Fix BIND named(8) cache poisoning with DNSSEC validation.

[FreeBSD/releng/8.0.git] / UPDATING

Updating Information for FreeBSD current users

This file is maintained and copyrighted by M. Warner Losh
<imp@village.org>.  See end of file for further details.  For commonly
done items, please see the COMMON ITEMS: section later in the file.

Items affecting the ports and packages system can be found in
/usr/ports/UPDATING.  Please read that file before running
portupgrade.

NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.x IS SLOW ON IA64 OR SUN4V:
        For ia64 the INVARIANTS and INVARIANT_SUPPORT kernel options
        were left in the GENERIC kernel because the kernel does not
        work properly without them.  For sun4v all of the normal kernel
        debugging tools present in HEAD were left in place because
        sun4v support still needs work to become production ready.

20100106:       p2      FreeBSD-SA-10:01.bind, FreeBSD-SA-10:02.ntpd,
                        FreeBSD-SA-10:03.zfs, FreeBSD-EN-10:01.freebsd
        Fix BIND named(8) cache poisoning with DNSSEC validation.
        [SA-10:01]

        Fix ntpd mode 7 denial of service. [SA-10:02]

        Fix ZFS ZIL playback with insecure permissions. [SA-10:03]

        Various FreeBSD 8.0-RELEASE improvements. [EN-10:01]

20091203:       p1      FreeBSD-SA-09:15.ssl, FreeBSD-SA-09:16.rtld,
                        FreeBSD-SA-09:17.freebsd-update
        Disable SSL renegotiation in order to protect against a serious
        protocol flaw. [09:15]

        Correctly handle failures from unsetenv resulting from a corrupt
        environment in rtld-elf. [09:16]

        Fix permissions in freebsd-update in order to prevent leakage of
        sensitive files. [09:17]

20091125:
        8.0-RELEASE.

20090929:
        802.11s D3.03 support was committed. This is incompatible with
        the previous code, which was based on D3.0.

20090915:
        ZFS snapshots are now mounted with MNT_IGNORE flag. Use -v option for
        mount(8) and -a option for df(1) to see them.

20090813:
        Remove the option STOP_NMI.  The default action is now to use NMI
        only for KDB via the newly introduced function stop_cpus_hard()
        and maintain stop_cpus() to just use a normal IPI_STOP on ia32
        and amd64.

20090803:
        RELENG_8 branched.

20090719:
        Bump the shared library version numbers for all libraries that
        do not use symbol versioning as part of the 8.0-RELEASE cycle.
        Bump __FreeBSD_version to 800105.

20090714:
        Due to changes in the implementation of virtual network stack
        support, all network-related kernel modules must be recompiled.
        As this change breaks the ABI, bump __FreeBSD_version to 800104.

20090713:
        The TOE interface to the TCP syncache has been modified to remove struct
        tcpopt (<netinet/tcp_var.h>) from the ABI of the network stack.  The
        cxgb driver is the only TOE consumer affected by this change, and needs
        to be recompiled along with the kernel. As this change breaks the ABI,
        bump __FreeBSD_version to 800103.

20090712:
        Padding has been added to struct tcpcb, sackhint and tcpstat in
        <netinet/tcp_var.h> to facilitate future MFCs and bug fixes whilst
        maintainig the ABI. However, this change breaks the ABI, so bump
        __FreeBSD_version to 800102. User space tools that rely on the size of
        any of these structs (e.g. sockstat) need to be recompiled.

20090630:
        The NFS_LEGACYRPC option has been removed along with the old
        kernel RPC implementation that this option selected. Kernel
        configurations may need to be adjusted.

20090629:
        The network interface device nodes at /dev/net/<interface> have
        been removed.  All ioctl operations can be performed the normal
        way using routing sockets.  The kqueue functionality can
        generally be replaced with routing sockets.

20090628:
        The documentation from the FreeBSD Documentation Project
        (Handbook, FAQ, etc.) is now installed via packages by
        sysinstall(8) and under the /usr/local/share/doc/freebsd
        directory instead of /usr/share/doc.

20090624:
        The ABI of various structures related to the SYSV IPC API have
        been changed.  As a result, the COMPAT_FREEBSD[456] and COMPAT_43
        kernel options now all require COMPAT_FREEBSD7.
        Bump __FreeBSD_version to 800100.

20090622:
        Layout of struct vnet has changed as routing related variables
        were moved to their own Vimage module. Modules need to be
        recompiled.  Bump __FreeBSD_version to 800099.

20090619:
        NGROUPS_MAX and NGROUPS have been increased from 16 to 1023
        and 1024 respectively.  As long as no more than 16 groups per
        process are used, no changes should be visible.  When more
        than 16 groups are used, old binaries may fail if they call
        getgroups() or getgrouplist() with statically sized storage.
        Recompiling will work around this, but applications should be
        modified to use dynamically allocated storage for group arrays
        as POSIX.1-2008 does not cap an implementation's number of
        supported groups at NGROUPS_MAX+1 as previous versions did.

        NFS and portalfs mounts may also be affected as the list of
        groups is truncated to 16.  Users of NFS who use more than 16
        groups, should take care that negative group permissions are not
        used on the exported file systems as they will not be reliable
        unless a GSSAPI based authentication method is used.

20090616:
        The compiling option ADAPTIVE_LOCKMGRS has been introduced.
        This option compiles in the support for adaptive spinning for lockmgrs
        which want to enable it.  The lockinit() function now accepts the
        flag LK_ADAPTIVE in order to make the lock object subject to
        adaptive spinning when both held in write and read mode.

20090613:
        The layout of the structure returned by IEEE80211_IOC_STA_INFO
        has changed.  User applications that use this ioctl need to be
        rebuilt.

20090611:
        The layout of struct thread has changed.  Kernel and modules
        need to be rebuilt.

20090608:
        The layout of structs ifnet, domain, protosw and vnet_net has
        changed.  Kernel modules need to be rebuilt.
        Bump __FreeBSD_version to 800097.

20090602:
        window(1) has been removed from the base system. It can now be
        installed from ports. The port is called misc/window.

20090601:
        The way we are storing and accessing `routing table' entries
        has changed. Programs reading the FIB, like netstat, need to
        be re-compiled.

20090601:
        A new netisr implementation has been added for FreeBSD 8.  Network
        file system modules, such as igmp, ipdivert, and others, should be
        rebuilt.
        Bump __FreeBSD_version to 800096.

20090530:
        Remove the tunable/sysctl debug.mpsafevfs as its initial purpose
        is no more valid.

20090530:
        Add VOP_ACCESSX(9).  File system modules need to be rebuilt.
        Bump __FreeBSD_version to 800094.

20090529:
        Add mnt_xflag field to 'struct mount'.  File system modules
        need to be rebuilt.
        Bump __FreeBSD_version to 800093.

20090528:
        The compiling option ADAPTIVE_SX has been retired while it has been
        introduced the option NO_ADAPTIVE_SX which handles the reversed logic.
        The KPI for sx_init_flags() changes as accepting flags:
        SX_ADAPTIVESPIN flag has been retired while the SX_NOADAPTIVE flag
        has been introduced in order to handle the reversed logic.
        Bump __FreeBSD_version to 800092.

20090527:
        Add support for hierarchical jails.  Remove global securelevel.
        Bump __FreeBSD_version to 800091.

20090523:
        The layout of struct vnet_net has changed, therefore modules
        need to be rebuilt.
        Bump __FreeBSD_version to 800090.

20090523:
        The newly imported zic(8) produces a new format in the
        output. Please run tzsetup(8) to install the newly created
        data to /etc/localtime.

20090520:
        The sysctl tree for the usb stack has renamed from hw.usb2.* to
        hw.usb.* and is now consistent again with previous releases.

20090520:
        802.11 monitor mode support was revised and driver api's
        were changed.  Drivers dependent on net80211 now support
        DLT_IEEE802_11_RADIO instead of DLT_IEEE802_11.  No
        user-visible data structures were changed but applications
        that use DLT_IEEE802_11 may require changes.
        Bump __FreeBSD_version to 800088.

