FreeBSD/amd64 5.2.1-RELEASE Release Notes

  The FreeBSD Project

   Copyright (c) 2000, 2001, 2002, 2003, 2004 The FreeBSD Documentation
   Project

   $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v
   1.663.2.13 2004/02/06 21:37:54 bmah Exp $

   The release notes for FreeBSD 5.2.1-RELEASE contain a summary of recent
   changes made to the FreeBSD base system on the 5-CURRENT development
   branch. This document lists applicable security advisories that were
   issued since the last release, as well as significant changes to the
   FreeBSD kernel and userland. Some brief remarks on upgrading are also
   presented.

     ----------------------------------------------------------------------

   Table of Contents

   1 Introduction

   2 What's New

                2.1 Security Advisories

                2.2 Kernel Changes

                             2.2.1 Platform-Specific Hardware Support

                             2.2.2 Boot Loader Changes

                             2.2.3 Network Interface Support

                             2.2.4 Network Protocols

                             2.2.5 Disks and Storage

                             2.2.6 File Systems

                             2.2.7 Multimedia Support

                2.3 Userland Changes

                2.4 Contributed Software

                2.5 Ports/Packages Collection Infrastructure

                2.6 Release Engineering and Integration

                2.7 Documentation

   3 Upgrading from previous releases of FreeBSD

1 Introduction

   This document contains the release notes for FreeBSD 5.2.1-RELEASE on the
   AMD64 hardware platform. It describes recently added, changed, or deleted
   features of FreeBSD. It also provides some notes on upgrading from
   previous versions of FreeBSD.

   This distribution of FreeBSD 5.2.1-RELEASE is a ``point release'',
   intended to address some issues (primarily bug fixes) discovered in
   FreeBSD 5.2-RELEASE.

   Users who are new to the 5-CURRENT series of FreeBSD releases should also
   read the ``Early Adopters Guide to FreeBSD 5.2.1-RELEASE''. This document
   can generally be found in the same location as the release notes (either
   as a part of a FreeBSD distribution or on the FreeBSD Web site). It
   contains important information regarding the advantages and disadvantages
   of using FreeBSD 5.2.1-RELEASE, as opposed to releases based on the
   FreeBSD 4-STABLE development branch.

   All users are encouraged to consult the release errata before installing
   FreeBSD. The errata document is updated with ``late-breaking'' information
   discovered late in the release cycle or after the release. Typically, it
   contains information on known bugs, security advisories, and corrections
   to documentation. An up-to-date copy of the errata for FreeBSD
   5.2.1-RELEASE can be found on the FreeBSD Web site.

     ----------------------------------------------------------------------

2 What's New

   This section describes many of the user-visible new or changed features in
   FreeBSD since 5.1-RELEASE. It includes items that are unique to the
   5-CURRENT branch, as well as some features that may have been recently
   merged to other branches (after FreeBSD 5.1-RELEASE). The latter items are
   marked as [MERGED].

   Typical release note items document recent security advisories issued
   after 5.1-RELEASE, new drivers or hardware support, new commands or
   options, major bug fixes, or contributed software upgrades. They may also
   list changes to major ports/packages or release engineering practices.
   Clearly the release notes cannot list every single change made to FreeBSD
   between releases; this document focuses primarily on security advisories,
   user-visible changes, and major architectural improvements.

   Release note entries that describe changes specific to this point release
   are marked with [5.2.1].

     ----------------------------------------------------------------------

  2.1 Security Advisories

   A single-byte buffer overflow in realpath(3) was fixed. Although the fix
   was committed prior to FreeBSD 5.1-RELEASE (and thus 5.1-RELEASE was not
   affected), it was not noted in the release documentation. See security
   advisory FreeBSD-SA-03:08. [MERGED]

   A bug that could allow the kernel to attempt delivery of invalid signals
   has been fixed. The bug could have led to a kernel panic or, under some
   circumstances, unauthorized modification of kernel memory. For more
   information, see security advisory FreeBSD-SA-03:09. [MERGED]

