1 Updating Information for FreeBSD current users.
3 This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>.
4 See end of file for further details. For commonly done items, please see the
5 COMMON ITEMS: section later in the file. These instructions assume that you
6 basically know what you are doing. If not, then please consult the FreeBSD
9 https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-src.html
11 Items affecting the ports and packages system can be found in
12 /usr/ports/UPDATING. Please read that file before running portupgrade.
14 NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping
15 from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
16 the tip of head, and then rebuild without this option. The bootstrap process
17 from older version of current across the gcc/clang cutover is a bit fragile.
19 20181127 p5 FreeBSD-SA-18:13.nfs
21 FreeBSD-EN-18:14.tzdata
22 FreeBSD-EN-18:15.loader
24 Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs]
26 Fix ICMP buffer underwrite. [EN-18:13.icmp]
28 Timezone database information update. [EN-18:14.tzdata]
30 Fix deferred kernel loading breaks loader password. [EN-18:15.loader]
32 20180927 p4 FreeBSD-EN-18:09.ip
33 FreeBSD-EN-18:10.syscall
34 FreeBSD-EN-18:11.listen
37 Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]
39 Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]
41 Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]
43 Fix small kernel memory disclosures. [EN-18:12.mem]
45 20180912 p3 FreeBSD-SA-18:12.elf
46 FreeBSD-EN-18:08.lazyfpu
48 Fix improper elf header parsing. [SA-18:12.elf]
50 Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu]
52 20180814 p2 FreeBSD-SA-18:08.tcp [revised]
55 FreeBSD-SA-18:11.hostapd
57 Revise manual pages. [SA-18:08.tcp]
59 Fix L1 Terminal Fault (L1TF) kernel information disclosure.
62 Fix resource exhaustion in IP fragment reassembly. [SA-18:10.ip]
64 Fix unauthenticated EAPOL-Key decryption vulnerability.
67 20180806 p1 FreeBSD-SA-18:08.tcp
69 Fix resource exhaustion in TCP reassembly.
75 The tz database (tzdb) has been updated to 2018e. This version more
76 correctly models time stamps in time zones with negative DST such as
77 Europe/Dublin (from 1971 on), Europe/Prague (1946/7), and
78 Africa/Windhoek (1994/2017). This does not affect the UT offsets, only
79 time zone abbreviations and the tm_isdst flag.
82 The use of RSS hash from the network card aka flowid has been
83 disabled by default for lagg(4) as it's currently incompatible with
84 the lacp and loadbalance protocols.
86 This can be re-enabled by setting the following in loader.conf:
87 net.link.lagg.default_use_flowid="1"
90 Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to
91 6.0.0. Please see the 20141231 entry below for information about
92 prerequisites and upgrading, if you are not already using clang 3.5.0
96 The LOADER_FIREWIRE_SUPPORT build variable as been renamed to
97 WITH/OUT_LOADER_FIREWIRE. LOADER_{NO_,}GELI_SUPPORT has been renamed
98 to WITH/OUT_LOADER_GELI.
101 The geli password typed at boot is now hidden. To restore the previous
102 behavior, see geli(8) for configuration options.
104 The SW_WATCHDOG option is no longer necessary to enable the
105 hardclock-based software watchdog if no hardware watchdog is
106 configured. As before, SW_WATCHDOG will cause the software
107 watchdog to be enabled even if a hardware watchdog is configured.
110 lint(1) binaries and library are no longer built by default. To
111 enable building them, define WITH_LINT in src.conf. If you are using
112 a FreeBSD 12 or later system to build 11-stable, you may need to
113 install a lint(1) binary to use WITH_LINT.
116 When building multiple kernels using KERNCONF, non-existent KERNCONF
117 files will produce an error and buildkernel will fail. Previously
118 missing KERNCONF files silently failed giving no indication as to
119 why, only to subsequently discover during installkernel that the
120 desired kernel was never built in the first place.
123 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 5.0.0.
124 Please see the 20141231 entry below for information about prerequisites
125 and upgrading, if you are not already using clang 3.5.0 or higher.
128 Since the switch to GPT disk labels, fsck for UFS/FFS has been
129 unable to automatically find alternate superblocks. As of r322806,
130 the information needed to find alternate superblocks has been
131 moved to the end of the area reserved for the boot block.
132 Filesystems created with a newfs of this vintage or later
133 will create the recovery information. If you have a filesystem
134 created prior to this change and wish to have a recovery block
135 created for your filesystem, you can do so by running fsck in
136 forground mode (i.e., do not use the -p or -y options). As it
137 starts, fsck will ask ``SAVE DATA TO FIND ALTERNATE SUPERBLOCKS''
138 to which you should answer yes.
141 arm64 builds now use the base system LLD 4.0.0 linker by default,
142 instead of requiring that the aarch64-binutils port or package be
143 installed. To continue using aarch64-binutils, set
144 CROSS_BINUTILS_PREFIX=/usr/local/aarch64-freebsd/bin .
147 The ctl.ko module no longer implements the iSCSI target frontend:
148 cfiscsi.ko does instead.
150 If building cfiscsi.ko as a kernel module, the module can be loaded
151 via one of the following methods:
152 - `cfiscsi_load="YES"` in loader.conf(5).
153 - Add `cfiscsi` to `$kld_list` in rc.conf(5).
154 - ctladm(8)/ctld(8), when compiled with iSCSI support
155 (`WITH_ISCSI=yes` in src.conf(5))
157 Please see cfiscsi(4) for more details.
160 The mmcsd.ko module now additionally depends on geom_flashmap.ko.
161 Also, mmc.ko and mmcsd.ko need to be a matching pair built from the
162 same source (previously, the dependency of mmcsd.ko on mmc.ko was
163 missing, but mmcsd.ko now will refuse to load if it is incompatible
167 Binds and sends to the loopback addresses, IPv6 and IPv4, will now
168 use any explicitly assigned loopback address available in the jail
169 instead of using the first assigned address of the jail.
172 As of r316810 for ipfilter, keep frags is no longer assumed when
173 keep state is specified in a rule. r316810 aligns ipfilter with
174 documentation in man pages separating keep frags from keep state.
175 This allows keep state to specified without forcing keep frags
176 and allows keep frags to be specified independently of keep state.
177 To maintain previous behaviour, also specify keep frags with
178 keep state (as documented in ipf.conf.5).
181 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 4.0.0.
182 Please see the 20141231 entry below for information about prerequisites
183 and upgrading, if you are not already using clang 3.5.0 or higher.
186 The code that provides support for ZFS .zfs/ directory functionality
187 has been reimplemented. It's not possible now to create a snapshot
188 by mkdir under .zfs/snapshot/. That should be the only user visible
192 Many changes in the IPsec code have been merged from the FreeBSD-CURRENT
193 branch. The IPSEC_FILTERTUNNEL kernel option is removed in favour of
194 corresponding sysctl. The IPSEC_NAT_T kernel option is also removed,
195 and now NAT-T is supported by default. Security associations now use
196 the single namespace for SPI allocation, so if you use several manually
197 configured security associations with the same SPI, this configuration
201 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.1.
202 Please see the 20141231 entry below for information about prerequisites
203 and upgrading, if you are not already using clang 3.5.0 or higher.
206 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.0.
207 Please see the 20141231 entry below for information about prerequisites
208 and upgrading, if you are not already using clang 3.5.0 or higher.
211 The layout of the pmap structure has changed for powerpc to put the pmap
212 statistics at the front for all CPU variations. libkvm(3) and all tools
213 that link against it need to be recompiled.
216 isl(4) and cyapa(4) drivers now require a new driver,
217 chromebook_platform(4), to work properly on Chromebook-class hardware.
218 On other types of hardware the drivers may need to be configured using
219 device hints. Please see the corresponding manual pages for details.
222 Relocatable object files with the extension of .So have been renamed
223 to use an extension of .pico instead. The purpose of this change is
224 to avoid a name clash with shared libraries on case-insensitive file
225 systems. On those file systems, foo.So is the same file as foo.so.
