aboutsummaryrefslogtreecommitdiff
path: root/release/doc/en_US.ISO8859-1/relnotes/article.sgml
blob: f2ab5865a6ee91575ab3802f280ffab5fe9a449e (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
<articleinfo>
  <title>&os;/&arch; &release.current; Release Notes</title>

  <corpauthor>The FreeBSD Project</corpauthor>

  <pubdate>$FreeBSD$</pubdate>

  <copyright>
    <year>2000</year>
    <year>2001</year>
    <year>2002</year>
    <year>2003</year>
    <year>2004</year>
    <holder role="mailto:doc@FreeBSD.org">The FreeBSD Documentation Project</holder>
  </copyright>

  <abstract>
    <para>The release notes for &os; &release.current; contain a summary
      of
<![ %include.historic; [
      the changes made to the &os; base system since &release.prev;.
]]>
<![ %no.include.historic; [
      recent changes made to the &os; base system on the &release.branch;
      development branch.
]]>
      This document lists applicable security advisories that were issued since
      the last release, as well as significant changes to the &os;
      kernel and userland.
      Some brief remarks on upgrading are also presented.</para>
  </abstract>
</articleinfo>

<sect1 id="intro">
  <title>Introduction</title>

  <para>This document contains the release notes for &os;
    &release.current; on the &arch.print; hardware platform.  It
    describes recently added, changed, or deleted features of &os;.
    It also provides some notes on upgrading
    from previous versions of &os;.</para>

<![ %release.type.snapshot [

  <para>The &release.type; distribution to which these release notes
    apply represents a point along the &release.branch; development
    branch between &release.prev; and the future &release.next;.  Some
    pre-built, binary &release.type; distributions along this branch
    can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.release [

  <para>This distribution of &os; &release.current; is a
    &release.type; distribution.  It can be found at <ulink
    url="&release.url;"></ulink> or any of its mirrors.  More
    information on obtaining this (or other) &release.type;
    distributions of &os; can be found in the <ulink
    url="&url.books.handbook;/mirrors.html"><quote>Obtaining
    FreeBSD</quote> appendix</ulink> to the <ulink
    url="&url.books.handbook;/">FreeBSD
    Handbook</ulink>.</para>

]]>

  <para>Users who are new to the &release.branch; series of &os;
    &release.type;s should also read the <quote>Early Adopters Guide
    to &os; &release.current;</quote>.  This document can generally be
    found in the same location as the release notes (either as a part of a
    &os; distribution or on the &os; Web site).  It contains important
    information regarding the advantages and disadvantages of using
    &os; &release.current;, as opposed to releases based on the &os;
    4-STABLE development branch.</para>

  <para>All users are encouraged to consult the release errata before
    installing &os;.  The errata document is updated with
    <quote>late-breaking</quote> information discovered late in the
    release cycle or after the release.  Typically, it contains
    information on known bugs, security advisories, and corrections to
    documentation.  An up-to-date copy of the errata for &os;
    &release.current; can be found on the &os; Web site.</para>

</sect1>

<sect1 id="new">
  <title>What's New</title>

  <para>This section describes
<![ %include.historic; [
      the most user-visible new or changed features in &os;
      since &release.prev;.
      In general, changes described here are unique to the &release.branch;
      branch unless specifically marked as &merged; features.
]]>
<![ %no.include.historic; [
      many of the user-visible new or changed features in &os;
      since &release.prev;.  It includes items that are unique to the
      &release.branch; branch, as well as some features that may have been
      recently merged to
      other branches (after &os; &release.prev.historic;).  The latter
      items are marked as &merged;.
]]>
  </para>

  <para>Typical release note items
    document recent security advisories issued after
    &release.prev.historic;,
    new drivers or hardware support, new commands or options,
    major bug fixes, or contributed software upgrades.  They may also
    list changes to major ports/packages or release engineering
    practices.  Clearly the release notes cannot list every single
    change made to &os; between releases; this document focuses
    primarily on security advisories, user-visible changes, and major
    architectural improvements.</para>

  <sect2 id="security">
    <title>Security Advisories</title>

    <para>A bug in &man.mksnap.ffs.8; has been fixed; it caused the creation of a
      filesystem snapshot to reset the flags on the filesystem to
      their default values.  The possible consequences depended on local
      usage, but could include disabling extended access control lists
      or enabling the use of setuid executables stored on an untrusted
      filesystem.  This bug also affected the &man.dump.8;
      <option>-L</option> option, which uses &man.mksnap.ffs.8;.  Note
      that &man.mksnap.ffs.8; is normally only available to the
      superuser and members of the <groupname>operator</groupname>
      group.  For more information, see security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc">FreeBSD-SA-04:01</ulink>.</para>

    <para>A bug with the System V Shared Memory interface
      (specifically the &man.shmat.2; system call) has been fixed.
      This bug can cause a shared memory segment to reference
      unallocated kernel memory.  In turn, this can permit a local
      attacker to gain unauthorized access to parts of kernel memory,
      possibly resulting in disclosure of sensitive information,
      bypass of access control mechanisms, or privilege escalation.
      More details can be found in security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc">FreeBSD-SA-04:02</ulink>.
      &merged;</para>

    <para>A programming error in the &man.jail.attach.2; system call
      has been fixed.  This error could allow a process with superuser
      privileges inside a &man.jail.8; environment to change its root
      directory to that of a different jail, and thus gain full read
      and write access to files and directories within the target
      jail.  More information can be found in security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para>

    <para>A potential low-bandwidth denial-of-service attack against
      the &os; TCP stack has been prevented by limiting the number of
      out-of-sequence TCP segments that can be held at one time.  More
      details can be found in security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>.
      &merged;</para>

    <para>A bug in <application>OpenSSL</application>'s SSL/TLS
      ChangeCipherSpec message processing could result in
      a null pointer dereference, has been fixed.
      This could allow a remote attacker to crash an
      <application>OpenSSL</application>-using
      application and cause a denial-of-service on the system.
      More details can be found in security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc">FreeBSD-SA-04:05</ulink>.
      &merged;</para>

    <para>A programming error in the handling of some IPv6
      socket options within the &man.setsockopt.2; system call
      has been fixed.  This allows a local attacker to cause a
      system panic, and may allow to gain unauthorized access to
      parts of kernel memory, possibly resulting in disclosure
      of sensitive information, bypass of access control
      mechanisms, or privilege escalation.
      More details can be found in security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc">FreeBSD-SA-04:06</ulink>.</para>

    <para>Two programming errors in <application>CVS</application>
      have been fixed.  They allow a server to overwrite arbitrary
      files on the client, and a client to read arbitrary files
      on the server when accessing remote CVS repositories.
      More details can be found in security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc">FreeBSD-SA-04:07</ulink>. &merged;</para>

    <para>A bugfix for <application>Heimdal</application> rectifies a
      problem in which it would not perform adequate checking of
      authentication across autonomous realms.  For more information,
      see security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:08.heimdal.asc">FreeBSD-SA-04:08</ulink>. &merged;</para>

    <para>A programming error in <application>CVS</application> which
      allow the malicious client to overwrite arbitrary portions of
      the server's memory has been fixed.  For more information,
      see security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc">FreeBSD-SA-04:10</ulink>. &merged;</para>

    <para>A potential cache consistency problem of
      the implementation of the &man.msync.2; system call
      involving the <literal>MS_INVALIDATE</literal>
      operation has been fixed.  However, as a side effect of closing
      this security problem, the <literal>MS_INVALIDATE</literal>
      flag no longer guarantees that all pages in the range are invalidated.
      Users who require the old semantics of <literal>MS_INVALIDATE</literal>
      and are not concerned with the security issue being fixed can set the
      <varname>vm.old_msync</varname> sysctl to 1 which will revert to
      the old (insecure) behavior.  For more information,
      see security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc">FreeBSD-SA-04:11</ulink>. &merged;</para>

