1 Updating Information for FreeBSD current users.
3 This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>.
4 See end of file for further details. For commonly done items, please see the
5 COMMON ITEMS: section later in the file. These instructions assume that you
6 basically know what you are doing. If not, then please consult the FreeBSD
9 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
11 Items affecting the ports and packages system can be found in
12 /usr/ports/UPDATING. Please read that file before running portupgrade.
14 NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping
15 from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
16 the tip of head, and then rebuild without this option. The bootstrap process
17 from older version of current across the gcc/clang cutover is a bit fragile.
19 NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW:
20 FreeBSD 12.x has many debugging features turned on, in both the kernel
21 and userland. These features attempt to detect incorrect use of
22 system primitives, and encourage loud failure through extra sanity
23 checking and fail stop semantics. They also substantially impact
24 system performance. If you want to do performance measurement,
25 benchmarking, and optimization, you'll want to turn them off. This
26 includes various WITNESS- related kernel options, INVARIANTS, malloc
27 debugging flags in userland, and various verbose features in the
28 kernel. Many developers choose to disable these features on build
29 machines to maximize performance. (To completely disable malloc
30 debugging, define MALLOC_PRODUCTION in /etc/make.conf, or to merely
31 disable the most expensive debugging functionality run
32 "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
35 ****************************** SPECIAL WARNING: ******************************
37 Due to a bug in some versions of clang that's very hard to workaround in
38 the upgrade process, to upgrade to -current you must first upgrade
39 either stable/9 after r286035 or stable/10 after r286033 (including
40 10.3-RELEASE) or current after r286007 (including stable/11 and
41 11.0-RELEASE). These revisions post-date the 10.2 and 9.3 releases, so
42 you'll need to take the unusual step of upgrading to the tip of the
43 stable branch before moving to 11 or -current via a source upgrade.
44 stable/11 and 11.0-RELEASE have working newer compiler. This differs
45 from the historical situation where one could upgrade from anywhere on
46 the last couple of stable branches, so be careful.
48 If you're running a hybrid system on 9.x or 10.x with an updated clang
49 compiler or are using an supported external toolchain, the build system
50 will allow the upgrade. Otherwise it will print a reminder.
52 ****************************** SPECIAL WARNING: ******************************
55 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 5.0.0.
56 Please see the 20141231 entry below for information about prerequisites
57 and upgrading, if you are not already using clang 3.5.0 or higher.
60 The NATM framework including the en(4), fatm(4), hatm(4), and
61 patm(4) devices has been removed. Consumers should plan a
62 migration before the end-of-life date for FreeBSD 11.
65 GNU diff has been replaced by a BSD licensed diff. Some features of GNU
66 diff has not been implemented, if those are needed a newer version of
67 GNU diff is available via the diffutils package under the gdiff name.
70 As of r316810 for ipfilter, keep frags is no longer assumed when
71 keep state is specified in a rule. r316810 aligns ipfilter with
72 documentation in man pages separating keep frags from keep state.
73 This allows keep state to be specified without forcing keep frags
74 and allows keep frags to be specified independently of keep state.
75 To maintain previous behaviour, also specify keep frags with
76 keep state (as documented in ipf.conf.5).
79 arm64 builds now use the base system LLD 4.0.0 linker by default,
80 instead of requiring that the aarch64-binutils port or package be
81 installed. To continue using aarch64-binutils, set
82 CROSS_BINUTILS_PREFIX=/usr/local/aarch64-freebsd/bin .
85 The UDP optimization in entry 20160818 that added the sysctl
86 net.inet.udp.require_l2_bcast has been reverted. L2 broadcast
87 packets will no longer be treated as L3 broadcast packets.
90 Binds and sends to the loopback addresses, IPv6 and IPv4, will now
91 use any explicitly assigned loopback address available in the jail
92 instead of using the first assigned address of the jail.
95 The ctl.ko module no longer implements the iSCSI target frontend:
96 cfiscsi.ko does instead.
98 If building cfiscsi.ko as a kernel module, the module can be loaded
99 via one of the following methods:
100 - `cfiscsi_load="YES"` in loader.conf(5).
101 - Add `cfiscsi` to `$kld_list` in rc.conf(5).
102 - ctladm(8)/ctld(8), when compiled with iSCSI support
103 (`WITH_ISCSI=yes` in src.conf(5))
105 Please see cfiscsi(4) for more details.
108 The mmcsd.ko module now additionally depends on geom_flashmap.ko.
109 Also, mmc.ko and mmcsd.ko need to be a matching pair built from the
110 same source (previously, the dependency of mmcsd.ko on mmc.ko was
111 missing, but mmcsd.ko now will refuse to load if it is incompatible
115 The syntax of ipfw(8) named states was changed to avoid ambiguity.
116 If you have used named states in the firewall rules, you need to modify
117 them after installworld and before rebooting. Now named states must
118 be prefixed with colon.
121 The old drm (sys/dev/drm/) drivers for i915 and radeon have been
122 removed as the userland we provide cannot use them. The KMS version
123 (sys/dev/drm2) supports the same hardware.
126 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 4.0.0.
127 Please see the 20141231 entry below for information about prerequisites
128 and upgrading, if you are not already using clang 3.5.0 or higher.
131 The code that provides support for ZFS .zfs/ directory functionality
132 has been reimplemented. It's not possible now to create a snapshot
133 by mkdir under .zfs/snapshot/. That should be the only user visible
137 EISA bus support has been removed. The WITH_EISA option is no longer
141 MCA bus support has been removed.
144 The WITH_LLD_AS_LD / WITHOUT_LLD_AS_LD build knobs have been renamed
145 WITH_LLD_IS_LD / WITHOUT_LLD_IS_LD, for consistency with CLANG_IS_CC.
148 The EM_MULTIQUEUE kernel configuration option is deprecated now that
149 the em(4) driver conforms to iflib specifications.
152 The igb(4), em(4) and lem(4) ethernet drivers are now implemented via
153 IFLIB. If you have a custom kernel configuration that excludes em(4)
154 but you use igb(4), you need to re-add em(4) to your custom configuration.
157 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.1.
158 Please see the 20141231 entry below for information about prerequisites
159 and upgrading, if you are not already using clang 3.5.0 or higher.
162 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.0.
163 Please see the 20141231 entry below for information about prerequisites
164 and upgrading, if you are not already using clang 3.5.0 or higher.
167 The layout of the pmap structure has changed for powerpc to put the pmap
168 statistics at the front for all CPU variations. libkvm(3) and all tools
169 that link against it need to be recompiled.
172 isl(4) and cyapa(4) drivers now require a new driver,
173 chromebook_platform(4), to work properly on Chromebook-class hardware.
174 On other types of hardware the drivers may need to be configured using
175 device hints. Please see the corresponding manual pages for details.
178 The urtwn(4) driver was merged into rtwn(4) and now consists of
179 rtwn(4) main module + rtwn_usb(4) and rtwn_pci(4) bus-specific
181 Also, firmware for RTL8188CE was renamed due to possible name
182 conflict (rtwnrtl8192cU(B) -> rtwnrtl8192cE(B))
185 GNU rcs has been removed from base. It is available as packages:
186 - rcs: Latest GPLv3 GNU rcs version.
187 - rcs57: Copy of the latest version of GNU rcs (GPLv2) before it was
191 Use of the cc_cdg, cc_chd, cc_hd, or cc_vegas congestion control
192 modules now requires that the kernel configuration contain the
193 TCP_HHOOK option. (This option is included in the GENERIC kernel.)
196 The WITHOUT_ELFCOPY_AS_OBJCOPY src.conf(5) knob has been retired.
197 ELF Tool Chain's elfcopy is always installed as /usr/bin/objcopy.
200 Relocatable object files with the extension of .So have been renamed
201 to use an extension of .pico instead. The purpose of this change is
202 to avoid a name clash with shared libraries on case-insensitive file
203 systems. On those file systems, foo.So is the same file as foo.so.
206 GNU rcs has been turned off by default. It can (temporarily) be built
207 again by adding WITH_RCS knob in src.conf.
208 Otherwise, GNU rcs is available from packages:
209 - rcs: Latest GPLv3 GNU rcs version.
210 - rcs57: Copy of the latest version of GNU rcs (GPLv2) from base.
