Date: Sun, 17 Jul 2005 09:36:49 GMT From: soc-andrew <soc-andrew@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 80382 for review Message-ID: <200507170936.j6H9anHx001360@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=80382 Change 80382 by soc-andrew@soc-andrew_serv on 2005/07/17 09:36:24 Catchup with libmemstat + new release docs Affected files ... .. //depot/projects/soc2005/bsdinstaller/src/contrib/bsdinstaller/backend/installer/flow.c#2 edit .. //depot/projects/soc2005/bsdinstaller/src/lib/Makefile#3 integrate .. //depot/projects/soc2005/bsdinstaller/src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#4 integrate .. //depot/projects/soc2005/bsdinstaller/src/release/doc/share/sgml/release.ent#2 integrate .. //depot/projects/soc2005/bsdinstaller/src/usr.sbin/bsdinstaller/backend/Makefile#5 edit Differences ... ==== //depot/projects/soc2005/bsdinstaller/src/contrib/bsdinstaller/backend/installer/flow.c#2 (text+ko) ==== @@ -73,6 +73,8 @@ #include "fn.h" #include "pathnames.h" +#include "extra_flow.h" + /*** GLOBALS ***/ void (*state)(struct i_fn_args *) = NULL; @@ -1160,7 +1162,8 @@ fn_create_subpartitions(a); if (a->result) { - state = state_install_os; + /* state = state_install_os; */ + state = state_select_distros; } else { state = disk_get_formatted(storage_get_selected_disk(a->s)) ? state_select_disk : state_select_slice; ==== //depot/projects/soc2005/bsdinstaller/src/lib/Makefile#3 (text+ko) ==== @@ -1,5 +1,5 @@ # @(#)Makefile 8.1 (Berkeley) 6/4/93 -# $FreeBSD: src/lib/Makefile,v 1.205 2005/04/20 20:50:32 marcel Exp $ +# $FreeBSD: src/lib/Makefile,v 1.206 2005/07/14 17:59:50 rwatson Exp $ # To satisfy shared library or ELF linkage when only the libraries being # built are visible: @@ -29,7 +29,7 @@ libcalendar libcam libcompat libdevinfo libdevstat ${_libdisk} \ libedit libexpat libfetch libform libftpio libgeom ${_libgpib} \ ${_libio} libipsec \ - libipx libkiconv libmagic libmenu ${_libmilter} ${_libmp} \ + libipx libkiconv libmagic libmemstat libmenu ${_libmilter} ${_libmp} \ ${_libncp} ${_libngatm} libopie libpam libpanel libpcap \ libpmc ${_libpthread} ${_libsdp} ${_libsm} ${_libsmb} ${_libsmdb} \ ${_libsmutil} libstand libtelnet ${_libthr} ${_libthread_db} libufs \ ==== //depot/projects/soc2005/bsdinstaller/src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#4 (text+ko) ==== @@ -3,7 +3,7 @@ <corpauthor>The &os; Project</corpauthor> - <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.883 2005/07/10 03:47:00 hrs Exp $</pubdate> + <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.885 2005/07/15 16:38:52 hrs Exp $</pubdate> <copyright> <year>2000</year> @@ -113,323 +113,25 @@ <sect2 id="security"> <title>Security Advisories</title> - <para>A bug in the &man.fetch.1; utility, which allows - a malicious HTTP server to cause arbitrary portions of the client's - memory to be overwritten, has been fixed. - For more information, see security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:16.fetch.asc">FreeBSD-SA-04:16.fetch</ulink>. - &merged;</para> - - <para>A bug in &man.procfs.5; and &man.linprocfs.5; - which could allow a malicious local user to read parts of kernel - memory or perform a local - denial of service attack by causing a system panic, - has been fixed. - For more information, see security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc">FreeBSD-SA-04:17.procfs</ulink>. - &merged;</para> - - <para>Two buffer overflows in the TELNET client program have been - corrected. They could have allowed a malicious TELNET server or - an active network attacker to cause &man.telnet.1; to execute - arbitrary code with the privileges of the user running it. - More information can be found in security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc">FreeBSD-SA-05:01.telnet</ulink>. - &merged;</para> - - <para>An information disclosure vulnerability in the - &man.sendfile.2; system call, which could permit it to transmit - random parts of kernel memory, has been fixed. More details are - in security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc">FreeBSD-SA-05:02.sendfile</ulink>. - &merged;</para> - - <para arch="amd64">A possible privilege escalation vulnerability on &os;/amd64 - has been fixed. This allows unprivileged users to gain direct - access to some hardware which cannot be accessed - without the elevated privilege level. More details are in security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc">FreeBSD-SA-05:03.amd64</ulink>. - &merged;</para> - - <para>An information leak vulnerability in the - <literal>SIOCGIFCONF</literal> &man.ioctl.2;, which leaked 12 - bytes of kernel memory, has been fixed. More details are in security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc">FreeBSD-SA-05:04.ifconf</ulink>. - &merged;</para> - - <para>Several programming errors in &man.cvs.1;, which could - potentially cause arbitrary code to be executed on CVS servers, - have been corrected. Further information can be found in - security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc">FreeBSD-SA-05:05.cvs</ulink>. - &merged;</para> - - <para>An error in the default permissions on the <filename - class="devicefile">/dev/iir</filename> device node, which - allowed unprivileged