1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
11 <title>&os; &release.current; Release Notes</title>
13 <corpauthor>The &os; Project</corpauthor>
15 <pubdate>$FreeBSD$</pubdate>
19 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
22 <legalnotice id="trademarks" role="trademarks">
32 <para>The release notes for &os; &release.current; contain a summary
33 of the changes made to the &os; base system on the
34 &release.branch; development line.
35 This document lists applicable security advisories that were issued since
36 the last release, as well as significant changes to the &os;
38 Some brief remarks on upgrading are also presented.</para>
43 <title>Introduction</title>
45 <para>This document contains the release notes for &os;
47 describes recently added, changed, or deleted features of &os;.
48 It also provides some notes on upgrading
49 from previous versions of &os;.</para>
51 <![ %release.type.current [
53 <para>The &release.type; distribution to which these release notes
54 apply represents the latest point along the &release.branch; development
55 branch since &release.branch; was created. Information regarding pre-built, binary
56 &release.type; distributions along this branch
57 can be found at <ulink url="&release.url;"></ulink>.</para>
61 <![ %release.type.snapshot [
63 <para>The &release.type; distribution to which these release notes
64 apply represents a point along the &release.branch; development
65 branch between &release.prev; and the future &release.next;.
67 pre-built, binary &release.type; distributions along this branch
68 can be found at <ulink url="&release.url;"></ulink>.</para>
72 <![ %release.type.release [
74 <para>This distribution of &os; &release.current; is a
75 &release.type; distribution. It can be found at <ulink
76 url="&release.url;"></ulink> or any of its mirrors. More
77 information on obtaining this (or other) &release.type;
78 distributions of &os; can be found in the <ulink
79 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
80 &os;</quote> appendix</ulink> to the <ulink
81 url="&url.books.handbook;/">&os;
82 Handbook</ulink>.</para>
86 <para>All users are encouraged to consult the release errata before
87 installing &os;. The errata document is updated with
88 <quote>late-breaking</quote> information discovered late in the
89 release cycle or after the release. Typically, it contains
90 information on known bugs, security advisories, and corrections to
91 documentation. An up-to-date copy of the errata for &os;
92 &release.current; can be found on the &os; Web site.</para>
97 <title>What's New</title>
99 <para>This section describes the most user-visible new or changed
100 features in &os; since &release.prev;.</para>
102 <para>Typical release note items document recent security
103 advisories issued after &release.prev;, new drivers or hardware
104 support, new commands or options, major bug fixes, or
105 contributed software upgrades. They may also list changes to
106 major ports/packages or release engineering practices. Clearly
107 the release notes cannot list every single change made to &os;
108 between releases; this document focuses primarily on security
109 advisories, user-visible changes, and major architectural
112 <sect2 id="security">
113 <title>Security Advisories</title>
115 <para>Problems described in the following security advisories have
116 been fixed. For more information, consult the individual
117 advisories available from
118 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
120 <informaltable frame="none" pgwide="0">
122 <colspec colwidth="1*">
123 <colspec colwidth="1*">
124 <colspec colwidth="3*">
127 <entry>Advisory</entry>
135 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc"
136 >SA-10:08.bzip2</ulink></entry>
137 <entry>20 September 2010</entry>
138 <entry><para>Integer overflow in bzip2 decompression</para></entry>
140 <!-- XXX: not for 8.2
142 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:09.pseudofs.asc"
143 >SA-10:09.pseudofs</ulink></entry>
144 <entry>10 October 2010</entry>
145 <entry><para>Spurious mutex unlock</para></entry>
149 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:10.openssl.asc"
150 >SA-10:10.openssl</ulink></entry>
151 <entry>29 November 2010</entry>
152 <entry><para>OpenSSL multiple vulnerabilities</para></entry>
160 <title>Kernel Changes</title>
162 <para arch="ia64" revision="209326">The maximum number of pages
