The &os; Project $FreeBSD$ 2010 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This section describes the most user-visible new or changed features in &os; since &release.prev;. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from . Advisory Date Topic SA-09:15.ssl 3 Dec 2009 SSL protocol flaw SA-09:16.rtld 3 Dec 2009 Improper environment sanitization in &man.rtld.1; SA-09:17.freebsd-update 3 Dec 2009 Inappropriate directory permissions in &man.freebsd-update.8; SA-10:01.bind 6 Jan 2010 BIND &man.named.8; cache poisoning with DNSSEC validation SA-10:02.ntpd 6 Jan 2010 ntpd mode 7 denial of service SA-10:03.zfs 6 Jan 2010 ZFS ZIL playback with insecure permissions SA-10:04.jail 27 May 2010 Insufficient environment sanitization in &man.jail.8; SA-10:05.opie 27 May 2010 OPIE off-by-one stack overflow SA-10:06.nfsclient 27 May 2010 Unvalidated input in nfsclient SA-10:07.mbuf 13 July 2010 Lost mbuf flag resulting in data corruption The show mount command in the &man.ddb.4; debugger now prints active string mount options. Two commands to enable/disable read-ahead has been added to &man.fcntl.2; system call: F_READAHEAD specifies the amount for sequential access. The amount is specified in bytes and is rounded up to nearest block size. F_RDAHEAD is a Darwin compatible version that use 128KB as the sequential access size. Note that the read-ahead amount is also constrainted by sysctl variable vfs.read_max, which may need to be raised in order to better utilize this feature. The &man.lindev.4; driver has been added. This is for supporting various linux-specific pseudo devices such as /dev/full. Note that this is not included in GENERIC kernel. New SDT (Statically Defined Tracing) probes such as ones for opencrypto have been added to &os; &man.dtrace.1; subsystem. &os; now supports SMP in PowerPC G5 systems. Note that SMP support is disabled by default in GENERIC kernel. A bug in the &man.sched.ule.4; scheduler which prevented process usage (%CPU) from working correctly has been fixed. The VIMAGE &man.jail.8; virtualization container can work with &man.sctp.4; now. Note that the VIMAGE is not enabled by default in GENERIC kernel. A kernel environment variable vfs.root.mountfrom now supports multiple elements for root file system in a space-separated list. Each list element will be tried in order and the first available one will be mounted. The algorithm the &man.loader.8; uses has been improved to choose a memory range for its heap when using a range above 1MB. This fixes a symptom that the loader fails to load a kernel. The zfsloader has been added. This is a separate &man.zfs.8; enabled loader. Note that a ZFS bootcode (zfsboot or gptzfsboot) need to be installed to use this new loader. The zfsboot and gptzfsboot bootcode now fully support 64-bit LBAs for disk addresses. This allows booting from large volumes. The adb driver now supports for interpreting taps on ADB touchpads as a button click. The apt driver for the Apple Touchpad present on MacBook has been added to GENERIC kernel. The &man.uart.4; driver now supports NetMos NM9865 family of Serial/Parallel ports. The &man.bge.4; driver now supports 5761, 5784, and 57780-based devices. The &man.cxgb.4; driver has been updated to T3 firmware 7.8.0. The &man.msk.4; driver now supports Marvell Yukon 88E8042, 88E8057 devices and DGE-560SX (Yukon XL). The &man.re.4; driver no longer performs an unnecessary interface up/down during getting IP address via DHCP. The tsec(4) driver now supports &man.altq.4;. The &man.urtw.4; driver has been improved and now supports RTL8187B-based devices. IPcomp (IP Payload Compression Protocol defined in RFC 2393) protocol is now enabled by default. Note that this requires option IPSEC in the kernel configuration file and GENERIC kernel does not include it. This functionality can be disabled by using a sysctl variable net.inet.ipcomp.ipcomp_enable. IPv6 sockets in Linux emulation environment are unconditionally set as IPV6_V6ONLY regardless of net.inet6.ip6.v6only sysctl variable. The &man.gmirror.8; utility now supports configure -p priority command to change the providers priority. The balancing mode algorithm load used in the &man.gmirror.8; utility has been changed and it is now the default one instead of split: Instead of measuring last request execution time for each drive and choosing one with smallest time, use averaged number of requests, running on each drive. This information is more accurate and timely. It allows to distribute load between drives in more even and predictable way. For each drive track offset of the last submitted request. If new request offset matches previous one or close for some drive, prefer that drive. It allows to significantly speedup simultaneous sequential reads. A new kernel option option ATA_CAM has been added. This turns &man.ata.4; controller drivers into &man.cam.4; interface modules. When enabled, this option deprecates all &man.ata.4; peripheral drivers and interfaces such as ad and acd, and allows &man.cam.4; drivers ada, and cd and interfaces to be natively used instead. Note that this is not enabled by default in the GENERIC kernel. A bug in the &man.ata.4; driver which can lead to interrupt storms and command timeouts. USB mass storage device support in the &man.ata.4; driver has been removed. Note that this was not used in GENERIC kernel and the &man.umass.4; driver supports such devices for a long time. The &man.ahd.4; driver now supports three separated error counters for correctable, uncorrectable, and fatal, in &man.sysctl.8; MIB. SATA and PATA support of &os; &man.cam.3; SCSI framework has been improved and it now recognizes more detail device capabilities. For example, the &man.ahci.4; and &man.siis.4; driver now reports maximum tag number to the framework to optimize the NCQ handling. A bug in &man.bsnmpd.1; program which leads to high CPU consumption on a loaded system has been fixed. A bug in &man.bzip2.1; utility which prevented it from working with multi-session bzip2 files. A bug in &man.ee.1; utility which can crash the program has been fixed. A bug in &man.factor.6; utility which leads to performance degradation has been fixed. A bug in &man.fetch.1; utility which incorrectly evaluates a variable NO_PROXY has been fixed. The &man.ifconfig.8; utility now supports manipulation of NDP flags handled by &man.ndp.8;. The &man.ntpd.8; program no longer tries to bind to an IPv6 anycast address. The &man.unifdef.1; utility has been updated to version 1.188. It now supports a new -B flag to compress blank lines around a deleted section to prevent blank lines around paragraphs of code from getting doubled. A new errno ENOTCAPABLE has been added. This is to be returned when a process requests an operation on a file descriptor that is not authorized by the descriptor's capability flags. A new rc.d script static_arp has been added. This allows the administrator to statically define mappings of MAC address to IPv4 at boot time. See also the &man.rc.conf.5; manual page for more details. ISC BIND has been updated to version 9.6.1-P2. The supported version of the GNOME desktop environment (x11/gnome2) has been updated to 2.28.2. The supported version of the KDE desktop environment (x11/kde4) has been updated to 4.4.3. Upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC kernel distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded has Internet connectivity. An older form of binary upgrade is supported through the Upgrade option from the main &man.sysinstall.8; menu on CDROM distribution media. This type of binary upgrade may be useful on non-&arch.i386;, non-&arch.amd64; machines or on systems with no Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.