FreeBSD The Power to Serve

FreeBSD/i386 4.9-RELEASE Release Notes

The FreeBSD Project

$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 2003/10/19 18:33:34 bmah Exp $

The release notes for FreeBSD 4.9-RELEASE contain a summary of the changes made to the FreeBSD base system since 4.8-RELEASE. Both changes for kernel and userland are listed, as well as applicable security advisories for the base system that were issued since the last release. Some brief remarks on upgrading are also presented.

1 Introduction

This document contains the release notes for FreeBSD 4.9-RELEASE on the i386 hardware platform. It describes new features of FreeBSD that have been added (or changed) since 4.8-RELEASE. It also provides some notes on upgrading from previous versions of FreeBSD.

This distribution of FreeBSD 4.9-RELEASE is a release distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) release distributions of FreeBSD can be found in the ``Obtaining FreeBSD'' appendix in the FreeBSD Handbook.

2 What's New

This section describes the most user-visible new or changed features in FreeBSD since 4.8-RELEASE. Typical release note items document new drivers or hardware support, new commands or options, major bugfixes, or contributed software upgrades. Security advisories for the base system that were issued after 4.8-RELEASE are also listed.

2.1 Security Advisories

A remotely-exploitable buffer overflow vulnerability in sendmail has been fixed. For more details, see security advisory FreeBSD-SA-03:07. In FreeBSD 4.8-RELEASE, this vulnerability was fixed using a vendor-supplied patch (but too late for inclusion in the release notes). In FreeBSD 4.9-RELEASE, it has been fixed with the import of a new version of sendmail.

A single-byte buffer overflow in realpath(3) has been fixed. See security advisory FreeBSD-SA-03:08.

A bug that could allow the kernel to attempt delivery of invalid signals has been fixed. The bug could have led to a kernel panic. For more information, see security advisory FreeBSD-SA-03:09.

A bug in the iBCS2 emulation module, which could result in disclosing the contents of kernel memory, has been fixed. This module is not enabled in FreeBSD by default. For more information, see security advisory FreeBSD-SA-03:10.

A programming error in the sendmail implementation of its ``DNS maps'' feature has been fixed by the import of a new version of sendmail. More information can be found in security advisory FreeBSD-SA-03:11. Note that this feature is not used by the default configuration files shipped with FreeBSD.

A buffer management bug in OpenSSH, which could potentially cause a crash, has been fixed. More information can be found in security advisory FreeBSD-SA-03:12.

A buffer overflow in sendmail has been fixed. More information can be found in security advisory FreeBSD-SA-03:13.

A bug that could allow the kernel to cause resource starvation which eventually results in a system panic in the ARP cache code has been fixed. More information can be found in security advisory FreeBSD-SA-03:14.

Several errors in the OpenSSH PAM challenge/authentication subsystem have been fixed. The impacts of these bugs vary; details can be found in security advisory FreeBSD-SA-03:15.

A bug in the readv(2) system call, which could potentially cause a system crash or privilege escalation has been fixed. More information can be found in security advisory FreeBSD-SA-03:16.

A bug in procfs(5) and linprocfs(5), which could result in disclosing the contents of kernel memory, has been fixed. More information can be found in security advisory FreeBSD-SA-03:17.

Four separate security flaws in OpenSSL, which could allow a remote attacker to crash an OpenSSL-using application or to execute arbitrary code with the privileges of the application, have been fixed. More information can be found in security advisory FreeBSD-SA-03:18.

2.2 Kernel Changes

A bug that caused atkbd(4) to register an AT keyboard during console initialization, even when no AT keyboard was connected, has been fixed. kbdcontrol -k /dev/kbd1 is no longer needed when only a USB keyboard is connected.

The hifn(4) driver now supports symmetric crypto for the 7955 and 7956 chipsets.

The safe(4) driver has been added to support SafeNet 1141- and 1741-based crypto accelerators.

Warning: This driver should be considered experimental and and should be used with some caution.

Note: The public key support is not implemented.

2.2.1 Platform-Specific Hardware Support

A bug which prevented the kernel from booting on an Intel 80386 processor has been corrected.

Support for the Physical Address Extensions (PAE) capability on Intel Pentium Pro and higher processors has been added. This allows the use of up to 64GB of RAM in a machine, although the amount of memory usable by any single process (or the FreeBSD kernel) is unchanged. The pae(4) manual page has more details on this feature.

2.2.3 Network Interface Support

bge(4) now supports Broadcom 5705 based Gigabit Ethernet NICs.

The dc(4) driver once again transmits packets correctly through Davicom DC9102 cards.

The proatm driver has been added to support ProSum's ProATM (IDT77252-based) interfaces. This driver is analogous to the patm driver in FreeBSD-CURRENT.

The rue(4) network driver has been added, providing support for Ethernet adapters based on the RealTek RTL8150 USB to Fast Ethernet controller chip.

