2 <title>&os;/&arch; &release.current; Release Notes</title>
4 <corpauthor>The FreeBSD Project</corpauthor>
6 <pubdate>$FreeBSD$</pubdate>
12 <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
16 <para>The release notes for &os; &release.current; contain a summary
18 <![ %include.historic; [
19 the changes made to the &os; base system since &release.prev;.
21 <![ %no.include.historic; [
22 recent changes made to the &os; base system on the &release.branch;
25 Both changes for kernel and userland are listed, as well as
26 applicable security advisories that were issued since the last
27 release. Some brief remarks on upgrading are also presented.</para>
32 <title>Introduction</title>
34 <para>This document contains the release notes for &os;
35 &release.current; on the &arch.print; hardware platform. It
36 describes recently added, changed, or deleted features of &os;.
37 It also provides some notes on upgrading
38 from previous versions of &os;.</para>
40 <![ %release.type.snapshot [
42 <para>The &release.type; distribution to which these release notes
43 apply represents a point along the &release.branch; development
44 branch between &release.prev; and the future &release.next;. Some
45 pre-built, binary &release.type; distributions along this branch
46 can be found at <ulink url="&release.url;"></ulink>.</para>
50 <![ %release.type.release [
52 <para>This distribution of &os; &release.current; is a
53 &release.type; distribution. It can be found at <ulink
54 url="&release.url;"></ulink> or any of its mirrors. More
55 information on obtaining this (or other) &release.type;
56 distributions of &os; can be found in the <ulink
57 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html"><quote>Obtaining
58 FreeBSD</quote> appendix</ulink> to the <ulink
59 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD
60 Handbook</ulink>.</para>
66 <title>What's New</title>
68 <para>This section describes
69 <![ %include.historic; [
70 the most user-visible new or changed features in &os;
72 In general, changes described here are unique to the &release.branch;
73 branch unless specifically marked as &merged; features.
75 <![ %no.include.historic; [
76 many of the user-visible new or changed features in &os;
77 since &release.prev;. It includes items that are unique to the
78 &release.branch; branch, as well as some features that may have been
80 other branches (after &os; &release.prev.historic;). The later
81 items are marked as &merged;.
85 <para>Typical release note items
86 document new drivers or hardware support, new commands or options,
87 major bugfixes, or contributed software upgrades. Applicable security
88 advisories issued after &release.prev; are also listed.</para>
90 <para>Many additional changes were made to &os; that are not listed
91 here for lack of space. For example, documentation was corrected
92 and improved, minor bugs were fixed, insecure coding practices
93 were audited and corrected, and source code was cleaned up.</para>
96 <title>Kernel Changes</title>
98 <para arch="i386">Execution of &man.a.out.5; format executables now
99 requires the <literal>COMPAT_AOUT</literal> option in the kernel
100 configuration or the loading of the <filename>aout.ko</filename>
101 kernel module.</para>
103 <para>&man.acct.2; has been changed to open the accounting file in
104 append mode, so that &man.accton.8; can be used to enable
105 accounting to an append-only file. &merged;</para>
107 <para arch="i386" role="historic">The &man.amdpm.4; driver has been added to
108 provide access to the system monitoring functions of the AMD 756
109 chipset. &merged;</para>
111 <para role="historic">The &man.agp.4; driver for AGP devices has been
112 added. &merged;</para>
114 <para>A new &man.ddb.4; command <command>show pcpu</command> lists
115 some of the per-CPU data.</para>
117 <para role="historic">Two new &man.ddb.4; commands, <command>hwatch</command> and
118 <command>dhwatch</command>, have been introduced. Analogous to
119 <command>watch</command> and <command>dwatch</command>, they
120 install hardware watchpoints (as opposed to software
121 watchpoints) if supported by the architecture. &merged;</para>
123 <para>&man.devfs.5;, which allows entries in the
124 <filename>/dev</filename> directory to be built automatically
125 and supports more flexible attachment of devices, has been
126 largely reworked. &man.devfs.5; is now enabled by default and
127 can be disabled by the <literal>NODEVFS</literal> kernel
130 <para>The &man.devfs.5; <quote>rule</quote> subsystem has been introduced. DEVFS rules
131 permit the administrator to define certain properties of new device
132 nodes before they become visible to the userland. Both static (e.g.
133 <filename>/dev/speaker</filename>) and dynamic (e.g.
134 <filename>/dev/bpf*</filename>, some removable devices) nodes are
135 supported. Each &man.devfs.5; mount may have a different ruleset assigned to
136 it, permitting different policies to be implemented for things like
137 jails. Rules and rulesets are manipulated with the &man.devfs.8;
140 <para>The dgm driver has been removed in favor of the digi driver.</para>
142 <para>A new digi driver has been added to support PCI Xr-based and
143 ISA Xem Digiboard cards. A new &man.digictl.8; program is
144 (mainly) used to re-initialize cards that have external port
145 modules attached such as the PC/Xem.</para>
147 <para>An &man.eaccess.2; system call has been added, similar to
148 &man.access.2; except that the former uses effective credentials
149 rather than real credentials.</para>
151 <para arch="sparc64">Support has been added for EBus-based
154 <para arch="i386" role="historic">The &man.ichsmb.4; driver for the Intel 82801AA
155 (ICH) SMBus controller and compatibles has been
156 added. &merged;</para>
158 <para>Each &man.jail.2; environment can now run under its own
161 <para>The tunable sysctl variables for &man.jail.2; have moved
162 from <varname>jail.*</varname> to the
163 <varname>security.*</varname> hierarchy. Other security-related
164 sysctl variables have moved from <varname>kern.security.*</varname> to
165 <varname>security.*</varname>.</para>
167 <para role="historic">The <varname>kern.maxvnodes</varname> limit now properly
168 limits the number of vnodes in use. Previously only vnodes with
169 no cached pages could be freed; this could allow the number of
170 vnodes to grow without limit on large-memory machines accessing
171 many small files. A <literal>vnlru</literal> kernel thread
172 helps to flush and reuse vnodes. &merged;</para>
174 <para role="historic">The kernel message buffer is now accessible by the
175 (machine-independent) <varname>kern.msgbuf</varname> sysctl
176 variable; &man.dmesg.8; no longer needs to be SGID
177 <groupname>kmem</groupname>. &merged;</para>
179 <para>The kernel environment is now dynamic, and can be changed
180 via the new &man.kenv.2; system call.</para>
182 <para role="historic">The &man.kqueue.2; event notification facility was added to
183 the &os; kernel. This is a new interface which is able to
184 replace &man.poll.2;/&man.select.2;, offering improved
185 performance, as well as the ability to report many different
186 types of events. Support for monitoring changes in sockets,
187 pipes, fifos, and files are present, as well as for signals and
188 processes. &merged;</para>
190 <para arch="i386,pc98" role="historic">A new <varname>KVA_SPACE</varname> kernel option
191 can be used to reconfigure the size of the kernel virtual
192 address space. &merged;</para>
194 <para>The labpc(4) driver has been removed due to
195 <quote>bitrot</quote>.</para>
197 <para>The loader and kernel linker now look for files named
198 <filename>linker.hints</filename> in each directory with KLDs
199 for a module name and version to KLD filename mapping. The new
200 &man.kldxref.8; utility is used to generate these files.</para>
202 <para role="historic">Linux emulation now supports the kernel functionality
204 <filename role="package">emulators/linux_base</filename>
205 (RedHat 7.X emulation) port. &merged;</para>
207 <para role="historic">Linux emulation now requires <literal>options
208 SYSVSEM</literal> in the kernel configuration. &merged;</para>
210 <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control
211 security facility, has been added as a kernel module. It
212 provides a drop-in security mechanism in addition to the
213 traditional UID-based security facilities, requiring no
214 additional configuration from the administrator. Work on this
215 feature was sponsored by DARPA and NAI Labs.</para>
217 <para>&os; now supports an extensible Mandatory Access Control
218 framework. It permits loadable kernel modules to link to the
219 kernel at compile-time, boot-time, or run-time, and augment the
220 system security policy.
223 <para>The MAC framework implementation is a work in progress.</para>
227 <para arch="ia64">Machine Check Architecture (MCA) records are now
228 collected at boot time and made available through the
229 <varname>hw.mca.*</varname> sysctl variables.</para>
231 <para role="historic">The <varname>maxusers</varname> kernel configuration
232 parameter is now a boot-time tunable variable. The kernel
233 parameters derived from <varname>maxusers</varname> are now also
234 tunables and can be overridden at boot-time. The
235 <varname>hz</varname> parameter is also now a
236 tunable. &merged;</para>
238 <para role="historic">Specifying a value of <literal>0</literal> for the
239 <varname>maxusers</varname> kernel configuration parameter will
240 now cause an appropriate value to be calculated at boot-time
241 (between 32 and 384, depending on the amount of memory present).
242 This value is now the default for all
243 <filename>GENERIC</filename> kernels. &merged;</para>
245 <para arch="alpha" role="historic">A <varname>MAXMEM</varname> kernel option,
246 along with the <varname>hw.physmem</varname> loader tunable, can
247 be used to artificially reduce the memory size of a machine for
248 testing (or other purposes). &merged;</para>
250 <para role="historic">The kernel configuration parameters
251 <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>,
252 <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>,
253 <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are
254 all loader tunables (<varname>kern.maxtsiz</varname>,
255 <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para>
257 <para>&man.mutex.9; profiling code has been added, enabled by the
258 <literal>MUTEX_PROFILING</literal> kernel configuration option.
259 It enables the <varname>debug.mutex.prof.*</varname> hierarchy
260 of sysctl variables.</para>
262 <para arch="i386,pc98" role="historic">The <literal>NCPU</literal>,
263 <literal>NAPIC</literal>, <literal>NBUS</literal>, and
264 <literal>NINTR</literal> kernel configuration options,
265 for configuring SMP kernels, have been removed.
266 <literal>NCPU</literal> is now set to a maximum of 16,
267 and the other, aforementioned options are now
268 dynamic. &merged;</para>
270 <para role="historic">A &man.nmdm.4; null-modem terminal driver has been added.
273 <para role="historic">The <literal>O_DIRECT</literal> flag has been added to
274 &man.open.2; and &man.fcntl.2;. Specifying this flag for open
275 files will attempt to minimize the cache effects of reading and
276 writing. &merged;</para>
278 <para role="historic">An &man.orm.4; device has been added to claim the option
279 ROMs in the ISA memory I/O space, to prevent other drivers from
280 mistakenly assigning addresses that conflict with these
281 ROMs. &merged;</para>
283 <para arch="i386,pc98">PECOFF (Win32 Execution file format) support has
286 <para arch="pc98" role="historic">The pmc driver, which supports the power
287 management controller of the NEC PC-98NOTE, has been
288 added. &merged;</para>
290 <para role="historic">POSIX.1b Shared Memory Objects are now supported. The
291 implementation uses regular files, but automatically enables the
292 MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para>
294 <para role="historic">Replaced the <literal>PQ_*CACHE</literal> options with a
295 single <literal>PQ_CACHESIZE</literal> option to be set to the
296 cache size in kilobytes. The old options are still supported
297 for backwards compatibility. &merged;</para>
299 <para arch="i386" role="historic">The &man.puc.4; (PCI <quote>Universal</quote>
300 Communications) driver has been added, to help connect PCI-based
301 serial ports to the &man.sio.4; driver. &merged;</para>
303 <para>The &man.random.4; device has been rewritten to use the
304 <application>Yarrow</application> algorithm. It harvests
305 entropy from a variety of interrupt sources, including the
306 console devices, Ethernet and point-to-point network interfaces,
307 and mass-storage devices. Entropy from the &man.random.4;
308 device is now periodically saved to files in
309 <filename>/var/db/entropy</filename>, as well as at shutdown
310 time. The semantics of <filename>/dev/random</filename> have
311 changed; it never blocks waiting for entropy bits but generates
312 a stream of pseudo-random data and now behaves exactly as
313 <filename>/dev/urandom</filename>.</para>
315 <para>A new kernel option, <literal>options REGRESSION</literal>,
316 enables interfaces and functionality intended for use during
317 correctness and regression testing.</para>
319 <para><literal>RLIMIT_VMEM</literal> support has been added. This
320 feature defines a new resource limit that covers a process's
321 entire virtual memory space, including &man.mmap.2; space. This
322 limit can be configured in &man.login.conf.5; via the new
323 <varname>vmemoryuse</varname> variable. &merged;</para>
325 <para arch="sparc64">Support has been added for SBus-based
328 <para arch="sparc64">The se driver, which supports the Siemens
329 SAB82532 serial chip found on many newer Sparc Ultra machines,
330 has been added.</para>
332 <para role="historic">The &man.snp.4; device is no longer static and can now be
333 compiled as a module. &merged;</para>
335 <para arch="i386" role="historic">The &man.spic.4; driver, which provides access
336 to the Jog Dial device on some Sony laptops, has been
337 added. &man.moused.8; support for this device has also been
338 added. &merged;</para>
340 <para>The &man.syscons.4; driver now supports keyboard-controlled
341 pasting, by default bound to
342 <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para>
344 <para>The &man.tcp.4; protocol's retransmission timer can now be
345 manipulated with two sysctl's,
346 <varname>net.inet.tcp.rexmit_min</varname> and
347 <varname>net.inet.tcp.rexmit_slop</varname>. The default has
348 been reduced from one second to 200ms (similar to the Linux default)
349 in order to better handle hicups over interactive connections and
350 improve recovery over lossy fast connections such as wireless links.</para>
352 <para>The &man.tcp.4; protocol now has the ability to dynamically
353 limit the send-side window to maximize bandwidth and minimize
354 round trip times. The feature can be enabled via the
355 <varname>net.inet.tcp.inflight_enable</varname>
358 <para role="historic">Support for USB devices was added to the
359 <filename>GENERIC</filename> kernel and to the installation
360 programs to support USB devices out of the box. Note that SRM
361 does not support USB devices at the moment, so you must still
362 use an AT keyboard if you are not using a serial
363 console. &merged;</para>
365 <para>The uaudio driver, for USB audio devices, has been
366 added. &merged;</para>
368 <para arch="i386,pc98" role="historic">The &man.umodem.4; driver for USB modems
369 has been added. Support is provided for the 3Com 5605 and
370 Metricom Ricochet GS wireless USB modems. &merged;</para>
372 <para arch="i386,pc98" role="historic">The &man.uscanner.4; driver for basic USB
373 scanner support using SANE has been added. See <ulink
374 url="http://www.mostang.com/sane/">the SANE home page</ulink>
375 for supported scanners. The HP ScanJet 4100C, 5200C and 6300C
376 are known to be working. &merged;</para>
378 <para>The &man.ucom.4; device driver has been added, to support USB
379 modems, serial devices, and other programs that need to look
380 like a tty. The related &man.uplcom.4; and &man.uvscom.4; drivers provide specific
381 support for the Prolific PL-2303 serial adapter and the SUNTAC
382 Slipper U VS-10U, respectively. &merged;</para>
384 <para>To increase security, the <literal>UCONSOLE</literal> kernel
385 configuration option has been removed.</para>
387 <para arch="i386,pc98">The UserConfig boot-time kernel configuration
388 feature, usually used to enable, disable, or configure ISA
389 devices, has been removed. Its functionality has been replaced
390 by the kernel hints file in
391 <filename>/boot/device.hints</filename>.</para>
393 <para>The <literal>USER_LDT</literal> kernel option is now
394 activated by default.</para>
396 <para>The &man.uvisor.4; driver for connecting Handspring Visors via USB
397 has been added. &merged;</para>
399 <para>A VESA S3 linear framebuffer driver has been added.</para>
401 <para arch="i386" role="historic">The &man.viapm.4; driver for VIA SMBus
402 power management controllers has been added. &merged;</para>
404 <!-- Above this line, sort kernel changes by manpage/keyword-->
406 <para role="historic">Write combining for crashdumps has been implemented. This
407 feature is useful when write caching is disabled on both SCSI
408 and IDE disks, where large memory dumps could take up to an hour
409 to complete. &merged;</para>
411 <para>The kernel crashdump infrastructure has been revised, to
412 support new platforms and in general clean up the logic in the
413 code. One implication of this change is that the on-disk format
414 for kernel dumps has changed, and is now
415 byte-order-agnostic.</para>
417 <para>Extremely large swap areas (>67 GB) no longer panic the
420 <para arch="alpha">Support for threads under Linux emulation has
423 <para role="historic">The <maketarget>buildkernel</maketarget> target now gets the
424 name of the configuration(s) to build from the
425 <varname>KERNCONF</varname> variable, not
426 <varname>KERNEL</varname>. It is no longer required, in some
427 cases, for a <maketarget>buildworld</maketarget> to precede a
428 <maketarget>buildkernel</maketarget>. (The
429 <maketarget>buildworld</maketarget> is still required when
430 upgrading across major releases, across
431 <application>binutil</application> updates and when
432 &man.config.8; changes version.) &merged;</para>
434 <para role="historic">The out-of-swap process termination code now begins killing
435 processes earlier to avoid deadlocks; it now also takes into
436 account the swap space used by processes when computing the
437 process sizes. &merged;</para>
439 <para>Linker sets are now self-contained; gensetdefs(8) is
440 unnecessary and has been removed.</para>
442 <para role="historic">Network device cloning has been implemented, and the
443 &man.gif.4; device has been modified to take advantage of it.
444 Thus, instead of specifying how many &man.gif.4; interfaces are
445 available in kernel configuration files, &man.ifconfig.8;'s
446 <option>create</option> option should be used when another device
447 instance is desired. &merged;</para>
449 <para>It is now possible to hardwire kernel environment variables
450 (such as tuneables) at compile-time using &man.config.8;'s
451 <literal>ENV</literal> directive.</para>
453 <para>Idle zeroing of pages can be enabled with the
454 <varname>vm.idlezero_enable</varname> sysctl variable.</para>
456 <para arch="i386,pc98" role="historic">The load addresses of kernels are now exported
457 to the symbol table and various hard-coded constants have been
458 removed so that utilities such as &man.ps.1; can work with
459 kernels compiled at different addresses. &merged;</para>
461 <para role="historic">Coredumps of large processes (or of a large number of
462 processes) no longer lock up the machine for long periods of
463 time. &merged;</para>
465 <para>The &os; kernel scheduler now supports Kernel-Scheduled
466 Entities (KSEs), which provides support for multiple threads of
467 execution per process similar to Schedular Activations. At this
468 point, the kernel has most of the changes needed to support
469 threading. The kernel scheduler can schedule multiple threads per
470 process, but only on a single CPU at a time. Support for
471 userland programs to create and utilize multiple threads is not
475 <para>KSE is a work in progress.</para>
480 <para>The kernel now has support for multiple low-level console
481 devices. The new &man.conscontrol.8; utility helps to manage
482 the different consoles.</para>
484 <para arch="alpha">The console driver has gained support for
485 TGA-based display adapters.</para>
487 <para role="historic">The kernel on the installation CDs is now separated from the
488 <filename>mfsroot</filename> image. This permits the use of a
489 full kernel when installing from CD on machines that support CD
490 booting (instead of the stripped-down kernel used on
491 floppies). &merged;</para>
493 <para role="historic">The system load average computation now adds some jitter to
494 the timing of samples, in order to avoid synchronization with
495 processes that run periodically. &merged;</para>
497 <para role="historic">If a debugging kernel with modules is being built
498 (i.e. using <literal>makeoptions DEBUG=-g</literal>), the
499 modules will now be built with debugging support as well, for
500 completeness. A side effect of this change is that modules
501 built and installed with debugging kernels will now occupy more
502 space on disk than they did previously. &merged;</para>
504 <para role="historic">The kernel dump device can now be set via the
505 <varname>dumpdev</varname> loader tunable. As a result, it is
506 now possible to obtain crash dumps from panics during the late
507 stages of kernel initialization (before the system enters into
508 single-user mode). &merged;</para>
510 <para>The kernel memory allocator is now a slab memory allocator,
511 similar to that used in Solaris. This is a SMP-safe memory
512 allocator that has near-linear performance as the number of CPUs
513 increases. It also allows for reduced memory
514 fragmentation.</para>
517 <title>Processor/Motherboard Support</title>
519 <para>SMP support has been largely reworked, incorporating code
520 from BSD/OS 5.0. One of the main features of SMPng
521 (<quote>SMP Next Generation</quote>) is to allow more
522 processes to run in kernel, without the need for spin locks
523 that can dramatically reduce the efficiency of multiple
524 processors. Interrupt handlers now have contexts associated
525 with them that allow them to be blocked, which reduces the
526 need to lock out interrupts.</para>
528 <para arch="i386,pc98">Support for the 80386 processor has been
529 removed from the <filename>GENERIC</filename> kernel, as this
530 code seriously pessimizes performance on other IA32
532 The <literal>I386_CPU</literal> kernel option
533 to support the 80386 processor is now mutually exclusive with
534 support for other IA32 processors; this should slightly
535 improve performance on the 80386 due to the elimination of
536 runtime processor type checks.
