1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
11 <title>&os; &release.current; Release Notes</title>
13 <corpauthor>The &os; Project</corpauthor>
15 <pubdate>$FreeBSD$</pubdate>
28 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
31 <legalnotice id="trademarks" role="trademarks">
41 <para>The release notes for &os; &release.current; contain a summary
42 of the changes made to the &os; base system on the
43 &release.branch; development line.
44 This document lists applicable security advisories that were issued since
45 the last release, as well as significant changes to the &os;
47 Some brief remarks on upgrading are also presented.</para>
52 <title>Introduction</title>
54 <para>This document contains the release notes for &os;
56 describes recently added, changed, or deleted features of &os;.
57 It also provides some notes on upgrading
58 from previous versions of &os;.</para>
60 <![ %release.type.current [
62 <para>The &release.type; distribution to which these release notes
63 apply represents the latest point along the &release.branch; development
64 branch since &release.branch; was created. Information regarding pre-built, binary
65 &release.type; distributions along this branch
66 can be found at <ulink url="&release.url;"></ulink>.</para>
70 <![ %release.type.snapshot [
72 <para>The &release.type; distribution to which these release notes
73 apply represents a point along the &release.branch; development
74 branch between &release.prev; and the future &release.next;.
76 pre-built, binary &release.type; distributions along this branch
77 can be found at <ulink url="&release.url;"></ulink>.</para>
81 <![ %release.type.release [
83 <para>This distribution of &os; &release.current; is a
84 &release.type; distribution. It can be found at <ulink
85 url="&release.url;"></ulink> or any of its mirrors. More
86 information on obtaining this (or other) &release.type;
87 distributions of &os; can be found in the <ulink
88 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
89 &os;</quote> appendix</ulink> to the <ulink
90 url="&url.books.handbook;/">&os; Handbook</ulink>.</para>
94 <para>All users are encouraged to consult the release errata before
95 installing &os;. The errata document is updated with
96 <quote>late-breaking</quote> information discovered late in the
97 release cycle or after the release. Typically, it contains
98 information on known bugs, security advisories, and corrections to
99 documentation. An up-to-date copy of the errata for &os;
100 &release.current; can be found on the &os; Web site.</para>
104 <title>What's New</title>
106 <para>This section describes the most user-visible new or changed
107 features in &os; since &release.prev;.</para>
109 <para>Typical release note items document recent security
110 advisories issued after &release.prev;, new drivers or hardware
111 support, new commands or options, major bug fixes, or
112 contributed software upgrades. They may also list changes to
113 major ports/packages or release engineering practices. Clearly
114 the release notes cannot list every single change made to &os;
115 between releases; this document focuses primarily on security
116 advisories, user-visible changes, and major architectural
119 <sect2 id="security">
120 <title>Security Advisories</title>
122 <para>Problems described in the following security advisories have
123 been fixed. For more information, consult the individual
124 advisories available from
125 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
127 <informaltable frame="none" pgwide="0">
129 <colspec colwidth="1*">
130 <colspec colwidth="1*">
131 <colspec colwidth="3*">
134 <entry>Advisory</entry>
142 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc"
143 >SA-09:01.lukemftpd</ulink></entry>
144 <entry>07 January 2009</entry>
145 <entry><para>Cross-site request forgery in
146 &man.lukemftpd.8;</para></entry>
150 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc"
151 >SA-09:02.openssl</ulink></entry>
152 <entry>07 January 2009</entry>
153 <entry><para>OpenSSL incorrectly checks for malformed
154 signatures</para></entry>
158 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc"
159 >SA-09:03.ntpd</ulink></entry>
160 <entry>13 January 2009</entry>
161 <entry><para>ntpd cryptographic signature
162 bypass</para></entry>
166 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc"
167 >SA-09:04.bind</ulink></entry>
168 <entry>13 January 2009</entry>
169 <entry><para>BIND DNSSEC incorrect checks for
170 malformed signatures</para></entry>
174 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
175 >SA-09:05.telnetd</ulink></entry>
176 <entry>16 February 2009</entry>
177 <entry><para>telnetd code execution
178 vulnerability</para></entry>
182 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc"
183 >SA-09:06.ktimer</ulink></entry>
184 <entry>23 March 2009</entry>
185 <entry><para>Local privilege escalation</para></entry>
189 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
190 >SA-09:07.libc</ulink></entry>
191 <entry>04 April 2009</entry>
192 <entry><para>Information leak in &man.db.3;</para></entry>
196 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc"
197 >SA-09:08.openssl</ulink></entry>
198 <entry>22 April 2009</entry>
199 <entry><para>Remotely exploitable crash in
200 OpenSSL</para></entry>
208 <title>Kernel Changes</title>
210 <para>&os; DTrace subsystem now supports a probes for process execution.</para>
213 <title>Boot Loader Changes</title>
215 <para>The &man.boot.8; now supports 4-byte volume ID that
216 certain versions of Windows put into the MBR and invoking
217 PXE by pressing F6 key on some supported BIOSes.</para>
219 <para>The &man.loader.8; is now able to obtain DHCP options
220 via &man.kenv.2; variables in the case of network boot.</para>
224 <title>Hardware Support</title>
226 <para>The &man.cpuctl.4; driver, which provides a special
227 device <filename>/dev/cpuctl</filename> as an interface to
228 the system CPU and functionality to retrieve CPUID
229 information, read/write machine specific registers (MSR) and
230 perform CPU firmware updates.</para>
233 <title>Multimedia Support</title>