local users can send commands to the - hardware supported by the &man.iir.4; driver, has been fixed. - For more information, see security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc">FreeBSD-SA-05:06.iir</ulink>. - &merged;</para> - - <para>A bug in the validation of &man.i386.get.ldt.2; system call - input arguments, which may allow kernel memory to be disclosed - to a user process, has been fixed. For more information, see - security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc">FreeBSD-SA-05:07.ldt</ulink>. - &merged;</para> - - <para>Several information disclosure vulnerabilities in various - parts of the kernel have been fixed. For more information, see - security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc">FreeBSD-SA-05:08.kmem</ulink>. - &merged;</para> - - <para arch="i386,amd64">Because of an information disclosure vulnerability on - processors using Hyper-Threading Technology (HTT), the - <varname>machdep.hyperthreading_allowed</varname> sysctl - variable has been added. It defaults to <literal>1</literal> - (HTT enabled) on &os; CURRENT, and <literal>0</literal> (HTT - disabled) on the 4-STABLE and 5-STABLE development branches and - supported security fix branches. More information can be found - in security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc">FreeBSD-SA-05:09.htt</ulink>. - &merged;</para> - - <para>A bug in the &man.tcpdump.1; utility which allows - a malicious remote user to cause a denial-of-service - by using specially crafted packets, has been fixed. - For more information, see security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:10.tcpdump.asc">FreeBSD-SA-05:10.tcpdump</ulink>. - &merged;</para> - - <para>Two problems in the &man.gzip.1; utility have been fixed. - These may allow a local user to modify permissions - of arbitrary files and overwrite arbitrary local - files when uncompressing a file. - For more information, see security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:11.gzip.asc">FreeBSD-SA-05:11.gzip</ulink>. - &merged;</para> - - <para>A bug in <application>BIND 9</application> DNSSEC has been fixed. - When DNSSEC is enabled, this bug may allow a remote attacker to inject - a specially crafted packet which will cause &man.named.8; to terminate. - For more information, see security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:12.bind9.asc">FreeBSD-SA-05:12.bind9</ulink>. - &merged;</para> - - <para>A bug has been fixed in &man.ipfw.4; that could cause - packets to be matched incorrectly against a lookup table. This - bug only affects SMP machines or UP machines that have the - <literal>PREEMPTION</literal> kernel option enabled. More - information is contained in security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc">FreeBSD-SA-05:13.ipfw</ulink>. - &merged;</para> - - <para>Two security-related problems have been fixed in - &man.bzip2.1;. These include a potential denial of service and - unauthorized manipulation of file permissions. For more - information, see security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip2.asc">FreeBSD-SA-05:14.bzip2</ulink>. - &merged;</para> - - <para>Two problems in &os;'s TCP stack have been fixed. They - could allow attackers to stall existing TCP connections, - creating a denial-of-service situation. More information is - contained in security advisory - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc">FreeBSD-SA-05:15.tcp</ulink>. - &merged;</para> - + <para></para> </sect2> <sect2 id="kernel"> <title>Kernel Changes</title> - <para arch="i386">Support for 80386 processors (the - <literal>I386_CPU</literal> kernel configuration option) has - been removed. Users running this class of CPU should use &os; - 5.<replaceable>X</replaceable> or earlier.</para> + <para>A new sysctl variable <varname>kern.malloc_stats</varname> + has been added. This allows to export kernel malloc + statistics via a binary structure stream.</para> - <para>The kernel debugger &man.ddb.4; now supports a - <command>show alllocks</command> command, which dumps a list of processes - and threads currently holding sleep mutexes (and spin mutexes for - the current thread). &merged;</para> - - <para arch="amd64,i386,pc98">The kernel crash dump format has been changed to - ELF to support large memory (more than 4GB) environment.</para> - - <para>The &man.ichsmb.4; driver is now available as a loadable - kernel module.</para> - - <para>The &man.jail.8; feature now supports a new sysctl - <varname>security.jail.chflags_allowed</varname>, which controls the - behavior of &man.chflags.1; within a jail. - If set to <literal>0</literal> (the default), then a jailed <username>root</username> user is - treated as an unprivileged user; if set to <literal>1</literal>, then - a jailed root user is treated the same as an unjailed <username>root</username> user. &merged;</para> - - <para>A sysctl <varname>security.jail.getfsstatroot_only</varname> has been - renamed to <varname>security.jail.enforce_statfs</varname> and - now supports the following policies:</para> - - <informaltable frame="none"> - <tgroup cols="2"> - <colspec colwidth="1*"> - <colspec colwidth="3*"> - <thead> - <row> - <entry>Value</entry> - <entry>Policy</entry> - </row> - </thead> - - <tbody> - <row> - <entry>0</entry> - <entry>Show all mount-points without any restrictions.