%release;
drill1">
freebsd-version1">
jemalloc3">
bhyve4">
nvme4">
virtio4">
virtio_balloon4">
virtio_blk4">
virtio_scsi4">
vmx4">
pkg7">
bhyve8">
gptboot8">
bsdconfig8">
unbound8">
]>
&os; &release.current; Release NotesThe &os; Project$FreeBSD$200020012002200320042005200620072008200920102011201220132014The &os; Documentation
Project
&tm-attrib.freebsd;
&tm-attrib.ibm;
&tm-attrib.ieee;
&tm-attrib.intel;
&tm-attrib.sparc;
&tm-attrib.general;
The release notes for &os; &release.current; contain
a summary of the changes made to the &os; base system on the
&release.branch; development line. This document lists
applicable security advisories that were issued since the last
release, as well as significant changes to the &os; kernel and
userland. Some brief remarks on upgrading are also
presented.IntroductionThis document contains the release notes for &os;
&release.current;. It describes recently added, changed, or
deleted features of &os;. It also provides some notes on
upgrading from previous versions of &os;.The latest, up-to-date version of the release notes are
available online at &release.url;10.0R/relnotes.html.The &release.type; distribution to which
these release notes apply represents the latest point along the
&release.branch; development branch since &release.branch; was
created. Information regarding pre-built, binary &release.type;
distributions along this branch can be found at &release.url;.The &release.type; distribution to
which these release notes apply represents a point along the
&release.branch; development branch between &release.prev; and the
future &release.next;. Information regarding pre-built, binary
&release.type; distributions along this branch can be found at
&release.url;.This distribution of &os;
&release.current; is a &release.type; distribution. It can be
found at &release.url; or
any of its mirrors. More information on obtaining this (or other)
&release.type; distributions of &os; can be found in the Obtaining
&os; appendix to the &os; Handbook.All users are encouraged to consult the release errata before
installing &os;. The errata document is updated with
late-breaking information discovered late in the
release cycle or after the release. Typically, it contains
information on known bugs, security advisories, and corrections to
documentation. An up-to-date copy of the errata for &os;
&release.current; can be found on the &os; Web site.What's NewThis section describes the most user-visible new or changed
features in &os; since &release.prev;. In general, changes
described here are unique to the &release.branch; branch unless
specifically marked as &merged; features.Typical release note items document recent security advisories
issued after &release.prev;, new drivers or hardware support, new
commands or options, major bug fixes, or contributed software
upgrades. They may also list changes to major ports/packages or
release engineering practices. Clearly the release notes cannot
list every single change made to &os; between releases; this
document focuses primarily on security advisories, user-visible
changes, and major architectural improvements.Security AdvisoriesProblems described in the following security advisories have
been fixed. For more information, consult the individual
advisories available from
FreeBSD
Security Information.AdvisoryDateTopicSA-13:14.openssh19 November 2013OpenSSH AES-GCM memory corruption
vulnerabilitySA-14:01.bsnmpd14 January 2014bsnmpd remote denial of service vulnerabilitySA-14:02.ntpd14 January 2014ntpd distributed reflection Denial of Service vulnerabilitySA-14:03.openssl14 January 2014OpenSSL multiple vulnerabilitiesSA-14:04.bind14 January 2014BIND remote denial of service vulnerabilityKernel ChangesThe use of unmapped VMIO buffers
eliminates the need to perform TLB shootdown for mapping on
buffer creation and reuse, greatly reducing the amount of IPIs
for shootdown on big-SMP machines and eliminating up to 25-30%
of the system time on i/o intensive workloads.The maximum amount of memory
the &os; kernel can address has been increased from 1TB to
4TB.A new &man.cpuset.2; API has been added for thread to CPU
binding and CPU resource grouping and assignment. The
&man.cpuset.1; userland utility has been added to allow
manipulation of processor sets.The &man.ddb.4; kernel debugger now has an
output capture facility. Input and output from &man.ddb.4; can
now be captured to a memory buffer for later inspection using
&man.sysctl.8; or a textdump. The new
capture command controls this feature.The &man.ddb.4; debugger now supports a simple
scripting facility, which supports a set of named scripts
consisting of a set of &man.ddb.4; commands. These commands can
be managed from within &man.ddb.4; or with the use of the new
&man.ddb.8; utility. More details can be found in the
&man.ddb.4; manual page.The kernel now supports a new textdump format
of kernel dumps. A textdump provides higher-level information
via mechanically generated/extracted debugging output, rather
than a simple memory dump. This facility can be used to
generate brief kernel bug reports that are rich in debugging
information, but are not dependent on kernel symbol tables or
precisely synchronized source code. More information can be
found in the &man.textdump.4; manual page.Kernel support for M:N threading has been removed. While
the KSE (Kernel Scheduled Entities) project was quite successful
in bringing threading to FreeBSD, the M:N approach taken by the
KSE library was never developed to its full potential.
