Note the overhaul of asf(8).

[FreeBSD/FreeBSD.git] / release / doc / en_US.ISO8859-1 / relnotes / common / new.sgml

<articleinfo>
  <title>&os;/&arch; &release.current; Release Notes</title>

  <corpauthor>The &os; Project</corpauthor>

  <pubdate>$FreeBSD$</pubdate>

  <copyright>
    <year>2000</year>
    <year>2001</year>
    <year>2002</year>
    <year>2003</year>
    <year>2004</year>
    <year>2005</year>
    <year>2006</year>
    <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
  </copyright>

  <legalnotice id="trademarks" role="trademarks">
    &tm-attrib.freebsd;
    &tm-attrib.ibm;
    &tm-attrib.ieee;
    &tm-attrib.intel;
    &tm-attrib.sparc;
    &tm-attrib.general;
  </legalnotice>

  <abstract>
    <para>The release notes for &os; &release.current; contain a summary
      of the changes made to the &os; base system on the
      &release.branch; development line.
      This document lists applicable security advisories that were issued since
      the last release, as well as significant changes to the &os;
      kernel and userland.
      Some brief remarks on upgrading are also presented.</para>
  </abstract>
</articleinfo>

<sect1 id="intro">
  <title>Introduction</title>

  <para>This document contains the release notes for &os;
    &release.current; on the &arch.print; hardware platform.  It
    describes recently added, changed, or deleted features of &os;.
    It also provides some notes on upgrading
    from previous versions of &os;.</para>

<![ %release.type.current [

  <para>The &release.type; distribution to which these release notes
    apply represents the latest point along the &release.branch; development
    branch since &release.branch; was created.  Information regarding pre-built, binary
    &release.type; distributions along this branch
    can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.snapshot [

  <para>The &release.type; distribution to which these release notes
    apply represents a point along the &release.branch; development
    branch between &release.prev; and the future &release.next;.
    Information regarding
    pre-built, binary &release.type; distributions along this branch
    can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.release [

  <para>This distribution of &os; &release.current; is a
    &release.type; distribution.  It can be found at <ulink
    url="&release.url;"></ulink> or any of its mirrors.  More
    information on obtaining this (or other) &release.type;
    distributions of &os; can be found in the <ulink
    url="&url.books.handbook;/mirrors.html"><quote>Obtaining
    &os;</quote> appendix</ulink> to the <ulink
    url="&url.books.handbook;/">&os;
    Handbook</ulink>.</para>

]]>

  <para>All users are encouraged to consult the release errata before
    installing &os;.  The errata document is updated with
    <quote>late-breaking</quote> information discovered late in the
    release cycle or after the release.  Typically, it contains
    information on known bugs, security advisories, and corrections to
    documentation.  An up-to-date copy of the errata for &os;
    &release.current; can be found on the &os; Web site.</para>

</sect1>

<sect1 id="new">
  <title>What's New</title>

  <para>This section describes
    the most user-visible new or changed features in &os;
    since &release.prev;.
    In general, changes described here are unique to the &release.branch;
    branch unless specifically marked as &merged; features.
  </para>

  <para>Typical release note items
    document recent security advisories issued after
    &release.prev;,
    new drivers or hardware support, new commands or options,
    major bug fixes, or contributed software upgrades.  They may also
    list changes to major ports/packages or release engineering
    practices.  Clearly the release notes cannot list every single
    change made to &os; between releases; this document focuses
    primarily on security advisories, user-visible changes, and major
    architectural improvements.</para>

  <sect2 id="security">
    <title>Security Advisories</title>

    <para>A temporary file vulnerability in &man.texindex.1;, which
      could allow a local attacker to overwrite files in the context
      of a user running the &man.texindex.1; utility, has been fixed.
      For more details see security advisory <ulink
      url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:01.texindex.asc">FreeBSD-SA-06:01.texindex</ulink>. &merged;</para>

    <para>A temporary file vulnerability in the &man.ee.1; text
      editor, which could allow a local attacker to overwrite files in
      the context of a user running &man.ee.1;, has been fixed.  For
      more details see security advisory <ulink
      url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:02.ee.asc">FreeBSD-SA-06:02.ee</ulink>. &merged;</para>

    <para>Several vulnerabilities in the &man.cpio.1; utility have
      been corrected.  For more
      details see security advisory <ulink
      url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:03.cpio.asc">FreeBSD-SA-06:03.cpio</ulink>. &merged;</para>

    <para>An error in &man.ipfw.4; IP fragment handling, which could
      cause a crash, has been fixed.  For more
      details see security advisory <ulink
      url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:04.ipfw.asc">FreeBSD-SA-06:04.ipfw</ulink>. &merged;</para>

    <para>A potential buffer overflow in the IEEE 802.11 scanning code
      has been corrected.  For more
      details see security advisory <ulink
      url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:05.80211.asc">FreeBSD-SA-06:05.80211</ulink>. &merged;</para>

    <para>Two instances in which portions of kernel memory could be
      disclosed to users have been fixed.  For more details see
      security advisory <ulink
      url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:06.kmem.asc">FreeBSD-SA-06:06.kmem</ulink>. &merged;</para>

    <para>A logic bug in the IP fragment handling in &man.pf.4;, which
      could cause a crash under certain circumstances, has been fixed.
      For more details see security advisory <ulink
      url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:07.pf.asc">FreeBSD-SA-06:07.pf</ulink>. &merged;</para>

    <para>A logic bug in the NFS server code, which could cause a crash when
      the server received a message with a zero-length payload, has been fixed.
      For more details see security advisory <ulink
      url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:10.nfs.asc">FreeBSD-SA-06:10.nfs</ulink>. &merged;</para>

    <para>A programming error in the &man.fast.ipsec.4; implementation
      results in the sequence number associated with a Security
      Association not being updated, allowing packets to unconditionally
      pass sequence number verification checks, has been fixed.
      For more details see security advisory <ulink
      url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:11.ipsec.asc">FreeBSD-SA-06:11.ipsec</ulink>. &merged;</para>

    <para>A logic bug that could cause &man.opiepasswd.1; to allow an unprivileged
      user to configure OPIE authentication for the root user under certain
      circumstances, has been fixed.
      For more details see security advisory <ulink
      url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:12.opie.asc">FreeBSD-SA-06:12.opie</ulink>. &merged;</para>

    <para>An asynchronous signal handling vulnerability in &man.sendmail.8;,
      which could allow a remote attacker to execute arbitrary code with the
      privileges of the user running sendmail, typically root, has been fixed.
      For more details see security advisory <ulink
      url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:13.sendmail.asc">FreeBSD-SA-06:13.sendmail</ulink>. &merged;</para>

    <para arch="i386,amd64">An information disclosure issue found in the
      &os; kernel running on 7th- and 8th-generation AMD processors
      has been fixed.  For more details see security advisory <ulink
       url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:14.fpu.asc">FreeBSD-SA-06:14.fpu</ulink>. &merged;</para>

    <para>A bug in &man.ypserv.8;, which effectively disabled the
      <filename>/var/yp/securenets</filename> access control mechanism,
      has been corrected.  More details are available in security
      advisory
      <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:15.ypserv.asc">FreeBSD-SA-06:15.ypserv</ulink>. &merged;</para>

    <para>A bug in the smbfs file system, which could allow an
      attacker to escape out of &man.chroot.2 environments on an smbfs
      mounted filesystem, has been fixed.  For more details, see
      security advisory
      <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc">FreeBSD-SA-06:16.smbfs</ulink>. &merged;</para>

    <para>A potential denial of service problem in &man.sendmail.8;
      caused by excessive recursion which leads to stack
      exhaustion when attempting delivery of a malformed
      MIME message, has been fixed.  For more details,
      see security advisory <ulink
      url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc">FreeBSD-SA-06:17.sendmail</ulink>. &merged;</para>
  </sect2>

  <sect2 id="kernel">
    <title>Kernel Changes</title>

    <para>&man.acpi.4; now has basic support for the HPET time counter.</para>

    <para>The &man.acpi.ibm.4; driver now supports setting the fan control
      mode to manual or automatic, and adjusting the fan speed if the
      fan control mode is manual.  To enable manual control of the fan speed,
      the sysctl variable <varname>dev.acpi_ibm.<replaceable>0</replaceable>.fan</varname>
      needs to be set to zero (manual).  This should only be used with
      extreme precaution, as disabling automatic fan control might
      overheat the hardware and lead to permanent damage.</para>

    <para>The &man.apm.4; suspend/resume support has been improved.</para>

    <para>The <literal>options COMPAT_43</literal> kernel
      configuration option has been deemed unnecessary and has been
      removed from <filename>GENERIC</filename> and related kernel
      configurations.  This change may result in a small performance
      increase for some workloads.</para>

