Change the current working directory to be inside the jail created by

[FreeBSD/releng/7.2.git] / release / doc / en_US.ISO8859-1 / relnotes / article.sgml

<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
%articles.ent;

<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
%release;
]>

<article>
  <articleinfo>
    <title>&os; &release.current; Release Notes</title>

    <corpauthor>The &os; Project</corpauthor>

    <pubdate>$FreeBSD$</pubdate>

    <copyright>
      <year>2000</year>
      <year>2001</year>
      <year>2002</year>
      <year>2003</year>
      <year>2004</year>
      <year>2005</year>
      <year>2006</year>
      <year>2007</year>
      <year>2008</year>
      <year>2009</year>
      <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
    </copyright>

    <legalnotice id="trademarks" role="trademarks">
      &tm-attrib.freebsd;
      &tm-attrib.ibm;
      &tm-attrib.ieee;
      &tm-attrib.intel;
      &tm-attrib.microsoft;
      &tm-attrib.sparc;
      &tm-attrib.general;
    </legalnotice>

    <abstract>
      <para>The release notes for &os; &release.current; contain a summary
        of the changes made to the &os; base system on the
        &release.branch; development line.
        This document lists applicable security advisories that were issued since
        the last release, as well as significant changes to the &os;
        kernel and userland.
        Some brief remarks on upgrading are also presented.</para>
    </abstract>
  </articleinfo>

  <sect1 id="intro">
    <title>Introduction</title>

    <para>This document contains the release notes for &os;
      &release.current;.  It
      describes recently added, changed, or deleted features of &os;.
      It also provides some notes on upgrading
      from previous versions of &os;.</para>

<![ %release.type.current [

    <para>The &release.type; distribution to which these release notes
      apply represents the latest point along the &release.branch; development
      branch since &release.branch; was created.  Information regarding pre-built, binary
      &release.type; distributions along this branch
      can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.snapshot [

    <para>The &release.type; distribution to which these release notes
      apply represents a point along the &release.branch; development
      branch between &release.prev; and the future &release.next;.
      Information regarding
      pre-built, binary &release.type; distributions along this branch
      can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.release [

    <para>This distribution of &os; &release.current; is a
      &release.type; distribution.  It can be found at <ulink
      url="&release.url;"></ulink> or any of its mirrors.  More
      information on obtaining this (or other) &release.type;
      distributions of &os; can be found in the <ulink
      url="&url.books.handbook;/mirrors.html"><quote>Obtaining
      &os;</quote> appendix</ulink> to the <ulink
      url="&url.books.handbook;/">&os; Handbook</ulink>.</para>

]]>

    <para>All users are encouraged to consult the release errata before
      installing &os;.  The errata document is updated with
      <quote>late-breaking</quote> information discovered late in the
      release cycle or after the release.  Typically, it contains
      information on known bugs, security advisories, and corrections to
      documentation.  An up-to-date copy of the errata for &os;
      &release.current; can be found on the &os; Web site.</para>
  </sect1>

  <sect1 id="new">
    <title>What's New</title>

    <para>This section describes the most user-visible new or changed
      features in &os; since &release.prev;.</para>

    <para>Typical release note items document recent security
      advisories issued after &release.prev;, new drivers or hardware
      support, new commands or options, major bug fixes, or
      contributed software upgrades.  They may also list changes to
      major ports/packages or release engineering practices.  Clearly
      the release notes cannot list every single change made to &os;
      between releases; this document focuses primarily on security
      advisories, user-visible changes, and major architectural
      improvements.</para>

    <sect2 id="security">
      <title>Security Advisories</title>

      <para>Problems described in the following security advisories have
        been fixed.  For more information, consult the individual
        advisories available from
        <ulink url="http://security.FreeBSD.org/"></ulink>.</para>

      <informaltable frame="none" pgwide="0">
        <tgroup cols="3">
          <colspec colwidth="1*">
          <colspec colwidth="1*">
          <colspec colwidth="3*">
            <thead>
              <row>
                <entry>Advisory</entry>
                <entry>Date</entry>
                <entry>Topic</entry>
              </row>
            </thead>