   A bug in the iBCS2 emulation module, which could result in disclosing the
   contents of kernel memory, has been fixed. This module is not enabled in
   FreeBSD by default. For more information, see security advisory
   FreeBSD-SA-03:10. [MERGED]

   A buffer management bug in OpenSSH, which could potentially cause a crash,
   has been fixed. More information can be found in security advisory
   FreeBSD-SA-03:12. [MERGED]

   A buffer overflow in sendmail has been fixed. More information can be
   found in security advisory FreeBSD-SA-03:13. [MERGED]

   A bug that could allow the kernel to cause resource starvation which
   eventually results in a system panic in the ARP cache code has been fixed.
   More information can be found in security advisory FreeBSD-SA-03:14.
   [MERGED]

   Several errors in the OpenSSH PAM challenge/response authentication
   subsystem have been fixed. The impacts of these bugs vary; details can be
   found in security advisory FreeBSD-SA-03:15. [MERGED]

   A bug in procfs(5) and linprocfs(5), which could result in disclosing the
   contents of kernel memory, has been fixed. More information can be found
   in security advisory FreeBSD-SA-03:17. [MERGED]

   Four separate security flaws in OpenSSL, which could allow a remote
   attacker to crash an OpenSSL-using application or to execute arbitrary
   code with the privileges of the application, have been fixed. More
   information can be found in security advisory FreeBSD-SA-03:18. [MERGED]

   A potential denial of service in BIND has been fixed. For more
   information, see security advisory FreeBSD-SA-03:19. [MERGED]

   [5.2.1] A bug in mksnap_ffs(8) has been fixed; it caused the creation of a
   filesystem snapshot to reset the flags on the filesystem to their default
   values. The possible consequences depended on local usage, but could
   include disabling extended access control lists or enabling the use of
   setuid executables stored on an untrusted filesystem. This bug also
   affected the dump(8) -L option, which uses mksnap_ffs(8). Note that
   mksnap_ffs(8) is normally only available to the superuser and members of
   the operator group. For more information, see security advisory
   FreeBSD-SA-04:01.

   [5.2.1] A bug with the System V Shared Memory interface (specifically the
   shmat(2) system call) has been fixed. This bug can cause a shared memory
   segment to reference unallocated kernel memory. In turn, this can permit a
   local attacker to gain unauthorized access to parts of kernel memory,
   possibly resulting in disclosure of sensitive information, bypass of
   access control mechanisms, or privilege escalation. More details can be
   found in security advisory FreeBSD-SA-04:02. [MERGED]

     ----------------------------------------------------------------------

  2.2 Kernel Changes

   The acpi(4) driver's CPU component now supports idle states C1-C3 for both
   single and SMP systems, providing power/heat savings when the processor is
   idle, according to ACPI 2.0. Additionally, the throttling support has been
   updated to ACPI 2.0.

   [5.2.1] devfs(5) path rules now work correctly on directories.

   The dcons(4) ``dumb console'' driver has been added to provide a local and
   remote console. It can be accessed over FireWire using the dcons_crom(4)
   driver. A dconschat(8) utility provides user access to dcons(4) devices.

   A multi-byte character set conversion method is now supported by the
   LIBICONV kernel option.

   The puc(4) PCI Universal Communications driver now supports connecting
   parallel ports to the ppc(4) driver.

   The uart(4) driver has been added to support various classes of UART
   (Universal Asynchronous Receiver/Transmitter) devices. It is an analog of
   the sio(4) driver but supports a wider range of devices. This driver is
   necessary to support serial ports on certain architectures, such as ia64
   and sparc64.

   A kernel software watchdog facility has been implemented. For more
   information, see watchdog(4) and watchdogd(8).

   The swap pager has been revamped. Among user-visible changes are a change
   in the layout policy (from fixed-width striping to a round-robin across
   devices) for better I/O throughput, the elimination of compile-time limits
   on the number of swap devices, and a reduction in memory overheads.