    <para>The &man.ddb.4; debugger now provides the <literal>show lock</literal>
      command.  If the argument has a valid lock class,
      this displays various information about the lock and calls a
      new function pointer in lock_class (lc_ddb_show) to dump class-specific
      information about the lock as well (such as the owner of a mutex or
      xlock'ed sx lock).  &merged;</para>

    <para>The &man.ddb.4; debugger now provides the <literal>show sleepq</literal>
      command.  This takes a wait channel as an argument and looks
      for a sleep queue associated with that wait channel.</para>

    <para><filename>DEFAULTS</filename> kernel configuration files
      for each platform have been added.  These files contain
      directives that are implicitly included in all kernel
      configurations, and generally include basic, mandatory
      functionality for each platform.  &merged;</para>

    <para>A bug in file descriptor handling such that a simple
      <literal>close(0); dup(fd)</literal> sequence does not return
      descriptor <literal>0</literal> in some cases, has been fixed.</para>

    <para>The &man.firmware.9; subsystem has been added.  This
      subsystem provides a mechanism
      to load binary data into the kernel via a specially crafted module.
      &merged;</para>

    <para>The &man.gdb.1; remote debugging interface now supports
      copying console messages to a remote debugger instance.
      To enable this, set <literal>debug.gdbcons="1"</literal>
      in <filename>loader.conf</filename>, enter <literal>boot -d;
        gdb; step</literal> from the loader prompt,
      then attach &man.gdb.1; from a remote machine.
      The sysctl variable <varname>debug.gdbcons</varname> can be
      used to turn on/off this functionality.</para>

    <para>&man.hwpmc.4; and &man.pmcstat.8; now support profiling
      of dynamically loaded kernel modules and
      shared objects loaded with &man.dlopen.3;.
      &man.pmcstat.8; can now log over a network socket
      to a remote host.</para>

    <para>The &man.random.4; entropy device driver is now MPSAFE.
      &merged;</para>

    <para>&os; now supports concurrent &man.read.2;/&man.readv.2;
      access to a file.</para>

    <para>The experimental CORE process scheduler has been added,
      enabled with the <literal>options SCHED_CORE</literal> kernel
      configuration option.  It is forked from the &man.sched.ule.4;
      scheduler, but
      with a different algorithm for detecting an interactive process.
      More information can be found in the &man.sched.core.4; manual
      page.</para>

    <para>The <literal>SIGCHLD</literal> signal queuing has been
      added.  For each child process whose status has been changed,
      a <literal>SIGCHLD</literal> instance is queued.  If the signal is still pending,
      and the process changed status several times, the signal information
      is updated to reflect the latest process status.
      There is a loader tunable <varname>kern.sigqueue.queue_sigchild</varname>
      which can control the behavior, setting it to zero disables the
      <literal>SIGCHLD</literal> queuing feature.</para>

    <para arch="amd64,i386">Instead of including all of physical
      memory in a kernel crash dump, the kernel now defaults to dumping only pages that are
      actively mapped into kernel virtual memory.  A new
      <varname>debug.minidump</varname> sysctl variable
      can be used to turn off this behavior when set to zero.</para>

    <para>A new sysctl variable <varname>kern.malloc_stats</varname>
      has been added.  This allows exporting of kernel malloc
      statistics via a binary structure stream.</para>

    <para>A new sysctl variable <varname>kern.forcesigexit</varname>
      has been added.  This forces a process
      to sigexit if a trap signal is being held by the current thread or
      ignored by the current process.  It is enabled by default.</para>

    <para arch="alpha">Support for Linux emulation on the Alpha
      platform has been removed, due to the lack of a
      <filename>linux_base</filename> port that both supports the
      Alpha architecture and is in good working condition.</para>

    <para>The pcvt(4) driver, an alternative to &man.syscons.4;,
      has been removed, as it had fallen out of sync with the rest
      of the kernel.</para>

    <para>RedZone, a buffer corruption protection for the kernel &man.malloc.9;
      facility has been implemented.  This detects both buffer underflows and
      overflows at runtime on &man.free.9; and &man.realloc.9;,
      and prints backtraces from where memory was allocated and from where
      it was freed.  For more details, see the &man.redzone.9; manual page.</para>

    <para>A new sysctl variable <varname>security.mac.biba.interfaces_equal</varname>
      which makes all network interfaces be created with the label
      <literal>biba/equal(equal-equal)</literal>, has been added.
      This is useful where programs such as &man.dhclient.8; and &man.ppp.8;.
      which initialize network interfaces do not have any labeling support.
      This variable is set as <literal>0</literal> (disabled) by default.
      &merged;</para>

    <para>A new sysctl variable <varname>vm.zone_stats</varname>
      has been added.  This allows to export &man.uma.9; allocator
      statistics via a binary structure stream.</para>

    <para>The sysctl variable <varname>hw.pci.do_powerstate</varname>
      has been changed from a boolean to a range.
      <literal>0</literal> means no power management,
      <literal>1</literal> means conservative power management which
      any device class that has caused problems is added to the watch list,
      <literal>2</literal> means aggressive power management where
      any device class that is not fundamental to the system is added to the list,
      and <literal>3</literal> means power them all down unconditionally.
      The default is <literal>1</literal>.</para>

    <para arch="ia64">The <filename>GENERIC</filename> kernel now enables
      SMP support by default.</para>

    <para>Sample kernel configuration files
      <filename>src/sys/<replaceable>arch</replaceable>/conf/MAC</filename>
      for the Mandatory Access Control framework have been added.</para>

    <para><varname>POSIX_TIMERS</varname> support has been updated to 200112L.</para>

    <para>An experimental support for POSIX message queue has been
      implemented.</para>

    <para>&os; now runs on the Xbox, whose architecture is nearly identical
      to the i386.  For details of the latest development,
      see <ulink url="http://www.FreeBSD.org/platforms/xbox.html"></ulink>
      and <ulink url="http://xbox-bsd.nl"></ulink>.</para>

    <sect3 id="boot">
      <title>Boot Loader Changes</title>

      <para>A new option <option>-S</option>,
        which allows setting the <filename>boot2</filename>
        serial console speed in the <filename>/boot.config</filename>
        file or on the <prompt>boot:</prompt> prompt line,
        has been added.</para>

      <para arch="i386,amd64">A new loader tunable
        <varname>comconsole_speed</varname> to change
        the serial console speed has been added.
        If the previous stage boot loader requested a serial console,
        then the default speed is determined from the current serial port
        speed.  Otherwise it is set to 9600 or the value of
        the <literal>BOOT_COMCONSOLE_SPEED</literal> kernel option.
        &merged;</para>

      <!-- Above this line, order boot loader changes by keyword-->

      <para arch="pc98">A bootable CDROM loader has been implemented
        for the pc98 platform. &merged;</para>

      <para arch="i386">A bug in the i386 boot loader, which could
        cause filesystem corruption if
        a <filename>nextboot.conf</filename> file was used and landed
        after cylinder 1023, has been fixed.</para>

    </sect3>

    <sect3 id="proc">
      <title>Hardware Support</title>

      <para>The &man.cardbus.4;, &man.pccard.4;,
        &man.pccbb.4;, and &man.exca.4; drivers are now buildable
        as kernel modules.</para>

      <para>An &man.acpi.dock.4; driver has been added to provide
        support for controlling laptop docking station functions via
        ACPI.</para>

      <para>The &man.acpi.thermal.4; driver now supports
        passive cooling. &merged;</para>

<!-- The following note should remain MI (i.e. don't set arch="alpha") --
  -- because the alpha docs will be disappearing at some point before --
  -- 7.0-RELEASE. -->
    <para>Support for the alpha architecture has been removed.  Alpha
      support will remain on the RELENG_5 and RELENG_6 codelines.</para>

      <para>The &man.cardbus.4; driver now supports
        <filename>/dev/cardbus<replaceable>%d</replaceable>.cis</filename>.</para>

      <para arch="i386,pc98">The &man.ce.4; driver,
        which supports Cronyx Tau-PCI/32 adapters, has been added.
        &merged;</para>

      <para>The <literal>est</literal> &man.cpufreq.4; driver now supports
        frequency control for the VIA C7-M family of processors.</para> 

      <para>Support for the PadLock Security Co-processor in VIA C3
        processors has been added to the &man.crypto.9; subsystem.
        More information can be found in the &man.padlock.4; manual
        page.
        &merged;</para>

      <para>A bug which prevented the &man.ichsmb.4; kernel module
        from unloading has been fixed.</para>

      <para arch="i386,amd64">Dual-core processors (such as the Intel
        Core Duo) now have both cores available for use by
        default in SMP-enabled kernels. &merged;</para>

