Release notes for CerbNG-1.0-RC2 (changes from RC1).

New functionality:
	- New example policies:
		+ apache.cb,
		+ audit.cb,
		+ crontab.cb,
		+ jailed-icmp.cb,
		+ oidentd.cb (contributed by
		              Marcel Falkiewicz <fala@die.pl>),
		+ restricted-ftp.cb,
		+ screen.cb,
		+ syslogd.cb (contributed by
		              Michal Belczyk <diavul@bsd.krakow.pl>),
		+ traceroute.cb,
		+ unprivileged-chroot.cb.
	- New kernel operations:
		+ % (modulo),
		+ >>,
		+ <<,
		+ null(),
		+ getprison(),
		+ setprison(),
		+ getpgid(),
		+ setpgid(),
		+ basename(),
		+ dirname(),
		+ getplogin(),
		+ setplogin(),
		+ getpsid(),
		+ getunpath(),
		+ ask() (this provides very interesting functionality
		  and was inspired by simlar systrace functionality).
	- New userland operations:
		+ MKNULL().
	- New constant values:
		+ pgid,
		+ psid.
	- New sysctl variables:
		+ cerb.mem.debug,
		+ cerb.version.number,
		+ cerb.version.string,
		+ cerb.ask.wakeup,
		+ cerb.ask.show,
		+ cerb.ask.suspended,
		+ cerb.ask.maxsuspended.
	- Added new part of regression tests: optests. Now we got 3
	  different types of regression tests and summary about 230 single
	  tests.
	- Added initialization part for rules. Variable "syscall" is set
	  to SYS_MAXSYSCALL then - new macro - REGISTER() depends on this
	  functionality.
	- There is no more CB_ST_SOCKADDR_IN_T type, it was replaced by
	  more general CB_SOCKADDR_IN_T type.
	- Operation + is now avaliable also for types: CB_STR_T,
	  CB_STRPTR_T, CB_DEF_T, CB_DEFPTR_T, CB_UDEF_T, CB_UDEFPTR_T.
	- Operation == is now also avaliable for types: CB_PTR_T,
	  CB_ST_PRISON_T.
	- Operation != is now also avaliable for types: CB_PTR_T,
	  CB_ST_PRISON_T.
	- Operations -, *, / are now also avaliable for types: CB_DEF_T,
	  CB_UDEF_T.
	- Operation tabrange() could operate on CB_STR_T type also.
	- Values in rules could be marked as CB_UDEF_T with 'u' or 'U'
	  suffix.
	- Many others...

Fixed bugs:
	- Fixed potential race condition in syscall's arguments handling.
	  Arguments (that are buffers) could be changed in SMP or
	  shared-memory environment after cerb operations and before call
	  to original syscall. Now such buffers are copied-on-read-or-write
	  to newly allocated pages that are marked read-only.
	  Thanks goes to Robert Watson <rwatson@FreeBSD.org> for pointing
	  this out.
	- Userland operations such as GET_UID()/GET_SHELL(), etc. could be
	  used now inside of table declaration.
	- Fixed getip() operation for AF_INET6 family.
	- Removed potential race in importing rules to kernel.
	- Many others, little fixes.