1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
11 <title>&os; &release.current; Release Notes</title>
13 <corpauthor>The &os; Project</corpauthor>
15 <pubdate>$FreeBSD$</pubdate>
28 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
31 <legalnotice id="trademarks" role="trademarks">
41 <para>The release notes for &os; &release.current; contain a summary
42 of the changes made to the &os; base system on the
43 &release.branch; development line.
44 This document lists applicable security advisories that were issued since
45 the last release, as well as significant changes to the &os;
47 Some brief remarks on upgrading are also presented.</para>
52 <title>Introduction</title>
54 <para>This document contains the release notes for &os;
56 describes recently added, changed, or deleted features of &os;.
57 It also provides some notes on upgrading
58 from previous versions of &os;.</para>
60 <![ %release.type.current [
62 <para>The &release.type; distribution to which these release notes
63 apply represents the latest point along the &release.branch; development
64 branch since &release.branch; was created. Information regarding pre-built, binary
65 &release.type; distributions along this branch
66 can be found at <ulink url="&release.url;"></ulink>.</para>
70 <![ %release.type.snapshot [
72 <para>The &release.type; distribution to which these release notes
73 apply represents a point along the &release.branch; development
74 branch between &release.prev; and the future &release.next;.
76 pre-built, binary &release.type; distributions along this branch
77 can be found at <ulink url="&release.url;"></ulink>.</para>
81 <![ %release.type.release [
83 <para>This distribution of &os; &release.current; is a
84 &release.type; distribution. It can be found at <ulink
85 url="&release.url;"></ulink> or any of its mirrors. More
86 information on obtaining this (or other) &release.type;
87 distributions of &os; can be found in the <ulink
88 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
89 &os;</quote> appendix</ulink> to the <ulink
90 url="&url.books.handbook;/">&os;
91 Handbook</ulink>.</para>
95 <para>All users are encouraged to consult the release errata before
96 installing &os;. The errata document is updated with
97 <quote>late-breaking</quote> information discovered late in the
98 release cycle or after the release. Typically, it contains
99 information on known bugs, security advisories, and corrections to
100 documentation. An up-to-date copy of the errata for &os;
101 &release.current; can be found on the &os; Web site.</para>
106 <title>What's New</title>
108 <para>This section describes the most user-visible new or changed
109 features in &os; since &release.prev;, and changes shown in
110 Release Notes for the previous releases are marked as
111 <literal>[7.1R]</literal> and <literal>[7.2R]</literal>.</para>
113 <para>Typical release note items document recent security
114 advisories issued after &release.prev;, new drivers or hardware
115 support, new commands or options, major bug fixes, or
116 contributed software upgrades. They may also list changes to
117 major ports/packages or release engineering practices. Clearly
118 the release notes cannot list every single change made to &os;
119 between releases; this document focuses primarily on security
120 advisories, user-visible changes, and major architectural
123 <sect2 id="security">
124 <title>Security Advisories</title>
126 <para>Problems described in the following security advisories have
127 been fixed. For more information, consult the individual
128 advisories available from
129 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
131 <informaltable frame="none" pgwide="0">
133 <colspec colwidth="1*">
134 <colspec colwidth="1*">
135 <colspec colwidth="3*">
138 <entry>Advisory</entry>
146 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:05.openssh.asc"
147 >SA-08:05.openssh</ulink></entry>
148 <entry>17 April 2008</entry>
149 <entry><para>OpenSSH X11-forwarding privilege escalation</para></entry>
153 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc"
154 >SA-08:06.bind</ulink></entry>
155 <entry>13 July 2008</entry>
156 <entry><para>DNS cache poisoning</para></entry>
160 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:07.amd64.asc"
161 >SA-08:07.amd64</ulink></entry>
162 <entry>3 September 2008</entry>
163 <entry><para>amd64 swapgs local privilege escalation</para></entry>
167 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:08.nmount.asc"
168 >SA-08:08.nmount</ulink></entry>
169 <entry>3 September 2008</entry>
170 <entry><para>&man.nmount.2; local arbitrary code execution</para></entry>
174 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc"
175 >SA-08:09.icmp6</ulink></entry>
176 <entry>3 September 2008</entry>
177 <entry><para>Remote kernel panics on IPv6 connections</para></entry>
181 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
182 >SA-08:10.nd6</ulink></entry>
183 <entry>1 October 2008</entry>
184 <entry><para>IPv6 Neighbor Discovery Protocol routing vulnerability</para></entry>
188 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc"
189 >SA-08:11.arc4random</ulink></entry>
190 <entry>24 November 2008</entry>
191 <entry><para>&man.arc4random.9; predictable sequence vulnerability</para></entry>
195 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:12.ftpd.asc"
196 >SA-08:12.ftpd</ulink></entry>
197 <entry>23 December 2008</entry>
198 <entry><para>Cross-site request forgery in &man.ftpd.8;</para></entry>
202 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-08:13.protosw.asc"
203 >SA-08:13.protosw</ulink></entry>
204 <entry>23 December 2008</entry>
205 <entry><para>netgraph / bluetooth privilege escalation</para></entry>
209 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc"
210 >SA-09:01.lukemftpd</ulink></entry>
211 <entry>07 January 2009</entry>
212 <entry><para>Cross-site request forgery in
213 &man.lukemftpd.8;</para></entry>
217 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc"
218 >SA-09:02.openssl</ulink></entry>
219 <entry>07 January 2009</entry>
220 <entry><para>OpenSSL incorrectly checks for malformed
221 signatures</para></entry>
225 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc"
226 >SA-09:03.ntpd</ulink></entry>
227 <entry>13 January 2009</entry>
228 <entry><para>ntpd cryptographic signature
229 bypass</para></entry>
233 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc"
234 >SA-09:04.bind</ulink></entry>
235 <entry>13 January 2009</entry>
236 <entry><para>BIND DNSSEC incorrect checks for
237 malformed signatures</para></entry>
241 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
242 >SA-09:05.telnetd</ulink></entry>
243 <entry>16 February 2009</entry>
244 <entry><para>telnetd code execution
245 vulnerability</para></entry>
249 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc"
250 >SA-09:06.ktimer</ulink></entry>
251 <entry>23 March 2009</entry>
252 <entry><para>Local privilege escalation</para></entry>
256 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
257 >SA-09:07.libc</ulink></entry>
258 <entry>04 April 2009</entry>
259 <entry><para>Information leak in &man.db.3;</para></entry>
263 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc"
264 >SA-09:08.openssl</ulink></entry>
265 <entry>22 April 2009</entry>
266 <entry><para>Remotely exploitable crash in
267 OpenSSL</para></entry>
271 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"
272 >SA-09:09.pipe</ulink></entry>
273 <entry>10 June 2009</entry>
274 <entry><para>Local information disclosure via direct pipe writes</para></entry>
278 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc"
279 >SA-09:10.ipv6</ulink></entry>
280 <entry>10 June 2009</entry>
281 <entry><para>Missing permission check on SIOCSIFINFO_IN6 ioctl</para></entry>
285 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
286 >SA-09:11.ntpd</ulink></entry>
287 <entry>10 June 2009</entry>
288 <entry><para>ntpd stack-based buffer-overflow vulnerability</para></entry>
292 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:12.bind.asc"
293 >SA-09:12.bind</ulink></entry>
294 <entry>29 July 2009</entry>
295 <entry><para>BIND &man.named.8; dynamic update message remote DoS</para></entry>
298 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:14.devfs.asc"
299 >SA-09:14.devfs</ulink></entry>
300 <entry>2 Oct 2009</entry>
301 <entry><para>Devfs / VFS NULL pointer race condition</para></entry>
309 <title>Kernel Changes</title>
311 <para role="8.0">The &os; <filename>GENERIC</filename> kernel now
312 includes Trusted BSD MAC (Mandatory Access Control) support.
313 No MAC policy module is loaded by default.</para>
315 <para role="8.0" arch="i386">A loader
316 tunable <varname>hw.clflush_disable</varname> has been added
317 to avoid panic (trap 9)
318 at <function>map_invalidate_cache_range()</function> even if
319 Intel CPU is used. This tunable can be set
320 to <literal>-1</literal> (default), <literal>0</literal> and
321 <literal>1</literal>. The <literal>-1</literal> is same as
322 the current behavior, which automatically
323 disables <literal>CLFLUSH</literal> on Intel CPUs without
324 <literal>CPUID_SS</literal> (this should occurr on Xen
325 only). You can specify <literal>1</literal> when this panic
326 happens on non-Intel CPUs (such as AMD's). Because disabling
327 <literal>CLFLUSH</literal> can reduce performance, you can try
328 with setting <literal>0</literal> on Intel CPUs
329 without <literal>SS</literal> to
330 use <literal>CLFLUSH</literal> feature.</para>
332 <para role="8.0">The &man.jail.8; subsystem has been updated. Changes include:</para>
334 <itemizedlist role="7.2">
336 <para role="8.0">A new virtualization container
337 named <quote>vimage</quote> has been implemented. This is
338 not enabled by default. To enable this, add the following
339 kernel options to your kernel configuration file and
340 rebuild the kernel:</para>
342 <programlisting>options VIMAGE</programlisting>
344 <para>Note that <literal>options SCTP</literal> in the
345 <filename>GENERIC</filename> kernel is not compatible with
346 <literal>options VIMAGE</literal>. This limitation will
347 be fixed in the next release.</para>
349 <para>The vimage is a jail with a virtualized instance of
350 the &os; network stack. It can be created by using
351 &man.jail.8; command like this:</para>
353 <screen>&prompt.root; jail -c vnet name=<replaceable>vnet1</replaceable> host.hostname=<replaceable>vnet1.example.net</replaceable> path=/ persist</screen>
355 <para>The vimage has own loopback interface and a separated
356 network stack including the L3 routing tables. Network
357 interfaces on the system can be moved by using
358 &man.ifconfig.8; <option>vnet</option> option between the
359 different vimage jails and outside of them.</para>
361 <para>Furthermore, the &man.epair.4; pseudo-interface driver
362 has been added to help communication between vimage jails.
363 It emulates a pair of back-to-back connected Ethernet
364 interfaces. For example, the following commands create an
365 interface pair of &man.epair.4;:</para>
367 <screen>&prompt.root; ifconfig epair0 create
369 &prompt.root; ifconfig epair0a
370 epair0a: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
371 ether 02:c0:64:00:07:0a
372 &prompt.root; ifconfig epair0b
373 epair0b: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
374 ether 02:c0:64:00:08:0b</screen>
376 <para>The &man.epair.4; pseudo-interfaces and any physical
377 interfaces on the system can be moved between vimage jails
378 by using &man.ifconfig.8; <option>vnet</option> option as
379 described above. Even after half of an &man.epair.4; pair
380 is moved, the back-to-back connection still valid and can
381 be used for inter-jail communication.</para>
383 <para>Note that vimage is still considered as an
384 experimental feature.</para>
388 <para>A jail can now have arbitrary named parameters similar
389 to environmental variables and the fixed jail parameters
390 in the previous releases have been replaced with them.
