. &merged;</para> 1820 1821 <para>&man.ldconfig.8; now checks directory ownerships and 1822 permissions for greater security; these checks can be disabled 1823 with the <option>-i</option> flag. &merged;</para> 1824 1825 <para><filename>libc</filename> is now thread-safe by default; 1826 <filename>libc_r</filename> contains only thread functions.</para> 1827 1828 <para><filename>libcrypt</filename> and 1829 <filename>libdescrypt</filename> have been unified to provide a 1830 configurable password authentication hash library. Both the md5 1831 and des hash methods are provided unless the des hash is 1832 specifically compiled out. &merged;</para> 1833 1834 <para><filename>libcrypt</filename> now has support for Blowfish 1835 password hashing. &merged;</para> 1836 1837 <para arch="i386"><filename>libdisk</filename> can now do 1838 install-time configuration of the <filename>boot0</filename> 1839 boot loader. &merged;</para> 1840 1841 <para><filename>libstand</filename> now has support for 1842 filesystems containing <application>bzip2</application>-compressed 1843 files. &merged;</para> 1844 1845 <para><filename>libstand</filename> now has support for 1846 overwriting the contents of a file on a UFS filesystem (it cannot 1847 expand or truncate files because the filesystem may be dirty or 1848 inconsistent).</para> 1849 1850 <para>The default TCP port range used by 1851 <filename>libfetch</filename> for passive FTP retrievals has 1852 changed; this affects the behavior of &man.fetch.1;, which has 1853 gained the <option>-U</option> option to restore the old 1854 behavior. &merged;</para> 1855 1856 <para><filename>libfetch</filename> now has support for an 1857 authentication callback. &merged;</para> 1858 1859 <para><filename>libfetch</filename> now has support for a 1860 <envar>HTTP_USER_AGENT</envar> environment variable. &merged;</para> 1861 1862 <para><filename>libgmp</filename> has been superceded by 1863 <filename>libmp</filename>. 1864 1865 <para>The functions from <filename>libposix1e</filename> have been 1866 integrated into <filename>libc</filename>.</para> 1867 1868 <para>&man.ln.1; now takes an <option>-i</option> option to 1869 request user confirmation before overwriting an existing 1870 file. &merged;</para> 1871 1872 <para>&man.ln.1; now takes a <option>-h</option> flag to avoid 1873 following a target that is a link, with a <option>-n</option> flag 1874 for compatibility with other implementations. &merged;</para> 1875 1876 <para>&man.logger.1; can now send messages directly to a remote 1877 syslog. &merged;</para> 1878 1879 <para>&man.login.1; now exports environment variables set by 1880 <application>PAM</application> modules. &merged;</para> 1881 1882 <para>&man.lpc.8; has been improved; <command>lpc clean</command> 1883 is now somewhat safer, and a new <command>lpc tclean</command> 1884 command has been added to check to see what files would be removed 1885 by <command>lpc clean</command>. &merged;</para> 1886 1887 <para>&man.lpd.8; now takes two new options: <option>-c</option> 1888 will log all connection errors to &man.syslogd.8;, while 1889 <option>-W</option> will allow connections from non-reserved 1890 ports. &merged;</para> 1891 1892 <para>&man.lpd.8; now has some support for 1893 <literal>o</literal>-type print-file actions in its control files, 1894 which allows printing of PostScript files generated by 1895 <application>MacOS</application> 10.1. &merged;</para> 1896 1897 <para>&man.lpr.1;, &man.lpq.1;, and &man.lpd.8; have received a 1898 few minor enhancements. &merged;</para> 1899 1900 <para>Catching up with most other network utilities in the base 1901 system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and 1902 &man.logger.1; are now all IPv6-capable. &merged;</para> 1903 1904 <para><command>lprm -</command> now works for remote printer 1905 queues. &merged;</para> 1906 1907 <para>&man.ls.1; can produce colorized listings with the 1908 <option>-G</option> flag (and appropriate terminal 1909 support). The <envar>CLICOLOR</envar> environment variable can be set 1910 to enable colorized listings by default. &merged;</para> 1911 1912 <para>&man.mail.1; now takes a <option>-E</option> flag to avoid 1913 sending messages with empty bodies. &merged;</para> 1914 1915 <para>&man.make.1; has gained the <literal>:C///</literal> 1916 (regular expression substitution), <literal>:L</literal> 1917 (lowercase), and <literal>:U</literal> (uppercase) variable 1918 modifiers. These were added to reduce the differences between the 1919 &os; and 1920 OpenBSD/NetBSD 1921 &man.make.1; programs. &merged; </para> 1922 1923 <para>Bugs in &man.make.1;, among which include broken null suffix 1924 behavior, bad assumptions about current directory permissions, and 1925 potential buffer overflows, have been fixed. &merged;</para> 1926 1927 <para>The new <varname>CPUTYPE</varname> 1928 <filename>make.conf</filename> variable controls the compilation 1929 of processor-specific optimizations in various pieces of code such 1930 as <application>OpenSSL</application>. &merged;</para> 1931 1932 <para>The &os; <filename>Makefile</filename> infrastructure now 1933 supports the <varname>WARNS</varname> directive from NetBSD. This 1934 directive controls the addition of compiler warning flags to 1935 <varname>CFLAGS</varname> in a relatively compiler-neutral 1936 manner. &merged;</para> 1937 1938 <para>The &man.mdmfs.8; command has been added; it is a wrapper 1939 around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and 1940 &man.mount.8; that mimics the command line option set of the 1941 deprecated &man.mount.mfs.8;.