FreeBSD 8.0-RELEASE Release Notes

2.1 Security Advisories

Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from http://security.FreeBSD.org/.

2.2 Kernel Changes

The FreeBSD GENERIC kernel now includes Trusted BSD MAC (Mandatory Access Control) support. No MAC policy module is loaded by default.

[i386] A loader tunable hw.clflush_disable has been added to avoid panic (trap 9) at map_invalidate_cache_range() even if Intel CPU is used. This tunable can be set to -1 (default), 0 and 1. The -1 is same as the current behavior, which automatically disables CLFLUSH on Intel CPUs without CPUID_SS (this should occurr on Xen only). You can specify 1 when this panic happens on non-Intel CPUs (such as AMD's). Because disabling CLFLUSH can reduce performance, you can try with setting 0 on Intel CPUs without SS to use CLFLUSH feature.

The jail(8) subsystem has been updated. Changes include:

• A new virtualization container named “vimage” has been implemented. This is not enabled by default. To enable this, add the following kernel options to your kernel configuration file and rebuild the kernel:

  options    VIMAGE
  

  Note that options SCTP in the GENERIC kernel is not compatible with options VIMAGE. This limitation will be fixed in the next release.

  The vimage is a jail with a virtualized instance of the FreeBSD network stack. It can be created by using jail(8) command like this:

  # jail -c vnet name=vnet1 host.hostname=vnet1.example.net path=/ persist
  

  The vimage has own loopback interface and a separated network stack including the L3 routing tables. Network interfaces on the system can be moved by using ifconfig(8) vnet option between the different vimage jails and outside of them.

  Furthermore, the epair(4) pseudo-interface driver has been added to help communication between vimage jails. It emulates a pair of back-to-back connected Ethernet interfaces. For example, the following commands create an interface pair of epair(4):

  # ifconfig epair0 create
  epair0a
  # ifconfig epair0a
  epair0a: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
      ether 02:c0:64:00:07:0a
  # ifconfig epair0b
  epair0b: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
      ether 02:c0:64:00:08:0b
  

  The epair(4) pseudo-interfaces and any physical interfaces on the system can be moved between vimage jails by using ifconfig(8) vnet option as described above. Even after half of an epair(4) pair is moved, the back-to-back connection still valid and can be used for inter-jail communication.

  Note that vimage is still considered as an experimental feature.

• A jail can now have arbitrary named parameters similar to environmental variables and the fixed jail parameters in the previous releases have been replaced with them. The jail name can now be used for identifying the jail in jexec(8) and killall(1).

• Multiple IPv4 and/or IPv6 addresses per jail are now supported. It is even possible to have jails without an IP address at all, which basically gives one a chrooted environment with restricted process view and no networking.

• SCTP ( sctp(4)) with IPv6 in jails has been implemented.

• Specific CPU binding by using cpuset(1) has been implemented. Note that the current implementation allows the superuser inside of the jail to change the CPU bindings specified.

• A jail(8) can start with a specific route FIB now.

• The ddb(8) kernel debugger now supports a show jails subcommand.

• Compatibility support which permits 32-bit jail binaries to be used on 64-bit systems to manage jails has been added.

• Note that both version numbers of jail and prison in the jail(8) have been updated for the new features.

The ksyms(4), kernel symbol table interface driver has been added. It creates a character device /dev/ksyms and provides read-only access to a snapshot of the kernel symbol table.

[amd64, i386] The FreeBSD Linux emulation layer has been updated to version 2.6.16 and the default Linux infrastructure port is emulators/linux_base-f10 (Fedora 10).

[arm] The FreeBSD/arm now supports mini dump.

[powerpc] The FreeBSD/powerpc now supports kernel core dump.

[amd64, i386] The FreeBSD virtual memory subsystem now supports fully transparent use of superpages for application memory; application memory pages are dynamically promoted to or demoted from superpages without any modification to application code. This change offers the benefit of large page sizes such as improved virtual memory efficiency and reduced TLB (translation lookaside buffer) misses without downsides like application changes and virtual memory inflexibility. This can be enabled by setting a loader tunable vm.pmap.pg_ps_enabled to 1 and is enabled by default on amd64.

