FreeBSD/sparc64 5.0-DP2 Release Notes - The FreeBSD Project
FreeBSD/sparc64 5.0-DP2 Release Notes - The FreeBSD Project
FreeBSD/sparc64 5.0-DP2 Release Notes - The FreeBSD Project
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong><br />
<strong>Notes</strong><br />
<strong>The</strong> <strong>FreeBSD</strong> <strong>Project</strong><br />
Copyright © 2000, 2001, 2002 by <strong>The</strong> <strong>FreeBSD</strong> Documentation <strong>Project</strong><br />
$<strong>FreeBSD</strong>: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.452<br />
2002/11/14 17:59:11 bmah Exp $<br />
<strong>The</strong> release notes for <strong>FreeBSD</strong> <strong>5.0</strong>-<strong>DP2</strong> contain a summary of recent changes made to the<br />
<strong>FreeBSD</strong> base system on the 5-CURRENT development branch. Both changes for kernel and<br />
userland are listed, as well as applicable security advisories that were issued since the last release.<br />
Some brief remarks on upgrading are also presented.<br />
Table of Contents<br />
1 Introduction................................................................................................................................................................1<br />
2 What’s New.................................................................................................................................................................2<br />
2.1 Kernel Changes ...............................................................................................................................................2<br />
2.1.1 Processor/Motherboard Support .........................................................................................................4<br />
2.1.2 Bootloader Changes............................................................................................................................5<br />
2.1.3 Network Interface Support..................................................................................................................5<br />
2.1.4 Network Protocols ..............................................................................................................................5<br />
2.1.5 Disks and Storage ...............................................................................................................................6<br />
2.1.6 Filesystems .........................................................................................................................................7<br />
2.1.7 PCCARD Support...............................................................................................................................8<br />
2.1.8 Multimedia Support............................................................................................................................8<br />
2.1.9 Contributed Software..........................................................................................................................8<br />
2.2 Security-Related Changes ...............................................................................................................................9<br />
2.3 Userland Changes..........................................................................................................................................13<br />
2.3.1 Contributed Software........................................................................................................................20<br />
2.3.2 Ports/Packages Collection Infrastructure..........................................................................................23<br />
2.4 <strong>Release</strong> Engineering and Integration.............................................................................................................23<br />
2.5 Documentation ..............................................................................................................................................24<br />
3 Upgrading from previous releases of <strong>FreeBSD</strong> .....................................................................................................24<br />
1
1 Introduction<br />
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
This document contains the release notes for <strong>FreeBSD</strong> <strong>5.0</strong>-<strong>DP2</strong> on the UltraSPARC hardware platform. It describes<br />
recently added, changed, or deleted features of <strong>FreeBSD</strong>. It also provides some notes on upgrading from previous<br />
versions of <strong>FreeBSD</strong>.<br />
<strong>The</strong> snapshot distribution to which these release notes apply represents a point along the 5-CURRENT development<br />
branch between 4.0-RELEASE and the future <strong>5.0</strong>-RELEASE. Some pre-built, binary snapshot distributions along<br />
this branch can be found at ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/development/<strong>sparc64</strong>/.<br />
2 What’s New<br />
This section describes many of the user-visible new or changed features in <strong>FreeBSD</strong> since 4.0-RELEASE. It includes<br />
items that are unique to the 5-CURRENT branch, as well as some features that may have been recently merged to<br />
other branches (after <strong>FreeBSD</strong> 4.6-RELEASE). <strong>The</strong> later items are marked as [MERGED].<br />
Typical release note items document new drivers or hardware support, new commands or options, major bugfixes, or<br />
contributed software upgrades. Applicable security advisories issued after 4.0-RELEASE are also listed.<br />
Many additional changes were made to <strong>FreeBSD</strong> that are not listed here for lack of space. For example,<br />
documentation was corrected and improved, minor bugs were fixed, insecure coding practices were audited and<br />
corrected, and source code was cleaned up.<br />
2.1 Kernel Changes<br />
acct(2) has been changed to open the accounting file in append mode, so that accton(8) can be used to enable<br />
accounting to an append-only file. [MERGED]<br />
A new in-kernel cryptographic framework (see crypto(4) and crypto(9)) has been imported from OpenBSD. It<br />
provides a consistent interface to hardware and software implementations of cryptographic algorithms for use by the<br />
kernel and access to cryptographic hardware for user-mode applications. Hardware device drivers are provided to<br />
support hifn-based cards (hifn(4)) and Broadcom-based cards (ubsec(4)).<br />
A new ddb(4) command show pcpu lists some of the per-CPU data.<br />
A devctl device has been added to allow userland programs to learn when devices come and go in the device tree<br />
(different from the XXX). This facility is primariliy used by the devd(8) utility.<br />
devfs(5), which allows entries in the /dev directory to be built automatically and supports more flexible attachment<br />
of devices, has been largely reworked. devfs(5) is now enabled by default and can be disabled by the NODEVFS kernel<br />
option.<br />
<strong>The</strong> devfs(5) “rule” subsystem has been introduced. DEVFS rules permit the administrator to define certain<br />
properties of new device nodes before they become visible to the userland. Both static (e.g. /dev/speaker) and<br />
dynamic (e.g. /dev/bpf*, some removable devices) nodes are supported. Each devfs(5) mount may have a different<br />
ruleset assigned to it, permitting different policies to be implemented for things like jails. Rules and rulesets are<br />
manipulated with the devfs(8) utility.<br />
<strong>The</strong> dgm driver has been removed in favor of the digi driver.<br />
A new digi driver has been added to support PCI Xr-based and ISA Xem Digiboard cards. A new digictl(8) program<br />
is (mainly) used to re-initialize cards that have external port modules attached such as the PC/Xem.<br />
2
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
An eaccess(2) system call has been added, similar to access(2) except that the former uses effective credentials rather<br />
than real credentials.<br />
Support has been added for EBus-based devices.<br />
Each jail(2) environment can now run under its own securelevel.<br />
<strong>The</strong> tunable sysctl variables for jail(2) have moved from jail.* to the security.* hierarchy. Other<br />
security-related sysctl variables have moved from kern.security.* to security.*.<br />
<strong>The</strong> kernel environment is now dynamic, and can be changed via the new kenv(2) system call.<br />
<strong>The</strong> labpc(4) driver has been removed due to “bitrot”.<br />
<strong>The</strong> loader and kernel linker now look for files named linker.hints in each directory with KLDs for a module<br />
name and version to KLD filename mapping. <strong>The</strong> new kldxref(8) utility is used to generate these files.<br />
lomac(4), a Low-Watermark Mandatory Access Control security facility, has been added as a kernel module. It<br />
provides a drop-in security mechanism in addition to the traditional UID-based security facilities, requiring no<br />
additional configuration from the administrator. Work on this feature was sponsored by DARPA and NAI Labs.<br />
<strong>FreeBSD</strong> now supports an extensible Mandatory Access Control framework, the TrustedBSD MAC Framework. It<br />
permits loadable kernel modules to link to the kernel at compile-time, boot-time, or run-time, and augment the<br />
system security policy. <strong>The</strong> framework permits modules to express interest in a variety of events, and also provides<br />
common security policy services such as label storage. A variety of sample policy modules are shipped in this<br />
release, including implementations of fixed and floating label Biba integrity models, Multi-Level Security (MLS)<br />
with compartments, and a number of augmented UNIX security models including a file system firewall. This feature<br />
will permit easier development and maintenance of local and vendor security extensions. <strong>The</strong> extensibility service is<br />
enabled by adding options MAC to the kernel configuration.<br />
Note: <strong>The</strong> MAC framework is considered an experimental feature in this release, and is not enabled by default<br />