20090430:
        The layout of the following structs has changed: sysctl_oid,
        socket, ifnet, inpcbinfo, tcpcb, syncache_head, vnet_inet,
        vnet_inet6 and vnet_ipfw.  Most modules need to be rebuild or
        panics may be experienced.  World rebuild is required for
        correctly checking networking state from userland.
        Bump __FreeBSD_version to 800085.

20090429:
        MLDv2 and Source-Specific Multicast (SSM) have been merged
        to the IPv6 stack. VIMAGE hooks are in but not yet used.
        The implementation of SSM within FreeBSD's IPv6 stack closely
        follows the IPv4 implementation.

        For kernel developers:

        * The most important changes are that the ip6_output() and
          ip6_input() paths no longer take the IN6_MULTI_LOCK,
          and this lock has been downgraded to a non-recursive mutex.

        * As with the changes to the IPv4 stack to support SSM, filtering
          of inbound multicast traffic must now be performed by transport
          protocols within the IPv6 stack. This does not apply to TCP and
          SCTP, however, it does apply to UDP in IPv6 and raw IPv6.

        * The KPIs used by IPv6 multicast are similar to those used by
          the IPv4 stack, with the following differences:
           * im6o_mc_filter() is analogous to imo_multicast_filter().
           * The legacy KAME entry points in6_joingroup and in6_leavegroup()
             are shimmed to in6_mc_join() and in6_mc_leave() respectively.
           * IN6_LOOKUP_MULTI() has been deprecated and removed.
           * IPv6 relies on MLD for the DAD mechanism. KAME's internal KPIs
             for MLDv1 have an additional 'timer' argument which is used to
             jitter the initial membership report for the solicited-node
             multicast membership on-link.
           * This is not strictly needed for MLDv2, which already jitters
             its report transmissions.  However, the 'timer' argument is
             preserved in case MLDv1 is active on the interface.

        * The KAME linked-list based IPv6 membership implementation has
          been refactored to use a vector similar to that used by the IPv4
          stack.
          Code which maintains a list of its own multicast memberships
          internally, e.g. carp, has been updated to reflect the new
          semantics.

        * There is a known Lock Order Reversal (LOR) due to in6_setscope()
          acquiring the IF_AFDATA_LOCK and being called within ip6_output().
          Whilst MLDv2 tries to avoid this otherwise benign LOR, it is an
          implementation constraint which needs to be addressed in HEAD.

        For application developers:

        * The changes are broadly similar to those made for the IPv4
          stack.

        * The use of IPv4 and IPv6 multicast socket options on the same
          socket, using mapped addresses, HAS NOT been tested or supported.

        * There are a number of issues with the implementation of various
          IPv6 multicast APIs which need to be resolved in the API surface
          before the implementation is fully compatible with KAME userland
          use, and these are mostly to do with interface index treatment.

        * The literature available discusses the use of either the delta / ASM
          API with setsockopt(2)/getsockopt(2), or the full-state / ASM API
          using setsourcefilter(3)/getsourcefilter(3). For more information
          please refer to RFC 3768, 'Socket Interface Extensions for
          Multicast Source Filters'.

        * Applications which use the published RFC 3678 APIs should be fine.

        For systems administrators:

        * The mtest(8) utility has been refactored to support IPv6, in
          addition to IPv4. Interface addresses are no longer accepted
          as arguments, their names must be used instead. The utility
          will map the interface name to its first IPv4 address as
          returned by getifaddrs(3).

        * The ifmcstat(8) utility has also been updated to print the MLDv2
          endpoint state and source filter lists via sysctl(3).

        * The net.inet6.ip6.mcast.loop sysctl may be tuned to 0 to disable
          loopback of IPv6 multicast datagrams by default; it defaults to 1
          to preserve the existing behaviour. Disabling multicast loopback is
          recommended for optimal system performance.

        * The IPv6 MROUTING code has been changed to examine this sysctl
          instead of attempting to perform a group lookup before looping
          back forwarded datagrams.

        Bump __FreeBSD_version to 800084.

20090422:
        Implement low-level Bluetooth HCI API.
        Bump __FreeBSD_version to 800083.

20090419:
        The layout of struct malloc_type, used by modules to register new
        memory allocation types, has changed.  Most modules will need to
        be rebuilt or panics may be experienced.
        Bump __FreeBSD_version to 800081.

20090415:
        Anticipate overflowing inp_flags - add inp_flags2.
        This changes most offsets in inpcb, so checking v4 connection
        state will require a world rebuild.
        Bump __FreeBSD_version to 800080.

20090415:
        Add an llentry to struct route and struct route_in6. Modules
        embedding a struct route will need to be recompiled.
        Bump __FreeBSD_version to 800079.

20090414:
        The size of rt_metrics_lite and by extension rtentry has changed.
        Networking administration apps will need to be recompiled.
        The route command now supports show as an alias for get, weighting
        of routes, sticky and nostick flags to alter the behavior of stateful
        load balancing.
        Bump __FreeBSD_version to 800078.

20090408:
        Do not use Giant for kbdmux(4) locking. This is wrong and
        apparently causing more problems than it solves. This will
        re-open the issue where interrupt handlers may race with
        kbdmux(4) in polling mode. Typical symptoms include (but
        not limited to) duplicated and/or missing characters when
        low level console functions (such as gets) are used while
        interrupts are enabled (for example geli password prompt,
        mountroot prompt etc.). Disabling kbdmux(4) may help.

20090407:
        The size of structs vnet_net, vnet_inet and vnet_ipfw has changed;
        kernel modules referencing any of the above need to be recompiled.
        Bump __FreeBSD_version to 800075.

20090320:
        GEOM_PART has become the default partition slicer for storage devices,
        replacing GEOM_MBR, GEOM_BSD, GEOM_PC98 and GEOM_GPT slicers. It
        introduces some changes:

        MSDOS/EBR: the devices created from MSDOS extended partition entries
        (EBR) can be named differently than with GEOM_MBR and are now symlinks
        to devices with offset-based names. fstabs may need to be modified.

        BSD: the "geometry does not match label" warning is harmless in most
        cases but it points to problems in file system misalignment with
        disk geometry. The "c" partition is now implicit, covers the whole
        top-level drive and cannot be (mis)used by users.

        General: Kernel dumps are now not allowed to be written to devices
        whose partition types indicate they are meant to be used for file
        systems (or, in case of MSDOS partitions, as something else than
        the "386BSD" type).

        Most of these changes date approximately from 200812.

20090319:
        The uscanner(4) driver has been removed from the kernel. This follows
        Linux removing theirs in 2.6 and making libusb the default interface
        (supported by sane).

20090319:
        The multicast forwarding code has been cleaned up. netstat(1)
        only relies on KVM now for printing bandwidth upcall meters.
        The IPv4 and IPv6 modules are split into ip_mroute_mod and
        ip6_mroute_mod respectively. The config(5) options for statically
        compiling this code remain the same, i.e. 'options MROUTING'.

20090315:
        Support for the IFF_NEEDSGIANT network interface flag has been
        removed, which means that non-MPSAFE network device drivers are no
        longer supported.  In particular, if_ar, if_sr, and network device
        drivers from the old (legacy) USB stack can no longer be built or
        used.

20090313:
        POSIX.1 Native Language Support (NLS) has been enabled in libc and
        a bunch of new language catalog files have also been added.
        This means that some common libc messages are now localized and
        they depend on the LC_MESSAGES environmental variable.

20090313:
        The k8temp(4) driver has been renamed to amdtemp(4) since
        support for K10 and K11 CPU families was added.

20090309:
        IGMPv3 and Source-Specific Multicast (SSM) have been merged
        to the IPv4 stack. VIMAGE hooks are in but not yet used.

        For kernel developers, the most important changes are that the
        ip_output() and ip_input() paths no longer take the IN_MULTI_LOCK(),
        and this lock has been downgraded to a non-recursive mutex.

        Transport protocols (UDP, Raw IP) are now responsible for filtering
        inbound multicast traffic according to group membership and source
        filters. The imo_multicast_filter() KPI exists for this purpose.
        Transports which do not use multicast (SCTP, TCP) already reject
        multicast by default. Forwarding and receive performance may improve
        as a mutex acquisition is no longer needed in the ip_input()
        low-level input path.  in_addmulti() and in_delmulti() are shimmed
        to new KPIs which exist to support SSM in-kernel.

