1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
8 <!-- Text constants which probably don't need to be changed.-->
10 <!-- The marker for MFCs. -->
11 <!ENTITY merged "[MERGED]">
13 <!-- Architecture names -->
14 <!ENTITY arch.amd64 "amd64">
15 <!ENTITY arch.arm "arm">
16 <!ENTITY arch.i386 "i386">
17 <!ENTITY arch.ia64 "ia64">
18 <!ENTITY arch.pc98 "pc98">
19 <!ENTITY arch.powerpc "powerpc">
20 <!ENTITY arch.sparc64 "sparc64">
21 <!ENTITY arch.sun4v "sun4v">
23 <!ENTITY % include.historic "IGNORE">
24 <!ENTITY % no.include.historic "IGNORE">
29 <title>&os; &release.current; Release Notes</title>
31 <corpauthor>The &os; Project</corpauthor>
33 <pubdate>$FreeBSD$</pubdate>
44 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
47 <legalnotice id="trademarks" role="trademarks">
57 <para>The release notes for &os; &release.current; contain a summary
58 of the changes made to the &os; base system on the
59 &release.branch; development line.
60 This document lists applicable security advisories that were issued since
61 the last release, as well as significant changes to the &os;
63 Some brief remarks on upgrading are also presented.</para>
68 <title>Introduction</title>
70 <para>This document contains the release notes for &os;
72 describes recently added, changed, or deleted features of &os;.
73 It also provides some notes on upgrading
74 from previous versions of &os;.</para>
76 <![ %release.type.current [
78 <para>The &release.type; distribution to which these release notes
79 apply represents the latest point along the &release.branch; development
80 branch since &release.branch; was created. Information regarding pre-built, binary
81 &release.type; distributions along this branch
82 can be found at <ulink url="&release.url;"></ulink>.</para>
86 <![ %release.type.snapshot [
88 <para>The &release.type; distribution to which these release notes
89 apply represents a point along the &release.branch; development
90 branch between &release.prev; and the future &release.next;.
92 pre-built, binary &release.type; distributions along this branch
93 can be found at <ulink url="&release.url;"></ulink>.</para>
97 <![ %release.type.release [
99 <para>This distribution of &os; &release.current; is a
100 &release.type; distribution. It can be found at <ulink
101 url="&release.url;"></ulink> or any of its mirrors. More
102 information on obtaining this (or other) &release.type;
103 distributions of &os; can be found in the <ulink
104 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
105 &os;</quote> appendix</ulink> to the <ulink
106 url="&url.books.handbook;/">&os;
107 Handbook</ulink>.</para>
111 <para>All users are encouraged to consult the release errata before
112 installing &os;. The errata document is updated with
113 <quote>late-breaking</quote> information discovered late in the
114 release cycle or after the release. Typically, it contains
115 information on known bugs, security advisories, and corrections to
116 documentation. An up-to-date copy of the errata for &os;
117 &release.current; can be found on the &os; Web site.</para>
122 <title>What's New</title>
124 <para>This section describes
125 the most user-visible new or changed features in &os;
126 since &release.prev;.
127 In general, changes described here are unique to the &release.branch;
128 branch unless specifically marked as &merged; features.
131 <para>Typical release note items
132 document recent security advisories issued after
134 new drivers or hardware support, new commands or options,
135 major bug fixes, or contributed software upgrades. They may also
136 list changes to major ports/packages or release engineering
137 practices. Clearly the release notes cannot list every single
138 change made to &os; between releases; this document focuses
139 primarily on security advisories, user-visible changes, and major
140 architectural improvements.</para>
142 <sect2 id="security">
143 <title>Security Advisories</title>
145 <para>A temporary file vulnerability in &man.texindex.1;, which
146 could allow a local attacker to overwrite files in the context
147 of a user running the &man.texindex.1; utility, has been fixed.
148 For more details see security advisory <ulink
149 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:01.texindex.asc">FreeBSD-SA-06:01.texindex</ulink>. &merged;</para>
151 <para>A temporary file vulnerability in the &man.ee.1; text
152 editor, which could allow a local attacker to overwrite files in
153 the context of a user running &man.ee.1;, has been fixed. For
154 more details see security advisory <ulink
155 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:02.ee.asc">FreeBSD-SA-06:02.ee</ulink>. &merged;</para>
157 <para>Several vulnerabilities in the &man.cpio.1; utility have
158 been corrected. For more
159 details see security advisory <ulink
160 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:03.cpio.asc">FreeBSD-SA-06:03.cpio</ulink>. &merged;</para>
162 <para>An error in &man.ipfw.4; IP fragment handling, which could
163 cause a crash, has been fixed. For more
164 details see security advisory <ulink
165 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:04.ipfw.asc">FreeBSD-SA-06:04.ipfw</ulink>. &merged;</para>
167 <para>A potential buffer overflow in the IEEE 802.11 scanning code
168 has been corrected. For more
169 details see security advisory <ulink
170 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:05.80211.asc">FreeBSD-SA-06:05.80211</ulink>. &merged;</para>
172 <para>Two instances in which portions of kernel memory could be
173 disclosed to users have been fixed. For more details see
174 security advisory <ulink
175 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:06.kmem.asc">FreeBSD-SA-06:06.kmem</ulink>. &merged;</para>
177 <para>A logic bug in the IP fragment handling in &man.pf.4;, which
178 could cause a crash under certain circumstances, has been fixed.
179 For more details see security advisory <ulink
180 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:07.pf.asc">FreeBSD-SA-06:07.pf</ulink>. &merged;</para>
182 <para>A logic bug in the NFS server code, which could cause a crash when
183 the server received a message with a zero-length payload, has been fixed.
184 For more details see security advisory <ulink
185 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:10.nfs.asc">FreeBSD-SA-06:10.nfs</ulink>. &merged;</para>
187 <para>A programming error in the &man.fast.ipsec.4; implementation
188 results in the sequence number associated with a Security
189 Association not being updated, allowing packets to unconditionally
190 pass sequence number verification checks, has been fixed.
191 For more details see security advisory <ulink
192 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:11.ipsec.asc">FreeBSD-SA-06:11.ipsec</ulink>. &merged;</para>
194 <para>A logic bug that could cause &man.opiepasswd.1; to allow an unprivileged
195 user to configure OPIE authentication for the root user under certain
196 circumstances, has been fixed.
197 For more details see security advisory <ulink
198 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:12.opie.asc">FreeBSD-SA-06:12.opie</ulink>. &merged;</para>
200 <para>An asynchronous signal handling vulnerability in &man.sendmail.8;,
201 which could allow a remote attacker to execute arbitrary code with the
202 privileges of the user running sendmail, typically root, has been fixed.
203 For more details see security advisory <ulink
204 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:13.sendmail.asc">FreeBSD-SA-06:13.sendmail</ulink>. &merged;</para>
206 <para>[&arch.amd64;, &arch.i386;] An information disclosure issue found in the
207 &os; kernel running on 7th- and 8th-generation AMD processors
208 has been fixed. For more details see security advisory <ulink
209 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:14.fpu.asc">FreeBSD-SA-06:14.fpu</ulink>. &merged;</para>
211 <para>A bug in &man.ypserv.8;, which effectively disabled the
212 <filename>/var/yp/securenets</filename> access control mechanism,
213 has been corrected. More details are available in security
215 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:15.ypserv.asc">FreeBSD-SA-06:15.ypserv</ulink>. &merged;</para>
217 <para>A bug in the smbfs file system, which could allow an
218 attacker to escape out of &man.chroot.2 environments on an smbfs
219 mounted file system, has been fixed. For more details, see
221 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc">FreeBSD-SA-06:16.smbfs</ulink>. &merged;</para>
223 <para>A potential denial of service problem in &man.sendmail.8;
224 caused by excessive recursion which leads to stack
225 exhaustion when attempting delivery of a malformed
226 MIME message, has been fixed. For more details,
227 see security advisory <ulink
228 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc">FreeBSD-SA-06:17.sendmail</ulink>. &merged;</para>
230 <para>A potential buffer overflow condition in &man.sppp.4; has
231 been corrected. For more details, see security advisory
232 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc">FreeBSD-SA-06:18.ppp</ulink>. &merged;</para>
234 <para>An OpenSSL bug related to validation of PKCS#1 v1.5
235 signatures has been fixed. For more details, see security
237 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:19.openssl.asc">FreeBSD-SA-06:19.openssl</ulink>. &merged;</para>
239 <para>A potential denial of service attack against &man.named.8;
240 has been fixed. For more details, see security advisory
241 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc">FreeBSD-SA-06:20.bind</ulink>. &merged;</para>
243 <para>Several programming errors have been fixed in &man.gzip.1;.
244 They could have the effect of causing a crash or an infinite
245 loop when decompressing files. More information can be found in
247 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:21.gzip.asc">FreeBSD-SA-06:21.gzip</ulink>. &merged;</para>
249 <para>Several vulnerabilities have been fixed in OpenSSH. More
250 details can be found in security advisory
251 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:22.openssh.asc">FreeBSD-SA-06:22.openssh</ulink>. &merged;</para>
253 <para>Multiple errors in the OpenSSL &man.crypto.3; library have
254 been fixed. Potential effects are varied, and are documented in
255 more detail in security advisory
256 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc">FreeBSD-SA-06:23.openssl</ulink>. &merged;</para>
258 <para>A bug that could permit corrupt archives to cause an
259 infinite loop in &man.libarchive.3; and &man.tar.1; has been
260 fixed. More details are available in
261 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive.asc">FreeBSD-SA-06:24.libarchive</ulink>. &merged;</para>
263 <para>A bug that could allow users in
264 the <groupname>operator</groupname> group to read parts of kernel
265 memory has been corrected. For more details, consult security
267 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:25.kmem.asc">FreeBSD-SA-06:25.kmem</ulink>. &merged;</para>
269 <para>A bug in the <filename>jail</filename> startup script that
270 could permit privilege escalation via a symlink attack has been
271 fixed. More information is available in
272 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:01.jail.asc">FreeBSD-SA-07:01.jail</ulink>. &merged;</para>
274 <para>Two remote denials of service in BIND (one involving DNSSEC and
275 one involving recursive DNS queries) have been fixed. For more
276 information, see security advisory
277 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-07:02.bind.asc">FreeBSD-SA-07:02.bind</ulink>. &merged;</para>
282 <title>Kernel Changes</title>
284 <para>&man.acpi.4; now has support for the HPET time counter. &merged;</para>
286 <para>The &man.acpi.ibm.4; driver now supports setting the fan control
287 mode to manual or automatic, and adjusting the fan speed if the
288 fan control mode is manual. To enable manual control of the fan speed,
289 the sysctl variable <varname>dev.acpi_ibm.<replaceable>0</replaceable>.fan</varname>
290 needs to be set to zero (manual). This should only be used with
291 extreme precaution, as disabling automatic fan control might
292 overheat the hardware and lead to permanent damage.</para>
294 <para>The &man.apm.4; suspend/resume support has been improved.</para>
296 <para>Security event auditing is now supported in the &os; kernel,
297 and is enabled by the <literal>AUDIT</literal> kernel
298 configuration option. More information can be found in the
299 &man.audit.4; manual page.</para>
301 <para>The <literal>options COMPAT_43</literal> kernel
302 configuration option has been deemed unnecessary and has been
303 removed from <filename>GENERIC</filename> and related kernel
304 configurations. This change may result in a small performance
305 increase for some workloads.</para>
307 <para>The &man.ddb.4; debugger now provides the <literal>show lock</literal>
308 command. If the argument has a valid lock class,
309 this displays various information about the lock and calls a
310 new function pointer in lock_class (lc_ddb_show) to dump class-specific
311 information about the lock as well (such as the owner of a mutex or
312 xlock'ed sx lock). &merged;</para>
314 <para>The &man.ddb.4; debugger now provides the <literal>show sleepq</literal>
315 command. This takes a wait channel as an argument and looks
316 for a sleep queue associated with that wait channel.</para>
318 <para><filename>DEFAULTS</filename> kernel configuration files
319 for each platform have been added. These files contain
320 directives that are implicitly included in all kernel
321 configurations, and generally include basic, mandatory
322 functionality for each platform. &merged;</para>
324 <para>A bug in file descriptor handling such that a simple
325 <literal>close(0); dup(fd)</literal> sequence does not return
326 descriptor <literal>0</literal> in some cases, has been fixed.</para>
328 <para>The &man.firmware.9; subsystem has been added. This
329 subsystem provides a mechanism
330 to load binary data into the kernel via a specially crafted module.
