FreeBSD/ia64 5.1-RELEASE Release Notes
The FreeBSD Project
Copyright (c) 2000, 2001, 2002, 2003 by The FreeBSD Documentation Project
$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.573
2003/05/28 21:01:22 hrs Exp $
The release notes for FreeBSD 5.1-RELEASE contain a summary of recent
changes made to the FreeBSD base system on the 5-CURRENT development
branch. This document lists applicable security advisories that were
issued since the last release, as well as significant changes to the
FreeBSD kernel and userland. Some brief remarks on upgrading are also
presented.
----------------------------------------------------------------------
Table of Contents
1 Introduction
2 What's New
2.1 Security Advisories
2.2 Kernel Changes
2.2.1 Processor/Motherboard Support
2.2.2 Boot Loader Changes
2.2.3 Network Interface Support
2.2.4 Network Protocols
2.2.5 Disks and Storage
2.2.6 File Systems
2.2.7 PCCARD Support
2.2.8 Multimedia Support
2.3 Userland Changes
2.4 Contributed Software
2.5 Ports/Packages Collection Infrastructure
2.6 Release Engineering and Integration
2.7 Documentation
3 Upgrading from previous releases of FreeBSD
----------------------------------------------------------------------
1 Introduction
This document contains the release notes for FreeBSD 5.1-RELEASE on the
IA-64 hardware platform. It describes recently added, changed, or deleted
features of FreeBSD. It also provides some notes on upgrading from
previous versions of FreeBSD.
This distribution of FreeBSD 5.1-RELEASE is a release distribution. It can
be found at ftp://ftp.FreeBSD.org/ or any of its mirrors. More information
on obtaining this (or other) release distributions of FreeBSD can be found
in the ``Obtaining FreeBSD'' appendix to the FreeBSD Handbook.
Users who are new to the 5-CURRENT series of FreeBSD releases should also
read the ``Early Adopters Guide to FreeBSD 5.1-RELEASE''. This document
can generally be found in the same location as the release notes (either
as a part of a FreeBSD distribution or on the FreeBSD Web site). It
contains important information regarding the advantages and disadvantages
of using FreeBSD 5.1-RELEASE, as opposed to releases based on the FreeBSD
4-STABLE development branch.
All users are encouraged to consult the release errata before installing
FreeBSD. The errata document is updated with ``late-breaking'' information
discovered late in the release cycle or after the release. Typically, it
contains information on known bugs, security advisories, and corrections
to documentation. An up-to-date copy of the errata for FreeBSD 5.1-RELEASE
can be found on the FreeBSD Web site.
----------------------------------------------------------------------
2 What's New
This section describes many of the user-visible new or changed features in
FreeBSD since 5.0-RELEASE. It includes items that are unique to the
5-CURRENT branch, as well as some features that may have been recently
merged to other branches (after FreeBSD 5.0-RELEASE). The latter items are
marked as [MERGED].
Typical release note items document recent security advisories issued
after 5.0-RELEASE, new drivers or hardware support, new commands or
options, major bug fixes, or contributed software upgrades. They may also
list changes to major ports/packages or release engineering practices.
Clearly the release notes cannot list every single change made to FreeBSD
between releases; this document focuses primarily on security advisories,
user-visible changes, and major architectural improvements.
----------------------------------------------------------------------
2.1 Security Advisories
A remotely exploitable vulnerability in CVS has been corrected with the
import of version 1.11.5. More details can be found in security advisory
FreeBSD-SA-03:01. [MERGED]
A timing-based attack on OpenSSL, which could allow a very powerful
attacker access to plaintext under certain circumstances, has been
prevented via an upgrade to OpenSSL 0.9.7. See security advisory
FreeBSD-SA-03:02 for more details. [MERGED]
The security and performance of the ``syncookies'' feature has been
improved to decrease the chance of an attacker being able to spoof
connections. More details are given in security advisory FreeBSD-SA-03:03.
