1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
11 <title>&os; &release.current; Release Notes</title>
13 <corpauthor>The &os; Project</corpauthor>
15 <pubdate>$FreeBSD$</pubdate>
19 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
22 <legalnotice id="trademarks" role="trademarks">
32 <para>The release notes for &os; &release.current; contain a summary
33 of the changes made to the &os; base system on the
34 &release.branch; development line.
35 This document lists applicable security advisories that were issued since
36 the last release, as well as significant changes to the &os;
38 Some brief remarks on upgrading are also presented.</para>
43 <title>Introduction</title>
45 <para>This document contains the release notes for &os;
47 describes recently added, changed, or deleted features of &os;.
48 It also provides some notes on upgrading
49 from previous versions of &os;.</para>
51 <para>This distribution of &os; &release.current; is a
52 &release.type; distribution. It can be found at <ulink
53 url="&release.url;"></ulink> or any of its mirrors. More
54 information on obtaining this (or other) &release.type;
55 distributions of &os; can be found in the <ulink
56 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
57 &os;</quote> appendix</ulink> to the <ulink
58 url="&url.books.handbook;/">&os;
59 Handbook</ulink>.</para>
61 <para>All users are encouraged to consult the release errata before
62 installing &os;. The errata document is updated with
63 <quote>late-breaking</quote> information discovered late in the
64 release cycle or after the release. Typically, it contains
65 information on known bugs, security advisories, and corrections to
66 documentation. An up-to-date copy of the errata for &os;
67 &release.current; can be found on the &os; Web site.</para>
72 <title>What's New</title>
74 <para>This section describes
75 the most user-visible new or changed features in &os;
76 since &release.prev;.</para>
78 <para>Typical release note items
79 document recent security advisories issued after
81 new drivers or hardware support, new commands or options,
82 major bug fixes, or contributed software upgrades. They may also
83 list changes to major ports/packages or release engineering
84 practices. Clearly the release notes cannot list every single
85 change made to &os; between releases; this document focuses
86 primarily on security advisories, user-visible changes, and major
87 architectural improvements.</para>
90 <title>Security Advisories</title>
92 <para>Problems described in the following security advisories have
93 been fixed. For more information, consult the individual
94 advisories available from
95 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
97 <informaltable frame="none" pgwide="1">
99 <colspec colwidth="1*">
100 <colspec colwidth="1*">
101 <colspec colwidth="3*">
104 <entry>Advisory</entry>
112 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:01.mountd.asc"
113 >SA-11:01.mountd</ulink></entry>
114 <entry>20 April 2011</entry>
115 <entry><para>Network ACL mishandling in &man.mountd.8;</para></entry>
119 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc"
120 >SA-11:02.bind</ulink></entry>
121 <entry>28 May 2011</entry>
122 <entry><para>BIND remote DoS with large RRSIG RRsets and negative
123 caching</para></entry>
127 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc"
128 >SA-11:04.compress</ulink></entry>
129 <entry>28 September 2011</entry>
130 <entry><para>Errors handling corrupt compress file in
131 &man.compress.1; and &man.gzip.1;</para></entry>
135 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc"
136 >SA-11:05.unix</ulink></entry>
137 <entry>28 September 2011</entry>
138 <entry><para>Buffer overflow in handling of UNIX socket
139 addresses</para></entry>
143 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:06.bind.asc"
144 >SA-11:06.bind</ulink></entry>
145 <entry>23 December 2011</entry>
146 <entry><para>Remote packet Denial of Service against &man.named.8;
147 servers</para></entry>
151 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:07.chroot.asc"
152 >SA-11:07.chroot</ulink></entry>
153 <entry>23 December 2011</entry>
154 <entry><para>Code execution via chrooted ftpd</para></entry>
158 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
159 >SA-11:08.telnetd</ulink></entry>
160 <entry>23 December 2011</entry>
161 <entry><para>telnetd code execution vulnerability</para></entry>
165 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:09.pam_ssh.asc"
166 >SA-11:09.pam_ssh</ulink></entry>
167 <entry>23 December 2011</entry>
168 <entry><para>pam_ssh improperly grants access when user account has
169 unencrypted SSH private keys</para></entry>
173 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-11:10.pam.asc"
174 >SA-11:10.pam</ulink></entry>
175 <entry>23 December 2011</entry>
176 <entry><para><function>pam_start()</function> does not validate
177 service names</para></entry>
185 <title>Kernel Changes</title>
187 <para revision="219129">The &os; kernel now supports Capsicum
188 Capability Mode. Capsicum is a set of features for sandboxing
189 support, using a capability model in which the capabilities
190 are file descriptors. Two new kernel options
191 <literal>CAPABILITIES</literal> and
192 <literal>CAPABILITY_MODE</literal> have been added to the
193 <filename>GENERIC</filename> kernel. For more information
194 about Capsicum, see <ulink
195 url="http://www.cl.cam.ac.uk/research/security/capsicum/"></ulink>.</para>
197 <para revision="219559,219561" arch="amd64,i386">The &os;
198 &man.dtrace.1; framework now supports
199 <literal>systrace</literal> for system calls of
200 <literal>linux32</literal> and <literal>freebsd32</literal> on
201 &os;/&arch.amd64;. Two new
202 <filename>systrace_linux32</filename> and
203 <filename>systrace_freebsd32</filename> kernel modules provide
204 support for tracing compat system calls in addition to the native
205 system call tracing provided by the
206 <filename>systrace</filename> module.</para>
208 <para revision="217152,217396" arch="amd64,i386,powerpc">The
209 &os; ELF image activator now supports the
210 <literal>PT_GNU_STACK</literal> program header. This is
211 disabled by default. New &man.sysctl.8; variables
212 <varname>kern.elf32.nxstack</varname> and
213 <varname>kern.elf64.nxstack</varname> allow enabling
214 <literal>PT_GNU_STACK</literal> for the specified ABIs
215 (e.g. <literal>elf32</literal> for 32-bit ABI).</para>
217 <para revision="216758,216615">The &man.hhook.9; (Helper Hook)
218 and &man.khelp.9; (Kernel Helpers) KPIs have been implemented.
219 These are a kind of superset of &man.pfil.9; framework for
220 more general use in the kernel. The &man.hhook.9; KPI
221 provides a way for kernel subsystems to export hook points
222 that &man.khelp.9; modules can hook to provide enhanced or new
223 functionality to the kernel. The &man.khelp.9; KPI provides a
224 framework for managing &man.khelp.9; modules, which indirectly
225 use the &man.hhook.9; KPI to register their hook functions
226 with hook points of interest within the kernel. These allow a
227 structured way to dynamically extend the kernel at runtime in
228 an ABI preserving manner.</para>
230 <para revision="224516" arch="amd64,i386,pc98">A &man.loader.8;
231 tunable <varname>hw.memtest.tests</varname> has been added.
