1 Updating Information for FreeBSD current users.
3 This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>.
4 See end of file for further details. For commonly done items, please see the
5 COMMON ITEMS: section later in the file. These instructions assume that you
6 basically know what you are doing. If not, then please consult the FreeBSD
9 https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-src.html
11 Items affecting the ports and packages system can be found in
12 /usr/ports/UPDATING. Please read that file before running portupgrade.
14 NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping
15 from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
16 the tip of head, and then rebuild without this option. The bootstrap process
17 from older version of current across the gcc/clang cutover is a bit fragile.
19 20190702 p11 FreeBSD-EN-19:12.tzdata
20 FreeBSD-SA-19:09.iconv
22 FreeBSD-SA-19:11.cd_ioctl
24 Import tzdata 2019b. [EN-19:12.tzdata]
26 Fix iconv buffer overflow. [SA-19:09.iconv]
28 Fix kernel stack disclosure in UFS/FFS. [SA-19:10.ufs]
30 Fix privilege escalation in cd(4) driver. [SA-19:11.cd_ioctl]
32 20190514 p10 FreeBSD-EN-19:08.tzdata
33 FreeBSD-EN-19:09.xinstall
40 Import tzdata 2019a. [EN-19:08.tzdata]
42 Fix install with partially matching relative paths. [EN-19:09.xinstall]
44 Fix multiple vulnerabilities in hostapd/wpa_supplicant. [SA-19:03.wpa]
46 Fix authenticated denial of service in ntpd. [SA-19:04.ntp]
48 Fix IPv6 fragment reassembly in pf. [SA-19:05.pf]
50 Fix ICMP/ICMP6 packet filter bypass in pf. [SA-19:06.pf]
52 Add mitigations for Microarchitectural Data Sampling. [SA-19:07.mds]
55 20190205 p9 FreeBSD-SA-19:01.syscall
57 amd64: clear callee-preserved registers on syscall exit
60 20190109 p8 FreeBSD-EN-19:03.sqlite
61 FreeBSD-EN-19:04.tzdata
62 FreeBSD-EN-19:05.kqueue
64 Update sqlite3-3.20.0 --> sqlite3-3.26.0 (3260000) [EN-19:03.sqlite]
66 Import tzdata 2018h, 2018i [EN-19:04.tzdata]
68 Avoid unsynchronized updates to kn_status. [EN-19:05.kqueue]
71 20181219 p7 FreeBSD-SA-18:15.bootpd
72 FreeBSD-EN-18:16.ptrace
76 bootpd: validate hardware type [SA-18:15.bootpd]
78 Only clear a pending thread event if one is pending. [EN-18:16.ptrace]
80 Update the free page count when blacklisting pages. [EN-18:17.vm]
82 Resolve a hang in ZFS during vnode reclamation [EN-18:18.zfs]
85 20181204 p6 FreeBSD-SA-18:14.bhyve
87 Fix insufficient bounds checking in bhyve(8) device model.
90 20181127 p5 FreeBSD-SA-18:13.nfs
92 FreeBSD-EN-18:14.tzdata
93 FreeBSD-EN-18:15.loader
95 Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs]
97 Fix ICMP buffer underwrite. [EN-18:13.icmp]
99 Timezone database information update. [EN-18:14.tzdata]
101 Fix deferred kernel loading breaks loader password. [EN-18:15.loader]
103 20180927 p4 FreeBSD-EN-18:09.ip
104 FreeBSD-EN-18:10.syscall
105 FreeBSD-EN-18:11.listen
108 Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]
110 Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]
112 Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]
114 Fix small kernel memory disclosures. [EN-18:12.mem]
116 20180912 p3 FreeBSD-SA-18:12.elf
117 FreeBSD-EN-18:08.lazyfpu
119 Fix improper elf header parsing. [SA-18:12.elf]
121 Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu]
123 20180814 p2 FreeBSD-SA-18:08.tcp [revised]
124 FreeBSD-SA-18:09.l1tf
126 FreeBSD-SA-18:11.hostapd
128 Revise manual pages. [SA-18:08.tcp]
130 Fix L1 Terminal Fault (L1TF) kernel information disclosure.
133 Fix resource exhaustion in IP fragment reassembly. [SA-18:10.ip]
135 Fix unauthenticated EAPOL-Key decryption vulnerability.
138 20180806 p1 FreeBSD-SA-18:08.tcp
140 Fix resource exhaustion in TCP reassembly.
146 The tz database (tzdb) has been updated to 2018e. This version more
147 correctly models time stamps in time zones with negative DST such as
148 Europe/Dublin (from 1971 on), Europe/Prague (1946/7), and
149 Africa/Windhoek (1994/2017). This does not affect the UT offsets, only
150 time zone abbreviations and the tm_isdst flag.
153 The use of RSS hash from the network card aka flowid has been
154 disabled by default for lagg(4) as it's currently incompatible with
155 the lacp and loadbalance protocols.
157 This can be re-enabled by setting the following in loader.conf:
158 net.link.lagg.default_use_flowid="1"
161 Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to
162 6.0.0. Please see the 20141231 entry below for information about
163 prerequisites and upgrading, if you are not already using clang 3.5.0
167 The LOADER_FIREWIRE_SUPPORT build variable as been renamed to
168 WITH/OUT_LOADER_FIREWIRE. LOADER_{NO_,}GELI_SUPPORT has been renamed
169 to WITH/OUT_LOADER_GELI.
172 The geli password typed at boot is now hidden. To restore the previous
173 behavior, see geli(8) for configuration options.
175 The SW_WATCHDOG option is no longer necessary to enable the
176 hardclock-based software watchdog if no hardware watchdog is
177 configured. As before, SW_WATCHDOG will cause the software
178 watchdog to be enabled even if a hardware watchdog is configured.
181 lint(1) binaries and library are no longer built by default. To
182 enable building them, define WITH_LINT in src.conf. If you are using
183 a FreeBSD 12 or later system to build 11-stable, you may need to
184 install a lint(1) binary to use WITH_LINT.
187 When building multiple kernels using KERNCONF, non-existent KERNCONF
188 files will produce an error and buildkernel will fail. Previously
189 missing KERNCONF files silently failed giving no indication as to
190 why, only to subsequently discover during installkernel that the
191 desired kernel was never built in the first place.
194 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 5.0.0.
195 Please see the 20141231 entry below for information about prerequisites
196 and upgrading, if you are not already using clang 3.5.0 or higher.
199 Since the switch to GPT disk labels, fsck for UFS/FFS has been
200 unable to automatically find alternate superblocks. As of r322806,
201 the information needed to find alternate superblocks has been
202 moved to the end of the area reserved for the boot block.
203 Filesystems created with a newfs of this vintage or later
204 will create the recovery information. If you have a filesystem
205 created prior to this change and wish to have a recovery block
206 created for your filesystem, you can do so by running fsck in
207 forground mode (i.e., do not use the -p or -y options). As it
208 starts, fsck will ask ``SAVE DATA TO FIND ALTERNATE SUPERBLOCKS''
209 to which you should answer yes.
212 arm64 builds now use the base system LLD 4.0.0 linker by default,
213 instead of requiring that the aarch64-binutils port or package be
214 installed. To continue using aarch64-binutils, set
215 CROSS_BINUTILS_PREFIX=/usr/local/aarch64-freebsd/bin .
218 The ctl.ko module no longer implements the iSCSI target frontend:
219 cfiscsi.ko does instead.
221 If building cfiscsi.ko as a kernel module, the module can be loaded
222 via one of the following methods:
223 - `cfiscsi_load="YES"` in loader.conf(5).
224 - Add `cfiscsi` to `$kld_list` in rc.conf(5).
225 - ctladm(8)/ctld(8), when compiled with iSCSI support
226 (`WITH_ISCSI=yes` in src.conf(5))
228 Please see cfiscsi(4) for more details.
231 The mmcsd.ko module now additionally depends on geom_flashmap.ko.
232 Also, mmc.ko and mmcsd.ko need to be a matching pair built from the
233 same source (previously, the dependency of mmcsd.ko on mmc.ko was
234 missing, but mmcsd.ko now will refuse to load if it is incompatible
238 Binds and sends to the loopback addresses, IPv6 and IPv4, will now
239 use any explicitly assigned loopback address available in the jail
240 instead of using the first assigned address of the jail.
243 As of r316810 for ipfilter, keep frags is no longer assumed when
244 keep state is specified in a rule. r316810 aligns ipfilter with
245 documentation in man pages separating keep frags from keep state.
246 This allows keep state to specified without forcing keep frags
247 and allows keep frags to be specified independently of keep state.
