article.xml revision 99153
1<articleinfo> 2 <title>&os;/&arch; &release.current; Release Notes</title> 3 4 <corpauthor>The FreeBSD Project</corpauthor> 5 6 <pubdate>$FreeBSD: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml 99153 2002-06-30 18:48:24Z bmah $</pubdate> 7 8 <copyright> 9 <year>2000</year> 10 <year>2001</year> 11 <year>2002</year> 12 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder> 13 </copyright> 14 15 <abstract> 16 <para>The release notes for &os; &release.current; contain a summary 17 of 18<![ %include.historic; [ 19 the changes made in the &os; base system since &release.prev;. 20]]> 21<![ %no.include.historic; [ 22 recent changes made to the &os; base system on the &release.branch; 23 development branch. 24]]> 25 Both changes for kernel and userland are listed, as well as 26 applicable security advisories that were issued since the last 27 release. Some brief remarks on upgrading are also presented.</para> 28 </abstract> 29</articleinfo> 30 31<sect1> 32 <title>Introduction</title> 33 34 <para>This document contains the release notes for &os; 35 &release.current; on the &arch.print; hardware platform. It 36 describes recently added, changed, or deleted features of &os;. 37 It also provides some notes on upgrading 38 from previous versions of &os;.</para> 39 40<![ %release.type.snapshot [ 41 42 <para>The &release.type; distribution to which these release notes 43 apply represents a point along the &release.branch; development 44 branch between &release.prev; and the future &release.next;. Some 45 pre-built, binary &release.type; distributions along this branch 46 can be found at <ulink url="&release.url;"></ulink>.</para> 47 48]]> 49 50<![ %release.type.release [ 51 52 <para>This distribution of &os; &release.current; is a 53 &release.type; distribution. It can be found at <ulink 54 url="&release.url;"></ulink> or any of its mirrors. More 55 information on obtaining this (or other) &release.type; 56 distributions of &os; can be found in the <ulink 57 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining 58 FreeBSD</quote> appendix</ulink> to the <ulink 59 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 60 Handbook</ulink>.</para> 61 62]]> 63</sect1> 64 65<sect1> 66 <title>What's New</title> 67 68 <para>This section describes 69<![ %include.historic; [ 70 the most user-visible new or changed features in &os; 71 since &release.prev;. 72 In general, changes described here are unique to the &release.branch; 73 branch unless specifically marked as &merged; features. 74]]> 75<![ %no.include.historic; [ 76 many of the user-visible new or changed features in &os; 77 since &release.prev;. It includes items that are unique to the 78 &release.branch; branch, as well as some features that may have been 79 recently merged to 80 other branches (after &os; &release.prev.historic;). The later 81 items are marked as &merged;. 82]]> 83 </para> 84 85 <para>Typical release note items 86 document new drivers or hardware support, new commands or options, 87 major bugfixes, or contributed software upgrades. Applicable security 88 advisories issued after &release.prev; are also listed.</para> 89 90 <para>Many additional changes were made to &os; that are not listed 91 here for lack of space. For example, documentation was corrected 92 and improved, minor bugs were fixed, insecure coding practices 93 were audited and corrected, and source code was cleaned up.</para> 94 95 <sect2 id="kernel"> 96 <title>Kernel Changes</title> 97 98 <para arch="i386" role="historic">The &man.amdpm.4; driver has been added to 99 provide access to the system monitoring functions of the AMD 756 100 chipset. &merged;</para> 101 102 <para role="historic">The &man.agp.4; driver for AGP devices has been 103 added. &merged;</para> 104 105 <para>A new &man.ddb.4; command <command>show pcpu</command> lists 106 some of the per-CPU data.</para> 107 108 <para role="historic">Two new &man.ddb.4; commands, <command>hwatch</command> and 109 <command>dhwatch</command>, have been introduced. Analogous to 110 <command>watch</command> and <command>dwatch</command>, they 111 install hardware watchpoints (as opposed to software 112 watchpoints) if supported by the architecture. &merged;</para> 113 114 <para>&man.devfs.5;, which allows entries in the 115 <filename>/dev</filename> directory to be built automatically 116 and supports more flexible attachment of devices, has been 117 largely reworked. &man.devfs.5; is now enabled by default and 118 can be disabled by the <literal>NODEVFS</literal> kernel 119 option.</para> 120 121 <para>The dgm driver has been removed in favor of the digi driver.</para> 122 123 <para>A new digi driver has been added to support PCI Xr-based and 124 ISA Xem Digiboard cards. A new &man.digictl.8; program is 125 (mainly) used to re-initialize cards that have external port 126 modules attached such as the PC/Xem.</para> 127 128 <para>An &man.eaccess.2; system call has been added, similar to 129 &man.access.2; except that the former uses effective credentials 130 rather than real credentials.</para> 131 132 <para arch="sparc64">Support has been added for EBus-based 133 devices.</para> 134 135 <para arch="i386" role="historic">The &man.ichsmb.4; driver for the Intel 82801AA 136 (ICH) SMBus controller and compatibles has been 137 added. &merged;</para> 138 139 <para>Each &man.jail.2; environment can now run under its own 140 securelevel.</para> 141 142 <para>The tunable sysctl variables for &man.jail.2; have moved 143 from <varname>jail.*</varname> to the 144 <varname>security.*</varname> hierarchy. Other security-related 145 sysctl variables have moved from <varname>kern.security.*</varname> to 146 <varname>security.*</varname>.</para> 147 148 <para role="historic">The <varname>kern.maxvnodes</varname> limit now properly 149 limits the number of vnodes in use. Previously only vnodes with 150 no cached pages could be freed; this could allow the number of 151 vnodes to grow without limit on large-memory machines accessing 152 many small files. A <literal>vnlru</literal> kernel thread 153 helps to flush and reuse vnodes. &merged;</para> 154 155 <para role="historic">The kernel message buffer is now accessible by the 156 (machine-independent) <varname>kern.msgbuf</varname> sysctl 157 variable; &man.dmesg.8; no longer needs to be SGID 158 <groupname>kmem</groupname>. &merged;</para> 159 160 <para>The kernel environment is now dynamic, and can be changed 161 via the new &man.kenv.2; system call.</para> 162 163 <para role="historic">The &man.kqueue.2; event notification facility was added to 164 the &os; kernel. This is a new interface which is able to 165 replace &man.poll.2;/&man.select.2;, offering improved 166 performance, as well as the ability to report many different 167 types of events. Support for monitoring changes in sockets, 168 pipes, fifos, and files are present, as well as for signals and 169 processes. &merged;</para> 170 171 <para arch="i386,pc98" role="historic">A new <varname>KVA_SPACE</varname> kernel option 172 can be used to reconfigure the size of the kernel virtual 173 address space. &merged;</para> 174 175 <para>The labpc(4) driver has been removed due to 176 <quote>bitrot</quote>.</para> 177 178 <para>The loader and kernel linker now look for files named 179 <filename>linker.hints</filename> in each directory with KLDs 180 for a module name and version to KLD filename mapping. The new 181 &man.kldxref.8; utility is used to generate these files.</para> 182 183 <para role="historic">Linux emulation now supports the kernel functionality 184 required by the 185 <filename role="package">emulators/linux_base</filename> 186 (RedHat 7.X emulation) port. &merged;</para> 187 188 <para role="historic">Linux emulation now requires <literal>options 189 SYSVSEM</literal> in the kernel configuration. &merged;</para> 190 191 <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control 192 security facility, has been added as a kernel module. It 193 provides a drop-in security mechanism in addition to the 194 traditional UID-based security facilities, requiring no 195 additional configuration from the administrator. Work on this 196 feature was sponsored by DARPA and NAI Labs.</para> 197 198 <para arch="ia64">Machine Check Architecture (MCA) records are now 199 collected at boot time and made available through the 200 <varname>hw.mca.*</varname> sysctl variables.</para> 201 202 <para role="historic">The <varname>maxusers</varname> kernel configuration 203 parameter is now a boot-time tunable variable. The kernel 204 parameters derived from <varname>maxusers</varname> are now also 205 tunables and can be overridden at boot-time. The 206 <varname>hz</varname> parameter is also now a 207 tunable. &merged;</para> 208 209 <para role="historic">Specifying a value of <literal>0</literal> for the 210 <varname>maxusers</varname> kernel configuration parameter will 211 now cause an appropriate value to be calculated at boot-time 212 (between 32 and 384, depending on the amount of memory present). 213 This value is now the default for all 214 <filename>GENERIC</filename> kernels. &merged;</para> 215 216 <para arch="alpha" role="historic">A <varname>MAXMEM</varname> kernel option, 217 along with the <varname>hw.physmem</varname> loader tunable, can 218 be used to artificially reduce the memory size of a machine for 219 testing (or other purposes). &merged;</para> 220 221 <para role="historic">The kernel configuration parameters 222 <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>, 223 <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>, 224 <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are 225 all loader tunables (<varname>kern.maxtsiz</varname>, 226 <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para> 227 228 <para>&man.mutex.9; profiling code has been added, enabled by the 229 <literal>MUTEX_PROFILING</literal> kernel configuration option. 230 It enables the <varname>debug.mutex.prof.*</varname> hierarchy 231 of sysctl variables.</para> 232 233 <para arch="i386,pc98" role="historic">The <literal>NCPU</literal>, 234 <literal>NAPIC</literal>, <literal>NBUS</literal>, and 235 <literal>NINTR</literal> kernel configuration options, 236 for configuring SMP kernels, have been removed. 237 <literal>NCPU</literal> is now set to a maximum of 16, 238 and the other, aforementioned options are now 239 dynamic. &merged;</para> 240 241 <para role="historic">A &man.nmdm.4; null-modem terminal driver has been added. 242 &merged;</para> 243 244 <para role="historic">The <literal>O_DIRECT</literal> flag has been added to 245 &man.open.2; and &man.fcntl.2;. Specifying this flag for open 246 files will attempt to minimize the cache effects of reading and 247 writing. &merged;</para> 248 249 <para role="historic">An &man.orm.4; device has been added to claim the option 250 ROMs in the ISA memory I/O space, to prevent other drivers from 251 mistakenly assigning addresses that conflict with these 252 ROMs. &merged;</para> 253 254 <para arch="i386,pc98">PECOFF (Win32 Execution file format) support has 255 been added.</para> 256 257 <para arch="pc98" role="historic">The pmc driver, which supports the power 258 management controller of the NEC PC-98NOTE, has been 259 added. &merged;</para> 260 261 <para role="historic">POSIX.1b Shared Memory Objects are now supported. The 262 implementation uses regular files, but automatically enables the 263 MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para> 264 265 <para role="historic">Replaced the <literal>PQ_*CACHE</literal> options with a 266 single <literal>PQ_CACHESIZE</literal> option to be set to the 267 cache size in kilobytes. The old options are still supported 268 for backwards compatibility. &merged;</para> 269 270 <para arch="i386" role="historic">The &man.puc.4; (PCI <quote>Universal</quote> 271 Communications) driver has been added, to help connect PCI-based 272 serial ports to the &man.sio.4; driver. &merged;</para> 273 274 <para>The &man.random.4; device has been rewritten to use the 275 <application>Yarrow</application> algorithm. It harvests 276 entropy from a variety of interrupt sources, including the 277 console devices, Ethernet and point-to-point network interfaces, 278 and mass-storage devices. Entropy from the &man.random.4; 279 device is now periodically saved to files in 280 <filename>/var/db/entropy</filename>, as well as at shutdown 281 time. The semantics of <filename>/dev/random</filename> have 282 changed; it never blocks waiting for entropy bits but generates 283 a stream of pseudo-random data and now behaves exactly as 284 <filename>/dev/urandom</filename>.</para> 285 286 <para>A new kernel option, <literal>options REGRESSION</literal>, 287 enables interfaces and functionality intended for use during 288 correctness and regression testing.</para> 289 290 <para><literal>RLIMIT_VMEM</literal> support has been added. This 291 feature defines a new resource limit that covers a process's 292 entire virtual memory space, including &man.mmap.2; space. This 293 limit can be configured in &man.login.conf.5; via the new 294 <varname>vmemoryuse</varname> variable.</para> 295 296 <para arch="sparc64">Support has been added for SBus-based 297 devices.</para> 298 299 <para arch="sparc64">The se driver, which supports the Siemens 300 SAB82532 serial chip found on many newer Sparc Ultra machines, 301 has been added.</para> 302 303 <para role="historic">The &man.snp.4; device is no longer static and can now be 304 compiled as a module. &merged;</para> 305 306 <para arch="i386" role="historic">The &man.spic.4; driver, which provides access 307 to the Jog Dial device on some Sony laptops, has been 308 added. &man.moused.8; support for this device has also been 309 added. &merged;</para> 310 311 <para>The &man.syscons.4; driver now supports keyboard-controlled 312 pasting, by default bound to 313 <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para> 314 315 <para role="historic">Support for USB devices was added to the 316 <filename>GENERIC</filename> kernel and to the installation 317 programs to support USB devices out of the box. Note that SRM 318 does not support USB devices at the moment, so you must still 319 use an AT keyboard if you are not using a serial 320 console. &merged;</para> 321 322 <para arch="i386,pc98" role="historic">The &man.umodem.4; driver for USB modems 323 has been added. Support is provided for the 3Com 5605 and 324 Metricom Ricochet GS wireless USB modems. &merged;</para> 325 326 <para arch="i386,pc98" role="historic">The &man.uscanner.4; driver for basic USB 327 scanner support using SANE has been added. See <ulink 328 url="http://www.mostang.com/sane/">the SANE home page</ulink> 329 for supported scanners. The HP ScanJet 4100C, 5200C and 6300C 330 are known to be working. &merged;</para> 331 332 <para>The &man.ucom.4; device driver has been added, to support USB 333 modems, serial devices, and other programs that need to look 334 like a tty. The related &man.uplcom.4; and &man.uvscom.4; drivers provide specific 335 support for the Prolific PL-2303 serial adapter and the SUNTAC 336 Slipper U VS-10U, respectively.</para> 337 338 <para>To increase security, the <literal>UCONSOLE</literal> kernel 339 configuration option has been removed.</para> 340 341 <para arch="i386,pc98">The UserConfig boot-time kernel configuration 342 feature, usually used to enable, disable, or configure ISA 343 devices, has been removed. Its functionality has been replaced 344 by the kernel hints file in 345 <filename>/boot/device.hints</filename>.</para> 346 347 <para>The <literal>USER_LDT</literal> kernel option is now 348 activated by default.</para> 349 350 <para>A VESA S3 linear framebuffer driver has been added.</para> 351 352 <para arch="i386" role="historic">The &man.viapm.4; driver for VIA SMBus 353 power management controllers has been added. &merged;</para> 354 355 <!-- Above this line, sort kernel changes by manpage/keyword--> 356 357 <para role="historic">Write combining for crashdumps has been implemented. This 358 feature is useful when write caching is disabled on both SCSI 359 and IDE disks, where large memory dumps could take up to an hour 360 to complete. &merged;</para> 361 362 <para>The kernel crashdump infrastructure has been revised, to 363 support new platforms and in general clean up the logic in the 364 code. One implication of this change is that the on-disk format 365 for kernel dumps has changed, and is now 366 byte-order-agnostic.</para> 367 368 <para>Extremely large swap areas (>67 GB) no longer panic the 369 system.</para> 370 371 <para arch="alpha">Support for threads under Linux emulation has 372 been added.</para> 373 374 <para role="historic">The <maketarget>buildkernel</maketarget> target now gets the 375 name of the configuration(s) to build from the 376 <varname>KERNCONF</varname> variable, not 377 <varname>KERNEL</varname>. It is no longer required, in some 378 cases, for a <maketarget>buildworld</maketarget> to precede a 379 <maketarget>buildkernel</maketarget>. (The 380 <maketarget>buildworld</maketarget> is still required when 381 upgrading across major releases, across 382 <application>binutil</application> updates and when 383 &man.config.8; changes version.) &merged;</para> 384 385 <para role="historic">The out-of-swap process termination code now begins killing 386 processes earlier to avoid deadlocks; it now also takes into 387 account the swap space used by processes when computing the 388 process sizes. &merged;</para> 389 390 <para>Linker sets are now self-contained; gensetdefs(8) is 391 unnecessary and has been removed.</para> 392 393 <para role="historic">Network device cloning has been implemented, and the 394 &man.gif.4; device has been modified to take advantage of it. 395 Thus, instead of specifying how many &man.gif.4; interfaces are 396 available in kernel configuration files, &man.ifconfig.8;'s 397 <option>create</option> option should be used when another device 398 instance is desired. &merged;</para> 399 400 <para>It is now possible to hardwire kernel environment variables 401 (such as tuneables) at compile-time using &man.config.8;'s 402 <literal>ENV</literal> directive.</para> 403 404 <para>Idle zeroing of pages can be enabled with the 405 <varname>vm.idlezero_enable</varname> sysctl variable.</para> 406 407 <para arch="i386,pc98" role="historic">The load addresses of kernels are now exported 408 to the symbol table and various hard-coded constants have been 409 removed so that utilities such as &man.ps.1; can work with 410 kernels compiled at different addresses. &merged;</para> 411 412 <para role="historic">Coredumps of large processes (or of a large number of 413 processes) no longer lock up the machine for long periods of 414 time. &merged;</para> 415 416 <para>The Kernel-Scheduled Entity project has made changes to the 417 kernel scheduler to more efficiently handle multi-threaded 418 programs.</para> 419 420 <para>The kernel now has support for multiple low-level console 421 devices. The new &man.conscontrol.8; utility helps to manage 422 the different consoles.</para> 423 424 <para arch="alpha">The console driver has gained support for 425 TGA-based display adapters.</para> 426 427 <para role="historic">The kernel on the installation CDs is now separated from the 428 <filename>mfsroot</filename> image. This permits the use of a 429 full kernel when installing from CD on machines that support CD 430 booting (instead of the stripped-down kernel used on 431 floppies). &merged;</para> 432 433 <para role="historic">The system load average computation now adds some jitter to 434 the timing of samples, in order to avoid synchronization with 435 processes that run periodically. &merged;</para> 436 437 <para role="historic">If a debugging kernel with modules is being built 438 (i.e. using <literal>makeoptions DEBUG=-g</literal>), the 439 modules will now be built with debugging support as well, for 440 completeness. A side effect of this change is that modules 441 built and installed with debugging kernels will now occupy more 442 space on disk than they did previously. &merged;</para> 443 444 <para role="historic">The kernel dump device can now be set via the 445 <varname>dumpdev</varname> loader tunable. As a result, it is 446 now possible to obtain crash dumps from panics during the late 447 stages of kernel initialization (before the system enters into 448 single-user mode). &merged;</para> 449 450 <para>The kernel memory allocator is now a slab memory allocator, 451 similar to that used in Solaris. This is a SMP-safe memory 452 allocator that has near-linear performance as the number of CPUs 453 increases. It also allows for reduced memory 454 fragmentation.</para> 455 456 <sect3> 457 <title>Processor/Motherboard Support</title> 458 459 <para>SMP support has been largely reworked, incorporating code 460 from BSD/OS 5.0. One of the main features of SMPng 461 (<quote>SMP Next Generation</quote>) is to allow more 462 processes to run in kernel, without the need for spin locks 463 that can dramatically reduce the efficiency of multiple 464 processors. Interrupt handlers now have contexts associated 465 with them that allow them to be blocked, which reduces the 466 need to lock out interrupts.</para> 467 468 <para arch="i386,pc98">Support for the 80386 processor has been 469 removed from the <filename>GENERIC</filename> kernel, as this 470 code seriously pessimizes performance on other IA32 471 processors. 472 The <literal>I386_CPU</literal> kernel option 473 to support the 80386 processor is now mutually exclusive with 474 support for other IA32 processors; this should slightly 475 improve performance on the 80386 due to the elimination of 476 runtime processor type checks. 477 Custom kernels that will run on the 80386 can 478 still be built by changing the cpu options in the kernel 479 configuration file to only include 480 <literal>I386_CPU</literal>.</para> 481 482 <para arch="alpha" role="historic">AlphaServer 1200 (<quote>Tincup</quote>) has 483 been tested and works OK. Currently it does not want to boot 484 from CD or floppy but a transplanted disk that was installed 485 on another Alpha works well. &merged;</para> 486 487 <para arch="alpha">The API UP1100 mainboard has been verified to 488 work.</para> 489 490 <para arch="alpha">The API CS20 1U high server has been verified 491 to work.</para> 492 493 <para arch="alpha">The DEC3000 series support has been removed 494 from the mfsroot floppy image so that it fits on a 1.44 Mbyte 495 floppy again. As the DEC3000 is currently only usable diskless 496 this should not cause any problems.</para> 497 498 <para arch="alpha">Support for AlphaServer 2100A 499 (<quote>Lynx</quote>) has been added.</para> 500 501 <para arch="alpha">Kernel code has been added that allows older 502 generation Alpha CPUs (EV4 and EV5) to emulate instructions of 503 the newer Alpha CPU generations. This enables the use of 504 binary-only programs like <application>Adobe Acrobat 505 4</application> on EV4 and EV5.</para> 506 507 <para arch="alpha">SMP support for the Alpha is now operational.