The &os; Project $FreeBSD$ 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This section describes the most user-visible new or changed features in &os; since &release.prev;, and changes shown in Release Notes for the previous releases are marked as [7.1R] and [7.2R]. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from . Advisory Date Topic SA-08:05.openssh 17 April 2008 OpenSSH X11-forwarding privilege escalation SA-08:06.bind 13 July 2008 DNS cache poisoning SA-08:07.amd64 3 September 2008 amd64 swapgs local privilege escalation SA-08:08.nmount 3 September 2008 &man.nmount.2; local arbitrary code execution SA-08:09.icmp6 3 September 2008 Remote kernel panics on IPv6 connections SA-08:10.nd6 1 October 2008 IPv6 Neighbor Discovery Protocol routing vulnerability SA-08:11.arc4random 24 November 2008 &man.arc4random.9; predictable sequence vulnerability SA-08:12.ftpd 23 December 2008 Cross-site request forgery in &man.ftpd.8; SA-08:13.protosw 23 December 2008 netgraph / bluetooth privilege escalation SA-09:01.lukemftpd 07 January 2009 Cross-site request forgery in &man.lukemftpd.8; SA-09:02.openssl 07 January 2009 OpenSSL incorrectly checks for malformed signatures SA-09:03.ntpd 13 January 2009 ntpd cryptographic signature bypass SA-09:04.bind 13 January 2009 BIND DNSSEC incorrect checks for malformed signatures SA-09:05.telnetd 16 February 2009 telnetd code execution vulnerability SA-09:06.ktimer 23 March 2009 Local privilege escalation SA-09:07.libc 04 April 2009 Information leak in &man.db.3; SA-09:08.openssl 22 April 2009 Remotely exploitable crash in OpenSSL SA-09:09.pipe 10 June 2009 Local information disclosure via direct pipe writes SA-09:10.ipv6 10 June 2009 Missing permission check on SIOCSIFINFO_IN6 ioctl SA-09:11.ntpd 10 June 2009 ntpd stack-based buffer-overflow vulnerability SA-09:12.bind 29 July 2009 BIND &man.named.8; dynamic update message remote DoS SA-09:14.devfs 2 Oct 2009 Devfs / VFS NULL pointer race condition The &os; GENERIC kernel now includes Trusted BSD MAC (Mandatory Access Control) support. No MAC policy module is loaded by default. A loader tunable hw.clflush_disable has been added to avoid panic (trap 9) at map_invalidate_cache_range() even if Intel CPU is used. This tunable can be set to -1 (default), 0 and 1. The -1 is same as the current behavior, which automatically disables CLFLUSH on Intel CPUs without CPUID_SS (this should occurr on Xen only). You can specify 1 when this panic happens on non-Intel CPUs (such as AMD's). Because disabling CLFLUSH can reduce performance, you can try with setting 0 on Intel CPUs without SS to use CLFLUSH feature. The &os; newbus subsystem is now MPSAFE. The &man.jail.8; subsystem has been updated. Changes include: A new virtualization container named vimage has been implemented. This is not enabled by default. To enable this, add the following kernel options to your kernel configuration file and rebuild the kernel: options VIMAGE Note that options SCTP in the GENERIC kernel is not compatible with options VIMAGE. This limitation will be fixed in the next release. The vimage is a jail with a virtualized instance of the &os; network stack. It can be created by using &man.jail.8; command like this: &prompt.root; jail -c vnet name=vnet1 host.hostname=vnet1.example.net path=/ persist The vimage has own loopback interface and a separated network stack including the L3 routing tables. Network interfaces on the system can be moved by using &man.ifconfig.8; vnet option between the different vimage jails and outside of them. Furthermore, the &man.epair.4; pseudo-interface driver has been added to help communication between vimage jails. It emulates a pair of back-to-back connected Ethernet interfaces. For example, the following commands create an interface pair of &man.epair.4;: &prompt.root; ifconfig epair0 create epair0a &prompt.root; ifconfig epair0a epair0a: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 02:c0:64:00:07:0a &prompt.root; ifconfig epair0b epair0b: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 02:c0:64:00:08:0b The &man.epair.4; pseudo-interfaces and any physical interfaces on the system can be moved between vimage jails by using &man.ifconfig.8; vnet option as described above. Even after half of an &man.epair.4; pair is moved, the back-to-back connection still valid and can be used for inter-jail communication. Note that vimage is still considered as an experimental feature. A jail can now have arbitrary named parameters similar to environmental variables and the fixed jail parameters in the previous releases have been replaced with them. The jail name can now be used for identifying the jail in &man.jexec.8; and &man.killall.1;. Multiple IPv4 and/or IPv6 addresses per jail are now supported. It is even possible to have jails without an IP address at all, which basically gives one a chrooted environment with restricted process view and no networking. SCTP (&man.sctp.4;) with IPv6 in jails has been implemented. Specific CPU binding by using &man.cpuset.1; has been implemented. Note that the current implementation allows the superuser inside of the jail to change the CPU bindings specified. A &man.jail.8; can start with a specific route FIB now. The &man.ddb.8; kernel debugger now supports a show jails subcommand. Compatibility support which permits 32-bit jail binaries to be used on 64-bit systems to manage jails has been added. Note that both version numbers of jail and prison in the &man.jail.8; have been updated for the new features. The &man.ksyms.4;, kernel symbol table interface driver has been added. It creates a character device /dev/ksyms and provides read-only access to a snapshot of the kernel symbol table. The &os; Linux emulation layer has been updated to version 2.6.16 and the default Linux infrastructure port is emulators/linux_base-f10 (Fedora 10). The &os; virtual memory subsystem now supports fully transparent use of superpages for application memory; application memory pages are dynamically promoted to or demoted from superpages without any modification to application code. This change offers the benefit of large page sizes such as improved virtual memory efficiency and reduced TLB (translation lookaside buffer) misses without downsides like application changes and virtual memory inflexibility. This can be enabled by setting a loader tunable vm.pmap.pg_ps_enabled to 1 and is enabled by default on &arch.amd64;. The &man.ddb.8; kernel debugger now supports a show mount subcommand. The &os; DTrace subsystem now supports a probe for process execution. The &os; kernel virtual address space has been increased to 6GB. This allows subsystems to use larger virtual memory space than before. For example, the &man.zfs.8; adaptive replacement cache (ARC) requires large kernel memory space to cache file system data, so it benefits from the increased address space. Note that the ceiling on the kernel map size is now 60% of the size of physical memory rather than an absolute quantity. The &man.kld.4; now supports installing 32-bit system calls to the &os; syscall translation layer from kernel modules. The &man.ktr.4; now supports a new KTR tracepoint in the KTR_CALLOUT class to note when a callout routine finishes executing. Types of variables used to track the amount of allocated System V shared memory have been changed from int to size_t. This makes it possible to use more than 2 GB of memory for shared memory segments on 64-bit architectures. Please note the new BUGS section in &man.shmctl.2; and /usr/src/UPDATING for limitations of this temporary solution. The &man.sysctl.3; leaf nodes have a flag to tag themselves as MPSAFE now. The &os; 32-bit system call translation layer now supports installing 32-bit system calls for VFS_AIO. The &man.clock.gettime.2; and the related system calls now support a clock ID CLOCK_THREAD_CPUTIME_ID, as defined in POSIX. The &man.cpuset.2; system call has been added. This is an API for thread to CPU binding and CPU resource grouping and assignment. The DTrace, a comprehensive dynamic tracing framework and &man.dtrace.1; userland utility have been imported from OpenSolaris. DTrace provides a powerful