2 <title>&os;/&arch; &release.current; Release Notes</title>
4 <corpauthor>The &os; Project</corpauthor>
6 <pubdate>$FreeBSD$</pubdate>
16 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
19 <legalnotice id="trademarks" role="trademarks">
29 <para>The release notes for &os; &release.current; contain a summary
30 of the changes made to the &os; base system on the
31 &release.branch; development line.
32 This document lists applicable security advisories that were issued since
33 the last release, as well as significant changes to the &os;
35 Some brief remarks on upgrading are also presented.</para>
40 <title>Introduction</title>
42 <para>This document contains the release notes for &os;
43 &release.current; on the &arch.print; hardware platform. It
44 describes recently added, changed, or deleted features of &os;.
45 It also provides some notes on upgrading
46 from previous versions of &os;.</para>
48 <![ %release.type.current [
50 <para>The &release.type; distribution to which these release notes
51 apply represents the latest point along the &release.branch; development
52 branch since &release.branch; was created. Information regarding pre-built, binary
53 &release.type; distributions along this branch
54 can be found at <ulink url="&release.url;"></ulink>.</para>
58 <![ %release.type.snapshot [
60 <para>The &release.type; distribution to which these release notes
61 apply represents a point along the &release.branch; development
62 branch between &release.prev; and the future &release.next;.
64 pre-built, binary &release.type; distributions along this branch
65 can be found at <ulink url="&release.url;"></ulink>.</para>
69 <![ %release.type.release [
71 <para>This distribution of &os; &release.current; is a
72 &release.type; distribution. It can be found at <ulink
73 url="&release.url;"></ulink> or any of its mirrors. More
74 information on obtaining this (or other) &release.type;
75 distributions of &os; can be found in the <ulink
76 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
77 &os;</quote> appendix</ulink> to the <ulink
78 url="&url.books.handbook;/">&os;
79 Handbook</ulink>.</para>
83 <para>All users are encouraged to consult the release errata before
84 installing &os;. The errata document is updated with
85 <quote>late-breaking</quote> information discovered late in the
86 release cycle or after the release. Typically, it contains
87 information on known bugs, security advisories, and corrections to
88 documentation. An up-to-date copy of the errata for &os;
89 &release.current; can be found on the &os; Web site.</para>
94 <title>What's New</title>
96 <para>This section describes
97 the most user-visible new or changed features in &os;
99 In general, changes described here are unique to the &release.branch;
100 branch unless specifically marked as &merged; features.
103 <para>Typical release note items
104 document recent security advisories issued after
106 new drivers or hardware support, new commands or options,
107 major bug fixes, or contributed software upgrades. They may also
108 list changes to major ports/packages or release engineering
109 practices. Clearly the release notes cannot list every single
110 change made to &os; between releases; this document focuses
111 primarily on security advisories, user-visible changes, and major
112 architectural improvements.</para>
114 <sect2 id="security">
115 <title>Security Advisories</title>
117 <para>A temporary file vulnerability in &man.texindex.1;, which
118 could allow a local attacker to overwrite files in the context
119 of a user running the &man.texindex.1; utility, has been fixed.
120 For more details see security advisory <ulink
121 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:01.texindex.asc">FreeBSD-SA-06:01.texindex</ulink>. &merged;</para>
123 <para>A temporary file vulnerability in the &man.ee.1; text
124 editor, which could allow a local attacker to overwrite files in
125 the context of a user running &man.ee.1;, has been fixed. For
126 more details see security advisory <ulink
127 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:02.ee.asc">FreeBSD-SA-06:02.ee</ulink>. &merged;</para>
129 <para>Several vulnerabilities in the &man.cpio.1; utility have
130 been corrected. For more
131 details see security advisory <ulink
132 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:03.cpio.asc">FreeBSD-SA-06:03.cpio</ulink>. &merged;</para>
134 <para>An error in &man.ipfw.4; IP fragment handling, which could
135 cause a crash, has been fixed. For more
136 details see security advisory <ulink
137 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:04.ipfw.asc">FreeBSD-SA-06:04.ipfw</ulink>. &merged;</para>
139 <para>A potential buffer overflow in the IEEE 802.11 scanning code
140 has been corrected. For more
141 details see security advisory <ulink
142 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:05.80211.asc">FreeBSD-SA-06:05.80211</ulink>. &merged;</para>
144 <para>Two instances in which portions of kernel memory could be
145 disclosed to users have been fixed. For more details see
146 security advisory <ulink
147 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:06.kmem.asc">FreeBSD-SA-06:06.kmem</ulink>. &merged;</para>
149 <para>A logic bug in the IP fragment handling in &man.pf.4;, which
150 could cause a crash under certain circumstances, has been fixed.
151 For more details see security advisory <ulink
152 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:07.pf.asc">FreeBSD-SA-06:07.pf</ulink>. &merged;</para>
154 <para>A logic bug in the NFS server code, which could cause a crash when
155 the server received a message with a zero-length payload, has been fixed.
156 For more details see security advisory <ulink
157 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:10.nfs.asc">FreeBSD-SA-06:10.nfs</ulink>. &merged;</para>
159 <para>A programming error in the &man.fast.ipsec.4; implementation
160 results in the sequence number associated with a Security
161 Association not being updated, allowing packets to unconditionally
162 pass sequence number verification checks, has been fixed.
163 For more details see security advisory <ulink
164 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:11.ipsec.asc">FreeBSD-SA-06:11.ipsec</ulink>. &merged;</para>
166 <para>A logic bug that could cause &man.opiepasswd.1; to allow an unprivileged
167 user to configure OPIE authentication for the root user under certain
168 circumstances, has been fixed.
169 For more details see security advisory <ulink
170 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:12.opie.asc">FreeBSD-SA-06:12.opie</ulink>. &merged;</para>
172 <para>An asynchronous signal handling vulnerability in &man.sendmail.8;,
173 which could allow a remote attacker to execute arbitrary code with the
174 privileges of the user running sendmail, typically root, has been fixed.
175 For more details see security advisory <ulink
176 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:13.sendmail.asc">FreeBSD-SA-06:13.sendmail</ulink>. &merged;</para>
178 <para arch="i386,amd64">An information disclosure issue found in the
179 &os; kernel running on 7th- and 8th-generation AMD processors
180 has been fixed. For more details see security advisory <ulink
181 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:14.fpu.asc">FreeBSD-SA-06:14.fpu</ulink>. &merged;</para>
183 <para>A bug in &man.ypserv.8;, which effectively disabled the
184 <filename>/var/yp/securenets</filename> access control mechanism,
185 has been corrected. More details are available in security
187 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:15.ypserv.asc">FreeBSD-SA-06:15.ypserv</ulink>. &merged;</para>
189 <para>A bug in the smbfs file system, which could allow an
190 attacker to escape out of &man.chroot.2 environments on an smbfs
191 mounted filesystem, has been fixed. For more details, see
193 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc">FreeBSD-SA-06:16.smbfs</ulink>. &merged;</para>
195 <para>A potential denial of service problem in &man.sendmail.8;
196 caused by excessive recursion which leads to stack
197 exhaustion when attempting delivery of a malformed
198 MIME message, has been fixed. For more details,
199 see security advisory <ulink
200 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc">FreeBSD-SA-06:17.sendmail</ulink>. &merged;</para>
202 <para>A potential buffer overflow condition in &man.sppp.4; has
203 been corrected. For more details, see security advisory
204 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc">FreeBSD-SA-06:18.ppp</ulink>. &merged;</para>
206 <para>An OpenSSL bug related to validation of PKCS#1 v1.5
207 signatures has been fixed. For more details, see security
209 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:19.openssl.asc">FreeBSD-SA-06:19.openssl</ulink>. &merged;</para>
211 <para>A potential denial of service attack against &man.named.8;
212 has been fixed. For more details, see security advisory
213 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc">FreeBSD-SA-06:20.bind</ulink>. &merged;</para>
215 <para>Several programming errors have been fixed in &man.gzip.1;.
216 They could have the effect of causing a crash or an infinite
217 loop when decompressing files. More information can be found in
219 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:21.gzip.asc">FreeBSD-SA-06:21.gzip</ulink>. &merged;</para>
221 <para>Several vulnerabilities have been fixed in OpenSSH. More
222 details can be found in security advisory
223 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:22.openssh.asc">FreeBSD-SA-06:22.openssh</ulink>. &merged;</para>
225 <para>Multiple errors in the OpenSSL &man.crypto.3; library have
226 been fixed. Potential effects are varied, and are documented in
227 more detail in security advisory
228 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc">FreeBSD-SA-06:23.openssl</ulink>. &merged;</para>
233 <title>Kernel Changes</title>
235 <para>&man.acpi.4; now has basic support for the HPET time counter.</para>
237 <para>The &man.acpi.ibm.4; driver now supports setting the fan control
238 mode to manual or automatic, and adjusting the fan speed if the
239 fan control mode is manual. To enable manual control of the fan speed,
240 the sysctl variable <varname>dev.acpi_ibm.<replaceable>0</replaceable>.fan</varname>
241 needs to be set to zero (manual). This should only be used with
242 extreme precaution, as disabling automatic fan control might
243 overheat the hardware and lead to permanent damage.</para>
245 <para>The &man.apm.4; suspend/resume support has been improved.</para>
247 <para>Security event auditing is now supported in the &os; kernel,
248 and is enabled by the <literal>AUDIT</literal> kernel
249 configuration option. More information can be found in the
250 &man.audit.4; manual page.</para>
252 <para>The <literal>options COMPAT_43</literal> kernel
253 configuration option has been deemed unnecessary and has been
254 removed from <filename>GENERIC</filename> and related kernel
255 configurations. This change may result in a small performance
256 increase for some workloads.</para>
258 <para>The &man.ddb.4; debugger now provides the <literal>show lock</literal>
259 command. If the argument has a valid lock class,
260 this displays various information about the lock and calls a
261 new function pointer in lock_class (lc_ddb_show) to dump class-specific
262 information about the lock as well (such as the owner of a mutex or
263 xlock'ed sx lock). &merged;</para>
265 <para>The &man.ddb.4; debugger now provides the <literal>show sleepq</literal>
266 command. This takes a wait channel as an argument and looks
267 for a sleep queue associated with that wait channel.</para>
269 <para><filename>DEFAULTS</filename> kernel configuration files
270 for each platform have been added. These files contain
271 directives that are implicitly included in all kernel
272 configurations, and generally include basic, mandatory
273 functionality for each platform. &merged;</para>
275 <para>A bug in file descriptor handling such that a simple
276 <literal>close(0); dup(fd)</literal> sequence does not return
277 descriptor <literal>0</literal> in some cases, has been fixed.</para>
279 <para>The &man.firmware.9; subsystem has been added. This
280 subsystem provides a mechanism
281 to load binary data into the kernel via a specially crafted module.
