1 Updating Information for FreeBSD current users.
3 This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>.
4 See end of file for further details. For commonly done items, please see the
5 COMMON ITEMS: section later in the file. These instructions assume that you
6 basically know what you are doing. If not, then please consult the FreeBSD
9 https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
11 Items affecting the ports and packages system can be found in
12 /usr/ports/UPDATING. Please read that file before running portupgrade.
14 NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping
15 from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
16 the tip of head, and then rebuild without this option. The bootstrap process
17 from older version of current across the gcc/clang cutover is a bit fragile.
20 geom_uzip(4) depends on the new module xz. If geom_uzip is statically
21 compiled into your custom kernel, add 'device xz' statement to the
25 Co-existance for Forth and Lua interpreters in bootloaders has now been
26 merged to ease testing of lualoader. LOADER_DEFAULT_INTERP, documented
27 in build(7), may be used to control which interpreter flavor is used in
28 the default loader to be installed. For systems where Lua and Forth
29 coexist, this switch can also be made on a running system by creating a
30 link from /boot/loader{,.efi} to /boot/loader_${flavor}{,.efi} rather
31 than requiring a rebuild.
33 The default flavor in this branch will remain Forth. As indicated in
34 the 20190216 UPDATING entry, booting is a complex environment; it would
35 be prudent to assume that lualoader may not work for your setup and make
36 provisions for backup boot methods.
39 zfsloader's functionality has now been folded into loader.
40 zfsloader is no longer necesasary once you've updated your
41 boot blocks. For a transition period, we will install a
42 hardlink for zfsloader to loader to allow a smooth transition
43 until the boot blocks can be updated (hard link because old
44 zfs boot blocks don't understand symlinks).
47 Lualoader has been merged to facilitate testing on this branch. It's
48 purely opt-in for now by building WITH_LOADER_LUA and WITHOUT_FORTH in
49 /etc/src.conf, but co-existance will come shortly. Booting is a complex
50 environment and test coverage for Lua-enabled loaders has been thin, so
51 it would be prudent to assume it might not work and make provisions for
55 Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to
56 7.0.1. Please see the 20141231 entry below for information about
57 prerequisites and upgrading, if you are not already using clang 3.5.0
61 r342562 modifies the NFSv4 server so that it obeys vfs.nfsd.nfs_privport
62 in the same as it is applied to NFSv2 and 3. This implies that NFSv4
63 servers that have vfs.nfsd.nfs_privport set will only allow mounts
64 from clients using a reserved port#. Since both the FreeBSD and Linux
65 NFSv4 clients use reserved port#s by default, this should not affect
69 The '%I' format in the kern.corefile sysctl limits the number of
70 core files that a process can generate to the number stored in the
71 debug.ncores sysctl. The '%I' format is replaced by the single digit
72 index. Previously, if all indexes were taken the kernel would overwrite
73 only a core file with the highest index in a filename.
74 Currently the system will create a new core file if there is a free
75 index or if all slots are taken it will overwrite the oldest one.
78 WITH_OFED option now only enables the build for the OFED libraries
79 and some fundamental client utilities. OpenSM and rest of the
80 debugging tools are enabled by WITH_OFED_EXTRA build switch.
81 WITH_OFED is turned on by default on amd64.
84 Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to
85 6.0.1. Please see the 20141231 entry below for information about
86 prerequisites and upgrading, if you are not already using clang 3.5.0
90 The releng/11.2 branch has been created from stable/11@r334458.
93 The tz database (tzdb) has been updated to 2018e. This version more
94 correctly models time stamps in time zones with negative DST such as
95 Europe/Dublin (from 1971 on), Europe/Prague (1946/7), and
96 Africa/Windhoek (1994/2017). This does not affect the UT offsets, only
97 time zone abbreviations and the tm_isdst flag.
100 The use of RSS hash from the network card aka flowid has been
101 disabled by default for lagg(4) as it's currently incompatible with
102 the lacp and loadbalance protocols.
104 This can be re-enabled by setting the following in loader.conf:
105 net.link.lagg.default_use_flowid="1"
108 Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to
109 6.0.0. Please see the 20141231 entry below for information about
110 prerequisites and upgrading, if you are not already using clang 3.5.0
114 The LOADER_FIREWIRE_SUPPORT build variable as been renamed to
115 WITH/OUT_LOADER_FIREWIRE. LOADER_{NO_,}GELI_SUPPORT has been renamed
116 to WITH/OUT_LOADER_GELI.
119 The geli password typed at boot is now hidden. To restore the previous
120 behavior, see geli(8) for configuration options.
122 The SW_WATCHDOG option is no longer necessary to enable the
123 hardclock-based software watchdog if no hardware watchdog is
124 configured. As before, SW_WATCHDOG will cause the software
125 watchdog to be enabled even if a hardware watchdog is configured.
128 lint(1) binaries and library are no longer built by default. To
129 enable building them, define WITH_LINT in src.conf. If you are using
130 a FreeBSD 12 or later system to build 11-stable, you may need to
131 install a lint(1) binary to use WITH_LINT.
134 When building multiple kernels using KERNCONF, non-existent KERNCONF
135 files will produce an error and buildkernel will fail. Previously
136 missing KERNCONF files silently failed giving no indication as to
137 why, only to subsequently discover during installkernel that the
138 desired kernel was never built in the first place.
141 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 5.0.0.
142 Please see the 20141231 entry below for information about prerequisites
143 and upgrading, if you are not already using clang 3.5.0 or higher.
146 Since the switch to GPT disk labels, fsck for UFS/FFS has been
147 unable to automatically find alternate superblocks. As of r322806,
148 the information needed to find alternate superblocks has been
149 moved to the end of the area reserved for the boot block.
150 Filesystems created with a newfs of this vintage or later
151 will create the recovery information. If you have a filesystem
152 created prior to this change and wish to have a recovery block
153 created for your filesystem, you can do so by running fsck in
154 forground mode (i.e., do not use the -p or -y options). As it
155 starts, fsck will ask ``SAVE DATA TO FIND ALTERNATE SUPERBLOCKS''
156 to which you should answer yes.
159 The releng/11.1 branch has been created from stable/11@r320475.
162 arm64 builds now use the base system LLD 4.0.0 linker by default,
163 instead of requiring that the aarch64-binutils port or package be
164 installed. To continue using aarch64-binutils, set
165 CROSS_BINUTILS_PREFIX=/usr/local/aarch64-freebsd/bin .
168 The ctl.ko module no longer implements the iSCSI target frontend:
169 cfiscsi.ko does instead.
171 If building cfiscsi.ko as a kernel module, the module can be loaded
172 via one of the following methods:
173 - `cfiscsi_load="YES"` in loader.conf(5).
174 - Add `cfiscsi` to `$kld_list` in rc.conf(5).
175 - ctladm(8)/ctld(8), when compiled with iSCSI support
176 (`WITH_ISCSI=yes` in src.conf(5))
178 Please see cfiscsi(4) for more details.
181 The mmcsd.ko module now additionally depends on geom_flashmap.ko.
182 Also, mmc.ko and mmcsd.ko need to be a matching pair built from the
183 same source (previously, the dependency of mmcsd.ko on mmc.ko was
184 missing, but mmcsd.ko now will refuse to load if it is incompatible
188 Binds and sends to the loopback addresses, IPv6 and IPv4, will now
189 use any explicitly assigned loopback address available in the jail
190 instead of using the first assigned address of the jail.
193 As of r316810 for ipfilter, keep frags is no longer assumed when
194 keep state is specified in a rule. r316810 aligns ipfilter with
195 documentation in man pages separating keep frags from keep state.
196 This allows keep state to specified without forcing keep frags
197 and allows keep frags to be specified independently of keep state.
198 To maintain previous behaviour, also specify keep frags with
199 keep state (as documented in ipf.conf.5).
202 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 4.0.0.
203 Please see the 20141231 entry below for information about prerequisites
204 and upgrading, if you are not already using clang 3.5.0 or higher.
207 The code that provides support for ZFS .zfs/ directory functionality
208 has been reimplemented. It's not possible now to create a snapshot
209 by mkdir under .zfs/snapshot/. That should be the only user visible
213 Many changes in the IPsec code have been merged from the FreeBSD-CURRENT
214 branch. The IPSEC_FILTERTUNNEL kernel option is removed in favour of
215 corresponding sysctl. The IPSEC_NAT_T kernel option is also removed,
216 and now NAT-T is supported by default. Security associations now use
217 the single namespace for SPI allocation, so if you use several manually
218 configured security associations with the same SPI, this configuration
222 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.1.