infrastructure to permit administrators, developers, and service personnel to concisely answer arbitrary questions about the behavior of the operating system and user programs. The &man.ddb.4; kernel debugger now has an output capture facility. Input and output from &man.ddb.4; can now be captured to a memory buffer for later inspection using &man.sysctl.8; or a textdump. The new capture command controls this feature. The &man.ddb.4; debugger now supports a simple scripting facility, which supports a set of named scripts consisting of a set of &man.ddb.4; commands. These commands can be managed from within &man.ddb.4; or with the use of the new &man.ddb.8; utility. More details can be found in the &man.ddb.4; manual page. The &man.ddb.4; ex command now supports an /S mode which interprets and prints the value at the requested address as a symbol. For example, ex /S aio_swake prints the name of the function currently registered in via aio_swake hook. The &man.ddb.4; show conifhk command has been added. This lists hooks currently waiting for completion in run_interrupt_driven_config_hooks(). The &man.fcntl.2; system call now supports F_DUP2FD command. This is equivalent to &man.dup.2;, and compatible with the Sun Solaris and the IBM AIX. The &os;'s &man.linux.4; ABI support now implements sched_setaffinity() and sched_getaffinity() using real CPU affinity setting primitives. The &man.procstat.1; utility has been added. This is a process inspection utility which provides some of the missing functionality from &man.procfs.5; and new functionality for monitoring and debugging specific processes. The client side functionality of &man.rpc.lockd.8; has been implemented in the &os; kernel. This implementation provides the correct semantics for &man.flock.2; style locks which are used by the &man.lockf.1; command line tool and the &man.pidfile.3; library. It also implements recovery from server restarts and ensures that dirty cache blocks are written to the server before obtaining locks (allowing multiple clients to use file locking to safely share data). Also, a new kernel option options NFSLOCKD has been added and enabled by default. If the kernel support is enabled, &man.rpc.lockd.8; automatically detects and uses the functionality. The &os; kernel now supports a new textdump format of kernel dumps. A textdump provides higher-level information via mechanically generated/extracted debugging output, rather than a simple memory dump. This facility can be used to generate brief kernel bug reports that are rich in debugging information, but are not dependent on kernel symbol tables or precisely synchronized source code. More information can be found in the &man.textdump.4; manual page. The &man.wait4.2; system call now supports WNOWAIT flag to keep the process whose status is returned in a waitable state and WSTOPPED which is equivalent to WUNTRACED. The &os; kernel now has initial support of binding interrupts to CPUs. The &man.sched.ule.4; scheduler is now the default process scheduler in GENERIC kernels. The sysctl variables kern.features.compat_freebsd[456] have been added. These are corresponding to the kernel options COMPAT_FREEBSD[456]. The boot0 boot loader now preserves volume ID at offset 0x1b8 used in other operating systems The &man.boot0cfg.8; utility now supports a new -i option to set the volume ID. The &man.boot.8; now supports 4-byte volume ID that certain versions of &windows; put into the MBR and invoking PXE by pressing the F6 key on some supported BIOSes. The &man.boot.8; BTX loader has been improved. This fixes several boot issues on recent machines reported for 7.1-RELEASE and before. The &man.loader.8; is now able to obtain DHCP options from network boot via &man.kenv.2; variables. A bug in the &man.loader.8; has been fixed. Now the following line works as expected: loader_conf_files="foo bar ${variable}" The BTX kernel used by the boot loader has been changed to invoke BIOS routines from real mode. This change makes it possible to boot &os; from USB devices. A new gptboot boot loader has been added to support booting from a GPT labeled disk. A new boot command has been added to &man.gpt.8;, which makes a GPT disk bootable by writing the required bits of the boot loader, creating a new boot partition if required. The &os; now includes experimental support for &arch.mips; platform. The &man.acpi.4; subsystem now supports the System Resource Affinity Table (SRAT) used to describe affinity relationships between CPUs and memory, ACPI 3.0 fields in the MADT including X2APIC entries and UIDs for local SAPICs, and ACPI 3.0 flags in the FADT. The &man.cpufreq.4; framework now supports PowerPC G5, along with a skeleton SMU driver in order to slew CPU voltage during frequency changes. The sec(4) driver has been added to provide support for the integrated security engine found in Freescale system-on-chip devices. The &os; TTY layer has been replaced with a new one which has better support for SMP and robust resource handling. A tty now has own mutex and it is expected to improve scalability when compared to the old implementation based on the Giant lock. The &man.uart.4; driver is now the default driver for serial port devices in favor of the &man.sio.4; driver. Note that the device nodes have been renamed from /dev/cuadN and /dev/ttydN to /dev/cuauN and /dev/ttyuN. Users who are upgrading will need to change their kernel configurations and possibly also /boot/loader.conf and /boot/device.hints. The &os; USB subsystem has been reimplemented to support modern devices and better SMP scalability. The new implementation includes Giant-lock-free device drivers, a Linux compatibility layer, &man.usbconfig.8; utility, full support for split transaction and isochronous transaction, and more. Device node names for USB devices are now in a the form of /dev/usb/bus.dev.endpoint, and /dev/usbctl is the master device node. Note that the &man.ugen.4; driver has nodes for each device as /dev/ugenbus.dev for backward compatibility. &os; now supports Ultra SPARC III (Cheetah) processor family. The &man.acpi.4; subsystem now supports a &man.sysctl.8; variable debug.batt.batt_sleep_ms. On some laptops with smart batteries, enabling battery monitoring software causes keystrokes from &man.atkbd.4; to be lost. This sysctl variable adds a delay in millisecond to the status checking code as a workaround. The &man.acpi.asus.4; driver now supports Asus A8Sr notebooks. Support for the AltiVec, a floating point and integer SIMD instruction set has been added. The &man.cpuctl.4; driver, which provides a special device /dev/cpuctl as an interface to the system CPU has been added. The &man.cpuctl.4; functionality includes the ability to retrieve CPUID information, read/write machine specific registers (MSR), and perform CPU firmware updates. The &man.cpufreq.4; driver now supports an hw.est.msr_info loader tunable. When this is set to 1, it attempts to build a simple list containing just the high and low frequencies if it cannot obtain a frequency list from either ACPI or the static tables. This is disabled by default. CPU frequency change notifiers are now disabled when the TSC is P-state invariant. Also, a new loader tunable kern.timecounter.invariant_tsc has been added to force this behavior by setting it to non-zero. The &man.atkbd.4; driver now disables the interrupt handler which is called from the keyboard callback function when polled mode is enabled. This fixes the problem of duplicated/missing characters at the mountroot prompt on multi CPU systems while &man.kbdmux.4; is enabled. In the &man.pci.4; subsystem INTx is now disabled when MSI/MSIX is enabled. This change fixes interrupt storm related issues. The schizo(4) driver for Schizo Fireplane/Safari to PCI 2.1 and Tomatillo JBus to PCI 2.2 bridges has been added. The &man.u3g.4; driver for USB based 3G cards and dongles including Vodafone Mobile Connect Card 3G, Qualcomm CDMA MSM, Huawei E220, Novatel U740, Sierra MC875U, and more has been added. This provides support for the multiple USB-to-serial interfaces exposed by many 3G USB/PC Card modems, and the device is accessed through the &man.ucom.4; driver