The release notes for FreeBSD are customized for different + platforms, as some of the changes made to FreeBSD apply only to + specific processor architectures.
-Release notes for FreeBSD 4.4 are available for the following + platforms:
-Copyright © 2000, 2001 by The - FreeBSD Documentation Project
-A list of all platforms currently under development can be found + on the Supported + Platforms page.
-This document contains the release notes for FreeBSD - 4.4-RELEASE on the i386 hardware platform. It describes new - features of FreeBSD that have been added (or changed) since - 4.3-RELEASE.
- -This distribution of FreeBSD 4.4-RELEASE is a release - distribution. It can be found at ftp://ftp.FreeBSD.org/pub/FreeBSD/ or any of its - mirrors. More information on obtaining this (or other) - release distributions of FreeBSD can be found in the ``Obtaining FreeBSD'' appendix to the FreeBSD - Handbook.
-This section describes the most user-visible new or - changed features in FreeBSD since 4.3-RELEASE.
- -Many additional changes were made to FreeBSD that are - not listed here for lack of space. For example, - documentation was corrected and improved, minor bugs were - fixed, insecure coding practices were audited and - corrected, and source code was cleaned up.
- -The release notes items are organized into three - different sections. Section 2.1 lists - recent changes to the FreeBSD kernel. Security fixes, - including those pertaining to security advisories, are - listed in Section 2.2. Finally, Section 2.3 covers changes to FreeBSD - userland applications included in the base system.
- -The O_DIRECT flag has been - added to - open(2) and - fcntl(2). Specifying - this flag for open files will attempt to minimize the - cache effects of reading and writing.
- -An - orm(4) device has been - added to claim the option ROMs in the ISA memory I/O - space, to prevent other drivers from mistakenly assigning - addresses that conflict with these ROMs.
- -The out-of-swap process termination code now begins - killing processes earlier to avoid deadlocks; it now also - takes into account the swap space used by processes when - computing the process sizes.
- -Network device cloning has been implemented, and the - - gif(4) device has been - modified to take advantage of it. Thus, instead of - specifying how many - gif(4) interfaces are - available in kernel configuration files, - ifconfig(8)'s create option should be used when - another device instance is desired.
- -Two new - ddb(4) commands, hwatch and dhwatch, have been introduced. Analogous - to watch and dwatch, they install hardware watchpoints - (as opposed to software watchpoints) if supported by the - architecture.
- -A - nmdm(4) null-modem - terminal driver has been added.
- -The - stl(4) driver now - supports the PCI and ISA EasyIO multi-port serial cards - from Stallion Technologies based on the Signetics - SC26C194/8 Intelligent Quad/Octal UART.
- -The maxusers kernel - configuration parameter is now a boot-time tunable - variable. The kernel parameters derived from maxusers are now also tunables and can be - overridden at boot-time. The hz - parameter is also now a tunable.
- -The FreeBSD boot loader now contains a workaround to - support CDROM booting on certain IBM BIOSs that expect - the first sector of the emulated floppy to contain a - valid MS-DOS BPB that they can modify.
- -Detection for new processors, such as the Transmeta - Crusoe, and Transmeta Crusoe with LongRun, has been - added.
- -Support for Streaming SIMD Extensions (SSE) has been introduced. The CPU_ENABLE_SSE kernel option - controls whether support is compiled into the - kernel.
-The - fxp(4) driver now - requires a device miibus entry - in the kernel configuration file.
- -The - wx(4) driver now - supports the Intel PRO1000-F and PRO1000-T - (10/100/1000) adapters.
- -The - an(4) driver now - supports the Cisco Aironet 350 series of adaptors and - has received a few bug fixes; promiscuous mode now - works, and it can be configured before being brought - up.
- -The - xl(4) driver now - supports reception of VLAN tagged frames (on the - ``Cyclone'' or newer chipsets).
- -The - ti(4) driver - correctly masks VLAN tags.
- -Added the - nge(4) driver, which - supports PCI Gigabit Ethernet adapters based on the - National Semiconductor DP83820 and DP83821 Gigabit - Ethernet controller chips, including the D-Link - DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante - FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron - AEG320T. This driver supports transmit and receive - checksum offloading.
- -The - lge(4) driver has - been added to support the Level 1 LXT1001 NetCellerator - Gigabit Ethernet controller chip. This device is used - on some fiber optic GigE cards from SMC, D-Link and - Addtron. Jumbograms and TCP/IP checksum offload on - receive are supported, although hardware VLAN filtering - is not.
- -The - tx(4) driver now - supports the fiber-optic SMC 9432FTX NICs.
- -The - ed(4) driver now has - support for D-Link DL10022 chips, necessary for the - NetGear FA-410TX and other cards. As a result, device miibus is required in - kernel configurations using the - ed(4) driver.
- -The - txp(4) driver has - been added to support NICs based on the 3Com 3XP - Typhoon/Sidewinder (3CR990) chipset.
-TCP now has RFC 1323 extensions enabled by default - in - rc.conf(5).
- -RFC 1323 and RFC 1644 TCP extensions are now - disabled for a connection in progress if no response - has been received by the third SYN segment sent. This - behavior tries to work around (very old) terminal - servers with buggy VJ header compression - implementations.
- -The TCP_RESTRICT_RST kernel - option has been removed. Similar functionality can be - achieved with the net.inet.tcp.blackhole sysctl - variable.
- -The TCP implementation no longer requires the - allocation of a TCP template structure for each - connection; this should reduce the buffer usage on - large systems handling many connections.
- -A new sysctl net.inet.ip.check_interface, which is - off by default, causes IP to verify that an incoming - packet arrives on an interface that has an address - matching the packet's destination address.
- -A new options RANDOM_IP_ID - kernel option causes the ID field of IP packets to be - randomized. This closes a minor information leak which - allows a remote observer to determine the rate at which - the machine is generating packets, since the default - behavior is to increment a counter for each packet - sent.
-The - asr(4) driver now - supports the Adaptec 2000S and 2005S Zero-Channel RAID - controllers.
- -The - aac(4) driver now - supports the Adaptec SCSI RAID 5400S controller.
- -The - ata(4) driver again - has write-caching enabled by default.
- -The - wd(4) compatibility - devices were removed from the - ata(4) driver.
-smbfs (CIFS) support in kernel has been added. The - corresponding userland filesystem mount utility can be - found in the - net/smbfs port in the FreeBSD - Ports Collection.
- -A simple hash-based lookup optimization for large - directories called dirhash has - been added. Conditional on the UFS_DIRHASH kernel option, it improves - the speed of operations on very large directories at - the expense of some memory.
-On many modern hosts, PCCARD devices can be - configured to route their interrupts via either the ISA - or PCI interrupt paths. The - pcic(4) driver has - been updated to support both interrupt paths (formerly, - only routing via ISA was supported). In most cases, - configuration of PCMCIA devices in laptops is simpler - and more flexible. In addition, various Cardbus bridge - PCI cards (such as those used by Orinoco PCI NICs) are - now supported. Some hosts may experience problems, such - as hangs or panics, with PCI interrupt routing; they - can frequently be made to work by forcing the - older-style ISA interrupt routing. The following lines, - placed in /boot/loader.conf, - may fix the problem:
-- hw.pcic.intr_path="1" - hw.pcic.irq="0" -- -
When installing FreeBSD on such a system, typing the - following lines to the boot loader may be helpful in - starting up FreeBSD for the first time:
- --
- ok set hw.pcic.intr_path="1" - ok set hw.pcic.irq="0" --
PCCARD ejection can sometimes result in a hang; a - workaround for these cases is to perform a:
-- # pccardc power 0 slot --
IPFilter has been updated - to 3.4.20.
- -isdn4bsd has been - updated to version 1.0.1. As a result of this update, - users of the - i4bisppp(4) (kernel - PPP over ISDN) driver must - now use - ispppcontrol(8) - instead of - spppcontrol(8) to - configure and control these network interfaces.
- -The - ihfc(4) driver for - supporting Cologne Chip Designs HFC devices under isdn4bsd has been added.
- -The - itjc(4) driver for - supporting NETjet-S / Teles PCI-TJ devices under isdn4bsd has been added.
- -Experimental support for the Eicon.Diehl DIVA 2.0 - and 2.02 ISA PnP ISDN cards has been added to the - isic(4) isdn4bsd driver.
- -Active CAPI-based ISDN cards manufacured by AVM - are now supported using the - i4bcapi(4) and the - - iavc(4) driver. The - supported cards are the AVM B1 PCI and AVM B1 ISA - Basic Rate cards and the AVM T1 Primary Rate - cards.