[MERGED]
Remotely-exploitable buffer overflow vulnerabilities in sendmail have been
fixed by updating sendmail. For more details, see security advisory
FreeBSD-SA-03:04 and FreeBSD-SA-03:07. [MERGED]
A bounds-checking bug in the XDR implementation, which could allow a
remote attacker to cause a denial-of-service, has been fixed. For more
details see security advisory FreeBSD-SA-03:05. [MERGED]
Two recently-publicized flaws in OpenSSL have been corrected. For more
details, see security advisory FreeBSD-SA-03:06. [MERGED]
----------------------------------------------------------------------
2.2 Kernel Changes
devfs(5) is now mandatory; the NODEVFS option has been removed from the
set of possible kernel configuration options.
An ehci(4) driver has been added; it supports the USB Enhanced Host
Controller Interface used by USB 2.0 controllers.
A minor bug in the permissions handling of /dev/tty has been fixed. As a
result, ssh(1) can now be used after su(1).
A bug that caused fstat(2) to return 0 as the number of bytes available to
read from a TCP socket has been fixed.
A bug that caused kqueue(2) to report 0 as the number of bytes available
to read from a TCP socket has been fixed. The NOTE_LOWAT flag for
EVFILT_READ has been fixed.
Linux emulation mode now supports IPv6.
madvise(2) now supports a MADV_PROTECT behavior, which informs the virtual
memory system that a process is critical and should not be killed when
swap space has been exhausted. The process must be owned by the superuser.
A second process scheduler, designed to be a general purpose scheduler
with many SMP benefits, has been added to the scheduler framework. Exactly
one scheduler must be specified in a kernel configuration. The original
scheduler may be selected using options SCHED_4BSD. The newer
(experimental) scheduler can be selected by using options SCHED_ULE.
Device major numbers are now allocated dynamically by default. This change
greatly decreases the need for a static, centralized table of major number
assignments to device drivers (a few drivers retain their old static major
numbers for compatibility), and also reduces the possibility of running
out of device major numbers.
----------------------------------------------------------------------
2.2.1 Processor/Motherboard Support
----------------------------------------------------------------------
2.2.2 Boot Loader Changes
The /modules directory (once the default location for modules on FreeBSD
4.X) is no longer a part of the default kern.module_path. Third-party
modules should be placed in /boot/modules.
Note: Modules designed for use with FreeBSD 4.X are likely to panic when
loaded into a FreeBSD 5.1-RELEASE kernel and should be used with extreme
caution.
----------------------------------------------------------------------
2.2.3 Network Interface Support
The cm driver now supports IPX. [MERGED]
A new wlan(4) module provides 802.11 link-layer support. The wi(4) and
an(4) drivers now use this facility.
----------------------------------------------------------------------
2.2.4 Network Protocols
ipfw(4) skipto rules can once again be used with the log keyword. ipfw(4)
uid rules are once again working.
It is now possible to build the FAST_IPSEC and INET6 options into the same
kernel. (They still cannot be used together, however.)
A bug in TCP NewReno, which caused premature exit from fast recovery when
NewReno was enabled, has been fixed. [MERGED]
TCP now has support for the ``Limited Transmit'' mechanism proposed by RFC
3042. This feature is intended to improve the effectiveness of TCP loss
recovery in certain circumstances. It is off by default but can be enabled
with the net.inet.tcp.rfc3042 sysctl variable. More information can be
found in tcp(4).
TCP now has support for increased initial congestion window sizes as
described in RFC 3390. This feature can improve the throughput of short
transfers, as well as high-bandwidth, large propagation-delay connections.
It is off by default but can be enabled with the net.inet.tcp.rfc3390
sysctl variable. More information can be found in tcp(4).
The IP fragment reassembly code behaves more gracefully when receiving a
large number of packet fragments (it is designed to be more resistant to
fragment-based denial of service attacks). [MERGED]
TCP connections in the TIME_WAIT state now use a special protocol control
block that uses less space than a full-blown TCP PCB. This allows some of
the data structures and resources used by such a connection to be freed
earlier.
It is now possible to specify the range of ``privileged ports'' (TCP and
UDP ports that require superuser access to bind(2) to). The range is now
specified with the net.inet.ip.portrange.reservedlow and
net.inet.ip.portrange.reservedhigh sysctl variables, defaulting to the
traditional UNIX behavior. This feature is intended to help network
servers bind to traditionally privileged ports without requiring superuser
access. ip(4) has more details.
Some bugs in the non-blocking RPC code has been fixed. As a result, amd(8)
users are now able to mount volumes from a 5.1-RELEASE server.
