1 Updating Information for FreeBSD STABLE users
3 This file is maintained and copyrighted by M. Warner Losh
4 <imp@village.org>. See end of file for further details. For commonly
5 done items, please see the COMMON ITEMS: section later in the file.
7 Items affecting the ports and packages system can be found in
8 /usr/ports/UPDATING. Please read that file before running
11 20100526: p8 FreeBSD-SA-10:05.opie, FreeBSD-SA-10:06.nfsclient
12 Fix a one-NUL-byte buffer overflow in libopie. [10:05]
14 Correctly sanity-check a buffer length in nfs mount. [10:06]
16 20100227: p7 FreeBSD-EN-10:02.sched_ule
17 Fix a deadlock in the ULE scheduler.
19 20100106: p6 FreeBSD-SA-10:01.bind, FreeBSD-SA-10:02.ntpd,
21 Fix BIND named(8) cache poisoning with DNSSEC validation.
24 Fix ntpd mode 7 denial of service. [SA-10:02]
26 Fix ZFS ZIL playback with insecure permissions. [SA-10:03]
28 20091203: p5 FreeBSD-SA-09:15.ssl, FreeBSD-SA-09:16.rtld,
29 FreeBSD-SA-09:17.freebsd-update
30 Disable SSL renegotiation in order to protect against a serious
31 protocol flaw. [09:15]
33 Correctly handle failures from unsetenv resulting from a corrupt
34 environment in rtld-elf. [09:16]
36 Fix permissions in freebsd-update in order to prevent leakage of
37 sensitive files. [09:17]
39 20091002: p4 FreeBSD-SA-09:14.devfs FreeBSD-EN-09:05.null
40 Fix devfs / VFS NULL pointer race condition. [SA-09:14]
42 Add no zero mapping feature. [EN-09:05]
44 20090729: p3 FreeBSD-SA-09:12.bind
45 Fix BIND named(8) dynamic update message remote DoS.
47 20090624: p2 FreeBSD-EN-09:02.bce, FreeBSD-EN-09:03.fxp,
49 Fix packet length calculation in bce(4). [EN-09:02]
51 Correctly set IP packet length for TSO in fxp(4). [EN-09:03]
53 Fix a lock order reversal bug that could cause deadlock during
56 20090610: p1 FreeBSD-SA-09:09.pipe, FreeBSD-SA-09:10.ipv6,
58 Prevent integer overflow in direct pipe write code from circumventing
59 virtual-to-physical page lookups. [09:09]
61 Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]
63 Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]
68 20090422: FreeBSD-SA-09:07.libc, FreeBSD-SA-09:08.openssl
69 Don't leak information via uninitialized space in db(3) records.
72 Sanity-check string lengths in order to stop OpenSSL crashing
73 when printing corrupt BMPString or UniversalString objects. [09:08]
76 Following bug-fixes to TCP connection state flags, netstat, systat,
77 and sockstat will need to be rebuilt in order to properly print
78 connections in the TIMEWAIT state.
81 Change IPv6 ephemeral port allocation from sequential to
82 random allocation, like IPv4 has done for more than four years.
83 The implementation shares infrastructure with IPv4. This
84 means that there is only one set of sysctls to control both
85 IPv4 and IPv6. See ip(4) man page for details.
88 A workaround is committed to allow the creation of System V shared
89 memory segment of size > 2 GB on the 64-bit architectures.
90 Due to a limitation of the existing ABI, the shm_segsz member
91 of the struct shmid_ds, returned by shmctl(IPC_STAT) call is
92 wrong for large segments. Note that limits must be explicitely
93 raised to allow such segments to be created.
95 The management interface that is used by ipcs(1) has to be changed
96 in incompatible way. Rebuild the ipcs(1) utility with the new
97 headers after the update. Buildworld/installworld takes care
98 of this issue automatically.
101 The open-source Atheros HAL has been merged from HEAD
103 The kernel compile-time option AH_SUPPORT_AR5416 has been
104 added to support certain newer Atheros parts, particularly
105 PCI-Express chipsets.
106 The following modules are no longer available, and should be
107 removed from MODULES_OVERRIDE and/or loader.conf:-
108 ath_hal ath_rate_amrr ath_rate_onoe ath_rate_sample
111 ZFS users on amd64 machines with 4GB or more of RAM should
112 reevaluate their need for setting vm.kmem_size_max and
113 vm.kmem_size manually. In fact, after recent changes to the
114 kernel, the default value of vm.kmem_size is larger than the
115 suggested manual setting in most ZFS/FreeBSD tuning guides.
118 Multi-IPv4/v6/no-IP jail support was merged to STABLE.
119 You need to rebuild jls(8) and to use the new features
120 jail(8), jexec(8) and cpuset(1) with a new kernel.
121 __FreeBSD_version was bumped to 701103.
124 NTFS has been removed from GENERIC kernel on amd64 to match
125 GENERIC on i386. Should not cause any issues since mount_ntfs(8)
126 will load ntfs.ko module automatically when NTFS support is
127 actually needed, unless ntfs.ko is not installed or security
128 level prohibits loading kernel modules. If either is the case,
129 "options NTFS" has to be added into kernel config.
132 powerd(8) was updated to get better SMP support.
133 Meanings of the -i and -r command line options were changed.
136 snd_hda(4) driver was updated to version 20081226_0122.
