svn commit: r210239 - in stable/8/release/doc:
en_US.ISO8859-1/errata en_US.ISO8859-1/relnotes share/sgml
Hiroki Sato
hrs at FreeBSD.org
Mon Jul 19 15:26:43 UTC 2010
Author: hrs
Date: Mon Jul 19 15:26:42 2010
New Revision: 210239
URL: http://svn.freebsd.org/changeset/base/210239
Log:
- Clean up old contents and bump version numbers.
- Add items for security advisories.
Modified:
stable/8/release/doc/en_US.ISO8859-1/errata/article.sgml
stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml
stable/8/release/doc/share/sgml/release.dsl
stable/8/release/doc/share/sgml/release.ent
Modified: stable/8/release/doc/en_US.ISO8859-1/errata/article.sgml
==============================================================================
--- stable/8/release/doc/en_US.ISO8859-1/errata/article.sgml Mon Jul 19 15:05:35 2010 (r210238)
+++ stable/8/release/doc/en_US.ISO8859-1/errata/article.sgml Mon Jul 19 15:26:42 2010 (r210239)
@@ -16,7 +16,7 @@
<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
%release;
-<!ENTITY release.bugfix "8.0-RELEASE">
+<!ENTITY release.bugfix "8.1-RELEASE">
]>
<article>
@@ -40,7 +40,7 @@
<pubdate>$FreeBSD$</pubdate>
<copyright>
- <year>2009</year>
+ <year>2010</year>
<holder role="mailto:doc at FreeBSD.org">The &os; Documentation Project</holder>
</copyright>
@@ -119,7 +119,6 @@
<para>For a list of all &os; CERT security advisories, see <ulink
url="http://www.FreeBSD.org/security/"></ulink> or <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink>.</para>
-
</sect1>
<sect1 id="security">
@@ -144,34 +143,74 @@
<tbody>
<row>
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
- >SA-09:17.freebsd-update</ulink></entry>
- <entry>03 December 2009</entry>
- <entry><para>Inappropriate directory permissions in freebsd-update(8)</para></entry>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc"
+ >SA-09:15.ssl</ulink></entry>
+ <entry>3 Dec 2009</entry>
+ <entry><para>SSL protocol flaw</para></entry>
</row>
<row>
<entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc"
>SA-09:16.rtld</ulink></entry>
- <entry>03 December 2009</entry>
- <entry><para>Improper environment sanitization in rtld(1)</para></entry>
+ <entry>3 Dec 2009</entry>
+ <entry><para>Improper environment sanitization in &man.rtld.1;</para></entry>
</row>
<row>
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc"
- >SA-09:15.ssl</ulink></entry>
- <entry>03 December 2009</entry>
- <entry><para>SSL protocol flaw</para></entry>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
+ >SA-09:17.freebsd-update</ulink></entry>
+ <entry>3 Dec 2009</entry>
+ <entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry>
+ </row>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc"
+ >SA-10:01.bind</ulink></entry>
+ <entry>6 Jan 2010</entry>
+ <entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry>
+ </row>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc"
+ >SA-10:02.ntpd</ulink></entry>
+ <entry>6 Jan 2010</entry>
+ <entry><para>ntpd mode 7 denial of service</para></entry>
+ </row>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc"
+ >SA-10:03.zfs</ulink></entry>
+ <entry>6 Jan 2010</entry>
+ <entry><para>ZFS ZIL playback with insecure permissions</para></entry>
+ </row>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc"
+ >SA-10:04.jail</ulink></entry>
+ <entry>27 May 2010</entry>
+ <entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry>
+ </row>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc"
+ >SA-10:05.opie</ulink></entry>
+ <entry>27 May 2010</entry>
+ <entry><para>OPIE off-by-one stack overflow</para></entry>
+ </row>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
+ >SA-10:06.nfsclient</ulink></entry>
+ <entry>27 May 2010</entry>
+ <entry><para>Unvalidated input in nfsclient</para></entry>
+ </row>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc"
+ >SA-10:07.mbuf</ulink></entry>
+ <entry>13 July 2010</entry>
+ <entry><para>Lost mbuf flag resulting in data corruption</para></entry>
</row>
</tbody>
</tgroup>
</informaltable>
-
</sect1>
<sect1 id="open-issues">
<title>Open Issues</title>
<para>No open issues.</para>
-
</sect1>
<sect1 id="late-news">
@@ -179,5 +218,4 @@
<para>No news.</para>
</sect1>
-
</article>
Modified: stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml
==============================================================================
--- stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml Mon Jul 19 15:05:35 2010 (r210238)
+++ stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml Mon Jul 19 15:26:42 2010 (r210239)
@@ -15,16 +15,7 @@
<pubdate>$FreeBSD$</pubdate>
<copyright>
- <year>2000</year>
- <year>2001</year>
- <year>2002</year>
- <year>2003</year>
- <year>2004</year>
- <year>2005</year>
- <year>2006</year>
- <year>2007</year>
- <year>2008</year>
- <year>2009</year>
+ <year>2010</year>
<holder role="mailto:doc at FreeBSD.org">The &os; Documentation Project</holder>
</copyright>
