Date: Mon, 19 Jul 2010 15:26:43 +0000 (UTC) From: Hiroki Sato <hrs@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r210239 - in stable/8/release/doc: en_US.ISO8859-1/errata en_US.ISO8859-1/relnotes share/sgml Message-ID: <201007191526.o6JFQhaY005143@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hrs Date: Mon Jul 19 15:26:42 2010 New Revision: 210239 URL: http://svn.freebsd.org/changeset/base/210239 Log: - Clean up old contents and bump version numbers. - Add items for security advisories. Modified: stable/8/release/doc/en_US.ISO8859-1/errata/article.sgml stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml stable/8/release/doc/share/sgml/release.dsl stable/8/release/doc/share/sgml/release.ent Modified: stable/8/release/doc/en_US.ISO8859-1/errata/article.sgml ============================================================================== --- stable/8/release/doc/en_US.ISO8859-1/errata/article.sgml Mon Jul 19 15:05:35 2010 (r210238) +++ stable/8/release/doc/en_US.ISO8859-1/errata/article.sgml Mon Jul 19 15:26:42 2010 (r210239) @@ -16,7 +16,7 @@ <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> %release; -<!ENTITY release.bugfix "8.0-RELEASE"> +<!ENTITY release.bugfix "8.1-RELEASE"> ]> <article> @@ -40,7 +40,7 @@ <pubdate>$FreeBSD$</pubdate> <copyright> - <year>2009</year> + <year>2010</year> <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder> </copyright> @@ -119,7 +119,6 @@ <para>For a list of all &os; CERT security advisories, see <ulink url="http://www.FreeBSD.org/security/"></ulink>; or <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para>; - </sect1> <sect1 id="security"> @@ -144,34 +143,74 @@ <tbody> <row> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc" - >SA-09:17.freebsd-update</ulink></entry> - <entry>03 December 2009</entry> - <entry><para>Inappropriate directory permissions in freebsd-update(8)</para></entry> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc" + >SA-09:15.ssl</ulink></entry> + <entry>3 Dec 2009</entry> + <entry><para>SSL protocol flaw</para></entry> </row> <row> <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc" >SA-09:16.rtld</ulink></entry> - <entry>03 December 2009</entry> - <entry><para>Improper environment sanitization in rtld(1)</para></entry> + <entry>3 Dec 2009</entry> + <entry><para>Improper environment sanitization in &man.rtld.1;</para></entry> </row> <row> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc" - >SA-09:15.ssl</ulink></entry> - <entry>03 December 2009</entry> - <entry><para>SSL protocol flaw</para></entry> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc" + >SA-09:17.freebsd-update</ulink></entry> + <entry>3 Dec 2009</entry> + <entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry> + </row> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc" + >SA-10:01.bind</ulink></entry> + <entry>6 Jan 2010</entry> + <entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry> + </row> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc" + >SA-10:02.ntpd</ulink></entry> + <entry>6 Jan 2010</entry> + <entry><para>ntpd mode 7 denial of service</para></entry> + </row> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc" + >SA-10:03.zfs</ulink></entry> + <entry>6 Jan 2010</entry> + <entry><para>ZFS ZIL playback with insecure permissions</para></entry> + </row> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc" + >SA-10:04.jail</ulink></entry> + <entry>27 May 2010</entry> + <entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry> + </row> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc" + >SA-10:05.opie</ulink></entry> + <entry>27 May 2010</entry> + <entry><para>OPIE off-by-one stack overflow</para></entry> + </row> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc" + >SA-10:06.nfsclient</ulink></entry> + <entry>27 May 2010</entry> + <entry><para>Unvalidated input in nfsclient</para></entry> + </row> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc" + >SA-10:07.mbuf</ulink></entry> + <entry>13 July 2010</entry> + <entry><para>Lost mbuf flag resulting in data corruption</para></entry> </row> </tbody> </tgroup> </informaltable> - </sect1> <sect1 id="open-issues"> <title>Open Issues</title> <para>No open issues.</para> - </sect1> <sect1 id="late-news"> @@ -179,5 +218,4 @@ <para>No news.</para> </sect1> - </article> Modified: stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml ============================================================================== --- stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml Mon Jul 19 15:05:35 2010 (r210238) +++ stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml Mon Jul 19 15:26:42 2010 (r210239) @@ -15,16 +15,7 @@ <pubdate>$FreeBSD$</pubdate> <copyright> - <year>2000</year> - <year>2001</year> - <year>2002</year> - <year>2003</year> - <year>2004</year> - <year>2005</year> - <year>2006</year> - <year>2007</year> - <year>2008</year> - <year>2009</year> + <year>2010</year> <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder> </copyright> @@ -106,9 +97,7 @@ <title>What's New</title> <para>This section describes the most user-visible new or changed - features in &os; since &release.prev;, and changes shown in - Release Notes for the previous releases are marked as - <literal>[7.1R]</literal> and <literal>[7.2R]</literal>.