163 used for DMA bounce buffer pool has been increased from 256 to
166 <para arch="powerpc" revision="209765">The default value of
167 <varname>kern.hz</varname> has been increased from 100 to
170 <para arch="powerpc" revision="209767">The SMP kernel now works on
171 MPC7400-based Apple desktop machines such as
174 <para arch="powerpc" revision="211593">&os;/powerpc now supports
175 DMA bounce buffer which is required on systems with larger RAM
178 <para revision="209692">The &man.ddb.8; kernel debugger now
179 supports an optional delay in <command>reset</command> and
180 <command>reboot</command> commands. This allows an
181 administrator to break the system into debugger and trigger
182 automatic textdump when an unattended panic occurs.</para>
184 <para revision="212230">The &man.ddb.8; kernel debugger now
185 supports a <command>show cdev</command> command. This
186 displays the list of all created cdev's, consisting of devfs
187 node name and struct cdev address.</para>
189 <para revision="212427">The &os; &man.memguard.9; framework has
190 been improved to make it able to detect use-after-free of
191 allocated memories over a longer time. For more details, see
192 &man.memguard.9; manual page.</para>
195 <title>Boot Loader Changes</title>
201 <title>Hardware Support</title>
203 <para revision="210476">The &man.aibs.4; driver has been
204 added. This supports the hardware sensors in ASUS
205 motherboards and replaces the &man.acpi.aiboost.4;
208 <para revision="211914">The &man.coretemp.4; driver now supports
209 Xeon 5500/5600 series.</para>
211 <para revision="209952">The &man.ichwd.4; driver
212 now supports Intel NM10 Express chipset watchdog
216 <title>Multimedia Support</title>
218 <para>The &os; Linux emulation subsystem now supports
219 video4linux API. This requires native video4linux
220 hardware drivers such as ones which<filename
221 role="ports">multimedia/pwc</filename> and <filename
222 role="ports">multimedia/webcamd</filename> provide.</para>
226 <title>Network Interface Support</title>
228 <para revision="212021">The &man.alc.4; driver now supports
229 Atheros AR8151/AR8152 PCIe Gigabit/Fast Ethernet
232 <para revision="212011">The TX interrupt moderation timer in
233 the &man.alc.4; driver has been reduced from 50ms to 1ms.
234 The 50ms timer resulted in a poor UDP performance.</para>
236 <para revision="211367">A bug in the &man.bge.4; driver which
237 prevents TSO in BCM57780 from working has been
240 <para revision="211379">The &man.bce.4; driver now supports
243 <para revision="212275">The &man.bwi.4; driver, which supports
244 Broadcom BCM430* and BCM431* family Wireless Ethernet
245 controllers, has been added. This is not compiled into
246 the <filename>GENERIC</filename> kernel because there are
247 some problems. The kernel module
248 <filename>if_bwi.ko</filename> is available and can be
249 loaded without recompiling the kernel to enable this
252 <para revision="212274">A bug in the &man.bwn.4; driver which
253 prevents WPA authentication from working has been
256 <para revision="211848">The &man.cxgb.4; driver now supports
257 the following new &man.sysctl.8; variables:
258 <varname>hw.cxgb.nfilters</varname> sets the maximum
259 number of entries in the hardware filter table,
260 <varname>dev.cxgbc.<replaceable>N</replaceable>.pkt_timestamp</varname>
261 provides packet timestamp instead of connection hash, and
262 <varname>dev.cxgbc.<replaceable>N</replaceable>.core_clock</varname>
263 provides the core clock frequency in kHz.</para>
265 <para>The &man.em.4; driver has been updated to version
268 <para>The &man.igb.4; driver has been updated to version
271 <para revision="209309">The &man.em.4; and &man.igb.4; drivers
272 now provide statistics counters as &man.sysctl.8; MIB
275 <para revision="211241">The &man.em.4; and &man.igb.4; drivers
276 now support &man.led.4; interface via
277 <filename>/dev/led/em<replaceable>N</replaceable></filename>
279 <filename>/dev/led/igb<replaceable>N</replaceable></filename>
280 for identification LED control. The following command
281 line makes the LED blink on <literal>em0</literal>:</para>
283 <screen>&prompt.root; echo f2 > /dev/led/em0</screen>
285 <para revision="212386">The &man.ixgbe.4;
286 driver is now also provided as a kernel module.</para>
288 <para revision="212150">The &man.epair.4; virtual Ethernet
289 interface driver now supports explicit UP/DOWN linkstate.