284 <para>The &man.gdb.1; remote debugging interface now supports
285 copying console messages to a remote debugger instance.
286 To enable this, set <literal>debug.gdbcons="1"</literal>
287 in <filename>loader.conf</filename>, enter <literal>boot -d;
288 gdb; step</literal> from the loader prompt,
289 then attach &man.gdb.1; from a remote machine.
290 The sysctl variable <varname>debug.gdbcons</varname> can be
291 used to turn on/off this functionality.</para>
293 <para>&man.hwpmc.4; and &man.pmcstat.8; now support profiling
294 of dynamically loaded kernel modules and
295 shared objects loaded with &man.dlopen.3;.
296 &man.pmcstat.8; can now log over a network socket
297 to a remote host.</para>
299 <para>The &man.random.4; entropy device driver is now MPSAFE.
302 <para>&os; now supports concurrent &man.read.2;/&man.readv.2;
303 access to a file.</para>
305 <para>The experimental CORE process scheduler has been added,
306 enabled with the <literal>options SCHED_CORE</literal> kernel
307 configuration option. It is forked from the &man.sched.ule.4;
309 with a different algorithm for detecting an interactive process.
310 More information can be found in the &man.sched.core.4; manual
313 <para>The <literal>SIGCHLD</literal> signal queuing has been
314 added. For each child process whose status has been changed,
315 a <literal>SIGCHLD</literal> instance is queued. If the signal is still pending,
316 and the process changed status several times, the signal information
317 is updated to reflect the latest process status.
318 There is a loader tunable <varname>kern.sigqueue.queue_sigchild</varname>
319 which can control the behavior, setting it to zero disables the
320 <literal>SIGCHLD</literal> queuing feature.</para>
322 <para arch="amd64,i386">Instead of including all of physical
323 memory in a kernel crash dump, the kernel now defaults to dumping only pages that are
324 actively mapped into kernel virtual memory. A new
325 <varname>debug.minidump</varname> sysctl variable
326 can be used to turn off this behavior when set to zero. &merged;</para>
328 <para>A new sysctl variable <varname>kern.malloc_stats</varname>
329 has been added. This allows exporting of kernel malloc
330 statistics via a binary structure stream.</para>
332 <para>A new sysctl variable <varname>kern.forcesigexit</varname>
333 has been added. This forces a process
334 to sigexit if a trap signal is being held by the current thread or
335 ignored by the current process. It is enabled by default.</para>
337 <para arch="alpha">Support for Linux emulation on the Alpha
338 platform has been removed, due to the lack of a
339 <filename>linux_base</filename> port that both supports the
340 Alpha architecture and is in good working condition.</para>
342 <para>The pcvt(4) driver, an alternative to &man.syscons.4;,
343 has been removed, as it had fallen out of sync with the rest
344 of the kernel.</para>
346 <para>RedZone, a buffer corruption protection for the kernel &man.malloc.9;
347 facility has been implemented. This detects both buffer underflows and
348 overflows at runtime on &man.free.9; and &man.realloc.9;,
349 and prints backtraces from where memory was allocated and from where
350 it was freed. For more details, see the &man.redzone.9; manual page.</para>
352 <para>A new sysctl variable <varname>security.mac.biba.interfaces_equal</varname>
353 which makes all network interfaces be created with the label
354 <literal>biba/equal(equal-equal)</literal>, has been added.
355 This is useful where programs such as &man.dhclient.8; and &man.ppp.8;.
356 which initialize network interfaces do not have any labeling support.
357 This variable is set as <literal>0</literal> (disabled) by default.
360 <para>A new sysctl variable <varname>vm.zone_stats</varname>
361 has been added. This allows to export &man.uma.9; allocator
362 statistics via a binary structure stream.</para>
364 <para>The sysctl variable <varname>hw.pci.do_powerstate</varname>
365 has been changed from a boolean to a range.
366 <literal>0</literal> means no power management,
367 <literal>1</literal> means conservative power management which
368 any device class that has caused problems is added to the watch list,
369 <literal>2</literal> means aggressive power management where
370 any device class that is not fundamental to the system is added to the list,
371 and <literal>3</literal> means power them all down unconditionally.
372 The default is <literal>1</literal>.</para>
374 <para arch="ia64">The <filename>GENERIC</filename> kernel now enables
375 SMP support by default.</para>
377 <para>Sample kernel configuration files
378 <filename>src/sys/<replaceable>arch</replaceable>/conf/MAC</filename>
379 for the Mandatory Access Control framework have been added.</para>
381 <para><varname>POSIX_TIMERS</varname> support has been updated to 200112L.</para>
383 <para>An experimental support for POSIX message queue has been
386 <para>&os; now runs on the Xbox, whose architecture is nearly identical
387 to the i386. For details of the latest development, see
388 <ulink url="http://www.FreeBSD.org/platforms/xbox.html"></ulink>.
392 <title>Boot Loader Changes</title>
394 <para>A new option <option>-S</option>,
395 which allows setting the <filename>boot2</filename>
396 serial console speed in the <filename>/boot.config</filename>
397 file or on the <prompt>boot:</prompt> prompt line,
398 has been added.</para>
400 <para arch="i386,amd64">A new loader tunable
401 <varname>comconsole_speed</varname> to change
402 the serial console speed has been added.
403 If the previous stage boot loader requested a serial console,
404 then the default speed is determined from the current serial port
405 speed. Otherwise it is set to 9600 or the value of
406 the <literal>BOOT_COMCONSOLE_SPEED</literal> kernel option.
409 <!-- Above this line, order boot loader changes by keyword-->
411 <para arch="pc98">A bootable CDROM loader has been implemented
412 for the pc98 platform. &merged;</para>
414 <para arch="i386">A bug in the i386 boot loader, which could
415 cause filesystem corruption if
416 a <filename>nextboot.conf</filename> file was used and landed
417 after cylinder 1023, has been fixed. &merged;</para>
422 <title>Hardware Support</title>
424 <para>The &man.amdsmb.4; driver has been added. It provides
425 support for the AMD-8111 SMBus 2.0 controller. &merged;</para>
427 <para>The &man.cardbus.4;, &man.pccard.4;,
428 &man.pccbb.4;, and &man.exca.4; drivers are now buildable
429 as kernel modules.</para>
431 <para>An &man.acpi.dock.4; driver has been added to provide
432 support for controlling laptop docking station functions via
435 <para>The &man.acpi.thermal.4; driver now supports
436 passive cooling. &merged;</para>
438 <para>The &man.acpi.thermal.4; driver now supports overriding
439 the <literal>_PSV</literal>, <literal>_HOT</literal>, and
440 <literal>_CRT</literal> temperature values.</para>
442 <!-- The following note should remain MI (i.e. don't set arch="alpha") --
443 -- because the alpha docs will be disappearing at some point before --
445 <para>Support for the alpha architecture has been removed. Alpha
446 support will remain on the RELENG_5 and RELENG_6 codelines.</para>
448 <para>The &man.cardbus.4; driver now supports
449 <filename>/dev/cardbus<replaceable>%d</replaceable>.cis</filename>.</para>
451 <para arch="i386,pc98">The &man.ce.4; driver,
452 which supports Cronyx Tau-PCI/32 adapters, has been added.
455 <para>The <literal>est</literal> &man.cpufreq.4; driver now supports
456 frequency control for the VIA C7-M family of processors.</para>
458 <para>Support for the PadLock Security Co-processor in VIA C3,
460 processors has been added to the &man.crypto.9; subsystem.
461 More information can be found in the &man.padlock.4; manual
465 <para>A bug which prevented the &man.ichsmb.4; kernel module
466 from unloading has been fixed.</para>
468 <para arch="i386,amd64">Dual-core processors (such as the Intel
469 Core Duo) now have both cores available for use by
470 default in SMP-enabled kernels. &merged;</para>
472 <para arch="i386,amd64">&man.ipmi.4;, an OpenIPMI compatible driver,
474 OpenIPMI (Intelligent Platform Management Interface) is an open
475 standard designed to enable remote monitoring and control of server,
476 networking and telecommunication platforms. &merged;</para>
478 <para>The &man.kbdmux.4; driver has been integrated into &man.syscons.4; and
479 the <devicename>kbd</devicename> device driver.
480 By default &man.syscons.4; will look for the &man.kbdmux.4;
481 keyboard first, and then, if not found, look for any keyboard.
482 Switching to &man.kbdmux.4; can be done at boot time by loading
483 the <literal>kbdmux</literal> kernel module via &man.loader.8;,
484 or at runtime via &man.kldload.8; and releasing the active
485 keyboard. &merged;</para>
487 <para arch="amd64,i386">The &man.kbdmux.4; driver is now included in the
488 <filename>GENERIC</filename> kernel by default.
489 Also, the <quote>Boot FreeBSD with USB keyboard</quote>
490 menu item in the boot loader menu has been removed
491 since this fixes USB keyboard probing problems.