223 Please see the 20141231 entry below for information about prerequisites
224 and upgrading, if you are not already using clang 3.5.0 or higher.
227 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.9.0.
228 Please see the 20141231 entry below for information about prerequisites
229 and upgrading, if you are not already using clang 3.5.0 or higher.
232 The layout of the pmap structure has changed for powerpc to put the pmap
233 statistics at the front for all CPU variations. libkvm(3) and all tools
234 that link against it need to be recompiled.
237 isl(4) and cyapa(4) drivers now require a new driver,
238 chromebook_platform(4), to work properly on Chromebook-class hardware.
239 On other types of hardware the drivers may need to be configured using
240 device hints. Please see the corresponding manual pages for details.
243 Relocatable object files with the extension of .So have been renamed
244 to use an extension of .pico instead. The purpose of this change is
245 to avoid a name clash with shared libraries on case-insensitive file
246 systems. On those file systems, foo.So is the same file as foo.so.
249 The releng/11.0 branch has been created from stable/11@r303970.
252 The stable/11 branch has been created from head@r302406.
255 The libc stub for the pipe(2) system call has been replaced with
256 a wrapper that calls the pipe2(2) system call and the pipe(2)
257 system call is now only implemented by the kernels that include
258 "options COMPAT_FREEBSD10" in their config file (this is the
259 default). Users should ensure that this option is enabled in
260 their kernel or upgrade userspace to r302092 before upgrading their
264 CAM will now strip leading spaces from SCSI disks' serial numbers.
265 This will effect users who create UFS filesystems on SCSI disks using
266 those disk's diskid device nodes. For example, if /etc/fstab
267 previously contained a line like
268 "/dev/diskid/DISK-%20%20%20%20%20%20%20ABCDEFG0123456", you should
269 change it to "/dev/diskid/DISK-ABCDEFG0123456". Users of geom
270 transforms like gmirror may also be affected. ZFS users should
274 The bitstring(3) API has been updated with new functionality and
275 improved performance. But it is binary-incompatible with the old API.
276 Objects built with the new headers may not be linked against objects
277 built with the old headers.
280 The brk and sbrk functions have been removed from libc on arm64.
281 Binutils from ports has been updated to not link to these
282 functions and should be updated to the latest version before
283 installing a new libc.
286 The armv6 port now defaults to hard float ABI. Limited support
287 for running both hardfloat and soft float on the same system
288 is available using the libraries installed with -DWITH_LIBSOFT.
289 This has only been tested as an upgrade path for installworld
290 and packages may fail or need manual intervention to run. New
291 packages will be needed.
293 To update an existing self-hosted armv6hf system, you must add
294 TARGET_ARCH=armv6 on the make command line for both the build
295 and the install steps.
298 Kernel modules compiled outside of a kernel build now default to
299 installing to /boot/modules instead of /boot/kernel. Many kernel
300 modules built this way (such as those in ports) already overrode
301 KMODDIR explicitly to install into /boot/modules. However,
302 manually building and installing a module from /sys/modules will
303 now install to /boot/modules instead of /boot/kernel.
306 The CAM I/O scheduler has been committed to the kernel. There should be
307 no user visible impact. This does enable NCQ Trim on ada SSDs. While the
308 list of known rogues that claim support for this but actually corrupt
309 data is believed to be complete, be on the lookout for data
310 corruption. The known rogue list is believed to be complete:
312 o Crucial MX100, M550 drives with MU01 firmware.
313 o Micron M510 and M550 drives with MU01 firmware.
314 o Micron M500 prior to MU07 firmware
315 o Samsung 830, 840, and 850 all firmwares
316 o FCCT M500 all firmwares
318 Crucial has firmware http://www.crucial.com/usa/en/support-ssd-firmware
319 with working NCQ TRIM. For Micron branded drives, see your sales rep for
320 updated firmware. Black listed drives will work correctly because these
321 drives work correctly so long as no NCQ TRIMs are sent to them. Given
322 this list is the same as found in Linux, it's believed there are no
323 other rogues in the market place. All other models from the above
326 To be safe, if you are at all concerned, you can quirk each of your
327 drives to prevent NCQ from being sent by setting:
328 kern.cam.ada.X.quirks="0x2"
329 in loader.conf. If the drive requires the 4k sector quirk, set the
333 The FAST_DEPEND build option has been removed and its functionality is
334 now the one true way. The old mkdep(1) style of 'make depend' has
335 been removed. See 20160311 for further details.
338 Resource range types have grown from unsigned long to uintmax_t. All
339 drivers, and anything using libdevinfo, need to be recompiled.
342 WITH_FAST_DEPEND is now enabled by default for in-tree and out-of-tree
343 builds. It no longer runs mkdep(1) during 'make depend', and the
344 'make depend' stage can safely be skipped now as it is auto ran
345 when building 'make all' and will generate all SRCS and DPSRCS before
346 building anything else. Dependencies are gathered at compile time with
347 -MF flags kept in separate .depend files per object file. Users should
348 run 'make cleandepend' once if using -DNO_CLEAN to clean out older
352 On amd64, clang 3.8.0 can now insert sections of type AMD64_UNWIND into
353 kernel modules. Therefore, if you load any kernel modules at boot time,
354 please install the boot loaders after you install the kernel, but before
358 make kernel KERNCONF=YOUR_KERNEL_HERE
359 make -C sys/boot install
360 <reboot in single user>
362 Then follow the usual steps, described in the General Notes section,
366 Clang, llvm, lldb and compiler-rt have been upgraded to 3.8.0. Please
367 see the 20141231 entry below for information about prerequisites and
368 upgrading, if you are not already using clang 3.5.0 or higher.
371 The AIO subsystem is now a standard part of the kernel. The
372 VFS_AIO kernel option and aio.ko kernel module have been removed.
373 Due to stability concerns, asynchronous I/O requests are only
374 permitted on sockets and raw disks by default. To enable
375 asynchronous I/O requests on all file types, set the
376 vfs.aio.enable_unsafe sysctl to a non-zero value.
379 The ELF object manipulation tool objcopy is now provided by the
380 ELF Tool Chain project rather than by GNU binutils. It should be a
381 drop-in replacement, with the addition of arm64 support. The
382 (temporary) src.conf knob WITHOUT_ELFCOPY_AS_OBJCOPY knob may be set
383 to obtain the GNU version if necessary.
386 Building ZFS pools on top of zvols is prohibited by default. That
387 feature has never worked safely; it's always been prone to deadlocks.
388 Using a zvol as the backing store for a VM guest's virtual disk will
389 still work, even if the guest is using ZFS. Legacy behavior can be
390 restored by setting vfs.zfs.vol.recursive=1.
393 The NONE and HPN patches has been removed from OpenSSH. They are
394 still available in the security/openssh-portable port.
397 With the addition of ypldap(8), a new _ypldap user is now required
398 during installworld. "mergemaster -p" can be used to add the user
399 prior to installworld, as documented in the handbook.
402 The tftp loader (pxeboot) now uses the option root-path directive. As a
403 consequence it no longer looks for a pxeboot.4th file on the tftp
404 server. Instead it uses the regular /boot infrastructure as with the
408 The code to start recording plug and play data into the modules has
409 been committed. While the old tools will properly build a new kernel,
410 a number of warnings about "unknown metadata record 4" will be produced
411 for an older kldxref. To avoid such warnings, make sure to rebuild
412 the kernel toolchain (or world). Make sure that you have r292078 or
413 later when trying to build 292077 or later before rebuilding.
416 Debug data files are now built by default with 'make buildworld' and
417 installed with 'make installworld'. This facilitates debugging but
418 requires more disk space both during the build and for the installed
419 world. Debug files may be disabled by setting WITHOUT_DEBUG_FILES=yes
423 r291527 changed the internal interface between the nfsd.ko and
424 nfscommon.ko modules. As such, they must both be upgraded to-gether.
425 __FreeBSD_version has been bumped because of this.
428 Add support for unicode collation strings leads to a change of
429 order of files listed by ls(1) for example. To get back to the old
430 behaviour, set LC_COLLATE environment variable to "C".
432 Databases administrators will need to reindex their databases given
433 collation results will be different.
435 Due to a bug in install(1) it is recommended to remove the ancient
436 locales before running make installworld.
438 rm -rf /usr/share/locale/*
441 The OpenSSL has been upgraded to 1.0.2d. Any binaries requiring
442 libcrypto.so.7 or libssl.so.7 must be recompiled.
