release/doc/en_US.ISO8859-1/relnotes/article.sgml

   1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
   2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
   3 %articles.ent;
   4
   5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
   6 %release;
   7 ]>
   8
   9 <article>
  10   <articleinfo>
  11     <title>&os; &release.current; Release Notes</title>
  12
  13     <corpauthor>The &os; Project</corpauthor>
  14
  15     <pubdate>$FreeBSD$</pubdate>
  16
  17     <copyright>
  18       <year>2000</year>
  19       <year>2001</year>
  20       <year>2002</year>
  21       <year>2003</year>
  22       <year>2004</year>
  23       <year>2005</year>
  24       <year>2006</year>
  25       <year>2007</year>
  26       <year>2008</year>
  27       <year>2009</year>
  28       <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
  29     </copyright>
  30
  31     <legalnotice id="trademarks" role="trademarks">
  32       &tm-attrib.freebsd;
  33       &tm-attrib.ibm;
  34       &tm-attrib.ieee;
  35       &tm-attrib.intel;
  36       &tm-attrib.microsoft;
  37       &tm-attrib.sparc;
  38       &tm-attrib.general;
  39     </legalnotice>
  40
  41     <abstract>
  42       <para>The release notes for &os; &release.current; contain a summary
  43         of the changes made to the &os; base system on the
  44         &release.branch; development line.
  45         This document lists applicable security advisories that were issued since
  46         the last release, as well as significant changes to the &os;
  47         kernel and userland.
  48         Some brief remarks on upgrading are also presented.</para>
  49     </abstract>
  50   </articleinfo>
  51
  52   <sect1 id="intro">
  53     <title>Introduction</title>
  54
  55     <para>This document contains the release notes for &os;
  56       &release.current;.  It
  57       describes recently added, changed, or deleted features of &os;.
  58       It also provides some notes on upgrading
  59       from previous versions of &os;.</para>
  60
  61 <![ %release.type.current [
  62
  63     <para>The &release.type; distribution to which these release notes
  64       apply represents the latest point along the &release.branch; development
  65       branch since &release.branch; was created.  Information regarding pre-built, binary
  66       &release.type; distributions along this branch
  67       can be found at <ulink url="&release.url;"></ulink>.</para>
  68
  69 ]]>
  70
  71 <![ %release.type.snapshot [
  72
  73     <para>The &release.type; distribution to which these release notes
  74       apply represents a point along the &release.branch; development
  75       branch between &release.prev; and the future &release.next;.
  76       Information regarding
  77       pre-built, binary &release.type; distributions along this branch
  78       can be found at <ulink url="&release.url;"></ulink>.</para>
  79
  80 ]]>
  81
  82 <![ %release.type.release [
  83
  84     <para>This distribution of &os; &release.current; is a
  85       &release.type; distribution.  It can be found at <ulink
  86       url="&release.url;"></ulink> or any of its mirrors.  More
  87       information on obtaining this (or other) &release.type;
  88       distributions of &os; can be found in the <ulink
  89       url="&url.books.handbook;/mirrors.html"><quote>Obtaining
  90       &os;</quote> appendix</ulink> to the <ulink
  91       url="&url.books.handbook;/">&os; Handbook</ulink>.</para>
  92
  93 ]]>
  94
  95     <para>All users are encouraged to consult the release errata before
  96       installing &os;.  The errata document is updated with
  97       <quote>late-breaking</quote> information discovered late in the
  98       release cycle or after the release.  Typically, it contains
  99       information on known bugs, security advisories, and corrections to
 100       documentation.  An up-to-date copy of the errata for &os;
 101       &release.current; can be found on the &os; Web site.</para>
 102   </sect1>
 103
 104   <sect1 id="new">
 105     <title>What's New</title>
 106
 107     <para>This section describes the most user-visible new or changed
 108       features in &os; since &release.prev;.</para>
 109
 110     <para>Typical release note items document recent security
 111       advisories issued after &release.prev;, new drivers or hardware
 112       support, new commands or options, major bug fixes, or
 113       contributed software upgrades.  They may also list changes to