</para> + features in &os; since &release.prev;.</para> <para>Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware @@ -142,163 +131,65 @@ </thead> <tbody> - <row role="7.1"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:05.openssh.asc" - >SA-08:05.openssh</ulink></entry> - <entry>17 April 2008</entry> - <entry><para>OpenSSH X11-forwarding privilege escalation</para></entry> - </row> - - <row role="7.1"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc" - >SA-08:06.bind</ulink></entry> - <entry>13 July 2008</entry> - <entry><para>DNS cache poisoning</para></entry> - </row> - - <row role="7.1"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:07.amd64.asc" - >SA-08:07.amd64</ulink></entry> - <entry>3 September 2008</entry> - <entry><para>amd64 swapgs local privilege escalation</para></entry> - </row> - - <row role="7.1"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:08.nmount.asc" - >SA-08:08.nmount</ulink></entry> - <entry>3 September 2008</entry> - <entry><para>&man.nmount.2; local arbitrary code execution</para></entry> - </row> - - <row role="7.1"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc" - >SA-08:09.icmp6</ulink></entry> - <entry>3 September 2008</entry> - <entry><para>Remote kernel panics on IPv6 connections</para></entry> - </row> - - <row role="7.1"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc" - >SA-08:10.nd6</ulink></entry> - <entry>1 October 2008</entry> - <entry><para>IPv6 Neighbor Discovery Protocol routing vulnerability</para></entry> - </row> - - <row role="7.1"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc" - >SA-08:11.arc4random</ulink></entry> - <entry>24 November 2008</entry> - <entry><para>&man.arc4random.9; predictable sequence vulnerability</para></entry> - </row> - - <row role="7.1"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:12.ftpd.asc" - >SA-08:12.ftpd</ulink></entry> - <entry>23 December 2008</entry> - <entry><para>Cross-site request forgery in &man.ftpd.8;</para></entry> - </row> - - <row role="7.1"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:13.protosw.asc" - >SA-08:13.protosw</ulink></entry> - <entry>23 December 2008</entry> - <entry><para>netgraph / bluetooth privilege escalation</para></entry> - </row> - - <row role="7.2"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc" - >SA-09:01.lukemftpd</ulink></entry> - <entry>07 January 2009</entry> - <entry><para>Cross-site request forgery in - &man.lukemftpd.8;</para></entry> - </row> - - <row role="7.2"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc" - >SA-09:02.openssl</ulink></entry> - <entry>07 January 2009</entry> - <entry><para>OpenSSL incorrectly checks for malformed - signatures</para></entry> - </row> - - <row role="7.2"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc" - >SA-09:03.ntpd</ulink></entry> - <entry>13 January 2009</entry> - <entry><para>ntpd cryptographic signature - bypass</para></entry> - </row> - - <row role="7.2"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc" - >SA-09:04.bind</ulink></entry> - <entry>13 January 2009</entry> - <entry><para>BIND DNSSEC incorrect checks for - malformed signatures</para></entry> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc" + >SA-09:15.ssl</ulink></entry> + <entry>3 Dec 2009</entry> + <entry><para>SSL protocol flaw</para></entry> </row> - - <row role="7.2"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc" - >SA-09:05.telnetd</ulink></entry> - <entry>16 February 2009</entry> - <entry><para>telnetd code execution - vulnerability</para></entry> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc" + >SA-09:16.rtld</ulink></entry> + <entry>3 Dec 2009</entry> + <entry><para>Improper environment sanitization in &man.rtld.1;</para></entry> </row> - - <row role="7.2"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc" - >SA-09:06.ktimer</ulink></entry> - <entry>23 March 2009</entry> - <entry><para>Local privilege escalation</para></entry> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc" + >SA-09:17.freebsd-update</ulink></entry> + <entry>3 Dec 2009</entry> + <entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry> </row> - - <row role="7.2"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc" - >SA-09:07.libc</ulink></entry> - <entry>04 April 2009</entry> - <entry><para>Information leak in &man.db.3;</para></entry> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc" + >SA-10:01.bind</ulink></entry> + <entry>6 