Date: Mon, 10 Jan 2011 18:02:48 +0000 (UTC) From: Hiroki Sato <hrs@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r217227 - in releng/8.2/release/doc: de_DE.ISO8859-1 en_US.ISO8859-1/relnotes fr_FR.ISO8859-1 ja_JP.eucJP ru_RU.KOI8-R share/sgml zh_CN.GB2312 Message-ID: <201101101802.p0AI2mYX088639@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hrs Date: Mon Jan 10 18:02:47 2011 New Revision: 217227 URL: http://svn.freebsd.org/changeset/base/217227 Log: - Bump version numbers for the upcoming release. - Clean up old entries. Approved by: re (implicit) Deleted: releng/8.2/release/doc/de_DE.ISO8859-1/ releng/8.2/release/doc/fr_FR.ISO8859-1/ releng/8.2/release/doc/ja_JP.eucJP/ releng/8.2/release/doc/ru_RU.KOI8-R/ releng/8.2/release/doc/zh_CN.GB2312/ Modified: releng/8.2/release/doc/en_US.ISO8859-1/relnotes/article.sgml releng/8.2/release/doc/share/sgml/release.ent Modified: releng/8.2/release/doc/en_US.ISO8859-1/relnotes/article.sgml ============================================================================== --- releng/8.2/release/doc/en_US.ISO8859-1/relnotes/article.sgml Mon Jan 10 17:45:09 2011 (r217226) +++ releng/8.2/release/doc/en_US.ISO8859-1/relnotes/article.sgml Mon Jan 10 18:02:47 2011 (r217227) @@ -15,7 +15,7 @@ <pubdate>$FreeBSD$</pubdate> <copyright> - <year>2010</year> + <year>2011</year> <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder> </copyright> @@ -132,64 +132,24 @@ <tbody> <row> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc" - >SA-09:15.ssl</ulink></entry> - <entry>3 Dec 2009</entry> - <entry><para>SSL protocol flaw</para></entry> - </row> - <row> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc" - >SA-09:16.rtld</ulink></entry> - <entry>3 Dec 2009</entry> - <entry><para>Improper environment sanitization in &man.rtld.1;</para></entry> - </row> - <row> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc" - >SA-09:17.freebsd-update</ulink></entry> - <entry>3 Dec 2009</entry> - <entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry> - </row> - <row> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc" - >SA-10:01.bind</ulink></entry> - <entry>6 Jan 2010</entry> - <entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry> - </row> - <row> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc" - >SA-10:02.ntpd</ulink></entry> - <entry>6 Jan 2010</entry> - <entry><para>ntpd mode 7 denial of service</para></entry> - </row> - <row> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc" - >SA-10:03.zfs</ulink></entry> - <entry>6 Jan 2010</entry> - <entry><para>ZFS ZIL playback with insecure permissions</para></entry> - </row> - <row> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc" - >SA-10:04.jail</ulink></entry> - <entry>27 May 2010</entry> - <entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry> - </row> - <row> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc" - >SA-10:05.opie</ulink></entry> - <entry>27 May 2010</entry> - <entry><para>OPIE off-by-one stack overflow</para></entry> - </row> - <row> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc" - >SA-10:06.nfsclient</ulink></entry> - <entry>27 May 2010</entry> - <entry><para>Unvalidated input in nfsclient</para></entry> - </row> - <row> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc" - >SA-10:07.mbuf</ulink></entry> - <entry>13 July 2010</entry> - <entry><para>Lost mbuf flag resulting in data corruption</para></entry> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc" + >SA-10:08.bzip2</ulink></entry> + <entry>20 September 2010</entry> + <entry><para>Integer overflow in bzip2 decompression</para></entry> + </row> +<!-- XXX: not for 8.2 + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:09.pseudofs.asc" + >SA-10:09.pseudofs</ulink></entry> + <entry>10 October 2010</entry> + <entry><para>Spurious mutex unlock</para></entry> + </row> +--> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:10.openssl.asc" + >SA-10:10.openssl</ulink></entry> + <entry>29 November 2010</entry> + <entry><para>OpenSSL multiple vulnerabilities</para></entry> </row> </tbody> </tgroup> @@ -199,1272 +159,68 @@ <sect2 id="kernel"> <title>Kernel Changes</title> - <para>The &man.ddb.4; debugger has been improved:</para> - - <itemizedlist> - <listitem> - <para>It now supports <command>show - ifnets</command> and <command>show ifnet <replaceable>struct - ifnet *</replaceable></command> commands to print a list of - <quote>ifnet *</quote> of each virtual network stack and - fields of specified <varname>fip</varname>, - respectively.