333 <para>The &man.gdb.1; remote debugging interface now supports
334 copying console messages to a remote debugger instance.
335 To enable this, set <literal>debug.gdbcons="1"</literal>
336 in <filename>loader.conf</filename>, enter <literal>boot -d;
337 gdb; step</literal> from the loader prompt,
338 then attach &man.gdb.1; from a remote machine.
339 The sysctl variable <varname>debug.gdbcons</varname> can be
340 used to turn on/off this functionality.</para>
342 <para>&man.hwpmc.4; and &man.pmcstat.8; now support profiling
343 of dynamically loaded kernel modules and
344 shared objects loaded with &man.dlopen.3;.
345 &man.pmcstat.8; can now log over a network socket
346 to a remote host.</para>
348 <para>A new <varname>kern.hostuuid</varname> sysctl variable
349 has been added to hold a host's Universally Unique Identifier
350 (UUID). This UUID is computed or generated by a new
351 <filename>rc.d/hostid</filename> startup script and, where
352 possible, is saved to disk to be persistent across reboots.</para>
354 <para>Support for Kernel Scheduled Entities (KSE) is now a kernel
355 option (previously it was a mandatory feature in the kernel).
356 It is enabled in the GENERIC kernel (thus there is no change in
357 functionality) for all platforms except &arch.sun4v;.</para>
359 <para>Support for Message Signaled Interrupts (MSI) has been added to
360 the &man.pci.4; driver. &merged;</para>
362 <para>The &man.priv.9; kernel interface has been added. Its purpose
363 is checking the availability of privilege for threads and credentials.
364 Unlike the existing &man.suser.9; interface, &man.priv.9; exposes a
365 named privilege identifier to the privilege checking code, allowing
366 more complex policies regarding the granting of privilege to be
369 <para>The &man.random.4; entropy device driver is now MPSAFE.
372 <para>&os; now supports concurrent &man.read.2;/&man.readv.2;
373 access to a file.</para>
375 <para>The ULE process scheduler has been revised to improve its
376 behavior, in particular interactivity under load. This
377 implementation can commonly be referred to as <quote>ULE
380 <para>The experimental CORE process scheduler has been added,
381 enabled with the <literal>options SCHED_CORE</literal> kernel
382 configuration option. It is forked from the &man.sched.ule.4;
384 with a different algorithm for detecting an interactive process.
385 More information can be found in the &man.sched.core.4; manual
388 <para>The <literal>SIGCHLD</literal> signal queuing has been
389 added. For each child process whose status has been changed,
390 a <literal>SIGCHLD</literal> instance is queued. If the signal is still pending,
391 and the process changed status several times, the signal information
392 is updated to reflect the latest process status.
393 There is a loader tunable <varname>kern.sigqueue.queue_sigchild</varname>
394 which can control the behavior, setting it to zero disables the
395 <literal>SIGCHLD</literal> queuing feature.</para>
397 <para>[&arch.amd64;, &arch.i386;] Instead of including all of physical
398 memory in a kernel crash dump, the kernel now defaults to dumping only pages that are
399 actively mapped into kernel virtual memory. A new
400 <varname>debug.minidump</varname> sysctl variable
401 can be used to turn off this behavior when set to zero. &merged;</para>
403 <para>A new sysctl variable <varname>kern.malloc_stats</varname>
404 has been added. This allows exporting of kernel malloc
405 statistics via a binary structure stream.</para>
407 <para>A new sysctl variable <varname>kern.forcesigexit</varname>
408 has been added. This forces a process
409 to sigexit if a trap signal is being held by the current thread or
410 ignored by the current process. It is enabled by default.</para>
412 <para>The pcvt(4) driver, an alternative to &man.syscons.4;,
413 has been removed, as it had fallen out of sync with the rest
414 of the kernel.</para>
416 <para>RedZone, a buffer corruption protection for the kernel &man.malloc.9;
417 facility has been implemented. This detects both buffer underflows and
418 overflows at runtime on &man.free.9; and &man.realloc.9;,
419 and prints backtraces from where memory was allocated and from where
420 it was freed. For more details, see the &man.redzone.9; manual page.</para>
422 <para>A new sysctl variable <varname>security.mac.biba.interfaces_equal</varname>
423 which makes all network interfaces be created with the label
424 <literal>biba/equal(equal-equal)</literal>, has been added.
425 This is useful where programs such as &man.dhclient.8; and &man.ppp.8;.
426 which initialize network interfaces do not have any labeling support.
427 This variable is set as <literal>0</literal> (disabled) by default.
430 <para>A new sysctl variable <varname>vm.zone_stats</varname>
431 has been added. This allows to export &man.uma.9; allocator
432 statistics via a binary structure stream.</para>
434 <para>The sysctl variable <varname>hw.pci.do_powerstate</varname>
435 has been changed from a boolean to a range.
436 <literal>0</literal> means no power management,
437 <literal>1</literal> means conservative power management which
438 any device class that has caused problems is added to the watch list,
439 <literal>2</literal> means aggressive power management where
440 any device class that is not fundamental to the system is added to the list,
441 and <literal>3</literal> means power them all down unconditionally.
442 The default is <literal>1</literal>.</para>
444 <para>[&arch.ia64;] The <filename>GENERIC</filename> kernel now enables
445 SMP support by default.</para>
447 <para>Sample kernel configuration files
448 <filename>src/sys/<replaceable>arch</replaceable>/conf/MAC</filename>
449 for the Mandatory Access Control framework have been added.</para>
451 <para><varname>POSIX_TIMERS</varname> support has been updated to 200112L.</para>
453 <para>An experimental support for POSIX message queue has been
456 <para>&os; now runs on the Xbox, whose architecture is nearly identical
457 to the i386. For details of the latest development, see
458 <ulink url="http://www.FreeBSD.org/platforms/xbox.html"></ulink>.
461 <para>The locking strategy for UNIX domain sockets has been
462 revised to improve concurrency; this change has yielded
463 substantial performance improvements on various SMP workloads
464 (in particular, MySQL on 8-way &arch.amd64; systems) with little
465 or no measured overhead on UP systems.</para>
467 <para>Several minor but widespread changes to the Newbus API have
468 been made In order to support some on-going work with interrupt
469 filtering. Because this change also breaks the kernel ABI, all
470 third-party device drivers will need to be modified and
474 <title>Boot Loader Changes</title>
476 <para>A new option <option>-S</option>,
477 which allows setting the <filename>boot2</filename>
478 serial console speed in the <filename>/boot.config</filename>
479 file or on the <prompt>boot:</prompt> prompt line,
480 has been added.</para>
482 <para>[&arch.amd64;, &arch.i386;] A new loader tunable
483 <varname>comconsole_speed</varname> to change
484 the serial console speed has been added.
485 If the previous stage boot loader requested a serial console,
486 then the default speed is determined from the current serial port
487 speed. Otherwise it is set to 9600 or the value of
488 the <literal>BOOT_COMCONSOLE_SPEED</literal> kernel option.
491 <!-- Above this line, order boot loader changes by keyword-->
493 <para>[&arch.pc98;] A bootable CDROM loader has been implemented
494 for the pc98 platform. &merged;</para>
496 <para>[&arch.i386;] A bug in the i386 boot loader, which could
497 cause file system corruption if
498 a <filename>nextboot.conf</filename> file was used and landed
499 after cylinder 1023, has been fixed. &merged;</para>
504 <title>Hardware Support</title>
506 <para>The &man.amdsmb.4; driver has been added. It provides
507 support for the AMD-8111 SMBus 2.0 controller. &merged;</para>
509 <para>The &man.cardbus.4;, &man.pccard.4;,
510 &man.pccbb.4;, and &man.exca.4; drivers are now buildable
511 as kernel modules.</para>
513 <para>An &man.acpi.dock.4; driver has been added to provide
514 support for controlling laptop docking station functions via
515 ACPI. &merged;</para>
517 <para>The &man.acpi.thermal.4; driver now supports
518 passive cooling. &merged;</para>
520 <para>The &man.acpi.thermal.4; driver now supports overriding
521 the <literal>_PSV</literal>, <literal>_HOT</literal>, and
522 <literal>_CRT</literal> temperature values.</para>
524 <para>Support for the alpha architecture has been removed. Alpha
525 support will remain on the RELENG_5 and RELENG_6 codelines.</para>
527 <para>The &man.cardbus.4; driver now supports
528 <filename>/dev/cardbus<replaceable>%d</replaceable>.cis</filename>.</para>
530 <para>[&arch.i386;, &arch.pc98;] The &man.ce.4; driver,
531 which supports Cronyx Tau-PCI/32 adapters, has been added.
534 <para>The <literal>est</literal> &man.cpufreq.4; driver now supports
535 frequency control for the VIA C7-M family of processors.</para>
537 <para>Support for the PadLock Security Co-processor in VIA C3,
539 processors has been added to the &man.crypto.9; subsystem.
540 More information can be found in the &man.padlock.4; manual
544 <para>icee(4), a generic I2C EEPROM driver, has been added.</para>
546 <para>A bug which prevented the &man.ichsmb.4; kernel module
547 from unloading has been fixed.</para>
549 <para>[&arch.amd64;, &arch.i386;] Dual-core processors (such as the Intel
550 Core Duo) now have both cores available for use by
551 default in SMP-enabled kernels. &merged;</para>
553 <para>[&arch.amd64;, &arch.i386;] &man.ipmi.4;, an OpenIPMI compatible driver,
555 OpenIPMI (Intelligent Platform Management Interface) is an open
556 standard designed to enable remote monitoring and control of server,
557 networking and telecommunication platforms. &merged;</para>
559 <para>The &man.kbdmux.4; driver has been integrated into &man.syscons.4; and
560 the <devicename>kbd</devicename> device driver.
561 By default &man.syscons.4; will look for the &man.kbdmux.4;
562 keyboard first, and then, if not found, look for any keyboard.
563 Switching to &man.kbdmux.4; can be done at boot time by loading
564 the <literal>kbdmux</literal> kernel module via &man.loader.8;,
565 or at runtime via &man.kldload.8; and releasing the active
566 keyboard. &merged;</para>
568 <para>[&arch.amd64;, &arch.i386;] The &man.kbdmux.4; driver is now included in the
569 <filename>GENERIC</filename> kernel by default.
570 Also, the <quote>Boot FreeBSD with USB keyboard</quote>
571 menu item in the boot loader menu has been removed
572 since this fixes USB keyboard probing problems.