290 This fixes an issue when it is used with the &man.carp.4;
293 <para revision="210673">The &man.iwn.4; driver now supports
294 Intel Wireless WiFi Link 6000 series. The firmware has
295 been updated to version 9.221.4.1.</para>
297 <para revision="209308">The &man.ixgbe.4; driver has been
298 updated to version 2.2.1. It now supports 82599, better
299 interrupt handling, hardware assist to LRO, and so
302 <para revision="212386">The &man.mwlfw.4;
303 driver is now also provided as a kernel module.</para>
305 <para revision="211377">The &man.rl.4; driver now supports WOL
306 (Wake On Lan) on RTL8139B or newer controllers.</para>
308 <para revision="212039">The &man.rl.4; driver now supports a
309 device hint to change a way of register access. Although
310 some newer RTL8139 controllers support memory-mapped
311 register access, it is difficult to detect the support
312 automatically. For this reason the driver uses I/O
313 mapping by default and provides the following device hint.
314 If it is set to <literal>0</literal>, the driver uses
315 memory mapping for register access.</para>
317 <programlisting>hint.rl.<replaceable>N</replaceable>.prefer_iomap="0"</programlisting>
319 <para>Note that the default value is <literal>1</literal>.</para>
321 <para revision="212468">Some stability issues in
322 the &man.sis.4; driver have been fixed.</para>
324 <para revision="211357">The &man.ste.4; driver now supports a
325 device hint to change a way of register access. Although
326 it uses memory-mapped register access by default, some old
327 IC Plus Corp (formerly Sundace) controllers are found
328 unstable. The following device hint makes the driver use
329 I/O mapping for register access:</para>
331 <programlisting>hint.ste.<replaceable>N</replaceable>.prefer_iomap="1"</programlisting>
333 <para revision="211359">The &man.sk.4; driver now disable TX
334 checksum offloading by default. This is because some
335 revision of Yukon controller generates corrupted frames.
336 The checksum offloading can be enabled manually by using
337 <option>txcsum</option> option in the &man.ifconfig.8;
342 <sect3 id="net-proto">
343 <title>Network Protocols</title>
345 <para revision="209783">The &man.altq.4; support is now provided
346 as a kernel module <filename>alq.ko</filename>.</para>
348 <para revision="209691">IPsec flow distribution has been
349 improved for more parallel processing.</para>
351 <para revision="209277">A bug in &os; IPv4 stack that a proxy
352 ARP entry cannot be added over &man.netgraph.4; interfaces
353 has been fixed.</para>
355 <para revision="211435">A bug in &os; IPv6 stack which prevents
356 an <option>-I</option> in the &man.ping6.8; utility from
358 <varname>net.inet6.ip6.use_defaultzone=1</varname> has been
361 <para revision="209843">A new &man.netgraph.4; node
362 &man.ng.patch.4; has been added. This performs data
363 modification of packets passing through. Modifications are
364 restricted to a subset of C language operations on unsigned
365 integers of 8, 16, 32 or 64-bit size.</para>
367 <para revision="212320">The &man.ng.ether.4; &man.netgraph.4;
368 node now supports interface transfer between multiple virtual
369 network stacks by &man.ifconfig.8; <command>vnet</command>
370 command. A &man.ng.ether.4; node associated with an network
371 interface is now destroyed and recreated when the network
372 interface is moved to another vnet.</para>
374 <para revision="211538">A TCP bandwidth delay product window
375 limiting algorithm by a &man.sysctl.8; variable
376 <varname>net.inet.tcp.inflight.enable</varname> is now
377 disabled by default. It has been found that this algorithm
378 is inefficient on a fast network with smaller RTT than 10ms.