        For application developers, it is recommended that loopback of
        multicast datagrams be disabled for best performance, as this
        will still cause the lock to be taken for each looped-back
        datagram transmission. The net.inet.ip.mcast.loop sysctl may
        be tuned to 0 to disable loopback by default; it defaults to 1
        to preserve the existing behaviour.

        For systems administrators, to obtain best performance with
        multicast reception and multiple groups, it is always recommended
        that a card with a suitably precise hash filter is used. Hash
        collisions will still result in the lock being taken within the
        transport protocol input path to check group membership.

        If deploying FreeBSD in an environment with IGMP snooping switches,
        it is recommended that the net.inet.igmp.sendlocal sysctl remain
        enabled; this forces 224.0.0.0/24 group membership to be announced
        via IGMP.

        The size of 'struct igmpstat' has changed; netstat needs to be
        recompiled to reflect this.
        Bump __FreeBSD_version to 800070.

20090309:
        libusb20.so.1 is now installed as libusb.so.1 and the ports system
        updated to use it. This requires a buildworld/installworld in order to
        update the library and dependencies (usbconfig, etc). Its advisable to
        rebuild all ports which uses libusb. More specific directions are given
        in the ports collection UPDATING file. Any /etc/libmap.conf entries for
        libusb are no longer required and can be removed.

20090302:
        A workaround is committed to allow the creation of System V shared
        memory segment of size > 2 GB on the 64-bit architectures.
        Due to a limitation of the existing ABI, the shm_segsz member
        of the struct shmid_ds, returned by shmctl(IPC_STAT) call is
        wrong for large segments. Note that limits must be explicitly
        raised to allow such segments to be created.

20090301:
        The layout of struct ifnet has changed, requiring a rebuild of all
        network device driver modules.

20090227:
        The /dev handling for the new USB stack has changed, a
        buildworld/installworld is required for libusb20.

20090223:
        The new USB2 stack has now been permanently moved in and all kernel and
        module names reverted to their previous values (eg, usb, ehci, ohci,
        ums, ...).  The old usb stack can be compiled in by prefixing the name
        with the letter 'o', the old usb modules have been removed.
        Updating entry 20090216 for xorg and 20090215 for libmap may still
        apply.

20090217:
        The rc.conf(5) option if_up_delay has been renamed to
        defaultroute_delay to better reflect its purpose. If you have
        customized this setting in /etc/rc.conf you need to update it to
        use the new name.

20090216:
        xorg 7.4 wants to configure its input devices via hald which does not
        yet work with USB2. If the keyboard/mouse does not work in xorg then
        add
                Option "AllowEmptyInput" "off"
        to your ServerLayout section.  This will cause X to use the configured
        kbd and mouse sections from your xorg.conf.

20090215:
        The GENERIC kernels for all architectures now default to the new USB2
        stack. No kernel config options or code have been removed so if a
        problem arises please report it and optionally revert to the old USB
        stack. If you are loading USB kernel modules or have a custom kernel
        that includes GENERIC then ensure that usb names are also changed over,
        eg uftdi -> usb2_serial_ftdi.

        Older programs linked against the ports libusb 0.1 need to be
        redirected to the new stack's libusb20.  /etc/libmap.conf can
        be used for this:
                # Map old usb library to new one for usb2 stack
                libusb-0.1.so.8 libusb20.so.1

20090203:
        The ichsmb(4) driver has been changed to require SMBus slave
        addresses be left-justified (xxxxxxx0b) rather than right-justified.
        All of the other SMBus controller drivers require left-justified
        slave addresses, so this change makes all the drivers provide the
        same interface.

20090201:
        INET6 statistics (struct ip6stat) was updated.
        netstat(1) needs to be recompiled.

20090119:
        NTFS has been removed from GENERIC kernel on amd64 to match
        GENERIC on i386. Should not cause any issues since mount_ntfs(8)
        will load ntfs.ko module automatically when NTFS support is
        actually needed, unless ntfs.ko is not installed or security
        level prohibits loading kernel modules. If either is the case,
        "options NTFS" has to be added into kernel config.

20090115:
        TCP Appropriate Byte Counting (RFC 3465) support added to kernel.
        New field in struct tcpcb breaks ABI, so bump __FreeBSD_version to
        800061. User space tools that rely on the size of struct tcpcb in
        tcp_var.h (e.g. sockstat) need to be recompiled.

20081225:
        ng_tty(4) module updated to match the new TTY subsystem.
        Due to API change, user-level applications must be updated.
        New API support added to mpd5 CVS and expected to be present
        in next mpd5.3 release.

20081219:
        With __FreeBSD_version 800060 the makefs tool is part of
        the base system (it was a port).

20081216:
        The afdata and ifnet locks have been changed from mutexes to
        rwlocks, network modules will need to be re-compiled.

20081214:
        __FreeBSD_version 800059 incorporates the new arp-v2 rewrite.
        RTF_CLONING, RTF_LLINFO and RTF_WASCLONED flags are eliminated.
        The new code reduced struct rtentry{} by 16 bytes on 32-bit
        architecture and 40 bytes on 64-bit architecture. The userland
        applications "arp" and "ndp" have been updated accordingly.
        The output from "netstat -r" shows only routing entries and
        none of the L2 information.

20081130:
        __FreeBSD_version 800057 marks the switchover from the
        binary ath hal to source code. Users must add the line:

        options AH_SUPPORT_AR5416

        to their kernel config files when specifying:

        device  ath_hal

        The ath_hal module no longer exists; the code is now compiled
        together with the driver in the ath module.  It is now
        possible to tailor chip support (i.e. reduce the set of chips
        and thereby the code size); consult ath_hal(4) for details.

20081121:
        __FreeBSD_version 800054 adds memory barriers to
        <machine/atomic.h>, new interfaces to ifnet to facilitate
        multiple hardware transmit queues for cards that support
        them, and a lock-less ring-buffer implementation to
        enable drivers to more efficiently manage queueing of
        packets.

20081117:
        A new version of ZFS (version 13) has been merged to -HEAD.
        This version has zpool attribute "listsnapshots" off by
        default, which means "zfs list" does not show snapshots,
        and is the same as Solaris behavior.

20081028:
        dummynet(4) ABI has changed. ipfw(8) needs to be recompiled.

20081009:
        The uhci, ohci, ehci and slhci USB Host controller drivers have
        been put into separate modules. If you load the usb module
        separately through loader.conf you will need to load the
        appropriate *hci module as well. E.g. for a UHCI-based USB 2.0
        controller add the following to loader.conf:

                uhci_load="YES"
                ehci_load="YES"

20081009:
        The ABI used by the PMC toolset has changed.  Please keep
        userland (libpmc(3)) and the kernel module (hwpmc(4)) in
        sync.

20081009:
        atapci kernel module now includes only generic PCI ATA
        driver. AHCI driver moved to ataahci kernel module.
        All vendor-specific code moved into separate kernel modules:
        ataacard, ataacerlabs, ataadaptec, ataamd, ataati, atacenatek,
        atacypress, atacyrix, atahighpoint, ataintel, ataite, atajmicron,
        atamarvell, atamicron, atanational, atanetcell, atanvidia,
        atapromise, ataserverworks, atasiliconimage, atasis, atavia

20080820:
        The TTY subsystem of the kernel has been replaced by a new
        implementation, which provides better scalability and an
        improved driver model. Most common drivers have been migrated to
        the new TTY subsystem, while others have not. The following
        drivers have not yet been ported to the new TTY layer:

        PCI/ISA:
                cy, digi, rc, rp, sio

        USB:
                ubser, ucycom

        Line disciplines:
                ng_h4, ng_tty, ppp, sl, snp

        Adding these drivers to your kernel configuration file shall
        cause compilation to fail.

20080818:
        ntpd has been upgraded to 4.2.4p5.

20080801:
        OpenSSH has been upgraded to 5.1p1.