 114       major ports/packages or release engineering practices.  Clearly
 115       the release notes cannot list every single change made to &os;
 116       between releases; this document focuses primarily on security
 117       advisories, user-visible changes, and major architectural
 118       improvements.</para>
 119
 120     <sect2 id="security">
 121       <title>Security Advisories</title>
 122
 123       <para>Problems described in the following security advisories have
 124         been fixed.  For more information, consult the individual
 125         advisories available from
 126         <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
 127
 128       <informaltable frame="none" pgwide="0">
 129         <tgroup cols="3">
 130           <colspec colwidth="1*">
 131           <colspec colwidth="1*">
 132           <colspec colwidth="3*">
 133             <thead>
 134               <row>
 135                 <entry>Advisory</entry>
 136                 <entry>Date</entry>
 137                 <entry>Topic</entry>
 138               </row>
 139             </thead>
 140
 141             <tbody>
 142               <row>
 143                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc"
 144                               >SA-09:01.lukemftpd</ulink></entry>
 145                 <entry>07&nbsp;January&nbsp;2009</entry>
 146                 <entry><para>Cross-site request forgery in
 147                   &man.lukemftpd.8;</para></entry>
 148               </row>
 149
 150               <row>
 151                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc"
 152                               >SA-09:02.openssl</ulink></entry>
 153                 <entry>07&nbsp;January&nbsp;2009</entry>
 154                 <entry><para>OpenSSL incorrectly checks for malformed
 155                   signatures</para></entry>
 156               </row>
 157
 158               <row>
 159                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc"
 160                               >SA-09:03.ntpd</ulink></entry>
 161                 <entry>13&nbsp;January&nbsp;2009</entry>
 162                 <entry><para>ntpd cryptographic signature
 163                   bypass</para></entry>
 164               </row>
 165
 166               <row>
 167                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc"
 168                               >SA-09:04.bind</ulink></entry>
 169                 <entry>13&nbsp;January&nbsp;2009</entry>
 170                 <entry><para>BIND DNSSEC incorrect checks for
 171                   malformed signatures</para></entry>
 172               </row>
 173
 174               <row>
 175                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
 176                               >SA-09:05.telnetd</ulink></entry>
 177                 <entry>16&nbsp;February&nbsp;2009</entry>
 178                 <entry><para>telnetd code execution
 179                   vulnerability</para></entry>
 180               </row>
 181
 182               <row>
 183                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc"
 184                               >SA-09:06.ktimer</ulink></entry>
 185                 <entry>23&nbsp;March&nbsp;2009</entry>
 186                 <entry><para>Local privilege escalation</para></entry>
 187               </row>
 188
 189               <row>
 190                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
 191                               >SA-09:07.libc</ulink></entry>
 192                 <entry>04&nbsp;April&nbsp;2009</entry>
 193                 <entry><para>Information leak in &man.db.3;</para></entry>
 194               </row>
 195
 196               <row>
 197                 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc"
 198                               >SA-09:08.openssl</ulink></entry>
 199                 <entry>22&nbsp;April&nbsp;2009</entry>
 200                 <entry><para>Remotely exploitable crash in
 201                   OpenSSL</para></entry>
 202               </row>
 203             </tbody>
 204         </tgroup>
 205       </informaltable>
 206     </sect2>
 207
 208     <sect2 id="kernel">
 209       <title>Kernel Changes</title>
 210
 211       <para>The &os; DTrace subsystem now supports a probe for
 212         process execution.</para>
 213
 214       <para arch="amd64">The &os; kernel virtual address space has
 215         been increased to 6GB and the ceiling on the kmem map size