494 <para>The &man.nfsmb.4; driver, which supports the NVIDIA nForce
495 2/3/4 SMBus 2.0 controller, has been added. &merged;</para>
497 <para arch="ia64">The loader tunable <varname>debug.mpsafevfs</varname>
498 is set to <literal>1</literal> by default.</para>
500 <para>The &man.sab.4; driver has been removed (it has been
501 superceded by the &man.scc.4; driver).</para>
503 <para>The &man.scc.4; driver has been added.
504 This provides generic support for serial communications
505 controllers and delegates the control over each channel
506 and mode to a subordinate driver such as &man.uart.4;.</para>
508 <para arch="amd64">The smbios(4) driver support for amd64 has been
511 <para>The tnt4882(4) driver, which supports the National Instruments
512 PCI-GPIB card, has been added.</para>
514 <para arch="alpha,amd64,i386,ia64,sparc64">The &man.uart.4; driver has been included in the
515 <filename>GENERIC</filename> kernel by default.
516 When both &man.sio.4; and &man.uart.4; can handle a given serial port,
517 &man.sio.4; will claim it.</para>
519 <para>The &man.uart.4; driver now supports LOM (Lights Out Management)
520 and RSC (Remote System Control) devices as consoles.</para>
522 <para arch="i386">A new loader tunable
523 <varname>hw.apic.enable_extint</varname> has been added.
524 This tunable can be used to disable masking of the ExtINT pin on the first
525 I/O APIC. At least one chipset for the Intel Pentium III seems
526 to need this, even though all of the pins in the 8259As are masked.
527 The default is still to mask the ExtINT pin.</para>
529 <para arch="i386">Support has been improved for
530 so-called <quote>legacy-free</quote> hardware, in particular,
531 i386 systems without AT-style keyboard controllers such as the
532 Macbook Pro. &merged;</para>
535 <title>Multimedia Support</title>
537 <para>The &man.agp.4; driver now supports ATI AGP chipsets.
540 <para>The new midi(4) driver which is based on NetBSD's one
541 has been added. This supports &man.snd.cmi.4; and
542 &man.snd.emu10k1.4; drivers.</para>
544 <para>The &man.sound.4; driver now supports
545 wider range sampling rate, multiple precisions choice,
546 and 24/32 bit PCM format conversion. &merged;</para>
548 <para>The &man.snd.als4000.4; driver is now MPSAFE. &merged;</para>
550 <para>The &man.snd.atiixp.4; driver has been added.
551 This supports ATI IXP 200/300/400 series audio controllers. &merged;</para>
553 <para>The &man.snd.atiixp.4; driver now supports
554 suspend and resume features.</para>
556 <para>The &man.snd.cmi.4; driver is now MPSAFE.</para>
558 <para>The &man.snd.emu10kx.4; driver has been added. It
559 supports Creative SoundBlaster Live! and Audigy series sound
560 cards with optional pseudo-multichannel playback.</para>
562 <para>The &man.snd.envy24.4; driver has been added to support
563 the Envy24 series of audio chips.</para>
565 <para>The &man.snd.es137x.4; driver is now MPSAFE. &merged;</para>
567 <para>The &man.snd.ich.4; driver is now MPSAFE. &merged;</para>
569 <para>The &man.snd.solo.4; driver is now MPSAFE. &merged;</para>
571 <para>The &man.snd.via8233.4; driver is now MPSAFE. &merged;</para>
573 <para>The &man.snd.via82c686.4; driver is now MPSAFE. &merged;</para>
575 <para arch="amd64">The &man.speaker.4; driver now supports &os;/amd64. &merged;</para>
577 <para>The &man.uaudio.4; driver now supports 24/32 bit audio
578 formats and conversion.</para>
582 <title>Network Interface Support</title>
584 <para>The &man.ath.4; driver has been updated to
585 HAL version 0.9.17.2. &merged;</para>
587 <para arch="amd64,i386,pc98,sparc64">The &man.ath.4;, &man.ath.hal.4;, and
588 <literal>ath_rate_sample</literal> drivers have been
589 included in the <filename>GENERIC</filename> kernel by
590 default. &merged;</para>
592 <para arch="amd64,i386">The &man.bce.4; driver, which supports Broadcom
593 NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet controllers,
594 has been added. For more details, see &man.bce.4;. &merged;</para>
596 <para>A bug which prevents the &man.bfe.4; driver from working
597 on a system with over 1GB RAM has been fixed. &merged;</para>
599 <para>The &man.bge.4; driver's Jumbo frame support is now MPSAFE.</para>
601 <para>The &man.bge.4; driver now supports big-endian
602 architectures such as sparc64.</para>
604 <para>The &man.bge.4; driver now supports &man.polling.4; mode.
607 <para>The &man.cm.4; driver is now MPSAFE.</para>
609 <para>The &man.dc.4; driver is now MPSAFE. &merged;</para>
611 <para>The &man.de.4; driver has been converted to the &man.bus.dma.9;
612 API and is now MPSAFE.</para>
614 <para>The &man.ed.4; driver is now MPSAFE.</para>
616 <para>The &man.el.4; driver has been removed due to lack of use.</para>
618 <para>The &man.em.4; driver now supports big-endian
619 architectures such as sparc64. &merged;</para>
621 <para>The &man.em.4; driver has been updated to
622 version 6.1.4 from Intel. Among other changes, it now supports
623 80003, 82571, 82571EB and 82572 based adapters, as well as
624 onboard-NICs on ICH8-based motherboards. &merged;</para>
626 <para>The &man.em.4; driver now includes
627 initial support for suspend and resume features.</para>
629 <para>The performance of the &man.em.4; driver has been improved
630 by using a fast interrupt handler and taskqueue
631 instead of ithread handler. This change can be disabled
632 by defining <literal>NO_EM_FASTINTR</literal> kernel option
633 for debugging purpose.</para>
635 <para>The &man.iwi.4; driver now supports big-endian
636 architectures such as sparc64.</para>
638 <para>A number of improvements and bugfixes have been made to the
639 functionality of the &man.iwi.4; driver. This driver now
640 requires the firmware image in the
641 <filename role="package">net/iwi-firmware-kmod</filename>
642 port/package; prior versions of this driver used the
643 <filename role="package">net/iwi-firmware</filename>
644 port/package. &merged;</para>
646 <para>The &man.le.4; driver, which supports AMD Am7900 LANCE
647 and Am79C9xx PCnet NICs,
648 has been added. While the &man.lnc.4; driver also supports these
649 NICs, this driver has several advantages over it such as
650 MPSAFE, ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI
651 variants. This driver is based on NetBSD's implementation.
654 <para>The &man.lge.4; driver is now MPSAFE. &merged;</para>
656 <para>The lnc(4) driver has been removed. The &man.le.4; and
657 &man.pcn.4; drivers support all devices that were supported
660 <para>The &man.my.4; driver is now MPSAFE. &merged;</para>
662 <para>The &man.my.4; driver now supports &man.altq.4;. &merged;</para>
664 <para arch="i386,amd64">The &man.mxge.4; driver,
665 which supports Myricom Myri10GE 10 Gigabit Ethernet
666 adapters, has been added. For more details, see
669 <para>The &man.nfe.4; driver, an open-source driver for nForce
670 Ethernet devices, has been added, originally from
673 <para>The &man.nve.4; driver has been updated to version 1.0-0310
674 (23-Nov-2005). It also now has &man.altq.4; support. &merged;</para>
676 <para>The &man.pcn.4; driver is now MPSAFE. &merged;</para>
678 <para>The &man.re.4; driver now supports the D-Link DGE-528(T)
679 Gigabit Ethernet card.</para>
681 <para>The &man.sf.4; driver is now MPSAFE. &merged;</para>
683 <para>The &man.sk.4; driver is now MPSAFE. &merged;</para>
685 <para>The &man.ste.4; driver is now MPSAFE. &merged;</para>
687 <para>The &man.stge.4; driver has been added. It supports the
688 Sundance/Tamarack TC9021 Gigabit Ethernet controller and was
689 ported from NetBSD. &merged;</para>
691 <para>The &man.ti.4; driver now supports big-endian
692 architectures such as sparc64.</para>
694 <para>The &man.ufoma.4; driver for
695 FOMA (third generation mobile phone system by NTT DoCoMo, Inc.
696 in Japan) has been added.
697 This should support other third generation mobile phones
698 since the driver is based on USB Implementation Guideline
699 from MCPC (Mobile Computing Promotion Consortium) in Japan.</para>
701 <para>The vgapci(4) driver has been added. This is a stub
702 device driver for VGA PCI devices and serves as a bus
703 so that other drivers such as drm(4),
704 &man.acpi.video.4;, and &man.agp.4; can attach to
705 it thus allowing multiple drivers for the same device.</para>
707 <para>The &man.wi.4; driver is now buildable as
708 a kernel module.</para>
710 <para arch="amd64,i386,pc98">The &man.wlan.wep.4;,
711 &man.wlan.ccmp.4;, and &man.wlan.tkip.4; drivers
712 have been included in the <filename>GENERIC</filename>
713 kernel by default.</para>
715 <para>The network interface groups feature has been imported
716 from OpenBSD. This feature allows an administrator to, for
717 example, apply firewall rules to an entire group of
718 interfaces. More information can be found in
719 &man.ifconfig.8;.</para>
724 <sect3 id="net-proto">
725 <title>Network Protocols</title>
727 <para>The &man.arp.4; retransmission algorithm has been
728 rewritten so that ARP requests are retransmitted without
729 suppression, while there is demand for such ARP entry.