213 The backup_uses_rcs functionality has been removed from rc.subr.
216 The queue(3) debugging macro, QUEUE_MACRO_DEBUG, has been split into
217 two separate components, QUEUE_MACRO_DEBUG_TRACE and
218 QUEUE_MACRO_DEBUG_TRASH. Define both for the original
219 QUEUE_MACRO_DEBUG behavior.
222 r304787 changed some ioctl interfaces between the iSCSI userspace
223 programs and the kernel. ctladm, ctld, iscsictl, and iscsid must be
224 rebuilt to work with new kernels. __FreeBSD_version has been bumped
228 The UDP receive code has been updated to only treat incoming UDP
229 packets that were addressed to an L2 broadcast address as L3
230 broadcast packets. It is not expected that this will affect any
231 standards-conforming UDP application. The new behaviour can be
232 disabled by setting the sysctl net.inet.udp.require_l2_bcast to
236 Remove the openbsd_poll system call.
237 __FreeBSD_version has been bumped because of this.
240 The libc stub for the pipe(2) system call has been replaced with
241 a wrapper that calls the pipe2(2) system call and the pipe(2)
242 system call is now only implemented by the kernels that include
243 "options COMPAT_FREEBSD10" in their config file (this is the
244 default). Users should ensure that this option is enabled in
245 their kernel or upgrade userspace to r302092 before upgrading their
249 CAM will now strip leading spaces from SCSI disks' serial numbers.
250 This will affect users who create UFS filesystems on SCSI disks using
251 those disk's diskid device nodes. For example, if /etc/fstab
252 previously contained a line like
253 "/dev/diskid/DISK-%20%20%20%20%20%20%20ABCDEFG0123456", you should
254 change it to "/dev/diskid/DISK-ABCDEFG0123456". Users of geom
255 transforms like gmirror may also be affected. ZFS users should
259 The bitstring(3) API has been updated with new functionality and
260 improved performance. But it is binary-incompatible with the old API.
261 Objects built with the new headers may not be linked against objects
262 built with the old headers.
265 The brk and sbrk functions have been removed from libc on arm64.
266 Binutils from ports has been updated to not link to these
267 functions and should be updated to the latest version before
268 installing a new libc.
271 The armv6 port now defaults to hard float ABI. Limited support
272 for running both hardfloat and soft float on the same system
273 is available using the libraries installed with -DWITH_LIBSOFT.
274 This has only been tested as an upgrade path for installworld
275 and packages may fail or need manual intervention to run. New
276 packages will be needed.
278 To update an existing self-hosted armv6hf system, you must add
279 TARGET_ARCH=armv6 on the make command line for both the build
280 and the install steps.
283 Kernel modules compiled outside of a kernel build now default to
284 installing to /boot/modules instead of /boot/kernel. Many kernel
285 modules built this way (such as those in ports) already overrode
286 KMODDIR explicitly to install into /boot/modules. However,
287 manually building and installing a module from /sys/modules will
288 now install to /boot/modules instead of /boot/kernel.
291 The CAM I/O scheduler has been committed to the kernel. There should be
292 no user visible impact. This does enable NCQ Trim on ada SSDs. While the
293 list of known rogues that claim support for this but actually corrupt
294 data is believed to be complete, be on the lookout for data
295 corruption. The known rogue list is believed to be complete:
297 o Crucial MX100, M550 drives with MU01 firmware.
298 o Micron M510 and M550 drives with MU01 firmware.
299 o Micron M500 prior to MU07 firmware
300 o Samsung 830, 840, and 850 all firmwares
301 o FCCT M500 all firmwares
303 Crucial has firmware http://www.crucial.com/usa/en/support-ssd-firmware
304 with working NCQ TRIM. For Micron branded drives, see your sales rep for
305 updated firmware. Black listed drives will work correctly because these
306 drives work correctly so long as no NCQ TRIMs are sent to them. Given
307 this list is the same as found in Linux, it's believed there are no
308 other rogues in the market place. All other models from the above
311 To be safe, if you are at all concerned, you can quirk each of your
312 drives to prevent NCQ from being sent by setting:
313 kern.cam.ada.X.quirks="0x2"
314 in loader.conf. If the drive requires the 4k sector quirk, set the
318 The FAST_DEPEND build option has been removed and its functionality is
319 now the one true way. The old mkdep(1) style of 'make depend' has
320 been removed. See 20160311 for further details.
323 Resource range types have grown from unsigned long to uintmax_t. All
324 drivers, and anything using libdevinfo, need to be recompiled.
327 WITH_FAST_DEPEND is now enabled by default for in-tree and out-of-tree
328 builds. It no longer runs mkdep(1) during 'make depend', and the
329 'make depend' stage can safely be skipped now as it is auto ran
330 when building 'make all' and will generate all SRCS and DPSRCS before
331 building anything else. Dependencies are gathered at compile time with
332 -MF flags kept in separate .depend files per object file. Users should
333 run 'make cleandepend' once if using -DNO_CLEAN to clean out older
337 On amd64, clang 3.8.0 can now insert sections of type AMD64_UNWIND into
338 kernel modules. Therefore, if you load any kernel modules at boot time,
339 please install the boot loaders after you install the kernel, but before
343 make kernel KERNCONF=YOUR_KERNEL_HERE
344 make -C sys/boot install
345 <reboot in single user>
347 Then follow the usual steps, described in the General Notes section,
351 Clang, llvm, lldb and compiler-rt have been upgraded to 3.8.0. Please
352 see the 20141231 entry below for information about prerequisites and
353 upgrading, if you are not already using clang 3.5.0 or higher.
356 The AIO subsystem is now a standard part of the kernel. The
357 VFS_AIO kernel option and aio.ko kernel module have been removed.
358 Due to stability concerns, asynchronous I/O requests are only
359 permitted on sockets and raw disks by default. To enable
360 asynchronous I/O requests on all file types, set the
361 vfs.aio.enable_unsafe sysctl to a non-zero value.
364 The ELF object manipulation tool objcopy is now provided by the
365 ELF Tool Chain project rather than by GNU binutils. It should be a
366 drop-in replacement, with the addition of arm64 support. The
367 (temporary) src.conf knob WITHOUT_ELFCOPY_AS_OBJCOPY knob may be set
368 to obtain the GNU version if necessary.
371 Building ZFS pools on top of zvols is prohibited by default. That
372 feature has never worked safely; it's always been prone to deadlocks.
373 Using a zvol as the backing store for a VM guest's virtual disk will
374 still work, even if the guest is using ZFS. Legacy behavior can be
375 restored by setting vfs.zfs.vol.recursive=1.
378 The NONE and HPN patches has been removed from OpenSSH. They are
379 still available in the security/openssh-portable port.
382 With the addition of ypldap(8), a new _ypldap user is now required
383 during installworld. "mergemaster -p" can be used to add the user
384 prior to installworld, as documented in the handbook.
387 The tftp loader (pxeboot) now uses the option root-path directive. As a
388 consequence it no longer looks for a pxeboot.4th file on the tftp
389 server. Instead it uses the regular /boot infrastructure as with the
393 The code to start recording plug and play data into the modules has
394 been committed. While the old tools will properly build a new kernel,
395 a number of warnings about "unknown metadata record 4" will be produced
396 for an older kldxref. To avoid such warnings, make sure to rebuild
397 the kernel toolchain (or world). Make sure that you have r292078 or
398 later when trying to build 292077 or later before rebuilding.
401 Debug data files are now built by default with 'make buildworld' and
402 installed with 'make installworld'. This facilitates debugging but
403 requires more disk space both during the build and for the installed
404 world. Debug files may be disabled by setting WITHOUT_DEBUG_FILES=yes
408 r291527 changed the internal interface between the nfsd.ko and
409 nfscommon.ko modules. As such, they must both be upgraded to-gether.
410 __FreeBSD_version has been bumped because of this.
413 Add support for unicode collation strings leads to a change of
414 order of files listed by ls(1) for example. To get back to the old
415 behaviour, set LC_COLLATE environment variable to "C".
417 Databases administrators will need to reindex their databases given
418 collation results will be different.
420 Due to a bug in install(1) it is recommended to remove the ancient
421 locales before running make installworld.
423 rm -rf /usr/share/locale/*
426 The OpenSSL has been upgraded to 1.0.2d. Any binaries requiring
427 libcrypto.so.7 or libssl.so.7 must be recompiled.
430 Qlogic 24xx/25xx firmware images were updated from 5.5.0 to 7.3.0.
431 Kernel modules isp_2400_multi and isp_2500_multi were removed and
432 should be replaced with isp_2400 and isp_2500 modules respectively.
