2 <title>&os;/&arch; &release.current; Release Notes</title>
4 <corpauthor>The FreeBSD Project</corpauthor>
6 <pubdate>$FreeBSD$</pubdate>
13 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
17 <para>The release notes for &os; &release.current; contain a summary
19 <![ %include.historic; [
20 the changes made to the &os; base system since &release.prev;.
22 <![ %no.include.historic; [
23 recent changes made to the &os; base system on the &release.branch;
26 Both changes for kernel and userland are listed, as well as
27 applicable security advisories that were issued since the last
28 release. Some brief remarks on upgrading are also presented.</para>
33 <title>Introduction</title>
35 <para>This document contains the release notes for &os;
36 &release.current; on the &arch.print; hardware platform. It
37 describes recently added, changed, or deleted features of &os;.
38 It also provides some notes on upgrading
39 from previous versions of &os;.</para>
41 <![ %release.type.snapshot [
43 <para>The &release.type; distribution to which these release notes
44 apply represents a point along the &release.branch; development
45 branch between &release.prev; and the future &release.next;. Some
46 pre-built, binary &release.type; distributions along this branch
47 can be found at <ulink url="&release.url;"></ulink>.</para>
51 <![ %release.type.release [
53 <para>This distribution of &os; &release.current; is a
54 &release.type; distribution. It can be found at <ulink
55 url="&release.url;"></ulink> or any of its mirrors. More
56 information on obtaining this (or other) &release.type;
57 distributions of &os; can be found in the <ulink
58 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining
59 FreeBSD</quote> appendix</ulink> to the <ulink
60 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD
61 Handbook</ulink>.</para>
67 <title>What's New</title>
69 <para>This section describes
70 <![ %include.historic; [
71 the most user-visible new or changed features in &os;
73 In general, changes described here are unique to the &release.branch;
74 branch unless specifically marked as &merged; features.
76 <![ %no.include.historic; [
77 many of the user-visible new or changed features in &os;
78 since &release.prev;. It includes items that are unique to the
79 &release.branch; branch, as well as some features that may have been
81 other branches (after &os; &release.prev.historic;). The later
82 items are marked as &merged;.
86 <para>Typical release note items
87 document new drivers or hardware support, new commands or options,
88 major bugfixes, or contributed software upgrades. Applicable security
89 advisories issued after &release.prev.historic; are also listed.</para>
91 <para>Many additional changes were made to &os; that are not listed
92 here for lack of space. For example, documentation was corrected
93 and improved, minor bugs were fixed, insecure coding practices
94 were audited and corrected, and source code was cleaned up.</para>
97 <title>Kernel Changes</title>
99 <para arch="i386,pc98">Execution of &man.a.out.5; format executables now
100 requires the <literal>COMPAT_AOUT</literal> option in the kernel
101 configuration or the loading of the <filename>aout.ko</filename>
102 kernel module.</para>
104 <para>&man.acct.2; has been changed to open the accounting file in
105 append mode, so that &man.accton.8; can be used to enable
106 accounting to an append-only file. &merged;</para>
108 <para arch="i386" role="historic">The &man.amdpm.4; driver has been added to
109 provide access to the system monitoring functions of the AMD 756
110 chipset. &merged;</para>
112 <para arch="i386,alpha,ia64" role="historic">The &man.agp.4; driver for AGP devices has been
113 added. &merged;</para>
115 <para arch="i386,pc98">Preliminary support for Bluetooth devices has
116 been added, in the form of a series of Netgraph modules (see
117 &man.ng.bluetooth.4;). Two modules provide device driver
118 support for Bluetooth adapters: The &man.ng.bt3c.4; driver
119 supports the 3Com/HP Bluetooth PCCARD adapters, while the
120 &man.ng.ubt.4; driver supports several USB Bluetooth adapters.
123 <para>Bluetooth support in &os; is a work in progress.</para>
128 <para>A new in-kernel cryptographic framework (see &man.crypto.4;
129 and &man.crypto.9;) has been imported from OpenBSD. It provides
130 a consistent interface to hardware and software implementations
131 of cryptographic algorithms for use by the kernel and access to
132 cryptographic hardware for user-mode applications.
133 Hardware device drivers are provided to support hifn-based cards
134 (&man.hifn.4;) and Broadcom-based cards (&man.ubsec.4;). &merged;</para>
136 <para>A new &man.ddb.4; command <command>show pcpu</command> lists
137 some of the per-CPU data.</para>
139 <para role="historic">Two new &man.ddb.4; commands, <command>hwatch</command> and
140 <command>dhwatch</command>, have been introduced. Analogous to
141 <command>watch</command> and <command>dwatch</command>, they
142 install hardware watchpoints (as opposed to software
143 watchpoints) if supported by the architecture. &merged;</para>
145 <para>A <filename>devctl</filename> device has been added to allow
146 userland programs to learn when devices come and go in the device
147 tree. This facility is primarily used
148 by the &man.devd.8; utility.</para>
150 <para>&man.devfs.5;, which allows entries in the
151 <filename>/dev</filename> directory to be built automatically
152 and supports more flexible attachment of devices, has been
153 largely reworked. &man.devfs.5; is now enabled by default and
154 can be disabled by the <literal>NODEVFS</literal> kernel
156 A <quote>rule</quote> subsystem
157 permits the administrator to define certain properties of new device
158 nodes before they become visible to the userland. Both static (e.g.
159 <filename>/dev/speaker</filename>) and dynamic (e.g.
160 <filename>/dev/bpf*</filename>, some removable devices) nodes are
161 supported. Each &man.devfs.5; mount may have a different ruleset assigned to
162 it, permitting different policies to be implemented for things like
163 jails. Rules and rulesets are manipulated with the &man.devfs.8;
166 <para>A new digi driver has been added to support PCI Xr-based and
167 ISA Xem Digiboard cards. A new &man.digictl.8; program is
168 (mainly) used to re-initialize cards that have external port
169 modules attached such as the PC/Xem. This driver replaces the older
172 <para>An &man.eaccess.2; system call has been added, similar to
173 &man.access.2; except that the former uses effective credentials
174 rather than real credentials.</para>
176 <para arch="sparc64">Support has been added for EBus-based
179 <para arch="i386,pc98,powerpc">Initial support has been added for
180 FireWire devices (see &man.firewire.4;). &merged;</para>
182 <para arch="i386" role="historic">The &man.ichsmb.4; driver for the Intel 82801AA
183 (ICH) SMBus controller and compatibles has been
184 added. &merged;</para>
186 <para>Each &man.jail.2; environment can now run under its own
189 <para>The tunable sysctl variables for &man.jail.2; have moved
190 from <varname>jail.*</varname> to the
191 <varname>security.*</varname> hierarchy. Other security-related
192 sysctl variables have moved from <varname>kern.security.*</varname> to
193 <varname>security.*</varname>.</para>
195 <para role="historic">The <varname>kern.maxvnodes</varname> limit now properly
196 limits the number of vnodes in use. Previously only vnodes with
197 no cached pages could be freed; this could allow the number of
198 vnodes to grow without limit on large-memory machines accessing
199 many small files. A <literal>vnlru</literal> kernel thread
200 helps to flush and reuse vnodes. &merged;</para>
202 <para role="historic">The kernel message buffer is now accessible by the
203 (machine-independent) <varname>kern.msgbuf</varname> sysctl
204 variable; &man.dmesg.8; no longer needs to be SGID
205 <groupname>kmem</groupname>. &merged;</para>
207 <para>The kernel environment is now dynamic, and can be changed
208 via the new &man.kenv.2; system call.</para>
210 <para role="historic">The &man.kqueue.2; event notification facility was added to
211 the &os; kernel. This is a new interface which is able to
212 replace &man.poll.2;/&man.select.2;, offering improved
213 performance, as well as the ability to report many different
214 types of events. Support for monitoring changes in sockets,
215 pipes, fifos, and files are present, as well as for signals and
216 processes. &merged;</para>
218 <para arch="i386,pc98" role="historic">A new <varname>KVA_SPACE</varname> kernel option
219 can be used to reconfigure the size of the kernel virtual
220 address space. &merged;</para>
222 <para>The labpc(4) driver has been removed due to
223 <quote>bitrot</quote>.</para>
225 <para>The loader and kernel linker now look for files named
226 <filename>linker.hints</filename> in each directory with KLDs
227 for a module name and version to KLD filename mapping. The new
228 &man.kldxref.8; utility is used to generate these files.</para>
230 <para role="historic">Linux emulation now supports the kernel functionality
232 <filename role="package">emulators/linux_base</filename>
233 (RedHat 7.X emulation) port. &merged;</para>
235 <para role="historic">Linux emulation now requires <literal>options
236 SYSVSEM</literal> in the kernel configuration. &merged;</para>
238 <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control
239 security facility, has been added as a kernel module. It
240 provides a drop-in security mechanism in addition to the
241 traditional UID-based security facilities, requiring no
242 additional configuration from the administrator. Work on this
243 feature was sponsored by DARPA and NAI Labs.</para>
245 <para>&os; now supports an extensible Mandatory Access Control
246 framework, the TrustedBSD MAC Framework. It permits loadable
247 kernel modules to link to the kernel at compile-time, boot-time,
248 or run-time to augment the system security policy. The
249 framework permits modules to express interest in a variety
250 of events, and also provides common security policy services
251 such as label storage. A variety of sample policy modules are
252 shipped in this release, including implementations of fixed
253 and floating label Biba integrity models, Multi-Level Security
254 (MLS) with compartments, and a number of augmented UNIX security
255 models including a file system firewall. This feature will
256 permit easier development and maintenance of local and vendor
257 security extensions. The extensibility service is enabled
258 by adding <literal>options MAC</literal> to the kernel
262 <para>The MAC framework is considered an experimental
263 feature in this release, and is not enabled by default</para>
267 <para arch="ia64">Machine Check Architecture (MCA) records are now
268 collected at boot time and made available through the
269 <varname>hw.mca.*</varname> sysctl variables.</para>
271 <para role="historic">The <varname>maxusers</varname> kernel configuration
272 parameter is now a boot-time tunable variable. The kernel
273 parameters derived from <varname>maxusers</varname> are now also
274 tunables and can be overridden at boot-time. The
275 <varname>hz</varname> parameter is also now a
276 tunable. &merged;</para>
278 <para role="historic">Specifying a value of <literal>0</literal> for the
279 <varname>maxusers</varname> kernel configuration parameter will
280 now cause an appropriate value to be calculated at boot-time
281 (between 32 and 384, depending on the amount of memory present).
282 This value is now the default for all
283 <filename>GENERIC</filename> kernels. &merged;</para>
285 <para arch="alpha" role="historic">A <varname>MAXMEM</varname> kernel option,
286 along with the <varname>hw.physmem</varname> loader tunable, can
287 be used to artificially reduce the memory size of a machine for
288 testing (or other purposes). &merged;</para>
290 <para role="historic">The kernel configuration parameters
291 <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>,
292 <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>,
293 <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are
294 all loader tunables (<varname>kern.maxtsiz</varname>,
295 <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para>
297 <para>&man.mutex.9; profiling code has been added, enabled by the
298 <literal>MUTEX_PROFILING</literal> kernel configuration option.
299 It enables the <varname>debug.mutex.prof.*</varname> hierarchy
300 of sysctl variables.</para>
302 <para arch="i386,pc98" role="historic">The <literal>NCPU</literal>,
303 <literal>NAPIC</literal>, <literal>NBUS</literal>, and
304 <literal>NINTR</literal> kernel configuration options,
305 for configuring SMP kernels, have been removed.
306 <literal>NCPU</literal> is now set to a maximum of 16,
307 and the other, aforementioned options are now
308 dynamic. &merged;</para>
310 <para role="historic">A &man.nmdm.4; null-modem terminal driver has been added.
313 <para role="historic">The <literal>O_DIRECT</literal> flag has been added to
314 &man.open.2; and &man.fcntl.2;. Specifying this flag for open
315 files will attempt to minimize the cache effects of reading and
316 writing. &merged;</para>
318 <para role="historic">An &man.orm.4; device has been added to claim the option
319 ROMs in the ISA memory I/O space, to prevent other drivers from
320 mistakenly assigning addresses that conflict with these
321 ROMs. &merged;</para>
323 <para>The <literal>P1003_1B</literal> kernel option is no longer
324 used and has been removed.</para>
326 <para arch="i386,pc98">PECOFF (Win32 Execution file format) support has
329 <para arch="pc98" role="historic">The pmc driver, which supports the power
330 management controller of the NEC PC-98NOTE, has been
331 added. &merged;</para>
333 <para role="historic">POSIX.1b Shared Memory Objects are now supported. The
334 implementation uses regular files, but automatically enables the
335 MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para>
337 <para role="historic">Replaced the <literal>PQ_*CACHE</literal> options with a
338 single <literal>PQ_CACHESIZE</literal> option to be set to the
339 cache size in kilobytes. The old options are still supported
340 for backwards compatibility. &merged;</para>
342 <para arch="i386,pc98" role="historic">The &man.puc.4; (PCI <quote>Universal</quote>
343 Communications) driver has been added, to help connect PCI-based
344 serial ports to the &man.sio.4; driver. &merged;</para>
346 <para>The &man.random.4; device has been rewritten to use the
347 <application>Yarrow</application> algorithm. It harvests
348 entropy from a variety of interrupt sources, including the
349 console devices, Ethernet and point-to-point network interfaces,
350 and mass-storage devices. Entropy from the &man.random.4;
351 device is now periodically saved to files in
352 <filename>/var/db/entropy</filename>, as well as at shutdown
353 time. The semantics of <filename>/dev/random</filename> have
354 changed; it never blocks waiting for entropy bits but generates
355 a stream of pseudo-random data and now behaves exactly as
356 <filename>/dev/urandom</filename>.</para>
358 <para>A new kernel option, <literal>options REGRESSION</literal>,
359 enables interfaces and functionality intended for use during
360 correctness and regression testing.</para>
362 <para><literal>RLIMIT_VMEM</literal> support has been added. This
363 feature defines a new resource limit that covers a process's
364 entire virtual memory space, including &man.mmap.2; space. This
365 limit can be configured in &man.login.conf.5; via the new
366 <varname>vmemoryuse</varname> variable. &merged;</para>
368 <para arch="sparc64">Support has been added for SBus-based
371 <para arch="sparc64">The sab driver, which supports the Siemens
372 SAB82532 serial chip found on many newer Sparc Ultra machines,
373 has been added.</para>
375 <para>A bug in the &man.sendfile.2; system call, in which headers
376 counted against the size of the file to be sent, has been
377 fixed. &merged;</para>
379 <para role="historic">The &man.snp.4; device is no longer static and can now be
380 compiled as a module. &merged;</para>
382 <para arch="i386" role="historic">The &man.spic.4; driver, which provides access
383 to the Jog Dial device on some Sony laptops, has been
384 added. &man.moused.8; support for this device has also been
385 added. &merged;</para>
387 <para>The &man.syscons.4; driver now supports keyboard-controlled
388 pasting, by default bound to
389 <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para>
391 <para role="historic">Support for USB devices was added to the
392 <filename>GENERIC</filename> kernel and to the installation
393 programs to support USB devices out of the box. Note that SRM
394 does not support USB devices at the moment, so you must still
395 use an AT keyboard if you are not using a serial
396 console. &merged;</para>
398 <para>The uaudio driver, for USB audio devices, has been
399 added. &merged;</para>
401 <para arch="i386,pc98">The ubsa driver has been added to support
402 the Belkin F5U103 (and compatible) USB-to-serial adaptors.</para>
404 <para arch="i386,pc98" role="historic">The &man.umodem.4; driver for USB modems
405 has been added. Support is provided for the 3Com 5605 and
406 Metricom Ricochet GS wireless USB modems. &merged;</para>
408 <para arch="i386,pc98" role="historic">The &man.uscanner.4; driver for basic USB
409 scanner support using SANE has been added. See <ulink
410 url="http://www.mostang.com/sane/">the SANE home page</ulink>
411 for supported scanners. The HP ScanJet 4100C, 5200C and 6300C
412 are known to be working. &merged;</para>
414 <para>The &man.ucom.4; device driver has been added, to support USB
415 modems, serial devices, and other programs that need to look
416 like a tty. The related &man.uftdi.4;, &man.uplcom.4;, &man.uvscom.4; drivers provide specific
417 support for FTDI serial adapters, the Prolific PL-2303 serial adapter and the SUNTAC
418 Slipper U VS-10U, respectively. &merged;</para>
420 <para>To increase security, the <literal>UCONSOLE</literal> kernel
421 configuration option has been removed.</para>
423 <para arch="i386,pc98">The UserConfig boot-time kernel configuration
424 feature, usually used to enable, disable, or configure ISA
425 devices, has been removed. Its functionality has been replaced
426 by the kernel hints file in
427 <filename>/boot/device.hints</filename>.</para>
429 <para>The <literal>USER_LDT</literal> kernel option is now
430 activated by default.</para>
432 <para>The &man.uvisor.4; driver for connecting Handspring Visors via USB
433 has been added. &merged;</para>
435 <para>A VESA S3 linear framebuffer driver has been added.</para>
437 <para arch="i386" role="historic">The &man.viapm.4; driver for VIA SMBus
438 power management controllers has been added. &merged;</para>
440 <!-- Above this line, sort kernel changes by manpage/keyword-->
442 <para role="historic">Write combining for crashdumps has been implemented. This
443 feature is useful when write caching is disabled on both SCSI
444 and IDE disks, where large memory dumps could take up to an hour
445 to complete. &merged;</para>
447 <para>The kernel crashdump infrastructure has been revised, to
448 support new platforms and in general clean up the logic in the
449 code. One implication of this change is that the on-disk format
450 for kernel dumps has changed, and is now
451 byte-order-agnostic.</para>
453 <para>Extremely large swap areas (>67 GB) no longer panic the
456 <para arch="alpha">Support for threads under Linux emulation has
459 <para role="historic">The <maketarget>buildkernel</maketarget> target now gets the
460 name of the configuration(s) to build from the
461 <varname>KERNCONF</varname> variable, not
462 <varname>KERNEL</varname>. It is no longer required, in some
463 cases, for a <maketarget>buildworld</maketarget> to precede a
464 <maketarget>buildkernel</maketarget>. (The
465 <maketarget>buildworld</maketarget> is still required when
466 upgrading across major releases, across
467 <application>binutil</application> updates and when
468 &man.config.8; changes version.) &merged;</para>
470 <para role="historic">The out-of-swap process termination code now begins killing
471 processes earlier to avoid deadlocks; it now also takes into
472 account the swap space used by processes when computing the
473 process sizes. &merged;</para>
475 <para>Linker sets are now self-contained; gensetdefs(8) is
476 unnecessary and has been removed.</para>
478 <para role="historic">Network device cloning has been implemented, and the
479 &man.gif.4; device has been modified to take advantage of it.
480 Thus, instead of specifying how many &man.gif.4; interfaces are
481 available in kernel configuration files, &man.ifconfig.8;'s
482 <option>create</option> option should be used when another device
483 instance is desired. &merged;</para>
485 <para>It is now possible to hardwire kernel environment variables
486 (such as tunables) at compile-time using &man.config.8;'s
487 <literal>ENV</literal> directive.</para>
489 <para>Idle zeroing of pages can be enabled with the
490 <varname>vm.idlezero_enable</varname> sysctl variable.</para>
492 <para arch="i386,pc98" role="historic">The load addresses of kernels are now exported
493 to the symbol table and various hard-coded constants have been
494 removed so that utilities such as &man.ps.1; can work with
495 kernels compiled at different addresses. &merged;</para>
497 <para role="historic">Coredumps of large processes (or of a large number of
498 processes) no longer lock up the machine for long periods of
499 time. &merged;</para>
501 <para>The &os; kernel scheduler now supports Kernel-Scheduled
502 Entities (KSEs), which provides support for multiple threads of
503 execution per process similar to Scheduler Activations. At this
504 point, the kernel has most of the changes needed to support
505 threading. The kernel scheduler can schedule multiple threads per
506 process, but only on a single CPU at a time. More information
507 can be found in &man.kse.2;.
510 <para>KSE is a work in progress.</para>
515 <para>The kernel now has support for multiple low-level console
516 devices. The new &man.conscontrol.8; utility helps to manage
517 the different consoles.</para>
519 <para arch="alpha">The console driver has gained support for
520 TGA-based display adapters.</para>
522 <para role="historic">The kernel on the installation CDs is now separated from the
523 <filename>mfsroot</filename> image. This permits the use of a
524 full kernel when installing from CD on machines that support CD
525 booting (instead of the stripped-down kernel used on
526 floppies). &merged;</para>
528 <para role="historic">The system load average computation now adds some jitter to
529 the timing of samples, in order to avoid synchronization with
530 processes that run periodically. &merged;</para>
532 <para role="historic">If a debugging kernel with modules is being built
533 (i.e. using <literal>makeoptions DEBUG=-g</literal>), the
534 modules will now be built with debugging support as well, for
535 completeness. A side effect of this change is that modules
536 built and installed with debugging kernels will now occupy more
537 space on disk than they did previously. &merged;</para>
539 <para role="historic">The kernel dump device can now be set via the
540 <varname>dumpdev</varname> loader tunable. As a result, it is
541 now possible to obtain crash dumps from panics during the late
542 stages of kernel initialization (before the system enters into
543 single-user mode). &merged;</para>
545 <para>The kernel memory allocator is now a slab memory allocator,
546 similar to that used in Solaris. This is a SMP-safe memory
547 allocator that has near-linear performance as the number of CPUs
548 increases. It also allows for reduced memory
549 fragmentation.</para>
552 <title>Processor/Motherboard Support</title>
554 <para>SMP support has been largely reworked, incorporating code
555 from BSD/OS 5.0. One of the main features of SMPng
556 (<quote>SMP Next Generation</quote>) is to allow more
557 processes to run in kernel, without the need for spin locks
558 that can dramatically reduce the efficiency of multiple
559 processors. Interrupt handlers now have contexts associated
560 with them that allow them to be blocked, which reduces the
561 need to lock out interrupts.</para>
563 <para arch="i386,pc98">Support for the 80386 processor has been
564 removed from the <filename>GENERIC</filename> kernel, as this
565 code seriously pessimizes performance on other IA32
567 The <literal>I386_CPU</literal> kernel option
568 to support the 80386 processor is now mutually exclusive with
569 support for other IA32 processors; this should slightly
570 improve performance on the 80386 due to the elimination of
571 runtime processor type checks.