248 To maintain previous behaviour, also specify keep frags with
249 keep state (as documented in ipf.conf.5).
252 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 4.0.0.
253 Please see the 20141231 entry below for information about prerequisites
254 and upgrading, if you are not already using clang 3.5.0 or higher.
257 The code that provides support for ZFS .zfs/ directory functionality
258 has been reimplemented. It's not possible now to create a snapshot
259 by mkdir under .zfs/snapshot/. That should be the only user visible
263 Many changes in the IPsec code have been merged from the FreeBSD-CURRENT
264 branch. The IPSEC_FILTERTUNNEL kernel option is removed in favour of
265 corresponding sysctl. The IPSEC_NAT_T kernel option is also removed,
266 and now NAT-T is supported by default. Security associations now use
267 the single namespace for SPI allocation, so if you use several manually
268 configured security associations with the same SPI, this configuration
272 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.1.
273 Please see the 20141231 entry below for information about prerequisites
274 and upgrading, if you are not already using clang 3.5.0 or higher.
277 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.0.
278 Please see the 20141231 entry below for information about prerequisites
279 and upgrading, if you are not already using clang 3.5.0 or higher.
282 The layout of the pmap structure has changed for powerpc to put the pmap
283 statistics at the front for all CPU variations. libkvm(3) and all tools
284 that link against it need to be recompiled.
287 isl(4) and cyapa(4) drivers now require a new driver,
288 chromebook_platform(4), to work properly on Chromebook-class hardware.
289 On other types of hardware the drivers may need to be configured using
290 device hints. Please see the corresponding manual pages for details.
293 Relocatable object files with the extension of .So have been renamed
294 to use an extension of .pico instead. The purpose of this change is
295 to avoid a name clash with shared libraries on case-insensitive file
296 systems. On those file systems, foo.So is the same file as foo.so.
299 The libc stub for the pipe(2) system call has been replaced with
300 a wrapper that calls the pipe2(2) system call and the pipe(2)
301 system call is now only implemented by the kernels that include
302 "options COMPAT_FREEBSD10" in their config file (this is the
303 default). Users should ensure that this option is enabled in
304 their kernel or upgrade userspace to r302092 before upgrading their
308 CAM will now strip leading spaces from SCSI disks' serial numbers.
309 This will effect users who create UFS filesystems on SCSI disks using
310 those disk's diskid device nodes. For example, if /etc/fstab
311 previously contained a line like
312 "/dev/diskid/DISK-%20%20%20%20%20%20%20ABCDEFG0123456", you should
313 change it to "/dev/diskid/DISK-ABCDEFG0123456". Users of geom
314 transforms like gmirror may also be affected. ZFS users should
318 The bitstring(3) API has been updated with new functionality and
319 improved performance. But it is binary-incompatible with the old API.
320 Objects built with the new headers may not be linked against objects
321 built with the old headers.
324 The brk and sbrk functions have been removed from libc on arm64.
325 Binutils from ports has been updated to not link to these
326 functions and should be updated to the latest version before
327 installing a new libc.
330 The armv6 port now defaults to hard float ABI. Limited support
331 for running both hardfloat and soft float on the same system
332 is available using the libraries installed with -DWITH_LIBSOFT.
333 This has only been tested as an upgrade path for installworld
334 and packages may fail or need manual intervention to run. New
335 packages will be needed.
337 To update an existing self-hosted armv6hf system, you must add
338 TARGET_ARCH=armv6 on the make command line for both the build
339 and the install steps.
342 Kernel modules compiled outside of a kernel build now default to
343 installing to /boot/modules instead of /boot/kernel. Many kernel
344 modules built this way (such as those in ports) already overrode
345 KMODDIR explicitly to install into /boot/modules. However,
346 manually building and installing a module from /sys/modules will
347 now install to /boot/modules instead of /boot/kernel.
350 The CAM I/O scheduler has been committed to the kernel. There should be
351 no user visible impact. This does enable NCQ Trim on ada SSDs. While the
352 list of known rogues that claim support for this but actually corrupt
353 data is believed to be complete, be on the lookout for data
354 corruption. The known rogue list is believed to be complete:
356 o Crucial MX100, M550 drives with MU01 firmware.
357 o Micron M510 and M550 drives with MU01 firmware.
358 o Micron M500 prior to MU07 firmware
359 o Samsung 830, 840, and 850 all firmwares
360 o FCCT M500 all firmwares
362 Crucial has firmware http://www.crucial.com/usa/en/support-ssd-firmware
363 with working NCQ TRIM. For Micron branded drives, see your sales rep for
364 updated firmware. Black listed drives will work correctly because these
365 drives work correctly so long as no NCQ TRIMs are sent to them. Given
366 this list is the same as found in Linux, it's believed there are no
367 other rogues in the market place. All other models from the above
370 To be safe, if you are at all concerned, you can quirk each of your
371 drives to prevent NCQ from being sent by setting:
372 kern.cam.ada.X.quirks="0x2"
373 in loader.conf. If the drive requires the 4k sector quirk, set the
377 The FAST_DEPEND build option has been removed and its functionality is
378 now the one true way. The old mkdep(1) style of 'make depend' has
379 been removed. See 20160311 for further details.
382 Resource range types have grown from unsigned long to uintmax_t. All
383 drivers, and anything using libdevinfo, need to be recompiled.
386 WITH_FAST_DEPEND is now enabled by default for in-tree and out-of-tree
387 builds. It no longer runs mkdep(1) during 'make depend', and the
388 'make depend' stage can safely be skipped now as it is auto ran
389 when building 'make all' and will generate all SRCS and DPSRCS before
390 building anything else. Dependencies are gathered at compile time with
391 -MF flags kept in separate .depend files per object file. Users should
392 run 'make cleandepend' once if using -DNO_CLEAN to clean out older
396 On amd64, clang 3.8.0 can now insert sections of type AMD64_UNWIND into
397 kernel modules. Therefore, if you load any kernel modules at boot time,
398 please install the boot loaders after you install the kernel, but before
402 make kernel KERNCONF=YOUR_KERNEL_HERE
403 make -C sys/boot install
404 <reboot in single user>
406 Then follow the usual steps, described in the General Notes section,
410 Clang, llvm, lldb and compiler-rt have been upgraded to 3.8.0. Please
411 see the 20141231 entry below for information about prerequisites and
412 upgrading, if you are not already using clang 3.5.0 or higher.
415 The AIO subsystem is now a standard part of the kernel. The
416 VFS_AIO kernel option and aio.ko kernel module have been removed.
417 Due to stability concerns, asynchronous I/O requests are only
418 permitted on sockets and raw disks by default. To enable
419 asynchronous I/O requests on all file types, set the
420 vfs.aio.enable_unsafe sysctl to a non-zero value.
423 The ELF object manipulation tool objcopy is now provided by the
424 ELF Tool Chain project rather than by GNU binutils. It should be a
425 drop-in replacement, with the addition of arm64 support. The
426 (temporary) src.conf knob WITHOUT_ELFCOPY_AS_OBJCOPY knob may be set
427 to obtain the GNU version if necessary.
430 Building ZFS pools on top of zvols is prohibited by default. That
431 feature has never worked safely; it's always been prone to deadlocks.
432 Using a zvol as the backing store for a VM guest's virtual disk will
433 still work, even if the guest is using ZFS. Legacy behavior can be
434 restored by setting vfs.zfs.vol.recursive=1.
437 The NONE and HPN patches has been removed from OpenSSH. They are
438 still available in the security/openssh-portable port.
441 With the addition of ypldap(8), a new _ypldap user is now required
442 during installworld. "mergemaster -p" can be used to add the user
443 prior to installworld, as documented in the handbook.
446 The tftp loader (pxeboot) now uses the option root-path directive. As a
447 consequence it no longer looks for a pxeboot.4th file on the tftp
448 server. Instead it uses the regular /boot infrastructure as with the
452 The code to start recording plug and play data into the modules has
453 been committed. While the old tools will properly build a new kernel,
454 a number of warnings about "unknown metadata record 4" will be produced
455 for an older kldxref. To avoid such warnings, make sure to rebuild
456 the kernel toolchain (or world). Make sure that you have r292078 or
457 later when trying to build 292077 or later before rebuilding.
460 Debug data files are now built by default with 'make buildworld' and
461 installed with 'make installworld'. This facilitates debugging but
462 requires more disk space both during the build and for the installed
463 world. Debug files may be disabled by setting WITHOUT_DEBUG_FILES=yes
467 r291527 changed the internal interface between the nfsd.ko and
468 nfscommon.ko modules. As such, they must both be upgraded to-gether.
