2 <title>&os;/&arch; &release.current; Release Notes</title>
4 <corpauthor>The &os; Project</corpauthor>
6 <pubdate>$FreeBSD$</pubdate>
16 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
19 <legalnotice id="trademarks" role="trademarks">
29 <para>The release notes for &os; &release.current; contain a summary
30 of the changes made to the &os; base system on the
31 &release.branch; development line.
32 This document lists applicable security advisories that were issued since
33 the last release, as well as significant changes to the &os;
35 Some brief remarks on upgrading are also presented.</para>
40 <title>Introduction</title>
42 <para>This document contains the release notes for &os;
43 &release.current; on the &arch.print; hardware platform. It
44 describes recently added, changed, or deleted features of &os;.
45 It also provides some notes on upgrading
46 from previous versions of &os;.</para>
48 <![ %release.type.current [
50 <para>The &release.type; distribution to which these release notes
51 apply represents the latest point along the &release.branch; development
52 branch since &release.branch; was created. Information regarding pre-built, binary
53 &release.type; distributions along this branch
54 can be found at <ulink url="&release.url;"></ulink>.</para>
58 <![ %release.type.snapshot [
60 <para>The &release.type; distribution to which these release notes
61 apply represents a point along the &release.branch; development
62 branch between &release.prev; and the future &release.next;.
64 pre-built, binary &release.type; distributions along this branch
65 can be found at <ulink url="&release.url;"></ulink>.</para>
69 <![ %release.type.release [
71 <para>This distribution of &os; &release.current; is a
72 &release.type; distribution. It can be found at <ulink
73 url="&release.url;"></ulink> or any of its mirrors. More
74 information on obtaining this (or other) &release.type;
75 distributions of &os; can be found in the <ulink
76 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
77 &os;</quote> appendix</ulink> to the <ulink
78 url="&url.books.handbook;/">&os;
79 Handbook</ulink>.</para>
83 <para>All users are encouraged to consult the release errata before
84 installing &os;. The errata document is updated with
85 <quote>late-breaking</quote> information discovered late in the
86 release cycle or after the release. Typically, it contains
87 information on known bugs, security advisories, and corrections to
88 documentation. An up-to-date copy of the errata for &os;
89 &release.current; can be found on the &os; Web site.</para>
94 <title>What's New</title>
96 <para>This section describes
97 the most user-visible new or changed features in &os;
101 <para>Typical release note items
102 document recent security advisories issued after
104 new drivers or hardware support, new commands or options,
105 major bug fixes, or contributed software upgrades. They may also
106 list changes to major ports/packages or release engineering
107 practices. Clearly the release notes cannot list every single
108 change made to &os; between releases; this document focuses
109 primarily on security advisories, user-visible changes, and major
110 architectural improvements.</para>
112 <sect2 id="security">
113 <title>Security Advisories</title>
115 <para>A bug in &man.ypserv.8;, which effectively disabled the
116 <filename>/var/yp/securenets</filename> access control mechanism,
117 has been corrected. More details are available in security
119 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:15.ypserv.asc">FreeBSD-SA-06:15.ypserv</ulink>.</para>
121 <para>A bug in the smbfs file system, which could allow an
122 attacker to escape out of &man.chroot.2 environments on an smbfs
123 mounted filesystem, has been fixed. For more details, see
125 <ulink url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc">FreeBSD-SA-06:16.smbfs</ulink>.</para>
127 <para>A potential denial of service problem in &man.sendmail.8;
128 caused by excessive recursion which leads to stack
129 exhaustion when attempting delivery of a malformed
130 MIME message, has been fixed. For more details,
131 see security advisory <ulink
132 url="http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc">FreeBSD-SA-06:17.sendmail</ulink>.</para>
136 <title>Kernel Changes</title>
138 <para arch="amd64,i386">Instead of including all of physical
139 memory in a kernel crash dump, the kernel now defaults to
140 dumping only pages that are actively mapped into kernel virtual
141 memory. This functionality requires that the new
142 <varname>debug.minidump</varname> sysctl variable be set to
143 <literal>1</literal>.</para>
145 <para>A bug has been fixed in the statistics-keeping code in the
146 kernel's UMA memory allocator. This caused a count of memory
147 allocation failures (as shown by <command>netstat -m</command>)
148 to increase erroneously.</para>
150 <para>&os; now runs on the Xbox, whose architecture is nearly identical
151 to the i386. For details of the latest development, see
152 <ulink url="http://www.FreeBSD.org/platforms/xbox.html"></ulink>.