        For many years, FreeBSD's version of OpenSSH preferred DSA
        over RSA for host and user authentication keys.  With this
        upgrade, we've switched to the vendor's default of RSA over
        DSA.  This may cause upgraded clients to warn about unknown
        host keys even for previously known hosts.  Users should
        follow the usual procedure for verifying host keys before
        accepting the RSA key.

        This can be circumvented by setting the "HostKeyAlgorithms"
        option to "ssh-dss,ssh-rsa" in ~/.ssh/config or on the ssh
        command line.

        Please note that the sequence of keys offered for
        authentication has been changed as well.  You may want to
        specify IdentityFile in a different order to revert this
        behavior.

20080713:
        The sio(4) driver has been removed from the i386 and amd64
        kernel configuration files. This means uart(4) is now the
        default serial port driver on those platforms as well.

        To prevent collisions with the sio(4) driver, the uart(4) driver
        uses different names for its device nodes. This means the
        onboard serial port will now most likely be called "ttyu0"
        instead of "ttyd0". You may need to reconfigure applications to
        use the new device names.

        When using the serial port as a boot console, be sure to update
        /boot/device.hints and /etc/ttys before booting the new kernel.
        If you forget to do so, you can still manually specify the hints
        at the loader prompt:

                set hint.uart.0.at="isa"
                set hint.uart.0.port="0x3F8"
                set hint.uart.0.flags="0x10"
                set hint.uart.0.irq="4"
                boot -s

20080609:
        The gpt(8) utility has been removed. Use gpart(8) to partition
        disks instead.

20080603:
        The version that Linuxulator emulates was changed from 2.4.2
        to 2.6.16. If you experience any problems with Linux binaries
        please try to set sysctl compat.linux.osrelease to 2.4.2 and
        if it fixes the problem contact emulation mailing list.

20080525:
        ISDN4BSD (I4B) was removed from the src tree. You may need to
        update a your kernel configuration and remove relevant entries.

20080509:
        I have checked in code to support multiple routing tables.
        See the man pages setfib(1) and setfib(2).
        This is a hopefully backwards compatible version,
        but to make use of it you need to compile your kernel
        with options ROUTETABLES=2 (or more up to 16).

20080420:
        The 802.11 wireless support was redone to enable multi-bss
        operation on devices that are capable.  The underlying device
        is no longer used directly but instead wlanX devices are
        cloned with ifconfig.  This requires changes to rc.conf files.
        For example, change:
                ifconfig_ath0="WPA DHCP"
        to
                wlans_ath0=wlan0
                ifconfig_wlan0="WPA DHCP"
        see rc.conf(5) for more details.  In addition, mergemaster of
        /etc/rc.d is highly recommended.  Simultaneous update of userland
        and kernel wouldn't hurt either.

        As part of the multi-bss changes the wlan_scan_ap and wlan_scan_sta
        modules were merged into the base wlan module.  All references
        to these modules (e.g. in kernel config files) must be removed.

20080408:
        psm(4) has gained write(2) support in native operation level.
        Arbitrary commands can be written to /dev/psm%d and status can
        be read back from it.  Therefore, an application is responsible
        for status validation and error recovery.  It is a no-op in
        other operation levels.

20080312:
        Support for KSE threading has been removed from the kernel.  To
        run legacy applications linked against KSE libmap.conf may
        be used.  The following libmap.conf may be used to ensure
        compatibility with any prior release:

        libpthread.so.1 libthr.so.1
        libpthread.so.2 libthr.so.2
        libkse.so.3 libthr.so.3

20080301:
        The layout of struct vmspace has changed. This affects libkvm
        and any executables that link against libkvm and use the
        kvm_getprocs() function. In particular, but not exclusively,
        it affects ps(1), fstat(1), pkill(1), systat(1), top(1) and w(1).
        The effects are minimal, but it's advisable to upgrade world
        nonetheless.

20080229:
        The latest em driver no longer has support in it for the
        82575 adapter, this is now moved to the igb driver. The
        split was done to make new features that are incompatible
        with older hardware easier to do.

20080220:
        The new geom_lvm(4) geom class has been renamed to geom_linux_lvm(4),
        likewise the kernel option is now GEOM_LINUX_LVM.

20080211:
        The default NFS mount mode has changed from UDP to TCP for
        increased reliability.  If you rely on (insecurely) NFS
        mounting across a firewall you may need to update your
        firewall rules.

20080208:
        Belatedly note the addition of m_collapse for compacting
        mbuf chains.

20080126:
        The fts(3) structures have been changed to use adequate
        integer types for their members and so to be able to cope
        with huge file trees.  The old fts(3) ABI is preserved
        through symbol versioning in libc, so third-party binaries
        using fts(3) should still work, although they will not take
        advantage of the extended types.  At the same time, some
        third-party software might fail to build after this change
        due to unportable assumptions made in its source code about
        fts(3) structure members.  Such software should be fixed
        by its vendor or, in the worst case, in the ports tree.
        FreeBSD_version 800015 marks this change for the unlikely
        case that a portable fix is impossible.

20080123:
        To upgrade to -current after this date, you must be running
        FreeBSD not older than 6.0-RELEASE.  Upgrading to -current
        from 5.x now requires a stop over at RELENG_6 or RELENG_7 systems.

20071128:
        The ADAPTIVE_GIANT kernel option has been retired because its
        functionality is the default now.

20071118:
        The AT keyboard emulation of sunkbd(4) has been turned on
        by default. In order to make the special symbols of the Sun
        keyboards driven by sunkbd(4) work under X these now have
        to be configured the same way as Sun USB keyboards driven
        by ukbd(4) (which also does AT keyboard emulation), f.e.:

        Option  "XkbLayout" "us"
        Option  "XkbRules" "xorg"
        Option  "XkbSymbols" "pc(pc105)+sun_vndr/usb(sun_usb)+us"

20071024:
        It has been decided that it is desirable to provide ABI
        backwards compatibility to the FreeBSD 4/5/6 versions of the
        PCIOCGETCONF, PCIOCREAD and PCIOCWRITE IOCTLs, which was
        broken with the introduction of PCI domain support (see the
        20070930 entry). Unfortunately, this required the ABI of
        PCIOCGETCONF to be broken again in order to be able to
        provide backwards compatibility to the old version of that
        IOCTL. Thus consumers of PCIOCGETCONF have to be recompiled
        again. As for prominent ports this affects neither pciutils
        nor xorg-server this time, the hal port needs to be rebuilt
        however.

20071020:
        The misnamed kthread_create() and friends have been renamed
        to kproc_create() etc. Many of the callers already
        used kproc_start()..
        I will return kthread_create() and friends in a while
        with implementations that actually create threads, not procs.
        Renaming corresponds with version 800002.

20071010:
        RELENG_7 branched.

20071009:
        Setting WITHOUT_LIBPTHREAD now means WITHOUT_LIBKSE and
        WITHOUT_LIBTHR are set.

20070930:
        The PCI code has been made aware of PCI domains. This means that
        the location strings as used by pciconf(8) etc are now in the
        following format: pci<domain>:<bus>:<device>[:<function>]. It
        also means that consumers of <sys/pciio.h> potentially need to
        be recompiled; this includes the hal and xorg-server ports.

20070928:
        The caching daemon (cached) was renamed to nscd. nscd.conf
        configuration file should be used instead of cached.conf and
        nscd_enable, nscd_pidfile and nscd_flags options should be used
        instead of cached_enable, cached_pidfile and cached_flags in
        rc.conf.

20070921:
        The getfacl(1) utility now prints owning user and group name
        instead of owning uid and gid in the three line comment header.
        This is the same behavior as getfacl(1) on Solaris and Linux.

20070704:
        The new IPsec code is now compiled in using the IPSEC option.  The
        IPSEC option now requires "device crypto" be defined in your kernel
        configuration.  The FAST_IPSEC kernel option is now deprecated.

20070702:
        The packet filter (pf) code has been updated to OpenBSD 4.1 Please
        note the changed syntax - keep state is now on by default.  Also
        note the fact that ftp-proxy(8) has been changed from bottom up and
        has been moved from libexec to usr/sbin.  Changes in the ALTQ
        handling also affect users of IPFW's ALTQ capabilities.