    <para>A programming error in the &man.jail.2; system call
      which results in a failure to verify that an attempt
      to manipulate routing tables originated from a non-jailed process
      has been fixed.
      For more information, see security advisory <ulink
      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jail.asc">FreeBSD-SA-04:12</ulink>. &merged;</para>

    <para>A programming error in the handling of some Linux system calls which
      may result in memory locations being accessed without proper validation
      has been fixed.
      For more information, see security advisory <ulink
      url="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:13.linux.asc">FreeBSD-SA-04:13</ulink>. &merged;</para>

  </sect2>

  <sect2 id="kernel">
    <title>Kernel Changes</title>

    <para arch="i386">The &man.acpi.asus.4; driver has been added
      to use ACPI-controlled hardware features  such as hot keys and
      LCD on ASUSTek laptops.</para>

    <para arch="i386">The &man.acpi.toshiba.4; driver has been added
      to use Toshiba's Hardware Control Interface to manipulate
      certain hardware features on Toshiba laptops.</para>

    <para arch="i386">The &man.acpi.toshiba.4; driver now supports
      video output switching.</para>

    <para>The &man.acpi.video.4; driver has been added to provide
      control display switching and backlight brightness using the
      ACPI Video Extensions.</para>

    <para arch="i386">The &man.acpi.4; driver now supports
      per-device sysctls (<varname>dev.root0.nexus0.acpi0.acpi_lid0.wake</varname>,
      for instance) to allow users to set whether or not a given
      device can wake the system.</para>

    <para arch="i386">The &man.acpi.4; driver has been updated to
      be disabled automatically when the machine has well-known broken BIOS.
      This behavior can be disabled by setting a loader tunable
      <varname>hint.acpi.0.disabled</varname> to <literal>0</literal>.</para>

    <para>The &man.bus.dma.9; now supports transparently honoring
      the alignment and boundary constraints in the dma tag
      when loading buffers, and <function>bus_dmamap_load()</function>
      will automatically use bounce buffers when needed.
      In addition, a set of sysctls <varname>hw.busdma.*</varname>
      for &man.bus.dma.9; statistics has been added.</para>

    <para arch="i386">The &man.ctau.4; driver has been added for Cronyx Tau
      synchronous serial adapters. This driver was known for a long time as
      <quote>ct</quote> in its previous life outside the &os; source tree. &merged;

      <note>
	<para>The driver name has changed, but the network interface still
	  has the <quote>ct</quote> name.</para>
      </note>
    </para>

    <para arch="i386,pc98">The &man.cp.4; driver has been added for Cronyx Tau-PCI
      synchronous serial adapters.
    </para>

    <para>&man.devfs.5; path rules now work correctly on
      directories.</para>

    <para arch="i386,pc98">The dgb (DigiBoard intelligent serial card) driver has been
      removed due to breakage.  Its replacement is the &man.digi.4; driver,
      which supports all the hardware of the dgb driver.</para>

    <para>The &man.getvfsent.3; API has been removed.</para>

    <para arch="sparc64">The &man.hme.4; driver now natively supports
      long frames, so it can be used for &man.vlan.4; with full Ethernet
      MTU size.</para>

    <para>&man.jail.2; now supports use of raw sockets from within a jail.
      This feature is disabled by default, and controlled using the
      <varname>security.jail.allow_raw_sockets</varname> sysctl.</para>

    <para>&man.kqueue.2; now supports a new filter
      <literal>EVFILT_FS</literal> to be used to signal generic filesystem
      events to the user space.  Currently, mount, unmount, and up/down
      status of NFS are signaled.</para>

    <para>KDB, a new debugger framework has been added.
      This consists of a new GDB backend, which has been rewritten to support
      threading, run-length encoding compression, and so on, and
      the frontend that provides a framework in which multiple, different
      debugger backends can be configured and which provides
      basic services to those backends.
      The following options has been changed:</para>

    <itemizedlist>
      <listitem>
	<para>KDB is enabled by default
	  via a kernel option <literal>options KDB</literal>,
	  <literal>options GDB</literal>, and <literal>options DDB</literal>.
	  Both <literal>DDB</literal> and
	  <literal>GDB</literal> specify which KDB backends to include.</para>
      </listitem>

      <listitem>
	<para>WITNESS_DDB has been renamed to WITNESS_KDB.</para>
      </listitem>

      <listitem>
	<para>DDB_TRACE has been renamed to KDB_TRACE.</para>
      </listitem>

      <listitem>
	<para>DDB_UNATTENDED has been renamed to KDB_UNATTENDED.</para>
      </listitem>

      <listitem>
	<para>SC_HISTORY_DDBKEY has been renamed to SC_HISTORY_KDBKEY.</para>
      </listitem>

      <listitem>
	<para>DDB_NOKLDSYM has been removed.
	  The new DDB backend supports pre-linker symbol
	  lookups as well as KLD symbol lookups at the same time.</para>
      </listitem>

      <listitem>
	<para>GDB_REMOTE_CHAT has been removed.
	  The GDB protocol hacks to allow this are &os; specific.
	  At the same time, the GDB protocol has packets for console
	  output.</para>
      </listitem>
    </itemizedlist>

    <para>The KDB also serves as the single point of contact for any and
      all code that wants to make use of the debugger functions,
      such as entering the debugger or handling of the
      alternate break sequence.
      For this purpose, the frontend has been made non-optional.
      All debugger requests are forwarded or handed over to the current
      backend, if applicable.
      Selection of the current backend is done by the
      <varname>debug.kdb.current</varname> sysctl.
      A list of configured backends can be obtained with the
      <varname>debug.kdb.available</varname> sysctl.
      One can enter the debugger by writing to the
      <varname>debug.kdb.enter</varname> sysctl.</para>

    <para arch="amd64">Loadable kernel modules now work and are
      enabled in the amd64 build.</para>

    <para arch="i386">The loran (Loran-C receiver) driver has been removed due to
      breakage and lack of maintainership.</para>

    <para>A new kernel option <literal>MAC_STATIC</literal> which
      disables internal MAC Framework synchronization protecting against
      dynamic load and unload of MAC policies, has been added.</para>

    <para>mballoc has been replaced with mbuma, an Mbuf and Cluster
      allocator built on top of a number of extensions to the UMA framework.
      Due to this change, the <varname>NMBCLUSTERS</varname> kernel option
      is no longer used.  The maximum number of the clusters is still
      capped off according to <varname>maxusers</varname>,
      but it can be made unlimited by setting the
      <varname>kern.ipc.nmbclusters</varname> loader tunable to zero.</para>

    <para>The midi driver, which supports serial port and several sound cards,
      has been removed.</para>

    <para>A bug in &man.mmap.2; that pages marked as <literal>PROT_NONE</literal>
      may become readable under certain circumstances, has been fixed.  &merged;</para>

    <para>&man.nmdm.4; has been rewritten to improve the reliability.</para>

    <para>The raid(4), RAIDframe disk driver from NetBSD has been removed.
      This is currently non-functional, and would require some amount of work
      to make it work under the &man.geom.4; API in 5-CURRENT.</para>

    <para>The &man.pcm.4; driver has been modified to read
      <filename>/boot/device.hints</filename> on startup, to allow setting
      of default values for mixer channels.</para>

    <para arch="sparc64">The &man.sab.4; now supports
      <literal>BREAK_TO_DEBUGGER</literal> kernel option.</para>

    <para>The drivers for various sound cards has been reorganized;
      <literal>device sound</literal> is the generic sound driver,
      and <literal>device snd_*</literal> are device-specific sound drivers.</para>