      <para arch="i386,amd64">&man.ipmi.4;, an OpenIPMI compatible driver,
        has been added.
        OpenIPMI (Intelligent Platform Management Interface) is an open
        standard designed to enable remote monitoring and control of server,
        networking and telecommunication platforms. &merged;</para>

      <para>The &man.kbdmux.4; driver has been integrated into &man.syscons.4; and
        the <devicename>kbd</devicename> device driver.
        By default &man.syscons.4; will look for the &man.kbdmux.4;
        keyboard first, and then, if not found, look for any keyboard.
        Switching to &man.kbdmux.4; can be done at boot time by loading
        the <literal>kbdmux</literal> kernel module via &man.loader.8;,
        or at runtime via &man.kldload.8; and releasing the active
        keyboard.  &merged;</para>

      <para arch="amd64,i386">The &man.kbdmux.4; driver is now included in the
        <filename>GENERIC</filename> kernel by default.
        Also, the <quote>Boot FreeBSD with USB keyboard</quote>
        menu item in the boot loader menu has been removed
        since this fixes USB keyboard probing problems.
        &merged;</para>

      <para arch="ia64">The loader tunable <varname>debug.mpsafevfs</varname>
        is set to <literal>1</literal> by default.</para>

      <para>The &man.sab.4; driver has been removed (it has been
        superceded by the &man.scc.4; driver).</para>

      <para>The &man.scc.4; driver has been added.
        This provides generic support for serial communications
        controllers and delegates the control over each channel
        and mode to a subordinate driver such as &man.uart.4;.</para>

      <para arch="amd64">The smbios(4) driver support for amd64 has been
        added.</para>

      <para>The tnt4882(4) driver, which supports the National Instruments
        PCI-GPIB card, has been added.</para>

      <para arch="alpha,amd64,i386,ia64,sparc64">The &man.uart.4; driver has been included in the
        <filename>GENERIC</filename> kernel by default.
        When both &man.sio.4; and &man.uart.4; can handle a given serial port,
        &man.sio.4; will claim it.</para>

      <para>The &man.uart.4; driver now supports LOM (Lights Out Management)
        and RSC (Remote System Control) devices as consoles.</para>

      <para arch="i386">A new loader tunable
        <varname>hw.apic.enable_extint</varname> has been added.
        This tunable can be used to disable masking of the ExtINT pin on the first
        I/O APIC.  At least one chipset for the Intel Pentium III seems
        to need this, even though all of the pins in the 8259As are masked.
        The default is still to mask the ExtINT pin.</para>

      <para arch="i386">Support has been improved for
        so-called <quote>legacy-free</quote> hardware, in particular,
        i386 systems without AT-style keyboard controllers such as the
        Macbook Pro. &merged;</para>

      <sect4 id="mm">
        <title>Multimedia Support</title>

        <para>The &man.agp.4; driver now supports ATI AGP chipsets.
          &merged;</para>

        <para>The new midi(4) driver which is based on NetBSD's one
          has been added.  This supports &man.snd.cmi.4; and
          &man.snd.emu10k1.4; drivers.</para>

        <para>The &man.sound.4; driver now supports
          wider range sampling rate, multiple precisions choice,
          and 24/32 bit PCM format conversion.  &merged;</para>

        <para>The &man.snd.als4000.4; driver is now MPSAFE.  &merged;</para>

        <para>The &man.snd.atiixp.4; driver has been added.
          This supports ATI IXP 200/300/400 series audio controllers.  &merged;</para>

        <para>The &man.snd.atiixp.4; driver now supports
          suspend and resume features.</para>

        <para>The &man.snd.cmi.4; driver is now MPSAFE.</para>

        <para>The &man.snd.envy24.4; driver has been added to support
          the Envy24 series of audio chips.</para>

        <para>The &man.snd.es137x.4; driver is now MPSAFE.  &merged;</para>

        <para>The &man.snd.ich.4; driver is now MPSAFE.  &merged;</para>

        <para>The &man.snd.solo.4; driver is now MPSAFE.  &merged;</para>

        <para>The &man.snd.via8233.4; driver is now MPSAFE.  &merged;</para>

        <para>The &man.snd.via82c686.4; driver is now MPSAFE.  &merged;</para>

        <para arch="amd64">The &man.speaker.4; driver now supports &os;/amd64.  &merged;</para>

        <para>The &man.uaudio.4; driver now supports 24/32 bit audio
          formats and conversion.</para>
      </sect4>

      <sect4 id="net-if">
        <title>Network Interface Support</title>

        <para>The &man.ath.4; driver has been updated to
          version 0.9.16.16.  &merged;</para>

        <para arch="amd64,i386,pc98">The &man.ath.4;, &man.ath.hal.4;, and
          <literal>ath_rate_sample</literal> drivers have been
          included in the <filename>GENERIC</filename> kernel by default.</para>

        <para arch="amd64,i386">The &man.bce.4; driver, which supports Broadcom
          NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet controllers,
          has been added.  For more details, see &man.bce.4;. &merged;</para>

        <para>A bug which prevents the &man.bfe.4; driver from working
          on a system with over 1GB RAM has been fixed.  &merged;</para>

        <para>The &man.bge.4; driver's Jumbo frame support is now MPSAFE.</para>

        <para>The &man.bge.4; driver now supports big-endian
          architectures such as sparc64.</para>

        <para>The &man.bge.4; driver now supports &man.polling.4; mode.
          &merged;</para>

        <para>The &man.cm.4; driver is now MPSAFE.</para>

        <para>The &man.dc.4; driver is now MPSAFE. &merged;</para>

        <para>The &man.de.4; driver has been converted to the &man.bus.dma.9;
          API and is now MPSAFE.</para>

        <para>The &man.ed.4; driver is now MPSAFE.</para>

        <para>The &man.el.4; driver has been removed due to lack of use.</para>

        <para>The &man.em.4; driver now supports big-endian
          architectures such as sparc64.  &merged;</para>

        <para>The &man.em.4; driver has been updated to
          version 5.1.5 from Intel.  Among other changes, it now supports
          82571 and 82572 based adapters.</para>

        <para>The &man.em.4; driver now includes
          initial support for suspend and resume features.</para>

        <para>The performance of the &man.em.4; driver has been improved
          by using a fast interrupt handler and taskqueue
          instead of ithread handler.  This change can be disabled
          by defining <literal>NO_EM_FASTINTR</literal> kernel option
          for debugging purpose.</para>

        <para>The &man.iwi.4; driver now supports big-endian
          architectures such as sparc64.</para>

        <para>The &man.le.4; driver, which supports AMD Am7900 LANCE
          and Am79C9xx PCnet NICs,
          has been added.  While the &man.lnc.4; driver also supports these
          NICs, this driver has several advantages over it such as
          MPSAFE, ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI
          variants.  This driver is based on NetBSD's implementation.
          &merged;</para>

        <para>The &man.lge.4; driver is now MPSAFE. &merged;</para>

        <para>The lnc(4) driver has been removed.  The &man.le.4; and
          &man.pcn.4; drivers support all devices that were supported
          by lnc(4).</para>

        <para>The &man.my.4; driver is now MPSAFE. &merged;</para>

        <para>The &man.my.4; driver now supports &man.altq.4;.</para>

        <para arch="i386,amd64">The &man.mxge.4; driver,
          which supports Myricom Myri10GE 10 Gigabit Ethernet
          adapters, has been added.  For more details, see
          &man.mxge.4;.</para>

        <para>The &man.nve.4; driver has been updated to version 1.0-0310
          (23-Nov-2005).  It also now has &man.altq.4; support. &merged;</para>

        <para>The &man.pcn.4; driver is now MPSAFE. &merged;</para>

        <para>The &man.re.4; driver now supports the D-Link DGE-528(T)
          Gigabit Ethernet card.</para>

        <para>The &man.sf.4; driver is now MPSAFE. &merged;</para>

        <para>The &man.sk.4; driver is now MPSAFE. &merged;</para>

        <para>The &man.ste.4; driver is now MPSAFE.</para>

        <para>The &man.ti.4; driver now supports big-endian
          architectures such as sparc64.</para>

        <para>The &man.ufoma.4; driver for
          FOMA (third generation mobile phone system by NTT DoCoMo, Inc.
          in Japan) has been added.
          This should support other third generation mobile phones
          since the driver is based on USB Implementation Guideline
          from MCPC (Mobile Computing Promotion Consortium) in Japan.</para>

        <para>The vgapci(4) driver has been added.  This is a stub
          device driver for VGA PCI devices and serves as a bus
          so that other drivers such as drm(4),
          &man.acpi.video.4;, and &man.agp.4; can attach to
          it thus allowing multiple drivers for the same device.</para>

        <para>The &man.wi.4; driver is now buildable as
          a kernel module.</para>