</para> 1942 1943 <para>&man.mergemaster.8; now sources an 1944 <filename>/etc/mergemaster.rc</filename> file and also prompts the 1945 user to run recommended commands (such as 1946 <command>newaliases</command>) as needed. &merged;</para> 1947 1948 <para>&man.moused.8; now takes a <option>-a</option> option to control 1949 mouse acceleration. &merged;</para> 1950 1951 <para>&man.mtree.8; now includes support for a file that lists 1952 pathnames to be excluded when creating and verifying prototypes. 1953 This makes it easier to use &man.mtree.8; as a part of an 1954 intrusion-detection system. &merged;</para> 1955 1956 <para>The <quote>in use</quote> percentage metric displayed by 1957 &man.netstat.1; now really reflects the percentage of network 1958 mbufs used. &merged;</para> 1959 1960 <para>&man.netstat.1; now has a <option>-W</option> flag that 1961 tells it not to truncate addresses, even if they're too long for 1962 the column they're printed in. &merged;</para> 1963 1964 <para>&man.netstat.1; now keeps track of input and output packets 1965 on a per-address basis for each interface. &merged;</para> 1966 1967 <para>&man.netstat.1; now has a <option>-z</option> flag to reset 1968 statistics. &merged;</para> 1969 1970 <para>&man.netstat.1; now has a <option>-S</option> flag to print 1971 address numerically but port names symbolically. &merged;</para> 1972 1973 <para>&man.newfs.8; now implements write combining, which can make 1974 creation of new filesystems up to seven times 1975 faster. &merged;</para> 1976 1977 <para>&man.newfs.8; now takes a <option>-U</option> option to 1978 enable softupdates on a new filesystem. &merged;</para> 1979 1980 <para>The default number of cylinders per group in &man.newfs.8; 1981 is now computed to be the maximum allowable given the current 1982 filesystem parameters. It can be overridden with the 1983 <option>-c</option> option. Formerly, the default was fixed at 16. This 1984 change leads to better &man.fsck.8; performance and reduced 1985 fragmentation. &merged;</para> 1986 1987 <para><anchor id="newfs-block-frag-sizes">The default block and fragment sizes for new filesystems created 1988 by &man.newfs.8; are now 16384 and 2048 bytes, respectively (the 1989 old defaults were 8192 and 1024 bytes). This change generally 1990 provides increased performance, at the expense of some wasted disk 1991 space. &merged;</para> 1992 1993 <para>&man.newsyslog.8; now has the ability to compress 1994 log files using &man.bzip2.1;. &merged;</para> 1995 1996 <para><application>NFS</application> now works over IPv6.</para> 1997 1998 <para>&man.nl.1;, a line numbering filter program, has been 1999 added. &merged;</para> 2000 2001 <para><application>nsswitch</application> support has been merged from NetBSD. By creating 2002 an &man.nsswitch.conf.5; file, &os; can be configured so that 2003 various databases such as &man.passwd.5; and &man.group.5; can be 2004 looked up using flat files, NIS, or Hesiod. The old 2005 <filename>hosts.conf</filename> file is no longer used.</para> 2006 2007 <para><application>PAM</application> support has been added for 2008 account management and sessions.</para> 2009 2010 <para>&man.passwd.1; and &man.pw.8; now select the password hash 2011 algorithm at run time. See the <literal>passwd_format</literal> 2012 attribute in <filename>/etc/login.conf</filename>. &merged;</para> 2013 2014 <para>&man.pax.1; has received a number of enhancements, including 2015 &man.cpio.1; functionality, &man.tar.1; compatibility 2016 enhancements, <option>-z</option> and <option>-Z</option> flags 2017 for &man.gzip.1; and &man.compress.1; functionality, and a number 2018 of bug fixes.</para> 2019 2020 <para>&man.pciconf.8; now supports a <option>-v</option> option to 2021 display the vendor/device information of configured devices, 2022 in conjunction with the <option>-l</option> option. The default 2023 vendor/device database can be found at 2024 <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para> 2025 2026 <para>The behavior of &man.periodic.8; is now controlled by 2027 <filename>/etc/defaults/periodic.conf</filename> and 2028 <filename>/etc/periodic.conf</filename>. &merged;</para> 2029 2030 <para>&man.ping.8; now supports a <option>-m</option> option to 2031 set the TTL of outgoing packets. &merged;</para> 2032 2033 <para>&man.ping.8; now supports a <option>-A</option> option to 2034 beep when packets are lost. &merged;</para> 2035 2036 <para>Userland &man.ppp.8; has received a number of updates and 2037 bug fixes. &merged;</para> 2038 2039 <para>&man.ppp.8; has gained the <literal>tcpmssfixup</literal> 2040 option, which adjusts outgoing and incoming TCP SYN packets so that the maximum 2041 receive segment size is no larger than allowed by the interface 2042 MTU. &merged;</para> 2043 2044 <para>&man.ppp.8; now supports IPv6.</para> 2045 2046 <para>&man.pppd.8; (the control program for kernel-level PPP) is 2047 now installed mode <literal>4550</literal> and 2048 <username>root</username><literal>:</literal><groupname>dialer</groupname>, 2049 rather than mode <literal>4555</literal> (in other words, it is no 2050 longer world-executable). Users of &man.pppd.8; may need to 2051 change their group settings. &merged;</para> 2052 2053 <para>&man.pwd.1; can now double as &man.realpath.1;, a program to 2054 resolve pathnames to their underlying physical paths. &merged;</para> 2055 2056 <para>The pseudo-random number generator implemented by 2057 &man.rand.3; has been improved to provide less biased results.</para> 2058 2059 <para>&man.rc.8; now has an framework for handling dependencies between 2060 &man.rc.conf.5; variables. &merged;</para> 2061 2062 <para>&man.rc.8; now deletes all non-directory files in 2063 <filename>/var/run</filename> and 2064 <filename>/var/spool/lock</filename> at boot time. &merged;</para> 2065 2066 <para>&man.rcmd.3; now supports the use of the 2067 <envar>RSH</envar> environment variable to specify a program to 2068 use other than &man.rsh.1; for remote execution. As a result, 2069 programs such as &man.dump.8;, can use &man.ssh.1; for remote 2070 transport.