1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
11 <title>&os; &release.current; Release Notes</title>
13 <corpauthor>The &os; Project</corpauthor>
15 <pubdate>$FreeBSD$</pubdate>
19 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
22 <legalnotice id="trademarks" role="trademarks">
32 <para>The release notes for &os; &release.current; contain a summary
33 of the changes made to the &os; base system on the
34 &release.branch; development line.
35 This document lists applicable security advisories that were issued since
36 the last release, as well as significant changes to the &os;
38 Some brief remarks on upgrading are also presented.</para>
43 <title>Introduction</title>
45 <para>This document contains the release notes for &os;
47 describes recently added, changed, or deleted features of &os;.
48 It also provides some notes on upgrading
49 from previous versions of &os;.</para>
51 <![ %release.type.current [
53 <para>The &release.type; distribution to which these release notes
54 apply represents the latest point along the &release.branch; development
55 branch since &release.branch; was created. Information regarding pre-built, binary
56 &release.type; distributions along this branch
57 can be found at <ulink url="&release.url;"></ulink>.</para>
61 <![ %release.type.snapshot [
63 <para>The &release.type; distribution to which these release notes
64 apply represents a point along the &release.branch; development
65 branch between &release.prev; and the future &release.next;.
67 pre-built, binary &release.type; distributions along this branch
68 can be found at <ulink url="&release.url;"></ulink>.</para>
72 <![ %release.type.release [
74 <para>This distribution of &os; &release.current; is a
75 &release.type; distribution. It can be found at <ulink
76 url="&release.url;"></ulink> or any of its mirrors. More
77 information on obtaining this (or other) &release.type;
78 distributions of &os; can be found in the <ulink
79 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
80 &os;</quote> appendix</ulink> to the <ulink
81 url="&url.books.handbook;/">&os;
82 Handbook</ulink>.</para>
86 <para>All users are encouraged to consult the release errata before
87 installing &os;. The errata document is updated with
88 <quote>late-breaking</quote> information discovered late in the
89 release cycle or after the release. Typically, it contains
90 information on known bugs, security advisories, and corrections to
91 documentation. An up-to-date copy of the errata for &os;
92 &release.current; can be found on the &os; Web site.</para>
97 <title>What's New</title>
99 <para>This section describes the most user-visible new or changed
100 features in &os; since &release.prev;.</para>
102 <para>Typical release note items document recent security
103 advisories issued after &release.prev;, new drivers or hardware
104 support, new commands or options, major bug fixes, or
105 contributed software upgrades. They may also list changes to
106 major ports/packages or release engineering practices. Clearly
107 the release notes cannot list every single change made to &os;
108 between releases; this document focuses primarily on security
109 advisories, user-visible changes, and major architectural
112 <sect2 id="security">
113 <title>Security Advisories</title>
115 <para>Problems described in the following security advisories have
116 been fixed. For more information, consult the individual
117 advisories available from
118 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
120 <informaltable frame="none" pgwide="0">
122 <colspec colwidth="1*">
123 <colspec colwidth="1*">
124 <colspec colwidth="3*">
127 <entry>Advisory</entry>
135 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc"
136 >SA-09:15.ssl</ulink></entry>
137 <entry>3 Dec 2009</entry>
138 <entry><para>SSL protocol flaw</para></entry>
141 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc"
142 >SA-09:16.rtld</ulink></entry>
143 <entry>3 Dec 2009</entry>
144 <entry><para>Improper environment sanitization in &man.rtld.1;</para></entry>
147 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
148 >SA-09:17.freebsd-update</ulink></entry>
149 <entry>3 Dec 2009</entry>
150 <entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry>
153 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc"
154 >SA-10:01.bind</ulink></entry>
155 <entry>6 Jan 2010</entry>
156 <entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry>
159 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc"
160 >SA-10:02.ntpd</ulink></entry>
161 <entry>6 Jan 2010</entry>
162 <entry><para>ntpd mode 7 denial of service</para></entry>
165 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc"
166 >SA-10:03.zfs</ulink></entry>
167 <entry>6 Jan 2010</entry>
168 <entry><para>ZFS ZIL playback with insecure permissions</para></entry>
171 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc"
172 >SA-10:04.jail</ulink></entry>
173 <entry>27 May 2010</entry>
174 <entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry>
177 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc"
178 >SA-10:05.opie</ulink></entry>
179 <entry>27 May 2010</entry>
180 <entry><para>OPIE off-by-one stack overflow</para></entry>