</para> - </listitem> - - <listitem> - <para>It now supports <command>show all - lltables</command>, <command>show lltable - <replaceable>struct lltable *</replaceable></command>, and - <command>show llentry <replaceable>struct llentry - *</replaceable></command> commands to print a list of - <quote>lltable *</quote> of each virtual network stack, - fields of specified structures respectively.</para> - </listitem> - - <listitem> - <para>The <command>show mount</command> command now prints - active string mount options.</para> - </listitem> - - <listitem> - <para>It now supports <command>show - vnetrcrs</command> command to dump the whole log of - distinctive <varname>curvnet</varname> recursion - events.</para> - </listitem> - - <listitem> - <para>It now supports <command>show - vnet_sysinit</command> and <command>show - vnet_unsysinit</command> commands to print - ordered call lists.</para> - </listitem> - </itemizedlist> - - <para>A new kernel thread called <quote>deadlock - resolver</quote> has been added. This can be used to detect - possible deadlock by using information of thread state and - heuristic analysis. This is not enabled by default. To - enable this, an option <option>option DEADLKRES</option> in - kernel configuration file and recompilation of the - kernel.</para> - - <para>The default &man.devfs.5; rules now expose the upper 256 - of &man.pty.4; device nodes.</para> - - <para>Two commands to enable/disable read-ahead have been added - to &man.fcntl.2; system call:</para> - - <itemizedlist> - <listitem> - <para><varname>F_READAHEAD</varname> specifies the amount - for sequential access. The amount is specified in bytes and is - rounded up to nearest block size.</para> - </listitem> - - <listitem> - <para><varname>F_RDAHEAD</varname> is a Darwin compatible - version that use 128KB as the sequential access - size.</para> - </listitem> - </itemizedlist> - - <para>Note that the read-ahead amount is also limited by - sysctl variable <varname>vfs.read_max</varname>, which may - need to be raised in order to better utilize this - feature.</para> - - <para>The &man.lindev.4; driver has been added. This is for - supporting various Linux-specific pseudo devices such as - <filename>/dev/full</filename>. Note that this is not - included in <filename>GENERIC</filename> kernel.</para> - - <para>A POSIX function pselect(3) has been reimplemented as a - system call &man.pselect.2; to eliminate race - condition.</para> - - <para>A kernel option <option>option - INCLUDE_CONFIG_FILE</option> has been added to - <filename>GENERIC</filename> kernel by default.</para> - - <para>A bug in the &man.sched.4bsd.4; scheduler that the - timestamp for the sleeping operation is not cleaned up on the - wakeup has been fixed.</para> - - <para>A race condition in the &man.sched.4bsd.4; scheduler has - been fixed.</para> - - <para>A bug in the &man.sched.ule.4; scheduler which prevented - process usage (<literal>%CPU</literal>) from working correctly - has been fixed.</para> - - <para>New SDT (Statically Defined Tracing) probes such as ones - for <literal>opencrypto</literal> and <literal>vnet</literal> - have been added to &os; &man.dtrace.1; subsystem.</para> - - <para arch="powerpc">&os; now supports SMP in PowerPC G5 - systems. Note that SMP support on &os;/&arch.powerpc; is - disabled by default in <filename>GENERIC</filename> - kernel.</para> - - <para arch="sparc64">&os; now supports UltraSPARC IV, IV+, and - SPARC64 V CPUs.</para> - - <para>The &man.syscons.4; driver has been improved. The history - buffer can be fully saved/restored in the VESA mode switching - via a loader tunable - <varname>hint.sc.<replaceable>0</replaceable>.vesa_mode</varname>.</para> - - <para>A bug in the &man.tty.4; driver that - <varname>TIOCSTI</varname> did not work has been fixed. This - affects applications like &man.mail.1;.</para> - - <para arch="amd64,i386">An x86 real mode emulator based on - OpenBSD's x86emu implementation has been added to improve real - mode BIOS call support on both &arch.i386; and &arch.amd64;. - The &man.atkbdc.4;, &man.dpms.4;, vesa(4), &man.vga.4; driver - now use this emulator and work on the both platforms.</para> - - <para>The VIMAGE &man.jail.8; virtualization container can work - with &man.sctp.4; now. Note that the VIMAGE is not enabled by - default in <filename>GENERIC</filename> kernel.</para> - - <para>The VIMAGE &man.jail.8; now supports - <varname>ip4.saddrsel</varname>, - <varname>ip4.nosaddrsel</varname>, - <varname>ip6.saddrsel</varname>, and - <varname>ip6.nosaddrsel</varname> to control whether to use - source address selection or the primary jail address for - unbound outgoing connections. The default value is to use - source address selection.