391 The jail name can now be used for identifying the jail in
392 &man.jexec.8; and &man.killall.1;.</para>
396 <para>Multiple IPv4 and/or IPv6 addresses per jail are now
397 supported. It is even possible to have jails without
398 an IP address at all, which basically gives one a chrooted
399 environment with restricted process view and no
404 <para>SCTP (&man.sctp.4;) with IPv6 in jails has been
409 <para>Specific CPU binding by using &man.cpuset.1; has been
410 implemented. Note that the current implementation allows
411 the superuser inside of the jail to change the CPU
412 bindings specified.</para>
416 <para>A &man.jail.8; can start with a specific route
421 <para>The &man.ddb.8; kernel debugger now supports a
422 <literal>show jails</literal> subcommand.</para>
426 <para>Compatibility support which permits 32-bit jail
427 binaries to be used on 64-bit systems to manage jails has
432 <para>Note that both version numbers of
433 <literal>jail</literal> and <literal>prison</literal> in
434 the &man.jail.8; have been updated for the new
439 <para role="8.0">The &man.ksyms.4;, kernel symbol table
440 interface driver has been added. It creates a character
441 device <filename>/dev/ksyms</filename> and provides
442 read-only access to a snapshot of the kernel symbol
445 <para role="8.0" arch="amd64,i386">The &os; Linux emulation
446 layer has been updated to version 2.6.16 and the default Linux
447 infrastructure port is
448 <filename>emulators/linux_base-f10</filename> (Fedora
451 <para role="8.0" arch="arm">The &os;/&arch.arm; now
452 supports mini dump.</para>
454 <para role="8.0" arch="powerpc">The &os;/&arch.powerpc; now
455 supports kernel core dump.</para>
457 <para role="8.0" arch="amd64,i386">The &os; virtual memory
458 subsystem now supports fully transparent use of
459 <application>superpages</application> for application memory;
460 application memory pages are dynamically promoted to or
461 demoted from superpages without any modification to
462 application code. This change offers the benefit of large
463 page sizes such as improved virtual memory efficiency and
464 reduced TLB (translation lookaside buffer) misses without
465 downsides like application changes and virtual memory
466 inflexibility. This can be enabled by setting a loader tunable
467 <varname>vm.pmap.pg_ps_enabled</varname> to
468 <literal>1</literal> and is enabled by default on
471 <para role="7.2">The &man.ddb.8; kernel debugger now supports a
472 <command>show mount</command> subcommand.</para>
474 <para role="7.2">The &os; DTrace subsystem now supports a probe for
475 process execution.</para>
477 <para role="7.2" arch="amd64">The &os; kernel virtual address
478 space has been increased to 6GB. This allows subsystems to use
479 larger virtual memory space than before. For example, the
480 &man.zfs.8; adaptive replacement cache (ARC) requires large
481 kernel memory space to cache file system data, so it benefits
482 from the increased address space. Note that the ceiling on
483 the kernel map size is now 60% of the size of physical memory
484 rather than an absolute quantity.</para>
486 <para role="7.2">The &man.kld.4; now supports installing 32-bit
487 system calls to the &os; syscall translation layer from kernel
490 <para role="7.2">The &man.ktr.4; now supports a new KTR tracepoint in the
491 <literal>KTR_CALLOUT</literal> class to note when a callout
492 routine finishes executing.</para>
494 <para role="7.2">Types of variables used to track the amount of allocated
495 System V shared memory have been changed from
496 <literal>int</literal> to <literal>size_t</literal>. This
497 makes it possible to use more than 2 GB of memory for shared
498 memory segments on 64-bit architectures. Please note the new
499 BUGS section in &man.shmctl.2; and
500 <filename>/usr/src/UPDATING</filename> for limitations of this
501 temporary solution.</para>
503 <para role="7.2">The &man.sysctl.3; leaf nodes have a flag to tag
504 themselves as MPSAFE now.</para>
506 <para role="7.2">The &os; 32-bit system call translation layer now
507 supports installing 32-bit system calls for
508 <literal>VFS_AIO</literal>.</para>
510 <para role="7.1">The &man.clock.gettime.2; and the related system calls now
511 support a clock ID <literal>CLOCK_THREAD_CPUTIME_ID</literal>,
512 as defined in POSIX.</para>
514 <para role="7.1">The &man.cpuset.2; system call has been added. This is an
515 API for thread to CPU binding and CPU resource grouping and
518 <para role="7.1">The DTrace, a comprehensive dynamic tracing framework and
519 &man.dtrace.1; userland utility have been imported from
520 OpenSolaris. DTrace provides a powerful infrastructure to
521 permit administrators, developers, and service personnel to
522 concisely answer arbitrary questions about the behavior of the
523 operating system and user programs.</para>
525 <para role="7.1">The &man.ddb.4; kernel debugger now has an output capture
526 facility. Input and output from &man.ddb.4; can now be captured
527 to a memory buffer for later inspection using &man.sysctl.8; or
528 a textdump. The new <command>capture</command> command controls
531 <para role="7.1">The &man.ddb.4; debugger now supports a simple scripting
532 facility, which supports a set of named scripts consisting of a
533 set of &man.ddb.4; commands. These commands can be managed from
534 within &man.ddb.4; or with the use of the new &man.ddb.8;
535 utility. More details can be found in the &man.ddb.4; manual
538 <para role="7.1">The &man.ddb.4; <command>ex</command> command now supports
539 an <option>/S</option> mode which interprets and prints the
540 value at the requested address as a symbol. For example,
541 <userinput>ex /S <replaceable>aio_swake</replaceable></userinput>
542 prints the name of the function currently registered in
543 via <replaceable>aio_swake</replaceable> hook.</para>
545 <para role="7.1">The &man.ddb.4; <command>show conifhk</command> command has
546 been added. This lists hooks currently waiting for completion
547 in <function>run_interrupt_driven_config_hooks()</function>.</para>
549 <para role="7.1">The &man.fcntl.2; system call now supports
550 <literal>F_DUP2FD</literal> command. This is equivalent to
551 &man.dup.2;, and compatible with the Sun Solaris and the IBM
554 <para role="7.1">The &os;'s &man.linux.4; ABI support now implements
555 <function>sched_setaffinity()</function> and
556 <function>sched_getaffinity()</function> using real CPU affinity
557 setting primitives.</para>
559 <para role="7.1">The &man.procstat.1; utility has been added. This is a
560 process inspection utility which provides some of the missing
561 functionality from &man.procfs.5; and new functionality for monitoring
562 and debugging specific processes.</para>
564 <para role="7.1">The client side functionality of &man.rpc.lockd.8; has been
565 implemented in the &os; kernel. This implementation provides the
566 correct semantics for &man.flock.2; style locks which are used
567 by the &man.lockf.1; command line tool and the &man.pidfile.3;
568 library. It also implements recovery from server restarts and
569 ensures that dirty cache blocks are written to the server before
570 obtaining locks (allowing multiple clients to use file locking
571 to safely share data). Also, a new kernel option
572 <literal>options NFSLOCKD</literal> has been added and enabled
573 by default. If the kernel support is enabled, &man.rpc.lockd.8;
574 automatically detects and uses the functionality.</para>
576 <para role="7.1">The &os; kernel now supports a new textdump format of kernel
577 dumps. A textdump provides higher-level information via
578 mechanically generated/extracted debugging output, rather than a
579 simple memory dump. This facility can be used to generate brief
580 kernel bug reports that are rich in debugging information, but
581 are not dependent on kernel symbol tables or precisely
582 synchronized source code. More information can be found in the
583 &man.textdump.4; manual page.</para>
585 <para role="7.1">The &man.wait4.2; system call now supports
586 <option>WNOWAIT</option> flag to keep the process whose status
587 is returned in a waitable state and <option>WSTOPPED</option>
588 which is equivalent to <option>WUNTRACED</option>.</para>
590 <para role="7.1" arch="amd64,i386,sparc64">The &os; kernel now has
591 initial support of binding interrupts to CPUs.</para>
593 <para role="7.1" arch="amd64,i386"> The &man.sched.ule.4; scheduler is now the default
594 process scheduler in <filename>GENERIC</filename>
597 <para role="7.1">The sysctl
598 variables <varname>kern.features.compat_freebsd[456]</varname>
599 have been added. These are corresponding to the kernel options
600 <literal>COMPAT_FREEBSD[456]</literal>.</para>
603 <title>Boot Loader Changes</title>
605 <para role="8.0">The <application>boot0</application> boot
606 loader now preserves volume ID at offset
607 0x1b8 used in other operating systems </para>
609 <para role="8.0">The &man.boot0cfg.8; utility now supports a
610 new <option>-i</option> option to set the volume ID.</para>
612 <para role="8.0" arch="arm,powerpc">The &man.loader.8; now
613 supports U-Boot support library.</para>
615 <para role="7.2">The &man.boot.8; now supports 4-byte volume ID that
616 certain versions of &windows; put into the MBR and invoking
617 PXE by pressing the F6 key on some supported BIOSes.</para>
619 <para role="7.2" arch="i386">The &man.boot.8; BTX loader has been
620 improved. This fixes several boot issues on recent machines
621 reported for 7.1-RELEASE and before.</para>
623 <para role="7.2">The &man.loader.8; is now able to obtain DHCP options
624 from network boot via &man.kenv.2; variables.</para>
626 <para role="7.2">A bug in the &man.loader.8; has been fixed. Now the
627 following line works as expected:</para>
629 <programlisting>loader_conf_files="<replaceable>foo</replaceable> <replaceable>bar</replaceable> ${<replaceable>variable</replaceable>}"</programlisting>
631 <para role="7.1" arch="amd64,i386">The BTX kernel used by the boot
632 loader has been changed to invoke BIOS routines from real
633 mode. This change makes it possible to boot &os; from USB
636 <para role="7.1" arch="amd64,i386">A new gptboot boot loader has
637 been added to support booting from a GPT labeled disk. A
638 new <command>boot</command> command has been added to
639 &man.gpt.8;, which makes a GPT disk bootable by writing the
640 required bits of the boot loader, creating a new boot
641 partition if required.</para>
645 <title>Hardware Support</title>
647 <para role="8.0">The &os; now includes experimental support
648 for &arch.mips; platform.</para>
650 <para role="8.0">Support for RTC on Dallas Semiconductor chips
651 has been improved. The DS133x and DS1553 are now
654 <para role="8.0" arch="arm">The &os;/&arch.arm; now supports
655 Feroceon and Sheeva embedded CPU, Marvell Orion (88F5281),
656 Kirkwood (88F6281), Discovery Innovation (MV-78100)
657 systems-on-chip CPU.</para>
659 <para role="8.0" arch="powerpc">The &os;/&arch.powerpc; now
660 supports SMP machines</para>
662 <para role="8.0" arch="powerpc">The &os;/&arch.powerpc; now
663 supports E500 (Book-E) embedded CPU and Freescale
664 PowerQUICCIII MPC85xx system-on-chip (including single and
667 <para role="8.0">The &man.acpi.4; subsystem now supports the System
668 Resource Affinity Table (SRAT) used to describe affinity
669 relationships between CPUs and memory, ACPI 3.0 fields in
670 the MADT including X2APIC entries and UIDs for local SAPICs, and
671 ACPI 3.0 flags in the FADT.</para>
673 <para role="8.0" arch="powerpc">The &man.cpufreq.4; framework now
674 supports PowerPC G5, along with a skeleton SMU driver in order to slew
675 CPU voltage during frequency changes.</para>
677 <para role="8.0">The sec(4) driver has been added to provide
678 support for the integrated security engine found in
679 Freescale system-on-chip devices.</para>
681 <para role="8.0">The &os; TTY layer has been replaced with a
682 new one which has better support for SMP and robust resource
683 handling. A tty now has own mutex and it is expected to
684 improve scalability when compared to the old implementation
685 based on the Giant lock.</para>
687 <para role="8.0" arch="amd64,i386">The &man.uart.4; driver is now the
688 default driver for serial port devices in favor of the
689 &man.sio.4; driver. Note that the device nodes have been
691 <filename>/dev/cuad<replaceable>N</replaceable></filename> and
692 <filename>/dev/ttyd<replaceable>N</replaceable></filename> to
693 <filename>/dev/cuau<replaceable>N</replaceable></filename> and
694 <filename>/dev/ttyu<replaceable>N</replaceable></filename>.</para>
697 <para>Users who are upgrading will need to change their
698 kernel configurations and possibly also
699 <filename>/boot/loader.conf</filename> and
700 <filename>/boot/device.hints</filename>.</para>
703 <para role="8.0">The &os; USB subsystem has been reimplemented
704 to support modern devices and better SMP scalability. The
705 new implementation includes Giant-lock-free device drivers,
706 a Linux compatibility layer, &man.usbconfig.8; utility, full
707 support for split transaction and isochronous transaction,
708 and more. Device node names for USB devices are now in a
710 of <filename>/dev/usb/<replaceable>bus</replaceable>.<replaceable>dev</replaceable>.<replaceable>endpoint</replaceable></filename>,
711 and <filename>/dev/usbctl</filename> is the master device
