FreeBSD/pc98 5.0-DP2 Release Notes

The FreeBSD Project

$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.452 2002/11/14 17:59:11 bmah Exp $

The release notes for FreeBSD 5.0-DP2 contain a summary of recent changes made to the FreeBSD base system on the 5-CURRENT development branch. Both changes for kernel and userland are listed, as well as applicable security advisories that were issued since the last release. Some brief remarks on upgrading are also presented.

Table of Contents
1 Introduction
2 What's New
2.1 Kernel Changes
2.1.1 Processor/Motherboard Support
2.1.2 Bootloader Changes
2.1.3 Network Interface Support
2.1.4 Network Protocols
2.1.5 Disks and Storage
2.1.6 Filesystems
2.1.7 PCCARD Support
2.1.8 Multimedia Support
2.1.9 Contributed Software
2.2 Security-Related Changes
2.3 Userland Changes
2.3.1 Contributed Software
2.3.2 Ports/Packages Collection Infrastructure
2.4 Release Engineering and Integration
2.5 Documentation
3 Upgrading from previous releases of FreeBSD

1 Introduction

This document contains the release notes for FreeBSD 5.0-DP2 on the NEC PC-98x1 hardware platform. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.

The snapshot distribution to which these release notes apply represents a point along the 5-CURRENT development branch between 4.0-RELEASE and the future 5.0-RELEASE. Some pre-built, binary snapshot distributions along this branch can be found at

2 What's New

This section describes many of the user-visible new or changed features in FreeBSD since 4.0-RELEASE. It includes items that are unique to the 5-CURRENT branch, as well as some features that may have been recently merged to other branches (after FreeBSD 4.6-RELEASE). The later items are marked as [MERGED].

Typical release note items document new drivers or hardware support, new commands or options, major bugfixes, or contributed software upgrades. Applicable security advisories issued after 4.0-RELEASE are also listed.

Many additional changes were made to FreeBSD that are not listed here for lack of space. For example, documentation was corrected and improved, minor bugs were fixed, insecure coding practices were audited and corrected, and source code was cleaned up.

2.1 Kernel Changes

Execution of a.out(5) format executables now requires the COMPAT_AOUT option in the kernel configuration or the loading of the aout.ko kernel module.

acct(2) has been changed to open the accounting file in append mode, so that accton(8) can be used to enable accounting to an append-only file. [MERGED]

A new in-kernel cryptographic framework (see crypto(4) and crypto(9)) has been imported from OpenBSD. It provides a consistent interface to hardware and software implementations of cryptographic algorithms for use by the kernel and access to cryptographic hardware for user-mode applications. Hardware device drivers are provided to support hifn-based cards ( hifn(4)) and Broadcom-based cards ( ubsec(4)).

A new ddb(4) command show pcpu lists some of the per-CPU data.

A devctl device has been added to allow userland programs to learn when devices come and go in the device tree (different from the XXX). This facility is primariliy used by the devd(8) utility.

devfs(5), which allows entries in the /dev directory to be built automatically and supports more flexible attachment of devices, has been largely reworked. devfs(5) is now enabled by default and can be disabled by the NODEVFS kernel option.

The devfs(5) ``rule'' subsystem has been introduced. DEVFS rules permit the administrator to define certain properties of new device nodes before they become visible to the userland. Both static (e.g. /dev/speaker) and dynamic (e.g. /dev/bpf*, some removable devices) nodes are supported. Each devfs(5) mount may have a different ruleset assigned to it, permitting different policies to be implemented for things like jails. Rules and rulesets are manipulated with the devfs(8) utility.

The dgm driver has been removed in favor of the digi driver.

A new digi driver has been added to support PCI Xr-based and ISA Xem Digiboard cards. A new digictl(8) program is (mainly) used to re-initialize cards that have external port modules attached such as the PC/Xem.

An eaccess(2) system call has been added, similar to access(2) except that the former uses effective credentials rather than real credentials.

Initial support has been added for Firewire devices (see firewire(4)). [MERGED]

Each jail(2) environment can now run under its own securelevel.

The tunable sysctl variables for jail(2) have moved from jail.* to the security.* hierarchy. Other security-related sysctl variables have moved from* to security.*.

The kernel environment is now dynamic, and can be changed via the new kenv(2) system call.

The labpc(4) driver has been removed due to ``bitrot''.

The loader and kernel linker now look for files named linker.hints in each directory with KLDs for a module name and version to KLD filename mapping. The new kldxref(8) utility is used to generate these files.

lomac(4), a Low-Watermark Mandatory Access Control security facility, has been added as a kernel module. It provides a drop-in security mechanism in addition to the traditional UID-based security facilities, requiring no additional configuration from the administrator. Work on this feature was sponsored by DARPA and NAI Labs.

FreeBSD now supports an extensible Mandatory Access Control framework, the TrustedBSD MAC Framework. It permits loadable kernel modules to link to the kernel at compile-time, boot-time, or run-time, and augment the system security policy. The framework permits modules to express interest in a variety of events, and also provides common security policy services such as label storage. A variety of sample policy modules are shipped in this release, including implementations of fixed and floating label Biba integrity models, Multi-Level Security (MLS) with compartments, and a number of augmented UNIX security models including a file system firewall. This feature will permit easier development and maintenance of local and vendor security extensions. The extensibility service is enabled by adding options MAC to the kernel configuration.

Note: The MAC framework is considered an experimental feature in this release, and is not enabled by default

mutex(9) profiling code has been added, enabled by the MUTEX_PROFILING kernel configuration option. It enables the* hierarchy of sysctl variables.

The P1003_1B kernel option is no longer used and has been removed.

PECOFF (Win32 Execution file format) support has been added.

The random(4) device has been rewritten to use the Yarrow algorithm. It harvests entropy from a variety of interrupt sources, including the console devices, Ethernet and point-to-point network interfaces, and mass-storage devices. Entropy from the random(4) device is now periodically saved to files in /var/db/entropy, as well as at shutdown time. The semantics of /dev/random have changed; it never blocks waiting for entropy bits but generates a stream of pseudo-random data and now behaves exactly as /dev/urandom.

A new kernel option, options REGRESSION, enables interfaces and functionality intended for use during correctness and regression testing.

RLIMIT_VMEM support has been added. This feature defines a new resource limit that covers a process's entire virtual memory space, including mmap(2) space. This limit can be configured in login.conf(5) via the new vmemoryuse variable. [MERGED]

A bug in the sendfile(2) system call, in which headers counted against the size of the file to be sent, has been fixed. [MERGED]

The syscons(4) driver now supports keyboard-controlled pasting, by default bound to Shift-Insert.

The uaudio driver, for USB audio devices, has been added. [MERGED]

The ubsa driver has been added to support the Belkin F5U103 (and compatible) USB-to-serial adaptors.

The ucom(4) device driver has been added, to support USB modems, serial devices, and other programs that need to look like a tty. The related uplcom(4) and uvscom(4) drivers provide specific support for the Prolific PL-2303 serial adapter and the SUNTAC Slipper U VS-10U, respectively. [MERGED]

To increase security, the UCONSOLE kernel configuration option has been removed.

The UserConfig boot-time kernel configuration feature, usually used to enable, disable, or configure ISA devices, has been removed. Its functionality has been replaced by the kernel hints file in /boot/device.hints.

The USER_LDT kernel option is now activated by default.

The uvisor(4) driver for connecting Handspring Visors via USB has been added. [MERGED]

A VESA S3 linear framebuffer driver has been added.

