2 <title>&os;/&arch; &release.current; Release Notes</title>
4 <corpauthor>The &os; Project</corpauthor>
6 <pubdate>$FreeBSD$</pubdate>
16 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
19 <legalnotice id="trademarks" role="trademarks">
29 <para>The release notes for &os; &release.current; contain a summary
30 of the changes made to the &os; base system on the
31 &release.branch; development line.
32 This document lists applicable security advisories that were issued since
33 the last release, as well as significant changes to the &os;
35 Some brief remarks on upgrading are also presented.</para>
40 <title>Introduction</title>
42 <para>This document contains the release notes for &os;
43 &release.current; on the &arch.print; hardware platform. It
44 describes recently added, changed, or deleted features of &os;.
45 It also provides some notes on upgrading
46 from previous versions of &os;.</para>
48 <![ %release.type.current [
50 <para>The &release.type; distribution to which these release notes
51 apply represents the latest point along the &release.branch; development
52 branch since &release.branch; was created. Information regarding pre-built, binary
53 &release.type; distributions along this branch
54 can be found at <ulink url="&release.url;"></ulink>.</para>
58 <![ %release.type.snapshot [
60 <para>The &release.type; distribution to which these release notes
61 apply represents a point along the &release.branch; development
62 branch between &release.prev; and the future &release.next;.
64 pre-built, binary &release.type; distributions along this branch
65 can be found at <ulink url="&release.url;"></ulink>.</para>
69 <![ %release.type.release [
71 <para>This distribution of &os; &release.current; is a
72 &release.type; distribution. It can be found at <ulink
73 url="&release.url;"></ulink> or any of its mirrors. More
74 information on obtaining this (or other) &release.type;
75 distributions of &os; can be found in the <ulink
76 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
77 &os;</quote> appendix</ulink> to the <ulink
78 url="&url.books.handbook;/">&os;
79 Handbook</ulink>.</para>
83 <para>All users are encouraged to consult the release errata before
84 installing &os;. The errata document is updated with
85 <quote>late-breaking</quote> information discovered late in the
86 release cycle or after the release. Typically, it contains
87 information on known bugs, security advisories, and corrections to
88 documentation. An up-to-date copy of the errata for &os;
89 &release.current; can be found on the &os; Web site.</para>
94 <title>What's New</title>
96 <para>This section describes
97 the most user-visible new or changed features in &os;
99 In general, changes described here are unique to the &release.branch;
100 branch unless specifically marked as &merged; features.
103 <para>Typical release note items
104 document recent security advisories issued after
106 new drivers or hardware support, new commands or options,
107 major bug fixes, or contributed software upgrades. They may also
108 list changes to major ports/packages or release engineering
109 practices. Clearly the release notes cannot list every single
110 change made to &os; between releases; this document focuses
111 primarily on security advisories, user-visible changes, and major
112 architectural improvements.</para>
114 <sect2 id="security">
115 <title>Security Advisories</title>
117 <para>A temporary file vulnerability in &man.texindex.1;, which
118 could allow a local attacker to overwrite files in the context
119 of a user running the &man.texindex.1; utility, has been fixed.
120 For more details see security advisory <ulink
121 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:01.texindex.asc">FreeBSD-SA-06:01.texindex</ulink>. &merged;</para>
123 <para>A temporary file vulnerability in the &man.ee.1; text
124 editor, which could allow a local attacker to overwrite files in
125 the context of a user running &man.ee.1;, has been fixed. For
126 more details see security advisory <ulink
127 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:02.ee.asc">FreeBSD-SA-06:02.ee</ulink>. &merged;</para>
129 <para>Several vulnerabilities in the &man.cpio.1; utility have
130 been corrected. For more
131 details see security advisory <ulink
132 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:03.cpio.asc">FreeBSD-SA-06:03.cpio</ulink>. &merged;</para>
134 <para>An error in &man.ipfw.4; IP fragment handling, which could
135 cause a crash, has been fixed. For more
136 details see security advisory <ulink
137 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:04.ipfw.asc">FreeBSD-SA-06:04.ipfw</ulink>. &merged;</para>
139 <para>A potential buffer overflow in the IEEE 802.11 scanning code
140 has been corrected. For more
141 details see security advisory <ulink
142 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:05.80211.asc">FreeBSD-SA-06:05.80211</ulink>. &merged;</para>
144 <para>Two instances in which portions of kernel memory could be
145 disclosed to users have been fixed. For more details see
146 security advisory <ulink
147 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:06.kmem.asc">FreeBSD-SA-06:06.kmem</ulink>. &merged;</para>
149 <para>A logic bug in the IP fragment handling in &man.pf.4;, which
150 could cause a crash under certain circumstances, has been fixed.
151 For more details see security advisory <ulink
152 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:07.pf.asc">FreeBSD-SA-06:07.pf</ulink>. &merged;</para>
154 <para>A logic bug in the NFS server code, which could cause a crash when
155 the server received a message with a zero-length payload, has been fixed.
156 For more details see security advisory <ulink
157 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:10.nfs.asc">FreeBSD-SA-06:10.nfs</ulink>. &merged;</para>
159 <para>A programming error in the &man.fast.ipsec.4; implementation
160 results in the sequence number associated with a Security
161 Association not being updated, allowing packets to unconditionally
162 pass sequence number verification checks, has been fixed.
163 For more details see security advisory <ulink
164 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:11.ipsec.asc">FreeBSD-SA-06:11.ipsec</ulink>. &merged;</para>
166 <para>A logic bug that could cause &man.opiepasswd.1; to allow an unprivileged
167 user to configure OPIE authentication for the root user under certain
168 circumstances, has been fixed.
169 For more details see security advisory <ulink
170 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:12.opie.asc">FreeBSD-SA-06:12.opie</ulink>. &merged;</para>
172 <para>An asynchronous signal handling vulnerability in &man.sendmail.8;,
173 which could allow a remote attacker to execute arbitrary code with the
174 privileges of the user running sendmail, typically root, has been fixed.
175 For more details see security advisory <ulink
176 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:13.sendmail.asc">FreeBSD-SA-06:13.sendmail</ulink>. &merged;</para>
178 <para arch="i386,amd64">An information disclosure issue found in the
179 &os; kernel running on 7th- and 8th-generation AMD processors
180 has been fixed. For more details see security advisory <ulink
181 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:14.fpu.asc">FreeBSD-SA-06:14.fpu</ulink>. &merged;</para>
183 <para>A bug in &man.ypserv.8;, which effectively disabled the
184 <filename>/var/yp/securenets</filename> access control mechanism,
185 has been corrected. More details are available in security
187 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:15.ypserv.asc">FreeBSD-SA-06:15.ypserv</ulink>. &merged;</para>
189 <para>A bug in the smbfs file system, which could allow an
190 attacker to escape out of &man.chroot.2 environments on an smbfs
191 mounted filesystem, has been fixed. For more details, see
193 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc">FreeBSD-SA-06:16.smbfs</ulink>. &merged;</para>
195 <para>A potential denial of service problem in &man.sendmail.8;
196 caused by excessive recursion which leads to stack
197 exhaustion when attempting delivery of a malformed
198 MIME message, has been fixed. For more details,
199 see security advisory <ulink
200 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc">FreeBSD-SA-06:17.sendmail</ulink>. &merged;</para>
204 <title>Kernel Changes</title>
206 <para>&man.acpi.4; now has basic support for the HPET time counter.</para>
208 <para>The &man.acpi.ibm.4; driver now supports setting the fan control
209 mode to manual or automatic, and adjusting the fan speed if the
210 fan control mode is manual. To enable manual control of the fan speed,
211 the sysctl variable <varname>dev.acpi_ibm.<replaceable>0</replaceable>.fan</varname>
212 needs to be set to zero (manual). This should only be used with
213 extreme precaution, as disabling automatic fan control might
214 overheat the hardware and lead to permanent damage.</para>
216 <para>The &man.apm.4; suspend/resume support has been improved.</para>
218 <para>The <literal>options COMPAT_43</literal> kernel
219 configuration option has been deemed unnecessary and has been
220 removed from <filename>GENERIC</filename> and related kernel
221 configurations. This change may result in a small performance
222 increase for some workloads.</para>
224 <para>The &man.ddb.4; debugger now provides the <literal>show lock</literal>
225 command. If the argument has a valid lock class,
226 this displays various information about the lock and calls a
227 new function pointer in lock_class (lc_ddb_show) to dump class-specific
228 information about the lock as well (such as the owner of a mutex or
229 xlock'ed sx lock). &merged;</para>
231 <para>The &man.ddb.4; debugger now provides the <literal>show sleepq</literal>
232 command. This takes a wait channel as an argument and looks
233 for a sleep queue associated with that wait channel.</para>
235 <para><filename>DEFAULTS</filename> kernel configuration files
236 for each platform have been added. These files contain
237 directives that are implicitly included in all kernel
238 configurations, and generally include basic, mandatory
239 functionality for each platform. &merged;</para>
241 <para>A bug in file descriptor handling such that a simple
242 <literal>close(0); dup(fd)</literal> sequence does not return
243 descriptor <literal>0</literal> in some cases, has been fixed.</para>
245 <para>The &man.firmware.9; subsystem has been added. This
246 subsystem provides a mechanism
247 to load binary data into the kernel via a specially crafted module.