Jan 2010</entry> + <entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry> </row> - - <row role="7.2"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc" - >SA-09:08.openssl</ulink></entry> - <entry>22 April 2009</entry> - <entry><para>Remotely exploitable crash in - OpenSSL</para></entry> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc" + >SA-10:02.ntpd</ulink></entry> + <entry>6 Jan 2010</entry> + <entry><para>ntpd mode 7 denial of service</para></entry> </row> - - <row role="8.0"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc" - >SA-09:09.pipe</ulink></entry> - <entry>10 June 2009</entry> - <entry><para>Local information disclosure via direct pipe writes</para></entry> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc" + >SA-10:03.zfs</ulink></entry> + <entry>6 Jan 2010</entry> + <entry><para>ZFS ZIL playback with insecure permissions</para></entry> </row> - - <row role="8.0"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc" - >SA-09:10.ipv6</ulink></entry> - <entry>10 June 2009</entry> - <entry><para>Missing permission check on SIOCSIFINFO_IN6 ioctl</para></entry> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc" + >SA-10:04.jail</ulink></entry> + <entry>27 May 2010</entry> + <entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry> </row> - - <row role="8.0"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc" - >SA-09:11.ntpd</ulink></entry> - <entry>10 June 2009</entry> - <entry><para>ntpd stack-based buffer-overflow vulnerability</para></entry> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc" + >SA-10:05.opie</ulink></entry> + <entry>27 May 2010</entry> + <entry><para>OPIE off-by-one stack overflow</para></entry> </row> - - <row role="8.0"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:12.bind.asc" - >SA-09:12.bind</ulink></entry> - <entry>29 July 2009</entry> - <entry><para>BIND &man.named.8; dynamic update message remote DoS</para></entry> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc" + >SA-10:06.nfsclient</ulink></entry> + <entry>27 May 2010</entry> + <entry><para>Unvalidated input in nfsclient</para></entry> </row> - <row role="8.0"> - <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:14.devfs.asc" - >SA-09:14.devfs</ulink></entry> - <entry>2 Oct 2009</entry> - <entry><para>Devfs / VFS NULL pointer race condition</para></entry> + <row> + <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc" + >SA-10:07.mbuf</ulink></entry> + <entry>13 July 2010</entry> + <entry><para>Lost mbuf flag resulting in data corruption</para></entry> </row> </tbody> </tgroup> @@ -308,2034 +199,68 @@ <sect2 id="kernel"> <title>Kernel Changes</title> - <para role="8.0">The &os; <filename>GENERIC</filename> kernel now - includes Trusted BSD MAC (Mandatory Access Control) support. - No MAC policy module is loaded by default.</para> - - <para role="8.0" arch="i386">A loader - tunable <varname>hw.clflush_disable</varname> has been added - to avoid panic (trap 9) - at <function>map_invalidate_cache_range()</function> even if - Intel CPU is used. This tunable can be set - to <literal>-1</literal> (default), <literal>0</literal> and - <literal>1</literal>. The <literal>-1</literal> is same as - the current behavior, which automatically - disables <literal>CLFLUSH</literal> on Intel CPUs without - <literal>CPUID_SS</literal> (this should occurr on Xen - only). You can specify <literal>1</literal> when this panic - happens on non-Intel CPUs (such as AMD's). Because disabling - <literal>CLFLUSH</literal> can reduce performance, you can try - with setting <literal>0</literal> on Intel CPUs - without <literal>SS</literal> to - use <literal>CLFLUSH</literal> feature.</para> - - <para role="8.0">The &man.jail.8; subsystem has been updated. Changes include:</para> - - <itemizedlist role="7.2"> - <listitem> - <para role="8.0">A new virtualization container - named <quote>vimage</quote> has been implemented. This is - not enabled by default. To enable this, add the following - kernel options to your kernel configuration file and - rebuild the kernel:</para> - - <programlisting>options VIMAGE</programlisting> - - <para>Note that <literal>options SCTP</literal> in the - <filename>GENERIC</filename> kernel is not compatible with - <literal>options VIMAGE</literal>. This limitation will - be fixed in the next release.</para> - - <para>The vimage is a jail with a virtualized instance of - the &os; network stack. It can be created by using - &man.jail.8; command like this:</para> - - <screen>&prompt.root; jail -c vnet name=<replaceable>vnet1</replaceable> host.hostname=<replaceable>vnet1.example.net</replaceable> path=/ persist</screen> - - <para>The vimage has own loopback interface and a separated - network stack including the L3 routing tables. Network - interfaces on the system can be moved by using - &man.ifconfig.8; <option>vnet</option> option between the - different vimage jails and outside of them.