Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 19 Jul 2010 15:26:43 +0000 (UTC)
From:      Hiroki Sato <hrs@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r210239 - in stable/8/release/doc: en_US.ISO8859-1/errata en_US.ISO8859-1/relnotes share/sgml
Message-ID:  <201007191526.o6JFQhaY005143@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: hrs
Date: Mon Jul 19 15:26:42 2010
New Revision: 210239
URL: http://svn.freebsd.org/changeset/base/210239

Log:
  - Clean up old contents and bump version numbers.
  - Add items for security advisories.

Modified:
  stable/8/release/doc/en_US.ISO8859-1/errata/article.sgml
  stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml
  stable/8/release/doc/share/sgml/release.dsl
  stable/8/release/doc/share/sgml/release.ent

Modified: stable/8/release/doc/en_US.ISO8859-1/errata/article.sgml
==============================================================================
--- stable/8/release/doc/en_US.ISO8859-1/errata/article.sgml	Mon Jul 19 15:05:35 2010	(r210238)
+++ stable/8/release/doc/en_US.ISO8859-1/errata/article.sgml	Mon Jul 19 15:26:42 2010	(r210239)
@@ -16,7 +16,7 @@
 
 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
 %release;
-<!ENTITY release.bugfix "8.0-RELEASE">
+<!ENTITY release.bugfix "8.1-RELEASE">
 ]>
 
 <article>
@@ -40,7 +40,7 @@
     <pubdate>$FreeBSD$</pubdate>
 
     <copyright>
-      <year>2009</year>
+      <year>2010</year>
       <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
     </copyright>
 
@@ -119,7 +119,6 @@
     <para>For a list of all &os; CERT security advisories, see <ulink
       url="http://www.FreeBSD.org/security/"></ulink>; or <ulink
       url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para>;
-
   </sect1>
 
   <sect1 id="security">
@@ -144,34 +143,74 @@
 
 	<tbody>
 	  <row>
-	    <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
-		>SA-09:17.freebsd-update</ulink></entry>
-	    <entry>03&nbsp;December&nbsp;2009</entry>
-	    <entry><para>Inappropriate directory permissions in freebsd-update(8)</para></entry>
+	    <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc"
+		>SA-09:15.ssl</ulink></entry>
+	    <entry>3&nbsp;Dec&nbsp;2009</entry>
+	    <entry><para>SSL protocol flaw</para></entry>
 	  </row>
 	  <row>
 	    <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc"
 		>SA-09:16.rtld</ulink></entry>
-	    <entry>03&nbsp;December&nbsp;2009</entry>
-	    <entry><para>Improper environment sanitization in rtld(1)</para></entry>
+	    <entry>3&nbsp;Dec&nbsp;2009</entry>
+	    <entry><para>Improper environment sanitization in &man.rtld.1;</para></entry>
 	  </row>
 	  <row>
-	    <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc"
-		>SA-09:15.ssl</ulink></entry>
-	    <entry>03&nbsp;December&nbsp;2009</entry>
-	    <entry><para>SSL protocol flaw</para></entry>
+	    <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
+		>SA-09:17.freebsd-update</ulink></entry>
+	    <entry>3&nbsp;Dec&nbsp;2009</entry>
+	    <entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry>
+	  </row>
+	  <row>
+	    <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc"
+		>SA-10:01.bind</ulink></entry>
+	    <entry>6&nbsp;Jan&nbsp;2010</entry>
+	    <entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry>
+	  </row>
+	  <row>
+	    <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc"
+		>SA-10:02.ntpd</ulink></entry>
+	    <entry>6&nbsp;Jan&nbsp;2010</entry>
+	    <entry><para>ntpd mode 7 denial of service</para></entry>
+	  </row>
+	  <row>
+	    <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc"
+		>SA-10:03.zfs</ulink></entry>
+	    <entry>6&nbsp;Jan&nbsp;2010</entry>
+	    <entry><para>ZFS ZIL playback with insecure permissions</para></entry>
+	  </row>
+	  <row>
+	    <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc"
+		>SA-10:04.jail</ulink></entry>
+	    <entry>27&nbsp;May&nbsp;2010</entry>
+	    <entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry>
+	  </row>
+	  <row>
+	    <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc"
+		>SA-10:05.opie</ulink></entry>
+	    <entry>27&nbsp;May&nbsp;2010</entry>
+	    <entry><para>OPIE off-by-one stack overflow</para></entry>
+	  </row>
+	  <row>
+	    <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
+		>SA-10:06.nfsclient</ulink></entry>
+	    <entry>27&nbsp;May&nbsp;2010</entry>
+	    <entry><para>Unvalidated input in nfsclient</para></entry>
+	  </row>
+	  <row>
+	    <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc"
+		>SA-10:07.mbuf</ulink></entry>
+	    <entry>13&nbsp;July&nbsp;2010</entry>
+	    <entry><para>Lost mbuf flag resulting in data corruption</para></entry>
 	  </row>
 	</tbody>
       </tgroup>
     </informaltable>
-
   </sect1>
 
   <sect1 id="open-issues">
     <title>Open Issues</title>
 
     <para>No open issues.</para>
-
   </sect1>
 
   <sect1 id="late-news">
@@ -179,5 +218,4 @@
 
     <para>No news.</para>
   </sect1>
-
 </article>

Modified: stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml
==============================================================================
--- stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml	Mon Jul 19 15:05:35 2010	(r210238)
+++ stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml	Mon Jul 19 15:26:42 2010	(r210239)
@@ -15,16 +15,7 @@
   <pubdate>$FreeBSD$</pubdate>
 