     ----------------------------------------------------------------------

    2.2.1 Platform-Specific Hardware Support

     ----------------------------------------------------------------------

    2.2.2 Boot Loader Changes

     ----------------------------------------------------------------------

    2.2.3 Network Interface Support

   The new ath(4) and ath_hal(4) drivers provide support for 802.11a/b/g
   devices based on the AR5210, AR5211, and AR5212 chips.

   The bfe(4) driver has been added to support Broadcom BCM4401 based Fast
   Ethernet adapters.

   bge(4) now supports Broadcom 5705 based Gigabit Ethernet NICs. [MERGED]

   A bug in the bge(4) driver that prevented it from working correctly at 10
   Mbps has been fixed.

   The em(4) driver now has support for tuning the interrupt delays using
   sysctl tunables without recompiling the driver.

   The fatm(4) driver has been added. This is a driver for NATM and NgATM
   that supports Fore/Marconi PCA200 ATM cards.

   The re(4) driver has been added. It provides support for the RealTek
   RTL8139C+, RTL8169, RTL8169S and RTL8110S PCI Fast Ethernet and Gigabit
   Ethernet controllers.

   sk(4) now supports SK-9521 V2.0 and 3COM 3C940 based Gigabit Ethernet
   NICs. [MERGED]

   [5.2.1] Several bugs related to multicast and promiscuous mode handling in
   the sk(4) driver have been fixed.

   A new utopia(4) driver supports 25MBit/sec, 155MBit/sec and 622MBit/sec
   ATM physical layer configuration, status and statistics reporting for the
   most commonly used ATM-PHY chips.

   The suspend/resume support for the wi(4) driver now works correctly when
   the device is configured down. [MERGED]

   The wi(4) driver should once again work correctly with Lucent 802.11b
   interfaces.

   The 802.11 support layer has been rewritten to allow for future growth and
   new features.

   The xe(4) driver now supports CE2, CEM28, and CEM33 cards, and
   multicast(4) datagrams. Also several bugs in the driver have been fixed.

   A number of network drivers have had their interrupt handlers marked as
   MPSAFE, meaning they can run without the Giant lock. Among the drivers so
   converted are: ath(4), em(4), ep(4), fxp(4), sn(4), wi(4), and sis(4).

     ----------------------------------------------------------------------

    2.2.4 Network Protocols

   The ip_flow feature in the IPv4 protocol implementation has been replaced
   by the ip_fastforward feature. ip_fastforward attempts to speed up simple
   cases of packet forwarding, processing a forwarded packet to an outgoing
   interface without queues or netisrs. If it cannot handle a particular
   packet, it passes that packet to the normal ip_input routines for
   processing. This feature can be enabled by setting the
   net.inet.ip.fastforwarding sysctl variable to 1.

   The IP_ONESBCAST option has been added to enable undirected ip(4)
   broadcasts to be sent to specific network interfaces.

   Enabling the options IPFILTER feature also requires enabling options
   PFIL_HOOKS.

   A bug in ipfw(4) limit rule processing that could cause various panics has
   been fixed. [MERGED]

   ipfw(4) rules now support comma-separated address lists (such as 1.2.3.4,
   5.6.7.8/30, 9.10.11.12/22), and allow spaces after commas to make lists of
   addresses more readable. [MERGED]

   ipfw(4) rules now support C++-style comments. Each comment is stored
   together with its rule and appears using the ipfw(8) show command.
   [MERGED]

   ipfw(8) can now modify ipfw(4) rules in set 31, which was read-only and
   used for the default rules. They can be deleted by ipfw delete set 31
   command but are not deleted by the ipfw flush command. This implements a
   flexible form of ``persistent rules''. More details can be found in
   ipfw(8). [MERGED]

   The ng_atmpif(4) NetGraph node type has been added. It emulates a HARP
   physical interface, and allows one to run the HARP ATM stack without real
   hardware.

   Kernel support has been added for Protocol Independent Multicast routing
   (pim(4)). [MERGED]

   The FreeBSD Bluetooth protocol stack has been updated:

     * libsdp has been re-implemented under a BSD style license. This is
       because the Linux BlueZ code is distributed under the GPL.

