From owner-p4-projects@FreeBSD.ORG Sun Jul 17 09:36:50 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 4133416A420; Sun, 17 Jul 2005 09:36:50 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1268D16A41C for ; Sun, 17 Jul 2005 09:36:50 +0000 (GMT) (envelope-from soc-andrew@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA43743D45 for ; Sun, 17 Jul 2005 09:36:49 +0000 (GMT) (envelope-from soc-andrew@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j6H9anXR001363 for ; Sun, 17 Jul 2005 09:36:49 GMT (envelope-from soc-andrew@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j6H9anHx001360 for perforce@freebsd.org; Sun, 17 Jul 2005 09:36:49 GMT (envelope-from soc-andrew@freebsd.org) Date: Sun, 17 Jul 2005 09:36:49 GMT Message-Id: <200507170936.j6H9anHx001360@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to soc-andrew@freebsd.org using -f From: soc-andrew To: Perforce Change Reviews Cc: Subject: PERFORCE change 80382 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jul 2005 09:36:51 -0000 http://perforce.freebsd.org/chv.cgi?CH=80382 Change 80382 by soc-andrew@soc-andrew_serv on 2005/07/17 09:36:24 Catchup with libmemstat + new release docs Affected files ... .. //depot/projects/soc2005/bsdinstaller/src/contrib/bsdinstaller/backend/installer/flow.c#2 edit .. //depot/projects/soc2005/bsdinstaller/src/lib/Makefile#3 integrate .. //depot/projects/soc2005/bsdinstaller/src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#4 integrate .. //depot/projects/soc2005/bsdinstaller/src/release/doc/share/sgml/release.ent#2 integrate .. //depot/projects/soc2005/bsdinstaller/src/usr.sbin/bsdinstaller/backend/Makefile#5 edit Differences ... ==== //depot/projects/soc2005/bsdinstaller/src/contrib/bsdinstaller/backend/installer/flow.c#2 (text+ko) ==== @@ -73,6 +73,8 @@ #include "fn.h" #include "pathnames.h" +#include "extra_flow.h" + /*** GLOBALS ***/ void (*state)(struct i_fn_args *) = NULL; @@ -1160,7 +1162,8 @@ fn_create_subpartitions(a); if (a->result) { - state = state_install_os; + /* state = state_install_os; */ + state = state_select_distros; } else { state = disk_get_formatted(storage_get_selected_disk(a->s)) ? state_select_disk : state_select_slice; ==== //depot/projects/soc2005/bsdinstaller/src/lib/Makefile#3 (text+ko) ==== @@ -1,5 +1,5 @@ # @(#)Makefile 8.1 (Berkeley) 6/4/93 -# $FreeBSD: src/lib/Makefile,v 1.205 2005/04/20 20:50:32 marcel Exp $ +# $FreeBSD: src/lib/Makefile,v 1.206 2005/07/14 17:59:50 rwatson Exp $ # To satisfy shared library or ELF linkage when only the libraries being # built are visible: @@ -29,7 +29,7 @@ libcalendar libcam libcompat libdevinfo libdevstat ${_libdisk} \ libedit libexpat libfetch libform libftpio libgeom ${_libgpib} \ ${_libio} libipsec \ - libipx libkiconv libmagic libmenu ${_libmilter} ${_libmp} \ + libipx libkiconv libmagic libmemstat libmenu ${_libmilter} ${_libmp} \ ${_libncp} ${_libngatm} libopie libpam libpanel libpcap \ libpmc ${_libpthread} ${_libsdp} ${_libsm} ${_libsmb} ${_libsmdb} \ ${_libsmutil} libstand libtelnet ${_libthr} ${_libthread_db} libufs \ ==== //depot/projects/soc2005/bsdinstaller/src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#4 (text+ko) ==== @@ -3,7 +3,7 @@ The &os; Project - $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.883 2005/07/10 03:47:00 hrs Exp $ + $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.885 2005/07/15 16:38:52 hrs Exp $ 2000 @@ -113,323 +113,25 @@ Security Advisories - A bug in the &man.fetch.1; utility, which allows - a malicious HTTP server to cause arbitrary portions of the client's - memory to be overwritten, has been fixed. - For more information, see security advisory - FreeBSD-SA-04:16.fetch. - &merged; - - A bug in &man.procfs.5; and &man.linprocfs.5; - which could allow a malicious local user to read parts of kernel - memory or perform a local - denial of service attack by causing a system panic, - has been fixed. - For more information, see security advisory - FreeBSD-SA-04:17.procfs. - &merged; - - Two buffer overflows in the TELNET client program have been - corrected. They could have allowed a malicious TELNET server or - an active network attacker to cause &man.telnet.1; to execute - arbitrary code with the privileges of the user running it. - More information can be found in security advisory - FreeBSD-SA-05:01.telnet. - &merged; - - An