228 The libc stub for the pipe(2) system call has been replaced with
229 a wrapper that calls the pipe2(2) system call and the pipe(2)
230 system call is now only implemented by the kernels that include
231 "options COMPAT_FREEBSD10" in their config file (this is the
232 default). Users should ensure that this option is enabled in
233 their kernel or upgrade userspace to r302092 before upgrading their
237 CAM will now strip leading spaces from SCSI disks' serial numbers.
238 This will effect users who create UFS filesystems on SCSI disks using
239 those disk's diskid device nodes. For example, if /etc/fstab
240 previously contained a line like
241 "/dev/diskid/DISK-%20%20%20%20%20%20%20ABCDEFG0123456", you should
242 change it to "/dev/diskid/DISK-ABCDEFG0123456". Users of geom
243 transforms like gmirror may also be affected. ZFS users should
247 The bitstring(3) API has been updated with new functionality and
248 improved performance. But it is binary-incompatible with the old API.
249 Objects built with the new headers may not be linked against objects
250 built with the old headers.
253 The brk and sbrk functions have been removed from libc on arm64.
254 Binutils from ports has been updated to not link to these
255 functions and should be updated to the latest version before
256 installing a new libc.
259 The armv6 port now defaults to hard float ABI. Limited support
260 for running both hardfloat and soft float on the same system
261 is available using the libraries installed with -DWITH_LIBSOFT.
262 This has only been tested as an upgrade path for installworld
263 and packages may fail or need manual intervention to run. New
264 packages will be needed.
266 To update an existing self-hosted armv6hf system, you must add
267 TARGET_ARCH=armv6 on the make command line for both the build
268 and the install steps.
271 Kernel modules compiled outside of a kernel build now default to
272 installing to /boot/modules instead of /boot/kernel. Many kernel
273 modules built this way (such as those in ports) already overrode
274 KMODDIR explicitly to install into /boot/modules. However,
275 manually building and installing a module from /sys/modules will
276 now install to /boot/modules instead of /boot/kernel.
279 The CAM I/O scheduler has been committed to the kernel. There should be
280 no user visible impact. This does enable NCQ Trim on ada SSDs. While the
281 list of known rogues that claim support for this but actually corrupt
282 data is believed to be complete, be on the lookout for data
283 corruption. The known rogue list is believed to be complete:
285 o Crucial MX100, M550 drives with MU01 firmware.
286 o Micron M510 and M550 drives with MU01 firmware.
287 o Micron M500 prior to MU07 firmware
288 o Samsung 830, 840, and 850 all firmwares
289 o FCCT M500 all firmwares
291 Crucial has firmware http://www.crucial.com/usa/en/support-ssd-firmware
292 with working NCQ TRIM. For Micron branded drives, see your sales rep for
293 updated firmware. Black listed drives will work correctly because these
294 drives work correctly so long as no NCQ TRIMs are sent to them. Given
295 this list is the same as found in Linux, it's believed there are no
296 other rogues in the market place. All other models from the above
299 To be safe, if you are at all concerned, you can quirk each of your
300 drives to prevent NCQ from being sent by setting:
301 kern.cam.ada.X.quirks="0x2"
302 in loader.conf. If the drive requires the 4k sector quirk, set the
306 The FAST_DEPEND build option has been removed and its functionality is
307 now the one true way. The old mkdep(1) style of 'make depend' has
308 been removed. See 20160311 for further details.
311 Resource range types have grown from unsigned long to uintmax_t. All
312 drivers, and anything using libdevinfo, need to be recompiled.
315 WITH_FAST_DEPEND is now enabled by default for in-tree and out-of-tree
316 builds. It no longer runs mkdep(1) during 'make depend', and the
317 'make depend' stage can safely be skipped now as it is auto ran
318 when building 'make all' and will generate all SRCS and DPSRCS before
319 building anything else. Dependencies are gathered at compile time with
320 -MF flags kept in separate .depend files per object file. Users should
321 run 'make cleandepend' once if using -DNO_CLEAN to clean out older
325 On amd64, clang 3.8.0 can now insert sections of type AMD64_UNWIND into
326 kernel modules. Therefore, if you load any kernel modules at boot time,
327 please install the boot loaders after you install the kernel, but before
331 make kernel KERNCONF=YOUR_KERNEL_HERE
332 make -C sys/boot install
333 <reboot in single user>
335 Then follow the usual steps, described in the General Notes section,
339 Clang, llvm, lldb and compiler-rt have been upgraded to 3.8.0. Please
340 see the 20141231 entry below for information about prerequisites and
341 upgrading, if you are not already using clang 3.5.0 or higher.
344 The AIO subsystem is now a standard part of the kernel. The
345 VFS_AIO kernel option and aio.ko kernel module have been removed.
346 Due to stability concerns, asynchronous I/O requests are only
347 permitted on sockets and raw disks by default. To enable
348 asynchronous I/O requests on all file types, set the
349 vfs.aio.enable_unsafe sysctl to a non-zero value.
352 The ELF object manipulation tool objcopy is now provided by the
353 ELF Tool Chain project rather than by GNU binutils. It should be a
354 drop-in replacement, with the addition of arm64 support. The
355 (temporary) src.conf knob WITHOUT_ELFCOPY_AS_OBJCOPY knob may be set
356 to obtain the GNU version if necessary.
359 Building ZFS pools on top of zvols is prohibited by default. That
360 feature has never worked safely; it's always been prone to deadlocks.
361 Using a zvol as the backing store for a VM guest's virtual disk will
362 still work, even if the guest is using ZFS. Legacy behavior can be
363 restored by setting vfs.zfs.vol.recursive=1.
366 The NONE and HPN patches has been removed from OpenSSH. They are
367 still available in the security/openssh-portable port.
370 With the addition of ypldap(8), a new _ypldap user is now required
371 during installworld. "mergemaster -p" can be used to add the user
372 prior to installworld, as documented in the handbook.
375 The tftp loader (pxeboot) now uses the option root-path directive. As a
376 consequence it no longer looks for a pxeboot.4th file on the tftp
377 server. Instead it uses the regular /boot infrastructure as with the
381 The code to start recording plug and play data into the modules has
382 been committed. While the old tools will properly build a new kernel,
383 a number of warnings about "unknown metadata record 4" will be produced
384 for an older kldxref. To avoid such warnings, make sure to rebuild
385 the kernel toolchain (or world). Make sure that you have r292078 or
386 later when trying to build 292077 or later before rebuilding.
389 Debug data files are now built by default with 'make buildworld' and
390 installed with 'make installworld'. This facilitates debugging but
391 requires more disk space both during the build and for the installed
392 world. Debug files may be disabled by setting WITHOUT_DEBUG_FILES=yes
396 r291527 changed the internal interface between the nfsd.ko and
397 nfscommon.ko modules. As such, they must both be upgraded to-gether.
398 __FreeBSD_version has been bumped because of this.
401 Add support for unicode collation strings leads to a change of
402 order of files listed by ls(1) for example. To get back to the old
403 behaviour, set LC_COLLATE environment variable to "C".
405 Databases administrators will need to reindex their databases given
406 collation results will be different.
408 Due to a bug in install(1) it is recommended to remove the ancient
409 locales before running make installworld.
411 rm -rf /usr/share/locale/*
414 The OpenSSL has been upgraded to 1.0.2d. Any binaries requiring
415 libcrypto.so.7 or libssl.so.7 must be recompiled.
418 Qlogic 24xx/25xx firmware images were updated from 5.5.0 to 7.3.0.
419 Kernel modules isp_2400_multi and isp_2500_multi were removed and
420 should be replaced with isp_2400 and isp_2500 modules respectively.
423 The build previously allowed using 'make -n' to not recurse into
424 sub-directories while showing what commands would be executed, and
425 'make -n -n' to recursively show commands. Now 'make -n' will recurse
426 and 'make -N' will not.
429 If you specify SENDMAIL_MC or SENDMAIL_CF in make.conf, mergemaster
430 and etcupdate will now use this file. A custom sendmail.cf is now
431 updated via this mechanism rather than via installworld. If you had
432 excluded sendmail.cf in mergemaster.rc or etcupdate.conf, you may
433 want to remove the exclusion or change it to "always install".
434 /etc/mail/sendmail.cf is now managed the same way regardless of
435 whether SENDMAIL_MC/SENDMAIL_CF is used. If you are not using
436 SENDMAIL_MC/SENDMAIL_CF there should be no change in behavior.
439 Compatibility shims for legacy ATA device names have been removed.
440 It includes ATA_STATIC_ID kernel option, kern.cam.ada.legacy_aliases
441 and kern.geom.raid.legacy_aliases loader tunables, kern.devalias.*
442 environment variables, /dev/ad* and /dev/ar* symbolic links.