183 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
184 >SA-10:06.nfsclient</ulink></entry>
185 <entry>27 May 2010</entry>
186 <entry><para>Unvalidated input in nfsclient</para></entry>
189 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc"
190 >SA-10:07.mbuf</ulink></entry>
191 <entry>13 July 2010</entry>
192 <entry><para>Lost mbuf flag resulting in data corruption</para></entry>
200 <title>Kernel Changes</title>
204 <para>The <command>show mount</command> command in the
205 &man.ddb.4; debugger now prints active string mount
208 <para>The &man.ddb.4; now supports <command>show
209 vnetrcrs</command> command to dump the whole log of
210 distinctive <varname>curvnet</varname> recursion
213 <para>The default &man.devfs.5; rules now expose the upper 256
214 of &man.pty.4; device nodes.</para>
216 <para>A new kernel thread called <quote>deadlock
217 resolver</quote> has been added. This can be used to detect
218 possible deadlock by using information of thread state and
219 heuristical analysis. This is not enabled by default. To
220 enable this, an option <option>option DEADLKRES</option> in
221 kernel configuration file and recompilation of the
224 <para>Two commands to enable/disable read-ahead have been added
225 to &man.fcntl.2; system call:</para>
229 <para><varname>F_READAHEAD</varname> specifies the amount
230 for sequential access. The amount is specified in bytes and is
231 rounded up to nearest block size.</para>
235 <para><varname>F_RDAHEAD</varname> is a Darwin compatible
236 version that use 128KB as the sequential access
241 <para>Note that the read-ahead amount is also constrainted by
242 sysctl variable <varname>vfs.read_max</varname>, which may
243 need to be raised in order to better utilize this
246 <para>The &man.lindev.4; driver has been added. This is for
247 supporting various linux-specific pseudo devices such as
248 <filename>/dev/full</filename>. Note that this is not
249 included in <filename>GENERIC</filename> kernel.</para>
251 <para>A POSIX function pselect(3) has been reimplemented as a
252 system call &man.pselect.2; to eliminate race
255 <para>A kernel option <option>option
256 INCLUDE_CONFIG_FILE</option> has been added to
257 <filename>GENERIC</filename> kernel by default.</para>
259 <para>New SDT (Statically Defined Tracing) probes such as ones
260 for opencrypto have been added to &os; &man.dtrace.1;
263 <para arch="powerpc">&os; now supports SMP in PowerPC G5
264 systems. Note that SMP support is disabled by default in
265 <filename>GENERIC</filename> kernel.</para>
267 <para>A bug in the &man.tty.4; driver that
268 <varname>TIOCSTI</varname> did not work has been fixed. This
269 affects applications like &man.mail.1;.</para>
271 <para>A bug in the &man.sched.4bsd.4; scheduler that the
272 timestamp for the sleeping operation is not cleaned up on the
273 wakeup has been fixed.</para>
275 <para>A race condition in the &man.sched.4bsd.4; scheduler has
278 <para>A bug in the &man.sched.ule.4; scheduler which prevented
279 process usage (<literal>%CPU</literal>) from working correctly
280 has been fixed.</para>
282 <para>The &man.syscons.4; driver has been improved. The history
283 buffer can be fully saved/restored in the VESA mode switching
285 <varname>hint.sc.<replaceable>0</replaceable>.vesa_mode</varname>.</para>
287 <para arch="amd64,i386">An x86 real mode emulator based on
288 OpenBSD's x86emu implementation has been added to improve real
289 mode BIOS call support on both &arch.i386; and &arch.amd64;.
290 The &man.atkbdc.4;, &man.dpms.4;, vesa(4), &man.vga.4; driver
291 now use this emulator and work on the both platforms.</para>
293 <para>The VIMAGE &man.jail.8; virtualization container can work
294 with &man.sctp.4; now. Note that the VIMAGE is not enabled by
295 default in <filename>GENERIC</filename> kernel.</para>
297 <para>The VIMAGE &man.jail.8; now supports
298 <varname>ip4.saddrsel</varname>,
299 <varname>ip4.nosaddrsel</varname>,
300 <varname>ip6.saddrsel</varname>, and
301 <varname>ip6.nosaddrsel</varname> to control whether to use
302 source address selection or the primary jail address for
303 unbound outgoing connections. The default value is to use
304 source address selection.</para>
307 <title>Boot Loader Changes</title>
309 <para arch="pc98">The <filename>boot2</filename> bootcode has
310 been reimplemented based on the &arch.i386 counterpart. It
311 now supports ELF binary, UFS2 file system, and larger number
314 <para arch="ia64">The EFI <filename>loader</filename> program
315 now supports a command-line option <option>-dev
316 <replaceable>currdev</replaceable></option> to specify the
317 default value of <varname>currdev</varname>. This option
318 can be set by the EFI boot manager.</para>
320 <para arch="powerpc">The &man.loader.8; program now supports
321 U-Boot storage.</para>
323 <para>A kernel environment variable
324 <varname>vfs.root.mountfrom</varname> now supports
325 multiple elements for root file system in a space-separated
326 list. Each list element will be tried in order and the
327 first available one will be mounted.</para>
329 <para arch="i386">The algorithm the &man.loader.8; uses has