138 Due to added HDMI audio and logical audio devices support, updated
139 driver often provides several PCM devices. In some cases it can make
140 system default audio device no longer correspond to the users's
141 habbitual audio connectors. In such cases wanted device can be
142 specified in audio application setup or defined globally via
143 hw.snd.default_unit sysctl according to sound(4) and snd_hda(4)
150 ntpd has been upgraded to 4.2.4p5.
153 OpenSSH has been upgraded to 5.1p1.
156 DTrace support was merged to STABLE today. In the best
157 tradition of "the dog ate my homework", subversion decided
158 that the commit message was too large and opted not to send
159 it. It was a stealth commit!
161 A 'make buildkernel' will now default to build the kernel
162 and modules with both DTrace kernel hooks and CTF data ready
165 After you have installed both world and the kernel, and
166 rebooted, you can 'kldload dtraceall' to load all the DTrace
167 kernel modules and then you're set to run the 'dtrace'
170 For DTrace documentation, refer to:
171 <http://wikis.sun.com/display/DTrace/Documentation>
173 We are limited to kernel tracing at the moment, so the pid
174 provider is not available.
176 For the syscall provider, note that the arguments to the
177 return probes are the same as for the entry probes.
180 Today STABLE got a reorganization of the Intel E1000
181 driver code. In order to better support our new adapters
182 there is a new driver, igb, that is now to be used for
183 either the 82575 or 82576 adapters. The source however,
184 is all now in sys/dev/e1000, both em and igb drivers are
185 built from that common directory if you configure them
186 in the kernel. Making loadable drivers still happens in
187 the same place: sys/modules/[em, igb].
189 The important thing to note is that the 82575 adapters
190 were supported in the em driver in 7.0, but now needed
191 to be moved into igb, so if you have the effected cards
192 be sure and make any script changes to follow the name
195 There are only 3 PCI ID's effected in this change:
196 0x10A7, 0x10A9, and 0x10D6
197 So you can know ahead of time if they will be effected,
198 these will now be supported in the igb driver. That
199 driver will also support the new 82576 followon.
201 The driver reorg in STABLE is inconvenient but it really
202 was necessary for Intel to do this, and I figured it was
203 better to have this small admin type issue than not to
204 have support for this new hardware for a whole release
208 I have MFC'd in code to support multiple routing tables.
209 see the man pages setfib(1) and setfib(2).
210 This is a backwards compatible version,
211 but to make use of it you need to compile your kernel
212 with options ROUTETABLES=2 (or more up to 16).
218 Note the addition of m_collapse for compacting mbuf chains.
221 The AT keyboard emulation of sunkbd(4) has been turned on
222 by default. In order to make the special symbols of the Sun
223 keyboards driven by sunkbd(4) work under X these now have
224 to be configured the same way as Sun USB keyboards driven
225 by ukbd(4) (which also does AT keyboard emulation), f.e.:
227 Option "XkbLayout" "us"
228 Option "XkbRules" "xorg"
229 Option "XkbSymbols" "pc(pc105)+sun_vndr/usb(sun_usb)+us"
232 It has been decided that it is desirable to provide ABI
233 backwards compatibility to the FreeBSD 4/5/6 versions of the
234 PCIOCGETCONF, PCIOCREAD and PCIOCWRITE IOCTLs, which was
235 broken with the introduction of PCI domain support (see the
236 20070930 entry). Unfortunately, this required the ABI of
237 PCIOCGETCONF to be broken again in order to be able to
238 provide backwards compatibility to the old version of that
239 IOCTL. Thus consumers of PCIOCGETCONF have to be recompiled
240 again. As for prominent ports this affects neither pciutils
241 nor xorg-server this time, the hal port needs to be rebuilt
248 Setting WITHOUT_LIBPTHREAD now means WITHOUT_LIBKSE and
249 WITHOUT_LIBTHR are set.
252 The PCI code has been made aware of PCI domains. This means that
253 the location strings as used by pciconf(8) etc are now in the
254 following format: pci<domain>:<bus>:<device>[:<function>]. It
255 also means that consumers of <sys/pciio.h> potentially need to
256 be recompiled; this includes the hal and xorg-server ports.
259 The caching daemon (cached) was renamed to nscd. nscd.conf
260 configuration file should be used instead of cached.conf and
261 nscd_enable, nscd_pidfile and nscd_flags options should be used
262 instead of cached_enable, cached_pidfile and cached_flags in
266 The new IPsec code is now compiled in using the IPSEC option. The
267 IPSEC option now requires "device crypto" be defined in your kernel
268 configuration. The FAST_IPSEC kernel option is now deprecated.
271 The packet filter (pf) code has been updated to OpenBSD 4.1 Please
272 note the changed syntax - keep state is now on by default. Also
273 note the fact that ftp-proxy(8) has been changed from bottom up and
274 has been moved from libexec to usr/sbin. Changes in the ALTQ
275 handling also affect users of IPFW's ALTQ capabilities.
278 Remove KAME IPsec in favor of FAST_IPSEC, which is now the
279 only IPsec supported by FreeBSD. The new IPsec stack
280 supports both IPv4 and IPv6. The kernel option will change
281 after the code changes have settled in. For now the kernel
282 option IPSEC is deprecated and FAST_IPSEC is the only option, that
283 will change after some settling time.