</para> - - <para>Furthermore, the &man.epair.4; pseudo-interface driver - has been added to help communication between vimage jails. - It emulates a pair of back-to-back connected Ethernet - interfaces. For example, the following commands create an - interface pair of &man.epair.4;:</para> - - <screen>&prompt.root; ifconfig epair0 create -epair0a -&prompt.root; ifconfig epair0a -epair0a: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 - ether 02:c0:64:00:07:0a -&prompt.root; ifconfig epair0b -epair0b: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 - ether 02:c0:64:00:08:0b</screen> - - <para>The &man.epair.4; pseudo-interfaces and any physical - interfaces on the system can be moved between vimage jails - by using &man.ifconfig.8; <option>vnet</option> option as - described above. Even after half of an &man.epair.4; pair - is moved, the back-to-back connection still valid and can - be used for inter-jail communication.</para> - - <para>Note that vimage is still considered as an - experimental feature.</para> - </listitem> - - <listitem> - <para>A jail can now have arbitrary named parameters similar - to environmental variables and the fixed jail parameters - in the previous releases have been replaced with them. - The jail name can now be used for identifying the jail in - &man.jexec.8; and &man.killall.1;.</para> - </listitem> - - <listitem> - <para>Multiple IPv4 and/or IPv6 addresses per jail are now - supported. It is even possible to have jails without - an IP address at all, which basically gives one a chrooted - environment with restricted process view and no - networking.</para> - </listitem> - - <listitem> - <para>SCTP (&man.sctp.4;) with IPv6 in jails has been - implemented.</para> - </listitem> - - <listitem> - <para>Specific CPU binding by using &man.cpuset.1; has been - implemented. Note that the current implementation allows - the superuser inside of the jail to change the CPU - bindings specified.</para> - </listitem> - - <listitem> - <para>A &man.jail.8; can start with a specific route - FIB now.</para> - </listitem> - - <listitem> - <para>The &man.ddb.8; kernel debugger now supports a - <literal>show jails</literal> subcommand.</para> - </listitem> - - <listitem> - <para>Compatibility support which permits 32-bit jail - binaries to be used on 64-bit systems to manage jails has - been added.</para> - </listitem> - - <listitem> - <para>Note that both version numbers of - <literal>jail</literal> and <literal>prison</literal> in - the &man.jail.8; have been updated for the new - features.</para> - </listitem> - </itemizedlist> - - <para role="8.0">The &man.ksyms.4;, kernel symbol table - interface driver has been added. It creates a character - device <filename>/dev/ksyms</filename> and provides - read-only access to a snapshot of the kernel symbol - table.</para> - - <para role="8.0" arch="amd64,i386">The &os; Linux emulation - layer has been updated to version 2.6.16 and the default Linux - infrastructure port is - <filename>emulators/linux_base-f10</filename> (Fedora - 10).</para> - - <para role="8.0" arch="arm">The &os;/&arch.arm; now - supports mini dump.</para> - - <para role="8.0" arch="powerpc">The &os;/&arch.powerpc; now - supports kernel core dump.</para> - - <para role="8.0" arch="amd64,i386">The &os; virtual memory - subsystem now supports fully transparent use of - <application>superpages</application> for application memory; - application memory pages are dynamically promoted to or - demoted from superpages without any modification to - application code. This change offers the benefit of large - page sizes such as improved virtual memory efficiency and - reduced TLB (translation lookaside buffer) misses without - downsides like application changes and virtual memory - inflexibility. This can be enabled by setting a loader tunable - <varname>vm.pmap.pg_ps_enabled</varname> to - <literal>1</literal> and is enabled by default on - &arch.amd64;.</para> - - <para role="7.2">The &man.ddb.8; kernel debugger now supports a - <command>show mount</command> subcommand.</para> - - <para role="7.2">The &os; DTrace subsystem now supports a probe for - process execution.</para> - - <para role="7.2" arch="amd64">The &os; kernel virtual address - space has been increased to 6GB. This allows subsystems to use - larger virtual memory space than before. For example, the - &man.zfs.8; adaptive replacement cache (ARC) requires large - kernel memory space to cache file system data, so it benefits - from the increased address space. Note that the ceiling on - the kernel map size is now 60% of the size of physical memory - rather than an absolute quantity.</para> - - <para role="7.2">The &man.kld.4; now supports installing 32-bit - system calls to the &os; syscall translation layer from kernel - modules.