435 The build previously allowed using 'make -n' to not recurse into
436 sub-directories while showing what commands would be executed, and
437 'make -n -n' to recursively show commands. Now 'make -n' will recurse
438 and 'make -N' will not.
441 If you specify SENDMAIL_MC or SENDMAIL_CF in make.conf, mergemaster
442 and etcupdate will now use this file. A custom sendmail.cf is now
443 updated via this mechanism rather than via installworld. If you had
444 excluded sendmail.cf in mergemaster.rc or etcupdate.conf, you may
445 want to remove the exclusion or change it to "always install".
446 /etc/mail/sendmail.cf is now managed the same way regardless of
447 whether SENDMAIL_MC/SENDMAIL_CF is used. If you are not using
448 SENDMAIL_MC/SENDMAIL_CF there should be no change in behavior.
451 Compatibility shims for legacy ATA device names have been removed.
452 It includes ATA_STATIC_ID kernel option, kern.cam.ada.legacy_aliases
453 and kern.geom.raid.legacy_aliases loader tunables, kern.devalias.*
454 environment variables, /dev/ad* and /dev/ar* symbolic links.
457 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.7.0.
458 Please see the 20141231 entry below for information about prerequisites
459 and upgrading, if you are not already using clang 3.5.0 or higher.
462 Kernel debug files have been moved to /usr/lib/debug/boot/kernel/,
463 and renamed from .symbols to .debug. This reduces the size requirements
464 on the boot partition or file system and provides consistency with
465 userland debug files.
467 When using the supported kernel installation method the
468 /usr/lib/debug/boot/kernel directory will be renamed (to kernel.old)
469 as is done with /boot/kernel.
471 Developers wishing to maintain the historical behavior of installing
472 debug files in /boot/kernel/ can set KERN_DEBUGDIR="" in src.conf(5).
475 The wireless drivers had undergone changes that remove the 'parent
476 interface' from the ifconfig -l output. The rc.d network scripts
477 used to check presence of a parent interface in the list, so old
478 scripts would fail to start wireless networking. Thus, etcupdate(3)
479 or mergemaster(8) run is required after kernel update, to update your
480 rc.d scripts in /etc.
483 pf no longer supports 'scrub fragment crop' or 'scrub fragment drop-ovl'
484 These configurations are now automatically interpreted as
485 'scrub fragment reassemble'.
488 Kernel-loadable modules for the random(4) device are back. To use
489 them, the kernel must have
492 options RANDOM_LOADABLE
494 kldload(8) can then be used to load random_fortuna.ko
495 or random_yarrow.ko. Please note that due to the indirect
496 function calls that the loadable modules need to provide,
497 the build-in variants will be slightly more efficient.
499 The random(4) kernel option RANDOM_DUMMY has been retired due to
500 unpopularity. It was not all that useful anyway.
503 The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired.
504 Control over building the ELF Tool Chain tools is now provided by
505 the WITHOUT_TOOLCHAIN knob.
508 The polarity of Pulse Per Second (PPS) capture events with the
509 uart(4) driver has been corrected. Prior to this change the PPS
510 "assert" event corresponded to the trailing edge of a positive PPS
511 pulse and the "clear" event was the leading edge of the next pulse.
513 As the width of a PPS pulse in a typical GPS receiver is on the
514 order of 1 millisecond, most users will not notice any significant
515 difference with this change.
517 Anyone who has compensated for the historical polarity reversal by
518 configuring a negative offset equal to the pulse width will need to
519 remove that workaround.
522 The default group assigned to /dev/dri entries has been changed
523 from 'wheel' to 'video' with the id of '44'. If you want to have
524 access to the dri devices please add yourself to the video group
527 # pw groupmod video -m $USER
530 The menu.rc and loader.rc files will now be replaced during
531 upgrades. Please migrate local changes to menu.rc.local and
532 loader.rc.local instead.
535 GNU Binutils versions of addr2line, c++filt, nm, readelf, size,
536 strings and strip have been removed. The src.conf(5) knob
537 WITHOUT_ELFTOOLCHAIN_TOOLS no longer provides the binutils tools.
540 As ZFS requires more kernel stack pages than is the default on some
541 architectures e.g. i386, it now warns if KSTACK_PAGES is less than
542 ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing).
544 Please consider using 'options KSTACK_PAGES=X' where X is greater
545 than or equal to ZFS_MIN_KSTACK_PAGES i.e. 4 in such configurations.
548 sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0
549 and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by
550 default, i.e., they will not contain "::". For example, instead
551 of ::1, it will be 0:0:0:0:0:0:0:1. This permits a zero subnet
552 to have a more specific match, such as different map entries for
553 IPv6:0:0 vs IPv6:0. This change requires that configuration
554 data (including maps, files, classes, custom ruleset, etc.) must
555 use the same format, so make certain such configuration data is
556 upgrading. As a very simple check search for patterns like
557 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old
558 behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or
559 the cf option UseCompressedIPv6Addresses.
562 The default kernel entropy-processing algorithm is now
563 Fortuna, replacing Yarrow.
565 Assuming you have 'device random' in your kernel config
566 file, the configurations allow a kernel option to override
567 this default. You may choose *ONE* of:
569 options RANDOM_YARROW # Legacy /dev/random algorithm.
570 options RANDOM_DUMMY # Blocking-only driver.
572 If you have neither, you get Fortuna. For most people,
573 read no further, Fortuna will give a /dev/random that works
574 like it always used to, and the difference will be irrelevant.
576 If you remove 'device random', you get *NO* kernel-processed
577 entropy at all. This may be acceptable to folks building
578 embedded systems, but has complications. Carry on reading,
579 and it is assumed you know what you need.
581 *PLEASE* read random(4) and random(9) if you are in the
582 habit of tweaking kernel configs, and/or if you are a member
583 of the embedded community, wanting specific and not-usual
584 behaviour from your security subsystems.
586 NOTE!! If you use RANDOM_DUMMY and/or have no 'device
587 random', you will NOT have a functioning /dev/random, and
588 many cryptographic features will not work, including SSH.
589 You may also find strange behaviour from the random(3) set
590 of library functions, in particular sranddev(3), srandomdev(3)
591 and arc4random(3). The reason for this is that the KERN_ARND
592 sysctl only returns entropy if it thinks it has some to
593 share, and with RANDOM_DUMMY or no 'device random' this
597 An additional fix for the issue described in the 20150614 sendmail
598 entry below has been been committed in revision 284717.
601 FreeBSD's old make (fmake) has been removed from the system. It is
602 available as the devel/fmake port or via pkg install fmake.
605 The fix for the issue described in the 20150614 sendmail entry
606 below has been been committed in revision 284436. The work
607 around described in that entry is no longer needed unless the
608 default setting is overridden by a confDH_PARAMETERS configuration
609 setting of '5' or pointing to a 512 bit DH parameter file.
612 ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from
613 atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf
614 and devel/kyua to version 0.20+ and adjust any calling code to work
615 with Kyuafile and kyua.
618 The import of openssl to address the FreeBSD-SA-15:10.openssl
619 security advisory includes a change which rejects handshakes
620 with DH parameters below 768 bits. sendmail releases prior
621 to 8.15.2 (not yet released), defaulted to a 512 bit
622 DH parameter setting for client connections. To work around
623 this interoperability, sendmail can be configured to use a
624 2048 bit DH parameter by:
626 1. Edit /etc/mail/`hostname`.mc
627 2. If a setting for confDH_PARAMETERS does not exist or
628 exists and is set to a string beginning with '5',
630 3. If a setting for confDH_PARAMETERS exists and is set to
631 a file path, create a new file with:
632 openssl dhparam -out /path/to/file 2048
633 4. Rebuild the .cf file:
634 cd /etc/mail/; make; make install
636 cd /etc/mail/; make restart
638 A sendmail patch is coming, at which time this file will be
642 Generation of legacy formatted entries have been disabled by default
643 in pwd_mkdb(8), as all base system consumers of the legacy formatted
644 entries were converted to use the new format by default when the new,
645 machine independent format have been added and supported since FreeBSD
648 Please see the pwd_mkdb(8) manual page for further details.
651 Clang and llvm have been upgraded to 3.6.1 release. Please see the
652 20141231 entry below for information about prerequisites and upgrading,
653 if you are not already using 3.5.0 or higher.
656 TI platform code switched to using vendor DTS files and this update
657 may break existing systems running on Beaglebone, Beaglebone Black,
660 - dtb files should be regenerated/reinstalled. Filenames are the
661 same but content is different now
662 - GPIO addressing was changed, now each GPIO bank (32 pins per bank)
663 has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old
664 addressing scheme is now pin 25 on /dev/gpioc3.
