1 <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
2 <!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
5 <!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
11 <title>&os; &release.current; Release Notes</title>
13 <corpauthor>The &os; Project</corpauthor>
15 <pubdate>$FreeBSD$</pubdate>
19 <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
22 <legalnotice id="trademarks" role="trademarks">
32 <para>The release notes for &os; &release.current; contain a summary
33 of the changes made to the &os; base system on the
34 &release.branch; development line.
35 This document lists applicable security advisories that were issued since
36 the last release, as well as significant changes to the &os;
38 Some brief remarks on upgrading are also presented.</para>
43 <title>Introduction</title>
45 <para>This document contains the release notes for &os;
47 describes recently added, changed, or deleted features of &os;.
48 It also provides some notes on upgrading
49 from previous versions of &os;.</para>
51 <![ %release.type.current [
53 <para>The &release.type; distribution to which these release notes
54 apply represents the latest point along the &release.branch; development
55 branch since &release.branch; was created. Information regarding pre-built, binary
56 &release.type; distributions along this branch
57 can be found at <ulink url="&release.url;"></ulink>.</para>
61 <![ %release.type.snapshot [
63 <para>The &release.type; distribution to which these release notes
64 apply represents a point along the &release.branch; development
65 branch between &release.prev; and the future &release.next;.
67 pre-built, binary &release.type; distributions along this branch
68 can be found at <ulink url="&release.url;"></ulink>.</para>
72 <![ %release.type.release [
74 <para>This distribution of &os; &release.current; is a
75 &release.type; distribution. It can be found at <ulink
76 url="&release.url;"></ulink> or any of its mirrors. More
77 information on obtaining this (or other) &release.type;
78 distributions of &os; can be found in the <ulink
79 url="&url.books.handbook;/mirrors.html"><quote>Obtaining
80 &os;</quote> appendix</ulink> to the <ulink
81 url="&url.books.handbook;/">&os;
82 Handbook</ulink>.</para>
86 <para>All users are encouraged to consult the release errata before
87 installing &os;. The errata document is updated with
88 <quote>late-breaking</quote> information discovered late in the
89 release cycle or after the release. Typically, it contains
90 information on known bugs, security advisories, and corrections to
91 documentation. An up-to-date copy of the errata for &os;
92 &release.current; can be found on the &os; Web site.</para>
97 <title>What's New</title>
99 <para>This section describes the most user-visible new or changed
100 features in &os; since &release.prev;.</para>
102 <para>Typical release note items document recent security
103 advisories issued after &release.prev;, new drivers or hardware
104 support, new commands or options, major bug fixes, or
105 contributed software upgrades. They may also list changes to
106 major ports/packages or release engineering practices. Clearly
107 the release notes cannot list every single change made to &os;
108 between releases; this document focuses primarily on security
109 advisories, user-visible changes, and major architectural
112 <sect2 id="security">
113 <title>Security Advisories</title>
115 <para>Problems described in the following security advisories have
116 been fixed. For more information, consult the individual
117 advisories available from
118 <ulink url="http://security.FreeBSD.org/"></ulink>.</para>
120 <informaltable frame="none" pgwide="0">
122 <colspec colwidth="1*">
123 <colspec colwidth="1*">
124 <colspec colwidth="3*">
127 <entry>Advisory</entry>
135 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc"
136 >SA-09:15.ssl</ulink></entry>
137 <entry>3 Dec 2009</entry>
138 <entry><para>SSL protocol flaw</para></entry>
141 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc"
142 >SA-09:16.rtld</ulink></entry>
143 <entry>3 Dec 2009</entry>
144 <entry><para>Improper environment sanitization in &man.rtld.1;</para></entry>
147 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
148 >SA-09:17.freebsd-update</ulink></entry>
149 <entry>3 Dec 2009</entry>
150 <entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry>
153 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc"
154 >SA-10:01.bind</ulink></entry>
155 <entry>6 Jan 2010</entry>
156 <entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry>
159 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc"
160 >SA-10:02.ntpd</ulink></entry>
161 <entry>6 Jan 2010</entry>
162 <entry><para>ntpd mode 7 denial of service</para></entry>
165 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc"
166 >SA-10:03.zfs</ulink></entry>
167 <entry>6 Jan 2010</entry>
168 <entry><para>ZFS ZIL playback with insecure permissions</para></entry>
171 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc"
172 >SA-10:04.jail</ulink></entry>
173 <entry>27 May 2010</entry>
174 <entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry>
177 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc"
178 >SA-10:05.opie</ulink></entry>
179 <entry>27 May 2010</entry>
180 <entry><para>OPIE off-by-one stack overflow</para></entry>
183 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
184 >SA-10:06.nfsclient</ulink></entry>
185 <entry>27 May 2010</entry>
186 <entry><para>Unvalidated input in nfsclient</para></entry>
189 <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc"
190 >SA-10:07.mbuf</ulink></entry>
191 <entry>13 July 2010</entry>
192 <entry><para>Lost mbuf flag resulting in data corruption</para></entry>
200 <title>Kernel Changes</title>
202 <para>The &man.ddb.4; debugger has been improved:</para>
206 <para>It now supports <command>show
207 ifnets</command> and <command>show ifnet <replaceable>struct
208 ifnet *</replaceable></command> commands to print a list of
209 <quote>ifnet *</quote> of each virtual network stack and
210 fields of specified <varname>fip</varname>,
215 <para>It now supports <command>show all
216 lltables</command>, <command>show lltable
217 <replaceable>struct lltable *</replaceable></command>, and
218 <command>show llentry <replaceable>struct llentry
219 *</replaceable></command> commands to print a list of
220 <quote>lltable *</quote> of each virtual network stack,
221 fields of specified structures respectively.</para>
225 <para>The <command>show mount</command> command now prints
226 active string mount options.</para>
230 <para>It now supports <command>show
231 vnetrcrs</command> command to dump the whole log of
232 distinctive <varname>curvnet</varname> recursion
237 <para>It now supports <command>show
238 vnet_sysinit</command> and <command>show
239 vnet_unsysinit</command> commands to print
240 ordered call lists.</para>
244 <para>A new kernel thread called <quote>deadlock
245 resolver</quote> has been added. This can be used to detect
246 possible deadlock by using information of thread state and
247 heuristic analysis. This is not enabled by default. To
248 enable this, an option <option>option DEADLKRES</option> in
249 kernel configuration file and recompilation of the
252 <para>The default &man.devfs.5; rules now expose the upper 256
253 of &man.pty.4; device nodes.</para>
255 <para>Two commands to enable/disable read-ahead have been added
256 to &man.fcntl.2; system call:</para>
260 <para><varname>F_READAHEAD</varname> specifies the amount