712 node. Note that the &man.ugen.4; driver has nodes for each device as <filename>/dev/ugen<replaceable>bus</replaceable>.<replaceable>dev</replaceable></filename> for backward compatibility.</para>
714 <para role="7.2" arch="sparc64">&os; now supports Ultra SPARC III
715 (Cheetah) processor family.</para>
717 <para role="7.2">The &man.acpi.4; subsystem now supports a &man.sysctl.8;
718 variable <varname>debug.batt.batt_sleep_ms</varname>. On
719 some laptops with smart batteries, enabling battery
720 monitoring software causes keystrokes from &man.atkbd.4; to
721 be lost. This sysctl variable adds a delay in millisecond
722 to the status checking code as a workaround.</para>
724 <para role="7.2">The &man.acpi.asus.4; driver now supports Asus A8Sr
727 <para role="7.2" arch="powerpc">Support for the AltiVec, a floating point
728 and integer SIMD instruction set has been added.</para>
730 <para role="7.2">The &man.cpuctl.4; driver, which provides a special
731 device <filename>/dev/cpuctl</filename> as an interface to
732 the system CPU has been added. The &man.cpuctl.4;
733 functionality includes the ability to retrieve CPUID
734 information, read/write machine specific registers (MSR),
735 and perform CPU firmware updates.</para>
737 <para role="7.2">The &man.cpufreq.4; driver now supports an
738 <varname>hw.est.msr_info</varname> loader tunable. When
739 this is set to <literal>1</literal>, it attempts to build a
740 simple list containing just the high and low frequencies if
741 it cannot obtain a frequency list from either ACPI or the
742 static tables. This is disabled by default.</para>
744 <para role="7.2" arch="amd64,i386">CPU frequency change notifiers are now
745 disabled when the TSC is P-state invariant. Also, a new
747 <varname>kern.timecounter.invariant_tsc</varname> has been
748 added to force this behavior by setting it to
751 <para role="7.2">The &man.atkbd.4; driver now disables the interrupt
752 handler which is called from the keyboard callback function
753 when polled mode is enabled. This fixes the problem of
754 duplicated/missing characters at the mountroot prompt on
755 multi CPU systems while &man.kbdmux.4; is enabled.</para>
757 <para role="7.2">In the &man.pci.4; subsystem INTx is now disabled when
758 MSI/MSIX is enabled. This change fixes interrupt storm
759 related issues.</para>
761 <para role="7.2" arch="sparc64">The schizo(4) driver for Schizo
762 Fireplane/Safari to PCI 2.1 and Tomatillo JBus to PCI 2.2
763 bridges has been added.</para>
765 <para role="7.2">The &man.u3g.4; driver for USB based 3G cards and
766 dongles including Vodafone Mobile Connect Card 3G, Qualcomm
767 CDMA MSM, Huawei E220, Novatel U740, Sierra MC875U, and more
768 has been added. This provides support for the multiple
769 USB-to-serial interfaces exposed by many 3G USB/PC Card
770 modems, and the device is accessed through the &man.ucom.4;
771 driver which makes it behave like a &man.tty.4;.</para>
773 <para role="7.2">The &man.sched.ule.4; scheduler now supports
775 <varname>machdep.hyperthreading_enabled</varname> just like
776 &man.sched.4bsd.4;. Note that it cannot be modified at
779 <para role="7.1">The &man.cmx.4; driver, a driver for Omnikey CardMan 4040
780 PCMCIA smartcard readers, has been added.</para>
782 <para role="7.1" arch="sparc64">The &man.kbdmux.4; driver now
783 supports &arch.sparc64;. The &man.sunkbd.4; driver now
784 supports &man.atkbd.4; emulation like &man.ukbd.4;.</para>
786 <para role="7.1">The <filename>nvram(4)</filename> driver is now
789 <para role="7.1">An option of the &man.puc.4;
790 driver, <literal>PUC_FASTINTR</literal>, is no longer
793 <para role="7.1">The &man.psm.4; driver now attempts detection of Synaptics
794 touchpad before IntelliMouse. Some touchpads will pretend to
795 be IntelliMouse causing the IntelliMouse probe to work and the
796 Synaptics detection never to be done.</para>
798 <para role="7.1">The &man.uslcom.4; driver, a driver for Silicon
799 Laboratories CP2101/CP2102-based USB serial adapters, has been
800 imported from OpenBSD.</para>
803 <title>Multimedia Support</title>
805 <para role="8.0">The &os; audio subsystem has been improved.
806 The changes include volume per channel, high quality
807 fixed-point band-limited SINC sampling rate converter,
808 bit-perfect mode, transparent/adaptive virtual channel,
809 and exclusive stream. For more details, see the
810 &man.snd.4; manual page.</para>
812 <para role="7.2">The &man.agp.4; driver now supports Intel G4X series
813 graphics chipsets.</para>
815 <para role="7.2">The Direct Rendering Manager
816 (<application>DRM</application>), a kernel module that
817 gives direct hardware access to DRI clients, has been
818 updated. Support for AMD/ATI r500, r600, r700, and IGP
819 based chips, XGI V3XE/V5/V8, and Intel i915 chipsets has
820 been improved.</para>
822 <para role="7.2">A new loader tunable <varname>hw.drm.msi</varname> has
823 been added to control if DRM uses MSI or not. This is set
824 to <literal>1</literal> (enabled) by default.</para>
826 <para role="7.2">The snd_au88x0(4) driver for Aureal Vortex
827 1/2/Advantage PCI has been removed because it has been
828 broken for a long time.</para>
830 <para role="7.2">The &man.snd.hda.4; driver has been updated. These
831 changes include support for multiple codecs per HDA bus,
832 multiple functional groups per codec, multiple audio
833 devices per functional group, digital (SPDIF/HDMI) audio
834 input/output, suspend/resume, and part of multichannel
837 <para role="7.2">Note that due to added HDMI audio and
838 logical audio devices support, the updated driver often
839 provides several PCM devices. This means that in some
840 cases the system default audio device no longer
841 corresponds to the users's habitual audio connectors. In
842 such cases the default device can be specified in audio
843 applications' setup or defined globally via
844 <varname>hw.snd.default_unit</varname> sysctl variable, as
845 described in the &man.sound.4; manual page.</para>
847 <para role="7.1">The &man.agp.4; driver now supports the
848 Intel G33 and G45.</para>
850 <para role="7.1" arch="i386">The <filename>dpms(4)</filename> driver has
851 been added to use the VESA BIOS for DPMS during suspend and
854 <para role="7.1">The <application>DRM</application> kernel driver now
855 supports i915 GME devices.</para>
859 <title>Network Interface Support</title>
861 <para role="8.0">The &man.bwi.4; driver has been added to
862 provide support for Broadcom BCM43xx IEEE 802.11b/g wireless
863 network interfaces.</para>
865 <para role="8.0" arch="sparc64">The &man.cas.4; driver has
866 been added to provide support for Sun Cassini/Cassini+ and
867 National Semiconductor DP83065 Saturn Gigabit Ethernet
870 <para role="8.0">The &man.cxgbtool.8; now supports an
871 interactive mode for scripting of repeatedly performed
874 <para role="8.0">The &man.fxp.4; driver has been improved. Changes include:</para>
878 <para role="8.0">The multicast filter re-programming
879 is now more robust.</para>
883 <para role="7.2">The checksum offload feature can be controlled by
884 &man.ifconfig.8; now.</para>
888 <para role="7.2">Rx checksum offload support for 82559 or later
889 controllers has been added.</para>
893 <para role="7.2">TSO (TCP Segmentation Offload) support for 82550
894 and 82551 controllers has been added.</para>
898 <para role="7.2">WoL (Wake on LAN) support for 82550, 82551, 82558,
899 and 82559-based controllers has been added. Note that
900 ICH based controllers are treated as 82559, and 82557,
901 earlier revisions of 82558, and 82559ER have no WoL
906 <para role="7.2">VLAN hardware tag insertion/stripping support and
907 Tx/Rx checksum offload for VLAN frames support has
908 been added. Note that the VLAN hardware assistance is
909 available only on 82550 or 82551-based
914 <para role="8.0" arch="arm,powerpc">The mge(4) driver has
915 been added to provide support for Marvell Gigabit Ethernet
916 controllers found on ARM-based SOCs (Orion, Kirkwood,
917 Discovery), as well as on system controllers for PowerPC
918 processors (MV64430, MV6446x).</para>
920 <para role="8.0">The &man.miibus.4; driver now supports
921 the Marvell 88E3016.</para>
923 <para role="8.0">The &man.msk.4; driver now supports Yukon
924 FE+ A0 including 88E8040, 88E8040T, 88E8048 and
927 <para role="8.0">The &man.mwl.4; driver has been added to
928 provide support for Marvell 88W8363 IEEE 802.11n wireless
929 network devices.</para>
931 <para role="8.0">The &man.mxge.4; driver now supports some newer
932 revisions and 10GBASE-LRM and 10GBASE-Twinax media
933 types. The firmware version has been updated to 1.4.43.</para>
935 <para role="8.0">The &man.nge.4; driver has been improved and
936 now works on all platforms.</para>
938 <para role="8.0">The tsec(4) driver has been added to
939 provide support for Freescale integrated Three-Speed
940 Ethernet Controller (TSEC). This driver also works with
941 the enhanced version of the controller (eTSEC).</para>
943 <para role="8.0">The &man.uath.4; driver for USB wireless LAN
944 adapter based on Atheros AR5005UG and AR5005UX chipsets
945 has been added. The &man.uathload.8; utility, a firmware
946 loader for the Atheros USB wireless driver has also been
949 <para role="8.0">The &man.urtw.4; driver has been added to
950 provide support for Realtek RTL8187B/L USB IEEE 802.11b/g
951 wireless network devices.</para>
953 <para role="8.0">The &man.xl.4; driver now supports TX
954 checksum offload.</para>
956 <para role="7.2">The &man.ae.4; driver now supports WoL
957 (Wake on LAN).</para>
959 <para role="7.2" arch="amd64,i386">The &man.ale.4; driver is now
960 included in the <filename>GENERIC</filename>
963 <para role="7.2">The &man.ath.hal.4;, Atheros Hardware Access Layer,
964 has been updated to the open source version.</para>
966 <para role="7.2">The &man.axe.4; driver has been improved in
967 performance by eliminating extra context switches and now
968 supports the Apple USB Ethernet adapter.</para>
970 <para role="7.2">The &man.bce.4; driver's firmware has been updated to
971 the latest version (4.6.X).</para>
973 <para role="7.2">The ciphy(4) driver now supports Vitesse VSC8211
976 <para role="7.2">The &man.cxgb.4; driver has been updated to firmware
977 revision 4.7 and now supports hardware MAC
980 <para role="7.2">A bug in the &man.igb.4; driver, which prevented the
981 loader tunable <varname>hw.igb.ave_latency</varname> from
982 working, has been fixed.</para>
984 <para role="7.2">The &man.ixgbe.4; driver has been updated to
985 version 1.7.4.</para>
987 <para role="7.2">The &man.jme.4; driver now supports newer JMicron
988 JMC250/JMC260 revisions.</para>
990 <para role="7.2">The &man.msk.4; driver has been improved. An issue
991 which made it hang up in a certain condition has been
992 fixed. Hardware MAC statistics support has been added
993 and users can get the information via sysctl variables
995 <varname>dev.msk.<replaceable>N</replaceable>.stats</varname>.</para>
997 <para role="7.2">The &man.nfe.4; driver now supports hardware MAC
1000 <para role="7.2">The &man.re.4; driver has been improved. It now
1001 detects the link status. A new loader tunable
1002 <varname>hw.re.prefer_iomap</varname> has been added, to
1003 disable memory register mapping. This tunable is
1004 <literal>0</literal> for all controllers except RTL8169SC
1007 <para role="7.2">The &man.rl.4; driver has been improved. It now
1008 detects the link status and a bug which prevented it from
1009 working on systems with more than 4GB memory has been
1012 <para role="7.2">A bug in &man.sis.4; on VLAN tagged frame handling has
1015 <para role="7.2">The &man.txp.4; driver now works on all supported
1016 architectures. Support has been added for &man.altq.4;,
1017 WoL, checksum offload when VLAN enabled, and link state
1018 change handling has been improved, and new sysctl
1020 <varname>dev.txp.<replaceable>N</replaceable>.stats</varname>
1021 for MAC statistics have been added. New sysctl variables
1022 <varname>dev.txp.<replaceable>N</replaceable>.process_limit</varname>
1023 has been added, to control how many received frames should
1024 be served in Rx handler (set to 64 by default and valid
1025 ranges are 16 to 128 in unit of frames). The firmware has
1026 been updated to the latest version.</para>
1028 <para role="7.1">The &man.ae.4; driver has been added to provide
1029 support for the Attansic/Atheros L2 FastEthernet
1032 <para role="7.1">The &man.jme.4; driver has been added to
1033 provide support for PCIe adapters based on JMicron JMC250
1034 gigabit Ethernet and JMC260 fast Ethernet controllers.</para>
1036 <para role="7.1">The &man.age.4; driver has been added to
1037 provide support for Attansic/Atheros L1 gigabit Ethernet
1040 <para role="7.1">The &man.malo.4; driver has been added to
1041 provide support for Marvell Libertas 88W8335 based PCI network
1044 <para role="7.1">The bm(4) driver has been added to
1045 provide support for Apple Big Mac (BMAC) Ethernet controller,
1046 found on various Apple G3 models.</para>
1048 <para role="7.1">The et(4) driver has been added to
1049 provide support for Agere ET1310 10/100/Gigabit Ethernet
1052 <para role="7.1">The &man.glxsb.4; driver has been added
1053 to provide support for the Security Block in AMD Geode LX
1056 <para role="7.1">The &man.ale.4; driver has been added to provide support
1057 for Atheros AR8121/AR8113/AR8114 Gigabit/Fast Ethernet controllers.