information disclosure vulnerability in the - &man.sendfile.2; system call, which could permit it to transmit - random parts of kernel memory, has been fixed. More details are - in security advisory - FreeBSD-SA-05:02.sendfile. - &merged; - - A possible privilege escalation vulnerability on &os;/amd64 - has been fixed. This allows unprivileged users to gain direct - access to some hardware which cannot be accessed - without the elevated privilege level. More details are in security advisory - FreeBSD-SA-05:03.amd64. - &merged; - - An information leak vulnerability in the - SIOCGIFCONF &man.ioctl.2;, which leaked 12 - bytes of kernel memory, has been fixed. More details are in security advisory - FreeBSD-SA-05:04.ifconf. - &merged; - - Several programming errors in &man.cvs.1;, which could - potentially cause arbitrary code to be executed on CVS servers, - have been corrected. Further information can be found in - security advisory - FreeBSD-SA-05:05.cvs. - &merged; - - An error in the default permissions on the /dev/iir device node, which - allowed unprivileged local users can send commands to the - hardware supported by the &man.iir.4; driver, has been fixed. - For more information, see security advisory - FreeBSD-SA-05:06.iir. - &merged; - - A bug in the validation of &man.i386.get.ldt.2; system call - input arguments, which may allow kernel memory to be disclosed - to a user process, has been fixed. For more information, see - security advisory - FreeBSD-SA-05:07.ldt. - &merged; - - Several information disclosure vulnerabilities in various - parts of the kernel have been fixed. For more information, see - security advisory - FreeBSD-SA-05:08.kmem. - &merged; - - Because of an information disclosure vulnerability on - processors using Hyper-Threading Technology (HTT), the - machdep.hyperthreading_allowed sysctl - variable has been added. It defaults to 1 - (HTT enabled) on &os; CURRENT, and 0 (HTT - disabled) on the 4-STABLE and 5-STABLE development branches and - supported security fix branches. More information can be found - in security advisory - FreeBSD-SA-05:09.htt. - &merged; - - A bug in the &man.tcpdump.1; utility which allows - a malicious remote user to cause a denial-of-service - by using specially crafted packets, has been fixed. - For more information, see security advisory - FreeBSD-SA-05:10.tcpdump. - &merged; - - Two problems in the &man.gzip.1; utility have been fixed. - These may allow a local user to modify permissions - of arbitrary files and overwrite arbitrary local - files when uncompressing a file. - For more information, see security advisory - FreeBSD-SA-05:11.gzip. - &merged; - - A bug in BIND 9 DNSSEC has been fixed. - When DNSSEC is enabled, this bug may allow a remote attacker to inject - a specially crafted packet which will cause &man.named.8; to terminate. - For more information, see security advisory - FreeBSD-SA-05:12.bind9. - &merged; - - A bug has been fixed in &man.ipfw.4; that could cause - packets to be matched incorrectly against a lookup table. This - bug only affects SMP machines or UP machines that have the - PREEMPTION kernel option enabled. More - information is contained in security advisory - FreeBSD-SA-05:13.ipfw. - &merged; - - Two security-related problems have been fixed in - &man.bzip2.1;. These include a potential denial of service and - unauthorized manipulation of file permissions. For more - information, see security advisory - FreeBSD-SA-05:14.bzip2. - &merged; - - Two problems in &os;'s TCP stack have been fixed. They - could allow attackers to stall existing TCP connections, - creating a denial-of-service situation. More information is - contained in security advisory - FreeBSD-SA-05:15.tcp. - &merged; - + Kernel Changes - Support for 80386 processors (the - I386_CPU kernel configuration option) has - been removed. Users running this class of CPU should use &os; - 5.X or earlier. + A new sysctl variable kern.malloc_stats + has been added. This allows to export kernel malloc + statistics via a binary structure stream. - The kernel debugger &man.ddb.4; now supports a - show alllocks command, which dumps a list of processes - and threads currently holding sleep mutexes (and spin mutexes for - the current thread). &merged; - - The kernel crash dump format has been changed to - ELF to support large memory (more than 4GB) environment. - - The &man.ichsmb.4; driver is now available as a loadable - kernel module. - - The &man.jail.8; feature now supports a new sysctl - security.jail.chflags_allowed, which controls the - behavior of &man.chflags.1; within a jail. - If set to 0 (the default), then a jailed root user is - treated as an unprivileged user; if set to 1, then - a jailed root user is treated the same as an unjailed root user. &merged; - - A sysctl security.jail.getfsstatroot_only has been - renamed to security.jail.enforce_statfs and - now supports the following policies: - - - - - - - - Value - Policy - - - - - - 0 - Show all mount-points without any restrictions. - - - - 1 - Show only mount-points below jail's chroot and show only part of the - mount-point's path (for example, if the jail's chroot directory is - /jails/foo and - mount-point is - /jails/foo/usr/home, - only /usr/home will be shown). - + A new sysctl variable vm.zone_stats + has been added. This allows to export &man.uma.9; allocator + statistics via a binary structure stream. - - 2 - Show only mount-point where jail's chroot directory is placed. - - - - - - The loader tunable debug.mpsafevm - has been enabled by default. &merged; - - &man.memguard.9;, a kernel memory allocator designed to help detect - tamper-after-free scenarios, has been added. - This must be explicitly enabled via options - DEBUG_MEMGUARD, plus small kernel modifications. It - is generally intended for use by kernel developers. - - struct ifnet and network interface API - have been changed. Due to ABI incompatibility, all drivers - not in the &os; base system need to be updated to use - the new API and recompiled. - - A number of bugs have been fixed in the ULE - scheduler. &merged; - - Fine-grained locking to allow much of the VFS stack to run - without the Giant lock has been added. This is enabled by default - on the alpha, amd64, and i386 architectures, and can be disabled - by setting the loader tunable (and sysctl variable) - debug.mpsafevfs to - 0. - - A bug in Inter-Processor Interrupt (IPI) - handling, which could cause SMP systems to crash under heavy - load, has been fixed. More details are contained in errata note - FreeBSD-EN-05:03.ipi. - &merged; - - System V IPC objects (message queues, semaphores, and shared - memory) now have support for Mandatory Access Control policies, - notably &man.mac.biba.4;, &man.mac.mls.4;, &man.mac.stub.4;, and - &man.mac.test.4;. - - Memory allocation for legacy PCI bridges has - been limited to the top 32MB of RAM. Many older, legacy bridges - only allow allocation from this range. This change only applies - to devices which do not have their memory assigned by the BIOS. - This change fixes the bad Vcc error of CardBus - bridges (&man.pccbb.4;). &merged; - - The &man.sysctl.3; MIBs beginning with debug - now require the kernel option options SYSCTL_DEBUG. - This option is disabled by default. - - The generic &man.tty.4; driver interface has been added - and many device drivers including - &man.cx.4; ({tty,cua}x), - &man.cy.4; ({tty,cua}c), - &man.digi.4; ({tty,cua}D), - &man.rc.4; ({tty,cua}m), - &man.rp.4; ({tty,cua}R), - &man.sab.4; ({tty,cua}z), - &man.si.4; ({tty,cua}A), - &man.sio.4; ({tty,cua}d), - sx ({tty,cua}G), - &man.uart.4; ({tty,cua}u), - &man.ubser.4; ({tty,cua}y), - &man.ucom.4; ({tty,cua}U), and - &man.ucycom.4; ({tty,cua}y) - have been rewritten to use it. Note that /etc/remote - and /etc/ttys have been updated as well. - - The &man.vkbd.4; driver has been added. This driver - provides a software loopback mechanism that can implement - a virtual AT keyboard similar to what the &man.pty.4; driver - does for terminals. - - - - &os; always uses the local APIC timer - even on uni-processor systems now. - - The default HZ - parameter (which controls various kernel timers) has been - increased from 100 to 1000 - on the i386 and ia64. It has been reduced from - 1024 to 1000 on the amd64 - to reduce synchronization effects with other system - clocks. - - The maximum length of shell commands has changed from 128 - bytes to PAGE_SIZE. By default, this value - is either 4KB (i386, pc98, amd64, and powerpc) or 8KB (sparc64 - and ia64). As a result, compatibility modules need to be - rebuilt to stay synchronized with data structure