    <para arch="i386,pc98">The sx driver, which supports Specialix I/O8+ and I/O4+
      intelligent multiport serial controllers has been added.</para>

    <para>A devclass level has been added to the dev sysctl tree,
      in order to support per-class variables in addition to
      per-device variables.  This means that <varname>dev.foo0.bar</varname>
      is now called <varname>dev.foo.0.bar</varname>, and it is
      possible to to have <varname>dev.foo.bar</varname> as well.</para>

    <para>A sysctl <varname>kern.sched.name</varname>
      which has the name of the scheduler currently in use,
      has been added, and the <varname>kern.quantum</varname> sysctl
      has been moved to <varname>kern.sched.quantum</varname>
      for consistency.</para>

    <para arch="alpha,amd64,i386">For the &man.uart.4; device
      <varname>hw.uart.console</varname> and
      <varname>hw.uart.dbgport</varname> environment variables
      have been added.  They can be used to select a serial console and
      debug port respectively, as well as the attributes.</para>

    <para>The &man.ubser.4; device driver has been added to support
      BWCT console management serial adapters.</para>

    <para>The ULE scheduler is now the default scheduler in the
      <filename>GENERIC</filename> kernel.  For the average user,
      interactivity is reported to be better in many cases.  This
      means less <quote>skipping</quote> and <quote>jerking</quote> in
      interactive applications while the machine is very busy.  This
      will not prevent problems due to overloaded disk subsystems, but
      it does help with overloaded CPUs.  On SMP machines, ULE has
      per-CPU run queues which allow for CPU affinity, CPU binding,
      and advanced HyperThreading support, as well as providing a
      framework for more optimizations in the future.  As fine-grained
      kernel locking continues, the scheduler will be able to make
      more efficient use of the available parallel resources.</para>

    <!-- Above this line, sort kernel changes by manpage/keyword-->

    <para>The device driver infrastructure (as well as many drivers)
      have been updated.  Among the changes: Many more drivers now use
      automatically-assigned major numbers (instead of the old static
      major numbers).  Enhanced functions to support cloning of
      pseudodevices.  Several changes to the driver API, including a
      new <varname>d_version</varname> field in <varname>struct
      cdevsw</varname>.  Note that third-party device drivers will
      require recompiling after this change.</para>

    <para>The pseudo-interface cloning has been updated and
      the match function to allow creation of &man.stf.4;
      interfaces named <devicename>stf0</devicename>,
      <devicename>stf</devicename>, or <devicename>6to4</devicename>.
      Note that this breaks backward compatibility; for example,
      now <command>ifconfig stf</command> creates
      the interface named <devicename>stf</devicename>,
      not <devicename>stf0</devicename>, and does not print
      <devicename>stf0</devicename> to stdout.</para>

    <para>The kernel's file descriptor allocation code has been
      updated, and is now derived from similar code in OpenBSD.</para>

    <para arch="sparc64">On &os;/sparc64, <varname>time_t</varname>
      has been changed from a 32-bit value to a 64-bit value.

      <note>
	<para>Since this change is not backward-compatible,
	  any programs which were built on an older system using
	  a 32-bit <varname>time_t</varname> and
	  call system routines for handling
	  <varname>time_t</varname> values, will have to be recompiled.
	  More detailed information and notice on upgrading from
	  the source can be found in
	  <filename>/usr/src/UPDATING.64BTT</filename>.</para>
      </note>
    </para>

    <para arch="i386">It is now possible to compile the &os;/i386
      kernel with the Intel C/C++ Compiler (as in the <filename
      role="package">lang/icc</filename> port).</para>

    <sect3 id="proc">
      <title>Platform-Specific Hardware Support</title>

      <para arch="i386">The entropy device &man.random.4; now
        supports a hardware random number generator (RNG)
        in the VIA C3 Nehemiah (Stepping 3 and above) CPU.</para>

      <para arch="i386">Several old drivers for ISA cards have been removed,
	including
	the asc driver for GI1904-based hand scanners,
	the ctx driver for CORTEX-I Frame Grabber,
	the gp driver for National Instruments AT-GPIB and AT-GPIB/TNT boards,
	the gsc driver for the Genius GS-4500 hand scanner,
	the le driver for DEC EtherWORKS II and III Ethernet controllers,
	the rdp driver for RealTek RTL 8002-based pocket Ethernet adapters,
	the spigot driver for the Creative Labs Video Spigot video-acquisition board,
	the stl and stli drivers for Stallion Technologies multiport serial
	controllers, and the wt driver for Archive/Wangtek cartridge tapes.
	They are currently non-functional, and would require a considerable
	amount of work to make them work under the new API in 5-CURRENT.
	The userland support such as related ioctls and utilities including
	sasc and sgsc has also been removed.</para>

      <para>A new sysctl, <varname>kern.always_console_output</varname>
	which makes outputs from the kernel go to the console despite
	<varname>TIOCCONS</varname>.</para>
    </sect3>

    <sect3 id="boot">
      <title>Boot Loader Changes</title>

      <para arch="i386">A serial console-capable version of
	<filename>boot0</filename> has been added.  It can be written
	to a disk using &man.boot0cfg.8; and specifying
	<filename>/boot/boot0sio</filename> as the argument to the
	<option>-b</option> option.</para>

      <para arch="i386"><filename>cdboot</filename> now works around a
	BIOS problem observed on some systems when booting from USB
	CDROM drives.</para>

      <!-- Above this line, order boot loader changes by keyword-->

    </sect3>

    <sect3 id="net-if">
      <title>Network Interface Support</title>

      <para arch="i386">The &man.arl.4; driver, which supports
	Aironet Arlan 655 wireless adapters has been added. &merged;</para>

      <para arch="sparc64">The &man.dc.4; driver now supports sparc64
	Davicom cards that store their MAC address in
	OpenFirmware.</para>

      <para>A short hiccup in the &man.em.4; driver during parameter
	reconfiguration, has been fixed.  &merged;</para>

      <para>The &man.fwip.4; driver, which supports IP over FireWire has been added.
	Note that currently the broadcast channel number is hardwired and
	MCAP for multicast channel allocation is not supported.
	This driver is intended to conform to the RFC 2734 and RFC 3146
	standard for IP over FireWire and eventually replace
	the &man.fwe.4; driver.</para>

      <para>&man.fxp.4; now uses the device sysctl tree such as
	<varname>dev.fxp0</varname>, and those sysctls can be set
	on a per-device basis.</para>

      <para>&man.fxp.4; now provides actual control over its capability
	to receive extended Ethernet frames, <literal>VLAN_MTU</literal>.
	It can be toggled from the userland with the aid of the options
	<option>vlanmtu</option> and <option>-vlanmtu</option>
	to &man.ifconfig.8;.</para>

      <para arch="i386,pc98">The <devicename>hea</devicename>
	(Efficient Networks, Inc. ENI-155p ATM adapter)
	driver has been removed due to breakage.  Its functionality
	has been subsumed into the &man.en.4; driver.</para>

      <para>The &man.ixgb.4; driver, which supports
        Intel PRO/10GBE 10 gigabit Ethernet cards, has been
        added. &merged;</para>

      <para arch="i386">The lmc (LAN Media Corp. PCI WAN adapter) driver has been
	removed due to breakage and lack of maintainership.</para>

      <para arch="i386">&os; now provides a binary compatibility layer
	for using &microsoft.windows; NDIS drivers for network
	adapters under &os;/i386.  It includes a relocator/linker for
	&windows; <filename>.SYS</filename> files to interface with
	the &os; kernel and emulates various parts of the NDIS API
	using native &os; kernel functions.  This system supports PCI
	and CardBus network devices, and is designed principally for
	Ethernet and wireless network interfaces.
	For more information, see the &man.ndis.4; and
	&man.ndiscvt.8; manual pages.</para>