286 The wicontrol(8) utility has been removed from the base system. wi(4)
287 cards should be configured using ifconfig(8), see the man page for more
291 The i386/amd64 GENERIC kernel now defaults to the nfe(4) driver
292 instead of the nve(4) driver. Please update your configuration
296 By default, /etc/rc.d/sendmail no longer rebuilds the aliases
297 database if it is missing or older than the aliases file. If
298 desired, set the new rc.conf option sendmail_rebuild_aliases
299 to "YES" to restore that functionality.
302 The IPv4 multicast socket code has been considerably modified, and
303 moved to the file sys/netinet/in_mcast.c. Initial support for the
304 RFC 3678 Source-Specific Multicast Socket API has been added to
305 the IPv4 network stack.
307 Strict multicast and broadcast reception is now the default for
308 UDP/IPv4 sockets; the net.inet.udp.strict_mcast_mship sysctl variable
309 has now been removed.
311 The RFC 1724 hack for interface selection has been removed; the use
312 of the Linux-derived ip_mreqn structure with IP_MULTICAST_IF has
313 been added to replace it. Consumers such as routed will soon be
314 updated to reflect this.
316 These changes affect users who are running routed(8) or rdisc(8)
317 from the FreeBSD base system on point-to-point or unnumbered
321 The net80211 layer has changed significantly and all wireless
322 drivers that depend on it need to be recompiled. Further these
323 changes require that any program that interacts with the wireless
324 support in the kernel be recompiled; this includes: ifconfig,
325 wpa_supplicant, hostapd, and wlanstats. Users must also, for
326 the moment, kldload the wlan_scan_sta and/or wlan_scan_ap modules
327 if they use modules for wireless support. These modules implement
328 scanning support for station and ap modes, respectively. Failure
329 to load the appropriate module before marking a wireless interface
330 up will result in a message to the console and the device not
334 The pam_nologin(8) module ceases to provide an authentication
335 function and starts providing an account management function.
336 Consequent changes to /etc/pam.d should be brought in using
337 mergemaster(8). Third-party files in /usr/local/etc/pam.d may
338 need manual editing as follows. Locate this line (or similar):
340 auth required pam_nologin.so no_warn
342 and change it according to this example:
344 account required pam_nologin.so no_warn
346 That is, the first word needs to be changed from "auth" to
347 "account". The new line can be moved to the account section
348 within the file for clarity. Not updating pam.conf(5) files
349 will result in nologin(5) ignored by the respective services.
352 The ether_ioctl() function has been synchronized with ioctl(2)
353 and ifnet.if_ioctl. Due to that, the size of one of its arguments
354 has changed on 64-bit architectures. All kernel modules using
355 ether_ioctl() need to be rebuilt on such architectures.
358 Improved INCLUDE_CONFIG_FILE support has been introduced to the
359 config(8) utility. In order to take advantage of this new
360 functionality, you are expected to recompile and install
361 src/usr.sbin/config. If you don't rebuild config(8), and your
362 kernel configuration depends on INCLUDE_CONFIG_FILE, the kernel
363 build will be broken because of a missing "kernconfstring"
367 Symbol versioning is enabled by default. To disable it, use
368 option WITHOUT_SYMVER. It is not advisable to attempt to
369 disable symbol versioning once it is enabled; your installworld
370 will break because a symbol version-less libc will get installed
371 before the install tools. As a result, the old install tools,
372 which previously had symbol dependencies to FBSD_1.0, will fail
373 because the freshly installed libc will not have them.
375 The default threading library (providing "libpthread") has been
376 changed to libthr. If you wish to have libkse as your default,
377 use option DEFAULT_THREAD_LIB=libkse for the buildworld.
380 The ABI breakage in sendmail(8)'s libmilter has been repaired
381 so it is no longer necessary to recompile mail filters (aka,
382 milters). If you recompiled mail filters after the 20070408
383 note, it is not necessary to recompile them again.
386 The new trunk(4) driver has been renamed to lagg(4) as it better
387 reflects its purpose. ifconfig will need to be recompiled.
390 sendmail(8) has been updated to version 8.14.1. Mail filters
391 (aka, milters) compiled against the libmilter included in the
392 base operating system should be recompiled.
395 Firmwares for ipw(4) and iwi(4) are now included in the base tree.
396 In order to use them one must agree to the respective LICENSE in
397 share/doc/legal and define legal.intel_<name>.license_ack=1 via
398 loader.conf(5) or kenv(1). Make sure to deinstall the now
399 deprecated modules from the respective firmware ports.
402 The name resolution/mapping functions addr2ascii(3) and ascii2addr(3)
403 were removed from FreeBSD's libc. These originally came from INRIA
404 IPv6. Nothing in FreeBSD ever used them. They may be regarded as
405 deprecated in previous releases.
406 The AF_LINK support for getnameinfo(3) was merged from NetBSD to
407 replace it as a more portable (and re-entrant) API.
410 To support interrupt filtering a modification to the newbus API
411 has occurred, ABI was broken and __FreeBSD_version was bumped
412 to 700031. Please make sure that your kernel and modules are in
414 http://docs.freebsd.org/cgi/mid.cgi?20070221233124.GA13941
417 The IPv6 multicast forwarding code may now be loaded into GENERIC
418 kernels by loading the ip_mroute.ko module. This is built into the
419 module unless WITHOUT_INET6 or WITHOUT_INET6_SUPPORT options are
420 set; see src.conf(5) for more information.
