Add a note about IPsec update to the UPDATING. This is direct commit.

[FreeBSD/FreeBSD.git] / UPDATING

Updating Information for FreeBSD current users.

This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>.
See end of file for further details.  For commonly done items, please see the
COMMON ITEMS: section later in the file.  These instructions assume that you
basically know what you are doing.  If not, then please consult the FreeBSD
handbook:

    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html

Items affecting the ports and packages system can be found in
/usr/ports/UPDATING.  Please read that file before running portupgrade.

NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping
from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
the tip of head, and then rebuild without this option. The bootstrap process
from older version of current across the gcc/clang cutover is a bit fragile.

20170319:
        Many changes in the IPsec code have been merged from the FreeBSD-CURRENT
        branch. The IPSEC_FILTERTUNNEL kernel option is removed in favour of
        corresponding sysctl. The IPSEC_NAT_T kernel option is also removed,
        and now NAT-T is supported by default. Security associations now use  
        the single namespace for SPI allocation, so if you use several manually
        configured security associations with the same SPI, this configuration
        needs modification.

20161217:
        Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.1.
        Please see the 20141231 entry below for information about prerequisites
        and upgrading, if you are not already using clang 3.5.0 or higher.

20161124:
        Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.0.
        Please see the 20141231 entry below for information about prerequisites
        and upgrading, if you are not already using clang 3.5.0 or higher.

20161119:
        The layout of the pmap structure has changed for powerpc to put the pmap
        statistics at the front for all CPU variations.  libkvm(3) and all tools
        that link against it need to be recompiled.

20161030:
        isl(4) and cyapa(4) drivers now require a new driver,
        chromebook_platform(4), to work properly on Chromebook-class hardware.
        On other types of hardware the drivers may need to be configured using
        device hints.  Please see the corresponding manual pages for details.

20161210:
        Relocatable object files with the extension of .So have been renamed
        to use an extension of .pico instead.  The purpose of this change is
        to avoid a name clash with shared libraries on case-insensitive file
        systems.  On those file systems, foo.So is the same file as foo.so.

20160622:
        The libc stub for the pipe(2) system call has been replaced with
        a wrapper that calls the pipe2(2) system call and the pipe(2)
        system call is now only implemented by the kernels that include
        "options COMPAT_FREEBSD10" in their config file (this is the
        default).  Users should ensure that this option is enabled in
        their kernel or upgrade userspace to r302092 before upgrading their
        kernel.

20160527:
        CAM will now strip leading spaces from SCSI disks' serial numbers.
        This will effect users who create UFS filesystems on SCSI disks using
        those disk's diskid device nodes.  For example, if /etc/fstab
        previously contained a line like
        "/dev/diskid/DISK-%20%20%20%20%20%20%20ABCDEFG0123456", you should
        change it to "/dev/diskid/DISK-ABCDEFG0123456".  Users of geom
        transforms like gmirror may also be affected.  ZFS users should
        generally be fine.

20160523:
        The bitstring(3) API has been updated with new functionality and
        improved performance.  But it is binary-incompatible with the old API.
        Objects built with the new headers may not be linked against objects
        built with the old headers.

20160520:
        The brk and sbrk functions have been removed from libc on arm64.
        Binutils from ports has been updated to not link to these
        functions and should be updated to the latest version before
        installing a new libc.

20160517:
        The armv6 port now defaults to hard float ABI. Limited support
        for running both hardfloat and soft float on the same system
        is available using the libraries installed with -DWITH_LIBSOFT.
        This has only been tested as an upgrade path for installworld
        and packages may fail or need manual intervention to run. New
        packages will be needed.

        To update an existing self-hosted armv6hf system, you must add
        TARGET_ARCH=armv6 on the make command line for both the build 
        and the install steps.

20160510:
        Kernel modules compiled outside of a kernel build now default to
        installing to /boot/modules instead of /boot/kernel.  Many kernel
        modules built this way (such as those in ports) already overrode
        KMODDIR explicitly to install into /boot/modules.  However,
        manually building and installing a module from /sys/modules will
        now install to /boot/modules instead of /boot/kernel.

20160414:
        The CAM I/O scheduler has been committed to the kernel. There should be
        no user visible impact. This does enable NCQ Trim on ada SSDs. While the
        list of known rogues that claim support for this but actually corrupt
        data is believed to be complete, be on the lookout for data
        corruption. The known rogue list is believed to be complete:

                o Crucial MX100, M550 drives with MU01 firmware.
                o Micron M510 and M550 drives with MU01 firmware.
                o Micron M500 prior to MU07 firmware
                o Samsung 830, 840, and 850 all firmwares
                o FCCT M500 all firmwares

        Crucial has firmware http://www.crucial.com/usa/en/support-ssd-firmware
        with working NCQ TRIM. For Micron branded drives, see your sales rep for
        updated firmware. Black listed drives will work correctly because these
        drives work correctly so long as no NCQ TRIMs are sent to them. Given
        this list is the same as found in Linux, it's believed there are no
        other rogues in the market place. All other models from the above
        vendors work.

        To be safe, if you are at all concerned, you can quirk each of your
        drives to prevent NCQ from being sent by setting:
                kern.cam.ada.X.quirks="0x2"
        in loader.conf. If the drive requires the 4k sector quirk, set the
        quirks entry to 0x3.

20160330:
        The FAST_DEPEND build option has been removed and its functionality is
        now the one true way.  The old mkdep(1) style of 'make depend' has
        been removed.  See 20160311 for further details.

20160317:
        Resource range types have grown from unsigned long to uintmax_t.  All
        drivers, and anything using libdevinfo, need to be recompiled.

20160311:
        WITH_FAST_DEPEND is now enabled by default for in-tree and out-of-tree
        builds.  It no longer runs mkdep(1) during 'make depend', and the
        'make depend' stage can safely be skipped now as it is auto ran
        when building 'make all' and will generate all SRCS and DPSRCS before
        building anything else.  Dependencies are gathered at compile time with
        -MF flags kept in separate .depend files per object file.  Users should
        run 'make cleandepend' once if using -DNO_CLEAN to clean out older
        stale .depend files.

20160306:
        On amd64, clang 3.8.0 can now insert sections of type AMD64_UNWIND into
        kernel modules.  Therefore, if you load any kernel modules at boot time,
        please install the boot loaders after you install the kernel, but before
        rebooting, e.g.:

        make buildworld
        make kernel KERNCONF=YOUR_KERNEL_HERE
        make -C sys/boot install
        <reboot in single user>

        Then follow the usual steps, described in the General Notes section,
        below.

20160305:
        Clang, llvm, lldb and compiler-rt have been upgraded to 3.8.0.  Please
        see the 20141231 entry below for information about prerequisites and
        upgrading, if you are not already using clang 3.5.0 or higher.

20160301:
        The AIO subsystem is now a standard part of the kernel.  The
        VFS_AIO kernel option and aio.ko kernel module have been removed.
        Due to stability concerns, asynchronous I/O requests are only
        permitted on sockets and raw disks by default.  To enable
        asynchronous I/O requests on all file types, set the
        vfs.aio.enable_unsafe sysctl to a non-zero value.

20160226:
        The ELF object manipulation tool objcopy is now provided by the
        ELF Tool Chain project rather than by GNU binutils. It should be a
        drop-in replacement, with the addition of arm64 support. The
        (temporary) src.conf knob WITHOUT_ELFCOPY_AS_OBJCOPY knob may be set
        to obtain the GNU version if necessary.

20160129:
        Building ZFS pools on top of zvols is prohibited by default.  That
        feature has never worked safely; it's always been prone to deadlocks.
        Using a zvol as the backing store for a VM guest's virtual disk will
        still work, even if the guest is using ZFS.  Legacy behavior can be
        restored by setting vfs.zfs.vol.recursive=1.