155 <!-- Above this line, sort kernel changes by manpage/keyword-->
158 <title>Boot Loader Changes</title>
160 <!-- Above this line, order boot loader changes by keyword-->
162 <para arch="pc98">A bootable CDROM loader has been implemented
163 for the pc98 platform.</para>
168 <title>Hardware Support</title>
170 <para>The &man.amdsmb.4; driver has been added. It provides
171 support for the AMD-8111 SMBus 2.0 controller.</para>
173 <para arch="i386">Support has been improved for
174 so-called <quote>legacy-free</quote> hardware, in particular,
175 i386 systems without AT-style keyboard controllers such as the
178 <para arch="i386,amd64">&man.ipmi.4;, an OpenIPMI compatible driver,
180 OpenIPMI (Intelligent Platform Management Interface) is an open
181 standard designed to enable remote monitoring and control of server,
182 networking and telecommunication platforms.</para>
184 <para>The &man.nfsmb.4; driver, which supports the NVIDIA nForce
185 2/3/4 SMBus 2.0 controller, has been added.</para>
187 <para>The &man.padlock.4; driver now supports the cryptographic
188 functionality of the VIA C7 processor.</para>
191 <title>Multimedia Support</title>
197 <title>Network Interface Support</title>
199 <para>The &man.ath.4; driver has been updated to
200 HAL version 0.9.17.2.</para>
202 <para arch="alpha,amd64,i386,sparc64">The &man.ath.4;, &man.ath.hal.4;, and
203 <literal>ath_rate_sample</literal> drivers have been
204 included in the <filename>GENERIC</filename> kernel by
207 <para>The &man.em.4; driver has been updated to
208 version 6.1.4 from Intel. Among other changes, it now supports
209 80003, 82571, 82571EB and 82572 based adapters, as well as
210 onboard-NICs on ICH8-based motherboards.</para>
212 <para>A number of improvements and bugfixes have been made to the
213 functionality of the &man.iwi.4; driver. This driver now
214 requires the firmware image in the
215 <filename role="package">net/iwi-firmware-kmod</filename>
216 port/package; prior versions of this driver used the
217 <filename role="package">net/iwi-firmware</filename>
220 <para>The &man.my.4; driver now has &man.altq.4; support.</para>
222 <para>The &man.nve.4; driver now has &man.altq.4; support.</para>
224 <para>The &man.sk.4; driver is now MPSAFE.</para>
226 <para>The &man.stge.4; driver has been added. It supports the
227 Sundance/Tamarack TC9021 Gigabit Ethernet controller and was
228 ported from NetBSD.</para>
232 <sect3 id="net-proto">
233 <title>Network Protocols</title>
235 <para>Multiple copies of a packet received via different
236 &man.bpf.4; listeners now all have identical
239 <para>The &man.enc.4; IPsec filtering pseudo-device has been
240 added. It allows firewall packages using the &man.pfil.9;
241 framework to examine (and filter) IPsec traffic before
242 outbound encryption and after inbound decryption.</para>
244 <para>The <literal>IPFIREWALL_FORWARD_EXTENDED</literal> kernel
245 option has been removed. This option was used to permit
246 &man.ipfw.4; to redirect packets with local destinations.
247 This behavior is now always enabled when
248 the <literal>IPFIREWALL_FORWARD</literal> kernel option is
251 <para>&os; &release.prev; contained a bug in the IPv6
252 implementation, which caused spurious error messages to be
253 printed for point-to-point interfaces. This problem has been
258 <title>Disks and Storage</title>
264 <title>File Systems</title>
266 <para>The &man.linsysfs.5; pseudo-filesystem driver has been
267 added. It provides a subset of the
268 Linux <filename>sys</filename> filesystem, and is required for
269 the correct operation of some Linux binaries (such as the LSI
270 MegaRAID SAS utility).</para>
272 <para>A deadlock observed when both quotas and snapshots were in
273 use on a file system on &os; &release.prev; has been
276 <para>A performance regression with NFS servers running &os;
277 &release.prev;, caused by a leak of the Giant kernel lock, has
283 <sect2 id="userland">
284 <title>Userland Changes</title>
286 <para>The &man.asf.8; utility has been revised and extended. Now
287 it can operate via several interfaces including &man.kvm.3;,
288 which supports not only live systems, but also kernel crash dumps.</para>
290 <para>The &man.csup.1; utility has been imported.
291 This is an implementation of a CVSup-compatible client written
292 in the C language. Note that it currently supports checkout mode
295 <para>The &man.dhclient.8; program now sends the host's name in
296 DHCP requests if it is not specified in the configuration
299 <para>The &man.du.1; program now supports a <option>-n</option>
300 flag, which causes it to ignore files and directories with
301 the <literal>nodump</literal> flag set.</para>
303 <para>The &man.find.1; program now supports <option>-Btime</option>
304 and other related primaries, which can be used to create expressions
305 based on a file's creation time.</para>
307 <para>The &man.getent.1; utility has been imported from NetBSD.
