1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
11 <title>&os; &release.current; Release Notes</title>
13 <corpauthor>The &os; Project</corpauthor>
15 <pubdate>$FreeBSD$</pubdate>
28 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
31 <legalnotice id="trademarks" role="trademarks">
42 <para>The release notes for &os; &release.current; contain a summary
43 of the changes made to the &os; base system on the
44 &release.branch; development line.
45 This document lists applicable security advisories that were issued since
46 the last release, as well as significant changes to the &os;
48 Some brief remarks on upgrading are also presented.</para>
53 <title>Introduction</title>
55 <para>This document contains the release notes for &os;
57 describes recently added, changed, or deleted features of &os;.
58 It also provides some notes on upgrading
59 from previous versions of &os;.</para>
61 <![ %release.type.current [
63 <para>The &release.type; distribution to which these release notes
64 apply represents the latest point along the &release.branch; development
65 branch since &release.branch; was created. Information regarding pre-built, binary
66 &release.type; distributions along this branch
67 can be found at <ulink url="&release.url;"></ulink>.</para>
71 <![ %release.type.snapshot [
73 <para>The &release.type; distribution to which these release notes
74 apply represents a point along the &release.branch; development
75 branch between &release.prev; and the future &release.next;.
77 pre-built, binary &release.type; distributions along this branch
78 can be found at <ulink url="&release.url;"></ulink>.</para>
82 <![ %release.type.release [
84 <para>This distribution of &os; &release.current; is a
85 &release.type; distribution. It can be found at <ulink
86 url="&release.url;"></ulink> or any of its mirrors. More
87 information on obtaining this (or other) &release.type;
88 distributions of &os; can be found in the <ulink
89 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
90 &os;</quote> appendix</ulink> to the <ulink
91 url="&url.books.handbook;/">&os; Handbook</ulink>.</para>
95 <para>All users are encouraged to consult the release errata before
96 installing &os;. The errata document is updated with
97 <quote>late-breaking</quote> information discovered late in the
98 release cycle or after the release. Typically, it contains
99 information on known bugs, security advisories, and corrections to
100 documentation. An up-to-date copy of the errata for &os;
101 &release.current; can be found on the &os; Web site.</para>
105 <title>What's New</title>
107 <para>This section describes the most user-visible new or changed
108 features in &os; since &release.prev;.</para>
110 <para>Typical release note items document recent security
111 advisories issued after &release.prev;, new drivers or hardware
112 support, new commands or options, major bug fixes, or
113 contributed software upgrades. They may also list changes to
114 major ports/packages or release engineering practices. Clearly
115 the release notes cannot list every single change made to &os;
116 between releases; this document focuses primarily on security
117 advisories, user-visible changes, and major architectural
120 <sect2 id="security">
121 <title>Security Advisories</title>
123 <para>Problems described in the following security advisories have
124 been fixed. For more information, consult the individual
125 advisories available from
126 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
128 <informaltable frame="none" pgwide="0">
130 <colspec colwidth="1*">
131 <colspec colwidth="1*">
132 <colspec colwidth="3*">
135 <entry>Advisory</entry>
143 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc"
144 >SA-09:01.lukemftpd</ulink></entry>
145 <entry>07 January 2009</entry>
146 <entry><para>Cross-site request forgery in
147 &man.lukemftpd.8;</para></entry>
151 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc"
152 >SA-09:02.openssl</ulink></entry>
153 <entry>07 January 2009</entry>
154 <entry><para>OpenSSL incorrectly checks for malformed
155 signatures</para></entry>
159 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc"
160 >SA-09:03.ntpd</ulink></entry>
161 <entry>13 January 2009</entry>
162 <entry><para>ntpd cryptographic signature
163 bypass</para></entry>
167 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc"
168 >SA-09:04.bind</ulink></entry>
169 <entry>13 January 2009</entry>
170 <entry><para>BIND DNSSEC incorrect checks for
171 malformed signatures</para></entry>
175 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
176 >SA-09:05.telnetd</ulink></entry>
177 <entry>16 February 2009</entry>
178 <entry><para>telnetd code execution
179 vulnerability</para></entry>
183 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc"
184 >SA-09:06.ktimer</ulink></entry>
185 <entry>23 March 2009</entry>
186 <entry><para>Local privilege escalation</para></entry>
190 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
191 >SA-09:07.libc</ulink></entry>
192 <entry>04 April 2009</entry>
193 <entry><para>Information leak in &man.db.3;</para></entry>
197 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc"
198 >SA-09:08.openssl</ulink></entry>