572 Custom kernels that will run on the 80386 can
573 still be built by changing the CPU options in the kernel
574 configuration file to only include
575 <literal>I386_CPU</literal>.</para>
577 <para arch="alpha" role="historic">AlphaServer 1200 (<quote>Tincup</quote>) has
578 been tested and works OK. Currently it does not want to boot
579 from CD or floppy but a transplanted disk that was installed
580 on another Alpha works well. &merged;</para>
582 <para arch="alpha">The API UP1100 mainboard has been verified to
585 <para arch="alpha">The API CS20 1U high server has been verified
588 <para arch="alpha">Support for AlphaServer 2100A
589 (<quote>Lynx</quote>) has been added.</para>
591 <para arch="alpha">Kernel code has been added that allows older
592 generation Alpha CPUs (EV4 and EV5) to emulate instructions of
593 the newer Alpha CPU generations. This enables the use of
594 binary-only programs like <application>Adobe Acrobat
595 4</application> on EV4 and EV5.</para>
597 <para arch="alpha">SMP support for the Alpha is now operational.</para>
599 <para arch="i386" role="historic">Detection for new processors, such as the
600 FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and
601 Transmeta Crusoe LongRun, has been added. &merged;</para>
603 <para arch="alpha">Support for the following hardware has been
604 removed from the installation kernel to make it fit on a
605 1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine,
606 sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595),
607 pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS
608 900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb
609 (Winbond W89C840F).</para>
611 <para arch="i386" role="historic">Support for Streaming <acronym>SIMD</acronym>
612 Extensions (<acronym>SSE</acronym>) has been introduced. The
613 <literal>CPU_ENABLE_SSE</literal> kernel option controls
614 whether support is compiled into the kernel. &merged;</para>
616 <para arch="i386" role="historic">The <literal>CPU_ATHLON_SSE_HACK</literal>
617 kernel option has been added, which attempts to enable the SSE
618 feature bit on newer Athlon CPUs if the BIOS has forgotten to
619 enable it. &merged;</para>
621 <para arch="sparc64">The UltraSPARC platform is now supported by
622 &os;. The following machines are supported to at least some
623 degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade
624 100. SMP is supported, and has been tested on the
625 Ultra 2, Ultra 60, Enterprise 220R, and
626 Enterprise 420R.</para>
628 <para arch="i386">On some systems, the BIOS does not activate
629 the I/O ports and memory of PC devices, thus making them
630 unusable. The <varname>hw.pci.enable_io_modes</varname>
631 sysctl/boot loader variable (which defaults to
632 <literal>1</literal>, for <quote>enabled</quote>)
633 forces &os; to enable these devices so that they can be
636 <para arch="alpha">Support for TurboChannel Alphas has been
639 <para arch="i386">Support for the AMD Élan SC520 has been
640 added; this requires the <literal>CPU_ELAN</literal> option in
641 the kernel configuration file. &merged;</para>
643 <para arch="i386,pc98">The <literal>CPU_DISABLE_CMPXCHG</literal>
644 kernel configuration option has been added. Enabling this
645 option has been shown to dramatically improve performance on
646 VMWare client OS installs.
649 <para>This option is not compatible with
650 <literal>SMP</literal> kernels.</para>
658 <title>Bootloader Changes</title>
660 <para arch="i386" role="historic"><filename>boot2</filename> now supports a
661 <option>-n</option> option to disallow boot interruption by
662 keypresses. &merged;</para>
664 <para arch="i386" role="historic">A new <filename>cdboot</filename> bootstrap
665 utility for CDROMs provides better compatability with some
666 BIOS implementations that do not completely implement the El
667 Torito bootable CDROM standard. This boot loader supports
668 <quote>no emulation</quote> mode booting, thus eliminating the
669 need for an emulated floppy disk image on a bootable
670 CDROM. &merged;</para>
672 <para arch="i386,pc98" role="historic">The i386 boot loader now has support for a
673 <literal>nullconsole</literal> console type, for use on
674 systems with neither a video console nor a serial
675 port. &merged;</para>
677 <para arch="i386,pc98" role="historic">The &man.loader.8; now has optional support
678 (enabled at compile-time, off by default) for loading
679 <application>bzip2</application>-compressed kernels and
680 modules. &merged;</para>
682 <para arch="i386" role="historic">Support for Intel's Wired for Management 2.0
683 (PXE) was added to the &os; boot loader. Due to API
684 differences, the older PXE versions are not supported. This
685 allow network booting using DHCP. &merged;</para>
687 <!-- Above this line, order bootloader changes by keyword-->
689 <para arch="i386" role="historic">The &os; boot loader now contains a workaround
690 to support CDROM booting on certain IBM BIOSs that expect the
691 first sector of the emulated floppy to contain a valid MS-DOS
692 BPB that they can modify. &merged;</para>
694 <para arch="i386,pc98" role="historic">The &os; boot loader now supports a
695 <option>-p</option> flag to force the kernel to pause after
696 each line of output during the probing phase. &merged;</para>
698 <para arch="alpha,i386" role="historic">The &os; boot loader is now capable of
699 booting from filesystems with block sizes larger than
702 <para>The kernel and modules have been moved to the directory
703 <filename>/boot/kernel</filename>, so they can be easily
704 manipulated together. The boot loader has been updated to
705 make this change as seamless as possible.</para>
707 <para arch="alpha,i386,pc98,sparc64">The boot loader now
708 supports loading kernels from both UFS1 and UFS2
714 <title>Network Interface Support</title>
716 <para role="historic">The &man.an.4; driver for Cisco Aironet cards now supports
717 Wired Equivalent Privacy (WEP) encryption, settable via
718 &man.ancontrol.8;. &merged;</para>
720 <para role="historic">The &man.an.4; driver now supports the Cisco Aironet 350
721 series of adaptors. &merged;</para>
723 <para role="historic">The &man.an.4; driver now supports <quote>monitor</quote>
724 mode, settable via the <option>-M</option> option to
725 &man.ancontrol.8;. &merged;</para>
727 <para role="historic">The &man.an.4; driver now supports Cisco LEAP, as well as
728 the <quote>Home</quote> WEP key. The Linux Aironet utilities
729 are now supported under emulation. &merged;</para>
731 <para arch="i386,pc98" role="historic">Generic support for ARCNET token-based
732 networks has been added. &merged;</para>
734 <para arch="i386,pc98" role="historic">The &man.bge.4; driver has been added to
735 support the Broadcom BCM570x family of Gigabit Ethernet
736 controllers, including the 3Com 3c996-T, the SysKonnect
737 SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on
738 Dell PowerEdge 2550 servers. Output TCP/IP checksum offload,
739 jumbo frames and VLAN tag insertion/stripping are supported,
740 as well as interrupt moderation. &merged;</para>
742 <para arch="i386" role="historic">The cm driver has been added to support SMC
743 COM90cx6 ARCNET network adapters. &merged;</para>
745 <para>The &man.dc.4; driver now supports NICs based on the Xircom
746 3201 and Conexant LANfinity RS7112 chips.</para>
748 <para role="historic">The &man.dc.4; driver now has support for
749 VLANs. &merged;</para>
751 <para role="historic">The &man.de.4; driver now performs round-robin arbitration
752 between the transmit and receive units of the 21143, instead
753 of giving priority to the receive unit. This gives a
754 10–15% performance improvement in the forwarding rate
755 under heavy load. &merged;</para>
757 <para arch="alpha">The &man.ed.4; driver is now supported.</para>
759 <para arch="i386,pc98" role="historic">Linksys Fast Ethernet PCCARD cards supported
760 by the &man.ed.4; driver now require the addition of flag
761 <literal>0x80000</literal> to their config line in
762 &man.pccard.conf.5;. This flag is not optional. These
763 Linksys cards will not be recognized without
766 <para role="historic">A bug in the &man.ed.4; driver that could cause panics
767 with very short packets and BPF or bridging active has been
768 fixed. &merged;</para>
770 <para role="historic">The &man.ed.4; driver now has support for D-Link DL10022
771 chips, necessary for the NetGear FA-410TX and other cards. As
772 a result, <literal>device miibus</literal> is required in
773 kernel configurations using the &man.ed.4;
774 driver. &merged;</para>
776 <para arch="i386">The &man.el.4; driver can now be loaded as a
779 <para arch="i386,pc98,ia64" role="historic">The &man.em.4; driver has been added to
780 support NICs based on the Intel 82542, 82543, 82544, 82545EM,
782 Gigabit Ethernet controller chips. The driver has VLAN
783 support, and also supports
784 transmit/receive checksum offload and jumbo frames on 82543
785 and 82544-based adapters. &merged;</para>
787 <para role="historic">The &man.faith.4; device is now loadable, unloadable, and
788 clonable. &merged;</para>
790 <para arch="i386,pc98" role="historic">Support for Fujitsu MB86960A/MB86965A based
791 Ethernet PC-Cards has been added back in the &man.fe.4;
792 driver. &merged;</para>
794 <para arch="alpha" role="historic">The &man.fpa.4; driver now supports Digital's
795 DEFPA FDDI adaptors on the Alpha. &merged;</para>
797 <para role="historic">The &man.fxp.4; driver now requires a <literal>device
798 miibus</literal> entry in the kernel configuration
799 file. &merged;</para>
801 <para role="historic">The &man.fxp.4; driver now contains a workaround for PCI
802 protocol violations caused by defects in some systems based on
803 the Intel ICH2/ICH2-M chip. The workaround is to rewrite the
804 EEPROM on the interface to disable Dynamic Standby Mode; once
805 the EEPROM is rewritten, the system needs to be rebooted for
806 the new settings to take effect. &merged;</para>
808 <para role="historic">The &man.fxp.4; driver now supports Intel's loadable
809 microcode to implement receive-side interrupt coalescing and
810 packet bundling, on NICs that support these features. This
811 support can be activated by the use of the
812 <option>link0</option> option to
813 &man.ifconfig.8;. &merged;</para>
815 <para arch="sparc64">The gem driver has been added to support
816 the Sun GEM Gigabit Ethernet and ERI Fast Ethernet
819 <para role="historic">The &man.gx.4; driver has been added to support NICs based
820 on the Intel 82542 and 82543 Gigabit Ethernet controller
821 chips. Both fiber and copper variants of the cards are
822 supported. Both boards support VLAN tagging/insertion, and
823 the 82543 additionally supports TCP/IP checksum
824 offload. &merged;</para>
826 <para arch="sparc64">The hme driver has been added to support
827 the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra
828 series machines.</para>
830 <para>The &man.lmc.4; driver has been added to support LAN Media
831 Corp WAN adapters based on the DEC <quote>Tulip</quote> PCI
832 Fast Ethernet controller.</para>
834 <para role="historic">The &man.lge.4; driver has been added to support the Level
835 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This
836 device is used on some fiber optic GigE cards from SMC, D-Link
837 and Addtron. Jumbograms and TCP/IP checksum offload on
838 receive are supported, although hardware VLAN filtering is
841 <para role="historic">The my driver, which supports the Myson Fast Ethernet and
842 Gigabit Ethernet adapters, has been added. &merged;</para>
844 <para role="historic">Added the &man.nge.4; driver, which supports PCI Gigabit
845 Ethernet adapters based on the National Semiconductor DP83820
846 and DP83821 Gigabit Ethernet controller chips, including the
847 D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante
848 FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T.
849 This driver supports transmit and receive checksum
850 offloading. &merged;</para>
852 <para role="historic">The &man.pcn.4; driver, which supports the AMD PCnet/FAST,
853 PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and
854 HomePNA adapters, has been added. Although these cards are
855 already supported by the &man.lnc.4; driver, the &man.pcn.4;
856 driver runs these chips in 32-bit mode and uses the RX
857 alignment feature to achieve zero-copy receive. This driver
858 is also machine-independent, so it will work on the i386,
859 pc98 and Alpha platforms. The &man.lnc.4; driver is still needed
860 to support non-PCI cards. &merged;</para>
862 <para role="historic">The &man.ray.4; driver, which supports the Webgear Aviator
863 wireless network cards, has been committed. The operation of
864 &man.ray.4; interfaces can be modified by
865 &man.raycontrol.8;. &merged;</para>
867 <para arch="i386,pc98">The &man.rp.4; driver has been updated to
868 version 3.02 and can now be built as a module. &merged;</para>
870 <para arch="i386" role="historic">The sbni driver, for supporting the Granch
871 SBNI12 series of ISA and PCI point-to-point communications
872 interfaces, has been added. The <filename
873 role="package">sysutils/sbniconfig</filename> port in the &os;
874 Ports Collection can be used for configuring these
875 devices. &merged;</para>
877 <para role="historic">Added support for PCI Ethernet adapters based on the SiS
878 900 and SiS 7016 Fast Ethernet controller chips (for example,
879 as seen on the SiS 635 and 735 motherboard chipsets), as well
880 as the National Semiconductor DP83815 chipset (including the
881 NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4;
882 driver. This device has support for VLANs. &merged;</para>
884 <para arch="pc98" role="historic">The snc driver for the National Semiconductor
885 DP8393X (SONIC) Ethernet controller has been added.
886 Currently, this driver is only used on the PC-98
887 architecture. &merged;</para>
889 <para>The &man.stf.4; device is now clonable.</para>
891 <para role="historic">The &man.tap.4; driver, a virtual Ethernet device driver
892 for bridged configurations, has been added. This device is
893 clonable. &merged;</para>
895 <para role="historic">The &man.ti.4; driver now supports the Alteon AceNIC
896 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT
897 Gigabit cards. &merged;</para>
899 <para role="historic">The &man.ti.4; driver correctly masks VLAN tags. &merged;</para>
901 <para>The &man.tx.4; driver now supports true multicast
904 <para role="historic">The &man.txp.4; driver has been added to support NICs
905 based on the 3Com 3XP Typhoon/Sidewinder (3CR990)
906 chipset. &merged;</para>
908 <para role="historic">&man.vlan.4; devices are now loadable, unloadable, and
909 clonable. &merged;</para>
911 <para role="historic">The &man.wi.4; driver now has support for Prism II and
912 Prism 2.5-based NICs. 104/128-bit WEP now works on Prism
913 cards. &merged;</para>
915 <para role="historic">The &man.wi.4; driver now supports using a &os; host as
916 a wireless access point. This functionality can be enabled
917 using the <literal>mediaopt hostap</literal> option of
918 &man.ifconfig.8;. This feature requires a wireless
919 adapter based on the Prism II chipset. &merged;</para>
921 <para role="historic">The &man.wi.4; driver now has support for
922 <application>bsd-airtools</application>. &merged;</para>
924 <para role="historic">The xe driver can now be built as a
925 module. &merged;</para>
927 <para role="historic">The &man.xl.4; driver now supports the 3Com 3C556 and
928 3C556B MiniPCI adapters used on some laptops. &merged;</para>
930 <para role="historic">The &man.xl.4; driver now supports reception of VLAN
931 tagged frames (on the <quote>Cyclone</quote> or newer
932 chipsets). &merged;</para>
934 <para role="historic">The &man.xl.4; driver now supports send- and receive-side
935 TCP/IP checksum offloading for NICs implementing this feature,
936 such as the 3C905B, 3C905C, and 3C980C. &merged;</para>
938 <para role="historic">A bug in the &man.xl.4; driver, related to statistics
939 overflow interrupt handling, was causing slowdowns at medium
940 to high packet rates; this has been fixed. &merged;</para>
942 <para role="historic">The per-interface <varname>ifnet</varname> structure now
943 has the ability to indicate a set of capabilities supported by
944 a network interface, and which ones are enabled.
945 &man.ifconfig.8; has support for querying these
946 capabilities. &merged;</para>
948 <para role="historic">Performance with hosts having a large number of IP aliases
949 has been improved, by replacing the per-interface
950 <varname>if_inaddr</varname> linear list with a hash table. &merged;</para>
952 <para>Network devices now automatically appear as special files in
953 <filename>/dev/net</filename>. Interface hardware ioctls (not
954 protocol or routing) can be performed on these devices. The
955 <varname>SIOCGIFCONF</varname> ioctl may be performed on the
956 special <filename>/dev/network</filename> node.</para>
958 <para role="historic">Selected network drivers now implement a semi-polling
959 mode, which makes systems much more resilient to attacks and
960 overloads. To enable polling, the following options are
961 required in a kernel configuration file:
963 <programlisting>options DEVICE_POLLING
964 options HZ=1000 # not compulsory but strongly recommended</programlisting>
966 The <varname>kern.polling.enable</varname> sysctl variable
967 will then activate polling mode; with the
968 <varname>kern.polling.user_frac</varname> sysctl indicating
969 the percentage of CPU time to be reserved for userland. The
970 devices initially supporting polling are &man.dc.4;,
971 &man.fxp.4;, &man.nge.4;, &man.rl.4;, and &man.sis.4;. More details can be found in
972 the &man.polling.4; manual page. &merged;</para>
974 <para arch="i386,pc98" role="historic">The packet-forwarding performance of certain
975 network drivers (specifically &man.dc.4; and &man.sis.4;) has
976 been enhanced by the elimination of unnecessary buffer
977 copies. &merged;</para>
979 <para><quote>Zero copy</quote> support has been added to the
980 networking stack. This feature can eliminate a copy of
981 network data between the kernel and userland, which is one of
982 the more significant bottlenecks in network throughput.
983 The send-side code should work with almost any network
984 adapter, while the receive-side code requires a network
985 adapter with an MTU of at least one memory page size (for
986 example, jumbo frames on Gigabit Ethernet). For more
987 information, see &man.zero.copy.9;.</para>
991 <title>Network Protocols</title>
993 <para role="historic">&man.accept.filter.9;, a kernel feature to reduce
994 overheads when accepting and reading new connections on
995 listening sockets, has been added. &merged;</para>
997 <para role="historic">The <literal>proxy</literal> modifier to &man.arp.8;'s
998 <option>-d</option> option has been renamed to
999 <literal>pub</literal>, for consistency with the
1000 <option>-s</option> option. The <literal>only</literal> keyword
1001 has been added to the <option>-s</option> and
1002 <option>-S</option> flags, to be used in creating
1003 <quote>proxy-only</quote> published entries. &merged;</para>
1005 <para role="historic">The read timeout feature of &man.bpf.4; now works more
1006 correctly with &man.select.2;/&man.poll.2;, and therefore with
1007 pthreads. &merged;</para>
1009 <para role="historic">&man.bridge.4; and &man.dummynet.4; have received some
1010 enhancements and bug fixes, and are now loadable
1011 modules. &merged;</para>
1013 <para role="historic">&man.bridge.4; now has better support for multiple,
1014 fully-independent bridging clusters, and is much more stable
1015 in the presence of dynamic attachments and detatchments. Full
1016 support for VLANs is also supported. &merged;</para>
1018 <para>A <literal>FAST_IPSEC</literal> kernel option now allows
1019 the IPsec implementation to use the kernel &man.crypto.4; framework,
1020 along with its support for hardware cryptographic
1023 <para>The <literal>FAST_IPSEC</literal> and
1024 <literal>IPSEC</literal> options are mutually
1029 <para>The <literal>FAST_IPSEC</literal> option is, at the
1030 moment, not compatible with IPv6 or the
1031 <literal>INET6</literal> option.</para>
1036 <para>A &man.gre.4; driver, which can encapsulate IP packets
1037 using GRE (RFC 1701) or minimal IP encapsulation for Mobile IP
1038 (RFC 2004), has been added. &merged;</para>
1040 <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP
1041 RSTs generated due to packets sent to open and unopen ports
1042 are now limited by separate counters. Each rate limiting
1043 queue now has its own description.</para>
1045 <para role="historic">ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can
1046 now RST TCP connections in the <literal>SYN_SENT</literal>
1047 state if the correct sequence numbers are sent back, as
1049 <varname>net.inet.tcp.icmp_may_rst</varname> sysctl. &merged;</para>
1051 <para>ICMP Source Quench messages are no longer generated for
1052 forwarded packets. The old behavior can be re-enabled with
1053 the <varname>net.inet.ip.sendsourcequench</varname> sysctl
1056 <para>IP multicast now works on VLAN devices. Several other
1057 bugs in the VLAN code have also been fixed.</para>
1059 <para role="historic">A bug in the IPsec processing for IPv4, which caused the
1060 inbound SPD checks to be ignored, has been fixed. &merged;</para>
1062 <para role="historic">&man.ipfw.4; now filters correctly in the presence of ECN
1063 bits in TCP segments. &merged;</para>
1065 <para>&man.ipfw.4; has been re-implemented (the new version is
1066 commonly referred to as <quote>IPFW2</quote>). It now uses
1067 variable-sized representation of rules in the kernel, similar
1068 to &man.bpf.4; instructions. Most of the externally-visible
1069 behavior (i.e. through &man.ipfw.8;) should be unchanged,
1070 although &man.ipfw.8; now supports <literal>or</literal>
1071 connectives between match fields. &merged;</para>
1073 <para role="historic">A new ng_eiface netgraph module has been added, which
1074 appears as an Ethernet interface but delivers its Ethernet
1075 frames to a Netgraph hook. &merged;</para>
1077 <para>A new &man.ng.device.4; netgraph node type has been added,
1078 which creates a device entry in <filename>/dev</filename>, to
1079 be used as the entry point to a networking graph.</para>
1081 <para role="historic">A new &man.ng.etf.4; netgraph node allows Ethernet type
1082 packets to be filtered to different hooks depending on
1083 ethertype. &merged;</para>
1085 <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph
1086 nodes, for operating on &man.gif.4; devices, have been
1089 <para>The &man.ng.ip.input.4; netgraph node, for queueing IP
1090 packets into the main IP input processing code, has been
1093 <para>A new &man.ng.l2tp.4; netgraph node type, which implements
1094 the encapsulation layer of the L2TP protocol as described in
1095 RFC 2661, has been added. &merged;</para>
1097 <para role="historic">The &man.ng.mppc.4; and &man.ng.bridge.4; node types have
1098 been added to the &man.netgraph.4; subsystem. The
1099 &man.ng.ether.4; node is now dynamically loadable.
1100 Miscellaneous bug fixes and enhancements have also been
1101 made. &merged;</para>
1103 <para role="historic">A new netgraph node type &man.ng.one2many.4; for
1104 multiplexing and demultiplexing packets over multiple links
1105 has been added. &merged;</para>
1107 <para>A new ng_split node type has been added for splitting a
1108 bidirectional packet flow into two unidirectional flows.</para>
1110 <para role="historic">A new sysctl
1111 <varname>net.inet.ip.check_interface</varname>, which is on by
1112 default, causes IP to verify that an incoming packet arrives
1113 on an interface that has an address matching the packet's
1114 destination address. &merged;</para>
1116 <para role="historic">A new sysctl
1117 <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has
1118 been added to control the suppression of logging when ARP
1119 replies arrive on the wrong interface. &merged;</para>
1121 <para role="historic">A new <literal>options RANDOM_IP_ID</literal> kernel
1122 option causes the ID field of IP packets to be randomized.
1123 This closes a minor information leak which allows a remote
1124 observer to determine the rate at which the machine is
1125 generating packets, since the default behavior is to increment
1126 a counter for each packet sent. &merged;</para>
1128 <para arch="alpha">SLIP has been removed from the
1129 <filename>mfsroot</filename> floppy image.</para>
1131 <para role="historic">TCP has received some bug fixes for its delayed ACK
1132 behavior. &merged;</para>
1134 <para role="historic">TCP now supports the NewReno modification to the TCP Fast
1135 Recovery algorithm. This behavior can be controlled via the
1136 <varname>net.inet.tcp.newreno</varname> sysctl
1137 variable. &merged;</para>
1139 <para role="historic">TCP now uses a more aggressive timeout for initial SYN
1140 segments; this allows initial connection attempts to be
1141 dropped much faster. &merged;</para>
1143 <para role="historic">The <literal>TCP_COMPAT_42</literal> kernel option has
1144 been removed. &merged;</para>
1146 <para role="historic">The <literal>TCP_RESTRICT_RST</literal> kernel option has
1147 been removed. Similar functionality can be achieved with the
1148 <varname>net.inet.tcp.blackhole</varname> sysctl
1149 variable. &merged;</para>
1151 <para role="historic">TCP now has RFC 1323 extensions enabled by default in
1152 &man.rc.conf.5;. &merged;</para>
1154 <para role="historic">RFC 1323 and RFC 1644 TCP extensions are now disabled for
1155 a connection in progress if no response has been received by
1156 the third SYN segment sent. This behavior tries to work
1157 around (very old) terminal servers with buggy VJ header
1158 compression implementations. &merged;</para>
1160 <para role="historic">The TCP implementation no longer requires the allocation
1161 of a TCP template structure for each connection; this should
1162 reduce the buffer usage on large systems handling many
1163 connections. &merged;</para>
1165 <para role="historic">TCP's default buffer sizes, controlled by the
1166 <varname>net.inet.tcp.sendspace</varname> and
1167 <varname>net.inet.tcp.recvspace</varname> sysctl variables,
1168 have been increased to 32K and 64K respectively. Previously,
1169 the default for both buffer sizes was 16K. To try to avoid
1170 increasing congestion, the default value for
1171 <varname>net.inet.tcp.local_slowstart_flightsize</varname> has
1172 been changed from infinity to 4. &merged;
1175 <para>On busy hosts, the new larger buffer sizes may require
1176 manually increasing the
1177 <varname>NMBCLUSTERS</varname> parameter, either in the
1178 kernel configuration file or via the
1179 <varname>kern.ipc.nmbclusters</varname> loader tunable.