445 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.7.0.
446 Please see the 20141231 entry below for information about prerequisites
447 and upgrading, if you are not already using clang 3.5.0 or higher.
450 Kernel debug files have been moved to /usr/lib/debug/boot/kernel/,
451 and renamed from .symbols to .debug. This reduces the size requirements
452 on the boot partition or file system and provides consistency with
453 userland debug files.
455 When using the supported kernel installation method the
456 /usr/lib/debug/boot/kernel directory will be renamed (to kernel.old)
457 as is done with /boot/kernel.
459 Developers wishing to maintain the historical behavior of installing
460 debug files in /boot/kernel/ can set KERN_DEBUGDIR="" in src.conf(5).
463 The wireless drivers had undergone changes that remove the 'parent
464 interface' from the ifconfig -l output. The rc.d network scripts
465 used to check presence of a parent interface in the list, so old
466 scripts would fail to start wireless networking. Thus, etcupdate(3)
467 or mergemaster(8) run is required after kernel update, to update your
468 rc.d scripts in /etc.
471 pf no longer supports 'scrub fragment crop' or 'scrub fragment drop-ovl'
472 These configurations are now automatically interpreted as
473 'scrub fragment reassemble'.
476 Kernel-loadable modules for the random(4) device are back. To use
477 them, the kernel must have
480 options RANDOM_LOADABLE
482 kldload(8) can then be used to load random_fortuna.ko
483 or random_yarrow.ko. Please note that due to the indirect
484 function calls that the loadable modules need to provide,
485 the build-in variants will be slightly more efficient.
487 The random(4) kernel option RANDOM_DUMMY has been retired due to
488 unpopularity. It was not all that useful anyway.
491 The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired.
492 Control over building the ELF Tool Chain tools is now provided by
493 the WITHOUT_TOOLCHAIN knob.
496 The polarity of Pulse Per Second (PPS) capture events with the
497 uart(4) driver has been corrected. Prior to this change the PPS
498 "assert" event corresponded to the trailing edge of a positive PPS
499 pulse and the "clear" event was the leading edge of the next pulse.
501 As the width of a PPS pulse in a typical GPS receiver is on the
502 order of 1 millisecond, most users will not notice any significant
503 difference with this change.
505 Anyone who has compensated for the historical polarity reversal by
506 configuring a negative offset equal to the pulse width will need to
507 remove that workaround.
510 The default group assigned to /dev/dri entries has been changed
511 from 'wheel' to 'video' with the id of '44'. If you want to have
512 access to the dri devices please add yourself to the video group
515 # pw groupmod video -m $USER
518 The menu.rc and loader.rc files will now be replaced during
519 upgrades. Please migrate local changes to menu.rc.local and
520 loader.rc.local instead.
523 GNU Binutils versions of addr2line, c++filt, nm, readelf, size,
524 strings and strip have been removed. The src.conf(5) knob
525 WITHOUT_ELFTOOLCHAIN_TOOLS no longer provides the binutils tools.
528 As ZFS requires more kernel stack pages than is the default on some
529 architectures e.g. i386, it now warns if KSTACK_PAGES is less than
530 ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing).
532 Please consider using 'options KSTACK_PAGES=X' where X is greater
533 than or equal to ZFS_MIN_KSTACK_PAGES i.e. 4 in such configurations.
536 sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0
537 and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by
538 default, i.e., they will not contain "::". For example, instead
539 of ::1, it will be 0:0:0:0:0:0:0:1. This permits a zero subnet
540 to have a more specific match, such as different map entries for
541 IPv6:0:0 vs IPv6:0. This change requires that configuration
542 data (including maps, files, classes, custom ruleset, etc.) must
543 use the same format, so make certain such configuration data is
544 upgrading. As a very simple check search for patterns like
545 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old
546 behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or
547 the cf option UseCompressedIPv6Addresses.
550 The default kernel entropy-processing algorithm is now
551 Fortuna, replacing Yarrow.
553 Assuming you have 'device random' in your kernel config
554 file, the configurations allow a kernel option to override
555 this default. You may choose *ONE* of:
557 options RANDOM_YARROW # Legacy /dev/random algorithm.
558 options RANDOM_DUMMY # Blocking-only driver.
560 If you have neither, you get Fortuna. For most people,
561 read no further, Fortuna will give a /dev/random that works
562 like it always used to, and the difference will be irrelevant.
564 If you remove 'device random', you get *NO* kernel-processed
565 entropy at all. This may be acceptable to folks building
566 embedded systems, but has complications. Carry on reading,
567 and it is assumed you know what you need.
569 *PLEASE* read random(4) and random(9) if you are in the
570 habit of tweaking kernel configs, and/or if you are a member
571 of the embedded community, wanting specific and not-usual
572 behaviour from your security subsystems.
574 NOTE!! If you use RANDOM_DUMMY and/or have no 'device
575 random', you will NOT have a functioning /dev/random, and
576 many cryptographic features will not work, including SSH.
577 You may also find strange behaviour from the random(3) set
578 of library functions, in particular sranddev(3), srandomdev(3)
579 and arc4random(3). The reason for this is that the KERN_ARND
580 sysctl only returns entropy if it thinks it has some to
581 share, and with RANDOM_DUMMY or no 'device random' this
585 An additional fix for the issue described in the 20150614 sendmail
586 entry below has been been committed in revision 284717.
589 FreeBSD's old make (fmake) has been removed from the system. It is
590 available as the devel/fmake port or via pkg install fmake.
593 The fix for the issue described in the 20150614 sendmail entry
594 below has been been committed in revision 284436. The work
595 around described in that entry is no longer needed unless the
596 default setting is overridden by a confDH_PARAMETERS configuration
597 setting of '5' or pointing to a 512 bit DH parameter file.
600 ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from
601 atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf
602 and devel/kyua to version 0.20+ and adjust any calling code to work
603 with Kyuafile and kyua.
606 The import of openssl to address the FreeBSD-SA-15:10.openssl
607 security advisory includes a change which rejects handshakes
608 with DH parameters below 768 bits. sendmail releases prior
609 to 8.15.2 (not yet released), defaulted to a 512 bit
610 DH parameter setting for client connections. To work around
611 this interoperability, sendmail can be configured to use a
612 2048 bit DH parameter by:
614 1. Edit /etc/mail/`hostname`.mc
615 2. If a setting for confDH_PARAMETERS does not exist or
616 exists and is set to a string beginning with '5',
618 3. If a setting for confDH_PARAMETERS exists and is set to
619 a file path, create a new file with:
620 openssl dhparam -out /path/to/file 2048
621 4. Rebuild the .cf file:
622 cd /etc/mail/; make; make install
624 cd /etc/mail/; make restart
626 A sendmail patch is coming, at which time this file will be
630 Generation of legacy formatted entries have been disabled by default
631 in pwd_mkdb(8), as all base system consumers of the legacy formatted
632 entries were converted to use the new format by default when the new,
633 machine independent format have been added and supported since FreeBSD
636 Please see the pwd_mkdb(8) manual page for further details.
639 Clang and llvm have been upgraded to 3.6.1 release. Please see the
640 20141231 entry below for information about prerequisites and upgrading,
641 if you are not already using 3.5.0 or higher.
644 TI platform code switched to using vendor DTS files and this update
645 may break existing systems running on Beaglebone, Beaglebone Black,
648 - dtb files should be regenerated/reinstalled. Filenames are the
649 same but content is different now
650 - GPIO addressing was changed, now each GPIO bank (32 pins per bank)
651 has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old
652 addressing scheme is now pin 25 on /dev/gpioc3.
653 - Pandaboard: /etc/ttys should be updated, serial console device is
654 now /dev/ttyu2, not /dev/ttyu0
657 soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim.
658 If you need the GNU extension from groff soelim(1), install groff
659 from package: pkg install groff, or via ports: textproc/groff.
662 chmod, chflags, chown and chgrp now affect symlinks in -R mode as
663 defined in symlink(7); previously symlinks were silently ignored.
