The &os; Project $FreeBSD$ 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. This section describes the most user-visible new or changed features in &os; since &release.prev;. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Problems described in the following security advisories have been fixed. For more information, consult the individual advisories available from . Advisory Date Topic SA-09:01.lukemftpd 07 January 2009 Cross-site request forgery in &man.lukemftpd.8; SA-09:02.openssl 07 January 2009 OpenSSL incorrectly checks for malformed signatures SA-09:03.ntpd 13 January 2009 ntpd cryptographic signature bypass SA-09:04.bind 13 January 2009 BIND DNSSEC incorrect checks for malformed signatures SA-09:05.telnetd 16 February 2009 telnetd code execution vulnerability SA-09:06.ktimer 23 March 2009 Local privilege escalation SA-09:07.libc 04 April 2009 Information leak in &man.db.3; SA-09:08.openssl 22 April 2009 Remotely exploitable crash in OpenSSL &os; DTrace subsystem now supports a probes for process execution. The &man.boot.8; now supports 4-byte volume ID that certain versions of Windows put into the MBR and invoking PXE by pressing F6 key on some supported BIOSes. The &man.loader.8; is now able to obtain DHCP options via &man.kenv.2; variables in the case of network boot. The &man.cpuctl.4; driver, which provides a special device /dev/cpuctl as an interface to the system CPU and functionality to retrieve CPUID information, read/write machine specific registers (MSR) and perform CPU firmware updates. The &man.agp.4; now supports Intel G4X series graphics chipsets. The DRM, a kernel module named Direct Rendering Manager that gives direct hardware access to DRI clients, has been updated. Support for AMD/ATI r500 and IGP based chips, XGI V3XE/V5/V8, and Intel i915 chipsets has been improved. The &man.snd.hda.4; driver has been updated. Changes include: multiple codec per HDA bus, multiple functional gropups per codec, multiple audio devices per functional group, digital (SPDIF/HDMI) audio input/output, suspend/resume, and part of multichannel audio. Note that due to added HDMI audio and logical audio devices support, updated driver often provides several PCM devices. In some cases it can make system default audio device no longer corresponding to the users's habbitual audio connectors. In such cases the default device can be specified in audio application setup or defined globally via hw.snd.default_unit sysctl as described in the &man.sound.4; manual page. The ciphy(4) driver now supports Vitesse VSC8211 PHY. The &man.jme.4; driver now supports newer JMicron JMC250/JMC260 revisions. The &man.rl.4; driver has been improved. A bug which prevents it from working on systems with more than 4GB memory has been fixed. The &man.jail.8; subsystem now supports start with a specific route FIB. The &man.ng.netflow.4; Netgraph node now supports ability to generate egress netflow instead or in addition to ingress. A NGM_NETFLOW_SETCONFIG control message has been added to control the new functionality. The &man.ata.4; driver now supports Marvell PATA M88SX6121. The &man.mmc.4; and &man.mmcsd.4; driver now support MMC and SDHC cards, high speed timing, wide bus, and multiblock transfers. The &man.sdhci.4; driver has been added. This supports PCI devices with class 8 and subclass 5 accord- ing to SD Host Controller Specification. The &man.mmc.4; &man.mmcsd.4;, and &man.sdhci.4; driver are now included as a kernel module. The &man.config.8; utility now supports multiple makeoption lines. The &man.fetch.1; utility now supports an -i flag which supports If-Modified-Since HTTP request. The &man.fsck.8; utility now supports a -C flag for catastriphic recovery mode, which will enable certain aggressive operations that can make &man.fsck.8; to survive with file systems that has very serious data damage, which is an useful last resort when on disk data damage is very serious and causes &man.fsck.8; to crash otherwise. A bug in the &man.ipfw.8; utility which displays extra messages for a NAT rule even when a -q flag is specified. The &man.powerd.8; program has been improved. Changes include reasonable CPU load estimation on SMP systems and a new mode named as hiadaptive for AC-powered systems which rises frequency twice faster, drops it 4 times slower, prefers twice lower CPU load and has additional delay before leaving the highest frequency after the period of maximum load. The &man.strndup.3; function has been added. A bug in the &man.rpc.yppasswdd.8; program which leaves a zombie process when a password or default shell is changed has been fixed. ISC BIND has been updated to version 9.4.3-P2. The timezone database has been updated from the tzdata2008h release to the tzdata2009f release. A bug in the &man.pkg.create.1; which prevents the -n flag from working has been fixed. The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.22 to 2.26. The supported version of the KDE desktop environment has been updated from 3.5.10 (x11/kde3) to 4.2.2 (x11/kde4). Beginning with &os; 6.2-RELEASE, binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC or SMP kernels distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded have Internet connectivity. An older form of binary upgrade is supported through the Upgrade option from the main &man.sysinstall.8; menu on CDROM distribution media. This type of binary upgrade may be useful on non-&arch.i386;, non-&arch.amd64; machines or on systems with no Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.