1180 <command>netstat -mb</command> can be used to monitor the
1181 state of mbuf clusters.</para>
1185 <para role="historic">TCP now supports RFC 1948 (Defending Against Sequence
1186 Number Attacks). The
1187 <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl
1188 variable controls the reseeding of the secret data used in
1189 the RFC 1948 initial sequence number calculations. &merged;</para>
1191 <para role="historic">The TCP implementation in &os; now implements a cache of
1192 outstanding, received SYN segments. Incoming SYN segments now
1193 cause entries to be placed in the cache until the TCP
1194 three-way handshake is complete, at which point, memory is
1195 allocated for the connection as usual. In addition, all TCP
1196 Initial Sequence Numbers (ISNs) are used as cookies, allowing
1197 entries in the cache to be dropped, but still have their
1198 corresponding ACKs accepted later. The combination of the
1200 <quote>syncache</quote> and <quote>syncookies</quote> features
1201 makes a host much more resistant to TCP-based Denial of
1202 Service attacks. Work on this feature was sponsored by DARPA
1203 and NAI Labs. &merged;</para>
1205 <para role="historic">A bug in the TCP implementation, which could cause
1206 connections to stall if a sender saw a zero-sized window, has
1207 been corrected. &merged;</para>
1209 <para role="historic">The TCP implementation now properly ignores packets
1210 addressed to IP-layer broadcast addresses. &merged;</para>
1212 <para>The ephemeral port range used for TCP and UDP has been
1213 changed to 49152–65535 (the old default was
1214 1024–5000). This increases the number of concurrent
1215 outgoing connections/streams.</para>
1217 <para>The &man.tcp.4; protocol's retransmission timer can now be
1218 manipulated with two sysctl variables,
1219 <varname>net.inet.tcp.rexmit_min</varname> and
1220 <varname>net.inet.tcp.rexmit_slop</varname>. The default has
1221 been reduced from one second to 200ms (similar to the Linux default)
1222 in order to better handle hiccups over interactive connections and
1223 improve recovery over lossy fast connections such as wireless links.</para>
1225 <para>The &man.tcp.4; protocol now has the ability to dynamically
1226 limit the send-side window to maximize bandwidth and minimize
1227 round trip times. The feature can be enabled via the
1228 <varname>net.inet.tcp.inflight_enable</varname>
1229 sysctl. &merged;</para>
1234 <title>Disks and Storage</title>
1236 <para arch="i386" role="historic">Support for the Adaptec FSA family of PCI-SCSI
1237 RAID controllers has been added, in the form of the
1238 &man.aac.4; driver. This driver includes proper handling of
1239 commands initiated by the adapter, addition/removal of disk
1240 devices, crashdump functionality, and &man.ioctl.2; commands
1241 necessary for the management CLI, and is fully qualified and
1242 sanctioned by Adaptec. &merged;</para>
1244 <para role="historic">The &man.ahc.4; driver has received numerous updates,
1245 bugfixes, and enhancements. Among various improvements are
1246 improved compatibility with chips in <quote>RAID Port</quote>
1247 mode and systems with AAA and/or ARO cards installed, as well
1248 as performance improvements. Some bugs were also fixed,
1249 including a rare hang on Ultra2/U160
1250 controllers. &merged;</para>
1252 <para arch="i386">The &man.ahd.4; driver, which supports the Adaptec
1253 AIC7901, AIC7901A, and AIC7902 Ultra320 PCI-X SCSI Controller chips, has been
1254 added. &merged;</para>
1256 <para arch="i386" role="historic">The &man.asr.4; driver, which provides support
1257 for the Adaptec SCSI RAID controller family, as well as the
1258 DPT SmartRAID V and VI families, has been
1259 added. &merged;</para>
1261 <para arch="i386" role="historic">The &man.asr.4; driver now supports the
1262 Adaptec 2000S and 2005S Zero-Channel RAID
1263 controllers. &merged;</para>
1265 <para role="historic">The &man.ata.4; driver now has support for ATA100
1266 controllers. In addition, it now supports the ServerWorks
1267 ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100
1268 chipsets, and the Cyrix 5530. &merged;</para>
1270 <para role="historic">To provide more flexible configuration, the various
1271 options for the &man.ata.4; driver are now boot loader
1272 tunables, rather than kernel configure-time
1273 options. &merged;</para>
1275 <para role="historic">The &man.ata.4; driver now has support for tagged queuing,
1276 which is enabled by the <varname>hw.ata.tags</varname> loader
1277 tunable. &merged;</para>
1279 <para role="historic">The &man.ata.4; driver now has support for ATA
1280 <quote>pseudo</quote> RAID controllers as the Promise Fasttrak
1281 and HighPoint HPT370 controllers. &merged;</para>
1283 <para role="historic">The &man.ata.4; driver now supports a wider variety of SiS
1284 chipsets, as listed in the Hardware Notes. &merged;</para>
1286 <para role="historic">The &man.ata.4; driver now has support for creating,
1287 deleting, querying, and rebuilding ATA RAIDs under control of
1288 &man.atacontrol.8;. &merged;</para>
1290 <para role="historic">The BurnProof(TM) feature, for applicable ATAPI CD-ROM
1291 burners, is now supported. &merged;</para>
1293 <para role="historic">The &man.ata.4; driver now has support for 48-bit
1294 addressing. Devices larger than 137GB are now
1295 supported. &merged;</para>
1297 <para role="historic">The &man.ata.4; driver now contains fixes for some data
1298 corruption problems on systems using the VIA 82C686B
1299 Southbridge chip. &merged;</para>
1301 <para>The &man.ata.4; driver (along with &man.burncd.8;) now
1302 supports writing to media in DVD+RW drives.</para>
1304 <para>The &man.ata.4; driver now supports accessing ATA devices
1305 as SCSI devices via the CAM layer and drivers (&man.cd.4;,
1306 &man.da.4;, &man.st.4;, and &man.pass.4;). This feature requires
1307 <literal>device atapicam</literal> in the kernel
1308 configuration. More information can be found in
1309 &man.atapicam.4;. &merged;</para>
1311 <para>The &man.ata.4; driver now has support for the Sil 0680
1312 and VIA 8233/8235 controllers. &merged;</para>
1314 <para>The &man.ata.4; driver now has support for the Acard
1315 ATP850, ATP860, and ATP865 controllers.</para>
1317 <para arch="pc98">The &man.ata.4; driver is now supported on the
1318 pc98 platform.</para>
1320 <para role="historic">The &man.cd.4; driver now has support for write
1321 operations. This allows writing to DVD-RAM, PD and similar
1322 drives that probe as CD devices. Note that change affects
1323 only random-access writeable devices, not sequential-only
1324 writeable devices such as CD-R drives, which are supported by
1325 &man.cdrecord.1; (a part of
1326 <filename role="package">sysutils/cdrtools</filename> in the
1327 Ports Collection. &merged;</para>
1329 <para>The &man.cd.4; driver now supports the same
1330 <literal>CDRIOCREADSPEED</literal> and
1331 <literal>CDRIOCWRITESPEED</literal> ioctls that the
1332 &man.acd.4; driver uses for setting the speed of CDROM
1335 <para>The &man.targ.4; driver has been rewritten and a new
1336 usermode has been added to <filename>/usr/share/examples/scsi_target</filename> that
1337 emulates a direct access device.</para>
1339 <para arch="i386" role="historic">The &man.ciss.4; driver, for devices utilizing the
1340 Common Interface for SCSI-3 Support, has been added. This
1341 driver supports the Compaq SmartRAID 5* family of RAID
1342 controllers (5300, 532, 5i). &merged;</para>
1344 <para>The &man.fdc.4; floppy disk driver has undergone a number of
1345 enhancements. Density selection for common settings is now
1346 automatic; the driver is also much more flexible in setting
1347 the densities of various subdevices.</para>
1349 <para>The &man.geom.4; disk I/O request transformation framework
1350 has been added; this extensible framework is designed to
1351 support a wide variety of operations on I/O requests on their
1352 way from the upper kernel to the device drivers.
1355 <para>GEOM-enabled kernels no longer support
1356 <quote>compatability slices</quote>. This feature
1357 (supported on the i386 and pc98 only) allowed a user to
1358 refer to a disk partition without specifying an MBR slice
1359 (e.g. <filename>/dev/ad0a</filename>); the kernel would
1360 automatically find the first applicable &os; slice and use
1361 it. On GEOM-enabled kernels (the default), only the full partition names
1362 (e.g. <filename>/dev/ad0s1a</filename>) are allowed when
1363 referring to partitions within MBR slices. This
1364 change should affect very few users.</para>
1369 <para>A GEOM Based Disk Encryption module has been added. It
1370 provides denial of access to <quote>cold disks</quote>, with
1371 four different cryptographic barriers and up to four
1372 changeable pass-phrases. Much more information can be found
1373 in the &man.gbde.4; manual page. The &man.gbde.8; userland
1374 utility provides an operation and management interface to this
1375 module. This feature is not enabled by default; it requires
1376 <literal>options GEOM_BDE</literal> to be added to a kernel
1380 <para>This feature should be considered experimental.</para>
1385 <para role="historic">The &man.ida.4; disk driver now has crashdump
1386 support. &merged;</para>
1388 <para arch="i386" role="historic">The &man.iir.4; driver has been added to support the
1389 Intel Integrated RAID controllers, as well as prior ICP Vortex
1392 <para arch="alpha" role="historic">A bug that made certain CDROM drives fail to
1393 attach when connected to a SCSI card driven by &man.isp.4; has
1394 been fixed. &merged;</para>
1396 <para>The &man.isp.4; driver is now proactive about discovering
1397 Fibre Channel topology changes.</para>
1399 <para>The &man.isp.4; driver now supports target mode for Qlogic
1400 SCSI cards, including Ultra2 and Ultra3 and dual bus
1403 <para role="historic">The &man.isp.4; driver now supports the Qlogic 2300 and
1404 2312 Optical Fibre Channel PCI cards. &merged;</para>
1406 <para arch="i386,pc98">The &man.matcd.4; driver has been removed
1407 after falling into a state of disrepair in the source tree and
1408 because of concerns over its licensing terms. These issues
1409 are currently being addressed and this driver may reappear in
1410 future versions of &os;. &merged;</para>
1412 <para>&man.md.4;, the memory disk device, has had the
1413 functionality of &man.vn.4; incorporated into it. &man.md.4;
1414 devices can now be configured by &man.mdconfig.8;. &man.vn.4;
1415 has been removed. The Memory Filesystem (MFS) has also been
1418 <para arch="i386,alpha,pc98,sparc64">The mpt driver, for
1419 supporting the LSI Logic Fusion/MP architecture Fiber Channel
1420 controllers, has been added. &merged;</para>
1422 <para arch="i386" role="historic">The &man.mly.4; driver, for Mylex PCI to SCSI
1423 AccelRAID and eXtremeRAID controllers with firmware 6.X and
1424 later, has been added. &merged;</para>
1426 <para arch="i386,pc98" role="historic">The ncv, nsp, and stg drivers have been ported
1427 from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja
1428 SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers.
1429 All three drivers can be built and loaded as
1430 modules. &merged;</para>
1432 <para arch="powerpc">The ofw driver, a basic OpenFirmware disk
1433 driver, has been added.</para>
1435 <para arch="i386">The &man.pst.4; driver, for supporting Promise
1436 SuperTrak ATA RAID controllers, has been
1437 added. &merged;</para>
1439 <para>The RAIDframe disk driver has been imported from NetBSD.
1440 This driver provides software-based RAID 0, 1, 4, and 5
1441 capabilities, as well as other functionality. More
1442 information can be found in the &man.raid.4; driver manual
1443 page. The &man.raidctl.8; utility is used to configure and
1444 unconfigure disk arrays. This feature is not enabled by
1445 default, and requires <literal>device raidframe</literal> to
1446 be configured into a kernel.
1449 <para>This feature should be considered experimental.</para>
1454 <para>Some problems in &man.sa.4; error handling have been
1455 fixed, including the <quote>tape drive spinning indefinitely
1456 upon &man.mt.1; <option>stat</option></quote> problem.</para>
1458 <para>The <varname>SCSI_DELAY</varname> configuration parameter
1459 can now be set at boot time and runtime via the
1460 <varname>kern.cam.scsi_delay</varname> tunable/sysctl.</para>
1462 <para>The &man.trm.4; driver has been added to support SCSI adapters
1463 using the Tekram TRM-S1040 SCSI chipset. &merged;</para>
1465 <para arch="i386" role="historic">The &man.twe.4; 3ware ATA RAID driver has
1466 added. &merged;</para>
1468 <para role="historic">The &man.wd.4; compatibility devices were removed from the
1469 &man.ata.4; driver. &merged;</para>
1473 <title>Filesystems</title>
1475 <para>Support for named extended attributes has been added to the
1476 &os; kernel. This allows the kernel, and appropriately
1477 privileged userland processes, to tag files and directories
1478 with attribute data. Extended attributes were added to
1479 support the TrustedBSD Project, in particular ACLs, capability
1480 data, and mandatory access control labels (see
1481 <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for
1484 <para role="historic">Due to a licensing change, Soft Updates have been
1485 integrated into the main portion of the kernel source tree.
1486 As a consequence, Soft Updates are now available with the
1487 <filename>GENERIC</filename> kernel. &merged;</para>
1489 <para>A filesystem snapshot capability has been added to FFS.
1490 Details can be found in
1491 <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para>
1493 <para>When running with Soft Updates, &man.statfs.2; and
1494 &man.df.1; will track the number of blocks and files that are
1495 committed to being freed.</para>
1497 <para role="historic">A bug in FFS that could cause superblock corruption on
1498 very large filesystems has been corrected. &merged;</para>
1500 <para role="historic">The ISO-9660 filesystem now has a hook that supports a
1501 loadable character conversion routine. The
1502 <filename role="package">sysutils/cd9660_unicode</filename>
1503 port contains a set of common conversions. &merged;</para>
1505 <para>&man.kernfs.5; is obsolete and has been retired.</para>
1507 <para role="historic">A bug in the NFS client that caused bogus access times with
1508 <literal>O_EXCL|O_CREAT</literal> opens was
1509 fixed. &merged;</para>
1511 <para role="historic">A new NFS hash function (based on the Fowler/Noll/Vo hash
1512 algorithm) has been implemented to improve NFS performance by
1513 increasing the efficiency of the <varname>nfsnode</varname>
1514 hash tables. &merged;</para>
1516 <para>Client-side NFS locks have been implemented.</para>
1518 <para>The client-side and server-side of the NFS code in the
1519 kernel used to be intertwined in various complex ways. They
1520 have been split apart for ease of maintenance and further
1523 <para>Support for filesystem Access Control Lists (ACLs) has
1524 been introduced, allowing more fine-grained control of
1525 discretionary access control on files and directories. This
1526 support was integrated from the TrustedBSD Project. More
1527 details can be found in
1528 <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para>
1530 <para role="historic">The directory layout preference algorithm for FFS
1531 (<literal>dirprefs</literal>) has been changed. Rather than
1532 scattering directory blocks across a disk, it attempts to
1533 group related directory blocks together. Operations
1534 traversing large directory hierarchies, such as the &os; Ports
1535 tree, have shown marked speedups. This change is transparent
1536 and automatic for new directories. &merged;</para>
1538 <para arch="i386,pc98" role="historic">smbfs (CIFS) support in kernel has been added.
1539 The userland programs &man.smbutil.1; and &man.mount.smbfs.8;
1540 can be used to work with SMB shares. Note that
1541 &man.mount.smbfs.8; will automatically load the
1542 <filename>smbfs.ko</filename> module into the kernel, even if
1543 <literal>LIBMCHAIN</literal> and
1544 <literal>LIBICONV</literal> were not compiled into the kernel.
1547 <para>For consistency, the fdesc, fifo, null, msdos, portal,
1548 umap, and union filesystems have been renamed to fdescfs,
1549 fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where
1550 applicable, modules and mount_* programs have been renamed.
1551 Compatibility <quote>glue</quote> has been added to
1552 &man.mount.8; so that <literal>msdos</literal> filesystem
1553 entries in &man.fstab.5; will work without changes.</para>
1555 <para>pseudofs, a pseudo-filesystem framework, has been added.
1556 &man.linprocfs.5; and &man.procfs.5; have been modified to use
1559 <para role="historic">A simple hash-based lookup optimization for large
1560 directories called <literal>dirhash</literal> has been added.
1562 <literal>UFS_DIRHASH</literal> kernel option (enabled by
1563 default in the <filename>GENERIC</filename> kernel), it
1564 improves the speed of operations on very large directories at
1565 the expense of some memory. &merged;</para>
1567 <para role="historic">The virtual memory subsystem now backs UFS directory
1568 memory requirements by default (this behavior is controlled
1569 via the <varname>vfs.vmiodirenable</varname> sysctl
1570 variable). &merged;</para>
1572 <para role="historic">A bug that prevented the root filesystem from being
1573 mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were
1574 always supported). &merged;</para>
1576 <para role="historic">A number of bugs in the filesystem code, discovered
1577 through the use of the <application>fsx</application>
1578 filesystem test tool, have been fixed. Under certain
1579 circumstances (primarily related to use of NFS), these bugs
1580 could cause data corruption or kernel panics. &merged;</para>
1582 <para>Network filesystems (such as NFS and smbfs filesystems)
1583 listed in <filename>/etc/fstab</filename> can now be properly
1584 mounted during startup initialization; their mounts are
1585 deferred until after the network is initialized.</para>
1587 <para>Read-only support for the Universal Disk Format (UDF) has
1588 been added. This format is used on packet-written CD-RWs and
1589 most commercial DVD-Video disks. The &man.mount.udf.8;
1590 command can be used to mount these disks.</para>
1592 <para>Basic support has been added for the UFS2 filesystem.
1593 Among the new features of UFS2:
1597 <para>The inode has been expanded to 256 bytes to make
1598 space for 64-bit block pointers.</para>
1602 <para>A file-creation time field has been added.</para>
1606 <para>A native extended attributes implementation has been
1607 added, permitting total attribute size stored on an inode
1608 to be up to twice the filesystem block size. This storage
1609 is used for Access Control Lists and MAC labels, but may
1610 also be used by other system extensions and user
1611 applications.</para>
1615 UFS1 remains the default on-disk format, although UFS2 can be
1616 selected as an option in &man.newfs.8; or via the partitioning
1617 screen in &man.sysinstall.8;. 64-bit platforms can boot from
1618 UFS2 root filesystems.</para>
1620 <para>To support new features mentioned in this section, minor
1621 changes have been made to the format of the UFS1 superblock.
1622 These changes may create some compatability problems when a
1623 system older than &os; 4.7-RELEASE attempts to &man.mount.8;
1624 or &man.fsck.8; a local UFS1 filesystem created by &os;
1625 &release.current; or later. &os; 4.7-RELEASE and later are
1626 fully compatible. This situation typically arises on a
1627 dual-boot machine with multiple versions of &os;
1633 <title>PCCARD Support</title>
1635 <para arch="i386,pc98" role="historic">The pccard driver and &man.pccardc.8; now
1636 support multiple <quote>beep types</quote> upon card insertion
1637 and removal. &merged;</para>
1639 <para role="historic">On many modern hosts, PCCARD devices can be configured to
1640 route their interrupts via either the ISA or PCI interrupt
1641 paths. The &man.pcic.4; driver has been updated to support
1642 both interrupt paths (formerly, only routing via ISA was
1643 supported). &merged; In most cases, configuration of PCMCIA
1644 devices in laptops is simpler and more flexible. In addition,
1645 various Cardbus bridge PCI cards (such as those used by
1646 Orinoco PCI NICs) are now supported. Some hosts may
1647 experience problems, such as hangs or panics, with PCI
1648 interrupt routing; they can frequently be made to work by
1649 forcing the older-style ISA interrupt routing. The following
1650 lines, placed in <filename>/boot/loader.conf</filename>, may
1651 fix the problem:</para>
1653 <programlisting role="historic">hw.pcic.intr_path="1"
1654 hw.pcic.irq="0"</programlisting>
1656 <para role="historic">When installing &os; on such a system, typing the
1657 following lines to the boot loader may be helpful in starting
1658 up &os; for the first time:<para>
1660 <screen role="historic"><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput>
1661 <prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen>
1663 <para arch="i386">Preliminary CardBus support with NEWCARD has
1664 been added. This code supports both 32-bit and 16-bit cards.
1665 All CardBus bridges are supported, as well as the TI-1030
1666 PCMCIA-PCI bridge. Other PCMCIA-PCI bridges and ISA bridges
1667 aren't supported yet.</para>
1669 <para arch="i386">NEWCARD is now the default PCCARD/CardBus
1670 system in the <filename>GENERIC</filename> kernel.</para>
1675 <title>Multimedia Support</title>
1677 <para arch="i386" role="historic">The &man.pcm.4; driver now supports the ESS
1678 Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media
1679 fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound
1680 card/chipsets, and has received some other updates. Separate
1681 drivers for the SoundBlaster 8 and SoundBlaster 16 now replace
1682 an older, unified driver. A driver for the CMedia
1683 CMI8338/CMI8738 sound chips has been added. A driver for the
1684 CS4281 sound chip has been added. A driver for the S3
1685 SonicVibes chipset has been added. &merged;</para>
1687 <para arch="i386" role="historic">A driver for the Avance Logic ALS4000 has been
1688 added. &merged;</para>
1690 <para arch="i386" role="historic">A driver for the ESS Maestro-3/Allegro has
1691 been added, however due to licensing restrictions, it cannot
1692 be compiled into the kernel. &merged; To use this driver, add
1693 the following line to
1694 <filename>/boot/loader.conf</filename>:</para>
1696 <programlisting role="historic">snd_maestro3_load="YES"</programlisting>
1698 <para arch="i386">The VT8233 audio controller now has its own
1699 driver to facilitate supporting all known revisions of the
1700 hardware. It is loadable at boot time by adding
1701 <literal>device pcm</literal> to the kernel configuration or
1702 by adding <literal>snd_via8233="YES"</literal> to
1703 <filename>/boot/loader.conf</filename>. Documentation to
1704 support this work was provided by VIA. &merged;</para>
1706 <para role="historic">The &man.bktr.4; driver has been updated to 2.18. This
1707 update provides a number of new features. New tuner types
1708 have been added, and improvements to the KLD module and to
1709 memory allocation have been made. Bugs in &man.devfs.5; when
1710 unloading and reloading have been fixed. Support for new
1711 Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux)
1712 has been added. &merged;</para>
1714 <para arch="i386,pc98" role="historic">The ufm driver, supporting the D-Link DSB-R100
1715 USB Radio, has been added. &merged;</para>
1717 <para role="historic">When sound modules are built, one can now load all the
1718 drivers and infrastructure by <command>kldload
1719 snd</command>. &merged;</para>
1721 <para>A new API has been added for sound cards with hardware
1722 volume control.</para>
1724 <para arch="i386" role="historic">A driver for the Intel 443MX, 810, 815, and
1725 815E integrated sound devices has been added. &merged;</para>
1727 <para arch="i386" role="historic">The via82c686 sound driver now supports the VIA
1728 VT8233. &merged;</para>
1730 <para arch="i386" role="historic">The ich sound driver now support the SiS
1731 7012 chipset. &merged;</para>
1733 <para arch="i386">The ich sound driver now provides rudimentary
1734 support for ich4 audio support. &merged;</para>
1736 <para arch="i386">Drivers have been added to support the Direct
1737 Rendering Infrastructure, which can used to provide 3D
1738 acceleration within <application>XFree86</application>. Video
1739 cards supported include the 3Dlabs Oxygen GMX 2000 (gammadrm),
1740 AGP Matrox G200/G400/G450/G550 (mgadrm), 3dfx Voodoo
1741 3/4/5/Banshee (tdfxdrm), AGI ATI Rage 128 (r128drm), and AGP
1742 ATI Radeon (radeondrm).</para>
1747 <title>Contributed Software</title>
1749 <para>The Forth Inspired Command Language
1750 (<application>FICL</application>) used in the boot loader has
1751 been updated to 3.02.</para>
1753 <para>Support for Advanced Configuration and Power Interface
1754 (ACPI), a multi-vendor standard for configuration and power
1755 management, has been added. This functionality has been
1756 provided by the <application>Intel ACPI Component
1757 Architecture</application> project, as of the ACPI CA 20021118
1758 snapshot. Some backward compatability for applications using
1759 the older APM standard has been provided.</para>
1762 <title>IPFilter</title>
1764 <para><application>IPFilter</application> has been updated to
1765 3.4.29. &merged;</para>
1767 <para role="historic"><application>IPFilter</application> now supports
1768 IPv6. &merged;</para>
1773 <title>isdn4bsd</title>
1775 <para><application>isdn4bsd</application> has been updated to
1776 version 1.0.2.</para>
1778 <para role="historic">The &man.ifpi.4; driver for supporting the AVM
1779 Fritz!Card PCI controller has been added. &merged;</para>
1781 <para role="historic">The &man.ifpi2.4; driver for supporting the AVM
1782 Fritz!Card PCI version 2 controller has been added. &merged;</para>
1784 <para role="historic">The &man.ihfc.4; driver for supporting Cologne Chip
1785 Designs HFC devices under
1786 <application>isdn4bsd</application> has been
1787 added. &merged;</para>
1789 <para role="historic">The &man.itjc.4; driver for supporting NETjet-S / Teles
1790 PCI-TJ devices under <application>isdn4bsd</application> has
1791 been added. &merged;</para>
1793 <para role="historic">Experimental support for the Eicon.Diehl DIVA 2.0 and
1794 2.02 ISA PnP ISDN cards has been added to the &man.isic.4;
1795 <application>isdn4bsd</application> driver. &merged;</para>
1797 <para role="historic">The &man.isic.4; driver now supports the Compaq Microcom
1798 610 ISDN ISA PnP card. &merged;</para>
1800 <para role="historic">Active CAPI-based ISDN cards manufactured by AVM are now
1801 supported using the &man.i4bcapi.4; and the &man.iavc.4;
1802 driver. The supported cards are the AVM B1 PCI and AVM B1
1803 ISA Basic Rate cards and the AVM T1 Primary Rate
1804 cards. &merged;</para>
1806 <para role="historic">A new <literal>maxconnecttime</literal> keyword is now
1807 accepted in &man.isdnd.rc.5; files to limit the time a
1808 connection may remain open. &merged;</para>
1810 <para role="historic">&man.isdnphone.8; now supports a <option>-k</option>
1811 option for sending messages via the keypad facility to a PBX
1812 or exchange office. &merged;</para>
1814 <para><application>isdn4bsd</application> now supports Q.931
1815 subaddressing.</para>
1819 <sect4 id="kame-kernel">
1822 <para role="historic">The IPv6 stack is now based on a snapshot based on the
1823 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of
1824 the items listed in this section are a result of this
1825 import. <xref linkend="kame-userland"> lists userland
1826 updates to the KAME IPv6 stack. &merged;</para>
1828 <para role="historic">&man.gif.4; is now based on RFC 2893, rather than RFC
1829 1933. The <literal>IFF_LINK2</literal> interface flag can
1830 be used to control ingress filtering. &merged;</para>
1832 <para role="historic"><application>IPsec</application> has received some
1833 enhancements, including the ability to use the Rijndael and
1834 SHA2 algorithms. IPsec RC5 support has been removed due to
1835 patent issues. &merged;</para>
1837 <para role="historic">&man.stf.4; now conforms to RFC 3056; the
1838 <literal>IFF_LINK2</literal> interface flag can be used to
1839 control ingress filtering. &merged;</para>
1841 <para role="historic">IPv6 has better checking of illegal addresses (such as
1842 loopback addresses) on physical networks. &merged;</para>
1844 <para role="historic">The <varname>IPV6_V6ONLY</varname> socket option is now
1845 completely supported. The kernel's default behavior with
1846 respect to this option is controlled by the
1847 <varname>net.inet6.ip6.v6only</varname> sysctl
1848 variable. &merged;</para>
1850 <para role="historic">RFC 3041 (Privacy Extensions for Stateless Address
1851 Autoconfiguration) is now supported. It can be enabled via
1852 the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl
1853 variable. &merged;</para>
1858 <sect2 id="security">
1859 <title>Security-Related Changes</title>
1861 <para role="historic">&man.sysinstall.8; now allows the user to select one of two
1862 <quote>security profiles</quote> at install-time. These
1863 profiles enable different levels of system security by enabling
1864 or disabling various system services in &man.rc.conf.5; on new
1865 installs. &merged;</para>
1867 <para role="historic">A bug in which malformed ELF executable images can hang the
1868 system has been fixed (see security advisory
1869 FreeBSD-SA-00:41). &merged;</para>
1871 <para role="historic">A security hole in Linux emulation was fixed (see security
1872 advisory FreeBSD-SA-00:42). &merged;</para>
1874 <para role="historic">String-handling library calls in many programs were fixed to
1875 reduce the possibility of buffer overflow-related exploits.