308 It retrieves and displays information from an administrative
309 database (such as <filename>hosts</filename>) using the lookup
310 order specified in &man.nsswitch.conf.5;.</para>
312 <para>The &man.iostat.8; utility now supports
313 a <option>-x</option> flag (inspired by Solaris) to print
314 extended disk statistics. If the new <option>-z</option> flag is
315 also specified, no output is made for disks with no
318 <para>The &man.jail.8; program now supports a <option>-s</option>
319 option to specify a jail's securelevel.</para>
321 <para>The &man.jexec.8; utility now supports <option>-u</option>
322 and <option>-U</option> flags to specify username credentials
323 under which a command should be executed.</para>
325 <para>The &man.logger.1; utility now supports
326 a <option>-P</option>, which specifies the port to which syslog
327 messages should be sent.</para>
329 <para>The &man.ls.1; utility now supports
330 an <option>-U</option> flag to use the file creation
331 time for sorting.</para>
333 <para>An extensible implementation of &man.printf.3;, compatible
334 with GLIBC, has been added to <filename>libc</filename>. It is
335 only used if the environment variable
336 <varname>USE_XPRINTF</varname> is defined, one of the extension
337 functions is called, or the global variable
338 <varname>__use_xprintf</varname> is set to a value greater than
339 <literal>0</literal>. Five extensions are currently supported:
340 <literal>%H</literal> (hex dump),
341 <literal>%T</literal> (<varname>time_t</varname> and
342 time-related structures),
343 <literal>%M</literal> (errno message),
344 <literal>%Q</literal> (double-quoted, escaped string),
345 <literal>%V</literal> (&man.strvis.3;-format string),
348 <para>The DNS resolver library in &os;'s <application>libc</application>
349 has been updated to BIND9's one.</para>
351 <para>The &man.tail.1; utility now supports a <option>-q</option>
352 flag to suppress header lines when multiple files are
355 <para>The &man.traceroute.8; utility now supports
356 a <option>-e</option> option, which sets a fixed destination
357 port for probe packets. This can be useful for tracing behind
358 packet-filtering firewalls.</para>
360 <para>&man.traceroute.8; now decodes the complete set of ICMP
361 unreachable messages in its output.</para>
363 <sect3 id="rc-scripts">
364 <title><filename>/etc/rc.d</filename> Scripts</title>
366 <para>A bug in the <filename>rc.d/jail</filename> startup
367 script, which caused a number of problems for users attempting
368 to use jails on &os; &release.prev;, has been
374 <title>Contributed Software</title>
376 <para><application>IPFilter</application> has been updated from
377 4.1.8 to 4.1.13.</para>
379 <para><application>sendmail</application> has been updated from
380 8.13.6 to 8.13.8.</para>
382 <para>The timezone database has been updated from the
383 <application>tzdata2005r</application> release to the
384 <application>tzdata2006g</application> release.</para>
388 <title>Ports/Packages Collection Infrastructure</title>
390 <para>&man.pkg.add.1; now supports an <option>-F</option>
391 flag to disable checking whether the same package is already
392 installed or not.</para>
396 <title>Release Engineering and Integration</title>
398 <para>The &man.sysinstall.8; utility now displays the running &os;
399 version in menu titles.</para>
401 <para>A <filename>/media</filename> directory has been
402 added to contain mount points for removable media
403 such as CDROMs, floppy disks, USB drives, and so on.</para>
405 <para>The supported version of
406 the <application>GNOME</application> desktop environment
407 (<filename role="package">x11/gnome2</filename>) has been
408 updated from 2.12.3 to 2.14.2.</para>
410 <para>The supported version of
411 the <application>KDE</application> desktop environment
412 (<filename role="package">x11/kde3</filename>) has been
413 updated from 3.5.1 to 3.5.3.</para>
415 <para arch="i386,amd64">The supported Linux emulation now uses the
417 <filename role="package">emulators/linux_base-fc4</filename>
423 <title>Documentation</title>
425 <para>The manual pages for <application>NTP</application>
426 have been updated to 4.2.0, to match the version of
427 code actually included in &os;.</para>
429 <para>Documentation of existing functionality has been improved by
430 the addition of the following manual pages:
431 &man.sysctl.9;.</para>
437 <title>Upgrading from previous releases of &os;</title>
439 <para>Source upgrades to &os; &release.current; are only supported
440 from &os; 5.3-RELEASE or later. Users of older systems wanting to
441 upgrade &release.current; will need to update to &os; 5.3 or newer
442 first, then to &os; &release.current;.</para>
445 <para>Upgrading &os; should, of course, only be attempted after
446 backing up <emphasis>all</emphasis> data and configuration