     * The hccontrol(8) utility now supports four new commands:
       Read/Write_Page_Scan_Mode and Read/Write_Page_Scan_Period_Mode.

     * The hcsecd(8) daemon now stores link keys on a disk. It is no longer
       required to pair devices every time.

     * A NetGraph timeout problem in the ng_hci(4) and ng_l2cap(4) kernel
       modules, which could cause access to a data structure that was already
       freed, has been fixed.

     * The ng_ubt(4) module, which cannot be built on FreeBSD 5.1-RELEASE,
       has been fixed.

     * rfcomm_sppd(1) and rfcomm_pppd(8) now support to query the RFCOMM
       channel via SDP from the server. Specifying the RFCOMM channel
       manually, this behavior can be disabled and these utilities will not
       use SDP query.

     * The sdpcontrol(8) utility, which is analogous to the sdptool utility
       in the Linux BlueZ SDP package, has been added.

   A number of fixes and updates to the IPv6 and IPSec code have been
   imported from the KAME Project.

   [5.2.1] Some bugs in the IPsec implementation from the KAME Project have
   been fixed. These bugs were related to freeing memory objects before all
   references to them were removed, and could cause erratic behavior or
   kernel panics after flushing the Security Policy Database (SPD).

   Support for the IPv6 Advanced Sockets API now conforms to RFC 3542 (also
   known as RFC 2292bis), rather than RFC 2292. Applications using this API
   have been updated accordingly.

   [5.2.1] The PFIL_HOOKS option is now enabled by default in the GENERIC
   kernel. The most notable effect of this change is to make IPFilter work
   correctly when loaded as a kernel module.

   Support for the source address selection part of RFC 3484 has been added.
   The ip6addrctl(8) utility can be used to configure the address selection
   policy.

   The tcp_hostcache feature has been added to the TCP implementation. It
   caches measured parameters of past TCP sessions to provide better initial
   start values for following connections from or to the same source or
   destination. Similar information that used to be stored in the routing
   table has been removed.

   The TCP implementation in FreeBSD now includes protection against a
   certain class of TCP MSS resource exhaustion attacks, in the form of
   limits on the size and rate of TCP segments. The first limit sets the
   minimum allowed maximum TCP segment size, and is controlled by the
   net.inet.tcp.minmss sysctl variable (the default value is 216 bytes). The
   second limit is set by the net.inet.tcp.minmssoverload variable, and
   controls the maximum rate of connections whose average segment size is
   less than net.inet.tcp.minmss. Connections exceeding this packet rate are
   reset and dropped. Because this feature was added late in the 5.2-RELEASE
   release cycle, connection rate limiting is disabled by default, but can be
   enabled manually by assigning a non-zero value to
   net.inet.tcp.minmssoverload.

     ----------------------------------------------------------------------

    2.2.5 Disks and Storage

   The amr(4) driver now has system crashdump support. [MERGED]

   A major rework of the ata(4) driver has been committed. One of the more
   notable changes is that the ata(4) driver is now out from under the Giant
   kernel lock. Note that ATA software RAID systems must now include device
   ataraid in their kernel configuration files, as it is no longer
   automatically implied by device atadisk.

   [5.2.1] A number of bugs in the ata(4) driver have been fixed. Most
   notably, master/slave device detection should work better, and some
   problems with timeouts should be resolved.

   ccd(4) can now operate on raw disks and other geom(4) providers.

   The da(4) driver no longer tries to send 6-byte commands to USB and
   FireWire devices. The quirks for these devices (which hopefully are now
   unnecessary) have been disabled; to restore the old behavior, add options
   DA_OLD_QUIRKS to the kernel configuration. [MERGED]

   Various geom(4) modules can now be loaded as kernel modules, namely:
   geom_apple, geom_bde, geom_bsd, geom_gpt, geom_mbr, geom_pc98,
   geom_sunlabel, geom_vol_ffs.

   A GEOM_FOX module has been added to detect and select between multiple
   redundant paths to the same device.