The sbsh(4) driver for the Granch SBNI16 SHDSL modem has been added.

sk(4) now supports SK-9521 V2.0 and 3COM 3C940 based Gigabit Ethernet NICs.

The suspend/resume support for the wi(4) driver now works correctly when the device is configured down.

2.2.4 Network Protocols

A bug in ipfw(4) limit rule processing that could cause various panics has been fixed.

ipfw(4) rules now support comma-separated address lists (such as,,, and allow spaces after commas to make lists of addresses more readable.

ipfw(4) rules now support C++-style comments. Each comment is stored together with its rule and appears using the ipfw(8) show command.

ipfw(8) can now modify ipfw(4) rules in set 31, which was read-only and used for the default rules. They can be deleted by ipfw delete set 31 command but are not deleted by the ipfw flush command. This implements a flexible form of ``persistent rules''. More details can be found in ipfw(8).

Kernel support has been added for Protocol Independent Multicast routing.

2.2.5 Disks and Storage

The da(4) driver no longer tries to send 6-byte commands to USB and Firewire devices. Quirks for USB devices (which hopefully are now unnecessary) have been disabled; to restore the old behavior, add options DA_OLD_QUIRKS to the kernel configuration.

The twe(4) driver now supports the 3ware generic API.

2.2.6 File Systems

A new DIRECTIO kernel option enables support for read operations that bypass the buffer cache and put data directly into a userland buffer. This feature requires that the O_DIRECT flag is set on the file descriptor and that both the offset and length for the read operation are multiples of the physical media sector size.

2.3 Userland Changes

arp(8) now supports a -i option to limit the scope of the current operation to the ARP entries on a particular interface. This option applies to the display operations only. It should be useful on routers with numerous network interfaces.

chroot(8) now allows the optional setting of a user, primary group, or group list to use inside the chroot environment via the -u, -g, and -G options respectively.

ipfw(8) list and show command now support ranges of rule numbers.

ipfw(8) now supports a -n flag to test the syntax of commands without actually changing anything.

The mount_msdos(8) utility now supports a -M option to specify the maximum file permissions for directories in the file system.

systat(1) now includes displays for IPv6 and ICMPv6 traffic.

uudecode(1) and b64decode(1) now support a -r flag for decoding raw (or broken) files that may be missing the initial and possibly final framing lines.

2.4 Contributed Software

The Intel ACPI 20030228 distribution (with local FreeBSD changes and support code) has been imported. This feature should be considered experimental and should be tested prior to being deployed in a production environment.

Note: Unlike on FreeBSD-CURRENT, the ACPI driver must be statically compiled into the kernel by adding device acpica to a kernel configuration. There is no kernel module. This driver is not present in the default, GENERIC kernel.

groff has been updated from 1.18.1 to 1.19.

lukemftpd (not built by default) has been updated from a 1.2beta1 to a 5 January 2003 snapshot from the NetBSD CVS repository.

OpenSSL has been updated from 0.9.7a to 0.9.7c.

sendmail has been updated to version 8.12.9.

texinfo has been updated from 4.5 to 4.6.

The timezone database has been updated from the tzdata2003a release to the tzdata2003d release.

2.5 Ports/Packages Collection Infrastructure

pkg_create(1) now supports a -C option, which allows packages to register a list of other packages with which they conflict. They will refuse to install (via pkg_add(1)) if one of the listed packages is already present. The -f flag to pkg_add(1) overrides this conflict-checking.

2.6 Release Engineering and Integration

The supported release of GNOME has been updated from 2.2 to 2.4.

The supported release of KDE has been updated from 3.1 to 3.1.4.

3 Upgrading from previous releases of FreeBSD

If you're upgrading from a previous release of FreeBSD, you generally will have three options:

  • Using the binary upgrade option of sysinstall(8). This option is perhaps the quickest, although it presumes that your installation of FreeBSD uses no special compilation options.

  • Performing a complete reinstall of FreeBSD. Technically, this is not an upgrading method, and in any case is usually less convenient than a binary upgrade, in that it requires you to manually backup and restore the contents of /etc. However, it may be useful in cases where you want (or need) to change the partitioning of your disks.

  • From source code in /usr/src. This route is more flexible, but requires more disk space, time, and technical expertise. More information can be found in the ``Using make world'' section of the FreeBSD Handbook. Upgrading from very old versions of FreeBSD may be problematic; in cases like this, it is usually more effective to perform a binary upgrade or a complete reinstall.

Please read the INSTALL.TXT file for more information, preferably before beginning an upgrade. If you are upgrading from source, please be sure to read /usr/src/UPDATING as well.

Finally, if you want to use one of various means to track the -STABLE or -CURRENT branches of FreeBSD, please be sure to consult the ``-CURRENT vs. -STABLE'' section of the FreeBSD Handbook.

Important: Upgrading FreeBSD should, of course, only be attempted after backing up all data and configuration files.

This file, and other release-related documents, can be downloaded from

For questions about FreeBSD, read the documentation before contacting <>.

For questions about this documentation, e-mail <>.