changes in the - kernel. - - A new tunable vm.blacklist has been added. - This can hold a space or comma separated list of physical addresses. - The pages containing these physical addresses will - not be added to the free list and thus will effectively - be ignored by the &os; VM system. The physical addresses - of any ignored pages are listed in the message buffer as well. - Boot Loader Changes - A serial console-capable version of - boot0 has been added. It can be written - to a disk using &man.boot0cfg.8; and specifying - /boot/boot0sio as the argument to the - option. - - cdboot now works around a - BIOS problem observed on some systems when booting from USB - CDROM drives. - - The autoboot loader command - now supports the prompt parameter. + - The autoboot loader command will now prevent the user - from interrupting the boot process at all if the - autoboot_delay variable is set to - -1. &merged; - - A loader menu option to set hint.atkbd.0.flags=0x1 - has been added. This setting allows USB keyboards to work - if no PS/2 keyboard is attached. - - The beastie boot menu has been disabled by default. - @@ -437,1228 +139,106 @@ Hardware Support - The &man.acpi.4; driver now turns - the ACPI and PCI devices off or to a lower power state - when suspending, and back on again when resuming. - This behavior can be disabled by - setting the debug.acpi.do_powerstate and - hw.pci.do_powerstate sysctls to 0. - - The &man.acpi.ibm.4; driver for IBM laptops - has been added. It provides support for the various - hotkeys and reading fan status and thermal - sensors. - - The &man.acpi.fujitsu.4; driver for handling - &man.acpi.4;-controlled buttons Fujitsu laptops has been added. - - The acpi_sony driver, - which supports the Sony Notebook Controller on various - Sony laptops has been added. - - The &man.atkbdc.4;, &man.atkbd.4;, and &man.psm.4; - drivers have been rewritten in more bus-independent way, - and now support the EBus found on the sparc64 platform. - - The following device drivers have been - added and enabled by default in the - GENERIC kernel: - &man.atkbdc.4;, - &man.atkbd.4;, - creator(4), - machfb(4), - &man.syscons.4;, - &man.ohci.4;, - &man.psm.4;, - &man.ukbd.4;, - &man.ums.4;, - and &man.usb.4;. - - The &man.auxio.4; driver has been added; it supports - some auxiliary I/O functions found on various SBus/EBus - &ultrasparc; models. &merged; - - The clkbrd driver has been added to support - the clock-board device frequently found on - Sun Exx00 servers. - - A framework for flexible processor speed control has been - added. It provides methods for various drivers to control CPU - power utilization by adjusting the processor speed. More - details can be found in the &man.cpufreq.4; manual page. &merged; - Currently supported drivers include ichss (Intel SpeedStep for ICH), - acpi_perf (ACPI CPU performance states), and acpi_throttle - (ACPI CPU throttling). The latter two drivers are contained - in the &man.acpi.4; driver. These can individually be disabled by setting device - hints such as hint.ichss.0.disabled="1". - - The &man.hwpmc.4; hardware performance - monitoring counter driver has been added. - This driver virtualizes the hardware performance monitoring - facilities in modern CPUs and provides support for using - these facilities from user level processes. For more details, - see manual pages of &man.hwpmc.4;, associated libraries, - and associated userland utilities. - - Support for the OLDCARD subsystem has - been removed. The NEWCARD system is now used for all PCCARD - device support. - - The pcii driver has been added to support GPIB-PCIIA IEEE-488 - cards. &merged; - - The &man.atkbd.4; driver now supports a 0x8 - (bit 3) flag to disable testing the keyboard port during - the device probe as this can cause hangs on some machines, - specifically Compaq R3000Z series amd64 laptops. - - The &man.pbio.4; driver, - which supports direct access to - the Intel 8255A programmable peripheral interface (PPI) - chip running in mode 0 (simple I/O) has been added. - - The &man.psm.4; driver now has improved support for - Synaptics Touchpad users. It now has better tracking of - slow-speed movement and support for various extra - buttons and dials. These features can be tuned with the - hw.psm.synaptics.