[7.2R] The ddb(8) kernel debugger now supports a show mount subcommand.

[7.2R] The FreeBSD DTrace subsystem now supports a probe for process execution.

[7.2R] [amd64] The FreeBSD kernel virtual address space has been increased to 6GB. This allows subsystems to use larger virtual memory space than before. For example, the zfs(8) adaptive replacement cache (ARC) requires large kernel memory space to cache file system data, so it benefits from the increased address space. Note that the ceiling on the kernel map size is now 60% of the size of physical memory rather than an absolute quantity.

[7.2R] The kld(4) now supports installing 32-bit system calls to the FreeBSD syscall translation layer from kernel modules.

[7.2R] The ktr(4) now supports a new KTR tracepoint in the KTR_CALLOUT class to note when a callout routine finishes executing.

[7.2R] Types of variables used to track the amount of allocated System V shared memory have been changed from int to size_t. This makes it possible to use more than 2 GB of memory for shared memory segments on 64-bit architectures. Please note the new BUGS section in shmctl(2) and /usr/src/UPDATING for limitations of this temporary solution.

[7.2R] The sysctl(3) leaf nodes have a flag to tag themselves as MPSAFE now.

[7.2R] The FreeBSD 32-bit system call translation layer now supports installing 32-bit system calls for VFS_AIO.

[7.1R] The clock_gettime(2) and the related system calls now support a clock ID CLOCK_THREAD_CPUTIME_ID, as defined in POSIX.

[7.1R] The cpuset(2) system call has been added. This is an API for thread to CPU binding and CPU resource grouping and assignment.

[7.1R] The DTrace, a comprehensive dynamic tracing framework and dtrace(1) userland utility have been imported from OpenSolaris. DTrace provides a powerful infrastructure to permit administrators, developers, and service personnel to concisely answer arbitrary questions about the behavior of the operating system and user programs.

[7.1R] The ddb(4) kernel debugger now has an output capture facility. Input and output from ddb(4) can now be captured to a memory buffer for later inspection using sysctl(8) or a textdump. The new capture command controls this feature.

[7.1R] The ddb(4) debugger now supports a simple scripting facility, which supports a set of named scripts consisting of a set of ddb(4) commands. These commands can be managed from within ddb(4) or with the use of the new ddb(8) utility. More details can be found in the ddb(4) manual page.

[7.1R] The ddb(4) ex command now supports an /S mode which interprets and prints the value at the requested address as a symbol. For example, ex /S aio_swake prints the name of the function currently registered in via aio_swake hook.

[7.1R] The ddb(4) show conifhk command has been added. This lists hooks currently waiting for completion in run_interrupt_driven_config_hooks().

[7.1R] The fcntl(2) system call now supports F_DUP2FD command. This is equivalent to dup(2), and compatible with the Sun Solaris and the IBM AIX.

[7.1R] The FreeBSD's linux(4) ABI support now implements sched_setaffinity() and sched_getaffinity() using real CPU affinity setting primitives.

[7.1R] The procstat(1) utility has been added. This is a process inspection utility which provides some of the missing functionality from procfs(5) and new functionality for monitoring and debugging specific processes.

[7.1R] The client side functionality of rpc.lockd(8) has been implemented in the FreeBSD kernel. This implementation provides the correct semantics for flock(2) style locks which are used by the lockf(1) command line tool and the pidfile(3) library. It also implements recovery from server restarts and ensures that dirty cache blocks are written to the server before obtaining locks (allowing multiple clients to use file locking to safely share data). Also, a new kernel option options NFSLOCKD has been added and enabled by default. If the kernel support is enabled, rpc.lockd(8) automatically detects and uses the functionality.

[7.1R] The FreeBSD kernel now supports a new textdump format of kernel dumps. A textdump provides higher-level information via mechanically generated/extracted debugging output, rather than a simple memory dump. This facility can be used to generate brief kernel bug reports that are rich in debugging information, but are not dependent on kernel symbol tables or precisely synchronized source code. More information can be found in the textdump(4) manual page.