20160119:
        The NONE and HPN patches has been removed from OpenSSH.  They are
        still available in the security/openssh-portable port.

20160113:
        With the addition of ypldap(8), a new _ypldap user is now required
        during installworld. "mergemaster -p" can be used to add the user
        prior to installworld, as documented in the handbook.

20151216:
        The tftp loader (pxeboot) now uses the option root-path directive. As a
        consequence it no longer looks for a pxeboot.4th file on the tftp
        server. Instead it uses the regular /boot infrastructure as with the
        other loaders.

20151211:
        The code to start recording plug and play data into the modules has
        been committed. While the old tools will properly build a new kernel,
        a number of warnings about "unknown metadata record 4" will be produced
        for an older kldxref. To avoid such warnings, make sure to rebuild
        the kernel toolchain (or world). Make sure that you have r292078 or
        later when trying to build 292077 or later before rebuilding.

20151207:
        Debug data files are now built by default with 'make buildworld' and
        installed with 'make installworld'. This facilitates debugging but
        requires more disk space both during the build and for the installed
        world. Debug files may be disabled by setting WITHOUT_DEBUG_FILES=yes
        in src.conf(5).

20151130:
        r291527 changed the internal interface between the nfsd.ko and
        nfscommon.ko modules. As such, they must both be upgraded to-gether.
        __FreeBSD_version has been bumped because of this.

20151108:
        Add support for unicode collation strings leads to a change of
        order of files listed by ls(1) for example. To get back to the old
        behaviour, set LC_COLLATE environment variable to "C".

        Databases administrators will need to reindex their databases given
        collation results will be different.

        Due to a bug in install(1) it is recommended to remove the ancient
        locales before running make installworld.

        rm -rf /usr/share/locale/*

20151030:
        The OpenSSL has been upgraded to 1.0.2d.  Any binaries requiring
        libcrypto.so.7 or libssl.so.7 must be recompiled.

20151020:
        Qlogic 24xx/25xx firmware images were updated from 5.5.0 to 7.3.0.
        Kernel modules isp_2400_multi and isp_2500_multi were removed and
        should be replaced with isp_2400 and isp_2500 modules respectively.

20151017:
        The build previously allowed using 'make -n' to not recurse into
        sub-directories while showing what commands would be executed, and
        'make -n -n' to recursively show commands.  Now 'make -n' will recurse
        and 'make -N' will not.

20151012:
        If you specify SENDMAIL_MC or SENDMAIL_CF in make.conf, mergemaster
        and etcupdate will now use this file. A custom sendmail.cf is now
        updated via this mechanism rather than via installworld.  If you had
        excluded sendmail.cf in mergemaster.rc or etcupdate.conf, you may
        want to remove the exclusion or change it to "always install".
        /etc/mail/sendmail.cf is now managed the same way regardless of
        whether SENDMAIL_MC/SENDMAIL_CF is used.  If you are not using
        SENDMAIL_MC/SENDMAIL_CF there should be no change in behavior.

20151011:
        Compatibility shims for legacy ATA device names have been removed.
        It includes ATA_STATIC_ID kernel option, kern.cam.ada.legacy_aliases
        and kern.geom.raid.legacy_aliases loader tunables, kern.devalias.*
        environment variables, /dev/ad* and /dev/ar* symbolic links.

20151006:
        Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.7.0.
        Please see the 20141231 entry below for information about prerequisites
        and upgrading, if you are not already using clang 3.5.0 or higher.

20150924:
        Kernel debug files have been moved to /usr/lib/debug/boot/kernel/,
        and renamed from .symbols to .debug. This reduces the size requirements
        on the boot partition or file system and provides consistency with
        userland debug files.

        When using the supported kernel installation method the
        /usr/lib/debug/boot/kernel directory will be renamed (to kernel.old)
        as is done with /boot/kernel.

        Developers wishing to maintain the historical behavior of installing
        debug files in /boot/kernel/ can set KERN_DEBUGDIR="" in src.conf(5).

20150827:
        The wireless drivers had undergone changes that remove the 'parent
        interface' from the ifconfig -l output. The rc.d network scripts
        used to check presence of a parent interface in the list, so old
        scripts would fail to start wireless networking. Thus, etcupdate(3)
        or mergemaster(8) run is required after kernel update, to update your
        rc.d scripts in /etc.

20150827:
        pf no longer supports 'scrub fragment crop' or 'scrub fragment drop-ovl'
        These configurations are now automatically interpreted as
        'scrub fragment reassemble'.

20150817:
        Kernel-loadable modules for the random(4) device are back. To use
        them, the kernel must have

        device  random
        options RANDOM_LOADABLE

        kldload(8) can then be used to load random_fortuna.ko
        or random_yarrow.ko. Please note that due to the indirect
        function calls that the loadable modules need to provide,
        the build-in variants will be slightly more efficient.

        The random(4) kernel option RANDOM_DUMMY has been retired due to
        unpopularity. It was not all that useful anyway.

20150813:
        The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired.
        Control over building the ELF Tool Chain tools is now provided by
        the WITHOUT_TOOLCHAIN knob.

20150810:
        The polarity of Pulse Per Second (PPS) capture events with the
        uart(4) driver has been corrected.  Prior to this change the PPS
        "assert" event corresponded to the trailing edge of a positive PPS
        pulse and the "clear" event was the leading edge of the next pulse.

        As the width of a PPS pulse in a typical GPS receiver is on the
        order of 1 millisecond, most users will not notice any significant
        difference with this change.

        Anyone who has compensated for the historical polarity reversal by
        configuring a negative offset equal to the pulse width will need to
        remove that workaround.

20150809:
        The default group assigned to /dev/dri entries has been changed
        from 'wheel' to 'video' with the id of '44'. If you want to have
        access to the dri devices please add yourself to the video group
        with:

        # pw groupmod video -m $USER

20150806:
        The menu.rc and loader.rc files will now be replaced during 
        upgrades. Please migrate local changes to menu.rc.local and
        loader.rc.local instead.

20150805:
        GNU Binutils versions of addr2line, c++filt, nm, readelf, size,
        strings and strip have been removed. The src.conf(5) knob
        WITHOUT_ELFTOOLCHAIN_TOOLS no longer provides the binutils tools.

20150728:
        As ZFS requires more kernel stack pages than is the default on some
        architectures e.g. i386, it now warns if KSTACK_PAGES is less than
        ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing).

        Please consider using 'options KSTACK_PAGES=X' where X is greater
        than or equal to ZFS_MIN_KSTACK_PAGES i.e. 4 in such configurations.

20150706:
        sendmail has been updated to 8.15.2.  Starting with FreeBSD 11.0
        and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by
        default, i.e., they will not contain "::".  For example, instead
        of ::1, it will be 0:0:0:0:0:0:0:1.  This permits a zero subnet
        to have a more specific match, such as different map entries for
        IPv6:0:0 vs IPv6:0.  This change requires that configuration
        data (including maps, files, classes, custom ruleset, etc.) must
        use the same format, so make certain such configuration data is
        upgrading.  As a very simple check search for patterns like
        'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'.  To return to the old
        behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or
        the cf option UseCompressedIPv6Addresses.

20150630:
        The default kernel entropy-processing algorithm is now
        Fortuna, replacing Yarrow.

        Assuming you have 'device random' in your kernel config
        file, the configurations allow a kernel option to override
        this default. You may choose *ONE* of:

        options RANDOM_YARROW   # Legacy /dev/random algorithm.
        options RANDOM_DUMMY    # Blocking-only driver.

