1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
11 <title>&os; &release.current; Release Notes</title>
13 <corpauthor>The &os; Project</corpauthor>
15 <pubdate>$FreeBSD$</pubdate>
28 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
31 <legalnotice id="trademarks" role="trademarks">
41 <para>The release notes for &os; &release.current; contain a summary
42 of the changes made to the &os; base system on the
43 &release.branch; development line.
44 This document lists applicable security advisories that were issued since
45 the last release, as well as significant changes to the &os;
47 Some brief remarks on upgrading are also presented.</para>
52 <title>Introduction</title>
54 <para>This document contains the release notes for &os;
56 describes recently added, changed, or deleted features of &os;.
57 It also provides some notes on upgrading
58 from previous versions of &os;.</para>
60 <![ %release.type.current [
62 <para>The &release.type; distribution to which these release notes
63 apply represents the latest point along the &release.branch; development
64 branch since &release.branch; was created. Information regarding pre-built, binary
65 &release.type; distributions along this branch
66 can be found at <ulink url="&release.url;"></ulink>.</para>
70 <![ %release.type.snapshot [
72 <para>The &release.type; distribution to which these release notes
73 apply represents a point along the &release.branch; development
74 branch between &release.prev; and the future &release.next;.
76 pre-built, binary &release.type; distributions along this branch
77 can be found at <ulink url="&release.url;"></ulink>.</para>
81 <![ %release.type.release [
83 <para>This distribution of &os; &release.current; is a
84 &release.type; distribution. It can be found at <ulink
85 url="&release.url;"></ulink> or any of its mirrors. More
86 information on obtaining this (or other) &release.type;
87 distributions of &os; can be found in the <ulink
88 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
89 &os;</quote> appendix</ulink> to the <ulink
90 url="&url.books.handbook;/">&os; Handbook</ulink>.</para>
94 <para>All users are encouraged to consult the release errata before
95 installing &os;. The errata document is updated with
96 <quote>late-breaking</quote> information discovered late in the
97 release cycle or after the release. Typically, it contains
98 information on known bugs, security advisories, and corrections to
99 documentation. An up-to-date copy of the errata for &os;
100 &release.current; can be found on the &os; Web site.</para>
104 <title>What's New</title>
106 <para>This section describes the most user-visible new or changed
107 features in &os; since &release.prev;.</para>
109 <para>Typical release note items document recent security
110 advisories issued after &release.prev;, new drivers or hardware
111 support, new commands or options, major bug fixes, or
112 contributed software upgrades. They may also list changes to
113 major ports/packages or release engineering practices. Clearly
114 the release notes cannot list every single change made to &os;
115 between releases; this document focuses primarily on security
116 advisories, user-visible changes, and major architectural
119 <sect2 id="security">
120 <title>Security Advisories</title>
122 <para>Problems described in the following security advisories have
123 been fixed. For more information, consult the individual
124 advisories available from
125 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
127 <informaltable frame="none" pgwide="0">
129 <colspec colwidth="1*">
130 <colspec colwidth="1*">
131 <colspec colwidth="3*">
134 <entry>Advisory</entry>
142 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc"
143 >SA-09:01.lukemftpd</ulink></entry>
144 <entry>07 January 2009</entry>
145 <entry><para>Cross-site request forgery in
146 &man.lukemftpd.8;</para></entry>
150 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc"
151 >SA-09:02.openssl</ulink></entry>
152 <entry>07 January 2009</entry>
153 <entry><para>OpenSSL incorrectly checks for malformed
154 signatures</para></entry>
158 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc"
159 >SA-09:03.ntpd</ulink></entry>
160 <entry>13 January 2009</entry>
161 <entry><para>ntpd cryptographic signature
162 bypass</para></entry>
166 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc"
167 >SA-09:04.bind</ulink></entry>
168 <entry>13 January 2009</entry>
169 <entry><para>BIND DNSSEC incorrect checks for
170 malformed signatures</para></entry>
174 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
175 >SA-09:05.telnetd</ulink></entry>
176 <entry>16 February 2009</entry>
177 <entry><para>telnetd code execution
178 vulnerability</para></entry>
182 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc"
183 >SA-09:06.ktimer</ulink></entry>
184 <entry>23 March 2009</entry>
185 <entry><para>Local privilege escalation</para></entry>
189 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
190 >SA-09:07.libc</ulink></entry>
191 <entry>04 April 2009</entry>
192 <entry><para>Information leak in &man.db.3;</para></entry>
196 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc"
197 >SA-09:08.openssl</ulink></entry>
198 <entry>22 April 2009</entry>
199 <entry><para>Remotely exploitable crash in
200 OpenSSL</para></entry>
208 <title>Kernel Changes</title>
210 <para>&os; DTrace subsystem now supports a probes for process execution.</para>
213 <title>Boot Loader Changes</title>
219 <title>Hardware Support</title>
224 <title>Multimedia Support</title>
226 <para>The &man.agp.4; now supports Intel G4X series graphics