The kernel crashdump infrastructure has been revised, to support new platforms and in general clean up the logic in the code. One implication of this change is that the on-disk format for kernel dumps has changed, and is now byte-order-agnostic.

Extremely large swap areas (>67 GB) no longer panic the system.

Linker sets are now self-contained; gensetdefs(8) is unnecessary and has been removed.

It is now possible to hardwire kernel environment variables (such as tuneables) at compile-time using config(8)'s ENV directive.

Idle zeroing of pages can be enabled with the vm.idlezero_enable sysctl variable.

The FreeBSD kernel scheduler now supports Kernel-Scheduled Entities (KSEs), which provides support for multiple threads of execution per process similar to Scheduler Activations. At this point, the kernel has most of the changes needed to support threading. The kernel scheduler can schedule multiple threads per process, but only on a single CPU at a time. More information can be found in kse(2).

Note: KSE is a work in progress.

The kernel now has support for multiple low-level console devices. The new conscontrol(8) utility helps to manage the different consoles.

The kernel memory allocator is now a slab memory allocator, similar to that used in Solaris. This is a SMP-safe memory allocator that has near-linear performance as the number of CPUs increases. It also allows for reduced memory fragmentation.

2.1.1 Processor/Motherboard Support

SMP support has been largely reworked, incorporating code from BSD/OS 5.0. One of the main features of SMPng (``SMP Next Generation'') is to allow more processes to run in kernel, without the need for spin locks that can dramatically reduce the efficiency of multiple processors. Interrupt handlers now have contexts associated with them that allow them to be blocked, which reduces the need to lock out interrupts.

Support for the 80386 processor has been removed from the GENERIC kernel, as this code seriously pessimizes performance on other IA32 processors. The I386_CPU kernel option to support the 80386 processor is now mutually exclusive with support for other IA32 processors; this should slightly improve performance on the 80386 due to the elimination of runtime processor type checks. Custom kernels that will run on the 80386 can still be built by changing the cpu options in the kernel configuration file to only include I386_CPU.

The CPU_DISABLE_CMPXCHG kernel configuration option has been added. Enabling this option has been shown to dramatically improve performance on VMWare client OS installs.

Note: This option is not compatible with SMP kernels.

2.1.2 Bootloader Changes

The kernel and modules have been moved to the directory /boot/kernel, so they can be easily manipulated together. The boot loader has been updated to make this change as seamless as possible.

2.1.3 Network Interface Support

The dc(4) driver now supports NICs based on the Xircom 3201 and Conexant LANfinity RS7112 chips.

The rp(4) driver has been updated to version 3.02 and can now be built as a module. [MERGED]

The stf(4) device is now clonable.

The tx(4) driver now supports true multicast filtering.

Network devices now automatically appear as special files in /dev/net. Interface hardware ioctls (not protocol or routing) can be performed on these devices. The SIOCGIFCONF ioctl may be performed on the special /dev/network node.

``Zero copy'' support has been added to the networking stack. This feature can eliminate a copy of network data between the kernel and userland, which is one of the more significant bottlenecks in network throughput. The send-side code should work with almost any network adapter, while the receive-side code requires a network adapter with an MTU of at least one memory page size (for example, jumbo frames on Gigabit Ethernet). For more information, see zero_copy(9).

2.1.4 Network Protocols

A FAST_IPSEC kernel option now allows the IPsec implementation to use the kernel crypo framework, along with its support for hardware cryptographic acceleration.

Note: The FAST_IPSEC and IPSEC options are mutually exclusive.

Note: The FAST_IPSEC option is, at the moment, not compatible with IPv6 or the INET6 option.

A gre(4) driver, which can encapsulate IP packets using GRE (RFC 1701) or minimal IP encapsulation for Mobile IP (RFC 2004), has been added.

ICMP ECHO and TSTAMP replies are now rate limited. TCP RSTs generated due to packets sent to open and unopen ports are now limited by separate counters. Each rate limiting queue now has its own description.

IP multicast now works on VLAN devices. Several other bugs in the VLAN code have also been fixed.

ipfw(4) has been re-implemented (the new version is commonly referred to as ``IPFW2''). It now uses variable-sized representation of rules in the kernel, similar to bpf(4) instructions. Most of the externally-visible behavior (i.e. through ipfw(8)) should be unchanged., although ipfw(8) now supports or connectives between match fields. [MERGED]

A new ng_device(4) netgraph node type has been added, which creates a device entry in /dev, to be used as the entry point to a networking graph.

The ng_gif(4) and ng_gif_demux(4) netgraph nodes, for operating on gif(4) devices, have been added.

The ng_ip_input(4) netgraph node, for queueing IP packets into the main IP input processing code, has been added.

A new ng_l2tp(4) netgraph node type, which implements the encapsulation layer of the L2TP protocol as described in RFC 2661, has been added. [MERGED]

A new ng_split node type has been added for splitting a bidirectional packet flow into two unidirectional flows.

The ephemeral port range used for TCP and UDP has been changed to 49152-65535 (the old default was 1024-5000). This increases the number of concurrent outgoing connections/streams.

The tcp(4) protocol's retransmission timer can now be manipulated with two sysctl variables, net.inet.tcp.rexmit_min and net.inet.tcp.rexmit_slop. The default has been reduced from one second to 200ms (similar to the Linux default) in order to better handle hicups over interactive connections and improve recovery over lossy fast connections such as wireless links.

The tcp(4) protocol now has the ability to dynamically limit the send-side window to maximize bandwidth and minimize round trip times. The feature can be enabled via the net.inet.tcp.inflight_enable sysctl. [MERGED]

2.1.5 Disks and Storage

The ata(4) driver (along with burncd(8)) now supports writing to media in DVD+RW drives.

The ata(4) driver now supports accessing ATA devices as SCSI devices via the CAM layer and drivers ( cd(4), da(4), st(4), and pass(4)). This feature requires device atapicam in the kernel configuration. More information can be found in atapicam(4). [MERGED]

The ata(4) driver now has support for the Sil 0680 and VIA 8233/8235 controllers. [MERGED]

The cd(4) driver now supports the same CDRIOCREADSPEED and CDRIOCWRITESPEED ioctls that the acd(4) driver uses for setting the speed of CDROM access.

The fdc(4) floppy disk has undergone a number of enhancements. Density selection for common settings is now automatic; the driver is also much more flexible in setting the densities of various subdevices.

The geom(4) disk I/O request transformation framework has been added; this extensible framework is designed to support a wide variety of operations on I/O requests on their way from the upper kernel to the device drivers.

Note: GEOM-enabled kernels no longer support ``compatability slices''. This feature (supported on the i386 and pc98 only) allowed a user to refer to a disk partition without specifying an MBR slice (e.g. /dev/ad0a); the kernel would automatically find the first applicable FreeBSD slice and use it. On GEOM kernels, only the full partition names (e.g. /dev/ad0s1a) are allowed when referring to partitions within MBR slices. This change should affect very few users.

A GEOM Based Disk Encryption module has been added. It provides denial of access to ``cold disks'', with four different cryptographic barriers and up to four changeable pass-phrases. Much more information can be found in the gbde(4) manual page. The gbde(8) userland utility provides an operation and management interface to this module. This feature is not enabled by default; it requires options GEOM_BDE to be added to a kernel configuration file.

Note: This feature should be considered experimental.

The isp(4) driver is now proactive about discovering Fibre Channel topology changes.

The isp(4) driver now supports target mode for Qlogic SCSI cards, including Ultra2 and Ultra3 and dual bus cards.