</para> - - <para role="7.2">The &man.ktr.4; now supports a new KTR tracepoint in the - <literal>KTR_CALLOUT</literal> class to note when a callout - routine finishes executing.</para> - - <para role="7.2">Types of variables used to track the amount of allocated - System V shared memory have been changed from - <literal>int</literal> to <literal>size_t</literal>. This - makes it possible to use more than 2 GB of memory for shared - memory segments on 64-bit architectures. Please note the new - BUGS section in &man.shmctl.2; and - <filename>/usr/src/UPDATING</filename> for limitations of this - temporary solution.</para> - - <para role="7.2">The &man.sysctl.3; leaf nodes have a flag to tag - themselves as MPSAFE now.</para> - - <para role="7.2">The &os; 32-bit system call translation layer now - supports installing 32-bit system calls for - <literal>VFS_AIO</literal>.</para> - - <para role="7.1">The &man.clock.gettime.2; and the related system calls now - support a clock ID <literal>CLOCK_THREAD_CPUTIME_ID</literal>, - as defined in POSIX.</para> - - <para role="7.1">The &man.cpuset.2; system call has been added. This is an - API for thread to CPU binding and CPU resource grouping and - assignment.</para> - - <para role="7.1">The DTrace, a comprehensive dynamic tracing framework and - &man.dtrace.1; userland utility have been imported from - OpenSolaris. DTrace provides a powerful infrastructure to - permit administrators, developers, and service personnel to - concisely answer arbitrary questions about the behavior of the - operating system and user programs.</para> - - <para role="7.1">The &man.ddb.4; kernel debugger now has an output capture - facility. Input and output from &man.ddb.4; can now be captured - to a memory buffer for later inspection using &man.sysctl.8; or - a textdump. The new <command>capture</command> command controls - this feature.</para> - - <para role="7.1">The &man.ddb.4; debugger now supports a simple scripting - facility, which supports a set of named scripts consisting of a - set of &man.ddb.4; commands. These commands can be managed from - within &man.ddb.4; or with the use of the new &man.ddb.8; - utility. More details can be found in the &man.ddb.4; manual - page.</para> - - <para role="7.1">The &man.ddb.4; <command>ex</command> command now supports - an <option>/S</option> mode which interprets and prints the - value at the requested address as a symbol. For example, - <userinput>ex /S <replaceable>aio_swake</replaceable></userinput> - prints the name of the function currently registered in - via <replaceable>aio_swake</replaceable> hook.</para> - - <para role="7.1">The &man.ddb.4; <command>show conifhk</command> command has - been added. This lists hooks currently waiting for completion - in <function>run_interrupt_driven_config_hooks()</function>.</para> - - <para role="7.1">The &man.fcntl.2; system call now supports - <literal>F_DUP2FD</literal> command. This is equivalent to - &man.dup.2;, and compatible with the Sun Solaris and the IBM - AIX.</para> - - <para role="7.1">The &os;'s &man.linux.4; ABI support now implements - <function>sched_setaffinity()</function> and - <function>sched_getaffinity()</function> using real CPU affinity - setting primitives.</para> - - <para role="7.1">The &man.procstat.1; utility has been added. This is a - process inspection utility which provides some of the missing - functionality from &man.procfs.5; and new functionality for monitoring - and debugging specific processes.</para> - - <para role="7.1">The client side functionality of &man.rpc.lockd.8; has been - implemented in the &os; kernel. This implementation provides the - correct semantics for &man.flock.2; style locks which are used - by the &man.lockf.1; command line tool and the &man.pidfile.3; - library. It also implements recovery from server restarts and - ensures that dirty cache blocks are written to the server before - obtaining locks (allowing multiple clients to use file locking - to safely share data). Also, a new kernel option - <literal>options NFSLOCKD</literal> has been added and enabled - by default. If the kernel support is enabled, &man.rpc.lockd.8; - automatically detects and uses the functionality.</para> - - <para role="7.1">The &os; kernel now supports a new textdump format of kernel - dumps. A textdump provides higher-level information via - mechanically generated/extracted debugging output, rather than a - simple memory dump. This facility can be used to generate brief - kernel bug reports that are rich in debugging information, but - are not dependent on kernel symbol tables or precisely - synchronized source code. More information can be found in the - &man.textdump.4; manual page.</para> - - <para role="7.1">The &man.wait4.2; system call now supports - <option>WNOWAIT</option> flag to keep the process whose status - is returned in a waitable state and <option>WSTOPPED</option> - which is equivalent to <option>WUNTRACED</option>.