Backwards compatibility for applications using KSE threading
will be provided via &man.libmap.conf.5; for dynamically linked
binaries. The &os; Project greatly appreciates the work of
&a.julian;, &a.deischen;, and &a.davidxu; on KSE support.The &os; kernel now exports information about certain kernel
features via the kern.features sysctl tree.
The &man.feature.present.3; library call provides a convenient
interface for user applications to test the presence of
features.The &os; kernel now has support for large
memory page mappings (superpages).The ULE
scheduler is now the default process scheduler
in GENERIC kernels.Support was added for
the new Intel on-CPU Bull Mountain random number
generator, found on IvyBridge and supposedly later CPUs,
accessible with the RDRAND instruction.Virtualization supportThe BSD Hypervisor,
&man.bhyve.8; is included with &os;. &man.bhyve.8; requires
Intel CPUs with VT-x and Extended Page Table (EPT) support.
These features are on all Nehalem models and beyond (e.g.
Nehalem and newer), but not on the lower-end Atom CPUs.&man.virtio.4; support has been added.
&man.virtio.4; is the name for the paravirtualization
interface developed for the Linux KVM, but since adopted to
other virtual machine hypervisors (with the notable exception
of Xen). This work brings in a BSD-licensed clean-room
implementation of the virtio kernel drivers for disk IO
(&man.virtio_blk.4; and &man.virtio_scsi.4;), network IO
(&man.vtnet.4;), memory ballooning (&man.virtio_balloon.4;),
and PCI. Tested with on Qemu/KVM, VirtualBox, and
&man.bhyve.4;.Paravirtualized
drivers which support Microsoft Hyper-V have been imported and
made part of the amd64 GENERIC kernel. For i386, these
drivers are not part of GENERIC, so the following lines must
be added to /boot/loader.conf to load
these drivers:hv_ata_pci_disengage_load="YES"
hv_netsvc_load="YES"
hv_utils_load="YES"
hv_vmbus_load="YES"Alternatively, the Hyper-V drivers can be added to the
i386 kernel by adding device hyperv to the
kernel config, and then recompiling the kernel. Please refer
to FreeBSD
and Microsoft Windows Server Hyper-V support for full
instructions on how to set up Hyper-V support under
FreeBSD.The &man.vmx.4; driver has been added.
&man.vmx.4; is a VMware VMXNET3 ethernet driver ported from
OpenBSD.Xen PVHVM
virtualization is now part of the GENERIC kernel.ARM supportRaspberry PI support has been added.
Refer to these setup
instructions and this quick
start guide.The default ABI on ARM is now the ARM
EABI. This brings a number of improvements and allows future
support for VFP and Thumb-2.ARM support has been greatly improved,
including support for ARMv6 and ARMv7, SMP and thread-local
storage (TLS). Additionally support for some newer SoC like
the MV78x60 and OMAP4 was added. See the announcement
for further details.Superpages support on ARM has been
added. Superpages support provides improved performance and
scalability by allowing TLB translations to dynamically cover
large physical memory regions. All ARMv6 and ARMv7-based
platforms can take advantage of this feature. See the ARM
Superpages status page for further details.Boot Loader ChangesThe BTX kernel used by the
boot loader has been changed to invoke BIOS routines from real
mode. This change makes it possible to boot &os; from USB
devices.A new &man.gptboot.8; boot
loader has been added to support booting from a GPT labeled
disk. A new boot command has been added to
&man.gpart.8;, which makes a GPT disk bootable by writing the
required bits of the boot loader, creating a new boot
partition if required.Hardware SupportThe &man.cmx.4; driver, a driver for Omnikey
CardMan 4040 PCMCIA smartcard readers, has been added.The &man.syscons.4; driver now supports the Colemak
keyboard layout.The &man.uslcom.4; driver, a driver for
Silicon Laboratories CP2101/CP2102-based USB serial adapters,
has been imported from OpenBSD.Multimedia SupportSupport for version 2.0 of the USB
Audio reference design has been added. New devices should
support higher bandwidth, increased sampling frequency and
wider dynamic range.Network Interface SupportThe &man.ale.4; driver has been added to provide support
for Atheros AR8121/AR8113/AR8114 Gigabit/Fast Ethernet
controllers.The &man.em.4; driver has been split into two drivers
with some common parts. The &man.em.4; driver will continue
to support adapters up to the 82575, as well as new
client/desktop adapters. A new &man.igb.4; driver
will support new server adapters.The &man.jme.4; driver has been added to provide support
for PCIe network adapters based on JMicron JMC250 Gigabit