445 Qlogic 24xx/25xx firmware images were updated from 5.5.0 to 7.3.0.
446 Kernel modules isp_2400_multi and isp_2500_multi were removed and
447 should be replaced with isp_2400 and isp_2500 modules respectively.
450 The build previously allowed using 'make -n' to not recurse into
451 sub-directories while showing what commands would be executed, and
452 'make -n -n' to recursively show commands. Now 'make -n' will recurse
453 and 'make -N' will not.
456 If you specify SENDMAIL_MC or SENDMAIL_CF in make.conf, mergemaster
457 and etcupdate will now use this file. A custom sendmail.cf is now
458 updated via this mechanism rather than via installworld. If you had
459 excluded sendmail.cf in mergemaster.rc or etcupdate.conf, you may
460 want to remove the exclusion or change it to "always install".
461 /etc/mail/sendmail.cf is now managed the same way regardless of
462 whether SENDMAIL_MC/SENDMAIL_CF is used. If you are not using
463 SENDMAIL_MC/SENDMAIL_CF there should be no change in behavior.
466 Compatibility shims for legacy ATA device names have been removed.
467 It includes ATA_STATIC_ID kernel option, kern.cam.ada.legacy_aliases
468 and kern.geom.raid.legacy_aliases loader tunables, kern.devalias.*
469 environment variables, /dev/ad* and /dev/ar* symbolic links.
472 Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 3.7.0.
473 Please see the 20141231 entry below for information about prerequisites
474 and upgrading, if you are not already using clang 3.5.0 or higher.
477 Kernel debug files have been moved to /usr/lib/debug/boot/kernel/,
478 and renamed from .symbols to .debug. This reduces the size requirements
479 on the boot partition or file system and provides consistency with
480 userland debug files.
482 When using the supported kernel installation method the
483 /usr/lib/debug/boot/kernel directory will be renamed (to kernel.old)
484 as is done with /boot/kernel.
486 Developers wishing to maintain the historical behavior of installing
487 debug files in /boot/kernel/ can set KERN_DEBUGDIR="" in src.conf(5).
490 The wireless drivers had undergone changes that remove the 'parent
491 interface' from the ifconfig -l output. The rc.d network scripts
492 used to check presence of a parent interface in the list, so old
493 scripts would fail to start wireless networking. Thus, etcupdate(3)
494 or mergemaster(8) run is required after kernel update, to update your
495 rc.d scripts in /etc.
498 pf no longer supports 'scrub fragment crop' or 'scrub fragment drop-ovl'
499 These configurations are now automatically interpreted as
500 'scrub fragment reassemble'.
503 Kernel-loadable modules for the random(4) device are back. To use
504 them, the kernel must have
507 options RANDOM_LOADABLE
509 kldload(8) can then be used to load random_fortuna.ko
510 or random_yarrow.ko. Please note that due to the indirect
511 function calls that the loadable modules need to provide,
512 the build-in variants will be slightly more efficient.
514 The random(4) kernel option RANDOM_DUMMY has been retired due to
515 unpopularity. It was not all that useful anyway.
518 The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired.
519 Control over building the ELF Tool Chain tools is now provided by
520 the WITHOUT_TOOLCHAIN knob.
523 The polarity of Pulse Per Second (PPS) capture events with the
524 uart(4) driver has been corrected. Prior to this change the PPS
525 "assert" event corresponded to the trailing edge of a positive PPS
526 pulse and the "clear" event was the leading edge of the next pulse.
528 As the width of a PPS pulse in a typical GPS receiver is on the
529 order of 1 millisecond, most users will not notice any significant
530 difference with this change.
532 Anyone who has compensated for the historical polarity reversal by
533 configuring a negative offset equal to the pulse width will need to
534 remove that workaround.
537 The default group assigned to /dev/dri entries has been changed
538 from 'wheel' to 'video' with the id of '44'. If you want to have
539 access to the dri devices please add yourself to the video group
542 # pw groupmod video -m $USER
545 The menu.rc and loader.rc files will now be replaced during
546 upgrades. Please migrate local changes to menu.rc.local and
547 loader.rc.local instead.
550 GNU Binutils versions of addr2line, c++filt, nm, readelf, size,
551 strings and strip have been removed. The src.conf(5) knob
552 WITHOUT_ELFTOOLCHAIN_TOOLS no longer provides the binutils tools.
555 As ZFS requires more kernel stack pages than is the default on some
556 architectures e.g. i386, it now warns if KSTACK_PAGES is less than
557 ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing).
559 Please consider using 'options KSTACK_PAGES=X' where X is greater
560 than or equal to ZFS_MIN_KSTACK_PAGES i.e. 4 in such configurations.
563 sendmail has been updated to 8.15.2. Starting with FreeBSD 11.0
564 and sendmail 8.15, sendmail uses uncompressed IPv6 addresses by
565 default, i.e., they will not contain "::". For example, instead
566 of ::1, it will be 0:0:0:0:0:0:0:1. This permits a zero subnet
567 to have a more specific match, such as different map entries for
568 IPv6:0:0 vs IPv6:0. This change requires that configuration
569 data (including maps, files, classes, custom ruleset, etc.) must
570 use the same format, so make certain such configuration data is
571 upgrading. As a very simple check search for patterns like
572 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. To return to the old
573 behavior, set the m4 option confUSE_COMPRESSED_IPV6_ADDRESSES or
574 the cf option UseCompressedIPv6Addresses.
577 The default kernel entropy-processing algorithm is now
578 Fortuna, replacing Yarrow.
580 Assuming you have 'device random' in your kernel config
581 file, the configurations allow a kernel option to override
582 this default. You may choose *ONE* of:
584 options RANDOM_YARROW # Legacy /dev/random algorithm.
585 options RANDOM_DUMMY # Blocking-only driver.
587 If you have neither, you get Fortuna. For most people,
588 read no further, Fortuna will give a /dev/random that works
589 like it always used to, and the difference will be irrelevant.
591 If you remove 'device random', you get *NO* kernel-processed
592 entropy at all. This may be acceptable to folks building
593 embedded systems, but has complications. Carry on reading,
594 and it is assumed you know what you need.
596 *PLEASE* read random(4) and random(9) if you are in the
597 habit of tweaking kernel configs, and/or if you are a member
598 of the embedded community, wanting specific and not-usual
599 behaviour from your security subsystems.
601 NOTE!! If you use RANDOM_DUMMY and/or have no 'device
602 random', you will NOT have a functioning /dev/random, and
603 many cryptographic features will not work, including SSH.
604 You may also find strange behaviour from the random(3) set
605 of library functions, in particular sranddev(3), srandomdev(3)
606 and arc4random(3). The reason for this is that the KERN_ARND
607 sysctl only returns entropy if it thinks it has some to
608 share, and with RANDOM_DUMMY or no 'device random' this
612 An additional fix for the issue described in the 20150614 sendmail
613 entry below has been been committed in revision 284717.
616 FreeBSD's old make (fmake) has been removed from the system. It is
617 available as the devel/fmake port or via pkg install fmake.
620 The fix for the issue described in the 20150614 sendmail entry
621 below has been been committed in revision 284436. The work
622 around described in that entry is no longer needed unless the
623 default setting is overridden by a confDH_PARAMETERS configuration
624 setting of '5' or pointing to a 512 bit DH parameter file.
627 ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from
628 atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf
629 and devel/kyua to version 0.20+ and adjust any calling code to work
630 with Kyuafile and kyua.
633 The import of openssl to address the FreeBSD-SA-15:10.openssl
634 security advisory includes a change which rejects handshakes
635 with DH parameters below 768 bits. sendmail releases prior
636 to 8.15.2 (not yet released), defaulted to a 512 bit
637 DH parameter setting for client connections. To work around
638 this interoperability, sendmail can be configured to use a
639 2048 bit DH parameter by:
641 1. Edit /etc/mail/`hostname`.mc
642 2. If a setting for confDH_PARAMETERS does not exist or
643 exists and is set to a string beginning with '5',
645 3. If a setting for confDH_PARAMETERS exists and is set to
646 a file path, create a new file with:
647 openssl dhparam -out /path/to/file 2048
648 4. Rebuild the .cf file:
649 cd /etc/mail/; make; make install
651 cd /etc/mail/; make restart
653 A sendmail patch is coming, at which time this file will be
657 Generation of legacy formatted entries have been disabled by default
658 in pwd_mkdb(8), as all base system consumers of the legacy formatted
659 entries were converted to use the new format by default when the new,
660 machine independent format have been added and supported since FreeBSD
663 Please see the pwd_mkdb(8) manual page for further details.
666 Clang and llvm have been upgraded to 3.6.1 release. Please see the
667 20141231 entry below for information about prerequisites and upgrading,
668 if you are not already using 3.5.0 or higher.