1058 This driver is not enabled in <filename>GENERIC</filename>
1059 kernels for this release.</para>
1061 <para role="7.1">The &man.em.4; driver has been split into two drivers
1062 with some common parts. The &man.em.4; driver will continue
1063 to support adapters up to the 82575, as well as new
1064 client/desktop adapters. A new &man.igb.4; driver
1065 will support new server adapters.</para>
1067 <para role="7.1">The &man.hme.4; driver has been improved.</para>
1069 <para role="7.1">A bug in some of the &man.miibus.4; supported drivers that
1070 IEEE 802.3 auto-negotiation was performed in a wrong order,
1071 has been fixed. Now it chooses the correct technologies
1072 supported by IEEE 802.3 in the order described in Annex
1075 <para role="7.1">A workaround has been added for a bug in TCP/UDP
1076 hardware checksum offload of the &man.msk.4; driver for
1077 short frames. Note that for frames that requires hardware
1078 VLAN tag insertion, the checksum offload workaround does not
1079 work due to changes of checksum offset in mbuf after the
1080 VLAN tag. So disabling hardware checksum offload for the
1081 VLAN interface is needed in such cases.</para>
1083 <para role="7.1">The &man.ndis.4; NDIS miniport driver wrapper has been
1086 <para role="7.1">The &man.sf.4; driver has been improved and now supports
1087 checksum offloading.</para>
1089 <para role="7.1">The &man.stge.4; driver now supports WOL (Wake on
1092 <para role="7.1">The &man.vr.4; driver has been improved.</para>
1094 <para role="7.1" arch="amd64,i386"> The &man.wpi.4; driver has
1095 been updated to include a number of stability fixes.</para>
1099 <sect3 id="net-proto">
1100 <title>Network Protocols</title>
1102 <para role="8.0">The &os; netisr framework has been
1103 reimplemented for parallel threading support. This is a
1104 kernel network dispatch interface which allows device
1105 drivers (and other packet sources) to direct packets to
1106 protocols for directly dispatched or deferred processing.
1107 The new implementation supports up to one netisr thread per
1108 CPU, and several benchmarks on SMP machines show substantial
1109 performance improvement over the previous version.</para>
1111 <para role="8.0">A bug in the &man.gif.4; that EtherIP packets
1112 sent by combination of &man.if.bridge.4; and &man.gif.4;
1113 have a reversed version field has been fixed. If you need
1114 to communicate with older &os; releases via EtherIP, use new
1115 flags <literal>accept_rev_ethip_ver</literal>
1116 and <literal>send_rev_ethip_ver</literal> to control
1117 handling the reversed version field. These can be set by
1118 &man.ifconfig.8 utility to &man.gif.4; interfaces. The
1119 EtherIP implementation found on &os; 6.1, 6.2, 6.3, 7.0,
1120 7.1, and 7.2 had an interoperability issue because it sent
1121 the incorrect EtherIP packets and discarded the correct
1122 ones. For more details, see &man.gif.4; manual page.</para>
1124 <para role="8.0">The IGMPv3 and SSM (Source-Specific Multicast)
1125 including IPv6 SSM and MLDv2 have been added. Although the
1126 old KAME MLDv2 hooks have been replaced with the new
1127 implementation, the related kernel programming interfaces have been
1130 <para role="8.0">The multicast routing code has been improved
1131 and the IPv4 and IPv6 support has been split.</para>
1133 <para role="8.0">The &os; now supports the upcoming Wireless
1134 Mesh standard, IEEE 802.11s. The current implementation is
1135 based on the March 2009 D3.0 draft version.</para>
1137 <para role="8.0">The wireless network support layer (net80211)
1138 now uses pseudo-interfaces named as
1139 <literal>wlan<replaceable>N</replaceable></literal> instead
1140 of a device driver name like <literal>em0</literal>
1142 <literal>wlan<replaceable>N</replaceable></literal>
1143 interface is created by &man.ifconfig.8; as an instance of
1144 the parent interface and used for actual communication
1145 similar to &man.vlan.4, IEEE 802.1Q VLAN network interface.
1146 Note that multiple instances (to realize multiple BSSes with
1147 a single AP device, for example) can be created if the
1148 parent interface supports it. For more details, see
1149 &man.ifconfig.8; manual page.</para>
1151 <para role="8.0">The net80211 layer now supports TDMA for long
1152 distance point-to-point links using &man.ath.4;
1155 <para role="8.0">An infrastructure for caching flows as a means
1156 of accelerating L2 and L3 lookups has been added. This is
1157 called <quote>flow table</quote> and enabled by default on
1158 &arch.amd64 and &arch.i386; platforms. This also provides
1159 stateful load balancing when used
1160 with <literal>RADIX_MPATH</literal>
1162 <para role="8.0">The &os; L2 address translation table has been
1163 reimplemented to reduce lock contention on parallel
1164 processing and simplify the routing logic. The new
1165 implementation has L2 address translation tables for both
1166 ARP (for IPv4) and NDP (for IPv6) which are separated from
1167 the L3 routing tables, and supports flow table caches for both
1168 the routing table and the L2 information. One of the
1169 user-visible changes is that a concept of cloned route (a
1170 route generated by an entry
1171 with <literal>RTF_CLONING</literal> flag) is deprecated.
1172 This means routing flags <literal>RTF_CLONING</literal>,
1173 <literal>RTF_WASCLONE</literal>,
1174 and <literal>RTF_LLINFO</literal> are obsolete.</para>
1176 <para role="8.0">The &man.ipsec.4; subsystem now supports
1177 NAT-Traversal (RFC 3948). This is disabled by default. To
1178 enable this add the following kernel option and rebuild the
1181 <programlisting>device crypto
1183 options IPSEC_NAT_T</programlisting>
1185 <para role="7.2">IPv4 source address selection for unbound sockets has
1186 been implemented as follows:</para>
1190 <para>If we found a route, use the address corresponding
1191 to the outgoing interface.</para>
1195 <para role="7.2">Otherwise we assume the foreign address is reachable
1196 on a directly connected network and try to find a
1197 corresponding interface to take the source address
1202 <para role="7.2">As a last resort use the default jail address.</para>
1206 <para role="7.2">This also changes the semantics of selecting the IP for
1207 processes within a &man.jail.8; as it now uses the same
1208 logic as outside the &man.jail.8;.</para>
1210 <para role="7.2">The TCP MD5 Signature Option (RFC 2385) for IPv6 has
1211 been implemented in the same way it has been implemented for
1214 <para role="7.2">The &man.ng.netflow.4; Netgraph node now includes
1215 support for generating egress netflow instead or in addition
1216 to ingress. An <literal>NGM_NETFLOW_SETCONFIG</literal>
1217 control message has been added to control the new
1218 functionality.</para>
1220 <para role="7.2">The &man.tap.4; Ethernet tunnel software network
1221 interface now supports a new <literal>TAPGIFNAME</literal>
1222 character device ioctl. This is a convenient shortcut to
1223 obtain the network interface name using a file descriptor to
1224 a character device.</para>
1226 <para role="7.2">The &man.tap.4; now supports
1227 <literal>SIOCSIFMTU</literal> ioctl to set a higher MTU than
1228 1500 (ETHERMTU). This allows &man.tap.4; devices to be
1229 added to the same bridge (which requires all interface
1230 members to have the same MTU) with an interface configured
1231 for jumbo frames.</para>
1233 <para role="7.2">The domains list for handling the list of supported
1234 domains in the &man.unix.4; (UNIX domain protocol family)
1235 subsystem is now MPSAFE.</para>
1237 <para role="7.1">The &man.arp.8; utility now
1238 supports <literal>reject</literal>
1239 and <literal>blackhole</literal> keywords. In the entry
1240 marked as <literal>reject</literal>, traffic to the host will
1241 be discarded and the sender will be notified the host is
1242 unreachable. In the entry marked as <literal>blackhole</literal>,
1243 traffic is discarded but the sender is not notified.</para>
1245 <para role="7.1">The &man.bpf.4; now supports an
1246 ioctl <literal>BIOCSETFNR</literal>. This is just like
1247 <literal>BIOCSETF</literal>, but it does not drop all the
1248 packets buffered on the descriptor and reset the
1251 <para role="7.1">The &man.if.bridge.4; interface can limit the
1252 number of source MACs that can be behind a bridge interface
1253 via <literal>ifmaxaddr</literal> parameter of
1254 &man.ifconfig.8;.</para>
1256 <para role="7.1">A bug in the &man.carp.4; interface configuration which
1257 leads to a system panic has been fixed.</para>
1259 <para role="7.1">The &man.dummynet.4; subsystem now supports
1260 <literal>fast</literal> mode operation which allows certain
1261 packets to bypass the dummynet scheduler. This can achieve
1262 lower latency and lower overhead when the packet flow is under
1263 the pipe bandwidth, and eliminate recursion in the subsystem.
1264 The new sysctl variable
1265 <varname>net.inet.ip.dummynet.io_fast</varname> has been
1266 added to enable this feature.</para>
1268 <para role="7.1">The &man.enc.4; interface now supports sysctl
1269 variables to control whether the firewalls or &man.bpf.4;
1270 will see inner and outer headers or just inner or outer
1271 headers for incoming and outgoing IPsec packets.</para>
1273 <para role="7.1">The &man.gre.4; now supports
1274 ioctls <literal>GRESKEY</literal>
1275 and <literal>GREGKEY</literal> which allows set or get GRE
1276 key used for outgoing packets.</para>
1278 <para role="7.1">A bug in the &man.ipsec.4; subsystem that PMTU was broken
1279 in those cases when there was a route with a lower MTU than
1280 the MTU of the outgoing interface, has been fixed.</para>
1282 <para role="7.1">The netatm subsystem has been removed due to
1283 lacking multiprocessor support.</para>
1285 <para role="7.1">The &man.ng.nat.4; now supports redirect functionality
1286 in <filename>libalias</filename>. For more details, see the
1289 <para role="7.1">The &man.ng.pptpgre.4; now supports multiple hooks like
1290 &man.ng.l2tp.4;, to use one pair of pptpgre and ksocket nodes for all
1291 calls between two peers.</para>
1293 <para role="7.1">The &man.resolver.3; now allows underscore in domain
1294 names. Although this is a violation of RFC 1034 [STD 13], it is
1295 accepted by certain name servers as well as other popular operating
1296 systems' resolver library.</para>
1298 <para role="7.1">A socket option <literal>TCP_CONGESTION</literal> for TCP
1299 sockets has been added. This is for setting and retrieving the
1300 congestion control algorithm. The name used is to allow
1301 compatibility with Linux.</para>
1303 <para role="7.1">The &man.rwlock.9; has been used throughout
1304 the <varname>inpcbinfo</varname> and <varname>inpcb</varname>
1305 infrastructure, and protocols that depend on that
1306 infrastructure, including UDP, TCP, and IP raw sockets to
1307 reduce the lock contentions.</para>
1309 <para role="7.1">The &os; now supports multiple routing tables. To
1310 enable this, the following steps are needed:</para>
1312 <itemizedlist role="7.1">
1314 <para>Add the following kernel configuration option and
1315 rebuild the kernel. The <literal>2</literal> is the number
1316 of FIB (Forward Information Base, synonym for a routing
1317 table here). The maximum value is 16.</para>
1319 <programlisting>options ROUTETABLES=2</programlisting>
1321 <para>The procedure for rebuilding the &os; kernel is
1322 described in the <ulink
1323 url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html#AEN30408">&os;
1324 Handbook</ulink>.</para>
1326 <para>This number can be modified on boot time. To do so, add
1327 the following to <filename>/boot/loader.conf</filename> and
1328 reboot the system:</para>
1330 <programlisting>net.fibs=6</programlisting>
1334 <para>Set a loader tunable <varname>net.my_fibnum</varname> if
1335 needed. This means the default number of routing tables.