20070701:
        Remove KAME IPsec in favor of FAST_IPSEC, which is now the
        only IPsec supported by FreeBSD.  The new IPsec stack
        supports both IPv4 and IPv6. The kernel option will change
        after the code changes have settled in.  For now the kernel
        option IPSEC is deprecated and FAST_IPSEC is the only option, that
        will change after some settling time.

20070701:
        The wicontrol(8) utility has been removed from the base system. wi(4)
        cards should be configured using ifconfig(8), see the man page for more
        information.

20070612:
        The i386/amd64 GENERIC kernel now defaults to the nfe(4) driver
        instead of the nve(4) driver. Please update your configuration
        accordingly.

20070612:
        By default, /etc/rc.d/sendmail no longer rebuilds the aliases
        database if it is missing or older than the aliases file.  If
        desired, set the new rc.conf option sendmail_rebuild_aliases
        to "YES" to restore that functionality.

20070612:
        The IPv4 multicast socket code has been considerably modified, and
        moved to the file sys/netinet/in_mcast.c. Initial support for the
        RFC 3678 Source-Specific Multicast Socket API has been added to
        the IPv4 network stack.

        Strict multicast and broadcast reception is now the default for
        UDP/IPv4 sockets; the net.inet.udp.strict_mcast_mship sysctl variable
        has now been removed.

        The RFC 1724 hack for interface selection has been removed; the use
        of the Linux-derived ip_mreqn structure with IP_MULTICAST_IF has
        been added to replace it. Consumers such as routed will soon be
        updated to reflect this.

        These changes affect users who are running routed(8) or rdisc(8)
        from the FreeBSD base system on point-to-point or unnumbered
        interfaces.

20070610:
        The net80211 layer has changed significantly and all wireless
        drivers that depend on it need to be recompiled.  Further these
        changes require that any program that interacts with the wireless
        support in the kernel be recompiled; this includes: ifconfig,
        wpa_supplicant, hostapd, and wlanstats.  Users must also, for
        the moment, kldload the wlan_scan_sta and/or wlan_scan_ap modules
        if they use modules for wireless support.  These modules implement
        scanning support for station and ap modes, respectively.  Failure
        to load the appropriate module before marking a wireless interface
        up will result in a message to the console and the device not
        operating properly.

20070610:
        The pam_nologin(8) module ceases to provide an authentication
        function and starts providing an account management function.
        Consequent changes to /etc/pam.d should be brought in using
        mergemaster(8).  Third-party files in /usr/local/etc/pam.d may
        need manual editing as follows.  Locate this line (or similar):

                auth    required        pam_nologin.so  no_warn

        and change it according to this example:

                account required        pam_nologin.so  no_warn

        That is, the first word needs to be changed from "auth" to
        "account".  The new line can be moved to the account section
        within the file for clarity.  Not updating pam.conf(5) files
        will result in nologin(5) ignored by the respective services.

20070529:
        The ether_ioctl() function has been synchronized with ioctl(2)
        and ifnet.if_ioctl.  Due to that, the size of one of its arguments
        has changed on 64-bit architectures.  All kernel modules using
        ether_ioctl() need to be rebuilt on such architectures.

20070516:
        Improved INCLUDE_CONFIG_FILE support has been introduced to the
        config(8) utility. In order to take advantage of this new
        functionality, you are expected to recompile and install
        src/usr.sbin/config. If you don't rebuild config(8), and your
        kernel configuration depends on INCLUDE_CONFIG_FILE, the kernel
        build will be broken because of a missing "kernconfstring"
        symbol.

20070513:
        Symbol versioning is enabled by default.  To disable it, use
        option WITHOUT_SYMVER.  It is not advisable to attempt to
        disable symbol versioning once it is enabled; your installworld
        will break because a symbol version-less libc will get installed
        before the install tools.  As a result, the old install tools,
        which previously had symbol dependencies to FBSD_1.0, will fail
        because the freshly installed libc will not have them.

        The default threading library (providing "libpthread") has been
        changed to libthr.  If you wish to have libkse as your default,
        use option DEFAULT_THREAD_LIB=libkse for the buildworld.

20070423:
        The ABI breakage in sendmail(8)'s libmilter has been repaired
        so it is no longer necessary to recompile mail filters (aka,
        milters).  If you recompiled mail filters after the 20070408
        note, it is not necessary to recompile them again.

20070417:
        The new trunk(4) driver has been renamed to lagg(4) as it better
        reflects its purpose. ifconfig will need to be recompiled.

20070408:
        sendmail(8) has been updated to version 8.14.1.  Mail filters
        (aka, milters) compiled against the libmilter included in the
        base operating system should be recompiled.

20070302:
        Firmwares for ipw(4) and iwi(4) are now included in the base tree.
        In order to use them one must agree to the respective LICENSE in
        share/doc/legal and define legal.intel_<name>.license_ack=1 via
        loader.conf(5) or kenv(1).  Make sure to deinstall the now
        deprecated modules from the respective firmware ports.

20070228:
        The name resolution/mapping functions addr2ascii(3) and ascii2addr(3)
        were removed from FreeBSD's libc. These originally came from INRIA
        IPv6. Nothing in FreeBSD ever used them. They may be regarded as
        deprecated in previous releases.
        The AF_LINK support for getnameinfo(3) was merged from NetBSD to
        replace it as a more portable (and re-entrant) API.

20070224:
        To support interrupt filtering a modification to the newbus API
        has occurred, ABI was broken and __FreeBSD_version was bumped
        to 700031. Please make sure that your kernel and modules are in
        sync. For more info:
        http://docs.freebsd.org/cgi/mid.cgi?20070221233124.GA13941

20070224:
        The IPv6 multicast forwarding code may now be loaded into GENERIC
        kernels by loading the ip_mroute.ko module. This is built into the
        module unless WITHOUT_INET6 or WITHOUT_INET6_SUPPORT options are
        set; see src.conf(5) for more information.

20070214:
        The output of netstat -r has changed. Without -n, we now only
        print a "network name" without the prefix length if the network
        address and mask exactly match a Class A/B/C network, and an entry
        exists in the nsswitch "networks" map.
        With -n, we print the full unabbreviated CIDR network prefix in
        the form "a.b.c.d/p". 0.0.0.0/0 is always printed as "default".
        This change is in preparation for changes such as equal-cost
        multipath, and to more generally assist operational deployment
        of FreeBSD as a modern IPv4 router.

20070210:
        PIM has been turned on by default in the IPv4 multicast
        routing code. The kernel option 'PIM' has now been removed.
        PIM is now built by default if option 'MROUTING' is specified.
        It may now be loaded into GENERIC kernels by loading the
        ip_mroute.ko module.

20070207:
        Support for IPIP tunnels (VIFF_TUNNEL) in IPv4 multicast routing
        has been removed. Its functionality may be achieved by explicitly
        configuring gif(4) interfaces and using the 'phyint' keyword in
        mrouted.conf.
        XORP does not support source-routed IPv4 multicast tunnels nor the
        integrated IPIP tunneling, therefore it is not affected by this
        change. The __FreeBSD_version macro has been bumped to 700030.

20061221:
        Support for PCI Message Signalled Interrupts has been
        re-enabled in the bge driver, only for those chips which are
        believed to support it properly.  If there are any problems,
        MSI can be disabled completely by setting the
        'hw.pci.enable_msi' and 'hw.pci.enable_msix' tunables to 0
        in the loader.

20061214:
        Support for PCI Message Signalled Interrupts has been
        disabled again in the bge driver.  Many revisions of the
        hardware fail to support it properly.  Support can be
        re-enabled by removing the #define of BGE_DISABLE_MSI in
        "src/sys/dev/bge/if_bge.c".

20061214:
        Support for PCI Message Signalled Interrupts has been added
        to the bge driver.  If there are any problems, MSI can be
        disabled completely by setting the 'hw.pci.enable_msi' and
        'hw.pci.enable_msix' tunables to 0 in the loader.

20061205:
        The removal of several facets of the experimental Threading
        system from the kernel means that the proc and thread structures
        have changed quite a bit. I suggest all kernel modules that might
        reference these structures be recompiled.. Especially the
        linux module.