</para> - - <para role="7.1" arch="amd64,i386,sparc64">The &os; kernel now has - initial support of binding interrupts to CPUs.</para> - - <para role="7.1" arch="amd64,i386"> The &man.sched.ule.4; scheduler is now the default - process scheduler in <filename>GENERIC</filename> - kernels.</para> - - <para role="7.1">The sysctl - variables <varname>kern.features.compat_freebsd[456]</varname> - have been added. These are corresponding to the kernel options - <literal>COMPAT_FREEBSD[456]</literal>.</para> + <para></para> <sect3 id="boot"> <title>Boot Loader Changes</title> - <para role="8.0">The <application>boot0</application> boot - loader now preserves volume ID at offset - 0x1b8 used in other operating systems </para> - - <para role="8.0">The &man.boot0cfg.8; utility now supports a - new <option>-i</option> option to set the volume ID.</para> - - <para role="8.0" arch="arm,powerpc">The &man.loader.8; now - supports U-Boot support library.</para> - - <para role="7.2">The &man.boot.8; now supports 4-byte volume ID that - certain versions of &windows; put into the MBR and invoking - PXE by pressing the F6 key on some supported BIOSes.</para> - - <para role="7.2" arch="i386">The &man.boot.8; BTX loader has been - improved. This fixes several boot issues on recent machines - reported for 7.1-RELEASE and before.</para> - - <para role="7.2">The &man.loader.8; is now able to obtain DHCP options - from network boot via &man.kenv.2; variables.</para> - - <para role="7.2">A bug in the &man.loader.8; has been fixed. Now the - following line works as expected:</para> - - <programlisting>loader_conf_files="<replaceable>foo</replaceable> <replaceable>bar</replaceable> ${<replaceable>variable</replaceable>}"</programlisting> - - <para role="7.1" arch="amd64,i386">The BTX kernel used by the boot - loader has been changed to invoke BIOS routines from real - mode. This change makes it possible to boot &os; from USB - devices.</para> - - <para role="7.1" arch="amd64,i386">A new gptboot boot loader has - been added to support booting from a GPT labeled disk. A - new <command>boot</command> command has been added to - &man.gpt.8;, which makes a GPT disk bootable by writing the - required bits of the boot loader, creating a new boot - partition if required.</para> + <para></para> </sect3> <sect3 id="proc"> <title>Hardware Support</title> - <para role="8.0">The &os; now includes experimental support - for &arch.mips; platform.</para> - - <para role="8.0">Support for RTC on Dallas Semiconductor chips - has been improved. The DS133x and DS1553 are now - supported.</para> - - <para role="8.0" arch="arm">The &os;/&arch.arm; now supports - Feroceon and Sheeva embedded CPU, Marvell Orion (88F5281), - Kirkwood (88F6281), Discovery Innovation (MV-78100) - systems-on-chip CPU.</para> - - <para role="8.0" arch="powerpc">The &os;/&arch.powerpc; now - supports SMP machines</para> - - <para role="8.0" arch="powerpc">The &os;/&arch.powerpc; now - supports E500 (Book-E) embedded CPU and Freescale - PowerQUICCIII MPC85xx system-on-chip (including single and - dual-core).</para> - - <para role="8.0">The &man.acpi.4; subsystem now supports the System - Resource Affinity Table (SRAT) used to describe affinity - relationships between CPUs and memory, ACPI 3.0 fields in - the MADT including X2APIC entries and UIDs for local SAPICs, and - ACPI 3.0 flags in the FADT.</para> - - <para role="8.0" arch="powerpc">The &man.cpufreq.4; framework now - supports PowerPC G5, along with a skeleton SMU driver in order to slew - CPU voltage during frequency changes.</para> - - <para role="8.0">The sec(4) driver has been added to provide - support for the integrated security engine found in - Freescale system-on-chip devices.</para> - - <para role="8.0">The &os; TTY layer has been replaced with a - new one which has better support for SMP and robust resource - handling. A tty now has own mutex and it is expected to - improve scalability when compared to the old implementation - based on the Giant lock.</para> - - <para role="8.0" arch="amd64,i386">The &man.uart.4; driver is now the - default driver for serial port devices in favor of the - &man.sio.4; driver. Note that the device nodes have been - renamed from - <filename>/dev/cuad<replaceable>N</replaceable></filename> and - <filename>/dev/ttyd<replaceable>N</replaceable></filename> to - <filename>/dev/cuau<replaceable>N</replaceable></filename> and - <filename>/dev/ttyu<replaceable>N</replaceable></filename>.</para> - - <important> - <para>Users who are upgrading will need to change their - kernel configurations and possibly also - <filename>/boot/loader.conf</filename> and - <filename>/boot/device.hints</filename>.