@@ -106,9 +97,7 @@
<title>What's New</title>
<para>This section describes the most user-visible new or changed
- features in &os; since &release.prev;, and changes shown in
- Release Notes for the previous releases are marked as
- <literal>[7.1R]</literal> and <literal>[7.2R]</literal>.</para>
+ features in &os; since &release.prev;.</para>
<para>Typical release note items document recent security
advisories issued after &release.prev;, new drivers or hardware
@@ -142,163 +131,65 @@
</thead>
<tbody>
- <row role="7.1">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:05.openssh.asc"
- >SA-08:05.openssh</ulink></entry>
- <entry>17 April 2008</entry>
- <entry><para>OpenSSH X11-forwarding privilege escalation</para></entry>
- </row>
-
- <row role="7.1">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc"
- >SA-08:06.bind</ulink></entry>
- <entry>13 July 2008</entry>
- <entry><para>DNS cache poisoning</para></entry>
- </row>
-
- <row role="7.1">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:07.amd64.asc"
- >SA-08:07.amd64</ulink></entry>
- <entry>3 September 2008</entry>
- <entry><para>amd64 swapgs local privilege escalation</para></entry>
- </row>
-
- <row role="7.1">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:08.nmount.asc"
- >SA-08:08.nmount</ulink></entry>
- <entry>3 September 2008</entry>
- <entry><para>&man.nmount.2; local arbitrary code execution</para></entry>
- </row>
-
- <row role="7.1">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc"
- >SA-08:09.icmp6</ulink></entry>
- <entry>3 September 2008</entry>
- <entry><para>Remote kernel panics on IPv6 connections</para></entry>
- </row>
-
- <row role="7.1">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
- >SA-08:10.nd6</ulink></entry>
- <entry>1 October 2008</entry>
- <entry><para>IPv6 Neighbor Discovery Protocol routing vulnerability</para></entry>
- </row>
-
- <row role="7.1">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc"
- >SA-08:11.arc4random</ulink></entry>
- <entry>24 November 2008</entry>
- <entry><para>&man.arc4random.9; predictable sequence vulnerability</para></entry>
- </row>
-
- <row role="7.1">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:12.ftpd.asc"
- >SA-08:12.ftpd</ulink></entry>
- <entry>23 December 2008</entry>
- <entry><para>Cross-site request forgery in &man.ftpd.8;</para></entry>
- </row>
-
- <row role="7.1">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:13.protosw.asc"
- >SA-08:13.protosw</ulink></entry>
- <entry>23 December 2008</entry>
- <entry><para>netgraph / bluetooth privilege escalation</para></entry>
- </row>
-
- <row role="7.2">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc"
- >SA-09:01.lukemftpd</ulink></entry>
- <entry>07 January 2009</entry>
- <entry><para>Cross-site request forgery in
- &man.lukemftpd.8;</para></entry>
- </row>
-
- <row role="7.2">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc"
- >SA-09:02.openssl</ulink></entry>
- <entry>07 January 2009</entry>
- <entry><para>OpenSSL incorrectly checks for malformed
- signatures</para></entry>
- </row>
-
- <row role="7.2">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc"
- >SA-09:03.ntpd</ulink></entry>
- <entry>13 January 2009</entry>
- <entry><para>ntpd cryptographic signature
- bypass</para></entry>
- </row>
-
- <row role="7.2">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc"
- >SA-09:04.bind</ulink></entry>
- <entry>13 January 2009</entry>
- <entry><para>BIND DNSSEC incorrect checks for
- malformed signatures</para></entry>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc"
+ >SA-09:15.ssl</ulink></entry>
+ <entry>3 Dec 2009</entry>
+ <entry><para>SSL protocol flaw</para></entry>
</row>
-
- <row role="7.2">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
- >SA-09:05.telnetd</ulink></entry>
- <entry>16 February 2009</entry>
- <entry><para>telnetd code execution
- vulnerability</para></entry>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc"
+ >SA-09:16.rtld</ulink></entry>
+ <entry>3 Dec 2009</entry>
+ <entry><para>Improper environment sanitization in &man.rtld.1;</para></entry>
</row>
-
- <row role="7.2">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc"
- >SA-09:06.ktimer</ulink></entry>
- <entry>23 March 2009</entry>
- <entry><para>Local privilege escalation</para></entry>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
+ >SA-09:17.freebsd-update</ulink></entry>
+ <entry>3 Dec 2009</entry>
+ <entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry>
</row>
-
- <row role="7.2">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
- >SA-09:07.libc</ulink></entry>
- <entry>04 April 2009</entry>
- <entry><para>Information leak in &man.db.3;</para></entry>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc"
+ >SA-10:01.bind</ulink></entry>
+ <entry>6 Jan 2010</entry>
+ <entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry>
</row>
-
- <row role="7.2">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc"