      <para>The &man.ng.atmllc.4; Netgraph node type, which handles
        RFC 1483 ATM LLC encapsulation, has been added.</para>

      <para>The &man.ng.hub.4; Netgraph node type, which supports
        a simple packet distribution that acts like an Ethernet hub
        has been added.  &merged;</para>

      <para>The &man.ng.rfc1490.4; Netgraph node type now supports
	Cisco style encapsulation which is often used alongside
	RFC 1490 in frame relay links.</para>

      <para>The &man.ng.sppp.4; Netgraph node type, which is a &man.netgraph.4
	interface to the original &man.sppp.4 network module for synchronous
	lines has been added.</para>

      <para>A new Netgraph method to allow restoration of some
	behavior lost in the change from 4.x style &man.ng.tee.4;
	Netgraph nodes.</para>

      <para>The &man.ng.vlan.4; Netgraph node type, which supports
        IEEE 802.1Q VLAN tagging has been added.  &merged;</para>

      <para>A bug that prevents VLAN support in the &man.nge.4; driver
        from working has been fixed.  &merged;</para>

      <para>The &man.pci.4; bus resource and power management have
	been updated.

	<note>
	  <para>Although the &man.pci.4; bus power state management
	    has been enabled, it may cause problems on some systems.
	    This can be disabled by setting the tunable
	    <varname>hw.pci.do_powerstate</varname> to 0.</para>
	</note>
      </para>

      <para>Several bugs related to &man.polling.4; support
        in the &man.rl.4; driver have been fixed.  &merged;</para>

      <para>Several bugs related to multicast and promiscuous mode
	handling in the &man.sk.4; driver have been fixed.</para>

      <para>The &man.ste.4; driver now supports &man.polling.4;.
        &merged;</para>

      <para>The &man.udav.4; driver has been added.  It provides
	support for USB Ethernet adapters based on the Davicom DM9601
	chipset.</para>

      <para>The &man.vr.4; driver now supports &man.polling.4;.  &merged;</para>

      <para>The hardware TX checksum support in the &man.xl.4; driver
	has been disabled as it does not work correctly and slows down
	the transmission rate.  &merged;</para>

      <para>The per-interface &man.polling.4; support has been
	implemented.  All of the network drivers that support &man.polling.4;
	(&man.dc.4;, &man.fxp.4;, &man.em.4;, &man.nge.4;, &man.re.4;,
	&man.rl.4;, &man.sis.4;, &man.ste.4;, and &man.vr.4;)
	now also support this capability and it can be controlled
	via &man.ifconfig.8;.  &merged;</para>
    </sect3>

    <sect3 id="net-proto">
      <title>Network Protocols</title>

      <para>The <literal>DA_OLD_QUIRKS</literal> kernel option,
	which is for the CAM SCSI disk driver (&man.cam.4;)
	has been removed.  &merged;</para>

      <para>The &man.gre.4; tunnel driver now supports WCCP version
	2.</para>

      <para>&man.ipfw.4; rules now support the <literal>versrcreach</literal>
        option to verify that a valid route to the source address
	of a packet exists in the routing table.
	This option is very useful for routers with a complete view of
	the Internet (BGP) in the routing table to reject packets with
	spoofed or unroutable source addresses.  For example,

	<programlisting>deny ip from any to any not versrcreach</programlisting>

	is equivalent to the following in Cisco IOS syntax:

	<programlisting>ip verify unicast source reachable-via any</programlisting>
      </para>

      <para>&man.ipfw.4; now supports lookup tables.  This feature is
        useful for handling large sparse address sets. &merged;</para>

      <para>A new sysctl <varname>net.inet.ip.process_options</varname>
	to control the processing of IP options.  When this sysctl
	is set to <literal>0</literal> IP options are ignored and passed unmodified,
	set to <literal>1</literal> all IP options are processed (default),
	and set to <literal>2</literal> all packets with
	IP options are rejected with ICMP filter prohibited message,
	respectively.</para>

      <para>Some bugs in the IPsec implementation from the KAME
	Project have been fixed.  These bugs were related to freeing
	memory objects before all references to them were removed, and
	could cause erratic behavior or kernel panics after flushing
	the Security Policy Database (SPD).</para>

      <para>&man.natd.8; now supports multiple instances via
	a new option <option>globalports</option>.
	This allows &man.natd.8; to be bound to
	different network interfaces and sharing of load.</para>

      <para>The <literal>PFIL_HOOKS</literal> option is now enabled by
	default in the <filename>GENERIC</filename> kernel.  The most
	notable effect of this change is to make
	<application>IPFilter</application> work correctly when loaded
	as a kernel module.</para>

      <para>The link state change notification of Ethernet media
	support has been added to the routing socket.</para>

      <para>The LQM, Link Quality Monitoring support of &man.ppp.8;
	has been reimplemented.  The LQM, which is described
	in RFC 1989 allows PPP to keep track of the quality
	of a running connection.</para>

      <para>The following TCP features are now enabled by default: RFC
	3042 (Limited Retransmit), RFC 3390 (increased initial
	congestion window sizes), TCP bandwidth-delay product
	limiting.  More information can be found in &man.tcp.4;.</para>

      <para>&os;'s TCP implementation now includes support for a
	minimum MSS (settable via the
	<varname>net.inet.tcp.minmss</varname> sysctl variable) and a
	rate limit on connections that send many small TCP segments
	within a short period of time (via the
	<varname>net.inet.tcp.minmssoverload</varname> sysctl
	variable).  Connections exceeding this limit may be reset and
	dropped.  This feature provides protection against a class of
	resource exhaustion attacks.</para>

      <para>The TCP implementation now includes partial (output-only)
	support for RFC 2385 (TCP-MD5) digest support.  This feature,
	enabled with the <literal>TCP_SIGNATURE</literal> and
	<literal>FAST_IPSEC</literal> kernel options, is a TCP option
	for authenticating TCP sessions.  &man.setkey.8; now includes
	support for the TCP-MD5 class of security associations.
	&merged;</para>

      <para>The TCP connection reset handling has been improved to
        make several reset attacks as difficult as possible while
	maintaining compatibility with the widest range of TCP stacks.</para>

      <para>The implementation of RFC 1948 has been improved.
	The time offset component of an ISN now includes random positive
	increments between clock ticks so that ISNs will always
	be increasing, no matter how quickly the port is recycled.</para>

      <para>The random ephemeral port allocation, which come from OpenBSD
	has been implemented.  This is enabled by default and can be disabled
	using the <varname>net.inet.ip.portrange.randomized</varname>
	sysctl.  &merged;</para>

      <para>TCP Selective Acknowledgements (SACK) as described in RFC
        2018 have been added.  This improves TCP performance over
        connections with heavy packet loss.  SACK can be enabled with
        the sysctl <varname>net.inet.tcp.sack.enable</varname>.</para>

      <para>&man.udav.4; driver now supports promiscuous mode.</para>

    </sect3>

    <sect3 id="disks">
      <title>Disks and Storage</title>

      <para>The &man.ata.4; driver now supports cardbus ATA/SATA
        controllers.</para>

      <para>A number of bugs in the &man.ata.4; driver have been
	fixed.  Most notably, master/slave device detection should
	work better, and some problems with timeouts should be
	resolved.</para>

      <para>The &man.ata.4; driver now supports the Promise command
	sequencer present on all modern Promise controllers
	(PDC203** PDC206**).