250 <para>The &man.gdb.1; remote debugging interface now supports
251 copying console messages to a remote debugger instance.
252 To enable this, set <literal>debug.gdbcons="1"</literal>
253 in <filename>loader.conf</filename>, enter <literal>boot -d;
254 gdb; step</literal> from the loader prompt,
255 then attach &man.gdb.1; from a remote machine.
256 The sysctl variable <varname>debug.gdbcons</varname> can be
257 used to turn on/off this functionality.</para>
259 <para>&man.hwpmc.4; and &man.pmcstat.8; now support profiling
260 of dynamically loaded kernel modules and
261 shared objects loaded with &man.dlopen.3;.
262 &man.pmcstat.8; can now log over a network socket
263 to a remote host.</para>
265 <para>The &man.random.4; entropy device driver is now MPSAFE.
268 <para>&os; now supports concurrent &man.read.2;/&man.readv.2;
269 access to a file.</para>
271 <para>The experimental CORE process scheduler has been added,
272 enabled with the <literal>options SCHED_CORE</literal> kernel
273 configuration option. It is forked from the &man.sched.ule.4;
275 with a different algorithm for detecting an interactive process.
276 More information can be found in the &man.sched.core.4; manual
279 <para>The <literal>SIGCHLD</literal> signal queuing has been
280 added. For each child process whose status has been changed,
281 a <literal>SIGCHLD</literal> instance is queued. If the signal is still pending,
282 and the process changed status several times, the signal information
283 is updated to reflect the latest process status.
284 There is a loader tunable <varname>kern.sigqueue.queue_sigchild</varname>
285 which can control the behavior, setting it to zero disables the
286 <literal>SIGCHLD</literal> queuing feature.</para>
288 <para arch="amd64,i386">Instead of including all of physical
289 memory in a kernel crash dump, the kernel now defaults to dumping only pages that are
290 actively mapped into kernel virtual memory. A new
291 <varname>debug.minidump</varname> sysctl variable
292 can be used to turn off this behavior when set to zero.</para>
294 <para>A new sysctl variable <varname>kern.malloc_stats</varname>
295 has been added. This allows exporting of kernel malloc
296 statistics via a binary structure stream.</para>
298 <para>A new sysctl variable <varname>kern.forcesigexit</varname>
299 has been added. This forces a process
300 to sigexit if a trap signal is being held by the current thread or
301 ignored by the current process. It is enabled by default.</para>
303 <para arch="alpha">Support for Linux emulation on the Alpha
304 platform has been removed, due to the lack of a
305 <filename>linux_base</filename> port that both supports the
306 Alpha architecture and is in good working condition.</para>
308 <para>The pcvt(4) driver, an alternative to &man.syscons.4;,
309 has been removed, as it had fallen out of sync with the rest
310 of the kernel.</para>
312 <para>RedZone, a buffer corruption protection for the kernel &man.malloc.9;
313 facility has been implemented. This detects both buffer underflows and
314 overflows at runtime on &man.free.9; and &man.realloc.9;,
315 and prints backtraces from where memory was allocated and from where
316 it was freed. For more details, see the &man.redzone.9; manual page.</para>
318 <para>A new sysctl variable <varname>security.mac.biba.interfaces_equal</varname>
319 which makes all network interfaces be created with the label
320 <literal>biba/equal(equal-equal)</literal>, has been added.
321 This is useful where programs such as &man.dhclient.8; and &man.ppp.8;.
322 which initialize network interfaces do not have any labeling support.
323 This variable is set as <literal>0</literal> (disabled) by default.
326 <para>A new sysctl variable <varname>vm.zone_stats</varname>
327 has been added. This allows to export &man.uma.9; allocator
328 statistics via a binary structure stream.</para>
330 <para>The sysctl variable <varname>hw.pci.do_powerstate</varname>
331 has been changed from a boolean to a range.
332 <literal>0</literal> means no power management,
333 <literal>1</literal> means conservative power management which
334 any device class that has caused problems is added to the watch list,
335 <literal>2</literal> means aggressive power management where
336 any device class that is not fundamental to the system is added to the list,
337 and <literal>3</literal> means power them all down unconditionally.
338 The default is <literal>1</literal>.</para>
340 <para arch="ia64">The <filename>GENERIC</filename> kernel now enables
341 SMP support by default.</para>
343 <para>Sample kernel configuration files
344 <filename>src/sys/<replaceable>arch</replaceable>/conf/MAC</filename>
345 for the Mandatory Access Control framework have been added.</para>
347 <para><varname>POSIX_TIMERS</varname> support has been updated to 200112L.</para>
349 <para>An experimental support for POSIX message queue has been
352 <para>&os; now runs on the Xbox, whose architecture is nearly identical
353 to the i386. For details of the latest development,
354 see <ulink url="http://www.FreeBSD.org/platforms/xbox.html"></ulink>
355 and <ulink url="http://xbox-bsd.nl"></ulink>.</para>
358 <title>Boot Loader Changes</title>
360 <para>A new option <option>-S</option>,
361 which allows setting the <filename>boot2</filename>
362 serial console speed in the <filename>/boot.config</filename>
363 file or on the <prompt>boot:</prompt> prompt line,
364 has been added.</para>
366 <para arch="i386,amd64">A new loader tunable
367 <varname>comconsole_speed</varname> to change
368 the serial console speed has been added.
369 If the previous stage boot loader requested a serial console,
370 then the default speed is determined from the current serial port
371 speed. Otherwise it is set to 9600 or the value of
372 the <literal>BOOT_COMCONSOLE_SPEED</literal> kernel option.
375 <!-- Above this line, order boot loader changes by keyword-->
377 <para arch="pc98">A bootable CDROM loader has been implemented
378 for the pc98 platform. &merged;</para>
380 <para arch="i386">A bug in the i386 boot loader, which could
381 cause filesystem corruption if
382 a <filename>nextboot.conf</filename> file was used and landed
383 after cylinder 1023, has been fixed.</para>
388 <title>Hardware Support</title>
390 <para>The &man.cardbus.4;, &man.pccard.4;,
391 &man.pccbb.4;, and &man.exca.4; drivers are now buildable
392 as kernel modules.</para>
394 <para>An &man.acpi.dock.4; driver has been added to provide
395 support for controlling laptop docking station functions via
398 <para>The &man.acpi.thermal.4; driver now supports
399 passive cooling. &merged;</para>
401 <!-- The following note should remain MI (i.e. don't set arch="alpha") --
402 -- because the alpha docs will be disappearing at some point before --
404 <para>Support for the alpha architecture has been removed. Alpha
405 support will remain on the RELENG_5 and RELENG_6 codelines.</para>
407 <para>The &man.cardbus.4; driver now supports
408 <filename>/dev/cardbus<replaceable>%d</replaceable>.cis</filename>.</para>
410 <para arch="i386,pc98">The &man.ce.4; driver,
411 which supports Cronyx Tau-PCI/32 adapters, has been added.
414 <para>The <literal>est</literal> &man.cpufreq.4; driver now supports
415 frequency control for the VIA C7-M family of processors.</para>
417 <para>Support for the PadLock Security Co-processor in VIA C3
418 processors has been added to the &man.crypto.9; subsystem.
419 More information can be found in the &man.padlock.4; manual
423 <para>A bug which prevented the &man.ichsmb.4; kernel module
424 from unloading has been fixed.</para>
426 <para arch="i386,amd64">Dual-core processors (such as the Intel
427 Core Duo) now have both cores available for use by
428 default in SMP-enabled kernels. &merged;</para>
430 <para arch="i386,amd64">&man.ipmi.4;, an OpenIPMI compatible driver,
432 OpenIPMI (Intelligent Platform Management Interface) is an open
433 standard designed to enable remote monitoring and control of server,
434 networking and telecommunication platforms. &merged;</para>
436 <para>The &man.kbdmux.4; driver has been integrated into &man.syscons.4; and
437 the <devicename>kbd</devicename> device driver.
438 By default &man.syscons.4; will look for the &man.kbdmux.4;
439 keyboard first, and then, if not found, look for any keyboard.
440 Switching to &man.kbdmux.4; can be done at boot time by loading
441 the <literal>kbdmux</literal> kernel module via &man.loader.8;,
442 or at runtime via &man.kldload.8; and releasing the active
443 keyboard. &merged;</para>
445 <para arch="amd64,i386">The &man.kbdmux.4; driver is now included in the
446 <filename>GENERIC</filename> kernel by default.