537 Custom kernels that will run on the 80386 can
538 still be built by changing the cpu options in the kernel
539 configuration file to only include
540 <literal>I386_CPU</literal>.</para>
542 <para arch="alpha" role="historic">AlphaServer 1200 (<quote>Tincup</quote>) has
543 been tested and works OK. Currently it does not want to boot
544 from CD or floppy but a transplanted disk that was installed
545 on another Alpha works well. &merged;</para>
547 <para arch="alpha">The API UP1100 mainboard has been verified to
550 <para arch="alpha">The API CS20 1U high server has been verified
553 <para arch="alpha">Support for AlphaServer 2100A
554 (<quote>Lynx</quote>) has been added.</para>
556 <para arch="alpha">Kernel code has been added that allows older
557 generation Alpha CPUs (EV4 and EV5) to emulate instructions of
558 the newer Alpha CPU generations. This enables the use of
559 binary-only programs like <application>Adobe Acrobat
560 4</application> on EV4 and EV5.</para>
562 <para arch="alpha">SMP support for the Alpha is now operational.</para>
564 <para arch="i386" role="historic">Detection for new processors, such as the
565 FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and
566 Transmeta Crusoe LongRun, has been added. &merged;</para>
568 <para arch="alpha">Support for the following hardware has been
569 removed from the installation kernel to make it fit on a
570 1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine,
571 sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595),
572 pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS
573 900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb
574 (Winbond W89C840F).</para>
576 <para arch="i386" role="historic">Support for Streaming <acronym>SIMD</acronym>
577 Extensions (<acronym>SSE</acronym>) has been introduced. The
578 <literal>CPU_ENABLE_SSE</literal> kernel option controls
579 whether support is compiled into the kernel. &merged;</para>
581 <para arch="i386" role="historic">The <literal>CPU_ATHLON_SSE_HACK</literal>
582 kernel option has been added, which attempts to enable the SSE
583 feature bit on newer Athlon CPUs if the BIOS has forgotten to
584 enable it. &merged;</para>
586 <para arch="sparc64">The UltraSPARC platform is now supported by
587 &os;. The following machines are supported to at least some
588 degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade
589 100. SMP is supported, and has been tested on the
590 Ultra 2, Ultra 60, Enterprise 220R, and
591 Enterprise 420R.</para>
593 <para arch="i386">On some systems, the BIOS does not activate
594 the I/O ports and memory of PC devices, thus making them
595 unusable. The <varname>hw.pci.enable_io_modes</varname>
596 sysctl/boot loader variable (which defaults to
597 <literal>1</literal>, for <quote>enabled</quote>)
598 forces &os; to enable these devices so that they can be
601 <para arch="alpha">Support for TurboChannel Alphas has been
604 <para arch="i386">Support for the AMD Élan SC520 has been
605 added; this requires the <literal>CPU_ELAN</literal> option in
606 the kernel configuration file.</para>
611 <title>Bootloader Changes</title>
613 <para arch="i386" role="historic"><filename>boot2</filename> now supports a
614 <option>-n</option> option to disallow boot interruption by
615 keypresses. &merged;</para>
617 <para arch="i386" role="historic">A new <filename>cdboot</filename> bootstrap
618 utility for CDROMs provides better compatability with some
619 BIOS implementations that do not completely implement the El
620 Torito bootable CDROM standard. This boot loader supports
621 <quote>no emulation</quote> mode booting, thus eliminating the
622 need for an emulated floppy disk image on a bootable
623 CDROM. &merged;</para>
625 <para arch="i386,pc98" role="historic">The i386 boot loader now has support for a
626 <literal>nullconsole</literal> console type, for use on
627 systems with neither a video console nor a serial
628 port. &merged;</para>
630 <para arch="i386,pc98" role="historic">The &man.loader.8; now has optional support
631 (enabled at compile-time, off by default) for loading
632 <application>bzip2</application>-compressed kernels and
633 modules. &merged;</para>
635 <para arch="i386" role="historic">Support for Intel's Wired for Management 2.0
636 (PXE) was added to the &os; boot loader. Due to API
637 differences, the older PXE versions are not supported. This
638 allow network booting using DHCP. &merged;</para>
640 <!-- Above this line, order bootloader changes by keyword-->
642 <para arch="i386" role="historic">The &os; boot loader now contains a workaround
643 to support CDROM booting on certain IBM BIOSs that expect the
644 first sector of the emulated floppy to contain a valid MS-DOS
645 BPB that they can modify. &merged;</para>
647 <para arch="i386,pc98" role="historic">The &os; boot loader now supports a
648 <option>-p</option> flag to force the kernel to pause after
649 each line of output during the probing phase. &merged;</para>
651 <para arch="alpha,i386" role="historic">The &os; boot loader is now capable of
652 booting from filesystems with block sizes larger than
655 <para>The kernel and modules have been moved to the directory
656 <filename>/boot/kernel</filename>, so they can be easily
657 manipulated together. The boot loader has been updated to
658 make this change as seamless as possible.</para>
662 <title>Network Interface Support</title>
664 <para role="historic">The &man.an.4; driver for Cisco Aironet cards now supports
665 Wired Equivalent Privacy (WEP) encryption, settable via
666 &man.ancontrol.8;. &merged;</para>
668 <para role="historic">The &man.an.4; driver now supports the Cisco Aironet 350
669 series of adaptors. &merged;</para>
671 <para role="historic">The &man.an.4; driver now supports <quote>monitor</quote>
672 mode, settable via the <option>-M</option> option to
673 &man.ancontrol.8;. &merged;</para>
675 <para role="historic">The &man.an.4; driver now supports Cisco LEAP, as well as
676 the <quote>Home</quote> WEP key. The Linux Aironet utilities
677 are now supported under emulation. &merged;</para>
679 <para arch="i386,pc98" role="historic">Generic support for ARCNET token-based
680 networks has been added. &merged;</para>
682 <para arch="i386,pc98" role="historic">The &man.bge.4; driver has been added to
683 support the Broadcom BCM570x family of Gigabit Ethernet
684 controllers, including the 3Com 3c996-T, the SysKonnect
685 SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on
686 Dell PowerEdge 2550 servers. Output TCP/IP checksum offload,
687 jumbo frames and VLAN tag insertion/stripping are supported,
688 as well as interrupt moderation. &merged;</para>
690 <para arch="i386" role="historic">The cm driver has been added to support SMC
691 COM90cx6 ARCNET network adapters. &merged;</para>
693 <para>The &man.dc.4; driver now supports NICs based on the Xircom
694 3201 and Conexant LANfinity RS7112 chips.</para>
696 <para role="historic">The &man.dc.4; driver now has support for
697 VLANs. &merged;</para>
699 <para role="historic">The &man.de.4; driver now performs round-robin arbitration
700 between the transmit and receive units of the 21143, instead
701 of giving priority to the receive unit. This gives a
702 10–15% performance improvement in the forwarding rate
703 under heavy load. &merged;</para>
705 <para arch="alpha">The &man.ed.4; driver is now supported.</para>
707 <para arch="i386,pc98" role="historic">Linksys Fast Ethernet PCCARD cards supported
708 by the &man.ed.4; driver now require the addition of flag
709 <literal>0x80000</literal> to their config line in
710 &man.pccard.conf.5;. This flag is not optional. These
711 Linksys cards will not be recognized without
714 <para role="historic">A bug in the &man.ed.4; driver that could cause panics
715 with very short packets and BPF or bridging active has been
716 fixed. &merged;</para>
718 <para role="historic">The &man.ed.4; driver now has support for D-Link DL10022
719 chips, necessary for the NetGear FA-410TX and other cards. As
720 a result, <literal>device miibus</literal> is required in
721 kernel configurations using the &man.ed.4;
722 driver. &merged;</para>
724 <para arch="i386">The &man.el.4; driver can now be loaded as a
727 <para arch="i386,pc98,ia64" role="historic">The &man.em.4; driver has been added to
728 support NICs based on the Intel 82542, 82543, 82544, 82545EM,
730 Gigabit Ethernet controller chips. The driver has VLAN
731 support, and also supports
732 transmit/receive checksum offload and jumbo frames on 82543
733 and 82544-based adapters. &merged;</para>
735 <para role="historic">The &man.faith.4; device is now loadable, unloadable, and
736 clonable. &merged;</para>
738 <para arch="i386,pc98" role="historic">Support for Fujitsu MB86960A/MB86965A based
739 Ethernet PC-Cards has been added back in the &man.fe.4;
740 driver. &merged;</para>
742 <para arch="alpha" role="historic">The &man.fpa.4; driver now supports Digital's
743 DEFPA FDDI adaptors on the Alpha. &merged;</para>
745 <para role="historic">The &man.fxp.4; driver now requires a <literal>device
746 miibus</literal> entry in the kernel configuration
747 file. &merged;</para>
749 <para role="historic">The &man.fxp.4; driver now contains a workaround for PCI
750 protocol violations caused by defects in some systems based on
751 the Intel ICH2/ICH2-M chip. The workaround is to rewrite the
752 EEPROM on the interface to disable Dynamic Standby Mode; once
753 the EEPROM is rewritten, the system needs to be rebooted for
754 the new settings to take effect. &merged;</para>
756 <para role="historic">The &man.fxp.4; driver now supports Intel's loadable
757 microcode to implement receive-side interrupt coalescing and
758 packet bundling, on NICs that support these features. This
759 support can be activated by the use of the
760 <option>link0</option> option to
761 &man.ifconfig.8;. &merged;</para>
763 <para arch="sparc64">The gem driver has been added to support
764 the Sun GEM Gigabit Ethernet and ERI Fast Ethernet
767 <para role="historic">The &man.gx.4; driver has been added to support NICs based
768 on the Intel 82542 and 82543 Gigabit Ethernet controller
769 chips. Both fiber and copper variants of the cards are
770 supported. Both boards support VLAN tagging/insertion, and
771 the 82543 additionally supports TCP/IP checksum
772 offload. &merged;</para>
774 <para arch="sparc64">The hme driver has been added to support
775 the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra
776 series machines.</para>
778 <para role="historic">The &man.lge.4; driver has been added to support the Level
779 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This
780 device is used on some fiber optic GigE cards from SMC, D-Link
781 and Addtron. Jumbograms and TCP/IP checksum offload on
782 receive are supported, although hardware VLAN filtering is
785 <para role="historic">The my driver, which supports the Myson Fast Ethernet and
786 Gigabit Ethernet adapters, has been added. &merged;</para>
788 <para role="historic">Added the &man.nge.4; driver, which supports PCI Gigabit
789 Ethernet adapters based on the National Semiconductor DP83820
790 and DP83821 Gigabit Ethernet controller chips, including the
791 D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante
792 FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T.
793 This driver supports transmit and receive checksum
794 offloading. &merged;</para>
796 <para role="historic">The &man.pcn.4; driver, which supports the AMD PCnet/FAST,
797 PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and
798 HomePNA adapters, has been added. Although these cards are
799 already supported by the &man.lnc.4; driver, the &man.pcn.4;
800 driver runs these chips in 32-bit mode and uses the RX
801 alignment feature to achieve zero-copy receive. This driver
802 is also machine-independent, so it will work on the i386,
803 pc98 and Alpha platforms. The &man.lnc.4; driver is still needed
804 to support non-PCI cards. &merged;</para>
806 <para role="historic">The &man.ray.4; driver, which supports the Webgear Aviator
807 wireless network cards, has been committed. The operation of
808 &man.ray.4; interfaces can be modified by
809 &man.raycontrol.8;. &merged;</para>
811 <para arch="i386,pc98">The &man.rp.4; driver has been updated to
812 version 3.02 and can now be built as a module. &merged;</para>
814 <para arch="i386" role="historic">The sbni driver, for supporting the Granch
815 SBNI12 series of ISA and PCI point-to-point communications
816 interfaces, has been added. The <filename
817 role="package">sysutils/sbniconfig</filename> port in the &os;
818 Ports Collection can be used for configuring these
819 devices. &merged;</para>
821 <para role="historic">Added support for PCI Ethernet adapters based on the SiS
822 900 and SiS 7016 Fast Ethernet controller chips (for example,
823 as seen on the SiS 635 and 735 motherboard chipsets), as well
824 as the National Semiconductor DP83815 chipset (including the
825 NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4;
826 driver. This device has support for VLANs. &merged;</para>
828 <para arch="pc98" role="historic">The snc driver for the National Semiconductor
829 DP8393X (SONIC) Ethernet controller has been added.
830 Currently, this driver is only used on the PC-98
831 architecture. &merged;</para>
833 <para>The &man.stf.4; device is now clonable.</para>
835 <para role="historic">The &man.tap.4; driver, a virtual Ethernet device driver
836 for bridged configurations, has been added. This device is
837 clonable. &merged;</para>
839 <para role="historic">The &man.ti.4; driver now supports the Alteon AceNIC
840 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT
841 Gigabit cards. &merged;</para>
843 <para role="historic">The &man.ti.4; driver correctly masks VLAN tags. &merged;</para>
845 <para>The &man.tx.4; driver now supports true multicast
848 <para role="historic">The &man.txp.4; driver has been added to support NICs
849 based on the 3Com 3XP Typhoon/Sidewinder (3CR990)
850 chipset. &merged;</para>
852 <para role="historic">&man.vlan.4; devices are now loadable, unloadable, and
853 clonable. &merged;</para>
855 <para role="historic">The &man.wi.4; driver now has support for Prism II and
856 Prism 2.5-based NICs. 104/128-bit WEP now works on Prism
857 cards. &merged;</para>
859 <para role="historic">The &man.wi.4; driver now supports using a &os; host as
860 a wireless access point. This functionality can be enabled
861 using the <literal>mediaopt hostap</literal> option of
862 &man.ifconfig.8;. This feature requires a wireless
863 adapter based on the Prism II chipset. &merged;</para>
865 <para role="historic">The &man.wi.4; driver now has support for
866 <application>bsd-airtools</application>. &merged;</para>
868 <para role="historic">The xe driver can now be built as a
869 module. &merged;</para>
871 <para role="historic">The &man.xl.4; driver now supports the 3Com 3C556 and
872 3C556B MiniPCI adapters used on some laptops. &merged;</para>
874 <para role="historic">The &man.xl.4; driver now supports reception of VLAN
875 tagged frames (on the <quote>Cyclone</quote> or newer
876 chipsets). &merged;</para>
878 <para role="historic">The &man.xl.4; driver now supports send- and receive-side
879 TCP/IP checksum offloading for NICs implementing this feature,
880 such as the 3C905B, 3C905C, and 3C980C. &merged;</para>
882 <para role="historic">A bug in the &man.xl.4; driver, related to statistics
883 overflow interrupt handling, was causing slowdowns at medium
884 to high packet rates; this has been fixed. &merged;</para>
886 <para role="historic">The per-interface <varname>ifnet</varname> structure now
887 has the ability to indicate a set of capabilities supported by
888 a network interface, and which ones are enabled.
889 &man.ifconfig.8; has support for querying these
890 capabilities. &merged;</para>
892 <para role="historic">Performance with hosts having a large number of IP aliases
893 has been improved, by replacing the per-interface
894 <varname>if_inaddr</varname> linear list with a hash table. &merged;</para>
896 <para>Network devices now automatically appear as special files in
897 <filename>/dev/net</filename>. Interface hardware ioctls (not
898 protocol or routing) can be performed on these devices. The
899 <varname>SIOCGIFCONF</varname> ioctl may be performed on the
900 special <filename>/dev/network</filename> node.</para>
902 <para role="historic">Selected network drivers now implement a semi-polling
903 mode, which makes systems much more resilient to attacks and
904 overloads. To enable polling, the following options are
905 required in a kernel configuration file:
907 <programlisting>options DEVICE_POLLING
908 options HZ=1000 # not compulsory but strongly recommended</programlisting>
910 The <varname>kern.polling.enable</varname> sysctl variable
911 will then activate polling mode; with the
912 <varname>kern.polling.user_frac</varname> sysctl indicating
913 the percentage of CPU time to be reserved for userland. The
914 devices initially supporting polling are &man.dc.4;,
915 &man.fxp.4;, &man.rl.4;, and &man.sis.4;. More details can be found in
916 the &man.polling.4; manual page. &merged;</para>
918 <para arch="i386,pc98" role="historic">The packet-forwarding performance of certain
919 network drivers (specifically &man.dc.4; and &man.sis.4;) has
920 been enhanced by the elimination of unnecessary buffer
921 copies. &merged;</para>
923 <para><quote>Zero copy</quote> support has been added to the
924 networking stack. This feature can eliminate a copy of
925 network data between the kernel and userland, which is one of
926 the more significant bottlenecks in network throughput.
927 The send-side code should work with almost any network
928 adapter, while the receive-side code requires a network
929 adapter with an MTU of at least one memory page size (for
930 example, jumbo frames on Gigabit Ethernet). For more
931 information, see &man.zero.copy.9;.</para>
935 <title>Network Protocols</title>
937 <para role="historic">&man.accept.filter.9;, a kernel feature to reduce
938 overheads when accepting and reading new connections on
939 listening sockets, has been added. &merged;</para>
941 <para role="historic">The <literal>proxy</literal> modifier to &man.arp.8;'s
942 <option>-d</option> option has been renamed to
943 <literal>pub</literal>, for consistency with the
944 <option>-s</option> option. The <literal>only</literal> keyword
945 has been added to the <option>-s</option> and
946 <option>-S</option> flags, to be used in creating
947 <quote>proxy-only</quote> published entries. &merged;</para>
949 <para role="historic">The read timeout feature of &man.bpf.4; now works more
950 correctly with &man.select.2;/&man.poll.2;, and therefore with
951 pthreads. &merged;</para>
953 <para role="historic">&man.bridge.4; and &man.dummynet.4; have received some
954 enhancements and bug fixes, and are now loadable
955 modules. &merged;</para>
957 <para role="historic">&man.bridge.4; now has better support for multiple,
958 fully-independent bridging clusters, and is much more stable
959 in the presence of dynamic attachments and detatchments. Full
960 support for VLANs is also supported. &merged;</para>
962 <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP
963 RSTs generated due to packets sent to open and unopen ports
964 are now limited by separate counters. Each rate limiting
965 queue now has its own description.</para>
967 <para role="historic">ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can
968 now RST TCP connections in the <literal>SYN_SENT</literal>
969 state if the correct sequence numbers are sent back, as
971 <varname>net.inet.tcp.icmp_may_rst</varname> sysctl. &merged;</para>
973 <para>IP multicast now works on VLAN devices. Several other
974 bugs in the VLAN code have also been fixed.</para>
976 <para role="historic">A bug in the IPsec processing for IPv4, which caused the
977 inbound SPD checks to be ignored, has been fixed. &merged;</para>
979 <para role="historic">&man.ipfw.4; now filters correctly in the presence of ECN
980 bits in TCP segments. &merged;</para>
982 <para>&man.ipfw.4; has been re-implemented (the new version is
983 commonly referred to as <quote>IPFW2</quote>). It now uses
984 variable-sized representation of rules in the kernel, similar
985 to &man.bpf.4; instructions. Most of the externally-visible
986 behavior (i.e. through &man.ipfw.8;) should be unchanged.,
987 although &man.ipfw.8; now supports <literal>or</literal>
988 connectives between match fields. &merged;</para>
990 <para role="historic">A new ng_eiface netgraph module has been added, which
991 appears as an Ethernet interface but delivers its Ethernet
992 frames to a Netgraph hook. &merged;</para>
994 <para>A new &man.ng.device.4; netgraph node type has been added,
995 which creates a device entry in <filename>/dev</filename>, to
996 be used as the entry point to a networking graph.</para>
998 <para role="historic">A new &man.ng.etf.4; netgraph node allows Ethernet type
999 packets to be filtered to different hooks depending on
1000 ethertype. &merged;</para>
1002 <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph
1003 nodes, for operating on &man.gif.4; devices, have been
1006 <para>The &man.ng.ip.input.4; netgraph node, for queueing IP
1007 packets into the main IP input processing code, has been
1010 <para>A new &man.ng.l2tp.4; netgraph node type, which implements
1011 the encapsulation layer of the L2TP protocol as described in
1012 RFC 2661, has been added. &merged;</para>
1014 <para role="historic">The &man.ng.mppc.4; and &man.ng.bridge.4; node types have
1015 been added to the &man.netgraph.4; subsystem. The
1016 &man.ng.ether.4; node is now dynamically loadable.
1017 Miscellaneous bug fixes and enhancements have also been
1018 made. &merged;</para>
1020 <para role="historic">A new netgraph node type &man.ng.one2many.4; for
1021 multiplexing and demultiplexing packets over multiple links
1022 has been added. &merged;</para>
1024 <para>A new ng_split node type has been added for splitting a
1025 bidirectional packet flow into two unidirectional flows.</para>
1027 <para role="historic">A new sysctl
1028 <varname>net.inet.ip.check_interface</varname>, which is on by
1029 default, causes IP to verify that an incoming packet arrives
1030 on an interface that has an address matching the packet's
1031 destination address. &merged;</para>
1033 <para role="historic">A new sysctl
1034 <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has
1035 been added to control the suppression of logging when ARP
1036 replies arrive on the wrong interface. &merged;</para>
1038 <para role="historic">A new <literal>options RANDOM_IP_ID</literal> kernel
1039 option causes the ID field of IP packets to be randomized.
1040 This closes a minor information leak which allows a remote
1041 observer to determine the rate at which the machine is
1042 generating packets, since the default behavior is to increment
1043 a counter for each packet sent. &merged;</para>
1045 <para arch="alpha">SLIP has been removed from the
1046 <filename>mfsroot</filename> floppy image.</para>
1048 <para role="historic">TCP has received some bug fixes for its delayed ACK
1049 behavior. &merged;</para>
1051 <para role="historic">TCP now supports the NewReno modification to the TCP Fast
1052 Recovery algorithm. This behavior can be controlled via the
1053 <varname>net.inet.tcp.newreno</varname> sysctl
1054 variable. &merged;</para>
1056 <para role="historic">TCP now uses a more aggressive timeout for initial SYN
1057 segments; this allows initial connection attempts to be
1058 dropped much faster. &merged;</para>
1060 <para role="historic">The <literal>TCP_COMPAT_42</literal> kernel option has
1061 been removed. &merged;</para>
1063 <para role="historic">The <literal>TCP_RESTRICT_RST</literal> kernel option has
1064 been removed. Similar functionality can be achieved with the
1065 <varname>net.inet.tcp.blackhole</varname> sysctl
1066 variable. &merged;</para>
1068 <para role="historic">TCP now has RFC 1323 extensions enabled by default in
1069 &man.rc.conf.5;. &merged;</para>
1071 <para role="historic">RFC 1323 and RFC 1644 TCP extensions are now disabled for
1072 a connection in progress if no response has been received by
1073 the third SYN segment sent. This behavior tries to work
1074 around (very old) terminal servers with buggy VJ header
1075 compression implementations. &merged;</para>
1077 <para role="historic">The TCP implementation no longer requires the allocation
1078 of a TCP template structure for each connection; this should
1079 reduce the buffer usage on large systems handling many
1080 connections. &merged;</para>
1082 <para role="historic">TCP's default buffer sizes, controlled by the
1083 <varname>net.inet.tcp.sendspace</varname> and
1084 <varname>net.inet.tcp.recvspace</varname> sysctl variables,
1085 have been increased to 32K and 64K respectively. Previously,
1086 the default for both buffer sizes was 16K. To try to avoid
1087 increasing congestion, the default value for
1088 <varname>net.inet.tcp.local_slowstart_flightsize</varname> has
1089 been changed from infinity to 4. &merged;
1092 <para>On busy hosts, the new larger buffer sizes may require
1093 manually increasing the
1094 <varname>NMBCLUSTERS</varname> parameter, either in the
1095 kernel configuration file or via the
1096 <varname>kern.ipc.nmbclusters</varname> loader tunable.