 216         to 3.6GB.  Note that the ceiling as a fraction of the kernel
 217         map size rather than an absolute quantity.</para>
 218
 219       <para>The &man.kld.4; now supports installing 32-bit system
 220         call to the &os; system call translation layer from kernel
 221         modules.</para>
 222
 223       <para>The &os; 32-bit system call translation layer now
 224         supports installing 32-bit system calls for
 225         <literal>VFS_AIO</literal>.</para>
 226
 227       <para>The &man.ktr.4; now supports a new KTR tracepoint in the
 228         <literal>KTR_CALLOUT</literal> class to note when a callout
 229         routine finishes executing.</para>
 230
 231       <sect3 id="boot">
 232         <title>Boot Loader Changes</title>
 233
 234         <para>The &man.boot.8; now supports 4-byte volume ID that
 235           certain versions of &windows; put into the MBR and invoking
 236           PXE by pressing F6 key on some supported BIOSes.</para>
 237
 238         <para>The &man.loader.8; is now able to obtain DHCP options
 239           via &man.kenv.2; variables in the case of network boot.</para>
 240
 241         <para>A bug in the &man.loader.8; has been fixed.  Now the
 242           following line works as expected:</para>
 243
 244         <programlisting>loader_conf_files="<replaceable>foo</replaceable> <replaceable>bar</replaceable> ${<replaceable>variable</replaceable>}"</programlisting>
 245       </sect3>
 246
 247       <sect3 id="proc">
 248         <title>Hardware Support</title>
 249
 250         <para>The &man.acpi.4; subsystem now supports a &man.sysctl.8;
 251           variable <varname>debug.batt.batt_sleep_ms</varname>.  On
 252           some laptops with smart batteries, enabling battery
 253           monitoring software causes keystrokes from &man.atkbd.4; to
 254           be lost.  This sysctl variable adds a delay in millisecond
 255           to the status checking code as a workaround.</para>
 256
 257         <para>The &man.cpuctl.4; driver, which provides a special
 258           device <filename>/dev/cpuctl</filename> as an interface to
 259           the system CPU and functionality to retrieve CPUID
 260           information, read/write machine specific registers (MSR) and
 261           perform CPU firmware updates.</para>
 262
 263         <para>The &man.cpufreq.4; driver now supports a
 264           <varname>hw.est.msr_info</varname> loader tunable.  When
 265           this set to <literal>1</literal>, it attempts to build a
 266           simple list containing just the high and low frequencies if
 267           it cannot obtain a frequency list from either ACPI or the
 268           static tables.  This is disabled by default.</para>
 269
 270         <para arch="amd64,i386">CPU frequency change notifiers are now
 271           disabled when the TSC is P-state invariant.  Also, a new
 272           loader tunable
 273           <varname>kern.timecounter.invariant_tsc</varname> has been
 274           added to force this behavior by setting it to
 275           non-zero.</para>
 276
 277         <sect4 id="mm">
 278           <title>Multimedia Support</title>
 279
 280           <para>The &man.agp.4; now supports Intel G4X series graphics
 281             chipsets.</para>
 282
 283           <para>The DRM, a kernel module named Direct Rendering
 284             Manager that gives direct hardware access to DRI clients,
 285             has been updated.  Support for AMD/ATI r500 and IGP based
 286             chips, XGI V3XE/V5/V8, and Intel i915 chipsets has been
 287             improved.</para>
 288
 289           <para>The snd_au88x0(4) driver for Aureal Vortex
 290             1/2/Advantage PCI has been removed because this was
 291             broken for a long time.</para>
 292
 293           <para>The &man.snd.hda.4; driver has been updated.  Changes
 294             include: multiple codec per HDA bus, multiple functional
 295             groups per codec, multiple audio devices per functional
 296             group, digital (SPDIF/HDMI) audio input/output,
 297             suspend/resume, and part of multichannel audio.</para>
 298
 299           <para>Note that due to added HDMI audio and logical audio
 300             devices support, updated driver often provides several PCM
 301             devices.  In some cases it can make system default audio
 302             device no longer corresponding to the users's habitual