   The twe(4) driver now supports the 3ware generic API. [MERGED]

     ----------------------------------------------------------------------

    2.2.6 File Systems

   Multi-byte character conversion with the cd9660, msdosfs, ntfs, and udf
   filesystems is now supported by including the CD9660_ICONV, MSDOSFS_ICONV,
   NTFS_ICONV, and UDF_ICONV kernel options, respectively.

   [5.2.1] A bug in GEOM that could result in I/O hangs in some rare cases
   has been fixed.

   Some off-by-one errors in the smbfs that prevented it from working
   correctly with 15-character NetBIOS names have been fixed.

   The sizes of some members of the statfs structure have changed from 32
   bits to 64 bits in order to better support multi-terabyte filesystems.

     * Users performing source upgrades across this change must ensure that
       their kernel and userland bits are in sync, by following the
       documented source upgrade procedures.

     * A backward compatibility version of the statfs(2) system call exists
       but only if the COMPAT_FREEBSD4 kernel option is defined. Including
       this option in the kernel is strongly encouraged.

     * Programs that use the statfs(2) will need to be recompiled. Among the
       known examples are the devel/gnomevfs2, mail/postfix, and security/cfg
       ports.

   Support for NFSv4 has been added with the import of the University of
   Michigan's Citi NFSv4 client implementation. More information can be found
   in the mount_nfs4(8) and idmapd(8) manual pages.

   [5.2.1] A panic in the NFSv4 client has been fixed; this occurred when
   attempting operations against an NFSv3/NFSv2-only server.

     ----------------------------------------------------------------------

    2.2.7 Multimedia Support

     ----------------------------------------------------------------------

  2.3 Userland Changes

   acpiconf(8) now supports a -i option to print battery information.

   acpidb(8), an ACPI DSDT debugger, has been added.

   arp(8) now supports a -i option to limit the scope of the current
   operation to the ARP entries on a particular interface. This option
   applies to the display operations only. It should be useful on routers
   with numerous network interfaces. [MERGED]

   The atmconfig(8) program has been added for configuration of the ATM
   drivers and IP-over-ATM functionality.

   chroot(8) now allows the optional setting of a user, primary group, or
   group list to use inside the chroot environment via the -u, -g, and -G
   options respectively. [MERGED]

   The compat4x.i386 libraries have been updated to correspond to those
   available in FreeBSD 4.9-RELEASE.

   The dev_mkdb utility is unnecessary due to the mandatory presence of
   devfs, and has been removed.

   dhclient(8) now polls the state of network interfaces and only sends DHCP
   requests on interfaces that are up. The polling interval can be controlled
   with the -i option.

   The default mode for the lost+found directory of fsck(8) is now 0700
   instead of 01777. [MERGED]

   fsck_ffs(8) and newfs(8) now create a .snap directory in the root
   directory of each filesystem, with group operator. fsck_ffs(8),
   mksnap_ffs(8), and dump(8) will write their filesystem snapshots to this
   directory. This change avoids locking access to the root directory of a
   filesystem during snapshot creation and also helps non-root users create
   snapshots.

   The ffsinfo(8) utility has been updated to understand UFS2 filesystems and
   has been re-enabled.

   The iasl(8) utility, a compiler/decompiler for ACPI Source Language (ASL)
   and ACPI Machine language (AML), has been added.

   ifconfig(8) now supports a staticarp option for an interface, which
   disables the sending of ARP requests for that interface.

   A fix in the initgroups(3) library function now causes logins to fail if
   the login process is unable to successfully set the process credentials to
   include all groups defined for a user. The current kernel limit is 16
   groups; administrators may wish to check that users do not have more than
   16 groups defined, or they will be unable to log in.

   The ipfw(8) list and show commands now support ranges of rule numbers.
   [MERGED]

   ipfw(8) now supports a -n flag to test the syntax of commands without
   actually changing anything. [MERGED]

   kdump(1) now supports a -p option to display only the trace events
   corresponding to a specific process, as well as a new -E flag to display
   timestamps relative to the start of the dump.

   last(1) now supports a -n flag to limit the number of lines in its output
   report.