[7.1R] The wait4(2) system call now supports WNOWAIT flag to keep the process whose status is returned in a waitable state and WSTOPPED which is equivalent to WUNTRACED.

[7.1R] [amd64, i386, sparc64] The FreeBSD kernel now has initial support of binding interrupts to CPUs.

[7.1R] [amd64, i386] The sched_ule(4) scheduler is now the default process scheduler in GENERIC kernels.

[7.1R] The sysctl variables kern.features.compat_freebsd[456] have been added. These are corresponding to the kernel options COMPAT_FREEBSD[456].

loader_conf_files="foo bar ${variable}"

device crypto
options IPSEC
options IPSEC_NAT_T

# setfib -3 ping target.example.com

setfib fibnum

device    ahci
device    siis

options    NFSCL   # for NFS client
options NFSD    # for NFS server

2.3 Userland Changes

The GCC stack protection (also known as ProPolice) has been enabled in the FreeBSD base system.

A BSD-licensed ar(1) utility has been added in favor of one in GNU binutils and it is now the default utility for building the FreeBSD base system.

The awk(1) utility now supports 64 files. The upper limit was 20 in prior releases.

The bsnmpd(1) program now supports OIDs for ZFS.

The camcontrol(8) program now supports a new modularized ATA kernel module and various ATA commands.

The cat(1) and cp(1) now use a larger buffer if the number of pages of the physical memory on the system is grater than 32k. This reduces the number of context switches.

A new BSD-licensed cpio(1) utility has been added in favor of GNU cpio and it is now the default utility in the FreeBSD base system.

A script for the crashinfo(8) utility for simple analysis of crash dump has been added. It generates a text file containing the output of several commands run against the core dump such as kgdb(1) (stack trace), ps(1), netstat(1), vmstat(8), iostat(8), dmesg(8), and fstat(1).

The df(1) utility's -h flag now supports displaying inode counts in a human-readable format when a flag -i is specified.

The df(1) utility now supports a -T flag to display file system type in each entry.

A bug in the dhclient(8) that can create a malformed /etc/resolv.conf has been fixed.

The dhclient(8) now uses an -n flag when invoking route(8) command. This eliminates a long delay in the case that it gets a lease but DNS service is not working.

The dhclient(8) utility now uses 68 (bootpc) as the source port for unicast DHCPREQUEST packets instead of allowing the protocol stack to pick a random source port. This fixes the behavior where dhclient(8) would never transition from RENEWING to BOUND without going through REBINDING in some networks which has a tight policy on DHCP spoofing.

The env(1) utility now supports a -u name option that completely unsets the given name instead of setting it to a null value.

The find(1) utility now supports a number of primaries found in GNU find including -ignore_readdir_race, -noignore_readdir_race, -noleaf, -gid, -uid, -wholename, -iwholename, -mount, -d, -lname, -ilname, -quit, -samefile, and -true.

The fsck(8) utility now supports a -r flag to free up excess unused inodes. Decreasing the number of preallocated inodes reduces the running time of future runs of fsck and frees up space that can allocated to files. This flag is ignored when running in preen mode.

The freebsd-update(8) now supports backing up the old kernel when installing a new kernel. The backup kernel will be written to /boot/kernel.old if the directory does not exist or the directory was created by freebsd-update in a previous backup. Otherwise the freebsd-update(8) will generate a new directory name for use by the backup. This is enabled by default.

The gdbserver(1) now supports arm and powerpc platforms.

The gpt(8) program has been removed in favor of gpart(8).

The gzip(1) utility now supports uncompressing files which are created by pack found in some commercial UNIX-like systems.

The i2c(8) utility for diagnostics of I2C has been added.

The ifconfig(8) now supports vnet and -vnet option to allow moving interfaces between jails with vimage.

A BSD-licensed libdwarf library has been added for DTrace clients.

The libmsun library now supports acosl(), asinl(), atanl(), atan2l(), cargl(), csqrtl(), fmodl(), hypotl(), and remquol() functions.

The libproc library has been added for DTrace clients.

The mtest(8) utility now supports IPv6.