330 been improved to choose a memory range for its heap when
331 using a range above 1MB. This fixes a symptom that the
332 loader fails to load a kernel.</para>
334 <para>The <filename>zfsloader</filename> has been added. This
335 is a separate &man.zfs.8; enabled loader. Note that a ZFS
336 bootcode (<filename>zfsboot</filename> or
337 <filename>gptzfsboot</filename>) need to be installed
338 to use this new loader.</para>
340 <para>The <filename>zfsboot</filename> and
341 <filename>gptzfsboot</filename> bootcode now fully support
342 64-bit LBAs for disk addresses. This allows booting from
343 large volumes.</para>
349 <title>Hardware Support</title>
351 <para arch="powerpc">The <filename>adb</filename> driver now
352 supports for interpreting taps on ADB touchpads as a button
355 <para>The amdsbwd(4) driver for AMD SB600/SB7xx watchdog
356 timer has been added.</para>
358 <para arch="powerpc">The <filename>apt</filename> driver for
359 the Apple Touchpad present on MacBook has been added to
360 <filename>GENERIC</filename> kernel.</para>
362 <para arch="sparc64">The epic(4) driver for the front panel
363 LEDs in Sun Fire V215/V245 has been added.</para>
365 <para>A bug in the &man.ipmi.4; driver that caused incorrect
366 watchdog timer setting has been fixed.</para>
368 <para arch="sparc64">The &man.pci.4; driver now supports a
369 JBus to PCIe bridge (called as <quote>Fire</quote>) found in
370 the Sun Fire V215/V245 and Sun Ultra 25/45 machines.</para>
372 <para arch="powerpc">The &man.smu.4; driver now provides
373 thermal management and monitoring features. This allows fan
374 control and thermal monitoring on SMU-based Apple G5
375 machines, as well as an &man.led.4; interface to control the
378 <para>The &man.tnt4882.4; driver for IEEE-488 (GPIB) bus now
379 supports National Instruments TNT5004 chip.</para>
381 <para>The &man.uart.4; driver now supports NetMos NM9865
382 family of Serial/Parallel ports.</para>
384 <para>A bug in the &man.uftdi.4; driver that can allow to send
385 a zero length packet has been fixed.</para>
388 <title>Multimedia Support</title>
392 <para>The &man.acpi.video.4; driver now supports LCD
393 brightness control notify handler.</para>
395 <para>The &man.acpi.sony.4; helper driver now supports
396 default display brightness, wired LAN power, and bass
399 <para>The &man.agp.4; driver has been improved. It includes
400 a fix for aparture size calculation issue which prevents
401 some graphics cards from working.</para>
403 <para>The &man.snd.hda.4; driver now allows AD1981HD codecs
404 to use playback mixer.</para>
406 <para>The &man.snd.hda.4; driver now supports multichannel
407 (4.0 and 7.1) playback support. The 5.1 mode support is
408 disabled now due to unidentified synchonization problem.
409 Devices which supports the 7.1 mode can handle the 5.1
410 operation via software upmix done by &man.sound.4;. Note
411 that stereo stream is no longer duplicated to all
416 <title>Network Interface Support</title>
420 <para>The &man.ath.4; driver now supports Atheros
421 AR9285-based devices.</para>
423 <para>A bug in the &man.ath.4; driver which causes a problem
424 of AR5416-based chipsets including AR9285 has been fixed.</para>
426 <para>The &man.bge.4; driver now supports BCM5761, BCM5784, and
427 BCM57780-based devices.</para>
429 <para>The &man.bge.4; driver now supports TSO (TCP
430 Segmentation Offloading) on BCM5755 or newer
433 <para>A long-standing bug in the &man.bge.4; driver which
434 was related to ASF heartbeat sending has been
437 <para>A long-standing stability issue of the &man.bce.4; and
438 &man.bge.4; driver due to a hardware bug in its DMA
439 handling when the system has more than 4GB memory has been
440 fixed. This applies to BCM5714, BCM5715, and BCM5708
443 <para>A bug in the &man.bge.4; driver that incorrectly
444 enabled TSO on BCM5754/BCM5754M controllers has been
447 <para>The &man.cxgb.4; driver has been updated to T3
448 firmware 7.8.0.</para>
450 <para>The et(4) driver now supports MSI and Tx checksum
451 offloading of IPv4, TCP, and UDP.</para>
453 <para>The &man.iwn.4; driver has been updated. This
454 includes various improvements and bugfixes regarding RF
455 switch, bgscan support, suspend/resume support, locking
456 issue, and more. The line <literal>device iwnfw</literal>
457 in the kernel configuration file will include all firmware
460 <para>The &man.msk.4; driver now supports Marvell Yukon
461 88E8042, 88E8057 devices and DGE-560SX (Yukon XL).</para>
463 <para>The &man.mxge.4; driver has been updated to firmware
466 <para>The &man.re.4; driver no longer performs an
467 unnecessary interface up/down during getting IP address
470 <para>The &man.ste.4; driver has been improved:</para>
474 <para>The DMA handling has been improved.</para>
478 <para>Wake-On-LAN is now supported.</para>
482 <para>Unnecessary reinitialization of the
483 interfaces has been eliminated.</para>
487 <para>RX interrupt moderation with single shot timer has
488 been implemented. The default parameter of the
489 moderation time is 150us and this can be changed via
491 <varname>dev.ste.<replaceable>0</replaceable>.int_rx_mod</varname>.