- -A new maxconnecttime - keyword is now accepted in - isdnd.rc(5) files - to limit the time a connection may remain open.
-The IPv6 stack is now based on a snapshot based on - the KAME Project's IPv6 snapshot as of 28 May, 2001. - Most of the items listed in this section are a result - of this import. Section - 2.3.1.2 lists userland updates to the KAME IPv6 - stack.
- -- gif(4) is now based - on RFC 2893, rather than RFC 1933. The IFF_LINK2 interface flag can be used - to control ingress filtering.
- -IPSec has received some - enhancements, including the ability to use the - Rijndael and SHA2 algorithms. IPSec RC5 support has - been removed due to patent issues.
- -- stf(4) now conforms - to RFC 3056; the IFF_LINK2 - interface flag can be used to control ingress - filtering.
- -IPv6 has better checking of illegal addresses - (such as loopback addresses) on physical - networks.
- -The IPV6_V6ONLY socket - option is now completely supported. The kernel's - default behavior with respect to this option is - controlled by the net.inet6.ip6.v6only sysctl - variable.
- -RFC 3041 (Privacy Extensions for Stateless Address - Autoconfiguration) is now supported. It can be - enabled via the net.inet6.ip6.use_tempaddr sysctl - variable.
-The security fix mentioned in security advisory - FreeBSD-SA-01:39, which governs initial sequence number - generation for TCP connections, has raised some possible - compatibility issues. To mitigate this effect, the fix - can now be enabled or disabled using the net.inet.tcp.tcp_seq_genscheme sysctl - variable.
- -A vulnerability in the - fts(3) routines (used - by applications for recursively traversing a filesystem) - could allow a program to operate on files outside the - intended directory hierarchy. This bug has been fixed - (see security advisory FreeBSD-SA-01:40).
- -- portmap(8) is now - turned off by default, although it will be started - automatically on machines that enable NFS serving, NIS - services, or - amd(8) through - rc.conf(5).
- -A flaw allowed some signal handlers to remain in - effect in a child process after being exec-ed from its - parent. This allowed an attacker to execute arbitrary - code in the context of a setuid binary. This flaw has - been corrected (see security advisory - FreeBSD-SA-01:42).
- -A remote buffer overflow in - tcpdump(1) has been - fixed (see security advisory FreeBSD-SA-01:48).
- -A remote buffer overflow in - telnetd(8) has been - fixed (see security advisory FreeBSD-SA-01:49).
- -The new net.inet.ip.maxfragpackets and net.inet.ip6.maxfragpackets sysctl - variables limit the amount of memory that can be consumed - by IPv4 and IPv6 packet fragments, which defends against - some denial of service attacks (see security advisory - FreeBSD-SA-01:52).
- -The number of ``security profiles'' available in - sysinstall(8) for new - installations has been reduced to two.
- -All services in inetd.conf - are now disabled by default for new installations. - sysinstall(8) gives the - option of enabling or disabling - inetd(8) on new - installations, as well as editing inetd.conf.
- -A flaw in the implementation of the - ipfw(8) me rules on point-to-point links has been - corrected. Formerly, me filter - rules would match the remote IP address of a - point-to-point interface in addition to the intended - local IP address (see security advisory - FreeBSD-SA-01:53).
- -A vulnerability in - procfs(5), which could - allow a process to read sensitive information from - another process's memory space, has been closed (see - security advisory FreeBSD-SA-01:55).
- -The PARANOID hostname - checking in tcp_wrappers now - works as advertised (see security advisory - FreeBSD-SA-01:56).
- -A local root exploit in - sendmail(8) has been - closed (see security advisory FreeBSD-SA-01:57).
- -A remote root vulnerability in - lpd(8) has been closed - (see security advisory FreeBSD-SA-01:58).
- -A race condition in - rmuser(8) that briefly - exposed a world-readable /etc/master.passwd has been fixed (see - security advisory FreeBSD-SA-01:59).
- -All non-root-owned binaries - in standard system paths now have the schg flag set to prevent exploit vectors - when run by - cron(8), by root, or by a user other then the one - owning the binary. In addition, - uustat(1) is now run - via /etc/periodic/daily/410.status-uucp as - uucp, not root.
- -A security hole in the form of a buffer overflow in - the - semop(2) system call - has been closed.
-- ip6fw(8) now has the - ability to use a preprocessor and use the -q (quiet) flag when reading from a - file.
- -- ping(8) now supports a - -m option to set the TTL of - outgoing packets.
- -- ln(1) now takes a -h flag to avoid following a target - that is a link, with a -n flag - for compatibility with other implementations.
- -- find(1) now has the -anewer, -cnewer, -mnewer, - -okdir, and -newer[acm][acmt] primaries for comparisons - of file timestamps.
- -The performance of the ELF dynamic linker has been - improved.
- -- ifconfig(8) can now - accept addresses in slash/CIDR notation.
- -- c89(1) has been - converted from a shell script to a binary executable, - fixing some minor bugs.
- -- vidcontrol(1) now - supports a -p option to take a - snapshot of a - syscons(4) video - buffer. These snapshots can be manipulated by the - graphics/scr2png utility in the - Ports Collection.
- -- vidcontrol(1) now - allows the user to omit the font size specification when - loading a font, and has some better error-handling.
- -- telnet(1) now supports - a -u flag to allow connections to - UNIX-domain (AF_UNIX) - sockets.
- -- newfs(8) now takes a - -U option to enable softupdates - on a new filesystem.
- -libcrypt now has support for - Blowfish password hashing.
- -Ukrainian language support has been added to the - FreeBSD console.
- -- savecore(8) now works - correctly on machines with 2 GB or more of RAM.
- -The syntax of - inetd(8)'s support for - - faithd(8) is now - compatible with that of other BSDs.
- -The ident protocol support in - - inetd(8) has been - cleaned up and updated.
- -- inetd(8) now has the - ability to manage UNIX-domain sockets.
- -The - resolver(3) in FreeBSD - now implements EDNS0 support, which will be necessary - when working with IPv6 transport-ready resolvers/DNS - servers.
- -- df(1) now takes a -l option to only display information - about locally-mounted filesystems.
- -- whois(1) now directs - queries for IP addresses to ARIN. If a query to ARIN - references APNIC or RIPE, the appropriate server will - also be queried, provided that the -Q option is not specified.
- -The -T option to - dump(8) no longer - swallows an extra argument.
- -- dump(8) has a new -D option, allowing the path to the - /etc/dumpdates file to be - changed.
- -libfetch now has support for - a HTTP_USER_AGENT environment - variable.
- -The - getprogname(3) and - setprogname(3) library - functions have been added to manipulate the name of the - current program. They are used by error-reporting - routines to produce consistent output.
- -- xargs(1) now supports a - -J replstr option that allows the - user to tell - xargs(1) to insert the - data read from standard input at a specific point in the - command line arguments, rather than at the end.
- -- ifconfig(8) now has - support for setting parameters for IEEE 802.11 wireless - network devices. - wi(4) and - an(4) devices are - supported.
- -- ifconfig(8) no longer - displays the list of supported media by default. Instead - it displays it when the -m option - is given.
- -- lpd(8) now takes two - new options: -c will log all - connection errors to - syslogd(8), while -W will allow connections from - non-reserved ports.
- -- lpc(8) has been - improved; lpc clean is now - somewhat safer, and a new lpc - tclean command has been added to check to see what - files would be removed by lpc - clean.
- -- du(1) now takes a -I command-line flag to ignore/skip - files and subdirectories matching a specified shell-glob - mask.
- -- growfs(8), a utility - for growing FFS filesystems, has been added. - ffsinfo(8), a utility - for dump all the meta-information of an existing - filesystem, has also been added.
- -- mail(1) now takes a -E flag to avoid sending messages - with empty bodies.
- -- vidcontrol(1) now - supports a -C option to clear the - history buffer for a given tty, as well as a -h option to set the size of the history - buffer.
- -- last(1) now implements - a -d option that provides a - ``snapshot'' of who was logged in at a particular date - and time.
- -libcrypt and libdescrypt have been unified to provide - a configurable password authentication hash library. Both - the md5 and des hash methods are provided unless the des - hash is specifically compiled out.
- -- install(1) has a number - of new features, including the -b - and -B options for backing up - existing target files and the -S - option for ``safe'' (atomic copy) operation. The -c (copy) flag is now the default, - and the -D (debugging) flag has - been withdrawn. - install(1) now issues a - warning if -d (create - directories) and -C (copy changed - files only) are used together.