575 <para>The &man.nfsmb.4; driver, which supports the NVIDIA nForce
576 2/3/4 SMBus 2.0 controller, has been added. &merged;</para>
578 <para>[&arch.ia64;, &arch.powerpc;] The loader tunable <varname>debug.mpsafevfs</varname>
579 is set to <literal>1</literal> by default.</para>
581 <para>The &man.sab.4; driver has been removed (it has been
582 superceded by the &man.scc.4; driver).</para>
584 <para>The &man.scc.4; driver has been added.
585 This provides generic support for serial communications
586 controllers and delegates the control over each channel
587 and mode to a subordinate driver such as &man.uart.4;.</para>
589 <para>[&arch.amd64;] The smbios(4) driver support for amd64 has been
592 <para>[&arch.sun4v;] &os; now has preliminary support for the Sun Microsystems
593 UltraSPARC-T1 architecture. &os;/sun4v has been demonstrated
594 to run on the Sun Fire T1000 and Sun Fire T2000 servers.
595 More information can be found on the
596 <ulink url="http://www.FreeBSD.org/platforms/sun4v.html">sun4v
600 <para>The tnt4882(4) driver, which supports the National Instruments
601 PCI-GPIB card, has been added.</para>
603 <para>[&arch.amd64;, &arch.i386;, &arch.ia64;, &arch.sparc64;] The &man.uart.4; driver has been included in the
604 <filename>GENERIC</filename> kernel by default.
605 When both &man.sio.4; and &man.uart.4; can handle a given serial port,
606 &man.sio.4; will claim it.</para>
608 <para>The &man.uart.4; driver now supports LOM (Lights Out Management)
609 and RSC (Remote System Control) devices as consoles.</para>
611 <para>The zs driver has been removed. Its functionality
612 has been superceded by that of the &man.uart.4; driver.</para>
614 <para>[&arch.i386;] A new loader tunable
615 <varname>hw.apic.enable_extint</varname> has been added.
616 This tunable can be used to disable masking of the ExtINT pin on the first
617 I/O APIC. At least one chipset for the Intel Pentium III seems
618 to need this, even though all of the pins in the 8259As are masked.
619 The default is still to mask the ExtINT pin.</para>
621 <para>[&arch.i386;] Support has been improved for
622 so-called <quote>legacy-free</quote> hardware, in particular,
623 i386 systems without AT-style keyboard controllers such as the
624 Macbook Pro. &merged;</para>
627 <title>Multimedia Support</title>
629 <para>The &man.agp.4; driver now supports ATI AGP chipsets.
632 <para>The new midi(4) driver which is based on NetBSD's one
633 has been added. This supports &man.snd.cmi.4; and
634 &man.snd.emu10k1.4; drivers.</para>
636 <para>The &man.sound.4; driver now supports
637 wider range sampling rate, multiple precisions choice,
638 and 24/32 bit PCM format conversion. &merged;</para>
640 <para>The &man.snd.als4000.4; driver is now MPSAFE. &merged;</para>
642 <para>The &man.snd.atiixp.4; driver has been added.
643 This supports ATI IXP 200/300/400 series audio controllers. &merged;</para>
645 <para>The &man.snd.atiixp.4; driver now supports
646 suspend and resume features.</para>
648 <para>The &man.snd.cmi.4; driver is now MPSAFE.</para>
650 <para>The &man.snd.emu10kx.4; driver has been added. It
651 supports Creative SoundBlaster Live! and Audigy series sound
652 cards with optional pseudo-multichannel playback.</para>
654 <para>The &man.snd.envy24.4; driver has been added to support
655 the Envy24 series of audio chips.</para>
657 <para>The &man.snd.envy24ht.4; driver has been added to support
658 the VIA Envy24HT series of audio chips.</para>
660 <para>The &man.snd.es137x.4; driver is now MPSAFE. &merged;</para>
662 <para>The &man.snd.ich.4; driver is now MPSAFE. &merged;</para>
664 <para>The &man.snd.hda.4; driver has been added. It supports
665 devices that conform to revision 1.0 of the Intel High Definition
666 Audio specification.</para>
668 <para>The &man.snd.solo.4; driver is now MPSAFE. &merged;</para>
670 <para>The &man.snd.spicds.4; driver has been added to support
671 I2S SPI audio codec chips.</para>
673 <para>The &man.snd.via8233.4; driver is now MPSAFE. &merged;</para>
675 <para>The &man.snd.via82c686.4; driver is now MPSAFE. &merged;</para>
677 <para>[&arch.amd64;] The &man.speaker.4; driver now supports &os;/amd64. &merged;</para>
679 <para>The &man.uaudio.4; driver now supports 24/32 bit audio
680 formats and conversion.</para>
684 <title>Network Interface Support</title>
686 <para>The &man.ath.4; driver has been updated to
687 HAL version 0.9.20.3. &merged;</para>
689 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;, &arch.sparc64;]
690 The &man.ath.4;, &man.ath.hal.4;, and
691 <literal>ath_rate_sample</literal> drivers have been
692 included in the <filename>GENERIC</filename> kernel by
693 default. &merged;</para>
695 <para>[&arch.amd64;, &arch.i386;] The &man.bce.4; driver, which supports Broadcom
696 NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet controllers,
697 has been added. For more details, see &man.bce.4;. &merged;</para>
699 <para>A bug which prevents the &man.bfe.4; driver from working
700 on a system with over 1GB RAM has been fixed. &merged;</para>
702 <para>The &man.bge.4; driver's Jumbo frame support is now MPSAFE.</para>
704 <para>The &man.bge.4; driver now supports big-endian
705 architectures such as sparc64.</para>
707 <para>The &man.bge.4; driver now supports &man.polling.4; mode.
710 <para>The &man.cm.4; driver is now MPSAFE.</para>
712 <para>The &man.cxgb.4; driver has been added. It provides support for
713 10 Gigabit Ethernet adapters based on the Chelsio T3 and T3B chipsets.
716 <para>The &man.dc.4; driver is now MPSAFE. &merged;</para>
718 <para>The &man.de.4; driver has been converted to the &man.bus.dma.9;
719 API and is now MPSAFE.</para>
721 <para>The &man.ed.4; driver is now MPSAFE.</para>
723 <para>The &man.el.4; driver has been removed due to lack of use.</para>
725 <para>The &man.em.4; driver now supports big-endian
726 architectures such as sparc64. &merged;</para>
728 <para>The &man.em.4; driver has been updated to
729 version 6.2.9 from Intel. Among other changes, it now supports
730 80003, 82571, 82571EB and 82572 based adapters, as well as
731 onboard-NICs on ICH8-based motherboards. &merged;</para>
733 <para>The &man.em.4; driver now includes
734 initial support for suspend and resume features.</para>
736 <para>The performance of the &man.em.4; driver has been improved
737 by using a fast interrupt handler and taskqueue
738 instead of ithread handler. This change can be disabled
739 by defining <literal>NO_EM_FASTINTR</literal> kernel option
740 for debugging purpose.</para>
742 <para>The firmware images needed by the &man.ipw.4; driver are now
743 part of the &os; base system. For the loaded firmware to work the
744 license at <filename>/usr/share/doc/legal/intel_ipw/LICENSE</filename>
745 must be agreed to and <literal>legal.intel_ipw.license_ack=1</literal>
746 has to be added to <filename>/boot/loader.conf</filename>.
747 Prior versions of the driver used the firmware image in the
748 <filename role="package">net/ipw-firmware-kmod</filename>
750 <filename role="package">net/ipw-firmware</filename>
751 port/package. &merged;</para>
753 <para>The &man.iwi.4; driver now supports big-endian
754 architectures such as sparc64.</para>
756 <para>A number of improvements and bugfixes have been made to the
757 functionality of the &man.iwi.4; driver. &merged;</para>
759 <para>The firmware images needed by the &man.iwi.4; driver are now
760 part of the &os; base system. For the loaded firmware to work the
761 license at <filename>/usr/share/doc/legal/intel_iwi/LICENSE</filename>
762 must be agreed to and <literal>legal.intel_iwi.license_ack=1</literal>
763 has to be added to <filename>/boot/loader.conf</filename>.
764 Prior versions of the driver used the firmware image in the
765 <filename role="package">net/iwi-firmware-kmod</filename>
767 <filename role="package">net/iwi-firmware</filename>
768 port/package. &merged;</para>
770 <para>The &man.le.4; driver, which supports AMD Am7900 LANCE
771 and Am79C9xx PCnet NICs,
772 has been added. While the &man.lnc.4; driver also supports these
773 NICs, this driver has several advantages over it such as
774 MPSAFE, ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI
775 variants. This driver is based on NetBSD's implementation.
778 <para>The &man.lge.4; driver is now MPSAFE. &merged;</para>
780 <para>The lnc(4) driver has been removed. The &man.le.4; and
781 &man.pcn.4; drivers support all devices that were supported
784 <para>The &man.msk.4; driver has been added. It supports
785 network interfaces using the Marvell/SysKonnect Yukon II
786 Gigabit Ethernet controller. &merged;</para>
788 <para>The &man.my.4; driver is now MPSAFE. &merged;</para>
790 <para>The &man.my.4; driver now supports &man.altq.4;. &merged;</para>
792 <para>[&arch.amd64;, &arch.i386;] The &man.mxge.4; driver,
793 which supports Myricom Myri10GE 10 Gigabit Ethernet
794 adapters, has been added. For more details, see
797 <para>The &man.nfe.4; driver, an open-source driver for nForce
798 Ethernet devices, has been added, originally from
801 <para>[&arch.arm;] The &man.npe.4; driver, which supports the
802 Intel XScale Network Processing Engine, has been
803 added. &merged;</para>
805 <para>The &man.nve.4; driver has been updated to version 1.0-0310
806 (23-Nov-2005). It also now has &man.altq.4; support. &merged;</para>
808 <para>The &man.pcn.4; driver is now MPSAFE. &merged;</para>
810 <para>The &man.re.4; driver now supports the D-Link DGE-528(T)
811 Gigabit Ethernet card.</para>
813 <para>The &man.sf.4; driver is now MPSAFE. &merged;</para>
815 <para>The &man.sk.4; driver is now MPSAFE. &merged;</para>
817 <para>The &man.ste.4; driver is now MPSAFE. &merged;</para>
819 <para>The &man.stge.4; driver has been added. It supports the
820 Sundance/Tamarack TC9021 Gigabit Ethernet controller and was
821 ported from NetBSD. &merged;</para>
823 <para>The &man.ti.4; driver now supports big-endian
824 architectures such as sparc64.</para>
826 <para>The &man.ufoma.4; driver for
827 FOMA (third generation mobile phone system by NTT DoCoMo, Inc.
828 in Japan) has been added.
829 This should support other third generation mobile phones
830 since the driver is based on USB Implementation Guideline
831 from MCPC (Mobile Computing Promotion Consortium) in Japan.</para>
833 <para>The vgapci(4) driver has been added. This is a stub
834 device driver for VGA PCI devices and serves as a bus
835 so that other drivers such as drm(4),
836 &man.acpi.video.4;, and &man.agp.4; can attach to
837 it thus allowing multiple drivers for the same device.</para>
839 <para>The &man.vge.4; driver now supports &man.altq.4;. &merged;</para>
841 <para>The &man.wi.4; driver is now buildable as
842 a kernel module.</para>
844 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] The &man.wlan.wep.4;,
845 &man.wlan.ccmp.4;, and &man.wlan.tkip.4; drivers
846 have been included in the <filename>GENERIC</filename>
847 kernel by default.</para>
849 <para>The network interface groups feature has been imported
850 from OpenBSD. This feature allows an administrator to, for
851 example, apply firewall rules to an entire group of
852 interfaces. More information can be found in
853 &man.ifconfig.8;.</para>
855 <para>The 802.11 protocol stack now has support for 900 MHz
856 cards, as well as quarter- and half-channel support
857 for 802.11a. &merged;</para>
862 <sect3 id="net-proto">
863 <title>Network Protocols</title>
865 <para>The &man.arp.4; retransmission algorithm has been
866 rewritten so that ARP requests are retransmitted without
867 suppression, while there is demand for such ARP entry.