379 It had been enabled by default since 5.2-RELEASE, and then
380 had been disabled only if the RTT was lesser than 10ms since
381 7.0-RELEASE. Pluggable TCP congestion control algorithm
382 modules are planned to be added for the future
385 <para revision="211602">A bug in &os; TCP Path MTU discovery
386 which can lead to a wrong calculation for a smaller MTU than
387 256 octets has been fixed. Note that this bug does not
388 affect when MTU is equal to or larger than 256
391 <para revision="211870">The TCP initial window increase in RFC
392 3390 which can be controlled by a &man.sysctl.8; variable
393 <varname>net.inet.tcp.rfc3390</varname> now reduces the
394 congestion window to the restart window if a TCP connection
395 has been idle for one retransmit timeout or more. For more
396 details, see RFC 5681 Section 4.1.</para>
398 <para revision="212319">&os; virtual network stack (vnet) now
399 supports IPv4 multicast routing.</para>
403 <title>Disks and Storage</title>
405 <para revision="211458">The &man.ahci.4; driver now disables NCQ
406 and PMP support on VIA VT8251 because they are unreliable
409 <para revision="210836">The &man.arcmsr.4; driver
410 has been updated to version 1.20.00.17.</para>
412 <para revision="210164">The &man.ata.4; driver
413 now supports limiting initial ATA mode for devices via
415 <varname>hint.<replaceable>devname</replaceable>.<replaceable>unit</replaceable>.dev<replaceable>N</replaceable
417 <varname>hint.<replaceable>devname</replaceable>.<replaceable>unit</replaceable>.mode</varname>.
418 The valid values are the same as ones supported in the
419 &man.atacontrol.8; and &man.camcontrol.8;.</para>
421 <para revision="210204">The &man.ata.4; driver
422 now enables cable status check on both of controller and
424 <varname>hw.ata.ata_dma_check_80pin</varname> is
427 <para revision="210376">The &man.mpt.4; driver now supports
428 larger I/O sizes which the device and &man.CAM.4; subsystem
429 can support. This was limited to 64KB, and the number of
430 scatter/gather segments was limited to 33 on platforms with
433 <para revision="209404">The &man.twa.4;
434 driver has been updated. The version number is
439 <title>File Systems</title>
441 <para revision="212668">The ZFS on-disk format has been updated
442 to version 15.</para>
444 <para revision="212671">The ZFS metaslab code has been updated.
445 This provides a noticeable improvement on write speed,
446 especially on pools with less than 30% of free space. The
447 related OpenSolaris Bug IDs are 6826241, 6869229, 6918420,
450 <para>The default value of
451 <varname>vfs.zfs.vdev.max_pending</varname> has been
452 decreased from 35 to 10 (OpenSolaris Bug ID is 6891731) to
453 improve latency.</para>
455 <para>Bugs in the ZFS subsystem has been fixed. The
456 OpenSolaris Bug IDs are: 6798878, 6809683, 6794570, 6844069,
457 6788152, 6843235, 6857012, 6870564, 6836714, 6836714,
458 6870564, 6857012, 6843235, 6788152, 6844069, 6794570,
459 6809683, 6798878, 6950219, 6953403, 6951024, 6809340,
460 6755435, 6748436, 6740164, 6769612, 6757430, 6542860,
461 6761100, 6774886, 6737463, 6765294, 6572357, 6572376,
462 6328632, 6739487, 6767129, 6747698, 6745863, 6722540,
463 6759999, 6758107, 6776548, 6761406, 6770866, 6674216,
464 6621164, 6635482, 6595194, 6722991, 6396518, 6713916,
465 6739553, 6784104, 6784108, 6788830, 6791064, 6791066,
466 6791071, 6792134, 6792884, 6798384, 6551866, 6504953,
467 6702206, 6780491, 6747596, 6801507, 6633095, 6775697,
468 6790687, 6791101, 6800942, 6582163, 6804954, 6800184,
469 6803822, 6789318, 6790345, 6797109, 6797118, 6803343,
470 6815893, 6809691, 6790064, 6604992, 6810367, 6807765,
471 6821169, 6821170, 6824006, 6792139, 6794830, 6824062,
472 6816124, 6818183, 6710376, 6501037, 6827260, 6815592,
473 6759986, 6774713, 6717022, 6799895, 6826466, 6826468,
474 6826469, 6826470, 6826471, 6826472, 6833711, 6764124,
475 6830237, 6833162, 6824968, 6834217, 6596237, 6623978,
476 6801810, 6586537, 6836768, 6838062, 6794136, 6776104,
477 6664765, 6841321, 6843069, 6847229, 6838344, 6844900,
478 6857012, 6848242, 6856634, 6861983, 6862984, 6696858,
479 6696858, 6882227, 6880764, 6793430, 6822816, 6892298,
480 6807339, 6906110, 6906946, 6898245, and 6833999.</para>
484 <sect2 id="userland">
485 <title>Userland Changes</title>
487 <para revision="209267">The &man.arp.8; utility has been improved.