1097 <command>netstat -mb</command> can be used to monitor the
1098 state of mbuf clusters.</para>
1102 <para role="historic">TCP now supports RFC 1948 (Defending Against Sequence
1103 Number Attacks). The
1104 <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl
1105 variable controls the reseeding of the secret data used in
1106 the RFC 1948 initial sequence number calculations. &merged;</para>
1108 <para role="historic">The TCP implementation in &os; now implements a cache of
1109 outstanding, received SYN segments. Incoming SYN segments now
1110 cause entries to be placed in the cache until the TCP
1111 three-way handshake is complete, at which point, memory is
1112 allocated for the connection as usual. In addition, all TCP
1113 Initial Sequence Numbers (ISNs) are used as cookies, allowing
1114 entries in the cache to be dropped, but still have their
1115 corresponding ACKs accepted later. The combination of the
1117 <quote>syncache</quote> and <quote>syncookies</quote> features
1118 makes a host much more resistant to TCP-based Denial of
1119 Service attacks. Work on this feature was sponsored by DARPA
1120 and NAI Labs. &merged;</para>
1122 <para role="historic">A bug in the TCP implementation, which could cause
1123 connections to stall if a sender saw a zero-sized window, has
1124 been corrected. &merged;</para>
1126 <para role="historic">The TCP implementation now properly ignores packets
1127 addressed to IP-layer broadcast addresses. &merged;</para>
1129 <para>The ephemeral port range used for TCP and UDP has been
1130 changed to 49152–65535 (the old default was
1131 1024–5000). This increases the number of concurrent
1132 outgoing connections/streams.</para>
1136 <title>Disks and Storage</title>
1138 <para arch="i386" role="historic">Support for the Adaptec FSA family of PCI-SCSI
1139 RAID controllers has been added, in the form of the
1140 &man.aac.4; driver. This driver includes proper handling of
1141 commands initiated by the adapter, addition/removal of disk
1142 devices, crashdump functionality, and &man.ioctl.2; commands
1143 necessary for the management CLI, and is fully qualified and
1144 sanctioned by Adaptec. &merged;</para>
1146 <para role="historic">The &man.ahc.4; driver has received numerous updates,
1147 bugfixes, and enhancements. Among various improvements are
1148 improved compatibility with chips in <quote>RAID Port</quote>
1149 mode and systems with AAA and/or ARO cards installed, as well
1150 as performance improvements. Some bugs were also fixed,
1151 including a rare hang on Ultra2/U160
1152 controllers. &merged;</para>
1154 <para arch="i386">The &man.ahd.4; driver, which supports the Adaptec
1155 AIC7901, AIC7901A, and AIC7902 Ultra320 PCI-X SCSI Controller chips, has been
1156 added. &merged;</para>
1158 <para arch="i386" role="historic">The &man.asr.4; driver, which provides support
1159 for the Adaptec SCSI RAID controller family, as well as the
1160 DPT SmartRAID V and VI families, has been
1161 added. &merged;</para>
1163 <para arch="i386" role="historic">The &man.asr.4; driver now supports the
1164 Adaptec 2000S and 2005S Zero-Channel RAID
1165 controllers. &merged;</para>
1167 <para role="historic">The &man.ata.4; driver now has support for ATA100
1168 controllers. In addition, it now supports the ServerWorks
1169 ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100
1170 chipsets, and the Cyrix 5530. &merged;</para>
1172 <para role="historic">To provide more flexible configuration, the various
1173 options for the &man.ata.4; driver are now boot loader
1174 tunables, rather than kernel configure-time
1175 options. &merged;</para>
1177 <para role="historic">The &man.ata.4; driver now has support for tagged queuing,
1178 which is enabled by the <varname>hw.ata.tags</varname> loader
1179 tunable. &merged;</para>
1181 <para role="historic">The &man.ata.4; driver now has support for ATA
1182 <quote>pseudo</quote> RAID controllers as the Promise Fasttrak
1183 and HighPoint HPT370 controllers. &merged;</para>
1185 <para role="historic">The &man.ata.4; driver now supports a wider variety of SiS
1186 chipsets, as listed in the Hardware Notes. &merged;</para>
1188 <para role="historic">The &man.ata.4; driver now has support for creating,
1189 deleting, querying, and rebuilding ATA RAIDs under control of
1190 &man.atacontrol.8;. &merged;</para>
1192 <para role="historic">The BurnProof(TM) feature, for applicable ATAPI CD-ROM
1193 burners, is now supported. &merged;</para>
1195 <para role="historic">The &man.ata.4; driver now has support for 48-bit
1196 addressing. Devices larger than 137GB are now
1197 supported. &merged;</para>
1199 <para role="historic">The &man.ata.4; driver now contains fixes for some data
1200 corruption problems on systems using the VIA 82C686B
1201 Southbridge chip. &merged;</para>
1203 <para>The &man.ata.4; driver (along with &man.burncd.8;) now
1204 supports writing to media in DVD+RW drives.</para>
1206 <para>The &man.ata.4; driver now supports accessing ATA devices
1207 as SCSI devices via the CAM layer. This feature requires
1208 <literal>device atapicam</literal> in the kernel
1209 configuration.</para>
1211 <para role="historic">The &man.cd.4; driver now has support for write
1212 operations. This allows writing to DVD-RAM, PD and similar
1213 drives that probe as CD devices. Note that change affects
1214 only random-access writeable devices, not sequential-only
1215 writeable devices such as CD-R drives, which are supported by
1216 &man.cdrecord.1; (a part of
1217 <filename role="package">sysutils/cdrtools</filename> in the
1218 Ports Collection. &merged;</para>
1220 <para arch="i386" role="historic">The ciss driver, for devices utilizing the
1221 Common Interface for SCSI-3 Support, has been added. This
1222 driver supports the Compaq SmartRAID 5* family of RAID
1223 controllers (5300, 532, 5i). &merged;</para>
1225 <para>The &man.fdc.4; floppy disk has undergone a number of
1226 enhancements. Density selection for common settings is now
1227 automatic; the driver is also much more flexible in setting
1228 the densities of various subdevices.</para>
1230 <para>The &man.geom.4; disk I/O request transformation framework
1231 has been added; this extensible framework is designed to
1232 support a wide variety of operations on I/O requests on their
1233 way from the upper kernel to the device drivers.</para>
1235 <para role="historic">The ida disk driver now has crashdump
1236 support. &merged;</para>
1238 <para arch="i386" role="historic">The iir driver has been added to support the
1239 Intel Integrated RAID controllers, as well as prior ICP Vortex
1242 <para arch="alpha" role="historic">A bug that made certain CDROM drives fail to
1243 attach when connected to a SCSI card driven by &man.isp.4; has
1244 been fixed. &merged;</para>
1246 <para>The &man.isp.4; driver is now proactive about discovering
1247 Fibre Channel topology changes.</para>
1249 <para>The &man.isp.4; driver now supports target mode for Qlogic
1250 SCSI cards, including Ultra2 and Ultra3 and dual bus
1253 <para role="historic">The &man.isp.4; driver now supports the Qlogic 2300 and
1254 2312 Optical Fibre Channel PCI cards. &merged;</para>
1256 <para>&man.md.4;, the memory disk device, has had the
1257 functionality of &man.vn.4; incorporated into it. &man.md.4;
1258 devices can now be configured by &man.mdconfig.8;. &man.vn.4;
1259 has been removed. The Memory Filesystem (MFS) has also been
1262 <para arch="i386,alpha,pc98,sparc64">The mpt driver, for
1263 supporting the LSI Logic Fusion/MP architecture Fiber Channel
1264 controllers, has been added. &merged;</para>
1266 <para arch="i386" role="historic">The &man.mly.4; driver, for Mylex PCI to SCSI
1267 AccelRAID and eXtremeRAID controllers with firmware 6.X and
1268 later, has been added. &merged;</para>
1270 <para arch="i386,pc98" role="historic">The ncv, nsp, and stg drivers have been ported
1271 from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja
1272 SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers.
1273 All three drivers can be built and loaded as
1274 modules. &merged;</para>
1276 <para arch="powerpc">The ofw driver, a basic OpenFirmware disk
1277 driver, has been added.</para>
1279 <para arch="i386">The pst driver, for supporting Promise
1280 SuperTrak ATA RAID controllers, has been
1281 added. &merged;</para>
1283 <para>Some problems in &man.sa.4; error handling have been
1284 fixed, including the <quote>tape drive spinning indefinitely
1285 upon &man.mt.1; <option>stat</option></quote> problem.</para>
1287 <para arch="i386" role="historic">The &man.twe.4; 3ware ATA RAID driver has
1288 added. &merged;</para>
1290 <para role="historic">The &man.wd.4; compatibility devices were removed from the
1291 &man.ata.4; driver. &merged;</para>
1295 <title>Filesystems</title>
1297 <para>Support for named extended attributes was added to the
1298 &os; kernel. This allows the kernel, and appropriately
1299 privileged userland processes, to tag files and directories
1300 with attribute data. Extended attributes were added to
1301 support the TrustedBSD Project, in particular ACLs, capability
1302 data, and mandatory access control labels (see
1303 <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for
1306 <para role="historic">Due to a licensing change, softupdates have been
1307 integrated into the main portion of the kernel source tree.
1308 As a consequence, softupdates are now available with the
1309 <filename>GENERIC</filename> kernel. &merged;</para>
1311 <para>A filesystem snapshot capability has been added to FFS.
1312 Details can be found in
1313 <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para>
1315 <!-- The following note needs to be made more specific or eliminated. -->
1316 <para>Softupdates for FFS have received some bug fixes and
1317 enhancements.</para>
1319 <para>When running with softupdates, &man.statfs.2; and
1320 &man.df.1; will track the number of blocks and files that are
1321 committed to being freed.</para>
1323 <para role="historic">A bug in FFS that could cause superblock corruption on
1324 very large filesystems has been corrected. &merged;</para>
1326 <para role="historic">The ISO-9660 filesystem now has a hook that supports a
1327 loadable character conversion routine. The
1328 <filename role="package">sysutils/cd9660_unicode</filename>
1329 port contains a set of common conversions. &merged;</para>
1331 <para>&man.kernfs.5; is obsolete and has been retired.</para>
1333 <para role="historic">A bug in the NFS client that caused bogus access times with
1334 <literal>O_EXCL|O_CREAT</literal> opens was
1335 fixed. &merged;</para>
1337 <para role="historic">A new NFS hash function (based on the Fowler/Noll/Vo hash
1338 algorithm) has been implemented to improve NFS performance by
1339 increasing the efficiency of the <varname>nfsnode</varname>
1340 hash tables. &merged;</para>
1342 <para>Client-side NFS locks have been implemented.</para>
1344 <para>The client-side and server-side of the NFS code in the
1345 kernel used to be intertwined in various complex ways. They
1346 have been split apart for ease of maintenance and further
1349 <para>Support for filesystem Access Control Lists (ACLs) has
1350 been introduced, allowing more fine-grained control of
1351 discretionary access control on files and directories. This
1352 support was integrated from the TrustedBSD Project. More
1353 details can be found in
1354 <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para>
1356 <para role="historic">The directory layout preference algorithm for FFS
1357 (<literal>dirprefs</literal>) has been changed. Rather than
1358 scattering directory blocks across a disk, it attempts to
1359 group related directory blocks together. Operations
1360 traversing large directory hierarchies, such as the &os; Ports
1361 tree, have shown marked speedups. This change is transparent
1362 and automatic for new directories. &merged;</para>
1364 <para arch="i386,pc98" role="historic">smbfs (CIFS) support in kernel has been added.
1365 The userland programs &man.smbutil.1; and &man.mount.smbfs.8;
1366 can be used to work with SMB shares. Note that
1367 &man.mount.smbfs.8; will automatically load the
1368 <filename>smbfs.ko</filename> module into the kernel, even if
1369 <literal>LIBMCHAIN</literal> and
1370 <literal>LIBICONV</literal> were not compiled into the kernel.
1373 <para>For consistency, the fdesc, fifo, null, msdos, portal,
1374 umap, and union filesystems have been renamed to fdescfs,
1375 fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where
1376 applicable, modules and mount_* programs have been renamed.
1377 Compatibility <quote>glue</quote> has been added to
1378 &man.mount.8; so that <literal>msdos</literal> filesystem
1379 entries in &man.fstab.5; will work without changes.</para>
1381 <para>pseudofs, a pseudo-filesystem framework, has been added.
1382 &man.linprocfs.5; and &man.procfs.5; have been modified to use
1385 <para role="historic">A simple hash-based lookup optimization for large
1386 directories called <literal>dirhash</literal> has been added.
1388 <literal>UFS_DIRHASH</literal> kernel option (enabled by
1389 default in the <filename>GENERIC</filename> kernel), it
1390 improves the speed of operations on very large directories at
1391 the expense of some memory. &merged;</para>
1393 <para role="historic">The virtual memory subsystem now backs UFS directory
1394 memory requirements by default (this behavior is controlled
1395 via the <varname>vfs.vmiodirenable</varname> sysctl
1396 variable). &merged;</para>
1398 <para role="historic">A bug that prevented the root filesystem from being
1399 mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were
1400 always supported). &merged;</para>
1402 <para role="historic">A number of bugs in the filesystem code, discovered
1403 through the use of the <application>fsx</application>
1404 filesystem test tool, have been fixed. Under certain
1405 circumstances (primarily related to use of NFS), these bugs
1406 could cause data corruption or kernel panics. &merged;</para>
1408 <para>Network filesystems (such as NFS and smbfs filesystems)
1409 listed in <filename>/etc/fstab</filename> can now be properly
1410 mounted during startup initialization; their mounts are
1411 deferred until after the network is initialized.</para>
1413 <para>Read-only support for the Universal Disk Format (UDF) has
1414 been added. This format is used on packet-written CD-RWs and
1415 most commercial DVD-Video disks. The &man.mount.udf.8;
1416 command can be used to mount these disks.</para>
1418 <para>Basic support has been added for the UFS2 filesystem.
1423 <para>The inode has been expanded to 256 bytes to make
1424 space for 64-bit block pointers.</para>
1428 <para>A file-creation time field has been added.</para>
1432 <para>Space has been provided for extended attributes, up
1433 to twice the filesystem block size.</para>
1442 <title>PCCARD Support</title>
1444 <para arch="i386,pc98" role="historic">The pccard driver and &man.pccardc.8; now
1445 support multiple <quote>beep types</quote> upon card insertion
1446 and removal. &merged;</para>
1448 <para role="historic">On many modern hosts, PCCARD devices can be configured to
1449 route their interrupts via either the ISA or PCI interrupt
1450 paths. The &man.pcic.4; driver has been updated to support
1451 both interrupt paths (formerly, only routing via ISA was
1452 supported). &merged; In most cases, configuration of PCMCIA
1453 devices in laptops is simpler and more flexible. In addition,
1454 various Cardbus bridge PCI cards (such as those used by
1455 Orinoco PCI NICs) are now supported. Some hosts may
1456 experience problems, such as hangs or panics, with PCI
1457 interrupt routing; they can frequently be made to work by
1458 forcing the older-style ISA interrupt routing. The following
1459 lines, placed in <filename>/boot/loader.conf</filename>, may
1460 fix the problem:</para>
1462 <programlisting role="historic">hw.pcic.intr_path="1"
1463 hw.pcic.irq="0"</programlisting>
1465 <para role="historic">When installing &os; on such a system, typing the
1466 following lines to the boot loader may be helpful in starting
1467 up &os; for the first time:<para>
1469 <screen role="historic"><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput>
1470 <prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen>
1472 <para arch="i386">Preliminary Cardbus support under NEWCARD has
1473 been added. This code supports the TI113X, TI12XX, TI125X,
1474 Ricoh 5C46/5C47, Topic 95/97/100 and Cirrus Logic PD683X
1475 bridges. 16-bit PC Card support is not yet functional.</para>
1477 <para arch="i386">NEWCARD is now the default pccard/cardbus
1478 system in the <filename>GENERIC</filename> kernel.</para>
1483 <title>Multimedia Support</title>
1485 <para arch="i386" role="historic">The &man.pcm.4; driver now supports the ESS
1486 Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media
1487 fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound
1488 card/chipsets, and has received some other updates. Separate
1489 drivers for the SoundBlaster 8 and SoundBlaster 16 now replace
1490 an older, unified driver. A driver for the CMedia
1491 CMI8338/CMI8738 sound chips has been added. A driver for the
1492 CS4281 sound chip has been added. A driver for the S3
1493 SonicVibes chipset has been added. &merged;</para>
1495 <para arch="i386" role="historic">A driver for the Avance Logic ALS4000 has been
1496 added. &merged;</para>
1498 <para arch="i386" role="historic">A driver for the ESS Maestro-3/Allegro has
1499 been added, however due to licensing restrictions, it cannot
1500 be compiled into the kernel. &merged; To use this driver, add
1501 the following line to
1502 <filename>/boot/loader.conf</filename>:</para>
1504 <programlisting role="historic">snd_maestro3_load="YES"</programlisting>
1506 <para arch="i386">The VT8233 audio controller now has its own
1507 driver to facilitate supporting all known revisions of the
1508 hardware. It is loadable at boot time by adding
1509 <literal>device pcm</literal> to the kernel configuration or
1510 by adding <literal>snd_via8233="YES"</literal> to
1511 <filename>/boot/loader.conf</filename>. Documentation to
1512 support this work was provided by VIA. &merged;</para>
1514 <para role="historic">The &man.bktr.4; driver has been updated to 2.18. This
1515 update provides a number of new features. New tuner types
1516 have been added, and improvements to the KLD module and to
1517 memory allocation have been made. Bugs in &man.devfs.5; when
1518 unloading and reloading have been fixed. Support for new
1519 Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux)
1520 has been added. &merged;</para>
1522 <para arch="i386,pc98" role="historic">The ufm driver, supporting the D-Link DSB-R100
1523 USB Radio, has been added. &merged;</para>
1525 <para role="historic">When sound modules are built, one can now load all the
1526 drivers and infrastructure by <command>kldload
1527 snd</command>. &merged;</para>
1529 <para>A new API has been added for sound cards with hardware
1530 volume control.</para>
1532 <para arch="i386" role="historic">A driver for the Intel 443MX, 810, 815, and
1533 815E integrated sound devices has been added. &merged;</para>
1535 <para arch="i386" role="historic">The via82c686 sound driver now supports the VIA
1536 VT8233. &merged;</para>
1538 <para arch="i386" role="historic">The ich sound driver now support the SiS
1539 7012 chipset. &merged;</para>
1541 <para arch="i386">The ich sound driver now provides rudimentary
1542 support for ich4 audio support. &merged;</para>
1544 <para arch="i386">Drivers have been added to support the Direct
1545 Rendering Infrastructure, which can used to provide 3D
1546 acceleration within <application>XFree86</application>. Video
1547 cards supported include the 3Dlabs Oxygen GMX 2000 (gammadrm),
1548 AGP Matrox G200/G400/G450/G550 (mgadrm), 3dfx Voodoo
1549 3/4/5/Banshee (tdfxdrm), AGI ATI Rage 128 (r128drm), and AGP
1550 ATI Radeon (radeondrm).</para>
1555 <title>Contributed Software</title>
1557 <para>The Forth Inspired Command Language
1558 (<application>FICL</application>) used in the boot loader has
1559 been updated to 3.02.</para>
1561 <para>Support for Advanced Configuration and Power Interface
1562 (ACPI), a multi-vendor standard for configuration and power
1563 management, has been added. This functionality has been
1564 provided by the <application>Intel ACPI Component
1565 Architecture</application> project, as of the ACPI CA 20020815
1566 snapshot. Some backward compatability for applications using
1567 the older APM standard has been provided.</para>
1570 <title>IPFilter</title>
1572 <para><application>IPFilter</application> has been updated to
1573 3.4.29. &merged;</para>
1575 <para role="historic"><application>IPFilter</application> now supports
1576 IPv6. &merged;</para>
1581 <title>isdn4bsd</title>
1583 <para><application>isdn4bsd</application> has been updated to
1584 version 1.0.2.</para>
1586 <para role="historic">The &man.ifpi.4; driver for supporting the AVM
1587 Fritz!Card PCI controller has been added. &merged;</para>
1589 <para role="historic">The &man.ifpi2.4; driver for supporting the AVM
1590 Fritz!Card PCI version 2 controller has been added. &merged;</para>
1592 <para role="historic">The &man.ihfc.4; driver for supporting Cologne Chip
1593 Designs HFC devices under
1594 <application>isdn4bsd</application> has been
1595 added. &merged;</para>
1597 <para role="historic">The &man.itjc.4; driver for supporting NETjet-S / Teles
1598 PCI-TJ devices under <application>isdn4bsd</application> has
1599 been added. &merged;</para>
1601 <para role="historic">Experimental support for the Eicon.Diehl DIVA 2.0 and
1602 2.02 ISA PnP ISDN cards has been added to the &man.isic.4;
1603 <application>isdn4bsd</application> driver. &merged;</para>
1605 <para role="historic">The &man.isic.4; driver now supports the Compaq Microcom
1606 610 ISDN ISA PnP card. &merged;</para>
1608 <para role="historic">Active CAPI-based ISDN cards manufactured by AVM are now
1609 supported using the &man.i4bcapi.4; and the &man.iavc.4;
1610 driver. The supported cards are the AVM B1 PCI and AVM B1
1611 ISA Basic Rate cards and the AVM T1 Primary Rate
1612 cards. &merged;</para>
1614 <para role="historic">A new <literal>maxconnecttime</literal> keyword is now
1615 accepted in &man.isdnd.rc.5; files to limit the time a
1616 connection may remain open. &merged;</para>
1618 <para role="historic">&man.isdnphone.8; now supports a <option>-k</option>
1619 option for sending messages via the keypad facility to a PBX
1620 or exchange office. &merged;</para>
1622 <para><application>isdn4bsd</application> now supports Q.931
1623 subaddressing.</para>
1627 <sect4 id="kame-kernel">
1630 <para role="historic">The IPv6 stack is now based on a snapshot based on the
1631 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of
1632 the items listed in this section are a result of this
1633 import. <xref linkend="kame-userland"> lists userland
1634 updates to the KAME IPv6 stack. &merged;</para>
1636 <para role="historic">&man.gif.4; is now based on RFC 2893, rather than RFC
1637 1933. The <literal>IFF_LINK2</literal> interface flag can
1638 be used to control ingress filtering. &merged;</para>
1640 <para role="historic"><application>IPsec</application> has received some
1641 enhancements, including the ability to use the Rijndael and
1642 SHA2 algorithms. IPsec RC5 support has been removed due to
1643 patent issues. &merged;</para>
1645 <para role="historic">&man.stf.4; now conforms to RFC 3056; the
1646 <literal>IFF_LINK2</literal> interface flag can be used to
1647 control ingress filtering. &merged;</para>
1649 <para role="historic">IPv6 has better checking of illegal addresses (such as
1650 loopback addresses) on physical networks. &merged;</para>
1652 <para role="historic">The <varname>IPV6_V6ONLY</varname> socket option is now
1653 completely supported. The kernel's default behavior with
1654 respect to this option is controlled by the
1655 <varname>net.inet6.ip6.v6only</varname> sysctl
1656 variable. &merged;</para>
1658 <para role="historic">RFC 3041 (Privacy Extensions for Stateless Address
1659 Autoconfiguration) is now supported. It can be enabled via
1660 the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl
1661 variable. &merged;</para>
1666 <sect2 id="security">
1667 <title>Security-Related Changes</title>
1669 <para role="historic">&man.sysinstall.8; now allows the user to select one of two
1670 <quote>security profiles</quote> at install-time. These
1671 profiles enable different levels of system security by enabling
1672 or disabling various system services in &man.rc.conf.5; on new
1673 installs. &merged;</para>
1675 <para>A bug in which malformed ELF executable images can hang the
1676 system has been fixed (see security advisory
1677 FreeBSD-SA-00:41). &merged;</para>
1679 <para>A security hole in Linux emulation was fixed (see security
1680 advisory FreeBSD-SA-00:42). &merged;</para>
1682 <para role="historic">String-handling library calls in many programs were fixed to
1683 reduce the possibility of buffer overflow-related exploits.