The mount(8) program now supports an -o mountprog=filename option to allow an alternative program to be used for mounting a file system. This is useful for non- nmount(2) based file systems such as FUSE.

The nfscbd(8), nfsuserd(8), nfsdumpstate(8), and nfsrevoke(8) utilities for the new NFSv4 subsystem has been added.

The pmcannotate(8) utility has been added. This prints out sources of a tool (in C or assembly) with inlined profiling informations retrieved by a prior pmcstat(8) analysis.

The route(8) utility now supports show, weights, and sticky commands. For more details, see the route(8) manual page.

The rtld(1) now supports a new environment variable LD_ELF_HINTS_PATH for overriding the rtld hints file. This environment variable would be ignored if the process uses setuid and/or setgid. This feature gives a convenient way to use a custom set of shared library that is not in the default location.

The rtld(1) now supports the dynamic string token substitution in the rpath and soneeded pathes. The $ORIGIN, $OSNAME, $OSREL and $PLATFORM tokens are supported. Enabling the substitution requires DF_ORIGIN flag in DT_FLAGS or DF_1_ORIGIN if DF_FLAGS_1, that may be set with -z origin GNU ld flag. This translation is unconditionally disabled for setuid/setgid processes. The $ORIGIN translation relies on the AT_EXECPATH auxinfo supplied by the FreeBSD kernel.

It is no longer possible to create UFS filesystems in “dangerously dedicated” mode using sysinstall(8) since this mode is no longer supported.

sysinstall(8) menus have been simplified to reduce confusion and duplication with other parts of the system. The Xorg window system should be installed just like any other package. Configuration of Linux and OSF/1 emulation should be done via kernel rebuilds. Support for installation from tape media was removed as it was believed to be broken. Obsolete code to support OLDCARD was also removed.

sysinstall(8) now understands how to use unsliced USB drives as installation source media via /dev/daXa

sysinstall(8) now recognizes the new /dev/adaX disk devices, if compiled into the kernel.

sysinstall(8) now uses the freebsd-doc-* packages for localized documents.

sysinstall(8) now ejects the CDROM after installation if it was used as source media.

The traceroute(8) and traceroute6(8) now support an -a flag to display AS number corresponding to the lookup IP address on each hop. It will query the number to WHOIS server specified in -A option. If no -A is specified, whois.radb.net will be used as the default value.

The tzsetup(8) now supports an -s flag to skip the question about adjusting the clock to UTC.

The wake(8) utility, a tool to send Wake on LAN frames to hosts on a local Ethernet network has been added.

The ypserv(8) program now supports shadow.byname and shadow.byuid maps.

[7.2R] A bug in the atacontrol(8) utility, which prevents it from working when /usr is not mounted or invoked from /rescue, has been fixed.

[7.2R] The btpand(8) daemon from NetBSD has been added. This daemon provides support for Bluetooth Network Access Point (NAP), Group Ad-hoc Network (GN) and Personal Area Network User (PANU) profiles.

[7.2R] The cpucontrol(8) utility has been added to control cpuctl(4) pseudo-device.

[7.2R] The ncal(1) utility now supports multibyte characters.

[7.2R] The newfs(8) utility now supports operations on a regular file.

[7.2R] The config(8) utility now supports multiple makeoption lines.

[7.2R] The csup(1) utility now supports CVSMode to fetch a complete CVS repository. Note that the rsync transfer mode is currently disabled.

[7.2R] The dirname(1) utility now accepts multiple arguments in the same way that basename(1) does.

[7.2R] The du(1) utility now supports an -l flag. When specified, the du(1) utility counts a file with multiple hard links as multiple different files.

[7.2R] The du(1) utility now supports an -A flag to display the apparent size instead of the disk usage. This can be helpful when operating on compressed volumes or sparse files.

[7.2R] The du(1) utility now supports a -B blocksize option to calculate block counts in blocks of blocksize bytes. This is different from the -k or -m options or setting BLOCKSIZE and gives an estimate of how much space the examined file hierarchy would require on a file system with the given blocksize. Unless in -A mode, blocksize is rounded up to the next multiple of 512.