469 __FreeBSD_version has been bumped because of this.
472 Add support for unicode collation strings leads to a change of
473 order of files listed by ls(1) for example. To get back to the old
474 behaviour, set LC_COLLATE environment variable to "C".
476 Databases administrators will need to reindex their databases given
477 collation results will be different.
479 Due to a bug in install(1) it is recommended to remove the ancient
480 locales before running make installworld.
482 rm -rf /usr/share/locale/*
485 The OpenSSL has been upgraded to 1.0.2d. Any binaries requiring
486 libcrypto.so.7 or libssl.so.7 must be recompiled.
489 Qlogic 24xx/25xx firmware images were updated from 5.5.0 to 7.3.0.
490 Kernel modules isp_2400_multi and isp_2500_multi were removed and
491 should be replaced with isp_2400 and isp_2500 modules respectively.
494 The build previously allowed using 'make -n' to not recurse into
495 sub-directories while showing what commands would be executed, and
496 'make -n -n' to recursively show commands. Now 'make -n' will recurse
497 and 'make -N' will not.
500 If you specify SENDMAIL_MC or SENDMAIL_CF in make.conf, mergemaster
501 and etcupdate will now use this file. A custom sendmail.cf is now
502 updated via this mechanism rather than via installworld. If you had
503 excluded sendmail.cf in mergemaster.rc or etcupdate.conf, you may
504 want to remove the exclusion or change it to "always install".
505 /etc/mail/sendmail.cf is now managed the same way regardless of
506 whether SENDMAIL_MC/SENDMAIL_CF is used. If you are not using
507 SENDMAIL_MC/SENDMAIL_CF there should be no change in behavior.
510 Compatibility shims for legacy ATA device names have been removed.
511 It includes ATA_STATIC_ID kernel option, kern.cam.ada.legacy_aliases
512 and kern.geom.raid.legacy_aliases loader tunables, kern.devalias.*
513 environment variables, /dev/ad* and /dev/ar* symbolic links.
516 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.7.0.
517 Please see the 20141231 entry below for information about prerequisites
518 and upgrading, if you are not already using clang 3.5.0 or higher.
521 Kernel debug files have been moved to /usr/lib/debug/boot/kernel/,
522 and renamed from .symbols to .debug. This reduces the size requirements
523 on the boot partition or file system and provides consistency with
524 userland debug files.
526 When using the supported kernel installation method the
527 /usr/lib/debug/boot/kernel directory will be renamed (to kernel.old)
528 as is done with /boot/kernel.
530 Developers wishing to maintain the historical behavior of installing
531 debug files in /boot/kernel/ can set KERN_DEBUGDIR="" in src.conf(5).
534 The wireless drivers had undergone changes that remove the 'parent
535 interface' from the ifconfig -l output. The rc.d network scripts
536 used to check presence of a parent interface in the list, so old
537 scripts would fail to start wireless networking. Thus, etcupdate(3)
538 or mergemaster(8) run is required after kernel update, to update your
539 rc.d scripts in /etc.
542 pf no longer supports 'scrub fragment crop' or 'scrub fragment drop-ovl'
543 These configurations are now automatically interpreted as
544 'scrub fragment reassemble'.
547 Kernel-loadable modules for the random(4) device are back. To use
548 them, the kernel must have
551 options RANDOM_LOADABLE
553 kldload(8) can then be used to load random_fortuna.ko
554 or random_yarrow.ko. Please note that due to the indirect
555 function calls that the loadable modules need to provide,
556 the build-in variants will be slightly more efficient.
558 The random(4) kernel option RANDOM_DUMMY has been retired due to
559 unpopularity. It was not all that useful anyway.
562 The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired.
563 Control over building the ELF Tool Chain tools is now provided by
564 the WITHOUT_TOOLCHAIN knob.
567 The polarity of Pulse Per Second (PPS) capture events with the
568 uart(4) driver has been corrected. Prior to this change the PPS
569 "assert" event corresponded to the trailing edge of a positive PPS
570 pulse and the "clear" event was the leading edge of the next pulse.
572 As the width of a PPS pulse in a typical GPS receiver is on the
573 order of 1 millisecond, most users will not notice any significant
574 difference with this change.
576 Anyone who has compensated for the historical polarity reversal by
577 configuring a negative offset equal to the pulse width will need to
578 remove that workaround.
581 The default group assigned to /dev/dri entries has been changed
582 from 'wheel' to 'video' with the id of '44'. If you want to have
583 access to the dri devices please add yourself to the video group
586 # pw groupmod video -m $USER
589 The menu.rc and loader.rc files will now be replaced during
590 upgrades. Please migrate local changes to menu.rc.local and
591 loader.rc.local instead.
594 GNU Binutils versions of addr2line, c++filt, nm, readelf, size,
595 strings and strip have been removed. The src.conf(5) knob
596 WITHOUT_ELFTOOLCHAIN_TOOLS no longer provides the binutils tools.
599 As ZFS requires more kernel stack pages than is the default on some
600 architectures e.g. i386, it now warns if KSTACK_PAGES is less than
601 ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing).
603 Please consider using 'options KSTACK_PAGES=X' where X is greater
604 than or equal to ZFS_MIN_KSTACK_PAGES i.e. 4 in such configurations.
607 sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0
608 and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by
609 default, i.e., they will not contain "::". For example, instead
610 of ::1, it will be 0:0:0:0:0:0:0:1. This permits a zero subnet
611 to have a more specific match, such as different map entries for
612 IPv6:0:0 vs IPv6:0. This change requires that configuration
613 data (including maps, files, classes, custom ruleset, etc.) must
614 use the same format, so make certain such configuration data is
615 upgrading. As a very simple check search for patterns like
616 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old
617 behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or
618 the cf option UseCompressedIPv6Addresses.
621 The default kernel entropy-processing algorithm is now
622 Fortuna, replacing Yarrow.
624 Assuming you have 'device random' in your kernel config
625 file, the configurations allow a kernel option to override
626 this default. You may choose *ONE* of:
628 options RANDOM_YARROW # Legacy /dev/random algorithm.
629 options RANDOM_DUMMY # Blocking-only driver.
631 If you have neither, you get Fortuna. For most people,
632 read no further, Fortuna will give a /dev/random that works
633 like it always used to, and the difference will be irrelevant.
635 If you remove 'device random', you get *NO* kernel-processed
636 entropy at all. This may be acceptable to folks building
637 embedded systems, but has complications. Carry on reading,
638 and it is assumed you know what you need.
640 *PLEASE* read random(4) and random(9) if you are in the
641 habit of tweaking kernel configs, and/or if you are a member
642 of the embedded community, wanting specific and not-usual
643 behaviour from your security subsystems.
645 NOTE!! If you use RANDOM_DUMMY and/or have no 'device
646 random', you will NOT have a functioning /dev/random, and
647 many cryptographic features will not work, including SSH.
648 You may also find strange behaviour from the random(3) set
649 of library functions, in particular sranddev(3), srandomdev(3)
650 and arc4random(3). The reason for this is that the KERN_ARND
651 sysctl only returns entropy if it thinks it has some to
652 share, and with RANDOM_DUMMY or no 'device random' this
656 An additional fix for the issue described in the 20150614 sendmail
657 entry below has been been committed in revision 284717.
660 FreeBSD's old make (fmake) has been removed from the system. It is
661 available as the devel/fmake port or via pkg install fmake.
664 The fix for the issue described in the 20150614 sendmail entry
665 below has been been committed in revision 284436. The work
666 around described in that entry is no longer needed unless the
667 default setting is overridden by a confDH_PARAMETERS configuration
668 setting of '5' or pointing to a 512 bit DH parameter file.
671 ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from
672 atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf
673 and devel/kyua to version 0.20+ and adjust any calling code to work
674 with Kyuafile and kyua.
677 The import of openssl to address the FreeBSD-SA-15:10.openssl
678 security advisory includes a change which rejects handshakes
679 with DH parameters below 768 bits. sendmail releases prior
680 to 8.15.2 (not yet released), defaulted to a 512 bit
681 DH parameter setting for client connections. To work around
682 this interoperability, sendmail can be configured to use a
683 2048 bit DH parameter by:
685 1. Edit /etc/mail/`hostname`.mc
686 2. If a setting for confDH_PARAMETERS does not exist or
687 exists and is set to a string beginning with '5',
689 3. If a setting for confDH_PARAMETERS exists and is set to
690 a file path, create a new file with:
691 openssl dhparam -out /path/to/file 2048
692 4. Rebuild the .cf file:
693 cd /etc/mail/; make; make install
695 cd /etc/mail/; make restart
697 A sendmail patch is coming, at which time this file will be
701 Generation of legacy formatted entries have been disabled by default
702 in pwd_mkdb(8), as all base system consumers of the legacy formatted
703 entries were converted to use the new format by default when the new,
704 machine independent format have been added and supported since FreeBSD
707 Please see the pwd_mkdb(8) manual page for further details.
710 Clang and llvm have been upgraded to 3.6.1 release. Please see the
711 20141231 entry below for information about prerequisites and upgrading,
712 if you are not already using 3.5.0 or higher.