666 The const qualifier has been removed from iconv(3) to comply with
667 POSIX. The ports tree is aware of this from r384038 onwards.
670 Libraries specified by LIBADD in Makefiles must have a corresponding
671 DPADD_<lib> variable to ensure correct dependencies. This is now
672 enforced in src.libnames.mk.
675 From legacy ata(4) driver was removed support for SATA controllers
676 supported by more functional drivers ahci(4), siis(4) and mvs(4).
677 Kernel modules ataahci and ataadaptec were removed completely,
678 replaced by ahci and mvs modules respectively.
681 Clang, llvm and lldb have been upgraded to 3.6.0 release. Please see
682 the 20141231 entry below for information about prerequisites and
683 upgrading, if you are not already using 3.5.0 or higher.
686 The 32-bit PowerPC kernel has been changed to a position-independent
687 executable. This can only be booted with a version of loader(8)
688 newer than January 31, 2015, so make sure to update both world and
689 kernel before rebooting.
692 If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014),
693 but before r278950, the RNG was not seeded properly. Immediately
694 upgrade the kernel to r278950 or later and regenerate any keys (e.g.
695 ssh keys or openssl keys) that were generated w/ a kernel from that
696 range. This does not affect programs that directly used /dev/random
697 or /dev/urandom. All userland uses of arc4random(3) are affected.
700 The autofs(4) ABI was changed in order to restore binary compatibility
701 with 10.1-RELEASE. The automountd(8) daemon needs to be rebuilt to work
705 The powerpc64 kernel has been changed to a position-independent
706 executable. This can only be booted with a new version of loader(8),
707 so make sure to update both world and kernel before rebooting.
710 Clang and llvm have been upgraded to 3.5.1 release. This is a bugfix
711 only release, no new features have been added. Please see the 20141231
712 entry below for information about prerequisites and upgrading, if you
713 are not already using 3.5.0.
716 ELF tools addr2line, elfcopy (strip), nm, size, and strings are now
717 taken from the ELF Tool Chain project rather than GNU binutils. They
718 should be drop-in replacements, with the addition of arm64 support.
719 The WITHOUT_ELFTOOLCHAIN_TOOLS= knob may be used to obtain the
720 binutils tools, if necessary. See 20150805 for updated information.
723 The default Unbound configuration now enables remote control
724 using a local socket. Users who have already enabled the
725 local_unbound service should regenerate their configuration
726 by running "service local_unbound setup" as root.
729 The GNU texinfo and GNU info pages have been removed.
730 To be able to view GNU info pages please install texinfo from ports.
733 Clang, llvm and lldb have been upgraded to 3.5.0 release.
735 As of this release, a prerequisite for building clang, llvm and lldb is
736 a C++11 capable compiler and C++11 standard library. This means that to
737 be able to successfully build the cross-tools stage of buildworld, with
738 clang as the bootstrap compiler, your system compiler or cross compiler
739 should either be clang 3.3 or later, or gcc 4.8 or later, and your
740 system C++ library should be libc++, or libdstdc++ from gcc 4.8 or
743 On any standard FreeBSD 10.x or 11.x installation, where clang and
744 libc++ are on by default (that is, on x86 or arm), this should work out
747 On 9.x installations where clang is enabled by default, e.g. on x86 and
748 powerpc, libc++ will not be enabled by default, so libc++ should be
749 built (with clang) and installed first. If both clang and libc++ are
750 missing, build clang first, then use it to build libc++.
752 On 8.x and earlier installations, upgrade to 9.x first, and then follow
753 the instructions for 9.x above.
755 Sparc64 and mips users are unaffected, as they still use gcc 4.2.1 by
756 default, and do not build clang.
758 Many embedded systems are resource constrained, and will not be able to
759 build clang in a reasonable time, or in some cases at all. In those
760 cases, cross building bootable systems on amd64 is a workaround.
762 This new version of clang introduces a number of new warnings, of which
763 the following are most likely to appear:
767 This warns in two cases, for both C and C++:
768 * When the code is trying to take the absolute value of an unsigned
769 quantity, which is effectively a no-op, and almost never what was
770 intended. The code should be fixed, if at all possible. If you are
771 sure that the unsigned quantity can be safely cast to signed, without
772 loss of information or undefined behavior, you can add an explicit
773 cast, or disable the warning.
775 * When the code is trying to take an absolute value, but the called
776 abs() variant is for the wrong type, which can lead to truncation.
777 If you want to disable the warning instead of fixing the code, please
778 make sure that truncation will not occur, or it might lead to unwanted
781 -Wtautological-undefined-compare and
782 -Wundefined-bool-conversion
784 These warn when C++ code is trying to compare 'this' against NULL, while
785 'this' should never be NULL in well-defined C++ code. However, there is
786 some legacy (pre C++11) code out there, which actively abuses this
787 feature, which was less strictly defined in previous C++ versions.
789 Squid and openjdk do this, for example. The warning can be turned off
790 for C++98 and earlier, but compiling the code in C++11 mode might result
791 in unexpected behavior; for example, the parts of the program that are
792 unreachable could be optimized away.
795 The old NFS client and server (kernel options NFSCLIENT, NFSSERVER)
796 kernel sources have been removed. The .h files remain, since some
797 utilities include them. This will need to be fixed later.
798 If "mount -t oldnfs ..." is attempted, it will fail.
799 If the "-o" option on mountd(8), nfsd(8) or nfsstat(1) is used,
800 the utilities will report errors.
803 The handling of LOCAL_LIB_DIRS has been altered to skip addition of
804 directories to top level SUBDIR variable when their parent
805 directory is included in LOCAL_DIRS. Users with build systems with
806 such hierarchies and without SUBDIR entries in the parent
807 directory Makefiles should add them or add the directories to
811 faith(4) and faithd(8) have been removed from the base system. Faith
812 has been obsolete for a very long time.
815 vt(4), the new console driver, is enabled by default. It brings
816 support for Unicode and double-width characters, as well as
817 support for UEFI and integration with the KMS kernel video
820 You may need to update your console settings in /etc/rc.conf,
821 most probably the keymap. During boot, /etc/rc.d/syscons will
822 indicate what you need to do.
824 vt(4) still has issues and lacks some features compared to
825 syscons(4). See the wiki for up-to-date information:
826 https://wiki.freebsd.org/Newcons
828 If you want to keep using syscons(4), you can do so by adding
829 the following line to /boot/loader.conf:
833 pjdfstest has been integrated into kyua as an opt-in test suite.
834 Please see share/doc/pjdfstest/README for more details on how to
838 gperf has been removed from the base system for architectures
839 that use clang. Ports that require gperf will obtain it from the
843 pjdfstest has been moved from tools/regression/pjdfstest to
847 At svn r271982, The default linux compat kernel ABI has been adjusted
848 to 2.6.18 in support of the linux-c6 compat ports infrastructure
849 update. If you wish to continue using the linux-f10 compat ports,
850 add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are
851 encouraged to update their linux-compat packages to linux-c6 during
852 their next update cycle.
855 The ofwfb driver, used to provide a graphics console on PowerPC when
856 using vt(4), no longer allows mmap() of all physical memory. This
857 will prevent Xorg on PowerPC with some ATI graphics cards from
858 initializing properly unless x11-servers/xorg-server is updated to
862 The xdev targets have been converted to using TARGET and
863 TARGET_ARCH instead of XDEV and XDEV_ARCH.
866 The default unbound configuration has been modified to address
867 issues with reverse lookups on networks that use private
868 address ranges. If you use the local_unbound service, run
869 "service local_unbound setup" as root to regenerate your
870 configuration, then "service local_unbound reload" to load the
874 The GNU texinfo and GNU info pages are not built and installed
875 anymore, WITH_INFO knob has been added to allow to built and install
877 UPDATE: see 20150102 entry on texinfo's removal
880 The GNU readline library is now an INTERNALLIB - that is, it is
881 statically linked into consumers (GDB and variants) in the base
882 system, and the shared library is no longer installed. The
883 devel/readline port is available for third party software that
887 The Itanium architecture (ia64) has been removed from the list of
888 known architectures. This is the first step in the removal of the
892 Commit r268115 has added NFSv4.1 server support, merged from
893 projects/nfsv4.1-server. Since this includes changes to the
894 internal interfaces between the NFS related modules, a full
895 build of the kernel and modules will be necessary.
896 __FreeBSD_version has been bumped.