</entry> - </row> - - <row> - <entry>1</entry> - <entry>Show only mount-points below jail's chroot and show only part of the - mount-point's path (for example, if the jail's chroot directory is - <filename>/jails/foo</filename> and - mount-point is - <filename>/jails/foo/usr/home</filename>, - only <filename>/usr/home</filename> will be shown).</entry> - </row> + <para>A new sysctl variable <varname>vm.zone_stats</varname> + has been added. This allows to export &man.uma.9; allocator + statistics via a binary structure stream.</para> - <row> - <entry>2</entry> - <entry>Show only mount-point where jail's chroot directory is placed.</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para arch="alpha,amd64,i386,sparc64">The loader tunable <varname>debug.mpsafevm</varname> - has been enabled by default. &merged;</para> - - <para>&man.memguard.9;, a kernel memory allocator designed to help detect - <quote>tamper-after-free</quote> scenarios, has been added. - This must be explicitly enabled via <literal>options - DEBUG_MEMGUARD</literal>, plus small kernel modifications. It - is generally intended for use by kernel developers.</para> - - <para><varname>struct ifnet</varname> and network interface API - have been changed. Due to ABI incompatibility, all drivers - not in the &os; base system need to be updated to use - the new API and recompiled.</para> - - <para>A number of bugs have been fixed in the ULE - scheduler. &merged;</para> - - <para>Fine-grained locking to allow much of the VFS stack to run - without the Giant lock has been added. This is enabled by default - on the alpha, amd64, and i386 architectures, and can be disabled - by setting the loader tunable (and sysctl variable) - <varname>debug.mpsafevfs</varname> to - <literal>0</literal>.</para> - - <para arch="i386">A bug in Inter-Processor Interrupt (IPI) - handling, which could cause SMP systems to crash under heavy - load, has been fixed. More details are contained in errata note - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:03.ipi.asc">FreeBSD-EN-05:03.ipi</ulink>. - &merged;</para> - - <para>System V IPC objects (message queues, semaphores, and shared - memory) now have support for Mandatory Access Control policies, - notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and - &man.mac.test.4;.</para> - - <para arch="i386">Memory allocation for legacy PCI bridges has - been limited to the top 32MB of RAM. Many older, legacy bridges - only allow allocation from this range. This change only applies - to devices which do not have their memory assigned by the BIOS. - This change fixes the <quote>bad Vcc</quote> error of CardBus - bridges (&man.pccbb.4;). &merged;</para> - - <para>The &man.sysctl.3; MIBs beginning with <quote>debug</quote> - now require the kernel option <literal>options SYSCTL_DEBUG</literal>. - This option is disabled by default.</para> - - <para>The generic &man.tty.4; driver interface has been added - and many device drivers including - &man.cx.4; (<literal>{tty,cua}x</literal>), - &man.cy.4; (<literal>{tty,cua}c</literal>), - &man.digi.4; (<literal>{tty,cua}D</literal>), - &man.rc.4; (<literal>{tty,cua}m</literal>), - &man.rp.4; (<literal>{tty,cua}R</literal>), - &man.sab.4; (<literal>{tty,cua}z</literal>), - &man.si.4; (<literal>{tty,cua}A</literal>), - &man.sio.4; (<literal>{tty,cua}d</literal>), - sx (<literal>{tty,cua}G</literal>), - &man.uart.4; (<literal>{tty,cua}u</literal>), - &man.ubser.4; (<literal>{tty,cua}y</literal>), - &man.ucom.4; (<literal>{tty,cua}U</literal>), and - &man.ucycom.4; (<literal>{tty,cua}y</literal>) - have been rewritten to use it. Note that <filename>/etc/remote</filename> - and <filename>/etc/ttys</filename> have been updated as well.</para> - - <para>The &man.vkbd.4; driver has been added. This driver - provides a software loopback mechanism that can implement - a virtual AT keyboard similar to what the &man.pty.4; driver - does for terminals.</para> - - <!-- Above this line, sort kernel changes by manpage/keyword--> - - <para arch="i386,amd64">&os; always uses the local APIC timer - even on uni-processor systems now.</para> - - <para arch="i386,amd64,ia64">The default <varname>HZ</varname> - parameter (which controls various kernel timers) has been - increased from <literal>100</literal> to <literal>1000</literal> - on the i386 and ia64. It has been reduced from - <literal>1024</literal> to <literal>1000</literal> on the amd64 - to reduce synchronization effects with other system - clocks.</para> - - <para>The maximum length of shell commands has changed from 128 - bytes to <varname>PAGE_SIZE</varname>. By default, this value - is either 4KB (i386, pc98, amd64, and powerpc) or 8KB (sparc64 - and ia64). As a result, compatibility modules need to be - rebuilt to stay synchronized with data structure changes in the - kernel.</para> - - <para>A new tunable <varname>vm.blacklist</varname> has been added. - This can hold a space or comma separated list of physical addresses. - The pages containing these physical addresses will - not be added to the free list and thus will effectively - be ignored by the &os; VM system. The physical addresses - of any ignored pages are listed in the message buffer as well.