20061126:
        Sound infrastructure has been updated with various fixes and
        improvements. Most of the changes are pretty much transparent,
        with exceptions of followings:
        1) All sound driver specific sysctls (hw.snd.pcm%d.*) have been
           moved to their own dev sysctl nodes, for example:
                hw.snd.pcm0.vchans -> dev.pcm.0.vchans
        2) /dev/dspr%d.%d has been deprecated. Each channel now has its
           own chardev in the form of "dsp%d.<function>%d", where <function>
           is p = playback, r = record and v = virtual, respectively. Users
           are encouraged to use these devs instead of (old) "/dev/dsp%d.%d".
           This does not affect those who are using "/dev/dsp".

20061122:
        geom(4)'s gmirror(8) class metadata structure has been
        rev'd from v3 to v4. If you update across this point and
        your metadata is converted for you, you will not be easily
        able to downgrade since the /boot/kernel.old/geom_mirror.ko
        kernel module will be unable to read the v4 metadata.  You
        can resolve this by doing from the loader(8) prompt:

                set vfs.root.mountfrom="ufs:/dev/XXX"

        where XXX is the root slice of one of the disks that composed
        the mirror (i.e.: /dev/ad0s1a). You can then rebuild
        the array the same way you built it originally.

20061122:
        The following binaries have been disconnected from the build:
        mount_devfs, mount_ext2fs, mount_fdescfs, mount_procfs, mount_linprocfs,
        and mount_std.  The functionality of these programs has been
        moved into the mount program.  For example, to mount a devfs
        filesystem, instead of using mount_devfs, use: "mount -t devfs".
        This does not affect entries in /etc/fstab, since entries in
        /etc/fstab are always processed with "mount -t fstype".

20061113:
        Support for PCI Message Signalled Interrupts on i386 and amd64
        has been added to the kernel and various drivers will soon be
        updated to use MSI when it is available.  If there are any problems,
        MSI can be disabled completely by setting the 'hw.pci.enable_msi'
        and 'hw.pci.enable_msix' tunables to 0 in the loader.

20061110:
        The MUTEX_PROFILING option has been renamed to LOCK_PROFILING.
        The lockmgr object layout has been changed as a result of having
        a lock_object embedded in it. As a consequence all file system
        kernel modules must be re-compiled. The mutex profiling man page
        has not yet been updated to reflect this change.

20061026:
        KSE in the kernel has now been made optional and turned on by
        default. Use 'nooption KSE' in your kernel config to turn it
        off. All kernel modules *must* be recompiled after this change.
        There-after, modules from a KSE kernel should be compatible with
        modules from a NOKSE kernel due to the temporary padding fields
        added to 'struct proc'.

20060929:
        mrouted and its utilities have been removed from the base system.

20060927:
        Some ioctl(2) command codes have changed.  Full backward ABI
        compatibility is provided if the "options COMPAT_FREEBSD6" is
        present in the kernel configuration file.  Make sure to add
        this option to your kernel config file, or recompile X.Org
        and the rest of ports; otherwise they may refuse to work.

20060924:
        tcpslice has been removed from the base system.

20060913:
        The sizes of struct tcpcb (and struct xtcpcb) have changed due to
        the rewrite of TCP syncookies.  Tools like netstat, sockstat, and
        systat needs to be rebuilt.

20060903:
        libpcap updated to v0.9.4 and tcpdump to v3.9.4

20060816:
        The IPFIREWALL_FORWARD_EXTENDED option is gone and the behaviour
        for IPFIREWALL_FORWARD is now as it was before when it was first
        committed and for years after. The behaviour is now ON.

20060725:
        enigma(1)/crypt(1) utility has been changed on 64 bit architectures.
        Now it can decrypt files created from different architectures.
        Unfortunately, it is no longer able to decrypt a cipher text
        generated with an older version on 64 bit architectures.
        If you have such a file, you need old utility to decrypt it.

20060709:
        The interface version of the i4b kernel part has changed. So
        after updating the kernel sources and compiling a new kernel,
        the i4b user space tools in "/usr/src/usr.sbin/i4b" must also
        be rebuilt, and vice versa.

20060627:
        The XBOX kernel now defaults to the nfe(4) driver instead of
        the nve(4) driver. Please update your configuration
        accordingly.

20060514:
        The i386-only lnc(4) driver for the AMD Am7900 LANCE and Am79C9xx
        PCnet family of NICs has been removed. The new le(4) driver serves
        as an equivalent but cross-platform replacement with the pcn(4)
        driver still providing performance-optimized support for the subset
        of AMD Am79C971 PCnet-FAST and greater chips as before.

20060511:
        The machdep.* sysctls and the adjkerntz utility have been
        modified a bit.  The new adjkerntz utility uses the new
        sysctl names and sysctlbyname() calls, so it may be impossible
        to run an old /sbin/adjkerntz utility in single-user mode
        with a new kernel.  Replace the `adjkerntz -i' step before
        `make installworld' with:

            /usr/obj/usr/src/sbin/adjkerntz/adjkerntz -i

        and proceed as usual with the rest of the installworld-stage
        steps.  Otherwise, you risk installing binaries with their
        timestamp set several hours in the future, especially if
        you are running with local time set to GMT+X hours.

20060412:
        The ip6fw utility has been removed.  The behavior provided by
        ip6fw has been in ipfw2 for a good while and the rc.d scripts
        have been updated to deal with it.  There are some rules that
        might not migrate cleanly.  Use rc.firewall6 as a template to
        rewrite rules.

20060428:
        The puc(4) driver has been overhauled. The ebus(4) and sbus(4)
        attachments have been removed. Make sure to configure scc(4)
        on sparc64. Note also that by default puc(4) will use uart(4)
        and not sio(4) for serial ports because interrupt handling has
        been optimized for multi-port serial cards and only uart(4)
        implements the interface to support it.

20060330:
        The scc(4) driver replaces puc(4) for Serial Communications
        Controllers (SCCs) like the Siemens SAB82532 and the Zilog
        Z8530. On sparc64, it is advised to add scc(4) to the kernel
        configuration to make sure that the serial ports remain
        functional.

20060317:
        Most world/kernel related NO_* build options changed names.
        New knobs have common prefixes WITHOUT_*/WITH_* (modelled
        after FreeBSD ports) and should be set in /etc/src.conf
        (the src.conf(5) manpage is provided).  Full backwards
        compatibility is maintained for the time being though it's
        highly recommended to start moving old options out of the
        system-wide /etc/make.conf file into the new /etc/src.conf
        while also properly renaming them.  More conversions will
        likely follow.  Posting to current@:

        http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

20060305:
        The NETSMBCRYPTO kernel option has been retired because its
        functionality is always included in NETSMB and smbfs.ko now.

20060303:
        The TDFX_LINUX kernel option was retired and replaced by the
        tdfx_linux device.  The latter can be loaded as the 3dfx_linux.ko
        kernel module.  Loading it alone should suffice to get 3dfx support
        for Linux apps because it will pull in 3dfx.ko and linux.ko through
        its dependencies.

20060204:
        The 'audit' group was added to support the new auditing functionality
        in the base system.  Be sure to follow the directions for updating,
        including the requirement to run mergemaster -p.

20060201:
        The kernel ABI to file system modules was changed on i386.
        Please make sure that your kernel and modules are in sync.

20060118:
        This actually occured some time ago, but installing the kernel
        now also installs a bunch of symbol files for the kernel modules.
        This increases the size of /boot/kernel to about 67Mbytes. You
        will need twice this if you will eventually back this up to kernel.old
        on your next install.
        If you have a shortage of room in your root partition, you should add
        -DINSTALL_NODEBUG to your make arguments or add INSTALL_NODEBUG="yes"
        to your /etc/make.conf.

20060113:
        libc's malloc implementation has been replaced.  This change has the
        potential to uncover application bugs that previously went unnoticed.
        See the malloc(3) manual page for more details.

20060112:
        The generic netgraph(4) cookie has been changed. If you upgrade
        kernel passing this point, you also need to upgrade userland
        and netgraph(4) utilities like ports/net/mpd or ports/net/mpd4.

20060106:
        si(4)'s device files now contain the unit number.
        Uses of {cua,tty}A[0-9a-f] should be replaced by {cua,tty}A0[0-9a-f].