   The libalias library, natd(8), and ppp(8) now support Cisco Skinny Station
   protocol, which is the protocol used by Cisco IP phones to talk to Cisco
   Call Managers. Note that currently having the Call Manager behind the NAT
   gateway is not supported. [MERGED]

   The libcipher DES cryptography library has been removed. All of its
   functionality is provided by the libcrypto library, and all base systems
   programs that used libcipher have been converted to use libcrypto instead.

   The libkiconv library has been added to support working with loadable
   character set conversion tables in the kernel.

   libwrap and tcpdchk(8) are now configured to support the extended
   tcp_wrappers syntax by default.

   The locale(1) utility has been re-implemented and is now POSIX-compliant.
   A new -m option shows all available codesets.

   The mount(8) utility now supports to display the filesystem ID for each
   file system in addition to the normal information when a -v flag is
   specified, and the umount(8) utility now accepts the filesystem ID as well
   as the usual device and path names. This allows to unambiguously specify
   which file system is to be unmounted even when two or more file systems
   share the same device and mount point names.

   The mount_cd9660(8), mount_ntfs(8), and mount_udf(8) utilities now support
   a -C option to specify local character sets to convert Unicode filenames.
   It is possible to specify multi-byte character sets using this option.

   The mount_msdosfs(8) utility now supports a -M option to specify the
   maximum file permissions for directories in the file system. [MERGED]

   The mount_msdosfs(8) utility now supports a -D option to specify MS-DOS
   codepages and a -L option to specify local character sets. They are used
   to convert character sets of filenames. The /usr/libdata/msdosfs tables
   have been retired.

   The mount_nwfs(8), mount_portalfs(8), and mount_smbfs(8) utilities have
   been moved from /sbin to /usr/sbin.

   The nologin(8) program has been reimplemented in C (it was formerly a
   shell script).

   [5.2.1] A bugfix has been applied to NSS support, which fixes problems
   when using third-party NSS modules (such as net/nss_ldap) and groups with
   large membership lists.

   The rc.conf(5) variable ntpd_flags for ntpd(8) now includes -f
   /var/db/ntpd.drift by default.

   The pam_guest(8) PAM module has been added to allow guest logins. It
   replaces the pam_ftp(8) module.

   ps(1) and top(1) now support a -H flag to display all kernel-visible
   threads in each process.

   A bug that rarpd(8) does not recognize removable Ethernet NICs has been
   fixed.

   repquota(8) now supports a -n flag to display users and groups
   numerically.

   rtld(1) now includes ``libmap'' functionality by default; the WITH_LIBMAP
   compile knob is unnecessary and has been retired. More information can be
   found in libmap.conf(5).

   savecore(8) now supports a -C flag that merely indicates the existence or
   absence of a coredump file.

   The symorder utility has been removed. It is unnecessary now that all
   kernels use ELF format and there is no a.out format toolchain.

   sysinstall(8) now gives the ability to select an alternate MTA during
   installation. Currently, exim and Postfix are supported.

   sysinstall(8) no longer supports system ``security profiles''; this
   feature has been replaced by individual tuning knobs to enable and disable
   sshd(8) and set the system securelevels.

   systat(1) now includes displays for IPv6 and ICMPv6 traffic. [MERGED]

   uname(1) now supports a -i flag to return the kernel identification. This
   name is also available via the kern.ident sysctl variable.

   A number of utilities available in /bin and /sbin are now available as a
   statically-linked ``crunched'' binary that lives in /rescue. This
   functionality is similar to the /stand directory installed by
   sysinstall(8), but /rescue includes more functionality and is updated as
   part of buildworld/installworld operations. More details can be found in
   rescue(8).

   Many executables in /bin and /sbin are now built using dynamic, rather
   than static linking. This feature brings support for loadable PAM and NSS
   modules to base system utilities located in those directories. It also
   reduces the storage requirements for the root filesystem due to the use of
   shared libraries. This feature can be disabled in a buildworld by defining
   the Makefile variable NO_DYNAMICROOT. Note that statically-linked,
   crunched executables are available in the /rescue directory for use during
   system repair and recovery operations.