            <tbody>
              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc"
                              >SA-09:01.lukemftpd</ulink></entry>
                <entry>07&nbsp;January&nbsp;2009</entry>
                <entry><para>Cross-site request forgery in
                  &man.lukemftpd.8;</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc"
                              >SA-09:02.openssl</ulink></entry>
                <entry>07&nbsp;January&nbsp;2009</entry>
                <entry><para>OpenSSL incorrectly checks for malformed
                  signatures</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc"
                              >SA-09:03.ntpd</ulink></entry>
                <entry>13&nbsp;January&nbsp;2009</entry>
                <entry><para>ntpd cryptographic signature
                  bypass</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc"
                              >SA-09:04.bind</ulink></entry>
                <entry>13&nbsp;January&nbsp;2009</entry>
                <entry><para>BIND DNSSEC incorrect checks for
                  malformed signatures</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
                              >SA-09:05.telnetd</ulink></entry>
                <entry>16&nbsp;February&nbsp;2009</entry>
                <entry><para>telnetd code execution
                  vulnerability</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc"
                              >SA-09:06.ktimer</ulink></entry>
                <entry>23&nbsp;March&nbsp;2009</entry>
                <entry><para>Local privilege escalation</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
                              >SA-09:07.libc</ulink></entry>
                <entry>04&nbsp;April&nbsp;2009</entry>
                <entry><para>Information leak in &man.db.3;</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc"
                              >SA-09:08.openssl</ulink></entry>
                <entry>22&nbsp;April&nbsp;2009</entry>
                <entry><para>Remotely exploitable crash in
                  OpenSSL</para></entry>
              </row>
            </tbody>
        </tgroup>
      </informaltable>
    </sect2>

    <sect2 id="kernel">
      <title>Kernel Changes</title>

      <para>The &man.ddb.8; kernel debugger now supports a
        <command>show mount</command> subcommand.</para>

      <para>The &os; DTrace subsystem now supports a probe for
        process execution.</para>

      <para arch="amd64">The &os; kernel virtual address space has
        been increased to 6GB.  This allows subsystems to use larger
        virtual memory space than before.  For example, &man.zfs.8;
        adaptive replacement cache (ARC) requires large kernel memory
        space to cache file system data, so it benefits from the
        increased address space.  Note that the ceiling on the kernel
        map size is now 60% of the size rather than an absolute
        quantity.</para>

      <para>The &man.jail.8; subsystem has been updated.  Changes include:</para>

      <itemizedlist>
        <listitem>
          <para>Multiple addresses of both IPv4 and IPv6 per jail has
            been supported.  It is even possible to have jails without
            an IP address at all, which basically gives one a chrooted
            environment with restricted process view and no
            networking.</para>
        </listitem>

        <listitem>
          <para>SCTP (&man.sctp.4;) with IPv6 in jails has been
            implemented.</para>
        </listitem>

        <listitem>
          <para>Specific CPU binding by using &man.cpuset.1; has been
            implemented.  Note that the current implementation allows
            the superuser inside of the jail to change the CPU
            bindings specified.  This behavior will be fixed in the
            next release.</para>
        </listitem>

        <listitem>
          <para>A &man.jail.8; can start with a specific route
            FIB now.</para>
        </listitem>

        <listitem>
          <para>A <literal>show jails</literal> subcommand in
            &man.ddb.8; has been added.</para>
        </listitem>

        <listitem>
          <para>Compatibility support which permits 32-bit jail
            binaries to be used on 64-bit systems to manage jails has
            been added.</para>
        </listitem>

        <listitem>
          <para>Note that both version numbers of
            <literal>jail</literal> and <literal>prison</literal> in
            the &man.jail.8; have been updated for the new
            features.</para>
        </listitem>
      </itemizedlist>

      <para>The &man.kld.4; now supports installing 32-bit system
        calls to the &os; system call translation layer from kernel
        modules.</para>

      <para>The &man.ktr.4; now supports a new KTR tracepoint in the
        <literal>KTR_CALLOUT</literal> class to note when a callout
        routine finishes executing.</para>

      <para>Types of variables used to track the amount of allocated
        System V shared memory have been changed from
        <literal>int</literal> to <literal>size_t</literal>.  This
        makes it possible to use more than 2 GB of memory for shared
        memory segments on 64-bit architectures.  Please note the new
        BUGS section in &man.shmctl.2; and
        <filename>/usr/src/UPDATING</filename> for limitations of this
        temporary solution.</para>

      <para>The &man.sysctl.3; leaf nodes have a flag to tag
        themselves as MPSAFE now.</para>

      <para>The &os; 32-bit system call translation layer now
        supports installing 32-bit system calls for
        <literal>VFS_AIO</literal>.</para>