The matcd(4) driver has been removed due to breakage and licensing issues. [MERGED]

md(4), the memory disk device, has had the functionality of vn(4) incorporated into it. md(4) devices can now be configured by mdconfig(8). vn(4) has been removed. The Memory Filesystem (MFS) has also been removed.

The mpt driver, for supporting the LSI Logic Fusion/MP architecture Fiber Channel controllers, has been added. [MERGED]

The RAIDframe disk driver has been imported from NetBSD. This driver provides software-based RAID 0, 1, 4, and 5 capabilities, as well as other functionality. More information can be found in the raid(4) driver manual page. The raidctl(8) utility is used to configure and unconfigure disk arrays. This feature is not enabled by default, and requires device raidframe to be configured into a kernel.

Note: This feature should be considered experimental.

Some problems in sa(4) error handling have been fixed, including the ``tape drive spinning indefinitely upon mt(1) stat'' problem.

The SCSI_DELAY configuration parameter can now be set at boot time and runtime via the tunable/sysctl.

The trm driver has been added to support SCSI adapters using the Tekram TRM-S1040 SCSI chipset.

2.1.6 Filesystems

Support for named extended attributes was added to the FreeBSD kernel. This allows the kernel, and appropriately privileged userland processes, to tag files and directories with attribute data. Extended attributes were added to support the TrustedBSD Project, in particular ACLs, capability data, and mandatory access control labels (see /usr/src/sys/ufs/ufs/README.extattr for details).

A filesystem snapshot capability has been added to FFS. Details can be found in /usr/src/sys/ufs/ffs/README.snapshot.

Softupdates for FFS have received some bug fixes and enhancements.

When running with softupdates, statfs(2) and df(1) will track the number of blocks and files that are committed to being freed.

kernfs(5) is obsolete and has been retired.

Client-side NFS locks have been implemented.

The client-side and server-side of the NFS code in the kernel used to be intertwined in various complex ways. They have been split apart for ease of maintenance and further development.

Support for filesystem Access Control Lists (ACLs) has been introduced, allowing more fine-grained control of discretionary access control on files and directories. This support was integrated from the TrustedBSD Project. More details can be found in /usr/src/sys/ufs/ufs/README.acls.

For consistency, the fdesc, fifo, null, msdos, portal, umap, and union filesystems have been renamed to fdescfs, fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where applicable, modules and mount_* programs have been renamed. Compatibility ``glue'' has been added to mount(8) so that msdos filesystem entries in fstab(5) will work without changes.

pseudofs, a pseudo-filesystem framework, has been added. linprocfs(5) and procfs(5) have been modified to use pseudofs.

Network filesystems (such as NFS and smbfs filesystems) listed in /etc/fstab can now be properly mounted during startup initialization; their mounts are deferred until after the network is initialized.

Read-only support for the Universal Disk Format (UDF) has been added. This format is used on packet-written CD-RWs and most commercial DVD-Video disks. The mount_udf(8) command can be used to mount these disks.

Basic support has been added for the UFS2 filesystem. Among its features:

  • The inode has been expanded to 256 bytes to make space for 64-bit block pointers.

  • A file-creation time field has been added.

  • A native extended attributes implementation has been added, permitting total attribute size stored on an inode to be up to twice the filesystem block size. This storage is used for Access Control Lists and MAC labels, but may also be used by other system extensions and user applications.

2.1.8 Multimedia Support

A new API has been added for sound cards with hardware volume control.

2.1.9 Contributed Software

The Forth Inspired Command Language (FICL) used in the boot loader has been updated to 3.02.

Support for Advanced Configuration and Power Interface (ACPI), a multi-vendor standard for configuration and power management, has been added. This functionality has been provided by the Intel ACPI Component Architecture project, as of the ACPI CA 20020815 snapshot. Some backward compatability for applications using the older APM standard has been provided. IPFilter

IPFilter has been updated to 3.4.29. [MERGED]

2.2 Security-Related Changes

A bug in which malformed ELF executable images can hang the system has been fixed (see security advisory FreeBSD-SA-00:41). [MERGED]

A security hole in Linux emulation was fixed (see security advisory FreeBSD-SA-00:42). [MERGED]

TCP now uses stronger randomness in choosing its initial sequence numbers (see security advisory FreeBSD-SA-00:52). [MERGED]

Several buffer overflows in tcpdump(1) were corrected (see security advisory FreeBSD-SA-00:61). [MERGED]

A security hole in top(1) was corrected (see security advisory FreeBSD-SA-00:62). [MERGED]

A potential security hole caused by an off-by-one-error in gethostbyname(3) has been fixed (see security advisory FreeBSD-SA-00:63). [MERGED]

A potential buffer overflow in the ncurses(3) library, which could cause arbitrary code to be run from within systat(1), has been corrected (see security advisory FreeBSD-SA-00:68). [MERGED]

A vulnerability in telnetd(8) that could cause it to consume large amounts of server resources has been fixed (see security advisory FreeBSD-SA-00:69). [MERGED]

The nat deny_incoming command in ppp(8) now works correctly (see security advisory FreeBSD-SA-00:70). [MERGED]

A vulnerability in csh(1)/ tcsh(1) temporary files that could allow overwriting of arbitrary user-writable files has been closed (see security advisory FreeBSD-SA-00:76). [MERGED]

Several vulnerabilities in procfs(5) were fixed (see security advisory FreeBSD-SA-00:77). [MERGED]

A bug in OpenSSH in which a server was unable to disable ssh-agent(1) or X11Forwarding was fixed (see security advisory FreeBSD-SA-01:01). [MERGED]

A bug in ipfw(8) and ip6fw(8) in which inbound TCP segments could incorrectly be treated as being part of an established connection has been fixed (see security advisory FreeBSD-SA-01:08). [MERGED]

A bug in crontab(1) that could allow users to read any file on the system in valid crontab(5) syntax has been fixed (see security advisory FreeBSD-SA-01:09). [MERGED]

A vulnerability in inetd(8) that could allow read-access to the initial 16 bytes of wheel-accessible files has been fixed (see security advisory FreeBSD-SA-01:11). [MERGED]

A bug in periodic(8) that used insecure temporary files has been corrected (see security advisory FreeBSD-SA-01:12). [MERGED]

OpenSSH now has code to prevent (instead of just mitigating through connection limits) an attack that can lead to guessing the server key (not host key) by regenerating the server key when an RSA failure is detected (see security advisory FreeBSD-SA-01:24). [MERGED]

A bug in timed(8), which caused it to crash if send certain malformed packets, has been corrected (see security advisory FreeBSD-SA-01:28). [MERGED]

A bug in rwhod(8), which caused it to crash if send certain malformed packets, has been corrected (see security advisory FreeBSD-SA-01:29). [MERGED]

A security hole in FreeBSD's FFS and EXT2FS implementations, which allowed a race condition that could cause users to have unauthorized access to data, has been fixed (see security advisory FreeBSD-SA-01:30). [MERGED]

A remotely-exploitable vulnerability in ntpd(8) has been closed (see security advisory FreeBSD-SA-01:31). [MERGED]

A security hole in IPFilter's fragment cache has been closed (see security advisory FreeBSD-SA-01:32). [MERGED]

Buffer overflows in glob(3), which could cause arbitrary code to be run on an FTP server, have been closed. In addition, to prevent some forms of DOS attacks, glob(3) allows specification of a limit on the number of pathname matches it will return. ftpd(8) now uses this feature (see security advisory FreeBSD-SA-01:33). [MERGED]

Initial sequence numbers in TCP are more thoroughly randomized (see security advisory FreeBSD-SA-01:39). Due to some possible compatibility issues, the behavior of this security fix can be enabled or disabled via the net.inet.tcp.tcp_seq_genscheme sysctl variable.[MERGED]