mutex(9) profiling code has been added, enabled by the MUTEX_PROFILING kernel configuration option. It enables<br />
the debug.mutex.prof.* hierarchy of sysctl variables.<br />
<strong>The</strong> P1003_1B kernel option is no longer used and has been removed.<br />
<strong>The</strong> random(4) device has been rewritten to use the Yarrow algorithm. It harvests entropy from a variety of interrupt<br />
sources, including the console devices, Ethernet and point-to-point network interfaces, and mass-storage devices.<br />
Entropy from the random(4) device is now periodically saved to files in /var/db/entropy, as well as at shutdown<br />
time. <strong>The</strong> semantics of /dev/random have changed; it never blocks waiting for entropy bits but generates a stream<br />
of pseudo-random data and now behaves exactly as /dev/urandom.<br />
A new kernel option, options REGRESSION, enables interfaces and functionality intended for use during<br />
correctness and regression testing.<br />
RLIMIT_VMEM support has been added. This feature defines a new resource limit that covers a process’s entire virtual<br />
memory space, including mmap(2) space. This limit can be configured in login.conf(5) via the new vmemoryuse<br />
variable. [MERGED]<br />
Support has been added for SBus-based devices.<br />
<strong>The</strong> sab driver, which supports the Siemens SAB82532 serial chip found on many newer Sparc Ultra machines, has<br />
been added.<br />
3
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
A bug in the sendfile(2) system call, in which headers counted against the size of the file to be sent, has been fixed.<br />
[MERGED]<br />
<strong>The</strong> syscons(4) driver now supports keyboard-controlled pasting, by default bound to Shift-Insert.<br />
<strong>The</strong> uaudio driver, for USB audio devices, has been added. [MERGED]<br />
<strong>The</strong> ucom(4) device driver has been added, to support USB modems, serial devices, and other programs that need to<br />
look like a tty. <strong>The</strong> related uplcom(4) and uvscom(4) drivers provide specific support for the Prolific PL-2303 serial<br />
adapter and the SUNTAC Slipper U VS-10U, respectively. [MERGED]<br />
To increase security, the UCONSOLE kernel configuration option has been removed.<br />
<strong>The</strong> USER_LDT kernel option is now activated by default.<br />
<strong>The</strong> uvisor(4) driver for connecting Handspring Visors via USB has been added. [MERGED]<br />
A VESA S3 linear framebuffer driver has been added.<br />
<strong>The</strong> kernel crashdump infrastructure has been revised, to support new platforms and in general clean up the logic in<br />
the code. One implication of this change is that the on-disk format for kernel dumps has changed, and is now<br />
byte-order-agnostic.<br />
Extremely large swap areas (>67 GB) no longer panic the system.<br />
Linker sets are now self-contained; gensetdefs(8) is unnecessary and has been removed.<br />
It is now possible to hardwire kernel environment variables (such as tuneables) at compile-time using config(8)’s ENV<br />
directive.<br />
Idle zeroing of pages can be enabled with the vm.idlezero_enable sysctl variable.<br />
<strong>The</strong> <strong>FreeBSD</strong> kernel scheduler now supports Kernel-Scheduled Entities (KSEs), which provides support for multiple<br />
threads of execution per process similar to Scheduler Activations. At this point, the kernel has most of the changes<br />
needed to support threading. <strong>The</strong> kernel scheduler can schedule multiple threads per process, but only on a single<br />
CPU at a time. More information can be found in kse(2).<br />
Note: KSE is a work in progress.<br />
<strong>The</strong> kernel now has support for multiple low-level console devices. <strong>The</strong> new conscontrol(8) utility helps to manage<br />
the different consoles.<br />
<strong>The</strong> kernel memory allocator is now a slab memory allocator, similar to that used in Solaris. This is a SMP-safe<br />
memory allocator that has near-linear performance as the number of CPUs increases. It also allows for reduced<br />
memory fragmentation.<br />
2.1.1 Processor/Motherboard Support<br />
SMP support has been largely reworked, incorporating code from BSD/OS <strong>5.0</strong>. One of the main features of SMPng<br />
(“SMP Next Generation”) is to allow more processes to run in kernel, without the need for spin locks that can<br />
dramatically reduce the efficiency of multiple processors. Interrupt handlers now have contexts associated with them<br />
that allow them to be blocked, which reduces the need to lock out interrupts.<br />
4
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
<strong>The</strong> UltraSPARC platform is now supported by <strong>FreeBSD</strong>. <strong>The</strong> following machines are supported to at least some<br />
degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade 100. SMP is<br />
supported, and has been tested on the Ultra 2, Ultra 60, Enterprise 220R, and Enterprise 420R.<br />
2.1.2 Bootloader Changes<br />
<strong>The</strong> kernel and modules have been moved to the directory /boot/kernel, so they can be easily manipulated<br />
together. <strong>The</strong> boot loader has been updated to make this change as seamless as possible.<br />
2.1.3 Network Interface Support<br />
<strong>The</strong> dc(4) driver now supports NICs based on the Xircom 3201 and Conexant LANfinity RS7112 chips.<br />
<strong>The</strong> gem driver has been added to support the Sun GEM Gigabit Ethernet and ERI Fast Ethernet adapters.<br />
<strong>The</strong> hme driver has been added to support the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra series<br />
machines.<br />
<strong>The</strong> stf(4) device is now clonable.<br />
<strong>The</strong> tx(4) driver now supports true multicast filtering.<br />
Network devices now automatically appear as special files in /dev/net. Interface hardware ioctls (not protocol or<br />
routing) can be performed on these devices. <strong>The</strong> SIOCGIFCONF ioctl may be performed on the special<br />
/dev/network node.<br />
“Zero copy” support has been added to the networking stack. This feature can eliminate a copy of network data<br />
between the kernel and userland, which is one of the more significant bottlenecks in network throughput. <strong>The</strong><br />
send-side code should work with almost any network adapter, while the receive-side code requires a network adapter<br />
with an MTU of at least one memory page size (for example, jumbo frames on Gigabit Ethernet). For more<br />
information, see zero_copy(9).<br />
2.1.4 Network Protocols<br />
A FAST_IPSEC kernel option now allows the IPsec implementation to use the kernel crypo framework, along with<br />
its support for hardware cryptographic acceleration.<br />
Note: <strong>The</strong> FAST_IPSEC and IPSEC options are mutually exclusive.<br />
Note: <strong>The</strong> FAST_IPSEC option is, at the moment, not compatible with IPv6 or the INET6 option.<br />
A gre(4) driver, which can encapsulate IP packets using GRE (RFC 1701) or minimal IP encapsulation for Mobile IP<br />
(RFC 2004), has been added.<br />
ICMP ECHO and TSTAMP replies are now rate limited. TCP RSTs generated due to packets sent to open and<br />
unopen ports are now limited by separate counters. Each rate limiting queue now has its own description.<br />
5
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
IP multicast now works on VLAN devices. Several other bugs in the VLAN code have also been fixed.<br />
ipfw(4) has been re-implemented (the new version is commonly referred to as “IPFW2”). It now uses variable-sized<br />
representation of rules in the kernel, similar to bpf(4) instructions. Most of the externally-visible behavior (i.e.<br />
through ipfw(8)) should be unchanged., although ipfw(8) now supports or connectives between match fields.<br />
[MERGED]<br />
A new ng_device(4) netgraph node type has been added, which creates a device entry in /dev, to be used as the<br />
entry point to a networking graph.<br />
<strong>The</strong> ng_gif(4) and ng_gif_demux(4) netgraph nodes, for operating on gif(4) devices, have been added.<br />
<strong>The</strong> ng_ip_input(4) netgraph node, for queueing IP packets into the main IP input processing code, has been added.<br />
A new ng_l2tp(4) netgraph node type, which implements the encapsulation layer of the L2TP protocol as described<br />
in RFC 2661, has been added. [MERGED]<br />
A new ng_split node type has been added for splitting a bidirectional packet flow into two unidirectional flows.<br />
<strong>The</strong> ephemeral port range used for TCP and UDP has been changed to 49152–65535 (the old default was<br />
1024–5000). This increases the number of concurrent outgoing connections/streams.<br />
<strong>The</strong> tcp(4) protocol’s retransmission timer can now be manipulated with two sysctl variables,<br />
net.inet.tcp.rexmit_min and net.inet.tcp.rexmit_slop. <strong>The</strong> default has been reduced from one second<br />
to 200ms (similar to the Linux default) in order to better handle hicups over interactive connections and improve<br />
recovery over lossy fast connections such as wireless links.<br />
<strong>The</strong> tcp(4) protocol now has the ability to dynamically limit the send-side window to maximize bandwidth and<br />
minimize round trip times. <strong>The</strong> feature can be enabled via the net.inet.tcp.inflight_enable sysctl.<br />
[MERGED]<br />
2.1.5 Disks and Storage<br />
<strong>The</strong> ata(4) driver (along with burncd(8)) now supports writing to media in DVD+RW drives.<br />
<strong>The</strong> ata(4) driver now supports accessing ATA devices as SCSI devices via the CAM layer and drivers (cd(4), da(4),<br />
st(4), and pass(4)). This feature requires device atapicam in the kernel configuration. More information can be<br />
found in atapicam(4). [MERGED]<br />
<strong>The</strong> ata(4) driver now has support for the Sil 0680 and VIA 8233/8235 controllers. [MERGED]<br />