229 <para>The DRM, a kernel module named Direct Rendering
230 Manager that gives direct hardware access to DRI clients,
231 has been updated. Support for AMD/ATI r500 and IGP based
232 chips, XGI V3XE/V5/V8, and Intel i915 chipsets has been
235 <para>The &man.snd.hda.4; driver has been updated. Changes
236 include: multiple codec per HDA bus, multiple functional
237 gropups per codec, multiple audio devices per functional
238 group, digital (SPDIF/HDMI) audio input/output,
239 suspend/resume, and part of multichannel audio.</para>
241 <para>Note that due to added HDMI audio and logical audio
242 devices support, updated driver often provides several PCM
243 devices. In some cases it can make system default audio
244 device no longer corresponding to the users's habbitual
245 audio connectors. In such cases the default device can be
246 specified in audio application setup or defined globally
247 via <varname>hw.snd.default_unit sysctl</varname>
248 as described in the &man.sound.4; manual page.</para>
252 <title>Network Interface Support</title>
259 <sect3 id="net-proto">
260 <title>Network Protocols</title>
262 <para>The &man.jail.8; subsystem now supports start with a
263 specific route FIB.</para>
265 <para>The &man.ng.netflow.4; Netgraph node now supports
266 ability to generate egress netflow instead or in addition to
267 ingress. A <literal>NGM_NETFLOW_SETCONFIG</literal> control
268 message has been added to control the new functionality.</para>
272 <title>Disks and Storage</title>
274 <para>The &man.mmc.4; and &man.mmcsd.4; driver now support MMC
275 and SDHC cards, high speed timing, wide bus, and multiblock
278 <para>The &man.sdhci.4; driver has been added. This supports
279 PCI devices with class 8 and subclass 5 accord- ing to SD Host
280 Controller Specification.</para>
282 <para>The &man.mmc.4; &man.mmcsd.4;, and &man.sdhci.4; driver
283 are now included as a kernel module.</para>
287 <title>File Systems</title>
293 <sect2 id="userland">
294 <title>Userland Changes</title>
296 <para>The &man.fetch.1; utility now supports an
297 <option>-i</option> flag which supports If-Modified-Since HTTP
300 <para>The &man.fsck.8; utility now supports a
301 <option>-C</option> flag for catastriphic recovery mode, which
302 will enable certain aggressive operations that can make
303 &man.fsck.8; to survive with file systems that has very
304 serious data damage, which is an useful last resort when on
305 disk data damage is very serious and causes &man.fsck.8; to
306 crash otherwise.</para>
308 <para>A bug in the &man.ipfw.8; utility which displays extra
309 messages for a NAT rule even when a <option>-q</option> flag
312 <para>The &man.powerd.8; program has been improved. Changes
313 include reasonable CPU load estimation on SMP systems and a
314 new mode named as <literal>hiadaptive</literal> for AC-powered
315 systems which rises frequency twice faster, drops it 4 times
316 slower, prefers twice lower CPU load and has additional delay
317 before leaving the highest frequency after the period of
320 <para>The &man.strndup.3; function has been added.</para>
322 <para>A bug in the &man.rpc.yppasswdd.8; program which leaves a
323 zombie process when a password or default shell is changed has
326 <sect3 id="rc-scripts">
327 <title><filename>/etc/rc.d</filename> Scripts</title>
334 <title>Contributed Software</title>
336 <para><application>ISC BIND</application> has been updated to
337 version 9.4.3-P2.</para>
339 <para>The timezone database has been updated from
340 the <application>tzdata2008h</application> release to
341 the <application>tzdata2009f</application> release.</para>
345 <title>Ports/Packages Collection Infrastructure</title>
347 <para>A bug in the &man.pkg.create.1; which prevents the
348 <option>-n</option> flag from working has been fixed.</para>
352 <title>Release Engineering and Integration</title>
354 <para>The supported version of
355 the <application>GNOME</application> desktop environment
356 (<filename role="package">x11/gnome2</filename>) has been
357 updated from 2.22 to 2.26.</para>
359 <para>The supported version of
360 the <application>KDE</application> desktop environment has
361 been updated from 3.5.10 (<filename
362 role="package">x11/kde3</filename>) to 4.2.2 (<filename
363 role="package">x11/kde4</filename>).</para>
367 <title>Documentation</title>
374 <title>Upgrading from previous releases of &os;</title>
376 <para arch="amd64,i386">Beginning with &os; 6.2-RELEASE, binary
377 upgrades between RELEASE versions (and snapshots of the various
378 security branches) are supported using the
379 &man.freebsd-update.8; utility. The binary upgrade procedure
380 will update unmodified userland utilities, as well as unmodified
381 GENERIC or SMP kernels distributed as a part of an official &os;
382 release. The &man.freebsd-update.8; utility requires that the
383 host being upgraded have Internet connectivity.</para>
385 <para>An older form of binary upgrade is supported through the
386 <command>Upgrade</command> option from the main
387 &man.sysinstall.8; menu on CDROM distribution media. This type
388 of binary upgrade may be useful on non-&arch.i386;,
389 non-&arch.amd64; machines or on systems with no Internet
392 <para>Source-based upgrades (those based on recompiling the &os;
393 base system from source code) from previous versions are
394 supported, according to the instructions in
395 <filename>/usr/src/UPDATING</filename>.</para>
398 <para>Upgrading &os; should, of course, only be attempted after
399 backing up <emphasis>all</emphasis> data and configuration