1686 <para>TCP now uses stronger randomness in choosing its initial
1687 sequence numbers (see security advisory
1688 FreeBSD-SA-00:52). &merged;</para>
1690 <para>Several buffer overflows in &man.tcpdump.1; were corrected
1691 (see security advisory FreeBSD-SA-00:61). &merged;</para>
1693 <para>A security hole in &man.top.1; was corrected (see security
1694 advisory FreeBSD-SA-00:62). &merged;</para>
1696 <para>A potential security hole caused by an off-by-one-error in
1697 &man.gethostbyname.3; has been fixed (see security advisory
1698 FreeBSD-SA-00:63). &merged;</para>
1700 <para>A potential buffer overflow in the &man.ncurses.3; library,
1701 which could cause arbitrary code to be run from within
1702 &man.systat.1;, has been corrected (see security advisory
1703 FreeBSD-SA-00:68). &merged;</para>
1705 <para>A vulnerability in &man.telnetd.8; that could cause it to
1706 consume large amounts of server resources has been fixed (see
1707 security advisory FreeBSD-SA-00:69). &merged;</para>
1709 <para>The <literal>nat deny_incoming</literal> command in
1710 &man.ppp.8; now works correctly (see security advisory
1711 FreeBSD-SA-00:70). &merged;</para>
1713 <para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files
1714 that could allow overwriting of arbitrary user-writable files
1715 has been closed (see security advisory
1716 FreeBSD-SA-00:76). &merged;</para>
1718 <para role="historic">The &man.ssh.1; binary is no longer SUID root by
1719 default. &merged;</para>
1721 <para role="historic">Some fixes were applied to the Kerberos IV implementation
1722 related to environment variables, a possible buffer overrun, and
1723 overwriting ticket files. &merged;</para>
1725 <para role="historic">&man.telnet.1; now does a better job of sanitizing its
1726 environment. &merged;</para>
1728 <para>Several vulnerabilities in &man.procfs.5; were fixed (see
1729 security advisory FreeBSD-SA-00:77). &merged;</para>
1731 <para>A bug in <application>OpenSSH</application> in which a
1732 server was unable to disable &man.ssh-agent.1; or
1733 <literal>X11Forwarding</literal> was fixed (see security
1734 advisory FreeBSD-SA-01:01). &merged;</para>
1736 <para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP
1737 segments could incorrectly be treated as being part of an
1738 <literal>established</literal> connection has been fixed (see
1739 security advisory FreeBSD-SA-01:08). &merged;</para>
1741 <para>A bug in &man.crontab.1; that could allow users to read any
1742 file on the system in valid &man.crontab.5; syntax has been
1743 fixed (see security advisory FreeBSD-SA-01:09). &merged;</para>
1745 <para>A vulnerability in &man.inetd.8; that could allow
1746 read-access to the initial 16 bytes of
1747 <groupname>wheel</groupname>-accessible files has been fixed
1748 (see security advisory FreeBSD-SA-01:11). &merged;</para>
1750 <para>A bug in &man.periodic.8; that used insecure temporary files
1751 has been corrected (see security advisory
1752 FreeBSD-SA-01:12). &merged;</para>
1754 <para><application>OpenSSH</application> now has code to prevent
1755 (instead of just mitigating through connection limits) an attack
1756 that can lead to guessing the server key (not host key) by
1757 regenerating the server key when an RSA failure is detected (see
1758 security advisory FreeBSD-SA-01:24). &merged;</para>
1760 <para role="historic">A number of programs have had output formatting strings
1761 corrected so as to reduce the risk of
1762 vulnerabilities. &merged;</para>
1764 <para role="historic">A number of programs that use temporary files now do so more
1765 securely. &merged;</para>
1767 <para role="historic">A bug in ICMP that could cause an attacker to disrupt TCP and UDP
1768 <quote>sessions</quote> has been corrected. &merged;</para>
1770 <para>A bug in &man.timed.8;, which caused it to crash if send
1771 certain malformed packets, has been corrected (see security
1772 advisory FreeBSD-SA-01:28). &merged;</para>
1774 <para>A bug in &man.rwhod.8;, which caused it to crash if send
1775 certain malformed packets, has been corrected (see security
1776 advisory FreeBSD-SA-01:29). &merged;</para>
1778 <para>A security hole in &os;'s FFS and EXT2FS implementations,
1779 which allowed a race condition that could cause users to have
1780 unauthorized access to data, has been fixed (see security
1781 advisory FreeBSD-SA-01:30). &merged;</para>
1783 <para>A remotely-exploitable vulnerability in &man.ntpd.8; has
1784 been closed (see security advisory
1785 FreeBSD-SA-01:31). &merged;</para>
1787 <para>A security hole in <application>IPFilter</application>'s
1788 fragment cache has been closed (see security advisory
1789 FreeBSD-SA-01:32). &merged;</para>
1791 <para>Buffer overflows in &man.glob.3;, which could cause
1792 arbitrary code to be run on an FTP server, have been closed. In
1793 addition, to prevent some forms of DOS attacks, &man.glob.3;
1794 allows specification of a limit on the number of pathname
1795 matches it will return. &man.ftpd.8; now uses this feature (see
1796 security advisory FreeBSD-SA-01:33). &merged;</para>
1798 <para>Initial sequence numbers in TCP are more thoroughly
1799 randomized (see security advisory FreeBSD-SA-01:39). Due to
1800 some possible compatibility issues, the behavior of this
1801 security fix can be enabled or disabled via the
1802 <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl
1803 variable.&merged;</para>
1805 <para>A vulnerability in the &man.fts.3; routines (used by
1806 applications for recursively traversing a filesystem) could
1807 allow a program to operate on files outside the intended
1808 directory hierarchy. This bug has been fixed (see security
1809 advisory FreeBSD-SA-01:40). &merged;</para>
1811 <para role="historic"><application>OpenSSH</application> now switches to the
1812 user's UID before attempting to unlink the authentication
1813 forwarding file, nullifying the effects of a race.</para>
1815 <para>A flaw allowed some signal handlers to remain in effect in a
1816 child process after being exec-ed from its parent. This allowed
1817 an attacker to execute arbitrary code in the context of a setuid
1818 binary. This flaw has been corrected (see security advisory
1819 FreeBSD-SA-01:42). &merged;</para>
1821 <para>A remote buffer overflow in &man.tcpdump.1; has been fixed
1822 (see security advisory FreeBSD-SA-01:48). &merged;</para>
1824 <para>A remote buffer overflow in &man.telnetd.8; has been fixed
1825 (see security advisory FreeBSD-SA-01:49). &merged;</para>
1827 <para>The new <varname>net.inet.ip.maxfragpackets</varname> and
1828 <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables
1829 limit the amount of memory that can be consumed by IPv4 and IPv6
1830 packet fragments, which defends against some denial of service
1831 attacks (see security advisory
1832 FreeBSD-SA-01:52). &merged;</para>
1834 <para role="historic">All services in <filename>inetd.conf</filename> are now
1835 disabled by default for new installations. &man.sysinstall.8;
1836 gives the option of enabling or disabling &man.inetd.8; on new
1837 installations, as well as editing
1838 <filename>inetd.conf</filename>. &merged;</para>
1840 <para>A flaw in the implementation of the &man.ipfw.8;
1841 <literal>me</literal> rules on point-to-point links has been
1842 corrected. Formerly, <literal>me</literal> filter rules would
1843 match the remote IP address of a point-to-point interface in
1844 addition to the intended local IP address (see security advisory
1845 FreeBSD-SA-01:53). &merged;</para>
1847 <para>A vulnerability in &man.procfs.5;, which could allow a
1848 process to read sensitive information from another process's
1849 memory space, has been closed (see security advisory
1850 FreeBSD-SA-01:55). &merged;</para>
1852 <para>The <literal>PARANOID</literal> hostname checking in
1853 <application>tcp_wrappers</application> now works as advertised
1854 (see security advisory FreeBSD-SA-01:56). &merged;</para>
1856 <para>A local root exploit in &man.sendmail.8; has been closed
1857 (see security advisory FreeBSD-SA-01:57). &merged;</para>
1859 <para>A remote root vulnerability in &man.lpd.8; has been closed
1860 (see security advisory FreeBSD-SA-01:58). &merged;</para>
1862 <para>A race condition in &man.rmuser.8; that briefly exposed a
1863 world-readable <filename>/etc/master.passwd</filename> has been
1864 fixed (see security advisory FreeBSD-SA-01:59). &merged;</para>
1866 <para>A vulnerability in <application>UUCP</application> has been
1867 closed (see security advisory FreeBSD-SA-01:62). All
1868 non-<username>root</username>-owned binaries in standard system
1869 paths now have the <literal>schg</literal> flag set to prevent
1870 exploit vectors when run by &man.cron.8;, by
1871 <username>root</username>, or by a user other then the one owning
1872 the binary. In addition, &man.uustat.1; is now run via
1873 <filename>/etc/periodic/daily/410.status-uucp</filename> as
1874 <username>uucp</username>, not <username>root</username>. In
1875 &os; -CURRENT, <application>UUCP</application> has since been
1876 moved to the Ports Collection and no longer a part of the base
1877 system. &merged;</para>
1879 <para role="historic">A security hole in the form of a buffer overflow in the
1880 &man.semop.2; system call has been closed. &merged;</para>
1882 <para>A security hole in <application>OpenSSH</application>, which
1883 could allow users to execute code with arbitrary privileges if
1884 <literal>UseLogin yes</literal> was set, has been closed. Note
1885 that the default value of this setting is
1886 <literal>UseLogin no</literal>. (See security advisory
1887 FreeBSD-SA-01:63.) &merged;</para>
1889 <para>The use of an insecure temporary directory by
1890 &man.pkg.add.1; could permit a local attacker to modify the
1891 contents of binary packages while they were being installed.
1892 This hole has been closed. (See security advisory
1893 FreeBSD-SA-02:01.) &merged;</para>
1895 <para>A race condition in &man.pw.8;, which could expose the
1896 contents of <filename>/etc/master.passwd</filename>, has been
1897 eliminated. (See security advisory FreeBSD-SA-02:02.)
1900 <para>A bug in &man.k5su.8; could have allowed a process that had
1901 given up superuser privileges to regain them. This bug has been
1902 fixed. (See security advisory FreeBSD-SA-02:07.)
1905 <para>An <quote>off-by-one</quote> bug has been fixed in
1906 <application>OpenSSH</application>'s multiplexing code. This bug
1907 could have allowed an authenticated remote user to cause
1908 &man.sshd.8; to execute arbitrary code with superuser
1909 privileges, or allowed a malicious SSH server to execute arbitrary
1910 code on the client system with the privileges of the client user. (See security
1912 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.)
1915 <para>A programming error in <application>zlib</application> could
1916 result in attempts to free memory multiple times. The
1917 &man.malloc.3;/&man.free.3; routines used in &os; are not
1918 vulnerable to this error, but applications receiving
1919 specially-crafted blocks of invalid compressed data could
1920 be made to function incorrectly or abort. This
1921 <application>zlib</application> bug has been fixed. For a
1922 workaround and solutions, see security advisory <ulink
1923 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.v1.2.asc">FreeBSD-SA-02:18</ulink>.
1926 <para>Bugs in the TCP SYN cache (<quote>syncache</quote>) and SYN
1927 cookie (<quote>syncookie</quote>) implementations, which could
1928 cause legitimate TCP/IP traffic to crash a machine, have been
1929 fixed. For a workaround and patches, see security advisory
1931 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc">FreeBSD-SA-02:20</ulink>.
1934 <para>A routing table memory leak, which could allow a remote
1935 attacker to exhaust the memory of a target machine, has been
1936 fixed. A workaround and patches can be found in security
1938 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc">FreeBSD-SA-02:21</ulink>.
1941 <para>A bug with memory-mapped I/O, which could cause a system
1942 crash, has been fixed. For more information about a solution,
1943 see security advisory <ulink
1944 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc">FreeBSD-SA-02:22</ulink>.
1947 <para>A security hole, in which SUID programs could be made to
1948 read from or write to inappropriate files through manipulation
1949 of their standard I/O file descriptors, has been fixed.
1950 Information regarding a solution can be found in security
1952 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc">FreeBSD-SA-02:23</ulink>.
1955 <para>Some unexpected behavior could be allowed with &man.k5su.8;
1956 because it does not require that an invoking user be a member of
1957 the <groupname>wheel</groupname> group when attempting to become
1958 the superuser (this is the case with &man.su.1;). To avoid this
1959 situation, &man.k5su.8; is now installed non-SUID by default
1960 (effectively disabling it). More information can be found in
1961 security advisory <ulink
1962 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc">FreeBSD-SA-02:24</ulink>.
1965 <para>Multiple vulnerabilities were found in the &man.bzip2.1;
1966 utility, which could allow files to be overwritten without
1967 warning or allow local users unintended access to files. These
1968 problems have been corrected with a new import of
1969 <application>bzip2</application>. For more information, see
1970 security advisory <ulink
1971 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc">FreeBSD-SA-02:25</ulink>.
1974 <para>A bug has been fixed in the implementation of the TCP SYN
1975 cache (<quote>syncache</quote>), which could allow a remote
1976 attacker to deny access to a service when accept filters
1977 (see &man.accept.filter.9;) were in use. This bug has been
1978 fixed; for more information, see security advisory <ulink
1979 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:26.accept.asc">FreeBSD-SA-02:26</ulink>.
1982 <para>Due to a bug in &man.rc.8;'s use of shell globbing, users
1983 may be able to remove the contents of arbitrary files if
1984 <filename>/tmp/.X11-unix</filename> does not exist and the
1985 system can be made to reboot. This bug has been corrected (see
1986 security advisory <ulink
1987 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc">FreeBSD-SA-02:27</ulink>).
1990 <para>A buffer overflow in the resolver, which could be exploited
1991 by a malicious domain name server or an attacker forging DNS
1992 messages, has been fixed. See security advisory <ulink
1993 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:28.resolv.asc">FreeBSD-SA-02:28</ulink>
1994 for more details. &merged;</para>
1996 <para>A buffer overflow in &man.tcpdump.1;, which could be triggered by
1997 badly-formed NFS packets, has been fixed. See security advisory
1999 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:29.tcpdump.asc">FreeBSD-SA-02:29</ulink>
2000 for more details. &merged;</para>
2002 <para>&man.ktrace.1; can no longer trace the operation of formerly
2003 privileged processes; this prevents the leakage of sensitive
2004 information that the process could have obtained before
2005 abandoning its privileges. For a discussion of this issue, see
2008 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:30.ktrace.asc">FreeBSD-SA-02:30</ulink>
2009 for more details. &merged;</para>
2011 <para>A race condition in &man.pppd.8;, which could be used to
2012 change the permissions of an arbitrary file, has been corrected.
2013 For more information, see security advisory <ulink
2014 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:32.pppd.asc">FreeBSD-SA-02:32</ulink>.
2017 <para>Multiple buffer overflows in
2018 <application>OpenSSL</application> have been corrected, by way
2019 of an upgrade to the base system version of
2020 <application>OpenSSL</application>. More details can be found
2021 in security advisory <ulink
2022 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc">FreeBSD-SA-02:33</ulink>.
2025 <para>A heap buffer overflow in the XDR decoder has been fixed.
2026 For more details, see security advisory <ulink
2027 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:34.rpc.asc">FreeBSD-SA-02:34</ulink>.
2030 <para>A bug that could allow local users to read and write
2031 arbitrary blocks on an FFS filesystem has been corrected. More
2032 details can be found in security advisory <ulink
2033 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:35.ffs.asc">FreeBSD-SA-02:35</ulink>.
2036 <para>A bug in the NFS server code, which could allow a remote
2037 denial of service attack, has been fixed. Security advisory <ulink
2038 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:36.nfs.asc">FreeBSD-SA-02:36</ulink>
2039 has more details. &merged;</para>
2041 <para>A bug that could allow local users to panic a system using
2042 the &man.kqueue.2; mechanism has been fixed. More information
2043 is contained in security advisory <ulink
2044 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:37.kqueue.asc">FreeBSD-SA-02:37</ulink>.
2047 <para>Several bounds-checking bugs in system calls, which could
2048 result in some system calls returning a large portion of kernel
2049 memory, have been fixed. More information can be found in
2050 security advisory <ulink
2051 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:38.signed-error.asc">FreeBSD-SA-02:38</ulink>.