261 for sequential access. The amount is specified in bytes and is
262 rounded up to nearest block size.</para>
266 <para><varname>F_RDAHEAD</varname> is a Darwin compatible
267 version that use 128KB as the sequential access
272 <para>Note that the read-ahead amount is also limited by
273 sysctl variable <varname>vfs.read_max</varname>, which may
274 need to be raised in order to better utilize this
277 <para>The &man.lindev.4; driver has been added. This is for
278 supporting various Linux-specific pseudo devices such as
279 <filename>/dev/full</filename>. Note that this is not
280 included in <filename>GENERIC</filename> kernel.</para>
282 <para>A POSIX function pselect(3) has been reimplemented as a
283 system call &man.pselect.2; to eliminate race
286 <para>A kernel option <option>option
287 INCLUDE_CONFIG_FILE</option> has been added to
288 <filename>GENERIC</filename> kernel by default.</para>
290 <para>A bug in the &man.sched.4bsd.4; scheduler that the
291 timestamp for the sleeping operation is not cleaned up on the
292 wakeup has been fixed.</para>
294 <para>A race condition in the &man.sched.4bsd.4; scheduler has
297 <para>A bug in the &man.sched.ule.4; scheduler which prevented
298 process usage (<literal>%CPU</literal>) from working correctly
299 has been fixed.</para>
301 <para>New SDT (Statically Defined Tracing) probes such as ones
302 for <literal>opencrypto</literal> and <literal>vnet</literal>
303 have been added to &os; &man.dtrace.1; subsystem.</para>
305 <para arch="powerpc">&os; now supports SMP in PowerPC G5
306 systems. Note that SMP support on &os;/&arch.powerpc; is
307 disabled by default in <filename>GENERIC</filename>
310 <para arch="sparc64">&os; now supports UltraSPARC IV, IV+, and
311 SPARC64 V CPUs.</para>
313 <para>The &man.syscons.4; driver has been improved. The history
314 buffer can be fully saved/restored in the VESA mode switching
316 <varname>hint.sc.<replaceable>0</replaceable>.vesa_mode</varname>.</para>
318 <para>A bug in the &man.tty.4; driver that
319 <varname>TIOCSTI</varname> did not work has been fixed. This
320 affects applications like &man.mail.1;.</para>
322 <para arch="amd64,i386">An x86 real mode emulator based on
323 OpenBSD's x86emu implementation has been added to improve real
324 mode BIOS call support on both &arch.i386; and &arch.amd64;.
325 The &man.atkbdc.4;, &man.dpms.4;, vesa(4), &man.vga.4; driver
326 now use this emulator and work on the both platforms.</para>
328 <para>The VIMAGE &man.jail.8; virtualization container can work
329 with &man.sctp.4; now. Note that the VIMAGE is not enabled by
330 default in <filename>GENERIC</filename> kernel.</para>
332 <para>The VIMAGE &man.jail.8; now supports
333 <varname>ip4.saddrsel</varname>,
334 <varname>ip4.nosaddrsel</varname>,
335 <varname>ip6.saddrsel</varname>, and
336 <varname>ip6.nosaddrsel</varname> to control whether to use
337 source address selection or the primary jail address for
338 unbound outgoing connections. The default value is to use
339 source address selection.</para>
342 <title>Boot Loader Changes</title>
344 <para arch="pc98">The <filename>boot2</filename> bootcode has
345 been reimplemented based on the &arch.i386 counterpart. It
346 now supports ELF binary, UFS2 file system, and larger number
349 <para arch="ia64">The EFI <filename>loader</filename> program
350 now supports a command-line option <option>-dev
351 <replaceable>currdev</replaceable></option> to specify the
352 default value of <varname>currdev</varname>. This option
353 can be set by the EFI boot manager.</para>
355 <para arch="powerpc">The &man.loader.8; program now supports
356 U-Boot storage.</para>
358 <para arch="i386">The algorithm the &man.loader.8; uses has
359 been improved to choose a memory range for its heap when
360 using a range above 1MB. This fixes a symptom that the
361 loader fails to load a kernel.</para>
363 <para>A kernel environment variable
364 <varname>vfs.root.mountfrom</varname> now supports
365 multiple elements for root file system in a space-separated
366 list. Each list element will be tried in order and the
367 first available one will be mounted.</para>
369 <para>The <filename>zfsloader</filename> has been added. This
370 is a separate &man.zfs.8; enabled loader. Note that a ZFS
371 bootcode (<filename>zfsboot</filename> or
372 <filename>gptzfsboot</filename>) need to be installed
373 to use this new loader.</para>
375 <para>The <filename>zfsboot</filename> and
376 <filename>gptzfsboot</filename> bootcode now fully support
377 64-bit LBAs for disk addresses. This allows booting from
378 large volumes.</para>
382 <title>Hardware Support</title>
384 <para arch="powerpc">The <filename>adb</filename> driver now
385 supports for interpreting taps on ADB touchpads as a button
388 <para>The amdsbwd(4) driver for AMD SB600/SB7xx watchdog
389 timer has been added.</para>
391 <para arch="powerpc">The <filename>apt</filename> driver for
392 the Apple Touchpad present on MacBook has been added to
393 <filename>GENERIC</filename> kernel.</para>
395 <para arch="sparc64">The epic(4) driver for the front panel
396 LEDs in Sun Fire V215/V245 has been added.</para>
398 <para>A bug in the &man.ipmi.4; driver that caused incorrect
399 watchdog timer setting has been fixed.</para>
401 <para arch="sparc64">The &man.pci.4; driver now supports a
402 JBus to PCIe bridge (called as <quote>Fire</quote>) found in
403 the Sun Fire V215/V245 and Sun Ultra 25/45 machines.</para>
405 <para arch="powerpc">The &man.smu.4; driver now provides
406 thermal management and monitoring features. This allows fan
407 control and thermal monitoring on SMU-based Apple G5
408 machines, as well as an &man.led.4; interface to control the
411 <para>The &man.tnt4882.4; driver for IEEE-488 (GPIB) bus now
412 supports National Instruments TNT5004 chip.</para>
414 <para>The &man.uart.4; driver now supports NetMos NM9865
415 family of Serial/Parallel ports.</para>
417 <para>The &man.uep.4; driver for USB onscreen touch panel
418 from eGalax has been added. This driver is supported by
419 <filename>x11-drivers/xf86-input-egalax</filename>.</para>
421 <para>A bug in the &man.uftdi.4; driver that can allow to send
422 a zero length packet has been fixed.</para>
424 <para>The &man.usb.4; subsystem now reports &man.devd.8;
425 <literal>notify</literal> events with the device properties
426 instead of <literal>attach</literal> events. The following is an
427 example entry of &man.devd.conf.5; to match a &man.umass.4;
428 device with a SCSI subclass and BBB protocol:</para>
430 <programlisting>notify 100 {
431 match "system" "USB";
432 match "subsystem" "INTERFACE";
433 match "type" "ATTACH";
434 match "intclass" "0x08";
435 match "intsubclass" "0x06";
436 match "intprotocol" "0x50";
437 action "/path/to/command -flag";
441 <title>Multimedia Support</title>
443 <para>The &man.acpi.video.4; driver now supports LCD
444 brightness control notify handler.</para>
446 <para>The &man.acpi.sony.4; helper driver now supports
447 default display brightness, wired LAN power, and bass
450 <para>The &man.agp.4; driver has been improved. It includes
451 a fix for aperture size calculation issue which prevents
452 some graphics cards from working.</para>
454 <para>The &man.snd.hda.4; driver now allows AD1981HD codecs
455 to use playback mixer.</para>
457 <para>The &man.snd.hda.4; driver now supports multichannel
458 (4.0 and 7.1) playback support. The 5.1 mode support is
459 disabled now due to unidentified synchronization problem.