447 Also, the <quote>Boot FreeBSD with USB keyboard</quote>
448 menu item in the boot loader menu has been removed
449 since this fixes USB keyboard probing problems.
452 <para arch="ia64">The loader tunable <varname>debug.mpsafevfs</varname>
453 is set to <literal>1</literal> by default.</para>
455 <para>The &man.sab.4; driver has been removed (it has been
456 superceded by the &man.scc.4; driver).</para>
458 <para>The &man.scc.4; driver has been added.
459 This provides generic support for serial communications
460 controllers and delegates the control over each channel
461 and mode to a subordinate driver such as &man.uart.4;.</para>
463 <para arch="amd64">The smbios(4) driver support for amd64 has been
466 <para>The tnt4882(4) driver, which supports the National Instruments
467 PCI-GPIB card, has been added.</para>
469 <para arch="alpha,amd64,i386,ia64,sparc64">The &man.uart.4; driver has been included in the
470 <filename>GENERIC</filename> kernel by default.
471 When both &man.sio.4; and &man.uart.4; can handle a given serial port,
472 &man.sio.4; will claim it.</para>
474 <para>The &man.uart.4; driver now supports LOM (Lights Out Management)
475 and RSC (Remote System Control) devices as consoles.</para>
477 <para arch="i386">A new loader tunable
478 <varname>hw.apic.enable_extint</varname> has been added.
479 This tunable can be used to disable masking of the ExtINT pin on the first
480 I/O APIC. At least one chipset for the Intel Pentium III seems
481 to need this, even though all of the pins in the 8259As are masked.
482 The default is still to mask the ExtINT pin.</para>
484 <para arch="i386">Support has been improved for
485 so-called <quote>legacy-free</quote> hardware, in particular,
486 i386 systems without AT-style keyboard controllers such as the
487 Macbook Pro. &merged;</para>
490 <title>Multimedia Support</title>
492 <para>The &man.agp.4; driver now supports ATI AGP chipsets.
495 <para>The new midi(4) driver which is based on NetBSD's one
496 has been added. This supports &man.snd.cmi.4; and
497 &man.snd.emu10k1.4; drivers.</para>
499 <para>The &man.sound.4; driver now supports
500 wider range sampling rate, multiple precisions choice,
501 and 24/32 bit PCM format conversion. &merged;</para>
503 <para>The &man.snd.als4000.4; driver is now MPSAFE. &merged;</para>
505 <para>The &man.snd.atiixp.4; driver has been added.
506 This supports ATI IXP 200/300/400 series audio controllers. &merged;</para>
508 <para>The &man.snd.atiixp.4; driver now supports
509 suspend and resume features.</para>
511 <para>The &man.snd.cmi.4; driver is now MPSAFE.</para>
513 <para>The &man.snd.envy24.4; driver has been added to support
514 the Envy24 series of audio chips.</para>
516 <para>The &man.snd.es137x.4; driver is now MPSAFE. &merged;</para>
518 <para>The &man.snd.ich.4; driver is now MPSAFE. &merged;</para>
520 <para>The &man.snd.solo.4; driver is now MPSAFE. &merged;</para>
522 <para>The &man.snd.via8233.4; driver is now MPSAFE. &merged;</para>
524 <para>The &man.snd.via82c686.4; driver is now MPSAFE. &merged;</para>
526 <para arch="amd64">The &man.speaker.4; driver now supports &os;/amd64. &merged;</para>
528 <para>The &man.uaudio.4; driver now supports 24/32 bit audio
529 formats and conversion.</para>
533 <title>Network Interface Support</title>
535 <para>The &man.ath.4; driver has been updated to
536 version 0.9.16.16. &merged;</para>
538 <para arch="amd64,i386,pc98">The &man.ath.4;, &man.ath.hal.4;, and
539 <literal>ath_rate_sample</literal> drivers have been
540 included in the <filename>GENERIC</filename> kernel by default.</para>
542 <para arch="amd64,i386">The &man.bce.4; driver, which supports Broadcom
543 NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet controllers,
544 has been added. For more details, see &man.bce.4;. &merged;</para>
546 <para>A bug which prevents the &man.bfe.4; driver from working
547 on a system with over 1GB RAM has been fixed. &merged;</para>
549 <para>The &man.bge.4; driver's Jumbo frame support is now MPSAFE.</para>
551 <para>The &man.bge.4; driver now supports big-endian
552 architectures such as sparc64.</para>
554 <para>The &man.bge.4; driver now supports &man.polling.4; mode.
557 <para>The &man.cm.4; driver is now MPSAFE.</para>
559 <para>The &man.dc.4; driver is now MPSAFE. &merged;</para>
561 <para>The &man.de.4; driver has been converted to the &man.bus.dma.9;
562 API and is now MPSAFE.</para>
564 <para>The &man.ed.4; driver is now MPSAFE.</para>
566 <para>The &man.el.4; driver has been removed due to lack of use.</para>
568 <para>The &man.em.4; driver now supports big-endian
569 architectures such as sparc64. &merged;</para>
571 <para>The &man.em.4; driver has been updated to
572 version 5.1.5 from Intel. Among other changes, it now supports
573 82571 and 82572 based adapters.</para>
575 <para>The &man.em.4; driver now includes
576 initial support for suspend and resume features.</para>
578 <para>The performance of the &man.em.4; driver has been improved
579 by using a fast interrupt handler and taskqueue
580 instead of ithread handler. This change can be disabled
581 by defining <literal>NO_EM_FASTINTR</literal> kernel option
582 for debugging purpose.</para>
584 <para>The &man.iwi.4; driver now supports big-endian
585 architectures such as sparc64.</para>
587 <para>The &man.le.4; driver, which supports AMD Am7900 LANCE
588 and Am79C9xx PCnet NICs,
589 has been added. While the &man.lnc.4; driver also supports these
590 NICs, this driver has several advantages over it such as
591 MPSAFE, ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI
592 variants. This driver is based on NetBSD's implementation.
595 <para>The &man.lge.4; driver is now MPSAFE. &merged;</para>
597 <para>The lnc(4) driver has been removed. The &man.le.4; and
598 &man.pcn.4; drivers support all devices that were supported
601 <para>The &man.my.4; driver is now MPSAFE. &merged;</para>
603 <para>The &man.my.4; driver now supports &man.altq.4;.</para>
605 <para arch="i386,amd64">The &man.mxge.4; driver,
606 which supports Myricom Myri10GE 10 Gigabit Ethernet
607 adapters, has been added. For more details, see
610 <para>The &man.nve.4; driver has been updated to version 1.0-0310
611 (23-Nov-2005). It also now has &man.altq.4; support. &merged;</para>
613 <para>The &man.pcn.4; driver is now MPSAFE. &merged;</para>
615 <para>The &man.re.4; driver now supports the D-Link DGE-528(T)
616 Gigabit Ethernet card.</para>
618 <para>The &man.sf.4; driver is now MPSAFE. &merged;</para>
620 <para>The &man.sk.4; driver is now MPSAFE. &merged;</para>
622 <para>The &man.ste.4; driver is now MPSAFE.</para>
624 <para>The &man.ti.4; driver now supports big-endian
625 architectures such as sparc64.</para>
627 <para>The &man.ufoma.4; driver for
628 FOMA (third generation mobile phone system by NTT DoCoMo, Inc.
629 in Japan) has been added.
630 This should support other third generation mobile phones
631 since the driver is based on USB Implementation Guideline
632 from MCPC (Mobile Computing Promotion Consortium) in Japan.</para>
634 <para>The vgapci(4) driver has been added. This is a stub
635 device driver for VGA PCI devices and serves as a bus
636 so that other drivers such as drm(4),
637 &man.acpi.video.4;, and &man.agp.4; can attach to
638 it thus allowing multiple drivers for the same device.</para>
640 <para>The &man.wi.4; driver is now buildable as
641 a kernel module.</para>
643 <para arch="amd64,i386,pc98">The &man.wlan.wep.4;,
644 &man.wlan.ccmp.4;, and &man.wlan.tkip.4; drivers
645 have been included in the <filename>GENERIC</filename>
646 kernel by default.</para>
650 <sect3 id="net-proto">
651 <title>Network Protocols</title>
653 <para>The &man.arp.4; retransmission algorithm has been
654 rewritten so that ARP requests are retransmitted without
655 suppression, while there is demand for such ARP entry.
656 Due to this change, a sysctl variable
657 <varname>net.link.ether.inet.host_down_time</varname>
658 has been removed. &merged;</para>
660 <para>The &man.arp.4; protocol now supports a sysctl variable
661 <varname>net.link.ether.inet.log_arp_permanent_modify</varname>
662 to suppress logging of attempts to modify
663 permanent ARP entries. &merged;</para>
665 <para arch="amd64,i386,pc98">An experimental BPF Just-In-Time compiler
666 has been implemented for both &man.bpf.4; and &man.ng.bpf.4;.