2056 <sect2 id="userland">
2057 <title>Userland Changes</title>
2059 <para role="historic">If the first argument to &man.ancontrol.8; or
2060 &man.wicontrol.8; doesn't start with a <literal>-</literal>, it
2061 is assumed to be an interface. &merged;</para>
2063 <para role="historic">&man.apmd.8; now has the ability to monitor battery levels
2064 and execute commands based on percentage or minutes of battery
2065 life remaining via the <literal>apm_battery</literal>
2066 configuration directive. See the commented-out examples in
2067 <filename>/etc/apmd.conf</filename> for the
2068 syntax. &merged;</para>
2070 <para role="historic">&man.arp.8; now prints the applicable interface name for
2071 each ARP entry. &merged;</para>
2073 <para>&man.arp.8; now prints <literal>[fddi]</literal> or
2074 <literal>[atm]</literal> tags for addresses on interfaces of
2077 <para>The &man.asa.1; utility, to interpret FORTRAN
2078 carriage-control characters, has been added.</para>
2080 <para>&man.at.1; now supports the <option>-r</option> command-line
2081 option to remove jobs and the <option>-t</option> option to
2082 specify times in POSIX time format.</para>
2084 <para role="historic">&man.atacontrol.8; has been added to control various aspects
2085 of the &man.ata.4; driver. &merged;</para>
2087 <para>The system &man.awk.1; now refers to
2088 <application>BWK awk</application>.</para>
2090 <para>&man.basename.1; now accept <option>-a</option> and
2091 <option>-s</option> flags, which allow it to perform the
2092 &man.basename.3; function on multiple files.</para>
2094 <para>&man.biff.1; now accepts a <option>b</option> argument to
2095 enable <quote>bell notification</quote> of new mail (which does
2096 not disturb the terminal contents as <command>biff y</command>
2097 would). &merged;</para>
2099 <para>&man.biff.1; now uses the first terminal associated with the
2100 standard input, standard output or standard error file
2101 descriptor, in that order. Thus, it is possible to use the
2102 redirection facilities of a shell (<command>biff n <
2103 /dev/ttyp1</command>) to toggle the notification for other
2106 <para arch="pc98" role="historic">&man.boot98cfg.8;, a PC-98 boot manager
2107 installation and configuration utility, has been
2108 added. &merged;</para>
2110 <para role="historic">&man.burncd.8; now supports a <option>-m</option> option for
2111 multisession mode (the default behavior now is to close disks as
2112 single-session). A <option>-l</option> option to take a list of
2113 image files from a filename was also added;
2114 <filename>-</filename> can be used as a filename for
2115 <literal>stdin</literal>. &merged;</para>
2117 <para>&man.burncd.8; now supports Disk At Once (DAO) mode,
2118 selectable via the <option>-d</option> flag.</para>
2120 <para>&man.burncd.8; now has the ability to write VCDs/SVCDs.</para>
2122 <para role="historic">&man.c89.1; has been converted from a shell script to a
2123 binary executable, fixing some minor bugs. &merged;</para>
2125 <para>&man.calendar.1; now takes a <option>-W</option> option,
2126 which operates similar to <option>-A</option> but without
2127 special treatment at weekends, and a <option>-F</option>option
2128 to change the notion of <quote>Friday</quote>.</para>
2130 <para arch="i386,pc98" role="historic">A minimalized version of &man.camcontrol.8; is
2131 now available on the installation floppy. This allows it to
2132 rescan for devices that have been connected after booting, or to
2133 show the devices attached to SCSI busses (e. g. from within the
2134 <quote>emergency holographic shell</quote>). &merged;</para>
2136 <para role="historic">&man.cat.1; now has the ability to read from UNIX-domain
2137 sockets. &merged;</para>
2139 <para>&man.catman.1; is now a C program, instead of a
2142 <para role="historic">&man.cdcontrol.1; now supports a <literal>cdid</literal>
2143 command, which calculates and displays the CD serial number,
2144 using the same algorithm used by the CDDB
2145 database. &merged;</para>
2147 <para role="historic">&man.cdcontrol.1; now uses the <envar>CDROM</envar>
2148 environment variable to pick a default device. &merged;</para>
2150 <para role="historic">&man.cdcontrol.1; now supports <literal>next</literal> and
2151 <literal>prev</literal> commands to skip forwards or backwards a
2152 specified number of tracks while playing an audio
2155 <para>On ATAPI CDROM drives, &man.cdcontrol.1; now supports a
2156 <literal>speed</literal> command to set the maximum speed to be
2157 used by the drive. &merged;</para>
2159 <para>&man.chflags.1; has moved from <filename>/usr/bin</filename>
2160 to <filename>/bin</filename>.</para>
2162 <para role="historic">&man.chio.1; now has the ability to specify elements by
2163 volume tag instead of by their physical location as well as the
2164 ability to return an element to its previous
2165 location. &merged;</para>
2167 <para>&man.chmod.1; now supports a <option>-h</option> for
2168 changing the mode of a symbolic link.</para>
2170 <para>&man.chmod.1; now also, when the mode is modified, prints
2171 the old and new modes if the <option>-v</option> option is
2172 specified more than once.</para>
2174 <para role="historic">&man.chown.8; now correctly follows symbolic links named as
2175 command line arguments if run without
2176 <option>-R</option>. &merged;</para>
2178 <para>&man.chown.8; no longer takes <literal>.</literal> as a
2179 user/group delimeter. This change was made to support usernames
2180 containing a <literal>.</literal>.</para>
2182 <para>Use of the <literal>CSMG_*</literal> macros no longer
2183 require inclusion of
2184 <filename><sys/param.h></filename></para>
2186 <para role="historic">&man.col.1; now takes a <option>-p</option> flag to force
2187 unknown control sequences to be passed through
2188 unchanged. &merged;</para>
2190 <para role="historic">The <filename>compat3x</filename> distribution has been
2191 updated to include libraries present in &os;
2192 3.5.1-RELEASE. &merged;</para>
2194 <para>A <filename>compat4x</filename> distribution has been added
2195 for compatibility with &os; 4-STABLE.</para>
2197 <para role="historic">&man.config.8; is now better about converting various
2198 warnings that should have been errors into actual fatal errors
2199 with an exit code. This ensures that <literal>make
2200 buildkernel</literal> doesn't quietly ignore them and build a
2201 bogus kernel without a human to read the errors. &merged;</para>
2203 <para role="historic">A number of buffer overflows in &man.config.8; have been
2204 fixed. &merged;</para>
2206 <para>&man.cp.1; now takes a (nonstandard) <option>-n</option>
2207 option to automatically answer <quote>no</quote> when it would
2208 ask to overwrite a file. &merged;</para>
2210 <para>A new &man.csplit.1; utility, which splits files based on
2211 context, has been added.</para>
2213 <para role="historic">&man.ctags.1; no longer creates a corrupt tags file if the
2214 source file used <literal>//</literal> (C++-style)
2215 comments. &merged;</para>
2217 <para>&man.ctags.1; now creates tags for typedefs, structs,
2218 unions, and enums by default (implying the <option>-t</option>
2219 option). The new <option>-T</option> reverts to the old
2222 <para>The &man.daemon.8; program, a command-line interface to
2223 &man.daemon.3;, has been added. It detaches itself from its
2224 controlling terminal and executes a program specified on the
2225 command line. This allows the user to run an arbitrary program
2226 as if it were written to be a daemon. &merged;</para>
2228 <para>&man.devinfo.8;, a simple tool to print the device tree and resource
2229 usage by devices, has been added.</para>
2231 <para role="historic">&man.df.1; now takes a <option>-l</option> option to only
2232 display information about locally-mounted
2233 filesystems. &merged;</para>
2235 <para role="historic">&man.disklabel.8; now supports partition sizes expressed in
2236 kilobytes, megabytes, or gigabytes, in addition to
2237 sectors. &merged;</para>
2239 <para>diskpart(8) has been declared obsolete, and has been
2242 <para role="historic">&man.dmesg.8; now has a <option>-a</option> option to show
2243 the entire message buffer, including &man.syslogd.8; records and
2244 <filename>/dev/console</filename> output. &merged;</para>
2246 <para role="historic">&man.du.1; now takes a <option>-I</option> command-line flag
2247 to ignore/skip files and subdirectories matching a specified
2248 shell-glob mask. &merged;</para>
2250 <para role="historic">&man.dump.8; now supports inheritance of the
2251 <literal>nodump</literal> flag down a hierarchy. &merged;</para>
2253 <para role="historic">The <option>-T</option> option to &man.dump.8; no longer
2254 swallows an extra argument. &merged;</para>
2256 <para role="historic">&man.dump.8; has a new <option>-D</option> option, allowing
2257 the path to the <filename>/etc/dumpdates</filename> file to be
2258 changed. &merged;</para>
2260 <para role="historic">&man.dump.8; now supplies progress information in its
2261 process title, useful for monitoring automated
2262 backups. &merged;</para>
2264 <para>&man.dump.8; now supports a new <option>-S</option> flag to allow
2265 it to just print out the dump size estimates and exit. &merged;</para>
2267 <para role="historic">&man.edquota.8; now takes a <option>-f</option> option to
2268 allow limiting the prototype quota distribution (specified with
2269 <option>-p</option>) to a single filesystem. &merged;</para>
2271 <para role="historic"><filename>/etc/rc.firewall</filename> and
2272 <filename>/etc/rc.firewall6</filename> will no longer add their own
2273 hardcoded rules in the cases of a rules file in the
2274 <varname>firewall_type</varname> variable or a non-existent
2275 firewall type. (The motivation for this change is to avoid
2276 acting on assumptions about a site's firewall policies.) In
2277 addition, the <literal>closed</literal> firewall type now works
2278 as documented in the &man.rc.firewall.8; manual page. &merged;</para>
2280 <para role="historic">The functionality of <filename>/etc/security</filename> has
2281 been been moved into a set of scripts under the &man.periodic.8;
2282 framework, to make local customization easier and more
2283 maintainable. These scripts now reside in
2284 <filename>/etc/periodic/security/</filename>. &merged;</para>
2286 <para>&man.expr.1; is now compliant with the POSIX Utility Syntax
2287 Guidelines. Some programs depend on the old, historic behavior
2288 (the <filename role="package">devel/libtool</filename>
2289 port/package was/is a notable example). In these situations,
2290 the <envar>EXPR_COMPAT</envar> environment variable can be
2291 defined, which causes &man.expr.1; to behave more like previous
2294 <para>&man.fbtab.5; now accepts glob matching patterns for target
2295 devices, not just individual devices and directories.</para>
2297 <para arch="i386">&man.fdisk.8; no longer attempts to search for a
2298 device if none has been specified on the command line, but
2299 instead tries to figure out the default device name from the
2302 <para>&man.fdread.1;, a program to read data from floppy disks,
2303 has been added. It is a counterpart to &man.fdwrite.1; and is
2304 designed to provide a means of recovering at least some data
2305 from bad media, and to obviate for a complex invocation of
2308 <para role="historic">&man.find.1; now takes the <option>-empty</option> flag,
2309 which returns true if a file or directory is
2310 empty. &merged;</para>
2312 <para role="historic">&man.find.1; now takes the <option>-iname</option> and
2313 <option>-ipath</option> primaries for case-insensitive matches,
2314 and the <option>-regexp</option> and <option>-iregexp</option>
2315 primaries for regular-expression matches. The
2316 <option>-E</option> flag now enables extended regular
2317 expressions. &merged;</para>
2319 <para role="historic">&man.find.1; now has the <option>-anewer</option>,
2320 <option>-cnewer</option>, <option>-mnewer</option>,
2321 <option>-okdir</option>, and <option>-newer[acm][acmt]</option>
2322 primaries for comparisons of file timestamps. The latter
2323 primaries can be specified with various units of
2324 time. &merged;</para>
2326 <para role="historic">&man.finger.1; now has the ability to support fingering
2327 aliases, via the &man.finger.conf.5; file. &merged;</para>
2329 <para>&man.finger.1; now has support for a
2330 <filename>.pubkey</filename> file. &merged;</para>
2332 <para>&man.finger.1; now supports a <option>-g</option> flag to
2333 restrict the printing of GECOS information to the user's full
2334 name only. &merged;</para>
2336 <para>&man.finger.1; now supports the <option>-4</option> and
2337 <option>-6</option> flags to specify an address family for
2338 remote queries. &merged;</para>
2340 <para role="historic">&man.fmt.1; has been rewritten; the rewrite fixes a number
2341 of bugs compared to its prior behavior. &merged;</para>
2343 <para role="historic">&man.fmtcheck.3;, a function for checking consistency of
2344 format string arguments, has been added. &merged;</para>
2346 <para>&man.fold.1; now supports a <option>-b</option> flag to
2347 break at byte positions and a <option>-s</option> flag to break at
2348 word boundaries. &merged;</para>
2350 <para role="historic">&man.fsdb.8; now supports a <literal>blocks</literal>
2351 command to list the blocks allocated by a particular
2352 inode. &merged;</para>
2354 <para>&man.fsck.8; wrappers have been imported; this feature
2355 provides infrastructure for &man.fsck.8; to work on different
2356 types of filesystems (analogous to &man.mount.8;).</para>
2358 <para>The behavior of &man.fsck.8; when dealing with various
2359 passes (a la <filename>/etc/fstab</filename>) has been modified
2360 to accommodate multiple-disk filesystems.</para>
2362 <para>&man.fsck.8; now has support for foreground
2363 (<option>-F</option>) and background (<option>-B</option>)
2364 checks. Traditionally, &man.fsck.8; is invoked before the
2365 filesystems are mounted and all checks are done to completion at
2366 that time. If background checking is available, &man.fsck.8; is
2367 invoked twice. It is first invoked at the traditional time,
2368 before the filesystems are mounted, with the <option>-F</option>
2369 flag to do checking on all the filesystems that cannot do
2370 background checking. It is then invoked a second time, after
2371 the system has completed going multiuser, with the
2372 <option>-B</option> flag to do checking on all the filesystems
2373 that can do background checking. Unlike the foreground
2374 checking, the background checking is started asynchronously so
2375 that other system activity can proceed even on the filesystems
2376 that are being checked. Boot-time enabling of this feature is
2378 <varname>background_fsck</varname> option in &man.rc.conf.5;.</para>
2380 <para role="historic">Shortly after the receipt of a <literal>SIGINFO</literal>
2381 signal (normally control-T from the controlling tty),
2382 &man.fsck.ffs.8; will now output a line indicating the current
2383 phase number and progress information relevant to the current
2384 phase. &merged;</para>
2386 <para>&man.fsck.ffs.8; now supports background filesystem checks
2387 to mounted FFS filesystems with the <option>-B</option> option
2388 (softupdates must be enabled on these filesystems). The
2389 <option>-F</option> flag now determines whether a specified
2390 filesystem needs foreground checking.</para>
2392 <para role="historic">A new &man.fsck.msdosfs.8; utility has been added to check
2393 the consistency of MS-DOS filesystems. &merged;</para>
2395 <para role="historic">&man.ftpd.8; now supports a <option>-r</option> flag for
2396 read-only mode and a <option>-E</option> flag to disable
2397 <literal>EPSV</literal>. It also has some fixes to reduce
2398 information leakage and the ability to specify compile-time port
2399 ranges. &merged;</para>
2401 <para>&man.ftpd.8; now supports the <option>-m</option> option
2402 to permit guest users to modify existing files if allowed
2403 by filesystem permissions.
2404 In particular, this enables guest users to resume uploads.
2407 <para>&man.ftpd.8; now supports the <option>-M</option> option
2408 to prevent guest users from creating directories.
2411 <para>&man.ftpd.8; now supports <option>-o</option> and
2412 <option>-O</option> options to disable the
2413 <literal>RETR</literal> command; the former for everybody, and
2414 the latter only for guest users. Coupled with
2415 <option>-A</option> and appropriate file permissions, these can
2416 be used to create a relatively safe anonymous FTP drop box for
2417 others to upload to. &merged;</para>
2419 <para>&man.ftpd.8; now supports the <option>-W</option> option
2420 to disable logging FTP sessions to &man.wtmp.5;. &merged;</para>
2422 <para arch="i386,pc98" role="historic">&man.gdb.1; now supports hardware
2423 watchpoints (using the kernel's debug register + support that
2424 has been introduced in &os; 4.0). &merged;</para>
2426 <para role="historic">The &man.getprogname.3; and &man.setprogname.3; library
2427 functions have been added to manipulate the name of the current
2428 program. They are used by error-reporting routines to produce
2429 consistent output. &merged;</para>
2431 <para>gifconfig(8) is obsolete and has been removed. Its
2432 functionality is now handled by the <option>tunnel</option> and
2433 <option>deletetunnel</option> commands of
2434 &man.ifconfig.8;.</para>
2436 <para>&man.gprof.1; now has a <option>-K</option> option to enable
2437 dynamic symbol resolution from the currently-running kernel.
2438 With this change, properly-compiled KLD modules are now able to
2441 <para arch="ia64">The gpt tool for manipulating EFI GPT
2442 partitions has been added.</para>
2444 <para role="historic">&man.growfs.8;, a utility for growing FFS filesystems, has
2445 been added. &man.ffsinfo.8;, a utility for dump all the
2446 meta-information of an existing filesystem, has also been
2447 added. &merged;</para>
2449 <para role="historic">The &man.groups.1; and &man.whoami.1; shell scripts are now
2450 unnecessary; their functionality has been completely folded into
2451 &man.id.1;. &merged;</para>
2453 <para>The ibcs(8), linux(8), osf1(8), and
2454 svr4(8) scripts, whose sole purpose was to load emulation
2455 kernel modules, have been removed. The kernel module system
2456 will automatically load them as needed to fulfill
2457 dependencies.</para>
2459 <para role="historic">&man.indent.1; has gained some new formatting
2460 options. &merged;</para>
2462 <para role="historic">&man.ifconfig.8; can set the link-layer address of
2463 an interface using the <option>link</option> parameter.
2466 <para role="historic">&man.ifconfig.8; can now accept addresses in slash/CIDR
2467 notation. &merged;</para>
2469 <para role="historic">&man.ifconfig.8; now has support for setting parameters for
2470 IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4;
2471 devices are supported, and partial support is provided for
2472 &man.awi.4; devices. &merged;</para>
2474 <para role="historic">&man.ifconfig.8; no longer displays the list of supported
2475 media by default. Instead it displays it when the
2476 <option>-m</option> flag is given. &merged;</para>
2478 <para>&man.ifconfig.8; now has the ability to set promiscuous mode
2479 on an interface, via the new <option>promisc</option>
2480 flag. &merged;</para>
2482 <para role="historic">The syntax of &man.inetd.8;'s support for &man.faithd.8; is
2483 now compatible with that of other BSDs. &merged;</para>
2485 <para role="historic">The <literal>ident</literal> protocol support in
2486 &man.inetd.8; has been cleaned up and updated. &merged;</para>
2488 <para role="historic">&man.inetd.8; now has the ability to manage UNIX-domain
2489 sockets. &merged;</para>
2491 <para>By default, &man.inetd.8; is no longer run by &man.rc.8; at
2492 boot-time, although &man.sysinstall.8; gives the option of
2493 enabling it during binary installations. &man.inetd.8; can also
2494 be enabled by adding the following line to
2495 <filename>/etc/rc.conf</filename>:</para>
2497 <programlisting>inetd_enable="YES"</programlisting>
2499 <para>&man.inetd.8; now has the capability for limiting the
2500 maximum number of simultaneous invocations of each service from
2501 a single IP address. &merged;</para>
2503 <para role="historic">&man.install.1; has a number of new features, including the
2504 <option>-b</option> and <option>-B</option> options for backing up
2505 existing target files and the <option>-S</option> option for
2506 <quote>safe</quote> (atomic copy) operation. The
2507 <option>-c</option> (copy) flag is now the default, and the
2508 <option>-D</option> (debugging) flag has been withdrawn.
2509 &man.install.1; now issues a warning if <option>-d</option>
2510 (create directories) and <option>-C</option> (copy changed files
2511 only) are used together. &merged;</para>
2513 <para role="historic">IP Filter is now supported by the &man.rc.conf.5; boot-time
2514 configuration and initialization. &merged;</para>
2516 <para role="historic">&man.ipfstat.8; now supports the <option>-t</option> option
2517 to turn on a &man.top.1;-like display. &merged;</para>
2519 <para role="historic">&man.ipfw.8; will now avoid the display of dynamic firewall
2520 rules unless the <option>-d</option> flag is passed to it. The
2521 <option>-e</option> option lists expired dynamic
2522 rules. &merged;</para>
2524 <para role="historic">&man.ipfw.8; has a new feature (<literal>me</literal>) that
2525 allows for packet matching on interfaces with
2526 dynamically-changing IP addresses. &merged;</para>
2528 <para role="historic">&man.ipfw.8; has a new <literal>limit</literal> type of
2529 firewall rule, which limits the number of sessions between
2530 address pairs. &merged;</para>
2532 <para>&man.ipfw.8; filter rules can now match on the value of the
2533 IPv4 precedence field.</para>
2535 <para role="historic">&man.ip6fw.8; now has the ability to use a preprocessor and
2536 use the <option>-q</option> (quiet) flag when reading from a
2537 file. &merged;</para>
2539 <para role="historic">&man.ispppcontrol.8; has been deleted, and its functionality
2540 has been folded into &man.spppcontrol.8;. &merged;</para>
2542 <para role="historic">&man.k5su.8; is no longer installed SUID
2543 <username>root</username> by default. Users requiring this
2544 feature can either manually change the permissions on the
2545 &man.k5su.8; executable or add
2546 <literal>ENABLE_SUID_K5SU=yes</literal> to
2547 <filename>/etc/make.conf</filename> before a source
2548 upgrade. &merged;</para>
2550 <para>&man.kbdmap.1; and &man.vidfont.1; have been converted from
2553 <para role="historic">&man.kenv.1;, a command to dump the kernel environment, has
2554 been added. &merged;</para>
2556 <para>&man.kenv.1; now has the ability to set or delete kernel
2557 environment variables.</para>
2559 <para role="historic">&man.keyinfo.1; is now a C program, rather than a Perl
2560 script. &merged;</para>
2562 <para>The kget(8) utility has been removed (it was only
2563 useful for UserConfig, which is not present in &os;
2564 &release.current;).</para>
2566 <para role="historic">&man.killall.1; is now a C program, rather than a Perl
2567 script. As a result, its <option>-m</option> option now uses
2568 the regular expression syntax of &man.regex.3;, rather than that
2569 of Perl. &merged;</para>
2571 <para>&man.killall.1; no longer tries to kill zombie processes
2572 unless the <option>-z</option> flag is specified.</para>
2574 <para role="historic">The &man.kldconfig.8; utility has been added to make it
2575 easier to manipulate the kernel module search
2576 path. &merged;</para>
2578 <para>ktrdump, a utility to dump the ktr trace buffer from
2579 userland, has been added.</para>
2581 <para role="historic">&man.last.1; now implements a <option>-d</option> that
2582 provides a <quote>snapshot</quote> of who was logged in at a
2583 particular date and time. &merged;</para>
2585 <para role="historic">&man.last.1; now supports a <option>-y</option> flag, which
2586 causes the year to be included in the session start time. &merged;</para>
2588 <para role="historic">The &man.lastlogin.8; utility, which prints the last login
2589 time of each user, has been imported from
2590 NetBSD. &merged;</para>
2592 <para role="historic">&man.ldconfig.8; now checks directory ownerships and
2593 permissions for greater security; these checks can be disabled
2594 with the <option>-i</option> flag. &merged;</para>
2596 <para role="historic">&man.ldd.1; can now be used on shared libraries, in addition
2597 to executables. &merged;</para>
2599 <para>&man.ldd.1; now supports a <option>-a</option> flag to list
2600 all the objects that are needed by each loaded object.</para>
2602 <para><filename>libc</filename> is now thread-safe by default;
2603 <filename>libc_r</filename> contains only thread
2606 <para role="historic"><filename>libcrypt</filename> and
2607 <filename>libdescrypt</filename> have been unified to provide a
2608 configurable password authentication hash library. Both the md5
2609 and des hash methods are provided unless the des hash is
2610 specifically compiled out. &merged;</para>
2612 <para role="historic"><filename>libcrypt</filename> now has support for Blowfish
2613 password hashing. &merged;</para>
2615 <para arch="i386" role="historic"><filename>libdisk</filename> can now do
2616 install-time configuration of the <filename>boot0</filename>
2617 boot loader. &merged;</para>
2619 <para role="historic"><filename>libstand</filename> now has support for
2620 filesystems containing
2621 <application>bzip2</application>-compressed
2622 files. &merged;</para>
2624 <para><filename>libstand</filename> now has support for
2625 overwriting the contents of a file on a UFS filesystem (it
2626 cannot expand or truncate files because the filesystem may be
2627 dirty or inconsistent).</para>
2629 <para role="historic"><filename>libstand</filename> now has support for loading
2630 large kernels and modules split across several physical
2631 media. &merged;</para>
2633 <para role="historic">The default TCP port range used by
2634 <filename>libfetch</filename> for passive FTP retrievals has
2635 changed; this affects the behavior of &man.fetch.1;, which has
2636 gained the <option>-U</option> option to restore the old
2637 behavior. &merged;</para>
2639 <para role="historic"><filename>libfetch</filename> now has support for an
2640 authentication callback. &merged;</para>
2642 <para role="historic"><filename>libfetch</filename> now has support for a
2643 <envar>HTTP_USER_AGENT</envar> environment
2644 variable. &merged;</para>
2646 <para><filename>libgmp</filename> has been superceded by
2647 <filename>libmp</filename>.
2649 <para>The functions from <filename>libposix1e</filename> have been
2650 integrated into <filename>libc</filename>.</para>
2652 <para role="historic"><filename>libusb</filename> has been renamed as
2653 <filename>libusbhid</filename>, following NetBSD's naming
2654 conventions. &merged;</para>
2656 <para role="historic">&man.ln.1; now takes an <option>-i</option> option to
2657 request user confirmation before overwriting an existing
2658 file. &merged;</para>
2660 <para role="historic">&man.ln.1; now takes a <option>-h</option> flag to avoid
2661 following a target that is a link, with a <option>-n</option>
2662 flag for compatibility with other
2663 implementations. &merged;</para>
2665 <para>&man.lock.1; now accepts a <option>-v</option> to disable
2666 switching VTYs while the current terminal is locked. This permits
2667 locking the entire console from a single terminal.</para>
2669 <para role="historic">&man.logger.1; can now send messages directly to a remote
2670 syslog. &merged;</para>
2672 <para role="historic">&man.login.1; now exports environment variables set by
2673 <application>PAM</application> modules. &merged;</para>
2675 <para role="historic">&man.lpc.8; has been improved; <command>lpc clean</command>
2676 is now somewhat safer, and a new <command>lpc tclean</command>
2677 command has been added to check to see what files would be
2678 removed by <command>lpc clean</command>. &merged;</para>
2680 <para role="historic">&man.lpd.8; now takes two new options: <option>-c</option>
2681 will log all connection errors to &man.syslogd.8;, while
2682 <option>-W</option> will allow connections from non-reserved
2683 ports. &merged;</para>
2685 <para role="historic">&man.lpd.8; now has some support for
2686 <literal>o</literal>-type print-file actions in its control
2687 files, which allows printing of PostScript files generated by
2688 <application>MacOS</application> 10.1. &merged;</para>
2690 <para role="historic">&man.lpd.8; now recognizes the <option>-s</option> flag as
2691 the preferred synonym for <option>-p</option> (these flags
2692 cause &man.lpd.8; not to open a socket for network print
2693 jobs). &merged;</para>
2695 <para role="historic">&man.lpd.8; now implements a new <literal>rc</literal>
2696 printcap option. When specified in a print queue for a remote
2697 host, boolean option causes &man.lpd.8; to resend the data file
2698 for each copy the user requested via <command>lpr
2699 -#<replaceable>n</replaceable></command>. &merged;</para>
2701 <para role="historic">Catching up with most other network utilities in the base
2702 system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and
2703 &man.logger.1; are now all IPv6-capable. &merged;</para>
2705 <para role="historic"><command>lprm -</command> now works for remote printer
2706 queues. &merged;</para>
2708 <para role="historic">&man.ls.1; can produce colorized listings with the
2709 <option>-G</option> flag (and appropriate terminal support).