</para> - <sect3 id="boot"> <title>Boot Loader Changes</title> - <para arch="i386">A serial console-capable version of - <filename>boot0</filename> has been added. It can be written - to a disk using &man.boot0cfg.8; and specifying - <filename>/boot/boot0sio</filename> as the argument to the - <option>-b</option> option.</para> - - <para arch="i386"><filename>cdboot</filename> now works around a - BIOS problem observed on some systems when booting from USB - CDROM drives.</para> - - <para>The <command>autoboot</command> loader command - now supports the prompt parameter.</para> + <para></para> - <para>The <command>autoboot</command> loader command will now prevent the user - from interrupting the boot process at all if the - <varname>autoboot_delay</varname> variable is set to - <literal>-1</literal>. &merged;</para> - - <para>A loader menu option to set <varname>hint.atkbd.0.flags=0x1</varname> - has been added. This setting allows USB keyboards to work - if no PS/2 keyboard is attached.</para> - - <para>The beastie boot menu has been disabled by default.</para> - <!-- Above this line, order boot loader changes by keyword--> </sect3> @@ -437,1228 +139,106 @@ <sect3 id="proc"> <title>Hardware Support</title> - <para arch="i386,amd64">The &man.acpi.4; driver now turns - the ACPI and PCI devices off or to a lower power state - when suspending, and back on again when resuming. - This behavior can be disabled by - setting the <varname>debug.acpi.do_powerstate</varname> and - <varname>hw.pci.do_powerstate</varname> sysctls to <literal>0</literal>.</para> - - <para arch="i386,amd64">The &man.acpi.ibm.4; driver for IBM laptops - has been added. It provides support for the various - hotkeys and reading fan status and thermal - sensors.</para> - - <para arch="i386,amd64">The &man.acpi.fujitsu.4; driver for handling - &man.acpi.4;-controlled buttons Fujitsu laptops has been added.</para> - - <para arch="i386,amd64">The acpi_sony driver, - which supports the Sony Notebook Controller on various - Sony laptops has been added.</para> - - <para>The &man.atkbdc.4;, &man.atkbd.4;, and &man.psm.4; - drivers have been rewritten in more bus-independent way, - and now support the EBus found on the sparc64 platform.</para> - - <para arch="sparc64">The following device drivers have been - added and enabled by default in the - <filename>GENERIC</filename> kernel: - &man.atkbdc.4;, - &man.atkbd.4;, - creator(4), - machfb(4), - &man.syscons.4;, - &man.ohci.4;, - &man.psm.4;, - &man.ukbd.4;, - &man.ums.4;, - and &man.usb.4;.</para> - - <para arch="sparc64">The &man.auxio.4; driver has been added; it supports - some auxiliary I/O functions found on various SBus/EBus - &ultrasparc; models. &merged;</para> - - <para arch="sparc64">The clkbrd driver has been added to support - the <literal>clock-board</literal> device frequently found on - Sun E<replaceable>xx</replaceable>00 servers.</para> - - <para>A framework for flexible processor speed control has been - added. It provides methods for various drivers to control CPU - power utilization by adjusting the processor speed. More - details can be found in the &man.cpufreq.4; manual page. &merged; - Currently supported drivers include ichss (Intel SpeedStep for ICH), - acpi_perf (ACPI CPU performance states), and acpi_throttle - (ACPI CPU throttling). The latter two drivers are contained - in the &man.acpi.4; driver. These can individually be disabled by setting device - hints such as <varname>hint.<replaceable>ichss</replaceable>.0.disabled="1"</varname>.</para> - - <para>The &man.hwpmc.4; hardware performance - monitoring counter driver has been added. - This driver virtualizes the hardware performance monitoring - facilities in modern CPUs and provides support for using - these facilities from user level processes. For more details, - see manual pages of &man.hwpmc.4;, associated libraries, - and associated userland utilities.</para> - - <para arch="i386">Support for the OLDCARD subsystem has - been removed. The NEWCARD system is now used for all PCCARD - device support.</para> - - <para>The pcii driver has been added to support GPIB-PCIIA IEEE-488 - cards. &merged;</para> - - <para>The &man.atkbd.4; driver now supports a <literal>0x8</literal> - (bit 3) flag to disable testing the keyboard port during - the device probe as this can cause hangs on some machines, - specifically Compaq R3000Z series amd64 laptops.</para> - - <para arch="i386">The &man.pbio.4; driver, - which supports direct access to - the Intel 8255A programmable peripheral interface (PPI) - chip running in mode 0 (simple I/O) has been added.</para> - - <para>The &man.psm.4; driver now has improved support for - Synaptics Touchpad users. It now has better tracking of - slow-speed movement and support for various extra - buttons and dials. These features can be tuned with the - <varname>hw.psm.synaptics.<replaceable>*</replaceable></varname> - hierarchy of sysctl variables.</para> - - <para arch="sparc64">The rtc driver has been added to support - the MC146818-compatible clock found on some &ultrasparc; II - and III models. &merged;</para> - - <para arch="i386">The &man.syscons.4; driver now supports VESA - (15, 16, 24, and 32 bit) modes. To enable this feature, two - kernel options <literal>SC_PIXEL_MODE</literal> and - <literal>VESA</literal> (or corresponding kernel module) - are needed.