668 <literal>options BPF_JITTER</literal> kernel option is needed.
669 The <varname>net.bpf_jitter.enable</varname>
670 can be used to disable this feature.</para>
672 <para>The bridge(4) driver has been removed from the tree. Its
673 functionality has been completely replaced by
674 &man.if.bridge.4;.</para>
676 <para>The &man.gre.4; driver, which is for GRE encapsulation
677 found in RFC 1701 and RFC 1702, now supports IPv6 over GRE.</para>
679 <para>The &man.if.bridge.4; driver now supports
680 creating SPAN ports, which transmit a copy of every frame
681 received by the bridge. This feature can be enabled
682 by using &man.ifconfig.8;. &merged;</para>
684 <para>The &man.if.bridge.4; driver now supports
685 RFC 3378 EtherIP. This change makes it possible to
686 add &man.gif.4; interfaces to bridges, which will then
687 send and receive IP protocol 97 packets.
688 Packets are Ethernet frames with an EtherIP header prepended.
691 <para>A hard-coded limit on the number of IPv4 multicast group
692 memberships (formerly 20) has been removed.</para>
694 <para>The path MTU discovery for multicast packets in the &os;
695 IPv6 stack has been disabled by default.
696 Path MTU notification from a large number of multicast routers
697 can be a kind of distributed Denial-of-Service attack to a router.
698 This feature can be re-enabled by using a new sysctl variable
699 <varname>net.inet6.ip6.mcast_pmtu</varname>. &merged;</para>
701 <para>The &man.ipfw.4; IP packet filter now supports IPv6. &merged;</para>
703 <para>The &man.ipfw.4; firewall system now supports substitution of the action
704 argument with the value obtained from table lookup,
705 which allows some optimization of rulesets.
706 This is now applicable only to <literal>pipe</literal>,
707 <literal>queue</literal>,
708 <literal>divert</literal>,
709 <literal>tee</literal>,
710 <literal>netgraph</literal>,
711 and <literal>ngtee</literal> rules. &merged;
712 For example, the following rules will throw different
713 packets to different pipes:</para>
715 <programlisting>pipe 1000 config bw 1000Kbyte/s
716 pipe 4000 config bw 4000Kbyte/s
717 table 1 add x.x.x.x 1000
718 table 1 add x.x.x.y 4000
719 pipe tablearg ip from table(1) to any</programlisting>
721 <para>The &man.ipfw.4; packet filter now supports
722 <literal>tag</literal> and <literal>untag</literal> rule keywords.
723 When a packet matches a rule with the <literal>tag</literal>
724 keyword, the numeric tag for the given number in the range
725 from 0 to 65535 will be attached to the packet.
726 The tag acts as an internal marker (it is not sent out over
727 the wire) that can be used to identify these packets later on,
728 for example, by using <literal>tagged</literal>
729 rule option. For more details, see &man.ipfw.8;.</para>
731 <para>The ip6fw(8) packet filter has been removed. Since &man.ipfw.4; has gained
732 IPv6 support, it should be used instead. Please note that some rules might need
733 to be adjusted.</para>
735 <para>The &man.natm.4;, Native Mode ATM protocol layer is now MPSAFE.</para>
737 <para>The &man.ng.iface.4; Netgraph node now supports &man.altq.4;.
740 <para>A bug has been fixed in which NFS over TCP would not reconnect
741 when the server sent a FIN. This problem had occurred
742 with Solaris NFS servers. &merged;</para>
744 <para>The default retransmit timer for NFS over TCP is now 60 seconds.
745 This change prevents the unnecessary retransmission of
746 non-idempotent NFS requests. The <varname>nfs_access_cache</varname>
747 variable in &man.rc.conf.5; has also been changed to 60.</para>
749 <para>The default minimum number of nfsiod kernel threads
750 (&man.sysctl.8; variable <varname>vfs.nfs.iodmin</varname>)
751 has been changed from 4 to 0.</para>
753 <para>The sysctl variables <varname>net.inet.ip.portrange.reservedhigh</varname>
754 and <varname>net.inet.ip.portrange.reservedlow</varname>
755 can be used with IPv6 now.</para>
757 <para>A new sysctl variable <varname>net.inet.icmp.reply_from_interface</varname>
758 has been added. This allows the &man.icmp.4;
759 reply to non-local packets to be generated with
760 the IP address the packet came through in.
761 This is useful for routers to show in &man.traceroute.8;
762 the actual path a packet has taken instead of
763 the possibly different return path.</para>
765 <para>A new sysctl variable <varname>net.inet.icmp.quotelen</varname>
766 has been added. This allows to change length of
767 the quotation of the original packet in an ICMP reply.
768 The minimum of 8 bytes is internally enforced.
769 The maximum quotation is the remaining space in the
770 reply mbuf. This option is added in response to the
772 <filename>draft-gont-icmp-payload-00.txt</filename>.</para>
774 <para>The &man.icmp.4; now always quotes the entire TCP header
775 when responding and allocate an mbuf cluster if needed.
776 This change fixes the TCP issues raised in I-D
777 <filename>draft-gont-icmp-payload-00.txt</filename>.</para>
779 <para>A new socket option <literal>IP_MINTTL</literal> has been added.
780 This may be used to set the minimum acceptable
781 TTL a packet must have when received on a socket.
782 All packets with a lower TTL are silently dropped.
783 This works on already connected/connecting and
784 listening sockets for RAW, UDP, and TCP. This option
785 is only really useful when set to <literal>255</literal>, preventing packets
786 from outside the directly connected networks reaching
787 local listeners on sockets. Also, this option allows
788 userland implementation of <quote>The Generalized TTL
789 Security Mechanism (GTSM)</quote> found in RFC 3682.</para>
791 <para>Stealth forwarding now supports IPv6 as well as IPv4.
792 This behavior can be controlled by using a new sysctl variable
793 <varname>net.inet6.ip6.stealth</varname>.</para>
795 <para>The <literal>IPV6_V6ONLY</literal> socket option
796 now works for UDP.</para>
798 <para>The TCP bandwidth-delay product limiting feature has
799 been disabled when the RTT is below a certain threshold.
800 This optimization does not make sense on a LAN, as it has
801 trouble figuring out the maximal bandwidth due to the coarse
802 tick granularity. A new sysctl variable
803 <varname>net.inet.tcp.inflight.rttthresh</varname> specifies
804 the threshold in milliseconds below which this feature
805 will disengage. It defaults to 10ms. &merged;</para>
809 <title>Disks and Storage</title>
811 <para>The &man.aac.4; driver now supports the Adaptec 2610SA SATA-RAID
812 controller in some Hewlett-Packard machines.</para>
814 <para>The performance of the &man.amr.4; driver has been improved;
815 it also now supports full 64-bit DMA. While this feature is
816 enabled by default, this can be forced off by setting the
817 <varname>hw.amr.force_sg32</varname> loader tunable for
821 <para>The &man.amr.4; driver now supports the &man.ioctl.2; requests
822 necessary for the Linux LSI MegaRaid tools in &os;'s Linux emulation
826 <para>The &man.ata.4; driver now supports a workaround
827 for some controllers whose DMA does not work properly
828 in 48bit mode. For affected controllers,
829 PIO mode will be used for access to areas beyond 137GB.
832 <para>The &man.ata.4; driver now supports the ITE IT8211F IDE controller,
833 and the Promise PDC40718 and PDC40719 chip found in Promise
837 <para>The &man.ata.4; driver now supports DMA for kernel crash dumps,
838 as well as crash dumping to an &man.ataraid.4; device.
841 <para>The &man.ata.4; driver now supports USB mass storage class
842 devices. To enable it, a line <literal>device atausb</literal>
843 in the kernel configuration file or loading the
844 <filename>atausb</filename> kernel module is needed.
845 Note that this functionality cannot coexist with the
846 &man.umass.4; driver.</para>
848 <para>The &man.ataraid.4; driver now supports
849 JMicron ATA RAID metadata. &merged;</para>
851 <para>The <literal>GEOM_LABEL</literal> class now supports
852 Ext2FS, NTFS, and ReiserFS. &merged;</para>
854 <para>The <literal>GEOM_MIRROR</literal> class now supports
855 kernel crash dumps to the GEOM providers.
858 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal>
859 classes now support sysctl variables
860 <varname>kern.geom.mirror.disconnect_on_failure</varname>
862 <varname>kern.geom.graid3.disconnect_on_failure</varname>
863 to control whether failed components will be disconnected or not.
864 The default value is <literal>1</literal> to preserve the current
865 behavior, and if it is set to <literal>0</literal> such components
866 are not disconnected and the kernel will try to still use them
867 (only the first error will be logged).