460 Devices which supports the 7.1 mode can handle the 5.1
461 operation via software upmix done by &man.sound.4;. Note
462 that stereo stream is no longer duplicated to all
467 <title>Network Interface Support</title>
469 <para>The &man.ath.4; driver now supports Atheros
470 AR9285-based devices.</para>
472 <para>A bug in the &man.ath.4; driver which causes a problem
473 of AR5416-based chipsets including AR9285 has been fixed.</para>
475 <para>The &man.bge.4; driver now supports BCM5761, BCM5784, and
476 BCM57780-based devices.</para>
478 <para>The &man.bge.4; driver now supports TSO (TCP
479 Segmentation Offloading) on BCM5755 or newer
482 <para>A long-standing bug in the &man.bge.4; driver which
483 was related to ASF heartbeat sending has been
486 <para>A long-standing stability issue of the &man.bce.4; and
487 &man.bge.4; driver due to a hardware bug in its DMA
488 handling when the system has more than 4GB memory has been
489 fixed. This applies to BCM5714, BCM5715, and BCM5708
492 <para>A bug in the &man.bge.4; driver that incorrectly
493 enabled TSO on BCM5754/BCM5754M controllers has been
496 <para>A bug in the &man.if.bridge.4; driver has been fixed.
497 The MTU was set based on the firstly-added member even if
498 the addition failed.</para>
500 <para>The &man.if.bridge.4; driver now supports
501 <varname>SIOCSIFMTU</varname> ioctl. For example,
502 <command>ifconfig bridge0 mtu 1280</command> can change
503 the MTU of <literal>bridge0</literal> to
504 <literal>1280</literal>. Changing the MTU is allowed only
505 when all members have the same MTU value.</para>
507 <para>The &man.bwn.4; driver for Broadcom BCM43xx chipsets
508 has been added.</para>
510 <para>The &man.cxgb.4; driver has been updated to T3
511 firmware 7.8.0.</para>
513 <para>The &man.cxgb.4; driver now supports hardware
514 filtering based on inspection of L2/L3/L4 headers.
515 Filtering based on source IP address, destination IP
516 address, source port number, destination port number,
517 802.1q VLAN frame tag, UDP, TCP, and MAC address is
518 possible. The configuration can be done by the
519 cxgbtool(8) utility. Note that cxgbtool(8) is in
520 <filename>src/usr.sbin/cxgbtool</filename> but not
521 compiled by default.</para>
523 <para>The &man.em.4; driver has been updated to version
526 <para>The et(4) driver now supports MSI and Tx checksum
527 offloading of IPv4, TCP, and UDP.</para>
529 <para>The &man.fxp.4; driver now exports the hardware MAC
530 statistics via sysctl variables.</para>
532 <para>The &man.igb.4; driver has been updated to version
535 <para>The &man.iwn.4; driver has been updated. This
536 includes various improvements and bugfixes regarding RF
537 switch, bgscan support, suspend/resume support, locking
538 issue, and more. The line <literal>device iwnfw</literal>
539 in the kernel configuration file will include all firmware
542 <para>The &man.ixgbe.4; driver has been updated to version
545 <para>The &man.msk.4; driver has been improved:</para>
549 <para>It now supports Marvell Yukon 88E8042, 88E8057,
550 88E8059 (Yukon Optima) devices and DGE-560SX (Yukon
555 <para>A rudimentary interrupt moderation with
556 programmable countdown timer register has been
557 implemented. The default parameter of the holdoff
558 time is 100us and this can be changed via sysctl
560 <varname>dev.mskc.<replaceable>0</replaceable>.int_holdoff</varname>.
561 Note that the interrupt moderation is shared resource
562 on a dual-port controllers and it is impossible to use
563 separate interrupt moderation values for each
568 <para>A stability issue has been fixed. A heavy RX
569 traffic while rebooting is in progress could prevent
570 the system from working.</para>
573 <para>The &man.mxge.4; driver has been updated to firmware
574 version 1.4.50 from Myricom.</para>
576 <para>The &man.re.4; driver no longer performs an
577 unnecessary interface up/down during getting IP address
580 <para>The &man.re.4; driver now uses <literal>2048</literal>
581 as PCIe Maximum Read Request Size. This improves bulk
582 transfer performance.</para>
584 <para>The &man.run.4; driver for Ralink
585 RT2700U/RT2800U/RT3000U USB 802.11agn devices has been
588 <para>The sge(4) driver for Silicon Integrated Systems
589 SiS190/191 Fast/Gigabit Ethernet has been added. This
590 supports TSO and TSO over VLAN.</para>
592 <para>The &man.ste.4; driver has been improved:</para>
596 <para>The DMA handling has been improved.</para>
600 <para>Wake-On-LAN is now supported.</para>
604 <para>Unnecessary reinitialization of the
605 interfaces has been eliminated.</para>
609 <para>RX interrupt moderation with single shot timer has
610 been implemented. The default parameter of the
611 moderation time is 150us and this can be changed via
613 <varname>dev.ste.<replaceable>0</replaceable>.int_rx_mod</varname>.
614 Setting it 0 effectively disables the RX interrupt
615 moderation feature.</para>
619 <para>The tsec(4) driver now supports &man.altq.4;.</para>
621 <para>The &man.u3g.4; driver has been improved and now works
622 with ZTE MF636, Option Gi0322, Globetrotter GE40x, and
623 Novatel MC950D.</para>
625 <para>The &man.uhso.4; driver for Option HSDPA USB devices
626 has been added. A new &man.uhsoctl.1; userland utility
627 can be used to initiate and close the WAN
630 <para>The &man.vge.4; driver has been improved:</para>
634 <para>The DMA handling has been improved.</para>
638 <para>Wake-On-LAN is now supported.</para>
642 <para>Unnecessary reinitialization of the
643 interfaces has been eliminated.</para>
647 <para>Hardware MAC statistics are now supported via sysctl variables
648 <varname>dev.vge.<replaceable>0</replaceable>.stats</varname>.</para>
652 <para>Interrupt moderation with single shot timer and
653 scheme supported by VT61xx controllers have been
654 implemented. The default parameters are tuned to
655 generate interrupt less than 8k per second, and these
656 parameters can be changed via sysctl variables
657 <varname>dev.vge.<replaceable>0</replaceable>.int_holdoff</varname>,
658 <varname>dev.vge.<replaceable>0</replaceable>.rx_coal_pkt</varname>,
660 <varname>dev.vge.<replaceable>0</replaceable>.tx_coal_pkt</varname>.