665 - Pandaboard: /etc/ttys should be updated, serial console device is
666 now /dev/ttyu2, not /dev/ttyu0
669 soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim.
670 If you need the GNU extension from groff soelim(1), install groff
671 from package: pkg install groff, or via ports: textproc/groff.
674 chmod, chflags, chown and chgrp now affect symlinks in -R mode as
675 defined in symlink(7); previously symlinks were silently ignored.
678 The const qualifier has been removed from iconv(3) to comply with
679 POSIX. The ports tree is aware of this from r384038 onwards.
682 Libraries specified by LIBADD in Makefiles must have a corresponding
683 DPADD_<lib> variable to ensure correct dependencies. This is now
684 enforced in src.libnames.mk.
687 From legacy ata(4) driver was removed support for SATA controllers
688 supported by more functional drivers ahci(4), siis(4) and mvs(4).
689 Kernel modules ataahci and ataadaptec were removed completely,
690 replaced by ahci and mvs modules respectively.
693 Clang, llvm and lldb have been upgraded to 3.6.0 release. Please see
694 the 20141231 entry below for information about prerequisites and
695 upgrading, if you are not already using 3.5.0 or higher.
698 The 32-bit PowerPC kernel has been changed to a position-independent
699 executable. This can only be booted with a version of loader(8)
700 newer than January 31, 2015, so make sure to update both world and
701 kernel before rebooting.
704 If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014),
705 but before r278950, the RNG was not seeded properly. Immediately
706 upgrade the kernel to r278950 or later and regenerate any keys (e.g.
707 ssh keys or openssl keys) that were generated w/ a kernel from that
708 range. This does not affect programs that directly used /dev/random
709 or /dev/urandom. All userland uses of arc4random(3) are affected.
712 The autofs(4) ABI was changed in order to restore binary compatibility
713 with 10.1-RELEASE. The automountd(8) daemon needs to be rebuilt to work
717 The powerpc64 kernel has been changed to a position-independent
718 executable. This can only be booted with a new version of loader(8),
719 so make sure to update both world and kernel before rebooting.
722 Clang and llvm have been upgraded to 3.5.1 release. This is a bugfix
723 only release, no new features have been added. Please see the 20141231
724 entry below for information about prerequisites and upgrading, if you
725 are not already using 3.5.0.
728 ELF tools addr2line, elfcopy (strip), nm, size, and strings are now
729 taken from the ELF Tool Chain project rather than GNU binutils. They
730 should be drop-in replacements, with the addition of arm64 support.
731 The WITHOUT_ELFTOOLCHAIN_TOOLS= knob may be used to obtain the
732 binutils tools, if necessary. See 20150805 for updated information.
735 The default Unbound configuration now enables remote control
736 using a local socket. Users who have already enabled the
737 local_unbound service should regenerate their configuration
738 by running "service local_unbound setup" as root.
741 The GNU texinfo and GNU info pages have been removed.
742 To be able to view GNU info pages please install texinfo from ports.
745 Clang, llvm and lldb have been upgraded to 3.5.0 release.
747 As of this release, a prerequisite for building clang, llvm and lldb is
748 a C++11 capable compiler and C++11 standard library. This means that to
749 be able to successfully build the cross-tools stage of buildworld, with
750 clang as the bootstrap compiler, your system compiler or cross compiler
751 should either be clang 3.3 or later, or gcc 4.8 or later, and your
752 system C++ library should be libc++, or libdstdc++ from gcc 4.8 or
755 On any standard FreeBSD 10.x or 11.x installation, where clang and
756 libc++ are on by default (that is, on x86 or arm), this should work out
759 On 9.x installations where clang is enabled by default, e.g. on x86 and
760 powerpc, libc++ will not be enabled by default, so libc++ should be
761 built (with clang) and installed first. If both clang and libc++ are
762 missing, build clang first, then use it to build libc++.
764 On 8.x and earlier installations, upgrade to 9.x first, and then follow
765 the instructions for 9.x above.
767 Sparc64 and mips users are unaffected, as they still use gcc 4.2.1 by
768 default, and do not build clang.
770 Many embedded systems are resource constrained, and will not be able to
771 build clang in a reasonable time, or in some cases at all. In those
772 cases, cross building bootable systems on amd64 is a workaround.
774 This new version of clang introduces a number of new warnings, of which
775 the following are most likely to appear:
779 This warns in two cases, for both C and C++:
780 * When the code is trying to take the absolute value of an unsigned
781 quantity, which is effectively a no-op, and almost never what was
782 intended. The code should be fixed, if at all possible. If you are
783 sure that the unsigned quantity can be safely cast to signed, without
784 loss of information or undefined behavior, you can add an explicit
785 cast, or disable the warning.
787 * When the code is trying to take an absolute value, but the called
788 abs() variant is for the wrong type, which can lead to truncation.
789 If you want to disable the warning instead of fixing the code, please
790 make sure that truncation will not occur, or it might lead to unwanted
793 -Wtautological-undefined-compare and
794 -Wundefined-bool-conversion
796 These warn when C++ code is trying to compare 'this' against NULL, while
797 'this' should never be NULL in well-defined C++ code. However, there is
798 some legacy (pre C++11) code out there, which actively abuses this
799 feature, which was less strictly defined in previous C++ versions.
801 Squid and openjdk do this, for example. The warning can be turned off
802 for C++98 and earlier, but compiling the code in C++11 mode might result
803 in unexpected behavior; for example, the parts of the program that are
804 unreachable could be optimized away.
807 The old NFS client and server (kernel options NFSCLIENT, NFSSERVER)
808 kernel sources have been removed. The .h files remain, since some
809 utilities include them. This will need to be fixed later.
810 If "mount -t oldnfs ..." is attempted, it will fail.
811 If the "-o" option on mountd(8), nfsd(8) or nfsstat(1) is used,
812 the utilities will report errors.
815 The handling of LOCAL_LIB_DIRS has been altered to skip addition of
816 directories to top level SUBDIR variable when their parent
817 directory is included in LOCAL_DIRS. Users with build systems with
818 such hierarchies and without SUBDIR entries in the parent
819 directory Makefiles should add them or add the directories to
823 faith(4) and faithd(8) have been removed from the base system. Faith
824 has been obsolete for a very long time.
827 vt(4), the new console driver, is enabled by default. It brings
828 support for Unicode and double-width characters, as well as
829 support for UEFI and integration with the KMS kernel video
832 You may need to update your console settings in /etc/rc.conf,
833 most probably the keymap. During boot, /etc/rc.d/syscons will
834 indicate what you need to do.
836 vt(4) still has issues and lacks some features compared to
837 syscons(4). See the wiki for up-to-date information:
838 https://wiki.freebsd.org/Newcons
840 If you want to keep using syscons(4), you can do so by adding
841 the following line to /boot/loader.conf:
845 pjdfstest has been integrated into kyua as an opt-in test suite.
846 Please see share/doc/pjdfstest/README for more details on how to
850 gperf has been removed from the base system for architectures
851 that use clang. Ports that require gperf will obtain it from the
855 pjdfstest has been moved from tools/regression/pjdfstest to
859 At svn r271982, The default linux compat kernel ABI has been adjusted
860 to 2.6.18 in support of the linux-c6 compat ports infrastructure
861 update. If you wish to continue using the linux-f10 compat ports,
862 add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are
863 encouraged to update their linux-compat packages to linux-c6 during
864 their next update cycle.
867 The ofwfb driver, used to provide a graphics console on PowerPC when
868 using vt(4), no longer allows mmap() of all physical memory. This
869 will prevent Xorg on PowerPC with some ATI graphics cards from
870 initializing properly unless x11-servers/xorg-server is updated to
874 The xdev targets have been converted to using TARGET and
875 TARGET_ARCH instead of XDEV and XDEV_ARCH.
878 The default unbound configuration has been modified to address
879 issues with reverse lookups on networks that use private
880 address ranges. If you use the local_unbound service, run
881 "service local_unbound setup" as root to regenerate your
882 configuration, then "service local_unbound reload" to load the
886 The GNU texinfo and GNU info pages are not built and installed
887 anymore, WITH_INFO knob has been added to allow to built and install
889 UPDATE: see 20150102 entry on texinfo's removal
892 The GNU readline library is now an INTERNALLIB - that is, it is
893 statically linked into consumers (GDB and variants) in the base
894 system, and the shared library is no longer installed. The
895 devel/readline port is available for third party software that
899 The Itanium architecture (ia64) has been removed from the list of
900 known architectures. This is the first step in the removal of the
904 Commit r268115 has added NFSv4.1 server support, merged from
905 projects/nfsv4.1-server. Since this includes changes to the
906 internal interfaces between the NFS related modules, a full
907 build of the kernel and modules will be necessary.
