FreeBSD/i386 4.5-RELEASE Release Notes The FreeBSD Project Copyright (c) 2000, 2001, 2002 by The FreeBSD Documentation Project $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.22.2.191.2.1 2002/01/25 20:58:19 bmah Exp $ The release notes for FreeBSD 4.5-RELEASE contain a summary of the changes made in the FreeBSD base system since 4.4-RELEASE. Both changes for kernel and userland are listed, as well as applicable security advisories for the base system that were issued since the last release. Some brief remarks on upgrading are also presented. ---------------------------------------------------------------------- Table of Contents 1 Introduction 2 What's New 2.1 Kernel Changes 2.1.1 Processor/Motherboard Support 2.1.2 Boot Loaders 2.1.3 Network Interface Support 2.1.4 Network Protocols 2.1.5 Disks and Storage 2.1.6 Filesystems 2.1.7 PCCARD Support 2.1.8 Multimedia Support 2.1.9 Contributed Software 2.2 Security-Related Changes 2.3 Userland Changes 2.3.1 Contributed Software 2.3.2 Ports/Packages Collection 3 Upgrading from previous releases of FreeBSD ---------------------------------------------------------------------- 1 Introduction This document contains the release notes for FreeBSD 4.5-RELEASE on the IA-32 hardware platform. It describes new features of FreeBSD that have been added (or changed) since 4.4-RELEASE. It also provides some notes on upgrading from previous versions of FreeBSD. This distribution of FreeBSD 4.5-RELEASE is a release distribution. It can be found at ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the ``Obtaining FreeBSD'' appendix in the FreeBSD Handbook. ---------------------------------------------------------------------- 2 What's New This section describes the most user-visible new or changed features in FreeBSD since 4.4-RELEASE. Typical release note items document new drivers or hardware support, new commands or options, major bugfixes, or contributed software upgrades. Security advisories for the base system that were issued after 4.4-RELEASE are also listed. Many additional changes were made to FreeBSD that are not listed here for lack of space. For example, documentation was corrected and improved, minor bugs were fixed, insecure coding practices were audited and corrected, and source code was cleaned up. ---------------------------------------------------------------------- 2.1 Kernel Changes The amdpm(4) driver has been added to provide access to the system monitoring functions of the AMD 756 chip set. The kern.maxvnodes limit now properly limits the number of vnodes in use. Previously only vnodes with no cached pages could be freed; this could allow the number of vnodes to grow without limit on large-memory machines accessing many small files. A vnlru kernel thread helps to flush and reuse vnodes. A new KVA_SPACE kernel option can be used to reconfigure the size of the kernel virtual address space. Linux emulation now supports the kernel functionality required by the emulators/linux_base-7 (RedHat 7.X emulation) port. The kernel configuration parameters MAXTSIZ, DFLDSIZ, MAXDSIZ, DFLSSIZ, MAXSSIZ, and SGROWSIZ are all loader tunables (kern.maxtsiz, kern.maxdfldsiz, etc.). Specifying a value of 0 for the maxusers kernel configuration parameter will now cause an appropriate value to be calculated at boot-time (between 32 and 384, depending on the amount of memory present). This value is now the default for all GENERIC kernels. The pmc driver, which supports the power management controller of the NEC PC-98NOTE, has been added. The load addresses of kernels are now exported to the symbol table and various hard-coded constants have been removed so that utilities such as ps(1) can work with kernels compiled at different addresses. Coredumps of large processes (or of a large number of processes) no longer lock up the machine for long periods of time. The number of memory pages allocated for the per-process kernel state has been increased from 2 to 3, to reduce the likelihood of kernel stack overflow (and subsequent corruption of per-process data structures). The system load average computation now adds some jitter to the timing of samples, in order to avoid synchronization with processes that run periodically. If a debugging kernel with modules is being built (i.e. using makeoptions DEBUG=-g), the modules will now be built with debugging support as well, for completeness. A side effect of this change is that modules built and installed with debugging kernels will now occupy more space on disk than they did previously. The kernel on the installation CDs is now separated from the mfsroot image. This provides more flexibility when building custom FreeBSD distributions. ---------------------------------------------------------------------- 2.1.1 Processor/Motherboard Support ---------------------------------------------------------------------- 2.1.2 Boot Loaders A new cdboot bootstrap utility for CDROMs provides better compatability with some BIOS implementations that do not completely implement the El Torito bootable CDROM standard. This boot loader supports ``no emulation'' mode booting, thus eliminating the need for an emulated floppy disk image on a bootable CDROM. This in turn permits the use of a full kernel when installing from CD on machines that support CD booting (instead of the stripped-down kernel used on floppies). Note: While this functionality is not used in the FreeBSD 4.5-RELEASE ISO images, it may be used for future releases. In the meantime, this feature is available for users constructing custom distributions. The loader(8) now has optional support (enabled at compile-time, off by default) for loading bzip2-compressed kernels and modules. The FreeBSD boot loader is now capable of booting from filesystems with 16K disk blocks (the old limit was 8K). The FreeBSD boot loader now supports a -p flag to force the kernel to pause after each line of output during the probing phase. ---------------------------------------------------------------------- 2.1.3 Network Interface Support The an(4) driver now supports ``monitor'' mode, settable via the -M option to ancontrol(8). The bge(4) driver has been added to support the Broadcom BCM570x family of Gigabit Ethernet controllers, including the 3Com 3c996-T, the SysKonnect SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on Dell PowerEdge 2550 servers. Output TCP/IP checksum offload, jumbo frames and VLAN tag insertion/stripping are supported, as well as interrupt moderation. The dc(4) driver now supports NICs based on the Conexant LANfinity RS7112 chip. The de(4) driver now performs round-robin arbitration between the transmit and receive units of the 21143, instead of giving priority to the receive unit. This gives a 10-15% performance improvement in the forwarding rate under heavy load. The dgm driver has been updated from FreeBSD -CURRENT. The em(4) driver has been added to support NICs based on the Intel 82542, 82543, and 82544 Gigabit Ethernet controller chips. The driver supports transmit/receive checksum offload and jumbo frames on 82543 and 82544-based adapters. The faith(4) device is now loadable, unloadable, and clonable. The fxp(4) driver now supports Intel's loadable microcode to implement receive-side interrupt coalescing and packet bundling, on NICs that support these features. This support can be activated by the use of the link0 option to ifconfig(8). The gx(4) driver has been added to support NICs based on the Intel 82542 and 82543 Gigabit Ethernet controller chips. Both fiber and copper variants of the cards are supported. Both boards support VLAN tagging/insertion, and the 82543 additionally supports TCP/IP checksum offload. The sbni driver, for supporting the Granch SBNI12 series of ISA and PCI point-to-point communications interfaces, has been added. The sysutil/sbniconfig port in the FreeBSD Ports Collection can be used for configuring these devices. The sis(4) driver now supports the SiS 900-style on-board Ethernet controllers in the SiS 635 and 735 motherboard chipsets. The sis(4) driver now supports VLANs. vlan(4) devices are now loadable, unloadable, and clonable. The wx(4) driver is now deprecated; it is now officially unmaintained. Users with Intel Pro/1000 Gigabit Ethernet interfaces should use either the em(4) driver or the gx(4) driver. (The em(4) driver is supported by Intel, but only works on the i386 architecture. The gx(4) driver was developed by the FreeBSD Project, and is multi-platform.) The xl(4) driver now supports send- and receive-side TCP/IP checksum offloading for NICs implementing this feature, such as the 3C905B, 3C905C, and 3C980C. A bug in the xl(4) driver, related to statistics overflow interrupt handling, was causing slowdowns at medium to high packet rates; this has been fixed. The per-interface ifnet structure now has the ability to indicate a set of capabilities supported by a network interface, and which ones are enabled. ifconfig(8) has support for querying these capabilities. Performance with hosts having a large number of IP aliases has been improved, by replacing the per-interface if_inaddr linear list with a hash table. The packet-forwarding performance of certain network drivers (specifically dc(4) and sis(4)) has been enhanced by the elimination of unnecessary buffer copies. ---------------------------------------------------------------------- 2.1.4 Network Protocols The read timeout feature of bpf(4) now works more correctly with select(2)/poll(2), and therefore with pthreads. bridge(4) and dummynet(4) have received some enhancements and bug fixes, and are now loadable modules. A bug in the TCP NewReno implementation, which could cause degraded throughput under certain circumstances, has been fixed. TCP's default buffer sizes, controlled by the net.inet.tcp.sendspace and net.inet.tcp.recvspace sysctl variables, have been increased to 32K and 64K respectively. Previously, the default for both buffer sizes was 16K. To try to avoid increasing congestion, the default value for net.inet.tcp.local_slowstart_flightsize has been changed from infinity to 4. Note: On busy hosts, the new larger buffer sizes may require manually increasing the NMBCLUSTERS parameter, either in the kernel configuration file or via the kern.ipc.nmbclusters loader tunable. netstat -mb can be used to monitor the state of mbuf clusters. A bug in the TCP implementation, which could cause connections to stall if a sender saw a zero-sized window, has been corrected. The TCP implementation in FreeBSD now implements a cache of outstanding, received SYN segments. Incoming SYN segments now cause entries to be placed in the cache until the TCP three-way handshake is complete, at which point, memory is allocated for the connection