730 Due to this change, a sysctl variable
731 <varname>net.link.ether.inet.host_down_time</varname>
732 has been removed. &merged;</para>
734 <para>The &man.arp.4; protocol now supports a sysctl variable
735 <varname>net.link.ether.inet.log_arp_permanent_modify</varname>
736 to suppress logging of attempts to modify
737 permanent ARP entries. &merged;</para>
739 <para arch="amd64,i386,pc98">An experimental BPF Just-In-Time compiler
740 has been implemented for both &man.bpf.4; and &man.ng.bpf.4;.
742 <literal>options BPF_JITTER</literal> kernel option is needed.
743 The <varname>net.bpf_jitter.enable</varname>
744 can be used to disable this feature.</para>
746 <para>Multiple copies of a packet received via different
747 &man.bpf.4; listeners now all have identical
748 timestamps. &merged;</para>
750 <para>The bridge(4) driver has been removed from the tree. Its
751 functionality has been completely replaced by
752 &man.if.bridge.4;.</para>
754 <para>The &man.enc.4; IPsec filtering pseudo-device has been
755 added. It allows firewall packages using the &man.pfil.9;
756 framework to examine (and filter) IPsec traffic before
757 outbound encryption and after inbound decryption. &merged;</para>
759 <para>The &man.gre.4; driver, which is for GRE encapsulation
760 found in RFC 1701 and RFC 1702, now supports IPv6 over GRE.</para>
762 <para>The &man.if.bridge.4; driver now supports
763 creating SPAN ports, which transmit a copy of every frame
764 received by the bridge. This feature can be enabled
765 by using &man.ifconfig.8;. &merged;</para>
767 <para>The &man.if.bridge.4; driver now supports
768 RFC 3378 EtherIP. This change makes it possible to
769 add &man.gif.4; interfaces to bridges, which will then
770 send and receive IP protocol 97 packets.
771 Packets are Ethernet frames with an EtherIP header prepended.
774 <para>A hard-coded limit on the number of IPv4 multicast group
775 memberships (formerly 20) has been removed.</para>
777 <para>The path MTU discovery for multicast packets in the &os;
778 IPv6 stack has been disabled by default.
779 Path MTU notification from a large number of multicast routers
780 can be a kind of distributed Denial-of-Service attack to a router.
781 This feature can be re-enabled by using a new sysctl variable
782 <varname>net.inet6.ip6.mcast_pmtu</varname>. &merged;</para>
784 <para>IPv6 link-local addresses are now enabled only
785 if <varname>ipv6_enable</varname> is set in &man.rc.conf.5;.
788 <para>The &man.ipfw.4; IP packet filter now supports IPv6. &merged;</para>
790 <para>The &man.ipfw.4; firewall system now supports
791 a <literal>tablearg</literal> feature, which allows
792 values obtained from a table lookup to be used as part of a
794 This feature can be used to optimize some rulesets
795 or to implement policy-based routing inside a firewall.
796 For example, the following rules will throw different
797 packets to different pipes:</para>
799 <programlisting>pipe 1000 config bw 1000Kbyte/s
800 pipe 4000 config bw 4000Kbyte/s
801 table 1 add x.x.x.x 1000
802 table 1 add x.x.x.y 4000
803 pipe tablearg ip from table(1) to any</programlisting>
805 <para>The &man.ipfw.4; packet filter now supports
806 <literal>tag</literal> and <literal>untag</literal> rule keywords.
807 When a packet matches a rule with the <literal>tag</literal>
808 keyword, the numeric tag for the given number in the range
809 from 0 to 65535 will be attached to the packet.
810 The tag acts as an internal marker (it is not sent out over
811 the wire) that can be used to identify these packets later on,
812 for example, by using <literal>tagged</literal>
813 rule option. For more details, see &man.ipfw.8;. &merged;</para>
815 <para>The <literal>IPFIREWALL_FORWARD_EXTENDED</literal> kernel
816 option has been removed. This option was used to permit
817 &man.ipfw.4; to redirect packets with local destinations.
818 This behavior is now always enabled when
819 the <literal>IPFIREWALL_FORWARD</literal> kernel option is
820 enabled. &merged;</para>
822 <para>The ip6fw(8) packet filter has been removed. Since &man.ipfw.4; has gained
823 IPv6 support, it should be used instead. Please note that some rules might need
824 to be adjusted.</para>
826 <para>The &man.natm.4;, Native Mode ATM protocol layer is now MPSAFE.</para>
828 <para>The &man.ng.iface.4; Netgraph node now supports &man.altq.4;.
831 <para>The &man.ng.tag.4; Netgraph node has been added to
832 support the manipulation of mbuf tags attached to data in the
833 kernel. &merged;</para>
835 <para>A bug has been fixed in which NFS over TCP would not reconnect
836 when the server sent a FIN. This problem had occurred
837 with Solaris NFS servers. &merged;</para>
839 <para>The default retransmit timer for NFS over TCP is now 60 seconds.
840 This change prevents the unnecessary retransmission of
841 non-idempotent NFS requests. The <varname>nfs_access_cache</varname>
842 variable in &man.rc.conf.5; has also been changed to 60.</para>
844 <para>The default minimum number of nfsiod kernel threads
845 (&man.sysctl.8; variable <varname>vfs.nfs.iodmin</varname>)
846 has been changed from 4 to 0.</para>
848 <para>The sysctl variables <varname>net.inet.ip.portrange.reservedhigh</varname>
849 and <varname>net.inet.ip.portrange.reservedlow</varname>
850 can be used with IPv6 now. &merged;</para>
852 <para>A new sysctl variable <varname>net.inet.icmp.reply_from_interface</varname>
853 has been added. This allows the &man.icmp.4;
854 reply to non-local packets to be generated with
855 the IP address the packet came through in.
856 This is useful for routers to show in &man.traceroute.8;
857 the actual path a packet has taken instead of
858 the possibly different return path.</para>
860 <para>A new sysctl variable <varname>net.inet.icmp.quotelen</varname>
861 has been added. This allows to change length of
862 the quotation of the original packet in an ICMP reply.
863 The minimum of 8 bytes is internally enforced.
864 The maximum quotation is the remaining space in the
865 reply mbuf. This option is added in response to the
867 <filename>draft-gont-icmp-payload-00.txt</filename>.</para>
869 <para>The &man.icmp.4; now always quotes the entire TCP header
870 when responding and allocate an mbuf cluster if needed.
871 This change fixes the TCP issues raised in I-D
872 <filename>draft-gont-icmp-payload-00.txt</filename>.</para>
874 <para>A new socket option <literal>IP_MINTTL</literal> has been added.
875 This may be used to set the minimum acceptable
876 TTL a packet must have when received on a socket.
877 All packets with a lower TTL are silently dropped.
878 This works on already connected/connecting and
879 listening sockets for RAW, UDP, and TCP. This option
880 is only really useful when set to <literal>255</literal>, preventing packets
881 from outside the directly connected networks reaching
882 local listeners on sockets. Also, this option allows
883 userland implementation of <quote>The Generalized TTL
884 Security Mechanism (GTSM)</quote> found in RFC 3682.</para>
886 <para>Stealth forwarding now supports IPv6 as well as IPv4.
887 This behavior can be controlled by using a new sysctl variable
888 <varname>net.inet6.ip6.stealth</varname>.</para>
890 <para>The <literal>IPV6_V6ONLY</literal> socket option
891 now works for UDP.</para>
893 <para>The TCP bandwidth-delay product limiting feature has
894 been disabled when the RTT is below a certain threshold.
895 This optimization does not make sense on a LAN, as it has
896 trouble figuring out the maximal bandwidth due to the coarse
897 tick granularity. A new sysctl variable
898 <varname>net.inet.tcp.inflight.rttthresh</varname> specifies
899 the threshold in milliseconds below which this feature
900 will disengage. It defaults to 10ms. &merged;</para>
904 <title>Disks and Storage</title>
906 <para>The &man.aac.4; driver now supports the Adaptec 2610SA SATA-RAID
907 controller in some Hewlett-Packard machines.</para>
909 <para>The performance of the &man.amr.4; driver has been improved;
910 it also now supports full 64-bit DMA. While this feature is
911 enabled by default, this can be forced off by setting the
912 <varname>hw.amr.force_sg32</varname> loader tunable for
916 <para>The &man.amr.4; driver now supports the &man.ioctl.2; requests
917 necessary for the Linux LSI MegaRaid tools in &os;'s Linux emulation
921 <para>The &man.ata.4; driver now supports a workaround
922 for some controllers whose DMA does not work properly
923 in 48bit mode. For affected controllers,
924 PIO mode will be used for access to areas beyond 137GB.
927 <para>The &man.ata.4; driver now supports the ITE IT8211F IDE controller,
928 and the Promise PDC40718 and PDC40719 chip found in Promise
932 <para>The &man.ata.4; driver now supports DMA for kernel crash dumps,
933 as well as crash dumping to an &man.ataraid.4; device.
936 <para>The &man.ata.4; driver now supports USB mass storage class
937 devices. To enable it, a line <literal>device atausb</literal>
938 in the kernel configuration file or loading the
939 <filename>atausb</filename> kernel module is needed.
940 Note that this functionality cannot coexist with the
941 &man.umass.4; driver. &merged;</para>
943 <para>The &man.ataraid.4; driver now supports
944 JMicron ATA RAID metadata. &merged;</para>
946 <para>The <literal>GEOM_LABEL</literal> class now supports
947 Ext2FS, NTFS, and ReiserFS. &merged;</para>
949 <para>The <literal>GEOM_MIRROR</literal> class now supports
950 kernel crash dumps to the GEOM providers.
953 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal>
954 classes now support sysctl variables
955 <varname>kern.geom.mirror.disconnect_on_failure</varname>
957 <varname>kern.geom.graid3.disconnect_on_failure</varname>
958 to control whether failed components will be disconnected or not.
959 The default value is <literal>1</literal> to preserve the current
960 behavior, and if it is set to <literal>0</literal> such components
961 are not disconnected and the kernel will try to still use them
962 (only the first error will be logged).