868 This is helpful for the case of multiple broken components (in
869 different places), so actually all data is available.
870 The broken components will be visible in <command>gmirror list</command>
871 or <command>graid3 list</command> output with flag
872 <literal>BROKEN</literal>.
875 <para>The <literal>GEOM_MIRROR</literal> and <literal>GEOM_RAID3</literal>
876 classes now use parallel I/O requests for synchronization
877 to improve the performance. New sysctl variables
878 <varname>kern.geom.mirror.sync_requests</varname> and
879 <varname>kern.geom.raid3.sync_requests</varname>
880 define how many parallel I/O requests should be used.
881 Also, the sysctl variables
882 <varname>kern.geom.mirror.reqs_per_sync</varname>,
883 <varname>kern.geom.mirror.syncs_per_sec</varname>,
884 <varname>kern.geom.raid3.reqs_per_sync</varname>, and
885 <varname>kern.geom.raid3.syncs_per_sec</varname>
886 are deprecated and have been removed.
889 <para>A new GEOM class <literal>GEOM_ZERO</literal> has been added.
890 It creates a very huge provider (41PB) <filename>/dev/gzero</filename>
891 and is mainly useful for performance testing.
892 On <literal>BIO_READ</literal> request it zero-fills
893 <varname>bio_data</varname> and on <literal>BIO_WRITE</literal>
897 <para>The GEOM class kernel module <filename>g_md.ko</filename>
898 has been renamed to <filename>geom_md.ko</filename>
899 for consistency.</para>
901 <para arch="amd64,i386">The &man.hptmv.4; driver has been updated and now supports
902 amd64 as well as PAE.</para>
904 <para>The &man.mfi.4; driver, which supports
905 the LSI MegaRAID SAS controller family, has been added.
908 <para>The &man.mpt.4; driver has been updated to support
909 various new features such as RAID volume and RAID member
910 state/settings reporting, periodic volume re-synchronization
911 status reporting, and sysctl variables for volume
912 re-synchronization rate, volume member write cache status,
913 and volume transaction queue depth.</para>
915 <para>The &man.mpt.4; driver now supports SAS HBA (partially),
916 64-bit PCI, and large data transfer.</para>
918 <para>The &man.twa.4; driver has been updated to the 9.3.0.1
919 release on the 3ware Web site. &merged;</para>
921 <para>A new GEOM-based disk encryption facility, GEOM_ELI, has been
922 added. It uses the &man.crypto.9; framework for hardware acceleration
923 and supports different cryptographic algorithms. See &man.geli.8; for
924 more information. &merged;</para>
926 <para>The &man.geli.8; disk encryption system now supports loading keyfiles before the root
927 file system is mounted. &merged;
928 For example, the following entries
929 can be used in <filename>/boot/loader.conf</filename> to enable
932 <programlisting>geli_da0_keyfile0_load="YES"
933 geli_da0_keyfile0_type="da0:geli_keyfile0"
934 geli_da0_keyfile0_name="/boot/keys/da0.key0"
935 geli_da0_keyfile1_load="YES"
936 geli_da0_keyfile1_type="da0:geli_keyfile1"
937 geli_da0_keyfile1_name="/boot/keys/da0.key1"
938 geli_da0_keyfile2_load="YES"
939 geli_da0_keyfile2_type="da0:geli_keyfile2"
940 geli_da0_keyfile2_name="/boot/keys/da0.key2"
942 geli_da1s3a_keyfile0_load="YES"
943 geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
944 geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"</programlisting>
946 <para>&man.geli.8; is now able to perform data integrity
947 verification (data authentication) of encrypted data stored on
948 disk. Note that the encryption algorithm is now specified to
949 the &man.geli.8; control program using the <option>-e</option>
950 option; the <option>-a</option> option is now used to specify
951 the authentication algorithm</para>
953 <para>The &man.umass.4; driver now supports
954 <literal>PLAY_MSF</literal>,
955 <literal>PLAY_TRACK</literal>,
956 <literal>PLAY_TRACK_REL</literal>,
957 <literal>PAUSE</literal>,
958 <literal>PLAY_12</literal> commands so that
959 the &man.cdcontrol.1; utility can handle a USB CD drive.</para>
963 <title>File Systems</title>
965 <para arch="amd64,i386,pc98">The &man.linsysfs.5;
966 pseudo-filesystem driver has been added.
967 It provides a subset of the
968 Linux <filename>sys</filename> filesystem, and is required for
969 the correct operation of some Linux binaries (such as the LSI
970 MegaRAID SAS utility). &merged;</para>
972 <para>A part of the FreeBSD NFS subsystem (the interface with
973 the protocol stack and callouts, the NFS client side) is now MPSAFE.</para>
975 <para>Initial (read-only) support for SGI's XFS filesystem has been
980 <sect2 id="userland">
981 <title>Userland Changes</title>
983 <para>Padding of <varname>ai_addrlen</varname>
984 in <varname>struct addrinfo</varname> has been removed,
985 which was originally for the ABI compatibility.
986 For example, this change breaks the ABI compatibility of the
987 &man.getaddrinfo.3; function on 64-bit architectures, including
988 &os;/amd64, &os;/ia64, and &os;/sparc64.</para>
990 <para>The &man.asf.8; utility has been revised and extended. Now
991 it can operate via several interfaces including &man.kvm.3;,
992 which supports not only live systems, but also kernel crash dumps.
995 <para>The &man.arp.8; utility now allows the <option>-i</option>
996 option together with the <option>-d</option> and <option>-a</option> options
997 to allow all entries for a given interface to be removed.</para>
999 <para>The OpenBSM userland tools, including &man.audit.8;,
1001 &man.auditreduce.1;, and
1002 &man.praudit.1;, have been added.</para>
1004 <para>The &man.bsdiff.1; and &man.bspatch.1; utilities
1005 have been added. These are tools for constructing and
1006 applying binary patches. &merged;</para>
1008 <para>The &man.bsnmpd.1; utility now supports the Host Resources
1009 MIB described in RFC 2790. &merged;</para>
1011 <para>&man.cached.8; has been added. It is a daemon that caches
1012 the results of nsswitch lookups (such as those to the password,
1013 group, and services databases) for improved performance.</para>
1015 <para>The &man.cmp.1; utility now supports an <option>-h</option>
1016 flag to compare the symbolic link itself rather than the
1017 file that the link points to. &merged;</para>
1019 <para>The &man.config.8; utility now supports the <literal>nocpu</literal>
1020 directive, which cancels the effect of a
1021 previous <literal>cpu</literal> directive. &merged;</para>
1023 <para>The &man.config.8; utility now reads <filename>DEFAULTS</filename>
1024 kernel configuration file if it exists in the current directory
1025 before the specified configuration file. &merged;</para>
1027 <para>The &man.csh.1; utility now supports NLS catalogs.
1028 Note that this requires installing
1029 the <filename role="package">shells/tcsh_nls</filename> port.
1032 <para>The &man.csup.1; utility has been imported.
1033 This is an implementation of a CVSup-compatible client written
1034 in the C language. Note that it currently supports checkout mode
1035 only. &merged;</para>
1037 <para>The &man.dhclient.8; program now sends the host's name in
1038 DHCP requests if it is not specified in the configuration
1039 file. &merged;</para>
1041 <para>The &man.devd.8; utility now supports a <option>-f</option> option
1042 to specify a configuration file. &merged;</para>
1044 <para>The &man.du.1; program now supports a <option>-n</option>
1045 flag, which causes it to ignore files and directories with
1046 the <literal>nodump</literal> flag set. &merged;</para>
1048 <para>The &man.find.1; program now supports <option>-Btime</option>
1049 and other related primaries, which can be used to create expressions
1050 based on a file's creation time. &merged;</para>
1052 <para>A bug in the &man.find.1; program which prevents
1053 numeric arguments for <option>-user</option> and
1054 <option>-group</option> from working as expected
1055 has been fixed.</para>
1057 <para>The &man.ftpd.8; utility now creates a PID file
1058 <filename>/var/run/ftpd.pid</filename> even when
1059 no <option>-p</option> option is specified. &merged;</para>
1061 <para>The &man.gbde.8; utility now supports
1062 <option>-k</option> and <option>-K</option> options
1063 to specify a key file in addition to a passphrase.</para>
1065 <para>The &man.getfacl.1; utility now supports
1066 a <option>-q</option> flag to suppress the per-file header
1067 comment listing the file name, owner, and group.
1070 <para>The &man.getent.1; utility has been imported from NetBSD.