232 This controls whether to perform memory testing at boot time
233 or not. The default value is <literal>1</literal> (perform a
236 <para revision="220137">A new resource accounting API has been
237 implemented. It can keep per-process, per-jail, and
238 per-loginclass resource accounting information. Note that
239 this is not built nor installed by default. To build and
240 install them, specify <literal>options RACCT</literal> in the
241 kernel configuration file and rebuild the base system as
242 described in the <ulink
243 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
244 Handbook</ulink>.</para>
246 <para revision="220163">A new resource-limiting API has been
247 implemented. It works in conjunction with the
248 <literal>RACCT</literal> resource accounting implementation
249 and takes user-configurable actions based on the set of rules
250 it maintains and the current resource usage. The &man.rctl.8;
251 utility has been added to manage the rules in userland. Note
252 that this is not built nor installed by default. To build and
253 install them, specify <literal>options RCTL</literal> in the
254 kernel configuration file and rebuild the base system as
255 described in the <ulink
256 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
257 Handbook</ulink>.</para>
259 <para revision="220031">The &man.sendmsg.2; and &man.recvmsg.2;
260 system calls in the &os; Linux ABI compatibility have been
263 <para revision="219999">The &man.open.2; and &man.fhopen.2;
264 system calls now support the <literal>O_CLOEXEC</literal> flag,
265 which allows setting the <literal>FD_CLOEXEC</literal> flag for the
266 newly created file descriptor. This is standardized in IEEE
267 Std 1003.1-2008 (POSIX, Single UNIX Specification Version
270 <para revision="220791">The &man.posix.fallocate.2; system call has
271 been implemented. This is a function in POSIX to ensure that
272 a part of the storage for regular file data is allocated on the
273 file system storage media.</para>
275 <para revision="219304">Two new system calls
276 <function>setloginclass(2)</function> and
277 <function>getloginclass(2)</function> have been added. This
278 makes it possible for the kernel to track the login class a
279 process is assigned to, which is required for the
280 <literal>RCTL</literal> resource limiting framework.</para>
282 <para revision="220238" arch="amd64">&os; now supports executing
283 &os; 1/&arch.i386; a.out binaries on &os;/&arch.amd64;. Note
284 that this is not built nor installed by default. To build and
285 install them, specify <literal>options COMPAT_43</literal> in
286 the kernel configuration file and rebuild the base system as
287 described in the <ulink
288 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
289 Handbook</ulink>.</para>
291 <para revision="218485,219028,219029">The following
292 &man.sysctl.8; variables have been added to show the availability
293 of various kernel features:</para>
295 <informaltable frame="none" pgwide="1">
297 <colspec colwidth="1*">
298 <colspec colwidth="3*">
301 <entry>&man.sysctl.8; variable name</entry>
302 <entry>Description</entry>
308 <entry><varname>kern.features.ufs_acl</varname></entry>
309 <entry>ACL (Access Control List) support in UFS</entry>
313 <entry><varname>kern.features.ufs_gjournal</varname></entry>
314 <entry>journaling support through &man.gjournal.8; for
319 <entry><varname>kern.features.ufs_quota</varname></entry>
320 <entry>UFS disk quotas support</entry>
324 <entry><varname>kern.features.ufs_quota64</varname></entry>
325 <entry>64-bit UFS disk quotas support</entry>
329 <entry><varname>kern.features.softupdates</varname></entry>
330 <entry>FFS soft-updates support</entry>
334 <entry><varname>kern.features.ffs_snapshot</varname></entry>
335 <entry>FFS snapshot support</entry>
339 <entry><varname>kern.features.nfsclient</varname></entry>
340 <entry>NFS client (old implementation)</entry>
344 <entry><varname>kern.features.nfscl</varname></entry>
345 <entry>NFS client (new implementation)</entry>
349 <entry><varname>kern.features.nfsserver</varname></entry>
350 <entry>NFS server (old implementation)</entry>
354 <entry><varname>kern.features.nfsd</varname></entry>
355 <entry>NFS server (new implementation)</entry>
359 <entry><varname>kern.features.kdtrace_hooks</varname></entry>
360 <entry>Kernel DTrace hooks which are required to load
361 DTrace kernel modules</entry>
365 <entry><varname>kern.features.ktr</varname></entry>
366 <entry>Kernel support for KTR kernel tracing facility</entry>
370 <entry><varname>kern.features.ktrace</varname></entry>
371 <entry>Kernel support for system call tracing</entry>
375 <entry><varname>kern.features.hwpmc_hooks</varname></entry>
376 <entry>Kernel support for HW PMC</entry>
380 <entry><varname>kern.features.sysv_msg</varname></entry>
381 <entry>System V message queues support</entry>
385 <entry><varname>kern.features.sysv_sem</varname></entry>
386 <entry>System V semaphores support</entry>
390 <entry><varname>kern.features.p1003_1b_mqueue</varname></entry>
391 <entry>POSIX P1003.1B message queues support</entry>
395 <entry><varname>kern.features.p1003_1b_semaphores</varname></entry>
396 <entry>POSIX P1003.1B semaphores support</entry>
400 <entry><varname>kern.features.kposix_priority_scheduling</varname></entry>
401 <entry>POSIX P1003.1B real-time extensions</entry>
405 <entry><varname>kern.features.stack</varname></entry>
406 <entry>Support for capturing the kernel stack</entry>
410 <entry><varname>kern.features.sysv_shm</varname></entry>
411 <entry>System V shared memory segments support</entry>
415 <entry><varname>kern.features.pps_sync</varname></entry>
416 <entry>Support usage of external PPS signal by kernel PLL</entry>
420 <entry><varname>kern.features.regression</varname></entry>
421 <entry>Kernel support for interfaces necessary for
422 regression testing</entry>
426 <entry><varname>kern.features.invariant_support</varname></entry>
427 <entry>Support for modules compiled with the INVARIANTS option</entry>
431 <entry><varname>kern.features.zero_copy_sockets</varname></entry>
432 <entry>Zero copy sockets support</entry>
436 <entry><varname>kern.features.libmchain</varname></entry>
437 <entry>mchain library</entry>
441 <entry><varname>kern.features.scbus</varname></entry>
442 <entry>SCSI devices support</entry>
446 <entry><varname>kern.features.mac</varname></entry>
447 <entry>Mandatory Access Control Framework support</entry>
451 <entry><varname>kern.features.audit</varname></entry>
452 <entry>BSM audit support</entry>
456 <entry><varname>kern.features.geom_gate</varname></entry>
457 <entry>GEOM Gate module</entry>
461 <entry><varname>kern.features.geom_uzip</varname></entry>
462 <entry>GEOM uzip read-only compressed disks support</entry>
466 <entry><varname>kern.features.geom_cache</varname></entry>
467 <entry>GEOM cache module</entry>
471 <entry><varname>kern.features.geom_mirror</varname></entry>
472 <entry>GEOM mirroring support</entry>
476 <entry><varname>kern.features.geom_stripe</varname></entry>
477 <entry>GEOM striping support</entry>
481 <entry><varname>kern.features.geom_concat</varname></entry>
482 <entry>GEOM concatenation support</entry>
486 <entry><varname>kern.features.geom_raid3</varname></entry>
487 <entry>GEOM RAID-3 functionality</entry>
491 <entry><varname>kern.features.geom_fox</varname></entry>
492 <entry>GEOM FOX redundant path mitigation support</entry>
496 <entry><varname>kern.features.geom_multipath</varname></entry>
497 <entry>GEOM multipath support</entry>
501 <entry><varname>kern.features.g_virstor</varname></entry>
502 <entry>GEOM virtual storage support</entry>
506 <entry><varname>kern.features.geom_bde</varname></entry>
507 <entry>GEOM-based Disk Encryption</entry>
511 <entry><varname>kern.features.geom_eli</varname></entry>
512 <entry>GEOM crypto module</entry>
516 <entry><varname>kern.features.geom_journal</varname></entry>
517 <entry>GEOM journaling support</entry>
521 <entry><varname>kern.features.geom_shsec</varname></entry>
522 <entry>GEOM shared secret device support</entry>
526 <entry><varname>kern.features.geom_vol</varname></entry>
527 <entry>GEOM support for volume names from UFS superblocks</entry>
531 <entry><varname>kern.features.geom_label</varname></entry>
532 <entry>GEOM labeling support</entry>
536 <entry><varname>kern.features.geom_sunlabel</varname></entry>
537 <entry>GEOM Sun/Solaris partitioning support</entry>
541 <entry><varname>kern.features.geom_bsd</varname></entry>
542 <entry>GEOM BSD disklabels support</entry>
546 <entry><varname>kern.features.geom_pc98</varname></entry>
547 <entry>GEOM NEC PC9800 partitioning support</entry>
551 <entry><varname>kern.features.geom_linux_lvm</varname></entry>
552 <entry>GEOM Linux LVM partitioning support</entry>
556 <entry><varname>kern.features.geom_part_pc98</varname></entry>
557 <entry>GEOM partitioning class for PC-9800 disk partitions</entry>
561 <entry><varname>kern.features.geom_part_vtoc8</varname></entry>
562 <entry>GEOM partitioning class for SMI VTOC8 disk labels</entry>
566 <entry><varname>kern.features.geom_part_bsd</varname></entry>
567 <entry>GEOM partitioning class for BSD disklabels</entry>
571 <entry><varname>kern.features.geom_part_ebr</varname></entry>
572 <entry>GEOM partitioning class for extended boot records support</entry>
576 <entry><varname>kern.features.geom_part_ebr_compat</varname></entry>
577 <entry>GEOM EBR partitioning class:
578 backward-compatible partition names</entry>
582 <entry><varname>kern.features.geom_part_gpt</varname></entry>
583 <entry>GEOM partitioning class for GPT partitions
588 <entry><varname>kern.features.geom_part_apm</varname></entry>
589 <entry>GEOM partitioning class for Apple-style
594 <entry><varname>kern.features.geom_part_mbr</varname></entry>
595 <entry>GEOM partitioning class for MBR support</entry>
602 <title>Boot Loader Changes</title>
604 <para revision="222417">The default boot loader menu has been
607 <para revision="219541" arch="ia64">The &man.loader.8; loader
608 now supports PBVM (Pre-Boot Virtual Memory). This allows
609 linking the kernel at a fixed virtual address without having to
610 make any assumptions about the physical memory layout. The
611 PBVM also allows fine control of the address where the
612 kernel and its modules are to be loaded.</para>
616 <title>Hardware Support</title>
618 <para revision="217044" arch="powerpc">&os;/powerpc now
619 supports Sony Playstation 3 using the OtherOS feature
620 available on firmwares 3.15 and earlier.</para>
622 <para revision="219473,220577">A new &man.loader.8; tunable
623 <varname>machdep.disable_tsc</varname> has been added.
