MSI interrupts for many devices, on those architectures which can
! support them (amd64, i386, sparc64 only so far).
!
A new dma_alloc(9) API makes it easier for kernel code to allocate
! dma-safe memory. Many drivers (especially network drivers) and
! subsystems (in particular scsi and the buffer cache) were adapted
! to use this.
!
As a result, big-memory support has been enabled on all possible
! architectures.
!
The rather rare bce(4) driver now copies mbufs all the time, to cope
! with the hardware having a 1GB limit.
!
Added hds(4), a driver for Hitachi Modular Storage SCSI devices.
!
Added myx(4), a driver for the Myricom Myri-10G 10GB Ethernet devices.
!
Added dfs(4), a driver for Dynamic Frequency Switching on some macppc
! systems.
!
cardbus(4) and pcmcia(4) support on sgi.
!
Suspend/resume support on Loongson Yeelong laptops.
!
!
+
Generic network stack improvements:
+
+
Added support for sending Wake on Lan packets using arp(8).
+
Permit turning Wake on Lan support on/off using ifconfig(8).
+
Added Wake on Lan support to xl(4), re(4), and vr(4).
+
Allow ftp-proxy to proxy across rdomains.
+
The IPv4 stack will no longer accept ICMP redirects when
+ acting as a router.
+
By default the IPv6 stack will not process ICMP6 redirects.
+ rtsol(8) will turn it back if -F is used.
+
Reworked large parts of the dhclient(8) options processing for better
+ interoperability.
+
Fixed carp(4) to work in IPv6 only setups.
+
Make it possible to bind(2) to the local network broadcast address
+ on datagram and raw sockets.
+
The default multicast reject route is now ignored if the UDP socket
+ uses the IP_MULTICAST_IF socket option.
+
Make gre(4) work between systems in the same LAN.
+
Removed the link1 mode special addressing mode on lo(4).
+
Kernel randomization speed and quality improved substantially.
+
+
+
+
Routing daemons and other userland network improvements:
+
+
bgpd(8) no longer bumps the rlimits: the rc.d framework respects
+ login classes which is a much better solution.
+
Correctly set the network filtersets on reload in bgpd(8).
+
The routing socket is now sending RTM_DESYNC messages if the
+ socketbuffer overflows.
+
Allow ospfd(8) to send out LS updates and other messages
+ larger than the MTU.
+
Fixed nexthop calculation in ospfd(8) for directly connected P2P links.
+
First bits to support opaque LSA in ospfd(8). Only basic redistribute
+ logic and LSDB handling for now.
+
Creating new interfaces will no longer cause a fatal error in ospf6d(8).
+
ospf6d(8) handles link-state changes better.
+
Better loopback handling in ospf6d(8).
+
No longer install extra multicast routes in ripd(8) and ldpd(8).
+
Make kqueue(2) work with sosplice(9).
+
Enabled sosplice(9) in relayd(8) for TCP.
+
Added support for divert-to which provides some benefits over
+ rdr-to in relayd(8).
+
Fixed trap sending in snmpd(8).
+
Make ping6(8) compare minimum amount of bytes between what
+ was received and what was sent out.
+
Make traceroute(8) with type-of-service setted (-t) display
+ a message if the returned packet has a different tos type.
+
Added the socket splicing fields of struct socket to netstat -vP output.
+
+
+
+
pf(4) improvements:
+
+
Make pf(4) reassemble IPv6 fragments. In the forward case, pf
+ refragments the packets with the same maximum size.
+
Allow pf(4) to filter on the rdomain a packet belongs to.
+
Make pf(4) allow userland proxies to establish cross rdomain
+ proxy sessions.
+
Added IPv6 ACK prioritization in pf(4).
+
Change 'set skip on <...>' to work with interface groups.
+
pfsync(4) supports IPv6 as network protocol.
+
Switched ftp-proxy(8) over to divert-to instead of rdr-to.
+
tftp-proxy(8) uses 'divert-to' as well.
+
+
+
+
SCSI improvements:
+
+
most SCSI hardware drivers now use the new iopools infrastructure.
+
scsi(4) devices are now all provided with a unique devid, which
+ is displayed during the probe process.
+
ASC/ASCQ error codes and verbiage now in sync with
+ http://www.t10.org/lists/asc-num.txt.
+
progress on iSCSI includes better login, better logout, preliminary
+ FSM support in iscsid(8), and improved logging and debug information.
+
uk(4) can now safely and reliably detach an unknown SCSI device.
+
mpath(4) device and kernel support is improved.
+
vscsi(4) now ensures output always goes to the correct connection.
+
vscsi(4) connections can now be reset gracefully.
+
scsi(4) devices on fibre channel fabrics no longer inherit the adapter's
+ address.
+
+
+
+
Assorted improvements:
+
+
For additional security, security(8) was rewritten in Perl.
+
Mandoc 1.11.4: Now accepts eqn(7) input (no fancy formatting yet)
+ and supports -Tutf8 output (but no utf8 input yet).
+
Removed a variety of OS-compat emulation code, leaving just the Linux
+ support.
+
Small improvements to Linux compat (only available on i386).
+
Improved our own pkg-config(1) implementation with extended comparison
+ scheme and implementing various new options.
+
The math library, libm, was fully fleshed out to support all C99 required
+ parts. Many bugs for various architectures were fixed along the way.
+
malloc(3) is a lot faster and has a few further security features (more
+ randomization, as well as the 'S' flag to enable all paranoia checks).