</para> - - <para arch="sparc64">The &man.uart.4; driver is now enabled in - the <filename>GENERIC</filename> kernel, and is now the - default driver for serial ports. The &man.ofw.console.4; and - &man.sab.4; drivers are now disabled in the - <filename>GENERIC</filename> kernel. &merged;</para> - - <para>The &man.uftdi.4; driver now supports the FTDI FT2232C - chip.</para> + <para></para> - <para>The &man.uplcom.4; driver now supports handling of the - <literal>CTS</literal> signal.</para> - - <para>The &man.ehci.4; driver has been improved.</para> - - <para arch="sparc64">The zs driver has been removed - in favor of the &man.uart.4; driver.</para> - <sect4 id="mm"> <title>Multimedia Support</title> - <para arch="sparc64">The &man.snd.audiocs.4; driver has been - added to support the Crystal Semiconductor CS4231 audio - controller found on &ultrasparc; - workstations. &merged;</para> - - <para>The &man.snd.csa.4; driver now supports - suspend and resume operation.</para> - - <para>The &man.uaudio.4; driver now has some added - functionality, including volume control on more inputs and - recording capability on some devices. &merged;</para> - + <para></para> </sect4> <sect4 id="net-if"> <title>Network Interface Support</title> - <para>The &man.ath.4; driver has been updated to split the - transmit rate control algorithm into a separate module. - One of <literal>device ath_rate_onoe</literal>, - <literal>device ath_rate_amrr</literal>, or - <literal>device ath_rate_sample</literal> must be included in - the kernel configuration when using the &man.ath.4; - driver.</para> - - <para>The &man.bge.4; driver now supports the &man.altq.4; - framework, as well as the BCM5714, 5721, 5750, 5751, 5751M and 5789 - chips. &merged;</para> - - <para>The &man.cdce.4; USB Communication Device Class Ethernet - driver has been added. &merged;</para> - - <para>The &man.cp.4; driver is now MPSAFE. &merged;</para> - - <para>The &man.ctau.4; driver is now MPSAFE. &merged;</para> - - <para>The &man.cx.4; driver is now MPSAFE. &merged;</para> - - <para>The &man.dc.4; driver now supports the &man.altq.4; - framework. &merged;</para> - - <para>The &man.ed.4; driver now supports the &man.altq.4; - framework. &merged;</para> - - <para>In the &man.em.4; driver, hardware support for VLAN - tagging is now disabled by default due to some interactions - between this feature and promiscuous mode. &merged;</para> - - <para>Ethernet flow control is now disabled by default in the - &man.fxp.4; driver, to prevent problems on a subnet when a system panics - or is left in the kernel debugger. &merged;</para> - - <para>The gx(4) driver has been removed because - it is no longer maintained actively and - the &man.em.4; driver supports all of the supported hardware.</para> - - <para>The &man.hme.4; driver is now MPSAFE. &merged;</para> - - <para>The &man.ipw.4; (for Intel PRO/Wireless 2100), - &man.iwi.4; (for Intel PRO/Wireless 2200BG/2225BG/2915ABG), - &man.ral.4; (for Ralink Technology RT2500), - and &man.ural.4; (for Ralink Technology RT2500USB) - drivers have been added.</para> - - <para>The &man.ixgb.4; driver is now MPSAFE. &merged;</para> - - <para>The musycc driver, for the LanMedia LMC1504 T1/E1 - network interface card, has been removed due to - disuse.</para> - - <para arch="i386,amd64">Drivers using the &man.ndis.4; device - driver wrapper mechanism are now built and loaded - differently. The &man.ndis.4; driver can now be pre-built - as module or statically compiled into a kernel. Individual - drivers can now be built with the &man.ndisgen.8; utility; - the result is a kernel module that can be loaded into a - running kernel using &man.kldload.8;. &merged;</para> - - <para arch="amd64">The &man.ndis.4; device driver wrapper now - supports &windows;/x86-64 binaries on amd64 - systems. &merged;</para> - - <para arch="i386,amd64">The &man.nve.4; driver, which supports the - nVidia nForce MCP Networking Adapter, has been added.</para> - - <para>The &man.re.4; driver now supports the &man.altq.4; - framework. &merged;</para> - - <para>The &man.sf.4; driver now has support for device polling - and &man.altq.4;. &merged;</para> - - <para>Several programming errors in the &man.sk.4; driver have - been corrected. These bugs were particular to SMP systems, and - could cause panics, page faults, aborted SSH connections, or - corrupted file transfers. More details can be found in - errata note - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:02.sk.asc">FreeBSD-EN-05:02.sk</ulink>. - &merged;</para> - - <para>The &man.sk.4; driver now has support for &man.altq.4;. - This driver also now supports jumbo frames on Yukon-based - interfaces. &merged;</para> - - <para>The &man.ste.4; driver now has support for &man.altq.4;.</para> - - <para>The &man.vge.4; driver now has support for device polling - (&man.polling.4;).