- -The FreeBSD Makefile - infrastructure now supports the WARNS directive from NetBSD. This - directive controls the addition of compiler warning flags - to CFLAGS in a relatively - compiler-neutral manner.
- -A new - fsck_msdosfs(8) utility - has been added to check the consistency of MS-DOS - filesystems.
- -The - kldconfig(8) utility - has been added to make it easier to manipulate the kernel - module search path.
- -- moused(8) now takes a - -a option to control mouse - acceleration.
- -The tcpmssfixup - ppp(8) option now - adjusts the maximum receive segment size of incoming TCP - SYN segments as well as outgoing TCP SYN segments.
- -- sysctl(8) now supports - a -N option to print out variable - names only.
- -- sysctl(8) has replaced - the -A and -X options with -ao - and -ax respectively; the former - options are now deprecated. The -w flag is deprecated as well; it is not - needed to determine the user's intentions.
- -- cdcontrol(1) now - supports next and prev commands to skip forwards or - backwards a specified number of tracks while playing an - audio CD.
- -- col(1) now takes a -p flag to force unknown control - sequences to be passed through unchanged.
- -- tmpnam(3) will now use - the TMPDIR environment variable, - if set, to specify the location of temporary files.
- -- rc(8) now deletes all - non-directory files in /var/run - and /var/spool/lock at boot - time.
- -- fmtcheck(3), a function - for checking consistency of format string arguments, has - been added.
- -- apmd(8) now has the - ability to monitor battery levels and execute commands - based on percentage or minutes of battery life remaining - via the apm_battery - configuration directive. See the commented-out examples - in /etc/apmd.conf for the - syntax.
- -- pppd(8) (the control - program for kernel-level PPP) is now installed mode 4550 and root:dialer, rather than mode 4555 (in other words, it is no longer - world-executable). Users of - pppd(8) may need to - change their group settings.
- -BIND is now built with - the NOADDITIONAL flag, which - causes - named(8) to operate - in a more consistent fashion for certain common - misconfigurations.
- -BIND has been updated to - 8.2.4-REL.
- -Binutils have been - upgraded to 2.11.2.
- -bzip2 1.0.1 has been - imported; this brings the - bzip2(1) program and - the libbz2 library to the - base system.
- -The - ee(1) Easy Editor has been updated to - 1.4.2.
- -file has been updated to - 3.36.
- -- gcc(1) now supports - the environment variable GCC_OPTIONS, which can hold a set of - default options for GCC.
- -GNATS has been updated to - 3.113.
- -groff and its related - utilities have been updated to FSF version 1.17.2. This - import brings in a new - mdoc(7) macro package - (sometimes referred to as mdocNG), which removes many of the - limitations of its predecessor.
- -libpcap has been updated - to 0.6.2.
- -OpenSSL has been upgraded - to 0.9.6a.
- -sendmail and associated - utilities have been upgraded to version 8.11.6. See /usr/src/contrib/sendmail/RELEASE_NOTES - for more information.
- -- traceroute(8) now - takes its default maximum TTL value from the net.inet.ip.ttl sysctl variable.
- -tcpdump has been updated - to 3.6.3.
- -CVSup, a frequently - used utility in the FreeBSD Ports Collection, was - formerly installable using several ports and - packages. The - net/cvsup-bin and - net/cvsupd-bin - ports/packages are no longer necessary or available; - the - net/cvsup port should be - used instead.
- -CVSup has been updated - to 16.1_3, which is available in the FreeBSD Ports - Collection as - net/cvsup. This update - fixes a long-standing (but only recently encountered) - bug which affects the timestamps on all files after - Sun Sep 9 01:46:40 UTC 2001 (1,000,000,000 seconds - after the UNIX epoch).
-The IPv6 stack is now based on a snapshot based on - the KAME Project's IPv6 snapshot as of 28 May, 2001. - Most of the items listed in this section are a result - of this import. Section - 2.1.8.2 lists kernel updates to the KAME IPv6 - stack.
- -- faithd(8) now - supports a configuration file for access control.
- -- ifconfig(8) can now - perform the functions of - gifconfig(8).
- -- ifconfig(8) can now - perform the functions of - prefix(8). - prefix(8) is now a - shell script for partial backwards compatibility.
- -- ndp(8) now - implements garbage collection for stale NDP entries, - as described in RFC 2461 (Neighbor Discovery for IP - Version 6 (IPv6)).
- -- pim6dd(8) and - pim6sd(8) have been - removed due to restrictive licensing conditions. - These programs are available in the ports collection - as - net/pim6dd and - net/pim6sd.
- -- route6d(8) now - supports an -n flag to avoid - updating the kernel forwarding table.
- -The -R (router - renumbering) option to - rtadvd(8) is - currently ignored.
-- pkg_version(1) now - takes a -s flag to limit its - operation to ports/packages matching a given - string.
-If you're upgrading from a previous release of FreeBSD, - most likely it's 4.X and there may be some issues affecting - you, depending of course on your chosen method of - upgrading. There are two popular ways of upgrading FreeBSD - distributions:
- - - -Using sources, via /usr/src
-Using the binary upgrade option of - sysinstall(8).
-Please read the INSTALL.TXT - file for more information, preferably before beginning an upgrade. If you are - upgrading from source, please be sure to read /usr/src/UPDATING as well.
- -Finally, if you want to use one of various means to - track the -STABLE or -CURRENT branches of FreeBSD, please - be sure to consult the ``-CURRENT vs. -STABLE'' section of the - FreeBSD Handbook.
-This file, and other release-related - documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/.
- -For questions about FreeBSD, read the - documentation - before contacting <questions@FreeBSD.org>.
- -All users of FreeBSD 4-STABLE - should subscribe to the <stable@FreeBSD.org> mailing - list.
- - Release Home -Copyright © 2000, 2001 by The + FreeBSD Documentation Project
+This document contains the release notes for FreeBSD + 4.4-RELEASE on the alpha hardware platform. It describes + new features of FreeBSD that have been added (or changed) + since 4.3-RELEASE.
+ +This distribution of FreeBSD 4.4-RELEASE is a release + distribution. It can be found at ftp://ftp.FreeBSD.org/pub/FreeBSD/ or any of its + mirrors. More information on obtaining this (or other) + release distributions of FreeBSD can be found in the ``Obtaining FreeBSD'' appendix to the FreeBSD + Handbook.
+This section describes the most user-visible new or + changed features in FreeBSD since 4.3-RELEASE.
+ +Many additional changes were made to FreeBSD that are + not listed here for lack of space. For example, + documentation was corrected and improved, minor bugs were + fixed, insecure coding practices were audited and + corrected, and source code was cleaned up.
+ +The release notes items are organized into three + different sections. Section 2.1 lists + recent changes to the FreeBSD kernel. Security fixes, + including those pertaining to security advisories, are + listed in Section 2.2. Finally, Section 2.3 covers changes to FreeBSD + userland applications included in the base system.
+ +The O_DIRECT flag has been + added to + open(2) and + fcntl(2). Specifying + this flag for open files will attempt to minimize the + cache effects of reading and writing.
+ +An + orm(4) device has been + added to claim the option ROMs in the ISA memory I/O + space, to prevent other drivers from mistakenly assigning + addresses that conflict with these ROMs.
+ +The out-of-swap process termination code now begins + killing processes earlier to avoid deadlocks; it now also + takes into account the swap space used by processes when + computing the process sizes.
+ +Network device cloning has been implemented, and the + + gif(4) device has been + modified to take advantage of it. Thus, instead of + specifying how many + gif(4) interfaces are + available in kernel configuration files, + ifconfig(8)'s create option should be used when + another device instance is desired.
+ +Two new + ddb(4) commands, hwatch and dhwatch, have been introduced. Analogous + to watch and dwatch, they install hardware watchpoints + (as opposed to software watchpoints) if supported by the + architecture.
+ +A + nmdm(4) null-modem + terminal driver has been added.
+ +The + stl(4) driver now + supports the PCI and ISA EasyIO multi-port serial cards + from Stallion Technologies based on the Signetics + SC26C194/8 Intelligent Quad/Octal UART.
+ +The maxusers kernel + configuration parameter is now a boot-time tunable + variable. The kernel parameters derived from maxusers are now also tunables and can be + overridden at boot-time. The hz + parameter is also now a tunable.
+ +A long standing bug in the FreeBSD boot from CDROM has + been fixed. This means that machines like the AlphaServer + 1200 can now be booted from the installation and fixit + CDROMs.