1336 If not specified, <literal>0</literal> will be used.</para>
1340 <para>Set a loader tunable
1341 <varname>net.add_addr_allfibs</varname> if needed. This
1342 enables to add routes to all FIBs for new interfaces by
1343 default. When this is set to <literal>0</literal>, it will
1344 only allocate routes on interface changes for the FIB of the
1345 caller when adding a new set of addresses to an interface.
1346 Note that this tunable is set to <literal>1</literal> by
1351 <para>To select one of the FIBs, the new &man.setfib.1; utility
1352 can be used. This set an associated FIB with the process. For
1355 <screen>&prompt.root; setfib -3 ping target.example.com</screen>
1357 <para>The FIB #3 will be used for the &man.ping.8; command.</para>
1359 <para>The FIB which the packet will be associated with will be
1360 determined in the following rules:</para>
1362 <itemizedlist role="7.1">
1364 <para>All packets which have a FIB associated with them will
1365 use the FIB. If not, FIB #0 will be used.</para>
1369 <para>A packet received on an interface for forwarding uses
1374 <para>A TCP listen socket associated with an FIB will generate
1375 accept sockets which are associated with the same FIB.</para>
1379 <para>A packet generated in response to other packet uses the
1380 FIB associated with the packet being responded to.</para>
1384 <para>A packet generated on tunnel interfaces such as
1385 &man.gif.4; and &man.tun.4; will be encapsulated using the
1386 FIB of the process which set up the tunnel.</para>
1390 <para>Routing messages will be associated with the process's
1395 <para>Also, the &man.ipfw.8; now supports an action rule
1396 <literal>setfib</literal>. The following action:</para>
1398 <programlisting>setfib <replaceable>fibnum</replaceable></programlisting>
1400 <para>will make the matched packet use the FIB specified in
1401 <replaceable>fibnum</replaceable>. The rule processing
1402 continues at the next rule.</para>
1406 <title>Disks and Storage</title>
1408 <para role="8.0">The &os; CAM SCSI subsystem (&man.cam.4;) now
1409 includes experimental support for ATA/SATA/AHCI-compliant
1410 devices. This is disabled by default. To enable this,
1411 adding the following kernel options to your kernel
1412 configuration file and rebuild the kernel:</para>
1414 <programlisting>device ahci
1415 device siis</programlisting>
1417 <para role="8.0">The current implementation supports
1418 AHCI-compliant controllers and SiliconImage
1419 SiI3124/SiI3132/SiI3531 controllers. The device node of an
1420 ATA drive is <literal>ada</literal> and an ATAPI
1421 drive is <literal>cd</literal>.</para>
1423 <para role="8.0">The &os; iSCSI initiator implementation has
1424 been improved and supports IPv6.</para>
1426 <para role="8.0">A userland utility &man.mfiutil.8; for the
1427 &man.mfi.4; devices has been added. This includes basic
1428 features to monitor controller, array, and drive status,
1429 change basic attributes, create/delete arrays and spares,
1430 and flush the controller firmware. Note that this is a
1431 small utility, not a replacement of MegaCLI in the Ports
1432 Collection which is supported officially and provides more
1433 functionality.</para>
1435 <para role="8.0">A userland utility &man.mptutil.8; for the
1436 &man.mpi.4; devices has been added. This includes basic
1437 features to monitor controller, array, and drive status,
1438 change basic attributes, and create/delete arrays and
1441 <para role="8.0">The &man.siis.4; driver has been added to
1442 provide support for SiliconImage SiI3124/3132/3531 SATA2
1443 controllers. It supports Serial ATA and ATAPI devices, port
1444 multipliers (including FIS-based switching), hardware
1445 command queues (31 commands per port) and Native Command
1448 <para role="7.2">The &man.ata.4; driver now supports Marvell PATA M88SX6121.</para>
1450 <para role="7.2">The &man.ata.4; driver now recognizes nForce MCP67 and
1451 MCP73 SATA controllers as AHCI.</para>
1453 <para role="7.2">The &man.ataraid.4; driver now includes preliminary support
1454 for DDF metadata found on Adaptec HostRAID controllers.
1455 Note that spares and rebuilds are not supported yet.</para>
1457 <para role="7.2">The &man.cam.4; SCSI subsystem now supports a new sysctl
1458 variable <varname>kern.cam.cd.retry_count</varname>. This
1459 controls the number of retries for the CD media. When
1460 trying to read scratched or damaged CDs and DVDs, the
1461 default mechanism is sub-optimal, and programs like
1462 <application>ddrescue</application> do much better if you
1463 turn off the retries entirely since their algorithms do it
1464 by themselves. This value is set to <literal>4</literal>
1465 (for a total of 5 attempts) by default. Setting it to
1466 <literal>0</literal> turns off all retry attempts.</para>
1468 <para role="7.2">A bug in the &man.ciss.4; driver which caused low
1469 <quote>max device openings</quote> count and led to poor
1470 performance has been fixed.</para>
1472 <para role="7.2">The &man.glabel.8; GEOM class now supports a new
1473 UFS-based label called <literal>ufsid</literal> that can be
1474 used to reference UFS-carrying devices by the unique file
1475 system ID. This file system ID is automatically generated
1476 and detected when the &man.glabel.8; GEOM class is enabled. An
1477 example of this new label is:
1478 <filename>/dev/ufsid/48e69c8b5c8e1b43</filename>. The
1479 benefit of using GEOM labels in general is to avoid problems
1480 of device renaming when shifting drives or
1483 <para role="7.2">The &man.gjournal.8; GEOM class now supports the root
1484 file system. Previously, an unclean shutdown would make it
1485 impossible to mount the root file system at boot.</para>
1487 <para role="7.2">The &man.gpart.8; utility has been updated. The APM
1488 scheme now supports Tivo Series 1 partitions (read only), a
1489 new EBR scheme to support Extended Boot Records has been
1490 added, the BSD scheme now support bootcode, and bugs in the
1491 PC98 and VTOC8 schemes have been fixed.</para>
1493 <para role="7.2">An issue in &man.gvinum.8; with access permissions
1494 to underlying disks used by a gvinum plex has been fixed.
1495 If the plex is a raid5 plex and is being written to, parity data might
1496 have to be read from the underlying disks, requiring them to be opened for
1497 reading as well as writing.</para>
1499 <para role="7.2">The &man.hptmv.4; driver has been updated to version
1500 1.16 from HighPoint.</para>
1502 <para role="7.2">The &man.mmc.4; and &man.mmcsd.4; drivers now support MMC
1503 and SDHC cards, high speed timing, wide bus, and multiblock
1506 <para role="7.2" arch="sparc64">The &man.mpt.4; driver is now in the
1507 <filename>GENERIC</filename> kernel.</para>
1509 <para role="7.2">The &man.sdhci.4; driver has been added. This supports
1510 PCI devices with class 8 and subclass 5 according to the SD
1511 Host Controller Specification.</para>
1513 <para role="7.2">The &man.sdhci.4; driver now supports kernel dumping and
1514 a sysctl variable <varname>hw.sdhci.debug</varname> for debug
1517 <para role="7.2">The &man.twa.4; driver now supports 64-bit DMA.</para>
1519 <para role="7.2">The &man.mmc.4; &man.mmcsd.4;, and &man.sdhci.4; driver
1520 are now included as kernel modules.</para>
1522 <para role="7.1">The &man.aac.4; driver now supports 64-bit array support
1523 for RAIDs larger than 2TB and simultaneous opens of the device
1524 for issuing commands to the controller.</para>
1526 <para role="7.1">The &man.ata.4; driver now supports a loader variable
1527 <varname>hw.ata.ata_dma_check_80pin</varname>. This can be
1528 used to disable the 80pin cable check on broken systems such
1529 as certain laptops and Soekris boards. The default value is
1530 <literal>1</literal>.</para>
1532 <para role="7.1">A data corruption problem of the &man.ata.4; driver on
1533 ServerWorks HT1000 chipsets has been fixed.</para>
1535 <para role="7.1">The &man.ciss.4; driver now supports a loader tunable
1536 <varname>hw.ciss.nop_message_heartbeat</varname> for
1537 NOP-message polling in <function>ciss_periodic()</function>.
1538 This can be used as a workaround for
1539 <literal>ADAPTER HEARTBEAT FAILED</literal> issue.
1540 The default value is <literal>0</literal> (disabled).</para>
1542 <para role="7.1">The <filename>geom_part</filename> GEOM class can be built
1543 as a kernel module.</para>
1545 <para role="7.1">The <filename>geom_linux_lvm</filename> GEOM class can be
1546 built as a kernel module.</para>
1548 <para role="7.1">The &man.hptrr.4; driver has been updated to version 1.2
1549 from Highpoint.</para>
1551 <para role="7.1">A buffer overflow in the &man.iir.4; driver has been
1552 fixed. This likely fixes a great number of weird problems
1553 that have been reported with this driver.</para>
1555 <para role="7.1">The &man.mpt.4; driver now supports <literal>mpt_user</literal>
1558 <para role="7.1">The &man.rr232x.4; driver has been superseded by
1559 &man.hptrr.4; driver.</para>
1561 <para role="7.1">The &man.twa.4; driver has been improved with regard to
1562 stability on machines with a plenty of memory and high CPU
1567 <title>File Systems</title>
1569 <para role="8.0"><quote>dangerously dedicated</quote> mode for
1570 the UFS file system is no longer supported.</para>
1573 <para>Such disks will need to be reformatted to work with
1574 this release.</para>
1577 <para role="8.0">The &man.gvinum.8; now supports commands
1578 found in the old vinum implementation including
1579 <command>attach</command>, <command>detach</command>,
1580 <command>start</command>, <command>stop</command>,
1581 <command>concat</command>, <command>mirror</command>,
1582 <command>stripe</command>, and
1583 <command>raid5</command>.</para>
1585 <para role="8.0">The &man.gvinum.8; now
1586 supports <literal>grow</literal> command to make it easier
1587 for users to extend plexes without having to understand all
1588 of the implementation internals.</para>
1590 <para role="8.0">The &os; NFS subsystem now
1591 supports <literal>RPCSEC_GSS</literal> authentication on
1592 both the client and server. This replaces the RPC
1593 implementation of the NFS client and server with the newer
1594 RPC implementation originally developed to support the NFS
1595 Lock Manager. It supports both the new RPC implementation
1596 and the older legacy implementation inherited from the
1597 original NFS codebase and the default is to use the new one.