1878 <para role="historic">TCP now uses stronger randomness in choosing its initial
1879 sequence numbers (see security advisory
1880 FreeBSD-SA-00:52). &merged;</para>
1882 <para role="historic">Several buffer overflows in &man.tcpdump.1; were corrected
1883 (see security advisory FreeBSD-SA-00:61). &merged;</para>
1885 <para role="historic">A security hole in &man.top.1; was corrected (see security
1886 advisory FreeBSD-SA-00:62). &merged;</para>
1888 <para role="historic">A potential security hole caused by an off-by-one-error in
1889 &man.gethostbyname.3; has been fixed (see security advisory
1890 FreeBSD-SA-00:63). &merged;</para>
1892 <para role="historic">A potential buffer overflow in the &man.ncurses.3; library,
1893 which could cause arbitrary code to be run from within
1894 &man.systat.1;, has been corrected (see security advisory
1895 FreeBSD-SA-00:68). &merged;</para>
1897 <para role="historic">A vulnerability in &man.telnetd.8; that could cause it to
1898 consume large amounts of server resources has been fixed (see
1899 security advisory FreeBSD-SA-00:69). &merged;</para>
1901 <para role="historic">The <literal>nat deny_incoming</literal> command in
1902 &man.ppp.8; now works correctly (see security advisory
1903 FreeBSD-SA-00:70). &merged;</para>
1905 <para role="historic">A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files
1906 that could allow overwriting of arbitrary user-writable files
1907 has been closed (see security advisory
1908 FreeBSD-SA-00:76). &merged;</para>
1910 <para role="historic">The &man.ssh.1; binary is no longer SUID root by
1911 default. &merged;</para>
1913 <para role="historic">Some fixes were applied to the Kerberos IV implementation
1914 related to environment variables, a possible buffer overrun, and
1915 overwriting ticket files. &merged;</para>
1917 <para role="historic">&man.telnet.1; now does a better job of sanitizing its
1918 environment. &merged;</para>
1920 <para role="historic">Several vulnerabilities in &man.procfs.5; were fixed (see
1921 security advisory FreeBSD-SA-00:77). &merged;</para>
1923 <para role="historic">A bug in <application>OpenSSH</application> in which a
1924 server was unable to disable &man.ssh-agent.1; or
1925 <literal>X11Forwarding</literal> was fixed (see security
1926 advisory FreeBSD-SA-01:01). &merged;</para>
1928 <para role="historic">A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP
1929 segments could incorrectly be treated as being part of an
1930 <literal>established</literal> connection has been fixed (see
1931 security advisory FreeBSD-SA-01:08). &merged;</para>
1933 <para role="historic">A bug in &man.crontab.1; that could allow users to read any
1934 file on the system in valid &man.crontab.5; syntax has been
1935 fixed (see security advisory FreeBSD-SA-01:09). &merged;</para>
1937 <para role="historic">A vulnerability in &man.inetd.8; that could allow
1938 read-access to the initial 16 bytes of
1939 <groupname>wheel</groupname>-accessible files has been fixed
1940 (see security advisory FreeBSD-SA-01:11). &merged;</para>
1942 <para role="historic">A bug in &man.periodic.8; that used insecure temporary files
1943 has been corrected (see security advisory
1944 FreeBSD-SA-01:12). &merged;</para>
1946 <para role="historic"><application>OpenSSH</application> now has code to prevent
1947 (instead of just mitigating through connection limits) an attack
1948 that can lead to guessing the server key (not host key) by
1949 regenerating the server key when an RSA failure is detected (see
1950 security advisory FreeBSD-SA-01:24). &merged;</para>
1952 <para role="historic">A number of programs have had output formatting strings
1953 corrected so as to reduce the risk of
1954 vulnerabilities. &merged;</para>
1956 <para role="historic">A number of programs that use temporary files now do so more
1957 securely. &merged;</para>
1959 <para role="historic">A bug in ICMP that could cause an attacker to disrupt TCP and UDP
1960 <quote>sessions</quote> has been corrected. &merged;</para>
1962 <para role="historic">A bug in &man.timed.8;, which caused it to crash if send
1963 certain malformed packets, has been corrected (see security
1964 advisory FreeBSD-SA-01:28). &merged;</para>
1966 <para role="historic">A bug in &man.rwhod.8;, which caused it to crash if send
1967 certain malformed packets, has been corrected (see security
1968 advisory FreeBSD-SA-01:29). &merged;</para>
1970 <para role="historic">A security hole in &os;'s FFS and EXT2FS implementations,
1971 which allowed a race condition that could cause users to have
1972 unauthorized access to data, has been fixed (see security
1973 advisory FreeBSD-SA-01:30). &merged;</para>
1975 <para role="historic">A remotely-exploitable vulnerability in &man.ntpd.8; has
1976 been closed (see security advisory
1977 FreeBSD-SA-01:31). &merged;</para>
1979 <para role="historic">A security hole in <application>IPFilter</application>'s
1980 fragment cache has been closed (see security advisory
1981 FreeBSD-SA-01:32). &merged;</para>
1983 <para role="historic">Buffer overflows in &man.glob.3;, which could cause
1984 arbitrary code to be run on an FTP server, have been closed. In
1985 addition, to prevent some forms of DOS attacks, &man.glob.3;
1986 allows specification of a limit on the number of pathname
1987 matches it will return. &man.ftpd.8; now uses this feature (see
1988 security advisory FreeBSD-SA-01:33). &merged;</para>
1990 <para role="historic">Initial sequence numbers in TCP are more thoroughly
1991 randomized (see security advisory FreeBSD-SA-01:39). Due to
1992 some possible compatibility issues, the behavior of this
1993 security fix can be enabled or disabled via the
1994 <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl
1995 variable.&merged;</para>
1997 <para role="historic">A vulnerability in the &man.fts.3; routines (used by
1998 applications for recursively traversing a filesystem) could
1999 allow a program to operate on files outside the intended
2000 directory hierarchy. This bug has been fixed (see security
2001 advisory FreeBSD-SA-01:40). &merged;</para>
2003 <para role="historic"><application>OpenSSH</application> now switches to the
2004 user's UID before attempting to unlink the authentication
2005 forwarding file, nullifying the effects of a race.</para>
2007 <para role="historic">A flaw allowed some signal handlers to remain in effect in a
2008 child process after being exec-ed from its parent. This allowed
2009 an attacker to execute arbitrary code in the context of a setuid
2010 binary. This flaw has been corrected (see security advisory
2011 FreeBSD-SA-01:42). &merged;</para>
2013 <para role="historic">A remote buffer overflow in &man.tcpdump.1; has been fixed
2014 (see security advisory FreeBSD-SA-01:48). &merged;</para>
2016 <para role="historic">A remote buffer overflow in &man.telnetd.8; has been fixed
2017 (see security advisory FreeBSD-SA-01:49). &merged;</para>
2019 <para role="historic">The new <varname>net.inet.ip.maxfragpackets</varname> and
2020 <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables
2021 limit the amount of memory that can be consumed by IPv4 and IPv6
2022 packet fragments, which defends against some denial of service
2023 attacks (see security advisory
2024 FreeBSD-SA-01:52). &merged;</para>
2026 <para role="historic">All services in <filename>inetd.conf</filename> are now
2027 disabled by default for new installations. &man.sysinstall.8;
2028 gives the option of enabling or disabling &man.inetd.8; on new
2029 installations, as well as editing
2030 <filename>inetd.conf</filename>. &merged;</para>
2032 <para role="historic">A flaw in the implementation of the &man.ipfw.8;
2033 <literal>me</literal> rules on point-to-point links has been
2034 corrected. Formerly, <literal>me</literal> filter rules would
2035 match the remote IP address of a point-to-point interface in
2036 addition to the intended local IP address (see security advisory
2037 FreeBSD-SA-01:53). &merged;</para>
2039 <para role="historic">A vulnerability in &man.procfs.5;, which could allow a
2040 process to read sensitive information from another process's
2041 memory space, has been closed (see security advisory
2042 FreeBSD-SA-01:55). &merged;</para>
2044 <para role="historic">The <literal>PARANOID</literal> hostname checking in
2045 <application>tcp_wrappers</application> now works as advertised
2046 (see security advisory FreeBSD-SA-01:56). &merged;</para>
2048 <para role="historic">A local root exploit in &man.sendmail.8; has been closed
2049 (see security advisory FreeBSD-SA-01:57). &merged;</para>
2051 <para role="historic">A remote root vulnerability in &man.lpd.8; has been closed
2052 (see security advisory FreeBSD-SA-01:58). &merged;</para>
2054 <para role="historic">A race condition in &man.rmuser.8; that briefly exposed a
2055 world-readable <filename>/etc/master.passwd</filename> has been
2056 fixed (see security advisory FreeBSD-SA-01:59). &merged;</para>
2058 <para role="historic">A vulnerability in <application>UUCP</application> has been
2059 closed (see security advisory FreeBSD-SA-01:62). All
2060 non-<username>root</username>-owned binaries in standard system
2061 paths now have the <literal>schg</literal> flag set to prevent
2062 exploit vectors when run by &man.cron.8;, by
2063 <username>root</username>, or by a user other then the one owning
2064 the binary. In addition, &man.uustat.1; is now run via
2065 <filename>/etc/periodic/daily/410.status-uucp</filename> as
2066 <username>uucp</username>, not <username>root</username>. In
2067 &os; -CURRENT, <application>UUCP</application> has since been
2068 moved to the Ports Collection and no longer a part of the base
2069 system. &merged;</para>
2071 <para role="historic">A security hole in the form of a buffer overflow in the
2072 &man.semop.2; system call has been closed. &merged;</para>
2074 <para role="historic">A security hole in <application>OpenSSH</application>, which
2075 could allow users to execute code with arbitrary privileges if
2076 <literal>UseLogin yes</literal> was set, has been closed. Note
2077 that the default value of this setting is
2078 <literal>UseLogin no</literal>. (See security advisory
2079 FreeBSD-SA-01:63.) &merged;</para>
2081 <para role="historic">The use of an insecure temporary directory by
2082 &man.pkg.add.1; could permit a local attacker to modify the
2083 contents of binary packages while they were being installed.
2084 This hole has been closed. (See security advisory
2085 FreeBSD-SA-02:01.) &merged;</para>
2087 <para role="historic">A race condition in &man.pw.8;, which could expose the
2088 contents of <filename>/etc/master.passwd</filename>, has been
2089 eliminated. (See security advisory FreeBSD-SA-02:02.)
2092 <para role="historic">A bug in &man.k5su.8; could have allowed a process that had
2093 given up superuser privileges to regain them. This bug has been
2094 fixed. (See security advisory FreeBSD-SA-02:07.)
2097 <para role="historic">An <quote>off-by-one</quote> bug has been fixed in
2098 <application>OpenSSH</application>'s multiplexing code. This bug
2099 could have allowed an authenticated remote user to cause
2100 &man.sshd.8; to execute arbitrary code with superuser
2101 privileges, or allowed a malicious SSH server to execute arbitrary
2102 code on the client system with the privileges of the client user. (See security
2103 advisory FreeBSD-SA-02:13.)
2106 <para role="historic">A programming error in <application>zlib</application> could
2107 result in attempts to free memory multiple times. The
2108 &man.malloc.3;/&man.free.3; routines used in &os; are not
2109 vulnerable to this error, but applications receiving
2110 specially-crafted blocks of invalid compressed data could
2111 be made to function incorrectly or abort. This
2112 <application>zlib</application> bug has been fixed. For a
2113 workaround and solutions, see security advisory FreeBSD-SA-02:18.
2116 <para role="historic">Bugs in the TCP SYN cache (<quote>syncache</quote>) and SYN
2117 cookie (<quote>syncookie</quote>) implementations, which could
2118 cause legitimate TCP/IP traffic to crash a machine, have been
2119 fixed. For a workaround and patches, see security advisory
2123 <para role="historic">A routing table memory leak, which could allow a remote
2124 attacker to exhaust the memory of a target machine, has been
2125 fixed. A workaround and patches can be found in security
2126 advisory FreeBSD-SA-02:21.
2129 <para role="historic">A bug with memory-mapped I/O, which could cause a system
2130 crash, has been fixed. For more information about a solution,
2131 see security advisory
2135 <para role="historic">A security hole, in which SUID programs could be made to
2136 read from or write to inappropriate files through manipulation
2137 of their standard I/O file descriptors, has been fixed.
2138 Information regarding a solution can be found in security
2143 <para role="historic">Some unexpected behavior could be allowed with &man.k5su.8;
2144 because it does not require that an invoking user be a member of
2145 the <groupname>wheel</groupname> group when attempting to become
2146 the superuser (this is the case with &man.su.1;). To avoid this
2147 situation, &man.k5su.8; is now installed non-SUID by default
2148 (effectively disabling it). More information can be found in
2153 <para role="historic">Multiple vulnerabilities were found in the &man.bzip2.1;
2154 utility, which could allow files to be overwritten without
2155 warning or allow local users unintended access to files. These
2156 problems have been corrected with a new import of
2157 <application>bzip2</application>. For more information, see
2162 <para role="historic">A bug has been fixed in the implementation of the TCP SYN
2163 cache (<quote>syncache</quote>), which could allow a remote
2164 attacker to deny access to a service when accept filters
2165 (see &man.accept.filter.9;) were in use. This bug has been
2166 fixed; for more information, see security advisory
2170 <para role="historic">Due to a bug in &man.rc.8;'s use of shell globbing, users
2171 may be able to remove the contents of arbitrary files if
2172 <filename>/tmp/.X11-unix</filename> does not exist and the
2173 system can be made to reboot. This bug has been corrected (see
2178 <para>A buffer overflow in the resolver, which could be exploited
2179 by a malicious domain name server or an attacker forging DNS
2180 messages, has been fixed. See security advisory <ulink
2181 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:28.resolv.asc">FreeBSD-SA-02:28</ulink>
2182 for more details. &merged;</para>
2184 <para>A buffer overflow in &man.tcpdump.1;, which could be triggered by
2185 badly-formed NFS packets, has been fixed. See security advisory
2187 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:29.tcpdump.asc">FreeBSD-SA-02:29</ulink>
2188 for more details. &merged;</para>
2190 <para>&man.ktrace.1; can no longer trace the operation of formerly
2191 privileged processes; this prevents the leakage of sensitive
2192 information that the process could have obtained before
2193 abandoning its privileges. For a discussion of this issue, see
2196 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:30.ktrace.asc">FreeBSD-SA-02:30</ulink>
2197 for more details. &merged;</para>
2199 <para>A race condition in &man.pppd.8;, which could be used to
2200 change the permissions of an arbitrary file, has been corrected.
2201 For more information, see security advisory <ulink
2202 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:32.pppd.asc">FreeBSD-SA-02:32</ulink>.
2205 <para>Multiple buffer overflows in
2206 <application>OpenSSL</application> have been corrected, by way
2207 of an upgrade to the base system version of
2208 <application>OpenSSL</application>. More details can be found
2209 in security advisory <ulink
2210 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc">FreeBSD-SA-02:33</ulink>.
2213 <para>A heap buffer overflow in the XDR decoder has been fixed.
2214 For more details, see security advisory <ulink
2215 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:34.rpc.asc">FreeBSD-SA-02:34</ulink>.
2218 <para>A bug that could allow local users to read and write
2219 arbitrary blocks on an FFS filesystem has been corrected. More
2220 details can be found in security advisory <ulink
2221 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:35.ffs.asc">FreeBSD-SA-02:35</ulink>.
2224 <para>A bug in the NFS server code, which could allow a remote
2225 denial of service attack, has been fixed. Security advisory <ulink
2226 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:36.nfs.asc">FreeBSD-SA-02:36</ulink>
2227 has more details. &merged;</para>
2229 <para>A bug that could allow local users to panic a system using
2230 the &man.kqueue.2; mechanism has been fixed. More information
2231 is contained in security advisory <ulink
2232 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:37.kqueue.asc">FreeBSD-SA-02:37</ulink>.
2235 <para>Several bounds-checking bugs in system calls, which could
2236 result in some system calls returning a large portion of kernel
2237 memory, have been fixed. More information can be found in
2238 security advisory <ulink
2239 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:38.signed-error.asc">FreeBSD-SA-02:38</ulink>.
2242 <para>A bug that could allow applications using
2243 <filename>libkvm</filename> to leak sensitive file descriptors
2244 has been corrected. (See security advisory <ulink
2245 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc">FreeBSD-SA-02:39</ulink>
2249 <para>Buffer overflows in kadmind(8) and k5admin have been
2250 corrected. More details can be found in security advisory <ulink
2251 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:40.kadmind.asc">FreeBSD-SA-02:40</ulink>.
2254 <para>Errors in &man.smrsh.8;, which could allow users to circumvent
2255 restrictions on what programs can be executed, have been fixed.
2257 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:41.smrsh.asc">FreeBSD-SA-02:41</ulink>
2261 <para>Buffer overflows in the DNS &man.resolver.3;, which could
2262 cause some applications to fail, have been corrected. More
2263 details are in <ulink
2264 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:42.resolv.asc">FreeBSD-SA-02:42</ulink>.
2267 <para>Multiple vulnerabilities in <application>BIND</application>
2268 have been fixed, as described in <ulink
2269 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:43.bind.asc">FreeBSD-SA-02:43</ulink>.
2272 <para>A file descriptor leak in the &man.fpathconf.2; system call,
2273 which could allow a local user to crash the system or
2274 cause a privilege escalation, has been fixed. More details can
2275 be found in security advisory <ulink
2276 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc">FreeBSD-SA-02:44</ulink>.