908 __FreeBSD_version has been bumped.
911 The WITHOUT_VT_SUPPORT kernel config knob has been renamed
912 WITHOUT_VT. (The other _SUPPORT knobs have a consistent meaning
913 which differs from the behaviour controlled by this knob.)
916 Maximal length of the serial number in CTL was increased from 16 to
917 64 chars, that breaks ABI. All CTL-related tools, such as ctladm
918 and ctld, need to be rebuilt to work with a new kernel.
921 The libatf-c and libatf-c++ major versions were downgraded to 0 and
922 1 respectively to match the upstream numbers. They were out of
923 sync because, when they were originally added to FreeBSD, the
924 upstream versions were not respected. These libraries are private
925 and not yet built by default, so renumbering them should be a
926 non-issue. However, unclean source trees will yield broken test
927 programs once the operator executes "make delete-old-libs" after a
930 Additionally, the atf-sh binary was made private by moving it into
931 /usr/libexec/. Already-built shell test programs will keep the
932 path to the old binary so they will break after "make delete-old"
935 If you are using WITH_TESTS=yes (not the default), wipe the object
936 tree and rebuild from scratch to prevent spurious test failures.
937 This is only needed once: the misnumbered libraries and misplaced
938 binaries have been added to OptionalObsoleteFiles.inc so they will
939 be removed during a clean upgrade.
942 Clang and llvm have been upgraded to 3.4.1 release.
945 We bogusly installed src.opts.mk in /usr/share/mk. This file should
946 be removed to avoid issues in the future (and has been added to
950 /etc/src.conf now affects only builds of the FreeBSD src tree. In the
951 past, it affected all builds that used the bsd.*.mk files. The old
952 behavior was a bug, but people may have relied upon it. To get this
953 behavior back, you can .include /etc/src.conf from /etc/make.conf
954 (which is still global and isn't changed). This also changes the
955 behavior of incremental builds inside the tree of individual
956 directories. Set MAKESYSPATH to ".../share/mk" to do that.
957 Although this has survived make universe and some upgrade scenarios,
958 other upgrade scenarios may have broken. At least one form of
959 temporary breakage was fixed with MAKESYSPATH settings for buildworld
960 as well... In cases where MAKESYSPATH isn't working with this
961 setting, you'll need to set it to the full path to your tree.
963 One side effect of all this cleaning up is that bsd.compiler.mk
964 is no longer implicitly included by bsd.own.mk. If you wish to
965 use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk
969 The lindev device has been removed since /dev/full has been made a
970 standard device. __FreeBSD_version has been bumped.
973 The knob WITHOUT_VI was added to the base system, which controls
974 building ex(1), vi(1), etc. Older releases of FreeBSD required ex(1)
975 in order to reorder files share/termcap and didn't build ex(1) as a
976 build tool, so building/installing with WITH_VI is highly advised for
977 build hosts for older releases.
979 This issue has been fixed in stable/9 and stable/10 in r277022 and
980 r276991, respectively.
983 The YES_HESIOD knob has been removed. It has been obsolete for
984 a decade. Please move to using WITH_HESIOD instead or your builds
985 will silently lack HESIOD.
988 The uart(4) driver has been changed with respect to its handling
989 of the low-level console. Previously the uart(4) driver prevented
990 any process from changing the baudrate or the CLOCAL and HUPCL
991 control flags. By removing the restrictions, operators can make
992 changes to the serial console port without having to reboot.
993 However, when getty(8) is started on the serial device that is
994 associated with the low-level console, a misconfigured terminal
995 line in /etc/ttys will now have a real impact.
996 Before upgrading the kernel, make sure that /etc/ttys has the
997 serial console device configured as 3wire without baudrate to
998 preserve the previous behaviour. E.g:
999 ttyu0 "/usr/libexec/getty 3wire" vt100 on secure
1002 Support for libwrap (TCP wrappers) in rpcbind was disabled by default
1003 to improve performance. To re-enable it, if needed, run rpcbind
1004 with command line option -W.
1007 Switched back to the GPL dtc compiler due to updates in the upstream
1008 dts files not being supported by the BSDL dtc compiler. You will need
1009 to rebuild your kernel toolchain to pick up the new compiler. Core dumps
1010 may result while building dtb files during a kernel build if you fail
1011 to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler.
1014 Clang and llvm have been upgraded to 3.4 release.
1017 The nve(4) driver has been removed. Please use the nfe(4) driver
1018 for NVIDIA nForce MCP Ethernet adapters instead.
1021 An ABI incompatibility crept into the libc++ 3.4 import in r261283.
1022 This could cause certain C++ applications using shared libraries built
1023 against the previous version of libc++ to crash. The incompatibility
1024 has now been fixed, but any C++ applications or shared libraries built
1025 between r261283 and r261801 should be recompiled.
1028 OpenSSH will now ignore errors caused by kernel lacking of Capsicum
1029 capability mode support. Please note that enabling the feature in
1030 kernel is still highly recommended.
1033 OpenSSH is now built with sandbox support, and will use sandbox as
1034 the default privilege separation method. This requires Capsicum
1035 capability mode support in kernel.
1038 The libelf and libdwarf libraries have been updated to newer
1039 versions from upstream. Shared library version numbers for
1040 these two libraries were bumped. Any ports or binaries
1041 requiring these two libraries should be recompiled.
1042 __FreeBSD_version is bumped to 1100006.
1045 If a Makefile in a tests/ directory was auto-generating a Kyuafile
1046 instead of providing an explicit one, this would prevent such
1047 Makefile from providing its own Kyuafile in the future during
1048 NO_CLEAN builds. This has been fixed in the Makefiles but manual
1049 intervention is needed to clean an objdir if you use NO_CLEAN:
1050 # find /usr/obj -name Kyuafile | xargs rm -f
1053 The behavior of gss_pseudo_random() for the krb5 mechanism
1054 has changed, for applications requesting a longer random string
1055 than produced by the underlying enctype's pseudo-random() function.
1056 In particular, the random string produced from a session key of
1057 enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
1058 be different at the 17th octet and later, after this change.
1059 The counter used in the PRF+ construction is now encoded as a
1060 big-endian integer in accordance with RFC 4402.
1061 __FreeBSD_version is bumped to 1100004.
1064 The WITHOUT_ATF build knob has been removed and its functionality
1065 has been subsumed into the more generic WITHOUT_TESTS. If you were
1066 using the former to disable the build of the ATF libraries, you
1067 should change your settings to use the latter.
1070 The default version of mtree is nmtree which is obtained from
1071 NetBSD. The output is generally the same, but may vary
1072 slightly. If you found you need identical output adding
1073 "-F freebsd9" to the command line should do the trick. For the
1074 time being, the old mtree is available as fmtree.
1077 libbsdyml has been renamed to libyaml and moved to /usr/lib/private.
1078 This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg
1079 1.1.4_8 and verify bsdyml not linked in, before running "make
1081 # make -C /usr/ports/ports-mgmt/pkg build deinstall install clean
1083 # pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml
1086 The stable/10 branch has been created in subversion from head
1090 The rc.d/jail script has been updated to support jail(8)
1091 configuration file. The "jail_<jname>_*" rc.conf(5) variables
1092 for per-jail configuration are automatically converted to
1093 /var/run/jail.<jname>.conf before the jail(8) utility is invoked.
1094 This is transparently backward compatible. See below about some
1095 incompatibilities and rc.conf(5) manual page for more details.
1097 These variables are now deprecated in favor of jail(8) configuration
1098 file. One can use "rc.d/jail config <jname>" command to generate
1099 a jail(8) configuration file in /var/run/jail.<jname>.conf without
1100 running the jail(8) utility. The default pathname of the
1101 configuration file is /etc/jail.conf and can be specified by
1102 using $jail_conf or $jail_<jname>_conf variables.
1104 Please note that jail_devfs_ruleset accepts an integer at
1105 this moment. Please consider to rewrite the ruleset name
1109 BIND has been removed from the base system. If all you need
1110 is a local resolver, simply enable and start the local_unbound
1111 service instead. Otherwise, several versions of BIND are
1112 available in the ports tree. The dns/bind99 port is one example.