899 The WITHOUT_VT_SUPPORT kernel config knob has been renamed
900 WITHOUT_VT. (The other _SUPPORT knobs have a consistent meaning
901 which differs from the behaviour controlled by this knob.)
904 Maximal length of the serial number in CTL was increased from 16 to
905 64 chars, that breaks ABI. All CTL-related tools, such as ctladm
906 and ctld, need to be rebuilt to work with a new kernel.
909 The libatf-c and libatf-c++ major versions were downgraded to 0 and
910 1 respectively to match the upstream numbers. They were out of
911 sync because, when they were originally added to FreeBSD, the
912 upstream versions were not respected. These libraries are private
913 and not yet built by default, so renumbering them should be a
914 non-issue. However, unclean source trees will yield broken test
915 programs once the operator executes "make delete-old-libs" after a
918 Additionally, the atf-sh binary was made private by moving it into
919 /usr/libexec/. Already-built shell test programs will keep the
920 path to the old binary so they will break after "make delete-old"
923 If you are using WITH_TESTS=yes (not the default), wipe the object
924 tree and rebuild from scratch to prevent spurious test failures.
925 This is only needed once: the misnumbered libraries and misplaced
926 binaries have been added to OptionalObsoleteFiles.inc so they will
927 be removed during a clean upgrade.
930 Clang and llvm have been upgraded to 3.4.1 release.
933 We bogusly installed src.opts.mk in /usr/share/mk. This file should
934 be removed to avoid issues in the future (and has been added to
938 /etc/src.conf now affects only builds of the FreeBSD src tree. In the
939 past, it affected all builds that used the bsd.*.mk files. The old
940 behavior was a bug, but people may have relied upon it. To get this
941 behavior back, you can .include /etc/src.conf from /etc/make.conf
942 (which is still global and isn't changed). This also changes the
943 behavior of incremental builds inside the tree of individual
944 directories. Set MAKESYSPATH to ".../share/mk" to do that.
945 Although this has survived make universe and some upgrade scenarios,
946 other upgrade scenarios may have broken. At least one form of
947 temporary breakage was fixed with MAKESYSPATH settings for buildworld
948 as well... In cases where MAKESYSPATH isn't working with this
949 setting, you'll need to set it to the full path to your tree.
951 One side effect of all this cleaning up is that bsd.compiler.mk
952 is no longer implicitly included by bsd.own.mk. If you wish to
953 use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk
957 The lindev device has been removed since /dev/full has been made a
958 standard device. __FreeBSD_version has been bumped.
961 The knob WITHOUT_VI was added to the base system, which controls
962 building ex(1), vi(1), etc. Older releases of FreeBSD required ex(1)
963 in order to reorder files share/termcap and didn't build ex(1) as a
964 build tool, so building/installing with WITH_VI is highly advised for
965 build hosts for older releases.
967 This issue has been fixed in stable/9 and stable/10 in r277022 and
968 r276991, respectively.
971 The YES_HESIOD knob has been removed. It has been obsolete for
972 a decade. Please move to using WITH_HESIOD instead or your builds
973 will silently lack HESIOD.
976 The uart(4) driver has been changed with respect to its handling
977 of the low-level console. Previously the uart(4) driver prevented
978 any process from changing the baudrate or the CLOCAL and HUPCL
979 control flags. By removing the restrictions, operators can make
980 changes to the serial console port without having to reboot.
981 However, when getty(8) is started on the serial device that is
982 associated with the low-level console, a misconfigured terminal
983 line in /etc/ttys will now have a real impact.
984 Before upgrading the kernel, make sure that /etc/ttys has the
985 serial console device configured as 3wire without baudrate to
986 preserve the previous behaviour. E.g:
987 ttyu0 "/usr/libexec/getty 3wire" vt100 on secure
990 Support for libwrap (TCP wrappers) in rpcbind was disabled by default
991 to improve performance. To re-enable it, if needed, run rpcbind
992 with command line option -W.
995 Switched back to the GPL dtc compiler due to updates in the upstream
996 dts files not being supported by the BSDL dtc compiler. You will need
997 to rebuild your kernel toolchain to pick up the new compiler. Core dumps
998 may result while building dtb files during a kernel build if you fail
999 to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler.
1002 Clang and llvm have been upgraded to 3.4 release.
1005 The nve(4) driver has been removed. Please use the nfe(4) driver
1006 for NVIDIA nForce MCP Ethernet adapters instead.
1009 An ABI incompatibility crept into the libc++ 3.4 import in r261283.
1010 This could cause certain C++ applications using shared libraries built
1011 against the previous version of libc++ to crash. The incompatibility
1012 has now been fixed, but any C++ applications or shared libraries built
1013 between r261283 and r261801 should be recompiled.
1016 OpenSSH will now ignore errors caused by kernel lacking of Capsicum
1017 capability mode support. Please note that enabling the feature in
1018 kernel is still highly recommended.
1021 OpenSSH is now built with sandbox support, and will use sandbox as
1022 the default privilege separation method. This requires Capsicum
1023 capability mode support in kernel.
1026 The libelf and libdwarf libraries have been updated to newer
1027 versions from upstream. Shared library version numbers for
1028 these two libraries were bumped. Any ports or binaries
1029 requiring these two libraries should be recompiled.
1030 __FreeBSD_version is bumped to 1100006.
1033 If a Makefile in a tests/ directory was auto-generating a Kyuafile
1034 instead of providing an explicit one, this would prevent such
1035 Makefile from providing its own Kyuafile in the future during
1036 NO_CLEAN builds. This has been fixed in the Makefiles but manual
1037 intervention is needed to clean an objdir if you use NO_CLEAN:
1038 # find /usr/obj -name Kyuafile | xargs rm -f
1041 The behavior of gss_pseudo_random() for the krb5 mechanism
1042 has changed, for applications requesting a longer random string
1043 than produced by the underlying enctype's pseudo-random() function.
1044 In particular, the random string produced from a session key of
1045 enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
1046 be different at the 17th octet and later, after this change.
1047 The counter used in the PRF+ construction is now encoded as a
1048 big-endian integer in accordance with RFC 4402.
1049 __FreeBSD_version is bumped to 1100004.
1052 The WITHOUT_ATF build knob has been removed and its functionality
1053 has been subsumed into the more generic WITHOUT_TESTS. If you were
1054 using the former to disable the build of the ATF libraries, you
1055 should change your settings to use the latter.
1058 The default version of mtree is nmtree which is obtained from
1059 NetBSD. The output is generally the same, but may vary
1060 slightly. If you found you need identical output adding
1061 "-F freebsd9" to the command line should do the trick. For the
1062 time being, the old mtree is available as fmtree.
1065 libbsdyml has been renamed to libyaml and moved to /usr/lib/private.
1066 This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg
1067 1.1.4_8 and verify bsdyml not linked in, before running "make
1069 # make -C /usr/ports/ports-mgmt/pkg build deinstall install clean
1071 # pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml
1074 The stable/10 branch has been created in subversion from head
1078 The rc.d/jail script has been updated to support jail(8)
1079 configuration file. The "jail_<jname>_*" rc.conf(5) variables
1080 for per-jail configuration are automatically converted to
1081 /var/run/jail.<jname>.conf before the jail(8) utility is invoked.
1082 This is transparently backward compatible. See below about some
1083 incompatibilities and rc.conf(5) manual page for more details.
1085 These variables are now deprecated in favor of jail(8) configuration
1086 file. One can use "rc.d/jail config <jname>" command to generate
1087 a jail(8) configuration file in /var/run/jail.<jname>.conf without
1088 running the jail(8) utility. The default pathname of the
1089 configuration file is /etc/jail.conf and can be specified by
1090 using $jail_conf or $jail_<jname>_conf variables.
1092 Please note that jail_devfs_ruleset accepts an integer at
1093 this moment. Please consider to rewrite the ruleset name
1097 BIND has been removed from the base system. If all you need
1098 is a local resolver, simply enable and start the local_unbound
1099 service instead. Otherwise, several versions of BIND are
1100 available in the ports tree. The dns/bind99 port is one example.
1102 With this change, nslookup(1) and dig(1) are no longer in the base
1103 system. Users should instead use host(1) and drill(1) which are
1104 in the base system. Alternatively, nslookup and dig can
1105 be obtained by installing the dns/bind-tools port.