963 This is helpful for the case of multiple broken components (in
964 different places), so actually all data is available.
965 The broken components will be visible in <command>gmirror list</command>
966 or <command>graid3 list</command> output with flag
967 <literal>BROKEN</literal>.
970 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal>
971 classes now use parallel I/O requests for synchronization
972 to improve the performance. New sysctl variables
973 <varname>kern.geom.mirror.sync_requests</varname> and
974 <varname>kern.geom.raid3.sync_requests</varname>
975 define how many parallel I/O requests should be used.
976 Also, the sysctl variables
977 <varname>kern.geom.mirror.reqs_per_sync</varname>,
978 <varname>kern.geom.mirror.syncs_per_sec</varname>,
979 <varname>kern.geom.raid3.reqs_per_sync</varname>, and
980 <varname>kern.geom.raid3.syncs_per_sec</varname>
981 are deprecated and have been removed.
984 <para>A new GEOM class <literal>GEOM_ZERO</literal> has been added.
985 It creates a very huge provider (41PB) <filename>/dev/gzero</filename>
986 and is mainly useful for performance testing.
987 On <literal>BIO_READ</literal> request it zero-fills
988 <varname>bio_data</varname> and on <literal>BIO_WRITE</literal>
992 <para>The GEOM class kernel module <filename>g_md.ko</filename>
993 has been renamed to <filename>geom_md.ko</filename>
994 for consistency.</para>
996 <para arch="amd64,i386">The &man.hptmv.4; driver has been updated and now supports
997 amd64 as well as PAE.</para>
999 <para>The &man.mfi.4; driver, which supports
1000 the LSI MegaRAID SAS controller family, has been added.
1003 <para>The &man.mpt.4; driver has been updated to support
1004 various new features such as RAID volume and RAID member
1005 state/settings reporting, periodic volume re-synchronization
1006 status reporting, and sysctl variables for volume
1007 re-synchronization rate, volume member write cache status,
1008 and volume transaction queue depth.</para>
1010 <para>The &man.mpt.4; driver now supports SAS HBA (partially),
1011 64-bit PCI, and large data transfer.</para>
1013 <para>The &man.twa.4; driver has been updated to the 9.3.0.1
1014 release on the 3ware Web site. &merged;</para>
1016 <para>A new GEOM-based disk encryption facility, GEOM_ELI, has been
1017 added. It uses the &man.crypto.9; framework for hardware acceleration
1018 and supports different cryptographic algorithms. See &man.geli.8; for
1019 more information. &merged;</para>
1021 <para>The &man.geli.8; disk encryption system now supports loading keyfiles before the root
1022 file system is mounted. &merged;
1023 For example, the following entries
1024 can be used in <filename>/boot/loader.conf</filename> to enable
1027 <programlisting>geli_da0_keyfile0_load="YES"
1028 geli_da0_keyfile0_type="da0:geli_keyfile0"
1029 geli_da0_keyfile0_name="/boot/keys/da0.key0"
1030 geli_da0_keyfile1_load="YES"
1031 geli_da0_keyfile1_type="da0:geli_keyfile1"
1032 geli_da0_keyfile1_name="/boot/keys/da0.key1"
1033 geli_da0_keyfile2_load="YES"
1034 geli_da0_keyfile2_type="da0:geli_keyfile2"
1035 geli_da0_keyfile2_name="/boot/keys/da0.key2"
1037 geli_da1s3a_keyfile0_load="YES"
1038 geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
1039 geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"</programlisting>
1041 <para>&man.geli.8; is now able to perform data integrity
1042 verification (data authentication) of encrypted data stored on
1043 disk. Note that the encryption algorithm is now specified to
1044 the &man.geli.8; control program using the <option>-e</option>
1045 option; the <option>-a</option> option is now used to specify
1046 the authentication algorithm. &merged;</para>
1048 <para>The &man.umass.4; driver now supports
1049 <literal>PLAY_MSF</literal>,
1050 <literal>PLAY_TRACK</literal>,
1051 <literal>PLAY_TRACK_REL</literal>,
1052 <literal>PAUSE</literal>,
1053 <literal>PLAY_12</literal> commands so that
1054 the &man.cdcontrol.1; utility can handle a USB CD drive.</para>
1058 <title>File Systems</title>
1060 <para arch="amd64,i386,pc98">The &man.linsysfs.5;
1061 pseudo-filesystem driver has been added.
1062 It provides a subset of the
1063 Linux <filename>sys</filename> filesystem, and is required for
1064 the correct operation of some Linux binaries (such as the LSI
1065 MegaRAID SAS utility). &merged;</para>
1067 <para>A part of the FreeBSD NFS subsystem (the interface with
1068 the protocol stack and callouts, the NFS client side) is now MPSAFE.</para>
1070 <para>Initial (read-only) support for SGI's XFS filesystem has been
1075 <sect2 id="userland">
1076 <title>Userland Changes</title>
1078 <para>Padding of <varname>ai_addrlen</varname>
1079 in <varname>struct addrinfo</varname> has been removed,
1080 which was originally for the ABI compatibility.
1081 For example, this change breaks the ABI compatibility of the
1082 &man.getaddrinfo.3; function on 64-bit architectures, including
1083 &os;/amd64, &os;/ia64, and &os;/sparc64.</para>
1085 <para>The &man.asf.8; utility has been revised and extended. Now
1086 it can operate via several interfaces including &man.kvm.3;,
1087 which supports not only live systems, but also kernel crash dumps.
1090 <para>The &man.arp.8; utility now allows the <option>-i</option>
1091 option together with the <option>-d</option> and <option>-a</option> options
1092 to allow all entries for a given interface to be removed.</para>
1094 <para>The OpenBSM userland tools, including &man.audit.8;,
1096 &man.auditreduce.1;, and
1097 &man.praudit.1;, have been added. &merged;</para>
1099 <para>The &man.bsdiff.1; and &man.bspatch.1; utilities
1100 have been added. These are tools for constructing and
1101 applying binary patches. &merged;</para>
1103 <para>The &man.bsnmpd.1; utility now supports the Host Resources
1104 MIB described in RFC 2790. &merged;</para>
1106 <para>&man.cached.8; has been added. It is a daemon that caches
1107 the results of nsswitch lookups (such as those to the password,
1108 group, and services databases) for improved performance.</para>
1110 <para>The &man.cmp.1; utility now supports an <option>-h</option>
1111 flag to compare the symbolic link itself rather than the
1112 file that the link points to. &merged;</para>
1114 <para>The &man.config.8; utility now supports the <literal>nocpu</literal>
1115 directive, which cancels the effect of a
1116 previous <literal>cpu</literal> directive. &merged;</para>
1118 <para>The &man.config.8; utility now reads <filename>DEFAULTS</filename>
1119 kernel configuration file if it exists in the current directory
1120 before the specified configuration file. &merged;</para>
1122 <para>The &man.cp.1; utility now supports a <option>-l</option>
1123 option, which causes it to create hardlinks to the source files
1124 instead of copying them. &merged;</para>
1126 <para>The &man.csh.1; utility now supports NLS catalogs.
1127 Note that this requires installing
1128 the <filename role="package">shells/tcsh_nls</filename> port.
1131 <para>The &man.csup.1; utility has been imported.
1132 This is an implementation of a CVSup-compatible client written
1133 in the C language. Note that it currently supports checkout mode
1134 only. &merged;</para>
1136 <para>The &man.dhclient.8; program now sends the host's name in
1137 DHCP requests if it is not specified in the configuration
1138 file. &merged;</para>
1140 <para>The &man.devd.8; utility now supports a <option>-f</option> option
1141 to specify a configuration file. &merged;</para>
1143 <para>The &man.du.1; program now supports a <option>-n</option>
1144 flag, which causes it to ignore files and directories with
1145 the <literal>nodump</literal> flag set. &merged;</para>
1147 <para>The &man.fsdb.8; utility now supports changing the birth
1148 time of files on UFS2 file systems using the new
1149 the <literal>btime</literal> command.</para>
1151 <para>The &man.find.1; program now supports <option>-Btime</option>
1152 and other related primaries, which can be used to create expressions
1153 based on a file's creation time. &merged;</para>
1155 <para>A bug in the &man.find.1; program which prevents
1156 numeric arguments for <option>-user</option> and
1157 <option>-group</option> from working as expected
1158 has been fixed.</para>
1160 <para>The &man.freebsd-update.8; utility, a tool for managing
1161 binary updates to the &os; base system, has been added. &merged;</para>
1163 <para>The &man.ftpd.8; utility now creates a PID file
1164 <filename>/var/run/ftpd.pid</filename> even when
1165 no <option>-p</option> option is specified. &merged;</para>
1167 <para>The &man.gbde.8; utility now supports
1168 <option>-k</option> and <option>-K</option> options
1169 to specify a key file in addition to a passphrase.</para>
1171 <para>The &man.getfacl.1; utility now supports
1172 a <option>-q</option> flag to suppress the per-file header
1173 comment listing the file name, owner, and group.
1176 <para>The &man.getent.1; utility has been imported from NetBSD.
1177 It retrieves and displays information from an administrative
1178 database (such as <filename>hosts</filename>) using the lookup
1179 order specified in &man.nsswitch.conf.5;. &merged;</para>
1181 <para>The &man.gpt.8; utility now supports setting GPT partition labels.</para>
1183 <para>The &man.gvinum.8; utility now supports commands
1184 to rename objects and to move a subdisk from
1185 one drive to another. &merged;</para>
1187 <para>The &man.gvinum.8; utility now supports the
1188 <command>resetconfig</command> sub-command.</para>
1190 <para>An implementation of Generic Security Service API (GSS-API)
1191 version 2 and its C binding described in RFC2743 and RFC2744
1192 has been added. This is a new extensible GSS-API layer which
1193 can support GSS-API plugins, similar the the Solaris
1194 implementation, and the Kerberos 5 GSS mechanism has
1195 been rewritten as a plugin library for the new implementation.</para>
1197 <para>The &man.hccontrol.8; utility now supports HCI node
1198 autodetection.</para>
1200 <para>The &man.id.1; utility now prints the effective user
1201 ID after the group ID.</para>
1203 <para>The &man.id.1; utility now supports a <option>-A</option>
1204 flag to print process audit properties, including the audit user
1207 <para>The &man.ifconfig.8; utility now supports
1208 a <option>-k</option> flag to allow printing
1209 potentially sensitive keying material to standard output.