2710 The <envar>CLICOLOR</envar> environment variable can be set to
2711 enable colorized listings by default. &merged;</para>
2713 <para role="historic">&man.ls.1; now accepts a <option>-h</option> flag, which
2714 when combined with the <option>-l</option> flag, causes file
2715 sizes to be printed with unit suffixes, such that the number of
2716 digits printed is fewer than four. &merged;</para>
2718 <para>The &man.ls.1; program now supports a <option>-m</option>
2719 flag to list files across a page, a <option>-p</option> flag to
2720 force printing of a <literal>/</literal> after directories, and
2721 a <option>-x</option> flag to sort filenames across a
2722 page. &merged;</para>
2724 <para role="historic">&man.m4.1; now accepts a <option>-s</option> flag to cause
2725 it to emit <literal>#line</literal> directives for use by
2726 &man.cpp.1;. &merged;</para>
2728 <para role="historic">&man.mail.1; now takes a <option>-E</option> flag to avoid
2729 sending messages with empty bodies. &merged;</para>
2731 <para role="historic">&man.make.1; has gained the <literal>:C///</literal>
2732 (regular expression substitution), <literal>:L</literal>
2733 (lowercase), and <literal>:U</literal> (uppercase) variable
2734 modifiers. These were added to reduce the differences between
2735 the &os; and OpenBSD/NetBSD &man.make.1; programs.
2738 <para role="historic">Bugs in &man.make.1;, among which include broken null suffix
2739 behavior, bad assumptions about current directory permissions,
2740 and potential buffer overflows, have been fixed. &merged;</para>
2742 <para role="historic">The new <varname>CPUTYPE</varname>
2743 <filename>make.conf</filename> variable controls the compilation
2744 of processor-specific optimizations in various pieces of code
2745 such as <application>OpenSSL</application>. &merged;</para>
2747 <para role="historic">The &os; <filename>Makefile</filename> infrastructure now
2748 supports the <varname>WARNS</varname> directive from NetBSD.
2749 This directive controls the addition of compiler warning flags
2750 to <varname>CFLAGS</varname> in a relatively compiler-neutral
2751 manner. &merged;</para>
2753 <para>&man.makewhatis.1; is now a C program, instead of a
2756 <para>&man.man.1; is no longer installed SUID
2757 <username>man</username>, in order to reduce vulnerabilities
2758 associated with generating <quote>catpages</quote> (preformatted
2759 manual pages cached for repeated viewing). As a result,
2760 &man.man.1; can no longer create system catpages on a regular
2761 user's behalf. It is still able to do so if the user has write
2762 permissions to the directory holding catpages (e.g. a user's own
2763 manpages) or if the running user is
2764 <username>root</username>.</para>
2766 <para arch="ia64">The mca utility, for decoding machine check
2767 records, has been added.</para>
2769 <para>The &man.mdmfs.8; command has been added; it is a wrapper
2770 around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and
2771 &man.mount.8; that mimics the command line option set of the
2772 deprecated &man.mount.mfs.8;.</para>
2774 <para role="historic">&man.mergemaster.8; now sources an
2775 <filename>/etc/mergemaster.rc</filename> file and also prompts
2776 the user to run recommended commands (such as
2777 <command>newaliases</command>) as needed. &merged;</para>
2779 <para role="historic">&man.mergemaster.8; now supports two new flags.
2780 The <option>-p</option> flag enables a
2781 <quote>pre-<literal>buildworld</literal></quote> mode to files
2782 known to be essential to the success of the
2783 <literal>buildworld</literal> and
2784 <literal>installworld</literal> system updating steps. The
2785 <option>-C</option> flag, used after a successful
2786 &man.mergemaster.8; run, compares options in
2787 <filename>/etc/rc.conf</filename> to the default options in
2788 <filename>/etc/defaults/rc.conf</filename>. &merged;</para>
2790 <para>&man.mesg.1; now conforms to SUSv3. Among other things, it
2791 now uses the first terminal associated with the standard input,
2792 standard output or standard error file descriptor, in that order.
2793 Thus, it is possible to use the redirection facilities of a shell
2794 (<command>mesg n < /dev/ttyp1</command>) to control write access
2795 for other terminals.</para>
2797 <para role="historic">mk_cmds(1) and the associated
2798 <filename>libss</filename> have been removed; they have been
2799 unused for quite some time. &merged;</para>
2801 <para>&man.mountd.8; and &man.nfsd.8; have moved from
2802 <filename>/sbin</filename> to <filename>/usr/sbin</filename>.</para>
2804 <para role="historic">&man.moused.8; now takes a <option>-a</option> option to
2805 control mouse acceleration. &merged;</para>
2807 <para role="historic">&man.mtree.8; now includes support for a file that lists
2808 pathnames to be excluded when creating and verifying prototypes.
2809 This makes it easier to use &man.mtree.8; as a part of an
2810 intrusion-detection system. &merged;</para>
2812 <para>&man.mv.1; now takes a (nonstandard) <option>-n</option> option to
2813 automatically answer <quote>no</quote> when it would ask to
2814 overwrite a file. &merged;</para>
2816 <para role="historic">&man.natd.8; now supports a
2817 <option>-log_ipfw_denied</option> option to log packets that
2818 cannot be re-injected because they are blocked by &man.ipfw.8;
2819 rules. &merged;</para>
2821 <para role="historic">The <quote>in use</quote> percentage metric displayed by
2822 &man.netstat.1; now really reflects the percentage of network
2823 mbufs used. &merged;</para>
2825 <para role="historic">&man.netstat.1; now has a <option>-W</option> flag that
2826 tells it not to truncate addresses, even if they're too long for
2827 the column they're printed in. &merged;</para>
2829 <para role="historic">&man.netstat.1; now keeps track of input and output packets
2830 on a per-address basis for each interface. &merged;</para>
2832 <para role="historic">&man.netstat.1; now has a <option>-z</option> flag to reset
2833 statistics. &merged;</para>
2835 <para role="historic">&man.netstat.1; now has a <option>-S</option> flag to print
2836 address numerically but port names symbolically. &merged;</para>
2838 <para role="historic">&man.newfs.8; now implements write combining, which can make
2839 creation of new filesystems up to seven times
2840 faster. &merged;</para>
2842 <para role="historic">&man.newfs.8; now takes a <option>-U</option> option to
2843 enable softupdates on a new filesystem. &merged;</para>
2845 <para role="historic">The default number of cylinders per group in &man.newfs.8;
2846 is now computed to be the maximum allowable given the current
2847 filesystem parameters. It can be overridden with the
2848 <option>-c</option> option. Formerly, the default was fixed at
2849 16. This change leads to better &man.fsck.8; performance and
2850 reduced fragmentation. &merged;</para>
2852 <para role="historic"><anchor id="newfs-block-frag-sizes">The default block and
2853 fragment sizes for new filesystems created by &man.newfs.8; are
2854 now 16384 and 2048 bytes, respectively (the old defaults were
2855 8192 and 1024 bytes). This change generally provides increased
2856 performance, at the expense of some wasted disk
2857 space. &merged;</para>
2859 <para>A number of archaic features of &man.newfs.8; have been
2860 removed; these implement tuning features that are essentially
2861 useless on modern hard disks. These features were controlled by
2862 the <option>-O</option>, <option>-d</option>,
2863 <option>-k</option>, <option>-l</option>, <option>-n</option>,
2864 <option>-p</option>, <option>-r</option>, <option>-t</option>,
2865 and <option>-x</option> flags.</para>
2867 <para>&man.newfs.8; now supports a <option>-O</option> flag to
2868 select the creation of UFS1 or UFS2 filesystems.</para>
2870 <para>The &man.newgrp.1; utility to change to a new group has been
2873 <para role="historic">&man.newsyslog.8; now has the ability to compress log files
2874 using &man.bzip2.1;. &merged;</para>
2876 <para><application>NFS</application> now works over IPv6.</para>
2878 <para role="historic">&man.ngctl.8; now supports a <option>write</option> command
2879 to send a data packet down a given hook. &merged;</para>
2881 <para>&man.nice.1; now uses the <option>-n</option> option to
2882 specify the <quote>niceness</quote> of the utility being
2883 run. &merged;</para>
2885 <para role="historic">&man.nl.1;, a line numbering filter program, has been
2886 added. &merged;</para>
2888 <para><application>nsswitch</application> support has been merged
2889 from NetBSD. By creating an &man.nsswitch.conf.5; file, &os;
2890 can be configured so that various databases such as
2891 &man.passwd.5; and &man.group.5; can be looked up using flat
2892 files, NIS, or Hesiod. The old
2893 <filename>hosts.conf</filename> file is no longer used.</para>
2895 <para>&man.od.1; now supports the <option>-A</option> option to
2896 specify the input address base, the <option>-N</option> option to
2897 specify the number of bytes to dump, the <option>-j</option>
2898 option to specify the number of bytes to skip, the
2899 <option>-s</option> option to output signed decimal shorts, and
2900 the <option>-t</option> option to specify output type. &merged;</para>
2902 <para><application>PAM</application> support has been added for
2903 account management and sessions.</para>
2905 <para><application>PAM</application> configuration is now
2906 specified by files in <filename>/etc/pam.d/</filename>, rather
2907 than a single <filename>/etc/pam.conf</filename> file.
2908 <filename>/etc/pam.d/README</filename> has more details.</para>
2910 <para>A &man.pam.echo.8; echo service module has been added.</para>
2912 <para>A &man.pam.exec.8; program execution service module has been
2915 <para>A &man.pam.ftp.8; module has been added to allow
2916 authentication of anonymous FTP users.</para>
2918 <para>A &man.pam.ftpusers.8; module has been added to perform
2919 checks against the &man.ftpusers.5; file.</para>
2921 <para>A &man.pam.ksu.8; module has been added to do Kerberos 5
2922 authentication and <filename>$HOME/.k5login</filename>
2923 authorization for &man.su.1;.</para>
2925 <para>A &man.pam.lastlog.8; module has been added to record
2926 sessions in the &man.utmp.5;, &man.wtmp.5;, and &man.lastlog.5;
2929 <para>A &man.pam.login.access.8; module has been added, to allow
2930 checking against <filename>/etc/login.access</filename>.</para>
2932 <para>The &man.pam.nologin.8; module, which can disallow logins
2933 using &man.nologin.5;, has been added.</para>
2935 <para>The &man.pam.opie.8; and &man.pam.opieaccess.8; modules have
2936 been added to control authentication via &man.opie.4;. &merged;</para>
2938 <para>A &man.pam.passwdqc.8; module has been added, to check the
2939 quality of passwords submitted during password changes.</para>
2941 <para>A &man.pam.rhosts.8; module has been added to support
2942 &man.rhosts.5; authentication.</para>
2944 <para>The &man.pam.rootok.8; module, which can be used to
2945 authenticate only the superuser, has been added.</para>
2947 <para>A &man.pam.securetty.8; module has been added to check the
2948 <quote>security</quote> of a TTY, as listed in &man.ttys.5;.</para>
2950 <para>A &man.pam.self.8; module, which allows self-authentication
2951 of a user, has been added.</para>
2953 <para role="historic">A &man.pam.ssh.8; module has been added to allow the use of
2954 SSH passphrases and keypairs for authentication. This module
2955 also handles session management by invoking
2956 &man.ssh-agent.1;. &merged;</para>
2958 <para>A &man.pam.wheel.8; module has been added to permit
2959 authentication to members of a group, which defaults to
2960 <groupname>wheel</groupname>.</para>
2962 <para role="historic">&man.passwd.1; and &man.pw.8; now select the password hash
2963 algorithm at run time. See the <literal>passwd_format</literal>
2965 <filename>/etc/login.conf</filename>. &merged;</para>
2967 <para role="historic">&man.patch.1; now accepts a <option>-i</option> command-line
2968 flag to read a patch from a file, rather than standard
2969 input. &merged;</para>
2971 <para>The &man.pathchk.1; utility, which checks pathnames for
2972 validity or portability between POSIX systems, has been
2975 <para role="historic">&man.pax.1; has received a number of enhancements, including
2976 &man.cpio.1; functionality, &man.tar.1; compatibility
2977 enhancements, <option>-z</option> and <option>-Z</option> flags
2978 for &man.gzip.1; and &man.compress.1; functionality, and a
2979 number of bug fixes. &merged;</para>
2981 <para role="historic">&man.pciconf.8; now supports a <option>-v</option> option to
2982 display the vendor/device information of configured devices, in
2983 conjunction with the <option>-l</option> option. The default
2984 vendor/device database can be found at
2985 <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para>
2987 <para role="historic">The behavior of &man.periodic.8; is now controlled by
2988 <filename>/etc/defaults/periodic.conf</filename> and
2989 <filename>/etc/periodic.conf</filename>. &merged;</para>
2991 <para role="historic">&man.ping.8; now supports a <option>-m</option> option to
2992 set the TTL of outgoing packets. &merged;</para>
2994 <para role="historic">&man.ping.8; now supports a <option>-A</option> option to
2995 beep when packets are lost. &merged;</para>
2997 <para role="historic">Userland &man.ppp.8; has received a number of updates and
2998 bug fixes. &merged;</para>
3000 <para role="historic">&man.ppp.8; has gained the <literal>tcpmssfixup</literal>
3001 option, which adjusts outgoing and incoming TCP SYN packets so
3002 that the maximum receive segment size is no larger than allowed
3003 by the interface MTU. &merged;</para>
3005 <para role="historic">&man.ppp.8; now supports IPv6. &merged;</para>
3007 <para role="historic">&man.pppd.8; (the control program for kernel-level PPP) is
3008 now installed mode <literal>4550</literal> and
3009 <username>root</username><literal>:</literal><groupname>dialer</groupname>,
3010 rather than mode <literal>4555</literal> (in other words, it is
3011 no longer world-executable). Users of &man.pppd.8; may need to
3012 change their group settings. &merged;</para>
3014 <para role="historic">&man.pr.1; now supports the <option>-f</option> and
3015 <option>-p</option> flags to pause output going to a
3016 terminal. &merged;</para>
3018 <para>prefix(8) is obsolete and has been removed. Its
3019 functionality is provided by the <option>eui64</option> command
3020 to &man.ifconfig.8;.</para>
3022 <para role="historic">The <option>-W</option> option to &man.ps.1; (to extract
3023 information from a specified swap device) has been useless for
3024 some time; it has been removed. &merged;</para>
3026 <para>The &man.pselect.3; library function (introduced by POSIX.1
3027 as a slightly stronger version of &man.select.2;) has been
3030 <para role="historic">&man.pwd.1; can now double as &man.realpath.1;, a program to
3031 resolve pathnames to their underlying physical
3032 paths. &merged;</para>
3034 <para>&man.pwd.1; now supports the <option>-L</option> flag to
3035 print the logical current working directory. &merged;</para>
3037 <para>The pseudo-random number generator implemented by
3038 &man.rand.3; has been improved to provide less biased
3041 <para role="historic">&man.rc.8; now has an framework for handling dependencies
3042 between &man.rc.conf.5; variables. &merged;</para>
3044 <para role="historic">&man.rc.8; now deletes all non-directory files in
3045 <filename>/var/run</filename> and
3046 <filename>/var/spool/lock</filename> at boot
3047 time. &merged;</para>
3049 <para>&man.rcmd.3; now supports the use of the
3050 <envar>RSH</envar> environment variable to specify a program to
3051 use other than &man.rsh.1; for remote execution. As a result,
3052 programs such as &man.dump.8;, can use &man.ssh.1; for remote
3055 <para>&man.rdist.1; has been retired from the base system, but is
3056 still available from &os; Ports Collection as
3057 <filename role="package">net/44bsd-rdist</filename>.</para>
3059 <para role="historic">&man.reboot.8; now takes a <option>-k</option> to specify
3060 the next kernel to boot. &merged;</para>
3062 <para>The &man.renice.8; command implements a <option>-n</option>
3063 option, which specifies an increment to be applied to the
3064 priority of a process. &merged;</para>
3066 <para role="historic">The &man.resolver.3; in &os; now implements EDNS0 support,
3067 which will be necessary when working with IPv6 transport-ready
3068 resolvers/DNS servers. &merged;</para>
3070 <para role="historic">The &man.rfork.thread.3; library call has been added as a
3071 helper function to &man.rfork.2;. Using this function should
3072 avoid the need to implement complex stack swap
3073 code. &merged;</para>
3075 <para role="historic">The <option>-v</option> option to &man.rm.1; now displays
3076 the entire pathname of a file being removed. &merged;</para>
3078 <para role="historic">&man.route.8; is now more verbose when changing indirect
3079 routes, in the case of a gateway route that is the same route as
3080 the one being modified. &merged;</para>
3082 <para role="historic">&man.route.8; now uses
3083 <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal>
3085 <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal>
3086 syntax, for compatibility with &man.netstat.1;. &merged;</para>
3088 <para role="historic">&man.route.8; can now create <quote>proxy only</quote>
3089 published ARP entries. &merged;</para>
3091 <para role="historic">The &man.route.8; <option>add</option> command now supports
3092 the <option>-ifp</option> and <option>-ifa</option>
3093 modifiers. &merged;</para>
3095 <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para>
3097 <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename>
3099 <filename>/usr/libexec/cpp</filename>.</para>
3101 <para>&man.rpc.lockd.8; has been imported from NetBSD. This
3102 daemon provides support for servicing client NFS locks.</para>
3104 <para role="historic">The performance of the ELF dynamic linker &man.rtld.1; has
3105 been improved. &merged;</para>
3107 <para role="historic">RSA Security has waived all patent rights to the
3108 <application>RSA</application> algorithm. As a result, the
3109 native <application>OpenSSL</application> implementation of the
3110 RSA algorithm is now activated by default, and the <filename
3111 role="package">security/rsaref</filename> port and the
3112 <filename>librsaUSA</filename> and
3113 <filename>librsaINTL</filename> libraries are no longer required
3114 for USA and non-USA residents respectively. &merged;</para>
3116 <para>&man.rtld.1; will now print the names of all objects that
3117 cause each object to be loaded, if the
3118 <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment
3119 variable is defined.</para>
3121 <para role="historic">&man.savecore.8; now supports a <option>-k</option> option
3122 to prevent clearing a crash dump after saving it. It also
3123 attempts to avoid writing large stretches of zeros to crash dump
3124 files to save space and time. &merged;</para>
3126 <para role="historic">&man.savecore.8; now works correctly on machines with 2 GB
3127 or more of RAM. &merged;</para>
3129 <para role="historic">&man.sed.1; now takes a <option>-E</option> option for
3130 extended regular expression support. &merged;</para>
3132 <para>&man.sed.1; now takes a <option>-i</option> option to enable
3133 in-place editing of files. &merged;</para>
3135 <para role="historic">&man.send-pr.1; now takes a <option>-a</option> option to
3136 include a file into the <literal>Fix:</literal> section of a
3137 problem report. &merged;</para>
3139 <para>The &man.setfacl.1; and &man.getfacl.1; commands have been
3140 added to manage filesystem Access Control Lists.</para>
3142 <para role="historic">&man.setproctitle.3; has been moved from
3143 <filename>libutil</filename> to
3144 <filename>libc</filename>. &merged;</para>
3146 <para role="historic">&man.sh.1; now implements <command>test</command> as a
3147 built-in command for improved efficiency. &merged;</para>
3149 <para>&man.sh.1; no longer implements <command>printf</command> as
3150 a built-in command because it was considered less valuable
3151 compared to the other built-in commands (this functionality is,
3152 of course, still available through the &man.printf.1;
3155 <para>&man.sh.1; now supports a <option>-C</option> option to
3156 prevent existing regular files from being overwritten by output
3157 redirection, and a <option>-u</option> to give an error if an
3158 unset variable is expanded. &merged;</para>
3160 <para>The &man.sh.1; built-in <command>cd</command> command now
3161 supports <option>-L</option> and <option>-P</option> flags to
3162 invoke logical or physical modes of operation, respectively.