</para> + <para></para> <sect3 id="boot"> <title>Boot Loader Changes</title> - <para arch="pc98">The <filename>boot2</filename> bootcode has - been reimplemented based on the &arch.i386 counterpart. It - now supports ELF binary, UFS2 file system, and larger number - of slices.</para> - - <para arch="ia64">The EFI <filename>loader</filename> program - now supports a command-line option <option>-dev - <replaceable>currdev</replaceable></option> to specify the - default value of <varname>currdev</varname>. This option - can be set by the EFI boot manager.</para> - - <para arch="powerpc">The &man.loader.8; program now supports - U-Boot storage.</para> - - <para arch="i386">The algorithm the &man.loader.8; uses has - been improved to choose a memory range for its heap when - using a range above 1MB. This fixes a symptom that the - loader fails to load a kernel.</para> - - <para>A kernel environment variable - <varname>vfs.root.mountfrom</varname> now supports - multiple elements for root file system in a space-separated - list. Each list element will be tried in order and the - first available one will be mounted.</para> - - <para>The <filename>zfsloader</filename> has been added. This - is a separate &man.zfs.8; enabled loader. Note that a ZFS - bootcode (<filename>zfsboot</filename> or - <filename>gptzfsboot</filename>) need to be installed - to use this new loader.</para> - - <para>The <filename>zfsboot</filename> and - <filename>gptzfsboot</filename> bootcode now fully support - 64-bit LBAs for disk addresses. This allows booting from - large volumes.</para> + <para></para> </sect3> <sect3 id="proc"> <title>Hardware Support</title> - <para arch="powerpc">The <filename>adb</filename> driver now - supports for interpreting taps on ADB touchpads as a button - click.</para> - - <para>The amdsbwd(4) driver for AMD SB600/SB7xx watchdog - timer has been added.</para> - - <para arch="powerpc">The <filename>apt</filename> driver for - the Apple Touchpad present on MacBook has been added to - <filename>GENERIC</filename> kernel.</para> - - <para arch="sparc64">The epic(4) driver for the front panel - LEDs in Sun Fire V215/V245 has been added.</para> - - <para>A bug in the &man.ipmi.4; driver that caused incorrect - watchdog timer setting has been fixed.</para> - - <para arch="sparc64">The &man.pci.4; driver now supports a - JBus to PCIe bridge (called as <quote>Fire</quote>) found in - the Sun Fire V215/V245 and Sun Ultra 25/45 machines.</para> - - <para arch="powerpc">The &man.smu.4; driver now provides - thermal management and monitoring features. This allows fan - control and thermal monitoring on SMU-based Apple G5 - machines, as well as an &man.led.4; interface to control the - sleep LED.</para> - - <para>The &man.tnt4882.4; driver for IEEE-488 (GPIB) bus now - supports National Instruments TNT5004 chip.</para> - - <para>The &man.uart.4; driver now supports NetMos NM9865 - family of Serial/Parallel ports.</para> - - <para>The &man.uep.4; driver for USB onscreen touch panel - from eGalax has been added. This driver is supported by - <filename>x11-drivers/xf86-input-egalax</filename>.</para> - - <para>A bug in the &man.uftdi.4; driver that can allow to send - a zero length packet has been fixed.</para> - - <para>The &man.usb.4; subsystem now reports &man.devd.8; - <literal>notify</literal> events with the device properties - instead of <literal>attach</literal> events. The following is an - example entry of &man.devd.conf.5; to match a &man.umass.4; - device with a SCSI subclass and BBB protocol:</para> - - <programlisting>notify 100 { - match "system" "USB"; - match "subsystem" "INTERFACE"; - match "type" "ATTACH"; - match "intclass" "0x08"; - match "intsubclass" "0x06"; - match "intprotocol" "0x50"; - action "/path/to/command -flag"; -};</programlisting> + <para></para> <sect4 id="mm"> <title>Multimedia Support</title> - <para>The &man.acpi.video.4; driver now supports LCD - brightness control notify handler.</para> - - <para>The &man.acpi.sony.4; helper driver now supports - default display brightness, wired LAN power, and bass - gain.</para> - - <para>The &man.agp.4; driver has been improved. It includes - a fix for aperture size calculation issue which prevents - some graphics cards from working.</para> - - <para>The &man.snd.hda.4; driver now allows AD1981HD codecs - to use playback mixer.</para> - - <para>The &man.snd.hda.4; driver now supports multichannel - (4.0 and 7.1) playback support. The 5.1 mode support is - disabled now due to unidentified synchronization problem. - Devices which supports the 7.1 mode can handle the 5.1 - operation via software upmix done by &man.sound.4;. Note - that stereo stream is no longer duplicated to all - ports.