      <para arch="amd64,i386">The &os; virtual memory subsystem now
        supports fully transparent use of
        <application>superpages</application> for application memory;
        application memory pages are dynamically promoted to or
        demoted from superpages without any modification to
        application code.  This change offers the benefit of large
        page sizes such as improved virtual memory efficiency and
        reduced TLB (translation lookaside buffer) misses without
        downsides like application changes and virtual memory
        inflexibility.  This is disabled by default and can be enabled
        by setting a loader tunable
        <varname>vm.pmap.pg_ps_enabled</varname> to
        <literal>1</literal>.</para>

      <sect3 id="boot">
        <title>Boot Loader Changes</title>

        <para>The &man.boot.8; now supports 4-byte volume ID that
          certain versions of &windows; put into the MBR and invoking
          PXE by pressing F6 key on some supported BIOSes.</para>

        <para arch="i386">The &man.boot.8; BTX loader has been
          improved.  This fixes several boot issues on recent machines
          reported for 7.1-RELEASE and before.</para>

        <para>The &man.loader.8; is now able to obtain DHCP options
          from network boot via &man.kenv.2; variables.</para>

        <para>A bug in the &man.loader.8; has been fixed.  Now the
          following line works as expected:</para>

        <programlisting>loader_conf_files="<replaceable>foo</replaceable> <replaceable>bar</replaceable> ${<replaceable>variable</replaceable>}"</programlisting>
      </sect3>

      <sect3 id="proc">
        <title>Hardware Support</title>

        <para arch="sparc64">The &os; now supports Ultra SPARC III
          (Cheetah) processor family.</para>

        <para>The &man.acpi.4; subsystem now supports a &man.sysctl.8;
          variable <varname>debug.batt.batt_sleep_ms</varname>.  On
          some laptops with smart batteries, enabling battery
          monitoring software causes keystrokes from &man.atkbd.4; to
          be lost.  This sysctl variable adds a delay in millisecond
          to the status checking code as a workaround.</para>

        <para>The &man.acpi.asus.4; driver now supports Asus A8Sr
          notebooks.</para>

        <para arch="powerpc">Support for the AltiVec, a floating point
          and integer SIMD instruction set has been added.</para>

        <para>The &man.cpuctl.4; driver, which provides a special
          device <filename>/dev/cpuctl</filename> as an interface to
          the system CPU has been added.  The &man.cpuctl.4;
          functionality includes the ability to retrieve CPUID
          information, read/write machine specific registers (MSR),
          and perform CPU firmware updates.</para>

        <para>The &man.cpufreq.4; driver now supports an
          <varname>hw.est.msr_info</varname> loader tunable.  When
          this is set to <literal>1</literal>, it attempts to build a
          simple list containing just the high and low frequencies if
          it cannot obtain a frequency list from either ACPI or the
          static tables.  This is disabled by default.</para>

        <para arch="amd64,i386">CPU frequency change notifiers are now
          disabled when the TSC is P-state invariant.  Also, a new
          loader tunable
          <varname>kern.timecounter.invariant_tsc</varname> has been
          added to force this behavior by setting it to
          non-zero.</para>

        <para>The &man.atkbd.4; driver now disables the interrupt
          handler which is called from the keyboard callback function
          when polled mode is enabled.  This fixes the problem of
          duplicated/missing characters at the mountroot prompt on
          multi CPU systems while &man.kbdmux.4; is enabled.</para>

        <para>In the &man.pci.4; subsystem INTx is now disabled when
          MSI/MSIX is enabled.  This change fixes interrupt storm
          related issues.</para>

        <para arch="sparc64">The schizo(4) driver for Schizo
          Fireplane/Safari to PCI 2.1 and Tomatillo JBus to PCI 2.2
          bridges has been added.</para>

        <para>The &man.u3g.4; driver for USB based 3G cards and
          dongles including Vodafone Mobile Connect Card 3G, Qualcomm
          CDMA MSM, Huawei E220, Novatel U740, Sierra MC875U, and so
          on has been added.  This provides support for the multiple
          USB-to-serial interfaces exposed by many 3G USB/PC Card
          modems, and the device is accessed through the &man.ucom.4;
          driver which makes it behave like a &man.tty.4;.</para>

        <para>The &man.sched.ule.4; scheduler now supports a loader
          tunable <varname>machdep.hyperthreading_enabled</varname> as
          the &man.sched.4bsd.4; does.  Note that it cannot be
          modified at run-time.</para>

        <sect4 id="mm">
          <title>Multimedia Support</title>

          <para>The &man.agp.4; driver now supports Intel G4X series
            graphics chipsets.</para>