</para> - - <para>Support for 802.11 devices in the &man.wlan.4; framework has been - greatly overhauled. In addition to architectural changes, - it includes completed 802.11g, WPA, 802.11i, 802.1x, - WME/WMM, AP-side power-saving, and plugin frameworks for - cryptography modules, authenticators, and access control. - Note in particular that WEP now requires the - <filename>wlan_wep</filename> module to be loaded (or - compiled) into the kernel.</para> - - <para>The &man.xl.4; driver now supports - &man.polling.4;. &merged;</para> - + <para></para> </sect4> </sect3> <sect3 id="net-proto"> <title>Network Protocols</title> - <para>The MTU feedback in IPv6 has been disabled when the sender writes - data that must be fragmented. &merged;</para> - - <para>The Common Address Redundancy Protocol (CARP) has - been implemented. CARP comes from OpenBSD and allows - multiple hosts to share an IP address, providing - high availability and load balancing. - For more information, see the &man.carp.4; manual page. &merged;</para> - - <para>The &man.if.bridge.4; network bridging implementation, - originally from NetBSD, has been added. It supports the IEEE - 802.1D Spanning Tree Protocol, individual interface devices - for each bridge, and filtering of bridged packets. - The &man.ifconfig.8; utility now supports to configure - &man.if.bridge.4;.</para> - - <para>The &man.ipfw.4; <literal>IPDIVERT</literal> option is now - available as a kernel loadable module. - If this module is not loaded, &man.ipfw.4; will refuse to - install <literal>divert</literal> rules and &man.natd.8; - will return the error message <quote>protocol not supported</quote>.</para> - - <para>The &man.ipfw.4; system can work with - <varname>debug.mpsafenet</varname>=<literal>1</literal> - (this tunable is <literal>1</literal> by default) - when the <literal>gid</literal>, <literal>jail</literal>, - and/or <literal>uid</literal> rule options are used. &merged;</para> - - <para>The &man.ipfw.4; and &man.dummynet.4; systems now - support IPv6.</para> - - <para>&man.ipfw.8; now supports classification and tagging - of &man.altq.4; packets via a divert socket. It is also - possible to specify rules that match TCP packets with specific - payload sizes.</para> - - <para>The &man.ipfw.8; <literal>ipfw fwd</literal> rule now supports - the full packet destination manipulation when the kernel option - <literal>options IPFIREWALL_FORWARD_EXTENDED</literal> is specified - in addition to <literal>options IPFIRWALL_FORWARD</literal>. - This kernel option disables all restrictions to ensure proper - behavior for locally generated packets and allows redirection of - packets destined to locally configured IP addresses. - Note that &man.ipfw.8; rules have to be carefully crafted to - make sure that things like PMTU discovery do not break. &merged;</para> - - <para>The &man.ipfw.8; system now supports IPv4 only rules.</para> - - <para>&man.ipnat.8; now allows redirect rules to - work for non-TCP/UDP packets. &merged;</para> - - <para>Ongoing work is reducing the use of the Giant lock by the - network protocol stack and improving the locking - strategies.</para> - - <para>The <filename>libalias</filename> library can now be built - as a kernel module.</para> - - <para>The link state change notifications of network interfaces - are sent to <filename>/dev/devctl</filename> now.</para> - - <para>A new &man.ng.ipfw.4; NetGraph node provides - a simple interface between the &man.ipfw.4; and &man.netgraph.4; - facilities.</para> - - <para>A new &man.ng.nat.4; NetGraph node has been added to - perform NAT functions.</para> - - <para>A new &man.ng.netflow.4; NetGraph node allows a router - running &os; to do NetFlow version 5 exports. &merged;</para> - - <para>A new &man.ng.tcpmss.4; NetGraph node has been added. - This supports altering MSS options of TCP packets.</para> - - <para>The &man.sppp.4; driver now includes Frame Relay - support. &merged;</para> - - <para>The &man.sppp.4; driver is now MPSAFE.</para> - - <para>The &os; routing table now requires gateways for routes - to be of the same address family as the route itself. - The &man.route.8; utility now rejects a combination of different - address families. For example:</para> - - <screen>&prompt.root; route add 10.1.1.1 -inet6 fe80::1%fxp0</screen> - - <para>The new sysctl <varname>net.link.tap.user_open</varname> - has been implemented. This allows unprivileged access to - &man.tap.4; device nodes based on file system permissions.</para> - - <para>A bug in TCP that sometimes caused RST packets to - be ignored if the receive window was zero bytes has been - fixed. &merged;</para> - - <para>The <literal>RST</literal> - handling of the &os; TCP stack has been improved - to make reset attacks as difficult as possible while - maintaining compatibility with the widest range of TCP stacks. - The algorithm is as follows: For connections in the - <literal>ESTABLISHED</literal> - state, only resets with sequence numbers exactly matching - <varname>last_ack_sent</varname> will cause a reset; - all other segments will - be silently dropped. For connections in all other states, - a reset anywhere in the window will cause the connection - to be reset. All other segments will be silently dropped. - Note that this behavior technically violates the RFC 793 specification; - the conventional (but less secure) behavior can be restored - by setting a new sysctl <varname>net.inet.tcp.insecure_rst</varname> - to <literal>1</literal>. &merged;</para> - - <para>Several bugs in the TCP SACK implementation have been - fixed. &merged;</para> - - <para>RFC 1644 T/TCP support has been removed. This is because - the design is based on a weak security model that can easily - permit denial-of-service attacks. This TCP - extension has been considered a defective one in - a recent Internet Draft.