624 Setting this to a non-zero value disables use of TSC (Time
625 Stamp Counter) by turning off boot-time CPU frequency
626 calibration, DELAY(9) with TSC, and using TSC as a CPU
627 ticker. Another new &man.loader.8; tunable
628 <varname>machdep.disable_tsc_calibration</varname> allows to
629 skip the TSC frequency calibration only. This is useful when
630 one wants to use the nominal frequency of the chip in Intel
631 processors, for example.</para>
633 <para revision="223098" arch="amd64,i386">The &os; &man.usb.4;
634 subsystem now supports USB 3.0 by default.</para>
636 <para revision="215649">The &os; &man.usb.4; subsystem now
637 supports USB packet filter. This allows to capture packets
638 which go through each USB host controller. The
639 implementation is almost based on &man.bpf.4; code.
640 The userland program &man.usbdump.8; has been added.</para>
643 <title>Network Interface Support</title>
645 <para revision="217649">A bug in the &man.alc.4; driver which
646 could make AR8152-based network interfaces stop working
647 has been fixed.</para>
649 <para revision="219647">A bxe(4) driver for Broadcom
650 NetXtreme II 10GbE controllers (BCM57710, BCM57711,
651 BCM57711E) has been added.</para>
653 <para revision="220009">The &man.cxgb.4; driver has been
654 updated to version 7.11.0.</para>
656 <para revision="218794">A &man.cxgbe.4; driver for Chelsio
657 T4 (Terminator 4) based 10Gb/1Gb adapters has been
660 <para revision="218832" arch="i386">The &man.dc.4; driver
661 now works correctly in kernels with the
662 <option>PAE</option> option.</para>
664 <para revision="219753">The &man.em.4; driver has been
665 updated to version 7.3.2.</para>
667 <para revision="223350">The &man.igb.4; driver has been
668 updated to version 2.2.5.</para>
670 <para revision="218530">The &man.igb.4; driver now supports
671 Intel I350 PCIe Gigabit Ethernet controllers.</para>
673 <para revision="217593">The &man.ixgbe.4; driver has been
674 updated to version 2.3.8.</para>
676 <para revision="220892">Firmware images in the &man.iwn.4;
677 driver for 1000, 5000, 6000, and 6500 series cards have been
680 <para revision="216860">A bug in the &man.msk.4; driver has been
681 fixed. It could prevent RX checksum offloading from
684 <para revision="217794">A bug in the &man.nfe.4; driver which
685 could prevent reinitialization after changing the MTU has
688 <para revision="217511">A bug in the &man.ral.4; and &man.run.4;
689 drivers which could prevent <literal>hostap</literal> mode
690 from working has been fixed.</para>
692 <para revision="216828">A rdcphy(4) driver for RDC Semiconductor
693 R6040 10/100 PHY has been added.</para>
695 <para revision="217498,218760">The &man.re.4; driver now supports
696 RTL8168E/8111E-VL PCIe Gigabit Ethernet controllers and
697 RTL8401E PCIe Fast Ethernet controllers.</para>
699 <para revision="217766">The &man.re.4; driver now supports
700 TX interrupt moderation on RTL810xE PCIe Fast Ethernet
703 <para revision="217902">The &man.re.4; driver now supports
704 another mechanism for RX interrupt moderation because of
705 performance problems. A &man.sysctl.8; variable
706 <varname>dev.re.<replaceable>N</replaceable>.int_rx_mod</varname>
707 has been added to control amount of time to delay RX
708 interrupt processing, in units of microsecond. Setting it
709 to <literal>0</literal> completely disables RX interrupt
710 moderation. A &man.loader.8; tunable
711 <varname>hw.re.intr_filter</varname> controls whether the
712 old mechanism utilizing MSI/MSI-X capability on
713 supported controllers is used or not. When set to
714 a non-zero value, the &man.re.4; driver uses the old
715 mechanism. The default value is <literal>0</literal> and
716 this tunable has no effect on controllers without MSI/MSI-X
719 <para revision="217246,217832">The &man.re.4; driver now
720 supports TSO (TCP Segmentation Offload) on RealTek
721 RTL8168/8111 C or later controllers. Note that this is
722 disabled by default because broken frames can be sent
723 under certain conditions.</para>
725 <para revision="217381,218289">The &man.re.4; driver now
726 supports enabling TX and/or RX checksum offloading
727 independently from each other. Note that TX IP checksum
728 is disabled on some RTL8168C-based network interfaces
729 because it can generate an incorrect IP checksum when the
730 packet contains IP options.</para>
732 <para revision="217296">A bug in the &man.re.4; driver has
733 been fixed. It could cause a panic when receiving a jumbo
734 frame on an RTL8169C, 8169D, or 8169E controller-based
735 network interface.</para>
737 <para revision="217911">The &man.re.4; driver now supports
738 RTL8105E PCIe Fast Ethernet controllers.</para>
740 <para revision="217910">The rlphy(4) driver now supports the
741 Realtek RTL8201E 10/100 PHY found in RTL8105E
744 <para revision="217548">A bug in the &man.sis.4; driver has
745 been fixed. It could prevent a proper reinitialization
746 on DP83815, DP83816, and SiS 900/7016 controllers when the
747 configuration of multicast packet handling and/or
748 promiscuous mode is changed.</para>
750 <para revision="216650">A bug in the &man.vlan.4; pseudo interface
751 han been fixed. It could have a random interface
752 identifier in an automatically configured IPv6 link-local
753 address, instead of one generated with the parent
754 interface's IEEE 802 48-bit MAC address and an algorithm
755 described in RFC 4291.</para>
757 <para revision="216829">A &man.vte.4; driver for RDC R6040 Fast
758 Ethernet controllers, which are commonly found on the Vortex86
759 System On a Chip, has been added.</para>
761 <para revision="221167">A &man.vxge.4; driver for the Neterion
762 X3100 10GbE Server/Storage adapter has been added.</para>
764 <para revision="216824">A bug in the &man.wpi.4; driver has been
765 fixed. It could display the following error messages and
766 result in the device being unusable:</para>
768 <screen>wpi0: could not map mbuf (error 12)
769 wpi0: wpi_rx_intr: bus_dmamap_load failed, error 12</screen>
774 <sect3 id="net-proto">
775 <title>Network Protocols</title>
777 <para revision="225044">&man.ipfw.8; now supports IPv6 in
778 the <command>fwd</command> action.</para>
780 <para revision="223666">&man.ipfw.8; now supports the
781 <command>call</command> and <command>return</command>
782 actions. Upon the <command>call
783 <replaceable>number</replaceable></command> action, the
784 current rule number is saved in the internal stack and
785 ruleset processing continues with the first rule numbered
786 <replaceable>number</replaceable> or higher. The
787 <command>return</command> action takes the rule number saved
788 to internal stack by the latest <command>call</command>
789 action and returns ruleset processing to the first rule with
790 number greater than that saved number.</para>
792 <para revision="218794">&os;'s &man.ipsec.4; support now uses
793 half of the hash size as the authenticator hash size in
794 Hashed Message Authentication Mode (HMAC-SHA-256,
795 HMAC-SHA-384, and HMAC-SHA-512) as described in RFC 4868.
796 This was a fixed 96-bit length in prior releases because the
797 implementation was based on an old Internet draft
798 draft-ietf-ipsec-ciph-sha-256-00. Note that this means
799 &release.current; and later are no longer interoperable with
800 the older &os; releases.</para>
802 <para revision="219820">For Infiniband support, OFED
803 (OpenFabrics Enterprise Distribution) version 1.5.3 has been
804 imported into the base system. Note that this is not built
805 nor installed by default. To build and install them,
806 specify <literal>WITH_OFED=yes</literal> in
807 <filename>/etc/src.conf</filename> and rebuild the base
808 system as described in the <ulink
809 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
810 Handbook</ulink>.</para>
812 <para revision="226572">The &os; TCP/IP network stack now supports
813 IPv4 prefixes with /31 as described in RFC 3021,
814 <quote>Using 31-Bit Prefixes on IPv4 Point-to-Point
815 Links</quote>.</para>
817 <para revision="217169">A bug in the &os; TCP/IP network stack has
818 been fixed. Source address selection could not be
819 performed when multicast options were present but without an
820 interface being specified.</para>
822 <para revision="225682">A bug in the
823 <literal>IPV6_PKTINFO</literal> option used in
824 &man.sendmsg.2; has been fixed. The
825 <literal>IPV6_USE_MIN_MTU</literal> state set by
826 &man.setsockopt.2; was ignored.</para>
828 <para revision="216109,216114,216115,218152,218153,218155">
829 The &os; TCP/IP network stack now supports the &man.mod.cc.9; pluggable
830 congestion control framework. This allows TCP congestion
831 control algorithms to be implemented as dynamically loadable
832 kernel modules. The following kernel modules are available
833 as of &release.current;: &man.cc.chd.4; for the
834 CAIA-Hamilton-Delay algorithm, &man.cc.cubic.4; for the CUBIC
835 algorithm, &man.cc.hd.4; for the Hamilton-Delay algorithm,
836 &man.cc.htcp.4; for the H-TCP algorithm, &man.cc.newreno.4; for
837 the NewReno algorithm, and &man.cc.vegas.4; for the Vegas algorithm.