423 The output of netstat -r has changed. Without -n, we now only
424 print a "network name" without the prefix length if the network
425 address and mask exactly match a Class A/B/C network, and an entry
426 exists in the nsswitch "networks" map.
427 With -n, we print the full unabbreviated CIDR network prefix in
428 the form "a.b.c.d/p". 0.0.0.0/0 is always printed as "default".
429 This change is in preparation for changes such as equal-cost
430 multipath, and to more generally assist operational deployment
431 of FreeBSD as a modern IPv4 router.
434 PIM has been turned on by default in the IPv4 multicast
435 routing code. The kernel option 'PIM' has now been removed.
436 PIM is now built by default if option 'MROUTING' is specified.
437 It may now be loaded into GENERIC kernels by loading the
441 Support for IPIP tunnels (VIFF_TUNNEL) in IPv4 multicast routing
442 has been removed. Its functionality may be achieved by explicitly
443 configuring gif(4) interfaces and using the 'phyint' keyword in
445 XORP does not support source-routed IPv4 multicast tunnels nor the
446 integrated IPIP tunneling, therefore it is not affected by this
447 change. The __FreeBSD_version macro has been bumped to 700030.
450 Support for PCI Message Signalled Interrupts has been
451 re-enabled in the bge driver, only for those chips which are
452 believed to support it properly. If there are any problems,
453 MSI can be disabled completely by setting the
454 'hw.pci.enable_msi' and 'hw.pci.enable_msix' tunables to 0
458 Support for PCI Message Signalled Interrupts has been
459 disabled again in the bge driver. Many revisions of the
460 hardware fail to support it properly. Support can be
461 re-enabled by removing the #define of BGE_DISABLE_MSI in
462 "src/sys/dev/bge/if_bge.c".
465 Support for PCI Message Signalled Interrupts has been added
466 to the bge driver. If there are any problems, MSI can be
467 disabled completely by setting the 'hw.pci.enable_msi' and
468 'hw.pci.enable_msix' tunables to 0 in the loader.
471 The removal of several facets of the experimental Threading
472 system from the kernel means that the proc and thread structures
473 have changed quite a bit. I suggest all kernel modules that might
474 reference these structures be recompiled.. Especially the
478 Sound infrastructure has been updated with various fixes and
479 improvements. Most of the changes are pretty much transparent,
480 with exceptions of followings:
481 1) All sound driver specific sysctls (hw.snd.pcm%d.*) have been
482 moved to their own dev sysctl nodes, for example:
483 hw.snd.pcm0.vchans -> dev.pcm.0.vchans
484 2) /dev/dspr%d.%d has been deprecated. Each channel now has its
485 own chardev in the form of "dsp%d.<function>%d", where <function>
486 is p = playback, r = record and v = virtual, respectively. Users
487 are encouraged to use these devs instead of (old) "/dev/dsp%d.%d".
488 This does not affect those who are using "/dev/dsp".
491 geom(4)'s gmirror(8) class metadata structure has been
492 rev'd from v3 to v4. If you update across this point and
493 your metadata is converted for you, you will not be easily
494 able to downgrade since the /boot/kernel.old/geom_mirror.ko
495 kernel module will be unable to read the v4 metadata. You
496 can resolve this by doing from the loader(8) prompt:
498 set vfs.root.mountfrom="ufs:/dev/XXX"
500 where XXX is the root slice of one of the disks that composed
501 the mirror (i.e.: /dev/ad0s1a). You can then rebuild
502 the array the same way you built it originally.
505 The following binaries have been disconnected from the build:
506 mount_devfs, mount_ext2fs, mount_fdescfs, mount_procfs, mount_linprocfs,
507 and mount_std. The functionality of these programs has been
508 moved into the mount program. For example, to mount a devfs
509 filesystem, instead of using mount_devfs, use: "mount -t devfs".
510 This does not affect entries in /etc/fstab, since entries in
511 /etc/fstab are always processed with "mount -t fstype".
514 Support for PCI Message Signalled Interrupts on i386 and amd64
515 has been added to the kernel and various drivers will soon be
516 updated to use MSI when it is available. If there are any problems,
517 MSI can be disabled completely by setting the 'hw.pci.enable_msi'
518 and 'hw.pci.enable_msix' tunables to 0 in the loader.
521 The MUTEX_PROFILING option has been renamed to LOCK_PROFILING.
522 The lockmgr object layout has been changed as a result of having
523 a lock_object embedded in it. As a consequence all file system
524 kernel modules must be re-compiled. The mutex profiling man page
525 has not yet been updated to reflect this change.
528 KSE in the kernel has now been made optional and turned on by
529 default. Use 'nooption KSE' in your kernel config to turn it
530 off. All kernel modules *must* be recompiled after this change.
531 There-after, modules from a KSE kernel should be compatible with
532 modules from a NOKSE kernel due to the temporary padding fields
533 added to 'struct proc'.
536 mrouted and its utilities have been removed from the base system.
539 Some ioctl(2) command codes have changed. Full backward ABI
540 compatibility is provided if the "options COMPAT_FREEBSD6" is
541 present in the kernel configuration file. Make sure to add
542 this option to your kernel config file, or recompile X.Org
543 and the rest of ports; otherwise they may refuse to work.