</para> - - <para>The KAME IPv4 IPsec implementation integrated - in &os; now supports TCP-MD5. &merged;</para> - - <para>Random ephemeral port number allocation has led to some - problems with port reuse at high connection rates. This - feature is now disabled during periods of high connection - rates; whenever new connections are created faster than - <varname>net.inet.ip.portrange.randomcps</varname> per second, - port number randomization is disabled for the next - <varname>net.inet.ip.portrange.randomtime</varname> - seconds. The default values for these two sysctl variables - are <literal>10</literal> and <literal>45</literal>, - respectively. &merged;</para> - - <para>Fine-grained locking has been applied to many of the data - structures in the IPX/SPX protocol stack. While not fully - MPSAFE at this point, it is generally safe to use IPX/SPX - without the Giant lock (in other words, the - <varname>debug.mpsafenet</varname> sysctl variable may be set - to <literal>1</literal>).</para> - - <para>Unix domain sockets now support the - <literal>LOCAL_CREDS</literal> and - <literal>LOCAL_CONNWAIT</literal> options. - The <literal>LOCAL_CREDS</literal> option provides - a mechanism for the receiver to receive the credentials - of the process as a &man.recvmsg.2; control message. - The <literal>LOCAL_CONNWAIT</literal> - option causes the &man.connect.2; function to block - until &man.accept.2; has been called on the listening socket. - For more details, see the &man.unix.4; manual page.</para> + <para></para> </sect3> <sect3 id="disks"> <title>Disks and Storage</title> - <para>The &man.amr.4; driver is now safe for use on systems - using &man.pae.4;. &merged;</para> - - <para arch="i386,ia64">The &man.arcmsr.4; driver has been added. - It supports the Areca ARC-11<replaceable>xx</replaceable> and - ARC-12<replaceable>xx</replaceable> series of SATA RAID - controllers. &merged;</para> - - <para>The &man.ata.4; family of drivers has been overhauled and - updated. It has been split into modules that can be loaded - and unloaded independently (the <filename>atapci</filename> - and <filename>ata</filename> modules are prerequesites for the - device subdrivers, which are <filename>atadisk</filename>, - <filename>atapicd</filename>, <filename>atapifd</filename>, - <filename>atapist</filename>, and - <filename>ataraid</filename>). On supported SATA controllers, - devices can be hot inserted/removed. ATA RAID support has - been rewritten and supports a number of new metadata formats. - The <filename>atapicd</filename> driver no longer supports CD - changers. This update has been referred to as <quote>ATA - mkIII</quote>.</para> - - <para>The SHSEC GEOM class has been added. It provides for the - sharing of a secret between multiple GEOM providers. All of - these providers must be present in order to reveal the - secret. This feature is controlled by the &man.gshsec.8; - utility. &merged;</para> - - <para>The &man.hptmv.4; driver, which supports the HighPoint - RocketRAID 182x series, has been added. &merged;</para> - - <para>The &man.ips.4; driver now support kernel crash dumps - on some modern ServeRAID models. &merged;</para> - - <para>The &man.matcd.4; driver has been removed. &merged;</para> - - <para>The default SCSI boot-time probe delay in the - <filename>GENERIC</filename> kernel has been reduced from - fifteen seconds to five seconds.</para> - - <para>The old vinum(4) subsystem has been removed - in favor of the new &man.geom.4;-based version.</para> - - <para>The &man.twa.4; driver has been updated to - the 9.2 release (for &os; 5.2.1) distributed from - the 3ware website.</para> - - <para arch="pc98">The &man.wd.4; driver has been removed. The - &man.ata.4; driver has been found to work well enough on the - pc98 platform that there is no need for the older &man.wd.4; - driver.</para> - - <para>Information about newly-mounted cd9660 file systems (such - as the presence of RockRidge extensions) is now only printed - if the kernel was booted in verbose mode. This change was - made to reduce the amount of (generally unnecessary) kernel - log messages. &merged;</para> - + <para>The &man.mpt.4; driver has been updated to support + various new features such as RAID volume and RAID member + state/settings reporting, periodic volume re-synchronization + status reporting, and sysctl variables for volume + re-synchronization rate, volume member write cache status, + and volume transaction queue depth.