FreeBSD/amd64 6.4-RELEASE Release Notes
The FreeBSD Project
Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 The FreeBSD Documentation Project
$FreeBSD:
releng/6.4/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
185279 2008-11-25 02:19:13Z hrs $
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, EtherJet, Netfinity, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Sparc, Sparc64, SPARCEngine, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. Products bearing SPARC trademarks are based upon architecture developed by Sun Microsystems, Inc.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “®” symbol.
The release notes for FreeBSD 6.4-RELEASE contain a summary of the changes made to the FreeBSD base system on the 6.4-STABLE development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
- Table of Contents
- 1 Introduction
- 2 What's New
-
- 2.1 Security Advisories
- 2.2 Kernel Changes
-
- 2.2.1 Boot Loader Changes
- 2.2.2 Hardware Support
- 2.2.3 Network Protocols
- 2.2.4 Disks and Storage
- 2.3 Userland Changes
-
- 2.3.1 /etc/rc.d Scripts
- 2.4 Contributed Software
- 2.5 Ports/Packages Collection Infrastructure
- 2.6 Release Engineering and Integration
- 3 Upgrading from previous releases of FreeBSD
1 Introduction
This document contains the release notes for FreeBSD 6.4-RELEASE on the AMD64 hardware platform. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
This distribution of FreeBSD 6.4-RELEASE is a release distribution. It can be found at ftp://ftp.FreeBSD.org/ or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the “Obtaining FreeBSD” appendix to the FreeBSD Handbook.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with “late-breaking” information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 6.4-RELEASE can be found on the FreeBSD Web site.
2 What's New
This section describes the most user-visible new or changed features in FreeBSD since 6.3-RELEASE.
Typical release note items document recent security advisories issued after 6.3-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
2.1 Security Advisories
Problems described in the following security advisories has been fixed. For more information, consult the individual advisories available from http://security.FreeBSD.org/.
Advisory | Date | Topic |
---|---|---|
SA-08:03.sendfile | 14 February 2008 |
sendfile(2) write-only file permission bypass |
SA-08:05.openssh | 17 April 2008 |
OpenSSH X11-forwarding privilege escalation |
SA-08:06.bind | 13 July 2008 |
DNS cache poisoning |
SA-08:07.amd64 | 3 September 2008 |
amd64 swapgs local privilege escalation |
SA-08:09.icmp6 | 3 September 2008 |
Remote kernel panics on IPv6 connections |
SA-08:10.nd6 | 1 October 2008 |
IPv6 Neighbor Discovery Protocol routing vulnerability |
SA-08:11.arc4random | 24 November 2008 |
arc4random(9) predictable sequence vulnerability |
2.2 Kernel Changes
The opencrypto framework ( crypto(9)) and ipsec(4) subsystem now support Camellia block cipher.
The FreeBSD kernel malloc(9) now supports buffer corruption protection (RedZone). This detects both buffer underflow and buffer overflow bugs at runtime on free(9) and realloc(9) and prints backtraces from where memory was allocated and from where it was freed. For more details, see DEBUG_REDZONE kernel option.
The client side functionality of rpc.lockd(8) has been implemented in FreeBSD kernel. This implementation provides the correct semantics for flock(2) style locks which are used by the lockf(1) command line tool and the pidfile(3) library. It also implements recovery from server restarts and ensures that dirty cache blocks are written to the server before obtaining locks (allowing multiple clients to use file locking to safely share data). Also, a new kernel option options NFSLOCKD has been added and enabled by default. If the kernel support is enabled, rpc.lockd(8) automatically detects and uses the functionality.
2.2.1 Boot Loader Changes
FreeBSD now support booting from GPT-labeled disks from the BIOS.
The BTX kernel used by the boot loader has been changed to invoke BIOS routines from real mode. This change makes it possible to boot FreeBSD from USB devices.
2.2.3 Network Protocols
The
dummynet(4) subsystem now
supports fast mode operation which allows
certain packets to bypass the dummynet scheduler. This can achieve
lower latency and lower overhead when the packet flow is under the
pipe bandwidth, and eliminate recursion in the subsystem. The new
sysctl variable net.inet.ip.dummynet.io_fast
has been added to
enable this feature.
The resolver(3) now allows underscore in domain names. Although this is a violation of RFC 1034 [STD 13], it is accepted by certain name servers as well as other popular operating systems' resolver library.
2.2.4 Disks and Storage
The aac(4) driver now supports 64-bit array support for RAIDs larger than 2TB and simultaneous opens of the device for issuing commands to the controller.
A data corruption problem of the ata(4) driver on ServerWorks HT1000 chipsets has been fixed.
Stability of the iir(4) driver has been improved.
The mpt(4) driver now supports mpt_user personality.