1598 To use <literal>RPCSEC_GSS</literal> on either client or
1599 server, you must build a kernel which includes
1600 the <literal>KGSSAPI</literal> option and the &man.crypto.4;
1601 device. For more details, see &man.gssd.8; manual
1604 <para role="8.0">The &os; NFS subsystem now includes a new,
1605 experimental implementation with support for NFSv2, NFSv3, and
1606 NFSv4. This is not enabled by default. To enable this, add
1607 the following kernel options to your kernel configuration
1608 file and rebuild the kernel:</para>
1610 <programlisting role="8.0">options NFSCL # for NFS client
1611 options NFSD # for NFS server</programlisting>
1613 <para role="8.0">The fstype for &man.mount.8; program is
1614 <literal>newnfs</literal>, and &man.mount.newnfs.8; program
1615 has also been added. The old, unmaintained NFSv4 client
1616 based on an implementation from the University of Michigan was
1617 removed from the &os; source tree.</para>
1619 <para role="8.0">The &os; NFS subsystem now uses TCP as the
1620 default transport.</para>
1622 <para role="8.0">The shared vnode locking for pathname lookups
1623 in the &man.VFS.9; subsystem has been improved. This is
1624 enabled by default. Setting a sysctl variable
1625 <varname>vfs.lookup_shared</varname> to <literal>0</literal>
1626 disables it. Note that the
1627 <literal>LOOKUP_SHARED</literal> kernel option equivalent to
1628 the sysctl variable has been removed.</para>
1630 <para role="8.0">The <application>ZFS</application> file system
1631 has been updated to version 13. The changes include ZFS
1632 operations by a regular user, L2ARC, ZFS Intent Log on
1633 separated disks (slog), sparse volumes, and so on.</para>
1635 <para role="7.2">The semantics of &man.acl.3; extended access control
1636 lists has been changed as follows:</para>
1638 <itemizedlist role="7.2">
1640 <para>The inode modification time (mtime) is not updated
1641 when extended attributes are added, modified, or removed.</para>
1645 <para>The inode access time (atime) is not updated
1646 when extended attributes are queried.</para>
1650 <para role="7.2">The &os; NFS file system now supports a sysctl variable
1651 <varname>vfs.nfs.prime_access_cache</varname> to determine
1652 whether or not <function>nfs_getattr()</function> will use
1653 an ACCESS RPC to prime the access cache instead of a simple
1654 GETATTR RPC. This is because on many NFS servers an ACCESS
1655 RPC is much more expensive to service than a GETATTR RPC for
1656 files in an NFSv3 mount. The sysctl variable is enabled by
1657 default to maintain the previous behavior.</para>
1659 <para role="7.2">The &os; UDF file system now supports a fifo.</para>
1661 <para role="7.1">The &man.fdescfs.5; is now MPSAFE.</para>
1663 <para role="7.1">The &man.gpart.8; now supports BSD disklabels (option
1664 <literal>GEOM_PART_BSD</literal>) and
1665 VTOC8 disklabels (option
1666 <literal>GEOM_PART_VTOC8</literal>).</para>
1668 <para role="7.1">The &man.gvinum.8; now accepts <replaceable>volume</replaceable>
1669 parameter when creating a plex.</para>
1671 <para role="7.1">A pathname lookup bug of a UNIX domain socket in the
1672 <filename>unionfs(7)</filename> has been fixed.</para>
1676 <sect2 id="userland">
1677 <title>Userland Changes</title>
1679 <para role="8.0">The GCC stack protection (also known as
1680 ProPolice) has been enabled in the &os; base system.</para>
1682 <para role="8.0">A BSD-licensed &man.ar.1; utility has been added
1683 in favor of one in <application>GNU binutils</application> and
1684 it is now the default utility for building the &os; base
1687 <para role="8.0">The &man.awk.1; utility now supports 64 files.
1688 The upper limit was 20 in prior releases.</para>
1690 <para role="8.0">The &man.bsnmpd.1; program now supports OIDs
1693 <para role="8.0">The &man.camcontrol.8; program now supports a
1694 new modularized ATA kernel module and various ATA
1697 <para role="8.0">The &man.cat.1; and &man.cp.1; now use a larger
1698 buffer if the number of pages of the physical memory on the
1699 system is grater than 32k. This reduces the number of context
1702 <para role="8.0">A new BSD-licensed &man.cpio.1; utility has been
1703 added in favor of <application>GNU cpio</application> and it
1704 is now the default utility in the &os; base system.</para>
1706 <para role="8.0">A script for the &man.crashinfo.8; utility for
1707 simple analysis of crash dump has been added. It generates a
1708 text file containing the output of several commands run against
1709 the core dump such as &man.kgdb.1; (stack trace), &man.ps.1;,
1715 &man.fstat.1;.</para>
1717 <para role="8.0">The &man.df.1; utility's <option>-h</option>
1718 flag now supports displaying inode counts in a human-readable
1719 format when a flag <option>-i</option> is specified.</para>
1721 <para role="8.0">The &man.df.1; utility now supports
1722 a <option>-T</option> flag to display file system type in each
1725 <para role="8.0">A bug in the &man.dhclient.8; that can create a
1726 malformed <filename>/etc/resolv.conf</filename> has been
1729 <para role="8.0">The &man.dhclient.8; now uses an
1730 <option>-n</option> flag when invoking &man.route.8; command.
1731 This eliminates a long delay in the case that it gets a lease
1732 but DNS service is not working.</para>
1734 <para role="8.0">The &man.dhclient.8; utility now
1735 uses <literal>68</literal> (bootpc) as the source port for
1736 unicast <literal>DHCPREQUEST</literal> packets instead of
1737 allowing the protocol stack to pick a random source port.
1738 This fixes the behavior where &man.dhclient.8; would never
1739 transition from <literal>RENEWING</literal>
1740 to <literal>BOUND</literal> without going
1741 through <literal>REBINDING</literal> in some networks which
1742 has a tight policy on DHCP spoofing.</para>
1744 <para role="8.0">The &man.env.1; utility now supports a
1745 <option>-u <replaceable>name</replaceable></option> option
1746 that completely unsets the given name instead of setting it to
1747 a null value.</para>
1749 <para role="8.0">The &man.find.1; utility now supports a number
1750 of primaries found in <application>GNU find</application>
1751 including <option>-ignore_readdir_race</option>,
1752 <option>-noignore_readdir_race</option>,
1753 <option>-noleaf</option>, <option>-gid</option>,
1754 <option>-uid</option>, <option>-wholename</option>,
1755 <option>-iwholename</option>, <option>-mount</option>,
1756 <option>-d</option>, <option>-lname</option>,
1757 <option>-ilname</option>, <option>-quit</option>,
1758 <option>-samefile</option>, and <option>-true</option>.</para>
1760 <para role="8.0">The &man.fsck.8; utility now supports a
1761 <option>-r</option> flag to free up excess unused inodes.
1762 Decreasing the number of preallocated inodes reduces the
1763 running time of future runs of fsck and frees up space that
1764 can allocated to files. This flag is ignored when running in
1767 <para role="8.0">The &man.freebsd-update.8; now supports backing
1768 up the old kernel when installing a new kernel. The backup
1769 kernel will be written
1770 to <filename>/boot/kernel.old</filename> if the directory does
1771 not exist or the directory was created by freebsd-update in a
1772 previous backup. Otherwise the &man.freebsd-update.8; will
1773 generate a new directory name for use by the backup. This is
1774 enabled by default.</para>
1776 <para role="8.0">The &man.gdbserver.1; now supports &arch.arm;
1777 and &arch.powerpc; platforms.</para>
1779 <para role="8.0">The &man.gpt.8; program has been removed in
1780 favor of &man.gpart.8;.</para>
1782 <para role="8.0">The &man.gzip.1; utility now supports
1783 uncompressing files which are created
1784 by <application>pack</application> found in some commercial
1785 UNIX-like systems.</para>
1787 <para role="8.0">The &man.i2c.8; utility for diagnostics of I2C has
1790 <para role="8.0">The &man.ifconfig.8; now
1791 supports <option>vnet</option> and <option>-vnet</option>
1792 option to allow moving interfaces between jails with
1795 <para role="8.0">A BSD-licensed <filename>libdwarf</filename>
1796 library has been added for DTrace clients.</para>
1798 <para role="8.0">The <filename>libmsun</filename> library now supports
1799 <function>acosl()</function>,
1800 <function>asinl()</function>,
1801 <function>atanl()</function>,
1802 <function>atan2l()</function>,
1803 <function>cargl()</function>,
1804 <function>csqrtl()</function>,
1805 <function>fmodl()</function>,
1806 <function>hypotl()</function>,
1808 <function>remquol()</function>
1811 <para role="8.0">The <filename>libproc</filename>
1812 library has been added for DTrace clients.</para>
1814 <para role="8.0">The &man.mtest.8; utility now supports IPv6.</para>
1816 <para role="8.0">The &man.mount.8; program now supports
1818 mountprog=<replaceable>filename</replaceable></option> option
1819 to allow an alternative program to be used for mounting a file
1820 system. This is useful for non-&man.nmount.2; based file
1821 systems such as FUSE.</para>
1823 <para role="8.0">The &man.nfscbd.8;, &man.nfsuserd.8;,
1824 &man.nfsdumpstate.8;, and &man.nfsrevoke.8; utilities for the
1825 new NFSv4 subsystem has been added.</para>
1827 <para role="8.0">The &man.pmcannotate.8; utility has been added.
1828 This prints out sources of a tool (in C or assembly) with
1829 inlined profiling informations retrieved by a prior
1830 &man.pmcstat.8; analysis.</para>
1832 <para role="8.0">The &man.route.8; utility now
1833 supports <command>show</command>,
1834 <command>weights</command>, and <command>sticky</command>
1835 commands. For more details, see the &man.route.8; manual
1838 <para role="8.0">The &man.rtld.1; now supports a new
1839 environment variable <varname>LD_ELF_HINTS_PATH</varname> for
1840 overriding the rtld hints file. This environment variable
1841 would be ignored if the process uses setuid and/or setgid.
1842 This feature gives a convenient way to use a custom set of
1843 shared library that is not in the default location.</para>
1845 <para role="8.0">The &man.rtld.1; now supports the dynamic
1846 string token substitution in the rpath and soneeded pathes. The
1847 <varname>$ORIGIN</varname>,
1848 <varname>$OSNAME</varname>,
1849 <varname>$OSREL</varname>
1850 and <varname>$PLATFORM</varname>
1851 tokens are supported. Enabling
1852 the substitution requires <literal>DF_ORIGIN</literal>
1853 flag in <literal>DT_FLAGS</literal> or
1854 <literal>DF_1_ORIGIN</literal> if
1855 <literal>DF_FLAGS_1</literal>, that may be set
1856 with <option>-z</option> origin <application>GNU
1857 ld</application> flag. This translation is unconditionally
1858 disabled for setuid/setgid processes.
1859 The <varname>$ORIGIN</varname> translation relies on
1860 the <literal>AT_EXECPATH</literal> auxinfo supplied by the
1863 <para role="8.0">It is no longer possible to create UFS
1864 filesystems in <quote>dangerously dedicated</quote> mode using
1865 &man.sysinstall.8; since this mode is no longer supported.</para>
1867 <para role="8.0">&man.sysinstall.8; menus have been simplified
1868 to reduce confusion and duplication with other parts of the
1869 system. The <application>Xorg</application> window system
1870 should be installed just like any other package.
1871 Configuration of <application>Linux</application> and
1872 <application>OSF/1</application> emulation should be done via
1873 kernel rebuilds. Support for installation from tape media was
1874 removed as it was believed to be broken. Obsolete code to
1875 support <literal>OLDCARD</literal> was also
1878 <para role="8.0">&man.sysinstall.8; now understands how to use
1879 unsliced USB drives as installation source media via
1880 <filename>/dev/da<replaceable>X</replaceable><replaceable>a</replaceable></filename></para>
1882 <para role="8.0">&man.sysinstall.8; now recognizes the new
1883 <filename>/dev/ada<replaceable>X</replaceable></filename> disk
1884 devices, if compiled into the kernel.</para>
1886 <para role="8.0">&man.sysinstall.8; now uses the
1887 <filename>freebsd-doc-<replaceable>*</replaceable></filename>
1888 packages for localized documents.</para>
1890 <para role="8.0">&man.sysinstall.8; now ejects the CDROM after
1891 installation if it was used as source media.</para>
1893 <para role="8.0">The &man.traceroute.8; and &man.traceroute6.8;
1895 <option>-a</option> flag to display AS number corresponding to
1896 the lookup IP address on each hop. It will query the number to
1897 WHOIS server specified in <option>-A</option> option. If
1898 no <option>-A</option> is
1899 specified, <hostid>whois.radb.net</hostid> will be used as the
1900 default value.</para>
1902 <para role="8.0">The &man.tzsetup.8; now supports
1903 an <option>-s</option> flag to skip the question about
1904 adjusting the clock to UTC.</para>
1906 <para role="8.0">The &man.wake.8; utility, a tool to send Wake on
1907 LAN frames to hosts on a local Ethernet network has been
1910 <para role="8.0">The &man.ypserv.8; program now
1911 supports <filename>shadow.byname</filename>
1912 and <filename>shadow.byuid</filename> maps.</para>
1914 <para role="7.2">A bug in the &man.atacontrol.8; utility, which prevents it
1915 from working when <filename>/usr</filename> is not mounted or
1916 invoked from <filename>/rescue</filename>, has been
1919 <para role="7.2">The &man.btpand.8; daemon from NetBSD has been added.