</para> 2071 2072 <para>&man.rdist.1; has been retired from the base system, but is still 2073 available from &os; Ports Collection as 2074 <port>net/44bsd-rdist</port>.</para> 2075 2076 <para>The &man.resolver.3; in &os; now implements EDNS0 support, 2077 which will be necessary when working with IPv6 transport-ready 2078 resolvers/DNS servers. &merged;</para> 2079 2080 <para>The &man.rfork.thread.3; library call has been added as a 2081 helper function to &man.rfork.2;. Using this function should 2082 avoid the need to implement complex stack swap 2083 code. &merged;</para> 2084 2085 <para>The <option>-v</option> option to &man.rm.1; now displays 2086 the entire pathname of a file being removed.</para> 2087 2088 <para>&man.route.8; is now more verbose when changing indirect 2089 routes, in the case of a gateway route that is the same route as 2090 the one being modified. &merged;</para> 2091 2092 <para>&man.route.8; now uses 2093 <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal> 2094 syntax instead of 2095 <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal> 2096 syntax, for compatibility with &man.netstat.1;. &merged;</para> 2097 2098 <para>&man.route.8; can now create <quote>proxy only</quote> 2099 published ARP entries. &merged;</para> 2100 2101 <para>The &man.route.8; <option>add</option> command now supports 2102 the <option>-ifp</option> and <option>-ifa</option> 2103 modifiers. &merged;</para> 2104 2105 <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para> 2106 2107 <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename> 2108 (as on NetBSD), not <filename>/usr/libexec/cpp</filename>.</para> 2109 2110 <para>&man.rpc.lockd.8; has been imported from NetBSD. This 2111 daemon enables locking on NFS filesystems.</para> 2112 2113 <para>The performance of the ELF dynamic linker &man.rtld.1; has 2114 been improved. &merged;</para> 2115 2116 <para>RSA Security has waived all patent rights to the <application>RSA</application> 2117 algorithm. As a 2118 result, the native <application>OpenSSL</application> 2119 implementation of the RSA algorithm is now activated by default, 2120 and the <port>security/rsaref</port> port and the 2121 <filename>librsaUSA</filename> and <filename>librsaINTL</filename> 2122 libraries are 2123 no longer required for USA and non-USA residents respectively. &merged;</para> 2124 2125 <para>&man.savecore.8; now supports a <option>-k</option> option 2126 to prevent clearing a crash dump after saving it. It also 2127 attempts to avoid writing large stretches of zeros to crash dump 2128 files to save space and time. &merged;</para> 2129 2130 <para>&man.savecore.8; now works correctly on machines with 2 GB 2131 or more of RAM. &merged;</para> 2132 2133 <para>&man.sed.1; now takes a <option>-E</option> option for 2134 extended regular expression support. &merged;</para> 2135 2136 <para>&man.send-pr.1; now takes a <option>-a</option> option to 2137 include a file into the <literal>Fix:</literal> section of a 2138 problem report. &merged;</para> 2139 2140 <para>The &man.setfacl.1; and &man.getfacl.1; commands have been 2141 added to manage file system Access Control Lists.</para> 2142 2143 <para>&man.setproctitle.3; has been moved from 2144 <filename>libutil</filename> to 2145 <filename>libc</filename>. &merged;</para> 2146 2147 <para>&man.sh.1; now implements <command>test</command> as a 2148 built-in command for improved efficiency. &merged;</para> 2149 2150 <para>&man.sh.1; no longer 2151 implements <command>printf</command> as a built-in command because 2152 it was considered less valuable compared to the other built-in 2153 commands (this functionality is, of course, still available 2154 through the &man.printf.1; executable).</para> 2155 2156 <para>&man.sockstat.1; now has <option>-c</option> and 2157 <option>-l</option> flags for listing connected and listening 2158 sockets, respectively. &merged;</para> 2159 2160 <para>&man.split.1; now has the ability to split a file longer 2161 than 2GB. &merged;</para> 2162 2163 <para>In preparation for meeting SUSv2/POSIX 2164 <filename><sys/select.h></filename> requirements, 2165 <literal>struct selinfo</literal> and related functions have been 2166 moved to <filename><sys/selinfo.h></filename>.</para> 2167 2168 <para>The &man.strnstr.3; and &man.strcasestr.3; variants of 2169 &man.strstr.3; have been implemented.</para> 2170 2171 <para>&man.stty.1; now has support for an 2172 <literal>erase2</literal> control character, so that, for example, 2173 both the <keycap>Delete</keycap> and <keycap>Backspace</keycap> 2174 keys can be used to erase characters. &merged;</para> 2175 2176 <para>&man.style.perl.7;, a style guide for Perl code in the &os; 2177 base system, has been added.</para> 2178 2179 <para>&man.su.1; now uses <application>PAM</application> for 2180 authentication.</para> 2181 2182 <para>Boot-time &man.syscons.4; configuration was moved to a 2183 machine-independent <filename>/etc/rc.syscons</filename>. &merged;</para> 2184 2185 <para>&man.sysctl.8; now supports a <option>-N</option> option to 2186 print out variable names only. &merged;</para> 2187 2188 <para>&man.sysctl.8; has replaced the <option>-A</option> and 2189 <option>-X</option> options with <option>-ao</option> and 2190 <option>-ax</option> respectively; the former options are now 2191 deprecated. The <option>-w</option> option is deprecated as well; it is 2192 not needed to determine the user's intentions. &merged;</para> 2193 2194 <para>&man.sysctl.8; now supports a <option>-e</option> option to 2195 separate variable names and values by <literal>=</literal> rather 2196 than <literal>:</literal>. This feature is useful for producing 2197 output that can be fed back to &man.sysctl.8;. &merged;</para> 2198 2199 <para>&man.sysinstall.8; now properly preserves 2200 <filename>/etc/mail</filename> during a binary upgrade. &merged;</para> 2201 2202 <para>&man.sysinstall.8; now uses some more intuitive defaults 2203 thanks to some new dialog support functions. &merged;</para> 2204 2205 <para>The default root partition in &man.sysinstall.8; is now 2206 100MB on the i386 and 120MB on the Alpha.