661 Note that an up/down cycle is needed to make a
662 parameter change take effect.</para>
666 <para>The &man.urtw.4; driver has been improved and now
667 supports RTL8187B-based devices.</para>
669 <para>The &os; Xen netfront driver has been improved in
670 stability and performance.</para>
674 <sect3 id="net-proto">
675 <title>Network Protocols</title>
677 <para>&os; flowtable now supports IPv6. This is for per-CPU
678 caching flows as a means of accelerating L3 and L2 lookups
679 as well as providing stateful load balancing when ECMP
680 (Equal-Cost Multi-Path routing) is enabled by <option>option
681 RADIX_MPATH</option>.</para>
683 <para>A new capability flag <literal>LINKSTATE</literal> has
684 been added to <varname>struct
685 ifnet.if_capabilities</varname>. This indicates if the
686 interface can check the link state or not. The
687 &man.ifconfig.8; utility now shows this flag if
690 <para>A new event handler <varname>iflladdr_event</varname>
691 has been added. This signals that the L2 address on an
692 interface has changed, and lets stacked interfaces such as
693 &man.vlan.4; detect that their lower interface has changed
694 and adjust things in order to keep working. This fixes an
695 issue of &man.lagg.4; and &man.vlan.4; configuration.</para>
697 <para>IPcomp (IP Payload Compression Protocol defined in RFC
698 2393) protocol is now enabled by default. Note that this
699 requires <option>option IPSEC</option> in the kernel
700 configuration file and <filename>GENERIC</filename> kernel
701 does not include it. This functionality can be disabled by
702 using a sysctl variable
703 <varname>net.inet.ipcomp.ipcomp_enable</varname>.</para>
705 <para>The &man.ipfw.4; subsystem including &man.dummynet.4;
706 has been updated to <quote>ipfw3</quote> and various bugs
707 have been fixed:</para>
711 <para>The major enhancement is a completely restructured
712 version of &man.dummynet.4;, with support for different
713 packet scheduling algorithms (loadable at runtime),
714 faster queue/pipe lookup, and a much cleaner internal
715 architecture and kernel/userland ABI which simplifies
716 future extensions.</para>
720 <para>All of O(N) sequences in the firewall rule
721 evaluation removed from the kernel critical sections.
722 The worst case is now O(log N).</para>
726 <para>It now supports <literal>ipfw0</literal> pseudo
727 interface for logging similar to &man.pflog.4;. A sysctl
728 <varname>net.inet.ip.fw.verbose=0</varname> enables logging
729 to <literal>ipfw0</literal>, and
730 <varname>net.inet.ip.fw.verbose=1</varname> sends logging to
731 &man.syslog.3; as before.</para>
735 <para>The <literal>me</literal> keyword in the &man.ipfw.4;
736 rule now matches any IPv6 addresses configured on an
737 interface as well as IPv4 ones.</para>
741 <para>A bug that <command>keep-alive</command> rule did
742 not work for IPv6 packets has been fixed.</para>
746 <para>The <literal>lookup</literal> match option has been added.</para>
748 <programlisting>lookup {dst-ip|src-ip|dst-port|src-port|uid|jail} <replaceable>N</replaceable></programlisting>
750 <para>This searches the specified field in table
751 <replaceable>N</replaceable> and sets
752 <literal>tablearg</literal> accordingly. With
753 <literal>dst-ip</literal> or <literal>src-ip</literal>
754 the option replicates two existing options. When used
755 with other arguments, the option can be useful to
756 quickly dispatch traffic based on other fields.</para>
760 <para>A bug in the &man.sysctl.8; variable
761 <varname>ip.fw.one_pass</varname> handling has been
762 fixed. A packet which comes from a pipe without being
763 delayed incorrectly ignored this variable.</para>
767 <para>A memory alignment issue in the &man.ng.ksocket.4; and
768 &man.ng.ppp.4;, Netgraph node drivers have been fixed. This
769 fixes kernel panics due to the misalignment.</para>
771 <para>The &man.ng.bridge.4; and &man.ng.hub.4; Netgraph node
772 drivers now supports a flag <literal>persistent</literal>.
773 It disables automatic node shutdown when the last hook gets
774 disconnected. The new control messages
775 <literal>NGM_BRIDGE_SET_PERSISTENT</literal> and
776 <literal>NGM_HUB_SET_PERSISTENT</literal> have been added
779 <para>The &man.pf.4; subsystem now supports
780 <literal>sloppy</literal> keyword to enable a TCP state
781 machine for tracking TCP connections with no sequence number
782 check. This feature is in the latest version of
783 <application>pf</application>.</para>
785 <para>The &man.pfil.9; framework for packet filtering in &os;
786 kernel now supports separate packet filtering instances like
787 &man.ipfw.4; for each VIMAGE jail.</para>
789 <para>A bug that proxy ARP entries cannot be added over
790 point-to-point link types has been fixed.</para>
792 <para>The &man.tap.4; pseudo interface now reports the link
793 state properly by updating <varname>if_link_state</varname>
794 variable in the kernel.</para>
796 <para>The &man.vlan.4; pseudo interface has been added to
797 <filename>GENERIC</filename> kernel.</para>
799 <para>The &man.vlan.4; pseudo interface now supports TSO (TCP
800 Segmentation Offloading). The capability flag is named as
801 <varname>IFCAP_VLAN_HWTSO</varname> and it is separated from
802 <varname>IFCAP_VLAN_HWTAGGING</varname>. The &man.age.4;,
803 &man.alc.4;, &man.ale.4;, &man.bce.4;, &man.bge.4;,
804 &man.cxgb.4;, &man.jme.4;, &man.re.4;, and &man.mxge.4;
805 driver support this feature.</para>
807 <para>The &man.vlan.4; pseudo interface for IEEE 802.1Q VLAN
808 now ignore renaming of the parent's interface name. The
809 configured VLAN interfaces continue to work with the new
810 name while previously the configurations were removed as the
811 renaming happens.</para>
815 <title>Disks and Storage</title>
817 <para>The &man.ada.4; driver now supports
818 <varname>BIO_DELETE</varname>. For SSDs this uses
819 <literal>TRIM</literal> feature of <literal>DATA SET
820 MANAGEMENT</literal> command, as defined by ACS-2
821 specification working draft. For Compact Flash use
822 <literal>CFA ERASE</literal> command, same as &man.ad.4;
823 does. This change realizes restoring write speed of SSDs
824 which supports <literal>TRIM</literal> command by doing
826 <replaceable>/dev/ada1</replaceable></command>, for
829 <para>The &man.ahci.4; driver now supports SATA part of
830 Marvell 88SE912x controllers.</para>
832 <para>The &man.ahci.4; driver now supports FIS-based (Frame
833 Information Structure) switching of port multiplier on
834 supported controllers.</para>
836 <para>The &man.ahd.4; driver now supports three separated
837 error counters for correctable, uncorrectable, and fatal, in
838 &man.sysctl.8; MIB.</para>
840 <para>A new kernel option <option>option ATA_CAM</option> has
841 been added. This turns &man.ata.4; controller drivers into
842 &man.cam.4; interface modules. When enabled, this option
843 deprecates all &man.ata.4; peripheral drivers and interfaces
844 such as <filename>ad</filename> and
845 <filename>acd</filename>, and allows &man.cam.4; drivers
846 <filename>ada</filename>, and <filename>cd</filename> and
847 interfaces to be natively used instead. Note that this is
848 not enabled by default in the <filename>GENERIC</filename>
851 <para>A bug in the &man.ata.4; driver which can lead to
852 interrupt storms and command timeouts has been fixed.</para>
854 <para>USB mass storage device support in the &man.ata.4;
855 driver has been removed. Note that this was not used in
856 <filename>GENERIC</filename> kernel and the &man.umass.4;
857 driver supports such devices for a long time.</para>
859 <para>&os; &man.cam.3; SCSI framework has been improved:</para>
863 <para>SATA and PATA support has been improved and it now
864 recognizes more detail device capabilities. For example,
865 the &man.ahci.4; and &man.siis.4; driver now reports maximum
866 tag number to the framework to optimize the NCQ
871 <para>A loader tunable
872 <varname>kern.cam.boot_delay</varname> has been added.