20060106:
        The kernel ABI was mostly destroyed due to a change in the size
        of struct lock_object which is nested in other structures such
        as mutexes which are nested in all sorts of other structures.
        Make sure your kernel and modules are in sync.

20051231:
        The page coloring algorithm in the VM subsystem was converted
        from tuning with kernel options to autotuning. Please remove
        any PQ_* option except PQ_NOOPT from your kernel config.

20051211:
        The net80211-related tools in the tools/tools/ath directory
        have been moved to tools/tools/net80211 and renamed with a
        "wlan" prefix.  Scripts that use them should be adjusted
        accordingly.

20051202:
        Scripts in the local_startup directories (as defined in
        /etc/defaults/rc.conf) that have the new rc.d semantics will
        now be run as part of the base system rcorder. If there are
        errors or problems with one of these local scripts, it could
        cause boot problems. If you encounter such problems, boot in
        single user mode, remove that script from the */rc.d directory.
        Please report the problem to the port's maintainer, and the
        freebsd-ports@freebsd.org mailing list.

20051129:
        The nodev mount option was deprecated in RELENG_6 (where it
        was a no-op), and is now unsupported.  If you have nodev or dev listed
        in /etc/fstab, remove it, otherwise it will result in a mount error.

20051129:
        ABI between ipfw(4) and ipfw(8) has been changed. You need
        to rebuild ipfw(8) when rebuilding kernel.

20051108:
        rp(4)'s device files now contain the unit number.
        Uses of {cua,tty}R[0-9a-f] should be replaced by {cua,tty}R0[0-9a-f].

20051029:
        /etc/rc.d/ppp-user has been renamed to /etc/rc.d/ppp.
        Its /etc/rc.conf.d configuration file has been `ppp' from
        the beginning, and hence there is no need to touch it.

20051014:
        Now most modules get their build-time options from the kernel
        configuration file.  A few modules still have fixed options
        due to their non-conformant implementation, but they will be
        corrected eventually.  You may need to review the options of
        the modules in use, explicitly specify the non-default options
        in the kernel configuration file, and rebuild the kernel and
        modules afterwards.

20051001:
        kern.polling.enable sysctl MIB is now deprecated. Use ifconfig(8)
        to turn polling(4) on your interfaces.

20050927:
        The old bridge(4) implementation was retired.  The new
        if_bridge(4) serves as a full functional replacement.

20050722:
        The ai_addrlen of a struct addrinfo was changed to a socklen_t
        to conform to POSIX-2001.  This change broke an ABI
        compatibility on 64 bit architecture.  You have to recompile
        userland programs that use getaddrinfo(3) on 64 bit
        architecture.

20050711:
        RELENG_6 branched here.

20050629:
        The pccard_ifconfig rc.conf variable has been removed and a new
        variable, ifconfig_DEFAULT has been introduced.  Unlike
        pccard_ifconfig, ifconfig_DEFAULT applies to ALL interfaces that
        do not have ifconfig_ifn entries rather than just those in
        removable_interfaces.

20050616:
        Some previous versions of PAM have permitted the use of
        non-absolute paths in /etc/pam.conf or /etc/pam.d/* when referring
        to third party PAM modules in /usr/local/lib.  A change has been
        made to require the use of absolute paths in order to avoid
        ambiguity and dependence on library path configuration, which may
        affect existing configurations.

20050610:
        Major changes to network interface API.  All drivers must be
        recompiled.  Drivers not in the base system will need to be
        updated to the new APIs.

20050609:
        Changes were made to kinfo_proc in sys/user.h.  Please recompile
        userland, or commands like `fstat', `pkill', `ps', `top' and `w'
        will not behave correctly.

        The API and ABI for hwpmc(4) have changed with the addition
        of sampling support.  Please recompile lib/libpmc(3) and
        usr.sbin/{pmcstat,pmccontrol}.

20050606:
        The OpenBSD dhclient was imported in place of the ISC dhclient
        and the network interface configuration scripts were updated
        accordingly.  If you use DHCP to configure your interfaces, you
        must now run devd.  Also, DNS updating was lost so you will need
        to find a workaround if you use this feature.

        The '_dhcp' user was added to support the OpenBSD dhclient.  Be
        sure to run mergemaster -p (like you are supposed to do every time
        anyway).

20050605:
        if_bridge was added to the tree. This has changed struct ifnet.
        Please recompile userland and all network related modules.

20050603:
        The n_net of a struct netent was changed to an uint32_t, and
        1st argument of getnetbyaddr() was changed to an uint32_t, to
        conform to POSIX-2001.  These changes broke an ABI
        compatibility on 64 bit architecture.  With these changes,
        shlib major of libpcap was bumped.  You have to recompile
        userland programs that use getnetbyaddr(3), getnetbyname(3),
        getnetent(3) and/or libpcap on 64 bit architecture.

20050528:
        Kernel parsing of extra options on '#!' first lines of shell
        scripts has changed.  Lines with multiple options likely will
        fail after this date.  For full details, please see
                http://people.freebsd.org/~gad/Updating-20050528.txt

20050503:
        The packet filter (pf) code has been updated to OpenBSD 3.7
        Please note the changed anchor syntax and the fact that
        authpf(8) now needs a mounted fdescfs(5) to function.

20050415:
        The NO_MIXED_MODE kernel option has been removed from the i386
        amd64 platforms as its use has been superceded by the new local
        APIC timer code.  Any kernel config files containing this option
        should be updated.

20050227:
        The on-disk format of LC_CTYPE files was changed to be machine
        independent.  Please make sure NOT to use NO_CLEAN buildworld
        when crossing this point. Crossing this point also requires
        recompile or reinstall of all locale depended packages.

20050225:
        The ifi_epoch member of struct if_data has been changed to
        contain the uptime at which the interface was created or the
        statistics zeroed rather then the wall clock time because
        wallclock time may go backwards.  This should have no impact
        unless an snmp implementation is using this value (I know of
        none at this point.)

20050224:
        The acpi_perf and acpi_throttle drivers are now part of the
        acpi(4) main module.  They are no longer built separately.

20050223:
        The layout of struct image_params has changed. You have to
        recompile all compatibility modules (linux, svr4, etc) for use
        with the new kernel.

20050223:
        The p4tcc driver has been merged into cpufreq(4).  This makes
        "options CPU_ENABLE_TCC" obsolete.  Please load cpufreq.ko or
        compile in "device cpufreq" to restore this functionality.

20050220:
        The responsibility of recomputing the file system summary of
        a SoftUpdates-enabled dirty volume has been transferred to the
        background fsck.  A rebuild of fsck(8) utility is recommended
        if you have updated the kernel.

        To get the old behavior (recompute file system summary at mount
        time), you can set vfs.ffs.compute_summary_at_mount=1 before
        mounting the new volume.

20050206:
        The cpufreq import is complete.  As part of this, the sysctls for
        acpi(4) throttling have been removed.  The power_profile script
        has been updated, so you can use performance/economy_cpu_freq in
        rc.conf(5) to set AC on/offline cpu frequencies.

20050206:
        NG_VERSION has been increased. Recompiling kernel (or ng_socket.ko)
        requires recompiling libnetgraph and userland netgraph utilities.

20050114:
        Support for abbreviated forms of a number of ipfw options is
        now deprecated.  Warnings are printed to stderr indicating the
        correct full form when a match occurs.  Some abbreviations may
        be supported at a later date based on user feedback.  To be
        considered for support, abbreviations must be in use prior to
        this commit and unlikely to be confused with current key words.

20041221:
        By a popular demand, a lot of NOFOO options were renamed
        to NO_FOO (see bsd.compat.mk for a full list).  The old
        spellings are still supported, but will cause annoying
        warnings on stderr.  Make sure you upgrade properly (see
        the COMMON ITEMS: section later in this file).

20041219:
        Auto-loading of ancillary wlan modules such as wlan_wep has
        been temporarily disabled; you need to statically configure
        the modules you need into your kernel or explicitly load them
        prior to use.  Specifically, if you intend to use WEP encryption
        with an 802.11 device load/configure wlan_wep; if you want to
        use WPA with the ath driver load/configure wlan_tkip, wlan_ccmp,
        and wlan_xauth as required.