715 TI platform code switched to using vendor DTS files and this update
716 may break existing systems running on Beaglebone, Beaglebone Black,
719 - dtb files should be regenerated/reinstalled. Filenames are the
720 same but content is different now
721 - GPIO addressing was changed, now each GPIO bank (32 pins per bank)
722 has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old
723 addressing scheme is now pin 25 on /dev/gpioc3.
724 - Pandaboard: /etc/ttys should be updated, serial console device is
725 now /dev/ttyu2, not /dev/ttyu0
728 soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim.
729 If you need the GNU extension from groff soelim(1), install groff
730 from package: pkg install groff, or via ports: textproc/groff.
733 chmod, chflags, chown and chgrp now affect symlinks in -R mode as
734 defined in symlink(7); previously symlinks were silently ignored.
737 The const qualifier has been removed from iconv(3) to comply with
738 POSIX. The ports tree is aware of this from r384038 onwards.
741 Libraries specified by LIBADD in Makefiles must have a corresponding
742 DPADD_<lib> variable to ensure correct dependencies. This is now
743 enforced in src.libnames.mk.
746 From legacy ata(4) driver was removed support for SATA controllers
747 supported by more functional drivers ahci(4), siis(4) and mvs(4).
748 Kernel modules ataahci and ataadaptec were removed completely,
749 replaced by ahci and mvs modules respectively.
752 Clang, llvm and lldb have been upgraded to 3.6.0 release. Please see
753 the 20141231 entry below for information about prerequisites and
754 upgrading, if you are not already using 3.5.0 or higher.
757 The 32-bit PowerPC kernel has been changed to a position-independent
758 executable. This can only be booted with a version of loader(8)
759 newer than January 31, 2015, so make sure to update both world and
760 kernel before rebooting.
763 If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014),
764 but before r278950, the RNG was not seeded properly. Immediately
765 upgrade the kernel to r278950 or later and regenerate any keys (e.g.
766 ssh keys or openssl keys) that were generated w/ a kernel from that
767 range. This does not affect programs that directly used /dev/random
768 or /dev/urandom. All userland uses of arc4random(3) are affected.
771 The autofs(4) ABI was changed in order to restore binary compatibility
772 with 10.1-RELEASE. The automountd(8) daemon needs to be rebuilt to work
776 The powerpc64 kernel has been changed to a position-independent
777 executable. This can only be booted with a new version of loader(8),
778 so make sure to update both world and kernel before rebooting.
781 Clang and llvm have been upgraded to 3.5.1 release. This is a bugfix
782 only release, no new features have been added. Please see the 20141231
783 entry below for information about prerequisites and upgrading, if you
784 are not already using 3.5.0.
787 ELF tools addr2line, elfcopy (strip), nm, size, and strings are now
788 taken from the ELF Tool Chain project rather than GNU binutils. They
789 should be drop-in replacements, with the addition of arm64 support.
790 The WITHOUT_ELFTOOLCHAIN_TOOLS= knob may be used to obtain the
791 binutils tools, if necessary. See 20150805 for updated information.
794 The default Unbound configuration now enables remote control
795 using a local socket. Users who have already enabled the
796 local_unbound service should regenerate their configuration
797 by running "service local_unbound setup" as root.
800 The GNU texinfo and GNU info pages have been removed.
801 To be able to view GNU info pages please install texinfo from ports.
804 Clang, llvm and lldb have been upgraded to 3.5.0 release.
806 As of this release, a prerequisite for building clang, llvm and lldb is
807 a C++11 capable compiler and C++11 standard library. This means that to
808 be able to successfully build the cross-tools stage of buildworld, with
809 clang as the bootstrap compiler, your system compiler or cross compiler
810 should either be clang 3.3 or later, or gcc 4.8 or later, and your
811 system C++ library should be libc++, or libdstdc++ from gcc 4.8 or
814 On any standard FreeBSD 10.x or 11.x installation, where clang and
815 libc++ are on by default (that is, on x86 or arm), this should work out
818 On 9.x installations where clang is enabled by default, e.g. on x86 and
819 powerpc, libc++ will not be enabled by default, so libc++ should be
820 built (with clang) and installed first. If both clang and libc++ are
821 missing, build clang first, then use it to build libc++.
823 On 8.x and earlier installations, upgrade to 9.x first, and then follow
824 the instructions for 9.x above.
826 Sparc64 and mips users are unaffected, as they still use gcc 4.2.1 by
827 default, and do not build clang.
829 Many embedded systems are resource constrained, and will not be able to
830 build clang in a reasonable time, or in some cases at all. In those
831 cases, cross building bootable systems on amd64 is a workaround.
833 This new version of clang introduces a number of new warnings, of which
834 the following are most likely to appear:
838 This warns in two cases, for both C and C++:
839 * When the code is trying to take the absolute value of an unsigned
840 quantity, which is effectively a no-op, and almost never what was
841 intended. The code should be fixed, if at all possible. If you are
842 sure that the unsigned quantity can be safely cast to signed, without
843 loss of information or undefined behavior, you can add an explicit
844 cast, or disable the warning.
846 * When the code is trying to take an absolute value, but the called
847 abs() variant is for the wrong type, which can lead to truncation.
848 If you want to disable the warning instead of fixing the code, please
849 make sure that truncation will not occur, or it might lead to unwanted
852 -Wtautological-undefined-compare and
853 -Wundefined-bool-conversion
855 These warn when C++ code is trying to compare 'this' against NULL, while
856 'this' should never be NULL in well-defined C++ code. However, there is
857 some legacy (pre C++11) code out there, which actively abuses this
858 feature, which was less strictly defined in previous C++ versions.
860 Squid and openjdk do this, for example. The warning can be turned off
861 for C++98 and earlier, but compiling the code in C++11 mode might result
862 in unexpected behavior; for example, the parts of the program that are
863 unreachable could be optimized away.
866 The old NFS client and server (kernel options NFSCLIENT, NFSSERVER)
867 kernel sources have been removed. The .h files remain, since some
868 utilities include them. This will need to be fixed later.
869 If "mount -t oldnfs ..." is attempted, it will fail.
870 If the "-o" option on mountd(8), nfsd(8) or nfsstat(1) is used,
871 the utilities will report errors.
874 The handling of LOCAL_LIB_DIRS has been altered to skip addition of
875 directories to top level SUBDIR variable when their parent
876 directory is included in LOCAL_DIRS. Users with build systems with
877 such hierarchies and without SUBDIR entries in the parent
878 directory Makefiles should add them or add the directories to
882 faith(4) and faithd(8) have been removed from the base system. Faith
883 has been obsolete for a very long time.
886 vt(4), the new console driver, is enabled by default. It brings
887 support for Unicode and double-width characters, as well as
888 support for UEFI and integration with the KMS kernel video
891 You may need to update your console settings in /etc/rc.conf,
892 most probably the keymap. During boot, /etc/rc.d/syscons will
893 indicate what you need to do.
895 vt(4) still has issues and lacks some features compared to
896 syscons(4). See the wiki for up-to-date information:
897 https://wiki.freebsd.org/Newcons
899 If you want to keep using syscons(4), you can do so by adding
900 the following line to /boot/loader.conf:
904 pjdfstest has been integrated into kyua as an opt-in test suite.
905 Please see share/doc/pjdfstest/README for more details on how to
909 gperf has been removed from the base system for architectures
910 that use clang. Ports that require gperf will obtain it from the
914 pjdfstest has been moved from tools/regression/pjdfstest to
918 At svn r271982, The default linux compat kernel ABI has been adjusted
919 to 2.6.18 in support of the linux-c6 compat ports infrastructure
920 update. If you wish to continue using the linux-f10 compat ports,
921 add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are
922 encouraged to update their linux-compat packages to linux-c6 during
923 their next update cycle.