          <para>The DRM, a kernel module named Direct Rendering
            Manager that gives direct hardware access to DRI clients,
            has been updated.  Support for AMD/ATI r500, r600, r700,
            and IGP based chips, XGI V3XE/V5/V8, and Intel i915
            chipsets has been improved.</para>

          <para>A new loader tunable <varname>hw.drm.msi</varname> has
            been added to control if DRM uses MSI or not.  This is set
            to <literal>1</literal> (enabled) by default.</para>

          <para>The snd_au88x0(4) driver for Aureal Vortex
            1/2/Advantage PCI has been removed because this was
            broken for a long time.</para>

          <para>The &man.snd.hda.4; driver has been updated.  This
            changes include support for multiple codec per HDA bus,
            multiple functional groups per codec, multiple audio
            devices per functional group, digital (SPDIF/HDMI) audio
            input/output, suspend/resume, and part of multichannel
            audio.</para>

          <para>Note that due to added HDMI audio and logical audio
            devices support, the updated driver often provides several
            PCM devices.  This means that in some cases the system
            default audio device no longer corresponds to the users's
            habitual audio connectors.  In such cases the default
            device can be specified in audio applications' setup or
            defined globally via <varname>hw.snd.default_unit
            sysctl</varname>, as described in the &man.sound.4; manual
            page.</para>
        </sect4>

        <sect4 id="net-if">
          <title>Network Interface Support</title>

          <para>The &man.ae.4; driver now supports WoL
            (Wake on LAN).</para>

          <para arch="amd64,i386">The &man.ale.4; driver is now
            included in the <filename>GENERIC</filename>
            kernel.</para>

          <para>The &man.ath.hal.4;, Atheros Hardware Access Layer,
            has been updated to the open source version.</para>

          <para>The &man.axe.4; driver has been improved in
            performance by eliminating extra context switches and now
            supports Apple USB Ethernet adapter.</para>

          <para>The &man.bce.4; driver's firmware has been updated to
            the latest version (4.6.X).</para>

          <para>The ciphy(4) driver now supports Vitesse VSC8211
            PHY.</para>

          <para>The &man.cxgb.4; driver has been updated to firmware
            revision 4.7 and now supports hardware MAC
            statistics.</para>

          <para>The &man.fxp.4; driver has been improved.  Changes include:</para>

          <itemizedlist>
            <listitem>
              <para>The checksum offload feature can be controlled by
                &man.ifconfig.8; now.</para>
            </listitem>

            <listitem>
              <para>Rx checksum offload support for 82559 or later
                controllers has been added.</para>
            </listitem>

            <listitem>
              <para>TSO (TCP Segmentation Offload) support for 82550
                and 82551 controllers has been added.</para>
            </listitem>

            <listitem>
              <para>WoL (Wake on LAN) support for 82550, 82551, 82558,
                and 82559-based controllers has been added.  Note that
                ICH based controllers are treated as 82559, and 82557,
                earlier revisions of 82558, and 82559ER have no WoL
                capability.</para>
            </listitem>

            <listitem>
              <para>VLAN hardware tag insertion/stripping support and
                Tx/Rx checksum offload for VLAN frames support have
                been added.  Note that the VLAN hardware assistance is
                available only on 82550 or 82551-based
                controllers.</para>
            </listitem>
          </itemizedlist>

          <para>A bug in the &man.igb.4; driver, which prevents the
            loader tunable <varname>hw.igb.ave_latency</varname> from
            working, has been fixed.</para>

          <para>The &man.ixgbe.4; driver has been updated to
            version 1.7.4.</para>

          <para>The &man.jme.4; driver now supports newer JMicron
            JMC250/JMC260 revisions.</para>

          <para>The &man.msk.4; driver has been improved.  An issue
            which makes it hang up in a certain condition has been
            fixed.  Hardware MAC statistics support has been added
            and users can get the information via sysctl variables
            named
            <varname>dev.msk.<replaceable>N</replaceable>.stats</varname>.</para>

          <para>The &man.mxge.4; driver now supports some newer
            revisions and 10GBASE-LRM and 10GBASE-Twinax media
            types.</para>

          <para>The &man.nfe.4; driver now supports hardware MAC
            statistics.</para>

          <para>The &man.re.4; driver has been improved.  It now
            detects the link status.  A new loader tunable
            <varname>hw.re.prefer_iomap</varname> has been added, to
            disable memory register mapping.  This tunable is
            <literal>0</literal> for all controllers except RTL8169SC
            family.</para>