   <copyright>
-    <year>2000</year>
-    <year>2001</year>
-    <year>2002</year>
-    <year>2003</year>
-    <year>2004</year>
-    <year>2005</year>
-    <year>2006</year>
-    <year>2007</year>
-    <year>2008</year>
-    <year>2009</year>
+    <year>2010</year>
     <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
   </copyright>
 
@@ -106,9 +97,7 @@
     <title>What's New</title>
 
     <para>This section describes the most user-visible new or changed
-      features in &os; since &release.prev;, and changes shown in
-      Release Notes for the previous releases are marked as
-      <literal>[7.1R]</literal> and <literal>[7.2R]</literal>.</para>
+      features in &os; since &release.prev;.</para>
 
     <para>Typical release note items document recent security
       advisories issued after &release.prev;, new drivers or hardware
@@ -142,163 +131,65 @@
 	    </thead>
 
 	    <tbody>
-	      <row role="7.1">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:05.openssh.asc"
-			      >SA-08:05.openssh</ulink></entry>
-		<entry>17&nbsp;April&nbsp;2008</entry>
-		<entry><para>OpenSSH X11-forwarding privilege escalation</para></entry>
-	      </row>
-
-	      <row role="7.1">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc"
-			      >SA-08:06.bind</ulink></entry>
-		<entry>13&nbsp;July&nbsp;2008</entry>
-		<entry><para>DNS cache poisoning</para></entry>
-	      </row>
-
-	      <row role="7.1">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:07.amd64.asc"
-			      >SA-08:07.amd64</ulink></entry>
-		<entry>3&nbsp;September&nbsp;2008</entry>
-		<entry><para>amd64 swapgs local privilege escalation</para></entry>
-	      </row>
-
-	      <row role="7.1">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:08.nmount.asc"
-			      >SA-08:08.nmount</ulink></entry>
-		<entry>3&nbsp;September&nbsp;2008</entry>
-		<entry><para>&man.nmount.2; local arbitrary code execution</para></entry>
-	      </row>
-
-	      <row role="7.1">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc"
-			      >SA-08:09.icmp6</ulink></entry>
-		<entry>3&nbsp;September&nbsp;2008</entry>
-		<entry><para>Remote kernel panics on IPv6 connections</para></entry>
-	      </row>
-
-	      <row role="7.1">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
-			      >SA-08:10.nd6</ulink></entry>
-		<entry>1&nbsp;October&nbsp;2008</entry>
-		<entry><para>IPv6 Neighbor Discovery Protocol routing vulnerability</para></entry>
-	      </row>
-
-	      <row role="7.1">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc"
-			      >SA-08:11.arc4random</ulink></entry>
-		<entry>24&nbsp;November&nbsp;2008</entry>
-		<entry><para>&man.arc4random.9; predictable sequence vulnerability</para></entry>
-	      </row>
-
-	      <row role="7.1">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:12.ftpd.asc"
-			      >SA-08:12.ftpd</ulink></entry>
-		<entry>23&nbsp;December&nbsp;2008</entry>
-		<entry><para>Cross-site request forgery in &man.ftpd.8;</para></entry>
-	      </row>
-
-	      <row role="7.1">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:13.protosw.asc"
-			      >SA-08:13.protosw</ulink></entry>
-		<entry>23&nbsp;December&nbsp;2008</entry>
-		<entry><para>netgraph / bluetooth privilege escalation</para></entry>
-	      </row>
-
-	      <row role="7.2">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc"
-			      >SA-09:01.lukemftpd</ulink></entry>
-		<entry>07&nbsp;January&nbsp;2009</entry>
-		<entry><para>Cross-site request forgery in
-		  &man.lukemftpd.8;</para></entry>
-	      </row>
-
-	      <row role="7.2">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc"
-			      >SA-09:02.openssl</ulink></entry>
-		<entry>07&nbsp;January&nbsp;2009</entry>
-		<entry><para>OpenSSL incorrectly checks for malformed
-		  signatures</para></entry>
-	      </row>
-
-	      <row role="7.2">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc"
-			      >SA-09:03.ntpd</ulink></entry>
-		<entry>13&nbsp;January&nbsp;2009</entry>
-		<entry><para>ntpd cryptographic signature
-		  bypass</para></entry>
-	      </row>
-
-	      <row role="7.2">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc"
-			      >SA-09:04.bind</ulink></entry>
-		<entry>13&nbsp;January&nbsp;2009</entry>
-		<entry><para>BIND DNSSEC incorrect checks for
-		  malformed signatures</para></entry>
+	      <row>
+		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc"
+			      >SA-09:15.ssl</ulink></entry>
+		<entry>3&nbsp;Dec&nbsp;2009</entry>