2281 <sect2 id="userland">
2282 <title>Userland Changes</title>
2284 <para>Support for creating &man.a.out.5; format executables with
2285 the base system compiler toolchain has been removed.</para>
2287 <para>&man.adduser.8; and &man.rmuser.8; are now &man.sh.1;
2288 scripts, rather than Perl scripts.</para>
2290 <para role="historic">If the first argument to &man.ancontrol.8; or
2291 &man.wicontrol.8; doesn't start with a <literal>-</literal>, it
2292 is assumed to be an interface. &merged;</para>
2294 <para role="historic">&man.apmd.8; now has the ability to monitor battery levels
2295 and execute commands based on percentage or minutes of battery
2296 life remaining via the <literal>apm_battery</literal>
2297 configuration directive. See the commented-out examples in
2298 <filename>/etc/apmd.conf</filename> for the
2299 syntax. &merged;</para>
2301 <para role="historic">&man.arp.8; now prints the applicable interface name for
2302 each ARP entry. &merged;</para>
2304 <para>&man.arp.8; now prints <literal>[fddi]</literal> or
2305 <literal>[atm]</literal> tags for addresses on interfaces of
2308 <para>The &man.asa.1; utility, to interpret FORTRAN
2309 carriage-control characters, has been added.</para>
2311 <para>&man.at.1; now supports the <option>-r</option> command-line
2312 option to remove jobs and the <option>-t</option> option to
2313 specify times in POSIX time format.</para>
2315 <para role="historic">&man.atacontrol.8; has been added to control various aspects
2316 of the &man.ata.4; driver. &merged;</para>
2318 <para>The system &man.awk.1; now refers to
2319 <application>BWK awk</application>.</para>
2321 <para>&man.basename.1; now accept <option>-a</option> and
2322 <option>-s</option> flags, which allow it to perform the
2323 &man.basename.3; function on multiple files.</para>
2325 <para>&man.biff.1; now accepts a <option>b</option> argument to
2326 enable <quote>bell notification</quote> of new mail (which does
2327 not disturb the terminal contents as <command>biff y</command>
2328 would). &merged;</para>
2330 <para>&man.biff.1; now uses the first terminal associated with the
2331 standard input, standard output or standard error file
2332 descriptor, in that order. Thus, it is possible to use the
2333 redirection facilities of a shell (<command>biff n <
2334 /dev/ttyp1</command>) to toggle the notification for other
2337 <para arch="pc98" role="historic">&man.boot98cfg.8;, a PC-98 boot manager
2338 installation and configuration utility, has been
2339 added. &merged;</para>
2341 <para role="historic">&man.burncd.8; now supports a <option>-m</option> option for
2342 multisession mode (the default behavior now is to close disks as
2343 single-session). A <option>-l</option> option to take a list of
2344 image files from a filename was also added;
2345 <filename>-</filename> can be used as a filename for
2346 <literal>stdin</literal>. &merged;</para>
2348 <para>&man.burncd.8; now supports Disk At Once (DAO) mode,
2349 selectable via the <option>-d</option> flag. &merged;</para>
2351 <para>&man.burncd.8; now has the ability to write VCDs/SVCDs. &merged;</para>
2353 <para>&man.burncd.8; now accepts a value of <literal>max</literal>
2354 for its <option>-s</option> option to set the drive's maximum
2355 write speed. &merged;</para>
2357 <para>&man.bzgrep.1;, &man.bzegrep.1;, and &man.bzfgrep.1;
2358 have been added to perform &man.grep.1;-type operations on
2359 &man.bzip2.1;-compressed files.</para>
2361 <para role="historic">&man.c89.1; has been converted from a shell script to a
2362 binary executable, fixing some minor bugs. &merged;</para>
2364 <para>&man.calendar.1; now takes a <option>-W</option> option,
2365 which operates similar to <option>-A</option> but without
2366 special treatment at weekends, and a <option>-F</option> option
2367 to change the notion of <quote>Friday</quote>.</para>
2369 <para arch="i386,pc98" role="historic">A minimalized version of &man.camcontrol.8; is
2370 now available on the installation floppy. This allows it to
2371 rescan for devices that have been connected after booting, or to
2372 show the devices attached to SCSI busses (e. g. from within the
2373 <quote>emergency holographic shell</quote>). &merged;</para>
2375 <para role="historic">&man.cat.1; now has the ability to read from UNIX-domain
2376 sockets. &merged;</para>
2378 <para>&man.catman.1; is now a C program, instead of a
2381 <para role="historic">&man.cdcontrol.1; now supports a <literal>cdid</literal>
2382 command, which calculates and displays the CD serial number,
2383 using the same algorithm used by the CDDB
2384 database. &merged;</para>
2386 <para role="historic">&man.cdcontrol.1; now uses the <envar>CDROM</envar>
2387 environment variable to pick a default device. &merged;</para>
2389 <para role="historic">&man.cdcontrol.1; now supports <literal>next</literal> and
2390 <literal>prev</literal> commands to skip forwards or backwards a
2391 specified number of tracks while playing an audio
2394 <para>&man.cdcontrol.1; now supports a
2395 <literal>speed</literal> command to set the maximum speed to be
2396 used by the drive (the maximum possible speed can be selected
2397 setting the speed to <literal>max</literal>). &merged;</para>
2399 <para>A &man.check.utility.compat.3; library function has been
2400 added to <filename>libc</filename>, to determine
2401 whether certain &os; base system utilities should behave in &os; 4-compatible mode
2402 or in a <quote>standard</quote> mode (default standard). The
2403 configuration is done &man.malloc.3;-style, with either an
2404 environment variable or a symbolic link.</para>
2406 <para>&man.chflags.1; has moved from <filename>/usr/bin</filename>
2407 to <filename>/bin</filename>.</para>
2409 <para role="historic">&man.chio.1; now has the ability to specify elements by
2410 volume tag instead of by their physical location as well as the
2411 ability to return an element to its previous
2412 location. &merged;</para>
2414 <para>&man.chmod.1; now supports a <option>-h</option> for
2415 changing the mode of a symbolic link.</para>
2417 <para>&man.chmod.1; now also, when the mode is modified, prints
2418 the old and new modes if the <option>-v</option> option is
2419 specified more than once.</para>
2421 <para role="historic">&man.chown.8; now correctly follows symbolic links named as
2422 command line arguments if run without
2423 <option>-R</option>. &merged;</para>
2425 <para>&man.chown.8; no longer takes <literal>.</literal> as a
2426 user/group delimeter. This change was made to support usernames
2427 containing a <literal>.</literal> character.</para>
2429 <para>Use of the <literal>CSMG_*</literal> macros no longer
2430 require inclusion of
2431 <filename><sys/param.h></filename></para>
2433 <para role="historic">&man.col.1; now takes a <option>-p</option> flag to force
2434 unknown control sequences to be passed through
2435 unchanged. &merged;</para>
2437 <para role="historic">The <filename>compat3x</filename> distribution has been
2438 updated to include libraries present in &os;
2439 3.5.1-RELEASE. &merged;</para>
2441 <para>A <filename>compat4x</filename> distribution has been added
2442 for compatibility with &os; 4-STABLE. It includes a subset of
2443 the libraries distributed with &os; 4.7-RELEASE.</para>
2445 <para role="historic">&man.config.8; is now better about converting various
2446 warnings that should have been errors into actual fatal errors
2447 with an exit code. This ensures that <literal>make
2448 buildkernel</literal> doesn't quietly ignore them and build a
2449 bogus kernel without a human to read the errors. &merged;</para>
2451 <para role="historic">A number of buffer overflows in &man.config.8; have been
2452 fixed. &merged;</para>
2454 <para>&man.cp.1; now takes a (nonstandard) <option>-n</option>
2455 option to automatically answer <quote>no</quote> when it would
2456 ask to overwrite a file. &merged;</para>
2458 <para>A new &man.csplit.1; utility, which splits files based on
2459 context, has been added.</para>
2461 <para role="historic">&man.ctags.1; no longer creates a corrupt tags file if the
2462 source file used <literal>//</literal> (C++-style)
2463 comments. &merged;</para>
2465 <para>&man.ctags.1; now creates tags for typedefs, structs,
2466 unions, and enums by default (implying the <option>-t</option>
2467 option). The new <option>-T</option> reverts to the old
2470 <para>The &man.daemon.8; program, a command-line interface to
2471 &man.daemon.3;, has been added. It detaches itself from its
2472 controlling terminal and executes a program specified on the
2473 command line. This allows the user to run an arbitrary program
2474 as if it were written to be a daemon. &merged;</para>
2476 <para>The &man.devd.8; utility, a userland daemon that can run
2477 arbitrary commands when devices come and go in the device tree,
2478 has been added. This program is a generalization of some of the
2479 functionality of &man.pccardd.8;.
2482 <para>&man.devd.8; is a work in progress.</para>
2487 <para>&man.devinfo.8;, a simple tool to print the device tree and resource
2488 usage by devices, has been added.</para>
2490 <para role="historic">&man.df.1; now takes a <option>-l</option> option to only
2491 display information about locally-mounted
2492 filesystems. &merged;</para>
2494 <para role="historic">&man.disklabel.8; now supports partition sizes expressed in
2495 kilobytes, megabytes, or gigabytes, in addition to
2496 sectors. &merged;</para>
2498 <para>diskpart(8) has been declared obsolete, and has been
2501 <para role="historic">&man.dmesg.8; now has a <option>-a</option> option to show
2502 the entire message buffer, including &man.syslogd.8; records and
2503 <filename>/dev/console</filename> output. &merged;</para>
2505 <para role="historic">&man.du.1; now takes a <option>-I</option> command-line flag
2506 to ignore/skip files and subdirectories matching a specified
2507 shell-glob mask. &merged;</para>
2509 <para role="historic">&man.dump.8; now supports inheritance of the
2510 <literal>nodump</literal> flag down a hierarchy. &merged;</para>
2512 <para>&man.dump.8; now supports a <option>-L</option> flag for
2513 dumping live UFS and UFS2 filesystems safely. To obtain a
2514 consistent dump image, &man.dump.8; takes a snapshot of the
2515 filesystem and performs the dump on the snapshot. The snapshot
2516 is removed when the dump is complete.</para>
2518 <para role="historic">The <option>-T</option> option to &man.dump.8; no longer
2519 swallows an extra argument. &merged;</para>
2521 <para role="historic">&man.dump.8; has a new <option>-D</option> option, allowing
2522 the path to the <filename>/etc/dumpdates</filename> file to be
2523 changed. &merged;</para>
2525 <para role="historic">&man.dump.8; now supplies progress information in its
2526 process title, useful for monitoring automated
2527 backups. &merged;</para>
2529 <para>&man.dump.8; now supports a new <option>-S</option> flag to allow
2530 it to just print out the dump size estimates and exit. &merged;</para>
2532 <para role="historic">&man.edquota.8; now takes a <option>-f</option> option to
2533 allow limiting the prototype quota distribution (specified with
2534 <option>-p</option>) to a single filesystem. &merged;</para>
2536 <para role="historic"><filename>/etc/rc.firewall</filename> and
2537 <filename>/etc/rc.firewall6</filename> will no longer add their own
2538 hardcoded rules in the cases of a rules file in the
2539 <varname>firewall_type</varname> variable or a non-existent
2540 firewall type. (The motivation for this change is to avoid
2541 acting on assumptions about a site's firewall policies.) In
2542 addition, the <literal>closed</literal> firewall type now works
2543 as documented in the &man.rc.firewall.8; manual page. &merged;</para>
2545 <para role="historic">The functionality of <filename>/etc/security</filename> has
2546 been been moved into a set of scripts under the &man.periodic.8;
2547 framework, to make local customization easier and more
2548 maintainable. These scripts now reside in
2549 <filename>/etc/periodic/security/</filename>. &merged;</para>
2551 <para>&man.expr.1; is now compliant with POSIX.2-1992 (and thus
2552 also with POSIX.1-2001). Some program depend on the old,
2553 historic behavior and do not properly protect their arguments to
2554 keep them from being misinterpreted as command-line options.
2555 (the <filename role="package">devel/libtool</filename>
2556 port/package, used by many GNU programs, is a notable example).
2557 The old behavior can be requested by enabling compatibility mode
2558 for &man.expr.1; as described in
2559 &man.check.utility.compat.3;.</para>
2561 <para>&man.fbtab.5; now accepts glob matching patterns for target
2562 devices, not just individual devices and directories.</para>
2564 <para arch="i386,pc98">&man.fdisk.8; no longer attempts to search for a
2565 device if none has been specified on the command line, but
2566 instead tries to figure out the default device name from the
2569 <para>&man.fdread.1;, a program to read data from floppy disks,
2570 has been added. It is a counterpart to &man.fdwrite.1; and is
2571 designed to provide a means of recovering at least some data
2572 from bad media, and to obviate the need for a complex invocation of
2575 <para role="historic">&man.find.1; now takes the <option>-empty</option> flag,
2576 which returns true if a file or directory is
2577 empty. &merged;</para>
2579 <para role="historic">&man.find.1; now takes the <option>-iname</option> and
2580 <option>-ipath</option> primaries for case-insensitive matches,
2581 and the <option>-regexp</option> and <option>-iregexp</option>
2582 primaries for regular-expression matches. The
2583 <option>-E</option> flag now enables extended regular
2584 expressions. &merged;</para>
2586 <para role="historic">&man.find.1; now has the <option>-anewer</option>,
2587 <option>-cnewer</option>, <option>-mnewer</option>,
2588 <option>-okdir</option>, and <option>-newer[acm][acmt]</option>
2589 primaries for comparisons of file timestamps. The latter
2590 primaries can be specified with various units of
2591 time. &merged;</para>
2593 <para role="historic">&man.finger.1; now has the ability to support fingering
2594 aliases, via the &man.finger.conf.5; file. &merged;</para>
2596 <para>&man.finger.1; now has support for a
2597 <filename>.pubkey</filename> file. &merged;</para>
2599 <para>&man.finger.1; now supports a <option>-g</option> flag to
2600 restrict the printing of GECOS information to the user's full
2601 name only. &merged;</para>
2603 <para>&man.finger.1; now supports the <option>-4</option> and
2604 <option>-6</option> flags to specify an address family for
2605 remote queries. &merged;</para>
2607 <para role="historic">&man.fmt.1; has been rewritten; the rewrite fixes a number
2608 of bugs compared to its prior behavior. &merged;</para>
2610 <para role="historic">&man.fmtcheck.3;, a function for checking consistency of
2611 format string arguments, has been added. &merged;</para>
2613 <para>&man.fold.1; now supports a <option>-b</option> flag to
2614 break at byte positions and a <option>-s</option> flag to break at
2615 word boundaries. &merged;</para>
2617 <para role="historic">&man.fsdb.8; now supports a <literal>blocks</literal>
2618 command to list the blocks allocated by a particular
2619 inode. &merged;</para>
2621 <para>&man.fsck.8; wrappers have been imported; this feature
2622 provides infrastructure for &man.fsck.8; to work on different
2623 types of filesystems (analogous to &man.mount.8;).</para>
2625 <para>The behavior of &man.fsck.8; when dealing with various
2626 passes (a la <filename>/etc/fstab</filename>) has been modified
2627 to accommodate multiple-disk filesystems.</para>
2629 <para>&man.fsck.8; now has support for foreground
2630 (<option>-F</option>) and background (<option>-B</option>)
2631 checks. Traditionally, &man.fsck.8; is invoked before the
2632 filesystems are mounted and all checks are done to completion at
2633 that time. If background checking is available, &man.fsck.8; is
2634 invoked twice. It is first invoked at the traditional time,
2635 before the filesystems are mounted, with the <option>-F</option>
2636 flag to do checking on all the filesystems that cannot do
2637 background checking. It is then invoked a second time, after
2638 the system has completed going multiuser, with the
2639 <option>-B</option> flag to do checking on all the filesystems
2640 that can do background checking. Unlike the foreground
2641 checking, the background checking is started asynchronously so
2642 that other system activity can proceed even on the filesystems
2643 that are being checked. Boot-time enabling of this feature is
2645 <varname>background_fsck</varname> option in &man.rc.conf.5;.</para>
2647 <para role="historic">Shortly after the receipt of a <literal>SIGINFO</literal>
2648 signal (normally control-T from the controlling tty),
2649 &man.fsck.ffs.8; will now output a line indicating the current
2650 phase number and progress information relevant to the current
2651 phase. &merged;</para>
2653 <para>&man.fsck.ffs.8; now supports background filesystem checks
2654 to mounted FFS filesystems with the <option>-B</option> option
2655 (Soft Updates must be enabled on these filesystems). The
2656 <option>-F</option> flag now determines whether a specified
2657 filesystem needs foreground checking.</para>
2659 <para role="historic">A new &man.fsck.msdosfs.8; utility has been added to check
2660 the consistency of MS-DOS filesystems. &merged;</para>
2662 <para role="historic">&man.ftpd.8; now supports a <option>-r</option> flag for
2663 read-only mode and a <option>-E</option> flag to disable
2664 <literal>EPSV</literal>. It also has some fixes to reduce
2665 information leakage and the ability to specify compile-time port
2666 ranges. &merged;</para>
2668 <para>&man.ftpd.8; now supports the <option>-m</option> option
2669 to permit guest users to modify existing files if allowed
2670 by filesystem permissions.
2671 In particular, this enables guest users to resume uploads.
2674 <para>&man.ftpd.8; now supports the <option>-M</option> option
2675 to prevent guest users from creating directories.
2678 <para>&man.ftpd.8; now supports <option>-o</option> and
2679 <option>-O</option> options to disable the
2680 <literal>RETR</literal> command; the former for everybody, and
2681 the latter only for guest users. Coupled with
2682 <option>-A</option> and appropriate file permissions, these can
2683 be used to create a relatively safe anonymous FTP drop box for
2684 others to upload to. &merged;</para>
2686 <para>&man.ftpd.8; now supports the <option>-W</option> option
2687 to disable logging FTP sessions to &man.wtmp.5;. &merged;</para>
2689 <para>The &man.fwcontrol.8; utility has been added to help users
2690 access and control the FireWire subsystem. &merged;</para>
2692 <para arch="i386,pc98" role="historic">&man.gdb.1; now supports hardware
2693 watchpoints (using the kernel's debug register + support that
2694 has been introduced in &os; 4.0). &merged;</para>
2696 <para>The &man.getconf.1; utility has been added. It prints the
2697 values of POSIX or X/Open path or system configuration
2698 variables. &merged;</para>
2700 <para role="historic">The &man.getprogname.3; and &man.setprogname.3; library
2701 functions have been added to manipulate the name of the current
2702 program. They are used by error-reporting routines to produce
2703 consistent output. &merged;</para>
2705 <para>gifconfig(8) is obsolete and has been removed. Its
2706 functionality is now handled by the <option>tunnel</option> and
2707 <option>deletetunnel</option> commands of
2708 &man.ifconfig.8;.</para>
2710 <para>&man.gprof.1; now has a <option>-K</option> option to enable
2711 dynamic symbol resolution from the currently-running kernel.
2712 With this change, properly-compiled KLD modules are now able to
2715 <para arch="ia64">The gpt tool for manipulating EFI GPT
2716 partitions has been added.</para>
2718 <para role="historic">&man.growfs.8;, a utility for growing FFS filesystems, has
2719 been added. &man.ffsinfo.8;, a utility for dump all the
2720 meta-information of an existing filesystem, has also been
2721 added. &merged;</para>
2723 <para role="historic">The &man.groups.1; and &man.whoami.1; shell scripts are now
2724 unnecessary; their functionality has been completely folded into
2725 &man.id.1;. &merged;</para>
2727 <para>The ibcs(8), linux(8), osf1(8), and
2728 svr4(8) scripts, whose sole purpose was to load emulation
2729 kernel modules, have been removed. The kernel module system
2730 will automatically load them as needed to fulfill
2731 dependencies.</para>
2733 <para role="historic">&man.indent.1; has gained some new formatting
2734 options. &merged;</para>
2736 <para role="historic">&man.ifconfig.8; can set the link-layer address of
2737 an interface using the <option>link</option> parameter.
2740 <para role="historic">&man.ifconfig.8; can now accept addresses in slash/CIDR
2741 notation. &merged;</para>
2743 <para role="historic">&man.ifconfig.8; now has support for setting parameters for
2744 IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4;
2745 devices are supported, and partial support is provided for
2746 &man.awi.4; devices. &merged;</para>
2748 <para role="historic">&man.ifconfig.8; no longer displays the list of supported
2749 media by default. Instead it displays it when the
2750 <option>-m</option> flag is given. &merged;</para>
2752 <para>&man.ifconfig.8; now has the ability to set promiscuous mode
2753 on an interface, via the new <option>promisc</option>
2754 flag. &merged;</para>
2756 <para>&man.ifconfig.8; now supports a <literal>monitor</literal>
2757 interface flag, which blocks transmission of packets on that
2758 interface. This feature is useful for monitoring network traffic
2759 without interacting with the network in question.</para>
2761 <para role="historic">The syntax of &man.inetd.8;'s support for &man.faithd.8; is
2762 now compatible with that of other BSDs. &merged;</para>
2764 <para role="historic">The <literal>ident</literal> protocol support in
2765 &man.inetd.8; has been cleaned up and updated. &merged;</para>
2767 <para role="historic">&man.inetd.8; now has the ability to manage UNIX-domain
2768 sockets. &merged;</para>
2770 <para>By default, &man.inetd.8; is no longer run by &man.rc.8; at
2771 boot-time, although &man.sysinstall.8; gives the option of
2772 enabling it during binary installations. &man.inetd.8; can also
2773 be enabled by adding the following line to
2774 <filename>/etc/rc.conf</filename>:</para>
2776 <programlisting>inetd_enable="YES"</programlisting>
2778 <para>&man.inetd.8; now has the capability for limiting the
2779 maximum number of simultaneous invocations of each service from
2780 a single IP address. &merged;</para>
2782 <para role="historic">&man.install.1; has a number of new features, including the
2783 <option>-b</option> and <option>-B</option> options for backing up
2784 existing target files and the <option>-S</option> option for
2785 <quote>safe</quote> (atomic copy) operation. The
2786 <option>-c</option> (copy) flag is now the default, and the
2787 <option>-D</option> (debugging) flag has been withdrawn.
2788 &man.install.1; now issues a warning if <option>-d</option>
2789 (create directories) and <option>-C</option> (copy changed files
2790 only) are used together. &merged;</para>
2792 <para role="historic">IP Filter is now supported by the &man.rc.conf.5; boot-time
2793 configuration and initialization. &merged;</para>
2795 <para role="historic">&man.ipfstat.8; now supports the <option>-t</option> option
2796 to turn on a &man.top.1;-like display. &merged;</para>
2798 <para role="historic">&man.ipfw.8; will now avoid the display of dynamic firewall
2799 rules unless the <option>-d</option> flag is passed to it. The
2800 <option>-e</option> option lists expired dynamic
2801 rules. &merged;</para>
2803 <para role="historic">&man.ipfw.8; has a new feature (<literal>me</literal>) that
2804 allows for packet matching on interfaces with
2805 dynamically-changing IP addresses. &merged;</para>
2807 <para role="historic">&man.ipfw.8; has a new <literal>limit</literal> type of
2808 firewall rule, which limits the number of sessions between
2809 address pairs. &merged;</para>
2811 <para>&man.ipfw.8; filter rules can now match on the value of the
2812 IPv4 precedence field.</para>
2814 <para role="historic">&man.ip6fw.8; now has the ability to use a preprocessor and
2815 use the <option>-q</option> (quiet) flag when reading from a
2816 file. &merged;</para>
2818 <para role="historic">&man.ispppcontrol.8; has been deleted, and its functionality
2819 has been folded into &man.spppcontrol.8;. &merged;</para>
2821 <para role="historic">&man.k5su.8; is no longer installed SUID
2822 <username>root</username> by default. Users requiring this
2823 feature can either manually change the permissions on the
2824 &man.k5su.8; executable or add
2825 <literal>ENABLE_SUID_K5SU=yes</literal> to
2826 <filename>/etc/make.conf</filename> before a source
2827 upgrade. &merged;</para>
2829 <para>&man.kbdmap.1; and &man.vidfont.1; have been converted from
2832 <para role="historic">&man.kenv.1;, a command to dump the kernel environment, has
2833 been added. &merged;</para>
2835 <para>&man.kenv.1; now has the ability to set or delete kernel
2836 environment variables.</para>
2838 <para role="historic">&man.keyinfo.1; is now a C program, rather than a Perl
2839 script. &merged;</para>
2841 <para>The kget(8) utility has been removed (it was only
2842 useful for UserConfig, which is not present in &os;
2843 &release.current;).</para>
2845 <para role="historic">&man.killall.1; is now a C program, rather than a Perl
2846 script. As a result, its <option>-m</option> option now uses
2847 the regular expression syntax of &man.regex.3;, rather than that
2848 of Perl. &merged;</para>
2850 <para>&man.killall.1; no longer tries to kill zombie processes
2851 unless the <option>-z</option> flag is specified.</para>
2853 <para role="historic">The &man.kldconfig.8; utility has been added to make it
2854 easier to manipulate the kernel module search
2855 path. &merged;</para>
2857 <para>&man.ktrdump.8;, a utility to dump the ktr trace buffer from
2858 userland, has been added.</para>
2860 <para role="historic">&man.last.1; now implements a <option>-d</option> that
2861 provides a <quote>snapshot</quote> of who was logged in at a
2862 particular date and time. &merged;</para>
2864 <para role="historic">&man.last.1; now supports a <option>-y</option> flag, which
2865 causes the year to be included in the session start time. &merged;</para>
2867 <para role="historic">The &man.lastlogin.8; utility, which prints the last login
2868 time of each user, has been imported from
2869 NetBSD. &merged;</para>
2871 <para role="historic">&man.ldconfig.8; now checks directory ownerships and
2872 permissions for greater security; these checks can be disabled
2873 with the <option>-i</option> flag. &merged;</para>
2875 <para role="historic">&man.ldd.1; can now be used on shared libraries, in addition
2876 to executables. &merged;</para>
2878 <para>&man.ldd.1; now supports a <option>-a</option> flag to list
2879 all the objects that are needed by each loaded object.</para>
2881 <para><filename>libc</filename> is now thread-safe by default;
2882 <filename>libc_r</filename> contains only thread
2885 <para role="historic"><filename>libcrypt</filename> and
2886 <filename>libdescrypt</filename> have been unified to provide a
2887 configurable password authentication hash library. Both the md5
2888 and des hash methods are provided unless the des hash is
2889 specifically compiled out. &merged;</para>
2891 <para role="historic"><filename>libcrypt</filename> now has support for Blowfish
2892 password hashing. &merged;</para>
2894 <para arch="i386" role="historic"><filename>libdisk</filename> can now do
2895 install-time configuration of the <filename>boot0</filename>
2896 boot loader. &merged;</para>
2898 <para role="historic"><filename>libstand</filename> now has support for
2899 filesystems containing
2900 <application>bzip2</application>-compressed
2901 files. &merged;</para>
2903 <para><filename>libstand</filename> now has support for
2904 overwriting the contents of a file on a UFS filesystem (it
2905 cannot expand or truncate files because the filesystem may be
2906 dirty or inconsistent).</para>
2908 <para role="historic"><filename>libstand</filename> now has support for loading
2909 large kernels and modules split across several physical
2910 media. &merged;</para>
2912 <para role="historic">The default TCP port range used by
2913 <filename>libfetch</filename> for passive FTP retrievals has
2914 changed; this affects the behavior of &man.fetch.1;, which has
2915 gained the <option>-U</option> option to restore the old
2916 behavior. &merged;</para>
2918 <para role="historic"><filename>libfetch</filename> now has support for an
2919 authentication callback. &merged;</para>
2921 <para role="historic"><filename>libfetch</filename> now has support for a
2922 <envar>HTTP_USER_AGENT</envar> environment
2923 variable. &merged;</para>
2925 <para><filename>libgmp</filename> has been superceded by
2926 <filename>libmp</filename>.