          <para>The &man.rl.4; driver has been improved.  It now
            detects the link status and a bug which prevents it from
            working on systems with more than 4GB memory has been
            fixed.</para>

          <para>A bug in &man.sis.4; on VLAN tagged frame handling has
            been fixed.</para>

          <para>The &man.txp.4; driver now works on all supported
            architectures.  Support has been added for &man.altq.4;,
            WoL, checksum offload when VLAN enabled, and link state
            change handling has been improved, and new sysctl
            variables
            <varname>dev.txp.<replaceable>N</replaceable>.stats</varname>
            for MAC statistics have been added.  New sysctl variables
            <varname>dev.txp.<replaceable>N</replaceable>.process_limit</varname>
            has been added, to control how many received frames should
            be served in Rx handler (set to 64 by default and valid
            ranges are 16 to 128 in unit of frames).  The firmware has
            been updated to the latest version.</para>
        </sect4>
      </sect3>

      <sect3 id="net-proto">
        <title>Network Protocols</title>

        <para>IPv4 source address selection for unbound sockets has
          been implemented as follows:</para>

        <orderedlist>
          <listitem>
            <para>If we found a route, use the address corresponding
              to the outgoing interface.</para>
          </listitem>

          <listitem>
            <para>Otherwise we assume the foreign address is reachable
              on a directly connected network and try to find a
              corresponding interface to take the source address
              from.</para>
          </listitem>

          <listitem>
            <para>As a last resort use the default jail address.</para>
          </listitem>
        </orderedlist>

        <para>This also changes the semantics of selecting the IP for
          processes within a &man.jail.8; as it now uses the same
          logic as outside the &man.jail.8;.</para>

        <para>The TCP MD5 Signature Option (RFC 2385) for IPv6 has
          been implemented in the same way it has been implemented for
          IPv4.</para>

        <para>The &man.ng.netflow.4; Netgraph node now includes
         support for generating egress netflow instead or in addition
         to ingress.  An <literal>NGM_NETFLOW_SETCONFIG</literal>
         control message has been added to control the new
         functionality.</para>

        <para>The &man.tap.4; Ethernet tunnel software network
          interface now supports a new <literal>TAPGIFNAME</literal>
          character device ioctl.  This is a convenient shortcut to
          obtain the network interface name using a file descriptor to
          a character device.</para>

        <para>The &man.tap.4; now supports
          <literal>SIOCSIFMTU</literal> ioctl to set a higher MTU than
          1500 (ETHERMTU).  This allows &man.tap.4; devices to be
          added to the same bridge (which requires all interface
          members to have the same MTU) with an interface configured
          for jumbo frames.</para>

        <para>The domains list for handling the list of supported
          domains in the &man.unix.4; (UNIX domain protocol family)
          subsystem is now MPSAFE.</para>
      </sect3>

      <sect3 id="disks">
        <title>Disks and Storage</title>

        <para>The &man.ata.4; driver now supports Marvell PATA M88SX6121.</para>

        <para>The &man.ata.4; driver now recognizes nForce MCP67 and
          MCP73 SATA controllers as AHCI.</para>

        <para>The &man.ataraid.4; driver now includes preliminary support
          for DDF metadata found on Adaptec HostRAID controllers.
          Note that spares and rebuilds are not supported yet.</para>

        <para>The &man.cam.4; SCSI subsystem now supports a new sysctl
          variable <varname>kern.cam.cd.retry_count</varname>.  This
          controls the number of retries for the CD media.  When
          trying to read scratched or damaged CDs and DVDs, the
          default mechanism is sub-optimal, and programs like
          <application>ddrescue</application> do much better if you
          turn off the retries entirely since their algorithms do it
          by themselves.  This value is set to <literal>4</literal>
          (for a total of 5 attempts) by default.  Setting it to
          <literal>0</literal> turns off all retry attempts.</para>

        <para>A bug in the &man.ciss.4; driver which caused low
          <quote>max device openings</quote> count and led to poor
          performance has been fixed.</para>

        <para>The &man.glabel.8; GEOM class now supports a new
          UFS-based label called <literal>ufsid</literal> that can be
          used to reference UFS-carrying devices by the unique file
          system ID.  This file system ID is automatically generated
          and detected when the &man.glabel.8; GEOM class is enabled.  An
          example of this new label is:
          <filename>/dev/ufsid/48e69c8b5c8e1b43</filename>.  The
          benefit of using GEOM labels in general is to avoid problems
          of device renaming when shifting drives or
          controllers.</para>