</para> 2207 2208 <para>&man.sysinstall.8; now lives in <filename>/usr/sbin</filename>, 2209 which simplifies the installation process. The &man.sysinstall.8; 2210 manpage is also installed in a more consistent fashion now.</para> 2211 2212 <para>&man.sysinstall.8; now has the ability to load KLDs as a 2213 part of the installation. &merged;</para> 2214 2215 <para>&man.sysinstall.8; now enables Soft Updates by default on 2216 all filesystems it creates, except for the root 2217 filesystem. &merged;</para> 2218 2219 <para>&man.sysinstall.8; has received updates for its 2220 <quote>auto</quote> partitioning mode which provide more 2221 reasonable defaults for the sizes of partitions that are created; 2222 auto-sized partitions can now also recover the space that becomes 2223 available when other partitions are deleted. &merged;</para> 2224 2225 <para>&man.syslogd.8; can take a <option>-n</option> option to 2226 disable DNS queries for every request. &merged;</para> 2227 2228 <para>&man.syslogd.8; now supports a <literal>LOG_CONSOLE</literal> 2229 facility (disabled by 2230 default), which can be used to log <filename>/dev/console</filename> 2231 output. &merged;</para> 2232 2233 <para>&man.syslogd.8; now has the ability to bind to a specific 2234 address (as opposed to using every available one) via the 2235 <option>-b</option> option. &merged;</para> 2236 2237 <para>&man.syslogd.8; now accepts a <option>-c</option> flag to 2238 disable repeated line compression. &merged;</para> 2239 2240 <para>&man.tail.1; now has the ability to work on files longer 2241 than 2GB. &merged;</para> 2242 2243 <para>&man.tar.1; now supports the <varname>TAR_RSH</varname> 2244 variable, principally to enable the use of &man.ssh.1; as a 2245 transport. &merged;</para> 2246 2247 <para>&man.telnet.1; now does autologin and encryption by default; 2248 a new <option>-y</option> option turns off encryption.</para> 2249 2250 <para>&man.telnet.1; now supports a <option>-u</option> flag to 2251 allow connections to UNIX-domain (<literal>AF_UNIX</literal>) 2252 sockets. &merged;</para> 2253 2254 <para>&man.tftpd.8; now takes the <option>-c</option> and 2255 <option>-C</option> options, which allow the server to 2256 &man.chroot.2; based on the IP address of the connecting client. 2257 &man.tftp.1; and &man.tftpd.8; can now transfer files larger than 2258 65535 blocks. &merged;</para> 2259 2260 <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval 2261 and Transfer Size Options); this feature is required by some 2262 firmware like EFI boot managers (at least on HP i2000 Itanium 2263 servers) in order to boot an image using 2264 <application>TFTP</application>.</para> 2265 2266 <para arch="alpha">&man.timed.8; now works on the alpha.</para> 2267 2268 <para>A version of Transport Independent RPC 2269 (<application>TI-RPC</application>) has been imported.</para> 2270 2271 <para>&man.tmpnam.3; will now use the <envar>TMPDIR</envar> 2272 environment variable, if set, to specify the location of temporary 2273 files. &merged;</para> 2274 2275 <para>&man.tip.1; has been updated from 2276 <application>OpenBSD</application>, and has the ability to act as 2277 a &man.cu.1; substitute.</para> 2278 2279 <para>&man.top.1; will now use the full width of its tty.</para> 2280 2281 <para>&man.touch.1; now takes a <option>-h</option> option to 2282 operate on a symbolic link, rather than what the link points 2283 to.</para> 2284 2285 <para>The &man.truncate.1; utility, which truncates or extends the length 2286 of files, has been added. &merged;</para> 2287 2288 <para>Ukrainian language support has been added to the &os; 2289 console. &merged;</para> 2290 2291 <para><application>UUCP</application> has been removed from the 2292 base system. It can be found in 2293 the Ports Collection, in <port>net/freebsd-uucp</port>.</para> 2294 2295 <para>&man.units.1; has received some updates and bugfixes. &merged;</para> 2296 2297 <para>&man.vidcontrol.1; now accepts a <option>-g</option> 2298 parameter to select custom text geometry in the 2299 <literal>VESA_800x600</literal> raster text mode. &merged;</para> 2300 2301 <para>&man.vidcontrol.1; now allows the user to omit the font size 2302 specification when loading a font, and has some better 2303 error-handling. &merged;</para> 2304 2305 <para>&man.vidcontrol.1; now supports a <option>-p</option> option to 2306 take a snapshot of a &man.syscons.4; video buffer. These 2307 snapshots can be manipulated by the 2308 <port>graphics/scr2png</port> utility in the Ports 2309 Collection. &merged;</para> 2310 2311 <para>&man.vidcontrol.1; now supports a <option>-C</option> option 2312 to clear the history buffer for a given tty, as well as a 2313 <option>-h</option> option to set the size of the history buffer. &merged;</para> 2314 2315 <para>The default stripe size in &man.vinum.8; has been changed 2316 from 256KB to 279KB, to spread out superblocks more evenly between 2317 stripes.</para> 2318 2319 <para>&man.wall.1; now supports a <option>-g</option> flag to 2320 write a message to all users of a given group. &merged;</para> 2321 2322 <para>&man.watch.8; now takes a <option>-f</option> option to 2323 specify a &man.snp.4; device to use.</para> 2324 2325 <para>&man.which.1; is now a C program, rather than a Perl 2326 script.