1114 With this change, nslookup(1) and dig(1) are no longer in the base
1115 system. Users should instead use host(1) and drill(1) which are
1116 in the base system. Alternatively, nslookup and dig can
1117 be obtained by installing the dns/bind-tools port.
1120 With the addition of unbound(8), a new unbound user is now
1121 required during installworld. "mergemaster -p" can be used to
1122 add the user prior to installworld, as documented in the handbook.
1125 OpenSSH is now built with DNSSEC support, and will by default
1126 silently trust signed SSHFP records. This can be controlled with
1127 the VerifyHostKeyDNS client configuration setting. DNSSEC support
1128 can be disabled entirely with the WITHOUT_LDNS option in src.conf.
1131 The GNU Compiler Collection and C++ standard library (libstdc++)
1132 are no longer built by default on platforms where clang is the system
1133 compiler. You can enable them with the WITH_GCC and WITH_GNUCXX
1134 options in src.conf.
1137 The PROCDESC kernel option is now part of the GENERIC kernel
1138 configuration and is required for the rwhod(8) to work.
1139 If you are using custom kernel configuration, you should include
1143 The API and ABI related to the Capsicum framework was modified
1144 in backward incompatible way. The userland libraries and programs
1145 have to be recompiled to work with the new kernel. This includes the
1146 following libraries and programs, but the whole buildworld is
1147 advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl,
1148 kdump, procstat, rwho, rwhod, uniq.
1151 AES-NI intrinsic support has been added to gcc. The AES-NI module
1152 has been updated to use this support. A new gcc is required to build
1153 the aesni module on both i386 and amd64.
1156 The PADLOCK_RNG and RDRAND_RNG kernel options are now devices.
1157 Thus "device padlock_rng" and "device rdrand_rng" should be
1158 used instead of "options PADLOCK_RNG" & "options RDRAND_RNG".
1161 WITH_ICONV has been split into two feature sets. WITH_ICONV now
1162 enables just the iconv* functionality and is now on by default.
1163 WITH_LIBICONV_COMPAT enables the libiconv api and link time
1164 compatibility. Set WITHOUT_ICONV to build the old way.
1165 If you have been using WITH_ICONV before, you will very likely
1166 need to turn on WITH_LIBICONV_COMPAT.
1169 INVARIANTS option now enables DEBUG for code with OpenSolaris and
1170 Illumos origin, including ZFS. If you have INVARIANTS in your
1171 kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG
1173 DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS)
1174 locks if WITNESS option was set. Because that generated a lot of
1175 witness(9) reports and all of them were believed to be false
1176 positives, this is no longer done. New option OPENSOLARIS_WITNESS
1177 can be used to achieve the previous behavior.
1180 Timer values in IPv6 data structures now use time_uptime instead
1181 of time_second. Although this is not a user-visible functional
1182 change, userland utilities which directly use them---ndp(8),
1183 rtadvd(8), and rtsold(8) in the base system---need to be updated
1184 to r253970 or later.
1187 find -delete can now delete the pathnames given as arguments,
1188 instead of only files found below them or if the pathname did
1189 not contain any slashes. Formerly, the following error message
1192 find: -delete: <path>: relative path potentially not safe
1194 Deleting the pathnames given as arguments can be prevented
1195 without error messages using -mindepth 1 or by changing
1196 directory and passing "." as argument to find. This works in the
1197 old as well as the new version of find.
1200 Behavior of devfs rules path matching has been changed.
1201 Pattern is now always matched against fully qualified devfs
1202 path and slash characters must be explicitly matched by
1203 slashes in pattern (FNM_PATHNAME). Rulesets involving devfs
1204 subdirectories must be reviewed.
1207 The default ARM ABI has changed to the ARM EABI. The old ABI is
1208 incompatible with the ARM EABI and all programs and modules will
1209 need to be rebuilt to work with a new kernel.
1211 To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set.
1213 NOTE: Support for the old ABI will be removed in the future and
1214 users are advised to upgrade.
1217 pkg_install has been disconnected from the build if you really need it
1218 you should add WITH_PKGTOOLS in your src.conf(5).
1221 Most of network statistics structures were changed to be able
1222 keep 64-bits counters. Thus all tools, that work with networking
1223 statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.)
1226 Fix a bug that allowed a tracing process (e.g. gdb) to write
1227 to a memory-mapped file in the traced process's address space
1228 even if neither the traced process nor the tracing process had
1229 write access to that file.
1232 CVS has been removed from the base system. An exact copy
1233 of the code is available from the devel/cvs port.
1236 Some people report the following error after the switch to bmake:
1238 make: illegal option -- J
1239 usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable]
1241 *** [buildworld] Error code 2
1243 this likely due to an old instance of make in
1244 ${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE})
1245 which src/Makefile will use that blindly, if it exists, so if
1246 you see the above error:
1248 rm -rf `make -V MAKEPATH`
1253 Use bmake by default.
1254 Whereas before one could choose to build with bmake via
1255 -DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old
1256 make. The goal is to remove these knobs for 10-RELEASE.
1258 It is worth noting that bmake (like gmake) treats the command
1259 line as the unit of failure, rather than statements within the
1260 command line. Thus '(cd some/where && dosomething)' is safer
1261 than 'cd some/where; dosomething'. The '()' allows consistent
1262 behavior in parallel build.
1265 Fix a bug that allows NFS clients to issue READDIR on files.
1268 The WITHOUT_IDEA option has been removed because
1269 the IDEA patent expired.
1272 The sysctl which controls TRIM support under ZFS has been renamed
1273 from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been
1277 The mergemaster command now uses the default MAKEOBJDIRPREFIX
1278 rather than creating it's own in the temporary directory in
1279 order allow access to bootstrapped versions of tools such as
1280 install and mtree. When upgrading from version of FreeBSD where
1281 the install command does not support -l, you will need to
1282 install a new mergemaster command if mergemaster -p is required.
1283 This can be accomplished with the command (cd src/usr.sbin/mergemaster
1287 Legacy ATA stack, disabled and replaced by new CAM-based one since
1288 FreeBSD 9.0, completely removed from the sources. Kernel modules
1289 atadisk and atapi*, user-level tools atacontrol and burncd are
1290 removed. Kernel option `options ATA_CAM` is now permanently enabled
1294 SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2)
1295 and socketpair(2). Software, in particular Kerberos, may
1296 automatically detect and use these during building. The resulting
1297 binaries will not work on older kernels.
1300 CTL_DISABLE has also been added to the sparc64 GENERIC (for further
1301 information, see the respective 20130304 entry).
1304 Recent commits to callout(9) changed the size of struct callout,
1305 so the KBI is probably heavily disturbed. Also, some functions
1306 in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced
1307 by macros. Every kernel module using it won't load, so rebuild
1310 The ctl device has been re-enabled in GENERIC for i386 and amd64,
1311 but does not initialize by default (because of the new CTL_DISABLE
1312 option) to save memory. To re-enable it, remove the CTL_DISABLE
1313 option from the kernel config file or set kern.cam.ctl.disable=0
1314 in /boot/loader.conf.
1317 The ctl device has been disabled in GENERIC for i386 and amd64.
1318 This was done due to the extra memory being allocated at system
1319 initialisation time by the ctl driver which was only used if
1320 a CAM target device was created. This makes a FreeBSD system
1321 unusable on 128MB or less of RAM.
1324 A new compression method (lz4) has been merged to -HEAD. Please
1325 refer to zpool-features(7) for more information.
1327 Please refer to the "ZFS notes" section of this file for information
1328 on upgrading boot ZFS pools.
1331 A BSD-licensed patch(1) variant has been added and is installed
1332 as bsdpatch, being the GNU version the default patch.
1333 To inverse the logic and use the BSD-licensed one as default,
1334 while having the GNU version installed as gnupatch, rebuild
1335 and install world with the WITH_BSD_PATCH knob set.
1338 Due to the use of the new -l option to install(1) during build
1339 and install, you must take care not to directly set the INSTALL
1340 make variable in your /etc/make.conf, /etc/src.conf, or on the
1341 command line. If you wish to use the -C flag for all installs
1342 you may be able to add INSTALL+=-C to /etc/make.conf or
1346 The install(1) option -M has changed meaning and now takes an
1347 argument that is a file or path to append logs to. In the
1348 unlikely event that -M was the last option on the command line
1349 and the command line contained at least two files and a target
1350 directory the first file will have logs appended to it. The -M
1351 option served little practical purpose in the last decade so its
1352 use is expected to be extremely rare.