+ +Because of space constraints on the boot floppy, + support for DEC3000 TurboChannel-based machines has + been removed from the installation kernel. For the same + reason, the following device drivers are no longer + present in the installation kernel: + ncr(4), + sa(4), + amr(4), + plip(4), + le(4), + pcn(4), + wx(4), and + sl(4). Note that most + if not all Symbios adapters are covered by the new + sym(4) driver.
+ +Whitebox (NT-only) AlphaServer 530x machines are now + supported by FreeBSD. FreeBSD is, as always, booted + from SRM, not from AlphaBIOS. Make sure your SCSI + adapters are on hose 0 for use with FreeBSD.
+The + fxp(4) driver now + requires a device miibus entry + in the kernel configuration file.
+ +The + wx(4) driver now + supports the Intel PRO1000-F and PRO1000-T + (10/100/1000) adapters.
+ +The + an(4) driver now + supports the Cisco Aironet 350 series of adaptors and + has received a few bug fixes; promiscuous mode now + works, and it can be configured before being brought + up.
+ +The + xl(4) driver now + supports reception of VLAN tagged frames (on the + ``Cyclone'' or newer chipsets).
+ +The + ti(4) driver + correctly masks VLAN tags.
+ +Added the + nge(4) driver, which + supports PCI Gigabit Ethernet adapters based on the + National Semiconductor DP83820 and DP83821 Gigabit + Ethernet controller chips, including the D-Link + DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante + FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron + AEG320T. This driver supports transmit and receive + checksum offloading.
+ +The + lge(4) driver has + been added to support the Level 1 LXT1001 NetCellerator + Gigabit Ethernet controller chip. This device is used + on some fiber optic GigE cards from SMC, D-Link and + Addtron. Jumbograms and TCP/IP checksum offload on + receive are supported, although hardware VLAN filtering + is not.
+ +The + tx(4) driver now + supports the fiber-optic SMC 9432FTX NICs.
+ +The + ed(4) driver now has + support for D-Link DL10022 chips, necessary for the + NetGear FA-410TX and other cards. As a result, device miibus is required in + kernel configurations using the + ed(4) driver.
+ +The + txp(4) driver has + been added to support NICs based on the 3Com 3XP + Typhoon/Sidewinder (3CR990) chipset.
+TCP now has RFC 1323 extensions enabled by default + in + rc.conf(5).
+ +RFC 1323 and RFC 1644 TCP extensions are now + disabled for a connection in progress if no response + has been received by the third SYN segment sent. This + behavior tries to work around (very old) terminal + servers with buggy VJ header compression + implementations.
+ +The TCP_RESTRICT_RST kernel + option has been removed. Similar functionality can be + achieved with the net.inet.tcp.blackhole sysctl + variable.
+ +The TCP implementation no longer requires the + allocation of a TCP template structure for each + connection; this should reduce the buffer usage on + large systems handling many connections.
+ +A new sysctl net.inet.ip.check_interface, which is + off by default, causes IP to verify that an incoming + packet arrives on an interface that has an address + matching the packet's destination address.
+ +A new options RANDOM_IP_ID + kernel option causes the ID field of IP packets to be + randomized. This closes a minor information leak which + allows a remote observer to determine the rate at which + the machine is generating packets, since the default + behavior is to increment a counter for each packet + sent.
+The + ata(4) driver again + has write-caching enabled by default.
+ +The + wd(4) compatibility + devices were removed from the + ata(4) driver.
+ +Access to the floppy drive on the AlphaServer DS10 + and AlphaServer DS20 is broken. On the DS10, various + errors are reported; on the DS20, the machine locks + up.
+A simple hash-based lookup optimization for large + directories called dirhash has + been added. Conditional on the UFS_DIRHASH kernel option, it improves + the speed of operations on very large directories at + the expense of some memory.
+On many modern hosts, PCCARD devices can be + configured to route their interrupts via either the ISA + or PCI interrupt paths. The + pcic(4) driver has + been updated to support both interrupt paths (formerly, + only routing via ISA was supported). In most cases, + configuration of PCMCIA devices in laptops is simpler + and more flexible. In addition, various Cardbus bridge + PCI cards (such as those used by Orinoco PCI NICs) are + now supported. Some hosts may experience problems, such + as hangs or panics, with PCI interrupt routing; they + can frequently be made to work by forcing the + older-style ISA interrupt routing. The following lines, + placed in /boot/loader.conf, + may fix the problem:
++ hw.pcic.intr_path="1" + hw.pcic.irq="0" ++ +
When installing FreeBSD on such a system, typing the + following lines to the boot loader may be helpful in + starting up FreeBSD for the first time:
+ ++
+ ok set hw.pcic.intr_path="1" + ok set hw.pcic.irq="0" ++
PCCARD ejection can sometimes result in a hang; a + workaround for these cases is to perform a:
++ # pccardc power 0 slot ++
IPFilter has been updated + to 3.4.20.
+ +The IPv6 stack is now based on a snapshot based on + the KAME Project's IPv6 snapshot as of 28 May, 2001. + Most of the items listed in this section are a result + of this import. Section + 2.3.1.2 lists userland updates to the KAME IPv6 + stack.
+ ++ gif(4) is now based + on RFC 2893, rather than RFC 1933. The IFF_LINK2 interface flag can be used + to control ingress filtering.
+ +IPSec has received some + enhancements, including the ability to use the + Rijndael and SHA2 algorithms. IPSec RC5 support has + been removed due to patent issues.
+ ++ stf(4) now conforms + to RFC 3056; the IFF_LINK2 + interface flag can be used to control ingress + filtering.
+ +IPv6 has better checking of illegal addresses + (such as loopback addresses) on physical + networks.
+ +The IPV6_V6ONLY socket + option is now completely supported. The kernel's + default behavior with respect to this option is + controlled by the net.inet6.ip6.v6only sysctl + variable.
+ +RFC 3041 (Privacy Extensions for Stateless Address + Autoconfiguration) is now supported. It can be + enabled via the net.inet6.ip6.use_tempaddr sysctl + variable.
+The security fix mentioned in security advisory + FreeBSD-SA-01:39, which governs initial sequence number + generation for TCP connections, has raised some possible + compatibility issues. To mitigate this effect, the fix + can now be enabled or disabled using the net.inet.tcp.tcp_seq_genscheme sysctl + variable.
+ +A vulnerability in the + fts(3) routines (used + by applications for recursively traversing a filesystem) + could allow a program to operate on files outside the + intended directory hierarchy. This bug has been fixed + (see security advisory FreeBSD-SA-01:40).
+ ++ portmap(8) is now + turned off by default, although it will be started + automatically on machines that enable NFS serving, NIS + services, or + amd(8) through + rc.conf(5).
+ +A flaw allowed some signal handlers to remain in + effect in a child process after being exec-ed from its + parent. This allowed an attacker to execute arbitrary + code in the context of a setuid binary. This flaw has + been corrected (see security advisory + FreeBSD-SA-01:42).
+ +A remote buffer overflow in + tcpdump(1) has been + fixed (see security advisory FreeBSD-SA-01:48).
+ +A remote buffer overflow in + telnetd(8) has been + fixed (see security advisory FreeBSD-SA-01:49).
+ +The new net.inet.ip.maxfragpackets and net.inet.ip6.maxfragpackets sysctl + variables limit the amount of memory that can be consumed + by IPv4 and IPv6 packet fragments, which defends against + some denial of service attacks (see security advisory + FreeBSD-SA-01:52).
+ +The number of ``security profiles'' available in + sysinstall(8) for new + installations has been reduced to two.
+ +All services in inetd.conf + are now disabled by default for new installations. + sysinstall(8) gives the + option of enabling or disabling + inetd(8) on new + installations, as well as editing inetd.conf.
+ +A flaw in the implementation of the + ipfw(8) me rules on point-to-point links has been + corrected. Formerly, me filter + rules would match the remote IP address of a + point-to-point interface in addition to the intended + local IP address (see security advisory + FreeBSD-SA-01:53).
+ +A vulnerability in + procfs(5), which could + allow a process to read sensitive information from + another process's memory space, has been closed (see + security advisory FreeBSD-SA-01:55).
+ +The PARANOID hostname + checking in tcp_wrappers now + works as advertised (see security advisory + FreeBSD-SA-01:56).
+ +A local root exploit in + sendmail(8) has been + closed (see security advisory FreeBSD-SA-01:57).
+ +A remote root vulnerability in + lpd(8) has been closed + (see security advisory FreeBSD-SA-01:58).