873 This controls the delay time before &man.cam.3; probes
874 the attached devices.</para>
878 <para>SCSI error recovery for devices on buses without
879 automatic sense reporting has been improved. Typical
880 devices are on ATAPI and USB. For example, this allows
881 &man.cam.3; to wait, while CD drive loads disk, instead
882 of immediately return error status.</para>
886 <para>The &man.cam.4; ATA transport layer now supports
887 Power-Up In Stand-by (PUIS). The PUIS is a configuration of
888 SATA or PATA drives to prevent them from automatic spin-up
889 when power is applied. A typical application is staggered
894 <para>The &man.cam.4; ATA transport layer now supports
895 negotiating and enabling additional SATA features such as
896 device initiated power management, Automatic Partial to
897 Slumber mode transition, and DMA auto-activation.</para>
901 <para>A livelock issue of the &man.ciss.4; driver under a high
902 load has been fixed.</para>
904 <para>A bug in the &man.fdc.4; driver which prevents the
905 kernel module from unloading has been fixed.</para>
907 <para>The &man.glabel.8; now supports the following sysctl
908 variables for each label type to enable the labeling itself:</para>
910 <programlisting>kern.geom.label.ext2fs.enable
911 kern.geom.label.iso9660.enable
912 kern.geom.label.msdosfs.enable
913 kern.geom.label.ntfs.enable
914 kern.geom.label.reiserfs.enable
915 kern.geom.label.ufs.enable
916 kern.geom.label.ufsid.enable
917 kern.geom.label.gptid.enable
918 kern.geom.label.gpt.enable</programlisting>
920 <para>Note that all of them are also loader tunables. They
921 are enabled (set as <literal>1</literal>) by default.</para>
923 <para>&man.geom.8; providers including complex ones such as
924 &man.gconcat.8;, &man.gmirror.8;, &man.graid3.8,
925 &man.gstripe.8;, and some hardware RAID device drivers like
926 &man.twa.4; now inform its optimal access block size to the
929 <para>The &man.gmirror.8; utility now supports
930 <command>configure <option>-p</option>
931 <replaceable>priority</replaceable></command> command to
932 change the providers priority.</para>
934 <para>The balancing mode algorithm <literal>load</literal>
935 used in the &man.gmirror.8; utility has been changed and it
936 is now the default one instead of
937 <literal>split</literal>:</para>
941 <para>Instead of measuring last request execution time for
942 each drive and choosing one with smallest time, use
943 averaged number of requests, running on each drive. This
944 information is more accurate and timely. It allows to
945 distribute load between drives in more even and
946 predictable way.</para>
950 <para>For each drive track offset of the last submitted
951 request. If new request offset matches previous one or
952 close for some drive, prefer that drive. It allows to
953 significantly speedup simultaneous sequential reads.</para>
957 <para>The &man.gmultipath.8; utility now supports
958 <command>destroy</command>, <command>rotate</command>,
959 <command>getactive</command> commands.</para>
961 <para>A bug in the &man.graid3.8; which causes a panic when a
962 large request arrives has been fixed. This happens when
963 <varname>MAXPHYS</varname> is set as larger than 128k.</para>
965 <para>The default block size of &man.gstripe.8; has been
966 increased from 4k to 64k.</para>
968 <para>The <literal>GEOM_SCHED</literal> module has been added.
969 This supports scheduling disk I/O requests in a device
970 independent manner. A supported algorithm is an
971 anticipatory scheduler <literal>gsched_rr</literal> which
972 gives very nice performance improvements in presence of
973 competing random access patterns. See also &man.gsched.8;
974 manual page for more details.</para>
976 <para>The HAST (Highly Available STorage) framework has been
981 <para>This is a framework to allow transparently storing
982 data on two physically separated machines connected over
983 the TCP/IP network. HAST works in Primary-Secondary
984 (Master-Backup, Master-Slave) configuration, which means
985 that only one of the cluster nodes can be active at any
986 given time. Only Primary node is able to handle I/O
987 requests to HAST-managed devices. Currently HAST is
988 limited to two cluster nodes in total.</para>
992 <para>This operates on block level; it provides disk-like
993 devices in <filename>/dev/hast/</filename> directory for
994 use by file systems and/or applications. Working on
995 block level makes it transparent for file systems and
996 applications. There in no difference between using
997 HAST-provided device and raw disk, partition, etc. All
998 of them are just regular &man.geom.8; providers in
1003 <para>The userland part consists of &man.hastd.8;,
1004 &man.hastctl.8;, and &man.hast.conf.5;. More details
1005 can be found at <ulink
1006 url="http://wiki.FreeBSD.org/HAST"></ulink>.</para>
1010 <para>The &man.isp.4; driver has been improved in
1013 <para>The &man.mvs.4; CAM ATA driver for Marvell
1014 88SX50XX/88SX60XX/88SX70XX/SoC SATA controllers has been
1015 added. This driver supports same hardware as the
1016 &man.ata.4; driver does, but provides many additional
1017 features, such as NCQ and PMP.</para>
1019 <para>The &man.siis.4; driver now enables MSI by default on
1020 SiI3124-based devices. This can be disabled by using a
1021 <varname>hint.siis.<replaceable>0</replaceable>.msi</varname>
1022 loader tunable.</para>
1024 <para>The Max Read Request Size in the &man.siis.4; driver for
1025 PCIe chips has been increased from 512 to 1024 bytes for
1026 better performance.</para>
1028 <para>The &man.twa.4; driver has been updated to the latest
1029 version from LSI.</para>
1033 <title>File Systems</title>
1035 <para>The &man.msdosfs.5; subsystem is now MP-safe and a race
1036 condition when a force unmount happens has been
1039 <para>&os; NFS subsystem now supports a timeout for the
1040 negative name cache entries in the client. This avoids a
1041 bogus negative name cache entry from persisting forever when
1042 another client creates an entry with the same name within
1043 the same NFS server time of day clock tick. The mount
1044 option <option>negnametimeo</option> can be used to override
1045 the default timeout interval (60 seconds) on a
1046 per-mount-point basis. a Setting
1047 <option>negnametimeo</option> to <literal>0</literal>
1048 disables negative name caching for the mount point.</para>
1050 <para>A race condition in &os; NFS subsystem that occurs when
1051 &man.nfsiod.8; threads are being created has been fixed.