838 The default algorithm can be set by a new &man.sysctl.8;
839 variable <varname>net.inet.tcp.cc.algorithm</varname>. The
840 value must be set to one of the names listed by
841 <varname>net.inet.tcp.cc.available</varname>, and
842 <literal>newreno</literal> is the default set at boot time.
844 detail, see the &man.mod.cc.4; and &man.mod.cc.9; manual pages.</para>
846 <para revision="217806">An &man.h.ertt.4; (Enhanced Round Trip
847 Time) &man.khelp.9; module has been added. This module
848 allows per-connection, low noise estimates of the
849 instantaneous RTT in the TCP/IP network stack with a robust
850 implementation even in the face of delayed acknowledgments
851 and/or TSO (TCP Segmentation Offload) being in use for a
854 <para revision="218912">A new &man.tcp.4; socket option
855 <literal>TCP_CONGESTION</literal> has been added. This
856 allows to select or query the congestion control algorithm
857 that the TCP/IP network stack will use for connections on
860 <para revision="225586">The &man.ng.ipfw.4; &man.netgraph.4;
861 node now supports IPv6.</para>
863 <para revision="219127">The &man.ng.one2many.4;
864 &man.netgraph.4; node now supports the
865 <literal>XMIT_FAILOVER</literal> transmit algorithm. This
866 makes packets deliver out of the first active
867 <literal>many</literal> hook.</para>
869 <para revision="219183">The &man.ng.netflow.4;
870 &man.netgraph.4; node now supports NetFlow version 9. A new
871 <literal>export9</literal> hook has been added for NetFlow
872 v9 data. Note that data export can be done
873 simultaneously in both version 5 and version 9.</para>
877 <title>Disks and Storage</title>
879 <para revision="220412">The &man.ada.4; driver now supports
880 write cache control. A new &man.sysctl.8 variable
881 <varname>kern.cam.ada.write_cache</varname> determines
882 whether the write cache of &man.ada.4; devices is enabled or
883 not. Setting to <literal>1</literal> enables and
884 <literal>0</literal> disables the write cache, and <literal>-1</literal>
885 leaves the device default behavior. &man.sysctl.8 variables
886 <varname>kern.cam.ada.<replaceable>N</replaceable>.write_cache</varname>
887 can override the configuration in a per-device basis (the
888 default value is <literal>-1</literal>, which means to use
889 the global setting). Note that the value can be changed at
890 runtime, but it takes effect only after a device
893 <para revision="224905">The &man.arcmsr.4; driver has been
894 updated to version 1.20.00.22.</para>
896 <para revision="226067">The &man.cam.4; subsystem now supports the
897 descriptor format sense data of the SPC-3 (SCSI Primary Commands
898 3) specification.</para>
900 <para revision="220559">The &man.geom.map.4; GEOM class has
901 been added. This allows to generate multiple geom providers
902 based on a hard-coded layout of a device with no explicit
903 partition table such as embedded flash storage. For more
904 information, see the &man.geom.map.4; manual page.</para>
906 <para revision="218014">The &man.gpart.8; GEOM class now
907 supports the following aliases for the MBR and EBR schemes:
908 <literal>fat32</literal>, <literal>ebr</literal>,
909 <literal>linux-data</literal>,
910 <literal>linux-raid</literal>, and
911 <literal>linux-swap</literal>.</para>
913 <para revision="218014">The &man.gpart.8; GEOM class now
914 supports <literal>bios-boot</literal> GUID for the GPT
915 scheme which is used in GRUB 2 loader.</para>
917 <para revision="219974">The &man.graid.8; GEOM class has been
918 added. This is a replacement of the &man.ataraid.4; driver
919 supporting various BIOS-based software RAID.</para>
921 <para revision="219056">The &man.sysctl.8; variable
922 <varname>kern.geom.confxml</varname> now contains
923 information about disk identification in an
924 <sgmltag>ident</sgmltag> tag and disk model strings in a
925 <sgmltag>descr</sgmltag> tag.</para>
927 <para revision="216793">The &man.md.4; memory-backed pseudo disk
928 device driver now supports a &man.sysctl.8; variable
929 <varname>vm.md_malloc_wait</varname> to specify whether a
930 malloc-backed disk will use <varname>M_WAITOK</varname> or
931 <varname>M_NOWAIT</varname> for &man.malloc.9; calls. The
932 <varname>M_WAITOK</varname> setting can prevent memory allocation
933 failure under high load. If it is set to
934 <literal>0</literal>, a malloc-backed disk uses
935 <varname>M_NOWAIT</varname> for memory allocation. The
936 default value is <literal>0</literal>.</para>
938 <para revision="216941,217509">A bug in the &man.mmc.4; driver
939 that could cause device detection to fail has been fixed.</para>
941 <para revision="223958">The &man.mxge.4; driver has been
944 <para revision="226115">A &man.tws.4; driver for 3ware 9750
945 SATA+SAS 6Gb/s RAID controllers has been added.</para>
949 <title>File Systems</title>
951 <para revision="207141,218726">The &os; Fast File System now supports
952 softupdates journaling. It introduces a intent log into a
953 softupdates-enabled file system which eliminates the need
954 for background &man.fsck.8; even on unclean shutdown. This
955 can be enabled in a per-filesystem basis by using the
956 <option>-j</option> flag of the &man.newfs.8; utility or the
957 <option>-j enable</option> option of the &man.tunefs.8;
958 utility. Note that the &release.current; installer
959 automatically enables softupdates journaling for
960 newly-created UFS file systems.</para>
962 <para revision="216796">The &os; Fast File System now
963 supports the <literal>TRIM</literal> command when freeing data
964 blocks. A new flag <option>-t</option> in the &man.newfs.8;
965 and &man.tunefs.8; utilities sets the TRIM-enable flag for a
966 file system. The TRIM-enable flag makes the file system
967 send a delete request to the underlying device for each
968 freed block. The <literal>TRIM</literal> command is
969 specified as a Data Set Management Command in the ATA8-ACS2
970 standard to carry the information related to deleted data
971 blocks to a device, especially for a SSD (Solid-State Drive) for
974 <para revision="221233">A new flag <option>-E</option> has
975 been added to the &man.newfs.8; and &man.fsck.ffs.8; utilities.