</para> 2327 2328 <para>&man.whois.1; now directs queries for IP addresses to 2329 ARIN. If a query to ARIN references APNIC or RIPE, the 2330 appropriate server will also be queried, provided that the 2331 <option>-Q</option> option is not specified. &merged;</para> 2332 2333 <para>&man.whois.1; supports a <option>-c</option> option to 2334 specify a country code to help direct queries towards a particular 2335 whois server. &merged;</para> 2336 2337 <para>&man.xargs.1; now supports a <option>-J</option> 2338 <replaceable>replstr</replaceable> option that allows the user to 2339 tell &man.xargs.1; to insert the data read from standard input at 2340 a specific point in the command line arguments rather than at the 2341 end. &merged;</para> 2342 2343 <para>The compiler chain now uses the FSF-supplied C/C++ runtime 2344 initialization code. This change brings about better 2345 compatibility with code generated from the various egcs and gcc 2346 ports, as well as the stock public FSF source. &merged;</para> 2347 2348 <para>The threads library has gained some signal handling changes, 2349 bug fixes, and performance enhancements (including zero system 2350 call thread switching). &man.gdb.1; thread support has been 2351 updated to match these changes. &merged;</para> 2352 2353 <para>Significant additions have been made to internationalization 2354 support; &os; now has complete locale support for the 2355 <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, and 2356 <literal>LC_MESSAGES</literal> categories. A number of 2357 applications have been updated to take advantage of this 2358 support.</para> 2359 2360 <para>Locale names have been changed to improve compatibility with 2361 the names used by X11R6, as well as a number of other UNIX 2362 versions. As an example, the <literal>en_US.ISO_8859-1</literal> 2363 locale name has been changed to 2364 <literal>en_US.ISO8859-1</literal>. Entries in 2365 <filename>/etc/locale.alias</filename> provide backward 2366 compatibility. &merged;</para> 2367 2368 <para><filename>/usr/src/share/examples/BSD_daemon/</filename> now 2369 contains a scalable Beastie graphic. &merged;</para> 2370 2371 <para>As part of an ongoing process, many manual pages were 2372 improved, both in terms of their formatting markup and in their 2373 content. &merged;</para> 2374 2375 <sect3> 2376 <title>Contributed Software</title> 2377 2378 <para><application>am-utils</application> has been updated to 2379 6.0.7.</para> 2380 2381 <para><application>bc</application> has been updated from 1.04 to 2382 1.06. &merged;</para> 2383 2384 <para>The ISC library from the <application>BIND</application> 2385 distribution is now built as 2386 <filename>libisc</filename>. &merged;</para> 2387 2388 <para><application>BIND</application> is now built with the 2389 <literal>NOADDITIONAL</literal> flag, which causes &man.named.8; 2390 to operate in a more consistent fashion for certain common 2391 misconfigurations. &merged;</para> 2392 2393 <para><application>BIND</application> has been updated to 2394 8.2.4-REL. &merged;</para> 2395 2396 <para><application>Binutils</application> have been updated to 2397 a 31 October 2001 snapshot from the FSF 2.11 branch.</para> 2398 2399 <para><application>bzip2</application> 1.0.1 has been imported; this 2400 brings the &man.bzip2.1; program and the <filename>libbz2</filename> 2401 library to the base system. &merged;</para> 2402 2403 <para>The &man.ee.1; <application>Easy Editor</application> has 2404 been updated to 1.4.2. &merged;</para> 2405 2406 <para><application>file</application> has been updated to 3.37.</para> 2407 2408 <para><application>gcc</application> has been updated to 2.95.3. &merged;</para> 2409 2410 <para>&man.gcc.1; now uses a unified <filename>libgcc</filename> 2411 rather than a separate one for threaded and non-threaded programs. 2412 <filename>/usr/lib/libgcc_r.a</filename> can be removed. 2413 &merged;</para> 2414 2415 <para>&man.gcc.1; now supports the environment variable 2416 <envar>GCC_OPTIONS</envar>, which can hold a set of default 2417 options for <application>GCC</application>. &merged;</para> 2418 2419 <para><application>GNATS</application> has been updated to 2420 3.113. &merged;</para> 2421 2422 <para><application>GNU awk</application> has been updated to 2423 3.1.0.</para> 2424 2425 <para><application>gperf</application> has been updated to 2.7.2.</para> 2426 2427 <para><application>groff</application> and its related utilities 2428 have been updated to FSF version 1.17.2. This import brings in a 2429 new &man.mdoc.7; macro package (sometimes referred to as 2430 <literal>mdocNG</literal>), which removes many of the 2431 limitations of its predecessor. &merged;</para> 2432 2433 <para><application>Heimdal</application> has been updated to 2434 0.3f.</para> 2435 2436 <para>The version of <application>IPFilter</application> 2437 provided with &os; now includes the &man.ipfs.8; program, which 2438 allows state information created for NAT entries and stateful 2439 rules to be saved to disk and restored after a reboot. 2440 Boot-time configuration of these features is supported by 2441 &man.rc.conf.5;. &merged;</para> 2442 2443 <para>The <application>ISC DHCP</application> client has been 2444 updated to 2.0pl5. &merged;</para> 2445 2446 <para><application>Kerberos IV</application> has been updated to 2447 1.0.5. &merged;</para> 2448 2449 <para>The &man.more.1; command has been replaced by &man.less.1;, 2450 although it can still be run as 2451 <command>more</command>. &merged; Version 371 of <application>less</application> has 2452 been imported.</para> 2453 2454 <para><application>libpcap</application> has been updated to 2455 0.6.2. &merged;</para> 2456 2457 <para><application>libreadline</application> has been updated to 2458 4.2.