+ +A race condition in + rmuser(8) that briefly + exposed a world-readable /etc/master.passwd has been fixed (see + security advisory FreeBSD-SA-01:59).
+ +All non-root-owned binaries + in standard system paths now have the schg flag set to prevent exploit vectors + when run by + cron(8), by root, or by a user other then the one + owning the binary. In addition, + uustat(1) is now run + via /etc/periodic/daily/410.status-uucp as + uucp, not root.
+ +A security hole in the form of a buffer overflow in + the + semop(2) system call + has been closed.
++ ip6fw(8) now has the + ability to use a preprocessor and use the -q (quiet) flag when reading from a + file.
+ ++ ping(8) now supports a + -m option to set the TTL of + outgoing packets.
+ ++ ln(1) now takes a -h flag to avoid following a target + that is a link, with a -n flag + for compatibility with other implementations.
+ ++ find(1) now has the -anewer, -cnewer, -mnewer, + -okdir, and -newer[acm][acmt] primaries for comparisons + of file timestamps.
+ +The performance of the ELF dynamic linker has been + improved.
+ ++ ifconfig(8) can now + accept addresses in slash/CIDR notation.
+ ++ c89(1) has been + converted from a shell script to a binary executable, + fixing some minor bugs.
+ ++ vidcontrol(1) now + supports a -p option to take a + snapshot of a + syscons(4) video + buffer. These snapshots can be manipulated by the + graphics/scr2png utility in the + Ports Collection.
+ ++ vidcontrol(1) now + allows the user to omit the font size specification when + loading a font, and has some better error-handling.
+ ++ telnet(1) now supports + a -u flag to allow connections to + UNIX-domain (AF_UNIX) + sockets.
+ ++ newfs(8) now takes a + -U option to enable softupdates + on a new filesystem.
+ +libcrypt now has support for + Blowfish password hashing.
+ +Ukrainian language support has been added to the + FreeBSD console.
+ ++ savecore(8) now works + correctly on machines with 2 GB or more of RAM.
+ +The syntax of + inetd(8)'s support for + + faithd(8) is now + compatible with that of other BSDs.
+ +The ident protocol support in + + inetd(8) has been + cleaned up and updated.
+ ++ inetd(8) now has the + ability to manage UNIX-domain sockets.
+ +The + resolver(3) in FreeBSD + now implements EDNS0 support, which will be necessary + when working with IPv6 transport-ready resolvers/DNS + servers.
+ ++ df(1) now takes a -l option to only display information + about locally-mounted filesystems.
+ ++ whois(1) now directs + queries for IP addresses to ARIN. If a query to ARIN + references APNIC or RIPE, the appropriate server will + also be queried, provided that the -Q option is not specified.
+ +The -T option to + dump(8) no longer + swallows an extra argument.
+ ++ dump(8) has a new -D option, allowing the path to the + /etc/dumpdates file to be + changed.
+ +libfetch now has support for + a HTTP_USER_AGENT environment + variable.
+ +The + getprogname(3) and + setprogname(3) library + functions have been added to manipulate the name of the + current program. They are used by error-reporting + routines to produce consistent output.
+ ++ xargs(1) now supports a + -J replstr option that allows the + user to tell + xargs(1) to insert the + data read from standard input at a specific point in the + command line arguments, rather than at the end.
+ ++ ifconfig(8) now has + support for setting parameters for IEEE 802.11 wireless + network devices. + wi(4) and + an(4) devices are + supported.
+ ++ ifconfig(8) no longer + displays the list of supported media by default. Instead + it displays it when the -m option + is given.
+ ++ lpd(8) now takes two + new options: -c will log all + connection errors to + syslogd(8), while -W will allow connections from + non-reserved ports.
+ ++ lpc(8) has been + improved; lpc clean is now + somewhat safer, and a new lpc + tclean command has been added to check to see what + files would be removed by lpc + clean.
+ ++ du(1) now takes a -I command-line flag to ignore/skip + files and subdirectories matching a specified shell-glob + mask.
+ ++ growfs(8), a utility + for growing FFS filesystems, has been added. + ffsinfo(8), a utility + for dump all the meta-information of an existing + filesystem, has also been added.
+ ++ mail(1) now takes a -E flag to avoid sending messages + with empty bodies.
+ ++ vidcontrol(1) now + supports a -C option to clear the + history buffer for a given tty, as well as a -h option to set the size of the history + buffer.
+ ++ last(1) now implements + a -d option that provides a + ``snapshot'' of who was logged in at a particular date + and time.
+ +libcrypt and libdescrypt have been unified to provide + a configurable password authentication hash library. Both + the md5 and des hash methods are provided unless the des + hash is specifically compiled out.
+ ++ install(1) has a number + of new features, including the -b + and -B options for backing up + existing target files and the -S + option for ``safe'' (atomic copy) operation. The -c (copy) flag is now the default, + and the -D (debugging) flag has + been withdrawn. + install(1) now issues a + warning if -d (create + directories) and -C (copy changed + files only) are used together.
+ +The FreeBSD Makefile + infrastructure now supports the WARNS directive from NetBSD. This + directive controls the addition of compiler warning flags + to CFLAGS in a relatively + compiler-neutral manner.
+ +A new + fsck_msdosfs(8) utility + has been added to check the consistency of MS-DOS + filesystems.
+ +The + kldconfig(8) utility + has been added to make it easier to manipulate the kernel + module search path.
+ ++ moused(8) now takes a + -a option to control mouse + acceleration.
+ +The tcpmssfixup + ppp(8) option now + adjusts the maximum receive segment size of incoming TCP + SYN segments as well as outgoing TCP SYN segments.
+ ++ sysctl(8) now supports + a -N option to print out variable + names only.
+ ++ sysctl(8) has replaced + the -A and -X options with -ao + and -ax respectively; the former + options are now deprecated. The -w flag is deprecated as well; it is not + needed to determine the user's intentions.
+ ++ cdcontrol(1) now + supports next and prev commands to skip forwards or + backwards a specified number of tracks while playing an + audio CD.
+ ++ col(1) now takes a -p flag to force unknown control + sequences to be passed through unchanged.
+ ++ tmpnam(3) will now use + the TMPDIR environment variable, + if set, to specify the location of temporary files.
+ ++ rc(8) now deletes all + non-directory files in /var/run + and /var/spool/lock at boot + time.
+ ++ fmtcheck(3), a function + for checking consistency of format string arguments, has + been added.
+ ++ apmd(8) now has the + ability to monitor battery levels and execute commands + based on percentage or minutes of battery life remaining + via the apm_battery + configuration directive. See the commented-out examples + in /etc/apmd.conf for the + syntax.
+ ++ pppd(8) (the control + program for kernel-level PPP) is now installed mode 4550 and root:dialer, rather than mode 4555 (in other words, it is no longer + world-executable). Users of + pppd(8) may need to + change their group settings.
+ ++ sysinstall(8) reports + /: write failed, file system is + full when navigating the menus. These messages do + not affect the operation of + sysinstall(8) or the + actual installation process and can safely be + ignored.
+ ++ savecore(8) now works + correctly on Alpha machines.
+ +BIND is now built with + the NOADDITIONAL flag, which + causes + named(8) to operate + in a more consistent fashion for certain common + misconfigurations.
+ +BIND has been updated to + 8.2.4-REL.
+ +Binutils have been + upgraded to 2.11.2.
+ +bzip2 1.0.1 has been + imported; this brings the + bzip2(1) program and + the libbz2 library to the + base system.
+ +The + ee(1) Easy Editor has been updated to + 1.4.2.
+ +file has been updated to + 3.36.
+ ++ gcc(1) now supports + the environment variable GCC_OPTIONS, which can hold a set of + default options for GCC.
+ +GNATS has been updated to + 3.113.
+ +groff and its related + utilities have been updated to FSF version 1.17.2. This + import brings in a new + mdoc(7) macro package + (sometimes referred to as mdocNG), which removes many of the + limitations of its predecessor.
+ +libpcap has been updated + to 0.6.2.
+ +OpenSSL has been upgraded + to 0.9.6a.
+ +sendmail and associated + utilities have been upgraded to version 8.11.6. See /usr/src/contrib/sendmail/RELEASE_NOTES + for more information.
+ ++ traceroute(8) now + takes its default maximum TTL value from the net.inet.ip.ttl sysctl variable.
+ +tcpdump has been updated + to 3.6.3.
+ +CVSup, a frequently + used utility in the FreeBSD Ports Collection, was + formerly installable using several ports and + packages. The + net/cvsup-bin and + net/cvsupd-bin + ports/packages are no longer necessary or available; + the + net/cvsup port should be + used instead.