926 The ofwfb driver, used to provide a graphics console on PowerPC when
927 using vt(4), no longer allows mmap() of all physical memory. This
928 will prevent Xorg on PowerPC with some ATI graphics cards from
929 initializing properly unless x11-servers/xorg-server is updated to
933 The xdev targets have been converted to using TARGET and
934 TARGET_ARCH instead of XDEV and XDEV_ARCH.
937 The default unbound configuration has been modified to address
938 issues with reverse lookups on networks that use private
939 address ranges. If you use the local_unbound service, run
940 "service local_unbound setup" as root to regenerate your
941 configuration, then "service local_unbound reload" to load the
945 The GNU texinfo and GNU info pages are not built and installed
946 anymore, WITH_INFO knob has been added to allow to built and install
948 UPDATE: see 20150102 entry on texinfo's removal
951 The GNU readline library is now an INTERNALLIB - that is, it is
952 statically linked into consumers (GDB and variants) in the base
953 system, and the shared library is no longer installed. The
954 devel/readline port is available for third party software that
958 The Itanium architecture (ia64) has been removed from the list of
959 known architectures. This is the first step in the removal of the
963 Commit r268115 has added NFSv4.1 server support, merged from
964 projects/nfsv4.1-server. Since this includes changes to the
965 internal interfaces between the NFS related modules, a full
966 build of the kernel and modules will be necessary.
967 __FreeBSD_version has been bumped.
970 The WITHOUT_VT_SUPPORT kernel config knob has been renamed
971 WITHOUT_VT. (The other _SUPPORT knobs have a consistent meaning
972 which differs from the behaviour controlled by this knob.)
975 Maximal length of the serial number in CTL was increased from 16 to
976 64 chars, that breaks ABI. All CTL-related tools, such as ctladm
977 and ctld, need to be rebuilt to work with a new kernel.
980 The libatf-c and libatf-c++ major versions were downgraded to 0 and
981 1 respectively to match the upstream numbers. They were out of
982 sync because, when they were originally added to FreeBSD, the
983 upstream versions were not respected. These libraries are private
984 and not yet built by default, so renumbering them should be a
985 non-issue. However, unclean source trees will yield broken test
986 programs once the operator executes "make delete-old-libs" after a
989 Additionally, the atf-sh binary was made private by moving it into
990 /usr/libexec/. Already-built shell test programs will keep the
991 path to the old binary so they will break after "make delete-old"
994 If you are using WITH_TESTS=yes (not the default), wipe the object
995 tree and rebuild from scratch to prevent spurious test failures.
996 This is only needed once: the misnumbered libraries and misplaced
997 binaries have been added to OptionalObsoleteFiles.inc so they will
998 be removed during a clean upgrade.
1001 Clang and llvm have been upgraded to 3.4.1 release.
1004 We bogusly installed src.opts.mk in /usr/share/mk. This file should
1005 be removed to avoid issues in the future (and has been added to
1009 /etc/src.conf now affects only builds of the FreeBSD src tree. In the
1010 past, it affected all builds that used the bsd.*.mk files. The old
1011 behavior was a bug, but people may have relied upon it. To get this
1012 behavior back, you can .include /etc/src.conf from /etc/make.conf
1013 (which is still global and isn't changed). This also changes the
1014 behavior of incremental builds inside the tree of individual
1015 directories. Set MAKESYSPATH to ".../share/mk" to do that.
1016 Although this has survived make universe and some upgrade scenarios,
1017 other upgrade scenarios may have broken. At least one form of
1018 temporary breakage was fixed with MAKESYSPATH settings for buildworld
1019 as well... In cases where MAKESYSPATH isn't working with this
1020 setting, you'll need to set it to the full path to your tree.
1022 One side effect of all this cleaning up is that bsd.compiler.mk
1023 is no longer implicitly included by bsd.own.mk. If you wish to
1024 use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk
1028 The lindev device has been removed since /dev/full has been made a
1029 standard device. __FreeBSD_version has been bumped.
1032 The knob WITHOUT_VI was added to the base system, which controls
1033 building ex(1), vi(1), etc. Older releases of FreeBSD required ex(1)
1034 in order to reorder files share/termcap and didn't build ex(1) as a
1035 build tool, so building/installing with WITH_VI is highly advised for
1036 build hosts for older releases.
1038 This issue has been fixed in stable/9 and stable/10 in r277022 and
1039 r276991, respectively.
1042 The YES_HESIOD knob has been removed. It has been obsolete for
1043 a decade. Please move to using WITH_HESIOD instead or your builds
1044 will silently lack HESIOD.
1047 The uart(4) driver has been changed with respect to its handling
1048 of the low-level console. Previously the uart(4) driver prevented
1049 any process from changing the baudrate or the CLOCAL and HUPCL
1050 control flags. By removing the restrictions, operators can make
1051 changes to the serial console port without having to reboot.
1052 However, when getty(8) is started on the serial device that is
1053 associated with the low-level console, a misconfigured terminal
1054 line in /etc/ttys will now have a real impact.
1055 Before upgrading the kernel, make sure that /etc/ttys has the
1056 serial console device configured as 3wire without baudrate to
1057 preserve the previous behaviour. E.g:
1058 ttyu0 "/usr/libexec/getty 3wire" vt100 on secure
1061 Support for libwrap (TCP wrappers) in rpcbind was disabled by default
1062 to improve performance. To re-enable it, if needed, run rpcbind
1063 with command line option -W.
1066 Switched back to the GPL dtc compiler due to updates in the upstream
1067 dts files not being supported by the BSDL dtc compiler. You will need
1068 to rebuild your kernel toolchain to pick up the new compiler. Core dumps
1069 may result while building dtb files during a kernel build if you fail
1070 to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler.
1073 Clang and llvm have been upgraded to 3.4 release.
1076 The nve(4) driver has been removed. Please use the nfe(4) driver
1077 for NVIDIA nForce MCP Ethernet adapters instead.
1080 An ABI incompatibility crept into the libc++ 3.4 import in r261283.
1081 This could cause certain C++ applications using shared libraries built
1082 against the previous version of libc++ to crash. The incompatibility
1083 has now been fixed, but any C++ applications or shared libraries built
1084 between r261283 and r261801 should be recompiled.
1087 OpenSSH will now ignore errors caused by kernel lacking of Capsicum
1088 capability mode support. Please note that enabling the feature in
1089 kernel is still highly recommended.
1092 OpenSSH is now built with sandbox support, and will use sandbox as
1093 the default privilege separation method. This requires Capsicum
1094 capability mode support in kernel.
1097 The libelf and libdwarf libraries have been updated to newer
1098 versions from upstream. Shared library version numbers for
1099 these two libraries were bumped. Any ports or binaries
1100 requiring these two libraries should be recompiled.
1101 __FreeBSD_version is bumped to 1100006.
1104 If a Makefile in a tests/ directory was auto-generating a Kyuafile
1105 instead of providing an explicit one, this would prevent such
1106 Makefile from providing its own Kyuafile in the future during
1107 NO_CLEAN builds. This has been fixed in the Makefiles but manual
1108 intervention is needed to clean an objdir if you use NO_CLEAN:
1109 # find /usr/obj -name Kyuafile | xargs rm -f
1112 The behavior of gss_pseudo_random() for the krb5 mechanism
1113 has changed, for applications requesting a longer random string
1114 than produced by the underlying enctype's pseudo-random() function.
1115 In particular, the random string produced from a session key of
1116 enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
1117 be different at the 17th octet and later, after this change.
1118 The counter used in the PRF+ construction is now encoded as a
1119 big-endian integer in accordance with RFC 4402.
1120 __FreeBSD_version is bumped to 1100004.
1123 The WITHOUT_ATF build knob has been removed and its functionality
1124 has been subsumed into the more generic WITHOUT_TESTS. If you were
1125 using the former to disable the build of the ATF libraries, you
1126 should change your settings to use the latter.
1129 The default version of mtree is nmtree which is obtained from
1130 NetBSD. The output is generally the same, but may vary
1131 slightly. If you found you need identical output adding
1132 "-F freebsd9" to the command line should do the trick. For the
1133 time being, the old mtree is available as fmtree.
1136 libbsdyml has been renamed to libyaml and moved to /usr/lib/private.
1137 This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg
1138 1.1.4_8 and verify bsdyml not linked in, before running "make
1140 # make -C /usr/ports/ports-mgmt/pkg build deinstall install clean
1142 # pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml
1145 The stable/10 branch has been created in subversion from head
1149 The rc.d/jail script has been updated to support jail(8)
1150 configuration file. The "jail_<jname>_*" rc.conf(5) variables
1151 for per-jail configuration are automatically converted to
1152 /var/run/jail.<jname>.conf before the jail(8) utility is invoked.
1153 This is transparently backward compatible. See below about some
1154 incompatibilities and rc.conf(5) manual page for more details.
