The &os; Project $FreeBSD$ 2010 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This section describes the most user-visible new or changed features in &os; since &release.prev;. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from . Advisory Date Topic SA-09:15.ssl 3 Dec 2009 SSL protocol flaw SA-09:16.rtld 3 Dec 2009 Improper environment sanitization in &man.rtld.1; SA-09:17.freebsd-update 3 Dec 2009 Inappropriate directory permissions in &man.freebsd-update.8; SA-10:01.bind 6 Jan 2010 BIND &man.named.8; cache poisoning with DNSSEC validation SA-10:02.ntpd 6 Jan 2010 ntpd mode 7 denial of service SA-10:03.zfs 6 Jan 2010 ZFS ZIL playback with insecure permissions SA-10:04.jail 27 May 2010 Insufficient environment sanitization in &man.jail.8; SA-10:05.opie 27 May 2010 OPIE off-by-one stack overflow SA-10:06.nfsclient 27 May 2010 Unvalidated input in nfsclient SA-10:07.mbuf 13 July 2010 Lost mbuf flag resulting in data corruption The supported version of the GNOME desktop environment (x11/gnome2) has been updated to 2.28.2. The supported version of the KDE desktop environment (x11/kde4) has been updated to 4.4.3. Upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernel distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded has Internet connectivity. An older form of binary upgrade is supported through the Upgrade option from the main &man.sysinstall.8; menu on CDROM distribution media. This type of binary upgrade may be useful on non-&arch.i386;, non-&arch.amd64; machines or on systems with no Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.