1920 This daemon provides support for Bluetooth Network Access
1921 Point (NAP), Group Ad-hoc Network (GN) and Personal Area
1922 Network User (PANU) profiles.</para>
1924 <para role="7.2">The &man.cpucontrol.8; utility has been added to
1925 control &man.cpuctl.4; pseudo-device.</para>
1927 <para role="7.2">The &man.ncal.1; utility now supports multibyte
1930 <para role="7.2">The &man.newfs.8; utility now supports
1931 operations on a regular file.</para>
1933 <para role="7.2">The &man.config.8; utility now supports
1934 multiple <varname>makeoption</varname> lines.</para>
1936 <para role="7.2">The &man.csup.1; utility now supports CVSMode to fetch a
1937 complete CVS repository. Note that the rsync transfer mode is
1938 currently disabled.</para>
1940 <para role="7.2">The &man.dirname.1; utility now accepts multiple arguments
1941 in the same way that &man.basename.1; does.</para>
1943 <para role="7.2">The &man.du.1; utility now supports an <option>-l</option>
1944 flag. When specified, the &man.du.1; utility counts a file
1945 with multiple hard links as multiple different files.</para>
1947 <para role="7.2">The &man.du.1; utility now supports an <option>-A</option> flag
1948 to display the apparent size instead of the disk usage. This can be
1949 helpful when operating on compressed volumes or sparse files.</para>
1951 <para role="7.2">The &man.du.1; utility now supports a <option>-B
1952 <replaceable>blocksize</replaceable></option> option to
1953 calculate block counts in blocks of
1954 <replaceable>blocksize</replaceable> bytes. This is different
1955 from the <option>-k</option> or <option>-m</option> options or
1956 setting <varname>BLOCKSIZE</varname> and gives an estimate of
1957 how much space the examined file hierarchy would require on a
1958 file system with the given
1959 <replaceable>blocksize</replaceable>. Unless in
1960 <option>-A</option> mode, <replaceable>blocksize</replaceable>
1961 is rounded up to the next multiple of 512.</para>
1963 <para role="7.2">The &man.dumpfs.8; utility now supports an
1964 <option>-f</option> flag, which causes it to list all free
1965 fragments in the file system by fragment (block) number. This
1966 new mode does the necessary arithmetic to generate absolute
1967 fragment numbers rather than the cg-relative numbers printed
1968 in the default mode.</para>
1970 <para role="7.2">If <option>-f</option> is passed once, contiguous fragment
1971 ranges are collapsed into an X-Y format as free block lists
1972 are currently printed in regular dumpfs output. If specified
1973 twice, all block numbers are printed individually, allowing
1974 both compact and more script-friendly representation.</para>
1976 <para role="7.2">The &man.fetch.1; utility now supports an
1977 <option>-i</option> flag which supports the If-Modified-Since
1978 HTTP 1.1 request. If specified it will cause the file to be
1979 downloaded only if it is more recent than the mtime of the
1980 local file. Also, <application>libfetch</application> now
1981 accepts the mtime in the url structure and a flag to indicate
1982 when this behavior is desired.</para>
1984 <para role="7.2">The &man.fsck.8; utility now supports a
1985 <option>-C</option> flag for <literal>check clean</literal>
1986 mode. This checks if the file system was dismounted cleanly
1987 first and then skip file system checks if true. Otherwise it
1988 does full checks.</para>
1990 <para role="7.2">The &man.fsck.8; utility now supports a
1991 <option>-D</option> flag for damaged recovery mode, which will
1992 enable certain aggressive operations that can make
1993 &man.fsck.8; to survive with file systems that has very
1994 serious data damage. This is a useful last resort when on
1995 disk data damage is very serious and causes &man.fsck.8; to
1998 <para role="7.2">The &man.getaddrinfo.3; function now supports SCTP.</para>
2000 <para role="7.2">A bug was fixed in the &man.ipfw.8; utility which displays
2001 extra messages for a NAT rule even when a <option>-q</option>
2002 flag is specified.</para>
2004 <para role="7.2">The &man.ln.1; utility now supports a <option>-w</option>
2005 flag to check if the source file actually exists. When the
2006 flag is specified and the file does not exist, &man.ln.1; will
2007 issue a warning message.</para>
2009 <para role="8.0">The &man.ln.1; utility now allows creating hard
2010 links to symbolic links because the POSIX.1-2008 requires this
2011 behavior for <option>-L</option> and <option>-P</option>
2014 <para role="8.0">The &man.lpr.1; utility now support
2015 an <option>-m</option> flag to send an email after the job is
2016 completed and a <option>-t</option> option to set the job
2019 <para role="7.2">The &man.make.1; utility now supports a
2020 <option>-p</option> flag to print the input graph only,
2021 without executing any commands. The output is the same as
2022 <option>-d g1</option>. When combined with <option>-f
2023 /dev/null</option>, only the built-in rules of make are
2026 <para role="7.2">The &man.make.1; utility now supports a
2027 <option>-Q</option> flag to cause file banners not to be
2028 generated in addition to the same effect of a
2029 <option>-q</option> flag when a <option>-j</option> option is
2032 <para role="7.2">The &man.make.1; utility now supports the
2033 <varname>.MAKE.JOB.PREFIX</varname> variable. If
2034 <option>-j</option> and <option>-v</option> are specified, its
2035 output for each target is prefixed with a token <literal>---
2036 <replaceable>target</replaceable> ---</literal> the first part
2037 of which can be controlled via the variable.</para>
2039 <para role="7.2">The &man.make.1; utility now supports
2040 <varname>.MAKE.PID</varname> and <varname>.MAKE.PPID</varname>
2041 variable. These are set to process ID of the &man.make.1;
2042 process and its parent process respectively.</para>
2044 <para role="7.2">The &man.makefs.8; utility to create a file system image
2045 from a directory tree has been added.</para>
2047 <para role="7.2">The &man.mergemaster.8; utility now supports an
2048 <option>-F</option> option to automatically install files that
2049 differ only in their version control ID strings.</para>
2051 <para role="7.2">The &man.mount.8; utility now supports an <option>-o
2052 mountprog=<replaceable>/somewhere/mount_xxx</replaceable></option>
2053 option to force it to use the specified program to mount the
2054 file system instead of calling &man.nmount.2; directly. This
2055 is useful when you want to use third party programs such as
2056 FUSE, for example.</para>
2058 <para role="7.2">The &man.netstat.1; utility now reports &man.unix.4;
2059 sockets' listen queue statistics when an <option>-L</option>
2060 flag is specified.</para>
2062 <para role="7.2">A bug in the &man.netstat.1; utility has been fixed. It
2063 crashed with the following options in the previous
2066 <screen role="7.2">&prompt.user; netstat -m -N foo</screen>
2068 <para role="7.2">A bug in the &man.netstat.1; utility has been fixed. The
2069 <option>-ss</option> option now works in the icmp6 section as
2072 <para role="7.2">The &man.pciconf.8; utility now supports a
2073 <option>-b</option> flag, which lists any base address
2074 registers (BAR) that are assigned resources for each
2077 <para role="7.2">The &man.powerd.8; program has been improved. Changes
2078 include reasonable CPU load estimation on SMP systems and a
2079 new mode named as <literal>hiadaptive</literal> for AC-powered
2080 systems. The <literal>hiadaptive</literal> mode raises the
2081 CPU frequency twice as fast as <literal>adaptive</literal>, it
2082 drops the CPU frequency 4 times slower, prefers twice lower
2083 CPU load and has an additional delay before leaving the
2084 highest frequency after the period of maximum load.</para>
2086 <para role="8.0">The &man.revoke.1; utility has been added. This
2087 is a wrapper of &man.revoke.2; syscall.</para>
2089 <para role="7.2">The &man.stat.1; utility now displays an octal
2090 representation of suid, sgid and sticky bits when the
2091 <option>-x</option> flag is specified.</para>
2093 <para role="7.2">The &man.strndup.3; function has been added.</para>
2095 <para role="8.0">The &man.tftpd.8; program now supports
2096 a <option>-W</option> option. This is almost the same as
2097 a <option>-w</option> option but will generate unique named
2098 based on the submitted filename, a &man.strftime.3; format
2099 string, and a two digit sequence number. The time format
2100 string can be set by an <option>-F</option> option.</para>
2102 <para role="7.2">The &man.wc.1; utility now supports an <option>-L</option>
2103 flag to output the number of characters in the longest input
2106 <para role="7.2">A bug in the &man.rpc.yppasswdd.8; program, which causes
2107 it to leave a zombie process when a password or default shell
2108 is changed, has been fixed.</para>
2110 <para role="7.1">The &man.adduser.8; utility now supports
2111 a <option>-M</option> option to set the mode of a new user's
2112 home directory.</para>
2114 <para role="7.1">The &man.atacontrol.8; utility now supports
2115 a <command>spindown</command> command to set or report timeout
2116 after which the device will be spun down.</para>
2118 <para role="7.1">The &man.chflags.1; now supports a <option>-v</option> flag for
2119 verbose output, a <option>-f</option> flag to ignore errors,
2120 and <option>-h</option> to allow setting flags on symbolic links
2121 with the same semantics as (for example) &man.chmod.1;.</para>
2123 <para role="7.1">The &man.cp.1; now supports a <option>-a</option> flag, which is
2124 equivalent to <option>-RpP</option> flags.</para>
2126 <para role="7.1">A bug in the &man.cp.1; utility which prevents POSIX.1e ACL (see
2127 also &man.acl.3;) from copying properly has been fixed.</para>
2129 <para role="7.1">The &man.cron.8; utility now supports <option>-m</option> flag which
2130 overrides the default mail recipient for cron mails unless explicitly
2131 provided by <literal>MAILTO=</literal> line in <filename>crontab</filename>
2134 <para role="7.1">The &man.dhclient.8; now supports more options described in
2135 &man.dhcp-options.5;.</para>
2137 <para role="7.1">The &man.dhclient.8; now
2138 supports <function>is_default_interface()</function> function
2139 which determines if this interface is one with the default
2142 <para role="7.1">A bug in the &man.dhclient.8; that prevents removal of the
2143 default route from working has been fixed.</para>
2145 <para role="7.1">The &man.environ.7;, environment array of strings now
2146 supports unsetting a variable by setting the first character to
2147 NULL. This is required by third-party software such as
2148 <application>Dovecot</application>
2149 and <application>Postfix</application>.</para>
2151 <para role="7.1">The &man.fdisk.8; now supports a <option>-q</option> flag to
2152 not display any warnings.</para>
2154 <para role="7.1">The &man.fetch.1; program and <filename>libfetch</filename>
2155 library now supports a <varname>NO_PROXY</varname> environment
2156 variable. This specifies comma- or whitespace-separated list of
2157 host names for which proxies should not be used. If a single
2158 asterisk is specified, the use of proxies is disabled.</para>
2160 <para role="7.1">The &man.ffsll.3; and &man.flsll.3; functions have been added.