* - hierarchy of sysctl variables. - - The rtc driver has been added to support - the MC146818-compatible clock found on some &ultrasparc; II - and III models. &merged; - - The &man.syscons.4; driver now supports VESA - (15, 16, 24, and 32 bit) modes. To enable this feature, two - kernel options SC_PIXEL_MODE and - VESA (or corresponding kernel module) - are needed. - - The &man.uart.4; driver is now enabled in - the GENERIC kernel, and is now the - default driver for serial ports. The &man.ofw.console.4; and - &man.sab.4; drivers are now disabled in the - GENERIC kernel. &merged; - - The &man.uftdi.4; driver now supports the FTDI FT2232C - chip. + - The &man.uplcom.4; driver now supports handling of the - CTS signal. - - The &man.ehci.4; driver has been improved. - - The zs driver has been removed - in favor of the &man.uart.4; driver. - Multimedia Support - The &man.snd.audiocs.4; driver has been - added to support the Crystal Semiconductor CS4231 audio - controller found on &ultrasparc; - workstations. &merged; - - The &man.snd.csa.4; driver now supports - suspend and resume operation. - - The &man.uaudio.4; driver now has some added - functionality, including volume control on more inputs and - recording capability on some devices. &merged; - + Network Interface Support - The &man.ath.4; driver has been updated to split the - transmit rate control algorithm into a separate module. - One of device ath_rate_onoe, - device ath_rate_amrr, or - device ath_rate_sample must be included in - the kernel configuration when using the &man.ath.4; - driver. - - The &man.bge.4; driver now supports the &man.altq.4; - framework, as well as the BCM5714, 5721, 5750, 5751, 5751M and 5789 - chips. &merged; - - The &man.cdce.4; USB Communication Device Class Ethernet - driver has been added. &merged; - - The &man.cp.4; driver is now MPSAFE. &merged; - - The &man.ctau.4; driver is now MPSAFE. &merged; - - The &man.cx.4; driver is now MPSAFE. &merged; - - The &man.dc.4; driver now supports the &man.altq.4; - framework. &merged; - - The &man.ed.4; driver now supports the &man.altq.4; - framework. &merged; - - In the &man.em.4; driver, hardware support for VLAN - tagging is now disabled by default due to some interactions - between this feature and promiscuous mode. &merged; - - Ethernet flow control is now disabled by default in the - &man.fxp.4; driver, to prevent problems on a subnet when a system panics - or is left in the kernel debugger. &merged; - - The gx(4) driver has been removed because - it is no longer maintained actively and - the &man.em.4; driver supports all of the supported hardware. - - The &man.hme.4; driver is now MPSAFE. &merged; - - The &man.ipw.4; (for Intel PRO/Wireless 2100), - &man.iwi.4; (for Intel PRO/Wireless 2200BG/2225BG/2915ABG), - &man.ral.4; (for Ralink Technology RT2500), - and &man.ural.4; (for Ralink Technology RT2500USB) - drivers have been added. - - The &man.ixgb.4; driver is now MPSAFE. &merged; - - The musycc driver, for the LanMedia LMC1504 T1/E1 - network interface card, has been removed due to - disuse. - - Drivers using the &man.ndis.4; device - driver wrapper mechanism are now built and loaded - differently. The &man.ndis.4; driver can now be pre-built - as module or statically compiled into a kernel. Individual - drivers can now be built with the &man.ndisgen.8; utility; - the result is a kernel module that can be loaded into a - running kernel using &man.kldload.8;. &merged; - - The &man.ndis.4; device driver wrapper now - supports &windows;/x86-64 binaries on amd64 - systems. &merged; - - The &man.nve.4; driver, which supports the - nVidia nForce MCP Networking Adapter, has been added. - - The &man.re.4; driver now supports the &man.altq.4; - framework. &merged; - - The &man.sf.4; driver now has support for device polling - and &man.altq.4;. &merged; - - Several programming errors in the &man.sk.4; driver have - been corrected. These bugs were particular to SMP systems, and - could cause panics, page faults, aborted SSH connections, or - corrupted file transfers. More details can be found in - errata note - FreeBSD-EN-05:02.sk. - &merged; - - The &man.sk.4; driver now has support for &man.altq.4;. - This driver also now supports jumbo frames on Yukon-based - interfaces. &merged; - - The &man.ste.4; driver now has support for &man.altq.4;. - - The &man.vge.4; driver now