1052 This also fixes an interoperability issue found in
1053 combination of a &os; NFS client and a Linux NFS
1056 <para>The inode number handling in &man.ffs.7; file system is
1057 now unsigned. Previously some large inode numbers can be
1058 treated as negative, and this issue shows up at file systems
1059 with the size of more than 16Tb in 16k block case. The
1060 &man.newfs.8; utility never create a file system with more
1061 than 2^32 inodes by cutting back on the number of inodes per
1062 cylinder group if necessary to stay under the limit.</para>
1064 <para>The UFS file system (&man.ffs.7;) now supports NFSv4
1067 <para>&os; &man.VFS.9; subsystem now supports a new sysctl
1068 variable <varname>vfs.vlru_allow_cache_src</varname>. This
1069 allow <filename>vnlru</filename> kernel thread to reclaim
1070 of the directory vnodes that are source of the namecache
1071 records. This is not enabled by default because for
1072 typical workload it would make namecache unusable, but
1073 large nested directory tree easily puts any process that
1074 accesses file system into one second wait for
1075 <filename>vnlru</filename> kernel thread.</para>
1077 <para>The ZFS file system has been improved:</para>
1081 <para>It now supports NFSv4 ACL.</para>
1085 <para>The L2ARC code has been improved in stability and
1090 <para>The zpool version has been updated to
1091 version 14. It is now possible to use zpools created on
1092 OpenSolaris 2009.06.</para>
1096 <para>A sysctl variable
1097 <varname>vfs.zfs.txg.write_limit_override</varname> has
1098 been added. This can be used for tuning of ZFS write
1103 <para>ZFS prefetch statistics has been added as a sysctl
1105 <varname>kstat.zfs.misc.zfetchstats</varname>.</para>
1109 <para>The &man.zfs.8; <command>zpool export</command>
1110 command now supports <option>-F</option> flag.
1111 When exporting with this flag, <filename>zpool.cache</filename>
1112 remains untouched.</para>
1116 <para>A data corruption issue of <command>zfs
1117 send/receive</command> between two different platforms
1118 has been fixed. Symbolic links could be broken in the
1119 previous releases.</para>
1123 <para>A possible deadlock of <command>zfs
1124 receive</command> has been fixed.</para>
1128 <para>Possible panics of <command>zfs destroy</command>
1129 and <command>zfs rollback</command> have been
1134 <para>A occasional failure of <command>zfs
1135 rename</command> due to a busy state has been
1140 <para>Bugs that <command>zfs snapshot
1141 -r</command> fails when the file system is busy, and
1142 <command>zfs receive</command> can fail with an E2BIG
1143 error, have been fixed.</para>
1149 <sect2 id="userland">
1150 <title>Userland Changes</title>
1152 <para>A bug in &man.bsnmpd.1; program which leads to high CPU
1153 consumption on a loaded system has been fixed.</para>
1155 <para>A bug in &man.bzip2.1; utility which prevented it from
1156 working with multi-session bzip2 files has been fixed.</para>
1158 <para>The &man.camcontrol.8; utility now supports a
1159 <option>-v</option> flag in the subcommand
1160 <command>identify</command>. It displays whole of identify
1163 <para>The &man.camcontrol.8; utility now supports
1164 <option>-d</option> and <option>-f</option> flags in the
1165 subcommand <command>cmd</command>. They specify DMA protocol
1166 or FPDMA (NCQ) protocol to be used for ATA command,
1167 respectively.</para>
1169 <para>The &man.chgrp.1; and &man.chown.8; now support a
1170 <option>-x</option> flag to make it not traverse across
1171 multiple mount points for the recursive operation.</para>
1173 <para>The &man.cp.1; now supports a <option>-x</option> flag to
1174 make it not traverse across multiple mount points for the
1175 recursive operation.</para>
1177 <para>The &man.cp.1;, &man.find.1;, &man.getfacl.1;, &man.mv.1;,
1178 and &man.setfacl.1; utilities now support NFSv4 ACL.</para>
1180 <para>The &man.diskinfo.8; now supports reporting disk stripe
1181 size and offset. This helps users to make file systems
1182 optimally aligned and tuned for better performance.</para>
1184 <para>A bug in &man.ee.1; utility which can crash the
1185 program has been fixed.</para>
1187 <para>A bug in &man.factor.6; utility which leads to performance
1188 degradation has been fixed.</para>
1190 <para>The &man.fetch.1; utility now supports HTTP digest
1191 authentication.</para>
1193 <para>A bug in &man.fetch.1; utility which incorrectly evaluates
1194 a variable <varname>NO_PROXY</varname> has been fixed.</para>
1196 <para>A bug in &man.find.1; utility has been fixed. An option
1197 <option>-newerXB</option> was interpreted as the same as
1198 <option>-newerXm</option>.</para>
1200 <para>A bug in the &man.fnmatch.3; function has been fixed. The
1201 flag <varname>FNM_PERIOD</varname> did not work correctly when
1202 <literal>*</literal> characters were included in the string
1203 and <varname>FNM_PATHNAME</varname> was specified.</para>
1205 <para>A bug in the &man.fsck.ffs.8; utility which causes the
1206 last cylinder group of a UFS1 file system is always reported
1207 as broken even after it is fixed.</para>
1209 <para>The &man.gcore.1; utility now recognizes threads in the
1210 process and handles dumps on a thread scope.</para>
1212 <para>The &man.ifconfig.8; utility now supports manipulation of
1213 NDP flags handled by &man.ndp.8;.</para>
1215 <para>The &man.ifconfig.8; utility now supports a
1216 <command>description
1217 <replaceable>value</replaceable></command> command to add a
1218 description <replaceable>value</replaceable> to the specified
1221 <para>The &man.indent.1; utility now supports a
1222 <option>-ta</option> flag to treat all
1223 <literal>_t</literal>-suffixed identifiers as types.</para>
1225 <para>The <filename>liblzma</filename> library for LZMA2
1226 lossless data compression algorithm and the userland utilities
1227 &man.xz.1;, &man.xzdec.1;, &man.lzma.1;, and &man.lzmainfo.1;.