976 This clears unallocated blocks, notifying the underlying
977 device that they are not used and that their contents may be
978 discarded. This is useful in &man.fsck.ffs.8; for file
979 systems which have been mounted on systems without
980 <literal>TRIM</literal> support, or with
981 <literal>TRIM</literal> support disabled, as well as
982 filesystems which have been copied from one device to
985 <para revision="221124">The &os; NFS subsystem has been
986 updated. The new implementation supports NFS version 4 in
987 addition to 2 and 3. The kernel options for the NFS server
988 and client are changed from <literal>NFSSERVER</literal> and
989 <literal>NFSCLIENT</literal> to <literal>NFSD</literal> and
990 <literal>NFSCL</literal>. &man.sysctl.8; variables which
991 start with <varname>vfs.nfssrv.</varname> have been renamed
992 to <varname>vfs.nfsd.</varname>. The NFS server now
993 supports <varname>vfs.nfsd.server_max_nfsvers</varname> and
994 <varname>vfs.nfsd.server_min_nfsvers</varname>
995 &man.sysctl.8; variables to specify the maximum and the
996 minimum NFS version number which the server accepts. The
997 default value is set to <literal>3</literal> and
998 <literal>2</literal>, respectively.</para>
1000 <para>To enable NFSv4, the following variables are needed on
1001 the server side in &man.rc.conf.5;:</para>
1003 <programlisting>nfsv_server_enable="YES"
1004 nfsv4_server_enable="YES"
1005 nfsuserd_enable="YES"</programlisting>
1007 <para>and the following line is needed in
1008 <filename>/etc/exports</filename>:</para>
1010 <programlisting>V4: /</programlisting>
1012 <para>For more information about NFSv4 and its configuration,
1013 see the &man.nfsv4.4; and &man.exports.5; manual pages.</para>
1015 <para revision="221436">The &os; NFS subsystem now supports a
1016 <option>nocto</option> mount option. This disables the
1017 close-to-open cache coherency check at open time. This
1018 option may improve performance for read-only mounts, but
1019 should only be used only if the data on the server changes
1020 rarely. The &man.mount.nfs.8; utility now also supports
1021 this flag keyword.</para>
1023 <para revision="225537">A &man.loader.8; tunable
1024 <varname>vfs.typenumhash</varname> has been added and set to
1025 <literal>1</literal> by default. This enables to use a hash
1026 calculation on the file system identification number internally
1027 used in the kernel. This fixes the <quote>Stale NFS file
1028 handle</quote> error on NFS clients when upgrading or
1029 rebuilding the kernel on the NFS server due to unexpected
1030 change of these identification number values.</para>
1032 <para revision="219089">The &os; ZFS subsystem has been
1033 updated to the SPA (Storage Pool Allocator, also known as
1034 zpool) version 28. It now supports data deduplication,
1035 triple parity RAIDZ (raidz3), snapshot holds, log device
1036 removal, zfs diff, zpool split, zpool import
1037 <option>-F</option>, and read-only zpool import.</para>
1041 <sect2 id="userland">
1042 <title>Userland Changes</title>
1044 <para revision="219359,219571">Complex exponential functions
1045 &man.cexp.3; and &man.cexpf.3;, and cube root function
1046 &man.cbrtl.3; have been added to
1047 <application>libm</application>.</para>
1049 <para revision="224152,224153,224154">The &man.bsdtar.1; and
1050 &man.cpio.1; utilities are now based on
1051 <application>libarchive</application> version 2.8.4.</para>
1053 <para revision="217416">The &man.cpuset.1; utility now supports
1054 a <option>-C</option> flag to create a new cpuset and assign
1055 an existing process into that set, and an
1056 <literal>all</literal> keyword in the <option>-l
1057 <replaceable>cpu-list</replaceable></option> option to specify
1058 all CPUs in the system.</para>
1060 <para revision="219739">The &man.dhclient.8; utility now uses
1061 &man.resolvconf.8; to manage the &man.resolv.conf.5; file by
1062 default. A <varname>resolvconf_enable</varname> variable in
1063 <filename>/etc/dhclient-enter-hooks</filename> controls the
1066 <para revision="217505">A bug in the &man.fetch.1; utility which
1067 could prevent the <command>STAT</command> FTP command from working
1068 properly has been fixed.</para>
1070 <para revision="219415">The &man.gpart.8; utility now supports a
1071 <option>-p</option> flag to the <command>show</command>
1072 subcommand. This allows showing providers' names of
1073 partitions instead of the partitions' indexes.</para>
1075 <para revision="218049">The &man.hastd.8; utility now drops
1076 <literal>root</literal> privileges of the worker processes to the
1077 <literal>hast</literal> user.</para>
1079 <para revision="219351">The &man.hastd.8; utility now supports a
1080 <literal>checksum</literal> keyword to specify the checksum
1081 algorithm in a <literal>resource</literal> section. As of
1082 &release.current;, <literal>none</literal>,
1083 <literal>sha256</literal>, and <literal>crc32</literal> are
1086 <para revision="219354">The &man.hastd.8; utility now supports a
1087 <literal>compression</literal> keyword to specify the compression
1088 algorithm in a <literal>resource</literal> section. As of
1089 &release.current;, <literal>none</literal>,
1090 <literal>hole</literal> and <literal>lzf</literal> are
1093 <para revision="219818">The &man.hastd.8; utility now supports a
1094 <literal>source</literal> keyword to specify the local address
1095 to bind to before connecting the remote &man.hastd.8
1098 <para revision="219019">An implementation of
1099 <function>iconv()</function> API libraries and utilities which
1100 are standardized in Single UNIX Specification has been
1101 imported. These are based on NetBSD's Citrus implementation.
1102 Note that these are not built nor installed by default. To
1103 build and install them, specify
1104 <literal>WITH_ICONV=yes</literal> in
1105 <filename>/etc/src.conf</filename> and rebuild the base system
1106 as described in the <ulink
1107 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html">&os;
1108 Handbook</ulink>.</para>
1110 <para revision="217013">The &man.ifconfig.8; utility now
1111 supports <literal>fdx</literal>, <literal>flow</literal>,
1112 <literal>hdx</literal>, and <literal>loop</literal> keywords
1113 as aliases of <literal>full-duplex</literal>,
1114 <literal>flowcontrol</literal>,
1115 <literal>half-duplex</literal>,
1116 and <literal>loopback</literal>, respectively.</para>
1118 <para revision="220370">A &man.readline.3; API set has been
1119 imported into <application>libedit</application>. This is
1120 based on NetBSD's implementation and BSD licensed utilities
1121 now use it instead of GNU
1122 <application>libreadline</application>.</para>
1124 <para revision="224762">The &man.makefs.8; utility now supports the
1125 ISO 9660 format.</para>
1127 <para revision="220496,220497"><application>libmd</application>
1128 and <application>libcrypt</application> now support the SHA-256
1129 and SHA-512 algorithms.</para>
1131 <para revision="217642">The &man.netstat.1; utility now does not
1132 expose the internal scope address representation used in the &os;
1133 kernel, which is derived from KAME IPv6 stack, in the results
1134 of <command>netstat -ani</command> and <command>netstat
1135 -nr</command>.</para>
1137 <para revision="218127">The &man.newsyslog.8; utility now
1138 supports &man.xz.1; compression. An <literal>X</literal> flag
1139 in the optional field has been added to specify the
1142 <para revision="219563">The &man.pam.group.8; module now
1143 supports <option>ruser</option> and <option>luser</option>
1144 options. The <option>ruser</option> make it accept or reject
1145 based on the supplicant's group membership and this is the
1146 default behavior. The <option>luser</option> checks the
1147 target user's group membership instead of the supplicant's
1148 one. If neither option was specified, &man.pam.group.8;
1149 assumes <option>ruser</option> and issues a warning.</para>
1151 <para revision="216823">A &man.poweroff.8; utility has been added.
1152 This is equivalent to:</para>
1154 <screen>&prompt.root; shutdown -p now</screen>
1156 <para revision="218397">The &man.ppp.8; utility now supports
1157 <command>iface name <replaceable>name</replaceable></command>
1158 and <command>iface description
1159 <replaceable>description</replaceable></command> commands.
1160 These have the same functionalities as the <literal>name</literal>
1161 and <literal>description</literal> subcommands of the
1162 &man.ifconfig.8; utility.</para>
1164 <para revision="219307,219713">The &man.ps.1; utility now
1165 supports an <option>-o class</option> option to display the login
1166 class information of each process, and <option>-o
1167 usertime</option> and <option>-o systime</option> options for
1168 accumulated system and user CPU time, respectively.</para>
1170 <para revision="222732">The &man.rtadvd.8; daemon now supports a
1171 <literal>noifprefix</literal> keyword to disable gathering
1172 on-link prefixes from interfaces when no
1173 <literal>addr</literal> keyword is specified. An entry in
1174 <filename>/etc/rtadvd.conf</filename> with
1175 <literal>noifprefix</literal> and no <literal>addr</literal>
1176 generates an RA message with no prefix information
1179 <para revision="222732,224006">The &man.rtsold.8; and
1180 &man.rtadvd.8; daemons now support the RDNSS and DNSSL options
1181 described in RFC 6106, <quote>IPv6 Router Advertisement
1182 Options for DNS Configuration</quote>. A &man.rtadvctl.8;
1183 utility to control the &man.rtadvd.8; daemon has been
1186 <para revision="216695">The &man.rtld.1; runtime linker now supports
1187 shared objects as filters in ELF shared libraries. Both
1188 standard and auxiliary filtering have been supported. The
1189 &man.rtld.1; linker's processing of a filter defers loading a
1190 filtee until a filter symbol is referenced unless the
1191 <varname>LD_LOADFLTR</varname> environment variable is defined
1192 or a <literal>-z loadfltr</literal> option was specified when
1193 the filter was created.</para>
1195 <para revision="217133">A race condition in the &man.sed.1;
1196 utility has been fixed. When an <option>-i</option> option is
1197 specified, there could be a short time window with no file
1198 with the original file name.</para>
1200 <para revision="216629">The &man.sh.1; program now supports
1201 <command>kill</command> as a built-in command. This allows
1202 specifying <literal>%<replaceable>job</replaceable></literal>
1203 which is equivalent to the corresponding process group. Note
1204 that this built-in command returns the exit status
1205 <literal>2</literal> instead of <literal>1</literal> if a
1206 fatal error occurs as other built-in commands do.</para>
1208 <para revision="217176,217472">A bug in the &man.sh.1; program has been
1209 fixed for POSIX conformance. It could return an incorrect exit
1210 status when an <command>exit</command> command with no
1211 parameter is specified in the <literal>EXIT trap</literal>
1212 handler, which is triggered when the shell terminates.