        If you have neither, you get Fortuna.  For most people,
        read no further, Fortuna will give a /dev/random that works
        like it always used to, and the difference will be irrelevant.

        If you remove 'device random', you get *NO* kernel-processed
        entropy at all. This may be acceptable to folks building
        embedded systems, but has complications. Carry on reading,
        and it is assumed you know what you need.

        *PLEASE* read random(4) and random(9) if you are in the
        habit of tweaking kernel configs, and/or if you are a member
        of the embedded community, wanting specific and not-usual
        behaviour from your security subsystems.

        NOTE!! If you use RANDOM_DUMMY and/or have no 'device
        random', you will NOT have a functioning /dev/random, and
        many cryptographic features will not work, including SSH.
        You may also find strange behaviour from the random(3) set
        of library functions, in particular sranddev(3), srandomdev(3)
        and arc4random(3). The reason for this is that the KERN_ARND
        sysctl only returns entropy if it thinks it has some to
        share, and with RANDOM_DUMMY or no 'device random' this
        will never happen.

20150623:
        An additional fix for the issue described in the 20150614 sendmail
        entry below has been been committed in revision 284717.

20150616:
        FreeBSD's old make (fmake) has been removed from the system. It is
        available as the devel/fmake port or via pkg install fmake.

20150615:
        The fix for the issue described in the 20150614 sendmail entry
        below has been been committed in revision 284436.  The work
        around described in that entry is no longer needed unless the
        default setting is overridden by a confDH_PARAMETERS configuration
        setting of '5' or pointing to a 512 bit DH parameter file.

20150614:
        ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from
        atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf
        and devel/kyua to version 0.20+ and adjust any calling code to work
        with Kyuafile and kyua.

20150614:
        The import of openssl to address the FreeBSD-SA-15:10.openssl
        security advisory includes a change which rejects handshakes
        with DH parameters below 768 bits.  sendmail releases prior
        to 8.15.2 (not yet released), defaulted to a 512 bit
        DH parameter setting for client connections.  To work around
        this interoperability, sendmail can be configured to use a
        2048 bit DH parameter by:

        1. Edit /etc/mail/`hostname`.mc
        2. If a setting for confDH_PARAMETERS does not exist or
           exists and is set to a string beginning with '5',
           replace it with '2'.
        3. If a setting for confDH_PARAMETERS exists and is set to
           a file path, create a new file with:
                openssl dhparam -out /path/to/file 2048
        4. Rebuild the .cf file:
                cd /etc/mail/; make; make install
        5. Restart sendmail:
                cd /etc/mail/; make restart

        A sendmail patch is coming, at which time this file will be
        updated.

20150604:
        Generation of legacy formatted entries have been disabled by default
        in pwd_mkdb(8), as all base system consumers of the legacy formatted
        entries were converted to use the new format by default when the new,
        machine independent format have been added and supported since FreeBSD
        5.x.

        Please see the pwd_mkdb(8) manual page for further details.

20150525:
        Clang and llvm have been upgraded to 3.6.1 release.  Please see the
        20141231 entry below for information about prerequisites and upgrading,
        if you are not already using 3.5.0 or higher.

20150521:
        TI platform code switched to using vendor DTS files and this update
        may break existing systems running on Beaglebone, Beaglebone Black,
        and Pandaboard:

        - dtb files should be regenerated/reinstalled. Filenames are the
          same but content is different now
        - GPIO addressing was changed, now each GPIO bank (32 pins per bank)
          has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old
          addressing scheme is now pin 25 on /dev/gpioc3.
        - Pandaboard: /etc/ttys should be updated, serial console device is
          now /dev/ttyu2, not /dev/ttyu0

20150501:
        soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim.
        If you need the GNU extension from groff soelim(1), install groff
        from package: pkg install groff, or via ports: textproc/groff.

20150423:
        chmod, chflags, chown and chgrp now affect symlinks in -R mode as
        defined in symlink(7); previously symlinks were silently ignored.

20150415:
        The const qualifier has been removed from iconv(3) to comply with
        POSIX.  The ports tree is aware of this from r384038 onwards.

20150416:
        Libraries specified by LIBADD in Makefiles must have a corresponding
        DPADD_<lib> variable to ensure correct dependencies.  This is now
        enforced in src.libnames.mk.

20150324:
        From legacy ata(4) driver was removed support for SATA controllers
        supported by more functional drivers ahci(4), siis(4) and mvs(4).
        Kernel modules ataahci and ataadaptec were removed completely,
        replaced by ahci and mvs modules respectively.

20150315:
        Clang, llvm and lldb have been upgraded to 3.6.0 release.  Please see
        the 20141231 entry below for information about prerequisites and
        upgrading, if you are not already using 3.5.0 or higher.

20150307:
        The 32-bit PowerPC kernel has been changed to a position-independent
        executable. This can only be booted with a version of loader(8)
        newer than January 31, 2015, so make sure to update both world and
        kernel before rebooting.

20150217:
        If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014),
        but before r278950, the RNG was not seeded properly.  Immediately
        upgrade the kernel to r278950 or later and regenerate any keys (e.g.
        ssh keys or openssl keys) that were generated w/ a kernel from that
        range.  This does not affect programs that directly used /dev/random
        or /dev/urandom.  All userland uses of arc4random(3) are affected.

20150210:
        The autofs(4) ABI was changed in order to restore binary compatibility
        with 10.1-RELEASE.  The automountd(8) daemon needs to be rebuilt to work
        with the new kernel.

20150131:
        The powerpc64 kernel has been changed to a position-independent
        executable. This can only be booted with a new version of loader(8),
        so make sure to update both world and kernel before rebooting.

20150118:
        Clang and llvm have been upgraded to 3.5.1 release.  This is a bugfix
        only release, no new features have been added.  Please see the 20141231
        entry below for information about prerequisites and upgrading, if you
        are not already using 3.5.0.

20150107:
        ELF tools addr2line, elfcopy (strip), nm, size, and strings are now
        taken from the ELF Tool Chain project rather than GNU binutils. They
        should be drop-in replacements, with the addition of arm64 support.
        The WITHOUT_ELFTOOLCHAIN_TOOLS= knob may be used to obtain the
        binutils tools, if necessary. See 20150805 for updated information.

20150105:
        The default Unbound configuration now enables remote control
        using a local socket.  Users who have already enabled the
        local_unbound service should regenerate their configuration
        by running "service local_unbound setup" as root.

20150102:
        The GNU texinfo and GNU info pages have been removed.
        To be able to view GNU info pages please install texinfo from ports.

20141231:
        Clang, llvm and lldb have been upgraded to 3.5.0 release.

        As of this release, a prerequisite for building clang, llvm and lldb is
        a C++11 capable compiler and C++11 standard library.  This means that to
        be able to successfully build the cross-tools stage of buildworld, with
        clang as the bootstrap compiler, your system compiler or cross compiler
        should either be clang 3.3 or later, or gcc 4.8 or later, and your
        system C++ library should be libc++, or libdstdc++ from gcc 4.8 or
        later.

        On any standard FreeBSD 10.x or 11.x installation, where clang and
        libc++ are on by default (that is, on x86 or arm), this should work out
        of the box.

        On 9.x installations where clang is enabled by default, e.g. on x86 and
        powerpc, libc++ will not be enabled by default, so libc++ should be
        built (with clang) and installed first.  If both clang and libc++ are
        missing, build clang first, then use it to build libc++.

        On 8.x and earlier installations, upgrade to 9.x first, and then follow
        the instructions for 9.x above.

        Sparc64 and mips users are unaffected, as they still use gcc 4.2.1 by
        default, and do not build clang.