        <para arch="amd64,i386,pc98">The &man.wlan.wep.4;,
          &man.wlan.ccmp.4;, and &man.wlan.tkip.4; drivers
          have been included in the <filename>GENERIC</filename>
          kernel by default.</para>
      </sect4>
    </sect3>

    <sect3 id="net-proto">
      <title>Network Protocols</title>

      <para>The &man.arp.4; retransmission algorithm has been
        rewritten so that ARP requests are retransmitted without
        suppression, while there is demand for such ARP entry.
        Due to this change, a sysctl variable
        <varname>net.link.ether.inet.host_down_time</varname>
        has been removed.  &merged;</para>

      <para>The &man.arp.4; protocol now supports a sysctl variable
        <varname>net.link.ether.inet.log_arp_permanent_modify</varname>
        to suppress logging of attempts to modify
        permanent ARP entries.  &merged;</para>

      <para arch="amd64,i386,pc98">An experimental BPF Just-In-Time compiler
        has been implemented for both &man.bpf.4; and &man.ng.bpf.4;.
        To enable this, the
        <literal>options BPF_JITTER</literal> kernel option is needed.
        The <varname>net.bpf_jitter.enable</varname>
        can be used to disable this feature.</para>

      <para>The bridge(4) driver has been removed from the tree.  Its
        functionality has been completely replaced by
        &man.if.bridge.4;.</para>

      <para>The &man.gre.4; driver, which is for GRE encapsulation
        found in RFC 1701 and RFC 1702, now supports IPv6 over GRE.</para>

      <para>The &man.if.bridge.4; driver now supports
        creating SPAN ports, which transmit a copy of every frame
        received by the bridge.  This feature can be enabled
        by using &man.ifconfig.8;.  &merged;</para>

      <para>The &man.if.bridge.4; driver now supports
        RFC 3378 EtherIP.  This change makes it possible to
        add &man.gif.4; interfaces to bridges, which will then
        send and receive IP protocol 97 packets.
        Packets are Ethernet frames with an EtherIP header prepended.
        &merged;</para>

      <para>A hard-coded limit on the number of IPv4 multicast group
        memberships (formerly 20) has been removed.</para>

      <para>The path MTU discovery for multicast packets in the &os;
        IPv6 stack has been disabled by default.
        Path MTU notification from a large number of multicast routers
        can be a kind of distributed Denial-of-Service attack to a router.
        This feature can be re-enabled by using a new sysctl variable
        <varname>net.inet6.ip6.mcast_pmtu</varname>.  &merged;</para>

      <para>The &man.ipfw.4; IP packet filter now supports IPv6.  &merged;</para>

      <para>The &man.ipfw.4; firewall system now supports substitution of the action
        argument with the value obtained from table lookup,
        which allows some optimization of rulesets.
        This is now applicable only to <literal>pipe</literal>,
        <literal>queue</literal>,
        <literal>divert</literal>,
        <literal>tee</literal>,
        <literal>netgraph</literal>,
        and <literal>ngtee</literal> rules.  &merged;
        For example, the following rules will throw different
        packets to different pipes:</para>

      <programlisting>pipe 1000 config bw 1000Kbyte/s
pipe 4000 config bw 4000Kbyte/s
table 1 add x.x.x.x 1000
table 1 add x.x.x.y 4000
pipe tablearg ip from table(1) to any</programlisting>

      <para>The &man.ipfw.4; packet filter now supports
        <literal>tag</literal> and <literal>untag</literal> rule keywords.
        When a packet matches a rule with the <literal>tag</literal>
        keyword, the numeric tag for the given number in the range
        from 0 to 65535 will be attached to the packet.
        The tag acts as an internal marker (it is not sent out over
        the wire) that can be used to identify these packets later on,
        for example, by using <literal>tagged</literal>
        rule option.  For more details, see &man.ipfw.8;.</para>

      <para>The ip6fw(8) packet filter has been removed.  Since &man.ipfw.4; has gained
        IPv6 support, it should be used instead.  Please note that some rules might need
        to be adjusted.</para>

      <para>The &man.natm.4;, Native Mode ATM protocol layer is now MPSAFE.</para>

      <para>The &man.ng.iface.4; Netgraph node now supports &man.altq.4;.
        &merged;</para>

      <para>A bug has been fixed in which NFS over TCP would not reconnect
        when the server sent a FIN.  This problem had occurred
        with Solaris NFS servers.  &merged;</para>

      <para>The default retransmit timer for NFS over TCP is now 60 seconds.
        This change prevents the unnecessary retransmission of
        non-idempotent NFS requests.  The <varname>nfs_access_cache</varname>
        variable in &man.rc.conf.5; has also been changed to 60.</para>

      <para>The default minimum number of nfsiod kernel threads
        (&man.sysctl.8; variable <varname>vfs.nfs.iodmin</varname>)
        has been changed from 4 to 0.</para>

      <para>The sysctl variables <varname>net.inet.ip.portrange.reservedhigh</varname>
        and <varname>net.inet.ip.portrange.reservedlow</varname>
        can be used with IPv6 now.</para>

      <para>A new sysctl variable <varname>net.inet.icmp.reply_from_interface</varname>
        has been added.  This allows the &man.icmp.4;
        reply to non-local packets to be generated with
        the IP address the packet came through in.
        This is useful for routers to show in &man.traceroute.8;
        the actual path a packet has taken instead of
        the possibly different return path.</para>

      <para>A new sysctl variable <varname>net.inet.icmp.quotelen</varname>
        has been added.  This allows to change length of
        the quotation of the original packet in an ICMP reply.
        The minimum of 8 bytes is internally enforced.
        The maximum quotation is the remaining space in the
        reply mbuf.  This option is added in response to the
        issues raised in I-D
        <filename>draft-gont-icmp-payload-00.txt</filename>.</para>

      <para>The &man.icmp.4; now always quotes the entire TCP header
        when responding and allocate an mbuf cluster if needed.
        This change fixes the TCP issues raised in I-D
        <filename>draft-gont-icmp-payload-00.txt</filename>.</para>

      <para>A new socket option <literal>IP_MINTTL</literal> has been added.
        This may be used to set the minimum acceptable
        TTL a packet must have when received on a socket.
        All packets with a lower TTL are silently dropped.
        This works on already connected/connecting and
        listening sockets for RAW, UDP, and TCP.  This option
        is only really useful when set to <literal>255</literal>, preventing packets
        from outside the directly connected networks reaching
        local listeners on sockets.  Also, this option allows
        userland implementation of <quote>The Generalized TTL
          Security Mechanism (GTSM)</quote> found in RFC 3682.</para>

      <para>Stealth forwarding now supports IPv6 as well as IPv4.
        This behavior can be controlled by using a new sysctl variable
        <varname>net.inet6.ip6.stealth</varname>.</para>

      <para>The <literal>IPV6_V6ONLY</literal> socket option
        now works for UDP.</para>

      <para>The TCP bandwidth-delay product limiting feature has
        been disabled when the RTT is below a certain threshold.
        This optimization does not make sense on a LAN, as it has
        trouble figuring out the maximal bandwidth due to the coarse
        tick granularity.  A new sysctl variable
        <varname>net.inet.tcp.inflight.rttthresh</varname> specifies
        the threshold in milliseconds below which this feature
        will disengage.  It defaults to 10ms.  &merged;</para>
    </sect3>

    <sect3 id="disks">
      <title>Disks and Storage</title>

      <para>The &man.aac.4; driver now supports the Adaptec 2610SA SATA-RAID
        controller in some Hewlett-Packard machines.</para>

      <para>The performance of the &man.amr.4; driver has been improved;
        it also now supports full 64-bit DMA.  While this feature is
        enabled by default, this can be forced off by setting the
        <varname>hw.amr.force_sg32</varname> loader tunable for
        debugging purpose.
        &merged;</para>

      <para>The &man.amr.4; driver now supports the &man.ioctl.2; requests
        necessary for the Linux LSI MegaRaid tools in &os;'s Linux emulation
        environment.
        &merged;</para>

      <para>The &man.ata.4; driver now supports a workaround
        for some controllers whose DMA does not work properly
        in 48bit mode.  For affected controllers,
        PIO mode will be used for access to areas beyond 137GB.
        &merged;</para>

      <para>The &man.ata.4; driver now supports the ITE IT8211F IDE controller,
        and the Promise PDC40718 and PDC40719 chip found in Promise
        Fasttrak TX4300.
        &merged;</para>

      <para>The &man.ata.4; driver now supports DMA for kernel crash dumps,
        as well as crash dumping to an &man.ataraid.4; device.
        &merged;</para>

      <para>The &man.ata.4; driver now supports USB mass storage class
        devices.  To enable it, a line <literal>device atausb</literal>
        in the kernel configuration file or loading the
        <filename>atausb</filename> kernel module is needed.
        Note that this functionality cannot coexist with the
        &man.umass.4; driver.</para>