</para> 2459 2460 <para><application>Linux-PAM</application> has been updated to 2461 0.75. &merged;</para> 2462 2463 <para>A number of new <application>Linux-PAM</application> modules 2464 have been added, including: <filename>pam_ftp</filename>, 2465 <filename>pam_krb5</filename>, 2466 <filename>pam_nologin</filename>, 2467 <filename>pam_rootok</filename>, 2468 <filename>pam_securetty</filename>, 2469 <filename>pam_wheel</filename>.</para> 2470 2471 <para><application>lukemftp</application> has replaced the &os; 2472 &man.ftp.1; program. Among its new features are more automation 2473 methods, better standards compliance, transfer rate throttling, 2474 and a customizable command-line prompt. Some environment 2475 variables and command-line arguments have changed.</para> 2476 2477 <para><application>ncurses</application> has been updated to 2478 5.2-20010512.</para> 2479 2480 <para>The <application>NTP</application> suite of programs has been 2481 updated to 4.1.0. &merged;</para> 2482 2483 <para>The <application>OPIE</application> one-time-password suite 2484 has been updated to 2.32. &merged; It has completely replaced 2485 the functionality of <application>S/Key</application>.</para> 2486 2487 <para><application>Perl</application> has been updated to version 2488 5.6.0.</para> 2489 2490 <para>&man.routed.8; has been updated to version 2.22. &merged;</para> 2491 2492 <para arch="i386">Version 1.4.3 of the <application>smbfs</application> 2493 userland utilities have been imported. &merged;</para> 2494 2495 <para><application>tcpdump</application> has been updated to 2496 3.6.3. &merged;</para> 2497 2498 <para>The &man.csh.1; shell has been replaced by &man.tcsh.1;, 2499 although it can still be run as <command>csh</command>. 2500 <application>tcsh</application> has been updated to version 2501 6.11. &merged;</para> 2502 2503 <para>The contributed version of 2504 <application>tcp_wrappers</application> now includes the 2505 &man.tcpd.8; helper daemon. While not strictly necessary in a 2506 standard &os; installation (because &man.inetd.8; already 2507 incorporates this functionality), this may be useful for 2508 &man.inetd.8; replacements such as 2509 <application>xinetd</application>.</para> 2510 2511 <para>&man.traceroute.8; now takes its default maximum TTL value 2512 from the <varname>net.inet.ip.ttl</varname> sysctl 2513 variable. &merged;</para> 2514 2515 <para>The timezone database has been updated to the 2516 <filename>tzdata2001d</filename> release. &merged;</para> 2517 2518 <sect4> 2519 <title>CVS</title> 2520 2521 <para><application>cvs</application> has been updated to 2522 1.11.1p1. &merged;</para> 2523 2524 <para>The default value for &man.cvs.1;'s 2525 <envar>CVS_RSH</envar> variable is now <literal>ssh</literal>, 2526 rather than <literal>rsh</literal>. &merged;</para> 2527 2528 <para>&man.cvs.1; now supports a <option>-T</option> option to 2529 update a sandbox's <filename>CVS/Template</filename> file from 2530 the repository. &merged;</para> 2531 2532 <para>&man.cvs.1; <literal>diff</literal> now supports the 2533 <option>-j</option> option to perform differences against a 2534 revision relative to a branch tag. &merged;</para> 2535 </sect4> 2536 2537 <sect4> 2538 <title>CVSup</title> 2539 2540 <para><application>CVSup</application>, a frequently used 2541 utility in the &os; Ports Collection, was formerly installable 2542 using several ports and packages. The 2543 <port>net/cvsup-bin</port> and <port>net/cvsupd-bin</port> 2544 ports/packages are no longer necessary or available; the 2545 <port>net/cvsup</port> port should be used instead. &merged;</para> 2546 2547 <para><application>CVSup</application> has been updated to 2548 16.1_3, which is available in the &os; Ports Collection as 2549 <port>net/cvsup</port>. This update fixes a long-standing 2550 (but only recently encountered) bug which affects the 2551 timestamps on all files after Sun Sep 9 01:46:40 UTC 2001 2552 (1,000,000,000 seconds after the UNIX epoch). &merged;</para> 2553 </sect4> 2554 2555 <sect4 id="kame-userland"> 2556 <title>KAME</title> 2557 2558 <para>The IPv6 stack is now based on a snapshot based on the KAME 2559 Project's IPv6 snapshot as of 28 May, 2001. Most of the 2560 items listed in this section are a result of this import. 2561 <xref linkend="kame-kernel"> lists kernel updates to the KAME 2562 IPv6 stack. &merged;</para> 2563 2564 <para>&man.faithd.8; now supports a configuration file for 2565 access control. &merged;</para> 2566 2567 <para>&man.ifconfig.8; can now perform the functions of 2568 &man.gifconfig.8;. &merged;</para> 2569 2570 <para>&man.ifconfig.8; can now perform the functions of 2571 &man.prefix.8;. &man.prefix.8; is now a shell script for 2572 partial backwards compatibility. &merged;</para> 2573 2574 <para>&man.ndp.8; now implements garbage collection for stale 2575 NDP entries, as described in RFC 2461 (Neighbor Discovery for 2576 IP Version 6 (IPv6)). &merged;</para> 2577 2578 <para>&man.pim6dd.8; and &man.pim6sd.8; have been removed due to 2579 restrictive licensing conditions. These programs are available 2580 in the ports collection as <port>net/pim6dd</port> and 2581 <port>net/pim6sd</port>. &merged;</para> 2582 2583 <para>&man.route6d.8; now supports an <option>-n</option> flag 2584 to avoid updating the kernel forwarding table. &merged;</para> 2585 2586 <para>The <option>-R</option> (router renumbering) option to 2587 &man.rtadvd.8; is currently ignored. &merged;</para> 2588 </sect4> 2589 2590 <sect4> 2591 <title>OpenSSH</title> 2592 2593 <para><application>OpenSSH</application> has been updated to 2594 2.9, which provides support for the SSH2 protocol (now the 2595 default) and DSA keys. &man.ssh-add.1; and &man.ssh-agent.1; 2596 can now handle DSA keys, with support for authentication 2597 forwarding. <application>OpenSSH</application> users in the 2598 USA no longer need to rely on the restrictively-licensed 2599 RSAREF toolkit which is required to handle RSA keys. Among 2600 other new features: A client and server for sftp has been 2601 added. &man.scp.1; can now handle files larger than 2 GBytes. 