+
'make depend' is no longer neccessary in kernel compilation directories
+ since the dependencies are calculated automatically.
+
Increased the default size of the buffer cache.
+
kqueue(2) now works on /dev/random and spliced sockets
+
On MBR-based disks, scan through up to 256 extended partition tables
+ when looking for an OpenBSD partition table.
+
Added POSIX 2008 fdopendir(3) and openat(2) functions, as well as the
+ O_CLOEXEC, O_DIRECTORY, and F_DUPFD_CLOEXEC flags.
+
Improved lint format string checks and added a few other checks.
+
kdump(8) now dumps stat and sockaddr structures, sysctl mib
+ strings, and decodes syscall flags and operation bits.
+
Improved kernel pool debug checking.
+
Improved correctness of signals and various syscalls when rthreads
+ are in use.
+
Kernel malloc(9) space and stacks moved to non-dma memory.
+
Fixed some shutdown/reboot hangs on NFS clients.
+
UNIX-domain socket paths are now guaranteed to be NUL-terminated.
+
Added support for *wprintf(3), wcs{,n}casecmp(3), and wcsdup(3).
+
NULL is now a (void *).
+
+
+
+
Install/Upgrade process changes:
+
+
Completed support for DUID disk installs, and enabled it fully.
+
Tried to make sysmerge(8) work in the installer, but ran into small
+ problems and decided to disable it.
+
Install non-free firmwares from the internet upon first boot, based on a
+ question in the installer.
+
svnd(4)-like behaviour became the default for vnd(4) devices. This is
+ what is used to build the media.
+
+
+
+
rc.d(8) framework improvements:
+
+
rc.d(8) is now also used the base system daemons.
+
Backward compatible with the historic way of starting daemons.
+
Notify the user by appending (ok) or (failed) in interactive mode.
+
Better diagnostics with the introduction of RC_DEBUG.
+
+
+
+
OpenSSH 6.0:
+
+
New features:
+
+
Allow cancellation of port forwardings via the multiplexing socket
+ (e.g. "ssh -O cancel -R 2222:127.0.0.1:22 user@host")
+
Add wildcard support to PermitOpen (e.g. "PermitOpen localhost:*")
+
A new "ssh-add -k" option to load only plain keys and not
+ certificates into the agent.
+
ssh-add now supports loading keys from stdin ("program | ssh-add -")
+
Allow graceful shutdown of the multiplexing socket (stop listening,
+ but don't interrupt existing connections), using "ssh -O stop".
+
"ssh-keygen -A" will now automatically generate host keys of every
+ supported type
+
Deprecated GlobalKnownHostsFile2, UserKnownHostsFile2 and
+ AuthorizedKeysFile2 options. Instead, the corresponding
+ GlobalKnownHostsFile UserKnownHostsFile and AuthorizedKeysFile
+ options now all accept multiple arguments.
+
Add a RequestTTY option to ssh(1) to allow control over TTY
+ requests similar to the -t/-tt/-T commandline options.
+
ssh_config(5) now supports negated host matching. E.g.
+ "Host *.example.org !c.example.org" will match "a.example.org",
+ "b.example.org", but not "c.example.org"
+
Add experimental systrace(4) sandboxing of pre-auth sshd(8),
+ enabled using "UsePrivilegeSeparation=sandbox".
+
Add new SHA-2 based HMAC modes for the SSH transport layer from
+ http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
+
+
The following significant bugs have been fixed in this release:
+
+
Fix hostbased authentication for hosts using ECDSA keys.
+
Fix corruption of file information in sftp(1)'s ls display.
+
Fix remote portforwarding with dynamically allocated listen ports.
+
+
+
+
+
Over 7,200 ports, major robustness and speed improvements in package tools.
+
Many pre-built packages for each architecture:
+
+
+
+
+
i386: 7008
+
sparc64: 6456
+
alpha: 6046
+
+
sh: 3721
+
amd64: 6960
+
powerpc: 6691
+
+
sparc: 3277
+
arm: 2963
+
hppa: 6125
+
+
vax: 1409
+
mips64: 5689
+
mips64el: 5709
+
+
+
+
Some highlights:
+
+
Gnome 2.32.2
KDE 3.5.10
+
Xfce 4.8.0
MySQL 5.1.54
+
PostgreSQL 9.0.5
Postfix 2.8.4
+
OpenLDAP 2.3.43 and 2.4.25
Mozilla Firefox 3.5.19, 3.6.18 and 5.0
+
Mozilla Thunderbird 5.0
GHC 7.0.4
+
LibreOffice 3.4.1.3
Emacs 21.4, 22.3 and 23.3
+
Vim 7.3.154
PHP 5.2.17 and 5.3.6
+
Python 2.4.6, 2.5.4 and 2.7.1
Ruby 1.8.7.352 and 1.9.2.200
+
Mono 2.10.2
Chromium 12.0.742.122
+
Groff 1.21
+
+
+
+
As usual, steady improvements in manual pages and other documentation.
+
Base system and Xenocara manuals are now installed as source code,
+ making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/.
+
If both formatted and source versions of manuals are installed,
+ man(1) automatically displays the newer version of each page.
+
+ - The system includes the following major components from outside suppliers:
+
Xenocara (based on X.Org 7.6 with xserver 1.9 + patches,
+ freetype 2.4.5, fontconfig 2.8.0, Mesa 7.8.2, xterm 270,
+ xkeyboard-config 2.3 and more)
+