      <para>The &man.ataraid.4; driver now supports
        JMicron ATA RAID metadata.  &merged;</para>

      <para>The <literal>GEOM_LABEL</literal> class now supports
        Ext2FS, NTFS, and ReiserFS.  &merged;</para>

      <para>The <literal>GEOM_MIRROR</literal> class now supports
        kernel crash dumps to the GEOM providers.
        &merged;</para>

      <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal>
        classes now support sysctl variables
        <varname>kern.geom.mirror.disconnect_on_failure</varname>
        and
        <varname>kern.geom.graid3.disconnect_on_failure</varname>
        to control whether failed components will be disconnected or not.
        The default value is <literal>1</literal> to preserve the current
        behavior, and if it is set to <literal>0</literal> such components
        are not disconnected and the kernel will try to still use them
        (only the first error will be logged).
        This is helpful for the case of multiple broken components (in
        different places), so actually all data is available.
        The broken components will be visible in <command>gmirror list</command>
        or <command>graid3 list</command> output with flag
        <literal>BROKEN</literal>.
        &merged;</para>

      <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal>
        classes now use parallel I/O requests for synchronization
        to improve the performance.  New sysctl variables
        <varname>kern.geom.mirror.sync_requests</varname> and
        <varname>kern.geom.raid3.sync_requests</varname>
        define how many parallel I/O requests should be used.
        Also, the sysctl variables
        <varname>kern.geom.mirror.reqs_per_sync</varname>,
        <varname>kern.geom.mirror.syncs_per_sec</varname>,
        <varname>kern.geom.raid3.reqs_per_sync</varname>, and
        <varname>kern.geom.raid3.syncs_per_sec</varname>
        are deprecated and have been removed.
        &merged;</para>

      <para>A new GEOM class <literal>GEOM_ZERO</literal> has been added.
        It creates a very huge provider (41PB) <filename>/dev/gzero</filename>
        and is mainly useful for performance testing.
        On <literal>BIO_READ</literal> request it zero-fills
        <varname>bio_data</varname> and on <literal>BIO_WRITE</literal>
        it does nothing.
        &merged;</para>

      <para>The GEOM class kernel module <filename>g_md.ko</filename>
        has been renamed to <filename>geom_md.ko</filename>
        for consistency.</para>

      <para arch="amd64,i386">The &man.hptmv.4; driver has been updated and now supports
        amd64 as well as PAE.</para>

      <para>The &man.mfi.4; driver, which supports
        the LSI MegaRAID SAS controller family, has been added.
        &merged;</para>

      <para>The &man.mpt.4; driver has been updated to support
        various new features such as RAID volume and RAID member
        state/settings reporting, periodic volume re-synchronization
        status reporting, and sysctl variables for volume
        re-synchronization rate, volume member write cache status,
        and volume transaction queue depth.</para>

      <para>The &man.mpt.4; driver now supports SAS HBA (partially),
        64-bit PCI, and large data transfer.</para>

      <para>The &man.twa.4; driver has been updated to the 9.3.0.1
        release on the 3ware Web site.  &merged;</para>

      <para>A new GEOM-based disk encryption facility, GEOM_ELI, has been
        added.  It uses the &man.crypto.9; framework for hardware acceleration
        and supports different cryptographic algorithms.  See &man.geli.8; for
        more information. &merged;</para>

      <para>The &man.geli.8; disk encryption system now supports loading keyfiles before the root
        file system is mounted.  &merged;
        For example, the following entries
        can be used in <filename>/boot/loader.conf</filename> to enable
        it:</para>

      <programlisting>geli_da0_keyfile0_load="YES"
geli_da0_keyfile0_type="da0:geli_keyfile0"
geli_da0_keyfile0_name="/boot/keys/da0.key0"
geli_da0_keyfile1_load="YES"
geli_da0_keyfile1_type="da0:geli_keyfile1"
geli_da0_keyfile1_name="/boot/keys/da0.key1"
geli_da0_keyfile2_load="YES"
geli_da0_keyfile2_type="da0:geli_keyfile2"
geli_da0_keyfile2_name="/boot/keys/da0.key2"

geli_da1s3a_keyfile0_load="YES"
geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"</programlisting>

      <para>&man.geli.8; is now able to perform data integrity
        verification (data authentication) of encrypted data stored on
        disk.  Note that the encryption algorithm is now specified to
        the &man.geli.8; control program using the <option>-e</option>
        option; the <option>-a</option> option is now used to specify
        the authentication algorithm</para>

      <para>The &man.umass.4; driver now supports
        <literal>PLAY_MSF</literal>,
        <literal>PLAY_TRACK</literal>,
        <literal>PLAY_TRACK_REL</literal>,
        <literal>PAUSE</literal>,
        <literal>PLAY_12</literal> commands so that
        the &man.cdcontrol.1; utility can handle a USB CD drive.</para>
    </sect3>

    <sect3 id="fs">
      <title>File Systems</title>

      <para arch="amd64,i386,pc98">The &man.linsysfs.5;
        pseudo-filesystem driver has been added.
        It provides a subset of the
        Linux <filename>sys</filename> filesystem, and is required for
        the correct operation of some Linux binaries (such as the LSI
        MegaRAID SAS utility). &merged;</para>

      <para>A part of the FreeBSD NFS subsystem (the interface with
        the protocol stack and callouts, the NFS client side) is now MPSAFE.</para>

      <para>Initial (read-only) support for SGI's XFS filesystem has been
        added.</para>
    </sect3>
  </sect2>

  <sect2 id="userland">
    <title>Userland Changes</title>

    <para>Padding of <varname>ai_addrlen</varname>
      in <varname>struct addrinfo</varname> has been removed,
      which was originally for the ABI compatibility.
      For example, this change breaks the ABI compatibility of the
      &man.getaddrinfo.3; function on 64-bit architectures, including
      &os;/amd64, &os;/ia64, and &os;/sparc64.</para>

    <para>The &man.asf.8; utility has been revised and extended.  Now
      it can operate via several interfaces including &man.kvm.3;,
      which supports not only live systems, but also kernel crash dumps.
      &merged;</para>

    <para>The &man.arp.8; utility now allows the <option>-i</option>
      option together with the <option>-d</option> and <option>-a</option> options
      to allow all entries for a given interface to be removed.</para>

    <para>The OpenBSM userland tools, including &man.audit.8;,
      &man.auditd.8;,
      &man.auditreduce.1;, and
      &man.praudit.1;, have been added.</para>

    <para>The &man.bsdiff.1; and &man.bspatch.1; utilities
      have been added.  These are tools for constructing and
      applying binary patches.  &merged;</para>

    <para>The &man.bsnmpd.1; utility now supports the Host Resources
      MIB described in RFC 2790.  &merged;</para>

    <para>&man.cached.8; has been added.  It is a daemon that caches
      the results of nsswitch lookups (such as those to the password,
      group, and services databases) for improved performance.</para>

    <para>The &man.cmp.1; utility now supports an <option>-h</option>
      flag to compare the symbolic link itself rather than the
      file that the link points to. &merged;</para>

    <para>The &man.config.8; utility now supports the <literal>nocpu</literal>
      directive, which cancels the effect of a
      previous <literal>cpu</literal> directive.  &merged;</para>

    <para>The &man.config.8; utility now reads <filename>DEFAULTS</filename>
      kernel configuration file if it exists in the current directory
      before the specified configuration file.  &merged;</para>

    <para>The &man.csh.1; utility now supports NLS catalogs.
      Note that this requires installing
      the <filename role="package">shells/tcsh_nls</filename> port.
      &merged;</para>

    <para>The &man.csup.1; utility has been imported.
      This is an implementation of a CVSup-compatible client written
      in the C language.  Note that it currently supports checkout mode
      only. &merged;</para>

    <para>The &man.dhclient.8; program now sends the host's name in
      DHCP requests if it is not specified in the configuration
      file. &merged;</para>

    <para>The &man.devd.8; utility now supports a <option>-f</option> option
      to specify a configuration file.  &merged;</para>

    <para>The &man.du.1; program now supports a <option>-n</option>
      flag, which causes it to ignore files and directories with
      the <literal>nodump</literal> flag set. &merged;</para>

    <para>The &man.find.1; program now supports <option>-Btime</option>
      and other related primaries, which can be used to create expressions
      based on a file's creation time. &merged;</para>

    <para>A bug in the &man.find.1; program which prevents
      numeric arguments for <option>-user</option> and
      <option>-group</option> from working as expected
      has been fixed.</para>

    <para>The &man.ftpd.8; utility now creates a PID file
      <filename>/var/run/ftpd.pid</filename> even when
      no <option>-p</option> option is specified.  &merged;</para>