- >SA-09:08.openssl</ulink></entry>
- <entry>22 April 2009</entry>
- <entry><para>Remotely exploitable crash in
- OpenSSL</para></entry>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc"
+ >SA-10:02.ntpd</ulink></entry>
+ <entry>6 Jan 2010</entry>
+ <entry><para>ntpd mode 7 denial of service</para></entry>
</row>
-
- <row role="8.0">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"
- >SA-09:09.pipe</ulink></entry>
- <entry>10 June 2009</entry>
- <entry><para>Local information disclosure via direct pipe writes</para></entry>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc"
+ >SA-10:03.zfs</ulink></entry>
+ <entry>6 Jan 2010</entry>
+ <entry><para>ZFS ZIL playback with insecure permissions</para></entry>
</row>
-
- <row role="8.0">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc"
- >SA-09:10.ipv6</ulink></entry>
- <entry>10 June 2009</entry>
- <entry><para>Missing permission check on SIOCSIFINFO_IN6 ioctl</para></entry>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc"
+ >SA-10:04.jail</ulink></entry>
+ <entry>27 May 2010</entry>
+ <entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry>
</row>
-
- <row role="8.0">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
- >SA-09:11.ntpd</ulink></entry>
- <entry>10 June 2009</entry>
- <entry><para>ntpd stack-based buffer-overflow vulnerability</para></entry>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc"
+ >SA-10:05.opie</ulink></entry>
+ <entry>27 May 2010</entry>
+ <entry><para>OPIE off-by-one stack overflow</para></entry>
</row>
-
- <row role="8.0">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:12.bind.asc"
- >SA-09:12.bind</ulink></entry>
- <entry>29 July 2009</entry>
- <entry><para>BIND &man.named.8; dynamic update message remote DoS</para></entry>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
+ >SA-10:06.nfsclient</ulink></entry>
+ <entry>27 May 2010</entry>
+ <entry><para>Unvalidated input in nfsclient</para></entry>
</row>
- <row role="8.0">
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:14.devfs.asc"
- >SA-09:14.devfs</ulink></entry>
- <entry>2 Oct 2009</entry>
- <entry><para>Devfs / VFS NULL pointer race condition</para></entry>
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc"
+ >SA-10:07.mbuf</ulink></entry>
+ <entry>13 July 2010</entry>
+ <entry><para>Lost mbuf flag resulting in data corruption</para></entry>
</row>
</tbody>
</tgroup>
@@ -308,2034 +199,68 @@
<sect2 id="kernel">
<title>Kernel Changes</title>
- <para role="8.0">The &os; <filename>GENERIC</filename> kernel now
- includes Trusted BSD MAC (Mandatory Access Control) support.
- No MAC policy module is loaded by default.</para>
-
- <para role="8.0" arch="i386">A loader
- tunable <varname>hw.clflush_disable</varname> has been added
- to avoid panic (trap 9)
- at <function>map_invalidate_cache_range()</function> even if
- Intel CPU is used. This tunable can be set
- to <literal>-1</literal> (default), <literal>0</literal> and
- <literal>1</literal>. The <literal>-1</literal> is same as
- the current behavior, which automatically
- disables <literal>CLFLUSH</literal> on Intel CPUs without
- <literal>CPUID_SS</literal> (this should occurr on Xen
- only). You can specify <literal>1</literal> when this panic
- happens on non-Intel CPUs (such as AMD's). Because disabling
- <literal>CLFLUSH</literal> can reduce performance, you can try
- with setting <literal>0</literal> on Intel CPUs
- without <literal>SS</literal> to
- use <literal>CLFLUSH</literal> feature.</para>
-
- <para role="8.0">The &man.jail.8; subsystem has been updated. Changes include:</para>
-
- <itemizedlist role="7.2">
- <listitem>
- <para role="8.0">A new virtualization container
- named <quote>vimage</quote> has been implemented. This is
- not enabled by default. To enable this, add the following
- kernel options to your kernel configuration file and
- rebuild the kernel:</para>
-
- <programlisting>options VIMAGE</programlisting>
-
- <para>Note that <literal>options SCTP</literal> in the
- <filename>GENERIC</filename> kernel is not compatible with
- <literal>options VIMAGE</literal>. This limitation will
- be fixed in the next release.</para>
-
- <para>The vimage is a jail with a virtualized instance of
- the &os; network stack. It can be created by using
- &man.jail.8; command like this:</para>
-
- <screen>&prompt.root; jail -c vnet name=<replaceable>vnet1</replaceable> host.hostname=<replaceable>vnet1.example.net</replaceable> path=/ persist</screen>
-
- <para>The vimage has own loopback interface and a separated
- network stack including the L3 routing tables. Network
- interfaces on the system can be moved by using
- &man.ifconfig.8; <option>vnet</option> option between the
- different vimage jails and outside of them.</para>
-
- <para>Furthermore, the &man.epair.4; pseudo-interface driver
- has been added to help communication between vimage jails.