        Many embedded systems are resource constrained, and will not be able to
        build clang in a reasonable time, or in some cases at all.  In those
        cases, cross building bootable systems on amd64 is a workaround.

        This new version of clang introduces a number of new warnings, of which
        the following are most likely to appear:

        -Wabsolute-value

        This warns in two cases, for both C and C++:
        * When the code is trying to take the absolute value of an unsigned
          quantity, which is effectively a no-op, and almost never what was
          intended.  The code should be fixed, if at all possible.  If you are
          sure that the unsigned quantity can be safely cast to signed, without
          loss of information or undefined behavior, you can add an explicit
          cast, or disable the warning.

        * When the code is trying to take an absolute value, but the called
          abs() variant is for the wrong type, which can lead to truncation.
          If you want to disable the warning instead of fixing the code, please
          make sure that truncation will not occur, or it might lead to unwanted
          side-effects.

        -Wtautological-undefined-compare and
        -Wundefined-bool-conversion

        These warn when C++ code is trying to compare 'this' against NULL, while
        'this' should never be NULL in well-defined C++ code.  However, there is
        some legacy (pre C++11) code out there, which actively abuses this
        feature, which was less strictly defined in previous C++ versions.

        Squid and openjdk do this, for example.  The warning can be turned off
        for C++98 and earlier, but compiling the code in C++11 mode might result
        in unexpected behavior; for example, the parts of the program that are
        unreachable could be optimized away.

20141222:
        The old NFS client and server (kernel options NFSCLIENT, NFSSERVER)
        kernel sources have been removed. The .h files remain, since some
        utilities include them. This will need to be fixed later.
        If "mount -t oldnfs ..." is attempted, it will fail.
        If the "-o" option on mountd(8), nfsd(8) or nfsstat(1) is used,
        the utilities will report errors.

20141121:
        The handling of LOCAL_LIB_DIRS has been altered to skip addition of
        directories to top level SUBDIR variable when their parent
        directory is included in LOCAL_DIRS.  Users with build systems with
        such hierarchies and without SUBDIR entries in the parent
        directory Makefiles should add them or add the directories to
        LOCAL_DIRS.

20141109:
        faith(4) and faithd(8) have been removed from the base system. Faith
        has been obsolete for a very long time.

20141104:
        vt(4), the new console driver, is enabled by default. It brings
        support for Unicode and double-width characters, as well as
        support for UEFI and integration with the KMS kernel video
        drivers.

        You may need to update your console settings in /etc/rc.conf,
        most probably the keymap. During boot, /etc/rc.d/syscons will
        indicate what you need to do.

        vt(4) still has issues and lacks some features compared to
        syscons(4). See the wiki for up-to-date information:
          https://wiki.freebsd.org/Newcons

        If you want to keep using syscons(4), you can do so by adding
        the following line to /boot/loader.conf:
          kern.vty=sc

20141102:
        pjdfstest has been integrated into kyua as an opt-in test suite.
        Please see share/doc/pjdfstest/README for more details on how to
        execute it.

20141009:
        gperf has been removed from the base system for architectures
        that use clang. Ports that require gperf will obtain it from the
        devel/gperf port.

20140923:
        pjdfstest has been moved from tools/regression/pjdfstest to
        contrib/pjdfstest .

20140922:
        At svn r271982, The default linux compat kernel ABI has been adjusted
        to 2.6.18 in support of the linux-c6 compat ports infrastructure
        update.  If you wish to continue using the linux-f10 compat ports,
        add compat.linux.osrelease=2.6.16 to your local sysctl.conf.  Users are
        encouraged to update their linux-compat packages to linux-c6 during
        their next update cycle.

20140729:
        The ofwfb driver, used to provide a graphics console on PowerPC when
        using vt(4), no longer allows mmap() of all physical memory. This
        will prevent Xorg on PowerPC with some ATI graphics cards from
        initializing properly unless x11-servers/xorg-server is updated to
        1.12.4_8 or newer.

20140723:
        The xdev targets have been converted to using TARGET and
        TARGET_ARCH instead of XDEV and XDEV_ARCH.

20140719:
        The default unbound configuration has been modified to address
        issues with reverse lookups on networks that use private
        address ranges.  If you use the local_unbound service, run
        "service local_unbound setup" as root to regenerate your
        configuration, then "service local_unbound reload" to load the
        new configuration.

20140709:
        The GNU texinfo and GNU info pages are not built and installed
        anymore, WITH_INFO knob has been added to allow to built and install
        them again.
        UPDATE: see 20150102 entry on texinfo's removal

20140708:
        The GNU readline library is now an INTERNALLIB - that is, it is
        statically linked into consumers (GDB and variants) in the base
        system, and the shared library is no longer installed.  The
        devel/readline port is available for third party software that
        requires readline.

20140702:
        The Itanium architecture (ia64) has been removed from the list of
        known architectures. This is the first step in the removal of the
        architecture.

20140701:
        Commit r268115 has added NFSv4.1 server support, merged from
        projects/nfsv4.1-server.  Since this includes changes to the
        internal interfaces between the NFS related modules, a full
        build of the kernel and modules will be necessary.
        __FreeBSD_version has been bumped.

20140629:
        The WITHOUT_VT_SUPPORT kernel config knob has been renamed
        WITHOUT_VT.  (The other _SUPPORT knobs have a consistent meaning
        which differs from the behaviour controlled by this knob.)

20140619:
        Maximal length of the serial number in CTL was increased from 16 to
        64 chars, that breaks ABI.  All CTL-related tools, such as ctladm
        and ctld, need to be rebuilt to work with a new kernel.

20140606:
        The libatf-c and libatf-c++ major versions were downgraded to 0 and
        1 respectively to match the upstream numbers.  They were out of
        sync because, when they were originally added to FreeBSD, the
        upstream versions were not respected.  These libraries are private
        and not yet built by default, so renumbering them should be a
        non-issue.  However, unclean source trees will yield broken test
        programs once the operator executes "make delete-old-libs" after a
        "make installworld".

        Additionally, the atf-sh binary was made private by moving it into
        /usr/libexec/.  Already-built shell test programs will keep the
        path to the old binary so they will break after "make delete-old"
        is run.

        If you are using WITH_TESTS=yes (not the default), wipe the object
        tree and rebuild from scratch to prevent spurious test failures.
        This is only needed once: the misnumbered libraries and misplaced
        binaries have been added to OptionalObsoleteFiles.inc so they will
        be removed during a clean upgrade.

20140512:
        Clang and llvm have been upgraded to 3.4.1 release.

20140508:
        We bogusly installed src.opts.mk in /usr/share/mk. This file should
        be removed to avoid issues in the future (and has been added to
        ObsoleteFiles.inc).

20140505:
        /etc/src.conf now affects only builds of the FreeBSD src tree. In the
        past, it affected all builds that used the bsd.*.mk files. The old
        behavior was a bug, but people may have relied upon it. To get this
        behavior back, you can .include /etc/src.conf from /etc/make.conf
        (which is still global and isn't changed). This also changes the
        behavior of incremental builds inside the tree of individual
        directories. Set MAKESYSPATH to ".../share/mk" to do that.
        Although this has survived make universe and some upgrade scenarios,
        other upgrade scenarios may have broken. At least one form of
        temporary breakage was fixed with MAKESYSPATH settings for buildworld
        as well... In cases where MAKESYSPATH isn't working with this
        setting, you'll need to set it to the full path to your tree.

        One side effect of all this cleaning up is that bsd.compiler.mk
        is no longer implicitly included by bsd.own.mk. If you wish to
        use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk
        as well.

20140430:
        The lindev device has been removed since /dev/full has been made a
        standard device.  __FreeBSD_version has been bumped.