        <para>The &man.gjournal.8; GEOM class now supports the root
          file system.  Previously, an unclean shutdown would make it
          impossible to mount the root file system at boot.</para>

        <para>The &man.gpart.8; utility has been updated.  The APM
          scheme now supports Tivo Series 1 partitions (read only), a
          new EBR scheme to support Extended Boot Records has been
          added, the BSD scheme now support bootcode, and bugs in the
          PC98 and VTOC8 schemes have been fixed.</para>

        <para>An issue in &man.gvinum.8; with access permissions
          to underlying disks used by a gvinum plex has been fixed.
          If the plex is a raid5 plex and is being written to, parity data might
          have to be read from the underlying disks, requiring them to be opened for
          reading as well as writing.</para>

        <para>The &man.hptmv.4; driver has been updated to version
          1.16 from the vendor.</para>

        <para>The &man.mmc.4; and &man.mmcsd.4; drivers now support MMC
          and SDHC cards, high speed timing, wide bus, and multiblock
          transfers.</para>

        <para arch="sparc64">The &man.mpt.4; driver is now in the
          <filename>GENERIC</filename> kernel.</para>

        <para>The &man.sdhci.4; driver has been added.  This supports
          PCI devices with class 8 and subclass 5 according to the SD
          Host Controller Specification.</para>

        <para>The &man.sdhci.4; driver now supports kernel dumping and
          a sysctl variable <varname>hw.sdhci.debug</varname> for debug
          level.</para>

        <para>The &man.twa.4; driver now supports 64-bit DMA.</para>

        <para>The &man.mmc.4; &man.mmcsd.4;, and &man.sdhci.4; driver
          are now included as kernel modules.</para>
      </sect3>

      <sect3 id="fs">
        <title>File Systems</title>

        <para>The semantics of &man.acl.3; extended access control
          lists has been changed as follows:</para>

        <itemizedlist>
          <listitem>
            <para>The inode modification time (mtime) is not updated
              when extended attributes are added, modified, or removed.</para>
          </listitem>

          <listitem>
            <para>The inode access time (atime) is not updated
              when extended attributes are queried.</para>
          </listitem>
        </itemizedlist>

        <para>The &os; NFS file system now supports a sysctl variable
          <varname>vfs.nfs.prime_access_cache</varname> to determine
          whether or not <function>nfs_getattr()</function> will use
          an ACCESS RPC to prime the access cache instead of a simple
          GETATTR RPC.  This is because on many NFS servers an ACCESS
          RPC is much more expensive to service than a GETATTR RPC for
          files in an NFSv3 mount.  The sysctl variable is enabled by
          default to maintain the previous behavior.</para>

        <para>The &os; UDF file system now supports a fifo.</para>

        <para>The shared vnode locking for pathname lookups in
          the &man.VFS.9; subsystem has been improved.  This is disabled
          by default.  Setting a sysctl variable
          <varname>vfs.lookup_shared</varname> to <literal>1</literal>
          enables it for better performance.  Note that the
          <literal>LOOKUP_SHARED</literal> kernel option equivalent to
          the sysctl variable has been removed.</para>
      </sect3>
    </sect2>

    <sect2 id="userland">
      <title>Userland Changes</title>

      <para>A bug in the &man.atacontrol.8; utility, which prevents it
        from working when <filename>/usr</filename> is not mounted or
        invoked from <filename>/rescue</filename>, has been
        fixed.</para>

      <para>The &man.btpand.8; daemon from NetBSD has been added.
        This daemon provides support for Bluetooth Network Access
        Point (NAP), Group Ad-hoc Network (GN) and Personal Area
        Network User (PANU) profiles.</para>

      <para>The &man.ncal.1; utility now supports multibyte
        characters.</para>

      <para>The &man.config.8; utility now supports
        multiple <varname>makeoption</varname> lines.</para>

      <para>The &man.csup.1; utility now supports CVSMode to fetch a
        complete CVS repository.  Note that the rsync transfer mode is
        currently disabled.</para>

      <para>The &man.dirname.1; utility now accepts multiple arguments
        in the same way that &man.basename.1; does.</para>

      <para>The &man.du.1; utility now supports an <option>-l</option>
        flag.  When specified, the &man.du.1; utility counts a file
        with multiple hard links as multiple different files.</para>

      <para>The &man.du.1; utility now supports an <option>-A</option> flag
        to display the apparent size instead of the disk usage.  This can be
        helpful when operating on compressed volumes or sparse files.</para>