1228 has been imported. When the old system is upgraded to
1229 &release.current;, deinstalling a version found in the Ports
1230 Collection (<filename>archivers/xz</filename>) and
1231 recompilation of the packages which depend on it may be
1234 <para arch="amd64,i386">The <filename>libz</filename> library
1235 has been improved in performance. For &os/&arch.i386;, note
1236 that this improvement uses instructions only on i686-class CPU
1237 and they are disabled by default. Specifying
1238 <literal>CPUTYPE=pentium4</literal> in
1239 <filename>/etc/make.conf</filename> enables them.</para>
1241 <para>The &man.ln.1; utility now reports an error correctly when
1242 a <option>-f</option> flag and two same file entries were
1243 specified in the command line option. It removed the file
1244 first and then reported a <quote>not found</quote>
1247 <para>The &man.ln.1; utility now removes trailing slash
1248 characters when creating a link to a directory. The following
1249 command sequence reported an error in the previous
1252 <screen>&prompt.user; mkdir test1 test2
1253 &prompt.user; ln -s ../test2/ test1</screen>
1255 <para>The &man.mount.nfs.8; utility now supports
1256 <literal>[<replaceable>ipaddr</replaceable>]:<replaceable>path</replaceable></literal>
1257 notation in addition to the existing one. This allows IPv6
1258 address in the address field, and a path including
1259 <quote><literal>:</literal></quote> to be mounted.</para>
1261 <para>A bug in the &man.netstat.1; utility that prevents
1262 <command>netstat -f netgraph</command> from working has been
1265 <para>The &man.netstat.1; utility now supports ARP information
1266 in statistics shown by the <option>-s</option> flag.</para>
1268 <para>The &man.netstat.1; utility now supports a <option>-q
1269 <replaceable>number</replaceable></option> option to specify
1270 the number of outputs. This is used in conjunction with
1271 <option>-w</option> option.</para>
1273 <para>The &man.newfs.msdos.8; utility now uses
1274 <literal>NO_NAME</literal> as the default volume label and
1275 <literal>BSD4.4</literal> as the OEM String.</para>
1277 <para>The &man.newsyslog.8; utility does not consider
1278 non-existence of a PID file as an error now. A new flag
1279 <option>-P</option> reverts it to the old behavior.</para>
1281 <para>The &man.ntpd.8; program no longer tries to bind to an
1282 IPv6 anycast address.</para>
1284 <para>The &man.pam.krb5.8; PAM module now supports
1285 <option>no_user_check</option> option. This allows to
1286 authorize a user not known to the local system.</para>
1288 <para>The &man.pathchk.1; utility now supports a
1289 <option>-P</option> flag defined in POSIX-1.2008. This checks
1290 for empty pathnames and components starting with
1291 <quote><literal>-</literal></quote>.</para>
1293 <para>A variable <varname>daily_clean_tmps_ignore</varname>
1294 which is used in the &man.periodic.8; daily script now has
1295 <filename>/tmp/.snap</filename>. This prevents
1296 <filename>/tmp/.snap</filename> from being removed.</para>
1298 <para>The &man.procstat.1; utility now supports two new flags
1299 <option>-i</option> and <option>-j</option> to display
1300 information about signal disposition and pending/blocked
1301 status for signals.</para>
1303 <para>The &man.pwait.1; utility has been added. This is similar
1304 to the Solaris utility of the same name, and waits for any
1305 process to terminate.</para>
1307 <para>A bug in the &man.restore.8; utility which caused short
1308 reads when a option <option>-P</option> was used has been
1311 <para>The &man.rtsold.8; <option>-a</option> flag now excludes
1312 the interfaces which IPv6 or accepting ICMPv6 Router
1313 Advertisement message is disabled from the auto-probed
1314 interface list.</para>
1316 <para>The &man.scandir.3; and &man.alphasort.3; functions has
1317 been updated to conform POSIX.1-2008 (IEEE Std
1318 1003.1-2008).</para>
1320 <para>The &man.sed.1; utility now supports a <option>-r</option>
1321 flag which means exactly the same as a <option>-E</option>
1322 flag. This is for compatibility with the GNU version.</para>
1324 <para>The service name database &man.services.5; (usually in
1325 <filename>/etc/services</filename>) now also supports a
1326 &man.db.3; style database for better lookup performance. The
1327 following entry in <filename>/etc/nsswitch.conf</filename>
1328 enables use of the binary database file:</para>
1330 <programlisting>services: db</programlisting>
1332 <para>Note that the &man.db.3; style database can be created by
1333 &man.services.mkdb.8; at
1334 <filename>/var/db/service.db</filename>.</para>
1336 <para>The &man.sighold.2;, &man.sigignore.2;, &man.sigpause.2;,
1337 &man.sigrelse.2;, and &man.sigset.2; functions have been
1338 implemented for making porting software from System V-like
1339 systems easy. Note that these are defined in POSIX.1-2008 XSI
1340 (IEEE Std 1003.1-2008, X/Open System Interface) but now
1341 obsolete. Since &os; already has another
1342 <function>sigpause(3)</function> function derived from 4.2BSD,
1343 a version of the XSI interface is implemented as
1344 <function>xsi_sigpause()</function>.</para>
1346 <para>The &man.sshd.8;, &man.cron.8;, &man.inetd.8;, and
1347 &man.syslogd.8; programs now set
1348 <literal>MADV_PROTECT</literal> memory flag onto themselves to
1349 protect from being terminated by the &os; kernel when
1350 available memory becomes short. This kind of process
1351 termination happens in a swap-intensive workload.</para>
1353 <para>The &man.stat.1; utility now supports
1354 <literal>%Sf</literal> output specifier to display the file
1355 flags symbolically.</para>
1357 <para>The &man.strsignal.3; function is now thread-safe.</para>
1359 <para>The &man.sysctl.8; utility now supports a
1360 <option>-i</option> flag to ignore failures while retrieving
1361 individual OIDs. This allows the same list of OIDs to be
1362 passed to &man.sysctl.8; across different systems where
1363 particular OIDs may not exist, and still get as much
1364 information as possible from them.</para>
1366 <para>The &man.traceroute.8; utility now performs source address
1367 selection correctly even in a VIMAGE &man.jail.8;
1370 <para>The &man.unifdef.1; utility has been updated to version
1371 1.188. It now supports a new <option>-B</option> flag to
1372 compress blank lines around a deleted section to prevent blank
1373 lines around paragraphs of code from getting doubled.</para>
1375 <para>The &man.unzip.1; utility now supports the rename query
1376 when a file with the same name as the one about to be
1377 extracted already exists.</para>
1379 <para>The &man.unzip.1; utility now supports
1380 <option>-C</option>, <option>-c</option>, <option>-f</option>,
1381 <option>-p</option>, and <option>-v</option> flags which are
1382 compatible with Info-ZIP.</para>
1384 <para>The &man.usbconfig.8; utility now supports a new flag
1385 <option>-d</option> to specify the &man.ugen.4; device, and
1386 <command>add_quirk</command> and
1387 <command>remove_quirk</command> commands.</para>
1389 <para>The &man.whois.1; utility now supports searching IPv6
1390 addresses just like IPv4 without specifying the ARIN server.