492 Setting it 0 effectively disables the RX interrupt
493 moderation feature.</para>
497 <para>The tsec(4) driver now supports &man.altq.4;.</para>
499 <para>The &man.u3g.4; driver has been improved and now works
500 with ZTE MF636, Option Gi0322, Globetrotter GE40x, and
501 Novatel MC950D.</para>
503 <para>The &man.uhso.4; driver for Option HSDPA USB devices
504 has been added. A new &man.uhsoctl.1; userland utility
505 can be used to initiate and close the WAN
508 <para>The &man.vge.4; driver has been improved:</para>
512 <para>The DMA handling has been improved.</para>
516 <para>Wake-On-LAN is now supported.</para>
520 <para>Unnecessary reinitialization of the
521 interfaces has been eliminated.</para>
525 <para>Hardware MAC statistics are now supported via sysctl variables
526 <varname>dev.vge.<replaceable>0</replaceable>.stats</varname>.</para>
530 <para>Interrupt moderation with single shot timer and
531 scheme supported by VT61xx controllers have been
532 implemented. The default parameters are tuned to
533 generate interrupt less than 8k per second, and these
534 parameters can be changed via sysctl variables
535 <varname>dev.vge.<replaceable>0</replaceable>.int_holdoff</varname>,
536 <varname>dev.vge.<replaceable>0</replaceable>.rx_coal_pkt</varname>,
538 <varname>dev.vge.<replaceable>0</replaceable>.tx_coal_pkt</varname>.
539 Note that an up/down cycle is needed to make a
540 parameter change take effect.</para>
544 <para>The &man.urtw.4; driver has been improved and now
545 supports RTL8187B-based devices.</para>
549 <sect3 id="net-proto">
550 <title>Network Protocols</title>
554 <para>IPcomp (IP Payload Compression Protocol defined in RFC
555 2393) protocol is now enabled by default. Note that this
556 requires <option>option IPSEC</option> in the kernel
557 configuration file and <filename>GENERIC</filename> kernel
558 does not include it. This functionality can be disabled by
559 using a sysctl variable
560 <varname>net.inet.ipcomp.ipcomp_enable</varname>.</para>
562 <para>A bug in the &man.ipfw.4; subsystem that
563 <command>keep-alive</command> rule did not work for IPv6
564 packets has been fixed.</para>
566 <para>The &man.pf.4; subsystem now supports
567 <literal>sloppy</literal> keyword to enable a TCP state
568 machine for tracking TCP connections with no sequence number
569 check. This feature is in the latest version of
570 <application>pf</application>.</para>
572 <para>The &man.pfil.9; framework for packet filtering in &os;
573 kernel now supports separate packet filtering instances like
574 &man.ipfw.4; for each VIMAGE jail.</para>
576 <para>A bug that proxy ARP entries cannot be added over
577 point-to-point link types has been fixed.</para>
579 <para>The &man.vlan.4; pseudo interface has been added to
580 <filename>GENERIC</filename> kernel.</para>
582 <para>The &man.vlan.4; pseudo interface now supports TSO (TCP
583 Segmentation Offloading). The capability flag is named as
584 <varname>IFCAP_VLAN_HWTSO</varname> and it is separated from
585 <varname>IFCAP_VLAN_HWTAGGING</varname>. The &man.mxge.4;
586 driver supports this feature.</para>
588 <para>The &man.vlan.4; pseudo interface for IEEE 802.1Q VLAN
589 now ignore renaming of the parent's interface name. The
590 configured VLAN interfaces continue to work with the new
591 name while previously the configurations were removed as the
592 renaming happens.</para>
596 <title>Disks and Storage</title>
600 <para>The &man.ada.4; driver now supports
601 <varname>BIO_DELETE</varname>. For SSDs this uses
602 <literal>TRIM</literal> feature of <literal>DATA SET
603 MANAGEMENT</literal> command, as defined by ACS-2
604 specification working draft. For Compact Flash use
605 <literal>CFA ERASE</literal> command, same as &man.ad.4;
606 does. This change realizes restoring write speed of SSDs
607 which supports <literal>TRIM</literal> command by doing
609 <replaceable>/dev/ada1</replaceable></command>, for
612 <para>The &man.ahci.4; driver now supports SATA part of
613 Marvell 88SE912x controllers.</para>
615 <para>The &man.ahci.4; driver now supports FIS-based (Frame
616 Information Structure) switching of port multiplier on
617 supported controlers.</para>
619 <para>The &man.ahd.4; driver now supports three separated
620 error counters for correctable, uncorrectable, and fatal, in
621 &man.sysctl.8; MIB.</para>
623 <para>A new kernel option <option>option ATA_CAM</option> has
624 been added. This turns &man.ata.4; controller drivers into
625 &man.cam.4; interface modules. When enabled, this option