</para> + <para></para> </sect4> <sect4 id="net-if"> <title>Network Interface Support</title> - <para>The &man.ath.4; driver now supports Atheros - AR9285-based devices.</para> - - <para>A bug in the &man.ath.4; driver which causes a problem - of AR5416-based chipsets including AR9285 has been fixed.</para> - - <para>The &man.bge.4; driver now supports BCM5761, BCM5784, and - BCM57780-based devices.</para> - - <para>The &man.bge.4; driver now supports TSO (TCP - Segmentation Offloading) on BCM5755 or newer - controllers.</para> - - <para>A long-standing bug in the &man.bge.4; driver which - was related to ASF heartbeat sending has been - fixed.</para> - - <para>A long-standing stability issue of the &man.bce.4; and - &man.bge.4; driver due to a hardware bug in its DMA - handling when the system has more than 4GB memory has been - fixed. This applies to BCM5714, BCM5715, and BCM5708 - controllers.</para> - - <para>A bug in the &man.bge.4; driver that incorrectly - enabled TSO on BCM5754/BCM5754M controllers has been - fixed.</para> - - <para>A bug in the &man.if.bridge.4; driver has been fixed. - The MTU was set based on the firstly-added member even if - the addition failed.</para> - - <para>The &man.if.bridge.4; driver now supports - <varname>SIOCSIFMTU</varname> ioctl. For example, - <command>ifconfig bridge0 mtu 1280</command> can change - the MTU of <literal>bridge0</literal> to - <literal>1280</literal>. Changing the MTU is allowed only - when all members have the same MTU value.</para> - - <para>The &man.bwn.4; driver for Broadcom BCM43xx chipsets - has been added.</para> - - <para>The &man.cxgb.4; driver has been updated to T3 - firmware 7.8.0.</para> - - <para>The &man.cxgb.4; driver now supports hardware - filtering based on inspection of L2/L3/L4 headers. - Filtering based on source IP address, destination IP - address, source port number, destination port number, - 802.1q VLAN frame tag, UDP, TCP, and MAC address is - possible. The configuration can be done by the - cxgbtool(8) utility. Note that cxgbtool(8) is in - <filename>src/usr.sbin/cxgbtool</filename> but not - compiled by default.</para> - - <para>The &man.em.4; driver has been updated to version - 7.0.5.</para> - - <para>The et(4) driver now supports MSI and Tx checksum - offloading of IPv4, TCP, and UDP.</para> - - <para>The &man.fxp.4; driver now exports the hardware MAC - statistics via sysctl variables.</para> - - <para>The &man.igb.4; driver has been updated to version - 1.9.5.</para> - - <para>The &man.iwn.4; driver has been updated. This - includes various improvements and bugfixes regarding RF - switch, bgscan support, suspend/resume support, locking - issue, and more. The line <literal>device iwnfw</literal> - in the kernel configuration file will include all firmware - images.</para> - - <para>The &man.ixgbe.4; driver has been updated to version - 2.2.0.</para> - - <para>The &man.msk.4; driver has been improved:</para> - - <itemizedlist> - <listitem> - <para>It now supports Marvell Yukon 88E8042, 88E8057, - 88E8059 (Yukon Optima) devices and DGE-560SX (Yukon - XL).</para> - </listitem> - - <listitem> - <para>A rudimentary interrupt moderation with - programmable countdown timer register has been - implemented. The default parameter of the holdoff - time is 100us and this can be changed via sysctl - variable - <varname>dev.mskc.<replaceable>0</replaceable>.int_holdoff</varname>. - Note that the interrupt moderation is shared resource - on a dual-port controllers and it is impossible to use - separate interrupt moderation values for each - port.</para> - </listitem> - - <listitem> - <para>A stability issue has been fixed. A heavy RX - traffic while rebooting is in progress could prevent - the system from working.</para> - </itemizedlist> - - <para>The &man.mxge.4; driver has been updated to firmware - version 1.4.50 from Myricom.</para> - - <para>The &man.re.4; driver no longer performs an - unnecessary interface up/down during getting IP address - via DHCP.</para> - - <para>The &man.re.4; driver now uses <literal>2048</literal> - as PCIe Maximum Read Request Size. This improves bulk - transfer performance.</para> - - <para>The &man.run.4; driver for Ralink - RT2700U/RT2800U/RT3000U USB 802.11agn devices has been - added.</para> - - <para>The sge(4) driver for Silicon Integrated Systems - SiS190/191 Fast/Gigabit Ethernet has been added. This - supports TSO and TSO over VLAN.</para> - - <para>The &man.ste.4; driver has been improved:</para> - - <itemizedlist> - <listitem> - <para>The DMA handling has been improved.</para> - </listitem> - - <listitem> - <para>Wake-On-LAN is now supported.