    <para>The &man.gbde.8; utility now supports
      <option>-k</option> and <option>-K</option> options
      to specify a key file in addition to a passphrase.</para>

    <para>The &man.getfacl.1; utility now supports
      a <option>-q</option> flag to suppress the per-file header
      comment listing the file name, owner, and group.
      &merged;</para>

    <para>The &man.getent.1; utility has been imported from NetBSD.
      It retrieves and displays information from an administrative
      database (such as <filename>hosts</filename>) using the lookup
      order specified in &man.nsswitch.conf.5;. &merged;</para>

    <para>The &man.gpt.8; utility now supports setting GPT partition labels.</para>

    <para>The &man.gvinum.8; utility now supports commands
      to rename objects and to move a subdisk from
      one drive to another.  &merged;</para>

    <para>The &man.gvinum.8; utility now supports the
      <command>resetconfig</command> sub-command.</para>

    <para>An implementation of Generic Security Service API (GSS-API)
      version 2 and its C binding described in RFC2743 and RFC2744
      has been added.  This is a new extensible GSS-API layer which
      can support GSS-API plugins, similar the the Solaris
      implementation, and the Kerberos 5 GSS mechanism has
      been rewritten as a plugin library for the new implementation.</para>

    <para>The &man.hccontrol.8; utility now supports HCI node
      autodetection.</para>

    <para>The &man.id.1; utility now prints the effective user
      ID after the group ID.</para>

    <para>The &man.ifconfig.8; utility now supports
      a <option>-k</option> flag to allow printing
      potentially sensitive keying material to standard output.
      This sensitive information will not be printed by default.</para>

    <para>The &man.ifconfig.8; utility now supports a <option>-tunnel</option>
      parameter, which is just an alias for <option>deletetunnel</option>,
      yet is more convenient and easier to type.</para>

    <para>The <option>-vlandev</option> parameter to &man.ifconfig.8;
      no longer requires a network interface as its argument.  The
      argument still is supported for backward compatibility, but
      is now deprecated and its use is discouraged.</para>

    <para>The &man.iostat.8; utility now supports
      a <option>-x</option> flag (inspired by Solaris) to print
      extended disk statistics.  If the new <option>-z</option> flag is
      also specified, no output is made for disks with no
      activity. &merged;</para>

    <para>The &man.ipfwpcap.8; utility has been added; it captures
      packets on a &man.divert.4; socket and writes them as
      &man.pcap.3; (also known as &man.tcpdump.1;) format data to a
      file or pipe.</para>

    <para>The &man.jail.8; utility supports a <option>-J
        <replaceable>jid_file</replaceable></option> option to
      write out a JidFile, similar to a PidFile, containing
      the jailid, path, hostname, IP and the command used to start
      the jail.  &merged;</para>

    <para>The &man.jail.8; program now supports a <option>-s</option>
      option to specify a jail's securelevel. &merged;</para>

    <para>The &man.kdump.1; program now supports a <option>-H</option>
      flag, which causes kdump to print an additional field holding
      the threadid.  &merged;</para>

    <para>The &man.kdump.1; program now supports a <option>-s</option>
      flag to suppress the display of I/O data.  &merged;</para>

    <para>The &man.kdump.1; program now supports printing
      flags in a system call argument by using symbol names.</para>

    <para>The &man.kenv.1; utility now supports a <option>-q</option>
      flag to suppress warnings.</para>

    <para>&man.kgdb.1; now supports a <option>-w</option>
      option to open kmem-based targets in read-write mode.
      This allows one to use kgdb on <filename>/dev/mem</filename>
      and be able to patch memory on a live system.</para>

    <para>The &man.libarchive.3; library now supports
      POSIX.1e-style Extended Attributes.</para>

    <para>The <application>libc</application> library now includes
      initial implementation of symbol maps and symbol version
      definitions.</para>

    <para>The <application>libedit</application> library has been
      updated from the NetBSD source tree as of August 2005.</para>

    <para>The <application>libm</application> library now includes
      initial implementation of symbol maps and symbol version
      definitions.</para>

    <para>The &man.libmemstat.3; library has been added.
      This is for use by debugging and monitoring applications
      in tracking kernel memory statistics.  It provides an
      abstracted interface to &man.uma.9; and &man.malloc.9;
      statistics, wrapped around the binary stream sysctl variables
      for the allocators. &merged;</para>

    <para>The &man.ln.1; utility now supports
      an <option>-F</option> flag, which deletes existing
      empty directories when creating symbolic links.
      &merged;</para>

    <para>The &man.locate.1; utility now supports
      a <option>-0</option> flag to make this utility
      interoperable with &man.xargs.1;'s <option>-0</option> flag.
      &merged;</para>

    <para>The &man.ls.1; utility now supports
      an <option>-I</option> flag to disable the automatic
      <option>-A</option> flag for the superuser.  &merged;</para>

    <para>The &man.ls.1; utility now supports
      an <option>-U</option> flag to use the file creation
      time for sorting. &merged;</para>

    <para>A new &man.malloc.3; implementation has been introduced.
      This implementation, sometimes referred to
      as <quote>jemalloc</quote>, was designed to improve the
      performance of multi-threaded programs, particularly on SMP
      systems, while preserving the performance of single-threaded
      programs.  Due to the use of different algorithms and data
      structures, jemalloc may expose some previously-unknown bugs in
      userland code, although most of the &os; base system and common
      ports have been tested and/or fixed.</para>

    <para>The &man.mdconfig.8; utility now supports producing
      device listings formatted as XML.  Currently, the
      <command>list</command> and <command>query</command>
      sub-commands support this feature.</para>

    <para>The &man.mdconfig.8; utility's <option>-u</option> option
      now supports specifying multiple devices separated
      by comma character.</para>

    <para>The &man.mdmfs.8; utility now supports a <option>-P</option> flag
      to allow skipping the &man.newfs.8; process
      when using a vnode-backed disk.</para>

    <para>The &man.mdmfs.8; utility now supports a <option>-E</option> flag
      to allow to specify location of the &man.mdconfig.8;
      utility instead of using the default one
      (<filename>/sbin/mdconfig</filename>).</para>

    <para>A new function &man.memmem.3; has been implemented in
      <filename>libc</filename>.  This is the binary equivalent to
      &man.strstr.3; and found in <filename>glibc</filename>.</para>

    <para>The &man.mergemaster.8; utility now supports
      an <option>-A</option> option to explicitly specify
      an architecture to pass through to the underlying makefiles.
      &merged;</para>

    <para>The &man.mount.8; <literal>nodev</literal> option has
      been removed.</para>

    <para>The &man.mount.8; utility now supports &man.mqueuefs.5;.</para>

    <para>A bug which prevents the &man.mount.8; utility from converting
      a read-only mount to read-write via <command>mount -u -o rw</command>,
      has been fixed.</para>

    <para>The &man.moused.8; daemon now supports an <option>-H</option> flag
      to enable horizontal virtual scrolling similar to the
      <option>-V</option> flag for vertical virtual scrolling.
      &merged;</para>

    <para>The &man.netstat.1; utility now supports an
      <option>-h</option> flag for interface stats mode,
      which prints all interface statistics in human readable form. &merged;</para>

    <para>The &man.netstat.1; utility now supports
      printing &man.ipsec.4; protocol statistics if the
      kernel was compiled with <literal>FAST_IPSEC</literal>
      rather than the KAME IPSEC stack.
      Note that the output of <command>netstat -s -p ipsec</command>
      differs depending on which stack is compiled into
      the kernel since they each keep different statistics.  &merged;</para>

    <para>The <filename>/etc/nsswitch.conf</filename> file is now
      installed statically instead of being generated on every
      reboot.</para>

    <para>The &man.periodic.8; daily script now supports
      display of the status of &man.gmirror.8;, &man.graid3.8;,
      &man.gstripe.8;, and &man.gconcat.8; devices.
      Note that these are disabled by default.  &merged;</para>

    <para>A new function, &man.pidfile.3;, which provides reliable
      pidfiles handling, has been implemented in
      <filename>libutil</filename>.  &merged;</para>

    <para>The &man.ping.8; utility now supports a <quote>sweeping
        ping</quote> in which &man.icmp.4; payload of
      packets being sent is increased with given step.
      This is useful for testing problematic channels, MTU issues
      or traffic policing functions in networks.  &merged;</para>

    <para>The &man.pkill.1; utility now supports a
      <option>-F</option> option which allows to
      restrict matches to a process whose PID is stored in the
      pidfile file.  When another new option <option>-L</option>
      is also specified, the pidfile file must be locked with the
      &man.flock.2; syscall or created with &man.pidfile.3;.</para>

    <para>The &man.pkill.1; utility now supports a
      <option>-I</option> flag which works like <option>-i</option>
      of &man.rm.1;.  When this flag is specified, &man.pkill.1;
      will ask for confirmation before sending a signal to
      each matching process.</para>