2.3 Userland Changes
The
bsdtar(1) utility now supports
the following options: --numeric-owner
,
-S
, and -s
.
A bug in cp(1) utility which prevents POSIX.1e ACL (see also acl(3)) from copying properly has been fixed.
The
cron(8) utility now supports
-m
flag which overrides the default
mail recipient for cron mails unless explicitly provided by
MAILTO= line in crontab file.
The
cvs(1) now supports -n
flag which is the opposite of -N
flag.
The dump(8) and restore(8) utility now support extended attributes (see also extattr(9)).
The
fortune(6) program now supports
FORTUNE_PATH
environment variable to
specify search path of the fortune files.
A bug in the
fortune(6) program that prevents
-e
option with multiple files from
working has been fixed.
The freebsd-update.conf(5) now supports IDSIgnorePaths statement.
The
fwcontrol(8) utility now supports
-f node
option which specifies
node as the root node on the
next bus reset.
The make(1) utility now supports :u variable modifier which removes adjacent duplicate words.
The incorrect output grammer of morse(6) program has been fixed.
The
mountd(8) utility now supports
-h bindip
option which specifies IP
addresses to bind to for TCP and UDP requests. This option may be
specified multiple times. If no -h
option is specified, INADDR_ANY will be
used. Note that when specifying IP addresses with this option, it
will automatically add 127.0.0.1 and if
IPv6 is enabled, ::1 to the list.
The
moused(8) utility now supports
-L
flag which changes the speed of
scrolling and changes -U
option
behavior to only affect the scroll threshold.
The mv(1) now support POSIX specification when moving a directory to an existing directory across devices.
The
periodic(8) now supports
daily_status_mail_rejects_shorten
configuration variable in
periodic.conf(5). This allows the
rejected mail reports to tally the rejects per blacklist without
providing details about individual sender hosts. The default
configuration keeps the reports in their original form.
The ping6(8) now uses exit status of 0 and 2 in the same manner as ping(8).
A bug in
telnetd(8) that it attempts
authentication even when -a all
option
is specified has been fixed.
The
top(1) and
vmstat(8) now support
-P
flag which displays per-CPU
statistics.
The watch(8) utility now supports more than 10 snp(4) devices at a time.
2.3.1 /etc/rc.d Scripts
The ike rc(8) script has been removed.
The
rc.conf(5) now supports
dummynet_enable
variable which allow
dummynet(4) kernel module to be
loaded when firewall_enable
is
YES.
The ppp
rc(8) script now supports
multiple instances. For more details, see description of
ppp_profile
variable in
rc.conf(5).
The rfcomm_pppd_server rc(8) script which allows start rfcomm_pppd(8) in server mode at boot time, has been added. Multiple profiles can be started at the same time. For more details, see rc.conf(5).
The sysctl rc(8) script now supports loading /etc/sysctl.conf.local in addition to /etc/sysctl.conf.
The
rc.conf(5) now supports
configuration of interfaces and attached networks for firewall rule
set by rc.firewall when firewall_type
is simple
or client. See firewall_client_net
, firewall_simple_iif
, firewall_simple_inet
, firewall_simple_oif
, and firewall_simple_onet
.
2.4 Contributed Software
am-utils has been updated to version 6.1.5.
ISC BIND has been updated to version 9.3.5-P2.
bzip2 has been updated from 1.0.4 to 1.0.5.
NTP has been updated to version 4.2.4p5.
FILE has been updated to version 4.21.
libarchive has been virtually updated to 2.5.4b. Note that the internal version number remains 1.9.25 because the API/ABI compatibility is preserved.
ncurses library has been updated to version 5.6-20080503.
OpenPAM has been updated to Hydrangea release.
sendmail has been updated from 8.14.2 to 8.14.3.
tcsh has been updated to version 6.15.00.
The timezone database has been updated from the tzdata2007k release to the tzdata2008e release.
2.5 Ports/Packages Collection Infrastructure
The pkg_install utilities have been upgraded to snapshot on 8.0-CURRENT as of May 30, 2008.
The pkg_sign(1) and the pkg_check(1) utility have been removed.
2.6 Release Engineering and Integration
The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.20.1 to 2.22.3.
The supported version of the KDE desktop environment (x11/kde3) has been updated from 3.5.8 to 3.5.10.
3 Upgrading from previous releases of FreeBSD
Source upgrades to FreeBSD 6.4-RELEASE are only supported from FreeBSD 5.3-RELEASE or later. Users of older systems wanting to upgrade 6.4-RELEASE will need to update to FreeBSD 5.3 or newer first, then to FreeBSD 6.4-RELEASE.
Important: Upgrading FreeBSD should, of course, only be attempted after backing up all data and configuration files.
This file, and other release-related documents, can be downloaded from ftp://ftp.FreeBSD.org/.
For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.