235 <para>The &man.agp.4; now supports Intel G4X series graphics
238 <para>The DRM, a kernel module named Direct Rendering
239 Manager that gives direct hardware access to DRI clients,
240 has been updated. Support for AMD/ATI r500 and IGP based
241 chips, XGI V3XE/V5/V8, and Intel i915 chipsets has been
244 <para>The &man.snd.hda.4; driver has been updated. Changes
245 include: multiple codec per HDA bus, multiple functional
246 gropups per codec, multiple audio devices per functional
247 group, digital (SPDIF/HDMI) audio input/output,
248 suspend/resume, and part of multichannel audio.</para>
250 <para>Note that due to added HDMI audio and logical audio
251 devices support, updated driver often provides several PCM
252 devices. In some cases it can make system default audio
253 device no longer corresponding to the users's habbitual
254 audio connectors. In such cases the default device can be
255 specified in audio application setup or defined globally
256 via <varname>hw.snd.default_unit sysctl</varname>
257 as described in the &man.sound.4; manual page.</para>
261 <title>Network Interface Support</title>
263 <para>The ciphy(4) driver now supports Vitesse VSC8211
266 <para>The &man.jme.4; driver now supports newer JMicron
267 JMC250/JMC260 revisions.</para>
269 <para>The &man.rl.4; driver has been improved. A bug which
270 prevents it from working on systems with more than 4GB
271 memory has been fixed.</para>
275 <sect3 id="net-proto">
276 <title>Network Protocols</title>
278 <para>The &man.jail.8; subsystem now supports start with a
279 specific route FIB.</para>
281 <para>The &man.ng.netflow.4; Netgraph node now supports
282 ability to generate egress netflow instead or in addition to
283 ingress. A <literal>NGM_NETFLOW_SETCONFIG</literal> control
284 message has been added to control the new functionality.</para>
288 <title>Disks and Storage</title>
290 <para>The &man.ata.4; driver now supports Marvell PATA M88SX6121.</para>
292 <para>The &man.mmc.4; and &man.mmcsd.4; driver now support MMC
293 and SDHC cards, high speed timing, wide bus, and multiblock
296 <para>The &man.sdhci.4; driver has been added. This supports
297 PCI devices with class 8 and subclass 5 accord- ing to SD Host
298 Controller Specification.</para>
300 <para>The &man.mmc.4; &man.mmcsd.4;, and &man.sdhci.4; driver
301 are now included as a kernel module.</para>
305 <title>File Systems</title>
311 <sect2 id="userland">
312 <title>Userland Changes</title>
314 <para>The &man.config.8; utility now supports
315 multiple <varname>makeoption</varname> lines.</para>
317 <para>The &man.fetch.1; utility now supports an
318 <option>-i</option> flag which supports If-Modified-Since HTTP
321 <para>The &man.fsck.8; utility now supports a
322 <option>-C</option> flag for catastriphic recovery mode, which
323 will enable certain aggressive operations that can make
324 &man.fsck.8; to survive with file systems that has very
325 serious data damage, which is an useful last resort when on
326 disk data damage is very serious and causes &man.fsck.8; to
327 crash otherwise.</para>
329 <para>A bug in the &man.ipfw.8; utility which displays extra
330 messages for a NAT rule even when a <option>-q</option> flag
333 <para>The &man.powerd.8; program has been improved. Changes
334 include reasonable CPU load estimation on SMP systems and a
335 new mode named as <literal>hiadaptive</literal> for AC-powered
336 systems which rises frequency twice faster, drops it 4 times
337 slower, prefers twice lower CPU load and has additional delay
338 before leaving the highest frequency after the period of
341 <para>The &man.strndup.3; function has been added.</para>
343 <para>A bug in the &man.rpc.yppasswdd.8; program which leaves a
344 zombie process when a password or default shell is changed has
347 <sect3 id="rc-scripts">
348 <title><filename>/etc/rc.d</filename> Scripts</title>
355 <title>Contributed Software</title>
357 <para><application>ISC BIND</application> has been updated to
358 version 9.4.3-P2.</para>
360 <para>The timezone database has been updated from
361 the <application>tzdata2008h</application> release to
362 the <application>tzdata2009f</application> release.</para>
366 <title>Ports/Packages Collection Infrastructure</title>
368 <para>A bug in the &man.pkg.create.1; which prevents the
369 <option>-n</option> flag from working has been fixed.</para>
373 <title>Release Engineering and Integration</title>
375 <para>The supported version of
376 the <application>GNOME</application> desktop environment
377 (<filename role="package">x11/gnome2</filename>) has been
378 updated from 2.22 to 2.26.</para>
380 <para>The supported version of
381 the <application>KDE</application> desktop environment has
382 been updated from 3.5.10 (<filename
383 role="package">x11/kde3</filename>) to 4.2.2 (<filename
384 role="package">x11/kde4</filename>).</para>
388 <title>Documentation</title>
395 <title>Upgrading from previous releases of &os;</title>
397 <para arch="amd64,i386">Beginning with &os; 6.2-RELEASE, binary
398 upgrades between RELEASE versions (and snapshots of the various
399 security branches) are supported using the
400 &man.freebsd-update.8; utility. The binary upgrade procedure
401 will update unmodified userland utilities, as well as unmodified
402 GENERIC or SMP kernels distributed as a part of an official &os;
403 release. The &man.freebsd-update.8; utility requires that the
404 host being upgraded have Internet connectivity.</para>
406 <para>An older form of binary upgrade is supported through the
407 <command>Upgrade</command> option from the main
408 &man.sysinstall.8; menu on CDROM distribution media. This type
409 of binary upgrade may be useful on non-&arch.i386;,
410 non-&arch.amd64; machines or on systems with no Internet
413 <para>Source-based upgrades (those based on recompiling the &os;
414 base system from source code) from previous versions are
415 supported, according to the instructions in
416 <filename>/usr/src/UPDATING</filename>.</para>
419 <para>Upgrading &os; should, of course, only be attempted after
420 backing up <emphasis>all</emphasis> data and configuration