626 deprecates all &man.ata.4; peripheral drivers and interfaces
627 such as <filename>ad</filename> and
628 <filename>acd</filename>, and allows &man.cam.4; drivers
629 <filename>ada</filename>, and <filename>cd</filename> and
630 interfaces to be natively used instead. Note that this is
631 not enabled by default in the <filename>GENERIC</filename>
634 <para>A bug in the &man.ata.4; driver which can lead to
635 interrupt storms and command timeouts has been fixed.</para>
637 <para>The &man.ata.4; driver now supports Power-Up In Stand-by
638 (PUIS). The PUIS is a configudation of SATA or PATA drives
639 to prevent them from automatic spin-up when power is
640 applied. This feature can be controled via &man.cam.3;
641 framework (a typical application is staggered
644 <para>USB mass storage device support in the &man.ata.4;
645 driver has been removed. Note that this was not used in
646 <filename>GENERIC</filename> kernel and the &man.umass.4;
647 driver supports such devices for a long time.</para>
649 <para>&os; &man.cam.3; SCSI framework has been improved:</para>
653 <para>SATA and PATA support has been improved and it now
654 recognizes more detail device capabilities. For example,
655 the &man.ahci.4; and &man.siis.4; driver now reports maximum
656 tag number to the framework to optimize the NCQ
661 <para>A loader tunable
662 <varname>kern.cam.boot_delay</varname> has been added.
663 This controls the delay time before &man.cam.3; probes
664 the attached devices.</para>
668 <para>SCSI error recovery for devices on buses without
669 automatic sense reporting has been improved. Typical
670 devices are on ATAPI and USB. For example, this allows
671 &man.cam.3; to wait, while CD drive loads disk, instead
672 of immediately return error status.</para>
676 <para>A livelock issue of the &man.ciss.4; driver under a high
677 load has been fixed.</para>
679 <para>A bug in the &man.fdc.4; driver which prevents the
680 kernel module from unloading has been fixed.</para>
682 <para>&man.geom.8; providers including complex ones such as
683 &man.gconcat.8;, &man.gmirror.8;, &man.graid3.8,
684 &man.gstripe.8;, and some hardware RAID device drivers like
685 &man.twa.4; now inform its optimal access block size to the
688 <para>The &man.gmirror.8; utility now supports
689 <command>configure <option>-p</option>
690 <replaceable>priority</replaceable></command> command to
691 change the providers priority.</para>
693 <para>The balancing mode algorithm <literal>load</literal>
694 used in the &man.gmirror.8; utility has been changed and it
695 is now the default one instead of
696 <literal>split</literal>:</para>
700 <para>Instead of measuring last request execution time for
701 each drive and choosing one with smallest time, use
702 averaged number of requests, running on each drive. This
703 information is more accurate and timely. It allows to
704 distribute load between drives in more even and
705 predictable way.</para>
709 <para>For each drive track offset of the last submitted
710 request. If new request offset matches previous one or
711 close for some drive, prefer that drive. It allows to
712 significantly speedup simultaneous sequential reads.</para>
716 <para>The &man.gmultipath.8; utility now supports
717 <command>destroy</command> command.</para>
719 <para>A bug in the &man.graid3.8; which causes a panic when a
720 large request arrives has been fixed. This happens when
721 <varname>MAXPHYS</varname> is set as larger than 128k.</para>
723 <para>The default block size of &man.gstripe.8; has been
724 increased from 4k to 64k.</para>
726 <para>The &man.isp.4; driver has been improved in
729 <para>The Max Read Request Size in the &man.siis.4; driver for
730 PCIe chips has been increased from 512 to 1024 bytes for
731 better performance.</para>
735 <title>File Systems</title>
737 <para>&os; NFS subsystem now supports a timeout for the
738 negative name cache entries in the client. This avoids a
739 bogus negative name cache entry from persisting forever when
740 another client creates an entry with the same name within
741 the same NFS server time of day clock tick. The mount
742 option <option>negnametimeo</option> can be used to override
743 the default timeout interval (60 seconds) on a
744 per-mount-point basis. a Setting
745 <option>negnametimeo</option> to <literal>0</literal>
746 disables negative name caching for the mount point.</para>
748 <para>A race condition in &os; NFS subsystem that occurs when
749 &man.nfsiod.8; threads are being created has been fixed.
