FreeBSD/i386 4.8-RELEASE Release Notes
The FreeBSD Project
Copyright (c) 2000, 2001, 2002, 2003 by The FreeBSD Documentation Project
$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v
1.22.2.346 2003/03/22 00:12:50 bmah Exp $
The release notes for FreeBSD 4.8-RELEASE contain a summary of the changes
made to the FreeBSD base system since 4.7-RELEASE. Both changes for kernel
and userland are listed, as well as applicable security advisories for the
base system that were issued since the last release. Some brief remarks on
upgrading are also presented.
----------------------------------------------------------------------
Table of Contents
1 Introduction
2 What's New
2.1 Kernel Changes
2.1.1 Processor/Motherboard Support
2.1.2 Boot Loaders
2.1.3 Network Interface Support
2.1.4 Network Protocols
2.1.5 Disks and Storage
2.1.6 Filesystems
2.1.7 PCCARD Support
2.1.8 Multimedia Support
2.1.9 Contributed Software
2.2 Security Advisories
2.3 Userland Changes
2.3.1 Contributed Software
2.3.2 Ports/Packages Collection
2.4 Release Engineering and Integration
3 Upgrading from previous releases of FreeBSD
----------------------------------------------------------------------
1 Introduction
This document contains the release notes for FreeBSD 4.8-RELEASE on the
i386 hardware platform. It describes new features of FreeBSD that have
been added (or changed) since 4.7-RELEASE. It also provides some notes on
upgrading from previous versions of FreeBSD.
This distribution of FreeBSD 4.8-RELEASE is a release distribution. It can
be found at ftp://ftp.FreeBSD.org/ or any of its mirrors. More information
on obtaining this (or other) release distributions of FreeBSD can be found
in the ``Obtaining FreeBSD'' appendix in the FreeBSD Handbook.
----------------------------------------------------------------------
2 What's New
This section describes the most user-visible new or changed features in
FreeBSD since 4.7-RELEASE. Typical release note items document new drivers
or hardware support, new commands or options, major bugfixes, or
contributed software upgrades. Security advisories for the base system
that were issued after 4.7-RELEASE are also listed.
----------------------------------------------------------------------
2.1 Kernel Changes
A new in-kernel cryptographic framework (see crypto(4) and crypto(9)) has
been imported from OpenBSD. It provides a consistent interface to hardware
and software implementations of cryptographic algorithms for use by the
kernel and access to cryptographic hardware for user-mode applications.
Hardware device drivers are provided to support hifn-based cards (hifn(4))
and Broadcom-based cards (ubsec(4)).
Initial support has been added for FireWire devices (see firewire(4)).
Support for the CanBe power management controller has been added.
The ubsa driver has been added to support the Belkin F5U103 (and
compatible) USB-to-serial adaptors.
The uftdi(4) driver, to support FTDI USB-to-serial devices, has been
added.
----------------------------------------------------------------------
2.1.1 Processor/Motherboard Support
FreeBSD now has rudimentary support for HyperThreading (HTT). SMP kernels
with the HTT kernel option will detect and start up the logical processors
on HTT-capable machines. The logical processors will be treated like
additional physical processors for the purposes of process scheduling.
----------------------------------------------------------------------
2.1.2 Boot Loaders
The PC98 bootloader now has support for booting from SCSI MO media.
----------------------------------------------------------------------
2.1.3 Network Interface Support
The cm driver now supports IPX.
The nge(4) driver now supports network device polling(4).
----------------------------------------------------------------------
2.1.4 Network Protocols
A FAST_IPSEC kernel option now allows the IPsec implementation to use the
kernel crypto(4) framework, along with its support for hardware
cryptographic acceleration. More information can be found in the
fast_ipsec(4) manual page.
Note: The FAST_IPSEC and IPSEC options are mutually exclusive.
Note: The FAST_IPSEC option is, at the moment, not compatible with IPv6
or the INET6 option.
A gre(4) driver, which can encapsulate IP packets using GRE (RFC 1701) or
minimal IP encapsulation for Mobile IP (RFC 2004), has been added.
A bug in TCP NewReno, which caused premature exit from fast recovery with
NewReno enabled, has been fixed.