</para> - </important> - - <para role="8.0">The &os; USB subsystem has been reimplemented - to support modern devices and better SMP scalability. The - new implementation includes Giant-lock-free device drivers, - a Linux compatibility layer, &man.usbconfig.8; utility, full - support for split transaction and isochronous transaction, - and more. Device node names for USB devices are now in a - the form - of <filename>/dev/usb/<replaceable>bus</replaceable>.<replaceable>dev</replaceable>.<replaceable>endpoint</replaceable></filename>, - and <filename>/dev/usbctl</filename> is the master device - node. Note that the &man.ugen.4; driver has nodes for each device as <filename>/dev/ugen<replaceable>bus</replaceable>.<replaceable>dev</replaceable></filename> for backward compatibility.</para> - - <para role="7.2" arch="sparc64">&os; now supports Ultra SPARC III - (Cheetah) processor family.</para> - - <para role="7.2">The &man.acpi.4; subsystem now supports a &man.sysctl.8; - variable <varname>debug.batt.batt_sleep_ms</varname>. On - some laptops with smart batteries, enabling battery - monitoring software causes keystrokes from &man.atkbd.4; to - be lost. This sysctl variable adds a delay in millisecond - to the status checking code as a workaround.</para> - - <para role="7.2">The &man.acpi.asus.4; driver now supports Asus A8Sr - notebooks.</para> - - <para role="7.2" arch="powerpc">Support for the AltiVec, a floating point - and integer SIMD instruction set has been added.</para> - - <para role="7.2">The &man.cpuctl.4; driver, which provides a special - device <filename>/dev/cpuctl</filename> as an interface to - the system CPU has been added. The &man.cpuctl.4; - functionality includes the ability to retrieve CPUID - information, read/write machine specific registers (MSR), - and perform CPU firmware updates.</para> - - <para role="7.2">The &man.cpufreq.4; driver now supports an - <varname>hw.est.msr_info</varname> loader tunable. When - this is set to <literal>1</literal>, it attempts to build a - simple list containing just the high and low frequencies if - it cannot obtain a frequency list from either ACPI or the - static tables. This is disabled by default.</para> - - <para role="7.2" arch="amd64,i386">CPU frequency change notifiers are now - disabled when the TSC is P-state invariant. Also, a new - loader tunable - <varname>kern.timecounter.invariant_tsc</varname> has been - added to force this behavior by setting it to - non-zero.</para> - - <para role="7.2">The &man.atkbd.4; driver now disables the interrupt - handler which is called from the keyboard callback function - when polled mode is enabled. This fixes the problem of - duplicated/missing characters at the mountroot prompt on - multi CPU systems while &man.kbdmux.4; is enabled.</para> - - <para role="7.2">In the &man.pci.4; subsystem INTx is now disabled when - MSI/MSIX is enabled. This change fixes interrupt storm - related issues.</para> - - <para role="7.2" arch="sparc64">The schizo(4) driver for Schizo - Fireplane/Safari to PCI 2.1 and Tomatillo JBus to PCI 2.2 - bridges has been added.</para> - - <para role="7.2">The &man.u3g.4; driver for USB based 3G cards and - dongles including Vodafone Mobile Connect Card 3G, Qualcomm - CDMA MSM, Huawei E220, Novatel U740, Sierra MC875U, and more - has been added. This provides support for the multiple - USB-to-serial interfaces exposed by many 3G USB/PC Card - modems, and the device is accessed through the &man.ucom.4; - driver which makes it behave like a &man.tty.4;.</para> - - <para role="7.2">The &man.sched.ule.4; scheduler now supports - the loader tunable - <varname>machdep.hyperthreading_enabled</varname> just like - &man.sched.4bsd.4;. Note that it cannot be modified at - run-time.</para> - - <para role="7.1">The &man.cmx.4; driver, a driver for Omnikey CardMan 4040 - PCMCIA smartcard readers, has been added.</para> - - <para role="7.1" arch="sparc64">The &man.kbdmux.4; driver now - supports &arch.sparc64;. The &man.sunkbd.4; driver now - supports &man.atkbd.4; emulation like &man.ukbd.4;.</para> - - <para role="7.1">The <filename>nvram(4)</filename> driver is now - MPSAFE.</para> - - <para role="7.1">An option of the &man.puc.4; - driver, <literal>PUC_FASTINTR</literal>, is no longer - supported.</para> - - <para role="7.1">The &man.psm.4; driver now attempts detection of Synaptics - touchpad before IntelliMouse. Some touchpads will pretend to - be IntelliMouse causing the IntelliMouse probe to work and the - Synaptics detection never to be done.</para> - - <para role="7.1">The &man.uslcom.4; driver, a driver for Silicon - Laboratories CP2101/CP2102-based USB serial adapters, has been - imported from OpenBSD.</para> + <para></para> <sect4 id="mm"> <title>Multimedia Support</title> - <para role="8.0">The &os; audio subsystem has been improved. - The changes include volume per channel, high quality - fixed-point band-limited SINC sampling rate converter, - bit-perfect mode, transparent/adaptive virtual channel, - and exclusive stream. For more details, see the - &man.snd.4; manual page.