1156 These variables are now deprecated in favor of jail(8) configuration
1157 file. One can use "rc.d/jail config <jname>" command to generate
1158 a jail(8) configuration file in /var/run/jail.<jname>.conf without
1159 running the jail(8) utility. The default pathname of the
1160 configuration file is /etc/jail.conf and can be specified by
1161 using $jail_conf or $jail_<jname>_conf variables.
1163 Please note that jail_devfs_ruleset accepts an integer at
1164 this moment. Please consider to rewrite the ruleset name
1168 BIND has been removed from the base system. If all you need
1169 is a local resolver, simply enable and start the local_unbound
1170 service instead. Otherwise, several versions of BIND are
1171 available in the ports tree. The dns/bind99 port is one example.
1173 With this change, nslookup(1) and dig(1) are no longer in the base
1174 system. Users should instead use host(1) and drill(1) which are
1175 in the base system. Alternatively, nslookup and dig can
1176 be obtained by installing the dns/bind-tools port.
1179 With the addition of unbound(8), a new unbound user is now
1180 required during installworld. "mergemaster -p" can be used to
1181 add the user prior to installworld, as documented in the handbook.
1184 OpenSSH is now built with DNSSEC support, and will by default
1185 silently trust signed SSHFP records. This can be controlled with
1186 the VerifyHostKeyDNS client configuration setting. DNSSEC support
1187 can be disabled entirely with the WITHOUT_LDNS option in src.conf.
1190 The GNU Compiler Collection and C++ standard library (libstdc++)
1191 are no longer built by default on platforms where clang is the system
1192 compiler. You can enable them with the WITH_GCC and WITH_GNUCXX
1193 options in src.conf.
1196 The PROCDESC kernel option is now part of the GENERIC kernel
1197 configuration and is required for the rwhod(8) to work.
1198 If you are using custom kernel configuration, you should include
1202 The API and ABI related to the Capsicum framework was modified
1203 in backward incompatible way. The userland libraries and programs
1204 have to be recompiled to work with the new kernel. This includes the
1205 following libraries and programs, but the whole buildworld is
1206 advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl,
1207 kdump, procstat, rwho, rwhod, uniq.
1210 AES-NI intrinsic support has been added to gcc. The AES-NI module
1211 has been updated to use this support. A new gcc is required to build
1212 the aesni module on both i386 and amd64.
1215 The PADLOCK_RNG and RDRAND_RNG kernel options are now devices.
1216 Thus "device padlock_rng" and "device rdrand_rng" should be
1217 used instead of "options PADLOCK_RNG" & "options RDRAND_RNG".
1220 WITH_ICONV has been split into two feature sets. WITH_ICONV now
1221 enables just the iconv* functionality and is now on by default.
1222 WITH_LIBICONV_COMPAT enables the libiconv api and link time
1223 compatibility. Set WITHOUT_ICONV to build the old way.
1224 If you have been using WITH_ICONV before, you will very likely
1225 need to turn on WITH_LIBICONV_COMPAT.
1228 INVARIANTS option now enables DEBUG for code with OpenSolaris and
1229 Illumos origin, including ZFS. If you have INVARIANTS in your
1230 kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG
1232 DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS)
1233 locks if WITNESS option was set. Because that generated a lot of
1234 witness(9) reports and all of them were believed to be false
1235 positives, this is no longer done. New option OPENSOLARIS_WITNESS
1236 can be used to achieve the previous behavior.
1239 Timer values in IPv6 data structures now use time_uptime instead
1240 of time_second. Although this is not a user-visible functional
1241 change, userland utilities which directly use them---ndp(8),
1242 rtadvd(8), and rtsold(8) in the base system---need to be updated
1243 to r253970 or later.
1246 find -delete can now delete the pathnames given as arguments,
1247 instead of only files found below them or if the pathname did
1248 not contain any slashes. Formerly, the following error message
1251 find: -delete: <path>: relative path potentially not safe
1253 Deleting the pathnames given as arguments can be prevented
1254 without error messages using -mindepth 1 or by changing
1255 directory and passing "." as argument to find. This works in the
1256 old as well as the new version of find.
1259 Behavior of devfs rules path matching has been changed.
1260 Pattern is now always matched against fully qualified devfs
1261 path and slash characters must be explicitly matched by
1262 slashes in pattern (FNM_PATHNAME). Rulesets involving devfs
1263 subdirectories must be reviewed.
1266 The default ARM ABI has changed to the ARM EABI. The old ABI is
1267 incompatible with the ARM EABI and all programs and modules will
1268 need to be rebuilt to work with a new kernel.
1270 To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set.
1272 NOTE: Support for the old ABI will be removed in the future and
1273 users are advised to upgrade.
1276 pkg_install has been disconnected from the build if you really need it
1277 you should add WITH_PKGTOOLS in your src.conf(5).
1280 Most of network statistics structures were changed to be able
1281 keep 64-bits counters. Thus all tools, that work with networking
1282 statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.)
1285 Fix a bug that allowed a tracing process (e.g. gdb) to write
1286 to a memory-mapped file in the traced process's address space
1287 even if neither the traced process nor the tracing process had
1288 write access to that file.
1291 CVS has been removed from the base system. An exact copy
1292 of the code is available from the devel/cvs port.
1295 Some people report the following error after the switch to bmake:
1297 make: illegal option -- J
1298 usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable]
1300 *** [buildworld] Error code 2
1302 this likely due to an old instance of make in
1303 ${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE})
1304 which src/Makefile will use that blindly, if it exists, so if
1305 you see the above error:
1307 rm -rf `make -V MAKEPATH`
1312 Use bmake by default.
1313 Whereas before one could choose to build with bmake via
1314 -DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old
1315 make. The goal is to remove these knobs for 10-RELEASE.
1317 It is worth noting that bmake (like gmake) treats the command
1318 line as the unit of failure, rather than statements within the
1319 command line. Thus '(cd some/where && dosomething)' is safer
1320 than 'cd some/where; dosomething'. The '()' allows consistent
1321 behavior in parallel build.
1324 Fix a bug that allows NFS clients to issue READDIR on files.
1327 The WITHOUT_IDEA option has been removed because
1328 the IDEA patent expired.
1331 The sysctl which controls TRIM support under ZFS has been renamed
1332 from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been
1336 The mergemaster command now uses the default MAKEOBJDIRPREFIX
1337 rather than creating it's own in the temporary directory in
1338 order allow access to bootstrapped versions of tools such as
1339 install and mtree. When upgrading from version of FreeBSD where
1340 the install command does not support -l, you will need to
1341 install a new mergemaster command if mergemaster -p is required.
1342 This can be accomplished with the command (cd src/usr.sbin/mergemaster
1346 Legacy ATA stack, disabled and replaced by new CAM-based one since
1347 FreeBSD 9.0, completely removed from the sources. Kernel modules
1348 atadisk and atapi*, user-level tools atacontrol and burncd are
1349 removed. Kernel option `options ATA_CAM` is now permanently enabled
1353 SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2)
1354 and socketpair(2). Software, in particular Kerberos, may
1355 automatically detect and use these during building. The resulting
1356 binaries will not work on older kernels.
1359 CTL_DISABLE has also been added to the sparc64 GENERIC (for further
1360 information, see the respective 20130304 entry).
1363 Recent commits to callout(9) changed the size of struct callout,
1364 so the KBI is probably heavily disturbed. Also, some functions
1365 in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced
1366 by macros. Every kernel module using it won't load, so rebuild
1369 The ctl device has been re-enabled in GENERIC for i386 and amd64,
1370 but does not initialize by default (because of the new CTL_DISABLE
1371 option) to save memory. To re-enable it, remove the CTL_DISABLE
1372 option from the kernel config file or set kern.cam.ctl.disable=0
1373 in /boot/loader.conf.
1376 The ctl device has been disabled in GENERIC for i386 and amd64.
1377 This was done due to the extra memory being allocated at system
1378 initialisation time by the ctl driver which was only used if
1379 a CAM target device was created. This makes a FreeBSD system
1380 unusable on 128MB or less of RAM.
1383 A new compression method (lz4) has been merged to -HEAD. Please
1384 refer to zpool-features(7) for more information.
1386 Please refer to the "ZFS notes" section of this file for information
1387 on upgrading boot ZFS pools.
1390 A BSD-licensed patch(1) variant has been added and is installed
1391 as bsdpatch, being the GNU version the default patch.
1392 To inverse the logic and use the BSD-licensed one as default,
1393 while having the GNU version installed as gnupatch, rebuild
1394 and install world with the WITH_BSD_PATCH knob set.