as usual. In addition, all TCP Initial Sequence Numbers (ISNs) are used as cookies, allowing entries in the cache to be dropped, but still have their corresponding ACKs accepted later. The combination of the so-called ``syncache'' and ``syncookies'' features makes a host much more resistant to TCP-based Denial of Service attacks. Work on this feature was sponsored by DARPA and NAI Labs. ---------------------------------------------------------------------- 2.1.5 Disks and Storage The aac(4) driver has been updated to include proper handling of commands initiated by the adapter, addition/removal of disk devices, crashdump functionality, and ioctl(2) commands necessary for the management CLI. This driver is now fully qualified and sanctioned by Adaptec. The ata(4) driver now supports a wider variety of chipsets, as listed in the Hardware Notes. The ata(4) driver now has support for 48-bit addressing. Devices larger than 137GB are now supported. The ata(4) driver now contains fixes for some data corruption problems on systems using the VIA 82C686B Southbridge chip. The ciss driver, for devices utilizing the Common Interface for SCSI-3 Support, has been added. This driver supports the Compaq SmartRAID 5* family of RAID controllers (5300, 532, 5i). The isp(4) driver now supports the Qlogic 2300 and 2312 Optical Fibre Channel PCI cards. The ncv, nsp, and stg SCSI drivers can now be built and loaded as modules. ---------------------------------------------------------------------- 2.1.6 Filesystems The directory layout preference algorithm for FFS (dirprefs) has been changed. Rather than scattering directory blocks across a disk, it attempts to group related directory blocks together. Operations traversing large directory hierarchies, such as the FreeBSD Ports tree, have shown marked speedups. This change is transparent and automatic for new directories. The virtual memory subsystem now backs UFS directory memory requirements by default (this behavior is controlled via the vfs.vmiodirenable sysctl variable). A bug that prevented the root filesystem from being mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were always supported). The UFS_DIRHASH hash-based lookup optimization for large directories is now enabled by default in the GENERIC kernel. A number of bugs in the filesystem code, discovered through the use of the fsx filesystem test tool, have been fixed. Under certain circumstances (primarily related to use of NFS), these bugs could cause data corruption or kernel panics. ---------------------------------------------------------------------- 2.1.7 PCCARD Support Various features have been merged from the FreeBSD -CURRENT version of the pcic(4) driver, including improved support for ToPIC-based laptops, 3.3V support for some controllers, and bugfixes. ---------------------------------------------------------------------- 2.1.8 Multimedia Support The urio(4) driver, for the Diamond Rio series of MP3 players, has been added. (For some reason, a manual page for this driver was committed to FreeBSD 4.3-RELEASE.) ---------------------------------------------------------------------- 2.1.9 Contributed Software IPFilter now supports IPv6. ---------------------------------------------------------------------- 2.1.9.1 isdn4bsd isdnphone(8) now supports a -k option for sending messages via the keypad facility to a PBX or exchange office. The isic(4) driver now supports the Compaq Microcom 610 ISDN ISA PnP card. ---------------------------------------------------------------------- 2.2 Security-Related Changes Per-user ~/.login.conf files were disabled in FreeBSD 4.4-RELEASE to avoid a security hole caused by a bug. The bug was fixed and this feature has been re-enabled. A security hole in OpenSSH, which could allow users to execute code with arbitrary privileges if UseLogin yes was set, has been closed. Note that the default value of this setting is UseLogin no. (See security advisory FreeBSD-SA-01:63.) The use of an insecure temporary directory by pkg_add(1) could permit a local attacker to modify the contents of binary packages while they were being installed. This hole has been closed. (See security advisory FreeBSD-SA-02:01.) A race condition in pw(8), which could expose the contents of /etc/master.passwd, has been eliminated. (See security advisory FreeBSD-SA-02:02.) A bug in k5su(8) could have allowed a process that had given up superuser privileges to regain them. This bug has been fixed. (See security advisory FreeBSD-SA-02:07.) A race condition in the exec(3) system call, which could result in local users obtaining increased privileges, has been fixed. (See security advisory FreeBSD-SA-02:08.) ---------------------------------------------------------------------- 2.3 Userland Changes arp(8) now prints the applicable interface name for each ARP entry. A minimalized version of camcontrol(8) is now available on the installation floppy. This allows it to rescan for devices that have been connected after booting, or to show the devices attached to SCSI busses (e. g. from within the ``emergency holographic shell''). As a side-effect, this allows devices attached to aic(4)-based PCMCIA SCSI adapters like the Adaptec APA-1460 to be used during installation. cat(1) now has the ability to read from UNIX-domain sockets. The compat4x compatability distribution now includes versions