20140424:
        The knob WITHOUT_VI was added to the base system, which controls
        building ex(1), vi(1), etc. Older releases of FreeBSD required ex(1)
        in order to reorder files share/termcap and didn't build ex(1) as a
        build tool, so building/installing with WITH_VI is highly advised for
        build hosts for older releases.

        This issue has been fixed in stable/9 and stable/10 in r277022 and
        r276991, respectively.

20140418:
        The YES_HESIOD knob has been removed. It has been obsolete for
        a decade. Please move to using WITH_HESIOD instead or your builds
        will silently lack HESIOD.

20140405:
        The uart(4) driver has been changed with respect to its handling
        of the low-level console. Previously the uart(4) driver prevented
        any process from changing the baudrate or the CLOCAL and HUPCL
        control flags. By removing the restrictions, operators can make
        changes to the serial console port without having to reboot.
        However, when getty(8) is started on the serial device that is
        associated with the low-level console, a misconfigured terminal
        line in /etc/ttys will now have a real impact.
        Before upgrading the kernel, make sure that /etc/ttys has the
        serial console device configured as 3wire without baudrate to
        preserve the previous behaviour. E.g:
            ttyu0  "/usr/libexec/getty 3wire"  vt100  on  secure

20140306:
        Support for libwrap (TCP wrappers) in rpcbind was disabled by default
        to improve performance.  To re-enable it, if needed, run rpcbind
        with command line option -W.

20140226:
        Switched back to the GPL dtc compiler due to updates in the upstream
        dts files not being supported by the BSDL dtc compiler. You will need
        to rebuild your kernel toolchain to pick up the new compiler. Core dumps
        may result while building dtb files during a kernel build if you fail
        to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler.

20140216:
        Clang and llvm have been upgraded to 3.4 release.

20140216:
        The nve(4) driver has been removed.  Please use the nfe(4) driver
        for NVIDIA nForce MCP Ethernet adapters instead.

20140212:
        An ABI incompatibility crept into the libc++ 3.4 import in r261283.
        This could cause certain C++ applications using shared libraries built
        against the previous version of libc++ to crash.  The incompatibility
        has now been fixed, but any C++ applications or shared libraries built
        between r261283 and r261801 should be recompiled.

20140204:
        OpenSSH will now ignore errors caused by kernel lacking of Capsicum
        capability mode support.  Please note that enabling the feature in
        kernel is still highly recommended.

20140131:
        OpenSSH is now built with sandbox support, and will use sandbox as
        the default privilege separation method.  This requires Capsicum
        capability mode support in kernel.

20140128:
        The libelf and libdwarf libraries have been updated to newer
        versions from upstream. Shared library version numbers for
        these two libraries were bumped. Any ports or binaries
        requiring these two libraries should be recompiled.
        __FreeBSD_version is bumped to 1100006.

20140110:
        If a Makefile in a tests/ directory was auto-generating a Kyuafile
        instead of providing an explicit one, this would prevent such
        Makefile from providing its own Kyuafile in the future during
        NO_CLEAN builds.  This has been fixed in the Makefiles but manual
        intervention is needed to clean an objdir if you use NO_CLEAN:
          # find /usr/obj -name Kyuafile | xargs rm -f

20131213:
        The behavior of gss_pseudo_random() for the krb5 mechanism
        has changed, for applications requesting a longer random string
        than produced by the underlying enctype's pseudo-random() function.
        In particular, the random string produced from a session key of
        enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
        be different at the 17th octet and later, after this change.
        The counter used in the PRF+ construction is now encoded as a
        big-endian integer in accordance with RFC 4402.
        __FreeBSD_version is bumped to 1100004.

20131108:
        The WITHOUT_ATF build knob has been removed and its functionality
        has been subsumed into the more generic WITHOUT_TESTS.  If you were
        using the former to disable the build of the ATF libraries, you
        should change your settings to use the latter.

20131025:
        The default version of mtree is nmtree which is obtained from
        NetBSD.  The output is generally the same, but may vary
        slightly.  If you found you need identical output adding
        "-F freebsd9" to the command line should do the trick.  For the
        time being, the old mtree is available as fmtree.

20131014:
        libbsdyml has been renamed to libyaml and moved to /usr/lib/private.
        This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg
        1.1.4_8 and verify bsdyml not linked in, before running "make
        delete-old-libs":
          # make -C /usr/ports/ports-mgmt/pkg build deinstall install clean
          or
          # pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml

20131010:
        The stable/10 branch has been created in subversion from head
        revision r256279.

20131010:
        The rc.d/jail script has been updated to support jail(8)
        configuration file.  The "jail_<jname>_*" rc.conf(5) variables
        for per-jail configuration are automatically converted to
        /var/run/jail.<jname>.conf before the jail(8) utility is invoked.
        This is transparently backward compatible.  See below about some
        incompatibilities and rc.conf(5) manual page for more details.

        These variables are now deprecated in favor of jail(8) configuration
        file.  One can use "rc.d/jail config <jname>" command to generate
        a jail(8) configuration file in /var/run/jail.<jname>.conf without
        running the jail(8) utility.   The default pathname of the
        configuration file is /etc/jail.conf and can be specified by
        using $jail_conf or $jail_<jname>_conf variables.

        Please note that jail_devfs_ruleset accepts an integer at
        this moment.  Please consider to rewrite the ruleset name
        with an integer.

20130930:
        BIND has been removed from the base system.  If all you need
        is a local resolver, simply enable and start the local_unbound
        service instead.  Otherwise, several versions of BIND are
        available in the ports tree.   The dns/bind99 port is one example.

        With this change, nslookup(1) and dig(1) are no longer in the base
        system.  Users should instead use host(1) and drill(1) which are
        in the base system.  Alternatively, nslookup and dig can
        be obtained by installing the dns/bind-tools port.

20130916:
        With the addition of unbound(8), a new unbound user is now
        required during installworld.  "mergemaster -p" can be used to
        add the user prior to installworld, as documented in the handbook.

20130911:
        OpenSSH is now built with DNSSEC support, and will by default
        silently trust signed SSHFP records.  This can be controlled with
        the VerifyHostKeyDNS client configuration setting.  DNSSEC support
        can be disabled entirely with the WITHOUT_LDNS option in src.conf.

20130906:
        The GNU Compiler Collection and C++ standard library (libstdc++)
        are no longer built by default on platforms where clang is the system
        compiler.  You can enable them with the WITH_GCC and WITH_GNUCXX
        options in src.conf.

20130905:
        The PROCDESC kernel option is now part of the GENERIC kernel
        configuration and is required for the rwhod(8) to work.
        If you are using custom kernel configuration, you should include
        'options PROCDESC'.

20130905:
        The API and ABI related to the Capsicum framework was modified
        in backward incompatible way. The userland libraries and programs
        have to be recompiled to work with the new kernel. This includes the
        following libraries and programs, but the whole buildworld is
        advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl,
        kdump, procstat, rwho, rwhod, uniq.

20130903:
        AES-NI intrinsic support has been added to gcc.  The AES-NI module
        has been updated to use this support.  A new gcc is required to build
        the aesni module on both i386 and amd64.

20130821:
        The PADLOCK_RNG and RDRAND_RNG kernel options are now devices.
        Thus "device padlock_rng" and "device rdrand_rng" should be
        used instead of "options PADLOCK_RNG" & "options RDRAND_RNG".

20130813:
        WITH_ICONV has been split into two feature sets.  WITH_ICONV now
        enables just the iconv* functionality and is now on by default.
        WITH_LIBICONV_COMPAT enables the libiconv api and link time
        compatibility.  Set WITHOUT_ICONV to build the old way.
        If you have been using WITH_ICONV before, you will very likely
        need to turn on WITH_LIBICONV_COMPAT.