2161 These functions are the same as &man.ffs.3; and &man.fls.3; except that
2162 they accept long long as the arguments.</para>
2164 <para role="7.1">The &man.fortune.6; program now supports
2165 <varname>FORTUNE_PATH</varname> environment variable to specify
2166 search path of the fortune files.</para>
2168 <para role="7.1">A bug in the &man.fortune.6; program that prevents
2169 <option>-e</option> option with multiple files from working has
2172 <para role="7.1">The &man.freebsd-update.conf.5; now supports
2173 <literal>IDSIgnorePaths</literal> statement.</para>
2175 <para role="7.1">The &man.fwcontrol.8; utility now supports <option>-f
2176 <replaceable>node</replaceable></option> option which specifies
2177 <replaceable>node</replaceable> as the root node on the next bus
2180 <para role="7.1" arch="sparc64"> The &man.gcc.1; now
2181 accepts <option>-mcpu</option> option properly; it was hardcoded
2182 as <option>-mcpu=ultrasparc</option>.</para>
2184 <para role="7.1">The &man.ifconfig.8; command now supports
2185 display of WPS IE (Wireless Provisioning Services Information
2188 <para role="7.1">The &man.kgdb.1; command now supports
2189 an <command>add-kld <replaceable>kld</replaceable></command>
2190 command to locate a &man.kld.4; and load its symbols.</para>
2192 <para role="7.1">The &man.kgdb.1; command now has a shared library backend for kernel
2193 files that treats &man.kld.4; as shared libraries and
2194 auto-loading symbols for &man.kld.4; on startup.</para>
2196 <para role="7.1">The &man.kgdb.1; now supports a <command>tid</command> command
2197 and other kernel module related commands even for a remote
2200 <para role="7.1">The &man.kvm.getcptime.3; function to obtain the global CPU
2201 time statistics from the kernel has been added.</para>
2203 <para role="7.1">The <filename>libalias</filename> library now supports
2204 <literal>PORT</literal> and
2205 <literal>EPRT</literal>
2206 FTP commands in lowercase.</para>
2208 <para role="7.1">The &man.man.1; now includes a limited support of
2209 &man.bzip2.1;-compressed manual pages.</para>
2211 <para role="7.1">The &man.mdconfig.8; command now supports a
2212 <option>-v</option> (verbose) flag to <option>-l</option>
2213 command. It shows size and backing store of all &man.md.4;
2214 devices at one time.</para>
2216 <para role="7.1">The &man.memrchr.3; function has been added. This behaves
2217 like &man.memchr.3; except that it locates the last occurrence
2218 of the specified character in the string.</para>
2220 <para role="7.1">The incorrect output grammar of &man.morse.6; program has
2223 <para role="7.1">The &man.mountd.8; utility now supports <option>-h
2224 <replaceable>bindip</replaceable></option> option which
2225 specifies IP addresses to bind to for TCP and UDP requests.
2226 This option may be specified multiple times. If no
2227 <option>-h</option> option is specified,
2228 <literal>INADDR_ANY</literal> will be used. Note that when
2229 specifying IP addresses with this option, it will
2230 automatically add <literal>127.0.0.1</literal> and if IPv6 is
2231 enabled, <literal>::1</literal> to the list.</para>
2233 <para role="7.1">The &man.moused.8; utility now supports <option>-L</option>
2234 flag which changes the speed of scrolling and changes
2235 <option>-U</option> option behavior to only affect the scroll
2238 <para role="7.1">The &man.mv.1; command now support POSIX
2239 specification when moving a directory to an existing directory
2240 across devices.</para>
2242 <para role="7.1">The &man.periodic.8; now supports
2243 <varname>daily_status_mail_rejects_shorten</varname>
2244 configuration variable in &man.periodic.conf.5;. This allows
2245 the rejected mail reports to tally the rejects per blacklist
2246 without providing details about individual sender hosts. The
2247 default configuration keeps the reports in their original
2250 <para role="7.1">The &man.ping6.8; now uses exit status of
2251 <literal>0</literal> and <literal>2</literal> in the same manner
2252 as &man.ping.8;.</para>
2254 <para role="7.1">The &man.ping6.8; now supports an <option>-o</option> flag,
2255 which makes &man.ping6.8; exit successfully after receiving one
2256 reply packet.</para>
2258 <para role="7.1">The &man.ping6.8; now supports <option>-r</option>
2259 and <option>-R</option> flags, which are equivalent to
2260 &man.ping.8;'s <option>-a</option> and <option>-A</option>
2261 flags, respectively.</para>
2263 <para role="7.1">The minimum allowed interval of &man.ping6.8; has been
2264 decreased to 0.000001 from 0.01.</para>
2266 <para role="7.1">The &man.realpath.1; utility now supports
2267 a <option>-q</option> flag to suppress warnings and
2268 accepts multiple paths on its command line.</para>
2270 <para role="7.1">The &man.rfcomm.pppd.8; now supports a <option>-D</option>
2271 flag to register DUN (Dial-Up Networking) service in addition to
2272 the LAN (LAN Access Using PPP) service.</para>
2274 <para role="7.1">The &man.sdpd.8; now supports a <literal>NAP</literal>,
2275 <literal>GN</literal>, and <literal>PANU</literal>
2278 <para role="7.1">The &man.setkey.8; utility now accepts
2279 <literal>esp</literal> as a protocol name
2280 for the <command>spdadd</command> command.</para>
2282 <para role="7.1">A bug in &man.telnetd.8; that caused it to
2283 attempt authentication even when <option>-a off</option>
2284 option is specified has been fixed.</para>
2286 <para role="7.1">The &man.top.1; and &man.vmstat.8; commands now
2287 support <option>-P</option> flag which displays per-CPU
2290 <para role="7.1">The &man.uuid.enc.le.3;, &man.uuid.dec.le.3;,
2291 &man.uuid.enc.be.3;, and &man.uuid.dec.be.3; functions have been
2292 added. These functions encode/decode a binary representation of
2295 <para role="7.1">The &man.watch.8; utility now supports more than 10
2296 &man.snp.4; devices at a time.</para>
2298 <para role="7.1">The &man.ypserv.8; daemon now supports a
2299 <option>-P</option> option to specify the port number on which
2300 it should listen.</para>
2302 <sect3 id="rc-scripts">
2303 <title><filename>/etc/rc.d</filename> Scripts</title>
2305 <para role="7.1">The &man.rc.conf.5; now supports
2306 <varname>dummynet_enable</varname> variable which allow
2307 &man.dummynet.4; kernel module to be loaded when
2308 <varname>firewall_enable</varname> is <literal>YES</literal>.</para>
2310 <para role="7.1">The <filename>ntpd</filename> &man.rc.8; script
2311 can work with no configuration file
2312 <filename>/etc/ntp.conf</filename> now.</para>
2314 <para role="7.1">The <filename>ppp</filename> &man.rc.8;
2315 script now supports multiple instances. For more details,
2316 see the description of <varname>ppp_profile</varname>
2317 variable in &man.rc.conf.5;.</para>
2319 <para role="7.1">The <filename>sysctl</filename> &man.rc.8; script now
2320 supports loading <filename>/etc/sysctl.conf.local</filename> in
2321 addition to <filename>/etc/sysctl.conf</filename>.</para>
2323 <para role="7.1">The &man.rc.conf.5; now supports configuration of
2324 interfaces and attached networks for firewall rule set by
2325 <filename>rc.firewall</filename> when
2326 <varname>firewall_type</varname> is <literal>simple</literal> or
2327 <literal>client</literal>. See
2328 <varname>firewall_client_net</varname>,
2329 <varname>firewall_simple_iif</varname>,
2330 <varname>firewall_simple_inet</varname>,
2331 <varname>firewall_simple_oif</varname>, and
2332 <varname>firewall_simple_onet</varname>.</para>
2336 <sect2 id="contrib">
2337 <title>Contributed Software</title>
2339 <para role="8.0"><application>ISC BIND</application> has been updated to
2340 version 9.6.1rc1.</para>
2342 <para role="8.0">The <application>ACPI-CA</application> has been
2343 updated to 20090521.</para>
2345 <para role="8.0">The <application>ee</application> (easy editor) has
2346 been updated to 1.5.0. This version is now licensed under a
2347 2-clause BSD license, instead of the Artistic license.</para>
2349 <para role="8.0">The <application>hostapd</application> has been updated to
2350 version 0.6.8 + radius ACL support.</para>
2352 <para role="8.0">The <application>less</application> has been updated to
2353 version v436.</para>
2355 <para role="8.0">The <filename>libarchive</filename> library has
2356 been updated to version 2.7.0.</para>
2358 <para role="8.0">The <filename>libexpat</filename> library has
2359 been updated from version 1.95.5 to version 2.0.1.</para>
2361 <para role="8.0">The <filename>ncurses</filename> library has been updated
2362 to version 5.7-20081102.</para>
2364 <para role="8.0"><application>OpenBSM</application> 1.1 from
2365 Trusted BSD Project has been merged.</para>
2367 <para role="8.0"><application>TCPDUMP</application> has been
2368 updated to 4.0.0.</para>
2370 <para role="8.0">The timezone database has been updated
2371 to the <application>tzdata2009f</application> release.</para>
2373 <para role="8.0"><application>wpa_supplicant</application> has been updated to
2374 version 0.6.8</para>
2376 <para role="8.0">The <application>ZFS</application> file system
2377 has been updated from version 6 to version 13.</para>
2379 <para role="7.1">The <application>am-utils</application> has been updated from
2380 version 6.0.10p1 to version 6.1.5.</para>
2382 <para role="7.1">The <application>awk</application> has been updated from 1 May
2383 2007 release to the 23 October 2007 release.</para>
2385 <para role="7.1">The <application>bzip2</application> has been updated from
2386 version 1.0.4 to version 1.0.5.</para>
2388 <para role="7.1">The <application>CVS</application> has been updated to
2389 version 1.11.22.1.</para>
2391 <para role="7.1"><application>NTP</application> has been updated to version
2394 <para role="7.1"><application>OpenPAM</application> has been updated from the
2395 Figwort release to the Hydrangea release.</para>
2397 <para role="7.1"><application>OpenSSH</application> has been updated from
2398 version 4.5p1 to version 5.1p1.</para>
2400 <para role="7.1">The &man.resolver.3; library has been updated to
2401 one of <application>ISC BIND</application> 9.4.3.</para>
2403 <para role="7.1"><application>sendmail</application> has been updated from
2404 version 8.14.2 to version 8.14.4.</para>
2408 <title>Ports/Packages Collection Infrastructure</title>
2410 <para role="7.2">A bug in the &man.pkg.create.1; utility, which
2411 prevented the <option>-n</option> flag from working has been
2414 <para role="7.2">The &os; Ports Collection now supports multiple
2415 &man.make.1; jobs in some supported ports. This is
2416 automatically enabled when a port is marked as
2417 <varname>MAKE_JOBS_SAFE</varname> and improves CPU utilization
2418 at the build stage by passing an option
2419 <option>-j<replaceable>X</replaceable></option> to the top
2420 level <filename>Makefile</filename> from the vendor. The
2421 number <replaceable>X</replaceable> is set to the number of
2422 CPUs by default, and can be set by users via a &man.make.1;
2423 variable <varname>MAKE_JOBS_NUMBER</varname>. For more
2424 details, see <filename>ports/Mk/bsd.port.mk</filename>.</para>
2428 <title>Release Engineering and Integration</title>
2430 <para role="8.0">The supported version of
2431 the <application>GNOME</application> desktop environment
2432 (<filename role="package">x11/gnome2</filename>) has been
2433 updated to 2.26.3.</para>
2435 <para role="8.0">The supported version of
2436 the <application>KDE</application> desktop environment
2437 (<filename role="package">x11/kde4</filename>) has been
2438 updated to 4.3.1.</para>
2442 <sect1 id="upgrade">
2443 <title>Upgrading from previous releases of &os;</title>
2445 <para arch="amd64,i386">Upgrades between RELEASE versions (and
2446 snapshots of the various security branches) are supported using
2447 the &man.freebsd-update.8; utility. The binary upgrade
2448 procedure will update unmodified userland utilities, as well as
2449 unmodified GENERIC or SMP kernels distributed as a part of an
2450 official &os; release. The &man.freebsd-update.8; utility
2451 requires that the host being upgraded has Internet
2452 connectivity.</para>
2454 <para>An older form of binary upgrade is supported through the
2455 <command>Upgrade</command> option from the main
2456 &man.sysinstall.8; menu on CDROM distribution media. This type
2457 of binary upgrade may be useful on non-&arch.i386;,
2458 non-&arch.amd64; machines or on systems with no Internet
2459 connectivity.</para>
2461 <para>Source-based upgrades (those based on recompiling the &os;
2462 base system from source code) from previous versions are
2463 supported, according to the instructions in
2464 <filename>/usr/src/UPDATING</filename>.</para>
2467 <para>Upgrading &os; should, of course, only be attempted after
2468 backing up <emphasis>all</emphasis> data and configuration