868 Due to this change, a sysctl variable
869 <varname>net.link.ether.inet.host_down_time</varname>
870 has been removed. &merged;</para>
872 <para>The &man.arp.4; protocol now supports a sysctl variable
873 <varname>net.link.ether.inet.log_arp_permanent_modify</varname>
874 to suppress logging of attempts to modify
875 permanent ARP entries. &merged;</para>
877 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] An experimental BPF Just-In-Time compiler
878 has been implemented for both &man.bpf.4; and &man.ng.bpf.4;.
880 <literal>options BPF_JITTER</literal> kernel option is needed.
881 The <varname>net.bpf_jitter.enable</varname>
882 can be used to disable this feature.</para>
884 <para>Multiple copies of a packet received via different
885 &man.bpf.4; listeners now all have identical
886 timestamps. &merged;</para>
888 <para>The &man.bpf.4; device now supports several new
889 &man.ioctl.2; calls to allow examining inbound vs. outbound
890 packets, as well as packets that have been injected onto the
893 <para>The bridge(4) driver has been removed from the tree. Its
894 functionality has been completely replaced by
895 &man.if.bridge.4;.</para>
897 <para>The &man.enc.4; IPsec filtering pseudo-device has been
898 added. It allows firewall packages using the &man.pfil.9;
899 framework to examine (and filter) IPsec traffic before
900 outbound encryption and after inbound decryption. &merged;</para>
902 <para>The &man.gre.4; driver, which is for GRE encapsulation
903 found in RFC 1701 and RFC 1702, now supports IPv6 over GRE.</para>
905 <para>The &man.if.bridge.4; driver now supports
906 creating SPAN ports, which transmit a copy of every frame
907 received by the bridge. This feature can be enabled
908 by using &man.ifconfig.8;. &merged;</para>
910 <para>The &man.if.bridge.4; driver now supports
911 RFC 3378 EtherIP. This change makes it possible to
912 add &man.gif.4; interfaces to bridges, which will then
913 send and receive IP protocol 97 packets.
914 Packets are Ethernet frames with an EtherIP header prepended.
917 <para>The &man.if.bridge.4; driver now supports RSTP, the Rapid
918 Spanning Tree Protocol (802.1w). &merged;</para>
920 <para>A hard-coded limit on the number of IPv4 multicast group
921 memberships (formerly 20) has been removed.</para>
923 <para>The path MTU discovery for multicast packets in the &os;
924 IPv6 stack has been disabled by default.
925 Path MTU notification from a large number of multicast routers
926 can be a kind of distributed Denial-of-Service attack to a router.
927 This feature can be re-enabled by using a new sysctl variable
928 <varname>net.inet6.ip6.mcast_pmtu</varname>. &merged;</para>
930 <para>IPv6 multicast forwarding is now dynamically loadable, via
931 the <filename>ip_mroute.ko</filename> module.</para>
933 <para>IPv6 link-local addresses are now enabled only
934 if <varname>ipv6_enable</varname> is set in &man.rc.conf.5;.
937 <para>The &man.ipfw.4; IP packet filter now supports IPv6. &merged;</para>
939 <para>The &man.ipfw.4; firewall system now supports
940 a <literal>tablearg</literal> feature, which allows
941 values obtained from a table lookup to be used as part of a
943 This feature can be used to optimize some rulesets
944 or to implement policy-based routing inside a firewall.
945 For example, the following rules will throw different
946 packets to different pipes:</para>
948 <programlisting>pipe 1000 config bw 1000Kbyte/s
949 pipe 4000 config bw 4000Kbyte/s
950 table 1 add x.x.x.x 1000
951 table 1 add x.x.x.y 4000
952 pipe tablearg ip from table(1) to any</programlisting>
954 <para>The &man.ipfw.4; packet filter now supports
955 <literal>tag</literal> and <literal>untag</literal> rule keywords.
956 When a packet matches a rule with the <literal>tag</literal>
957 keyword, the numeric tag for the given number in the range
958 from 0 to 65535 will be attached to the packet.
959 The tag acts as an internal marker (it is not sent out over
960 the wire) that can be used to identify these packets later on,
961 for example, by using <literal>tagged</literal>
962 rule option. For more details, see &man.ipfw.8;. &merged;</para>
964 <para>The <literal>IPFIREWALL_FORWARD_EXTENDED</literal> kernel
965 option has been removed. This option was used to permit
966 &man.ipfw.4; to redirect packets with local destinations.
967 This behavior is now always enabled when
968 the <literal>IPFIREWALL_FORWARD</literal> kernel option is
969 enabled. &merged;</para>
971 <para>The ip6fw(8) packet filter has been removed. Since &man.ipfw.4; has gained
972 IPv6 support, it should be used instead. Please note that some rules might need
973 to be adjusted.</para>
975 <para>The &man.natm.4;, Native Mode ATM protocol layer is now MPSAFE.</para>
977 <para>A new &man.ng.deflate.4; Netgraph node type has been
978 added. It implements Deflate PPP compression. &merged;</para>
980 <para>The &man.ng.ether.4; Netgraph node no longer overwrites
981 the MAC address of outgoing frames by default. &merged;</para>
983 <para>The &man.ng.iface.4; Netgraph node now supports &man.altq.4;.
986 <para>A new &man.ng.pred1.4; Netgraph node type has been added
987 to implement Predictor-1 PPP compression. &merged;</para>
989 <para>The &man.ng.tag.4; Netgraph node has been added to
990 support the manipulation of mbuf tags attached to data in the
991 kernel. &merged;</para>
993 <para>A bug has been fixed in which NFS over TCP would not reconnect
994 when the server sent a FIN. This problem had occurred
995 with Solaris NFS servers. &merged;</para>
997 <para>The default retransmit timer for NFS over TCP is now 60 seconds.
998 This change prevents the unnecessary retransmission of
999 non-idempotent NFS requests. The <varname>nfs_access_cache</varname>
1000 variable in &man.rc.conf.5; has also been changed to 60.</para>
1002 <para>The default minimum number of nfsiod kernel threads
1003 (&man.sysctl.8; variable <varname>vfs.nfs.iodmin</varname>)
1004 has been changed from 4 to 0.</para>
1006 <para>The sysctl variables <varname>net.inet.ip.portrange.reservedhigh</varname>
1007 and <varname>net.inet.ip.portrange.reservedlow</varname>
1008 can be used with IPv6 now. &merged;</para>
1010 <para>A new sysctl variable <varname>net.inet.icmp.reply_from_interface</varname>
1011 has been added. This allows the &man.icmp.4;
1012 reply to non-local packets to be generated with
1013 the IP address the packet came through in.
1014 This is useful for routers to show in &man.traceroute.8;
1015 the actual path a packet has taken instead of
1016 the possibly different return path.</para>
1018 <para>A new sysctl variable <varname>net.inet.icmp.quotelen</varname>
1019 has been added. This allows to change length of
1020 the quotation of the original packet in an ICMP reply.
1021 The minimum of 8 bytes is internally enforced.
1022 The maximum quotation is the remaining space in the
1023 reply mbuf. This option is added in response to the
1024 issues raised in I-D
1025 <filename>draft-gont-icmp-payload-00.txt</filename>.</para>
1027 <para>The &man.icmp.4; now always quotes the entire TCP header
1028 when responding and allocate an mbuf cluster if needed.
1029 This change fixes the TCP issues raised in I-D
1030 <filename>draft-gont-icmp-payload-00.txt</filename>.</para>
1032 <para>A new socket option <literal>IP_MINTTL</literal> has been added.
1033 This may be used to set the minimum acceptable
1034 TTL a packet must have when received on a socket.
1035 All packets with a lower TTL are silently dropped.
1036 This works on already connected/connecting and
1037 listening sockets for RAW, UDP, and TCP. This option
1038 is only really useful when set to <literal>255</literal>, preventing packets
1039 from outside the directly connected networks reaching
1040 local listeners on sockets. Also, this option allows
1041 userland implementation of <quote>The Generalized TTL
1042 Security Mechanism (GTSM)</quote> found in RFC 3682.</para>
1044 <para>The kernel &man.ppp.4; driver now supports IPv6.</para>
1046 <para>Stealth forwarding now supports IPv6 as well as IPv4.
1047 This behavior can be controlled by using a new sysctl variable
1048 <varname>net.inet6.ip6.stealth</varname>.</para>
1050 <para>The <literal>PIM</literal> kernel option has been removed.
1051 The corresponding code is now included in the
1052 <literal>MROUTING</literal> kernel option.</para>
1054 <para>Support has been added for the Stream Control Transmission
1055 Protocol (SCTP). SCTP implements a reliable, message-oriented
1056 transport protocol, and is defined in RFC 3268. It is enabled
1057 in &os; with the <literal>SCTP</literal> kernel option.</para>
1059 <para>The <literal>IPV6_V6ONLY</literal> socket option
1060 now works for UDP.</para>
1062 <para>The <literal>TCP_DROP_SYNFIN</literal> kernel option is now
1063 included in the kernel by default. The
1064 <varname>net.inet.tcp.drop_synfin</varname> sysctl variable still
1065 defaults to <literal>0</literal>.</para>
1067 <para>The TCP bandwidth-delay product limiting feature has
1068 been disabled when the RTT is below a certain threshold.
1069 This optimization does not make sense on a LAN, as it has
1070 trouble figuring out the maximal bandwidth due to the coarse
1071 tick granularity. A new sysctl variable
1072 <varname>net.inet.tcp.inflight.rttthresh</varname> specifies
1073 the threshold in milliseconds below which this feature
1074 will disengage. It defaults to 10ms. &merged;</para>
1076 <para>The &os; network stack now has support for TCP
1077 Segmentation Offload (TSO). TSO reduces the overhead of
1078 sending bulk TCP data by allowing a network interface to
1079 convert a large data transfer into multiple TCP segments to be
1080 sent on the network. This functionality can be enabled or
1081 disabled on a per-interface basis with
1082 the <literal>tso</literal> and <literal>-tso</literal> flags
1083 to &man.ifconfig.8;. Network interfaces and drivers
1084 supporting TSO currently include &man.em.4;,
1085 &man.mxge.4; and &man.cxgb.4;.</para>
1087 <para>&os; now supports auto-sizing of TCP socket buffers. This
1088 allows the socket buffer sizes to adapt dynamically to network
1089 conditions, rather than being set statically. The behavior of
1090 this feature can be controlled using
1091 the <varname>net.inet.tcp.sendbuf_*</varname>
1092 and <varname>net.inet.tcp.recvbuf_*</varname> sysctl
1095 <para>The <varname>net.link.tap.up_on_open</varname> sysctl variable
1096 has been added to the &man.tap.4; driver. If enabled, new tap
1097 devices will marked <literal>up</literal> upon creation. &merged;
1100 <para>The &man.trunk.4; driver, ported from OpenBSD and NetBSD,
1101 has been added to support a variety of protocols and algorithms
1102 for link aggregation, failover, and fault tolerance.</para>
1104 <para>Support for &man.kqueue.2; operations has been added to
1105 the &man.tun.4; driver. &merged;</para>
1110 <title>Disks and Storage</title>
1112 <para>The &man.aac.4; driver now supports the Adaptec 2610SA SATA-RAID
1113 controller in some Hewlett-Packard machines.</para>
1115 <para>The performance of the &man.amr.4; driver has been improved;
1116 it also now supports full 64-bit DMA. While this feature is
1117 enabled by default, this can be forced off by setting the
1118 <varname>hw.amr.force_sg32</varname> loader tunable for
1122 <para>The &man.amr.4; driver now supports the &man.ioctl.2; requests
1123 necessary for the Linux LSI MegaRaid tools in &os;'s Linux emulation
1127 <para>The &man.arcmsr.4; driver has been updated to version
1128 1.20.00.13. &merged;</para>
1130 <para>The &man.ata.4; driver now supports a workaround
1131 for some controllers whose DMA does not work properly
1132 in 48bit mode. For affected controllers,
1133 PIO mode will be used for access to areas beyond 137GB.
1136 <para>The &man.ata.4; driver now supports the ITE IT8211F IDE controller,
1137 and the Promise PDC40718 and PDC40719 chip found in Promise
1141 <para>The &man.ata.4; driver now supports DMA for kernel crash dumps,
1142 as well as crash dumping to an &man.ataraid.4; device.