546 tcpslice has been removed from the base system.
549 The sizes of struct tcpcb (and struct xtcpcb) have changed due to
550 the rewrite of TCP syncookies. Tools like netstat, sockstat, and
551 systat needs to be rebuilt.
554 libpcap updated to v0.9.4 and tcpdump to v3.9.4
557 The IPFIREWALL_FORWARD_EXTENDED option is gone and the behaviour
558 for IPFIREWALL_FORWARD is now as it was before when it was first
559 committed and for years after. The behaviour is now ON.
562 enigma(1)/crypt(1) utility has been changed on 64 bit architectures.
563 Now it can decrypt files created from different architectures.
564 Unfortunately, it is no longer able to decrypt a cipher text
565 generated with an older version on 64 bit architectures.
566 If you have such a file, you need old utility to decrypt it.
569 The interface version of the i4b kernel part has changed. So
570 after updating the kernel sources and compiling a new kernel,
571 the i4b user space tools in "/usr/src/usr.sbin/i4b" must also
572 be rebuilt, and vice versa.
575 The XBOX kernel now defaults to the nfe(4) driver instead of
576 the nve(4) driver. Please update your configuration
580 The i386-only lnc(4) driver for the AMD Am7900 LANCE and Am79C9xx
581 PCnet family of NICs has been removed. The new le(4) driver serves
582 as an equivalent but cross-platform replacement with the pcn(4)
583 driver still providing performance-optimized support for the subset
584 of AMD Am79C971 PCnet-FAST and greater chips as before.
587 The machdep.* sysctls and the adjkerntz utility have been
588 modified a bit. The new adjkerntz utility uses the new
589 sysctl names and sysctlbyname() calls, so it may be impossible
590 to run an old /sbin/adjkerntz utility in single-user mode
591 with a new kernel. Replace the `adjkerntz -i' step before
592 `make installworld' with:
594 /usr/obj/usr/src/sbin/adjkerntz/adjkerntz -i
596 and proceed as usual with the rest of the installworld-stage
597 steps. Otherwise, you risk installing binaries with their
598 timestamp set several hours in the future, especially if
599 you are running with local time set to GMT+X hours.
602 The ip6fw utility has been removed. The behavior provided by
603 ip6fw has been in ipfw2 for a good while and the rc.d scripts
604 have been updated to deal with it. There are some rules that
605 might not migrate cleanly. Use rc.firewall6 as a template to
609 The puc(4) driver has been overhauled. The ebus(4) and sbus(4)
610 attachments have been removed. Make sure to configure scc(4)
611 on sparc64. Note also that by default puc(4) will use uart(4)
612 and not sio(4) for serial ports because interrupt handling has
613 been optimized for multi-port serial cards and only uart(4)
614 implements the interface to support it.
617 The scc(4) driver replaces puc(4) for Serial Communications
618 Controllers (SCCs) like the Siemens SAB82532 and the Zilog
619 Z8530. On sparc64, it is advised to add scc(4) to the kernel
620 configuration to make sure that the serial ports remain
624 Most world/kernel related NO_* build options changed names.
625 New knobs have common prefixes WITHOUT_*/WITH_* (modelled
626 after FreeBSD ports) and should be set in /etc/src.conf
627 (the src.conf(5) manpage is provided). Full backwards
628 compatibility is maintained for the time being though it's
629 highly recommended to start moving old options out of the
630 system-wide /etc/make.conf file into the new /etc/src.conf
631 while also properly renaming them. More conversions will
632 likely follow. Posting to current@:
634 http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
637 The NETSMBCRYPTO kernel option has been retired because its
638 functionality is always included in NETSMB and smbfs.ko now.
641 The TDFX_LINUX kernel option was retired and replaced by the
642 tdfx_linux device. The latter can be loaded as the 3dfx_linux.ko
643 kernel module. Loading it alone should suffice to get 3dfx support
644 for Linux apps because it will pull in 3dfx.ko and linux.ko through
648 The 'audit' group was added to support the new auditing functionality
649 in the base system. Be sure to follow the directions for updating,
650 including the requirement to run mergemaster -p.
653 The kernel ABI to file system modules was changed on i386.
654 Please make sure that your kernel and modules are in sync.
657 This actually occured some time ago, but installing the kernel
658 now also installs a bunch of symbol files for the kernel modules.
659 This increases the size of /boot/kernel to about 67Mbytes. You
660 will need twice this if you will eventually back this up to kernel.old
661 on your next install.
662 If you have a shortage of room in your root partition, you should add
663 -DINSTALL_NODEBUG to your make arguments or add INSTALL_NODEBUG="yes"
664 to your /etc/make.conf.
667 libc's malloc implementation has been replaced. This change has the
668 potential to uncover application bugs that previously went unnoticed.
669 See the malloc(3) manual page for more details.
672 The generic netgraph(4) cookie has been changed. If you upgrade
673 kernel passing this point, you also need to upgrade userland
674 and netgraph(4) utilities like ports/net/mpd or ports/net/mpd4.
677 si(4)'s device files now contain the unit number.