2928 <para>The functions from <filename>libposix1e</filename> have been
2929 integrated into <filename>libc</filename>.</para>
2931 <para role="historic"><filename>libusb</filename> has been renamed as
2932 <filename>libusbhid</filename>, following NetBSD's naming
2933 conventions. &merged;</para>
2935 <para role="historic">&man.ln.1; now takes an <option>-i</option> option to
2936 request user confirmation before overwriting an existing
2937 file. &merged;</para>
2939 <para role="historic">&man.ln.1; now takes a <option>-h</option> flag to avoid
2940 following a target that is a link, with a <option>-n</option>
2941 flag for compatibility with other
2942 implementations. &merged;</para>
2944 <para>&man.lock.1; now accepts a <option>-v</option> to disable
2945 switching VTYs while the current terminal is locked. This permits
2946 locking the entire console from a single terminal. &merged;</para>
2948 <para role="historic">&man.logger.1; can now send messages directly to a remote
2949 syslog. &merged;</para>
2951 <para role="historic">&man.login.1; now exports environment variables set by
2952 <application>PAM</application> modules. &merged;</para>
2954 <para>&man.lpc.8; has been improved; <command>lpc clean</command>
2955 is now somewhat safer, and a new <command>lpc tclean</command>
2956 command has been added to check to see what files would be
2957 removed by <command>lpc clean</command>. <command>lpc
2958 topq</command> has been reimplemented, and now allows for a much
2959 more flexible specification of which jobs should be moved (such
2960 as a range of job numbers, or a hostname). An <command>lpc
2961 bottomq</command> command has been added to move jobs to the
2962 bottom of a print queue, and a new <command>lpc
2963 setstatus</command> command can be used to set a printer's
2964 status message. &merged;</para>
2966 <para role="historic">&man.lpd.8; now takes two new options: <option>-c</option>
2967 will log all connection errors to &man.syslogd.8;, while
2968 <option>-W</option> will allow connections from non-reserved
2969 ports. &merged;</para>
2971 <para role="historic">&man.lpd.8; now has some support for
2972 <literal>o</literal>-type print-file actions in its control
2973 files, which allows printing of PostScript files generated by
2974 <application>MacOS</application> 10.1. &merged;</para>
2976 <para role="historic">&man.lpd.8; now recognizes the <option>-s</option> flag as
2977 the preferred synonym for <option>-p</option> (these flags
2978 cause &man.lpd.8; not to open a socket for network print
2979 jobs). &merged;</para>
2981 <para role="historic">&man.lpd.8; now implements a new <literal>rc</literal>
2982 printcap option. When specified in a print queue for a remote
2983 host, boolean option causes &man.lpd.8; to resend the data file
2984 for each copy the user requested via <command>lpr
2985 -#<replaceable>n</replaceable></command>. &merged;</para>
2987 <para role="historic">Catching up with most other network utilities in the base
2988 system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and
2989 &man.logger.1; are now all IPv6-capable. &merged;</para>
2991 <para role="historic"><command>lprm -</command> now works for remote printer
2992 queues. &merged;</para>
2994 <para role="historic">&man.ls.1; can produce colorized listings with the
2995 <option>-G</option> flag (and appropriate terminal support).
2996 The <envar>CLICOLOR</envar> environment variable can be set to
2997 enable colorized listings by default. &merged;</para>
2999 <para role="historic">&man.ls.1; now accepts a <option>-h</option> flag, which
3000 when combined with the <option>-l</option> flag, causes file
3001 sizes to be printed with unit suffixes, such that the number of
3002 digits printed is fewer than four. &merged;</para>
3004 <para>The &man.ls.1; program now supports a <option>-m</option>
3005 flag to list files across a page, a <option>-p</option> flag to
3006 force printing of a <literal>/</literal> after directories, and
3007 a <option>-x</option> flag to sort filenames across a
3008 page. &merged;</para>
3010 <para role="historic">&man.m4.1; now accepts a <option>-s</option> flag to cause
3011 it to emit <literal>#line</literal> directives for use by
3012 &man.cpp.1;. &merged;</para>
3014 <para role="historic">&man.mail.1; now takes a <option>-E</option> flag to avoid
3015 sending messages with empty bodies. &merged;</para>
3017 <para role="historic">&man.make.1; has gained the <literal>:C///</literal>
3018 (regular expression substitution), <literal>:L</literal>
3019 (lowercase), and <literal>:U</literal> (uppercase) variable
3020 modifiers. These were added to reduce the differences between
3021 the &os; and OpenBSD/NetBSD &man.make.1; programs.
3024 <para role="historic">Bugs in &man.make.1;, among which include broken null suffix
3025 behavior, bad assumptions about current directory permissions,
3026 and potential buffer overflows, have been fixed. &merged;</para>
3028 <para role="historic">The new <varname>CPUTYPE</varname>
3029 <filename>make.conf</filename> variable controls the compilation
3030 of processor-specific optimizations in various pieces of code
3031 such as <application>OpenSSL</application>. &merged;</para>
3033 <para role="historic">The &os; <filename>Makefile</filename> infrastructure now
3034 supports the <varname>WARNS</varname> directive from NetBSD.
3035 This directive controls the addition of compiler warning flags
3036 to <varname>CFLAGS</varname> in a relatively compiler-neutral
3037 manner. &merged;</para>
3039 <para>&man.makewhatis.1; is now a C program, instead of a
3042 <para>&man.man.1; is no longer installed SUID
3043 <username>man</username>, in order to reduce vulnerabilities
3044 associated with generating <quote>catpages</quote> (preformatted
3045 manual pages cached for repeated viewing). As a result,
3046 &man.man.1; can no longer create system catpages on a regular
3047 user's behalf. It is still able to do so if the user has write
3048 permissions to the directory holding catpages (e.g. a user's own
3049 manpages) or if the running user is
3050 <username>root</username>.</para>
3052 <para arch="ia64">The mca utility, for decoding machine check
3053 records, has been added.</para>
3055 <para>The &man.mdmfs.8; command has been added; it is a wrapper
3056 around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and
3057 &man.mount.8; that mimics the command line option set of the
3058 deprecated &man.mount.mfs.8;.</para>
3060 <para role="historic">&man.mergemaster.8; now sources an
3061 <filename>/etc/mergemaster.rc</filename> file and also prompts
3062 the user to run recommended commands (such as
3063 <command>newaliases</command>) as needed. &merged;</para>
3065 <para role="historic">&man.mergemaster.8; now supports two new flags.
3066 The <option>-p</option> flag enables a
3067 <quote>pre-<literal>buildworld</literal></quote> mode to files
3068 known to be essential to the success of the
3069 <literal>buildworld</literal> and
3070 <literal>installworld</literal> system updating steps. The
3071 <option>-C</option> flag, used after a successful
3072 &man.mergemaster.8; run, compares options in
3073 <filename>/etc/rc.conf</filename> to the default options in
3074 <filename>/etc/defaults/rc.conf</filename>. &merged;</para>
3076 <para>&man.mesg.1; now conforms to SUSv3. Among other things, it
3077 now uses the first terminal associated with the standard input,
3078 standard output or standard error file descriptor, in that order.
3079 Thus, it is possible to use the redirection facilities of a shell
3080 (<command>mesg n < /dev/ttyp1</command>) to control write access
3081 for other terminals.</para>
3083 <para role="historic">mk_cmds(1) and the associated
3084 <filename>libss</filename> have been removed; they have been
3085 unused for quite some time. &merged;</para>
3087 <para>&man.mountd.8; and &man.nfsd.8; have moved from
3088 <filename>/sbin</filename> to <filename>/usr/sbin</filename>.</para>
3090 <para role="historic">&man.moused.8; now takes a <option>-a</option> option to
3091 control mouse acceleration. &merged;</para>
3093 <para role="historic">&man.mtree.8; now includes support for a file that lists
3094 pathnames to be excluded when creating and verifying prototypes.
3095 This makes it easier to use &man.mtree.8; as a part of an
3096 intrusion-detection system. &merged;</para>
3098 <para>&man.mv.1; now takes a (nonstandard) <option>-n</option> option to
3099 automatically answer <quote>no</quote> when it would ask to
3100 overwrite a file. &merged;</para>
3102 <para role="historic">&man.natd.8; now supports a
3103 <option>-log_ipfw_denied</option> option to log packets that
3104 cannot be re-injected because they are blocked by &man.ipfw.8;
3105 rules. &merged;</para>
3107 <para role="historic">The <quote>in use</quote> percentage metric displayed by
3108 &man.netstat.1; now really reflects the percentage of network
3109 mbufs used. &merged;</para>
3111 <para role="historic">&man.netstat.1; now has a <option>-W</option> flag that
3112 tells it not to truncate addresses, even if they're too long for
3113 the column they're printed in. &merged;</para>
3115 <para role="historic">&man.netstat.1; now keeps track of input and output packets
3116 on a per-address basis for each interface. &merged;</para>
3118 <para role="historic">&man.netstat.1; now has a <option>-z</option> flag to reset
3119 statistics. &merged;</para>
3121 <para role="historic">&man.netstat.1; now has a <option>-S</option> flag to print
3122 address numerically but port names symbolically. &merged;</para>
3124 <para role="historic">&man.newfs.8; now implements write combining, which can make
3125 creation of new filesystems up to seven times
3126 faster. &merged;</para>
3128 <para role="historic">&man.newfs.8; now takes a <option>-U</option> option to
3129 enable Soft Updates on a new filesystem. &merged;</para>
3131 <para role="historic">The default number of cylinders per group in &man.newfs.8;
3132 is now computed to be the maximum allowable given the current
3133 filesystem parameters. It can be overridden with the
3134 <option>-c</option> option. Formerly, the default was fixed at
3135 16. This change leads to better &man.fsck.8; performance and
3136 reduced fragmentation. &merged;</para>
3138 <para role="historic"><anchor id="newfs-block-frag-sizes">The default block and
3139 fragment sizes for new filesystems created by &man.newfs.8; are
3140 now 16384 and 2048 bytes, respectively (the old defaults were
3141 8192 and 1024 bytes). This change generally provides increased
3142 performance, at the expense of some wasted disk
3143 space. &merged;</para>
3145 <para>A number of archaic features of &man.newfs.8; have been
3146 removed; these implemented tuning features that are essentially
3147 useless on modern hard disks. These features were controlled by
3148 the <option>-O</option>, <option>-d</option>,
3149 <option>-k</option>, <option>-l</option>, <option>-n</option>,
3150 <option>-p</option>, <option>-r</option>, <option>-t</option>,
3151 and <option>-x</option> flags.</para>
3153 <para>&man.newfs.8; now supports a <option>-O</option> flag to
3154 select the creation of UFS1 or UFS2 filesystems.</para>
3156 <para>The &man.newgrp.1; utility to change to a new group has been
3159 <para>&man.newsyslog.8; now compresses log files
3160 using &man.bzip2.1; by default. (The former behavior of using
3161 &man.gzip.1; can be specified in
3162 <filename>/etc/newsyslog.conf</filename>.)</para>
3164 <para>The &man.nextboot.8; utility has been added to specify an
3165 alternate kernel and/or boot flags to be used the next time the
3166 machine is booted. A previous incarnation of this feature
3167 first appeared in &os; 2.2.</para>
3169 <para><application>NFS</application> now works over IPv6.</para>
3171 <para role="historic">&man.ngctl.8; now supports a <option>write</option> command
3172 to send a data packet down a given hook. &merged;</para>
3174 <para>&man.nice.1; now uses the <option>-n</option> option to
3175 specify the <quote>niceness</quote> of the utility being
3176 run. &merged;</para>
3178 <para role="historic">&man.nl.1;, a line numbering filter program, has been
3179 added. &merged;</para>
3181 <para><application>nsswitch</application> support has been merged
3182 from NetBSD. By creating an &man.nsswitch.conf.5; file, &os;
3183 can be configured so that various databases such as
3184 &man.passwd.5; and &man.group.5; can be looked up using flat
3185 files, NIS, or Hesiod. If <filename>/etc/nsswitch.conf</filename>
3186 does not exist, it will be automatically generated from an existing
3187 <filename>/etc/hosts.conf</filename> at system startup time. The
3188 <filename>/etc/hosts.conf</filename> file may be used by old
3189 executables; it will be automatically generated from
3190 an existing <filename>/etc/nsswitch.conf</filename> during
3191 system startup if it exists.</para>
3193 <para>&man.od.1; now supports the <option>-A</option> option to
3194 specify the input address base, the <option>-N</option> option to
3195 specify the number of bytes to dump, the <option>-j</option>
3196 option to specify the number of bytes to skip, the
3197 <option>-s</option> option to output signed decimal shorts, and
3198 the <option>-t</option> option to specify output type. &merged;</para>
3200 <para arch="sparc64">The &man.ofwdump.8; utility has been added to
3201 examine the OpenFirmware device tree.</para>
3203 <para><application>PAM</application> support has been added for
3204 account management and sessions.</para>
3206 <para><application>PAM</application> configuration is now
3207 specified by files in <filename>/etc/pam.d/</filename>, rather
3208 than a single <filename>/etc/pam.conf</filename> file.
3209 <filename>/etc/pam.d/README</filename> has more details.</para>
3211 <para>A &man.pam.echo.8; echo service module has been added.</para>
3213 <para>A &man.pam.exec.8; program execution service module has been
3216 <para>A &man.pam.ftp.8; module has been added to allow
3217 authentication of anonymous FTP users.</para>
3219 <para>A &man.pam.ftpusers.8; module has been added to perform
3220 checks against the &man.ftpusers.5; file.</para>
3222 <para>A &man.pam.ksu.8; module has been added to do Kerberos 5
3223 authentication and <filename>$HOME/.k5login</filename>
3224 authorization for &man.su.1;.</para>
3226 <para>A &man.pam.lastlog.8; module has been added to record
3227 sessions in the &man.utmp.5;, &man.wtmp.5;, and &man.lastlog.5;
3230 <para>A &man.pam.login.access.8; module has been added, to allow
3231 checking against <filename>/etc/login.access</filename>.</para>
3233 <para>The &man.pam.nologin.8; module, which can disallow logins
3234 using &man.nologin.5;, has been added.</para>
3236 <para>The &man.pam.opie.8; and &man.pam.opieaccess.8; modules have
3237 been added to control authentication via &man.opie.4;. &merged;</para>
3239 <para>A &man.pam.passwdqc.8; module has been added, to check the
3240 quality of passwords submitted during password changes.</para>
3242 <para>A &man.pam.rhosts.8; module has been added to support
3243 &man.rhosts.5; authentication.</para>
3245 <para>The &man.pam.rootok.8; module, which can be used to
3246 authenticate only the superuser, has been added.</para>
3248 <para>A &man.pam.securetty.8; module has been added to check the
3249 <quote>security</quote> of a TTY, as listed in &man.ttys.5;.</para>
3251 <para>A &man.pam.self.8; module, which allows self-authentication
3252 of a user, has been added.</para>
3254 <para role="historic">A &man.pam.ssh.8; module has been added to allow the use of
3255 SSH passphrases and keypairs for authentication. This module
3256 also handles session management by invoking
3257 &man.ssh-agent.1;. &merged;</para>
3259 <para>A &man.pam.wheel.8; module has been added to permit
3260 authentication to members of a group, which defaults to
3261 <groupname>wheel</groupname>.</para>
3263 <para role="historic">&man.passwd.1; and &man.pw.8; now select the password hash
3264 algorithm at run time. See the <literal>passwd_format</literal>
3266 <filename>/etc/login.conf</filename>. &merged;</para>
3268 <para role="historic">&man.patch.1; now accepts a <option>-i</option> command-line
3269 flag to read a patch from a file, rather than standard
3270 input. &merged;</para>
3272 <para>The &man.pathchk.1; utility, which checks pathnames for
3273 validity or portability between POSIX systems, has been
3274 added. &merged;</para>
3276 <para role="historic">&man.pax.1; has received a number of enhancements, including
3277 &man.cpio.1; functionality, &man.tar.1; compatibility
3278 enhancements, <option>-z</option> and <option>-Z</option> flags
3279 for &man.gzip.1; and &man.compress.1; functionality, and a
3280 number of bug fixes. &merged;</para>
3282 <para role="historic">&man.pciconf.8; now supports a <option>-v</option> option to
3283 display the vendor/device information of configured devices, in
3284 conjunction with the <option>-l</option> option. The default
3285 vendor/device database can be found at
3286 <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para>
3288 <para role="historic">The behavior of &man.periodic.8; is now controlled by
3289 <filename>/etc/defaults/periodic.conf</filename> and
3290 <filename>/etc/periodic.conf</filename>. &merged;</para>
3292 <para role="historic">&man.ping.8; now supports a <option>-m</option> option to
3293 set the TTL of outgoing packets. &merged;</para>
3295 <para role="historic">&man.ping.8; now supports a <option>-A</option> option to
3296 beep when packets are lost. &merged;</para>
3298 <para>&man.ping.8; now supports a <option>-o</option> flag to exit
3299 after receiving a reply.</para>
3301 <para role="historic">Userland &man.ppp.8; has received a number of updates and
3302 bug fixes. &merged;</para>
3304 <para role="historic">&man.ppp.8; has gained the <literal>tcpmssfixup</literal>
3305 option, which adjusts outgoing and incoming TCP SYN packets so
3306 that the maximum receive segment size is no larger than allowed
3307 by the interface MTU. &merged;</para>
3309 <para role="historic">&man.ppp.8; now supports IPv6. &merged;</para>
3311 <para role="historic">&man.pppd.8; (the control program for kernel-level PPP) is
3312 now installed mode <literal>4550</literal> and
3313 <username>root</username><literal>:</literal><groupname>dialer</groupname>,
3314 rather than mode <literal>4555</literal> (in other words, it is
3315 no longer world-executable). Users of &man.pppd.8; may need to
3316 change their group settings. &merged;</para>
3318 <para role="historic">&man.pr.1; now supports the <option>-f</option> and
3319 <option>-p</option> flags to pause output going to a
3320 terminal. &merged;</para>
3322 <para>prefix(8) is obsolete and has been removed. Its
3323 functionality is provided by the <option>eui64</option> command
3324 to &man.ifconfig.8;.</para>
3326 <para role="historic">The <option>-W</option> option to &man.ps.1; (to extract
3327 information from a specified swap device) has been useless for
3328 some time; it has been removed. &merged;</para>
3330 <para>The &man.pselect.3; library function (introduced by POSIX.1
3331 as a slightly stronger version of &man.select.2;) has been
3334 <para role="historic">&man.pwd.1; can now double as &man.realpath.1;, a program to
3335 resolve pathnames to their underlying physical
3336 paths. &merged;</para>
3338 <para>&man.pwd.1; now supports the <option>-L</option> flag to
3339 print the logical current working directory. &merged;</para>
3341 <para>&man.quota.1; now takes a <option>-l</option> flag to
3342 suppress quote checks on NFS filesystems.</para>
3344 <para>The pseudo-random number generator implemented by
3345 &man.rand.3; has been improved to provide less biased
3348 <para role="historic">&man.rc.8; now has a framework for handling dependencies
3349 between &man.rc.conf.5; variables. &merged;</para>
3351 <para role="historic">&man.rc.8; now deletes all non-directory files in
3352 <filename>/var/run</filename> and
3353 <filename>/var/spool/lock</filename> at boot
3354 time. &merged;</para>
3356 <para>&man.rcmd.3; now supports the use of the
3357 <envar>RSH</envar> environment variable to specify a program to
3358 use other than &man.rsh.1; for remote execution. As a result,
3359 programs such as &man.dump.8; can use &man.ssh.1; for remote
3362 <para>&man.rdist.1; has been retired from the base system, but is
3363 still available from &os; Ports Collection as
3364 <filename role="package">net/44bsd-rdist</filename>.</para>
3366 <para role="historic">&man.reboot.8; now takes a <option>-k</option> to specify
3367 the next kernel to boot. &merged;</para>
3369 <para>The &man.renice.8; command implements a <option>-n</option>
3370 option, which specifies an increment to be applied to the
3371 priority of a process. &merged;</para>
3373 <para role="historic">The &man.resolver.3; in &os; now implements EDNS0 support,
3374 which will be necessary when working with IPv6 transport-ready
3375 resolvers/DNS servers. &merged;</para>
3377 <para role="historic">The &man.rfork.thread.3; library call has been added as a
3378 helper function to &man.rfork.2;. Using this function should
3379 avoid the need to implement complex stack swap
3380 code. &merged;</para>
3382 <para role="historic">The <option>-v</option> option to &man.rm.1; now displays
3383 the entire pathname of a file being removed. &merged;</para>
3385 <para role="historic">&man.route.8; is now more verbose when changing indirect
3386 routes, in the case of a gateway route that is the same route as
3387 the one being modified. &merged;</para>
3389 <para role="historic">&man.route.8; now uses
3390 <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal>
3392 <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal>
3393 syntax, for compatibility with &man.netstat.1;. &merged;</para>
3395 <para role="historic">&man.route.8; can now create <quote>proxy only</quote>
3396 published ARP entries. &merged;</para>
3398 <para role="historic">The &man.route.8; <option>add</option> command now supports
3399 the <option>-ifp</option> and <option>-ifa</option>
3400 modifiers. &merged;</para>
3402 <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para>
3404 <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename>
3406 <filename>/usr/libexec/cpp</filename>.</para>
3408 <para>&man.rpc.lockd.8; has been imported from NetBSD. This
3409 daemon provides support for servicing client NFS locks.</para>
3411 <para role="historic">The performance of the ELF dynamic linker &man.rtld.1; has
3412 been improved. &merged;</para>
3414 <para role="historic">RSA Security has waived all patent rights to the
3415 <application>RSA</application> algorithm. As a result, the
3416 native <application>OpenSSL</application> implementation of the
3417 RSA algorithm is now activated by default, and the <filename
3418 role="package">security/rsaref</filename> port and the
3419 <filename>librsaUSA</filename> and
3420 <filename>librsaINTL</filename> libraries are no longer required
3421 for USA and non-USA residents respectively. &merged;</para>
3423 <para>&man.rtld.1; will now print the names of all objects that
3424 cause each object to be loaded, if the
3425 <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment
3426 variable is defined.</para>
3428 <para role="historic">&man.savecore.8; now supports a <option>-k</option> option
3429 to prevent clearing a crash dump after saving it. It also
3430 attempts to avoid writing large stretches of zeros to crash dump
3431 files to save space and time. &merged;</para>
3433 <para role="historic">&man.savecore.8; now works correctly on machines with 2 GB
3434 or more of RAM. &merged;</para>
3436 <para role="historic">&man.sed.1; now takes a <option>-E</option> option for
3437 extended regular expression support. &merged;</para>
3439 <para>&man.sed.1; now takes a <option>-i</option> option to enable
3440 in-place editing of files. &merged;</para>
3442 <para role="historic">&man.send-pr.1; now takes a <option>-a</option> option to
3443 include a file into the <literal>Fix:</literal> section of a
3444 problem report. &merged;</para>
3446 <para>The &man.setfacl.1; and &man.getfacl.1; commands have been
3447 added to manage filesystem Access Control Lists.</para>
3449 <para role="historic">&man.setproctitle.3; has been moved from
3450 <filename>libutil</filename> to
3451 <filename>libc</filename>. &merged;</para>
3453 <para role="historic">&man.sh.1; now implements <command>test</command> as a
3454 built-in command for improved efficiency. &merged;</para>
3456 <para>&man.sh.1; no longer implements <command>printf</command> as
3457 a built-in command because it was considered less valuable
3458 compared to the other built-in commands (this functionality is,
3459 of course, still available through the &man.printf.1;
3462 <para>&man.sh.1; now supports a <option>-C</option> option to
3463 prevent existing regular files from being overwritten by output
3464 redirection, and a <option>-u</option> to give an error if an
3465 unset variable is expanded. &merged;</para>
3467 <para>The &man.sh.1; built-in <command>cd</command> command now
3468 supports <option>-L</option> and <option>-P</option> flags to
3469 invoke logical or physical modes of operation, respectively.