1145 <para>The &man.ata.4; driver now supports USB mass storage class
1146 devices. To enable it, a line <literal>device atausb</literal>
1147 in the kernel configuration file or loading the
1148 <filename>atausb</filename> kernel module is needed.
1149 Note that this functionality cannot coexist with the
1150 &man.umass.4; driver. &merged;</para>
1152 <para>The &man.ataraid.4; driver now supports
1153 JMicron ATA RAID metadata. &merged;</para>
1155 <para>The <literal>GEOM_LABEL</literal> class now supports
1156 Ext2FS, NTFS, and ReiserFS. &merged;</para>
1158 <para>The <literal>GEOM_MIRROR</literal> class now supports
1159 kernel crash dumps to the GEOM providers.
1162 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal>
1163 classes now support sysctl variables
1164 <varname>kern.geom.mirror.disconnect_on_failure</varname>
1166 <varname>kern.geom.graid3.disconnect_on_failure</varname>
1167 to control whether failed components will be disconnected or not.
1168 The default value is <literal>1</literal> to preserve the current
1169 behavior, and if it is set to <literal>0</literal> such components
1170 are not disconnected and the kernel will try to still use them
1171 (only the first error will be logged).
1172 This is helpful for the case of multiple broken components (in
1173 different places), so actually all data is available.
1174 The broken components will be visible in <command>gmirror list</command>
1175 or <command>graid3 list</command> output with flag
1176 <literal>BROKEN</literal>.
1179 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal>
1180 classes now use parallel I/O requests for synchronization
1181 to improve the performance. New sysctl variables
1182 <varname>kern.geom.mirror.sync_requests</varname> and
1183 <varname>kern.geom.raid3.sync_requests</varname>
1184 define how many parallel I/O requests should be used.
1185 Also, the sysctl variables
1186 <varname>kern.geom.mirror.reqs_per_sync</varname>,
1187 <varname>kern.geom.mirror.syncs_per_sec</varname>,
1188 <varname>kern.geom.raid3.reqs_per_sync</varname>, and
1189 <varname>kern.geom.raid3.syncs_per_sec</varname>
1190 are deprecated and have been removed.
1193 <para>A new GEOM_MULTIPATH class has been added to support
1194 multiple access paths to disk devices. The &man.gmultipath.8;
1195 utility has been added to control the behavior of disk devices
1196 using this feature.</para>
1198 <para>A new GEOM class <literal>GEOM_ZERO</literal> has been added.
1199 It creates a very huge provider (41PB) <filename>/dev/gzero</filename>
1200 and is mainly useful for performance testing.
1201 On <literal>BIO_READ</literal> request it zero-fills
1202 <varname>bio_data</varname> and on <literal>BIO_WRITE</literal>
1206 <para>The GEOM class kernel module <filename>g_md.ko</filename>
1207 has been renamed to <filename>geom_md.ko</filename>
1208 for consistency.</para>
1210 <para>[&arch.amd64;, &arch.i386;] The &man.hptmv.4; driver has been updated and now supports
1211 amd64 as well as PAE.</para>
1213 <para>The &man.mfi.4; driver, which supports
1214 the LSI MegaRAID SAS controller family, has been added.
1217 <para>The &man.mpt.4; driver has been updated to support
1218 various new features such as RAID volume and RAID member
1219 state/settings reporting, periodic volume re-synchronization
1220 status reporting, and sysctl variables for volume
1221 re-synchronization rate, volume member write cache status,
1222 and volume transaction queue depth.</para>
1224 <para>The &man.mpt.4; driver now supports SAS HBA (partially),
1225 64-bit PCI, and large data transfer.</para>
1227 <para>The &man.twa.4; driver has been updated to the 9.3.0.1
1228 release on the 3ware Web site. &merged;</para>
1230 <para>A new GEOM-based disk encryption facility, GEOM_ELI, has been
1231 added. It uses the &man.crypto.9; framework for hardware acceleration
1232 and supports different cryptographic algorithms. See &man.geli.8; for
1233 more information. &merged;</para>
1235 <para>The &man.geli.8; disk encryption system now supports loading keyfiles before the root
1236 file system is mounted. &merged;
1237 For example, the following entries
1238 can be used in <filename>/boot/loader.conf</filename> to enable
1241 <programlisting>geli_da0_keyfile0_load="YES"
1242 geli_da0_keyfile0_type="da0:geli_keyfile0"
1243 geli_da0_keyfile0_name="/boot/keys/da0.key0"
1244 geli_da0_keyfile1_load="YES"
1245 geli_da0_keyfile1_type="da0:geli_keyfile1"
1246 geli_da0_keyfile1_name="/boot/keys/da0.key1"
1247 geli_da0_keyfile2_load="YES"
1248 geli_da0_keyfile2_type="da0:geli_keyfile2"
1249 geli_da0_keyfile2_name="/boot/keys/da0.key2"
1251 geli_da1s3a_keyfile0_load="YES"
1252 geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
1253 geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"</programlisting>
1255 <para>&man.geli.8; is now able to perform data integrity
1256 verification (data authentication) of encrypted data stored on
1257 disk. Note that the encryption algorithm is now specified to
1258 the &man.geli.8; control program using the <option>-e</option>
1259 option; the <option>-a</option> option is now used to specify
1260 the authentication algorithm. &merged;</para>
1262 <para>The sg driver, which emulates a significant
1263 subset of the Linux SCSI SG passthrough device API, has
1265 intended to allow programs running under Linux emulation
1266 (as well as native &os; applications) to access the
1267 <filename>/dev/sg<replaceable>*</replaceable></filename>
1268 devices supported by Linux. &merged;</para>
1270 <para>The &man.umass.4; driver now supports
1271 <literal>PLAY_MSF</literal>,
1272 <literal>PLAY_TRACK</literal>,
1273 <literal>PLAY_TRACK_REL</literal>,
1274 <literal>PAUSE</literal>,
1275 <literal>PLAY_12</literal> commands so that
1276 the &man.cdcontrol.1; utility can handle a USB CD drive.</para>
1280 <title>File Systems</title>
1282 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] The &man.linsysfs.5;
1283 pseudo-file system driver has been added.
1284 It provides a subset of the
1285 Linux <filename>sys</filename> file system, and is required for
1286 the correct operation of some Linux binaries (such as the LSI
1287 MegaRAID SAS utility). &merged;</para>
1289 <para>A part of the FreeBSD NFS subsystem (the interface with
1290 the protocol stack and callouts, the NFS client side) is now MPSAFE.</para>
1292 <para>Initial (read-only) support for SGI's XFS file system has been
1295 <para>The unionfs file system has been re-implemented. This
1296 version solves many crashing and locking issues compared to
1297 the previous implementation. It also adds
1298 new <quote>transparent</quote> and <quote>masquerade</quote>
1299 modes for automatically creating files in the upper file system
1300 layer of unions. More information can be found in the
1301 &man.mount.unionfs.8; manual page. &merged;</para>
1303 <para>[&arch.amd64;, &arch.i386;, &arch.pc98;] Support for Sun's ZFS has been
1304 added. More information about this file system can be found
1305 in the &man.zfs.8; manual page or
1306 on the <ulink url="http://www.opensolaris.org/os/community/zfs/">
1307 OpenSolaris ZFS page</ulink>.</para>
1312 <sect2 id="userland">
1313 <title>Userland Changes</title>
1315 <para>The addr2ascii() and ascii2addr() library calls, originally
1316 introduced by the INRIA IPv6 implementation, have been removed
1317 from <filename>libc</filename>. They have no consumers in the
1318 &os; base system. In a related change, support
1319 for <literal>AF_LINK</literal> addresses has been added to
1320 &man.getnameinfo.3;.</para>
1322 <para>Padding of <varname>ai_addrlen</varname>
1323 in <varname>struct addrinfo</varname> has been removed,
1324 which was originally for the ABI compatibility.
1325 For example, this change breaks the ABI compatibility of the
1326 &man.getaddrinfo.3; function on 64-bit architectures, including
1327 &os;/amd64, &os;/ia64, and &os;/sparc64.</para>
1329 <para>The &man.asf.8; utility has been revised and extended. Now
1330 it can operate via several interfaces including &man.kvm.3;,
1331 which supports not only live systems, but also kernel crash dumps.
1334 <para>The &man.arp.8; utility now allows the <option>-i</option>
1335 option together with the <option>-d</option> and <option>-a</option> options
1336 to allow all entries for a given interface to be removed.</para>
1338 <para>The OpenBSM userland tools, including &man.audit.8;,
1340 &man.auditreduce.1;, and
1341 &man.praudit.1;, have been added. &merged;</para>
1343 <para>The &man.bsdiff.1; and &man.bspatch.1; utilities
1344 have been added. These are tools for constructing and
1345 applying binary patches. &merged;</para>
1347 <para>The &man.bsnmpd.1; utility now supports the Host Resources
1348 MIB described in RFC 2790. &merged;</para>
1350 <para>&man.cached.8; has been added. It is a daemon that caches
1351 the results of nsswitch lookups (such as those to the password,
1352 group, and services databases) for improved performance.</para>
1354 <para>The &man.cmp.1; utility now supports an <option>-h</option>
1355 flag to compare the symbolic link itself rather than the
1356 file that the link points to. &merged;</para>
1358 <para>The &man.config.8; utility now supports the <literal>nocpu</literal>
1359 directive, which cancels the effect of a
1360 previous <literal>cpu</literal> directive. &merged;</para>
1362 <para>The &man.config.8; utility now reads <filename>DEFAULTS</filename>
1363 kernel configuration file if it exists in the current directory
1364 before the specified configuration file. &merged;</para>
1366 <para>The &man.cp.1; utility now supports a <option>-l</option>
1367 option, which causes it to create hardlinks to the source files
1368 instead of copying them. &merged;</para>
1370 <para>The &man.csh.1; utility now supports NLS catalogs.
1371 Note that this requires installing
1372 the <filename role="package">shells/tcsh_nls</filename> port.
1375 <para>The &man.csup.1; utility has been imported.