Ethernet and JMC260 Fast Ethernet controllers.The &man.malo.4; driver has been added to provide
support for Marvell Libertas 88W8335 based PCI network
adapters.The firmware for the &man.mxge.4; driver has been
updated from 1.4.25 to 1.4.29.The &man.sf.4; driver has been overhauled to improve its
performance and to add support for checksum offloading. It
should also work on all architectures.The &man.re.4; driver has been overhauled to fix a
number of issues. This driver now has Wake On LAN (WOL)
support.The &man.vr.4; driver has been overhauled to fix a
number of outstanding issues. It also now works on all
architectures.The &man.wpi.4; driver has
been updated to include a number of stability fixes.The &man.cxgbe.4; driver has been
updated to support 40G/10G Ethernet NICs based on Chelsio's
Terminator 5 (T5) ASIC.The iw_cxgbe driver has been
added. This is an experimental iWARP/RDMA driver (kernel
verbs only) for Chelsio's T4 and T5 based cards.The Open Fabrics Enterprise
Distribution (OFED) and OFED Infiniband core has been
updated to the same version as supplied by Linux version
3.7The Mellanox Infiniband driver has
been updated to firmware version 2.30.3200 for ConnectX3
NICs. Support has been added for ConnectX3 VPI NICs, where
each port can be used as Infiniband 56 GB/s or Ethernet 40
GB/s. Support has been added for dynamically loading kernel
modules for Infiniband core (ibcore) and IP over Infiniband
(ipoib).&man.netmap.4; has been added.
&man.netmap.4; is a framework for high-performance
direct-to-hardware packet IO, offering low latency and high
PPS rates to userland applications while bypassing any
kernel-side packet processing. With &man.netmap.4; it is
trivially possible to fully saturate a 10 Gbps network
interface with minimal packet sizes. For more information,
see: Netmap
Project.Network Protocols&man.carp.4; has been rewritten to make
addresses more sane from the viewpoint of routing daemons such
as quagga/zebra. It also brings support for a single redundant
address on the subnet (carpdev), switching state with
&man.ifconfig.8;, better locking and using modern kernel
interfaces to allocate multicast memberships. Configuration
of the CARP protocol via &man.ifconfig.8; has changed, as well
as the format of CARP events submitted to &man.devd.8;. See
&man.carp.4; for more information. The arpbalance feature of
&man.carp.4; is currently not supported anymore.The &man.pf.4; firewall now supports
fine-grain locking and better utilization on multi-CPU
machines, resulting in significant improvements in
performance.Support for up to 65536 routing tables
has been introduced.Support for setting/matching
differentiated services codepoints (DSCP) in IP header has
been added to &man.ipfw.8;.Disks and StorageThe &man.aac.4; driver now supports volumes
larger than 2TB in size.The &man.ata.4; driver now supports a spindown command for
disks; after a configurable amount of time, if no requests
have been received for a disk, the disk will be spun down
until the next request. The &man.atacontrol.8; utility now
supports a spindown command to configure
this feature.The &man.hptrr.4; driver has been updated to
version 1.2 from Highpoint.&man.nvme.4; has been added and provides
NVM Express support. NVM Express is an optimized register
interface, command set and feature set of PCI Express
(PCIe)-based Solid-State Drives (SSDs). For more information,
see nvmexpress.org.File SystemsA new kernel-based iSCSI target and
initiator has been added.UFS filesystems can now be enlarged with
&man.growfs.8; while mounted read-write. This is especially
useful for virtual machines, allowing the addition of more
harddrive space without interruption of service.A state of the art FUSE implementation
is now part of the base system. It allows the use of nearly
all fusefs file systems.ZFS&man.bsdinstall.8; now supports installing
ZFS on the root file system. It includes a single
configuration menu that allows you to select all of the
required details, including which drives to use, what ZFS
RAID level to use (taking into consideration the selected
number of drives), GPT or MBR, GELI encryption, forcing 4K
sectors, pool name, etc.TRIM support has been added for
ZFS.Support for the high-performance LZ4
compression algorithm has been added to ZFS. LZ4 is usually
faster and can achieve a higher compression ratio than LZJB,
the default compression algorithm.Support for L2ARC compression has been
added to ZFS.The zio nop-write improvement from
Illumos was imported into &os;. To reduce I/O, nop-write
skips overwriting data if the (cryptographically secure)
checksum of new data matches the checksum of existing data.