20130806:
        INVARIANTS option now enables DEBUG for code with OpenSolaris and
        Illumos origin, including ZFS.  If you have INVARIANTS in your
        kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG
        explicitly.
        DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS)
        locks if WITNESS option was set.  Because that generated a lot of
        witness(9) reports and all of them were believed to be false
        positives, this is no longer done.  New option OPENSOLARIS_WITNESS
        can be used to achieve the previous behavior.

20130806:
        Timer values in IPv6 data structures now use time_uptime instead
        of time_second.  Although this is not a user-visible functional
        change, userland utilities which directly use them---ndp(8),
        rtadvd(8), and rtsold(8) in the base system---need to be updated
        to r253970 or later.

20130802:
        find -delete can now delete the pathnames given as arguments,
        instead of only files found below them or if the pathname did
        not contain any slashes. Formerly, the following error message
        would result:

        find: -delete: <path>: relative path potentially not safe

        Deleting the pathnames given as arguments can be prevented
        without error messages using -mindepth 1 or by changing
        directory and passing "." as argument to find. This works in the
        old as well as the new version of find.

20130726:
        Behavior of devfs rules path matching has been changed.
        Pattern is now always matched against fully qualified devfs
        path and slash characters must be explicitly matched by
        slashes in pattern (FNM_PATHNAME). Rulesets involving devfs
        subdirectories must be reviewed.

20130716:
        The default ARM ABI has changed to the ARM EABI. The old ABI is
        incompatible with the ARM EABI and all programs and modules will
        need to be rebuilt to work with a new kernel.

        To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set.

        NOTE: Support for the old ABI will be removed in the future and
        users are advised to upgrade.

20130709:
        pkg_install has been disconnected from the build if you really need it
        you should add WITH_PKGTOOLS in your src.conf(5).

20130709:
        Most of network statistics structures were changed to be able
        keep 64-bits counters. Thus all tools, that work with networking
        statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.)

20130618:
        Fix a bug that allowed a tracing process (e.g. gdb) to write
        to a memory-mapped file in the traced process's address space
        even if neither the traced process nor the tracing process had
        write access to that file.

20130615:
        CVS has been removed from the base system.  An exact copy
        of the code is available from the devel/cvs port.

20130613:
        Some people report the following error after the switch to bmake:

                make: illegal option -- J
                usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable]
                        ...
                *** [buildworld] Error code 2

        this likely due to an old instance of make in
        ${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE})
        which src/Makefile will use that blindly, if it exists, so if
        you see the above error:

                rm -rf `make -V MAKEPATH`

        should resolve it.

20130516:
        Use bmake by default.
        Whereas before one could choose to build with bmake via
        -DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old
        make. The goal is to remove these knobs for 10-RELEASE.

        It is worth noting that bmake (like gmake) treats the command
        line as the unit of failure, rather than statements within the
        command line.  Thus '(cd some/where && dosomething)' is safer
        than 'cd some/where; dosomething'. The '()' allows consistent
        behavior in parallel build.

20130429:
        Fix a bug that allows NFS clients to issue READDIR on files.

20130426:
        The WITHOUT_IDEA option has been removed because
        the IDEA patent expired.

20130426:
        The sysctl which controls TRIM support under ZFS has been renamed
        from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been
        enabled by default.

20130425:
        The mergemaster command now uses the default MAKEOBJDIRPREFIX
        rather than creating it's own in the temporary directory in
        order allow access to bootstrapped versions of tools such as
        install and mtree.  When upgrading from version of FreeBSD where
        the install command does not support -l, you will need to
        install a new mergemaster command if mergemaster -p is required.
        This can be accomplished with the command (cd src/usr.sbin/mergemaster
        && make install).

20130404:
        Legacy ATA stack, disabled and replaced by new CAM-based one since
        FreeBSD 9.0, completely removed from the sources.  Kernel modules
        atadisk and atapi*, user-level tools atacontrol and burncd are
        removed.  Kernel option `options ATA_CAM` is now permanently enabled
        and removed.

20130319:
        SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2)
        and socketpair(2). Software, in particular Kerberos, may
        automatically detect and use these during building. The resulting
        binaries will not work on older kernels.

20130308:
        CTL_DISABLE has also been added to the sparc64 GENERIC (for further
        information, see the respective 20130304 entry).

20130304:
        Recent commits to callout(9) changed the size of struct callout,
        so the KBI is probably heavily disturbed. Also, some functions
        in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced
        by macros. Every kernel module using it won't load, so rebuild
        is requested.

        The ctl device has been re-enabled in GENERIC for i386 and amd64,
        but does not initialize by default (because of the new CTL_DISABLE
        option) to save memory.  To re-enable it, remove the CTL_DISABLE
        option from the kernel config file or set kern.cam.ctl.disable=0
        in /boot/loader.conf.

20130301:
        The ctl device has been disabled in GENERIC for i386 and amd64.
        This was done due to the extra memory being allocated at system
        initialisation time by the ctl driver which was only used if
        a CAM target device was created.  This makes a FreeBSD system
        unusable on 128MB or less of RAM.

20130208:
        A new compression method (lz4) has been merged to -HEAD.  Please
        refer to zpool-features(7) for more information.

        Please refer to the "ZFS notes" section of this file for information
        on upgrading boot ZFS pools.

20130129:
        A BSD-licensed patch(1) variant has been added and is installed
        as bsdpatch, being the GNU version the default patch.
        To inverse the logic and use the BSD-licensed one as default,
        while having the GNU version installed as gnupatch, rebuild
        and install world with the WITH_BSD_PATCH knob set.

20130121:
        Due to the use of the new -l option to install(1) during build
        and install, you must take care not to directly set the INSTALL
        make variable in your /etc/make.conf, /etc/src.conf, or on the
        command line.  If you wish to use the -C flag for all installs
        you may be able to add INSTALL+=-C to /etc/make.conf or
        /etc/src.conf.

20130118:
        The install(1) option -M has changed meaning and now takes an
        argument that is a file or path to append logs to.  In the
        unlikely event that -M was the last option on the command line
        and the command line contained at least two files and a target
        directory the first file will have logs appended to it.  The -M
        option served little practical purpose in the last decade so its
        use is expected to be extremely rare.

20121223:
        After switching to Clang as the default compiler some users of ZFS
        on i386 systems started to experience stack overflow kernel panics.
        Please consider using 'options KSTACK_PAGES=4' in such configurations.

20121222:
        GEOM_LABEL now mangles label names read from file system metadata.
        Mangling affect labels containing spaces, non-printable characters,
        '%' or '"'. Device names in /etc/fstab and other places may need to
        be updated.

20121217:
        By default, only the 10 most recent kernel dumps will be saved.  To
        restore the previous behaviour (no limit on the number of kernel dumps
        stored in the dump directory) add the following line to /etc/rc.conf:

                savecore_flags=""

20121201:
        With the addition of auditdistd(8), a new auditdistd user is now
        required during installworld.  "mergemaster -p" can be used to
        add the user prior to installworld, as documented in the handbook.

20121117:
        The sin6_scope_id member variable in struct sockaddr_in6 is now
        filled by the kernel before passing the structure to the userland via
        sysctl or routing socket.  This means the KAME-specific embedded scope
        id in sin6_addr.s6_addr[2] is always cleared in userland application.
        This behavior can be controlled by net.inet6.ip6.deembed_scopeid.
        __FreeBSD_version is bumped to 1000025.