1213 In trap actions for other signals, an <command>exit</command>
1214 command with no parameter returns an exit status corresponding
1215 to the received signal.</para>
1217 <para revision="217557">A bug in the &man.sh.1; program has been
1218 fixed. When a foreground job exits on a signal, a message is
1219 printed to <filename>stdout</filename> about this. The buffer
1220 was not flushed after printing which could result in the message
1221 being written to the wrong file if the next command was a
1222 built-in and had <filename>stdout</filename> redirected.</para>
1224 <para revision="217461">The &man.sh.1; program now supports a
1225 <option>--</option> flag in <command>trap</command> command to
1226 stop the option processing.</para>
1228 <para revision="217206">The <literal>%builtin</literal> keyword
1229 support in the <varname>$PATH</varname> variable has been removed
1230 from the &man.sh.1; program. All built-in commands are always
1231 found before looking up directories in
1232 <varname>$PATH</varname>.</para>
1234 <para revision="218466">Arithmetic expression handling code in
1235 the &man.sh.1; program has been updated by importing code from
1236 <application>dash</application>. It now supports the conditional
1237 operator (<literal>?:</literal>) and a bug in evaluation of
1238 && and || around an arithmetic expression has been
1241 <para revision="224536">A bug in the &man.tftpd.8; daemon has
1242 been fixed. It had an interoperability issue when
1243 transferring a large file.</para>
1245 <para revision="202188">The &man.utmp.5; user accounting
1246 database has been replaced by &man.utmpx.3;. User accounting
1247 utilities will now use <filename>utmpx</filename> database
1248 files exclusively. The &man.wtmpcvt.1; utility can be used to
1249 convert <filename>wtmp</filename> files to the new format,
1250 making it possible to read them using the updated
1253 <para revision="218847">A &man.utxrm.8; utility has been added.
1254 This allows one to remove an entry from the
1255 <filename>utmpx</filename> database by hand. This is useful
1256 when a login daemon crashes or fails to remove the entry
1257 during shutdown.</para>
1259 <para revision="224171">The &man.zpool.8: utility now supports a
1260 <command>zpool labelclear</command> command. This allows to
1261 wipe the label data from a drive that is not active in a
1265 <sect2 id="contrib">
1266 <title>Contributed Software</title>
1268 <para revision="222544"><literal>ACPI CA</literal> has been
1269 updated to version 20110527.</para>
1271 <para revision="224731">The <application>awk</application> has
1272 been updated to the 7 August 2011 release.</para>
1274 <para revision="228189"><application>ISC BIND</application> has
1275 been updated to version 9.8.1-P1.</para>
1277 <para revision="218822"><application>GNU binutils</application>
1278 has been updated to 2.17.50 (as of 3 July 2007), which is the
1279 last available version under GPLv2.</para>
1281 <para revision="222656">The
1282 <application>compiler-rt</application> library, which provides
1283 low-level target-specific interfaces such as functions in
1284 <application>libgcc</application>, has been imported.</para>
1286 <para revision="224014"><literal>dialog</literal> has been
1287 updated to version 1.1-20110707.</para>
1289 <para revision="221793">The <literal>netcat</literal> utility
1290 has been updated to version 4.9.</para>
1292 <para revision="223328">The <application>tnftp</application> (formerly
1293 known as <application>lukemftp</application>) has been updated
1294 to tnftp-20100108.</para>
1296 <para revision="220150"><application>GNU GCC</application> and
1297 <application>libstdc++</application> have been updated to rev
1298 127959 of <literal>gcc-4_2-branch</literal> (the last
1299 GPLv2-licensed version).</para>
1301 <para revision="219557"><application>gdtoa</application>, a set
1302 of binary from/to decimal number conversion routines used in
1303 &os;'s <application>libc</application> library has been updated
1304 to a snapshot as of 4 March, 2011.</para>
1306 <para revision="222906">The <application>LESS</application>
1307 program has been updated to version v444.</para>
1309 <para revision="208954">The <application>LLVM</application>
1310 compiler infrastructure and
1311 <application>clang</application>, a C language family
1312 front-end, version 3.0 have been imported. Note that it is not
1313 used for building the &os; base system by default. In the &os; build
1314 infrastructure, the &man.clang.1;, &man.clang...1;, and
1315 &man.clang-cpp.1; utilities can be used in
1316 <varname>CC</varname>, <varname>CXX</varname>, and
1317 <varname>CPP</varname> &man.make.1; variables,
1318 respectively.</para>
1320 <para revision="219734"><application>Openresolv</application>
1321 version 3.4.4 has been imported. The &man.resolvconf.8;
1322 utility now manages the &man.resolv.conf.5; file.</para>
1324 <para revision="221484,224638">The
1325 <application>OpenSSH</application> utility has been updated to
1326 5.8p2, and optimization for large bandwidth-delay product
1327 connection and <literal>none</literal> cipher support have
1330 <para revision="223637">The <application>pf</application> packet
1331 filter has been updated to version 4.5.</para>
1333 <para revision="223067"><application>sendmail</application>
1334 has been updated to version 8.14.5.</para>
1336 <para revision="226750">The <application>timezone</application>
1337 database has been updated to the
1338 <application>tzdata2011m</application> release.</para>
1340 <para revision="217698">The &man.unifdef.1; utility has been updated
1341 to version 2.5.6.</para>
1343 <para revision="223935">The <application>xz</application>
1344 program has been updated from 5.0.0 to a snapshot as of 11
1349 <title>Release Engineering and Integration</title>
1351 <para revision="218799">A new installer &man.bsdinstall.8; has
1352 been added and integrated into installation ISO images. The
1353 &man.sysinstall.8; utility is also available for configuration
1354 after the installation.</para>
1356 <para>The supported version of
1357 the <application>KDE</application> desktop environment
1358 (<filename role="package">x11/kde4</filename>) has been
1359 updated from 4.5.5 to 4.7.3.</para>
1363 <sect1 id="upgrade">
1364 <title>Upgrading from previous releases of &os;</title>
1367 <title>Upgrading using freebsd-update(8) or a source-based
1370 <para arch="amd64,i386">Beginning with &os; 6.2-RELEASE,
1371 binary upgrades between RELEASE versions (and snapshots of the
1372 various security branches) are supported using the
1373 &man.freebsd-update.8; utility. The binary upgrade procedure will
1374 update unmodified userland utilities, as well as a unmodified GENERIC kernel
1375 distributed as a part of an official &os; release.
1376 The &man.freebsd-update.8; utility requires that the host being
1377 upgraded have Internet connectivity.</para>
1379 <para>Source-based upgrades (those based on recompiling the &os;
1380 base system from source code) from previous versions are
1381 supported, according to the instructions in
1382 <filename>/usr/src/UPDATING</filename>.</para>
1384 <para>For more specific information about upgrading
1385 instructions, see <ulink
1386 url="http://www.FreeBSD.org/releases/9.0R/installation.html"></ulink>.</para>
1389 <para>Upgrading &os; should, of course, only be attempted after
1390 backing up <emphasis>all</emphasis> data and configuration
1396 <title id="upgrade-pitfalls">User-visible incompatibilities</title>
1398 <para>This section describes notable incompatibilities which you
1399 might want to know before upgrading your system.
1400 <emphasis>Please read this section and the <ulink
1401 url="http://www.FreeBSD.org/releases/9.0R/errata.html">Errata
1402 document</ulink> carefully before submitting a problem report
1403 and/or posting a question to the FreeBSD mailing
1404 lists.</emphasis></para>
1407 <title>Update of <literal>dialog</literal></title>
1409 <para>The <literal>dialog</literal> library is used in &os;'s
1410 new installer and the &os; Ports Collection to display a dialog
1411 window and allow users to select various options. Note that
1412 it is updated in &release.current; and there are several
1413 differences in key operations which might confuse users
1414 who are familiar with releases prior to &release.current;.
1415 For example, pushing the enter key in a checklist window will
1416 no longer check an item. The new version
1417 consistently uses space bar for selecting an item and the
1418 enter key for OK/Cancel selection.</para>
1422 <title>Partition Metadata Integrity Check</title>
1424 <para>&os; now checks the integrity of partition metadata when
1425 a partition table is found on a disk though the GEOM
1426 <application>PART</application> subsystem. This detection
1427 is automatically performed when a disk device is ready.
1428 The GEOM <application>PART</application> class in the kernel
1429 verifies all generic partition parameters obtained from the
1430 disk metadata, and if some inconsistency is detected, the
1431 partition table will be rejected with the following
1432 diagnostic message:</para>
1434 <screen>GEOM_PART: Integrity check failed</screen>
1436 <para>This integrity check is enabled by default. On a system
1437 prior to &release.current;, the inconsistencies were
1438 silently ignored. Therefore, there is a possibility that this
1439 prevents a system from booting after upgrading it to
1440 &release.current;. More specifically, the kernel cannot
1441 mount the system partition at boot time in some
1444 <para>If this happens, a &man.loader.8; tunable
1445 <varname>kern.geom.part.check_integrity</varname> can be
1446 used as a workaround. Enter the following lines in the
1447 &man.loader.8; prompt at boot time:</para>
1449 <screen><userinput>set kern.geom.part.check_integrity="0"</userinput>
1450 <userinput>boot</userinput></screen>
1452 <para>These commands temporarily disable the integrity check.