1210 This sensitive information will not be printed by default.</para>
1212 <para>The &man.ifconfig.8; utility now supports a <option>-tunnel</option>
1213 parameter, which is just an alias for <option>deletetunnel</option>,
1214 yet is more convenient and easier to type.</para>
1216 <para>The <option>-vlandev</option> parameter to &man.ifconfig.8;
1217 no longer requires a network interface as its argument. The
1218 argument still is supported for backward compatibility, but
1219 is now deprecated and its use is discouraged.</para>
1221 <para>The &man.iostat.8; utility now supports
1222 a <option>-x</option> flag (inspired by Solaris) to print
1223 extended disk statistics. If the new <option>-z</option> flag is
1224 also specified, no output is made for disks with no
1225 activity. &merged;</para>
1227 <para>The &man.ipfwpcap.8; utility has been added; it captures
1228 packets on a &man.divert.4; socket and writes them as
1229 &man.pcap.3; (also known as &man.tcpdump.1;) format data to a
1230 file or pipe.</para>
1232 <para>The &man.jail.8; utility supports a <option>-J
1233 <replaceable>jid_file</replaceable></option> option to
1234 write out a JidFile, similar to a PidFile, containing
1235 the jailid, path, hostname, IP and the command used to start
1236 the jail. &merged;</para>
1238 <para>The &man.jail.8; program now supports a <option>-s</option>
1239 option to specify a jail's securelevel. &merged;</para>
1241 <para>The &man.jexec.8; utility now supports <option>-u</option>
1242 and <option>-U</option> flags to specify username credentials
1243 under which a command should be executed. &merged;</para>
1245 <para>The &man.kdump.1; program now supports a <option>-H</option>
1246 flag, which causes kdump to print an additional field holding
1247 the threadid. &merged;</para>
1249 <para>The &man.kdump.1; program now supports a <option>-s</option>
1250 flag to suppress the display of I/O data. &merged;</para>
1252 <para>The &man.kdump.1; program now supports printing
1253 flags in a system call argument by using symbol names.</para>
1255 <para>The &man.kenv.1; utility now supports a <option>-q</option>
1256 flag to suppress warnings.</para>
1258 <para>&man.kgdb.1; now supports a <option>-w</option>
1259 option to open kmem-based targets in read-write mode.
1260 This allows one to use kgdb on <filename>/dev/mem</filename>
1261 and be able to patch memory on a live system.</para>
1263 <para>The &man.libarchive.3; library now supports
1264 POSIX.1e-style Extended Attributes.</para>
1266 <para>The <application>libc</application> library now includes
1267 initial implementation of symbol maps and symbol version
1270 <para>The <application>libedit</application> library has been
1271 updated from the NetBSD source tree as of August 2005.</para>
1273 <para>The <application>libm</application> library now includes
1274 initial implementation of symbol maps and symbol version
1277 <para>The &man.libmemstat.3; library has been added.
1278 This is for use by debugging and monitoring applications
1279 in tracking kernel memory statistics. It provides an
1280 abstracted interface to &man.uma.9; and &man.malloc.9;
1281 statistics, wrapped around the binary stream sysctl variables
1282 for the allocators. &merged;</para>
1284 <para>The &man.ln.1; utility now supports
1285 an <option>-F</option> flag, which deletes existing
1286 empty directories when creating symbolic links.
1289 <para>The &man.locate.1; utility now supports
1290 a <option>-0</option> flag to make this utility
1291 interoperable with &man.xargs.1;'s <option>-0</option> flag.
1294 <para>The &man.logger.1; utility now supports
1295 a <option>-P</option>, which specifies the port to which syslog
1296 messages should be sent. &merged;</para>
1298 <para>The &man.ls.1; utility now supports
1299 an <option>-I</option> flag to disable the automatic
1300 <option>-A</option> flag for the superuser. &merged;</para>
1302 <para>The &man.ls.1; utility now supports
1303 an <option>-U</option> flag to use the file creation
1304 time for sorting. &merged;</para>
1306 <para>A new &man.malloc.3; implementation has been introduced.
1307 This implementation, sometimes referred to
1308 as <quote>jemalloc</quote>, was designed to improve the
1309 performance of multi-threaded programs, particularly on SMP
1310 systems, while preserving the performance of single-threaded
1311 programs. Due to the use of different algorithms and data
1312 structures, jemalloc may expose some previously-unknown bugs in
1313 userland code, although most of the &os; base system and common
1314 ports have been tested and/or fixed.</para>
1316 <para>The &man.mdconfig.8; utility now supports producing
1317 device listings formatted as XML. Currently, the
1318 <command>list</command> and <command>query</command>
1319 sub-commands support this feature.</para>
1321 <para>The &man.mdconfig.8; utility's <option>-u</option> option
1322 now supports specifying multiple devices separated
1323 by comma character.</para>
1325 <para>The &man.mdmfs.8; utility now supports a <option>-P</option> flag
1326 to allow skipping the &man.newfs.8; process
1327 when using a vnode-backed disk.</para>
1329 <para>The &man.mdmfs.8; utility now supports a <option>-E</option> flag
1330 to allow to specify location of the &man.mdconfig.8;
1331 utility instead of using the default one
1332 (<filename>/sbin/mdconfig</filename>).</para>
1334 <para>A new function &man.memmem.3; has been implemented in
1335 <filename>libc</filename>. This is the binary equivalent to
1336 &man.strstr.3; and found in <filename>glibc</filename>.</para>
1338 <para>The &man.mergemaster.8; utility now supports
1339 an <option>-A</option> option to explicitly specify
1340 an architecture to pass through to the underlying makefiles.
1343 <para>The &man.mount.8; <literal>nodev</literal> option has
1344 been removed.</para>
1346 <para>The &man.mount.8; utility now supports &man.mqueuefs.5;.</para>
1348 <para>A bug which prevents the &man.mount.8; utility from converting
1349 a read-only mount to read-write via <command>mount -u -o rw</command>,
1350 has been fixed.</para>
1352 <para>The &man.mount.8; utility now supports a
1353 <literal>late</literal> keyword in &man.fstab.5;, along with a
1354 corresponding <option>-l</option> command-line option to specify
1355 that these <quote>late</quote> file systems should be
1356 mounted. &merged;</para>
1358 <para>The &man.moused.8; daemon now supports an <option>-H</option> flag
1359 to enable horizontal virtual scrolling similar to the
1360 <option>-V</option> flag for vertical virtual scrolling.
1363 <para>The mrouted(8) multicast routing daemon has been removed
1364 from the &os; base system. It implements the DVMRP multicast
1365 routing protocol, which has largely been replaced by PIM in many
1366 multicast installations. The related map-mbone(8) and mrinfo(8)
1367 utilities have also been removed. These programs are now
1368 available in the &os; Ports Collection
1369 as <filename role="package">net/mrouted</filename>.</para>
1371 <para>The &man.netstat.1; utility now supports an
1372 <option>-h</option> flag for interface stats mode,
1373 which prints all interface statistics in human readable form. &merged;</para>
1375 <para>The &man.netstat.1; utility now supports
1376 printing &man.ipsec.4; protocol statistics if the
1377 kernel was compiled with <literal>FAST_IPSEC</literal>
1378 rather than the KAME IPSEC stack.
1379 Note that the output of <command>netstat -s -p ipsec</command>
1380 differs depending on which stack is compiled into
1381 the kernel since they each keep different statistics. &merged;</para>
1383 <para>The <filename>/etc/nsswitch.conf</filename> file is now
1384 installed statically instead of being generated on every
1387 <para>The &man.periodic.8; daily script now supports
1388 display of the status of &man.gmirror.8;, &man.graid3.8;,
1389 &man.gstripe.8;, and &man.gconcat.8; devices.
1390 Note that these are disabled by default. &merged;</para>
1392 <para>A new function, &man.pidfile.3;, which provides reliable
1393 pidfiles handling, has been implemented in
1394 <filename>libutil</filename>. &merged;</para>
1396 <para>The &man.ping.8; utility now supports a <quote>sweeping
1397 ping</quote> in which &man.icmp.4; payload of
1398 packets being sent is increased with given step.
1399 This is useful for testing problematic channels, MTU issues
1400 or traffic policing functions in networks. &merged;</para>
1402 <para>The &man.pkill.1; utility now supports a
1403 <option>-F</option> option which allows to
1404 restrict matches to a process whose PID is stored in the
1405 pidfile file. When another new option <option>-L</option>
1406 is also specified, the pidfile file must be locked with the
1407 &man.flock.2; syscall or created with &man.pidfile.3;.</para>
1409 <para>The &man.pkill.1; utility now supports a
1410 <option>-I</option> flag which works like <option>-i</option>
1411 of &man.rm.1;. When this flag is specified, &man.pkill.1;
1412 will ask for confirmation before sending a signal to
1413 each matching process.</para>
1415 <para>The &man.pkill.1; utility (also known as &man.pgrep.1;) has
1416 been moved from <filename>/usr/bin</filename>
1417 to <filename>/bin</filename> so that it can be used by startup
1418 scripts. Symbolic links from its former location have been
1419 created for backward compatibliity. &merged;</para>
1421 <para>The &man.powerd.8; program now supports a
1422 <option>-P</option> option, which specifies a pidfile to use.</para>
1424 <para>An extensible implementation of &man.printf.3;, compatible
1425 with GLIBC, has been added to <filename>libc</filename>. It is
1426 only used if the environment variable
1427 <varname>USE_XPRINTF</varname> is defined, one of the extension
1428 functions is called, or the global variable
1429 <varname>__use_xprintf</varname> is set to a value greater than
1430 <literal>0</literal>. Five extensions are currently supported:
1431 <literal>%H</literal> (hex dump),
1432 <literal>%T</literal> (<varname>time_t</varname> and
1433 time-related structures),
1434 <literal>%M</literal> (errno message),
1435 <literal>%Q</literal> (double-quoted, escaped string),
1436 <literal>%V</literal> (&man.strvis.3;-format string),
1439 <para>The DNS resolver library in &os;'s <application>libc</application>
1440 has been updated to BIND9's one. &merged;</para>
1442 <para>The &man.rfcomm.sppd.1; program now supports service names
1443 in addition to <option>-c</option> option with channel number.