+		<entry><para>SSL protocol flaw</para></entry>
 	      </row>
-
-	      <row role="7.2">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
-			      >SA-09:05.telnetd</ulink></entry>
-		<entry>16&nbsp;February&nbsp;2009</entry>
-		<entry><para>telnetd code execution
-		  vulnerability</para></entry>
+	      <row>
+		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc"
+			      >SA-09:16.rtld</ulink></entry>
+		<entry>3&nbsp;Dec&nbsp;2009</entry>
+		<entry><para>Improper environment sanitization in &man.rtld.1;</para></entry>
 	      </row>
-
-	      <row role="7.2">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc"
-			      >SA-09:06.ktimer</ulink></entry>
-		<entry>23&nbsp;March&nbsp;2009</entry>
-		<entry><para>Local privilege escalation</para></entry>
+	      <row>
+		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
+			      >SA-09:17.freebsd-update</ulink></entry>
+		<entry>3&nbsp;Dec&nbsp;2009</entry>
+		<entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry>
 	      </row>
-
-	      <row role="7.2">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
-			      >SA-09:07.libc</ulink></entry>
-		<entry>04&nbsp;April&nbsp;2009</entry>
-		<entry><para>Information leak in &man.db.3;</para></entry>
+	      <row>
+		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc"
+			      >SA-10:01.bind</ulink></entry>
+		<entry>6&nbsp;Jan&nbsp;2010</entry>
+		<entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry>
 	      </row>
-
-	      <row role="7.2">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc"
-			      >SA-09:08.openssl</ulink></entry>
-		<entry>22&nbsp;April&nbsp;2009</entry>
-		<entry><para>Remotely exploitable crash in
-		  OpenSSL</para></entry>
+	      <row>
+		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc"
+			      >SA-10:02.ntpd</ulink></entry>
+		<entry>6&nbsp;Jan&nbsp;2010</entry>
+		<entry><para>ntpd mode 7 denial of service</para></entry>
 	      </row>
-
-	      <row role="8.0">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"
-			      >SA-09:09.pipe</ulink></entry>
-		<entry>10&nbsp;June&nbsp;2009</entry>
-		<entry><para>Local information disclosure via direct pipe writes</para></entry>
+	      <row>
+		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc"
+			      >SA-10:03.zfs</ulink></entry>
+		<entry>6&nbsp;Jan&nbsp;2010</entry>
+		<entry><para>ZFS ZIL playback with insecure permissions</para></entry>
 	      </row>
-
-	      <row role="8.0">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc"
-			      >SA-09:10.ipv6</ulink></entry>
-		<entry>10&nbsp;June&nbsp;2009</entry>
-		<entry><para>Missing permission check on SIOCSIFINFO_IN6 ioctl</para></entry>
+	      <row>
+		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc"
+			      >SA-10:04.jail</ulink></entry>
+		<entry>27&nbsp;May&nbsp;2010</entry>
+		<entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry>
 	      </row>
-
-	      <row role="8.0">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
-			      >SA-09:11.ntpd</ulink></entry>
-		<entry>10&nbsp;June&nbsp;2009</entry>
-		<entry><para>ntpd stack-based buffer-overflow vulnerability</para></entry>
+	      <row>
+		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc"
+			      >SA-10:05.opie</ulink></entry>
+		<entry>27&nbsp;May&nbsp;2010</entry>
+		<entry><para>OPIE off-by-one stack overflow</para></entry>
 	      </row>
-
-	      <row role="8.0">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:12.bind.asc"
-			      >SA-09:12.bind</ulink></entry>
-		<entry>29&nbsp;July&nbsp;2009</entry>
-		<entry><para>BIND &man.named.8; dynamic update message remote DoS</para></entry>
+	      <row>
+		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
+			      >SA-10:06.nfsclient</ulink></entry>
+		<entry>27&nbsp;May&nbsp;2010</entry>
+		<entry><para>Unvalidated input in nfsclient</para></entry>
 	      </row>
-	      <row role="8.0">
-		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:14.devfs.asc"
-			      >SA-09:14.devfs</ulink></entry>
-		<entry>2&nbsp;Oct&nbsp;2009</entry>
-		<entry><para>Devfs / VFS NULL pointer race condition</para></entry>
+	      <row>
+		<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc"
+			      >SA-10:07.mbuf</ulink></entry>
+		<entry>13&nbsp;July&nbsp;2010</entry>
+		<entry><para>Lost mbuf flag resulting in data corruption</para></entry>
 	      </row>
 	    </tbody>
 	</tgroup>
@@ -308,2034 +199,68 @@
     <sect2 id="kernel">
       <title>Kernel Changes</title>
 