1453 If it was the cause of the boot failure, the &os; kernel should detect the
1454 partitions as the prior release
1455 did, after entering the commands. This configuration can be added into
1456 <filename>/boot/loader.conf</filename> as follows:</para>
1458 <programlisting>kern.geom.part.check_integrity="0"</programlisting>
1460 <para>To check inconsistent metadata after booting on the
1461 system, use the &man.gpart.8; utility on the system. A
1462 corrupted entry will be displayed like the following:</para>
1464 <screen>&prompt.user; gpart show
1465 => 63 1953525104 mirror/gm0 MBR (931G) [CORRUPT]
1466 63 1953525105 1 freebsd [active] (931G)</screen>
1468 <para>For more information, see the &man.gpart.8; manual page.</para>
1472 <title>ATA/SATA subsystem now &man.cam.4;-based</title>
1474 <para>In &release.current;, the &os; ATA/SATA disk subsystem has
1475 been replaced with a new &man.cam.4;-based implementation.
1476 &man.cam.4; stands for Common Access Method, which is an
1477 implementation of an API set originally for SCSI-2 and
1478 standardized as "SCSI-2 Common Access Method Transport and
1479 SCSI Interface Module". &os; has used the &man.cam.4; subsystem
1480 to handle SCSI devices since 3.X.</para>
1482 <para>Although the new &man.cam.4;-based ATA/SATA subsystem
1483 provides various functionality which the old &man.ata.4; did
1484 not have, it also has some incompatibilities:</para>
1488 <para>An ATA/SATA disk is now recognized as a device node
1490 <devicename>ada<replaceable>0</replaceable></devicename>
1492 <devicename>ad<replaceable>0</replaceable></devicename>.
1493 Currently, a symbolic link
1494 <filename>/dev/ad<replaceable>0</replaceable></filename>
1495 is automatically generated for
1496 <filename>/dev/ada<replaceable>0</replaceable></filename>
1497 to keep backward compatibility. This symbolic link
1498 generation can be controlled by a
1499 <varname>kern.cam.ada.legacy_aliases</varname> (enabled
1500 by default). You might want to update
1501 <filename>/etc/fstab</filename> and/or consider using
1502 volume labels (see &man.glabel.8; for more details) for
1503 specifying each file system to be mounted.</para>
1507 <para>The &man.atacontrol.8; utility cannot be used for
1508 &man.cam.4;-based devices. The &man.camcontrol.8
1509 utility is a replacement.</para>
1513 <para>&man.ataraid.4; software RAID is now supported by the
1514 &man.graid.8; GEOM class. It generates a device node
1516 <filename>/dev/raid/r<replaceable>0</replaceable></filename>
1517 if you previously had
1518 <filename>/dev/ar<replaceable>0</replaceable></filename>.
1519 Note that this is not enabled by default. To enable it,
1520 enter the following line in the &man.loader.8; prompt:</para>
1522 <screen>set geom_raid_load="YES"
1525 <para>or add the following line to
1526 <filename>/boot/loader.conf</filename>:</para>
1528 <programlisting>geom_raid_load="YES"</programlisting>
1530 <para>and reboot the system. A symbolic link like
1531 <filename>/dev/ar<replaceable>0</replaceable></filename>
1532 will NOT be generated for
1533 <filename>/dev/raid/r<replaceable>0</replaceable></filename>.
1534 Therefore, if your system used
1535 <filename>/dev/ar<replaceable>0</replaceable></filename>
1536 as the root partition, mounting local file systems will
1537 fail because it is renamed to
1538 <filename>/dev/raid/r<replaceable>0</replaceable></filename>.
1539 You need to update <filename>/etc/fstab</filename>
1540 manually in that case.</para>
1544 <para>The &man.burncd.8; utility does not work with
1545 &man.cam.4;-based devices. Use the cdrecord(1) utility
1546 in <filename role="package">sysutils/cdrtools</filename>
1553 <title>Network Configuration Changes in
1554 <filename>/etc/rc.conf</filename></title>
1556 <para>Although variables in &man.rc.conf.5; are basically
1557 compatible with earlier releases, ones related to network
1558 configuration are changed because of reorganization of the
1559 &man.rc.8; scripts.</para>
1563 <para>An address configuration now always needs an address
1564 family keyword. For example, the following line</para>
1566 <programlisting>ifconfig_em0="192.168.2.1 netmask 255.255.255.0"</programlisting>
1568 <para>should be</para>
1570 <programlisting>ifconfig_em0="inet 192.168.2.1 netmask 255.255.255.0"</programlisting>
1572 <para>Although the old convention is still supported in
1573 the existing variables for backward compatibility, some
1574 new variables do not support it.</para>
1579 <varname>ifconfig_<replaceable>IF</replaceable>_alias<replaceable>0</replaceable></varname>
1580 variable now requires an address family keyword to
1581 support non-IPv4 address families. For instance,</para>
1583 <programlisting>ifconfig_em0_alias0="192.168.2.10 netmask 255.255.255.255"</programlisting>
1585 <para>should be</para>
1587 <programlisting>ifconfig_em0_alias0="inet 192.168.2.10 netmask 255.255.255.255"</programlisting>
1589 <para>Different address families can coexist like the
1592 <programlisting>ifconfig_em0_alias0="inet 192.168.2.10 netmask 255.255.255.255"
1593 ifconfig_em0_alias1="inet6 2001:db8:1::1 prefixlen 64"</programlisting>
1595 <para>Note that IPv6 alias configurations in
1596 <varname>ifconfig_<replaceable>IF</replaceable>_alias<replaceable>N</replaceable></varname>
1597 will be ignored when no
1598 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>
1599 variable is defined because it determines whether IPv6
1600 functionality is enabled on that interface or not (this
1601 variable will be explained later).</para>
1605 <para>All alias and static routing configurations
1606 through &man.rc.conf.5; variables will be deactivated when
1607 invoking &man.rc.8; scripts or the &man.service.8; command
1608 with the <literal>stop</literal> keyword.</para>
1610 <screen>&prompt.root; service netif stop em0</screen>
1612 <para>stops the interface <literal>em0</literal>.</para>
1614 <screen>&prompt.root; service routing stop</screen>
1616 <para>deactivates all static route configurations.</para>
1618 <para>Releases prior to &os; &release.current; did not
1619 support this functionality properly for non-IPv4
1624 <para>IPv6 configuration handling has been changed in the
1625 following way. Before in-depth explanations, here is a
1626 before-and-after example. What was previously:</para>
1628 <programlisting>ifconfig_em0="192.168.2.1 netmask 255.255.255.0"
1629 ifconfig_em0_alias0="192.168.2.2 netmask 255.255.255.255"
1632 ipv6_ifconfig_em0="2001:db8:1::1 prefixlen 64"
1633 ipv6_ifconfig_em0_alias0="2001:db8:2::1 prefixlen 64"
1634 # em1 uses SLAAC for IPv6 address configuration</programlisting>
1636 <para>should be in &release.current;:</para>
1638 <programlisting>ifconfig_em0="inet 192.168.2.1 netmask 255.255.255.0"
1639 ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64 accept_rtadv"
1640 ifconfig_em0_alias0="inet 192.168.2.2 netmask 255.255.255.255"
1641 ifconfig_em0_alias1="inet6 2001:db8:2::1 prefixlen 64"
1643 ifconfig_em1_ipv6="inet6 accept_rtadv"</programlisting>
1645 <para>More specific explanations of the changes are as
1650 <para>The <varname>ipv6_enable</varname> variable is
1651 deprecated. IPv6 functionality on the system is
1652 enabled by default. No IPv6 communication will
1653 happen if you configure no IPv6 address.</para>
1655 <para>&release.current; now supports intermediate
1656 configurations between a host and a router IPv6
1657 node. The <varname>ipv6_enable</varname> variable
1658 assumed that the system was a host node when
1659 <varname>ipv6_gateway_enable</varname> was set to
1660 <literal>NO</literal> (default), and a router node
1661 if not. A host node always accepted ICMPv6 Router
1662 Advertise messages, and a router did not.</para>
1664 <para>In &release.current;, this model is still
1665 applied but on a per-interface basis, not a
1666 system-wide basis. Specifically, if an interface has
1667 an <literal>ACCEPT_RTADV</literal> flag, RA messages
1668 will be accepted on that interface for SLAAC
1669 (StateLess Address AutoConfiguration) regardless of
1670 whether the packet forwarding is enabled or
1673 <para>In addition to them, a per-interface flag
1674 <literal>NO_RADR</literal> and a &man.sysctl.8;
1675 variable <varname>net.inet6.ip6.rfc6204w3</varname>
1676 have been added. This controls whether default
1677 router list information via RA messages on an
1678 RA-accepting interface should be ignored or not. In
1679 an IPv6 router model, it is not supposed to accept
1680 RA messages as an information source for the default
1681 router list. Because of that, &os; &release.current;
1682 ignores the default router list part when IPv6
1683 packet forwarding is enabled, even if the interface
1684 has an <literal>ACCEPT_RTADV</literal> flag. However,
1685 this can make for a difficult situation when the system
1686 has to work as a CPE (Customer Premises Equipment)
1687 which needs RA messages from the upstream network
1688 for network configuration and acts as a router for
1689 the LAN simultaneously. For more information about
1690 this kind of configuration, see RFC 6204.</para>
1692 <para>To support this kind of configuration, the
1693 <varname>ipv6_cpe_wanif</varname> variable in
1694 &man.rc.conf.5; can be used.</para>
1696 <programlisting>ipv6_gateway_enable="YES"
1697 ipv6_cpe_wanif="em0"</programlisting>
1699 <para>means the <literal>em0</literal> interface
1700 accepts RA messages and the default router
1701 information in them, and the other interfaces ignore
1702 the default router information part even when
1703 the <literal>ACCEPT_RTADV</literal> flag is set on
1706 <para><varname>ipv6_cpe_wanif</varname> handling internally
1707 sets the <varname>net.inet6.ip6.rfc6204w3</varname>
1708 and the <varname>net.inet6.ip6.no_radr</varname>
1709 &man.sysctl.8; variables to <literal>1</literal>.