[7.2R] The dumpfs(8) utility now supports an -f flag, which causes it to list all free fragments in the file system by fragment (block) number. This new mode does the necessary arithmetic to generate absolute fragment numbers rather than the cg-relative numbers printed in the default mode.

[7.2R] If -f is passed once, contiguous fragment ranges are collapsed into an X-Y format as free block lists are currently printed in regular dumpfs output. If specified twice, all block numbers are printed individually, allowing both compact and more script-friendly representation.

[7.2R] The fetch(1) utility now supports an -i flag which supports the If-Modified-Since HTTP 1.1 request. If specified it will cause the file to be downloaded only if it is more recent than the mtime of the local file. Also, libfetch now accepts the mtime in the url structure and a flag to indicate when this behavior is desired.

[7.2R] The fsck(8) utility now supports a -C flag for check clean mode. This checks if the file system was dismounted cleanly first and then skip file system checks if true. Otherwise it does full checks.

[7.2R] The fsck(8) utility now supports a -D flag for damaged recovery mode, which will enable certain aggressive operations that can make fsck(8) to survive with file systems that has very serious data damage. This is a useful last resort when on disk data damage is very serious and causes fsck(8) to crash.

[7.2R] The getaddrinfo(3) function now supports SCTP.

[7.2R] A bug was fixed in the ipfw(8) utility which displays extra messages for a NAT rule even when a -q flag is specified.

[7.2R] The ln(1) utility now supports a -w flag to check if the source file actually exists. When the flag is specified and the file does not exist, ln(1) will issue a warning message.

The ln(1) utility now allows creating hard links to symbolic links because the POSIX.1-2008 requires this behavior for -L and -P flag.

The lpr(1) utility now support an -m flag to send an email after the job is completed and a -t option to set the job title.

[7.2R] The make(1) utility now supports a -p flag to print the input graph only, without executing any commands. The output is the same as -d g1. When combined with -f /dev/null, only the built-in rules of make are displayed.

[7.2R] The make(1) utility now supports a -Q flag to cause file banners not to be generated in addition to the same effect of a -q flag when a -j option is specified.

[7.2R] The make(1) utility now supports the .MAKE.JOB.PREFIX variable. If -j and -v are specified, its output for each target is prefixed with a token --- target --- the first part of which can be controlled via the variable.

[7.2R] The make(1) utility now supports .MAKE.PID and .MAKE.PPID variable. These are set to process ID of the make(1) process and its parent process respectively.

[7.2R] The makefs(8) utility to create a file system image from a directory tree has been added.

[7.2R] The mergemaster(8) utility now supports an -F option to automatically install files that differ only in their version control ID strings.

[7.2R] The mount(8) utility now supports an -o mountprog=/somewhere/mount_xxx option to force it to use the specified program to mount the file system instead of calling nmount(2) directly. This is useful when you want to use third party programs such as FUSE, for example.

[7.2R] The netstat(1) utility now reports unix(4) sockets' listen queue statistics when an -L flag is specified.

[7.2R] A bug in the netstat(1) utility has been fixed. It crashed with the following options in the previous versions:

% netstat -m -N foo

[7.2R] A bug in the netstat(1) utility has been fixed. The -ss option now works in the icmp6 section as expected.

[7.2R] The pciconf(8) utility now supports a -b flag, which lists any base address registers (BAR) that are assigned resources for each device.

[7.2R] The powerd(8) program has been improved. Changes include reasonable CPU load estimation on SMP systems and a new mode named as hiadaptive for AC-powered systems. The hiadaptive mode raises the CPU frequency twice as fast as adaptive, it drops the CPU frequency 4 times slower, prefers twice lower CPU load and has an additional delay before leaving the highest frequency after the period of maximum load.

The revoke(1) utility has been added. This is a wrapper of revoke(2) syscall.

[7.2R] The stat(1) utility now displays an octal representation of suid, sgid and sticky bits when the -x flag is specified.

[7.2R] The strndup(3) function has been added.

The tftpd(8) program now supports a -W option. This is almost the same as a -w option but will generate unique named based on the submitted filename, a strftime(3) format string, and a two digit sequence number. The time format string can be set by an -F option.