</para> 508 509 <para arch="i386" role="historic">Detection for new processors, such as the 510 FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and 511 Transmeta Crusoe LongRun, has been added. &merged;</para> 512 513 <para arch="alpha">Support for the following hardware has been 514 removed from the installation kernel to make it fit on a 515 1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine, 516 sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595), 517 pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS 518 900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb 519 (Winbond W89C840F).</para> 520 521 <para arch="i386" role="historic">Support for Streaming <acronym>SIMD</acronym> 522 Extensions (<acronym>SSE</acronym>) has been introduced. The 523 <literal>CPU_ENABLE_SSE</literal> kernel option controls 524 whether support is compiled into the kernel. &merged;</para> 525 526 <para arch="i386" role="historic">The <literal>CPU_ATHLON_SSE_HACK</literal> 527 kernel option has been added, which attempts to enable the SSE 528 feature bit on newer Athlon CPUs if the BIOS has forgotten to 529 enable it. &merged;</para> 530 531 <para arch="sparc64">The UltraSPARC platform is now supported by 532 &os;. The following machines are supported to at least some 533 degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade 534 100. SMP is supported, and has been tested on the 535 Ultra 2, Ultra 60, Enterprise 220R, and 536 Enterprise 420R.</para> 537 538 <para arch="i386" role="historic">On some systems, the BIOS does not activate 539 the I/O ports and memory of PC devices, thus making them 540 unusable. The <literal>PCI_ENABLE_IO_MODES</literal> kernel 541 option forces &os; to enable these devices so that they can be 542 used. &merged;</para> 543 544 </sect3> 545 546 <sect3> 547 <title>Bootloader Changes</title> 548 549 <para arch="i386" role="historic"><filename>boot2</filename> now supports a 550 <option>-n</option> option to disallow boot interruption by 551 keypresses. &merged;</para> 552 553 <para arch="i386" role="historic">A new <filename>cdboot</filename> bootstrap 554 utility for CDROMs provides better compatability with some 555 BIOS implementations that do not completely implement the El 556 Torito bootable CDROM standard. This boot loader supports 557 <quote>no emulation</quote> mode booting, thus eliminating the 558 need for an emulated floppy disk image on a bootable 559 CDROM. &merged;</para> 560 561 <para arch="i386,pc98" role="historic">The i386 boot loader now has support for a 562 <literal>nullconsole</literal> console type, for use on 563 systems with neither a video console nor a serial 564 port. &merged;</para> 565 566 <para arch="i386,pc98" role="historic">The &man.loader.8; now has optional support 567 (enabled at compile-time, off by default) for loading 568 <application>bzip2</application>-compressed kernels and 569 modules. &merged;</para> 570 571 <para arch="i386" role="historic">Support for Intel's Wired for Management 2.0 572 (PXE) was added to the &os; boot loader. Due to API 573 differences, the older PXE versions are not supported. This 574 allow network booting using DHCP. &merged;</para> 575 576 <!-- Above this line, order bootloader changes by keyword--> 577 578 <para arch="i386" role="historic">The &os; boot loader now contains a workaround 579 to support CDROM booting on certain IBM BIOSs that expect the 580 first sector of the emulated floppy to contain a valid MS-DOS 581 BPB that they can modify. &merged;</para> 582 583 <para arch="i386,pc98" role="historic">The &os; boot loader now supports a 584 <option>-p</option> flag to force the kernel to pause after 585 each line of output during the probing phase. &merged;</para> 586 587 <para arch="alpha,i386" role="historic">The &os; boot loader is now capable of 588 booting from filesystems with block sizes larger than 589 8K. &merged;</para> 590 591 <para>The kernel and modules have been moved to the directory 592 <filename>/boot/kernel</filename>, so they can be easily 593 manipulated together. The boot loader has been updated to 594 make this change as seamless as possible.</para> 595 </sect3> 596 597 <sect3> 598 <title>Network Interface Support</title> 599 600 <para role="historic">The &man.an.4; driver for Cisco Aironet cards now supports 601 Wired Equivalent Privacy (WEP) encryption, settable via 602 &man.ancontrol.8;. &merged;</para> 603 604 <para role="historic">The &man.an.4; driver now supports the Cisco Aironet 350 605 series of adaptors. &merged;</para> 606 607 <para role="historic">The &man.an.4; driver now supports <quote>monitor</quote> 608 mode, settable via the <option>-M</option> option to 609 &man.ancontrol.8;. &merged;</para> 610 611 <para role="historic">The &man.an.4; driver now supports Cisco LEAP, as well as 612 the <quote>Home</quote> WEP key. The Linux Aironet utilities 613 are now supported under emulation. &merged;</para> 614 615 <para arch="i386,pc98" role="historic">Generic support for ARCNET token-based 616 networks has been added. &merged;</para> 617 618 <para arch="i386,pc98" role="historic">The &man.bge.4; driver has been added to 619 support the Broadcom BCM570x family of Gigabit Ethernet 620 controllers, including the 3Com 3c996-T, the SysKonnect 621 SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on 622 Dell PowerEdge 2550 servers. Output TCP/IP checksum offload, 623 jumbo frames and VLAN tag insertion/stripping are supported, 624 as well as interrupt moderation. &merged;</para> 625 626 <para arch="i386" role="historic">The cm driver has been added to support SMC 627 COM90cx6 ARCNET network adapters. &merged;</para> 628 629 <para>The &man.dc.4; driver now supports NICs based on the Xircom 630 3201 and Conexant LANfinity RS7112 chips.</para> 631 632 <para role="historic">The &man.dc.4; driver now has support for 633 VLANs. &merged;</para> 634 635 <para role="historic">The &man.de.4; driver now performs round-robin arbitration 636 between the transmit and receive units of the 21143, instead 637 of giving priority to the receive unit. This gives a 638 10–15% performance improvement in the forwarding rate 639 under heavy load. &merged;</para> 640 641 <para arch="alpha">The &man.ed.4; driver is now supported.</para> 642 643 <para arch="i386,pc98" role="historic">Linksys Fast Ethernet PCCARD cards supported 644 by the &man.ed.4; driver now require the addition of flag 645 <literal>0x80000</literal> to their config line in 646 &man.pccard.conf.5;. This flag is not optional. These 647 Linksys cards will not be recognized without 648 it. &merged;</para> 649 650 <para role="historic">A bug in the &man.ed.4; driver that could cause panics 651 with very short packets and BPF or bridging active has been 652 fixed. &merged;</para> 653 654 <para role="historic">The &man.ed.4; driver now has support for D-Link DL10022 655 chips, necessary for the NetGear FA-410TX and other cards. As 656 a result, <literal>device miibus</literal> is required in 657 kernel configurations using the &man.ed.4; 658 driver. &merged;</para> 659 660 <para arch="i386">The &man.el.4; driver can now be loaded as a 661 module.</para> 662 663 <para arch="i386,pc98" role="historic">The &man.em.4; driver has been added to 664 support NICs based on the Intel 82542, 82543, and 82544 665 Gigabit Ethernet controller chips. The driver supports 666 transmit/receive checksum offload and jumbo frames on 82543 667 and 82544-based adapters. &merged;</para> 668 669 <para role="historic">The &man.faith.4; device is now loadable, unloadable, and 670 clonable. &merged;</para> 671 672 <para arch="i386,pc98" role="historic">Support for Fujitsu MB86960A/MB86965A based 673 Ethernet PC-Cards has been added back in the &man.fe.4; 674 driver. &merged;</para> 675 676 <para arch="alpha" role="historic">The &man.fpa.4; driver now supports Digital's 677 DEFPA FDDI adaptors on the Alpha. &merged;</para> 678 679 <para role="historic">The &man.fxp.4; driver now requires a <literal>device 680 miibus</literal> entry in the kernel configuration 681 file. &merged;</para> 682 683 <para role="historic">The &man.fxp.4; driver now contains a workaround for PCI 684 protocol violations caused by defects in some systems based on 685 the Intel ICH2/ICH2-M chip. The workaround is to rewrite the 686 EEPROM on the interface to disable Dynamic Standby Mode; once 687 the EEPROM is rewritten, the system needs to be rebooted for 688 the new settings to take effect. &merged;</para> 689 690 <para role="historic">The &man.fxp.4; driver now supports Intel's loadable 691 microcode to implement receive-side interrupt coalescing and 692 packet bundling, on NICs that support these features. This 693 support can be activated by the use of the 694 <option>link0</option> option to 695 &man.ifconfig.8;. &merged;</para> 696 697 <para arch="sparc64">The gem driver has been added to support 698 the Sun GEM Gigabit Ethernet and ERI Fast Ethernet 699 adapters.</para> 700 701 <para role="historic">The &man.gx.4; driver has been added to support NICs based 702 on the Intel 82542 and 82543 Gigabit Ethernet controller 703 chips. Both fiber and copper variants of the cards are 704 supported. Both boards support VLAN tagging/insertion, and 705 the 82543 additionally supports TCP/IP checksum 706 offload. &merged;</para> 707 708 <para arch="sparc64">The hme driver has been added to support 709 the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra 710 series machines.</para> 711 712 <para role="historic">The &man.lge.4; driver has been added to support the Level 713 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This 714 device is used on some fiber optic GigE cards from SMC, D-Link 715 and Addtron. Jumbograms and TCP/IP checksum offload on 716 receive are supported, although hardware VLAN filtering is 717 not. &merged;</para> 718 719 <para role="historic">The my driver, which supports the Myson Fast Ethernet and 720 Gigabit Ethernet adapters, has been added. &merged;</para> 721 722 <para role="historic">Added the &man.nge.4; driver, which supports PCI Gigabit 723 Ethernet adapters based on the National Semiconductor DP83820 724 and DP83821 Gigabit Ethernet controller chips, including the 725 D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante 726 FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T. 727 This driver supports transmit and receive checksum 728 offloading. &merged;</para> 729 730 <para role="historic">The &man.pcn.4; driver, which supports the AMD PCnet/FAST, 731 PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and 732 HomePNA adapters, has been added. Although these cards are 733 already supported by the &man.lnc.4; driver, the &man.pcn.4; 734 driver runs these chips in 32-bit mode and uses the RX 735 alignment feature to achieve zero-copy receive. This driver 736 is also machine-independent, so it will work on the i386, 737 pc98 and Alpha platforms. The &man.lnc.4; driver is still needed 738 to support non-PCI cards. &merged;</para> 739 740 <para role="historic">The &man.ray.4; driver, which supports the Webgear Aviator 741 wireless network cards, has been committed. The operation of 742 &man.ray.4; interfaces can be modified by 743 &man.raycontrol.8;. &merged;</para> 744 745 <para arch="i386,pc98">The &man.rp.4; driver has been updated to 746 version 3.02 and can now be built as a module. &merged;</para> 747 748 <para arch="i386" role="historic">The sbni driver, for supporting the Granch 749 SBNI12 series of ISA and PCI point-to-point communications 750 interfaces, has been added. The <filename 751 role="package">sysutils/sbniconfig</filename> port in the &os; 752 Ports Collection can be used for configuring these 753 devices. &merged;</para> 754 755 <para role="historic">Added support for PCI Ethernet adapters based on the SiS 756 900 and SiS 7016 Fast Ethernet controller chips (for example, 757 as seen on the SiS 635 and 735 motherboard chipsets), as well 758 as the National Semiconductor DP83815 chipset (including the 759 NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4; 760 driver. This device has support for VLANs. &merged;</para> 761 762 <para arch="pc98" role="historic">The snc driver for the National Semiconductor 763 DP8393X (SONIC) Ethernet controller has been added. 764 Currently, this driver is only used on the PC-98 765 architecture. &merged;</para> 766 767 <para>The &man.stf.4; device is now clonable.</para> 768 769 <para role="historic">The &man.tap.4; driver, a virtual Ethernet device driver 770 for bridged configurations, has been added. This device is 771 clonable. &merged;</para> 772 773 <para role="historic">The &man.ti.4; driver now supports the Alteon AceNIC 774 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT 775 Gigabit cards. &merged;</para> 776 777 <para role="historic">The &man.ti.4; driver correctly masks VLAN tags. &merged;</para> 778 779 <para>The &man.tx.4; driver now supports true multicast 780 filtering.</para> 781 782 <para role="historic">The &man.txp.4; driver has been added to support NICs 783 based on the 3Com 3XP Typhoon/Sidewinder (3CR990) 784 chipset. &merged;</para> 785 786 <para role="historic">&man.vlan.4; devices are now loadable, unloadable, and 787 clonable. &merged;</para> 788 789 <para role="historic">The &man.wi.4; driver now has support for Prism II and 790 Prism 2.5-based NICs. 104/128-bit WEP now works on Prism 791 cards. &merged;</para> 792 793 <para role="historic">The &man.wi.4; driver now supports using a &os; host as 794 a wireless access point. This functionality can be enabled 795 using the <literal>mediaopt hostap</literal> option of 796 &man.ifconfig.8;. This feature requires a wireless 797 adapter based on the Prism II chipset. &merged;</para> 798 799 <para role="historic">The &man.wi.4; driver now has support for 800 <application>bsd-airtools</application>. &merged;</para> 801 802 <para role="historic">The xe driver can now be built as a 803 module. &merged;</para> 804 805 <para role="historic">The &man.xl.4; driver now supports the 3Com 3C556 and 806 3C556B MiniPCI adapters used on some laptops. &merged;</para> 807 808 <para role="historic">The &man.xl.4; driver now supports reception of VLAN 809 tagged frames (on the <quote>Cyclone</quote> or newer 810 chipsets). &merged;</para> 811 812 <para role="historic">The &man.xl.4; driver now supports send- and receive-side 813 TCP/IP checksum offloading for NICs implementing this feature, 814 such as the 3C905B, 3C905C, and 3C980C. &merged;</para> 815 816 <para role="historic">A bug in the &man.xl.4; driver, related to statistics 817 overflow interrupt handling, was causing slowdowns at medium 818 to high packet rates; this has been fixed. &merged;</para> 819 820 <para role="historic">The per-interface <varname>ifnet</varname> structure now 821 has the ability to indicate a set of capabilities supported by 822 a network interface, and which ones are enabled. 823 &man.ifconfig.8; has support for querying these 824 capabilities. &merged;</para> 825 826 <para role="historic">Performance with hosts having a large number of IP aliases 827 has been improved, by replacing the per-interface 828 <varname>if_inaddr</varname> linear list with a hash table. &merged;</para> 829 830 <para>Network devices now automatically appear as special files in 831 <filename>/dev/net</filename>. Interface hardware ioctls (not 832 protocol or routing) can be performed on these devices. The 833 <varname>SIOCGIFCONF</varname> ioctl may be performed on the 834 special <filename>/dev/network</filename> node.</para> 835 836 <para role="historic">Selected network drivers now implement a semi-polling 837 mode, which makes systems much more resilient to attacks and 838 overloads. To enable polling, the following options are 839 required in a kernel configuration file: 840 841 <programlisting>options DEVICE_POLLING 842options HZ=1000 # not compulsory but strongly recommended</programlisting> 843 844 The <varname>kern.polling.enable</varname> sysctl variable 845 will then activate polling mode; with the 846 <varname>kern.polling.user_frac</varname> sysctl indicating 847 the percentage of CPU time to be reserved for userland. The 848 devices initially supporting polling are &man.dc.4;, 849 &man.fxp.4;, &man.rl.4;, and &man.sis.4;. More details can be found in 850 the &man.polling.4; manual page. &merged;</para> 851 852 <para arch="i386,pc98" role="historic">The packet-forwarding performance of certain 853 network drivers (specifically &man.dc.4; and &man.sis.4;) has 854 been enhanced by the elimination of unnecessary buffer 855 copies. &merged;</para> 856 857 <para><quote>Zero copy</quote> support has been added to the 858 networking stack. This feature can eliminate a copy of 859 network data between the kernel and userland, which is one of 860 the more significant bottlenecks in network throughput. 861 The send-side code should work with almost any network 862 adapter, while the receive-side code requires a network 863 adapter with an MTU of at least one memory page size (for 864 example, jumbo frames on Gigabit Ethernet). For more 865 information, see &man.zero.copy.9;.</para> 866 </sect3> 867 868 <sect3> 869 <title>Network Protocols</title> 870 871 <para role="historic">&man.accept.filter.9;, a kernel feature to reduce 872 overheads when accepting and reading new connections on 873 listening sockets, has been added. &merged;</para> 874 875 <para role="historic">The <literal>proxy</literal> modifier to &man.arp.8;'s 876 <option>-d</option> option has been renamed to 877 <literal>pub</literal>, for consistency with the 878 <option>-s</option> option. The <literal>only</literal> keyword 879 has been added to the <option>-s</option> and 880 <option>-S</option> flags, to be used in creating 881 <quote>proxy-only</quote> published entries. &merged;</para> 882 883 <para role="historic">The read timeout feature of &man.bpf.4; now works more 884 correctly with &man.select.2;/&man.poll.2;, and therefore with 885 pthreads. &merged;</para> 886 887 <para role="historic">&man.bridge.4; and &man.dummynet.4; have received some 888 enhancements and bug fixes, and are now loadable 889 modules. &merged;</para> 890 891 <para role="historic">&man.bridge.4; now has better support for multiple, 892 fully-independent bridging clusters, and is much more stable 893 in the presence of dynamic attachments and detatchments. Full 894 support for VLANs is also supported. &merged;</para> 895 896 <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP 897 RSTs generated due to packets sent to open and unopen ports 898 are now limited by separate counters. Each rate limiting 899 queue now has its own description.</para> 900 901 <para role="historic">ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can 902 now RST TCP connections in the <literal>SYN_SENT</literal> 903 state if the correct sequence numbers are sent back, as 904 controlled by the 905 <varname>net.inet.tcp.icmp_may_rst</varname> sysctl. &merged;</para> 906 907 <para>IP multicast now works on VLAN devices. Several other 908 bugs in the VLAN code have also been fixed.</para> 909 910 <para role="historic">A bug in the IPsec processing for IPv4, which caused the 911 inbound SPD checks to be ignored, has been fixed. &merged;</para> 912 913 <para role="historic">&man.ipfw.4; now filters correctly in the presence of ECN 914 bits in TCP segments. &merged;</para> 915 916 <para>&man.ipfw.4 has been re-implemented. It now uses 917 variable-sized representation of rules in the kernel, similar 918 to &man.bpf.4; instructions. Most of the externally-visible 919 behavior (i.e. through &man.ipfw.8;) should be unchanged., 920 although &man.ipfw.8; now supports <literal>or</literal> 921 connectives between match fields.</para> 922 923 <para role="historic">A new ng_eiface netgraph module has been added, which 924 appears as an Ethernet interface but delivers its Ethernet 925 frames to a Netgraph hook. &merged;</para> 926 927 <para>A new &man.ng.device.4; netgraph node type has been added, 928 which creates a device entry in <filename>/dev</filename>, to 929 be used as the entry point to a networking graph.</para> 930 931 <para role="historic">A new &man.ng.etf.4; netgraph node allows Ethernet type 932 packets to be filtered to different hooks depending on 933 ethertype. &merged;</para> 934 935 <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph 936 nodes, for operating on &man.gif.4; devices, have been 937 added.</para> 938 939 <para>The &man.ng.ip.input.4; netgraph node, for queueing IP 940 packets into the main IP input processing code, has been 941 added.</para> 942 943 <para role="historic">The &man.ng.mppc.4; and &man.ng.bridge.4; node types have 944 been added to the &man.netgraph.4; subsystem. The 945 &man.ng.ether.4; node is now dynamically loadable. 946 Miscellaneous bug fixes and enhancements have also been 947 made. &merged;</para> 948 949 <para role="historic">A new netgraph node type &man.ng.one2many.4; for 950 multiplexing and demultiplexing packets over multiple links 951 has been added. &merged;</para> 952 953 <para>A new ng_split node type has been added for splitting a 954 bidirectional packet flow into two unidirectional flows.</para> 955 956 <para role="historic">A new sysctl 957 <varname>net.inet.ip.check_interface</varname>, which is on by 958 default, causes IP to verify that an incoming packet arrives 959 on an interface that has an address matching the packet's 960 destination address. &merged;</para> 961 962 <para role="historic">A new sysctl 963 <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has 964 been added to control the suppression of logging when ARP 965 replies arrive on the wrong interface. &merged;</para> 966 967 <para role="historic">A new <literal>options RANDOM_IP_ID</literal> kernel 968 option causes the ID field of IP packets to be randomized. 969 This closes a minor information leak which allows a remote 970 observer to determine the rate at which the machine is 971 generating packets, since the default behavior is to increment 972 a counter for each packet sent. &merged;</para> 973 974 <para arch="alpha">SLIP has been removed from the 975 <filename>mfsroot</filename> floppy image.