</para> - </listitem> - - <listitem> - <para>Unnecessary reinitialization of the - interfaces has been eliminated.</para> - </listitem> - - <listitem> - <para>RX interrupt moderation with single shot timer has - been implemented. The default parameter of the - moderation time is 150us and this can be changed via - sysctl variable - <varname>dev.ste.<replaceable>0</replaceable>.int_rx_mod</varname>. - Setting it 0 effectively disables the RX interrupt - moderation feature.</para> - </listitem> - </itemizedlist> - - <para>The tsec(4) driver now supports &man.altq.4;.</para> - - <para>The &man.u3g.4; driver has been improved and now works - with ZTE MF636, Option Gi0322, Globetrotter GE40x, and - Novatel MC950D.</para> - - <para>The &man.uhso.4; driver for Option HSDPA USB devices - has been added. A new &man.uhsoctl.1; userland utility - can be used to initiate and close the WAN - connection.</para> - - <para>The &man.vge.4; driver has been improved:</para> - - <itemizedlist> - <listitem> - <para>The DMA handling has been improved.</para> - </listitem> - - <listitem> - <para>Wake-On-LAN is now supported.</para> - </listitem> - - <listitem> - <para>Unnecessary reinitialization of the - interfaces has been eliminated.</para> - </listitem> - - <listitem> - <para>Hardware MAC statistics are now supported via sysctl variables - <varname>dev.vge.<replaceable>0</replaceable>.stats</varname>.</para> - </listitem> - - <listitem> - <para>Interrupt moderation with single shot timer and - scheme supported by VT61xx controllers have been - implemented. The default parameters are tuned to - generate interrupt less than 8k per second, and these - parameters can be changed via sysctl variables - <varname>dev.vge.<replaceable>0</replaceable>.int_holdoff</varname>, - <varname>dev.vge.<replaceable>0</replaceable>.rx_coal_pkt</varname>, - and - <varname>dev.vge.<replaceable>0</replaceable>.tx_coal_pkt</varname>. - Note that an up/down cycle is needed to make a - parameter change take effect.</para> - </listitem> - </itemizedlist> - - <para>The &man.urtw.4; driver has been improved and now - supports RTL8187B-based devices.</para> - - <para>The &os; Xen netfront driver has been improved in - stability and performance.</para> + <para></para> </sect4> </sect3> <sect3 id="net-proto"> <title>Network Protocols</title> - <para>&os; flowtable now supports IPv6. This is for per-CPU - caching flows as a means of accelerating L3 and L2 lookups - as well as providing stateful load balancing when ECMP - (Equal-Cost Multi-Path routing) is enabled by <option>option - RADIX_MPATH</option>.</para> - - <para>A new capability flag <literal>LINKSTATE</literal> has - been added to <varname>struct - ifnet.if_capabilities</varname>. This indicates if the - interface can check the link state or not. The - &man.ifconfig.8; utility now shows this flag if - supported.</para> - - <para>A new event handler <varname>iflladdr_event</varname> - has been added. This signals that the L2 address on an - interface has changed, and lets stacked interfaces such as - &man.vlan.4; detect that their lower interface has changed - and adjust things in order to keep working. This fixes an - issue of &man.lagg.4; and &man.vlan.4; configuration.</para> - - <para>IPcomp (IP Payload Compression Protocol defined in RFC - 2393) protocol is now enabled by default. Note that this - requires <option>option IPSEC</option> in the kernel - configuration file and <filename>GENERIC</filename> kernel - does not include it. This functionality can be disabled by - using a sysctl variable - <varname>net.inet.ipcomp.ipcomp_enable</varname>.</para> - - <para>The &man.ipfw.4; subsystem including &man.dummynet.4; - has been updated to <quote>ipfw3</quote> and various bugs - have been fixed:</para> - - <itemizedlist> - <listitem> - <para>The major enhancement is a completely restructured - version of &man.dummynet.4;, with support for different - packet scheduling algorithms (loadable at runtime), - faster queue/pipe lookup, and a much cleaner internal - architecture and kernel/userland ABI which simplifies - future extensions.</para> - </listitem> - - <listitem> - <para>All of O(N) sequences in the firewall rule - evaluation removed from the kernel critical sections. - The worst case is now O(log N).</para> - </listitem> - - <listitem> - <para>It now supports <literal>ipfw0</literal> pseudo - interface for logging similar to &man.pflog.4;. A sysctl - <varname>net.inet.ip.fw.verbose=0</varname> enables logging - to <literal>ipfw0</literal>, and - <varname>net.inet.ip.fw.verbose=1</varname> sends logging to - &man.syslog.3; as before.