488 It now runs faster even when a single interface has a number
491 <para revision="211723">The &man.calendar.1; utility now supports
492 repeating events which span multiple years, lunar events, and
495 <para revision="210915">The &man.dhclient.8; utility now reports a
496 reason for exiting and the 10-second period in which the
497 &man.dhclient.8; ignores routing messages has been changed to
498 start just after <filename>dhclient-script</filename> starts
499 instead of just after it finished. This change fixes a
500 symptom that &man.dhclient.8; silently exits under a certain
503 <para revision="209362">The &man.du.1; utility now supports a
504 <option>-t <replaceable>threshold</replaceable></option>
505 option to display entries that exceeds the value of
506 <replaceable>threshold</replaceable>. If the value is
507 negative, it displays entries with a value less than the
508 absolute value of <replaceable>threshold</replaceable>.</para>
510 <para revision="210567">The &man.gcore.1; utility now supports an
511 <option>-f</option> flag which forces a full dump of all the
512 segments except for the malformed ones.</para>
514 <para revision="211938">The <function>gethost*()</function>,
515 <function>getnet*()</function>, and
516 <function>getproto*()</function> functions now set the errno
517 to <literal>ERANGE</literal> and the NSS backend terminates
518 with <literal>NS_RETURN</literal> when the result buffer size
521 <para revision="209497">The &man.gpart.8; utility now supports
522 <command>resize</command> command to resize partitions for all
523 schemes but EBR.</para>
525 <para revision="212144">The &man.ifconfig.8; utility now check an
526 invalid CIDR subnet notation more strictly. It wrongly
527 accepted <literal>10.0.0.1/10.0.0.1</literal> as
528 <literal>10.0.0.1/10</literal>.</para>
530 <para revision="209284">Incorrect behaviors in stuttering
531 sequences and reverse ranges in the &man.jot.1; utility have
534 <para revision="211699">The &man.newsyslog.8; utility now supports
535 an <option>-S <replaceable>pidfile</replaceable></option>
536 option to override the default &man.syslogd.8; PID
539 <para revision="209912">The &man.pkill.1; utility now supports
540 an <option>-l</option> option which the &man.kill.1; utility
543 <para revision="211098">The &man.pmcstat.8; utility now supports a
544 file and a network socket as a top source. A new option
545 <option>-O <replaceable>filename</replaceable></option>
546 specifies to send log output to
547 <replaceable>filename</replaceable>, and another new option
548 <option>-R <replaceable>filename</replaceable></option>
549 specifies to receive events from
550 <replaceable>filename</replaceable>. For a socket, the
551 <replaceable>filename</replaceable> is in a form of
552 <replaceable>ipaddr:port</replaceable>. This allows top
553 monitoring over TCP on a system with no local symbols, for
556 <para revision="210089">The &man.pom.6; utility now
557 supports a <option>-p</option> flag to print only the
560 <para revision="212472">The &man.powerd.8; utility now supports
561 an <option>-m <replaceable>freq</replaceable></option> and
562 <option>-M <replaceable>freq</replaceable></option> to control
563 the minimum and maximum frequency, respectively.</para>
565 <para revision="210616">A bug in the &man.sh.1; program has been
566 fixed. A <literal>SIGINT</literal> signal is now passed
567 through from a child process if the shell is interactive and
568 the job control is enabled. For example, aborting
569 &man.sleep.1; command by Ctrl-C no longer display
570 <literal>ok</literal> in the following command line:</para>
572 <screen>&prompt.user; sleep 5; echo ok</screen>
574 <para revision="210732">The &man.sh.1; program now supports a
575 <command>bg</command> command consisting solely of
576 redirections. For example:</para>