1397 Due to the use of the new -l option to install(1) during build
1398 and install, you must take care not to directly set the INSTALL
1399 make variable in your /etc/make.conf, /etc/src.conf, or on the
1400 command line. If you wish to use the -C flag for all installs
1401 you may be able to add INSTALL+=-C to /etc/make.conf or
1405 The install(1) option -M has changed meaning and now takes an
1406 argument that is a file or path to append logs to. In the
1407 unlikely event that -M was the last option on the command line
1408 and the command line contained at least two files and a target
1409 directory the first file will have logs appended to it. The -M
1410 option served little practical purpose in the last decade so its
1411 use is expected to be extremely rare.
1414 After switching to Clang as the default compiler some users of ZFS
1415 on i386 systems started to experience stack overflow kernel panics.
1416 Please consider using 'options KSTACK_PAGES=4' in such configurations.
1419 GEOM_LABEL now mangles label names read from file system metadata.
1420 Mangling affect labels containing spaces, non-printable characters,
1421 '%' or '"'. Device names in /etc/fstab and other places may need to
1425 By default, only the 10 most recent kernel dumps will be saved. To
1426 restore the previous behaviour (no limit on the number of kernel dumps
1427 stored in the dump directory) add the following line to /etc/rc.conf:
1432 With the addition of auditdistd(8), a new auditdistd user is now
1433 required during installworld. "mergemaster -p" can be used to
1434 add the user prior to installworld, as documented in the handbook.
1437 The sin6_scope_id member variable in struct sockaddr_in6 is now
1438 filled by the kernel before passing the structure to the userland via
1439 sysctl or routing socket. This means the KAME-specific embedded scope
1440 id in sin6_addr.s6_addr[2] is always cleared in userland application.
1441 This behavior can be controlled by net.inet6.ip6.deembed_scopeid.
1442 __FreeBSD_version is bumped to 1000025.
1445 On i386 and amd64 systems WITH_CLANG_IS_CC is now the default.
1446 This means that the world and kernel will be compiled with clang
1447 and that clang will be installed as /usr/bin/cc, /usr/bin/c++,
1448 and /usr/bin/cpp. To disable this behavior and revert to building
1449 with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions
1450 of current may need to bootstrap WITHOUT_CLANG first if the clang
1451 build fails (its compatibility window doesn't extend to the 9 stable
1455 The IPFIREWALL_FORWARD kernel option has been removed. Its
1456 functionality now turned on by default.
1459 The ZERO_COPY_SOCKET kernel option has been removed and
1460 split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP.
1461 NB: SOCKET_SEND_COW uses the VM page based copy-on-write
1462 mechanism which is not safe and may result in kernel crashes.
1463 NB: The SOCKET_RECV_PFLIP mechanism is useless as no current
1464 driver supports disposeable external page sized mbuf storage.
1465 Proper replacements for both zero-copy mechanisms are under
1466 consideration and will eventually lead to complete removal
1467 of the two kernel options.
1470 The IPv4 network stack has been converted to network byte
1471 order. The following modules need to be recompiled together
1472 with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4),
1473 pf(4), ipfw(4), ng_ipfw(4), stf(4).
1476 Support for non-MPSAFE filesystems was removed from VFS. The
1477 VFS_VERSION was bumped, all filesystem modules shall be
1481 All the non-MPSAFE filesystems have been disconnected from
1482 the build. The full list includes: codafs, hpfs, ntfs, nwfs,
1483 portalfs, smbfs, xfs.
1486 The interface cloning API and ABI has changed. The following
1487 modules need to be recompiled together with kernel:
1488 ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4),
1489 vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4),
1490 faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4).
1493 The sdhci driver was split in two parts: sdhci (generic SD Host
1494 Controller logic) and sdhci_pci (actual hardware driver).
1495 No kernel config modifications are required, but if you
1496 load sdhc as a module you must switch to sdhci_pci instead.
1499 Import the FUSE kernel and userland support into base system.
1502 The GNU sort(1) program has been removed since the BSD-licensed
1503 sort(1) has been the default for quite some time and no serious
1504 problems have been reported. The corresponding WITH_GNU_SORT
1508 The pfil(9) API/ABI for AF_INET family has been changed. Packet
1509 filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled
1513 The net80211(4) ABI has been changed to allow for improved driver
1514 PS-POLL and power-save support. All wireless drivers need to be
1515 recompiled to work with the new kernel.
1518 The random(4) support for the VIA hardware random number
1519 generator (`PADLOCK') is no longer enabled unconditionally.
1520 Add the padlock_rng device in the custom kernel config if
1521 needed. The GENERIC kernels on i386 and amd64 do include the
1522 device, so the change only affects the custom kernel
1526 The pf(4) packet filter ABI has been changed. pfctl(8) and
1527 snmp_pf module need to be recompiled to work with new kernel.
1530 A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
1531 to -HEAD. Pools that have empty_bpobj in active state can not be
1532 imported read-write with ZFS implementations that do not support
1533 this feature. For more information read the zpool-features(5)
1537 The sparc64 ZFS loader has been changed to no longer try to auto-
1538 detect ZFS providers based on diskN aliases but now requires these
1539 to be explicitly listed in the OFW boot-device environment variable.
1542 The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring
1543 libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are
1544 configuration changes. Make sure to merge /etc/ssl/openssl.cnf.
1547 The following sysctls and tunables have been renamed for consistency
1548 with other variables:
1549 kern.cam.da.da_send_ordered -> kern.cam.da.send_ordered
1550 kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered
1553 The sort utility has been replaced with BSD sort. For now, GNU sort
1554 is also available as "gnusort" or the default can be set back to
1555 GNU sort by setting WITH_GNU_SORT. In this case, BSD sort will be
1556 installed as "bsdsort".
1559 A new version of ZFS (pool version 5000) has been merged to -HEAD.
1560 Starting with this version the old system of ZFS pool versioning
1561 is superseded by "feature flags". This concept enables forward
1562 compatibility against certain future changes in functionality of ZFS
1563 pools. The first read-only compatible "feature flag" for ZFS pools
1564 is named "com.delphix:async_destroy". For more information
1565 read the new zpool-features(5) manual page.
1566 Please refer to the "ZFS notes" section of this file for information
1567 on upgrading boot ZFS pools.
1570 The malloc(3) implementation embedded in libc now uses sources imported
1571 as contrib/jemalloc. The most disruptive API change is to
1572 /etc/malloc.conf. If your system has an old-style /etc/malloc.conf,
1573 delete it prior to installworld, and optionally re-create it using the
1574 new format after rebooting. See malloc.conf(5) for details
1575 (specifically the TUNING section and the "opt.*" entries in the MALLCTL
1579 Big-endian MIPS TARGET_ARCH values no longer end in "eb". mips64eb
1580 is now spelled mips64. mipsn32eb is now spelled mipsn32. mipseb is
1581 now spelled mips. This is to aid compatibility with third-party
1582 software that expects this naming scheme in uname(3). Little-endian
1583 settings are unchanged. If you are updating a big-endian mips64 machine
1584 from before this change, you may need to set MACHINE_ARCH=mips64 in
1585 your environment before the new build system will recognize your machine.
1588 Disable by default the option VFS_ALLOW_NONMPSAFE for all supported
1592 Now unix domain sockets behave "as expected" on nullfs(5). Previously
1593 nullfs(5) did not pass through all behaviours to the underlying layer,
1594 as a result if we bound to a socket on the lower layer we could connect
1595 only to the lower path; if we bound to the upper layer we could connect
1596 only to the upper path. The new behavior is one can connect to both the
1597 lower and the upper paths regardless what layer path one binds to.
1600 The getifaddrs upgrade path broken with 20111215 has been restored.
1601 If you have upgraded in between 20111215 and 20120209 you need to
1602 recompile libc again with your kernel. You still need to recompile
1603 world to be able to configure CARP but this restriction already
1604 comes from 20111215.
1607 The set_rcvar() function has been removed from /etc/rc.subr. All
1608 base and ports rc.d scripts have been updated, so if you have a
1609 port installed with a script in /usr/local/etc/rc.d you can either
1610 hand-edit the rcvar= line, or reinstall the port.
1612 An easy way to handle the mass-update of /etc/rc.d:
1613 rm /etc/rc.d/* && mergemaster -i
1616 panic(9) now stops other CPUs in the SMP systems, disables interrupts
1617 on the current CPU and prevents other threads from running.