Support for XNS networking, which has not worked correctly for almost
seven years, has been removed.
----------------------------------------------------------------------
2.2.5 Disks and Storage
The aac(4) driver now runs free of the Giant kernel lock. This change has
given a nearly 20% performance speedup on an SMP system running multiple
I/O intensive loads.
The ata(4) driver now supports all known SiS chipsets. (More details can
be found in the Hardware Notes.)
The ata(4) driver now supports the Promise SATA150 TX2 and TX4 Serial
ATA/150 controllers.
The ata(4) driver now flushes devices on shutdown. This change may result
in failure messages being printed on the console for devices that do not
support flushing.
The CAM layer now has support for devices with more than 232 blocks.
(Assuming 512-byte blocks, this means support for devices larger than
2TB.)
Note: For users upgrading across this change, note that all userland
applications that talk to pass(4) or xpt(4) devices must be recompiled.
Examples of such programs are camcontrol(8) in the base system, the
sysutils/cdrtools port, and the multimedia/xmms port.
A number of changes have been made to the cd(4) driver. The primary
user-visible change is improved compatibility with ATAPI/USB/Firewire
CDROM drives.
geom(4) is now mandatory; the NO_GEOM has been removed from the set of
kernel configuration options.
The iir(4) driver has been updated; this update is believed to fix
problems detecting attached disks during installation.
A bug in the mly(4) driver that caused hangs has been corrected.
Support has been added for volume labels on UFS and UFS2 file systems.
These labels are strings that can be used to identify a volume, regardless
of what device it appears on. Labels can be set with the -L options to
newfs(8) or tunefs(8). With the GEOM_VOL module, volumes can be accessed
using their labels under /dev/vol.
The root file system can now be located on a vinum(4) volume. More
information can be found in the vinum(4) manual page.
----------------------------------------------------------------------
2.2.6 File Systems
A new DIRECTIO kernel option enables support for read operations that
bypass the buffer cache and put data directly into a userland buffer. This
feature requires that the O_DIRECT flag is set on the file descriptor and
that both the offset and length for the read operation are multiples of
the physical media sector size. [MERGED]
NETNCP and Netware File System Support (nwfs) are once again working.
Bugs that could cause the unmounting of a smbfs share to fail or cause a
kernel panic have been fixed.
----------------------------------------------------------------------
2.2.7 PCCARD Support
----------------------------------------------------------------------
2.2.8 Multimedia Support
----------------------------------------------------------------------
2.3 Userland Changes
adduser(8) now correctly handles setting user passwords containing special
shell characters.
adduser(8) now supports a -g option to set a user's default login group.
The bsdlabel(8) utility is a replacement for the older disklabel utility.
Like its predecessor, it installs, examines, or modifies the BSD label on
a disk partition, and can install bootstrap code. Compared to disklabel, a
number of obsolete options and parameters have been retired. A new -m
option instructs bsdlabel(8) to use the layout suitable for a specific
machine.
chgrp(1) and chown(8) now, when the owner/group is modified, print the old
and new uid/gid if the -v option is specified more than once.
config(8) now implements a nodevice kernel configuration file directive
that cancels the effect of a device directive. The new nooption and
nomakeoption directives cancel prior options and makeoptions directives,
respectively.
The diskinfo(8) utility has been added to show information about a disk
device and optionally to run a naive performance test.
The disklabel utility has been replaced by bsdlabel(8). On the alpha,
i386, and pc98 platforms, disklabel is a link to bsdlabel(8).
dump(8) now supports caching of disk blocks with the -C option. This can
improve dump performance at the cost of possibly missing file system
updates that occur between passes.
dumpfs(8) now supports a -m flag to print file system parameters in the
form of a newfs(8) command.
elfdump(1), a utility to display information about elf(5) format
executable files, has been added.
fetch(1) uses the .netrc support in fetch(3) and also supports a -N to
specify an alternate .netrc file.
fetch(3) now has support for .netrc files (see ftp(1) for more details).
ftpd(8) now supports a -h option to disable printing any host-specific
information, such as the ftpd(8) version or hostname, in server messages.