<strong>The</strong> cd(4) driver now supports the same CDRIOCREADSPEED and CDRIOCWRITESPEED ioctls that the acd(4) driver<br />
uses for setting the speed of CDROM access.<br />
<strong>The</strong> fdc(4) floppy disk has undergone a number of enhancements. Density selection for common settings is now<br />
automatic; the driver is also much more flexible in setting the densities of various subdevices.<br />
<strong>The</strong> geom(4) disk I/O request transformation framework has been added; this extensible framework is designed to<br />
support a wide variety of operations on I/O requests on their way from the upper kernel to the device drivers.<br />
Note: GEOM-enabled kernels no longer support “compatability slices”. This feature (supported on the i386 and<br />
pc98 only) allowed a user to refer to a disk partition without specifying an MBR slice (e.g. /dev/ad0a); the kernel<br />
would automatically find the first applicable <strong>FreeBSD</strong> slice and use it. On GEOM kernels, only the full partition<br />
names (e.g. /dev/ad0s1a) are allowed when referring to partitions within MBR slices. This change should affect<br />
very few users.<br />
6
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
A GEOM Based Disk Encryption module has been added. It provides denial of access to “cold disks”, with four<br />
different cryptographic barriers and up to four changeable pass-phrases. Much more information can be found in the<br />
gbde(4) manual page. <strong>The</strong> gbde(8) userland utility provides an operation and management interface to this module.<br />
This feature is not enabled by default; it requires options GEOM_BDE to be added to a kernel configuration file.<br />
Note: This feature should be considered experimental.<br />
<strong>The</strong> isp(4) driver is now proactive about discovering Fibre Channel topology changes.<br />
<strong>The</strong> isp(4) driver now supports target mode for Qlogic SCSI cards, including Ultra2 and Ultra3 and dual bus cards.<br />
md(4), the memory disk device, has had the functionality of vn(4) incorporated into it. md(4) devices can now be<br />
configured by mdconfig(8). vn(4) has been removed. <strong>The</strong> Memory Filesystem (MFS) has also been removed.<br />
<strong>The</strong> mpt driver, for supporting the LSI Logic Fusion/MP architecture Fiber Channel controllers, has been added.<br />
[MERGED]<br />
<strong>The</strong> RAIDframe disk driver has been imported from NetBSD. This driver provides software-based RAID 0, 1, 4, and<br />
5 capabilities, as well as other functionality. More information can be found in the raid(4) driver manual page. <strong>The</strong><br />
raidctl(8) utility is used to configure and unconfigure disk arrays. This feature is not enabled by default, and requires<br />
device raidframe to be configured into a kernel.<br />
Note: This feature should be considered experimental.<br />
Some problems in sa(4) error handling have been fixed, including the “tape drive spinning indefinitely upon mt(1)<br />
stat” problem.<br />
<strong>The</strong> SCSI_DELAY configuration parameter can now be set at boot time and runtime via the kern.cam.scsi_delay<br />
tunable/sysctl.<br />
<strong>The</strong> trm driver has been added to support SCSI adapters using the Tekram TRM-S1040 SCSI chipset.<br />
2.1.6 Filesystems<br />
Support for named extended attributes was added to the <strong>FreeBSD</strong> kernel. This allows the kernel, and appropriately<br />
privileged userland processes, to tag files and directories with attribute data. Extended attributes were added to<br />
support the TrustedBSD <strong>Project</strong>, in particular ACLs, capability data, and mandatory access control labels (see<br />
/usr/src/sys/ufs/ufs/README.extattr for details).<br />
A filesystem snapshot capability has been added to FFS. Details can be found in<br />
/usr/src/sys/ufs/ffs/README.snapshot.<br />
Softupdates for FFS have received some bug fixes and enhancements.<br />
When running with softupdates, statfs(2) and df(1) will track the number of blocks and files that are committed to<br />
being freed.<br />
kernfs(5) is obsolete and has been retired.<br />
7
Client-side NFS locks have been implemented.<br />
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
<strong>The</strong> client-side and server-side of the NFS code in the kernel used to be intertwined in various complex ways. <strong>The</strong>y<br />
have been split apart for ease of maintenance and further development.<br />
Support for filesystem Access Control Lists (ACLs) has been introduced, allowing more fine-grained control of<br />
discretionary access control on files and directories. This support was integrated from the TrustedBSD <strong>Project</strong>. More<br />
details can be found in /usr/src/sys/ufs/ufs/README.acls.<br />
For consistency, the fdesc, fifo, null, msdos, portal, umap, and union filesystems have been renamed to fdescfs, fifofs,<br />
msdosfs, nullfs, portalfs, umapfs, and unionfs. Where applicable, modules and mount_* programs have been<br />
renamed. Compatibility “glue” has been added to mount(8) so that msdos filesystem entries in fstab(5) will work<br />
without changes.<br />
pseudofs, a pseudo-filesystem framework, has been added. linprocfs(5) and procfs(5) have been modified to use<br />
pseudofs.<br />
Network filesystems (such as NFS and smbfs filesystems) listed in /etc/fstab can now be properly mounted<br />
during startup initialization; their mounts are deferred until after the network is initialized.<br />
Read-only support for the Universal Disk Format (UDF) has been added. This format is used on packet-written<br />
CD-RWs and most commercial DVD-Video disks. <strong>The</strong> mount_udf(8) command can be used to mount these disks.<br />
Basic support has been added for the UFS2 filesystem. Among its features:<br />
• <strong>The</strong> inode has been expanded to 256 bytes to make space for 64-bit block pointers.<br />
• A file-creation time field has been added.<br />
• A native extended attributes implementation has been added, permitting total attribute size stored on an inode to be<br />
up to twice the filesystem block size. This storage is used for Access Control Lists and MAC labels, but may also<br />
be used by other system extensions and user applications.<br />
2.1.7 PCCARD Support<br />
2.1.8 Multimedia Support<br />
A new API has been added for sound cards with hardware volume control.<br />
2.1.9 Contributed Software<br />
<strong>The</strong> Forth Inspired Command Language (FICL) used in the boot loader has been updated to 3.02.<br />
Support for Advanced Configuration and Power Interface (ACPI), a multi-vendor standard for configuration and<br />
power management, has been added. This functionality has been provided by the Intel ACPI Component<br />
Architecture project, as of the ACPI CA 20020815 snapshot. Some backward compatability for applications using<br />
the older APM standard has been provided.<br />
8
2.1.9.1 IPFilter<br />
IPFilter has been updated to 3.4.29. [MERGED]<br />
2.1.9.3 KAME<br />
2.2 Security-Related Changes<br />
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
A bug in which malformed ELF executable images can hang the system has been fixed (see security advisory<br />
<strong>FreeBSD</strong>-SA-00:41). [MERGED]<br />
A security hole in Linux emulation was fixed (see security advisory <strong>FreeBSD</strong>-SA-00:42). [MERGED]<br />
TCP now uses stronger randomness in choosing its initial sequence numbers (see security advisory<br />
<strong>FreeBSD</strong>-SA-00:52). [MERGED]<br />
Several buffer overflows in tcpdump(1) were corrected (see security advisory <strong>FreeBSD</strong>-SA-00:61). [MERGED]<br />
A security hole in top(1) was corrected (see security advisory <strong>FreeBSD</strong>-SA-00:62). [MERGED]<br />
A potential security hole caused by an off-by-one-error in gethostbyname(3) has been fixed (see security advisory<br />
<strong>FreeBSD</strong>-SA-00:63). [MERGED]<br />
A potential buffer overflow in the ncurses(3) library, which could cause arbitrary code to be run from within<br />
systat(1), has been corrected (see security advisory <strong>FreeBSD</strong>-SA-00:68). [MERGED]<br />
A vulnerability in telnetd(8) that could cause it to consume large amounts of server resources has been fixed (see<br />
security advisory <strong>FreeBSD</strong>-SA-00:69). [MERGED]<br />
<strong>The</strong> nat deny_incoming command in ppp(8) now works correctly (see security advisory <strong>FreeBSD</strong>-SA-00:70).<br />
[MERGED]<br />
A vulnerability in csh(1)/tcsh(1) temporary files that could allow overwriting of arbitrary user-writable files has been<br />
closed (see security advisory <strong>FreeBSD</strong>-SA-00:76). [MERGED]<br />
Several vulnerabilities in procfs(5) were fixed (see security advisory <strong>FreeBSD</strong>-SA-00:77). [MERGED]<br />
A bug in OpenSSH in which a server was unable to disable ssh-agent(1) or X11Forwarding was fixed (see security<br />
advisory <strong>FreeBSD</strong>-SA-01:01). [MERGED]<br />
A bug in ipfw(8) and ip6fw(8) in which inbound TCP segments could incorrectly be treated as being part of an<br />
established connection has been fixed (see security advisory <strong>FreeBSD</strong>-SA-01:08). [MERGED]<br />
A bug in crontab(1) that could allow users to read any file on the system in valid crontab(5) syntax has been fixed<br />
(see security advisory <strong>FreeBSD</strong>-SA-01:09). [MERGED]<br />
A vulnerability in inetd(8) that could allow read-access to the initial 16 bytes of wheel-accessible files has been<br />
fixed (see security advisory <strong>FreeBSD</strong>-SA-01:11). [MERGED]<br />
A bug in periodic(8) that used insecure temporary files has been corrected (see security advisory<br />
<strong>FreeBSD</strong>-SA-01:12). [MERGED]<br />
OpenSSH now has code to prevent (instead of just mitigating through connection limits) an attack that can lead to<br />
guessing the server key (not host key) by regenerating the server key when an RSA failure is detected (see security<br />
advisory <strong>FreeBSD</strong>-SA-01:24). [MERGED]<br />