- It emulates a pair of back-to-back connected Ethernet
- interfaces. For example, the following commands create an
- interface pair of &man.epair.4;:</para>
-
- <screen>&prompt.root; ifconfig epair0 create
-epair0a
-&prompt.root; ifconfig epair0a
-epair0a: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
- ether 02:c0:64:00:07:0a
-&prompt.root; ifconfig epair0b
-epair0b: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
- ether 02:c0:64:00:08:0b</screen>
-
- <para>The &man.epair.4; pseudo-interfaces and any physical
- interfaces on the system can be moved between vimage jails
- by using &man.ifconfig.8; <option>vnet</option> option as
- described above. Even after half of an &man.epair.4; pair
- is moved, the back-to-back connection still valid and can
- be used for inter-jail communication.</para>
-
- <para>Note that vimage is still considered as an
- experimental feature.</para>
- </listitem>
-
- <listitem>
- <para>A jail can now have arbitrary named parameters similar
- to environmental variables and the fixed jail parameters
- in the previous releases have been replaced with them.
- The jail name can now be used for identifying the jail in
- &man.jexec.8; and &man.killall.1;.</para>
- </listitem>
-
- <listitem>
- <para>Multiple IPv4 and/or IPv6 addresses per jail are now
- supported. It is even possible to have jails without
- an IP address at all, which basically gives one a chrooted
- environment with restricted process view and no
- networking.</para>
- </listitem>
-
- <listitem>
- <para>SCTP (&man.sctp.4;) with IPv6 in jails has been
- implemented.</para>
- </listitem>
-
- <listitem>
- <para>Specific CPU binding by using &man.cpuset.1; has been
- implemented. Note that the current implementation allows
- the superuser inside of the jail to change the CPU
- bindings specified.</para>
- </listitem>
-
- <listitem>
- <para>A &man.jail.8; can start with a specific route
- FIB now.</para>
- </listitem>
-
- <listitem>
- <para>The &man.ddb.8; kernel debugger now supports a
- <literal>show jails</literal> subcommand.</para>
- </listitem>
-
- <listitem>
- <para>Compatibility support which permits 32-bit jail
- binaries to be used on 64-bit systems to manage jails has
- been added.</para>
- </listitem>
-
- <listitem>
- <para>Note that both version numbers of
- <literal>jail</literal> and <literal>prison</literal> in
- the &man.jail.8; have been updated for the new
- features.</para>
- </listitem>
- </itemizedlist>
-
- <para role="8.0">The &man.ksyms.4;, kernel symbol table
- interface driver has been added. It creates a character
- device <filename>/dev/ksyms</filename> and provides
- read-only access to a snapshot of the kernel symbol
- table.</para>
-
- <para role="8.0" arch="amd64,i386">The &os; Linux emulation
- layer has been updated to version 2.6.16 and the default Linux
- infrastructure port is
- <filename>emulators/linux_base-f10</filename> (Fedora
- 10).</para>
-
- <para role="8.0" arch="arm">The &os;/&arch.arm; now
- supports mini dump.</para>
-
- <para role="8.0" arch="powerpc">The &os;/&arch.powerpc; now
- supports kernel core dump.</para>
-
- <para role="8.0" arch="amd64,i386">The &os; virtual memory
- subsystem now supports fully transparent use of
- <application>superpages</application> for application memory;
- application memory pages are dynamically promoted to or
- demoted from superpages without any modification to
- application code. This change offers the benefit of large
- page sizes such as improved virtual memory efficiency and
- reduced TLB (translation lookaside buffer) misses without
- downsides like application changes and virtual memory
- inflexibility. This can be enabled by setting a loader tunable
- <varname>vm.pmap.pg_ps_enabled</varname> to
- <literal>1</literal> and is enabled by default on
- &arch.amd64;.</para>
-
- <para role="7.2">The &man.ddb.8; kernel debugger now supports a
- <command>show mount</command> subcommand.</para>
-
- <para role="7.2">The &os; DTrace subsystem now supports a probe for
- process execution.</para>
-
- <para role="7.2" arch="amd64">The &os; kernel virtual address
- space has been increased to 6GB. This allows subsystems to use
- larger virtual memory space than before. For example, the
- &man.zfs.8; adaptive replacement cache (ARC) requires large
- kernel memory space to cache file system data, so it benefits
- from the increased address space. Note that the ceiling on
- the kernel map size is now 60% of the size of physical memory
- rather than an absolute quantity.</para>
-
- <para role="7.2">The &man.kld.4; now supports installing 32-bit
- system calls to the &os; syscall translation layer from kernel
- modules.</para>
-
- <para role="7.2">The &man.ktr.4; now supports a new KTR tracepoint in the
- <literal>KTR_CALLOUT</literal> class to note when a callout
