version 1.1, 2011/09/07 03:07:11 |
version 1.2, 2011/10/26 20:55:48 |
|
|
|
|
<ul> |
<ul> |
|
|
<b>Improvement list coming soon.</b> |
<li>Improved hardware support, including: |
|
<ul> |
|
<li>MSI interrupts for many devices, on those architectures which can |
|
support them (amd64, i386, sparc64 only so far). |
|
<li>A new dma_alloc(9) API makes it easier for kernel code to allocate |
|
dma-safe memory. Many drivers (especially network drivers) and |
|
subsystems (in particular scsi and the buffer cache) were adapted |
|
to use this. |
|
<li>As a result, big-memory support has been enabled on all possible |
|
architectures. |
|
<li>The rather rare bce(4) driver now copies mbufs all the time, to cope |
|
with the hardware having a 1GB limit. |
|
<li>Added hds(4), a driver for Hitachi Modular Storage SCSI devices. |
|
<li>Added myx(4), a driver for the Myricom Myri-10G 10GB Ethernet devices. |
|
<li>Added dfs(4), a driver for Dynamic Frequency Switching on some macppc |
|
systems. |
|
<li>cardbus(4) and pcmcia(4) support on sgi. |
|
<li>Suspend/resume support on Loongson Yeelong laptops. |
|
</ul> |
|
<p> |
|
|
|
<li>Generic network stack improvements: |
|
<ul> |
|
<li>Added support for sending Wake on Lan packets using arp(8). |
|
<li>Permit turning Wake on Lan support on/off using ifconfig(8). |
|
<li>Added Wake on Lan support to xl(4), re(4), and vr(4). |
|
<li>Allow ftp-proxy to proxy across rdomains. |
|
<li>The IPv4 stack will no longer accept ICMP redirects when |
|
acting as a router. |
|
<li>By default the IPv6 stack will not process ICMP6 redirects. |
|
rtsol(8) will turn it back if -F is used. |
|
<li>Reworked large parts of the dhclient(8) options processing for better |
|
interoperability. |
|
<li>Fixed carp(4) to work in IPv6 only setups. |
|
<li>Make it possible to bind(2) to the local network broadcast address |
|
on datagram and raw sockets. |
|
<li>The default multicast reject route is now ignored if the UDP socket |
|
uses the IP_MULTICAST_IF socket option. |
|
<li>Make gre(4) work between systems in the same LAN. |
|
<li>Removed the link1 mode special addressing mode on lo(4). |
|
<li>Kernel randomization speed and quality improved substantially. |
|
</ul> |
|
<p> |
|
|
|
<li>Routing daemons and other userland network improvements: |
|
<ul> |
|
<li>bgpd(8) no longer bumps the rlimits: the rc.d framework respects |
|
login classes which is a much better solution. |
|
<li>Correctly set the network filtersets on reload in bgpd(8). |
|
<li>The routing socket is now sending RTM_DESYNC messages if the |
|
socketbuffer overflows. |
|
<li>Allow ospfd(8) to send out LS updates and other messages |
|
larger than the MTU. |
|
<li>Fixed nexthop calculation in ospfd(8) for directly connected P2P links. |
|
<li>First bits to support opaque LSA in ospfd(8). Only basic redistribute |
|
logic and LSDB handling for now. |
|
<li>Creating new interfaces will no longer cause a fatal error in ospf6d(8). |
|
<li>ospf6d(8) handles link-state changes better. |
|
<li>Better loopback handling in ospf6d(8). |
|
<li>No longer install extra multicast routes in ripd(8) and ldpd(8). |
|
<li>Make kqueue(2) work with sosplice(9). |
|
<li>Enabled sosplice(9) in relayd(8) for TCP. |
|
<li>Added support for divert-to which provides some benefits over |
|
rdr-to in relayd(8). |
|
<li>Fixed trap sending in snmpd(8). |
|
<li>Make ping6(8) compare minimum amount of bytes between what |
|
was received and what was sent out. |
|
<li>Make traceroute(8) with type-of-service setted (-t) display |
|
a message if the returned packet has a different tos type. |
|
<li>Added the socket splicing fields of struct socket to netstat -vP output. |
|
</ul> |
|
<p> |
|
|
|
<li>pf(4) improvements: |
|
<ul> |
|
<li>Make pf(4) reassemble IPv6 fragments. In the forward case, pf |
|
refragments the packets with the same maximum size. |
|
<li>Allow pf(4) to filter on the rdomain a packet belongs to. |
|
<li>Make pf(4) allow userland proxies to establish cross rdomain |
|
proxy sessions. |
|
<li>Added IPv6 ACK prioritization in pf(4). |