750 This also fixes an interoperability issue found in
751 combination of a &os; NFS client and a Linux NFS
754 <para>The inode number handling in &man.ffs.7; file system is
755 now unsigned. Previously some large inode numbers can be
756 treated as negative, and this issue shows up at file systems
757 with the size of more than 16Tb in 16k block case. The
758 &man.newfs.8; utility never create a file system with more
759 than 2^32 inodes by cutting back on the number of inodes per
760 cylinder group if necessary to stay under the limit.</para>
762 <para>&os; &man.VFS.9; subsystem now supports a new sysctl
763 variable <varname>vfs.vlru_allow_cache_src</varname>. This
764 allow <filename>vnlru</filename> kernel thread to reclaim
765 of the directory vnodes that are source of the namecache
766 records. This is not enabled by default because for
767 typical workload it would make namecache unusable, but
768 large nested directory tree easily puts any process that
769 accesses file system into one second wait for
770 <filename>vnlru</filename> kernel thread.</para>
772 <para>The ZFS file system now supports NFSv4 ACL.</para>
774 <para>The zpool version of ZFS subsystem has been updated to
775 version 14. It is now possible to use zpools created on
776 OpenSolaris 2009.06.</para>
778 <para>Bugs in the ZFS file system that <command>zfs snapshot
779 -r</command> fails when the file system is busy, and
780 <command>zfs receive</command> can fail with an E2BIG
781 error, have been fixed.</para>
785 <sect2 id="userland">
786 <title>Userland Changes</title>
788 <para>A bug in &man.bsnmpd.1; program which leads to high CPU
789 consumption on a loaded system has been fixed.</para>
791 <para>A bug in &man.bzip2.1; utility which prevented it from
792 working with multi-session bzip2 files has been fixed.</para>
794 <para>The &man.camcontrol.8; utility now supports a
795 <option>-v</option> flag in the subcommand
796 <command>identify</command>. It displays whole of identify
799 <para>The &man.cp.1; now supports a <option>-x</option> flag to
800 make it not traverse across multiple mount points.</para>
802 <para>The &man.cp.1;, &man.find.1;, &man.getfacl.1;, &man.mv.1;,
803 and &man.setfacl.1; utilities now support NFSv4 ACL.</para>
805 <para>The &man.diskinfo.8; now supports reporting disk stripe
806 size and offset. This helps users to make file systems
807 optimally aligned and tuned for better performance.</para>
809 <para>A bug in &man.ee.1; utility which can crash the
810 program has been fixed.</para>
812 <para>A bug in &man.factor.6; utility which leads to performance
813 degradation has been fixed.</para>
815 <para>The &man.fetch.1; utility now supports HTTP digest
816 authentication.</para>
818 <para>A bug in &man.fetch.1; utility which incorrectly evaluates
819 a variable <varname>NO_PROXY</varname> has been fixed.</para>
821 <para>A bug in &man.find.1; utility has been fixed. An option
822 <option>-newerXB</option> was interpreted as the same as
823 <option>-newerXm</option>.</para>
825 <para>A bug in the &man.fsck.ffs.8; utility which causes the
826 last cylinder group of a UFS1 file system is always reported
827 as broken even after it is fixed.</para>
829 <para>The &man.gcore.1; utility now recognizes threads in the
830 process and handles dumps on a thread scope.</para>
832 <para>The &man.ifconfig.8; utility now supports manipulation of
833 NDP flags handled by &man.ndp.8;.</para>
835 <para>The &man.ifconfig.8; utility now supports a
837 <replaceable>value</replaceable></command> command to add a
838 description <replaceable>value</replaceable> to the specified
841 <para>The &man.mount.nfs.8; utility now supports
842 <literal>[<replaceable>ipaddr</replaceable>]:<replaceable>path</replaceable></literal>
843 notation in addition to the existing one. This allows IPv6
844 address in the address field, and a path including
845 <quote><literal>:</literal></quote> to be mounted.</para>
847 <para>The &man.netstat.1; utility now supports ARP information
848 in statistics shown by the <option>-s</option> flag.</para>
850 <para>The &man.netstat.1; utility now supports a <option>-q
851 <replaceable>number</replaceable></option> option to specify
852 the number of outputs. This is used in conjunction with
853 <option>-w</option> option.</para>
855 <para>The &man.newsyslog.8; utility does not consider
856 non-existence of a PID file as an error now. A new flag
857 <option>-P</option> reverts it to the old behavior.</para>
859 <para>The &man.ntpd.8; program no longer tries to bind to an
860 IPv6 anycast address.</para>