of libcrypto.so.1 and libssl.so.1 that do not depend on the librsaUSA.so and librsaINTL.so libraries. This change improves compatability with binaries built for FreeBSD 4.1-RELEASE and older. edquota(8) now takes a -f option to allow limiting the prototype quota distribution (specified with -p) to a single filesystem. find(1) can now take various units of time to be applied to the -[acm]time primaries. fmt(1) has been rewritten; the rewrite fixes a number of bugs compared to its prior behavior. ftpd(8) now supports -o and -O options to disable the RETR command; the former for everybody, and the latter only for guest users. Coupled with -A and appropriate file permissions, these can be used to create a relatively safe anonymous FTP drop box for others to upload to. The groups(1) and whoami(1) shell scripts are now unnecessary; their functionality has been completely folded into id(1). ipfw(8) will now avoid the display of dynamic firewall rules unless the -d flag is passed to it. The -e option lists expired dynamic rules. ipfw(8) has a new limit type of firewall rule, which limits the number of sessions between address pairs. keyinfo(1) is now a C program, rather than a Perl script. libfetch has been synchronized to the version in FreeBSD -CURRENT; among other features, it now has support for an authentication callback. libstand now has support for filesystems containing bzip2-compressed files. Locale names have been renamed to improve compatibility with the names used by X11R6, as well as a number of other UNIX versions. As an example, the en_US.ISO_8859-1 locale name has been changed to en_US.ISO8859-1. Entries in /etc/locale.alias, /etc/man.alias, and /etc/nls.alias provide backward compatibility. The table below summarizes the locale changes: +------------------------------------------------------------------------+ | FreeBSD 4.4-RELEASE | FreeBSD 4.5-RELEASE | |------------------------------------+-----------------------------------| | ISO_* | ISO* | |------------------------------------+-----------------------------------| | ru_SU* | ru_RU* | |------------------------------------+-----------------------------------| | DIS_* | ISO*-15 | |------------------------------------+-----------------------------------| | *.ASCII | *.US-ASCII | +------------------------------------------------------------------------+ lpd(8) now has some support for o-type print-file actions in its control files, which allows printing of PostScript files generated by MacOS 10.1. natd(8) now supports a -log_ipfw_denied option to log packets that cannot be re-injected because they are blocked by ipfw(8) rules. netstat(1) now has a -z flag to reset statistics. netstat(1) now has a -S flag to print addresses numerically but port names symbolically. The default number of cylinders per group in newfs(8) is now computed to be the maximum allowable given the current filesystem parameters. It can be overridden with the -c option. Formerly, the default was fixed at 16. This change leads to better fsck(8) performance and reduced fragmentation. The default block and fragment sizes for new filesystems created by newfs(8) are now 16384 and 2048 bytes, respectively (the old defaults were 8192 and 1024 bytes). This change generally provides increased performance, at the expense of some wasted disk space. newsyslog(8) now has the ability to compress log files using bzip2(1). nl(1), a line numbering filter program, has been added. pciconf(8) now supports a -v option to display the vendor/device information of configured devices, in conjunction with the -l option. The default vendor/device database can be found at /usr/share/misc/pci_vendors. ping(8) now supports a -A option to beep when packets are lost. route(8) is now more verbose when changing indirect routes, in the case of a gateway route that is the same route as the one being modified. route(8) now uses host/bits syntax instead of net/bits syntax, for compatibility with netstat(1). route(8) can now create ``proxy only'' published ARP entries. The route(8) add command now supports the -ifp and -ifa modifiers. send-pr(1) now takes a -a option to include a file into the Fix: section of a problem report. sh(1) now implements test as a built-in command for improved efficiency. sysctl(8) now supports a -e option to separate variable names and values by = rather than :. This feature is useful for producing output that can be fed back to sysctl(8). sysinstall(8) now has the ability to load KLDs as a part of the installation. When run from the installation media, sysinstall(8) will automatically load any device drivers found in the /stand/modules directory of the mfsroot floppy or filesystem image. Note that any drivers so loaded will not appear in the kernel's boot messages; the sysinstall(8) debugging screen will provide additional information. sysinstall(8) now enables Soft Updates by default on all filesystems it creates, except for the root filesystem. sysinstall(8) has received updates for its ``auto'' partitioning mode which provide more reasonable defaults for the sizes of partitions that are created; auto-sized partitions can now also recover the space that becomes available when other partitions are deleted. syslogd(8) now has the ability to bind to a specific address (as opposed to using every available one) via the -b option. syslogd(8) now accepts a -c flag