1376 This is an implementation of a CVSup-compatible client written
1377 in the C language. Note that it currently supports checkout mode
1378 only. &merged;</para>
1380 <para>The &man.dhclient.8; program now sends the host's name in
1381 DHCP requests if it is not specified in the configuration
1382 file. &merged;</para>
1384 <para>The &man.devd.8; utility now supports a <option>-f</option> option
1385 to specify a configuration file. &merged;</para>
1387 <para>The &man.du.1; program now supports a <option>-n</option>
1388 flag, which causes it to ignore files and directories with
1389 the <literal>nodump</literal> flag set. &merged;</para>
1391 <para>The &man.dump.8; and &man.restore.8; programs now attempt to
1392 save and restore extended attribute information on files.</para>
1394 <para>The &man.fsdb.8; utility now supports changing the birth
1395 time of files on UFS2 file systems using the new
1396 <literal>btime</literal> command. &merged;</para>
1398 <para>The &man.fsdb.8; program now supports
1399 a <literal>findblk</literal> command, which finds the inode(s)
1400 owning a specific disk block. &merged;</para>
1402 <para>The &man.find.1; program now supports <option>-Btime</option>
1403 and other related primaries, which can be used to create expressions
1404 based on a file's creation time. &merged;</para>
1406 <para>A bug in the &man.find.1; program which prevents
1407 numeric arguments for <option>-user</option> and
1408 <option>-group</option> from working as expected
1409 has been fixed.</para>
1411 <para>The &man.freebsd-update.8; utility, a tool for managing
1412 binary updates to the &os; base system, has been added. &merged;</para>
1414 <para>The &man.ftpd.8; utility now creates a PID file
1415 <filename>/var/run/ftpd.pid</filename> even when
1416 no <option>-p</option> option is specified. &merged;</para>
1418 <para>The &man.gbde.8; utility now supports
1419 <option>-k</option> and <option>-K</option> options
1420 to specify a key file in addition to a passphrase.</para>
1422 <para>The &man.getfacl.1; utility now supports
1423 a <option>-q</option> flag to suppress the per-file header
1424 comment listing the file name, owner, and group.
1427 <para>The &man.getent.1; utility has been imported from NetBSD.
1428 It retrieves and displays information from an administrative
1429 database (such as <filename>hosts</filename>) using the lookup
1430 order specified in &man.nsswitch.conf.5;. &merged;</para>
1432 <para>The &man.gpt.8; utility now supports setting GPT partition labels.</para>
1434 <para>The &man.gvinum.8; utility now supports commands
1435 to rename objects and to move a subdisk from
1436 one drive to another. &merged;</para>
1438 <para>The &man.gvinum.8; utility now supports the
1439 <command>resetconfig</command> sub-command.</para>
1441 <para>An implementation of Generic Security Service API (GSS-API)
1442 version 2 and its C binding described in RFC2743 and RFC2744
1443 has been added. This is a new extensible GSS-API layer which
1444 can support GSS-API plugins, similar the the Solaris
1445 implementation, and the Kerberos 5 GSS mechanism has
1446 been rewritten as a plugin library for the new implementation.</para>
1448 <para>The &man.hccontrol.8; utility now supports HCI node
1449 autodetection.</para>
1451 <para>The &man.id.1; utility now prints the effective user
1452 ID after the group ID.</para>
1454 <para>The &man.id.1; utility now supports a <option>-A</option>
1455 flag to print process audit properties, including the audit user
1458 <para>The &man.ifconfig.8; utility now supports
1459 a <option>-k</option> flag to allow printing
1460 potentially sensitive keying material to standard output.
1461 This sensitive information will not be printed by default.</para>
1463 <para>The &man.ifconfig.8; utility now supports a <option>-tunnel</option>
1464 parameter, which is just an alias for <option>deletetunnel</option>,
1465 yet is more convenient and easier to type.</para>
1467 <para>The <option>-vlandev</option> parameter to &man.ifconfig.8;
1468 no longer requires a network interface as its argument. The
1469 argument still is supported for backward compatibility, but
1470 is now deprecated and its use is discouraged.</para>
1472 <para>The &man.iostat.8; utility now supports
1473 a <option>-x</option> flag (inspired by Solaris) to print
1474 extended disk statistics. If the new <option>-z</option> flag is
1475 also specified, no output is made for disks with no
1476 activity. &merged;</para>
1478 <para>The &man.ipfwpcap.8; utility has been added; it captures
1479 packets on a &man.divert.4; socket and writes them as
1480 &man.pcap.3; (also known as &man.tcpdump.1;) format data to a
1481 file or pipe.</para>
1483 <para>The &man.jail.8; utility supports a <option>-J
1484 <replaceable>jid_file</replaceable></option> option to
1485 write out a JidFile, similar to a PidFile, containing
1486 the jailid, path, hostname, IP and the command used to start
1487 the jail. &merged;</para>
1489 <para>The &man.jail.8; program now supports a <option>-s</option>
1490 option to specify a jail's securelevel. &merged;</para>
1492 <para>The &man.jexec.8; utility now supports <option>-u</option>
1493 and <option>-U</option> flags to specify username credentials
1494 under which a command should be executed. &merged;</para>
1496 <para>The &man.kdump.1; program now supports a <option>-H</option>
1497 flag, which causes kdump to print an additional field holding
1498 the threadid. &merged;</para>
1500 <para>The &man.kdump.1; program now supports a <option>-s</option>
1501 flag to suppress the display of I/O data. &merged;</para>
1503 <para>The &man.kdump.1; program now supports printing
1504 flags in a system call argument by using symbol names.</para>
1506 <para>The &man.kenv.1; utility now supports a <option>-q</option>
1507 flag to suppress warnings.</para>
1509 <para>&man.kgdb.1; now supports a <option>-w</option>
1510 option to open kmem-based targets in read-write mode.
1511 This allows one to use kgdb on <filename>/dev/mem</filename>
1512 and be able to patch memory on a live system.</para>
1514 <para>The &man.libarchive.3; library now supports
1515 POSIX.1e-style Extended Attributes.</para>
1517 <para>The <application>libc</application> library now includes
1518 initial implementation of symbol maps and symbol version
1521 <para>The <application>libedit</application> library has been
1522 updated from the NetBSD source tree as of August 2005.</para>
1524 <para>The <application>libm</application> library now includes
1525 initial implementation of symbol maps and symbol version
1528 <para>The &man.libmemstat.3; library has been added.
1529 This is for use by debugging and monitoring applications
1530 in tracking kernel memory statistics. It provides an
1531 abstracted interface to &man.uma.9; and &man.malloc.9;
1532 statistics, wrapped around the binary stream sysctl variables
1533 for the allocators. &merged;</para>
1535 <para>The &man.ln.1; utility now supports
1536 an <option>-F</option> flag, which deletes existing
1537 empty directories when creating symbolic links.
1540 <para>The &man.locate.1; utility now supports
1541 a <option>-0</option> flag to make this utility
1542 interoperable with &man.xargs.1;'s <option>-0</option> flag.
1545 <para>The &man.logger.1; utility now supports
1546 a <option>-P</option>, which specifies the port to which syslog
1547 messages should be sent. &merged;</para>
1549 <para>The &man.ls.1; utility now supports
1550 an <option>-I</option> flag to disable the automatic
1551 <option>-A</option> flag for the superuser. &merged;</para>
1553 <para>The &man.ls.1; utility now supports
1554 an <option>-U</option> flag to use the file creation
1555 time for sorting. &merged;</para>
1557 <para>A new &man.malloc.3; implementation has been introduced.
1558 This implementation, sometimes referred to
1559 as <quote>jemalloc</quote>, was designed to improve the
1560 performance of multi-threaded programs, particularly on SMP
1561 systems, while preserving the performance of single-threaded
1562 programs. Due to the use of different algorithms and data
1563 structures, jemalloc may expose some previously-unknown bugs in
1564 userland code, although most of the &os; base system and common
1565 ports have been tested and/or fixed.</para>
1567 <para>The &man.mdconfig.8; utility now supports producing
1568 device listings formatted as XML. Currently, the
1569 <command>list</command> and <command>query</command>
1570 sub-commands support this feature.</para>
1572 <para>The &man.mdconfig.8; utility's <option>-u</option> option
1573 now supports specifying multiple devices separated
1574 by comma character.</para>
1576 <para>The &man.mdmfs.8; utility now supports a <option>-P</option> flag
1577 to allow skipping the &man.newfs.8; process
1578 when using a vnode-backed disk.</para>
1580 <para>The &man.mdmfs.8; utility now supports a <option>-E</option> flag
1581 to allow to specify location of the &man.mdconfig.8;
1582 utility instead of using the default one
1583 (<filename>/sbin/mdconfig</filename>).</para>
1585 <para>A new function &man.memmem.3; has been implemented in
1586 <filename>libc</filename>. This is the binary equivalent to
1587 &man.strstr.3; and found in <filename>glibc</filename>.</para>
1589 <para>The &man.mergemaster.8; utility now supports
1590 an <option>-A</option> option to explicitly specify
1591 an architecture to pass through to the underlying makefiles.
1594 <para>The &man.mount.8; <literal>nodev</literal> option has
1595 been removed.</para>
1597 <para>The &man.mount.8; utility now supports &man.mqueuefs.5;.</para>
1599 <para>A bug which prevents the &man.mount.8; utility from converting
1600 a read-only mount to read-write via <command>mount -u -o rw</command>,
1601 has been fixed.</para>
1603 <para>The &man.mount.8; utility now supports a
1604 <literal>late</literal> keyword in &man.fstab.5;, along with a
1605 corresponding <option>-l</option> command-line option to specify
1606 that these <quote>late</quote> file systems should be
1607 mounted. &merged;</para>
1609 <para>The &man.moused.8; daemon now supports an <option>-H</option> flag
1610 to enable horizontal virtual scrolling similar to the
1611 <option>-V</option> flag for vertical virtual scrolling.
1614 <para>The mrouted(8) multicast routing daemon has been removed
1615 from the &os; base system. It implements the DVMRP multicast
1616 routing protocol, which has largely been replaced by PIM in many
1617 multicast installations. The related map-mbone(8) and mrinfo(8)
1618 utilities have also been removed. These programs are now
1619 available in the &os; Ports Collection
1620 as <filename role="package">net/mrouted</filename>.</para>
1622 <para>The &man.netstat.1; utility now supports an
1623 <option>-h</option> flag for interface stats mode,
1624 which prints all interface statistics in human readable form. &merged;</para>
1626 <para>The &man.netstat.1; utility now supports
1627 printing &man.ipsec.4; protocol statistics if the
1628 kernel was compiled with <literal>FAST_IPSEC</literal>
1629 rather than the KAME IPSEC stack.
1630 Note that the output of <command>netstat -s -p ipsec</command>
1631 differs depending on which stack is compiled into
1632 the kernel since they each keep different statistics. &merged;</para>
1634 <para>The <filename>/etc/nsswitch.conf</filename> file is now
1635 installed statically instead of being generated on every
1638 <para>The objformat(1) utility and getobjformat(3) library (the
1639 last remnants of a.out object file support) have been removed.</para>
1641 <para>The &man.periodic.8; daily script now supports
1642 display of the status of &man.gmirror.8;, &man.graid3.8;,
1643 &man.gstripe.8;, and &man.gconcat.8; devices.
1644 Note that these are disabled by default. &merged;</para>
1646 <para>A new function, &man.pidfile.3;, which provides reliable
1647 pidfiles handling, has been implemented in
1648 <filename>libutil</filename>. &merged;</para>
1650 <para>The &man.ping.8; utility now supports a <quote>sweeping
1651 ping</quote> in which &man.icmp.4; payload of
1652 packets being sent is increased with given step.