862 <para>The &man.procstat.1; utility now supports two new flags
863 <option>-i</option> and <option>-j</option> to display
864 information about signal disposition and pending/blocked
865 status for signals.</para>
867 <para>The &man.pwait.1; utility has been added. This is similar
868 to the Solaris utility of the same name, and waits for any
869 process to terminate.</para>
871 <para>A bug in the &man.restore.8; utility which caused short
872 reads when a option <option>-P</option> was used has been
875 <para>The &man.rtsold.8; <option>-a</option> flag now excludes
876 the interfaces which IPv6 or accepting ICMPv6 Router
877 Advertisement message is disabled from the auto-probed
878 interface list.</para>
880 <para>The &man.scandir.3; and &man.alphasort.3; functions has
881 been updated to conform POSIX.1-2008 (IEEE Std
884 <para>The &man.sighold.2;, &man.sigignore.2;, &man.sigpause.2;,
885 &man.sigrelse.2;, and &man.sigset.2; functions have been
886 implemented for making porting software from System V-like
887 systems easy. Note that these are defined in POSIX.1-2008 XSI
888 (IEEE Std 1003.1-2008, X/Open System Interface) but now
889 obsolete. Since &os; already has another
890 <function>sigpause(3)</function> function derived from 4.2BSD,
891 a version of the XSI interface is implemented as
892 <function>xsi_sigpause()</function>.</para>
894 <para>The &man.sshd.8;, &man.cron.8;, &man.inetd.8;, and
895 &man.syslogd.8; programs now set
896 <literal>MADV_PROTECT</literal> memory flag onto themselves to
897 protect from being terminated by the &os; kernel when
898 available memory becomes short. This kind of process
899 termination happens in a swap-intensive workload.</para>
901 <para>The &man.strsignal.3; function is now thread-safe.</para>
903 <para>The &man.sysctl.8; utility now supports a
904 <option>-i</option> flag to ignore failures while retrieving
905 individual OIDs. This allows the same list of OIDs to be
906 passed to &man.sysctl.8; across different systems where
907 particular OIDs may not exist, and still get as much
908 information as possible from them.</para>
910 <para>The &man.traceroute.8; utility now performs source address
911 selection correctly even in a VIMAGE &man.jail.8;
914 <para>The &man.unifdef.1; utility has been updated to version
915 1.188. It now supports a new <option>-B</option> flag to
916 compress blank lines around a deleted section to prevent blank
917 lines around paragraphs of code from getting doubled.</para>
919 <para>The &man.usbconfig.8; utility now supports a new flag
920 <option>-d</option> to specify the &man.ugen.4; device, and
921 <command>add_quirk</command> and
922 <command>remove_quirk</command> commands.</para>
924 <para>The &man.whois.1; utility now supports searching IPv6
925 addresses just like IPv4 without specifying the ARIN server.
926 A <option>-d</option> flag has been removed becuase it is now
929 <para>A new errno <varname>ENOTCAPABLE</varname> has been added.
930 This is to be returned when a process requests an operation on
931 a file descriptor that is not authorized by the descriptor's
932 capability flags.</para>
934 <para>The &man.zfs.8; command now supports a new flag
935 <option>receive -u</option> to specify that the received ZFS
936 should not be mounted automatically.</para>
938 <sect3 id="rc-scripts">
939 <title><filename>/etc/rc.d</filename> Scripts</title>
943 <para>The &man.service.8; command has been added. This
944 provides an easy command-line interface to the
945 <filename>rc.d</filename> system.</para>
947 <para>A new <filename>rc.d</filename> script
948 <filename>rtsold</filename> has been added. This handles
949 &man.rtsold.8; daemon.</para>
951 <para>A new <filename>rc.d</filename> script
952 <filename>static_arp</filename> has been added. This allows
953 the administrator to statically define mappings of MAC
954 address to IPv4 at boot time. See also the &man.rc.conf.5;
955 manual page for more details.</para>
957 <para>The &man.rc.conf.5; now supports a
958 <varname>firewall_coscripts</varname> variable. This should
959 contain a list of commands which should be excuted after
960 firewall starts or stops.</para>
962 <para>The &man.rc.conf.5; now supports configuring
963 &man.vlan.4; interfaces as child devices similar to
964 &man.wlan.4; interfaces. &man.vlan.4; interfaces are listed
966 <varname>vlans_<replaceable>IF</replaceable></varname>
967 variable. If a VLAN interface is a number, then that number
968 is treated as the VLAN tag for the interface and the
969 interface will be named
970 <varname><replaceable>IF</replaceable>.<replaceable>tag</replaceable></varname>.