9
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
A bug in timed(8), which caused it to crash if send certain malformed packets, has been corrected (see security<br />
advisory <strong>FreeBSD</strong>-SA-01:28). [MERGED]<br />
A bug in rwhod(8), which caused it to crash if send certain malformed packets, has been corrected (see security<br />
advisory <strong>FreeBSD</strong>-SA-01:29). [MERGED]<br />
A security hole in <strong>FreeBSD</strong>’s FFS and EXT2FS implementations, which allowed a race condition that could cause<br />
users to have unauthorized access to data, has been fixed (see security advisory <strong>FreeBSD</strong>-SA-01:30). [MERGED]<br />
A remotely-exploitable vulnerability in ntpd(8) has been closed (see security advisory <strong>FreeBSD</strong>-SA-01:31).<br />
[MERGED]<br />
A security hole in IPFilter’s fragment cache has been closed (see security advisory <strong>FreeBSD</strong>-SA-01:32).<br />
[MERGED]<br />
Buffer overflows in glob(3), which could cause arbitrary code to be run on an FTP server, have been closed. In<br />
addition, to prevent some forms of DOS attacks, glob(3) allows specification of a limit on the number of pathname<br />
matches it will return. ftpd(8) now uses this feature (see security advisory <strong>FreeBSD</strong>-SA-01:33). [MERGED]<br />
Initial sequence numbers in TCP are more thoroughly randomized (see security advisory <strong>FreeBSD</strong>-SA-01:39). Due<br />
to some possible compatibility issues, the behavior of this security fix can be enabled or disabled via the<br />
net.inet.tcp.tcp_seq_genscheme sysctl variable.[MERGED]<br />
A vulnerability in the fts(3) routines (used by applications for recursively traversing a filesystem) could allow a<br />
program to operate on files outside the intended directory hierarchy. This bug has been fixed (see security advisory<br />
<strong>FreeBSD</strong>-SA-01:40). [MERGED]<br />
A flaw allowed some signal handlers to remain in effect in a child process after being exec-ed from its parent. This<br />
allowed an attacker to execute arbitrary code in the context of a setuid binary. This flaw has been corrected (see<br />
security advisory <strong>FreeBSD</strong>-SA-01:42). [MERGED]<br />
A remote buffer overflow in tcpdump(1) has been fixed (see security advisory <strong>FreeBSD</strong>-SA-01:48). [MERGED]<br />
A remote buffer overflow in telnetd(8) has been fixed (see security advisory <strong>FreeBSD</strong>-SA-01:49). [MERGED]<br />
<strong>The</strong> new net.inet.ip.maxfragpackets and net.inet.ip6.maxfragpackets sysctl variables limit the<br />
amount of memory that can be consumed by IPv4 and IPv6 packet fragments, which defends against some denial of<br />
service attacks (see security advisory <strong>FreeBSD</strong>-SA-01:52). [MERGED]<br />
A flaw in the implementation of the ipfw(8) me rules on point-to-point links has been corrected. Formerly, me filter<br />
rules would match the remote IP address of a point-to-point interface in addition to the intended local IP address (see<br />
security advisory <strong>FreeBSD</strong>-SA-01:53). [MERGED]<br />
A vulnerability in procfs(5), which could allow a process to read sensitive information from another process’s<br />
memory space, has been closed (see security advisory <strong>FreeBSD</strong>-SA-01:55). [MERGED]<br />
<strong>The</strong> PARANOID hostname checking in tcp_wrappers now works as advertised (see security advisory<br />
<strong>FreeBSD</strong>-SA-01:56). [MERGED]<br />
A local root exploit in sendmail(8) has been closed (see security advisory <strong>FreeBSD</strong>-SA-01:57). [MERGED]<br />
A remote root vulnerability in lpd(8) has been closed (see security advisory <strong>FreeBSD</strong>-SA-01:58). [MERGED]<br />
A race condition in rmuser(8) that briefly exposed a world-readable /etc/master.passwd has been fixed (see<br />
security advisory <strong>FreeBSD</strong>-SA-01:59). [MERGED]<br />
A vulnerability in UUCP has been closed (see security advisory <strong>FreeBSD</strong>-SA-01:62). All non-root-owned binaries<br />
in standard system paths now have the schg flag set to prevent exploit vectors when run by cron(8), by root, or by a<br />
user other then the one owning the binary. In addition, uustat(1) is now run via<br />
10
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
/etc/periodic/daily/410.status-uucp as uucp, not root. In <strong>FreeBSD</strong> -CURRENT, UUCP has since been<br />
moved to the Ports Collection and no longer a part of the base system. [MERGED]<br />
A security hole in OpenSSH, which could allow users to execute code with arbitrary privileges if UseLogin yes<br />
was set, has been closed. Note that the default value of this setting is UseLogin no. (See security advisory<br />
<strong>FreeBSD</strong>-SA-01:63.) [MERGED]<br />
<strong>The</strong> use of an insecure temporary directory by pkg_add(1) could permit a local attacker to modify the contents of<br />
binary packages while they were being installed. This hole has been closed. (See security advisory<br />
<strong>FreeBSD</strong>-SA-02:01.) [MERGED]<br />
A race condition in pw(8), which could expose the contents of /etc/master.passwd, has been eliminated. (See<br />
security advisory <strong>FreeBSD</strong>-SA-02:02.) [MERGED]<br />
A bug in k5su(8) could have allowed a process that had given up superuser privileges to regain them. This bug has<br />
been fixed. (See security advisory <strong>FreeBSD</strong>-SA-02:07.) [MERGED]<br />
An “off-by-one” bug has been fixed in OpenSSH’s multiplexing code. This bug could have allowed an authenticated<br />
remote user to cause sshd(8) to execute arbitrary code with superuser privileges, or allowed a malicious SSH server<br />
to execute arbitrary code on the client system with the privileges of the client user. (See security advisory<br />
<strong>FreeBSD</strong>-SA-02:13 2 .) [MERGED]<br />
A programming error in zlib could result in attempts to free memory multiple times. <strong>The</strong> malloc(3)/free(3) routines<br />
used in <strong>FreeBSD</strong> are not vulnerable to this error, but applications receiving specially-crafted blocks of invalid<br />
compressed data could be made to function incorrectly or abort. This zlib bug has been fixed. For a workaround and<br />
solutions, see security advisory <strong>FreeBSD</strong>-SA-02:18 3 . [MERGED]<br />
Bugs in the TCP SYN cache (“syncache”) and SYN cookie (“syncookie”) implementations, which could cause<br />
legitimate TCP/IP traffic to crash a machine, have been fixed. For a workaround and patches, see security advisory<br />
<strong>FreeBSD</strong>-SA-02:20 4 . [MERGED]<br />
A routing table memory leak, which could allow a remote attacker to exhaust the memory of a target machine, has<br />
been fixed. A workaround and patches can be found in security advisory <strong>FreeBSD</strong>-SA-02:21 5 . [MERGED]<br />
A bug with memory-mapped I/O, which could cause a system crash, has been fixed. For more information about a<br />
solution, see security advisory <strong>FreeBSD</strong>-SA-02:22 6 . [MERGED]<br />
A security hole, in which SUID programs could be made to read from or write to inappropriate files through<br />
manipulation of their standard I/O file descriptors, has been fixed. Information regarding a solution can be found in<br />
security advisory <strong>FreeBSD</strong>-SA-02:23 7 . [MERGED]<br />
Some unexpected behavior could be allowed with k5su(8) because it does not require that an invoking user be a<br />
member of the wheel group when attempting to become the superuser (this is the case with su(1)). To avoid this<br />
situation, k5su(8) is now installed non-SUID by default (effectively disabling it). More information can be found in<br />
security advisory <strong>FreeBSD</strong>-SA-02:24 8 . [MERGED]<br />
Multiple vulnerabilities were found in the bzip2(1) utility, which could allow files to be overwritten without warning<br />
or allow local users unintended access to files. <strong>The</strong>se problems have been corrected with a new import of bzip2. For<br />
more information, see security advisory <strong>FreeBSD</strong>-SA-02:25 9 . [MERGED]<br />
2. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:13.openssh.asc<br />
3. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:18.zlib.v1.2.asc<br />
4. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:20.syncache.asc<br />
5. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:21.tcpip.asc<br />
6. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:22.mmap.asc<br />
7. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:23.stdio.asc<br />
8. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:24.k5su.asc<br />
9. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:25.bzip2.asc<br />
11
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
A bug has been fixed in the implementation of the TCP SYN cache (“syncache”), which could allow a remote<br />
attacker to deny access to a service when accept filters (see accept_filter(9)) were in use. This bug has been fixed; for<br />
more information, see security advisory <strong>FreeBSD</strong>-SA-02:26 10 . [MERGED]<br />
Due to a bug in rc(8)’s use of shell globbing, users may be able to remove the contents of arbitrary files if<br />
/tmp/.X11-unix does not exist and the system can be made to reboot. This bug has been corrected (see security<br />
advisory <strong>FreeBSD</strong>-SA-02:27 11 ). [MERGED]<br />
A buffer overflow in the resolver, which could be exploited by a malicious domain name server or an attacker forging<br />
DNS messages, has been fixed. See security advisory <strong>FreeBSD</strong>-SA-02:28 12 for more details. [MERGED]<br />
A buffer overflow in tcpdump(1), which could be triggered by badly-formed NFS packets, has been fixed. See<br />
security advisory <strong>FreeBSD</strong>-SA-02:29 13 for more details. [MERGED]<br />
ktrace(1) can no longer trace the operation of formerly privileged processes; this prevents the leakage of sensitive<br />
information that the process could have obtained before abandoning its privileges. For a discussion of this issue, see<br />