</para> 976 977 <para role="historic">TCP has received some bug fixes for its delayed ACK 978 behavior. &merged;</para> 979 980 <para role="historic">TCP now supports the NewReno modification to the TCP Fast 981 Recovery algorithm. This behavior can be controlled via the 982 <varname>net.inet.tcp.newreno</varname> sysctl 983 variable. &merged;</para> 984 985 <para role="historic">TCP now uses a more aggressive timeout for initial SYN 986 segments; this allows initial connection attempts to be 987 dropped much faster. &merged;</para> 988 989 <para role="historic">The <literal>TCP_COMPAT_42</literal> kernel option has 990 been removed. &merged;</para> 991 992 <para role="historic">The <literal>TCP_RESTRICT_RST</literal> kernel option has 993 been removed. Similar functionality can be achieved with the 994 <varname>net.inet.tcp.blackhole</varname> sysctl 995 variable. &merged;</para> 996 997 <para role="historic">TCP now has RFC 1323 extensions enabled by default in 998 &man.rc.conf.5;. &merged;</para> 999 1000 <para role="historic">RFC 1323 and RFC 1644 TCP extensions are now disabled for 1001 a connection in progress if no response has been received by 1002 the third SYN segment sent. This behavior tries to work 1003 around (very old) terminal servers with buggy VJ header 1004 compression implementations. &merged;</para> 1005 1006 <para role="historic">The TCP implementation no longer requires the allocation 1007 of a TCP template structure for each connection; this should 1008 reduce the buffer usage on large systems handling many 1009 connections. &merged;</para> 1010 1011 <para role="historic">TCP's default buffer sizes, controlled by the 1012 <varname>net.inet.tcp.sendspace</varname> and 1013 <varname>net.inet.tcp.recvspace</varname> sysctl variables, 1014 have been increased to 32K and 64K respectively. Previously, 1015 the default for both buffer sizes was 16K. To try to avoid 1016 increasing congestion, the default value for 1017 <varname>net.inet.tcp.local_slowstart_flightsize</varname> has 1018 been changed from infinity to 4. &merged; 1019 1020 <note> 1021 <para>On busy hosts, the new larger buffer sizes may require 1022 manually increasing the 1023 <varname>NMBCLUSTERS</varname> parameter, either in the 1024 kernel configuration file or via the 1025 <varname>kern.ipc.nmbclusters</varname> loader tunable. 1026 <command>netstat -mb</command> can be used to monitor the 1027 state of mbuf clusters.</para> 1028 </note> 1029 </para> 1030 1031 <para role="historic">TCP now supports RFC 1948 (Defending Against Sequence 1032 Number Attacks). The 1033 <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl 1034 variable controls the reseeding of the secret data used in 1035 the RFC 1948 initial sequence number calculations. &merged;</para> 1036 1037 <para role="historic">The TCP implementation in &os; now implements a cache of 1038 outstanding, received SYN segments. Incoming SYN segments now 1039 cause entries to be placed in the cache until the TCP 1040 three-way handshake is complete, at which point, memory is 1041 allocated for the connection as usual. In addition, all TCP 1042 Initial Sequence Numbers (ISNs) are used as cookies, allowing 1043 entries in the cache to be dropped, but still have their 1044 corresponding ACKs accepted later. The combination of the 1045 so-called 1046 <quote>syncache</quote> and <quote>syncookies</quote> features 1047 makes a host much more resistant to TCP-based Denial of 1048 Service attacks. Work on this feature was sponsored by DARPA 1049 and NAI Labs. &merged;</para> 1050 1051 <para role="historic">A bug in the TCP implementation, which could cause 1052 connections to stall if a sender saw a zero-sized window, has 1053 been corrected. &merged;</para> 1054 1055 <para role="historic">The TCP implementation now properly ignores packets 1056 addressed to IP-layer broadcast addresses. &merged;</para> 1057 1058 <para>The ephemeral port range used for TCP and UDP has been 1059 changed to 49152–65535 (the old default was 1060 1024–5000). This increases the number of concurrent 1061 outgoing connections/streams.</para> 1062 </sect3> 1063 1064 <sect3> 1065 <title>Disks and Storage</title> 1066 1067 <para arch="i386" role="historic">Support for the Adaptec FSA family of PCI-SCSI 1068 RAID controllers has been added, in the form of the 1069 &man.aac.4; driver. This driver includes proper handling of 1070 commands initiated by the adapter, addition/removal of disk 1071 devices, crashdump functionality, and &man.ioctl.2; commands 1072 necessary for the management CLI, and is fully qualified and 1073 sanctioned by Adaptec. &merged;</para> 1074 1075 <para role="historic">The &man.ahc.4; driver has received numerous updates, 1076 bugfixes, and enhancements. Among various improvements are 1077 improved compatibility with chips in <quote>RAID Port</quote> 1078 mode and systems with AAA and/or ARO cards installed, as well 1079 as performance improvements. Some bugs were also fixed, 1080 including a rare hang on Ultra2/U160 1081 controllers. &merged;</para> 1082 1083 <para arch="i386">The ahd driver, which supports the Adaptec 1084 AIC7902 Ultra320 PCI-X SCSI Controller chip, has been 1085 added.</para> 1086 1087 <para arch="i386" role="historic">The &man.asr.4; driver, which provides support 1088 for the Adaptec SCSI RAID controller family, as well as the 1089 DPT SmartRAID V and VI families, has been 1090 added. &merged;</para> 1091 1092 <para arch="i386" role="historic">The &man.asr.4; driver now supports the 1093 Adaptec 2000S and 2005S Zero-Channel RAID 1094 controllers. &merged;</para> 1095 1096 <para role="historic">The &man.ata.4; driver now has support for ATA100 1097 controllers. In addition, it now supports the ServerWorks 1098 ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100 1099 chipsets, and the Cyrix 5530. &merged;</para> 1100 1101 <para role="historic">To provide more flexible configuration, the various 1102 options for the &man.ata.4; driver are now boot loader 1103 tunables, rather than kernel configure-time 1104 options. &merged;</para> 1105 1106 <para role="historic">The &man.ata.4; driver now has support for tagged queuing, 1107 which is enabled by the <varname>hw.ata.tags</varname> loader 1108 tunable. &merged;</para> 1109 1110 <para role="historic">The &man.ata.4; driver now has support for ATA 1111 <quote>pseudo</quote> RAID controllers as the Promise Fasttrak 1112 and HighPoint HPT370 controllers. &merged;</para> 1113 1114 <para role="historic">The &man.ata.4; driver now supports a wider variety of SiS 1115 chipsets, as listed in the Hardware Notes. &merged;</para> 1116 1117 <para role="historic">The &man.ata.4; driver now has support for creating, 1118 deleting, querying, and rebuilding ATA RAIDs under control of 1119 &man.atacontrol.8;. &merged;</para> 1120 1121 <para role="historic">The BurnProof(TM) feature, for applicable ATAPI CD-ROM 1122 burners, is now supported. &merged;</para> 1123 1124 <para role="historic">The &man.ata.4; driver now has support for 48-bit 1125 addressing. Devices larger than 137GB are now 1126 supported. &merged;</para> 1127 1128 <para role="historic">The &man.ata.4; driver now contains fixes for some data 1129 corruption problems on systems using the VIA 82C686B 1130 Southbridge chip. &merged;</para> 1131 1132 <para role="historic">The &man.cd.4; driver now has support for write 1133 operations. This allows writing to DVD-RAM, PD and similar 1134 drives that probe as CD devices. Note that change affects 1135 only random-access writeable devices, not sequential-only 1136 writeable devices such as CD-R drives, which are supported by 1137 &man.cdrecord.1; (a part of 1138 <filename role="package">sysutils/cdrtools</filename> in the 1139 Ports Collection. &merged;</para> 1140 1141 <para arch="i386" role="historic">The ciss driver, for devices utilizing the 1142 Common Interface for SCSI-3 Support, has been added. This 1143 driver supports the Compaq SmartRAID 5* family of RAID 1144 controllers (5300, 532, 5i). &merged;</para> 1145 1146 <para>The &man.fdc.4; floppy disk has undergone a number of 1147 enhancements. Density selection for common settings is now 1148 automatic; the driver is also much more flexible in setting 1149 the densities of various subdevices.</para> 1150 1151 <para>The &man.geom.4; disk I/O request transformation framework 1152 has been added; this extensible framework is designed to 1153 support a wide variety of operations on I/O requests on their 1154 way from the upper kernel to the device drivers.</para> 1155 1156 <para role="historic">The ida disk driver now has crashdump 1157 support. &merged;</para> 1158 1159 <para arch="i386" role="historic">The iir driver has been added to support the 1160 Intel Integrated RAID controllers, as well as prior ICP Vortex 1161 controllers.</para> 1162 1163 <para arch="alpha" role="historic">A bug that made certain CDROM drives fail to 1164 attach when connected to a SCSI card driven by &man.isp.4; has 1165 been fixed. &merged;</para> 1166 1167 <para>The &man.isp.4; driver is now proactive about discovering 1168 Fibre Channel topology changes.</para> 1169 1170 <para>The &man.isp.4; driver now supports target mode for Qlogic 1171 SCSI cards, including Ultra2 and Ultra3 and dual bus 1172 cards.</para> 1173 1174 <para role="historic">The &man.isp.4; driver now supports the Qlogic 2300 and 1175 2312 Optical Fibre Channel PCI cards. &merged;</para> 1176 1177 <para>&man.md.4;, the memory disk device, has had the 1178 functionality of &man.vn.4; incorporated into it. &man.md.4; 1179 devices can now be configured by &man.mdconfig.8;. &man.vn.4; 1180 has been removed. The Memory Filesystem (MFS) has also been 1181 removed.</para> 1182 1183 <para arch="i386" role="historic">The &man.mly.4; driver, for Mylex PCI to SCSI 1184 AccelRAID and eXtremeRAID controllers with firmware 6.X and 1185 later, has been added. &merged;</para> 1186 1187 <para arch="i386,pc98" role="historic">The ncv, nsp, and stg drivers have been ported 1188 from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja 1189 SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers. 1190 All three drivers can be built and loaded as 1191 modules. &merged;</para> 1192 1193 <para arch="powerpc">The ofw driver, a basic OpenFirmware disk 1194 driver, has been added.</para> 1195 1196 <para>Some problems in &man.sa.4; error handling have been 1197 fixed, including the <quote>tape drive spinning indefinitely 1198 upon &man.mt.1; <option>stat</option></quote> problem.</para> 1199 1200 <para arch="i386" role="historic">The &man.twe.4; 3ware ATA RAID driver has 1201 added. &merged;</para> 1202 1203 <para role="historic">The &man.wd.4; compatibility devices were removed from the 1204 &man.ata.4; driver. &merged;</para> 1205 </sect3> 1206 1207 <sect3> 1208 <title>Filesystems</title> 1209 1210 <para>Support for named extended attributes was added to the 1211 &os; kernel. This allows the kernel, and appropriately 1212 privileged userland processes, to tag files and directories 1213 with attribute data. Extended attributes were added to 1214 support the TrustedBSD Project, in particular ACLs, capability 1215 data, and mandatory access control labels (see 1216 <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for 1217 details).</para> 1218 1219 <para role="historic">Due to a licensing change, softupdates have been 1220 integrated into the main portion of the kernel source tree. 1221 As a consequence, softupdates are now available with the 1222 <filename>GENERIC</filename> kernel. &merged;</para> 1223 1224 <para>A filesystem snapshot capability has been added to FFS. 1225 Details can be found in 1226 <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para> 1227 1228<!-- The following note needs to be made more specific or eliminated. --> 1229 <para>Softupdates for FFS have received some bug fixes and 1230 enhancements.</para> 1231 1232 <para>When running with softupdates, &man.statfs.2; and 1233 &man.df.1; will track the number of blocks and files that are 1234 committed to being freed.</para> 1235 1236 <para role="historic">A bug in FFS that could cause superblock corruption on 1237 very large filesystems has been corrected. &merged;</para> 1238 1239 <para role="historic">The ISO-9660 filesystem now has a hook that supports a 1240 loadable character conversion routine. The 1241 <filename role="package">sysutils/cd9660_unicode</filename> 1242 port contains a set of common conversions. &merged;</para> 1243 1244 <para>&man.kernfs.5; is obsolete and has been retired.</para> 1245 1246 <para role="historic">A bug in the NFS client that caused bogus access times with 1247 <literal>O_EXCL|O_CREAT</literal> opens was 1248 fixed. &merged;</para> 1249 1250 <para role="historic">A new NFS hash function (based on the Fowler/Noll/Vo hash 1251 algorithm) has been implemented to improve NFS performance by 1252 increasing the efficiency of the <varname>nfsnode</varname> 1253 hash tables. &merged;</para> 1254 1255 <para>Client-side NFS locks have been implemented.</para> 1256 1257 <para>The client-side and server-side of the NFS code in the 1258 kernel used to be intertwined in various complex ways. They 1259 have been split apart for ease of maintenance and further 1260 development.</para> 1261 1262 <para>Support for filesystem Access Control Lists (ACLs) has 1263 been introduced, allowing more fine-grained control of 1264 discretionary access control on files and directories. This 1265 support was integrated from the TrustedBSD Project. More 1266 details can be found in 1267 <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para> 1268 1269 <para role="historic">The directory layout preference algorithm for FFS 1270 (<literal>dirprefs</literal>) has been changed. Rather than 1271 scattering directory blocks across a disk, it attempts to 1272 group related directory blocks together. Operations 1273 traversing large directory hierarchies, such as the &os; Ports 1274 tree, have shown marked speedups. This change is transparent 1275 and automatic for new directories. &merged;</para> 1276 1277 <para arch="i386,pc98" role="historic">smbfs (CIFS) support in kernel has been added. 1278 The userland programs &man.smbutil.1; and &man.mount.smbfs.8; 1279 can be used to work with SMB shares. Note that 1280 &man.mount.smbfs.8; will automatically load the 1281 <filename>smbfs.ko</filename> module into the kernel, even if 1282 <literal>LIBMCHAIN</literal> and 1283 <literal>LIBICONV</literal> were not compiled into the kernel. 1284 &merged;</para> 1285 1286 <para>For consistency, the fdesc, fifo, null, msdos, portal, 1287 umap, and union filesystems have been renamed to fdescfs, 1288 fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where 1289 applicable, modules and mount_* programs have been renamed. 1290 Compatibility <quote>glue</quote> has been added to 1291 &man.mount.8; so that <literal>msdos</literal> filesystem 1292 entries in &man.fstab.5; will work without changes.</para> 1293 1294 <para>pseudofs, a pseudo-filesystem framework, has been added. 1295 &man.linprocfs.5; and &man.procfs.5; have been modified to use 1296 pseudofs.</para> 1297 1298 <para role="historic">A simple hash-based lookup optimization for large 1299 directories called <literal>dirhash</literal> has been added. 1300 Conditional on the 1301 <literal>UFS_DIRHASH</literal> kernel option (enabled by 1302 default in the <filename>GENERIC</filename> kernel), it 1303 improves the speed of operations on very large directories at 1304 the expense of some memory. &merged;</para> 1305 1306 <para role="historic">The virtual memory subsystem now backs UFS directory 1307 memory requirements by default (this behavior is controlled 1308 via the <varname>vfs.vmiodirenable</varname> sysctl 1309 variable). &merged;</para> 1310 1311 <para role="historic">A bug that prevented the root filesystem from being 1312 mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were 1313 always supported). &merged;</para> 1314 1315 <para role="historic">A number of bugs in the filesystem code, discovered 1316 through the use of the <application>fsx</application> 1317 filesystem test tool, have been fixed. Under certain 1318 circumstances (primarily related to use of NFS), these bugs 1319 could cause data corruption or kernel panics. &merged;</para> 1320 1321 <para>Network filesystems (such as NFS and smbfs filesystems) 1322 listed in <filename>/etc/fstab</filename> can now be properly 1323 mounted during startup initialization; their mounts are 1324 deferred until after the network is initialized.</para> 1325 1326 <para>Read-only support for the Universal Disk Format (UDF) has 1327 been added. This format is used on packet-written CD-RWs and 1328 most commercial DVD-Video disks. The &man.mount.udf.8; 1329 command can be used to mount these disks.</para> 1330 1331 <para>Basic support has been added for the UFS2 filesystem. 1332 Among its features: 1333 1334 <itemizedlist> 1335 <listitem> 1336 <para>The inode has been expanded to 256 bytes to make 1337 space for 64-bit block pointers.</para> 1338 </listitem> 1339 1340 <listitem> 1341 <para>A file-creation time field has been added.</para> 1342 </listitem> 1343 1344 <listitem> 1345 <para>Space has been provided for extended attributes, up 1346 to twice the filesystem block size.</para> 1347 </listitem> 1348 </itemizedlist> 1349 1350 </para> 1351 1352 </sect3> 1353 1354 <sect3> 1355 <title>PCCARD Support</title> 1356 1357 <para arch="i386,pc98" role="historic">The pccard driver and &man.pccardc.8; now 1358 support multiple <quote>beep types</quote> upon card insertion 1359 and removal. &merged;</para> 1360 1361 <para role="historic">On many modern hosts, PCCARD devices can be configured to 1362 route their interrupts via either the ISA or PCI interrupt 1363 paths. The &man.pcic.4; driver has been updated to support 1364 both interrupt paths (formerly, only routing via ISA was 1365 supported). &merged; In most cases, configuration of PCMCIA 1366 devices in laptops is simpler and more flexible. In addition, 1367 various Cardbus bridge PCI cards (such as those used by 1368 Orinoco PCI NICs) are now supported. Some hosts may 1369 experience problems, such as hangs or panics, with PCI 1370 interrupt routing; they can frequently be made to work by 1371 forcing the older-style ISA interrupt routing. The following 1372 lines, placed in <filename>/boot/loader.conf</filename>, may 1373 fix the problem:</para> 1374 1375 <programlisting role="historic">hw.pcic.intr_path="1" 1376 hw.pcic.irq="0"</programlisting> 1377 1378 <para role="historic">When installing &os; on such a system, typing the 1379 following lines to the boot loader may be helpful in starting 1380 up &os; for the first time:<para> 1381 1382 <screen role="historic"><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput> 1383<prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen> 1384 1385 <para arch="i386">Preliminary Cardbus support under NEWCARD has 1386 been added. This code supports the TI113X, TI12XX, TI125X, 1387 Ricoh 5C46/5C47, Topic 95/97/100 and Cirrus Logic PD683X 1388 bridges. 16-bit PC Card support is not yet functional.</para> 1389 </sect3> 1390 1391 <sect3> 1392 <title>Multimedia Support</title> 1393 1394 <para arch="i386" role="historic">The &man.pcm.4; driver now supports the ESS 1395 Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media 1396 fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound 1397 card/chipsets, and has received some other updates. Separate 1398 drivers for the SoundBlaster 8 and SoundBlaster 16 now replace 1399 an older, unified driver. A driver for the CMedia 1400 CMI8338/CMI8738 sound chips has been added. A driver for the 1401 CS4281 sound chip has been added. A driver for the S3 1402 SonicVibes chipset has been added. &merged;</para> 1403 1404 <para arch="i386" role="historic">A driver for the Avance Logic ALS4000 has been 1405 added. &merged;</para> 1406 1407 <para arch="i386" role="historic">A driver for the ESS Maestro-3/Allegro has 1408 been added, however due to licensing restrictions, it cannot 1409 be compiled into the kernel. &merged; To use this driver, add 1410 the following line to 1411 <filename>/boot/loader.conf</filename>:</para> 1412 1413 <programlisting role="historic">snd_maestro3_load="YES"</programlisting> 1414 1415 <para role="historic">The &man.bktr.4; driver has been updated to 2.18. This 1416 update provides a number of new features. New tuner types 1417 have been added, and improvements to the KLD module and to 1418 memory allocation have been made. Bugs in &man.devfs.5; when 1419 unloading and reloading have been fixed. Support for new 1420 Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux) 1421 has been added. &merged;</para> 1422 1423 <para arch="i386,pc98" role="historic">The ufm driver, supporting the D-Link DSB-R100 1424 USB Radio, has been added. &merged;</para> 1425 1426 <para role="historic">When sound modules are built, one can now load all the 1427 drivers and infrastructure by <command>kldload 1428 snd</command>. &merged;</para> 1429 1430 <para>A new API has been added for sound cards with hardware 1431 volume control.</para> 1432 1433 <para arch="i386" role="historic">A driver for the Intel 443MX, 810, 815, and 1434 815E integrated sound devices has been added. &merged;</para> 1435 1436 <para arch="i386" role="historic">The via82c686 sound driver now supports the VIA 1437 VT8233. &merged;</para> 1438 1439 <para arch="i386" role="historic">The ich sound driver now support the SiS 1440 7012 chipset. &merged;</para> 1441 1442 <para arch="i386">Drivers have been added to support the Direct 1443 Rendering Infrastructure, which can used to provide 3D 1444 acceleration within <application>XFree86</application>. Video 1445 cards supported include the 3Dlabs Oxygen GMX 2000 (gammadrm), 1446 AGP Matrox G200/G400/G450/G550 (mgadrm), 3dfx Voodoo 1447 3/4/5/Banshee (tdfxdrm), AGI ATI Rage 128 (r128drm), and AGP 1448 ATI Radeon (radeondrm).</para> 1449 1450 </sect3> 1451 1452 <sect3> 1453 <title>Contributed Software</title> 1454 1455 <para>The Forth Inspired Command Language 1456 (<application>FICL</application>) used in the boot loader has 1457 been updated to 3.02.</para> 1458 1459 <para>Support for Advanced Configuration and Power Interface 1460 (ACPI), a multi-vendor standard for configuration and power 1461 management, has been added. This functionality has been 1462 provided by the <application>Intel ACPI Component 1463 Architecture</application> project, as of the ACPI CA 20020404 1464 snapshot. Some backward compatability for applications using 1465 the older APM standard has been provided.</para> 1466 1467 <sect4> 1468 <title>IPFilter</title> 1469 1470 <para><application>IPFilter</application> has been updated to 1471 3.4.28.</para> 1472 1473 <para role="historic"><application>IPFilter</application> now supports 1474 IPv6. &merged;</para> 1475 1476 </sect4> 1477 1478 <sect4 arch="i386"> 1479 <title>isdn4bsd</title> 1480 1481 <para><application>isdn4bsd</application> has been updated to 1482 version 1.0.2.</para> 1483 1484 <para role="historic">The &man.ifpi.4; driver for supporting the AVM 1485 Fritz!Card PCI controller has been added. &merged;</para> 1486 1487 <para role="historic">The &man.ifpi2.4; driver for supporting the AVM 1488 Fritz!Card PCI version 2 controller has been added. &merged;</para> 1489 1490 <para role="historic">The &man.ihfc.4; driver for supporting Cologne Chip 1491 Designs HFC devices under 1492 <application>isdn4bsd</application> has been 1493 added. &merged;</para> 1494 1495 <para role="historic">The &man.itjc.4; driver for supporting NETjet-S / Teles 1496 PCI-TJ devices under <application>isdn4bsd</application> has 1497 been added. &merged;</para> 1498 1499 <para role="historic">Experimental support for the Eicon.Diehl DIVA 2.0 and 1500 2.02 ISA PnP ISDN cards has been added to the &man.isic.4; 1501 <application>isdn4bsd</application> driver. &merged;</para> 1502 1503 <para role="historic">The &man.isic.4; driver now supports the Compaq Microcom 1504 610 ISDN ISA PnP card. &merged;</para> 1505 1506 <para role="historic">Active CAPI-based ISDN cards manufactured by AVM are now 1507 supported using the &man.i4bcapi.4; and the &man.iavc.4; 1508 driver. The supported cards are the AVM B1 PCI and AVM B1 1509 ISA Basic Rate cards and the AVM T1 Primary Rate 1510 cards. &merged;</para> 1511 1512 <para role="historic">A new <literal>maxconnecttime</literal> keyword is now 1513 accepted in &man.isdnd.rc.5; files to limit the time a 1514 connection may remain open. &merged;</para> 1515 1516 <para role="historic">&man.isdnphone.8; now supports a <option>-k</option> 1517 option for sending messages via the keypad facility to a PBX 1518 or exchange office. &merged;</para> 1519 1520 <para><application>isdn4bsd</application> now supports Q.931 1521 subaddressing.