3470 Logical mode is the default, but the default can be changed with
3471 the <varname>physical</varname> &man.sh.1; option. &merged;</para>
3473 <para>The &man.sh.1; built-in <command>jobs</command> command now
3474 supports a <option>-s</option> flag to output PIDs only and a
3475 <option>-l</option> flag to add PIDs to the output. &merged;</para>
3477 <para>&man.sh.1; now supports a <command>bind</command> built-in
3478 command, which allows the key bindings for the shell's line editor
3479 to be changed.</para>
3481 <para>The &man.sh.1; built-in <command>export</command> and
3482 <command>readonly</command> commands now support a
3483 <option>-p</option> flag to print their output in
3484 <quote>portable</quote> format. &merged;</para>
3486 <para>&man.sh.1; no longer accepts invalid constructs as
3487 <command><replaceable>command</replaceable> & &&
3488 <replaceable>command</replaceable></command>, <command>&&
3489 <replaceable>command</replaceable></command>, or <command>||
3490 <replaceable>command</replaceable></command>. &merged;</para>
3492 <para role="historic">&man.sockstat.1; now has <option>-c</option> and
3493 <option>-l</option> flags for listing connected and listening
3494 sockets, respectively. &merged;</para>
3496 <para>&man.spkrtest.8; is now a &man.sh.1; script, rather than a
3499 <para role="historic">&man.split.1; now has the ability to split a file longer
3500 than 2GB. &merged;</para>
3502 <para>&man.split.1; now supports a <option>-a</option> option to
3503 specify the number of letters to use for the suffix of split
3504 files. &merged;</para>
3506 <para>In preparation for meeting SUSv2/POSIX
3507 <filename><sys/select.h></filename> requirements,
3508 <literal>struct selinfo</literal> and related functions have been
3509 moved to <filename><sys/selinfo.h></filename>.</para>
3511 <para role="historic">The &man.strnstr.3; and &man.strcasestr.3; variants of
3512 &man.strstr.3; have been implemented. &merged;</para>
3514 <para role="historic">&man.stty.1; now has support for an
3515 <literal>erase2</literal> control character, so that, for
3516 example, both the <keycap>Delete</keycap> and
3517 <keycap>Backspace</keycap> keys can be used to erase
3518 characters. &merged;</para>
3520 <para>&man.su.1; now uses <application>PAM</application> for
3521 authentication.</para>
3523 <para>The &man.swapoff.8; command has been added to disable paging
3524 and swapping on a device. A related &man.swapctl.8; command has
3525 been added to provide an interface to &man.swapon.8; and
3526 &man.swapoff.8; similar to other BSDs.
3529 <para>The &man.swapoff.8; feature should be considered
3530 experimental.</para>
3534 <para role="historic">Boot-time &man.syscons.4; configuration was moved to a
3536 <filename>/etc/rc.syscons</filename>. &merged;</para>
3538 <para role="historic">&man.sysctl.8; now supports a <option>-N</option> option to
3539 print out variable names only. &merged;</para>
3541 <para role="historic">&man.sysctl.8; has replaced the <option>-A</option> and
3542 <option>-X</option> options with <option>-ao</option> and
3543 <option>-ax</option> respectively; the former options are now
3544 deprecated. The <option>-w</option> option is deprecated as
3545 well; it is not needed to determine the user's
3546 intentions. &merged;</para>
3548 <para role="historic">&man.sysctl.8; now supports a <option>-e</option> option to
3549 separate variable names and values by <literal>=</literal>
3550 rather than <literal>:</literal>. This feature is useful for
3551 producing output that can be fed back to
3552 &man.sysctl.8;. &merged;</para>
3554 <para>&man.sysctl.8; now accepts a <option>-d</option> flag to print
3555 the descriptions of variables.</para>
3557 <para role="historic">&man.sysinstall.8; now properly preserves
3558 <filename>/etc/mail</filename> during a binary
3559 upgrade. &merged;</para>
3561 <para role="historic">&man.sysinstall.8; now uses some more intuitive defaults
3562 thanks to some new dialog support functions. &merged;</para>
3564 <para>The default root partition in &man.sysinstall.8; is now
3565 100MB on the i386 and pc98, 120MB on the Alpha.</para>
3567 <para>&man.sysinstall.8; now lives in
3568 <filename>/usr/sbin</filename>, which simplifies the
3569 installation process. The &man.sysinstall.8; manpage is also
3570 installed in a more consistent fashion now.</para>
3572 <para role="historic">&man.sysinstall.8; now has the ability to load KLDs as a
3573 part of the installation. &merged;</para>
3575 <para role="historic">When run from the installation media, &man.sysinstall.8;
3576 will automatically load any device drivers found in the
3577 <filename>/stand/modules</filename> directory of the
3578 <literal>mfsroot</literal> floppy or filesystem image. Note
3579 that any drivers so loaded will not appear in the kernel's boot
3580 messages; the &man.sysinstall.8; debugging screen will provide
3581 additional information. &merged;</para>
3583 <para role="historic">&man.sysinstall.8; now enables Soft Updates by default on
3584 all filesystems it creates, except for the root
3585 filesystem. &merged;</para>
3587 <para role="historic">&man.sysinstall.8; has received updates for its
3588 <quote>auto</quote> partitioning mode which provide more
3589 reasonable defaults for the sizes of partitions that are
3590 created; auto-sized partitions can now also recover the space
3591 that becomes available when other partitions are
3592 deleted. &merged;</para>
3594 <para>&man.sysinstall.8; no longer mounts the &man.procfs.5;
3595 filesystem by default on new installs. This change was made to
3596 improve security, but &man.procfs.5; can still be mounted
3597 manually or via an appropriate line in the &man.fstab.5;
3600 <para role="historic">&man.sysinstall.8; now has rudimentary support for
3601 retrieving packages from the correct volume of a multiple-volume
3602 installation (such as a multi-CD distribution). &merged;</para>
3604 <para role="historic">&man.syslogd.8; can take a <option>-n</option> option to
3605 disable DNS queries for every request. &merged;</para>
3607 <para role="historic">&man.syslogd.8; now supports a
3608 <literal>LOG_CONSOLE</literal> facility (disabled by default),
3609 which can be used to log <filename>/dev/console</filename>
3610 output. &merged;</para>
3612 <para role="historic">&man.syslogd.8; now has the ability to bind to a specific
3613 address (as opposed to using every available one) via the
3614 <option>-b</option> option. &merged;</para>
3616 <para role="historic">&man.syslogd.8; now accepts a <option>-c</option> flag to
3617 disable repeated line compression. &merged;</para>
3619 <para>&man.systat.1; now includes an <option>-ifstat</option>
3620 display mode that displays the network traffic going through
3621 active intrfaces on the system.</para>
3623 <para>&man.tabs.1;, a utility to set terminal tab stops, has been
3626 <para role="historic">&man.tail.1; now has the ability to work on files longer
3627 than 2GB. &merged;</para>
3629 <para role="historic">&man.tar.1; now supports the <varname>TAR_RSH</varname>
3630 variable, principally to enable the use of &man.ssh.1; as a
3631 transport. &merged;</para>
3633 <para role="historic">&man.telnet.1; now does autologin and encryption by default;
3634 a new <option>-y</option> option turns off encryption. &merged;</para>
3636 <para role="historic">&man.telnet.1; now supports a <option>-u</option> flag to
3637 allow connections to UNIX-domain (<literal>AF_UNIX</literal>)
3638 sockets. &merged;</para>
3640 <para>The &man.termcap.5; database now uses the
3641 <literal>xterm</literal> terminal type from
3642 <application>XFree86</application>. As a result, &man.xterm.1;
3643 now supports color by default and the common workaround of
3644 setting <varname>TERM</varname> to <literal>xterm-color</literal>
3645 is no longer necessary. Use of the
3646 <literal>xterm-color</literal> terminal type may result in
3647 (benign) warnings from applications.</para>
3649 <para role="historic">&man.tftp.1; and &man.tftpd.8; now support IPv6. &merged;</para>
3651 <para role="historic">&man.tftpd.8; now takes the <option>-c</option> and
3652 <option>-C</option> options, which allow the server to
3653 &man.chroot.2; based on the IP address of the connecting client.
3654 &man.tftp.1; and &man.tftpd.8; can now transfer files larger
3655 than 65535 blocks. &merged;</para>
3657 <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval
3658 and Transfer Size Options); this feature is required by some
3659 firmware like EFI boot managers (at least on HP i2000 Itanium
3660 servers) in order to boot an image using
3661 <application>TFTP</application>.</para>
3663 <para arch="alpha">&man.timed.8; now works on the alpha.</para>
3665 <para>A version of Transport Independent RPC
3666 (<application>TI-RPC</application>) has been imported.</para>
3668 <para role="historic">&man.tmpnam.3; will now use the <envar>TMPDIR</envar>
3669 environment variable, if set, to specify the location of
3670 temporary files. &merged;</para>
3672 <para>&man.tip.1; has been updated from
3673 <application>OpenBSD</application>, and has the ability to act
3674 as a &man.cu.1; substitute.</para>
3676 <para>&man.top.1; will now use the full width of its tty.</para>
3678 <para>&man.touch.1; now takes a <option>-h</option> option to
3679 operate on a symbolic link, rather than what the link points
3682 <para>&man.tr.1; now has basic support for equivalence classes
3683 for locales that support them. &merged;</para>
3685 <para>&man.tr.1; now supports a <option>-C</option> flag to
3686 complement the set of characters specified by the first string
3689 <para role="historic">The &man.truncate.1; utility, which truncates or extends the
3690 length of files, has been added. &merged;</para>
3692 <para>&man.tunefs.8; now supports the <option>-a</option> and
3693 <option>-l</option> flags to enable and disable the
3694 <literal>FS_ACLS</literal> and <literal>FS_MULTILABEL</literal>
3695 administrative flags on UFS file system.</para>
3697 <para>A &man.ugidfw.8; utility has been added to manage the
3698 rulesets provided by the <literal>mac_bsdextended</literal>
3699 Mandatory Access Control policy, similar to &man.ipfw.8;.</para>
3701 <para role="historic">Ukrainian language support has been added to the &os;
3702 console. &merged;</para>
3704 <para><application>UUCP</application> has been removed from the
3705 base system. It can be found in the Ports Collection, in
3706 <filename role="package">net/freebsd-uucp</filename>.</para>
3708 <para>&man.unexpand.1; now supports a <option>-t</option> to
3709 specify tabstops analogous to &man.expand.1;. &merged;</para>
3711 <para role="historic">&man.units.1; has received some updates and
3712 bugfixes. &merged;</para>
3714 <para>&man.usbdevs.8; now supports a <option>-d</option> flag to
3715 show the device driver associated with each device.</para>
3717 <para role="historic">The &man.usbhidctl.1; utility has been added to manipulate
3718 USB Human Interface Devices. &merged;</para>
3720 <para role="historic">&man.uuencode.1; and &man.uudecode.1; now accept a <option>-o</option> option to
3721 set their output files. &man.uuencode.1; can now be made to do base64 encoding
3722 when given the <option>-m</option> flag, while &man.uudecode.1;
3723 can now automatically decode base64 files. &merged;</para>
3725 <para>The base64 capabilities of &man.uuencode.1; and
3726 &man.uudecode.1; can now be automatically enabled by invoking
3727 these utilities as &man.b64encode.1; and &man.b64decode.1;
3728 respectively. &merged;</para>
3730 <para>Functions to implement and manipulate OSF/DCE 1.1-compliant
3731 UUIDs have been added to <filename>libc</filename>. More
3732 information can be found in &man.uuid.3;.</para>
3734 <para>The &man.uuidgen.1; utility has been added. It uses the new
3735 &man.uuidgen.2; system call to generate one or more Universally
3736 Unique Identifiers compatible with OSF/DCE 1.1 version 1
3739 <para role="historic">&man.vidcontrol.1; now accepts a <option>-g</option>
3740 parameter to select custom text geometry in the
3741 <literal>VESA_800x600</literal> raster text mode. &merged;</para>
3743 <para role="historic">&man.vidcontrol.1; now allows the user to omit the font size
3744 specification when loading a font, and has some better
3745 error-handling. &merged;</para>
3747 <para role="historic">&man.vidcontrol.1; now supports a <option>-p</option> option
3748 to take a snapshot of a &man.syscons.4; video buffer. These
3749 snapshots can be manipulated by the
3750 <filename role="package">graphics/scr2png</filename> utility in
3751 the Ports Collection. &merged;</para>
3753 <para role="historic">&man.vidcontrol.1; now supports a <option>-C</option> option
3754 to clear the history buffer for a given tty, as well as a
3755 <option>-h</option> option to set the size of the history
3756 buffer. &merged;</para>
3758 <para>&man.vidcontrol.1; now accepts a <option>-S</option> to
3759 allow the user to disable VTY switching. &merged;</para>
3761 <para>The default stripe size in &man.vinum.8; has been changed
3762 from 256KB to 279KB, to spread out superblocks more evenly
3763 between stripes.</para>
3765 <para role="historic">&man.wall.1; now supports a <option>-g</option> flag to
3766 write a message to all users of a given group. &merged;</para>
3768 <para role="historic">&man.watch.8; now takes a <option>-f</option> option to
3769 specify a &man.snp.4; device to use. &merged;</para>
3771 <para>&man.wc.1; now supports a <option>-m</option> flag to
3772 count characters, rather than bytes.</para>
3774 <para>&man.whereis.1;, formerly a Perl script, has been
3775 rewritten in C. It now supports a <option>-x</option> flag to
3776 suppress the run of &man.locate.1;, and a <option>-q</option>
3777 flag suppresses the leading name of the query.</para>
3779 <para>&man.whereis.1; now supports a <option>-a</option> flag
3780 to report all matches instead of only the first of each
3781 requested type.</para>
3783 <para>&man.which.1; is now a C program, rather than a Perl
3786 <para>&man.who.1; now has a number of new options:
3787 <option>-H</option> shows column headings; <option>-T</option>
3788 shows &man.mesg.1; state; <option>-m</option> is an equivalent
3789 to <option>am i</option>; <option>-u</option> shows idle time;
3790 <option>-q</option> to list names in columns. &merged;</para>
3792 <para role="historic">&man.whois.1; now directs queries for IP addresses to ARIN.
3793 If a query to ARIN references APNIC or RIPE, the appropriate
3794 server will also be queried, provided that the
3795 <option>-Q</option> option is not specified. &merged;</para>
3797 <para role="historic">&man.whois.1; supports a <option>-c</option> option to
3798 specify a country code to help direct queries towards a
3799 particular whois server. &merged;</para>
3801 <para>&man.wicontrol.8; now supports a <option>-l</option> to list
3802 the stations associated in <literal>hostap</literal> mode and a
3803 <option>-L</option> to list available access points.</para>
3805 <para>&man.xargs.1; now supports a <option>-I</option>
3806 <replaceable>replstr</replaceable> option that allows the user
3807 to tell &man.xargs.1; to insert the data read from standard
3808 input at specific points in the command line arguments rather
3809 than at the end. (A &os;-specific <option>-J</option> option is
3810 similar.) &merged;</para>
3812 <para>&man.xargs.1; now supports a <option>-L</option> option to
3813 force its utility argument to be called after some number of
3814 lines. &merged;</para>
3816 <para>&man.xargs.1; now supports a <option>-P</option> option to
3817 execute multiple copies of the same utility in parallel.</para>
3819 <para role="historic">The compiler chain now uses the FSF-supplied C/C++ runtime
3820 initialization code. This change brings about better
3821 compatibility with code generated from the various egcs and gcc
3822 ports, as well as the stock public FSF source. &merged;</para>
3824 <para role="historic">The threads library has gained some signal handling changes,
3825 bug fixes, and performance enhancements (including zero system
3826 call thread switching). &man.gdb.1; thread support has been
3827 updated to match these changes. &merged;</para>
3829 <para role="historic">Significant additions have been made to internationalization
3830 support; &os; now has complete locale support for the
3831 <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>,
3832 and <literal>LC_MESSAGES</literal> categories. A number of
3833 applications have been updated to take advantage of this
3834 support. &merged;</para>
3836 <para role="historic">Locale names have been changed to improve compatibility with
3837 the names used by X11R6, as well as a number of other UNIX
3838 versions. As an example, the
3839 <literal>en_US.ISO_8859-1</literal> locale name has been changed
3841 <literal>en_US.ISO8859-1</literal>. Entries in
3842 <filename>/etc/locale.alias</filename> provide backward
3843 compatibility. &merged;</para>
3845 <para>Various routines in the C library now have support for
3846 <quote>wide</quote> characters. Among these are
3847 character class functions such as &man.wctype.3;, wide character
3848 I/O functions such as &man.getwc.3;, formatted I/O functions
3849 such as &man.wprintf.3; and &man.wscanf.3;. Conversion
3850 functions to &man.multibyte.3; characters are also supported.</para>
3852 <para role="historic"><filename>/usr/src/share/examples/BSD_daemon/</filename> now
3853 contains a scalable Beastie graphic. &merged;</para>
3855 <para role="historic">As part of an ongoing process, many manual pages were
3856 improved, both in terms of their formatting markup and in their
3857 content. &merged;</para>
3859 <para>A number of utilities and libraries were enhanced to improve
3860 their conformance with the Single UNIX Specification (SUSv3) and
3861 IEEE Std 1003.1-2001 (<quote>POSIX.1</quote>). Specific
3862 features added have been listed in the release notes for each
3863 utility. The standards conformance of each utility or library
3864 function is generally listed in its manual page.</para>
3866 <para>A number of traditional BSD games have been removed from the base system;
3867 they are now available in the <filename
3868 role="package">games/freebsd-games</filename> port.
3869 These include: adventure(6), arithmetic(6), atc(6),
3870 backgammon(6), battlestar(6), bs(6), canfield(6), cribbage(6),
3871 fish(6), hack(6), hangman(6), larn(6), mille(6), phantasia(6),
3872 piano(6), pig(6), quiz(6), rain(6), robots(6), rogue(6),
3873 sail(6), snake(6), trek(6), wargames(6), worm(6), worms(6), and
3874 wump(6). dm(8), which was used to control access to games, is
3875 no longer necessary, and has also been removed. The
3876 <quote>utility-like</quote> games, as well as &man.fortune.6;,
3880 <title>Contributed Software</title>
3882 <para><application>am-utils</application> has been updated to
3885 <para>A 13 December 2002 snapshot of <application>awk</application> from Bell Labs (variously
3886 known as <quote>BWK awk</quote> or <quote>The One True
3887 AWK</quote>) has been imported. It is available as
3888 <command>awk</command> or
3889 <command>nawk</command>.</para>
3891 <para role="historic"><application>bc</application> has been updated from 1.04 to
3892 1.06. &merged;</para>
3894 <para role="historic">The ISC library from the <application>BIND</application>
3895 distribution is now built as
3896 <filename>libisc</filename>. &merged;</para>
3898 <para role="historic"><application>BIND</application> is now built with the
3899 <literal>NOADDITIONAL</literal> flag, which causes
3900 &man.named.8; to operate in a more consistent fashion for
3901 certain common misconfigurations. &merged;</para>
3903 <para><application>BIND</application> has been updated to
3904 8.3.3. &merged;</para>
3906 <para><application>Binutils</application> has been updated to
3907 a pre-release snapshot of 2.13.2 from 27 October 2002.</para>
3909 <para role="historic"><application>bzip2</application> 1.0.2 has been imported;
3910 this brings the &man.bzip2.1; program and the
3911 <filename>libbz2</filename> library to the base
3912 system. &merged;</para>
3914 <para>All of the <application>bzip2</application> suite of
3915 applications is now installed in the base system (in
3916 particular, <command>bzip2recover</command> is now built and
3917 installed. &merged;</para>
3919 <para role="historic">The &man.ee.1; <application>Easy Editor</application> has
3920 been updated to 1.4.2. &merged;</para>
3922 <para><application>file</application> has been updated to
3925 <para><application>gcc</application> has been updated to
3926 <application>gcc</application> 3.2.1 (released version).
3928 <para>The C++ ABI from <application>gcc</application>
3929 3.2.1 is not compatible with
3930 previous versions.</para>
3934 <para role="historic">&man.gcc.1; now uses a unified <filename>libgcc</filename>
3935 rather than a separate one for threaded and non-threaded
3936 programs. <filename>/usr/lib/libgcc_r.a</filename> can be
3937 removed. &merged;</para>
3939 <para role="historic">&man.gcc.1; now supports the environment variable
3940 <envar>GCC_OPTIONS</envar>, which can hold a set of default
3941 options for <application>GCC</application>. &merged;</para>
3943 <para><application>gdb</application> has been updated to version
3946 <para role="historic"><application>GNATS</application> has been updated to
3947 3.113. &merged;</para>
3949 <para><application>gperf</application> has been updated to
3952 <para><application>groff</application> and its related utilities
3953 have been updated to FSF version 1.18.1.</para>
3955 <para><application>Heimdal Kerberos</application> has been updated to
3956 0.5.1. &merged;</para>
3958 <para role="historic">The version of <application>IPFilter</application>
3959 provided with &os; now includes the &man.ipfs.8; program,
3960 which allows state information created for NAT entries and
3961 stateful rules to be saved to disk and restored after a
3962 reboot. Boot-time configuration of these features is
3963 supported by &man.rc.conf.5;. &merged;</para>
3965 <para>The <application>ISC DHCP</application> client has been
3966 updated to 3.0.1RC9.</para>
3968 <para role="historic"><application>Kerberos IV</application> has been updated to
3969 1.0.5. &merged;</para>
3971 <para>The &man.more.1; command has been replaced by
3972 &man.less.1;, although it can still be run as
3973 <command>more</command>. &merged; Version 371 of
3974 <application>less</application> has been imported.</para>
3976 <para>An XML processing library, named
3977 <filename>libbsdxml</filename>, has been added for the benefit
3978 of XML-using utilities in the base system. It is based almost
3979 entirely on an import of <application>expat</application>
3980 1.95.5, but is installed under a different name to avoid
3981 conflicts with any versions of
3982 <application>expat</application> installed from the Ports
3985 <para><application>libpcap</application> has been updated to
3986 0.7.1. &merged;</para>
3988 <para><application>libreadline</application> has been updated to
3991 <para><application>libz</application> has been updated to
3994 <para><application>lint</application> has been updated to
3995 snapshot of NetBSD &man.lint.1; as of 19 July 2002.</para>
3997 <para><application>lukemftp</application> 1.6 beta 2 (the FTP client from
3998 NetBSD) has replaced the &os; &man.ftp.1; program. Among its
3999 new features are more automation methods, better standards
4000 compliance, transfer rate throttling, and a customizable
4001 command-line prompt. Some environment variables and
4002 command-line arguments have changed.</para>
4004 <para>&man.m4.1; has been imported from OpenBSD, as of 26 April
4005 2002. &merged;</para>
4007 <para><application>ncurses</application> has been updated to
4008 5.2-20020615.</para>
4010 <para>The <application>NTP</application> suite of programs has
4011 been updated to 4.1.1b.</para>
4013 <para><application>OpenPAM</application>
4014 (<quote>Daffodil</quote> release) has been imported,
4016 <application>Linux-PAM</application>.</para>
4018 <para>The <application>OPIE</application> one-time-password
4019 suite has been updated to 2.4. It has completely
4020 replaced the functionality of
4021 <application>S/Key</application>. &merged;</para>
4023 <para><application>Perl</application> has been removed from the
4024 &os; base system. It can be installed from the &os;
4025 Ports Collection, as a binary package, or via the <guimenuitem>Perl
4026 distribution</guimenuitem> item in &man.sysinstall.8;'s
4028 Moving Perl out of the
4029 base system will make future upgrades and maintenence easier.
4030 To reduce the dependence of the base system on
4031 Perl, many utilities have been
4032 rewritten as shell scripts or C programs (specific notes are
4033 made for each affected utility).