A vulnerability in the fts(3) routines (used by applications for recursively traversing a filesystem) could allow a program to operate on files outside the intended directory hierarchy. This bug has been fixed (see security advisory FreeBSD-SA-01:40). [MERGED]

A flaw allowed some signal handlers to remain in effect in a child process after being exec-ed from its parent. This allowed an attacker to execute arbitrary code in the context of a setuid binary. This flaw has been corrected (see security advisory FreeBSD-SA-01:42). [MERGED]

A remote buffer overflow in tcpdump(1) has been fixed (see security advisory FreeBSD-SA-01:48). [MERGED]

A remote buffer overflow in telnetd(8) has been fixed (see security advisory FreeBSD-SA-01:49). [MERGED]

The new net.inet.ip.maxfragpackets and net.inet.ip6.maxfragpackets sysctl variables limit the amount of memory that can be consumed by IPv4 and IPv6 packet fragments, which defends against some denial of service attacks (see security advisory FreeBSD-SA-01:52). [MERGED]

A flaw in the implementation of the ipfw(8) me rules on point-to-point links has been corrected. Formerly, me filter rules would match the remote IP address of a point-to-point interface in addition to the intended local IP address (see security advisory FreeBSD-SA-01:53). [MERGED]

A vulnerability in procfs(5), which could allow a process to read sensitive information from another process's memory space, has been closed (see security advisory FreeBSD-SA-01:55). [MERGED]

The PARANOID hostname checking in tcp_wrappers now works as advertised (see security advisory FreeBSD-SA-01:56). [MERGED]

A local root exploit in sendmail(8) has been closed (see security advisory FreeBSD-SA-01:57). [MERGED]

A remote root vulnerability in lpd(8) has been closed (see security advisory FreeBSD-SA-01:58). [MERGED]

A race condition in rmuser(8) that briefly exposed a world-readable /etc/master.passwd has been fixed (see security advisory FreeBSD-SA-01:59). [MERGED]

A vulnerability in UUCP has been closed (see security advisory FreeBSD-SA-01:62). All non-root-owned binaries in standard system paths now have the schg flag set to prevent exploit vectors when run by cron(8), by root, or by a user other then the one owning the binary. In addition, uustat(1) is now run via /etc/periodic/daily/410.status-uucp as uucp, not root. In FreeBSD -CURRENT, UUCP has since been moved to the Ports Collection and no longer a part of the base system. [MERGED]

A security hole in OpenSSH, which could allow users to execute code with arbitrary privileges if UseLogin yes was set, has been closed. Note that the default value of this setting is UseLogin no. (See security advisory FreeBSD-SA-01:63.) [MERGED]

The use of an insecure temporary directory by pkg_add(1) could permit a local attacker to modify the contents of binary packages while they were being installed. This hole has been closed. (See security advisory FreeBSD-SA-02:01.) [MERGED]

A race condition in pw(8), which could expose the contents of /etc/master.passwd, has been eliminated. (See security advisory FreeBSD-SA-02:02.) [MERGED]

A bug in k5su(8) could have allowed a process that had given up superuser privileges to regain them. This bug has been fixed. (See security advisory FreeBSD-SA-02:07.) [MERGED]

An ``off-by-one'' bug has been fixed in OpenSSH's multiplexing code. This bug could have allowed an authenticated remote user to cause sshd(8) to execute arbitrary code with superuser privileges, or allowed a malicious SSH server to execute arbitrary code on the client system with the privileges of the client user. (See security advisory FreeBSD-SA-02:13.) [MERGED]

A programming error in zlib could result in attempts to free memory multiple times. The malloc(3)/ free(3) routines used in FreeBSD are not vulnerable to this error, but applications receiving specially-crafted blocks of invalid compressed data could be made to function incorrectly or abort. This zlib bug has been fixed. For a workaround and solutions, see security advisory FreeBSD-SA-02:18. [MERGED]

Bugs in the TCP SYN cache (``syncache'') and SYN cookie (``syncookie'') implementations, which could cause legitimate TCP/IP traffic to crash a machine, have been fixed. For a workaround and patches, see security advisory FreeBSD-SA-02:20. [MERGED]

A routing table memory leak, which could allow a remote attacker to exhaust the memory of a target machine, has been fixed. A workaround and patches can be found in security advisory FreeBSD-SA-02:21. [MERGED]

A bug with memory-mapped I/O, which could cause a system crash, has been fixed. For more information about a solution, see security advisory FreeBSD-SA-02:22. [MERGED]

A security hole, in which SUID programs could be made to read from or write to inappropriate files through manipulation of their standard I/O file descriptors, has been fixed. Information regarding a solution can be found in security advisory FreeBSD-SA-02:23. [MERGED]

Some unexpected behavior could be allowed with k5su(8) because it does not require that an invoking user be a member of the wheel group when attempting to become the superuser (this is the case with su(1)). To avoid this situation, k5su(8) is now installed non-SUID by default (effectively disabling it). More information can be found in security advisory FreeBSD-SA-02:24. [MERGED]

Multiple vulnerabilities were found in the bzip2(1) utility, which could allow files to be overwritten without warning or allow local users unintended access to files. These problems have been corrected with a new import of bzip2. For more information, see security advisory FreeBSD-SA-02:25. [MERGED]

A bug has been fixed in the implementation of the TCP SYN cache (``syncache''), which could allow a remote attacker to deny access to a service when accept filters (see accept_filter(9)) were in use. This bug has been fixed; for more information, see security advisory FreeBSD-SA-02:26. [MERGED]

Due to a bug in rc(8)'s use of shell globbing, users may be able to remove the contents of arbitrary files if /tmp/.X11-unix does not exist and the system can be made to reboot. This bug has been corrected (see security advisory FreeBSD-SA-02:27). [MERGED]

A buffer overflow in the resolver, which could be exploited by a malicious domain name server or an attacker forging DNS messages, has been fixed. See security advisory FreeBSD-SA-02:28 for more details. [MERGED]

A buffer overflow in tcpdump(1), which could be triggered by badly-formed NFS packets, has been fixed. See security advisory FreeBSD-SA-02:29 for more details. [MERGED]

ktrace(1) can no longer trace the operation of formerly privileged processes; this prevents the leakage of sensitive information that the process could have obtained before abandoning its privileges. For a discussion of this issue, see security advisory FreeBSD-SA-02:30 for more details. [MERGED]

A race condition in pppd(8), which could be used to change the permissions of an arbitrary file, has been corrected. For more information, see security advisory FreeBSD-SA-02:32. [MERGED]

Multiple buffer overflows in OpenSSL have been corrected, by way of an upgrade to the base system version of OpenSSL. More details can be found in security advisory FreeBSD-SA-02:33. [MERGED]

A heap buffer overflow in the XDR decoder has been fixed. For more details, see security advisory FreeBSD-SA-02:34. [MERGED]

A bug that could allow local users to read and write arbitrary blocks on an FFS filesystem has been corrected. More details can be found in security advisory FreeBSD-SA-02:35. [MERGED]

A bug in the NFS server code, which could allow a remote denial of service attack, has been fixed. Security advisory FreeBSD-SA-02:36 has more details. [MERGED]

A bug that could allow local users to panic a system using the kqueue(2) mechanism has been fixed. More information is contained in security advisory FreeBSD-SA-02:37. [MERGED]

Several bounds-checking bugs in system calls, which could result in some system calls returning a large portion of kernel memory, have been fixed. More information can be found in security advisory FreeBSD-SA-02:38. [MERGED]

A bug that could allow applications using libkvm to leak sensitive file descriptors has been corrected. (See security advisory FreeBSD-SA-02:39 for more details.) [MERGED]

Buffer overflows in kadmind(8) and k5admin have been corrected. More details can be found in security advisory FreeBSD-SA-02:40. [MERGED]

Errors in smrsh(8), which could allow users to circumvent restrictions on what programs can be executed, have been fixed. See FreeBSD-SA-02:41 for details. [MERGED]

Buffer overflows in the DNS resolver(3), which could cause some applications to fail, have been corrected. More details are in FreeBSD-SA-02:42. [MERGED]

Multiple vulnerabilities in BIND have been fixed, as described in FreeBSD-SA-02:43. [MERGED]

2.3 Userland Changes

Support for a.out(5) format executables in the compiler toolchain has been largely removed.