1355 After switching to Clang as the default compiler some users of ZFS
1356 on i386 systems started to experience stack overflow kernel panics.
1357 Please consider using 'options KSTACK_PAGES=4' in such configurations.
1360 GEOM_LABEL now mangles label names read from file system metadata.
1361 Mangling affect labels containing spaces, non-printable characters,
1362 '%' or '"'. Device names in /etc/fstab and other places may need to
1366 By default, only the 10 most recent kernel dumps will be saved. To
1367 restore the previous behaviour (no limit on the number of kernel dumps
1368 stored in the dump directory) add the following line to /etc/rc.conf:
1373 With the addition of auditdistd(8), a new auditdistd user is now
1374 required during installworld. "mergemaster -p" can be used to
1375 add the user prior to installworld, as documented in the handbook.
1378 The sin6_scope_id member variable in struct sockaddr_in6 is now
1379 filled by the kernel before passing the structure to the userland via
1380 sysctl or routing socket. This means the KAME-specific embedded scope
1381 id in sin6_addr.s6_addr[2] is always cleared in userland application.
1382 This behavior can be controlled by net.inet6.ip6.deembed_scopeid.
1383 __FreeBSD_version is bumped to 1000025.
1386 On i386 and amd64 systems WITH_CLANG_IS_CC is now the default.
1387 This means that the world and kernel will be compiled with clang
1388 and that clang will be installed as /usr/bin/cc, /usr/bin/c++,
1389 and /usr/bin/cpp. To disable this behavior and revert to building
1390 with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions
1391 of current may need to bootstrap WITHOUT_CLANG first if the clang
1392 build fails (its compatibility window doesn't extend to the 9 stable
1396 The IPFIREWALL_FORWARD kernel option has been removed. Its
1397 functionality now turned on by default.
1400 The ZERO_COPY_SOCKET kernel option has been removed and
1401 split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP.
1402 NB: SOCKET_SEND_COW uses the VM page based copy-on-write
1403 mechanism which is not safe and may result in kernel crashes.
1404 NB: The SOCKET_RECV_PFLIP mechanism is useless as no current
1405 driver supports disposeable external page sized mbuf storage.
1406 Proper replacements for both zero-copy mechanisms are under
1407 consideration and will eventually lead to complete removal
1408 of the two kernel options.
1411 The IPv4 network stack has been converted to network byte
1412 order. The following modules need to be recompiled together
1413 with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4),
1414 pf(4), ipfw(4), ng_ipfw(4), stf(4).
1417 Support for non-MPSAFE filesystems was removed from VFS. The
1418 VFS_VERSION was bumped, all filesystem modules shall be
1422 All the non-MPSAFE filesystems have been disconnected from
1423 the build. The full list includes: codafs, hpfs, ntfs, nwfs,
1424 portalfs, smbfs, xfs.
1427 The interface cloning API and ABI has changed. The following
1428 modules need to be recompiled together with kernel:
1429 ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4),
1430 vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4),
1431 faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4).
1434 The sdhci driver was split in two parts: sdhci (generic SD Host
1435 Controller logic) and sdhci_pci (actual hardware driver).
1436 No kernel config modifications are required, but if you
1437 load sdhc as a module you must switch to sdhci_pci instead.
1440 Import the FUSE kernel and userland support into base system.
1443 The GNU sort(1) program has been removed since the BSD-licensed
1444 sort(1) has been the default for quite some time and no serious
1445 problems have been reported. The corresponding WITH_GNU_SORT
1449 The pfil(9) API/ABI for AF_INET family has been changed. Packet
1450 filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled
1454 The net80211(4) ABI has been changed to allow for improved driver
1455 PS-POLL and power-save support. All wireless drivers need to be
1456 recompiled to work with the new kernel.
1459 The random(4) support for the VIA hardware random number
1460 generator (`PADLOCK') is no longer enabled unconditionally.
1461 Add the padlock_rng device in the custom kernel config if
1462 needed. The GENERIC kernels on i386 and amd64 do include the
1463 device, so the change only affects the custom kernel
1467 The pf(4) packet filter ABI has been changed. pfctl(8) and
1468 snmp_pf module need to be recompiled to work with new kernel.
1471 A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
1472 to -HEAD. Pools that have empty_bpobj in active state can not be
1473 imported read-write with ZFS implementations that do not support
1474 this feature. For more information read the zpool-features(5)
1478 The sparc64 ZFS loader has been changed to no longer try to auto-
1479 detect ZFS providers based on diskN aliases but now requires these
1480 to be explicitly listed in the OFW boot-device environment variable.
1483 The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring
1484 libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are
1485 configuration changes. Make sure to merge /etc/ssl/openssl.cnf.
1488 The following sysctls and tunables have been renamed for consistency
1489 with other variables:
1490 kern.cam.da.da_send_ordered -> kern.cam.da.send_ordered
1491 kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered
1494 The sort utility has been replaced with BSD sort. For now, GNU sort
1495 is also available as "gnusort" or the default can be set back to
1496 GNU sort by setting WITH_GNU_SORT. In this case, BSD sort will be
1497 installed as "bsdsort".
1500 A new version of ZFS (pool version 5000) has been merged to -HEAD.
1501 Starting with this version the old system of ZFS pool versioning
1502 is superseded by "feature flags". This concept enables forward
1503 compatibility against certain future changes in functionality of ZFS
1504 pools. The first read-only compatible "feature flag" for ZFS pools
1505 is named "com.delphix:async_destroy". For more information
1506 read the new zpool-features(5) manual page.
1507 Please refer to the "ZFS notes" section of this file for information
1508 on upgrading boot ZFS pools.
1511 The malloc(3) implementation embedded in libc now uses sources imported
1512 as contrib/jemalloc. The most disruptive API change is to
1513 /etc/malloc.conf. If your system has an old-style /etc/malloc.conf,
1514 delete it prior to installworld, and optionally re-create it using the
1515 new format after rebooting. See malloc.conf(5) for details
1516 (specifically the TUNING section and the "opt.*" entries in the MALLCTL
1520 Big-endian MIPS TARGET_ARCH values no longer end in "eb". mips64eb
1521 is now spelled mips64. mipsn32eb is now spelled mipsn32. mipseb is
1522 now spelled mips. This is to aid compatibility with third-party
1523 software that expects this naming scheme in uname(3). Little-endian
1524 settings are unchanged. If you are updating a big-endian mips64 machine
1525 from before this change, you may need to set MACHINE_ARCH=mips64 in
1526 your environment before the new build system will recognize your machine.
1529 Disable by default the option VFS_ALLOW_NONMPSAFE for all supported
1533 Now unix domain sockets behave "as expected" on nullfs(5). Previously
1534 nullfs(5) did not pass through all behaviours to the underlying layer,
1535 as a result if we bound to a socket on the lower layer we could connect
1536 only to the lower path; if we bound to the upper layer we could connect
1537 only to the upper path. The new behavior is one can connect to both the
1538 lower and the upper paths regardless what layer path one binds to.
1541 The getifaddrs upgrade path broken with 20111215 has been restored.
1542 If you have upgraded in between 20111215 and 20120209 you need to
1543 recompile libc again with your kernel. You still need to recompile
1544 world to be able to configure CARP but this restriction already
1545 comes from 20111215.
1548 The set_rcvar() function has been removed from /etc/rc.subr. All
1549 base and ports rc.d scripts have been updated, so if you have a
1550 port installed with a script in /usr/local/etc/rc.d you can either
1551 hand-edit the rcvar= line, or reinstall the port.
1553 An easy way to handle the mass-update of /etc/rc.d:
1554 rm /etc/rc.d/* && mergemaster -i
1557 panic(9) now stops other CPUs in the SMP systems, disables interrupts
1558 on the current CPU and prevents other threads from running.
1559 This behavior can be reverted using the kern.stop_scheduler_on_panic
1561 The new behavior can be incompatible with kern.sync_on_panic.
1564 The carp(4) facility has been changed significantly. Configuration
1565 of the CARP protocol via ifconfig(8) has changed, as well as format
1566 of CARP events submitted to devd(8) has changed. See manual pages
1567 for more information. The arpbalance feature of carp(4) is currently
1568 not supported anymore.