 303             audio connectors.  In such cases the default device can be
 304             specified in audio application setup or defined globally
 305             via <varname>hw.snd.default_unit sysctl</varname>
 306             as described in the &man.sound.4; manual page.</para>
 307         </sect4>
 308
 309         <sect4 id="net-if">
 310           <title>Network Interface Support</title>
 311
 312           <para>The ciphy(4) driver now supports Vitesse VSC8211
 313             PHY.</para>
 314
 315           <para>A bug in &man.igb.4; driver which prevents a tunable
 316             <varname>hw.igb.ave_latency</varname> from working has
 317             been fixed.</para>
 318
 319           <para>The &man.jme.4; driver now supports newer JMicron
 320             JMC250/JMC260 revisions.</para>
 321
 322           <para>The &man.rl.4; driver has been improved.  A bug which
 323             prevents it from working on systems with more than 4GB
 324             memory has been fixed.</para>
 325         </sect4>
 326       </sect3>
 327
 328       <sect3 id="net-proto">
 329         <title>Network Protocols</title>
 330
 331         <para>The &man.jail.8; subsystem now supports start with a
 332           specific route FIB.</para>
 333
 334         <para>The &man.ng.netflow.4; Netgraph node now supports
 335           ability to generate egress netflow instead or in addition to
 336           ingress.  A <literal>NGM_NETFLOW_SETCONFIG</literal> control
 337           message has been added to control the new functionality.</para>
 338       </sect3>
 339
 340       <sect3 id="disks">
 341         <title>Disks and Storage</title>
 342
 343         <para>The &man.ata.4; driver now supports Marvell PATA M88SX6121.</para>
 344
 345         <para>An issue in the &man.gvinum.8; with access permissions
 346           to underlying disks used by a gvinum plex has been fixed.
 347           If the plex is a raid5 plex and is being written to, parity data might
 348           have to be read from the underlying disks, requiring them to be opened for
 349           reading as well as writing.</para>
 350
 351         <para>The &man.mmc.4; and &man.mmcsd.4; driver now support MMC
 352           and SDHC cards, high speed timing, wide bus, and multiblock
 353           transfers.</para>
 354
 355         <para>The &man.sdhci.4; driver has been added.  This supports
 356           PCI devices with class 8 and subclass 5 according to SD Host
 357           Controller Specification.</para>
 358
 359         <para>The &man.mmc.4; &man.mmcsd.4;, and &man.sdhci.4; driver
 360           are now included as a kernel module.</para>
 361       </sect3>
 362
 363       <sect3 id="fs">
 364         <title>File Systems</title>
 365
 366         <para>The shared vnode locking for pathname lookups in
 367           &man.VFS.9; subsystem has been improved.  This is disabled
 368           by default.  Setting a sysctl variable
 369           <varname>vfs.lookup_shared</varname> to <literal>1</literal>
 370           enables it for better performance.  Note that the
 371           <literal>LOOKUP_SHARED</literal> equivalent to the sysctl
 372           variable kernel option has been removed.</para>
 373       </sect3>
 374     </sect2>
 375
 376     <sect2 id="userland">
 377       <title>Userland Changes</title>
 378
 379       <para>The &man.config.8; utility now supports
 380         multiple <varname>makeoption</varname> lines.</para>
 381
 382       <para>The &man.du.1; utility now supports an <option>-l</option>
 383         flag.  When specified, the &man.du.1; counts a file with
 384         multiple hard links as multiple different files.</para>
 385
 386       <para>The &man.fetch.1; utility now supports an
 387         <option>-i</option> flag which supports If-Modified-Since HTTP
 388         request.</para>
 389
 390       <para>The &man.fsck.8; utility now supports a
 391         <option>-C</option> flag for catastrophic recovery mode, which
 392         will enable certain aggressive operations that can make
 393         &man.fsck.8; to survive with file systems that has very
 394         serious data damage, which is an useful last resort when on
 395         disk data damage is very serious and causes &man.fsck.8; to
 396         crash otherwise.</para>
 397
 398       <para>A bug in the &man.ipfw.8; utility which displays extra
 399         messages for a NAT rule even when a <option>-q</option> flag
 400         is specified.</para>
 401