671 TI platform code switched to using vendor DTS files and this update
672 may break existing systems running on Beaglebone, Beaglebone Black,
675 - dtb files should be regenerated/reinstalled. Filenames are the
676 same but content is different now
677 - GPIO addressing was changed, now each GPIO bank (32 pins per bank)
678 has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old
679 addressing scheme is now pin 25 on /dev/gpioc3.
680 - Pandaboard: /etc/ttys should be updated, serial console device is
681 now /dev/ttyu2, not /dev/ttyu0
684 soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim.
685 If you need the GNU extension from groff soelim(1), install groff
686 from package: pkg install groff, or via ports: textproc/groff.
689 chmod, chflags, chown and chgrp now affect symlinks in -R mode as
690 defined in symlink(7); previously symlinks were silently ignored.
693 The const qualifier has been removed from iconv(3) to comply with
694 POSIX. The ports tree is aware of this from r384038 onwards.
697 Libraries specified by LIBADD in Makefiles must have a corresponding
698 DPADD_<lib> variable to ensure correct dependencies. This is now
699 enforced in src.libnames.mk.
702 From legacy ata(4) driver was removed support for SATA controllers
703 supported by more functional drivers ahci(4), siis(4) and mvs(4).
704 Kernel modules ataahci and ataadaptec were removed completely,
705 replaced by ahci and mvs modules respectively.
708 Clang, llvm and lldb have been upgraded to 3.6.0 release. Please see
709 the 20141231 entry below for information about prerequisites and
710 upgrading, if you are not already using 3.5.0 or higher.
713 The 32-bit PowerPC kernel has been changed to a position-independent
714 executable. This can only be booted with a version of loader(8)
715 newer than January 31, 2015, so make sure to update both world and
716 kernel before rebooting.
719 If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014),
720 but before r278950, the RNG was not seeded properly. Immediately
721 upgrade the kernel to r278950 or later and regenerate any keys (e.g.
722 ssh keys or openssl keys) that were generated w/ a kernel from that
723 range. This does not affect programs that directly used /dev/random
724 or /dev/urandom. All userland uses of arc4random(3) are affected.
727 The autofs(4) ABI was changed in order to restore binary compatibility
728 with 10.1-RELEASE. The automountd(8) daemon needs to be rebuilt to work
732 The powerpc64 kernel has been changed to a position-independent
733 executable. This can only be booted with a new version of loader(8),
734 so make sure to update both world and kernel before rebooting.
737 Clang and llvm have been upgraded to 3.5.1 release. This is a bugfix
738 only release, no new features have been added. Please see the 20141231
739 entry below for information about prerequisites and upgrading, if you
740 are not already using 3.5.0.
743 ELF tools addr2line, elfcopy (strip), nm, size, and strings are now
744 taken from the ELF Tool Chain project rather than GNU binutils. They
745 should be drop-in replacements, with the addition of arm64 support.
746 The WITHOUT_ELFTOOLCHAIN_TOOLS= knob may be used to obtain the
747 binutils tools, if necessary. See 20150805 for updated information.
750 The default Unbound configuration now enables remote control
751 using a local socket. Users who have already enabled the
752 local_unbound service should regenerate their configuration
753 by running "service local_unbound setup" as root.
756 The GNU texinfo and GNU info pages have been removed.
757 To be able to view GNU info pages please install texinfo from ports.
760 Clang, llvm and lldb have been upgraded to 3.5.0 release.
762 As of this release, a prerequisite for building clang, llvm and lldb is
763 a C++11 capable compiler and C++11 standard library. This means that to
764 be able to successfully build the cross-tools stage of buildworld, with
765 clang as the bootstrap compiler, your system compiler or cross compiler
766 should either be clang 3.3 or later, or gcc 4.8 or later, and your
767 system C++ library should be libc++, or libdstdc++ from gcc 4.8 or
770 On any standard FreeBSD 10.x or 11.x installation, where clang and
771 libc++ are on by default (that is, on x86 or arm), this should work out
774 On 9.x installations where clang is enabled by default, e.g. on x86 and
775 powerpc, libc++ will not be enabled by default, so libc++ should be
776 built (with clang) and installed first. If both clang and libc++ are
777 missing, build clang first, then use it to build libc++.
779 On 8.x and earlier installations, upgrade to 9.x first, and then follow
780 the instructions for 9.x above.
782 Sparc64 and mips users are unaffected, as they still use gcc 4.2.1 by
783 default, and do not build clang.
785 Many embedded systems are resource constrained, and will not be able to
786 build clang in a reasonable time, or in some cases at all. In those
787 cases, cross building bootable systems on amd64 is a workaround.
789 This new version of clang introduces a number of new warnings, of which
790 the following are most likely to appear:
794 This warns in two cases, for both C and C++:
795 * When the code is trying to take the absolute value of an unsigned
796 quantity, which is effectively a no-op, and almost never what was
797 intended. The code should be fixed, if at all possible. If you are
798 sure that the unsigned quantity can be safely cast to signed, without
799 loss of information or undefined behavior, you can add an explicit
800 cast, or disable the warning.
802 * When the code is trying to take an absolute value, but the called
803 abs() variant is for the wrong type, which can lead to truncation.
804 If you want to disable the warning instead of fixing the code, please
805 make sure that truncation will not occur, or it might lead to unwanted
808 -Wtautological-undefined-compare and
809 -Wundefined-bool-conversion
811 These warn when C++ code is trying to compare 'this' against NULL, while
812 'this' should never be NULL in well-defined C++ code. However, there is
813 some legacy (pre C++11) code out there, which actively abuses this
814 feature, which was less strictly defined in previous C++ versions.
816 Squid and openjdk do this, for example. The warning can be turned off
817 for C++98 and earlier, but compiling the code in C++11 mode might result
818 in unexpected behavior; for example, the parts of the program that are
819 unreachable could be optimized away.
822 The old NFS client and server (kernel options NFSCLIENT, NFSSERVER)
823 kernel sources have been removed. The .h files remain, since some
824 utilities include them. This will need to be fixed later.
825 If "mount -t oldnfs ..." is attempted, it will fail.
826 If the "-o" option on mountd(8), nfsd(8) or nfsstat(1) is used,
827 the utilities will report errors.
830 The handling of LOCAL_LIB_DIRS has been altered to skip addition of
831 directories to top level SUBDIR variable when their parent
832 directory is included in LOCAL_DIRS. Users with build systems with
833 such hierarchies and without SUBDIR entries in the parent
834 directory Makefiles should add them or add the directories to
838 faith(4) and faithd(8) have been removed from the base system. Faith
839 has been obsolete for a very long time.
842 vt(4), the new console driver, is enabled by default. It brings
843 support for Unicode and double-width characters, as well as
844 support for UEFI and integration with the KMS kernel video
847 You may need to update your console settings in /etc/rc.conf,
848 most probably the keymap. During boot, /etc/rc.d/syscons will
849 indicate what you need to do.
851 vt(4) still has issues and lacks some features compared to
852 syscons(4). See the wiki for up-to-date information:
853 https://wiki.freebsd.org/Newcons
855 If you want to keep using syscons(4), you can do so by adding
856 the following line to /boot/loader.conf:
860 pjdfstest has been integrated into kyua as an opt-in test suite.
861 Please see share/doc/pjdfstest/README for more details on how to
865 gperf has been removed from the base system for architectures
866 that use clang. Ports that require gperf will obtain it from the
870 pjdfstest has been moved from tools/regression/pjdfstest to
874 At svn r271982, The default linux compat kernel ABI has been adjusted
875 to 2.6.18 in support of the linux-c6 compat ports infrastructure
876 update. If you wish to continue using the linux-f10 compat ports,
877 add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are
878 encouraged to update their linux-compat packages to linux-c6 during
879 their next update cycle.