578 <screen>&prompt.user; < /dev/null &</screen>
580 <para revision="211536">The &man.sleep.1; utility now supports
581 <literal>SIGINFO</literal> signal and reports the specified
582 sleep time and the remaining time.</para>
584 <para revision="210566">The &man.uname.1; utility now supports an
585 <option>-o</option> flag as a synonym for the
586 <option>-s</option> flag for compatibility with other
589 <para revision="211060">Bugs in &man.vi.1; utility have been
590 fixed. They include handling of <literal>^@</literal> and
591 <literal>^C</literal> in insert mode when reading an ex
594 <para revision="209870">The <command>set sharenfs</command>
595 command in the &man.zfs.8; utility now supports
596 <option>sec</option> option.</para>
598 <sect3 id="periodic-scripts">
599 <title><filename>/etc/periodic</filename> Scripts</title>
601 <para>A periodic script for <command>zfs scrub</command> has
602 been added. For more details, see &man.periodic.conf.5;
606 <sect3 id="rc-scripts">
607 <title><filename>/etc/rc.d</filename> Scripts</title>
614 <title>Contributed Software</title>
618 <para>The <application>ACPI-CA</application> has been updated to
621 <para>The <application>awk</application> has been updated from
622 the 23 October 2007 release to the 26 November 2009 release.</para>
624 <para><application>ISC BIND</application> has been updated to
625 version 9.6.2-P2.</para>
627 <para><application>netcat</application> has been updated to
630 <para><application>OpenSSH</application> has been updated from
631 version 5.1p1 to version 5.4p1.</para>
633 <para><application>OpenSSL</application> has been updated to
634 version 0.9.8n.</para>
636 <para><application>sendmail</application> has been updated to
637 version 8.14.4.</para>
639 <para>The timezone database has been updated to the
640 <application>tzdata2010l</application> release.</para>
644 <title>Release Engineering and Integration</title>
646 <para revision="211007">The &man.sysinstall.8; utility now uses
647 the following numbers for default and minimum partition sizes:
648 1GB for <filename>/</filename>, 4GB for
649 <filename>/var</filename>, and 1GB for
650 <filename>/tmp</filename>.</para>
652 <para revision="211009">The &man.sysinstall.8; utility now
653 attempts to enable &man.getty.8; on a serial port when no VGA
654 card on the system.</para>
656 <para>The supported version of
657 the <application>GNOME</application> desktop environment
658 (<filename role="package">x11/gnome2</filename>) has been
659 updated to 2.32.1.</para>
661 <para>The supported version of
662 the <application>KDE</application> desktop environment
663 (<filename role="package">x11/kde4</filename>) has been
664 updated to 4.5.5.</para>
669 <title>Upgrading from previous releases of &os;</title>
671 <para arch="amd64,i386">Upgrades between RELEASE versions (and
672 snapshots of the various security branches) are supported using
673 the &man.freebsd-update.8; utility. The binary upgrade
674 procedure will update unmodified userland utilities, as well as
675 unmodified GENERIC kernel distributed as a part of an
676 official &os; release. The &man.freebsd-update.8; utility
677 requires that the host being upgraded has Internet
680 <para>An older form of binary upgrade is supported through the
681 <command>Upgrade</command> option from the main
682 &man.sysinstall.8; menu on CDROM distribution media. This type
683 of binary upgrade may be useful on non-&arch.i386;,
684 non-&arch.amd64; machines or on systems with no Internet
687 <para>Source-based upgrades (those based on recompiling the &os;
688 base system from source code) from previous versions are
689 supported, according to the instructions in
690 <filename>/usr/src/UPDATING</filename>.</para>
693 <para>Upgrading &os; should, of course, only be attempted after
694 backing up <emphasis>all</emphasis> data and configuration