security advisory <strong>FreeBSD</strong>-SA-02:30 14 for more details. [MERGED]<br />
A race condition in pppd(8), which could be used to change the permissions of an arbitrary file, has been corrected.<br />
For more information, see security advisory <strong>FreeBSD</strong>-SA-02:32 15 . [MERGED]<br />
Multiple buffer overflows in OpenSSL have been corrected, by way of an upgrade to the base system version of<br />
OpenSSL. More details can be found in security advisory <strong>FreeBSD</strong>-SA-02:33 16 . [MERGED]<br />
A heap buffer overflow in the XDR decoder has been fixed. For more details, see security advisory<br />
<strong>FreeBSD</strong>-SA-02:34 17 . [MERGED]<br />
A bug that could allow local users to read and write arbitrary blocks on an FFS filesystem has been corrected. More<br />
details can be found in security advisory <strong>FreeBSD</strong>-SA-02:35 18 . [MERGED]<br />
A bug in the NFS server code, which could allow a remote denial of service attack, has been fixed. Security advisory<br />
<strong>FreeBSD</strong>-SA-02:36 19 has more details. [MERGED]<br />
A bug that could allow local users to panic a system using the kqueue(2) mechanism has been fixed. More<br />
information is contained in security advisory <strong>FreeBSD</strong>-SA-02:37 20 . [MERGED]<br />
Several bounds-checking bugs in system calls, which could result in some system calls returning a large portion of<br />
kernel memory, have been fixed. More information can be found in security advisory <strong>FreeBSD</strong>-SA-02:38 21 .<br />
[MERGED]<br />
A bug that could allow applications using libkvm to leak sensitive file descriptors has been corrected. (See security<br />
advisory <strong>FreeBSD</strong>-SA-02:39 22 for more details.) [MERGED]<br />
Buffer overflows in kadmind(8) and k5admin have been corrected. More details can be found in security advisory<br />
<strong>FreeBSD</strong>-SA-02:40 23 . [MERGED]<br />
10. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:26.accept.asc<br />
11. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:27.rc.asc<br />
12. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:28.resolv.asc<br />
13. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:29.tcpdump.asc<br />
14. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:30.ktrace.asc<br />
15. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:32.pppd.asc<br />
16. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:33.openssl.asc<br />
17. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:34.rpc.asc<br />
18. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:35.ffs.asc<br />
19. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:36.nfs.asc<br />
20. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:37.kqueue.asc<br />
21. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:38.signed-error.asc<br />
22. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:39.libkvm.asc<br />
23. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:40.kadmind.asc<br />
12
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
Errors in smrsh(8), which could allow users to circumvent restrictions on what programs can be executed, have been<br />
fixed. See <strong>FreeBSD</strong>-SA-02:41 24 for details. [MERGED]<br />
Buffer overflows in the DNS resolver(3), which could cause some applications to fail, have been corrected. More<br />
details are in <strong>FreeBSD</strong>-SA-02:42 25 . [MERGED]<br />
Multiple vulnerabilities in BIND have been fixed, as described in <strong>FreeBSD</strong>-SA-02:43 26 . [MERGED]<br />
2.3 Userland Changes<br />
Support for a.out(5) format executables in the compiler toolchain has been largely removed.<br />
Note: This is a work in progress. Eventually, a.out(5) support will resurface in a series of ports/packages.<br />
arp(8) now prints [fddi] or [atm] tags for addresses on interfaces of those types.<br />
<strong>The</strong> asa(1) utility, to interpret FORTRAN carriage-control characters, has been added.<br />
at(1) now supports the -r command-line option to remove jobs and the -t option to specify times in POSIX time<br />
format.<br />
<strong>The</strong> system awk(1) now refers to BWK awk.<br />
basename(1) now accept -a and -s flags, which allow it to perform the basename(3) function on multiple files.<br />
biff(1) now accepts a b argument to enable “bell notification” of new mail (which does not disturb the terminal<br />
contents as biff y would). [MERGED]<br />
biff(1) now uses the first terminal associated with the standard input, standard output or standard error file descriptor,<br />
in that order. Thus, it is possible to use the redirection facilities of a shell (biff n < /dev/ttyp1) to toggle the<br />
notification for other terminals.<br />
burncd(8) now supports Disk At Once (DAO) mode, selectable via the -d flag. [MERGED]<br />
burncd(8) now has the ability to write VCDs/SVCDs. [MERGED]<br />
burncd(8) now accepts a value of max for its -s option to set the drive’s maximum write speed.<br />
bzgrep(1), bzegrep(1), and bzfgrep(1) have been added to perform grep(1)-type operations on bzip2(1)-compressed<br />
files.<br />
calendar(1) now takes a -W option, which operates similar to -A but without special treatment at weekends, and a<br />
-Foption to change the notion of “Friday”.<br />
catman(1) is now a C program, instead of a Perl script.<br />
cdcontrol(1) now supports a speed command to set the maximum speed to be used by the drive (the maximum<br />
possible speed can be selected setting the speed to max).<br />
24. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:41.smrsh.asc<br />
25. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:42.resolv.asc<br />
26. ftp://ftp.<strong>FreeBSD</strong>.org/pub/<strong>FreeBSD</strong>/CERT/advisories/<strong>FreeBSD</strong>-SA-02:43.bind.asc<br />
13
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
A check_utility_compat(3) library function has been added to libc, to determine whether certain <strong>FreeBSD</strong> base<br />
system utilities should behave in <strong>FreeBSD</strong> 4-compatible mode or in a “standard” mode (default standard). <strong>The</strong><br />
configuration is done malloc(3)-style, with either an environment variable or a symbolic link.<br />
chflags(1) has moved from /usr/bin to /bin.<br />
chmod(1) now supports a -h for changing the mode of a symbolic link.<br />
chmod(1) now also, when the mode is modified, prints the old and new modes if the -v option is specified more than<br />
once.<br />
chown(8) no longer takes . as a user/group delimeter. This change was made to support usernames containing a ..<br />
Use of the CSMG_* macros no longer require inclusion of <br />
A compat4x distribution has been added for compatibility with <strong>FreeBSD</strong> 4-STABLE.<br />
cp(1) now takes a (nonstandard) -n option to automatically answer “no” when it would ask to overwrite a file.<br />
[MERGED]<br />
A new csplit(1) utility, which splits files based on context, has been added.<br />
ctags(1) now creates tags for typedefs, structs, unions, and enums by default (implying the -t option). <strong>The</strong> new -T<br />
reverts to the old behavior.<br />
<strong>The</strong> daemon(8) program, a command-line interface to daemon(3), has been added. It detaches itself from its<br />
controlling terminal and executes a program specified on the command line. This allows the user to run an arbitrary<br />
program as if it were written to be a daemon. [MERGED]<br />
<strong>The</strong> devd(8) utility, a userland daemon that can run arbitrary commands when devices come and go in the device<br />
tree, has been added. This program is a generalization of some of the functionality of pccardd(8).<br />
Note: devd(8) is work-in-progress.<br />
devinfo(8), a simple tool to print the device tree and resource usage by devices, has been added.<br />
diskpart(8) has been declared obsolete, and has been removed.<br />
dump(8) now supports a new -S flag to allow it to just print out the dump size estimates and exit. [MERGED]<br />
expr(1) is now compliant with POSIX.2-1992 (and thus also with POSIX.1-2001). Some program depend on the old,<br />
historic behavior and do not properly protect their arguments to keep them from being misinterpreted as<br />
command-line options. (the devel/libtool port/package, used by many GNU programs, is a notable example).<br />
<strong>The</strong> old behavior can be requested by enabling compatibility mode for expr(1) as described in<br />
check_utility_compat(3).<br />
fbtab(5) now accepts glob matching patterns for target devices, not just individual devices and directories.<br />
fdread(1), a program to read data from floppy disks, has been added. It is a counterpart to fdwrite(1) and is designed<br />
to provide a means of recovering at least some data from bad media, and to obviate for a complex invocation of dd(1).<br />
finger(1) now has support for a .pubkey file. [MERGED]<br />
finger(1) now supports a -g flag to restrict the printing of GECOS information to the user’s full name only.<br />
[MERGED]<br />
finger(1) now supports the -4 and -6 flags to specify an address family for remote queries. [MERGED]<br />
14
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
fold(1) now supports a -b flag to break at byte positions and a -s flag to break at word boundaries. [MERGED]<br />
fsck(8) wrappers have been imported; this feature provides infrastructure for fsck(8) to work on different types of<br />
filesystems (analogous to mount(8)).<br />
<strong>The</strong> behavior of fsck(8) when dealing with various passes (a la /etc/fstab) has been modified to accommodate<br />
multiple-disk filesystems.<br />
fsck(8) now has support for foreground (-F) and background (-B) checks. Traditionally, fsck(8) is invoked before the<br />
filesystems are mounted and all checks are done to completion at that time. If background checking is available,<br />
fsck(8) is invoked twice. It is first invoked at the traditional time, before the filesystems are mounted, with the -F flag<br />