1710 Note that both are set to <literal>0</literal> by
1711 default. When the former is set to
1712 <literal>1</literal>, &os; accepts the default
1713 router list even when IPv6 packet forwarding is
1714 enabled. Note that a system administrator needs to
1715 set a <literal>NO_RADR</literal> flag on the other
1716 RA-accepting interfaces, if any, to prevent it from
1717 accepting unexpected default router information.
1718 The latter variable means the <literal>NO_RADR</literal> flag is automatically
1721 <para>If <literal>ipv6_enable="YES"</literal> is
1722 defined in &os; &release.current;, it sets
1723 <literal>ipv6_activate_all_interfaces="YES"</literal>
1724 in <filename>/etc/rc.conf</filename> and the
1725 <literal>inet6 accept_rtadv</literal>
1726 &man.ifconfig.8; option on all network interfaces.
1727 Note that this is only for backward compatibility.
1728 The <varname>ipv6_enable</varname> should not be
1729 used in &os; &release.current;.</para>
1734 <varname>ipv6_ifconfig_<replaceable>IF</replaceable></varname>
1735 variable is renamed to
1736 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>.
1737 This variable controls whether IPv6 functionality
1738 should be enabled on that interface or not. If
1739 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>,
1740 is not set, there is no IPv6 functionality on the interface
1741 <replaceable>IF</replaceable>.</para>
1744 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> variable
1745 always needs the address family keyword
1746 <literal>inet6</literal>. If you need an automatic
1747 link-local address only, the following line is enough:</para>
1749 <programlisting>ifconfig_em0_ipv6="inet6 auto_linklocal"</programlisting>
1751 <para>If you need full-blown IPv6 functionality on all
1752 interfaces like prior releases with
1753 <literal>ipv6_enable="YES"</literal>, including ones
1755 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6
1756 line</varname>, you might want to use the
1757 <varname>ipv6_activate_all_interfaces</varname>
1758 variable as explained later.</para>
1760 <para>If <literal>ipv6_ifconfig_<replaceable>IF</replaceable>="..."</literal> is
1761 defined in &os; &release.current;, it means
1762 <literal>ifconfig_<replaceable>IF</replaceable>_ipv6="inet6 ..."</literal>.
1763 Note that this is only for backward compatibility.
1764 The <literal>inet6</literal> address family keyword
1765 is required for <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname>,
1766 but was NOT required for
1767 <varname>ipv6_ifconfig_<replaceable>IF</replaceable></varname>. The
1768 <varname>ipv6_ifconfig_<replaceable>IF</replaceable></varname> variables should not be
1769 used in &release.current;.</para>
1773 <para>An interface with no corresponding
1774 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> variable is
1775 marked with an <literal>IFDISABLED</literal> flag by
1776 &man.devd.8; daemon. This flag means IPv6
1777 communication is disabled on that interface. This
1778 can also be found in output of
1779 &man.ifconfig.8;:</para>
1781 <screen>&prompt.user; ifconfig em0
1782 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
1783 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
1784 ether xx:xx:xx:xx:xx:xx
1785 inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
1786 nd6 options=3<PERFORMNUD,IFDISABLED,ACCEPT_RTADV>
1787 media: Ethernet autoselect (1000baseT <full-duplex>)
1791 <para>To enable IPv6 functionality, this flag should
1792 be removed first. There are several ways to do so.
1793 Adding an IPv6 address automatically removes this
1794 flag. It is possible to remove this flag explicitly
1795 by using the following command:</para>
1797 <screen>&prompt.root; ifconfig em0 inet6 -ifdisabled</screen>
1799 <para>Note that defining an
1800 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> is the most
1801 reasonable way to activate IPv6 functionality on
1802 that interface. This <literal>IFDISABLED</literal>
1803 flag is to prevent unintended IPv6 communications
1804 in an IPv4-only environment even when the interface
1805 has an IPv6 link-local address. If you need
1806 full-blown IPv6 functionality on all interfaces, you
1807 might want to use the
1808 <varname>ipv6_activate_all_interfaces</varname>
1809 variable as explained later.</para>
1813 <para>The &man.sysctl.8; variable
1814 <varname>net.inet6.ip6.accept_rtadv</varname> has
1815 been changed. It was a system-wide configuration
1816 knob which controlled whether the system accepts ICMPv6
1817 Router Advertisement messages or not. In
1818 &os; &release.current;, this knob is converted into a
1819 per-interface <literal>inet6 accept_rtadv</literal>
1820 &man.ifconfig.8; option. Although the
1821 &man.sysctl.8; variable is available still in
1822 &os; &release.current;, it now controls whether the
1823 per-interface option is set by default or not. The
1824 default value is <literal>0</literal> (not accept
1825 the RA messages).</para>
1829 <para>The &man.sysctl.8; variable
1830 <varname>net.inet6.ip6.auto_linklocal</varname> has
1831 been changed. It was a system-wide configuration
1832 knob which controlled whether an IPv6 link-local address
1833 was generated on a network interface when it became
1834 up. In &os; &release.current;, this knob is converted
1835 into a per-interface <literal>inet6
1836 auto_linklocal</literal> &man.ifconfig.8; option.
1837 Although the &man.sysctl.8; variable is still available
1838 in &os; &release.current;, it now controls whether the
1839 per-interface option is set by default or not. The
1840 default value is <literal>1</literal> (generate a
1841 link-local automatically).</para>
1845 <para>The functionality of
1846 <varname>ipv6_ifconfig_<replaceable>IF</replaceable>_alias<replaceable>0</replaceable></varname>
1848 <varname>ifconfig_<replaceable>IF</replaceable>_alias<replaceable>0</replaceable></varname>.
1849 Note that address family keywords are always required:</para>
1851 <programlisting>ifconfig_em0_alias0="inet 192.168.2.10 netmask 255.255.255.255"
1852 ifconfig_em0_alias1="inet6 2001:db8:1::1 prefixlen 64</programlisting>
1855 <varname>ipv6_ifconfig_<replaceable>IF</replaceable>_alias<replaceable>N</replaceable></varname>
1856 is still usable in &os; &release.current;, it is only for
1857 backward compatibility.</para>
1862 <varname>ipv6_activate_all_interfaces</varname> variable
1863 has been added. If this variable is set to
1864 <literal>YES</literal>, the <literal>IFDISABLED</literal>
1865 option will not be added even if
1866 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> variables are not
1867 defined. This can prevent <literal>IFDISABLED</literal>
1868 on dynamically-added interfaces such as &man.ppp.4;,
1869 &man.tap.4;, and &man.ng.iface.4; where defining
1870 <varname>ifconfig_<replaceable>IF</replaceable>_ipv6</varname> in advance is
1879 <title>Openresolv and <filename>/etc/resolv.conf</filename></title>
1881 <para>The &man.resolvconf.8; utility has been added and it now
1882 handles updating the &man.resolv.conf.5; file. Direct
1883 modifications to <filename>/etc/resolv.conf</filename> can
1884 be overwritten by network configuration utilities such as
1885 &man.dhclient.8; and &man.rtsold.8;.</para>
1889 <title>Disk Partition Management Utilities</title>
1891 <para>In earlier releases various utilities were available to
1892 manage disk partition information. They are deprecated in
1893 favor of the &man.gpart.8; utility. Specifically, the
1894 &man.fdisk.8;, &man.disklabel.8; &man.bsdlabel.8;, and
1895 &man.sunlabel.8; utilities are no longer supported actively
1896 though these are still available for backward
1897 compatibility.</para>