+ +CVSup has been updated + to 16.1_3, which is available in the FreeBSD Ports + Collection as + net/cvsup. This update + fixes a long-standing (but only recently encountered) + bug which affects the timestamps on all files after + Sun Sep 9 01:46:40 UTC 2001 (1,000,000,000 seconds + after the UNIX epoch).
+The IPv6 stack is now based on a snapshot based on + the KAME Project's IPv6 snapshot as of 28 May, 2001. + Most of the items listed in this section are a result + of this import. Section + 2.1.8.2 lists kernel updates to the KAME IPv6 + stack.
+ ++ faithd(8) now + supports a configuration file for access control.
+ ++ ifconfig(8) can now + perform the functions of + gifconfig(8).
+ ++ ifconfig(8) can now + perform the functions of + prefix(8). + prefix(8) is now a + shell script for partial backwards compatibility.
+ ++ ndp(8) now + implements garbage collection for stale NDP entries, + as described in RFC 2461 (Neighbor Discovery for IP + Version 6 (IPv6)).
+ ++ pim6dd(8) and + pim6sd(8) have been + removed due to restrictive licensing conditions. + These programs are available in the ports collection + as + net/pim6dd and + net/pim6sd.
+ ++ route6d(8) now + supports an -n flag to avoid + updating the kernel forwarding table.
+ +The -R (router + renumbering) option to + rtadvd(8) is + currently ignored.
++ pkg_version(1) now + takes a -s flag to limit its + operation to ports/packages matching a given + string.
+If you're upgrading from a previous release of FreeBSD, + most likely it's 4.X and there may be some issues affecting + you, depending of course on your chosen method of + upgrading. There are two popular ways of upgrading FreeBSD + distributions:
+ + + +Using sources, via /usr/src
+Using the binary upgrade option of + sysinstall(8).
+Please read the INSTALL.TXT + file for more information, preferably before beginning an upgrade. If you are + upgrading from source, please be sure to read /usr/src/UPDATING as well.
+ +Finally, if you want to use one of various means to + track the -STABLE or -CURRENT branches of FreeBSD, please + be sure to consult the ``-CURRENT vs. -STABLE'' section of the + FreeBSD Handbook.
+This file, and other release-related + documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/.
+ +For questions about FreeBSD, read the + documentation + before contacting <questions@FreeBSD.org>.
+ +All users of FreeBSD 4-STABLE + should subscribe to the <stable@FreeBSD.org> mailing + list.
+ +For questions about this documentation, + e-mail <doc@FreeBSD.org>.
+Copyright © 2000, 2001 by The + FreeBSD Documentation Project
+This document contains the release notes for FreeBSD + 4.4-RELEASE on the i386 hardware platform. It describes new + features of FreeBSD that have been added (or changed) since + 4.3-RELEASE.
+ +This distribution of FreeBSD 4.4-RELEASE is a release + distribution. It can be found at ftp://ftp.FreeBSD.org/pub/FreeBSD/ or any of its + mirrors. More information on obtaining this (or other) + release distributions of FreeBSD can be found in the ``Obtaining FreeBSD'' appendix to the FreeBSD + Handbook.
+This section describes the most user-visible new or + changed features in FreeBSD since 4.3-RELEASE.
+ +Many additional changes were made to FreeBSD that are + not listed here for lack of space. For example, + documentation was corrected and improved, minor bugs were + fixed, insecure coding practices were audited and + corrected, and source code was cleaned up.
+ +The release notes items are organized into three + different sections. Section 2.1 lists + recent changes to the FreeBSD kernel. Security fixes, + including those pertaining to security advisories, are + listed in Section 2.2. Finally, Section 2.3 covers changes to FreeBSD + userland applications included in the base system.
+ +The O_DIRECT flag has been + added to + open(2) and + fcntl(2). Specifying + this flag for open files will attempt to minimize the + cache effects of reading and writing.
+ +An + orm(4) device has been + added to claim the option ROMs in the ISA memory I/O + space, to prevent other drivers from mistakenly assigning + addresses that conflict with these ROMs.
+ +The out-of-swap process termination code now begins + killing processes earlier to avoid deadlocks; it now also + takes into account the swap space used by processes when + computing the process sizes.
+ +Network device cloning has been implemented, and the + + gif(4) device has been + modified to take advantage of it. Thus, instead of + specifying how many + gif(4) interfaces are + available in kernel configuration files, + ifconfig(8)'s create option should be used when + another device instance is desired.
+ +Two new + ddb(4) commands, hwatch and dhwatch, have been introduced. Analogous + to watch and dwatch, they install hardware watchpoints + (as opposed to software watchpoints) if supported by the + architecture.
+ +A + nmdm(4) null-modem + terminal driver has been added.
+ +The + stl(4) driver now + supports the PCI and ISA EasyIO multi-port serial cards + from Stallion Technologies based on the Signetics + SC26C194/8 Intelligent Quad/Octal UART.
+ +The maxusers kernel + configuration parameter is now a boot-time tunable + variable. The kernel parameters derived from maxusers are now also tunables and can be + overridden at boot-time. The hz + parameter is also now a tunable.
+ +The FreeBSD boot loader now contains a workaround to + support CDROM booting on certain IBM BIOSs that expect + the first sector of the emulated floppy to contain a + valid MS-DOS BPB that they can modify.
+ +Detection for new processors, such as the Transmeta + Crusoe, and Transmeta Crusoe with LongRun, has been + added.
+ +Support for Streaming SIMD Extensions (SSE) has been introduced. The CPU_ENABLE_SSE kernel option + controls whether support is compiled into the + kernel.
+The + fxp(4) driver now + requires a device miibus entry + in the kernel configuration file.
+ +The + wx(4) driver now + supports the Intel PRO1000-F and PRO1000-T + (10/100/1000) adapters.
+ +The + an(4) driver now + supports the Cisco Aironet 350 series of adaptors and + has received a few bug fixes; promiscuous mode now + works, and it can be configured before being brought + up.
+ +The + xl(4) driver now + supports reception of VLAN tagged frames (on the + ``Cyclone'' or newer chipsets).
+ +The + ti(4) driver + correctly masks VLAN tags.
+ +Added the + nge(4) driver, which + supports PCI Gigabit Ethernet adapters based on the + National Semiconductor DP83820 and DP83821 Gigabit + Ethernet controller chips, including the D-Link + DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante + FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron + AEG320T. This driver supports transmit and receive + checksum offloading.
+ +The + lge(4) driver has + been added to support the Level 1 LXT1001 NetCellerator + Gigabit Ethernet controller chip. This device is used + on some fiber optic GigE cards from SMC, D-Link and + Addtron. Jumbograms and TCP/IP checksum offload on + receive are supported, although hardware VLAN filtering + is not.
+ +The + tx(4) driver now + supports the fiber-optic SMC 9432FTX NICs.
+ +The + ed(4) driver now has + support for D-Link DL10022 chips, necessary for the + NetGear FA-410TX and other cards. As a result, device miibus is required in + kernel configurations using the + ed(4) driver.
+ +The + txp(4) driver has + been added to support NICs based on the 3Com 3XP + Typhoon/Sidewinder (3CR990) chipset.
+TCP now has RFC 1323 extensions enabled by default + in + rc.conf(5).
+ +RFC 1323 and RFC 1644 TCP extensions are now + disabled for a connection in progress if no response + has been received by the third SYN segment sent. This + behavior tries to work around (very old) terminal + servers with buggy VJ header compression + implementations.
+ +The TCP_RESTRICT_RST kernel + option has been removed. Similar functionality can be + achieved with the net.inet.tcp.blackhole sysctl + variable.
+ +The TCP implementation no longer requires the + allocation of a TCP template structure for each + connection; this should reduce the buffer usage on + large systems handling many connections.
+ +A new sysctl net.inet.ip.check_interface, which is + off by default, causes IP to verify that an incoming + packet arrives on an interface that has an address + matching the packet's destination address.
+ +A new options RANDOM_IP_ID + kernel option causes the ID field of IP packets to be + randomized. This closes a minor information leak which + allows a remote observer to determine the rate at which + the machine is generating packets, since the default + behavior is to increment a counter for each packet + sent.
+The + asr(4) driver now + supports the Adaptec 2000S and 2005S Zero-Channel RAID + controllers.
+ +The + aac(4) driver now + supports the Adaptec SCSI RAID 5400S controller.
+ +The + ata(4) driver again + has write-caching enabled by default.
+ +The + wd(4) compatibility + devices were removed from the + ata(4) driver.