- routine finishes executing.</para>
-
- <para role="7.2">Types of variables used to track the amount of allocated
- System V shared memory have been changed from
- <literal>int</literal> to <literal>size_t</literal>. This
- makes it possible to use more than 2 GB of memory for shared
- memory segments on 64-bit architectures. Please note the new
- BUGS section in &man.shmctl.2; and
- <filename>/usr/src/UPDATING</filename> for limitations of this
- temporary solution.</para>
-
- <para role="7.2">The &man.sysctl.3; leaf nodes have a flag to tag
- themselves as MPSAFE now.</para>
-
- <para role="7.2">The &os; 32-bit system call translation layer now
- supports installing 32-bit system calls for
- <literal>VFS_AIO</literal>.</para>
-
- <para role="7.1">The &man.clock.gettime.2; and the related system calls now
- support a clock ID <literal>CLOCK_THREAD_CPUTIME_ID</literal>,
- as defined in POSIX.</para>
-
- <para role="7.1">The &man.cpuset.2; system call has been added. This is an
- API for thread to CPU binding and CPU resource grouping and
- assignment.</para>
-
- <para role="7.1">The DTrace, a comprehensive dynamic tracing framework and
- &man.dtrace.1; userland utility have been imported from
- OpenSolaris. DTrace provides a powerful infrastructure to
- permit administrators, developers, and service personnel to
- concisely answer arbitrary questions about the behavior of the
- operating system and user programs.</para>
-
- <para role="7.1">The &man.ddb.4; kernel debugger now has an output capture
- facility. Input and output from &man.ddb.4; can now be captured
- to a memory buffer for later inspection using &man.sysctl.8; or
- a textdump. The new <command>capture</command> command controls
- this feature.</para>
-
- <para role="7.1">The &man.ddb.4; debugger now supports a simple scripting
- facility, which supports a set of named scripts consisting of a
- set of &man.ddb.4; commands. These commands can be managed from
- within &man.ddb.4; or with the use of the new &man.ddb.8;
- utility. More details can be found in the &man.ddb.4; manual
- page.</para>
-
- <para role="7.1">The &man.ddb.4; <command>ex</command> command now supports
- an <option>/S</option> mode which interprets and prints the
- value at the requested address as a symbol. For example,
- <userinput>ex /S <replaceable>aio_swake</replaceable></userinput>
- prints the name of the function currently registered in
- via <replaceable>aio_swake</replaceable> hook.</para>
-
- <para role="7.1">The &man.ddb.4; <command>show conifhk</command> command has
- been added. This lists hooks currently waiting for completion
- in <function>run_interrupt_driven_config_hooks()</function>.</para>
-
- <para role="7.1">The &man.fcntl.2; system call now supports
- <literal>F_DUP2FD</literal> command. This is equivalent to
- &man.dup.2;, and compatible with the Sun Solaris and the IBM
- AIX.</para>
-
- <para role="7.1">The &os;'s &man.linux.4; ABI support now implements
- <function>sched_setaffinity()</function> and
- <function>sched_getaffinity()</function> using real CPU affinity
- setting primitives.</para>
-
- <para role="7.1">The &man.procstat.1; utility has been added. This is a
- process inspection utility which provides some of the missing
- functionality from &man.procfs.5; and new functionality for monitoring
- and debugging specific processes.</para>
-
- <para role="7.1">The client side functionality of &man.rpc.lockd.8; has been
- implemented in the &os; kernel. This implementation provides the
- correct semantics for &man.flock.2; style locks which are used
- by the &man.lockf.1; command line tool and the &man.pidfile.3;
- library. It also implements recovery from server restarts and
- ensures that dirty cache blocks are written to the server before
- obtaining locks (allowing multiple clients to use file locking
- to safely share data). Also, a new kernel option
- <literal>options NFSLOCKD</literal> has been added and enabled
- by default. If the kernel support is enabled, &man.rpc.lockd.8;
- automatically detects and uses the functionality.</para>
-
- <para role="7.1">The &os; kernel now supports a new textdump format of kernel
- dumps. A textdump provides higher-level information via
- mechanically generated/extracted debugging output, rather than a
- simple memory dump. This facility can be used to generate brief
- kernel bug reports that are rich in debugging information, but
- are not dependent on kernel symbol tables or precisely
- synchronized source code. More information can be found in the
- &man.textdump.4; manual page.</para>
-
- <para role="7.1">The &man.wait4.2; system call now supports
- <option>WNOWAIT</option> flag to keep the process whose status
- is returned in a waitable state and <option>WSTOPPED</option>