[7.2R] The wc(1) utility now supports an -L flag to output the number of characters in the longest input line.

[7.2R] A bug in the rpc.yppasswdd(8) program, which causes it to leave a zombie process when a password or default shell is changed, has been fixed.

[7.1R] The adduser(8) utility now supports a -M option to set the mode of a new user's home directory.

[7.1R] The atacontrol(8) utility now supports a spindown command to set or report timeout after which the device will be spun down.

[7.1R] The chflags(1) now supports a -v flag for verbose output, a -f flag to ignore errors, and -h to allow setting flags on symbolic links with the same semantics as (for example) chmod(1).

[7.1R] The cp(1) now supports a -a flag, which is equivalent to -RpP flags.

[7.1R] A bug in the cp(1) utility which prevents POSIX.1e ACL (see also acl(3)) from copying properly has been fixed.

[7.1R] The cron(8) utility now supports -m flag which overrides the default mail recipient for cron mails unless explicitly provided by MAILTO= line in crontab file.

[7.1R] The dhclient(8) now supports more options described in dhcp-options(5).

[7.1R] The dhclient(8) now supports is_default_interface() function which determines if this interface is one with the default route.

[7.1R] A bug in the dhclient(8) that prevents removal of the default route from working has been fixed.

[7.1R] The environ(7), environment array of strings now supports unsetting a variable by setting the first character to NULL. This is required by third-party software such as Dovecot and Postfix.

[7.1R] The fdisk(8) now supports a -q flag to not display any warnings.

[7.1R] The fetch(1) program and libfetch library now supports a NO_PROXY environment variable. This specifies comma- or whitespace-separated list of host names for which proxies should not be used. If a single asterisk is specified, the use of proxies is disabled.

[7.1R] The ffsll(3) and flsll(3) functions have been added. These functions are the same as ffs(3) and fls(3) except that they accept long long as the arguments.

[7.1R] The fortune(6) program now supports FORTUNE_PATH environment variable to specify search path of the fortune files.

[7.1R] A bug in the fortune(6) program that prevents -e option with multiple files from working has been fixed.

[7.1R] The freebsd-update.conf(5) now supports IDSIgnorePaths statement.

[7.1R] The fwcontrol(8) utility now supports -f node option which specifies node as the root node on the next bus reset.

[7.1R] [sparc64] The gcc(1) now accepts -mcpu option properly; it was hardcoded as -mcpu=ultrasparc.

[7.1R] The ifconfig(8) command now supports display of WPS IE (Wireless Provisioning Services Information Element).

[7.1R] The kgdb(1) command now supports an add-kld kld command to locate a kld(4) and load its symbols.

[7.1R] The kgdb(1) command now has a shared library backend for kernel files that treats kld(4) as shared libraries and auto-loading symbols for kld(4) on startup.

[7.1R] The kgdb(1) now supports a tid command and other kernel module related commands even for a remote target.

[7.1R] The kvm_getcptime(3) function to obtain the global CPU time statistics from the kernel has been added.

[7.1R] The libalias library now supports PORT and EPRT FTP commands in lowercase.

[7.1R] The man(1) now includes a limited support of bzip2(1)-compressed manual pages.

[7.1R] The mdconfig(8) command now supports a -v (verbose) flag to -l command. It shows size and backing store of all md(4) devices at one time.

[7.1R] The memrchr(3) function has been added. This behaves like memchr(3) except that it locates the last occurrence of the specified character in the string.

[7.1R] The incorrect output grammar of morse(6) program has been fixed.

[7.1R] The mountd(8) utility now supports -h bindip option which specifies IP addresses to bind to for TCP and UDP requests. This option may be specified multiple times. If no -h option is specified, INADDR_ANY will be used. Note that when specifying IP addresses with this option, it will automatically add 127.0.0.1 and if IPv6 is enabled, ::1 to the list.

[7.1R] The moused(8) utility now supports -L flag which changes the speed of scrolling and changes -U option behavior to only affect the scroll threshold.

[7.1R] The mv(1) command now support POSIX specification when moving a directory to an existing directory across devices.