1444 The supported names are: DUN (Dial-Up Networking), FAX (Fax),
1445 LAN (LAN Access Using PPP), and SP (Serial Port). &merged;</para>
1447 <para>The &man.rpcgen.1; utility now generates headers and stub files
1448 that can be used with ANSI C compilers by default.</para>
1450 <para>The &man.rtld.1; runtime linker now supports ELF symbol versioning
1451 using GNU semantics. This implementation aims to be compatible
1452 with symbol versioning support as implemented by GNU libc and
1453 documented in <ulink url="http://people.redhat.com/~drepper/symbol-versioning"></ulink>
1454 and LSB 3.0. Also, <function>dlvsym()</function>
1455 function has been added to
1456 allow lookups for a specific version of a given symbol.</para>
1458 <para>A bug in the &man.sed.1; utility which can cause
1459 incorrect calculation of pattern space length in some cases
1460 has been fixed.</para>
1462 <para>The &man.sh.1; utility now supports a <literal>times</literal>
1463 built-in command. &merged;</para>
1465 <para>The &man.snapinfo.8; utility, which shows snapshot locations
1466 on UFS filesystems, has been added. &merged;</para>
1468 <para>The &man.strtonum.3; library function has been implemented
1469 based on OpenBSD's implementation. This is an improved version of
1470 &man.strtoll.3;. &merged;</para>
1472 <para>The &man.sysctl.8; utility now supports a <option>-q</option>
1473 flag to suppress a limited set of warnings and errors.</para>
1475 <para>The &man.tail.1; utility now supports a <option>-q</option>
1476 flag to suppress header lines when multiple files are
1477 specified. &merged;</para>
1479 <para>The version of tcpslice in the &os; base system has been
1480 removed due to obsolescence. A more up-to-date version can be
1481 found in the Ports Collection
1482 as <filename role="package">net/tcpslice</filename>.</para>
1484 <para>The &man.time.1; utility now prints the time that a given
1485 command has been running if sent a <literal>SIGINFO</literal> signal.</para>
1487 <para>The &man.traceroute.8; utility now supports
1488 a <option>-e</option> option, which sets a fixed destination
1489 port for probe packets. This can be useful for tracing behind
1490 packet-filtering firewalls. &merged;</para>
1492 <para>&man.traceroute.8; now decodes the complete set of ICMP
1493 unreachable messages in its output. &merged;</para>
1495 <para>The &man.truss.1; utility now supports an <option>-s</option>
1496 flag for the same functionality as the strace utility
1497 (<filename role="package">devel/strace</filename>).</para>
1499 <para arch="ppc">The &man.truss.1; utility now supports &os;/ppc.</para>
1501 <para>The usbd(8) utility has been removed.
1502 The &man.devd.8; utility and its configuration
1503 file now support functionality which is equivalent to it.</para>
1505 <para>The &man.xargs.1; utility now supports a <option>-r</option>
1506 flag which makes the command execution when the standard input
1507 does not contain any non-whitespace-characters. &merged;</para>
1509 <para>The shared library version number of all libraries has
1510 been updated due to some possible ABI changes. The libraries
1511 include: snmp_<replaceable>*</replaceable>, libdialog, libg2c, libobjc,
1512 libreadline, libregex, libstdc++, libkrb5, libalias, libarchive,
1513 libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt,
1514 libdevstat, libedit, libexpat, libfetch, libftpio, libgpib,
1515 libipsec, libkiconv, libmagic, libmp, libncp, libncurses,
1516 libnetgraph, libngatm, libopie, libpam, libpthread, libradius,
1517 libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw,
1518 libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto,
1519 libssh, and libssl.</para>
1521 <para>The <function>wcsdup()</function> function has been
1522 implemented. This function is popular in Microsoft and GNU
1525 <para>The compiler toolchain is now capable of generating
1526 executables for systems using the ARM processor. &merged;</para>
1528 <sect3 id="rc-scripts">
1529 <title><filename>/etc/rc.d</filename> Scripts</title>
1531 <para>The <filename>auditd</filename> script for
1532 OpenBSM &man.auditd.8; has been added. &merged;</para>
1534 <para>The <filename>bluetooth</filename> script
1535 has been added. This script will be called from
1536 &man.devd.8; in response to device attachment/detachment
1537 events and to stop/start particular device without unplugging
1538 it by hand. The configuration parameters are in
1539 <filename>/etc/defaults/bluetooth.device.conf</filename>,
1540 and can be overridden by using
1541 <filename>/etc/bluetooth/<replaceable>$device</replaceable>.conf</filename>
1542 (where <replaceable>$device</replaceable> is <devicename>ubt0</devicename>,
1543 <devicename>btcc0</devicename>, and so on.)
1544 For more details, see &man.bluetooth.conf.5;. &merged;</para>
1546 <para>The <filename>ftpd</filename> script for
1547 stand-alone &man.ftpd.8; has been added.</para>
1549 <para>The <filename>gbde_swap</filename> script has
1550 been removed in favor a new <filename>encswap</filename>
1551 script which also supports &man.geli.8; for swap
1554 <para>The <filename>geli</filename> and <filename>geli2</filename>
1555 scripts has been added for &man.geli.8; device
1556 configuration on boot.</para>
1558 <para>The <filename>ike</filename> script for
1559 IPsec IKE daemon has been removed because no such daemon
1560 is included in the base system.</para>
1562 <para>The <filename>hcsecd</filename> and
1563 <filename>sdpd</filename> scripts have been added
1564 for &man.hcsecd.8; and &man.sdpd.8; daemons.
1565 These daemons can run even if no Bluetooth devices
1566 are attached to the system, but both daemons depend on
1567 Bluetooth socket layer and thus disabled by default.
1568 Bluetooth sockets layer must be either loaded
1569 as a module or compiled into kernel before the daemons can run.
1572 <para>The <filename>hostapd</filename> script for
1573 &man.hostapd.8; has been added. &merged;</para>
1575 <para>The <filename>mdconfig</filename> script to
1576 handle vnode backed &man.md.4; devices has been added.
1577 This is a replacement of the <filename>ramdisk</filename>
1578 script, and all of variables in <varname>ramdisk_*</varname>
1579 have been changed to <varname>mdconfig_*</varname>.
1580 Also, two new &man.rc.conf.5; variables
1581 <varname>mdconfig_<replaceable>*</replaceable>_files</varname>
1583 <varname>mdconfig_<replaceable>*</replaceable>_cmd</varname>
1584 have been added. For example:</para>
1586 <programlisting>mdconfig_md0="-t malloc -s 10m"
1587 mdconfig_md1="-t vnode -f /var/foo.img"</programlisting>
1589 <para>The <filename>netif</filename> script now supports
1590 <varname>ipv4_addrs_<replaceable>ifn</replaceable></varname>
1592 which add one or more IPv4 address from a ranged list in
1593 CIDR notation. &merged; For example:</para>
1595 <programlisting>ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"</programlisting>
1597 <para>The <filename>rcconf.sh</filename> script in <filename>/etc/rc.d</filename>
1598 has been removed and a variable <varname>early_late_divider</varname>,
1599 which designates the script to separate the early and late stages
1600 of the boot process, has been added.</para>
1602 <para>The <filename>rc.initdiskless</filename> script now uses &man.tar.1;
1603 instead of &man.pax.1; because &man.pax.1; needs a writable
1604 temporary directory that may not be available when this script
1607 <para>The <filename>pccard</filename> script has been removed
1608 since OLDCARD is deprecated.</para>
1610 <para>The <filename>ppp-user</filename> script has been renamed to
1611 <filename>ppp</filename>. &merged;</para>
1613 <para>The <varname>removable_interfaces</varname> variable
1614 has been removed.</para>
1616 <para>A new keyword <literal>NOAUTO</literal> in
1617 <varname>ifconfig_<replaceable>ifn</replaceable></varname>
1618 has been added. This prevents configuration of an interface
1619 at boot time or via <filename>/etc/pccard_ether</filename>,
1620 and allows <filename>/etc/rc.d/netif</filename>
1621 to be used to start and stop an interface
1622 on a purely manual basis.</para>
1626 <sect2 id="contrib">
1627 <title>Contributed Software</title>
1629 <para><application>Intel ACPI-CA</application>
1630 has been updated to 20051021.</para>
1632 <para><application>BIND</application> has been updated from 9.3.1
1633 to 9.3.2-P1. &merged;</para>
1635 <para><application>BSNMPD</application> has been updated from
1636 1.11 to 1.12.</para>
1638 <para><application>DRM</application> has
1639 been updated to a snapshot from DRI CVS as of 20060517.
1642 <para><application>FILE</application> has been updated from 4.12
1645 <para><application>netcat</application> has been updated from the
1646 version in a 4 February 2005 OpenBSD snapshot to the version
1647 included in OpenBSD 3.9. &merged;</para>
1649 <para><application>GCC</application> has been updated from 3.4.4
1650 to 3.4.6. &merged;</para>
1652 <para><application>GNU Readline library</application> has been
1653 updated from 5.0 to 5.1.</para>
1655 <para><application>GNU Troff</application>
1656 has been updated from version 1.19 to version 1.19.2.