-      <para role="8.0">The &os; <filename>GENERIC</filename> kernel now
-	includes Trusted BSD MAC (Mandatory Access Control) support.
-	No MAC policy module is loaded by default.</para>
-
-      <para role="8.0" arch="i386">A loader
-	tunable <varname>hw.clflush_disable</varname> has been added
-	to avoid panic (trap 9)
-	at <function>map_invalidate_cache_range()</function> even if
-	Intel CPU is used.  This tunable can be set
-	to <literal>-1</literal> (default), <literal>0</literal> and
-	<literal>1</literal>.  The <literal>-1</literal> is same as
-	the current behavior, which automatically
-	disables <literal>CLFLUSH</literal> on Intel CPUs without
-	<literal>CPUID_SS</literal> (this should occurr on Xen
-	only).	You can specify <literal>1</literal> when this panic
-	happens on non-Intel CPUs (such as AMD's).  Because disabling
-	<literal>CLFLUSH</literal> can reduce performance, you can try
-	with setting <literal>0</literal> on Intel CPUs
-	without <literal>SS</literal> to
-	use <literal>CLFLUSH</literal> feature.</para>
-
-      <para role="8.0">The &man.jail.8; subsystem has been updated.  Changes include:</para>
-
-      <itemizedlist role="7.2">
-	<listitem>
-	  <para role="8.0">A new virtualization container
-	    named <quote>vimage</quote> has been implemented.  This is
-	    not enabled by default.  To enable this, add the following
-	    kernel options to your kernel configuration file and
-	    rebuild the kernel:</para>
-
-	  <programlisting>options	VIMAGE</programlisting>
-
-	  <para>Note that <literal>options SCTP</literal> in the
-	    <filename>GENERIC</filename> kernel is not compatible with
-	    <literal>options VIMAGE</literal>.  This limitation will
-	    be fixed in the next release.</para>
-
-	  <para>The vimage is a jail with a virtualized instance of
-	    the &os; network stack.  It can be created by using
-	    &man.jail.8; command like this:</para>
-
-	  <screen>&prompt.root; jail -c vnet name=<replaceable>vnet1</replaceable> host.hostname=<replaceable>vnet1.example.net</replaceable> path=/ persist</screen>
-
-	  <para>The vimage has own loopback interface and a separated
-	    network stack including the L3 routing tables.  Network
-	    interfaces on the system can be moved by using
-	    &man.ifconfig.8; <option>vnet</option> option between the
-	    different vimage jails and outside of them.</para>
-
-	  <para>Furthermore, the &man.epair.4; pseudo-interface driver
-	    has been added to help communication between vimage jails.
-	    It emulates a pair of back-to-back connected Ethernet
-	    interfaces.	 For example, the following commands create an
-	    interface pair of &man.epair.4;:</para>
-
-	  <screen>&prompt.root; ifconfig epair0 create
-epair0a
-&prompt.root; ifconfig epair0a
-epair0a: flags=8842&lt;BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; metric 0 mtu 1500
-	ether 02:c0:64:00:07:0a
-&prompt.root; ifconfig epair0b
-epair0b: flags=8842&lt;BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; metric 0 mtu 1500
-	ether 02:c0:64:00:08:0b</screen>
-
-	  <para>The &man.epair.4; pseudo-interfaces and any physical
-	    interfaces on the system can be moved between vimage jails
-	    by using &man.ifconfig.8; <option>vnet</option> option as
-	    described above.  Even after half of an &man.epair.4; pair
-	    is moved, the back-to-back connection still valid and can
-	    be used for inter-jail communication.</para>
-
-	  <para>Note that vimage is still considered as an
-	    experimental feature.</para>
-	</listitem>
-
-	<listitem>
-	  <para>A jail can now have arbitrary named parameters similar
-	    to environmental variables and the fixed jail parameters
-	    in the previous releases have been replaced with them.
-	    The jail name can now be used for identifying the jail in
-	    &man.jexec.8; and &man.killall.1;.</para>
-	</listitem>
-
-	<listitem>
-	  <para>Multiple IPv4 and/or IPv6 addresses per jail are now
-	    supported.  It is even possible to have jails without
-	    an IP address at all, which basically gives one a chrooted
-	    environment with restricted process view and no
-	    networking.</para>
-	</listitem>
-
-	<listitem>
-	  <para>SCTP (&man.sctp.4;) with IPv6 in jails has been
-	    implemented.</para>
-	</listitem>
-
-	<listitem>
-	  <para>Specific CPU binding by using &man.cpuset.1; has been
-	    implemented.  Note that the current implementation allows
-	    the superuser inside of the jail to change the CPU
-	    bindings specified.</para>
-	</listitem>
-
-	<listitem>
-	  <para>A &man.jail.8; can start with a specific route
-	    FIB now.</para>
-	</listitem>
-
-	<listitem>
-	  <para>The &man.ddb.8; kernel debugger now supports a
-	    <literal>show jails</literal> subcommand.</para>
-	</listitem>
-
-	<listitem>
-	  <para>Compatibility support which permits 32-bit jail
-	    binaries to be used on 64-bit systems to manage jails has
-	    been added.</para>
-	</listitem>
-
-	<listitem>
-	  <para>Note that both version numbers of
-	    <literal>jail</literal> and <literal>prison</literal> in
-	    the &man.jail.8; have been updated for the new
-	    features.</para>
-	</listitem>
-      </itemizedlist>
-
-      <para role="8.0">The &man.ksyms.4;, kernel symbol table
-	interface driver has been added.  It creates a character
-	device <filename>/dev/ksyms</filename> and provides
-	read-only access to a snapshot of the kernel symbol
-	table.</para>
-
-      <para role="8.0" arch="amd64,i386">The &os; Linux emulation
-	layer has been updated to version 2.6.16 and the default Linux
-	infrastructure port is
-	<filename>emulators/linux_base-f10</filename> (Fedora
-	10).</para>
-
-      <para role="8.0" arch="arm">The &os;/&arch.arm; now
-	supports mini dump.</para>
-
-      <para role="8.0" arch="powerpc">The &os;/&arch.powerpc; now
-	supports kernel core dump.</para>
-
-      <para role="8.0" arch="amd64,i386">The &os; virtual memory
-	subsystem now supports fully transparent use of
-	<application>superpages</application> for application memory;
-	application memory pages are dynamically promoted to or
-	demoted from superpages without any modification to
-	application code.  This change offers the benefit of large
-	page sizes such as improved virtual memory efficiency and
-	reduced TLB (translation lookaside buffer) misses without
-	downsides like application changes and virtual memory
-	inflexibility. This can be enabled by setting a loader tunable
-	<varname>vm.pmap.pg_ps_enabled</varname> to
-	<literal>1</literal> and is enabled by default on