to do checking on all the filesystems that cannot do background checking. It is then invoked a second time, after the<br />
system has completed going multiuser, with the -B flag to do checking on all the filesystems that can do background<br />
checking. Unlike the foreground checking, the background checking is started asynchronously so that other system<br />
activity can proceed even on the filesystems that are being checked. Boot-time enabling of this feature is controlled<br />
by the background_fsck option in rc.conf(5).<br />
fsck_ffs(8) now supports background filesystem checks to mounted FFS filesystems with the -B option (softupdates<br />
must be enabled on these filesystems). <strong>The</strong> -F flag now determines whether a specified filesystem needs foreground<br />
checking.<br />
ftpd(8) now supports the -m option to permit guest users to modify existing files if allowed by filesystem<br />
permissions. In particular, this enables guest users to resume uploads. [MERGED]<br />
ftpd(8) now supports the -M option to prevent guest users from creating directories. [MERGED]<br />
ftpd(8) now supports -o and -O options to disable the RETR command; the former for everybody, and the latter only<br />
for guest users. Coupled with -A and appropriate file permissions, these can be used to create a relatively safe<br />
anonymous FTP drop box for others to upload to. [MERGED]<br />
ftpd(8) now supports the -W option to disable logging FTP sessions to wtmp(5). [MERGED]<br />
<strong>The</strong> getconf(1) utility has been added. It prints the values of POSIX or X/Open path or system configuration<br />
variables. [MERGED]<br />
gifconfig(8) is obsolete and has been removed. Its functionality is now handled by the tunnel and deletetunnel<br />
commands of ifconfig(8).<br />
gprof(1) now has a -K option to enable dynamic symbol resolution from the currently-running kernel. With this<br />
change, properly-compiled KLD modules are now able to be profiled.<br />
<strong>The</strong> ibcs(8), linux(8), osf1(8), and svr4(8) scripts, whose sole purpose was to load emulation kernel modules, have<br />
been removed. <strong>The</strong> kernel module system will automatically load them as needed to fulfill dependencies.<br />
ifconfig(8) now has the ability to set promiscuous mode on an interface, via the new promisc flag. [MERGED]<br />
ifconfig(8) now supports a monitor interface flag, which blocks transmission of packets on that interface. This<br />
feature is useful for monitoring network traffic without interacting with the network in question.<br />
By default, inetd(8) is no longer run by rc(8) at boot-time, although sysinstall(8) gives the option of enabling it<br />
during binary installations. inetd(8) can also be enabled by adding the following line to /etc/rc.conf:<br />
inetd_enable="YES"<br />
inetd(8) now has the capability for limiting the maximum number of simultaneous invocations of each service from a<br />
single IP address. [MERGED]<br />
ipfw(8) filter rules can now match on the value of the IPv4 precedence field.<br />
15
kbdmap(1) and vidfont(1) have been converted from Perl to C.<br />
kenv(1) now has the ability to set or delete kernel environment variables.<br />
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
<strong>The</strong> kget(8) utility has been removed (it was only useful for UserConfig, which is not present in <strong>FreeBSD</strong> <strong>5.0</strong>-<strong>DP2</strong>).<br />
killall(1) no longer tries to kill zombie processes unless the -z flag is specified.<br />
ktrdump(8), a utility to dump the ktr trace buffer from userland, has been added.<br />
ldd(1) now supports a -a flag to list all the objects that are needed by each loaded object.<br />
libc is now thread-safe by default; libc_r contains only thread functions.<br />
libstand now has support for overwriting the contents of a file on a UFS filesystem (it cannot expand or truncate<br />
files because the filesystem may be dirty or inconsistent).<br />
libgmp has been superceded by libmp.<br />
<strong>The</strong> functions from libposix1e have been integrated into libc.<br />
lock(1) now accepts a -v to disable switching VTYs while the current terminal is locked. This permits locking the<br />
entire console from a single terminal. [MERGED]<br />
lpc(8) has been improved; lpc clean is now somewhat safer, and a new lpc tclean command has been added to<br />
check to see what files would be removed by lpc clean. lpc topq has been reimplemented, and now allows for a<br />
much more flexible specification of which jobs should be moved (such as a range of job numbers, or a hostname). An<br />
lpc bottomq command has been added to move jobs to the bottom of a print queue, and a new lpc setstatus<br />
command can be used to set a printer’s status message. [MERGED]<br />
<strong>The</strong> ls(1) program now supports a -m flag to list files across a page, a -p flag to force printing of a / after directories,<br />
and a -x flag to sort filenames across a page. [MERGED]<br />
makewhatis(1) is now a C program, instead of a Perl script.<br />
man(1) is no longer installed SUID man, in order to reduce vulnerabilities associated with generating “catpages”<br />
(preformatted manual pages cached for repeated viewing). As a result, man(1) can no longer create system catpages<br />
on a regular user’s behalf. It is still able to do so if the user has write permissions to the directory holding catpages<br />
(e.g. a user’s own manpages) or if the running user is root.<br />
<strong>The</strong> mdmfs(8) command has been added; it is a wrapper around mdconfig(8), disklabel(8), newfs(8), and mount(8)<br />
that mimics the command line option set of the deprecated mount_mfs(8).<br />
mesg(1) now conforms to SUSv3. Among other things, it now uses the first terminal associated with the standard<br />
input, standard output or standard error file descriptor, in that order. Thus, it is possible to use the redirection<br />
facilities of a shell (mesg n < /dev/ttyp1) to control write access for other terminals.<br />
mountd(8) and nfsd(8) have moved from /sbin to /usr/sbin.<br />
mv(1) now takes a (nonstandard) -n option to automatically answer “no” when it would ask to overwrite a file.<br />
[MERGED]<br />
A number of archaic features of newfs(8) have been removed; these implement tuning features that are essentially<br />
useless on modern hard disks. <strong>The</strong>se features were controlled by the -O, -d, -k, -l, -n, -p, -r, -t, and -x flags.<br />
newfs(8) now supports a -O flag to select the creation of UFS1 or UFS2 filesystems.<br />
<strong>The</strong> newgrp(1) utility to change to a new group has been added.<br />
newsyslog(8) now compresses log files using bzip2(1) by default. (<strong>The</strong> former behavior of using gzip(1) can be<br />
specified in /etc/newsyslog.conf.)<br />
16
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
<strong>The</strong> nextboot(8) utility has been added to specify an alternate kernel and/or boot flags to be used the next time the<br />
machine is booted. A previous incarnation of this feature first appeared in <strong>FreeBSD</strong> 2.2.<br />
NFS now works over IPv6.<br />
nice(1) now uses the -n option to specify the “niceness” of the utility being run. [MERGED]<br />
nsswitch support has been merged from NetBSD. By creating an nsswitch.conf(5) file, <strong>FreeBSD</strong> can be configured<br />
so that various databases such as passwd(5) and group(5) can be looked up using flat files, NIS, or Hesiod. If<br />
/etc/nsswitch.conf does not exist, it will be automatically generated from an existing /etc/hosts.conf at<br />
system startup time. <strong>The</strong> /etc/hosts.conf file may be used by old executables; it will be automatically generated<br />
from an existing /etc/nsswitch.conf during system startup if it exists.<br />
od(1) now supports the -A option to specify the input address base, the -N option to specify the number of bytes to<br />
dump, the -j option to specify the number of bytes to skip, the -s option to output signed decimal shorts, and the -t<br />
option to specify output type. [MERGED]<br />
<strong>The</strong> ofwdump(8) utility has been added to examine the OpenFirmware device tree.<br />
PAM support has been added for account management and sessions.<br />
PAM configuration is now specified by files in /etc/pam.d/, rather than a single /etc/pam.conf file.<br />
/etc/pam.d/README has more details.<br />
A pam_echo(8) echo service module has been added.<br />
A pam_exec(8) program execution service module has been added.<br />
A pam_ftp(8) module has been added to allow authentication of anonymous FTP users.<br />
A pam_ftpusers(8) module has been added to perform checks against the ftpusers(5) file.<br />
A pam_ksu(8) module has been added to do Kerberos 5 authentication and $HOME/.k5login authorization for<br />
su(1).<br />
A pam_lastlog(8) module has been added to record sessions in the utmp(5), wtmp(5), and lastlog(5) databases.<br />
A pam_login_access(8) module has been added, to allow checking against /etc/login.access.<br />
<strong>The</strong> pam_nologin(8) module, which can disallow logins using nologin(5), has been added.<br />
<strong>The</strong> pam_opie(8) and pam_opieaccess(8) modules have been added to control authentication via opie(4). [MERGED]<br />
A pam_passwdqc(8) module has been added, to check the quality of passwords submitted during password changes.<br />
A pam_rhosts(8) module has been added to support rhosts(5) authentication.<br />
<strong>The</strong> pam_rootok(8) module, which can be used to authenticate only the superuser, has been added.<br />
A pam_securetty(8) module has been added to check the “security” of a TTY, as listed in ttys(5).<br />
A pam_self(8) module, which allows self-authentication of a user, has been added.<br />
A pam_wheel(8) module has been added to permit authentication to members of a group, which defaults to wheel.<br />
<strong>The</strong> pathchk(1) utility, which checks pathnames for validity or portability between POSIX systems, has been added.<br />
[MERGED]<br />
ping(8) now supports a -o flag to exit after receiving a reply.<br />