- which is equivalent to <option>WUNTRACED</option>.</para>
-
- <para role="7.1" arch="amd64,i386,sparc64">The &os; kernel now has
- initial support of binding interrupts to CPUs.</para>
-
- <para role="7.1" arch="amd64,i386"> The &man.sched.ule.4; scheduler is now the default
- process scheduler in <filename>GENERIC</filename>
- kernels.</para>
-
- <para role="7.1">The sysctl
- variables <varname>kern.features.compat_freebsd[456]</varname>
- have been added. These are corresponding to the kernel options
- <literal>COMPAT_FREEBSD[456]</literal>.</para>
+ <para></para>
<sect3 id="boot">
<title>Boot Loader Changes</title>
- <para role="8.0">The <application>boot0</application> boot
- loader now preserves volume ID at offset
- 0x1b8 used in other operating systems </para>
-
- <para role="8.0">The &man.boot0cfg.8; utility now supports a
- new <option>-i</option> option to set the volume ID.</para>
-
- <para role="8.0" arch="arm,powerpc">The &man.loader.8; now
- supports U-Boot support library.</para>
-
- <para role="7.2">The &man.boot.8; now supports 4-byte volume ID that
- certain versions of &windows; put into the MBR and invoking
- PXE by pressing the F6 key on some supported BIOSes.</para>
-
- <para role="7.2" arch="i386">The &man.boot.8; BTX loader has been
- improved. This fixes several boot issues on recent machines
- reported for 7.1-RELEASE and before.</para>
-
- <para role="7.2">The &man.loader.8; is now able to obtain DHCP options
- from network boot via &man.kenv.2; variables.</para>
-
- <para role="7.2">A bug in the &man.loader.8; has been fixed. Now the
- following line works as expected:</para>
-
- <programlisting>loader_conf_files="<replaceable>foo</replaceable> <replaceable>bar</replaceable> ${<replaceable>variable</replaceable>}"</programlisting>
-
- <para role="7.1" arch="amd64,i386">The BTX kernel used by the boot
- loader has been changed to invoke BIOS routines from real
- mode. This change makes it possible to boot &os; from USB
- devices.</para>
-
- <para role="7.1" arch="amd64,i386">A new gptboot boot loader has
- been added to support booting from a GPT labeled disk. A
- new <command>boot</command> command has been added to
- &man.gpt.8;, which makes a GPT disk bootable by writing the
- required bits of the boot loader, creating a new boot
- partition if required.</para>
+ <para></para>
</sect3>
<sect3 id="proc">
<title>Hardware Support</title>
- <para role="8.0">The &os; now includes experimental support
- for &arch.mips; platform.</para>
-
- <para role="8.0">Support for RTC on Dallas Semiconductor chips
- has been improved. The DS133x and DS1553 are now
- supported.</para>
-
- <para role="8.0" arch="arm">The &os;/&arch.arm; now supports
- Feroceon and Sheeva embedded CPU, Marvell Orion (88F5281),
- Kirkwood (88F6281), Discovery Innovation (MV-78100)
- systems-on-chip CPU.</para>
-
- <para role="8.0" arch="powerpc">The &os;/&arch.powerpc; now
- supports SMP machines</para>
-
- <para role="8.0" arch="powerpc">The &os;/&arch.powerpc; now
- supports E500 (Book-E) embedded CPU and Freescale
- PowerQUICCIII MPC85xx system-on-chip (including single and
- dual-core).</para>
-
- <para role="8.0">The &man.acpi.4; subsystem now supports the System
- Resource Affinity Table (SRAT) used to describe affinity
- relationships between CPUs and memory, ACPI 3.0 fields in
- the MADT including X2APIC entries and UIDs for local SAPICs, and
- ACPI 3.0 flags in the FADT.</para>
-
- <para role="8.0" arch="powerpc">The &man.cpufreq.4; framework now
- supports PowerPC G5, along with a skeleton SMU driver in order to slew
- CPU voltage during frequency changes.</para>
-
- <para role="8.0">The sec(4) driver has been added to provide
- support for the integrated security engine found in
- Freescale system-on-chip devices.</para>
-
- <para role="8.0">The &os; TTY layer has been replaced with a
- new one which has better support for SMP and robust resource
- handling. A tty now has own mutex and it is expected to
- improve scalability when compared to the old implementation
- based on the Giant lock.</para>
-
- <para role="8.0" arch="amd64,i386">The &man.uart.4; driver is now the
- default driver for serial port devices in favor of the
- &man.sio.4; driver. Note that the device nodes have been
- renamed from
- <filename>/dev/cuad<replaceable>N</replaceable></filename> and
- <filename>/dev/ttyd<replaceable>N</replaceable></filename> to
- <filename>/dev/cuau<replaceable>N</replaceable></filename> and
- <filename>/dev/ttyu<replaceable>N</replaceable></filename>.</para>
-
- <important>
- <para>Users who are upgrading will need to change their
- kernel configurations and possibly also
- <filename>/boot/loader.conf</filename> and
- <filename>/boot/device.hints</filename>.</para>
- </important>
-