-	&arch.amd64;.</para>
-
-      <para role="7.2">The &man.ddb.8; kernel debugger now supports a
-	<command>show mount</command> subcommand.</para>
-
-      <para role="7.2">The &os; DTrace subsystem now supports a probe for
-	process execution.</para>
-
-      <para role="7.2" arch="amd64">The &os; kernel virtual address
-	space has been increased to 6GB. This allows subsystems to use
-	larger virtual memory space than before.  For example, the
-	&man.zfs.8; adaptive replacement cache (ARC) requires large
-	kernel memory space to cache file system data, so it benefits
-	from the increased address space.  Note that the ceiling on
-	the kernel map size is now 60% of the size of physical memory
-	rather than an absolute quantity.</para>
-
-      <para role="7.2">The &man.kld.4; now supports installing 32-bit
-	system calls to the &os; syscall translation layer from kernel
-	modules.</para>
-
-      <para role="7.2">The &man.ktr.4; now supports a new KTR tracepoint in the
-	<literal>KTR_CALLOUT</literal> class to note when a callout
-	routine finishes executing.</para>
-
-      <para role="7.2">Types of variables used to track the amount of allocated
-	System V shared memory have been changed from
-	<literal>int</literal> to <literal>size_t</literal>.  This
-	makes it possible to use more than 2 GB of memory for shared
-	memory segments on 64-bit architectures.  Please note the new
-	BUGS section in &man.shmctl.2; and
-	<filename>/usr/src/UPDATING</filename> for limitations of this
-	temporary solution.</para>
-
-      <para role="7.2">The &man.sysctl.3; leaf nodes have a flag to tag
-	themselves as MPSAFE now.</para>
-
-      <para role="7.2">The &os; 32-bit system call translation layer now
-	supports installing 32-bit system calls for
-	<literal>VFS_AIO</literal>.</para>
-
-      <para role="7.1">The &man.clock.gettime.2; and the related system calls now
-	support a clock ID <literal>CLOCK_THREAD_CPUTIME_ID</literal>,
-	as defined in POSIX.</para>
-
-      <para role="7.1">The &man.cpuset.2; system call has been added.  This is an
-	API for thread to CPU binding and CPU resource grouping and
-	assignment.</para>
-
-      <para role="7.1">The DTrace, a comprehensive dynamic tracing framework and
-	&man.dtrace.1; userland utility have been imported from
-	OpenSolaris.  DTrace provides a powerful infrastructure to
-	permit administrators, developers, and service personnel to
-	concisely answer arbitrary questions about the behavior of the
-	operating system and user programs.</para>
-
-      <para role="7.1">The &man.ddb.4; kernel debugger now has an output capture
-	facility.  Input and output from &man.ddb.4; can now be captured
-	to a memory buffer for later inspection using &man.sysctl.8; or
-	a textdump.  The new <command>capture</command> command controls
-	this feature.</para>
-
-      <para role="7.1">The &man.ddb.4; debugger now supports a simple scripting
-	facility, which supports a set of named scripts consisting of a
-	set of &man.ddb.4; commands.  These commands can be managed from
-	within &man.ddb.4; or with the use of the new &man.ddb.8;
-	utility.  More details can be found in the &man.ddb.4; manual
-	page.</para>
-
-      <para role="7.1">The &man.ddb.4; <command>ex</command> command now supports
-	an <option>/S</option> mode which interprets and prints the
-	value at the requested address as a symbol.  For example,
-	<userinput>ex /S <replaceable>aio_swake</replaceable></userinput>
-	prints the name of the function currently registered in
-	via <replaceable>aio_swake</replaceable> hook.</para>
-
-      <para role="7.1">The &man.ddb.4; <command>show conifhk</command> command has
-	been added.  This lists hooks currently waiting for completion
-	in <function>run_interrupt_driven_config_hooks()</function>.</para>
-
-      <para role="7.1">The &man.fcntl.2; system call now supports
-	<literal>F_DUP2FD</literal> command.  This is equivalent to
-	&man.dup.2;, and compatible with the Sun Solaris and the IBM
-	AIX.</para>
-
-      <para role="7.1">The &os;'s &man.linux.4; ABI support now implements
-	<function>sched_setaffinity()</function> and
-	<function>sched_getaffinity()</function> using real CPU affinity
-	setting primitives.</para>
-
-      <para role="7.1">The &man.procstat.1; utility has been added. This is a
-	process inspection utility which provides some of the missing
-	functionality from &man.procfs.5; and new functionality for monitoring
-	and debugging specific processes.</para>
-
-      <para role="7.1">The client side functionality of &man.rpc.lockd.8; has been
-	implemented in the &os; kernel.  This implementation provides the
-	correct semantics for &man.flock.2; style locks which are used
-	by the &man.lockf.1; command line tool and the &man.pidfile.3;
-	library.  It also implements recovery from server restarts and
-	ensures that dirty cache blocks are written to the server before
-	obtaining locks (allowing multiple clients to use file locking
-	to safely share data).	Also, a new kernel option
-	<literal>options NFSLOCKD</literal> has been added and enabled
-	by default.  If the kernel support is enabled, &man.rpc.lockd.8;
-	automatically detects and uses the functionality.</para>
-
-      <para role="7.1">The &os; kernel now supports a new textdump format of kernel
-	dumps.	A textdump provides higher-level information via
-	mechanically generated/extracted debugging output, rather than a
-	simple memory dump. This facility can be used to generate brief
-	kernel bug reports that are rich in debugging information, but
-	are not dependent on kernel symbol tables or precisely
-	synchronized source code.  More information can be found in the
-	&man.textdump.4; manual page.</para>
-
-      <para role="7.1">The &man.wait4.2; system call now supports
-	<option>WNOWAIT</option> flag to keep the process whose status
-	is returned in a waitable state and <option>WSTOPPED</option>
-	which is equivalent to <option>WUNTRACED</option>.</para>
-
-      <para role="7.1" arch="amd64,i386,sparc64">The &os; kernel now has
-	initial support of binding interrupts to CPUs.</para>
-
-      <para role="7.1" arch="amd64,i386"> The &man.sched.ule.4; scheduler is now the default
-	process scheduler in <filename>GENERIC</filename>
-	kernels.</para>
-
-      <para role="7.1">The sysctl
-	variables <varname>kern.features.compat_freebsd[456]</varname>
-	have been added.  These are corresponding to the kernel options
-	<literal>COMPAT_FREEBSD[456]</literal>.</para>
+      <para></para>
 