    <para>The &man.powerd.8; program now supports a
      <option>-P</option> option, which specifies a pidfile to use.</para>

    <para>The DNS resolver library in &os;'s <application>libc</application>
      has been updated to BIND9's one.</para>

    <para>The &man.rfcomm.sppd.1; program now supports service names
      in addition to <option>-c</option> option with channel number.
      The supported names are: DUN (Dial-Up Networking), FAX (Fax),
      LAN (LAN Access Using PPP), and SP (Serial Port).  &merged;</para>

    <para>The &man.rpcgen.1; utility now generates headers and stub files
      that can be used with ANSI C compilers by default.</para>

    <para>The &man.rtld.1; runtime linker now supports ELF symbol versioning
      using GNU semantics.  This implementation aims to be compatible
      with symbol versioning support as implemented by GNU libc and
      documented in <ulink url="http://people.redhat.com/~drepper/symbol-versioning"></ulink>
      and LSB 3.0.  Also, <function>dlvsym()</function>
      function has been added to
      allow lookups for a specific version of a given symbol.</para>

    <para>A bug in the &man.sed.1; utility which can cause
      incorrect calculation of pattern space length in some cases
      has been fixed.</para>

    <para>The &man.sh.1; utility now supports a <literal>times</literal>
      built-in command. &merged;</para>

    <para>The &man.snapinfo.8; utility, which shows snapshot locations
      on UFS filesystems, has been added.  &merged;</para>

    <para>The &man.strtonum.3; library function has been implemented
      based on OpenBSD's implementation.  This is an improved version of
      &man.strtoll.3;.  &merged;</para>

    <para>The &man.sysctl.8; utility now supports a <option>-q</option>
      flag to suppress a limited set of warnings and errors.</para>

    <para>The &man.time.1; utility now prints the time that a given
      command has been running if sent a <literal>SIGINFO</literal> signal.</para>

    <para>The &man.traceroute.8; utility now supports
      a <option>-e</option> option, which sets a fixed destination
      port for probe packets.  This can be useful for tracing behind
      packet-filtering firewalls.</para>

    <para>&man.traceroute.8; now decodes the complete set of ICMP
      unreachable messages in its output.</para>

    <para>The &man.truss.1; utility now supports an <option>-s</option>
      flag for the same functionality as the strace utility
      (<filename role="package">devel/strace</filename>).</para>

    <para arch="ppc">The &man.truss.1; utility now supports &os;/ppc.</para>

    <para>The usbd(8) utility has been removed.
      The &man.devd.8; utility and its configuration
      file now support functionality which is equivalent to it.</para>

    <para>The &man.xargs.1; utility now supports a <option>-r</option>
      flag which makes the command execution when the standard input
      does not contain any non-whitespace-characters.  &merged;</para>

    <para>The shared library version number of all libraries has
      been updated due to some possible ABI changes.  The libraries
      include: snmp_<replaceable>*</replaceable>, libdialog, libg2c, libobjc,
      libreadline, libregex, libstdc++, libkrb5, libalias, libarchive,
      libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt,
      libdevstat, libedit, libexpat, libfetch, libftpio, libgpib,
      libipsec, libkiconv, libmagic, libmp, libncp, libncurses,
      libnetgraph, libngatm, libopie, libpam, libpthread, libradius,
      libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw,
      libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto,
      libssh, and libssl.</para>

    <para>The <function>wcsdup()</function> function has been
      implemented.  This function is popular in Microsoft and GNU
      systems.</para>

    <sect3 id="rc-scripts">
      <title><filename>/etc/rc.d</filename> Scripts</title>

      <para>The <filename>auditd</filename> script for
        OpenBSM &man.auditd.8; has been added.</para>

      <para>The <filename>bluetooth</filename> script
        has been added.  This script will be called from
        &man.devd.8; in response to device attachment/detachment
        events and to stop/start particular device without unplugging
        it by hand.  The configuration parameters are in
        <filename>/etc/defaults/bluetooth.device.conf</filename>,
        and can be overridden by using
        <filename>/etc/bluetooth/<replaceable>$device</replaceable>.conf</filename>
        (where <replaceable>$device</replaceable> is <devicename>ubt0</devicename>,
        <devicename>btcc0</devicename>, and so on.)
        For more details, see &man.bluetooth.conf.5;.  &merged;</para>

      <para>The <filename>ftpd</filename> script for
        stand-alone &man.ftpd.8; has been added.</para>

      <para>The <filename>gbde_swap</filename> script has
        been removed in favor a new <filename>encswap</filename>
        script which also supports &man.geli.8; for swap
        encryption.</para>

      <para>The <filename>geli</filename> and <filename>geli2</filename>
        scripts has been added for &man.geli.8; device
        configuration on boot.</para>

      <para>The <filename>ike</filename> script for
        IPsec IKE daemon has been removed because no such daemon
        is included in the base system.</para>

      <para>The <filename>hcsecd</filename> and
        <filename>sdpd</filename> scripts have been added
        for &man.hcsecd.8; and &man.sdpd.8; daemons.
        These daemons can run even if no Bluetooth devices
        are attached to the system, but both daemons depend on
        Bluetooth socket layer and thus disabled by default.
        Bluetooth sockets layer must be either loaded
        as a module or compiled into kernel before the daemons can run.
        &merged;</para>

      <para>The <filename>hostapd</filename> script for
        &man.hostapd.8; has been added.  &merged;</para>

      <para>The <filename>mdconfig</filename> script to
        handle vnode backed &man.md.4; devices has been added.
        This is a replacement of the <filename>ramdisk</filename>
        script, and all of variables in <varname>ramdisk_*</varname>
        have been changed to <varname>mdconfig_*</varname>.
        Also, two new &man.rc.conf.5; variables
        <varname>mdconfig_<replaceable>*</replaceable>_files</varname>
        and
        <varname>mdconfig_<replaceable>*</replaceable>_cmd</varname>
        have been added.  For example:</para>

      <programlisting>mdconfig_md0="-t malloc -s 10m"
mdconfig_md1="-t vnode -f /var/foo.img"</programlisting>

      <para>The <filename>netif</filename> script now supports
        <varname>ipv4_addrs_<replaceable>ifn</replaceable></varname>
        variables,
        which add one or more IPv4 address from a ranged list in
        CIDR notation.  &merged;  For example:</para>

      <programlisting>ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"</programlisting>

      <para>The <filename>rcconf.sh</filename> script in <filename>/etc/rc.d</filename>
        has been removed and a variable <varname>early_late_divider</varname>,
        which designates the script to separate the early and late stages
        of the boot process, has been added.</para>

      <para>The <filename>rc.initdiskless</filename> script now uses &man.tar.1;
        instead of &man.pax.1; because &man.pax.1; needs a writable
        temporary directory that may not be available when this script
        runs.</para>

      <para>The <filename>pccard</filename> script has been removed
        since OLDCARD is deprecated.</para>

      <para>The <filename>ppp-user</filename> script has been renamed to
        <filename>ppp</filename>.  &merged;</para>

      <para>The <varname>removable_interfaces</varname> variable
        has been removed.</para>

      <para>A new keyword <literal>NOAUTO</literal> in
        <varname>ifconfig_<replaceable>ifn</replaceable></varname>
        has been added. This prevents configuration of an interface
        at boot time or via <filename>/etc/pccard_ether</filename>,
        and allows <filename>/etc/rc.d/netif</filename>
        to be used to start and stop an interface
        on a purely manual basis.</para>
    </sect3>
  </sect2>

  <sect2 id="contrib">
    <title>Contributed Software</title>

    <para><application>Intel ACPI-CA</application>
      has been updated to 20051021.</para>

    <para><application>BIND</application> has been updated from 9.3.1
      to 9.3.2. &merged;</para>

    <para><application>BSNMPD</application> has been updated from
      1.11 to 1.12.</para>

    <para><application>DRM</application> has
      been updated to a snapshot from DRI CVS as of 20060517.
      &merged;</para>

    <para><application>netcat</application> has been updated from the
      version in a 4 February 2005 OpenBSD snapshot to the version
      included in OpenBSD 3.9.</para>

    <para><application>GNU Readline library</application>
      has been updated from 5.0 to 5.1.</para>

    <para><application>GNU Troff</application>
      has been updated from version 1.19 to version 1.19.2.
      &merged;</para>

    <para><application>IPFilter</application> has been updated from
      4.1.8 to 4.1.10.</para>

    <para><application>OpenSSH</application> has been updated from
      4.2p1 to 4.3p1.</para>

    <para><application>hostapd</application>
      has been updated from version 0.3.9 to version 0.4.8.
      &merged;</para>