      <para>The &man.du.1; utility now supports a <option>-B
        <replaceable>blocksize</replaceable></option> option to
        calculate block counts in blocks of
        <replaceable>blocksize</replaceable> bytes.  This is different
        from the <option>-k</option> or <option>-m</option> options or
        setting <varname>BLOCKSIZE</varname> and gives an estimate of
        how much space the examined file hierarchy would require on a
        file system with the given
        <replaceable>blocksize</replaceable>.  Unless in
        <option>-A</option> mode, <replaceable>blocksize</replaceable>
        is rounded up to the next multiple of 512.</para>

      <para>The &man.dumpfs.8; utility now supports an
        <option>-f</option> flag, which causes it to list all free
        fragments in the file system by fragment (block) number.  This
        new mode does the necessary arithmetic to generate absolute
        fragment numbers rather than the cg-relative numbers printed
        in the default mode.</para>

      <para>If <option>-f</option> is passed once, contiguous fragment
        ranges are collapsed into an X-Y format as free block lists
        are currently printed in regular dumpfs output.  If specified
        twice, all block numbers are printed individually, allowing
        both compact and more script-friendly representation.</para>

      <para>The &man.fetch.1; utility now supports an
        <option>-i</option> flag which supports the If-Modified-Since
        HTTP 1.1 request.  If specified it will cause the file to be
        downloaded only if it is more recent than the mtime of the
        local file.  Also, <application>libfetch</application> now
        accepts the mtime in the url structure and a flag to indicate
        when this behavior is desired.</para>

      <para>The &man.fsck.8; utility now supports a
        <option>-C</option> flag for <literal>check clean</literal>
        mode.  This checks if the file system was dismounted cleanly
        first and then skip file system checks if true.  Otherwise it
        does full checks.</para>

      <para>The &man.fsck.8; utility now supports a
        <option>-D</option> flag for damaged recovery mode, which will
        enable certain aggressive operations that can make
        &man.fsck.8; to survive with file systems that has very
        serious data damage.  This is a useful last resort when on
        disk data damage is very serious and causes &man.fsck.8; to
        crash.</para>

      <para>The &man.getaddrinfo.3; function now supports SCTP.</para>

      <para>A bug was fixed in the &man.ipfw.8; utility which displays
        extra messages for a NAT rule even when a <option>-q</option>
        flag is specified.</para>

      <para>The &man.ln.1; utility now supports a <option>-w</option>
        flag to check if the source file actually exists.  When the
        flag is specified and the file does not exist, &man.ln.1; will
        issue a warning message.</para>

      <para>The &man.make.1; utility now supports a
        <option>-p</option> flag to print the input graph only,
        without executing any commands.  The output is the same as
        <option>-d g1</option>.  When combined with <option>-f
        /dev/null</option>, only the built-in rules of make are
        displayed.</para>

      <para>The &man.make.1; utility now supports a
        <option>-Q</option> flag to cause file banners not to be
        generated in addition to the same effect of a
        <option>-q</option> flag when a <option>-j</option> option is
        specified.</para>

      <para>The &man.make.1; utility now supports the
        <varname>.MAKE.JOB.PREFIX</varname> variable.  If
        <option>-j</option> and <option>-v</option> are specified, its
        output for each target is prefixed with a token <literal>---
          <replaceable>target</replaceable> ---</literal> the first part
        of which can be controlled via the variable.</para>

      <para>The &man.make.1; utility now supports
        <varname>.MAKE.PID</varname> and <varname>.MAKE.PPID</varname>
        variable.  These are set to process ID of the &man.make.1;
        process and its parent process respectively.</para>

      <para>The &man.makefs.8; utility to create a file system image
        from a directory tree has been added.</para>

      <para>The &man.mergemaster.8; utility now supports an
        <option>-F</option> option to automatically install files that
        differ only in their version control ID strings.</para>

      <para>The &man.mount.8; utility now supports an <option>-o
        mountprog=<replaceable>/somewhere/mount_xxx</replaceable></option>
        option to force it to use the specified program to mount the
        file system instead of calling &man.nmount.2; directly.  This
        is useful when you want to use third party programs such as
        FUSE, for example.</para>

      <para>The &man.netstat.1; utility now reports &man.unix.4;
        sockets' listen queue statistics when an <option>-L</option>
        flag is specified.</para>

      <para>A bug in the &man.netstat.1; utility has been fixed.  It
        crashed with the following options in the previous
        versions:</para>

      <screen>&prompt.user; netstat -m -N foo</screen>

      <para>A bug in the &man.netstat.1; utility has been fixed.  The
        <option>-ss</option> option now works in the icmp6 section as
        expected.</para>