     ----------------------------------------------------------------------

  2.4 Contributed Software

   The ACPI-CA code has been updated from the 20030228 snapshot to the
   20030619 snapshot.

   amd has been updated from 6.0.7 to 6.0.9.

   awk from Bell Labs has been updated from a 14 March 2003 snapshot to a 29
   July 2003 snapshot.

   BIND has been updated from 8.3.4 to 8.3.7. [MERGED]

   [5.2.1] Security improvements from CVS 1.11.10 and 1.11.11 have been
   backported. Specifically, certain malformed module requests are now
   rejected, and when using cvs pserver mode, attempts to authenticate as
   root are rejected and recorded via syslog(3).

   GCC has been updated from 3.2.2 to a 3.3.3 pre-release snapshot from 6
   November 2003.

     Note: Previous versions of GCC generated incorrect code when
     -march=pentium4 optimization was enabled. This problem is believed to
     have been fixed with this upgrade, and the earlier workaround for the
     case of CPUTYPE=p4 has been removed.

   GNU Readline has been updated from 4.2 to 4.3.

   GNU Sort has been updated from the version in textutils 2.0.21 to the
   version in textutils 2.1.

   Heimdal Kerberos has been updated from 0.5.1 to 0.6.

   The ISC DHCP client has been updated from 3.0.1rc11 to 3.0.1rc12.

   lukemftp has been updated from 1.6beta2 to a 11 November 2003 snapshot
   from NetBSD.

   OpenPAM has been updated from the ``Dianthus'' release to the ``Dogwood''
   release.

   OpenSSL has been updated from 0.9.7a to 0.9.7c. [MERGED]

   sendmail has been updated from version 8.12.9 to version 8.12.10. [MERGED]

   texinfo has been updated from 4.5 to 4.6. [MERGED]

   The timezone database has been updated from the tzdata2003a release to the
   tzdata2003d release. [MERGED]

     ----------------------------------------------------------------------

  2.5 Ports/Packages Collection Infrastructure

   If GNU_CONFIGURE is defined, all instances of config.guess and config.sub
   found under WRKDIR are replaced with the master versions from
   PORTSDIR/Template. This allows old ports (which contain old versions of
   these scripts) to build on newer architectures like ia64 and amd64.

     ----------------------------------------------------------------------

  2.6 Release Engineering and Integration

   Floppy disk installation images are no longer built for the alpha, amd64,
   and ia64 architectures.

   The supported release of GNOME has been updated from 2.2.1 to 2.4.
   [MERGED]

   The supported release of KDE has been updated from 3.1.2 to 3.1.4.
   [MERGED]

   [5.2.1] The sysutils/kdeadmin3 port and package have been updated to
   version 3.1.4_1. This update fixes a bug in the KUser application that
   could cause the root user to be deleted from the password file

     ----------------------------------------------------------------------

  2.7 Documentation

   To reduce duplication of information (and subsequent difficulty in
   maintaining consistency), many instances of specific devices supported in
   the Hardware Notes have been moved to system manual pages. This project is
   ongoing as of this release.

   A Turkish (tr_TR.ISO8859-9) translation project has been started.

     ----------------------------------------------------------------------

3 Upgrading from previous releases of FreeBSD

   Users with existing FreeBSD systems are highly encouraged to read the
   ``Early Adopter's Guide to FreeBSD 5.2.1-RELEASE''. This document
   generally has the filename EARLY.TXT on the distribution media, or any
   other place that the release notes can be found. It offers some notes on
   upgrading, but more importantly, also discusses some of the relative
   merits of upgrading to FreeBSD 5.X versus running FreeBSD 4.X.

     Important: Upgrading FreeBSD should, of course, only be attempted after
     backing up all data and configuration files.

     ----------------------------------------------------------------------

     This file, and other release-related documents, can be downloaded from
                            ftp://ftp.FreeBSD.org/.

     For questions about FreeBSD, read the documentation before contacting
                            <questions@FreeBSD.org>.

       For questions about this documentation, e-mail <doc@FreeBSD.org>.