882 The ofwfb driver, used to provide a graphics console on PowerPC when
883 using vt(4), no longer allows mmap() of all physical memory. This
884 will prevent Xorg on PowerPC with some ATI graphics cards from
885 initializing properly unless x11-servers/xorg-server is updated to
889 The xdev targets have been converted to using TARGET and
890 TARGET_ARCH instead of XDEV and XDEV_ARCH.
893 The default unbound configuration has been modified to address
894 issues with reverse lookups on networks that use private
895 address ranges. If you use the local_unbound service, run
896 "service local_unbound setup" as root to regenerate your
897 configuration, then "service local_unbound reload" to load the
901 The GNU texinfo and GNU info pages are not built and installed
902 anymore, WITH_INFO knob has been added to allow to built and install
904 UPDATE: see 20150102 entry on texinfo's removal
907 The GNU readline library is now an INTERNALLIB - that is, it is
908 statically linked into consumers (GDB and variants) in the base
909 system, and the shared library is no longer installed. The
910 devel/readline port is available for third party software that
914 The Itanium architecture (ia64) has been removed from the list of
915 known architectures. This is the first step in the removal of the
919 Commit r268115 has added NFSv4.1 server support, merged from
920 projects/nfsv4.1-server. Since this includes changes to the
921 internal interfaces between the NFS related modules, a full
922 build of the kernel and modules will be necessary.
923 __FreeBSD_version has been bumped.
926 The WITHOUT_VT_SUPPORT kernel config knob has been renamed
927 WITHOUT_VT. (The other _SUPPORT knobs have a consistent meaning
928 which differs from the behaviour controlled by this knob.)
931 Maximal length of the serial number in CTL was increased from 16 to
932 64 chars, that breaks ABI. All CTL-related tools, such as ctladm
933 and ctld, need to be rebuilt to work with a new kernel.
936 The libatf-c and libatf-c++ major versions were downgraded to 0 and
937 1 respectively to match the upstream numbers. They were out of
938 sync because, when they were originally added to FreeBSD, the
939 upstream versions were not respected. These libraries are private
940 and not yet built by default, so renumbering them should be a
941 non-issue. However, unclean source trees will yield broken test
942 programs once the operator executes "make delete-old-libs" after a
945 Additionally, the atf-sh binary was made private by moving it into
946 /usr/libexec/. Already-built shell test programs will keep the
947 path to the old binary so they will break after "make delete-old"
950 If you are using WITH_TESTS=yes (not the default), wipe the object
951 tree and rebuild from scratch to prevent spurious test failures.
952 This is only needed once: the misnumbered libraries and misplaced
953 binaries have been added to OptionalObsoleteFiles.inc so they will
954 be removed during a clean upgrade.
957 Clang and llvm have been upgraded to 3.4.1 release.
960 We bogusly installed src.opts.mk in /usr/share/mk. This file should
961 be removed to avoid issues in the future (and has been added to
965 /etc/src.conf now affects only builds of the FreeBSD src tree. In the
966 past, it affected all builds that used the bsd.*.mk files. The old
967 behavior was a bug, but people may have relied upon it. To get this
968 behavior back, you can .include /etc/src.conf from /etc/make.conf
969 (which is still global and isn't changed). This also changes the
970 behavior of incremental builds inside the tree of individual
971 directories. Set MAKESYSPATH to ".../share/mk" to do that.
972 Although this has survived make universe and some upgrade scenarios,
973 other upgrade scenarios may have broken. At least one form of
974 temporary breakage was fixed with MAKESYSPATH settings for buildworld
975 as well... In cases where MAKESYSPATH isn't working with this
976 setting, you'll need to set it to the full path to your tree.
978 One side effect of all this cleaning up is that bsd.compiler.mk
979 is no longer implicitly included by bsd.own.mk. If you wish to
980 use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk
984 The lindev device has been removed since /dev/full has been made a
985 standard device. __FreeBSD_version has been bumped.
988 The knob WITHOUT_VI was added to the base system, which controls
989 building ex(1), vi(1), etc. Older releases of FreeBSD required ex(1)
990 in order to reorder files share/termcap and didn't build ex(1) as a
991 build tool, so building/installing with WITH_VI is highly advised for
992 build hosts for older releases.
994 This issue has been fixed in stable/9 and stable/10 in r277022 and
995 r276991, respectively.
998 The YES_HESIOD knob has been removed. It has been obsolete for
999 a decade. Please move to using WITH_HESIOD instead or your builds
1000 will silently lack HESIOD.
1003 The uart(4) driver has been changed with respect to its handling
1004 of the low-level console. Previously the uart(4) driver prevented
1005 any process from changing the baudrate or the CLOCAL and HUPCL
1006 control flags. By removing the restrictions, operators can make
1007 changes to the serial console port without having to reboot.
1008 However, when getty(8) is started on the serial device that is
1009 associated with the low-level console, a misconfigured terminal
1010 line in /etc/ttys will now have a real impact.
1011 Before upgrading the kernel, make sure that /etc/ttys has the
1012 serial console device configured as 3wire without baudrate to
1013 preserve the previous behaviour. E.g:
1014 ttyu0 "/usr/libexec/getty 3wire" vt100 on secure
1017 Support for libwrap (TCP wrappers) in rpcbind was disabled by default
1018 to improve performance. To re-enable it, if needed, run rpcbind
1019 with command line option -W.
1022 Switched back to the GPL dtc compiler due to updates in the upstream
1023 dts files not being supported by the BSDL dtc compiler. You will need
1024 to rebuild your kernel toolchain to pick up the new compiler. Core dumps
1025 may result while building dtb files during a kernel build if you fail
1026 to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler.
1029 Clang and llvm have been upgraded to 3.4 release.
1032 The nve(4) driver has been removed. Please use the nfe(4) driver
1033 for NVIDIA nForce MCP Ethernet adapters instead.
1036 An ABI incompatibility crept into the libc++ 3.4 import in r261283.
1037 This could cause certain C++ applications using shared libraries built
1038 against the previous version of libc++ to crash. The incompatibility
1039 has now been fixed, but any C++ applications or shared libraries built
1040 between r261283 and r261801 should be recompiled.
1043 OpenSSH will now ignore errors caused by kernel lacking of Capsicum
1044 capability mode support. Please note that enabling the feature in
1045 kernel is still highly recommended.
1048 OpenSSH is now built with sandbox support, and will use sandbox as
1049 the default privilege separation method. This requires Capsicum
1050 capability mode support in kernel.
1053 The libelf and libdwarf libraries have been updated to newer
1054 versions from upstream. Shared library version numbers for
1055 these two libraries were bumped. Any ports or binaries
1056 requiring these two libraries should be recompiled.
1057 __FreeBSD_version is bumped to 1100006.
1060 If a Makefile in a tests/ directory was auto-generating a Kyuafile
1061 instead of providing an explicit one, this would prevent such
1062 Makefile from providing its own Kyuafile in the future during
1063 NO_CLEAN builds. This has been fixed in the Makefiles but manual
1064 intervention is needed to clean an objdir if you use NO_CLEAN:
1065 # find /usr/obj -name Kyuafile | xargs rm -f
1068 The behavior of gss_pseudo_random() for the krb5 mechanism
1069 has changed, for applications requesting a longer random string
1070 than produced by the underlying enctype's pseudo-random() function.
1071 In particular, the random string produced from a session key of
1072 enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
1073 be different at the 17th octet and later, after this change.
1074 The counter used in the PRF+ construction is now encoded as a
1075 big-endian integer in accordance with RFC 4402.
1076 __FreeBSD_version is bumped to 1100004.
1079 The WITHOUT_ATF build knob has been removed and its functionality
1080 has been subsumed into the more generic WITHOUT_TESTS. If you were
1081 using the former to disable the build of the ATF libraries, you
1082 should change your settings to use the latter.
1085 The default version of mtree is nmtree which is obtained from
1086 NetBSD. The output is generally the same, but may vary
1087 slightly. If you found you need identical output adding
1088 "-F freebsd9" to the command line should do the trick. For the
1089 time being, the old mtree is available as fmtree.
1092 libbsdyml has been renamed to libyaml and moved to /usr/lib/private.
1093 This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg
1094 1.1.4_8 and verify bsdyml not linked in, before running "make
1096 # make -C /usr/ports/ports-mgmt/pkg build deinstall install clean
1098 # pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml
1101 The stable/10 branch has been created in subversion from head
1105 The rc.d/jail script has been updated to support jail(8)
1106 configuration file. The "jail_<jname>_*" rc.conf(5) variables
1107 for per-jail configuration are automatically converted to
1108 /var/run/jail.<jname>.conf before the jail(8) utility is invoked.
1109 This is transparently backward compatible. See below about some
1110 incompatibilities and rc.conf(5) manual page for more details.
1112 These variables are now deprecated in favor of jail(8) configuration
1113 file. One can use "rc.d/jail config <jname>" command to generate
1114 a jail(8) configuration file in /var/run/jail.<jname>.conf without
1115 running the jail(8) utility. The default pathname of the
1116 configuration file is /etc/jail.conf and can be specified by
1117 using $jail_conf or $jail_<jname>_conf variables.