The IP fragment reassembly code behaves more gracefully when receiving a
large number of packet fragments (it is designed to be more resistant to
fragment-based denial of service attacks).
----------------------------------------------------------------------
2.1.5 Disks and Storage
The ata(4) driver now supports accessing ATA devices as SCSI devices via
the CAM layer and drivers (cd(4), da(4), st(4), and pass(4)). This feature
requires device atapicam in the kernel configuration. More information can
be found in atapicam(4).
The matcd(4) driver has been removed due to concerns over its licensing
terms. These issues are being addressed and this driver may reappear in a
future release of FreeBSD. (This removal actually occurred in 4.7-RELEASE,
but was not mentioned in the release notes.)
The targ(4) driver has been rewritten and a new usermode has been added to
/usr/share/examples/scsi_target that emulates a direct access device.
The trm driver has been added to support SCSI adapters using the Tekram
TRM-S1040 SCSI chipset.
----------------------------------------------------------------------
2.1.6 Filesystems
----------------------------------------------------------------------
2.1.7 PCCARD Support
----------------------------------------------------------------------
2.1.8 Multimedia Support
----------------------------------------------------------------------
2.1.9 Contributed Software
IPFilter has been updated to 3.4.31.
----------------------------------------------------------------------
2.2 Security Advisories
Buffer overflows in kadmind(8) and k5admin have been corrected. More
details can be found in security advisory FreeBSD-SA-02:40.
Multiple vulnerabilities in BIND have been fixed, as described in
FreeBSD-SA-02:43.
A file descriptor leak in the fpathconf(2) system call, which could allow
a local user to crash the system or cause a privilege escalation, has been
fixed. More details can be found in security advisory FreeBSD-SA-02:44.
A remotely exploitable vulnerability in CVS has been corrected with the
import of version 1.11.5. More details can be found in security advisory
FreeBSD-SA-03:01.
A timing-based attack on OpenSSL, which could allow a very powerful
attacker access to plaintext under certain circumstances, has been
prevented via an upgrade to OpenSSL 0.9.7. See security advisory
FreeBSD-SA-03:02 for more details.
The security and performance of the ``syncookies'' feature has been
improved to decrease the chance of an attacker being able to spoof
connections. More details are given in security advisory FreeBSD-SA-03:03.
A remotely-exploitable buffer overflow vulnerability in sendmail has been
fixed by updating sendmail to version 8.12.8. For more details, see
security advisory FreeBSD-SA-03:04.
A bounds-checking bug in the XDR implementation, which could allow a
remote attacker to cause a denial-of-service, has been fixed. For more
details see security advisory FreeBSD-SA-03:05.
Two recently-publicized flaws in OpenSSL have been corrected. For more
details, see security advisory FreeBSD-SA-03:06.
----------------------------------------------------------------------
2.3 Userland Changes
burncd(8) now accepts a value of max for its -s option to set the drive's
maximum write speed.
cdcontrol(1) now supports a speed command to set the maximum speed to be
used by the drive (the maximum possible speed can be selected setting the
speed to max).
The compat4x distribution now includes the libcrypto.so.2 and libssl.so.2
libraries from FreeBSD 4.7-RELEASE.
The fwcontrol(8) utility has been added to help users access and control
the FireWire subsystem.
ftpd(8) now supports a -h option to disable printing any host-specific
information, such as the ftpd(8) version or hostname, in server messages.
ftpd(8) now supports a -P option to specify a port on which to listen in
daemon mode. The default data port number is now set to be one less than
the control port number, rather than being hard-coded.
ftpd(8) now supports an extended format of the /etc/ftpchroot file. Please
refer to the ftpchroot(5) manpage, which is now available, for details.
ftpd(8) now supports login directory pathnames that specify simultaneously
a directory for chroot(2) and that to change to in the chrooted
environment. The /./ separator is used for this purpose, like in other FTP
daemons having this feature. It may be used in both ftpchroot(5) and
passwd(5).
The getconf(1) utility has been added. It prints the values of POSIX or
X/Open path or system configuration variables.
ipfw(8) now supports enable and disable commands to control various
aspects of the operation of ipfw(4) (including enabling and disabling the
firewall itself). These provide a more convenient and visible interface
than the existing sysctl variables.
make(1) now supports a -C flag to change to a given directory before
building its target(s).
mount_nfs(8) now supports a -c to avoid doing a connect(2) for UDP mount
points. This option must be used if the server does not reply to requests
from the standard NFS port number 2049 or if it replies to requests using
a different IP address (which can occur if the server is multi-homed).