[MERGED]
ftpd(8) now supports a -P option to specify a port on which to listen in
daemon mode. The default data port number is now set to be one less than
the control port number, rather than being hard-coded. [MERGED]
ftpd(8) now supports an extended format of the /etc/ftpchroot file. Please
refer to the ftpchroot(5) manpage, which is now available, for details.
[MERGED]
ftpd(8) now supports login directory pathnames that specify simultaneously
a directory for chroot(2) and that to change to in the chrooted
environment. The /./ separator is used for this purpose, like in other FTP
daemons having this feature. It may be used in both ftpchroot(5) and
passwd(5). [MERGED]
fwcontrol(8) now supports -R and -S options for receiving and sending DV
streams. [MERGED]
The gstat(8) utility has been added to show the disk activity inside the
geom(4) subsystem.
ipfw(8) now supports enable and disable commands to control various
aspects of the operation of ipfw(4) (including enabling and disabling the
firewall itself). These provide a more convenient and visible interface
than the existing sysctl variables. [MERGED]
jail(8) now supports a -i flag to output an identifier for a newly-created
jail.
The jexec(8) utility has been added to execute a command inside an
existing jail.
The jls(8) utility has been added to list existing jails.
kenv(1) has been moved from /usr/bin to /bin to make it available at times
during system startup when only the root file system is mounted.
killall(1) now supports a -j option to kill all processes inside a jail.
The libgeom(3) library has been added to allow some userland access to the
geom(4) subsystem.
The mac_portacl MAC policy module has been added. It provides a simple ACL
mechanism to permit users and groups to bind ports for TCP or UDP, and is
intended to be used in conjunction with the recently-added
net.inet.ip.portrange.reservedhigh sysctl.
The MAKEDEV script is now unnecessary, due to the mandatory presence of
devfs(5), and has been removed.
mergemaster(8) now supports a -P option to preserve the contents of files
being replaced.
mixer(8) can now implement relative volume adjustments.
The mksnap_ffs(8) program has been added to allow easier creation of FFS
snapshots. It is a SUID-root executable designed for use by members of the
operator group.
mount(8) and umount(8) now accept a -F option to specify an alternate
fstab(5) file.
mount_nfs(8) now supports a -c flag to avoid doing a connect(2) for UDP
mount points. This option must be used if the server does not reply to
requests from the standard NFS port number 2049 or if it replies to
requests using a different IP address (which can occur if the server is
multi-homed). Setting the vfs.nfs.nfs_ip_paranoia sysctl to 0 will make
this option the default. [MERGED]
mount_nfs(8) now supports the noinet4 and noinet6 mount options to prevent
NFS mounts from using IPv4 or IPv6 respectively.
newfs(8) will now create UFS2 file systems by default, unless UFS1 is
specifically requested with the -O1 option.
newsyslog(8) has a number of new features. Among them:
* A W flag forces previously-started compression jobs for an entry (or
group of entries specified with the G flag) to finish before beginning
a new one. This feature is designed to prevent system overloads caused
by starting several compression jobs on big files simultaneously.
[MERGED]
* A ``default rotate action'', to be used for files specified for
rotation but not specified in the configuration file. [MERGED]
* A -s command-line flag to disable sending signals to processes when
rotating files. [MERGED]
* A N configuration file flag to indicate that no process needs to be
signaled when rotating a file. [MERGED]
* A U configuration file flag to specify that a process group (rather
than a single process) should be signaled when rotating files.
[MERGED]
nsdispatch(3) is now thread-safe and implements support for Name Service
Switch (NSS) modules. NSS modules may be statically built into libc or
dynamically loaded via dlopen(3). They are loaded/initialized at
configuration time (i.e. when nsdispatch(3) is called and nsswitch.conf(5)
is read or re-read).
A new pam_chroot(8) module has been added, which does a chroot(2)
operation for users into either a predetermined directory or one derived
from their home directory.
pam_ssh(8) has been rewritten. One side effect of the rewrite is that it
now starts a separate instance of ssh-agent(1) for each session instead of
trying to connect each session to the agent started by the first session.
ping(8) now supports a -D flag to set the ``Don't Fragment'' bit on
outgoing packets.
ping(8) now supports a -M option to use ICMP mask request or timestamp
request messages instead of ICMP echo requests.
ping(8) now supports a -z flag to set the Type of Service bits in outgoing
packets.
pw(8) can now add a user whose name ends with a $ character; this change
is intended to help administration of Samba services. [MERGED]
The format of the /etc/pwd.db and /etc/spwd.db password databases created
by pwd_mkdb(8) is now byte-order independent. The pre-processed password
databases can now be moved between machines of different architectures.