which makes it behave like a &man.tty.4;. The &man.sched.ule.4; scheduler now supports the loader tunable machdep.hyperthreading_enabled just like &man.sched.4bsd.4;. Note that it cannot be modified at run-time. The &man.cmx.4; driver, a driver for Omnikey CardMan 4040 PCMCIA smartcard readers, has been added. The &man.kbdmux.4; driver now supports &arch.sparc64;. The &man.sunkbd.4; driver now supports &man.atkbd.4; emulation like &man.ukbd.4;. The nvram(4) driver is now MPSAFE. An option of the &man.puc.4; driver, PUC_FASTINTR, is no longer supported. The &man.psm.4; driver now attempts detection of Synaptics touchpad before IntelliMouse. Some touchpads will pretend to be IntelliMouse causing the IntelliMouse probe to work and the Synaptics detection never to be done. The &man.uslcom.4; driver, a driver for Silicon Laboratories CP2101/CP2102-based USB serial adapters, has been imported from OpenBSD. The &os; audio subsystem has been improved. The changes include volume per channel, high quality fixed-point band-limited SINC sampling rate converter, bit-perfect mode, transparent/adaptive virtual channel, and exclusive stream. For more details, see the &man.snd.4; manual page. The &man.agp.4; driver now supports Intel G4X series graphics chipsets. The Direct Rendering Manager (DRM), a kernel module that gives direct hardware access to DRI clients, has been updated. Support for AMD/ATI r500, r600, r700, and IGP based chips, XGI V3XE/V5/V8, and Intel i915 chipsets has been improved. A new loader tunable hw.drm.msi has been added to control if DRM uses MSI or not. This is set to 1 (enabled) by default. The snd_au88x0(4) driver for Aureal Vortex 1/2/Advantage PCI has been removed because it has been broken for a long time. The &man.snd.hda.4; driver has been updated. These changes include support for multiple codecs per HDA bus, multiple functional groups per codec, multiple audio devices per functional group, digital (SPDIF/HDMI) audio input/output, suspend/resume, and part of multichannel audio. Note that due to added HDMI audio and logical audio devices support, the updated driver often provides several PCM devices. This means that in some cases the system default audio device no longer corresponds to the users's habitual audio connectors. In such cases the default device can be specified in audio applications' setup or defined globally via hw.snd.default_unit sysctl variable, as described in the &man.sound.4; manual page. The &man.agp.4; driver now supports the Intel G33 and G45. The dpms(4) driver has been added to use the VESA BIOS for DPMS during suspend and resume. The DRM kernel driver now supports i915 GME devices. The &man.bwi.4; driver has been added to provide support for Broadcom BCM43xx IEEE 802.11b/g wireless network interfaces. The &man.cas.4; driver has been added to provide support for Sun Cassini/Cassini+ and National Semiconductor DP83065 Saturn Gigabit Ethernet devices. The &man.cxgbtool.8; now supports an interactive mode for scripting of repeatedly performed tasks. The &man.fxp.4; driver has been improved. Changes include: The multicast filter re-programming is now more robust. The checksum offload feature can be controlled by &man.ifconfig.8; now. Rx checksum offload support for 82559 or later controllers has been added. TSO (TCP Segmentation Offload) support for 82550 and 82551 controllers has been added. WoL (Wake on LAN) support for 82550, 82551, 82558, and 82559-based controllers has been added. Note that ICH based controllers are treated as 82559, and 82557, earlier revisions of 82558, and 82559ER have no WoL capability. VLAN hardware tag insertion/stripping support and Tx/Rx checksum offload for VLAN frames support has been added. Note that the VLAN hardware assistance is available only on 82550 or 82551-based controllers. The &man.miibus.4; driver now supports the Marvell 88E3016. The &man.msk.4; driver now supports Yukon FE+ A0 including 88E8040, 88E8040T, 88E8048 and 88E8070. The &man.mwl.4; driver has been added to provide support for Marvell 88W8363 IEEE 802.11n wireless network devices. The &man.mxge.4; driver now supports some newer revisions and 10GBASE-LRM and 10GBASE-Twinax media types. The firmware version has been updated to 1.4.43. The &man.nge.4; driver has been improved and now works on all platforms. The &man.uath.4; driver for USB wireless LAN adapter based on Atheros AR5005UG and AR5005UX chipsets has been added. The &man.uathload.8; utility, a firmware loader for the Atheros USB wireless driver has also been added. The &man.urtw.4; driver has been added to provide support for Realtek RTL8187B/L USB IEEE 802.11b/g wireless network devices. The &man.xl.4; driver now supports TX checksum offload. The &man.ae.4; driver now supports WoL (Wake on LAN). The &man.ale.4; driver is now included in the GENERIC kernel. The &man.ath.hal.4;, Atheros Hardware Access Layer, has been updated to the open source version. The &man.axe.4; driver has been improved in performance by eliminating extra context switches and now supports the Apple USB Ethernet adapter. The &man.bce.4; driver's firmware has been updated to the latest version (4.6.X). The ciphy(4) driver now supports Vitesse VSC8211 PHY. The &man.cxgb.4; driver has been updated to firmware revision 4.7 and now supports hardware MAC statistics. A bug in the &man.igb.4; driver, which prevented the loader tunable hw.igb.ave_latency from working, has been fixed. The &man.ixgbe.4; driver has been updated to version 1.7.4. The &man.jme.4; driver now supports newer JMicron JMC250/JMC260 revisions. The &man.msk.4; driver has been improved. An issue which made it hang up in a certain condition has been fixed. Hardware MAC statistics support has been added and users can get the information via sysctl variables named dev.msk.N.stats. The &man.nfe.4; driver now supports hardware MAC statistics. The &man.re.4; driver has been improved. It now detects the link status. A new loader tunable hw.re.prefer_iomap has been added, to disable memory register mapping. This tunable is 0 for all controllers except RTL8169SC family. The &man.rl.4; driver has been improved. It now detects the link status and a bug which prevented it from working on systems with more than 4GB memory has been fixed. A bug in &man.sis.4; on VLAN tagged frame handling has been fixed. The &man.txp.4; driver now works on all supported architectures. Support has been added for &man.altq.4;, WoL, checksum offload when VLAN enabled, and link state change handling has been improved, and new sysctl variables dev.txp.N.stats for MAC statistics have been added. New sysctl variables dev.txp.N.process_limit has been added, to control how many received frames should be served in Rx handler (set to 64 by default and valid ranges are 16 to 128 in unit of frames). The firmware has been updated to the latest version. The &man.ae.4; driver has been added to provide support for the Attansic/Atheros L2 FastEthernet controllers. The &man.jme.4; driver has been added to provide support for PCIe adapters based on JMicron JMC250 gigabit Ethernet and JMC260 fast Ethernet controllers. The &man.age.4; driver has been added to provide support for Attansic/Atheros L1 gigabit Ethernet controller. The &man.malo.4; driver has been added to provide support for Marvell Libertas 88W8335 based PCI network adapters. The bm(4) driver has been added to provide support for Apple Big Mac (BMAC) Ethernet controller, found on various Apple G3 models. The et(4) driver has been added to provide support for Agere ET1310 10/100/Gigabit Ethernet controller. The &man.glxsb.4; driver has been added to provide support for the Security Block in AMD Geode LX processors. The &man.ale.4; driver has been added to provide support for Atheros AR8121/AR8113/AR8114 Gigabit/Fast Ethernet controllers. This driver is not enabled in GENERIC kernels for this release. The &man.em.4; driver has been split into two drivers with some common parts. The &man.em.4; driver will continue to support adapters up to the 82575, as well as new client/desktop adapters. A new &man.igb.4; driver will support new server adapters. The &man.hme.4; driver has been improved. A bug