|
<li>Change 'set skip on <...>' to work with interface groups. |
|
<li>pfsync(4) supports IPv6 as network protocol. |
|
<li>Switched ftp-proxy(8) over to divert-to instead of rdr-to. |
|
<li>tftp-proxy(8) uses 'divert-to' as well. |
|
</ul> |
|
<p> |
|
|
|
<li>SCSI improvements: |
|
<ul> |
|
<li>most SCSI hardware drivers now use the new iopools infrastructure. |
|
<li>scsi(4) devices are now all provided with a unique devid, which |
|
is displayed during the probe process. |
|
<li>ASC/ASCQ error codes and verbiage now in sync with |
|
http://www.t10.org/lists/asc-num.txt. |
|
<li>progress on iSCSI includes better login, better logout, preliminary |
|
FSM support in iscsid(8), and improved logging and debug information. |
|
<li>uk(4) can now safely and reliably detach an unknown SCSI device. |
|
<li>mpath(4) device and kernel support is improved. |
|
<li>vscsi(4) now ensures output always goes to the correct connection. |
|
<li>vscsi(4) connections can now be reset gracefully. |
|
<li>scsi(4) devices on fibre channel fabrics no longer inherit the adapter's |
|
address. |
|
</ul> |
|
<p> |
|
|
|
<li>Assorted improvements: |
|
<ul> |
|
<li>For additional security, security(8) was rewritten in Perl. |
|
<li>Mandoc 1.11.4: Now accepts eqn(7) input (no fancy formatting yet) |
|
and supports -Tutf8 output (but no utf8 input yet). |
|
<li>Removed a variety of OS-compat emulation code, leaving just the Linux |
|
support. |
|
<li>Small improvements to Linux compat (only available on i386). |
|
<li>Improved our own pkg-config(1) implementation with extended comparison |
|
scheme and implementing various new options. |
|
<li>The math library, libm, was fully fleshed out to support all C99 required |
|
parts. Many bugs for various architectures were fixed along the way. |
|
<li>malloc(3) is a lot faster and has a few further security features (more |
|
randomization, as well as the 'S' flag to enable all paranoia checks). |
|
<li>'make depend' is no longer neccessary in kernel compilation directories |
|
since the dependencies are calculated automatically. |
|
<li>Increased the default size of the buffer cache. |
|
<li>kqueue(2) now works on /dev/random and spliced sockets |
|
<li>On MBR-based disks, scan through up to 256 extended partition tables |
|
when looking for an OpenBSD partition table. |
|
<li>Added POSIX 2008 fdopendir(3) and openat(2) functions, as well as the |
|
O_CLOEXEC, O_DIRECTORY, and F_DUPFD_CLOEXEC flags. |
|
<li>Improved lint format string checks and added a few other checks. |
|
<li>kdump(8) now dumps stat and sockaddr structures, sysctl mib |
|
strings, and decodes syscall flags and operation bits. |
|
<li>Improved kernel pool debug checking. |
|
<li>Improved correctness of signals and various syscalls when rthreads |
|
are in use. |
|
<li>Kernel malloc(9) space and stacks moved to non-dma memory. |
|
<li>Fixed some shutdown/reboot hangs on NFS clients. |
|
<li>UNIX-domain socket paths are now guaranteed to be NUL-terminated. |
|
<li>Added support for *wprintf(3), wcs{,n}casecmp(3), and wcsdup(3). |
|
<li>NULL is now a (void *). |
|
</ul> |
|
<p> |
|
|
|
<li>Install/Upgrade process changes: |
|
<ul> |
|
<li>Completed support for DUID disk installs, and enabled it fully. |
|
<li>Tried to make sysmerge(8) work in the installer, but ran into small |
|
problems and decided to disable it. |
|
<li>Install non-free firmwares from the internet upon first boot, based on a |
|
question in the installer. |
|
<li>svnd(4)-like behaviour became the default for vnd(4) devices. This is |
|
what is used to build the media. |
|
</ul> |
|
<p> |
|
|
|
<li>rc.d(8) framework improvements: |
|
<ul> |
|
<li>rc.d(8) is now also used the base system daemons. |
|
<li>Backward compatible with the historic way of starting daemons. |
|
<li>Notify the user by appending (ok) or (failed) in interactive mode. |
|
<li>Better diagnostics with the introduction of RC_DEBUG. |
|
</ul> |
|
<p> |
|
|
|
<li>OpenSSH 6.0: |
|
<ul> |
|
<li>New features: |
|
<ul> |
|
<li>Allow cancellation of port forwardings via the multiplexing socket |