- <para role="8.0">The &os; USB subsystem has been reimplemented
- to support modern devices and better SMP scalability. The
- new implementation includes Giant-lock-free device drivers,
- a Linux compatibility layer, &man.usbconfig.8; utility, full
- support for split transaction and isochronous transaction,
- and more. Device node names for USB devices are now in a
- the form
- of <filename>/dev/usb/<replaceable>bus</replaceable>.<replaceable>dev</replaceable>.<replaceable>endpoint</replaceable></filename>,
- and <filename>/dev/usbctl</filename> is the master device
- node. Note that the &man.ugen.4; driver has nodes for each device as <filename>/dev/ugen<replaceable>bus</replaceable>.<replaceable>dev</replaceable></filename> for backward compatibility.</para>
-
- <para role="7.2" arch="sparc64">&os; now supports Ultra SPARC III
- (Cheetah) processor family.</para>
-
- <para role="7.2">The &man.acpi.4; subsystem now supports a &man.sysctl.8;
- variable <varname>debug.batt.batt_sleep_ms</varname>. On
- some laptops with smart batteries, enabling battery
- monitoring software causes keystrokes from &man.atkbd.4; to
- be lost. This sysctl variable adds a delay in millisecond
- to the status checking code as a workaround.</para>
-
- <para role="7.2">The &man.acpi.asus.4; driver now supports Asus A8Sr
- notebooks.</para>
-
- <para role="7.2" arch="powerpc">Support for the AltiVec, a floating point
- and integer SIMD instruction set has been added.</para>
-
- <para role="7.2">The &man.cpuctl.4; driver, which provides a special
- device <filename>/dev/cpuctl</filename> as an interface to
- the system CPU has been added. The &man.cpuctl.4;
- functionality includes the ability to retrieve CPUID
- information, read/write machine specific registers (MSR),
- and perform CPU firmware updates.</para>
-
- <para role="7.2">The &man.cpufreq.4; driver now supports an
- <varname>hw.est.msr_info</varname> loader tunable. When
- this is set to <literal>1</literal>, it attempts to build a
- simple list containing just the high and low frequencies if
- it cannot obtain a frequency list from either ACPI or the
- static tables. This is disabled by default.</para>
-
- <para role="7.2" arch="amd64,i386">CPU frequency change notifiers are now
- disabled when the TSC is P-state invariant. Also, a new
- loader tunable
- <varname>kern.timecounter.invariant_tsc</varname> has been
- added to force this behavior by setting it to
- non-zero.</para>
-
- <para role="7.2">The &man.atkbd.4; driver now disables the interrupt
- handler which is called from the keyboard callback function
- when polled mode is enabled. This fixes the problem of
- duplicated/missing characters at the mountroot prompt on
- multi CPU systems while &man.kbdmux.4; is enabled.</para>
-
- <para role="7.2">In the &man.pci.4; subsystem INTx is now disabled when
- MSI/MSIX is enabled. This change fixes interrupt storm
- related issues.</para>
-
- <para role="7.2" arch="sparc64">The schizo(4) driver for Schizo
- Fireplane/Safari to PCI 2.1 and Tomatillo JBus to PCI 2.2
- bridges has been added.</para>
-
- <para role="7.2">The &man.u3g.4; driver for USB based 3G cards and
- dongles including Vodafone Mobile Connect Card 3G, Qualcomm
- CDMA MSM, Huawei E220, Novatel U740, Sierra MC875U, and more
- has been added. This provides support for the multiple
- USB-to-serial interfaces exposed by many 3G USB/PC Card
- modems, and the device is accessed through the &man.ucom.4;
- driver which makes it behave like a &man.tty.4;.</para>
-
- <para role="7.2">The &man.sched.ule.4; scheduler now supports
- the loader tunable
- <varname>machdep.hyperthreading_enabled</varname> just like
- &man.sched.4bsd.4;. Note that it cannot be modified at
- run-time.</para>
-
- <para role="7.1">The &man.cmx.4; driver, a driver for Omnikey CardMan 4040
- PCMCIA smartcard readers, has been added.</para>
-
- <para role="7.1" arch="sparc64">The &man.kbdmux.4; driver now
- supports &arch.sparc64;. The &man.sunkbd.4; driver now
- supports &man.atkbd.4; emulation like &man.ukbd.4;.</para>
-
- <para role="7.1">The <filename>nvram(4)</filename> driver is now
- MPSAFE.</para>
-
- <para role="7.1">An option of the &man.puc.4;
- driver, <literal>PUC_FASTINTR</literal>, is no longer
- supported.</para>
-
- <para role="7.1">The &man.psm.4; driver now attempts detection of Synaptics
- touchpad before IntelliMouse. Some touchpads will pretend to
- be IntelliMouse causing the IntelliMouse probe to work and the
- Synaptics detection never to be done.</para>
-
- <para role="7.1">The &man.uslcom.4; driver, a driver for Silicon
- Laboratories CP2101/CP2102-based USB serial adapters, has been
- imported from OpenBSD.</para>
+ <para></para>
<sect4 id="mm">
<title>Multimedia Support</title>
- <para role="8.0">The &os; audio subsystem has been improved.