has support for device polling - (&man.polling.4;). - - Support for 802.11 devices in the &man.wlan.4; framework has been - greatly overhauled. In addition to architectural changes, - it includes completed 802.11g, WPA, 802.11i, 802.1x, - WME/WMM, AP-side power-saving, and plugin frameworks for - cryptography modules, authenticators, and access control. - Note in particular that WEP now requires the - wlan_wep module to be loaded (or - compiled) into the kernel. - - The &man.xl.4; driver now supports - &man.polling.4;. &merged; - + Network Protocols - The MTU feedback in IPv6 has been disabled when the sender writes - data that must be fragmented. &merged; - - The Common Address Redundancy Protocol (CARP) has - been implemented. CARP comes from OpenBSD and allows - multiple hosts to share an IP address, providing - high availability and load balancing. - For more information, see the &man.carp.4; manual page. &merged; - - The &man.if.bridge.4; network bridging implementation, - originally from NetBSD, has been added. It supports the IEEE - 802.1D Spanning Tree Protocol, individual interface devices - for each bridge, and filtering of bridged packets. - The &man.ifconfig.8; utility now supports to configure - &man.if.bridge.4;. - - The &man.ipfw.4; IPDIVERT option is now - available as a kernel loadable module. - If this module is not loaded, &man.ipfw.4; will refuse to - install divert rules and &man.natd.8; - will return the error message protocol not supported. - - The &man.ipfw.4; system can work with - debug.mpsafenet=1 - (this tunable is 1 by default) - when the gid, jail, - and/or uid rule options are used. &merged; - - The &man.ipfw.4; and &man.dummynet.4; systems now - support IPv6. - - &man.ipfw.8; now supports classification and tagging - of &man.altq.4; packets via a divert socket. It is also - possible to specify rules that match TCP packets with specific - payload sizes. - - The &man.ipfw.8; ipfw fwd rule now supports - the full packet destination manipulation when the kernel option - options IPFIREWALL_FORWARD_EXTENDED is specified - in addition to options IPFIRWALL_FORWARD. - This kernel option disables all restrictions to ensure proper - behavior for locally generated packets and allows redirection of - packets destined to locally configured IP addresses. - Note that &man.ipfw.8; rules have to be carefully crafted to - make sure that things like PMTU discovery do not break. &merged; - - The &man.ipfw.8; system now supports IPv4 only rules. - - &man.ipnat.8; now allows redirect rules to - work for non-TCP/UDP packets. &merged; - - Ongoing work is reducing the use of the Giant lock by the - network protocol stack and improving the locking - strategies. - - The libalias library can now be built - as a kernel module. - - The link state change notifications of network interfaces - are sent to /dev/devctl now. - - A new &man.ng.ipfw.4; NetGraph node provides - a simple interface between the &man.ipfw.4; and &man.netgraph.4; - facilities. - - A new &man.ng.nat.4; NetGraph node has been added to - perform NAT functions. - - A new &man.ng.netflow.4; NetGraph node allows a router - running &os; to do NetFlow version 5 exports. &merged; - - A new &man.ng.tcpmss.4; NetGraph node has been added. - This supports altering MSS options of TCP packets. - - The &man.sppp.4; driver now includes Frame Relay - support. &merged; - - The &man.sppp.4; driver is now MPSAFE. - - The &os; routing table now requires gateways for routes - to be of the same address family as the route itself. - The &man.route.8; utility now rejects a combination of different - address families. For example: - - &prompt.root; route add 10.1.1.1 -inet6 fe80::1%fxp0 - - The new sysctl net.link.tap.user_open - has been implemented. This allows unprivileged access to - &man.tap.4; device nodes based on file system permissions. - - A bug in TCP that sometimes caused RST packets to - be ignored if the receive window was zero bytes has been - fixed. &merged; - - The RST - handling of the &os; TCP stack has been improved - to make reset attacks as difficult as possible while - maintaining compatibility with the widest range of TCP stacks. - The algorithm is as follows: For connections in the - ESTABLISHED - state, only resets with sequence numbers exactly matching - last_ack_sent will cause a