678 Uses of {cua,tty}A[0-9a-f] should be replaced by {cua,tty}A0[0-9a-f].
681 The kernel ABI was mostly destroyed due to a change in the size
682 of struct lock_object which is nested in other structures such
683 as mutexes which are nested in all sorts of other structures.
684 Make sure your kernel and modules are in sync.
687 The page coloring algorithm in the VM subsystem was converted
688 from tuning with kernel options to autotuning. Please remove
689 any PQ_* option except PQ_NOOPT from your kernel config.
692 The net80211-related tools in the tools/tools/ath directory
693 have been moved to tools/tools/net80211 and renamed with a
694 "wlan" prefix. Scripts that use them should be adjusted
698 Scripts in the local_startup directories (as defined in
699 /etc/defaults/rc.conf) that have the new rc.d semantics will
700 now be run as part of the base system rcorder. If there are
701 errors or problems with one of these local scripts, it could
702 cause boot problems. If you encounter such problems, boot in
703 single user mode, remove that script from the */rc.d directory.
704 Please report the problem to the port's maintainer, and the
705 freebsd-ports@freebsd.org mailing list.
708 The nodev mount option was deprecated in RELENG_6 (where it
709 was a no-op), and is now unsupported. If you have nodev or dev listed
710 in /etc/fstab, remove it, otherwise it will result in a mount error.
713 ABI between ipfw(4) and ipfw(8) has been changed. You need
714 to rebuild ipfw(8) when rebuilding kernel.
717 rp(4)'s device files now contain the unit number.
718 Uses of {cua,tty}R[0-9a-f] should be replaced by {cua,tty}R0[0-9a-f].
721 /etc/rc.d/ppp-user has been renamed to /etc/rc.d/ppp.
722 Its /etc/rc.conf.d configuration file has been `ppp' from
723 the beginning, and hence there is no need to touch it.
726 Now most modules get their build-time options from the kernel
727 configuration file. A few modules still have fixed options
728 due to their non-conformant implementation, but they will be
729 corrected eventually. You may need to review the options of
730 the modules in use, explicitly specify the non-default options
731 in the kernel configuration file, and rebuild the kernel and
735 kern.polling.enable sysctl MIB is now deprecated. Use ifconfig(8)
736 to turn polling(4) on your interfaces.
739 The old bridge(4) implementation was retired. The new
740 if_bridge(4) serves as a full functional replacement.
743 The ai_addrlen of a struct addrinfo was changed to a socklen_t
744 to conform to POSIX-2001. This change broke an ABI
745 compatibility on 64 bit architecture. You have to recompile
746 userland programs that use getaddrinfo(3) on 64 bit
750 RELENG_6 branched here.
753 The pccard_ifconfig rc.conf variable has been removed and a new
754 variable, ifconfig_DEFAULT has been introduced. Unlike
755 pccard_ifconfig, ifconfig_DEFAULT applies to ALL interfaces that
756 do not have ifconfig_ifn entries rather than just those in
757 removable_interfaces.
760 Some previous versions of PAM have permitted the use of
761 non-absolute paths in /etc/pam.conf or /etc/pam.d/* when referring
762 to third party PAM modules in /usr/local/lib. A change has been
763 made to require the use of absolute paths in order to avoid
764 ambiguity and dependence on library path configuration, which may
765 affect existing configurations.
768 Major changes to network interface API. All drivers must be
769 recompiled. Drivers not in the base system will need to be
770 updated to the new APIs.
773 Changes were made to kinfo_proc in sys/user.h. Please recompile
774 userland, or commands like `fstat', `pkill', `ps', `top' and `w'
775 will not behave correctly.
777 The API and ABI for hwpmc(4) have changed with the addition
778 of sampling support. Please recompile lib/libpmc(3) and
779 usr.sbin/{pmcstat,pmccontrol}.
782 The OpenBSD dhclient was imported in place of the ISC dhclient
783 and the network interface configuration scripts were updated
784 accordingly. If you use DHCP to configure your interfaces, you
785 must now run devd. Also, DNS updating was lost so you will need
786 to find a workaround if you use this feature.
788 The '_dhcp' user was added to support the OpenBSD dhclient. Be
789 sure to run mergemaster -p (like you are supposed to do every time
793 if_bridge was added to the tree. This has changed struct ifnet.
794 Please recompile userland and all network related modules.
797 The n_net of a struct netent was changed to an uint32_t, and
798 1st argument of getnetbyaddr() was changed to an uint32_t, to
799 conform to POSIX-2001. These changes broke an ABI
800 compatibility on 64 bit architecture. With these changes,
801 shlib major of libpcap was bumped. You have to recompile
802 userland programs that use getnetbyaddr(3), getnetbyname(3),
803 getnetent(3) and/or libpcap on 64 bit architecture.
806 Kernel parsing of extra options on '#!' first lines of shell
807 scripts has changed. Lines with multiple options likely will
808 fail after this date. For full details, please see
809 http://people.freebsd.org/~gad/Updating-20050528.txt
812 The packet filter (pf) code has been updated to OpenBSD 3.7
813 Please note the changed anchor syntax and the fact that
814 authpf(8) now needs a mounted fdescfs(5) to function.
817 The NO_MIXED_MODE kernel option has been removed from the i386
818 amd64 platforms as its use has been superceded by the new local
819 APIC timer code. Any kernel config files containing this option
823 The on-disk format of LC_CTYPE files was changed to be machine
824 independent. Please make sure NOT to use NO_CLEAN buildworld
825 when crossing this point. Crossing this point also requires
826 recompile or reinstall of all locale depended packages.