in some of the &man.miibus.4; supported drivers that IEEE 802.3 auto-negotiation was performed in a wrong order, has been fixed. Now it chooses the correct technologies supported by IEEE 802.3 in the order described in Annex 28B.3. A workaround has been added for a bug in TCP/UDP hardware checksum offload of the &man.msk.4; driver for short frames. Note that for frames that requires hardware VLAN tag insertion, the checksum offload workaround does not work due to changes of checksum offset in mbuf after the VLAN tag. So disabling hardware checksum offload for the VLAN interface is needed in such cases. The &man.ndis.4; NDIS miniport driver wrapper has been improved. The &man.sf.4; driver has been improved and now supports checksum offloading. The &man.stge.4; driver now supports WOL (Wake on LAN). The &man.vr.4; driver has been improved. The &man.wpi.4; driver has been updated to include a number of stability fixes. The &os; netisr framework has been reimplemented for parallel threading support. This is a kernel network dispatch interface which allows device drivers (and other packet sources) to direct packets to protocols for directly dispatched or deferred processing. The new implementation supports up to one netisr thread per CPU, and several benchmarks on SMP machines show substantial performance improvement over the previous version. A bug in the &man.gif.4; that EtherIP packets sent by combination of &man.if.bridge.4; and &man.gif.4; have a reversed version field has been fixed. If you need to communicate with older &os; releases via EtherIP, use new flags accept_rev_ethip_ver and send_rev_ethip_ver to control handling the reversed version field. These can be set by &man.ifconfig.8 utility to &man.gif.4; interfaces. The EtherIP implementation found on &os; 6.1, 6.2, 6.3, 7.0, 7.1, and 7.2 had an interoperability issue because it sent the incorrect EtherIP packets and discarded the correct ones. For more details, see &man.gif.4; manual page. The IGMPv3 and SSM (Source-Specific Multicast) including IPv6 SSM and MLDv2 have been added. Although the old KAME MLDv2 hooks have been replaced with the new implementation, the related kernel programming interfaces have been preserved. The multicast routing code has been improved and the IPv4 and IPv6 support has been split. The &os; now supports the upcoming Wireless Mesh standard, IEEE 802.11s. The current implementation is based on the March 2009 D3.0 draft version. The wireless network support layer (net80211) now uses pseudo-interfaces named as wlanN instead of a device driver name like em0 directly. The wlanN interface is created by &man.ifconfig.8; as an instance of the parent interface and used for actual communication similar to &man.vlan.4, IEEE 802.1Q VLAN network interface. Note that multiple instances (to realize multiple BSSes with a single AP device, for example) can be created if the parent interface supports it. For more details, see &man.ifconfig.8; manual page. The net80211 layer now supports TDMA for long distance point-to-point links using &man.ath.4; devices. An infrastructure for caching flows as a means of accelerating L2 and L3 lookups has been added. This is called flow table and enabled by default on &arch.amd64 and &arch.i386; platforms. This also provides stateful load balancing when used with RADIX_MPATH The &os; L2 address translation table has been reimplemented to reduce lock contention on parallel processing and simplify the routing logic. The new implementation has L2 address translation tables for both ARP (for IPv4) and NDP (for IPv6) which are separated from the L3 routing tables, and supports flow table caches for both the routing table and the L2 information. One of the user-visible changes is that a concept of cloned route (a route generated by an entry with RTF_CLONING flag) is deprecated. This means routing flags RTF_CLONING, RTF_WASCLONE, and RTF_LLINFO are obsolete. The &man.ipsec.4; subsystem now supports NAT-Traversal (RFC 3948). This is disabled by default. To enable this add the following kernel option and rebuild the kernel: device crypto options IPSEC options IPSEC_NAT_T IPv4 source address selection for unbound sockets has been implemented as follows: If we found a route, use the address corresponding to the outgoing interface. Otherwise we assume the foreign address is reachable on a directly connected network and try to find a corresponding interface to take the source address from. As a last resort use the default jail address. This also changes the semantics of selecting the IP for processes within a &man.jail.8; as it now uses the same logic as outside the &man.jail.8;. The TCP MD5 Signature Option (RFC 2385) for IPv6 has been implemented in the same way it has been implemented for IPv4. The &man.ng.netflow.4; Netgraph node now includes support for generating egress netflow instead or in addition to ingress. An NGM_NETFLOW_SETCONFIG control message has been added to control the new functionality. The &man.tap.4; Ethernet tunnel software network interface now supports a new TAPGIFNAME character device ioctl. This is a convenient shortcut to obtain the network interface name using a file descriptor to a character device. The &man.tap.4; now supports SIOCSIFMTU ioctl to set a higher MTU than 1500 (ETHERMTU). This allows &man.tap.4; devices to be added to the same bridge (which requires all interface members to have the same MTU) with an interface configured for jumbo frames. The domains list for handling the list of supported domains in the &man.unix.4; (UNIX domain protocol family) subsystem is now MPSAFE. The &man.arp.8; utility now supports reject and blackhole keywords. In the entry marked as reject, traffic to the host will be discarded and the sender will be notified the host is unreachable. In the entry marked as blackhole, traffic is discarded but the sender is not notified. The &man.bpf.4; now supports an ioctl BIOCSETFNR. This is just like BIOCSETF, but it does not drop all the packets buffered on the descriptor and reset the statistics. The &man.if.bridge.4; interface can limit the number of source MACs that can be behind a bridge interface via ifmaxaddr parameter of &man.ifconfig.8;. A bug in the &man.carp.4; interface configuration which leads to a system panic has been fixed. The &man.dummynet.4; subsystem now supports fast mode operation which allows certain packets to bypass the dummynet scheduler. This can achieve lower latency and lower overhead when the packet flow is under the pipe bandwidth, and eliminate recursion in the subsystem. The new sysctl variable net.inet.ip.dummynet.io_fast has been added to enable this feature. The &man.enc.4; interface now supports sysctl variables to control whether the firewalls or &man.bpf.4; will see inner and outer headers or just inner or outer headers for incoming and outgoing IPsec packets. The &man.gre.4; now supports ioctls GRESKEY and GREGKEY which allows set or get GRE key used for outgoing packets. A bug in the &man.ipsec.4; subsystem that PMTU was broken in those cases when there was a route with a lower MTU than the MTU of the outgoing interface, has been fixed. The netatm subsystem has been removed due to lacking multiprocessor support. The &man.ng.nat.4; now supports redirect functionality in libalias. For more details, see the manual page. The &man.ng.pptpgre.4; now supports multiple hooks like &man.ng.l2tp.4;, to use one pair of pptpgre and ksocket nodes for all calls between two peers. The &man.resolver.3; now allows underscore in domain names. Although this is a violation of RFC 1034 [STD 13], it is accepted by certain name servers as well as other popular operating systems' resolver library. A socket option TCP_CONGESTION for TCP sockets has been added. This is for setting and retrieving the congestion control algorithm. The name used is to allow compatibility with Linux. The &man.rwlock.9; has been used throughout the inpcbinfo and inpcb infrastructure, and protocols that depend on that infrastructure, including UDP, TCP, and IP raw sockets to reduce the lock contentions. The &os; now supports multiple routing tables. To enable this, the following steps are needed: Add the following kernel configuration option and rebuild the kernel. The 2 is the number of FIB (Forward Information Base, synonym for a routing table here). The maximum value is 16. options ROUTETABLES=2 The procedure for rebuilding the &os; kernel is described in the &os; Handbook. This number can be modified on boot time. To do so, add the following to /boot/loader.conf and reboot the system: net.fibs=6 Set a loader tunable net.my_fibnum if needed. This means the default number of routing tables. If not specified, 0 will be used. Set a loader tunable net.add_addr_allfibs if needed. This enables to add routes to all FIBs for new interfaces by default. When this is set to 0, it will only allocate routes on interface changes for the FIB of the caller when adding a new set of addresses to an interface. Note that this tunable is set to 1 by default. To select one of the FIBs, the new &man.setfib.1; utility can be used. This set an associated FIB with the process. For example: &prompt.root; setfib -3 ping target.example.com The FIB #3 will be used for the &man.ping.8; command. The FIB which the packet will be associated with will be determined in the following rules: All packets which have a FIB associated with them will use the FIB. If not, FIB #0 will be used. A packet received on an interface for forwarding uses FIB #0. A TCP listen socket associated with an FIB will generate accept sockets which are associated with the same FIB. A packet generated in response to other packet uses the FIB associated with the packet being responded to. A packet generated on tunnel interfaces such as &man.gif.4; and &man.tun.4; will be encapsulated using the FIB of the process which set up the tunnel. Routing messages will be associated with the process's FIB. Also, the &man.ipfw.8; now supports an action rule setfib. The following action: setfib fibnum will make the matched packet use the FIB specified in fibnum. The rule processing continues at the next rule. The &os; CAM SCSI subsystem (&man.cam.4;) now includes experimental support for ATA/SATA/AHCI-compliant devices. This is disabled by default. To enable this, adding the following kernel options to your kernel configuration file and rebuild the kernel: device ahci device siis The current implementation supports AHCI-compliant controllers and SiliconImage SiI3124/SiI3132/SiI3531 controllers. The device node of an ATA drive is ada and an ATAPI drive is cd. The &os; iSCSI initiator implementation has been improved and supports IPv6. A userland utility &man.mfiutil.8; for the &man.mfi.4; devices has been added. This includes basic features to monitor controller, array, and drive status, change basic attributes, create/delete arrays and spares, and flush the controller firmware. Note that this is a small utility, not a replacement of MegaCLI in the Ports Collection which is supported officially and provides more functionality. A userland utility &man.mptutil.8; for the &man.mpi.4; devices has been added. This includes basic features to monitor controller, array, and drive status, change basic attributes, and create/delete arrays and spares. The &man.siis.4; driver has been added to provide support for SiliconImage SiI3124/3132/3531 SATA2 controllers. It supports Serial ATA and ATAPI devices, port multipliers (including FIS-based switching), hardware command queues (31 commands per port) and Native Command Queuing. The &man.ata.4; driver now supports Marvell PATA M88SX6121. The &man.ata.4; driver now recognizes nForce MCP67 and MCP73 SATA controllers as AHCI. The &man.ataraid.4; driver now includes preliminary support for DDF metadata found on Adaptec HostRAID controllers. Note that spares and rebuilds are not supported yet. The &man.cam.4; SCSI subsystem now supports a new sysctl variable kern.cam.cd.retry_count. This controls the number of retries for the CD media. When trying to read scratched or damaged CDs and DVDs, the default mechanism is sub-optimal, and programs like ddrescue do much better if you turn off the retries entirely since their algorithms do it by themselves. This value is set to 4 (for a total of 5 attempts) by default. Setting it to 0 turns off all retry attempts. A bug in the &man.ciss.4; driver which caused low max device openings count and led to poor performance has been fixed. The &man.glabel.8; GEOM class now supports a new UFS-based label called ufsid that can be used to reference UFS-carrying devices by the unique file system ID. This file system ID is automatically generated and detected when the &man.glabel.8; GEOM class is enabled. An example of this new label is: /dev/ufsid/48e69c8b5c8e1b43. The benefit of using GEOM labels in general is to avoid problems of device renaming when shifting drives or controllers. The &man.gjournal.8; GEOM class now supports the root file system. Previously, an unclean shutdown would make it impossible to mount the root file system at boot. The &man.gpart.8; utility has been updated. The APM scheme now supports Tivo Series 1 partitions (read only), a new EBR scheme to support Extended Boot Records has been added, the BSD scheme now support bootcode, and bugs in the PC98 and VTOC8 schemes have been fixed. An issue in &man.gvinum.8; with access permissions to underlying disks used by a gvinum plex has been fixed. If the plex is a raid5 plex and is being written to, parity data might have to be read from the underlying disks, requiring them to be opened for reading as well as writing. The &man.hptmv.4; driver has been updated to version 1.16 from HighPoint. The &man.mmc.4; and &man.mmcsd.4; drivers now support MMC and SDHC cards, high speed timing, wide bus, and multiblock transfers. The &man.mpt.4; driver is now in the GENERIC kernel. The &man.sdhci.4; driver has been added. This supports PCI devices with class 8 and subclass 5 according to the SD Host Controller Specification. The &man.sdhci.4; driver now supports kernel dumping and a sysctl variable hw.sdhci.debug for debug level. The &man.twa.4; driver now supports 64-bit DMA. The &man.mmc.4; &man.mmcsd.4;, and &man.sdhci.4; driver are now included as kernel modules. The &man.aac.4; driver now supports 64-bit array support for RAIDs larger than 2TB and simultaneous opens of the device for issuing commands to the controller. The &man.ata.4; driver now supports a loader variable hw.ata.ata_dma_check_80pin. This can be used to disable the 80pin cable check on broken systems such as certain laptops and Soekris boards. The default value is 1. A data corruption problem of the &man.ata.4; driver on ServerWorks HT1000 chipsets has been fixed. The &man.ciss.4; driver now supports a loader tunable hw.ciss.nop_message_heartbeat for NOP-message polling in ciss_periodic(). This can be used as a workaround for ADAPTER HEARTBEAT FAILED issue. The default value is 0 (disabled). The geom_part GEOM class can be built as a kernel module. The geom_linux_lvm GEOM class can be built as a kernel module. The &man.hptrr.4; driver has been updated to version 1.2 from Highpoint. A buffer overflow in the &man.iir.4; driver has been fixed. This likely fixes a great number of weird problems that have been reported with this driver. The &man.mpt.4; driver now supports mpt_user personality. The &man.rr232x.4; driver has been superseded by &man.hptrr.4; driver. The &man.twa.4; driver has been improved with regard to stability on machines with a plenty of memory and high CPU load. dangerously dedicated mode for the UFS file system is no longer supported. Such disks will need to be reformatted to work with this release. The &man.gvinum.8; now supports commands found in the old vinum implementation including attach, detach, start, stop, concat, mirror, stripe, and raid5. The &man.gvinum.8; now supports grow command to make it easier for users to extend plexes without having to understand all of the implementation internals. The &os; NFS subsystem now supports RPCSEC_GSS authentication on both the client and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed to support the NFS Lock Manager. It supports both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase and the default is to use the new one. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the &man.crypto.4; device. For more details, see &man.gssd.8; manual page. The &os; NFS subsystem now includes a new, experimental implementation with support for NFSv2, NFSv3, and NFSv4. This is not enabled by default. To enable this, add the following kernel options to your kernel configuration file and rebuild the kernel: options NFSCL # for NFS client options NFSD # for NFS server The fstype for &man.mount.8; program is newnfs, and &man.mount.newnfs.8; program has also been added. The old, unmaintained NFSv4 client based on an implementation from the University of Michigan was removed from the &os; source tree. The &os; NFS subsystem now uses TCP as the default transport. The shared vnode locking for pathname lookups in the &man.VFS.9; subsystem has been improved. This is enabled by default. Setting a sysctl variable vfs.lookup_shared to 0 disables it. Note that the LOOKUP_SHARED kernel option equivalent to the sysctl variable has been removed. The ZFS file system has been updated to version 13. The changes include ZFS operations by a regular user, L2ARC, ZFS Intent Log on separated disks (slog), sparse volumes, and so on. The semantics of &man.acl.3; extended access control lists has been changed as follows: The inode modification time (mtime) is not updated when extended attributes are added, modified, or removed. The inode access time (atime) is not updated when extended attributes are queried. The &os; NFS file system now supports a sysctl variable vfs.nfs.prime_access_cache to determine whether or not nfs_getattr() will use an ACCESS RPC to prime the access cache instead of a simple GETATTR RPC. This is because on many NFS servers an ACCESS RPC is much more expensive to service than a GETATTR RPC for files in an NFSv3 mount. The sysctl variable is enabled by default to maintain the previous behavior. The &os; UDF file system now supports a fifo. The &man.fdescfs.5; is now MPSAFE. The &man.gpart.8; now supports BSD disklabels (option GEOM_PART_BSD) and VTOC8 disklabels (option GEOM_PART_VTOC8). The &man.gvinum.8; now accepts volume parameter when creating a plex. A pathname lookup bug of a UNIX domain socket in the unionfs(7) has been fixed. The GCC stack protection (also known as ProPolice) has been enabled in the &os; base system. A BSD-licensed &man.ar.1; utility has been added in favor of one in GNU binutils and it is now the default utility for building the &os; base system. The &man.awk.1; utility now supports 64 files. The upper limit was 20 in prior releases. The &man.bsnmpd.1; program now supports OIDs for ZFS. The &man.camcontrol.8; program now supports a new modularized ATA kernel module and various ATA commands. The &man.cat.1; and &man.cp.1; now use a larger buffer if the number of pages of the physical memory on the system is grater than 32k. This reduces the number of context switches. A new BSD-licensed &man.cpio.1; utility has been added in favor of GNU cpio and it is now the default utility in the &os; base system. A script for the &man.crashinfo.8; utility for simple analysis of crash dump has been added. It generates a text file containing the output of several commands run against the core dump such as &man.kgdb.1; (stack trace), &man.ps.1;, &man.netstat.1;, &man.vmstat.8;, &man.iostat.8;, &man.dmesg.8;, and &man.fstat.1;. The &man.df.1; utility's -h flag now supports displaying inode counts in a human-readable format when a flag -i is specified. The &man.df.1; utility now supports a -T flag to display file system type in each entry. A bug in the &man.dhclient.8; that can create a malformed /etc/resolv.conf has been fixed. The &man.dhclient.8; now uses an -n flag when invoking &man.route.8; command. This eliminates a long delay in the case that it gets a lease but DNS service is not working. The &man.dhclient.8; utility now uses 68 (bootpc) as the source port for unicast DHCPREQUEST packets instead of allowing the protocol stack to pick a random source port. This fixes the behavior where &man.dhclient.8; would never transition from RENEWING to BOUND without going through REBINDING in some networks which has a tight policy on DHCP spoofing. The &man.env.1; utility now supports a -u name option that completely unsets the given name instead of setting it to a null value. The &man.find.1; utility now supports a number of primaries found in GNU find including -ignore_readdir_race, -noignore_readdir_race, -noleaf, -gid, -uid, -wholename, -iwholename, -mount, -d, -lname, -ilname, -quit, -samefile, and -true. The &man.fsck.8; utility now supports a -r flag to free up excess unused inodes. Decreasing the number of preallocated inodes reduces the running time of future runs of fsck and frees up space that can allocated to files. This flag is ignored when running in preen mode. The &man.freebsd-update.8; now supports backing up the old kernel when installing a new kernel. The backup kernel will be written to /boot/kernel.old if the directory does not exist or the directory was created by freebsd-update in a previous backup. Otherwise the &man.freebsd-update.8; will generate a new directory name for use by the backup. This is enabled by default. The &man.gpt.8; program has been removed in favor of &man.gpart.8;. The &man.gzip.1; utility now supports uncompressing files which are created by pack found in some commercial UNIX-like systems. The &man.i2c.8; utility for diagnostics of I2C has been added. The &man.ifconfig.8; now supports vnet and -vnet option to allow moving interfaces between jails with vimage. A BSD-licensed libdwarf library has been added for DTrace clients. The libmsun library now supports acosl(), asinl(), atanl(), atan2l(), cargl(), csqrtl(), fmodl(), hypotl(), and remquol() functions. The libproc library has been added for DTrace clients. The &man.mtest.8; utility now supports IPv6. The &man.mount.8; program now supports an -o mountprog=filename option to allow an alternative program to be used for mounting a file system. This is useful for non-&man.nmount.2; based file systems such as FUSE. The &man.nfscbd.8;, &man.nfsuserd.8;, &man.nfsdumpstate.8;, and &man.nfsrevoke.8; utilities for the new NFSv4 subsystem has been added. The &man.pmcannotate.8; utility has been added. This prints out sources of a tool (in C or assembly) with inlined profiling informations retrieved by a prior &man.pmcstat.8; analysis. The &man.route.8; utility now supports show, weights, and sticky commands. For more details, see the &man.route.8; manual page. The &man.rtld.1; now supports a new environment variable LD_ELF_HINTS_PATH for overriding the rtld hints file. This environment variable would be ignored if the process uses setuid and/or setgid. This feature gives a convenient way to use a custom set of shared library that is not in the default location. The &man.rtld.1; now supports the dynamic string token substitution in the rpath and soneeded pathes. The $ORIGIN, $OSNAME, $OSREL and $PLATFORM tokens are supported. Enabling the substitution requires DF_ORIGIN flag in DT_FLAGS or DF_1_ORIGIN if DF_FLAGS_1, that may be set with -z origin GNU ld flag. This translation is unconditionally disabled for setuid/setgid processes. The $ORIGIN translation relies on the AT_EXECPATH auxinfo supplied by the &os; kernel. It is no longer possible to create UFS filesystems in dangerously dedicated mode using &man.sysinstall.8; since this mode is no longer supported. &man.sysinstall.8; menus have been simplified to reduce confusion and duplication with other parts of the system. The Xorg window system should be installed just like any other package. Configuration of Linux and OSF/1 emulation should be done via kernel rebuilds. Support for installation from tape media was removed as it was believed to be broken. Obsolete code to support OLDCARD was also removed. &man.sysinstall.8; now understands how to use unsliced USB drives as installation source media via /dev/daXa &man.sysinstall.8; now recognizes the new /dev/adaX disk devices, if compiled into the kernel. &man.sysinstall.8; now uses the freebsd-doc-* packages for localized documents. &man.sysinstall.8; now ejects the CDROM after installation if it