+smbfs (CIFS) support in kernel has been added. The + corresponding userland filesystem mount utility can be + found in the + net/smbfs port in the FreeBSD + Ports Collection.
+ +A simple hash-based lookup optimization for large + directories called dirhash has + been added. Conditional on the UFS_DIRHASH kernel option, it improves + the speed of operations on very large directories at + the expense of some memory.
+On many modern hosts, PCCARD devices can be + configured to route their interrupts via either the ISA + or PCI interrupt paths. The + pcic(4) driver has + been updated to support both interrupt paths (formerly, + only routing via ISA was supported). In most cases, + configuration of PCMCIA devices in laptops is simpler + and more flexible. In addition, various Cardbus bridge + PCI cards (such as those used by Orinoco PCI NICs) are + now supported. Some hosts may experience problems, such + as hangs or panics, with PCI interrupt routing; they + can frequently be made to work by forcing the + older-style ISA interrupt routing. The following lines, + placed in /boot/loader.conf, + may fix the problem:
++ hw.pcic.intr_path="1" + hw.pcic.irq="0" ++ +
When installing FreeBSD on such a system, typing the + following lines to the boot loader may be helpful in + starting up FreeBSD for the first time:
+ ++
+ ok set hw.pcic.intr_path="1" + ok set hw.pcic.irq="0" ++
PCCARD ejection can sometimes result in a hang; a + workaround for these cases is to perform a:
++ # pccardc power 0 slot ++
IPFilter has been updated + to 3.4.20.
+ +isdn4bsd has been + updated to version 1.0.1. As a result of this update, + users of the + i4bisppp(4) (kernel + PPP over ISDN) driver must + now use + ispppcontrol(8) + instead of + spppcontrol(8) to + configure and control these network interfaces.
+ +The + ihfc(4) driver for + supporting Cologne Chip Designs HFC devices under isdn4bsd has been added.
+ +The + itjc(4) driver for + supporting NETjet-S / Teles PCI-TJ devices under isdn4bsd has been added.
+ +Experimental support for the Eicon.Diehl DIVA 2.0 + and 2.02 ISA PnP ISDN cards has been added to the + isic(4) isdn4bsd driver.
+ +Active CAPI-based ISDN cards manufacured by AVM + are now supported using the + i4bcapi(4) and the + + iavc(4) driver. The + supported cards are the AVM B1 PCI and AVM B1 ISA + Basic Rate cards and the AVM T1 Primary Rate + cards.
+ +A new maxconnecttime + keyword is now accepted in + isdnd.rc(5) files + to limit the time a connection may remain open.
+The IPv6 stack is now based on a snapshot based on + the KAME Project's IPv6 snapshot as of 28 May, 2001. + Most of the items listed in this section are a result + of this import. Section + 2.3.1.2 lists userland updates to the KAME IPv6 + stack.
+ ++ gif(4) is now based + on RFC 2893, rather than RFC 1933. The IFF_LINK2 interface flag can be used + to control ingress filtering.
+ +IPSec has received some + enhancements, including the ability to use the + Rijndael and SHA2 algorithms. IPSec RC5 support has + been removed due to patent issues.
+ ++ stf(4) now conforms + to RFC 3056; the IFF_LINK2 + interface flag can be used to control ingress + filtering.
+ +IPv6 has better checking of illegal addresses + (such as loopback addresses) on physical + networks.
+ +The IPV6_V6ONLY socket + option is now completely supported. The kernel's + default behavior with respect to this option is + controlled by the net.inet6.ip6.v6only sysctl + variable.
+ +RFC 3041 (Privacy Extensions for Stateless Address + Autoconfiguration) is now supported. It can be + enabled via the net.inet6.ip6.use_tempaddr sysctl + variable.
+The security fix mentioned in security advisory + FreeBSD-SA-01:39, which governs initial sequence number + generation for TCP connections, has raised some possible + compatibility issues. To mitigate this effect, the fix + can now be enabled or disabled using the net.inet.tcp.tcp_seq_genscheme sysctl + variable.
+ +A vulnerability in the + fts(3) routines (used + by applications for recursively traversing a filesystem) + could allow a program to operate on files outside the + intended directory hierarchy. This bug has been fixed + (see security advisory FreeBSD-SA-01:40).
+ ++ portmap(8) is now + turned off by default, although it will be started + automatically on machines that enable NFS serving, NIS + services, or + amd(8) through + rc.conf(5).
+ +A flaw allowed some signal handlers to remain in + effect in a child process after being exec-ed from its + parent. This allowed an attacker to execute arbitrary + code in the context of a setuid binary. This flaw has + been corrected (see security advisory + FreeBSD-SA-01:42).
+ +A remote buffer overflow in + tcpdump(1) has been + fixed (see security advisory FreeBSD-SA-01:48).
+ +A remote buffer overflow in + telnetd(8) has been + fixed (see security advisory FreeBSD-SA-01:49).
+ +The new net.inet.ip.maxfragpackets and net.inet.ip6.maxfragpackets sysctl + variables limit the amount of memory that can be consumed + by IPv4 and IPv6 packet fragments, which defends against + some denial of service attacks (see security advisory + FreeBSD-SA-01:52).
+ +The number of ``security profiles'' available in + sysinstall(8) for new + installations has been reduced to two.
+ +All services in inetd.conf + are now disabled by default for new installations. + sysinstall(8) gives the + option of enabling or disabling + inetd(8) on new + installations, as well as editing inetd.conf.
+ +A flaw in the implementation of the + ipfw(8) me rules on point-to-point links has been + corrected. Formerly, me filter + rules would match the remote IP address of a + point-to-point interface in addition to the intended + local IP address (see security advisory + FreeBSD-SA-01:53).
+ +A vulnerability in + procfs(5), which could + allow a process to read sensitive information from + another process's memory space, has been closed (see + security advisory FreeBSD-SA-01:55).
+ +The PARANOID hostname + checking in tcp_wrappers now + works as advertised (see security advisory + FreeBSD-SA-01:56).
+ +A local root exploit in + sendmail(8) has been + closed (see security advisory FreeBSD-SA-01:57).
+ +A remote root vulnerability in + lpd(8) has been closed + (see security advisory FreeBSD-SA-01:58).
+ +A race condition in + rmuser(8) that briefly + exposed a world-readable /etc/master.passwd has been fixed (see + security advisory FreeBSD-SA-01:59).
+ +All non-root-owned binaries + in standard system paths now have the schg flag set to prevent exploit vectors + when run by + cron(8), by root, or by a user other then the one + owning the binary. In addition, + uustat(1) is now run + via /etc/periodic/daily/410.status-uucp as + uucp, not root.
+ +A security hole in the form of a buffer overflow in + the + semop(2) system call + has been closed.
++ ip6fw(8) now has the + ability to use a preprocessor and use the -q (quiet) flag when reading from a + file.
+ ++ ping(8) now supports a + -m option to set the TTL of + outgoing packets.
+ ++ ln(1) now takes a -h flag to avoid following a target + that is a link, with a -n flag + for compatibility with other implementations.
+ ++ find(1) now has the -anewer, -cnewer, -mnewer, + -okdir, and -newer[acm][acmt] primaries for comparisons + of file timestamps.
+ +The performance of the ELF dynamic linker has been + improved.
+ ++ ifconfig(8) can now + accept addresses in slash/CIDR notation.
+ ++ c89(1) has been + converted from a shell script to a binary executable, + fixing some minor bugs.
+ ++ vidcontrol(1) now + supports a -p option to take a + snapshot of a + syscons(4) video + buffer. These snapshots can be manipulated by the + graphics/scr2png utility in the + Ports Collection.
+ ++ vidcontrol(1) now + allows the user to omit the font size specification when + loading a font, and has some better error-handling.
+ ++ telnet(1) now supports + a -u flag to allow connections to + UNIX-domain (AF_UNIX) + sockets.
+ ++ newfs(8) now takes a + -U option to enable softupdates + on a new filesystem.
+ +libcrypt now has support for + Blowfish password hashing.
+ +Ukrainian language support has been added to the + FreeBSD console.
+ ++ savecore(8) now works + correctly on machines with 2 GB or more of RAM.
+ +The syntax of + inetd(8)'s support for + + faithd(8) is now + compatible with that of other BSDs.
+ +The ident protocol support in + + inetd(8) has been + cleaned up and updated.
+ ++ inetd(8) now has the + ability to manage UNIX-domain sockets.
+ +The + resolver(3) in FreeBSD + now implements EDNS0 support, which will be necessary + when working with IPv6 transport-ready resolvers/DNS + servers.