reset; - all other segments will - be silently dropped. For connections in all other states, - a reset anywhere in the window will cause the connection - to be reset. All other segments will be silently dropped. - Note that this behavior technically violates the RFC 793 specification; - the conventional (but less secure) behavior can be restored - by setting a new sysctl net.inet.tcp.insecure_rst - to 1. &merged; - - Several bugs in the TCP SACK implementation have been - fixed. &merged; - - RFC 1644 T/TCP support has been removed. This is because - the design is based on a weak security model that can easily - permit denial-of-service attacks. This TCP - extension has been considered a defective one in - a recent Internet Draft. - - The KAME IPv4 IPsec implementation integrated - in &os; now supports TCP-MD5. &merged; - - Random ephemeral port number allocation has led to some - problems with port reuse at high connection rates. This - feature is now disabled during periods of high connection - rates; whenever new connections are created faster than - net.inet.ip.portrange.randomcps per second, - port number randomization is disabled for the next - net.inet.ip.portrange.randomtime - seconds. The default values for these two sysctl variables - are 10 and 45, - respectively. &merged; - - Fine-grained locking has been applied to many of the data - structures in the IPX/SPX protocol stack. While not fully - MPSAFE at this point, it is generally safe to use IPX/SPX - without the Giant lock (in other words, the - debug.mpsafenet sysctl variable may be set - to 1). - - Unix domain sockets now support the - LOCAL_CREDS and - LOCAL_CONNWAIT options. - The LOCAL_CREDS option provides - a mechanism for the receiver to receive the credentials - of the process as a &man.recvmsg.2; control message. - The LOCAL_CONNWAIT - option causes the &man.connect.2; function to block - until &man.accept.2; has been called on the listening socket. - For more details, see the &man.unix.4; manual page. + Disks and Storage - The &man.amr.4; driver is now safe for use on systems - using &man.pae.4;. &merged; - - The &man.arcmsr.4; driver has been added. - It supports the Areca ARC-11xx and - ARC-12xx series of SATA RAID - controllers. &merged; - - The &man.ata.4; family of drivers has been overhauled and - updated. It has been split into modules that can be loaded - and unloaded independently (the atapci - and ata modules are prerequesites for the - device subdrivers, which are atadisk, - atapicd, atapifd, - atapist, and - ataraid). On supported SATA controllers, - devices can be hot inserted/removed. ATA RAID support has - been rewritten and supports a number of new metadata formats. - The atapicd driver no longer supports CD - changers. This update has been referred to as ATA - mkIII. - - The SHSEC GEOM class has been added. It provides for the - sharing of a secret between multiple GEOM providers. All of - these providers must be present in order to reveal the - secret. This feature is controlled by the &man.gshsec.8; - utility. &merged; - - The &man.hptmv.4; driver, which supports the HighPoint - RocketRAID 182x series, has been added. &merged; - - The &man.ips.4; driver now support kernel crash dumps - on some modern ServeRAID models. &merged; - - The &man.matcd.4; driver has been removed. &merged; - - The default SCSI boot-time probe delay in the - GENERIC kernel has been reduced from - fifteen seconds to five seconds. - - The old vinum(4) subsystem has been removed - in favor of the new &man.geom.4;-based version. - - The &man.twa.4; driver has been updated to - the 9.2 release (for &os; 5.2.1) distributed from - the 3ware website. - - The &man.wd.4; driver has been removed. The - &man.ata.4; driver has been found to work well enough on the - pc98 platform that there is no need for the older &man.wd.4; - driver. - - Information about newly-mounted cd9660 file systems (such - as the presence of RockRidge extensions) is now only printed - if the kernel was booted in verbose mode. This change was - made to reduce the amount of (generally unnecessary) kernel - log messages. &merged; - + The &man.mpt.4; driver has been updated to support + various new features such as RAID volume and RAID member + state/settings reporting, periodic volume re-synchronization + status reporting, and