prefix(8) is obsolete and has been removed. Its functionality is provided by the eui64 command to ifconfig(8).<br />
<strong>The</strong> pselect(3) library function (introduced by POSIX.1 as a slightly stronger version of select(2)) has been added.<br />
17
pwd(1) now supports the -L flag to print the logical current working directory. [MERGED]<br />
quota(1) now takes a -l flag to suppress quote checks on NFS filesystems.<br />
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
<strong>The</strong> pseudo-random number generator implemented by rand(3) has been improved to provide less biased results.<br />
rcmd(3) now supports the use of the RSH environment variable to specify a program to use other than rsh(1) for<br />
remote execution. As a result, programs such as dump(8), can use ssh(1) for remote transport.<br />
rdist(1) has been retired from the base system, but is still available from <strong>FreeBSD</strong> Ports Collection as<br />
net/44bsd-rdist.<br />
<strong>The</strong> renice(8) command implements a -n option, which specifies an increment to be applied to the priority of a<br />
process. [MERGED]<br />
rpcbind(8) has replaced portmap(8).<br />
rpcgen(1) now uses /usr/bin/cpp (as on NetBSD), not /usr/libexec/cpp.<br />
rpc.lockd(8) has been imported from NetBSD. This daemon provides support for servicing client NFS locks.<br />
rtld(1) will now print the names of all objects that cause each object to be loaded, if the<br />
LD_TRACE_LOADED_OBJECTS_ALL environment variable is defined.<br />
sed(1) now takes a -i option to enable in-place editing of files. [MERGED]<br />
<strong>The</strong> setfacl(1) and getfacl(1) commands have been added to manage filesystem Access Control Lists.<br />
sh(1) no longer implements printf as a built-in command because it was considered less valuable compared to the<br />
other built-in commands (this functionality is, of course, still available through the printf(1) executable).<br />
sh(1) now supports a -C option to prevent existing regular files from being overwritten by output redirection, and a<br />
-u to give an error if an unset variable is expanded. [MERGED]<br />
<strong>The</strong> sh(1) built-in cd command now supports -L and -P flags to invoke logical or physical modes of operation,<br />
respectively. Logical mode is the default, but the default can be changed with the physical sh(1) option.<br />
[MERGED]<br />
<strong>The</strong> sh(1) built-in jobs command now supports a -s flag to output PIDs only and a -l flag to add PIDs to the<br />
output. [MERGED]<br />
sh(1) now supports a bind built-in command, which allows the key bindings for the shell’s line editor to be changed.<br />
<strong>The</strong> sh(1) built-in export and readonly commands now support a -p flag to print their output in “portable”<br />
format. [MERGED]<br />
sh(1) no longer accepts invalid constructs as command & && command, && command, or || command.<br />
[MERGED]<br />
spkrtest(8) is now a sh(1) script, rather than a Perl script.<br />
split(1) now supports a -a option to specify the number of letters to use for the suffix of split files. [MERGED]<br />
In preparation for meeting SUSv2/POSIX requirements, struct selinfo and related<br />
functions have been moved to .<br />
su(1) now uses PAM for authentication.<br />
sysctl(8) now accepts a -d flag to print the descriptions of variables.<br />
<strong>The</strong> default root partition in sysinstall(8) is now 100MB on the i386 and pc98, 120MB on the Alpha.<br />
18
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
sysinstall(8) now lives in /usr/sbin, which simplifies the installation process. <strong>The</strong> sysinstall(8) manpage is also<br />
installed in a more consistent fashion now.<br />
sysinstall(8) no longer mounts the procfs(5) filesystem by default on new installs.<br />
tabs(1), a utility to set terminal tab stops, has been added.<br />
<strong>The</strong> termcap(5) database now uses the xterm terminal type from XFree86. As a result, xterm(1) now supports color<br />
by default and the common workaround of setting TERM to xterm-color is no longer necessary. Use of the<br />
xterm-color terminal type may result in (benign) warnings from applications.<br />
tftpd(8) now supports RFC 2349 (TFTP Timeout Interval and Transfer Size Options); this feature is required by<br />
some firmware like EFI boot managers (at least on HP i2000 Itanium servers) in order to boot an image using TFTP.<br />
A version of Transport Independent RPC (TI-RPC) has been imported.<br />
tip(1) has been updated from OpenBSD, and has the ability to act as a cu(1) substitute.<br />
top(1) will now use the full width of its tty.<br />
touch(1) now takes a -h option to operate on a symbolic link, rather than what the link points to.<br />
tr(1) now has basic support for equivalence classes for locales that support them. [MERGED]<br />
tr(1) now supports a -C flag to complement the set of characters specified by the first string argument.<br />
tunefs(8) now supports the -a and -l flags to enable and disable the FS_ACLS and FS_MULTILABEL administrative<br />
flags on UFS file system.<br />
A ugidfw(8) utility has been added to manage the rulesets provided by the mac_bsdextended Mandatory Access<br />
Control policy, similar to ipfw(8).<br />
UUCP has been removed from the base system. It can be found in the Ports Collection, in net/freebsd-uucp.<br />
unexpand(1) now supports a -t to specify tabstops analogous to expand(1). [MERGED]<br />
usbdevs(8) now supports a -d flag to show the device driver associated with each device.<br />
<strong>The</strong> base64 capabilities of uuencode(1) and uudecode(1) can now be automatically enabled by invoking these<br />
utilities as b64encode(1) and b64decode(1) respectively. [MERGED]<br />
Functions to implement and manipulate OSF/DCE 1.1-compliant UUIDs have been added to libc. More<br />
information can be found in uuid(3).<br />
<strong>The</strong> uuidgen(1) utility has been added. It uses the new uuidgen(2) system call to generate one or more Universally<br />
Unique Identifiers compatible with OSF/DCE 1.1 version 1 UUIDs.<br />
vidcontrol(1) now accepts a -S to allow the user to disable VTY switching. [MERGED]<br />
<strong>The</strong> default stripe size in vinum(8) has been changed from 256KB to 279KB, to spread out superblocks more evenly<br />
between stripes.<br />
wc(1) now supports a -m flag to count characters, rather than bytes.<br />
whereis(1), formerly a Perl script, has been rewritten in C. It now supports a -x flag to suppress the run of locate(1),<br />
and a -q flag suppresses the leading name of the query.<br />
whereis(1) now supports a -a flag to report all matches instead of only the first of each requested type.<br />
which(1) is now a C program, rather than a Perl script.<br />
who(1) now has a number of new options: -H shows column headings; -T shows mesg(1) state; -m is an equivalent<br />
to am i; -u shows idle time; -q to list names in columns. [MERGED]<br />
19
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
wicontrol(8) now supports a -l to list the stations associated in hostap mode and a -L to list available access points.<br />
xargs(1) now supports a -I replstr option that allows the user to tell xargs(1) to insert the data read from standard<br />
input at specific points in the command line arguments rather than at the end. (A <strong>FreeBSD</strong>-specific -J option is<br />
similar.) [MERGED]<br />
xargs(1) now supports a -L option to force its utility argument to be called after some number of lines. [MERGED]<br />
Various routines in the C library now have support for “wide” characters. Among these are character class functions<br />
such as wctype(3), wide character I/O functions such as getwc(3), formatted I/O functions such as wprintf(3) and<br />
wscanf(3). Conversion functions to multibyte(3) characters are also supported.<br />
A number of utilities and libraries were enhanced to improve their conformance with the Single UNIX Specification<br />
(SUSv3) and IEEE Std 1003.1-2001 (“POSIX.1”). Specific features added have been listed in the release notes for<br />
each utility. <strong>The</strong> standards conformance of each utility or library function is generally listed in its manual page.<br />
A number of games have been removed from the base system. <strong>The</strong>se include: adventure(6), arithmetic(6), atc(6),<br />
backgammon(6), battlestar(6), bs(6), canfield(6), cribbage(6), fish(6), hack(6), hangman(6), larn(6), mille(6),<br />
phantasia(6), piano(6), pig(6), quiz(6), rain(6), robots(6), rogue(6), sail(6), snake(6), trek(6), wargames(6), worm(6),<br />
worms(6), wump(6). dm(8), which was used to control access to games, is no longer necessary, and has also been<br />
removed. <strong>The</strong> “utility-like” games, as well as fortune(6), remain.<br />
Note: <strong>The</strong> affected programs will reappear as a port in the Ports Collection. This note will contain a pointer to<br />
that port, once it has been committed.<br />
2.3.1 Contributed Software<br />
am-utils has been updated to 6.0.7.<br />
A 10 February 2002 snapshot of awk from Bell Labs (variously known as “BWK awk” or “<strong>The</strong> One True AWK”)<br />
has been imported. It is available as awk or nawk.<br />
BIND has been updated to 8.3.3. [MERGED]<br />
Binutils has been updated to a pre-release snapshot of 2.13.1 from 11 October 2002.<br />
file has been updated to 3.39.<br />
gcc has been updated to a pre-release snapshot of gcc 3.2.1, from 9 October 2002.<br />
Warning: <strong>The</strong> C++ ABI from gcc 3.2.X is not compatible with previous versions.<br />
gdb has been updated to version 5.2.1.<br />
gperf has been updated to 2.7.2.<br />
groff and its related utilities have been updated to FSF version 1.18.1.<br />
Heimdal Kerberos has been updated to a pre-0.5 snapshot from 16 September 2002.<br />
<strong>The</strong> ISC DHCP client has been updated to 3.0.1RC9.<br />
20
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
<strong>The</strong> more(1) command has been replaced by less(1), although it can still be run as more. [MERGED] Version 371 of<br />