2602 A limit on the number of outstanding, unauthenticated 2603 connections in &man.sshd.8; has been added. Support has been 2604 added for the Rijndael encryption algorithm. Rekeying of 2605 existing sessions is now supported, and an experimental 2606 <application>SOCKS4</application> proxy has been added to 2607 &man.ssh.1;.</para> 2608 2609 <para><application>OpenSSH</application> can now authenticate 2610 using OPIE passwords in SSH1 mode. Support is not yet available 2611 in SSH2 mode. &merged;</para> 2612 2613 <para><application>PAM</application> support for 2614 <application>OpenSSH</application> has been added.</para> 2615 2616 <para>A long-standing bug in <application>OpenSSH</application>, 2617 which sometimes resulted in a dropped session when an 2618 X11-forwarded client was closed, was fixed.</para> 2619 2620 <para><application>Kerberos</application> compatibility has been 2621 added to <application>OpenSSH</application>. &merged;</para> 2622 2623 <para><application>OpenSSH</application> has been modified to be 2624 more resistant to traffic analysis by requiring that 2625 <quote>non-echoed</quote> characters are still echoed back in a 2626 null packet, as well as by padding passwords sent so as not to 2627 hint at password lengths. &merged;</para> 2628 2629 <para>&man.sshd.8; is now enabled by default on new 2630 installs. &merged;</para> 2631 2632 <para>&man.sshd.8; <literal>X11Forwarding</literal> is now turned 2633 on by default on the server (any risk is to the client, where it 2634 is already disabled by default). &merged;</para> 2635 2636 <para>In <filename>/etc/ssh/sshd_config</filename>, the 2637 <literal>ConnectionsPerPeriod</literal> parameter has been 2638 deprecated in favor of <literal>MaxStartups</literal>. &merged;</para> 2639 2640 <para><application>OpenSSH</application> now has a 2641 <literal>VersionAddendum</literal> configuration setting for 2642 &man.sshd.8; to allow changing the part of the 2643 <application>OpenSSH</application> version string after the 2644 main version number.</para> 2645 </sect4> 2646 2647 <sect4> 2648 <title>OpenSSL</title> 2649 2650 <para><application>OpenSSL</application> has been updated to 2651 0.9.6b.</para> 2652 2653 <para><application>OpenSSL</application> now has support for 2654 machine-dependent ASM optimizations, activated by the new 2655 <varname>MACHINE_CPU</varname> and/or <varname>CPUTYPE</varname> 2656 <filename>make.conf</filename> variables. &merged;</para> 2657 </sect4> 2658 2659 <sect4> 2660 <title>sendmail</title> 2661 2662 <para><application>sendmail</application> has been updated from 2663 version 8.9.3 to version 8.11.6. Important changes include: new 2664 default file locations (see 2665 <filename>/usr/src/contrib/sendmail/cf/README</filename>); 2666 &man.newaliases.1; is limited to <username>root</username> and 2667 trusted users; STARTTLS encryption; and the MSA port (587) is 2668 turned on by default. See 2669 <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> for 2670 more information. &merged;</para> 2671 2672 <para>&man.mail.local.8; is no longer installed as a SUID binary. 2673 If you are using a <filename>/etc/mail/sendmail.cf</filename> from 2674 the default <filename>sendmail.cf</filename> included with &os; 2675 any time after 3.1.0, you are fine. If you are using a 2676 hand-configured <filename>sendmail.cf</filename> and 2677 <command>mail.local</command> for delivery, check to make sure the 2678 <literal>F=S</literal> flag is set on the 2679 <literal>Mlocal</literal> line. Those with 2680 <filename>.mc</filename> files who need to add the flag can do so 2681 by adding the following line to their <filename>.mc</filename> 2682 file and regenerating the <filename>sendmail.cf</filename> 2683 file:</para> 2684 2685 <programlisting>MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting> 2686 2687 <para>Note that <literal>FEATURE(`local_lmtp')</literal> already 2688 does this. &merged;</para> 2689 2690 <para>The default <filename>/etc/mail/sendmail.cf</filename> 2691 disables the SMTP <literal>EXPN</literal> and 2692 <literal>VRFY</literal> commands. &merged;</para> 2693 2694 <para>&man.vacation.1; has been updated to use the version included with 2695 <application>sendmail</application>. &merged;</para> 2696 2697 <para>The <application>sendmail</application> configuration 2698 building tools are installed in 2699 <filename>/usr/share/sendmail/cf/</filename>. &merged;</para> 2700 2701 <para>New <filename>make.conf</filename> options: 2702 <varname>SENDMAIL_MC</varname> and 2703 <varname>SENDMAIL_ADDITIONAL_MC</varname>. See 2704 <filename>/usr/share/examples/etc/make.conf</filename> for more 2705 information. &merged;</para> 2706 2707 <para><filename>/etc/mail/Makefile</filename> now supports: the 2708 new <varname>SENDMAIL_MC</varname> <filename>make.conf</filename> 2709 option; the ability to build <filename>.cf</filename> files from 2710 <filename>.mc</filename> files; generalized map rebuilding; 2711 rebuilding the aliases file; and the ability to stop, start, and 2712 restart <application>sendmail</application>. &merged;</para> 2713 </sect4> 2714 </sect3> 2715 2716 <sect3> 2717 <title>Ports/Packages Collection</title> 2718 2719 <para><application>BSDPAN</application>, a collection of modules 2720 that provides tighter integration of 2721 <application>Perl</application> into the &os; Ports 2722 Collection, has been added.