Note: This is a work in progress. Eventually, a.out(5) support will resurface in a series of ports/packages.

arp(8) now prints [fddi] or [atm] tags for addresses on interfaces of those types.

The asa(1) utility, to interpret FORTRAN carriage-control characters, has been added.

at(1) now supports the -r command-line option to remove jobs and the -t option to specify times in POSIX time format.

The system awk(1) now refers to BWK awk.

basename(1) now accept -a and -s flags, which allow it to perform the basename(3) function on multiple files.

biff(1) now accepts a b argument to enable ``bell notification'' of new mail (which does not disturb the terminal contents as biff y would). [MERGED]

biff(1) now uses the first terminal associated with the standard input, standard output or standard error file descriptor, in that order. Thus, it is possible to use the redirection facilities of a shell (biff n < /dev/ttyp1) to toggle the notification for other terminals.

burncd(8) now supports Disk At Once (DAO) mode, selectable via the -d flag. [MERGED]

burncd(8) now has the ability to write VCDs/SVCDs. [MERGED]

burncd(8) now accepts a value of max for its -s option to set the drive's maximum write speed.

bzgrep(1), bzegrep(1), and bzfgrep(1) have been added to perform grep(1)-type operations on bzip2(1)-compressed files.

calendar(1) now takes a -W option, which operates similar to -A but without special treatment at weekends, and a -Foption to change the notion of ``Friday''.

catman(1) is now a C program, instead of a Perl script.

cdcontrol(1) now supports a speed command to set the maximum speed to be used by the drive (the maximum possible speed can be selected setting the speed to max).

A check_utility_compat(3) library function has been added to libc, to determine whether certain FreeBSD base system utilities should behave in FreeBSD 4-compatible mode or in a ``standard'' mode (default standard). The configuration is done malloc(3)-style, with either an environment variable or a symbolic link.

chflags(1) has moved from /usr/bin to /bin.

chmod(1) now supports a -h for changing the mode of a symbolic link.

chmod(1) now also, when the mode is modified, prints the old and new modes if the -v option is specified more than once.

chown(8) no longer takes . as a user/group delimeter. This change was made to support usernames containing a ..

Use of the CSMG_* macros no longer require inclusion of <sys/param.h>

A compat4x distribution has been added for compatibility with FreeBSD 4-STABLE.

cp(1) now takes a (nonstandard) -n option to automatically answer ``no'' when it would ask to overwrite a file. [MERGED]

A new csplit(1) utility, which splits files based on context, has been added.

ctags(1) now creates tags for typedefs, structs, unions, and enums by default (implying the -t option). The new -T reverts to the old behavior.

The daemon(8) program, a command-line interface to daemon(3), has been added. It detaches itself from its controlling terminal and executes a program specified on the command line. This allows the user to run an arbitrary program as if it were written to be a daemon. [MERGED]

The devd(8) utility, a userland daemon that can run arbitrary commands when devices come and go in the device tree, has been added. This program is a generalization of some of the functionality of pccardd(8).

Note: devd(8) is work-in-progress.

devinfo(8), a simple tool to print the device tree and resource usage by devices, has been added.

diskpart(8) has been declared obsolete, and has been removed.

dump(8) now supports a new -S flag to allow it to just print out the dump size estimates and exit. [MERGED]

expr(1) is now compliant with POSIX.2-1992 (and thus also with POSIX.1-2001). Some program depend on the old, historic behavior and do not properly protect their arguments to keep them from being misinterpreted as command-line options. (the devel/libtool port/package, used by many GNU programs, is a notable example). The old behavior can be requested by enabling compatibility mode for expr(1) as described in check_utility_compat(3).

fbtab(5) now accepts glob matching patterns for target devices, not just individual devices and directories.

fdisk(8) no longer attempts to search for a device if none has been specified on the command line, but instead tries to figure out the default device name from the root device.

fdread(1), a program to read data from floppy disks, has been added. It is a counterpart to fdwrite(1) and is designed to provide a means of recovering at least some data from bad media, and to obviate for a complex invocation of dd(1).

finger(1) now has support for a .pubkey file. [MERGED]

finger(1) now supports a -g flag to restrict the printing of GECOS information to the user's full name only. [MERGED]

finger(1) now supports the -4 and -6 flags to specify an address family for remote queries. [MERGED]

fold(1) now supports a -b flag to break at byte positions and a -s flag to break at word boundaries. [MERGED]

fsck(8) wrappers have been imported; this feature provides infrastructure for fsck(8) to work on different types of filesystems (analogous to mount(8)).

The behavior of fsck(8) when dealing with various passes (a la /etc/fstab) has been modified to accommodate multiple-disk filesystems.

fsck(8) now has support for foreground (-F) and background (-B) checks. Traditionally, fsck(8) is invoked before the filesystems are mounted and all checks are done to completion at that time. If background checking is available, fsck(8) is invoked twice. It is first invoked at the traditional time, before the filesystems are mounted, with the -F flag to do checking on all the filesystems that cannot do background checking. It is then invoked a second time, after the system has completed going multiuser, with the -B flag to do checking on all the filesystems that can do background checking. Unlike the foreground checking, the background checking is started asynchronously so that other system activity can proceed even on the filesystems that are being checked. Boot-time enabling of this feature is controlled by the background_fsck option in rc.conf(5).

fsck_ffs(8) now supports background filesystem checks to mounted FFS filesystems with the -B option (softupdates must be enabled on these filesystems). The -F flag now determines whether a specified filesystem needs foreground checking.

ftpd(8) now supports the -m option to permit guest users to modify existing files if allowed by filesystem permissions. In particular, this enables guest users to resume uploads. [MERGED]

ftpd(8) now supports the -M option to prevent guest users from creating directories. [MERGED]

ftpd(8) now supports -o and -O options to disable the RETR command; the former for everybody, and the latter only for guest users. Coupled with -A and appropriate file permissions, these can be used to create a relatively safe anonymous FTP drop box for others to upload to. [MERGED]

ftpd(8) now supports the -W option to disable logging FTP sessions to wtmp(5). [MERGED]

The getconf(1) utility has been added. It prints the values of POSIX or X/Open path or system configuration variables. [MERGED]

gifconfig(8) is obsolete and has been removed. Its functionality is now handled by the tunnel and deletetunnel commands of ifconfig(8).

gprof(1) now has a -K option to enable dynamic symbol resolution from the currently-running kernel. With this change, properly-compiled KLD modules are now able to be profiled.

The ibcs(8), linux(8), osf1(8), and svr4(8) scripts, whose sole purpose was to load emulation kernel modules, have been removed. The kernel module system will automatically load them as needed to fulfill dependencies.

ifconfig(8) now has the ability to set promiscuous mode on an interface, via the new promisc flag. [MERGED]

ifconfig(8) now supports a monitor interface flag, which blocks transmission of packets on that interface. This feature is useful for monitoring network traffic without interacting with the network in question.