1391 A <option>-d</option> flag has been removed because it is now
1394 <para>A new errno <varname>ENOTCAPABLE</varname> has been added.
1395 This is to be returned when a process requests an operation on
1396 a file descriptor that is not authorized by the descriptor's
1397 capability flags.</para>
1399 <para>The &man.zfs.8; command now supports a new flag
1400 <option>receive -u</option> to specify that the received ZFS
1401 should not be mounted automatically.</para>
1403 <sect3 id="rc-scripts">
1404 <title><filename>/etc/rc.d</filename> Scripts</title>
1406 <para>The &man.service.8; command has been added. This
1407 provides an easy command-line interface to the
1408 <filename>rc.d</filename> system.</para>
1410 <para>The <filename>rc.d/ipfw</filename> script and
1411 <filename>/etc/rc.firewall</filename> now supports IPv6 and
1412 <filename>rc.d/ip6fw</filename> script and
1413 <filename>/etc/rc.firewall6</filename> are obsolete. Note
1414 that <varname>ipv6_firewall_*</varname> variables in
1415 &man.rc.conf.5; are replaced with
1416 <varname>firewall_client_net_ipv6</varname>,
1417 <varname>firewall_simple_iif_ipv6</varname>,
1418 <varname>firewall_simple_inet_ipv6</varname>,
1419 <varname>firewall_simple_oif_ipv6</varname>,
1420 <varname>firewall_simple_onet_ipv6</varname>.</para>
1422 <para>A new <filename>rc.d</filename> script
1423 <filename>rc.d/rtsold</filename> has been added. This handles
1424 &man.rtsold.8; daemon.</para>
1426 <para>A new <filename>rc.d</filename> script
1427 <filename>rc.d/static_arp</filename> has been added. This allows
1428 the administrator to statically define mappings of MAC
1429 address to IPv4 at boot time. See also the &man.rc.conf.5;
1430 manual page for more details.</para>
1432 <para>The <filename>rc.d/tmp</filename> script now uses a
1433 unique directory name prefixed with
1434 <filename>/tmp/.diskless</filename> instead of
1435 <filename>/tmp/.diskless</filename> itself. This fixes an
1436 issue when <filename>/tmp/.diskless</filename> exists before
1437 the script runs.</para>
1439 <para>A new <filename>rc.d</filename> script
1440 <filename>rc.d/ubthidhci</filename> has been added. This
1441 small script calls &man.usbconfig.8; to change a USB
1442 Bluetooth controller from HID mode to HCI mode.</para>
1444 <para>The &man.rc.conf.5; now supports a
1445 <varname>firewall_coscripts</varname> variable. This should
1446 contain a list of commands which should be executed after
1447 firewall starts or stops.</para>
1449 <para>The &man.rc.conf.5; now supports configuring
1450 &man.vlan.4; interfaces as child devices similar to
1451 &man.wlan.4; interfaces. &man.vlan.4; interfaces are listed
1453 <varname>vlans_<replaceable>IF</replaceable></varname>
1454 variable. If a VLAN interface is a number, then that number
1455 is treated as the VLAN tag for the interface and the
1456 interface will be named
1457 <varname><replaceable>IF</replaceable>.<replaceable>tag</replaceable></varname>.
1458 Otherwise, the VLAN tag must be provided via a VLAN
1460 <varname>create_args_<replaceable>IF</replaceable></varname>
1465 <sect2 id="contrib">
1466 <title>Contributed Software</title>
1468 <para>The <application>ACPI-CA</application> has been updated to
1471 <para>The <application>awk</application> has been updated from
1472 the 23 October 2007 release to the 26 November 2009 release.</para>
1474 <para><application>ISC BIND</application> has been updated to
1475 version 9.6.2-P2.</para>
1477 <para><application>netcat</application> has been updated to
1480 <para><application>OpenSSH</application> has been updated from
1481 version 5.1p1 to version 5.4p1.</para>
1483 <para><application>OpenSSL</application> has been updated to
1484 version 0.9.8n.</para>
1486 <para><application>sendmail</application> has been updated to
1487 version 8.14.4.</para>
1489 <para>The timezone database has been updated to the
1490 <application>tzdata2010j</application> release.</para>
1494 <title>Release Engineering and Integration</title>
1496 <para>The filename of ISO images for &os; releases now has a
1497 <filename>FreeBSD-</filename> at the beginning.</para>
1499 <para>The supported version of
1500 the <application>GNOME</application> desktop environment
1501 (<filename role="package">x11/gnome2</filename>) has been
1502 updated to 2.28.2.</para>
1504 <para>The supported version of
1505 the <application>KDE</application> desktop environment
1506 (<filename role="package">x11/kde4</filename>) has been
1507 updated to 4.4.3.</para>
1511 <sect1 id="upgrade">
1512 <title>Upgrading from previous releases of &os;</title>
1514 <para arch="amd64,i386">Upgrades between RELEASE versions (and
1515 snapshots of the various security branches) are supported using
1516 the &man.freebsd-update.8; utility. The binary upgrade
1517 procedure will update unmodified userland utilities, as well as
1518 unmodified GENERIC kernel distributed as a part of an
1519 official &os; release. The &man.freebsd-update.8; utility
1520 requires that the host being upgraded has Internet
1521 connectivity.</para>
1523 <para>An older form of binary upgrade is supported through the
1524 <command>Upgrade</command> option from the main
1525 &man.sysinstall.8; menu on CDROM distribution media. This type
1526 of binary upgrade may be useful on non-&arch.i386;,
1527 non-&arch.amd64; machines or on systems with no Internet
1528 connectivity.</para>
1530 <para>Source-based upgrades (those based on recompiling the &os;
1531 base system from source code) from previous versions are
1532 supported, according to the instructions in
1533 <filename>/usr/src/UPDATING</filename>.</para>
1536 <para>Upgrading &os; should, of course, only be attempted after
1537 backing up <emphasis>all</emphasis> data and configuration