	<note>
	  <para>This also adds preliminary support for the
	    Promise SX4/SX4000 as a <quote>normal</quote> Promise ATA
	    controller; ATA RAID's are supported though
	    but only RAID0, RAID1 and RAID0+1.</para>
	</note>
      </para>

      <para arch="pc98">A bug of the automatic density selection code
	in the &man.fd.4; driver has been fixed.</para>

      <para>The &man.ips.4; driver now supports the recent
	Adaptec ServeRAID series SCSI controller cards.</para>

      <para arch="sparc64">A bug in the &man.isp.4; driver
        which prevents the cards on SBus from working correctly,
	has been fixed.</para>

      <para arch="i386">The &man.twa.4; driver, which supports
	3ware's 9000 series PATA/SATA RAID controllers has been added.  &merged;</para>

      <para>The &man.umass.4; driver now supports the missing
	ATAPI MMC commands and handles the timeout properly.  &merged;</para>

      <para>The &man.vinum.4; volume manager, has been updated to use
        &man.geom.4;, the 5.x disk I/O request transformation framework.
	A gvinum userland tool has been added.</para>

      <para arch="sparc64">The &man.esp.4; device driver has been
        ported from NetBSD to support the SBus SCSI card in Sun Ultra
        1e and 2 machines.</para>

      <para>Support for LSI-type software RAID has been added.</para>

    </sect3>

    <sect3 id="fs">
      <title>File Systems</title>

      <para>The EXT2FS file system code now includes partial support
	for large (&gt; 4GB) files.  This support is partial in that
	it will refuse to create large files on filesystems that have
	not been upgraded to <literal>EXT2_DYN_REV</literal> or that
	do not have the
	<literal>EXT2_FEATURE_RO_COMPAT_LARGE_FILE</literal> flag set
	in the superblock.</para>

      <para>A bug in GEOM that could result in I/O hangs in some rare
	cases has been fixed.</para>

      <para>A new <literal>GEOM_CONCAT</literal>
	class has been added to concatenate
        multiple disks to appear as a single larger disk.</para>

      <para>A new <literal>GEOM_NOP</literal> class for various
	testing purposes has been added.</para>

      <para>A new <literal>GEOM_STRIPE</literal>
	class which implements RAID0 transformation has been added.
	This class has two modes: <quote>FAST</quote> and
	<quote>ECONOMIC</quote>.  In the <quote>FAST</quote> mode,
	when very small stripe size is used, only one I/O request
	will be send to every disks in stripe, and it is about 10
	times faster for small stripe size than <quote>ECONOMIC</quote>
	mode and other RAID0 implementations.
	While this <quote>FAST</quote> mode is used by default,
	because this mode consumes some more memory,
	<quote>ECONOMIC</quote> mode which sends requests each time,
	can be enabled by setting a loader tunable
	<varname>kern.geom.stripe.fast</varname> to 0.
	It is also possible to setup maximum memory
	which <quote>FAST</quote> mode can consume,
	by setting a loader tunable
	<varname>kern.geom.stripe.maxmem</varname>.</para>

      <para>GEOM Gate, which consists of a new <literal>GEOM_GATE</literal>
	class and several GEOM Gate userland utilities
	(&man.ggatel.8;, &man.ggatec.8;,
	and &man.ggated.8;) has been added.  It supports exporting
	devices including not GEOM-aware ones through network.</para>

      <para>A new <literal>GEOM_LABEL</literal>
	class to detect volume labels on various file systems,
	such as UFS, MSDOSFS (FAT12, FAT16, FAT32), and ISO9660,
	has been added.</para>

      <para>A new kernel option <literal>GEOM_GPT</literal>
	which supports the ability to have a large
	number of partitions on a single disk, has been added into
	<filename>GENERIC</filename> by default.</para>

      <para>A new <literal>GEOM_VINUM</literal> class to support
	cooperation between &man.vinum.4; and &man.geom.4;,
	has been added.</para>

      <para>A panic in the NFSv4 client has been fixed; this occurred
	when attempting operations against an NFSv3/NFSv2-only
	server.</para>

      <para>The SMBFS client now has support for SMB request signing,
	which prevents <quote>man in the middle</quote> attacks and is
	required in order to connect to Windows 2003 servers in their
	default configuration.  As signing each message imposes a
	significant performance penalty, this feature is only enabled
	if the server requires it; this may eventually become an
	option to &man.mount.smbfs.8;.</para>

      <para>A kernel option <literal>options MSDOSFS_LARGE</literal>
	has been added to support for FAT32 filesystems bigger
	than 128GB.  This is not enabled by default, and note
	that this uses at least 32 bytes of kernel memory for
	each file on disk, but this is only safe to use in certain
	controlled situations such as read-only mount
	with less than 1 million files and so on.
	And this does not support exporting these large filesystems
	over NFS.</para>
    </sect3>

    <sect3 id="mm">
      <title>Multimedia Support</title>

      <para>The meteor (video capture) driver has been removed due to
	breakage and lack of maintainership.</para>

      <para>The Direct Rendering Manager (DRM) code has been updated
        from the DRI Project CVS tree as of 2004-05-26.  This update
        includes new PCI IDs and a new packet for Radeon.</para>

    </sect3>

    <sect3>
      <title>Contributed Software</title>

      <para><application>ALTQ framework</application>
	has been imported from the KAME snapshot as of 20040607.
	This import breaks ABI compatibility of
	<varname>struct ifnet</varname>.
	Additionally some of the networking drivers have been
	modified to support the ALTQ framework.
	Updated drivers are &man.bfe.4;, &man.em.4;, &man.fxp.4;,
	&man.em.4;, &man.lnc.4;, &man.tun.4;, &man.de.4;,
	&man.rl.4;, &man.sis.4;, and &man.xl.4;.</para>

      <para><application>IPFilter</application> has been updated
	from version 3.4.31 to version 3.4.35 &merged;.</para>

      <para arch="ia64">An ia64 stack unwinder,
	<application>Unwind Express (libuwx)</application>
	by Hewlett-Packard has been imported for use in the kernel.</para>
    </sect3>
  </sect2>

  <sect2 id="userland">
    <title>Userland Changes</title>

    <para>&man.bsdlabel.8; now supports a <option>-f</option> option
      to work on files instead of disk partitions.</para>

    <para>&man.bsdtar.1; is the default &man.tar.1; utility in &os;
      base system now.  <filename>/usr/bin/tar</filename>
      has been a symlink pointing to
      <filename>/usr/bin/bsdtar</filename> by default.
      To use <filename>/usr/bin/gtar</filename>, <varname>WITH_GTAR</varname>
      make variable can be used.</para>

    <para>The <command>bthidcontrol</command> command and the
      <command>bthidd</command> command, which support Bluetooth
      HID (Human Interface Device), have been added.</para>

    <para>&man.conscontrol.8; now supports
      <literal>set</literal> and <literal>unset</literal>
      commands which set/unset the virtual console.
      <literal>unset</literal> makes outputs from the system, such as
      the kernel &man.printf.9;, always go out to the real
      main console.  This is an interface to the tty ioctl
      <varname>TIOCCONS</varname>.</para>

    <para>The &man.cron.8 daemon now accepts two new options,
      <option>-j</option> and <option>-J</option>, to enable
      time jitter for jobs to run as unprivileged users and the
      superuser, respectively.  Time jitter means that &man.cron.8
      will sleep for a small random period of time in the specified
      range before executing a job.  This feature is intended to
      smooth load peaks appearing when a lot of jobs are scheduled
      for a particular moment. &merged;</para>

    <para>&man.cut.1; <option>-c</option>,
      <option>-d</option>, and <option>-f</option>
      now work correctly in locales with multibyte characters.</para>

    <para>&man.cvs.1; now supports <option>iso8601</option>
      option keyword to print dates in ISO 8601 format.</para>