829 The ifi_epoch member of struct if_data has been changed to
830 contain the uptime at which the interface was created or the
831 statistics zeroed rather then the wall clock time because
832 wallclock time may go backwards. This should have no impact
833 unless an snmp implementation is using this value (I know of
837 The acpi_perf and acpi_throttle drivers are now part of the
838 acpi(4) main module. They are no longer built separately.
841 The layout of struct image_params has changed. You have to
842 recompile all compatibility modules (linux, svr4, etc) for use
846 The p4tcc driver has been merged into cpufreq(4). This makes
847 "options CPU_ENABLE_TCC" obsolete. Please load cpufreq.ko or
848 compile in "device cpufreq" to restore this functionality.
851 The responsibility of recomputing the file system summary of
852 a SoftUpdates-enabled dirty volume has been transferred to the
853 background fsck. A rebuild of fsck(8) utility is recommended
854 if you have updated the kernel.
856 To get the old behavior (recompute file system summary at mount
857 time), you can set vfs.ffs.compute_summary_at_mount=1 before
858 mounting the new volume.
861 The cpufreq import is complete. As part of this, the sysctls for
862 acpi(4) throttling have been removed. The power_profile script
863 has been updated, so you can use performance/economy_cpu_freq in
864 rc.conf(5) to set AC on/offline cpu frequencies.
867 NG_VERSION has been increased. Recompiling kernel (or ng_socket.ko)
868 requires recompiling libnetgraph and userland netgraph utilities.
871 Support for abbreviated forms of a number of ipfw options is
872 now deprecated. Warnings are printed to stderr indicating the
873 correct full form when a match occurs. Some abbreviations may
874 be supported at a later date based on user feedback. To be
875 considered for support, abbreviations must be in use prior to
876 this commit and unlikely to be confused with current key words.
879 By a popular demand, a lot of NOFOO options were renamed
880 to NO_FOO (see bsd.compat.mk for a full list). The old
881 spellings are still supported, but will cause annoying
882 warnings on stderr. Make sure you upgrade properly (see
883 the COMMON ITEMS: section later in this file).
886 Auto-loading of ancillary wlan modules such as wlan_wep has
887 been temporarily disabled; you need to statically configure
888 the modules you need into your kernel or explicitly load them
889 prior to use. Specifically, if you intend to use WEP encryption
890 with an 802.11 device load/configure wlan_wep; if you want to
891 use WPA with the ath driver load/configure wlan_tkip, wlan_ccmp,
892 and wlan_xauth as required.
895 The behaviour of ppp(8) has changed slightly. If lqr is enabled
896 (``enable lqr''), older versions would revert to LCP ECHO mode on
897 negotiation failure. Now, ``enable echo'' is required for this
898 behaviour. The ppp version number has been bumped to 3.4.2 to
902 The wlan support has been updated to split the crypto support
903 into separate modules. For static WEP you must configure the
904 wlan_wep module in your system or build and install the module
905 in place where it can be loaded (the kernel will auto-load
906 the module when a wep key is configured).
909 The ath driver has been updated to split the tx rate control
910 algorithm into a separate module. You need to include either
911 ath_rate_onoe or ath_rate_amrr when configuring the kernel.
914 Support for systems with an 80386 CPU has been removed. Please
915 use FreeBSD 5.x or earlier on systems with an 80386.
918 We have had a hack which would mount the root filesystem
919 R/W if the device were named 'md*'. As part of the vnode
920 work I'm doing I have had to remove this hack. People
921 building systems which use preloaded MD root filesystems
922 may need to insert a "/sbin/mount -u -o rw /dev/md0 /" in
923 their /etc/rc scripts.
926 FreeBSD 5.3 shipped here.
929 The size of struct tcpcb has changed again due to the removal
930 of RFC1644 T/TCP. You have to recompile userland programs that
931 read kmem for tcp sockets directly (netstat, sockstat, etc.)
934 The size of struct tcpcb has changed. You have to recompile
935 userland programs that read kmem for tcp sockets directly
936 (netstat, sockstat, etc.)
939 RELENG_5 branched here. For older entries, please see updating
940 in the RELENG_5 branch.
946 Avoid using make -j when upgrading. From time to time in the
947 past there have been problems using -j with buildworld and/or
948 installworld. This is especially true when upgrading between
949 "distant" versions (eg one that cross a major release boundary
950 or several minor releases, or when several months have passed
951 on the -current branch).
953 Sometimes, obscure build problems are the result of environment
954 poisoning. This can happen because the make utility reads its
955 environment when searching for values for global variables.
956 To run your build attempts in an "environmental clean room",
957 prefix all make commands with 'env -i '. See the env(1) manual
958 page for more details.
960 When upgrading from one major version to another it is generally
961 best to upgrade to the latest code in the currently installed branch
962 first, then do an upgrade to the new branch. This is the best-tested
963 upgrade path, and has the highest probability of being successful.