1071 It retrieves and displays information from an administrative
1072 database (such as <filename>hosts</filename>) using the lookup
1073 order specified in &man.nsswitch.conf.5;. &merged;</para>
1075 <para>The &man.gpt.8; utility now supports setting GPT partition labels.</para>
1077 <para>The &man.gvinum.8; utility now supports commands
1078 to rename objects and to move a subdisk from
1079 one drive to another. &merged;</para>
1081 <para>The &man.gvinum.8; utility now supports the
1082 <command>resetconfig</command> sub-command.</para>
1084 <para>An implementation of Generic Security Service API (GSS-API)
1085 version 2 and its C binding described in RFC2743 and RFC2744
1086 has been added. This is a new extensible GSS-API layer which
1087 can support GSS-API plugins, similar the the Solaris
1088 implementation, and the Kerberos 5 GSS mechanism has
1089 been rewritten as a plugin library for the new implementation.</para>
1091 <para>The &man.hccontrol.8; utility now supports HCI node
1092 autodetection.</para>
1094 <para>The &man.id.1; utility now prints the effective user
1095 ID after the group ID.</para>
1097 <para>The &man.ifconfig.8; utility now supports
1098 a <option>-k</option> flag to allow printing
1099 potentially sensitive keying material to standard output.
1100 This sensitive information will not be printed by default.</para>
1102 <para>The &man.ifconfig.8; utility now supports a <option>-tunnel</option>
1103 parameter, which is just an alias for <option>deletetunnel</option>,
1104 yet is more convenient and easier to type.</para>
1106 <para>The <option>-vlandev</option> parameter to &man.ifconfig.8;
1107 no longer requires a network interface as its argument. The
1108 argument still is supported for backward compatibility, but
1109 is now deprecated and its use is discouraged.</para>
1111 <para>The &man.iostat.8; utility now supports
1112 a <option>-x</option> flag (inspired by Solaris) to print
1113 extended disk statistics. If the new <option>-z</option> flag is
1114 also specified, no output is made for disks with no
1115 activity. &merged;</para>
1117 <para>The &man.ipfwpcap.8; utility has been added; it captures
1118 packets on a &man.divert.4; socket and writes them as
1119 &man.pcap.3; (also known as &man.tcpdump.1;) format data to a
1120 file or pipe.</para>
1122 <para>The &man.jail.8; utility supports a <option>-J
1123 <replaceable>jid_file</replaceable></option> option to
1124 write out a JidFile, similar to a PidFile, containing
1125 the jailid, path, hostname, IP and the command used to start
1126 the jail. &merged;</para>
1128 <para>The &man.jail.8; program now supports a <option>-s</option>
1129 option to specify a jail's securelevel. &merged;</para>
1131 <para>The &man.kdump.1; program now supports a <option>-H</option>
1132 flag, which causes kdump to print an additional field holding
1133 the threadid. &merged;</para>
1135 <para>The &man.kdump.1; program now supports a <option>-s</option>
1136 flag to suppress the display of I/O data. &merged;</para>
1138 <para>The &man.kdump.1; program now supports printing
1139 flags in a system call argument by using symbol names.</para>
1141 <para>The &man.kenv.1; utility now supports a <option>-q</option>
1142 flag to suppress warnings.</para>
1144 <para>&man.kgdb.1; now supports a <option>-w</option>
1145 option to open kmem-based targets in read-write mode.
1146 This allows one to use kgdb on <filename>/dev/mem</filename>
1147 and be able to patch memory on a live system.</para>
1149 <para>The &man.libarchive.3; library now supports
1150 POSIX.1e-style Extended Attributes.</para>
1152 <para>The <application>libc</application> library now includes
1153 initial implementation of symbol maps and symbol version
1156 <para>The <application>libedit</application> library has been
1157 updated from the NetBSD source tree as of August 2005.</para>
1159 <para>The <application>libm</application> library now includes
1160 initial implementation of symbol maps and symbol version
1163 <para>The &man.libmemstat.3; library has been added.
1164 This is for use by debugging and monitoring applications
1165 in tracking kernel memory statistics. It provides an
1166 abstracted interface to &man.uma.9; and &man.malloc.9;
1167 statistics, wrapped around the binary stream sysctl variables
1168 for the allocators. &merged;</para>
1170 <para>The &man.ln.1; utility now supports
1171 an <option>-F</option> flag, which deletes existing
1172 empty directories when creating symbolic links.
1175 <para>The &man.locate.1; utility now supports
1176 a <option>-0</option> flag to make this utility
1177 interoperable with &man.xargs.1;'s <option>-0</option> flag.
1180 <para>The &man.ls.1; utility now supports
1181 an <option>-I</option> flag to disable the automatic
1182 <option>-A</option> flag for the superuser. &merged;</para>
1184 <para>The &man.ls.1; utility now supports
1185 an <option>-U</option> flag to use the file creation
1186 time for sorting. &merged;</para>
1188 <para>A new &man.malloc.3; implementation has been introduced.
1189 This implementation, sometimes referred to
1190 as <quote>jemalloc</quote>, was designed to improve the
1191 performance of multi-threaded programs, particularly on SMP
1192 systems, while preserving the performance of single-threaded
1193 programs. Due to the use of different algorithms and data
1194 structures, jemalloc may expose some previously-unknown bugs in
1195 userland code, although most of the &os; base system and common
1196 ports have been tested and/or fixed.</para>
1198 <para>The &man.mdconfig.8; utility now supports producing
1199 device listings formatted as XML. Currently, the
1200 <command>list</command> and <command>query</command>
1201 sub-commands support this feature.</para>
1203 <para>The &man.mdconfig.8; utility's <option>-u</option> option
1204 now supports specifying multiple devices separated
1205 by comma character.</para>
1207 <para>The &man.mdmfs.8; utility now supports a <option>-P</option> flag
1208 to allow skipping the &man.newfs.8; process
1209 when using a vnode-backed disk.</para>
1211 <para>The &man.mdmfs.8; utility now supports a <option>-E</option> flag
1212 to allow to specify location of the &man.mdconfig.8;
1213 utility instead of using the default one
1214 (<filename>/sbin/mdconfig</filename>).</para>
1216 <para>A new function &man.memmem.3; has been implemented in
1217 <filename>libc</filename>. This is the binary equivalent to
1218 &man.strstr.3; and found in <filename>glibc</filename>.</para>
1220 <para>The &man.mergemaster.8; utility now supports
1221 an <option>-A</option> option to explicitly specify
1222 an architecture to pass through to the underlying makefiles.
1225 <para>The &man.mount.8; <literal>nodev</literal> option has
1226 been removed.</para>
1228 <para>The &man.mount.8; utility now supports &man.mqueuefs.5;.</para>
1230 <para>A bug which prevents the &man.mount.8; utility from converting
1231 a read-only mount to read-write via <command>mount -u -o rw</command>,
1232 has been fixed.</para>
1234 <para>The &man.moused.8; daemon now supports an <option>-H</option> flag
1235 to enable horizontal virtual scrolling similar to the
1236 <option>-V</option> flag for vertical virtual scrolling.
1239 <para>The &man.netstat.1; utility now supports an
1240 <option>-h</option> flag for interface stats mode,
1241 which prints all interface statistics in human readable form. &merged;</para>
1243 <para>The &man.netstat.1; utility now supports
1244 printing &man.ipsec.4; protocol statistics if the
1245 kernel was compiled with <literal>FAST_IPSEC</literal>
1246 rather than the KAME IPSEC stack.
1247 Note that the output of <command>netstat -s -p ipsec</command>
1248 differs depending on which stack is compiled into
1249 the kernel since they each keep different statistics. &merged;</para>
1251 <para>The <filename>/etc/nsswitch.conf</filename> file is now
1252 installed statically instead of being generated on every
1255 <para>The &man.periodic.8; daily script now supports
1256 display of the status of &man.gmirror.8;, &man.graid3.8;,
1257 &man.gstripe.8;, and &man.gconcat.8; devices.
1258 Note that these are disabled by default. &merged;</para>
1260 <para>A new function, &man.pidfile.3;, which provides reliable
1261 pidfiles handling, has been implemented in
1262 <filename>libutil</filename>. &merged;</para>
1264 <para>The &man.ping.8; utility now supports a <quote>sweeping
1265 ping</quote> in which &man.icmp.4; payload of
1266 packets being sent is increased with given step.
1267 This is useful for testing problematic channels, MTU issues
1268 or traffic policing functions in networks. &merged;</para>
1270 <para>The &man.pkill.1; utility now supports a
1271 <option>-F</option> option which allows to
1272 restrict matches to a process whose PID is stored in the
1273 pidfile file. When another new option <option>-L</option>
1274 is also specified, the pidfile file must be locked with the
1275 &man.flock.2; syscall or created with &man.pidfile.3;.</para>
1277 <para>The &man.pkill.1; utility now supports a
1278 <option>-I</option> flag which works like <option>-i</option>
1279 of &man.rm.1;. When this flag is specified, &man.pkill.1;
1280 will ask for confirmation before sending a signal to
1281 each matching process.</para>
1283 <para>The &man.powerd.8; program now supports a
1284 <option>-P</option> option, which specifies a pidfile to use.</para>
1286 <para>The DNS resolver library in &os;'s <application>libc</application>
1287 has been updated to BIND9's one.</para>
1289 <para>The &man.rfcomm.sppd.1; program now supports service names
1290 in addition to <option>-c</option> option with channel number.