- The changes include volume per channel, high quality
- fixed-point band-limited SINC sampling rate converter,
- bit-perfect mode, transparent/adaptive virtual channel,
- and exclusive stream. For more details, see the
- &man.snd.4; manual page.</para>
-
- <para role="7.2">The &man.agp.4; driver now supports Intel G4X series
- graphics chipsets.</para>
-
- <para role="7.2">The Direct Rendering Manager
- (<application>DRM</application>), a kernel module that
- gives direct hardware access to DRI clients, has been
- updated. Support for AMD/ATI r500, r600, r700, and IGP
- based chips, XGI V3XE/V5/V8, and Intel i915 chipsets has
- been improved.</para>
-
- <para role="7.2">A new loader tunable <varname>hw.drm.msi</varname> has
- been added to control if DRM uses MSI or not. This is set
- to <literal>1</literal> (enabled) by default.</para>
-
- <para role="7.2">The snd_au88x0(4) driver for Aureal Vortex
- 1/2/Advantage PCI has been removed because it has been
- broken for a long time.</para>
-
- <para role="7.2">The &man.snd.hda.4; driver has been updated. These
- changes include support for multiple codecs per HDA bus,
- multiple functional groups per codec, multiple audio
- devices per functional group, digital (SPDIF/HDMI) audio
- input/output, suspend/resume, and part of multichannel
- audio.</para>
-
- <para role="7.2">Note that due to added HDMI audio and
- logical audio devices support, the updated driver often
- provides several PCM devices. This means that in some
- cases the system default audio device no longer
- corresponds to the users's habitual audio connectors. In
- such cases the default device can be specified in audio
- applications' setup or defined globally via
- <varname>hw.snd.default_unit</varname> sysctl variable, as
- described in the &man.sound.4; manual page.</para>
-
- <para role="7.1">The &man.agp.4; driver now supports the
- Intel G33 and G45.</para>
-
- <para role="7.1" arch="i386">The <filename>dpms(4)</filename> driver has
- been added to use the VESA BIOS for DPMS during suspend and
- resume.</para>
-
- <para role="7.1">The <application>DRM</application> kernel driver now
- supports i915 GME devices.</para>
+ <para></para>
</sect4>
<sect4 id="net-if">
<title>Network Interface Support</title>
- <para role="8.0">The &man.bwi.4; driver has been added to
- provide support for Broadcom BCM43xx IEEE 802.11b/g wireless
- network interfaces.</para>
-
- <para role="8.0" arch="sparc64">The &man.cas.4; driver has
- been added to provide support for Sun Cassini/Cassini+ and
- National Semiconductor DP83065 Saturn Gigabit Ethernet
- devices.</para>
-
- <para role="8.0">The &man.cxgbtool.8; now supports an
- interactive mode for scripting of repeatedly performed
- tasks.</para>
-
- <para role="8.0">The &man.fxp.4; driver has been improved. Changes include:</para>
-
- <itemizedlist>
- <listitem>
- <para role="8.0">The multicast filter re-programming
- is now more robust.</para>
- </listitem>
-
- <listitem>
- <para role="7.2">The checksum offload feature can be controlled by
- &man.ifconfig.8; now.</para>
- </listitem>
-
- <listitem>
- <para role="7.2">Rx checksum offload support for 82559 or later
- controllers has been added.</para>
- </listitem>
-
- <listitem>
- <para role="7.2">TSO (TCP Segmentation Offload) support for 82550
- and 82551 controllers has been added.</para>
- </listitem>
-
- <listitem>
- <para role="7.2">WoL (Wake on LAN) support for 82550, 82551, 82558,
- and 82559-based controllers has been added. Note that
- ICH based controllers are treated as 82559, and 82557,
- earlier revisions of 82558, and 82559ER have no WoL
- capability.</para>
- </listitem>
-
- <listitem>
- <para role="7.2">VLAN hardware tag insertion/stripping support and
- Tx/Rx checksum offload for VLAN frames support has
- been added. Note that the VLAN hardware assistance is
- available only on 82550 or 82551-based
- controllers.</para>
- </listitem>
- </itemizedlist>
-
- <para role="8.0" arch="arm,powerpc">The mge(4) driver has
- been added to provide support for Marvell Gigabit Ethernet
- controllers found on ARM-based SOCs (Orion, Kirkwood,
- Discovery), as well as on system controllers for PowerPC
- processors (MV64430, MV6446x).</para>
-
- <para role="8.0">The &man.miibus.4; driver now supports
- the Marvell 88E3016.</para>
-
- <para role="8.0">The &man.msk.4; driver now supports Yukon
- FE+ A0 including 88E8040, 88E8040T, 88E8048 and
- 88E8070.</para>
-
- <para role="8.0">The &man.mwl.4; driver has been added to
- provide support for Marvell 88W8363 IEEE 802.11n wireless
- network devices.</para>
-
- <para role="8.0">The &man.mxge.4; driver now supports some newer
- revisions and 10GBASE-LRM and 10GBASE-Twinax media
- types. The firmware version has been updated to 1.4.43.</para>
-
- <para role="8.0">The &man.nge.4; driver has been improved and
- now works on all platforms.</para>
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list