</para> - </listitem> - - <listitem> - <para>The <literal>me</literal> keyword in the &man.ipfw.4; - rule now matches any IPv6 addresses configured on an - interface as well as IPv4 ones.</para> - </listitem> - - <listitem> - <para>A bug that <command>keep-alive</command> rule did - not work for IPv6 packets has been fixed.</para> - </listitem> - - <listitem> - <para>The <literal>lookup</literal> match option has been added.</para> - - <programlisting>lookup {dst-ip|src-ip|dst-port|src-port|uid|jail} <replaceable>N</replaceable></programlisting> - - <para>This searches the specified field in table - <replaceable>N</replaceable> and sets - <literal>tablearg</literal> accordingly. With - <literal>dst-ip</literal> or <literal>src-ip</literal> - the option replicates two existing options. When used - with other arguments, the option can be useful to - quickly dispatch traffic based on other fields.</para> - </listitem> - - <listitem> - <para>A bug in the &man.sysctl.8; variable - <varname>ip.fw.one_pass</varname> handling has been - fixed. A packet which comes from a pipe without being - delayed incorrectly ignored this variable.</para> - </listitem> - </itemizedlist> - - <para>A memory alignment issue in the &man.ng.ksocket.4; and - &man.ng.ppp.4;, Netgraph node drivers have been fixed. This - fixes kernel panics due to the misalignment.</para> - - <para>The &man.ng.bridge.4; and &man.ng.hub.4; Netgraph node - drivers now supports a flag <literal>persistent</literal>. - It disables automatic node shutdown when the last hook gets - disconnected. The new control messages - <literal>NGM_BRIDGE_SET_PERSISTENT</literal> and - <literal>NGM_HUB_SET_PERSISTENT</literal> have been added - for the flag.</para> - - <para>The &man.pf.4; subsystem now supports - <literal>sloppy</literal> keyword to enable a TCP state - machine for tracking TCP connections with no sequence number - check. This feature is in the latest version of - <application>pf</application>.</para> - - <para>The &man.pfil.9; framework for packet filtering in &os; - kernel now supports separate packet filtering instances like - &man.ipfw.4; for each VIMAGE jail.</para> - - <para>A bug that proxy ARP entries cannot be added over - point-to-point link types has been fixed.</para> - - <para>The &man.tap.4; pseudo interface now reports the link - state properly by updating <varname>if_link_state</varname> - variable in the kernel.</para> - - <para>The &man.vlan.4; pseudo interface has been added to - <filename>GENERIC</filename> kernel.</para> - - <para>The &man.vlan.4; pseudo interface now supports TSO (TCP - Segmentation Offloading). The capability flag is named as - <varname>IFCAP_VLAN_HWTSO</varname> and it is separated from - <varname>IFCAP_VLAN_HWTAGGING</varname>. The &man.age.4;, - &man.alc.4;, &man.ale.4;, &man.bce.4;, &man.bge.4;, - &man.cxgb.4;, &man.jme.4;, &man.re.4;, and &man.mxge.4; - driver support this feature.</para> - - <para>The &man.vlan.4; pseudo interface for IEEE 802.1Q VLAN - now ignore renaming of the parent's interface name. The - configured VLAN interfaces continue to work with the new - name while previously the configurations were removed as the - renaming happens.</para> + <para></para> </sect3> <sect3 id="disks"> <title>Disks and Storage</title> - <para>The &man.ada.4; driver now supports - <varname>BIO_DELETE</varname>. For SSDs this uses - <literal>TRIM</literal> feature of <literal>DATA SET - MANAGEMENT</literal> command, as defined by ACS-2 - specification working draft. For Compact Flash use - <literal>CFA ERASE</literal> command, same as &man.ad.4; - does. This change realizes restoring write speed of SSDs - which supports <literal>TRIM</literal> command by doing - <command>newfs -E - <replaceable>/dev/ada1</replaceable></command>, for - example.</para> - - <para>The &man.ahci.4; driver now supports SATA part of - Marvell 88SE912x controllers.</para> - - <para>The &man.ahci.4; driver now supports FIS-based (Frame - Information Structure) switching of port multiplier on - supported controllers.</para> - - <para>The &man.ahd.4; driver now supports three separated - error counters for correctable, uncorrectable, and fatal, in - &man.sysctl.8; MIB.</para> - - <para>A new kernel option <option>option ATA_CAM</option> has - been added. This turns &man.ata.4; controller drivers into - &man.cam.4; interface modules. When enabled, this option - deprecates all &man.ata.4; peripheral drivers and interfaces - such as <filename>ad</filename> and - <filename>acd</filename>, and allows &man.cam.4; drivers - <filename>ada</filename>, and <filename>cd</filename> and - interfaces to be natively used instead. Note that this is - not enabled by default in the <filename>GENERIC</filename> - kernel.