</para> 1522 1523 </sect4> 1524 1525 <sect4 id="kame-kernel"> 1526 <title>KAME</title> 1527 1528 <para role="historic">The IPv6 stack is now based on a snapshot based on the 1529 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of 1530 the items listed in this section are a result of this 1531 import. <xref linkend="kame-userland"> lists userland 1532 updates to the KAME IPv6 stack. &merged;</para> 1533 1534 <para role="historic">&man.gif.4; is now based on RFC 2893, rather than RFC 1535 1933. The <literal>IFF_LINK2</literal> interface flag can 1536 be used to control ingress filtering. &merged;</para> 1537 1538 <para role="historic"><application>IPsec</application> has received some 1539 enhancements, including the ability to use the Rijndael and 1540 SHA2 algorithms. IPsec RC5 support has been removed due to 1541 patent issues. &merged;</para> 1542 1543 <para role="historic">&man.stf.4; now conforms to RFC 3056; the 1544 <literal>IFF_LINK2</literal> interface flag can be used to 1545 control ingress filtering. &merged;</para> 1546 1547 <para role="historic">IPv6 has better checking of illegal addresses (such as 1548 loopback addresses) on physical networks. &merged;</para> 1549 1550 <para role="historic">The <varname>IPV6_V6ONLY</varname> socket option is now 1551 completely supported. The kernel's default behavior with 1552 respect to this option is controlled by the 1553 <varname>net.inet6.ip6.v6only</varname> sysctl 1554 variable. &merged;</para> 1555 1556 <para role="historic">RFC 3041 (Privacy Extensions for Stateless Address 1557 Autoconfiguration) is now supported. It can be enabled via 1558 the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl 1559 variable. &merged;</para> 1560 </sect4> 1561 </sect3> 1562 </sect2> 1563 1564 <sect2 id="security"> 1565 <title>Security-Related Changes</title> 1566 1567 <para role="historic">&man.sysinstall.8; now allows the user to select one of two 1568 <quote>security profiles</quote> at install-time. These 1569 profiles enable different levels of system security by enabling 1570 or disabling various system services in &man.rc.conf.5; on new 1571 installs. &merged;</para> 1572 1573 <para>A bug in which malformed ELF executable images can hang the 1574 system has been fixed (see security advisory 1575 FreeBSD-SA-00:41). &merged;</para> 1576 1577 <para>A security hole in Linux emulation was fixed (see security 1578 advisory FreeBSD-SA-00:42). &merged;</para> 1579 1580 <para role="historic">String-handling library calls in many programs were fixed to 1581 reduce the possibility of buffer overflow-related exploits. 1582 &merged;</para> 1583 1584 <para>TCP now uses stronger randomness in choosing its initial 1585 sequence numbers (see security advisory 1586 FreeBSD-SA-00:52). &merged;</para> 1587 1588 <para>Several buffer overflows in &man.tcpdump.1; were corrected 1589 (see security advisory FreeBSD-SA-00:61). &merged;</para> 1590 1591 <para>A security hole in &man.top.1; was corrected (see security 1592 advisory FreeBSD-SA-00:62). &merged;</para> 1593 1594 <para>A potential security hole caused by an off-by-one-error in 1595 &man.gethostbyname.3; has been fixed (see security advisory 1596 FreeBSD-SA-00:63). &merged;</para> 1597 1598 <para>A potential buffer overflow in the &man.ncurses.3; library, 1599 which could cause arbitrary code to be run from within 1600 &man.systat.1;, has been corrected (see security advisory 1601 FreeBSD-SA-00:68). &merged;</para> 1602 1603 <para>A vulnerability in &man.telnetd.8; that could cause it to 1604 consume large amounts of server resources has been fixed (see 1605 security advisory FreeBSD-SA-00:69). &merged;</para> 1606 1607 <para>The <literal>nat deny_incoming</literal> command in 1608 &man.ppp.8; now works correctly (see security advisory 1609 FreeBSD-SA-00:70). &merged;</para> 1610 1611 <para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files 1612 that could allow overwriting of arbitrary user-writable files 1613 has been closed (see security advisory 1614 FreeBSD-SA-00:76). &merged;</para> 1615 1616 <para role="historic">The &man.ssh.1; binary is no longer SUID root by 1617 default. &merged;</para> 1618 1619 <para role="historic">Some fixes were applied to the Kerberos IV implementation 1620 related to environment variables, a possible buffer overrun, and 1621 overwriting ticket files. &merged;</para> 1622 1623 <para role="historic">&man.telnet.1; now does a better job of sanitizing its 1624 environment. &merged;</para> 1625 1626 <para>Several vulnerabilities in &man.procfs.5; were fixed (see 1627 security advisory FreeBSD-SA-00:77). &merged;</para> 1628 1629 <para>A bug in <application>OpenSSH</application> in which a 1630 server was unable to disable &man.ssh-agent.1; or 1631 <literal>X11Forwarding</literal> was fixed (see security 1632 advisory FreeBSD-SA-01:01). &merged;</para> 1633 1634 <para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP 1635 segments could incorrectly be treated as being part of an 1636 <literal>established</literal> connection has been fixed (see 1637 security advisory FreeBSD-SA-01:08). &merged;</para> 1638 1639 <para>A bug in &man.crontab.1; that could allow users to read any 1640 file on the system in valid &man.crontab.5; syntax has been 1641 fixed (see security advisory FreeBSD-SA-01:09). &merged;</para> 1642 1643 <para>A vulnerability in &man.inetd.8; that could allow 1644 read-access to the initial 16 bytes of 1645 <groupname>wheel</groupname>-accessible files has been fixed 1646 (see security advisory FreeBSD-SA-01:11). &merged;</para> 1647 1648 <para>A bug in &man.periodic.8; that used insecure temporary files 1649 has been corrected (see security advisory 1650 FreeBSD-SA-01:12). &merged;</para> 1651 1652 <para><application>OpenSSH</application> now has code to prevent 1653 (instead of just mitigating through connection limits) an attack 1654 that can lead to guessing the server key (not host key) by 1655 regenerating the server key when an RSA failure is detected (see 1656 security advisory FreeBSD-SA-01:24). &merged;</para> 1657 1658 <para role="historic">A number of programs have had output formatting strings 1659 corrected so as to reduce the risk of 1660 vulnerabilities. &merged;</para> 1661 1662 <para role="historic">A number of programs that use temporary files now do so more 1663 securely. &merged;</para> 1664 1665 <para role="historic">A bug in ICMP that could cause an attacker to disrupt TCP and UDP 1666 <quote>sessions</quote> has been corrected. &merged;</para> 1667 1668 <para>A bug in &man.timed.8;, which caused it to crash if send 1669 certain malformed packets, has been corrected (see security 1670 advisory FreeBSD-SA-01:28). &merged;</para> 1671 1672 <para>A bug in &man.rwhod.8;, which caused it to crash if send 1673 certain malformed packets, has been corrected (see security 1674 advisory FreeBSD-SA-01:29). &merged;</para> 1675 1676 <para>A security hole in &os;'s FFS and EXT2FS implementations, 1677 which allowed a race condition that could cause users to have 1678 unauthorized access to data, has been fixed (see security 1679 advisory FreeBSD-SA-01:30). &merged;</para> 1680 1681 <para>A remotely-exploitable vulnerability in &man.ntpd.8; has 1682 been closed (see security advisory 1683 FreeBSD-SA-01:31). &merged;</para> 1684 1685 <para>A security hole in <application>IPFilter</application>'s 1686 fragment cache has been closed (see security advisory 1687 FreeBSD-SA-01:32). &merged;</para> 1688 1689 <para>Buffer overflows in &man.glob.3;, which could cause 1690 arbitrary code to be run on an FTP server, have been closed. In 1691 addition, to prevent some forms of DOS attacks, &man.glob.3; 1692 allows specification of a limit on the number of pathname 1693 matches it will return. &man.ftpd.8; now uses this feature (see 1694 security advisory FreeBSD-SA-01:33). &merged;</para> 1695 1696 <para>Initial sequence numbers in TCP are more thoroughly 1697 randomized (see security advisory FreeBSD-SA-01:39). Due to 1698 some possible compatibility issues, the behavior of this 1699 security fix can be enabled or disabled via the 1700 <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl 1701 variable.&merged;</para> 1702 1703 <para>A vulnerability in the &man.fts.3; routines (used by 1704 applications for recursively traversing a filesystem) could 1705 allow a program to operate on files outside the intended 1706 directory hierarchy. This bug has been fixed (see security 1707 advisory FreeBSD-SA-01:40). &merged;</para> 1708 1709 <para role="historic"><application>OpenSSH</application> now switches to the 1710 user's UID before attempting to unlink the authentication 1711 forwarding file, nullifying the effects of a race.</para> 1712 1713 <para>A flaw allowed some signal handlers to remain in effect in a 1714 child process after being exec-ed from its parent. This allowed 1715 an attacker to execute arbitrary code in the context of a setuid 1716 binary. This flaw has been corrected (see security advisory 1717 FreeBSD-SA-01:42). &merged;</para> 1718 1719 <para>A remote buffer overflow in &man.tcpdump.1; has been fixed 1720 (see security advisory FreeBSD-SA-01:48). &merged;</para> 1721 1722 <para>A remote buffer overflow in &man.telnetd.8; has been fixed 1723 (see security advisory FreeBSD-SA-01:49). &merged;</para> 1724 1725 <para>The new <varname>net.inet.ip.maxfragpackets</varname> and 1726 <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables 1727 limit the amount of memory that can be consumed by IPv4 and IPv6 1728 packet fragments, which defends against some denial of service 1729 attacks (see security advisory 1730 FreeBSD-SA-01:52). &merged;</para> 1731 1732 <para role="historic">All services in <filename>inetd.conf</filename> are now 1733 disabled by default for new installations. &man.sysinstall.8; 1734 gives the option of enabling or disabling &man.inetd.8; on new 1735 installations, as well as editing 1736 <filename>inetd.conf</filename>. &merged;</para> 1737 1738 <para>A flaw in the implementation of the &man.ipfw.8; 1739 <literal>me</literal> rules on point-to-point links has been 1740 corrected. Formerly, <literal>me</literal> filter rules would 1741 match the remote IP address of a point-to-point interface in 1742 addition to the intended local IP address (see security advisory 1743 FreeBSD-SA-01:53). &merged;</para> 1744 1745 <para>A vulnerability in &man.procfs.5;, which could allow a 1746 process to read sensitive information from another process's 1747 memory space, has been closed (see security advisory 1748 FreeBSD-SA-01:55). &merged;</para> 1749 1750 <para>The <literal>PARANOID</literal> hostname checking in 1751 <application>tcp_wrappers</application> now works as advertised 1752 (see security advisory FreeBSD-SA-01:56). &merged;</para> 1753 1754 <para>A local root exploit in &man.sendmail.8; has been closed 1755 (see security advisory FreeBSD-SA-01:57). &merged;</para> 1756 1757 <para>A remote root vulnerability in &man.lpd.8; has been closed 1758 (see security advisory FreeBSD-SA-01:58). &merged;</para> 1759 1760 <para>A race condition in &man.rmuser.8; that briefly exposed a 1761 world-readable <filename>/etc/master.passwd</filename> has been 1762 fixed (see security advisory FreeBSD-SA-01:59). &merged;</para> 1763 1764 <para>A vulnerability in <application>UUCP</application> has been 1765 closed (see security advisory FreeBSD-SA-01:62). All 1766 non-<username>root</username>-owned binaries in standard system 1767 paths now have the <literal>schg</literal> flag set to prevent 1768 exploit vectors when run by &man.cron.8;, by 1769 <username>root</username>, or by a user other then the one owning 1770 the binary. In addition, &man.uustat.1; is now run via 1771 <filename>/etc/periodic/daily/410.status-uucp</filename> as 1772 <username>uucp</username>, not <username>root</username>. In 1773 &os; -CURRENT, <application>UUCP</application> has since been 1774 moved to the Ports Collection and no longer a part of the base 1775 system. &merged;</para> 1776 1777 <para role="historic">A security hole in the form of a buffer overflow in the 1778 &man.semop.2; system call has been closed. &merged;</para> 1779 1780 <para>A security hole in <application>OpenSSH</application>, which 1781 could allow users to execute code with arbitrary privileges if 1782 <literal>UseLogin yes</literal> was set, has been closed. Note 1783 that the default value of this setting is 1784 <literal>UseLogin no</literal>. (See security advisory 1785 FreeBSD-SA-01:63.) &merged;</para> 1786 1787 <para>The use of an insecure temporary directory by 1788 &man.pkg.add.1; could permit a local attacker to modify the 1789 contents of binary packages while they were being installed. 1790 This hole has been closed. (See security advisory 1791 FreeBSD-SA-02:01.) &merged;</para> 1792 1793 <para>A race condition in &man.pw.8;, which could expose the 1794 contents of <filename>/etc/master.passwd</filename>, has been 1795 eliminated. (See security advisory FreeBSD-SA-02:02.) 1796 &merged;</para> 1797 1798 <para>A bug in &man.k5su.8; could have allowed a process that had 1799 given up superuser privileges to regain them. This bug has been 1800 fixed. (See security advisory FreeBSD-SA-02:07.) 1801 &merged;</para> 1802 1803 <para>An <quote>off-by-one</quote> bug has been fixed in 1804 <application>OpenSSH</application>'s multiplexing code. This bug 1805 could have allowed an authenticated remote user to cause 1806 &man.sshd.8; to execute arbitrary code with superuser 1807 privileges, or allowed a malicious SSH server to execute arbitrary 1808 code on the client system with the privileges of the client user. (See security 1809 advisory <ulink 1810 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.) 1811 &merged;</para> 1812 1813 <para>A programming error in <application>zlib</application> could 1814 result in attempts to free memory multiple times. The 1815 &man.malloc.3;/&man.free.3; routines used in &os; are not 1816 vulnerable to this error, but applications receiving 1817 specially-crafted blocks of invalid compressed data could 1818 be made to function incorrectly or abort. This 1819 <application>zlib</application> bug has been fixed. For a 1820 workaround and solutions, see security advisory <ulink 1821 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.v1.2.asc">FreeBSD-SA-02:18</ulink>. 1822 &merged;</para> 1823 1824 <para>Bugs in the TCP SYN cache (<quote>syncache</quote>) and SYN 1825 cookie (<quote>syncookie</quote>) implementations, which could 1826 cause legitimate TCP/IP traffic to crash a machine, have been 1827 fixed. For a workaround and patches, see security advisory 1828 <ulink 1829 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc">FreeBSD-SA-02:20</ulink>. 1830 &merged;</para> 1831 1832 <para>A routing table memory leak, which could allow a remote 1833 attacker to exhaust the memory of a target machine, has been 1834 fixed. A workaround and patches can be found in security 1835 advisory <ulink 1836 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc">FreeBSD-SA-02:21</ulink>. 1837 &merged;</para> 1838 1839 <para>A bug with memory-mapped I/O, which could cause a system 1840 crash, has been fixed. For more information about a solution, 1841 see security advisory <ulink 1842 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc">FreeBSD-SA-02:22</ulink>. 1843 &merged;</para> 1844 1845 <para>A security hole, in which SUID programs could be made to 1846 read from or write to inappropriate files through manipulation 1847 of their standard I/O file descriptors, has been fixed. 1848 Information regarding a solution can be found in security 1849 advisory <ulink 1850 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc">FreeBSD-SA-02:23</ulink>. 1851 &merged;</para> 1852 1853 <para>Some unexpected behavior could be allowed with &man.k5su.8; 1854 because it does not require that an invoking user be a member of 1855 the <groupname>wheel</groupname> group when attempting to become 1856 the superuser (this is the case with &man.su.1;). To avoid this 1857 situation, &man.k5su.8; is now installed non-SUID by default 1858 (effectively disabling it). More information can be found in 1859 security advisory <ulink 1860 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc">FreeBSD-SA-02:24</ulink>. 1861 &merged;</para> 1862 1863 <para>Multiple vulnerabilities were found in the &man.bzip2.1; 1864 utility, which could allow files to be overwritten without 1865 warning or allow local users unintended access to files. These 1866 problems have been corrected with a new import of 1867 <application>bzip2</application>. For more information, see 1868 security advisory <ulink 1869 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc">FreeBSD-SA-02:25</ulink>. 1870 &merged;</para> 1871 1872 <para>A bug has been fixed in the implementation of the TCP SYN 1873 cache (<quote>syncache</quote>), which could allow a remote 1874 attacker to deny access to a service when accept filters 1875 (see &man.accept.filter.9;) were in use. This bug has been 1876 fixed; for more information, see security advisory <ulink 1877 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:26.accept.asc">FreeBSD-SA-02:26</ulink>. 1878 &merged;</para> 1879 1880 <para>Due to a bug in &man.rc.8;'s use of shell globbing, users 1881 may be able to remove the contents of arbitrary files if 1882 <filename>/tmp/.X11-unix</filename> does not exist and the 1883 system can be made to reboot. This bug has been corrected (see 1884 security advisory <ulink 1885 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc">FreeBSD-SA-02:27</ulink>). 1886 &merged;</para> 1887 1888 <para>A buffer overflow in the resolver, which could be exploited 1889 by a malicious domain name server or an attacker forging DNS 1890 messages, has been fixed. See security advisory <ulink 1891 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:28.resolv.asc">FreeBSD-SA-02:28</ulink> 1892 for more details. &merged;</para> 1893 </sect2> 1894 1895 <sect2 id="userland"> 1896 <title>Userland Changes</title> 1897 1898 <para role="historic">If the first argument to &man.ancontrol.8; or 1899 &man.wicontrol.8; doesn't start with a <literal>-</literal>, it 1900 is assumed to be an interface. &merged;</para> 1901 1902 <para role="historic">&man.apmd.8; now has the ability to monitor battery levels 1903 and execute commands based on percentage or minutes of battery 1904 life remaining via the <literal>apm_battery</literal> 1905 configuration directive. See the commented-out examples in 1906 <filename>/etc/apmd.conf</filename> for the 1907 syntax. &merged;</para> 1908 1909 <para role="historic">&man.arp.8; now prints the applicable interface name for 1910 each ARP entry. &merged;</para> 1911 1912 <para>&man.arp.8; now prints <literal>[fddi]</literal> or 1913 <literal>[atm]</literal> tags for addresses on interfaces of 1914 those types.</para> 1915 1916 <para>The &man.asa.1; utility, to interpret FORTRAN 1917 carriage-control characters, has been added.</para> 1918 1919 <para>&man.at.1; now supports the <option>-r</option> command-line 1920 option to remove jobs and the <option>-t</option> option to 1921 specify times in POSIX time format.</para> 1922 1923 <para role="historic">&man.atacontrol.8; has been added to control various aspects 1924 of the &man.ata.4; driver. &merged;</para> 1925 1926 <para>The system &man.awk.1; now refers to 1927 <application>BWK awk</application>.</para> 1928 1929 <para arch="pc98" role="historic">&man.boot98cfg.8;, a PC-98 boot manager 1930 installation and configuration utility, has been 1931 added. &merged;</para> 1932 1933 <para role="historic">&man.burncd.8; now supports a <option>-m</option> option for 1934 multisession mode (the default behavior now is to close disks as 1935 single-session). A <option>-l</option> option to take a list of 1936 image files from a filename was also added; 1937 <filename>-</filename> can be used as a filename for 1938 <literal>stdin</literal>. &merged;</para> 1939 1940 <para>&man.burncd.8; now supports Disk At Once (DAO) mode, 1941 selectable via the <option>-d</option> flag.</para> 1942 1943 <para>&man.burncd.8; now has the ability to write VCDs/SVCDs.</para> 1944 1945 <para role="historic">&man.c89.1; has been converted from a shell script to a 1946 binary executable, fixing some minor bugs. &merged;</para> 1947 1948 <para>&man.calendar.1; now takes a <option>-W</option> option, 1949 which operates similar to <option>-A</option> but without 1950 special treatment at weekends, and a <option>-F</option>option 1951 to change the notion of <quote>Friday</quote>.</para> 1952 1953 <para arch="i386,pc98" role="historic">A minimalized version of &man.camcontrol.8; is 1954 now available on the installation floppy. This allows it to 1955 rescan for devices that have been connected after booting, or to 1956 show the devices attached to SCSI busses (e. g. from within the 1957 <quote>emergency holographic shell</quote>). &merged;</para> 1958 1959 <para role="historic">&man.cat.1; now has the ability to read from UNIX-domain 1960 sockets. &merged;</para> 1961 1962 <para>&man.catman.1; is now a C program, instead of a 1963 Perl script.</para> 1964 1965 <para role="historic">&man.cdcontrol.1; now supports a <literal>cdid</literal> 1966 command, which calculates and displays the CD serial number, 1967 using the same algorithm used by the CDDB 1968 database. &merged;</para> 1969 1970 <para role="historic">&man.cdcontrol.1; now uses the <envar>CDROM</envar> 1971 environment variable to pick a default device. &merged;</para> 1972 1973 <para role="historic">&man.cdcontrol.1; now supports <literal>next</literal> and 1974 <literal>prev</literal> commands to skip forwards or backwards a 1975 specified number of tracks while playing an audio 1976 CD. &merged;</para> 1977 1978 <para>On ATAPI CDROM drives, &man.cdcontrol.1; now supports a 1979 <literal>speed</literal> command to set the maximum speed to be 1980 used by the drive. &merged;</para> 1981 1982 <para>&man.chflags.1; has moved from <filename>/usr/bin</filename> 1983 to <filename>/bin</filename>.