199 <entry>22 April 2009</entry>
200 <entry><para>Remotely exploitable crash in
201 OpenSSL</para></entry>
209 <title>Kernel Changes</title>
211 <para>The &os; DTrace subsystem now supports a probe for
212 process execution.</para>
214 <para arch="amd64">The &os; kernel virtual address space has
215 been increased to 6GB and the ceiling on the kmem map size
216 to 3.6GB. Note that the ceiling as a fraction of the kernel
217 map size rather than an absolute quantity.</para>
219 <para>The &man.kld.4; now supports installing 32-bit system
220 call to the &os; system call translation layer from kernel
223 <para>The &os; 32-bit system call translation layer now
224 supports installing 32-bit system calls for
225 <literal>VFS_AIO</literal>.</para>
227 <para>The &man.ktr.4; now supports a new KTR tracepoint in the
228 <literal>KTR_CALLOUT</literal> class to note when a callout
229 routine finishes executing.</para>
232 <title>Boot Loader Changes</title>
234 <para>The &man.boot.8; now supports 4-byte volume ID that
235 certain versions of &windows; put into the MBR and invoking
236 PXE by pressing F6 key on some supported BIOSes.</para>
238 <para>The &man.loader.8; is now able to obtain DHCP options
239 via &man.kenv.2; variables in the case of network boot.</para>
241 <para>A bug in the &man.loader.8; has been fixed. Now the
242 following line works as expected:</para>
244 <programlisting>loader_conf_files="<replaceable>foo</replaceable> <replaceable>bar</replaceable> ${<replaceable>variable</replaceable>}"</programlisting>
248 <title>Hardware Support</title>
250 <para>The &man.acpi.4; subsystem now supports a &man.sysctl.8;
251 variable <varname>debug.batt.batt_sleep_ms</varname>. On
252 some laptops with smart batteries, enabling battery
253 monitoring software causes keystrokes from &man.atkbd.4; to
254 be lost. This sysctl variable adds a delay in millisecond
255 to the status checking code as a workaround.</para>
257 <para>The &man.cpuctl.4; driver, which provides a special
258 device <filename>/dev/cpuctl</filename> as an interface to
259 the system CPU and functionality to retrieve CPUID
260 information, read/write machine specific registers (MSR) and
261 perform CPU firmware updates.</para>
263 <para>The &man.cpufreq.4; driver now supports a
264 <varname>hw.est.msr_info</varname> loader tunable. When
265 this set to <literal>1</literal>, it attempts to build a
266 simple list containing just the high and low frequencies if
267 it cannot obtain a frequency list from either ACPI or the
268 static tables. This is disabled by default.</para>
270 <para arch="amd64,i386">CPU frequency change notifiers are now
271 disabled when the TSC is P-state invariant. Also, a new
273 <varname>kern.timecounter.invariant_tsc</varname> has been
274 added to force this behavior by setting it to
278 <title>Multimedia Support</title>
280 <para>The &man.agp.4; now supports Intel G4X series graphics
283 <para>The DRM, a kernel module named Direct Rendering
284 Manager that gives direct hardware access to DRI clients,
285 has been updated. Support for AMD/ATI r500 and IGP based
286 chips, XGI V3XE/V5/V8, and Intel i915 chipsets has been
289 <para>The snd_au88x0(4) driver for Aureal Vortex
290 1/2/Advantage PCI has been removed because this was
291 broken for a long time.</para>
293 <para>The &man.snd.hda.4; driver has been updated. Changes
294 include: multiple codec per HDA bus, multiple functional
295 groups per codec, multiple audio devices per functional
296 group, digital (SPDIF/HDMI) audio input/output,
297 suspend/resume, and part of multichannel audio.</para>
299 <para>Note that due to added HDMI audio and logical audio
300 devices support, updated driver often provides several PCM
301 devices. In some cases it can make system default audio
302 device no longer corresponding to the users's habitual
303 audio connectors. In such cases the default device can be
304 specified in audio application setup or defined globally
305 via <varname>hw.snd.default_unit sysctl</varname>
306 as described in the &man.sound.4; manual page.</para>
310 <title>Network Interface Support</title>
312 <para>The ciphy(4) driver now supports Vitesse VSC8211
315 <para>A bug in &man.igb.4; driver which prevents a tunable
316 <varname>hw.igb.ave_latency</varname> from working has
319 <para>The &man.jme.4; driver now supports newer JMicron
320 JMC250/JMC260 revisions.</para>
322 <para>The &man.rl.4; driver has been improved. A bug which
323 prevents it from working on systems with more than 4GB
324 memory has been fixed.</para>
328 <sect3 id="net-proto">
329 <title>Network Protocols</title>
331 <para>The &man.jail.8; subsystem now supports start with a
332 specific route FIB.</para>
334 <para>The &man.ng.netflow.4; Netgraph node now supports
335 ability to generate egress netflow instead or in addition to
336 ingress. A <literal>NGM_NETFLOW_SETCONFIG</literal> control
337 message has been added to control the new functionality.</para>
341 <title>Disks and Storage</title>
343 <para>The &man.ata.4; driver now supports Marvell PATA M88SX6121.</para>
345 <para>An issue in the &man.gvinum.8; with access permissions
346 to underlying disks used by a gvinum plex has been fixed.