1291 The supported names are: DUN (Dial-Up Networking), FAX (Fax),
1292 LAN (LAN Access Using PPP), and SP (Serial Port). &merged;</para>
1294 <para>The &man.rpcgen.1; utility now generates headers and stub files
1295 that can be used with ANSI C compilers by default.</para>
1297 <para>The &man.rtld.1; runtime linker now supports ELF symbol versioning
1298 using GNU semantics. This implementation aims to be compatible
1299 with symbol versioning support as implemented by GNU libc and
1300 documented in <ulink url="http://people.redhat.com/~drepper/symbol-versioning"></ulink>
1301 and LSB 3.0. Also, <function>dlvsym()</function>
1302 function has been added to
1303 allow lookups for a specific version of a given symbol.</para>
1305 <para>A bug in the &man.sed.1; utility which can cause
1306 incorrect calculation of pattern space length in some cases
1307 has been fixed.</para>
1309 <para>The &man.sh.1; utility now supports a <literal>times</literal>
1310 built-in command. &merged;</para>
1312 <para>The &man.snapinfo.8; utility, which shows snapshot locations
1313 on UFS filesystems, has been added. &merged;</para>
1315 <para>The &man.strtonum.3; library function has been implemented
1316 based on OpenBSD's implementation. This is an improved version of
1317 &man.strtoll.3;. &merged;</para>
1319 <para>The &man.sysctl.8; utility now supports a <option>-q</option>
1320 flag to suppress a limited set of warnings and errors.</para>
1322 <para>The &man.time.1; utility now prints the time that a given
1323 command has been running if sent a <literal>SIGINFO</literal> signal.</para>
1325 <para>The &man.traceroute.8; utility now supports
1326 a <option>-e</option> option, which sets a fixed destination
1327 port for probe packets. This can be useful for tracing behind
1328 packet-filtering firewalls.</para>
1330 <para>&man.traceroute.8; now decodes the complete set of ICMP
1331 unreachable messages in its output.</para>
1333 <para>The &man.truss.1; utility now supports an <option>-s</option>
1334 flag for the same functionality as the strace utility
1335 (<filename role="package">devel/strace</filename>).</para>
1337 <para arch="ppc">The &man.truss.1; utility now supports &os;/ppc.</para>
1339 <para>The usbd(8) utility has been removed.
1340 The &man.devd.8; utility and its configuration
1341 file now support functionality which is equivalent to it.</para>
1343 <para>The &man.xargs.1; utility now supports a <option>-r</option>
1344 flag which makes the command execution when the standard input
1345 does not contain any non-whitespace-characters. &merged;</para>
1347 <para>The shared library version number of all libraries has
1348 been updated due to some possible ABI changes. The libraries
1349 include: snmp_<replaceable>*</replaceable>, libdialog, libg2c, libobjc,
1350 libreadline, libregex, libstdc++, libkrb5, libalias, libarchive,
1351 libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt,
1352 libdevstat, libedit, libexpat, libfetch, libftpio, libgpib,
1353 libipsec, libkiconv, libmagic, libmp, libncp, libncurses,
1354 libnetgraph, libngatm, libopie, libpam, libpthread, libradius,
1355 libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw,
1356 libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto,
1357 libssh, and libssl.</para>
1359 <para>The <function>wcsdup()</function> function has been
1360 implemented. This function is popular in Microsoft and GNU
1363 <sect3 id="rc-scripts">
1364 <title><filename>/etc/rc.d</filename> Scripts</title>
1366 <para>The <filename>auditd</filename> script for
1367 OpenBSM &man.auditd.8; has been added.</para>
1369 <para>The <filename>bluetooth</filename> script
1370 has been added. This script will be called from
1371 &man.devd.8; in response to device attachment/detachment
1372 events and to stop/start particular device without unplugging
1373 it by hand. The configuration parameters are in
1374 <filename>/etc/defaults/bluetooth.device.conf</filename>,
1375 and can be overridden by using
1376 <filename>/etc/bluetooth/<replaceable>$device</replaceable>.conf</filename>
1377 (where <replaceable>$device</replaceable> is <devicename>ubt0</devicename>,
1378 <devicename>btcc0</devicename>, and so on.)
1379 For more details, see &man.bluetooth.conf.5;. &merged;</para>
1381 <para>The <filename>ftpd</filename> script for
1382 stand-alone &man.ftpd.8; has been added.</para>
1384 <para>The <filename>gbde_swap</filename> script has
1385 been removed in favor a new <filename>encswap</filename>
1386 script which also supports &man.geli.8; for swap
1389 <para>The <filename>geli</filename> and <filename>geli2</filename>
1390 scripts has been added for &man.geli.8; device
1391 configuration on boot.</para>
1393 <para>The <filename>ike</filename> script for
1394 IPsec IKE daemon has been removed because no such daemon
1395 is included in the base system.</para>
1397 <para>The <filename>hcsecd</filename> and
1398 <filename>sdpd</filename> scripts have been added
1399 for &man.hcsecd.8; and &man.sdpd.8; daemons.
1400 These daemons can run even if no Bluetooth devices
1401 are attached to the system, but both daemons depend on
1402 Bluetooth socket layer and thus disabled by default.
1403 Bluetooth sockets layer must be either loaded
1404 as a module or compiled into kernel before the daemons can run.
1407 <para>The <filename>hostapd</filename> script for
1408 &man.hostapd.8; has been added. &merged;</para>
1410 <para>The <filename>mdconfig</filename> script to
1411 handle vnode backed &man.md.4; devices has been added.
1412 This is a replacement of the <filename>ramdisk</filename>
1413 script, and all of variables in <varname>ramdisk_*</varname>
1414 have been changed to <varname>mdconfig_*</varname>.
1415 Also, two new &man.rc.conf.5; variables
1416 <varname>mdconfig_<replaceable>*</replaceable>_files</varname>
1418 <varname>mdconfig_<replaceable>*</replaceable>_cmd</varname>
1419 have been added. For example:</para>
1421 <programlisting>mdconfig_md0="-t malloc -s 10m"
1422 mdconfig_md1="-t vnode -f /var/foo.img"</programlisting>
1424 <para>The <filename>netif</filename> script now supports
1425 <varname>ipv4_addrs_<replaceable>ifn</replaceable></varname>
1427 which add one or more IPv4 address from a ranged list in
1428 CIDR notation. &merged; For example:</para>
1430 <programlisting>ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"</programlisting>
1432 <para>The <filename>rcconf.sh</filename> script in <filename>/etc/rc.d</filename>
1433 has been removed and a variable <varname>early_late_divider</varname>,
1434 which designates the script to separate the early and late stages
1435 of the boot process, has been added.</para>
1437 <para>The <filename>rc.initdiskless</filename> script now uses &man.tar.1;
1438 instead of &man.pax.1; because &man.pax.1; needs a writable
1439 temporary directory that may not be available when this script
1442 <para>The <filename>pccard</filename> script has been removed
1443 since OLDCARD is deprecated.</para>
1445 <para>The <filename>ppp-user</filename> script has been renamed to
1446 <filename>ppp</filename>. &merged;</para>
1448 <para>The <varname>removable_interfaces</varname> variable
1449 has been removed.</para>
1451 <para>A new keyword <literal>NOAUTO</literal> in
1452 <varname>ifconfig_<replaceable>ifn</replaceable></varname>
1453 has been added. This prevents configuration of an interface
1454 at boot time or via <filename>/etc/pccard_ether</filename>,
1455 and allows <filename>/etc/rc.d/netif</filename>
1456 to be used to start and stop an interface
1457 on a purely manual basis.</para>
1461 <sect2 id="contrib">
1462 <title>Contributed Software</title>
1464 <para><application>Intel ACPI-CA</application>
1465 has been updated to 20051021.</para>
1467 <para><application>BIND</application> has been updated from 9.3.1
1468 to 9.3.2. &merged;</para>
1470 <para><application>BSNMPD</application> has been updated from
1471 1.11 to 1.12.</para>
1473 <para><application>DRM</application> has
1474 been updated to a snapshot from DRI CVS as of 20060517.
1477 <para><application>netcat</application> has been updated from the
1478 version in a 4 February 2005 OpenBSD snapshot to the version
1479 included in OpenBSD 3.9.</para>
1481 <para><application>GNU Readline library</application>
1482 has been updated from 5.0 to 5.1.</para>
1484 <para><application>GNU Troff</application>
1485 has been updated from version 1.19 to version 1.19.2.