By default, inetd(8) is no longer run by rc(8) at boot-time, although sysinstall(8) gives the option of enabling it during binary installations. inetd(8) can also be enabled by adding the following line to /etc/rc.conf:


inetd(8) now has the capability for limiting the maximum number of simultaneous invocations of each service from a single IP address. [MERGED]

ipfw(8) filter rules can now match on the value of the IPv4 precedence field.

kbdmap(1) and vidfont(1) have been converted from Perl to C.

kenv(1) now has the ability to set or delete kernel environment variables.

The kget(8) utility has been removed (it was only useful for UserConfig, which is not present in FreeBSD 5.0-DP2).

killall(1) no longer tries to kill zombie processes unless the -z flag is specified.

ktrdump(8), a utility to dump the ktr trace buffer from userland, has been added.

ldd(1) now supports a -a flag to list all the objects that are needed by each loaded object.

libc is now thread-safe by default; libc_r contains only thread functions.

libstand now has support for overwriting the contents of a file on a UFS filesystem (it cannot expand or truncate files because the filesystem may be dirty or inconsistent).

libgmp has been superceded by libmp.

The functions from libposix1e have been integrated into libc.

lock(1) now accepts a -v to disable switching VTYs while the current terminal is locked. This permits locking the entire console from a single terminal. [MERGED]

lpc(8) has been improved; lpc clean is now somewhat safer, and a new lpc tclean command has been added to check to see what files would be removed by lpc clean. lpc topq has been reimplemented, and now allows for a much more flexible specification of which jobs should be moved (such as a range of job numbers, or a hostname). An lpc bottomq command has been added to move jobs to the bottom of a print queue, and a new lpc setstatus command can be used to set a printer's status message. [MERGED]

The ls(1) program now supports a -m flag to list files across a page, a -p flag to force printing of a / after directories, and a -x flag to sort filenames across a page. [MERGED]

makewhatis(1) is now a C program, instead of a Perl script.

man(1) is no longer installed SUID man, in order to reduce vulnerabilities associated with generating ``catpages'' (preformatted manual pages cached for repeated viewing). As a result, man(1) can no longer create system catpages on a regular user's behalf. It is still able to do so if the user has write permissions to the directory holding catpages (e.g. a user's own manpages) or if the running user is root.

The mdmfs(8) command has been added; it is a wrapper around mdconfig(8), disklabel(8), newfs(8), and mount(8) that mimics the command line option set of the deprecated mount_mfs(8).

mesg(1) now conforms to SUSv3. Among other things, it now uses the first terminal associated with the standard input, standard output or standard error file descriptor, in that order. Thus, it is possible to use the redirection facilities of a shell (mesg n < /dev/ttyp1) to control write access for other terminals.

mountd(8) and nfsd(8) have moved from /sbin to /usr/sbin.

mv(1) now takes a (nonstandard) -n option to automatically answer ``no'' when it would ask to overwrite a file. [MERGED]

A number of archaic features of newfs(8) have been removed; these implement tuning features that are essentially useless on modern hard disks. These features were controlled by the -O, -d, -k, -l, -n, -p, -r, -t, and -x flags.

newfs(8) now supports a -O flag to select the creation of UFS1 or UFS2 filesystems.

The newgrp(1) utility to change to a new group has been added.

newsyslog(8) now compresses log files using bzip2(1) by default. (The former behavior of using gzip(1) can be specified in /etc/newsyslog.conf.)

The nextboot(8) utility has been added to specify an alternate kernel and/or boot flags to be used the next time the machine is booted. A previous incarnation of this feature first appeared in FreeBSD 2.2.

NFS now works over IPv6.

nice(1) now uses the -n option to specify the ``niceness'' of the utility being run. [MERGED]

nsswitch support has been merged from NetBSD. By creating an nsswitch.conf(5) file, FreeBSD can be configured so that various databases such as passwd(5) and group(5) can be looked up using flat files, NIS, or Hesiod. If /etc/nsswitch.conf does not exist, it will be automatically generated from an existing /etc/hosts.conf at system startup time. The /etc/hosts.conf file may be used by old executables; it will be automatically generated from an existing /etc/nsswitch.conf during system startup if it exists.

od(1) now supports the -A option to specify the input address base, the -N option to specify the number of bytes to dump, the -j option to specify the number of bytes to skip, the -s option to output signed decimal shorts, and the -t option to specify output type. [MERGED]

PAM support has been added for account management and sessions.

PAM configuration is now specified by files in /etc/pam.d/, rather than a single /etc/pam.conf file. /etc/pam.d/README has more details.

A pam_echo(8) echo service module has been added.

A pam_exec(8) program execution service module has been added.

A pam_ftp(8) module has been added to allow authentication of anonymous FTP users.

A pam_ftpusers(8) module has been added to perform checks against the ftpusers(5) file.

A pam_ksu(8) module has been added to do Kerberos 5 authentication and $HOME/.k5login authorization for su(1).

A pam_lastlog(8) module has been added to record sessions in the utmp(5), wtmp(5), and lastlog(5) databases.

A pam_login_access(8) module has been added, to allow checking against /etc/login.access.

The pam_nologin(8) module, which can disallow logins using nologin(5), has been added.

The pam_opie(8) and pam_opieaccess(8) modules have been added to control authentication via opie(4). [MERGED]

A pam_passwdqc(8) module has been added, to check the quality of passwords submitted during password changes.

A pam_rhosts(8) module has been added to support rhosts(5) authentication.

The pam_rootok(8) module, which can be used to authenticate only the superuser, has been added.

A pam_securetty(8) module has been added to check the ``security'' of a TTY, as listed in ttys(5).

A pam_self(8) module, which allows self-authentication of a user, has been added.

A pam_wheel(8) module has been added to permit authentication to members of a group, which defaults to wheel.

The pathchk(1) utility, which checks pathnames for validity or portability between POSIX systems, has been added. [MERGED]

ping(8) now supports a -o flag to exit after receiving a reply.

prefix(8) is obsolete and has been removed. Its functionality is provided by the eui64 command to ifconfig(8).

The pselect(3) library function (introduced by POSIX.1 as a slightly stronger version of select(2)) has been added.

pwd(1) now supports the -L flag to print the logical current working directory. [MERGED]

quota(1) now takes a -l flag to suppress quote checks on NFS filesystems.

The pseudo-random number generator implemented by rand(3) has been improved to provide less biased results.

rcmd(3) now supports the use of the RSH environment variable to specify a program to use other than rsh(1) for remote execution. As a result, programs such as dump(8), can use ssh(1) for remote transport.

rdist(1) has been retired from the base system, but is still available from FreeBSD Ports Collection as net/44bsd-rdist.