</para> - - <para>A bug in the &man.ata.4; driver which can lead to - interrupt storms and command timeouts has been fixed.</para> - - <para>USB mass storage device support in the &man.ata.4; - driver has been removed. Note that this was not used in - <filename>GENERIC</filename> kernel and the &man.umass.4; - driver supports such devices for a long time.</para> - - <para>&os; &man.cam.3; SCSI framework has been improved:</para> - - <itemizedlist> - <listitem> - <para>SATA and PATA support has been improved and it now - recognizes more detail device capabilities. For example, - the &man.ahci.4; and &man.siis.4; driver now reports maximum - tag number to the framework to optimize the NCQ - handling.</para> - </listitem> - - <listitem> - <para>A loader tunable - <varname>kern.cam.boot_delay</varname> has been added. - This controls the delay time before &man.cam.3; probes - the attached devices.</para> - </listitem> - - <listitem> - <para>SCSI error recovery for devices on buses without - automatic sense reporting has been improved. Typical - devices are on ATAPI and USB. For example, this allows - &man.cam.3; to wait, while CD drive loads disk, instead - of immediately return error status.</para> - </listitem> - - <listitem> - <para>The &man.cam.4; ATA transport layer now supports - Power-Up In Stand-by (PUIS). The PUIS is a configuration of - SATA or PATA drives to prevent them from automatic spin-up - when power is applied. A typical application is staggered - spin-up.</para> - </listitem> - - <listitem> - <para>The &man.cam.4; ATA transport layer now supports - negotiating and enabling additional SATA features such as - device initiated power management, Automatic Partial to - Slumber mode transition, and DMA auto-activation.</para> - </listitem> - </itemizedlist> - - <para>A livelock issue of the &man.ciss.4; driver under a high - load has been fixed.</para> - - <para>A bug in the &man.fdc.4; driver which prevents the - kernel module from unloading has been fixed.</para> - - <para>The &man.glabel.8; now supports the following sysctl - variables for each label type to enable the labeling itself:</para> - - <programlisting>kern.geom.label.ext2fs.enable -kern.geom.label.iso9660.enable -kern.geom.label.msdosfs.enable -kern.geom.label.ntfs.enable -kern.geom.label.reiserfs.enable -kern.geom.label.ufs.enable -kern.geom.label.ufsid.enable -kern.geom.label.gptid.enable -kern.geom.label.gpt.enable</programlisting> - - <para>Note that all of them are also loader tunables. They - are enabled (set as <literal>1</literal>) by default.</para> - - <para>&man.geom.8; providers including complex ones such as - &man.gconcat.8;, &man.gmirror.8;, &man.graid3.8, - &man.gstripe.8;, and some hardware RAID device drivers like - &man.twa.4; now inform its optimal access block size to the - upper layer.</para> - - <para>The &man.gmirror.8; utility now supports - <command>configure <option>-p</option> - <replaceable>priority</replaceable></command> command to - change the providers priority.</para> - - <para>The balancing mode algorithm <literal>load</literal> - used in the &man.gmirror.8; utility has been changed and it - is now the default one instead of - <literal>split</literal>:</para> - - <itemizedlist> - <listitem> - <para>Instead of measuring last request execution time for - each drive and choosing one with smallest time, use - averaged number of requests, running on each drive. This - information is more accurate and timely. It allows to - distribute load between drives in more even and - predictable way.</para> - </listitem> - - <listitem> - <para>For each drive track offset of the last submitted - request. If new request offset matches previous one or - close for some drive, prefer that drive. It allows to - significantly speedup simultaneous sequential reads.</para> - </listitem> - </itemizedlist> - - <para>The &man.gmultipath.8; utility now supports - <command>destroy</command>, <command>rotate</command>, - <command>getactive</command> commands.</para> - - <para>A bug in the &man.graid3.8; which causes a panic when a - large request arrives has been fixed. This happens when - <varname>MAXPHYS</varname> is set as larger than 128k.</para> - - <para>The default block size of &man.gstripe.8; has been - increased from 4k to 64k.</para> - - <para>The <literal>GEOM_SCHED</literal> module has been added. - This supports scheduling disk I/O requests in a device - independent manner. A supported algorithm is an - anticipatory scheduler <literal>gsched_rr</literal> which - gives very nice performance improvements in presence of - competing random access patterns. See also &man.gsched.8; - manual page for more details.