|
(e.g. "ssh -O cancel -R 2222:127.0.0.1:22 user@host") |
|
<li>Add wildcard support to PermitOpen (e.g. "PermitOpen localhost:*") |
|
<li>A new "ssh-add -k" option to load only plain keys and not |
|
certificates into the agent. |
|
<li>ssh-add now supports loading keys from stdin ("program | ssh-add -") |
|
<li>Allow graceful shutdown of the multiplexing socket (stop listening, |
|
but don't interrupt existing connections), using "ssh -O stop". |
|
<li>"ssh-keygen -A" will now automatically generate host keys of every |
|
supported type |
|
<li>Deprecated GlobalKnownHostsFile2, UserKnownHostsFile2 and |
|
AuthorizedKeysFile2 options. Instead, the corresponding |
|
GlobalKnownHostsFile UserKnownHostsFile and AuthorizedKeysFile |
|
options now all accept multiple arguments. |
|
<li>Add a RequestTTY option to ssh(1) to allow control over TTY |
|
requests similar to the -t/-tt/-T commandline options. |
|
<li>ssh_config(5) now supports negated host matching. E.g. |
|
"Host *.example.org !c.example.org" will match "a.example.org", |
|
"b.example.org", but not "c.example.org" |
|
<li>Add experimental systrace(4) sandboxing of pre-auth sshd(8), |
|
enabled using "UsePrivilegeSeparation=sandbox". |
|
<li>Add new SHA-2 based HMAC modes for the SSH transport layer from |
|
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt |
|
</ul> |
|
<li>The following significant bugs have been fixed in this release: |
|
<ul> |
|
<li>Fix hostbased authentication for hosts using ECDSA keys. |
|
<li>Fix corruption of file information in sftp(1)'s ls display. |
|
<li>Fix remote portforwarding with dynamically allocated listen ports. |
|
</ul> |
|
</ul> |
|
<p> |
|
|
|
<li>Over 7,200 ports, major robustness and speed improvements in package tools. |
|
<li>Many pre-built packages for each architecture: |
|
<table border=0 cellspacing=0 cellpadding=2 width="95%"> |
|
<tr> |
|
<td valign="top" width="25%"> |
|
<ul> |
|
<li>i386: 7008 |
|
<li>sparc64: 6456 |
|
<li>alpha: 6046 |
|
</ul></td><td valign=top width="25%"><ul> |
|
<li>sh: 3721 |
|
<li>amd64: 6960 |
|
<li>powerpc: 6691 |
|
</ul></td><td valign=top width="25%"><ul> |
|
<li>sparc: 3277 |
|
<li>arm: 2963 |
|
<li>hppa: 6125 |
|
</ul></td><td valign=top width="25%"><ul> |
|
<li>vax: 1409 |
|
<li>mips64: 5689 |
|
<li>mips64el: 5709 |
|
</ul></td></tr></table> |
|
<p> |
|
|
|
<li>Some highlights: |
|
<ul> |
|
<li>Gnome 2.32.2 <li>KDE 3.5.10 |
|
<li>Xfce 4.8.0 <li>MySQL 5.1.54 |
|
<li>PostgreSQL 9.0.5 <li>Postfix 2.8.4 |
|
<li>OpenLDAP 2.3.43 and 2.4.25 <li>Mozilla Firefox 3.5.19, 3.6.18 and 5.0 |
|
<li>Mozilla Thunderbird 5.0 <li>GHC 7.0.4 |
|
<li>LibreOffice 3.4.1.3 <li>Emacs 21.4, 22.3 and 23.3 |
|
<li>Vim 7.3.154 <li>PHP 5.2.17 and 5.3.6 |
|
<li>Python 2.4.6, 2.5.4 and 2.7.1 <li>Ruby 1.8.7.352 and 1.9.2.200 |
|
<li>Mono 2.10.2 <li>Chromium 12.0.742.122 |
|
<li>Groff 1.21 |
|
</ul> |
|
<p> |
|
|
|
<li>As usual, steady improvements in manual pages and other documentation. |
|
<li>Base system and Xenocara manuals are now installed as source code, |
|
making grep(1) more useful in /usr/share/man/ and /usr/X11R6/man/. |
|
<li>If both formatted and source versions of manuals are installed, |
|
man(1) automatically displays the newer version of each page. |
|
|
|
- The system includes the following major components from outside suppliers: |
|
<li>Xenocara (based on X.Org 7.6 with xserver 1.9 + patches, |
|
freetype 2.4.5, fontconfig 2.8.0, Mesa 7.8.2, xterm 270, |
|
xkeyboard-config 2.3 and more) |
|
<li>Gcc 2.95.3 (+ patches), 3.3.5 (+ patches) and 4.2.1 (+patches) |
|
<li>Perl 5.12.2 (+ patches) |
|
<li>Our improved and secured version of Apache 1.3, with |
|
SSL/TLS and DSO support |
|
<li>OpenSSL 1.0.0a (+ patches) |
|
<li>Sendmail 8.14.5, with libmilter |
|
<li>Bind 9.4.2-P2 (+ patches) |
|
<li>Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches) |
|
<li>Sudo 1.7.2p8 |
|
<li>Ncurses 5.7 |
|
<li>Heimdal 0.7.2 (+ patches) |
|
<li>Arla 0.35.7 |
|
<li>Binutils 2.15 (+ patches) |
|
<li>Gdb 6.3 (+ patches) |
|
</ul> |
|
|
</ul> |
</ul> |
|
|