was used as source media. The &man.traceroute.8; and &man.traceroute6.8; now support an -a flag to display AS number corresponding to the lookup IP address on each hop. It will query the number to WHOIS server specified in -A option. If no -A is specified, whois.radb.net will be used as the default value. The &man.tzsetup.8; now supports an -s flag to skip the question about adjusting the clock to UTC. The &man.wake.8; utility, a tool to send Wake on LAN frames to hosts on a local Ethernet network has been added. The &man.ypserv.8; program now supports shadow.byname and shadow.byuid maps. A bug in the &man.atacontrol.8; utility, which prevents it from working when /usr is not mounted or invoked from /rescue, has been fixed. The &man.btpand.8; daemon from NetBSD has been added. This daemon provides support for Bluetooth Network Access Point (NAP), Group Ad-hoc Network (GN) and Personal Area Network User (PANU) profiles. The &man.cpucontrol.8; utility has been added to control &man.cpuctl.4; pseudo-device. The &man.ncal.1; utility now supports multibyte characters. The &man.newfs.8; utility now supports operations on a regular file. The &man.config.8; utility now supports multiple makeoption lines. The &man.csup.1; utility now supports CVSMode to fetch a complete CVS repository. Note that the rsync transfer mode is currently disabled. The &man.dirname.1; utility now accepts multiple arguments in the same way that &man.basename.1; does. The &man.du.1; utility now supports an -l flag. When specified, the &man.du.1; utility counts a file with multiple hard links as multiple different files. The &man.du.1; utility now supports an -A flag to display the apparent size instead of the disk usage. This can be helpful when operating on compressed volumes or sparse files. The &man.du.1; utility now supports a -B blocksize option to calculate block counts in blocks of blocksize bytes. This is different from the -k or -m options or setting BLOCKSIZE and gives an estimate of how much space the examined file hierarchy would require on a file system with the given blocksize. Unless in -A mode, blocksize is rounded up to the next multiple of 512. The &man.dumpfs.8; utility now supports an -f flag, which causes it to list all free fragments in the file system by fragment (block) number. This new mode does the necessary arithmetic to generate absolute fragment numbers rather than the cg-relative numbers printed in the default mode. If -f is passed once, contiguous fragment ranges are collapsed into an X-Y format as free block lists are currently printed in regular dumpfs output. If specified twice, all block numbers are printed individually, allowing both compact and more script-friendly representation. The &man.fetch.1; utility now supports an -i flag which supports the If-Modified-Since HTTP 1.1 request. If specified it will cause the file to be downloaded only if it is more recent than the mtime of the local file. Also, libfetch now accepts the mtime in the url structure and a flag to indicate when this behavior is desired. The &man.fsck.8; utility now supports a -C flag for check clean mode. This checks if the file system was dismounted cleanly first and then skip file system checks if true. Otherwise it does full checks. The &man.fsck.8; utility now supports a -D flag for damaged recovery mode, which will enable certain aggressive operations that can make &man.fsck.8; to survive with file systems that has very serious data damage. This is a useful last resort when on disk data damage is very serious and causes &man.fsck.8; to crash. The &man.getaddrinfo.3; function now supports SCTP. A bug was fixed in the &man.ipfw.8; utility which displays extra messages for a NAT rule even when a -q flag is specified. The &man.ln.1; utility now supports a -w flag to check if the source file actually exists. When the flag is specified and the file does not exist, &man.ln.1; will issue a warning message. The &man.ln.1; utility now allows creating hard links to symbolic links because the POSIX.1-2008 requires this behavior for -L and -P flag. The &man.lpr.1; utility now support an -m flag to send an email after the job is completed and a -t option to set the job title. The &man.make.1; utility now supports a -p flag to print the input graph only, without executing any commands. The output is the same as -d g1. When combined with -f /dev/null, only the built-in rules of make are displayed. The &man.make.1; utility now supports a -Q flag to cause file banners not to be generated in addition to the same effect of a -q flag when a -j option is specified. The &man.make.1; utility now supports the .MAKE.JOB.PREFIX variable. If -j and -v are specified, its output for each target is prefixed with a token --- target --- the first part of which can be controlled via the variable. The &man.make.1; utility now supports .MAKE.PID and .MAKE.PPID variable. These are set to process ID of the &man.make.1; process and its parent process respectively. The &man.makefs.8; utility to create a file system image from a directory tree has been added. The &man.mergemaster.8; utility now supports an -F option to automatically install files that differ only in their version control ID strings. The &man.mount.8; utility now supports an -o mountprog=/somewhere/mount_xxx option to force it to use the specified program to mount the file system instead of calling &man.nmount.2; directly. This is useful when you want to use third party programs such as FUSE, for example. The &man.netstat.1; utility now reports &man.unix.4; sockets' listen queue statistics when an -L flag is specified. A bug in the &man.netstat.1; utility has been fixed. It crashed with the following options in the previous versions: &prompt.user; netstat -m -N foo A bug in the &man.netstat.1; utility has been fixed. The -ss option now works in the icmp6 section as expected. The &man.pciconf.8; utility now supports a -b flag, which lists any base address registers (BAR) that are assigned resources for each device. The &man.powerd.8; program has been improved. Changes include reasonable CPU load estimation on SMP systems and a new mode named as hiadaptive for AC-powered systems. The hiadaptive mode raises the CPU frequency twice as fast as adaptive, it drops the CPU frequency 4 times slower, prefers twice lower CPU load and has an additional delay before leaving the highest frequency after the period of maximum load. The &man.revoke.1; utility has been added. This is a wrapper of &man.revoke.2; syscall. The &man.stat.1; utility now displays an octal representation of suid, sgid and sticky bits when the -x flag is specified. The &man.strndup.3; function has been added. The &man.tftpd.8; program now supports a -W option. This is almost the same as a -w option but will generate unique named based on the submitted filename, a &man.strftime.3; format string, and a two digit sequence number. The time format string can be set by an -F option. The &man.wc.1; utility now supports an -L flag to output the number of characters in the longest input line. A bug in the &man.rpc.yppasswdd.8; program, which causes it to leave a zombie process when a password or default shell is changed, has been fixed. The &man.adduser.8; utility now supports a -M option to set the mode of a new user's home directory. The &man.atacontrol.8; utility now supports a spindown command to set or report timeout after which the device will be spun down. The &man.chflags.1; now supports a -v flag for verbose output, a -f flag to ignore errors, and -h to allow setting flags on symbolic links with the same semantics as (for example) &man.chmod.1;. The &man.cp.1; now supports a -a flag, which is equivalent to -RpP flags. A bug in the &man.cp.1; utility which prevents POSIX.1e ACL (see also &man.acl.3;) from copying properly has been fixed. The &man.cron.8; utility now supports -m flag which overrides the default mail recipient for cron mails unless explicitly provided by MAILTO= line in crontab file. The &man.dhclient.8; now supports more options described in &man.dhcp-options.5;. The &man.dhclient.8; now supports is_default_interface() function which determines if this interface