1653 This is useful for testing problematic channels, MTU issues
1654 or traffic policing functions in networks. &merged;</para>
1656 <para>The &man.ping.8; command now supports a <option>-W</option>
1657 option to specify the maximum time to wait for an echo reply.
1660 <para>The &man.pkill.1; utility now supports a
1661 <option>-F</option> option which allows to
1662 restrict matches to a process whose PID is stored in the
1663 pidfile file. When another new option <option>-L</option>
1664 is also specified, the pidfile file must be locked with the
1665 &man.flock.2; syscall or created with &man.pidfile.3;.</para>
1667 <para>The &man.pkill.1; utility now supports a
1668 <option>-I</option> flag which works like <option>-i</option>
1669 of &man.rm.1;. When this flag is specified, &man.pkill.1;
1670 will ask for confirmation before sending a signal to
1671 each matching process.</para>
1673 <para>The &man.pkill.1; utility (also known as &man.pgrep.1;) has
1674 been moved from <filename>/usr/bin</filename>
1675 to <filename>/bin</filename> so that it can be used by startup
1676 scripts. Symbolic links from its former location have been
1677 created for backward compatibility. &merged;</para>
1679 <para>The &man.powerd.8; program now supports a
1680 <option>-P</option> option, which specifies a pidfile to use.</para>
1682 <para>An extensible implementation of &man.printf.3;, compatible
1683 with GLIBC, has been added to <filename>libc</filename>. It is
1684 only used if the environment variable
1685 <varname>USE_XPRINTF</varname> is defined, one of the extension
1686 functions is called, or the global variable
1687 <varname>__use_xprintf</varname> is set to a value greater than
1688 <literal>0</literal>. Five extensions are currently supported:
1689 <literal>%H</literal> (hex dump),
1690 <literal>%T</literal> (<varname>time_t</varname> and
1691 time-related structures),
1692 <literal>%M</literal> (errno message),
1693 <literal>%Q</literal> (double-quoted, escaped string),
1694 <literal>%V</literal> (&man.strvis.3;-format string),
1697 <para>The DNS resolver library in &os;'s <application>libc</application>
1698 has been updated to that from BIND 9.3.3. &merged;</para>
1700 <para>The &man.rfcomm.sppd.1; program now supports service names
1701 in addition to <option>-c</option> option with channel number.
1702 The supported names are: DUN (Dial-Up Networking), FAX (Fax),
1703 LAN (LAN Access Using PPP), and SP (Serial Port). &merged;</para>
1705 <para>The &man.rpcgen.1; utility now generates headers and stub files
1706 that can be used with ANSI C compilers by default.</para>
1708 <para>The &man.rtld.1; runtime linker now supports ELF symbol versioning
1709 using GNU semantics. This implementation aims to be compatible
1710 with symbol versioning support as implemented by GNU libc and
1711 documented in <ulink url="http://people.redhat.com/~drepper/symbol-versioning"></ulink>
1712 and LSB 3.0. Also, <function>dlvsym()</function>
1713 function has been added to
1714 allow lookups for a specific version of a given symbol.</para>
1716 <para>A bug in the &man.sed.1; utility which can cause
1717 incorrect calculation of pattern space length in some cases
1718 has been fixed.</para>
1720 <para>The <option>-h</option> flag to &man.setfacl.1; now properly
1721 sets the ACL on a symbolic link, not the link target.</para>
1723 <para>The &man.sh.1; utility now supports a <literal>times</literal>
1724 built-in command. &merged;</para>
1726 <para>The &man.snapinfo.8; utility, which shows snapshot locations
1727 on UFS file systems, has been added. &merged;</para>
1729 <para>The &man.sockstat.1; utility, which shows connected and
1730 listening network sockets, now supports a new <option>-P</option>
1731 command-line option, which can be used to filter displayed sockets
1732 by protocol name (as listed in &man.protocols.5;).</para>
1734 <para>The &man.strtonum.3; library function has been implemented
1735 based on OpenBSD's implementation. This is an improved version of
1736 &man.strtoll.3;. &merged;</para>
1738 <para>The &man.sysctl.8; utility now supports a <option>-q</option>
1739 flag to suppress a limited set of warnings and errors.</para>
1741 <para>The &man.tail.1; utility now supports a <option>-q</option>
1742 flag to suppress header lines when multiple files are
1743 specified. &merged;</para>
1745 <para>The version of tcpslice in the &os; base system has been
1746 removed due to obsolescence. A more up-to-date version can be
1747 found in the Ports Collection
1748 as <filename role="package">net/tcpslice</filename>.</para>
1750 <para>The &man.time.1; utility now prints the time that a given
1751 command has been running if sent a <literal>SIGINFO</literal> signal.</para>
1753 <para>The &man.traceroute.8; program now supports
1754 a <option>-D</option> flag, which causes it to display the
1755 differences between the sent and received
1756 packets. &merged;</para>
1758 <para>The &man.traceroute.8; utility now supports
1759 a <option>-e</option> option, which sets a fixed destination
1760 port for probe packets. This can be useful for tracing behind
1761 packet-filtering firewalls. &merged;</para>
1763 <para>&man.traceroute.8; now decodes the complete set of ICMP
1764 unreachable messages in its output. &merged;</para>
1766 <para>The &man.truss.1; utility now supports an <option>-s</option>
1767 flag for the same functionality as the strace utility
1768 (<filename role="package">devel/strace</filename>).</para>
1770 <para>The &man.truss.1; utility no longer depends on the availability
1771 of the &man.procfs.5; file system; it uses the &man.ptrace.2;
1772 interface instead for controlling a traced process.</para>
1774 <para>[&arch.powerpc;] The &man.truss.1; utility now supports &os;/powerpc.</para>
1776 <para>The usbd(8) utility has been removed.
1777 The &man.devd.8; utility and its configuration
1778 file now support functionality which is equivalent to it.</para>
1780 <para>The &man.uuidgen.1; utility has been moved from
1781 <filename>/usr/bin</filename> to <filename>/bin</filename>.</para>
1783 <para>The vnconfig(8) utility, which was long ago replaced by
1784 &man.mdconfig.8;, has been removed.</para>
1786 <para>The &man.xargs.1; utility now supports a <option>-r</option>
1787 flag which makes the command execution when the standard input
1788 does not contain any non-whitespace-characters. &merged;</para>
1790 <para>The shared library version number of all libraries has
1791 been updated due to some possible ABI changes. The libraries
1792 include: snmp_<replaceable>*</replaceable>, libdialog, libg2c, libobjc,
1793 libreadline, libregex, libstdc++, libkrb5, libalias, libarchive,
1794 libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt,
1795 libdevstat, libedit, libexpat, libfetch, libftpio, libgpib,
1796 libipsec, libkiconv, libmagic, libmp, libncp, libncurses,
1797 libnetgraph, libngatm, libopie, libpam, libpthread, libradius,
1798 libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw,
1799 libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto,
1800 libssh, and libssl.</para>
1802 <para>The <function>wcsdup()</function> function has been
1803 implemented. This function is popular in Microsoft and GNU
1806 <para>The &man.wpa.passphrase.8; utility has been added. It
1807 generates a 256-bit pre-shared WPA key from an ASCII
1808 passphrase. &merged;</para>
1810 <para>The compiler toolchain is now capable of generating
1811 executables for systems using the ARM processor. &merged;</para>
1813 <sect3 id="rc-scripts">
1814 <title><filename>/etc/rc.d</filename> Scripts</title>
1816 <para>The <filename>auditd</filename> script for
1817 OpenBSM &man.auditd.8; has been added. &merged;</para>
1819 <para>The <filename>bluetooth</filename> script
1820 has been added. This script will be called from
1821 &man.devd.8; in response to device attachment/detachment
1822 events and to stop/start particular device without unplugging
1823 it by hand. The configuration parameters are in
1824 <filename>/etc/defaults/bluetooth.device.conf</filename>,
1825 and can be overridden by using
1826 <filename>/etc/bluetooth/<replaceable>$device</replaceable>.conf</filename>
1827 (where <replaceable>$device</replaceable> is <devicename>ubt0</devicename>,
1828 <devicename>btcc0</devicename>, and so on.)
1829 For more details, see &man.bluetooth.conf.5;. &merged;</para>
1831 <para>The <filename>ftpd</filename> script for
1832 stand-alone &man.ftpd.8; has been added.</para>
1834 <para>The <filename>gbde_swap</filename> script has
1835 been removed in favor a new <filename>encswap</filename>
1836 script which also supports &man.geli.8; for swap
1839 <para>The <filename>geli</filename> and <filename>geli2</filename>
1840 scripts has been added for &man.geli.8; device
1841 configuration on boot.</para>
1843 <para>The <filename>ike</filename> script for
1844 IPsec IKE daemon has been removed because no such daemon
1845 is included in the base system.</para>
1847 <para>The <filename>hcsecd</filename> and
1848 <filename>sdpd</filename> scripts have been added
1849 for &man.hcsecd.8; and &man.sdpd.8; daemons.
1850 These daemons can run even if no Bluetooth devices
1851 are attached to the system, but both daemons depend on
1852 Bluetooth socket layer and thus disabled by default.
1853 Bluetooth sockets layer must be either loaded
1854 as a module or compiled into kernel before the daemons can run.
1857 <para>The <filename>hostapd</filename> script for
1858 &man.hostapd.8; has been added. &merged;</para>
1860 <para>The <filename>mdconfig</filename> script to
1861 handle vnode backed &man.md.4; devices has been added.
1862 This is a replacement of the <filename>ramdisk</filename>
1863 script, and all of variables in <varname>ramdisk_*</varname>
1864 have been changed to <varname>mdconfig_*</varname>.
1865 Also, two new &man.rc.conf.5; variables
1866 <varname>mdconfig_<replaceable>*</replaceable>_files</varname>
1868 <varname>mdconfig_<replaceable>*</replaceable>_cmd</varname>
1869 have been added. For example:</para>
1871 <programlisting>mdconfig_md0="-t malloc -s 10m"
1872 mdconfig_md1="-t vnode -f /var/foo.img"</programlisting>
1874 <para>The <filename>netif</filename> script now supports
1875 <varname>ipv4_addrs_<replaceable>ifn</replaceable></varname>
1877 which add one or more IPv4 address from a ranged list in
1878 CIDR notation. &merged; For example:</para>
1880 <programlisting>ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"</programlisting>
1882 <para>The <filename>rcconf.sh</filename> script in <filename>/etc/rc.d</filename>
1883 has been removed and a variable <varname>early_late_divider</varname>,
1884 which designates the script to separate the early and late stages
1885 of the boot process, has been added.</para>
1887 <para>The <filename>rc.initdiskless</filename> script now uses &man.tar.1;
1888 instead of &man.pax.1; because &man.pax.1; needs a writable
1889 temporary directory that may not be available when this script
1892 <para>The <filename>pccard</filename> script has been removed
1893 since OLDCARD is deprecated.</para>
1895 <para>The <filename>ppp-user</filename> script has been renamed to
1896 <filename>ppp</filename>. &merged;</para>
1898 <para>The <varname>removable_interfaces</varname> variable
1899 has been removed.</para>
1901 <para>A new keyword <literal>NOAUTO</literal> in
1902 <varname>ifconfig_<replaceable>ifn</replaceable></varname>
1903 has been added. This prevents configuration of an interface
1904 at boot time or via <filename>/etc/pccard_ether</filename>,
1905 and allows <filename>/etc/rc.d/netif</filename>
1906 to be used to start and stop an interface
1907 on a purely manual basis.</para>
1911 <sect2 id="contrib">
1912 <title>Contributed Software</title>
1914 <para><application>Intel ACPI-CA</application>
1915 has been updated to 20070320.</para>
1917 <para><application>BIND</application> has been updated from 9.3.1
1918 to 9.3.4. &merged;</para>
1920 <para><application>BSNMPD</application> has been updated from
1921 1.11 to 1.12.</para>
1923 <para><application>BZIP2</application> has been updated from
1924 1.0.3 to 1.0.4.</para>
1926 <para><application>DRM</application> has
1927 been updated to a snapshot from DRI CVS as of 20060517.