It also saves space if snapshots are in use. This
improvement only works on datasets with enabled compression,
disabled deduplication and sha256 checksums. ZFS will now
compare the checksums of incoming writes to the checksum of
the existing on-disk data and avoid issuing any write I/O
for data that has not changed. This will reduce I/O as well
as space usage because if the old block is referenced by
a snapshot, both copies of the block are kept even though
both contain the same data.Userland ChangesOn platforms where &man.clang.1; is the default
system compiler (such as i386, amd64, arm), GCC and GNU libstdc++ are no
longer built by default. &man.clang.1; and libc++ from LLVM are used on
these platforms by instead. GCC 4.2.1 and libstdc++ are still built
and used by default on pc98 and all other platforms where &man.clang.1;
is not the default system compiler.&man.clang.1; and llvm have been updated to
version 3.3 release. Please refer to
Clang 3.3 Release Notes.BIND has been replaced by
&man.unbound.8; for local DNS resolution in the base system.
With this change, nslookup and dig are no longer a part of the
base system. Users should instead use &man.host.1; and
&man.drill.1; Alternatively, nslookup and dig can be obtained by
installing the dns/bind-tools port.sysinstall has been removed from the base
system. Auxiliary libraries and tools used by sysinstall such
as libdisk, libftpio, and sade have also been removed.
sysinstall has been replaced by &man.bsdinstall.8; and
&man.bsdconfig.8;.&man.freebsd-version.1; has been added.
This tool makes a best effort to determine the version and patch
level of the installed kernel and userland.GNU patch has been removed from the base
system, and replaced by a BSD-licensed &man.patch.1;
program.GNU sort has been removed from the base
system, and replaced by a BSD-licensed &man.sort.1;
program.Berkely yacc (byacc) has been imported
from invisible
island. This brings bison compatibilities to
&man.yacc.1; while preserving full backwards compatibility with
previous version of &man.yacc.1;.&man.lex.1; has been replaced by flex
2.5.37.&man.make.1; has been replaced with the
Portable BSD make tool (bmake) from
NetBSD.The &man.adduser.8; utility now supports
a option to set the mode of a new user's
home directory.BSD-licensed versions of &man.ar.1; and &man.ranlib.1;,
based on &man.libarchive.3;, have replaced the GNU Binutils
versions of these utilities.BSD-licensed versions of &man.bc.1; and &man.dc.1; have
replaced their GNU counterparts.&man.chflags.1; now supports
a flag for verbose output and
a flag to ignore errors with the same
semantics as (for example) &man.chmod.1;.For compatibility with other implementations, &man.cp.1; now
supports a flag, which is equivalent to
specifying the flags.BSD-licensed version of &man.cpio.1; based on
&man.libarchive.3;, has replaced the GNU cpio. Note that the
GNU cpio is still installed as
gcpio.The &man.env.1; program now supports which will completely
unset the given variable name by
removing it from the environment, instead of just setting it to
a null value.The &man.fdopendir.3; library function has been
added.The &man.fetch.3; library now supports HTTP
1.1 If-Modified-Since behavior. The &man.fetch.1; program now
supports
which will only download the specified HTTP URL if the content
is newer than filename.&man.find.1; has been enhanced by the addition of a number
of primaries that were present in GNU find but not &os;
&man.find.1;.&man.kgdb.1; now supports a new add-kld
command to make it easier to debug crash dumps with kernel
modules.The &man.ls.1; program now supports a
option to specify a date format string to be used with the long
format () output.&man.nc.1; now supports a switch to
disable the use of TCP options.&man.nc.1;'s switch has been deprecated.
It will be removed in a future release.The &man.ping6.8; utility now returns 2
when the packet transmission was successful but no responses
were received (this is the same behavior as &man.ping.8;).