971 Otherwise, the VLAN tag must be provided via a VLAN
973 <varname>create_args_<replaceable>IF</replaceable></varname>
979 <title>Contributed Software</title>
983 <para>The <application>ACPI-CA</application> has been updated to
986 <para>The <application>awk</application> has been updated from
987 the 23 October 2007 release to the 26 November 2009 release.</para>
989 <para><application>ISC BIND</application> has been updated to
990 version 9.6.1-P3.</para>
992 <para><application>netcat</application> has been updated to
995 <para><application>sendmail</application> has been updated to
996 version 8.14.4.</para>
998 <para>The timezone database has been updated to the
999 <application>tzdata2010e</application> release.</para>
1002 <para role="8.0">The <application>ee</application> (easy editor) has
1003 been updated to 1.5.0. This version is now licensed under a
1004 2-clause BSD license, instead of the Artistic license.</para>
1006 <para role="8.0">The <application>hostapd</application> has been updated to
1007 version 0.6.8 + radius ACL support.</para>
1009 <para role="8.0">The <application>less</application> has been updated to
1010 version v436.</para>
1012 <para role="8.0">The <filename>libarchive</filename> library has
1013 been updated to version 2.7.0.</para>
1015 <para role="8.0">The <filename>libexpat</filename> library has
1016 been updated from version 1.95.5 to version 2.0.1.</para>
1018 <para role="8.0">The <filename>ncurses</filename> library has been updated
1019 to version 5.7-20081102.</para>
1021 <para role="8.0"><application>OpenBSM</application> 1.1 from
1022 Trusted BSD Project has been merged.</para>
1024 <para role="8.0"><application>TCPDUMP</application> has been
1025 updated to 4.0.0.</para>
1027 <para role="8.0"><application>wpa_supplicant</application> has been updated to
1028 version 0.6.8</para>
1030 <para role="8.0">The <application>ZFS</application> file system
1031 has been updated from version 6 to version 13.</para>
1033 <para role="7.1">The <application>am-utils</application> has been updated from
1034 version 6.0.10p1 to version 6.1.5.</para>
1036 <para role="7.1">The <application>bzip2</application> has been updated from
1037 version 1.0.4 to version 1.0.5.</para>
1039 <para role="7.1">The <application>CVS</application> has been updated to
1040 version 1.11.22.1.</para>
1042 <para role="7.1"><application>NTP</application> has been updated to version
1045 <para role="7.1"><application>OpenPAM</application> has been updated from the
1046 Figwort release to the Hydrangea release.</para>
1048 <para role="7.1"><application>OpenSSH</application> has been updated from
1049 version 4.5p1 to version 5.1p1.</para>
1051 <para role="7.1">The &man.resolver.3; library has been updated to
1052 one of <application>ISC BIND</application> 9.4.3.</para>
1058 <title>Ports/Packages Collection Infrastructure</title>
1064 <title>Release Engineering and Integration</title>
1066 <para>The filename of ISO images for &os; releases now has a
1067 <filename>FreeBSD-</filename> at the beginning.</para>
1069 <para>The supported version of
1070 the <application>GNOME</application> desktop environment
1071 (<filename role="package">x11/gnome2</filename>) has been
1072 updated to 2.28.2.</para>
1074 <para>The supported version of
1075 the <application>KDE</application> desktop environment
1076 (<filename role="package">x11/kde4</filename>) has been
1077 updated to 4.4.3.</para>
1081 <sect1 id="upgrade">
1082 <title>Upgrading from previous releases of &os;</title>
1084 <para arch="amd64,i386">Upgrades between RELEASE versions (and
1085 snapshots of the various security branches) are supported using
1086 the &man.freebsd-update.8; utility. The binary upgrade
1087 procedure will update unmodified userland utilities, as well as
1088 unmodified GENERIC kernel distributed as a part of an
1089 official &os; release. The &man.freebsd-update.8; utility
1090 requires that the host being upgraded has Internet
1091 connectivity.</para>
1093 <para>An older form of binary upgrade is supported through the
1094 <command>Upgrade</command> option from the main
1095 &man.sysinstall.8; menu on CDROM distribution media. This type
1096 of binary upgrade may be useful on non-&arch.i386;,
1097 non-&arch.amd64; machines or on systems with no Internet
1098 connectivity.</para>
1100 <para>Source-based upgrades (those based on recompiling the &os;
1101 base system from source code) from previous versions are
1102 supported, according to the instructions in
1103 <filename>/usr/src/UPDATING</filename>.</para>
1106 <para>Upgrading &os; should, of course, only be attempted after
1107 backing up <emphasis>all</emphasis> data and configuration