1119 Please note that jail_devfs_ruleset accepts an integer at
1120 this moment. Please consider to rewrite the ruleset name
1124 BIND has been removed from the base system. If all you need
1125 is a local resolver, simply enable and start the local_unbound
1126 service instead. Otherwise, several versions of BIND are
1127 available in the ports tree. The dns/bind99 port is one example.
1129 With this change, nslookup(1) and dig(1) are no longer in the base
1130 system. Users should instead use host(1) and drill(1) which are
1131 in the base system. Alternatively, nslookup and dig can
1132 be obtained by installing the dns/bind-tools port.
1135 With the addition of unbound(8), a new unbound user is now
1136 required during installworld. "mergemaster -p" can be used to
1137 add the user prior to installworld, as documented in the handbook.
1140 OpenSSH is now built with DNSSEC support, and will by default
1141 silently trust signed SSHFP records. This can be controlled with
1142 the VerifyHostKeyDNS client configuration setting. DNSSEC support
1143 can be disabled entirely with the WITHOUT_LDNS option in src.conf.
1146 The GNU Compiler Collection and C++ standard library (libstdc++)
1147 are no longer built by default on platforms where clang is the system
1148 compiler. You can enable them with the WITH_GCC and WITH_GNUCXX
1149 options in src.conf.
1152 The PROCDESC kernel option is now part of the GENERIC kernel
1153 configuration and is required for the rwhod(8) to work.
1154 If you are using custom kernel configuration, you should include
1158 The API and ABI related to the Capsicum framework was modified
1159 in backward incompatible way. The userland libraries and programs
1160 have to be recompiled to work with the new kernel. This includes the
1161 following libraries and programs, but the whole buildworld is
1162 advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl,
1163 kdump, procstat, rwho, rwhod, uniq.
1166 AES-NI intrinsic support has been added to gcc. The AES-NI module
1167 has been updated to use this support. A new gcc is required to build
1168 the aesni module on both i386 and amd64.
1171 The PADLOCK_RNG and RDRAND_RNG kernel options are now devices.
1172 Thus "device padlock_rng" and "device rdrand_rng" should be
1173 used instead of "options PADLOCK_RNG" & "options RDRAND_RNG".
1176 WITH_ICONV has been split into two feature sets. WITH_ICONV now
1177 enables just the iconv* functionality and is now on by default.
1178 WITH_LIBICONV_COMPAT enables the libiconv api and link time
1179 compatibility. Set WITHOUT_ICONV to build the old way.
1180 If you have been using WITH_ICONV before, you will very likely
1181 need to turn on WITH_LIBICONV_COMPAT.
1184 INVARIANTS option now enables DEBUG for code with OpenSolaris and
1185 Illumos origin, including ZFS. If you have INVARIANTS in your
1186 kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG
1188 DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS)
1189 locks if WITNESS option was set. Because that generated a lot of
1190 witness(9) reports and all of them were believed to be false
1191 positives, this is no longer done. New option OPENSOLARIS_WITNESS
1192 can be used to achieve the previous behavior.
1195 Timer values in IPv6 data structures now use time_uptime instead
1196 of time_second. Although this is not a user-visible functional
1197 change, userland utilities which directly use them---ndp(8),
1198 rtadvd(8), and rtsold(8) in the base system---need to be updated
1199 to r253970 or later.
1202 find -delete can now delete the pathnames given as arguments,
1203 instead of only files found below them or if the pathname did
1204 not contain any slashes. Formerly, the following error message
1207 find: -delete: <path>: relative path potentially not safe
1209 Deleting the pathnames given as arguments can be prevented
1210 without error messages using -mindepth 1 or by changing
1211 directory and passing "." as argument to find. This works in the
1212 old as well as the new version of find.
1215 Behavior of devfs rules path matching has been changed.
1216 Pattern is now always matched against fully qualified devfs
1217 path and slash characters must be explicitly matched by
1218 slashes in pattern (FNM_PATHNAME). Rulesets involving devfs
1219 subdirectories must be reviewed.
1222 The default ARM ABI has changed to the ARM EABI. The old ABI is
1223 incompatible with the ARM EABI and all programs and modules will
1224 need to be rebuilt to work with a new kernel.
1226 To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set.
1228 NOTE: Support for the old ABI will be removed in the future and
1229 users are advised to upgrade.
1232 pkg_install has been disconnected from the build if you really need it
1233 you should add WITH_PKGTOOLS in your src.conf(5).
1236 Most of network statistics structures were changed to be able
1237 keep 64-bits counters. Thus all tools, that work with networking
1238 statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.)
1241 Fix a bug that allowed a tracing process (e.g. gdb) to write
1242 to a memory-mapped file in the traced process's address space
1243 even if neither the traced process nor the tracing process had
1244 write access to that file.
1247 CVS has been removed from the base system. An exact copy
1248 of the code is available from the devel/cvs port.
1251 Some people report the following error after the switch to bmake:
1253 make: illegal option -- J
1254 usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable]
1256 *** [buildworld] Error code 2
1258 this likely due to an old instance of make in
1259 ${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE})
1260 which src/Makefile will use that blindly, if it exists, so if
1261 you see the above error:
1263 rm -rf `make -V MAKEPATH`
1268 Use bmake by default.
1269 Whereas before one could choose to build with bmake via
1270 -DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old
1271 make. The goal is to remove these knobs for 10-RELEASE.
1273 It is worth noting that bmake (like gmake) treats the command
1274 line as the unit of failure, rather than statements within the
1275 command line. Thus '(cd some/where && dosomething)' is safer
1276 than 'cd some/where; dosomething'. The '()' allows consistent
1277 behavior in parallel build.
1280 Fix a bug that allows NFS clients to issue READDIR on files.
1283 The WITHOUT_IDEA option has been removed because
1284 the IDEA patent expired.
1287 The sysctl which controls TRIM support under ZFS has been renamed
1288 from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been
1292 The mergemaster command now uses the default MAKEOBJDIRPREFIX
1293 rather than creating it's own in the temporary directory in
1294 order allow access to bootstrapped versions of tools such as
1295 install and mtree. When upgrading from version of FreeBSD where
1296 the install command does not support -l, you will need to
1297 install a new mergemaster command if mergemaster -p is required.
1298 This can be accomplished with the command (cd src/usr.sbin/mergemaster
1302 Legacy ATA stack, disabled and replaced by new CAM-based one since
1303 FreeBSD 9.0, completely removed from the sources. Kernel modules
1304 atadisk and atapi*, user-level tools atacontrol and burncd are
1305 removed. Kernel option `options ATA_CAM` is now permanently enabled
1309 SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2)
1310 and socketpair(2). Software, in particular Kerberos, may
1311 automatically detect and use these during building. The resulting
1312 binaries will not work on older kernels.
1315 CTL_DISABLE has also been added to the sparc64 GENERIC (for further
1316 information, see the respective 20130304 entry).
1319 Recent commits to callout(9) changed the size of struct callout,
1320 so the KBI is probably heavily disturbed. Also, some functions
1321 in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced
1322 by macros. Every kernel module using it won't load, so rebuild
1325 The ctl device has been re-enabled in GENERIC for i386 and amd64,
1326 but does not initialize by default (because of the new CTL_DISABLE
1327 option) to save memory. To re-enable it, remove the CTL_DISABLE
1328 option from the kernel config file or set kern.cam.ctl.disable=0
1329 in /boot/loader.conf.
1332 The ctl device has been disabled in GENERIC for i386 and amd64.
1333 This was done due to the extra memory being allocated at system
1334 initialisation time by the ctl driver which was only used if
1335 a CAM target device was created. This makes a FreeBSD system
1336 unusable on 128MB or less of RAM.
1339 A new compression method (lz4) has been merged to -HEAD. Please
1340 refer to zpool-features(7) for more information.
1342 Please refer to the "ZFS notes" section of this file for information
1343 on upgrading boot ZFS pools.
1346 A BSD-licensed patch(1) variant has been added and is installed
1347 as bsdpatch, being the GNU version the default patch.
1348 To inverse the logic and use the BSD-licensed one as default,
1349 while having the GNU version installed as gnupatch, rebuild
1350 and install world with the WITH_BSD_PATCH knob set.