Setting the vfs.nfs.nfs_ip_paranoia sysctl to 0 will make this option the
default.
newsyslog(8) now supports a W flag to force previously-started compression
jobs for an entry (or group of entries specified with the G flag) to
finish before beginning a new one. This feature is designed to prevent
system overloads caused by starting several compression jobs on big files
simultaneously.
The pathchk(1) utility, which checks pathnames for validity or portability
between POSIX systems, has been added.
pw(8) can now add a user whose name ends with a $ character; this change
is intended to help administration of Samba services.
rarpd(8) now accepts a -t flag to specify an alternative directory to
/tftpboot.
The base64 capabilities of uuencode(1) and uudecode(1) can now be
automatically enabled by invoking these utilities as b64encode(1) and
b64decode(1) respectively.
The definitions of the standard file streams (stdin, stdout, and stderr)
have changed so that they are no longer compile-time constants. Some older
binaries may require updated 3.X compatability libraries (for example, by
setting COMPAT3X=yes for a buildworld/installworld).
----------------------------------------------------------------------
2.3.1 Contributed Software
BIND has been updated to version 8.3.4.
All of the bzip2 suite of applications is now installed in the base system
(in particular, bzip2recover is now built and installed).
CVS has been updated to 1.11.5.
FILE has been updated to 3.41.
groff and its related utilities have been updated to FSF version 1.18.1.
Heimdal Kerberos has been updated to 0.5.1.
The ISC DHCP client has been updated to 3.0.1RC11.
libz has been updated to 1.1.4.
OpenSSH has been updated to 3.5p1.
OpenSSL has been updated to release 0.9.7a. Among other features, this
release includes support for AES and takes advantage of crypto(4) devices.
sendmail has been updated to version 8.12.8.
tcpdump has been updated to version 3.7.2.
The timezone database has been updated to the tzdata2002d release.
----------------------------------------------------------------------
2.3.2 Ports/Packages Collection
The one-line pkg-comment files have been eliminated from each port
skeleton; their contents have been moved into each port's Makefile. This
change reduces the disk space and inodes used by the ports tree.
----------------------------------------------------------------------
2.4 Release Engineering and Integration
The supported release of GNOME has been updated to 2.2.
The supported release of KDE has been updated to 3.1.
The supported release of XFree86 has been updated to 4.3.0.
----------------------------------------------------------------------
3 Upgrading from previous releases of FreeBSD
If you're upgrading from a previous release of FreeBSD, you generally will
have three options:
* Using the binary upgrade option of sysinstall(8). This option is
perhaps the quickest, although it presumes that your installation of
FreeBSD uses no special compilation options.
* Performing a complete reinstall of FreeBSD. Technically, this is not
an upgrading method, and in any case is usually less convenient than a
binary upgrade, in that it requires you to manually backup and restore
the contents of /etc. However, it may be useful in cases where you
want (or need) to change the partitioning of your disks.
* From source code in /usr/src. This route is more flexible, but
requires more disk space, time, and technical expertise. More
information can be found in the ``Using make world'' section of the
FreeBSD Handbook. Upgrading from very old versions of FreeBSD may be
problematic; in cases like this, it is usually more effective to
perform a binary upgrade or a complete reinstall.
Please read the INSTALL.TXT file for more information, preferably before
beginning an upgrade. If you are upgrading from source, please be sure to
read /usr/src/UPDATING as well.
Finally, if you want to use one of various means to track the -STABLE or
-CURRENT branches of FreeBSD, please be sure to consult the ``-CURRENT vs.
-STABLE'' section of the FreeBSD Handbook.
Important: Upgrading FreeBSD should, of course, only be attempted after
backing up all data and configuration files.
----------------------------------------------------------------------
This file, and other release-related documents, can be downloaded from
ftp://ftp.FreeBSD.org/.
For questions about FreeBSD, read the documentation before contacting
.
All users of FreeBSD 4-STABLE should subscribe to the
mailing list.
For questions about this documentation, e-mail .