3163 Logical mode is the default, but the default can be changed with
3164 the <varname>physical</varname> &man.sh.1; option. &merged;</para>
3166 <para>The &man.sh.1; built-in <command>jobs</command> command now
3167 supports a <option>-s</option> flag to output PIDs only and a
3168 <option>-l</option> flag to add PIDs to the output. &merged;</para>
3170 <para>&man.sh.1; now supports a <command>bind</command> built-in
3171 command, which allows the key bindings for the shell's line editor
3172 to be changed.</para>
3174 <para>The &man.sh.1; built-in <command>export</command> and
3175 <command>readonly</command> commands now support a
3176 <option>-p</option> flag to print their output in
3177 <quote>portable</quote> format. &merged;</para>
3179 <para>&man.sh.1; no longer accepts invalid constructs as
3180 <command><replaceable>command</replaceable> & &&
3181 <replaceable>command</replaceable></command>, <command>&&
3182 <replaceable>command</replaceable></command>, or <command>||
3183 <replaceable>command</replaceable></command>. &merged;</para>
3185 <para role="historic">&man.sockstat.1; now has <option>-c</option> and
3186 <option>-l</option> flags for listing connected and listening
3187 sockets, respectively. &merged;</para>
3189 <para>&man.spkrtest.8; is now a &man.sh.1; script, rather than a
3192 <para role="historic">&man.split.1; now has the ability to split a file longer
3193 than 2GB. &merged;</para>
3195 <para>&man.split.1; now supports a <option>-a</option> option to
3196 specify the number of letters to use for the suffix of split
3197 files. &merged;</para>
3199 <para>In preparation for meeting SUSv2/POSIX
3200 <filename><sys/select.h></filename> requirements,
3201 <literal>struct selinfo</literal> and related functions have been
3202 moved to <filename><sys/selinfo.h></filename>.</para>
3204 <para role="historic">The &man.strnstr.3; and &man.strcasestr.3; variants of
3205 &man.strstr.3; have been implemented. &merged;</para>
3207 <para role="historic">&man.stty.1; now has support for an
3208 <literal>erase2</literal> control character, so that, for
3209 example, both the <keycap>Delete</keycap> and
3210 <keycap>Backspace</keycap> keys can be used to erase
3211 characters. &merged;</para>
3213 <para>&man.su.1; now uses <application>PAM</application> for
3214 authentication.</para>
3216 <para role="historic">Boot-time &man.syscons.4; configuration was moved to a
3218 <filename>/etc/rc.syscons</filename>. &merged;</para>
3220 <para role="historic">&man.sysctl.8; now supports a <option>-N</option> option to
3221 print out variable names only. &merged;</para>
3223 <para role="historic">&man.sysctl.8; has replaced the <option>-A</option> and
3224 <option>-X</option> options with <option>-ao</option> and
3225 <option>-ax</option> respectively; the former options are now
3226 deprecated. The <option>-w</option> option is deprecated as
3227 well; it is not needed to determine the user's
3228 intentions. &merged;</para>
3230 <para role="historic">&man.sysctl.8; now supports a <option>-e</option> option to
3231 separate variable names and values by <literal>=</literal>
3232 rather than <literal>:</literal>. This feature is useful for
3233 producing output that can be fed back to
3234 &man.sysctl.8;. &merged;</para>
3236 <para>&man.sysctl.8; now accepts a <option>-d</option> flag to print
3237 the descriptions of variables.</para>
3239 <para role="historic">&man.sysinstall.8; now properly preserves
3240 <filename>/etc/mail</filename> during a binary
3241 upgrade. &merged;</para>
3243 <para role="historic">&man.sysinstall.8; now uses some more intuitive defaults
3244 thanks to some new dialog support functions. &merged;</para>
3246 <para>The default root partition in &man.sysinstall.8; is now
3247 100MB on the i386 and pc98, 120MB on the Alpha.</para>
3249 <para>&man.sysinstall.8; now lives in
3250 <filename>/usr/sbin</filename>, which simplifies the
3251 installation process. The &man.sysinstall.8; manpage is also
3252 installed in a more consistent fashion now.</para>
3254 <para role="historic">&man.sysinstall.8; now has the ability to load KLDs as a
3255 part of the installation. &merged;</para>
3257 <para role="historic">When run from the installation media, &man.sysinstall.8;
3258 will automatically load any device drivers found in the
3259 <filename>/stand/modules</filename> directory of the
3260 <literal>mfsroot</literal> floppy or filesystem image. Note
3261 that any drivers so loaded will not appear in the kernel's boot
3262 messages; the &man.sysinstall.8; debugging screen will provide
3263 additional information. &merged;</para>
3265 <para role="historic">&man.sysinstall.8; now enables Soft Updates by default on
3266 all filesystems it creates, except for the root
3267 filesystem. &merged;</para>
3269 <para role="historic">&man.sysinstall.8; has received updates for its
3270 <quote>auto</quote> partitioning mode which provide more
3271 reasonable defaults for the sizes of partitions that are
3272 created; auto-sized partitions can now also recover the space
3273 that becomes available when other partitions are
3274 deleted. &merged;</para>
3276 <para>&man.sysinstall.8; no longer mounts the &man.procfs.5;
3277 filesystem by default on new installs.</para>
3279 <para role="historic">&man.sysinstall.8; now has rudimentary support for
3280 retrieving packages from the correct volume of a multiple-volume
3281 installation (such as a multi-CD distribution). &merged;</para>
3283 <para role="historic">&man.syslogd.8; can take a <option>-n</option> option to
3284 disable DNS queries for every request. &merged;</para>
3286 <para role="historic">&man.syslogd.8; now supports a
3287 <literal>LOG_CONSOLE</literal> facility (disabled by default),
3288 which can be used to log <filename>/dev/console</filename>
3289 output. &merged;</para>
3291 <para role="historic">&man.syslogd.8; now has the ability to bind to a specific
3292 address (as opposed to using every available one) via the
3293 <option>-b</option> option. &merged;</para>
3295 <para role="historic">&man.syslogd.8; now accepts a <option>-c</option> flag to
3296 disable repeated line compression. &merged;</para>
3298 <para>&man.tabs.1;, a utility to set terminal tab stops, has been
3301 <para role="historic">&man.tail.1; now has the ability to work on files longer
3302 than 2GB. &merged;</para>
3304 <para role="historic">&man.tar.1; now supports the <varname>TAR_RSH</varname>
3305 variable, principally to enable the use of &man.ssh.1; as a
3306 transport. &merged;</para>
3308 <para role="historic">&man.telnet.1; now does autologin and encryption by default;
3309 a new <option>-y</option> option turns off encryption. &merged;</para>
3311 <para role="historic">&man.telnet.1; now supports a <option>-u</option> flag to
3312 allow connections to UNIX-domain (<literal>AF_UNIX</literal>)
3313 sockets. &merged;</para>
3315 <para>The &man.termcap.5; database now uses the
3316 <literal>xterm</literal> terminal type from
3317 <application>XFree86</application>. As a result, &man.xterm.1;
3318 now supports color by default and the common workaround of
3319 setting <varname>TERM</varname> to <literal>xterm-color</literal>
3320 is no longer necessary. Use of the
3321 <literal>xterm-color</literal> terminal type may result in
3322 (benign) warnings from applications.</para>
3324 <para role="historic">&man.tftp.1; and &man.tftpd.8; now support IPv6. &merged;</para>
3326 <para role="historic">&man.tftpd.8; now takes the <option>-c</option> and
3327 <option>-C</option> options, which allow the server to
3328 &man.chroot.2; based on the IP address of the connecting client.
3329 &man.tftp.1; and &man.tftpd.8; can now transfer files larger
3330 than 65535 blocks. &merged;</para>
3332 <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval
3333 and Transfer Size Options); this feature is required by some
3334 firmware like EFI boot managers (at least on HP i2000 Itanium
3335 servers) in order to boot an image using
3336 <application>TFTP</application>.</para>
3338 <para arch="alpha">&man.timed.8; now works on the alpha.</para>
3340 <para>A version of Transport Independent RPC
3341 (<application>TI-RPC</application>) has been imported.</para>
3343 <para role="historic">&man.tmpnam.3; will now use the <envar>TMPDIR</envar>
3344 environment variable, if set, to specify the location of
3345 temporary files. &merged;</para>
3347 <para>&man.tip.1; has been updated from
3348 <application>OpenBSD</application>, and has the ability to act
3349 as a &man.cu.1; substitute.</para>
3351 <para>&man.top.1; will now use the full width of its tty.</para>
3353 <para>&man.touch.1; now takes a <option>-h</option> option to
3354 operate on a symbolic link, rather than what the link points
3357 <para>&man.tr.1; now has basic support for equivalence classes
3358 for locales that support them. &merged;</para>
3360 <para>&man.tr.1; now supports a <option>-C</option> flag to
3361 complement the set of characters specified by the first string
3364 <para role="historic">The &man.truncate.1; utility, which truncates or extends the
3365 length of files, has been added. &merged;</para>
3367 <para role="historic">Ukrainian language support has been added to the &os;
3368 console. &merged;</para>
3370 <para><application>UUCP</application> has been removed from the
3371 base system. It can be found in the Ports Collection, in
3372 <filename role="package">net/freebsd-uucp</filename>.</para>
3374 <para>&man.unexpand.1; now supports a <option>-t</option> to
3375 specify tabstops analogous to &man.expand.1;. &merged;</para>
3377 <para role="historic">&man.units.1; has received some updates and
3378 bugfixes. &merged;</para>
3380 <para>&man.usbdevs.8; now supports a <option>-d</option> flag to
3381 show the device driver associated with each device.</para>
3383 <para role="historic">The &man.usbhidctl.1; utility has been added to manipulate
3384 USB Human Interface Devices. &merged;</para>
3386 <para role="historic">&man.uuencode.1; and &man.uudecode.1; now accept a <option>-o</option> option to
3387 set their output files. &man.uuencode.1; can now be made to do base64 encoding
3388 when given the <option>-m</option> flag, while &man.uudecode.1;
3389 can now automatically decode base64 files. &merged;</para>
3391 <para>The base64 capabilities of &man.uuencode.1; and
3392 &man.uudecode.1; can now be automatically enabled by invoking
3393 these utilities as &man.b64encode.1; and &man.b64decode.1;
3394 respectively.</para>
3396 <para>The &man.uuidgen.1; utility has been added. It uses the new
3397 &man.uuidgen.2; system call to generate one or more Universally
3398 Unique Identifiers compatible with OSF/DCE 1.1 version 1
3401 <para role="historic">&man.vidcontrol.1; now accepts a <option>-g</option>
3402 parameter to select custom text geometry in the
3403 <literal>VESA_800x600</literal> raster text mode. &merged;</para>
3405 <para role="historic">&man.vidcontrol.1; now allows the user to omit the font size
3406 specification when loading a font, and has some better
3407 error-handling. &merged;</para>
3409 <para role="historic">&man.vidcontrol.1; now supports a <option>-p</option> option
3410 to take a snapshot of a &man.syscons.4; video buffer. These
3411 snapshots can be manipulated by the
3412 <filename role="package">graphics/scr2png</filename> utility in
3413 the Ports Collection. &merged;</para>
3415 <para role="historic">&man.vidcontrol.1; now supports a <option>-C</option> option
3416 to clear the history buffer for a given tty, as well as a
3417 <option>-h</option> option to set the size of the history
3418 buffer. &merged;</para>
3420 <para>&man.vidcontrol.1; now accepts a <option>-S</option> to
3421 allow the user to disable VTY switching.</para>
3423 <para>The default stripe size in &man.vinum.8; has been changed
3424 from 256KB to 279KB, to spread out superblocks more evenly
3425 between stripes.</para>
3427 <para role="historic">&man.wall.1; now supports a <option>-g</option> flag to
3428 write a message to all users of a given group. &merged;</para>
3430 <para role="historic">&man.watch.8; now takes a <option>-f</option> option to
3431 specify a &man.snp.4; device to use. &merged;</para>
3433 <para>&man.wc.1; now supports a <option>-m</option> flag to
3434 count characters, rather than bytes.</para>
3436 <para>&man.whereis.1;, formerly a Perl script, has been
3437 rewritten in C. It now supports a <option>-x</option> flag to
3438 suppress the run of &man.locate.1;, and a <option>-q</option>
3439 flag suppresses the leading name of the query.</para>
3441 <para>&man.whereis.1; now supports a <option>-a</option> flag
3442 to report all matches instead of only the first of each
3443 requested type.</para>
3445 <para>&man.which.1; is now a C program, rather than a Perl
3448 <para>&man.who.1; now has a number of new options:
3449 <option>-H</option> shows column headings; <option>-T</option>
3450 shows &man.mesg.1; state; <option>-m</option> is an equivalent
3451 to <option>am i</option>; <option>-u</option> shows idle time;
3452 <option>-q</option> to list names in columns. &merged;</para>
3454 <para role="historic">&man.whois.1; now directs queries for IP addresses to ARIN.
3455 If a query to ARIN references APNIC or RIPE, the appropriate
3456 server will also be queried, provided that the
3457 <option>-Q</option> option is not specified. &merged;</para>
3459 <para role="historic">&man.whois.1; supports a <option>-c</option> option to
3460 specify a country code to help direct queries towards a
3461 particular whois server. &merged;</para>
3463 <para>&man.wicontrol.8; now supports a <option>-l</option> to list
3464 the stations associated in <literal>hostap</literal> mode and a
3465 <option>-L</option> to list available access points.</para>
3467 <para>&man.xargs.1; now supports a <option>-I</option>
3468 <replaceable>replstr</replaceable> option that allows the user
3469 to tell &man.xargs.1; to insert the data read from standard
3470 input at specific points in the command line arguments rather
3471 than at the end. (A &os;-specific <option>-J</option> option is
3472 similar, but is now deprecated in favor of the more portable
3473 <option>-I</option> option.) &merged;</para>
3475 <para>&man.xargs.1; now supports a <option>-L</option> option to
3476 force its utility argument to be called after some number of
3477 lines. &merged;</para>
3479 <para role="historic">The compiler chain now uses the FSF-supplied C/C++ runtime
3480 initialization code. This change brings about better
3481 compatibility with code generated from the various egcs and gcc
3482 ports, as well as the stock public FSF source. &merged;</para>
3484 <para role="historic">The threads library has gained some signal handling changes,
3485 bug fixes, and performance enhancements (including zero system
3486 call thread switching). &man.gdb.1; thread support has been
3487 updated to match these changes. &merged;</para>
3489 <para role="historic">Significant additions have been made to internationalization
3490 support; &os; now has complete locale support for the
3491 <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>,
3492 and <literal>LC_MESSAGES</literal> categories. A number of
3493 applications have been updated to take advantage of this
3494 support. &merged;</para>
3496 <para role="historic">Locale names have been changed to improve compatibility with
3497 the names used by X11R6, as well as a number of other UNIX
3498 versions. As an example, the
3499 <literal>en_US.ISO_8859-1</literal> locale name has been changed
3501 <literal>en_US.ISO8859-1</literal>. Entries in
3502 <filename>/etc/locale.alias</filename> provide backward
3503 compatibility. &merged;</para>
3505 <para role="historic"><filename>/usr/src/share/examples/BSD_daemon/</filename> now
3506 contains a scalable Beastie graphic. &merged;</para>
3508 <para role="historic">As part of an ongoing process, many manual pages were
3509 improved, both in terms of their formatting markup and in their
3510 content. &merged;</para>
3512 <para>A number of utilities and libraries were enhanced to improve
3513 their conformance with the Single UNIX Specification (SUSv3) and
3514 IEEE Std 1003.1-2001 (<quote>POSIX.1</quote>). Specific
3515 features added have been listed in the release notes for each
3516 utility. The standards conformance of each utility or library
3517 function is generally listed in its manual page.</para>
3520 <title>Contributed Software</title>
3522 <para><application>am-utils</application> has been updated to
3525 <para>A 10 February 2002 snapshot of <application>awk</application> from Bell Labs (variously
3526 known as <quote>BWK awk</quote> or <quote>The One True
3527 AWK</quote>) has been imported. It is available as
3528 <command>awk</command> or
3529 <command>nawk</command>.</para>
3531 <para role="historic"><application>bc</application> has been updated from 1.04 to
3532 1.06. &merged;</para>
3534 <para role="historic">The ISC library from the <application>BIND</application>
3535 distribution is now built as
3536 <filename>libisc</filename>. &merged;</para>
3538 <para role="historic"><application>BIND</application> is now built with the
3539 <literal>NOADDITIONAL</literal> flag, which causes
3540 &man.named.8; to operate in a more consistent fashion for
3541 certain common misconfigurations. &merged;</para>
3543 <para><application>BIND</application> has been updated to
3544 8.3.3. &merged;</para>
3546 <para><application>Binutils</application> has been updated to
3547 2.12.1 (specifically, a post-release snapshot from 20 July 2002). &merged;</para>
3549 <para role="historic"><application>bzip2</application> 1.0.2 has been imported;
3550 this brings the &man.bzip2.1; program and the
3551 <filename>libbz2</filename> library to the base
3552 system. &merged;</para>
3554 <para role="historic">The &man.ee.1; <application>Easy Editor</application> has
3555 been updated to 1.4.2. &merged;</para>
3557 <para><application>file</application> has been updated to
3560 <para><application>gcc</application> has been updated to
3561 a pre-release snapshot of <application>gcc</application>
3562 3.2.1, from 1 September 2002.
3564 <para>The C++ ABI from <application>gcc</application>
3565 3.2.<replaceable>X</replaceable> is not compatible with
3566 previous versions.</para>
3570 <para role="historic">&man.gcc.1; now uses a unified <filename>libgcc</filename>
3571 rather than a separate one for threaded and non-threaded
3572 programs. <filename>/usr/lib/libgcc_r.a</filename> can be
3573 removed. &merged;</para>
3575 <para role="historic">&man.gcc.1; now supports the environment variable
3576 <envar>GCC_OPTIONS</envar>, which can hold a set of default
3577 options for <application>GCC</application>. &merged;</para>
3579 <para><application>gdb</application> has been updated to a
3580 snapshot of <application>gdb</application> 5.2 from 27 June
3583 <para role="historic"><application>GNATS</application> has been updated to
3584 3.113. &merged;</para>
3586 <para><application>gperf</application> has been updated to
3589 <para role="historic"><application>groff</application> and its related utilities
3590 have been updated to FSF version 1.17.2. This import brings
3591 in a new &man.mdoc.7; macro package (sometimes referred to as
3592 <literal>mdocNG</literal>), which removes many of the
3593 limitations of its predecessor. &merged;</para>
3595 <para><application>Heimdal Kerberos</application> has been updated to
3596 a pre-0.5 snapshot from 29 August 2002. &merged;</para>
3598 <para role="historic">The version of <application>IPFilter</application>
3599 provided with &os; now includes the &man.ipfs.8; program,
3600 which allows state information created for NAT entries and
3601 stateful rules to be saved to disk and restored after a
3602 reboot. Boot-time configuration of these features is
3603 supported by &man.rc.conf.5;. &merged;</para>
3605 <para role="historic">The <application>ISC DHCP</application> client has been
3606 updated to 3.0.1RC8. &merged;</para>
3608 <para role="historic"><application>Kerberos IV</application> has been updated to
3609 1.0.5. &merged;</para>
3611 <para>The &man.more.1; command has been replaced by
3612 &man.less.1;, although it can still be run as
3613 <command>more</command>. &merged; Version 371 of
3614 <application>less</application> has been imported.</para>
3616 <para><application>libpcap</application> has been updated to
3617 0.7.1. &merged;</para>
3619 <para><application>libreadline</application> has been updated to
3622 <para><application>libz</application> has been updated to
3625 <para><application>lint</application> has been updated to
3626 snapshot of NetBSD &man.lint.1; as of 19 July 2002.</para>
3628 <para><application>lukemftp</application> 1.6 beta 2 (the FTP client from
3629 NetBSD) has replaced the &os; &man.ftp.1; program. Among its
3630 new features are more automation methods, better standards
3631 compliance, transfer rate throttling, and a customizable
3632 command-line prompt. Some environment variables and
3633 command-line arguments have changed.</para>
3635 <para>The FTP daemon from NetBSD, otherwise known as
3636 <application>lukemftpd</application> 1.2 beta 1, has been imported and is
3637 available as &man.lukemftpd.8;. &merged;</para>
3639 <para>&man.m4.1; has been imported from OpenBSD, as of 26 April
3640 2002. &merged;</para>
3642 <para><application>ncurses</application> has been updated to
3643 5.2-20020615.</para>
3645 <para role="historic">The <application>NTP</application> suite of programs has
3646 been updated to 4.1.0. &merged;</para>
3648 <para><application>OpenPAM</application>
3649 (<quote>Citronella</quote> release) has been imported,
3651 <application>Linux-PAM</application>.</para>
3653 <para>The <application>OPIE</application> one-time-password
3654 suite has been updated to 2.4. It has completely
3655 replaced the functionality of
3656 <application>S/Key</application>. &merged;</para>
3658 <para><application>Perl</application> has been removed from the
3659 &os; base system. It can still be installed from the &os;
3660 Ports Collection or as a binary package; moving it out of the
3661 base system will make future upgrades and maintenence easier.
3662 To reduce the dependence of the base system on
3663 Perl, many utilities have been
3664 rewritten as shell scripts or C programs (specific notes are
3665 made for each affected utility).
3666 <filename>/usr/bin/perl</filename> is now a
3667 <quote>wrapper</quote> program, so that programs expecting to
3668 find a Perl interpreter there will
3669 be able to function correctly.
3672 <para>The Perl removal and
3673 package integration work is ongoing.</para>
3678 <para><application>GNU ptx</application> has been removed from
3679 the base system. It is not used anywhere in the base system,
3680 and has not been recently updated or maintained. Users
3681 requiring its functionality can install this utility as a part
3682 of the <filename role="package">textproc/textutils</filename>
3685 <para>The <literal>rc.d</literal> framework from NetBSD has been
3686 imported. It breaks down the system startup functionality
3687 into a number of small, <quote>task-oriented</quote> scripts
3688 in <filename>/etc/rc.d</filename>, with dynamic-determined
3689 ordering of startup scripts performed at boot-time.</para>
3691 <para role="historic">&man.routed.8; has been updated to version
3692 2.22. &merged;</para>
3694 <para arch="i386,pc98">Version 1.4.5 of the
3695 <application>smbfs</application> userland utilities has been
3696 imported. &merged;</para>
3698 <para><application>GNU sort</application> has been updated to
3699 the version from <application>GNU textutils
3700 2.0.21</application>.</para>
3702 <para>&man.stat.1; from <application>NetBSD</application>, as of
3703 5 June 2002 has, been imported.</para>
3705 <para><application>GNU tar</application> has been updated to
3706 1.13.25. &merged;</para>
3708 <para><application>tcpdump</application> has been updated to
3709 3.7.1. &merged;</para>
3711 <para>The &man.csh.1; shell has been replaced by &man.tcsh.1;,
3712 although it can still be run as <command>csh</command>.