       <sect3 id="boot">
 	<title>Boot Loader Changes</title>
 
-	<para role="8.0">The <application>boot0</application> boot
-	  loader now preserves volume ID at offset
-	  0x1b8 used in other operating systems </para>
-
-	<para role="8.0">The &man.boot0cfg.8; utility now supports a
-	  new <option>-i</option> option to set the volume ID.</para>
-
-	<para role="8.0" arch="arm,powerpc">The &man.loader.8; now
-	  supports U-Boot support library.</para>
-
-	<para role="7.2">The &man.boot.8; now supports 4-byte volume ID that
-	  certain versions of &windows; put into the MBR and invoking
-	  PXE by pressing the F6 key on some supported BIOSes.</para>
-
-	<para role="7.2" arch="i386">The &man.boot.8; BTX loader has been
-	  improved.  This fixes several boot issues on recent machines
-	  reported for 7.1-RELEASE and before.</para>
-
-	<para role="7.2">The &man.loader.8; is now able to obtain DHCP options
-	  from network boot via &man.kenv.2; variables.</para>
-
-	<para role="7.2">A bug in the &man.loader.8; has been fixed.  Now the
-	  following line works as expected:</para>
-
-	<programlisting>loader_conf_files="<replaceable>foo</replaceable> <replaceable>bar</replaceable> ${<replaceable>variable</replaceable>}"</programlisting>
-
-	<para role="7.1" arch="amd64,i386">The BTX kernel used by the boot
-	  loader has been changed to invoke BIOS routines from real
-	  mode.	 This change makes it possible to boot &os; from USB
-	  devices.</para>
-
-	<para role="7.1" arch="amd64,i386">A new gptboot boot loader has
-	  been added to support booting from a GPT labeled disk.  A
-	  new <command>boot</command> command has been added to
-	  &man.gpt.8;, which makes a GPT disk bootable by writing the
-	  required bits of the boot loader, creating a new boot
-	  partition if required.</para>
+        <para></para>
       </sect3>
 