</para> </sect3> <sect3 id="fs"> <title>File Systems</title> - <para>Recomputing the summary information for - <quote>dirty</quote> UFS and UFS2 file systems is no longer - done at mount time, but is now done by background - &man.fsck.8;. This change improves the startup speed when - mounting large file systems after a crash. The prior behavior - can be restored by setting the - <varname>vfs.ffs.compute_summary_at_mount</varname> sysctl - variable to a non-zero value. &merged;</para> - - <para>A kernel panic in the NFS server has been fixed. More - details can be found in errata note - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/notices/FreeBSD-EN-05:01.nfs.asc">FreeBSD-EN-05:01.nfs</ulink>. - &merged;</para> - - <para arch="i386,pc98">Read-only support for ReiserFS version 3 has been - added. See &man.mount.reiserfs.8; for details.</para> - + <para></para> </sect3> <sect3> <title>Contributed Software</title> - <para><application>ACPI-CA</application> has been updated from - 20040527 to 20041119. &merged;</para> - + <para></para> </sect3> </sect2> <sect2 id="userland"> <title>Userland Changes</title> - <para>The &man.burncd.8; utility now allows commands (such as - <command>eject</command>) to take place after fixating a - disk.</para> + <para>The &man.ifconfig.8; utility now supports + a <option>-k</option> flag to allow printing + potentially sensitive keying material to standard output. + This sensitive information will not be printed by default.</para> - <para arch="amd64">Machine-specific optimized versions of - &man.bcmp.3;, &man.bcopy.3;, &man.bzero.3;, &man.memcmp.3;, - &man.memcpy.3;, &man.memmove.3;, &man.memset.3;, &man.strcat.3; - and &man.strcpy.3; have been implemented. Several mathematics - functions such as &man.ceill.3; and &man.sqrtf.3; are also - replaced with the optimized versions.</para> - - <para>The &man.chflags.1; utility now supports the - <option>-h</option> flag, which supports changing flags on - symbolic links.</para> - - <para>The &man.env.1; program now supports a <option>-v</option> - flag to write the command to standard error before it is executed.</para> - - <para>The &man.env.1; program now supports a <option>-S - <replaceable>string</replaceable></option> - option to split the <replaceable>string</replaceable> and pass them to - the command as the command-line arguments.</para> - - <para>The &man.env.1; program now supports a <option>-P - <replaceable>altpath</replaceable></option> - option to set the command search path used to look for - the command.</para> - - <para>The &man.ftpd.8; program now uses the <literal>212</literal> - and <literal>213</literal> status codes for directory - and file status correctly (<literal>211</literal> was used in - the previous versions). This behavior is described in RFC 959. - &merged;</para> - - <para>The <literal>create</literal> command of the &man.gpt.8; - utility now supports a <option>-f</option> command-line flag to - force creation of a GPT even when there is an MBR record on a - disk. &merged;</para> - - <para>The &man.getaddrinfo.3; function now queries <literal>A</literal> - DNS resource records before <literal>AAAA</literal> records - when <literal>AF_UNSPEC</literal> is specified. - Some broken DNS servers return <literal>NXDOMAIN</literal> - against non-existent <literal>AAAA</literal> queries, - even when it should return <literal>NOERROR</literal> - with empty return records. This is a problem for an IPv4/IPv6 dual - stack node because the <literal>NXDOMAIN</literal> returned - by the first query of an <literal>AAAA</literal> record makes - the querying server stop attempting to resolve the <literal>A</literal> - record if any. Also, this behavior has been recognized as a potential - denial-of-service attack (see <ulink url="http://www.kb.cert.org/vuls/id/714121"></ulink>; - for more details). - Note that although the query order has been changed, - the returned result still includes - <literal>AF_INET6</literal> records before - <literal>AF_INET</literal> records. &merged;</para> - - <para>The &man.gethostbyname.3;, &man.gethostbyname2.3;, and - &man.gethostbyaddr.3; functions are now thread-safe. &merged;</para> - - <para>The &man.getnetent.3;, &man.getnetbyname.3;, and - &man.getnetbyaddr.3; functions are now thread-safe. &merged;</para> - - <para>The &man.getprotoent.3;, &man.getprotobyname.3;, and - &man.getprotobynumber.3; functions are now thread-safe. &merged;</para> - - <para>The &man.getservent.3;, &man.getservbyname.3;, and - &man.getservbyport.3; functions are now thread-safe. &merged;</para> - - <para>For conformation to IEEE Std 1003.1-2001 - (also known as POSIX 2001), the <varname>n_net</varname> member - of <varname>struct netent</varname> and the first argument - of &man.getnetbyaddr.3; has been changed to an <literal>uint32_t</literal>. - Due to these changes, the ABI on 64-bit platforms is - incompatible with previous releases of &os; and - the major version number of the <filename>libpcap</filename> - shared library has been bumped. - On 64-bit platforms being upgraded from older &os; versions, all - userland programs that use &man.getnetbyaddr.3;, - &man.getnetbyname.3;, &man.getnetent.3;, and/or - <filename>libpcap</filename> have to be recompiled.</para> - - <para>The gvinum(8) utility now supports the - <command>checkparity</command>, - <command>rebuildparity</command>, and - <command>setstate</command> - subcommands. &merged;</para> - - <para>The &man.ifconfig.8; utility has been restructured. It is >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507170936.j6H9anHx001360>