1488 <para><application>IPFilter</application> has been updated from
1489 4.1.8 to 4.1.10.</para>
1491 <para><application>OpenSSH</application> has been updated from
1492 4.2p1 to 4.3p1.</para>
1494 <para><application>hostapd</application>
1495 has been updated from version 0.3.9 to version 0.4.8.
1498 <para><application>sendmail</application> has been updated from
1499 8.13.4 to 8.13.6. &merged;</para>
1501 <para><application>sendmail</application> has been updated from
1502 8.13.6 to 8.13.7.</para>
1504 <para>The timezone database has been updated from the
1505 <application>tzdata2005l</application> release to the
1506 <application>tzdata2006g</application> release. &merged;</para>
1508 <para>TrustedBSD <application>OpenBSM</application>,
1509 version 1.0 alpha 6, an implementation of the documented Sun Basic
1510 Security Module (BSM) Audit API and file format, as well as local
1511 extensions to support the Mac OS X and FreeBSD operating systems
1512 has been added. This also includes command line tools for audit
1513 trail reduction and conversion to text, as well as documentation
1514 of the commands, file format, and APIs.
1515 For this functionality, the <literal>AUDIT</literal> kernel option,
1516 <filename>/var/audit</filename> directory, and
1517 <literal>audit</literal> group have been added.</para>
1519 <para><application>WPA Supplicant</application>
1520 has been updated from version 0.3.9 to version 0.4.8.
1523 <para><application>zlib</application>
1524 has been updated from version 1.2.2 to version 1.2.3.</para>
1528 <title>Ports/Packages Collection Infrastructure</title>
1530 <para>&man.pkg.add.1; now supports an <option>-F</option>
1531 flag to disable checking whether the same package is already
1532 installed or not. &merged;</para>
1534 <para>The &man.pkg.add.1; program now supports an <option>-P</option>
1535 flag, which is the same as the <option>-p</option> flag
1536 except that the given prefix is also used recursively for the
1537 dependency packages if any. &merged;</para>
1539 <para>The &man.pkg.add.1; and &man.pkg.create.1; utilities now support
1540 a <option>-K</option> flag to save packages to the current directory
1541 (or <varname>PKGDIR</varname> if defined) by default.
1544 <para>The &man.pkg.create.1; program now supports an <option>-x</option>
1545 flag to support basic regular expressions for package name,
1546 an <option>-E</option> flag for extended regular
1547 expressions, and a <option>-G</option> for exact matching. &merged;</para>
1549 <para>The &man.pkg.version.1; utility now supports an <option>-o</option>
1550 flag to show the origin recorded on package generation
1551 instead of the package name, and an <option>-O</option> flag
1552 to list packages with a specific registered origin.
1555 <para>The &man.portsnap.8; utility (<filename>sysutils/portsnap</filename>)
1556 has been added into the &os; base system. This is a secure,
1557 easy to use, fast, lightweight, and generally good way for
1558 users to keep their ports trees up to date. &merged;</para>
1560 <para>A incorrect handling of <varname>HTTP_PROXY_AUTH</varname>
1561 in the &man.portsnap.8; utility has been fixed. &merged;</para>
1563 <para>The startup scripts from the <varname>local_startup</varname>
1564 directory now evaluated by using &man.rcorder.8; with scripts
1565 in the base system. &merged;</para>
1567 <para>The suffix of startup scripts from the Ports Collection
1568 has been removed. This means <filename>foo.sh</filename>
1569 is renamed to <filename>foo</filename>, and now
1570 scripts whose name is something like
1571 <filename>foo.ORG</filename> will also be invoked.
1572 You are recommended to reinstall packages which install
1573 such scripts and remove extra files in the
1574 <varname>local_startup</varname> directory. &merged;</para>
1576 <para>New <filename>rc.conf</filename> variables,
1577 <varname>ldconfig_local_dirs</varname> and
1578 <varname>ldconfig_local32_dirs</varname> have been added.
1579 These hold lists of local &man.ldconfig.8; directories.
1582 <para>The <command>@cwd</command> command in
1583 <filename>pkg-plist</filename> now allows
1584 the case where no directory argument is given. If no
1585 directory argument is given, it will set current
1586 working directory to the first prefix given by the
1587 <command>@cwd</command> command. &merged;</para>
1591 <title>Release Engineering and Integration</title>
1593 <para>The default partition sizing algorithm of the
1594 &man.sysinstall.8; utility has been changed.</para>
1598 <para>On systems where the disk capacity is larger than (3 * RAMsize + 10GB),
1599 the default sizes will now be as follows:</para>
1601 <informaltable frame="none" pgwide="0">
1603 <colspec colwidth="1*">
1604 <colspec colwidth="2*">
1607 <entry>Partition</entry>
1613 <row><entry>swap</entry><entry>RAMsize * 2</entry></row>
1614 <row><entry><filename>/</filename></entry><entry>512 MB</entry></row>
1615 <row><entry><filename>/tmp</filename></entry><entry>512 MB</entry></row>
1616 <row><entry><filename>/var</filename></entry><entry>1024 MB + RAMsize</entry></row>
1617 <row><entry><filename>/usr</filename></entry><entry>the rest (8GB or more)</entry></row>
1624 <para>On systems where the disk capacity is larger than
1625 (RAMsize / 8 + 2 GB), the default sizes will be
1626 in the following ranges, with space allocated
1627 proportionally:</para>
1629 <informaltable frame="none" pgwide="0">
1631 <colspec colwidth="1*">
1632 <colspec colwidth="2*">
1635 <entry>Partition</entry>
1641 <row><entry>swap</entry><entry>from RAMsize / 8 to RAMsize * 2</entry></row>
1642 <row><entry><filename>/</filename></entry><entry>from 256MB to 512MB</entry></row>
1643 <row><entry><filename>/tmp</filename></entry><entry>from 128MB to 512MB</entry></row>
1644 <row><entry><filename>/var</filename></entry><entry>from 128MB to 1024MB</entry></row>
1645 <row><entry><filename>/usr</filename></entry><entry>from 1536MB to 8192MB</entry></row>
1652 <para>On systems with even less disk space, the existing behavior is not
1657 <para>A new <literal>showconfig</literal>
1658 target has been added in <filename>src/Makefile</filename>
1659 to show the build configuration of the &os; source tree.</para>
1661 <para>A <filename>/media</filename> directory has been
1662 added to contain mount points for removable media
1663 such as CDROMs, floppy disks, USB drives, and so on.</para>
1665 <para>The <filename>src.conf</filename> file, which
1666 contains settings that will apply to every build involving
1667 the &os; source tree, has been added.
1668 For details, see &man.build.7; and &man.src.conf.5;.</para>
1670 <para>The supported version of
1671 the <application>GNOME</application> desktop environment
1672 (<filename role="package">x11/gnome2</filename>) has been
1673 updated from 2.10.2 to 2.14.1. &merged;</para>
1675 <para>The supported version of
1676 the <application>KDE</application> desktop environment
1677 (<filename role="package">x11/kde3</filename>) has been
1678 updated from 3.4.2 to 3.5.3. &merged;</para>
1680 <para arch="i386,amd64">The supported Linux emulation now uses the
1682 <filename role="package">emulators/linux_base-fc4</filename>
1683 package. &merged;</para>
1685 <para>The supported version of
1686 the <application>Perl</application> interpreter
1687 (<filename role="package">lang/perl5.8</filename>) has been updated
1688 from 5.8.7 to 5.8.8. &merged;</para>
1690 <para>The supported version of
1691 the <application>&xorg;</application> windowing system
1692 (<filename role="package">x11/xorg</filename>) has been updated
1693 from 6.8.2 to 6.9.0. &merged;</para>
1695 <para arch="pc98">&os;/pc98 release CDROMs are now
1696 bootable on systems with some supported SCSI adapters.
1701 <title>Documentation</title>
1703 <para>Documentation of existing functionality has been improved by
1704 the addition of the following manual pages:
1705 &man.acpi.sony.4;, &man.device.get.sysctl.9;,
1708 &man.snd.mss.4;, &man.snd.t4dwave.4;,
1709 &man.sysctl.9;.</para>
1711 <para>The manual pages for <application>NTP</application>
1712 have been updated to 4.2.0, to match the version of
1713 code actually included in &os;. &merged;</para>
1715 <para>Initial support for kernel subsystem API documentation generating
1716 framework using <filename role="package">devel/doxygen</filename>
1717 has been added into <filename>src/sys/doc/subsys</filename>.
1718 To generate the API document, type <command>make doxygen</command>
1719 in <filename>src/</filename> directory.</para>
1723 <sect1 id="upgrade">
1724 <title>Upgrading from previous releases of &os;</title>
1729 <para>Upgrading &os; should, of course, only be attempted after
1730 backing up <emphasis>all</emphasis> data and configuration