20121105:
        On i386 and amd64 systems WITH_CLANG_IS_CC is now the default.
        This means that the world and kernel will be compiled with clang
        and that clang will be installed as /usr/bin/cc, /usr/bin/c++,
        and /usr/bin/cpp.  To disable this behavior and revert to building
        with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions
        of current may need to bootstrap WITHOUT_CLANG first if the clang
        build fails (its compatibility window doesn't extend to the 9 stable
        branch point).

20121102:
        The IPFIREWALL_FORWARD kernel option has been removed. Its
        functionality now turned on by default.

20121023:
        The ZERO_COPY_SOCKET kernel option has been removed and
        split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP.
        NB: SOCKET_SEND_COW uses the VM page based copy-on-write
        mechanism which is not safe and may result in kernel crashes.
        NB: The SOCKET_RECV_PFLIP mechanism is useless as no current
        driver supports disposeable external page sized mbuf storage.
        Proper replacements for both zero-copy mechanisms are under
        consideration and will eventually lead to complete removal
        of the two kernel options.

20121023:
        The IPv4 network stack has been converted to network byte
        order. The following modules need to be recompiled together
        with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4),
        pf(4), ipfw(4), ng_ipfw(4), stf(4).

20121022:
        Support for non-MPSAFE filesystems was removed from VFS. The
        VFS_VERSION was bumped, all filesystem modules shall be
        recompiled.

20121018:
        All the non-MPSAFE filesystems have been disconnected from
        the build. The full list includes: codafs, hpfs, ntfs, nwfs,
        portalfs, smbfs, xfs.

20121016:
        The interface cloning API and ABI has changed. The following
        modules need to be recompiled together with kernel:
        ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4),
        vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4),
        faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4).

20121015:
        The sdhci driver was split in two parts: sdhci (generic SD Host
        Controller logic) and sdhci_pci (actual hardware driver).
        No kernel config modifications are required, but if you
        load sdhc as a module you must switch to sdhci_pci instead.

20121014:
        Import the FUSE kernel and userland support into base system.

20121013:
        The GNU sort(1) program has been removed since the BSD-licensed
        sort(1) has been the default for quite some time and no serious
        problems have been reported.  The corresponding WITH_GNU_SORT
        knob has also gone.

20121006:
        The pfil(9) API/ABI for AF_INET family has been changed. Packet
        filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled
        with new kernel.

20121001:
        The net80211(4) ABI has been changed to allow for improved driver
        PS-POLL and power-save support.  All wireless drivers need to be
        recompiled to work with the new kernel.

20120913:
        The random(4) support for the VIA hardware random number
        generator (`PADLOCK') is no longer enabled unconditionally.
        Add the padlock_rng device in the custom kernel config if
        needed.  The GENERIC kernels on i386 and amd64 do include the
        device, so the change only affects the custom kernel
        configurations.

20120908:
        The pf(4) packet filter ABI has been changed. pfctl(8) and
        snmp_pf module need to be recompiled to work with new kernel.

20120828:
        A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
        to -HEAD. Pools that have empty_bpobj in active state can not be
        imported read-write with ZFS implementations that do not support
        this feature. For more information read the zpool-features(5)
        manual page.

20120727:
        The sparc64 ZFS loader has been changed to no longer try to auto-
        detect ZFS providers based on diskN aliases but now requires these
        to be explicitly listed in the OFW boot-device environment variable.

20120712:
        The OpenSSL has been upgraded to 1.0.1c.  Any binaries requiring
        libcrypto.so.6 or libssl.so.6 must be recompiled.  Also, there are
        configuration changes.  Make sure to merge /etc/ssl/openssl.cnf.

20120712:
        The following sysctls and tunables have been renamed for consistency
        with other variables:
          kern.cam.da.da_send_ordered   -> kern.cam.da.send_ordered
          kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered

20120628:
        The sort utility has been replaced with BSD sort.  For now, GNU sort
        is also available as "gnusort" or the default can be set back to
        GNU sort by setting WITH_GNU_SORT.  In this case, BSD sort will be
        installed as "bsdsort".

20120611:
        A new version of ZFS (pool version 5000) has been merged to -HEAD.
        Starting with this version the old system of ZFS pool versioning
        is superseded by "feature flags". This concept enables forward
        compatibility against certain future changes in functionality of ZFS
        pools. The first read-only compatible "feature flag" for ZFS pools
        is named "com.delphix:async_destroy". For more information
        read the new zpool-features(5) manual page.
        Please refer to the "ZFS notes" section of this file for information
        on upgrading boot ZFS pools.

20120417:
        The malloc(3) implementation embedded in libc now uses sources imported
        as contrib/jemalloc.  The most disruptive API change is to
        /etc/malloc.conf.  If your system has an old-style /etc/malloc.conf,
        delete it prior to installworld, and optionally re-create it using the
        new format after rebooting.  See malloc.conf(5) for details
        (specifically the TUNING section and the "opt.*" entries in the MALLCTL
        NAMESPACE section).

20120328:
        Big-endian MIPS TARGET_ARCH values no longer end in "eb".  mips64eb
        is now spelled mips64.  mipsn32eb is now spelled mipsn32.  mipseb is
        now spelled mips.  This is to aid compatibility with third-party
        software that expects this naming scheme in uname(3).  Little-endian
        settings are unchanged. If you are updating a big-endian mips64 machine
        from before this change, you may need to set MACHINE_ARCH=mips64 in
        your environment before the new build system will recognize your machine.

20120306:
        Disable by default the option VFS_ALLOW_NONMPSAFE for all supported
        platforms.

20120229:
        Now unix domain sockets behave "as expected" on nullfs(5). Previously
        nullfs(5) did not pass through all behaviours to the underlying layer,
        as a result if we bound to a socket on the lower layer we could connect
        only to the lower path; if we bound to the upper layer we could connect
        only to the upper path. The new behavior is one can connect to both the
        lower and the upper paths regardless what layer path one binds to.

20120211:
        The getifaddrs upgrade path broken with 20111215 has been restored.
        If you have upgraded in between 20111215 and 20120209 you need to
        recompile libc again with your kernel.  You still need to recompile
        world to be able to configure CARP but this restriction already
        comes from 20111215.

20120114:
        The set_rcvar() function has been removed from /etc/rc.subr.  All
        base and ports rc.d scripts have been updated, so if you have a
        port installed with a script in /usr/local/etc/rc.d you can either
        hand-edit the rcvar= line, or reinstall the port.

        An easy way to handle the mass-update of /etc/rc.d:
        rm /etc/rc.d/* && mergemaster -i

20120109:
        panic(9) now stops other CPUs in the SMP systems, disables interrupts
        on the current CPU and prevents other threads from running.
        This behavior can be reverted using the kern.stop_scheduler_on_panic
        tunable/sysctl.
        The new behavior can be incompatible with kern.sync_on_panic.

20111215:
        The carp(4) facility has been changed significantly. Configuration
        of the CARP protocol via ifconfig(8) has changed, as well as format
        of CARP events submitted to devd(8) has changed. See manual pages
        for more information. The arpbalance feature of carp(4) is currently
        not supported anymore.

        Size of struct in_aliasreq, struct in6_aliasreq has changed. User
        utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8),
        need to be recompiled.

20111122:
        The acpi_wmi(4) status device /dev/wmistat has been renamed to
        /dev/wmistat0.

20111108:
        The option VFS_ALLOW_NONMPSAFE option has been added in order to
        explicitely support non-MPSAFE filesystems.
        It is on by default for all supported platform at this present
        time.

20111101:
        The broken amd(4) driver has been replaced with esp(4) in the amd64,
        i386 and pc98 GENERIC kernel configuration files.

20110930:
        sysinstall has been removed

20110923:
        The stable/9 branch created in subversion.  This corresponds to the
        RELENG_9 branch in CVS.