[7.1R] The periodic(8) now supports daily_status_mail_rejects_shorten configuration variable in periodic.conf(5). This allows the rejected mail reports to tally the rejects per blacklist without providing details about individual sender hosts. The default configuration keeps the reports in their original form.

[7.1R] The ping6(8) now uses exit status of 0 and 2 in the same manner as ping(8).

[7.1R] The ping6(8) now supports an -o flag, which makes ping6(8) exit successfully after receiving one reply packet.

[7.1R] The ping6(8) now supports -r and -R flags, which are equivalent to ping(8)'s -a and -A flags, respectively.

[7.1R] The minimum allowed interval of ping6(8) has been decreased to 0.000001 from 0.01.

[7.1R] The realpath(1) utility now supports a -q flag to suppress warnings and accepts multiple paths on its command line.

[7.1R] The rfcomm_pppd(8) now supports a -D flag to register DUN (Dial-Up Networking) service in addition to the LAN (LAN Access Using PPP) service.

[7.1R] The sdpd(8) now supports a NAP, GN, and PANU profiles.

[7.1R] The setkey(8) utility now accepts esp as a protocol name for the spdadd command.

[7.1R] A bug in telnetd(8) that caused it to attempt authentication even when -a off option is specified has been fixed.

[7.1R] The top(1) and vmstat(8) commands now support -P flag which displays per-CPU statistics.

[7.1R] The uuid_enc_le(3), uuid_dec_le(3), uuid_enc_be(3), and uuid_dec_be(3) functions have been added. These functions encode/decode a binary representation of a UUID.

[7.1R] The watch(8) utility now supports more than 10 snp(4) devices at a time.

[7.1R] The ypserv(8) daemon now supports a -P option to specify the port number on which it should listen.

2.4 Contributed Software

ISC BIND has been updated to version 9.6.1rc1.

The ACPI-CA has been updated to 20090521.

The ee (easy editor) has been updated to 1.5.0. This version is now licensed under a 2-clause BSD license, instead of the Artistic license.

The hostapd has been updated to version 0.6.8 + radius ACL support.

The less has been updated to version v436.

The libarchive library has been updated to version 2.7.0.

The libexpat library has been updated from version 1.95.5 to version 2.0.1.

The ncurses library has been updated to version 5.7-20081102.

OpenBSM 1.1 from Trusted BSD Project has been merged.

TCPDUMP has been updated to 4.0.0.

The timezone database has been updated to the tzdata2009f release.

wpa_supplicant has been updated to version 0.6.8

The ZFS file system has been updated from version 6 to version 13.

[7.1R] The am-utils has been updated from version 6.0.10p1 to version 6.1.5.

[7.1R] The awk has been updated from 1 May 2007 release to the 23 October 2007 release.

[7.1R] The bzip2 has been updated from version 1.0.4 to version 1.0.5.

[7.1R] The CVS has been updated to version 1.11.22.1.

[7.1R] NTP has been updated to version 4.2.4p5.

[7.1R] OpenPAM has been updated from the Figwort release to the Hydrangea release.

[7.1R] OpenSSH has been updated from version 4.5p1 to version 5.1p1.

[7.1R] The resolver(3) library has been updated to one of ISC BIND 9.4.3.

[7.1R] sendmail has been updated from version 8.14.2 to version 8.14.3.

2.5 Ports/Packages Collection Infrastructure

[7.2R] A bug in the pkg_create(1) utility, which prevented the -n flag from working has been fixed.

[7.2R] The FreeBSD Ports Collection now supports multiple make(1) jobs in some supported ports. This is automatically enabled when a port is marked as MAKE_JOBS_SAFE and improves CPU utilization at the build stage by passing an option -jX to the top level Makefile from the vendor. The number X is set to the number of CPUs by default, and can be set by users via a make(1) variable MAKE_JOBS_NUMBER. For more details, see ports/Mk/bsd.port.mk.

2.6 Release Engineering and Integration

The supported version of the GNOME desktop environment (x11/gnome2) has been updated to 2.26.3.

The supported version of the KDE desktop environment (x11/kde4) has been updated to 4.3.1.