The format includes version numbers on entries to ensure compatibility
with old binaries.
A bug in rand(3) that could cause a sequence to remain stuck at 0 has been
fixed. (rand(3) remains unsuitable for all but trivial uses.)
rtld(1) now has support for the dynamic mapping of shared object
dependencies. This optional feature is especially useful when
experimenting with different threading libraries. It is not, however,
built by default. More information on enabling and using this feature can
be found in libmap.conf(5).
sem_open(3) now correctly handles multiple opens of the same semaphore; as
a result, sem_close(3) no longer crashes calling programs.
The seeding algorithm used by srandom(3) has been strengthened.
sysinstall(8) will now select UFS2 as the default layout for new file
systems unless specifically requested in the disk labeler.
The swapoff(8) command has been added to disable paging and swapping on a
device. A related swapctl(8) command has been added to provide an
interface to swapon(8) and swapoff(8) similar to other BSDs.
Note: The swapoff(8) feature should be considered experimental.
syslogd(8) now allows multiple hosts or programs to be named in host or
program specifications in syslog.conf(5) files.
systat(1) now includes an -ifstat display mode that displays the network
traffic going through active interfaces on the system.
The usbhidaction(1) command has been added; it performs actions according
to its configuration in response to USB HID controls.
uudecode(1) and b64decode(1) now support a -r flag for decoding raw (or
broken) files that may be missing the initial and possibly final framing
lines. [MERGED]
vmstat(8) has re-implemented the -f flag, which displays statistics on
fork operations.
xargs(1) now supports a -P option to execute multiple copies of the same
utility in parallel.
xargs(1) now supports a -o flag to reopen /dev/tty for the child process
before executing the command. This is useful when the child process is an
interactive application.
A 1:1 threading package (where for every pthread in an application there
is one KSE and thread) has been implemented. Under this model, the kernel
handles all thread scheduling decisions and all signal delivery. This uses
some of the common KSE code, and is a restricted case of the M:N threading
work still in progress. The libthr library implementing the userland
portion of this functionality is a drop-in replacement for the libc_r
library. Note that libthr is not (at this time) built by default.
The historic BSD boot scripts in /etc have been removed, in favor of the
rc.d system imported from NetBSD (sometimes referred to as ``rcNG''). All
functionality of the historic system has been preserved. In particular,
files such as /etc/rc.conf continue to be the recommended means of
configuring the system startup. The rc.d system has been the default since
FreeBSD 5.0-RELEASE, so this change should be largely transparent for the
vast majority of users. Users who have customized their historic-style
startup scripts should be aware that the following files have been removed
from /etc: rc.atm, rc.devfs, rc.diskless1, rc.diskless2, rc.i386,
rc.alpha, rc.amd64, rc.ia64, rc.sparc64, rc.isdn, rc.network, rc.network6,
rc.pccard, rc.serial, rc.syscons, rc.sysctl. mergemaster(8), when run,
will offer to move these files out of the way for convenience. More
details can be found in rc.subr(8).
----------------------------------------------------------------------
2.4 Contributed Software
The ACPI-CA code has been updated from the 20021118 snapshot to the
20030228 snapshot.
awk from Bell Labs has been updated to a 14 March 2003 snapshot.
BIND has been updated to version 8.3.4. [MERGED]
All of the bzip2 suite of applications is now installed in the base system
(in particular, bzip2recover is now built and installed). [MERGED]
CVS has been updated to 1.11.5. [MERGED]
FILE has been updated to 3.41. [MERGED]
GCC has been updated to 3.2.2 (release version).
The gdtoa library, for conversions between strings and floating point, has
been imported. These sources were dated 24 March 2003.
groff (and related utilities) have been updated from 1.18.1 to 1.19.
IPFilter has been updated to 3.4.31. [MERGED]
The ISC DHCP client has been updated to 3.0.1RC11. [MERGED]
The ISC DHCP client now includes the omshell(1) utility and the dhcpctl(3)
library for run-time control of the client.