      <para>The &man.pciconf.8; utility now supports a
        <option>-b</option> flag, which lists any base address
        registers (BAR) that are assigned resources for each
        device.</para>

      <para>The &man.powerd.8; program has been improved.  Changes
        include reasonable CPU load estimation on SMP systems and a
        new mode named as <literal>hiadaptive</literal> for AC-powered
        systems.  The <literal>hiadaptive</literal> mode raises the
        CPU frequency twice as fast as <literal>adaptive</literal>, it
        drops the CPU frequency 4 times slower, prefers twice lower
        CPU load and has an additional delay before leaving the
        highest frequency after the period of maximum load.</para>

      <para>The &man.stat.1; utility now displays an octal
        representation of suid, sgid and sticky bits when the
        <option>-x</option> flag is specified.</para>

      <para>The &man.strndup.3; function has been added.</para>

      <para>The &man.wc.1; utility now supports an <option>-L</option>
        flag to output the number of characters in the longest input
        line.</para>

      <para>A bug in the &man.rpc.yppasswdd.8; program, which causes
        it to leave a zombie process when a password or default shell
        is changed, has been fixed.</para>

<!--
      <sect3 id="rc-scripts">
        <title><filename>/etc/rc.d</filename> Scripts</title>

        <para></para>
      </sect3>
-->
    </sect2>

    <sect2 id="contrib">
      <title>Contributed Software</title>

      <para><application>ISC BIND</application> has been updated to
        version 9.4.3-P2.</para>

      <para>The timezone database has been updated from
        the <application>tzdata2008h</application> release to
        the <application>tzdata2009f</application> release.</para>
    </sect2>

    <sect2 id="ports">
      <title>Ports/Packages Collection Infrastructure</title>

      <para>A bug in the &man.pkg.create.1; utility, which prevents
        the <option>-n</option> flag from working has been
        fixed.</para>

      <para>The &os; Ports Collection now supports multiple
        &man.make.1; jobs in some supported ports.  This is
        automatically enabled when a port is marked as
        <varname>MAKE_JOBS_SAFE</varname> and improves CPU utilization
        at the build stage by passing an option
        <option>-j<replaceable>X</replaceable></option> to the top
        level <filename>Makefile</filename> from the vendor.  The
        number <replaceable>X</replaceable> is set to the number of
        CPUs by default, and can be set by users via a &man.make.1;
        variable <varname>MAKE_JOBS_NUMBER</varname>.  For more
        details, see <filename>ports/Mk/bsd.port.mk</filename>.</para>
    </sect2>

    <sect2 id="releng">
      <title>Release Engineering and Integration</title>

      <para>The supported version of
        the <application>GNOME</application> desktop environment
        (<filename role="package">x11/gnome2</filename>) has been
        updated from 2.22 to 2.26.</para>

      <para>The supported version of
        the <application>KDE</application> desktop environment has
        been updated from 3.5.10 (<filename
        role="package">x11/kde3</filename>) to 4.2.2 (<filename
        role="package">x11/kde4</filename>).</para>
    </sect2>

<!--
    <sect2 id="doc">
      <title>Documentation</title>

      <para></para>
    </sect2>
-->
  </sect1>

  <sect1 id="upgrade">
    <title>Upgrading from previous releases of &os;</title>

    <para arch="amd64,i386">Beginning with &os; 6.2-RELEASE, binary
      upgrades between RELEASE versions (and snapshots of the various
      security branches) are supported using the
      &man.freebsd-update.8; utility.  The binary upgrade procedure
      will update unmodified userland utilities, as well as unmodified
      GENERIC or SMP kernels distributed as a part of an official &os;
      release.  The &man.freebsd-update.8; utility requires that the
      host being upgraded has Internet connectivity.</para>

    <para>An older form of binary upgrade is supported through the
      <command>Upgrade</command> option from the main
      &man.sysinstall.8; menu on CDROM distribution media.  This type
      of binary upgrade may be useful on non-&arch.i386;,
      non-&arch.amd64; machines or on systems with no Internet
      connectivity.</para>

    <para>Source-based upgrades (those based on recompiling the &os;
      base system from source code) from previous versions are
      supported, according to the instructions in
      <filename>/usr/src/UPDATING</filename>.</para>

    <important>
      <para>Upgrading &os; should, of course, only be attempted after
        backing up <emphasis>all</emphasis> data and configuration
        files.</para>
    </important>
  </sect1>
</article>