sysctl variables for volume + re-synchronization rate, volume member write cache status, + and volume transaction queue depth. File Systems - Recomputing the summary information for - dirty UFS and UFS2 file systems is no longer - done at mount time, but is now done by background - &man.fsck.8;. This change improves the startup speed when - mounting large file systems after a crash. The prior behavior - can be restored by setting the - vfs.ffs.compute_summary_at_mount sysctl - variable to a non-zero value. &merged; - - A kernel panic in the NFS server has been fixed. More - details can be found in errata note - FreeBSD-EN-05:01.nfs. - &merged; - - Read-only support for ReiserFS version 3 has been - added. See &man.mount.reiserfs.8; for details. - + Contributed Software - ACPI-CA has been updated from - 20040527 to 20041119. &merged; - + Userland Changes - The &man.burncd.8; utility now allows commands (such as - eject) to take place after fixating a - disk. + The &man.ifconfig.8; utility now supports + a flag to allow printing + potentially sensitive keying material to standard output. + This sensitive information will not be printed by default. - Machine-specific optimized versions of - &man.bcmp.3;, &man.bcopy.3;, &man.bzero.3;, &man.memcmp.3;, - &man.memcpy.3;, &man.memmove.3;, &man.memset.3;, &man.strcat.3; - and &man.strcpy.3; have been implemented. Several mathematics - functions such as &man.ceill.3; and &man.sqrtf.3; are also - replaced with the optimized versions. - - The &man.chflags.1; utility now supports the - flag, which supports changing flags on - symbolic links. - - The &man.env.1; program now supports a - flag to write the command to standard error before it is executed. - - The &man.env.1; program now supports a - option to split the string and pass them to - the command as the command-line arguments. - - The &man.env.1; program now supports a - option to set the command search path used to look for - the command. - - The &man.ftpd.8; program now uses the 212 - and 213 status codes for directory - and file status correctly (211 was used in - the previous versions). This behavior is described in RFC 959. - &merged; - - The create command of the &man.gpt.8; - utility now supports a command-line flag to - force creation of a GPT even when there is an MBR record on a - disk. &merged; - - The &man.getaddrinfo.3; function now queries A - DNS resource records before AAAA records - when AF_UNSPEC is specified. - Some broken DNS servers return NXDOMAIN - against non-existent AAAA queries, - even when it should return NOERROR - with empty return records. This is a problem for an IPv4/IPv6 dual - stack node because the NXDOMAIN returned - by the first query of an AAAA record makes - the querying server stop attempting to resolve the A - record if any. Also, this behavior has been recognized as a potential - denial-of-service attack (see - for more details). - Note that although the query order has been changed, - the returned result still includes - AF_INET6 records before - AF_INET records. &merged; - - The &man.gethostbyname.3;, &man.gethostbyname2.3;, and - &man.gethostbyaddr.3; functions are now thread-safe. &merged; - - The &man.getnetent.3;, &man.getnetbyname.3;, and - &man.getnetbyaddr.3; functions are now thread-safe. &merged; - - The &man.getprotoent.3;, &man.getprotobyname.3;, and - &man.getprotobynumber.3; functions are now thread-safe. &merged; - - The &man.getservent.3;, &man.getservbyname.3;, and - &man.getservbyport.3; functions are now thread-safe. &merged; - - For conformation to IEEE Std 1003.1-2001 - (also known as POSIX 2001), the n_net member - of struct netent and the first argument - of &man.getnetbyaddr.3; has been changed to an uint32_t. - Due to these changes, the ABI on 64-bit platforms is - incompatible with previous releases of &os; and - the major version number of the libpcap - shared library has been bumped. - On 64-bit platforms being upgraded from older &os; versions, all - userland programs that use &man.getnetbyaddr.3;, - &man.getnetbyname.3;, &man.getnetent.3;, and/or - libpcap have to be recompiled. - - The gvinum(8) utility now supports the - checkparity, - rebuildparity, and - setstate - subcommands. &merged; - - The &man.ifconfig.8; utility has been restructured. It is >>> TRUNCATED FOR MAIL (1000 lines) <<<