 402       <para>A bug in the &man.netstat.1; utility has been fixed.  It
 403         crashed with the following options in the previous
 404         versions:</para>
 405
 406       <screen>&prompt.user; netstat -m -N foo</screen>
 407
 408       <para>A bug in the &man.netstat.1; utility has been fixed.  The
 409         <option>-ss</option> now works in the icmp6 section as
 410         expected.</para>
 411
 412       <para>The &man.powerd.8; program has been improved.  Changes
 413         include reasonable CPU load estimation on SMP systems and a
 414         new mode named as <literal>hiadaptive</literal> for AC-powered
 415         systems which rises frequency twice faster, drops it 4 times
 416         slower, prefers twice lower CPU load and has additional delay
 417         before leaving the highest frequency after the period of
 418         maximum load.</para>
 419
 420       <para>The &man.strndup.3; function has been added.</para>
 421
 422       <para>The &man.wc.1; utility now supports an <option>-L</option>
 423         flag to output the number of characters in the longest input
 424         line.</para>
 425
 426       <para>A bug in the &man.rpc.yppasswdd.8; program which leaves a
 427         zombie process when a password or default shell is changed has
 428         been fixed.</para>
 429
 430       <sect3 id="rc-scripts">
 431         <title><filename>/etc/rc.d</filename> Scripts</title>
 432
 433         <para></para>
 434       </sect3>
 435     </sect2>
 436
 437     <sect2 id="contrib">
 438       <title>Contributed Software</title>
 439
 440       <para><application>ISC BIND</application> has been updated to
 441         version 9.4.3-P2.</para>
 442
 443       <para>The timezone database has been updated from
 444         the <application>tzdata2008h</application> release to
 445         the <application>tzdata2009f</application> release.</para>
 446     </sect2>
 447
 448     <sect2 id="ports">
 449       <title>Ports/Packages Collection Infrastructure</title>
 450
 451       <para>A bug in the &man.pkg.create.1; which prevents the
 452         <option>-n</option> flag from working has been fixed.</para>
 453     </sect2>
 454
 455     <sect2 id="releng">
 456       <title>Release Engineering and Integration</title>
 457
 458       <para>The supported version of
 459         the <application>GNOME</application> desktop environment
 460         (<filename role="package">x11/gnome2</filename>) has been
 461         updated from 2.22 to 2.26.</para>
 462
 463       <para>The supported version of
 464         the <application>KDE</application> desktop environment has
 465         been updated from 3.5.10 (<filename
 466         role="package">x11/kde3</filename>) to 4.2.2 (<filename
 467         role="package">x11/kde4</filename>).</para>
 468     </sect2>
 469
 470     <sect2 id="doc">
 471       <title>Documentation</title>
 472
 473       <para></para>
 474     </sect2>
 475   </sect1>
 476
 477   <sect1 id="upgrade">
 478     <title>Upgrading from previous releases of &os;</title>
 479
 480     <para arch="amd64,i386">Beginning with &os; 6.2-RELEASE, binary
 481       upgrades between RELEASE versions (and snapshots of the various
 482       security branches) are supported using the
 483       &man.freebsd-update.8; utility.  The binary upgrade procedure
 484       will update unmodified userland utilities, as well as unmodified
 485       GENERIC or SMP kernels distributed as a part of an official &os;
 486       release.  The &man.freebsd-update.8; utility requires that the
 487       host being upgraded have Internet connectivity.</para>
 488
 489     <para>An older form of binary upgrade is supported through the
 490       <command>Upgrade</command> option from the main
 491       &man.sysinstall.8; menu on CDROM distribution media.  This type
 492       of binary upgrade may be useful on non-&arch.i386;,
 493       non-&arch.amd64; machines or on systems with no Internet
 494       connectivity.</para>
 495
 496     <para>Source-based upgrades (those based on recompiling the &os;
 497       base system from source code) from previous versions are
 498       supported, according to the instructions in
 499       <filename>/usr/src/UPDATING</filename>.</para>
 500
 501     <important>
 502       <para>Upgrading &os; should, of course, only be attempted after
 503         backing up <emphasis>all</emphasis> data and configuration
 504         files.</para>
 505     </important>
 506   </sect1>
 507 </article>