1108 With the addition of unbound(8), a new unbound user is now
1109 required during installworld. "mergemaster -p" can be used to
1110 add the user prior to installworld, as documented in the handbook.
1113 OpenSSH is now built with DNSSEC support, and will by default
1114 silently trust signed SSHFP records. This can be controlled with
1115 the VerifyHostKeyDNS client configuration setting. DNSSEC support
1116 can be disabled entirely with the WITHOUT_LDNS option in src.conf.
1119 The GNU Compiler Collection and C++ standard library (libstdc++)
1120 are no longer built by default on platforms where clang is the system
1121 compiler. You can enable them with the WITH_GCC and WITH_GNUCXX
1122 options in src.conf.
1125 The PROCDESC kernel option is now part of the GENERIC kernel
1126 configuration and is required for the rwhod(8) to work.
1127 If you are using custom kernel configuration, you should include
1131 The API and ABI related to the Capsicum framework was modified
1132 in backward incompatible way. The userland libraries and programs
1133 have to be recompiled to work with the new kernel. This includes the
1134 following libraries and programs, but the whole buildworld is
1135 advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl,
1136 kdump, procstat, rwho, rwhod, uniq.
1139 AES-NI intrinsic support has been added to gcc. The AES-NI module
1140 has been updated to use this support. A new gcc is required to build
1141 the aesni module on both i386 and amd64.
1144 The PADLOCK_RNG and RDRAND_RNG kernel options are now devices.
1145 Thus "device padlock_rng" and "device rdrand_rng" should be
1146 used instead of "options PADLOCK_RNG" & "options RDRAND_RNG".
1149 WITH_ICONV has been split into two feature sets. WITH_ICONV now
1150 enables just the iconv* functionality and is now on by default.
1151 WITH_LIBICONV_COMPAT enables the libiconv api and link time
1152 compatibility. Set WITHOUT_ICONV to build the old way.
1153 If you have been using WITH_ICONV before, you will very likely
1154 need to turn on WITH_LIBICONV_COMPAT.
1157 INVARIANTS option now enables DEBUG for code with OpenSolaris and
1158 Illumos origin, including ZFS. If you have INVARIANTS in your
1159 kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG
1161 DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS)
1162 locks if WITNESS option was set. Because that generated a lot of
1163 witness(9) reports and all of them were believed to be false
1164 positives, this is no longer done. New option OPENSOLARIS_WITNESS
1165 can be used to achieve the previous behavior.
1168 Timer values in IPv6 data structures now use time_uptime instead
1169 of time_second. Although this is not a user-visible functional
1170 change, userland utilities which directly use them---ndp(8),
1171 rtadvd(8), and rtsold(8) in the base system---need to be updated
1172 to r253970 or later.
1175 find -delete can now delete the pathnames given as arguments,
1176 instead of only files found below them or if the pathname did
1177 not contain any slashes. Formerly, the following error message
1180 find: -delete: <path>: relative path potentially not safe
1182 Deleting the pathnames given as arguments can be prevented
1183 without error messages using -mindepth 1 or by changing
1184 directory and passing "." as argument to find. This works in the
1185 old as well as the new version of find.
1188 Behavior of devfs rules path matching has been changed.
1189 Pattern is now always matched against fully qualified devfs
1190 path and slash characters must be explicitly matched by
1191 slashes in pattern (FNM_PATHNAME). Rulesets involving devfs
1192 subdirectories must be reviewed.
1195 The default ARM ABI has changed to the ARM EABI. The old ABI is
1196 incompatible with the ARM EABI and all programs and modules will
1197 need to be rebuilt to work with a new kernel.
1199 To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set.
1201 NOTE: Support for the old ABI will be removed in the future and
1202 users are advised to upgrade.
1205 pkg_install has been disconnected from the build if you really need it
1206 you should add WITH_PKGTOOLS in your src.conf(5).
1209 Most of network statistics structures were changed to be able
1210 keep 64-bits counters. Thus all tools, that work with networking
1211 statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.)
1214 Fix a bug that allowed a tracing process (e.g. gdb) to write
1215 to a memory-mapped file in the traced process's address space
1216 even if neither the traced process nor the tracing process had
1217 write access to that file.
1220 CVS has been removed from the base system. An exact copy
1221 of the code is available from the devel/cvs port.
1224 Some people report the following error after the switch to bmake:
1226 make: illegal option -- J
1227 usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable]
1229 *** [buildworld] Error code 2
1231 this likely due to an old instance of make in
1232 ${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE})
1233 which src/Makefile will use that blindly, if it exists, so if
1234 you see the above error:
1236 rm -rf `make -V MAKEPATH`
1241 Use bmake by default.
1242 Whereas before one could choose to build with bmake via
1243 -DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old
1244 make. The goal is to remove these knobs for 10-RELEASE.
1246 It is worth noting that bmake (like gmake) treats the command
1247 line as the unit of failure, rather than statements within the
1248 command line. Thus '(cd some/where && dosomething)' is safer
1249 than 'cd some/where; dosomething'. The '()' allows consistent
1250 behavior in parallel build.
1253 Fix a bug that allows NFS clients to issue READDIR on files.
1256 The WITHOUT_IDEA option has been removed because
1257 the IDEA patent expired.
1260 The sysctl which controls TRIM support under ZFS has been renamed
1261 from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been
1265 The mergemaster command now uses the default MAKEOBJDIRPREFIX
1266 rather than creating it's own in the temporary directory in
1267 order allow access to bootstrapped versions of tools such as
1268 install and mtree. When upgrading from version of FreeBSD where
1269 the install command does not support -l, you will need to
1270 install a new mergemaster command if mergemaster -p is required.
1271 This can be accomplished with the command (cd src/usr.sbin/mergemaster
1275 Legacy ATA stack, disabled and replaced by new CAM-based one since
1276 FreeBSD 9.0, completely removed from the sources. Kernel modules
1277 atadisk and atapi*, user-level tools atacontrol and burncd are
1278 removed. Kernel option `options ATA_CAM` is now permanently enabled
1282 SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2)
1283 and socketpair(2). Software, in particular Kerberos, may
1284 automatically detect and use these during building. The resulting
1285 binaries will not work on older kernels.
1288 CTL_DISABLE has also been added to the sparc64 GENERIC (for further
1289 information, see the respective 20130304 entry).
1292 Recent commits to callout(9) changed the size of struct callout,
1293 so the KBI is probably heavily disturbed. Also, some functions
1294 in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced
1295 by macros. Every kernel module using it won't load, so rebuild
1298 The ctl device has been re-enabled in GENERIC for i386 and amd64,
1299 but does not initialize by default (because of the new CTL_DISABLE
1300 option) to save memory. To re-enable it, remove the CTL_DISABLE
1301 option from the kernel config file or set kern.cam.ctl.disable=0
1302 in /boot/loader.conf.
1305 The ctl device has been disabled in GENERIC for i386 and amd64.
1306 This was done due to the extra memory being allocated at system
1307 initialisation time by the ctl driver which was only used if
1308 a CAM target device was created. This makes a FreeBSD system
1309 unusable on 128MB or less of RAM.
1312 A new compression method (lz4) has been merged to -HEAD. Please
1313 refer to zpool-features(7) for more information.
1315 Please refer to the "ZFS notes" section of this file for information
1316 on upgrading boot ZFS pools.
1319 A BSD-licensed patch(1) variant has been added and is installed
1320 as bsdpatch, being the GNU version the default patch.
1321 To inverse the logic and use the BSD-licensed one as default,
1322 while having the GNU version installed as gnupatch, rebuild
1323 and install world with the WITH_BSD_PATCH knob set.
1326 Due to the use of the new -l option to install(1) during build
1327 and install, you must take care not to directly set the INSTALL
1328 make variable in your /etc/make.conf, /etc/src.conf, or on the
1329 command line. If you wish to use the -C flag for all installs
1330 you may be able to add INSTALL+=-C to /etc/make.conf or
1334 The install(1) option -M has changed meaning and now takes an
1335 argument that is a file or path to append logs to. In the
1336 unlikely event that -M was the last option on the command line
1337 and the command line contained at least two files and a target
1338 directory the first file will have logs appended to it. The -M
1339 option served little practical purpose in the last decade so its
1340 use is expected to be extremely rare.