4036 <para>The Perl script removal work is ongoing.</para>
4040 <para>Most of the distribution sets in &man.sysinstall.8;
4041 include the new Perl distribution. This change will
4042 therefore be transparent to most users, with the exception
4043 that updating Perl will be done separately from the base
4049 <para><application>GNU ptx</application> has been removed from
4050 the base system. It is not used anywhere in the base system,
4051 and has not been recently updated or maintained. Users
4052 requiring its functionality can install this utility as a part
4053 of the <filename role="package">textproc/textutils</filename>
4056 <para>The <literal>rc.d</literal> framework from NetBSD has been
4057 imported. It breaks down the system startup functionality
4058 into a number of small, <quote>task-oriented</quote> scripts
4059 in <filename>/etc/rc.d</filename>, with dynamic-determined
4060 ordering of startup scripts performed at boot-time.</para>
4062 <para role="historic">&man.routed.8; has been updated to version
4063 2.22. &merged;</para>
4065 <para arch="i386,pc98">Version 1.4.5 of the
4066 <application>smbfs</application> userland utilities has been
4067 imported. &merged;</para>
4069 <para><application>GNU sort</application> has been updated to
4070 the version from <application>GNU textutils
4071 2.0.21</application>.</para>
4073 <para>&man.stat.1; from <application>NetBSD</application>, as of
4074 5 June 2002 has, been imported.</para>
4076 <para><application>GNU tar</application> has been updated to
4077 1.13.25. &merged;</para>
4079 <para><application>tcpdump</application> has been updated to
4080 3.7.1. &merged;</para>
4082 <para>The &man.csh.1; shell has been replaced by &man.tcsh.1;,
4083 although it can still be run as <command>csh</command>.
4084 <application>tcsh</application> has been updated to version
4085 6.12. &merged;</para>
4087 <para>The contributed version of
4088 <application>tcp_wrappers</application> now includes the
4089 &man.tcpd.8; helper daemon. While not strictly necessary in a
4090 standard &os; installation (because &man.inetd.8; already
4091 incorporates this functionality), this may be useful for
4092 &man.inetd.8; replacements such as
4093 <application>xinetd</application>. &merged;</para>
4095 <para><application>texinfo</application> has been updated to
4096 4.2. &merged;</para>
4098 <para><application>top</application> has been updated to version
4099 3.5b12. &merged;</para>
4101 <para><application>traceroute</application> has been updated to
4102 LBL version 1.4a12.</para>
4104 <para role="historic">&man.traceroute.8; now takes its default maximum TTL value
4105 from the <varname>net.inet.ip.ttl</varname> sysctl
4106 variable. &merged;</para>
4108 <para>The timezone database has been updated to the
4109 <filename>tzdata2002d</filename> release. &merged;</para>
4114 <para><application>cvs</application> has been updated to
4115 a snapshot of 1.11.2.1, as of 1 December 2002. &merged;</para>
4117 <para role="historic">The default value for &man.cvs.1;'s
4118 <envar>CVS_RSH</envar> variable is now
4119 <literal>ssh</literal>, rather than
4120 <literal>rsh</literal>. &merged;</para>
4122 <para role="historic">&man.cvs.1; now supports a <option>-T</option> option to
4123 update a sandbox's <filename>CVS/Template</filename> file
4124 from the repository. &merged;</para>
4126 <para role="historic">&man.cvs.1; <literal>diff</literal> now supports the
4127 <option>-j</option> option to perform differences against a
4128 revision relative to a branch tag. &merged;</para>
4132 <title>CVSup</title>
4134 <para role="historic"><application>CVSup</application>, a frequently used
4135 utility in the &os; Ports Collection, was formerly
4136 installable using several ports and packages. The
4137 <filename role="package">net/cvsup-bin</filename> and
4138 <filename role="package">net/cvsupd-bin</filename>
4139 ports/packages are no longer necessary or available; the
4140 <filename role="package">net/cvsup</filename> port should be
4141 used instead. &merged;</para>
4143 <para role="historic"><application>CVSup</application> has been updated to
4144 16.1_3, which is available in the &os; Ports Collection as
4145 <filename role="package">net/cvsup</filename>. This update
4146 fixes a long-standing (but only recently encountered) bug
4147 which affects the timestamps on all files after Sun Sep 9
4148 01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX
4149 epoch). &merged;</para>
4152 <sect4 id="kame-userland">
4155 <para role="historic">The IPv6 stack is now based on a snapshot based on the
4156 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of
4157 the items listed in this section are a result of this
4159 <xref linkend="kame-kernel"> lists kernel updates to the
4160 KAME IPv6 stack. &merged;</para>
4162 <para role="historic">&man.faithd.8; now supports a configuration file for
4163 access control. &merged;</para>
4165 <para role="historic">&man.ifconfig.8; can now perform the functions of
4166 gifconfig(8). &merged;</para>
4168 <para role="historic">&man.ifconfig.8; can now perform the functions of
4169 prefix(8). &merged;</para>
4171 <para role="historic">&man.ndp.8; now implements garbage collection for stale
4172 NDP entries, as described in RFC 2461 (Neighbor Discovery
4173 for IP Version 6 (IPv6)). &merged;</para>
4175 <para role="historic">pim6dd(8) and pim6sd(8) have been removed due
4176 to restrictive licensing conditions. These programs are
4177 available in the ports collection as
4178 <filename role="package">net/pim6dd</filename> and
4179 <filename role="package">net/pim6sd</filename>. &merged;</para>
4181 <para role="historic">&man.route6d.8; now supports an <option>-n</option> flag
4182 to avoid updating the kernel forwarding
4183 table. &merged;</para>
4185 <para role="historic">The <option>-R</option> (router renumbering) option to
4186 &man.rtadvd.8; is currently ignored. &merged;</para>
4190 <title>OpenSSH</title>
4192 <para role="historic"><application>OpenSSH</application> has been updated to
4193 2.9, which provides support for the SSH2 protocol (now the
4194 default) and DSA keys. &man.ssh-add.1; and
4195 &man.ssh-agent.1; can now handle DSA keys, with support for
4196 authentication forwarding.
4197 <application>OpenSSH</application> users in the USA no
4198 longer need to rely on the restrictively-licensed RSAREF
4199 toolkit which is required to handle RSA keys. Among other
4200 new features: A client and server for &man.sftp.1; has been added.
4201 &man.scp.1; can now handle files larger than 2 GBytes. A
4202 limit on the number of outstanding, unauthenticated
4203 connections in &man.sshd.8; has been added. Support has
4204 been added for the Rijndael encryption algorithm. Rekeying
4205 of existing sessions is now supported, and an experimental
4206 <application>SOCKS4</application> proxy has been added to
4207 &man.ssh.1;. &merged;</para>
4209 <para><application>OpenSSH</application> has been updated to
4210 version 3.4p1. &merged; Among the changes:
4213 <para>The <filename>*2</filename> files are obsolete
4215 <filename>~/.ssh/known_hosts</filename> can hold the
4217 <filename>~/.ssh/known_hosts2</filename>).</para>
4220 <para>&man.ssh-keygen.1; can import and export keys using
4221 the SECSH Public Key File Format, for key exchange
4222 with several commercial SSH implementations.</para>
4225 <para>&man.ssh-add.1; now adds all three default keys.</para>
4228 <para>&man.ssh-keygen.1; no longer defaults to a
4229 specific key type; one must be specified with the
4230 <option>-t</option> option.</para>
4233 <para>A <quote>privilege separation</quote> feature,
4234 which uses unprivileged processes to contain and
4235 restrict the effects of future compromises or
4236 programming errors.</para>
4240 <para>Several bugfixes, including closure of a
4241 security hole that could lead to an integer overflow
4242 and undesired privilege escalation.</para>
4247 <para role="historic"><application>OpenSSH</application> can now authenticate
4248 using <application>OPIE</application> passwords. &merged;</para>
4250 <para role="historic"><application>PAM</application> support for
4251 <application>OpenSSH</application> has been added. &merged;</para>
4253 <para role="historic">A long-standing bug in
4254 <application>OpenSSH</application>, which sometimes resulted
4255 in a dropped session when an X11-forwarded client was
4256 closed, was fixed. &merged;</para>
4258 <para role="historic"><application>Kerberos</application> compatibility has
4260 <application>OpenSSH</application>. &merged;</para>
4262 <para role="historic"><application>OpenSSH</application> has been modified to
4263 be more resistant to traffic analysis by requiring that
4264 <quote>non-echoed</quote> characters are still echoed back
4265 in a null packet, as well as by padding passwords sent so as
4266 not to hint at password lengths. &merged;</para>
4268 <para role="historic">&man.sshd.8; is now enabled by default on new
4269 installs. &merged;</para>
4271 <para role="historic">&man.sshd.8; <literal>X11Forwarding</literal> is now
4272 turned on by default on the server (any risk is to the
4273 client, where it is already disabled by
4274 default). &merged;</para>
4276 <para role="historic">In <filename>/etc/ssh/sshd_config</filename>, the
4277 <literal>ConnectionsPerPeriod</literal> parameter has been
4278 deprecated in favor of
4279 <literal>MaxStartups</literal>. &merged;</para>
4281 <para role="historic"><application>OpenSSH</application> now has a
4282 <literal>VersionAddendum</literal> configuration setting for
4283 &man.sshd.8; to allow changing the part of the
4284 <application>OpenSSH</application> version string after the
4285 main version number. &merged;</para>
4289 <title>OpenSSL</title>
4291 <para><application>OpenSSL</application> has been updated to
4292 0.9.6g. &merged;</para>
4294 <para role="historic"><application>OpenSSL</application> now has support for
4295 machine-dependent ASM optimizations, activated by the new
4296 <varname>MACHINE_CPU</varname> and/or
4297 <varname>CPUTYPE</varname>
4298 <filename>make.conf</filename> variables. &merged;</para>
4302 <title>sendmail</title>
4304 <para><application>sendmail</application> has been updated
4305 from version 8.9.3 to version 8.12.6. Important changes
4306 include: &man.sendmail.8; is no longer installed as a
4307 set-user-ID <username>root</username> binary (now set-group-ID <groupname>smmsp</groupname>); new
4308 default file locations (see
4309 <filename>/usr/src/contrib/sendmail/cf/README</filename>);
4310 &man.newaliases.1; is limited to <username>root</username>
4311 and trusted users; STARTTLS encryption; and the MSA port
4312 (587) is turned on by default. See
4313 <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename>
4314 for more information. &merged;</para>
4316 <para role="historic">&man.mail.local.8; is no longer installed as a
4317 set-user-ID binary. If you are using a
4318 <filename>/etc/mail/sendmail.cf</filename> from the default
4319 <filename>sendmail.cf</filename> included with &os; any time
4320 after 3.1.0, you are fine. If you are using a
4321 hand-configured <filename>sendmail.cf</filename> and
4322 <command>mail.local</command> for delivery, check to make sure the
4323 <literal>F=S</literal> flag is set on the
4324 <literal>Mlocal</literal> line. Those with
4325 <filename>.mc</filename> files who need to add the flag can
4326 do so by adding the following line to their
4327 <filename>.mc</filename> file and regenerating the
4328 <filename>sendmail.cf</filename> file:</para>
4330 <programlisting role="historic">MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting>
4332 <para role="historic">Note that <literal>FEATURE(`local_lmtp')</literal> already
4333 does this. &merged;</para>
4335 <para role="historic">The default <filename>/etc/mail/sendmail.cf</filename>
4336 disables the SMTP <literal>EXPN</literal> and
4337 <literal>VRFY</literal> commands. &merged;</para>
4339 <para role="historic">&man.vacation.1; has been updated to use the version
4340 included with <application>sendmail</application>. &merged;</para>
4342 <para role="historic">The <application>sendmail</application> configuration
4343 building tools are installed in
4344 <filename>/usr/share/sendmail/cf/</filename>. &merged;</para>
4346 <para role="historic">New <filename>make.conf</filename> options:
4347 <varname>SENDMAIL_MC</varname> and
4348 <varname>SENDMAIL_ADDITIONAL_MC</varname>. See
4349 <filename>/usr/share/examples/etc/make.conf</filename> for more
4350 information. &merged;</para>
4352 <para role="historic"><filename>/etc/mail/Makefile</filename> now supports:
4353 the new <varname>SENDMAIL_MC</varname>
4354 <filename>make.conf</filename> option; the ability to build
4355 <filename>.cf</filename> files from
4356 <filename>.mc</filename> files; generalized map rebuilding;
4357 rebuilding the aliases file; and the ability to stop, start,
4359 <application>sendmail</application>. &merged;</para>
4361 <para role="historic">The <username>smmsp</username> and
4362 <username>mailnull</username> users have been added to
4363 <filename>/etc/master.passwd</filename>. In the absence of a
4364 <literal>confDEF_USER_ID</literal> setting, by default,
4365 <application>sendmail</application> will use the
4366 <username>mailnull</username> user for extra security.
4367 Previously, if the <username>mailnull</username> user did
4368 not exist, the <username>daemon</username> user was used.
4369 This change may generate some permissions issues when
4370 mailing to files or to programs (such as <filename
4371 role="package">mail/majordomo</filename>). &merged; The
4372 previous behavior can be restored by adding the following
4374 <filename><replaceable>*</replaceable>.mc</filename>
4377 <programlisting>define(`confDEF_USER_ID', `daemon')</programlisting>
4380 <para role="historic">Beginning with the import of
4381 <application>sendmail</application> 8.12.2, multiple
4382 <application>sendmail</application> daemons (some required
4383 to handle outgoing mail) are started by &man.rc.8;, even if
4384 the <varname>sendmail_enable</varname> variable is set to
4385 <literal>NO</literal>. To completely disable
4386 <application>sendmail</application>,
4387 <varname>sendmail_enable</varname> must be set to
4388 <literal>NONE</literal>. Alternatively, for systems using a
4389 different MTA, the <varname>mta_start_script</varname> variable can
4390 be used to point to a different startup script (more details
4391 can be found in &man.rc.sendmail.8;). &merged;</para>
4393 <para>By default, &man.rc.8; no longer enables
4394 <application>sendmail</application> for inbound SMTP
4395 connections. Note that &man.sysinstall.8; may override this
4396 default for a binary installation, based on what security
4397 profile is selected. This functionality can also be
4398 manually enabled by adding the following line to
4399 <filename>/etc/rc.conf</filename>:</para>
4401 <programlisting>sendmail_enable="YES"</programlisting>
4403 <para>The permissions for <application>sendmail</application>
4404 alias and map databases built via
4405 <filename>/etc/mail/Makefile</filename> now default to mode
4406 0640 to protect against a file locking local denial of service.
4407 It can be changed by setting the new
4408 <varname>SENDMAIL_MAP_PERMS</varname>
4409 <filename>make.conf</filename> option. &merged;</para>
4411 <para>The permissions for the <application>sendmail</application>
4412 statistics file, <filename>/var/log/sendmail.st</filename>, have
4413 been changed from mode 0644 to mode 0640 to protect against
4414 a file locking local denial of service. &merged;</para>
4420 <title>Ports/Packages Collection Infrastructure</title>
4422 <para><application>BSDPAN</application>, a collection of modules
4423 that provides tighter integration of
4424 <application>Perl</application> into the &os; Ports
4425 Collection, has been added.</para>
4427 <para role="historic">&man.pkg.create.1; and &man.pkg.add.1; can now work with
4428 packages that have been compressed using
4429 &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT
4430 environment variable to determine a mirror site for new
4431 packages. &merged;</para>
4433 <para role="historic">&man.pkg.create.1; now records dependencies in dependency
4434 order rather than in the order specified on the command line.
4435 This improves the functioning of <command>pkg_add
4436 -r</command>. &merged;</para>
4438 <para role="historic">&man.pkg.create.1; now supports a <option>-b</option> to
4439 create a package file from a locally-installed
4440 package. &merged;</para>
4442 <para role="historic">When requested to delete multiple packages,
4443 &man.pkg.delete.1; will now attempt to remove them in
4444 dependency order rather than the order specified on the
4445 command line. &merged;</para>
4447 <para role="historic">&man.pkg.delete.1; now can perform glob/regexp matching of
4448 package names. In addition, it supports a <option>-a</option>
4449 option for removing all packages and a <option>-i</option>
4450 option for &man.rm.1;-style interactive
4451 confirmation. &merged;</para>
4453 <para role="historic">&man.pkg.delete.1; now supports a <option>-r</option>
4454 option for recursive package removal. &merged;</para>
4456 <para role="historic">&man.pkg.info.1; now supports globbing against names of
4457 installed packages. The <option>-G</option> option disables
4458 this behavior, and the <option>-x</option> option causes
4459 regular expression matching instead of shell
4460 globbing. &merged;</para>
4462 <para role="historic">&man.pkg.info.1; can now accept a <option>-g</option> flag
4463 for verifying an installed package against its recorded
4464 checksums (to see if it's been modified post-installation).
4465 Naturally, this mechanism is only as secure as the contents of
4466 <filename>/var/db/pkg</filename> if it's to be used for auditing
4467 purposes. &merged;</para>
4469 <para role="historic">&man.pkg.sign.1; and &man.pkg.check.1; have been added to
4470 digitally sign and verify the signatures on binary package
4471 files. &merged;</para>
4473 <para>For some time, &os; 5.0-CURRENT (as well as some 4.X
4474 releases) included a pkg_update(1) utility to update installed
4475 packages, as well as their dependencies. This utility has
4476 been removed; a superset of its functionality can be found in
4477 the <filename role="package">sysutils/portupgrade</filename>
4480 <para role="historic">&man.pkg.version.1; now has a version number comparison
4481 routine that corresponds to the Porters Handbook. It also has
4482 a <option>-t</option> option for testing address comparisons.
4485 <para role="historic">&man.pkg.version.1; now takes a <option>-s</option> flag
4486 to limit its operation to ports/packages matching a given
4487 string. &merged;</para>
4489 <para>&man.pkg.version.1;, formerly a Perl script, has been
4490 rewritten in C. The <option>-c</option>, frequently misused,
4491 has been removed. The <filename
4492 role="package">sysutils/portupgrade</filename> port provides a
4493 supported and safer alternative.</para>
4495 <para role="historic">Version numbers of installed packages have a new
4496 (backward-compatible) syntax, which supports the
4497 <varname>PORTREVISION</varname> and
4498 <varname>PORTEPOCH</varname> variables in Ports Collection
4499 <filename>Makefile</filename>s. These changes help keep track
4500 of changes in the ports collection entries such as security
4501 patches or &os;-specific updates, which aren't reflected in
4502 the original, third-party software distributions.
4503 &man.pkg.version.1; can now compare these new-style version
4504 numbers. &merged;</para>
4506 <para role="historic">To improve performance and disk utilization, the
4507 <quote>ports skeletons</quote> in the &os; Ports Collection
4508 have been restructured. Installed ports and packages should
4509 not be affected. &merged;</para>
4511 <para role="historic">All packages and ports now contain an
4512 <quote>origin</quote> directive, which makes it easier for
4513 programs such as &man.pkg.version.1; to determine the
4514 directory from which a package was built. &merged;</para>
4516 <para>The Ports Collection infrastructure now uses
4517 <application>XFree86</application> 4.2.1 as the default version
4518 of the X Window System for the purposes of satisfying
4519 dependencies. To return to using
4520 <application>XFree86</application> 3.3.6, add the following line
4521 to <filename>/etc/make.conf</filename>: &merged;</para>
4523 <programlisting>XFREE86_VERSION=3</programlisting>
4525 <para>The libraries installed by the <filename
4526 role="package">emulators/linux_base</filename> port (required
4527 for Linux emulation) have been updated; they now correspond to
4528 those included with <application>Red Hat Linux</application>
4529 7.1. &merged;</para>
4531 <para>By default, packages generated by the Ports Collection (as
4532 well as the packages on the FTP sites) are now compressed
4533 using &man.bzip2.1;, rather than &man.gzip.1;. (Thus, they
4534 now have a <filename>.tbz</filename> extension, rather than a
4535 <filename>.tgz</filename> extension.) The package
4536 tools have been updated to handle the new format.</para>
4538 <para>The Ports Collection now maintains a separate index file
4539 (<filename>/usr/ports/INDEX-5</filename>) for use with &os;
4540 &release.branch;. A major motivation for a separate index
4541 file is to cope with dependencies (such as <filename
4542 role="package">lang/perl5</filename>) that exist in &os;
4543 &release.branch; but not &os; 4-STABLE. The index file for
4544 each package set is still called
4545 <filename>INDEX</filename>.</para>
4551 <title>Release Engineering and Integration</title>
4553 <para>The <filename>bin</filename> distribution has been renamed
4554 <filename>base</filename>, in order to make creation of combined
4555 install/recovery disks easier.</para>
4557 <para arch="i386">ISO images and CDROMs now use the
4558 <filename>cdboot</filename> boot loader by default. This
4559 eliminates the need for an emulated floppy disk image on
4560 a bootable CDROM and allows for a full
4561 <filename>GENERIC</filename> kernel to be used for CDROM
4562 installations, at the expense of compatability with some old
4565 <para arch="i386,pc98,alpha" role="historic"><application>XFree86</application> 4.2.0
4566 is now the default version of the X Window System supported by
4567 &man.sysinstall.8;. It installs
4568 <application>XFree86</application> as a set of standard binary
4569 packages, so the usual package utilities such as
4570 &man.pkg.info.1; can be used to examine/manipulate its
4571 components. &merged;</para>
4573 <para>It is now possible to make releases of &os;
4574 5-CURRENT on a &os; 4-STABLE host and vice versa. Cross-architecture
4575 (building a release for a target architecture on a host of a
4576 different architecture) releases are also possible. See
4577 &man.release.7; for details. &merged;</para>
4579 <para>A third <filename>drivers.flp</filename> floppy has been
4580 added to floppy releases. It holds loadable modules
4581 containing drivers that do not fit in the kernel on the
4582 <filename>kern.flp</filename> disk or in the
4583 <filename>mfsroot.flp</filename> image.</para>
4587 <title>Documentation</title>
4589 <para>A number of formerly-encumbered documents from the 4.4 BSD
4590 Programmer's Supplementary Documents have been restored to
4591 <filename>/usr/share/doc/psd</filename>. These include:</para>
4595 <para><emphasis>The UNIX Time-Sharing System</emphasis>
4596 (<filename>01.cacm</filename>)</para>
4600 <para><emphasis>UNIX Implementation</emphasis>
4601 (<filename>02.implement</filename>)</para>
4605 <para><emphasis>The UNIX I/O System</emphasis>
4606 (<filename>03.iosys</filename>)</para>
4610 <para><emphasis>UNIX Programming — Second Edition</emphasis>
4611 (<filename>04.uprog</filename>)</para>
4615 <para><emphasis>The C Programming Language — Reference Manual</emphasis>
4616 (<filename>06.Clang</filename>)</para>
4620 <para><emphasis>Yacc: Yet Another Compiler-Compiler</emphasis>
4621 (<filename>15.yacc</filename>)</para>
4625 <para><emphasis>Lex — A Lexical Analyzer Generator</emphasis>
4626 (<filename>16.lex</filename>)</para>
4630 <para><emphasis>The M4 Macro Processor</emphasis>
4631 (<filename>17.m4</filename>)</para>
4635 <para>Several formerly-encumbered documents from the 4.4 BSD
4636 User's Supplementary Documents have been restored to
4637 <filename>/usr/share/doc/usd</filename>. They include:</para>
4641 <para><emphasis>NROFF/TROFF User's Manual</emphasis>
4642 (<filename>21.troff</filename>)</para>
4646 <para><emphasis>A TROFF Tutorial</emphasis>
4647 (<filename>22.trofftut</filename>)</para>
4655 <title>Upgrading from previous releases of &os;</title>
4657 <para>Users with existing &os; systems are
4658 <emphasis>highly</emphasis> encouraged to read the <quote>Early
4659 Adopter's Guide to &os; 5.0</quote>. This document generally has
4660 the filename <filename>EARLY.TXT</filename> on the distribution
4661 media, or any other place that the release notes can be found. It
4662 offers some notes on upgrading, but more importantly, also
4663 discusses some of the relative merits of upgrading to &os;
4664 5.<replaceable>X</replaceable> versus running &os;
4665 4.<replaceable>X</replaceable>.</para>
4668 <para>Upgrading &os; should, of course, only be attempted after
4669 backing up <emphasis>all</emphasis> data and configuration