</para> - - <para>The HAST (Highly Available STorage) framework has been - added:</para> - - <itemizedlist> - <listitem> - <para>This is a framework to allow transparently storing - data on two physically separated machines connected over - the TCP/IP network. HAST works in Primary-Secondary - (Master-Backup, Master-Slave) configuration, which means - that only one of the cluster nodes can be active at any - given time. Only Primary node is able to handle I/O - requests to HAST-managed devices. Currently HAST is - limited to two cluster nodes in total.</para> - </listitem> - - <listitem> - <para>This operates on block level; it provides disk-like - devices in <filename>/dev/hast/</filename> directory for - use by file systems and/or applications. Working on - block level makes it transparent for file systems and - applications. There in no difference between using - HAST-provided device and raw disk, partition, etc. All - of them are just regular &man.geom.8; providers in - &os;.</para> - </listitem> - - <listitem> - <para>The userland part consists of &man.hastd.8;, - &man.hastctl.8;, and &man.hast.conf.5;. More details - can be found at <ulink - url="http://wiki.FreeBSD.org/HAST"></ulink>.</para> - </listitem> - </itemizedlist> - - <para>The &man.isp.4; driver has been improved in - stability.</para> - - <para>The &man.mvs.4; CAM ATA driver for Marvell - 88SX50XX/88SX60XX/88SX70XX/SoC SATA controllers has been - added. This driver supports same hardware as the - &man.ata.4; driver does, but provides many additional - features, such as NCQ and PMP.</para> - - <para>The &man.siis.4; driver now enables MSI by default on - SiI3124-based devices. This can be disabled by using a - <varname>hint.siis.<replaceable>0</replaceable>.msi</varname> - loader tunable.</para> - - <para>The Max Read Request Size in the &man.siis.4; driver for - PCIe chips has been increased from 512 to 1024 bytes for - better performance.</para> - - <para>The &man.twa.4; driver has been updated to the latest - version from LSI.</para> + <para></para> </sect3> <sect3 id="fs"> <title>File Systems</title> - <para>The &man.msdosfs.5; subsystem is now MP-safe and a race - condition when a force unmount happens has been - fixed.</para> - - <para>&os; NFS subsystem now supports a timeout for the - negative name cache entries in the client. This avoids a - bogus negative name cache entry from persisting forever when - another client creates an entry with the same name within - the same NFS server time of day clock tick. The mount - option <option>negnametimeo</option> can be used to override - the default timeout interval (60 seconds) on a - per-mount-point basis. a Setting - <option>negnametimeo</option> to <literal>0</literal> - disables negative name caching for the mount point.</para> - - <para>A race condition in &os; NFS subsystem that occurs when - &man.nfsiod.8; threads are being created has been fixed. - This also fixes an interoperability issue found in - combination of a &os; NFS client and a Linux NFS - server.</para> - - <para>The inode number handling in &man.ffs.7; file system is - now unsigned. Previously some large inode numbers can be - treated as negative, and this issue shows up at file systems - with the size of more than 16Tb in 16k block case. The - &man.newfs.8; utility never create a file system with more - than 2^32 inodes by cutting back on the number of inodes per - cylinder group if necessary to stay under the limit.</para> - - <para>The UFS file system (&man.ffs.7;) now supports NFSv4 - ACL.</para> - - <para>&os; &man.VFS.9; subsystem now supports a new sysctl - variable <varname>vfs.vlru_allow_cache_src</varname>. This - allow <filename>vnlru</filename> kernel thread to reclaim - of the directory vnodes that are source of the namecache - records. This is not enabled by default because for - typical workload it would make namecache unusable, but - large nested directory tree easily puts any process that - accesses file system into one second wait for - <filename>vnlru</filename> kernel thread.</para> - - <para>The ZFS file system has been improved:</para> - - <itemizedlist> - <listitem> - <para>It now supports NFSv4 ACL.</para> - </listitem> - - <listitem> - <para>The L2ARC code has been improved in stability and - performance.</para> - </listitem> - - <listitem> - <para>The zpool version has been updated to - version 14. It is now possible to use zpools created on - OpenSolaris 2009.06.</para> - </listitem> - - <listitem> - <para>A sysctl variable *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101101802.p0AI2mYX088639>