Kerberos IV support (in the form of KTH eBones) has been removed. Users
requiring this functionality can still get it from the security/krb4 port
(or package). Kerberos IV compatibility mode for Kerberos 5 has been
removed, and the k5program userland utilities have been renamed to
kprogram.
Kerberos 5 is now built by default in buildworld operations. Setting
MAKE_KERBEROS5 no longer has any effect. Disabling the base system
Kerberos 5 now requires the NO_KERBEROS Makefile variable to be set.
libpcap now has support for selecting among multiple data link types on an
interface.
lukemftpd (not built or installed by default) has been updated to a
snapshot from 22 January 2003.
OpenPAM has been updated from the ``Citronella'' release to the
``Dianthus'' release.
OpenSSH has been updated to 3.6.1p1.
OpenSSL has been updated to release 0.9.7a. Among other features, this
release includes support for AES and takes advantage of crypto(4) devices.
[MERGED]
sendmail has been updated to version 8.12.9. [MERGED]
tcpdump(1) has been updated to version 3.7.2. [MERGED] It also now
supports a -L flag to list the data link types available on an interface
and a -y option to specify the data link type to use while capturing
packets.
texinfo has been updated from 4.2 to 4.5.
The timezone database has been updated from tzdata2002d to tzdata2003a.
[MERGED]
----------------------------------------------------------------------
2.5 Ports/Packages Collection Infrastructure
The one-line pkg-comment files have been eliminated from each port
skeleton; their contents have been moved into each port's Makefile. This
change reduces the disk space and inodes used by the ports tree. [MERGED]
When fetching distfiles for building a port, the FETCH_REGET Makefile
variable can be used to specify the number of times to try continuing to
fetch a distfile if it fails its MD5 checksum. The port infrastructure
also supports re-fetching interrupted distfiles.
pkg_create(1) now supports a -C option, which allows packages to register
a list of other packages with which they conflict. They will refuse to
install (via pkg_add(1)) if one of the listed packages is already present.
The -f flag to pkg_add(1) overrides this conflict-checking.
pkg_info(1) now honors the BLOCKSIZE environment variable in its output
when the -b flag is given.
pkg_info(1) now implements a -Q option, which is similar to the -q
``quiet'' option except that it prefixes the output with the package name.
----------------------------------------------------------------------
2.6 Release Engineering and Integration
The supported release of GNOME has been updated to 2.2.1. [MERGED]
The supported release of KDE has been updated to 3.1.2. [MERGED]
There is no longer a separate krb5 distribution. The Kerberos 5 libraries
and utilities have been incorporated into the crypto distribution.
sysinstall(8) once again supports installing individual components of
XFree86. Supporting changes (not user-visible) generalize the concept of
installing parts of distributions as packages.
The supported release of XFree86 has been updated to 4.3.0. [MERGED]
Several upgrade mechanisms designed to permit major version upgrades from
FreeBSD 2.X to 3.X and from FreeBSD 3.X to 4.X have been removed.
----------------------------------------------------------------------
2.7 Documentation
The following new articles have been added to the documentation set:
``FreeBSD From Scratch'', ``The Roadmap for 5-STABLE''.
A new Danish (da_DK.ISO8859-1) translation project has been started.
----------------------------------------------------------------------
3 Upgrading from previous releases of FreeBSD
Users with existing FreeBSD systems are highly encouraged to read the
``Early Adopter's Guide to FreeBSD 5.1-RELEASE''. This document generally
has the filename EARLY.TXT on the distribution media, or any other place
that the release notes can be found. It offers some notes on upgrading,
but more importantly, also discusses some of the relative merits of
upgrading to FreeBSD 5.X versus running FreeBSD 4.X.
Important: Upgrading FreeBSD should, of course, only be attempted after
backing up all data and configuration files.
----------------------------------------------------------------------
This file, and other release-related documents, can be downloaded from
ftp://ftp.FreeBSD.org/.
For questions about FreeBSD, read the documentation before contacting
<questions@FreeBSD.org>.
All users of FreeBSD 5-CURRENT should subscribe to the <current@FreeBSD.org>
mailing list.
For questions about this documentation, e-mail <doc@FreeBSD.org>.