1343 After switching to Clang as the default compiler some users of ZFS
1344 on i386 systems started to experience stack overflow kernel panics.
1345 Please consider using 'options KSTACK_PAGES=4' in such configurations.
1348 GEOM_LABEL now mangles label names read from file system metadata.
1349 Mangling affect labels containing spaces, non-printable characters,
1350 '%' or '"'. Device names in /etc/fstab and other places may need to
1354 By default, only the 10 most recent kernel dumps will be saved. To
1355 restore the previous behaviour (no limit on the number of kernel dumps
1356 stored in the dump directory) add the following line to /etc/rc.conf:
1361 With the addition of auditdistd(8), a new auditdistd user is now
1362 required during installworld. "mergemaster -p" can be used to
1363 add the user prior to installworld, as documented in the handbook.
1366 The sin6_scope_id member variable in struct sockaddr_in6 is now
1367 filled by the kernel before passing the structure to the userland via
1368 sysctl or routing socket. This means the KAME-specific embedded scope
1369 id in sin6_addr.s6_addr[2] is always cleared in userland application.
1370 This behavior can be controlled by net.inet6.ip6.deembed_scopeid.
1371 __FreeBSD_version is bumped to 1000025.
1374 On i386 and amd64 systems WITH_CLANG_IS_CC is now the default.
1375 This means that the world and kernel will be compiled with clang
1376 and that clang will be installed as /usr/bin/cc, /usr/bin/c++,
1377 and /usr/bin/cpp. To disable this behavior and revert to building
1378 with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions
1379 of current may need to bootstrap WITHOUT_CLANG first if the clang
1380 build fails (its compatibility window doesn't extend to the 9 stable
1384 The IPFIREWALL_FORWARD kernel option has been removed. Its
1385 functionality now turned on by default.
1388 The ZERO_COPY_SOCKET kernel option has been removed and
1389 split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP.
1390 NB: SOCKET_SEND_COW uses the VM page based copy-on-write
1391 mechanism which is not safe and may result in kernel crashes.
1392 NB: The SOCKET_RECV_PFLIP mechanism is useless as no current
1393 driver supports disposeable external page sized mbuf storage.
1394 Proper replacements for both zero-copy mechanisms are under
1395 consideration and will eventually lead to complete removal
1396 of the two kernel options.
1399 The IPv4 network stack has been converted to network byte
1400 order. The following modules need to be recompiled together
1401 with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4),
1402 pf(4), ipfw(4), ng_ipfw(4), stf(4).
1405 Support for non-MPSAFE filesystems was removed from VFS. The
1406 VFS_VERSION was bumped, all filesystem modules shall be
1410 All the non-MPSAFE filesystems have been disconnected from
1411 the build. The full list includes: codafs, hpfs, ntfs, nwfs,
1412 portalfs, smbfs, xfs.
1415 The interface cloning API and ABI has changed. The following
1416 modules need to be recompiled together with kernel:
1417 ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4),
1418 vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4),
1419 faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4).
1422 The sdhci driver was split in two parts: sdhci (generic SD Host
1423 Controller logic) and sdhci_pci (actual hardware driver).
1424 No kernel config modifications are required, but if you
1425 load sdhc as a module you must switch to sdhci_pci instead.
1428 Import the FUSE kernel and userland support into base system.
1431 The GNU sort(1) program has been removed since the BSD-licensed
1432 sort(1) has been the default for quite some time and no serious
1433 problems have been reported. The corresponding WITH_GNU_SORT
1437 The pfil(9) API/ABI for AF_INET family has been changed. Packet
1438 filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled
1442 The net80211(4) ABI has been changed to allow for improved driver
1443 PS-POLL and power-save support. All wireless drivers need to be
1444 recompiled to work with the new kernel.
1447 The random(4) support for the VIA hardware random number
1448 generator (`PADLOCK') is no longer enabled unconditionally.
1449 Add the padlock_rng device in the custom kernel config if
1450 needed. The GENERIC kernels on i386 and amd64 do include the
1451 device, so the change only affects the custom kernel
1455 The pf(4) packet filter ABI has been changed. pfctl(8) and
1456 snmp_pf module need to be recompiled to work with new kernel.
1459 A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
1460 to -HEAD. Pools that have empty_bpobj in active state can not be
1461 imported read-write with ZFS implementations that do not support
1462 this feature. For more information read the zpool-features(5)
1466 The sparc64 ZFS loader has been changed to no longer try to auto-
1467 detect ZFS providers based on diskN aliases but now requires these
1468 to be explicitly listed in the OFW boot-device environment variable.
1471 The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring
1472 libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are
1473 configuration changes. Make sure to merge /etc/ssl/openssl.cnf.
1476 The following sysctls and tunables have been renamed for consistency
1477 with other variables:
1478 kern.cam.da.da_send_ordered -> kern.cam.da.send_ordered
1479 kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered
1482 The sort utility has been replaced with BSD sort. For now, GNU sort
1483 is also available as "gnusort" or the default can be set back to
1484 GNU sort by setting WITH_GNU_SORT. In this case, BSD sort will be
1485 installed as "bsdsort".
1488 A new version of ZFS (pool version 5000) has been merged to -HEAD.
1489 Starting with this version the old system of ZFS pool versioning
1490 is superseded by "feature flags". This concept enables forward
1491 compatibility against certain future changes in functionality of ZFS
1492 pools. The first read-only compatible "feature flag" for ZFS pools
1493 is named "com.delphix:async_destroy". For more information
1494 read the new zpool-features(5) manual page.
1495 Please refer to the "ZFS notes" section of this file for information
1496 on upgrading boot ZFS pools.
1499 The malloc(3) implementation embedded in libc now uses sources imported
1500 as contrib/jemalloc. The most disruptive API change is to
1501 /etc/malloc.conf. If your system has an old-style /etc/malloc.conf,
1502 delete it prior to installworld, and optionally re-create it using the
1503 new format after rebooting. See malloc.conf(5) for details
1504 (specifically the TUNING section and the "opt.*" entries in the MALLCTL
1508 Big-endian MIPS TARGET_ARCH values no longer end in "eb". mips64eb
1509 is now spelled mips64. mipsn32eb is now spelled mipsn32. mipseb is
1510 now spelled mips. This is to aid compatibility with third-party
1511 software that expects this naming scheme in uname(3). Little-endian
1512 settings are unchanged. If you are updating a big-endian mips64 machine
1513 from before this change, you may need to set MACHINE_ARCH=mips64 in
1514 your environment before the new build system will recognize your machine.
1517 Disable by default the option VFS_ALLOW_NONMPSAFE for all supported
1521 Now unix domain sockets behave "as expected" on nullfs(5). Previously
1522 nullfs(5) did not pass through all behaviours to the underlying layer,
1523 as a result if we bound to a socket on the lower layer we could connect
1524 only to the lower path; if we bound to the upper layer we could connect
1525 only to the upper path. The new behavior is one can connect to both the
1526 lower and the upper paths regardless what layer path one binds to.
1529 The getifaddrs upgrade path broken with 20111215 has been restored.
1530 If you have upgraded in between 20111215 and 20120209 you need to
1531 recompile libc again with your kernel. You still need to recompile
1532 world to be able to configure CARP but this restriction already
1533 comes from 20111215.
1536 The set_rcvar() function has been removed from /etc/rc.subr. All
1537 base and ports rc.d scripts have been updated, so if you have a
1538 port installed with a script in /usr/local/etc/rc.d you can either
1539 hand-edit the rcvar= line, or reinstall the port.
1541 An easy way to handle the mass-update of /etc/rc.d:
1542 rm /etc/rc.d/* && mergemaster -i
1545 panic(9) now stops other CPUs in the SMP systems, disables interrupts
1546 on the current CPU and prevents other threads from running.
1547 This behavior can be reverted using the kern.stop_scheduler_on_panic
1549 The new behavior can be incompatible with kern.sync_on_panic.
1552 The carp(4) facility has been changed significantly. Configuration
1553 of the CARP protocol via ifconfig(8) has changed, as well as format
1554 of CARP events submitted to devd(8) has changed. See manual pages
1555 for more information. The arpbalance feature of carp(4) is currently
1556 not supported anymore.