It returned a non-zero value before this change.The &man.procstat.1; utility has been added to display
detailed information about processes.The &man.realpath.1; utility now supports
a flag to suppress warnings; it now also
accepts multiple paths on its command line.&man.sh.1; has many bug fixes, some new features, and will
now refuse to parse some invalid scripts. Additionally, it now
has filename completion and defaults to the emacs
editing mode.The &man.split.1; utility now supports a
flag to split a file into a certain number of chunks.The &man.tar.1; utility now supports a
flag to enable &man.compress.1;-style
compression/decompression.The &man.tar.1; utility now supports a
flag to ignore user/group names
on create and extract.The &man.tar.1; utility now supports the
flag to sparsify files on extraction.The &man.tar.1; utility now supports a
flag to substitute filenames based on the specified regular
expression.The &man.tcgetsid.3; library function has been added to
return the process group ID for the session leader for the
controlling terminal. It is defined in IEEE Std 1003.1-2001
(POSIX).&man.top.1; now supports a flag to
provide per-CPU usage statistics.&man.zdump.8; is now working properly on 64-bit
architectures.&man.traceroute.8; now has the ability to print the AS
number for each hop with the new switch; a
new option allows selecting a particular
WHOIS server.&man.traceroute6.8; now supports a flag
to send probe packets with no upper-layer protocol, rather than
the usual UDP probe packets./etc/rc.d ScriptsThe followoing &man.rc.8; scripts have been added:&man.rc.8; ScriptFunctionctldiSCSI target daemon startup
scriptiscsictliSCSI initiator management utility
startup scriptiscsidiSCSI initiatior daemon startup
scriptkfdKerberos ticket forwarding daemon
startup scriptlocal_unboundUnbound startup script for the local
caching resolverpostrandomGenerates a new entropy file at system
bootswapReplaces swap1;
enable swap at system bootswaplateEnables swap with late
set at system bootutxUser accounting database startup and
shutdown scriptThe following &man.rc.8; scripts have been removed:&man.rc.8; ScriptReasonencswapReplaced by swap and
swaplatenamedRemoved with
BINDswap1Replaced by swap and
swaplateContributed Software&man.jemalloc.3; has been updated to
3.4.0. See this
link for more details.AMD has been
updated from 6.0.10 to 6.1.5.awk has been
updated from the 1 May
2007 release to the 23 October 2007 release.bzip2 has been
updated from 1.0.4 to 1.0.5.CVS has been
removed from the base system, but is still available from Ports
Collection.Subversion has been imported into the base
system and is installed as svnlite.
svnlite should only be used for
checking out the &os; source trees and committing, and does not
replace the full Subversion port.file has been
updated to 5.11.hostapd has
been updated from 0.5.8 to 0.5.10.IPFilter has been updated to
5.1.2.less has been
updated to v458.ncurses has been updated to
5.7-20081102.OpenSSH has been
updated to 6.4.OpenPAM has
been updated to the Micrampelis release.sendmail has been
updated from 8.14.1 to 8.14.7.The timezone database has been updated from
the tzdata2008h release to
the tzdata2009m release.The stdtime part of libc, &man.zdump.8; and &man.zic.8; have
been updated from the tzcode2004a
release to the tzcode2009h release.
If you have upgraded from source or via the
&man.freebsd-update.8;, then please run &man.tzsetup.8; to
install a new /etc/localtime.WPA Supplicant
has been updated to 2.0.xz has been updated
from snapshot as of 12 April 2010 to 5.0.0.&man.nvi.1; has been updated
to 2.1.2.&man.nvi.1; supports wide-character
locales.Ports/Packages Collection InfrastructureThe pkg_add, pkg_create, pkg_delete,
pkg_info, pkg_updating, and pkg_version utilities have been
removed. &man.pkg.7; must now be used to install binary
packages. &man.pkg.7; is the next generation &os; package
manager, also referred to as pkgng.Release Engineering and IntegrationThe supported version of
the GNOME desktop environment
(x11/gnome2) has been
updated from 2.20.1 to 2.22.Upgrading from previous releases of &os;Beginning with &os; 6.2-RELEASE, binary
upgrades between RELEASE versions (and snapshots of the various
security branches) are supported using the &man.freebsd-update.8;
utility. The binary upgrade procedure will update unmodified
userland utilities, as well as unmodified GENERIC or SMP kernels
distributed as a part of an official &os; release. The
&man.freebsd-update.8; utility requires that the host being
upgraded have Internet connectivity.Source-based upgrades (those based on recompiling the &os;
base system from source code) from previous versions are
supported, according to the instructions in
/usr/src/UPDATING.Upgrading &os; should, of course, only be attempted after
backing up all data and configuration
files.