to disable repeated line compression. Previously, vnconfig(8) was only capable of configuring 16 devices when invoked with the -f (configuration file) option. This limit has been removed. wall(1) now supports a -g flag to write a message to all users of a given group. whois(1) supports a -c option to specify a country code to help direct queries towards a particular whois server. ---------------------------------------------------------------------- 2.3.1 Contributed Software The version of IPFilter provided with FreeBSD now includes the ipfs(8) program, which allows state information created for NAT entries and stateful rules to be saved to disk and restored after a reboot. Boot-time configuration of these features is supported by rc.conf(5). The NTP suite of programs has been updated to 4.1.0. OpenSSH has been updated to version 2.9, which adds two new programs, sftp(1) and ssh-keyscan(1). Among the various enhancements: Rekeying of existing SSH sessions is now supported, ssh-agent(1) now supports authentication forwarding for DSA keys, and an experimental SOCKS4 proxy has been added to ssh(1). Note: Protocol 1,2 remains the default protocol setting in /etc/ssh/ssh_config. In FreeBSD -CURRENT, the default is Protocol 2,1. The smmsp and mailnull users have been added to /etc/master.passwd. In the absence of a confDEF_USER_ID setting, by default, sendmail will use the mailnull user for extra security. Previously, if the mailnull user did not exist, the daemon user was used. This change may generate some permissions issues when mailing to files or to programs (such as mail/majordomo). The previous behavior can be restored by adding the following line to a system's *.mc configuration file: define(`confDEF_USER_ID', `daemon') Version 1.4.3 of the smbfs userland utilities have been imported. smbutil(1) and mount_smbfs(8) are now available in the base system, without the need to install the net/smbfs port. Note that mount_smbfs(8) will automatically load the smbfs.ko module into the kernel, even if LIBMCHAIN and LIBICONV were not compiled into the kernel. tcsh has been updated to version 6.11. The timezone database has been updated to the tzdata2001d release. ---------------------------------------------------------------------- 2.3.1.1 CVS CVS has been updated to 1.11.1p1. cvs(1) now supports a -T option to update a sandbox's CVS/Template file from the repository. cvs(1) diff now supports the -j option to perform differences against a revision relative to a branch tag. ---------------------------------------------------------------------- 2.3.2 Ports/Packages Collection Due to delays in the certification process, native JDK support for FreeBSD will be released shortly after 4.5-RELEASE. An announcement will be made on the FreeBSD Web site, as well as the FreeBSD announcements mailing list , when the distribution is available. pkg_create(1) now supports a -b option to create a package file from a locally-installed package. pkg_delete(1) now supports a -r option for recursive package removal. Version 4.2.0 of XFree86 was released just a few days before the shipping date for FreeBSD 4.5-RELEASE. As a result, the FreeBSD team did not have time to test and evaluate the new version for inclusion in the release. Therefore, FreeBSD 4.5-RELEASE includes the older 4.1.0 version of the XFree86 package. Installing a newer version of XFree86 can be done using an up-to-date (post-release) copy of the FreeBSD Ports Collection; instructions for doing so can be found in the Using the Ports Collection section of the FreeBSD Handbook. ---------------------------------------------------------------------- 3 Upgrading from previous releases of FreeBSD If you're upgrading from a previous release of FreeBSD, you generally will have three options: * Using the binary upgrade option of sysinstall(8). This option is perhaps the quickest, although it presumes that your installation of FreeBSD uses no special compilation options. * Performing a complete reinstall of FreeBSD. Technically, this is not an upgrading method, and in any case is usually less convenient than a binary upgrade, in that it requires you to manually backup and restore the contents of /etc. However, it may be useful in cases where you want (or need) to change the partitioning of your disks. * From source code in /usr/src. This route is more flexible, but requires more disk space, time, and more technical expertise. Upgrading from very old versions of FreeBSD may be problematic; in cases like this, it is usually more effective to perform a binary upgrade or a complete reinstall. Please read the INSTALL.TXT file for more information, preferably before beginning an upgrade. If you are upgrading from source, please be sure to read /usr/src/UPDATING as well. Finally, if you want to use one of various means to track the -STABLE or -CURRENT branches of FreeBSD, please be sure to consult the ``-CURRENT vs. -STABLE'' section of the FreeBSD Handbook. Important: Upgrading FreeBSD should, of course, only be attempted after backing up all data and configuration files. ---------------------------------------------------------------------- This file, and other release-related documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/. For questions about FreeBSD, read the documentation before contacting . For questions about this documentation, e-mail .