964 Please try this approach before reporting problems with a major
969 If you are updating from a prior version of FreeBSD (even one just
970 a few days old), you should follow this procedure. It is the most
971 failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,
973 make kernel-toolchain
974 make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
975 make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
977 To test a kernel once
978 ---------------------
979 If you just want to boot a kernel once (because you are not sure
980 if it works, or if you want to boot a known bad kernel to provide
981 debugging information) run
982 make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
983 nextboot -k testkernel
985 To just build a kernel when you know that it won't mess you up
986 --------------------------------------------------------------
987 This assumes you are already running a 5.X system. Replace
988 ${arch} with the architecture of your machine (e.g. "i386",
989 "alpha", "amd64", "ia64", "pc98", "sparc64", etc).
991 cd src/sys/${arch}/conf
992 config KERNEL_NAME_HERE
993 cd ../compile/KERNEL_NAME_HERE
998 If this fails, go to the "To build a kernel" section.
1000 To rebuild everything and install it on the current system.
1001 -----------------------------------------------------------
1002 # Note: sometimes if you are running current you gotta do more than
1003 # is listed here if you are upgrading from a really old current.
1005 <make sure you have good level 0 dumps>
1007 make kernel KERNCONF=YOUR_KERNEL_HERE
1009 <reboot in single user> [3]
1017 To cross-install current onto a separate partition
1018 --------------------------------------------------
1019 # In this approach we use a separate partition to hold
1020 # current's root, 'usr', and 'var' directories. A partition
1021 # holding "/", "/usr" and "/var" should be about 2GB in
1024 <make sure you have good level 0 dumps>
1027 make buildkernel KERNCONF=YOUR_KERNEL_HERE
1028 <maybe newfs current's root partition>
1029 <mount current's root partition on directory ${CURRENT_ROOT}>
1030 make installworld DESTDIR=${CURRENT_ROOT}
1031 make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
1032 make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
1033 cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd
1034 <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
1035 <reboot into current>
1036 <do a "native" rebuild/install as described in the previous section>
1037 <maybe install compatibility libraries from src/lib/compat>
1041 To upgrade in-place from 5.x-stable to current
1042 ----------------------------------------------
1043 <make sure you have good level 0 dumps>
1045 make kernel KERNCONF=YOUR_KERNEL_HERE [8]
1047 <reboot in single user> [3]
1054 Make sure that you've read the UPDATING file to understand the
1055 tweaks to various things you need. At this point in the life
1056 cycle of current, things change often and you are on your own
1057 to cope. The defaults can also change, so please read ALL of
1058 the UPDATING entries.
1060 Also, if you are tracking -current, you must be subscribed to
1061 freebsd-current@freebsd.org. Make sure that before you update
1062 your sources that you have read and understood all the recent
1063 messages there. If in doubt, please track -stable which has
1064 much fewer pitfalls.
1066 [1] If you have third party modules, such as vmware, you
1067 should disable them at this point so they don't crash your
1070 [3] From the bootblocks, boot -s, and then do
1075 adjkerntz -i # if CMOS is wall time
1076 Also, when doing a major release upgrade, it is required that
1077 you boot into single user mode to do the installworld.
1079 [4] Note: This step is non-optional. Failure to do this step
1080 can result in a significant reduction in the functionality of the
1081 system. Attempting to do it by hand is not recommended and those
1082 that pursue this avenue should read this file carefully, as well
1083 as the archives of freebsd-current and freebsd-hackers mailing lists
1084 for potential gotchas.
1086 [5] Usually this step is a noop. However, from time to time
1087 you may need to do this if you get unknown user in the following
1088 step. It never hurts to do it all the time. You may need to
1089 install a new mergemaster (cd src/usr.sbin/mergemaster && make
1090 install) after the buildworld before this step if you last updated
1091 from current before 20020224 or from -stable before 20020408.
1093 [8] In order to have a kernel that can run the 4.x binaries
1094 needed to do an installworld, you must include the COMPAT_FREEBSD4
1095 option in your kernel. Failure to do so may leave you with a system
1096 that is hard to boot to recover. A similar kernel option COMPAT_FREEBSD5
1097 is required to run the 5.x binaries on more recent kernels.
1099 Make sure that you merge any new devices from GENERIC since the
1100 last time you updated your kernel config file.
1102 [9] When checking out sources, you must include the -P flag to have
1103 cvs prune empty directories.
1105 If CPUTYPE is defined in your /etc/make.conf, make sure to use the
1106 "?=" instead of the "=" assignment operator, so that buildworld can
1107 override the CPUTYPE if it needs to.
1109 MAKEOBJDIRPREFIX must be defined in an environment variable, and
1110 not on the command line, or in /etc/make.conf. buildworld will
1111 warn if it is improperly defined.
1114 This file contains a list, in reverse chronological order, of major
1115 breakages in tracking -current. Not all things will be listed here,
1116 and it only starts on October 16, 2004. Updating files can found in
1117 previous releases if your system is older than this.
1119 Copyright information:
1121 Copyright 1998-2005 M. Warner Losh. All Rights Reserved.
1123 Redistribution, publication, translation and use, with or without
1124 modification, in full or in part, in any form or format of this
1125 document are permitted without further permission from the author.
1127 THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
1128 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
1129 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1130 DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
1131 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1132 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1133 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1134 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1135 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
1136 IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1137 POSSIBILITY OF SUCH DAMAGE.
1139 If you find this document useful, and you want to, you may buy the
1142 Contact Warner Losh if you have any questions about your use of