</para> 1984 1985 <para role="historic">&man.chio.1; now has the ability to specify elements by 1986 volume tag instead of by their physical location as well as the 1987 ability to return an element to its previous 1988 location. &merged;</para> 1989 1990 <para>&man.chmod.1; now supports a <option>-h</option> for 1991 changing the mode of a symbolic link.</para> 1992 1993 <para role="historic">&man.chown.8; now correctly follows symbolic links named as 1994 command line arguments if run without 1995 <option>-R</option>. &merged;</para> 1996 1997 <para>&man.chown.8; no longer takes <literal>.</literal> as a 1998 user/group delimeter. This change was made to support usernames 1999 containing a <literal>.</literal>.</para> 2000 2001 <para>Use of the <literal>CSMG_*</literal> macros no longer 2002 require inclusion of 2003 <filename><sys/param.h></filename></para> 2004 2005 <para role="historic">&man.col.1; now takes a <option>-p</option> flag to force 2006 unknown control sequences to be passed through 2007 unchanged. &merged;</para> 2008 2009 <para role="historic">The <filename>compat3x</filename> distribution has been 2010 updated to include libraries present in &os; 2011 3.5.1-RELEASE. &merged;</para> 2012 2013 <para>A <filename>compat4x</filename> distribution has been added 2014 for compatibility with &os; 4-STABLE.</para> 2015 2016 <para role="historic">&man.config.8; is now better about converting various 2017 warnings that should have been errors into actual fatal errors 2018 with an exit code. This ensures that <literal>make 2019 buildkernel</literal> doesn't quietly ignore them and build a 2020 bogus kernel without a human to read the errors. &merged;</para> 2021 2022 <para role="historic">A number of buffer overflows in &man.config.8; have been 2023 fixed. &merged;</para> 2024 2025 <para>A new &man.csplit.1; utility, which splits files based on 2026 context, has been added.</para> 2027 2028 <para role="historic">&man.ctags.1; no longer creates a corrupt tags file if the 2029 source file used <literal>//</literal> (C++-style) 2030 comments. &merged;</para> 2031 2032 <para>The &man.daemon.8; program, a command-line interface to 2033 &man.daemon.3;, has been added. It detaches itself from its 2034 controlling terminal and executes a program specified on the 2035 command line. This allows the user to run an arbitrary program 2036 as if it were written to be a daemon.</para> 2037 2038 <para>&man.devinfo.8;, a simple tool to print the device tree and resource 2039 usage by devices, has been added.</para> 2040 2041 <para role="historic">&man.df.1; now takes a <option>-l</option> option to only 2042 display information about locally-mounted 2043 filesystems. &merged;</para> 2044 2045 <para role="historic">&man.disklabel.8; now supports partition sizes expressed in 2046 kilobytes, megabytes, or gigabytes, in addition to 2047 sectors. &merged;</para> 2048 2049 <para>diskpart(8) has been declared obsolete, and has been 2050 removed.</para> 2051 2052 <para role="historic">&man.dmesg.8; now has a <option>-a</option> option to show 2053 the entire message buffer, including &man.syslogd.8; records and 2054 <filename>/dev/console</filename> output. &merged;</para> 2055 2056 <para role="historic">&man.du.1; now takes a <option>-I</option> command-line flag 2057 to ignore/skip files and subdirectories matching a specified 2058 shell-glob mask. &merged;</para> 2059 2060 <para role="historic">&man.dump.8; now supports inheritance of the 2061 <literal>nodump</literal> flag down a hierarchy. &merged;</para> 2062 2063 <para role="historic">The <option>-T</option> option to &man.dump.8; no longer 2064 swallows an extra argument. &merged;</para> 2065 2066 <para role="historic">&man.dump.8; has a new <option>-D</option> option, allowing 2067 the path to the <filename>/etc/dumpdates</filename> file to be 2068 changed. &merged;</para> 2069 2070 <para role="historic">&man.dump.8; now supplies progress information in its 2071 process title, useful for monitoring automated 2072 backups. &merged;</para> 2073 2074 <para>&man.dump.8; now supports a new <option>-S</option> flag to allow 2075 it to just print out the dump size estimates and exit.</para> 2076 2077 <para role="historic">&man.edquota.8; now takes a <option>-f</option> option to 2078 allow limiting the prototype quota distribution (specified with 2079 <option>-p</option>) to a single filesystem. &merged;</para> 2080 2081 <para role="historic"><filename>/etc/rc.firewall</filename> and 2082 <filename>/etc/rc.firewall6</filename> will no longer add their own 2083 hardcoded rules in the cases of a rules file in the 2084 <varname>firewall_type</varname> variable or a non-existent 2085 firewall type. (The motivation for this change is to avoid 2086 acting on assumptions about a site's firewall policies.) In 2087 addition, the <literal>closed</literal> firewall type now works 2088 as documented in the &man.rc.firewall.8; manual page. &merged;</para> 2089 2090 <para role="historic">The functionality of <filename>/etc/security</filename> has 2091 been been moved into a set of scripts under the &man.periodic.8; 2092 framework, to make local customization easier and more 2093 maintainable. These scripts now reside in 2094 <filename>/etc/periodic/security/</filename>. &merged;</para> 2095 2096 <para>&man.expr.1; is now compliant with the POSIX Utility Syntax 2097 Guidelines. Some programs depend on the old, historic behavior 2098 (the <filename role="package">devel/libtool</filename> 2099 port/package was/is a notable example). In these situations, 2100 the <envar>EXPR_COMPAT</envar> environment variable can be 2101 defined, which causes &man.expr.1; to behave more like previous 2102 versions.</para> 2103 2104 <para>&man.fbtab.5; now accepts glob matching patterns for target 2105 devices, not just individual devices and directories.</para> 2106 2107 <para arch="i386">&man.fdisk.8; no longer attempts to search for a 2108 device if none has been specified on the command line, but 2109 instead tries to figure out the default device name from the 2110 root device.</para> 2111 2112 <para>&man.fdread.1;, a program to read data from floppy disks, 2113 has been added. It is a counterpart to &man.fdwrite.1; and is 2114 designed to provide a means of recovering at least some data 2115 from bad media, and to obviate for a complex invocation of 2116 &man.dd.1;.</para> 2117 2118 <para role="historic">&man.find.1; now takes the <option>-empty</option> flag, 2119 which returns true if a file or directory is 2120 empty. &merged;</para> 2121 2122 <para role="historic">&man.find.1; now takes the <option>-iname</option> and 2123 <option>-ipath</option> primaries for case-insensitive matches, 2124 and the <option>-regexp</option> and <option>-iregexp</option> 2125 primaries for regular-expression matches. The 2126 <option>-E</option> flag now enables extended regular 2127 expressions. &merged;</para> 2128 2129 <para role="historic">&man.find.1; now has the <option>-anewer</option>, 2130 <option>-cnewer</option>, <option>-mnewer</option>, 2131 <option>-okdir</option>, and <option>-newer[acm][acmt]</option> 2132 primaries for comparisons of file timestamps. The latter 2133 primaries can be specified with various units of 2134 time. &merged;</para> 2135 2136 <para role="historic">&man.finger.1; now has the ability to support fingering 2137 aliases, via the &man.finger.conf.5; file. &merged;</para> 2138 2139 <para>&man.finger.1; now has support for a 2140 <filename>.pubkey</filename> file.</para> 2141 2142 <para role="historic">&man.fmt.1; has been rewritten; the rewrite fixes a number 2143 of bugs compared to its prior behavior. &merged;</para> 2144 2145 <para role="historic">&man.fmtcheck.3;, a function for checking consistency of 2146 format string arguments, has been added. &merged;</para> 2147 2148 <para>&man.fold.1; now supports a <option>-b</option> flag to 2149 break at byte positions and a <option>-s</option> flag to break at 2150 word boundaries. &merged;</para> 2151 2152 <para role="historic">&man.fsdb.8; now supports a <literal>blocks</literal> 2153 command to list the blocks allocated by a particular 2154 inode. &merged;</para> 2155 2156 <para>&man.fsck.8; wrappers have been imported; this feature 2157 provides infrastructure for &man.fsck.8; to work on different 2158 types of filesystems (analogous to &man.mount.8;).</para> 2159 2160 <para>The behavior of &man.fsck.8; when dealing with various 2161 passes (a la <filename>/etc/fstab</filename>) has been modified 2162 to accommodate multiple-disk filesystems.</para> 2163 2164 <para>&man.fsck.8; now has support for foreground 2165 (<option>-F</option>) and background (<option>-B</option>) 2166 checks. Traditionally, &man.fsck.8; is invoked before the 2167 filesystems are mounted and all checks are done to completion at 2168 that time. If background checking is available, &man.fsck.8; is 2169 invoked twice. It is first invoked at the traditional time, 2170 before the filesystems are mounted, with the <option>-F</option> 2171 flag to do checking on all the filesystems that cannot do 2172 background checking. It is then invoked a second time, after 2173 the system has completed going multiuser, with the 2174 <option>-B</option> flag to do checking on all the filesystems 2175 that can do background checking. Unlike the foreground 2176 checking, the background checking is started asynchronously so 2177 that other system activity can proceed even on the filesystems 2178 that are being checked. Boot-time enabling of this feature is 2179 controlled by the 2180 <varname>background_fsck</varname> option in &man.rc.conf.5;.</para> 2181 2182 <para role="historic">Shortly after the receipt of a <literal>SIGINFO</literal> 2183 signal (normally control-T from the controlling tty), 2184 &man.fsck.ffs.8; will now output a line indicating the current 2185 phase number and progress information relevant to the current 2186 phase. &merged;</para> 2187 2188 <para>&man.fsck.ffs.8; now supports background filesystem checks 2189 to mounted FFS filesystems with the <option>-B</option> option 2190 (softupdates must be enabled on these filesystems). The 2191 <option>-F</option> flag now determines whether a specified 2192 filesystem needs foreground checking.</para> 2193 2194 <para role="historic">A new &man.fsck.msdosfs.8; utility has been added to check 2195 the consistency of MS-DOS filesystems. &merged;</para> 2196 2197 <para role="historic">&man.ftpd.8; now supports a <option>-r</option> flag for 2198 read-only mode and a <option>-E</option> flag to disable 2199 <literal>EPSV</literal>. It also has some fixes to reduce 2200 information leakage and the ability to specify compile-time port 2201 ranges. &merged;</para> 2202 2203 <para>&man.ftpd.8; now supports <option>-o</option> and 2204 <option>-O</option> options to disable the 2205 <literal>RETR</literal> command; the former for everybody, and 2206 the latter only for guest users. Coupled with 2207 <option>-A</option> and appropriate file permissions, these can 2208 be used to create a relatively safe anonymous FTP drop box for 2209 others to upload to.</para> 2210 2211 <para arch="i386,pc98" role="historic">&man.gdb.1; now supports hardware 2212 watchpoints (using the kernel's debug register + support that 2213 has been introduced in &os; 4.0). &merged;</para> 2214 2215 <para role="historic">The &man.getprogname.3; and &man.setprogname.3; library 2216 functions have been added to manipulate the name of the current 2217 program. They are used by error-reporting routines to produce 2218 consistent output. &merged;</para> 2219 2220 <para>gifconfig(8) is obsolete and has been removed. Its 2221 functionality is now handled by the <option>tunnel</option> and 2222 <option>deletetunnel</option> commands of 2223 &man.ifconfig.8;.</para> 2224 2225 <para>&man.gprof.1; now has a <option>-K</option> option to enable 2226 dynamic symbol resolution from the currently-running kernel. 2227 With this change, properly-compiled KLD modules are now able to 2228 be profiled.</para> 2229 2230 <para role="historic">&man.growfs.8;, a utility for growing FFS filesystems, has 2231 been added. &man.ffsinfo.8;, a utility for dump all the 2232 meta-information of an existing filesystem, has also been 2233 added. &merged;</para> 2234 2235 <para role="historic">The &man.groups.1; and &man.whoami.1; shell scripts are now 2236 unnecessary; their functionality has been completely folded into 2237 &man.id.1;. &merged;</para> 2238 2239 <para>The ibcs(8), linux(8), osf1(8), and 2240 svr4(8) scripts, whose sole purpose was to load emulation 2241 kernel modules, have been removed. The kernel module system 2242 will automatically load them as needed to fulfill 2243 dependencies.</para> 2244 2245 <para role="historic">&man.indent.1; has gained some new formatting 2246 options. &merged;</para> 2247 2248 <para role="historic">&man.ifconfig.8; can set the link-layer address of 2249 an interface using the <option>link</option> parameter. 2250 &merged;</para> 2251 2252 <para role="historic">&man.ifconfig.8; can now accept addresses in slash/CIDR 2253 notation. &merged;</para> 2254 2255 <para role="historic">&man.ifconfig.8; now has support for setting parameters for 2256 IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4; 2257 devices are supported, and partial support is provided for 2258 &man.awi.4; devices. &merged;</para> 2259 2260 <para role="historic">&man.ifconfig.8; no longer displays the list of supported 2261 media by default. Instead it displays it when the 2262 <option>-m</option> flag is given. &merged;</para> 2263 2264 <para role="historic">The syntax of &man.inetd.8;'s support for &man.faithd.8; is 2265 now compatible with that of other BSDs. &merged;</para> 2266 2267 <para role="historic">The <literal>ident</literal> protocol support in 2268 &man.inetd.8; has been cleaned up and updated. &merged;</para> 2269 2270 <para role="historic">&man.inetd.8; now has the ability to manage UNIX-domain 2271 sockets. &merged;</para> 2272 2273 <para>By default, &man.inetd.8; is no longer run by &man.rc.8; at 2274 boot-time, although &man.sysinstall.8; gives the option of 2275 enabling it during binary installations. &man.inetd.8; can also 2276 be enabled by adding the following line to 2277 <filename>/etc/rc.conf</filename>:</para> 2278 2279 <programlisting>inetd_enable="YES"</programlisting> 2280 2281 <para role="historic">&man.install.1; has a number of new features, including the 2282 <option>-b</option> and <option>-B</option> options for backing up 2283 existing target files and the <option>-S</option> option for 2284 <quote>safe</quote> (atomic copy) operation. The 2285 <option>-c</option> (copy) flag is now the default, and the 2286 <option>-D</option> (debugging) flag has been withdrawn. 2287 &man.install.1; now issues a warning if <option>-d</option> 2288 (create directories) and <option>-C</option> (copy changed files 2289 only) are used together. &merged;</para> 2290 2291 <para role="historic">IP Filter is now supported by the &man.rc.conf.5; boot-time 2292 configuration and initialization. &merged;</para> 2293 2294 <para role="historic">&man.ipfstat.8; now supports the <option>-t</option> option 2295 to turn on a &man.top.1;-like display. &merged;</para> 2296 2297 <para role="historic">&man.ipfw.8; will now avoid the display of dynamic firewall 2298 rules unless the <option>-d</option> flag is passed to it. The 2299 <option>-e</option> option lists expired dynamic 2300 rules. &merged;</para> 2301 2302 <para role="historic">&man.ipfw.8; has a new feature (<literal>me</literal>) that 2303 allows for packet matching on interfaces with 2304 dynamically-changing IP addresses. &merged;</para> 2305 2306 <para role="historic">&man.ipfw.8; has a new <literal>limit</literal> type of 2307 firewall rule, which limits the number of sessions between 2308 address pairs. &merged;</para> 2309 2310 <para>&man.ipfw.8; filter rules can now match on the value of the 2311 IPv4 precedence field.</para> 2312 2313 <para role="historic">&man.ip6fw.8; now has the ability to use a preprocessor and 2314 use the <option>-q</option> (quiet) flag when reading from a 2315 file. &merged;</para> 2316 2317 <para role="historic">&man.ispppcontrol.8; has been deleted, and its functionality 2318 has been folded into &man.spppcontrol.8;. &merged;</para> 2319 2320 <para role="historic">&man.k5su.8; is no longer installed SUID 2321 <username>root</username> by default. Users requiring this 2322 feature can either manually change the permissions on the 2323 &man.k5su.8; executable or add 2324 <literal>ENABLE_SUID_K5SU=yes</literal> to 2325 <filename>/etc/make.conf</filename> before a source 2326 upgrade. &merged;</para> 2327 2328 <para role="historic">&man.kenv.1;, a command to dump the kernel environment, has 2329 been added. &merged;</para> 2330 2331 <para>&man.kenv.1; now has the ability to set or delete kernel 2332 environment variables.</para> 2333 2334 <para role="historic">&man.keyinfo.1; is now a C program, rather than a Perl 2335 script. &merged;</para> 2336 2337 <para>The kget(8) utility has been removed (it was only 2338 useful for UserConfig, which is not present in &os; 2339 &release.current;).</para> 2340 2341 <para role="historic">&man.killall.1; is now a C program, rather than a Perl 2342 script. As a result, its <option>-m</option> option now uses 2343 the regular expression syntax of &man.regex.3;, rather than that 2344 of Perl. &merged;</para> 2345 2346 <para>&man.killall.1; no longer tries to kill zombie processes 2347 unless the <option>-z</option> flag is specified.</para> 2348 2349 <para role="historic">The &man.kldconfig.8; utility has been added to make it 2350 easier to manipulate the kernel module search 2351 path. &merged;</para> 2352 2353 <para>ktrdump, a utility to dump the ktr trace buffer from 2354 userland, has been added.</para> 2355 2356 <para role="historic">&man.last.1; now implements a <option>-d</option> that 2357 provides a <quote>snapshot</quote> of who was logged in at a 2358 particular date and time. &merged;</para> 2359 2360 <para role="historic">&man.last.1; now supports a <option>-y</option> flag, which 2361 causes the year to be included in the session start time. &merged;</para> 2362 2363 <para role="historic">The &man.lastlogin.8; utility, which prints the last login 2364 time of each user, has been imported from 2365 NetBSD. &merged;</para> 2366 2367 <para role="historic">&man.ldconfig.8; now checks directory ownerships and 2368 permissions for greater security; these checks can be disabled 2369 with the <option>-i</option> flag. &merged;</para> 2370 2371 <para role="historic">&man.ldd.1; can now be used on shared libraries, in addition 2372 to executables. &merged;</para> 2373 2374 <para>&man.ldd.1; now supports a <option>-a</option> flag to list 2375 all the objects that are needed by each loaded object.</para> 2376 2377 <para><filename>libc</filename> is now thread-safe by default; 2378 <filename>libc_r</filename> contains only thread 2379 functions.</para> 2380 2381 <para role="historic"><filename>libcrypt</filename> and 2382 <filename>libdescrypt</filename> have been unified to provide a 2383 configurable password authentication hash library. Both the md5 2384 and des hash methods are provided unless the des hash is 2385 specifically compiled out. &merged;</para> 2386 2387 <para role="historic"><filename>libcrypt</filename> now has support for Blowfish 2388 password hashing. &merged;</para> 2389 2390 <para arch="i386" role="historic"><filename>libdisk</filename> can now do 2391 install-time configuration of the <filename>boot0</filename> 2392 boot loader. &merged;</para> 2393 2394 <para role="historic"><filename>libstand</filename> now has support for 2395 filesystems containing 2396 <application>bzip2</application>-compressed 2397 files. &merged;</para> 2398 2399 <para><filename>libstand</filename> now has support for 2400 overwriting the contents of a file on a UFS filesystem (it 2401 cannot expand or truncate files because the filesystem may be 2402 dirty or inconsistent).</para> 2403 2404 <para role="historic"><filename>libstand</filename> now has support for loading 2405 large kernels and modules split across several physical 2406 media. &merged;</para> 2407 2408 <para role="historic">The default TCP port range used by 2409 <filename>libfetch</filename> for passive FTP retrievals has 2410 changed; this affects the behavior of &man.fetch.1;, which has 2411 gained the <option>-U</option> option to restore the old 2412 behavior. &merged;</para> 2413 2414 <para role="historic"><filename>libfetch</filename> now has support for an 2415 authentication callback. &merged;</para> 2416 2417 <para role="historic"><filename>libfetch</filename> now has support for a 2418 <envar>HTTP_USER_AGENT</envar> environment 2419 variable. &merged;</para> 2420 2421 <para><filename>libgmp</filename> has been superceded by 2422 <filename>libmp</filename>. 2423 2424 <para>The functions from <filename>libposix1e</filename> have been 2425 integrated into <filename>libc</filename>.</para> 2426 2427 <para role="historic"><filename>libusb</filename> has been renamed as 2428 <filename>libusbhid</filename>, following NetBSD's naming 2429 conventions. &merged;</para> 2430 2431 <para role="historic">&man.ln.1; now takes an <option>-i</option> option to 2432 request user confirmation before overwriting an existing 2433 file. &merged;</para> 2434 2435 <para role="historic">&man.ln.1; now takes a <option>-h</option> flag to avoid 2436 following a target that is a link, with a <option>-n</option> 2437 flag for compatibility with other 2438 implementations. &merged;</para> 2439 2440 <para role="historic">&man.logger.1; can now send messages directly to a remote 2441 syslog. &merged;</para> 2442 2443 <para role="historic">&man.login.1; now exports environment variables set by 2444 <application>PAM</application> modules. &merged;</para> 2445 2446 <para role="historic">&man.lpc.8; has been improved; <command>lpc clean</command> 2447 is now somewhat safer, and a new <command>lpc tclean</command> 2448 command has been added to check to see what files would be 2449 removed by <command>lpc clean</command>. &merged;</para> 2450 2451 <para role="historic">&man.lpd.8; now takes two new options: <option>-c</option> 2452 will log all connection errors to &man.syslogd.8;, while 2453 <option>-W</option> will allow connections from non-reserved 2454 ports. &merged;</para> 2455 2456 <para role="historic">&man.lpd.8; now has some support for 2457 <literal>o</literal>-type print-file actions in its control 2458 files, which allows printing of PostScript files generated by 2459 <application>MacOS</application> 10.1. &merged;</para> 2460 2461 <para role="historic">&man.lpd.8; now recognizes the <option>-s</option> flag as 2462 the preferred synonym for <option>-p</option> (these flags 2463 cause &man.lpd.8; not to open a socket for network print 2464 jobs). &merged;</para> 2465 2466 <para role="historic">&man.lpd.8; now implements a new <literal>rc</literal> 2467 printcap option. When specified in a print queue for a remote 2468 host, boolean option causes &man.lpd.8; to resend the data file 2469 for each copy the user requested via <command>lpr 2470 -#<replaceable>n</replaceable></command>. &merged;</para> 2471 2472 <para role="historic">Catching up with most other network utilities in the base 2473 system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and 2474 &man.logger.1; are now all IPv6-capable. &merged;</para> 2475 2476 <para role="historic"><command>lprm -</command> now works for remote printer 2477 queues. &merged;</para> 2478 2479 <para role="historic">&man.ls.1; can produce colorized listings with the 2480 <option>-G</option> flag (and appropriate terminal support). 