is one with the default route. A bug in the &man.dhclient.8; that prevents removal of the default route from working has been fixed. The &man.environ.7;, environment array of strings now supports unsetting a variable by setting the first character to NULL. This is required by third-party software such as Dovecot and Postfix. The &man.fdisk.8; now supports a -q flag to not display any warnings. The &man.fetch.1; program and libfetch library now supports a NO_PROXY environment variable. This specifies comma- or whitespace-separated list of host names for which proxies should not be used. If a single asterisk is specified, the use of proxies is disabled. The &man.ffsll.3; and &man.flsll.3; functions have been added. These functions are the same as &man.ffs.3; and &man.fls.3; except that they accept long long as the arguments. The &man.fortune.6; program now supports FORTUNE_PATH environment variable to specify search path of the fortune files. A bug in the &man.fortune.6; program that prevents -e option with multiple files from working has been fixed. The &man.freebsd-update.conf.5; now supports IDSIgnorePaths statement. The &man.fwcontrol.8; utility now supports -f node option which specifies node as the root node on the next bus reset. The &man.gcc.1; now accepts -mcpu option properly; it was hardcoded as -mcpu=ultrasparc. The &man.ifconfig.8; command now supports display of WPS IE (Wireless Provisioning Services Information Element). The &man.kgdb.1; command now supports an add-kld kld command to locate a &man.kld.4; and load its symbols. The &man.kgdb.1; command now has a shared library backend for kernel files that treats &man.kld.4; as shared libraries and auto-loading symbols for &man.kld.4; on startup. The &man.kgdb.1; now supports a tid command and other kernel module related commands even for a remote target. The &man.kvm.getcptime.3; function to obtain the global CPU time statistics from the kernel has been added. The libalias library now supports PORT and EPRT FTP commands in lowercase. The &man.man.1; now includes a limited support of &man.bzip2.1;-compressed manual pages. The &man.mdconfig.8; command now supports a -v (verbose) flag to -l command. It shows size and backing store of all &man.md.4; devices at one time. The &man.memrchr.3; function has been added. This behaves like &man.memchr.3; except that it locates the last occurrence of the specified character in the string. The incorrect output grammar of &man.morse.6; program has been fixed. The &man.mountd.8; utility now supports -h bindip option which specifies IP addresses to bind to for TCP and UDP requests. This option may be specified multiple times. If no -h option is specified, INADDR_ANY will be used. Note that when specifying IP addresses with this option, it will automatically add 127.0.0.1 and if IPv6 is enabled, ::1 to the list. The &man.moused.8; utility now supports -L flag which changes the speed of scrolling and changes -U option behavior to only affect the scroll threshold. The &man.mv.1; command now support POSIX specification when moving a directory to an existing directory across devices. The &man.periodic.8; now supports daily_status_mail_rejects_shorten configuration variable in &man.periodic.conf.5;. This allows the rejected mail reports to tally the rejects per blacklist without providing details about individual sender hosts. The default configuration keeps the reports in their original form. The &man.ping6.8; now uses exit status of 0 and 2 in the same manner as &man.ping.8;. The &man.ping6.8; now supports an -o flag, which makes &man.ping6.8; exit successfully after receiving one reply packet. The &man.ping6.8; now supports -r and -R flags, which are equivalent to &man.ping.8;'s -a and -A flags, respectively. The minimum allowed interval of &man.ping6.8; has been decreased to 0.000001 from 0.01. The &man.realpath.1; utility now supports a -q flag to suppress warnings and accepts multiple paths on its command line. The &man.rfcomm.pppd.8; now supports a -D flag to register DUN (Dial-Up Networking) service in addition to the LAN (LAN Access Using PPP) service. The &man.sdpd.8; now supports a NAP, GN, and PANU profiles. The &man.setkey.8; utility now accepts esp as a protocol name for the spdadd command. A bug in &man.telnetd.8; that caused it to attempt authentication even when -a off option is specified has been fixed. The &man.top.1; and &man.vmstat.8; commands now support -P flag which displays per-CPU statistics. The &man.uuid.enc.le.3;, &man.uuid.dec.le.3;, &man.uuid.enc.be.3;, and &man.uuid.dec.be.3; functions have been added. These functions encode/decode a binary representation of a UUID. The &man.watch.8; utility now supports more than 10 &man.snp.4; devices at a time. The &man.ypserv.8; daemon now supports a -P option to specify the port number on which it should listen. The &man.rc.conf.5; now supports dummynet_enable variable which allow &man.dummynet.4; kernel module to be loaded when firewall_enable is YES. The ntpd &man.rc.8; script can work with no configuration file /etc/ntp.conf now. The ppp &man.rc.8; script now supports multiple instances. For more details, see the description of ppp_profile variable in &man.rc.conf.5;. The sysctl &man.rc.8; script now supports loading /etc/sysctl.conf.local in addition to /etc/sysctl.conf. The &man.rc.conf.5; now supports configuration of interfaces and attached networks for firewall rule set by rc.firewall when firewall_type is simple or client. See firewall_client_net, firewall_simple_iif, firewall_simple_inet, firewall_simple_oif, and firewall_simple_onet. ISC BIND has been updated to version 9.6.1rc1. The ACPI-CA has been updated to 20090521. The ee (easy editor) has been updated to 1.5.0. This version is now licensed under a 2-clause BSD license, instead of the Artistic license. The hostapd has been updated to version 0.6.8 + radius ACL support. The less has been updated to version v436. The libarchive library has been updated to version 2.7.0. The libexpat library has been updated from version 1.95.5 to version 2.0.1. The ncurses library has been updated to version 5.7-20081102. OpenBSM 1.1 from Trusted BSD Project has been merged. TCPDUMP has been updated to 4.0.0. The timezone database has been updated to the tzdata2009f release. wpa_supplicant has been updated to version 0.6.8 The ZFS file system has been updated from version 6 to version 13. The am-utils has been updated from version 6.0.10p1 to version 6.1.5. The awk has been updated from 1 May 2007 release to the 23 October 2007 release. The bzip2 has been updated from version 1.0.4 to version 1.0.5. The CVS has been updated to version 1.11.22.1. NTP has been updated to version 4.2.4p5. OpenPAM has been updated from the Figwort release to the Hydrangea release. OpenSSH has been updated from version 4.5p1 to version 5.1p1. The &man.resolver.3; library has been updated to one of ISC BIND 9.4.3. sendmail has been updated from version 8.14.2 to version 8.14.3. A bug in the &man.pkg.create.1; utility, which prevented the -n flag from working has been fixed. The &os; Ports Collection now supports multiple &man.make.1; jobs in some supported ports. This is automatically enabled when a port is marked as MAKE_JOBS_SAFE and improves CPU utilization at the build stage by passing an option -jX to the top level Makefile from the vendor. The number X is set to the number of CPUs by default, and can be set by users via a &man.make.1; variable MAKE_JOBS_NUMBER. For more details, see ports/Mk/bsd.port.mk. The supported version of the GNOME desktop environment (x11/gnome2) has been updated to 2.26.3. The supported version of the KDE desktop environment (x11/kde4) has been updated to 4.3.1. Upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC or SMP kernels distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded has Internet connectivity. An older form of binary upgrade is supported through the Upgrade option from the main &man.sysinstall.8; menu on CDROM distribution media. This type of binary upgrade may be useful on non-&arch.i386;, non-&arch.amd64; machines or on systems with no Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.