1618 This behavior can be reverted using the kern.stop_scheduler_on_panic
1620 The new behavior can be incompatible with kern.sync_on_panic.
1623 The carp(4) facility has been changed significantly. Configuration
1624 of the CARP protocol via ifconfig(8) has changed, as well as format
1625 of CARP events submitted to devd(8) has changed. See manual pages
1626 for more information. The arpbalance feature of carp(4) is currently
1627 not supported anymore.
1629 Size of struct in_aliasreq, struct in6_aliasreq has changed. User
1630 utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8),
1631 need to be recompiled.
1634 The acpi_wmi(4) status device /dev/wmistat has been renamed to
1638 The option VFS_ALLOW_NONMPSAFE option has been added in order to
1639 explicitely support non-MPSAFE filesystems.
1640 It is on by default for all supported platform at this present
1644 The broken amd(4) driver has been replaced with esp(4) in the amd64,
1645 i386 and pc98 GENERIC kernel configuration files.
1648 sysinstall has been removed
1651 The stable/9 branch created in subversion. This corresponds to the
1652 RELENG_9 branch in CVS.
1658 Avoid using make -j when upgrading. While generally safe, there are
1659 sometimes problems using -j to upgrade. If your upgrade fails with
1660 -j, please try again without -j. From time to time in the past there
1661 have been problems using -j with buildworld and/or installworld. This
1662 is especially true when upgrading between "distant" versions (eg one
1663 that cross a major release boundary or several minor releases, or when
1664 several months have passed on the -current branch).
1666 Sometimes, obscure build problems are the result of environment
1667 poisoning. This can happen because the make utility reads its
1668 environment when searching for values for global variables. To run
1669 your build attempts in an "environmental clean room", prefix all make
1670 commands with 'env -i '. See the env(1) manual page for more details.
1672 When upgrading from one major version to another it is generally best
1673 to upgrade to the latest code in the currently installed branch first,
1674 then do an upgrade to the new branch. This is the best-tested upgrade
1675 path, and has the highest probability of being successful. Please try
1676 this approach before reporting problems with a major version upgrade.
1678 When upgrading a live system, having a root shell around before
1679 installing anything can help undo problems. Not having a root shell
1680 around can lead to problems if pam has changed too much from your
1681 starting point to allow continued authentication after the upgrade.
1683 This file should be read as a log of events. When a later event changes
1684 information of a prior event, the prior event should not be deleted.
1685 Instead, a pointer to the entry with the new information should be
1686 placed in the old entry. Readers of this file should also sanity check
1687 older entries before relying on them blindly. Authors of new entries
1688 should write them with this in mind.
1692 When upgrading the boot ZFS pool to a new version, always follow
1695 1.) recompile and reinstall the ZFS boot loader and boot block
1696 (this is part of "make buildworld" and "make installworld")
1698 2.) update the ZFS boot block on your boot drive
1700 The following example updates the ZFS boot block on the first
1701 partition (freebsd-boot) of a GPT partitioned drive ada0:
1702 "gpart bootcode -p /boot/gptzfsboot -i 1 ada0"
1704 Non-boot pools do not need these updates.
1708 If you are updating from a prior version of FreeBSD (even one just
1709 a few days old), you should follow this procedure. It is the most
1710 failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,
1712 make kernel-toolchain
1713 make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
1714 make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
1716 To test a kernel once
1717 ---------------------
1718 If you just want to boot a kernel once (because you are not sure
1719 if it works, or if you want to boot a known bad kernel to provide
1720 debugging information) run
1721 make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
1722 nextboot -k testkernel
1724 To just build a kernel when you know that it won't mess you up
1725 --------------------------------------------------------------
1726 This assumes you are already running a CURRENT system. Replace
1727 ${arch} with the architecture of your machine (e.g. "i386",
1728 "arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc).
1730 cd src/sys/${arch}/conf
1731 config KERNEL_NAME_HERE
1732 cd ../compile/KERNEL_NAME_HERE
1737 If this fails, go to the "To build a kernel" section.
1739 To rebuild everything and install it on the current system.
1740 -----------------------------------------------------------
1741 # Note: sometimes if you are running current you gotta do more than
1742 # is listed here if you are upgrading from a really old current.
1744 <make sure you have good level 0 dumps>
1746 make kernel KERNCONF=YOUR_KERNEL_HERE
1748 <reboot in single user> [3]
1755 To cross-install current onto a separate partition
1756 --------------------------------------------------
1757 # In this approach we use a separate partition to hold
1758 # current's root, 'usr', and 'var' directories. A partition
1759 # holding "/", "/usr" and "/var" should be about 2GB in
1762 <make sure you have good level 0 dumps>
1765 make buildkernel KERNCONF=YOUR_KERNEL_HERE
1766 <maybe newfs current's root partition>
1767 <mount current's root partition on directory ${CURRENT_ROOT}>
1768 make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC
1769 make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
1770 make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
1771 cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd
1772 <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
1773 <reboot into current>
1774 <do a "native" rebuild/install as described in the previous section>
1775 <maybe install compatibility libraries from ports/misc/compat*>
1779 To upgrade in-place from stable to current
1780 ----------------------------------------------
1781 <make sure you have good level 0 dumps>
1783 make kernel KERNCONF=YOUR_KERNEL_HERE [8]
1785 <reboot in single user> [3]
1792 Make sure that you've read the UPDATING file to understand the
1793 tweaks to various things you need. At this point in the life
1794 cycle of current, things change often and you are on your own
1795 to cope. The defaults can also change, so please read ALL of
1796 the UPDATING entries.
1798 Also, if you are tracking -current, you must be subscribed to
1799 freebsd-current@freebsd.org. Make sure that before you update
1800 your sources that you have read and understood all the recent
1801 messages there. If in doubt, please track -stable which has
1802 much fewer pitfalls.
1804 [1] If you have third party modules, such as vmware, you
1805 should disable them at this point so they don't crash your
1808 [3] From the bootblocks, boot -s, and then do
1813 adjkerntz -i # if CMOS is wall time
1814 Also, when doing a major release upgrade, it is required that
1815 you boot into single user mode to do the installworld.
1817 [4] Note: This step is non-optional. Failure to do this step
1818 can result in a significant reduction in the functionality of the
1819 system. Attempting to do it by hand is not recommended and those
1820 that pursue this avenue should read this file carefully, as well
1821 as the archives of freebsd-current and freebsd-hackers mailing lists
1822 for potential gotchas. The -U option is also useful to consider.
1823 See mergemaster(8) for more information.
1825 [5] Usually this step is a noop. However, from time to time
1826 you may need to do this if you get unknown user in the following
1827 step. It never hurts to do it all the time. You may need to
1828 install a new mergemaster (cd src/usr.sbin/mergemaster && make
1829 install) after the buildworld before this step if you last updated
1830 from current before 20130425 or from -stable before 20130430.
1832 [6] This only deletes old files and directories. Old libraries
1833 can be deleted by "make delete-old-libs", but you have to make
1834 sure that no program is using those libraries anymore.
1836 [8] In order to have a kernel that can run the 4.x binaries needed to
1837 do an installworld, you must include the COMPAT_FREEBSD4 option in
1838 your kernel. Failure to do so may leave you with a system that is
1839 hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is
1840 required to run the 5.x binaries on more recent kernels. And so on
1841 for COMPAT_FREEBSD6 and COMPAT_FREEBSD7.
1843 Make sure that you merge any new devices from GENERIC since the
1844 last time you updated your kernel config file.
1846 [9] When checking out sources, you must include the -P flag to have
1847 cvs prune empty directories.
1849 If CPUTYPE is defined in your /etc/make.conf, make sure to use the
1850 "?=" instead of the "=" assignment operator, so that buildworld can
1851 override the CPUTYPE if it needs to.
1853 MAKEOBJDIRPREFIX must be defined in an environment variable, and
1854 not on the command line, or in /etc/make.conf. buildworld will
1855 warn if it is improperly defined.
1858 This file contains a list, in reverse chronological order, of major
1859 breakages in tracking -current. It is not guaranteed to be a complete
1860 list of such breakages, and only contains entries since September 23, 2011.
1861 If you need to see UPDATING entries from before that date, you will need
1862 to fetch an UPDATING file from an older FreeBSD release.
1864 Copyright information:
1866 Copyright 1998-2009 M. Warner Losh. All Rights Reserved.
1868 Redistribution, publication, translation and use, with or without
1869 modification, in full or in part, in any form or format of this
1870 document are permitted without further permission from the author.
1872 THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
1873 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
1874 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1875 DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
1876 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1877 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1878 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1879 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1880 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
1881 IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1882 POSSIBILITY OF SUCH DAMAGE.
1884 Contact Warner Losh if you have any questions about your use of