+ ++ df(1) now takes a -l option to only display information + about locally-mounted filesystems.
+ ++ whois(1) now directs + queries for IP addresses to ARIN. If a query to ARIN + references APNIC or RIPE, the appropriate server will + also be queried, provided that the -Q option is not specified.
+ +The -T option to + dump(8) no longer + swallows an extra argument.
+ ++ dump(8) has a new -D option, allowing the path to the + /etc/dumpdates file to be + changed.
+ +libfetch now has support for + a HTTP_USER_AGENT environment + variable.
+ +The + getprogname(3) and + setprogname(3) library + functions have been added to manipulate the name of the + current program. They are used by error-reporting + routines to produce consistent output.
+ ++ xargs(1) now supports a + -J replstr option that allows the + user to tell + xargs(1) to insert the + data read from standard input at a specific point in the + command line arguments, rather than at the end.
+ ++ ifconfig(8) now has + support for setting parameters for IEEE 802.11 wireless + network devices. + wi(4) and + an(4) devices are + supported.
+ ++ ifconfig(8) no longer + displays the list of supported media by default. Instead + it displays it when the -m option + is given.
+ ++ lpd(8) now takes two + new options: -c will log all + connection errors to + syslogd(8), while -W will allow connections from + non-reserved ports.
+ ++ lpc(8) has been + improved; lpc clean is now + somewhat safer, and a new lpc + tclean command has been added to check to see what + files would be removed by lpc + clean.
+ ++ du(1) now takes a -I command-line flag to ignore/skip + files and subdirectories matching a specified shell-glob + mask.
+ ++ growfs(8), a utility + for growing FFS filesystems, has been added. + ffsinfo(8), a utility + for dump all the meta-information of an existing + filesystem, has also been added.
+ ++ mail(1) now takes a -E flag to avoid sending messages + with empty bodies.
+ ++ vidcontrol(1) now + supports a -C option to clear the + history buffer for a given tty, as well as a -h option to set the size of the history + buffer.
+ ++ last(1) now implements + a -d option that provides a + ``snapshot'' of who was logged in at a particular date + and time.
+ +libcrypt and libdescrypt have been unified to provide + a configurable password authentication hash library. Both + the md5 and des hash methods are provided unless the des + hash is specifically compiled out.
+ ++ install(1) has a number + of new features, including the -b + and -B options for backing up + existing target files and the -S + option for ``safe'' (atomic copy) operation. The -c (copy) flag is now the default, + and the -D (debugging) flag has + been withdrawn. + install(1) now issues a + warning if -d (create + directories) and -C (copy changed + files only) are used together.
+ +The FreeBSD Makefile + infrastructure now supports the WARNS directive from NetBSD. This + directive controls the addition of compiler warning flags + to CFLAGS in a relatively + compiler-neutral manner.
+ +A new + fsck_msdosfs(8) utility + has been added to check the consistency of MS-DOS + filesystems.
+ +The + kldconfig(8) utility + has been added to make it easier to manipulate the kernel + module search path.
+ ++ moused(8) now takes a + -a option to control mouse + acceleration.
+ +The tcpmssfixup + ppp(8) option now + adjusts the maximum receive segment size of incoming TCP + SYN segments as well as outgoing TCP SYN segments.
+ ++ sysctl(8) now supports + a -N option to print out variable + names only.
+ ++ sysctl(8) has replaced + the -A and -X options with -ao + and -ax respectively; the former + options are now deprecated. The -w flag is deprecated as well; it is not + needed to determine the user's intentions.
+ ++ cdcontrol(1) now + supports next and prev commands to skip forwards or + backwards a specified number of tracks while playing an + audio CD.
+ ++ col(1) now takes a -p flag to force unknown control + sequences to be passed through unchanged.
+ ++ tmpnam(3) will now use + the TMPDIR environment variable, + if set, to specify the location of temporary files.
+ ++ rc(8) now deletes all + non-directory files in /var/run + and /var/spool/lock at boot + time.
+ ++ fmtcheck(3), a function + for checking consistency of format string arguments, has + been added.
+ ++ apmd(8) now has the + ability to monitor battery levels and execute commands + based on percentage or minutes of battery life remaining + via the apm_battery + configuration directive. See the commented-out examples + in /etc/apmd.conf for the + syntax.
+ ++ pppd(8) (the control + program for kernel-level PPP) is now installed mode 4550 and root:dialer, rather than mode 4555 (in other words, it is no longer + world-executable). Users of + pppd(8) may need to + change their group settings.
+ +BIND is now built with + the NOADDITIONAL flag, which + causes + named(8) to operate + in a more consistent fashion for certain common + misconfigurations.
+ +BIND has been updated to + 8.2.4-REL.
+ +Binutils have been + upgraded to 2.11.2.
+ +bzip2 1.0.1 has been + imported; this brings the + bzip2(1) program and + the libbz2 library to the + base system.
+ +The + ee(1) Easy Editor has been updated to + 1.4.2.
+ +file has been updated to + 3.36.
+ ++ gcc(1) now supports + the environment variable GCC_OPTIONS, which can hold a set of + default options for GCC.
+ +GNATS has been updated to + 3.113.
+ +groff and its related + utilities have been updated to FSF version 1.17.2. This + import brings in a new + mdoc(7) macro package + (sometimes referred to as mdocNG), which removes many of the + limitations of its predecessor.
+ +libpcap has been updated + to 0.6.2.
+ +OpenSSL has been upgraded + to 0.9.6a.
+ +sendmail and associated + utilities have been upgraded to version 8.11.6. See /usr/src/contrib/sendmail/RELEASE_NOTES + for more information.
+ ++ traceroute(8) now + takes its default maximum TTL value from the net.inet.ip.ttl sysctl variable.
+ +tcpdump has been updated + to 3.6.3.
+ +CVSup, a frequently + used utility in the FreeBSD Ports Collection, was + formerly installable using several ports and + packages. The + net/cvsup-bin and + net/cvsupd-bin + ports/packages are no longer necessary or available; + the + net/cvsup port should be + used instead.
+ +CVSup has been updated + to 16.1_3, which is available in the FreeBSD Ports + Collection as + net/cvsup. This update + fixes a long-standing (but only recently encountered) + bug which affects the timestamps on all files after + Sun Sep 9 01:46:40 UTC 2001 (1,000,000,000 seconds + after the UNIX epoch).
+The IPv6 stack is now based on a snapshot based on + the KAME Project's IPv6 snapshot as of 28 May, 2001. + Most of the items listed in this section are a result + of this import. Section + 2.1.8.2 lists kernel updates to the KAME IPv6 + stack.
+ ++ faithd(8) now + supports a configuration file for access control.
+ ++ ifconfig(8) can now + perform the functions of + gifconfig(8).
+ ++ ifconfig(8) can now + perform the functions of + prefix(8). + prefix(8) is now a + shell script for partial backwards compatibility.
+ ++ ndp(8) now + implements garbage collection for stale NDP entries, + as described in RFC 2461 (Neighbor Discovery for IP + Version 6 (IPv6)).
+ ++ pim6dd(8) and + pim6sd(8) have been + removed due to restrictive licensing conditions. + These programs are available in the ports collection + as + net/pim6dd and + net/pim6sd.
+ ++ route6d(8) now + supports an -n flag to avoid + updating the kernel forwarding table.
+ +The -R (router + renumbering) option to + rtadvd(8) is + currently ignored.
++ pkg_version(1) now + takes a -s flag to limit its + operation to ports/packages matching a given + string.
+If you're upgrading from a previous release of FreeBSD, + most likely it's 4.X and there may be some issues affecting + you, depending of course on your chosen method of + upgrading. There are two popular ways of upgrading FreeBSD + distributions:
+ + + +Using sources, via /usr/src
+Using the binary upgrade option of + sysinstall(8).
+Please read the INSTALL.TXT + file for more information, preferably before beginning an upgrade. If you are + upgrading from source, please be sure to read /usr/src/UPDATING as well.
+ +Finally, if you want to use one of various means to + track the -STABLE or -CURRENT branches of FreeBSD, please + be sure to consult the ``-CURRENT vs. -STABLE'' section of the + FreeBSD Handbook.
+This file, and other release-related + documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/.
+ +For questions about FreeBSD, read the + documentation + before contacting <questions@FreeBSD.org>.
+ +All users of FreeBSD 4-STABLE + should subscribe to the <stable@FreeBSD.org> mailing + list.
+ +For questions about this documentation, + e-mail <doc@FreeBSD.org>.
+