    <para><application>sendmail</application> has been updated from
      8.13.4 to 8.13.6. &merged;</para>

    <para><application>sendmail</application> has been updated from
      8.13.6 to 8.13.7.</para>

    <para>The timezone database has been updated from the
      <application>tzdata2005l</application> release to the
      <application>tzdata2006g</application> release. &merged;</para>

    <para>TrustedBSD <application>OpenBSM</application>,
      version 1.0 alpha 6, an implementation of the documented Sun Basic
      Security Module (BSM) Audit API and file format, as well as local
      extensions to support the Mac OS X and FreeBSD operating systems
      has been added.  This also includes command line tools for audit
      trail reduction and conversion to text, as well as documentation
      of the commands, file format, and APIs.
      For this functionality, the <literal>AUDIT</literal> kernel option,
      <filename>/var/audit</filename> directory, and
      <literal>audit</literal> group have been added.</para>

    <para><application>WPA Supplicant</application>
      has been updated from version 0.3.9 to version 0.4.8.
      &merged;</para>

    <para><application>zlib</application>
      has been updated from version 1.2.2 to version 1.2.3.</para>
  </sect2>

  <sect2 id="ports">
    <title>Ports/Packages Collection Infrastructure</title>

    <para>&man.pkg.add.1; now supports an <option>-F</option>
      flag to disable checking whether the same package is already
      installed or not. &merged;</para>

    <para>The &man.pkg.add.1; program now supports an <option>-P</option>
      flag, which is the same as the <option>-p</option> flag
      except that the given prefix is also used recursively for the
      dependency packages if any.  &merged;</para>

    <para>The &man.pkg.add.1; and &man.pkg.create.1; utilities now support
      a <option>-K</option> flag to save packages to the current directory
      (or <varname>PKGDIR</varname> if defined) by default.
      &merged;</para>

    <para>The &man.pkg.create.1; program now supports an <option>-x</option>
      flag to support basic regular expressions for package name,
      an <option>-E</option> flag for extended regular
      expressions, and a <option>-G</option> for exact matching.  &merged;</para>

    <para>The &man.pkg.version.1; utility now supports an <option>-o</option>
      flag to show the origin recorded on package generation
      instead of the package name, and an <option>-O</option> flag
      to list packages with a specific registered origin.
      &merged;</para>

    <para>The &man.portsnap.8; utility (<filename>sysutils/portsnap</filename>)
      has been added into the &os; base system.  This is a secure,
      easy to use, fast, lightweight, and generally good way for
      users to keep their ports trees up to date.  &merged;</para>

    <para>A incorrect handling of <varname>HTTP_PROXY_AUTH</varname>
      in the &man.portsnap.8; utility has been fixed.  &merged;</para>

    <para>The startup scripts from the <varname>local_startup</varname>
      directory now evaluated by using &man.rcorder.8; with scripts
      in the base system.  &merged;</para>

    <para>The suffix of startup scripts from the Ports Collection
      has been removed.  This means <filename>foo.sh</filename>
      is renamed to <filename>foo</filename>, and now
      scripts whose name is something like
      <filename>foo.ORG</filename> will also be invoked.
      You are recommended to reinstall packages which install
      such scripts and remove extra files in the
      <varname>local_startup</varname> directory.  &merged;</para>

    <para>New <filename>rc.conf</filename> variables,
      <varname>ldconfig_local_dirs</varname> and
      <varname>ldconfig_local32_dirs</varname> have been added.
      These hold lists of local &man.ldconfig.8; directories.
      &merged;</para>

    <para>The <command>@cwd</command> command in
      <filename>pkg-plist</filename> now allows
      the case where no directory argument is given.  If no
      directory argument is given, it will set current
      working directory to the first prefix given by the
      <command>@cwd</command> command.  &merged;</para>
  </sect2>

  <sect2 id="releng">
    <title>Release Engineering and Integration</title>

    <para>The default partition sizing algorithm of the
      &man.sysinstall.8; utility has been changed.</para>

    <itemizedlist>
      <listitem>
        <para>On systems where the disk capacity is larger than (3 * RAMsize + 10GB),
          the default sizes will now be as follows:</para>

        <informaltable frame="none" pgwide="0">
          <tgroup cols="2">
            <colspec colwidth="1*">
            <colspec colwidth="2*">
            <thead>
              <row>
                <entry>Partition</entry>
                <entry>Size</entry>
              </row>
            </thead>

            <tbody>
              <row><entry>swap</entry><entry>RAMsize * 2</entry></row>
              <row><entry><filename>/</filename></entry><entry>512 MB</entry></row>
              <row><entry><filename>/tmp</filename></entry><entry>512 MB</entry></row>
              <row><entry><filename>/var</filename></entry><entry>1024 MB + RAMsize</entry></row>
              <row><entry><filename>/usr</filename></entry><entry>the rest (8GB or more)</entry></row>
            </tbody>
          </tgroup>
        </informaltable>
      </listitem>

      <listitem>
        <para>On systems where the disk capacity is larger than
          (RAMsize / 8 + 2 GB), the default sizes will be
          in the following ranges, with space allocated
          proportionally:</para>

        <informaltable frame="none" pgwide="0">
          <tgroup cols="2">
            <colspec colwidth="1*">
            <colspec colwidth="2*">
            <thead>
              <row>
                <entry>Partition</entry>
                <entry>Size</entry>
              </row>
            </thead>

            <tbody>
              <row><entry>swap</entry><entry>from RAMsize / 8 to RAMsize * 2</entry></row>
              <row><entry><filename>/</filename></entry><entry>from 256MB to 512MB</entry></row>
              <row><entry><filename>/tmp</filename></entry><entry>from 128MB to 512MB</entry></row>
              <row><entry><filename>/var</filename></entry><entry>from 128MB to 1024MB</entry></row>
              <row><entry><filename>/usr</filename></entry><entry>from 1536MB to 8192MB</entry></row>
            </tbody>
          </tgroup>
        </informaltable>
      </listitem>

      <listitem>
        <para>On systems with even less disk space, the existing behavior is not
          changed.</para>
      </listitem>
    </itemizedlist>

    <para>A new <literal>showconfig</literal>
      target has been added in <filename>src/Makefile</filename>
      to show the build configuration of the &os; source tree.</para>

    <para>A <filename>/media</filename> directory has been
      added to contain mount points for removable media
      such as CDROMs, floppy disks, USB drives, and so on.</para>

    <para>The <filename>src.conf</filename> file, which
      contains settings that will apply to every build involving
      the &os; source tree, has been added.
      For details, see &man.build.7; and &man.src.conf.5;.</para>

    <para>The supported version of
      the <application>GNOME</application> desktop environment
      (<filename role="package">x11/gnome2</filename>) has been
      updated from 2.10.2 to 2.14.1. &merged;</para>

    <para>The supported version of
      the <application>KDE</application> desktop environment
      (<filename role="package">x11/kde3</filename>) has been
      updated from 3.4.2 to 3.5.3. &merged;</para>

    <para arch="i386,amd64">The supported Linux emulation now uses the
      libraries in the
      <filename role="package">emulators/linux_base-fc4</filename>
      package. &merged;</para>

    <para>The supported version of
      the <application>Perl</application> interpreter
      (<filename role="package">lang/perl5.8</filename>) has been updated
      from 5.8.7 to 5.8.8. &merged;</para>

    <para>The supported version of
      the <application>&xorg;</application> windowing system
      (<filename role="package">x11/xorg</filename>) has been updated
      from 6.8.2 to 6.9.0. &merged;</para>

    <para arch="pc98">&os;/pc98 release CDROMs are now
      bootable on systems with some supported SCSI adapters.
      &merged;</para>
  </sect2>

  <sect2 id="doc">
    <title>Documentation</title>

    <para>Documentation of existing functionality has been improved by
      the addition of the following manual pages:
      &man.acpi.sony.4;, &man.device.get.sysctl.9;,
      &man.ext2fs.5;,
      &man.mca.8;,
      &man.snd.mss.4;, &man.snd.t4dwave.4;,
      &man.sysctl.9;.</para>

    <para>The manual pages for <application>NTP</application>
      have been updated to 4.2.0, to match the version of
      code actually included in &os;. &merged;</para>

    <para>Initial support for kernel subsystem API documentation generating
      framework using <filename role="package">devel/doxygen</filename>
      has been added into <filename>src/sys/doc/subsys</filename>.
      To generate the API document, type <command>make doxygen</command>
      in <filename>src/</filename> directory.</para>
  </sect2>
</sect1>

<sect1 id="upgrade">
  <title>Upgrading from previous releases of &os;</title>

  <para></para>

  <important>
    <para>Upgrading &os; should, of course, only be attempted after
      backing up <emphasis>all</emphasis> data and configuration
      files.</para>
  </important>
</sect1>