</para> - - <para role="7.2">The &man.agp.4; driver now supports Intel G4X series - graphics chipsets.</para> - - <para role="7.2">The Direct Rendering Manager - (<application>DRM</application>), a kernel module that - gives direct hardware access to DRI clients, has been - updated. Support for AMD/ATI r500, r600, r700, and IGP - based chips, XGI V3XE/V5/V8, and Intel i915 chipsets has - been improved.</para> - - <para role="7.2">A new loader tunable <varname>hw.drm.msi</varname> has - been added to control if DRM uses MSI or not. This is set - to <literal>1</literal> (enabled) by default.</para> - - <para role="7.2">The snd_au88x0(4) driver for Aureal Vortex - 1/2/Advantage PCI has been removed because it has been - broken for a long time.</para> - - <para role="7.2">The &man.snd.hda.4; driver has been updated. These - changes include support for multiple codecs per HDA bus, - multiple functional groups per codec, multiple audio - devices per functional group, digital (SPDIF/HDMI) audio - input/output, suspend/resume, and part of multichannel - audio.</para> - - <para role="7.2">Note that due to added HDMI audio and - logical audio devices support, the updated driver often - provides several PCM devices. This means that in some - cases the system default audio device no longer - corresponds to the users's habitual audio connectors. In - such cases the default device can be specified in audio - applications' setup or defined globally via - <varname>hw.snd.default_unit</varname> sysctl variable, as - described in the &man.sound.4; manual page.</para> - - <para role="7.1">The &man.agp.4; driver now supports the - Intel G33 and G45.</para> - - <para role="7.1" arch="i386">The <filename>dpms(4)</filename> driver has - been added to use the VESA BIOS for DPMS during suspend and - resume.</para> - - <para role="7.1">The <application>DRM</application> kernel driver now - supports i915 GME devices.</para> + <para></para> </sect4> <sect4 id="net-if"> <title>Network Interface Support</title> - <para role="8.0">The &man.bwi.4; driver has been added to - provide support for Broadcom BCM43xx IEEE 802.11b/g wireless - network interfaces.</para> - - <para role="8.0" arch="sparc64">The &man.cas.4; driver has - been added to provide support for Sun Cassini/Cassini+ and - National Semiconductor DP83065 Saturn Gigabit Ethernet - devices.</para> - - <para role="8.0">The &man.cxgbtool.8; now supports an - interactive mode for scripting of repeatedly performed - tasks.</para> - - <para role="8.0">The &man.fxp.4; driver has been improved. Changes include:</para> - - <itemizedlist> - <listitem> - <para role="8.0">The multicast filter re-programming - is now more robust.</para> - </listitem> - - <listitem> - <para role="7.2">The checksum offload feature can be controlled by - &man.ifconfig.8; now.</para> - </listitem> - - <listitem> - <para role="7.2">Rx checksum offload support for 82559 or later - controllers has been added.</para> - </listitem> - - <listitem> - <para role="7.2">TSO (TCP Segmentation Offload) support for 82550 - and 82551 controllers has been added.</para> - </listitem> - - <listitem> - <para role="7.2">WoL (Wake on LAN) support for 82550, 82551, 82558, - and 82559-based controllers has been added. Note that - ICH based controllers are treated as 82559, and 82557, - earlier revisions of 82558, and 82559ER have no WoL - capability.</para> - </listitem> - - <listitem> - <para role="7.2">VLAN hardware tag insertion/stripping support and - Tx/Rx checksum offload for VLAN frames support has - been added. Note that the VLAN hardware assistance is - available only on 82550 or 82551-based - controllers.</para> - </listitem> - </itemizedlist> - - <para role="8.0" arch="arm,powerpc">The mge(4) driver has - been added to provide support for Marvell Gigabit Ethernet - controllers found on ARM-based SOCs (Orion, Kirkwood, - Discovery), as well as on system controllers for PowerPC - processors (MV64430, MV6446x).</para> - - <para role="8.0">The &man.miibus.4; driver now supports - the Marvell 88E3016.</para> - - <para role="8.0">The &man.msk.4; driver now supports Yukon - FE+ A0 including 88E8040, 88E8040T, 88E8048 and - 88E8070.</para> - - <para role="8.0">The &man.mwl.4; driver has been added to - provide support for Marvell 88W8363 IEEE 802.11n wireless - network devices.</para> - - <para role="8.0">The &man.mxge.4; driver now supports some newer - revisions and 10GBASE-LRM and 10GBASE-Twinax media - types. The firmware version has been updated to 1.4.43.</para> - - <para role="8.0">The &man.nge.4; driver has been improved and - now works on all platforms.</para> *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201007191526.o6JFQhaY005143>