1570 Size of struct in_aliasreq, struct in6_aliasreq has changed. User
1571 utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8),
1572 need to be recompiled.
1575 The acpi_wmi(4) status device /dev/wmistat has been renamed to
1579 The option VFS_ALLOW_NONMPSAFE option has been added in order to
1580 explicitely support non-MPSAFE filesystems.
1581 It is on by default for all supported platform at this present
1585 The broken amd(4) driver has been replaced with esp(4) in the amd64,
1586 i386 and pc98 GENERIC kernel configuration files.
1589 sysinstall has been removed
1592 The stable/9 branch created in subversion. This corresponds to the
1593 RELENG_9 branch in CVS.
1599 Avoid using make -j when upgrading. While generally safe, there are
1600 sometimes problems using -j to upgrade. If your upgrade fails with
1601 -j, please try again without -j. From time to time in the past there
1602 have been problems using -j with buildworld and/or installworld. This
1603 is especially true when upgrading between "distant" versions (eg one
1604 that cross a major release boundary or several minor releases, or when
1605 several months have passed on the -current branch).
1607 Sometimes, obscure build problems are the result of environment
1608 poisoning. This can happen because the make utility reads its
1609 environment when searching for values for global variables. To run
1610 your build attempts in an "environmental clean room", prefix all make
1611 commands with 'env -i '. See the env(1) manual page for more details.
1613 When upgrading from one major version to another it is generally best to
1614 upgrade to the latest code in the currently installed branch first, then
1615 do an upgrade to the new branch. This is the best-tested upgrade path,
1616 and has the highest probability of being successful. Please try this
1617 approach if you encounter problems with a major version upgrade. Since
1618 the stable 4.x branch point, one has generally been able to upgade from
1619 anywhere in the most recent stable branch to head / current (or even the
1620 last couple of stable branches). See the top of this file when there's
1623 When upgrading a live system, having a root shell around before
1624 installing anything can help undo problems. Not having a root shell
1625 around can lead to problems if pam has changed too much from your
1626 starting point to allow continued authentication after the upgrade.
1628 This file should be read as a log of events. When a later event changes
1629 information of a prior event, the prior event should not be deleted.
1630 Instead, a pointer to the entry with the new information should be
1631 placed in the old entry. Readers of this file should also sanity check
1632 older entries before relying on them blindly. Authors of new entries
1633 should write them with this in mind.
1637 When upgrading the boot ZFS pool to a new version, always follow
1640 1.) recompile and reinstall the ZFS boot loader and boot block
1641 (this is part of "make buildworld" and "make installworld")
1643 2.) update the ZFS boot block on your boot drive
1645 The following example updates the ZFS boot block on the first
1646 partition (freebsd-boot) of a GPT partitioned drive ada0:
1647 "gpart bootcode -p /boot/gptzfsboot -i 1 ada0"
1649 Non-boot pools do not need these updates.
1653 If you are updating from a prior version of FreeBSD (even one just
1654 a few days old), you should follow this procedure. It is the most
1655 failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,
1657 make kernel-toolchain
1658 make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
1659 make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
1661 To test a kernel once
1662 ---------------------
1663 If you just want to boot a kernel once (because you are not sure
1664 if it works, or if you want to boot a known bad kernel to provide
1665 debugging information) run
1666 make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
1667 nextboot -k testkernel
1669 To just build a kernel when you know that it won't mess you up
1670 --------------------------------------------------------------
1671 This assumes you are already running a CURRENT system. Replace
1672 ${arch} with the architecture of your machine (e.g. "i386",
1673 "arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc).
1675 cd src/sys/${arch}/conf
1676 config KERNEL_NAME_HERE
1677 cd ../compile/KERNEL_NAME_HERE
1682 If this fails, go to the "To build a kernel" section.
1684 To rebuild everything and install it on the current system.
1685 -----------------------------------------------------------
1686 # Note: sometimes if you are running current you gotta do more than
1687 # is listed here if you are upgrading from a really old current.
1689 <make sure you have good level 0 dumps>
1691 make kernel KERNCONF=YOUR_KERNEL_HERE
1693 <reboot in single user> [3]
1700 To cross-install current onto a separate partition
1701 --------------------------------------------------
1702 # In this approach we use a separate partition to hold
1703 # current's root, 'usr', and 'var' directories. A partition
1704 # holding "/", "/usr" and "/var" should be about 2GB in
1707 <make sure you have good level 0 dumps>
1710 make buildkernel KERNCONF=YOUR_KERNEL_HERE
1711 <maybe newfs current's root partition>
1712 <mount current's root partition on directory ${CURRENT_ROOT}>
1713 make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC
1714 make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
1715 make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
1716 cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd
1717 <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
1718 <reboot into current>
1719 <do a "native" rebuild/install as described in the previous section>
1720 <maybe install compatibility libraries from ports/misc/compat*>
1724 To upgrade in-place from stable to current
1725 ----------------------------------------------
1726 <make sure you have good level 0 dumps>
1728 make kernel KERNCONF=YOUR_KERNEL_HERE [8]
1730 <reboot in single user> [3]
1737 Make sure that you've read the UPDATING file to understand the
1738 tweaks to various things you need. At this point in the life
1739 cycle of current, things change often and you are on your own
1740 to cope. The defaults can also change, so please read ALL of
1741 the UPDATING entries.
1743 Also, if you are tracking -current, you must be subscribed to
1744 freebsd-current@freebsd.org. Make sure that before you update
1745 your sources that you have read and understood all the recent
1746 messages there. If in doubt, please track -stable which has
1747 much fewer pitfalls.
1749 [1] If you have third party modules, such as vmware, you
1750 should disable them at this point so they don't crash your
1753 [3] From the bootblocks, boot -s, and then do
1758 adjkerntz -i # if CMOS is wall time
1759 Also, when doing a major release upgrade, it is required that
1760 you boot into single user mode to do the installworld.
1762 [4] Note: This step is non-optional. Failure to do this step
1763 can result in a significant reduction in the functionality of the
1764 system. Attempting to do it by hand is not recommended and those
1765 that pursue this avenue should read this file carefully, as well
1766 as the archives of freebsd-current and freebsd-hackers mailing lists
1767 for potential gotchas. The -U option is also useful to consider.
1768 See mergemaster(8) for more information.
1770 [5] Usually this step is a noop. However, from time to time
1771 you may need to do this if you get unknown user in the following
1772 step. It never hurts to do it all the time. You may need to
1773 install a new mergemaster (cd src/usr.sbin/mergemaster && make
1774 install) after the buildworld before this step if you last updated
1775 from current before 20130425 or from -stable before 20130430.
1777 [6] This only deletes old files and directories. Old libraries
1778 can be deleted by "make delete-old-libs", but you have to make
1779 sure that no program is using those libraries anymore.
1781 [8] In order to have a kernel that can run the 4.x binaries needed to
1782 do an installworld, you must include the COMPAT_FREEBSD4 option in
1783 your kernel. Failure to do so may leave you with a system that is
1784 hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is
1785 required to run the 5.x binaries on more recent kernels. And so on
1786 for COMPAT_FREEBSD6 and COMPAT_FREEBSD7.
1788 Make sure that you merge any new devices from GENERIC since the
1789 last time you updated your kernel config file.
1791 [9] When checking out sources, you must include the -P flag to have
1792 cvs prune empty directories.
1794 If CPUTYPE is defined in your /etc/make.conf, make sure to use the
1795 "?=" instead of the "=" assignment operator, so that buildworld can
1796 override the CPUTYPE if it needs to.
1798 MAKEOBJDIRPREFIX must be defined in an environment variable, and
1799 not on the command line, or in /etc/make.conf. buildworld will
1800 warn if it is improperly defined.
1803 This file contains a list, in reverse chronological order, of major
1804 breakages in tracking -current. It is not guaranteed to be a complete
1805 list of such breakages, and only contains entries since September 23, 2011.
1806 If you need to see UPDATING entries from before that date, you will need
1807 to fetch an UPDATING file from an older FreeBSD release.
1809 Copyright information:
1811 Copyright 1998-2009 M. Warner Losh. All Rights Reserved.
1813 Redistribution, publication, translation and use, with or without
1814 modification, in full or in part, in any form or format of this
1815 document are permitted without further permission from the author.
1817 THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
1818 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
1819 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1820 DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
1821 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1822 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1823 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1824 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1825 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
1826 IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1827 POSSIBILITY OF SUCH DAMAGE.
1829 Contact Warner Losh if you have any questions about your use of