    <para>&man.daemon.8; now supports a <option>-p</option>
      option to create a PID file.</para>

    <para>&man.df.1; now supports a <option>-c</option> option to display
      a grand total of statistics for file systems.</para>

    <para>The <command>doscmd</command> utility has been
      removed from the &os; base system, and has been available
      in the &os; Ports Collection instead.</para>

    <para>&man.dump.8; and &man.restore.8; now support
      a <option>-P</option> option to specify backup methods
      other than files and tapes.  The argument is passed to
      a normal &man.sh.1; pipeline with either
      <varname>$DUMP_VOLUME</varname> or <varname>$RESTORE_VOLUME</varname>
      defined in the environment, respectively.
      For more information, see &man.dump.8; and &man.restore.8;.</para>

    <para>The &man.eeprom.8; utility to display and
      modify system configurations stored in EEPROM or NVRAM
      has been added.  The current implementation supports
      systems equipped with Open Firmware.</para>

    <para arch="pc98">The &man.fdcontrol.8;, &man.fdformat.1;, and
      &man.fdread.1; utilities now work on &os;/pc98.</para>

    <para>&man.fgetwln.3; function, a wide character version of
      &man.fgetln.3; has been added.</para>

    <para>The &man.find.1; utility now supports a <option>-acl</option>
      primary to locate files with &man.acl.3;.</para>

    <para>The &man.find.1; utility now supports a new primary
      <option>-depth <replaceable>n</replaceable></option>
      which tests whether the depth of the current file relative
      to the starting point of the traversal is <replaceable>n</replaceable>.
      &merged;</para>

    <para>&man.ftw.3; and &man.nftw.3; functions have been implemented.
      These are used to traverse a directory hierarchy.</para>

    <para>The &man.geom.8; utility for operating on GEOM classes
      from the userland has been added.</para>

    <para>The &man.id.1; now supports a <option>-M</option> option
      to print the MAC label of the current process.</para>

    <para>&man.ifconfig.8; now supports renaming of network interfaces
      at run-time using the <option>name</option> parameter.</para>

    <para>&man.ifconfig.8; now prints the &man.polling.4; status
      on the interface.  &merged;</para>

    <para>&man.ifconfig.8; now provides options,
      <option>vlanmtu</option> and <option>-vlanmtu</option>,
      allowing to control the capability of some Ethernet interfaces
      to receive extended frames (i.e. frames containing more than
      1500 bytes of payload).</para>

    <para>&man.ifconfig.8; now provides options,
      <option>vlanhwtag</option> and <option>-vlanhwtag</option>,
      allowing to control the capability of some Ethernet interfaces
      to process VLAN tags in the hardware.</para>

    <para>&man.indent.1; now supports a <option>-ldi</option> option
      to control indentation of local variables.  A number of other
      tunings were made to this utility.</para>

    <para>&man.indent.1; now supports <option>-fbs</option> and
      <option>-ut</option> for function declarations
      with the opening brace on the same line as the declaration
      of arguments all spaces and no tabs in order
      to fix problem when non-8 space tabs are used.</para>

    <para>&man.ip6fw.8; now supports a <option>-n</option> flag to
      stop it from making any changes to the rules in the kernel</para>

    <para>&man.ipcs.1; now supports a <option>-u</option> option to
      display information about IPC mechanisms owned by the specified
      user.</para>

    <para>&man.ipfw.8; now supports a <option>-b</option> flag to
      print only the action and comment for each rule, thus omitting
      the rule body.</para>

    <para>&man.jail.8; now supports a <option>-U</option> option to
      run command as a user which exists only in the &man.jail.2;
      environment.</para>

    <para>&man.join.1; now supports multibyte characters.</para>

    <para>&man.killall.1; now supports a <option>-e</option> flag to
      make the <option>-u</option> operate on effective, rather than
      real, user IDs. &merged;</para>

    <para>&man.libalias.3; now has support (and a new API) for
      multiple aliasing instances in a single process.  The existing
      API has been reimplemented in terms of the new one to preserve
      compatibility.</para>

    <para>A <filename>libarchive</filename> library for manipulation
      of compressed and uncompressed archive files has been
      added.  More details can be found in &man.libarchive.3;.</para>

    <para arch="pc98"><filename>libdisk</filename> now uses the
      correct PC98 disk partition value for &os;.  This permits the
      &man.sysinstall.8; disk partition editor to correctly create a
      single &os; partition covering the entire disk. &merged;</para>

    <para><filename>libdisk</filename> now uses
      <varname>d_addr_t</varname> for disk addresses.
      This allows &man.sysinstall.8; to properly handle disks
      and filesystems more than 1 TB.</para>

    <para arch="i386,pc98,amd64,ia64">The library formerly known as
      <filename>libkse</filename> has been renamed
      <filename>libpthread</filename> and is now the default threading
      library on the i386, amd64, and ia64 platforms.
      <application>GCC</application>'s <option>-pthread</option>
      option has been changed to use <filename>libpthread</filename>
      rather than <filename>libc_r</filename>.

      <note>
	<para>Users with older binaries (for example, ports compiled
	  before this change was made) should use &man.libmap.conf.5;
	  to map <filename>libc_r</filename> and/or
	  <filename>libkse</filename> to
	  <filename>libpthread</filename>.</para>
      </note>

      <note>
	<para>Users with NVIDIA-supplied drivers and libraries may
	  need to use a &man.libmap.conf.5; that maps
	  <filename>libpthread</filename> references to the older
	  <filename>libc_r</filename> since these drivers and
	  utilities do not work with
	  <filename>libpthread</filename>.</para>
      </note>
    </para>

    <para>&man.ls.1; now treat filenames as multibyte character strings
      according to the current <varname>LC_CTYPE</varname>
      when determining which characters are printable.</para>

    <para>&man.make.1; now supports the new <literal>.warning</literal>
      directive.</para>

    <para>nearbyint(3) and nearbyintf(3) C99 functions
      have been implemented.</para>

    <para>&man.newsyslog.8; now allows the users to set
      a debugging option via the <filename>newsyslog.conf</filename>
      file.</para>

    <para>&man.newsyslog.8; now uses a new order when processing
      files to rotate.  The order first rotate all files that need
      to be rotated, and then send a single signal to each process
      which needs to be signaled, and finally it will compress
      all the files which were rotated.</para>

    <para>&man.nextwctype.3; function to iterate over all characters
      in a particular character class,
      has been added.</para>

    <para>Initial support for UTF-8 versions of all the currently
      supported system locales has been added.  This is primarily
      for the benefit of the <filename role="package">misc/utf8locale</filename>
      port.</para>

    <para>An Israel Hebrew locale <literal>he_IL.UTF-8</literal>
      has been added.</para>

    <para>The &man.logins.1; utility has been added to display
      information about user and system accounts.</para>

    <para>&man.mountd.8; now supports the <option>-p</option> option,
       which allows users to specify a known port for use
       in firewall rulesets.</para>

    <para>&man.netstat.1; now displays the multicast group
      memberships present in the system.</para>

    <para>&man.newfs.8; and &man.mdmfs.8; now support a
      <option>-l</option> flag to enable them to set the MAC
      multilabel flag on new filesystems without requiring the use of
      &man.tunefs.8;.</para>

    <para>&man.nologin.8; now reports login attempts via
       &man.syslogd.8;.</para>

    <para>&man.nologin.8; has been moved from <filename>/sbin/nologin</filename>
       to <filename>/usr/sbin/nologin</filename>, and
       <filename>/sbin/nologin</filename> remains as a symbolic link
       for backward compatibility.</para>

    <para>A bugfix has been applied to NSS support, which fixes
      problems when using third-party NSS modules (such as <filename
      role="package">net/nss_ldap</filename>) and groups with large
      membership lists.</para>