1353 Due to the use of the new -l option to install(1) during build
1354 and install, you must take care not to directly set the INSTALL
1355 make variable in your /etc/make.conf, /etc/src.conf, or on the
1356 command line. If you wish to use the -C flag for all installs
1357 you may be able to add INSTALL+=-C to /etc/make.conf or
1361 The install(1) option -M has changed meaning and now takes an
1362 argument that is a file or path to append logs to. In the
1363 unlikely event that -M was the last option on the command line
1364 and the command line contained at least two files and a target
1365 directory the first file will have logs appended to it. The -M
1366 option served little practical purpose in the last decade so its
1367 use is expected to be extremely rare.
1370 After switching to Clang as the default compiler some users of ZFS
1371 on i386 systems started to experience stack overflow kernel panics.
1372 Please consider using 'options KSTACK_PAGES=4' in such configurations.
1375 GEOM_LABEL now mangles label names read from file system metadata.
1376 Mangling affect labels containing spaces, non-printable characters,
1377 '%' or '"'. Device names in /etc/fstab and other places may need to
1381 By default, only the 10 most recent kernel dumps will be saved. To
1382 restore the previous behaviour (no limit on the number of kernel dumps
1383 stored in the dump directory) add the following line to /etc/rc.conf:
1388 With the addition of auditdistd(8), a new auditdistd user is now
1389 required during installworld. "mergemaster -p" can be used to
1390 add the user prior to installworld, as documented in the handbook.
1393 The sin6_scope_id member variable in struct sockaddr_in6 is now
1394 filled by the kernel before passing the structure to the userland via
1395 sysctl or routing socket. This means the KAME-specific embedded scope
1396 id in sin6_addr.s6_addr[2] is always cleared in userland application.
1397 This behavior can be controlled by net.inet6.ip6.deembed_scopeid.
1398 __FreeBSD_version is bumped to 1000025.
1401 On i386 and amd64 systems WITH_CLANG_IS_CC is now the default.
1402 This means that the world and kernel will be compiled with clang
1403 and that clang will be installed as /usr/bin/cc, /usr/bin/c++,
1404 and /usr/bin/cpp. To disable this behavior and revert to building
1405 with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions
1406 of current may need to bootstrap WITHOUT_CLANG first if the clang
1407 build fails (its compatibility window doesn't extend to the 9 stable
1411 The IPFIREWALL_FORWARD kernel option has been removed. Its
1412 functionality now turned on by default.
1415 The ZERO_COPY_SOCKET kernel option has been removed and
1416 split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP.
1417 NB: SOCKET_SEND_COW uses the VM page based copy-on-write
1418 mechanism which is not safe and may result in kernel crashes.
1419 NB: The SOCKET_RECV_PFLIP mechanism is useless as no current
1420 driver supports disposeable external page sized mbuf storage.
1421 Proper replacements for both zero-copy mechanisms are under
1422 consideration and will eventually lead to complete removal
1423 of the two kernel options.
1426 The IPv4 network stack has been converted to network byte
1427 order. The following modules need to be recompiled together
1428 with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4),
1429 pf(4), ipfw(4), ng_ipfw(4), stf(4).
1432 Support for non-MPSAFE filesystems was removed from VFS. The
1433 VFS_VERSION was bumped, all filesystem modules shall be
1437 All the non-MPSAFE filesystems have been disconnected from
1438 the build. The full list includes: codafs, hpfs, ntfs, nwfs,
1439 portalfs, smbfs, xfs.
1442 The interface cloning API and ABI has changed. The following
1443 modules need to be recompiled together with kernel:
1444 ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4),
1445 vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4),
1446 faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4).
1449 The sdhci driver was split in two parts: sdhci (generic SD Host
1450 Controller logic) and sdhci_pci (actual hardware driver).
1451 No kernel config modifications are required, but if you
1452 load sdhc as a module you must switch to sdhci_pci instead.
1455 Import the FUSE kernel and userland support into base system.
1458 The GNU sort(1) program has been removed since the BSD-licensed
1459 sort(1) has been the default for quite some time and no serious
1460 problems have been reported. The corresponding WITH_GNU_SORT
1464 The pfil(9) API/ABI for AF_INET family has been changed. Packet
1465 filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled
1469 The net80211(4) ABI has been changed to allow for improved driver
1470 PS-POLL and power-save support. All wireless drivers need to be
1471 recompiled to work with the new kernel.
1474 The random(4) support for the VIA hardware random number
1475 generator (`PADLOCK') is no longer enabled unconditionally.
1476 Add the padlock_rng device in the custom kernel config if
1477 needed. The GENERIC kernels on i386 and amd64 do include the
1478 device, so the change only affects the custom kernel
1482 The pf(4) packet filter ABI has been changed. pfctl(8) and
1483 snmp_pf module need to be recompiled to work with new kernel.
1486 A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
1487 to -HEAD. Pools that have empty_bpobj in active state can not be
1488 imported read-write with ZFS implementations that do not support
1489 this feature. For more information read the zpool-features(5)
1493 The sparc64 ZFS loader has been changed to no longer try to auto-
1494 detect ZFS providers based on diskN aliases but now requires these
1495 to be explicitly listed in the OFW boot-device environment variable.
1498 The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring
1499 libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are
1500 configuration changes. Make sure to merge /etc/ssl/openssl.cnf.
1503 The following sysctls and tunables have been renamed for consistency
1504 with other variables:
1505 kern.cam.da.da_send_ordered -> kern.cam.da.send_ordered
1506 kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered
1509 The sort utility has been replaced with BSD sort. For now, GNU sort
1510 is also available as "gnusort" or the default can be set back to
1511 GNU sort by setting WITH_GNU_SORT. In this case, BSD sort will be
1512 installed as "bsdsort".
1515 A new version of ZFS (pool version 5000) has been merged to -HEAD.
1516 Starting with this version the old system of ZFS pool versioning
1517 is superseded by "feature flags". This concept enables forward
1518 compatibility against certain future changes in functionality of ZFS
1519 pools. The first read-only compatible "feature flag" for ZFS pools
1520 is named "com.delphix:async_destroy". For more information
1521 read the new zpool-features(5) manual page.
1522 Please refer to the "ZFS notes" section of this file for information
1523 on upgrading boot ZFS pools.
1526 The malloc(3) implementation embedded in libc now uses sources imported
1527 as contrib/jemalloc. The most disruptive API change is to
1528 /etc/malloc.conf. If your system has an old-style /etc/malloc.conf,
1529 delete it prior to installworld, and optionally re-create it using the
1530 new format after rebooting. See malloc.conf(5) for details
1531 (specifically the TUNING section and the "opt.*" entries in the MALLCTL
1535 Big-endian MIPS TARGET_ARCH values no longer end in "eb". mips64eb
1536 is now spelled mips64. mipsn32eb is now spelled mipsn32. mipseb is
1537 now spelled mips. This is to aid compatibility with third-party
1538 software that expects this naming scheme in uname(3). Little-endian
1539 settings are unchanged. If you are updating a big-endian mips64 machine
1540 from before this change, you may need to set MACHINE_ARCH=mips64 in
1541 your environment before the new build system will recognize your machine.
1544 Disable by default the option VFS_ALLOW_NONMPSAFE for all supported
1548 Now unix domain sockets behave "as expected" on nullfs(5). Previously
1549 nullfs(5) did not pass through all behaviours to the underlying layer,
1550 as a result if we bound to a socket on the lower layer we could connect
1551 only to the lower path; if we bound to the upper layer we could connect
1552 only to the upper path. The new behavior is one can connect to both the
1553 lower and the upper paths regardless what layer path one binds to.
1556 The getifaddrs upgrade path broken with 20111215 has been restored.
1557 If you have upgraded in between 20111215 and 20120209 you need to
1558 recompile libc again with your kernel. You still need to recompile
1559 world to be able to configure CARP but this restriction already
1560 comes from 20111215.
1563 The set_rcvar() function has been removed from /etc/rc.subr. All
1564 base and ports rc.d scripts have been updated, so if you have a
1565 port installed with a script in /usr/local/etc/rc.d you can either
1566 hand-edit the rcvar= line, or reinstall the port.
1568 An easy way to handle the mass-update of /etc/rc.d:
1569 rm /etc/rc.d/* && mergemaster -i
1572 panic(9) now stops other CPUs in the SMP systems, disables interrupts
1573 on the current CPU and prevents other threads from running.
1574 This behavior can be reverted using the kern.stop_scheduler_on_panic
1576 The new behavior can be incompatible with kern.sync_on_panic.
1579 The carp(4) facility has been changed significantly. Configuration
1580 of the CARP protocol via ifconfig(8) has changed, as well as format
1581 of CARP events submitted to devd(8) has changed. See manual pages
1582 for more information. The arpbalance feature of carp(4) is currently
1583 not supported anymore.