</para> 2723 2724 <para>&man.pkg.create.1; and &man.pkg.add.1; can now work with 2725 packages that have been compressed using 2726 &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT 2727 environment variable to determine a mirror site for new 2728 packages. &merged;</para> 2729 2730 <para>&man.pkg.create.1; now records dependencies in dependency 2731 order rather than in the order specified on the command line. 2732 This improves the functioning of <command>pkg_add 2733 -r</command>. &merged;</para> 2734 2735 <para>&man.pkg.create.1; now supports a <option>-b</option> to 2736 create a package file from a locally-installed 2737 package. &merged;</para> 2738 2739 <para>When requested to delete multiple packages, 2740 &man.pkg.delete.1; will now attempt to remove them in dependency 2741 order rather than the order specified on the command 2742 line. &merged;</para> 2743 2744 <para>&man.pkg.delete.1; now can perform glob/regexp matching of 2745 package names. In addition, it supports a <option>-a</option> 2746 option for removing all packages and a <option>-i</option> option 2747 for &man.rm.1;-style interactive confirmation. &merged;</para> 2748 2749 <para>&man.pkg.delete.1; now supports a <option>-r</option> 2750 option for recursive package removal. &merged;</para> 2751 2752 <para>&man.pkg.info.1; now supports globbing against names of 2753 installed packages. The <option>-G</option> option disables this 2754 behavior, and the <option>-x</option> option causes regular 2755 expression matching instead of shell globbing. &merged;</para> 2756 2757 <para>&man.pkg.info.1; can now accept a <option>-g</option> flag for 2758 verifying an installed package against its recorded checksums (to 2759 see if it's been modified post-installation). Naturally, this 2760 mechanism is only as secure as the contents of 2761 <filename>/var/db/pkg</filename> if it's to be used for auditing 2762 purposes. &merged;</para> 2763 2764 <para>&man.pkg.sign.1; and &man.pkg.check.1; have been added to 2765 digitally sign and verify the signatures on binary package 2766 files. &merged;</para> 2767 2768 <para>&man.pkg.update.1;, a utility to update installed packages 2769 and update their dependencies, has been added. &merged;</para> 2770 2771 <para>&man.pkg.version.1; now has a version number comparison 2772 routine that corresponds to the Porters Handbook. It also has a 2773 <option>-t</option> option for testing address comparisons. 2774 &merged;</para> 2775 2776 <para>&man.pkg.version.1; now takes a <option>-s</option> flag 2777 to limit its operation to ports/packages matching a given 2778 string. &merged;</para> 2779 2780 <para>Version numbers of installed packages have a new 2781 (backward-compatible) syntax, which supports the 2782 <varname>PORTREVISION</varname> and <varname>PORTEPOCH</varname> 2783 variables in Ports Collection <filename>Makefile</filename>s. 2784 These changes help keep track of changes in the ports collection 2785 entries such as security patches or &os;-specific updates, which 2786 aren't reflected in the original, third-party software 2787 distributions. &man.pkg.version.1; can now compare these 2788 new-style version numbers. &merged;</para> 2789 2790 <para>To improve performance and disk utilization, the <quote>ports 2791 skeletons</quote> in the &os; Ports Collection have been restructured. 2792 Installed ports and packages should not be affected. &merged;</para> 2793 2794 <para>All packages and ports now contain an <quote>origin</quote> 2795 directive, which makes it easier for programs such as 2796 &man.pkg.version.1; to determine the directory from which a 2797 package was built. &merged;</para> 2798 </sect3> 2799 </sect2> 2800</sect1> 2801 2802<sect1> 2803 <title>Upgrading from previous releases of &os;</title> 2804 2805 <para>If you're upgrading from a previous release of &os;, you 2806 generally will have three options: 2807 2808 <itemizedlist> 2809 <listitem> 2810 <para>Using the binary upgrade option of &man.sysinstall.8;. 2811 This option is perhaps the quickest, although it presumes 2812 that your installation of &os; uses no special compilation 2813 options.</para> 2814 </listitem> 2815 <listitem> 2816 <para>Performing a complete reinstall of &os;. Technically, 2817 this is not an upgrading method, and in any case is usually less 2818 convenient than a binary upgrade, in that it requires you to 2819 manually backup and restore the contents of 2820 <filename>/etc</filename>. However, it may be useful in 2821 cases where you want (or need) to change the partitioning of 2822 your disks. 2823 </listitem> 2824 <listitem> 2825 <para>From source code in <filename>/usr/src</filename>. This 2826 route is more flexible, but requires more disk space, time, 2827 and more technical expertise. Upgrading from very old 2828 versions of &os; may be problematic; in cases like this, it 2829 is usually more effective to perform a binary upgrade or a 2830 complete reinstall.</para> 2831 </listitem> 2832 </itemizedlist> 2833 </para> 2834 2835 <para>Please read the <filename>INSTALL.TXT</filename> file for more 2836 information, preferably <emphasis>before</emphasis> beginning an 2837 upgrade. If you are upgrading from source, please be sure to read 2838 <filename>/usr/src/UPDATING</filename> as well.</para> 2839 2840 <para>Finally, if you want to use one of various means to track the 2841 -STABLE or -CURRENT branches of &os;, please be sure to consult the 2842 <ulink 2843 url="http://www.FreeBSD.org/handbook/current-stable.html"><quote>-CURRENT 2844 vs. -STABLE</quote></ulink> section of the <ulink 2845 url="http://www.FreeBSD.org/handbook/">FreeBSD 2846 Handbook</ulink>.</para> 2847 2848 <important> 2849 <para>Upgrading &os; should, of course, only be attempted after 2850 backing up <emphasis>all</emphasis> data and configuration 2851 files.</para> 2852 </important> 2853</sect1> 2854 2855