3713 <application>tcsh</application> has been updated to version
3714 6.12. &merged;</para>
3716 <para>The contributed version of
3717 <application>tcp_wrappers</application> now includes the
3718 &man.tcpd.8; helper daemon. While not strictly necessary in a
3719 standard &os; installation (because &man.inetd.8; already
3720 incorporates this functionality), this may be useful for
3721 &man.inetd.8; replacements such as
3722 <application>xinetd</application>. &merged;</para>
3724 <para><application>texinfo</application> has been updated to
3725 4.2. &merged;</para>
3727 <para><application>top</application> has been updated to version
3728 3.5b12. &merged;</para>
3730 <para><application>traceroute</application> has been updated to
3731 LBL version 1.4a12.</para>
3733 <para role="historic">&man.traceroute.8; now takes its default maximum TTL value
3734 from the <varname>net.inet.ip.ttl</varname> sysctl
3735 variable. &merged;</para>
3737 <para role="historic">The timezone database has been updated to the
3738 <filename>tzdata2002c</filename> release. &merged;</para>
3743 <para><application>cvs</application> has been updated to
3746 <para role="historic">The default value for &man.cvs.1;'s
3747 <envar>CVS_RSH</envar> variable is now
3748 <literal>ssh</literal>, rather than
3749 <literal>rsh</literal>. &merged;</para>
3751 <para role="historic">&man.cvs.1; now supports a <option>-T</option> option to
3752 update a sandbox's <filename>CVS/Template</filename> file
3753 from the repository. &merged;</para>
3755 <para role="historic">&man.cvs.1; <literal>diff</literal> now supports the
3756 <option>-j</option> option to perform differences against a
3757 revision relative to a branch tag. &merged;</para>
3761 <title>CVSup</title>
3763 <para role="historic"><application>CVSup</application>, a frequently used
3764 utility in the &os; Ports Collection, was formerly
3765 installable using several ports and packages. The
3766 <filename role="package">net/cvsup-bin</filename> and
3767 <filename role="package">net/cvsupd-bin</filename>
3768 ports/packages are no longer necessary or available; the
3769 <filename role="package">net/cvsup</filename> port should be
3770 used instead. &merged;</para>
3772 <para role="historic"><application>CVSup</application> has been updated to
3773 16.1_3, which is available in the &os; Ports Collection as
3774 <filename role="package">net/cvsup</filename>. This update
3775 fixes a long-standing (but only recently encountered) bug
3776 which affects the timestamps on all files after Sun Sep 9
3777 01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX
3778 epoch). &merged;</para>
3781 <sect4 id="kame-userland">
3784 <para role="historic">The IPv6 stack is now based on a snapshot based on the
3785 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of
3786 the items listed in this section are a result of this
3788 <xref linkend="kame-kernel"> lists kernel updates to the
3789 KAME IPv6 stack. &merged;</para>
3791 <para role="historic">&man.faithd.8; now supports a configuration file for
3792 access control. &merged;</para>
3794 <para role="historic">&man.ifconfig.8; can now perform the functions of
3795 gifconfig(8). &merged;</para>
3797 <para role="historic">&man.ifconfig.8; can now perform the functions of
3798 prefix(8). &merged;</para>
3800 <para role="historic">&man.ndp.8; now implements garbage collection for stale
3801 NDP entries, as described in RFC 2461 (Neighbor Discovery
3802 for IP Version 6 (IPv6)). &merged;</para>
3804 <para role="historic">pim6dd(8) and pim6sd(8) have been removed due
3805 to restrictive licensing conditions. These programs are
3806 available in the ports collection as
3807 <filename role="package">net/pim6dd</filename> and
3808 <filename role="package">net/pim6sd</filename>. &merged;</para>
3810 <para role="historic">&man.route6d.8; now supports an <option>-n</option> flag
3811 to avoid updating the kernel forwarding
3812 table. &merged;</para>
3814 <para role="historic">The <option>-R</option> (router renumbering) option to
3815 &man.rtadvd.8; is currently ignored. &merged;</para>
3819 <title>OpenSSH</title>
3821 <para role="historic"><application>OpenSSH</application> has been updated to
3822 2.9, which provides support for the SSH2 protocol (now the
3823 default) and DSA keys. &man.ssh-add.1; and
3824 &man.ssh-agent.1; can now handle DSA keys, with support for
3825 authentication forwarding.
3826 <application>OpenSSH</application> users in the USA no
3827 longer need to rely on the restrictively-licensed RSAREF
3828 toolkit which is required to handle RSA keys. Among other
3829 new features: A client and server for &man.sftp.1; has been added.
3830 &man.scp.1; can now handle files larger than 2 GBytes. A
3831 limit on the number of outstanding, unauthenticated
3832 connections in &man.sshd.8; has been added. Support has
3833 been added for the Rijndael encryption algorithm. Rekeying
3834 of existing sessions is now supported, and an experimental
3835 <application>SOCKS4</application> proxy has been added to
3836 &man.ssh.1;. &merged;</para>
3838 <para><application>OpenSSH</application> has been updated to
3839 version 3.1. &merged; Among the changes:
3842 <para>The <filename>*2</filename> files are obsolete
3844 <filename>~/.ssh/known_hosts</filename> can hold the
3846 <filename>~/.ssh/known_hosts2</filename>).</para>
3849 <para>&man.ssh-keygen.1; can import and export keys using
3850 the SECSH Public Key File Format, for key exchange
3851 with several commercial SSH implementations.</para>
3854 <para>&man.ssh-add.1; now adds all three default keys.</para>
3857 <para>&man.ssh-keygen.1; no longer defaults to a
3858 specific key type; one must be specified with the
3859 <option>-t</option> option.</para>
3864 <para><application>OpenSSH</application> has been updated to
3865 3.4p1. &merged; The main changes are:
3868 <para>A <quote>privilege separation</quote> feature,
3869 which uses unprivileged processes to contain and
3870 restrict the effects of future compromises or
3871 programming errors.</para>
3875 <para>Several bugfixes, including closure of a
3876 security hole that could lead to an integer overflow
3877 and undesired privilege escalation.</para>
3882 <para role="historic"><application>OpenSSH</application> can now authenticate
3883 using <application>OPIE</application> passwords. &merged;</para>
3885 <para role="historic"><application>PAM</application> support for
3886 <application>OpenSSH</application> has been added. &merged;</para>
3888 <para role="historic">A long-standing bug in
3889 <application>OpenSSH</application>, which sometimes resulted
3890 in a dropped session when an X11-forwarded client was
3891 closed, was fixed. &merged;</para>
3893 <para role="historic"><application>Kerberos</application> compatibility has
3895 <application>OpenSSH</application>. &merged;</para>
3897 <para role="historic"><application>OpenSSH</application> has been modified to
3898 be more resistant to traffic analysis by requiring that
3899 <quote>non-echoed</quote> characters are still echoed back
3900 in a null packet, as well as by padding passwords sent so as
3901 not to hint at password lengths. &merged;</para>
3903 <para role="historic">&man.sshd.8; is now enabled by default on new
3904 installs. &merged;</para>
3906 <para role="historic">&man.sshd.8; <literal>X11Forwarding</literal> is now
3907 turned on by default on the server (any risk is to the
3908 client, where it is already disabled by
3909 default). &merged;</para>
3911 <para role="historic">In <filename>/etc/ssh/sshd_config</filename>, the
3912 <literal>ConnectionsPerPeriod</literal> parameter has been
3913 deprecated in favor of
3914 <literal>MaxStartups</literal>. &merged;</para>
3916 <para role="historic"><application>OpenSSH</application> now has a
3917 <literal>VersionAddendum</literal> configuration setting for
3918 &man.sshd.8; to allow changing the part of the
3919 <application>OpenSSH</application> version string after the
3920 main version number. &merged;</para>
3924 <title>OpenSSL</title>
3926 <para><application>OpenSSL</application> has been updated to
3927 0.9.6g. &merged;</para>
3929 <para role="historic"><application>OpenSSL</application> now has support for
3930 machine-dependent ASM optimizations, activated by the new
3931 <varname>MACHINE_CPU</varname> and/or
3932 <varname>CPUTYPE</varname>
3933 <filename>make.conf</filename> variables. &merged;</para>
3937 <title>sendmail</title>
3939 <para><application>sendmail</application> has been updated
3940 from version 8.9.3 to version 8.12.6. Important changes
3941 include: &man.sendmail.8; is no longer installed as a
3942 set-user-ID <username>root</username> binary (now set-group-ID <groupname>smmsp</groupname>); new
3943 default file locations (see
3944 <filename>/usr/src/contrib/sendmail/cf/README</filename>);
3945 &man.newaliases.1; is limited to <username>root</username>
3946 and trusted users; STARTTLS encryption; and the MSA port
3947 (587) is turned on by default. See
3948 <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename>
3949 for more information. &merged;</para>
3951 <para role="historic">&man.mail.local.8; is no longer installed as a
3952 set-user-ID binary. If you are using a
3953 <filename>/etc/mail/sendmail.cf</filename> from the default
3954 <filename>sendmail.cf</filename> included with &os; any time
3955 after 3.1.0, you are fine. If you are using a
3956 hand-configured <filename>sendmail.cf</filename> and
3957 <command>mail.local</command> for delivery, check to make sure the
3958 <literal>F=S</literal> flag is set on the
3959 <literal>Mlocal</literal> line. Those with
3960 <filename>.mc</filename> files who need to add the flag can
3961 do so by adding the following line to their
3962 <filename>.mc</filename> file and regenerating the
3963 <filename>sendmail.cf</filename> file:</para>
3965 <programlisting role="historic">MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting>
3967 <para role="historic">Note that <literal>FEATURE(`local_lmtp')</literal> already
3968 does this. &merged;</para>
3970 <para role="historic">The default <filename>/etc/mail/sendmail.cf</filename>
3971 disables the SMTP <literal>EXPN</literal> and
3972 <literal>VRFY</literal> commands. &merged;</para>
3974 <para role="historic">&man.vacation.1; has been updated to use the version
3975 included with <application>sendmail</application>. &merged;</para>
3977 <para role="historic">The <application>sendmail</application> configuration
3978 building tools are installed in
3979 <filename>/usr/share/sendmail/cf/</filename>. &merged;</para>
3981 <para role="historic">New <filename>make.conf</filename> options:
3982 <varname>SENDMAIL_MC</varname> and
3983 <varname>SENDMAIL_ADDITIONAL_MC</varname>. See
3984 <filename>/usr/share/examples/etc/make.conf</filename> for more
3985 information. &merged;</para>
3987 <para role="historic"><filename>/etc/mail/Makefile</filename> now supports:
3988 the new <varname>SENDMAIL_MC</varname>
3989 <filename>make.conf</filename> option; the ability to build
3990 <filename>.cf</filename> files from
3991 <filename>.mc</filename> files; generalized map rebuilding;
3992 rebuilding the aliases file; and the ability to stop, start,
3994 <application>sendmail</application>. &merged;</para>
3996 <para role="historic">The <username>smmsp</username> and
3997 <username>mailnull</username> users have been added to
3998 <filename>/etc/master.passwd</filename>. In the absence of a
3999 <literal>confDEF_USER_ID</literal> setting, by default,
4000 <application>sendmail</application> will use the
4001 <username>mailnull</username> user for extra security.
4002 Previously, if the <username>mailnull</username> user did
4003 not exist, the <username>daemon</username> user was used.
4004 This change may generate some permissions issues when
4005 mailing to files or to programs (such as <filename
4006 role="package">mail/majordomo</filename>). &merged; The
4007 previous behavior can be restored by adding the following
4009 <filename><replaceable>*</replaceable>.mc</filename>
4012 <programlisting>define(`confDEF_USER_ID', `daemon')</programlisting>
4015 <para role="historic">Beginning with the import of
4016 <application>sendmail</application> 8.12.2, multiple
4017 <application>sendmail</application> daemons (some required
4018 to handle outgoing mail) are started by &man.rc.8;, even if
4019 the <varname>sendmail_enable</varname> variable is set to
4020 <literal>NO</literal>. To completely disable
4021 <application>sendmail</application>,
4022 <varname>sendmail_enable</varname> must be set to
4023 <literal>NONE</literal>. Alternatively, for systems using a
4024 different MTA, the <varname>mta_start_script</varname> variable can
4025 be used to point to a different startup script (more details
4026 can be found in &man.rc.sendmail.8;). &merged;</para>
4028 <para>By default, &man.rc.8; no longer enables
4029 <application>sendmail</application> for inbound SMTP
4030 connections. Note that &man.sysinstall.8; may override this
4031 default for a binary installation, based on what security
4032 profile is selected. This functionality can also be
4033 manually enabled by adding the following line to
4034 <filename>/etc/rc.conf</filename>:</para>
4036 <programlisting>sendmail_enable="YES"</programlisting>
4038 <para>The permissions for <application>sendmail</application>
4039 alias and map databases built via
4040 <filename>/etc/mail/Makefile</filename> now default to mode
4041 0640 to protect against a file locking local denial of service.
4042 It can be changed by setting the new
4043 <varname>SENDMAIL_MAP_PERMS</varname>
4044 <filename>make.conf</filename> option. &merged;</para>
4046 <para>The permissions for the <application>sendmail</application>
4047 statistics file, <filename>/var/log/sendmail.st</filename>, have
4048 been changed from mode 0644 to mode 0640 to protect against
4049 a file locking local denial of service. &merged;</para>
4055 <title>Ports/Packages Collection Infrastructure</title>
4057 <para><application>BSDPAN</application>, a collection of modules
4058 that provides tighter integration of
4059 <application>Perl</application> into the &os; Ports
4060 Collection, has been added.</para>
4062 <para role="historic">&man.pkg.create.1; and &man.pkg.add.1; can now work with
4063 packages that have been compressed using
4064 &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT
4065 environment variable to determine a mirror site for new
4066 packages. &merged;</para>
4068 <para role="historic">&man.pkg.create.1; now records dependencies in dependency
4069 order rather than in the order specified on the command line.
4070 This improves the functioning of <command>pkg_add
4071 -r</command>. &merged;</para>
4073 <para role="historic">&man.pkg.create.1; now supports a <option>-b</option> to
4074 create a package file from a locally-installed
4075 package. &merged;</para>
4077 <para role="historic">When requested to delete multiple packages,
4078 &man.pkg.delete.1; will now attempt to remove them in
4079 dependency order rather than the order specified on the
4080 command line. &merged;</para>
4082 <para role="historic">&man.pkg.delete.1; now can perform glob/regexp matching of
4083 package names. In addition, it supports a <option>-a</option>
4084 option for removing all packages and a <option>-i</option>
4085 option for &man.rm.1;-style interactive
4086 confirmation. &merged;</para>
4088 <para role="historic">&man.pkg.delete.1; now supports a <option>-r</option>
4089 option for recursive package removal. &merged;</para>
4091 <para role="historic">&man.pkg.info.1; now supports globbing against names of
4092 installed packages. The <option>-G</option> option disables
4093 this behavior, and the <option>-x</option> option causes
4094 regular expression matching instead of shell
4095 globbing. &merged;</para>
4097 <para role="historic">&man.pkg.info.1; can now accept a <option>-g</option> flag
4098 for verifying an installed package against its recorded
4099 checksums (to see if it's been modified post-installation).
4100 Naturally, this mechanism is only as secure as the contents of
4101 <filename>/var/db/pkg</filename> if it's to be used for auditing
4102 purposes. &merged;</para>
4104 <para role="historic">&man.pkg.sign.1; and &man.pkg.check.1; have been added to
4105 digitally sign and verify the signatures on binary package
4106 files. &merged;</para>
4108 <para>For some time, &os; 5.0-CURRENT (as well as some 4.X
4109 releases) included a pkg_update(1) utility to update installed
4110 packages, as well as their dependencies. This utility has
4111 been removed; a superset of its functionality can be found in
4112 the <filename role="package">sysutils/portupgrade</filename>
4115 <para role="historic">&man.pkg.version.1; now has a version number comparison
4116 routine that corresponds to the Porters Handbook. It also has
4117 a <option>-t</option> option for testing address comparisons.
4120 <para role="historic">&man.pkg.version.1; now takes a <option>-s</option> flag
4121 to limit its operation to ports/packages matching a given
4122 string. &merged;</para>
4124 <para>&man.pkg.version.1;, formerly a Perl script, has been
4125 rewritten in C.</para>
4127 <para role="historic">Version numbers of installed packages have a new
4128 (backward-compatible) syntax, which supports the
4129 <varname>PORTREVISION</varname> and
4130 <varname>PORTEPOCH</varname> variables in Ports Collection
4131 <filename>Makefile</filename>s. These changes help keep track
4132 of changes in the ports collection entries such as security
4133 patches or &os;-specific updates, which aren't reflected in
4134 the original, third-party software distributions.
4135 &man.pkg.version.1; can now compare these new-style version
4136 numbers. &merged;</para>
4138 <para role="historic">To improve performance and disk utilization, the
4139 <quote>ports skeletons</quote> in the &os; Ports Collection
4140 have been restructured. Installed ports and packages should
4141 not be affected. &merged;</para>
4143 <para role="historic">All packages and ports now contain an
4144 <quote>origin</quote> directive, which makes it easier for
4145 programs such as &man.pkg.version.1; to determine the
4146 directory from which a package was built. &merged;</para>
4148 <para>The Ports Collection infrastructure now uses
4149 <application>XFree86</application> 4.2.1 as the default version
4150 of the X Window System for the purposes of satisfying
4151 dependencies. To return to using
4152 <application>XFree86</application> 3.3.6, add the following line
4153 to <filename>/etc/make.conf</filename>: &merged;</para>
4155 <programlisting>XFREE86_VERSION=3</programlisting>
4157 <para>The libraries installed by the <filename
4158 role="package">emulators/linux_base</filename> port (required
4159 for Linux emulation) have been updated; they now correspond to
4160 those included with <application>Red Hat Linux</application>
4161 7.1. &merged;</para>
4163 <para>By default, packages generated by the Ports Collection (as
4164 well as the packages on the FTP sites) are now compressed
4165 using &man.bzip2.1;, rather than &man.gzip.1;. (Thus, they
4166 now have a <filename>.tbz</filename> extension, rather than a
4167 <filename>.tgz</filename> extension.) The package
4168 tools have been updated to handle the new format. &merged;</para>
4173 <title>Release Engineering and Integration</title>
4175 <para>The <filename>bin</filename> distribution has been renamed
4176 <filename>base</filename>, in order to make creation of combined
4177 install/recovery disks easier.</para>
4179 <para arch="i386">ISO images and CDROMs now use the
4180 <filename>cdboot</filename> boot loader by default. This
4181 eliminates the need for an emulated floppy disk image on
4182 a bootable CDROM and allows for a full
4183 <filename>GENERIC</filename> kernel to be used for CDROM
4184 installations, at the expense of compatability with some old
4187 <para arch="i386,pc98,alpha" role="historic"><application>XFree86</application> 4.2.0
4188 is now the default version of the X Window System supported by
4189 &man.sysinstall.8;. It installs
4190 <application>XFree86</application> as a set of standard binary
4191 packages, so the usual package utilities such as
4192 &man.pkg.info.1; can be used to examine/manipulate its
4193 components. &merged;</para>
4195 <para>It is now possible to make releases of &os;
4196 5-CURRENT on a &os; 4-STABLE host and vice versa. Cross-architecture
4197 (building a release for a target architecture on a host of a
4198 different architecture) releases are also possible. See
4199 &man.release.7; for details. &merged;</para>
4201 <para>A third <filename>drivers.flp</filename> floppy has been
4202 added to floppy releases. It holds loadable modules
4203 containing drivers that do not fit in the kernel on the
4204 <filename>kern.flp</filename> disk or in the
4205 <filename>mfsroot.flp</filename> image.</para>
4209 <title>Documentation</title>
4211 <para>A number of formerly-encumbered documents from the 4.4 BSD
4212 Programmer's Supplementary Documents have been restored to
4213 <filename>/usr/share/doc/psd</filename>. These include:</para>
4217 <para><emphasis>The UNIX Time-Sharing System</emphasis>
4218 (<filename>01.cacm</filename>)</para>
4222 <para><emphasis>UNIX Implementation</emphasis>
4223 (<filename>02.implement</filename>)</para>
4227 <para><emphasis>The UNIX I/O System</emphasis>
4228 (<filename>03.iosys</filename>)</para>
4232 <para><emphasis>UNIX Programming — Second Edition</emphasis>
4233 (<filename>04.uprog</filename>)</para>
4237 <para><emphasis>The C Programming Language — Reference Manual</emphasis>
4238 (<filename>06.Clang</filename>)</para>
4242 <para><emphasis>Yacc: Yet Another Compiler-Compiler</emphasis>
4243 (<filename>15.yacc</filename>)</para>
4247 <para><emphasis>Lex — A Lexical Analyzer Generator</emphasis>
4248 (<filename>16.lex</filename>)</para>
4252 <para><emphasis>The M4 Macro Processor</emphasis>
4253 (<filename>17.m4</filename>)</para>
4257 <para>Several formerly-encumbered documents from the 4.4 BSD
4258 User's Supplementary Documents have been restored to
4259 <filename>/usr/share/doc/usd</filename>. They include:</para>
4263 <para><emphasis>NROFF/TROFF User's Manual</emphasis>
4264 (<filename>21.troff</filename>)</para>
4268 <para><emphasis>A TROFF Tutorial</emphasis>
4269 (<filename>22.trofftut</filename>)</para>
4277 <title>Upgrading from previous releases of &os;</title>
4279 <para>If you're upgrading from a previous release of &os;, you
4280 generally will have three options:
4284 <para>Using the binary upgrade option of &man.sysinstall.8;.
4285 This option is perhaps the quickest, although it presumes
4286 that your installation of &os; uses no special compilation
4290 <para>Performing a complete reinstall of &os;. Technically,
4291 this is not an upgrading method, and in any case is usually less
4292 convenient than a binary upgrade, in that it requires you to
4293 manually backup and restore the contents of
4294 <filename>/etc</filename>. However, it may be useful in
4295 cases where you want (or need) to change the partitioning of
4299 <para>From source code in <filename>/usr/src</filename>. This
4300 route is more flexible, but requires more disk space, time,
4301 and technical expertise. More information can be found
4303 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html"><quote>Using
4304 <command>make world</command></quote></ulink> section of the <ulink
4305 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD
4306 Handbook</ulink>. Upgrading from very old
4307 versions of &os; may be problematic; in cases like this, it
4308 is usually more effective to perform a binary upgrade or a
4309 complete reinstall.</para>
4314 <para>Please read the <filename>INSTALL.TXT</filename> file for more
4315 information, preferably <emphasis>before</emphasis> beginning an
4316 upgrade. If you are upgrading from source, please be sure to read
4317 <filename>/usr/src/UPDATING</filename> as well.</para>
4319 <para>Finally, if you want to use one of various means to track the
4320 -STABLE or -CURRENT branches of &os;, please be sure to consult
4322 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html"><quote>-CURRENT
4323 vs. -STABLE</quote></ulink> section of the <ulink
4324 url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/">FreeBSD
4325 Handbook</ulink>.</para>
4328 <para>Upgrading &os; should, of course, only be attempted after
4329 backing up <emphasis>all</emphasis> data and configuration