1558 Size of struct in_aliasreq, struct in6_aliasreq has changed. User
1559 utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8),
1560 need to be recompiled.
1563 The acpi_wmi(4) status device /dev/wmistat has been renamed to
1567 The option VFS_ALLOW_NONMPSAFE option has been added in order to
1568 explicitely support non-MPSAFE filesystems.
1569 It is on by default for all supported platform at this present
1573 The broken amd(4) driver has been replaced with esp(4) in the amd64,
1574 i386 and pc98 GENERIC kernel configuration files.
1577 sysinstall has been removed
1580 The stable/9 branch created in subversion. This corresponds to the
1581 RELENG_9 branch in CVS.
1587 Avoid using make -j when upgrading. While generally safe, there are
1588 sometimes problems using -j to upgrade. If your upgrade fails with
1589 -j, please try again without -j. From time to time in the past there
1590 have been problems using -j with buildworld and/or installworld. This
1591 is especially true when upgrading between "distant" versions (eg one
1592 that cross a major release boundary or several minor releases, or when
1593 several months have passed on the -current branch).
1595 Sometimes, obscure build problems are the result of environment
1596 poisoning. This can happen because the make utility reads its
1597 environment when searching for values for global variables. To run
1598 your build attempts in an "environmental clean room", prefix all make
1599 commands with 'env -i '. See the env(1) manual page for more details.
1601 When upgrading from one major version to another it is generally best
1602 to upgrade to the latest code in the currently installed branch first,
1603 then do an upgrade to the new branch. This is the best-tested upgrade
1604 path, and has the highest probability of being successful. Please try
1605 this approach before reporting problems with a major version upgrade.
1607 When upgrading a live system, having a root shell around before
1608 installing anything can help undo problems. Not having a root shell
1609 around can lead to problems if pam has changed too much from your
1610 starting point to allow continued authentication after the upgrade.
1612 This file should be read as a log of events. When a later event changes
1613 information of a prior event, the prior event should not be deleted.
1614 Instead, a pointer to the entry with the new information should be
1615 placed in the old entry. Readers of this file should also sanity check
1616 older entries before relying on them blindly. Authors of new entries
1617 should write them with this in mind.
1621 When upgrading the boot ZFS pool to a new version, always follow
1624 1.) recompile and reinstall the ZFS boot loader and boot block
1625 (this is part of "make buildworld" and "make installworld")
1627 2.) update the ZFS boot block on your boot drive
1629 The following example updates the ZFS boot block on the first
1630 partition (freebsd-boot) of a GPT partitioned drive ada0:
1631 "gpart bootcode -p /boot/gptzfsboot -i 1 ada0"
1633 Non-boot pools do not need these updates.
1637 If you are updating from a prior version of FreeBSD (even one just
1638 a few days old), you should follow this procedure. It is the most
1639 failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,
1641 make kernel-toolchain
1642 make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
1643 make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
1645 To test a kernel once
1646 ---------------------
1647 If you just want to boot a kernel once (because you are not sure
1648 if it works, or if you want to boot a known bad kernel to provide
1649 debugging information) run
1650 make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
1651 nextboot -k testkernel
1653 To just build a kernel when you know that it won't mess you up
1654 --------------------------------------------------------------
1655 This assumes you are already running a CURRENT system. Replace
1656 ${arch} with the architecture of your machine (e.g. "i386",
1657 "arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc).
1659 cd src/sys/${arch}/conf
1660 config KERNEL_NAME_HERE
1661 cd ../compile/KERNEL_NAME_HERE
1666 If this fails, go to the "To build a kernel" section.
1668 To rebuild everything and install it on the current system.
1669 -----------------------------------------------------------
1670 # Note: sometimes if you are running current you gotta do more than
1671 # is listed here if you are upgrading from a really old current.
1673 <make sure you have good level 0 dumps>
1675 make kernel KERNCONF=YOUR_KERNEL_HERE
1677 <reboot in single user> [3]
1684 To cross-install current onto a separate partition
1685 --------------------------------------------------
1686 # In this approach we use a separate partition to hold
1687 # current's root, 'usr', and 'var' directories. A partition
1688 # holding "/", "/usr" and "/var" should be about 2GB in
1691 <make sure you have good level 0 dumps>
1694 make buildkernel KERNCONF=YOUR_KERNEL_HERE
1695 <maybe newfs current's root partition>
1696 <mount current's root partition on directory ${CURRENT_ROOT}>
1697 make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC
1698 make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
1699 make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
1700 cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd
1701 <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
1702 <reboot into current>
1703 <do a "native" rebuild/install as described in the previous section>
1704 <maybe install compatibility libraries from ports/misc/compat*>
1708 To upgrade in-place from stable to current
1709 ----------------------------------------------
1710 <make sure you have good level 0 dumps>
1712 make kernel KERNCONF=YOUR_KERNEL_HERE [8]
1714 <reboot in single user> [3]
1721 Make sure that you've read the UPDATING file to understand the
1722 tweaks to various things you need. At this point in the life
1723 cycle of current, things change often and you are on your own
1724 to cope. The defaults can also change, so please read ALL of
1725 the UPDATING entries.
1727 Also, if you are tracking -current, you must be subscribed to
1728 freebsd-current@freebsd.org. Make sure that before you update
1729 your sources that you have read and understood all the recent
1730 messages there. If in doubt, please track -stable which has
1731 much fewer pitfalls.
1733 [1] If you have third party modules, such as vmware, you
1734 should disable them at this point so they don't crash your
1737 [3] From the bootblocks, boot -s, and then do
1742 adjkerntz -i # if CMOS is wall time
1743 Also, when doing a major release upgrade, it is required that
1744 you boot into single user mode to do the installworld.
1746 [4] Note: This step is non-optional. Failure to do this step
1747 can result in a significant reduction in the functionality of the
1748 system. Attempting to do it by hand is not recommended and those
1749 that pursue this avenue should read this file carefully, as well
1750 as the archives of freebsd-current and freebsd-hackers mailing lists
1751 for potential gotchas. The -U option is also useful to consider.
1752 See mergemaster(8) for more information.
1754 [5] Usually this step is a noop. However, from time to time
1755 you may need to do this if you get unknown user in the following
1756 step. It never hurts to do it all the time. You may need to
1757 install a new mergemaster (cd src/usr.sbin/mergemaster && make
1758 install) after the buildworld before this step if you last updated
1759 from current before 20130425 or from -stable before 20130430.
1761 [6] This only deletes old files and directories. Old libraries
1762 can be deleted by "make delete-old-libs", but you have to make
1763 sure that no program is using those libraries anymore.
1765 [8] In order to have a kernel that can run the 4.x binaries needed to
1766 do an installworld, you must include the COMPAT_FREEBSD4 option in
1767 your kernel. Failure to do so may leave you with a system that is
1768 hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is
1769 required to run the 5.x binaries on more recent kernels. And so on
1770 for COMPAT_FREEBSD6 and COMPAT_FREEBSD7.
1772 Make sure that you merge any new devices from GENERIC since the
1773 last time you updated your kernel config file.
1775 [9] When checking out sources, you must include the -P flag to have
1776 cvs prune empty directories.
1778 If CPUTYPE is defined in your /etc/make.conf, make sure to use the
1779 "?=" instead of the "=" assignment operator, so that buildworld can
1780 override the CPUTYPE if it needs to.
1782 MAKEOBJDIRPREFIX must be defined in an environment variable, and
1783 not on the command line, or in /etc/make.conf. buildworld will
1784 warn if it is improperly defined.
1787 This file contains a list, in reverse chronological order, of major
1788 breakages in tracking -current. It is not guaranteed to be a complete
1789 list of such breakages, and only contains entries since September 23, 2011.
1790 If you need to see UPDATING entries from before that date, you will need
1791 to fetch an UPDATING file from an older FreeBSD release.
1793 Copyright information:
1795 Copyright 1998-2009 M. Warner Losh. All Rights Reserved.
1797 Redistribution, publication, translation and use, with or without
1798 modification, in full or in part, in any form or format of this
1799 document are permitted without further permission from the author.
1801 THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
1802 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
1803 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1804 DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
1805 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1806 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1807 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1808 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1809 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
1810 IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1811 POSSIBILITY OF SUCH DAMAGE.
1813 Contact Warner Losh if you have any questions about your use of