less has been imported.<br />
An XML processing library, named libbsdxml, has been added for the benefit of XML-using utilities in the base<br />
system. It is based almost entirely on an import of expat 1.95.5, but is installed under a different name to avoid<br />
conflicts with any versions of expat installed from the Ports Collection.<br />
libpcap has been updated to 0.7.1. [MERGED]<br />
libreadline has been updated to 4.2.<br />
libz has been updated to 1.1.4.<br />
lint has been updated to snapshot of NetBSD lint(1) as of 19 July 2002.<br />
lukemftp 1.6 beta 2 (the FTP client from NetBSD) has replaced the <strong>FreeBSD</strong> ftp(1) program. Among its new<br />
features are more automation methods, better standards compliance, transfer rate throttling, and a customizable<br />
command-line prompt. Some environment variables and command-line arguments have changed.<br />
<strong>The</strong> FTP daemon from NetBSD, otherwise known as lukemftpd 1.2 beta 1, has been imported and is available as<br />
lukemftpd(8). [MERGED]<br />
m4(1) has been imported from OpenBSD, as of 26 April 2002. [MERGED]<br />
ncurses has been updated to 5.2-20020615.<br />
<strong>The</strong> NTP suite of programs has been updated to 4.1.1b.<br />
OpenPAM (“Citronella” release) has been imported, replacing Linux-PAM.<br />
<strong>The</strong> OPIE one-time-password suite has been updated to 2.4. It has completely replaced the functionality of S/Key.<br />
[MERGED]<br />
Perl has been removed from the <strong>FreeBSD</strong> base system. It can still be installed from the <strong>FreeBSD</strong> Ports Collection or<br />
as a binary package; moving it out of the base system will make future upgrades and maintenence easier. To reduce<br />
the dependence of the base system on Perl, many utilities have been rewritten as shell scripts or C programs (specific<br />
notes are made for each affected utility). /usr/bin/perl is now a “wrapper” program, so that programs expecting<br />
to find a Perl interpreter there will be able to function correctly.<br />
Warning: <strong>The</strong> Perl removal and package integration work is ongoing.<br />
GNU ptx has been removed from the base system. It is not used anywhere in the base system, and has not been<br />
recently updated or maintained. Users requiring its functionality can install this utility as a part of the<br />
textproc/textutils port.<br />
<strong>The</strong> rc.d framework from NetBSD has been imported. It breaks down the system startup functionality into a<br />
number of small, “task-oriented” scripts in /etc/rc.d, with dynamic-determined ordering of startup scripts<br />
performed at boot-time.<br />
GNU sort has been updated to the version from GNU textutils 2.0.21.<br />
stat(1) from NetBSD, as of 5 June 2002 has, been imported.<br />
GNU tar has been updated to 1.13.25. [MERGED]<br />
tcpdump has been updated to 3.7.1. [MERGED]<br />
21
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
<strong>The</strong> csh(1) shell has been replaced by tcsh(1), although it can still be run as csh. tcsh has been updated to version<br />
6.12. [MERGED]<br />
<strong>The</strong> contributed version of tcp_wrappers now includes the tcpd(8) helper daemon. While not strictly necessary in a<br />
standard <strong>FreeBSD</strong> installation (because inetd(8) already incorporates this functionality), this may be useful for<br />
inetd(8) replacements such as xinetd. [MERGED]<br />
texinfo has been updated to 4.2. [MERGED]<br />
top has been updated to version 3.5b12. [MERGED]<br />
traceroute has been updated to LBL version 1.4a12.<br />
<strong>The</strong> timezone database has been updated to the tzdata2002d release. [MERGED]<br />
2.3.1.1 CVS<br />
cvs has been updated to 1.11.2. [MERGED]<br />
2.3.1.2 CVSup<br />
2.3.1.3 KAME<br />
2.3.1.4 OpenSSH<br />
OpenSSH has been updated to version 3.1. [MERGED] Among the changes:<br />
• <strong>The</strong> *2 files are obsolete (for example, ~/.ssh/known_hosts can hold the contents of<br />
~/.ssh/known_hosts2).<br />
• ssh-keygen(1) can import and export keys using the SECSH Public Key File Format, for key exchange with<br />
several commercial SSH implementations.<br />
• ssh-add(1) now adds all three default keys.<br />
• ssh-keygen(1) no longer defaults to a specific key type; one must be specified with the -t option.<br />
OpenSSH has been updated to 3.4p1. [MERGED] <strong>The</strong> main changes are:<br />
• A “privilege separation” feature, which uses unprivileged processes to contain and restrict the effects of future<br />
compromises or programming errors.<br />
• Several bugfixes, including closure of a security hole that could lead to an integer overflow and undesired privilege<br />
escalation.<br />
22
2.3.1.5 OpenSSL<br />
OpenSSL has been updated to 0.9.6g. [MERGED]<br />
2.3.1.6 sendmail<br />
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
sendmail has been updated from version 8.9.3 to version 8.12.6. Important changes include: sendmail(8) is no longer<br />
installed as a set-user-ID root binary (now set-group-ID smmsp); new default file locations (see<br />
/usr/src/contrib/sendmail/cf/README); newaliases(1) is limited to root and trusted users; STARTTLS<br />
encryption; and the MSA port (587) is turned on by default. See /usr/src/contrib/sendmail/RELEASE_NOTES<br />
for more information. [MERGED]<br />
By default, rc(8) no longer enables sendmail for inbound SMTP connections. Note that sysinstall(8) may override<br />
this default for a binary installation, based on what security profile is selected. This functionality can also be<br />
manually enabled by adding the following line to /etc/rc.conf:<br />
sendmail_enable="YES"<br />
<strong>The</strong> permissions for sendmail alias and map databases built via /etc/mail/Makefile now default to mode 0640<br />
to protect against a file locking local denial of service. It can be changed by setting the new SENDMAIL_MAP_PERMS<br />
make.conf option. [MERGED]<br />
<strong>The</strong> permissions for the sendmail statistics file, /var/log/sendmail.st, have been changed from mode 0644 to<br />
mode 0640 to protect against a file locking local denial of service. [MERGED]<br />
2.3.2 Ports/Packages Collection Infrastructure<br />
BSDPAN, a collection of modules that provides tighter integration of Perl into the <strong>FreeBSD</strong> Ports Collection, has<br />
been added.<br />
For some time, <strong>FreeBSD</strong> <strong>5.0</strong>-CURRENT (as well as some 4.X releases) included a pkg_update(1) utility to update<br />
installed packages, as well as their dependencies. This utility has been removed; a superset of its functionality can be<br />
found in the sysutils/portupgrade port.<br />
pkg_version(1), formerly a Perl script, has been rewritten in C.<br />
<strong>The</strong> Ports Collection infrastructure now uses XFree86 4.2.1 as the default version of the X Window System for the<br />
purposes of satisfying dependencies. To return to using XFree86 3.3.6, add the following line to /etc/make.conf:<br />
[MERGED]<br />
XFREE86_VERSION=3<br />
<strong>The</strong> libraries installed by the emulators/linux_base port (required for Linux emulation) have been updated; they<br />
now correspond to those included with Red Hat Linux 7.1. [MERGED]<br />
By default, packages generated by the Ports Collection (as well as the packages on the FTP sites) are now<br />
compressed using bzip2(1), rather than gzip(1). (Thus, they now have a .tbz extension, rather than a .tgz<br />
extension.) <strong>The</strong> package tools have been updated to handle the new format.<br />
23
2.4 <strong>Release</strong> Engineering and Integration<br />
<strong>FreeBSD</strong>/<strong>sparc64</strong> <strong>5.0</strong>-<strong>DP2</strong> <strong>Release</strong> <strong>Notes</strong><br />
<strong>The</strong> bin distribution has been renamed base, in order to make creation of combined install/recovery disks easier.<br />
It is now possible to make releases of <strong>FreeBSD</strong> 5-CURRENT on a <strong>FreeBSD</strong> 4-STABLE host and vice versa.<br />
Cross-architecture (building a release for a target architecture on a host of a different architecture) releases are also<br />
possible. See release(7) for details. [MERGED]<br />
A third drivers.flp floppy has been added to floppy releases. It holds loadable modules containing drivers that do<br />
not fit in the kernel on the kern.flp disk or in the mfsroot.flp image.<br />
2.5 Documentation<br />
A number of formerly-encumbered documents from the 4.4 BSD Programmer’s Supplementary Documents have<br />
been restored to /usr/share/doc/psd. <strong>The</strong>se include:<br />
• <strong>The</strong> UNIX Time-Sharing System (01.cacm)<br />
• UNIX Implementation (02.implement)<br />
• <strong>The</strong> UNIX I/O System (03.iosys)<br />
• UNIX Programming — Second Edition (04.uprog)<br />
• <strong>The</strong> C Programming Language — Reference Manual (06.Clang)<br />
• Yacc: Yet Another Compiler-Compiler (15.yacc)<br />
• Lex — A Lexical Analyzer Generator (16.lex)<br />
• <strong>The</strong> M4 Macro Processor (17.m4)<br />
Several formerly-encumbered documents from the 4.4 BSD User’s Supplementary Documents have been restored to<br />
/usr/share/doc/usd. <strong>The</strong>y include:<br />
• NROFF/TROFF User’s Manual (21.troff)<br />
• A TROFF Tutorial (22.trofftut)<br />
3 Upgrading from previous releases of <strong>FreeBSD</strong><br />
Users with existing <strong>FreeBSD</strong> systems are highly encouraged to read the “Early Adopter’s Guide to <strong>FreeBSD</strong> <strong>5.0</strong>”.<br />
This document generally has the filename EARLY.TXT on the distribution media, or any other place that the release<br />
notes can be found. It offers some notes on upgrading, but more importantly, also discusses some of the relative<br />
merits of upgrading to <strong>FreeBSD</strong> 5.X versus running <strong>FreeBSD</strong> 4.X.<br />
Important: Upgrading <strong>FreeBSD</strong> should, of course, only be attempted after backing up all data and configuration<br />
files.<br />
24