COMMON ITEMS:

        General Notes
        -------------
        Avoid using make -j when upgrading.  While generally safe, there are
        sometimes problems using -j to upgrade.  If your upgrade fails with
        -j, please try again without -j.  From time to time in the past there
        have been problems using -j with buildworld and/or installworld.  This
        is especially true when upgrading between "distant" versions (eg one
        that cross a major release boundary or several minor releases, or when
        several months have passed on the -current branch).

        Sometimes, obscure build problems are the result of environment
        poisoning.  This can happen because the make utility reads its
        environment when searching for values for global variables.  To run
        your build attempts in an "environmental clean room", prefix all make
        commands with 'env -i '.  See the env(1) manual page for more details.

        When upgrading from one major version to another it is generally best
        to upgrade to the latest code in the currently installed branch first,
        then do an upgrade to the new branch. This is the best-tested upgrade
        path, and has the highest probability of being successful.  Please try
        this approach before reporting problems with a major version upgrade.

        When upgrading a live system, having a root shell around before
        installing anything can help undo problems. Not having a root shell
        around can lead to problems if pam has changed too much from your
        starting point to allow continued authentication after the upgrade.

        This file should be read as a log of events. When a later event changes
        information of a prior event, the prior event should not be deleted.
        Instead, a pointer to the entry with the new information should be
        placed in the old entry. Readers of this file should also sanity check
        older entries before relying on them blindly. Authors of new entries
        should write them with this in mind.

        ZFS notes
        ---------
        When upgrading the boot ZFS pool to a new version, always follow
        these two steps:

        1.) recompile and reinstall the ZFS boot loader and boot block
        (this is part of "make buildworld" and "make installworld")

        2.) update the ZFS boot block on your boot drive

        The following example updates the ZFS boot block on the first
        partition (freebsd-boot) of a GPT partitioned drive ada0:
        "gpart bootcode -p /boot/gptzfsboot -i 1 ada0"

        Non-boot pools do not need these updates.

        To build a kernel
        -----------------
        If you are updating from a prior version of FreeBSD (even one just
        a few days old), you should follow this procedure.  It is the most
        failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,

        make kernel-toolchain
        make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
        make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE

        To test a kernel once
        ---------------------
        If you just want to boot a kernel once (because you are not sure
        if it works, or if you want to boot a known bad kernel to provide
        debugging information) run
        make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
        nextboot -k testkernel

        To just build a kernel when you know that it won't mess you up
        --------------------------------------------------------------
        This assumes you are already running a CURRENT system.  Replace
        ${arch} with the architecture of your machine (e.g. "i386",
        "arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc).

        cd src/sys/${arch}/conf
        config KERNEL_NAME_HERE
        cd ../compile/KERNEL_NAME_HERE
        make depend
        make
        make install

        If this fails, go to the "To build a kernel" section.

        To rebuild everything and install it on the current system.
        -----------------------------------------------------------
        # Note: sometimes if you are running current you gotta do more than
        # is listed here if you are upgrading from a really old current.

        <make sure you have good level 0 dumps>
        make buildworld
        make kernel KERNCONF=YOUR_KERNEL_HERE
                                                        [1]
        <reboot in single user>                         [3]
        mergemaster -Fp                                 [5]
        make installworld
        mergemaster -Fi                                 [4]
        make delete-old                                 [6]
        <reboot>

        To cross-install current onto a separate partition
        --------------------------------------------------
        # In this approach we use a separate partition to hold
        # current's root, 'usr', and 'var' directories.   A partition
        # holding "/", "/usr" and "/var" should be about 2GB in
        # size.

        <make sure you have good level 0 dumps>
        <boot into -stable>
        make buildworld
        make buildkernel KERNCONF=YOUR_KERNEL_HERE
        <maybe newfs current's root partition>
        <mount current's root partition on directory ${CURRENT_ROOT}>
        make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC
        make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
        make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
        cp /etc/fstab ${CURRENT_ROOT}/etc/fstab                    # if newfs'd
        <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
        <reboot into current>
        <do a "native" rebuild/install as described in the previous section>
        <maybe install compatibility libraries from ports/misc/compat*>
        <reboot>


        To upgrade in-place from stable to current
        ----------------------------------------------
        <make sure you have good level 0 dumps>
        make buildworld                                 [9]
        make kernel KERNCONF=YOUR_KERNEL_HERE           [8]
                                                        [1]
        <reboot in single user>                         [3]
        mergemaster -Fp                                 [5]
        make installworld
        mergemaster -Fi                                 [4]
        make delete-old                                 [6]
        <reboot>

        Make sure that you've read the UPDATING file to understand the
        tweaks to various things you need.  At this point in the life
        cycle of current, things change often and you are on your own
        to cope.  The defaults can also change, so please read ALL of
        the UPDATING entries.

        Also, if you are tracking -current, you must be subscribed to
        freebsd-current@freebsd.org.  Make sure that before you update
        your sources that you have read and understood all the recent
        messages there.  If in doubt, please track -stable which has
        much fewer pitfalls.

        [1] If you have third party modules, such as vmware, you
        should disable them at this point so they don't crash your
        system on reboot.

        [3] From the bootblocks, boot -s, and then do
                fsck -p
                mount -u /
                mount -a
                cd src
                adjkerntz -i            # if CMOS is wall time
        Also, when doing a major release upgrade, it is required that
        you boot into single user mode to do the installworld.

        [4] Note: This step is non-optional.  Failure to do this step
        can result in a significant reduction in the functionality of the
        system.  Attempting to do it by hand is not recommended and those
        that pursue this avenue should read this file carefully, as well
        as the archives of freebsd-current and freebsd-hackers mailing lists
        for potential gotchas.  The -U option is also useful to consider.
        See mergemaster(8) for more information.

        [5] Usually this step is a noop.  However, from time to time
        you may need to do this if you get unknown user in the following
        step.  It never hurts to do it all the time.  You may need to
        install a new mergemaster (cd src/usr.sbin/mergemaster && make
        install) after the buildworld before this step if you last updated
        from current before 20130425 or from -stable before 20130430.

        [6] This only deletes old files and directories. Old libraries
        can be deleted by "make delete-old-libs", but you have to make
        sure that no program is using those libraries anymore.

        [8] In order to have a kernel that can run the 4.x binaries needed to
        do an installworld, you must include the COMPAT_FREEBSD4 option in
        your kernel.  Failure to do so may leave you with a system that is
        hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is
        required to run the 5.x binaries on more recent kernels.  And so on
        for COMPAT_FREEBSD6 and COMPAT_FREEBSD7.

        Make sure that you merge any new devices from GENERIC since the
        last time you updated your kernel config file.

        [9] When checking out sources, you must include the -P flag to have
        cvs prune empty directories.

        If CPUTYPE is defined in your /etc/make.conf, make sure to use the
        "?=" instead of the "=" assignment operator, so that buildworld can
        override the CPUTYPE if it needs to.

        MAKEOBJDIRPREFIX must be defined in an environment variable, and
        not on the command line, or in /etc/make.conf.  buildworld will
        warn if it is improperly defined.
FORMAT:

This file contains a list, in reverse chronological order, of major
breakages in tracking -current.  It is not guaranteed to be a complete
list of such breakages, and only contains entries since September 23, 2011.
If you need to see UPDATING entries from before that date, you will need
to fetch an UPDATING file from an older FreeBSD release.

Copyright information:

Copyright 1998-2009 M. Warner Losh.  All Rights Reserved.

Redistribution, publication, translation and use, with or without
modification, in full or in part, in any form or format of this
document are permitted without further permission from the author.

THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED.  IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.

Contact Warner Losh if you have any questions about your use of
this document.

$FreeBSD$