       <sect3 id="proc">
 	<title>Hardware Support</title>
 
-	<para role="8.0">The &os; now includes experimental support
-	  for &arch.mips; platform.</para>
-
-	<para role="8.0">Support for RTC on Dallas Semiconductor chips
-	  has been improved.  The DS133x and DS1553 are now
-	  supported.</para>
-
-	<para role="8.0" arch="arm">The &os;/&arch.arm; now supports
-	  Feroceon and Sheeva embedded CPU, Marvell Orion (88F5281),
-	  Kirkwood (88F6281), Discovery Innovation (MV-78100)
-	  systems-on-chip CPU.</para>
-
-	<para role="8.0" arch="powerpc">The &os;/&arch.powerpc; now
-	  supports SMP machines</para>
-
-	<para role="8.0" arch="powerpc">The &os;/&arch.powerpc; now
-	  supports E500 (Book-E) embedded CPU and Freescale
-	  PowerQUICCIII MPC85xx system-on-chip (including single and
-	  dual-core).</para>
-
-	<para role="8.0">The &man.acpi.4; subsystem now supports the System
-	  Resource Affinity Table (SRAT) used to describe affinity
-	  relationships between CPUs and memory, ACPI 3.0 fields in
-	  the MADT including X2APIC entries and UIDs for local SAPICs, and
-	  ACPI 3.0 flags in the FADT.</para>
-
-	<para role="8.0" arch="powerpc">The &man.cpufreq.4; framework now
-	  supports PowerPC G5, along with a skeleton SMU driver in order to slew
-	  CPU voltage during frequency changes.</para>
-
-	<para role="8.0">The sec(4) driver has been added to provide
-	  support for the integrated security engine found in
-	  Freescale system-on-chip devices.</para>
-
-	<para role="8.0">The &os; TTY layer has been replaced with a
-	  new one which has better support for SMP and robust resource
-	  handling.  A tty now has own mutex and it is expected to
-	  improve scalability when compared to the old implementation
-	  based on the Giant lock.</para>
-
-	<para role="8.0" arch="amd64,i386">The &man.uart.4; driver is now the
-	  default driver for serial port devices in favor of the
-	  &man.sio.4; driver.  Note that the device nodes have been
-	  renamed from
-	  <filename>/dev/cuad<replaceable>N</replaceable></filename> and
-	  <filename>/dev/ttyd<replaceable>N</replaceable></filename> to
-	  <filename>/dev/cuau<replaceable>N</replaceable></filename> and
-	  <filename>/dev/ttyu<replaceable>N</replaceable></filename>.</para>
-
-	<important>
-	  <para>Users who are upgrading will need to change their
-	    kernel configurations and possibly also
-	    <filename>/boot/loader.conf</filename> and
-	    <filename>/boot/device.hints</filename>.</para>
-	</important>
-
-	<para role="8.0">The &os; USB subsystem has been reimplemented
-	  to support modern devices and better SMP scalability.	 The
-	  new implementation includes Giant-lock-free device drivers,
-	  a Linux compatibility layer, &man.usbconfig.8; utility, full
-	  support for split transaction and isochronous transaction,
-	  and more.  Device node names for USB devices are now in a
-	  the form
-	  of <filename>/dev/usb/<replaceable>bus</replaceable>.<replaceable>dev</replaceable>.<replaceable>endpoint</replaceable></filename>,
-	  and <filename>/dev/usbctl</filename> is the master device
-	  node.	 Note that the &man.ugen.4; driver has nodes for each device as <filename>/dev/ugen<replaceable>bus</replaceable>.<replaceable>dev</replaceable></filename> for backward compatibility.</para>
-
-	<para role="7.2" arch="sparc64">&os; now supports Ultra SPARC III
-	  (Cheetah) processor family.</para>
-
-	<para role="7.2">The &man.acpi.4; subsystem now supports a &man.sysctl.8;
-	  variable <varname>debug.batt.batt_sleep_ms</varname>.	 On
-	  some laptops with smart batteries, enabling battery
-	  monitoring software causes keystrokes from &man.atkbd.4; to
-	  be lost.  This sysctl variable adds a delay in millisecond
-	  to the status checking code as a workaround.</para>
-
-	<para role="7.2">The &man.acpi.asus.4; driver now supports Asus A8Sr
-	  notebooks.</para>
-
-	<para role="7.2" arch="powerpc">Support for the AltiVec, a floating point
-	  and integer SIMD instruction set has been added.</para>
-
-	<para role="7.2">The &man.cpuctl.4; driver, which provides a special
-	  device <filename>/dev/cpuctl</filename> as an interface to
-	  the system CPU has been added.  The &man.cpuctl.4;
-	  functionality includes the ability to retrieve CPUID
-	  information, read/write machine specific registers (MSR),
-	  and perform CPU firmware updates.</para>
-
-	<para role="7.2">The &man.cpufreq.4; driver now supports an
-	  <varname>hw.est.msr_info</varname> loader tunable.  When
-	  this is set to <literal>1</literal>, it attempts to build a
-	  simple list containing just the high and low frequencies if
-	  it cannot obtain a frequency list from either ACPI or the
-	  static tables.  This is disabled by default.</para>
-
-	<para role="7.2" arch="amd64,i386">CPU frequency change notifiers are now
-	  disabled when the TSC is P-state invariant.  Also, a new
-	  loader tunable
-	  <varname>kern.timecounter.invariant_tsc</varname> has been
-	  added to force this behavior by setting it to
-	  non-zero.</para>
-
-	<para role="7.2">The &man.atkbd.4; driver now disables the interrupt
-	  handler which is called from the keyboard callback function
-	  when polled mode is enabled.	This fixes the problem of
-	  duplicated/missing characters at the mountroot prompt on
-	  multi CPU systems while &man.kbdmux.4; is enabled.</para>
-
-	<para role="7.2">In the &man.pci.4; subsystem INTx is now disabled when
-	  MSI/MSIX is enabled.	This change fixes interrupt storm
-	  related issues.</para>
-
-	<para role="7.2" arch="sparc64">The schizo(4) driver for Schizo
-	  Fireplane/Safari to PCI 2.1 and Tomatillo JBus to PCI 2.2
-	  bridges has been added.</para>
-
-	<para role="7.2">The &man.u3g.4; driver for USB based 3G cards and
-	  dongles including Vodafone Mobile Connect Card 3G, Qualcomm
-	  CDMA MSM, Huawei E220, Novatel U740, Sierra MC875U, and more
-	  has been added.  This provides support for the multiple
-	  USB-to-serial interfaces exposed by many 3G USB/PC Card
-	  modems, and the device is accessed through the &man.ucom.4;
-	  driver which makes it behave like a &man.tty.4;.</para>
-
-	<para role="7.2">The &man.sched.ule.4; scheduler now supports
-	  the loader tunable
-	  <varname>machdep.hyperthreading_enabled</varname> just like
-	  &man.sched.4bsd.4;. Note that it cannot be modified at
-	  run-time.</para>
-
-	<para role="7.1">The &man.cmx.4; driver, a driver for Omnikey CardMan 4040
-	  PCMCIA smartcard readers, has been added.</para>
-
-	<para role="7.1" arch="sparc64">The &man.kbdmux.4; driver now
-	  supports &arch.sparc64;.  The &man.sunkbd.4; driver now
-	  supports &man.atkbd.4; emulation like &man.ukbd.4;.</para>
-
-	<para role="7.1">The <filename>nvram(4)</filename> driver is now
-	  MPSAFE.</para>
-
-	<para role="7.1">An option of the &man.puc.4;
-	  driver, <literal>PUC_FASTINTR</literal>, is no longer
-	  supported.</para>
-
-	<para role="7.1">The &man.psm.4; driver now attempts detection of Synaptics
-	  touchpad before IntelliMouse.	 Some touchpads will pretend to
-	  be IntelliMouse causing the IntelliMouse probe to work and the
-	  Synaptics detection never to be done.</para>
-
-	<para role="7.1">The &man.uslcom.4; driver, a driver for Silicon
-	  Laboratories CP2101/CP2102-based USB serial adapters, has been
-	  imported from OpenBSD.</para>
+        <para></para>
 