20041213:
        The behaviour of ppp(8) has changed slightly.  If lqr is enabled
        (``enable lqr''), older versions would revert to LCP ECHO mode on
        negotiation failure.  Now, ``enable echo'' is required for this
        behaviour.  The ppp version number has been bumped to 3.4.2 to
        reflect the change.

20041201:
        The wlan support has been updated to split the crypto support
        into separate modules.  For static WEP you must configure the
        wlan_wep module in your system or build and install the module
        in place where it can be loaded (the kernel will auto-load
        the module when a wep key is configured).

20041201:
        The ath driver has been updated to split the tx rate control
        algorithm into a separate module.  You need to include either
        ath_rate_onoe or ath_rate_amrr when configuring the kernel.

20041116:
        Support for systems with an 80386 CPU has been removed.  Please
        use FreeBSD 5.x or earlier on systems with an 80386.

20041110:
        We have had a hack which would mount the root filesystem
        R/W if the device were named 'md*'.  As part of the vnode
        work I'm doing I have had to remove this hack.  People
        building systems which use preloaded MD root filesystems
        may need to insert a "/sbin/mount -u -o rw /dev/md0 /" in
        their /etc/rc scripts.

20041104:
        FreeBSD 5.3 shipped here.

20041102:
        The size of struct tcpcb has changed again due to the removal
        of RFC1644 T/TCP.  You have to recompile userland programs that
        read kmem for tcp sockets directly (netstat, sockstat, etc.)

20041022:
        The size of struct tcpcb has changed.  You have to recompile
        userland programs that read kmem for tcp sockets directly
        (netstat, sockstat, etc.)

20041016:
        RELENG_5 branched here.  For older entries, please see updating
        in the RELENG_5 branch.

COMMON ITEMS:

        General Notes
        -------------
        Avoid using make -j when upgrading.  From time to time in the
        past there have been problems using -j with buildworld and/or
        installworld.  This is especially true when upgrading between
        "distant" versions (eg one that cross a major release boundary
        or several minor releases, or when several months have passed
        on the -current branch).

        Sometimes, obscure build problems are the result of environment
        poisoning.  This can happen because the make utility reads its
        environment when searching for values for global variables.
        To run your build attempts in an "environmental clean room",
        prefix all make commands with 'env -i '.  See the env(1) manual
        page for more details.

        When upgrading from one major version to another it is generally
        best to upgrade to the latest code in the currently installed branch
        first, then do an upgrade to the new branch. This is the best-tested
        upgrade path, and has the highest probability of being successful.
        Please try this approach before reporting problems with a major
        version upgrade.

        To build a kernel
        -----------------
        If you are updating from a prior version of FreeBSD (even one just
        a few days old), you should follow this procedure.  It is the most
        failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,

        make kernel-toolchain
        make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
        make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE

        To test a kernel once
        ---------------------
        If you just want to boot a kernel once (because you are not sure
        if it works, or if you want to boot a known bad kernel to provide
        debugging information) run
        make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
        nextboot -k testkernel

        To just build a kernel when you know that it won't mess you up
        --------------------------------------------------------------
        This assumes you are already running a 5.X system.  Replace
        ${arch} with the architecture of your machine (e.g. "i386",
        "alpha", "amd64", "ia64", "pc98", "sparc64", etc).

        cd src/sys/${arch}/conf
        config KERNEL_NAME_HERE
        cd ../compile/KERNEL_NAME_HERE
        make depend
        make
        make install

        If this fails, go to the "To build a kernel" section.

        To rebuild everything and install it on the current system.
        -----------------------------------------------------------
        # Note: sometimes if you are running current you gotta do more than
        # is listed here if you are upgrading from a really old current.

        <make sure you have good level 0 dumps>
        make buildworld
        make kernel KERNCONF=YOUR_KERNEL_HERE
                                                        [1]
        <reboot in single user>                         [3]
        mergemaster -p                                  [5]
        make installworld
        make delete-old
        mergemaster                                     [4]
        <reboot>


        To cross-install current onto a separate partition
        --------------------------------------------------
        # In this approach we use a separate partition to hold
        # current's root, 'usr', and 'var' directories.   A partition
        # holding "/", "/usr" and "/var" should be about 2GB in
        # size.

        <make sure you have good level 0 dumps>
        <boot into -stable>
        make buildworld
        make buildkernel KERNCONF=YOUR_KERNEL_HERE
        <maybe newfs current's root partition>
        <mount current's root partition on directory ${CURRENT_ROOT}>
        make installworld DESTDIR=${CURRENT_ROOT}
        make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
        make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
        cp /etc/fstab ${CURRENT_ROOT}/etc/fstab                    # if newfs'd
        <edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
        <reboot into current>
        <do a "native" rebuild/install as described in the previous section>
        <maybe install compatibility libraries from ports/misc/compat*>
        <reboot>


        To upgrade in-place from 5.x-stable to current
        ----------------------------------------------
        <make sure you have good level 0 dumps>
        make buildworld                                 [9]
        make kernel KERNCONF=YOUR_KERNEL_HERE           [8]
                                                        [1]
        <reboot in single user>                         [3]
        mergemaster -p                                  [5]
        make installworld
        make delete-old
        mergemaster -i                                  [4]
        <reboot>

        Make sure that you've read the UPDATING file to understand the
        tweaks to various things you need.  At this point in the life
        cycle of current, things change often and you are on your own
        to cope.  The defaults can also change, so please read ALL of
        the UPDATING entries.

        Also, if you are tracking -current, you must be subscribed to
        freebsd-current@freebsd.org.  Make sure that before you update
        your sources that you have read and understood all the recent
        messages there.  If in doubt, please track -stable which has
        much fewer pitfalls.

        [1] If you have third party modules, such as vmware, you
        should disable them at this point so they don't crash your
        system on reboot.

        [3] From the bootblocks, boot -s, and then do
                fsck -p
                mount -u /
                mount -a
                cd src
                adjkerntz -i            # if CMOS is wall time
        Also, when doing a major release upgrade, it is required that
        you boot into single user mode to do the installworld.

        [4] Note: This step is non-optional.  Failure to do this step
        can result in a significant reduction in the functionality of the
        system.  Attempting to do it by hand is not recommended and those
        that pursue this avenue should read this file carefully, as well
        as the archives of freebsd-current and freebsd-hackers mailing lists
        for potential gotchas.

        [5] Usually this step is a noop.  However, from time to time
        you may need to do this if you get unknown user in the following
        step.  It never hurts to do it all the time.  You may need to
        install a new mergemaster (cd src/usr.sbin/mergemaster && make
        install) after the buildworld before this step if you last updated
        from current before 20020224 or from -stable before 20020408.

        [8] In order to have a kernel that can run the 4.x binaries
        needed to do an installworld, you must include the COMPAT_FREEBSD4
        option in your kernel.  Failure to do so may leave you with a system
        that is hard to boot to recover. A similar kernel option COMPAT_FREEBSD5
        is required to run the 5.x binaries on more recent kernels.

        Make sure that you merge any new devices from GENERIC since the
        last time you updated your kernel config file.

        [9] When checking out sources, you must include the -P flag to have
        cvs prune empty directories.

        If CPUTYPE is defined in your /etc/make.conf, make sure to use the
        "?=" instead of the "=" assignment operator, so that buildworld can
        override the CPUTYPE if it needs to.

        MAKEOBJDIRPREFIX must be defined in an environment variable, and
        not on the command line, or in /etc/make.conf.  buildworld will
        warn if it is improperly defined.
FORMAT:

This file contains a list, in reverse chronological order, of major
breakages in tracking -current.  Not all things will be listed here,
and it only starts on October 16, 2004.  Updating files can found in
previous releases if your system is older than this.

Copyright information:

Copyright 1998-2005 M. Warner Losh.  All Rights Reserved.

Redistribution, publication, translation and use, with or without
modification, in full or in part, in any form or format of this
document are permitted without further permission from the author.

THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED.  IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.

If you find this document useful, and you want to, you may buy the
author a beer.

Contact Warner Losh if you have any questions about your use of
this document.

$FreeBSD$