1930 <para>The Forth Inspired Command Language (<application>FICL</application>)
1931 used in the boot loader has been updated to 3.03.</para>
1933 <para><application>FILE</application> has been updated from 4.12
1936 <para>The GNU version of <application>gzip</application> has been
1937 replaced with a modified version of gzip ported from NetBSD.
1940 <para><application>netcat</application> has been updated from the
1941 version in a 4 February 2005 OpenBSD snapshot to the version
1942 included in OpenBSD 4.1.</para>
1944 <para><application>GCC</application> has been updated from 3.4.4
1945 to 3.4.6. &merged;</para>
1947 <para><application>GNU Readline library</application> has been
1948 updated from 5.0 to 5.2 patch 1.</para>
1950 <para><application>GNU Troff</application>
1951 has been updated from version 1.19 to version 1.19.2.
1954 <para><application>IPFilter</application> has been updated from
1955 4.1.8 to 4.1.13. &merged;</para>
1957 <para><application>less</application> has been updated from v381
1958 to v394. &merged;</para>
1960 <para><application>libpcap</application> has been updated from
1961 0.9.1 to 0.9.4. &merged;</para>
1963 <para><application>lukemftpd</application> has been updated from a
1964 snapshot from NetBSD as of 9 August 2004 to a snapshot from
1965 NetBSD as of 31 August 2006. &merged;</para>
1967 <para><application>OpenSSH</application> has been updated from
1968 4.2p1 to 4.5p1. &merged;</para>
1970 <para><application>OpenSSL</application> has been updated from
1971 0.9.7e to 0.9.8e.</para>
1973 <para><application>ncurses</application> has been updated from
1974 5.2-20010512 to 5.6-20061217. ncurses now also has wide
1975 character support. &merged;</para>
1977 <para><application>hostapd</application>
1978 has been updated from version 0.3.9 to version 0.4.8.
1981 <para><application>sendmail</application> has been updated from
1982 8.13.4 to 8.14.1. &merged;</para>
1984 <para><application>tcpdump</application> has been updated from
1985 3.9.1 to 3.9.4. &merged;</para>
1987 <para>The timezone database has been updated from the
1988 <application>tzdata2005l</application> release to the
1989 <application>tzdata2006n</application> release. &merged;</para>
1991 <para><application>tip</application> has been updated to a
1992 snapshot from OpenBSD as of 20060831.</para>
1994 <para>TrustedBSD <application>OpenBSM</application>,
1995 version 1.0 alpha 12, an implementation of the documented Sun Basic
1996 Security Module (BSM) Audit API and file format, as well as local
1997 extensions to support the Mac OS X and &os; operating systems
1998 has been added. This also includes command line tools for audit
1999 trail reduction and conversion to text, as well as documentation
2000 of the commands, file format, and APIs.
2001 For this functionality, the <literal>AUDIT</literal> kernel option,
2002 <filename>/var/audit</filename> directory, and
2003 <literal>audit</literal> group have been added. &merged;</para>
2005 <para><application>WPA Supplicant</application>
2006 has been updated from version 0.3.9 to version 0.4.8.
2009 <para><application>zlib</application>
2010 has been updated from version 1.2.2 to version 1.2.3. &merged;</para>
2014 <title>Ports/Packages Collection Infrastructure</title>
2016 <para>&man.pkg.add.1; now supports an <option>-F</option>
2017 flag to disable checking whether the same package is already
2018 installed or not. &merged;</para>
2020 <para>The &man.pkg.add.1; program now supports an <option>-P</option>
2021 flag, which is the same as the <option>-p</option> flag
2022 except that the given prefix is also used recursively for the
2023 dependency packages if any. &merged;</para>
2025 <para>The &man.pkg.add.1; and &man.pkg.create.1; utilities now support
2026 a <option>-K</option> flag to save packages to the current directory
2027 (or <varname>PKGDIR</varname> if defined) by default.
2030 <para>The &man.pkg.create.1; program now supports an <option>-x</option>
2031 flag to support basic regular expressions for package name,
2032 an <option>-E</option> flag for extended regular
2033 expressions, and a <option>-G</option> for exact matching. &merged;</para>
2035 <para>The &man.pkg.version.1; utility now supports an <option>-o</option>
2036 flag to show the origin recorded on package generation
2037 instead of the package name, and an <option>-O</option> flag
2038 to list packages with a specific registered origin.
2041 <para>The &man.portsnap.8; utility (<filename>sysutils/portsnap</filename>)
2042 has been added into the &os; base system. This is a secure,
2043 easy to use, fast, lightweight, and generally good way for
2044 users to keep their ports trees up to date. &merged;</para>
2046 <para>A incorrect handling of <varname>HTTP_PROXY_AUTH</varname>
2047 in the &man.portsnap.8; utility has been fixed. &merged;</para>
2049 <para>The startup scripts from the <varname>local_startup</varname>
2050 directory now evaluated by using &man.rcorder.8; with scripts
2051 in the base system. &merged;</para>
2053 <para>The suffix of startup scripts from the Ports Collection
2054 has been removed. This means <filename>foo.sh</filename>
2055 is renamed to <filename>foo</filename>, and now
2056 scripts whose name is something like
2057 <filename>foo.ORG</filename> will also be invoked.
2058 You are recommended to reinstall packages which install
2059 such scripts and remove extra files in the
2060 <varname>local_startup</varname> directory. &merged;</para>
2062 <para>New <filename>rc.conf</filename> variables,
2063 <varname>ldconfig_local_dirs</varname> and
2064 <varname>ldconfig_local32_dirs</varname> have been added.
2065 These hold lists of local &man.ldconfig.8; directories.
2068 <para>The <command>@cwd</command> command in
2069 <filename>pkg-plist</filename> now allows
2070 the case where no directory argument is given. If no
2071 directory argument is given, it will set current
2072 working directory to the first prefix given by the
2073 <command>@cwd</command> command. &merged;</para>
2077 <title>Release Engineering and Integration</title>
2079 <para>The default partition sizing algorithm of the
2080 &man.sysinstall.8; utility has been changed.</para>
2084 <para>On systems where the disk capacity is larger than (3 * RAMsize + 10GB),
2085 the default sizes will now be as follows:</para>
2087 <informaltable frame="none" pgwide="0">
2089 <colspec colwidth="1*">
2090 <colspec colwidth="2*">
2093 <entry>Partition</entry>
2099 <row><entry>swap</entry><entry>RAMsize * 2</entry></row>
2100 <row><entry><filename>/</filename></entry><entry>512 MB</entry></row>
2101 <row><entry><filename>/tmp</filename></entry><entry>512 MB</entry></row>
2102 <row><entry><filename>/var</filename></entry><entry>1024 MB + RAMsize</entry></row>
2103 <row><entry><filename>/usr</filename></entry><entry>the rest (8GB or more)</entry></row>
2110 <para>On systems where the disk capacity is larger than
2111 (RAMsize / 8 + 2 GB), the default sizes will be
2112 in the following ranges, with space allocated
2113 proportionally:</para>
2115 <informaltable frame="none" pgwide="0">
2117 <colspec colwidth="1*">
2118 <colspec colwidth="2*">
2121 <entry>Partition</entry>
2127 <row><entry>swap</entry><entry>from RAMsize / 8 to RAMsize * 2</entry></row>
2128 <row><entry><filename>/</filename></entry><entry>from 256MB to 512MB</entry></row>
2129 <row><entry><filename>/tmp</filename></entry><entry>from 128MB to 512MB</entry></row>
2130 <row><entry><filename>/var</filename></entry><entry>from 128MB to 1024MB</entry></row>
2131 <row><entry><filename>/usr</filename></entry><entry>from 1536MB to 8192MB</entry></row>
2138 <para>On systems with even less disk space, the existing behavior is not
2143 <para>The &man.sysinstall.8; utility now displays the running &os;
2144 version in menu titles. &merged;</para>
2146 <para>A new <literal>showconfig</literal>
2147 target has been added in <filename>src/Makefile</filename>
2148 to show the build configuration of the &os; source tree.</para>
2150 <para>A <filename>/media</filename> directory has been
2151 added to contain mount points for removable media
2152 such as CDROMs, floppy disks, USB drives, and so on. &merged;</para>
2154 <para>The <filename>src.conf</filename> file, which
2155 contains settings that will apply to every build involving
2156 the &os; source tree, has been added.
2157 For details, see &man.build.7; and &man.src.conf.5;.</para>
2159 <para>The supported version of
2160 the <application>GNOME</application> desktop environment
2161 (<filename role="package">x11/gnome2</filename>) has been
2162 updated from 2.10.2 to 2.18.0. As a part of this update, the
2163 default prefix for <application>GNOME</application> (and some
2164 related programs) has moved from
2165 <filename>/usr/X11R6</filename>
2166 to <filename>/usr/local</filename>. &merged;</para>
2168 <para>The supported version of
2169 the <application>KDE</application> desktop environment
2170 (<filename role="package">x11/kde3</filename>) has been
2171 updated from 3.4.2 to 3.5.6. &merged;</para>
2173 <para>[&arch.amd64;, &arch.i386;] The supported Linux emulation now uses the
2175 <filename role="package">emulators/linux_base-fc4</filename>
2176 package. &merged;</para>
2178 <para>The supported version of
2179 the <application>Perl</application> interpreter
2180 (<filename role="package">lang/perl5.8</filename>) has been updated
2181 from 5.8.7 to 5.8.8. &merged;</para>
2183 <para>The supported version of
2184 the <application>&xorg;</application> windowing system
2185 (<filename role="package">x11/xorg</filename>) has been updated
2186 from 6.8.2 to 6.9.0. &merged;</para>
2188 <para>[&arch.pc98;] &os;/pc98 release CDROMs are now
2189 bootable on systems with some supported SCSI adapters.
2194 <title>Documentation</title>
2196 <para>Documentation of existing functionality has been improved by
2197 the addition of the following manual pages:
2198 &man.acpi.sony.4;, &man.device.get.sysctl.9;,
2202 &man.snd.mss.4;, &man.snd.t4dwave.4;,
2203 &man.sysctl.9;.</para>
2205 <para>The manual pages for <application>NTP</application>
2206 have been updated to 4.2.0, to match the version of
2207 code actually included in &os;. &merged;</para>
2209 <para>Initial support for kernel subsystem API documentation generating
2210 framework using <filename role="package">devel/doxygen</filename>
2211 has been added into <filename>src/sys/doc/subsys</filename>.
2212 To generate the API document, type <command>make doxygen</command>
2213 in <filename>src/</filename> directory.</para>
2217 <sect1 id="upgrade">
2218 <title>Upgrading from previous releases of &os;</title>
2223 <para>Upgrading &os; should, of course, only be attempted after
2224 backing up <emphasis>all</emphasis> data and configuration