2481 The <envar>CLICOLOR</envar> environment variable can be set to 2482 enable colorized listings by default. &merged;</para> 2483 2484 <para role="historic">&man.ls.1; now accepts a <option>-h</option> flag, which 2485 when combined with the <option>-l</option> flag, causes file 2486 sizes to be printed with unit suffixes, such that the number of 2487 digits printed is fewer than four. &merged;</para> 2488 2489 <para>The &man.ls.1; program now supports a <option>-m</option> 2490 flag to list files across a page, a <option>-p</option> flag to 2491 force printing of a <literal>/</literal> after directories, and 2492 a <option>-x</option> flag to sort filenames across a 2493 page.</para> 2494 2495 <para role="historic">&man.m4.1; now accepts a <option>-s</option> flag to cause 2496 it to emit <literal>#line</literal> directives for use by 2497 &man.cpp.1;. &merged;</para> 2498 2499 <para role="historic">&man.mail.1; now takes a <option>-E</option> flag to avoid 2500 sending messages with empty bodies. &merged;</para> 2501 2502 <para role="historic">&man.make.1; has gained the <literal>:C///</literal> 2503 (regular expression substitution), <literal>:L</literal> 2504 (lowercase), and <literal>:U</literal> (uppercase) variable 2505 modifiers. These were added to reduce the differences between 2506 the &os; and OpenBSD/NetBSD &man.make.1; programs. 2507 &merged;</para> 2508 2509 <para role="historic">Bugs in &man.make.1;, among which include broken null suffix 2510 behavior, bad assumptions about current directory permissions, 2511 and potential buffer overflows, have been fixed. &merged;</para> 2512 2513 <para role="historic">The new <varname>CPUTYPE</varname> 2514 <filename>make.conf</filename> variable controls the compilation 2515 of processor-specific optimizations in various pieces of code 2516 such as <application>OpenSSL</application>. &merged;</para> 2517 2518 <para role="historic">The &os; <filename>Makefile</filename> infrastructure now 2519 supports the <varname>WARNS</varname> directive from NetBSD. 2520 This directive controls the addition of compiler warning flags 2521 to <varname>CFLAGS</varname> in a relatively compiler-neutral 2522 manner. &merged;</para> 2523 2524 <para>&man.makewhatis.1; is now a C program, instead of a 2525 Perl script.</para> 2526 2527 <para>&man.man.1; is no longer installed SUID 2528 <username>man</username>, in order to reduce vulnerabilities 2529 associated with generating <quote>catpages</quote> (preformatted 2530 manual pages cached for repeated viewing). As a result, 2531 &man.man.1; can no longer create system catpages on a regular 2532 user's behalf. It is still able to do so if the user has write 2533 permissions to the directory holding catpages (e.g. a user's own 2534 manpages) or if the running user is 2535 <username>root</username>.</para> 2536 2537 <para>The &man.mdmfs.8; command has been added; it is a wrapper 2538 around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and 2539 &man.mount.8; that mimics the command line option set of the 2540 deprecated &man.mount.mfs.8;.</para> 2541 2542 <para role="historic">&man.mergemaster.8; now sources an 2543 <filename>/etc/mergemaster.rc</filename> file and also prompts 2544 the user to run recommended commands (such as 2545 <command>newaliases</command>) as needed. &merged;</para> 2546 2547 <para role="historic">&man.mergemaster.8; now supports two new flags. 2548 The <option>-p</option> flag enables a 2549 <quote>pre-<literal>buildworld</literal></quote> mode to files 2550 known to be essential to the success of the 2551 <literal>buildworld</literal> and 2552 <literal>installworld</literal> system updating steps. The 2553 <option>-C</option> flag, used after a successful 2554 &man.mergemaster.8; run, compares options in 2555 <filename>/etc/rc.conf</filename> to the default options in 2556 <filename>/etc/defaults/rc.conf</filename>. &merged;</para> 2557 2558 <para role="historic">mk_cmds(1) and the associated 2559 <filename>libss</filename> have been removed; they have been 2560 unused for quite some time. &merged;</para> 2561 2562 <para role="historic">&man.moused.8; now takes a <option>-a</option> option to 2563 control mouse acceleration. &merged;</para> 2564 2565 <para role="historic">&man.mtree.8; now includes support for a file that lists 2566 pathnames to be excluded when creating and verifying prototypes. 2567 This makes it easier to use &man.mtree.8; as a part of an 2568 intrusion-detection system. &merged;</para> 2569 2570 <para>&man.mv.1; now takes a (nonstandard) <option>-n</option> to 2571 automatically answer <quote>no</quote> when it would ask to 2572 overwrite a file.</para> 2573 2574 <para role="historic">&man.natd.8; now supports a 2575 <option>-log_ipfw_denied</option> option to log packets that 2576 cannot be re-injected because they are blocked by &man.ipfw.8; 2577 rules. &merged;</para> 2578 2579 <para role="historic">The <quote>in use</quote> percentage metric displayed by 2580 &man.netstat.1; now really reflects the percentage of network 2581 mbufs used. &merged;</para> 2582 2583 <para role="historic">&man.netstat.1; now has a <option>-W</option> flag that 2584 tells it not to truncate addresses, even if they're too long for 2585 the column they're printed in. &merged;</para> 2586 2587 <para role="historic">&man.netstat.1; now keeps track of input and output packets 2588 on a per-address basis for each interface. &merged;</para> 2589 2590 <para role="historic">&man.netstat.1; now has a <option>-z</option> flag to reset 2591 statistics. &merged;</para> 2592 2593 <para role="historic">&man.netstat.1; now has a <option>-S</option> flag to print 2594 address numerically but port names symbolically. &merged;</para> 2595 2596 <para role="historic">&man.newfs.8; now implements write combining, which can make 2597 creation of new filesystems up to seven times 2598 faster. &merged;</para> 2599 2600 <para role="historic">&man.newfs.8; now takes a <option>-U</option> option to 2601 enable softupdates on a new filesystem. &merged;</para> 2602 2603 <para role="historic">The default number of cylinders per group in &man.newfs.8; 2604 is now computed to be the maximum allowable given the current 2605 filesystem parameters. It can be overridden with the 2606 <option>-c</option> option. Formerly, the default was fixed at 2607 16. This change leads to better &man.fsck.8; performance and 2608 reduced fragmentation. &merged;</para> 2609 2610 <para role="historic"><anchor id="newfs-block-frag-sizes">The default block and 2611 fragment sizes for new filesystems created by &man.newfs.8; are 2612 now 16384 and 2048 bytes, respectively (the old defaults were 2613 8192 and 1024 bytes). This change generally provides increased 2614 performance, at the expense of some wasted disk 2615 space. &merged;</para> 2616 2617 <para>A number of archaic features of &man.newfs.8; have been 2618 removed; these implement tuning features that are essentially 2619 useless on modern hard disks. These features were controlled by 2620 the <option>-O</option>, <option>-d</option>, 2621 <option>-k</option>, <option>-l</option>, <option>-n</option>, 2622 <option>-p</option>, <option>-r</option>, <option>-t</option>, 2623 and <option>-x</option> flags.</para> 2624 2625 <para>&man.newfs.8; now supports a <option>-O</option> flag to 2626 select the creation of UFS1 or UFS2 filesystems.</para> 2627 2628 <para>The &man.newgrp.1; utility to change to a new group has been 2629 added.</para> 2630 2631 <para role="historic">&man.newsyslog.8; now has the ability to compress log files 2632 using &man.bzip2.1;. &merged;</para> 2633 2634 <para><application>NFS</application> now works over IPv6.</para> 2635 2636 <para role="historic">&man.ngctl.8; now supports a <option>write</option> command 2637 to send a data packet down a given hook. &merged;</para> 2638 2639 <para>&man.nice.1; now uses the <option>-n</option> option to 2640 specify the <quote>niceness</quote> of the utility being 2641 run. &merged;</para> 2642 2643 <para role="historic">&man.nl.1;, a line numbering filter program, has been 2644 added. &merged;</para> 2645 2646 <para><application>nsswitch</application> support has been merged 2647 from NetBSD. By creating an &man.nsswitch.conf.5; file, &os; 2648 can be configured so that various databases such as 2649 &man.passwd.5; and &man.group.5; can be looked up using flat 2650 files, NIS, or Hesiod. The old 2651 <filename>hosts.conf</filename> file is no longer used.</para> 2652 2653 <para><application>PAM</application> support has been added for 2654 account management and sessions.</para> 2655 2656 <para><application>PAM</application> configuration is now 2657 specified by files in <filename>/etc/pam.d/</filename>, rather 2658 than a single <filename>/etc/pam.conf</filename> file. 2659 <filename>/etc/pam.d/README</filename> has more details.</para> 2660 2661 <para>A &man.pam.echo.8; echo service module has been added.</para> 2662 2663 <para>A &man.pam.exec.8; program execution service module has been 2664 added.</para> 2665 2666 <para>A &man.pam.ftp.8; module has been added to allow 2667 authentication of anonymous FTP users.</para> 2668 2669 <para>A &man.pam.ftpusers.8; module has been added to perform 2670 checks against the &man.ftpusers.5; file.</para> 2671 2672 <para>A &man.pam.ksu.8; module has been added to do Kerberos 5 2673 authentication and <filename>$HOME/.k5login</filename> 2674 authorization for &man.su.1;.</para> 2675 2676 <para>A &man.pam.lastlog.8; module has been added to record 2677 sessions in the &man.utmp.5;, &man.wtmp.5;, and &man.lastlog.5; 2678 databases.</para> 2679 2680 <para>A &man.pam.login.access.8; module has been added, to allow 2681 checking against <filename>/etc/login.access</filename>.</para> 2682 2683 <para>The &man.pam.nologin.8; module, which can disallow logins 2684 using &man.nologin.5;, has been added.</para> 2685 2686 <para>The &man.pam.opie.8; and &man.pam.opieaccess.8; modules have 2687 been added to control authentication via &man.opie.4;.</para> 2688 2689 <para>A &man.pam.passwdqc.8; module has been added, to check the 2690 quality of passwords submitted during password changes.</para> 2691 2692 <para>A &man.pam.rhosts.8; module has been added to support 2693 &man.rhosts.5; authentication.</para> 2694 2695 <para>The &man.pam.rootok.8; module, which can be used to 2696 authenticate only the superuser, has been added.</para> 2697 2698 <para>A &man.pam.securetty.8; module has been added to check the 2699 <quote>security</quote> of a TTY, as listed in &man.ttys.5;.</para> 2700 2701 <para>A &man.pam.self.8; module, which allows self-authentication 2702 of a user, has been added.</para> 2703 2704 <para role="historic">A &man.pam.ssh.8; module has been added to allow the use of 2705 SSH passphrases and keypairs for authentication. This module 2706 also handles session management by invoking 2707 &man.ssh-agent.1;. &merged;</para> 2708 2709 <para>A &man.pam.wheel.8; module has been added to permit 2710 authentication to members of a group, which defaults to 2711 <groupname>wheel</groupname>.</para> 2712 2713 <para role="historic">&man.passwd.1; and &man.pw.8; now select the password hash 2714 algorithm at run time. See the <literal>passwd_format</literal> 2715 attribute in 2716 <filename>/etc/login.conf</filename>. &merged;</para> 2717 2718 <para role="historic">&man.patch.1; now accepts a <option>-i</option> command-line 2719 flag to read a patch from a file, rather than standard 2720 input. &merged;</para> 2721 2722 <para>The &man.pathchk.1; utility, which checks pathnames for 2723 validity or portability between POSIX systems, has been 2724 added.</para> 2725 2726 <para role="historic">&man.pax.1; has received a number of enhancements, including 2727 &man.cpio.1; functionality, &man.tar.1; compatibility 2728 enhancements, <option>-z</option> and <option>-Z</option> flags 2729 for &man.gzip.1; and &man.compress.1; functionality, and a 2730 number of bug fixes. &merged;</para> 2731 2732 <para role="historic">&man.pciconf.8; now supports a <option>-v</option> option to 2733 display the vendor/device information of configured devices, in 2734 conjunction with the <option>-l</option> option. The default 2735 vendor/device database can be found at 2736 <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para> 2737 2738 <para role="historic">The behavior of &man.periodic.8; is now controlled by 2739 <filename>/etc/defaults/periodic.conf</filename> and 2740 <filename>/etc/periodic.conf</filename>. &merged;</para> 2741 2742 <para role="historic">&man.ping.8; now supports a <option>-m</option> option to 2743 set the TTL of outgoing packets. &merged;</para> 2744 2745 <para role="historic">&man.ping.8; now supports a <option>-A</option> option to 2746 beep when packets are lost. &merged;</para> 2747 2748 <para role="historic">Userland &man.ppp.8; has received a number of updates and 2749 bug fixes. &merged;</para> 2750 2751 <para role="historic">&man.ppp.8; has gained the <literal>tcpmssfixup</literal> 2752 option, which adjusts outgoing and incoming TCP SYN packets so 2753 that the maximum receive segment size is no larger than allowed 2754 by the interface MTU. &merged;</para> 2755 2756 <para role="historic">&man.ppp.8; now supports IPv6. &merged;</para> 2757 2758 <para role="historic">&man.pppd.8; (the control program for kernel-level PPP) is 2759 now installed mode <literal>4550</literal> and 2760 <username>root</username><literal>:</literal><groupname>dialer</groupname>, 2761 rather than mode <literal>4555</literal> (in other words, it is 2762 no longer world-executable). Users of &man.pppd.8; may need to 2763 change their group settings. &merged;</para> 2764 2765 <para role="historic">&man.pr.1; now supports the <option>-f</option> and 2766 <option>-p</option> flags to pause output going to a 2767 terminal. &merged;</para> 2768 2769 <para>prefix(8) is obsolete and has been removed. Its 2770 functionality is provided by the <option>eui64</option> command 2771 to &man.ifconfig.8;.</para> 2772 2773 <para role="historic">The <option>-W</option> option to &man.ps.1; (to extract 2774 information from a specified swap device) has been useless for 2775 some time; it has been removed. &merged;</para> 2776 2777 <para>The &man.pselect.3; library function (introduced by POSIX.1 2778 as a slightly stronger version of &man.select.2;) has been 2779 added.</para> 2780 2781 <para role="historic">&man.pwd.1; can now double as &man.realpath.1;, a program to 2782 resolve pathnames to their underlying physical 2783 paths. &merged;</para> 2784 2785 <para>&man.pwd.1; now supports the <option>-L</option> flag to 2786 print the logical current working directory. &merged;</para> 2787 2788 <para>The pseudo-random number generator implemented by 2789 &man.rand.3; has been improved to provide less biased 2790 results.</para> 2791 2792 <para role="historic">&man.rc.8; now has an framework for handling dependencies 2793 between &man.rc.conf.5; variables. &merged;</para> 2794 2795 <para role="historic">&man.rc.8; now deletes all non-directory files in 2796 <filename>/var/run</filename> and 2797 <filename>/var/spool/lock</filename> at boot 2798 time. &merged;</para> 2799 2800 <para>&man.rcmd.3; now supports the use of the 2801 <envar>RSH</envar> environment variable to specify a program to 2802 use other than &man.rsh.1; for remote execution. As a result, 2803 programs such as &man.dump.8;, can use &man.ssh.1; for remote 2804 transport.</para> 2805 2806 <para>&man.rdist.1; has been retired from the base system, but is 2807 still available from &os; Ports Collection as 2808 <filename role="package">net/44bsd-rdist</filename>.</para> 2809 2810 <para role="historic">&man.reboot.8; now takes a <option>-k</option> to specify 2811 the next kernel to boot. &merged;</para> 2812 2813 <para>The &man.renice.8; command implements a <option>-n</option> 2814 option, which specifies an increment to be applied to the 2815 priority of a process. &merged;</para> 2816 2817 <para role="historic">The &man.resolver.3; in &os; now implements EDNS0 support, 2818 which will be necessary when working with IPv6 transport-ready 2819 resolvers/DNS servers. &merged;</para> 2820 2821 <para role="historic">The &man.rfork.thread.3; library call has been added as a 2822 helper function to &man.rfork.2;. Using this function should 2823 avoid the need to implement complex stack swap 2824 code. &merged;</para> 2825 2826 <para>The <option>-v</option> option to &man.rm.1; now displays 2827 the entire pathname of a file being removed.</para> 2828 2829 <para role="historic">&man.route.8; is now more verbose when changing indirect 2830 routes, in the case of a gateway route that is the same route as 2831 the one being modified. &merged;</para> 2832 2833 <para role="historic">&man.route.8; now uses 2834 <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal> 2835 syntax instead of 2836 <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal> 2837 syntax, for compatibility with &man.netstat.1;. &merged;</para> 2838 2839 <para role="historic">&man.route.8; can now create <quote>proxy only</quote> 2840 published ARP entries. &merged;</para> 2841 2842 <para role="historic">The &man.route.8; <option>add</option> command now supports 2843 the <option>-ifp</option> and <option>-ifa</option> 2844 modifiers. &merged;</para> 2845 2846 <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para> 2847 2848 <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename> 2849 (as on NetBSD), not 2850 <filename>/usr/libexec/cpp</filename>.</para> 2851 2852 <para>&man.rpc.lockd.8; has been imported from NetBSD. This 2853 daemon provides support for servicing client NFS locks.</para> 2854 2855 <para role="historic">The performance of the ELF dynamic linker &man.rtld.1; has 2856 been improved. &merged;</para> 2857 2858 <para role="historic">RSA Security has waived all patent rights to the 2859 <application>RSA</application> algorithm. As a result, the 2860 native <application>OpenSSL</application> implementation of the 2861 RSA algorithm is now activated by default, and the <filename 2862 role="package">security/rsaref</filename> port and the 2863 <filename>librsaUSA</filename> and 2864 <filename>librsaINTL</filename> libraries are no longer required 2865 for USA and non-USA residents respectively. &merged;</para> 2866 2867 <para>&man.rtld.1; will now print the names of all objects that 2868 cause each object to be loaded, if the 2869 <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment 2870 variable is defined.</para> 2871 2872 <para role="historic">&man.savecore.8; now supports a <option>-k</option> option 2873 to prevent clearing a crash dump after saving it. It also 2874 attempts to avoid writing large stretches of zeros to crash dump 2875 files to save space and time. &merged;</para> 2876 2877 <para role="historic">&man.savecore.8; now works correctly on machines with 2 GB 2878 or more of RAM. &merged;</para> 2879 2880 <para role="historic">&man.sed.1; now takes a <option>-E</option> option for 2881 extended regular expression support. &merged;</para> 2882 2883 <para>&man.sed.1; now takes a <option>-i</option> option to enable 2884 in-place editing of files. &merged;</para> 2885 2886 <para role="historic">&man.send-pr.1; now takes a <option>-a</option> option to 2887 include a file into the <literal>Fix:</literal> section of a 2888 problem report. &merged;</para> 2889 2890 <para>The &man.setfacl.1; and &man.getfacl.1; commands have been 2891 added to manage filesystem Access Control Lists.</para> 2892 2893 <para role="historic">&man.setproctitle.3; has been moved from 2894 <filename>libutil</filename> to 2895 <filename>libc</filename>. &merged;</para> 2896 2897 <para role="historic">&man.sh.1; now implements <command>test</command> as a 2898 built-in command for improved efficiency. &merged;</para> 2899 2900 <para>&man.sh.1; no longer implements <command>printf</command> as 2901 a built-in command because it was considered less valuable 2902 compared to the other built-in commands (this functionality is, 2903 of course, still available through the &man.printf.1; 2904 executable).</para> 2905 2906 <para>&man.sh.1; now supports a <option>-C</option> option to 2907 prevent existing regular files from being overwritten by output 2908 redirection, and a <option>-u</option> to give an error if an 2909 unset variable is expanded.</para> 2910 2911 <para role="historic">&man.sockstat.1; now has <option>-c</option> and 2912 <option>-l</option> flags for listing connected and listening 2913 sockets, respectively. &merged;</para> 2914 2915 <para>&man.spkrtest.8; is now a &man.sh.1; script, rather than a 2916 Perl script.</para> 2917 2918 <para role="historic">&man.split.1; now has the ability to split a file longer 2919 than 2GB. &merged;</para> 2920 2921 <para>&man.split.1; now supports a <option>-a</option> option to 2922 specify the number of letters to use for the suffix of split 2923 files.</para> 2924 2925 <para>In preparation for meeting SUSv2/POSIX 2926 <filename><sys/select.h></filename> requirements, 2927 <literal>struct selinfo</literal> and related functions have been 2928 moved to <filename><sys/selinfo.h></filename>.</para> 2929 2930 <para role="historic">The &man.strnstr.3; and &man.strcasestr.3; variants of 2931 &man.strstr.3; have been implemented. &merged;</para> 2932 2933 <para role="historic">&man.stty.1; now has support for an 2934 <literal>erase2</literal> control character, so that, for 2935 example, both the <keycap>Delete</keycap> and 2936 <keycap>Backspace</keycap> keys can be used to erase 2937 characters. &merged;</para> 2938 2939 <para>&man.su.1; now uses <application>PAM</application> for 2940 authentication.</para> 2941 2942 <para role="historic">Boot-time &man.syscons.4; configuration was moved to a 2943 machine-independent 2944 <filename>/etc/rc.syscons</filename>. &merged;</para> 2945 2946 <para role="historic">&man.sysctl.8; now supports a <option>-N</option> option to 2947 print out variable names only. &merged;</para> 2948 2949 <para role="historic">&man.sysctl.8; has replaced the <option>-A</option> and 2950 <option>-X</option> options with <option>-ao</option> and 2951 <option>-ax</option> respectively; the former options are now 2952 deprecated. The <option>-w</option> option is deprecated as 2953 well; it is not needed to determine the user's 2954 intentions. &merged;</para> 2955 2956 <para role="historic">&man.sysctl.8; now supports a <option>-e</option> option to 2957 separate variable names and values by <literal>=</literal> 2958 rather than <literal>:</literal>. This feature is useful for 2959 producing output that can be fed back to 2960 &man.sysctl.8;. &merged;</para> 2961 2962 <para>&man.sysctl.8; now accepts a <option>-d</option> flag to print 2963 the descriptions of variables.