347 If the plex is a raid5 plex and is being written to, parity data might
348 have to be read from the underlying disks, requiring them to be opened for
349 reading as well as writing.</para>
351 <para>The &man.mmc.4; and &man.mmcsd.4; driver now support MMC
352 and SDHC cards, high speed timing, wide bus, and multiblock
355 <para>The &man.sdhci.4; driver has been added. This supports
356 PCI devices with class 8 and subclass 5 according to SD Host
357 Controller Specification.</para>
359 <para>The &man.mmc.4; &man.mmcsd.4;, and &man.sdhci.4; driver
360 are now included as a kernel module.</para>
364 <title>File Systems</title>
366 <para>The shared vnode locking for pathname lookups in
367 &man.VFS.9; subsystem has been improved. This is disabled
368 by default. Setting a sysctl variable
369 <varname>vfs.lookup_shared</varname> to <literal>1</literal>
370 enables it for better performance. Note that the
371 <literal>LOOKUP_SHARED</literal> equivalent to the sysctl
372 variable kernel option has been removed.</para>
376 <sect2 id="userland">
377 <title>Userland Changes</title>
379 <para>The &man.config.8; utility now supports
380 multiple <varname>makeoption</varname> lines.</para>
382 <para>The &man.du.1; utility now supports an <option>-l</option>
383 flag. When specified, the &man.du.1; counts a file with
384 multiple hard links as multiple different files.</para>
386 <para>The &man.fetch.1; utility now supports an
387 <option>-i</option> flag which supports If-Modified-Since HTTP
390 <para>The &man.fsck.8; utility now supports a
391 <option>-C</option> flag for catastrophic recovery mode, which
392 will enable certain aggressive operations that can make
393 &man.fsck.8; to survive with file systems that has very
394 serious data damage, which is an useful last resort when on
395 disk data damage is very serious and causes &man.fsck.8; to
396 crash otherwise.</para>
398 <para>A bug in the &man.ipfw.8; utility which displays extra
399 messages for a NAT rule even when a <option>-q</option> flag
402 <para>A bug in the &man.netstat.1; utility has been fixed. It
403 crashed with the following options in the previous
406 <screen>&prompt.user; netstat -m -N foo</screen>
408 <para>A bug in the &man.netstat.1; utility has been fixed. The
409 <option>-ss</option> now works in the icmp6 section as
412 <para>The &man.powerd.8; program has been improved. Changes
413 include reasonable CPU load estimation on SMP systems and a
414 new mode named as <literal>hiadaptive</literal> for AC-powered
415 systems which rises frequency twice faster, drops it 4 times
416 slower, prefers twice lower CPU load and has additional delay
417 before leaving the highest frequency after the period of
420 <para>The &man.strndup.3; function has been added.</para>
422 <para>The &man.wc.1; utility now supports an <option>-L</option>
423 flag to output the number of characters in the longest input
426 <para>A bug in the &man.rpc.yppasswdd.8; program which leaves a
427 zombie process when a password or default shell is changed has
430 <sect3 id="rc-scripts">
431 <title><filename>/etc/rc.d</filename> Scripts</title>
438 <title>Contributed Software</title>
440 <para><application>ISC BIND</application> has been updated to
441 version 9.4.3-P2.</para>
443 <para>The timezone database has been updated from
444 the <application>tzdata2008h</application> release to
445 the <application>tzdata2009f</application> release.</para>
449 <title>Ports/Packages Collection Infrastructure</title>
451 <para>A bug in the &man.pkg.create.1; which prevents the
452 <option>-n</option> flag from working has been fixed.</para>
456 <title>Release Engineering and Integration</title>
458 <para>The supported version of
459 the <application>GNOME</application> desktop environment
460 (<filename role="package">x11/gnome2</filename>) has been
461 updated from 2.22 to 2.26.</para>
463 <para>The supported version of
464 the <application>KDE</application> desktop environment has
465 been updated from 3.5.10 (<filename
466 role="package">x11/kde3</filename>) to 4.2.2 (<filename
467 role="package">x11/kde4</filename>).</para>
471 <title>Documentation</title>
478 <title>Upgrading from previous releases of &os;</title>
480 <para arch="amd64,i386">Beginning with &os; 6.2-RELEASE, binary
481 upgrades between RELEASE versions (and snapshots of the various
482 security branches) are supported using the
483 &man.freebsd-update.8; utility. The binary upgrade procedure
484 will update unmodified userland utilities, as well as unmodified
485 GENERIC or SMP kernels distributed as a part of an official &os;
486 release. The &man.freebsd-update.8; utility requires that the
487 host being upgraded have Internet connectivity.</para>
489 <para>An older form of binary upgrade is supported through the
490 <command>Upgrade</command> option from the main
491 &man.sysinstall.8; menu on CDROM distribution media. This type
492 of binary upgrade may be useful on non-&arch.i386;,
493 non-&arch.amd64; machines or on systems with no Internet
496 <para>Source-based upgrades (those based on recompiling the &os;
497 base system from source code) from previous versions are
498 supported, according to the instructions in
499 <filename>/usr/src/UPDATING</filename>.</para>
502 <para>Upgrading &os; should, of course, only be attempted after
503 backing up <emphasis>all</emphasis> data and configuration