The renice(8) command implements a -n option, which specifies an increment to be applied to the priority of a process. [MERGED]

rpcbind(8) has replaced portmap(8).

rpcgen(1) now uses /usr/bin/cpp (as on NetBSD), not /usr/libexec/cpp.

rpc.lockd(8) has been imported from NetBSD. This daemon provides support for servicing client NFS locks.

rtld(1) will now print the names of all objects that cause each object to be loaded, if the LD_TRACE_LOADED_OBJECTS_ALL environment variable is defined.

sed(1) now takes a -i option to enable in-place editing of files. [MERGED]

The setfacl(1) and getfacl(1) commands have been added to manage filesystem Access Control Lists.

sh(1) no longer implements printf as a built-in command because it was considered less valuable compared to the other built-in commands (this functionality is, of course, still available through the printf(1) executable).

sh(1) now supports a -C option to prevent existing regular files from being overwritten by output redirection, and a -u to give an error if an unset variable is expanded. [MERGED]

The sh(1) built-in cd command now supports -L and -P flags to invoke logical or physical modes of operation, respectively. Logical mode is the default, but the default can be changed with the physical sh(1) option. [MERGED]

The sh(1) built-in jobs command now supports a -s flag to output PIDs only and a -l flag to add PIDs to the output. [MERGED]

sh(1) now supports a bind built-in command, which allows the key bindings for the shell's line editor to be changed.

The sh(1) built-in export and readonly commands now support a -p flag to print their output in ``portable'' format. [MERGED]

sh(1) no longer accepts invalid constructs as command & && command, && command, or || command. [MERGED]

spkrtest(8) is now a sh(1) script, rather than a Perl script.

split(1) now supports a -a option to specify the number of letters to use for the suffix of split files. [MERGED]

In preparation for meeting SUSv2/POSIX <sys/select.h> requirements, struct selinfo and related functions have been moved to <sys/selinfo.h>.

su(1) now uses PAM for authentication.

sysctl(8) now accepts a -d flag to print the descriptions of variables.

The default root partition in sysinstall(8) is now 100MB on the i386 and pc98, 120MB on the Alpha.

sysinstall(8) now lives in /usr/sbin, which simplifies the installation process. The sysinstall(8) manpage is also installed in a more consistent fashion now.

sysinstall(8) no longer mounts the procfs(5) filesystem by default on new installs.

tabs(1), a utility to set terminal tab stops, has been added.

The termcap(5) database now uses the xterm terminal type from XFree86. As a result, xterm(1) now supports color by default and the common workaround of setting TERM to xterm-color is no longer necessary. Use of the xterm-color terminal type may result in (benign) warnings from applications.

tftpd(8) now supports RFC 2349 (TFTP Timeout Interval and Transfer Size Options); this feature is required by some firmware like EFI boot managers (at least on HP i2000 Itanium servers) in order to boot an image using TFTP.

A version of Transport Independent RPC (TI-RPC) has been imported.

tip(1) has been updated from OpenBSD, and has the ability to act as a cu(1) substitute.

top(1) will now use the full width of its tty.

touch(1) now takes a -h option to operate on a symbolic link, rather than what the link points to.

tr(1) now has basic support for equivalence classes for locales that support them. [MERGED]

tr(1) now supports a -C flag to complement the set of characters specified by the first string argument.

tunefs(8) now supports the -a and -l flags to enable and disable the FS_ACLS and FS_MULTILABEL administrative flags on UFS file system.

A ugidfw(8) utility has been added to manage the rulesets provided by the mac_bsdextended Mandatory Access Control policy, similar to ipfw(8).

UUCP has been removed from the base system. It can be found in the Ports Collection, in net/freebsd-uucp.

unexpand(1) now supports a -t to specify tabstops analogous to expand(1). [MERGED]

usbdevs(8) now supports a -d flag to show the device driver associated with each device.

The base64 capabilities of uuencode(1) and uudecode(1) can now be automatically enabled by invoking these utilities as b64encode(1) and b64decode(1) respectively. [MERGED]

Functions to implement and manipulate OSF/DCE 1.1-compliant UUIDs have been added to libc. More information can be found in uuid(3).

The uuidgen(1) utility has been added. It uses the new uuidgen(2) system call to generate one or more Universally Unique Identifiers compatible with OSF/DCE 1.1 version 1 UUIDs.

vidcontrol(1) now accepts a -S to allow the user to disable VTY switching. [MERGED]

The default stripe size in vinum(8) has been changed from 256KB to 279KB, to spread out superblocks more evenly between stripes.

wc(1) now supports a -m flag to count characters, rather than bytes.

whereis(1), formerly a Perl script, has been rewritten in C. It now supports a -x flag to suppress the run of locate(1), and a -q flag suppresses the leading name of the query.

whereis(1) now supports a -a flag to report all matches instead of only the first of each requested type.

which(1) is now a C program, rather than a Perl script.

who(1) now has a number of new options: -H shows column headings; -T shows mesg(1) state; -m is an equivalent to am i; -u shows idle time; -q to list names in columns. [MERGED]

wicontrol(8) now supports a -l to list the stations associated in hostap mode and a -L to list available access points.

xargs(1) now supports a -I replstr option that allows the user to tell xargs(1) to insert the data read from standard input at specific points in the command line arguments rather than at the end. (A FreeBSD-specific -J option is similar.) [MERGED]

xargs(1) now supports a -L option to force its utility argument to be called after some number of lines. [MERGED]

Various routines in the C library now have support for ``wide'' characters. Among these are character class functions such as wctype(3), wide character I/O functions such as getwc(3), formatted I/O functions such as wprintf(3) and wscanf(3). Conversion functions to multibyte(3) characters are also supported.

A number of utilities and libraries were enhanced to improve their conformance with the Single UNIX Specification (SUSv3) and IEEE Std 1003.1-2001 (``POSIX.1''). Specific features added have been listed in the release notes for each utility. The standards conformance of each utility or library function is generally listed in its manual page.

A number of games have been removed from the base system. These include: adventure(6), arithmetic(6), atc(6), backgammon(6), battlestar(6), bs(6), canfield(6), cribbage(6), fish(6), hack(6), hangman(6), larn(6), mille(6), phantasia(6), piano(6), pig(6), quiz(6), rain(6), robots(6), rogue(6), sail(6), snake(6), trek(6), wargames(6), worm(6), worms(6), wump(6). dm(8), which was used to control access to games, is no longer necessary, and has also been removed. The ``utility-like'' games, as well as fortune(6), remain.

Note: The affected programs will reappear as a port in the Ports Collection. This note will contain a pointer to that port, once it has been committed.

2.3.1 Contributed Software

am-utils has been updated to 6.0.7.

A 10 February 2002 snapshot of awk from Bell Labs (variously known as ``BWK awk'' or ``The One True AWK'') has been imported. It is available as awk or nawk.

BIND has been updated to 8.3.3. [MERGED]

Binutils has been updated to a pre-release snapshot of 2.13.1 from 11 October 2002.

file has been updated to 3.39.

gcc has been updated to a pre-release snapshot of gcc 3.2.1, from 9 October 2002.

Warning: The C++ ABI from gcc 3.2.X is not compatible with previous versions.

gdb has been updated to version 5.2.1.

gperf has been updated to 2.7.2.

groff and its related utilities have been updated to FSF version 1.18.1.

Heimdal Kerberos has been updated to a pre-0.5 snapshot from 16 September 2002.

The ISC DHCP client has been updated to 3.0.1RC9.

The more(1) command has been replaced by less(1), although it can still be run as more. [MERGED] Version 371 of less has been imported.

An XML processing library, named libbsdxml, has been added for the benefit of XML-using utilities in the base system. It is based almost entirely on an import of expat 1.95.5, but is installed under a different name to avoid conflicts with any versions of expat installed from the Ports Collection.

libpcap has been updated to 0.7.1. [MERGED]

libreadline has been updated to 4.2.

libz has been updated to 1.1.4.

lint has been updated to snapshot of NetBSD lint(1) as of 19 July 2002.

lukemftp 1.6 beta 2 (the FTP client from NetBSD) has replaced the FreeBSD ftp(1) program. Among its new features are more automation methods, better standards compliance, transfer rate throttling, and a customizable command-line prompt. Some environment variables and command-line arguments have changed.