    <para>&man.od.1; now has POSIX-style support for multibyte
      characters.</para>

    <para>The &man.pgrep.1; and &man.pkill.1; commands, which come from NetBSD,
      have been added.  They also support a <option>-M</option> option
      to extract values associated with the name list from the
      specified core instead of the default <filename>/dev/kmem</filename>,
      and a <option>-N</option> option to extract the name list from
      the specified system instead of the default kernel.</para>

    <para>The &man.ppp.8; now support a <quote>set rad_alive
	<replaceable>N</replaceable></quote> command
      to enable periodic RADIUS accounting information
      being sent to the RADIUS server.</para>

    <para>&man.ps.1; compatibility with POSIX/SUSv3 has been improved.
      The changes include <option>-p</option> for a list of process IDs,
      <option>-t</option> for a list of terminal names,
      <option>-A</option> which is equivalent to <option>-ax</option>,
      <option>-G</option> for a list of group IDs,
      <option>-X</option> which is the opposite of <option>-x</option>,
      and some minor improvements.  For more information, see &man.ps.1;.
      &merged;</para>

    <para>&man.ps.1; now supports a <option>-O emul</option>
      format option, which prints the name of the system call emulation
      environment the process is in.</para>

    <para>&man.pw.8; now supports a <option>-H</option> option, which
      accepts an encrypted password on a file descriptor. &merged;</para>

    <para>A bug in &man.rarpd.8; that prevents it from working properly
      when a interface has more than one IP address has been fixed.
      &merged;</para>

    <para>&man.regex.3; now supports regular expression matching aware
      of multibyte characters.</para>

    <para>The configuration files used by the &man.resolver.3; now
      support the <literal>timeout:</literal> and
      <literal>attempts:</literal> keywords.</para>

    <para>The &man.resolver.3; and associated interfaces are now much
      more reentrant and thread-safe.  Multiple DNS lookups can now be
      run at the same time, showing major improvements in the
      performance of some multi-threaded applications.  Some
      multi-threaded programs need to be recompiled; examples from the
      Ports Collection are <filename
      role="package">www/mozilla</filename> and variants, <filename
      role="package">mail/evolution</filename>, <filename
      role="package">devel/gnomevfs</filename>, and <filename
      role="package">devel/gnomevfs2</filename>.</para>

    <para>&man.rev.1; now supports multibyte characters.</para>

    <para>&man.rmdir.1; now supports a <option>-v</option> flag,
      which makes it verbose.</para>

    <para>&man.savecore.8; now works correctly for dump files larger
      than 2GB.</para>

    <para>A bug in &man.script.1; has been fixed so that it now works
      correctly if its stdin is closed.  This fix prevents a
      potentially dangerous interaction with the <filename
      role="package">sysutils/portupgrade</filename> package; if it was
      run non-interactively, it could remove all out-of-date
      ports without reinstalling them.</para>

    <para>The &man.sdpd.8; Bluetooth Service Discovery Protocol daemon
      has been added.</para>

    <para>&man.sed.1; <literal>y</literal> (translate) command
      now supports multibyte characters.</para>

    <para>&man.sha1.1; and &man.rmd160.1; utility have been added.
      &merged;</para>

    <para>&man.smbmsg.8;, a small utility to send/receive SMBus messages
      has been added.</para>

    <para arch="sparc64">&man.sunlabel.8; now supports two new flags:
      <option>-c</option> to calculate all partition sizes
      in cylinders as opposed to sectors, and
      <option>-h</option> to print the label in human readable
      size/offset format.</para>

    <para>&man.talk.1; now use <hostid>localhost</hostid>
      as a default machine name in &man.talkd.8;
      request packets, when the destination and source are local.
      This makes &man.talk.1; dependent on a valid host entry
      for <hostid>localhost</hostid> in <filename>/etc/hosts</filename>
      or the DNS.</para>

    <para>&man.tftpd.8; now supports two new options:
      a <option>-w</option> option allows new files to be created,
      and a <option>-U</option> option allows the umask to be set.</para>

    <para>&man.top.1; now supports to display the current amount
      of I/O.  This feature can be enabled by hitting <quote>m</quote>
      or passing the command line option <option>-m io</option>.</para>

    <para>&man.tr.1; now supports multibyte characters.</para>

    <para arch="amd64">&man.truss.1; now includes early support
      for &os;/amd64.</para>

    <para>Many userland utilities in the base system (mostly GNU
      contributed utilities) now use the system version of
      &man.getopt.long.3;, rather than the GNU version.</para>

    <sect3 id="rc-scripts">
      <title><filename>/etc/rc.d</filename> Scripts</title>

      <para>The <filename>diskless</filename> script has been
	split out into <filename>hostname</filename>,
        <filename>resolve</filename>, <filename>tmp</filename>, and
        <filename>var</filename> scripts.</para>

      <para>The <filename>gbde_swap</filename> script, which supports
	gbde-enabled swap devices has been added.
	When the <varname>gbde_swap_enable</varname> variable is specified
	in &man.rc.conf.5;, a swap device named
	<filename>/dev/<replaceable>foo.bde</replaceable></filename>
	in &man.fstab.5;
	is automatically attached at boot time with the device
	<filename>/dev/<replaceable>foo</replaceable></filename>
	and a random key, which
	generated by computing the MD5 checksum of 512 bytes read
	from <filename>/dev/random</filename>.
	Note that this prevents recovery of kernel dumps.</para>

      <para>The <varname>ip6addrctl_enable</varname> and
	<varname>ip6addrctl_verbose</varname> have been added.
	When <varname>ip6addrctl_enable</varname> is set
	to <literal>YES</literal>,
	the address selection policy is installed into the kernel.
	If there is <filename>/etc/ip6addrctl.conf</filename>
	it will be used, otherwise a default policy will be installed.
	The default policy is one described in RFC 3484 when
	<varname>ipv6_enable</varname> is set to <literal>YES</literal>.
	Otherwise, the priority policy for IPv4 address will be used
	as a default policy.</para>

      <para>The <filename>mixer</filename> script has been added.
	It saves the current settings of all audio mixers present
	in the system on shutdown and restores the settings on boot.</para>

      <para>The <filename>pf</filename> and <filename>pflog</filename>
        scripts for &man.pf.4; has been added.</para>
    </sect3>
  </sect2>

  <sect2 id="contrib">
    <title>Contributed Software</title>

    <para>The <application>ACPI-CA</application> code has been updated
      from the 20030619 snapshot to the 20040527 snapshot.</para>

    <para>The <application>AMD (am-utils)</application> has been updated
      from version 6.0.9 to version 6.0.10p1.</para>

    <para><application>awk</application> from Bell Labs has been
      updated from the 29 July 2003 release to the 7 February 2004
      release.</para>

    <para><application>Binutils</application> have been updated to
      a 23 May 2004 snapshot from the FSF 2.15 branch.</para>

    <para><application>CVS</application> has been updated from
      version 1.11.15 to version 1.11.17.  &merged;</para>

    <para><application>gdtoa</application> (a library that performs
      conversions of numbers between binary and decimal form) has been
      updated from version 20030324 to version 20040118.</para>

    <para><application>GDB</application> has been updated to version
      6.1.1.</para>

    <para><application>GNU grep</application> has been updated from
      2.4d to 2.5.1.</para>

    <para><application>less</application> has been updated from
      version 371 to version 381.</para>

    <para><application>GNU readline</application> 4.3 has been updated
      with official patches 001 through 005.</para>

    <para>The <application>GNU regex</application> library has been
      updated to the version included with <application>GNU
      grep</application> 2.5.1.</para>

    <para><application>GNU sort</application> has been updated from
      textutils 2.1 to coreutils 5.2.1.</para>

    <para>The <application>GNU tar</application> implementation in the
      base system is now called <filename>gtar</filename>.</para>

    <para><application>Heimdal Kerberos</application> has been
       updated from 0.6 to 0.6.1.</para>

    <para>The <application>ISC DHCP</application> client has been
       updated from 3.0.1 RC10 to 3.0.1 RC14.</para>

    <para><application>libpcap</application> has been updated from
      version 0.7.1 to version 0.8.3.</para>

    <para><application>lukemftp</application>
      has been updated from a snapshot as of
      November 3, 2003 to one as of April 26, 2004.</para>

    <para><application>OpenPAM</application> has been updated from the
      Dogwood release to the Eelgrass release.</para>

    <para><application>OpenSSH</application> has been updated from
      3.6.1p1 to 3.8.1p1.