1659 <para><application>IPFilter</application> has been updated from
1660 4.1.8 to 4.1.13. &merged;</para>
1662 <para><application>less</application> has been updated from v381
1663 to v394. &merged;</para>
1665 <para><application>libpcap</application> has been updated from
1666 0.9.1 to 0.9.4. &merged;</para>
1668 <para><application>lukemftpd</application> has been updated from a
1669 snapshot from NetBSD as of 9 August 2004 to a snapshot from
1670 NetBSD as of 31 August 2006. &merged;</para>
1672 <para><application>OpenSSH</application> has been updated from
1673 4.2p1 to 4.4p1. &merged;</para>
1675 <para><application>OpenSSL</application> has been updated from
1676 0.9.7e to 0.9.8d.</para>
1678 <para><application>hostapd</application>
1679 has been updated from version 0.3.9 to version 0.4.8.
1682 <para><application>sendmail</application> has been updated from
1683 8.13.4 to 8.13.8. &merged;</para>
1685 <para><application>tcpdump</application> has been updated from
1686 3.9.1 to 3.9.4. &merged;</para>
1688 <para>The timezone database has been updated from the
1689 <application>tzdata2005l</application> release to the
1690 <application>tzdata2006n</application> release. &merged;</para>
1692 <para><application>tip</application> has been updated to a
1693 snapshot from OpenBSD as of 20060831.</para>
1695 <para>TrustedBSD <application>OpenBSM</application>,
1696 version 1.0 alpha 12, an implementation of the documented Sun Basic
1697 Security Module (BSM) Audit API and file format, as well as local
1698 extensions to support the Mac OS X and &os; operating systems
1699 has been added. This also includes command line tools for audit
1700 trail reduction and conversion to text, as well as documentation
1701 of the commands, file format, and APIs.
1702 For this functionality, the <literal>AUDIT</literal> kernel option,
1703 <filename>/var/audit</filename> directory, and
1704 <literal>audit</literal> group have been added. &merged;</para>
1706 <para><application>WPA Supplicant</application>
1707 has been updated from version 0.3.9 to version 0.4.8.
1710 <para><application>zlib</application>
1711 has been updated from version 1.2.2 to version 1.2.3.</para>
1715 <title>Ports/Packages Collection Infrastructure</title>
1717 <para>&man.pkg.add.1; now supports an <option>-F</option>
1718 flag to disable checking whether the same package is already
1719 installed or not. &merged;</para>
1721 <para>The &man.pkg.add.1; program now supports an <option>-P</option>
1722 flag, which is the same as the <option>-p</option> flag
1723 except that the given prefix is also used recursively for the
1724 dependency packages if any. &merged;</para>
1726 <para>The &man.pkg.add.1; and &man.pkg.create.1; utilities now support
1727 a <option>-K</option> flag to save packages to the current directory
1728 (or <varname>PKGDIR</varname> if defined) by default.
1731 <para>The &man.pkg.create.1; program now supports an <option>-x</option>
1732 flag to support basic regular expressions for package name,
1733 an <option>-E</option> flag for extended regular
1734 expressions, and a <option>-G</option> for exact matching. &merged;</para>
1736 <para>The &man.pkg.version.1; utility now supports an <option>-o</option>
1737 flag to show the origin recorded on package generation
1738 instead of the package name, and an <option>-O</option> flag
1739 to list packages with a specific registered origin.
1742 <para>The &man.portsnap.8; utility (<filename>sysutils/portsnap</filename>)
1743 has been added into the &os; base system. This is a secure,
1744 easy to use, fast, lightweight, and generally good way for
1745 users to keep their ports trees up to date. &merged;</para>
1747 <para>A incorrect handling of <varname>HTTP_PROXY_AUTH</varname>
1748 in the &man.portsnap.8; utility has been fixed. &merged;</para>
1750 <para>The startup scripts from the <varname>local_startup</varname>
1751 directory now evaluated by using &man.rcorder.8; with scripts
1752 in the base system. &merged;</para>
1754 <para>The suffix of startup scripts from the Ports Collection
1755 has been removed. This means <filename>foo.sh</filename>
1756 is renamed to <filename>foo</filename>, and now
1757 scripts whose name is something like
1758 <filename>foo.ORG</filename> will also be invoked.
1759 You are recommended to reinstall packages which install
1760 such scripts and remove extra files in the
1761 <varname>local_startup</varname> directory. &merged;</para>
1763 <para>New <filename>rc.conf</filename> variables,
1764 <varname>ldconfig_local_dirs</varname> and
1765 <varname>ldconfig_local32_dirs</varname> have been added.
1766 These hold lists of local &man.ldconfig.8; directories.
1769 <para>The <command>@cwd</command> command in
1770 <filename>pkg-plist</filename> now allows
1771 the case where no directory argument is given. If no
1772 directory argument is given, it will set current
1773 working directory to the first prefix given by the
1774 <command>@cwd</command> command. &merged;</para>
1778 <title>Release Engineering and Integration</title>
1780 <para>The default partition sizing algorithm of the
1781 &man.sysinstall.8; utility has been changed.</para>
1785 <para>On systems where the disk capacity is larger than (3 * RAMsize + 10GB),
1786 the default sizes will now be as follows:</para>
1788 <informaltable frame="none" pgwide="0">
1790 <colspec colwidth="1*">
1791 <colspec colwidth="2*">
1794 <entry>Partition</entry>
1800 <row><entry>swap</entry><entry>RAMsize * 2</entry></row>
1801 <row><entry><filename>/</filename></entry><entry>512 MB</entry></row>
1802 <row><entry><filename>/tmp</filename></entry><entry>512 MB</entry></row>
1803 <row><entry><filename>/var</filename></entry><entry>1024 MB + RAMsize</entry></row>
1804 <row><entry><filename>/usr</filename></entry><entry>the rest (8GB or more)</entry></row>
1811 <para>On systems where the disk capacity is larger than
1812 (RAMsize / 8 + 2 GB), the default sizes will be
1813 in the following ranges, with space allocated
1814 proportionally:</para>
1816 <informaltable frame="none" pgwide="0">
1818 <colspec colwidth="1*">
1819 <colspec colwidth="2*">
1822 <entry>Partition</entry>
1828 <row><entry>swap</entry><entry>from RAMsize / 8 to RAMsize * 2</entry></row>
1829 <row><entry><filename>/</filename></entry><entry>from 256MB to 512MB</entry></row>
1830 <row><entry><filename>/tmp</filename></entry><entry>from 128MB to 512MB</entry></row>
1831 <row><entry><filename>/var</filename></entry><entry>from 128MB to 1024MB</entry></row>
1832 <row><entry><filename>/usr</filename></entry><entry>from 1536MB to 8192MB</entry></row>
1839 <para>On systems with even less disk space, the existing behavior is not
1844 <para>The &man.sysinstall.8; utility now displays the running &os;
1845 version in menu titles. &merged;</para>
1847 <para>A new <literal>showconfig</literal>
1848 target has been added in <filename>src/Makefile</filename>
1849 to show the build configuration of the &os; source tree.</para>
1851 <para>A <filename>/media</filename> directory has been
1852 added to contain mount points for removable media
1853 such as CDROMs, floppy disks, USB drives, and so on. &merged;</para>
1855 <para>The <filename>src.conf</filename> file, which
1856 contains settings that will apply to every build involving
1857 the &os; source tree, has been added.
1858 For details, see &man.build.7; and &man.src.conf.5;.</para>
1860 <para>The supported version of
1861 the <application>GNOME</application> desktop environment
1862 (<filename role="package">x11/gnome2</filename>) has been
1863 updated from 2.10.2 to 2.16.1. &merged;</para>
1865 <para>The supported version of
1866 the <application>KDE</application> desktop environment
1867 (<filename role="package">x11/kde3</filename>) has been
1868 updated from 3.4.2 to 3.5.4. &merged;</para>
1870 <para arch="i386,amd64">The supported Linux emulation now uses the
1872 <filename role="package">emulators/linux_base-fc4</filename>
1873 package. &merged;</para>
1875 <para>The supported version of
1876 the <application>Perl</application> interpreter
1877 (<filename role="package">lang/perl5.8</filename>) has been updated
1878 from 5.8.7 to 5.8.8. &merged;</para>
1880 <para>The supported version of
1881 the <application>&xorg;</application> windowing system
1882 (<filename role="package">x11/xorg</filename>) has been updated
1883 from 6.8.2 to 6.9.0. &merged;</para>
1885 <para arch="pc98">&os;/pc98 release CDROMs are now
1886 bootable on systems with some supported SCSI adapters.
1891 <title>Documentation</title>
1893 <para>Documentation of existing functionality has been improved by
1894 the addition of the following manual pages:
1895 &man.acpi.sony.4;, &man.device.get.sysctl.9;,
1899 &man.snd.mss.4;, &man.snd.t4dwave.4;,
1900 &man.sysctl.9;.</para>
1902 <para>The manual pages for <application>NTP</application>
1903 have been updated to 4.2.0, to match the version of
1904 code actually included in &os;. &merged;</para>
1906 <para>Initial support for kernel subsystem API documentation generating
1907 framework using <filename role="package">devel/doxygen</filename>
1908 has been added into <filename>src/sys/doc/subsys</filename>.
1909 To generate the API document, type <command>make doxygen</command>
1910 in <filename>src/</filename> directory.</para>
1914 <sect1 id="upgrade">
1915 <title>Upgrading from previous releases of &os;</title>
1920 <para>Upgrading &os; should, of course, only be attempted after
1921 backing up <emphasis>all</emphasis> data and configuration