The FTP daemon from NetBSD, otherwise known as lukemftpd 1.2 beta 1, has been imported and is available as lukemftpd(8). [MERGED]

m4(1) has been imported from OpenBSD, as of 26 April 2002. [MERGED]

ncurses has been updated to 5.2-20020615.

The NTP suite of programs has been updated to 4.1.1b.

OpenPAM (``Citronella'' release) has been imported, replacing Linux-PAM.

The OPIE one-time-password suite has been updated to 2.4. It has completely replaced the functionality of S/Key. [MERGED]

Perl has been removed from the FreeBSD base system. It can still be installed from the FreeBSD Ports Collection or as a binary package; moving it out of the base system will make future upgrades and maintenence easier. To reduce the dependence of the base system on Perl, many utilities have been rewritten as shell scripts or C programs (specific notes are made for each affected utility). /usr/bin/perl is now a ``wrapper'' program, so that programs expecting to find a Perl interpreter there will be able to function correctly.

Warning: The Perl removal and package integration work is ongoing.

GNU ptx has been removed from the base system. It is not used anywhere in the base system, and has not been recently updated or maintained. Users requiring its functionality can install this utility as a part of the textproc/textutils port.

The rc.d framework from NetBSD has been imported. It breaks down the system startup functionality into a number of small, ``task-oriented'' scripts in /etc/rc.d, with dynamic-determined ordering of startup scripts performed at boot-time.

Version 1.4.5 of the smbfs userland utilities has been imported. [MERGED]

GNU sort has been updated to the version from GNU textutils 2.0.21.

stat(1) from NetBSD, as of 5 June 2002 has, been imported.

GNU tar has been updated to 1.13.25. [MERGED]

tcpdump has been updated to 3.7.1. [MERGED]

The csh(1) shell has been replaced by tcsh(1), although it can still be run as csh. tcsh has been updated to version 6.12. [MERGED]

The contributed version of tcp_wrappers now includes the tcpd(8) helper daemon. While not strictly necessary in a standard FreeBSD installation (because inetd(8) already incorporates this functionality), this may be useful for inetd(8) replacements such as xinetd. [MERGED]

texinfo has been updated to 4.2. [MERGED]

top has been updated to version 3.5b12. [MERGED]

traceroute has been updated to LBL version 1.4a12.

The timezone database has been updated to the tzdata2002d release. [MERGED] CVS

cvs has been updated to 1.11.2. [MERGED] OpenSSH

OpenSSH has been updated to version 3.1. [MERGED] Among the changes:

  • The *2 files are obsolete (for example, ~/.ssh/known_hosts can hold the contents of ~/.ssh/known_hosts2).

  • ssh-keygen(1) can import and export keys using the SECSH Public Key File Format, for key exchange with several commercial SSH implementations.

  • ssh-add(1) now adds all three default keys.

  • ssh-keygen(1) no longer defaults to a specific key type; one must be specified with the -t option.

OpenSSH has been updated to 3.4p1. [MERGED] The main changes are:

  • A ``privilege separation'' feature, which uses unprivileged processes to contain and restrict the effects of future compromises or programming errors.

  • Several bugfixes, including closure of a security hole that could lead to an integer overflow and undesired privilege escalation. OpenSSL

OpenSSL has been updated to 0.9.6g. [MERGED] sendmail

sendmail has been updated from version 8.9.3 to version 8.12.6. Important changes include: sendmail(8) is no longer installed as a set-user-ID root binary (now set-group-ID smmsp); new default file locations (see /usr/src/contrib/sendmail/cf/README); newaliases(1) is limited to root and trusted users; STARTTLS encryption; and the MSA port (587) is turned on by default. See /usr/src/contrib/sendmail/RELEASE_NOTES for more information. [MERGED]

By default, rc(8) no longer enables sendmail for inbound SMTP connections. Note that sysinstall(8) may override this default for a binary installation, based on what security profile is selected. This functionality can also be manually enabled by adding the following line to /etc/rc.conf:


The permissions for sendmail alias and map databases built via /etc/mail/Makefile now default to mode 0640 to protect against a file locking local denial of service. It can be changed by setting the new SENDMAIL_MAP_PERMS make.conf option. [MERGED]

The permissions for the sendmail statistics file, /var/log/, have been changed from mode 0644 to mode 0640 to protect against a file locking local denial of service. [MERGED]

2.3.2 Ports/Packages Collection Infrastructure

BSDPAN, a collection of modules that provides tighter integration of Perl into the FreeBSD Ports Collection, has been added.

For some time, FreeBSD 5.0-CURRENT (as well as some 4.X releases) included a pkg_update(1) utility to update installed packages, as well as their dependencies. This utility has been removed; a superset of its functionality can be found in the sysutils/portupgrade port.

pkg_version(1), formerly a Perl script, has been rewritten in C.

The Ports Collection infrastructure now uses XFree86 4.2.1 as the default version of the X Window System for the purposes of satisfying dependencies. To return to using XFree86 3.3.6, add the following line to /etc/make.conf: [MERGED]


The libraries installed by the emulators/linux_base port (required for Linux emulation) have been updated; they now correspond to those included with Red Hat Linux 7.1. [MERGED]

By default, packages generated by the Ports Collection (as well as the packages on the FTP sites) are now compressed using bzip2(1), rather than gzip(1). (Thus, they now have a .tbz extension, rather than a .tgz extension.) The package tools have been updated to handle the new format.

2.4 Release Engineering and Integration

The bin distribution has been renamed base, in order to make creation of combined install/recovery disks easier.

It is now possible to make releases of FreeBSD 5-CURRENT on a FreeBSD 4-STABLE host and vice versa. Cross-architecture (building a release for a target architecture on a host of a different architecture) releases are also possible. See release(7) for details. [MERGED]

A third drivers.flp floppy has been added to floppy releases. It holds loadable modules containing drivers that do not fit in the kernel on the kern.flp disk or in the mfsroot.flp image.

2.5 Documentation

A number of formerly-encumbered documents from the 4.4 BSD Programmer's Supplementary Documents have been restored to /usr/share/doc/psd. These include:

  • The UNIX Time-Sharing System (01.cacm)

  • UNIX Implementation (02.implement)

  • The UNIX I/O System (03.iosys)

  • UNIX Programming -- Second Edition (04.uprog)

  • The C Programming Language -- Reference Manual (06.Clang)

  • Yacc: Yet Another Compiler-Compiler (15.yacc)

  • Lex -- A Lexical Analyzer Generator (16.lex)

  • The M4 Macro Processor (17.m4)

Several formerly-encumbered documents from the 4.4 BSD User's Supplementary Documents have been restored to /usr/share/doc/usd. They include:

  • NROFF/TROFF User's Manual (21.troff)

  • A TROFF Tutorial (22.trofftut)

3 Upgrading from previous releases of FreeBSD

Users with existing FreeBSD systems are highly encouraged to read the ``Early Adopter's Guide to FreeBSD 5.0''. This document generally has the filename EARLY.TXT on the distribution media, or any other place that the release notes can be found. It offers some notes on upgrading, but more importantly, also discusses some of the relative merits of upgrading to FreeBSD 5.X versus running FreeBSD 4.X.

Important: Upgrading FreeBSD should, of course, only be attempted after backing up all data and configuration files.

This file, and other release-related documents, can be downloaded from

For questions about FreeBSD, read the documentation before contacting <>.

All users of FreeBSD 5-CURRENT should subscribe to the <> mailing list.

For questions about this documentation, e-mail <>.