 	<sect4 id="mm">
 	  <title>Multimedia Support</title>
 
-	  <para role="8.0">The &os; audio subsystem has been improved.
-	    The changes include volume per channel, high quality
-	    fixed-point band-limited SINC sampling rate converter,
-	    bit-perfect mode, transparent/adaptive virtual channel,
-	    and exclusive stream.  For more details, see the
-	    &man.snd.4; manual page.</para>
-
-	  <para role="7.2">The &man.agp.4; driver now supports Intel G4X series
-	    graphics chipsets.</para>
-
-	  <para role="7.2">The Direct Rendering Manager
-	    (<application>DRM</application>), a kernel module that
-	    gives direct hardware access to DRI clients, has been
-	    updated.  Support for AMD/ATI r500, r600, r700, and IGP
-	    based chips, XGI V3XE/V5/V8, and Intel i915 chipsets has
-	    been improved.</para>
-
-	  <para role="7.2">A new loader tunable <varname>hw.drm.msi</varname> has
-	    been added to control if DRM uses MSI or not.  This is set
-	    to <literal>1</literal> (enabled) by default.</para>
-
-	  <para role="7.2">The snd_au88x0(4) driver for Aureal Vortex
-	    1/2/Advantage PCI has been removed because it has been
-	    broken for a long time.</para>
-
-	  <para role="7.2">The &man.snd.hda.4; driver has been updated.	These
-	    changes include support for multiple codecs per HDA bus,
-	    multiple functional groups per codec, multiple audio
-	    devices per functional group, digital (SPDIF/HDMI) audio
-	    input/output, suspend/resume, and part of multichannel
-	    audio.</para>
-
-	  <para role="7.2">Note that due to added HDMI audio and
-	    logical audio devices support, the updated driver often
-	    provides several PCM devices.  This means that in some
-	    cases the system default audio device no longer
-	    corresponds to the users's habitual audio connectors. In
-	    such cases the default device can be specified in audio
-	    applications' setup or defined globally via
-	    <varname>hw.snd.default_unit</varname> sysctl variable, as
-	    described in the &man.sound.4; manual page.</para>
-
-	  <para role="7.1">The &man.agp.4; driver now supports the
-	    Intel G33 and G45.</para>
-
-	  <para role="7.1" arch="i386">The <filename>dpms(4)</filename> driver has
-	    been added to use the VESA BIOS for DPMS during suspend and
-	    resume.</para>
-
-	  <para role="7.1">The <application>DRM</application> kernel driver now
-	    supports i915 GME devices.</para>
+          <para></para>
 	</sect4>
 
 	<sect4 id="net-if">
 	  <title>Network Interface Support</title>
 
-	  <para role="8.0">The &man.bwi.4; driver has been added to
-	    provide support for Broadcom BCM43xx IEEE 802.11b/g wireless
-	    network interfaces.</para>
-
-	  <para role="8.0" arch="sparc64">The &man.cas.4; driver has
-	    been added to provide support for Sun Cassini/Cassini+ and
-	    National Semiconductor DP83065 Saturn Gigabit Ethernet
-	    devices.</para>
-
-	  <para role="8.0">The &man.cxgbtool.8; now supports an
-	    interactive mode for scripting of repeatedly performed
-	    tasks.</para>
-
-	  <para role="8.0">The &man.fxp.4; driver has been improved.  Changes include:</para>
-
-	  <itemizedlist>
-	    <listitem>
-	      <para role="8.0">The multicast filter re-programming
-		is now more robust.</para>
-	    </listitem>
-
-	    <listitem>
-	      <para role="7.2">The checksum offload feature can be controlled by
-		&man.ifconfig.8; now.</para>
-	    </listitem>
-
-	    <listitem>
-	      <para role="7.2">Rx checksum offload support for 82559 or later
-		controllers has been added.</para>
-	    </listitem>
-
-	    <listitem>
-	      <para role="7.2">TSO (TCP Segmentation Offload) support for 82550
-		and 82551 controllers has been added.</para>
-	    </listitem>
-
-	    <listitem>
-	      <para role="7.2">WoL (Wake on LAN) support for 82550, 82551, 82558,
-		and 82559-based controllers has been added.  Note that
-		ICH based controllers are treated as 82559, and 82557,
-		earlier revisions of 82558, and 82559ER have no WoL
-		capability.</para>
-	    </listitem>
-
-	    <listitem>
-	      <para role="7.2">VLAN hardware tag insertion/stripping support and
-		Tx/Rx checksum offload for VLAN frames support has
-		been added.  Note that the VLAN hardware assistance is
-		available only on 82550 or 82551-based
-		controllers.</para>
-	    </listitem>
-	  </itemizedlist>
-
-	  <para role="8.0" arch="arm,powerpc">The mge(4) driver has
-	    been added to provide support for Marvell Gigabit Ethernet
-	    controllers found on ARM-based SOCs (Orion, Kirkwood,
-	    Discovery), as well as on system controllers for PowerPC
-	    processors (MV64430, MV6446x).</para>
-
-	  <para role="8.0">The &man.miibus.4; driver now supports
-	    the Marvell 88E3016.</para>
-
-	  <para role="8.0">The &man.msk.4; driver now supports Yukon
-	    FE+ A0 including 88E8040, 88E8040T, 88E8048 and
-	    88E8070.</para>
-
-	  <para role="8.0">The &man.mwl.4; driver has been added to
-	    provide support for Marvell 88W8363 IEEE 802.11n wireless
-	    network devices.</para>
-
-	  <para role="8.0">The &man.mxge.4; driver now supports some newer
-	    revisions and 10GBASE-LRM and 10GBASE-Twinax media
-	    types.  The firmware version has been updated to 1.4.43.</para>
-
-	  <para role="8.0">The &man.nge.4; driver has been improved and
-	    now works on all platforms.</para>

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201007191526.o6JFQhaY005143>