1585 Size of struct in_aliasreq, struct in6_aliasreq has changed. User
1586 utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8),
1587 need to be recompiled.
1590 The acpi_wmi(4) status device /dev/wmistat has been renamed to
1594 The option VFS_ALLOW_NONMPSAFE option has been added in order to
1595 explicitely support non-MPSAFE filesystems.
1596 It is on by default for all supported platform at this present
1600 The broken amd(4) driver has been replaced with esp(4) in the amd64,
1601 i386 and pc98 GENERIC kernel configuration files.
1604 sysinstall has been removed
1607 The stable/9 branch created in subversion. This corresponds to the
1608 RELENG_9 branch in CVS.
1614 Avoid using make -j when upgrading. While generally safe, there are
1615 sometimes problems using -j to upgrade. If your upgrade fails with
1616 -j, please try again without -j. From time to time in the past there
1617 have been problems using -j with buildworld and/or installworld. This
1618 is especially true when upgrading between "distant" versions (eg one
1619 that cross a major release boundary or several minor releases, or when
1620 several months have passed on the -current branch).
1622 Sometimes, obscure build problems are the result of environment
1623 poisoning. This can happen because the make utility reads its
1624 environment when searching for values for global variables. To run
1625 your build attempts in an "environmental clean room", prefix all make
1626 commands with 'env -i '. See the env(1) manual page for more details.
1628 When upgrading from one major version to another it is generally best
1629 to upgrade to the latest code in the currently installed branch first,
1630 then do an upgrade to the new branch. This is the best-tested upgrade
1631 path, and has the highest probability of being successful. Please try
1632 this approach before reporting problems with a major version upgrade.
1634 When upgrading a live system, having a root shell around before
1635 installing anything can help undo problems. Not having a root shell
1636 around can lead to problems if pam has changed too much from your
1637 starting point to allow continued authentication after the upgrade.
1639 This file should be read as a log of events. When a later event changes
1640 information of a prior event, the prior event should not be deleted.
1641 Instead, a pointer to the entry with the new information should be
1642 placed in the old entry. Readers of this file should also sanity check
1643 older entries before relying on them blindly. Authors of new entries
1644 should write them with this in mind.
1648 When upgrading the boot ZFS pool to a new version, always follow
1651 1.) recompile and reinstall the ZFS boot loader and boot block
1652 (this is part of "make buildworld" and "make installworld")
1654 2.) update the ZFS boot block on your boot drive
1656 The following example updates the ZFS boot block on the first
1657 partition (freebsd-boot) of a GPT partitioned drive ada0:
1658 "gpart bootcode -p /boot/gptzfsboot -i 1 ada0"
1660 Non-boot pools do not need these updates.
1664 If you are updating from a prior version of FreeBSD (even one just
1665 a few days old), you should follow this procedure. It is the most
1666 failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,
1668 make kernel-toolchain
1669 make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
1670 make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
1672 To test a kernel once
1673 ---------------------
1674 If you just want to boot a kernel once (because you are not sure
1675 if it works, or if you want to boot a known bad kernel to provide
1676 debugging information) run
1677 make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
1678 nextboot -k testkernel
1680 To just build a kernel when you know that it won't mess you up
1681 --------------------------------------------------------------
1682 This assumes you are already running a CURRENT system. Replace
1683 ${arch} with the architecture of your machine (e.g. "i386",
1684 "arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc).
1686 cd src/sys/${arch}/conf
1687 config KERNEL_NAME_HERE
1688 cd ../compile/KERNEL_NAME_HERE
1693 If this fails, go to the "To build a kernel" section.
1695 To rebuild everything and install it on the current system.
1696 -----------------------------------------------------------
1697 # Note: sometimes if you are running current you gotta do more than
1698 # is listed here if you are upgrading from a really old current.
1700 <make sure you have good level 0 dumps>
1702 make kernel KERNCONF=YOUR_KERNEL_HERE
1704 <reboot in single user> [3]
1711 To cross-install current onto a separate partition
1712 --------------------------------------------------
1713 # In this approach we use a separate partition to hold
1714 # current's root, 'usr', and 'var' directories. A partition
1715 # holding "/", "/usr" and "/var" should be about 2GB in
1718 <make sure you have good level 0 dumps>
1721 make buildkernel KERNCONF=YOUR_KERNEL_HERE
1722 <maybe newfs current's root partition>
1723 <mount current's root partition on directory ${CURRENT_ROOT}>
1724 make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC
1725 make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
1726 make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
1727 cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd
1728 <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
1729 <reboot into current>
1730 <do a "native" rebuild/install as described in the previous section>
1731 <maybe install compatibility libraries from ports/misc/compat*>
1735 To upgrade in-place from stable to current
1736 ----------------------------------------------
1737 <make sure you have good level 0 dumps>
1739 make kernel KERNCONF=YOUR_KERNEL_HERE [8]
1741 <reboot in single user> [3]
1748 Make sure that you've read the UPDATING file to understand the
1749 tweaks to various things you need. At this point in the life
1750 cycle of current, things change often and you are on your own
1751 to cope. The defaults can also change, so please read ALL of
1752 the UPDATING entries.
1754 Also, if you are tracking -current, you must be subscribed to
1755 freebsd-current@freebsd.org. Make sure that before you update
1756 your sources that you have read and understood all the recent
1757 messages there. If in doubt, please track -stable which has
1758 much fewer pitfalls.
1760 [1] If you have third party modules, such as vmware, you
1761 should disable them at this point so they don't crash your
1764 [3] From the bootblocks, boot -s, and then do
1769 adjkerntz -i # if CMOS is wall time
1770 Also, when doing a major release upgrade, it is required that
1771 you boot into single user mode to do the installworld.
1773 [4] Note: This step is non-optional. Failure to do this step
1774 can result in a significant reduction in the functionality of the
1775 system. Attempting to do it by hand is not recommended and those
1776 that pursue this avenue should read this file carefully, as well
1777 as the archives of freebsd-current and freebsd-hackers mailing lists
1778 for potential gotchas. The -U option is also useful to consider.
1779 See mergemaster(8) for more information.
1781 [5] Usually this step is a noop. However, from time to time
1782 you may need to do this if you get unknown user in the following
1783 step. It never hurts to do it all the time. You may need to
1784 install a new mergemaster (cd src/usr.sbin/mergemaster && make
1785 install) after the buildworld before this step if you last updated
1786 from current before 20130425 or from -stable before 20130430.
1788 [6] This only deletes old files and directories. Old libraries
1789 can be deleted by "make delete-old-libs", but you have to make
1790 sure that no program is using those libraries anymore.
1792 [8] The new kernel must be able to run existing binaries used by
1793 an installworld. When upgrading across major versions, the new
1794 kernel's configuration must include the correct COMPAT_FREEBSD<n>
1795 option for existing binaries (e.g. COMPAT_FREEBSD11 to run 11.x
1796 binaries). Failure to do so may leave you with a system that is
1797 hard to boot to recover. A GENERIC kernel will include suitable
1798 compatibility options to run binaries from older branches.
1800 Make sure that you merge any new devices from GENERIC since the
1801 last time you updated your kernel config file.
1803 [9] When checking out sources, you must include the -P flag to have
1804 cvs prune empty directories.
1806 If CPUTYPE is defined in your /etc/make.conf, make sure to use the
1807 "?=" instead of the "=" assignment operator, so that buildworld can
1808 override the CPUTYPE if it needs to.
1810 MAKEOBJDIRPREFIX must be defined in an environment variable, and
1811 not on the command line, or in /etc/make.conf. buildworld will
1812 warn if it is improperly defined.
1815 This file contains a list, in reverse chronological order, of major
1816 breakages in tracking -current. It is not guaranteed to be a complete
1817 list of such breakages, and only contains entries since September 23, 2011.
1818 If you need to see UPDATING entries from before that date, you will need
1819 to fetch an UPDATING file from an older FreeBSD release.
1821 Copyright information:
1823 Copyright 1998-2009 M. Warner Losh. All Rights Reserved.
1825 Redistribution, publication, translation and use, with or without
1826 modification, in full or in part, in any form or format of this
1827 document are permitted without further permission from the author.
1829 THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
1830 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
1831 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1832 DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
1833 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1834 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1835 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1836 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1837 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
1838 IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1839 POSSIBILITY OF SUCH DAMAGE.
1841 Contact Warner Losh if you have any questions about your use of