</para> 2964 2965 <para role="historic">&man.sysinstall.8; now properly preserves 2966 <filename>/etc/mail</filename> during a binary 2967 upgrade. &merged;</para> 2968 2969 <para role="historic">&man.sysinstall.8; now uses some more intuitive defaults 2970 thanks to some new dialog support functions. &merged;</para> 2971 2972 <para>The default root partition in &man.sysinstall.8; is now 2973 100MB on the i386 and pc98, 120MB on the Alpha.</para> 2974 2975 <para>&man.sysinstall.8; now lives in 2976 <filename>/usr/sbin</filename>, which simplifies the 2977 installation process. The &man.sysinstall.8; manpage is also 2978 installed in a more consistent fashion now.</para> 2979 2980 <para role="historic">&man.sysinstall.8; now has the ability to load KLDs as a 2981 part of the installation. &merged;</para> 2982 2983 <para role="historic">When run from the installation media, &man.sysinstall.8; 2984 will automatically load any device drivers found in the 2985 <filename>/stand/modules</filename> directory of the 2986 <literal>mfsroot</literal> floppy or filesystem image. Note 2987 that any drivers so loaded will not appear in the kernel's boot 2988 messages; the &man.sysinstall.8; debugging screen will provide 2989 additional information. &merged;</para> 2990 2991 <para role="historic">&man.sysinstall.8; now enables Soft Updates by default on 2992 all filesystems it creates, except for the root 2993 filesystem. &merged;</para> 2994 2995 <para role="historic">&man.sysinstall.8; has received updates for its 2996 <quote>auto</quote> partitioning mode which provide more 2997 reasonable defaults for the sizes of partitions that are 2998 created; auto-sized partitions can now also recover the space 2999 that becomes available when other partitions are 3000 deleted. &merged;</para> 3001 3002 <para>&man.sysinstall.8; no longer mounts the &man.procfs.5; 3003 filesystem by default on new installs.</para> 3004 3005 <para role="historic">&man.sysinstall.8; now has rudimentary support for 3006 retrieving packages from the correct volume of a multiple-volume 3007 installation (such as a multi-CD distribution). &merged;</para> 3008 3009 <para role="historic">&man.syslogd.8; can take a <option>-n</option> option to 3010 disable DNS queries for every request. &merged;</para> 3011 3012 <para role="historic">&man.syslogd.8; now supports a 3013 <literal>LOG_CONSOLE</literal> facility (disabled by default), 3014 which can be used to log <filename>/dev/console</filename> 3015 output. &merged;</para> 3016 3017 <para role="historic">&man.syslogd.8; now has the ability to bind to a specific 3018 address (as opposed to using every available one) via the 3019 <option>-b</option> option. &merged;</para> 3020 3021 <para role="historic">&man.syslogd.8; now accepts a <option>-c</option> flag to 3022 disable repeated line compression. &merged;</para> 3023 3024 <para>&man.tabs.1;, a utility to set terminal tab stops, has been 3025 added.</para> 3026 3027 <para role="historic">&man.tail.1; now has the ability to work on files longer 3028 than 2GB. &merged;</para> 3029 3030 <para role="historic">&man.tar.1; now supports the <varname>TAR_RSH</varname> 3031 variable, principally to enable the use of &man.ssh.1; as a 3032 transport. &merged;</para> 3033 3034 <para role="historic">&man.telnet.1; now does autologin and encryption by default; 3035 a new <option>-y</option> option turns off encryption. &merged;</para> 3036 3037 <para role="historic">&man.telnet.1; now supports a <option>-u</option> flag to 3038 allow connections to UNIX-domain (<literal>AF_UNIX</literal>) 3039 sockets. &merged;</para> 3040 3041 <para role="historic">&man.tftp.1; and &man.tftpd.8; now support IPv6. &merged;</para> 3042 3043 <para role="historic">&man.tftpd.8; now takes the <option>-c</option> and 3044 <option>-C</option> options, which allow the server to 3045 &man.chroot.2; based on the IP address of the connecting client. 3046 &man.tftp.1; and &man.tftpd.8; can now transfer files larger 3047 than 65535 blocks. &merged;</para> 3048 3049 <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval 3050 and Transfer Size Options); this feature is required by some 3051 firmware like EFI boot managers (at least on HP i2000 Itanium 3052 servers) in order to boot an image using 3053 <application>TFTP</application>.</para> 3054 3055 <para arch="alpha">&man.timed.8; now works on the alpha.</para> 3056 3057 <para>A version of Transport Independent RPC 3058 (<application>TI-RPC</application>) has been imported.</para> 3059 3060 <para role="historic">&man.tmpnam.3; will now use the <envar>TMPDIR</envar> 3061 environment variable, if set, to specify the location of 3062 temporary files. &merged;</para> 3063 3064 <para>&man.tip.1; has been updated from 3065 <application>OpenBSD</application>, and has the ability to act 3066 as a &man.cu.1; substitute.</para> 3067 3068 <para>&man.top.1; will now use the full width of its tty.</para> 3069 3070 <para>&man.touch.1; now takes a <option>-h</option> option to 3071 operate on a symbolic link, rather than what the link points 3072 to.</para> 3073 3074 <para role="historic">The &man.truncate.1; utility, which truncates or extends the 3075 length of files, has been added. &merged;</para> 3076 3077 <para role="historic">Ukrainian language support has been added to the &os; 3078 console. &merged;</para> 3079 3080 <para><application>UUCP</application> has been removed from the 3081 base system. It can be found in the Ports Collection, in 3082 <filename role="package">net/freebsd-uucp</filename>.</para> 3083 3084 <para>&man.unexpand.1; now supports a <option>-t</option> to 3085 specify tabstabs analogous to &man.expand.1;. &merged;</para> 3086 3087 <para role="historic">&man.units.1; has received some updates and 3088 bugfixes. &merged;</para> 3089 3090 <para>&man.usbdevs.8; now supports a <option>-d</option> flag to 3091 show the device driver associated with each device.</para> 3092 3093 <para role="historic">The &man.usbhidctl.1; utility has been added to manipulate 3094 USB Human Interface Devices. &merged;</para> 3095 3096 <para role="historic">&man.uuencode.1; and &man.uudecode.1; now accept a <option>-o</option> option to 3097 set their output files. &man.uuencode.1; can now be made to do base64 encoding 3098 when given the <option>-m</option> flag, while &man.uudecode.1; 3099 can now automatically decode base64 files. &merged;</para> 3100 3101 <para>The base64 capabilities of &man.uuencode.1; and 3102 &man.uudecode.1; can now be automatically enabled by invoking 3103 these utilities as &man.b64encode.1; and &man.b64decode.1; 3104 respectively.</para> 3105 3106 <para>The &man.uuidgen.1; utility has been added. It uses the new 3107 &man.uuidgen.2; system call to generate one or more Universally 3108 Unique Identifiers compatible with OSF/DCE 1.1 version 1 3109 UUIDs.</para> 3110 3111 <para role="historic">&man.vidcontrol.1; now accepts a <option>-g</option> 3112 parameter to select custom text geometry in the 3113 <literal>VESA_800x600</literal> raster text mode. &merged;</para> 3114 3115 <para role="historic">&man.vidcontrol.1; now allows the user to omit the font size 3116 specification when loading a font, and has some better 3117 error-handling. &merged;</para> 3118 3119 <para role="historic">&man.vidcontrol.1; now supports a <option>-p</option> option 3120 to take a snapshot of a &man.syscons.4; video buffer. These 3121 snapshots can be manipulated by the 3122 <filename role="package">graphics/scr2png</filename> utility in 3123 the Ports Collection. &merged;</para> 3124 3125 <para role="historic">&man.vidcontrol.1; now supports a <option>-C</option> option 3126 to clear the history buffer for a given tty, as well as a 3127 <option>-h</option> option to set the size of the history 3128 buffer. &merged;</para> 3129 3130 <para>The default stripe size in &man.vinum.8; has been changed 3131 from 256KB to 279KB, to spread out superblocks more evenly 3132 between stripes.</para> 3133 3134 <para role="historic">&man.wall.1; now supports a <option>-g</option> flag to 3135 write a message to all users of a given group. &merged;</para> 3136 3137 <para role="historic">&man.watch.8; now takes a <option>-f</option> option to 3138 specify a &man.snp.4; device to use. &merged;</para> 3139 3140 <para>&man.wc.1; now supports a <option>-m</option> flag to 3141 count characters, rather than bytes.</para> 3142 3143 <para>&man.which.1; is now a C program, rather than a Perl 3144 script.</para> 3145 3146 <para>&man.who.1; now has a number of new options: 3147 <option>-H</option> shows column headings; <option>-T</option> 3148 shows &man.mesg.1; state; <option>-m</option> is an equivalent 3149 to <option>am i</option>; <option>-u</option> shows idle time; 3150 <option>-q</option> to list names in columns.</para> 3151 3152 <para role="historic">&man.whois.1; now directs queries for IP addresses to ARIN. 3153 If a query to ARIN references APNIC or RIPE, the appropriate 3154 server will also be queried, provided that the 3155 <option>-Q</option> option is not specified. &merged;</para> 3156 3157 <para role="historic">&man.whois.1; supports a <option>-c</option> option to 3158 specify a country code to help direct queries towards a 3159 particular whois server. &merged;</para> 3160 3161 <para>&man.xargs.1; now supports a <option>-I</option> 3162 <replaceable>replstr</replaceable> option that allows the user 3163 to tell &man.xargs.1; to insert the data read from standard 3164 input at specific points in the command line arguments rather 3165 than at the end. (A &os;-specific <option>-J</option> option is 3166 similar, but is now deprecated in favor of the more portable 3167 <option>-I</option> option.) &merged;</para> 3168 3169 <para>&man.xargs.1; now supports a <option>-L</option> option to 3170 force its utility argument to be called after some number of 3171 lines. &merged;</para> 3172 3173 <para role="historic">The compiler chain now uses the FSF-supplied C/C++ runtime 3174 initialization code. This change brings about better 3175 compatibility with code generated from the various egcs and gcc 3176 ports, as well as the stock public FSF source. &merged;</para> 3177 3178 <para role="historic">The threads library has gained some signal handling changes, 3179 bug fixes, and performance enhancements (including zero system 3180 call thread switching). &man.gdb.1; thread support has been 3181 updated to match these changes. &merged;</para> 3182 3183 <para role="historic">Significant additions have been made to internationalization 3184 support; &os; now has complete locale support for the 3185 <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>, 3186 and <literal>LC_MESSAGES</literal> categories. A number of 3187 applications have been updated to take advantage of this 3188 support. &merged;</para> 3189 3190 <para role="historic">Locale names have been changed to improve compatibility with 3191 the names used by X11R6, as well as a number of other UNIX 3192 versions. As an example, the 3193 <literal>en_US.ISO_8859-1</literal> locale name has been changed 3194 to 3195 <literal>en_US.ISO8859-1</literal>. Entries in 3196 <filename>/etc/locale.alias</filename> provide backward 3197 compatibility. &merged;</para> 3198 3199 <para role="historic"><filename>/usr/src/share/examples/BSD_daemon/</filename> now 3200 contains a scalable Beastie graphic. &merged;</para> 3201 3202 <para role="historic">As part of an ongoing process, many manual pages were 3203 improved, both in terms of their formatting markup and in their 3204 content. &merged;</para> 3205 3206 <para>A number of utilities and libraries were enhanced to improve 3207 their conformance with the Single UNIX Specification (SUSv3) and 3208 IEEE Std 1003.1-2001 (<quote>POSIX.1</quote>). Specific 3209 features added have been listed in the release notes for each 3210 utility. The standards conformance of each utility or library 3211 function is generally listed in its manual page.</para> 3212 3213 <sect3> 3214 <title>Contributed Software</title> 3215 3216 <para><application>am-utils</application> has been updated to 3217 6.0.7.</para> 3218 3219 <para>A 10 February 2002 snapshot of <application>awk</application> from Bell Labs (variously 3220 known as <quote>BWK awk</quote> or <quote>The One True 3221 AWK</quote>) has been imported. It is available as 3222 <command>awk</command> or 3223 <command>nawk</command>.</para> 3224 3225 <para role="historic"><application>bc</application> has been updated from 1.04 to 3226 1.06. &merged;</para> 3227 3228 <para role="historic">The ISC library from the <application>BIND</application> 3229 distribution is now built as 3230 <filename>libisc</filename>. &merged;</para> 3231 3232 <para role="historic"><application>BIND</application> is now built with the 3233 <literal>NOADDITIONAL</literal> flag, which causes 3234 &man.named.8; to operate in a more consistent fashion for 3235 certain common misconfigurations. &merged;</para> 3236 3237 <para role="historic"><application>BIND</application> has been updated to 3238 8.3.2-T1B. &merged;</para> 3239 3240 <para><application>Binutils</application> has been updated to 3241 2.12.0.</para> 3242 3243 <para role="historic"><application>bzip2</application> 1.0.2 has been imported; 3244 this brings the &man.bzip2.1; program and the 3245 <filename>libbz2</filename> library to the base 3246 system. &merged;</para> 3247 3248 <para role="historic">The &man.ee.1; <application>Easy Editor</application> has 3249 been updated to 1.4.2. &merged;</para> 3250 3251 <para><application>file</application> has been updated to 3252 3.37.</para> 3253 3254 <para><application>gcc</application> has been updated to 3255 a snapshot of <application>gcc</application> 3.1. 3256 <warning> 3257 <para>The integration of <application>gcc</application> is 3258 very new. Some applications and programs in the base 3259 system require fixes or compiler flags to build 3260 correctly. Work to address these problems is ongoing.</para> 3261 </warning> 3262 </para> 3263 3264 <para role="historic">&man.gcc.1; now uses a unified <filename>libgcc</filename> 3265 rather than a separate one for threaded and non-threaded 3266 programs. <filename>/usr/lib/libgcc_r.a</filename> can be 3267 removed. &merged;</para> 3268 3269 <para role="historic">&man.gcc.1; now supports the environment variable 3270 <envar>GCC_OPTIONS</envar>, which can hold a set of default 3271 options for <application>GCC</application>. &merged;</para> 3272 3273 <para role="historic"><application>GNATS</application> has been updated to 3274 3.113. &merged;</para> 3275 3276 <para><application>gperf</application> has been updated to 3277 2.7.2.</para> 3278 3279 <para role="historic"><application>groff</application> and its related utilities 3280 have been updated to FSF version 1.17.2. This import brings 3281 in a new &man.mdoc.7; macro package (sometimes referred to as 3282 <literal>mdocNG</literal>), which removes many of the 3283 limitations of its predecessor. &merged;</para> 3284 3285 <para role="historic"><application>Heimdal Kerberos</application> has been updated to 3286 0.4e. &merged;</para> 3287 3288 <para role="historic">The version of <application>IPFilter</application> 3289 provided with &os; now includes the &man.ipfs.8; program, 3290 which allows state information created for NAT entries and 3291 stateful rules to be saved to disk and restored after a 3292 reboot. Boot-time configuration of these features is 3293 supported by &man.rc.conf.5;. &merged;</para> 3294 3295 <para role="historic">The <application>ISC DHCP</application> client has been 3296 updated to 3.0.1RC8. &merged;</para> 3297 3298 <para role="historic"><application>Kerberos IV</application> has been updated to 3299 1.0.5. &merged;</para> 3300 3301 <para>The &man.more.1; command has been replaced by 3302 &man.less.1;, although it can still be run as 3303 <command>more</command>. &merged; Version 371 of 3304 <application>less</application> has been imported.</para> 3305 3306 <para><application>libpcap</application> has been updated to 3307 0.7.1.</para> 3308 3309 <para><application>libreadline</application> has been updated to 3310 4.2.</para> 3311 3312 <para><application>libz</application> has been updated to 3313 1.1.4.</para> 3314 3315 <para><application>lint</application> has been updated to 3316 snapshot of NetBSD &man.lint.1; as of 3 March 2002.</para> 3317 3318 <para><application>lukemftp</application> 1.6 beta 2 (the FTP client from 3319 NetBSD) has replaced the &os; &man.ftp.1; program. Among its 3320 new features are more automation methods, better standards 3321 compliance, transfer rate throttling, and a customizable 3322 command-line prompt. Some environment variables and 3323 command-line arguments have changed.</para> 3324 3325 <para>The FTP daemon from NetBSD, otherwise known as 3326 <application>lukemftpd</application> 1.2 beta 1, has been imported and is 3327 available as &man.lukemftpd.8;. &merged;</para> 3328 3329 <para>&man.m4.1; has been imported from OpenBSD, as of 26 April 3330 2002.</para> 3331 3332 <para><application>ncurses</application> has been updated to 3333 5.2-20020615.</para> 3334 3335 <para role="historic">The <application>NTP</application> suite of programs has 3336 been updated to 4.1.0. &merged;</para> 3337 3338 <para><application>OpenPAM</application> 3339 (<quote>Cinnamon</quote> release) has been imported, 3340 replacing 3341 <application>Linux-PAM</application>.</para> 3342 3343 <para>The <application>OPIE</application> one-time-password 3344 suite has been updated to 2.4. It has completely 3345 replaced the functionality of 3346 <application>S/Key</application>.</para> 3347 3348 <para><application>Perl</application> has been removed from the 3349 &os; base system. It can still be installed from the &os; 3350 Ports Collection or as a binary package; moving it out of the 3351 base system will make future upgrades and maintenence easier. 3352 To reduce the dependence of the base system on 3353 Perl, many utilities have been 3354 rewritten as shell scripts or C programs (specific notes are 3355 made for each affected utility). 3356 <filename>/usr/bin/perl</filename> is now a 3357 <quote>wrapper</quote> program, so that programs expecting to 3358 find a Perl interpreter there will 3359 be able to function correctly. 3360 3361 <warning> 3362 <para>The Perl removal and 3363 package integration work is ongoing.</para> 3364 </warning> 3365 3366 </para> 3367 3368 <para><application>GNU ptx</application> has been removed from 3369 the base system. It is not used anywhere in the base system, 3370 and has not been recently updated or maintained. Users 3371 requiring its functionality can install this utility as a part 3372 of the <filename role="package">textproc/textutils</filename> 3373 port.</para> 3374 3375 <para>The <literal>rc.d</literal> framework from NetBSD has been 3376 imported. It breaks down the system startup functionality 3377 into a number of small, <quote>task-oriented</quote> scripts 3378 in <filename>/etc/rc.d</filename>, with dynamic-determined 3379 ordering of startup scripts performed at boot-time. 3380 3381 <note> 3382 <para>This feature is currently disabled by default. It can 3383 be enabled by setting <literal>rc_ng="YES"</literal> in 3384 <filename>/etc/rc.conf</filename>.</para> 3385 </note> 3386 3387 </para> 3388 3389 <para role="historic">&man.routed.8; has been updated to version 3390 2.22. &merged;</para> 3391 3392 <para arch="i386,pc98">Version 1.4.4 of the 3393 <application>smbfs</application> userland utilities have been 3394 imported.</para> 3395 3396 <para><application>GNU sort</application> has been updated to 3397 the version from <application>GNU textutils 3398 2.0.21</application>.</para> 3399 3400 <para>&man.stat.1; from <application>NetBSD</application>, as of 3401 5 June 2002 has, been imported.</para> 3402 3403 <para><application>GNU tar</application> has been updated to 3404 1.13.25.</para> 3405 3406 <para><application>tcpdump</application> has been updated to 3407 3.7.1.</para> 3408 3409 <para role="historic">The &man.csh.1; shell has been replaced by &man.tcsh.1;, 3410 although it can still be run as <command>csh</command>. 3411 <application>tcsh</application> has been updated to version 3412 6.11. &merged;</para> 3413 3414 <para>The contributed version of 3415 <application>tcp_wrappers</application> now includes the 3416 &man.tcpd.8; helper daemon. While not strictly necessary in a 3417 standard &os; installation (because &man.inetd.8; already 3418 incorporates this functionality), this may be useful for 3419 &man.inetd.8; replacements such as 3420 <application>xinetd</application>.</para> 3421 3422 <para role="historic"><application>texinfo</application> has been updated to 3423 4.1. &merged;</para> 3424 3425 <para><application>top</application> has been updated to version 3426 3.5b12.</para> 3427 3428 <para role="historic">&man.traceroute.8; now takes its default maximum TTL value 3429 from the <varname>net.inet.ip.ttl</varname> sysctl 3430 variable. &merged;</para> 3431 3432 <para role="historic">The timezone database has been updated to the 3433 <filename>tzdata2002c</filename> release. &merged;</para> 3434 3435 <sect4> 3436 <title>CVS</title> 3437 3438 <para role="historic"><application>cvs</application> has been updated to 3439 1.11.1p1. &merged;</para> 3440 3441 <para role="historic">The default value for &man.cvs.1;'s 3442 <envar>CVS_RSH</envar> variable is now 3443 <literal>ssh</literal>, rather than 3444 <literal>rsh</literal>. &merged;</para> 3445 3446 <para role="historic">&man.cvs.1; now supports a <option>-T</option> option to 3447 update a sandbox's <filename>CVS/Template</filename> file 3448 from the repository. &merged;</para> 3449 3450 <para role="historic">&man.cvs.1; <literal>diff</literal> now supports the 3451 <option>-j</option> option to perform differences against a 3452 revision relative to a branch tag. &merged;</para> 3453 </sect4> 3454 3455 <sect4> 3456 <title>CVSup</title> 3457 3458 <para role="historic"><application>CVSup</application>, a frequently used 3459 utility in the &os; Ports Collection, was formerly 3460 installable using several ports and packages. The 3461 <filename role="package">net/cvsup-bin</filename> and 3462 <filename role="package">net/cvsupd-bin</filename> 3463 ports/packages are no longer necessary or available; the 3464 <filename role="package">net/cvsup</filename> port should be 3465 used instead. &merged;</para> 3466 3467 <para role="historic"><application>CVSup</application> has been updated to 3468 16.1_3, which is available in the &os; Ports Collection as 3469 <filename role="package">net/cvsup</filename>. This update 3470 fixes a long-standing (but only recently encountered) bug 3471 which affects the timestamps on all files after Sun Sep 9 3472 01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX 3473 epoch). &merged;</para> 3474 </sect4> 3475 3476 <sect4 id="kame-userland"> 3477 <title>KAME</title> 3478 3479 <para role="historic">The IPv6 stack is now based on a snapshot based on the 3480 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of 3481 the items listed in this section are a result of this 3482 import. 