      <note>
	<para>The configuration defaults for &man.sshd.8; have been
	  changed.  SSH protocol version 1 is no longer enabled by
	  default.  In addition, password authentication over SSH is
	  disabled by default if PAM is enabled.</para>
      </note>
      </para>

    <para><application>OpenSSL</application> has been updated from
      0.9.7c to 0.9.7d.  &merged;</para>

    <para><application>pf</application>, OpenBSD's packet filter as of
      OpenBSD 3.5, has been imported into &os; source tree and is now installed
      by default.  A new user <username>proxy</username>, and two new
      groups <username>authpf</username> and <username>proxy</username>,
      which <application>pf</application> needs, are added as well.</para>

      <note>
	<para>On upgrading from the source, these user accounts must be
	  added in advance.  The <varname>NO_PF</varname> variable
	  in <filename>make.conf</filename> can be used to prevent
	  <application>pf</application> from building.</para>
      </note>

    <para>Several userland utilities of OpenBSD's
      <application>pf</application> have been imported.
      <filename>libexec/ftp-proxy</filename> is an ftp proxy for
      <application>pf</application>,
      <filename>sbin/pfctl</filename> is an equivalent to
      <filename>sbin/ipf</filename>,
      <filename>sbin/pflogd</filename>
      is a daemon logging packets via <literal>if_pflog</literal>
      in pcap format, and
      <filename>usr.sbin/authpf</filename> is an authentication shell
      to modify pf rulesets.</para>

    <para><application>routed</application> has been updated from
      release 2.22 to release 2.27 from rhyolite.com.  Note that for
      users relying on RIP's MD5 authentication feature,
      &man.routed.8; routed is now incompatible with previous versions
      of &os;; however it is now compatible with implementations from
      Sun, Cisco and other vendors.</para>

    <para><application>sendmail</application> has been updated from
      version 8.12.10 to version 8.13.1. &merged;</para>

    <para><application>tcpdump</application> has been updated from
      version 3.7.1 to version 3.8.3.</para>

    <para><application>tcsh</application> has been updated from
      version 6.11 to version 6.13.00.</para>

    <para>The timezone database has been updated from
      <filename>tzdata2003a</filename> to
      <filename>tzdata2004a</filename>.</para>

    <para><application>zlib</application> has been updated to
      from version 1.1.4 to version 1.2.1.</para>
  </sect2>

  <sect2 id="ports">
    <title>Ports/Packages Collection Infrastructure</title>

    <para>The <literal>SIZE</literal> attribute for distfiles,
      which can be used for checking file sizes before fetching,
      has been added and enabled by default.
      <varname>DISABLE_SIZE</varname> is a user control knob
      to disable the distfile size checking.  This is especially
      useful on old &os; versions which did not have &man.fetch.1;
      support for this, and for some FTP proxies which always
      report incorrect or bogus sizes.</para>

    <para>Two new files have been added to the ports tree to track
      note-worthy changes:  <filename>ports/CHANGES</filename> lists
      major changes to the Ports Collection and its infrastructure.
      <filename>ports/UPDATING</filename> describes some potential
      pitfalls that can be encountered when updating certain ports,
      analogous to <filename>src/UPDATING</filename> for the base
      system.</para>

    <para>The version number parsing code has been rewritten in the
      system pkg tools, restoring compatibility with 4.x and
      portupgrade.</para>

    <para>The package tools can now match packages with relational
      operators and csh-style {...} choices, e.g.:</para>

    <screen>&prompt.root; <userinput>pkg_info -I 'docbook>=3.0'</userinput></screen>

    <para>will list (all) docbook DTDs with at least version 3.0.
      Additional command line options have also been added to aid
      pattern matching.</para>

    <para>The package tools have improved handling of corrupt package
      databases.</para>

    <para>&man.pkg.create.1; now supports a <option>-S</option>
      option to make all <literal>@cwd</literal> be prefixed
      during package creation.</para>

    <para>&man.pkg.info.1; now supports a <option>-j</option>
      option to show the requirements script for each package.</para>
  </sect2>

  <sect2 id="releng">
    <title>Release Engineering and Integration</title>

    <para arch="i386,pc98">The building process for boot floppy images
      has been completely overhauled.  The most significant change is
      that the loader now boots a stock <filename>GENERIC</filename>
      kernel split across multiple disks (two at the time of this
      writing).  This greatly improves installations that begin with a
      boot from floppy disk, because they now use exactly the same
      kernel (and thus support the same hardware) as CDROM
      installations.  The stripped-down <filename>MFSROOT</filename>
      kernel is no longer needed, and the <filename>mfsroot</filename>
      image no longer requires kernel modules.  The
      <filename>boot.flp</filename> and
      <filename>driver.flp</filename> images are also obsolete and no
      longer built.</para>

    <para>The supported release of <application>GNOME</application>
      has been updated from 2.4 to 2.6.

      <note>
	<para>If you are using the older <application>GNOME</application>
	  desktop itself (<filename role="package">x11/gnome2</filename>), simply upgrading it from the &os; Ports Collection
	  with
	  &man.portupgrade.1;
	  (<filename role="package">sysutils/portupgrade</filename>)
	  will cause serious problems.
	  If you are a <application>GNOME</application> desktop user,
	  please read the instructions carefully at
	  <ulink url="&url.base;/gnome/docs/faq26.html"></ulink>,
	  and use the <filename>gnome_upgrade.sh</filename> script to
	  properly upgrade to <application>GNOME</application> 2.6.</para>

	<para>Note that if you are just a casual user of some of the
	  <application>GNOME</application> libraries,
	  &man.portupgrade.1; should be sufficient
	  to update your ports.</para>
      </note>
    </para>

    <para>The supported release of <application>KDE</application>
      has been updated from 3.1.4 to 3.2.3.</para>

    <para>The <filename role="package">security/portaudit</filename> utility
      now exists in the ports collection.  This utility will read a database
      containing known ports vulnerabilities and report them to the
      administrator.</para>
  </sect2>

  <sect2 id="doc">
    <title>Documentation</title>

    <para></para>

  </sect2>
</sect1>

<sect1 id="upgrade">
  <title>Upgrading from previous releases of &os;</title>

  <para>Users with existing &os; systems are
    <emphasis>highly</emphasis> encouraged to read the <quote>Early
    Adopter's Guide to &os; &release.current;</quote>.  This document generally has
    the filename <filename>EARLY.TXT</filename> on the distribution
    media, or any other place that the release notes can be found.  It
    offers some notes on upgrading, but more importantly, also
    discusses some of the relative merits of upgrading to &os;
    5.<replaceable>X</replaceable> versus running &os;
    4.<replaceable>X</replaceable>.</para>

  <important>
    <para>Upgrading &os; should, of course, only be attempted after
      backing up <emphasis>all</emphasis> data and configuration
      files.</para>
  </important>
</sect1>