3483 <xref linkend="kame-kernel"> lists kernel updates to the 3484 KAME IPv6 stack. &merged;</para> 3485 3486 <para role="historic">&man.faithd.8; now supports a configuration file for 3487 access control. &merged;</para> 3488 3489 <para role="historic">&man.ifconfig.8; can now perform the functions of 3490 gifconfig(8). &merged;</para> 3491 3492 <para role="historic">&man.ifconfig.8; can now perform the functions of 3493 prefix(8). &merged;</para> 3494 3495 <para role="historic">&man.ndp.8; now implements garbage collection for stale 3496 NDP entries, as described in RFC 2461 (Neighbor Discovery 3497 for IP Version 6 (IPv6)). &merged;</para> 3498 3499 <para role="historic">pim6dd(8) and pim6sd(8) have been removed due 3500 to restrictive licensing conditions. These programs are 3501 available in the ports collection as 3502 <filename role="package">net/pim6dd</filename> and 3503 <filename role="package">net/pim6sd</filename>. &merged;</para> 3504 3505 <para role="historic">&man.route6d.8; now supports an <option>-n</option> flag 3506 to avoid updating the kernel forwarding 3507 table. &merged;</para> 3508 3509 <para role="historic">The <option>-R</option> (router renumbering) option to 3510 &man.rtadvd.8; is currently ignored. &merged;</para> 3511 </sect4> 3512 3513 <sect4> 3514 <title>OpenSSH</title> 3515 3516 <para role="historic"><application>OpenSSH</application> has been updated to 3517 2.9, which provides support for the SSH2 protocol (now the 3518 default) and DSA keys. &man.ssh-add.1; and 3519 &man.ssh-agent.1; can now handle DSA keys, with support for 3520 authentication forwarding. 3521 <application>OpenSSH</application> users in the USA no 3522 longer need to rely on the restrictively-licensed RSAREF 3523 toolkit which is required to handle RSA keys. Among other 3524 new features: A client and server for &man.sftp.1; has been added. 3525 &man.scp.1; can now handle files larger than 2 GBytes. A 3526 limit on the number of outstanding, unauthenticated 3527 connections in &man.sshd.8; has been added. Support has 3528 been added for the Rijndael encryption algorithm. Rekeying 3529 of existing sessions is now supported, and an experimental 3530 <application>SOCKS4</application> proxy has been added to 3531 &man.ssh.1;. &merged;</para> 3532 3533 <para><application>OpenSSH</application> has been updated to 3534 version 3.1. Among the changes: 3535 <itemizedlist> 3536 <listitem> 3537 <para>The <filename>*2</filename> files are obsolete 3538 (for example, 3539 <filename>~/.ssh/known_hosts</filename> can hold the 3540 contents of 3541 <filename>~/.ssh/known_hosts2</filename>).</para> 3542 </listitem> 3543 <listitem> 3544 <para>&man.ssh-keygen.1; can import and export keys using 3545 the SECSH Public Key File Format, for key exchange 3546 with several commercial SSH implementations.</para> 3547 </listitem> 3548 <listitem> 3549 <para>&man.ssh-add.1; now adds all three default keys.</para> 3550 </listitem> 3551 <listitem> 3552 <para>&man.ssh-keygen.1; no longer defaults to a 3553 specific key type; one must be specified with the 3554 <option>-t</option> option.</para> 3555 </listitem> 3556 </itemizedlist> 3557 </para> 3558 3559 <para><application>OpenSSH</application> has been updated to 3560 3.4p1. The main changes are: 3561 <itemizedlist> 3562 <listitem> 3563 <para>A <quote>privilege separation</quote> feature, 3564 which uses unprivileged processes to contain and 3565 restrict the effects of future compromises or 3566 programming errors.</para> 3567 </listitem> 3568 3569 <listitem> 3570 <para>Several bugfixes, including closure of a 3571 security hole that could lead to an integer overflow 3572 and undesired privilege escalation.</para> 3573 </listitem> 3574 </itemizedlist> 3575 </para> 3576 3577 <para><application>OpenSSH</application> can now authenticate 3578 using <application>OPIE</application> passwords.</para> 3579 3580 <para><application>PAM</application> support for 3581 <application>OpenSSH</application> has been added.</para> 3582 3583 <para>A long-standing bug in 3584 <application>OpenSSH</application>, which sometimes resulted 3585 in a dropped session when an X11-forwarded client was 3586 closed, was fixed.</para> 3587 3588 <para role="historic"><application>Kerberos</application> compatibility has 3589 been added to 3590 <application>OpenSSH</application>. &merged;</para> 3591 3592 <para role="historic"><application>OpenSSH</application> has been modified to 3593 be more resistant to traffic analysis by requiring that 3594 <quote>non-echoed</quote> characters are still echoed back 3595 in a null packet, as well as by padding passwords sent so as 3596 not to hint at password lengths. &merged;</para> 3597 3598 <para role="historic">&man.sshd.8; is now enabled by default on new 3599 installs. &merged;</para> 3600 3601 <para role="historic">&man.sshd.8; <literal>X11Forwarding</literal> is now 3602 turned on by default on the server (any risk is to the 3603 client, where it is already disabled by 3604 default). &merged;</para> 3605 3606 <para role="historic">In <filename>/etc/ssh/sshd_config</filename>, the 3607 <literal>ConnectionsPerPeriod</literal> parameter has been 3608 deprecated in favor of 3609 <literal>MaxStartups</literal>. &merged;</para> 3610 3611 <para role="historic"><application>OpenSSH</application> now has a 3612 <literal>VersionAddendum</literal> configuration setting for 3613 &man.sshd.8; to allow changing the part of the 3614 <application>OpenSSH</application> version string after the 3615 main version number. &merged;</para> 3616 </sect4> 3617 3618 <sect4> 3619 <title>OpenSSL</title> 3620 3621 <para><application>OpenSSL</application> has been updated to 3622 0.9.6c.</para> 3623 3624 <para role="historic"><application>OpenSSL</application> now has support for 3625 machine-dependent ASM optimizations, activated by the new 3626 <varname>MACHINE_CPU</varname> and/or 3627 <varname>CPUTYPE</varname> 3628 <filename>make.conf</filename> variables. &merged;</para> 3629 </sect4> 3630 3631 <sect4> 3632 <title>sendmail</title> 3633 3634 <para><application>sendmail</application> has been updated 3635 from version 8.9.3 to version 8.12.5. Important changes 3636 include: &man.sendmail.8; is no longer installed as a 3637 set-user-ID <username>root</username> binary (now set-group-ID <groupname>smmsp</groupname>); new 3638 default file locations (see 3639 <filename>/usr/src/contrib/sendmail/cf/README</filename>); 3640 &man.newaliases.1; is limited to <username>root</username> 3641 and trusted users; STARTTLS encryption; and the MSA port 3642 (587) is turned on by default. See 3643 <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> 3644 for more information. &merged;</para> 3645 3646 <para role="historic">&man.mail.local.8; is no longer installed as a 3647 set-user-ID binary. If you are using a 3648 <filename>/etc/mail/sendmail.cf</filename> from the default 3649 <filename>sendmail.cf</filename> included with &os; any time 3650 after 3.1.0, you are fine. If you are using a 3651 hand-configured <filename>sendmail.cf</filename> and 3652 <command>mail.local</command> for delivery, check to make sure the 3653 <literal>F=S</literal> flag is set on the 3654 <literal>Mlocal</literal> line. Those with 3655 <filename>.mc</filename> files who need to add the flag can 3656 do so by adding the following line to their 3657 <filename>.mc</filename> file and regenerating the 3658 <filename>sendmail.cf</filename> file:</para> 3659 3660 <programlisting role="historic">MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting> 3661 3662 <para role="historic">Note that <literal>FEATURE(`local_lmtp')</literal> already 3663 does this. &merged;</para> 3664 3665 <para role="historic">The default <filename>/etc/mail/sendmail.cf</filename> 3666 disables the SMTP <literal>EXPN</literal> and 3667 <literal>VRFY</literal> commands. &merged;</para> 3668 3669 <para role="historic">&man.vacation.1; has been updated to use the version 3670 included with <application>sendmail</application>. &merged;</para> 3671 3672 <para role="historic">The <application>sendmail</application> configuration 3673 building tools are installed in 3674 <filename>/usr/share/sendmail/cf/</filename>. &merged;</para> 3675 3676 <para role="historic">New <filename>make.conf</filename> options: 3677 <varname>SENDMAIL_MC</varname> and 3678 <varname>SENDMAIL_ADDITIONAL_MC</varname>. See 3679 <filename>/usr/share/examples/etc/make.conf</filename> for more 3680 information. &merged;</para> 3681 3682 <para role="historic"><filename>/etc/mail/Makefile</filename> now supports: 3683 the new <varname>SENDMAIL_MC</varname> 3684 <filename>make.conf</filename> option; the ability to build 3685 <filename>.cf</filename> files from 3686 <filename>.mc</filename> files; generalized map rebuilding; 3687 rebuilding the aliases file; and the ability to stop, start, 3688 and restart 3689 <application>sendmail</application>. &merged;</para> 3690 3691 <para role="historic">The <username>smmsp</username> and 3692 <username>mailnull</username> users have been added to 3693 <filename>/etc/master.passwd</filename>. In the absence of a 3694 <literal>confDEF_USER_ID</literal> setting, by default, 3695 <application>sendmail</application> will use the 3696 <username>mailnull</username> user for extra security. 3697 Previously, if the <username>mailnull</username> user did 3698 not exist, the <username>daemon</username> user was used. 3699 This change may generate some permissions issues when 3700 mailing to files or to programs (such as <filename 3701 role="package">mail/majordomo</filename>). &merged; The 3702 previous behavior can be restored by adding the following 3703 line to a system's 3704 <filename><replaceable>*</replaceable>.mc</filename> 3705 configuration file: 3706 3707 <programlisting>define(`confDEF_USER_ID', `daemon')</programlisting> 3708 </para> 3709 3710 <para role="historic">Beginning with the import of 3711 <application>sendmail</application> 8.12.2, multiple 3712 <application>sendmail</application> daemons (some required 3713 to handle outgoing mail) are started by &man.rc.8;, even if 3714 the <varname>sendmail_enable</varname> variable is set to 3715 <literal>NO</literal>. To completely disable 3716 <application>sendmail</application>, 3717 <varname>sendmail_enable</varname> must be set to 3718 <literal>NONE</literal>. Alternatively, for systems using a 3719 different MTA, the <varname>mta_start_script</varname> variable can 3720 be used to point to a different startup script (more details 3721 can be found in &man.rc.sendmail.8;). &merged;</para> 3722 3723 <para>By default, &man.rc.8; no longer enables 3724 <application>sendmail</application> for inbound SMTP 3725 connections. Note that &man.sysinstall.8; may override this 3726 default for a binary installation, based on what security 3727 profile is selected. This functionality can also be 3728 manually enabled by adding the following line to 3729 <filename>/etc/rc.conf</filename>:</para> 3730 3731 <programlisting>sendmail_enable="YES"</programlisting> 3732 3733 <para>The permissions for <application>sendmail</application> 3734 alias and map databases built via 3735 <filename>/etc/mail/Makefile</filename> now default to mode 3736 0640 to protect against a file locking local denial of service. 3737 It can be changed by setting the new 3738 <varname>SENDMAIL_MAP_PERMS</varname> 3739 <filename>make.conf</filename> option. &merged;</para> 3740 3741 <para>The permissions for the <application>sendmail</application> 3742 statistics file, <filename>/var/log/sendmail.st</filename>, have 3743 been changed from mode 0644 to mode 0640 to protect against 3744 a file locking local denial of service. &merged;</para> 3745 3746 </sect4> 3747 </sect3> 3748 3749 <sect3> 3750 <title>Ports/Packages Collection Infrastructure</title> 3751 3752 <para><application>BSDPAN</application>, a collection of modules 3753 that provides tighter integration of 3754 <application>Perl</application> into the &os; Ports 3755 Collection, has been added.</para> 3756 3757 <para role="historic">&man.pkg.create.1; and &man.pkg.add.1; can now work with 3758 packages that have been compressed using 3759 &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT 3760 environment variable to determine a mirror site for new 3761 packages. &merged;</para> 3762 3763 <para role="historic">&man.pkg.create.1; now records dependencies in dependency 3764 order rather than in the order specified on the command line. 3765 This improves the functioning of <command>pkg_add 3766 -r</command>. &merged;</para> 3767 3768 <para role="historic">&man.pkg.create.1; now supports a <option>-b</option> to 3769 create a package file from a locally-installed 3770 package. &merged;</para> 3771 3772 <para role="historic">When requested to delete multiple packages, 3773 &man.pkg.delete.1; will now attempt to remove them in 3774 dependency order rather than the order specified on the 3775 command line. &merged;</para> 3776 3777 <para role="historic">&man.pkg.delete.1; now can perform glob/regexp matching of 3778 package names. In addition, it supports a <option>-a</option> 3779 option for removing all packages and a <option>-i</option> 3780 option for &man.rm.1;-style interactive 3781 confirmation. &merged;</para> 3782 3783 <para role="historic">&man.pkg.delete.1; now supports a <option>-r</option> 3784 option for recursive package removal. &merged;</para> 3785 3786 <para role="historic">&man.pkg.info.1; now supports globbing against names of 3787 installed packages. The <option>-G</option> option disables 3788 this behavior, and the <option>-x</option> option causes 3789 regular expression matching instead of shell 3790 globbing. &merged;</para> 3791 3792 <para role="historic">&man.pkg.info.1; can now accept a <option>-g</option> flag 3793 for verifying an installed package against its recorded 3794 checksums (to see if it's been modified post-installation). 3795 Naturally, this mechanism is only as secure as the contents of 3796 <filename>/var/db/pkg</filename> if it's to be used for auditing 3797 purposes. &merged;</para> 3798 3799 <para role="historic">&man.pkg.sign.1; and &man.pkg.check.1; have been added to 3800 digitally sign and verify the signatures on binary package 3801 files. &merged;</para> 3802 3803 <para>For some time, &os; 5.0-CURRENT (as well as some 4.X 3804 releases) included a pkg_update(1) utility to update installed 3805 packages, as well as their dependencies. This utility has 3806 been removed; a superset of its functionality can be found in 3807 the <filename role="package">sysutils/portupgrade</filename> 3808 port.</para> 3809 3810 <para role="historic">&man.pkg.version.1; now has a version number comparison 3811 routine that corresponds to the Porters Handbook. It also has 3812 a <option>-t</option> option for testing address comparisons. 3813 &merged;</para> 3814 3815 <para role="historic">&man.pkg.version.1; now takes a <option>-s</option> flag 3816 to limit its operation to ports/packages matching a given 3817 string. &merged;</para> 3818 3819 <para>&man.pkg.version.1;, formerly a Perl script, has been 3820 rewritten in C.</para> 3821 3822 <para role="historic">Version numbers of installed packages have a new 3823 (backward-compatible) syntax, which supports the 3824 <varname>PORTREVISION</varname> and 3825 <varname>PORTEPOCH</varname> variables in Ports Collection 3826 <filename>Makefile</filename>s. These changes help keep track 3827 of changes in the ports collection entries such as security 3828 patches or &os;-specific updates, which aren't reflected in 3829 the original, third-party software distributions. 3830 &man.pkg.version.1; can now compare these new-style version 3831 numbers. &merged;</para> 3832 3833 <para role="historic">To improve performance and disk utilization, the 3834 <quote>ports skeletons</quote> in the &os; Ports Collection 3835 have been restructured. Installed ports and packages should 3836 not be affected. &merged;</para> 3837 3838 <para role="historic">All packages and ports now contain an 3839 <quote>origin</quote> directive, which makes it easier for 3840 programs such as &man.pkg.version.1; to determine the 3841 directory from which a package was built. &merged;</para> 3842 3843 <para role="historic">The Ports Collection infrastructure now uses 3844 <application>XFree86</application> 4.2.0 as the default version 3845 of the X Window System for the purposes of satisfying 3846 dependencies. To return to using 3847 <application>XFree86</application> 3.3.6, add the following line 3848 to <filename>/etc/make.conf</filename>: &merged;</para> 3849 3850 <programlisting role="historic">XFREE86_VERSION=3</programlisting> 3851 3852 <para>The libraries installed by the <filename 3853 role="package">emulators/linux_base</filename> port (required 3854 for Linux emulation) have been updated; they now correspond to 3855 those included with <application>Red Hat Linux</application> 3856 7.1.</para> 3857 </sect3> 3858 </sect2> 3859 3860 <sect2> 3861 <title>Release Engineering and Integration</title> 3862 3863 <para>The <filename>bin</filename> distribution has been renamed 3864 <filename>base</filename>, in order to make creation of combined 3865 install/recovery disks easier.</para> 3866 3867 <para arch="i386">ISO images and CDROMs now use the 3868 <filename>cdboot</filename> boot loader by default. This 3869 eliminates the need for an emulated floppy disk image on 3870 a bootable CDROM and allows for a full 3871 <filename>GENERIC</filename> kernel to be used for CDROM 3872 installations, at the expense of compatability with some old 3873 BIOSs.</para> 3874 3875 <para arch="i386,pc98,alpha" role="historic"><application>XFree86</application> 4.2.0 3876 is now the default version of the X Window System supported by 3877 &man.sysinstall.8;. It installs 3878 <application>XFree86</application> as a set of standard binary 3879 packages, so the usual package utilities such as 3880 &man.pkg.info.1; can be used to examine/manipulate its 3881 components. &merged;</para> 3882 3883 <para>It is now possible to make releases of &os; 3884 &release.current; on a &os; 4-STABLE host. Cross-architecture 3885 (building a release for a target architecture on a host of a 3886 different architecture) releases are also possible. See 3887 &man.release.7; for details.</para> 3888 3889 </sect2> 3890 3891 <sect2> 3892 <title>Documentation</title> 3893 3894 <para>A number of formerly-encumbered documents from the 4.4 BSD 3895 Programmer's Supplementary Documents have been restored to 3896 <filename>/usr/share/doc/psd</filename>. These include:</para> 3897 3898 <itemizedlist> 3899 <listitem> 3900 <para><emphasis>The UNIX Time-Sharing System</emphasis> 3901 (<filename>01.cacm</filename>)</para> 3902 </listitem> 3903 3904 <listitem> 3905 <para><emphasis>UNIX Implementation</emphasis> 3906 (<filename>02.implement</filename>)</para> 3907 </listitem> 3908 3909 <listitem> 3910 <para><emphasis>The UNIX I/O System</emphasis> 3911 (<filename>03.iosys</filename>)</para> 3912 </listitem> 3913 3914 <listitem> 3915 <para><emphasis>UNIX Programming — Second Edition</emphasis> 3916 (<filename>04.uprog</filename>)</para> 3917 </listitem> 3918 3919 <listitem> 3920 <para><emphasis>The C Programming Language — Reference Manual</emphasis> 3921 (<filename>06.Clang</filename>)</para> 3922 </listitem> 3923 3924 <listitem> 3925 <para><emphasis>Yacc: Yet Another Compiler-Compiler</emphasis> 3926 (<filename>15.yacc</filename>)</para> 3927 </listitem> 3928 3929 <listitem> 3930 <para><emphasis>Lex — A Lexical Analyzer Generator</emphasis> 3931 (<filename>16.lex</filename>)</para> 3932 </listitem> 3933 3934 <listitem> 3935 <para><emphasis>The M4 Macro Processor</emphasis> 3936 (<filename>17.m4</filename>)</para> 3937 </listitem> 3938 </itemizedlist> 3939 3940 <para>Several formerly-encumbered documents from the 4.4 BSD 3941 User's Supplementary Documents have been restored to 3942 <filename>/usr/share/doc/usd</filename>. They include:</para> 3943 3944 <itemizedlist> 3945 <listitem> 3946 <para><emphasis>NROFF/TROFF User's Manual</emphasis> 3947 (<filename>21.troff</filename>)</para> 3948 </listitem> 3949 3950 <listitem> 3951 <para><emphasis>A TROFF Tutorial</emphasis> 3952 (<filename>22.trofftut</filename>)</para> 3953 </listitem> 3954 </itemizedlist> 3955 </sect2> 3956 3957</sect1> 3958 3959<sect1> 3960 <title>Upgrading from previous releases of &os;</title> 3961 3962 <para>If you're upgrading from a previous release of &os;, you 3963 generally will have three options: 3964 3965 <itemizedlist> 3966 <listitem> 3967 <para>Using the binary upgrade option of &man.sysinstall.8;. 3968 This option is perhaps the quickest, although it presumes 3969 that your installation of &os; uses no special compilation 3970 options.</para> 3971 </listitem> 3972 <listitem> 3973 <para>Performing a complete reinstall of &os;. Technically, 3974 this is not an upgrading method, and in any case is usually less 3975 convenient than a binary upgrade, in that it requires you to 3976 manually backup and restore the contents of 3977 <filename>/etc</filename>. However, it may be useful in 3978 cases where you want (or need) to change the partitioning of 3979 your disks. 3980 </listitem> 3981 <listitem> 3982 <para>From source code in <filename>/usr/src</filename>. This 3983 route is more flexible, but requires more disk space, time, 3984 and more technical expertise. More information can be found 3985 in the <ulink 3986 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html"><quote>Using 3987 <command>make world</command></quote></ulink> section of the <ulink 3988 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 3989 Handbook</ulink>. Upgrading from very old 3990 versions of &os; may be problematic; in cases like this, it 3991 is usually more effective to perform a binary upgrade or a 3992 complete reinstall.</para> 3993 </listitem> 3994 </itemizedlist> 3995 </para> 3996 3997 <para>Please read the <filename>INSTALL.TXT</filename> file for more 3998 information, preferably <emphasis>before</emphasis> beginning an 3999 upgrade. If you are upgrading from source, please be sure to read 4000 <filename>/usr/src/UPDATING</filename> as well.</para> 4001 4002 <para>Finally, if you want to use one of various means to track the 4003 -STABLE or -CURRENT branches of &os;, please be sure to consult 4004 the <ulink 4005 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html"><quote>-CURRENT 4006 vs. -STABLE</quote></ulink> section of the <ulink 4007 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD 4008 Handbook</ulink>.</para> 4009 4010 <important> 4011 <para>Upgrading &os; should, of course, only be attempted after 4012 backing up <emphasis>all</emphasis> data and configuration 4013 files.</para> 4014 </important> 4015</sect1> 4016
